Encrypted data channel

[pblazej]

• Adds data channel encryption based on Add e2ee for data channel messages client-sdk-js#1595
• Adds currentKey state to BaseKeyProvider
  • It was missing comparing to other platforms, and we cannot explicitly default to 0
• Adds some integration tests, as most of the crypto stuff is tested by webrtc
  • Existing hi-level tests e.g. data streams will get a sharedKey by default 🎉

Migration/deprecations

• Replace E2EEOptions with EncryptionOptions (1:1)
• Add EncryptionType parameter to Room/ParticipantDelegate methods

[pblazej]

Moved due to E2EEManager.cleanUp called after setup

[pblazej]

@lukasIO would be nice to perform some x-platform test (proto compatibility)

[pblazej]

@lukasIO as for x-platform test:

• ratcheting from JS → native works fine after fixing default window size

🆔 CHAT:  Hello new participant participant-qwfdzf1mmbr. This is just an progressively updating chat message from me, participant participant-oghni0gl54h.
🆔 CHAT:  rat1
🆔 CHAT:  rat2
🆔 CHAT:  rat3

• ratcheting from the native client → JS does not work - tried to listen for KeyProviderEvent.RatchetRequest but nothing...

cc @cloudwebrtc maybe it's worth to do another x-check with flutter

[lukasIO]

ratcheting from the native client → JS does not work

does audio/video keep working when ratcheting on the native client ?

[pblazej]

ratcheting from the native client → JS does not work

does audio/video keep working when ratcheting on the native client ?

nope, keys get out of sync.

Error encrypting track data: InvalidKey: Decryption failed: The operation failed for an operation-specific reason 

[pblazej]

@lukasIO if you wanna dig deeper, I added one option to the example (2.8.0). Seems like the frame logic may be broken, unrelated to this PR (I haven't tested main tho).

BTW, macOS chat is still using old infra, but you should be able to get there with frame encryption. I can help you real-time if needed.

For me:

• if JS ratchets, native is able to decrypt, JS is unable
• if native ratchets, both are unable

so looks like the issue is on JS side (custom logic vs rtc)?

[pblazej]

Looks like the above behavior is by design, for the shared key it should still be: public let defaultRatchetWindowSize: Int32 = 0 so no auto-ratcheting.

[pblazej]

Ended up reverting that [extended ratchet window] ⬆️

[lukasIO]

decrypting should also work when data channel encryption is not explicitly enabled.

[pblazej]

thought about that, yep it makes more sense 👍

[pblazej]

6070ec2

It does not apply to situations where e2ee is explicitly disabled (no options passed).

[lukasIO]

nice!

[lukasIO]

from the encryption workflow perspective this looks good to me!

[pblazej]

Maybe it would be good to pull participant id here?

[pblazej]

@hiroshihorie feel free to take a look at the Swift side, I don't see any obvious improvements atm.

[hiroshihorie]

Maybe this can be weak ? I think the Room holds the instance. 🤔

[pblazej]

I'd be careful with that - I mean, there's no point in making sure that there's only 1 strong ref... if there's no cycle here... Let's double-check if the DC is deallocated properly (if needed).

[pblazej]

We gotta move'm to submodules finally, it's hard to track these subtle changes.

[pblazej]

Merging as macOS build must be fixed on main anyway.