From 1c5389f0cd5952f17f77540aa74917c93fe2e529 Mon Sep 17 00:00:00 2001
From: cloudwebrtc <duanweiwei1982@gmail.com>
Date: Thu, 4 Apr 2024 10:48:09 +0800
Subject: [PATCH] add discard_frame_when_cryptor_not_ready to
 KeyProviderOptions.

---
 api/crypto/frame_crypto_transformer.cc        |  8 ++++++--
 api/crypto/frame_crypto_transformer.h         | 14 ++++++++-----
 .../api/org/webrtc/FrameCryptorFactory.java   |  6 +++---
 sdk/android/src/jni/pc/frame_cryptor.cc       |  4 +++-
 .../RTCFrameCryptorKeyProvider.h              |  8 ++++++++
 .../RTCFrameCryptorKeyProvider.mm             | 20 ++++++++++++++++++-
 6 files changed, 48 insertions(+), 12 deletions(-)

diff --git a/api/crypto/frame_crypto_transformer.cc b/api/crypto/frame_crypto_transformer.cc
index c53b3eba2b..9ec8452077 100644
--- a/api/crypto/frame_crypto_transformer.cc
+++ b/api/crypto/frame_crypto_transformer.cc
@@ -386,7 +386,9 @@ void FrameCryptorTransformer::encryptFrame(
   if (date_in.size() == 0 || !enabled_cryption) {
     RTC_LOG(LS_WARNING) << "FrameCryptorTransformer::encryptFrame() "
                            "date_in.size() == 0 || enabled_cryption == false";
-    sink_callback->OnTransformedFrame(std::move(frame));
+    if(!key_provider_->options().discard_frame_when_cryptor_not_ready) {
+      sink_callback->OnTransformedFrame(std::move(frame));
+    }
     return;
   }
 
@@ -494,7 +496,9 @@ void FrameCryptorTransformer::decryptFrame(
   if (date_in.size() == 0 || !enabled_cryption) {
     RTC_LOG(LS_WARNING) << "FrameCryptorTransformer::decryptFrame() "
                            "date_in.size() == 0 || enabled_cryption == false";
-    sink_callback->OnTransformedFrame(std::move(frame));
+    if(!key_provider_->options().discard_frame_when_cryptor_not_ready) {
+      sink_callback->OnTransformedFrame(std::move(frame));
+    }
     return;
   }
 
diff --git a/api/crypto/frame_crypto_transformer.h b/api/crypto/frame_crypto_transformer.h
index e80a53d250..9689ec1593 100644
--- a/api/crypto/frame_crypto_transformer.h
+++ b/api/crypto/frame_crypto_transformer.h
@@ -34,7 +34,8 @@ int DerivePBKDF2KeyFromRawKey(const std::vector<uint8_t> raw_key,
 
 namespace webrtc {
 
-const size_t KEYRING_SIZE = 16;
+const size_t DEFAULT_KEYRING_SIZE = 16;
+const size_t MAX_KEYRING_SIZE = 255;
 
 class ParticipantKeyHandler;
 
@@ -46,11 +47,13 @@ struct KeyProviderOptions {
   int failure_tolerance;
   // key ring size should be between 1 and 255
   int key_ring_size;
+  bool discard_frame_when_cryptor_not_ready;
   KeyProviderOptions()
       : shared_key(false),
       ratchet_window_size(0),
       failure_tolerance(-1),
-      key_ring_size(KEYRING_SIZE) {}
+      key_ring_size(DEFAULT_KEYRING_SIZE),
+      discard_frame_when_cryptor_not_ready(false) {}
   KeyProviderOptions(KeyProviderOptions& copy)
       : shared_key(copy.shared_key),
         ratchet_salt(copy.ratchet_salt),
@@ -107,9 +110,10 @@ class ParticipantKeyHandler : public rtc::RefCountInterface {
       : key_provider_(key_provider) {
     int key_ring_size = key_provider_->options().key_ring_size;
     if(key_ring_size <= 0) {
-      key_ring_size = KEYRING_SIZE;
-    } else if (key_ring_size >= 255) {
-      key_ring_size = 255;
+      key_ring_size = DEFAULT_KEYRING_SIZE;
+    } else if (key_ring_size > (int)MAX_KEYRING_SIZE) {
+      // Keyring size needs to be between 1 and 256
+      key_ring_size = MAX_KEYRING_SIZE;
     }
     crypto_key_ring_.resize(key_ring_size);
   }
diff --git a/sdk/android/api/org/webrtc/FrameCryptorFactory.java b/sdk/android/api/org/webrtc/FrameCryptorFactory.java
index 1558110513..865a4b78bb 100644
--- a/sdk/android/api/org/webrtc/FrameCryptorFactory.java
+++ b/sdk/android/api/org/webrtc/FrameCryptorFactory.java
@@ -18,8 +18,8 @@
 
