[all] Read from toml, simplify protocol, export key ids

Cargo.lock

@@ -36,13 +36,13 @@ dependencies = [
 ]
 
 [[package]]
-name = "bitflags"
+name = "base64"
-version = "1.2.1"
+version = "0.11.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 
 [[package]]
-name = "bumpalo"
+name = "bitflags"
-version = "3.1.1"
+version = "1.2.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 
 [[package]]
@@ -81,7 +81,7 @@ dependencies = [
 
 [[package]]
 name = "coffer-client"
-version = "0.2.0"
+version = "0.4.0"
 dependencies = [
  "env_logger 0.7.1 (registry+https://github.com/rust-lang/crates.io-index)",
  "exec 0.3.1 (registry+https://github.com/rust-lang/crates.io-index)",
@@ -94,26 +94,26 @@ dependencies = [
 
 [[package]]
 name = "coffer-common"
-version = "0.1.0"
+version = "0.4.0"
 dependencies = [
- "bumpalo 3.1.1 (registry+https://github.com/rust-lang/crates.io-index)",
+ "base64 0.11.0 (registry+https://github.com/rust-lang/crates.io-index)",
  "env_logger 0.7.1 (registry+https://github.com/rust-lang/crates.io-index)",
  "log 0.4.8 (registry+https://github.com/rust-lang/crates.io-index)",
  "quick-error 1.2.2 (registry+https://github.com/rust-lang/crates.io-index)",
  "seckey 0.9.1 (registry+https://github.com/rust-lang/crates.io-index)",
  "serde 1.0.102 (registry+https://github.com/rust-lang/crates.io-index)",
  "serde_cbor 0.10.2 (registry+https://github.com/rust-lang/crates.io-index)",
- "serde_json 1.0.44 (registry+https://github.com/rust-lang/crates.io-index)",
  "sodiumoxide 0.2.5 (registry+https://github.com/rust-lang/crates.io-index)",
  "toml 0.5.5 (registry+https://github.com/rust-lang/crates.io-index)",
 ]
 
 [[package]]
 name = "coffer-companion"
-version = "0.2.0"
+version = "0.4.0"
 dependencies = [
- "coffer-common 0.1.0",
+ "coffer-common 0.4.0",
  "env_logger 0.7.1 (registry+https://github.com/rust-lang/crates.io-index)",
+ "hex 0.4.0 (registry+https://github.com/rust-lang/crates.io-index)",
  "log 0.4.8 (registry+https://github.com/rust-lang/crates.io-index)",
  "quick-error 1.2.2 (registry+https://github.com/rust-lang/crates.io-index)",
  "serde 1.0.102 (registry+https://github.com/rust-lang/crates.io-index)",
@@ -125,10 +125,10 @@ dependencies = [
 
 [[package]]
 name = "coffer-server"
-version = "0.2.0"
+version = "0.4.0"
 dependencies = [
  "bytes 0.5.3 (registry+https://github.com/rust-lang/crates.io-index)",
- "coffer-common 0.1.0",
+ "coffer-common 0.4.0",
  "env_logger 0.7.1 (registry+https://github.com/rust-lang/crates.io-index)",
  "futures 0.3.1 (registry+https://github.com/rust-lang/crates.io-index)",
  "hex 0.4.0 (registry+https://github.com/rust-lang/crates.io-index)",
@@ -365,11 +365,6 @@ dependencies = [
  "libc 0.2.65 (registry+https://github.com/rust-lang/crates.io-index)",
 ]
 
-[[package]]
-name = "itoa"
-version = "0.4.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-
 [[package]]
 name = "kernel32-sys"
 version = "0.2.2"
@@ -612,11 +607,6 @@ name = "rle-decode-fast"
 version = "1.0.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 
-[[package]]
-name = "ryu"
-version = "1.0.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-
 [[package]]
 name = "seckey"
 version = "0.9.1"
@@ -653,16 +643,6 @@ dependencies = [
  "syn 1.0.8 (registry+https://github.com/rust-lang/crates.io-index)",
 ]
 
