npm - livekit-client - Versions diffs - 2.5.8 → 2.5.9 - Mend

livekit-client 2.5.8 → 2.5.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (20) hide show

package/dist/livekit-client.e2ee.worker.js +1 -1
package/dist/livekit-client.e2ee.worker.js.map +1 -1
package/dist/livekit-client.e2ee.worker.mjs +49 -20
package/dist/livekit-client.e2ee.worker.mjs.map +1 -1
package/dist/livekit-client.esm.mjs +2 -2
package/dist/livekit-client.esm.mjs.map +1 -1
package/dist/livekit-client.umd.js +1 -1
package/dist/livekit-client.umd.js.map +1 -1
package/dist/src/e2ee/worker/FrameCryptor.d.ts.map +1 -1
package/dist/src/e2ee/worker/ParticipantKeyHandler.d.ts +25 -5
package/dist/src/e2ee/worker/ParticipantKeyHandler.d.ts.map +1 -1
package/dist/src/room/participant/LocalParticipant.d.ts.map +1 -1
package/dist/ts4.2/src/e2ee/worker/ParticipantKeyHandler.d.ts +25 -5
package/package.json +2 -2
package/src/e2ee/worker/FrameCryptor.test.ts +311 -113
package/src/e2ee/worker/FrameCryptor.ts +10 -5
package/src/e2ee/worker/ParticipantKeyHandler.test.ts +169 -5
package/src/e2ee/worker/ParticipantKeyHandler.ts +50 -20
package/src/e2ee/worker/__snapshots__/ParticipantKeyHandler.test.ts.snap +356 -0
package/src/room/participant/LocalParticipant.ts +4 -1

