Hello,
did you tried to actually set a fixed IV in the cfg? Otherwise it will generate a random
IV.
https://www.kamailio.org/docs/modules/devel/modules/crypto.html#crypto.p.in…
This was added to provider interoperability to other implementations.
Cheers,
Henning
--
Henning Westerholt –
https://skalatan.de/blog/
Kamailio services –
https://gilawa.com<https://gilawa.com/>
From: Arsenijs Kabihno <a.kabihno(a)dynatech.lv>
Sent: Monday, January 9, 2023 1:54 PM
To: sr-users(a)lists.kamailio.org
Subject: [SR-Users] Kamailio Crypto module and 3rd party openssl
Hello,
I am trying to make use of crypto module. The scenario is the following:
1. Encrypt plaintext passwords on kamailio side using crypto_aes_encrypt function of
crypto module
2. Decrypt them outside of kamailio using 3rd party tools, such as PHP
openssl_decrypt
Crypto module parametrs are the following:
modparam("crypto", "salt", "")
modparam("crypto", "key_derivation", 0)
If encryption and decription are handled by kamailio, the initial password matches the
decrypted string (initial password -> encrypted string -> decrypted string)
For example:
sql_query("ds_dburl", "select secret from kamailio_sip_buddies where
username='$au'", "secret");
$avp(secret_plain) = $dbr(secret=>[0,0]); //value: 'kamailio'
crypto_aes_encrypt("$avp(secret_plain)",
"YUZySHVtdlVTYjI0TGJNd3JTeVV0MlRaRWFraFNBRlM=", "$var(encrypted)");
//value: 'qfOqTMoJMgGAherGCqLRRQc4zTlqsEj3MEtcORurFf0='
crypto_aes_decrypt("$avp(secret_plain)",
"YUZySHVtdlVTYjI0TGJNd3JTeVV0MlRaRWFraFNBRlM=", "$var(decrypted)");
//value: 'kamailio'
But in case I try to decrypt the value of $var(encrypted) using PHP openssl_decrypt or
online tool like
https://www.devglan.com/online-tools/aes-encryption-decryption, I am
getting the result 'kamailio' prepended by 16 random bytes, like:
6“¤›¿Ð+IÊ\ñžïZkamailio
or
6�����+I\��Zkamailio
I believe this 16 bytes are actually random initialization vector in some encoding.
Possibly kamailio is trimming them from result here:
https://github.com/kamailio/kamailio/blob/master/src/modules/crypto/crypto_…
Moreover, if secret was encrypted using crypto_aes_encrypt and random IV, you can use any
IV while decrypting and get 16 different bytes+result
Please advice if someone have used crypto module in similar way and what are the possible
ways to acheive results consistency