Deprecation warnings for key enrollment algorithm

LDong-Arm · LDong-Arm · commit eb0ac5949436 · 2021-02-25T14:02:57.000Z
Setting/getting key enrollment algorithm is not recommended and not
part of the vanilla PSA or TF-M. For now keep the API just for
backward compatibility with existing projects, and this commit
adds deprecation warnings.
diff --git a/platform/FEATURE_EXPERIMENTAL_API/FEATURE_PSA/TARGET_MBED_PSA_SRV/inc/psa/crypto_extra.h b/platform/FEATURE_EXPERIMENTAL_API/FEATURE_PSA/TARGET_MBED_PSA_SRV/inc/psa/crypto_extra.h
@@ -32,6 +32,8 @@
 
 #include "crypto_compat.h"
 
+#include "platform/mbed_toolchain.h"
+
 #ifdef __cplusplus
 extern "C" {
 #endif
@@ -54,15 +56,17 @@ extern "C" {
  *                              for, in addition to the algorithm set with
  *                              psa_set_key_algorithm().
  *
- * \warning Setting an enrollment algorithm is not recommended, because
- *          using the same key with different algorithms can allow some
- *          attacks based on arithmetic relations between different
- *          computations made with the same key, or can escalate harmless
- *          side channels into exploitable ones. Use this function only
- *          if it is necessary to support a protocol for which it has been
- *          verified that the usage of the key with multiple algorithms
- *          is safe.
+ * \deprecated  This is for backward compatibility only.
+ *              Setting an enrollment algorithm is not recommended, because
+ *              using the same key with different algorithms can allow some
+ *              attacks based on arithmetic relations between different
+ *              computations made with the same key, or can escalate harmless
+ *              side channels into exploitable ones. Use this function only
+ *              if it is necessary to support a protocol for which it has been
+ *              verified that the usage of the key with multiple algorithms
+ *              is safe.
  */
+MBED_DEPRECATED("Setting enrollment algorithm is for backward compatibility and not recommended.")
 static inline void psa_set_key_enrollment_algorithm(
     psa_key_attributes_t *attributes,
     psa_algorithm_t alg2)
@@ -75,7 +79,10 @@ static inline void psa_set_key_enrollment_algorithm(
  * \param[in] attributes        The key attribute structure to query.
  *
  * \return The enrollment algorithm stored in the attribute structure.
+ * \deprecated  This is for backward compatibility only.
+ *              Deprecated along with psa_set_key_enrollment_algorithm().
  */
+MBED_DEPRECATED("Getting enrollment algorithm is for backward compatibility and not recommended.")
 static inline psa_algorithm_t psa_get_key_enrollment_algorithm(
     const psa_key_attributes_t *attributes)
 {
diff --git a/platform/FEATURE_EXPERIMENTAL_API/FEATURE_PSA/TARGET_TFM/TARGET_TFM_LATEST/include/psa/crypto_extra.h b/platform/FEATURE_EXPERIMENTAL_API/FEATURE_PSA/TARGET_TFM/TARGET_TFM_LATEST/include/psa/crypto_extra.h
@@ -20,6 +20,8 @@
 
 #include "psa/crypto_compat.h"
 
+#include "platform/mbed_toolchain.h"
+
 #ifdef __cplusplus
 extern "C" {
 #endif
@@ -145,6 +147,7 @@ static inline psa_ecc_family_t mbedtls_ecc_group_to_psa( mbedtls_ecp_group_id gr
  *              verified that the usage of the key with multiple algorithms
  *              is safe.
  */
+MBED_DEPRECATED("Setting enrollment algorithm is for backward compatibility and not recommended.")
 static inline void psa_set_key_enrollment_algorithm(
     psa_key_attributes_t *attributes,
     psa_algorithm_t alg2)
@@ -161,6 +164,7 @@ static inline void psa_set_key_enrollment_algorithm(
  * \deprecated  This is for backward compatibility only.
  *              Deprecated along with psa_set_key_enrollment_algorithm().
  */
+MBED_DEPRECATED("Getting enrollment algorithm is for backward compatibility and not recommended.")
 static inline psa_algorithm_t psa_get_key_enrollment_algorithm(
     const psa_key_attributes_t *attributes)
 {
