livekit-client 1.13.0 → 1.13.1

package/src/e2ee/worker/FrameCryptor.ts

@@ -6,17 +6,14 @@ import { workerLogger } from '../../logger';
 import type { VideoCodec } from '../../room/track/options';
 import { ENCRYPTION_ALGORITHM, IV_LENGTH, UNENCRYPTED_BYTES } from '../constants';
 import { CryptorError, CryptorErrorReason } from '../errors';
-import {
-  CryptorCallbacks,
-  CryptorEvent,
-  DecodeRatchetOptions,
-  KeyProviderOptions,
-  KeySet,
-} from '../types';
+import { CryptorCallbacks, CryptorEvent } from '../events';
+import type { DecodeRatchetOptions, KeyProviderOptions, KeySet } from '../types';
 import { deriveKeys, isVideoFrame } from '../utils';
 import type { ParticipantKeyHandler } from './ParticipantKeyHandler';
 import { SifGuard } from './SifGuard';
 
+export const encryptionEnabledMap: Map<string, boolean> = new Map();
+
 export interface FrameCryptorConstructor {
   new (opts?: unknown): BaseFrameCryptor;
 }
@@ -29,14 +26,14 @@ export interface TransformerInfo {
 }
 
 export class BaseFrameCryptor extends (EventEmitter as new () => TypedEventEmitter<CryptorCallbacks>) {
-  encodeFunction(
+  protected encodeFunction(
     encodedFrame: RTCEncodedVideoFrame | RTCEncodedAudioFrame,
     controller: TransformStreamDefaultController,
   ): Promise<any> {
     throw Error('not implemented for subclass');
   }
 
-  decodeFunction(
+  protected decodeFunction(
     encodedFrame: RTCEncodedVideoFrame | RTCEncodedAudioFrame,
     controller: TransformStreamDefaultController,
   ): Promise<any> {
@@ -51,7 +48,7 @@ export class BaseFrameCryptor extends (EventEmitter as new () => TypedEventEmitt
 export class FrameCryptor extends BaseFrameCryptor {
   private sendCounts: Map<number, number>;
 
-  private participantId: string | undefined;
+  private participantIdentity: string | undefined;
 
   private trackId: string | undefined;
 
@@ -72,14 +69,14 @@ export class FrameCryptor extends BaseFrameCryptor {
 
   constructor(opts: {
     keys: ParticipantKeyHandler;
-    participantId: string;
+    participantIdentity: string;
     keyProviderOptions: KeyProviderOptions;
     sifTrailer?: Uint8Array;
   }) {
     super();
     this.sendCounts = new Map();
     this.keys = opts.keys;
-    this.participantId = opts.participantId;
+    this.participantIdentity = opts.participantIdentity;
     this.rtpMap = new Map();
     this.keyProviderOptions = opts.keyProviderOptions;
     this.sifTrailer = opts.sifTrailer ?? Uint8Array.from([]);
@@ -93,17 +90,25 @@ export class FrameCryptor extends BaseFrameCryptor {
    * @param keys
    */
   setParticipant(id: string, keys: ParticipantKeyHandler) {
-    this.participantId = id;
+    this.participantIdentity = id;
     this.keys = keys;
     this.sifGuard.reset();
   }
 
   unsetParticipant() {
-    this.participantId = undefined;
+    this.participantIdentity = undefined;
   }
 
-  getParticipantId() {
-    return this.participantId;
+  isEnabled() {
+    if (this.participantIdentity) {
+      return encryptionEnabledMap.get(this.participantIdentity);
+    } else {
+      return undefined;
+    }
+  }
+
+  getParticipantIdentity() {
+    return this.participantIdentity;
   }
 
   getTrackId() {
@@ -148,11 +153,15 @@ export class FrameCryptor extends BaseFrameCryptor {
       .pipeTo(writable)
       .catch((e) => {
         workerLogger.warn(e);
-        this.emit('cryptorError', e instanceof CryptorError ? e : new CryptorError(e.message));
+        this.emit(CryptorEvent.Error, e instanceof CryptorError ? e : new CryptorError(e.message));
       });
     this.trackId = trackId;
   }
 
