feat: data track encryption (#401)

zurekz · Uriagat · web-flow · commit 05d2dd37c30e · 2026-03-31T16:13:13.000+02:00
* feat: crypto aes256gcm

* feat: dataTrac Encryptor

* fix: DataChannelMessageEncryptorV1

* fix: update aes256gcm to driver functions call

* fix: update serialization, make messagesSeq atomic and add sendData method to PeerConnection

---------

Co-authored-by: Jerzy Czarkowski &lt;jczarkowski@simplito.com&gt;
diff --git a/conanfile.txt b/conanfile.txt
@@ -3,7 +3,7 @@ poco/1.13.2
 pson/1.0.7
 openssl/[>=3.0 <3.1]
 gmp/6.2.1
-privmxdrvcrypto/1.0.2
+privmxdrvcrypto/1.0.3
 privmxdrvecc/1.0.2
 privmxdrvnet/1.0.3
 gtest/[^1.15.0]
diff --git a/crypto/base/include/privmx/crypto/Crypto.hpp b/crypto/base/include/privmx/crypto/Crypto.hpp
@@ -39,6 +39,8 @@ class Crypto
     static std::string aes256CbcPkcs7Decrypt(const std::string& data, const std::string& key, const std::string& iv);
     static std::string aes256CbcNoPadEncrypt(const std::string& data, const std::string& key, const std::string& iv);
     static std::string aes256CbcNoPadDecrypt(const std::string& data, const std::string& key, const std::string& iv);
+    static std::string aes256GcmEncrypt(const std::string& data, const std::string& key, const std::string& iv, const std::string& aad = "");
+    static std::string aes256GcmDecrypt(const std::string& data, const std::string& key, const std::string& iv, const std::string& aad = "");
     static std::string prf_tls12(const std::string& key, const std::string& seed, size_t length);
     static std::string pbkdf2(const std::string& password, const std::string& salt, size_t rounds, size_t length, const std::string& algorithm);
     static std::string kdf(size_t length, const std::string& key, const std::string& label);
@@ -127,6 +129,16 @@ inline std::string Crypto::aes256CbcNoPadDecrypt(const std::string& data, const
     return crypto_service->aes256CbcNoPadDecrypt(data, key, iv);
 }
 
+inline std::string Crypto::aes256GcmEncrypt(const std::string& data, const std::string& key, const std::string& iv, const std::string& aad) {
+    auto crypto_service = CryptoEnv::getEnv()->getCryptoService();
+    return crypto_service->aes256GcmEncrypt(data, key, iv, aad);
+}
+
+inline std::string Crypto::aes256GcmDecrypt(const std::string& data, const std::string& key, const std::string& iv, const std::string& aad) {
+    auto crypto_service = CryptoEnv::getEnv()->getCryptoService();
+    return crypto_service->aes256GcmDecrypt(data, key, iv, aad);
+}
+
 inline std::string Crypto::prf_tls12(const std::string& key, const std::string& seed, size_t length) {
     auto crypto_service = CryptoEnv::getEnv()->getCryptoService();
     return crypto_service->prf_tls12(key, seed, length);
diff --git a/crypto/base/include/privmx/crypto/CryptoService.hpp b/crypto/base/include/privmx/crypto/CryptoService.hpp
@@ -41,6 +41,8 @@ class CryptoService
     virtual std::string aes256CbcPkcs7Decrypt(const std::string& data, const std::string& key, const std::string& iv) const  = 0;
     virtual std::string aes256CbcNoPadEncrypt(const std::string& data, const std::string& key, const std::string& iv) const  = 0;
     virtual std::string aes256CbcNoPadDecrypt(const std::string& data, const std::string& key, const std::string& iv) const  = 0;
+    virtual std::string aes256GcmEncrypt(const std::string& data, const std::string& key, const std::string& iv, const std::string& aad) const = 0;
+    virtual std::string aes256GcmDecrypt(const std::string& data, const std::string& key, const std::string& iv, const std::string& aad) const = 0;
     virtual std::string prf_tls12(const std::string& key, const std::string& seed, size_t length) const  = 0;
     virtual std::string kdf(size_t length, const std::string& key, const std::string& label) const  = 0;
     virtual std::string generateIv(const std::string& key, Poco::Int32 idx) const  = 0;
diff --git a/crypto/driver/include/privmx/crypto/driver/CryptoService.hpp b/crypto/driver/include/privmx/crypto/driver/CryptoService.hpp
@@ -36,6 +36,8 @@ class CryptoService : public privmx::crypto::CryptoService
     virtual std::string aes256CbcPkcs7Decrypt(const std::string& data, const std::string& key, const std::string& iv) const override;
     virtual std::string aes256CbcNoPadEncrypt(const std::string& data, const std::string& key, const std::string& iv) const override;
     virtual std::string aes256CbcNoPadDecrypt(const std::string& data, const std::string& key, const std::string& iv) const override;
+    virtual std::string aes256GcmEncrypt(const std::string& data, const std::string& key, const std::string& iv, const std::string& aad) const override;
+    virtual std::string aes256GcmDecrypt(const std::string& data, const std::string& key, const std::string& iv, const std::string& aad) const override;
     virtual std::string prf_tls12(const std::string& key, const std::string& seed, size_t length) const override;
     virtual std::string kdf(size_t length, const std::string& key, const std::string& label) const override;
     virtual std::string generateIv(const std::string& key, Poco::Int32 idx) const override;
diff --git a/crypto/driver/src/CryptoService.cpp b/crypto/driver/src/CryptoService.cpp
@@ -199,6 +199,38 @@ string driverimpl::CryptoService::aes256CbcNoPadDecrypt(const string& data, cons
     return res;
 }
 
