Take out Fuchsia-only SDES-enabling parameters
This does not remove all traces of SDES - we still need to delete
the cricket::CryptoParams struct and all code that uses it.
Bug: webrtc:11066, chromium:804275
Change-Id: I811c8d40da7f4af714d53376f24cd53332a15945
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/336780
Reviewed-by: Henrik Boström <hbos@webrtc.org>
Commit-Queue: Harald Alvestrand <hta@webrtc.org>
Cr-Commit-Position: refs/heads/main@{#41634}
diff --git a/api/peer_connection_interface.h b/api/peer_connection_interface.h
index 3c225eb..7699f33 100644
--- a/api/peer_connection_interface.h
+++ b/api/peer_connection_interface.h
@@ -451,15 +451,6 @@
// when switching from a static scene to one with motion.
absl::optional<int> screencast_min_bitrate;
-#if defined(WEBRTC_FUCHSIA)
- // TODO(bugs.webrtc.org/11066): Remove entirely once Fuchsia does not use.
- // TODO(bugs.webrtc.org/9891) - Move to crypto_options
- // Can be used to disable DTLS-SRTP. This should never be done, but can be
- // useful for testing purposes, for example in setting up a loopback call
- // with a single PeerConnection.
- absl::optional<bool> enable_dtls_srtp;
-#endif
-
/////////////////////////////////////////////////
// The below fields are not part of the standard.
/////////////////////////////////////////////////
diff --git a/pc/peer_connection.cc b/pc/peer_connection.cc
index dc78477..3ab2c52 100644
--- a/pc/peer_connection.cc
+++ b/pc/peer_connection.cc
@@ -348,15 +348,7 @@
return false;
// Enable DTLS by default if we have an identity store or a certificate.
- bool default_enabled =
- (dependencies.cert_generator || !configuration.certificates.empty());
-
-#if defined(WEBRTC_FUCHSIA)
- // The `configuration` can override the default value.
- return configuration.enable_dtls_srtp.value_or(default_enabled);
-#else
- return default_enabled;
-#endif
+ return (dependencies.cert_generator || !configuration.certificates.empty());
}
// Calls `ParseIceServersOrError` to extract ice server information from the
@@ -416,9 +408,6 @@
int max_ipv6_networks;
bool disable_link_local_networks;
absl::optional<int> screencast_min_bitrate;
-#if defined(WEBRTC_FUCHSIA)
- absl::optional<bool> enable_dtls_srtp;
-#endif
TcpCandidatePolicy tcp_candidate_policy;
CandidateNetworkPolicy candidate_network_policy;
int audio_jitter_buffer_max_packets;
@@ -483,9 +472,6 @@
max_ipv6_networks == o.max_ipv6_networks &&
disable_link_local_networks == o.disable_link_local_networks &&
screencast_min_bitrate == o.screencast_min_bitrate &&
-#if defined(WEBRTC_FUCHSIA)
- enable_dtls_srtp == o.enable_dtls_srtp &&
-#endif
ice_candidate_pool_size == o.ice_candidate_pool_size &&
prune_turn_ports == o.prune_turn_ports &&
turn_port_prune_policy == o.turn_port_prune_policy &&
diff --git a/pc/peer_connection_crypto_unittest.cc b/pc/peer_connection_crypto_unittest.cc
index 3b3f502..4274e88 100644
--- a/pc/peer_connection_crypto_unittest.cc
+++ b/pc/peer_connection_crypto_unittest.cc
@@ -258,233 +258,6 @@
answer->description()));
}
-#if defined(WEBRTC_FUCHSIA)
-// When DTLS is disabled, the SDP offer/answer should include SDES cryptos and
-// should not have a DTLS fingerprint.
-TEST_P(PeerConnectionCryptoTest, CorrectCryptoInOfferWhenDtlsDisabled) {
- RTCConfiguration config;
- config.enable_dtls_srtp.emplace(false);
- auto caller = CreatePeerConnectionWithAudioVideo(config);
-
- auto offer = caller->CreateOffer();
- ASSERT_TRUE(offer);
-
- ASSERT_FALSE(offer->description()->contents().empty());
- EXPECT_TRUE(SdpContentsAll(HaveSdesCryptos(), offer->description()));
- EXPECT_TRUE(SdpContentsNone(HaveDtlsFingerprint(), offer->description()));
- EXPECT_TRUE(SdpContentsAll(HaveProtocol(cricket::kMediaProtocolSavpf),
- offer->description()));
-}
-
-TEST_P(PeerConnectionCryptoTest, CorrectCryptoInAnswerWhenDtlsDisabled) {
- RTCConfiguration config;
- config.enable_dtls_srtp.emplace(false);
- auto caller = CreatePeerConnectionWithAudioVideo(config);
- auto callee = CreatePeerConnectionWithAudioVideo(config);
-
- callee->SetRemoteDescription(caller->CreateOffer());
- auto answer = callee->CreateAnswer();
- ASSERT_TRUE(answer);
-
- ASSERT_FALSE(answer->description()->contents().empty());
- EXPECT_TRUE(SdpContentsAll(HaveSdesCryptos(), answer->description()));
- EXPECT_TRUE(SdpContentsNone(HaveDtlsFingerprint(), answer->description()));
- EXPECT_TRUE(SdpContentsAll(HaveProtocol(cricket::kMediaProtocolSavpf),
- answer->description()));
-}
-
-// When encryption is disabled, the SDP offer/answer should have neither a DTLS
-// fingerprint nor any SDES crypto options.
