SRP Server (PHP) and Client (PHP, JS)

Javascript Client and PHP Server/Client for Login over Secure Remote Password Protocol

A php and Javascript implementation of the secure-remote-passowrd protocol.
It follows a protocol diagram is based on the functions of this project:

Classes

PHP

require './php/lib/srp.php';
$srp = new srp();

Javascript

<script type="text/javascript" src="js/vendor/bigint.js"></script>

                <script type="text/javascript" src="js/vendor/sha256.js"></script>

                <script type="text/javascript" src="js/srp.js"></script>

                <script type="text/javascript">

                    var srp = new srp();

                </script>

Functions

the php and the javscript srp-Objects provides the same functions in a equal way.

Client functions

generate Private key

generateX(s, username, password)

generate the clint Private key by a radom seed ('s' generate over getRandomSeed-method) and the user credentials ('username' and 'password')

generate Password verifier

generateV(x)

generate the Password verifier by the private Key X. (s and V are send and stored by the server)

generate Public ephemeral values

generateA(a)

generate the Public ephemeral value A by the private value 'a' ('a' generate over getRandomSeed-method)

generate Session Key

generateS_Client(A, B, a, x)

generate the Session Key for the authentification

Shared functions (for client and server)

generate random seed

getRandomSeed(length = 0)

generate a Randum Number. By default length 128 Bit

generate auth Matcher1

generateM1(A, B, S)

generated by client to send so server for authentification. Server use this method to rebuild and verify receive M1.

generate auth Matcher2

generateM2(A, M1, S)

generated by server to send so client for authentification. Client use this method to rebuild and verify receive M2.

generate the shared secred session-Key

generateK(S)

generate the shared secred session-Key by the S value

Server functions

generate Public ephemeral values

generateB(b, v)

generate the Public ephemeral value B by the private value b (b generate over getRandomSeed-method) and the Password verifier.

generate Session key

generateS_Server(A, B, b, v)

generate the Session Key fpr the authentification

Examples

A simple Javascript Client vor registration and login (Demo | Source)
A simple PHP Client vor registration and login (Demo | Source)
A demo PHP Login Server (only for example, store Data only temporary in Session) (Source)
A PHP Test Script with all functions in use (Source)
A js Test Script with all functions in use (Source)