+std::string driverimpl::CryptoService::aes256GcmEncrypt(const std::string& data, const std::string& key, const std::string& iv, const std::string& aad) const {
+    char* out;
+    unsigned int outlen;
+    char* tag;
+    unsigned int taglen;
+    int status = privmxDrvCrypto_aeadEncrypt(key.data(), iv.data(), aad.data(), aad.size(), data.data(), data.size(), "AES-256-GCM", &out, &outlen, &tag, &taglen);
+    if (status != 0) {
+        throw PrivmxDriverCryptoException("aes256GcmEncrypt: " + to_string(status));
+    }
+    string out_str(out, outlen);
+    string tag_str(tag, taglen);
+    privmxDrvCrypto_freeMem(out);
+    privmxDrvCrypto_freeMem(tag);
+    return out_str+tag_str;
+}
+
+std::string driverimpl::CryptoService::aes256GcmDecrypt(const std::string& data, const std::string& key, const std::string& iv, const std::string& aad) const {
+    if(data.size() < 16) {
+        throw PrivmxDriverCryptoException("aes256GcmDecrypt: no tag");
+    }
+    std::string tag = data.substr(data.size()-16, 16); 
+    std::string dataWithoutTag = data.substr(0, data.size()-16);
+    char* out;
+    unsigned int outlen;
+    int status = privmxDrvCrypto_aeadDecrypt(key.data(), iv.data(), aad.data(), aad.size(), dataWithoutTag.data(), dataWithoutTag.size(), tag.data(), tag.size(), "AES-256-GCM", &out, &outlen);
+    if (status != 0) {
+        throw PrivmxDriverCryptoException("aes256GcmDecrypt: " + to_string(status));
+    }
+    string res(out, outlen);
+    privmxDrvCrypto_freeMem(out);
+    return res;
+}
 
