profile
viewpoint
Saúl Ibarra Corretgé saghul @jitsi Amsterdam https://bettercallsaghul.com Fellow Jitster

react-native-webrtc/react-native-webrtc 3008

The WebRTC module for React Native

cordova-rtc/cordova-plugin-iosrtc 591

Cordova iOS plugin exposing the WebRTC W3C API

saghul/aiodns 340

Simple DNS resolver for asyncio

saghul/CallRoulette 104

A WebRTC demo using Python (asyncio + aiohttp) as the backend

saghul/aiouv 71

A PEP-3156 compatible event loop

jitsi/rnnoise-wasm 16

rnnoise noise suppression library as a WASM module

saghul/cordova-plugin-audioroute 15

iOS audio route change events and more for Cordova

ioc32/openhrc 13

Open Household Router Contraption

jitsi/jitsi-meet-release-notes 10

Release notes for Jitsi Meet: the web frontend, mobile apps and mobile SDKs

saghul/dotvim 9

My vim configuration

issue commentflathub/org.jitsi.jitsi-meet

create `org.jitsi.jitsi-meet.desktop` file

I'd take a patch sure.

ovari

comment created time in a day

CommitCommentEvent

issue commentjitsi/lib-jitsi-meet

Critical bug with publishing localtracks

Ping @jallamsetty1

huzaifahj

comment created time in a day

issue commentjitsi/jitsi-meet-electron

Remote Control Issue is missing

Not in the horizon I'm afraid. You can reenable it and build the application yourself. If you lock it down to your own deployment there is not much to worry about.

deepkesh26

comment created time in a day

issue commentjitsi/jitsi-meet-electron

PGP signed commits and builds

It's now in the security dialog, press the shield button.

sunknudsen

comment created time in a day

pull request commentjitsi/jitsi-meet-electron

Flatpak from Flathub link

I don't know who publishes that so I'm not very comfortable recommending users to install it.

ovari

comment created time in a day

push eventjitsi/handbook

damencho

commit sha 143d6ef88e8db35b927e4ad612af82f1f11403a3

Automated deployment: Fri Sep 25 17:58:47 UTC 2020 6155e3544c91f139d57586fd36e316b4345aae68

view details

push time in 2 days

push eventjitsi/handbook

damencho

commit sha aab87646502aec0d138bc2f05b2d267c92d4349d

Automated deployment: Fri Sep 25 15:14:56 UTC 2020 fb3febaca034041dbf7b0b1f7c0563ce0ff356f3

view details

push time in 2 days

push eventjitsi/handbook

damencho

commit sha df1abdc1088e4e4984f1f290040d673ca659bf72

Automated deployment: Fri Sep 25 14:48:29 UTC 2020 de14e3ef9f24a2aff2e56a8570ddcc003588ebb5

view details

push time in 2 days

pull request commentjitsi/jitsi-meet

feat: allow jitsi meet to be opened in a mobile browser

Wait, the button is there: "Launch in web"

riyadhzen

comment created time in 2 days

PullRequestReviewEvent

issue closedjitsi/lib-jitsi-meet

Making a room password protected

XEP-0045 defines two room_config fields that relate to the password protection of a room:

<field
     var='muc#roomconfig_passwordprotectedroom'
     type='boolean'
     label='Whether a Password is Required to Enter'/>
<field
     var='muc#roomconfig_roomsecret'
     type='text-single'
     label='The Room Password'/>

Prosody appears to work with only the latter, while Openfire requires you to set both, and will not make the room password protected when setting only the roomsecret field.

Arguably, setting the room password implies that a user wants the the room to be password protected (which is raised as an Openfire issue here, but the specification is somewhat confusing at this point (as discussed here)

At some point, the original author of the code wondered about this behavior, given the 'fixme' comment left at https://github.com/jitsi/lib-jitsi-meet/blob/master/modules/xmpp/ChatRoom.js#L857

To be safe, the client should always set both values - that will always have the desired effect, no matter what interpretation is implemented server-sided.

closed time in 2 days

guusdk

issue commentjitsi/lib-jitsi-meet

Making a room password protected

They have been updated already.

guusdk

comment created time in 2 days

Pull request review commentjitsi/docker-jitsi-meet

Jvb new config

-org.jitsi.videobridge.SINGLE_PORT_HARVESTER_PORT={{ .Env.JVB_PORT }}-org.jitsi.videobridge.DISABLE_TCP_HARVESTER={{ .Env.JVB_TCP_HARVESTER_DISABLED }}-org.jitsi.videobridge.TCP_HARVESTER_PORT={{ .Env.JVB_TCP_PORT }}+# TODO(brian): not ported in ice4j to new config yet

Nice, thank you!

bbaldino

comment created time in 2 days

PullRequestReviewEvent

issue closedjitsi/jitsi-meet-electron

Invalid Server URL or external API not enabled

invalid_url

Server works fine via browser and with basic authentication. Public domain, let's encript certificate installed. But when i trying to enter server adress (with\without https://), i getting "Invalid Server URL or external API not enabled". How to fix it?

closed time in 2 days

chart41

issue commentjitsi/jitsi-meet-electron

Invalid Server URL or external API not enabled

This is now released in 2.4.0.

chart41

comment created time in 2 days

push eventjitsi/jitsi-meet

Saúl Ibarra Corretgé

commit sha 11ae187eceb38fa7ebfbe139bb46889a9a7c0d30

fix(chat) prevent homograph attacks Decode URLs using punycode when rendering, so when http://ebаy.com is sent we render http://xn--eby-7cd.com/ instead. Ref: https://github.com/tasti/react-linkify/issues/84

view details

push time in 2 days

PR merged jitsi/jitsi-meet

fix(chat) prevent homograph attacks

Decode URLs using punycode when rendering, so when http://ebаy.com is sent we render http://xn--eby-7cd.com/ instead.

Ref: https://github.com/tasti/react-linkify/issues/84

<!-- Thank you for your pull request. Please provide a thorough description below.

Contributors guide: https://github.com/jitsi/jitsi-meet/blob/master/CONTRIBUTING.md --> Screenshot 2020-09-25 at 12 01 59 Screenshot 2020-09-25 at 12 01 52

+10 -2

0 comment

4 changed files

saghul

pr closed time in 2 days

PR opened jitsi/jitsi-meet

fix(chat) prevent homograph attacks

Decode URLs using punycode when rendering, so when http://ebаy.com is sent we render http://xn--eby-7cd.com/ instead.

Ref: https://github.com/tasti/react-linkify/issues/84

<!-- Thank you for your pull request. Please provide a thorough description below.

