server side WIP - saving encrypted note now works, changing terminology of "encrypted note" to "protected note"

services/data_encryption.js

@@ -1,6 +1,8 @@
-const protected_session = require('./protected_session');
+"use strict";
+
 const utils = require('./utils');
 const aesjs = require('./aes');
+const sha256 = require('./sha256');
 
 function getProtectedSessionId(req) {
     return req.headers['x-protected-session-id'];
@@ -10,6 +12,15 @@ function getDataAes(dataKey) {
     return new aesjs.ModeOfOperation.ctr(dataKey, new aesjs.Counter(5));
 }
 
+function arraysIdentical(a, b) {
+    let i = a.length;
+    if (i !== b.length) return false;
+    while (i--) {
+        if (a[i] !== b[i]) return false;
+    }
+    return true;
+}
+
 function decrypt(dataKey, encryptedBase64) {
     if (!dataKey) {
         return "[protected]";
@@ -24,10 +35,42 @@ function decrypt(dataKey, encryptedBase64) {
     const digest = decryptedBytes.slice(0, 4);
     const payload = decryptedBytes.slice(4);
 
+    const hashArray = sha256Array(payload);
+
+    const computedDigest = hashArray.slice(0, 4);
+
+    if (!arraysIdentical(digest, computedDigest)) {
+        return false;
+    }
+
     return aesjs.utils.utf8.fromBytes(payload);
 }
 
+function encrypt(dataKey, plainText) {
+    if (!dataKey) {
+        throw new Error("No data key!");
+    }
+
+    const aes = getDataAes(dataKey);
+
+    const payload = Array.from(aesjs.utils.utf8.toBytes(plainText));
+    const digest = sha256Array(payload).slice(0, 4);
+
+    const digestWithPayload = digest.concat(payload);
+
+    const encryptedBytes = aes.encrypt(digestWithPayload);
+
+    return utils.toBase64(encryptedBytes);
+}
+
+function sha256Array(content) {
+    const hash = sha256.create();
+    hash.update(content);
+    return hash.array();
+}
+
 module.exports = {
     getProtectedSessionId,
-    decrypt
+    decrypt,
+    encrypt
 };