livekit-client 1.13.0 → 1.13.2

package/dist/livekit-client.e2ee.worker.mjs

@@ -392,6 +392,26 @@ class CryptorError extends LivekitError {
   }
 }
 
+var KeyProviderEvent;
+(function (KeyProviderEvent) {
+  KeyProviderEvent["SetKey"] = "setKey";
+  KeyProviderEvent["RatchetRequest"] = "ratchetRequest";
+  KeyProviderEvent["KeyRatcheted"] = "keyRatcheted";
+})(KeyProviderEvent || (KeyProviderEvent = {}));
+var KeyHandlerEvent;
+(function (KeyHandlerEvent) {
+  KeyHandlerEvent["KeyRatcheted"] = "keyRatcheted";
+})(KeyHandlerEvent || (KeyHandlerEvent = {}));
+var EncryptionEvent;
+(function (EncryptionEvent) {
+  EncryptionEvent["ParticipantEncryptionStatusChanged"] = "participantEncryptionStatusChanged";
+  EncryptionEvent["EncryptionError"] = "encryptionError";
+})(EncryptionEvent || (EncryptionEvent = {}));
+var CryptorEvent;
+(function (CryptorEvent) {
+  CryptorEvent["Error"] = "cryptorError";
+})(CryptorEvent || (CryptorEvent = {}));
+
 var events = {exports: {}};
 
 var R = typeof Reflect === 'object' ? Reflect : null;
@@ -773,10 +793,6 @@ function eventTargetAgnosticAddListener(emitter, name, listener, flags) {
 }
 var eventsExports = events.exports;
 
-const CryptorEvent = {
-  Error: 'cryptorError'
-};
-
 var AudioPresets;
 (function (AudioPresets) {
   AudioPresets.telephone = {
@@ -903,6 +919,7 @@ class SifGuard {
   }
 }
 
+const encryptionEnabledMap = new Map();
 class BaseFrameCryptor extends eventsExports.EventEmitter {
   encodeFunction(encodedFrame, controller) {
     throw Error('not implemented for subclass');
@@ -921,7 +938,7 @@ class FrameCryptor extends BaseFrameCryptor {
     super();
     this.sendCounts = new Map();
     this.keys = opts.keys;
-    this.participantId = opts.participantId;
+    this.participantIdentity = opts.participantIdentity;
     this.rtpMap = new Map();
     this.keyProviderOptions = opts.keyProviderOptions;
     this.sifTrailer = (_a = opts.sifTrailer) !== null && _a !== void 0 ? _a : Uint8Array.from([]);
@@ -934,15 +951,22 @@ class FrameCryptor extends BaseFrameCryptor {
    * @param keys
    */
   setParticipant(id, keys) {
-    this.participantId = id;
+    this.participantIdentity = id;
     this.keys = keys;
     this.sifGuard.reset();
   }
   unsetParticipant() {
-    this.participantId = undefined;
+    this.participantIdentity = undefined;
+  }
+  isEnabled() {
+    if (this.participantIdentity) {
+      return encryptionEnabledMap.get(this.participantIdentity);
+    } else {
+      return undefined;
+    }
   }
-  getParticipantId() {
-    return this.participantId;
+  getParticipantIdentity() {
+    return this.participantIdentity;
   }
   getTrackId() {
     return this.trackId;
@@ -974,10 +998,13 @@ class FrameCryptor extends BaseFrameCryptor {
     });
     readable.pipeThrough(transformStream).pipeTo(writable).catch(e => {
       workerLogger.warn(e);
-      this.emit('cryptorError', e instanceof CryptorError ? e : new CryptorError(e.message));
+      this.emit(CryptorEvent.Error, e instanceof CryptorError ? e : new CryptorError(e.message));
     });
     this.trackId = trackId;
   }
+  setSifTrailer(trailer) {
+    this.sifTrailer = trailer;
+  }
   /**
    * Function that will be injected in a stream and will encrypt the given encoded frames.
