Table of Contents
List of Examples
salt
parameterregister_callid
parameterregister_evcb
parameterkevcb_netio
parameternetio_key
parametercrypto_aes_encrypt
usagecrypto_aes_decrypt
usagecrypto_netio_in
usagecrypto_netio_out
usagecrypto_netio_encrypt
usagecrypto_netio_decrypt
usageevent_route[crypto:netio]
usageTable of Contents
This module provides various cryptography tools for use in Kamailio configuration file.
It relies on OpenSSL libraries for cryptographic operations (libssl, libcrypto).
A keyword to generate salt for encryption. It must be at least 8 chars long. If set to empty, no salt is used for encryption.
The salt is a binary array that is appended to the encryption password for better protection against dictionary attacks. Same salt and password need to be when encrypting and decrypting.
Default value is "..." (see code).
Set it to 1 in order to register a callback to core for generation of callid values for requests generated by Kamailio tm module.
This callid generator uses libssl random and hashing functions for generating RFC 4122 version 4 UUID with high quality entropy. It is useful when wanting to have new callids that cannot be predicted from previous values.
Default value is 0.
Set it to 1 in order to register the event route callbacks, in case AES encryption/decryption of SIP traffic is wanted. The event_route[crypto:netio] or corresponding KEMI callback are executed.
Default value is 0.
Encrypts the text with the key using AES encryption algorithm. The result is encoded in base64 format and stored in res. The parameter res must be a read-write variables. The parameters text and key can be static strings or strings with variables (dynamic strings).
This function can be used from ANY_ROUTE.
Example 1.6. crypto_aes_encrypt
usage
... crypto_aes_encrypt("$rb", "my-secret-key", "$var(encrypted)"); ...
Decrypts the text with the key using AES encryption algorithm. The text has to be encoded in base64 format. The parameter res must be a read-write variables. The parameters text and key can be static strings or strings with variables (dynamic strings).
This function can be used from ANY_ROUTE.
Example 1.7. crypto_aes_decrypt
usage
... crypto_aes_decrypt("$var(encrypted)", "my-secret-key", "$var(text)"); ...
Return 1 (true) if it is an incoming net message, or -1 (false) otherwise.
This function can be used from EVENT_ROUTE.
Example 1.8. crypto_netio_in
usage
... event_route[crypto:netio] { if(crypto_netio_in()) { crypto_netio_decrypt(); } ...
Return 1 (true) if it is an outgoing net message, or -1 (false) otherwise.
This function can be used from EVENT_ROUTE.
Example 1.9. crypto_netio_out
usage
... event_route[crypto:netio] { if(crypto_netio_out()) { crypto_netio_encrypt(); } ...
Example 1.12. event_route[crypto:netio]
usage
... # ----- crypto params ----- modparam("crypto", "register_evcb", 1) modparam("crypto", "netio_key", "strong-password-here") ... event_route[crypto:netio] { if(crypto_netio_in()) { if(src_port==5060) { crypto_netio_decrypt(); } } else { if($sndto(port)==5060) { crypto_netio_encrypt(); } } } # Main SIP request routing logic request_route { sl_send_reply("200", "ok"); if(src_port==5060) { $du = "sip:127.0.0.1:9"; forward(); } else { $du = "sip:127.0.0.1:5060"; forward(); } exit; } ...