Merge branch 'pq-gui-setting'

10 files changed, 142 insertions, 0 deletions

diff --git a/gui/src/main/daemon-rpc.ts b/gui/src/main/daemon-rpc.ts
index 9898a1d2c2..5d24870908 100644
--- a/gui/src/main/daemon-rpc.ts
+++ b/gui/src/main/daemon-rpc.ts
@@ -437,6 +437,25 @@ export class DaemonRpc {
     await this.callNumber(this.client.setWireguardMtu, mtu);
   }
 
+  public async setWireguardQuantumResistant(quantumResistant?: boolean): Promise<void> {
+    const quantumResistantState = new grpcTypes.QuantumResistantState();
+    switch (quantumResistant) {
+      case true:
+        quantumResistantState.setState(grpcTypes.QuantumResistantState.State.ON);
+        break;
+      case false:
+        quantumResistantState.setState(grpcTypes.QuantumResistantState.State.OFF);
+        break;
+      case undefined:
+        quantumResistantState.setState(grpcTypes.QuantumResistantState.State.AUTO);
+        break;
+    }
+    await this.call<grpcTypes.QuantumResistantState, Empty>(
+      this.client.setQuantumResistantTunnel,
+      quantumResistantState,
+    );
+  }
+
   public async setAutoConnect(autoConnect: boolean): Promise<void> {
     await this.callBool(this.client.setAutoConnect, autoConnect);
   }
@@ -1230,6 +1249,9 @@ function convertFromTunnelOptions(tunnelOptions: grpcTypes.TunnelOptions.AsObjec
     },
     wireguard: {
       mtu: tunnelOptions.wireguard!.mtu,
+      quantumResistant: convertFromQuantumResistantState(
+        tunnelOptions.wireguard?.quantumResistant?.state,
+      ),
     },
     generic: {
       enableIpv6: tunnelOptions.generic!.enableIpv6,
@@ -1253,6 +1275,18 @@ function convertFromTunnelOptions(tunnelOptions: grpcTypes.TunnelOptions.AsObjec
   };
 }
 
+function convertFromQuantumResistantState(
+  state?: grpcTypes.QuantumResistantState.State,
+): boolean | undefined {
+  return state === undefined
+    ? undefined
+    : {
+        [grpcTypes.QuantumResistantState.State.ON]: true,
+        [grpcTypes.QuantumResistantState.State.OFF]: false,
+        [grpcTypes.QuantumResistantState.State.AUTO]: undefined,
+      }[state];
+}
+
 function convertFromObfuscationSettings(
   obfuscationSettings?: grpcTypes.ObfuscationSettings.AsObject,
 ): ObfuscationSettings {
diff --git a/gui/src/main/default-settings.ts b/gui/src/main/default-settings.ts
index 13650926a4..9989575f80 100644
--- a/gui/src/main/default-settings.ts
+++ b/gui/src/main/default-settings.ts
@@ -45,6 +45,7 @@ export function getDefaultSettings(): ISettings {
       },
       wireguard: {
         mtu: undefined,
+        quantumResistant: undefined,
       },
       dns: {
         state: 'default',
diff --git a/gui/src/main/settings.ts b/gui/src/main/settings.ts
index 634a9109ee..08871f42ea 100644
--- a/gui/src/main/settings.ts
+++ b/gui/src/main/settings.ts
@@ -53,6 +53,9 @@ export default class Settings implements Readonly<ISettings> {
     IpcMainEventChannel.settings.handleSetWireguardMtu((mtu?: number) =>
       this.daemonRpc.setWireguardMtu(mtu),
     );
+    IpcMainEventChannel.settings.handleSetWireguardQuantumResistant((quantumResistant?: boolean) =>
+      this.daemonRpc.setWireguardQuantumResistant(quantumResistant),
+    );
     IpcMainEventChannel.settings.handleUpdateRelaySettings((update) =>
       this.daemonRpc.updateRelaySettings(update),
     );
diff --git a/gui/src/renderer/app.tsx b/gui/src/renderer/app.tsx
index 14fa75f9cc..c5377b5d54 100644
--- a/gui/src/renderer/app.tsx
+++ b/gui/src/renderer/app.tsx
@@ -464,6 +464,12 @@ export default class AppRenderer {
     await IpcRendererEventChannel.settings.setWireguardMtu(mtu);
   };
 
+  public setWireguardQuantumResistant = async (quantumResistant?: boolean) => {
+    const actions = this.reduxActions;
+    actions.settings.updateWireguardQuantumResistant(quantumResistant);
+    await IpcRendererEventChannel.settings.setWireguardQuantumResistant(quantumResistant);
+  };
+
   public setAutoStart = (autoStart: boolean): Promise<void> => {
     this.storeAutoStart(autoStart);
 
