From 71e5790004f155fe31f522ee71b8f53e00319e4e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ren=C3=A9=20Meusel?= <rene.meusel@rohde-schwarz.com>
Date: Mon, 23 Sep 2024 11:00:38 +0200
Subject: [PATCH] Deprecate 0xFE30 X25519/Kyber512 code point

This code point falls into the 'private code point' region (RFC 8446 4.2.3)
and was used by pq.cloudflareresearch.com for hybrid key exchange using
X25519+KyberR3-512.
---
 src/lib/tls/tls_algos.h | 2 +-
 src/scripts/test_cli.py | 1 -
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/src/lib/tls/tls_algos.h b/src/lib/tls/tls_algos.h
index 6927e8df08d..d5869c04dfe 100644
--- a/src/lib/tls/tls_algos.h
+++ b/src/lib/tls/tls_algos.h
@@ -113,7 +113,7 @@ enum class Group_Params_Code : uint16_t {
 
    // Cloudflare code points for hybrid PQC
    // https://blog.cloudflare.com/post-quantum-for-all/
-   HYBRID_X25519_KYBER_512_R3_CLOUDFLARE = 0xFE30,
+   HYBRID_X25519_KYBER_512_R3_CLOUDFLARE BOTAN_DEPRECATED("removed without replacement") = 0xFE30,
 
    // libOQS defines those in:
    // https://github.com/open-quantum-safe/oqs-provider/blob/main/ALGORITHMS.md
diff --git a/src/scripts/test_cli.py b/src/scripts/test_cli.py
index db9fffe1408..bc53b7d8acf 100755
--- a/src/scripts/test_cli.py
+++ b/src/scripts/test_cli.py
@@ -1323,7 +1323,6 @@ def get_oqs_rootca():
         return get_oqs_resource("/CA.crt")
 
     test_cfg = [
-        TestConfig("pq.cloudflareresearch.com", "x25519/Kyber-512-r3/cloudflare"),
         TestConfig("pq.cloudflareresearch.com", "x25519/Kyber-768-r3"),
         TestConfig("google.com", "x25519/Kyber-768-r3"),