Contributors guide: https://github.com/jitsi/jitsi-meet/blob/master/CONTRIBUTING.md --> Screenshot 2020-09-25 at 12 01 59 Screenshot 2020-09-25 at 12 01 52

+10 -2

0 comment

4 changed files

pr created time in 2 days

create barnchsaghul/jitsi-meet

branch : fix-chat-homograph-attack

created branch time in 2 days

Pull request review commentjitsi/docker-jitsi-meet

Jvb new config

-org.jitsi.videobridge.SINGLE_PORT_HARVESTER_PORT={{ .Env.JVB_PORT }}-org.jitsi.videobridge.DISABLE_TCP_HARVESTER={{ .Env.JVB_TCP_HARVESTER_DISABLED }}-org.jitsi.videobridge.TCP_HARVESTER_PORT={{ .Env.JVB_TCP_PORT }}+# TODO(brian): not ported in ice4j to new config yet

Ah I see, so this is a hybrid for a bit?

bbaldino

comment created time in 2 days

Pull request review commentjitsi/docker-jitsi-meet

Jvb new config

 #!/usr/bin/with-contenv bash -JAVA_SYS_PROPS="-Dnet.java.sip.communicator.SC_HOME_DIR_LOCATION=/ -Dnet.java.sip.communicator.SC_HOME_DIR_NAME=config -Djava.util.logging.config.file=/config/logging.properties"+JAVA_SYS_PROPS="-Dnet.java.sip.communicator.SC_HOME_DIR_LOCATION=/ -Dnet.java.sip.communicator.SC_HOME_DIR_NAME=config -Djava.util.logging.config.file=/config/logging.properties -Dconfig.file=/config/jvb.conf"

How about the logging properties?

bbaldino

comment created time in 2 days

Pull request review commentjitsi/docker-jitsi-meet

Jvb new config

+{{ $JVB_TCP_PORT := .Env.JVB_TCP_PORT | default "4443" }}+{{ $JVB_TCP_MAPPED_PORT := .Env.JVB_TCP_MAPPED_PORT | default $JVB_TCP_PORT }}+videobridge {+    ice {+        udp {+            port = {{ .Env.JVB_PORT }}+        }+        tcp {+            enabled = {{ !.Env.JVB_TCP_HARVESTER_DISABLED }}

I thin the syntax is not XXX

bbaldino

comment created time in 2 days

Pull request review commentjitsi/docker-jitsi-meet

Jvb new config

 fi  if [[ ! -f /config/sip-communicator.properties ]]; then

Don't we want to unconditionally generate the file and remove the reference to the .properties file?

bbaldino

comment created time in 2 days

PullRequestReviewEvent
PullRequestReviewEvent

pull request commentjitsi/jitsi-meet

feat: allow jitsi meet to be opened in a mobile browser

I mean a reduced example that can be run locally.

riyadhzen

comment created time in 2 days

pull request commentjitsi/jitsi-meet

feat: allow jitsi meet to be opened in a mobile browser

Hum, do you have a test HTML page available to test?

riyadhzen

comment created time in 2 days

issue closedjitsi/jitsi-meet-electron

Kaspersky flagged this as malware

When I installed this, I got a notification from Kaspersky Security Cloud AV: "Application performing suspicious activity characteristic of malware. Detected: PDM:Trojan.Win32.Generic" and it listed this executable as the source.

Can anyone explain why this might be getting flagged?

closed time in 2 days

e-t-l

issue commentjitsi/jitsi-meet-electron

Kaspersky flagged this as malware

2.4.0 is out: https://github.com/jitsi/jitsi-meet-electron/releases/tag/v2.4.0

e-t-l

comment created time in 2 days

issue closedjitsi/jitsi-meet-electron

[FR]: clear cache for CSS reload

since we are still developing our jitsi-meet-instance, we see, that changes are not reflected on jitsi-meet-electron-clients.

Is there a way to force reload/refresh of cached sessions for jitsi-meet-electron-clients we did not see?

closed time in 2 days

demlak

issue commentjitsi/jitsi-meet-electron

End-Call button breaks when pressing it while it fades in during beginning of call

I believe we have solved this in jitsi-meet recently. Tentatively closing, please holler if you manage to reproduce it again.

luclu

comment created time in 2 days

issue closedjitsi/jitsi-meet-electron

End-Call button breaks when pressing it while it fades in during beginning of call

If the End-Call button is pressed right after the beginning of a call (while it fades in from below; and microphon and camera buttons are still not white (activated)) it will break its functionality.

Apparently the only way to end the call after this is to close the application.

closed time in 2 days

luclu

issue closedjitsi/jitsi-meet-electron

problem sharing windows in the desktop application

I am using my own jitsi and jibri server, when I start to share a window in win10 the receivers cannot receive the transmission, this does not happen in the browser version

closed time in 2 days

cisasmendi

issue commentjitsi/jitsi-meet-electron

PGP signed commits and builds

I’m worried a warning like that one will drive people away from Jitsi.

The main avenue for Jitsi users is the browser.

As a privacy advocate, I stay away from Chrome

Ironically Chrome/ium is better here because it's the only browser which allows for end-to-end encryption to happen.

end-to-end support in Firefox is broken I believe...

Not sure what "end-to-end" is supposed to mean here. Firefox support has been on par with Chrome for a while now.

sunknudsen

comment created time in 2 days

created tagjitsi/jitsi-meet-electron

tagv2.4.0

Jitsi Meet desktop application powered by :electron:

created time in 2 days

push eventjitsi/jitsi-meet-electron

Saúl Ibarra Corretgé

commit sha 79fea8ea86ede8a2f5499b1f7b84989a5e2e983d

2.4.0

view details

push time in 2 days

issue commentjitsi/jitsi-meet-electron

Kaspersky flagged this as malware

Sorry folks, dropped the ball. Making a new release now.

e-t-l

comment created time in 2 days

issue closedjitsi/jitsi-meet-electron

Not working with other instances

Since the default meet.jitsi.si started to inject ads and trackers into their instance, I thought to use this app with a trade-free instance (one that doesn't ask me anything in return for the service. no trade).

Anyways, I tried with: https://calls.disroot.org/ https://meet.libreops.cc/ https://meet.calyx.net/ https://talk.snopyta.org/

None works. Indeed, for https://calls.disroot.org/ it says API not active. But not for the rest. I get a blank screen...no error or anything.

Cheers!

closed time in 2 days

tiotrom

issue commentjitsi/jitsi-meet-electron

Not working with other instances

The server needs to allow iframe embedding, check the readme.

tiotrom

comment created time in 2 days

issue closedjitsi/jitsi-meet-electron

Dependency download with http 404 error

I got http 404 error when "npm run dist",but the .dmg build success.

It looks like my env problem. The same error at my colleague's mac.

node version:v14.9.0
npm version:6.14.7
electron version:v10.1.1

robotjs-v0.6.0-electron-v82-darwin-x64.tar.gz jitsi-meet-electron-utils-v2.0.10-electron-v82-darwin-x64.tar.gz

  • Anyboy tell me where to change electron-v*?

  • Can i build win installer at MacOS? I can build win-installer success in electron offical DEMO project electron-quick-start.

