SRP PHP Client

PHP Client for Login over Secure Remote Password Protocol

1. registrate

generate s (salt) and v (verifier). generated by client, stored by server

$username = "falk";
$password = "test123";
$s = $srp->getRandomSeed();
$x = $srp->generateX($s, $username, $password);
$v = $srp->generateV($x);
$send = array("phase" => 0, "I" => $username, "v" => $v, "s" => $s);

Send

Array ( [phase] => 0 [I] => falk [v] => a07b12f15619d9ed2fa5f60f3c75075e16b257a38325c83a55b5c635325eedfd4d988e99fb653fa74927f5e6cd10485655a98382d7a7a9aca90da8b22780b694 [s] => 4839f55b5677c6ab8a91d3b185daa251fad8f0926511813443709c45430d8e306455a2448332587c11f87a53d8addb151cb360493b6a8d748f46ce7dacfa6c4e )

Recive

Array ( [success] => 1 )

2. Login - Phase 1

client generate a (private random key), A (public generated key) and send A, I (username) to server.

$a = $srp->getRandomSeed();
$A = $srp->generateA($a);
$send = array("phase" => 1, "I" => $username, "A" => $A);

Send

Array ( [phase] => 1 [I] => falk [A] => 5d1f99e5368368c2a65116ffb06792c4ffa5d88f4e52235b7c7b0001a5213b0cdf3aad3ff5784c96179c8a15bfc5fb8784e34ce619ef192006b4a9918761313f )

Recive

Array ( [success] => 1 [B] => 778a4efeed0685db875901b51ce3d213364a46d2360bc9ff132353b18f2b1e158a97986161a2e8f06546b76cc6b891144638e07132f11db1b9592a1b129cdf808e48931036871926e6f27070058ff9e20643f698a703b7e38486aae0fee9078a [s] => 4839f55b5677c6ab8a91d3b185daa251fad8f0926511813443709c45430d8e306455a2448332587c11f87a53d8addb151cb360493b6a8d748f46ce7dacfa6c4e )

3. Login - Phase 2

Client receive s (salt) und B (public key of Server) in Phase 1. Client build M1 and send it sto Server.

$B = $res1["B"];
$s = $res1["s"];
$x = $srp->generateX($s, $username, $password);
$S = $srp->generateS_Client($A, $B, $a, $x);
$M1 = $srp->generateM1($A, $B, $S);
$send = array("phase" => 2, "M1" => $M1);

Send

Array ( [phase] => 2 [M1] => 4ba0e207ec6154ca6bf1dd9656edcee99fe84d2e539e2a4c94ffbe761fdf5a70 )

Recive

Array ( [success] => 1 [M2] => 9edf389559f2c44cafca053d18b43d2a791b6391d80117c16d6c7716f1e7a094 )

4. Server verification

Client receive M2 from Server, rebiuld and compare them and build session key

$res2 = json_decode($res["body"], true);
$M2 = $res2["M2"];
$M2_check = $srp->generateM2($A, $M1, $S);

if($M2 == $M2_check){
echo "SUCCESS;";
$K = $srp->generateK($S);
echo "SESSION KEY: ".$K;
}

Output

SUCCESS;SESSION KEY: 16800d100d1473e8dd19fc5d4537ab88f61f20a5d565ffd2844eccbce4bb5c14