@@ -746,6 +752,9 @@ export default class AppRenderer {
     reduxSettings.updateShowBetaReleases(newSettings.showBetaReleases);
     reduxSettings.updateOpenVpnMssfix(newSettings.tunnelOptions.openvpn.mssfix);
     reduxSettings.updateWireguardMtu(newSettings.tunnelOptions.wireguard.mtu);
+    reduxSettings.updateWireguardQuantumResistant(
+      newSettings.tunnelOptions.wireguard.quantumResistant,
+    );
     reduxSettings.updateBridgeState(newSettings.bridgeState);
     reduxSettings.updateDnsOptions(newSettings.tunnelOptions.dns);
     reduxSettings.updateSplitTunnelingState(newSettings.splitTunnel.enableExclusions);
diff --git a/gui/src/renderer/components/SecuredLabel.tsx b/gui/src/renderer/components/SecuredLabel.tsx
index f622c8a847..736297b480 100644
--- a/gui/src/renderer/components/SecuredLabel.tsx
+++ b/gui/src/renderer/components/SecuredLabel.tsx
@@ -50,6 +50,7 @@ function getLabelText(displayStyle: SecuredDisplayStyle) {
       return messages.gettext('SECURE CONNECTION');
 
     case SecuredDisplayStyle.securedPq:
+      // TRANSLATORS: The connection is secure and isn't breakable by quantum computers.
       return messages.gettext('QUANTUM SECURE CONNECTION');
 
     case SecuredDisplayStyle.blocked:
@@ -59,6 +60,7 @@ function getLabelText(displayStyle: SecuredDisplayStyle) {
       return messages.gettext('CREATING SECURE CONNECTION');
 
     case SecuredDisplayStyle.securingPq:
+      // TRANSLATORS: Creating a secure connection that isn't breakable by quantum computers.
       return messages.gettext('CREATING QUANTUM SECURE CONNECTION');
 
     case SecuredDisplayStyle.unsecured:
diff --git a/gui/src/renderer/components/WireguardSettings.tsx b/gui/src/renderer/components/WireguardSettings.tsx
index 18c39a7396..edcc397e4a 100644
--- a/gui/src/renderer/components/WireguardSettings.tsx
+++ b/gui/src/renderer/components/WireguardSettings.tsx
@@ -107,6 +107,10 @@ export default function WireguardSettings() {
                 </Cell.Group>
 
                 <Cell.Group>
+                  <QuantumResistantSetting />
+                </Cell.Group>
+
+                <Cell.Group>
                   <MultihopSetting />
                 </Cell.Group>
 
@@ -564,3 +568,64 @@ function MtuSetting() {
     </AriaInputGroup>
   );
 }
+
+function QuantumResistantSetting() {
+  const { setWireguardQuantumResistant } = useAppContext();
+  const quantumResistant = useSelector((state) => state.settings.wireguard.quantumResistant);
+
+  const items: SelectorItem<boolean>[] = useMemo(
+    () => [
+      {
+        label: messages.gettext('On'),
+        value: true,
+      },
+      {
+        label: messages.gettext('Off'),
+        value: false,
+      },
+    ],
+    [],
+  );
+
+  const selectQuantumResistant = useCallback(
+    async (quantumResistant: boolean | null) => {
+      await setWireguardQuantumResistant(quantumResistant ?? undefined);
+    },
+    [setWireguardQuantumResistant],
+  );
+
+  return (
+    <AriaInputGroup>
+      <StyledSelectorContainer>
+        <Selector
+          title={
+            // TRANSLATORS: The title for the WireGuard quantum resistance selector. This setting
+            // TRANSLATORS: makes the cryptography resistant to the future abilities of quantum
+            // TRANSLATORS: computers.
+            messages.pgettext('wireguard-settings-view', 'Quantum-resistant tunnel')
+          }
+          details={
+            <>
+              <ModalMessage>
+                {messages.pgettext(
+                  'wireguard-settings-view',
+                  'This feature makes the WireGuard tunnel resistant to potential attacks from quantum computers.',
+                )}
+              </ModalMessage>
+              <ModalMessage>
+                {messages.pgettext(
+                  'wireguard-settings-view',
+                  'It does this by performing an extra key exchange using a quantum safe algorithm and mixing the result into WireGuard’s regular encryption. This extra step uses approximately 500 kiB of traffic every time a new tunnel is established.',
+                )}
+              </ModalMessage>
+            </>
+          }
+          items={items}
+          value={quantumResistant ?? null}
+          onSelect={selectQuantumResistant}
+          automaticValue={null}
+        />
+      </StyledSelectorContainer>
+    </AriaInputGroup>
+  );
+}
diff --git a/gui/src/renderer/redux/settings/actions.ts b/gui/src/renderer/redux/settings/actions.ts
index ef03ce14b8..dad71de024 100644
--- a/gui/src/renderer/redux/settings/actions.ts
+++ b/gui/src/renderer/redux/settings/actions.ts
@@ -68,6 +68,11 @@ export interface IUpdateWireguardMtuAction {
   mtu?: number;
 }
 