-[[package]]
-name = "serde_json"
-version = "1.0.44"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-dependencies = [
- "itoa 0.4.4 (registry+https://github.com/rust-lang/crates.io-index)",
- "ryu 1.0.2 (registry+https://github.com/rust-lang/crates.io-index)",
- "serde 1.0.102 (registry+https://github.com/rust-lang/crates.io-index)",
-]
-
 [[package]]
 name = "serde_yaml"
 version = "0.8.11"
@@ -932,8 +912,8 @@ dependencies = [
 "checksum ansi_term 0.11.0 (registry+https://github.com/rust-lang/crates.io-index)" = "ee49baf6cb617b853aa8d93bf420db2383fab46d314482ca2803b40d5fde979b"
 "checksum arc-swap 0.4.4 (registry+https://github.com/rust-lang/crates.io-index)" = "d7b8a9123b8027467bce0099fe556c628a53c8d83df0507084c31e9ba2e39aff"
 "checksum atty 0.2.13 (registry+https://github.com/rust-lang/crates.io-index)" = "1803c647a3ec87095e7ae7acfca019e98de5ec9a7d01343f611cf3152ed71a90"
+"checksum base64 0.11.0 (registry+https://github.com/rust-lang/crates.io-index)" = "b41b7ea54a0c9d92199de89e20e58d49f02f8e699814ef3fdf266f6f748d15c7"
 "checksum bitflags 1.2.1 (registry+https://github.com/rust-lang/crates.io-index)" = "cf1de2fe8c75bc145a2f577add951f8134889b4795d47466a54a5c846d691693"
-"checksum bumpalo 3.1.1 (registry+https://github.com/rust-lang/crates.io-index)" = "8fe2567a8d8a3aedb4e39aa39e186d5673acfd56393c6ac83b2bc5bd82f4369c"
 "checksum byteorder 1.3.2 (registry+https://github.com/rust-lang/crates.io-index)" = "a7c3dd8985a7111efc5c80b44e23ecdd8c007de8ade3b96595387e812b957cf5"
 "checksum bytes 0.5.3 (registry+https://github.com/rust-lang/crates.io-index)" = "10004c15deb332055f7a4a208190aed362cf9a7c2f6ab70a305fba50e1105f38"
 "checksum cc 1.0.47 (registry+https://github.com/rust-lang/crates.io-index)" = "aa87058dce70a3ff5621797f1506cb837edd02ac4c0ae642b4542dce802908b8"
@@ -966,7 +946,6 @@ dependencies = [
 "checksum hex 0.4.0 (registry+https://github.com/rust-lang/crates.io-index)" = "023b39be39e3a2da62a94feb433e91e8bcd37676fbc8bea371daf52b7a769a3e"
 "checksum humantime 1.3.0 (registry+https://github.com/rust-lang/crates.io-index)" = "df004cfca50ef23c36850aaaa59ad52cc70d0e90243c3c7737a4dd32dc7a3c4f"
 "checksum iovec 0.1.4 (registry+https://github.com/rust-lang/crates.io-index)" = "b2b3ea6ff95e175473f8ffe6a7eb7c00d054240321b84c57051175fe3c1e075e"
-"checksum itoa 0.4.4 (registry+https://github.com/rust-lang/crates.io-index)" = "501266b7edd0174f8530248f87f99c88fbe60ca4ef3dd486835b8d8d53136f7f"
 "checksum kernel32-sys 0.2.2 (registry+https://github.com/rust-lang/crates.io-index)" = "7507624b29483431c0ba2d82aece8ca6cdba9382bff4ddd0f7490560c056098d"
 "checksum lazy_static 1.4.0 (registry+https://github.com/rust-lang/crates.io-index)" = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646"
 "checksum libc 0.2.65 (registry+https://github.com/rust-lang/crates.io-index)" = "1a31a0627fdf1f6a39ec0dd577e101440b7db22672c0901fe00a9a6fbb5c24e8"
@@ -997,12 +976,10 @@ dependencies = [
 "checksum regex 1.3.1 (registry+https://github.com/rust-lang/crates.io-index)" = "dc220bd33bdce8f093101afe22a037b8eb0e5af33592e6a9caafff0d4cb81cbd"
 "checksum regex-syntax 0.6.12 (registry+https://github.com/rust-lang/crates.io-index)" = "11a7e20d1cce64ef2fed88b66d347f88bd9babb82845b2b858f3edbf59a4f716"
 "checksum rle-decode-fast 1.0.1 (registry+https://github.com/rust-lang/crates.io-index)" = "cabe4fa914dec5870285fa7f71f602645da47c486e68486d2b4ceb4a343e90ac"
-"checksum ryu 1.0.2 (registry+https://github.com/rust-lang/crates.io-index)" = "bfa8506c1de11c9c4e4c38863ccbe02a305c8188e85a05a784c9e11e1c3910c8"
 "checksum seckey 0.9.1 (registry+https://github.com/rust-lang/crates.io-index)" = "c819d0a699db7622e4ee55a651f992242f754481f97de3024dc548adcce13237"
 "checksum serde 1.0.102 (registry+https://github.com/rust-lang/crates.io-index)" = "0c4b39bd9b0b087684013a792c59e3e07a46a01d2322518d8a1104641a0b1be0"
 "checksum serde_cbor 0.10.2 (registry+https://github.com/rust-lang/crates.io-index)" = "f7081ed758ec726a6ed8ee7e92f5d3f6e6f8c3901b1f972e3a4a2f2599fad14f"
 "checksum serde_derive 1.0.102 (registry+https://github.com/rust-lang/crates.io-index)" = "ca13fc1a832f793322228923fbb3aba9f3f44444898f835d31ad1b74fa0a2bf8"
-"checksum serde_json 1.0.44 (registry+https://github.com/rust-lang/crates.io-index)" = "48c575e0cc52bdd09b47f330f646cf59afc586e9c4e3ccd6fc1f625b8ea1dad7"
 "checksum serde_yaml 0.8.11 (registry+https://github.com/rust-lang/crates.io-index)" = "691b17f19fc1ec9d94ec0b5864859290dff279dbd7b03f017afda54eb36c3c35"
 "checksum signal-hook-registry 1.2.0 (registry+https://github.com/rust-lang/crates.io-index)" = "94f478ede9f64724c5d173d7bb56099ec3e2d9fc2774aac65d34b8b890405f41"
 "checksum slab 0.4.2 (registry+https://github.com/rust-lang/crates.io-index)" = "c111b5bd5695e56cffe5129854aa230b39c93a305372fdbb2668ca2394eea9f8"

