Lib.rs

Network programming | Cryptography
#oblivious #privacy #bhttp #ohttp

aloha

Low-level Rust implementation of Oblivious HTTP

Owned by xofyarg.

1 unstable release

0.1.0 Apr 13, 2023

#1592 in Cryptography

Apache-2.0

89KB
2K SLoC

aloha: Alternative Library for Oblivious HTTP Applications

Aloha is a low-level Oblivious HTTP parsing/building library that focus on performance. The crypto functionality is built on top of hpke crate, while the bHTTP implementation leverages a chained operation to avoid heap allocations.

Please see the crate documentation for details and examples.

lib.rs:

This library implements draft-ietf-ohai-ohttp-06.

Quick start

use aloha::{bhttp, id, Config, Error};
use rand::thread_rng;

// Some of the crypto functions require a RNG.
let mut rng = thread_rng();

// [server] Generates a server side config with selected algorithms.
let srv_conf = Config::builder()
   .with_id(1)
   .gen_keypair(id::KemId::X25519HKDFSHA256, &mut rng)
   .push_alg(id::KdfId::HKDFSHA256, id::AeadId::AESGCM128)
   .build()?;

// [server] From the server side config, get a client side one and
// deliver in to the client side after serializaion.
let mut cli_conf_bytes = Vec::new();
srv_conf.get_client().compose(&mut cli_conf_bytes)?;

// ... distribute the cli_conf_bytes to the client

// [client] Parse the client config from raw bytes.
let cli_conf = Config::parse(&mut cli_conf_bytes.as_slice())?;

// [client] Build a bhttp request
let mut req = Vec::new();
bhttp::Builder::new(&mut req, bhttp::Framing::KnownLenReq)
   .push_ctrl(b"GET", b"https", b"example.com", b"/ping")?
   .push_headers(&[("host".as_bytes(), "example.com".as_bytes())])?;

// [client] Encrypt the request data and send it to the server.
let (enc_req, cli_ctx) = cli_conf.encrypt_req(0, &req, &mut rng)?;

// [server] Use the server side config to decrypt the request.
let (dec_req, srv_ctx) = srv_conf.decrypt_req(&enc_req)?;
assert_eq!(req, dec_req.as_ref());

// [server] Parse the bhttp msg.
let parser = bhttp::Parser::new(&dec_req);
let req_ctrl = parser.next_req()?;
let ctrl = req_ctrl.get()?;
assert_eq!(b"GET", ctrl.method);
assert_eq!(b"https", ctrl.scheme);
assert_eq!(b"example.com", ctrl.authority);
assert_eq!(b"/ping", ctrl.path);
let _headers = req_ctrl.next()?;

// [server] Use the context to encrypt a (bhttp) response.
let res = b"pong";
let enc_res = srv_ctx.encrypt_res(&res[..], &mut rng)?;
// [client] Use the context to decrypt the response.
let dec_res = cli_ctx.decrypt_res(&enc_res)?;
assert_eq!(&res[..], &dec_res);

Dependencies

~7.5MB
~106K SLoC