Merge branch 'sverker/crypto_aes_ctr_cmac/OTP-8752' into dev

* sverker/crypto_aes_ctr_cmac/OTP-8752:
  Fix nif_SUITE to not assume that it is the only one loading NIFs.
  crypto CTR support

4 files changed, 133 insertions, 1 deletions

diff --git a/lib/crypto/c_src/crypto.c b/lib/crypto/c_src/crypto.c
index 85614a84c2..92cc2b4dd9 100644
--- a/lib/crypto/c_src/crypto.c
+++ b/lib/crypto/c_src/crypto.c
@@ -126,6 +126,7 @@ static ERL_NIF_TERM des_cbc_crypt(ErlNifEnv* env, int argc, const ERL_NIF_TERM a
 static ERL_NIF_TERM des_ecb_crypt(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM des_ede3_cbc_crypt(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM aes_cfb_128_crypt(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
+static ERL_NIF_TERM aes_ctr_encrypt(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM rand_bytes_1(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM rand_bytes_3(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM rand_uniform_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
@@ -194,6 +195,8 @@ static ErlNifFunc nif_funcs[] = {
     {"des_ecb_crypt", 3, des_ecb_crypt},
     {"des_ede3_cbc_crypt", 6, des_ede3_cbc_crypt},
     {"aes_cfb_128_crypt", 4, aes_cfb_128_crypt},
+    {"aes_ctr_encrypt", 3, aes_ctr_encrypt},
+    {"aes_ctr_decrypt", 3, aes_ctr_encrypt},
     {"rand_bytes", 1, rand_bytes_1},
     {"rand_bytes", 3, rand_bytes_3},
     {"rand_uniform_nif", 2, rand_uniform_nif},
@@ -654,6 +657,34 @@ static ERL_NIF_TERM aes_cfb_128_crypt(ErlNifEnv* env, int argc, const ERL_NIF_TE
     return ret;
 }
 
+/* Common for both encrypt and decrypt
+*/
+static ERL_NIF_TERM aes_ctr_encrypt(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
+{/* (Key, IVec, Data) */    
+    ErlNifBinary key, ivec, text;
+    AES_KEY aes_key;
+    unsigned char ivec_clone[16]; /* writable copy */
+    unsigned char ecount_buf[AES_BLOCK_SIZE];
+    unsigned int num = 0;
+    ERL_NIF_TERM ret;
+
+    if (!enif_inspect_iolist_as_binary(env, argv[0], &key)
+	|| AES_set_encrypt_key(key.data, key.size*8, &aes_key) != 0
+	|| !enif_inspect_binary(env, argv[1], &ivec) || ivec.size != 16
+	|| !enif_inspect_iolist_as_binary(env, argv[2], &text)) {
+	return enif_make_badarg(env);
+    }
+    memcpy(ivec_clone, ivec.data, 16);    
+    memset(ecount_buf, 0, sizeof(ecount_buf));
+    AES_ctr128_encrypt((unsigned char *) text.data,
+		       enif_make_new_binary(env, text.size, &ret), 
+		       text.size, &aes_key, ivec_clone, ecount_buf, &num);
+
+    /* To do an incremental {en|de}cryption, the state to to keep between calls
+	must include ivec_clone, ecount_buf and num. */
+    return ret;
+}
+
 static ERL_NIF_TERM rand_bytes_1(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
 {/* (Bytes) */     
     unsigned bytes;
diff --git a/lib/crypto/doc/src/crypto.xml b/lib/crypto/doc/src/crypto.xml
index e1431cfd81..c407350c47 100644
--- a/lib/crypto/doc/src/crypto.xml
+++ b/lib/crypto/doc/src/crypto.xml
@@ -53,7 +53,7 @@
         <p>aes: Advanced Encryption Standard (AES) (FIPS 197) </p>
       </item>
       <item>
-        <p>ecb, cbc, cfb, ofb: Recommendation for Block Cipher Modes
+        <p>ecb, cbc, cfb, ofb, ctr: Recommendation for Block Cipher Modes
           of Operation (NIST SP 800-38A).</p>
       </item>
       <item>
@@ -557,6 +557,34 @@ Mpint() = <![CDATA[<<ByteLen:32/integer-big, Bytes:ByteLen/binary>>]]>
       </desc>
     </func>
     <func>
+      <name>aes_ctr_encrypt(Key, IVec, Text) -> Cipher</name>
+      <fsummary>Encrypt <c>Text</c>according to AES in Counter mode</fsummary>
+      <type>
+        <v>Key = Text = iolist() | binary()</v>
+        <v>IVec = Cipher = binary()</v>
+      </type>
+      <desc>
+      <p>Encrypts <c>Text</c> according to AES in Counter mode (CTR). <c>Text</c>
+        can be any number of bytes. <c>Key</c> is the AES key and must be either
+        128, 192 or 256 bits long. <c>IVec</c> is an arbitrary initializing vector of 128 bits
+        (16 bytes).</p>
+    </desc>
+    </func>
+    <func>
+      <name>aes_ctr_decrypt(Key, IVec, Cipher) -> Text</name>
+      <fsummary>Decrypt <c>Cipher</c>according to AES in Counter mode</fsummary>
+      <type>
+        <v>Key = Cipher = iolist() | binary()</v>
+        <v>IVec = Text = binary()</v>
+      </type>
+      <desc>
+      <p>Decrypts <c>Cipher</c> according to AES in Counter mode (CTR). <c>Cipher</c>
+        can be any number of bytes. <c>Key</c> is the AES key and must be either
+        128, 192 or 256 bits long. <c>IVec</c> is an arbitrary initializing vector of 128 bits
+        (16 bytes).</p>
+    </desc>
+    </func>
+    <func>
       <name>erlint(Mpint) -> N</name>
       <name>mpint(N) -> Mpint</name>
       <fsummary>Convert between binary multi-precision integer and erlang big integer</fsummary>
diff --git a/lib/crypto/src/crypto.erl b/lib/crypto/src/crypto.erl
index 71fd91cafd..d6e2e033c0 100644
--- a/lib/crypto/src/crypto.erl
+++ b/lib/crypto/src/crypto.erl
@@ -51,6 +51,7 @@
 -export([aes_cbc_128_encrypt/3, aes_cbc_128_decrypt/3]).
 -export([aes_cbc_256_encrypt/3, aes_cbc_256_decrypt/3]).
 -export([aes_cbc_ivec/1]).
+-export([aes_ctr_encrypt/3, aes_ctr_decrypt/3]).
 