Design.org

@@ -25,7 +25,10 @@
 * Coffer
   - Sharded KV-Store
   - Keys are UTF-8 Strings
-  - Typed values as defined by TOML: String, Integer, Float, Boolean, Date
+  - Typed values as defined by TOML: String, Integer, Float, Boolean
+    - No Dates support
+    - No binary data support
+    - Floats and Integers are 32 bit
 
 * Coffer Server
   A ~coffer-server~ can support multiple clients by means of /sharding/ the
@@ -43,10 +46,9 @@
   Encrypted Authentication: SK of coffer-companion, PK of coffer-server
 
   #+BEGIN_SRC yaml
-    # Names for ids (public keys) of clients
+    # IDs (public keys) of clients
-    [clients]
+    file.id = "AAAA-AAAA-AAAA-AAAA"
-    file = "AAAA-AAAA-AAAA-AAAA"
+    bin.id = "FFFF-FFFF-FFFF-FFFF"
-    bin = "FFFF-FFFF-FFFF-FFFF"
 
     # Secrets for a named client (defined in clients)
     [file]

Makefile

@@ -7,7 +7,7 @@ release:
 	cargo build --release
 
 publish:
-	docker pull clux/muslrust
+	podman pull clux/muslrust
-	docker run -v $(CURDIR):/volume --rm -t clux/muslrust cargo build --release
+	podman run -v .:/volume --rm -t clux/muslrust cargo build --release
 
 .PHONY: default release publish

coffer-client/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "coffer-client"
-version = "0.2.0"
+version = "0.4.0"
 authors = ["Armin Friedl <dev@friedl.net>"]
 edition = "2018"
 

coffer-common/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "coffer-common"
-version = "0.1.0"
+version = "0.4.0"
 authors = ["armin"]
 edition = "2018"
 
@@ -15,13 +15,12 @@ export = []
 # Base tools
 log = "^0.4"
 env_logger = "^0.7"
+quick-error = "^1.2"
+# Serialization
 serde = { version = "^1.0", features = ["derive"]}
 serde_cbor = "^0.10"
-serde_json = "^1.0"
 toml = "^0.5"
-quick-error = "^1.2"
+base64 = "^0.11"
 # Key management/Cryptography
 sodiumoxide = "^0.2"
 seckey = "^0.9"
-# Memory management
-bumpalo = { version = "^3.1", features = ["collections"]}

coffer-common/src/certificate.rs

@@ -83,6 +83,15 @@ impl Certificate {
         Ok(cbor)
     }
 
+    pub fn public_key(&self) -> Vec<u8> {
+        self.inner.read().public_key.as_ref().to_owned()
+    }
+
+    #[cfg(feature = "export")]
+    pub fn secret_key(&self) -> Vec<u8> {
+        self.inner.read().private_key.as_ref().to_owned()
+    }
+
     pub fn open(&self, c: &[u8]) -> Result<Vec<u8>, CertificateError> {
         let pk = &self.inner.read().public_key;
         let sk = &self.inner.read().private_key;
@@ -90,6 +99,12 @@ impl Certificate {
         sealedbox::open(c, pk, sk)
             .map_err(|_| CertificateError::Crypto)
     }
+
+    pub fn seal(&self, message: &[u8]) -> Result<Vec<u8>, CertificateError> {
+        let pk = &self.inner.read().public_key;
+
+        Ok(sealedbox::seal(message, pk))
+    }
 }
 
 impl <T: AsRef<Path>> From<T> for Certificate {

coffer-common/src/coffer.rs

@@ -1,8 +1,13 @@
 //! A storage container for client data
-
 #[allow(unused_imports)]
 use log::{debug, error, info, trace, warn};
 