  [0] ./node_modules/html-webpack-plugin/lib/loader.js!./app/index.html 524 bytes {0} [built]
 • electron-builder  version=22.7.0 os=19.5.0
 • loaded configuration  file=package.json ("build" field)
 • writing effective config  file=dist/builder-effective-config.yaml
 • rebuilding native dependencies  dependencies=jitsi-meet-electron-utils@2.0.10, robotjs@0.6.0 platform=darwin arch=x64
 • install prebuilt binary  name=robotjs version=0.6.0 platform=darwin arch=x64
 • install prebuilt binary  name=jitsi-meet-electron-utils version=2.0.10 platform=darwin arch=x64
 • build native dependency from sources  name=jitsi-meet-electron-utils
                                         version=2.0.10
                                         platform=darwin
                                         arch=x64
                                         reason=prebuild-install failed with error (run with env DEBUG=electron-builder to get more information)
                                         error=prebuild-install info begin Prebuild-install version 5.3.5
   prebuild-install WARN install prebuilt binaries enforced with --force!
   prebuild-install WARN install prebuilt binaries may be out of date!
   prebuild-install info looking for cached prebuild @ /Users/fangwei/.npm/_prebuilds/e54775-jitsi-meet-electron-utils-v2.0.10-electron-v82-darwin-x64.tar.gz
   prebuild-install http request GET https://github.com/jitsi/jitsi-meet-electron-utils/releases/download/v2.0.10/jitsi-meet-electron-utils-v2.0.10-electron-v82-darwin-x64.tar.gz
   prebuild-install http 404 https://github.com/jitsi/jitsi-meet-electron-utils/releases/download/v2.0.10/jitsi-meet-electron-utils-v2.0.10-electron-v82-darwin-x64.tar.gz
   prebuild-install WARN install No prebuilt binaries found (target=10.1.1 runtime=electron arch=x64 libc= platform=darwin)
   
 • build native dependency from sources  name=robotjs
                                         version=0.6.0
                                         platform=darwin
                                         arch=x64
                                         reason=prebuild-install failed with error (run with env DEBUG=electron-builder to get more information)
                                         error=prebuild-install info begin Prebuild-install version 5.3.5
   prebuild-install WARN install prebuilt binaries enforced with --force!
   prebuild-install WARN install prebuilt binaries may be out of date!
   prebuild-install info looking for cached prebuild @ /Users/fangwei/.npm/_prebuilds/2a70a5-robotjs-v0.6.0-electron-v82-darwin-x64.tar.gz
   prebuild-install http request GET https://github.com/octalmage/robotjs/releases/download/v0.6.0/robotjs-v0.6.0-electron-v82-darwin-x64.tar.gz
   prebuild-install http 404 https://github.com/octalmage/robotjs/releases/download/v0.6.0/robotjs-v0.6.0-electron-v82-darwin-x64.tar.gz
   prebuild-install WARN install No prebuilt binaries found (target=10.1.1 runtime=electron arch=x64 libc= platform=darwin)

closed time in 2 days

be-wei

issue commentjitsi/jitsi-meet-electron

Dependency download with http 404 error

I got http 404 error when "npm run dist",but the .dmg build success.

That's fine. All it means is that the prebuilt package was not found and it will be compiled.

* Can i build win installer at MacOS?

No, because not all native dependencies of this project provide prebuilt binaries.

be-wei

comment created time in 2 days

issue commentjitsi/jitsi-meet-electron

User's name sometimes won't change

You did catch a bug: we currently save the name to settings on blur, but that seems to not fire when you close the drawer.

pgenderson

comment created time in 2 days

push eventjitsi/jitsi-meet-electron

Saúl Ibarra Corretgé

commit sha 76bf7d3ee118e4d1dca8546963d97167a0c1f27f

Updated translation

view details

push time in 2 days

issue closedjitsi/jitsi-meet

"Video Share" feature flag not respected on Android

<!--

This issue tracker is only for reporting bugs and tracking issues related to the source code.

Before posting, please make sure to check if the same or similar bugs have already been discussed: https://github.com/jitsi/jitsi-meet/issues

General questions regarding usage, installation, etc. should be posted at https://community.jitsi.org. They will be closed if posted here.

-->

Description:

I have set the feature flag video-share.enabled to false. It works well on iOS.

However, testing it, the video sharing button is still shown for Android phones. In particular, Galaxy S9 (Android 10)

https://github.com/jitsi/jitsi-meet/blob/7f5751b9185b406a55e22b0df204620f56eae1b0/react/features/base/flags/constants.js

<!-- Please describe the bug clearly and concisely. -->

Steps to reproduce:

In MainActivity.java I have changed the following function:

private void setJitsiMeetConferenceDefaultOptions() {
        // Set default options
        JitsiMeetConferenceOptions defaultOptions
            = new JitsiMeetConferenceOptions.Builder()
            .setWelcomePageEnabled(true)
            .setServerURL(buildURL(defaultURL))
            .setFeatureFlag("call-integration.enabled", false)
            .setFeatureFlag("resolution", 360)
            .setFeatureFlag("server-url-change.enabled", !configurationByRestrictions)
            .setFeatureFlag("calendar.enabled", false)
            .setFeatureFlag("live-streaming.enabled", false)
            .setFeatureFlag("recording.enabled", false)
            .setFeatureFlag("video-share.enabled", false)           ## <---- video share feature flag
            .setFeatureFlag("invite.enabled", false)
            .setFeatureFlag("close-captions.enabled", false)
            .build();
        JitsiMeet.setDefaultConferenceOptions(defaultOptions);
    }

However, when built, signed and installed on an Android device, the video sharing feature is still available

Expected behavior:

<!-- Please describe what should happen. --> If I disable the video-share feature flag, it should not appear in the Android application anymore.

Actual behavior:

<!-- Please describe what actually happens. --> <!-- Please attach screenshot if possible. --> Even if I disabled the video-share feature flag, the button to share a video still appears in the Android application.

Server information:

  • Jitsi Meet version: stable-4857
  • Operating System: debian10

Client information:

  • Browser / app version: android-20.4.1
  • Operating System: Android 10

Additional information:

<!-- Please provide additional information about the bug, if any. --> Screenshot_20200923

closed time in 2 days

mfts

issue commentjitsi/jitsi-meet

"Video Share" feature flag not respected on Android

We don't maintain that package, sorry. Our SDK is released to our maven repo or cocoapods respectively. See here: https://jitsi.github.io/handbook/docs/dev-guide/dev-guide-mobile

mfts

comment created time in 2 days

issue commentjitsi/jitsi-meet-electron

Invalid Server URL or external API not enabled

For everyone here: I just committed a patch which greatly simplifies server URL verification, since we now bundle external API, so there is no need to check for it. If you folks can test current master and let me know if it works ok it would be ideal. Cheers!

chart41

comment created time in 2 days

push eventjitsi/jitsi-meet-electron

Saúl Ibarra Corretgé

commit sha 730a6890bee02e2c5b90f9e19f896b6c05d4461c

Simplify validating server URL There is no need to send a HEAD request to the server since we now bundle external_api.js.

view details

push time in 2 days

issue commentjitsi/jitsi-meet-electron

Invalid Server URL or external API not enabled

You can open DevTools with the same key combination that you would in Chrome. I think on Windows it's Ctrl+Alt+i

chart41

comment created time in 2 days

issue commentjitsi/jitsi-meet

"Video Share" feature flag not respected on Android

@mfts I just tested this myself and cannot reproduce it. Are you sure you are on the latest version? You said you modified MainActivity.java, but that's not part of the SDK, so I'm a bit unsure about what you are using really.

mfts

comment created time in 2 days

issue commentjitsi/jitsi-meet

"Video Share" feature flag not respected on Android

That version is incredibly old. Please update to the latest SDK version (2.10.0) at the time of this writing.

mfts

comment created time in 2 days

issue commentjitsi/jitsi-meet

"Video Share" feature flag not respected on Android

What SDK version are you using @Marinaarimany ?

mfts

comment created time in 2 days

issue commentjitsi/jitsi-meet-sdk-samples

Crush from Apps when Joined.

