TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-crypto / dfc7f4a68433ca58306f7e53fc2571775a2b1bb3^! / . / include / mbedtls / rsa.h
commitdfc7f4a68433ca58306f7e53fc2571775a2b1bb3[log] [tgz]
authorJaeden Amero <jaeden.amero@arm.com>Wed Jul 10 11:33:37 2019 +0100
committerJaeden Amero <jaeden.amero@arm.com>Fri Jul 12 13:43:02 2019 +0100
tree88327feac827c2744c8c56a08875388abe267303
parent59ebddff68a11af3328e43a44854887902977e31 [diff] [blame]
Deprecate Mbed TLS cryptography API

The PSA Crypto API should be used instead. The Mbed TLS cryptography API
will still remain available under MBEDTLS_DEPRECATED_REMOVED, as Mbed
Crypto (which implements the PSA Crypto API) continues to rely on this
now internal API.

Functions in that are already considered internal and are not deprecated
by this commit. We already have the freedom to change or remove these
internal APIs.

Document the relationship between Mbed Crypto and Mbed TLS, describing
Mbed Crypto's dual purpose of providing both deprecated Mbed TLS
cryptography APIs and the PSA Crypto API.

diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h
index 840540b..8e073cd 100644
--- a/include/mbedtls/rsa.h
+++ b/include/mbedtls/rsa.h

@@ -38,6 +38,7 @@
 
 #include "mbedtls/bignum.h"
 #include "mbedtls/md.h"
+#include "mbedtls/platform_util.h"
 
 #if defined(MBEDTLS_THREADING_C)
 #include "mbedtls/threading.h"
@@ -165,6 +166,7 @@
  *                 \p padding is #MBEDTLS_RSA_PKCS_V21. It is unused
  *                 otherwise.
  */
+MBEDTLS_DEPRECATED
 void mbedtls_rsa_init( mbedtls_rsa_context *ctx,
                        int padding,
                        int hash_id );
@@ -198,6 +200,7 @@
  * \return         \c 0 on success.
  * \return         A non-zero error code on failure.
  */
+MBEDTLS_DEPRECATED
 int mbedtls_rsa_import( mbedtls_rsa_context *ctx,
                         const mbedtls_mpi *N,
                         const mbedtls_mpi *P, const mbedtls_mpi *Q,
@@ -237,6 +240,7 @@
  * \return         \c 0 on success.
  * \return         A non-zero error code on failure.
  */
+MBEDTLS_DEPRECATED
 int mbedtls_rsa_import_raw( mbedtls_rsa_context *ctx,
                             unsigned char const *N, size_t N_len,
                             unsigned char const *P, size_t P_len,
@@ -276,6 +280,7 @@
  *                 failed.
  *
  */
+MBEDTLS_DEPRECATED
 int mbedtls_rsa_complete( mbedtls_rsa_context *ctx );
 
 /**
@@ -318,6 +323,7 @@
  * \return         A non-zero return code on any other failure.
  *
  */
+MBEDTLS_DEPRECATED
 int mbedtls_rsa_export( const mbedtls_rsa_context *ctx,
                         mbedtls_mpi *N, mbedtls_mpi *P, mbedtls_mpi *Q,
                         mbedtls_mpi *D, mbedtls_mpi *E );
@@ -369,6 +375,7 @@
  *                 functionality or because of security policies.
  * \return         A non-zero return code on any other failure.
  */
+MBEDTLS_DEPRECATED
 int mbedtls_rsa_export_raw( const mbedtls_rsa_context *ctx,
                             unsigned char *N, size_t N_len,
                             unsigned char *P, size_t P_len,
@@ -395,6 +402,7 @@
  * \return         A non-zero error code on failure.
  *
  */
+MBEDTLS_DEPRECATED
 int mbedtls_rsa_export_crt( const mbedtls_rsa_context *ctx,
                             mbedtls_mpi *DP, mbedtls_mpi *DQ, mbedtls_mpi *QP );
 
@@ -407,6 +415,7 @@
  *                 #MBEDTLS_RSA_PKCS_V15 or #MBEDTLS_RSA_PKCS_V21.
  * \param hash_id  The #MBEDTLS_RSA_PKCS_V21 hash identifier.
  */
+MBEDTLS_DEPRECATED
 void mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding,
                               int hash_id );
 
@@ -418,6 +427,7 @@
  * \return         The length of the RSA modulus in Bytes.
  *
  */
+MBEDTLS_DEPRECATED
 size_t mbedtls_rsa_get_len( const mbedtls_rsa_context *ctx );
 
 /**
@@ -438,6 +448,7 @@
  * \return         \c 0 on success.
  * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
  */
+MBEDTLS_DEPRECATED
 int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx,
                          int (*f_rng)(void *, unsigned char *, size_t),
                          void *p_rng,
@@ -457,6 +468,7 @@
  * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
  *
  */
+MBEDTLS_DEPRECATED
 int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx );
 
 /**
@@ -495,6 +507,7 @@
  * \return     \c 0 on success.
  * \return     An \c MBEDTLS_ERR_RSA_XXX error code on failure.
  */
+MBEDTLS_DEPRECATED
 int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx );
 
