diff options
| author | David Lönnhager <david.l@mullvad.net> | 2022-05-19 14:28:33 +0200 |
|---|---|---|
| committer | David Lönnhager <david.l@mullvad.net> | 2022-06-14 12:37:04 +0200 |
| commit | d8e1e030af2d8a1f900a83c6f8f6f23a6d736be6 (patch) | |
| tree | c56ebdb2ea781ab3d8b7bf0ce04429cd675eb6c3 | |
| parent | 4c7b7b66e9412da5d040fef4828bacbf483c1334 (diff) | |
| download | mullvadvpn-d8e1e030af2d8a1f900a83c6f8f6f23a6d736be6.tar.xz mullvadvpn-d8e1e030af2d8a1f900a83c6f8f6f23a6d736be6.zip | |
Add PQ PSK exchange tunnel option
| -rw-r--r-- | mullvad-management-interface/proto/management_interface.proto | 1 | ||||
| -rw-r--r-- | mullvad-management-interface/src/types.rs | 2 | ||||
| -rw-r--r-- | talpid-core/src/tunnel/mod.rs | 13 | ||||
| -rw-r--r-- | talpid-types/src/net/wireguard.rs | 3 |
4 files changed, 18 insertions, 1 deletions
diff --git a/mullvad-management-interface/proto/management_interface.proto b/mullvad-management-interface/proto/management_interface.proto index 20d5318a58..eb132b2a52 100644 --- a/mullvad-management-interface/proto/management_interface.proto +++ b/mullvad-management-interface/proto/management_interface.proto @@ -435,6 +435,7 @@ message TunnelOptions { uint32 mtu = 1; google.protobuf.Duration rotation_interval = 2; bool use_wireguard_nt = 3; + bool use_pq_safe_psk = 4; } message GenericOptions { bool enable_ipv6 = 1; diff --git a/mullvad-management-interface/src/types.rs b/mullvad-management-interface/src/types.rs index cad371aa49..640d97d676 100644 --- a/mullvad-management-interface/src/types.rs +++ b/mullvad-management-interface/src/types.rs @@ -680,6 +680,7 @@ impl From<&mullvad_types::settings::TunnelOptions> for TunnelOptions { use_wireguard_nt: options.wireguard.options.use_wireguard_nt, #[cfg(not(windows))] use_wireguard_nt: false, + use_pq_safe_psk: options.wireguard.options.use_pq_safe_psk, }), generic: Some(tunnel_options::GenericOptions { enable_ipv6: options.generic.enable_ipv6, @@ -1413,6 +1414,7 @@ impl TryFrom<TunnelOptions> for mullvad_types::settings::TunnelOptions { } else { None }, + use_pq_safe_psk: wireguard_options.use_pq_safe_psk, #[cfg(windows)] use_wireguard_nt: wireguard_options.use_wireguard_nt, }, diff --git a/talpid-core/src/tunnel/mod.rs b/talpid-core/src/tunnel/mod.rs index 8820f26c72..9d93a6e3f1 100644 --- a/talpid-core/src/tunnel/mod.rs +++ b/talpid-core/src/tunnel/mod.rs @@ -198,7 +198,18 @@ impl TunnelMonitor { let monitor = wireguard::WireguardMonitor::start( runtime, config, - Some(params.connection.peer.public_key.clone()), + if params.options.use_pq_safe_psk { + Some( + params + .connection + .exit_peer + .as_ref() + .map(|peer| peer.public_key.clone()) + .unwrap_or(params.connection.peer.public_key.clone()), + ) + } else { + None + }, log.as_deref(), resource_dir, on_event, diff --git a/talpid-types/src/net/wireguard.rs b/talpid-types/src/net/wireguard.rs index 16cd7390b7..cccfc167fc 100644 --- a/talpid-types/src/net/wireguard.rs +++ b/talpid-types/src/net/wireguard.rs @@ -80,6 +80,8 @@ pub struct TunnelOptions { jnix(map = "|maybe_mtu| maybe_mtu.map(|mtu| mtu as i32)") )] pub mtu: Option<u16>, + /// Obtain a PSK using the relay config client. + pub use_pq_safe_psk: bool, /// Temporary switch for wireguard-nt #[cfg(windows)] #[serde(default = "default_wgnt_setting")] @@ -96,6 +98,7 @@ impl Default for TunnelOptions { fn default() -> Self { Self { mtu: None, + use_pq_safe_psk: false, #[cfg(windows)] use_wireguard_nt: default_wgnt_setting(), } |