+use std::path::Path;
+use std::fs::File;
+use std::io::{BufReader, Read};
+
+use toml::Value as TomlValue;
+
 use serde::{Serialize, Deserialize};
 
 use quick_error::quick_error;
@@ -29,39 +34,104 @@ pub enum CofferValue {
     String(String),
     /// A 32-bit integer
     Integer(i32),
-    /// An opaque blob of data
+    /// A 32-bit float
-    Blob(Vec<u8>)
+    Float(f32),
+    // A boolean
+    Boolean(bool)
 }
 
-/// A path to a value
+#[derive(Clone, Debug, Serialize, Deserialize, PartialEq, Eq, Hash)]
-#[derive(Clone, Eq, PartialEq, Hash, Debug, Serialize, Deserialize)]
+pub struct CofferKey {
-pub struct CofferPath(pub Vec<String>);
+    pub shard: String,
+    pub key: String
+}
+
+#[derive(Debug, Serialize, Deserialize)]
+pub struct CofferShard(pub Vec<(String, CofferValue)>);
 
 /// Interface for interacting with a `Coffer`
 pub trait Coffer {
     /// Put `value` at `path`. Errors if there is already a value at `path`.
-    fn put(&mut self, path: CofferPath, value: CofferValue) -> CofferResult<()>;
+    fn put(&mut self, key: CofferKey, value: CofferValue) -> CofferResult<()>;
 
     /// Push `value` to `path`. Replaces existing values.
-    fn push(&mut self, path: CofferPath, value: CofferValue);
+    fn push(&mut self, key: CofferKey, value: CofferValue);
 
     /// Retrieve `value` at path. Errors if there is no `value` at path.
-    fn get(&self, path: CofferPath) -> CofferResult<CofferValue>;
+    fn get(&self, key: &CofferKey) -> CofferResult<CofferValue>;
-}
 
-impl <T> From<Vec<T>> for CofferPath
+    /// Retrieve `value` at path. Errors if there is no `value` at path.
-where T: AsRef<str>
+    fn get_shard<T>(&self, shard: T) -> CofferResult<CofferShard>
-{
+    where T: AsRef<str>;
-    fn from(val: Vec<T>) -> Self {
+
-        CofferPath::from(&val)
+    fn from_toml_file(toml_path: &Path) -> Self
-    }
+    where Self: Coffer + Default
-}
+    {
-
+        // read the secrets file into a temporary string
-impl <T> From<&Vec<T>> for CofferPath
+        let mut file = BufReader::new(File::open(toml_path).unwrap());
-where T: AsRef<str>
+        let mut secrets_buf = String::new();
-{
+        file.read_to_string(&mut secrets_buf).unwrap();
-    fn from(val: &Vec<T>) -> Self {
+
-        let col = val.iter().map(|p| {(*p).as_ref().to_owned()}).collect();
+        Coffer::from_toml(&secrets_buf)
-        CofferPath(col)
+    }
+
+    fn from_toml(toml: &str) -> Self
+    where Self: Coffer + Default
+    {
+        // call implementation to create an empty coffer
+        let mut coffer = Self::default();
+
+        // parse the string into a toml Table
+        let clients: toml::value::Table = match toml.parse::<TomlValue>().unwrap() {
+            TomlValue::Table(t) => t,
+            _ => panic!{"Invalid secrets file"}
+        };
+
+        /*
+         * Walk through the table of clients, where each client is a table which
+         * is either empty, or contains a table with at least an id and any
+         * number of secrets
+         *
+         * # Example:
+         *
+         * files.id = "AAAA-BBBB-CCCC"
+         * pad.id = "FFFF-EEEE-DDDD"
+         *
+         * [files]
+         * secret_string = "secret value1"
+         * secret_int = 12345
+         * secret_bool = true
+         */
+        for (_k, v) in clients {
+
+            let client = match v {
+                TomlValue::Table(t) => t,
+                _ => panic!{"Invalid secrets file"}
+            };
+
+            for (k, v) in client.iter() {
+
+                if "id" == k { continue } // ids are for sharding
+
+                let value = match v {
+                    TomlValue::String(s) => CofferValue::String(s.to_owned()),
+                    TomlValue::Integer(i) => CofferValue::Integer(*i as i32),
+                    TomlValue::Float(f) => CofferValue::Float(*f as f32),
+                    TomlValue::Boolean(b) => CofferValue::Boolean(*b),
+                    _ => panic!{"Value {:?} unsupported", v}
+                };
+
+                match client.get("id") {
+                    Some(TomlValue::String(shard)) => {
+                        let shard = shard.to_owned();
+                        let key =  k.to_owned();
+                        coffer.put(CofferKey{shard, key}, value).unwrap();
+                    },
+                    _ => panic!{"Invalid secrets file"}
+                }
+            }
+        }
+
+        return coffer;
     }
 }

