0.4.0 #1
28 changed files with 934 additions and 350 deletions
Normal file
Normal file
@ -0,0 +1,2 @@
*.enc filter=lfs diff=lfs merge=lfs -text
*.cert filter=lfs diff=lfs merge=lfs -text
@ -1,4 +1,228 @@
@ -36,13 +36,13 @@ dependencies = [
name = "bitflags"
version = "1.2.1"
name = "base64"
version = "0.11.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
name = "bumpalo"
version = "3.1.1"
name = "bitflags"
version = "1.2.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
@ -81,10 +81,12 @@ dependencies = [
name = "coffer-client"
version = "0.2.0"
version = "0.4.0"
dependencies = [
"coffer-common 0.4.0",
"env_logger 0.7.1 (registry+https://github.com/rust-lang/crates.io-index)",
"exec 0.3.1 (registry+https://github.com/rust-lang/crates.io-index)",
"futures 0.3.1 (registry+https://github.com/rust-lang/crates.io-index)",
"log 0.4.8 (registry+https://github.com/rust-lang/crates.io-index)",
"serde 1.0.102 (registry+https://github.com/rust-lang/crates.io-index)",
"serde_cbor 0.10.2 (registry+https://github.com/rust-lang/crates.io-index)",
@ -94,26 +96,28 @@ dependencies = [
name = "coffer-common"
version = "0.1.0"
version = "0.4.0"
dependencies = [
"bumpalo 3.1.1 (registry+https://github.com/rust-lang/crates.io-index)",
"base64 0.11.0 (registry+https://github.com/rust-lang/crates.io-index)",
"env_logger 0.7.1 (registry+https://github.com/rust-lang/crates.io-index)",
"hex 0.4.0 (registry+https://github.com/rust-lang/crates.io-index)",
"log 0.4.8 (registry+https://github.com/rust-lang/crates.io-index)",
"quick-error 1.2.2 (registry+https://github.com/rust-lang/crates.io-index)",
"seckey 0.9.1 (registry+https://github.com/rust-lang/crates.io-index)",
"serde 1.0.102 (registry+https://github.com/rust-lang/crates.io-index)",
"serde_cbor 0.10.2 (registry+https://github.com/rust-lang/crates.io-index)",
"serde_json 1.0.44 (registry+https://github.com/rust-lang/crates.io-index)",
"sodiumoxide 0.2.5 (registry+https://github.com/rust-lang/crates.io-index)",
"tokio 0.2.9 (registry+https://github.com/rust-lang/crates.io-index)",
"toml 0.5.5 (registry+https://github.com/rust-lang/crates.io-index)",
name = "coffer-companion"
version = "0.2.0"
version = "0.4.0"
dependencies = [
"coffer-common 0.1.0",
"coffer-common 0.4.0",
"env_logger 0.7.1 (registry+https://github.com/rust-lang/crates.io-index)",
"hex 0.4.0 (registry+https://github.com/rust-lang/crates.io-index)",
"log 0.4.8 (registry+https://github.com/rust-lang/crates.io-index)",
"quick-error 1.2.2 (registry+https://github.com/rust-lang/crates.io-index)",
"serde 1.0.102 (registry+https://github.com/rust-lang/crates.io-index)",
@ -125,10 +129,10 @@ dependencies = [
name = "coffer-server"
version = "0.2.0"
version = "0.4.0"
dependencies = [
"bytes 0.5.3 (registry+https://github.com/rust-lang/crates.io-index)",
"coffer-common 0.1.0",
"coffer-common 0.4.0",
"env_logger 0.7.1 (registry+https://github.com/rust-lang/crates.io-index)",
"futures 0.3.1 (registry+https://github.com/rust-lang/crates.io-index)",
"hex 0.4.0 (registry+https://github.com/rust-lang/crates.io-index)",
@ -365,11 +369,6 @@ dependencies = [
"libc 0.2.65 (registry+https://github.com/rust-lang/crates.io-index)",
name = "itoa"
version = "0.4.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
name = "kernel32-sys"
version = "0.2.2"
@ -612,11 +611,6 @@ name = "rle-decode-fast"
version = "1.0.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
name = "ryu"
version = "1.0.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
name = "seckey"
version = "0.9.1"
@ -653,16 +647,6 @@ dependencies = [
"syn 1.0.8 (registry+https://github.com/rust-lang/crates.io-index)",
name = "serde_json"
version = "1.0.44"
source = "registry+https://github.com/rust-lang/crates.io-index"
dependencies = [
"itoa 0.4.4 (registry+https://github.com/rust-lang/crates.io-index)",
"ryu 1.0.2 (registry+https://github.com/rust-lang/crates.io-index)",
"serde 1.0.102 (registry+https://github.com/rust-lang/crates.io-index)",
name = "serde_yaml"
version = "0.8.11"
@ -932,8 +916,8 @@ dependencies = [
@ -1,36 +1,35 @@
* Communication
** Frame
Header ::: content-length: u64 | message-type: u8 ::: 72 bit, fixed
Header ::: content-length: u16 | message-type: u8 ::: 3 byte, fixed
Body ::: content: [u8; content-length] ::: conent-length byte, variable
Numbers are in network byte order.
Unsigned integers in network byte order.