+  setSifTrailer(trailer: Uint8Array) {
+    this.sifTrailer = trailer;
+  }
+
   /**
    * Function that will be injected in a stream and will encrypt the given encoded frames.
    *
@@ -175,19 +184,26 @@ export class FrameCryptor extends BaseFrameCryptor {
    * 8) Append a single byte for the key identifier.
    * 9) Enqueue the encrypted frame for sending.
    */
-  async encodeFunction(
+  protected async encodeFunction(
     encodedFrame: RTCEncodedVideoFrame | RTCEncodedAudioFrame,
     controller: TransformStreamDefaultController,
   ) {
     if (
-      !this.keys.isEnabled() ||
+      !this.isEnabled() ||
       // skip for encryption for empty dtx frames
       encodedFrame.data.byteLength === 0
     ) {
       return controller.enqueue(encodedFrame);
     }
-
-    const { encryptionKey } = this.keys.getKeySet();
+    const keySet = this.keys.getKeySet();
+    if (!keySet) {
+      throw new TypeError(
+        `key set not found for ${
+          this.participantIdentity
+        } at index ${this.keys.getCurrentKeyIndex()}`,
+      );
+    }
+    const { encryptionKey } = keySet;
     const keyIndex = this.keys.getCurrentKeyIndex();
 
     if (encryptionKey) {
@@ -258,12 +274,12 @@ export class FrameCryptor extends BaseFrameCryptor {
    * @param {RTCEncodedVideoFrame|RTCEncodedAudioFrame} encodedFrame - Encoded video frame.
    * @param {TransformStreamDefaultController} controller - TransportStreamController.
    */
-  async decodeFunction(
+  protected async decodeFunction(
     encodedFrame: RTCEncodedVideoFrame | RTCEncodedAudioFrame,
     controller: TransformStreamDefaultController,
   ) {
     if (
-      !this.keys.isEnabled() ||
+      !this.isEnabled() ||
       // skip for decryption for empty dtx frames
       encodedFrame.data.byteLength === 0
     ) {
@@ -296,11 +312,10 @@ export class FrameCryptor extends BaseFrameCryptor {
       } catch (error) {
         if (error instanceof CryptorError && error.reason === CryptorErrorReason.InvalidKey) {
           if (this.keys.hasValidKey) {
-            workerLogger.warn('invalid key');
             this.emit(
               CryptorEvent.Error,
               new CryptorError(
-                `invalid key for participant ${this.participantId}`,
+                `invalid key for participant ${this.participantIdentity}`,
                 CryptorErrorReason.InvalidKey,
               ),
             );
@@ -316,7 +331,7 @@ export class FrameCryptor extends BaseFrameCryptor {
       this.emit(
         CryptorEvent.Error,
         new CryptorError(
-          `missing key at index for participant ${this.participantId}`,
+          `missing key at index for participant ${this.participantIdentity}`,
           CryptorErrorReason.MissingKey,
         ),
       );
@@ -327,13 +342,16 @@ export class FrameCryptor extends BaseFrameCryptor {
    * Function that will decrypt the given encoded frame. If the decryption fails, it will
    * ratchet the key for up to RATCHET_WINDOW_SIZE times.
    */
-  async decryptFrame(
+  private async decryptFrame(
     encodedFrame: RTCEncodedVideoFrame | RTCEncodedAudioFrame,
     keyIndex: number,
     initialMaterial: KeySet | undefined = undefined,
     ratchetOpts: DecodeRatchetOptions = { ratchetCount: 0 },
   ): Promise<RTCEncodedVideoFrame | RTCEncodedAudioFrame | undefined> {
     const keySet = this.keys.getKeySet(keyIndex);
+    if (!ratchetOpts.encryptionKey && !keySet) {
+      throw new TypeError(`no encryption key found for decryption of ${this.participantIdentity}`);
+    }
 
     // Construct frame trailer. Similar to the frame header described in
     // https://tools.ietf.org/html/draft-omara-sframe-00#section-4.2
@@ -369,7 +387,7 @@ export class FrameCryptor extends BaseFrameCryptor {
           iv,
           additionalData: new Uint8Array(encodedFrame.data, 0, frameHeader.byteLength),
         },
-        ratchetOpts.encryptionKey ?? keySet.encryptionKey,
+        ratchetOpts.encryptionKey ?? keySet!.encryptionKey,
         new Uint8Array(encodedFrame.data, cipherTextStart, cipherTextLength),
       );
 