I have never seen such error, sorry.

wahidin32

comment created time in 2 days

pull request commentjitsi/jitsi-meet

feat: allow jitsi meet to be opened in a mobile browser

This is now available on the latest stable release (and has been for a while).

riyadhzen

comment created time in 2 days

startedkovidgoyal/kitty

started time in 2 days

issue commentjitsi/jitsi-meet-electron

Invalid Server URL or external API not enabled

Can you open the dev console and check the logs? it's now enabled on release builds too.

chart41

comment created time in 3 days

PullRequestReviewEvent

pull request commentjitsi/lib-jitsi-meet

e2ee: use CTR instead of GCM

JFrame and LGTM :-)

fippo

comment created time in 3 days

issue closedjitsi/jitsi-meet

Jitsi-meet for Unity-3D Game Engine

Is your feature request related to a problem you are facing? Please describe the problem you are trying to solve.

I would like to integrate jitsi-meet with Unity-3d Game engine

https://www.unity3d.com

Unity is used my millions of game developers all over the world.

Describe the solution you'd like Please describe the desired behavior.

jitsi-meet integrated with Unity 3D

Describe alternatives you've considered Please describe alternative solutions or features you have considered.

none

closed time in 3 days

nsmith1024

issue commentjitsi/jitsi-meet

Jitsi-meet for Unity-3D Game Engine

Please stop posting duplicates. I already replied yesterday this is not the place to ask these questions. https://github.com/jitsi/jitsi-meet/issues/7761#issuecomment-697186029

nsmith1024

comment created time in 3 days

pull request commentjitsi/jitsi-meet

Polls/Voting Feature in Jitsi-meet

No progress has been made. Just so everyone can adjust their expectations: as of today this PR is closed and we have no plans to work on this feature. Things may change in the future, but that's how it is today.

mmoanis

comment created time in 3 days

startedmartinthomson/i-d-template

started time in 3 days

push eventjitsi/jitsi-meet

Saúl Ibarra Corretgé

commit sha e89df8c346b31f1c78e8f650dbc251656ef375b8

chore(ios) sync Podfile.lock

view details

push time in 3 days

push eventjitsi/jitsi-meet

Saúl Ibarra Corretgé

commit sha f4fe1a71a5dc435f5c1404323b73a9e902cacd64

fix(ios) add local network usage description for iOS 14

view details

push time in 3 days

push eventjitsi/jitsi-meet

Saúl Ibarra Corretgé

commit sha 8c319dbf679f4e948247b2afceb13d236c78b2de

fix(analytics) avoid Amplitude initialization failure on mobile

view details

Saúl Ibarra Corretgé

commit sha 86b24256585c6695bbaa8370d252ca0f9f3b57d2

fix(analytics) make sure rtcstats is not enabled on mobile

view details

Saúl Ibarra Corretgé

commit sha b40a0ff82c64d4e1ffb596c804f08a749128c5b5

fix(analytics) make handler loading more resilient - Don't initialize handler's is their API key is not set - Don't swallow exceptions when creating handlers - Don't remove all handlers if an external one fails - Dispose the analytics subsystem if no handlers are registered

view details

Saúl Ibarra Corretgé

commit sha c1ddd0cde72edab85152d22cd6bf9bbdb4850d2a

fix(analytics) clarify log line

view details

Saúl Ibarra Corretgé

commit sha e23753919720411fac7c2438a49a7f04b17d8546

chore(android,ios,version) bump

view details

push time in 3 days

push eventjitsi/jitsi-meet

Saúl Ibarra Corretgé

commit sha 1a339100abe608047dc9af90ae7242565f9a0531

fix(analytics) avoid Amplitude initialization failure on mobile

view details

Saúl Ibarra Corretgé

commit sha 919be219128bdbb6dd13c8eb902891b1d13a967a

fix(analytics) make sure rtcstats is not enabled on mobile

view details

Saúl Ibarra Corretgé

commit sha b153bf2fb85e98f193476ced537afa53207db0c4

fix(analytics) make handler loading more resilient - Don't initialize handler's is their API key is not set - Don't swallow exceptions when creating handlers - Don't remove all handlers if an external one fails - Dispose the analytics subsystem if no handlers are registered

view details

Saúl Ibarra Corretgé

commit sha ddbd3f292ac4097488d552c52f7e6c00166cdee4

fix(analytics) clarify log line

view details

push time in 3 days

PR merged jitsi/jitsi-meet

Miscellaneous analytics fixes

Check every commit message for a description.

+73 -39

0 comment

4 changed files

saghul

pr closed time in 3 days

created tagjitsi/jitsi-meet

tagandroid-20.4.1

Jitsi Meet - Secure, Simple and Scalable Video Conferences that you use as a standalone app or embed in your web application.

created time in 3 days

IssuesEvent

issue commentjitsi/jitsi-meet

Mute sound of the conference

Ah the flutter plugin is using our SDK? Then we'd need some changes, we don't have full support for it on mobile I think.

niyaz1998

comment created time in 3 days

push eventsaghul/txiki.js

dependabot[bot]

commit sha 7b733f772fb1bccf2668720a5a16a5ad0915ede1

build(deps): bump lodash from 4.17.15 to 4.17.19 in /tests/advanced Bumps [lodash](https://github.com/lodash/lodash) from 4.17.15 to 4.17.19. - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](https://github.com/lodash/lodash/compare/4.17.15...4.17.19) Signed-off-by: dependabot[bot] <support@github.com>