    *
@@ -1003,14 +1030,18 @@ class FrameCryptor extends BaseFrameCryptor {
   encodeFunction(encodedFrame, controller) {
     var _a;
     return __awaiter(this, void 0, void 0, function* () {
-      if (!this.keys.isEnabled() ||
+      if (!this.isEnabled() ||
       // skip for encryption for empty dtx frames
       encodedFrame.data.byteLength === 0) {
         return controller.enqueue(encodedFrame);
       }
+      const keySet = this.keys.getKeySet();
+      if (!keySet) {
+        throw new TypeError("key set not found for ".concat(this.participantIdentity, " at index ").concat(this.keys.getCurrentKeyIndex()));
+      }
       const {
         encryptionKey
-      } = this.keys.getKeySet();
+      } = keySet;
       const keyIndex = this.keys.getCurrentKeyIndex();
       if (encryptionKey) {
         const iv = this.makeIV((_a = encodedFrame.getMetadata().synchronizationSource) !== null && _a !== void 0 ? _a : -1, encodedFrame.timestamp);
@@ -1058,7 +1089,7 @@ class FrameCryptor extends BaseFrameCryptor {
    */
   decodeFunction(encodedFrame, controller) {
     return __awaiter(this, void 0, void 0, function* () {
-      if (!this.keys.isEnabled() ||
+      if (!this.isEnabled() ||
       // skip for decryption for empty dtx frames
       encodedFrame.data.byteLength === 0) {
         this.sifGuard.recordUserFrame();
@@ -1087,8 +1118,7 @@ class FrameCryptor extends BaseFrameCryptor {
         } catch (error) {
           if (error instanceof CryptorError && error.reason === CryptorErrorReason.InvalidKey) {
             if (this.keys.hasValidKey) {
-              workerLogger.warn('invalid key');
-              this.emit(CryptorEvent.Error, new CryptorError("invalid key for participant ".concat(this.participantId), CryptorErrorReason.InvalidKey));
+              this.emit(CryptorEvent.Error, error);
               this.keys.decryptionFailure();
             }
           } else {
@@ -1100,7 +1130,7 @@ class FrameCryptor extends BaseFrameCryptor {
       } else if (!this.keys.getKeySet(keyIndex) && this.keys.hasValidKey) {
         // emit an error in case the key index is out of bounds but the key handler thinks we still have a valid key
         workerLogger.warn('skipping decryption due to missing key at index');
-        this.emit(CryptorEvent.Error, new CryptorError("missing key at index for participant ".concat(this.participantId), CryptorErrorReason.MissingKey));
+        this.emit(CryptorEvent.Error, new CryptorError("missing key at index for participant ".concat(this.participantIdentity), CryptorErrorReason.MissingKey));
       }
     });
   }
@@ -1116,6 +1146,9 @@ class FrameCryptor extends BaseFrameCryptor {
     var _a;
     return __awaiter(this, void 0, void 0, function* () {
       const keySet = this.keys.getKeySet(keyIndex);
+      if (!ratchetOpts.encryptionKey && !keySet) {
+        throw new TypeError("no encryption key found for decryption of ".concat(this.participantIdentity));
+      }
       // Construct frame trailer. Similar to the frame header described in
       // https://tools.ietf.org/html/draft-omara-sframe-00#section-4.2
       // but we put it at the end.
@@ -1173,11 +1206,11 @@ class FrameCryptor extends BaseFrameCryptor {
               workerLogger.debug('resetting to initial material');
               this.keys.setKeyFromMaterial(initialMaterial.material, keyIndex);
             }
-            workerLogger.warn('maximum ratchet attempts exceeded, resetting key');
-            throw new CryptorError("valid key missing for participant ".concat(this.participantId), CryptorErrorReason.InvalidKey);
+            workerLogger.warn('maximum ratchet attempts exceeded');
+            throw new CryptorError("valid key missing for participant ".concat(this.participantIdentity), CryptorErrorReason.InvalidKey);
           }
         } else {
-          throw new CryptorError('Decryption failed, most likely because of an invalid key', CryptorErrorReason.InvalidKey);
+          throw new CryptorError("Decryption failed: ".concat(error.message), CryptorErrorReason.InvalidKey);
         }
       }
     });
@@ -1265,9 +1298,6 @@ class FrameCryptor extends BaseFrameCryptor {
