def getPartitionNum(self, trace, tnum):
key = trace.getKnownKey(tnum)
text = trace.getTextin(tnum)
guess = [0] * 16
for i in range(0, 16):
guess[i] = getHW(sbox(text[i] ^ key[i]))
return guess
def getPartitionNum(self, trace, tnum):
key = trace.getKnownKey(tnum)
text = trace.getTextin(tnum)
guess = [0] * 16
for i in range(0, 16):
guess[i] = getHW(sbox(text[i] ^ key[i]))
return guess
def getPartitionNum(self, trace, tnum):
key = trace.getKnownKey(tnum)
ct = trace.getTextout(tnum)
#Convert from initial key to final-round key, currently
#this assumes AES
if len(key) == 16:
rounds = 10
else:
raise ValueError("Need to implement for selected AES")
key = keyScheduleRounds(key, 0, rounds)
guess = [0] * 16
for i in range(0, 16):
st10 = ct[INVSHIFT[i]]
st9 = inv_sbox(ct[i] ^ key[i])
guess[i] = getHW(st9 ^ st10)
return guess
def getPartitionNum(self, trace, tnum):
key = trace.getKnownKey(tnum)
ct = trace.getTextout(tnum)
#Convert from initial key to final-round key, currently
#this assumes AES
if len(key) == 16:
rounds = 10
else:
raise ValueError("Need to implement for selected AES")
key = keyScheduleRounds(key, 0, rounds)
guess = [0] * 16
for i in range(0, 16):
st10 = ct[INVSHIFT[i]]
st9 = inv_sbox(ct[i] ^ key[i])
guess[i] = getHW(st9 ^ st10)
return guess
def addTraces(self, traces, plaintexts, ciphertexts, knownkeys=None, progressBar=None, pointRange=None):
if multivariate_normal is None:
raise Warning("Version of SciPy too old, require >= 0.14, have %s. "
"Update to support this attack" % (scipy.version.version))
# Hack for now - just use last template found
template = self.loadTemplatesFromProject()[-1]
pois = template["poi"]
numparts = len(template['mean'][0])
results = np.zeros((16, 256))
tdiff = self._reportinginterval
if progressBar:
progressBar.setStatusMask("Current Trace = %d-%d Current Subkey = %d", (0, 0, 0))
progressBar.setMaximum(16 * len(traces))
pcnt = 0
for tnum in range(0, len(traces)):
for bnum in self.brange:
try:
newresultsint = [multivariate_normal.logpdf(traces[tnum][pois[bnum]], mean=template['mean'][bnum][i], cov=np.diag(template['cov'][bnum][i])) for i in range(0, numparts)]
except np.linalg.LinAlgError as e:
print("WARNING: Error in applying template, probably template is poorly formed or POI incorrect. Error: " + str(e))
print(" Byte %d for tnum %d skipped due to this error."%(bnum, tnum))
newresultsint = [0] * 256
ptype = template["partitiontype"]
if ptype == "PartitionHWIntermediate":
newresults = []
# Map to key guess format
for i in range(0, 256):
# Get hypothetical hamming weight
# hypint = HypHW(plaintexts[tnum], None, i, bnum)
hypint = AESModel.leakage(plaintexts[tnum], ciphertexts[tnum], i, bnum, AESModel.LEAK_HW_SBOXOUT_FIRSTROUND, None)
newresults.append(newresultsint[ hypint ])
elif ptype == "PartitionHDLastRound":
newresults = []
# Map to key guess format
for i in range(0, 256):
# Get hypothetical hamming distance
# hypint = HypHD(plaintexts[tnum], None, i, bnum)
# hypint = HypHD(None, ciphertexts[tnum], i, bnum)
hypint = AESModel.leakage(plaintexts[tnum], ciphertexts[tnum], i, bnum, AESModel.LEAK_HD_LASTROUND_STATE, None)
newresults.append(newresultsint[ hypint ])
# TODO Temp
elif ptype == "PartitionHDRounds":
newresults = []
# Map to key guess format
for i in range(0, 256):
