214402 2020-07-16 03:38:38 -0700 Support AES GCM ciphers in WebRTC 2021-09-30 09:05:45 -0700 1 1 1 Unclassified WebKit WebRTC Safari Technology Preview Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 ben.browitt youennf eric.carlson ews-watchlist glenn hta jer.noble oscar.divorraescoda philipj sergio tommyw webkit-bug-importer youennf oldest_to_newest 1672085 0 ben.browitt 2020-07-16 03:38:38 -0700 AES GCM ciphers in WebRTC gives better security and much better performance because of hardware acceleration and single step for encrypt + mac. Safari is the only browser missing support. Chrome 84/Edge https://bugs.chromium.org/p/chromium/issues/detail?id=713701 Firefox 64 https://bugzilla.mozilla.org/show_bug.cgi?id=1416534 1672344 1 webkit-bug-importer 2020-07-16 18:17:21 -0700 <rdar://problem/65700381> 1745098 2 ben.browitt 2021-03-30 06:33:25 -0700 Any news on AES GCM support? It has a significant effect on SFUs. 1797996 3 ben.browitt 2021-09-28 12:53:17 -0700 Safari 15.0 still uses SRTP_AES128_CM_HMAC_SHA1_80 without support for SRTP_AEAD_AES_128_GCM. Any chance for AES GCM support? This will result with significant CPU saving on SFUs (10%-20%) which is also important to the environment. 1798204 4 439574 youennf 2021-09-29 00:26:51 -0700 Created attachment 439574 Patch 1798205 5 youennf 2021-09-29 00:27:49 -0700 Hi Ben, do you know of any webrtc solution where I can try using AES GCM myself? 1798265 6 ben.browitt 2021-09-29 05:21:14 -0700 Some listed here: https://bugs.chromium.org/p/chromium/issues/detail?id=713701 Chrome is using AES-GCM when it is the DTLS client. Firefox: https://bugzilla.mozilla.org/show_bug.cgi?id=1416534 pion: https://github.com/pion/webrtc#security I think TokBox: https://bugs.chromium.org/p/chromium/issues/detail?id=713701#c75 Probably justin.tv: https://bugs.chromium.org/p/chromium/issues/detail?id=713701#c20 Maybe Jitsi: https://github.com/jitsi/libjitsi/blob/master/src/org/jitsi/impl/neomedia/transform/dtls/TlsClientImpl.java#L106 1798266 7 ben.browitt 2021-09-29 05:24:01 -0700 Janus? https://github.com/meetecho/janus-gateway/blob/master/dtls.c#L64 Mediasoup: https://github.com/versatica/mediasoup/pull/322 1798554 8 ben.browitt 2021-09-29 14:09:54 -0700 Got advice to test with Janus and check the srtp dtls extension in a pcap from Safari https://janus.conf.meetecho.com/echotest.html 1798815 9 youennf 2021-09-30 03:11:41 -0700 Thanks Ben, I validated this with mediasoup. 