From 663cab893e8de78d0cad9650ff5806e46c80dc72 Mon Sep 17 00:00:00 2001 From: PI <74706004+pi-314159@users.noreply.github.com> Date: Thu, 10 Oct 2024 18:02:12 -0400 Subject: [PATCH] 2024 October Chromium update (#302) Signed-off-by: PI <74706004+pi-314159@users.noreply.github.com> --- chromium/README-Linux.md | 27 +- chromium/README-Windows.md | 32 +-- chromium/README.md | 2 +- chromium/USAGE.md | 2 +- chromium/oqs-Linux.patch | 249 ++++++++++++------- chromium/oqs-Windows.patch | 489 +++++++++++++++++++++---------------- 6 files changed, 464 insertions(+), 337 deletions(-) diff --git a/chromium/README-Linux.md b/chromium/README-Linux.md index 7ab9e5a9..8ab2662c 100644 --- a/chromium/README-Linux.md +++ b/chromium/README-Linux.md @@ -8,33 +8,31 @@ The rest of the instructions will use **$CHROMIUM_ROOT** to refer to the root di ```shellscript cd $CHROMIUM_ROOT -git checkout tags/124.0.6339.0 +git checkout tags/131.0.6767.0 gclient sync ``` -### 2. Install Go and Perl - -### 3. Switch to the OQS-BoringSSL +### 2. Switch to the OQS-BoringSSL ```shellscript cd $CHROMIUM_ROOT/third_party/boringssl/src git remote add oqs-bssl https://github.com/open-quantum-safe/boringssl git fetch oqs-bssl -git checkout -b oqs-bssl-master c0a0bb4d1243952819b983129c546f9ae1c03008 +git checkout -b oqs-bssl-master 0599bb559d3be76a98f0940d494411b6a8e0b18e ``` -### 4. Clone and Build liboqs +### 3. Clone and Build liboqs Choose a directory to store the liboqs source code and use the `cd` command to move to that directory. We will use ninja to build liboqs. ```shellscript -git clone https://github.com/open-quantum-safe/liboqs.git && git checkout 890a6aa448598a019e72b5431d8ba8e0a5dbcc85 +git clone https://github.com/open-quantum-safe/liboqs.git && git checkout 9aa2e1481cd0c242658ec8e92776741feabec163 cd liboqs && mkdir build && cd build cmake .. -G"Ninja" -DCMAKE_INSTALL_PREFIX=$CHROMIUM_ROOT/third_party/boringssl/src/oqs -DOQS_USE_OPENSSL=OFF -DCMAKE_BUILD_TYPE=Release ninja && ninja install ``` -### 5. Enable Quantum-Safe Crypto +### 4. Enable Quantum-Safe Crypto ```shellscript cd $CHROMIUM_ROOT @@ -42,14 +40,7 @@ wget https://raw.githubusercontent.com/open-quantum-safe/oqs-demos/main/chromium git apply oqs-Linux.patch ``` -### 6. Generate BoringSSL Build Files for Chromium - -```shellscript -cd $CHROMIUM_ROOT/third_party/boringssl -python src/util/generate_build_files.py gn -``` - -### 7. Build +### 5. Build ```shellscript cd $CHROMIUM_ROOT @@ -68,6 +59,6 @@ blink_symbol_level = 0 Save and close the configuration file. Last, run `autoninja -C out/Default chrome`.\ If the build completes successfully, it will create _chrome_ in _$CHROMIUM_ROOT/out/Default_. -### 8. Miscellaneous +### 6. Miscellaneous -- This guide is published on March 8, 2024, and may be outdated. +- This guide is published on October 10, 2024, and may be outdated. diff --git a/chromium/README-Windows.md b/chromium/README-Windows.md index 9fc21840..7a60eea7 100644 --- a/chromium/README-Windows.md +++ b/chromium/README-Windows.md @@ -11,13 +11,11 @@ In Command Prompt, run following commands: ```bat cd %CHROMIUM_ROOT% -git checkout tags/124.0.6339.0 +git checkout tags/131.0.6769.0 gclient sync ``` -### 2. Install Go and Perl - -### 3. Switch to the OQS-BoringSSL +### 2. Switch to the OQS-BoringSSL In Command Prompt, run following commands: @@ -25,40 +23,31 @@ In Command Prompt, run following commands: cd %CHROMIUM_ROOT%/third_party/boringssl/src git remote add oqs-bssl https://github.com/open-quantum-safe/boringssl git fetch oqs-bssl -git checkout -b oqs-bssl-master c0a0bb4d1243952819b983129c546f9ae1c03008 +git checkout -b oqs-bssl-master 0599bb559d3be76a98f0940d494411b6a8e0b18e ``` -### 4. Clone and Build liboqs +### 3. Clone and Build liboqs Choose a directory to store the liboqs source code and use the `cd` command to move to that directory. We will use msbuild instead of ninja to build liboqs.\ Start _x64 Native Tools Command Prompt for VS 2022_ (usually it's in _C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2022\Visual Studio Tools\VC_) and run following commands: ```bat -git clone https://github.com/open-quantum-safe/liboqs.git && git checkout 890a6aa448598a019e72b5431d8ba8e0a5dbcc85 +git clone https://github.com/open-quantum-safe/liboqs.git && git checkout 9aa2e1481cd0c242658ec8e92776741feabec163 cd liboqs && mkdir build && cd build cmake .. -DCMAKE_INSTALL_PREFIX=%CHROMIUM_ROOT%/third_party/boringssl/src/oqs -DOQS_USE_OPENSSL=OFF -DCMAKE_BUILD_TYPE=Release msbuild ALL_BUILD.vcxproj msbuild INSTALL.vcxproj ``` -### 5. Enable Quantum-Safe Crypto +### 4. Enable Quantum-Safe Crypto -Download the [oqs-changes.patch](https://raw.githubusercontent.com/open-quantum-safe/oqs-demos/main/chromium/oqs-Windows.patch) and save it at _%CHROMIUM_ROOT%_, then apply the patch by running +Download the [oqs-Windows.patch](https://raw.githubusercontent.com/open-quantum-safe/oqs-demos/main/chromium/oqs-Windows.patch) and save it at _%CHROMIUM_ROOT%_, then apply the patch by running ```bat git apply oqs-Windows.patch ``` -### 6. Generate BoringSSL Build Files for Chromium - -In Command Prompt, run following commands: - -```bat -cd %CHROMIUM_ROOT%/third_party/boringssl -python src/util/generate_build_files.py gn -``` - -### 7. Build +### 5. Build In Command Prompt, run following commands: @@ -81,8 +70,7 @@ target_os = "win" Save and close the configuration file. Last, run `autoninja -C out/Default chrome` in Command Prompt.