Add key ring size to keyProviderOptions.

api/crypto/frame_crypto_transformer.cc

@@ -386,6 +386,9 @@ void FrameCryptorTransformer::encryptFrame(
   if (date_in.size() == 0 || !enabled_cryption) {
     RTC_LOG(LS_WARNING) << "FrameCryptorTransformer::encryptFrame() "
                            "date_in.size() == 0 || enabled_cryption == false";
+    if(key_provider_->options().discard_frame_when_cryptor_not_ready) {
+      return;
+    }
     sink_callback->OnTransformedFrame(std::move(frame));
     return;
   }
@@ -494,6 +497,10 @@ void FrameCryptorTransformer::decryptFrame(
   if (date_in.size() == 0 || !enabled_cryption) {
     RTC_LOG(LS_WARNING) << "FrameCryptorTransformer::decryptFrame() "
                            "date_in.size() == 0 || enabled_cryption == false";
+    if(key_provider_->options().discard_frame_when_cryptor_not_ready) {
+      return;
+    }
+
     sink_callback->OnTransformedFrame(std::move(frame));
     return;
   }
@@ -551,11 +558,11 @@ void FrameCryptorTransformer::decryptFrame(
                          ? key_provider_->GetSharedKey(participant_id_)
                          : key_provider_->GetKey(participant_id_);
 
-  if (key_index >= KEYRING_SIZE || key_handler == nullptr ||
+  if (0 > key_index || key_index >= key_provider_->options().key_ring_size || key_handler == nullptr ||
       key_handler->GetKeySet(key_index) == nullptr) {
     RTC_LOG(LS_INFO) << "FrameCryptorTransformer::decryptFrame() no keys, or "
                         "key_index["
-                     << key_index_ << "] out of range for participant "
+                     << key_index << "] out of range for participant "
                      << participant_id_;
     if (last_dec_error_ != FrameCryptionState::kMissingKey) {
       last_dec_error_ = FrameCryptionState::kMissingKey;

api/crypto/frame_crypto_transformer.h

@@ -34,7 +34,8 @@ int DerivePBKDF2KeyFromRawKey(const std::vector<uint8_t> raw_key,
 
 namespace webrtc {
 
-const size_t KEYRING_SIZE = 16;
+const size_t DEFAULT_KEYRING_SIZE = 16;
+const size_t MAX_KEYRING_SIZE = 255;
 
 class ParticipantKeyHandler;
 
@@ -44,14 +45,22 @@ struct KeyProviderOptions {
   std::vector<uint8_t> uncrypted_magic_bytes;
   int ratchet_window_size;
   int failure_tolerance;
+  // key ring size should be between 1 and 255
+  int key_ring_size;
+  bool discard_frame_when_cryptor_not_ready;
   KeyProviderOptions()
-      : shared_key(false), ratchet_window_size(0), failure_tolerance(-1) {}
+      : shared_key(false),
+      ratchet_window_size(0),
+      failure_tolerance(-1),
+      key_ring_size(DEFAULT_KEYRING_SIZE),
+      discard_frame_when_cryptor_not_ready(false) {}
   KeyProviderOptions(KeyProviderOptions& copy)
       : shared_key(copy.shared_key),
         ratchet_salt(copy.ratchet_salt),
         uncrypted_magic_bytes(copy.uncrypted_magic_bytes),
         ratchet_window_size(copy.ratchet_window_size),
-        failure_tolerance(copy.failure_tolerance) {}
+        failure_tolerance(copy.failure_tolerance),
+        key_ring_size(copy.key_ring_size) {}
 };
 
 class KeyProvider : public rtc::RefCountInterface {
@@ -99,7 +108,14 @@ class ParticipantKeyHandler : public rtc::RefCountInterface {
  public:
   ParticipantKeyHandler(KeyProvider* key_provider)
       : key_provider_(key_provider) {
-    crypto_key_ring_.resize(KEYRING_SIZE);
+    int key_ring_size = key_provider_->options().key_ring_size;
+    if(key_ring_size <= 0) {
+      key_ring_size = DEFAULT_KEYRING_SIZE;
+    } else if (key_ring_size > (int)MAX_KEYRING_SIZE) {
+      // Keyring size needs to be between 1 and 256
+      key_ring_size = MAX_KEYRING_SIZE;
+    }
+    crypto_key_ring_.resize(key_ring_size);
   }
 
   virtual ~ParticipantKeyHandler() = default;

sdk/android/api/org/webrtc/FrameCryptorFactory.java

@@ -18,8 +18,8 @@
 
 public class FrameCryptorFactory {
   public static FrameCryptorKeyProvider createFrameCryptorKeyProvider(
-      boolean sharedKey, byte[] ratchetSalt, int ratchetWindowSize, byte[] uncryptedMagicBytes, int failureTolerance) {
-    return nativeCreateFrameCryptorKeyProvider(sharedKey, ratchetSalt, ratchetWindowSize, uncryptedMagicBytes, failureTolerance);
+      boolean sharedKey, byte[] ratchetSalt, int ratchetWindowSize, byte[] uncryptedMagicBytes, int failureTolerance, int keyRingSize, boolean discardFrameWhenCryptorNotReady) {
+    return nativeCreateFrameCryptorKeyProvider(sharedKey, ratchetSalt, ratchetWindowSize, uncryptedMagicBytes, failureTolerance, keyRingSize, discardFrameWhenCryptorNotReady);
   }
 
   public static FrameCryptor createFrameCryptorForRtpSender(PeerConnectionFactory factory, RtpSender rtpSender,
@@ -40,5 +40,5 @@ private static native FrameCryptor nativeCreateFrameCryptorForRtpReceiver(long f
       long rtpReceiver, String participantId, int algorithm, long nativeFrameCryptorKeyProvider);
 