# Get hypothetical hamming distance
# hypint = HypHD(plaintexts[tnum], None, i, bnum)
if bnum == 0:
hypint = getHW(plaintexts[tnum][bnum] ^ i)
else:
knownkey = [0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c]
s1 = plaintexts[tnum][bnum - 1] ^ knownkey[bnum - 1]
s2 = plaintexts[tnum][bnum] ^ i
hypint = getHW(s1 ^ s2)
newresults.append(newresultsint[ hypint ])
else:
newresults = newresultsint
results[bnum] += newresults
self.stats.updateSubkey(bnum, results[bnum], tnum=(tnum + 1))
pcnt += 1
if progressBar:
progressBar.updateStatus(pcnt, (tnum, len(traces)-1, bnum))
if progressBar.wasAborted():
return
# Do plotting if required
if (tnum % tdiff) == 0 and self.sr:
self.sr()
def addTraces(self,
traces,
plaintexts,
ciphertexts,
knownkeys=None,
progressBar=None,
pointRange=None):
if multivariate_normal is None:
raise Warning(
"Version of SciPy too old, require >= 0.14, have %s. "
"Update to support this attack" % (scipy.version.version))
# Hack for now - just use last template found
template = self.loadTemplatesFromProject()[-1]
pois = template["poi"]
numparts = len(template['mean'][0])
results = np.zeros((16, 256))
tdiff = self._reportinginterval
if progressBar:
progressBar.setStatusMask(
"Current Trace = %d-%d Current Subkey = %d", (0, 0, 0))
progressBar.setMaximum(16 * len(traces))
pcnt = 0
for tnum in range(0, len(traces)):
for bnum in self.brange:
try:
newresultsint = [
multivariate_normal.logpdf(
traces[tnum][pois[bnum]],
mean=template['mean'][bnum][i],
cov=np.diag(template['cov'][bnum][i]))
for i in range(0, numparts)
]
except np.linalg.LinAlgError as e:
logging.warning(
'Error in applying template, probably template is poorly formed or POI incorrect. Byte %d for tnum %d skipped.'
% (bnum, tnum))
logging.debug(e)
newresultsint = [0] * 256
ptype = template["partitiontype"]
if ptype == "PartitionHWIntermediate":
newresults = []
# Map to key guess format
for i in range(0, 256):
# Get hypothetical hamming weight
# hypint = HypHW(plaintexts[tnum], None, i, bnum)
hypint = AESModel.leakage(
plaintexts[tnum], ciphertexts[tnum], i, bnum,
AESModel.LEAK_HW_SBOXOUT_FIRSTROUND, None)
newresults.append(newresultsint[hypint])
elif ptype == "PartitionHDLastRound":
newresults = []
# Map to key guess format
for i in range(0, 256):
# Get hypothetical hamming distance
# hypint = HypHD(plaintexts[tnum], None, i, bnum)
# hypint = HypHD(None, ciphertexts[tnum], i, bnum)
hypint = AESModel.leakage(
plaintexts[tnum], ciphertexts[tnum], i, bnum,
AESModel.LEAK_HD_LASTROUND_STATE, None)
newresults.append(newresultsint[hypint])
# TODO Temp
elif ptype == "PartitionHDRounds":
newresults = []
# Map to key guess format
for i in range(0, 256):
# Get hypothetical hamming distance
# hypint = HypHD(plaintexts[tnum], None, i, bnum)
if bnum == 0:
hypint = getHW(plaintexts[tnum][bnum] ^ i)
else:
knownkey = [
0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c
]
s1 = plaintexts[tnum][bnum - 1] ^ knownkey[bnum -
1]
s2 = plaintexts[tnum][bnum] ^ i
hypint = getHW(s1 ^ s2)
newresults.append(newresultsint[hypint])
else:
newresults = newresultsint
results[bnum] += newresults
self.stats.updateSubkey(bnum, results[bnum], tnum=(tnum + 1))
pcnt += 1
if progressBar:
progressBar.updateStatus(pcnt,
(tnum, len(traces) - 1, bnum))
if progressBar.wasAborted():
return
# Do plotting if required
if (tnum % tdiff) == 0 and self.sr:
self.sr()
