SRP PHP Client

PHP Client for Login over Secure Remote Password Protocol

1. registrate

generate s (salt) and v (verifier). generated by client, stored by server

$username = "falk";
$password = "test123";
$s = $srp->getRandomSeed();
$x = $srp->generateX($s, $username, $password);
$v = $srp->generateV($x);
$send = array("phase" => 0, "I" => $username, "v" => $v, "s" => $s);

Send

Array ( [phase] => 0 [I] => falk [v] => 1c6f2d17a251172970af7c90152796a1cdecfa563c0a8fbebd7b1f090278a447abf9c888e644d6cc3bf09b03f5bad03542a47408c14e28d39f29194abd2f0c22 [s] => 5e3e8d295bad5eb66dc3d1640be447816608ae1100a0dde24a1e6ba7ef5823306c3d276c76d0ea323e0e525e884bcff09adc1ff5324c6e63d2992ac0630955f8 )

Recive

Array ( [success] => 1 )

2. Login - Phase 1

client generate a (private random key), A (public generated key) and send A, I (username) to server.

$a = $srp->getRandomSeed();
$A = $srp->generateA($a);
$send = array("phase" => 1, "I" => $username, "A" => $A);

Send

Array ( [phase] => 1 [I] => falk [A] => a847f4dd5a38558882d462892874dce5a4efc93b3c5c95f79403367b79d033021bbabbedef8367cbe783a13756e1a52685613802e04f450de042e017be30a74b )

Recive

Array ( [success] => 1 [B] => 152e2ca94bfc4834322eb19c8b3402852189a19e35c012988170c3bed11332ad8a0417b047ed29f0f535ae16746930283fef0cc7c3c2a9b9f1f98cf7f3b324a7dfbe41358d17546055c1a3bb4239d65c784bd0a03f00b6359dd2d88bae1ee51a [s] => 5e3e8d295bad5eb66dc3d1640be447816608ae1100a0dde24a1e6ba7ef5823306c3d276c76d0ea323e0e525e884bcff09adc1ff5324c6e63d2992ac0630955f8 )

3. Login - Phase 2

Client receive s (salt) und B (public key of Server) in Phase 1. Client build M1 and send it sto Server.

$B = $res1["B"];
$s = $res1["s"];
$x = $srp->generateX($s, $username, $password);
$S = $srp->generateS_Client($A, $B, $a, $x);
$M1 = $srp->generateM1($A, $B, $S);
$send = array("phase" => 2, "M1" => $M1);

Send

Array ( [phase] => 2 [M1] => 140108e57c475b11a53c9b0553d740d52c0359601eb94d69236d94d17bcf3318 )

Recive

Array ( [success] => 1 [M2] => 00f32c2619cb9eb319b7f7825fbcc7592003928aeb26e3c001db076e888d4085 )

4. Server verification

Client receive M2 from Server, rebiuld and compare them and build session key

$res2 = json_decode($res["body"], true);
$M2 = $res2["M2"];
$M2_check = $srp->generateM2($A, $M1, $S);

if($M2 == $M2_check){
echo "SUCCESS;";
$K = $srp->generateK($S);
echo "SESSION KEY: ".$K;
}

Output

SUCCESS;SESSION KEY: d8a78390321065abffd313d324c97d70720b7d48c398b18d315af748ed4ef2c3