 -export([dh_generate_parameters/2, dh_check/1]). %% Testing see below
 
@@ -80,6 +81,7 @@
 		    rc2_40_cbc_encrypt, rc2_40_cbc_decrypt,
 		    %% idea_cbc_encrypt, idea_cbc_decrypt,
 		    aes_cbc_256_encrypt, aes_cbc_256_decrypt,
+            aes_ctr_encrypt, aes_ctr_decrypt,
 		    info_lib]).
 
 -type rsa_digest_type() :: 'md5' | 'sha'.
@@ -542,6 +544,16 @@ aes_cbc_ivec(Data) when is_binary(Data) ->
 aes_cbc_ivec(Data) when is_list(Data) ->
     aes_cbc_ivec(list_to_binary(Data)).
 
+%%
+%% AES - in counter mode (CTR)
+%%
+-spec aes_ctr_encrypt(iodata(), binary(), iodata()) ->
+				 binary().
+-spec aes_ctr_decrypt(iodata(), binary(), iodata()) ->
+				 binary().
+ 
+aes_ctr_encrypt(_Key, _IVec, _Data) -> ?nif_stub.
+aes_ctr_decrypt(_Key, _IVec, _Cipher) -> ?nif_stub.
 
 %%
 %% XOR - xor to iolists and return a binary
diff --git a/lib/crypto/test/crypto_SUITE.erl b/lib/crypto/test/crypto_SUITE.erl
index 06b284d50d..19e10081d8 100644
--- a/lib/crypto/test/crypto_SUITE.erl
+++ b/lib/crypto/test/crypto_SUITE.erl
@@ -44,6 +44,7 @@
 	 aes_cfb/1,
 	 aes_cbc/1,
 	 aes_cbc_iter/1,
+     aes_ctr/1,
 	 mod_exp_test/1,
 	 rand_uniform_test/1,
 	 rsa_verify_test/1,
@@ -79,6 +80,7 @@ all(suite) ->
 		 aes_cfb,
 		 aes_cbc,
 		 aes_cbc_iter,
+         aes_ctr,
 		 des_cbc_iter,
 		 des_ecb,
 		 rand_uniform_test,
@@ -619,6 +621,65 @@ aes_cbc_decrypt_iter(Key,IVec,Data, Acc) ->
     aes_cbc_decrypt_iter(Key,IVec2,Rest, <<Acc/binary, Plain/binary>>).
 
