Ensure plaintext called in message encryption is an array ref type

The plaintext passed to hpke message encrpytion needs to be the correct
A or B length respectively.

Author: benalleng

payjoin/src/receive/v2/mod.rs

@@ -16,7 +16,7 @@ use super::{
     v1, ImplementationError, InternalPayloadError, JsonError, OutputSubstitutionError,
     ReplyableError, SelectionError,
 };
-use crate::hpke::{decrypt_message_a, encrypt_message_b, HpkeKeyPair, HpkePublicKey};
+use crate::hpke::{decrypt_message_a, encrypt_message_b, HpkeError, HpkeKeyPair, HpkePublicKey};
 use crate::ohttp::{ohttp_decapsulate, ohttp_encapsulate, OhttpEncapsulationError, OhttpKeys};
 use crate::receive::{parse_payload, InputPair};
 use crate::uri::ShortId;
@@ -488,20 +488,31 @@ impl PayjoinProposal {
         &mut self,
         ohttp_relay: impl IntoUrl,
     ) -> Result<(Request, ohttp::ClientResponse), Error> {
+        use crate::hpke::PADDED_PLAINTEXT_B_LENGTH;
+
         let target_resource: Url;
         let body: Vec<u8>;
         let method: &str;
 
         if let Some(e) = &self.context.e {
             // Prepare v2 payload
-            let payjoin_bytes = self.v1.psbt().serialize();
+            let mut payjoin_bytes = self.v1.psbt().serialize();
             let sender_subdir = subdir_path_from_pubkey(e);
             target_resource = self
                 .context
                 .directory
                 .join(&sender_subdir.to_string())
                 .map_err(|e| ReplyableError::Implementation(e.into()))?;
-            body = encrypt_message_b(payjoin_bytes, &self.context.s, e)?;
+            payjoin_bytes.resize(PADDED_PLAINTEXT_B_LENGTH, 0);
+
+            body = encrypt_message_b(
+                &payjoin_bytes.clone().try_into().map_err(|_| HpkeError::PayloadTooLarge {
+                    actual: payjoin_bytes.len(),
+                    max: PADDED_PLAINTEXT_B_LENGTH,
+                })?,
+                &self.context.s,
+                e,
+            )?;
             method = "POST";
         } else {
             // Prepare v2 wrapped and backwards-compatible v1 payload

payjoin/src/send/v2/mod.rs

@@ -29,7 +29,9 @@ use url::Url;
 
 use super::error::BuildSenderError;
 use super::*;
-use crate::hpke::{decrypt_message_b, encrypt_message_a, HpkeSecretKey};
+use crate::hpke::{
+    decrypt_message_b, encrypt_message_a, HpkeError, HpkeSecretKey, PADDED_PLAINTEXT_A_LENGTH,
+};
 use crate::ohttp::{ohttp_decapsulate, ohttp_encapsulate};
 use crate::send::v1;
 use crate::uri::{ShortId, UrlExt};
@@ -149,15 +151,22 @@ impl Sender {
         }
         let rs = self.extract_rs_pubkey()?;
         let url = self.v1.endpoint.clone();
-        let body = serialize_v2_body(
+        let mut plaintext = serialize_v2_body(
             &self.v1.psbt,
             self.v1.disable_output_substitution,
             self.v1.fee_contribution,
             self.v1.min_fee_rate,
         )?;
+        plaintext.resize(PADDED_PLAINTEXT_A_LENGTH, 0);
+
         let hpke_ctx = HpkeContext::new(rs, &self.reply_key);
         let body = encrypt_message_a(
-            body,
+            &plaintext.clone().try_into().map_err(|_| {
+                InternalCreateRequestError::Hpke(HpkeError::PayloadTooLarge {
+                    actual: plaintext.len(),
+                    max: PADDED_PLAINTEXT_A_LENGTH,
+                })
+            })?,
             &hpke_ctx.reply_pair.public_key().clone(),
             &hpke_ctx.receiver.clone(),
         )
@@ -265,7 +274,7 @@ impl V2GetContext {
             .join(&subdir.to_string())
             .map_err(|e| InternalCreateRequestError::Url(e.into()))?;
         let body = encrypt_message_a(
-            Vec::new(),
+            &[0; PADDED_PLAINTEXT_A_LENGTH],
             &self.hpke_ctx.reply_pair.public_key().clone(),
             &self.hpke_ctx.receiver.clone(),
         )