** Message Types
| Ordinal | Type | Body Format | Direction | Transitions | Description |
| 0 | Hello | Public Key | C -> S | Waiting for Link | Initiates communication |
| 1 | Link | <empty> | S -> C | Put, Get | Link established, communication can start |
| 2 | Put | Coffer (sealed) | C -> S | OkPut | Merge a ~Coffer~ for the client |
| 3 | Get | Coffer (sealed) | C -> S | OkGet | Retrieve a ~Coffer~ for the client |
| 4 | OkPut | <empty> | S -> C | Put, Get | ~Coffer~ was successfully merged |
| 5 | OkGet | Coffer (sealed) | S -> C | Put, Get | Return a sealed ~Coffer~ for a ~Get~ request |
| 63 | Bye | | C -> S | | Close connection |
| 127 | Error | | S -> C | | Generic server error |
| Ordinal | Type | Body Format | Direction | Transitions | Description |
| 0x00 | Hello | Client PK | C -> S | Link, KeyNotFound, Error | Initiates communication |
| 0x01 | Link | <empty> | S -> C | Get, Bye | Link established, communication can start |
| 0x02 | Get | <empt> | C -> S | OkGet, Error | Retrieve a secrets for the client |
| 0x03 | OkGet | Coffer (sealed) | S -> C | Bye | Send secrets to the client |
| 0x99 | Bye | Client PK | C -> S | • | Close connection |
| 0xaa | KeyNotFound | Client PK | S -> C | • | PK unknown to server |
| 0xff | Error | UTF-8 String | S -> C | • | Generic server error with reason |
- Error can be returned at any stage
- Communication can end at any stage. Communication ends when connection is closed by either side.
- Seal is determined by communication direction:
C -> S: sealed by server public key, client private key
S -> C: sealed by client public key, server private key
- Secrets returned as sealed cbor
* Coffer
- Multitree with each leave terminating in a Vec<u8>
- Nodes (except leaves = key path) are utf8 strings
- A ~Put~ request must contain a fully determined ~Coffer~ (all leaves are values)
- A ~Get~ request contains a partially determined ~Coffer~ (values are ignored)
- If a node resolves to a parent, the subtree (which is also a ~Coffer~) is returned
- If a node resolves to a leave, the partial ~Coffer~ terminating in the leave and its value are returned
- Sharded KV-Store
- Keys are UTF-8 Strings
- Typed values as defined by TOML: String, Integer, Float, Boolean
- No Dates support
- No binary data support
- Floats and Integers are 32 bit
* Coffer Server
A ~coffer-server~ can support multiple clients by means of /sharding/ the
keyspace. Clients are uniquely identified by their public key.
@ -43,26 +42,29 @@
key. No tampered requests can be sent or communication data collected except
the private keys are compromised.
* Coffer YAML
** Secrets Definition
Encrypted with: SK of coffer-companion, PK of coffer-server
* Coffer Definition (TOML)
Encrypted Authentication: SK of coffer-companion, PK of coffer-server
#+BEGIN_SRC yaml
# Names for ids (public keys) of clients
#+BEGIN_SRC yaml
# IDs (public keys) of clients
# Secrets for a named client (defined in clients)
secretkey = "secret value"
secretkey2 = "secret value2"
# Secrets for a named client (defined in clients)
secretkey = "secret value"
secretkey2 = "secret value2"
** Secret Response
file client executes GET to server
* Coffer Response
Encrypted Authentication: SK of coffer-server, PK of coffer-client
Format: cbor
CofferResponse = List<CofferSecret>
CofferSecret {
key: UTF-8 String,
value: CofferValue
#+BEGIN_SRC yaml
secretkey = "secret value"
secretkey2 = "secret value2"
CofferValue = String | Integer | Float | Boolean | Date
@ -7,7 +7,10 @@ release:
cargo build --release
docker pull clux/muslrust
docker run -v $(CURDIR):/volume --rm -t clux/muslrust cargo build --release
podman pull clux/muslrust
podman run -v .:/volume:Z --rm -t clux/muslrust cargo build --release
strip target/x86_64-unknown-linux-musl/release/coffer-server
strip target/x86_64-unknown-linux-musl/release/coffer-client
strip target/x86_64-unknown-linux-musl/release/coffer-companion
.PHONY: default release publish
@ -1,6 +1,6 @@
name = "coffer-client"
version = "0.2.0"
version = "0.4.0"
authors = ["Armin Friedl <dev@friedl.net>"]
edition = "2018"
@ -16,4 +16,9 @@ serde = { version = "1.0", features = ["derive"]}
serde_yaml = "0.8"
serde_cbor = "0.10.2"
# Executing subcommand
exec = "0.3.1"
exec = "0.3.1"
# Lighter alternative to tokio for
# driving shared frame creation
futures = "0.3.1"
coffer-common = { path = "../coffer-common" }
@ -1,27 +1,28 @@
use log::{debug, error, info, trace, warn};
