livekit-client 1.12.3 → 1.13.1

package/dist/livekit-client.e2ee.worker.mjs

@@ -341,6 +341,8 @@ const KEY_PROVIDER_DEFAULTS = {
   ratchetWindowSize: 8,
   failureTolerance: DECRYPTION_FAILURE_TOLERANCE
 };
+const MAX_SIF_COUNT = 100;
+const MAX_SIF_DURATION = 2000;
 
 class LivekitError extends Error {
   constructor(code, message) {
@@ -390,6 +392,26 @@ class CryptorError extends LivekitError {
   }
 }
 
+var KeyProviderEvent;
+(function (KeyProviderEvent) {
+  KeyProviderEvent["SetKey"] = "setKey";
+  KeyProviderEvent["RatchetRequest"] = "ratchetRequest";
+  KeyProviderEvent["KeyRatcheted"] = "keyRatcheted";
+})(KeyProviderEvent || (KeyProviderEvent = {}));
+var KeyHandlerEvent;
+(function (KeyHandlerEvent) {
+  KeyHandlerEvent["KeyRatcheted"] = "keyRatcheted";
+})(KeyHandlerEvent || (KeyHandlerEvent = {}));
+var EncryptionEvent;
+(function (EncryptionEvent) {
+  EncryptionEvent["ParticipantEncryptionStatusChanged"] = "participantEncryptionStatusChanged";
+  EncryptionEvent["EncryptionError"] = "encryptionError";
+})(EncryptionEvent || (EncryptionEvent = {}));
+var CryptorEvent;
+(function (CryptorEvent) {
+  CryptorEvent["Error"] = "cryptorError";
+})(CryptorEvent || (CryptorEvent = {}));
+
 var events = {exports: {}};
 
 var R = typeof Reflect === 'object' ? Reflect : null;
@@ -771,10 +793,6 @@ function eventTargetAgnosticAddListener(emitter, name, listener, flags) {
 }
 var eventsExports = events.exports;
 
-const CryptorEvent = {
-  Error: 'cryptorError'
-};
-
 var AudioPresets;
 (function (AudioPresets) {
   AudioPresets.telephone = {
@@ -865,6 +883,43 @@ function ratchet(material, salt) {
   });
 }
 
+class SifGuard {
+  constructor() {
+    this.consecutiveSifCount = 0;
+    this.lastSifReceivedAt = 0;
+    this.userFramesSinceSif = 0;
+  }
+  recordSif() {
+    var _a;
+    this.consecutiveSifCount += 1;
+    (_a = this.sifSequenceStartedAt) !== null && _a !== void 0 ? _a : this.sifSequenceStartedAt = Date.now();
+    this.lastSifReceivedAt = Date.now();
+  }
+  recordUserFrame() {
+    if (this.sifSequenceStartedAt === undefined) {
+      return;
+    } else {
+      this.userFramesSinceSif += 1;
+    }
+    if (
+    // reset if we received more user frames than SIFs
+    this.userFramesSinceSif > this.consecutiveSifCount ||
+    // also reset if we got a new user frame and the latest SIF frame hasn't been updated in a while
+    Date.now() - this.lastSifReceivedAt > MAX_SIF_DURATION) {
+      this.reset();
+    }
+  }
+  isSifAllowed() {
+    return this.consecutiveSifCount < MAX_SIF_COUNT && (this.sifSequenceStartedAt === undefined || Date.now() - this.sifSequenceStartedAt < MAX_SIF_DURATION);
+  }
+  reset() {
+    this.userFramesSinceSif = 0;
+    this.consecutiveSifCount = 0;
+    this.sifSequenceStartedAt = undefined;
+  }
+}
+
+const encryptionEnabledMap = new Map();
 class BaseFrameCryptor extends eventsExports.EventEmitter {
   encodeFunction(encodedFrame, controller) {
     throw Error('not implemented for subclass');
@@ -883,10 +938,11 @@ class FrameCryptor extends BaseFrameCryptor {
     super();
     this.sendCounts = new Map();
     this.keys = opts.keys;
-    this.participantId = opts.participantId;
+    this.participantIdentity = opts.participantIdentity;
     this.rtpMap = new Map();
     this.keyProviderOptions = opts.keyProviderOptions;
-    this.unencryptedFrameByteTrailer = (_a = opts.unencryptedFrameBytes) !== null && _a !== void 0 ? _a : new TextEncoder().encode('LKROCKS');
+    this.sifTrailer = (_a = opts.sifTrailer) !== null && _a !== void 0 ? _a : Uint8Array.from([]);
+    this.sifGuard = new SifGuard();
   }
   /**
    * Assign a different participant to the cryptor.