@@ -422,9 +440,9 @@ export class FrameCryptor extends BaseFrameCryptor {
             this.keys.setKeyFromMaterial(initialMaterial.material, keyIndex);
           }
 
-          workerLogger.warn('maximum ratchet attempts exceeded, resetting key');
+          workerLogger.warn('maximum ratchet attempts exceeded');
           throw new CryptorError(
-            `valid key missing for participant ${this.participantId}`,
+            `valid key missing for participant ${this.participantIdentity}`,
             CryptorErrorReason.InvalidKey,
           );
         }
@@ -477,7 +495,7 @@ export class FrameCryptor extends BaseFrameCryptor {
     return iv;
   }
 
-  getUnencryptedBytes(frame: RTCEncodedVideoFrame | RTCEncodedAudioFrame): number {
+  private getUnencryptedBytes(frame: RTCEncodedVideoFrame | RTCEncodedAudioFrame): number {
     if (isVideoFrame(frame)) {
       let detectedCodec = this.getVideoCodec(frame) ?? this.videoCodec;
 
@@ -526,7 +544,7 @@ export class FrameCryptor extends BaseFrameCryptor {
   /**
    * inspects frame payloadtype if available and maps it to the codec specified in rtpMap
    */
-  getVideoCodec(frame: RTCEncodedVideoFrame): VideoCodec | undefined {
+  private getVideoCodec(frame: RTCEncodedVideoFrame): VideoCodec | undefined {
     if (this.rtpMap.size === 0) {
       return undefined;
     }
@@ -535,10 +553,6 @@ export class FrameCryptor extends BaseFrameCryptor {
     const codec = payloadType ? this.rtpMap.get(payloadType) : undefined;
     return codec;
   }
-
-  setSifTrailer(trailer: Uint8Array) {
-    this.sifTrailer = trailer;
-  }
 }
 
 /**

package/src/e2ee/worker/ParticipantKeyHandler.ts

@@ -2,7 +2,8 @@ import { EventEmitter } from 'events';
 import type TypedEventEmitter from 'typed-emitter';
 import { workerLogger } from '../../logger';
 import { KEYRING_SIZE } from '../constants';
-import type { KeyProviderOptions, KeySet, ParticipantKeyHandlerCallbacks } from '../types';
+import { KeyHandlerEvent, type ParticipantKeyHandlerCallbacks } from '../events';
+import type { KeyProviderOptions, KeySet } from '../types';
 import { deriveKeys, importKey, ratchet } from '../utils';
 
 // TODO ParticipantKeyHandlers currently don't get destroyed on participant disconnect
@@ -19,15 +20,13 @@ import { deriveKeys, importKey, ratchet } from '../utils';
 export class ParticipantKeyHandler extends (EventEmitter as new () => TypedEventEmitter<ParticipantKeyHandlerCallbacks>) {
   private currentKeyIndex: number;
 
-  private cryptoKeyRing: Array<KeySet>;
-
-  private enabled: boolean;
+  private cryptoKeyRing: Array<KeySet | undefined>;
 
   private keyProviderOptions: KeyProviderOptions;
 
   private ratchetPromiseMap: Map<number, Promise<CryptoKey>>;
 
-  private participantId: string | undefined;
+  private participantIdentity: string;
 
   private decryptionFailureCount = 0;
 
@@ -37,25 +36,16 @@ export class ParticipantKeyHandler extends (EventEmitter as new () => TypedEvent
     return this._hasValidKey;
   }
 
-  constructor(
-    participantId: string | undefined,
-    isEnabled: boolean,
-    keyProviderOptions: KeyProviderOptions,
-  ) {
+  constructor(participantIdentity: string, keyProviderOptions: KeyProviderOptions) {
     super();
     this.currentKeyIndex = 0;
-    this.cryptoKeyRing = new Array(KEYRING_SIZE);
-    this.enabled = isEnabled;
+    this.cryptoKeyRing = new Array(KEYRING_SIZE).fill(undefined);
     this.keyProviderOptions = keyProviderOptions;
     this.ratchetPromiseMap = new Map();
-    this.participantId = participantId;
+    this.participantIdentity = participantIdentity;
     this.resetKeyStatus();
   }
 
