Problems about AES-256 RSM implementation of DPAV4.1


#1

Hi, I wanna test AES-256 RSM implementation of DPAV4.1 on chipwhisperer software with OpenADC, I’ve programed the latest bitstream version(chipwhisperer-0.08) to FPGA and loaded the "dpa.hex"and “eedata.hex” (downloaded from dpacontest.org/v4/rsm_doc.php)to the flash and eeprom of the ATMega163.

When I run the “SASEBO-W example” on chipwhisperer capture software, the ciphertext are all 0 and it seems that the ATR from SmartCard is not correct: 3B AA AA 0 40 20 44 50 41 56 34 13 7 9 2 3
The correct one should be: 3B AE 0 40 32 73 61 53 65 42 6F 32 30 31 31 30 38 33 31

The dubugging information:
No phase shift loaded
For address 0x10=16 Sent data: fdbf0400
Read data: fdbf0404

3B AA AA 0 40 20 44 50 41 56 34 13 7 9 2 3
3B AA AA 0 40 20 44 50 41 56 34 13 7 9 2 3
No phase shift loaded
No phase shift loaded
3
3

Then I found that there is another bitstream version provided from “http://www.dpacontest.org/v4/rsm_doc.php
(CHIP_SASEBO_W_VCP_DPAV4.bit), I programmed it into the FPGA but this time the scope connection failed before one capture:
Timeout in read: 0
Timeout in read: 0
Timeout in read: 0
Traceback (most recent call last):
File “C:\chipwhisperer\software\chipwhisperer\capture\ChipWhispererCapture.py”, line 678, in doConDisScope
self.scope.con()
File “c:\chipwhisperer\software\chipwhisperer\capture\scopes\OpenADC.py”, line 474, in con
self.scopetype.con()
File “c:\chipwhisperer\software\chipwhisperer\capture\scopes\OpenADC.py”, line 128, in con
self.scope.con(self.ser)
File “c:\chipwhisperer\openadc\controlsw\python\openadc\qt.py”, line 234, in con
self.sc = openadc.OpenADCInterface(self.ser, self.console)
File “c:\chipwhisperer\openadc\controlsw\python\openadc\openadc.py”, line 759, in init
self.setReset(True)
File “c:\chipwhisperer\openadc\controlsw\python\openadc\openadc.py”, line 887, in setReset
self.hwMaxSamples = self.maxSamples()
File “c:\chipwhisperer\openadc\controlsw\python\openadc\openadc.py”, line 917, in maxSamples
samples = samples | (temp[0] << 0)
TypeError: ‘NoneType’ object has no attribute ‘getitem

Has anybody tested AES-256 RSM implementation of DPAV4.1 with ChipWhisperer software? Thanks for any info!


#2

Hello,

The DPAV4.1 implementation doesn’t work on the MegaCard with the SASEBO-W smartcard reader. The problem is the implementation isn’t quite correct of the SmartCard protocol. If you look at the DPAv4 sources, they have this comment:

				asm ("nop"); //TODO : make it compatible
			}
			} else {		 //with pcsc like in the prev versions :').

I had been using the DPAv4.1 with the ATMega328P device instead, but you might be able to get it working on the megacard.

The main issues is that the code doesn’t send the ‘ACK’ back. See the following figure:

smcard.png

The card is supposed to send the ‘INS’ byte back to the reader. The SASEBO-W reader waits for that back, but stalls because it is never sent. I think there might be some other issues but I didn’t check into it too much more - i.e. I’m not sure if it sends too long of data packets, as the reader in the SASEBO-W was originally designed for a maximum of 16 bytes. That should be fixable though.

As a related note, if you are looking also towards the DPAv4.2 be aware the current source posted on the dpacontest.org website is incorrect. They mention on the main page (see dpacontest.org/v4/index.php) this:

The source code posted is still the old one for the 4.2 contest. I know you asked about the 4.1 but was just mentioning it!