Deprecate 0xFE30 X25519/Kyber512 code point

This code point falls into the 'private code point' region (RFC 8446 4.2.3) and was used by pq.cloudflareresearch.com for hybrid key exchange using X25519+KyberR3-512.
randombit · Sep 23, 2024 · 71e5790 · 71e5790
1 parent 0639e82
commit 71e5790
Show file tree

Hide file tree

Showing 2 changed files with 1 addition and 2 deletions.
diff --git a/src/lib/tls/tls_algos.h b/src/lib/tls/tls_algos.h
@@ -113,7 +113,7 @@ enum class Group_Params_Code : uint16_t {
 
    // Cloudflare code points for hybrid PQC
    // https://blog.cloudflare.com/post-quantum-for-all/
-   HYBRID_X25519_KYBER_512_R3_CLOUDFLARE = 0xFE30,
+   HYBRID_X25519_KYBER_512_R3_CLOUDFLARE BOTAN_DEPRECATED("removed without replacement") = 0xFE30,
 
    // libOQS defines those in:
    // https://github.com/open-quantum-safe/oqs-provider/blob/main/ALGORITHMS.md

diff --git a/src/scripts/test_cli.py b/src/scripts/test_cli.py
@@ -1323,7 +1323,6 @@ def get_oqs_rootca():
         return get_oqs_resource("/CA.crt")
 
     test_cfg = [
-        TestConfig("pq.cloudflareresearch.com", "x25519/Kyber-512-r3/cloudflare"),
         TestConfig("pq.cloudflareresearch.com", "x25519/Kyber-768-r3"),
         TestConfig("google.com", "x25519/Kyber-768-r3"),