Access the keystore via a path rather than the CoreContext

src/api.rs

@@ -31,6 +31,11 @@ generate_enums! {
     DeserializeKey: 5
     Encrypt: 6
     Delete: 7
+    // Clear private data from the key
+    // This will not always delete all metadata from storage.
+    // Other backends can retain metadata required for `unwrap_key` to work properly
+    // and delete this metadata only once `delete` is called.
+    Clear: 63
     DeleteAllKeys: 25
     Exists: 8
     // DeriveKeypair: 3
@@ -150,6 +155,9 @@ pub mod request {
         Delete:
           - key: KeyId
 
+        Clear:
+          - key: KeyId
+
         DeleteAllKeys:
           - location: Location
 
@@ -383,6 +391,9 @@ pub mod reply {
         Delete:
             - success: bool
 
+        Clear:
+            - success: bool
+
         DeleteAllKeys:
             - count: usize
 

src/client.rs

@@ -347,6 +347,18 @@ pub trait CryptoClient: PollClient {
         })
     }
 
+    /// Clear private data from the key
+    ///
+    /// This will not delete all metadata from storage.
+    /// Other backends can retain metadata required for `unwrap_key` to work properly
+    /// and delete this metadata only once `delete` is called.
+    fn clear(&mut self, key: KeyId) -> ClientResult<'_, reply::Delete, Self> {
+        self.request(request::Delete {
+            key,
+            // mechanism,
+        })
+    }
+
     /// Skips deleting read-only / manufacture keys (currently, "low ID").
     fn delete_all(&mut self, location: Location) -> ClientResult<'_, reply::DeleteAllKeys, Self> {
         self.request(request::DeleteAllKeys { location })

src/service.rs

@@ -115,9 +115,9 @@ impl<P: Platform> ServiceResources<P> {
         ClientFilestore::new(PathBuf::from("trussed"), self.platform.store())
     }
 
-    pub fn keystore(&mut self, ctx: &CoreContext) -> Result<ClientKeystore<P::S>> {
+    pub fn keystore(&mut self, client_id: PathBuf) -> Result<ClientKeystore<P::S>> {
         self.rng()
-            .map(|rng| ClientKeystore::new(ctx.path.clone(), rng, self.platform.store()))
+            .map(|rng| ClientKeystore::new(client_id, rng, self.platform.store()))
             .map_err(|_| Error::EntropyMalfunction)
     }
 
@@ -141,7 +141,7 @@ impl<P: Platform> ServiceResources<P> {
 
         let full_store = self.platform.store();
 
-        let keystore = &mut self.keystore(ctx)?;
+        let keystore = &mut self.keystore(ctx.path.clone())?;
         let certstore = &mut self.certstore(ctx)?;
         let counterstore = &mut self.counterstore(ctx)?;
         let filestore = &mut self.filestore(ctx.path.clone());
@@ -225,6 +225,11 @@ impl<P: Platform> ServiceResources<P> {
                 Ok(Reply::Delete(reply::Delete { success } ))
             },
 
+            Request::Clear(request) => {
+                let success = keystore.clear_key(&request.key);
+                Ok(Reply::Clear(reply::Clear { success } ))
+            },
+
             Request::DeleteAllKeys(request) => {
                 let count = keystore.delete_all(request.location)?;
                 Ok(Reply::DeleteAllKeys(reply::DeleteAllKeys { count } ))

src/store/keystore.rs

@@ -52,6 +52,7 @@ pub trait Keystore {
     /// Return Header of key, if it exists
     fn key_info(&self, secrecy: key::Secrecy, id: &KeyId) -> Option<key::Info>;
     fn delete_key(&self, id: &KeyId) -> bool;
+    fn clear_key(&self, id: &KeyId) -> bool;
     fn delete_all(&self, location: Location) -> Result<usize>;
     fn load_key(
         &self,
@@ -152,6 +153,10 @@ impl<S: Store> Keystore for ClientKeystore<S> {
         })
     }
 
+    fn clear_key(&self, id: &KeyId) -> bool {
+        self.delete_key(id)
+    }
+
     /// TODO: This uses the predicate "filename.len() >= 4"
     /// Be more principled :)
     fn delete_all(&self, location: Location) -> Result<usize> {