view details

push time in 3 days

PR merged saghul/txiki.js

build(deps): bump lodash from 4.17.15 to 4.17.19 in /tests/advanced dependencies

Bumps lodash from 4.17.15 to 4.17.19. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/lodash/lodash/releases">lodash's releases</a>.</em></p> <blockquote> <h2>4.17.16</h2> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/lodash/lodash/commit/d7fbc52ee0466a6d248f047b5d5c3e6d1e099056"><code>d7fbc52</code></a> Bump to v4.17.19</li> <li><a href="https://github.com/lodash/lodash/commit/2e1c0f22f425e9c013815b2cd7c2ebd51f49a8d6"><code>2e1c0f2</code></a> Add npm-package</li> <li><a href="https://github.com/lodash/lodash/commit/1b6c282299f4e0271f932b466c67f0f822aa308e"><code>1b6c282</code></a> Bump to v4.17.18</li> <li><a href="https://github.com/lodash/lodash/commit/a370ac81408de2da77a82b3c4b61a01a3b9c2fac"><code>a370ac8</code></a> Bump to v4.17.17</li> <li><a href="https://github.com/lodash/lodash/commit/1144918f3578a84fcc4986da9b806e63a6175cbb"><code>1144918</code></a> Rebuild lodash and docs</li> <li><a href="https://github.com/lodash/lodash/commit/3a3b0fd339c2109563f7e8167dc95265ed82ef3e"><code>3a3b0fd</code></a> Bump to v4.17.16</li> <li><a href="https://github.com/lodash/lodash/commit/c84fe82760fb2d3e03a63379b297a1cc1a2fce12"><code>c84fe82</code></a> fix(zipObjectDeep): prototype pollution (<a href="https://github-redirect.dependabot.com/lodash/lodash/issues/4759">#4759</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/e7b28ea6cb17b4ca021e7c9d66218c8c89782f32"><code>e7b28ea</code></a> Sanitize sourceURL so it cannot affect evaled code (<a href="https://github-redirect.dependabot.com/lodash/lodash/issues/4518">#4518</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/0cec225778d4ac26c2bac95031ecc92a94f08bbb"><code>0cec225</code></a> Fix lodash.isEqual for circular references (<a href="https://github-redirect.dependabot.com/lodash/lodash/issues/4320">#4320</a>) (<a href="https://github-redirect.dependabot.com/lodash/lodash/issues/4515">#4515</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/94c3a8133cb4fcdb50db72b4fd14dd884b195cd5"><code>94c3a81</code></a> Document matches* shorthands for over* methods (<a href="https://github-redirect.dependabot.com/lodash/lodash/issues/4510">#4510</a>) (<a href="https://github-redirect.dependabot.com/lodash/lodash/issues/4514">#4514</a>)</li> <li>Additional commits viewable in <a href="https://github.com/lodash/lodash/compare/4.17.15...4.17.19">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~mathias">mathias</a>, a new releaser for lodash since your current version.</p> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+3 -3

0 comment

1 changed file

dependabot[bot]

pr closed time in 3 days

push eventsaghul/txiki.js

dependabot[bot]

commit sha 74f7601fb6ebb01b87ec89cf6dde93b9156d5855

build(deps): bump elliptic from 6.5.2 to 6.5.3 in /tests/advanced Bumps [elliptic](https://github.com/indutny/elliptic) from 6.5.2 to 6.5.3. - [Release notes](https://github.com/indutny/elliptic/releases) - [Commits](https://github.com/indutny/elliptic/compare/v6.5.2...v6.5.3) Signed-off-by: dependabot[bot] <support@github.com>

view details

push time in 3 days

PR merged saghul/txiki.js

build(deps): bump elliptic from 6.5.2 to 6.5.3 in /tests/advanced dependencies

Bumps elliptic from 6.5.2 to 6.5.3. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/indutny/elliptic/commit/8647803dc3d90506aa03021737f7b061ba959ae1"><code>8647803</code></a> 6.5.3</li> <li><a href="https://github.com/indutny/elliptic/commit/856fe4d99fe7b6200556e6400b3bf585b1721bec"><code>856fe4d</code></a> signature: prevent malleability and overflows</li> <li>See full diff in <a href="https://github.com/indutny/elliptic/compare/v6.5.2...v6.5.3">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+3 -3

0 comment

1 changed file

dependabot[bot]

pr closed time in 3 days

push eventjitsi/jitsi-meet

Tudor-Ovidiu Avram

commit sha ce4ef969413fa81a158d0b51b4c90ec2117d3d9f

fix(vpaas) hide embed meeting for vpaas users

view details

push time in 3 days

PR merged jitsi/jitsi-meet

fix(vpaas) hide embed meeting for vpaas users

<!-- Thank you for your pull request. Please provide a thorough description below.

Contributors guide: https://github.com/jitsi/jitsi-meet/blob/master/CONTRIBUTING.md -->

+26 -2

0 comment

2 changed files

quitrk

pr closed time in 3 days

push eventjitsi/jitsi-meet

Tudor-Ovidiu Avram

commit sha 993ded9936293f4a365de222b98828b232237887

fix(vpaas) fix vpaas redirect

view details

push time in 3 days

PR merged jitsi/jitsi-meet

fix(vpaas) fix vpaas redirect

<!-- Thank you for your pull request. Please provide a thorough description below.

Contributors guide: https://github.com/jitsi/jitsi-meet/blob/master/CONTRIBUTING.md -->

+2 -0

0 comment

1 changed file

quitrk

pr closed time in 3 days

PR opened jitsi/jitsi-meet

Miscellaneous analytics fixes

Check every commit message for a description.

+73 -39

0 comment

4 changed files

pr created time in 3 days

create barnchsaghul/jitsi-meet

branch : rn-fix-analytics

created branch time in 3 days

issue commentjitsi/jitsi-meet

Mute sound of the conference

We don't maintain the flutter plugin, you'd have to ask whoever is responsible for that.

niyaz1998

comment created time in 3 days

issue commentjitsi/jitsi-meet

Memory leak on jitsimeet sample App

Alas that report doesn't say much. I know we have a "leak" in that we keep a reference to the current activity in a singleton object. Leak Canary reports this, but it's not a problem in practice because the lifetimes of both objects are in sync.

If this is something else, we are going to need some more details.

JacobGbGuan

comment created time in 3 days

issue commentjitsi/jitsi-meet

Android App Rejects Let's Encrypt Chain on TURNS Connection

FTR, we are going to replace the cert bundle that WebRTC ships with. Not a big deal, but it needs to be done.

rfrederick

comment created time in 3 days

issue commentjitsi/jitsi-meet

Mute sound of the conference

You can join the conference with this at the end of the URL: #config.startSilent=true