-  setEnabled(enabled: boolean) {
-    this.enabled = enabled;
-  }
-
   decryptionFailure() {
     if (this.keyProviderOptions.failureTolerance < 0) {
       return;
@@ -63,7 +53,7 @@ export class ParticipantKeyHandler extends (EventEmitter as new () => TypedEvent
     this.decryptionFailureCount += 1;
 
     if (this.decryptionFailureCount > this.keyProviderOptions.failureTolerance) {
-      workerLogger.warn(`key for ${this.participantId} is being marked as invalid`);
+      workerLogger.warn(`key for ${this.participantIdentity} is being marked as invalid`);
       this._hasValidKey = false;
     }
   }
@@ -89,7 +79,7 @@ export class ParticipantKeyHandler extends (EventEmitter as new () => TypedEvent
    * @param setKey
    */
   ratchetKey(keyIndex?: number, setKey = true): Promise<CryptoKey> {
-    const currentKeyIndex = (keyIndex ??= this.getCurrentKeyIndex());
+    const currentKeyIndex = keyIndex ?? this.getCurrentKeyIndex();
 
     const existingPromise = this.ratchetPromiseMap.get(currentKeyIndex);
     if (typeof existingPromise !== 'undefined') {
@@ -97,7 +87,13 @@ export class ParticipantKeyHandler extends (EventEmitter as new () => TypedEvent
     }
     const ratchetPromise = new Promise<CryptoKey>(async (resolve, reject) => {
       try {
-        const currentMaterial = this.getKeySet(currentKeyIndex).material;
+        const keySet = this.getKeySet(currentKeyIndex);
+        if (!keySet) {
+          throw new TypeError(
+            `Cannot ratchet key without a valid keyset of participant ${this.participantIdentity}`,
+          );
+        }
+        const currentMaterial = keySet.material;
         const newMaterial = await importKey(
           await ratchet(currentMaterial, this.keyProviderOptions.ratchetSalt),
           currentMaterial.algorithm.name,
@@ -106,8 +102,13 @@ export class ParticipantKeyHandler extends (EventEmitter as new () => TypedEvent
 
         if (setKey) {
           this.setKeyFromMaterial(newMaterial, currentKeyIndex, true);
+          this.emit(
+            KeyHandlerEvent.KeyRatcheted,
+            newMaterial,
+            this.participantIdentity,
+            currentKeyIndex,
+          );
         }
-        this.emit('keyRatcheted', newMaterial, keyIndex, this.participantId);
         resolve(newMaterial);
       } catch (e) {
         reject(e);
@@ -145,10 +146,11 @@ export class ParticipantKeyHandler extends (EventEmitter as new () => TypedEvent
     this.setKeySet(keySet, this.currentKeyIndex, emitRatchetEvent);
   }
 
-  async setKeySet(keySet: KeySet, keyIndex: number, emitRatchetEvent = false) {
+  setKeySet(keySet: KeySet, keyIndex: number, emitRatchetEvent = false) {
     this.cryptoKeyRing[keyIndex % this.cryptoKeyRing.length] = keySet;
+
     if (emitRatchetEvent) {
-      this.emit('keyRatcheted', keySet.material, keyIndex, this.participantId);
+      this.emit(KeyHandlerEvent.KeyRatcheted, keySet.material, this.participantIdentity, keyIndex);
     }
   }
 
@@ -157,10 +159,6 @@ export class ParticipantKeyHandler extends (EventEmitter as new () => TypedEvent
     this.resetKeyStatus();
   }
 
-  isEnabled() {
-    return this.enabled;
-  }
-
   getCurrentKeyIndex() {
     return this.currentKeyIndex;
   }

package/src/e2ee/worker/e2ee.worker.ts

@@ -1,22 +1,21 @@
 import { workerLogger } from '../../logger';
 import { KEY_PROVIDER_DEFAULTS } from '../constants';
 import { CryptorErrorReason } from '../errors';
+import { CryptorEvent, KeyHandlerEvent } from '../events';
 import type {
   E2EEWorkerMessage,
-  EnableMessage,
   ErrorMessage,
+  InitAck,
   KeyProviderOptions,
   RatchetMessage,
   RatchetRequestMessage,
 } from '../types';
-import { FrameCryptor } from './FrameCryptor';
+import { FrameCryptor, encryptionEnabledMap } from './FrameCryptor';
 import { ParticipantKeyHandler } from './ParticipantKeyHandler';
 
 const participantCryptors: FrameCryptor[] = [];
 const participantKeys: Map<string, ParticipantKeyHandler> = new Map();
-
-let publishCryptors: FrameCryptor[] = [];
-let publisherKeys: ParticipantKeyHandler;
+let sharedKeyHandler: ParticipantKeyHandler | undefined;
 
 let isEncryptionEnabled: boolean = false;
 
@@ -39,22 +38,20 @@ onmessage = (ev) => {
       keyProviderOptions = data.keyProviderOptions;
       useSharedKey = !!data.keyProviderOptions.sharedKey;
       // acknowledge init successful
-      const enableMsg: EnableMessage = {
-        kind: 'enable',
+      const ackMsg: InitAck = {
+        kind: 'initAck',
         data: { enabled: isEncryptionEnabled },
       };
-      publisherKeys = new ParticipantKeyHandler(undefined, isEncryptionEnabled, keyProviderOptions);
-      publisherKeys.on('keyRatcheted', emitRatchetedKeys);
-      postMessage(enableMsg);
+      postMessage(ackMsg);
       break;
     case 'enable':
-      setEncryptionEnabled(data.enabled, data.participantId);
+      setEncryptionEnabled(data.enabled, data.participantIdentity);
       workerLogger.info('updated e2ee enabled status');
       // acknowledge enable call successful
       postMessage(ev.data);
       break;
     case 'decode':
-      let cryptor = getTrackCryptor(data.participantId, data.trackId);
+      let cryptor = getTrackCryptor(data.participantIdentity, data.trackId);
       cryptor.setupTransform(
         kind,
         data.readableStream,
@@ -64,7 +61,7 @@ onmessage = (ev) => {
       );
       break;
     case 'encode':
-      let pubCryptor = getPublisherCryptor(data.trackId);
+      let pubCryptor = getTrackCryptor(data.participantIdentity, data.trackId);
       pubCryptor.setupTransform(
         kind,
         data.readableStream,
@@ -75,10 +72,11 @@ onmessage = (ev) => {
       break;
     case 'setKey':
       if (useSharedKey) {
-        workerLogger.debug('set shared key');
+        workerLogger.warn('set shared key');
         setSharedKey(data.key, data.keyIndex);
-      } else if (data.participantId) {
-        getParticipantKeyHandler(data.participantId).setKey(data.key, data.keyIndex);
+      } else if (data.participantIdentity) {
+        workerLogger.warn(`set participant sender key ${data.participantIdentity}`);
+        getParticipantKeyHandler(data.participantIdentity).setKey(data.key, data.keyIndex);
       } else {
         workerLogger.error('no participant Id was provided and shared key usage is disabled');
       }
@@ -87,11 +85,14 @@ onmessage = (ev) => {
       unsetCryptorParticipant(data.trackId);
       break;
     case 'updateCodec':
-      getTrackCryptor(data.participantId, data.trackId).setVideoCodec(data.codec);
+      getTrackCryptor(data.participantIdentity, data.trackId).setVideoCodec(data.codec);
       break;
     case 'setRTPMap':
-      publishCryptors.forEach((cr) => {
-        cr.setRtpMap(data.map);
+      // this is only used for the local participant
+      participantCryptors.forEach((cr) => {
+        if (cr.getParticipantIdentity() === data.participantIdentity) {
+          cr.setRtpMap(data.map);
+        }
       });
       break;
     case 'ratchetRequest':
@@ -106,92 +107,85 @@ onmessage = (ev) => {
 };
 
