From a08c4d354e5960c6c3c09d0ec8c1f87f00b3a43a Mon Sep 17 00:00:00 2001 From: klzgrad Date: Sun, 5 May 2024 00:51:53 +0800 Subject: [PATCH] Allow disabling post-quantum key agreement in TLS --- USAGE.txt | 4 ++++ src/net/tools/naive/naive_config.cc | 4 ++++ src/net/tools/naive/naive_config.h | 2 ++ src/net/tools/naive/naive_proxy_bin.cc | 16 ++++++++++++++++ 4 files changed, 26 insertions(+) diff --git a/USAGE.txt b/USAGE.txt index 1643926660..4c1660e645 100644 --- a/USAGE.txt +++ b/USAGE.txt @@ -97,3 +97,7 @@ Options: --ssl-key-log-file= Saves SSL keys for Wireshark inspection. + + --no-post-quantum + + Overrides the default and disables post-quantum key agreement. diff --git a/src/net/tools/naive/naive_config.cc b/src/net/tools/naive/naive_config.cc index f156c05c6e..7e7eae3b51 100644 --- a/src/net/tools/naive/naive_config.cc +++ b/src/net/tools/naive/naive_config.cc @@ -192,6 +192,10 @@ bool NaiveConfig::Parse(const base::Value::Dict& value) { } } + if (const base::Value* v = value.Find("no-post-quantum")) { + no_post_quantum = true; + } + return true; } diff --git a/src/net/tools/naive/naive_config.h b/src/net/tools/naive/naive_config.h index 29df78f0fa..b157f74f95 100644 --- a/src/net/tools/naive/naive_config.h +++ b/src/net/tools/naive/naive_config.h @@ -54,6 +54,8 @@ struct NaiveConfig { base::FilePath ssl_key_log_file; + std::optional no_post_quantum; + NaiveConfig(); NaiveConfig(const NaiveConfig&); ~NaiveConfig(); diff --git a/src/net/tools/naive/naive_proxy_bin.cc b/src/net/tools/naive/naive_proxy_bin.cc index e1d9633742..c580e0cc4d 100644 --- a/src/net/tools/naive/naive_proxy_bin.cc +++ b/src/net/tools/naive/naive_proxy_bin.cc @@ -212,6 +212,21 @@ std::unique_ptr BuildURLRequestContext( config.extra_headers, std::vector{PaddingType::kVariant1, PaddingType::kNone})); + if (config.no_post_quantum == true) { + struct NoPostQuantum : public SSLConfigService { + SSLContextConfig GetSSLContextConfig() override { + SSLContextConfig config; + config.post_quantum_override = false; + return config; + } + + bool CanShareConnectionWithClientCerts(std::string_view) const override { + return false; + } + }; + builder.set_ssl_config_service(std::make_unique()); + } + auto context = builder.Build(); if (!config.proxy_url.empty() && !config.proxy_user.empty() && @@ -358,6 +373,7 @@ int main(int argc, char* argv[]) { "--log[=] Log to stderr, or file\n" "--log-net-log= Save NetLog\n" "--ssl-key-log-file= Save SSL keys for Wireshark\n" + "--no-post-quantum No post-quantum key agreement\n" << std::endl; exit(EXIT_SUCCESS); }