     const codec = payloadType ? this.rtpMap.get(payloadType) : undefined;
     return codec;
   }
-  setSifTrailer(trailer) {
-    this.sifTrailer = trailer;
-  }
 }
 /**
  * Slice the NALUs present in the supplied buffer, assuming it is already byte-aligned
@@ -1370,28 +1400,24 @@ class ParticipantKeyHandler extends eventsExports.EventEmitter {
   get hasValidKey() {
     return this._hasValidKey;
   }
-  constructor(participantId, isEnabled, keyProviderOptions) {
+  constructor(participantIdentity, keyProviderOptions) {
     super();
     this.decryptionFailureCount = 0;
     this._hasValidKey = true;
     this.currentKeyIndex = 0;
-    this.cryptoKeyRing = new Array(KEYRING_SIZE);
-    this.enabled = isEnabled;
+    this.cryptoKeyRing = new Array(KEYRING_SIZE).fill(undefined);
     this.keyProviderOptions = keyProviderOptions;
     this.ratchetPromiseMap = new Map();
-    this.participantId = participantId;
+    this.participantIdentity = participantIdentity;
     this.resetKeyStatus();
   }
-  setEnabled(enabled) {
-    this.enabled = enabled;
-  }
   decryptionFailure() {
     if (this.keyProviderOptions.failureTolerance < 0) {
       return;
     }
     this.decryptionFailureCount += 1;
     if (this.decryptionFailureCount > this.keyProviderOptions.failureTolerance) {
-      workerLogger.warn("key for ".concat(this.participantId, " is being marked as invalid"));
+      workerLogger.warn("key for ".concat(this.participantIdentity, " is being marked as invalid"));
       this._hasValidKey = false;
     }
   }
@@ -1415,19 +1441,23 @@ class ParticipantKeyHandler extends eventsExports.EventEmitter {
    */
   ratchetKey(keyIndex) {
     let setKey = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : true;
-    const currentKeyIndex = keyIndex !== null && keyIndex !== void 0 ? keyIndex : keyIndex = this.getCurrentKeyIndex();
+    const currentKeyIndex = keyIndex !== null && keyIndex !== void 0 ? keyIndex : this.getCurrentKeyIndex();
     const existingPromise = this.ratchetPromiseMap.get(currentKeyIndex);
     if (typeof existingPromise !== 'undefined') {
       return existingPromise;
     }
     const ratchetPromise = new Promise((resolve, reject) => __awaiter(this, void 0, void 0, function* () {
       try {
-        const currentMaterial = this.getKeySet(currentKeyIndex).material;
+        const keySet = this.getKeySet(currentKeyIndex);
+        if (!keySet) {
+          throw new TypeError("Cannot ratchet key without a valid keyset of participant ".concat(this.participantIdentity));
+        }
+        const currentMaterial = keySet.material;
         const newMaterial = yield importKey(yield ratchet(currentMaterial, this.keyProviderOptions.ratchetSalt), currentMaterial.algorithm.name, 'derive');
         if (setKey) {
           this.setKeyFromMaterial(newMaterial, currentKeyIndex, true);
+          this.emit(KeyHandlerEvent.KeyRatcheted, newMaterial, this.participantIdentity, currentKeyIndex);
         }
-        this.emit('keyRatcheted', newMaterial, keyIndex, this.participantId);
         resolve(newMaterial);
       } catch (e) {
         reject(e);
@@ -1471,12 +1501,10 @@ class ParticipantKeyHandler extends eventsExports.EventEmitter {
   }
   setKeySet(keySet, keyIndex) {
     let emitRatchetEvent = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : false;
-    return __awaiter(this, void 0, void 0, function* () {
-      this.cryptoKeyRing[keyIndex % this.cryptoKeyRing.length] = keySet;
-      if (emitRatchetEvent) {
-        this.emit('keyRatcheted', keySet.material, keyIndex, this.participantId);
-      }
-    });
+    this.cryptoKeyRing[keyIndex % this.cryptoKeyRing.length] = keySet;
+    if (emitRatchetEvent) {
+      this.emit(KeyHandlerEvent.KeyRatcheted, keySet.material, this.participantIdentity, keyIndex);
+    }
   }
   setCurrentKeyIndex(index) {
     return __awaiter(this, void 0, void 0, function* () {
@@ -1484,9 +1512,6 @@ class ParticipantKeyHandler extends eventsExports.EventEmitter {
       this.resetKeyStatus();
     });
   }
-  isEnabled() {
-    return this.enabled;
-  }
   getCurrentKeyIndex() {
     return this.currentKeyIndex;
   }
@@ -1502,8 +1527,7 @@ class ParticipantKeyHandler extends eventsExports.EventEmitter {
 