 async function handleRatchetRequest(data: RatchetRequestMessage['data']) {
-  const keyHandler = getParticipantKeyHandler(data.participantId);
-  await keyHandler.ratchetKey(data.keyIndex);
-  keyHandler.resetKeyStatus();
+  if (useSharedKey) {
+    const keyHandler = getSharedKeyHandler();
+    await keyHandler.ratchetKey(data.keyIndex);
+    keyHandler.resetKeyStatus();
+  } else if (data.participantIdentity) {
+    const keyHandler = getParticipantKeyHandler(data.participantIdentity);
+    await keyHandler.ratchetKey(data.keyIndex);
+    keyHandler.resetKeyStatus();
+  } else {
+    workerLogger.error(
+      'no participant Id was provided for ratchet request and shared key usage is disabled',
+    );
+  }
 }
 
-function getTrackCryptor(participantId: string, trackId: string) {
+function getTrackCryptor(participantIdentity: string, trackId: string) {
   let cryptor = participantCryptors.find((c) => c.getTrackId() === trackId);
   if (!cryptor) {
-    workerLogger.info('creating new cryptor for', { participantId });
+    workerLogger.info('creating new cryptor for', { participantIdentity });
     if (!keyProviderOptions) {
       throw Error('Missing keyProvider options');
     }
     cryptor = new FrameCryptor({
-      participantId,
-      keys: getParticipantKeyHandler(participantId),
+      participantIdentity,
+      keys: getParticipantKeyHandler(participantIdentity),
       keyProviderOptions,
       sifTrailer,
     });
 
     setupCryptorErrorEvents(cryptor);
     participantCryptors.push(cryptor);
-  } else if (participantId !== cryptor.getParticipantId()) {
+  } else if (participantIdentity !== cryptor.getParticipantIdentity()) {
     // assign new participant id to track cryptor and pass in correct key handler
-    cryptor.setParticipant(participantId, getParticipantKeyHandler(participantId));
+    cryptor.setParticipant(participantIdentity, getParticipantKeyHandler(participantIdentity));
   }
   if (sharedKey) {
   }
   return cryptor;
 }
 
-function getParticipantKeyHandler(participantId?: string) {
-  if (!participantId) {
-    return publisherKeys!;
+function getParticipantKeyHandler(participantIdentity: string) {
+  if (useSharedKey) {
+    return getSharedKeyHandler();
   }
-  let keys = participantKeys.get(participantId);
+  let keys = participantKeys.get(participantIdentity);
   if (!keys) {
-    keys = new ParticipantKeyHandler(participantId, true, keyProviderOptions);
+    keys = new ParticipantKeyHandler(participantIdentity, keyProviderOptions);
     if (sharedKey) {
       keys.setKey(sharedKey);
     }
-    participantKeys.set(participantId, keys);
+    keys.on(KeyHandlerEvent.KeyRatcheted, emitRatchetedKeys);
+    participantKeys.set(participantIdentity, keys);
   }
   return keys;
 }
 
-function unsetCryptorParticipant(trackId: string) {
-  participantCryptors.find((c) => c.getTrackId() === trackId)?.unsetParticipant();
+function getSharedKeyHandler() {
+  if (!sharedKeyHandler) {
+    sharedKeyHandler = new ParticipantKeyHandler('shared-key', keyProviderOptions);
+  }
+  return sharedKeyHandler;
 }
 
-function getPublisherCryptor(trackId: string) {
-  let publishCryptor = publishCryptors.find((cryptor) => cryptor.getTrackId() === trackId);
-  if (!publishCryptor) {
-    if (!keyProviderOptions) {
-      throw new TypeError('Missing keyProvider options');
-    }
-    publishCryptor = new FrameCryptor({
-      keys: publisherKeys!,
-      participantId: 'publisher',
-      keyProviderOptions,
-    });
-    setupCryptorErrorEvents(publishCryptor);
-    publishCryptors.push(publishCryptor);
-  }
-  return publishCryptor;
+function unsetCryptorParticipant(trackId: string) {
+  participantCryptors.find((c) => c.getTrackId() === trackId)?.unsetParticipant();
 }
 
