This is a rust implementation of Oblivious HTTP and the supporting Binary HTTP Messages that supports attestation and chunking.
The ohttp
crate uses either hpke or
NSS for
cryptographic primitives.
The API documentation is currently sparse, but the API is fairly small and descriptive.
The bhttp
crate has the following features:
read-bhttp
enables parsing of binary HTTP messages. This is enabled by
default.
write-bhttp
enables writing of binary HTTP messages. This is enabled by
default.
read-http
enables a simple HTTP/1.1 message parser. This parser is fairly
basic and is not recommended for production use. Getting an HTTP/1.1 parser
right is a massive enterprise; this one only does the basics. This is
disabled by default.
write-http
enables writing of HTTP/1.1 messages. This is disabled by
default.
The ohttp
crate has the following features:
client
enables the client-side processing of oblivious HTTP messages:
encrypting requests and decrypting responses. This is enabled by default.
server
enables the server-side processing of chunked oblivious HTTP messages:
decrypting requests and encrypting chunked responses. This is enabled by default.
rust-hpke
selects the hpke crate for
HPKE encryption. This is enabled by default and cannot be enabled at the same
time as nss
.
nss
selects
NSS. This is
disabled by default and cannot be enabled at the same time as rust-hpke
.
The bhttp-convert
provides a utility that can convert between the HTTP/1.1
message format (message/http
) and the proposed binary format
(message/bhttp
).
For example, to view the binary format:
cargo run --bin bhttp-convert < ./examples/request.txt | xxd
Or, to convert to binary and back again:
cargo run --bin bhttp-convert < ./examples/response.txt | \
cargo run --bin bhttp-convert -- -d
Sample client and server implementations can be found in ohttp-client
and
ohttp-server
respectively. The server acts as an Oblivious Gateway
Resource. You will need to provide a Target resource and your own relay.
Though a direct request to the server will demonstrate that things are working,
the server sees your IP address.
The repo supports development using GitHub Codespaces and devcontainers.
To build docker images for the server and client, and test with a sample target service,
make build
make run
Contributions are welcome provided you are respectful of others in your interactions.
Continuous integration runs all tests plus cargo fmt -- --check
and cargo clippy --tests
.
There is a pre-commit script that you can link to .git/hooks/pre-commit
that
runs cargo fmt
on all commits. Just run ./pre-commit install
to have it
install itself.
ohttp
and bhttp
should compile on Rust 1.70.0.