 const participantCryptors = [];
 const participantKeys = new Map();
-let publishCryptors = [];
-let publisherKeys;
+let sharedKeyHandler;
 let isEncryptionEnabled = false;
 let useSharedKey = false;
 let sharedKey;
@@ -1521,36 +1545,35 @@ onmessage = ev => {
       keyProviderOptions = data.keyProviderOptions;
       useSharedKey = !!data.keyProviderOptions.sharedKey;
       // acknowledge init successful
-      const enableMsg = {
-        kind: 'enable',
+      const ackMsg = {
+        kind: 'initAck',
         data: {
           enabled: isEncryptionEnabled
         }
       };
-      publisherKeys = new ParticipantKeyHandler(undefined, isEncryptionEnabled, keyProviderOptions);
-      publisherKeys.on('keyRatcheted', emitRatchetedKeys);
-      postMessage(enableMsg);
+      postMessage(ackMsg);
       break;
     case 'enable':
-      setEncryptionEnabled(data.enabled, data.participantId);
+      setEncryptionEnabled(data.enabled, data.participantIdentity);
       workerLogger.info('updated e2ee enabled status');
       // acknowledge enable call successful
       postMessage(ev.data);
       break;
     case 'decode':
-      let cryptor = getTrackCryptor(data.participantId, data.trackId);
+      let cryptor = getTrackCryptor(data.participantIdentity, data.trackId);
       cryptor.setupTransform(kind, data.readableStream, data.writableStream, data.trackId, data.codec);
       break;
     case 'encode':
-      let pubCryptor = getPublisherCryptor(data.trackId);
+      let pubCryptor = getTrackCryptor(data.participantIdentity, data.trackId);
       pubCryptor.setupTransform(kind, data.readableStream, data.writableStream, data.trackId, data.codec);
       break;
     case 'setKey':
       if (useSharedKey) {
-        workerLogger.debug('set shared key');
+        workerLogger.warn('set shared key');
         setSharedKey(data.key, data.keyIndex);
-      } else if (data.participantId) {
-        getParticipantKeyHandler(data.participantId).setKey(data.key, data.keyIndex);
+      } else if (data.participantIdentity) {
+        workerLogger.warn("set participant sender key ".concat(data.participantIdentity));
+        getParticipantKeyHandler(data.participantIdentity).setKey(data.key, data.keyIndex);
       } else {
         workerLogger.error('no participant Id was provided and shared key usage is disabled');
       }
@@ -1559,11 +1582,14 @@ onmessage = ev => {
       unsetCryptorParticipant(data.trackId);
       break;
     case 'updateCodec':
-      getTrackCryptor(data.participantId, data.trackId).setVideoCodec(data.codec);
+      getTrackCryptor(data.participantIdentity, data.trackId).setVideoCodec(data.codec);
       break;
     case 'setRTPMap':
-      publishCryptors.forEach(cr => {
-        cr.setRtpMap(data.map);
+      // this is only used for the local participant
+      participantCryptors.forEach(cr => {
+        if (cr.getParticipantIdentity() === data.participantIdentity) {
+          cr.setRtpMap(data.map);
+        }
       });
       break;
     case 'ratchetRequest':
@@ -1576,86 +1602,77 @@ onmessage = ev => {
 };
 function handleRatchetRequest(data) {
   return __awaiter(this, void 0, void 0, function* () {
-    const keyHandler = getParticipantKeyHandler(data.participantId);
-    yield keyHandler.ratchetKey(data.keyIndex);
-    keyHandler.resetKeyStatus();
+    if (useSharedKey) {
+      const keyHandler = getSharedKeyHandler();
+      yield keyHandler.ratchetKey(data.keyIndex);
+      keyHandler.resetKeyStatus();
+    } else if (data.participantIdentity) {
+      const keyHandler = getParticipantKeyHandler(data.participantIdentity);
+      yield keyHandler.ratchetKey(data.keyIndex);
+      keyHandler.resetKeyStatus();
+    } else {
+      workerLogger.error('no participant Id was provided for ratchet request and shared key usage is disabled');
+    }
   });
 }
-function getTrackCryptor(participantId, trackId) {
+function getTrackCryptor(participantIdentity, trackId) {
   let cryptor = participantCryptors.find(c => c.getTrackId() === trackId);
   if (!cryptor) {
     workerLogger.info('creating new cryptor for', {
-      participantId
+      participantIdentity
     });