niyaz1998

comment created time in 3 days

PullRequestReviewEvent

Pull request review commentjitsi/lib-jitsi-meet

e2ee: use CTR instead of GCM

 class Context {      *      * The VP8 payload descriptor described in      *   https://tools.ietf.org/html/rfc7741#section-4.2-     * is part of the RTP packet and not part of the frame and is not controllable by us.-     * This is fine as the SFU keeps having access to it for routing.-     *-     * The encrypted frame is formed as follows:-     * 1) Leave the first (10, 3, 1) bytes unencrypted, depending on the frame type and kind.-     * 2) Form the GCM IV for the frame as described above.-     * 3) Encrypt the rest of the frame using AES-GCM.-     * 4) Allocate space for the encrypted frame.-     * 5) Copy the unencrypted bytes to the start of the encrypted frame.-     * 6) Append the ciphertext to the encrypted frame.-     * 7) Append the IV.-     * 8) Append a single byte for the key identifier. TODO: we don't need all the bits.-     * 9) Enqueue the encrypted frame for sending.+     * is part of the RTP packet and not part of the encoded frame and is therefore not+     * controllable by us. This is fine as the SFU keeps having access to it for routing.      */     encodeFunction(encodedFrame, controller) {         const keyIndex = this._currentKeyIndex;          if (this._cryptoKeyRing[keyIndex]) {-            const iv = this.makeIV(encodedFrame.getMetadata().synchronizationSource, encodedFrame.timestamp);+            this._sendCount++;++            // Thіs is not encrypted and contains the VP8 payload descriptor or the Opus TOC byte.+            const frameHeader = new Uint8Array(encodedFrame.data, 0, unencryptedBytes[encodedFrame.type]);++            // Construct frame trailer. Similar to the frame header described in+            // https://tools.ietf.org/html/draft-omara-sframe-00#section-4.2+            // but we put it at the end.+            const counter = new Uint8Array(16);+            const counterView = new DataView(counter.buffer);++            // The counter is encoded as a variable-length field.+            counterView.setBigUint64(8, this._sendCount);+            let counterLength = 8;++            for (let i = 8; i < counter.byteLength; i++ && counterLength--) {+                if (counterView.getUint8(i) !== 0) {+                    break;+                }+            }++            const frameTrailer = new Uint8Array(counterLength + 1);++            frameTrailer.set(new Uint8Array(counter.buffer, counter.byteLength - counterLength));++            // Since we never send a counter of 0 we send counterLength - 1 on the wire.+            // This is different from the sframe draft, increases the key space and lets us+            // ignore the case of a zero-length counter at the receiver.+            frameTrailer[frameTrailer.byteLength - 1] = keyIndex | ((counterLength - 1) << 4);++            // XOR the counter with the saltKey to construct the AES CTR.+            const saltKey = new DataView(this._cryptoKeyRing[keyIndex].saltKey);++            for (let i = 0; i < counter.byteLength; i++) {+                counterView.setUint8(i, counterView.getUint8(i) ^ saltKey.getUint8(i));+            }              return crypto.subtle.encrypt({-                name: 'AES-GCM',-                iv,-                additionalData: new Uint8Array(encodedFrame.data, 0, unencryptedBytes[encodedFrame.type])-            }, this._cryptoKeyRing[keyIndex], new Uint8Array(encodedFrame.data,+                name: 'AES-CTR',+                counter,+                length: 64+            }, this._cryptoKeyRing[keyIndex].encryptionKey, new Uint8Array(encodedFrame.data,                 unencryptedBytes[encodedFrame.type]))             .then(cipherText => {-                const newData = new ArrayBuffer(unencryptedBytes[encodedFrame.type] + cipherText.byteLength-                    + iv.byteLength + 1);+                const newData = new ArrayBuffer(frameHeader.byteLength + cipherText.byteLength+                    + digestLength[encodedFrame.type] + frameTrailer.byteLength);                 const newUint8 = new Uint8Array(newData); -                newUint8.set(-                    new Uint8Array(encodedFrame.data, 0, unencryptedBytes[encodedFrame.type])); // copy first bytes.-                newUint8.set(-                    new Uint8Array(cipherText), unencryptedBytes[encodedFrame.type]); // add ciphertext.-                newUint8.set(-                    new Uint8Array(iv), unencryptedBytes[encodedFrame.type] + cipherText.byteLength); // append IV.-                newUint8[unencryptedBytes[encodedFrame.type] + cipherText.byteLength + ivLength]-                    = keyIndex; // set key index.--                encodedFrame.data = newData;+                newUint8.set(frameHeader); // copy first bytes.+                newUint8.set(new Uint8Array(cipherText), unencryptedBytes[encodedFrame.type]); // add ciphertext.+                // Leave some space for the signature. This is filled with 0s initially, similar to+                // STUN message-integrity described in https://tools.ietf.org/html/rfc5389#section-15.4+                newUint8.set(frameTrailer, frameHeader.byteLength + cipherText.byteLength+                    + digestLength[encodedFrame.type]); // append trailer.++                return crypto.subtle.sign(signatureOptions, this._cryptoKeyRing[keyIndex].authenticationKey,+                    new Uint8Array(newData)).then(signature => {+                    // set the signature.

Suggested some alternative text to avoid the confusion when we add keyframe signing.

fippo

comment created time in 3 days

Pull request review commentjitsi/lib-jitsi-meet

e2ee: use CTR instead of GCM

 class Context {      *      * @param {RTCEncodedVideoFrame|RTCEncodedAudioFrame} encodedFrame - Encoded video frame.      * @param {TransformStreamDefaultController} controller - TransportStreamController.-     *-     * The decrypted frame is formed as follows:-     * 1) Extract the key index from the last byte of the encrypted frame.-     *    If there is no key associated with the key index, the frame is enqueued for decoding-     *    and these steps terminate.-     * 2) Determine the frame type in order to look up the number of unencrypted header bytes.-     * 2) Extract the 12-byte IV from its position near the end of the packet.-     *    Note: the IV is treated as opaque and not reconstructed from the input.-     * 3) Decrypt the encrypted frame content after the unencrypted bytes using AES-GCM.-     * 4) Allocate space for the decrypted frame.-     * 5) Copy the unencrypted bytes from the start of the encrypted frame.-     * 6) Append the plaintext to the decrypted frame.-     * 7) Enqueue the decrypted frame for decoding.      */     decodeFunction(encodedFrame, controller) {         const data = new Uint8Array(encodedFrame.data);-        const keyIndex = data[encodedFrame.data.byteLength - 1];+        const keyIndex = data[encodedFrame.data.byteLength - 1] & 0x7; // eslint-disable-line no-bitwise          if (this._cryptoKeyRing[keyIndex]) {-            const iv = new Uint8Array(encodedFrame.data, encodedFrame.data.byteLength - ivLength - 1, ivLength);-            const cipherTextStart = unencryptedBytes[encodedFrame.type];-            const cipherTextLength = encodedFrame.data.byteLength - (unencryptedBytes[encodedFrame.type]-                + ivLength + 1);--            return crypto.subtle.decrypt({-                name: 'AES-GCM',-                iv,-                additionalData: new Uint8Array(encodedFrame.data, 0, unencryptedBytes[encodedFrame.type])-            }, this._cryptoKeyRing[keyIndex], new Uint8Array(encodedFrame.data, cipherTextStart, cipherTextLength))-            .then(plainText => {-                const newData = new ArrayBuffer(unencryptedBytes[encodedFrame.type] + plainText.byteLength);-                const newUint8 = new Uint8Array(newData);+            // eslint-disable-next-line no-bitwise+            const counterLength = 1 + ((data[encodedFrame.data.byteLength - 1] >> 4) & 0x7);+            const frameHeader = new Uint8Array(encodedFrame.data, 0, unencryptedBytes[encodedFrame.type]); -                newUint8.set(new Uint8Array(encodedFrame.data, 0, unencryptedBytes[encodedFrame.type]));-                newUint8.set(new Uint8Array(plainText), unencryptedBytes[encodedFrame.type]);+            // Extract the signature.+            const signatureOffset = encodedFrame.data.byteLength - (digestLength[encodedFrame.type]+                + counterLength + 1);+            const signature = encodedFrame.data.slice(signatureOffset, signatureOffset+                + digestLength[encodedFrame.type]); -                encodedFrame.data = newData;+            // Set signature bytes to 0.+            const zeros = new Uint8Array(digestLength[encodedFrame.type]); -                return controller.enqueue(encodedFrame);-            }, e => {-                console.error(e);+            data.set(zeros, encodedFrame.data.byteLength - (digestLength[encodedFrame.type] + counterLength + 1));++            return crypto.subtle.sign(signatureOptions, this._cryptoKeyRing[keyIndex].authenticationKey,+                encodedFrame.data).then(calculatedSignature => {+                // Do truncated hash comparison.+                if (!isArrayEqual(signature, calculatedSignature.slice(0, digestLength[encodedFrame.type]))) {+                    console.error('signature mismatch', new Uint8Array(signature), new Uint8Array(calculatedSignature,

Can you put a TODO comment here? We will tackle it right after this lands.

fippo

comment created time in 3 days

Pull request review commentjitsi/lib-jitsi-meet

e2ee: use CTR instead of GCM

 class Context {      *      * The VP8 payload descriptor described in      *   https://tools.ietf.org/html/rfc7741#section-4.2-     * is part of the RTP packet and not part of the frame and is not controllable by us.-     * This is fine as the SFU keeps having access to it for routing.-     *-     * The encrypted frame is formed as follows:-     * 1) Leave the first (10, 3, 1) bytes unencrypted, depending on the frame type and kind.-     * 2) Form the GCM IV for the frame as described above.-     * 3) Encrypt the rest of the frame using AES-GCM.-     * 4) Allocate space for the encrypted frame.-     * 5) Copy the unencrypted bytes to the start of the encrypted frame.-     * 6) Append the ciphertext to the encrypted frame.-     * 7) Append the IV.-     * 8) Append a single byte for the key identifier. TODO: we don't need all the bits.-     * 9) Enqueue the encrypted frame for sending.+     * is part of the RTP packet and not part of the encoded frame and is therefore not+     * controllable by us. This is fine as the SFU keeps having access to it for routing.      */     encodeFunction(encodedFrame, controller) {         const keyIndex = this._currentKeyIndex;          if (this._cryptoKeyRing[keyIndex]) {-            const iv = this.makeIV(encodedFrame.getMetadata().synchronizationSource, encodedFrame.timestamp);+            this._sendCount++;++            // Thіs is not encrypted and contains the VP8 payload descriptor or the Opus TOC byte.+            const frameHeader = new Uint8Array(encodedFrame.data, 0, unencryptedBytes[encodedFrame.type]);++            // Construct frame trailer. Similar to the frame header described in+            // https://tools.ietf.org/html/draft-omara-sframe-00#section-4.2+            // but we put it at the end.+            const counter = new Uint8Array(16);+            const counterView = new DataView(counter.buffer);++            // The counter is encoded as a variable-length field.+            counterView.setBigUint64(8, this._sendCount);+            let counterLength = 8;++            for (let i = 8; i < counter.byteLength; i++ && counterLength--) {+                if (counterView.getUint8(i) !== 0) {+                    break;+                }+            }++            const frameTrailer = new Uint8Array(counterLength + 1);++            frameTrailer.set(new Uint8Array(counter.buffer, counter.byteLength - counterLength));++            // Since we never send a counter of 0 we send counterLength - 1 on the wire.+            // This is different from the sframe draft, increases the key space and lets us+            // ignore the case of a zero-length counter at the receiver.+            frameTrailer[frameTrailer.byteLength - 1] = keyIndex | ((counterLength - 1) << 4);++            // XOR the counter with the saltKey to construct the AES CTR.+            const saltKey = new DataView(this._cryptoKeyRing[keyIndex].saltKey);++            for (let i = 0; i < counter.byteLength; i++) {+                counterView.setUint8(i, counterView.getUint8(i) ^ saltKey.getUint8(i));+            }              return crypto.subtle.encrypt({-                name: 'AES-GCM',-                iv,-                additionalData: new Uint8Array(encodedFrame.data, 0, unencryptedBytes[encodedFrame.type])-            }, this._cryptoKeyRing[keyIndex], new Uint8Array(encodedFrame.data,+                name: 'AES-CTR',+                counter,+                length: 64+            }, this._cryptoKeyRing[keyIndex].encryptionKey, new Uint8Array(encodedFrame.data,                 unencryptedBytes[encodedFrame.type]))             .then(cipherText => {-                const newData = new ArrayBuffer(unencryptedBytes[encodedFrame.type] + cipherText.byteLength-                    + iv.byteLength + 1);+                const newData = new ArrayBuffer(frameHeader.byteLength + cipherText.byteLength+                    + digestLength[encodedFrame.type] + frameTrailer.byteLength);                 const newUint8 = new Uint8Array(newData); -                newUint8.set(-                    new Uint8Array(encodedFrame.data, 0, unencryptedBytes[encodedFrame.type])); // copy first bytes.-                newUint8.set(-                    new Uint8Array(cipherText), unencryptedBytes[encodedFrame.type]); // add ciphertext.-                newUint8.set(-                    new Uint8Array(iv), unencryptedBytes[encodedFrame.type] + cipherText.byteLength); // append IV.-                newUint8[unencryptedBytes[encodedFrame.type] + cipherText.byteLength + ivLength]-                    = keyIndex; // set key index.--                encodedFrame.data = newData;+                newUint8.set(frameHeader); // copy first bytes.+                newUint8.set(new Uint8Array(cipherText), unencryptedBytes[encodedFrame.type]); // add ciphertext.+                // Leave some space for the signature. This is filled with 0s initially, similar to+                // STUN message-integrity described in https://tools.ietf.org/html/rfc5389#section-15.4+                newUint8.set(frameTrailer, frameHeader.byteLength + cipherText.byteLength+                    + digestLength[encodedFrame.type]); // append trailer.++                return crypto.subtle.sign(signatureOptions, this._cryptoKeyRing[keyIndex].authenticationKey,+                    new Uint8Array(newData)).then(signature => {+                    // set the signature.
                    // set the truncated authentication tag.
fippo

comment created time in 3 days

Pull request review commentjitsi/lib-jitsi-meet

e2ee: use CTR instead of GCM

 class Context {      *      * @param {RTCEncodedVideoFrame|RTCEncodedAudioFrame} encodedFrame - Encoded video frame.      * @param {TransformStreamDefaultController} controller - TransportStreamController.-     *-     * The decrypted frame is formed as follows:-     * 1) Extract the key index from the last byte of the encrypted frame.-     *    If there is no key associated with the key index, the frame is enqueued for decoding-     *    and these steps terminate.-     * 2) Determine the frame type in order to look up the number of unencrypted header bytes.-     * 2) Extract the 12-byte IV from its position near the end of the packet.-     *    Note: the IV is treated as opaque and not reconstructed from the input.-     * 3) Decrypt the encrypted frame content after the unencrypted bytes using AES-GCM.-     * 4) Allocate space for the decrypted frame.-     * 5) Copy the unencrypted bytes from the start of the encrypted frame.-     * 6) Append the plaintext to the decrypted frame.-     * 7) Enqueue the decrypted frame for decoding.      */     decodeFunction(encodedFrame, controller) {         const data = new Uint8Array(encodedFrame.data);-        const keyIndex = data[encodedFrame.data.byteLength - 1];+        const keyIndex = data[encodedFrame.data.byteLength - 1] & 0x7;          if (this._cryptoKeyRing[keyIndex]) {-            const iv = new Uint8Array(encodedFrame.data, encodedFrame.data.byteLength - ivLength - 1, ivLength);-            const cipherTextStart = unencryptedBytes[encodedFrame.type];-            const cipherTextLength = encodedFrame.data.byteLength - (unencryptedBytes[encodedFrame.type]-                + ivLength + 1);--            return crypto.subtle.decrypt({-                name: 'AES-GCM',-                iv,-                additionalData: new Uint8Array(encodedFrame.data, 0, unencryptedBytes[encodedFrame.type])-            }, this._cryptoKeyRing[keyIndex], new Uint8Array(encodedFrame.data, cipherTextStart, cipherTextLength))-            .then(plainText => {-                const newData = new ArrayBuffer(unencryptedBytes[encodedFrame.type] + plainText.byteLength);-                const newUint8 = new Uint8Array(newData);+            const counterLength = 1 + ((data[encodedFrame.data.byteLength - 1] >> 4) & 0x7);+            const frameHeader = new Uint8Array(encodedFrame.data, 0, unencryptedBytes[encodedFrame.type]); -                newUint8.set(new Uint8Array(encodedFrame.data, 0, unencryptedBytes[encodedFrame.type]));-                newUint8.set(new Uint8Array(plainText), unencryptedBytes[encodedFrame.type]);+            // Extract the signature.

