From 374f26832cc975fdddaab468d27032049a7f74c8 Mon Sep 17 00:00:00 2001 From: Raytonne <86047362+Raytonne@users.noreply.github.com> Date: Thu, 21 Mar 2024 01:26:30 -0500 Subject: [PATCH] 2024 March Chromium update [skip ci] (#268) * 2024 March Chromium update Update Chromium patch and build instructions: liboqs: 890a6aa448598a019e72b5431d8ba8e0a5dbcc85 boringssl: c0a0bb4d1243952819b983129c546f9ae1c03008 Chromium: 124.0.6339.0 Co-authored-by: pi-314159 <74706004+pi-314159@users.noreply.github.com> Signed-off-by: Raytonne <86047362+Raytonne@users.noreply.github.com> --- chromium/README-Linux.md | 15 +- chromium/README-Windows.md | 27 +- chromium/README.md | 2 +- chromium/oqs-Linux.patch | 208 ++++++++++++++++ chromium/oqs-Windows.patch | 208 ++++++++++++++++ chromium/oqs-changes.patch | 498 ------------------------------------- 6 files changed, 432 insertions(+), 526 deletions(-) create mode 100644 chromium/oqs-Linux.patch create mode 100644 chromium/oqs-Windows.patch delete mode 100644 chromium/oqs-changes.patch diff --git a/chromium/README-Linux.md b/chromium/README-Linux.md index 3aa0befc..7ab9e5a9 100644 --- a/chromium/README-Linux.md +++ b/chromium/README-Linux.md @@ -8,7 +8,7 @@ The rest of the instructions will use **$CHROMIUM_ROOT** to refer to the root di ```shellscript cd $CHROMIUM_ROOT -git checkout tags/117.0.5863.0 +git checkout tags/124.0.6339.0 gclient sync ``` @@ -20,7 +20,7 @@ gclient sync cd $CHROMIUM_ROOT/third_party/boringssl/src git remote add oqs-bssl https://github.com/open-quantum-safe/boringssl git fetch oqs-bssl -git checkout -b oqs-bssl-master 1ca41b49e9198f510991fb4f350b4a5fd4c1d5ff +git checkout -b oqs-bssl-master c0a0bb4d1243952819b983129c546f9ae1c03008 ``` ### 4. Clone and Build liboqs @@ -28,9 +28,9 @@ git checkout -b oqs-bssl-master 1ca41b49e9198f510991fb4f350b4a5fd4c1d5ff Choose a directory to store the liboqs source code and use the `cd` command to move to that directory. We will use ninja to build liboqs. ```shellscript -git clone https://github.com/open-quantum-safe/liboqs.git --branch 0.8.0 --single-branch +git clone https://github.com/open-quantum-safe/liboqs.git && git checkout 890a6aa448598a019e72b5431d8ba8e0a5dbcc85 cd liboqs && mkdir build && cd build -cmake .. -G"Ninja" -DCMAKE_INSTALL_PREFIX=$CHROMIUM_ROOT/third_party/boringssl/src/oqs -DOQS_USE_OPENSSL=OFF +cmake .. -G"Ninja" -DCMAKE_INSTALL_PREFIX=$CHROMIUM_ROOT/third_party/boringssl/src/oqs -DOQS_USE_OPENSSL=OFF -DCMAKE_BUILD_TYPE=Release ninja && ninja install ``` @@ -38,8 +38,8 @@ ninja && ninja install ```shellscript cd $CHROMIUM_ROOT -wget https://raw.githubusercontent.com/open-quantum-safe/oqs-demos/main/chromium/oqs-changes.patch -git apply oqs-changes.patch +wget https://raw.githubusercontent.com/open-quantum-safe/oqs-demos/main/chromium/oqs-Linux.patch +git apply oqs-Linux.patch ``` ### 6. Generate BoringSSL Build Files for Chromium @@ -70,5 +70,4 @@ If the build completes successfully, it will create _chrome_ in _$CHROMIUM_ROOT/ ### 8. Miscellaneous -- This guide is published on July 1, 2023, and may be outdated. -- A certificate chain that includes quantum-safe signatures can only be validated if it terminates with a root certificate that is in the [Chrome Root Store](https://chromium.googlesource.com/chromium/src/+/main/net/data/ssl/chrome_root_store/faq.md). +- This guide is published on March 8, 2024, and may be outdated. diff --git a/chromium/README-Windows.md b/chromium/README-Windows.md index d9f2e258..9fc21840 100644 --- a/chromium/README-Windows.md +++ b/chromium/README-Windows.md @@ -11,7 +11,7 @@ In Command Prompt, run following commands: ```bat cd %CHROMIUM_ROOT% -git checkout tags/117.0.5863.0 +git checkout tags/124.0.6339.0 gclient sync ``` @@ -25,7 +25,7 @@ In Command Prompt, run following commands: cd %CHROMIUM_ROOT%/third_party/boringssl/src git remote add oqs-bssl https://github.com/open-quantum-safe/boringssl git fetch oqs-bssl -git checkout -b oqs-bssl-master 1ca41b49e9198f510991fb4f350b4a5fd4c1d5ff +git checkout -b oqs-bssl-master c0a0bb4d1243952819b983129c546f9ae1c03008 ``` ### 4. Clone and Build liboqs @@ -34,29 +34,19 @@ Choose a directory to store the liboqs source code and use the `cd` command to m Start _x64 Native Tools Command Prompt for VS 2022_ (usually it's in _C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2022\Visual Studio Tools\VC_) and run following commands: ```bat -git clone https://github.com/open-quantum-safe/liboqs.git --branch 0.8.0 --single-branch +git clone https://github.com/open-quantum-safe/liboqs.git && git checkout 890a6aa448598a019e72b5431d8ba8e0a5dbcc85 cd liboqs && mkdir build && cd build -cmake .. -DCMAKE_INSTALL_PREFIX=%CHROMIUM_ROOT%/third_party/boringssl/src/oqs -DOQS_USE_OPENSSL=OFF +cmake .. -DCMAKE_INSTALL_PREFIX=%CHROMIUM_ROOT%/third_party/boringssl/src/oqs -DOQS_USE_OPENSSL=OFF -DCMAKE_BUILD_TYPE=Release msbuild ALL_BUILD.vcxproj msbuild INSTALL.vcxproj ``` ### 5. Enable Quantum-Safe Crypto -Download the [oqs-changes.patch](https://raw.githubusercontent.com/open-quantum-safe/oqs-demos/main/chromium/oqs-changes.patch) and save it at _%CHROMIUM_ROOT%_, then apply the patch by running +Download the [oqs-changes.patch](https://raw.githubusercontent.com/open-quantum-safe/oqs-demos/main/chromium/oqs-Windows.patch) and save it at _%CHROMIUM_ROOT%_, then apply the patch by running ```bat -git apply oqs-changes.patch -``` - -Open _%CHROMIUM_ROOT%/third_party/boringssl/BUILD.gn_ and find `libs = [ "//third_party/boringssl/src/oqs/lib/liboqs.a" ]`, then replace it with - -```diff -public = all_headers -friend = [ ":*" ] --libs = [ "//third_party/boringssl/src/oqs/lib/liboqs.a" ] -+libs = [ "//third_party/boringssl/src/oqs/lib/oqs.lib" ] -deps = [ "//third_party/boringssl/src/third_party/fiat:fiat_license" ] +git apply oqs-Windows.patch ``` ### 6. Generate BoringSSL Build Files for Chromium @@ -93,7 +83,6 @@ If the build completes successfully, it will create _chrome.exe_ in _%CHROMIUM_R ### 8. Miscellaneous -- BIKE key exchange will crash Chromium. -- This guide was initially published on July 1, 2023, and may