API¶
This is where the documentation for the public API functions, and classes lives.
Key Text Pairs¶
Can be called directly via cwtvla.func()
.
-
class
FixedVRandomKey
(key_len=16)¶ Key text pairs for FixedVRandomKey TVLA
Usage:
import cwtvla ktp = cwtvla.tkp.FixedVRandomKey(key_len=16) #16 byte key - AES128 key, text ktp.next_group_A() # Random text, fixed key key, text ktp.next_group_B() # Random text, Random key
-
next_group_A
()¶
-
next_group_B
()¶
-
-
class
FixedVRandomText
(key_len=16)¶ Key text pairs for FixedVRandomText TVLA
Useful for evaluating the general leakage of a device, but may pick up false positives from loading/unloading of key/plaintext.
Usage:
import cwtvla ktp = cwtvla.tkp.FixedVRandomText(key_len=16) #16 byte key - AES128 key, text ktp.next_group_A() # Fixed text, fixed key key, text ktp.next_group_B() # Random text, fixed key
next_group_B()
can also be used for Random V Random captures-
next_group_A
()¶ Return key, text, ciphertext for fixed text group
-
next_group_B
()¶ Return key, text for random group. Updates random group afterwards
1st Call: I0
2nd Call: I1
3rd Call: I2…
-
-
class
SemiFixedVRandomText
(key_len=16, round=None)¶ Key text pairs for SemiFixedVRandomText.
Sets state in selected round to 0x8B8A490BDF7C00BDD7E6066Cxxxxxxxx. Varies the last bits and reverses to get input plaintext.
Useful since it is both non-specific and restricts TVLA results to a middle round.
Usage:
import cwtvla ktp = cwtvla.tkp.SemiFixedVRandomText(key_len=16, round=5) #16 byte key - AES128, reverse from round 5 key, text ktp.next_group_A() # Semi fixed text, Fixed key key, text ktp.next_group_B() # Random text, Fixed key
-
next_group_A
()¶
-
next_group_B
()¶ Return key, text for random group. Updates random group afterwards
1st Call: I0 2nd Call: I1 3rd Call: I2…
-
-
verify_AES
(plaintext, key, ciphertext)¶ Verifies that AES(plaintext, key) == ciphertext
Analysis¶
Can be called directly via cwtvla.func()
.
-
build_centered_product
(mct)¶
-
build_mean_corr
(traces)¶
-
check_t_test
(t, threshold=4.5)¶ Check the results of the t_test and return points where it failed.
- Parameters
t (np.array(shape=(2, scope.adc.samples), dtype='float64')) – t_test results
threshold (float) – If t[0] and t[1] are above threshold or below -threshold at the same point, it is considered a failure point
- Returns
list of failed points
-
construct_leakage_bit
(operation_in, operation_out, round_offset=0)¶ Construct a leakage function using func between operation_in and operation_out
round_offset can be used to offset operation_out to a different round
- Parameters
operation_in (str) – ‘addroundkey’, ‘subbytes’, ‘shiftrows’, or ‘mixcolumns’. Use None for no op.
operation_out (str) – ‘addroundkey’, ‘subbytes’, ‘shiftrows’, or ‘mixcolumns’. Use None for no op.
round_offset (int) – How many rounds to offset operation_out
- Returns
leakage function
- Return type
function(text, byte, bit, cipher, rnd)
-
construct_leakage_byte
(operation_in, operation_out, round_offset=0)¶ Construct a leakage function using func between operation_in and operation_out
round_offset can be used to offset operation_out to a different round
- Parameters
operation_in (str) – ‘addroundkey’, ‘subbytes’, ‘shiftrows’, or ‘mixcolumns’. Use None for no op.
operation_out (str) – ‘addroundkey’, ‘subbytes’, ‘shiftrows’, or ‘mixcolumns’. Use None for no op.
round_offset (int) – How many rounds to offset operation_out
- Returns
leakage function
- Return type
function(text, byte, bit, cipher, rnd)
-
eval_rand_v_rand
(waves, textins, func, key_len=16, round_range=None, byte_range=None, bit_range=None, plot=False)¶ Evaluate rand_v_rand traces using a leakage function.
Separates waves using textins and the leakage func, then does a t_test between them.
Done for rounds in round_range, for bytes in byte_range, and bits (or vals) in bit range. Can also plot for each test.
- Parameters
waves (np.array) – Rand V Rand Trace waves
textins (np.array) – Rand V Rand plaintexts
func (function(textin, byte, bit, cipher, round)) – Leakage to function used to separate traces
key_len (int) – length of key used in bytes
round_range (iterable) – Rounds to test
byte_range (iterable) – Bytes to test
bit_range (iterable) – Bits to test (or vals if using a byte leakage func)
plot (bool) – Plot t_test results?
