From 31187d3554973e82c1515311e3f39bce30bb4f7d Mon Sep 17 00:00:00 2001 From: Jolene Tan Date: Tue, 21 Jan 2025 09:46:43 -0800 Subject: [PATCH] Remove unused hybrid named groups Summary: Remove the following unused hybrid named groups: * `secp521r1_x25519` * `secp256r1_kyber512` * `secp384r1_kyber768` Differential Revision: D68354245 fbshipit-source-id: ccdc324531fd1810f10a3fbd3a28f7b8f83e2754 --- fizz/protocol/MultiBackendFactory.cpp | 8 -------- .../protocol/test/MultiBackendFactoryTest.cpp | 4 +--- fizz/record/Types.cpp | 6 ------ fizz/record/Types.h | 19 ------------------- fizz/util/Parse-inl.h | 4 +--- 5 files changed, 2 insertions(+), 39 deletions(-) diff --git a/fizz/protocol/MultiBackendFactory.cpp b/fizz/protocol/MultiBackendFactory.cpp index a35dd075b54..3a413fe38f3 100644 --- a/fizz/protocol/MultiBackendFactory.cpp +++ b/fizz/protocol/MultiBackendFactory.cpp @@ -47,10 +47,6 @@ std::unique_ptr MultiBackendFactory::makeKeyExchange( return std::make_unique( fizz::liboqs::makeKeyExchange(role), fizz::libsodium::makeKeyExchange()); - case NamedGroup::secp256r1_kyber512: - return std::make_unique( - fizz::openssl::makeKeyExchange(), - fizz::liboqs::makeKeyExchange(role)); case NamedGroup::kyber512: return fizz::liboqs::makeKeyExchange(role); case NamedGroup::x25519_kyber768_draft00: @@ -62,10 +58,6 @@ std::unique_ptr MultiBackendFactory::makeKeyExchange( return std::make_unique( fizz::openssl::makeKeyExchange(), fizz::liboqs::makeKeyExchange(role)); - case NamedGroup::secp384r1_kyber768: - return std::make_unique( - fizz::openssl::makeKeyExchange(), - fizz::liboqs::makeKeyExchange(role)); #endif default: throw std::runtime_error("ke: not implemented"); diff --git a/fizz/protocol/test/MultiBackendFactoryTest.cpp b/fizz/protocol/test/MultiBackendFactoryTest.cpp index 045e9efea4f..8a983673edc 100644 --- a/fizz/protocol/test/MultiBackendFactoryTest.cpp +++ b/fizz/protocol/test/MultiBackendFactoryTest.cpp @@ -43,15 +43,13 @@ INSTANTIATE_TEST_SUITE_P( #if FIZZ_HAVE_OQS , NamedGroup::x25519_kyber512, - NamedGroup::secp256r1_kyber512, NamedGroup::kyber512, NamedGroup::x25519_kyber768_draft00, NamedGroup::x25519_kyber768_experimental, NamedGroup::x25519_kyber512_experimental, NamedGroup::X25519MLKEM512_FB, NamedGroup::X25519MLKEM768, - NamedGroup::secp256r1_kyber768_draft00, - NamedGroup::secp384r1_kyber768 + NamedGroup::secp256r1_kyber768_draft00 #endif ), [](const testing::TestParamInfo< diff --git a/fizz/record/Types.cpp b/fizz/record/Types.cpp index 25b6030086e..9a54c3c83cc 100644 --- a/fizz/record/Types.cpp +++ b/fizz/record/Types.cpp @@ -275,12 +275,8 @@ std::string toString(NamedGroup group) { return "X25519MLKEM512_FB"; case NamedGroup::X25519MLKEM768: return "X25519MLKEM768"; - case NamedGroup::secp521r1_x25519: - return "secp521r1_x25519"; case NamedGroup::x25519_kyber512: return "x25519_kyber512"; - case NamedGroup::secp256r1_kyber512: - return "secp256r1_kyber512"; case NamedGroup::kyber512: return "kyber512"; case NamedGroup::x25519_kyber768_draft00: @@ -291,8 +287,6 @@ std::string toString(NamedGroup group) { return "x25519_kyber512_experimental"; case NamedGroup::secp256r1_kyber768_draft00: return "secp256r1_kyber768_draft00"; - case NamedGroup::secp384r1_kyber768: - return "secp384r1_kyber768"; } return enumToHex(group); } diff --git a/fizz/record/Types.h b/fizz/record/Types.h index d50b2448747..f9ac17185cd 100644 --- a/fizz/record/Types.h +++ b/fizz/record/Types.h @@ -364,13 +364,6 @@ enum class NamedGroup : uint16_t { x25519_kyber768_experimental = 65024, x25519_kyber512_experimental = 65025, - /** - * Hybrid of secp521r1 and x25519. TLS Supported Group 510 is reserved for - * private use, see - * https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 - */ - secp521r1_x25519 = 510, - // Standardized algorithms. See // https://datatracker.ietf.org/doc/html/draft-ietf-tls-hybrid-design-05#section-5 @@ -380,23 +373,11 @@ enum class NamedGroup : uint16_t { */ x25519_kyber512 = 12089, - /** - * Experimental ID, see - * https://github.com/aws/s2n-tls/blob/main/tls/s2n_tls_parameters.h#L70 - */ - secp256r1_kyber512 = 12090, - /** * Performance test only. Purely relying on unverified post-quantum crypto may * cause security flaws. */ kyber512 = 511, - - /** - * Experimental ID, see - * https://github.com/open-quantum-safe/boringssl/blob/master/include/openssl/ssl.h#L2410 - */ - secp384r1_kyber768 = 12092, }; std::string toString(NamedGroup); diff --git a/fizz/util/Parse-inl.h b/fizz/util/Parse-inl.h index 07a49cdeee8..84d2cb6d3eb 100644 --- a/fizz/util/Parse-inl.h +++ b/fizz/util/Parse-inl.h @@ -59,7 +59,6 @@ inline NamedGroup parse(folly::StringPiece s) { {"secp521r1", NamedGroup::secp521r1}, {"x25519", NamedGroup::x25519}, {"x25519_kyber512", NamedGroup::x25519_kyber512}, - {"secp256r1_kyber512", NamedGroup::secp256r1_kyber512}, {"x25519_kyber768_draft00", NamedGroup::x25519_kyber768_draft00}, {"x25519_kyber768_experimental", NamedGroup::x25519_kyber768_experimental}, @@ -67,8 +66,7 @@ inline NamedGroup parse(folly::StringPiece s) { NamedGroup::x25519_kyber512_experimental}, {"X25519MLKEM512_FB", NamedGroup::X25519MLKEM512_FB}, {"X25519MLKEM768", NamedGroup::X25519MLKEM768}, - {"secp256r1_kyber768_draft00", NamedGroup::secp256r1_kyber768_draft00}, - {"secp384r1_kyber768", NamedGroup::secp384r1_kyber768}}; + {"secp256r1_kyber768_draft00", NamedGroup::secp256r1_kyber768_draft00}}; auto location = stringToGroups.find(s); if (location != stringToGroups.end()) {