livekit-client 2.15.7 → 2.15.8

package/src/room/RTCEngine.ts

@@ -9,6 +9,9 @@ import {
   DataPacket,
   DataPacket_Kind,
   DisconnectReason,
+  EncryptedPacket,
+  EncryptedPacketPayload,
+  Encryption_Type,
   type JoinResponse,
   type LeaveRequest,
   LeaveRequest_Action,
@@ -43,6 +46,8 @@ import {
   SignalConnectionState,
   toProtoSessionDescription,
 } from '../api/SignalClient';
+import type { BaseE2EEManager } from '../e2ee/E2eeManager';
+import { asEncryptablePacket } from '../e2ee/utils';
 import log, { LoggerNames, getLogger } from '../logger';
 import type { InternalRoomOptions } from '../options';
 import { DataPacketBuffer } from '../utils/dataPacketBuffer';
@@ -116,6 +121,9 @@ export default class RTCEngine extends (EventEmitter as new () => TypedEventEmit
    */
   latestRemoteOfferId: number = 0;
 
+  /** @internal */
+  e2eeManager: BaseE2EEManager | undefined;
+
   get isClosed() {
     return this._isClosed;
   }
@@ -203,7 +211,6 @@ export default class RTCEngine extends (EventEmitter as new () => TypedEventEmit
     this.client = new SignalClient(undefined, this.loggerOptions);
     this.client.signalLatency = this.options.expSignalLatency;
     this.reconnectPolicy = this.options.reconnectPolicy;
-    this.registerOnLineListener();
     this.closingLock = new Mutex();
     this.dataProcessLock = new Mutex();
     this.dcBufferStatus = new Map([
@@ -260,9 +267,12 @@ export default class RTCEngine extends (EventEmitter as new () => TypedEventEmit
 
       // create offer
       if (!this.subscriberPrimary || joinResponse.fastPublish) {
-        this.negotiate();
+        this.negotiate().catch((err) => {
+          log.error(err, this.logContext);
+        });
       }
 
+      this.registerOnLineListener();
       this.clientConfiguration = joinResponse.clientConfiguration;
       this.emit(EngineEvent.SignalConnected, joinResponse);
       return joinResponse;
@@ -445,7 +455,7 @@ export default class RTCEngine extends (EventEmitter as new () => TypedEventEmit
         }
       } else if (connectionState === PCTransportState.FAILED) {
         // on Safari, PeerConnection will switch to 'disconnected' during renegotiation
-        if (this.pcState === PCState.Connected) {
+        if (this.pcState === PCState.Connected || this.pcState === PCState.Reconnecting) {
           this.pcState = PCState.Disconnected;
 
           this.handleDisconnect(
@@ -710,12 +720,32 @@ export default class RTCEngine extends (EventEmitter as new () => TypedEventEmit
       if (dp.value?.case === 'speaker') {
         // dispatch speaker updates
         this.emit(EngineEvent.ActiveSpeakersUpdate, dp.value.value.speakers);
+      } else if (dp.value?.case === 'encryptedPacket') {
+        if (!this.e2eeManager) {
+          this.log.error('Received encrypted packet but E2EE not set up', this.logContext);
+          return;
+        }
+        const decryptedData = await this.e2eeManager?.handleEncryptedData(
+          dp.value.value.encryptedValue,
+          dp.value.value.iv,
+          dp.participantIdentity,
+          dp.value.value.keyIndex,
+        );
+        const decryptedPacket = EncryptedPacketPayload.fromBinary(decryptedData.payload);
+        const newDp = new DataPacket({
+          value: decryptedPacket.value,
+        });
+        if (newDp.value?.case === 'user') {
+          // compatibility
+          applyUserDataCompat(newDp, newDp.value.value);
+        }
+        this.emit(EngineEvent.DataPacketReceived, newDp, dp.value.value.encryptionType);
       } else {
         if (dp.value?.case === 'user') {
           // compatibility
           applyUserDataCompat(dp, dp.value.value);
         }
-        this.emit(EngineEvent.DataPacketReceived, dp);
+        this.emit(EngineEvent.DataPacketReceived, dp, Encryption_Type.NONE);
       }
     } finally {
       unlock();
@@ -1191,11 +1221,28 @@ export default class RTCEngine extends (EventEmitter as new () => TypedEventEmit
     // make sure we do have a data connection
     await this.ensurePublisherConnected(kind);
 