coffer-common/src/keyring.rs

@@ -1,6 +1,7 @@
 #[allow(unused_imports)]
 use log::{debug, error, info, trace, warn};
 
+use std::path::Path;
 use std::collections::HashMap;
 
 use quick_error::quick_error;
@@ -40,6 +41,15 @@ impl Keyring {
         }
     }
 
+    pub fn new_from_path<T>(certificate_path: T) -> Keyring
+    where T: AsRef<Path>
+    {
+        Keyring {
+            certificate: Certificate::from(certificate_path),
+            known_keys: HashMap::new()
+        }
+    }
+
     pub fn add_known_key(&mut self, key: &[u8]) -> Result<(), KeyringError> {
         let public_key = box_::PublicKey::from_slice(key)
             .ok_or(KeyringError::InvalidClientKey)?;

coffer-companion/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "coffer-companion"
-version = "0.2.0"
+version = "0.4.0"
 authors = ["Armin Friedl <dev@friedl.net>"]
 edition = "2018"
 
@@ -14,6 +14,7 @@ structopt = "0.3"
 quick-error = "1.2"
 # Key management/Cryptography 
 sodiumoxide = "0.2.5"
+hex = "^0.4"
 # Communication
 serde = { version = "1.0", features = ["derive"]}
 serde_cbor = "0.10.2"

coffer-companion/src/certificate.rs

@@ -13,5 +13,10 @@ pub fn generate_key(out: PathBuf) {
         .expect(&format!{"Could not create out file {}", &out.display()});
 
     writer.write_all(&cert).unwrap();
-
+}
+
+pub fn info(out: PathBuf) {
+    let cert = Certificate::new_from_cbor(out).unwrap();
+    println!{"Public Key: {}", hex::encode_upper(cert.public_key())}
+    println!{"Secret Key: {}", hex::encode_upper(cert.secret_key())}
 }

coffer-companion/src/encrypt.rs

@@ -2,13 +2,16 @@ use coffer_common::certificate::Certificate;
 
 use std::path::PathBuf;
 use std::fs::File;
+use std::io::Read;
 use std::io::Write;
 
-use serde::Deserialize;
+#[allow(unused)]
-use serde_yaml;
-
 pub fn encrypt_yaml(yaml:PathBuf, out: PathBuf, certificate: PathBuf) {
     let cert = Certificate::new_from_cbor(certificate).unwrap();
+    let mut secrets = Vec::new();
+    File::open(yaml).unwrap().read_to_end(&mut secrets).unwrap();
 
-    let  
+    let sealed = cert.seal(&secrets).unwrap();
+    let mut out_file = File::create(out).unwrap();
+    out_file.write_all(&sealed);
 }

coffer-companion/src/main.rs

@@ -1,22 +1,24 @@
 use std::path::PathBuf;
 use structopt::StructOpt;
 
-mod generate;
+mod certificate;
 mod encrypt;
 
 #[derive(StructOpt, Debug)]
 enum Args {
     Certificate {
         #[structopt(short, long, parse(from_os_str))]
-        out: PathBuf
+        out: PathBuf,
+        #[structopt(short, long)]
+        info: bool
     },
     Encrypt {
+        #[structopt(short, long, parse(from_os_str))]
+        certificate: PathBuf,
         #[structopt(short, long, parse(from_os_str))]
         yaml: PathBuf,
         #[structopt(short, long, parse(from_os_str))]
-        out: PathBuf,
+        out: PathBuf
-        #[structopt(short, long, parse(from_os_str))]
-        certificate: PathBuf,
     }
 }
 
@@ -24,7 +26,10 @@ fn main() {
     let args: Args = Args::from_args();
 
     match args {
-        Args::Certificate {out} => generate::generate_key(out),
+        Args::Certificate {out, info} => {
-        Args::Encrypt {yaml, out, certificate} => {}
+            if info {  certificate::info(out) }
+            else { certificate::generate_key(out) }
+        }
+        _ => unimplemented![]
     }
 }

coffer-server/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "coffer-server"
-version = "0.2.0"
+version = "0.4.0"
 authors = ["Armin Friedl <dev@friedl.net>"]
 edition = "2018"
 

coffer-server/src/coffer_map.rs

@@ -1,47 +1,89 @@
-//! A simple, thread-safe coffer implementation backed by a hash map
+//! Thread-safe coffer implementation backed by hash map
 
