Node.js Crypto: Adding Support for Authenticated Encryption

After my previous two contributions to the Node.js crypto module were purely fixes to enable interoperability with legacy software, my newest feat is actually stepping up node’s game by adding initial support for Authenticated Encryption to the lower-level API.

The PR uses OpenSSL’s GCM mode API and extends node’s crypto layer with two new exported methods, getAuthTag and setAuthTag that can be used to retrieve / provide hash bytes that are used by GCM to detect whether the ciphertext has been tampered with during transmission.

Find the PR and diff on Github: https://github.com/nodejs/node-v0.x-archive/pull/6317

The next evolution could be adding support for Associated Data or handling other AD modes besides GCM, e.g. CCM.