npm - livekit-client - Versions diffs - 2.5.8 → 2.5.9 - Mend

livekit-client 2.5.8 → 2.5.9

Files changed (20) hide show

package/dist/livekit-client.e2ee.worker.js +1 -1
package/dist/livekit-client.e2ee.worker.js.map +1 -1
package/dist/livekit-client.e2ee.worker.mjs +49 -20
package/dist/livekit-client.e2ee.worker.mjs.map +1 -1
package/dist/livekit-client.esm.mjs +2 -2
package/dist/livekit-client.esm.mjs.map +1 -1
package/dist/livekit-client.umd.js +1 -1
package/dist/livekit-client.umd.js.map +1 -1
package/dist/src/e2ee/worker/FrameCryptor.d.ts.map +1 -1
package/dist/src/e2ee/worker/ParticipantKeyHandler.d.ts +25 -5
package/dist/src/e2ee/worker/ParticipantKeyHandler.d.ts.map +1 -1
package/dist/src/room/participant/LocalParticipant.d.ts.map +1 -1
package/dist/ts4.2/src/e2ee/worker/ParticipantKeyHandler.d.ts +25 -5
package/package.json +2 -2
package/src/e2ee/worker/FrameCryptor.test.ts +311 -113
package/src/e2ee/worker/FrameCryptor.ts +10 -5
package/src/e2ee/worker/ParticipantKeyHandler.test.ts +169 -5
package/src/e2ee/worker/ParticipantKeyHandler.ts +50 -20
package/src/e2ee/worker/__snapshots__/ParticipantKeyHandler.test.ts.snap +356 -0
package/src/room/participant/LocalParticipant.ts +4 -1