 string driverimpl::CryptoService::prf_tls12(const string& key, const string& seed, size_t length) const {
     string a = seed;
diff --git a/endpoint/programs/stream_testing/single_video_receiver.cpp b/endpoint/programs/stream_testing/single_video_receiver.cpp
@@ -167,7 +167,7 @@ class OnTrackImpl : public stream::OnTrackInterface {
             auto audioData = std::dynamic_pointer_cast<stream::AudioData>(data);
         } else if(data->type == stream::DataType::PLAIN) {
             auto plainData = std::dynamic_pointer_cast<stream::PlainData>(data);
-            LOG_INFO("Recived plain data", plainData->data.stdString());
+            LOG_INFO("Recived plain data: ", plainData->data.stdString());
         } else {
             LOG_FATAL("DataType::UNKNOWN")
         }
diff --git a/endpoint/stream/stream/include_pub/privmx/endpoint/stream/StreamException.hpp b/endpoint/stream/stream/include_pub/privmx/endpoint/stream/StreamException.hpp
@@ -86,7 +86,13 @@ DECLARE_ENDPOINT_EXCEPTION(EndpointStreamException, CannotExtractStreamUpdatedEv
 DECLARE_ENDPOINT_EXCEPTION(EndpointStreamException, NullCallbackException, "Callback must not be null", 0x0024)
 DECLARE_ENDPOINT_EXCEPTION(EndpointStreamException, UnknownTypeException, "Unknown type encountered", 0x0025)
 DECLARE_ENDPOINT_EXCEPTION(EndpointStreamException, ThereCanBeOnlyOneDataTrackException, "There can be only one dataTrack per user in StreamRoom", 0x0026)
-DECLARE_ENDPOINT_EXCEPTION(EndpointStreamException, DataTrackNotInitialized, "Data track not initialized", 0x0027);
+DECLARE_ENDPOINT_EXCEPTION(EndpointStreamException, DataTrackNotInitializedException, "Data track not initialized", 0x0027);
+
+DECLARE_ENDPOINT_EXCEPTION(EndpointStreamException, NoStreamEncryptionKeyException, "No stream encryption key", 0x0028);
+DECLARE_ENDPOINT_EXCEPTION(EndpointStreamException, NoStreamDecryptionKeyException, "No stream decryption key", 0x0029);
+DECLARE_ENDPOINT_EXCEPTION(EndpointStreamException, InvalidEncryptionKeyIdLengthException, "Invalid encryption key id length", 0x002A);
+DECLARE_ENDPOINT_EXCEPTION(EndpointStreamException, InvalidMessageHeaderLengthException, "Invalid message header length", 0x002B);
+DECLARE_ENDPOINT_EXCEPTION(EndpointStreamException, UnsupportedMessageFormatVersionException, "Unsupported message format version length", 0x002C);
 } // stream
 } // endpoint
 } // privmx
diff --git a/endpoint/stream/webrtc/include/privmx/endpoint/stream/DataChannelImpl.hpp b/endpoint/stream/webrtc/include/privmx/endpoint/stream/DataChannelImpl.hpp
@@ -16,11 +16,11 @@ namespace stream {
 
 class DataChannelImpl {
 public:
-    inline DataChannelImpl(std::shared_ptr<OnTrackInterface> onTrackInterface, libwebrtc::scoped_refptr<libwebrtc::RTCDataChannel> dataChannel) :
+    inline DataChannelImpl(std::shared_ptr<OnTrackInterface> onTrackInterface, std::shared_ptr<DataChannelMessageEncryptorV1> messageEncryptor, libwebrtc::scoped_refptr<libwebrtc::RTCDataChannel> dataChannel) :
         _onTrackInterface(onTrackInterface), 
         _dataChannel(dataChannel), 
         _dataChannelObserver(std::make_shared<PmxDataChannelObserver>(
-            onTrackInterface, dataChannel->label().std_string()+":"+std::to_string(dataChannel->id())
+            onTrackInterface, messageEncryptor, dataChannel->label().std_string()+":"+std::to_string(dataChannel->id())
         )) 
     {
         _dataChannel->RegisterObserver(_dataChannelObserver.get());
diff --git a/endpoint/stream/webrtc/include/privmx/endpoint/stream/PeerConnectionManager.hpp b/endpoint/stream/webrtc/include/privmx/endpoint/stream/PeerConnectionManager.hpp
@@ -12,6 +12,7 @@ limitations under the License.
 #ifndef _PRIVMXLIB_ENDPOINT_WEBRTC_PEER_CONNECTIN_MANAGER_HPP_
 #define _PRIVMXLIB_ENDPOINT_WEBRTC_PEER_CONNECTIN_MANAGER_HPP_
 
