Add E2E encryption for relay transport (ECDH P-256 + AES-256-GCM)

Encrypts all relay messages between dashboard and workers so the
signaling server cannot read message payloads. Uses ephemeral ECDH
P-256 key exchange + HKDF + AES-256-GCM with zero new dependencies.

Python (worker):
- New sleap_rtc/encryption/ module (ecdh.py, envelope.py)
- mesh_coordinator: key exchange handler, decrypt incoming, encrypt outgoing
- RelayChannel.send() encrypts job status/progress when E2E session active
- Session key storage with 24h pruning

JavaScript (dashboard):
- Web Crypto API: ECDH P-256 key generation, HKDF, AES-GCM encrypt/decrypt
- Key exchange initiated on "Next →" (sjEnterStep3 / sjGoToInferenceStep)
- apiWorkerMessage() transparently encrypts when E2E is ready
- apiFsList/apiJobSubmit rerouted through encrypted path
- sseConnect() decrypts encrypted_relay events and re-dispatches

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: alicup29

dashboard/app.js

@@ -147,6 +147,12 @@ class SleapRTCDashboard {
         this.activeJobs = new Map(); // jobId → job state
         this._workerPollInterval = null;
 
+        // E2E encryption state (per-session, cleared on page refresh)
+        this._e2eSessionId = null;
+        this._e2ePrivateKey = null;  // CryptoKey (P-256 ECDH)
+        this._e2eSharedKey = null;   // CryptoKey (AES-256-GCM)
+        this._e2eReady = false;
+
         this.init();
     }
 
@@ -662,10 +668,25 @@ class SleapRTCDashboard {
         const url = `${CONFIG.RELAY_SERVER}/stream/${encodeURIComponent(channel)}`;
         const es = new EventSource(url);
         const handlers = {};
+        const dashboard = this;
 
-        es.onmessage = (event) => {
+        es.onmessage = async (event) => {
             let data;
             try { data = JSON.parse(event.data); } catch { return; }
+
+            // Handle encrypted relay messages — decrypt and re-dispatch
+            if (data.type === 'encrypted_relay') {
+                if (!dashboard._e2eReady || !dashboard._e2eSharedKey) {
+                    return; // No key yet, discard
+                }
+                if (data.session_id !== dashboard._e2eSessionId) {
+                    return; // Stale session, discard
+                }
+                const decrypted = await dashboard._e2eDecrypt(data.nonce, data.ciphertext);
+                if (!decrypted) return; // Decryption failed, discard silently
+                data = decrypted;
+            }
+
             const type = data.type;
             if (type && handlers[type]) handlers[type](data);
             if (handlers['*']) handlers['*'](data);
@@ -682,20 +703,236 @@ class SleapRTCDashboard {
         };
     }
 