 #[allow(unused_imports)]
 use log::{debug, error, info, trace, warn};
 
 use std::sync::RwLock;
+use std::sync::RwLockReadGuard;
+use std::sync::RwLockWriteGuard;
+
 use std::collections::HashMap;
 
 use coffer_common::coffer::*;
 
-pub struct CofferMap {
+type ShardedCoffer = HashMap<String, HashMap<String, CofferValue>>;
-    coffer: RwLock<HashMap<CofferPath, CofferValue>>
+pub struct CofferMap(RwLock<ShardedCoffer>);
-}
 
 impl CofferMap {
     pub fn new() -> CofferMap {
-        CofferMap {
+        CofferMap(RwLock::new(HashMap::new()))
-            coffer: RwLock::new(HashMap::new())
     }
+
+    fn read(&self) -> RwLockReadGuard<'_, ShardedCoffer> {
+        self.0.read().unwrap()
+    }
+
+    fn write(&self) -> RwLockWriteGuard<'_, ShardedCoffer> {
+        self.0.write().unwrap()
     }
 }
 
 impl Coffer for CofferMap {
-    fn put(&mut self, path: CofferPath, value: CofferValue) -> CofferResult<()> {
+    fn put(&mut self, key: CofferKey, value: CofferValue) -> CofferResult<()> {
-        let mut lock = self.coffer.write().unwrap();
+        let mut lock = self.write();
 
-        match (*lock).contains_key(&path) {
+        match lock.get_mut(&key.shard) {
-            true => Err(CofferError::Msg("test")),
+            Some(shard) => {
-            false => {(*lock).insert(path, value); Ok(())}
+                if shard.contains_key(&key.key) { Err(CofferError::Msg("Key exists")) }
+                else { shard.insert(key.key, value); Ok(()) }
+            }
+            None => {
+                lock.insert(key.shard.clone(), HashMap::new());
+                lock.get_mut(&key.shard).unwrap().insert(key.key, value);
+                Ok(())
+            }
         }
     }
 
-    fn push(&mut self, path: CofferPath, value: CofferValue) {
+    fn push(&mut self, key: CofferKey, value: CofferValue) {
-        let mut lock = self.coffer.write().unwrap();
+        let mut lock = self.write();
 
-        (*lock).insert(path, value);
+        match lock.get_mut(&key.shard) {
+            Some(shard) => {
+                shard.insert(key.key, value);
+            }
+            None => {
+                lock.insert(key.shard.clone(), HashMap::new());
+                lock.get_mut(&key.shard).unwrap().insert(key.key, value);
+            }
+        }
     }
 
-    fn get(&self, path: CofferPath) -> CofferResult<CofferValue> {
+    fn get(&self, key: &CofferKey) -> CofferResult<CofferValue> {
-        let lock = self.coffer.read().unwrap();
+        let lock = self.read();
 
-        (*lock).get(&path)
+        let res = lock.get(&key.shard)
-            .and_then(|v| Some(v.clone()))
+            .and_then( |shard| { shard.get(&key.key) } )
-            .ok_or(CofferError::Msg("Key not found"))
+            .ok_or(CofferError::Msg("Key not found"))?;
+
+        Ok(res.clone())
+    }
+
+    fn get_shard<T>(&self, shard: T) -> CofferResult<CofferShard>
+    where T: AsRef<str>
+    {
+        let lock = self.read();
+
+        let coffer_shard = lock.get(shard.as_ref())
+            .ok_or(CofferError::Msg("Shard {} not found"))?;
+
+        let mut res = CofferShard(Vec::new());
+
+        for (k,v) in coffer_shard {
+            res.0.push((k.clone(), v.clone()));
+        }
+
+        Ok(res)
     }
 }
 

coffer-server/src/main.rs

@@ -4,29 +4,31 @@ use log::{debug, error, info, trace, warn};
 use env_logger;
 
 use std::path::PathBuf;
+use std::fs::File;
+use std::io::{Read};
 use structopt::StructOpt;
 use std::net::SocketAddr;
 
-use coffer_common::certificate::Certificate;
 use coffer_common::keyring::Keyring;
+use coffer_common::coffer::Coffer;
 
 mod server;
 mod coffer_map;
 mod protocol;
 
-use server::ServerBuilder;
+use server::Server;
 use coffer_map::CofferMap;
 
