Merge pull request #7548 from meteor/remove-npm-node-aes-gcm

Use native aes-128-gcm support in Node 4 rather than npm-node-aes-gcm package.

packages/non-core/npm-node-aes-gcm/.gitignore

@@ -1 +0,0 @@
-.build*

packages/non-core/npm-node-aes-gcm/.npm/package/.gitignore

@@ -1 +0,0 @@
-node_modules

packages/non-core/npm-node-aes-gcm/.npm/package/README

@@ -1,7 +0,0 @@
-This directory and the files immediately inside it are automatically generated
-when you change this package's NPM dependencies. Commit the files in this
-directory (npm-shrinkwrap.json, .gitignore, and this README) to source control
-so that others run the same versions of sub-dependencies.
-
-You should NOT check in the node_modules directory that Meteor automatically
-creates; if you are using git, the .gitignore file tells git to ignore it.

packages/non-core/npm-node-aes-gcm/.npm/package/npm-shrinkwrap.json

@@ -1,23 +0,0 @@
-{
-  "dependencies": {
-    "meteor-node-aes-gcm": {
-      "version": "0.1.7",
-      "resolved": "https://registry.npmjs.org/meteor-node-aes-gcm/-/meteor-node-aes-gcm-0.1.7.tgz",
-      "from": "meteor-node-aes-gcm@0.1.7",
-      "dependencies": {
-        "node-aes-gcm": {
-          "version": "0.1.7",
-          "resolved": "https://registry.npmjs.org/node-aes-gcm/-/node-aes-gcm-0.1.7.tgz",
-          "from": "node-aes-gcm@0.1.7",
-          "dependencies": {
-            "nan": {
-              "version": "2.3.3",
-              "resolved": "https://registry.npmjs.org/nan/-/nan-2.3.3.tgz",
-              "from": "nan@>=2.3.0 <2.4.0"
-            }
-          }
-        }
-      }
-    }
-  }
-}

packages/non-core/npm-node-aes-gcm/.versions

@@ -1,3 +0,0 @@
-meteor@1.1.16
-npm-node-aes-gcm@0.1.5_2
-underscore@1.0.9

packages/non-core/npm-node-aes-gcm/README.md

@@ -1,3 +0,0 @@
-## Using this package on Windows
-
-This package uses the [node-aes-gcm](https://github.com/xorbit/node-aes-gcm) NPM module, which requires you to have OpenSSL installed on your system to run. To install OpenSSL on Windows, use one of the binaries on [this page](http://slproweb.com/products/Win32OpenSSL.html). Don't forget to install the Visual Studio 2008 redistributables if you don't have them yet.

packages/non-core/npm-node-aes-gcm/package.js

@@ -1,15 +0,0 @@
-Package.describe({
-  summary: "Wrapper around the node-aes-gcm npm package",
-  version: '0.1.7_4',
-  documentation: null
-});
-
-Npm.depends({
-  'meteor-node-aes-gcm': '0.1.7'
-});
-
-Package.onUse(function (api) {
-  api.use("modules@0.6.1");
-  api.export('NpmModuleNodeAesGcm', 'server');
-  api.addFiles('wrapper.js', 'server');
-});

packages/non-core/npm-node-aes-gcm/wrapper.js

@@ -1,14 +0,0 @@
-try {
-  NpmModuleNodeAesGcm = require('meteor-node-aes-gcm');
-} catch (err) {
-  if (process.platform === "win32" &&
-    err.message.match(/specified module could not be found/)) {
-    // the user probably doesn't have OpenSSL installed.
-    throw new Error(
-"Couldn't load the package 'meteor-node-aes-gcm'. This is probably because you " +
-"don't have OpenSSL installed. See the README for details and directions: " +
-"https://github.com/meteor/meteor/blob/devel/packages/non-core/npm-node-aes-gcm/README.md");
-  } else {
-    throw err;
-  }
-}

packages/oauth-encryption/encrypt.js

@@ -1,12 +1,6 @@
-var crypto = Npm.require("crypto");
-// XXX We hope to be able to use the `crypto` module exclusively when
-// Node supports GCM in version 0.11.
-var gcm = NpmModuleNodeAesGcm;
-
-OAuthEncryption = {};
-
+var crypto = require("crypto");
 var gcmKey = null;
-
+var OAuthEncryption = exports.OAuthEncryption = {};
 
 // Node leniently ignores non-base64 characters when parsing a base64
 // string, but we want to provide a more informative error message if
@@ -67,13 +61,19 @@ OAuthEncryption.seal = function (data, userId) {
     data: data,
     userId: userId
   }));
+
   var iv = crypto.randomBytes(12);
-  var result = gcm.encrypt(gcmKey, iv, plaintext, new Buffer([]) /* aad */);
+  var cipher = crypto.createCipheriv("aes-128-gcm", gcmKey, iv);
+  cipher.setAAD(new Buffer([]));
+  var chunks = [cipher.update(plaintext)];
+  chunks.push(cipher.final());
+  var encrypted = Buffer.concat(chunks);
+
   return {
     iv: iv.toString("base64"),
-    ciphertext: result.ciphertext.toString("base64"),
+    ciphertext: encrypted.toString("base64"),
     algorithm: "aes-128-gcm",
-    authTag: result.auth_tag.toString("base64")
+    authTag: cipher.getAuthTag().toString("base64")
   };
 };
 
@@ -96,23 +96,24 @@ OAuthEncryption.open = function (ciphertext, userId) {
       throw new Error();
     }
 
-    var result = gcm.decrypt(
+    var decipher = crypto.createDecipheriv(
+      "aes-128-gcm",
       gcmKey,
-      new Buffer(ciphertext.iv, "base64"),
-      new Buffer(ciphertext.ciphertext, "base64"),
-      new Buffer([]), /* aad */
-      new Buffer(ciphertext.authTag, "base64")
+      new Buffer(ciphertext.iv, "base64")
     );
 
-    if (! result.auth_ok) {
-      throw new Error();
-    }
+    decipher.setAAD(new Buffer([]));
+    decipher.setAuthTag(new Buffer(ciphertext.authTag, "base64"));
+    var chunks = [decipher.update(
+      new Buffer(ciphertext.ciphertext, "base64"))];
+    chunks.push(decipher.final());
+    var plaintext = Buffer.concat(chunks).toString("utf8");
 
     var err;
     var data;
 
     try {
-      data = EJSON.parse(result.plaintext.toString());
+      data = EJSON.parse(plaintext);
     } catch (e) {
       err = new Error();
     }

packages/oauth-encryption/package.js

@@ -1,17 +1,16 @@
 Package.describe({
   summary: "Encrypt account secrets stored in the database",
-  version: '1.1.13'
+  version: '1.2.0'
 });
 
 Package.onUse(function (api) {
-  api.use("npm-node-aes-gcm@=0.1.7_4");
-
-  api.export("OAuthEncryption", ["server"]);
   api.use([
+    "modules",
     "underscore",
     "ejson"
   ]);
-  api.addFiles("encrypt.js", ["server"]);
+  api.mainModule("encrypt.js", "server");
+  api.export("OAuthEncryption", "server");
 });
 
 Package.onTest(function (api) {