Any server-side implementation will need to create a Saphe-data response to be returned to the user.
The format of the Saphe-data response is as follows:
--- Start of header ---
- magic value [4 bytes] // the 4-char string 'SAPH'
- status code [1 bytes] // can be 'X' (SapheData), 'Y' (invalid user) or 'Z' (blocked user)
--- Start of SapheData part ---
- encrypted buffer size [4 bytes, little endian]
- server challenge [16 bytes]
- initialization vector (IV) [16 bytes]
- plain hmac [20 bytes]
- Encrypted buffer:
- source ip [4 bytes, little endian]
- requested url size [2 bytes, little endian]
- requested url [requested url size]
- authentication url size [2 bytes, little endian]
- authentication url [authentication url size]
- phishing report url size [2 bytes, little endian] // optional - size can be 0
- phishing report url [phishing report url size]
Note that the SapheData part is expected as a hex-string!
The source code in SapheData.h supplies functions for creating the SapheData part:
- CalculateEncryptedPartSize calculates the total size of the SapheData part from the three given URLs (requested, authentication, phishing report)
- CreateEncryptedPart creates the actual SapheData part. This includes key derivation, SHA-1 HMAC calculation and AES-CFB encryption.
The following code shows an example of such implementation: