CRYPTO Module

Daniel-Constantin Mierla

Edited by

Daniel-Constantin Mierla


Table of Contents

1. Admin Guide
1. Overview
2. Dependencies
2.1. Kamailio Modules
2.2. External Libraries or Applications
3. Parameters
3.1. salt (str)
3.2. register_callid (int)
4. Functions
4.1. crypto_aes_encrypt(text, key, res)
4.2. crypto_aes_decrypt(text, key, res)

List of Examples

1.1. Set salt parameter
1.2. Set register_callid parameter
1.3. crypto_aes_encrypt usage
1.4. crypto_aes_decrypt usage

Chapter 1. Admin Guide

1. Overview

This module provides various cryptography tools for use in Kamailio configuration file.

It relies on OpenSSL libraries for cryptographic operations (libssl, libcrypto).

2. Dependencies

2.1. Kamailio Modules

The following modules must be loaded before this module:

  • none.

2.2. External Libraries or Applications

The following libraries or applications must be installed before running Kamailio with this module loaded:

  • libcrypto - part of OpenSSL project

3. Parameters

3.1. salt (str)

A keyword to generate salt for encryption. It must be at least 8 chars long. If set to empty, no salt is used for encryption.

The salt is a binary array that is appended to the encryption password for better protection against dictionary attacks. Same salt and password need to be when encrypting and decrypting.

Default value is "..." (see code).

Example 1.1. Set salt parameter

...
modparam("crypto", "salt", "l0Bh2M8a")
...

3.2. register_callid (int)

Set it to 1 in order to register a callback to core for generation of callid values for requests generated by Kamailio tm module.

This callid generator uses libssl random and hashing functions for generating RFC 4122 version 4 UUID with high quality entropy. It is useful when wanting to have new callids that cannot be predicted from previous values.

Default value is 0.

Example 1.2. Set register_callid parameter

...
modparam("crypto", "register_callid", 1)
...

4. Functions

4.1.  crypto_aes_encrypt(text, key, res)

Encrypts the text with the key using AES encryption algorithm. The result is encoded in base64 format and stored in res. The parameter res must be a read-write variables. The parameters text and key can be static strings or strings with variables (dynamic strings).

This function can be used from ANY_ROUTE.

Example 1.3. crypto_aes_encrypt usage

...
crypto_aes_encrypt("$rb", "my-secret-key", "$var(encrypted)");
...

4.2.  crypto_aes_decrypt(text, key, res)

Decrypts the text with the key using AES encryption algorithm. The text has to be encoded in base64 format. The parameter res must be a read-write variables. The parameters text and key can be static strings or strings with variables (dynamic strings).

This function can be used from ANY_ROUTE.

Example 1.4. crypto_aes_decrypt usage

...
crypto_aes_decrypt("$var(encrypted)", "my-secret-key", "$var(text)");
...