use std::net::SocketAddr;
use env_logger;
use structopt::StructOpt;
use std::fs::File;
use std::error::Error;
use std::net::TcpStream;
use std::path::PathBuf;
use std::io::BufRead;
use std::io::BufReader;
use std::io::Write;
use std:: {
net::{SocketAddr, TcpStream},
io::{Write, Read},
convert::{TryInto, TryFrom}
use coffer_common::certificate::Certificate;
use coffer_common::coffer::{CofferShard, CofferValue};
#[derive(StructOpt, Debug)]
struct Args {
/// Address of the coffer server
#[structopt(short, long, parse(try_from_str), env = "COFFER_SERVER_ADDRESS", default_value = "")]
server_address: SocketAddr,
#[structopt(short, long, env = "COFFER_SERVER_ADDRESS", default_value = "")]
server_address: String,
/// Path to the request file sent to the server
#[structopt(parse(from_os_str), env = "COFFER_REQUEST", hide_env_values = true)]
secrets: PathBuf,
#[structopt(short, long, parse(from_os_str), env = "COFFER_CLIENT_CERTIFICATE", hide_env_values = true)]
certificate: PathBuf,
/// The subcommand spawned by coffer-client
cmd: String,
@ -34,14 +35,39 @@ fn main() -> Result<(), Box<dyn Error>> {
let args = Args::from_args();
info!{"Connecting to coffer server"}
let stream: TcpStream = TcpStream::connect(args.server_address)?;
debug!{"Reading certificate"}
let cert = Certificate::new_from_cbor(&args.certificate)?;
info!{"Parsing key requests"}
let keys = parse_from_path(&args.secrets)?;
debug!{"Connecting to coffer server"}
let mut stream: TcpStream = TcpStream::connect(args.server_address)?;
info!{"Reading secrets"}
retrieve_secrets(&keys, stream)?;
debug!{"Sending hello"}
let hello = framed(0x00, cert.public_key());
debug!{"Sending get"}
let get = framed(0x02, Vec::new());
debug!{"Reading shard"}
let header = read_header(&mut stream).unwrap();
let shard = read_message(header.0, &mut stream).unwrap();
debug!{"Got encrypted shard {:?}", shard}
debug!{"Sending bye"}
let bye = framed(0x99, Vec::new());
debug!{"Decrypting shard"}
let shard_clear = cert.open(&shard).unwrap();
let shard_de = serde_cbor::from_slice::<CofferShard>(&shard_clear).unwrap();
debug!{"Setting environment"}
for (key, val) in shard_de.0 {
if let CofferValue::String(val_s) = val {
std::env::set_var(key.trim(), val_s.trim());
info!{"Spawning coffer'ed command, reaping coffer"}
reap_coffer(&args.cmd, &args.cmd_args);
@ -49,28 +75,7 @@ fn main() -> Result<(), Box<dyn Error>> {
Err("Could not spawn sub-command".into())
fn retrieve_secrets(keys: &Vec<String>, mut stream: TcpStream) -> Result<(), Box<dyn Error>>{
for k in keys {
let buf = serde_cbor::to_vec(&k)?;
info!{"Sending key request {} as {:?}", k, buf}
info!{"Reading response"}
let mut reader = BufReader::new(&stream); // get buffered reader for line-wise reading from stream
// read line
let mut resp = String::new();
reader.read_line(&mut resp)?;
info!{"Retrieved secret. Setting environment"}
std::env::set_var(k.trim(), resp.trim());
fn reap_coffer(cmd: &str, args: &Vec<String>) {
fn reap_coffer(cmd: &str, args: &[String]) {
let mut cmd = exec::Command::new(cmd);
// TODO Push cmd as first arg if not already set?
@ -80,8 +85,76 @@ fn reap_coffer(cmd: &str, args: &Vec<String>) {
error!{"Could not execute sub-command {}", err};
fn parse_from_path(path: &PathBuf) -> Result<Vec<String>, Box<dyn Error>> {
let sec_file = File::open(path)?;
pub fn read_header<T>(reader: &mut T) -> Option<(u64, u8)>
where T: Read
let mut header: [u8; 9] = [0u8;9]; // header buffer
match reader.read_exact(&mut header)
Ok(_) => debug!{"Read {} bytes for header", 9},
Err(err) => {
error!{"Error while reading header: {}", err}
return None;
Ok(serde_yaml::from_reader::<_, Vec<String>>(sec_file)?)
trace!{"Header buffer {:?}", header}
let msg_size: u64 = u64::from_be_bytes(
let msg_type: u8 = u8::from_be_bytes(
debug!{"Message size: {}, Message type: {}", msg_size, msg_type}
Some((msg_size, msg_type))
pub fn read_message<T>(msg_size: u64, reader: &mut T) -> Option<Vec<u8>>
where T: Read
// TODO: possible to use unallocated memory instead?
// -> https://doc.rust-lang.org/beta/std/mem/union.MaybeUninit.html
// TODO: 32 bit usize? Can't allocate a 64 bit length buffer anyway?
let mut message = Vec::with_capacity(msg_size.try_into().unwrap());
// need to set the size, because otherwise it is assumed to be 0, since
// the vec is allocated but uninitialized at this point, we don't want to
// pre-allocate a potentially huge buffer with 0x00, so unsafe set size.
