Hello and thank you!
Yes, I did tried that, but unfortunately it doesn't change the way how 3rd party openssl decrypted string looks, the only difference is that in case of fixed IV first 16 symbols of string are the same for any password.
For example: Password: kamailio Encoded: QVFMbEZ4MzZpQ1dPNEp3SsEUkYkN9MYynvOmKYddD6A= Decoded: çò<õ"×ÅÇR*u¢þn½Ýkamailio
Password: kamailio_qwerty123 Encoded: QVFMbEZ4MzZpQ1dPNEp3Sju/bdBKyeVCEgiRrvpBdGs36brwNM+VqNmAzbeQTiy7 Decoded: çò<õ"×ÅÇR*u¢þn½Ýkamailio_qwerty123
Best regards, Arsenijs
________________________________ From: Henning Westerholt hw@gilawa.com Sent: Monday, January 9, 2023 16:00 To: Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org Cc: Arsenijs Kabihno a.kabihno@dynatech.lv Subject: RE: Kamailio Crypto module and 3rd party openssl
Hello,
did you tried to actually set a fixed IV in the cfg? Otherwise it will generate a random IV.
https://www.kamailio.org/docs/modules/devel/modules/crypto.html#crypto.p.ini...
This was added to provider interoperability to other implementations.
Cheers,
Henning
--
Henning Westerholt – https://skalatan.de/blog/
Kamailio services – https://gilawa.comhttps://gilawa.com/
From: Arsenijs Kabihno a.kabihno@dynatech.lv Sent: Monday, January 9, 2023 1:54 PM To: sr-users@lists.kamailio.org Subject: [SR-Users] Kamailio Crypto module and 3rd party openssl
Hello,
I am trying to make use of crypto module. The scenario is the following:
1. Encrypt plaintext passwords on kamailio side using crypto_aes_encrypt function of crypto module
2. Decrypt them outside of kamailio using 3rd party tools, such as PHP openssl_decrypt
Crypto module parametrs are the following:
modparam("crypto", "salt", "") modparam("crypto", "key_derivation", 0)
If encryption and decription are handled by kamailio, the initial password matches the decrypted string (initial password -> encrypted string -> decrypted string)
For example:
sql_query("ds_dburl", "select secret from kamailio_sip_buddies where username='$au'", "secret");
$avp(secret_plain) = $dbr(secret=>[0,0]); //value: 'kamailio'
crypto_aes_encrypt("$avp(secret_plain)", "YUZySHVtdlVTYjI0TGJNd3JTeVV0MlRaRWFraFNBRlM=", "$var(encrypted)"); //value: 'qfOqTMoJMgGAherGCqLRRQc4zTlqsEj3MEtcORurFf0='
crypto_aes_decrypt("$avp(secret_plain)", "YUZySHVtdlVTYjI0TGJNd3JTeVV0MlRaRWFraFNBRlM=", "$var(decrypted)"); //value: 'kamailio'
But in case I try to decrypt the value of $var(encrypted) using PHP openssl_decrypt or online tool like https://www.devglan.com/online-tools/aes-encryption-decryption, I am getting the result 'kamailio' prepended by 16 random bytes, like:
6“¤›¿Ð+IÊ\ñžïZkamailio
or
6�����+I\��Zkamailio
I believe this 16 bytes are actually random initialization vector in some encoding.
Possibly kamailio is trimming them from result here:
https://github.com/kamailio/kamailio/blob/master/src/modules/crypto/crypto_m...
Moreover, if secret was encrypted using crypto_aes_encrypt and random IV, you can use any IV while decrypting and get 16 different bytes+result
Please advice if someone have used crypto module in similar way and what are the possible ways to acheive results consistency