Add true streaming AES (CTR) encryption and streaming HMAC operations

The current crypto module implementations require all of the data
being encrypted or authenticated to be in memory at one time. When
trying to encrypt or authenticate a large file (on order of GBs),
this is problematic.

The implementation of AES CTR uses the same underlying implementation
as aes_ctr_[en|de]crypt, but hands the state back to the client
after every operation.

The HMAC implementation differs from the previous implementations of
sha_mac and md5_mac. The old implementations did not utilize the
OpenSSL HMAC implementation. In order to ensure that I didn't
implement something incorrectly, I chose to use the OpenSSL HMAC
implementation directly, since it handles streaming as well. This
has the added side benefit of allowing other hash functions to be
used as desired (for instances, I added support for ripemd160
hashing).

While I haven't done this, it seems like the existing md5_mac and
sha_mac functions could either be depricated or redefined in terms
of the new hmac_ functions.

Update AES CTR and HMAC streaming with code review input

Ensure that memcpy operations in hmac operations are being size
checked properly. Rename aes_ctr_XXX_with_state to
aes_ctr_stream_XXX. Remove redundant hmac_init_[sha|md5|ripemd160]
functions. Fix documentation for hmac_final_n.

Fix possible error using negative value as a marker on an unsigned int

Now, use a separate marker and add a unit test to test specifically for
a case where HashLen is larger than the underlying resultant hash.

Revert "Fix possible error using negative value as a marker on an unsigned int"

This reverts commit 59cb177aa96444c0fd3ace6d01f7b8a70dd69cc9.

Resolve buffer overflow posibility on an unsigned int.

Change handling the marker for HashLen to use the fact that a second
parameter that has to be the the HashLen was passed. Also, ensure
that HashLen parameter is positive.

