Bug 214402

Summary:

Support AES GCM ciphers in WebRTC

Product:

WebKit

Reporter:

Ben <ben.browitt>

Component:

WebRTC

Assignee:

youenn fablet <youennf>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

eric.carlson, ews-watchlist, glenn, hta, jer.noble, oscar.divorraescoda, philipj, sergio, tommyw, webkit-bug-importer, youennf

Priority:

Keywords:

InRadar

Version:

Safari Technology Preview

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Patch	none

Ben

Reported 2020-07-16 03:38:38 PDT

AES GCM ciphers in WebRTC gives better security and much better performance because of hardware acceleration and single step for encrypt + mac. Safari is the only browser missing support. Chrome 84/Edge https://bugs.chromium.org/p/chromium/issues/detail?id=713701 Firefox 64 https://bugzilla.mozilla.org/show_bug.cgi?id=1416534

Attachments
Patch (4.23 KB, patch) 2021-09-29 00:26 PDT, youenn fablet	no flags	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Radar WebKit Bug Importer

Comment 1 2020-07-16 18:17:21 PDT

<rdar://problem/65700381>

Ben

Comment 2 2021-03-30 06:33:25 PDT

Any news on AES GCM support? It has a significant effect on SFUs.

Ben

Comment 3 2021-09-28 12:53:17 PDT

Safari 15.0 still uses SRTP_AES128_CM_HMAC_SHA1_80 without support for SRTP_AEAD_AES_128_GCM. Any chance for AES GCM support? This will result with significant CPU saving on SFUs (10%-20%) which is also important to the environment.

youenn fablet

Comment 4 2021-09-29 00:26:51 PDT

Created attachment 439574 [details] Patch

youenn fablet

Comment 5 2021-09-29 00:27:49 PDT

Hi Ben, do you know of any webrtc solution where I can try using AES GCM myself?

Ben

Comment 6 2021-09-29 05:21:14 PDT

Some listed here: https://bugs.chromium.org/p/chromium/issues/detail?id=713701 Chrome is using AES-GCM when it is the DTLS client. Firefox: https://bugzilla.mozilla.org/show_bug.cgi?id=1416534 pion: https://github.com/pion/webrtc#security I think TokBox: https://bugs.chromium.org/p/chromium/issues/detail?id=713701#c75 Probably justin.tv: https://bugs.chromium.org/p/chromium/issues/detail?id=713701#c20 Maybe Jitsi: https://github.com/jitsi/libjitsi/blob/master/src/org/jitsi/impl/neomedia/transform/dtls/TlsClientImpl.java#L106

Ben

Comment 7 2021-09-29 05:24:01 PDT

Janus? https://github.com/meetecho/janus-gateway/blob/master/dtls.c#L64 Mediasoup: https://github.com/versatica/mediasoup/pull/322

Ben

Comment 8 2021-09-29 14:09:54 PDT

Got advice to test with Janus and check the srtp dtls extension in a pcap from Safari https://janus.conf.meetecho.com/echotest.html

youenn fablet

Comment 9 2021-09-30 03:11:41 PDT

Thanks Ben, I validated this with mediasoup.

EWS

Comment 10 2021-09-30 09:05:42 PDT

Committed r283315 (242340@main): <https://commits.webkit.org/242340@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 439574 [details].

Note You need to log in before you can comment on or make changes to this bug.