element-hq / element-call

Group calls powered by Matrix
https://call.element.io
GNU Affero General Public License v3.0
589 stars 90 forks source link

Per participant key lost between js-sdk and EC in embedded mode #2561

Closed hughns closed 1 week ago

hughns commented 3 months ago
10:27:25.999 Decryption failed for event $V41v4SurT7YQYmPqw8-Ja_aNedyzC9X_7FP6K0d8Bd0: MEGOLM_UNKNOWN_INBOUND_SESSION_ID will retry once only
...
10:27:27.000 Decryption succeeded for event $V41v4SurT7YQYmPqw8-Ja_aNedyzC9X_7FP6K0d8Bd0 after retry
...
10:27:27.000 Setting key at index 0 for @hughns:ess-ecall-poc.ems-support.element.dev:YERKDYHWCR with timestamp 1723541245901: Jq4FqHsIlxdcje1qY4hJog

Then there is no subsequent log entry like:

MatrixKeyProvider Sent new key to livekit room=!ZWXChHvbxzRiDtOPzC:matrix.org participantId=@hughns:ess-ecall-poc.ems-support.element.dev:YERKDYHWCR encryptionKeyIndex=0: Jq4FqHsIlxdcje1qY4hJog
hughns commented 3 months ago

Looking at possible causes:

hughns commented 3 months ago

So, the log lines are confusing as we have two JavaScript contexts: EW and embedded EC within the iframe.

The log lines above are entirely expected within the EW context. And there is actually no-one listening in to this.emit(MatrixRTCSessionEvent.EncryptionKeyChanged, keyBin, encryptionKeyIndex, participantId); within EW.

What is supposed to happen is the that (decrypted) events get sent via the StopGapWidget in EW which in turn forward to the EC context. In that context the events are processed by the MatrixRTC code again and passed on to EC as expected.

n.b. There is an optimisation by making it so that the EW context does not track the encryption keys as it doesn't need to.

The underlying issue is that we keep hitting the condition here because we see sequences of emits like this:

When event1 is emitted for the second time it is ignore as it appears in the timeline before event2 which has already been "seen".

hughns commented 3 months ago

n.b. There is an optimisation by making it so that the EW context does not track the encryption keys as it doesn't need to.

This is being tracked by https://github.com/element-hq/element-call/issues/2566.

hughns commented 3 months ago

I've done a possible fix for this in https://github.com/matrix-org/matrix-react-sdk/pull/12890 but I don't know if this is the right place/direction to fix it as it would change the semantics for other users of the widget API.

hughns commented 1 month ago

The conclusion is that we won't fix this until we use to-device messaging for key distribution.