npm - livekit-client - Versions diffs - 2.15.6 → 2.15.8 - Mend

livekit-client 2.15.6 → 2.15.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (173) hide show

package/dist/livekit-client.e2ee.worker.mjs CHANGED Viewed

@@ -369,6 +369,7 @@ var LoggerNames;
 (function (LoggerNames) {
   LoggerNames["Default"] = "livekit";
   LoggerNames["Room"] = "livekit-room";
+  LoggerNames["TokenSource"] = "livekit-token-source";
   LoggerNames["Participant"] = "livekit-participant";
   LoggerNames["Track"] = "livekit-track";
   LoggerNames["Publication"] = "livekit-track-publication";
@@ -516,6 +517,8 @@ var DataStreamErrorReason;
   DataStreamErrorReason[DataStreamErrorReason["Incomplete"] = 4] = "Incomplete";
   // Unable to register a stream handler more than once.
   DataStreamErrorReason[DataStreamErrorReason["HandlerAlreadyRegistered"] = 7] = "HandlerAlreadyRegistered";
+  // Encryption type mismatch.
+  DataStreamErrorReason[DataStreamErrorReason["EncryptionTypeMismatch"] = 8] = "EncryptionTypeMismatch";
 })(DataStreamErrorReason || (DataStreamErrorReason = {}));
 var MediaDeviceFailure;
 (function (MediaDeviceFailure) {
@@ -586,6 +589,218 @@ var CryptorEvent;
   CryptorEvent["Error"] = "cryptorError";
 })(CryptorEvent || (CryptorEvent = {}));
+function isVideoFrame(frame) {
+  return 'type' in frame;
+}
+function importKey(keyBytes_1) {
+  return __awaiter(this, arguments, void 0, function (keyBytes) {
+    let algorithm = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {
+      name: ENCRYPTION_ALGORITHM
+    };
+    let usage = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : 'encrypt';
+    return function* () {
+      // https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/importKey
+      return crypto.subtle.importKey('raw', keyBytes, algorithm, false, usage === 'derive' ? ['deriveBits', 'deriveKey'] : ['encrypt', 'decrypt']);
+    }();
+  });
+}
+function getAlgoOptions(algorithmName, salt) {
+  const textEncoder = new TextEncoder();
+  const encodedSalt = textEncoder.encode(salt);
+  switch (algorithmName) {
+    case 'HKDF':
+      return {
+        name: 'HKDF',
+        salt: encodedSalt,
+        hash: 'SHA-256',
+        info: new ArrayBuffer(128)
+      };
+    case 'PBKDF2':
+      {
+        return {
+          name: 'PBKDF2',
+          salt: encodedSalt,
+          hash: 'SHA-256',
+          iterations: 100000
+        };
+      }
+    default:
+      throw new Error("algorithm ".concat(algorithmName, " is currently unsupported"));
+  }
+}
+/**
+ * Derives a set of keys from the master key.
+ * See https://tools.ietf.org/html/draft-omara-sframe-00#section-4.3.1
+ */
+function deriveKeys(material, salt) {
+  return __awaiter(this, void 0, void 0, function* () {
+    const algorithmOptions = getAlgoOptions(material.algorithm.name, salt);
+    // https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/deriveKey#HKDF
+    // https://developer.mozilla.org/en-US/docs/Web/API/HkdfParams
+    const encryptionKey = yield crypto.subtle.deriveKey(algorithmOptions, material, {
+      name: ENCRYPTION_ALGORITHM,
+      length: 128
+    }, false, ['encrypt', 'decrypt']);
+    return {
+      material,
+      encryptionKey
+    };
+  });
+}
+/**
+ * Ratchets a key. See
+ * https://tools.ietf.org/html/draft-omara-sframe-00#section-4.3.5.1
+ */
+function ratchet(material, salt) {
+  return __awaiter(this, void 0, void 0, function* () {
+    const algorithmOptions = getAlgoOptions(material.algorithm.name, salt);
+    // https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/deriveBits
+    return crypto.subtle.deriveBits(algorithmOptions, material, 256);
+  });
+}
+function needsRbspUnescaping(frameData) {
+  for (var i = 0; i < frameData.length - 3; i++) {
+    if (frameData[i] == 0 && frameData[i + 1] == 0 && frameData[i + 2] == 3) return true;
+  }
+  return false;
+}
+function parseRbsp(stream) {
+  const dataOut = [];
+  var length = stream.length;
+  for (var i = 0; i < stream.length;) {
+    // Be careful about over/underflow here. byte_length_ - 3 can underflow, and
+    // i + 3 can overflow, but byte_length_ - i can't, because i < byte_length_
+    // above, and that expression will produce the number of bytes left in
+    // the stream including the byte at i.