+#include <atomic>
 #include <string>
 #include <memory>
 #include <libwebrtc.h>
@@ -20,6 +21,7 @@ limitations under the License.
 #include "privmx/endpoint/stream/DynamicTypes.hpp"
 #include "privmx/endpoint/stream/PmxPeerConnectionObserver.hpp"
 #include "privmx/endpoint/stream/PmxDataChannelObserver.hpp"
+#include "privmx/endpoint/stream/encryptors/dataChannel/DataChannelMessageEncryptorV1.hpp"
 #include <privmx/utils/ThreadSaveMap.hpp>
 
 namespace privmx {
@@ -56,9 +58,14 @@ struct PeerConnection {
     std::map<std::string, AudioTrackInfo> audioTracks;
     std::map<std::string, VideoTrackInfo> videoTracks;
     std::optional<DataChannelInfo> dataChannel;
+    std::shared_ptr<DataChannelMessageEncryptorV1> messageEncryptor;
+    std::atomic<uint64_t> messagesSeq {0};
 
     std::shared_mutex trackMutex;
+    std::vector<privmx::endpoint::stream::Key> cpp_keys;
     std::shared_ptr<privmx::webrtc::KeyStore> keys;
+
+    void sendData(const std::string& data);
 };
 
 struct JanusConnection {
diff --git a/endpoint/stream/webrtc/include/privmx/endpoint/stream/PmxDataChannelObserver.hpp b/endpoint/stream/webrtc/include/privmx/endpoint/stream/PmxDataChannelObserver.hpp
@@ -17,6 +17,7 @@ limitations under the License.
 #include <rtc_data_channel.h>
 #include "privmx/endpoint/stream/webrtc/Types.hpp"
 #include "privmx/endpoint/stream/webrtc/OnTrackInterface.hpp"
+#include "privmx/endpoint/stream/encryptors/dataChannel/DataChannelMessageEncryptorV1.hpp"
 #include <privmx/utils/ThreadSaveMap.hpp>
 #include <privmx/utils/Logger.hpp>
 
@@ -26,13 +27,14 @@ namespace stream {
 
 class PmxDataChannelObserver : public libwebrtc::RTCDataChannelObserver {
 public:
-    PmxDataChannelObserver(std::shared_ptr<OnTrackInterface> onTrackInterface, const std::string& dataChannelId);
+    PmxDataChannelObserver(std::shared_ptr<OnTrackInterface> onTrackInterface, std::shared_ptr<DataChannelMessageEncryptorV1> messageEncryptor, const std::string& dataChannelId);
     virtual void OnStateChange(libwebrtc::RTCDataChannelState state) override;
     virtual void OnMessage(const char* buffer, int length, bool binary) override;
     void updateOnTrackInterface(std::shared_ptr<OnTrackInterface> onTrackInterface);
 private:
     std::mutex _onTrackInterfaceMutex;
     std::shared_ptr<OnTrackInterface> _onTrackInterface;
+    std::shared_ptr<DataChannelMessageEncryptorV1> _messageEncryptor;
     std::string _dataChannelId;
 };
 
diff --git a/endpoint/stream/webrtc/include/privmx/endpoint/stream/PmxPeerConnectionObserver.hpp b/endpoint/stream/webrtc/include/privmx/endpoint/stream/PmxPeerConnectionObserver.hpp
@@ -35,7 +35,8 @@ class PmxPeerConnectionObserver : public libwebrtc::RTCPeerConnectionObserver {
         libwebrtc::scoped_refptr<libwebrtc::RTCPeerConnectionFactory> peerConnectionFactory,
         const std::string& streamRoomId, 
         std::shared_ptr<privmx::webrtc::KeyStore> keys, 
-        const privmx::webrtc::FrameCryptorOptions& options
+        const privmx::webrtc::FrameCryptorOptions& options,
+        std::shared_ptr<DataChannelMessageEncryptorV1> messageEncryptor
     );
     void OnSignalingState(libwebrtc::RTCSignalingState state) override;
     void OnPeerConnectionState(libwebrtc::RTCPeerConnectionState state) override;
@@ -64,6 +65,7 @@ class PmxPeerConnectionObserver : public libwebrtc::RTCPeerConnectionObserver {
     std::string _streamRoomId; 
     std::shared_ptr<privmx::webrtc::KeyStore> _currentKeys;
     privmx::webrtc::FrameCryptorOptions _options;
+    std::shared_ptr<DataChannelMessageEncryptorV1> _messageEncryptor;
 
