Encryption Status Monitor, how to change the algorithm


#1

The encryption status monitor can helps us check if our AES implementation returns a correct ciphertext.
If I want to work around with another encryption algorithm, such as PRESENT, is there a way to change the expected output of the Monitor?

thanks in advance ~~


#2

Hi Eric,

I believe currently there is no easy way to change the expected field without making changes to the source code. If you want to get adventurous you can overwrite the getExpected method of the SimpleSerial class after you inherit from it (You can find it in chipwhisperer/software/chipwhisperer/capture/targets/SimpleSerial.py). The get expected method uses an AES module so you would either have to implement the PRESENT encryption algorithm or find a python module that includes an implementation. I hope this answers your question!

Cheers,
Franz


#3

Thanks for the reply, I’ll try it

Eric


#4

Hi,

So…
If I want to get the Plaintext and Key
I can just use self.input & self.key to get them in the class SimpleSerial right?

Eric


#5

Hi Eric,

The self.key and self.input attribute is set after using self.loadEncryptionKey to set a key and self.loadInput to set a plaintext. As long as you access the variables after they are set, which is one of the first steps in a capture, these attributes will give you the right value. If you are wondering in what order capture events occur and when those value are set, there are some example scripts that show the sequence of events. Here is the link. The trace capture loop and the loading of encryption key and plain text occurs on these lines. I hope this helps! :smiley:

Cheers,
Franz

Cheers,
Franz


#6

Hi Franz,

Thank you so much for keep answering my question~~ :smiley: :smiley:

Evidently, I am not good at python ~~ :blush: :blush:
Anyway, here is what I did:

  1. I have implemented this PRESENT algorithm which takes the key (numpy array) and plaintext (numpy array) and returns the ciphertext (also a numpy array).
  2. The code below is what i did to the SimpleSerial.py file
  3. I remove the SimpleSerial.pyc and reopen the Chipwhisperer-Capture software
  4. When I use the ‘ChipWhisperer-Lite: AES on XMEGA’ script, the Encryption Monitor still works perfectly
  5. When I change the Input Length to 8, the Encryption Monitor still gives me the ‘?’
    … it seems nothing has changed ??
    (By the way, I am currently using the Capture V3.5.3)

What am i doing wrong? How to do it properly? :confused: :confused:

Eric

351     def getExpected(self):
352         """Based on key & text get expected if known, otherwise returns None"""
353         if self.textLen() == 16:
354             return None
355             #return TargetTemplate.getExpected(self)
356         elif self.textLen() == 8:
357             roundkeys = Present_runsfast_keyschedule(self.key)
358             plaintext = np.copy(self.input)
359             return Present_runsfast_enc(plaintext,roundkeys)
360         else:
361             return None

#7

Hi Eric,

No problem, we are currently looking into making what you are doing easier to do. Until then, I can give you a few things that might help you solve it yourself.

Before you do any of my suggested debugging, try running self.target.textlength = 8 aftering running all the setup and before you press capture.

Debug stuff and extra information:

The encryption monitor sets the text based on if the expected is not None if it is None then it sets it to ?, which is what you are seeing. This can be seen here.

The getExpected function in the SimpleSerial.py file is what gives the Encryption monitor its text.

They are connect through a signal, this is not as important as you have no reason to change the signal connections.

You problem is most likely that the if statements you wrote still end up returning None. Easiest way to debug: change the three return statements you have into known return values so you know which one gets executed. Note: the Encryption status monitor expects a bytearray. Like this:

351     def getExpected(self):
352         """Based on key & text get expected if known, otherwise returns None"""
353         if self.textLen() == 16:
354             return bytearray([255])
355             #return TargetTemplate.getExpected(self)
356         elif self.textLen() == 8:
357             roundkeys = Present_runsfast_keyschedule(self.key)
358             plaintext = np.copy(self.input)
359             return bytearray([255, 255])
360         else:
361             return bytearray([255, 255, 255])

You can then look at you encryption status monitor and it will either say FF, FF FF, or FF FF FF. FF is the hex representation of the integer 255. You now know which populates the expected field. If it is FF (the first if statement) then it is because self.testlen() still evaluates to 16, if it is the second one (FF FF) we know that your encryption algorithm may be returning None, hence your previous result of ?. And if it is the else statement (FF FF FF) the self.textlen is evaluating to something other than 8 and 16.

If you decide to try it on your own you can share the results with me and I can help further if you need it. :smiley:

Cheers,
Franz


#8

Hello,

Did this work for you? I’d be happy to try and build an example for you, as adding new algorithms is always of interest to me!

Is there anything specific about your example? The new target module would be built for the 4.x branch, but should work for the older branch you are using too.

Thanks,

-Colin


#9

Hi Colin and Franz,

First of all, thank you guys so much for helping me. :smiley: :smiley:
After days of trying, I finally get it to work ~~ :laughing:
This seems like such a small tweak, still, it took me quite some time to figure out all the weird problems.
Here are some things I thought worth mentioning for those who want to try the same things:

  1. the indentations are ‘space’
    ( my auto-indent is set to ‘tab’ :laughing: )
  2. check if self.key and self.input has been assigned or not
    ( self.input might not be valid when getExpected() is used )

Here is my code:

    def getExpected(self):
        """Based on key & text get expected if known, otherwise returns None"""
        if self.textLen() == 16:
            #return bytearray([255,255,255])
            return TargetTemplate.getExpected(self)
        elif self.textLen() == 8 and self.key and self.input:
            roundkeys = Present_runsfast_keyschedule(self.key)
            plaintext = list(self.input)
            return bytearray(Present_runsfast_enc(plaintext,roundkeys).tolist())
        else:
            return None

Thanks again for all your help :smiley:

Eric


#10

Hi Eric,

I am happy that you got it to work! :smiley:
Thanks for adding notes on how you did end up solving it, I am sure it will help other people.
The tab vs. space thing made me laugh, I think everyone who uses python has to make that mistake at least once! :wink:

Cheers,
Franz


#11

I suggest you look at the “Activated” value which can be set to “Yes” or “No” (to what I’ve seen)

You can also check the system status by clicking on the McAfee icon in the system tray -> “Quick Settings” -> “Show Endpoint Encryption Status”, but this is not programmatically (like a registry value).

Might seem obvious, but happened to me a lot in the past - Make sure your system reports to the same ePO you think it is, if you have more than one.
What’s the last communication date ePO shows for these systems ?

Regards
metaforumtechnologies.com/an … in-chennai