Embedded-SecLink (ESL)

English | 繁體中文

Embedded-SecLink (ESL) is a lightweight security communication library for embedded systems and V2X-oriented environments. It integrates ECC, BLS, AES, and Merkle Tree utilities into a portable C++17 library that is designed to be easy to build and integrate through CMake.

ESL is intended for efficient secure group communication on resource-constrained OBU (On-Board Unit) platforms. The project has been tested or built on Windows 11 with MSVC, WSL Ubuntu, Armv7 32-bit cross-compilation environments, and Unex OBU-352UC.

Note: ESL is an experimental research project and has not been independently audited. Do not use it directly in production systems or security-critical environments without additional expert review and risk assessment.

---

Core Components

• ECC Core: Elliptic-curve cryptography based on micro-ecc with SECP256R1 support, including ECDH key exchange and ECDSA signatures.
• BLS Core: BLS12-381 signature support based on blst, including signature aggregation for reducing group communication bandwidth.
• AES Core: Symmetric encryption support based on tiny-AES-c, using AES-128 CBC with PKCS7 padding.
• Hash Tree: Merkle Tree implementation for data-integrity verification and lightweight proof generation.
• Utils: Stopwatch, time utilities, and random-number helper utilities.

---

Dependencies

This project uses Modern CMake (3.12+) and integrates the following open-source projects:

• blst (Apache-2.0 / MIT): BLS12-381 pairing and signature library.
• micro-ecc (BSD-2-Clause): ECC library designed for embedded environments.
• tiny-AES-c (Public Domain): Lightweight AES implementation in C.
• PicoSHA2 (MIT): Header-only SHA-256 implementation.
• nlohmann/json (MIT): Header-only JSON parser and serializer.
• GoogleTest (BSD-3-Clause): Unit testing framework, enabled only when ESL_BUILD_TESTS=ON.

For license details, see THIRD_PARTY_NOTICES.md.

---

Build and Install

Requirements

• CMake >= 3.12
• A C++17 compiler, such as MSVC, GCC, or Clang
• Git, required by CMake FetchContent

Build the SDK

# 1. Configure the build directory
cmake -S . -B build -DCMAKE_INSTALL_PREFIX="./sdk_output"

# 2. Build
cmake --build build --config Release

# 3. Install
cmake --install build --config Release

Build Tests and Examples

cmake -S . -B build -DESL_BUILD_TESTS=ON -DESL_BUILD_EXAMPLES=ON -DCMAKE_BUILD_TYPE=Release
cmake --build build --config Release
ctest --test-dir build --build-config Release --output-on-failure

Use with FetchContent

This is suitable for development builds. CMake will fetch and build ESL from GitHub without a separate installation step.

cmake_minimum_required(VERSION 3.12)
project(MyOBUApp)

include(FetchContent)
FetchContent_Declare(
    esl
    GIT_REPOSITORY https://github.com/walker3354/Embedded-SecLink.git
    GIT_TAG        v1.1.0
)
FetchContent_MakeAvailable(esl)

add_executable(my_app main.cpp)
target_link_libraries(my_app PRIVATE esl::esl)

Prefer pinning GIT_TAG to a release tag or commit SHA instead of a moving branch, so downstream builds remain reproducible.

Installed Layout

sdk_output/
├── include/esl/
│   ├── crypto/
│   │   ├── BlsCore.hpp
│   │   └── EccCore.hpp
│   └── utils/
│       ├── HashTree.hpp
│       ├── Random.hpp
│       ├── Stopwatch.hpp
│       ├── TimeUtils.hpp
│       └── json.hpp
└── lib/
    ├── esl.lib (Windows) or libesl.a (Linux)
    └── cmake/esl/
        ├── EslConfig.cmake
        ├── EslConfigVersion.cmake
        └── EslTargets.cmake

Build Options

Option	Default	Description
ESL_BUILD_SHARED	OFF	Build a shared library (.dll / .so) instead of a static library (.lib / .a)
ESL_BUILD_TESTS	OFF	Download GoogleTest and build unit tests
ESL_BUILD_EXAMPLES	ON	Build example programs
ESL_STRICT_MODE	OFF	Enable strict compiler warnings, such as -Wall -Wextra -Werror

---

Use in Your Project

After installation, reference ESL from another CMake project:

cmake_minimum_required(VERSION 3.12)
project(MyOBUApp)

set(esl_DIR "path/to/sdk_output/lib/cmake/esl")

find_package(esl REQUIRED)

add_executable(my_app main.cpp)
target_link_libraries(my_app PRIVATE esl::esl)

You can also pass the package path when configuring your project:

cmake -S . -B build -Desl_DIR="path/to/sdk_output/lib/cmake/esl"

---

Security Status

ESL is experimental and has not been independently audited. Before evaluating or deploying it in a real environment, read SECURITY.md and perform additional review of key generation, key storage, randomness, AES-CBC usage, BLS aggregate signature verification, and third-party dependencies.

---

License

The project source code is released under the MIT License. See LICENSE. Third-party dependencies are governed by their own license terms. See THIRD_PARTY_NOTICES.md.