\ If the build completes successfully, it will create _chrome.exe_ in _%CHROMIUM_ROOT%/out/Default_. -### 8. Miscellaneous +### 6. Miscellaneous - BIKE key exchange is not supported. -- This guide was initially published on March 8, 2024, and may be outdated. -- These instructions have been tested on 64-bit Windows 10 Enterprise with Visual Studio 2022 Community, [Go 1.20.5](https://go.dev/dl/), and [ActiveState Perl 5.36](https://www.activestate.com/products/perl/). +- This guide was initially published on October 10, 2024, and may be outdated. \ No newline at end of file diff --git a/chromium/README.md b/chromium/README.md index aa73b67e..7008ba3b 100644 --- a/chromium/README.md +++ b/chromium/README.md @@ -1,6 +1,6 @@ This directory contains no longer fully maintained instructions and corresponding patches to build the Chromium web browser using the [OQS-BoringSSL fork](https://github.com/open-quantum-safe/boringssl), thereby enabling Chromium to use quantum-safe key exchange algorithms. -These instructions are specifically tailored for liboqs commit `890a6aa448598a019e72b5431d8ba8e0a5dbcc85` and Chromium version `124.0.6339.0`. It is important to note that using any other versions of liboqs or Chromium may result in failure. The instructions have been tested on Windows 10 and Ubuntu 22 LTS(x64) installations only. Additionally, they currently apply to a limited subset of quantum-safe key-exchanges, as detailed in the documentation [provided here](https://github.com/open-quantum-safe/boringssl#key-exchange). +These instructions are specifically tailored for liboqs commit `9aa2e1481cd0c242658ec8e92776741feabec163` and Chromium version `131`. It is important to note that using any other versions of liboqs or Chromium may result in failure. The instructions have been tested on Windows 11 and Ubuntu 24.04 LTS installations only. Additionally, they currently apply to a limited subset of quantum-safe algorithms, as detailed in the documentation [provided here](https://github.com/open-quantum-safe/boringssl#key-exchange). Please be aware that this information is intended for individuals who acknowledge and accept these limitations. While we prioritize support for open source software, we are unable to dedicate the same level of support to the Chromium and BoringSSL PQ software stack as we have in the past. We encourage contributors to update the instructions and patch files for more recent versions of liboqs and Chromium. diff --git a/chromium/USAGE.md b/chromium/USAGE.md index bafb7c2b..5aea01aa 100644 --- a/chromium/USAGE.md +++ b/chromium/USAGE.md @@ -13,7 +13,7 @@ For the unwary user we *strongly* recommend to use a ready-build binary (for x64 3) Install the certificate in the Chromium certificate store by clicking on "..." in the upper right hand corner , then/-> "Preferences" -> "..." in upper left corner -> "Privacy and Security" -> "Security" -> "Certificate Management" -> "Certification Authorities" -> Import: Load the file "CA.crt" downloaded in step 2. 4) Return to the test server at [https://test.openquantumsafe.org](https://test.openquantumsafe.org) and click any of the supported ports representing all available quantum safe KEM and signature algorithms. A success message is returned if everything works as intended. -Please note that not all algorithm combinations are expected to work. Most notably, none of the X25519 or X448 KEM hybrids are supported by the [underlying integration of OQS-BoringSSL](https://github.com/open-quantum-safe/boringssl). +Please note that not all algorithm combinations are expected to work. Most notably, X448 KEM hybrids and composite signature algorithms are not supported by the [underlying integration of OQS-BoringSSL](https://github.com/open-quantum-safe/boringssl?tab=readme-ov-file#supported-algorithms). Please create a [discussion item](https://github.com/open-quantum-safe/boringssl/discussions/landing) if you feel some algorithm combination that does not work should do. diff --git a/chromium/oqs-Linux.patch b/chromium/oqs-Linux.patch index e2fb20e8..eb66a59e 100644 --- a/chromium/oqs-Linux.patch +++ b/chromium/oqs-Linux.patch @@ -1,24 +1,31 @@ -diff --git a/net/base/features.cc b/net/base/features.cc -index 1ca71165d2..525cd9e9d5 100644 ---- a/net/base/features.cc -+++ b/net/base/features.cc -@@ -157,7 +157,7 @@ BASE_FEATURE(kPermuteTLSExtensions, - - BASE_FEATURE(kPostQuantumKyber, - "PostQuantumKyber", -- base::FEATURE_DISABLED_BY_DEFAULT); -+ base::FEATURE_ENABLED_BY_DEFAULT); - - BASE_FEATURE(kNetUnusedIdleSocketTimeout, - "NetUnusedIdleSocketTimeout", diff --git a/net/cert/cert_verify_proc.cc b/net/cert/cert_verify_proc.cc -index 90383f320e..ce2e8cf245 100644 +index d3a3436e3d..d7e949a474 100644 --- a/net/cert/cert_verify_proc.cc +++ b/net/cert/cert_verify_proc.cc -@@ -97,6 +97,16 @@ const char* CertTypeToString(X509Certificate::PublicKeyType cert_type) { - return "DH"; - case X509Certificate::kPublicKeyTypeECDH: - return "ECDH"; +@@ -88,6 +88,19 @@ const int kRsaKeySizes[] = {512, 768, 1024, 1536, 2048, + // return P-224, P-256, P-384, or P-521, and the verifier will reject P-224. + const int kEcdsaKeySizes[] = {163, 192, 224, 233, 256, 283, 384, 409, 521, 571}; + ++template ++bool ArrayContains(C && c, T t) { ++ return std::find(std::begin(c), std::end(c), t) != std::end(c); ++} ++const X509Certificate::PublicKeyType OqsSigTypes[] = { ++ X509Certificate::kPublicKeyTypeDilithium, ++ X509Certificate::kPublicKeyTypeFalcon, ++ X509Certificate::kPublicKeyTypeMLDSA, ++ X509Certificate::kPublicKeyTypeSPHINCSSHA2, ++ X509Certificate::kPublicKeyTypeSPHINCSSHAKE, ++ X509Certificate::kPublicKeyTypeMAYO, ++ X509Certificate::kPublicKeyTypeCROSS}; ++ + const char* CertTypeToString(X509Certificate::PublicKeyType cert_type) { + switch (cert_type) { + case X509Certificate::kPublicKeyTypeUnknown: +@@ -96,6 +109,20 @@ const char* CertTypeToString(X509Certificate::PublicKeyType cert_type) { + return "RSA"; + case X509Certificate::kPublicKeyTypeECDSA: + return "ECDSA"; + case X509Certificate::kPublicKeyTypeDilithium: + return "Dilithium"; + case X509Certificate::kPublicKeyTypeFalcon: @@ -29,29 +36,71 @@ index 90383f320e..ce2e8cf245 100644 + return "SPHINCSSHA2"; + case X509Certificate::kPublicKeyTypeSPHINCSSHAKE: + return "SPHINCSSHAKE"; ++ case X509Certificate::kPublicKeyTypeMAYO: ++ return "MAYO"; ++ case X509Certificate::kPublicKeyTypeCROSS: ++ return "CROSS"; } NOTREACHED(); - return "Unsupported"; -@@ -309,6 +319,26 @@ void RecordTrustAnchorHistogram(const HashValueVector& spki_hashes, + } +@@ -128,6 +155,8 @@ void RecordPublicKeyHistogram(const char* chain_position, + base::CustomHistogram::ArrayToCustomEnumRanges(kRsaKeySizes), + base::HistogramBase::kUmaTargetedHistogramFlag); + break; ++ default: ++ break; + } + counter->Add(size_bits); + } +@@ -166,7 +195,7 @@ bool ExaminePublicKeys(const scoped_refptr& cert, + cert->valid_expiry() >= kBaselineKeysizeEffectiveDate; + + X509Certificate::GetPublicKeyInfo(cert->cert_buffer(), &size_bits, &type); +- if (should_histogram) { ++ if (!ArrayContains(OqsSigTypes, type) && should_histogram) { + RecordPublicKeyHistogram(kLeafCert, baseline_keysize_applies, size_bits, + type); + } +@@ -178,7 +207,7 @@ bool ExaminePublicKeys(const scoped_refptr& cert, + for (size_t i = 0; i < intermediates.size(); ++i) { + X509Certificate::GetPublicKeyInfo(intermediates[i].get(), &size_bits, + &type); +- if (should_histogram) { ++ if (!ArrayContains(OqsSigTypes, type) && should_histogram) { + RecordPublicKeyHistogram( + (i < intermediates.size() - 1) ? kIntermediateCert : kRootCert, + baseline_keysize_applies, +@@ -304,6 +333,37 @@ void RecordTrustAnchorHistogram(const HashValueVector& spki_hashes, case bssl::SignatureAlgorithm::kRsaPssSha256: case bssl::SignatureAlgorithm::kRsaPssSha384: case bssl::SignatureAlgorithm::kRsaPssSha512: ++ case bssl::SignatureAlgorithm::kCrossrsdp128balanced: ++ case bssl::SignatureAlgorithm::kMayo1: + case bssl::SignatureAlgorithm::kDilithium2: + case bssl::SignatureAlgorithm::kMldsa44: ++ case bssl::SignatureAlgorithm::kP256_mldsa44: + case bssl::SignatureAlgorithm::kFalcon512: ++ case bssl::SignatureAlgorithm::kRsa3072_falcon512: ++ case bssl::SignatureAlgorithm::kFalconpadded512: + case bssl::SignatureAlgorithm::kSphincssha2128fsimple: + case bssl::SignatureAlgorithm::kSphincssha2128ssimple: + case bssl::SignatureAlgorithm::kSphincsshake128fsimple: + case bssl::SignatureAlgorithm::kSphincsshake128ssimple: ++ case bssl::SignatureAlgorithm::kMayo2: ++ case bssl::SignatureAlgorithm::kMayo3: + case bssl::SignatureAlgorithm::kDilithium3: + case bssl::SignatureAlgorithm::kMldsa65: ++ case bssl::SignatureAlgorithm::kP384_mldsa65: + case bssl::SignatureAlgorithm::kSphincssha2192fsimple: + case bssl::SignatureAlgorithm::kSphincssha2192ssimple: + case bssl::SignatureAlgorithm::kSphincsshake192fsimple: + case bssl::SignatureAlgorithm::kSphincsshake192ssimple: ++ case bssl::SignatureAlgorithm::kMayo5: + case bssl::SignatureAlgorithm::kDilithium5: + case bssl::SignatureAlgorithm::kMldsa87: ++ case bssl::SignatureAlgorithm::kP521_mldsa87: + case bssl::SignatureAlgorithm::kFalcon1024: ++ case bssl::SignatureAlgorithm::kFalconpadded1024: + case bssl::SignatureAlgorithm::kSphincssha2256fsimple: + case bssl::SignatureAlgorithm::kSphincssha2256ssimple: + case bssl::SignatureAlgorithm::kSphincsshake256fsimple: @@ -60,26 +109,41 @@ index 90383f320e..ce2e8cf245 100644 } diff --git a/net/cert/x509_certificate.cc b/net/cert/x509_certificate.cc -index f23121ac4a..9b213e3dcc 100644 +index 8e33d78b27..2b3586f598 100644 --- a/net/cert/x509_certificate.cc +++ b/net/cert/x509_certificate.cc -@@ -644,6 +644,36 @@ void X509Certificate::GetPublicKeyInfo(const CRYPTO_BUFFER* cert_buffer, - case EVP_PKEY_DH: - *type = kPublicKeyTypeDH; +@@ -630,6 +630,51 @@ void X509Certificate::GetPublicKeyInfo(const CRYPTO_BUFFER* cert_buffer, + case EVP_PKEY_EC: + *type = kPublicKeyTypeECDSA; break; ++ case EVP_PKEY_MLDSA44: ++ case EVP_PKEY_P256_MLDSA44: ++ case EVP_PKEY_MLDSA65: ++ case EVP_PKEY_P384_MLDSA65: ++ case EVP_PKEY_MLDSA87: ++ case EVP_PKEY_P521_MLDSA87: ++ *type = kPublicKeyTypeMLDSA; ++ break; + case EVP_PKEY_DILITHIUM2: + case EVP_PKEY_DILITHIUM3: + case EVP_PKEY_DILITHIUM5: + *type = kPublicKeyTypeDilithium; + break; + case EVP_PKEY_FALCON512: ++ case EVP_PKEY_RSA3072_FALCON512: ++ case EVP_PKEY_FALCONPADDED512: + case EVP_PKEY_FALCON1024: ++ case EVP_PKEY_FALCONPADDED1024: + *type = kPublicKeyTypeFalcon; + break; -+ case EVP_PKEY_MLDSA44: -+ case EVP_PKEY_MLDSA65: -+ case EVP_PKEY_MLDSA87: -+ *type = kPublicKeyTypeMLDSA; ++ case EVP_PKEY_MAYO1: ++ case EVP_PKEY_MAYO2: ++ case EVP_PKEY_MAYO3: ++ case EVP_PKEY_MAYO5: ++ *type = kPublicKeyTypeMAYO; ++ break; ++ case EVP_PKEY_CROSSRSDP128BALANCED: ++ *type = kPublicKeyTypeCROSS; + break; + case EVP_PKEY_SPHINCSSHA2128FSIMPLE: + case EVP_PKEY_SPHINCSSHA2128SSIMPLE: @@ -101,15 +165,15 @@ index f23121ac4a..9b213e3dcc 100644 *size_bits = base::saturated_cast(EVP_PKEY_bits(pkey.get())); } diff --git a/net/cert/x509_certificate.h b/net/cert/x509_certificate.h -index ad138a534e..2749f29efe 100644 +index 60470fdd71..fd525c263d 100644 --- a/net/cert/x509_certificate.h +++ b/net/cert/x509_certificate.h -@@ -47,7 +47,12 @@ class NET_EXPORT X509Certificate - kPublicKeyTypeDSA, +@@ -45,6 +45,13 @@ class NET_EXPORT X509Certificate + kPublicKeyTypeUnknown, + kPublicKeyTypeRSA, kPublicKeyTypeECDSA, - kPublicKeyTypeDH, -- kPublicKeyTypeECDH -+ kPublicKeyTypeECDH, ++ kPublicKeyTypeMAYO, ++ kPublicKeyTypeCROSS, + kPublicKeyTypeDilithium, + kPublicKeyTypeFalcon, + kPublicKeyTypeMLDSA, @@ -119,68 +183,79 @@ index ad138a534e..2749f29efe 100644 enum Format { diff --git a/net/quic/quic_session_pool.cc b/net/quic/quic_session_pool.cc -index a7e1ecbe60..3ab2c9cff7 100644 +index 21ac1bd8a4..9457d58254 100644 --- a/net/quic/quic_session_pool.cc +++ b/net/quic/quic_session_pool.cc -@@ -347,7 +347,16 @@ QuicSessionPool::QuicCryptoClientConfigOwner::QuicCryptoClientConfigOwner( +@@ -425,12 +425,17 @@ QuicSessionPool::QuicCryptoClientConfigOwner::QuicCryptoClientConfigOwner( base::Unretained(this))); if (quic_session_pool_->ssl_config_service_->GetSSLContextConfig() .PostQuantumKeyAgreementEnabled()) { -- config_.set_preferred_groups({SSL_GROUP_X25519_KYBER768_DRAFT00, -+ config_.set_preferred_groups({SSL_GROUP_KYBER512, SSL_GROUP_KYBER768, SSL_GROUP_KYBER1024, -+ SSL_GROUP_HQC128, SSL_GROUP_HQC192, SSL_GROUP_HQC256, -+ SSL_GROUP_MLKEM512, SSL_GROUP_MLKEM768, SSL_GROUP_MLKEM1024, -+ SSL_GROUP_FRODO640AES, SSL_GROUP_FRODO640SHAKE, SSL_GROUP_FRODO976AES, SSL_GROUP_FRODO976SHAKE, SSL_GROUP_FRODO1344AES, SSL_GROUP_FRODO1344SHAKE, -+ SSL_GROUP_X25519_KYBER512, SSL_GROUP_X25519_KYBER768_DRAFT00, SSL_GROUP_P256_KYBER512, SSL_GROUP_P384_KYBER768, SSL_GROUP_P521_KYBER1024, -+ SSL_GROUP_X25519_HQC128, SSL_GROUP_P256_HQC128, SSL_GROUP_P384_HQC192, SSL_GROUP_P521_HQC256, -+ SSL_GROUP_X25519_MLKEM512, SSL_GROUP_P256_MLKEM512, SSL_GROUP_P384_MLKEM768, SSL_GROUP_P521_MLKEM1024, -+ SSL_GROUP_X25519_FRODO640AES, SSL_GROUP_X25519_FRODO640SHAKE, SSL_GROUP_P256_FRODO640AES, SSL_GROUP_P256_FRODO640SHAKE, SSL_GROUP_P384_FRODO976AES, SSL_GROUP_P384_FRODO976SHAKE, SSL_GROUP_P521_FRODO1344AES, SSL_GROUP_P521_FRODO1344SHAKE, -+ SSL_GROUP_BIKEL1, SSL_GROUP_BIKEL3, -+ SSL_GROUP_X25519_BIKEL1, SSL_GROUP_P256_BIKEL1, SSL_GROUP_P384_BIKEL3, - SSL_GROUP_X25519, SSL_GROUP_SECP256R1, - SSL_GROUP_SECP384R1}); +- uint16_t postquantum_group = +- base::FeatureList::IsEnabled(features::kUseMLKEM) +- ? SSL_GROUP_X25519_MLKEM768 +- : SSL_GROUP_X25519_KYBER768_DRAFT00; +- config_.set_preferred_groups({postquantum_group, SSL_GROUP_X25519, +- SSL_GROUP_SECP256R1, SSL_GROUP_SECP384R1}); ++ config_.set_preferred_groups({ ++ // We temporarily enable both X25519_MLKEM768 and X25519_Kyber768 ++ SSL_GROUP_X25519_MLKEM768, SSL_GROUP_X25519_KYBER768_DRAFT00, ++ SSL_GROUP_MLKEM512, SSL_GROUP_P256_MLKEM512, SSL_GROUP_X25519_MLKEM512, SSL_GROUP_MLKEM768, SSL_GROUP_P256_MLKEM768, SSL_GROUP_P384_MLKEM768, SSL_GROUP_MLKEM1024, SSL_GROUP_P384_MLKEM1024, SSL_GROUP_P521_MLKEM1024, ++ SSL_GROUP_FRODO640AES, SSL_GROUP_P256_FRODO640AES, SSL_GROUP_X25519_FRODO640AES, SSL_GROUP_FRODO976AES, SSL_GROUP_P384_FRODO976AES, SSL_GROUP_FRODO1344AES, SSL_GROUP_P521_FRODO1344AES, ++ SSL_GROUP_FRODO640SHAKE, SSL_GROUP_P256_FRODO640SHAKE, SSL_GROUP_X25519_FRODO640SHAKE, SSL_GROUP_FRODO976SHAKE, SSL_GROUP_P384_FRODO976SHAKE, SSL_GROUP_FRODO1344SHAKE, SSL_GROUP_P521_FRODO1344SHAKE, ++ SSL_GROUP_KYBER512, SSL_GROUP_P256_KYBER512, SSL_GROUP_X25519_KYBER512, SSL_GROUP_KYBER768, SSL_GROUP_P256_KYBER768, SSL_GROUP_P384_KYBER768, SSL_GROUP_KYBER1024, SSL_GROUP_P521_KYBER1024, ++ SSL_GROUP_BIKEL1, SSL_GROUP_P256_BIKEL1, SSL_GROUP_X25519_BIKEL1, SSL_GROUP_BIKEL3, SSL_GROUP_P384_BIKEL3, SSL_GROUP_BIKEL5, SSL_GROUP_P521_BIKEL5, ++ SSL_GROUP_HQC128, SSL_GROUP_P256_HQC128, SSL_GROUP_X25519_HQC128, SSL_GROUP_HQC192, SSL_GROUP_P384_HQC192, SSL_GROUP_HQC256, SSL_GROUP_P521_HQC256, ++ SSL_GROUP_X25519, SSL_GROUP_SECP256R1, SSL_GROUP_SECP384R1 ++ }); } + } + QuicSessionPool::QuicCryptoClientConfigOwner::~QuicCryptoClientConfigOwner() { diff --git a/net/socket/ssl_client_socket_impl.cc b/net/socket/ssl_client_socket_impl.cc -index 236de0c0bb..4595cccd30 100644 +index 786d1c08aa..b48563e758 100644 --- a/net/socket/ssl_client_socket_impl.cc +++ b/net/socket/ssl_client_socket_impl.cc -@@ -741,8 +741,17 @@ int SSLClientSocketImpl::Init() { +@@ -645,12 +645,16 @@ int SSLClientSocketImpl::Init() { } if (context_->config().PostQuantumKeyAgreementEnabled()) { -- static const int kCurves[] = {NID_X25519Kyber768Draft00, NID_X25519, -- NID_X9_62_prime256v1, NID_secp384r1}; -+ static const int kCurves[] = {NID_kyber512, NID_kyber768, NID_kyber1024, -+ NID_hqc128, NID_hqc192, NID_hqc256, -+ NID_mlkem512, NID_mlkem768, NID_mlkem1024, -+ NID_x25519_kyber512, NID_X25519Kyber768Draft00, NID_p256_kyber512, NID_p384_kyber768, NID_p521_kyber1024, -+ NID_x25519_hqc128, NID_p256_hqc128, NID_p384_hqc192, NID_p521_hqc256, -+ NID_x25519_mlkem512, NID_p256_mlkem512, NID_p384_mlkem768, NID_p521_mlkem1024, -+ NID_frodo640aes, NID_frodo640shake, NID_frodo976aes, NID_frodo976shake, NID_frodo1344aes, NID_frodo1344shake, -+ NID_x25519_frodo640aes, NID_x25519_frodo640shake, NID_p256_frodo640aes, NID_p256_frodo640shake, NID_p384_frodo976aes, NID_p384_frodo976shake, NID_p521_frodo1344aes, NID_p521_frodo1344shake, -+ NID_bikel1, NID_bikel3, -+ NID_x25519_bikel1, NID_p256_bikel1, NID_p384_bikel3, -+ NID_X25519, NID_X9_62_prime256v1, NID_secp384r1}; - if (!SSL_set1_curves(ssl_.get(), kCurves, std::size(kCurves))) { +- const uint16_t postquantum_group = +- base::FeatureList::IsEnabled(features::kUseMLKEM) +- ? SSL_GROUP_X25519_MLKEM768 +- : SSL_GROUP_X25519_KYBER768_DRAFT00; +- const uint16_t kGroups[] = {postquantum_group, SSL_GROUP_X25519, +- SSL_GROUP_SECP256R1, SSL_GROUP_SECP384R1}; ++ const uint16_t kGroups[] = { ++ // We temporarily enable both X25519_MLKEM768 and X25519_Kyber768 ++ SSL_GROUP_X25519_MLKEM768, SSL_GROUP_X25519_KYBER768_DRAFT00, ++ SSL_GROUP_MLKEM512, SSL_GROUP_P256_MLKEM512, SSL_GROUP_X25519_MLKEM512, SSL_GROUP_MLKEM768, SSL_GROUP_P256_MLKEM768, SSL_GROUP_P384_MLKEM768, SSL_GROUP_MLKEM1024, SSL_GROUP_P384_MLKEM1024, SSL_GROUP_P521_MLKEM1024, ++ SSL_GROUP_FRODO640AES, SSL_GROUP_P256_FRODO640AES, SSL_GROUP_X25519_FRODO640AES, SSL_GROUP_FRODO976AES, SSL_GROUP_P384_FRODO976AES, SSL_GROUP_FRODO1344AES, SSL_GROUP_P521_FRODO1344AES, ++ SSL_GROUP_FRODO640SHAKE, SSL_GROUP_P256_FRODO640SHAKE, SSL_GROUP_X25519_FRODO640SHAKE, SSL_GROUP_FRODO976SHAKE, SSL_GROUP_P384_FRODO976SHAKE, SSL_GROUP_FRODO1344SHAKE, SSL_GROUP_P521_FRODO1344SHAKE, ++ SSL_GROUP_KYBER512, SSL_GROUP_P256_KYBER512, SSL_GROUP_X25519_KYBER512, SSL_GROUP_KYBER768, SSL_GROUP_P256_KYBER768, SSL_GROUP_P384_KYBER768, SSL_GROUP_KYBER1024, SSL_GROUP_P521_KYBER1024, ++ SSL_GROUP_BIKEL1, SSL_GROUP_P256_BIKEL1, SSL_GROUP_X25519_BIKEL1, SSL_GROUP_BIKEL3, SSL_GROUP_P384_BIKEL3, SSL_GROUP_BIKEL5, SSL_GROUP_P521_BIKEL5, ++ SSL_GROUP_HQC128, SSL_GROUP_P256_HQC128, SSL_GROUP_X25519_HQC128, SSL_GROUP_HQC192, SSL_GROUP_P384_HQC192, SSL_GROUP_HQC256, SSL_GROUP_P521_HQC256, ++ SSL_GROUP_X25519, SSL_GROUP_SECP256R1, SSL_GROUP_SECP384R1}; + if (!SSL_set1_group_ids(ssl_.get(), kGroups, std::size(kGroups))) { return ERR_UNEXPECTED; } -@@ -842,6 +851,11 @@ int SSLClientSocketImpl::Init() { - SSL_SIGN_RSA_PKCS1_SHA256, SSL_SIGN_ECDSA_SECP384R1_SHA384, - SSL_SIGN_RSA_PSS_RSAE_SHA384, SSL_SIGN_RSA_PKCS1_SHA384, - SSL_SIGN_RSA_PSS_RSAE_SHA512, SSL_SIGN_RSA_PKCS1_SHA512, -+ SSL_SIGN_DILITHIUM2, SSL_SIGN_DILITHIUM3, SSL_SIGN_DILITHIUM5, -+ SSL_SIGN_FALCON512, SSL_SIGN_FALCON1024, -+ SSL_SIGN_MLDSA44, SSL_SIGN_MLDSA65, SSL_SIGN_MLDSA87, -+ SSL_SIGN_SPHINCSSHA2128FSIMPLE, SSL_SIGN_SPHINCSSHA2128SSIMPLE, SSL_SIGN_SPHINCSSHA2192FSIMPLE, SSL_SIGN_SPHINCSSHA2192SSIMPLE, SSL_SIGN_SPHINCSSHA2256FSIMPLE, SSL_SIGN_SPHINCSSHA2256SSIMPLE, -+ SSL_SIGN_SPHINCSSHAKE128FSIMPLE, SSL_SIGN_SPHINCSSHAKE128SSIMPLE, SSL_SIGN_SPHINCSSHAKE192FSIMPLE, SSL_SIGN_SPHINCSSHAKE192SSIMPLE, SSL_SIGN_SPHINCSSHAKE256FSIMPLE, SSL_SIGN_SPHINCSSHAKE256SSIMPLE, - }; - if (!SSL_set_verify_algorithm_prefs(ssl_.get(), kVerifyPrefs, - std::size(kVerifyPrefs))) { +@@ -752,6 +756,13 @@ int SSLClientSocketImpl::Init() { + SSL_SIGN_RSA_PKCS1_SHA256, SSL_SIGN_ECDSA_SECP384R1_SHA384, + SSL_SIGN_RSA_PSS_RSAE_SHA384, SSL_SIGN_RSA_PKCS1_SHA384, + SSL_SIGN_RSA_PSS_RSAE_SHA512, SSL_SIGN_RSA_PKCS1_SHA512, ++ SSL_SIGN_MLDSA44, SSL_SIGN_P256_MLDSA44, SSL_SIGN_MLDSA65, SSL_SIGN_P384_MLDSA65, SSL_SIGN_MLDSA87, SSL_SIGN_P521_MLDSA87, ++ SSL_SIGN_FALCON512, SSL_SIGN_RSA3072_FALCON512, SSL_SIGN_FALCONPADDED512, SSL_SIGN_FALCON1024, SSL_SIGN_FALCONPADDED1024, ++ SSL_SIGN_MAYO1, SSL_SIGN_MAYO2, SSL_SIGN_MAYO3, SSL_SIGN_MAYO5, ++ SSL_SIGN_SPHINCSSHA2128FSIMPLE, SSL_SIGN_SPHINCSSHA2128SSIMPLE, SSL_SIGN_SPHINCSSHA2192FSIMPLE, SSL_SIGN_SPHINCSSHA2192SSIMPLE, SSL_SIGN_SPHINCSSHA2256FSIMPLE, SSL_SIGN_SPHINCSSHA2256SSIMPLE, ++ SSL_SIGN_SPHINCSSHAKE128FSIMPLE, SSL_SIGN_SPHINCSSHAKE128SSIMPLE, SSL_SIGN_SPHINCSSHAKE192FSIMPLE, SSL_SIGN_SPHINCSSHAKE192SSIMPLE, SSL_SIGN_SPHINCSSHAKE256FSIMPLE, SSL_SIGN_SPHINCSSHAKE256SSIMPLE, ++ SSL_SIGN_CROSSRSDP128BALANCED, ++ SSL_SIGN_DILITHIUM2, SSL_SIGN_DILITHIUM3, SSL_SIGN_DILITHIUM5 + }; + if (!SSL_set_verify_algorithm_prefs(ssl_.get(), kVerifyPrefs, + std::size(kVerifyPrefs))) { diff --git a/third_party/boringssl/BUILD.gn b/third_party/boringssl/BUILD.gn -index 6a0e44685b..13e61a12ef 100644 +index 52e239f60f..7d550f8166 100644 --- a/third_party/boringssl/BUILD.gn +++ b/third_party/boringssl/BUILD.gn -@@ -18,7 +18,7 @@ if (enable_rust) { +@@ -17,7 +17,7 @@ if (enable_rust) { # Config for us and everybody else depending on BoringSSL. config("external_config") { @@ -189,18 +264,18 @@ index 6a0e44685b..13e61a12ef 100644 if (is_component_build) { defines = [ "BORINGSSL_SHARED_LIBRARY" ] } -@@ -54,7 +54,7 @@ config("no_asm_config") { - # TODO(crbug.com/1496373): having the headers in all_sources is hacky and should - # be fixed. It is caused by issues with the fuzzer target. - all_sources = crypto_sources + ssl_sources + pki_sources + pki_internal_headers +@@ -46,7 +46,7 @@ config("no_asm_config") { + # unexport pki_internal_headers. + all_sources = bcm_internal_headers + bcm_sources + crypto_internal_headers + + crypto_sources + ssl_internal_headers + ssl_sources + pki_sources -all_headers = crypto_headers + ssl_headers + pki_headers + pki_internal_headers +all_headers = crypto_headers + ssl_headers + pki_headers + pki_internal_headers + oqs_headers - if (enable_rust_boringssl) { + if (enable_rust) { rust_bindgen("raw_bssl_sys_bindings") { -@@ -142,6 +142,7 @@ component("boringssl") { - sources = all_sources - public = all_headers +@@ -145,6 +145,7 @@ component("boringssl") { + sources = rebase_path(all_sources, ".", "src") + public = rebase_path(all_headers, ".", "src") friend = [ ":*" ] + libs = [ "//third_party/boringssl/src/oqs/lib/liboqs.a" ] deps = [ "//third_party/boringssl/src/third_party/fiat:fiat_license" ] diff --git a/chromium/oqs-Windows.patch b/chromium/oqs-Windows.patch index b3127f04..98a9cec8 100644 --- a/chromium/oqs-Windows.patch +++ b/chromium/oqs-Windows.patch @@ -1,208 +1,281 @@ -diff --git a/net/base/features.cc b/net/base/features.cc -index 1ca71165d2..525cd9e9d5 100644 ---- a/net/base/features.cc -+++ b/net/base/features.cc -@@ -157,7 +157,7 @@ BASE_FEATURE(kPermuteTLSExtensions, - - BASE_FEATURE(kPostQuantumKyber, - "PostQuantumKyber", -- base::FEATURE_DISABLED_BY_DEFAULT); -+ base::FEATURE_ENABLED_BY_DEFAULT); - - BASE_FEATURE(kNetUnusedIdleSocketTimeout, - "NetUnusedIdleSocketTimeout", -diff --git a/net/cert/cert_verify_proc.cc b/net/cert/cert_verify_proc.cc -index 90383f320e..ce2e8cf245 100644 ---- a/net/cert/cert_verify_proc.cc -+++ b/net/cert/cert_verify_proc.cc -@@ -97,6 +97,16 @@ const char* CertTypeToString(X509Certificate::PublicKeyType cert_type) { - return "DH"; - case X509Certificate::kPublicKeyTypeECDH: - return "ECDH"; -+ case X509Certificate::kPublicKeyTypeDilithium: -+ return "Dilithium"; -+ case X509Certificate::kPublicKeyTypeFalcon: -+ return "Falcon"; -+ case X509Certificate::kPublicKeyTypeMLDSA: -+ return "ML-DSA"; -+ case X509Certificate::kPublicKeyTypeSPHINCSSHA2: -+ return "SPHINCSSHA2"; -+ case X509Certificate::kPublicKeyTypeSPHINCSSHAKE: -+ return "SPHINCSSHAKE"; - } - NOTREACHED(); - return "Unsupported"; -@@ -309,6 +319,26 @@ void RecordTrustAnchorHistogram(const HashValueVector& spki_hashes, - case bssl::SignatureAlgorithm::kRsaPssSha256: - case bssl::SignatureAlgorithm::kRsaPssSha384: - case bssl::SignatureAlgorithm::kRsaPssSha512: -+ case bssl::SignatureAlgorithm::kDilithium2: -+ case bssl::SignatureAlgorithm::kMldsa44: -+ case bssl::SignatureAlgorithm::kFalcon512: -+ case bssl::SignatureAlgorithm::kSphincssha2128fsimple: -+ case bssl::SignatureAlgorithm::kSphincssha2128ssimple: -+ case bssl::SignatureAlgorithm::kSphincsshake128fsimple: -+ case bssl::SignatureAlgorithm::kSphincsshake128ssimple: -+ case bssl::SignatureAlgorithm::kDilithium3: -+ case bssl::SignatureAlgorithm::kMldsa65: -+ case bssl::SignatureAlgorithm::kSphincssha2192fsimple: -+ case bssl::SignatureAlgorithm::kSphincssha2192ssimple: -+ case bssl::SignatureAlgorithm::kSphincsshake192fsimple: -+ case bssl::SignatureAlgorithm::kSphincsshake192ssimple: -+ case bssl::SignatureAlgorithm::kDilithium5: -+ case bssl::SignatureAlgorithm::kMldsa87: -+ case bssl::SignatureAlgorithm::kFalcon1024: -+ case bssl::SignatureAlgorithm::kSphincssha2256fsimple: -+ case bssl::SignatureAlgorithm::kSphincssha2256ssimple: -+ case bssl::SignatureAlgorithm::kSphincsshake256fsimple: -+ case bssl::SignatureAlgorithm::kSphincsshake256ssimple: - return true; - } - -diff --git a/net/cert/x509_certificate.cc b/net/cert/x509_certificate.cc -index f23121ac4a..9b213e3dcc 100644 ---- a/net/cert/x509_certificate.cc -+++ b/net/cert/x509_certificate.cc -@@ -644,6 +644,36 @@ void X509Certificate::GetPublicKeyInfo(const CRYPTO_BUFFER* cert_buffer, - case EVP_PKEY_DH: - *type = kPublicKeyTypeDH; - break; -+ case EVP_PKEY_DILITHIUM2: -+ case EVP_PKEY_DILITHIUM3: -+ case EVP_PKEY_DILITHIUM5: -+ *type = kPublicKeyTypeDilithium; -+ break; -+ case EVP_PKEY_FALCON512: -+ case EVP_PKEY_FALCON1024: -+ *type = kPublicKeyTypeFalcon; -+ break; -+ case EVP_PKEY_MLDSA44: -+ case EVP_PKEY_MLDSA65: -+ case EVP_PKEY_MLDSA87: -+ *type = kPublicKeyTypeMLDSA; -+ break; -+ case EVP_PKEY_SPHINCSSHA2128FSIMPLE: -+ case EVP_PKEY_SPHINCSSHA2128SSIMPLE: -+ case EVP_PKEY_SPHINCSSHA2192FSIMPLE: -+ case EVP_PKEY_SPHINCSSHA2192SSIMPLE: -+ case EVP_PKEY_SPHINCSSHA2256FSIMPLE: -+ case EVP_PKEY_SPHINCSSHA2256SSIMPLE: -+ *type = kPublicKeyTypeSPHINCSSHA2; -+ break; -+ case EVP_PKEY_SPHINCSSHAKE128FSIMPLE: -+ case EVP_PKEY_SPHINCSSHAKE128SSIMPLE: -+ case EVP_PKEY_SPHINCSSHAKE192FSIMPLE: -+ case EVP_PKEY_SPHINCSSHAKE192SSIMPLE: -+ case EVP_PKEY_SPHINCSSHAKE256FSIMPLE: -+ case EVP_PKEY_SPHINCSSHAKE256SSIMPLE: -+ *type = kPublicKeyTypeSPHINCSSHAKE; -+ break; - } - *size_bits = base::saturated_cast(EVP_PKEY_bits(pkey.get())); - } -diff --git a/net/cert/x509_certificate.h b/net/cert/x509_certificate.h -index ad138a534e..2749f29efe 