I use the AES-128 masked library that comes with chipWhisperer to compile. After the compilation is successful, I can burn the hardware and collect it after burning. But I can’t find how to set the mask in the source capture_trace. In the trace function, there is no operation related to the input mask. In simpleserial-aes. c existence get_mask function. Do I add ‘mask’ variables directly to ‘cw.capture_trace(scope,target,plaintext,key)’ to change the ‘capture_trace’ function to make it effective? or what should I do?
You should be able to tell pretty easily if your AES implementation is masked by how long the operation takes. Masked AES should be roughly an order of magnitude or more slower than normal AES.
Did you restart your notebook after making your changes to ChipWhisperer? The change you made to
capture_trace() isn’t valid Python syntax. You can’t have a parameter without a default after a parameter with a default. Also the simpleserial command you’re looking for is the
'm' command and you’ll want to set the mask before the plaintext.
I’m sorry, my code ability is not very strong. I made the following change “def capture_trace(scope, target, plaintext, key=None, mask=None, ack=True):”, added the following command
“ if mask:
into the function body, and then restarted the chipwhisperer platform. I successfully burned and collected. I wonder if there are any principle errors.
I’m very sorry I have encountered another difficult problem recently.
I successfully ran the mask scheme of AES-128 before, and collected 10w pieces of data. But recently, when I conducted the burning collection again, I found that the mask could not take effect in the chip. I tried to recompile and restart, but the problem could not be solved.
I hope to get your help.
Do you mean that masking in general isn’t working, or that the mask you sent with
simpleserial_write('m', mask) isn’t being used?
Thank you very much for your quick reply.My English is not very good. I mean that the mask I sent with
simpleserial_write('m', mask) isn’t being used.I can confirm that
uint8_t get_mask(uint8_t* m) and
void aes_indep_mask(uint8_t * m) are in normal use.
The two functions in the red box in the figure below can collect trace.But the trace is the same indicating that the mask inserted is not used.
What are you looking for in a difference of traces here? I’d assume that the masked AES implementation would be constant time, so there probably isn’t a big difference between the traces. Also, I don’t think just commenting out the mask part of
capture_trace() does anything to change the mask - all
aes_indep_mask() does is overwrite the previous mask.
A few months ago. I successfully obtained the masked AES traces. But the traces obtained this time is not the same as before. such as the following two figures.The difference between them is obvious.But I haven’t changed the code these two times. So I’m surprised why the results are different. The only guess I can make now is that there is a problem with the registers related to the mask [ ] of Xmega.