-
leakage_func_bit
(text, byte, bit, cipher, op_in, op_out)¶ A generic leakage function for testing a bit in the AES state
Tests between operations op_in and op_out. Assuming st0 is the state after operation op_in and st1 is the state after operation op_out, returns (st0[byte] ^ st1[byte]) & (1 << bit)
- Parameters
text (list) – The input plaintext
byte (int) – Which byte to get the leakage for
bit (int) – Which bit to get the leakage for
cipher (AESCipher) – The cipher used for encryption
op_in (int) – Use the state after operation op_in. If 0, an array of 0 is used (useful for HW)
op_out (int) – Use the state after operation op_out. If 0, an array of 0 is used (useful for HW)
- Returns
1 if the bit under test is 1, 0 if it is 0
- Return type
int
-
leakage_func_byte
(text, byte, val, cipher, op_in, op_out)¶ A generic leakage function for testing the value AES state
Tests between operations op_in and op_out. Assuming st0 is the state after operation op_in and st1 is the state after operation op_out, returns int((st0[byte] ^ st1[byte]) == val)
- Parameters
text (list) – The input plaintext
byte (int) – Which byte to get the leakage for
val (int) – The val to separate based on
cipher (AESCipher) – The cipher used for encryption
op_in (int) – Use the state after operation op_in. If 0, an array of 0 is used (useful for HW)
op_out (int) – Use the state after operation op_out. If 0, an array of 0 is used (useful for HW)
- Returns
1 if state_byte == val
- Return type
int
-
leakage_lookup
(operation, round)¶ Get the number representation for operation happening in round
Note that these all correspond to the output of the operation, so ‘subbytes’ is the output of the SBox, not the input.
- Parameters
operation (str, None) – One of ‘subbytes’, ‘shiftrows’, ‘mixcolumns’, or ‘addroundkey’. If None, 0 is returned
round (int) – Which round the operation is occuring in
- Returns
A number corresponding to the desired operation
-
roundinout_hd
(text, byte, bit, cipher, rnd)¶
-
roundout_hw
(text, byte, bit, cipher, rnd)¶
-
sbox_hw
(text, byte, bit, cipher, rnd)¶
-
sboxinout_hd
(text, byte, bit, cipher, rnd)¶
-
t_test
(group1, group2)¶ Perform a t_test between two numpy arrays.
Splits the data between the first and second half of each group
- Parameters
group1 (numpy.array) – Group 1
group2 (numpy.array) – Group 2
- Returns
A numpy array with two elements spanning the length of the traces. The first is between the first half of groups 1 and 2. The second is between the second half of the groups.
- Return type
numpy.array
CW Convenience¶
Must be manually imported
-
capture_all
(scope, target, platform, N=10000, key_len=16)¶ Do all three non-specific captures and a Rand_V_Rand capture.
Stores the results in a CWTVLA standard zarr array
- Parameters
scope (CW scope object) – Setup scope object
target (CW target object) – Setup target object
platform (str) – What to call the set in the zarr array
N (int) – Number of traces to capture
key_len (int) – 16 for AES-128, 32 for AES-256
-
capture_non_specific
(scope, target, ktp_class, N=10000, key_len=16, group1=None, group2=None)¶ Capture data for a non-specific TVLA t-test
- Parameters
scope (CW scope object) – Already setup scope object
target (CW target object) – Already setup target object
ktp_class (ktp) – Non specific KTP object (FixedVRandText, Key, etc)
N (int) – Number of traces to capture for each dataset (will end up with 2*N traces total)
key_len (int) – 16 for AES-128, 32 for AES-256
group1 (np.array) – Optional array object for storing traces in
group2 (np.array) – Optional array object for storing traces in
- Returns
group1, group2
-
capture_rand
(scope, target, N=10000, key_len=16, waves=None, textins=None)¶ Capture traces for a rand_v_rand TVLA t-test
- Parameters
scope (CW scope object) – Setup scope object
target (CW target object) – Setup target object
N (int) – Number of traces to capture
key_len (int) – 16 for AES-128, 32 for AES-256
waves (np.array) – Optional array object for storing traces in
textins (np.array) – Optional array object for storing plaintexts in
- Returns
waves, textins
-
setup_device
(name)¶ Convience function for setting up and programing a CW/Target pair
- Parameters
name (str) – String representing the target configuration. Currently supports ‘STM32F3’, ‘CW305’, ‘XMEGA’, ‘STM32F3-mbed’, ‘K82F’, ‘STM32F4’
- Returns
Setup scope and target objects
-
test_cw_non_specific
(platform, key_len=16)¶ Test a platform’s non_specific traces
- Parameters
platform (str) – The target object’s name
key_len (int) – 16 for AES-128, 32 for AES-256