SRP PHP Client

PHP Client for Login over Secure Remote Password Protocol

1. registrate

generate s (salt) and v (verifier). generated by client, stored by server

$username = "falk";
$password = "test123";
$s = $srp->getRandomSeed();
$x = $srp->generateX($s, $username, $password);
$v = $srp->generateV($x);
$send = array("phase" => 0, "I" => $username, "v" => $v, "s" => $s);

Send

Array ( [phase] => 0 [I] => falk [v] => cbaa1f8e33e519da3df2f9a22b70563c582185fcd630899e8969e5fbeea30ee9219fd2cb612a0b225f00399bf735f3ab0838d8760b8f95d4eefdfe283b3aa03a [s] => 32151edd239acae7268752fc424f770db4b34a6295de29540b1335d36063c3670e6cf160b92033e6ed5e74c28f147279b35811c594c73169421a4f70206a5834 )

Recive

Array ( [success] => 1 )

2. Login - Phase 1

client generate a (private random key), A (public generated key) and send A, I (username) to server.

$a = $srp->getRandomSeed();
$A = $srp->generateA($a);
$send = array("phase" => 1, "I" => $username, "A" => $A);

Send

Array ( [phase] => 1 [I] => falk [A] => 4280dac598e9ddf98a7d0f583d8a6f4b6cc985a973e125f67b5e9bd02dd9277445f48bdeb69738ee702fd10c9ece81bb9510fd534b4ec00f485b7e1b7c6cdac1 )

Recive

Array ( [success] => 1 [B] => 97b5166200f38d77e80adf54864cba0a56b9d54f13631de44f35af85ae058e4ef00548198218d96fb2058f151889e485a0881c596d41bc858ce4cff8c643e76131880ec3fb0a4a9784001d7a685198b9a0a979add39d89d4bbce61e088fee1f6 [s] => 32151edd239acae7268752fc424f770db4b34a6295de29540b1335d36063c3670e6cf160b92033e6ed5e74c28f147279b35811c594c73169421a4f70206a5834 )

3. Login - Phase 2

Client receive s (salt) und B (public key of Server) in Phase 1. Client build M1 and send it sto Server.

$B = $res1["B"];
$s = $res1["s"];
$x = $srp->generateX($s, $username, $password);
$S = $srp->generateS_Client($A, $B, $a, $x);
$M1 = $srp->generateM1($A, $B, $S);
$send = array("phase" => 2, "M1" => $M1);

Send

Array ( [phase] => 2 [M1] => cda0bb10eda9b992c8cf83066780ff8d63214dd8c1fd550230a8e593b7f719b9 )

Recive

Array ( [success] => 1 [M2] => 467d44ccf3afb833c5d2a28e4df1ae7f986f8da0724623241e94ea19e1db397f )

4. Server verification

Client receive M2 from Server, rebiuld and compare them and build session key

$res2 = json_decode($res["body"], true);
$M2 = $res2["M2"];
$M2_check = $srp->generateM2($A, $M1, $S);

if($M2 == $M2_check){
echo "SUCCESS;";
$K = $srp->generateK($S);
echo "SESSION KEY: ".$K;
}

Output

SUCCESS;SESSION KEY: 03588249daf241edb9283010e9f361accfac456953507850143481c7d61b0aea