 
+aes_ctr(doc) -> "CTR";
+aes_ctr(Config) when is_list(Config) ->
+    %% Sample data from NIST Spec.Publ. 800-38A
+    %% F.5.1 CTR-AES128.Encrypt
+    Key128 = hexstr2bin("2b7e151628aed2a6abf7158809cf4f3c"),
+    Samples128 = [{"f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff", % Input Block
+                   "6bc1bee22e409f96e93d7e117393172a", % Plaintext
+                   "874d6191b620e3261bef6864990db6ce"},% Ciphertext
+                  {"f0f1f2f3f4f5f6f7f8f9fafbfcfdff00",
+                   "ae2d8a571e03ac9c9eb76fac45af8e51",
+                   "9806f66b7970fdff8617187bb9fffdff"},
+                  {"f0f1f2f3f4f5f6f7f8f9fafbfcfdff01",
+                   "30c81c46a35ce411e5fbc1191a0a52ef",
+                   "5ae4df3edbd5d35e5b4f09020db03eab"},
+                  {"f0f1f2f3f4f5f6f7f8f9fafbfcfdff02",
+                   "f69f2445df4f9b17ad2b417be66c3710",
+                   "1e031dda2fbe03d1792170a0f3009cee"}],
+    lists:foreach(fun(S) -> aes_ctr_do(Key128,S) end, Samples128),
+
+    %% F.5.3  CTR-AES192.Encrypt
+    Key192 =  hexstr2bin("8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b"),
+    Samples192 = [{"f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff", % Input Block
+                   "6bc1bee22e409f96e93d7e117393172a", % Plaintext
+                   "1abc932417521ca24f2b0459fe7e6e0b"},% Ciphertext
+                  {"f0f1f2f3f4f5f6f7f8f9fafbfcfdff00",
+                   "ae2d8a571e03ac9c9eb76fac45af8e51",
+                   "090339ec0aa6faefd5ccc2c6f4ce8e94"},
+                  {"f0f1f2f3f4f5f6f7f8f9fafbfcfdff01",
+                   "30c81c46a35ce411e5fbc1191a0a52ef",
+                   "1e36b26bd1ebc670d1bd1d665620abf7"},
+                  {"f0f1f2f3f4f5f6f7f8f9fafbfcfdff02",
+                   "f69f2445df4f9b17ad2b417be66c3710",
+                   "4f78a7f6d29809585a97daec58c6b050"}],    
+    lists:foreach(fun(S) -> aes_ctr_do(Key192,S) end, Samples192),
+
+    %% F.5.5  CTR-AES256.Encrypt
+    Key256 = hexstr2bin("603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4"),
+    Samples256 = [{"f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",  % Input Block
+                    "6bc1bee22e409f96e93d7e117393172a", % Plaintext
+                    "601ec313775789a5b7a7f504bbf3d228"},% Ciphertext
+                   {"f0f1f2f3f4f5f6f7f8f9fafbfcfdff00",
+                    "ae2d8a571e03ac9c9eb76fac45af8e51",
+                    "f443e3ca4d62b59aca84e990cacaf5c5"},
+                   {"f0f1f2f3f4f5f6f7f8f9fafbfcfdff01",
+                    "30c81c46a35ce411e5fbc1191a0a52ef",
+                    "2b0930daa23de94ce87017ba2d84988d"},
+                   {"f0f1f2f3f4f5f6f7f8f9fafbfcfdff02",
+                    "f69f2445df4f9b17ad2b417be66c3710",
+                    "dfc9c58db67aada613c2dd08457941a6"}],
+    lists:foreach(fun(S) -> aes_ctr_do(Key256,S) end, Samples256).
+
+
+aes_ctr_do(Key,{IVec, Plain, Cipher}) ->
+    ?line I = hexstr2bin(IVec),
+    ?line P = hexstr2bin(Plain),
+    ?line C = crypto:aes_ctr_encrypt(Key, I, P),
+    ?line m(C, hexstr2bin(Cipher)),
+    ?line m(P, crypto:aes_ctr_decrypt(Key, I, C)).
+
 %%
 %%
 mod_exp_test(doc) ->