PHP code example of windwalker / srp

1. Go to this page and download the library: Download windwalker/srp library. Choose the download type require.

2. Extract the ZIP file and open the index.php.

3. Add this code to the index.php.
    
        
<?php
require_once('vendor/autoload.php');

/* Start to develop here. Best regards https://php-download.com/ */

    

windwalker / srp example snippets


use Windwalker\SRP\SRPServer;
use Windwalker\SRP\SRPClient;

$server = new SRPServer(
    SRPServer::DEFAULT_PRIME, // 217661744586174357731910088918027537819...
    SRPServer::DEFAULT_GENERATOR, // 02
    SRPServer::DEFAULT_KEY, // 5b9e8ef059c6b32ea59fc1d322d37f04aa30bae5aa9003b8321e21ddb04e300
);

use Brick\Math\BigInteger;
use Windwalker\SRP\SRPServer;
use Windwalker\SRP\SRPClient;

$server = new SRPServer(
    BigInteger::of(SRPServer::DEFAULT_PRIME),
    BigInteger::of(SRPServer::DEFAULT_GENERATOR),
    BigInteger::fromBase(SRPServer::DEFAULT_KEY, 16),
);

use Windwalker\SRP\SRPServer;

$config = [
    'prime' => SRPServer::DEFAULT_PRIME, // 217661744586174357731910088918027537819...
    'generator' => SRPServer::DEFAULT_GENERATOR, // 02
    'key' => SRPServer::DEFAULT_KEY, // 5b9e8ef059c6b32ea59fc1d322d37f04aa30bae5aa9003b8321e21ddb04e300
];

use Windwalker\SRP\SRPServer;
use Windwalker\SRP\SRPClient;

$server = SRPServer::create();
$client = SRPClient::create();

use Windwalker\SRP\SRPServer;

// Set the secret size
$server->setSize(512); // Default is 256
// Same as
$server->setLength(64);


// Set Hash algo,  default is `sha256`
$server->setHaser('sha1');
$server->setHaser('sha256');
$server->setHaser('sha384');
$server->setHaser('sha512');

// Blake2b will use sodium ext to hash it.
$server->setHaser('blake2b-256');
$server->setHaser('blake2b-224');
$server->setHaser('blake2b-384');
$server->setHaser('blake2b-512');

// Set custom hash logic
$server->setHaser(fn(string $str) => ...);


// Disable padding
$server->enablePad(false);

use Windwalker\SRP\SRPServer;
use Windwalker\SRP\SRPClient;

$server = SRPServer::create();
$client = SRPClient::create();

// Register page: User input identify and password.
$identity = '...';
$password = '...';

// Register: generate new salt & verifier
$pf = $client->register($identity, $password);
$salt = $pf->salt; // BigInteger object
$verifier = $pf->verifier; // BigInteger object

// Use toBase(16) convert to hex string
$salt->toBase(16);
$verifier->toBase(16);

// Send to Server store

// Login start
// AJAX:hello?{identity} - Server step (1)
// salt & verifier has already stored on user data, server can get it from DB
// b & B must remember on session, we will use it at following steps.
$r = $server->step1($identity, $salt, $verifier);
$b = $r->secret; // BigInteger object
$B = $r->public; // BigInteger object

// Server hello: returns B & salt to client

// Client step (1) & (2)
$pr = $client->step1($identity, $password, $salt);
$a = $pr->secret;
$A = $pr->public;
$x = $pr->hash;

$pr = $client->step2($identity, $salt, $A, $a, $B, $x);
$K = $pr->key;
$M1 = $pr->proof;

// AJAX:authenticate?{identity,A,M1} - Server step (2)
// Send identity & A & M1 to server and compare it.
// The salt & verifier stored on user data, get it from DB.
// The b, B stored in session state, get and clear them.
$pr = $server->step2($identity, $salt, $verifier, $A, $B, $b, $M1);
$M2 = $pr->proof;

// Server returns M2 to Client
// Client step (3) (optional)
$client->step3($A, $K, $M1, $M2);

// If all passed, should not throw any exceptions.