-TEST_P(PeerConnectionCryptoTest, CorrectCryptoInOfferWhenEncryptionDisabled) {
- PeerConnectionFactoryInterface::Options options;
- options.disable_encryption = true;
- pc_factory_->SetOptions(options);
-
- RTCConfiguration config;
- config.enable_dtls_srtp.emplace(false);
- auto caller = CreatePeerConnectionWithAudioVideo(config);
-
- auto offer = caller->CreateOffer();
- ASSERT_TRUE(offer);
-
- ASSERT_FALSE(offer->description()->contents().empty());
- EXPECT_TRUE(SdpContentsNone(HaveSdesCryptos(), offer->description()));
- EXPECT_TRUE(SdpContentsNone(HaveDtlsFingerprint(), offer->description()));
- EXPECT_TRUE(SdpContentsAll(HaveProtocol(cricket::kMediaProtocolAvpf),
- offer->description()));
-}
-
-TEST_P(PeerConnectionCryptoTest, CorrectCryptoInAnswerWhenEncryptionDisabled) {
- PeerConnectionFactoryInterface::Options options;
- options.disable_encryption = true;
- pc_factory_->SetOptions(options);
-
- RTCConfiguration config;
- config.enable_dtls_srtp.emplace(false);
- auto caller = CreatePeerConnectionWithAudioVideo(config);
- auto callee = CreatePeerConnectionWithAudioVideo(config);
-
- callee->SetRemoteDescription(caller->CreateOffer());
- auto answer = callee->CreateAnswer();
- ASSERT_TRUE(answer);
-
- ASSERT_FALSE(answer->description()->contents().empty());
- EXPECT_TRUE(SdpContentsNone(HaveSdesCryptos(), answer->description()));
- EXPECT_TRUE(SdpContentsNone(HaveDtlsFingerprint(), answer->description()));
- EXPECT_TRUE(SdpContentsAll(HaveProtocol(cricket::kMediaProtocolAvpf),
- answer->description()));
-}
-
-// CryptoOptions has been promoted to RTCConfiguration. As such if it is ever
-// set in the configuration it should overrite the settings set in the factory.
-TEST_P(PeerConnectionCryptoTest, RTCConfigurationCryptoOptionOverridesFactory) {
- PeerConnectionFactoryInterface::Options options;
- options.crypto_options.srtp.enable_gcm_crypto_suites = true;
- pc_factory_->SetOptions(options);
-
- RTCConfiguration config;
- config.enable_dtls_srtp.emplace(false);
- CryptoOptions crypto_options;
- crypto_options.srtp.enable_gcm_crypto_suites = false;
- config.crypto_options = crypto_options;
- auto caller = CreatePeerConnectionWithAudioVideo(config);
-
- auto offer = caller->CreateOffer();
- ASSERT_TRUE(offer);
-
- ASSERT_FALSE(offer->description()->contents().empty());
- // This should exist if GCM is enabled see CorrectCryptoInOfferWithSdesAndGcm
- EXPECT_FALSE(SdpContentsAll(HaveSdesGcmCryptos(3), offer->description()));
-}
-
-// When DTLS is disabled and GCM cipher suites are enabled, the SDP offer/answer
-// should have the correct ciphers in the SDES crypto options.
-// With GCM cipher suites enabled, there will be 3 cryptos in the offer and 1
-// in the answer.
