SRP PHP Client

PHP Client for Login over Secure Remote Password Protocol

1. registrate

generate s (salt) and v (verifier). generated by client, stored by server

$username = "falk";
$password = "test123";
$s = $srp->getRandomSeed();
$x = $srp->generateX($s, $username, $password);
$v = $srp->generateV($x);
$send = array("phase" => 0, "I" => $username, "v" => $v, "s" => $s);

Send

Array ( [phase] => 0 [I] => falk [v] => 4eaede2adec30323e8bbe1468a8cd61b0bd05cd3cb4f40eab42e1b2c6682aed949c1d3fed804d213b0c069207eb1a4c1a6d98c8c2e06d7713f9fa5b22aaaadbd [s] => 35d829d313e233356a430a5a4b706c625a63bc034f73eb17680362fd46153f81a7125557fd1b45035fdfc5b3798bbe44dcb1b7745099fc122a74f0f60b9b3cf3 )

Recive

Array ( [success] => 1 )

2. Login - Phase 1

client generate a (private random key), A (public generated key) and send A, I (username) to server.

$a = $srp->getRandomSeed();
$A = $srp->generateA($a);
$send = array("phase" => 1, "I" => $username, "A" => $A);

Send

Array ( [phase] => 1 [I] => falk [A] => 6f7f3dd35dc517ff3dc32c717f726d12f31cadc2203c88c55af6ca8923b7907edd37752376d758e806d4332631e9c771b7ea4cdb8b9e43cf6e85b6e8da85e3bb )

Recive

Array ( [success] => 1 [B] => 3a9c30b2b44455dc7797e06aa6b317e7a647d7fc309f2aba36b7be4a0e5d411d24ef23fb946601f0eacde0206eaf7f4ab175e3ae3abf1c61a448b39763c7803893bb89e92bc413445b8d179bf7e4425d140e11e9b2aaabb437b29eee3c582fd9 [s] => 35d829d313e233356a430a5a4b706c625a63bc034f73eb17680362fd46153f81a7125557fd1b45035fdfc5b3798bbe44dcb1b7745099fc122a74f0f60b9b3cf3 )

3. Login - Phase 2

Client receive s (salt) und B (public key of Server) in Phase 1. Client build M1 and send it sto Server.

$B = $res1["B"];
$s = $res1["s"];
$x = $srp->generateX($s, $username, $password);
$S = $srp->generateS_Client($A, $B, $a, $x);
$M1 = $srp->generateM1($A, $B, $S);
$send = array("phase" => 2, "M1" => $M1);

Send

Array ( [phase] => 2 [M1] => 7dfb177e53aaa22572606e655763f19cf4ad3fc690fe94dc196d29ada99b34a9 )

Recive

Array ( [success] => 1 [M2] => da4fdc4bcef28a1cb5945375d50451c2902ecad1ff8c2f8fa347730cd0caf9a0 )

4. Server verification

Client receive M2 from Server, rebiuld and compare them and build session key

$res2 = json_decode($res["body"], true);
$M2 = $res2["M2"];
$M2_check = $srp->generateM2($A, $M1, $S);

if($M2 == $M2_check){
echo "SUCCESS;";
$K = $srp->generateK($S);
echo "SESSION KEY: ".$K;
}

Output

SUCCESS;SESSION KEY: 2003a9de29a0db8d8b097ba87d84f36891380862bc01f0abea34458cb23840be