Masked AES implementation code or file

I want to capture the power traces of masked AES implementation from the Atmega328p and the SAKURA-G respectively to carry out some experiments. Where could I get the corresponding codes or files that I can load into them and then capture the traces.

Best,
David

1 Like

I have the same problem

I havenā€™t tried it and donā€™t know its current state, but a masked AES implementation was contributed a while back by @jmichel, I think:

To pull it in, go to hardware/victims/firmware/crypto/ and run:
git submodule update --init secAES-ATmega8515/

Iā€™ve also adapted the ARM implementation (normally targeting a STM32 MCU but it can be compiled for all ARM targets). But I hadnā€™t got the time to finish the pull-request. Shame on me :slight_smile:

Iā€™ll try to go back on it soon-ish if thereā€™s interest for it

Hey jmichel,

Any chance that pull request was ever completed? :slight_smile:

I believe https://github.com/ANSSI-FR/SecAESSTM32/tree/3b9ed68a4576255636634ec539079476cd5bbc92 is the library Jean-Michel was working on adapting.

1 Like

Sorry for the delay.

Indeed Iā€™ve been working on 3 implementations of masked/bitsliced AES for Cortex-M:

The two implementations from ANSSI (the one for AVR and the one for Cortex-M4) have configurable masks (AVR expects 2 configuration bytes followed by 16-byte mask and ARM implementation expects either 16-byte or 32-byte mask). The other 2 implementations generate the mask internally using an RNG and Iā€™m trying to keep the implementations upstream as pristine as I can. In the case of a ā€œrealā€ target, the mask wouldnā€™t be known anyway.

To support all this, I started a series of PR on Gtihub. The first one is there to support variable length commands, which is required for setting the masks.

Once this is merged, Iā€™ll create more pull requests to add the implementations into the firmware directory.
The last two implementations requiring a change in the HAL to start the platform RNG as well as having a get_rand(), they wonā€™t be supported by all platforms yet (Iā€™ve worked on and tested K82F, nRF52840 and STM32F4 so far).

For the experiments Iā€™m running I started maintaining a repository of pre-compiled firmware for the simpleserial_aes program: https://github.com/jmichelp/chipwhisperer-firmware
I need to finish a few commits and Iā€™ll recompile them soon (the RIOU and KNARFRANK implementation were broken when I last compiled them).

Hi.

Is there any API reference for the HEX file in the precompiled firmware repository. How to use it after burning?

They all use the standard Chipwhisperer ASCII UART protocol.
So the usual commands are:

  • k[hex-encoded-key] to set the encryption key
  • p[hex-encoded-plaintext] to set the plaintext
  • r to get the results.

The firmware for ANSSI SecAESSTM32 needs another command to work:

  • m[mask_length][mask_value] to set the mask where mask_length indicates the length (hex-encoded, 2 hex chars) of the mask. Supported values for the length are 13 (19-byte mask to protect the AES algorithm only) and 26 (38-byte mask to protect both the AES algorithm and the keysheduling). mask_value is the mask to be used, hex-encoded.

hello

Recently I was trying to compile the ā€œRIOUBSAESā€ option, but I am missing the ā€œget_rand()ā€ function, is there a workaround?

Hi Jmichel,

I see a note on your repository ā€˜[Better handle ESP32 and cleanup after build]ā€™, did you manage to finish this and the esp32.elf is ok to use?

Trying to understand how to get esp32 to work for me but not having much luck so far