100644 ---- a/net/cert/x509_certificate.h -+++ b/net/cert/x509_certificate.h -@@ -47,7 +47,12 @@ class NET_EXPORT X509Certificate - kPublicKeyTypeDSA, - kPublicKeyTypeECDSA, - kPublicKeyTypeDH, -- kPublicKeyTypeECDH -+ kPublicKeyTypeECDH, -+ kPublicKeyTypeDilithium, -+ kPublicKeyTypeFalcon, -+ kPublicKeyTypeMLDSA, -+ kPublicKeyTypeSPHINCSSHA2, -+ kPublicKeyTypeSPHINCSSHAKE - }; - - enum Format { -diff --git a/net/quic/quic_session_pool.cc b/net/quic/quic_session_pool.cc -index a7e1ecbe60..b5b9cff194 100644 ---- a/net/quic/quic_session_pool.cc -+++ b/net/quic/quic_session_pool.cc -@@ -347,7 +347,16 @@ QuicSessionPool::QuicCryptoClientConfigOwner::QuicCryptoClientConfigOwner( - base::Unretained(this))); - if (quic_session_pool_->ssl_config_service_->GetSSLContextConfig() - .PostQuantumKeyAgreementEnabled()) { -- config_.set_preferred_groups({SSL_GROUP_X25519_KYBER768_DRAFT00, -+ config_.set_preferred_groups({SSL_GROUP_KYBER512, SSL_GROUP_KYBER768, SSL_GROUP_KYBER1024, -+ SSL_GROUP_HQC128, SSL_GROUP_HQC192, SSL_GROUP_HQC256, -+ SSL_GROUP_MLKEM512, SSL_GROUP_MLKEM768, SSL_GROUP_MLKEM1024, -+ SSL_GROUP_FRODO640AES, SSL_GROUP_FRODO640SHAKE, SSL_GROUP_FRODO976AES, SSL_GROUP_FRODO976SHAKE, SSL_GROUP_FRODO1344AES, SSL_GROUP_FRODO1344SHAKE, -+ SSL_GROUP_X25519_KYBER512, SSL_GROUP_X25519_KYBER768_DRAFT00, SSL_GROUP_P256_KYBER512, SSL_GROUP_P384_KYBER768, SSL_GROUP_P521_KYBER1024, -+ SSL_GROUP_X25519_HQC128, SSL_GROUP_P256_HQC128, SSL_GROUP_P384_HQC192, SSL_GROUP_P521_HQC256, -+ SSL_GROUP_X25519_MLKEM512, SSL_GROUP_P256_MLKEM512, SSL_GROUP_P384_MLKEM768, SSL_GROUP_P521_MLKEM1024, -+ SSL_GROUP_X25519_FRODO640AES, SSL_GROUP_X25519_FRODO640SHAKE, SSL_GROUP_P256_FRODO640AES, SSL_GROUP_P256_FRODO640SHAKE, SSL_GROUP_P384_FRODO976AES, SSL_GROUP_P384_FRODO976SHAKE, SSL_GROUP_P521_FRODO1344AES, SSL_GROUP_P521_FRODO1344SHAKE, -+// SSL_GROUP_BIKEL1, SSL_GROUP_BIKEL3, -+// SSL_GROUP_X25519_BIKEL1, SSL_GROUP_P256_BIKEL1, SSL_GROUP_P384_BIKEL3, - SSL_GROUP_X25519, SSL_GROUP_SECP256R1, - SSL_GROUP_SECP384R1}); - } -diff --git a/net/socket/ssl_client_socket_impl.cc b/net/socket/ssl_client_socket_impl.cc -index 236de0c0bb..86aa48126d 100644 ---- a/net/socket/ssl_client_socket_impl.cc -+++ b/net/socket/ssl_client_socket_impl.cc -@@ -741,8 +741,17 @@ int SSLClientSocketImpl::Init() { - } - - if (context_->config().PostQuantumKeyAgreementEnabled()) { -- static const int kCurves[] = {NID_X25519Kyber768Draft00, NID_X25519, -- NID_X9_62_prime256v1, NID_secp384r1}; -+ static const int kCurves[] = {NID_kyber512, NID_kyber768, NID_kyber1024, -+ NID_hqc128, NID_hqc192, NID_hqc256, -+ NID_mlkem512, NID_mlkem768, NID_mlkem1024, -+ NID_x25519_kyber512, NID_X25519Kyber768Draft00, NID_p256_kyber512, NID_p384_kyber768, NID_p521_kyber1024, -+ NID_x25519_hqc128, NID_p256_hqc128, NID_p384_hqc192, NID_p521_hqc256, -+ NID_x25519_mlkem512, NID_p256_mlkem512, NID_p384_mlkem768, NID_p521_mlkem1024, -+ NID_frodo640aes, NID_frodo640shake, NID_frodo976aes, NID_frodo976shake, NID_frodo1344aes, NID_frodo1344shake, -+ NID_x25519_frodo640aes, NID_x25519_frodo640shake, NID_p256_frodo640aes, NID_p256_frodo640shake, NID_p384_frodo976aes, NID_p384_frodo976shake, NID_p521_frodo1344aes, NID_p521_frodo1344shake, -+// NID_bikel1, NID_bikel3, -+// NID_x25519_bikel1, NID_p256_bikel1, NID_p384_bikel3, -+ NID_X25519, NID_X9_62_prime256v1, NID_secp384r1}; - if (!SSL_set1_curves(ssl_.get(), kCurves, std::size(kCurves))) { - return ERR_UNEXPECTED; - } -@@ -842,6 +851,11 @@ int SSLClientSocketImpl::Init() { - SSL_SIGN_RSA_PKCS1_SHA256, SSL_SIGN_ECDSA_SECP384R1_SHA384, - SSL_SIGN_RSA_PSS_RSAE_SHA384, SSL_SIGN_RSA_PKCS1_SHA384, - SSL_SIGN_RSA_PSS_RSAE_SHA512, SSL_SIGN_RSA_PKCS1_SHA512, -+ SSL_SIGN_DILITHIUM2, SSL_SIGN_DILITHIUM3, SSL_SIGN_DILITHIUM5, -+ SSL_SIGN_FALCON512, SSL_SIGN_FALCON1024, -+ SSL_SIGN_MLDSA44, SSL_SIGN_MLDSA65, SSL_SIGN_MLDSA87, -+ SSL_SIGN_SPHINCSSHA2128FSIMPLE, SSL_SIGN_SPHINCSSHA2128SSIMPLE, SSL_SIGN_SPHINCSSHA2192FSIMPLE, SSL_SIGN_SPHINCSSHA2192SSIMPLE, SSL_SIGN_SPHINCSSHA2256FSIMPLE, SSL_SIGN_SPHINCSSHA2256SSIMPLE, -+ SSL_SIGN_SPHINCSSHAKE128FSIMPLE, SSL_SIGN_SPHINCSSHAKE128SSIMPLE, SSL_SIGN_SPHINCSSHAKE192FSIMPLE, SSL_SIGN_SPHINCSSHAKE192SSIMPLE, SSL_SIGN_SPHINCSSHAKE256FSIMPLE, SSL_SIGN_SPHINCSSHAKE256SSIMPLE, - }; - if (!SSL_set_verify_algorithm_prefs(ssl_.get(), kVerifyPrefs, - std::size(kVerifyPrefs))) { -diff --git a/third_party/boringssl/BUILD.gn b/third_party/boringssl/BUILD.gn -index 6a0e44685b..b77469a067 100644 ---- a/third_party/boringssl/BUILD.gn -+++ b/third_party/boringssl/BUILD.gn -@@ -18,7 +18,7 @@ if (enable_rust) { - - # Config for us and everybody else depending on BoringSSL. - config("external_config") { -- include_dirs = [ "src/include" ] -+ include_dirs = [ "src/include", "src/oqs/include" ] - if (is_component_build) { - defines = [ "BORINGSSL_SHARED_LIBRARY" ] - } -@@ -54,7 +54,7 @@ config("no_asm_config") { - # TODO(crbug.com/1496373): having the headers in all_sources is hacky and should - # be fixed. It is caused by issues with the fuzzer target. - all_sources = crypto_sources + ssl_sources + pki_sources + pki_internal_headers --all_headers = crypto_headers + ssl_headers + pki_headers + pki_internal_headers -+all_headers = crypto_headers + ssl_headers + pki_headers + pki_internal_headers + oqs_headers - - if (enable_rust_boringssl) { - rust_bindgen("raw_bssl_sys_bindings") { -@@ -142,6 +142,7 @@ component("boringssl") { - sources = all_sources - public = all_headers - friend = [ ":*" ] -+ libs = [ "//third_party/boringssl/src/oqs/lib/oqs.lib" ] - deps = [ "//third_party/boringssl/src/third_party/fiat:fiat_license" ] - - # Mark boringssl_asm as a public dependency so the OPENSSL_NO_ASM +diff --git a/net/cert/cert_verify_proc.cc b/net/cert/cert_verify_proc.cc +index d3a3436e3d..d7e949a474 100644 +--- a/net/cert/cert_verify_proc.cc ++++ b/net/cert/cert_verify_proc.cc +@@ -88,6 +88,19 @@ const int kRsaKeySizes[] = {512, 768, 1024, 1536, 2048, + // return P-224, P-256, P-384, or P-521, and the verifier will reject P-224. + const int kEcdsaKeySizes[] = {163, 192, 224, 233, 256, 283, 384, 409, 521, 571}; + ++template ++bool ArrayContains(C && c, T t) { ++ return std::find(std::begin(c), std::end(c), t) != std::end(c); ++} ++const X509Certificate::PublicKeyType OqsSigTypes[] = { ++ X509Certificate::kPublicKeyTypeDilithium, ++ X509Certificate::kPublicKeyTypeFalcon, ++ X509Certificate::kPublicKeyTypeMLDSA, ++ X509Certificate::kPublicKeyTypeSPHINCSSHA2, ++ X509Certificate::kPublicKeyTypeSPHINCSSHAKE, ++ X509Certificate::kPublicKeyTypeMAYO, ++ X509Certificate::kPublicKeyTypeCROSS}; ++ + const char* CertTypeToString(X509Certificate::PublicKeyType cert_type) { + switch (cert_type) { + case X509Certificate::kPublicKeyTypeUnknown: +@@ -96,6 +109,20 @@ const char* CertTypeToString(X509Certificate::PublicKeyType cert_type) { + return "RSA"; + case X509Certificate::kPublicKeyTypeECDSA: + return "ECDSA"; ++ case X509Certificate::kPublicKeyTypeDilithium: ++ return "Dilithium"; ++ case X509Certificate::kPublicKeyTypeFalcon: ++ return "Falcon"; ++ case X509Certificate::kPublicKeyTypeMLDSA: ++ return "ML-DSA"; ++ case X509Certificate::kPublicKeyTypeSPHINCSSHA2: ++ return "SPHINCSSHA2"; ++ case X509Certificate::kPublicKeyTypeSPHINCSSHAKE: ++ return "SPHINCSSHAKE"; ++ case X509Certificate::kPublicKeyTypeMAYO: ++ return "MAYO"; ++ case X509Certificate::kPublicKeyTypeCROSS: ++ return "CROSS"; + } + NOTREACHED(); + } +@@ -128,6 +155,8 @@ void RecordPublicKeyHistogram(const char* chain_position, + base::CustomHistogram::ArrayToCustomEnumRanges(kRsaKeySizes), + base::HistogramBase::kUmaTargetedHistogramFlag); + break; ++ default: ++ break; + } + counter->Add(size_bits); + } +@@ -166,7 +195,7 @@ bool ExaminePublicKeys(const scoped_refptr& cert, + cert->valid_expiry() >= kBaselineKeysizeEffectiveDate; + + X509Certificate::GetPublicKeyInfo(cert->cert_buffer(), &size_bits, &type); +- if (should_histogram) { ++ if (!ArrayContains(OqsSigTypes, type) && should_histogram) { + RecordPublicKeyHistogram(kLeafCert, baseline_keysize_applies, size_bits, + type); + } +@@ -178,7 +207,7 @@ bool ExaminePublicKeys(const scoped_refptr& cert, + for (size_t i = 0; i < intermediates.size(); ++i) { + X509Certificate::GetPublicKeyInfo(intermediates[i].get(), &size_bits, + &type); +- if (should_histogram) { ++ if (!ArrayContains(OqsSigTypes, type) && should_histogram) { + RecordPublicKeyHistogram( + (i < intermediates.size() - 1) ? kIntermediateCert : kRootCert, + baseline_keysize_applies, +@@ -304,6 +333,37 @@ void RecordTrustAnchorHistogram(const HashValueVector& spki_hashes, + case bssl::SignatureAlgorithm::kRsaPssSha256: + case bssl::SignatureAlgorithm::kRsaPssSha384: + case bssl::SignatureAlgorithm::kRsaPssSha512: ++ case bssl::SignatureAlgorithm::kCrossrsdp128balanced: ++ case bssl::SignatureAlgorithm::kMayo1: ++ case bssl::SignatureAlgorithm::kDilithium2: ++ case bssl::SignatureAlgorithm::kMldsa44: ++ case bssl::SignatureAlgorithm::kP256_mldsa44: ++ case bssl::SignatureAlgorithm::kFalcon512: ++ case bssl::SignatureAlgorithm::kRsa3072_falcon512: ++ case bssl::SignatureAlgorithm::kFalconpadded512: ++ case bssl::SignatureAlgorithm::kSphincssha2128fsimple: ++ case bssl::SignatureAlgorithm::kSphincssha2128ssimple: ++ case bssl::SignatureAlgorithm::kSphincsshake128fsimple: ++ case bssl::SignatureAlgorithm::kSphincsshake128ssimple: ++ case bssl::SignatureAlgorithm::kMayo2: ++ case bssl::SignatureAlgorithm::kMayo3: ++ case bssl::SignatureAlgorithm::kDilithium3: ++ case bssl::SignatureAlgorithm::kMldsa65: ++ case bssl::SignatureAlgorithm::kP384_mldsa65: ++ case bssl::SignatureAlgorithm::kSphincssha2192fsimple: ++ case bssl::SignatureAlgorithm::kSphincssha2192ssimple: ++ case bssl::SignatureAlgorithm::kSphincsshake192fsimple: ++ case bssl::SignatureAlgorithm::kSphincsshake192ssimple: ++ case bssl::SignatureAlgorithm::kMayo5: ++ case bssl::SignatureAlgorithm::kDilithium5: ++ case bssl::SignatureAlgorithm::kMldsa87: ++ case bssl::SignatureAlgorithm::kP521_mldsa87: ++ case bssl::SignatureAlgorithm::kFalcon1024: ++ case bssl::SignatureAlgorithm::kFalconpadded1024: ++ case bssl::SignatureAlgorithm::kSphincssha2256fsimple: ++ case bssl::SignatureAlgorithm::kSphincssha2256ssimple: ++ case bssl::SignatureAlgorithm::kSphincsshake256fsimple: ++ case bssl::SignatureAlgorithm::kSphincsshake256ssimple: + return true; + } + +diff --git a/net/cert/x509_certificate.cc b/net/cert/x509_certificate.cc +index 8e33d78b27..2b3586f598 100644 +--- a/net/cert/x509_certificate.cc ++++ b/net/cert/x509_certificate.cc +@@ -630,6 +630,51 @@ void X509Certificate::GetPublicKeyInfo(const CRYPTO_BUFFER* cert_buffer, + case EVP_PKEY_EC: + *type = kPublicKeyTypeECDSA; + break; ++ case EVP_PKEY_MLDSA44: ++ case EVP_PKEY_P256_MLDSA44: ++ case EVP_PKEY_MLDSA65: ++ case EVP_PKEY_P384_MLDSA65: ++ case EVP_PKEY_MLDSA87: ++ case EVP_PKEY_P521_MLDSA87: ++ *type = kPublicKeyTypeMLDSA; ++ break; ++ case EVP_PKEY_DILITHIUM2: ++ case EVP_PKEY_DILITHIUM3: ++ case EVP_PKEY_DILITHIUM5: ++ *type = kPublicKeyTypeDilithium; ++ break; ++ case EVP_PKEY_FALCON512: ++ case EVP_PKEY_RSA3072_FALCON512: ++ case EVP_PKEY_FALCONPADDED512: ++ case EVP_PKEY_FALCON1024: ++ case EVP_PKEY_FALCONPADDED1024: ++ *type = kPublicKeyTypeFalcon; ++ break; ++ case EVP_PKEY_MAYO1: ++ case EVP_PKEY_MAYO2: ++ case EVP_PKEY_MAYO3: ++ case EVP_PKEY_MAYO5: ++ *type = kPublicKeyTypeMAYO; ++ break; ++ case EVP_PKEY_CROSSRSDP128BALANCED: ++ *type = kPublicKeyTypeCROSS; ++ break; ++ case EVP_PKEY_SPHINCSSHA2128FSIMPLE: ++ case EVP_PKEY_SPHINCSSHA2128SSIMPLE: ++ case EVP_PKEY_SPHINCSSHA2192FSIMPLE: ++ case EVP_PKEY_SPHINCSSHA2192SSIMPLE: ++ case EVP_PKEY_SPHINCSSHA2256FSIMPLE: ++ case EVP_PKEY_SPHINCSSHA2256SSIMPLE: ++ *type = kPublicKeyTypeSPHINCSSHA2; ++ break; ++ case EVP_PKEY_SPHINCSSHAKE128FSIMPLE: ++ case EVP_PKEY_SPHINCSSHAKE128SSIMPLE: ++ case EVP_PKEY_SPHINCSSHAKE192FSIMPLE: ++ case EVP_PKEY_SPHINCSSHAKE192SSIMPLE: ++ case EVP_PKEY_SPHINCSSHAKE256FSIMPLE: ++ case EVP_PKEY_SPHINCSSHAKE256SSIMPLE: ++ *type = kPublicKeyTypeSPHINCSSHAKE; ++ break; + } + *size_bits = base::saturated_cast(EVP_PKEY_bits(pkey.get())); + } +diff --git a/net/cert/x509_certificate.h b/net/cert/x509_certificate.h +index 60470fdd71..fd525c263d 100644 +--- a/net/cert/x509_certificate.h ++++ b/net/cert/x509_certificate.h +@@ -45,6 +45,13 @@ class NET_EXPORT X509Certificate + kPublicKeyTypeUnknown, + kPublicKeyTypeRSA, + kPublicKeyTypeECDSA, ++ kPublicKeyTypeMAYO, ++ kPublicKeyTypeCROSS, ++ kPublicKeyTypeDilithium, ++ kPublicKeyTypeFalcon, ++ kPublicKeyTypeMLDSA, ++ kPublicKeyTypeSPHINCSSHA2, ++ kPublicKeyTypeSPHINCSSHAKE + }; + + enum Format { +diff --git