Ditto: authentication tag.

fippo

comment created time in 3 days

Pull request review commentjitsi/lib-jitsi-meet

e2ee: use CTR instead of GCM

 class Context {      *      * The VP8 payload descriptor described in      *   https://tools.ietf.org/html/rfc7741#section-4.2-     * is part of the RTP packet and not part of the frame and is not controllable by us.-     * This is fine as the SFU keeps having access to it for routing.-     *-     * The encrypted frame is formed as follows:-     * 1) Leave the first (10, 3, 1) bytes unencrypted, depending on the frame type and kind.-     * 2) Form the GCM IV for the frame as described above.-     * 3) Encrypt the rest of the frame using AES-GCM.-     * 4) Allocate space for the encrypted frame.-     * 5) Copy the unencrypted bytes to the start of the encrypted frame.-     * 6) Append the ciphertext to the encrypted frame.-     * 7) Append the IV.-     * 8) Append a single byte for the key identifier. TODO: we don't need all the bits.-     * 9) Enqueue the encrypted frame for sending.+     * is part of the RTP packet and not part of the encoded frame and is therefore not+     * controllable by us. This is fine as the SFU keeps having access to it for routing.      */     encodeFunction(encodedFrame, controller) {         const keyIndex = this._currentKeyIndex;          if (this._cryptoKeyRing[keyIndex]) {-            const iv = this.makeIV(encodedFrame.getMetadata().synchronizationSource, encodedFrame.timestamp);+            this._sendCount++;++            // Thіs is not encrypted and contains the VP8 payload descriptor or the Opus TOC byte.+            const frameHeader = new Uint8Array(encodedFrame.data, 0, unencryptedBytes[encodedFrame.type]);++            // Construct frame trailer. Similar to the frame header described in+            // https://tools.ietf.org/html/draft-omara-sframe-00#section-4.2+            // but we put it at the end.

Let's add some ascii art please :-)

fippo

comment created time in 3 days

Pull request review commentjitsi/lib-jitsi-meet

e2ee: use CTR instead of GCM

 class Context {         // A pointer to the currently used key.         this._currentKeyIndex = -1; -        // We keep track of how many frames we have sent per ssrc.-        // Starts with a random offset similar to the RTP sequence number.-        this._sendCounts = new Map();+        // a per-sender counter that is used create the AES CTR.+        // Must be incremented on every frame that is sent, can be reset on+        // key changes.+        this._sendCount = 0n;          this._id = id;     }      /**-     * Derives a per-participant key.-     * @param {Uint8Array} keyBytes - Value to derive key from-     * @param {Uint8Array} salt - Salt used in key derivation-     */-    async deriveKey(keyBytes, salt) {-        const encoder = new TextEncoder();-        const idBytes = encoder.encode(this._id);--        // Separate both parts by a null byte to avoid ambiguity attacks.-        const participantSalt = new Uint8Array(salt.byteLength + idBytes.byteLength + 1);--        participantSalt.set(salt);-        participantSalt.set(idBytes, salt.byteLength + 1);--        return deriveKey(keyBytes, participantSalt);-    }--    /**-     * Sets a key and starts using it for encrypting.+     * Sets a key, derive the different subkeys and starts using them for encryption or
     * Sets a key, derives the different subkeys and starts using them for encryption or
fippo

comment created time in 3 days

Pull request review commentjitsi/lib-jitsi-meet

e2ee: use CTR instead of GCM

 This document describes some of the high-level concepts and outlines the design. Please refer to the source code for details. -## Deriving the key from the e2eekey url hash-We take the key from the url hash.  Unlike query parameters this does not get-sent to the server so it is the right place for it. We use-the window.location.onhashchange event to listen for changes in the e2ee-key property.--It is important to note that this key should not get exchanged via the server.-There needs to be some other means of exchanging it.--From this key we derive a 128bit key using PBKDF2. We use the room name as a salt in this key generation. This is a bit weak but we need to start with information that is the same for all participants so we can not yet use a proper random salt.-We add the participant id to the salt when deriving the key which allows us to use per-sender keys. This is done to prepare the ground for the actual architecture and does not change the cryptographic properties.--We plan to rotate the key whenever a participant joins or leaves. However, we need end-to-end encrypted signaling to exchange those keys so we are not doing this yet.--## The encrypted frame-The derived key is used in the transformations of the Insertable Streams API.-These transformations use AES-GCM (with a 128 bit key; we could have used-256 bits but since the keys are short-lived decided against it) and the-webcrypto API:-  https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/encrypt--AES-GCM needs a 96 bit initialization vector which we construct-based on the SSRC, the rtp timestamp and a frame counter which is similar to-how the IV is constructed in SRTP with GCM-  https://tools.ietf.org/html/rfc7714#section-8.1--This IV gets sent along with the packet, adding 12 bytes of overhead. The GCM-tag length is the default 128 bits or 16 bytes. For video this overhead is ok but-for audio (where the opus frames are much, much smaller) we are considering shorter-authentication tags.+## Packet format+We are using a variant of+  https://tools.ietf.org/html/draft-omara-sframe-00+that uses a trailer instead of a header.

let's ascii-art the packet here please :-)

fippo

comment created time in 3 days

Pull request review commentjitsi/lib-jitsi-meet

e2ee: use CTR instead of GCM

 class Context {         // A pointer to the currently used key.         this._currentKeyIndex = -1; -        // We keep track of how many frames we have sent per ssrc.-        // Starts with a random offset similar to the RTP sequence number.-        this._sendCounts = new Map();+        // a per-sender counter that is used create the AES CTR.
        // A per-sender counter that is used create the AES CTR.
fippo

comment created time in 3 days

PullRequestReviewEvent
PullRequestReviewEvent

issue commentmatrix-org/olm

olm_sas_generate_bytes doesn't fail if their key is not set

Cheers!

saghul

comment created time in 3 days

issue commentjitsi/jitsi-meet

Android App Rejects Let's Encrypt Chain on TURNS Connection

Right on the money.

rfrederick

comment created time in 3 days

PullRequestReviewEvent
more