From 074d136a694030896edfd96bfcf169bb5db00501 Mon Sep 17 00:00:00 2001
From: John Bojorquez <john.bojorquez@uconn.edu>
Date: Sun, 23 Apr 2017 22:46:11 -0400
Subject: [PATCH] Create model for secure messages

---
 app/model/SecureMessage.php | 122 ++++++++++++++++++++++++++++++++++++
 1 file changed, 122 insertions(+)
 create mode 100644 app/model/SecureMessage.php

diff --git a/app/model/SecureMessage.php b/app/model/SecureMessage.php
new file mode 100644
index 0000000..f604447
--- /dev/null
+++ b/app/model/SecureMessage.php
@@ -0,0 +1,122 @@
+<?php
+
+include_once(APP_DIR . 'database/Database.php');
+include_once(APP_DIR . 'config/config.php');
+include_once(APP_DIR . 'model/User.php');
+
+class SecureMessage {
+    protected static $table = 'messages';
+
+    public $id;
+    public $message;
+    public $sender_id;
+    public $receiver_id;
+
+    /**
+     * Stores this information pertaining to this message in the DB
+     */
+    public function save() {
+        $integrity_key = openssl_random_pseudo_bytes(16);
+        $encryption_key = openssl_random_pseudo_bytes(16);
+        $message_iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length(Config::encr_algo));
+
+        $message_hash = hash_hmac(Config::hash_algo, $this->message, $integrity_key);
+        $ciphertext = openssl_encrypt($this->message . $message_hash, Config::encr_algo, $encryption_key, 0, $message_iv);
+
+        $keys_iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length(Config::encr_algo));
+
+        $enc_keys = openssl_encrypt($integrity_key . $encryption_key, Config::encr_algo, Config::secret_key, 0, $keys_iv);
+
+        $dbh = Database::connect();
+        $stmt = $dbh->prepare('INSERT INTO messages (message, sender_id, receiver_id, enc_keys, keys_iv, message_iv)
+                               VALUES (:message, :sender_id, :receiver_id, :enc_keys, :keys_iv, :message_iv)
+        ');
+
+        $encoded_keys_iv = base64_encode($keys_iv);
+        $encoded_message_iv = base64_encode($message_iv);
+
+        $stmt->bindParam(':message', $ciphertext);
+        $stmt->bindParam(':sender_id', $this->sender_id);
+        $stmt->bindParam(':receiver_id', $this->receiver_id);
+        $stmt->bindParam(':enc_keys', $enc_keys);
+        $stmt->bindParam(':keys_iv', $encoded_keys_iv);
+        $stmt->bindParam(':message_iv', $encoded_message_iv);
+        $stmt->execute();
+        $this->id = $dbh->lastInsertId();
+    }
+
+    public function delete() {
+        $dbh = Database::connect();
+        $stmt = $dbh->prepare("DELETE FROM messages WHERE id=:id");
+        $stmt->bindParam(':id', $this->id);
+        $stmt->execute();
+    }
+
+    public static function all() {
+        $dbh = Database::connect();
+        $stmt = $dbh->prepare("SELECT * from messages");
+        $stmt->execute();
+        $messages = array_map(function ($row) {
+            $m = new SecureMessage;
+            $keys_iv = base64_decode($row['keys_iv']);
+            $message_iv = base64_decode($row['message_iv']);
+
+            /* Decrypt to get the keys */
+            $keys = openssl_decrypt($row['enc_keys'], Config::encr_algo, Config::secret_key, 0, $keys_iv);
+
+            $integrity_key = substr($keys, 0, strlen($keys) / 2);
+            $message_key = substr($keys, strlen($keys) / 2);
+
+            /* Decrypt and extract the message and hash */
+            $decrypted = openssl_decrypt($row['message'], Config::encr_algo, $message_key, 0, $message_iv);
+            $message = substr($decrypted, 0, strlen($decrypted) - 64);
+            $message_hash = substr($decrypted, strlen($decrypted) - 64);
+
+            /* Verify integrity of message */
+            if (hash_hmac(Config::hash_algo, $message, $integrity_key) != $message_hash) {
+                return null;
+            }
+
+            $m->id = $row['id'];
+            $m->message = $message;
+            $m->sender_id = $row['sender_id'];
+            $m->receiver_id = $row['receiver_id'];
+            return $m;
+        }, $stmt->fetchAll());
+
+        /* Filter out bad messages */
+        return array_filter($messages, function ($m) {
+            return $m != null;
+        });
+    }
+
+    public static function all_from($user_id) {
+        $messages = SecureMessage::all();
+        return array_filter($messages, function ($m) use ($user_id) {
+            return $m->sender_id == $user_id;
+        });
+    }
+
+    public static function all_to($user_id) {
+        $messages = SecureMessage::all();
+        return array_filter($messages, function ($m) use ($user_id) {
+            return $m->receiver_id == $user_id;
+        });
+    }
+
+    public static function all_for($user_id) {
+        $messages = SecureMessage::all();
+        return array_filter($messages, function ($m) use ($user_id) {
+            return $m->sender_id == $user_id || $m->receiver_id = $user_id;
+        });
+    }
+
+    public function sender() {
+        return User::getByID($this->sender_id);
+    }
+
+    public function receiver() {
+        return User::getByID($this->receiver_id);
+    }
+}
+?>