Chipwhisperer Lite Xmega masked AES

Joooon · October 22, 2020, 12:40pm

I bought Chipwhisperer Lite Xmega(CW1173) recently. I want to measure the power waveform of 128bit AES with masking countermeasure, but I don’t know how to generate the program. Or is it easy to do just by rewriting the AES program that was already prepared when Chipwhisperer was installed?

Alex_Dewar · October 22, 2020, 5:42pm

There is a masked AES implementation included with ChipWhisperer. Try:

Navigate to chipwhisperer/hardware/victims/firmware/crypto/ via bash/git bash
Run git submodule update --init secAES-ATmega8515
Build simpleserial-aes as usual, but with CRYPTO_TARGET=MASKEDAES

Alex

Joooon · October 23, 2020, 5:32am

Hi.

Thank you for your help. I was able to execute up to step 2 ,but I don’t know how to do step 3.

I’m using Jupyter to make Chipwhisperer and Xmega work. Is there any program that can be used as a reference? In particular, I don’t know how to get the mask values.

Joooon

Alex_Dewar · October 23, 2020, 2:00pm

You should be able to use simpleserial-aes as usual. There’s an additional command get_mask() that does nothing in a non-masked implementation, but I believe can be used to set the mask here. You can call it via simpleserial_write('m', <mask>). IIRC the mask has to be 18 bytes long.

Unfortunately, I don’t really have any experience with the masked firmware, so I don’t know if I’ll be much help here.

For building the firmware, you can use the usual build command in the notebook, which should look something like:

%%bash -s "$PLATFORM" "$CRYPTO_TARGET"
cd ../../../hardware/victims/firmware/simpleserial-aes
make PLATFORM=$1 CRYPTO_TARGET=$2

Before running this block, set CRYPTO_TARGET=MASKEDAES

Joooon · October 24, 2020, 6:49am

Hi.

Thank you for your help. I’m new to chipwhisperer, so I’m still struggling.

By using tutorial program(PA_CPA_1-Using_CW-Analyzer_for_CPA_Attack.ipynb) and changing TINYAES128C to MASKEDAES, I was able to collect traces, plaintexts and keys, but wasn’t able to get mask values. Should I write simpleserial_write(‘m’, ) into a Jupyter program and run it?

Alex_Dewar · October 26, 2020, 6:00pm

I think the mask value is set (initially?) by the simpleserial_write('m', ) and perhaps randomly updated after that, but I’m not sure.

Ssx · October 8, 2022, 1:08pm

Hi，Alex

I have completed code burning and can use masks to collect power consumption, but I have no way to know how the masks are changed inside the chip, nor can I get the masks used in each encryption.There are assembly instructions in the source code, so I can’t get more information. I hope I can get your help.

Ssx

Alex_Dewar · October 11, 2022, 1:46pm

Sorry, I’m not familiar with that code and I don’t know much about masking, so I can’t really help.

Ssx · October 12, 2022, 2:40am

Thank you very much for your reply, and I will continue to work hard.

ssx