+    if (length - i >= 3 && !stream[i] && !stream[i + 1] && stream[i + 2] == 3) {
+      // Two rbsp bytes.
+      dataOut.push(stream[i++]);
+      dataOut.push(stream[i++]);
+      // Skip the emulation byte.
+      i++;
+    } else {
+      // Single rbsp byte.
+      dataOut.push(stream[i++]);
+    }
+  }
+  return new Uint8Array(dataOut);
+}
+const kZerosInStartSequence = 2;
+const kEmulationByte = 3;
+function writeRbsp(data_in) {
+  const dataOut = [];
+  var numConsecutiveZeros = 0;
+  for (var i = 0; i < data_in.length; ++i) {
+    var byte = data_in[i];
+    if (byte <= kEmulationByte && numConsecutiveZeros >= kZerosInStartSequence) {
+      // Need to escape.
+      dataOut.push(kEmulationByte);
+      numConsecutiveZeros = 0;
+    }
+    dataOut.push(byte);
+    if (byte == 0) {
+      ++numConsecutiveZeros;
+    } else {
+      numConsecutiveZeros = 0;
+    }
+  }
+  return new Uint8Array(dataOut);
+}
+class DataCryptor {
+  static makeIV(timestamp) {
+    const iv = new ArrayBuffer(12);
+    const ivView = new DataView(iv);
+    const randomBytes = crypto.getRandomValues(new Uint32Array(1));
+    ivView.setUint32(0, randomBytes[0]);
+    ivView.setUint32(4, timestamp);
+    ivView.setUint32(8, timestamp - DataCryptor.sendCount % 0xffff);
+    DataCryptor.sendCount++;
+    return iv;
+  }
+  static encrypt(data, keys) {
+    return __awaiter(this, void 0, void 0, function* () {
+      const iv = DataCryptor.makeIV(performance.now());
+      const keySet = yield keys.getKeySet();
+      if (!keySet) {
+        throw new Error('No key set found');
+      }
+      const cipherText = yield crypto.subtle.encrypt({
+        name: ENCRYPTION_ALGORITHM,
+        iv
+      }, keySet.encryptionKey, new Uint8Array(data));
+      return {
+        payload: new Uint8Array(cipherText),
+        iv: new Uint8Array(iv),
+        keyIndex: keys.getCurrentKeyIndex()
+      };
+    });
+  }
+  static decrypt(data_1, iv_1, keys_1) {
+    return __awaiter(this, arguments, void 0, function (data, iv, keys) {
+      let keyIndex = arguments.length > 3 && arguments[3] !== undefined ? arguments[3] : 0;
+      let initialMaterial = arguments.length > 4 ? arguments[4] : undefined;
+      let ratchetOpts = arguments.length > 5 && arguments[5] !== undefined ? arguments[5] : {
+        ratchetCount: 0
+      };
+      return function* () {
+        const keySet = yield keys.getKeySet(keyIndex);
+        if (!keySet) {
+          throw new Error('No key set found');
+        }
+        try {
+          const plainText = yield crypto.subtle.decrypt({
+            name: ENCRYPTION_ALGORITHM,
+            iv
+          }, keySet.encryptionKey, new Uint8Array(data));
+          return {
+            payload: new Uint8Array(plainText)
+          };
+        } catch (error) {
+          if (keys.keyProviderOptions.ratchetWindowSize > 0) {
+            if (ratchetOpts.ratchetCount < keys.keyProviderOptions.ratchetWindowSize) {
+              workerLogger.debug("DataCryptor: ratcheting key attempt ".concat(ratchetOpts.ratchetCount, " of ").concat(keys.keyProviderOptions.ratchetWindowSize, ", for data packet"));
+              let ratchetedKeySet;
+              let ratchetResult;
+              if ((initialMaterial !== null && initialMaterial !== void 0 ? initialMaterial : keySet) === keys.getKeySet(keyIndex)) {
+                // only ratchet if the currently set key is still the same as the one used to decrypt this frame
+                // if not, it might be that a different frame has already ratcheted and we try with that one first
