AES256 from MBEDTLS

Slangster · November 22, 2023, 12:55pm

Hello,

I’m trying to capture traces of AES256 using MBEDTLS. However, after changing the files related to AES128 in order to accept 256-bit keys, I get the following error:
(ChipWhisperer Target ERROR|File SimpleSerial.py:314) Target did not ack

Here are the files I modified(according to the other posts I read on the forum, it seems to be the right thing to do):

simpleserial_addcmd('k', 32, get_key); in simpleserial-aes.c
aes_indep_key256(k); in get_key function in simpleserial-aes.c
mbedtls_aes_setkey_enc(&ctx, key, 256); in aes_indep_key256 function in aes-independant.c

For the capture, I use the same code as in Lab 2_1 - CPA on 32bit AES, except that I use keys that are twice as long.
Do you have any idea why this is happening and how to fix it?

thanks in advance,
Slangster

Alex_Dewar · November 22, 2023, 4:02pm

I’d recommend breaking what you’re doing into smaller parts to try to figure out where your issue is. Start by just sending 32 bytes via the 'k' command, then move on to calling aes_indep_key256(k), and so on until the firmware works.

Alex

Slangster · November 27, 2023, 7:18am

The problem starts when I’m sending 32 bytes via the ‘k’ command. But that doesn’t really surprise me, because as long as there are no changes made to the other lines, AES is expecting 16 bytes, right?
I already managed to send 32 bytes with the RSA algorithm by replacing the simpleserial_addcmd part, so I’m pretty confident that is the right thing to do, even though I do sometimes get some errors (Timeout in OpenADC capture(), no trigger seen! Trigger forced, data is invalid. Status: 0b).

After replacing the ChipWhisperer capture helper trace = cw.capture_trace(scope, target, text, key) by

target.simpleserial_write(‘k’, key)
ret = scope.capture()
trace = scope.get_last_trace()

I do get traces, but this time I get the error (ChipWhisperer Scope ERROR|File OpenADC.py:787) Received fewer points than expected: 4999 vs 5000, and the trace I get is nonsensical.

Alex_Dewar · November 27, 2023, 5:01pm

You need to call scope.arm() before capturing a trace. Additionally, the 'k’ command doesn’t set the trigger pin high, that’s done by the 'p' command.

Alex

Slangster · November 29, 2023, 9:22am

Indeed, I did forget to use the 'p' command. Thank you, that was the solution.
Additionally, using cw.capture_trace(scope, target, key, text) or target.simpleserial_write('k', key) results in an error. What worked for me was to use target.set_key(key) to set the key.

Slangster · November 29, 2023, 10:41am

Actually, I managed to send keys, and using the tutorial Lab 4_2 - CPA on Firmware Implementation of AES, I managed to retrieve the first half of the key. Following the tutorial Extending AES-128 Attacks to AES-256, I coded what was necessary to get the second half. However, the second half is not the key I set. So I looked at the aes_independant.c file and found out that I forgot to change back the number of bits to 256. But setting mbedtls_aes_setkey_enc(&ctx, key, 256); actually eventually raise an error (ChipWhisperer Target ERROR|File SimpleSerial.py:314) Target did not ack when calling target.set_key(key). All the rest works fine, but this particular line is problematic.