mirror of
https://github.com/mollyim/webrtc.git
synced 2025-05-16 15:20:42 +01:00
7f1c58938d
Adding the crypto root directory to WebRTC. The goal with this change is to centralize the management of crypto code into a single location. Currently we have cryptography code scattered across pc/ and rtc_base/ which makes it difficult audit and maintain. By having a crypto/ directory we gain: 1. A clear first point of contact for auditing the cryptography in WebRTC. 2. Fine grain ownership to cryptography maintainers, we can include BoringSSL maintainers in this directory. 3. It improves maintanability of crypto code as we have improved modularization. It will not be deeply nested in all different parts of WebRTC. 4. Improved testability. We can cleanly build crypto libraries which plug into pc/ which we can more easily mock. 5. Enforce stricter rules. For example we may want to enforce ZeroOnFreeBuffer for all sensitive material. This is easier to enforce in a single directory. Bug: webrtc:9600 Change-Id: I8e76332c7dcdac0a45a470ba2e930196e1ccf395 Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/125142 Commit-Queue: Benjamin Wright <benwright@webrtc.org> Reviewed-by: Niels Moller <nisse@webrtc.org> Reviewed-by: Karl Wiberg <kwiberg@webrtc.org> Cr-Commit-Position: refs/heads/master@{#27028} |
||
|---|---|---|
| .. | ||
| OWNERS | ||
| README.md | ||
What should be in the crypto directory
The crypto directory is intended to be a centralized location for all cryptography code in WebRTC. This includes DTLS-SRTP, SRTP, HTTPS, TLS, cryptography primitives interfaces such as HKDF and secure random (backed by a concrete implementation in BoringSSL).
What should not be in the crypto directory
The crypto directory is not a general purpose security directory. Security utilities such as ZeroBufferOnFree should still go in rtc_base/ and fuzzing utilities in test/fuzzers. ASAN, TSAN and MSAN sanatizer utilities should also not be in this directory.