werift-webrtc icon indicating copy to clipboard operation
werift-webrtc copied to clipboard

Published 20 hours ago verified publisher icon shinyoshiaki

missing dtls ciphers?

Open koush opened this issue 3 years ago • 8 comments

I'm trying to connect to Tuya's webrtc endpoint. This works fine in any browser. However, it is failing in werift due to missing ciphers. Here's the supported cipher list from Tuya's client:

  49162, 49172, 49187,
  49191, 49161, 49171,
  49167, 49157, 49193,
  49166, 49189, 49156,
    255

This seems to be a combination of various CBC/SHA1 ciphers, which seem to be weak/deprecated. Werift doesn't support any CBC ciphers. I tried to add support for some of these but am getting alert fatal error with description of 50 while trying to handshake.

Cipher suite list: https://docs.microsoft.com/en-us/dotnet/api/system.net.security.tlsciphersuite?view=net-6.0

koush avatar Sep 04 '22 03:09 koush

Show me the wip branch where you are implementing CBC support

shinyoshiaki avatar Sep 04 '22 08:09 shinyoshiaki

alert 50 is decode_error https://www.ietf.org/rfc/rfc5246.html#section-7.2

shinyoshiaki avatar Sep 04 '22 08:09 shinyoshiaki

alert 50 is decode_error https://www.ietf.org/rfc/rfc5246.html#section-7.2

Yep, I saw that from your AlertDesc enum.

Here's the branch. The change is hacked in at the moment to see if I could get it working with one of the Tuya supported ciphers. I'm unsure what to use instead of AEAD_AES_128_GCM. As far as I know, that should work, but there should be a counter retained somewhere I think?

https://github.com/koush/werift-webrtc/commit/23750417e5804868be010f0979a86e557497a9d8

koush avatar Sep 04 '22 12:09 koush

I think I may need to retain the cipher instance or grab the IV out of the cipher for reconstruction for CBC, since it can't reuse the same IV for subsequent messages?

koush avatar Sep 04 '22 12:09 koush

I'm unsure what to use instead of AEAD_AES_128_GCM

Here is the suite that chrome supports

49195, 49199, 52393, 52392, 49161, 49171, 49162, 49172, 156, 47, 53

Of these, the following four will be supported by the Tuya

49161, 49171, 49162, 49172,

For now, I think it would be better to support "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA | 49161" first

shinyoshiaki avatar Sep 06 '22 10:09 shinyoshiaki

For now, I think it would be better to support "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA | 49161" first

I also tried implementing that one first but got the same alert error. Any suggestions for the code I have thus far?

koush avatar Sep 06 '22 11:09 koush

Changing a few parameters is not enough to support

Supporting CBC ciphers is tough; We need to implement the following parts of DTLS. https://www.rfc-editor.org/rfc/rfc5246#section-6.2.3.2

Specifically, We need to implement CBCCihper as in the following AEADCipher. https://github.com/shinyoshiaki/werift-webrtc/blob/498c724029c4572dfef3ae5b02e13ca1897aa823/packages/dtls/src/cipher/suites/aead.ts

this is my wip branch https://github.com/shinyoshiaki/werift-webrtc/tree/feature/dtls-cipher-cbc

I can't guarantee that I will continue to work on it myself as it may not be worth the effort.

shinyoshiaki avatar Sep 06 '22 11:09 shinyoshiaki

Understood. I'm unfamiliar with the inner workings of DTLS, out of my element here. I can try picking up where you left off. I'll see if I can pressure Tuya to implement other ciphers as CBC has been deprecated in favor of GCM anyways from what I understand. It's on their 2.0 roadmap, but I don't know when that is.

koush avatar Sep 06 '22 19:09 koush