Merge pull request #4560 from randombit/jack/more-deprecations

Further deprecations

doc/api_ref/pubkey.rst

@@ -209,8 +209,10 @@ A post-quantum secure key encapsulation scheme based on (unstructured) lattices.
 McEliece
 ~~~~~~~~~~
 
+.. deprecated:: 3.0.0
+
 Post-quantum secure key encapsulation scheme based on the hardness of certain
-decoding problems.
+decoding problems. Deprecated; use Classic McEliece
 
 Classic McEliece
 ~~~~~~~~~~~~~~~~
@@ -226,6 +228,8 @@ except in PGP.
 DSA
 ~~~~
 
+.. deprecated:: 3.7.0
+
 Finite field based signature scheme. A NIST standard but now quite obsolete.
 
 ECGDSA, ECKCDSA, SM2, GOST-34.10
@@ -235,6 +239,8 @@ A set of signature schemes based on elliptic curves. All are national standards
 in their respective countries (Germany, South Korea, China, and Russia, resp),
 and are completely obscure and unused outside of that context.
 
+GOST-34.10 support is deprecated.
+
 .. _creating_new_private_keys:
 
 Creating New Private Keys

doc/deprecated.rst

@@ -129,6 +129,9 @@ Deprecated modules include
 
 - MAC ``x919_mac``: Quite obsolete at this point
 
+- Signature scheme ``dsa``: Finite field DSA is slow, very rarely used anymore,
+  and no longer approved by NIST
+
 - Signature scheme ``gost_3410``
 
 - McEliece implementation ``mce``. Will be replaced by the proposal Classic
@@ -210,6 +213,7 @@ internal to the library in the future.
 
   Internal implementation headers - seemingly no reason for applications to use:
   ``curve_gfp.h``,
+  ``numthry.h``,
   ``reducer.h``,
   ``tls_algos.h``,
   ``tls_magic.h``

readme.rst

@@ -115,11 +115,9 @@ Public Key Cryptography
 
 * RSA signatures and encryption
 * DH, ECDH, X25519 and X448 key agreement
-* Signature schemes ECDSA, DSA, Ed25519, Ed448, ECGDSA, ECKCDSA, SM2, GOST 34.10
+* Elliptic curve signature schemes ECDSA, Ed25519, Ed448, ECGDSA, ECKCDSA, SM2
 * Post-quantum signature schemes ML-DSA (Dilithium), SLH-DSA (SPHINCS+), HSS/LMS, XMSS
 * Post-quantum key encapsulation schemes ML-KEM (Kyber), FrodoKEM, Classic McEliece
-* ElGamal encryption
-* Padding schemes OAEP, PSS, PKCS #1 v1.5, X9.31
 
 Ciphers, hashes, MACs, and checksums
 ----------------------------------------
@@ -138,7 +136,7 @@ Other Useful Things
 ----------------------------------------
 
 * Full C++ PKCS #11 API wrapper
-* Interfaces for TPM v1.2 and v2.0 device access
+* Interfaces for TPM v2.0 device access
 * Simple compression API wrapping zlib, bzip2, and lzma libraries
 * RNG wrappers for system RNG, ESDM and hardware RNGs
 * HMAC_DRBG and entropy collection system for userspace RNGs

src/lib/math/numbertheory/numthry.h

@@ -10,6 +10,8 @@
 
 #include <botan/bigint.h>
 
+BOTAN_FUTURE_INTERNAL_HEADER(numthry.h)
+
 namespace Botan {
 
 class RandomNumberGenerator;

src/lib/pubkey/dsa/dsa.h

@@ -11,6 +11,8 @@
 #include <botan/pk_keys.h>
 #include <memory>
 
+BOTAN_DEPRECATED_HEADER("dsa.h")
+
 namespace Botan {
 
 class BigInt;

src/lib/pubkey/ed25519/ed25519.h

@@ -106,15 +106,18 @@ class BOTAN_PUBLIC_API(2, 2) Ed25519_PrivateKey final : public Ed25519_PublicKey
 
 BOTAN_DIAGNOSTIC_POP
 
+BOTAN_DEPRECATED("Use Ed25519_PrivateKey or Sodium::crypto_sign_ed25519_seed_keypair")
 void ed25519_gen_keypair(uint8_t pk[32], uint8_t sk[64], const uint8_t seed[32]);
 
+BOTAN_DEPRECATED("Use Ed25519_PrivateKey or Sodium::crypto_sign_ed25519_detached")
 void ed25519_sign(uint8_t sig[64],
                   const uint8_t msg[],
                   size_t msg_len,
                   const uint8_t sk[64],
                   const uint8_t domain_sep[],
                   size_t domain_sep_len);
 
+BOTAN_DEPRECATED("Use Ed25519_PublicKey or Sodium::crypto_sign_ed25519_verify_detached")
 bool ed25519_verify(const uint8_t msg[],
                     size_t msg_len,
                     const uint8_t sig[64],

src/lib/pubkey/gost_3410/gost_3410.h

@@ -12,6 +12,8 @@
 
 #include <botan/ecc_key.h>
 
+BOTAN_DEPRECATED_HEADER("gost_3410.h")
+
 namespace Botan {
 
 /**