1 files changed, 100 insertions, 0 deletions

diff --git a/lib/crypto/doc/src/crypto.xml b/lib/crypto/doc/src/crypto.xml
index 1ccea6df79..179ba4498c 100644
--- a/lib/crypto/doc/src/crypto.xml
+++ b/lib/crypto/doc/src/crypto.xml
@@ -282,6 +282,57 @@ Mpint() = <![CDATA[<<ByteLen:32/integer-big, Bytes:ByteLen/binary>>]]>
       </desc>
     </func>
     <func>
+      <name>hmac_init(Type, Key) -> Context</name>
+      <fsummary></fsummary>
+      <type>
+        <v>Type = sha | md5 | ripemd160</v>
+        <v>Key = iolist() | binary()</v>
+        <v>Context = binary()</v>
+      </type>
+      <desc>
+        <p>Initializes the context for streaming HMAC operations. <c>Type</c> determines
+        which hash function to use in the HMAC operation. <c>Key</c> is the authentication
+        key. The key can be any length.</p>
+      </desc>
+    </func>
+    <func>
+      <name>hmac_update(Context, Data) -> NewContext</name>
+      <fsummary></fsummary>
+      <type>
+        <v>Context = NewContext = binary()</v>
+        <v>Data = iolist() | binary()</v>
+      </type>
+      <desc>
+        <p>Updates the HMAC represented by <c>Context</c> using the given <c>Data</c>. <c>Context</c>
+        must have been generated using an HMAC init function (such as 
+        <seealso marker="#hmac_init/2">hmac_init</seealso>). <c>Data</c> can be any length. <c>NewContext</c>
+        must be passed into the next call to <c>hmac_update</c>.</p>
+      </desc>
+    </func>
+    <func>
+      <name>hmac_final(Context) -> Mac</name>
+      <fsummary></fsummary>
+      <type>
+        <v>Context = Mac = binary()</v>
+      </type>
+      <desc>
+        <p>Finalizes the HMAC operation referenced by <c>Context</c>. The size of the resultant MAC is
+        determined by the type of hash function used to generate it.</p>
+      </desc>
+    </func>
+    <func>
+      <name>hmac_final_n(Context, HashLen) -> Mac</name>
+      <fsummary></fsummary>
+      <type>
+        <v>Context = Mac = binary()</v>
+        <v>HashLen = non_neg_integer()</v>
+      </type>
+      <desc>
+        <p>Finalizes the HMAC operation referenced by <c>Context</c>. <c>HashLen</c> must be greater than
+        zero. <c>Mac</c> will be a binary with at most <c>HashLen</c> bytes. Note that if HashLen is greater than the actual number of bytes returned from the underlying hash, the returned hash will have fewer than <c>HashLen</c> bytes.</p>
+      </desc>
+    </func>
+    <func>
       <name>sha_mac(Key, Data) -> Mac</name>
       <fsummary>Compute an <c>MD5 MAC</c>message authentification code</fsummary>
       <type>
@@ -589,6 +640,55 @@ Mpint() = <![CDATA[<<ByteLen:32/integer-big, Bytes:ByteLen/binary>>]]>
     </desc>
     </func>
     <func>
+      <name>aes_ctr_stream_init(Key, IVec) -> State</name>
+      <fsummary></fsummary>
+      <type>
+        <v>State = { K, I, E, C }</v>
+        <v>Key = K = iolist()</v>
+        <v>IVec = I = E = binary()</v>
+        <v>C = integer()</v>
+      </type>
+      <desc>
+        <p>Initializes the state for use in streaming AES encryption using Counter mode (CTR).
+        <c>Key</c> is the AES key and must be either 128, 192, or 256 bts long. <c>IVec</c> is
+        an arbitrary initializing vector of 128 bits (16 bytes). This state is for use with
+        <seealso marker="#aes_ctr_stream_encrypt/2">aes_ctr_stream_encrypt</seealso> and 
+        <seealso marker="#aes_ctr_stream_decrypt/2">aes_ctr_stream_decrypt</seealso>.</p>
+      </desc>
+    </func>
+    <func>
+      <name>aes_ctr_stream_encrypt(State, Text) -> { NewState, Cipher}</name>
+      <fsummary></fsummary>
+      <type>
+        <v>Text = iolist() | binary()</v>
+        <v>Cipher = binary()</v>
+      </type>
+      <desc>
+      <p>Encrypts <c>Text</c> according to AES in Counter mode (CTR).  This function can be
+        used to encrypt a stream of text using a series of calls instead of requiring all
+        text to be in memory. <c>Text</c> can be any number of bytes. State is initialized using 
+        <seealso marker="#aes_ctr_stream_init/2">aes_ctr_stream_init</seealso>. <c>NewState</c> is the new streaming
+        encryption state that must be passed to the next call to <c>aes_ctr_stream_encrypt</c>.
+        <c>Cipher</c> is the encrypted cipher text.</p>
+      </desc>
+    </func>
+    <func>
+      <name>aes_ctr_stream_decrypt(State, Cipher) -> { NewState, Text }</name>
+      <fsummary></fsummary>
+      <type>
+        <v>Cipher = iolist() | binary()</v>
+        <v>Text = binary()</v>
+      </type>
+      <desc>
+      <p>Decrypts <c>Cipher</c> according to AES in Counter mode (CTR). This function can be
+        used to decrypt a stream of ciphertext using a series of calls instead of requiring all
+        ciphertext to be in memory.  <c>Cipher</c> can be any number of bytes. State is initialized using 
+        <seealso marker="#aes_ctr_stream_init/2">aes_ctr_stream_init</seealso>. <c>NewState</c> is the new streaming
+        encryption state that must be passed to the next call to <c>aes_ctr_stream_encrypt</c>.
+        <c>Text</c> is the decrypted data.</p>
+      </desc>
+    </func>
+    <func>
       <name>erlint(Mpint) -> N</name>
       <name>mpint(N) -> Mpint</name>
       <fsummary>Convert between binary multi-precision integer and erlang big integer</fsummary>