SRP PHP Client

PHP Client for Login over Secure Remote Password Protocol

1. registrate

getRandomSeed(); $x = $srp->generateX($s, $username, $password); $v = $srp->generateV($x); $send = array("phase" => 0, "I" => $username, "v" => $v, "s" => $s); $res = curl::exec(array("url" => $server_url, "method" => 'POST', 'postfields' => $send, "cookies" => $cookies)); $cookies = $res["cookie"]; ?>

generate s (salt) and v (verifier). generated by client, stored by server


            $username = "falk";

            $password = "test123";

            $s = $srp->getRandomSeed();

            $x = $srp->generateX($s, $username, $password);

            $v = $srp->generateV($x);

            $send = array("phase" => 0, "I" => $username, "v" => $v, "s" => $s);

Send

Recive

2. Login - Phase 1

getRandomSeed(); $A = $srp->generateA($a); $send = array("phase" => 1, "I" => $username, "A" => $A); $res = curl::exec(array("url" => $server_url, "method" => 'POST', 'postfields' => $send, "cookies" => $cookies)); ?>

client generate a (private random key), A (public generated key) and send A, I (username) to server.


            $a = $srp->getRandomSeed();

            $A = $srp->generateA($a);

            $send = array("phase" => 1, "I" => $username, "A" => $A);

Send

Recive

3. Login - Phase 2

Client receive s (salt) und B (public key of Server) in Phase 1. Client build M1 and send it sto Server.

generateX($s, $username, $password); $S = $srp->generateS_Client($A, $B, $a, $x); $M1 = $srp->generateM1($A, $B, $S); $send = array("phase" => 2, "M1" => $M1); $res = curl::exec(array("url" => $server_url, "method" => 'POST', 'postfields' => $send, "cookies" => $cookies)); ?>


            $B = $res1["B"];

            $s = $res1["s"];

            $x = $srp->generateX($s, $username, $password);

            $S = $srp->generateS_Client($A, $B, $a, $x);

            $M1 = $srp->generateM1($A, $B, $S);

            $send = array("phase" => 2, "M1" => $M1);

Send

Recive

4. Server verification

Client receive M2 from Server, rebiuld and compare them and build session key


            $res2 = json_decode($res["body"], true);

            $M2 = $res2["M2"];

            $M2_check = $srp->generateM2($A, $M1, $S);

            

            if($M2 == $M2_check){

                echo "SUCCESS;";

                $K = $srp->generateK($S);

                echo "SESSION KEY: ".$K;

            }

Output

generateM2($A, $M1, $S); if($M2 == $M2_check){ echo "SUCCESS;"; $K = $srp->generateK($S); echo "SESSION KEY: ".$K; } ?>

"", "method" => 'GET', 'postfields' => array(), 'cookies' => array()); $params = array_merge($defaults, $params); $ch = curl_init($params["url"]); $headers = array(); if(count($params["cookies"]) > 0){ $cookie_line = ''; foreach ($params["cookies"] as $name => $value){ if ($cookie_line){$cookie_line .= "; ";} $cookie_line .= $name.'='.$value; } $headers[] = 'Cookie: '.$cookie_line; } curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_HEADER, 1); curl_setopt($ch, CURLOPT_HTTPHEADER, $headers); if($params["method"] == 'POST'){ curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch,CURLOPT_POSTFIELDS, $params["postfields"]); if(is_string($params["postfields"])){ $headers[] = array('Content-Type: text/plain'); } } $response = curl_exec($ch); $header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE); $header = substr($response, 0, $header_size); $body = substr($response, $header_size); curl_close($ch); //Split into lines $headers = explode("\n", $header); $cookie_lines = preg_grep('/^Set-Cookie:/', $headers); $cookies = array(); foreach ($cookie_lines as $cookie_line){ $cookie_line = current(explode(";", substr($cookie_line, strlen("Set-Cookie: ")))); $cookie_name = substr($cookie_line, 0, strpos($cookie_line, "=")); $cookies[$cookie_name] = substr($cookie_line, strpos($cookie_line, "=") + 1); } return array( "body" => $body, "header" => $headers, "cookie" => $cookies ); } }