+    // =========================================================================
+    // E2E Encryption for Relay Transport
+    // =========================================================================
+
+    /**
+     * Generate an ephemeral ECDH P-256 keypair for E2E encryption.
+     * @returns {Promise<{privateKey: CryptoKey, publicKeyRaw: ArrayBuffer}>}
+     */
+    async _e2eGenerateKeypair() {
+        const keyPair = await crypto.subtle.generateKey(
+            { name: 'ECDH', namedCurve: 'P-256' },
+            false, // private key not extractable
+            ['deriveBits']
+        );
+        const publicKeyRaw = await crypto.subtle.exportKey('raw', keyPair.publicKey);
+        return { privateKey: keyPair.privateKey, publicKeyRaw };
+    }
+
+    /**
+     * Derive an AES-256-GCM key from ECDH shared secret + HKDF.
+     * Parameters must match Python side exactly.
+     * @param {CryptoKey} privateKey - Our P-256 private key
+     * @param {ArrayBuffer} peerPublicKeyRaw - Peer's raw public key (65 bytes)
+     * @returns {Promise<CryptoKey>} AES-256-GCM key
+     */
+    async _e2eDeriveKey(privateKey, peerPublicKeyRaw) {
+        const peerPublicKey = await crypto.subtle.importKey(
+            'raw', peerPublicKeyRaw,
+            { name: 'ECDH', namedCurve: 'P-256' },
+            false, []
+        );
+
+        // ECDH → shared secret
+        const sharedBits = await crypto.subtle.deriveBits(
+            { name: 'ECDH', public: peerPublicKey },
+            privateKey, 256
+        );
+
+        // Import as HKDF key material
+        const hkdfKey = await crypto.subtle.importKey(
+            'raw', sharedBits, 'HKDF', false, ['deriveKey']
+        );
+
+        // HKDF → AES-256-GCM key (must match Python: SHA-256, no salt, info="sleap-rtc-relay-e2e-v1")
+        return crypto.subtle.deriveKey(
+            {
+                name: 'HKDF',
+                hash: 'SHA-256',
+                salt: new Uint8Array(0),
+                info: new TextEncoder().encode('sleap-rtc-relay-e2e-v1'),
+            },
+            hkdfKey,
+            { name: 'AES-GCM', length: 256 },
+            false, ['encrypt', 'decrypt']
+        );
+    }
+
+    /**
+     * Encrypt a JSON payload with AES-256-GCM.
+     * @param {object} payload - JSON-serializable object
+     * @returns {Promise<{nonce: string, ciphertext: string}>} Base64-encoded nonce and ciphertext
+     */
+    async _e2eEncrypt(payload) {
+        const nonce = crypto.getRandomValues(new Uint8Array(12));
+        const plaintext = new TextEncoder().encode(JSON.stringify(payload));
+        const ciphertext = new Uint8Array(await crypto.subtle.encrypt(
+            { name: 'AES-GCM', iv: nonce },
+            this._e2eSharedKey, plaintext
+        ));
+        return {
+            nonce: btoa(String.fromCharCode(...nonce)),
+            ciphertext: btoa(String.fromCharCode(...ciphertext)),
+        };
+    }
+
+    /**
+     * Decrypt an AES-256-GCM ciphertext back to a JSON object.
+     * @param {string} nonceB64 - Base64-encoded nonce
+     * @param {string} ciphertextB64 - Base64-encoded ciphertext
+     * @returns {Promise<object|null>} Decrypted JSON object, or null on failure
+     */
+    async _e2eDecrypt(nonceB64, ciphertextB64) {
+        try {
+            const nonceBin = atob(nonceB64);
+            const nonce = new Uint8Array(nonceBin.length);
+            for (let i = 0; i < nonceBin.length; i++) nonce[i] = nonceBin.charCodeAt(i);
+
+            const ctBin = atob(ciphertextB64);
+            const ct = new Uint8Array(ctBin.length);
+            for (let i = 0; i < ctBin.length; i++) ct[i] = ctBin.charCodeAt(i);
+
+            const plaintext = await crypto.subtle.decrypt(
+                { name: 'AES-GCM', iv: nonce },
+                this._e2eSharedKey, ct
+            );
+            return JSON.parse(new TextDecoder().decode(plaintext));
+        } catch (e) {
+            console.warn('[E2E] Decryption failed:', e.message);
+            return null;
+        }
+    }
+
+    /**
+     * Initiate E2E key exchange with a worker. Called from sjEnterStep3() and
+     * sjGoToInferenceStep() after opening the SSE connection.
+     *
+     * Sends our ephemeral public key, waits for the worker's response on SSE,
+     * derives the shared AES key. Retries once on timeout (5s).
+     *
+     * @param {string} peerId - Worker peer ID
+     * @returns {Promise<boolean>} True if key exchange succeeded
+     */
+    async _e2eInitKeyExchange(peerId) {
