Authenticated message implementations of io.Reader and io.Writer
authio.AppendMACWriter: computes and appends MACs on every message writtenauthio.VerifyMACReader: verifies and removes MACs from every message readauthio.AppendMACReader: computes and appends MACs on every message readauthio.VerifyMACWriter: verifies and removes MACs from every message written
Note that authio.Writer and authio.Reader are aliases for other types in this package. Under the hood they point to authio.AppendMACWriter and authio.VerifyMACReader respectively, which are considered "default" because they will be used in the vast majority of scenarios.
- Timestamp/SequenceNum/Nonces i.e. replay attack mitigation
- Need to account for case where buffer given to Read(buf) is too small to fit all the data read from underlying io.Reader
- e.g. keep a buffer of already-verified bytes in-memory and copy those bytes first on the next Read(buf)
- Unit tests for all functions
- Better naming convention
- Better message authentication (e.g. hash algo, size, etc) parameter setting on reader/writer building
- Support asymmetric signing algorithms
- Support OpenPGP / PGP key server integration
authio.AppendMACWriter: computes and appends MACs on every message written
common use case: adding MACs to data written to a net.Conn
// initialize new writer
authedWriter := authio.NewAppendMACWriter(conn, []byte("mysupersecretpassword"))
// writing an (unauthenticated) message results in an MAC being prepended
// to the message before getting written to the underlying io.Writer
n, err := authedWriter.Write(message)
// ...
authio.VerifyMACReader: verifies and removes MACs from every message read
common use case: verifying MAC on authenticated messages received over a net.Conn
// initialize new authenticated reader
authedReader := authio.NewVerifyMACReader(conn, []byte("mysupersecretpassword"))
// reading results in an (authenticated) message being read from the
// underlying io.Reader. The MAC on the message is verified and removed
// before the raw message is loaded onto the given buffer
authedWriter.Read(buffer)
// ...
authio.AppendMACReader: computes and appends MACs on every message read
common use case: adding MACs to data read from stdin
// initialize new authenticated reader
authedReader := authio.NewAppendMACReader(os.Stdin, []byte("mysupersecretpassword"))
// reading results in an (unauthenticated) message being read from the
// underlying io.Reader. An MAC is computed and prepended with every
// message read.
authedWriter.Read(buffer)
// ...
authio.VerifyMACWriter: verifies and removes MACs from every message written
common use case: verifying MAC on authenticated messages before writing raw message to stdout
// initialize new writer
authedWriter := authio.NewVerifyMACWriter(os.Stdout, []byte("mysupersecretpassword"))
// writing an (authenticated) message results in the MAC being verified and
// removed before writing the raw message to the underlying io.Writer
n, err := authedWriter.Write(message)
// ...