-function setEncryptionEnabled(enable: boolean, participantId?: string) {
-  if (!participantId) {
-    isEncryptionEnabled = enable;
-    publisherKeys.setEnabled(enable);
-  } else {
-    getParticipantKeyHandler(participantId).setEnabled(enable);
-  }
+function setEncryptionEnabled(enable: boolean, participantIdentity: string) {
+  encryptionEnabledMap.set(participantIdentity, enable);
 }
 
 function setSharedKey(key: CryptoKey, index?: number) {
   workerLogger.debug('setting shared key');
   sharedKey = key;
-  publisherKeys?.setKey(key, index);
-  for (const [, keyHandler] of participantKeys) {
-    keyHandler.setKey(key, index);
-  }
+  getSharedKeyHandler().setKey(key, index);
 }
 
 function setupCryptorErrorEvents(cryptor: FrameCryptor) {
-  cryptor.on('cryptorError', (error) => {
+  cryptor.on(CryptorEvent.Error, (error) => {
     const msg: ErrorMessage = {
       kind: 'error',
       data: { error: new Error(`${CryptorErrorReason[error.reason]}: ${error.message}`) },
@@ -200,11 +194,11 @@ function setupCryptorErrorEvents(cryptor: FrameCryptor) {
   });
 }
 
-function emitRatchetedKeys(material: CryptoKey, keyIndex?: number) {
+function emitRatchetedKeys(material: CryptoKey, participantIdentity: string, keyIndex?: number) {
   const msg: RatchetMessage = {
     kind: `ratchetKey`,
     data: {
-      // participantId,
+      participantIdentity,
       keyIndex,
       material,
     },
@@ -228,9 +222,8 @@ if (self.RTCTransformEvent) {
     const transformer = event.transformer;
     workerLogger.debug('transformer', transformer);
     transformer.handled = true;
-    const { kind, participantId, trackId, codec } = transformer.options;
-    const cryptor =
-      kind === 'encode' ? getPublisherCryptor(trackId) : getTrackCryptor(participantId, trackId);
+    const { kind, participantIdentity, trackId, codec } = transformer.options;
+    const cryptor = getTrackCryptor(participantIdentity, trackId);
     workerLogger.debug('transform', { codec });
     cryptor.setupTransform(kind, transformer.readable, transformer.writable, trackId, codec);
   };

package/src/room/PCTransport.ts

@@ -1,6 +1,6 @@
 import { EventEmitter } from 'events';
-import { parse, write } from 'sdp-transform';
 import type { MediaDescription } from 'sdp-transform';
+import { parse, write } from 'sdp-transform';
 import { debounce } from 'ts-debounce';
 import log from '../logger';
 import { NegotiationError, UnexpectedConnectionState } from './errors';
@@ -16,7 +16,7 @@ interface TrackBitrateInfo {
 
 /* The svc codec (av1/vp9) would use a very low bitrate at the begining and
 increase slowly by the bandwidth estimator until it reach the target bitrate. The
-process commonly cost more than 10 seconds cause subscriber will get blur video at 
+process commonly cost more than 10 seconds cause subscriber will get blur video at
 the first few seconds. So we use a 70% of target bitrate here as the start bitrate to
 eliminate this issue.
 */
@@ -308,6 +308,7 @@ export default class PCTransport extends EventEmitter {
       } catch (e) {
         log.warn(`not able to set ${sd.type}, falling back to unmodified sdp`, {
           error: e,
+          sdp: munged,
         });
         sd.sdp = originalSdp;
       }
@@ -328,6 +329,15 @@ export default class PCTransport extends EventEmitter {
       } else if (typeof e === 'string') {
         msg = e;
       }
+
+      const fields: any = {
+        error: msg,
+        sdp: sd.sdp,
+      };
+      if (!remote && this.pc.remoteDescription) {
+        fields.remoteSdp = this.pc.remoteDescription;
+      }
+      log.error(`unable to set ${sd.type}`, fields);
       throw new NegotiationError(msg);
     }
   }

package/src/room/RTCEngine.ts

@@ -211,7 +211,6 @@ export default class RTCEngine extends (EventEmitter as new () => TypedEventEmit
       }
 
       this.clientConfiguration = joinResponse.clientConfiguration;
-
       return joinResponse;
     } catch (e) {
       if (e instanceof ConnectionError) {