package/dist/livekit-client.e2ee.worker.mjs CHANGED Viewed

@@ -5941,10 +5941,14 @@ class FrameCryptor extends BaseFrameCryptor {
       }
       const data = new Uint8Array(encodedFrame.data);
       const keyIndex = data[encodedFrame.data.byteLength - 1];
-      if (this.keys.getKeySet(keyIndex) && this.keys.hasValidKey) {
+      if (this.keys.hasInvalidKeyAtIndex(keyIndex)) {
+        // drop frame
+        return;
+      }
+      if (this.keys.getKeySet(keyIndex)) {
         try {
           const decodedFrame = yield this.decryptFrame(encodedFrame, keyIndex);
-          this.keys.decryptionSuccess();
+          this.keys.decryptionSuccess(keyIndex);
           if (decodedFrame) {
             return controller.enqueue(decodedFrame);
           }
@@ -5953,7 +5957,7 @@ class FrameCryptor extends BaseFrameCryptor {
             // emit an error if the key handler thinks we have a valid key
             if (this.keys.hasValidKey) {
               this.emit(CryptorEvent.Error, error);
-              this.keys.decryptionFailure();
+              this.keys.decryptionFailure(keyIndex);
             }
           } else {
             workerLogger.warn('decoding frame failed', {
@@ -5961,11 +5965,11 @@ class FrameCryptor extends BaseFrameCryptor {
             });
           }
         }
-      } else if (!this.keys.getKeySet(keyIndex) && this.keys.hasValidKey) {
+      } else {
         // emit an error if the key index is out of bounds but the key handler thinks we still have a valid key
         workerLogger.warn("skipping decryption due to missing key at index ".concat(keyIndex));
         this.emit(CryptorEvent.Error, new CryptorError("missing key at index ".concat(keyIndex, " for participant ").concat(this.participantIdentity), CryptorErrorReason.MissingKey, this.participantIdentity));
-        this.keys.decryptionFailure();
+        this.keys.decryptionFailure(keyIndex);
       }
     });
   }
@@ -6259,43 +6263,68 @@ function isFrameServerInjected(frameData, trailerBytes) {
  *
  */
 class ParticipantKeyHandler extends eventsExports.EventEmitter {
+  /**
+   * true if the current key has not been marked as invalid
+   */
   get hasValidKey() {
-    return this._hasValidKey;
+    return !this.hasInvalidKeyAtIndex(this.currentKeyIndex);
   }
   constructor(participantIdentity, keyProviderOptions) {
     super();
-    this.decryptionFailureCount = 0;
-    this._hasValidKey = true;
     this.currentKeyIndex = 0;
     if (keyProviderOptions.keyringSize < 1 || keyProviderOptions.keyringSize > 256) {
       throw new TypeError('Keyring size needs to be between 1 and 256');
     }
     this.cryptoKeyRing = new Array(keyProviderOptions.keyringSize).fill(undefined);
+    this.decryptionFailureCounts = new Array(keyProviderOptions.keyringSize).fill(0);
     this.keyProviderOptions = keyProviderOptions;
     this.ratchetPromiseMap = new Map();
     this.participantIdentity = participantIdentity;
-    this.resetKeyStatus();
   }
+  /**
+   * Returns true if the key at the given index is marked as invalid.
+   *
+   * @param keyIndex the index of the key
+   */
+  hasInvalidKeyAtIndex(keyIndex) {
+    return this.keyProviderOptions.failureTolerance >= 0 && this.decryptionFailureCounts[keyIndex] > this.keyProviderOptions.failureTolerance;
+  }
+  /**
+   * Informs the key handler that a decryption failure occurred for an encryption key.
+   * @internal
+   * @param keyIndex the key index for which the failure occurred. Defaults to the current key index.
+   */
   decryptionFailure() {
+    let keyIndex = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : this.currentKeyIndex;
     if (this.keyProviderOptions.failureTolerance < 0) {
       return;
     }
-    this.decryptionFailureCount += 1;
-    if (this.decryptionFailureCount > this.keyProviderOptions.failureTolerance) {
-      workerLogger.warn("key for ".concat(this.participantIdentity, " is being marked as invalid"));
-      this._hasValidKey = false;
+    this.decryptionFailureCounts[keyIndex] += 1;
+    if (this.decryptionFailureCounts[keyIndex] > this.keyProviderOptions.failureTolerance) {
+      workerLogger.warn("key for ".concat(this.participantIdentity, " at index ").concat(keyIndex, " is being marked as invalid"));
     }
   }
+  /**
+   * Informs the key handler that a frame was successfully decrypted using an encryption key.
+   * @internal
+   * @param keyIndex the key index for which the success occurred. Defaults to the current key index.
+   */
   decryptionSuccess() {
-    this.resetKeyStatus();
+    let keyIndex = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : this.currentKeyIndex;
+    this.resetKeyStatus(keyIndex);
   }
   /**
    * Call this after user initiated ratchet or a new key has been set in order to make sure to mark potentially
    * invalid keys as valid again
+   *
+   * @param keyIndex the index of the key. Defaults to the current key index.
    */
-  resetKeyStatus() {
-    this.decryptionFailureCount = 0;
-    this._hasValidKey = true;
+  resetKeyStatus(keyIndex) {
+    if (keyIndex === undefined) {
+      this.decryptionFailureCounts.fill(0);
+    } else {
+      this.decryptionFailureCounts[keyIndex] = 0;
+    }
   }
   /**
    * Ratchets the current key (or the one at keyIndex if provided) and
@@ -6320,7 +6349,7 @@ class ParticipantKeyHandler extends eventsExports.EventEmitter {
         const currentMaterial = keySet.material;
         const newMaterial = yield importKey(yield ratchet(currentMaterial, this.keyProviderOptions.ratchetSalt), currentMaterial.algorithm.name, 'derive');
         if (setKey) {
-          this.setKeyFromMaterial(newMaterial, currentKeyIndex, true);
+          yield this.setKeyFromMaterial(newMaterial, currentKeyIndex, true);
           this.emit(KeyHandlerEvent.KeyRatcheted, newMaterial, this.participantIdentity, currentKeyIndex);
         }
         resolve(newMaterial);
@@ -6345,7 +6374,7 @@ class ParticipantKeyHandler extends eventsExports.EventEmitter {
       let keyIndex = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : 0;
       return function* () {
         yield _this.setKeyFromMaterial(material, keyIndex);
-        _this.resetKeyStatus();
+        _this.resetKeyStatus(keyIndex);
       }();
     });
   }
@@ -6382,7 +6411,7 @@ class ParticipantKeyHandler extends eventsExports.EventEmitter {
   setCurrentKeyIndex(index) {
     return __awaiter(this, void 0, void 0, function* () {
       this.currentKeyIndex = index % this.cryptoKeyRing.length;
-      this.resetKeyStatus();
+      this.resetKeyStatus(index);
     });
   }
   getCurrentKeyIndex() {