     if (!keyProviderOptions) {
       throw Error('Missing keyProvider options');
     }
     cryptor = new FrameCryptor({
-      participantId,
-      keys: getParticipantKeyHandler(participantId),
+      participantIdentity,
+      keys: getParticipantKeyHandler(participantIdentity),
       keyProviderOptions,
       sifTrailer
     });
     setupCryptorErrorEvents(cryptor);
     participantCryptors.push(cryptor);
-  } else if (participantId !== cryptor.getParticipantId()) {
+  } else if (participantIdentity !== cryptor.getParticipantIdentity()) {
     // assign new participant id to track cryptor and pass in correct key handler
-    cryptor.setParticipant(participantId, getParticipantKeyHandler(participantId));
+    cryptor.setParticipant(participantIdentity, getParticipantKeyHandler(participantIdentity));
   }
   return cryptor;
 }
-function getParticipantKeyHandler(participantId) {
-  if (!participantId) {
-    return publisherKeys;
+function getParticipantKeyHandler(participantIdentity) {
+  if (useSharedKey) {
+    return getSharedKeyHandler();
   }
-  let keys = participantKeys.get(participantId);
+  let keys = participantKeys.get(participantIdentity);
   if (!keys) {
-    keys = new ParticipantKeyHandler(participantId, true, keyProviderOptions);
+    keys = new ParticipantKeyHandler(participantIdentity, keyProviderOptions);
     if (sharedKey) {
       keys.setKey(sharedKey);
     }
-    participantKeys.set(participantId, keys);
+    keys.on(KeyHandlerEvent.KeyRatcheted, emitRatchetedKeys);
+    participantKeys.set(participantIdentity, keys);
   }
   return keys;
 }
+function getSharedKeyHandler() {
+  if (!sharedKeyHandler) {
+    sharedKeyHandler = new ParticipantKeyHandler('shared-key', keyProviderOptions);
+  }
+  return sharedKeyHandler;
+}
 function unsetCryptorParticipant(trackId) {
   var _a;
   (_a = participantCryptors.find(c => c.getTrackId() === trackId)) === null || _a === void 0 ? void 0 : _a.unsetParticipant();
 }
-function getPublisherCryptor(trackId) {
-  let publishCryptor = publishCryptors.find(cryptor => cryptor.getTrackId() === trackId);
-  if (!publishCryptor) {
-    if (!keyProviderOptions) {
-      throw new TypeError('Missing keyProvider options');
-    }
-    publishCryptor = new FrameCryptor({
-      keys: publisherKeys,
-      participantId: 'publisher',
-      keyProviderOptions
-    });
-    setupCryptorErrorEvents(publishCryptor);
-    publishCryptors.push(publishCryptor);
-  }
-  return publishCryptor;
-}
-function setEncryptionEnabled(enable, participantId) {
-  if (!participantId) {
-    isEncryptionEnabled = enable;
-    publisherKeys.setEnabled(enable);
-  } else {
-    getParticipantKeyHandler(participantId).setEnabled(enable);
-  }
+function setEncryptionEnabled(enable, participantIdentity) {
+  encryptionEnabledMap.set(participantIdentity, enable);
 }
 function setSharedKey(key, index) {
   workerLogger.debug('setting shared key');
   sharedKey = key;
-  publisherKeys === null || publisherKeys === void 0 ? void 0 : publisherKeys.setKey(key, index);
-  for (const [, keyHandler] of participantKeys) {
-    keyHandler.setKey(key, index);
-  }
+  getSharedKeyHandler().setKey(key, index);
 }
 function setupCryptorErrorEvents(cryptor) {
-  cryptor.on('cryptorError', error => {
+  cryptor.on(CryptorEvent.Error, error => {
     const msg = {
       kind: 'error',
       data: {
@@ -1665,11 +1682,11 @@ function setupCryptorErrorEvents(cryptor) {
     postMessage(msg);
   });
 }
-function emitRatchetedKeys(material, keyIndex) {
+function emitRatchetedKeys(material, participantIdentity, keyIndex) {
   const msg = {
     kind: "ratchetKey",
     data: {
-      // participantId,
+      participantIdentity,
       keyIndex,
       material
     }
@@ -1693,11 +1710,11 @@ if (self.RTCTransformEvent) {
     transformer.handled = true;
     const {
       kind,
-      participantId,
+      participantIdentity,
       trackId,
       codec
     } = transformer.options;
-    const cryptor = kind === 'encode' ? getPublisherCryptor(trackId) : getTrackCryptor(participantId, trackId);
+    const cryptor = getTrackCryptor(participantIdentity, trackId);
     workerLogger.debug('transform', {
       codec
     });