unsafe {message.set_len(msg_size.try_into().unwrap());}
match reader.read_exact(&mut message)
Ok(_) => debug!{"Read {} bytes for message", msg_size},
Err(err) => {
error!{"Error while reading message: {}", err}
return None;
trace!{"Read message {:?}", message}
pub fn framed(msg_type: u8, data: Vec<u8>) -> Vec<u8>
trace!{"Creating frame for type: {:?}, data: {:?}", msg_type, data}
// TODO magic number
let mut frame: Vec<u8> = Vec::with_capacity(data.len() + 72);
unsafe {frame.set_len(8);}
frame.splice(0..8, u64::try_from(data.len())
@ -1,6 +1,6 @@
name = "coffer-common"
version = "0.1.0"
version = "0.4.0"
authors = ["armin"]
edition = "2018"
@ -15,13 +15,15 @@ export = []
# Base tools
log = "^0.4"
env_logger = "^0.7"
quick-error = "^1.2"
# Serialization
serde = { version = "^1.0", features = ["derive"]}
serde_cbor = "^0.10"
serde_json = "^1.0"
toml = "^0.5"
quick-error = "^1.2"
base64 = "^0.11"
hex = "^0.4"
# Key management/Cryptography
sodiumoxide = "^0.2"
seckey = "^0.9"
# Memory management
bumpalo = { version = "^3.1", features = ["collections"]}
tokio = { version="^0.2.9", features = ["full"]}
@ -83,6 +83,15 @@ impl Certificate {
pub fn public_key(&self) -> Vec<u8> {
#[cfg(feature = "export")]
pub fn secret_key(&self) -> Vec<u8> {
pub fn open(&self, c: &[u8]) -> Result<Vec<u8>, CertificateError> {
let pk = &self.inner.read().public_key;
let sk = &self.inner.read().private_key;
@ -90,6 +99,12 @@ impl Certificate {
sealedbox::open(c, pk, sk)
.map_err(|_| CertificateError::Crypto)
pub fn seal(&self, message: &[u8]) -> Result<Vec<u8>, CertificateError> {
let pk = &self.inner.read().public_key;
Ok(sealedbox::seal(message, pk))
impl <T: AsRef<Path>> From<T> for Certificate {
@ -1,8 +1,14 @@
//! A storage container for client data
use log::{debug, error, info, trace, warn};
use std::fmt::Debug;
use std::path::Path;
use std::fs::File;
use std::io::{BufReader, Read};
use toml::Value as TomlValue;
use serde::{Serialize, Deserialize};
use quick_error::quick_error;
@ -29,39 +35,104 @@ pub enum CofferValue {
/// A 32-bit integer
/// An opaque blob of data
/// A 32-bit float
// A boolean
/// A path to a value
#[derive(Clone, Eq, PartialEq, Hash, Debug, Serialize, Deserialize)]
pub struct CofferPath(pub Vec<String>);
#[derive(Clone, Debug, Serialize, Deserialize, PartialEq, Eq, Hash)]
pub struct CofferKey {
pub shard: String,
pub key: String
#[derive(Debug, Serialize, Deserialize)]
pub struct CofferShard(pub Vec<(String, CofferValue)>);
/// Interface for interacting with a `Coffer`
pub trait Coffer {
/// Put `value` at `path`. Errors if there is already a value at `path`.
fn put(&mut self, path: CofferPath, value: CofferValue) -> CofferResult<()>;
fn put(&mut self, key: CofferKey, value: CofferValue) -> CofferResult<()>;
/// Push `value` to `path`. Replaces existing values.
fn push(&mut self, path: CofferPath, value: CofferValue);
fn push(&mut self, key: CofferKey, value: CofferValue);
/// Retrieve `value` at path. Errors if there is no `value` at path.
fn get(&self, path: CofferPath) -> CofferResult<CofferValue>;
fn get(&self, key: &CofferKey) -> CofferResult<CofferValue>;
impl <T> From<Vec<T>> for CofferPath
where T: AsRef<str>
fn from(val: Vec<T>) -> Self {
impl <T> From<&Vec<T>> for CofferPath
where T: AsRef<str>
fn from(val: &Vec<T>) -> Self {
let col = val.iter().map(|p| {(*p).as_ref().to_owned()}).collect();
/// Retrieve `value` at path. Errors if there is no `value` at path.
fn get_shard<T>(&self, shard: T) -> CofferResult<CofferShard>
where T: AsRef<str>;
fn from_toml_file(toml_path: &Path) -> Self
where Self: Coffer + Default
// read the secrets file into a temporary string
let mut file = BufReader::new(File::open(toml_path).unwrap());
let mut secrets_buf = String::new();
file.read_to_string(&mut secrets_buf).unwrap();
fn from_toml(toml: &str) -> Self
where Self: Coffer + Default
// call implementation to create an empty coffer
let mut coffer = Self::default();
// parse the string into a toml Table
let clients: toml::value::Table = match toml.parse::<TomlValue>().unwrap() {
TomlValue::Table(t) => t,
_ => panic!{"Invalid secrets file"}
fn from_toml_table(&mut self, toml_table: &toml::value::Table) {
// table has an no id, recourse into subtables
if toml_table.get("id").is_none() {
for (_key, val) in toml_table.iter() {
match val {
TomlValue::Table(subtable) => {
_ => panic!{"Invalid secrets file"}
* Parse a single shard/table, this is known to have an id
* [files]
* id = "ABC-DEF-GHE"
* secret_string = "secret value1"
* secret_int = 12345
* secret_bool = true
let shard = toml_table.get("id").and_then(|id| id.as_str()).unwrap();
for (key, val) in toml_table {
