Clean up pkey slots and volatile keys on client logout.

1 files changed, 21 insertions, 0 deletions

diff --git a/hal_internal.h b/hal_internal.h
index 56d0936..b20bff2 100644
--- a/hal_internal.h
+++ b/hal_internal.h
@@ -428,6 +428,12 @@ extern hal_error_t hal_mkm_flash_erase(const size_t len);
 #endif
 
 /*
+ * Clean up pkey stuff that's tied to a particular client.
+ */
+
+extern hal_error_t hal_pkey_client_cleanup(const hal_client_handle_t client);
+
+/*
  * Keystore API for use by the pkey implementation.
  *
  * In an attempt to emulate what current theory says will eventually
@@ -520,6 +526,9 @@ struct hal_ks_driver {
                                 uint8_t *attributes_buffer,
                                 const size_t attributes_buffer_len);
 
+  hal_error_t  (*client_cleanup)(hal_ks_t *ks,
+                                 const hal_client_handle_t client);
+
 };
 
 
@@ -681,6 +690,18 @@ static inline hal_error_t hal_ks_get_attributes(hal_ks_t *ks,
                                     attributes_buffer, attributes_buffer_len);
 }
 
+static inline hal_error_t hal_ks_client_cleanup(hal_ks_t *ks,
+                                                const hal_client_handle_t client)
+{
+  if (ks == NULL)
+    return HAL_ERROR_BAD_ARGUMENTS;
+
+  if (ks->client_cleanup == NULL || client.handle == HAL_HANDLE_NONE)
+    return HAL_OK;
+
+  return ks->driver->client_cleanup(ks, client);
+}
+
 /*
  * Keystore index.  This is intended to be usable by both memory-based
  * (in-memory, mmap(), ...) keystores and keystores based on raw flash.