@@ -895,14 +951,22 @@ class FrameCryptor extends BaseFrameCryptor {
    * @param keys
    */
   setParticipant(id, keys) {
-    this.participantId = id;
+    this.participantIdentity = id;
     this.keys = keys;
+    this.sifGuard.reset();
   }
   unsetParticipant() {
-    this.participantId = undefined;
+    this.participantIdentity = undefined;
   }
-  getParticipantId() {
-    return this.participantId;
+  isEnabled() {
+    if (this.participantIdentity) {
+      return encryptionEnabledMap.get(this.participantIdentity);
+    } else {
+      return undefined;
+    }
+  }
+  getParticipantIdentity() {
+    return this.participantIdentity;
   }
   getTrackId() {
     return this.trackId;
@@ -923,7 +987,9 @@ class FrameCryptor extends BaseFrameCryptor {
   }
   setupTransform(operation, readable, writable, trackId, codec) {
     if (codec) {
-      console.info('setting codec on cryptor to', codec);
+      workerLogger.info('setting codec on cryptor to', {
+        codec
+      });
       this.videoCodec = codec;
     }
     const transformFn = operation === 'encode' ? this.encodeFunction : this.decodeFunction;
@@ -931,11 +997,14 @@ class FrameCryptor extends BaseFrameCryptor {
       transform: transformFn.bind(this)
     });
     readable.pipeThrough(transformStream).pipeTo(writable).catch(e => {
-      console.error(e);
-      this.emit('cryptorError', e instanceof CryptorError ? e : new CryptorError(e.message));
+      workerLogger.warn(e);
+      this.emit(CryptorEvent.Error, e instanceof CryptorError ? e : new CryptorError(e.message));
     });
     this.trackId = trackId;
   }
+  setSifTrailer(trailer) {
+    this.sifTrailer = trailer;
+  }
   /**
    * Function that will be injected in a stream and will encrypt the given encoded frames.
    *
@@ -961,14 +1030,18 @@ class FrameCryptor extends BaseFrameCryptor {
   encodeFunction(encodedFrame, controller) {
     var _a;
     return __awaiter(this, void 0, void 0, function* () {
-      if (!this.keys.isEnabled() ||
+      if (!this.isEnabled() ||
       // skip for encryption for empty dtx frames
       encodedFrame.data.byteLength === 0) {
         return controller.enqueue(encodedFrame);
       }
+      const keySet = this.keys.getKeySet();
+      if (!keySet) {
+        throw new TypeError("key set not found for ".concat(this.participantIdentity, " at index ").concat(this.keys.getCurrentKeyIndex()));
+      }
       const {
         encryptionKey
-      } = this.keys.getKeySet();
+      } = keySet;
       const keyIndex = this.keys.getCurrentKeyIndex();
       if (encryptionKey) {
         const iv = this.makeIV((_a = encodedFrame.getMetadata().synchronizationSource) !== null && _a !== void 0 ? _a : -1, encodedFrame.timestamp);
@@ -1016,13 +1089,23 @@ class FrameCryptor extends BaseFrameCryptor {
    */
   decodeFunction(encodedFrame, controller) {
     return __awaiter(this, void 0, void 0, function* () {
-      if (!this.keys.isEnabled() ||
+      if (!this.isEnabled() ||
       // skip for decryption for empty dtx frames
-      encodedFrame.data.byteLength === 0 ||
-      // skip decryption if frame is server injected
-      isFrameServerInjected(encodedFrame.data, this.unencryptedFrameByteTrailer)) {
+      encodedFrame.data.byteLength === 0) {
+        this.sifGuard.recordUserFrame();
         return controller.enqueue(encodedFrame);
       }
+      if (isFrameServerInjected(encodedFrame.data, this.sifTrailer)) {
+        this.sifGuard.recordSif();
+        if (this.sifGuard.isSifAllowed()) {
+          return controller.enqueue(encodedFrame);
+        } else {
+          workerLogger.warn('SIF limit reached, dropping frame');
+          return;
+        }
+      } else {
+        this.sifGuard.recordUserFrame();
+      }
       const data = new Uint8Array(encodedFrame.data);
       const keyIndex = data[encodedFrame.data.byteLength - 1];
       if (this.keys.getKeySet(keyIndex) && this.keys.hasValidKey) {