if "id" == key { continue } // ids are for sharding
let value = match val {
TomlValue::String(s) => CofferValue::String(s.to_owned()),
TomlValue::Integer(i) => CofferValue::Integer(*i as i32),
TomlValue::Float(f) => CofferValue::Float(*f as f32),
TomlValue::Boolean(b) => CofferValue::Boolean(*b),
_ => panic!{"Value {:?} unsupported", val}
let key = key.to_owned();
let shard = shard.to_string();
self.put(CofferKey{shard, key}, value).unwrap();
@ -1,12 +1,15 @@
use log::{debug, error, info, trace, warn};
use std::path::Path;
use std::collections::HashMap;
use quick_error::quick_error;
use sodiumoxide::crypto::box_;
use sodiumoxide::crypto::sealedbox;
use toml::Value as TomlValue;
use crate::certificate::{Certificate, CertificateError};
quick_error! {
@ -17,6 +20,12 @@ quick_error! {
Certificate(err: CertificateError) {
HexDecodeError(err: hex::FromHexError) {
IoError(err: std::io::Error) {
Msg(err: &'static str) {
display("{}", err)
@ -40,6 +49,49 @@ impl Keyring {
pub fn new_from_path<T>(certificate_path: T) -> Keyring
where T: AsRef<Path>
Keyring {
certificate: Certificate::from(certificate_path),
known_keys: HashMap::new()
pub fn add_known_keys_toml(&mut self, toml: &str) -> Result<(), KeyringError> {
// parse the string into a toml Table
let clients: toml::value::Table = match toml.parse::<TomlValue>().unwrap() {
TomlValue::Table(t) => t,
_ => panic!{"Invalid secrets file"}
debug!{"Known keys {:?}", self.known_keys}
fn add_known_keys_toml_table(&mut self, toml_table: &toml::value::Table) -> Result<(), KeyringError> {
// table has an no id, recourse into subtables
if toml_table.get("id").is_none() {
debug!{"{:?}", toml_table}
for (_key, val) in toml_table.iter() {
match val {
TomlValue::Table(subtable) => {
_ => panic!{"Invalid secrets file"}
return Ok(());
let shard = toml_table.get("id").and_then(|id| id.as_str()).ok_or(KeyringError::Msg("Invalid key parsing state"))?;
pub fn add_known_key(&mut self, key: &[u8]) -> Result<(), KeyringError> {
let public_key = box_::PublicKey::from_slice(key)
@ -50,7 +102,7 @@ impl Keyring {
pub fn open(&self, message: &[u8]) -> Result<Vec<u8>, KeyringError> {
.map_err(|e| KeyringError::from(e))
pub fn seal(&self, client: &[u8], message: &[u8]) -> Result<Vec<u8>, KeyringError> {
@ -1,6 +1,6 @@
name = "coffer-companion"
version = "0.2.0"
version = "0.4.0"
authors = ["Armin Friedl <dev@friedl.net>"]
edition = "2018"
@ -14,6 +14,7 @@ structopt = "0.3"
quick-error = "1.2"
# Key management/Cryptography
sodiumoxide = "0.2.5"
hex = "^0.4"
# Communication
serde = { version = "1.0", features = ["derive"]}
serde_cbor = "0.10.2"
@ -13,5 +13,11 @@ pub fn generate_key(out: PathBuf) {
.expect(&format!{"Could not create out file {}", &out.display()});
pub fn info(out: PathBuf) {
let cert = Certificate::new_from_cbor(out).unwrap();
println!{"Public Key: {}", hex::encode_upper(cert.public_key())}
println!{"Secret Key: {}", hex::encode_upper(cert.secret_key())}
Normal file
Normal file
@ -0,0 +1,110 @@
use log::{debug, error, info, trace, warn};
use std::path::PathBuf;
use std::convert::{TryFrom, TryInto};
use std::net::{TcpStream};
use std::io::{Write, Read};
use coffer_common::certificate::Certificate;
use coffer_common::coffer::CofferShard;
use serde_cbor;
pub fn print_get(out: PathBuf) {
let cert = Certificate::new_from_cbor(out).unwrap();
let hello = framed(0x00, cert.public_key());
let get = framed(0x02, Vec::new());
let bye = framed(0x99, Vec::new());
let mut listener = TcpStream::connect("").unwrap();
let header = read_header(&mut listener).unwrap();
let shard = read_message(header.0, &mut listener).unwrap();
debug!{"Got encrypted shard {:?}", shard}
let shard_clear = cert.open(&shard).unwrap();
let shard_de = serde_cbor::from_slice::<CofferShard>(&shard_clear).unwrap();
println!{"{:?}", shard_de}
fn framed(msg_type: u8, data: Vec<u8>) -> Vec<u8>
trace!{"Creating frame for type: {:?}, data: {:?}", msg_type, data}
// TODO magic number
let mut frame: Vec<u8> = Vec::with_capacity(data.len() + 72);
unsafe {frame.set_len(8);}
frame.splice(0..8, u64::try_from(data.len())
fn read_header<T>(reader: &mut T) -> Option<(u64, u8)>
where T: Read
let mut header: [u8; 9] = [0u8;9]; // header buffer
match reader.read_exact(&mut header)
Ok(_) => debug!{"Read {} bytes for header", 9},
Err(err) => {
error!{"Error while reading header: {}", err}
return None;
trace!{"Header buffer {:?}", header}
let msg_size: u64 = u64::from_be_bytes(
let msg_type: u8 = u8::from_be_bytes(
debug!{"Message size: {}, Message type: {}", msg_size, msg_type}
Some((msg_size, msg_type))
fn read_message<T>(msg_size: u64, reader: &mut T) -> Option<Vec<u8>>
where T: Read
// TODO: possible to use unallocated memory instead?