+                ratchetResult = yield keys.ratchetKey(keyIndex, false);
+                ratchetedKeySet = yield deriveKeys(ratchetResult.cryptoKey, keys.keyProviderOptions.ratchetSalt);
+              }
+              const decryptedData = yield DataCryptor.decrypt(data, iv, keys, keyIndex, initialMaterial, {
+                ratchetCount: ratchetOpts.ratchetCount + 1,
+                encryptionKey: ratchetedKeySet === null || ratchetedKeySet === void 0 ? void 0 : ratchetedKeySet.encryptionKey
+              });
+              if (decryptedData && ratchetedKeySet) {
+                // before updating the keys, make sure that the keySet used for this frame is still the same as the currently set key
+                // if it's not, a new key might have been set already, which we don't want to override
+                if ((initialMaterial !== null && initialMaterial !== void 0 ? initialMaterial : keySet) === keys.getKeySet(keyIndex)) {
+                  keys.setKeySet(ratchetedKeySet, keyIndex, ratchetResult);
+                  // decryption was successful, set the new key index to reflect the ratcheted key set
+                  keys.setCurrentKeyIndex(keyIndex);
+                }
+              }
+              return decryptedData;
+            } else {
+              /**
+               * Because we only set a new key once decryption has been successful,
+               * we can be sure that we don't need to reset the key to the initial material at this point
+               * as the key has not been updated on the keyHandler instance
+               */
+              workerLogger.warn('DataCryptor: maximum ratchet attempts exceeded');
+              throw new CryptorError("DataCryptor: valid key missing for participant ".concat(keys.participantIdentity), CryptorErrorReason.InvalidKey, keys.participantIdentity);
+            }
+          } else {
+            throw new CryptorError("DataCryptor: Decryption failed: ".concat(error.message), CryptorErrorReason.InvalidKey, keys.participantIdentity);
+          }
+        }
+      }();
+    });
+  }
+}
+DataCryptor.sendCount = 0;
 var events = {exports: {}};
 var hasRequiredEvents;
@@ -973,124 +1188,6 @@ function requireEvents() {
 var eventsExports = requireEvents();
-function isVideoFrame(frame) {
-  return 'type' in frame;
-}
-function importKey(keyBytes_1) {
-  return __awaiter(this, arguments, void 0, function (keyBytes) {
-    let algorithm = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {
-      name: ENCRYPTION_ALGORITHM
-    };
-    let usage = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : 'encrypt';
-    return function* () {
-      // https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/importKey
-      return crypto.subtle.importKey('raw', keyBytes, algorithm, false, usage === 'derive' ? ['deriveBits', 'deriveKey'] : ['encrypt', 'decrypt']);
-    }();
-  });
-}
-function getAlgoOptions(algorithmName, salt) {
-  const textEncoder = new TextEncoder();
-  const encodedSalt = textEncoder.encode(salt);
-  switch (algorithmName) {
-    case 'HKDF':
-      return {
-        name: 'HKDF',
-        salt: encodedSalt,
-        hash: 'SHA-256',
-        info: new ArrayBuffer(128)
-      };
-    case 'PBKDF2':
-      {
-        return {
-          name: 'PBKDF2',
-          salt: encodedSalt,
-          hash: 'SHA-256',
-          iterations: 100000
-        };
-      }
-    default:
-      throw new Error("algorithm ".concat(algorithmName, " is currently unsupported"));
-  }
-}
-/**
- * Derives a set of keys from the master key.
