int main(int argc, char **argv) {
int trace=0;
char file[512], cryptdata[128];
mf_t trace_mf;
dpa_t *dpa=NULL;
uint8_t hypotheses[1024], key[16], plain[16];
int hypos=0;
correl_t *results=NULL;
time_t start=0, runtime;
int cnt;
int last_cnt=0;
FILE *fl, *ptxts;
float signif;
int best_keybyte=0;
float max_correl=0;
hypo_template_t *hypo_templates;
if(argc<=2) {
printf("see the README\n");
return 0;
}
sscanf(argv[1],"%2s:%d",file,&cnt);
assert((fl=fopen("hypo.txt","w")));
if(!(strcmp(file,"hd"))) {
printf("Hamming-Distance keybyte %d\n",cnt);
fprintf(fl,"sbox_out %d&ff sbox_in %d&ff 0 0\n",cnt,cnt);
}
else if(!(strcmp(file,"hw"))) {
printf("Hamming-Weight keybyte %d\n",cnt);
fprintf(fl,"sbox_out %d&ff null 0&ff 0 0\n",cnt);
}
else {
printf("usage: hd:<keybyte> for hamming dist or hw:<keybyte> for hamming weight\n");
return 0;
}
fclose(fl);
// don't ask...
assert((hypos = hypo_templ_gen("hypo.txt", &hypo_templates, NULL)));
hypos *= 256;
sprintf(file,"%s/aes.log",argv[2]);
assert((ptxts = fopen(file, "r")));
while(fgets(cryptdata, 512, ptxts)) {
if(!(trace%20))
printf("trace %d\n",trace);
assert(parse_hex(cryptdata, plain, 16) == (cryptdata+32));
sprintf(file,"%s/%06d.dat",argv[2],trace);
assert(!(open_trace(&trace_mf, file)));
// generate hypotheses
for(cnt=0; cnt<256; cnt++) {
memset(key, cnt&0xff, 16);
hypo_gen(plain, key, hypo_templates, hypotheses+cnt);
}
if(!dpa) {
dpa = dpa_init(hypos, trace_mf.len);
assert((results = malloc(sizeof(correl_t)*(dpa->tracelen))));
start = time(NULL);
}
dpa_add(dpa, trace_mf.ptr, hypotheses);
trace++;
last_cnt = trace;
signif = 1.3*(4/sqrt((float)trace));
max_correl = 0;
best_keybyte = 0;
if(!(trace%100)) {
for(cnt=0; cnt<hypos; cnt++) {
float max;
dpa_get_results(dpa, cnt, results, &max);
if(ABS(max) > ABS(max_correl)) {
max_correl = max;
best_keybyte = cnt;
}
}
printf("key guess 0x%02x correl: %f (signifcant: >=%f)\n",best_keybyte,max_correl,signif);
}
}
runtime = time(NULL);
runtime -= start;
dpa_speedinfo(dpa, runtime);
// get results
dpa_get_results(dpa, best_keybyte, results, NULL);
assert((fl=fopen("results.txt","w")));
for(cnt=0; cnt < dpa->tracelen; cnt++)
fprintf(fl,"%d: %f\n",cnt,results[cnt]);
fclose(fl);
free(results);
dpa_destroy(&dpa);
return 0;
}
int main(int argc, char **argv)
{
int trace = 0;
char buf[512], cryptdata[128];
mf_t trace_mf;
dpa_t *dpa = NULL;
uint8_t hypotheses[1024], key[16], plain[16];
int hypos = 16;
correl_t *results = NULL;
time_t start = 0, runtime;
int res, cnt;
int last_cnt = 0;
FILE *fl_align, *fl_iod;
float signif;
int best_keybyte = 0;
float max_correl = 0;
hypo_template_t *hypo_templates;
int trace_ofs = (372*12*280)/16; // 78k
int trace_len = 100000;
assert(argc>=3);
fl_iod = fopen(argv[1], "r");
assert(fl_iod);
fl_align = fopen(argv[2],"r");
assert(fl_align);
while (fgets(buf, 512, fl_iod)) {
uint8_t rand[16];
uint8_t sres_kc[12];
char *p = parse_hex(buf+9, rand, 16);
assert(p == buf+9+32);
p = parse_hex(buf+9+32+1, sres_kc, 12);
assert(p == buf+9+32+1+24);
int ofs;
float diff;
res = fscanf(fl_align, "%s %i %f",buf,&ofs,&diff);
assert(res == 3);
res = open_trace(&trace_mf, buf);
assert(!res);
for(cnt=0; cnt<16; cnt++) {
hypotheses[cnt] = hamming_weight(rand[cnt]);
}
if (!dpa) {
dpa = dpa_init(hypos, trace_len);
assert((results =
malloc(sizeof(correl_t) * (dpa->tracelen))));
start = time(NULL);
}
assert(ofs <= trace_ofs);
dpa_add(dpa, trace_mf.ptr + trace_ofs - ofs, hypotheses);
trace++;
last_cnt = trace;
if(!(trace%32))
printf("%d\n",trace);
}
fclose(fl_iod);
fclose(fl_align);
runtime = time(NULL);
runtime -= start;
dpa_speedinfo(dpa, runtime);
signif = 1.3 * (4 / sqrt((float)trace));
printf("signif: %f\n", signif);
for (cnt = 0; cnt < hypos; cnt++) {
float max;
FILE *res_fl;
int i;
dpa_get_results(dpa, cnt, results, &max);
sprintf(buf,"dpa-%d.txt",cnt);
res_fl = fopen(buf,"w");
assert(res_fl);
for(i=0;i<dpa->tracelen;i++)
fprintf(res_fl,"%d %f\n",i+trace_ofs,results[i]);
fclose(res_fl);
}
free(results);
dpa_destroy(&dpa);
return 0;
}
