SRP PHP Client

PHP Client for Login over Secure Remote Password Protocol

1. registrate

generate s (salt) and v (verifier). generated by client, stored by server

$username = "falk";
$password = "test123";
$s = $srp->getRandomSeed();
$x = $srp->generateX($s, $username, $password);
$v = $srp->generateV($x);
$send = array("phase" => 0, "I" => $username, "v" => $v, "s" => $s);

Send

Array ( [phase] => 0 [I] => falk [v] => b41c6f01fb71a9fe99a8ed68c07036b3c22dac153eb48b795940408d3369462eb645fe5625d8d3e322780204abb8ea9102338c66966c0453f81209797e7631ee [s] => 4aae498064c461ef43109c0a30056f2d10d917ed1f96ca9d42bb7ff51a8b91ec588c49a6622f1a11ec9d40162a8f0d43a286557e572dc8122756f8630d20ef21 )

Recive

Array ( [success] => 1 )

2. Login - Phase 1

client generate a (private random key), A (public generated key) and send A, I (username) to server.

$a = $srp->getRandomSeed();
$A = $srp->generateA($a);
$send = array("phase" => 1, "I" => $username, "A" => $A);

Send

Array ( [phase] => 1 [I] => falk [A] => cc1a525d343cbeba8065187d1f2487829fb5e739dcabe2a85df01499d22851e82d1e1ef3b5799df1a372cfdbd4043fdf8be1733b2a0a016fe642f45ca897148d )

Recive

Array ( [success] => 1 [B] => 8629a41da2a13ed414d40e0a6b6b1400d85afacdae986242b60057f45c86e20579f0bb2ea211013d4a0a40efa7567b7b270b3e22742f82ce6e0ae6ec1de0ba2925787e530bf2972e567baf985a735d52482fd4cc4c3c1d418ad8f32dcb49e799 [s] => 4aae498064c461ef43109c0a30056f2d10d917ed1f96ca9d42bb7ff51a8b91ec588c49a6622f1a11ec9d40162a8f0d43a286557e572dc8122756f8630d20ef21 )

3. Login - Phase 2

Client receive s (salt) und B (public key of Server) in Phase 1. Client build M1 and send it sto Server.

$B = $res1["B"];
$s = $res1["s"];
$x = $srp->generateX($s, $username, $password);
$S = $srp->generateS_Client($A, $B, $a, $x);
$M1 = $srp->generateM1($A, $B, $S);
$send = array("phase" => 2, "M1" => $M1);

Send

Array ( [phase] => 2 [M1] => 3d7f97d77a04cd2bb3a6bb18cd30c4b7a30b63bb23dc880c47572709b87c66c1 )

Recive

Array ( [success] => 1 [M2] => 1205817d8c03769ce826e80be306e8d65c3bf7a06bb80028d8fc13e88bc3ba19 )

4. Server verification

Client receive M2 from Server, rebiuld and compare them and build session key

$res2 = json_decode($res["body"], true);
$M2 = $res2["M2"];
$M2_check = $srp->generateM2($A, $M1, $S);

if($M2 == $M2_check){
echo "SUCCESS;";
$K = $srp->generateK($S);
echo "SESSION KEY: ".$K;
}

Output

SUCCESS;SESSION KEY: a9ddf5320e3d7e989799fa9bf8f651630e7bec86f71c3245ee41fa319a26ae79