diff --git a/Cargo.lock b/Cargo.lock index d935883..a0befe1 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -100,6 +100,7 @@ version = "0.4.0" dependencies = [ "base64 0.11.0 (registry+https://github.com/rust-lang/crates.io-index)", "env_logger 0.7.1 (registry+https://github.com/rust-lang/crates.io-index)", + "hex 0.4.0 (registry+https://github.com/rust-lang/crates.io-index)", "log 0.4.8 (registry+https://github.com/rust-lang/crates.io-index)", "quick-error 1.2.2 (registry+https://github.com/rust-lang/crates.io-index)", "seckey 0.9.1 (registry+https://github.com/rust-lang/crates.io-index)", diff --git a/Makefile b/Makefile index 63e7d5b..cd9fccf 100644 --- a/Makefile +++ b/Makefile @@ -8,6 +8,9 @@ release: publish: podman pull clux/muslrust - podman run -v .:/volume --rm -t clux/muslrust cargo build --release + podman run -v .:/volume:Z --rm -t clux/muslrust cargo build --release + strip target/x86_64-unknown-linux-musl/release/coffer-server + strip target/x86_64-unknown-linux-musl/release/coffer-client + strip target/x86_64-unknown-linux-musl/release/coffer-companion .PHONY: default release publish diff --git a/coffer-common/Cargo.toml b/coffer-common/Cargo.toml index 232a590..af959f1 100644 --- a/coffer-common/Cargo.toml +++ b/coffer-common/Cargo.toml @@ -21,6 +21,7 @@ serde = { version = "^1.0", features = ["derive"]} serde_cbor = "^0.10" toml = "^0.5" base64 = "^0.11" +hex = "^0.4" # Key management/Cryptography sodiumoxide = "^0.2" seckey = "^0.9" diff --git a/coffer-common/src/keyring.rs b/coffer-common/src/keyring.rs index 67aa277..61dd4e7 100644 --- a/coffer-common/src/keyring.rs +++ b/coffer-common/src/keyring.rs @@ -8,6 +8,8 @@ use quick_error::quick_error; use sodiumoxide::crypto::box_; use sodiumoxide::crypto::sealedbox; +use toml::Value as TomlValue; + use crate::certificate::{Certificate, CertificateError}; quick_error! { @@ -18,6 +20,12 @@ quick_error! { Certificate(err: CertificateError) { from() } + HexDecodeError(err: hex::FromHexError) { + from() + } + IoError(err: std::io::Error) { + from() + } Msg(err: &'static str) { from(err) display("{}", err) @@ -50,6 +58,32 @@ impl Keyring { } } + pub fn add_known_keys_toml(&mut self, toml: &str) -> Result<(), KeyringError> { + // parse the string into a toml Table + let clients: toml::value::Table = match toml.parse::().unwrap() { + TomlValue::Table(t) => t, + _ => panic!{"Invalid secrets file"} + }; + + for (_k, v) in clients { + + let client = match v { + TomlValue::Table(client) => client, + _ => panic!{"Invalid secrets file"} + }; + + match client.get("id") { + Some(TomlValue::String(id)) => { + let id = id.to_owned(); + self.add_known_key(&hex::decode(id)?)?; + }, + _ => panic!{"Invalid id, only hex encoded ids supported"} + } + } + + Ok(()) + } + pub fn add_known_key(&mut self, key: &[u8]) -> Result<(), KeyringError> { let public_key = box_::PublicKey::from_slice(key) .ok_or(KeyringError::InvalidClientKey)?; diff --git a/coffer-server/src/main.rs b/coffer-server/src/main.rs index 69125ff..2da71fa 100644 --- a/coffer-server/src/main.rs +++ b/coffer-server/src/main.rs @@ -33,9 +33,6 @@ struct Args { /// Address, the coffer server should bind to #[structopt(short, long, parse(try_from_str), env = "COFFER_SERVER_ADDRESS", default_value = "127.0.0.1:9187")] address: SocketAddr, - - #[structopt(long, parse(from_os_str))] - client: PathBuf } #[tokio::main] @@ -45,20 +42,22 @@ async fn main() { _print_banner(); + // create keyring from server certificate let mut keyring = Keyring::new_from_path(&args.certificate); - // read in client key - let mut client_key = Vec::new(); - File::open(&args.client).unwrap().read_to_end(&mut client_key).unwrap(); - keyring.add_known_key(&client_key).unwrap(); - // decrypt secrets file and put into coffer let mut secrets_file = File::open(&args.secrets).unwrap(); let mut secrets_buf = Vec::new(); secrets_file.read_to_end(&mut secrets_buf).unwrap(); let secrets_buf_clear = String::from_utf8(keyring.open(&secrets_buf).unwrap()).unwrap(); + + // read known client ids from secrets file + keyring.add_known_keys_toml(&secrets_buf_clear).unwrap(); + + // read secrets from secrets file let coffer = CofferMap::from_toml(&secrets_buf_clear); + // start server let server = Server::new(keyring, coffer); server.run(args.address).await; }