     privmx::utils::ThreadSaveMap<std::string, std::shared_ptr<RTCVideoRendererImpl>> _RTCVideoRenderers;
     privmx::utils::ThreadSaveMap<std::string, std::shared_ptr<AudioTrackSinkImpl>> _audioTrackSinks;
diff --git a/endpoint/stream/webrtc/include/privmx/endpoint/stream/StreamApiImpl.hpp b/endpoint/stream/webrtc/include/privmx/endpoint/stream/StreamApiImpl.hpp
@@ -216,7 +216,7 @@ class StreamApiImpl {
             status(_status),
             sendData(_sendData)
         {}
-        std::string label;
+        std::string label = "JanusDataChannel";
         TrackStatus status;
         std::function<void(std::string)> sendData;
     };
diff --git a/endpoint/stream/webrtc/include/privmx/endpoint/stream/WebRTCImpl.hpp b/endpoint/stream/webrtc/include/privmx/endpoint/stream/WebRTCImpl.hpp
@@ -20,6 +20,7 @@ limitations under the License.
 #include "privmx/endpoint/stream/WebRTCInterface.hpp"
 #include "privmx/endpoint/stream/PeerConnectionManager.hpp"
 #include "privmx/endpoint/stream/webrtc/OnTrackInterface.hpp"
+#include "privmx/endpoint/stream/encryptors/dataChannel/DataChannelMessageEncryptorV1.hpp"
 #include <privmx/utils/ThreadSaveMap.hpp>
 #include <libwebrtc.h>
 #include <rtc_audio_device.h>
@@ -56,11 +57,11 @@ class WebRTCImpl : public WebRTCInterface
     void setFrameCryptorOptions(const std::string& streamRoomId, const privmx::webrtc::FrameCryptorOptions& frameCryptorOptions);
     void setOnTrackInterface(const std::string& streamRoomId, const std::optional<std::string>& streamId, std::shared_ptr<OnTrackInterface> onTrackInterface);
 
-    std::optional<libwebrtc::scoped_refptr<libwebrtc::RTCDataChannel>> createPeerConnectionWithLocalStream(
+    void createPeerConnectionWithLocalStream(
         const std::string& streamRoomId, 
         const std::vector<std::pair<std::string, libwebrtc::scoped_refptr<libwebrtc::RTCAudioTrack>>>& audioTracks,
         const std::vector<std::pair<std::string, libwebrtc::scoped_refptr<libwebrtc::RTCVideoTrack>>>& videoTracks,
-        const std::optional<std::string>& dataChannel
+        const std::optional<std::pair<std::string, std::function<void(std::string)>*>>& dataChannel
     );
 
     void updatePeerConnectionWithLocalStream(
@@ -69,14 +70,14 @@ class WebRTCImpl : public WebRTCInterface
         const std::vector<std::pair<std::string, libwebrtc::scoped_refptr<libwebrtc::RTCVideoTrack>>>& videoTracksToAdd,
         const std::vector<std::pair<std::string, libwebrtc::scoped_refptr<libwebrtc::RTCAudioTrack>>>& audioTracksToRemove,
         const std::vector<std::pair<std::string, libwebrtc::scoped_refptr<libwebrtc::RTCVideoTrack>>>& videoTracksToRemove,
-        const std::optional<std::string>& dataChannel
+        const std::optional<std::pair<std::string, std::function<void(std::string)>*>>& dataChannel
     );
     void addRemoteStreamListener(const std::string& streamRoomId, int64_t streamId, std::shared_ptr<OnTrackInterface> onTrack);
 
