E2EE breaks video streams under some conditions

Jaaki · March 3, 2023, 3:27pm

Hi everyone.

We enabled the new End to End Encryption on our servers, but we started encountering some issues.

When it happens:
We have multiple people in the call, new users can join and some can leave.
It looks like keys are ratcheted and regenerated when needed, but there might be times when keys are not properly exchanged. This could be an issue with the new OLM being used.

So what we see when it breaks is this, users A and B can only see each other.
Then users D, E, F can see each other, but they can’t see A or B.
The user show as connection lost, but audio still works.

Everyone can still hear each other perfectly though.

So the break could be happening on the Video stream itself, because everyone can still share their screens fine. (that’s using a different stream)

So it seems that the key exchange is working fine for audio and screenshare, but Video has some issue.

We have been trying to debug this but no luck so far.

We see issues in devtools like:
TypeError: Failed to execute ‘write’ on ‘UnderlyingSinkBase’: Invalid frame
Also error about Olm Session can’t be found for some users on keychange.

Does anyone have any ideas or should we log a bug on github.

Thanks for any help.
J

pdarcos · March 3, 2023, 4:30pm

What codec are you using? VP9 seems to have problems E2EE not working with VP9 · Issue #11292 · jitsi/jitsi-meet · GitHub

Although someone just reported a similar issue in that ticket with VP8

Jaaki · March 4, 2023, 10:27am

Oh, I forgot to mention.

We are using VP8

Jaaki · March 7, 2023, 7:56am

I’m copying my reply on github to here for visibility.

ok, on our own deployments, the E2EE works fairly well using vp8.
We stick to vp8 because vp9 either doesn’t work from the beginning, or it breaks straight afterwards.

Yesterday we tested on jitsi.meet own hosted deployment. First we forced vp8 and turned on e2ee.
Not long after, the first issues arose.
Some users “lost connection” but we could still hear them. Some users couldn’t hear each other.

We tried jitsi.meet with vp9 forced, and it just losts all users straight away. I saw a flash of one or two users before everyone’s videos just went blank for the rest of the call.

This all points to encryption keys not being exchanged properly it seems.

BTW. users were on mac and windows, using chrome, edge and brave.

We also noticed on using the vp8 call, when the issues started I looked at the user stats list.
We had roughly 10 user active in the call, but due to users entering and leaving, the total room list showed 23 users.
The bottom users were of course inactive.
But this could be a hint, as I know 20 active users are allowed.

Perhaps the key exchange backend is not clearing up inactive connections?

I can open this as a separate ticket btw.