@@ -1035,8 +1118,7 @@ class FrameCryptor extends BaseFrameCryptor {
         } catch (error) {
           if (error instanceof CryptorError && error.reason === CryptorErrorReason.InvalidKey) {
             if (this.keys.hasValidKey) {
-              workerLogger.warn('invalid key');
-              this.emit(CryptorEvent.Error, new CryptorError("invalid key for participant ".concat(this.participantId), CryptorErrorReason.InvalidKey));
+              this.emit(CryptorEvent.Error, new CryptorError("invalid key for participant ".concat(this.participantIdentity), CryptorErrorReason.InvalidKey));
               this.keys.decryptionFailure();
             }
           } else {
@@ -1045,8 +1127,11 @@ class FrameCryptor extends BaseFrameCryptor {
             });
           }
         }
+      } else if (!this.keys.getKeySet(keyIndex) && this.keys.hasValidKey) {
+        // emit an error in case the key index is out of bounds but the key handler thinks we still have a valid key
+        workerLogger.warn('skipping decryption due to missing key at index');
+        this.emit(CryptorEvent.Error, new CryptorError("missing key at index for participant ".concat(this.participantIdentity), CryptorErrorReason.MissingKey));
       }
-      return controller.enqueue(encodedFrame);
     });
   }
   /**
@@ -1061,6 +1146,9 @@ class FrameCryptor extends BaseFrameCryptor {
     var _a;
     return __awaiter(this, void 0, void 0, function* () {
       const keySet = this.keys.getKeySet(keyIndex);
+      if (!ratchetOpts.encryptionKey && !keySet) {
+        throw new TypeError("no encryption key found for decryption of ".concat(this.participantIdentity));
+      }
       // Construct frame trailer. Similar to the frame header described in
       // https://tools.ietf.org/html/draft-omara-sframe-00#section-4.2
       // but we put it at the end.
@@ -1118,8 +1206,8 @@ class FrameCryptor extends BaseFrameCryptor {
               workerLogger.debug('resetting to initial material');
               this.keys.setKeyFromMaterial(initialMaterial.material, keyIndex);
             }
-            workerLogger.warn('maximum ratchet attempts exceeded, resetting key');
-            this.emit(CryptorEvent.Error, new CryptorError("valid key missing for participant ".concat(this.participantId), CryptorErrorReason.MissingKey));
+            workerLogger.warn('maximum ratchet attempts exceeded');
+            throw new CryptorError("valid key missing for participant ".concat(this.participantIdentity), CryptorErrorReason.InvalidKey);
           }
         } else {
           throw new CryptorError('Decryption failed, most likely because of an invalid key', CryptorErrorReason.InvalidKey);
@@ -1291,6 +1379,9 @@ var NALUType;
  * @internal
  */
 function isFrameServerInjected(frameData, trailerBytes) {
+  if (trailerBytes.byteLength === 0) {
+    return false;
+  }
   const frameTrailer = new Uint8Array(frameData.slice(frameData.byteLength - trailerBytes.byteLength));
   return trailerBytes.every((value, index) => value === frameTrailer[index]);
 }
@@ -1309,27 +1400,24 @@ class ParticipantKeyHandler extends eventsExports.EventEmitter {
   get hasValidKey() {
     return this._hasValidKey;
   }
-  constructor(participantId, isEnabled, keyProviderOptions) {
+  constructor(participantIdentity, keyProviderOptions) {
     super();
     this.decryptionFailureCount = 0;
     this._hasValidKey = true;
     this.currentKeyIndex = 0;
-    this.cryptoKeyRing = new Array(KEYRING_SIZE);
-    this.enabled = isEnabled;
+    this.cryptoKeyRing = new Array(KEYRING_SIZE).fill(undefined);
     this.keyProviderOptions = keyProviderOptions;
     this.ratchetPromiseMap = new Map();
-    this.participantId = participantId;
+    this.participantIdentity = participantIdentity;
     this.resetKeyStatus();
   }
-  setEnabled(enabled) {
-    this.enabled = enabled;
-  }
   decryptionFailure() {
     if (this.keyProviderOptions.failureTolerance < 0) {
       return;