1798888 10 ews-feeder 2021-09-30 09:05:42 -0700 Committed r283315 (242340@main): <https://commits.webkit.org/242340@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 439574. 439574 2021-09-29 00:26:51 -0700 2021-09-30 09:05:44 -0700 Patch bug-214402-20210929092649.patch text/plain 4329 youennf U3VidmVyc2lvbiBSZXZpc2lvbjogMjgzMTA2CmRpZmYgLS1naXQgYS9Tb3VyY2UvVGhpcmRQYXJ0 eS9saWJ3ZWJydGMvQ2hhbmdlTG9nIGIvU291cmNlL1RoaXJkUGFydHkvbGlid2VicnRjL0NoYW5n ZUxvZwppbmRleCBlYzE4YjdkMGIxNDM0MzU1YjQzYTdhNWI1ODI3ZTY3NjUyZGMyZjExLi4xMWQ1 YWJhYWQwOTg4NmQ0ZTQ0YThkMDFlYmNlMjZjZDIyYTcyNTRhIDEwMDY0NAotLS0gYS9Tb3VyY2Uv VGhpcmRQYXJ0eS9saWJ3ZWJydGMvQ2hhbmdlTG9nCisrKyBiL1NvdXJjZS9UaGlyZFBhcnR5L2xp YndlYnJ0Yy9DaGFuZ2VMb2cKQEAgLTEsMyArMSwxNSBAQAorMjAyMS0wOS0yOCAgWW91ZW5uIEZh YmxldCAgPHlvdWVubkBhcHBsZS5jb20+CisKKyAgICAgICAgU3VwcG9ydCBBRVMgR0NNIGNpcGhl cnMgaW4gV2ViUlRDCisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNn aT9pZD0yMTQ0MDIKKyAgICAgICAgPHJkYXI6Ly9wcm9ibGVtLzY1NzAwMzgxPgorCisgICAgICAg IFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgICogQ29uZmlndXJhdGlvbnMv bGlid2VicnRjLmlPUy5leHA6CisgICAgICAgICogQ29uZmlndXJhdGlvbnMvbGlid2VicnRjLmlP U3NpbS5leHA6CisgICAgICAgICogQ29uZmlndXJhdGlvbnMvbGlid2VicnRjLm1hYy5leHA6CisK IDIwMjEtMDktMjEgIFlvdWVubiBGYWJsZXQgIDx5b3Vlbm5AYXBwbGUuY29tPgogCiAgICAgICAg IE5ldHdvcmtSVENVRFBTb2NrZXRDb2NvYUNvbm5lY3Rpb25zIHNob3VsZCBoYW5kbGUgTkFUNjQg SVAgYWRkcmVzc2VzIGNvcnJlY3RseQpkaWZmIC0tZ2l0IGEvU291cmNlL1dlYkNvcmUvQ2hhbmdl TG9nIGIvU291cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCmluZGV4IDk1ZWE0ZjhhYTcxMjNmNDQ2NmE3 OWViM2Y3ZWU3ZWUxYTZjZmNkZDUuLmFhNTA1NmM0YzczZmQ0NDNkYWM1MTlhYmJjZGNmMTgzOTZh MjU1NjcgMTAwNjQ0Ci0tLSBhL1NvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZworKysgYi9Tb3VyY2Uv V2ViQ29yZS9DaGFuZ2VMb2cKQEAgLTEsMyArMSwxOSBAQAorMjAyMS0wOS0yOCAgWW91ZW5uIEZh YmxldCAgPHlvdWVubkBhcHBsZS5jb20+CisKKyAgICAgICAgU3VwcG9ydCBBRVMgR0NNIGNpcGhl