+        this._e2eReady = false;
+        this._e2eSharedKey = null;
+        this._e2eSessionId = crypto.randomUUID();
+
+        const { privateKey, publicKeyRaw } = await this._e2eGenerateKeypair();
+        this._e2ePrivateKey = privateKey;
+
+        // Encode public key as URL-safe base64 (no padding)
+        const pubBytes = new Uint8Array(publicKeyRaw);
+        let pubB64 = btoa(String.fromCharCode(...pubBytes))
+            .replace(/\+/g, '-').replace(/\//g, '_').replace(/=+$/, '');
+
+        const attempt = async () => {
+            return new Promise((resolve, reject) => {
+                const timeout = setTimeout(() => {
+                    reject(new Error('Key exchange timeout'));
+                }, 5000);
+
+                // Listen for key_exchange_response on existing SSE
+                const originalHandler = this._sjWorkerSSE?.raw?.onmessage;
+                const wrappedHandler = async (event) => {
+                    let data;
+                    try { data = JSON.parse(event.data); } catch { return; }
+
+                    if (data.type === 'key_exchange_response' &&
+                        data.session_id === this._e2eSessionId) {
+                        clearTimeout(timeout);
+
+                        // Decode worker's public key
+                        let workerPubB64 = data.public_key
+                            .replace(/-/g, '+').replace(/_/g, '/');
+                        while (workerPubB64.length % 4) workerPubB64 += '=';
+                        const workerPubBin = atob(workerPubB64);
+                        const workerPubBytes = new Uint8Array(workerPubBin.length);
+                        for (let i = 0; i < workerPubBin.length; i++)
+                            workerPubBytes[i] = workerPubBin.charCodeAt(i);
+
+                        // Derive shared key
+                        try {
+                            this._e2eSharedKey = await this._e2eDeriveKey(
+                                this._e2ePrivateKey, workerPubBytes.buffer
+                            );
+                            this._e2eReady = true;
+                            console.log(`[E2E] Key exchange complete (session ${this._e2eSessionId.slice(0, 8)}...)`);
+                            resolve(true);
+                        } catch (e) {
+                            reject(e);
+                        }
+                    }
+
+                    // Also call original handler for other message types
+                    if (originalHandler) originalHandler(event);
+                };
+
+                // Temporarily wrap the SSE handler to intercept key_exchange_response
+                if (this._sjWorkerSSE?.raw) {
+                    this._sjWorkerSSE.raw.onmessage = wrappedHandler;
+                }
+
+                // Send key exchange request
+                this.apiWorkerMessage(this._sjRoomId, peerId, {
+                    type: 'key_exchange',
+                    session_id: this._e2eSessionId,
+                    public_key: pubB64,
+                }).catch(reject);
+            });
+        };
+
+        // Try twice
+        for (let i = 0; i < 2; i++) {
+            try {
+                await attempt();
+                return true;
+            } catch (e) {
+                console.warn(`[E2E] Key exchange attempt ${i + 1} failed: ${e.message}`);
+                if (i === 0) continue; // Retry once
+            }
+        }
+
+        console.error('[E2E] Key exchange failed after 2 attempts');
+        return false;
+    }
+
     /**
      * Forward an arbitrary message to a worker via the signaling server.
+     * If E2E encryption is active, the message is encrypted before sending.
      */
     async apiWorkerMessage(roomId, peerId, message) {
+        let outMessage = message;
+
+        // Encrypt if E2E is ready (but not the key_exchange itself)
+        if (this._e2eReady && this._e2eSharedKey && message.type !== 'key_exchange') {
+            const { nonce, ciphertext } = await this._e2eEncrypt(message);
+            outMessage = {
+                type: 'encrypted_relay',
+                session_id: this._e2eSessionId,
+                nonce,
+                ciphertext,
+            };
+        }
+
         return this.apiRequest('/api/worker/message', {
             method: 'POST',
-            body: JSON.stringify({ room_id: roomId, peer_id: peerId, message }),
+            body: JSON.stringify({ room_id: roomId, peer_id: peerId, message: outMessage }),
         });
     }
 