+    if (this.e2eeManager && this.e2eeManager.isDataChannelEncryptionEnabled) {
+      const encryptablePacket = asEncryptablePacket(packet);
+      if (encryptablePacket) {
+        const encryptedData = await this.e2eeManager.encryptData(encryptablePacket.toBinary());
+        packet.value = {
+          case: 'encryptedPacket',
+          value: new EncryptedPacket({
+            encryptedValue: encryptedData.payload,
+            iv: encryptedData.iv,
+            keyIndex: encryptedData.keyIndex,
+          }),
+        };
+      }
+    }
+
     if (kind === DataPacket_Kind.RELIABLE) {
       packet.sequence = this.reliableDataSequence;
       this.reliableDataSequence += 1;
     }
+
     const msg = packet.toBinary();
+
     const dc = this.dataChannelForKind(kind);
     if (dc) {
       if (kind === DataPacket_Kind.RELIABLE) {
@@ -1293,7 +1340,9 @@ export default class RTCEngine extends (EventEmitter as new () => TypedEventEmit
     }
     if (needNegotiation) {
       // start negotiation
-      this.negotiate();
+      this.negotiate().catch((err) => {
+        log.error(err, this.logContext);
+      });
     }
 
     const targetChannel = this.dataChannelForKind(kind, subscriber);
@@ -1558,7 +1607,7 @@ export type EngineEventCallbacks = {
     receiver: RTCRtpReceiver,
   ) => void;
   activeSpeakersUpdate: (speakers: Array<SpeakerInfo>) => void;
-  dataPacketReceived: (packet: DataPacket) => void;
+  dataPacketReceived: (packet: DataPacket, encryptionType: Encryption_Type) => void;
   transcriptionReceived: (transcription: Transcription) => void;
   transportsCreated: (publisher: PCTransport, subscriber: PCTransport) => void;
   /** @internal */

package/src/room/Room.ts

@@ -5,6 +5,7 @@ import {
   type DataPacket,
   DataPacket_Kind,
   DisconnectReason,
+  Encryption_Type,
   JoinResponse,
   LeaveRequest,
   LeaveRequest_Action,
@@ -198,6 +199,10 @@ class Room extends (EventEmitter as new () => TypedEmitter<RoomEventCallbacks>)
 
   private rpcHandlers: Map<string, (data: RpcInvocationData) => Promise<string>> = new Map();
 
+  get hasE2EESetup(): boolean {
+    return this.e2eeManager !== undefined;
+  }
+
   /**
    * Creates a new Room, the primary construct for a LiveKit session.
    * @param options
@@ -241,6 +246,12 @@ class Room extends (EventEmitter as new () => TypedEmitter<RoomEventCallbacks>)
       this.outgoingDataStreamManager,
     );
 
+    if (this.options.e2ee || this.options.encryption) {
+      this.setupE2EE();
+    }
+
+    this.engine.e2eeManager = this.e2eeManager;
+
     if (this.options.videoCaptureDefaults.deviceId) {
       this.localParticipant.activeDeviceMap.set(
         'videoinput',
@@ -260,10 +271,6 @@ class Room extends (EventEmitter as new () => TypedEmitter<RoomEventCallbacks>)
       ).catch((e) => this.log.warn(`Could not set audio output: ${e.message}`, this.logContext));
     }
 
-    if (this.options.e2ee) {
-      this.setupE2EE();
-    }
-
     if (isWeb()) {
       const abortController = new AbortController();
 
@@ -355,11 +362,16 @@ class Room extends (EventEmitter as new () => TypedEmitter<RoomEventCallbacks>)
   }
 
   private setupE2EE() {
-    if (this.options.e2ee) {
-      if ('e2eeManager' in this.options.e2ee) {
-        this.e2eeManager = this.options.e2ee.e2eeManager;
+    // when encryption is enabled via `options.encryption`, we enable data channel encryption
+
+    const dcEncryptionEnabled = !!this.options.encryption;
+    const e2eeOptions = this.options.encryption || this.options.e2ee;
+
+    if (e2eeOptions) {
+      if ('e2eeManager' in e2eeOptions) {
+        this.e2eeManager = e2eeOptions.e2eeManager;
       } else {
-        this.e2eeManager = new E2EEManager(this.options.e2ee);
+        this.e2eeManager = new E2EEManager(e2eeOptions, dcEncryptionEnabled);
       }
       this.e2eeManager.on(
         EncryptionEvent.ParticipantEncryptionStatusChanged,
@@ -443,6 +455,7 @@ class Room extends (EventEmitter as new () => TypedEmitter<RoomEventCallbacks>)
     }
 
     this.engine = new RTCEngine(this.options);
+    this.engine.e2eeManager = this.e2eeManager;
 
     this.engine
       .on(EngineEvent.ParticipantUpdate, this.handleParticipantUpdates)
@@ -789,7 +802,7 @@ class Room extends (EventEmitter as new () => TypedEmitter<RoomEventCallbacks>)
     this.localParticipant.identity = pi.identity;
     this.localParticipant.setEnabledPublishCodecs(joinResponse.enabledPublishCodecs);
 