     }
     this.decryptionFailureCount += 1;
     if (this.decryptionFailureCount > this.keyProviderOptions.failureTolerance) {
+      workerLogger.warn("key for ".concat(this.participantIdentity, " is being marked as invalid"));
       this._hasValidKey = false;
     }
   }
@@ -1353,19 +1441,23 @@ class ParticipantKeyHandler extends eventsExports.EventEmitter {
    */
   ratchetKey(keyIndex) {
     let setKey = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : true;
-    const currentKeyIndex = keyIndex !== null && keyIndex !== void 0 ? keyIndex : keyIndex = this.getCurrentKeyIndex();
+    const currentKeyIndex = keyIndex !== null && keyIndex !== void 0 ? keyIndex : this.getCurrentKeyIndex();
     const existingPromise = this.ratchetPromiseMap.get(currentKeyIndex);
     if (typeof existingPromise !== 'undefined') {
       return existingPromise;
     }
     const ratchetPromise = new Promise((resolve, reject) => __awaiter(this, void 0, void 0, function* () {
       try {
-        const currentMaterial = this.getKeySet(currentKeyIndex).material;
+        const keySet = this.getKeySet(currentKeyIndex);
+        if (!keySet) {
+          throw new TypeError("Cannot ratchet key without a valid keyset of participant ".concat(this.participantIdentity));
+        }
+        const currentMaterial = keySet.material;
         const newMaterial = yield importKey(yield ratchet(currentMaterial, this.keyProviderOptions.ratchetSalt), currentMaterial.algorithm.name, 'derive');
         if (setKey) {
           this.setKeyFromMaterial(newMaterial, currentKeyIndex, true);
+          this.emit(KeyHandlerEvent.KeyRatcheted, newMaterial, this.participantIdentity, currentKeyIndex);
         }
-        this.emit('keyRatcheted', newMaterial, keyIndex, this.participantId);
         resolve(newMaterial);
       } catch (e) {
         reject(e);
@@ -1409,12 +1501,10 @@ class ParticipantKeyHandler extends eventsExports.EventEmitter {
   }
   setKeySet(keySet, keyIndex) {
     let emitRatchetEvent = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : false;
-    return __awaiter(this, void 0, void 0, function* () {
-      this.cryptoKeyRing[keyIndex % this.cryptoKeyRing.length] = keySet;
-      if (emitRatchetEvent) {
-        this.emit('keyRatcheted', keySet.material, keyIndex, this.participantId);
-      }
-    });
+    this.cryptoKeyRing[keyIndex % this.cryptoKeyRing.length] = keySet;
+    if (emitRatchetEvent) {
+      this.emit(KeyHandlerEvent.KeyRatcheted, keySet.material, this.participantIdentity, keyIndex);
+    }
   }
   setCurrentKeyIndex(index) {
     return __awaiter(this, void 0, void 0, function* () {
@@ -1422,9 +1512,6 @@ class ParticipantKeyHandler extends eventsExports.EventEmitter {
       this.resetKeyStatus();
     });
   }
-  isEnabled() {
-    return this.enabled;
-  }
   getCurrentKeyIndex() {
     return this.currentKeyIndex;
   }
@@ -1440,11 +1527,11 @@ class ParticipantKeyHandler extends eventsExports.EventEmitter {
 
 const participantCryptors = [];
 const participantKeys = new Map();
-let publishCryptors = [];
-let publisherKeys;
+let sharedKeyHandler;
 let isEncryptionEnabled = false;
 let useSharedKey = false;
 let sharedKey;
+let sifTrailer;
 let keyProviderOptions = KEY_PROVIDER_DEFAULTS;
 workerLogger.setDefaultLevel('info');
 onmessage = ev => {
@@ -1458,36 +1545,35 @@ onmessage = ev => {
       keyProviderOptions = data.keyProviderOptions;
       useSharedKey = !!data.keyProviderOptions.sharedKey;
       // acknowledge init successful
-      const enableMsg = {
-        kind: 'enable',
+      const ackMsg = {
+        kind: 'initAck',
         data: {
           enabled: isEncryptionEnabled
         }
       };
-      publisherKeys = new ParticipantKeyHandler(undefined, isEncryptionEnabled, keyProviderOptions);
-      publisherKeys.on('keyRatcheted', emitRatchetedKeys);
-      postMessage(enableMsg);
+      postMessage(ackMsg);
       break;
     case 'enable':