+export interface IUpdateWireguardQuantumResistantAction {
+  type: 'UPDATE_WIREGUARD_QUANTUM_RESISTANT';
+  quantumResistant?: boolean;
+}
+
 export interface IUpdateAutoStartAction {
   type: 'UPDATE_AUTO_START';
   autoStart: boolean;
@@ -106,6 +111,7 @@ export type SettingsAction =
   | IUpdateBridgeStateAction
   | IUpdateOpenVpnMssfixAction
   | IUpdateWireguardMtuAction
+  | IUpdateWireguardQuantumResistantAction
   | IUpdateAutoStartAction
   | IUpdateDnsOptionsAction
   | IUpdateSplitTunnelingStateAction
@@ -200,6 +206,15 @@ function updateWireguardMtu(mtu?: number): IUpdateWireguardMtuAction {
   };
 }
 
+function updateWireguardQuantumResistant(
+  quantumResistant?: boolean,
+): IUpdateWireguardQuantumResistantAction {
+  return {
+    type: 'UPDATE_WIREGUARD_QUANTUM_RESISTANT',
+    quantumResistant,
+  };
+}
+
 function updateAutoStart(autoStart: boolean): IUpdateAutoStartAction {
   return {
     type: 'UPDATE_AUTO_START',
@@ -252,6 +267,7 @@ export default {
   updateBridgeState,
   updateOpenVpnMssfix,
   updateWireguardMtu,
+  updateWireguardQuantumResistant,
   updateAutoStart,
   updateDnsOptions,
   updateSplitTunnelingState,
diff --git a/gui/src/renderer/redux/settings/reducers.ts b/gui/src/renderer/redux/settings/reducers.ts
index 2d1d287f00..576253bb48 100644
--- a/gui/src/renderer/redux/settings/reducers.ts
+++ b/gui/src/renderer/redux/settings/reducers.ts
@@ -100,6 +100,7 @@ export interface ISettingsReduxState {
   };
   wireguard: {
     mtu?: number;
+    quantumResistant?: boolean;
   };
   dns: IDnsOptions;
   splitTunneling: boolean;
@@ -240,6 +241,15 @@ export default function (
         },
       };
 
+    case 'UPDATE_WIREGUARD_QUANTUM_RESISTANT':
+      return {
+        ...state,
+        wireguard: {
+          ...state.wireguard,
+          quantumResistant: action.quantumResistant,
+        },
+      };
+
     case 'UPDATE_AUTO_START':
       return {
         ...state,
diff --git a/gui/src/shared/daemon-rpc-types.ts b/gui/src/shared/daemon-rpc-types.ts
index 4a5f27d98e..f8c9fa5fff 100644
--- a/gui/src/shared/daemon-rpc-types.ts
+++ b/gui/src/shared/daemon-rpc-types.ts
@@ -301,6 +301,7 @@ export interface ITunnelOptions {
   };
   wireguard: {
     mtu?: number;
+    quantumResistant?: boolean;
   };
   generic: {
     enableIpv6: boolean;
diff --git a/gui/src/shared/ipc-schema.ts b/gui/src/shared/ipc-schema.ts
index 0ea4fdc662..1dc7d82701 100644
--- a/gui/src/shared/ipc-schema.ts
+++ b/gui/src/shared/ipc-schema.ts
@@ -163,6 +163,7 @@ export const ipcSchema = {
     setBridgeState: invoke<BridgeState, void>(),
     setOpenVpnMssfix: invoke<number | undefined, void>(),
     setWireguardMtu: invoke<number | undefined, void>(),
+    setWireguardQuantumResistant: invoke<boolean | undefined, void>(),
     updateRelaySettings: invoke<RelaySettingsUpdate, void>(),
     updateBridgeSettings: invoke<BridgeSettings, void>(),
     setDnsOptions: invoke<IDnsOptions, void>(),