-    if (this.options.e2ee && this.e2eeManager) {
+    if (this.e2eeManager) {
       try {
         this.e2eeManager.setSifTrailer(joinResponse.sifTrailer);
       } catch (e: any) {
@@ -1711,11 +1724,11 @@ class Room extends (EventEmitter as new () => TypedEmitter<RoomEventCallbacks>)
     pub.setSubscriptionError(update.err);
   };
 
-  private handleDataPacket = (packet: DataPacket) => {
+  private handleDataPacket = (packet: DataPacket, encryptionType: Encryption_Type) => {
     // find the participant
     const participant = this.remoteParticipants.get(packet.participantIdentity);
     if (packet.value.case === 'user') {
-      this.handleUserPacket(participant, packet.value.value, packet.kind);
+      this.handleUserPacket(participant, packet.value.value, packet.kind, encryptionType);
     } else if (packet.value.case === 'transcription') {
       this.handleTranscription(participant, packet.value.value);
     } else if (packet.value.case === 'sipDtmf') {
@@ -1729,7 +1742,7 @@ class Room extends (EventEmitter as new () => TypedEmitter<RoomEventCallbacks>)
       packet.value.case === 'streamChunk' ||
       packet.value.case === 'streamTrailer'
     ) {
-      this.handleDataStream(packet);
+      this.handleDataStream(packet, encryptionType);
     } else if (packet.value.case === 'rpcRequest') {
       const rpc = packet.value.value;
       this.handleIncomingRpcRequest(
@@ -1747,11 +1760,19 @@ class Room extends (EventEmitter as new () => TypedEmitter<RoomEventCallbacks>)
     participant: RemoteParticipant | undefined,
     userPacket: UserPacket,
     kind: DataPacket_Kind,
+    encryptionType: Encryption_Type,
   ) => {
-    this.emit(RoomEvent.DataReceived, userPacket.payload, participant, kind, userPacket.topic);
+    this.emit(
+      RoomEvent.DataReceived,
+      userPacket.payload,
+      participant,
+      kind,
+      userPacket.topic,
+      encryptionType,
+    );
 
     // also emit on the participant
-    participant?.emit(ParticipantEvent.DataReceived, userPacket.payload, kind);
+    participant?.emit(ParticipantEvent.DataReceived, userPacket.payload, kind, encryptionType);
   };
 
   private handleSipDtmf = (participant: RemoteParticipant | undefined, dtmf: SipDTMF) => {
@@ -1791,8 +1812,8 @@ class Room extends (EventEmitter as new () => TypedEmitter<RoomEventCallbacks>)
     this.emit(RoomEvent.MetricsReceived, metrics, participant);
   };
 
-  private handleDataStream = (packet: DataPacket) => {
-    this.incomingDataStreamManager.handleDataStreamPacket(packet);
+  private handleDataStream = (packet: DataPacket, encryptionType: Encryption_Type) => {
+    this.incomingDataStreamManager.handleDataStreamPacket(packet, encryptionType);
   };
 
   private async handleIncomingRpcRequest(
@@ -2596,6 +2617,7 @@ export type RoomEventCallbacks = {
     participant?: RemoteParticipant,
     kind?: DataPacket_Kind,
     topic?: string,
+    encryptionType?: Encryption_Type,
   ) => void;
   sipDTMFReceived: (dtmf: SipDTMF, participant?: RemoteParticipant) => void;
   transcriptionReceived: (

package/src/room/data-stream/incoming/IncomingDataStreamManager.ts

@@ -3,6 +3,7 @@ import {
   DataStream_Chunk,
   DataStream_Header,
   DataStream_Trailer,
+  Encryption_Type,
 } from '@livekit/protocol';
 import log from '../../../logger';
 import { DataStreamError, DataStreamErrorReason } from '../../errors';
@@ -89,20 +90,28 @@ export default class IncomingDataStreamManager {
     }
   }
 
