Table of Contents
List of Examples
salt parameterregister_callid parameterregister_evcb parameterkevcb_netio parameternetio_key parametercrypto_aes_encrypt usagecrypto_aes_decrypt usagecrypto_netio_in usagecrypto_netio_out usagecrypto_netio_encrypt usagecrypto_netio_decrypt usageevent_route[crypto:netio] usageTable of Contents
This module provides various cryptography tools for use in Kamailio configuration file.
It relies on OpenSSL libraries for cryptographic operations (libssl, libcrypto).
A keyword to generate salt for encryption. It must be at least 8 chars long. If set to empty, no salt is used for encryption.
The salt is a binary array that is appended to the encryption password for better protection against dictionary attacks. Same salt and password need to be when encrypting and decrypting.
Default value is "..." (see code).
Set it to 1 in order to register a callback to core for generation of callid values for requests generated by Kamailio tm module.
This callid generator uses libssl random and hashing functions for generating RFC 4122 version 4 UUID with high quality entropy. It is useful when wanting to have new callids that cannot be predicted from previous values.
Default value is 0.
Set it to 1 in order to register the event route callbacks, in case AES encryption/decryption of SIP traffic is wanted. The event_route[crypto:netio] or corresponding KEMI callback are executed.
Default value is 0.
Encrypts the text with the key using AES encryption algorithm. The result is encoded in base64 format and stored in res. The parameter res must be a read-write variables. The parameters text and key can be static strings or strings with variables (dynamic strings).
This function can be used from ANY_ROUTE.
Example 1.6. crypto_aes_encrypt usage
...
crypto_aes_encrypt("$rb", "my-secret-key", "$var(encrypted)");
...
Decrypts the text with the key using AES encryption algorithm. The text has to be encoded in base64 format. The parameter res must be a read-write variables. The parameters text and key can be static strings or strings with variables (dynamic strings).
This function can be used from ANY_ROUTE.
Example 1.7. crypto_aes_decrypt usage
...
crypto_aes_decrypt("$var(encrypted)", "my-secret-key", "$var(text)");
...
Return 1 (true) if it is an incoming net message, or -1 (false) otherwise.
This function can be used from EVENT_ROUTE.
Example 1.8. crypto_netio_in usage
...
event_route[crypto:netio] {
if(crypto_netio_in()) {
crypto_netio_decrypt();
}
...
Return 1 (true) if it is an outgoing net message, or -1 (false) otherwise.
This function can be used from EVENT_ROUTE.
Example 1.9. crypto_netio_out usage
...
event_route[crypto:netio] {
if(crypto_netio_out()) {
crypto_netio_encrypt();
}
...
Example 1.12. event_route[crypto:netio] usage
...
# ----- crypto params -----
modparam("crypto", "register_evcb", 1)
modparam("crypto", "netio_key", "strong-password-here")
...
event_route[crypto:netio] {
if(crypto_netio_in()) {
if(src_port==5060) {
crypto_netio_decrypt();
}
} else {
if($sndto(port)==5060) {
crypto_netio_encrypt();
}
}
}
# Main SIP request routing logic
request_route {
sl_send_reply("200", "ok");
if(src_port==5060) {
$du = "sip:127.0.0.1:9";
forward();
} else {
$du = "sip:127.0.0.1:5060";
forward();
}
exit;
}
...