SRP PHP Client

PHP Client for Login over Secure Remote Password Protocol

1. registrate

generate s (salt) and v (verifier). generated by client, stored by server

$username = "falk";
$password = "test123";
$s = $srp->getRandomSeed();
$x = $srp->generateX($s, $username, $password);
$v = $srp->generateV($x);
$send = array("phase" => 0, "I" => $username, "v" => $v, "s" => $s);

Send

Array ( [phase] => 0 [I] => falk [v] => 1ff3979e13bc4eb0e159d8aeb6432026598abb25ff6352c106086e03557f03b5251d347c3cba96a2402e7e75d23155ed94a16badb1bf7e848fe97edb7dbf1817 [s] => 72b9441f775cbeb92140bddc233e7f0d4cdd45a479108b821419fa62fee55ad897a3fb5d13c0bec3639e23ebbd8173a9fd722aa6d663205f41eb4afcbe8064cd )

Recive

Array ( [success] => 1 )

2. Login - Phase 1

client generate a (private random key), A (public generated key) and send A, I (username) to server.

$a = $srp->getRandomSeed();
$A = $srp->generateA($a);
$send = array("phase" => 1, "I" => $username, "A" => $A);

Send

Array ( [phase] => 1 [I] => falk [A] => 48210c9ce0a81d6d7dc25c8a679ea3f906ba643a59d8bd88576ed57158e287b6b26438f81aac58d9b4f122bf32a5622b049c0b570205888ee4998892ab61e355 )

Recive

Array ( [success] => 1 [B] => 17cce25111c5b62ec2b8f9f4aa097a4670cdf75af7949c74918dfb50538b11fe6f2a9cc42b1b5cc77e7bd10df99daa5b6d9d376a869981cbbd81f22a3d006feffbe31d0cfeda881f84267430cb17c4c214c6204edac3707c2ebc0b845e7a79b4 [s] => 72b9441f775cbeb92140bddc233e7f0d4cdd45a479108b821419fa62fee55ad897a3fb5d13c0bec3639e23ebbd8173a9fd722aa6d663205f41eb4afcbe8064cd )

3. Login - Phase 2

Client receive s (salt) und B (public key of Server) in Phase 1. Client build M1 and send it sto Server.

$B = $res1["B"];
$s = $res1["s"];
$x = $srp->generateX($s, $username, $password);
$S = $srp->generateS_Client($A, $B, $a, $x);
$M1 = $srp->generateM1($A, $B, $S);
$send = array("phase" => 2, "M1" => $M1);

Send

Array ( [phase] => 2 [M1] => c27f1522d5f9aadea8d4ec75a4daf283226b64b90002d600f655f1e5d0aa1604 )

Recive

Array ( [success] => 1 [M2] => 3f13e6a74f40017fb8e57a5390bf043d2da45b93d480501eebd8037831f65e31 )

4. Server verification

Client receive M2 from Server, rebiuld and compare them and build session key

$res2 = json_decode($res["body"], true);
$M2 = $res2["M2"];
$M2_check = $srp->generateM2($A, $M1, $S);

if($M2 == $M2_check){
echo "SUCCESS;";
$K = $srp->generateK($S);
echo "SESSION KEY: ".$K;
}

Output

SUCCESS;SESSION KEY: 08cd388d98d48f658437869fbf81ec3076a3954ae49604c7ad9f5147837ee513