-  async handleDataStreamPacket(packet: DataPacket) {
+  async handleDataStreamPacket(packet: DataPacket, encryptionType: Encryption_Type) {
     switch (packet.value.case) {
       case 'streamHeader':
-        return this.handleStreamHeader(packet.value.value, packet.participantIdentity);
+        return this.handleStreamHeader(
+          packet.value.value,
+          packet.participantIdentity,
+          encryptionType,
+        );
       case 'streamChunk':
-        return this.handleStreamChunk(packet.value.value);
+        return this.handleStreamChunk(packet.value.value, encryptionType);
       case 'streamTrailer':
-        return this.handleStreamTrailer(packet.value.value);
+        return this.handleStreamTrailer(packet.value.value, encryptionType);
       default:
         throw new Error(`DataPacket of value "${packet.value.case}" is not data stream related!`);
     }
   }
 
-  private async handleStreamHeader(streamHeader: DataStream_Header, participantIdentity: string) {
+  private async handleStreamHeader(
+    streamHeader: DataStream_Header,
+    participantIdentity: string,
+    encryptionType: Encryption_Type,
+  ) {
     if (streamHeader.contentHeader.case === 'byteHeader') {
       const streamHandlerCallback = this.byteStreamHandlers.get(streamHeader.topic);
       if (!streamHandlerCallback) {
@@ -115,6 +124,9 @@ export default class IncomingDataStreamManager {
 
       let streamController: ReadableStreamDefaultController<DataStream_Chunk>;
       const outOfBandFailureRejectingFuture = new Future<never>();
+      outOfBandFailureRejectingFuture.promise.catch((err) => {
+        this.log.error(err);
+      });
 
       const info: ByteStreamInfo = {
         id: streamHeader.streamId,
@@ -124,6 +136,7 @@ export default class IncomingDataStreamManager {
         topic: streamHeader.topic,
         timestamp: bigIntToNumber(streamHeader.timestamp),
         attributes: streamHeader.attributes,
+        encryptionType,
       };
       const stream = new ReadableStream({
         start: (controller) => {
@@ -168,6 +181,10 @@ export default class IncomingDataStreamManager {
 
       let streamController: ReadableStreamDefaultController<DataStream_Chunk>;
       const outOfBandFailureRejectingFuture = new Future<never>();
+      outOfBandFailureRejectingFuture.promise.catch((err) => {
+        this.log.error(err);
+      });
+
       const info: TextStreamInfo = {
         id: streamHeader.streamId,
         mimeType: streamHeader.mimeType,
@@ -175,6 +192,7 @@ export default class IncomingDataStreamManager {
         topic: streamHeader.topic,
         timestamp: Number(streamHeader.timestamp),
         attributes: streamHeader.attributes,
+        encryptionType,
       };
 
       const stream = new ReadableStream<DataStream_Chunk>({
@@ -209,39 +227,68 @@ export default class IncomingDataStreamManager {
     }
   }
 
-  private handleStreamChunk(chunk: DataStream_Chunk) {
+  private handleStreamChunk(chunk: DataStream_Chunk, encryptionType: Encryption_Type) {
     const fileBuffer = this.byteStreamControllers.get(chunk.streamId);
     if (fileBuffer) {
-      if (chunk.content.length > 0) {
+      if (fileBuffer.info.encryptionType !== encryptionType) {
+        fileBuffer.controller.error(
+          new DataStreamError(
+            `Encryption type mismatch for stream ${chunk.streamId}. Expected ${encryptionType}, got ${fileBuffer.info.encryptionType}`,
+            DataStreamErrorReason.EncryptionTypeMismatch,
+          ),
+        );
+        this.byteStreamControllers.delete(chunk.streamId);
+      } else if (chunk.content.length > 0) {
         fileBuffer.controller.enqueue(chunk);
       }
     }
     const textBuffer = this.textStreamControllers.get(chunk.streamId);
     if (textBuffer) {
-      if (chunk.content.length > 0) {
+      if (textBuffer.info.encryptionType !== encryptionType) {
+        textBuffer.controller.error(
+          new DataStreamError(
+            `Encryption type mismatch for stream ${chunk.streamId}. Expected ${encryptionType}, got ${textBuffer.info.encryptionType}`,
+            DataStreamErrorReason.EncryptionTypeMismatch,
+          ),
+        );
+        this.textStreamControllers.delete(chunk.streamId);
+      } else if (chunk.content.length > 0) {
         textBuffer.controller.enqueue(chunk);
       }
     }
   }
 