 public class FrameCryptorFactory {
   public static FrameCryptorKeyProvider createFrameCryptorKeyProvider(
-      boolean sharedKey, byte[] ratchetSalt, int ratchetWindowSize, byte[] uncryptedMagicBytes, int failureTolerance, int keyRingSize) {
-    return nativeCreateFrameCryptorKeyProvider(sharedKey, ratchetSalt, ratchetWindowSize, uncryptedMagicBytes, failureTolerance, keyRingSize);
+      boolean sharedKey, byte[] ratchetSalt, int ratchetWindowSize, byte[] uncryptedMagicBytes, int failureTolerance, int keyRingSize, boolean discardFrameWhenCryptorNotReady) {
+    return nativeCreateFrameCryptorKeyProvider(sharedKey, ratchetSalt, ratchetWindowSize, uncryptedMagicBytes, failureTolerance, keyRingSize, discardFrameWhenCryptorNotReady);
   }
 
   public static FrameCryptor createFrameCryptorForRtpSender(PeerConnectionFactory factory, RtpSender rtpSender,
@@ -40,5 +40,5 @@ private static native FrameCryptor nativeCreateFrameCryptorForRtpReceiver(long f
       long rtpReceiver, String participantId, int algorithm, long nativeFrameCryptorKeyProvider);
 
   private static native FrameCryptorKeyProvider nativeCreateFrameCryptorKeyProvider(
-      boolean sharedKey, byte[] ratchetSalt, int ratchetWindowSize, byte[] uncryptedMagicBytes, int failureTolerance, int keyRingSize);
+      boolean sharedKey, byte[] ratchetSalt, int ratchetWindowSize, byte[] uncryptedMagicBytes, int failureTolerance, int keyRingSize, boolean discardFrameWhenCryptorNotReady);
 }
diff --git a/sdk/android/src/jni/pc/frame_cryptor.cc b/sdk/android/src/jni/pc/frame_cryptor.cc
index 8aae566a28..af2fd8f2b0 100644
--- a/sdk/android/src/jni/pc/frame_cryptor.cc
+++ b/sdk/android/src/jni/pc/frame_cryptor.cc
@@ -180,7 +180,8 @@ JNI_FrameCryptorFactory_CreateFrameCryptorKeyProvider(
     jint j_ratchetWindowSize,
     const base::android::JavaParamRef<jbyteArray>& j_uncryptedMagicBytes,
     jint j_failureTolerance,
-    jint j_keyRingSize) {
+    jint j_keyRingSize,
+    jboolean j_discardFrameWhenCryptorNotReady) {
   auto ratchetSalt = JavaToNativeByteArray(env, j_ratchetSalt);
   KeyProviderOptions options;
   options.ratchet_salt =
@@ -192,6 +193,7 @@ JNI_FrameCryptorFactory_CreateFrameCryptorKeyProvider(
   options.shared_key = j_shared;
   options.failure_tolerance = j_failureTolerance;
   options.key_ring_size = j_keyRingSize;
+  options.discard_frame_when_cryptor_not_ready = j_discardFrameWhenCryptorNotReady;
   return NativeToJavaFrameCryptorKeyProvider(
       env, rtc::make_ref_counted<webrtc::DefaultKeyProviderImpl>(options));
 }
diff --git a/sdk/objc/api/peerconnection/RTCFrameCryptorKeyProvider.h b/sdk/objc/api/peerconnection/RTCFrameCryptorKeyProvider.h
index c8e5e445c0..6443b23349 100644
--- a/sdk/objc/api/peerconnection/RTCFrameCryptorKeyProvider.h
+++ b/sdk/objc/api/peerconnection/RTCFrameCryptorKeyProvider.h
@@ -49,6 +49,14 @@ RTC_OBJC_EXPORT
                    failureTolerance:(int)failureTolerance
                         keyRingSize:(int)keyRingSize;
 