cnMgaW4gV2ViUlRDCisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNn aT9pZD0yMTQ0MDIKKyAgICAgICAgPHJkYXI6Ly9wcm9ibGVtLzY1NzAwMzgxPgorCisgICAgICAg IFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgIEVuYWJsZSBHQ00gY2lwaGVy cyBpbiBXZWJSVEMgYXMgZG9uZSBieSBDaHJvbWUuCisgICAgICAgIFRoZSBkZWZhdWx0IGNpcGhl cnMgcmVtYWluIHRoZSBzYW1lIHNvIHVzZSBvZiB0aGVzZSBjaXBoZXJzIGlzIG9wdC1pbiBieSBT RlVzLgorCisgICAgICAgIE1hbnVhbGx5IHRlc3RlZC4KKworICAgICAgICAqIE1vZHVsZXMvbWVk aWFzdHJlYW0vbGlid2VicnRjL0xpYldlYlJUQ01lZGlhRW5kcG9pbnQuY3BwOgorICAgICAgICAo V2ViQ29yZTo6TGliV2ViUlRDTWVkaWFFbmRwb2ludDo6c2V0Q29uZmlndXJhdGlvbik6CisKIDIw MjEtMDktMjggIFlvdWVubiBGYWJsZXQgIDx5b3Vlbm5AYXBwbGUuY29tPgogCiAgICAgICAgIFtC aWdTdXIgd2syIERlYnVnIGlPUzE0IF0gd2VicnRjL3ZpZGVvLW11dGUuaHRtbCBpcyBhIGZsYWt5 IGZhaWx1cmUKZGlmZiAtLWdpdCBhL1NvdXJjZS9UaGlyZFBhcnR5L2xpYndlYnJ0Yy9Db25maWd1 cmF0aW9ucy9saWJ3ZWJydGMuaU9TLmV4cCBiL1NvdXJjZS9UaGlyZFBhcnR5L2xpYndlYnJ0Yy9D b25maWd1cmF0aW9ucy9saWJ3ZWJydGMuaU9TLmV4cAppbmRleCA3MzI3NDU3MzYwZDczOTNlNjBj Njg4NmU1Nzg2NTQyMjA4NTk0YzYzLi5hYTQwYWY4ZDI1ZWQ1YTNjNjQ0NTA4NjZkZGViMmYwNTRk NDdjZjZhIDEwMDY0NAotLS0gYS9Tb3VyY2UvVGhpcmRQYXJ0eS9saWJ3ZWJydGMvQ29uZmlndXJh dGlvbnMvbGlid2VicnRjLmlPUy5leHAKKysrIGIvU291cmNlL1RoaXJkUGFydHkvbGlid2VicnRj L0NvbmZpZ3VyYXRpb25zL2xpYndlYnJ0Yy5pT1MuZXhwCkBAIC0zMjcsMyArMzI3LDQgQEAgX19a TkszcnRjOUlQQWRkcmVzczVJc05pbEV2CiBfX1pOM3J0YzEyU1NMQ2VydENoYWluRDFFdgogX19a TjZ3ZWJydGMyNFNjdHBUcmFuc3BvcnRJbmZvcm1hdGlvbkQxRXYKIF9fWk5LM3J0YzlJUEFkZHJl c3NuZUVSS1MwXworX19aTjZ3ZWJydGMxM0NyeXB0b09wdGlvbnNDMUV2CmRpZmYgLS1naXQgYS9T b3VyY2UvVGhpcmRQYXJ0eS9saWJ3ZWJydGMvQ29uZmlndXJhdGlvbnMvbGlid2VicnRjLmlPU3Np bS5leHAgYi9Tb3VyY2UvVGhpcmRQYXJ0eS9saWJ3ZWJydGMvQ29uZmlndXJhdGlvbnMvbGlid2Vi cnRjLmlPU3NpbS5leHAKaW5kZXggNzMyNzQ1NzM2MGQ3MzkzZTYwYzY4ODZlNTc4NjU0MjIwODU5 NGM2My4uYWE0MGFmOGQyNWVkNWEzYzY0NDUwODY2ZGRlYjJmMDU0ZDQ3Y2Y2YSAxMDA2NDQKLS0t IGEvU291cmNlL1RoaXJkUGFydHkvbGlid2VicnRjL0NvbmZpZ3VyYXRpb25zL2xpYndlYnJ0Yy5p T1NzaW0uZXhwCisrKyBiL1NvdXJjZS9UaGlyZFBhcnR5L2xpYndlYnJ0Yy9Db25maWd1cmF0aW9u cy9saWJ3ZWJydGMuaU9Tc2ltLmV4cApAQCAtMzI3LDMgKzMyNyw0IEBAIF9fWk5LM3J0YzlJUEFk ZHJlc3M1SXNOaWxFdgogX19aTjNydGMxMlNTTENlcnRDaGFpbkQxRXYKIF9fWk42d2VicnRjMjRT