-  private handleStreamTrailer(trailer: DataStream_Trailer) {
+  private handleStreamTrailer(trailer: DataStream_Trailer, encryptionType: Encryption_Type) {
     const textBuffer = this.textStreamControllers.get(trailer.streamId);
     if (textBuffer) {
-      textBuffer.info.attributes = {
-        ...textBuffer.info.attributes,
-        ...trailer.attributes,
-      };
-      textBuffer.controller.close();
-      this.textStreamControllers.delete(trailer.streamId);
+      if (textBuffer.info.encryptionType !== encryptionType) {
+        textBuffer.controller.error(
+          new DataStreamError(
+            `Encryption type mismatch for stream ${trailer.streamId}. Expected ${encryptionType}, got ${textBuffer.info.encryptionType}`,
+            DataStreamErrorReason.EncryptionTypeMismatch,
+          ),
+        );
+      } else {
+        textBuffer.info.attributes = { ...textBuffer.info.attributes, ...trailer.attributes };
+        textBuffer.controller.close();
+        this.textStreamControllers.delete(trailer.streamId);
+      }
     }
 
     const fileBuffer = this.byteStreamControllers.get(trailer.streamId);
     if (fileBuffer) {
-      {
+      if (fileBuffer.info.encryptionType !== encryptionType) {
+        fileBuffer.controller.error(
+          new DataStreamError(
+            `Encryption type mismatch for stream ${trailer.streamId}. Expected ${encryptionType}, got ${fileBuffer.info.encryptionType}`,
+            DataStreamErrorReason.EncryptionTypeMismatch,
+          ),
+        );
+      } else {
         fileBuffer.info.attributes = { ...fileBuffer.info.attributes, ...trailer.attributes };
         fileBuffer.controller.close();
-        this.byteStreamControllers.delete(trailer.streamId);
       }
+      this.byteStreamControllers.delete(trailer.streamId);
     }
   }
 }

package/src/room/data-stream/outgoing/OutgoingDataStreamManager.ts

@@ -8,6 +8,7 @@ import {
   DataStream_OperationType,
   DataStream_TextHeader,
   DataStream_Trailer,
+  Encryption_Type,
 } from '@livekit/protocol';
 import { type StructuredLogger } from '../../../logger';
 import type RTCEngine from '../../RTCEngine';
@@ -104,6 +105,9 @@ export default class OutgoingDataStreamManager {
       topic: options?.topic ?? '',
       size: options?.totalSize,
       attributes: options?.attributes,
+      encryptionType: this.engine.e2eeManager?.isDataChannelEncryptionEnabled
+        ? Encryption_Type.GCM
+        : Encryption_Type.NONE,
     };
     const header = new DataStream_Header({
       streamId,
@@ -231,6 +235,9 @@ export default class OutgoingDataStreamManager {
       attributes: options?.attributes,
       size: options?.totalSize,
       name: options?.name ?? 'unknown',
+      encryptionType: this.engine.e2eeManager?.isDataChannelEncryptionEnabled
+        ? Encryption_Type.GCM
+        : Encryption_Type.NONE,
     };
 
     const header = new DataStream_Header({

package/src/room/errors.ts

@@ -130,6 +130,9 @@ export enum DataStreamErrorReason {
 
   // Unable to register a stream handler more than once.
   HandlerAlreadyRegistered = 7,
+
+  // Encryption type mismatch.
+  EncryptionTypeMismatch = 8,
 }
 
 export class DataStreamError extends LivekitError {

package/src/room/participant/LocalParticipant.ts

@@ -1634,16 +1634,18 @@ export default class LocalParticipant extends Participant {
     const destinationIdentities = options.destinationIdentities;
     const topic = options.topic;
 
+    let userPacket = new UserPacket({
+      participantIdentity: this.identity,
+      payload: data,
+      destinationIdentities,
+      topic,
+    });
+
     const packet = new DataPacket({
       kind: kind,
       value: {
         case: 'user',
-        value: new UserPacket({
-          participantIdentity: this.identity,
-          payload: data,
-          destinationIdentities,
-          topic,
-        }),
+        value: userPacket,
       },
     });
 

package/src/room/participant/Participant.ts

@@ -1,5 +1,6 @@
 import {
   DataPacket_Kind,
+  Encryption_Type,
   ParticipantInfo,
   ParticipantInfo_State,
   ParticipantInfo_Kind as ParticipantKind,
@@ -408,7 +409,11 @@ export type ParticipantEventCallbacks = {
   localSenderCreated: (sender: RTCRtpSender, track: Track) => void;
   participantMetadataChanged: (prevMetadata: string | undefined, participant?: any) => void;
   participantNameChanged: (name: string) => void;
-  dataReceived: (payload: Uint8Array, kind: DataPacket_Kind) => void;
+  dataReceived: (
+    payload: Uint8Array,
+    kind: DataPacket_Kind,
+    encryptionType?: Encryption_Type,
+  ) => void;
   sipDTMFReceived: (dtmf: SipDTMF) => void;
   transcriptionReceived: (
     transcription: TranscriptionSegment[],