fix: patch Rust HKDF to output 16 bytes matching Element Call AES-128

Element Call JS SDK derives 128-bit (16-byte) AES-GCM keys via deriveKey({name:'AES-GCM', length:128}). The C++ FrameCryptor allocates a larger derived_key buffer, causing Rust HKDF to output 32+ bytes — key mismatch with JS. Patch limits HKDF expand output to 16 bytes. Requires Docker rebuild (Rust FFI binary change). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-24 10:29:45 +02:00
parent dec6eee726
commit 776b1af3a0
3 changed files with 54 additions and 11 deletions
--- a/5
+++ b/5
@@ -11,6 +11,11 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
 WORKDIR /build
 RUN git clone --branch EC-compat-changes --depth 1 --recurse-submodules \
    https://github.com/onestacked/livekit-rust-sdks.git
+# Patch HKDF: limit output to 16 bytes (AES-128) matching Element Call JS SDK
+# deriveKey({name:"AES-GCM", length:128}). C++ buffer may be larger but we
+# only fill first 16 bytes to match the JS-derived key.
+COPY hkdf_fix.py /tmp/hkdf_fix.py
+RUN python3 /tmp/hkdf_fix.py /build/livekit-rust-sdks/livekit/src/room/e2ee/key_provider.rs
 WORKDIR /build/livekit-rust-sdks/livekit-ffi
 RUN cargo build --release