   private static native FrameCryptorKeyProvider nativeCreateFrameCryptorKeyProvider(
-      boolean sharedKey, byte[] ratchetSalt, int ratchetWindowSize, byte[] uncryptedMagicBytes, int failureTolerance);
+      boolean sharedKey, byte[] ratchetSalt, int ratchetWindowSize, byte[] uncryptedMagicBytes, int failureTolerance, int keyRingSize, boolean discardFrameWhenCryptorNotReady);
 }

sdk/android/src/jni/pc/frame_cryptor.cc

@@ -179,18 +179,21 @@ JNI_FrameCryptorFactory_CreateFrameCryptorKeyProvider(
     const base::android::JavaParamRef<jbyteArray>& j_ratchetSalt,
     jint j_ratchetWindowSize,
     const base::android::JavaParamRef<jbyteArray>& j_uncryptedMagicBytes,
-    jint j_failureTolerance) {
+    jint j_failureTolerance,
+    jint j_keyRingSize,
+    jboolean j_discardFrameWhenCryptorNotReady) {
   auto ratchetSalt = JavaToNativeByteArray(env, j_ratchetSalt);
   KeyProviderOptions options;
   options.ratchet_salt =
       std::vector<uint8_t>(ratchetSalt.begin(), ratchetSalt.end());
   options.ratchet_window_size = j_ratchetWindowSize;
-
   auto uncryptedMagicBytes = JavaToNativeByteArray(env, j_uncryptedMagicBytes);
   options.uncrypted_magic_bytes =
       std::vector<uint8_t>(uncryptedMagicBytes.begin(), uncryptedMagicBytes.end());
   options.shared_key = j_shared;
-    options.failure_tolerance = j_failureTolerance;
+  options.failure_tolerance = j_failureTolerance;
+  options.key_ring_size = j_keyRingSize;
+  options.discard_frame_when_cryptor_not_ready = j_discardFrameWhenCryptorNotReady;
   return NativeToJavaFrameCryptorKeyProvider(
       env, rtc::make_ref_counted<webrtc::DefaultKeyProviderImpl>(options));
 }

sdk/objc/api/peerconnection/RTCFrameCryptorKeyProvider.h

@@ -46,7 +46,16 @@ RTC_OBJC_EXPORT
                   ratchetWindowSize:(int)windowSize
                       sharedKeyMode:(BOOL)sharedKey
                 uncryptedMagicBytes:(nullable NSData *)uncryptedMagicBytes
-                   failureTolerance:(int)failureTolerance;
+                   failureTolerance:(int)failureTolerance
+                        keyRingSize:(int)keyRingSize;
+
+- (instancetype)initWithRatchetSalt:(NSData *)salt
+                  ratchetWindowSize:(int)windowSize
+                      sharedKeyMode:(BOOL)sharedKey
+                uncryptedMagicBytes:(nullable NSData *)uncryptedMagicBytes
+                   failureTolerance:(int)failureTolerance
+                        keyRingSize:(int)keyRingSize
+    discardFrameWhenCryptorNotReady:(BOOL)discardFrameWhenCryptorNotReady;    
 
 @end
 

sdk/objc/api/peerconnection/RTCFrameCryptorKeyProvider.mm

@@ -38,21 +38,41 @@ - (instancetype)initWithRatchetSalt:(NSData *)salt
                   ratchetWindowSize:windowSize
                       sharedKeyMode:sharedKey
                 uncryptedMagicBytes:uncryptedMagicBytes
-                   failureTolerance:-1];
+                   failureTolerance:-1
+                   keyRingSize:webrtc::DEFAULT_KEYRING_SIZE];
 }
 
 - (instancetype)initWithRatchetSalt:(NSData *)salt
                   ratchetWindowSize:(int)windowSize
                       sharedKeyMode:(BOOL)sharedKey
                 uncryptedMagicBytes:(nullable NSData *)uncryptedMagicBytes
-                   failureTolerance:(int)failureTolerance {
+                   failureTolerance:(int)failureTolerance
+                        keyRingSize:(int)keyRingSize {
+  return [self initWithRatchetSalt:salt
+                  ratchetWindowSize:windowSize
+                      sharedKeyMode:sharedKey
+                uncryptedMagicBytes:uncryptedMagicBytes
+                   failureTolerance:-1
+                   keyRingSize:keyRingSize
+                   discardFrameWhenCryptorNotReady:false];
+}
+
+- (instancetype)initWithRatchetSalt:(NSData *)salt
+                  ratchetWindowSize:(int)windowSize
+                      sharedKeyMode:(BOOL)sharedKey
+                uncryptedMagicBytes:(nullable NSData *)uncryptedMagicBytes
+                   failureTolerance:(int)failureTolerance
+                        keyRingSize:(int)keyRingSize
+    discardFrameWhenCryptorNotReady:(BOOL)discardFrameWhenCryptorNotReady {
   if (self = [super init]) {
     webrtc::KeyProviderOptions options;
     options.ratchet_salt = std::vector<uint8_t>((const uint8_t *)salt.bytes,
                                                 ((const uint8_t *)salt.bytes) + salt.length);
     options.ratchet_window_size = windowSize;
     options.shared_key = sharedKey;
     options.failure_tolerance = failureTolerance;
+    options.key_ring_size = keyRingSize;
+    options.discard_frame_when_cryptor_not_ready = discardFrameWhenCryptorNotReady;
     if(uncryptedMagicBytes != nil) {
       options.uncrypted_magic_bytes = std::vector<uint8_t>((const uint8_t *)uncryptedMagicBytes.bytes,
                                                           ((const uint8_t *)uncryptedMagicBytes.bytes) + uncryptedMagicBytes.length);