Y3RwVHJhbnNwb3J0SW5mb3JtYXRpb25EMUV2CiBfX1pOSzNydGM5SVBBZGRyZXNzbmVFUktTMF8K K19fWk42d2VicnRjMTNDcnlwdG9PcHRpb25zQzFFdgpkaWZmIC0tZ2l0IGEvU291cmNlL1RoaXJk UGFydHkvbGlid2VicnRjL0NvbmZpZ3VyYXRpb25zL2xpYndlYnJ0Yy5tYWMuZXhwIGIvU291cmNl L1RoaXJkUGFydHkvbGlid2VicnRjL0NvbmZpZ3VyYXRpb25zL2xpYndlYnJ0Yy5tYWMuZXhwCmlu ZGV4IDczMjc0NTczNjBkNzM5M2U2MGM2ODg2ZTU3ODY1NDIyMDg1OTRjNjMuLmFhNDBhZjhkMjVl ZDVhM2M2NDQ1MDg2NmRkZWIyZjA1NGQ0N2NmNmEgMTAwNjQ0Ci0tLSBhL1NvdXJjZS9UaGlyZFBh cnR5L2xpYndlYnJ0Yy9Db25maWd1cmF0aW9ucy9saWJ3ZWJydGMubWFjLmV4cAorKysgYi9Tb3Vy Y2UvVGhpcmRQYXJ0eS9saWJ3ZWJydGMvQ29uZmlndXJhdGlvbnMvbGlid2VicnRjLm1hYy5leHAK QEAgLTMyNywzICszMjcsNCBAQCBfX1pOSzNydGM5SVBBZGRyZXNzNUlzTmlsRXYKIF9fWk4zcnRj MTJTU0xDZXJ0Q2hhaW5EMUV2CiBfX1pONndlYnJ0YzI0U2N0cFRyYW5zcG9ydEluZm9ybWF0aW9u RDFFdgogX19aTkszcnRjOUlQQWRkcmVzc25lRVJLUzBfCitfX1pONndlYnJ0YzEzQ3J5cHRvT3B0 aW9uc0MxRXYKZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJDb3JlL01vZHVsZXMvbWVkaWFzdHJlYW0v bGlid2VicnRjL0xpYldlYlJUQ01lZGlhRW5kcG9pbnQuY3BwIGIvU291cmNlL1dlYkNvcmUvTW9k dWxlcy9tZWRpYXN0cmVhbS9saWJ3ZWJydGMvTGliV2ViUlRDTWVkaWFFbmRwb2ludC5jcHAKaW5k ZXggYjIwNWRjMjUwNTZkZjdkNGMwY2FlZWY4MjdlMTlhYmYzN2U4OGM1ZS4uOTU3NDQ0NDZhMDhl OTdiMmUyNzJkNzA1N2FlYzQxNjMyOGUzNmM1YyAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUv TW9kdWxlcy9tZWRpYXN0cmVhbS9saWJ3ZWJydGMvTGliV2ViUlRDTWVkaWFFbmRwb2ludC5jcHAK KysrIGIvU291cmNlL1dlYkNvcmUvTW9kdWxlcy9tZWRpYXN0cmVhbS9saWJ3ZWJydGMvTGliV2Vi UlRDTWVkaWFFbmRwb2ludC5jcHAKQEAgLTkyLDYgKzkyLDggQEAgdm9pZCBMaWJXZWJSVENNZWRp YUVuZHBvaW50OjpyZXN0YXJ0SWNlKCkKIGJvb2wgTGliV2ViUlRDTWVkaWFFbmRwb2ludDo6c2V0 Q29uZmlndXJhdGlvbihMaWJXZWJSVENQcm92aWRlciYgY2xpZW50LCB3ZWJydGM6OlBlZXJDb25u ZWN0aW9uSW50ZXJmYWNlOjpSVENDb25maWd1cmF0aW9uJiYgY29uZmlndXJhdGlvbikKIHsKICAg ICBjb25maWd1cmF0aW9uLnNkcF9zZW1hbnRpY3MgPSB3ZWJydGM6OlNkcFNlbWFudGljczo6a1Vu aWZpZWRQbGFuOworICAgIGNvbmZpZ3VyYXRpb24uY3J5cHRvX29wdGlvbnMgPSB3ZWJydGM6OkNy eXB0b09wdGlvbnMgeyB9OworICAgIGNvbmZpZ3VyYXRpb24uY3J5cHRvX29wdGlvbnMtPnNydHAu ZW5hYmxlX2djbV9jcnlwdG9fc3VpdGVzID0gdHJ1ZTsKIAogICAgIGlmICghbV9iYWNrZW5kKSB7 CiAgICAgICAgIGF1dG8mIGRvY3VtZW50ID0gZG93bmNhc3Q8RG9jdW1lbnQ+KCptX3BlZXJDb25u ZWN0aW9uQmFja2VuZC5jb25uZWN0aW9uKCkuc2NyaXB0RXhlY3V0aW9uQ29udGV4dCgpKTsK