 private:
     void AddAudioTrack(std::shared_ptr<privmx::endpoint::stream::JanusConnection> jc, libwebrtc::scoped_refptr<libwebrtc::RTCAudioTrack> audioTrack, std::string id = "0");
     void AddVideoTrack(std::shared_ptr<privmx::endpoint::stream::JanusConnection> jc, libwebrtc::scoped_refptr<libwebrtc::RTCVideoTrack> videoTrack, std::string id = "0");
-    libwebrtc::scoped_refptr<libwebrtc::RTCDataChannel> AddDataChannel(std::shared_ptr<privmx::endpoint::stream::JanusConnection> jc, std::string label);
+    void AddDataChannel(std::shared_ptr<privmx::endpoint::stream::JanusConnection> jc, const std::pair<std::string, std::function<void(std::string)>*>& dataChannelInfo);
     void RemoveAudioTrack(std::shared_ptr<privmx::endpoint::stream::JanusConnection> jc, std::string id = "0");
     void RemoveVideoTrack(std::shared_ptr<privmx::endpoint::stream::JanusConnection> jc, std::string id = "0");
     void RemoveDataChannel(std::shared_ptr<privmx::endpoint::stream::JanusConnection> jc);
@@ -93,9 +94,9 @@ class WebRTCImpl : public WebRTCInterface
     std::function<void(const int64_t, const dynamic::RTCIceCandidate&)> _onTrickle;
     privmx::webrtc::FrameCryptorOptions _frameCryptorOptions;
     std::shared_ptr<PeerConnectionManager> _peerConnectionManager;
-    privmx::utils::ThreadSaveMap<std::string, std::shared_ptr<privmx::webrtc::KeyStore>> _roomKeys;
-    // tmp
-    libwebrtc::scoped_refptr<libwebrtc::RTCDataChannel> _tmp;
+    libwebrtc::scoped_refptr<libwebrtc::RTCDataChannel> _bootstrapDataChannel;
+
+    
 };
 
