README
¶
AWS libcrypto (AWS-LC)
AWS-LC is a general-purpose cryptographic library maintained by the AWS Cryptography team for AWS and their customers. It іs based on code from the Google BoringSSL project and the OpenSSL project.
AWS-LC contains portable C implementations of algorithms needed for TLS and common applications. For performance critical algorithms, optimized assembly versions are included for x86 and ARM.
Quickstart for Amazon Linux 2
AWS-LC’s libcrypto is a C library and needs a C compiler. AWS-LC's libssl is a C++ library and needs a C++ compiler.
Fork AWS-LC on GitHub and run the following commands to build AWS-LC with optimizations and debug info, run all tests, and install it:
sudo yum install cmake3 ninja-build clang perl golang
git clone https://github.com/${YOUR_GITHUB_ACCOUNT_NAME}/aws-lc.git
mkdir aws-lc-build && cd aws-lc-build
cmake3 -GNinja \
-DCMAKE_BUILD_TYPE=RelWithDebInfo \
-DCMAKE_INSTALL_PREFIX=../aws-lc-install \
../aws-lc
ninja-build run_tests && ninja-build install
cd ../aws-lc-install/
ls *
See Building.md for more information about required dependencies and build options. If you’re interested in getting involved open an issue to discuss your plan. Contributing.md has info for how to specifically make the change and get it reviewed by AWS-LC maintainers. If you just want to use AWS-LC, see our existing documentation in the public header files. If you’re moving your application from OpenSSL, see the porting guide for more information.
Why AWS-LC?
AWS-LC's goal is to maintain a secure libcrypto that is compatible with software and applications used at AWS. AWS-LC also serves as the new home for the AWS Cryptography team to publish open source contributions and enhancements that are submitted to other libcrypto projects.
AWS-LC features
API Compatibility
AWS-LC is compatible with the majority of OpenSSL’s APIs to make it easy to use with existing applications. We’re open to discussing adding missing functionality and understanding your use case in an issue.
Algorithm optimization support
A portable C implementation of all algorithms is included and optimized assembly implementations of select algorithms is included for some x86 and Arm CPUs. We use AWS Graviton processors to test ARMv8 optimizations and Intel CPUs to test x86 and x86-64 optimizations.
The Intel Software Development Emulator is used to run tests on many different x86 processors.
If you use another CPU and would like to make sure we test it or discuss adding an assembly optimized algorithm implementation, please open an issue to discuss adding it to our CI.
Platform Support
AWS-LC correctness is tested on a variety of platforms (i.e., OS/CPU combinations). The following is an overview of the platforms we actively support or are known to be of interest to our community.
If you use a platform not listed below and would like to request it be added to our CI, please open an issue for discussion. Regardless of our support level for a particular platform, we will gladly consider contributions that improve or extend our support.
Supported Platforms
The following platforms are actively tested in our CI pipeline. A few of these platforms are tested across multiple compilers or compiler versions. For each pull request, the proposed change is validated to confirm that it successfully builds and tests pass for these platform. A more complete description of our test setup can be found in the CI README.
| OS | CPU |
|---|---|
| Linux | x86 |
| Linux | x86-64 |
| Linux | aarch64 |
| Windows | x86-64 |
| macOS | x86-64 |
| macOS | aarch64 |
| Android | aarch64 |
| Linux | ppc |
| Linux | ppc64 |
| Linux | ppc64le |
Other platforms
The platforms listed below are of interest to us or to our community. However, problems reported against them might not be prioritized for immediate action by our team. We welcome contributions that improve the experience for consumers on these platforms.
| OS | CPU |
|---|---|
| Android | arm32 |
| Emscripten | wasm32 |
| iOS | aarch64 |
| Linux | arm32 |
| Linux | loongarch64 |
| Linux | risc-v64 |
| Linux | s390x |
| Windows | aarch64 |
| OpenBSD | x86-64 |
| FreeBSD | x86-64 |
WebAssembly (WASM) Support
AWS-LC can be built for WebAssembly using Emscripten. This support is experimental and has important security considerations:
- No FIPS mode: WASM builds cannot be FIPS-validated
- Randomness: Relies on the runtime's
getentropy()implementation - No side-channel protections: Timing and cache-based side-channel mitigations that exist for native builds may not apply in the WASM environment
- Threading limitations: Uses Web Workers which have different security properties than native threads
For build instructions, see BUILDING.md.
FIPS Compliance
For information about FIPS compliance, building AWS-LC in FIPS mode, and platform limitations, see crypto/fipsmodule/FIPS.md.
Post-Quantum Cryptography
Details on the post-quantum algorithms supported by AWS-LC can be found at PQREADME.
AWS-LC safety mechanisms
Automated testing
Every change is tested with our CI that includes positive and negative unit tests, fuzz tests, Sanitizers (Address, Memory, Control flow integrity, Thread, and Undefined behavior), Valgrind, and Formal Verification.
