SRP PHP Client

PHP Client for Login over Secure Remote Password Protocol

1. registrate

generate s (salt) and v (verifier). generated by client, stored by server

$username = "falk";
$password = "test123";
$s = $srp->getRandomSeed();
$x = $srp->generateX($s, $username, $password);
$v = $srp->generateV($x);
$send = array("phase" => 0, "I" => $username, "v" => $v, "s" => $s);

Send

Array ( [phase] => 0 [I] => falk [v] => bd48510ae1023c12b2a351ed9b3eb2089535dc2a206f7c949e89368e83c88e09a1b46de819803fd9f6c5eacdad830f1f3003ec70778442364dcf85aecc5ce7b9 [s] => 6524a51215b9fc3d1684ff08693eff14661ec5f44088d7d16f32259446b572f74423a29a4915538d4596315b5ada10fc703e2a6b6aec80e77b0a2d06a51123b1 )

Recive

Array ( [success] => 1 )

2. Login - Phase 1

client generate a (private random key), A (public generated key) and send A, I (username) to server.

$a = $srp->getRandomSeed();
$A = $srp->generateA($a);
$send = array("phase" => 1, "I" => $username, "A" => $A);

Send

Array ( [phase] => 1 [I] => falk [A] => 86f7beae9875fe5801a635a5b44d2523f1a981f10745890506a30805874ca0f41c4d2a6c2d36416aaf9c062fac5b25900f457eac4d6dc097c406c68457f92e71 )

Recive

Array ( [success] => 1 [B] => 8cfe8d527a73d7d7b72c3f07e02d2c6c58ce40ba3009c3743251d39f2cede1f30a777a1b271acc8aa902dbf7fb09788a7dc7c4410e07e1657f708d695fb705d1b9455ffbe19e1e1f957fe44635ec3a8908282f4a91e7d64d5631373148fc077c [s] => 6524a51215b9fc3d1684ff08693eff14661ec5f44088d7d16f32259446b572f74423a29a4915538d4596315b5ada10fc703e2a6b6aec80e77b0a2d06a51123b1 )

3. Login - Phase 2

Client receive s (salt) und B (public key of Server) in Phase 1. Client build M1 and send it sto Server.

$B = $res1["B"];
$s = $res1["s"];
$x = $srp->generateX($s, $username, $password);
$S = $srp->generateS_Client($A, $B, $a, $x);
$M1 = $srp->generateM1($A, $B, $S);
$send = array("phase" => 2, "M1" => $M1);

Send

Array ( [phase] => 2 [M1] => 268cfc0e32223400a0a6c3baba4bc1b246a62ef904a8eaf526932ba63196fb96 )

Recive

Array ( [success] => 1 [M2] => 50eb50a62a884aea79fda377bca94d79c9470864eb66bee9244eecd0adf73d7f )

4. Server verification

Client receive M2 from Server, rebiuld and compare them and build session key

$res2 = json_decode($res["body"], true);
$M2 = $res2["M2"];
$M2_check = $srp->generateM2($A, $M1, $S);

if($M2 == $M2_check){
echo "SUCCESS;";
$K = $srp->generateK($S);
echo "SESSION KEY: ".$K;
}

Output

SUCCESS;SESSION KEY: 10b328b8748d422b562f3ec80000f0ae749ebb5a74ee406a2f99de80cf43d3b8