Hello, did you tried to actually set a fixed IV in the cfg? Otherwise it will generate a random IV.
https://www.kamailio.org/docs/modules/devel/modules/crypto.html#crypto.p.init_vector This was added to provider interoperability to other implementations. Cheers, Henning -- Henning Westerholt – https://skalatan.de/blog/ Kamailio services – https://gilawa.com<https://gilawa.com/> From: Arsenijs Kabihno <[email protected]> Sent: Monday, January 9, 2023 1:54 PM To: [email protected] Subject: [SR-Users] Kamailio Crypto module and 3rd party openssl Hello, I am trying to make use of crypto module. The scenario is the following: 1. Encrypt plaintext passwords on kamailio side using crypto_aes_encrypt function of crypto module 2. Decrypt them outside of kamailio using 3rd party tools, such as PHP openssl_decrypt Crypto module parametrs are the following: modparam("crypto", "salt", "") modparam("crypto", "key_derivation", 0) If encryption and decription are handled by kamailio, the initial password matches the decrypted string (initial password -> encrypted string -> decrypted string) For example: sql_query("ds_dburl", "select secret from kamailio_sip_buddies where username='$au'", "secret"); $avp(secret_plain) = $dbr(secret=>[0,0]); //value: 'kamailio' crypto_aes_encrypt("$avp(secret_plain)", "YUZySHVtdlVTYjI0TGJNd3JTeVV0MlRaRWFraFNBRlM=", "$var(encrypted)"); //value: 'qfOqTMoJMgGAherGCqLRRQc4zTlqsEj3MEtcORurFf0=' crypto_aes_decrypt("$avp(secret_plain)", "YUZySHVtdlVTYjI0TGJNd3JTeVV0MlRaRWFraFNBRlM=", "$var(decrypted)"); //value: 'kamailio' But in case I try to decrypt the value of $var(encrypted) using PHP openssl_decrypt or online tool like https://www.devglan.com/online-tools/aes-encryption-decryption, I am getting the result 'kamailio' prepended by 16 random bytes, like: 6“¤›¿Ð+IÊ\ñžïZkamailio or 6�����+I\��Zkamailio I believe this 16 bytes are actually random initialization vector in some encoding. Possibly kamailio is trimming them from result here: https://github.com/kamailio/kamailio/blob/master/src/modules/crypto/crypto_mod.c#L511 Moreover, if secret was encrypted using crypto_aes_encrypt and random IV, you can use any IV while decrypting and get 16 different bytes+result Please advice if someone have used crypto module in similar way and what are the possible ways to acheive results consistency
__________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to [email protected] Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
