Remove unused hybrid named groups

Summary: Remove the following unused hybrid named groups: * `secp521r1_x25519` * `secp256r1_kyber512` * `secp384r1_kyber768` Differential Revision: D68354245 fbshipit-source-id: ccdc324531fd1810f10a3fbd3a28f7b8f83e2754
facebookincubator · Jan 21, 2025 · 31187d3 · 31187d3
1 parent fd4f190
commit 31187d3
Show file tree

Hide file tree

Showing 5 changed files with 2 additions and 39 deletions.
diff --git a/fizz/protocol/MultiBackendFactory.cpp b/fizz/protocol/MultiBackendFactory.cpp
@@ -47,10 +47,6 @@ std::unique_ptr<KeyExchange> MultiBackendFactory::makeKeyExchange(
       return std::make_unique<HybridKeyExchange>(
           fizz::liboqs::makeKeyExchange<MLKEM512>(role),
           fizz::libsodium::makeKeyExchange<fizz::X25519>());
-    case NamedGroup::secp256r1_kyber512:
-      return std::make_unique<HybridKeyExchange>(
-          fizz::openssl::makeKeyExchange<fizz::P256>(),
-          fizz::liboqs::makeKeyExchange<Kyber512>(role));
     case NamedGroup::kyber512:
       return fizz::liboqs::makeKeyExchange<Kyber512>(role);
     case NamedGroup::x25519_kyber768_draft00:
@@ -62,10 +58,6 @@ std::unique_ptr<KeyExchange> MultiBackendFactory::makeKeyExchange(
       return std::make_unique<HybridKeyExchange>(
           fizz::openssl::makeKeyExchange<fizz::P256>(),
           fizz::liboqs::makeKeyExchange<Kyber768>(role));
-    case NamedGroup::secp384r1_kyber768:
-      return std::make_unique<HybridKeyExchange>(
-          fizz::openssl::makeKeyExchange<fizz::P384>(),
-          fizz::liboqs::makeKeyExchange<Kyber768>(role));
 #endif
     default:
       throw std::runtime_error("ke: not implemented");

diff --git a/fizz/protocol/test/MultiBackendFactoryTest.cpp b/fizz/protocol/test/MultiBackendFactoryTest.cpp
@@ -43,15 +43,13 @@ INSTANTIATE_TEST_SUITE_P(
 #if FIZZ_HAVE_OQS
         ,
         NamedGroup::x25519_kyber512,
-        NamedGroup::secp256r1_kyber512,
         NamedGroup::kyber512,
         NamedGroup::x25519_kyber768_draft00,
         NamedGroup::x25519_kyber768_experimental,
         NamedGroup::x25519_kyber512_experimental,
         NamedGroup::X25519MLKEM512_FB,
         NamedGroup::X25519MLKEM768,
-        NamedGroup::secp256r1_kyber768_draft00,
-        NamedGroup::secp384r1_kyber768
+        NamedGroup::secp256r1_kyber768_draft00
 #endif
         ),
     [](const testing::TestParamInfo<

diff --git a/fizz/record/Types.cpp b/fizz/record/Types.cpp
@@ -275,12 +275,8 @@ std::string toString(NamedGroup group) {
       return "X25519MLKEM512_FB";
     case NamedGroup::X25519MLKEM768:
       return "X25519MLKEM768";
-    case NamedGroup::secp521r1_x25519:
-      return "secp521r1_x25519";
     case NamedGroup::x25519_kyber512:
       return "x25519_kyber512";
-    case NamedGroup::secp256r1_kyber512:
-      return "secp256r1_kyber512";
     case NamedGroup::kyber512:
       return "kyber512";
     case NamedGroup::x25519_kyber768_draft00:
@@ -291,8 +287,6 @@ std::string toString(NamedGroup group) {
       return "x25519_kyber512_experimental";
     case NamedGroup::secp256r1_kyber768_draft00:
       return "secp256r1_kyber768_draft00";
-    case NamedGroup::secp384r1_kyber768:
-      return "secp384r1_kyber768";
   }
   return enumToHex(group);
 }

diff --git a/fizz/record/Types.h b/fizz/record/Types.h
@@ -364,13 +364,6 @@ enum class NamedGroup : uint16_t {
   x25519_kyber768_experimental = 65024,
   x25519_kyber512_experimental = 65025,
 
-  /**
-   * Hybrid of secp521r1 and x25519. TLS Supported Group 510 is reserved for
-   * private use, see
-   * https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8
-   */
-  secp521r1_x25519 = 510,
-
   // Standardized algorithms. See
   // https://datatracker.ietf.org/doc/html/draft-ietf-tls-hybrid-design-05#section-5
 
@@ -380,23 +373,11 @@ enum class NamedGroup : uint16_t {
    */
   x25519_kyber512 = 12089,
 
-  /**
-   * Experimental ID, see
-   * https://github.com/aws/s2n-tls/blob/main/tls/s2n_tls_parameters.h#L70
-   */
-  secp256r1_kyber512 = 12090,
-
   /**
    * Performance test only. Purely relying on unverified post-quantum crypto may
    * cause security flaws.
    */
   kyber512 = 511,
-
-  /**
-   * Experimental ID, see
-   * https://github.com/open-quantum-safe/boringssl/blob/master/include/openssl/ssl.h#L2410
-   */
-  secp384r1_kyber768 = 12092,
 };
 
 std::string toString(NamedGroup);

diff --git a/fizz/util/Parse-inl.h b/fizz/util/Parse-inl.h
@@ -59,16 +59,14 @@ inline NamedGroup parse(folly::StringPiece s) {
       {"secp521r1", NamedGroup::secp521r1},
       {"x25519", NamedGroup::x25519},
       {"x25519_kyber512", NamedGroup::x25519_kyber512},
-      {"secp256r1_kyber512", NamedGroup::secp256r1_kyber512},
       {"x25519_kyber768_draft00", NamedGroup::x25519_kyber768_draft00},
       {"x25519_kyber768_experimental",
        NamedGroup::x25519_kyber768_experimental},
       {"x25519_kyber512_experimental",
        NamedGroup::x25519_kyber512_experimental},
       {"X25519MLKEM512_FB", NamedGroup::X25519MLKEM512_FB},
       {"X25519MLKEM768", NamedGroup::X25519MLKEM768},
-      {"secp256r1_kyber768_draft00", NamedGroup::secp256r1_kyber768_draft00},
-      {"secp384r1_kyber768", NamedGroup::secp384r1_kyber768}};
+      {"secp256r1_kyber768_draft00", NamedGroup::secp256r1_kyber768_draft00}};
 
   auto location = stringToGroups.find(s);
   if (location != stringToGroups.end()) {