 #[derive(StructOpt, Debug)]
 struct Args {
     /// Path to the server certificate. Will be deleted after processing.
     #[structopt(short, long, parse(from_os_str), env = "COFFER_SERVER_CERTIFICATE", hide_env_values = true)]
-    certificate: Option<PathBuf>,
+    certificate: PathBuf,
 
     /// Path to secrets file. Will be deleted after processing.
     /// Must be sealed by the public key of the server certificate
     #[structopt(short, long, parse(from_os_str), env = "COFFER_SERVER_SECRETS", hide_env_values = true)]
-    secrets: Option<PathBuf>,
+    secrets: PathBuf,
 
     /// Address, the coffer server should bind to
     #[structopt(short, long, parse(try_from_str), env = "COFFER_SERVER_ADDRESS", default_value = "127.0.0.1:9187")]
@@ -40,12 +42,16 @@ async fn main() {
 
     _print_banner();
 
-    let server = ServerBuilder::new()
+    let keyring = Keyring::new_from_path(&args.certificate);
-        .with_keyring(args.certificate.and_then(|cert_path| Some(Keyring::new(Certificate::from(cert_path)))))
-        .with_coffer(Some(CofferMap::new()))
-        .build()
-        .expect("Couldn't build server");
 
+    // decrypt secrets file and put into coffer
+    let mut secrets_file = File::open(&args.secrets).unwrap();
+    let mut secrets_buf = Vec::new();
+    secrets_file.read_to_end(&mut secrets_buf).unwrap();
+    let secrets_buf_clear = String::from_utf8(keyring.open(&secrets_buf).unwrap()).unwrap();
+    let coffer = CofferMap::from_toml(&secrets_buf_clear);
+
+    let server = Server::new(keyring, coffer);
     server.run(args.address).await;
 }
 

coffer-server/src/protocol.rs

@@ -9,15 +9,12 @@ use tokio::io::{AsyncRead,
                 AsyncReadExt,
                 AsyncWriteExt};
 use tokio::net::TcpStream;
-use tokio::sync::RwLock;
 
 use serde_cbor;
 
 use quick_error::quick_error;
 
-use coffer_common::coffer::{CofferValue,
+use coffer_common::coffer::Coffer;
-                            CofferPath,
-                            Coffer};
 use coffer_common::keyring::Keyring;
 use hex;
 
@@ -38,25 +35,23 @@ quick_error! {
 enum State {
     Start,
     Link,
-    Error,
+    Bye,
     End
 }
 
 #[derive(Debug)]
 enum Request {
     Hello(Vec<u8>),
-    Put(Vec<u8>),
+    Get,
-    Get(Vec<u8>),
+    Bye
-    Bye,
-    Error
 }
 
 pub struct Protocol<C>
 where C: Coffer
 {
     stream: TcpStream,
-    coffer: Arc<RwLock<C>>,
+    coffer: Arc<C>,
-    keyring: Arc<RwLock<Keyring>>,
+    keyring: Arc<Keyring>,
     client: Option<Vec<u8>>,
     state: State
 }
@@ -64,11 +59,7 @@ where C: Coffer
 impl<C> Protocol<C>
 where C: Coffer
 {
-    pub fn new(
+    pub fn new(stream: TcpStream, coffer: Arc<C>, keyring: Arc<Keyring>) -> Protocol<C>
-        stream: TcpStream,
-        coffer: Arc<RwLock<C>>,
-        keyring: Arc<RwLock<Keyring>>
-    ) -> Protocol<C>
     {
         let state = State::Start;
         let client = None;
@@ -104,11 +95,9 @@ where C: Coffer
 
         match msg_type {
             0x00 => Request::Hello(message),
-            0x02 => Request::Put(message),
+            0x02 => Request::Get,
-            0x03 => Request::Get(message),
+            0x99 => Request::Bye,
-            0x63 => Request::Bye,
+            _ => panic!{"Invalid message type {}", msg_type}
-            0xff => Request::Error,
-               _ => Request::Error
         }
     }
 
@@ -171,30 +160,19 @@ where C: Coffer
         match (&self.state, event) {
             (State::Start, Request::Hello(pk)) => {
                 debug!{"Reading public key"}
-                self.keyring.write().await
-                    .add_known_key(&pk)
-                    .unwrap();
                 self.client = Some(pk);
                 self.state = State::Link;
             }
 
-            (State::Link, Request::Get(req)) => {
+            (State::Link, Request::Get) => {
                 debug!{"Writing response"}
-                let mut req: CofferPath =
+                let shard_id = hex::encode(self.client.as_ref().unwrap());
-                    serde_cbor::from_slice(
-                        &self.keyring.read().await
-                            .open(&req)
-                            .unwrap()
-                    ).unwrap();
 
