-
Notifications
You must be signed in to change notification settings - Fork 0
/
verify_mac_writer.go
43 lines (37 loc) · 1.35 KB
/
verify_mac_writer.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
package authio
import (
"crypto/sha256"
"fmt"
"io"
"github.com/adrianosela/authio/protocol/authenticator"
)
// VerifyMACWriter is a writer that verifies and strips MACs
// on every message before writing them to the underlying writer.
type VerifyMACWriter struct {
writer io.Writer // underlying io.Writer to write to
authenticator authenticator.MessageAuthenticator
authHeaderLen int
}
// ensure VerifyMACWriter implements io.Writer at compile-time
var _ io.Writer = (*VerifyMACWriter)(nil)
// NewVerifyMACWriter wraps an io.Writer in an VerifyMACWriter
func NewVerifyMACWriter(writer io.Writer, key []byte) *VerifyMACWriter {
authenticator := authenticator.NewDefaultMessageAuthenticator(sha256.New, key)
return &VerifyMACWriter{
writer: writer,
authenticator: authenticator,
authHeaderLen: authenticator.GetMessageAuthenticationHeaderLength(),
}
}
// Write writes the contents of a buffer to a writer (with MAC excluded)
func (w *VerifyMACWriter) Write(b []byte) (int, error) {
msg, subMsgCount, err := w.authenticator.AuthenticateMessages(b)
if err != nil {
return 0, fmt.Errorf("failed message authentication verification: %s", err)
}
n, err := w.writer.Write(msg)
if err != nil {
return n + (subMsgCount * w.authHeaderLen), fmt.Errorf("failed to write verified message: %s", err)
}
return n + (subMsgCount * w.authHeaderLen), nil
}