-      setEncryptionEnabled(data.enabled, data.participantId);
+      setEncryptionEnabled(data.enabled, data.participantIdentity);
       workerLogger.info('updated e2ee enabled status');
       // acknowledge enable call successful
       postMessage(ev.data);
       break;
     case 'decode':
-      let cryptor = getTrackCryptor(data.participantId, data.trackId);
+      let cryptor = getTrackCryptor(data.participantIdentity, data.trackId);
       cryptor.setupTransform(kind, data.readableStream, data.writableStream, data.trackId, data.codec);
       break;
     case 'encode':
-      let pubCryptor = getPublisherCryptor(data.trackId);
+      let pubCryptor = getTrackCryptor(data.participantIdentity, data.trackId);
       pubCryptor.setupTransform(kind, data.readableStream, data.writableStream, data.trackId, data.codec);
       break;
     case 'setKey':
       if (useSharedKey) {
-        workerLogger.debug('set shared key');
+        workerLogger.warn('set shared key');
         setSharedKey(data.key, data.keyIndex);
-      } else if (data.participantId) {
-        getParticipantKeyHandler(data.participantId).setKey(data.key, data.keyIndex);
+      } else if (data.participantIdentity) {
+        workerLogger.warn("set participant sender key ".concat(data.participantIdentity));
+        getParticipantKeyHandler(data.participantIdentity).setKey(data.key, data.keyIndex);
       } else {
         workerLogger.error('no participant Id was provided and shared key usage is disabled');
       }
@@ -1496,98 +1582,97 @@ onmessage = ev => {
       unsetCryptorParticipant(data.trackId);
       break;
     case 'updateCodec':
-      getTrackCryptor(data.participantId, data.trackId).setVideoCodec(data.codec);
+      getTrackCryptor(data.participantIdentity, data.trackId).setVideoCodec(data.codec);
       break;
     case 'setRTPMap':
-      publishCryptors.forEach(cr => {
-        cr.setRtpMap(data.map);
+      // this is only used for the local participant
+      participantCryptors.forEach(cr => {
+        if (cr.getParticipantIdentity() === data.participantIdentity) {
+          cr.setRtpMap(data.map);
+        }
       });
       break;
     case 'ratchetRequest':
       handleRatchetRequest(data);
+      break;
+    case 'setSifTrailer':
+      handleSifTrailer(data.trailer);
+      break;
   }
 };
 function handleRatchetRequest(data) {
   return __awaiter(this, void 0, void 0, function* () {
-    const keyHandler = getParticipantKeyHandler(data.participantId);
-    yield keyHandler.ratchetKey(data.keyIndex);
-    keyHandler.resetKeyStatus();
+    if (useSharedKey) {
+      const keyHandler = getSharedKeyHandler();
+      yield keyHandler.ratchetKey(data.keyIndex);
+      keyHandler.resetKeyStatus();
+    } else if (data.participantIdentity) {
+      const keyHandler = getParticipantKeyHandler(data.participantIdentity);
+      yield keyHandler.ratchetKey(data.keyIndex);
+      keyHandler.resetKeyStatus();
+    } else {
+      workerLogger.error('no participant Id was provided for ratchet request and shared key usage is disabled');
+    }
   });
 }
-function getTrackCryptor(participantId, trackId) {
+function getTrackCryptor(participantIdentity, trackId) {
   let cryptor = participantCryptors.find(c => c.getTrackId() === trackId);
   if (!cryptor) {
     workerLogger.info('creating new cryptor for', {
-      participantId
+      participantIdentity
     });
     if (!keyProviderOptions) {
       throw Error('Missing keyProvider options');
     }
     cryptor = new FrameCryptor({
-      participantId,
-      keys: getParticipantKeyHandler(participantId),
-      keyProviderOptions
+      participantIdentity,
+      keys: getParticipantKeyHandler(participantIdentity),
+      keyProviderOptions,
+      sifTrailer
     });
     setupCryptorErrorEvents(cryptor);
     participantCryptors.push(cryptor);
-  } else if (participantId !== cryptor.getParticipantId()) {
+  } else if (participantIdentity !== cryptor.getParticipantIdentity()) {