-TEST_P(PeerConnectionCryptoTest, CorrectCryptoInOfferWithSdesAndGcm) {
- PeerConnectionFactoryInterface::Options options;
- options.crypto_options.srtp.enable_gcm_crypto_suites = true;
- pc_factory_->SetOptions(options);
-
- RTCConfiguration config;
- config.enable_dtls_srtp.emplace(false);
- auto caller = CreatePeerConnectionWithAudioVideo(config);
-
- auto offer = caller->CreateOffer();
- ASSERT_TRUE(offer);
-
- ASSERT_FALSE(offer->description()->contents().empty());
- EXPECT_TRUE(SdpContentsAll(HaveSdesGcmCryptos(3), offer->description()));
-}
-
-TEST_P(PeerConnectionCryptoTest, CorrectCryptoInAnswerWithSdesAndGcm) {
- PeerConnectionFactoryInterface::Options options;
- options.crypto_options.srtp.enable_gcm_crypto_suites = true;
- pc_factory_->SetOptions(options);
-
- RTCConfiguration config;
- config.enable_dtls_srtp.emplace(false);
- auto caller = CreatePeerConnectionWithAudioVideo(config);
- auto callee = CreatePeerConnectionWithAudioVideo(config);
-
- auto offer = caller->CreateOffer();
- for (cricket::ContentInfo& content : offer->description()->contents()) {
- auto cryptos = content.media_description()->cryptos();
- cryptos.erase(cryptos.begin()); // Assumes that non-GCM is the default.
- content.media_description()->set_cryptos(cryptos);
- }
-
- callee->SetRemoteDescription(std::move(offer));
- auto answer = callee->CreateAnswer();
- ASSERT_TRUE(answer);
-
- ASSERT_FALSE(answer->description()->contents().empty());
- EXPECT_TRUE(SdpContentsAll(HaveSdesGcmCryptos(1), answer->description()));
-}
-
-TEST_P(PeerConnectionCryptoTest, CanSetSdesGcmRemoteOfferAndLocalAnswer) {
- PeerConnectionFactoryInterface::Options options;
- options.crypto_options.srtp.enable_gcm_crypto_suites = true;
- pc_factory_->SetOptions(options);
-
- RTCConfiguration config;
- config.enable_dtls_srtp.emplace(false);
- auto caller = CreatePeerConnectionWithAudioVideo(config);
- auto callee = CreatePeerConnectionWithAudioVideo(config);
-
- auto offer = caller->CreateOffer();
- ASSERT_TRUE(offer);
- ASSERT_TRUE(callee->SetRemoteDescription(std::move(offer)));
-
- auto answer = callee->CreateAnswer();
- ASSERT_TRUE(answer);
- ASSERT_TRUE(callee->SetLocalDescription(std::move(answer)));
-}
-
-// The following group tests that two PeerConnections can successfully exchange
-// an offer/answer when DTLS is off and that they will refuse any offer/answer
-// applied locally/remotely if it does not include SDES cryptos.
-TEST_P(PeerConnectionCryptoTest, ExchangeOfferAnswerWhenSdesOn) {
- RTCConfiguration config;
- config.enable_dtls_srtp.emplace(false);
- auto caller = CreatePeerConnectionWithAudioVideo(config);
- auto callee = CreatePeerConnectionWithAudioVideo(config);
-
- auto offer = caller->CreateOfferAndSetAsLocal();
- ASSERT_TRUE(offer);
- ASSERT_TRUE(callee->SetRemoteDescription(std::move(offer)));
-
- auto answer = callee->CreateAnswerAndSetAsLocal();
- ASSERT_TRUE(answer);
- ASSERT_TRUE(caller->SetRemoteDescription(std::move(answer)));
-}
-TEST_P(PeerConnectionCryptoTest, FailToSetLocalOfferWithNoCryptosWhenSdesOn) {
- RTCConfiguration config;
- config.enable_dtls_srtp.emplace(false);
- auto caller = CreatePeerConnectionWithAudioVideo(config);
-
- auto offer = caller->CreateOffer();
- SdpContentsForEach(RemoveSdesCryptos(), offer->description());
-
- EXPECT_FALSE(caller->SetLocalDescription(std::move(offer)));
-}
-TEST_P(PeerConnectionCryptoTest, FailToSetRemoteOfferWithNoCryptosWhenSdesOn) {
- RTCConfiguration config;
- config.enable_dtls_srtp.emplace(false);
- auto caller = CreatePeerConnectionWithAudioVideo(config);
- auto callee = CreatePeerConnectionWithAudioVideo(config);
-
- auto offer = caller->CreateOffer();
- SdpContentsForEach(RemoveSdesCryptos(), offer->description());
-
- EXPECT_FALSE(callee->SetRemoteDescription(std::move(offer)));
-}
-TEST_P(PeerConnectionCryptoTest, FailToSetLocalAnswerWithNoCryptosWhenSdesOn) {
- RTCConfiguration config;
- config.enable_dtls_srtp.emplace(false);
- auto caller = CreatePeerConnectionWithAudioVideo(config);
- auto callee = CreatePeerConnectionWithAudioVideo(config);
-
- callee->SetRemoteDescription(caller->CreateOfferAndSetAsLocal());
- auto answer = callee->CreateAnswer();
- SdpContentsForEach(RemoveSdesCryptos(), answer->description());
-
- EXPECT_FALSE(callee->SetLocalDescription(std::move(answer)));
-}
-TEST_P(PeerConnectionCryptoTest, FailToSetRemoteAnswerWithNoCryptosWhenSdesOn) {
- RTCConfiguration config;
- config.enable_dtls_srtp.emplace(false);
- auto caller = CreatePeerConnectionWithAudioVideo(config);
- auto callee = CreatePeerConnectionWithAudioVideo(config);
-
- callee->SetRemoteDescription(caller->CreateOfferAndSetAsLocal());
- auto answer = callee->CreateAnswerAndSetAsLocal();
- SdpContentsForEach(RemoveSdesCryptos(), answer->description());
-
- EXPECT_FALSE(caller->SetRemoteDescription(std::move(answer)));
-}
-#endif
-
// The following group tests that two PeerConnections can successfully exchange
// an offer/answer when DTLS is on and that they will refuse any offer/answer
// applied locally/remotely if it does not include a DTLS fingerprint.
