commit dfc7f4a68433ca58306f7e53fc2571775a2b1bb3
author Jaeden Amero <jaeden.amero@arm.com> Wed Jul 10 11:33:37 2019 +0100
committer Jaeden Amero <jaeden.amero@arm.com> Fri Jul 12 13:43:02 2019 +0100
tree 88327feac827c2744c8c56a08875388abe267303
parent 59ebddff68a11af3328e43a44854887902977e31

Deprecate Mbed TLS cryptography API

The PSA Crypto API should be used instead. The Mbed TLS cryptography API
will still remain available under MBEDTLS_DEPRECATED_REMOVED, as Mbed
Crypto (which implements the PSA Crypto API) continues to rely on this
now internal API.

Functions in that are already considered internal and are not deprecated
by this commit. We already have the freedom to change or remove these
internal APIs.

Document the relationship between Mbed Crypto and Mbed TLS, describing
Mbed Crypto's dual purpose of providing both deprecated Mbed TLS
cryptography APIs and the PSA Crypto API.

include/mbedtls/des.h

diff --git a/include/mbedtls/des.h b/include/mbedtls/des.h
index 1c80b53..5debba1 100644
--- a/include/mbedtls/des.h
+++ b/include/mbedtls/des.h
@@ -35,6 +35,7 @@
 #include MBEDTLS_CONFIG_FILE
 #endif
 
+#include "mbedtls/platform_util.h"
 #include <stddef.h>
 #include <stdint.h>
 
@@ -91,6 +92,7 @@
  *                 security risk. We recommend considering stronger ciphers
  *                 instead.
  */
+MBEDTLS_DEPRECATED
 void mbedtls_des_init( mbedtls_des_context *ctx );
 
 /**
@@ -102,6 +104,7 @@
  *                 security risk. We recommend considering stronger ciphers
  *                 instead.
  */
+MBEDTLS_DEPRECATED
 void mbedtls_des_free( mbedtls_des_context *ctx );
 
 /**
@@ -109,6 +112,7 @@
  *
  * \param ctx      DES3 context to be initialized
  */
+MBEDTLS_DEPRECATED
 void mbedtls_des3_init( mbedtls_des3_context *ctx );
 
 /**
@@ -116,6 +120,7 @@
  *
  * \param ctx      DES3 context to be cleared
  */
+MBEDTLS_DEPRECATED
 void mbedtls_des3_free( mbedtls_des3_context *ctx );
 
 /**
@@ -130,6 +135,7 @@
  *                 security risk. We recommend considering stronger ciphers
  *                 instead.
  */
+MBEDTLS_DEPRECATED
 void mbedtls_des_key_set_parity( unsigned char key[MBEDTLS_DES_KEY_SIZE] );
 
 /**
@@ -146,6 +152,7 @@
  *                 security risk. We recommend considering stronger ciphers
  *                 instead.
  */
+MBEDTLS_DEPRECATED
 int mbedtls_des_key_check_key_parity( const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
 
 /**
@@ -159,6 +166,7 @@
  *                 security risk. We recommend considering stronger ciphers
  *                 instead.
  */
+MBEDTLS_DEPRECATED
 int mbedtls_des_key_check_weak( const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
 
 /**
@@ -173,6 +181,7 @@
  *                 security risk. We recommend considering stronger ciphers
  *                 instead.
  */
+MBEDTLS_DEPRECATED
 int mbedtls_des_setkey_enc( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
 
 /**
@@ -187,6 +196,7 @@
  *                 security risk. We recommend considering stronger ciphers
  *                 instead.
  */
+MBEDTLS_DEPRECATED
 int mbedtls_des_setkey_dec( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
 
 /**
@@ -197,6 +207,7 @@
  *
  * \return         0
  */
+MBEDTLS_DEPRECATED
 int mbedtls_des3_set2key_enc( mbedtls_des3_context *ctx,
                       const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] );
 
@@ -208,6 +219,7 @@
  *
  * \return         0
  */
+MBEDTLS_DEPRECATED
 int mbedtls_des3_set2key_dec( mbedtls_des3_context *ctx,
                       const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] );
 
@@ -219,6 +231,7 @@
  *
  * \return         0
  */
+MBEDTLS_DEPRECATED
 int mbedtls_des3_set3key_enc( mbedtls_des3_context *ctx,
                       const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] );
 
@@ -230,6 +243,7 @@
  *
  * \return         0
  */
+MBEDTLS_DEPRECATED
 int mbedtls_des3_set3key_dec( mbedtls_des3_context *ctx,
                       const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] );
 
@@ -246,6 +260,7 @@
  *                 security risk. We recommend considering stronger ciphers
  *                 instead.
  */
+MBEDTLS_DEPRECATED
 int mbedtls_des_crypt_ecb( mbedtls_des_context *ctx,
                     const unsigned char input[8],
                     unsigned char output[8] );
@@ -273,6 +288,7 @@
  *                 security risk. We recommend considering stronger ciphers
  *                 instead.
  */
+MBEDTLS_DEPRECATED
 int mbedtls_des_crypt_cbc( mbedtls_des_context *ctx,
                     int mode,
                     size_t length,
@@ -290,6 +306,7 @@
  *
  * \return         0 if successful
  */
+MBEDTLS_DEPRECATED
 int mbedtls_des3_crypt_ecb( mbedtls_des3_context *ctx,
                      const unsigned char input[8],
                      unsigned char output[8] );
@@ -315,6 +332,7 @@
  *
  * \return         0 if successful, or MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH
  */
+MBEDTLS_DEPRECATED
 int mbedtls_des3_crypt_cbc( mbedtls_des3_context *ctx,
                      int mode,
                      size_t length,
@@ -335,6 +353,7 @@
  *                 security risk. We recommend considering stronger ciphers
  *                 instead.
  */
+MBEDTLS_DEPRECATED
 void mbedtls_des_setkey( uint32_t SK[32],
                          const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
 
@@ -345,6 +364,7 @@
  *
  * \return         0 if successful, or 1 if the test failed
  */
+MBEDTLS_DEPRECATED
 int mbedtls_des_self_test( int verbose );
 
 #endif /* MBEDTLS_SELF_TEST */