     // assign new participant id to track cryptor and pass in correct key handler
-    cryptor.setParticipant(participantId, getParticipantKeyHandler(participantId));
+    cryptor.setParticipant(participantIdentity, getParticipantKeyHandler(participantIdentity));
   }
   return cryptor;
 }
-function getParticipantKeyHandler(participantId) {
-  if (!participantId) {
-    return publisherKeys;
+function getParticipantKeyHandler(participantIdentity) {
+  if (useSharedKey) {
+    return getSharedKeyHandler();
   }
-  let keys = participantKeys.get(participantId);
+  let keys = participantKeys.get(participantIdentity);
   if (!keys) {
-    keys = new ParticipantKeyHandler(participantId, true, keyProviderOptions);
+    keys = new ParticipantKeyHandler(participantIdentity, keyProviderOptions);
     if (sharedKey) {
       keys.setKey(sharedKey);
     }
-    participantKeys.set(participantId, keys);
+    keys.on(KeyHandlerEvent.KeyRatcheted, emitRatchetedKeys);
+    participantKeys.set(participantIdentity, keys);
   }
   return keys;
 }
+function getSharedKeyHandler() {
+  if (!sharedKeyHandler) {
+    sharedKeyHandler = new ParticipantKeyHandler('shared-key', keyProviderOptions);
+  }
+  return sharedKeyHandler;
+}
 function unsetCryptorParticipant(trackId) {
   var _a;
   (_a = participantCryptors.find(c => c.getTrackId() === trackId)) === null || _a === void 0 ? void 0 : _a.unsetParticipant();
 }
-function getPublisherCryptor(trackId) {
-  let publishCryptor = publishCryptors.find(cryptor => cryptor.getTrackId() === trackId);
-  if (!publishCryptor) {
-    if (!keyProviderOptions) {
-      throw new TypeError('Missing keyProvider options');
-    }
-    publishCryptor = new FrameCryptor({
-      keys: publisherKeys,
-      participantId: 'publisher',
-      keyProviderOptions
-    });
-    setupCryptorErrorEvents(publishCryptor);
-    publishCryptors.push(publishCryptor);
-  }
-  return publishCryptor;
-}
-function setEncryptionEnabled(enable, participantId) {
-  if (!participantId) {
-    isEncryptionEnabled = enable;
-    publisherKeys.setEnabled(enable);
-  } else {
-    getParticipantKeyHandler(participantId).setEnabled(enable);
-  }
+function setEncryptionEnabled(enable, participantIdentity) {
+  encryptionEnabledMap.set(participantIdentity, enable);
 }
 function setSharedKey(key, index) {
   workerLogger.debug('setting shared key');
   sharedKey = key;
-  publisherKeys === null || publisherKeys === void 0 ? void 0 : publisherKeys.setKey(key, index);
-  for (const [, keyHandler] of participantKeys) {
-    keyHandler.setKey(key, index);
-  }
+  getSharedKeyHandler().setKey(key, index);
 }
 function setupCryptorErrorEvents(cryptor) {
-  cryptor.on('cryptorError', error => {
+  cryptor.on(CryptorEvent.Error, error => {
     const msg = {
       kind: 'error',
       data: {
@@ -1597,17 +1682,23 @@ function setupCryptorErrorEvents(cryptor) {
     postMessage(msg);
   });
 }
-function emitRatchetedKeys(material, keyIndex) {
+function emitRatchetedKeys(material, participantIdentity, keyIndex) {
   const msg = {
     kind: "ratchetKey",
     data: {
-      // participantId,
+      participantIdentity,
       keyIndex,
       material
     }
   };
   postMessage(msg);
 }
+function handleSifTrailer(trailer) {
+  sifTrailer = trailer;
+  participantCryptors.forEach(c => {
+    c.setSifTrailer(trailer);
+  });
+}
 // Operations using RTCRtpScriptTransform.
 // @ts-ignore
 if (self.RTCTransformEvent) {
@@ -1619,11 +1710,11 @@ if (self.RTCTransformEvent) {
     transformer.handled = true;
     const {
       kind,
-      participantId,
+      participantIdentity,
       trackId,
       codec
     } = transformer.options;
-    const cryptor = kind === 'encode' ? getPublisherCryptor(trackId) : getTrackCryptor(participantId, trackId);
+    const cryptor = getTrackCryptor(participantIdentity, trackId);
     workerLogger.debug('transform', {
       codec
     });