// -> https://doc.rust-lang.org/beta/std/mem/union.MaybeUninit.html
// TODO: 32 bit usize? Can't allocate a 64 bit length buffer anyway?
let mut message = Vec::with_capacity(msg_size.try_into().unwrap());
// need to set the size, because otherwise it is assumed to be 0, since
// the vec is allocated but uninitialized at this point, we don't want to
// pre-allocate a potentially huge buffer with 0x00, so unsafe set size.
unsafe {message.set_len(msg_size.try_into().unwrap());}
match reader.read_exact(&mut message)
Ok(_) => debug!{"Read {} bytes for message", msg_size},
Err(err) => {
error!{"Error while reading message: {}", err}
return None;
trace!{"Read message {:?}", message}
@ -2,13 +2,16 @@ use coffer_common::certificate::Certificate;
use std::path::PathBuf;
use std::fs::File;
use std::io::Read;
use std::io::Write;
use serde::Deserialize;
use serde_yaml;
pub fn encrypt_yaml(yaml:PathBuf, out: PathBuf, certificate: PathBuf) {
let cert = Certificate::new_from_cbor(certificate).unwrap();
let mut secrets = Vec::new();
File::open(yaml).unwrap().read_to_end(&mut secrets).unwrap();
let sealed = cert.seal(&secrets).unwrap();
let mut out_file = File::create(out).unwrap();
@ -1,20 +1,27 @@
use std::path::PathBuf;
use structopt::StructOpt;
mod generate;
mod certificate;
mod encrypt;
mod client;
#[derive(StructOpt, Debug)]
enum Args {
Certificate {
#[structopt(short, long, parse(from_os_str))]
out: PathBuf
out: PathBuf,
#[structopt(short, long)]
info: bool,
Encrypt {
#[structopt(short, long, parse(from_os_str))]
certificate: PathBuf,
#[structopt(short, long, parse(from_os_str))]
yaml: PathBuf,
#[structopt(short, long, parse(from_os_str))]
out: PathBuf,
out: PathBuf
Client {
#[structopt(short, long, parse(from_os_str))]
certificate: PathBuf,
@ -24,7 +31,15 @@ fn main() {
let args: Args = Args::from_args();
match args {
Args::Certificate {out} => generate::generate_key(out),
Args::Encrypt {yaml, out, certificate} => {}
Args::Certificate {out, info} => {
if info { certificate::info(out) }
else { certificate::generate_key(out) }
Args::Encrypt {certificate, yaml, out} => {
encrypt::encrypt_yaml(yaml, out, certificate)
Args::Client {certificate} => {
@ -1,6 +1,6 @@
name = "coffer-server"
version = "0.2.0"
version = "0.4.0"
authors = ["Armin Friedl <dev@friedl.net>"]
edition = "2018"
@ -1,47 +1,91 @@
//! A simple, thread-safe coffer implementation backed by a hash map
//! Thread-safe coffer implementation backed by hash map
use log::{debug, error, info, trace, warn};
use std::sync::RwLock;
use std::sync::RwLockReadGuard;
use std::sync::RwLockWriteGuard;
use std::collections::HashMap;
use coffer_common::coffer::*;
pub struct CofferMap {
coffer: RwLock<HashMap<CofferPath, CofferValue>>
type ShardedCoffer = HashMap<String, HashMap<String, CofferValue>>;
pub struct CofferMap(RwLock<ShardedCoffer>);
impl CofferMap {
pub fn new() -> CofferMap {
CofferMap {
coffer: RwLock::new(HashMap::new())
fn read(&self) -> RwLockReadGuard<'_, ShardedCoffer> {
fn write(&self) -> RwLockWriteGuard<'_, ShardedCoffer> {
impl Coffer for CofferMap {
fn put(&mut self, path: CofferPath, value: CofferValue) -> CofferResult<()> {
let mut lock = self.coffer.write().unwrap();
fn put(&mut self, key: CofferKey, value: CofferValue) -> CofferResult<()> {
let mut lock = self.write();
match (*lock).contains_key(&path) {
true => Err(CofferError::Msg("test")),
false => {(*lock).insert(path, value); Ok(())}
match lock.get_mut(&key.shard) {
Some(shard) => {
if shard.contains_key(&key.key) { Err(CofferError::Msg("Key exists")) }
else { shard.insert(key.key, value); Ok(()) }
None => {
lock.insert(key.shard.clone(), HashMap::new());
lock.get_mut(&key.shard).unwrap().insert(key.key, value);
fn push(&mut self, path: CofferPath, value: CofferValue) {
let mut lock = self.coffer.write().unwrap();
fn push(&mut self, key: CofferKey, value: CofferValue) {
let mut lock = self.write();
(*lock).insert(path, value);
match lock.get_mut(&key.shard) {
Some(shard) => {
shard.insert(key.key, value);
None => {
lock.insert(key.shard.clone(), HashMap::new());
lock.get_mut(&key.shard).unwrap().insert(key.key, value);
fn get(&self, path: CofferPath) -> CofferResult<CofferValue> {
let lock = self.coffer.read().unwrap();
fn get(&self, key: &CofferKey) -> CofferResult<CofferValue> {
let lock = self.read();
.and_then(|v| Some(v.clone()))
.ok_or(CofferError::Msg("Key not found"))
let res = lock.get(&key.shard)
.and_then( |shard| { shard.get(&key.key) } )
.ok_or(CofferError::Msg("Key not found"))?;
fn get_shard<T>(&self, shard: T) -> CofferResult<CofferShard>
where T: AsRef<str>
let lock = self.read();
debug!{"Coffer {:?}", *lock}
let coffer_shard = lock.get(shard.as_ref())
.ok_or(CofferError::Msg("Shard not found"))?;
let mut res = CofferShard(Vec::new());
for (k,v) in coffer_shard {
res.0.push((k.clone(), v.clone()));
@ -4,33 +4,36 @@ use log::{debug, error, info, trace, warn};
use env_logger;
use std::path::PathBuf;
use std::fs::File;
use std::io::{Read};
use structopt::StructOpt;
use std::net::SocketAddr;
use coffer_common::certificate::Certificate;
use coffer_common::keyring::Keyring;
use coffer_common::coffer::Coffer;
mod server;
mod coffer_map;
mod protocol;
use server::ServerBuilder;
use server::Server;
use coffer_map::CofferMap;
#[derive(StructOpt, Debug)]
struct Args {
/// Path to the server certificate. Will be deleted after processing.