Formal Verification
Portions of AWS-LC have been formally verified in AWS-LC Formal Verification, the checks are run in AWS-LC’s CI on every change. The algorithms that have been verified on certain CPUs with caveats include:
| Algorithm | Parameters | CPUs |
|---|---|---|
| SHA-2 | 384, 512 | SandyBridge+ |
| SHA-2 | 384 | neoverse-n1, neoverse-v1 |
| HMAC | with SHA-384 | SandyBridge+ |
| AES-KW(P) | 256 | SandyBridge+ |
| AES-GCM | 256 | SandyBridge+ |
The CPUs for which code is verified are defined in the following table.
| CPUs | Description |
|---|---|
| SandyBridge+ | x86-64 with AES-NI, CLMUL, and AVX. |
| neoverse-n1 | aarch64 without SHA512. |
| neoverse-v1 | aarch64 with SHA512. |
For more details on verified API functions, caveats and technology used, check the AWS-LC Formal Verification repository.
In addition, we use assembly from s2n-bignum to implement algorithms or sub-routines for x86_64 and aarch64. These functions are formally verified in HOL Light. See the following table for detail.
| Algorithms | Functions | CPUs |
|---|---|---|
| RSA | montgomery_s2n_bignum_mul_mont |
aarch64 |
| P-256 | bignum_montinv_p256, p256_montjscalarmul_selector |
aarch64, x86_64 |
| P-384 | bignum_add_p384, bignum_sub_p384, bignum_neg_p384, bignum_tolebytes_6, bignum_fromlebytes_6, bignum_to_mont_p384_selector, bignum_deamont_p384_selector, bignum_montmul_p384_selector, bignum_montsqr_p384_selector, bignum_nonzero_6, bignum_montinv_p384, p384_montjdouble_selector, p384_montjscalarmul_selector |
aarch64, x86_64 |
| P-521 | bignum_add_p521, bignum_sub_p521, bignum_neg_p521, bignum_tolebytes_p521, bignum_fromlebytes_p521, bignum_mul_p521_selector, bignum_sqr_p521_selector, bignum_inv_p521, p521_jdouble_selector, p521_jscalarmul_selector |
aarch64, x86_64 |
| X25519 | curve25519_x25519_byte_selector, curve25519_x25519base_byte_selector |
aarch64, x86_64 |
| Ed25519 | bignum_mod_n25519, bignum_neg_p25519, bignum_madd_n25519_selector, edwards25519_encode, edwards25519_decode_selector, edwards25519_scalarmulbase_selector, edwards25519_scalarmuldouble_selector |
aarch64, x86_64 |
Have a Question?
We use GitHub Issues for managing feature requests, bug reports, or questions about AWS-LC API usage.
If you think you might have found a security impacting issue, please instead follow our Security Notification Process.
Security issue notifications
If you discover a potential security issue in AWS-LC, we ask that you notify AWS Security via our vulnerability reporting page. Please do not create a public GitHub issue.
If you package or distribute AWS-LC, or use AWS-LC as part of a large multi-user service, you may be eligible for pre-notification of future AWS-LC releases. Please contact [email protected].
Directories
¶
| Path | Synopsis |
|---|---|
|
crypto
|
|
|
cipher_extra/test
command
|
|
|
cipher_extra/test/nist_cavp
command
The make_cavp utility generates cipher_test input files from NIST CAVP Known Answer Test response (.rsp) files.
|
The make_cavp utility generates cipher_test input files from NIST CAVP Known Answer Test response (.rsp) files. |
|
ssl
|
|
|
test/runner
Package tls partially implements TLS 1.2, as specified in RFC 5246.
|
Package tls partially implements TLS 1.2, as specified in RFC 5246. |
|
test/runner/hpke
Package hpke implements Hybrid Public Key Encryption (HPKE).
|
Package hpke implements Hybrid Public Key Encryption (HPKE). |
|
util
|
|
|
convert_wycheproof
command
convert_wycheproof converts Wycheproof test vectors into a format more easily consumed by BoringSSL.
|
convert_wycheproof converts Wycheproof test vectors into a format more easily consumed by BoringSSL. |
|
fipstools
command
break-kat corrupts a known-answer-test input in a binary and writes the corrupted binary to stdout.
|
break-kat corrupts a known-answer-test input in a binary and writes the corrupted binary to stdout. |
|
fipstools/acvp/acvptool
command
|
|
|
fipstools/acvp/acvptool/katemitter
katemitter is a package which (with best effort) will attempt to emit test case data to a configured file for use by AWS-LC's file-based test framework.
|
katemitter is a package which (with best effort) will attempt to emit test case data to a configured file for use by AWS-LC's file-based test framework. |
|
fipstools/capture_hash
command
|
|
|
fipstools/delocate
command
delocate performs several transformations of textual assembly code.
|
delocate performs several transformations of textual assembly code. |
|
fipstools/inject_hash
command
inject_hash parses an archive containing a file object file.
|
inject_hash parses an archive containing a file object file. |
|
fipstools/integrity_tool
command
|
|
|
testresult
testresult is an implementation of Chromium's JSON test result format.
|
testresult is an implementation of Chromium's JSON test result format. |
|
vecgen
module
|