 /**
@@ -508,6 +521,7 @@
  * \return         \c 0 on success.
  * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
  */
+MBEDTLS_DEPRECATED
 int mbedtls_rsa_check_pub_priv( const mbedtls_rsa_context *pub,
                                 const mbedtls_rsa_context *prv );
 
@@ -530,6 +544,7 @@
  * \return         \c 0 on success.
  * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
  */
+MBEDTLS_DEPRECATED
 int mbedtls_rsa_public( mbedtls_rsa_context *ctx,
                 const unsigned char *input,
                 unsigned char *output );
@@ -565,6 +580,7 @@
  * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
  *
  */
+MBEDTLS_DEPRECATED
 int mbedtls_rsa_private( mbedtls_rsa_context *ctx,
                  int (*f_rng)(void *, unsigned char *, size_t),
                  void *p_rng,
@@ -610,6 +626,7 @@
  * \return         \c 0 on success.
  * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
  */
+MBEDTLS_DEPRECATED
 int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx,
                        int (*f_rng)(void *, unsigned char *, size_t),
                        void *p_rng,
@@ -651,6 +668,7 @@
  * \return         \c 0 on success.
  * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
  */
+MBEDTLS_DEPRECATED
 int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx,
                                  int (*f_rng)(void *, unsigned char *, size_t),
                                  void *p_rng,
@@ -696,6 +714,7 @@
  * \return           \c 0 on success.
  * \return           An \c MBEDTLS_ERR_RSA_XXX error code on failure.
  */
+MBEDTLS_DEPRECATED
 int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx,
                             int (*f_rng)(void *, unsigned char *, size_t),
                             void *p_rng,
@@ -749,6 +768,7 @@
  * \return         \c 0 on success.
  * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
  */
+MBEDTLS_DEPRECATED
 int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx,
                        int (*f_rng)(void *, unsigned char *, size_t),
                        void *p_rng,
@@ -799,6 +819,7 @@
  * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
  *
  */
+MBEDTLS_DEPRECATED
 int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx,
                                  int (*f_rng)(void *, unsigned char *, size_t),
                                  void *p_rng,
@@ -853,6 +874,7 @@
  * \return         \c 0 on success.
  * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
  */
+MBEDTLS_DEPRECATED
 int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx,
                             int (*f_rng)(void *, unsigned char *, size_t),
                             void *p_rng,
@@ -912,6 +934,7 @@
  * \return         \c 0 if the signing operation was successful.
  * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
  */
+MBEDTLS_DEPRECATED
 int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx,
                     int (*f_rng)(void *, unsigned char *, size_t),
                     void *p_rng,
@@ -959,6 +982,7 @@
  * \return         \c 0 if the signing operation was successful.
  * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
  */
+MBEDTLS_DEPRECATED
 int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx,
                                int (*f_rng)(void *, unsigned char *, size_t),
                                void *p_rng,
@@ -1020,6 +1044,7 @@
  * \return         \c 0 if the signing operation was successful.
  * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
  */
+MBEDTLS_DEPRECATED
 int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx,
                          int (*f_rng)(void *, unsigned char *, size_t),
                          void *p_rng,
@@ -1073,6 +1098,7 @@
  * \return         \c 0 if the verify operation was successful.
  * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
  */
+MBEDTLS_DEPRECATED
 int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx,
                       int (*f_rng)(void *, unsigned char *, size_t),
                       void *p_rng,
@@ -1119,6 +1145,7 @@
  * \return         \c 0 if the verify operation was successful.
  * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
  */
+MBEDTLS_DEPRECATED
 int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx,
                                  int (*f_rng)(void *, unsigned char *, size_t),
                                  void *p_rng,
@@ -1176,6 +1203,7 @@
  * \return         \c 0 if the verify operation was successful.
  * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
  */
+MBEDTLS_DEPRECATED
 int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx,
                            int (*f_rng)(void *, unsigned char *, size_t),
                            void *p_rng,
@@ -1224,6 +1252,7 @@
  * \return         \c 0 if the verify operation was successful.
  * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
  */
+MBEDTLS_DEPRECATED
 int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx,
                                int (*f_rng)(void *, unsigned char *, size_t),
                                void *p_rng,
@@ -1244,6 +1273,7 @@
  * \return         \c 0 on success.
  * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory allocation failure.
  */
+MBEDTLS_DEPRECATED
 int mbedtls_rsa_copy( mbedtls_rsa_context *dst, const mbedtls_rsa_context *src );
 
 /**
@@ -1253,6 +1283,7 @@
  *                 this function is a no-op. If it is not \c NULL, it must
  *                 point to an initialized RSA context.
  */
+MBEDTLS_DEPRECATED
 void mbedtls_rsa_free( mbedtls_rsa_context *ctx );
 
 #if defined(MBEDTLS_SELF_TEST)
@@ -1263,6 +1294,7 @@
  * \return         \c 0 on success.
  * \return         \c 1 on failure.
  */
+MBEDTLS_DEPRECATED
 int mbedtls_rsa_self_test( int verbose );
 
 #endif /* MBEDTLS_SELF_TEST */