SRP PHP Client

PHP Client for Login over Secure Remote Password Protocol

1. registrate

generate s (salt) and v (verifier). generated by client, stored by server

$username = "falk";
$password = "test123";
$s = $srp->getRandomSeed();
$x = $srp->generateX($s, $username, $password);
$v = $srp->generateV($x);
$send = array("phase" => 0, "I" => $username, "v" => $v, "s" => $s);

Send

Array ( [phase] => 0 [I] => falk [v] => 618a8063f9b9479987e65fd067d6a2b81a3494fa756faece209ed20d0a78baf5174c4d747726c0b31f68368fca419b2957b8d81e06fdcf4e05ab943774c77cb [s] => 3a9d6b0965c4e9b330d5361f5d65595d3ca494c3495d92cc2fe0eb063147aa767c1b8aa02651846058663a9531fb8eee160cc359180e48836a6cc39d4d6bcc4b )

Recive

Array ( [success] => 1 )

2. Login - Phase 1

client generate a (private random key), A (public generated key) and send A, I (username) to server.

$a = $srp->getRandomSeed();
$A = $srp->generateA($a);
$send = array("phase" => 1, "I" => $username, "A" => $A);

Send

Array ( [phase] => 1 [I] => falk [A] => 7a5d4d0a8e3adc8f8aafaaa46647181b7f8570541951efaa6153981da5ab57828c21bd3f88f5aba3e4b8561feeadbf39e052dd159266028a3a12260537b2b41d )

Recive

Array ( [success] => 1 [B] => 48a83d2badf38893a52d9d41afaa10ebd390bce0a6b792feaba2e503f0ca7858360c438e9cce371ed3978db0a6a441770da5ee27289afe863fca304e67a663850df08d968fb1734ee678649a02b147f56deb8cc79a9cf4c57b9b8cf3526cd0f [s] => 3a9d6b0965c4e9b330d5361f5d65595d3ca494c3495d92cc2fe0eb063147aa767c1b8aa02651846058663a9531fb8eee160cc359180e48836a6cc39d4d6bcc4b )

3. Login - Phase 2

Client receive s (salt) und B (public key of Server) in Phase 1. Client build M1 and send it sto Server.

$B = $res1["B"];
$s = $res1["s"];
$x = $srp->generateX($s, $username, $password);
$S = $srp->generateS_Client($A, $B, $a, $x);
$M1 = $srp->generateM1($A, $B, $S);
$send = array("phase" => 2, "M1" => $M1);

Send

Array ( [phase] => 2 [M1] => 7adb91fa76875ad41cb4636af82b909d247bfdc5fccb0c2f3541745aa74b3cff )

Recive

Array ( [success] => 1 [M2] => e8db7c645faa18e1bef513a2e10ca1219616eef33a12fb6b0705a1dc5d6373db )

4. Server verification

Client receive M2 from Server, rebiuld and compare them and build session key

$res2 = json_decode($res["body"], true);
$M2 = $res2["M2"];
$M2_check = $srp->generateM2($A, $M1, $S);

if($M2 == $M2_check){
echo "SUCCESS;";
$K = $srp->generateK($S);
echo "SESSION KEY: ".$K;
}

Output

SUCCESS;SESSION KEY: 3b2062e361e443b0a2840a1b995253c3228584d048aa0a30e1f7ae9b2fc8bea6