#[structopt(short, long, parse(from_os_str), env = "COFFER_SERVER_CERTIFICATE", hide_env_values = true)]
certificate: Option<PathBuf>,
certificate: PathBuf,
/// Path to secrets file. Will be deleted after processing.
/// Must be sealed by the public key of the server certificate
#[structopt(short, long, parse(from_os_str), env = "COFFER_SERVER_SECRETS", hide_env_values = true)]
secrets: Option<PathBuf>,
secrets: PathBuf,
/// Address, the coffer server should bind to
#[structopt(short, long, parse(try_from_str), env = "COFFER_SERVER_ADDRESS", default_value = "")]
address: SocketAddr,
#[structopt(short, long, env = "COFFER_SERVER_ADDRESS", default_value = "")]
address: String, // unfortunately we have to take a opaque string here,
// since we can't parse a hostname otherwise.
// Parsers are not customizable yet in structopt
@ -40,12 +43,23 @@ async fn main() {
let server = ServerBuilder::new()
.with_keyring(args.certificate.and_then(|cert_path| Some(Keyring::new(Certificate::from(cert_path)))))
.expect("Couldn't build server");
// create keyring from server certificate
let mut keyring = Keyring::new_from_path(&args.certificate);
// decrypt secrets file and put into coffer
let mut secrets_file = File::open(&args.secrets).unwrap();
let mut secrets_buf = Vec::new();
secrets_file.read_to_end(&mut secrets_buf).unwrap();
let secrets_buf_clear = String::from_utf8(keyring.open(&secrets_buf).unwrap()).unwrap();
// read known client ids from secrets file
// read secrets from secrets file
let coffer = CofferMap::from_toml(&secrets_buf_clear);
// start server
let server = Server::new(keyring, coffer);
@ -2,23 +2,18 @@
use log::{debug, error, info, trace, warn};
use std::sync::Arc;
use std::convert::{TryFrom, TryInto};
use std::net::Shutdown;
use tokio::io::{AsyncRead,
use tokio::io::AsyncWriteExt;
use tokio::net::TcpStream;
use tokio::sync::RwLock;
use serde_cbor;
use quick_error::quick_error;
use coffer_common::coffer::{CofferValue,
use coffer_common::coffer::Coffer;
use coffer_common::keyring::Keyring;
use hex;
quick_error! {
@ -38,25 +33,23 @@ quick_error! {
enum State {
enum Request {
pub struct Protocol<C>
where C: Coffer
stream: TcpStream,
coffer: Arc<RwLock<C>>,
keyring: Arc<RwLock<Keyring>>,
coffer: Arc<C>,
keyring: Arc<Keyring>,
client: Option<Vec<u8>>,
state: State
@ -64,11 +57,7 @@ where C: Coffer
impl<C> Protocol<C>
where C: Coffer
pub fn new(
stream: TcpStream,
coffer: Arc<RwLock<C>>,
keyring: Arc<RwLock<Keyring>>
) -> Protocol<C>
pub fn new(stream: TcpStream, coffer: Arc<C>, keyring: Arc<Keyring>) -> Protocol<C>
let state = State::Start;
let client = None;
@ -93,26 +82,71 @@ where C: Coffer
// TODO restrict msg_size more, otherwise bad client could bring server
// to allocate vast amounts of memory
let (msg_size, msg_type) = Self::read_header(&mut reader).await
let (msg_size, msg_type) = frame::read_header(&mut reader).await
// TODO only read message if message expected by message type
// currently relies on client sending good message
// (0x00 message size)
let message = Self::read_message(msg_size, &mut reader).await
let message = frame::read_message(msg_size, &mut reader).await
match msg_type {
0x00 => Request::Hello(message),
0x02 => Request::Put(message),
0x03 => Request::Get(message),
0x63 => Request::Bye,
0xff => Request::Error,
_ => Request::Error
0x02 => Request::Get,
0x99 => Request::Bye,
_ => panic!{"Invalid message type {}", msg_type}
async fn read_header<T>(reader: &mut T) -> Option<(u64, u8)>
async fn transit(&mut self, event: Request)
match (&self.state, event) {
(State::Start, Request::Hello(pk)) => {
debug!{"Reading public key"}
self.client = Some(pk);
self.state = State::Link;
(State::Link, Request::Get) => {
debug!{"Writing response"}
let shard_id = hex::encode_upper(self.client.as_ref().unwrap());
let res = self.coffer
let response = self.keyring.seal(
// TODO magic number
let frame = frame::framed(0x05u8, response).await;
trace!{"OkGet Frame: {:?}", frame}
// TODO Proper result handling
self.state = State::Bye;
(State::Link, Request::Bye) => self.state = State::End,
(State::Bye, Request::Bye) => self.state = State::End,
_ => self.state = State::End
mod frame {
use log::{debug, error, info, trace, warn};
use std::convert::{TryFrom, TryInto};
use tokio::io::{AsyncRead, AsyncReadExt};
pub async fn read_header<T>(reader: &mut T) -> Option<(u64, u8)>
where T: AsyncRead + Unpin
let mut header: [u8; 9] = [0u8;9]; // header buffer
@ -141,7 +175,7 @@ where C: Coffer
Some((msg_size, msg_type))
async fn read_message<T>(msg_size: u64, reader: &mut T) -> Option<Vec<u8>>
pub async fn read_message<T>(msg_size: u64, reader: &mut T) -> Option<Vec<u8>>
where T: AsyncRead + Unpin
// TODO: possible to use unallocated memory instead?
