From bec3734676faf3868ea225e0316e77ad5a7e4421 Mon Sep 17 00:00:00 2001 From: Gab Virebent Date: Sat, 11 Jul 2026 13:37:23 +0200 Subject: Switch Nym WS transport to nym-client's binary protocol, drop second base64 layer Client.Send now speaks nym-client's native binary websocket protocol (tag || recipient || conn_id || data_len || data) instead of wrapping the ciphertext in a JSON text message, which required base64-encoding it a second time on top of the browser's own base64 layer. The reader's self-address query also switched to the binary protocol: nym-client picks text-vs-binary for every later "received" push based on the format of the last request seen on a connection, so leaving the reader in JSON/text mode would have made nym-client run a lossy UTF-8 conversion over the now-unencoded binary payload, corrupting it. Fixed the binary Received-frame parsing along the way (previous code assumed a fixed 16-byte tag with no length prefix, which never matched the real protocol and was never exercised while the connection stayed text-mode). Verified end-to-end against the real embedded nym-client 1.1.76 binary, with the exact wire format cross-checked against upstream nym source at the pinned build commit. --- internal/relay/relay.go | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) (limited to 'internal/relay/relay.go') diff --git a/internal/relay/relay.go b/internal/relay/relay.go index 9a17fab..54d4571 100644 --- a/internal/relay/relay.go +++ b/internal/relay/relay.go @@ -8,18 +8,18 @@ import ( "nymdrop/internal/nym" ) -// Two base64 layers stack between the raw file and the wire: the client -// base64-encodes the file into the plaintext before encrypting (see -// static/crypto.js, ~4/3 inflation), then nym.Client.Send base64-encodes -// the whole ciphertext again to embed it in the JSON message sent to the -// local nym-client over its control WebSocket (~4/3 again). The combined -// ~1.78x inflation is bounded above by nym-client's own hardcoded 16MB -// WebSocket message limit, not by anything in this codebase, so this -// buffer (and the nginx/http-layer cap) must stay well under 16MB / 1.78 -// once the second layer is applied. 11MB here keeps the second-layer -// base64 (~14.7MB) with real margin below the 16MB nym-client ceiling, -// which works out to a safe raw file size of roughly 8MB, not 10MB. -const maxPayloadBytes = 11 * 1024 * 1024 // 11 MB wire (first base64 layer only) +// One base64 layer remains between the raw file and the wire: the browser +// client base64-encodes the file into the plaintext before encrypting (see +// static/crypto.js, ~4/3 inflation). nym.Client.Send used to base64-encode +// the whole ciphertext a second time to embed it in a JSON message for the +// local nym-client's WebSocket control channel; it now sends the raw bytes +// via nym-client's binary protocol instead, so that second inflation is +// gone. The remaining ~4/3 inflation is still bounded above by nym-client's +// own hardcoded 16MB WebSocket message limit. This cap (11MB) predates the +// binary-protocol fix and still reflects the old two-layer math (safe raw +// file size ~8MB) — raising it towards the ~16MB/1.33 headroom the fix +// actually unlocked is a deliberate follow-up, not done here. +const maxPayloadBytes = 11 * 1024 * 1024 // 11 MB wire // Relay receives ciphertext and forwards it through Nym. Nothing is written to disk. type Relay struct { -- cgit v1.2.3