-                req.0.insert(0, hex::encode(self.client.as_ref().unwrap()));
+                let res = self.coffer
-
+                    .get_shard(shard_id)
-                let res = self.coffer.read().await
-                    .get(req)
                     .unwrap();
 
-                let response = self.keyring.read().await
+                let response = self.keyring.seal(
-                    .seal(
                         &self.client.as_ref().unwrap(),
                         &serde_cbor::to_vec(&res).unwrap()
                     ).unwrap();
@@ -205,35 +183,11 @@ where C: Coffer
                 // TODO Proper result handling
                 self.stream.write_all(&frame).await.unwrap();
 
-                self.state = State::Link;
+                self.state = State::Bye;
             }
 
-            (State::Link, Request::Put(put)) => {
+            (State::Link, Request::Bye) => self.state = State::End,
-                debug!{"Putting secrets"}
+            (State::Bye, Request::Bye) => self.state = State::End,
-                let mut put: Vec<(CofferPath, CofferValue)> =
-                    serde_cbor::from_slice(
-                        &self.keyring.read().await
-                            .open(&put)
-                            .unwrap()
-                    ).unwrap();
-
-                let key_string = hex::encode(self.client.as_ref().unwrap());
-
-                put.iter_mut().map( |(cp, _cv)| &mut cp.0)
-                    .for_each(|cp| cp.insert(0, key_string.clone()));
-
-                for (coffer_path, coffer_value) in put {
-                    self.coffer.write().await
-                        .put(coffer_path, coffer_value)
-                        .unwrap();
-                }
-
-                self.state = State::Link;
-            }
-
-            (_, Request::Bye) => self.state = State::End,
-
-            (_, Request::Error) => self.state = State::End,
 
             _ => self.state = State::End
         }

coffer-server/src/server.rs

@@ -5,14 +5,13 @@ use quick_error::quick_error;
 
 use tokio::net::{TcpListener};
 use tokio::stream::StreamExt;
-use tokio::sync::RwLock;
 
 use std::net::{ToSocketAddrs, SocketAddr};
 use std::sync::Arc;
 
 use coffer_common::keyring::Keyring;
 use coffer_common::coffer::Coffer;
-use coffer_common::certificate::{Certificate, CertificateError};
+use coffer_common::certificate::CertificateError;
 
 use crate::protocol::Protocol;
 
@@ -35,13 +34,19 @@ quick_error! {
 pub struct Server<C>
 where C: Coffer
 {
-    keyring: Arc<RwLock<Keyring>>,
+    keyring: Arc<Keyring>,
-    coffer: Arc<RwLock<C>>
+    coffer: Arc<C>
 }
 
-impl <C> Server<C>
+impl <C> Server <C>
 where C: Coffer + Send + Sync + 'static
 {
+
+    pub fn new(keyring: Keyring, coffer: C) -> Self {
+        Server { keyring: Arc::new(keyring),
+                 coffer: Arc::new(coffer) }
+    }
+
     pub async fn run<T>(self, addr: T)
     where T: ToSocketAddrs
     {
@@ -70,6 +75,7 @@ where C: Coffer + Send + Sync + 'static
                         let coffer = self.coffer.clone();
 
                         let protocol = Protocol::new(tcp_stream, coffer, keyring);
+
                         tokio::spawn(async move {
                             protocol.run().await;
                         });
@@ -84,43 +90,3 @@ where C: Coffer + Send + Sync + 'static
         server.await
     }
 }
-
-pub struct ServerBuilder<C>
-where C: Coffer
-{
-    keyring: Option<Keyring>,
-    coffer: Option<C>
-}
-
-impl <'a, C> ServerBuilder<C>
-where C: Coffer + Default
-{
-    pub fn new() -> ServerBuilder<C> {
-        ServerBuilder {
-            keyring: None,
-            coffer: None
-        }
-    }
-
-    pub fn with_keyring(mut self, keyring: Option<Keyring>) -> ServerBuilder<C> {
-        self.keyring = keyring;
-        self
-    }
-
-    pub fn with_coffer(mut self, coffer: Option<C>) -> ServerBuilder<C> {
-        self.coffer = coffer;
-        self
-    }
-
-    pub fn build(self) -> Result<Server<C>, ServerError> {
-        let keyring = match self.keyring {
-            Some(k) => Arc::new(RwLock::new(k)),
-            None => {let cert = Certificate::new()?;
-                     Arc::new(RwLock::new(Keyring::new(cert)))}
-        };
-
-        let coffer = Arc::new(RwLock::new(self.coffer.unwrap_or_else(|| { C::default() } )));
-
-        Ok(Server {keyring, coffer})
-    }
-}