@ -166,80 +200,7 @@ where C: Coffer
async fn transit(&mut self, event: Request)
match (&self.state, event) {
(State::Start, Request::Hello(pk)) => {
debug!{"Reading public key"}
self.client = Some(pk);
self.state = State::Link;
(State::Link, Request::Get(req)) => {
debug!{"Writing response"}
let mut req: CofferPath =
req.0.insert(0, hex::encode(self.client.as_ref().unwrap()));
let res = self.coffer.read().await
let response = self.keyring.read().await
// TODO magic number
let frame = Self::framed(0x05u8, response).await;
trace!{"OkGet Frame: {:?}", frame}
// TODO Proper result handling
self.state = State::Link;
(State::Link, Request::Put(put)) => {
debug!{"Putting secrets"}
let mut put: Vec<(CofferPath, CofferValue)> =
let key_string = hex::encode(self.client.as_ref().unwrap());
put.iter_mut().map( |(cp, _cv)| &mut cp.0)
.for_each(|cp| cp.insert(0, key_string.clone()));
for (coffer_path, coffer_value) in put {
.put(coffer_path, coffer_value)
self.state = State::Link;
(_, Request::Bye) => self.state = State::End,
(_, Request::Error) => self.state = State::End,
_ => self.state = State::End
async fn framed(msg_type: u8, data: Vec<u8>) -> Vec<u8>
pub async fn framed(msg_type: u8, data: Vec<u8>) -> Vec<u8>
trace!{"Creating frame for type: {:?}, data: {:?}", msg_type, data}
@ -258,4 +219,5 @@ where C: Coffer
@ -5,14 +5,13 @@ use quick_error::quick_error;
use tokio::net::{TcpListener};
use tokio::stream::StreamExt;
use tokio::sync::RwLock;
use std::net::{ToSocketAddrs, SocketAddr};
use std::sync::Arc;
use coffer_common::keyring::Keyring;
use coffer_common::coffer::Coffer;
use coffer_common::certificate::{Certificate, CertificateError};
use coffer_common::certificate::CertificateError;
use crate::protocol::Protocol;
@ -35,13 +34,19 @@ quick_error! {
pub struct Server<C>
where C: Coffer
keyring: Arc<RwLock<Keyring>>,
coffer: Arc<RwLock<C>>
keyring: Arc<Keyring>,
coffer: Arc<C>
impl <C> Server<C>
impl <C> Server <C>
where C: Coffer + Send + Sync + 'static
pub fn new(keyring: Keyring, coffer: C) -> Self {
Server { keyring: Arc::new(keyring),
coffer: Arc::new(coffer) }
pub async fn run<T>(self, addr: T)
where T: ToSocketAddrs
@ -70,6 +75,7 @@ where C: Coffer + Send + Sync + 'static
let coffer = self.coffer.clone();
let protocol = Protocol::new(tcp_stream, coffer, keyring);
tokio::spawn(async move {
@ -84,43 +90,3 @@ where C: Coffer + Send + Sync + 'static
pub struct ServerBuilder<C>
where C: Coffer
keyring: Option<Keyring>,
coffer: Option<C>
impl <'a, C> ServerBuilder<C>
where C: Coffer + Default
pub fn new() -> ServerBuilder<C> {
ServerBuilder {
keyring: None,
coffer: None
pub fn with_keyring(mut self, keyring: Option<Keyring>) -> ServerBuilder<C> {
self.keyring = keyring;
pub fn with_coffer(mut self, coffer: Option<C>) -> ServerBuilder<C> {
self.coffer = coffer;
pub fn build(self) -> Result<Server<C>, ServerError> {
let keyring = match self.keyring {
Some(k) => Arc::new(RwLock::new(k)),
None => {let cert = Certificate::new()?;
let coffer = Arc::new(RwLock::new(self.coffer.unwrap_or_else(|| { C::default() } )));
Ok(Server {keyring, coffer})
