Update hmac calculation #218
Description
Summary
Update hmac calculation to avoid making an in-memory copy of the encrypted data.
Problem
The current way of calculating hmac requires making an in-memory copy of the encrypted data which is as large as the HTML file. Each copy increases RAM requirements and reduces the maximum file size that can be processed.
Proposed Solution
Avoid buffer copy by hashing in two steps:
hmac = sign( hashedPassword, iv + digest(encrypted) )
The sign operation is performed using a hash of encrypted as a proxy for encrypted, avoiding the need to copy the buffer.
Alternatives Considered
Alternatives are limited by the fact that the available crypto functions (encrypt, decrypt, sign) operate on in-memory buffers that are required to be complete. No streaming or partial block operations are provided.
Additional Context
This is part of a push to reduce RAM requirements so larger HTML files can be supported.