@@ -545,28 +318,6 @@
EXPECT_FALSE(caller->SetRemoteDescription(std::move(answer)));
}
-#if defined(WEBRTC_FUCHSIA)
-// Test that an offer/answer can be exchanged when encryption is disabled.
-TEST_P(PeerConnectionCryptoTest, ExchangeOfferAnswerWhenNoEncryption) {
- PeerConnectionFactoryInterface::Options options;
- options.disable_encryption = true;
- pc_factory_->SetOptions(options);
-
- RTCConfiguration config;
- config.enable_dtls_srtp.emplace(false);
- auto caller = CreatePeerConnectionWithAudioVideo(config);
- auto callee = CreatePeerConnectionWithAudioVideo(config);
-
- auto offer = caller->CreateOfferAndSetAsLocal();
- ASSERT_TRUE(offer);
- ASSERT_TRUE(callee->SetRemoteDescription(std::move(offer)));
-
- auto answer = callee->CreateAnswerAndSetAsLocal();
- ASSERT_TRUE(answer);
- ASSERT_TRUE(caller->SetRemoteDescription(std::move(answer)));
-}
-#endif
-
// Tests that a DTLS call can be established when the certificate is specified
// in the PeerConnection config and no certificate generator is specified.
TEST_P(PeerConnectionCryptoTest,
diff --git a/pc/peer_connection_integrationtest.cc b/pc/peer_connection_integrationtest.cc
index 23c8b16..24ca52f 100644
--- a/pc/peer_connection_integrationtest.cc
+++ b/pc/peer_connection_integrationtest.cc
@@ -275,26 +275,6 @@
ASSERT_TRUE(ExpectNewFrames(media_expectations));
}
-#if defined(WEBRTC_FUCHSIA)
-// Uses SDES instead of DTLS for key agreement.
-TEST_P(PeerConnectionIntegrationTest, EndToEndCallWithSdes) {
- PeerConnectionInterface::RTCConfiguration sdes_config;
- sdes_config.enable_dtls_srtp.emplace(false);
- ASSERT_TRUE(CreatePeerConnectionWrappersWithConfig(sdes_config, sdes_config));
- ConnectFakeSignaling();
-
- // Do normal offer/answer and wait for some frames to be received in each
- // direction.
- caller()->AddAudioVideoTracks();
- callee()->AddAudioVideoTracks();
- caller()->CreateAndSetAndSignalOffer();
- ASSERT_TRUE_WAIT(SignalingStateStable(), kDefaultTimeout);
- MediaExpectations media_expectations;
- media_expectations.ExpectBidirectionalAudioAndVideo();
- ASSERT_TRUE(ExpectNewFrames(media_expectations));
-}
-#endif
-
// Basic end-to-end test specifying the `enable_encrypted_rtp_header_extensions`
// option to offer encrypted versions of all header extensions alongside the
// unencrypted versions.
diff --git a/pc/sdp_offer_answer.cc b/pc/sdp_offer_answer.cc
index 67c8d10..19cd9ba 100644
--- a/pc/sdp_offer_answer.cc
+++ b/pc/sdp_offer_answer.cc
@@ -285,9 +285,6 @@
if (content_info.rejected) {
continue;
}
-#if !defined(WEBRTC_FUCHSIA)
- RTC_CHECK(dtls_enabled) << "SDES protocol is only allowed in Fuchsia";
-#endif
const std::string& mid = content_info.name;
auto it = bundle_groups_by_mid.find(mid);
const cricket::ContentGroup* bundle =