package/dist/livekit-client.e2ee.worker.mjs CHANGED Viewed

@@ -5941,10 +5941,14 @@ class FrameCryptor extends BaseFrameCryptor {
       }
       const data = new Uint8Array(encodedFrame.data);
       const keyIndex = data[encodedFrame.data.byteLength - 1];
-      if (this.keys.getKeySet(keyIndex) && this.keys.hasValidKey) {
+      if (this.keys.hasInvalidKeyAtIndex(keyIndex)) {
+        // drop frame
+        return;
+      }
+      if (this.keys.getKeySet(keyIndex)) {
         try {
           const decodedFrame = yield this.decryptFrame(encodedFrame, keyIndex);
-          this.keys.decryptionSuccess();
+          this.keys.decryptionSuccess(keyIndex);
           if (decodedFrame) {
             return controller.enqueue(decodedFrame);
           }
@@ -5953,7 +5957,7 @@ class FrameCryptor extends BaseFrameCryptor {
             // emit an error if the key handler thinks we have a valid key
             if (this.keys.hasValidKey) {
               this.emit(CryptorEvent.Error, error);
-              this.keys.decryptionFailure();
+              this.keys.decryptionFailure(keyIndex);
             }
           } else {
             workerLogger.warn('decoding frame failed', {
@@ -5961,11 +5965,11 @@ class FrameCryptor extends BaseFrameCryptor {
             });
           }
         }
-      } else if (!this.keys.getKeySet(keyIndex) && this.keys.hasValidKey) {
+      } else {
         // emit an error if the key index is out of bounds but the key handler thinks we still have a valid key
         workerLogger.warn("skipping decryption due to missing key at index ".concat(keyIndex));
         this.emit(CryptorEvent.Error, new CryptorError("missing key at index ".concat(keyIndex, " for participant ").concat(this.participantIdentity), CryptorErrorReason.MissingKey, this.participantIdentity));
-        this.keys.decryptionFailure();
+        this.keys.decryptionFailure(keyIndex);
       }
     });
   }
@@ -6259,43 +6263,68 @@ function isFrameServerInjected(frameData, trailerBytes) {
  *
  */
 class ParticipantKeyHandler extends eventsExports.EventEmitter {
+  /**
+   * true if the current key has not been marked as invalid
+   */
   get hasValidKey() {
-    return this._hasValidKey;
+    return !this.hasInvalidKeyAtIndex(this.currentKeyIndex);
   }
   constructor(participantIdentity, keyProviderOptions) {
     super();
-    this.decryptionFailureCount = 0;
-    this._hasValidKey = true;
     this.currentKeyIndex = 0;
     if (keyProviderOptions.keyringSize < 1 || keyProviderOptions.keyringSize > 256) {
       throw new TypeError('Keyring size needs to be between 1 and 256');
     }
     this.cryptoKeyRing = new Array(keyProviderOptions.keyringSize).fill(undefined);
+    this.decryptionFailureCounts = new Array(keyProviderOptions.keyringSize).fill(0);
     this.keyProviderOptions = keyProviderOptions;
     this.ratchetPromiseMap = new Map();
     this.participantIdentity = participantIdentity;
-    this.resetKeyStatus();
   }
+  /**
+   * Returns true if the key at the given index is marked as invalid.
+   *
+   * @param keyIndex the index of the key
+   */
+  hasInvalidKeyAtIndex(keyIndex) {
+    return this.keyProviderOptions.failureTolerance >= 0 && this.decryptionFailureCounts[keyIndex] > this.keyProviderOptions.failureTolerance;
+  }
+  /**
+   * Informs the key handler that a decryption failure occurred for an encryption key.
+   * @internal
+   * @param keyIndex the key index for which the failure occurred. Defaults to the current key index.
+   */
   decryptionFailure() {
+    let keyIndex = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : this.currentKeyIndex;
     if (this.keyProviderOptions.failureTolerance < 0) {
       return;
     }
-    this.decryptionFailureCount += 1;
-    if (this.decryptionFailureCount > this.keyProviderOptions.failureTolerance) {
-      workerLogger.warn("key for ".concat(this.participantIdentity, " is being marked as invalid"));
-      this._hasValidKey = false;
+    this.decryptionFailureCounts[keyIndex] += 1;
+    if (this.decryptionFailureCounts[keyIndex] > this.keyProviderOptions.failureTolerance) {
+      workerLogger.warn("key for ".concat(this.participantIdentity, " at index ").concat(keyIndex, " is being marked as invalid"));
     }
   }
+  /**
+   * Informs the key handler that a frame was successfully decrypted using an encryption key.
+   * @internal
+   * @param keyIndex the key index for which the success occurred. Defaults to the current key index.
+   */
   decryptionSuccess() {
-    this.resetKeyStatus();
+    let keyIndex = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : this.currentKeyIndex;
+    this.resetKeyStatus(keyIndex);
   }
   /**
    * Call this after user initiated ratchet or a new key has been set in order to make sure to mark potentially
    * invalid keys as valid again
+   *
+   * @param keyIndex the index of the key. Defaults to the current key index.
    */
-  resetKeyStatus() {
-    this.decryptionFailureCount = 0;
-    this._hasValidKey = true;
+  resetKeyStatus(keyIndex) {
+    if (keyIndex === undefined) {
+      this.decryptionFailureCounts.fill(0);
+    } else {
+      this.decryptionFailureCounts[keyIndex] = 0;
+    }
   }
   /**
    * Ratchets the current key (or the one at keyIndex if provided) and
@@ -6320,7 +6349,7 @@ class ParticipantKeyHandler extends eventsExports.EventEmitter {
         const currentMaterial = keySet.material;
         const newMaterial = yield importKey(yield ratchet(currentMaterial, this.keyProviderOptions.ratchetSalt), currentMaterial.algorithm.name, 'derive');
         if (setKey) {
-          this.setKeyFromMaterial(newMaterial, currentKeyIndex, true);
+          yield this.setKeyFromMaterial(newMaterial, currentKeyIndex, true);
           this.emit(KeyHandlerEvent.KeyRatcheted, newMaterial, this.participantIdentity, currentKeyIndex);
         }
         resolve(newMaterial);
@@ -6345,7 +6374,7 @@ class ParticipantKeyHandler extends eventsExports.EventEmitter {
       let keyIndex = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : 0;
       return function* () {
         yield _this.setKeyFromMaterial(material, keyIndex);
-        _this.resetKeyStatus();
+        _this.resetKeyStatus(keyIndex);
       }();
     });
   }
@@ -6382,7 +6411,7 @@ class ParticipantKeyHandler extends eventsExports.EventEmitter {
   setCurrentKeyIndex(index) {
     return __awaiter(this, void 0, void 0, function* () {
       this.currentKeyIndex = index % this.cryptoKeyRing.length;
-      this.resetKeyStatus();
+      this.resetKeyStatus(index);
     });
   }
   getCurrentKeyIndex() {