[SR-Users] Kamailio 5.5 STIR SHAKEN private key buffer size error

Daniel-Constantin Mierla miconda at gmail.com
Tue Jun 28 08:08:24 CEST 2022 

Note that kamailio has another module that offer StIR/SHAKEN
capabilities, respectively the secsipid module. You can try to use it,
this one I maintain and if there is any issue found, I am going to fix it.

All the best,
Daniel

On 28.06.22 04:41, Maharaja Azhagiah wrote:
> Thank you very much, Muhammad
>
> I tried reducing the SSL key bit length to 1024 but the buffer is
> still less than the key size. Hence, I submitted an issue with
> signalwire. I appreciate your help. 
>
> Regards
>
> *Maharaja Azhagiah*
>
>
>
>
>
>
> On Mon, Jun 27, 2022 at 10:05 PM M S <shaheryarkh at gmail.com> wrote:
>
>     This error is  seems to come from libstirshaken
>     (https://github.com/signalwire/libstirshaken/blob/master/include/stir_shaken.h
>     line 46) and has nothing to do with Kamailio. Please open a bug
>     with signalwire who owns and maintains this library.
>
>     Per my understanding this library is bit old and uses many
>     deprecated functions and needs updating. As a general rule of
>     thumb, in PEM format, the private key size in bytes is roughly 80%
>     (4/5) of key size in bits e.g. 4096 bit private key size would be
>     roughly,
>
>     (4096 * 4) / 5 ~= 3277 byes
>
>     which is too big for allowed size (2000 byes) in libstirshaken.
>     So, either increasing the allowed size in libstirshaken OR
>     reducing your SSL key bit length to e.g. 1024 may work.
>
>     Thank you.
>
>     --
>     Muhammad Shahzad Shafi
>     Tel: +49 176 99 83 10 85
>
>
>
>     On Mon, Jun 27, 2022 at 11:07 PM Maharaja Azhagiah
>     <er.maharaja at gmail.com> wrote:
>
>         Hi,
>
>         I am trying STIR/SHAKEN using libstirshaken in Kamailio 5.5.
>
>         I used a self signed certificate as this is just a test in the
>         local docker environment. However, when I try to add identity
>         with private key (stirshaken_add_identity_with_key), I get
>         "[error_code: 447] Buffer for key from file
>         /tmp/cert/private.pem too short (2000 <= 3247)"
>
>         I have tried using 2048 and 4096 size
>
>         root at 5907e44bd056:/tmp/cert# openssl rsa -in private.pem -text
>         -noout | grep "Private-Key"
>         RSA Private-Key: (4096 bit, 2 primes)
>
>         Could you tell me what is wrong with the certificate?
>
>         Kamailio version:
>
>         root at 5907e44bd056:/usr/local/kamailio/etc/kamailio# kamailio -v
>         version: kamailio 5.5.4 (x86_64/linux) 469465
>
>         Error:
>
>          0(404) ERROR: {1 30587 INVITE
>         NzIhM1-2YABveZZ1mPvs3m3tw8K7meSq} stirshaken
>         [stirshaken_mod.c:761]: ki_stirshaken_add_identity_with_key():
>         Failed to load private key
>          0(404) DEBUG: {1 30587 INVITE
>         NzIhM1-2YABveZZ1mPvs3m3tw8K7meSq} stirshaken
>         [stirshaken_mod.c:117]: stirshaken_print_error_details():
>         failure details:
>          0(404) DEBUG: {1 30587 INVITE
>         NzIhM1-2YABveZZ1mPvs3m3tw8K7meSq} stirshaken
>         [stirshaken_mod.c:118]: stirshaken_print_error_details():
>         failure reason is: src/stir_shaken_ssl.c:2112: [error_code:
>         447] Buffer for key from file /tmp/cert/private.pem too short
>         (2000 <= 3247)
>          0(404) DEBUG: {1 30587 INVITE
>         NzIhM1-2YABveZZ1mPvs3m3tw8K7meSq} stirshaken
>         [stirshaken_mod.c:119]: stirshaken_print_error_details():
>         failure error code is: 447
>          0(404) ERROR: {1 30587 INVITE
>         NzIhM1-2YABveZZ1mPvs3m3tw8K7meSq} <script>: Failed
>
>         Regards
>
>         *Maharaja Azhagiah*
>
>
>
>
>         __________________________________________________________
>         Kamailio - Users Mailing List - Non Commercial Discussions
>           * sr-users at lists.kamailio.org
>         Important: keep the mailing list in the recipients, do not
>         reply only to the sender!
>         Edit mailing list options or unsubscribe:
>           * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
>     __________________________________________________________
>     Kamailio - Users Mailing List - Non Commercial Discussions
>       * sr-users at lists.kamailio.org
>     Important: keep the mailing list in the recipients, do not reply
>     only to the sender!
>     Edit mailing list options or unsubscribe:
>       * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
>
> __________________________________________________________
> Kamailio - Users Mailing List - Non Commercial Discussions
>   * sr-users at lists.kamailio.org
> Important: keep the mailing list in the recipients, do not reply only to the sender!
> Edit mailing list options or unsubscribe:
>   * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

-- 
Daniel-Constantin Mierla -- www.asipto.com
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Kamailio Advanced Training - Online: June 20-23, 2022
  * https://www.asipto.com/sw/kamailio-advanced-training-online/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20220628/313487fd/attachment.htm>

More information about the sr-users mailing list