 } // namespace stream
diff --git a/endpoint/stream/webrtc/include/privmx/endpoint/stream/encryptors/dataChannel/DataChannelMessageEncryptorV1.hpp b/endpoint/stream/webrtc/include/privmx/endpoint/stream/encryptors/dataChannel/DataChannelMessageEncryptorV1.hpp
@@ -0,0 +1,66 @@
+/*
+PrivMX Endpoint.
+Copyright © 2024 Simplito sp. z o.o.
+
+This file is part of the PrivMX Platform (https://privmx.dev).
+This software is Licensed under the PrivMX Free License.
+
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+#ifndef _PRIVMXLIB_ENDPOINT_WEBRTC_DATACHANNELMESSAGEENCRYPTORV1_HPP_
+#define _PRIVMXLIB_ENDPOINT_WEBRTC_DATACHANNELMESSAGEENCRYPTORV1_HPP_
+
+#include <mutex>
+#include <shared_mutex>
+#include <privmx/endpoint/core/CoreTypes.hpp>
+#include "privmx/endpoint/stream/WebRTCInterface.hpp"
+
+namespace privmx {
+namespace endpoint {
+namespace stream {
+
+class DataChannelMessageEncryptorV1 {
+public:
+    DataChannelMessageEncryptorV1(const std::vector<Key>& keys);
+    DataChannelMessageEncryptorV1() = default;
+    core::Buffer encryptMessage(const core::Buffer& data, uint32_t seq);
+    std::pair<core::Buffer, uint32_t> decryptMessage(const core::Buffer& encryptedData);
+    void updateKey(const std::vector<Key>& keys);
+private:
+    struct Header {
+        uint8_t version;
+        uint32_t seq;
+        std::string iv;
+        std::string keyId;
+    };
+
+    struct ParsedEncryptedMessage {
+        Header header;
+        std::string serializedHeader;
+        std::string ciphertext;
+    };
+    std::string serializeHeader(Header header);
+    Header deserializeHeader(std::string header);
+    ParsedEncryptedMessage parseEncryptedMessage(const std::string& encryptedData);
+    void assertData(const core::Buffer& encryptedKvdbData);
+    Key getEncryptionKey();
+    Key getDencryptionKey(const std::string& keyId);
+
+    static constexpr uint64_t AES_GCM_KEY_LENGTH_BYTES = 32;
+    static constexpr uint64_t GCM_NONCE_LENGTH_BYTES = 12;
+    static constexpr uint64_t VERSION_LENGTH_BYTES = 1;         //uint8_t
+    static constexpr uint64_t KEY_ID_LENGTH_BYTES = 1;          //uint8_t
+    static constexpr uint64_t SEQUENCE_NUMBER_LENGTH_BYTES = 4; //uint32_t
+    static constexpr uint8_t WIRE_FORMAT_VERSION = 1;
+    static constexpr uint64_t FIXED_HEADER_LENGTH = VERSION_LENGTH_BYTES + KEY_ID_LENGTH_BYTES + SEQUENCE_NUMBER_LENGTH_BYTES + GCM_NONCE_LENGTH_BYTES; 
+    std::shared_mutex _keysMutex;
+    std::vector<Key> _keys;
+};
+
+}  // namespace core
+}  // namespace endpoint
+}  // namespace privmx
+
+#endif  //_PRIVMXLIB_ENDPOINT_WEBRTC_DATACHANNELMESSAGEENCRYPTORV1_HPP_
diff --git a/endpoint/stream/webrtc/include_pub/privmx/endpoint/stream/webrtc/OnTrackInterface.hpp b/endpoint/stream/webrtc/include_pub/privmx/endpoint/stream/webrtc/OnTrackInterface.hpp
@@ -62,9 +62,10 @@ struct AudioData : public Data {
     size_t number_of_frames;
 };
 struct PlainData : public Data {
-    PlainData(const std::vector<std::string>& _streamIds, const std::string& _track, const core::Buffer& _data, bool _binary) 
-        : Data(DataType::PLAIN, _streamIds, _track), data(_data), binary(_binary) {}
+    PlainData(const std::vector<std::string>& _streamIds, const std::string& _track, const core::Buffer& _data, const uint64_t& _seq, bool _binary) 
+        : Data(DataType::PLAIN, _streamIds, _track), data(_data), seq(_seq), binary(_binary) {}
     core::Buffer data;
+    uint64_t seq;
     bool binary;
 };
 
diff --git a/endpoint/stream/webrtc/src/PeerConnectionManager.cpp b/endpoint/stream/webrtc/src/PeerConnectionManager.cpp
diff --git a/endpoint/stream/webrtc/src/PmxDataChannelObserver.cpp b/endpoint/stream/webrtc/src/PmxDataChannelObserver.cpp
diff --git a/endpoint/stream/webrtc/src/PmxPeerConnectionObserver.cpp b/endpoint/stream/webrtc/src/PmxPeerConnectionObserver.cpp
diff --git a/endpoint/stream/webrtc/src/StreamApiImpl.cpp b/endpoint/stream/webrtc/src/StreamApiImpl.cpp
diff --git a/endpoint/stream/webrtc/src/WebRTCImpl.cpp b/endpoint/stream/webrtc/src/WebRTCImpl.cpp
diff --git a/endpoint/stream/webrtc/src/encryptors/dataChannel/DataChannelMessageEncryptorV1.cpp b/endpoint/stream/webrtc/src/encryptors/dataChannel/DataChannelMessageEncryptorV1.cpp

Original file line number	Diff line number	Diff line change
`@@ -167,7 +167,7 @@ class OnTrackImpl : public stream::OnTrackInterface {`
`167`	`167`	`auto audioData = std::dynamic_pointer_cast<stream::AudioData>(data);`
`168`	`168`	`} else if(data->type == stream::DataType::PLAIN) {`
`169`	`169`	`auto plainData = std::dynamic_pointer_cast<stream::PlainData>(data);`
`170`		`- LOG_INFO("Recived plain data", plainData->data.stdString());`
	`170`	`+ LOG_INFO("Recived plain data: ", plainData->data.stdString());`
`171`	`171`	`} else {`
`172`	`172`	`LOG_FATAL("DataType::UNKNOWN")`
`173`	`173`	`}`