fix: revert E2E AEAD wrapping (broke multi-client voice); add Android CAMERA
Some checks failed
Mirror to GitHub / mirror (push) Failing after 24s
Build Release Binaries / build-amd64 (push) Failing after 3m19s

Voice regression: EncryptingTransport encrypts media with the pairwise
client↔relay session key, but the relay forwards bytes without re-encrypting
per recipient. Sender's key_A ≠ recipient's key_B → recipient cannot decrypt
→ silent audio between mac and android. Drop the wrapper; restore plaintext-
over-QUIC-TLS to the relay. Proper E2E needs MLS group keys or relay hop-by-
hop re-encryption (future PRD).

Android camera: add CAMERA manifest permission + runtime request via
MainActivity. NOTE: still not sufficient — Tauri/Wry's WebChromeClient does
not grant getUserMedia, so video on Android needs a Tauri plugin override
or native Camera2 path. Documented in MainActivity.kt.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Siavash Sameni
2026-05-25 17:04:56 +04:00
parent c41ced53e1
commit e8cab25eda
3 changed files with 26 additions and 12 deletions

View File

@@ -615,10 +615,12 @@ impl CallEngine {
video_codec = ?hs.video_codec,
"first-join diag: connected to relay, handshake complete"
);
Arc::new(wzp_client::encrypted_transport::EncryptingTransport::new(
transport,
hs.session,
))
// NOTE: see comment in CallEngine::start (~line 1585) — we intentionally
// do NOT wrap with EncryptingTransport. The pairwise client↔relay session
// key can't be used end-to-end without MLS or relay re-encryption.
drop(hs.session);
let _ = hs.video_codec;
transport
} else {
info!(
t_ms = call_t0.elapsed().as_millis(),
@@ -1584,6 +1586,12 @@ impl CallEngine {
// accept_handshake handler. See the android branch's
// comment for the full rationale.
let quinn_transport = transport.clone();
// NOTE: EncryptingTransport is intentionally NOT wrapping the transport here.
// The client↔relay handshake derives a pairwise session key, but the relay
// forwards media without decrypt+re-encrypt — so a recipient with a different
// pairwise key cannot decrypt the sender's ciphertext. True E2E for the SFU
// model needs MLS group keys (or hop-by-hop relay re-encryption); until that
// PRD lands, media goes plaintext-over-QUIC-TLS to the relay.
let (_negotiated_video_codec, transport): (_, Arc<dyn wzp_proto::MediaTransport>) =
if !is_direct_p2p {
let hs =
@@ -1594,13 +1602,8 @@ impl CallEngine {
e
})?;
info!(video_codec = ?hs.video_codec, "handshake complete");
let enc = Arc::new(
wzp_client::encrypted_transport::EncryptingTransport::new(
transport,
hs.session,
),
);
(hs.video_codec, enc)
drop(hs.session);
(hs.video_codec, transport)
} else {
info!("direct P2P — skipping relay handshake (QUIC TLS is the encryption layer)");
(None, transport)