Pad ohttp req/res messages to consistent 8192 byte

Clients pad OHTTP requests and responses so that when they're sent to an OHTTP relay that relay can't distingush the type of BIP 77 message e.g. POST, GET, Response 202, Response 200. Co-authored-by: nothingmuch <[email protected]>
payjoin · Nov 20, 2024 · b404a91 · b404a91
1 parent b013874
commit b404a91
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 3 deletions.
diff --git a/payjoin-directory/src/lib.rs b/payjoin-directory/src/lib.rs
@@ -23,7 +23,8 @@ pub const DEFAULT_DIR_PORT: u16 = 8080;
 pub const DEFAULT_DB_HOST: &str = "localhost:6379";
 pub const DEFAULT_TIMEOUT_SECS: u64 = 30;
 
-const MAX_BUFFER_SIZE: usize = 65536;
+const PADDED_BHTTP_BYTES: usize = 8192;
+const V1_MAX_BUFFER_SIZE: usize = 65536;
 
 const V1_REJECT_RES_JSON: &str =
     r#"{{"errorCode": "original-psbt-rejected ", "message": "Body is not a string"}}"#;
@@ -208,6 +209,7 @@ async fn handle_ohttp_gateway(
     bhttp_res
         .write_bhttp(bhttp::Mode::KnownLength, &mut bhttp_bytes)
         .map_err(|e| HandlerError::InternalServerError(e.into()))?;
+    bhttp_bytes.resize(PADDED_BHTTP_BYTES, 0);
     let ohttp_res = res_ctx
         .encapsulate(&bhttp_bytes)
         .map_err(|e| HandlerError::InternalServerError(e.into()))?;
@@ -323,7 +325,7 @@ async fn put_payjoin_v1(
     let id = decode_short_id(id)?;
     let req =
         body.collect().await.map_err(|e| HandlerError::InternalServerError(e.into()))?.to_bytes();
-    if req.len() > MAX_BUFFER_SIZE {
+    if req.len() > V1_MAX_BUFFER_SIZE {
         return Err(HandlerError::PayloadTooLarge);
     }
 
@@ -344,7 +346,7 @@ async fn post_subdir(
     let id = decode_short_id(id)?;
     let req =
         body.collect().await.map_err(|e| HandlerError::InternalServerError(e.into()))?.to_bytes();
-    if req.len() > MAX_BUFFER_SIZE {
+    if req.len() > V1_MAX_BUFFER_SIZE {
         return Err(HandlerError::PayloadTooLarge);
     }
 

diff --git a/payjoin/src/ohttp.rs b/payjoin/src/ohttp.rs
@@ -4,6 +4,8 @@ use std::{error, fmt};
 use bitcoin::base64::prelude::BASE64_URL_SAFE_NO_PAD;
 use bitcoin::base64::Engine;
 
+pub const PADDED_MESSAGE_BYTES: usize = 8192;
+
 pub fn ohttp_encapsulate(
     ohttp_keys: &mut ohttp::KeyConfig,
     method: &str,
@@ -33,6 +35,7 @@ pub fn ohttp_encapsulate(
     }
     let mut bhttp_req = Vec::new();
     let _ = bhttp_message.write_bhttp(bhttp::Mode::KnownLength, &mut bhttp_req);
+    bhttp_req.resize(PADDED_MESSAGE_BYTES, 0);
     let encapsulated = ctx.encapsulate(&bhttp_req)?;
     Ok(encapsulated)
 }