Adding new top-level directory crypto/
Adding the crypto root directory to WebRTC. The goal with this change is to centralize the management of crypto code into a single location. Currently we have cryptography code scattered across pc/ and rtc_base/ which makes it difficult audit and maintain. By having a crypto/ directory we gain: 1. A clear first point of contact for auditing the cryptography in WebRTC. 2. Fine grain ownership to cryptography maintainers, we can include BoringSSL maintainers in this directory. 3. It improves maintanability of crypto code as we have improved modularization. It will not be deeply nested in all different parts of WebRTC. 4. Improved testability. We can cleanly build crypto libraries which plug into pc/ which we can more easily mock. 5. Enforce stricter rules. For example we may want to enforce ZeroOnFreeBuffer for all sensitive material. This is easier to enforce in a single directory. Bug: webrtc:9600 Change-Id: I8e76332c7dcdac0a45a470ba2e930196e1ccf395 Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/125142 Commit-Queue: Benjamin Wright <benwright@webrtc.org> Reviewed-by: Niels Moller <nisse@webrtc.org> Reviewed-by: Karl Wiberg <kwiberg@webrtc.org> Cr-Commit-Position: refs/heads/master@{#27028}
This commit is contained in:
Benjamin Wright
committed by
Commit Bot
Commit Bot
parent
1109b59d0c
commit
7f1c58938d
1
api/DEPS
1
api/DEPS
@ -9,6 +9,7 @@ include_rules = [
|
|||||||
"-call",
|
"-call",
|
||||||
"-common_audio",
|
"-common_audio",
|
||||||
"-common_video",
|
"-common_video",
|
||||||
|
"-crypto",
|
||||||
"-data",
|
"-data",
|
||||||
"-examples",
|
"-examples",
|
||||||
"-ios",
|
"-ios",
|
||||||
|
|||||||
8
crypto/OWNERS
Normal file
8
crypto/OWNERS
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
benwright@webrtc.org
|
||||||
|
steveanton@webrtc.org
|
||||||
|
qingsi@webrtc.org
|
||||||
|
|
||||||
|
# These are for the common case of adding or renaming files. If you're doing
|
||||||
|
# structural changes, please get a review from a reviewer in this file.
|
||||||
|
per-file *.gn=*
|
||||||
|
per-file *.gni=*
|
||||||
11
crypto/README.md
Normal file
11
crypto/README.md
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
## What should be in the crypto directory
|
||||||
|
The crypto directory is intended to be a centralized location for all
|
||||||
|
cryptography code in WebRTC. This includes DTLS-SRTP, SRTP, HTTPS,
|
||||||
|
TLS, cryptography primitives interfaces such as HKDF and secure random
|
||||||
|
(backed by a concrete implementation in BoringSSL).
|
||||||
|
|
||||||
|
## What should not be in the crypto directory
|
||||||
|
The crypto directory is not a general purpose security directory. Security
|
||||||
|
utilities such as ZeroBufferOnFree should still go in rtc_base/ and fuzzing
|
||||||
|
utilities in test/fuzzers. ASAN, TSAN and MSAN sanatizer utilities should also
|
||||||
|
not be in this directory.
|
||||||
Reference in New Issue
Block a user