be outdated. -- A certificate chain that includes quantum-safe signatures can only be validated if it terminates with a root certificate that is in the [Chrome Root Store](https://chromium.googlesource.com/chromium/src/+/main/net/data/ssl/chrome_root_store/faq.md). +- BIKE key exchange is not supported. +- This guide was initially published on March 8, 2024, and may be outdated. - These instructions have been tested on 64-bit Windows 10 Enterprise with Visual Studio 2022 Community, [Go 1.20.5](https://go.dev/dl/), and [ActiveState Perl 5.36](https://www.activestate.com/products/perl/). diff --git a/chromium/README.md b/chromium/README.md index 97cfd399..aa73b67e 100644 --- a/chromium/README.md +++ b/chromium/README.md @@ -1,6 +1,6 @@ This directory contains no longer fully maintained instructions and corresponding patches to build the Chromium web browser using the [OQS-BoringSSL fork](https://github.com/open-quantum-safe/boringssl), thereby enabling Chromium to use quantum-safe key exchange algorithms. -These instructions are specifically tailored for liboqs version `0.8.0` and Chromium version `117.0.5863.0`. It is important to note that using any other versions of liboqs or Chromium may result in failure. The instructions have been tested on Windows 10 and Ubuntu 22 LTS(x64) installations only. Additionally, they currently apply to a limited subset of quantum-safe key-exchanges, as detailed in the documentation [provided here](https://github.com/open-quantum-safe/boringssl#key-exchange). +These instructions are specifically tailored for liboqs commit `890a6aa448598a019e72b5431d8ba8e0a5dbcc85` and Chromium version `124.0.6339.0`. It is important to note that using any other versions of liboqs or Chromium may result in failure. The instructions have been tested on Windows 10 and Ubuntu 22 LTS(x64) installations only. Additionally, they currently apply to a limited subset of quantum-safe key-exchanges, as detailed in the documentation [provided here](https://github.com/open-quantum-safe/boringssl#key-exchange). Please be aware that this information is intended for individuals who acknowledge and accept these limitations. While we prioritize support for open source software, we are unable to dedicate the same level of support to the Chromium and BoringSSL PQ software stack as we have in the past. We encourage contributors to update the instructions and patch files for more recent versions of liboqs and Chromium. diff --git a/chromium/oqs-Linux.patch b/chromium/oqs-Linux.patch new file mode 100644 index 00000000..e2fb20e8 --- /dev/null +++ b/chromium/oqs-Linux.patch @@ -0,0 +1,208 @@ +diff --git a/net/base/features.cc b/net/base/features.cc +index 1ca71165d2..525cd9e9d5 100644 +--- a/net/base/features.cc ++++ b/net/base/features.cc +@@ -157,7 +157,7 @@ BASE_FEATURE(kPermuteTLSExtensions, + + BASE_FEATURE(kPostQuantumKyber, + "PostQuantumKyber", +- base::FEATURE_DISABLED_BY_DEFAULT); ++ base::FEATURE_ENABLED_BY_DEFAULT); + + BASE_FEATURE(kNetUnusedIdleSocketTimeout, + "NetUnusedIdleSocketTimeout", +diff --git a/net/cert/cert_verify_proc.cc b/net/cert/cert_verify_proc.cc +index 90383f320e..ce2e8cf245 100644 +--- a/net/cert/cert_verify_proc.cc ++++ b/net/cert/cert_verify_proc.cc +@@ -97,6 +97,16 @@ const char* CertTypeToString(X509Certificate::PublicKeyType cert_type) { + return "DH"; + case X509Certificate::kPublicKeyTypeECDH: + return "ECDH"; ++ case X509Certificate::kPublicKeyTypeDilithium: ++ return "Dilithium"; ++ case X509Certificate::kPublicKeyTypeFalcon: ++ return "Falcon"; ++ case X509Certificate::kPublicKeyTypeMLDSA: ++ return "ML-DSA"; ++ case X509Certificate::kPublicKeyTypeSPHINCSSHA2: ++ return "SPHINCSSHA2"; ++ case X509Certificate::kPublicKeyTypeSPHINCSSHAKE: ++ return "SPHINCSSHAKE"; + } + NOTREACHED(); + return "Unsupported"; +@@ -309,6 +319,26 @@ void RecordTrustAnchorHistogram(const HashValueVector& spki_hashes, + case bssl::SignatureAlgorithm::kRsaPssSha256: + case bssl::SignatureAlgorithm::kRsaPssSha384: + case bssl::SignatureAlgorithm::kRsaPssSha512: ++ case bssl::SignatureAlgorithm::kDilithium2: ++ case bssl::SignatureAlgorithm::kMldsa44: ++ case bssl::SignatureAlgorithm::kFalcon512: ++ case bssl::SignatureAlgorithm::kSphincssha2128fsimple: ++ case bssl::SignatureAlgorithm::kSphincssha2128ssimple: ++ case bssl::SignatureAlgorithm::kSphincsshake128fsimple: ++ case bssl::SignatureAlgorithm::kSphincsshake128ssimple: ++ case bssl::SignatureAlgorithm::kDilithium3: ++ case bssl::SignatureAlgorithm::kMldsa65: ++ case bssl::SignatureAlgorithm::kSphincssha2192fsimple: ++ case bssl::SignatureAlgorithm::kSphincssha2192ssimple: ++ case bssl::SignatureAlgorithm::kSphincsshake192fsimple: ++ case bssl::SignatureAlgorithm::kSphincsshake192ssimple: ++ case bssl::SignatureAlgorithm::kDilithium5: ++ case bssl::SignatureAlgorithm::kMldsa87: ++ case bssl::SignatureAlgorithm::kFalcon1024: ++ case bssl::SignatureAlgorithm::kSphincssha2256fsimple: ++ case bssl::SignatureAlgorithm::kSphincssha2256ssimple: ++ case bssl::SignatureAlgorithm::kSphincsshake256fsimple: ++ case bssl::SignatureAlgorithm::kSphincsshake256ssimple: + return true; + } + +diff --git a/net/cert/x509_certificate.cc b/net/cert/x509_certificate.cc +index f23121ac4a..9b213e3dcc 100644 +--- a/net/cert/x509_certificate.cc ++++ b/net/cert/x509_certificate.cc +@@ -644,6 +644,36 @@ void X509Certificate::GetPublicKeyInfo(const CRYPTO_BUFFER* cert_buffer, + case EVP_PKEY_DH: + *type = kPublicKeyTypeDH; + break; ++ case EVP_PKEY_DILITHIUM2: ++ case EVP_PKEY_DILITHIUM3: ++ case EVP_PKEY_DILITHIUM5: ++ *type = kPublicKeyTypeDilithium; ++ break; ++ case EVP_PKEY_FALCON512: ++ case EVP_PKEY_FALCON1024: ++ *type = kPublicKeyTypeFalcon; ++ break; ++ case EVP_PKEY_MLDSA44: ++ case EVP_PKEY_MLDSA65: ++ case EVP_PKEY_MLDSA87: ++ *type = kPublicKeyTypeMLDSA; ++ break; ++ case EVP_PKEY_SPHINCSSHA2128FSIMPLE: ++ case EVP_PKEY_SPHINCSSHA2128SSIMPLE: ++ case EVP_PKEY_SPHINCSSHA2192FSIMPLE: ++ case EVP_PKEY_SPHINCSSHA2192SSIMPLE: ++ case EVP_PKEY_SPHINCSSHA2256FSIMPLE: ++ case EVP_PKEY_SPHINCSSHA2256SSIMPLE: ++ *type = kPublicKeyTypeSPHINCSSHA2; ++ break; ++ case EVP_PKEY_SPHINCSSHAKE128FSIMPLE: ++ case EVP_PKEY_SPHINCSSHAKE128SSIMPLE: ++ case EVP_PKEY_SPHINCSSHAKE192FSIMPLE: ++ case EVP_PKEY_SPHINCSSHAKE192SSIMPLE: ++ case EVP_PKEY_SPHINCSSHAKE256FSIMPLE: ++ case EVP_PKEY_SPHINCSSHAKE256SSIMPLE: ++ *type = kPublicKeyTypeSPHINCSSHAKE; ++ break; + } + *size_bits = base::saturated_cast(EVP_PKEY_bits(pkey.get())); + } +diff --git a/net/cert/x509_certificate.h b/net/cert/x509_certificate.h +index ad138a534e..2749f29efe 100644 +--- a/net/cert/x509_certificate.h ++++ b/net/cert/x509_certificate.h +@@ -47,7 +47,12 @@ class NET_EXPORT X509Certificate + kPublicKeyTypeDSA, + kPublicKeyTypeECDSA, + kPublicKeyTypeDH, +- kPublicKeyTypeECDH ++ kPublicKeyTypeECDH, ++ kPublicKeyTypeDilithium, ++ kPublicKeyTypeFalcon, ++ kPublicKeyTypeMLDSA, ++ kPublicKeyTypeSPHINCSSHA2, ++ kPublicKeyTypeSPHINCSSHAKE + }; + + enum Format { +diff --git a/net/quic/quic_session_pool.cc b/net/quic/quic_session_pool.cc +index a7e1ecbe60..3ab2c9cff7 100644 +--- a/net/quic/quic_session_pool.cc ++++ b/net/quic/quic_session_pool.cc +@@ -347,7 +347,16 @@ QuicSessionPool::QuicCryptoClientConfigOwner::QuicCryptoClientConfigOwner( + base::Unretained(this))); + if (quic_session_pool_->ssl_config_service_->GetSSLContextConfig() + .PostQuantumKeyAgreementEnabled()) { +- config_.set_preferred_groups({SSL_GROUP_X25519_KYBER768_DRAFT00, ++ config_.set_preferred_groups({SSL_GROUP_KYBER512, SSL_GROUP_KYBER768, SSL_GROUP_KYBER1024, ++ SSL_GROUP_HQC128, SSL_GROUP_HQC192, SSL_GROUP_HQC256, ++ SSL_GROUP_MLKEM512, SSL_GROUP_MLKEM768, SSL_GROUP_MLKEM1024, ++ SSL_GROUP_FRODO640AES, SSL_GROUP_FRODO640SHAKE, SSL_GROUP_FRODO976AES, SSL_GROUP_FRODO976SHAKE, SSL_GROUP_FRODO1344AES, SSL_GROUP_FRODO1344SHAKE, ++ SSL_GROUP_X25519_KYBER512, SSL_GROUP_X25519_KYBER768_DRAFT00, SSL_GROUP_P256_KYBER512, SSL_GROUP_P384_KYBER768, SSL_GROUP_P521_KYBER1024, ++ SSL_GROUP_X25519_HQC128, SSL_GROUP_P256_HQC128, SSL_GROUP_P384_HQC192, SSL_GROUP_P521_HQC256, ++ SSL_GROUP_X25519_MLKEM512, SSL_GROUP_P256_MLKEM512, SSL_GROUP_P384_MLKEM768, SSL_GROUP_P521_MLKEM1024, ++ SSL_GROUP_X25519_FRODO640AES, SSL_GROUP_X25519_FRODO640SHAKE, SSL_GROUP_P256_FRODO640AES, SSL_GROUP_P256_FRODO640SHAKE, SSL_GROUP_P384_FRODO976AES, SSL_GROUP_P384_FRODO976SHAKE, SSL_GROUP_P521_FRODO1344AES, SSL_GROUP_P521_FRODO1344SHAKE, ++ SSL_GROUP_BIKEL1, SSL_GROUP_BIKEL3, ++ SSL_GROUP_X25519_BIKEL1, SSL_GROUP_P256_BIKEL1, SSL_GROUP_P384_BIKEL3, + SSL_GROUP_X25519, SSL_GROUP_SECP256R1, + SSL_GROUP_SECP384R1}); + } +diff --git a/net/socket/ssl_client_socket_impl.cc b/net/socket/ssl_client_socket_impl.cc +index 236de0c0bb..4595cccd30 100644 +--- a/net/socket/ssl_client_socket_impl.cc ++++ b/net/socket/ssl_client_socket_impl.cc +@@ -741,8 +741,17 @@ int SSLClientSocketImpl::Init() { + } + + if (context_->config().PostQuantumKeyAgreementEnabled()) { +- static const int kCurves[] = {NID_X25519Kyber768Draft00, NID_X25519, +- NID_X9_62_prime256v1, NID_secp384r1}; ++ static const int kCurves[] = {NID_kyber512, NID_kyber768, NID_kyber1024, ++ NID_hqc128, NID_hqc192, NID_hqc256, ++ NID_mlkem512, NID_mlkem768, NID_mlkem1024, ++ NID_x25519_kyber512, NID_X25519Kyber768Draft00, NID_p256_kyber512, NID_p384_kyber768, NID_p521_kyber1024, ++ NID_x25519_hqc128, NID_p256_hqc128, NID_p384_hqc192, NID_p521_hqc256, ++ NID_x25519_mlkem512, NID_p256_mlkem512, NID_p384_mlkem768, NID_p521_mlkem1024, ++ NID_frodo640aes, NID_frodo640shake, NID_frodo976aes, NID_frodo976shake, NID_frodo1344aes, NID_frodo1344shake, ++ NID_x25519_frodo640aes, NID_x25519_frodo640shake, NID_p256_frodo640aes, NID_p256_frodo640shake, NID_p384_frodo976aes, NID_p384_frodo976shake, NID_p521_frodo1344aes, NID_p521_frodo1344shake, ++ NID_bikel1, NID_bikel3, ++ NID_x25519_bikel1, NID_p256_bikel1, NID_p384_bikel3, ++ NID_X25519, NID_X9_62_prime256v1, NID_secp384r1}; + if (!SSL_set1_curves(ssl_.get(), kCurves, std::size(kCurves))) { + return ERR_UNEXPECTED; + } +@@ -842,6 +851,11 @@ int SSLClientSocketImpl::Init() { + SSL_SIGN_RSA_PKCS1_SHA256, SSL_SIGN_ECDSA_SECP384R1_SHA384, + SSL_SIGN_RSA_PSS_RSAE_SHA384, SSL_SIGN_RSA_PKCS1_SHA384, + SSL_SIGN_RSA_PSS_RSAE_SHA512, SSL_SIGN_RSA_PKCS1_SHA512, ++ SSL_SIGN_DILITHIUM2, SSL_SIGN_DILITHIUM3, SSL_SIGN_DILITHIUM5, ++ SSL_SIGN_FALCON512, SSL_SIGN_FALCON1024, ++ SSL_SIGN_MLDSA44, SSL_SIGN_MLDSA65, SSL_SIGN_MLDSA87, ++ SSL_SIGN_SPHINCSSHA2128FSIMPLE, SSL_SIGN_SPHINCSSHA2128SSIMPLE, SSL_SIGN_SPHINCSSHA2192FSIMPLE, SSL_SIGN_SPHINCSSHA2192SSIMPLE, SSL_SIGN_SPHINCSSHA2256FSIMPLE, SSL_SIGN_SPHINCSSHA2256SSIMPLE, ++ SSL_SIGN_SPHINCSSHAKE128FSIMPLE, SSL_SIGN_SPHINCSSHAKE128SSIMPLE, SSL_SIGN_SPHINCSSHAKE192FSIMPLE, SSL_SIGN_SPHINCSSHAKE192SSIMPLE, SSL_SIGN_SPHINCSSHAKE256FSIMPLE, SSL_SIGN_SPHINCSSHAKE256SSIMPLE, + }; + if (!SSL_set_verify_algorithm_prefs(ssl_.get(), kVerifyPrefs, + std::size(kVerifyPrefs))) { +diff --git a/third_party/boringssl/BUILD.gn b/third_party/boringssl/BUILD.gn +index 6a0e44685b..13e61a12ef 100644 +--- a/third_party/boringssl/BUILD.gn ++++ b/third_party/boringssl/BUILD.gn +@@ -18,7 +18,7 @@ if (enable_rust) { + + # Config for us and everybody else depending on BoringSSL. + config("external_config") { +- include_dirs = [ "src/include" ] ++ include_dirs = [ "src/include", "src/oqs/include" ] + if (is_component_build) { + defines = [ "BORINGSSL_SHARED_LIBRARY" ] + } +@@ -54,7 +54,7 @@ config("no_asm_config") { + # TODO(crbug.com/1496373): having the headers in all_sources is hacky and should + # be fixed. It is caused by issues with the fuzzer target. + all_sources = crypto_sources + ssl_sources + pki_sources + pki_internal_headers +-all_headers = crypto_headers + ssl_headers + pki_headers + pki_internal_headers ++all_headers = crypto_headers + ssl_headers + pki_headers + pki_internal_headers + oqs_headers + + if (enable_rust_boringssl) { + rust_bindgen("raw_bssl_sys_bindings") { +@@ -142,6 +142,7 @@ component("boringssl") { + sources = all_sources + public = all_headers + friend = [ ":*" ] ++ libs = [ "//third_party/boringssl/src/oqs/lib/liboqs.a" ] + deps = [ "//third_party/boringssl/src/third_party/fiat:fiat_license" ] + + # Mark boringssl_asm as a public dependency so the OPENSSL_NO_ASM diff --git a/chromium/oqs-Windows.patch b/chromium/oqs-Windows.patch new file mode 100644 index 00000000..b3127f04 --- /dev/null +++ b/chromium/oqs-Windows.patch @@ -0,0 +1,208 @@ +diff --git a/net/base/features.cc b/net/base/features.cc +index 1ca71165d2..525cd9e9d5 100644 +--- a/net/base/features.cc ++++ b/net/base/features.cc +@@ -157,7 +157,7 @@ BASE_FEATURE(kPermuteTLSExtensions, + + BASE_FEATURE(kPostQuantumKyber, + "PostQuantumKyber", +- base::FEATURE_DISABLED_BY_DEFAULT); ++ base::FEATURE_ENABLED_BY_DEFAULT); + + BASE_FEATURE(kNetUnusedIdleSocketTimeout, + "NetUnusedIdleSocketTimeout", +diff --git a/net/cert/cert_verify_proc.cc b/net/cert/cert_verify_proc.cc +index 90383f320e..ce2e8cf245 100644 +--- a/net/cert/cert_verify_proc.cc ++++ b/net/cert/cert_verify_proc.cc +@@ -97,6 +97,16 @@ const char* CertTypeToString(X509Certificate::PublicKeyType cert_type) { + return "DH"; + case X509Certificate::kPublicKeyTypeECDH: + return "ECDH"; ++ case X509Certificate::kPublicKeyTypeDilithium: ++ return "Dilithium"; ++ case X509Certificate::kPublicKeyTypeFalcon: ++ return "Falcon"; ++ case X509Certificate::kPublicKeyTypeMLDSA: ++ return "ML-DSA"; ++ case X509Certificate::kPublicKeyTypeSPHINCSSHA2: ++ return "SPHINCSSHA2"; ++ case X509Certificate::kPublicKeyTypeSPHINCSSHAKE: ++ return "SPHINCSSHAKE"; + } + NOTREACHED(); + return "Unsupported"; +@@ -309,6 +319,26 @@ void RecordTrustAnchorHistogram(const HashValueVector& spki_hashes, + case bssl::SignatureAlgorithm::kRsaPssSha256: + case bssl::SignatureAlgorithm::kRsaPssSha384: + case bssl::SignatureAlgorithm::kRsaPssSha512: ++ case bssl::SignatureAlgorithm::kDilithium2: ++ case bssl::SignatureAlgorithm::kMldsa44: ++ case bssl::SignatureAlgorithm::kFalcon512: ++ case bssl::SignatureAlgorithm::kSphincssha2128fsimple: ++ case bssl::SignatureAlgorithm::kSphincssha2128ssimple: ++ case bssl::SignatureAlgorithm::kSphincsshake128fsimple: ++ case bssl::SignatureAlgorithm::kSphincsshake128ssimple: ++ case bssl::SignatureAlgorithm::kDilithium3: ++ case bssl::SignatureAlgorithm::kMldsa65: ++ case bssl::SignatureAlgorithm::kSphincssha2192fsimple: ++ case bssl::SignatureAlgorithm::kSphincssha2192ssimple: ++ case bssl::SignatureAlgorithm::kSphincsshake192fsimple: ++ case bssl::SignatureAlgorithm::kSphincsshake192ssimple: ++ case bssl::SignatureAlgorithm::kDilithium5: ++ case bssl::SignatureAlgorithm::kMldsa87: ++ case bssl::SignatureAlgorithm::kFalcon1024: ++ case bssl::SignatureAlgorithm::kSphincssha2256fsimple: ++ case bssl::SignatureAlgorithm::kSphincssha2256ssimple: ++ case bssl::SignatureAlgorithm::kSphincsshake256fsimple: ++ case bssl::SignatureAlgorithm::kSphincsshake256ssimple: + return true; + } + +diff --git a/net/cert/x509_certificate.cc b/net/cert/x509_certificate.cc +index f23121ac4a..9b213e3dcc 100644 +--- a/net/cert/x509_certificate.cc ++++ b/net/cert/x509_certificate.cc +@@ -644,6 +644,36 @@ void X509Certificate::GetPublicKeyInfo(const CRYPTO_BUFFER* cert_buffer, + case EVP_PKEY_DH: + *type = kPublicKeyTypeDH; + break; ++ case EVP_PKEY_DILITHIUM2: ++ case EVP_PKEY_DILITHIUM3: ++ case EVP_PKEY_DILITHIUM5: ++ *type = kPublicKeyTypeDilithium; ++ break; ++ case EVP_PKEY_FALCON512: ++ case EVP_PKEY_FALCON1024: ++ *type = kPublicKeyTypeFalcon; ++ break; ++ case EVP_PKEY_MLDSA44: ++ case EVP_PKEY_MLDSA65: ++ case EVP_PKEY_MLDSA87: ++ *type = kPublicKeyTypeMLDSA; ++ break; ++ case EVP_PKEY_SPHINCSSHA2128FSIMPLE: ++ case EVP_PKEY_SPHINCSSHA2128SSIMPLE: ++ case EVP_PKEY_SPHINCSSHA2192FSIMPLE: ++ case EVP_PKEY_SPHINCSSHA2192SSIMPLE: ++ case EVP_PKEY_SPHINCSSHA2256FSIMPLE: ++ case EVP_PKEY_SPHINCSSHA2256SSIMPLE: ++ *type = kPublicKeyTypeSPHINCSSHA2; ++ break; ++ case EVP_PKEY_SPHINCSSHAKE128FSIMPLE: ++ case EVP_PKEY_SPHINCSSHAKE128SSIMPLE: ++ case EVP_PKEY_SPHINCSSHAKE192FSIMPLE: ++ case EVP_PKEY_SPHINCSSHAKE192SSIMPLE: ++ case EVP_PKEY_SPHINCSSHAKE256FSIMPLE: ++ case EVP_PKEY_SPHINCSSHAKE256SSIMPLE: ++ *type = kPublicKeyTypeSPHINCSSHAKE; ++ break; + } + *size_bits = base::saturated_cast(EVP_PKEY_bits(pkey.get())); + } +diff --git a/net/cert/x509_certificate.h b/net/cert/x509_certificate.h +index ad138a534e..2749f29efe 100644 +--- a/net/cert/x509_certificate.h ++++ b/net/cert/x509_certificate.h +@@ -47,7 +47,12 @@ class NET_EXPORT X509Certificate + kPublicKeyTypeDSA, + kPublicKeyTypeECDSA, + kPublicKeyTypeDH, +- kPublicKeyTypeECDH ++ kPublicKeyTypeECDH, ++ kPublicKeyTypeDilithium, ++ kPublicKeyTypeFalcon, ++ kPublicKeyTypeMLDSA, ++ kPublicKeyTypeSPHINCSSHA2, ++ kPublicKeyTypeSPHINCSSHAKE + }; + + enum Format { +diff --git a/net/quic/quic_session_pool.cc b/net/quic/quic_session_pool.cc +index a7e1ecbe60..b5b9cff194 100644 +--- a/net/quic/quic_session_pool.cc ++++ b/net/quic/quic_session_pool.cc +@@ -347,7 +347,16 @@ QuicSessionPool::QuicCryptoClientConfigOwner::QuicCryptoClientConfigOwner( + base::Unretained(this))); + if (quic_session_pool_->ssl_config_service_->GetSSLContextConfig() + .PostQuantumKeyAgreementEnabled()) { +- config_.set_preferred_groups({SSL_GROUP_X25519_KYBER768_DRAFT00, ++ config_.set_preferred_groups({SSL_GROUP_KYBER512, SSL_GROUP_KYBER768, SSL_GROUP_KYBER1024, ++ SSL_GROUP_HQC128, SSL_GROUP_HQC192, SSL_GROUP_HQC256, ++ SSL_GROUP_MLKEM512, SSL_GROUP_MLKEM768, SSL_GROUP_MLKEM1024, ++ SSL_GROUP_FRODO640AES, SSL_GROUP_FRODO640SHAKE, SSL_GROUP_FRODO976AES, SSL_GROUP_FRODO976SHAKE, SSL_GROUP_FRODO1344AES, SSL_GROUP_FRODO1344SHAKE, ++ SSL_GROUP_X25519_KYBER512, SSL_GROUP_X25519_KYBER768_DRAFT00, SSL_GROUP_P256_KYBER512, SSL_GROUP_P384_KYBER768, SSL_GROUP_P521_KYBER1024, ++ SSL_GROUP_X25519_HQC128, SSL_GROUP_P256_HQC128, SSL_GROUP_P384_HQC192, SSL_GROUP_P521_HQC256, ++ SSL_GROUP_X25519_MLKEM512, SSL_GROUP_P256_MLKEM512, SSL_GROUP_P384_MLKEM768, SSL_GROUP_P521_MLKEM1024, ++ SSL_GROUP_X25519_FRODO640AES, SSL_GROUP_X25519_FRODO640SHAKE, SSL_GROUP_P256_FRODO640AES, SSL_GROUP_P256_FRODO640SHAKE, SSL_GROUP_P384_FRODO976AES, SSL_GROUP_P384_FRODO976SHAKE, SSL_GROUP_P521_FRODO1344AES, SSL_GROUP_P521_FRODO1344SHAKE, ++// SSL_GROUP_BIKEL1, SSL_GROUP_BIKEL3, ++// SSL_GROUP_X25519_BIKEL1, SSL_GROUP_P256_BIKEL1, SSL_GROUP_P384_BIKEL3, + SSL_GROUP_X25519, SSL_GROUP_SECP256R1, + SSL_GROUP_SECP384R1}); + } +diff --git a/net/socket/ssl_client_socket_impl.cc b/net/socket/ssl_client_socket_impl.cc +index 236de0c0bb..86aa48126d 100644 +--- a/net/socket/ssl_client_socket_impl.cc ++++ b/net/socket/ssl_client_socket_impl.cc +@@ -741,8 +741,17 @@ int SSLClientSocketImpl::Init() { + } + + if (context_->config().PostQuantumKeyAgreementEnabled()) { +- static const int kCurves[] = {NID_X25519Kyber768Draft00, NID_X25519, +- NID_X9_62_prime256v1, NID_secp384r1}; ++ static const int kCurves[] = {NID_kyber512, NID_kyber768, NID_kyber1024, ++ NID_hqc128, NID_hqc192, NID_hqc256, ++ NID_mlkem512, NID_mlkem768, NID_mlkem1024, ++ NID_x25519_kyber512, NID_X25519Kyber768Draft00, NID_p256_kyber512, NID_p384_kyber768, NID_p521_kyber1024, ++ NID_x25519_hqc128, NID_p256_hqc128, NID_p384_hqc192, NID_p521_hqc256, ++ NID_x25519_mlkem512, NID_p256_mlkem512, NID_p384_mlkem768, NID_p521_mlkem1024, ++ NID_frodo640aes, NID_frodo640shake, NID_frodo976aes, NID_frodo976shake, NID_frodo1344aes, NID_frodo1344shake, ++ NID_x25519_frodo640aes, NID_x25519_frodo640shake, NID_p256_frodo640aes, NID_p256_frodo640shake, NID_p384_frodo976aes, NID_p384_frodo976shake, NID_p521_frodo1344aes, NID_p521_frodo1344shake, ++// NID_bikel1, NID_bikel3, ++// NID_x25519_bikel1, NID_p256_bikel1, NID_p384_bikel3, ++ NID_X25519, NID_X9_62_prime256v1, NID_secp384r1}; + if (!SSL_set1_curves(ssl_.get(), kCurves, std::size(kCurves))) { + return ERR_UNEXPECTED; + } +@@ -842,6 +851,11 @@ int SSLClientSocketImpl::Init() { + SSL_SIGN_RSA_PKCS1_SHA256, SSL_SIGN_ECDSA_SECP384R1_SHA384, + SSL_SIGN_RSA_PSS_RSAE_SHA384, SSL_SIGN_RSA_PKCS1_SHA384, + SSL_SIGN_RSA_PSS_RSAE_SHA512, SSL_SIGN_RSA_PKCS1_SHA512, ++ SSL_SIGN_DILITHIUM2, SSL_SIGN_DILITHIUM3, SSL_SIGN_DILITHIUM5, ++ SSL_SIGN_FALCON512, SSL_SIGN_FALCON1024, ++ SSL_SIGN_MLDSA44, SSL_SIGN_MLDSA65, SSL_SIGN_MLDSA87, ++ SSL_SIGN_SPHINCSSHA2128FSIMPLE, SSL_SIGN_SPHINCSSHA2128SSIMPLE, SSL_SIGN_SPHINCSSHA2192FSIMPLE, SSL_SIGN_SPHINCSSHA2192SSIMPLE, SSL_SIGN_SPHINCSSHA2256FSIMPLE, SSL_SIGN_SPHINCSSHA2256SSIMPLE, ++ SSL_SIGN_SPHINCSSHAKE128FSIMPLE, SSL_SIGN_SPHINCSSHAKE128SSIMPLE, SSL_SIGN_SPHINCSSHAKE192FSIMPLE, SSL_SIGN_SPHINCSSHAKE192SSIMPLE, SSL_SIGN_SPHINCSSHAKE256FSIMPLE, SSL_SIGN_SPHINCSSHAKE256SSIMPLE, + }; + if (!SSL_set_verify_algorithm_prefs(ssl_.get(), kVerifyPrefs, + std::size(kVerifyPrefs))) { +diff --git a/third_party/boringssl/BUILD.gn b/third_party/boringssl/BUILD.gn +index 6a0e44685b..b77469a067 100644 +--- a/third_party/boringssl/BUILD.gn ++++ b/third_party/boringssl/BUILD.gn +@@ -18,7 +18,7 @@ if (enable_rust) { + + # Config for us and everybody else depending on BoringSSL. + config("external_config") { +- include_dirs = [ "src/include" ] ++ include_dirs = [ "src/include", "src/oqs/include" ] + if (is_component_build) { + defines = [ "BORINGSSL_SHARED_LIBRARY" ] + } +@@ -54,7 +54,7 @@ config("no_asm_config") { + # TODO(crbug.com/1496373): having the headers in all_sources is hacky and should + # be fixed. It is caused by issues with the fuzzer target. + all_sources = crypto_sources + ssl_sources + pki_sources + pki_internal_headers +-all_headers = crypto_headers + ssl_headers + pki_headers + pki_internal_headers ++all_headers = crypto_headers + ssl_headers + pki_headers + pki_internal_headers + oqs_headers + + if (enable_rust_boringssl) { + rust_bindgen("raw_bssl_sys_bindings") { +@@ -142,6 +142,7 @@ component("boringssl") { + sources = all_sources + public = all_headers + friend = [ ":*" ] ++ libs = [ "//third_party/boringssl/src/oqs/lib/oqs.lib" ] + deps = [ "//third_party/boringssl/src/third_party/fiat:fiat_license" ] + + # Mark boringssl_asm as a public dependency so the OPENSSL_NO_ASM diff --git a/chromium/oqs-changes.patch b/chromium/oqs-changes.patch deleted file mode 100644 index 13348afc..00000000 --- a/chromium/oqs-changes.patch +++ /dev/null @@ -1,498 +0,0 @@ -diff --git a/net/base/features.cc b/net/base/features.cc -index d9fe52b201b33..008b2f7c34bc3 100644 ---- a/net/base/features.cc -+++ b/net/base/features.cc -@@ -137,7 +137,7 @@ BASE_FEATURE(kPermuteTLSExtensions, - - BASE_FEATURE(kPostQuantumKyber, - "PostQuantumKyber", -- base::FEATURE_DISABLED_BY_DEFAULT); -+ base::FEATURE_ENABLED_BY_DEFAULT); - - BASE_FEATURE(kNetUnusedIdleSocketTimeout, - "NetUnusedIdleSocketTimeout", -diff --git a/net/cert/cert_verify_proc.cc b/net/cert/cert_verify_proc.cc -index b1dab376aa8e6..71e2eaf75c29c 100644 ---- a/net/cert/cert_verify_proc.cc -+++ b/net/cert/cert_verify_proc.cc -@@ -96,6 +96,14 @@ const char* CertTypeToString(X509Certificate::PublicKeyType cert_type) { - return "DH"; - case X509Certificate::kPublicKeyTypeECDH: - return "ECDH"; -+ case X509Certificate::kPublicKeyTypeDilithium: -+ return "Dilithium"; -+ case X509Certificate::kPublicKeyTypeFalcon: -+ return "Falcon"; -+ case X509Certificate::kPublicKeyTypeSPHINCSSHA2: -+ return "SPHINCSSHA2"; -+ case X509Certificate::kPublicKeyTypeSPHINCSSHAKE: -+ return "SPHINCSSHAKE"; - } - NOTREACHED(); - return "Unsupported"; -@@ -308,6 +316,23 @@ void RecordTrustAnchorHistogram(const HashValueVector& spki_hashes, - case SignatureAlgorithm::kRsaPssSha256: - case SignatureAlgorithm::kRsaPssSha384: - case SignatureAlgorithm::kRsaPssSha512: -+ case SignatureAlgorithm::kDilithium2: -+ case SignatureAlgorithm::kDilithium3: -+ case SignatureAlgorithm::kDilithium5: -+ case SignatureAlgorithm::kFalcon512: -+ case SignatureAlgorithm::kFalcon1024: -+ case SignatureAlgorithm::kSPHINCSSHA2128fsimple: -+ case SignatureAlgorithm::kSPHINCSSHA2128ssimple: -+ case SignatureAlgorithm::kSPHINCSSHA2192fsimple: -+ case SignatureAlgorithm::kSPHINCSSHA2192ssimple: -+ case SignatureAlgorithm::kSPHINCSSHA2256fsimple: -+ case SignatureAlgorithm::kSPHINCSSHA2256ssimple: -+ case SignatureAlgorithm::kSPHINCSSHAKE128fsimple: -+ case SignatureAlgorithm::kSPHINCSSHAKE128ssimple: -+ case SignatureAlgorithm::kSPHINCSSHAKE192fsimple: -+ case SignatureAlgorithm::kSPHINCSSHAKE192ssimple: -+ case SignatureAlgorithm::kSPHINCSSHAKE256fsimple: -+ case SignatureAlgorithm::kSPHINCSSHAKE256ssimple: - return true; - } - -diff --git a/net/cert/pki/signature_algorithm.cc b/net/cert/pki/signature_algorithm.cc -index 90932f02f8bfe..99c3dac856ee9 100644 ---- a/net/cert/pki/signature_algorithm.cc -+++ b/net/cert/pki/signature_algorithm.cc -@@ -122,6 +122,24 @@ const uint8_t kOidRsaSsaPss[] = {0x2a, 0x86, 0x48, 0x86, 0xf7, - const uint8_t kOidMgf1[] = {0x2a, 0x86, 0x48, 0x86, 0xf7, - 0x0d, 0x01, 0x01, 0x08}; - -+const uint8_t kOidDilithium2[] = {0x2b, 0x06, 0x01, 0x04, 0x01, 0x02, 0x82, 0x0b, 0x07, 0x04, 0x04}; -+const uint8_t kOidDilithium3[] = {0x2b, 0x06, 0x01, 0x04, 0x01, 0x02, 0x82, 0x0b, 0x07, 0x06, 0x05}; -+const uint8_t kOidDilithium5[] = {0x2b, 0x06, 0x01, 0x04, 0x01, 0x02, 0x82, 0x0b, 0x07, 0x08, 0x07}; -+const uint8_t kOidFalcon512[] = {0x2b, 0xce, 0x0f, 0x03, 0x06}; -+const uint8_t kOidFalcon1024[] = {0x2b, 0xce, 0x0f, 0x03, 0x09}; -+const uint8_t kOidSPHINCSSHA2128fsimple[] = {0x2b, 0xce, 0x0f, 0x06, 0x04, 0x0d}; -+const uint8_t kOidSPHINCSSHA2128ssimple[] = {0x2b, 0xce, 0x0f, 0x06, 0x04, 0x10}; -+const uint8_t kOidSPHINCSSHA2192fsimple[] = {0x2b, 0xce, 0x0f, 0x06, 0x05, 0x0a}; -+const uint8_t kOidSPHINCSSHA2192ssimple[] = {0x2b, 0xce, 0x0f, 0x06, 0x05, 0x0c}; -+const uint8_t kOidSPHINCSSHA2256fsimple[] = {0x2b, 0xce, 0x0f, 0x06, 0x06, 0x0a}; -+const uint8_t kOidSPHINCSSHA2256ssimple[] = {0x2b, 0xce, 0x0f, 0x06, 0x06, 0x0c}; -+const uint8_t kOidSPHINCSSHAKE128fsimple[] = {0x2b, 0xce, 0x0f, 0x06, 0x07, 0x0d}; -+const uint8_t kOidSPHINCSSHAKE128ssimple[] = {0x2b, 0xce, 0x0f, 0x06, 0x07, 0x10}; -+const uint8_t kOidSPHINCSSHAKE192fsimple[] = {0x2b, 0xce, 0x0f, 0x06, 0x08, 0x0a}; -+const uint8_t kOidSPHINCSSHAKE192ssimple[] = {0x2b, 0xce, 0x0f, 0x06, 0x08, 0x0c}; -+const uint8_t kOidSPHINCSSHAKE256fsimple[] = {0x2b, 0xce, 0x0f, 0x06, 0x09, 0x0a}; -+const uint8_t kOidSPHINCSSHAKE256ssimple[] = {0x2b, 0xce, 0x0f, 0x06, 0x09, 0x0c}; -+ - // Returns true if |input| is empty. - [[nodiscard]] bool IsEmpty(const der::Input& input) { - return input.Length() == 0; -@@ -370,6 +388,57 @@ absl::optional ParseSignatureAlgorithm( - if (oid == der::Input(kOidEcdsaWithSha512) && IsEmpty(params)) { - return SignatureAlgorithm::kEcdsaSha512; - } -+ if (oid == der::Input(kOidDilithium2)) { -+ return SignatureAlgorithm::kDilithium2; -+ } -+ if (oid == der::Input(kOidDilithium3)) { -+ return SignatureAlgorithm::kDilithium3; -+ } -+ if (oid == der::Input(kOidDilithium5)) { -+ return SignatureAlgorithm::kDilithium5; -+ } -+ if (oid == der::Input(kOidFalcon512)) { -+ return SignatureAlgorithm::kFalcon512; -+ } -+ if (oid == der::Input(kOidFalcon1024)) { -+ return SignatureAlgorithm::kFalcon1024; -+ } -+ if (oid == der::Input(kOidSPHINCSSHA2128fsimple)) { -+ return SignatureAlgorithm::kSPHINCSSHA2128fsimple; -+ } -+ if (oid == der::Input(kOidSPHINCSSHA2128ssimple)) { -+ return SignatureAlgorithm::kSPHINCSSHA2128ssimple; -+ } -+ if (oid == der::Input(kOidSPHINCSSHA2192fsimple)) { -+ return SignatureAlgorithm::kSPHINCSSHA2192fsimple; -+ } -+ if (oid == der::Input(kOidSPHINCSSHA2192ssimple)) { -+ return SignatureAlgorithm::kSPHINCSSHA2192ssimple; -+ } -+ if (oid == der::Input(kOidSPHINCSSHA2256fsimple)) { -+ return SignatureAlgorithm::kSPHINCSSHA2256fsimple; -+ } -+ if (oid == der::Input(kOidSPHINCSSHA2256ssimple)) { -+ return SignatureAlgorithm::kSPHINCSSHA2256ssimple; -+ } -+ if (oid == der::Input(kOidSPHINCSSHAKE128fsimple)) { -+ return SignatureAlgorithm::kSPHINCSSHAKE128fsimple; -+ } -+ if (oid == der::Input(kOidSPHINCSSHAKE128ssimple)) { -+ return SignatureAlgorithm::kSPHINCSSHAKE128ssimple; -+ } -+ if (oid == der::Input(kOidSPHINCSSHAKE192fsimple)) { -+ return SignatureAlgorithm::kSPHINCSSHAKE192fsimple; -+ } -+ if (oid == der::Input(kOidSPHINCSSHAKE192ssimple)) { -+ return SignatureAlgorithm::kSPHINCSSHAKE192ssimple; -+ } -+ if (oid == der::Input(kOidSPHINCSSHAKE256fsimple)) { -+ return SignatureAlgorithm::kSPHINCSSHAKE256fsimple; -+ } -+ if (oid == der::Input(kOidSPHINCSSHAKE256ssimple)) { -+ return SignatureAlgorithm::kSPHINCSSHAKE256ssimple; -+ } - - if (oid == der::Input(kOidRsaSsaPss)) { - return ParseRsaPss(params); -@@ -394,14 +463,31 @@ absl::optional GetTlsServerEndpointDigestAlgorithm( - - case SignatureAlgorithm::kRsaPkcs1Sha256: - case SignatureAlgorithm::kEcdsaSha256: -+ case SignatureAlgorithm::kDilithium2: -+ case SignatureAlgorithm::kFalcon512: -+ case SignatureAlgorithm::kSPHINCSSHA2128fsimple: -+ case SignatureAlgorithm::kSPHINCSSHA2128ssimple: -+ case SignatureAlgorithm::kSPHINCSSHAKE128fsimple: -+ case SignatureAlgorithm::kSPHINCSSHAKE128ssimple: - return DigestAlgorithm::Sha256; - - case SignatureAlgorithm::kRsaPkcs1Sha384: - case SignatureAlgorithm::kEcdsaSha384: -+ case SignatureAlgorithm::kDilithium3: -+ case SignatureAlgorithm::kSPHINCSSHA2192fsimple: -+ case SignatureAlgorithm::kSPHINCSSHA2192ssimple: -+ case SignatureAlgorithm::kSPHINCSSHAKE192fsimple: -+ case SignatureAlgorithm::kSPHINCSSHAKE192ssimple: - return DigestAlgorithm::Sha384; - - case SignatureAlgorithm::kRsaPkcs1Sha512: - case SignatureAlgorithm::kEcdsaSha512: -+ case SignatureAlgorithm::kDilithium5: -+ case SignatureAlgorithm::kFalcon1024: -+ case SignatureAlgorithm::kSPHINCSSHA2256fsimple: -+ case SignatureAlgorithm::kSPHINCSSHA2256ssimple: -+ case SignatureAlgorithm::kSPHINCSSHAKE256fsimple: -+ case SignatureAlgorithm::kSPHINCSSHAKE256ssimple: - return DigestAlgorithm::Sha512; - - // It is ambiguous whether hash-matching RSASSA-PSS instantiations count as -diff --git a/net/cert/pki/signature_algorithm.h b/net/cert/pki/signature_algorithm.h -index 875d7a83c3cbd..0694878f8f596 100644 ---- a/net/cert/pki/signature_algorithm.h -+++ b/net/cert/pki/signature_algorithm.h -@@ -44,6 +44,23 @@ enum class SignatureAlgorithm { - kRsaPssSha256, - kRsaPssSha384, - kRsaPssSha512, -+ kDilithium2, -+ kDilithium3, -+ kDilithium5, -+ kFalcon512, -+ kFalcon1024, -+ kSPHINCSSHA2128fsimple, -+ kSPHINCSSHA2128ssimple, -+ kSPHINCSSHA2192fsimple, -+ kSPHINCSSHA2192ssimple, -+ kSPHINCSSHA2256fsimple, -+ kSPHINCSSHA2256ssimple, -+ kSPHINCSSHAKE128fsimple, -+ kSPHINCSSHAKE128ssimple, -+ kSPHINCSSHAKE192fsimple, -+ kSPHINCSSHAKE192ssimple, -+ kSPHINCSSHAKE256fsimple, -+ kSPHINCSSHAKE256ssimple, - }; - - // Parses AlgorithmIdentifier as defined by RFC 5280 section 4.1.1.2: -diff --git a/net/cert/pki/simple_path_builder_delegate.cc b/net/cert/pki/simple_path_builder_delegate.cc -index 83cd265ce78d6..97c2726b84edd 100644 ---- a/net/cert/pki/simple_path_builder_delegate.cc -+++ b/net/cert/pki/simple_path_builder_delegate.cc -@@ -29,6 +29,10 @@ DEFINE_CERT_ERROR_ID(kUnacceptableCurveForEcdsa, - "Only P-256, P-384, P-521 are supported for ECDSA"); - - bool IsAcceptableCurveForEcdsa(int curve_nid) { -+ if (IS_OQS_PKEY(curve_nid)) { -+ return true; -+ } -+ - switch (curve_nid) { - case NID_X9_62_prime256v1: - case NID_secp384r1: -@@ -78,6 +82,23 @@ bool SimplePathBuilderDelegate::IsSignatureAlgorithmAcceptable( - case SignatureAlgorithm::kRsaPssSha256: - case SignatureAlgorithm::kRsaPssSha384: - case SignatureAlgorithm::kRsaPssSha512: -+ case SignatureAlgorithm::kDilithium2: -+ case SignatureAlgorithm::kDilithium3: -+ case SignatureAlgorithm::kDilithium5: -+ case SignatureAlgorithm::kFalcon512: -+ case SignatureAlgorithm::kFalcon1024: -+ case SignatureAlgorithm::kSPHINCSSHA2128fsimple: -+ case SignatureAlgorithm::kSPHINCSSHA2128ssimple: -+ case SignatureAlgorithm::kSPHINCSSHA2192fsimple: -+ case SignatureAlgorithm::kSPHINCSSHA2192ssimple: -+ case SignatureAlgorithm::kSPHINCSSHA2256fsimple: -+ case SignatureAlgorithm::kSPHINCSSHA2256ssimple: -+ case SignatureAlgorithm::kSPHINCSSHAKE128fsimple: -+ case SignatureAlgorithm::kSPHINCSSHAKE128ssimple: -+ case SignatureAlgorithm::kSPHINCSSHAKE192fsimple: -+ case SignatureAlgorithm::kSPHINCSSHAKE192ssimple: -+ case SignatureAlgorithm::kSPHINCSSHAKE256fsimple: -+ case SignatureAlgorithm::kSPHINCSSHAKE256ssimple: - return true; - } - return false; -@@ -119,6 +140,10 @@ bool SimplePathBuilderDelegate::IsPublicKeyAcceptable(EVP_PKEY* public_key, - return true; - } - -+ if (IS_OQS_PKEY(pkey_id)) { -+ return true; -+ } -+ - // Unexpected key type. - return false; - } -diff --git a/net/cert/pki/verify_signed_data.cc b/net/cert/pki/verify_signed_data.cc -index 82acf9003525f..14e692e3726dd 100644 ---- a/net/cert/pki/verify_signed_data.cc -+++ b/net/cert/pki/verify_signed_data.cc -@@ -154,6 +154,74 @@ bool VerifySignedData(SignatureAlgorithm algorithm, - bool is_rsa_pss = false; - std::string_view cache_algorithm_name; - switch (algorithm) { -+ case SignatureAlgorithm::kDilithium2: -+ expected_pkey_id = EVP_PKEY_DILITHIUM2; -+ cache_algorithm_name = "Dilithium2"; -+ break; -+ case SignatureAlgorithm::kDilithium3: -+ expected_pkey_id = EVP_PKEY_DILITHIUM3; -+ cache_algorithm_name = "Dilithium3"; -+ break; -+ case SignatureAlgorithm::kDilithium5: -+ expected_pkey_id = EVP_PKEY_DILITHIUM5; -+ cache_algorithm_name = "Dilithium5"; -+ break; -+ case SignatureAlgorithm::kFalcon512: -+ expected_pkey_id = EVP_PKEY_FALCON512; -+ cache_algorithm_name = "Falcon512"; -+ break; -+ case SignatureAlgorithm::kFalcon1024: -+ expected_pkey_id = EVP_PKEY_FALCON1024; -+ cache_algorithm_name = "Falcon1024"; -+ break; -+ case SignatureAlgorithm::kSPHINCSSHA2128fsimple: -+ expected_pkey_id = EVP_PKEY_SPHINCSSHA2128FSIMPLE; -+ cache_algorithm_name = "SPHINCSSHA2128fsimple"; -+ break; -+ case SignatureAlgorithm::kSPHINCSSHA2128ssimple: -+ expected_pkey_id = EVP_PKEY_SPHINCSSHA2128SSIMPLE; -+ cache_algorithm_name = "SPHINCSSHA2128ssimple"; -+ break; -+ case SignatureAlgorithm::kSPHINCSSHA2192fsimple: -+ expected_pkey_id = EVP_PKEY_SPHINCSSHA2192FSIMPLE; -+ cache_algorithm_name = "SPHINCSSHA2192fsimple"; -+ break; -+ case SignatureAlgorithm::kSPHINCSSHA2192ssimple: -+ expected_pkey_id = EVP_PKEY_SPHINCSSHA2192SSIMPLE; -+ cache_algorithm_name = "SPHINCSSHA2192ssimple"; -+ break; -+ case SignatureAlgorithm::kSPHINCSSHA2256fsimple: -+ expected_pkey_id = EVP_PKEY_SPHINCSSHA2256FSIMPLE; -+ cache_algorithm_name = "SPHINCSSHA2256fsimple"; -+ break; -+ case SignatureAlgorithm::kSPHINCSSHA2256ssimple: -+ expected_pkey_id = EVP_PKEY_SPHINCSSHA2256SSIMPLE; -+ cache_algorithm_name = "SPHINCSSHA2256ssimple"; -+ break; -+ case SignatureAlgorithm::kSPHINCSSHAKE128fsimple: -+ expected_pkey_id = EVP_PKEY_SPHINCSSHAKE128FSIMPLE; -+ cache_algorithm_name = "SPHINCSSHAKE128fsimple"; -+ break; -+ case SignatureAlgorithm::kSPHINCSSHAKE128ssimple: -+ expected_pkey_id = EVP_PKEY_SPHINCSSHAKE128SSIMPLE; -+ cache_algorithm_name = "SPHINCSSHAKE128ssimple"; -+ break; -+ case SignatureAlgorithm::kSPHINCSSHAKE192fsimple: -+ expected_pkey_id = EVP_PKEY_SPHINCSSHAKE192FSIMPLE; -+ cache_algorithm_name = "SPHINCSSHAKE192fsimple"; -+ break; -+ case SignatureAlgorithm::kSPHINCSSHAKE192ssimple: -+ expected_pkey_id = EVP_PKEY_SPHINCSSHAKE192SSIMPLE; -+ cache_algorithm_name = "SPHINCSSHAKE192ssimple"; -+ break; -+ case SignatureAlgorithm::kSPHINCSSHAKE256fsimple: -+ expected_pkey_id = EVP_PKEY_SPHINCSSHAKE256FSIMPLE; -+ cache_algorithm_name = "SPHINCSSHAKE256fsimple"; -+ break; -+ case SignatureAlgorithm::kSPHINCSSHAKE256ssimple: -+ expected_pkey_id = EVP_PKEY_SPHINCSSHAKE256SSIMPLE; -+ cache_algorithm_name = "SPHINCSSHAKE256ssimple"; -+ break; - case SignatureAlgorithm::kRsaPkcs1Sha1: - expected_pkey_id = EVP_PKEY_RSA; - digest = EVP_sha1(); -@@ -241,6 +309,11 @@ bool VerifySignedData(SignatureAlgorithm algorithm, - } - } - -+ bool ret; -+ if (IS_OQS_PKEY(expected_pkey_id)) { -+ ret = oqs_verify_sig(public_key, signature_value_bytes.UnsafeData(), signature_value_bytes.Length(), signed_data.UnsafeData(), signed_data.Length()) ? true : false; -+ } else { -+ - crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); - - bssl::ScopedEVP_MD_CTX ctx; -@@ -264,9 +337,10 @@ bool VerifySignedData(SignatureAlgorithm algorithm, - return false; - } - -- bool ret = -+ ret = - 1 == EVP_DigestVerifyFinal(ctx.get(), signature_value_bytes.UnsafeData(), - signature_value_bytes.Length()); -+ } - if (!cache_key.empty()) { - cache->Store(cache_key, ret ? SignatureVerifyCache::Value::kValid - : SignatureVerifyCache::Value::kInvalid); -diff --git a/net/cert/x509_certificate.cc b/net/cert/x509_certificate.cc -index 05fb039c0dd09..eaeff8c5f4ed1 100644 ---- a/net/cert/x509_certificate.cc -+++ b/net/cert/x509_certificate.cc -@@ -647,6 +647,31 @@ void X509Certificate::GetPublicKeyInfo(const CRYPTO_BUFFER* cert_buffer, - case EVP_PKEY_DH: - *type = kPublicKeyTypeDH; - break; -+ case EVP_PKEY_DILITHIUM2: -+ case EVP_PKEY_DILITHIUM3: -+ case EVP_PKEY_DILITHIUM5: -+ *type = kPublicKeyTypeDilithium; -+ break; -+ case EVP_PKEY_FALCON512: -+ case EVP_PKEY_FALCON1024: -+ *type = kPublicKeyTypeFalcon; -+ break; -+ case EVP_PKEY_SPHINCSSHA2128FSIMPLE: -+ case EVP_PKEY_SPHINCSSHA2128SSIMPLE: -+ case EVP_PKEY_SPHINCSSHA2192FSIMPLE: -+ case EVP_PKEY_SPHINCSSHA2192SSIMPLE: -+ case EVP_PKEY_SPHINCSSHA2256FSIMPLE: -+ case EVP_PKEY_SPHINCSSHA2256SSIMPLE: -+ *type = kPublicKeyTypeSPHINCSSHA2; -+ break; -+ case EVP_PKEY_SPHINCSSHAKE128FSIMPLE: -+ case EVP_PKEY_SPHINCSSHAKE128SSIMPLE: -+ case EVP_PKEY_SPHINCSSHAKE192FSIMPLE: -+ case EVP_PKEY_SPHINCSSHAKE192SSIMPLE: -+ case EVP_PKEY_SPHINCSSHAKE256FSIMPLE: -+ case EVP_PKEY_SPHINCSSHAKE256SSIMPLE: -+ *type = kPublicKeyTypeSPHINCSSHAKE; -+ break; - } - *size_bits = base::saturated_cast(EVP_PKEY_bits(pkey.get())); - } -diff --git a/net/cert/x509_certificate.h b/net/cert/x509_certificate.h -index 5ef19cf89d691..7e6710c539961 100644 ---- a/net/cert/x509_certificate.h -+++ b/net/cert/x509_certificate.h -@@ -47,6 +47,10 @@ class NET_EXPORT X509Certificate - kPublicKeyTypeDSA, - kPublicKeyTypeECDSA, - kPublicKeyTypeDH, -+ kPublicKeyTypeDilithium, -+ kPublicKeyTypeFalcon, -+ kPublicKeyTypeSPHINCSSHA2, -+ kPublicKeyTypeSPHINCSSHAKE, - kPublicKeyTypeECDH - }; - -diff --git a/net/quic/quic_stream_factory.cc b/net/quic/quic_stream_factory.cc -index d7a1d98b8a3a0..7c72ae0d38d3a 100644 ---- a/net/quic/quic_stream_factory.cc -+++ b/net/quic/quic_stream_factory.cc -@@ -217,9 +217,19 @@ class QuicStreamFactory::QuicCryptoClientConfigOwner { - base::Unretained(this))); - if (quic_stream_factory_->ssl_config_service_->GetSSLContextConfig() - .PostQuantumKeyAgreementEnabled()) { -- config_.set_preferred_groups({SSL_GROUP_X25519_KYBER768_DRAFT00, -- SSL_GROUP_X25519, SSL_GROUP_SECP256R1, -+ config_.set_preferred_groups({SSL_GROUP_KYBER512, SSL_GROUP_KYBER768, SSL_GROUP_KYBER1024, -+ SSL_GROUP_HQC128, SSL_GROUP_HQC192, SSL_GROUP_HQC256, -+ SSL_GROUP_BIKEL1, SSL_GROUP_BIKEL3, -+ SSL_GROUP_FRODO640AES, SSL_GROUP_FRODO640SHAKE, SSL_GROUP_FRODO976AES, SSL_GROUP_FRODO976SHAKE, SSL_GROUP_FRODO1344AES, SSL_GROUP_FRODO1344SHAKE, -+ SSL_GROUP_X25519_KYBER768_DRAFT00, -+ SSL_GROUP_P256_KYBER512, SSL_GROUP_P384_KYBER768, SSL_GROUP_P521_KYBER1024, -+ SSL_GROUP_P256_HQC128, SSL_GROUP_P384_HQC192, SSL_GROUP_P521_HQC256, -+ SSL_GROUP_P256_BIKEL1, SSL_GROUP_P384_BIKEL3, -+ SSL_GROUP_P256_FRODO640AES, SSL_GROUP_P256_FRODO640SHAKE, SSL_GROUP_P384_FRODO976AES, SSL_GROUP_P384_FRODO976SHAKE, SSL_GROUP_P521_FRODO1344AES, SSL_GROUP_P521_FRODO1344SHAKE, -+ SSL_GROUP_X25519, SSL_GROUP_SECP256R1, - SSL_GROUP_SECP384R1}); -+ -+ - } - } - -diff --git a/net/socket/ssl_client_socket_impl.cc b/net/socket/ssl_client_socket_impl.cc -index 9aa3f2607292a..d065066b4fbb5 100644 ---- a/net/socket/ssl_client_socket_impl.cc -+++ b/net/socket/ssl_client_socket_impl.cc -@@ -746,8 +746,16 @@ int SSLClientSocketImpl::Init() { - } - - if (context_->config().PostQuantumKeyAgreementEnabled()) { -- static const int kCurves[] = {NID_X25519Kyber768Draft00, NID_X25519, -- NID_X9_62_prime256v1, NID_secp384r1}; -+ static const int kCurves[] = {NID_kyber512, NID_kyber768, NID_kyber1024, -+ NID_hqc128, NID_hqc192, NID_hqc256, -+ NID_bikel1, NID_bikel3, -+ NID_p256_kyber512, NID_p384_kyber768, NID_p521_kyber1024, -+ NID_p256_hqc128, NID_p384_hqc192, NID_p521_hqc256, -+ NID_p256_bikel1, NID_p384_bikel3, -+ NID_X25519Kyber768Draft00, NID_frodo640aes, NID_frodo640shake, NID_frodo976aes, NID_frodo976shake, NID_frodo1344aes, NID_frodo1344shake, -+ NID_p256_frodo640aes, NID_p256_frodo640shake, NID_p384_frodo976aes, NID_p384_frodo976shake, NID_p521_frodo1344aes, NID_p521_frodo1344shake, -+ NID_X25519, NID_X9_62_prime256v1, NID_secp384r1}; -+ - if (!SSL_set1_curves(ssl_.get(), kCurves, std::size(kCurves))) { - return ERR_UNEXPECTED; - } -@@ -847,6 +855,10 @@ int SSLClientSocketImpl::Init() { - SSL_SIGN_RSA_PKCS1_SHA256, SSL_SIGN_ECDSA_SECP384R1_SHA384, - SSL_SIGN_RSA_PSS_RSAE_SHA384, SSL_SIGN_RSA_PKCS1_SHA384, - SSL_SIGN_RSA_PSS_RSAE_SHA512, SSL_SIGN_RSA_PKCS1_SHA512, -+ SSL_SIGN_DILITHIUM2, SSL_SIGN_DILITHIUM3, SSL_SIGN_DILITHIUM5, -+ SSL_SIGN_FALCON512, SSL_SIGN_FALCON1024, -+ SSL_SIGN_SPHINCSSHA2128FSIMPLE, SSL_SIGN_SPHINCSSHA2128SSIMPLE, SSL_SIGN_SPHINCSSHA2192FSIMPLE, SSL_SIGN_SPHINCSSHA2192SSIMPLE, SSL_SIGN_SPHINCSSHA2256FSIMPLE, SSL_SIGN_SPHINCSSHA2256SSIMPLE, -+ SSL_SIGN_SPHINCSSHAKE128FSIMPLE, SSL_SIGN_SPHINCSSHAKE128SSIMPLE, SSL_SIGN_SPHINCSSHAKE192FSIMPLE, SSL_SIGN_SPHINCSSHAKE192SSIMPLE, SSL_SIGN_SPHINCSSHAKE256FSIMPLE, SSL_SIGN_SPHINCSSHAKE256SSIMPLE, - }; - if (!SSL_set_verify_algorithm_prefs(ssl_.get(), kVerifyPrefs, - std::size(kVerifyPrefs))) { -diff --git a/third_party/boringssl/BUILD.gn b/third_party/boringssl/BUILD.gn -index 6fb13437c6bcc..3f52ce76da21e 100644 ---- a/third_party/boringssl/BUILD.gn -+++ b/third_party/boringssl/BUILD.gn -@@ -18,7 +18,7 @@ if (enable_rust) { - - # Config for us and everybody else depending on BoringSSL. - config("external_config") { -- include_dirs = [ "src/include" ] -+ include_dirs = [ "src/include", "src/oqs/include" ] - if (is_component_build) { - defines = [ "BORINGSSL_SHARED_LIBRARY" ] - } -@@ -48,7 +48,8 @@ config("no_asm_config") { - } - - all_sources = crypto_sources + ssl_sources --all_headers = crypto_headers + ssl_headers -+all_headers = crypto_headers + ssl_headers + oqs_headers -+ - - if (enable_rust_boringssl) { - rust_bindgen("raw_bssl_sys_bindings") { -@@ -158,6 +159,7 @@ component("boringssl") { - sources = all_sources - public = all_headers - friend = [ ":*" ] -+ libs = [ "//third_party/boringssl/src/oqs/lib/liboqs.a" ] - deps = [ "//third_party/boringssl/src/third_party/fiat:fiat_license" ] - - # Mark boringssl_asm as a public dependency so the OPENSSL_NO_ASM