     /**
      * Request a directory listing from a worker's filesystem.
+     * When E2E is active, routes through apiWorkerMessage for encryption.
      */
     async apiFsList(roomId, peerId, path, reqId, offset = 0) {
+        if (this._e2eReady && this._e2eSharedKey) {
+            return this.apiWorkerMessage(roomId, peerId, {
+                type: 'fs_list_req', path, req_id: reqId, offset,
+            });
+        }
         return this.apiRequest('/api/fs/list', {
             method: 'POST',
             body: JSON.stringify({ room_id: roomId, peer_id: peerId, path, req_id: reqId, offset }),
@@ -704,8 +941,14 @@ class SleapRTCDashboard {
 
     /**
      * Submit a training job to a worker.
+     * When E2E is active, routes through apiWorkerMessage for encryption.
      */
     async apiJobSubmit(roomId, peerId, config) {
+        if (this._e2eReady && this._e2eSharedKey) {
+            return this.apiWorkerMessage(roomId, peerId, {
+                type: 'job_assigned', config,
+            });
+        }
         return this.apiRequest('/api/jobs/submit', {
             method: 'POST',
             body: JSON.stringify({ room_id: roomId, peer_id: peerId, config }),
@@ -2475,7 +2718,7 @@ class SleapRTCDashboard {
         }
     }
 
-    sjGoToInferenceStep() {
+    async sjGoToInferenceStep() {
         // Hide all views
         ['sj-step1', 'sj-step2', 'sj-step3', 'sj-status'].forEach(id => {
             document.getElementById(id)?.classList.add('hidden');
@@ -2510,6 +2753,17 @@ class SleapRTCDashboard {
             .on('worker_path_ok', (data) => this._sjHandlePathOk(data))
             .on('worker_path_error', (data) => this._sjHandlePathError(data));
 
+        // E2E key exchange with worker
+        const inferenceError = document.getElementById('sj-inference-error');
+        const e2eOk = await this._e2eInitKeyExchange(this._sjWorkerId);
+        if (!e2eOk) {
+            if (inferenceError) {
+                inferenceError.textContent = 'Could not establish secure connection with worker. The worker may need to be updated.';
+                inferenceError.classList.remove('hidden');
+            }
+            return;
+        }
+
         // Init icons
         const inferenceView = document.getElementById('sj-step-inference');
         if (window.lucide && inferenceView) {
@@ -3420,6 +3674,18 @@ class SleapRTCDashboard {
                 .on('worker_path_error', (data) => this._sjHandlePathError(data))
                 .on('fs_check_videos_response', (data) => this._sjHandleVideoCheck(data));
 
+            // E2E key exchange with worker
+            const e2eOk = await this._e2eInitKeyExchange(this._sjWorkerId);
+            if (!e2eOk) {
+                document.getElementById('sj-browser-spinner')?.classList.add('hidden');
+                const errEl = document.getElementById('sj-browser-error');
+                if (errEl) {
+                    errEl.textContent = 'Could not establish secure connection with worker. The worker may need to be updated.';
+                    errEl.classList.remove('hidden');
+                }
+                return;
+            }
+
             // Re-fetch worker data to get fresh metadata (mounts may change after reconnection)
             await this.loadRoomWorkers(this._sjRoomId);
             const workers = this.roomWorkers[this._sjRoomId]?.workers ?? [];

sleap_rtc/encryption/__init__.py

@@ -0,0 +1,28 @@
+"""E2E encryption for the relay transport path.
+
+Provides ECDH P-256 key exchange and AES-256-GCM message encryption so that
+relay messages between dashboard/sleap-app clients and workers are encrypted
+end-to-end. The signaling server can route messages but cannot read payloads.
+"""
+
+from sleap_rtc.encryption.ecdh import (
+    decrypt,
+    derive_shared_key,
+    encrypt,
+    generate_keypair,
+    public_key_from_b64,
+    public_key_to_b64,
+)
+from sleap_rtc.encryption.envelope import ENCRYPTED_RELAY_TYPE, unwrap, wrap
+
+__all__ = [
+    "ENCRYPTED_RELAY_TYPE",
+    "decrypt",
+    "derive_shared_key",
+    "encrypt",
+    "generate_keypair",
+    "public_key_from_b64",
+    "public_key_to_b64",
+    "unwrap",
+    "wrap",
+]