commit 277a85f1ef7e46724f1cbd4f9e222bec6bce21ec
author Ronald Cron <ronald.cron@arm.com> Tue Aug 04 15:49:48 2020 +0200
committer Ronald Cron <ronald.cron@arm.com> Tue Nov 10 16:00:41 2020 +0100
tree b52e74e4fd5a939baa18f3470036345012e6c26b
parent cf56a0a320469a28d8b825f7f028fa5ea01c2ac3

Add psa_purge_key API

Signed-off-by: Ronald Cron <ronald.cron@arm.com>

include/psa/crypto.h

diff --git a/include/psa/crypto.h b/include/psa/crypto.h
index 2620af5..15ffe22 100644
--- a/include/psa/crypto.h
+++ b/include/psa/crypto.h
@@ -387,6 +387,29 @@
  * @{
  */
 
+/** Remove non-essential copies of key material from memory.
+ *
+ * If the key identifier designates a volatile key, this functions does not do
+ * anything and returns successfully.
+ *
+ * If the key identifier designates a persistent key, then this function will
+ * free all resources associated with the key in volatile memory. The key
+ * data in persistent storage is not affected and the key can still be used.
+ *
+ * \param key Identifier of the key to purge.
+ *
+ * \retval #PSA_SUCCESS
+ *         The key material will have been removed from memory if it is not
+ *         currently required.
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ *         \p key is not a valid key identifier.
+ * \retval #PSA_ERROR_BAD_STATE
+ *         The library has not been previously initialized by psa_crypto_init().
+ *         It is implementation-dependent whether a failure to initialize
+ *         results in this error code.
+ */
+psa_status_t psa_purge_key(mbedtls_svc_key_id_t key);
+
 /** Make a copy of a key.
  *
  * Copy key material from one location to another.