From 8ae65e71996ce871cda97cc9114cb5211cb273bf Mon Sep 17 00:00:00 2001 From: Kenny Root Date: Fri, 23 Mar 2012 16:17:28 -0700 Subject: Add delete_all to keymaster API In order to aid keymasters erase their memory efficiently, introduce new delete_all API to tell keymasters to forget everything. This will be triggered when keystore itself is told to reset. Change-Id: I730375f1f32cd1ea0bf1fa38d5b1bec2f81ba492 --- include/hardware/keymaster.h | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'include/hardware/keymaster.h') diff --git a/include/hardware/keymaster.h b/include/hardware/keymaster.h index 3c7799a..5a7a374 100644 --- a/include/hardware/keymaster.h +++ b/include/hardware/keymaster.h @@ -122,11 +122,27 @@ struct keymaster_device { /** * Deletes the key pair associated with the key blob. + * + * This function is optional and should be set to NULL if it is not + * implemented. + * + * Returns 0 on success or an error code less than 0. */ int (*delete_keypair)(const struct keymaster_device* dev, const uint8_t* key_blob, const size_t key_blob_length); /** + * Deletes all keys in the hardware keystore. Used when keystore is + * reset completely. + * + * This function is optional and should be set to NULL if it is not + * implemented. + * + * Returns 0 on success or an error code less than 0. + */ + int (*delete_all)(const struct keymaster_device* dev); + + /** * Signs data using a key-blob generated before. This can use either * an asymmetric key or a secret key. * -- cgit v1.1