def getPartitionNum(self, trace, tnum): key = trace.getKnownKey(tnum) text = trace.getTextin(tnum) guess = [0] * 16 for i in range(0, 16): guess[i] = getHW(sbox(text[i] ^ key[i])) return guess
def getPartitionNum(self, trace, tnum): key = trace.getKnownKey(tnum) ct = trace.getTextout(tnum) #Convert from initial key to final-round key, currently #this assumes AES if len(key) == 16: rounds = 10 else: raise ValueError("Need to implement for selected AES") key = keyScheduleRounds(key, 0, rounds) guess = [0] * 16 for i in range(0, 16): st10 = ct[INVSHIFT[i]] st9 = inv_sbox(ct[i] ^ key[i]) guess[i] = getHW(st9 ^ st10) return guess
def addTraces(self, traces, plaintexts, ciphertexts, knownkeys=None, progressBar=None, pointRange=None): if multivariate_normal is None: raise Warning("Version of SciPy too old, require >= 0.14, have %s. " "Update to support this attack" % (scipy.version.version)) # Hack for now - just use last template found template = self.loadTemplatesFromProject()[-1] pois = template["poi"] numparts = len(template['mean'][0]) results = np.zeros((16, 256)) tdiff = self._reportinginterval if progressBar: progressBar.setStatusMask("Current Trace = %d-%d Current Subkey = %d", (0, 0, 0)) progressBar.setMaximum(16 * len(traces)) pcnt = 0 for tnum in range(0, len(traces)): for bnum in self.brange: try: newresultsint = [multivariate_normal.logpdf(traces[tnum][pois[bnum]], mean=template['mean'][bnum][i], cov=np.diag(template['cov'][bnum][i])) for i in range(0, numparts)] except np.linalg.LinAlgError as e: print("WARNING: Error in applying template, probably template is poorly formed or POI incorrect. Error: " + str(e)) print(" Byte %d for tnum %d skipped due to this error."%(bnum, tnum)) newresultsint = [0] * 256 ptype = template["partitiontype"] if ptype == "PartitionHWIntermediate": newresults = [] # Map to key guess format for i in range(0, 256): # Get hypothetical hamming weight # hypint = HypHW(plaintexts[tnum], None, i, bnum) hypint = AESModel.leakage(plaintexts[tnum], ciphertexts[tnum], i, bnum, AESModel.LEAK_HW_SBOXOUT_FIRSTROUND, None) newresults.append(newresultsint[ hypint ]) elif ptype == "PartitionHDLastRound": newresults = [] # Map to key guess format for i in range(0, 256): # Get hypothetical hamming distance # hypint = HypHD(plaintexts[tnum], None, i, bnum) # hypint = HypHD(None, ciphertexts[tnum], i, bnum) hypint = AESModel.leakage(plaintexts[tnum], ciphertexts[tnum], i, bnum, AESModel.LEAK_HD_LASTROUND_STATE, None) newresults.append(newresultsint[ hypint ]) # TODO Temp elif ptype == "PartitionHDRounds": newresults = [] # Map to key guess format for i in range(0, 256): # Get hypothetical hamming distance # hypint = HypHD(plaintexts[tnum], None, i, bnum) if bnum == 0: hypint = getHW(plaintexts[tnum][bnum] ^ i) else: knownkey = [0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c] s1 = plaintexts[tnum][bnum - 1] ^ knownkey[bnum - 1] s2 = plaintexts[tnum][bnum] ^ i hypint = getHW(s1 ^ s2) newresults.append(newresultsint[ hypint ]) else: newresults = newresultsint results[bnum] += newresults self.stats.updateSubkey(bnum, results[bnum], tnum=(tnum + 1)) pcnt += 1 if progressBar: progressBar.updateStatus(pcnt, (tnum, len(traces)-1, bnum)) if progressBar.wasAborted(): return # Do plotting if required if (tnum % tdiff) == 0 and self.sr: self.sr()
def addTraces(self, traces, plaintexts, ciphertexts, knownkeys=None, progressBar=None, pointRange=None): if multivariate_normal is None: raise Warning( "Version of SciPy too old, require >= 0.14, have %s. " "Update to support this attack" % (scipy.version.version)) # Hack for now - just use last template found template = self.loadTemplatesFromProject()[-1] pois = template["poi"] numparts = len(template['mean'][0]) results = np.zeros((16, 256)) tdiff = self._reportinginterval if progressBar: progressBar.setStatusMask( "Current Trace = %d-%d Current Subkey = %d", (0, 0, 0)) progressBar.setMaximum(16 * len(traces)) pcnt = 0 for tnum in range(0, len(traces)): for bnum in self.brange: try: newresultsint = [ multivariate_normal.logpdf( traces[tnum][pois[bnum]], mean=template['mean'][bnum][i], cov=np.diag(template['cov'][bnum][i])) for i in range(0, numparts) ] except np.linalg.LinAlgError as e: logging.warning( 'Error in applying template, probably template is poorly formed or POI incorrect. Byte %d for tnum %d skipped.' % (bnum, tnum)) logging.debug(e) newresultsint = [0] * 256 ptype = template["partitiontype"] if ptype == "PartitionHWIntermediate": newresults = [] # Map to key guess format for i in range(0, 256): # Get hypothetical hamming weight # hypint = HypHW(plaintexts[tnum], None, i, bnum) hypint = AESModel.leakage( plaintexts[tnum], ciphertexts[tnum], i, bnum, AESModel.LEAK_HW_SBOXOUT_FIRSTROUND, None) newresults.append(newresultsint[hypint]) elif ptype == "PartitionHDLastRound": newresults = [] # Map to key guess format for i in range(0, 256): # Get hypothetical hamming distance # hypint = HypHD(plaintexts[tnum], None, i, bnum) # hypint = HypHD(None, ciphertexts[tnum], i, bnum) hypint = AESModel.leakage( plaintexts[tnum], ciphertexts[tnum], i, bnum, AESModel.LEAK_HD_LASTROUND_STATE, None) newresults.append(newresultsint[hypint]) # TODO Temp elif ptype == "PartitionHDRounds": newresults = [] # Map to key guess format for i in range(0, 256): # Get hypothetical hamming distance # hypint = HypHD(plaintexts[tnum], None, i, bnum) if bnum == 0: hypint = getHW(plaintexts[tnum][bnum] ^ i) else: knownkey = [ 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c ] s1 = plaintexts[tnum][bnum - 1] ^ knownkey[bnum - 1] s2 = plaintexts[tnum][bnum] ^ i hypint = getHW(s1 ^ s2) newresults.append(newresultsint[hypint]) else: newresults = newresultsint results[bnum] += newresults self.stats.updateSubkey(bnum, results[bnum], tnum=(tnum + 1)) pcnt += 1 if progressBar: progressBar.updateStatus(pcnt, (tnum, len(traces) - 1, bnum)) if progressBar.wasAborted(): return # Do plotting if required if (tnum % tdiff) == 0 and self.sr: self.sr()