int main(int argc, char **argv) { int trace=0; char file[512], cryptdata[128]; mf_t trace_mf; dpa_t *dpa=NULL; uint8_t hypotheses[1024], key[16], plain[16]; int hypos=0; correl_t *results=NULL; time_t start=0, runtime; int cnt; int last_cnt=0; FILE *fl, *ptxts; float signif; int best_keybyte=0; float max_correl=0; hypo_template_t *hypo_templates; if(argc<=2) { printf("see the README\n"); return 0; } sscanf(argv[1],"%2s:%d",file,&cnt); assert((fl=fopen("hypo.txt","w"))); if(!(strcmp(file,"hd"))) { printf("Hamming-Distance keybyte %d\n",cnt); fprintf(fl,"sbox_out %d&ff sbox_in %d&ff 0 0\n",cnt,cnt); } else if(!(strcmp(file,"hw"))) { printf("Hamming-Weight keybyte %d\n",cnt); fprintf(fl,"sbox_out %d&ff null 0&ff 0 0\n",cnt); } else { printf("usage: hd:<keybyte> for hamming dist or hw:<keybyte> for hamming weight\n"); return 0; } fclose(fl); // don't ask... assert((hypos = hypo_templ_gen("hypo.txt", &hypo_templates, NULL))); hypos *= 256; sprintf(file,"%s/aes.log",argv[2]); assert((ptxts = fopen(file, "r"))); while(fgets(cryptdata, 512, ptxts)) { if(!(trace%20)) printf("trace %d\n",trace); assert(parse_hex(cryptdata, plain, 16) == (cryptdata+32)); sprintf(file,"%s/%06d.dat",argv[2],trace); assert(!(open_trace(&trace_mf, file))); // generate hypotheses for(cnt=0; cnt<256; cnt++) { memset(key, cnt&0xff, 16); hypo_gen(plain, key, hypo_templates, hypotheses+cnt); } if(!dpa) { dpa = dpa_init(hypos, trace_mf.len); assert((results = malloc(sizeof(correl_t)*(dpa->tracelen)))); start = time(NULL); } dpa_add(dpa, trace_mf.ptr, hypotheses); trace++; last_cnt = trace; signif = 1.3*(4/sqrt((float)trace)); max_correl = 0; best_keybyte = 0; if(!(trace%100)) { for(cnt=0; cnt<hypos; cnt++) { float max; dpa_get_results(dpa, cnt, results, &max); if(ABS(max) > ABS(max_correl)) { max_correl = max; best_keybyte = cnt; } } printf("key guess 0x%02x correl: %f (signifcant: >=%f)\n",best_keybyte,max_correl,signif); } } runtime = time(NULL); runtime -= start; dpa_speedinfo(dpa, runtime); // get results dpa_get_results(dpa, best_keybyte, results, NULL); assert((fl=fopen("results.txt","w"))); for(cnt=0; cnt < dpa->tracelen; cnt++) fprintf(fl,"%d: %f\n",cnt,results[cnt]); fclose(fl); free(results); dpa_destroy(&dpa); return 0; }
int main(int argc, char **argv) { int trace = 0; char buf[512], cryptdata[128]; mf_t trace_mf; dpa_t *dpa = NULL; uint8_t hypotheses[1024], key[16], plain[16]; int hypos = 16; correl_t *results = NULL; time_t start = 0, runtime; int res, cnt; int last_cnt = 0; FILE *fl_align, *fl_iod; float signif; int best_keybyte = 0; float max_correl = 0; hypo_template_t *hypo_templates; int trace_ofs = (372*12*280)/16; // 78k int trace_len = 100000; assert(argc>=3); fl_iod = fopen(argv[1], "r"); assert(fl_iod); fl_align = fopen(argv[2],"r"); assert(fl_align); while (fgets(buf, 512, fl_iod)) { uint8_t rand[16]; uint8_t sres_kc[12]; char *p = parse_hex(buf+9, rand, 16); assert(p == buf+9+32); p = parse_hex(buf+9+32+1, sres_kc, 12); assert(p == buf+9+32+1+24); int ofs; float diff; res = fscanf(fl_align, "%s %i %f",buf,&ofs,&diff); assert(res == 3); res = open_trace(&trace_mf, buf); assert(!res); for(cnt=0; cnt<16; cnt++) { hypotheses[cnt] = hamming_weight(rand[cnt]); } if (!dpa) { dpa = dpa_init(hypos, trace_len); assert((results = malloc(sizeof(correl_t) * (dpa->tracelen)))); start = time(NULL); } assert(ofs <= trace_ofs); dpa_add(dpa, trace_mf.ptr + trace_ofs - ofs, hypotheses); trace++; last_cnt = trace; if(!(trace%32)) printf("%d\n",trace); } fclose(fl_iod); fclose(fl_align); runtime = time(NULL); runtime -= start; dpa_speedinfo(dpa, runtime); signif = 1.3 * (4 / sqrt((float)trace)); printf("signif: %f\n", signif); for (cnt = 0; cnt < hypos; cnt++) { float max; FILE *res_fl; int i; dpa_get_results(dpa, cnt, results, &max); sprintf(buf,"dpa-%d.txt",cnt); res_fl = fopen(buf,"w"); assert(res_fl); for(i=0;i<dpa->tracelen;i++) fprintf(res_fl,"%d %f\n",i+trace_ofs,results[i]); fclose(res_fl); } free(results); dpa_destroy(&dpa); return 0; }