+- (instancetype)initWithRatchetSalt:(NSData *)salt
+                  ratchetWindowSize:(int)windowSize
+                      sharedKeyMode:(BOOL)sharedKey
+                uncryptedMagicBytes:(nullable NSData *)uncryptedMagicBytes
+                   failureTolerance:(int)failureTolerance
+                        keyRingSize:(int)keyRingSize
+    discardFrameWhenCryptorNotReady:(BOOL)discardFrameWhenCryptorNotReady;    
+
 @end
 
 NS_ASSUME_NONNULL_END
diff --git a/sdk/objc/api/peerconnection/RTCFrameCryptorKeyProvider.mm b/sdk/objc/api/peerconnection/RTCFrameCryptorKeyProvider.mm
index 97612916f3..88bebfcd9d 100644
--- a/sdk/objc/api/peerconnection/RTCFrameCryptorKeyProvider.mm
+++ b/sdk/objc/api/peerconnection/RTCFrameCryptorKeyProvider.mm
@@ -38,7 +38,8 @@ - (instancetype)initWithRatchetSalt:(NSData *)salt
                   ratchetWindowSize:windowSize
                       sharedKeyMode:sharedKey
                 uncryptedMagicBytes:uncryptedMagicBytes
-                   failureTolerance:-1];
+                   failureTolerance:-1
+                   keyRingSize:webrtc::DEFAULT_KEYRING_SIZE];
 }
 
 - (instancetype)initWithRatchetSalt:(NSData *)salt
@@ -47,6 +48,22 @@ - (instancetype)initWithRatchetSalt:(NSData *)salt
                 uncryptedMagicBytes:(nullable NSData *)uncryptedMagicBytes
                    failureTolerance:(int)failureTolerance
                         keyRingSize:(int)keyRingSize {
+  return [self initWithRatchetSalt:salt
+                  ratchetWindowSize:windowSize
+                      sharedKeyMode:sharedKey
+                uncryptedMagicBytes:uncryptedMagicBytes
+                   failureTolerance:-1
+                   keyRingSize:keyRingSize
+                   discardFrameWhenCryptorNotReady:false];
+}
+
+- (instancetype)initWithRatchetSalt:(NSData *)salt
+                  ratchetWindowSize:(int)windowSize
+                      sharedKeyMode:(BOOL)sharedKey
+                uncryptedMagicBytes:(nullable NSData *)uncryptedMagicBytes
+                   failureTolerance:(int)failureTolerance
+                        keyRingSize:(int)keyRingSize
+    discardFrameWhenCryptorNotReady:(BOOL)discardFrameWhenCryptorNotReady {
   if (self = [super init]) {
     webrtc::KeyProviderOptions options;
     options.ratchet_salt = std::vector<uint8_t>((const uint8_t *)salt.bytes,
@@ -55,6 +72,7 @@ - (instancetype)initWithRatchetSalt:(NSData *)salt
     options.shared_key = sharedKey;
     options.failure_tolerance = failureTolerance;
     options.key_ring_size = keyRingSize;
+    options.discard_frame_when_cryptor_not_ready = discardFrameWhenCryptorNotReady;
     if(uncryptedMagicBytes != nil) {
       options.uncrypted_magic_bytes = std::vector<uint8_t>((const uint8_t *)uncryptedMagicBytes.bytes,
                                                           ((const uint8_t *)uncryptedMagicBytes.bytes) + uncryptedMagicBytes.length);