Repository files navigation

This is a rust implementation ofObliviousHTTPand the supportingBinary HTTPMessages.

Theohttp crate uses eitherhpke orNSS forcryptographic primitives.

The API documentation is currently sparse, but the API is fairly small anddescriptive.

Thebhttp crate has the following features:

• read-bhttp enables parsing of binary HTTP messages. This is enabled bydefault.

• write-bhttp enables writing of binary HTTP messages. This is enabled bydefault.

• read-http enables a simple HTTP/1.1 message parser. This parser is fairlybasic and is not recommended for production use. Getting an HTTP/1.1 parserright is a massive enterprise; this one only does the basics. This isdisabled by default.

• write-http enables writing of HTTP/1.1 messages. This is disabled bydefault.

Theohttp crate has the following features:

• client enables the client-side processing of oblivious HTTP messages:encrypting requests and decrypting responses. This is enabled by default.

• server enables the server-side processing of oblivious HTTP messages:decrypting requests and encrypting responses. This is enabled by default.

• rust-hpke selects thehpke crate forHPKE encryption. This is enabled by default and cannot be enabled at the sametime asnss.

• nss selectsNSS. This isdisabled by default and cannot be enabled at the same time asrust-hpke.

Thebhttp-convert provides a utility that can convert between the HTTP/1.1message format (message/http) and the proposed binary format(message/bhttp).

For example, to view the binary format:

cargo run --bin bhttp-convert< ./examples/request.txt| xxd

Or, to convert to binary and back again:

cargo run --bin bhttp-convert< ./examples/response.txt| \  cargo run --bin bhttp-convert -- -d

Sample client and server implementations can be found inohttp-client andohttp-server respectively. The server acts as both an Oblivious GatewayResource and a Target Resource. You will need to provide your own relay.Though a direct request to the server will demonstrate that things are working,the server sees your IP address.

The build setup is a little tricky, mostly because building NSS is a bit fiddly.

First, you need a machine capable ofbuildingNSS.For those on Ubuntu/Debian, the minimal set of prerequisites for an x64 build(and the later steps) can be installed using:

sudo apt-get install \  ca-certificates coreutils curl git make mercurial \  build-essential clang llvm libclang-dev lld \  gyp ninja-build pkg-config zlib1g-dev

You then need to clone this repository, the NSS repository, and the NSPRrepository. I generally put them all in the same place.

cd$workspacegit clone https://github.com/martinthomson/ohttp ./ohttpgit clone https://github.com/nss-dev/nss ./nss# or# hg clone https://hg.mozilla.org/projects/nss ./nsshg clone https://hg.mozilla.org/projects/nspr ./nspr

The build then needs to be told about where to find NSS. The runtime also needsto be told where to find NSS libraries. This helps avoid linking with any NSSversion you might have installed in the OS, which won't work (yet).

export NSS_DIR=$workspace/nssexport LD_LIBRARY_PATH=$workspace/dist/Debug/lib

You might need to tweak this. On a Mac, useDYLD_LIBRARY_PATH instead ofLD_LIBRARY_PATH. And if you are building with--release, the path includes"Release" rather than "Debug".

Then you should be able to build and run tests:

cd$workspacecargo buildcargotest

Contributions are welcome provided you are respectful of others in yourinteractions.

Continuous integration runs all tests pluscargo fmt -- --check andcargo clippy --tests.

There is a pre-commit script that you can link to.git/hooks/pre-commit thatrunscargo fmt on all commits. Just run./pre-commit install to have itinstall itself.

ohttp andbhttp should compile on Rust 1.63.0.