Issue #23 considers interruptible API design, and specifically looks at an API for asymmetric signature. There is a PR for an interruptible API for asymmetric signature creation and verification in #107.

Another use case that requires an interruptible operation is key agreement, in particular ECDH. (See Mbed-TLS/mbedtls#9044)

For ECDH, the complex computation occurs at the following points:

1. Computing the public key from an ECC private key.
2. Validation of the public key provided by the other participant.
3. Computing the shared secret from the two input keys.

In the current PSA Crypto API, steps (2) and (3) occur as part of the key agreement function. Step (1) might occur during key generation, or during public key export, depending on the implementation's approach to storing ECC keys.

For full coverage of the key agreement use case we would need interruptible operations for all three APIs (key generation, key export, and key agreement).

As each of these functions have simple (bounded) inputs, the interruptible operations can be much simpler that the one designed for asymmetric signature. In particular, each operation only requires a single setup function taking all the inputs (called once) and a single completion function providing the outputs (called until finished).