Saphe code: server_side.cpp
/**
 *
 * server_side.cpp
 *
 * Copyright (C) 2008 
 * Uri Sternfeld (saphesolution@yahoo.com)
 * All Rights Reserved
 *
 * This simple executable is an example server-side code that can be used by the 
 * server to create SapheData BLOBs which are then sent to the plugin on the 
 * client's machine.
 *
 * Parameters are passed through the command line, and the results are printed
 * as a hex string, ready to be sent, to stdin (can be read using a popen variable).
 *
 * Written by Uri Sternfeld
 * Last modified: 3/1/2008
 *
 **/
 
#include <stdio.h>
#include <time.h>
#include <stdlib.h>
#include <winsock2.h>
#include "SapheData.h"
#include "hexlify.h"
 
int main(int argc, char* argv[])
{    
    // arguments:
    //    - user password
    //    - client challenge as a 32-char hex string
    //    - client IP as a A.B.C.D string
    //    - URL requested by the client (including https://)
    //    - login URL to send the password to (including https://)
    //    - phishing reports URL (including https://)
    if (argc != 7) {
        printf("USAGE: %s [password] [client challenge] [client IP] "
               "[requested URL] [login URL] [reports URL]\n",argv[0]);
        return 1;
    }    
 
    srand(time(0));
 
    byte* encrypted_blob;
    unsigned int enc_size;
 
    unsigned long client_IP = ntohl(inet_addr(argv[3]));
    if (client_IP == 0xFFFFFFFF) {
        printf("Bad client IP\n");        
        return 2;
    }
 
    if (strlen(argv[2]) != CHALLENGE_SIZE*2) {
        printf("Wrong challenge length!\n");
        return 3;
    }
 
    byte* client_challenge_unhex = new byte[CHALLENGE_SIZE];
    if (Unhexlify(argv[2], strlen(argv[2]), client_challenge_unhex) == false) {
        printf("Bad client challenge\n");
        delete [] client_challenge_unhex;        
        return 4;
    }        
 
    // Create server challenge and IV
    byte server_challenge[CHALLENGE_SIZE];
    for (int i = 0 ; i < CHALLENGE_SIZE ; ++i) {
        server_challenge[i] = (byte)(rand()&0xFF);
    }
    byte IV[AES_BLOCK_SIZE];
    for (int i = 0 ; i < AES_BLOCK_SIZE ; ++i) {
        IV[i] = (byte)(rand()&0xFF);
    }
 
    enc_size = CalculateEncryptedPartSize(argv[4], argv[5], argv[6]);
    encrypted_blob = new byte[enc_size];
 
    CreateEncryptedPart(argv[1], client_challenge_unhex, server_challenge, IV,
                 client_IP, argv[4], argv[5], argv[6], encrypted_blob);
 
    delete [] client_challenge_unhex;
 
    char* encrypted_blob_hex = new char[(enc_size*2)+1];
    Hexlify(encrypted_blob, enc_size, encrypted_blob_hex);
 
    // Write the output to STDOUT (can be used with popen2, for example)
    printf("%s",encrypted_blob_hex);    
 
    delete [] encrypted_blob_hex;
    delete [] encrypted_blob;    
 
    return 0;
}

Back to server-side code

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-NonCommercial-ShareAlike 3.0 License