a/net/quic/quic_session_pool.cc b/net/quic/quic_session_pool.cc +index ec427c0a6c..5b9db9fd0f 100644 +--- a/net/quic/quic_session_pool.cc ++++ b/net/quic/quic_session_pool.cc +@@ -425,12 +425,16 @@ QuicSessionPool::QuicCryptoClientConfigOwner::QuicCryptoClientConfigOwner( + base::Unretained(this))); + if (quic_session_pool_->ssl_config_service_->GetSSLContextConfig() + .PostQuantumKeyAgreementEnabled()) { +- uint16_t postquantum_group = +- base::FeatureList::IsEnabled(features::kUseMLKEM) +- ? SSL_GROUP_X25519_MLKEM768 +- : SSL_GROUP_X25519_KYBER768_DRAFT00; +- config_.set_preferred_groups({postquantum_group, SSL_GROUP_X25519, +- SSL_GROUP_SECP256R1, SSL_GROUP_SECP384R1}); ++ config_.set_preferred_groups({ ++ // We temporarily enable both X25519_MLKEM768 and X25519_Kyber768 ++ SSL_GROUP_X25519_MLKEM768, SSL_GROUP_X25519_KYBER768_DRAFT00, ++ SSL_GROUP_MLKEM512, SSL_GROUP_P256_MLKEM512, SSL_GROUP_X25519_MLKEM512, SSL_GROUP_MLKEM768, SSL_GROUP_P256_MLKEM768, SSL_GROUP_P384_MLKEM768, SSL_GROUP_MLKEM1024, SSL_GROUP_P384_MLKEM1024, SSL_GROUP_P521_MLKEM1024, ++ SSL_GROUP_FRODO640AES, SSL_GROUP_P256_FRODO640AES, SSL_GROUP_X25519_FRODO640AES, SSL_GROUP_FRODO976AES, SSL_GROUP_P384_FRODO976AES, SSL_GROUP_FRODO1344AES, SSL_GROUP_P521_FRODO1344AES, ++ SSL_GROUP_FRODO640SHAKE, SSL_GROUP_P256_FRODO640SHAKE, SSL_GROUP_X25519_FRODO640SHAKE, SSL_GROUP_FRODO976SHAKE, SSL_GROUP_P384_FRODO976SHAKE, SSL_GROUP_FRODO1344SHAKE, SSL_GROUP_P521_FRODO1344SHAKE, ++ SSL_GROUP_KYBER512, SSL_GROUP_P256_KYBER512, SSL_GROUP_X25519_KYBER512, SSL_GROUP_KYBER768, SSL_GROUP_P256_KYBER768, SSL_GROUP_P384_KYBER768, SSL_GROUP_KYBER1024, SSL_GROUP_P521_KYBER1024, ++ SSL_GROUP_HQC128, SSL_GROUP_P256_HQC128, SSL_GROUP_X25519_HQC128, SSL_GROUP_HQC192, SSL_GROUP_P384_HQC192, SSL_GROUP_HQC256, SSL_GROUP_P521_HQC256, ++ SSL_GROUP_X25519, SSL_GROUP_SECP256R1, SSL_GROUP_SECP384R1 ++ }); + } + } + QuicSessionPool::QuicCryptoClientConfigOwner::~QuicCryptoClientConfigOwner() { +diff --git a/net/socket/ssl_client_socket_impl.cc b/net/socket/ssl_client_socket_impl.cc +index 786d1c08aa..a23bdfa10b 100644 +--- a/net/socket/ssl_client_socket_impl.cc ++++ b/net/socket/ssl_client_socket_impl.cc +@@ -645,12 +645,15 @@ int SSLClientSocketImpl::Init() { + } + + if (context_->config().PostQuantumKeyAgreementEnabled()) { +- const uint16_t postquantum_group = +- base::FeatureList::IsEnabled(features::kUseMLKEM) +- ? SSL_GROUP_X25519_MLKEM768 +- : SSL_GROUP_X25519_KYBER768_DRAFT00; +- const uint16_t kGroups[] = {postquantum_group, SSL_GROUP_X25519, +- SSL_GROUP_SECP256R1, SSL_GROUP_SECP384R1}; ++ const uint16_t kGroups[] = { ++ // We temporarily enable both X25519_MLKEM768 and X25519_Kyber768 ++ SSL_GROUP_X25519_MLKEM768, SSL_GROUP_X25519_KYBER768_DRAFT00, ++ SSL_GROUP_MLKEM512, SSL_GROUP_P256_MLKEM512, SSL_GROUP_X25519_MLKEM512, SSL_GROUP_MLKEM768, SSL_GROUP_P256_MLKEM768, SSL_GROUP_P384_MLKEM768, SSL_GROUP_MLKEM1024, SSL_GROUP_P384_MLKEM1024, SSL_GROUP_P521_MLKEM1024, ++ SSL_GROUP_FRODO640AES, SSL_GROUP_P256_FRODO640AES, SSL_GROUP_X25519_FRODO640AES, SSL_GROUP_FRODO976AES, SSL_GROUP_P384_FRODO976AES, SSL_GROUP_FRODO1344AES, SSL_GROUP_P521_FRODO1344AES, ++ SSL_GROUP_FRODO640SHAKE, SSL_GROUP_P256_FRODO640SHAKE, SSL_GROUP_X25519_FRODO640SHAKE, SSL_GROUP_FRODO976SHAKE, SSL_GROUP_P384_FRODO976SHAKE, SSL_GROUP_FRODO1344SHAKE, SSL_GROUP_P521_FRODO1344SHAKE, ++ SSL_GROUP_KYBER512, SSL_GROUP_P256_KYBER512, SSL_GROUP_X25519_KYBER512, SSL_GROUP_KYBER768, SSL_GROUP_P256_KYBER768, SSL_GROUP_P384_KYBER768, SSL_GROUP_KYBER1024, SSL_GROUP_P521_KYBER1024, ++ SSL_GROUP_HQC128, SSL_GROUP_P256_HQC128, SSL_GROUP_X25519_HQC128, SSL_GROUP_HQC192, SSL_GROUP_P384_HQC192, SSL_GROUP_HQC256, SSL_GROUP_P521_HQC256, ++ SSL_GROUP_X25519, SSL_GROUP_SECP256R1, SSL_GROUP_SECP384R1}; + if (!SSL_set1_group_ids(ssl_.get(), kGroups, std::size(kGroups))) { + return ERR_UNEXPECTED; + } +@@ -752,6 +755,13 @@ int SSLClientSocketImpl::Init() { + SSL_SIGN_RSA_PKCS1_SHA256, SSL_SIGN_ECDSA_SECP384R1_SHA384, + SSL_SIGN_RSA_PSS_RSAE_SHA384, SSL_SIGN_RSA_PKCS1_SHA384, + SSL_SIGN_RSA_PSS_RSAE_SHA512, SSL_SIGN_RSA_PKCS1_SHA512, ++ SSL_SIGN_MLDSA44, SSL_SIGN_P256_MLDSA44, SSL_SIGN_MLDSA65, SSL_SIGN_P384_MLDSA65, SSL_SIGN_MLDSA87, SSL_SIGN_P521_MLDSA87, ++ SSL_SIGN_FALCON512, SSL_SIGN_RSA3072_FALCON512, SSL_SIGN_FALCONPADDED512, SSL_SIGN_FALCON1024, SSL_SIGN_FALCONPADDED1024, ++ SSL_SIGN_MAYO1, SSL_SIGN_MAYO2, SSL_SIGN_MAYO3, SSL_SIGN_MAYO5, ++ SSL_SIGN_SPHINCSSHA2128FSIMPLE, SSL_SIGN_SPHINCSSHA2128SSIMPLE, SSL_SIGN_SPHINCSSHA2192FSIMPLE, SSL_SIGN_SPHINCSSHA2192SSIMPLE, SSL_SIGN_SPHINCSSHA2256FSIMPLE, SSL_SIGN_SPHINCSSHA2256SSIMPLE, ++ SSL_SIGN_SPHINCSSHAKE128FSIMPLE, SSL_SIGN_SPHINCSSHAKE128SSIMPLE, SSL_SIGN_SPHINCSSHAKE192FSIMPLE, SSL_SIGN_SPHINCSSHAKE192SSIMPLE, SSL_SIGN_SPHINCSSHAKE256FSIMPLE, SSL_SIGN_SPHINCSSHAKE256SSIMPLE, ++ SSL_SIGN_CROSSRSDP128BALANCED, ++ SSL_SIGN_DILITHIUM2, SSL_SIGN_DILITHIUM3, SSL_SIGN_DILITHIUM5 + }; + if (!SSL_set_verify_algorithm_prefs(ssl_.get(), kVerifyPrefs, + std::size(kVerifyPrefs))) { +diff --git a/third_party/boringssl/BUILD.gn b/third_party/boringssl/BUILD.gn +index 52e239f60f..5334e44947 100644 +--- a/third_party/boringssl/BUILD.gn ++++ b/third_party/boringssl/BUILD.gn +@@ -17,7 +17,7 @@ if (enable_rust) { + + # Config for us and everybody else depending on BoringSSL. + config("external_config") { +- include_dirs = [ "src/include" ] ++ include_dirs = [ "src/include", "src/oqs/include" ] + if (is_component_build) { + defines = [ "BORINGSSL_SHARED_LIBRARY" ] + } +@@ -46,7 +46,7 @@ config("no_asm_config") { + # unexport pki_internal_headers. + all_sources = bcm_internal_headers + bcm_sources + crypto_internal_headers + + crypto_sources + ssl_internal_headers + ssl_sources + pki_sources +-all_headers = crypto_headers + ssl_headers + pki_headers + pki_internal_headers ++all_headers = crypto_headers + ssl_headers + pki_headers + pki_internal_headers + oqs_headers + + if (enable_rust) { + rust_bindgen("raw_bssl_sys_bindings") { +@@ -145,6 +145,7 @@ component("boringssl") { + sources = rebase_path(all_sources, ".", "src") + public = rebase_path(all_headers, ".", "src") + friend = [ ":*" ] ++ libs = [ "//third_party/boringssl/src/oqs/lib/oqs.lib" ] + deps = [ "//third_party/boringssl/src/third_party/fiat:fiat_license" ] + + # Mark boringssl_asm as a public dependency so the OPENSSL_NO_ASM