- * See https://tools.ietf.org/html/draft-omara-sframe-00#section-4.3.1
- */
-function deriveKeys(material, salt) {
-  return __awaiter(this, void 0, void 0, function* () {
-    const algorithmOptions = getAlgoOptions(material.algorithm.name, salt);
-    // https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/deriveKey#HKDF
-    // https://developer.mozilla.org/en-US/docs/Web/API/HkdfParams
-    const encryptionKey = yield crypto.subtle.deriveKey(algorithmOptions, material, {
-      name: ENCRYPTION_ALGORITHM,
-      length: 128
-    }, false, ['encrypt', 'decrypt']);
-    return {
-      material,
-      encryptionKey
-    };
-  });
-}
-/**
- * Ratchets a key. See
- * https://tools.ietf.org/html/draft-omara-sframe-00#section-4.3.5.1
- */
-function ratchet(material, salt) {
-  return __awaiter(this, void 0, void 0, function* () {
-    const algorithmOptions = getAlgoOptions(material.algorithm.name, salt);
-    // https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/deriveBits
-    return crypto.subtle.deriveBits(algorithmOptions, material, 256);
-  });
-}
-function needsRbspUnescaping(frameData) {
-  for (var i = 0; i < frameData.length - 3; i++) {
-    if (frameData[i] == 0 && frameData[i + 1] == 0 && frameData[i + 2] == 3) return true;
-  }
-  return false;
-}
-function parseRbsp(stream) {
-  const dataOut = [];
-  var length = stream.length;
-  for (var i = 0; i < stream.length;) {
-    // Be careful about over/underflow here. byte_length_ - 3 can underflow, and
-    // i + 3 can overflow, but byte_length_ - i can't, because i < byte_length_
-    // above, and that expression will produce the number of bytes left in
-    // the stream including the byte at i.
-    if (length - i >= 3 && !stream[i] && !stream[i + 1] && stream[i + 2] == 3) {
-      // Two rbsp bytes.
-      dataOut.push(stream[i++]);
-      dataOut.push(stream[i++]);
-      // Skip the emulation byte.
-      i++;
-    } else {
-      // Single rbsp byte.
-      dataOut.push(stream[i++]);
-    }
-  }
-  return new Uint8Array(dataOut);
-}
-const kZerosInStartSequence = 2;
-const kEmulationByte = 3;
-function writeRbsp(data_in) {
-  const dataOut = [];
-  var numConsecutiveZeros = 0;
-  for (var i = 0; i < data_in.length; ++i) {
-    var byte = data_in[i];
-    if (byte <= kEmulationByte && numConsecutiveZeros >= kZerosInStartSequence) {
-      // Need to escape.
-      dataOut.push(kEmulationByte);
-      numConsecutiveZeros = 0;
-    }
-    dataOut.push(byte);
-    if (byte == 0) {
-      ++numConsecutiveZeros;
-    } else {
-      numConsecutiveZeros = 0;
-    }
-  }
-  return new Uint8Array(dataOut);
-}
 /**
  * NALU (Network Abstraction Layer Unit) utilities for H.264 and H.265 video processing
  * Contains functions for parsing and working with NALUs in video frames
@@ -2082,6 +2179,44 @@ onmessage = ev => {
         let pubCryptor = getTrackCryptor(data.participantIdentity, data.trackId);
         pubCryptor.setupTransform(kind, data.readableStream, data.writableStream, data.trackId, data.isReuse, data.codec);
         break;
+      case 'encryptDataRequest':
+        const {
+          payload: encryptedPayload,
+          iv,
+          keyIndex
+        } = yield DataCryptor.encrypt(data.payload, getParticipantKeyHandler(data.participantIdentity));
+        console.log('encrypted payload', {
+          original: data.payload,
+          encrypted: encryptedPayload,
+          iv
+        });
+        postMessage({
+          kind: 'encryptDataResponse',
+          data: {
+            payload: encryptedPayload,
+            iv,
+            keyIndex,
+            uuid: data.uuid
+          }
+        });
+        break;
+      case 'decryptDataRequest':
+        const {
+          payload: decryptedPayload
+        } = yield DataCryptor.decrypt(data.payload, data.iv, getParticipantKeyHandler(data.participantIdentity), data.keyIndex);
+        console.log('decrypted payload', {
+          original: data.payload,
+          decrypted: decryptedPayload,
+          iv: data.iv
+        });
+        postMessage({
+          kind: 'decryptDataResponse',
+          data: {
+            payload: decryptedPayload,
+            uuid: data.uuid
+          }
+        });
+        break;
       case 'setKey':
         if (useSharedKey) {
           yield setSharedKey(data.key, data.keyIndex);