christian/matrix-ai-agent
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

debug(e2ee): verify shared key + belt-suspenders per-participant key

Browse Source 
Add export_shared_key() verification after connect to confirm key
is stored. Also set per-participant key for caller (belt+suspenders)
so both shared-key and per-participant decryption paths are active.
This commit is contained in:
Christian Gick
2026-02-22 07:47:09 +02:00
parent 65340bf0ee
commit a8b30418c8
1 changed files with 20 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
voice.py
View File

@@ -270,13 +270,31 @@ class VoiceSession:
if remote_identity: if remote_identity:
break break
# Caller key was passed as shared_key at connect time — no further # Caller key was passed as shared_key at connect time — verify it's stored.
# per-participant set_key needed for decryption.
if self._caller_key: if self._caller_key:
logger.info("Caller key active as shared_key (%d bytes, index 0)", len(self._caller_key)) logger.info("Caller key active as shared_key (%d bytes, index 0)", len(self._caller_key))
try:
stored = kp.export_shared_key(0)
if stored == self._caller_key:
logger.info("VERIFIED: shared key[0] matches caller key (%d bytes)", len(stored))
else:
logger.warning("MISMATCH: stored shared key[0] (%d bytes) != caller key (%d bytes)",
len(stored), len(self._caller_key))
logger.warning("stored=%s", stored.hex())
logger.warning("caller=%s", self._caller_key.hex())
except Exception as e:
logger.warning("Could not export shared key: %s", e)
else: else:
logger.warning("No caller E2EE key — incoming audio will be silence") logger.warning("No caller E2EE key — incoming audio will be silence")
# Also set caller key as per-participant key (belt+suspenders: both modes)
if self._caller_key and remote_identity:
try:
kp.set_key(remote_identity, self._caller_key, 0)
logger.info("Also set per-participant key for %s (%d bytes)", remote_identity, len(self._caller_key))
except Exception as e:
logger.warning("Failed to set per-participant caller key: %s", e)
if remote_identity: if remote_identity:
logger.info("Linking to remote participant: %s", remote_identity) logger.info("Linking to remote participant: %s", remote_identity)