Chipwhisperer Lite Xmega masked AES

I bought Chipwhisperer Lite Xmega(CW1173) recently. I want to measure the power waveform of 128bit AES with masking countermeasure, but I don’t know how to generate the program. Or is it easy to do just by rewriting the AES program that was already prepared when Chipwhisperer was installed?

There is a masked AES implementation included with ChipWhisperer. Try:

  1. Navigate to chipwhisperer/hardware/victims/firmware/crypto/ via bash/git bash
  2. Run git submodule update --init secAES-ATmega8515
  3. Build simpleserial-aes as usual, but with CRYPTO_TARGET=MASKEDAES

Alex

Hi.

Thank you for your help. I was able to execute up to step 2 ,but I don’t know how to do step 3.

I’m using Jupyter to make Chipwhisperer and Xmega work. Is there any program that can be used as a reference? In particular, I don’t know how to get the mask values.

Joooon

You should be able to use simpleserial-aes as usual. There’s an additional command get_mask() that does nothing in a non-masked implementation, but I believe can be used to set the mask here. You can call it via simpleserial_write('m', <mask>). IIRC the mask has to be 18 bytes long.

Unfortunately, I don’t really have any experience with the masked firmware, so I don’t know if I’ll be much help here.

For building the firmware, you can use the usual build command in the notebook, which should look something like:

%%bash -s "$PLATFORM" "$CRYPTO_TARGET"
cd ../../../hardware/victims/firmware/simpleserial-aes
make PLATFORM=$1 CRYPTO_TARGET=$2

Before running this block, set CRYPTO_TARGET=MASKEDAES

Hi.

Thank you for your help. I’m new to chipwhisperer, so I’m still struggling.

By using tutorial program(PA_CPA_1-Using_CW-Analyzer_for_CPA_Attack.ipynb) and changing TINYAES128C to MASKEDAES, I was able to collect traces, plaintexts and keys, but wasn’t able to get mask values. Should I write simpleserial_write(‘m’, ) into a Jupyter program and run it?

I think the mask value is set (initially?) by the simpleserial_write('m', ) and perhaps randomly updated after that, but I’m not sure.