debug(e2ee): verify shared key + belt-suspenders per-participant key
Add export_shared_key() verification after connect to confirm key is stored. Also set per-participant key for caller (belt+suspenders) so both shared-key and per-participant decryption paths are active.
This commit is contained in:
Christian Gick
22
voice.py
22
voice.py
@@ -270,13 +270,31 @@ class VoiceSession:
|
||||
if remote_identity:
|
||||
break
|
||||
|
||||
# Caller key was passed as shared_key at connect time — no further
|
||||
# per-participant set_key needed for decryption.
|
||||
# Caller key was passed as shared_key at connect time — verify it's stored.
|
||||
if self._caller_key:
|
||||
logger.info("Caller key active as shared_key (%d bytes, index 0)", len(self._caller_key))
|
||||
try:
|
||||
stored = kp.export_shared_key(0)
|
||||
if stored == self._caller_key:
|
||||
logger.info("VERIFIED: shared key[0] matches caller key (%d bytes)", len(stored))
|
||||
else:
|
||||
logger.warning("MISMATCH: stored shared key[0] (%d bytes) != caller key (%d bytes)",
|
||||
len(stored), len(self._caller_key))
|
||||
logger.warning("stored=%s", stored.hex())
|
||||
logger.warning("caller=%s", self._caller_key.hex())
|
||||
except Exception as e:
|
||||
logger.warning("Could not export shared key: %s", e)
|
||||
else:
|
||||
logger.warning("No caller E2EE key — incoming audio will be silence")
|
||||
|
||||
# Also set caller key as per-participant key (belt+suspenders: both modes)
|
||||
if self._caller_key and remote_identity:
|
||||
try:
|
||||
kp.set_key(remote_identity, self._caller_key, 0)
|
||||
logger.info("Also set per-participant key for %s (%d bytes)", remote_identity, len(self._caller_key))
|
||||
except Exception as e:
|
||||
logger.warning("Failed to set per-participant caller key: %s", e)
|
||||
|
||||
if remote_identity:
|
||||
logger.info("Linking to remote participant: %s", remote_identity)
|
||||
|
||||
|
||||
Reference in New Issue
Block a user