https://github.com/teslamotors/liblithium Skip to content Toggle navigation Sign up * Product + Actions Automate any workflow + Packages Host and manage packages + Security Find and fix vulnerabilities + Codespaces Instant dev environments + Copilot Write better code with AI + Code review Manage code changes + Issues Plan and track work + Discussions Collaborate outside of code + Explore + All features + Documentation + GitHub Skills + Blog * Solutions + By Plan + Enterprise + Teams + Compare all + By Solution + CI/CD & Automation + DevOps + DevSecOps + Case Studies + Customer Stories + Resources * Open Source + GitHub Sponsors Fund open source developers + The ReadME Project GitHub community articles + Repositories + Topics + Trending + Collections * Pricing [ ] * # In this repository All GitHub | Jump to | * No suggested jump to results * # In this repository All GitHub | Jump to | * # In this organization All GitHub | Jump to | * # In this repository All GitHub | Jump to | Sign in Sign up {{ message }} teslamotors / liblithium Public * Notifications * Fork 6 * Star 78 A lightweight and portable cryptography library. License Apache-2.0 license 78 stars 6 forks Star Notifications * Code * Issues 0 * Pull requests 0 * Actions * Projects 0 * Security * Insights More * Code * Issues * Pull requests * Actions * Projects * Security * Insights teslamotors/liblithium This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository. main Switch branches/tags [ ] Branches Tags Could not load branches Nothing to show {{ refName }} default View all branches Could not load tags Nothing to show {{ refName }} default View all tags Name already in use A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch? Cancel Create 1 branch 0 tags Code * Clone HTTPS GitHub CLI [https://github.com/t] Use Git or checkout with SVN using the web URL. [gh repo clone teslam] Work fast with our official CLI. Learn more. * Open with GitHub Desktop * Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Launching Xcode If nothing happens, download Xcode and try again. Launching Visual Studio Code Your codespace will open once ready. There was a problem preparing your codespace, please try again. Latest commit @chrisnc chrisnc use signed negate then cast rather than unsigned subtract for forming kb ... 5c0443e Nov 14, 2022 use signed negate then cast rather than unsigned subtract for forming kb 5c0443e Git stats * 279 commits Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time .github/workflows refactor build script to add --target and --host-march options May 16, 2022 .trustinsoft update .clang-format to avoid breaking after parens May 16, 2022 doc remove extra parentheses in LaTeX derivation Mar 27, 2020 examples make TrustInSoft entrypoints for other interfaces Oct 18, 2021 hydro add interface to reduce scalars mod L Feb 1, 2022 include/lithium update .clang-format to avoid breaking after parens May 16, 2022 py_src add python-test.yml (#4) Aug 30, 2021 scripts refactor build script to add --target and --host-march options May 16, 2022 src use signed negate then cast rather than unsigned subtract for forming kb Nov 14, 2022 test add interface to reduce scalars mod L Feb 1, 2022 .clang-format update .clang-format to avoid breaking after parens May 16, 2022 .dockerignore implement python interface for sign and gimli_hash Aug 11, 2020 .gitignore refactor build script to add --target and --host-march options May 16, 2022 Dockerfile only build examples in main host environment Jun 8, 2022 LICENSE add a lith_memzero function for erasing the secret scalar after use i... Feb 1, 2022 NOTICE remove license boilerplate from NOTICE file (#1) Aug 28, 2021 README.md only build examples in main host environment Jun 8, 2022 SConstruct only build examples in main host environment Jun 8, 2022 SECURITY.md add SECURITY.md with link to Tesla Product Security page Aug 23, 2021 archive.sh add simple archive script Jun 2, 2021 black-check.bash update black version and use --diff May 14, 2022 docker.bash only build examples in main host environment Jun 8, 2022 ffibuilder.py add a lith_memzero function for erasing the secret scalar after use i... Feb 1, 2022 lithium.svg add a short README with lithium svg Apr 9, 2020 release.sh add CI pipeline build scripts, and build infra tweaks for windows bui... Aug 20, 2020 setup.py update Python package classifiers Oct 3, 2021 View code liblithium Compiling What you can use liblithium for Basics of using liblithium for signed updates Examples Generating a signature Verifying a signature README.md TrustInSoft CI Lithium liblithium liblithium is a lightweight cryptography library that is portable by design. It requires only standard C99 and does not assume 8-bit addressability, making it suitable for use on some DSP architectures as well as mainstream architectures. liblithium is built on the Gimli permutation and X25519 signatures. The Gimli permutation and the Gimli-Hash function are designed to be high-performance and to have an extremely small footprint. X25519 signatures are related to the more common ed25519 signatures used by NaCl and others, but use only the x-coordinate of elliptic curve points, a technique pioneered in the paper "Fast and compact elliptic-curve cryptography" and implemented in the STROBE project. This technique greatly reduces the code size required for creating and verifying signatures. liblithium's X25519 implementation is derived from STROBE. Compiling While you can embed liblithium in many environments, the library comes with a SConstruct file for building using scons by default. You can also use the docker.bash script that will build a docker image with the necessary build dependencies and run a container. From within this container, run scons. What you can use liblithium for liblithium is particularly well-suited for constrained environments and low-power microcontrollers due to its very small footprint and limited processing requirements. This makes liblithium a great candidate for implementing signed firmware updates on embedded electronics that have no secure boot functionality. Basics of using liblithium for signed updates Before anything else, you should ensure that all debug ports (e.g., JTAG) on your target MCU are disabled, since those can be used to circumvent software-only signature verification. Signature verification should ideally be implemented in the bootloader, either at boot time, or only at firmware update time if boot speed is critical. Note that for update-time-only checks, this mechanism will only be effective for MCUs where the entire application is stored in internal flash and protected from read/write via a debugger (see statement on JTAG lock above). The bootloader must contain the public key that will be used for signature verification. The corresponding secret key must be kept confidential and will be used for signing firmware update binaries. In order for the signature verification process to be effective, the entire firmware binary should be signed (not only the header or a subset of the firmware). Since signature verification can be done continuously during data reception by the update process, it makes sense to append the signature at the end of the firmware binary, since the signature is required at that point for final verification. Examples Generating a signature You can refer to examples/lith-sign.c for an example of how to sign a binary blob with a secret key. Three calls only are required to implement this: * lith_sign_init(&state); : initializes the liblithium library state (state is a lith_sign_state) * lith_sign_update(&state, msg, len); : updates the liblithium state for each data block that is being read * lith_sign_final_create(&state, sig, secret_key); : is called once all the data is received, and generates the signature using the secret key. Verifying a signature You can refer to examples/lith-verify.c for an example of how to verify the signature of a binary blob against a public key. Three calls only are required to implement this: * lith_sign_init(&state); : initializes the liblithium state (state is a lith_sign_state) * lith_sign_update(&state, msg, len); : updates the liblithium state for each data block that is being read (for instance when reading a file, or receiving data over a serial bus) * lith_sign_final_verify(&state, sig, public_key); : is called once all the data and the signature are received, and verifies the signature against the public key. About A lightweight and portable cryptography library. Resources Readme License Apache-2.0 license Security policy Security policy Stars 78 stars Watchers 11 watching Forks 6 forks Contributors 5 * @chrisnc * @lwalkera * @xialu000 * @elafargue * @bibibibi89 Languages * C 82.7% * Python 14.7% * Shell 2.5% * Dockerfile 0.1% Footer (c) 2022 GitHub, Inc. Footer navigation * Terms * Privacy * Security * Status * Docs * Contact GitHub * Pricing * API * Training * Blog * About You can't perform that action at this time. You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.