数据加密>> Jldfa>> 返回
项目作者: ceesb

项目描述 :
DFA scripts using Jlsca
高级语言: Julia
项目地址: git://github.com/ceesb/Jldfa.git
创建时间: 2018-06-01T17:44:07Z
项目社区:https://github.com/ceesb/Jldfa
开源协议:GNU General Public License v3.0
下载


What is it?

This is a small library for doing DFA (differental fault attacks). Currently supports fault attacks on AES and DES. The library uses Jlsca, my other toy project, and since it’s not part of METADATA you need to clone both:

  1. using Pkg; 
  2. Pkg.add(PackageSpec(url="https://github.com/Riscure/Jlsca"))

and then:

  1. Pkg.add(PackageSpec(url="https://github.com/ceesb/Jldfa"))

Check tests/dfa-aes-tests.jl on howto use for AES and test/dfa-des-tests.jl on how to use for DES. The tests read faulty outputs from a text file, so should be easy to adopt to your needs.

AES example

Needs a text file with a correct output in hex on the first line, and faulty outputs on subsequent lines.

  1. cat > myfaultyoutputs.txt << EOF
  2. 7eaa71a0f676c8dad2686874c850121e
  3. 093ce71ae62ba832c47ef13bd9841b47
  4. ead115974ac39ed1da9f58ee7e766f9a
  5. 502e848349e70a1663b9887294b1422e
  6. cbe1ea9bc4d80c6a5f02edde50be39b6
  7. fba5ff33a198bc0ae4d4a594bfe4e06e
  8. 931572c1b2cb769425abd818e6cec1c3
  9. 312a821d8493f81b896bab21903db23c
  10. a93374578563d4c726c4c8cc96de1964
  11. 6da5e623893b392b97eb9a7723e2e6a7
  12. f69077e76264598933e8e40b3b7b8dbf
  13. bee180e290df25bcbc4272f85dd10c54
  14. 110de3415754e618f087206f04529d5a
  15. 2fb481d1cf0fc3ef153eeb8e80b92b95
  16. 37f9b4fb26fb51f354ce637c0bfbdc30
  17. 48138cb7c1b86f1105946121cf350694
  18. 92c2413c9c61a7b167c286038d0f54a8
  19. 49952faa609ffffe48e2a3841df7694a
  20. ea85dd5c658921ee5000694ab1e95d2f
  21. EOF

Then, run this in Julia.

  1. using Jlsca:Aes
  2. using Jldfa
  4. a = AesDfaState()
  6. io = open(ARGS[1],"r")
  7. correct = hex2bytes(readline(io))
  9. while !eof(io)
  10.     faulty = hex2bytes(readline(io))
  11.     update!(a,faulty,correct)
  12. end
  14. close(io)
  16. recoveredrk = getKey(a)
  17. recoveredrk = Aes.ShiftRows(recoveredrk)
  18. recoveredkey = Aes.KeyExpansionBackwards(vec(recoveredrk), 10, 4)[1:16]
  20. print("recovered rk:         $(bytes2hex(recoveredrk))\n")
  21. print("recovered aes128 key: $(bytes2hex(recoveredkey))\n")
  24. (rows,cols,candidates) = size(a.scores)
  26. for row in 1:rows
  27.         for col in 1:cols
  28.                 sorted = sortperm(a.scores[row,col,:], rev=true)
  29.                 print("row $row, col $col\n") 
  30.                 for i in 1:5
  31.                         idx = sorted[i]
  32.                         val = a.scores[row,col,idx]
  33.                         print("\trank: $i, score $(val), kb 0x$(string(idx-1, base=16)),\n")
  34.                 end
  35.                 print("\n")
  36.         end
  37. end

Should print this:

  1. recovered rk:         ff28d15cae2bb5d9e68a0e760b08c2c6
  2. recovered aes128 key: 2b0b097b0538051017b276ff8f7313f4
  3. row 1, col 1
  4.         rank: 1, score 24, kb 0xff
  5.         rank: 2, score 15, kb 0x19
  6.         rank: 3, score 14, kb 0x3e
  7.         rank: 4, score 14, kb 0x56
  8.         rank: 5, score 14, kb 0xe5
  10. row 1, col 2
  11.         rank: 1, score 26, kb 0xae
  12.         rank: 2, score 17, kb 0x4e
  13.         rank: 3, score 16, kb 0x41
  14.         rank: 4, score 15, kb 0x40
  15.         rank: 5, score 15, kb 0xb7
  17. row 1, col 3
  18.         rank: 1, score 27, kb 0xe6
  19.         rank: 2, score 17, kb 0x57
  20.         rank: 3, score 17, kb 0xbc
  21.         rank: 4, score 16, kb 0xaa
  22.         rank: 5, score 16, kb 0xff
  24. row 1, col 4
  25.         rank: 1, score 24, kb 0xb
  26.         rank: 2, score 17, kb 0xe3
  27.         rank: 3, score 16, kb 0x1a
  28.         rank: 4, score 15, kb 0x4
  29.         rank: 5, score 15, kb 0x5a
  31. row 2, col 1
  32.         rank: 1, score 26, kb 0x8
  33.         rank: 2, score 17, kb 0xb
  34.         rank: 3, score 15, kb 0x48
  35.         rank: 4, score 15, kb 0xd4
  36.         rank: 5, score 14, kb 0x26
  38. row 2, col 2
  39.         rank: 1, score 23, kb 0x28
  40.         rank: 2, score 18, kb 0x1d
  41.         rank: 3, score 17, kb 0x89
  42.         rank: 4, score 16, kb 0x92
  43.         rank: 5, score 16, kb 0x9f
  45. row 2, col 3
  46.         rank: 1, score 25, kb 0x2b
  47.         rank: 2, score 17, kb 0x79
  48.         rank: 3, score 16, kb 0x8b
  49.         rank: 4, score 16, kb 0xc9
  50.         rank: 5, score 16, kb 0xe2
  52. row 2, col 4
  53.         rank: 1, score 24, kb 0x8a
  54.         rank: 2, score 19, kb 0x9c
  55.         rank: 3, score 17, kb 0x71
  56.         rank: 4, score 16, kb 0xbf
  57.         rank: 5, score 16, kb 0xee
  59. row 3, col 1
  60.         rank: 1, score 23, kb 0xe
  61.         rank: 2, score 16, kb 0xc
  62.         rank: 3, score 16, kb 0x26
  63.         rank: 4, score 16, kb 0x94
  64.         rank: 5, score 16, kb 0xd2
  66. row 3, col 2
  67.         rank: 1, score 24, kb 0xc2
  68.         rank: 2, score 18, kb 0x64
  69.         rank: 3, score 16, kb 0xc
  70.         rank: 4, score 16, kb 0x15
  71.         rank: 5, score 16, kb 0x79
  73. row 3, col 3
  74.         rank: 1, score 22, kb 0xd1
  75.         rank: 2, score 19, kb 0x2b
  76.         rank: 3, score 18, kb 0x25
  77.         rank: 4, score 18, kb 0xea
  78.         rank: 5, score 16, kb 0x2d
  80. row 3, col 4
  81.         rank: 1, score 23, kb 0xb5
  82.         rank: 2, score 20, kb 0xe
  83.         rank: 3, score 18, kb 0xb2
  84.         rank: 4, score 18, kb 0xb8
  85.         rank: 5, score 17, kb 0x91
  87. row 4, col 1
  88.         rank: 1, score 24, kb 0xd9
  89.         rank: 2, score 18, kb 0x18
  90.         rank: 3, score 16, kb 0x20
  91.         rank: 4, score 15, kb 0x15
  92.         rank: 5, score 15, kb 0x65
  94. row 4, col 2
  95.         rank: 1, score 22, kb 0x76
  96.         rank: 2, score 17, kb 0xa2
  97.         rank: 3, score 16, kb 0xee
  98.         rank: 4, score 15, kb 0x4a
  99.         rank: 5, score 15, kb 0x9f
  101. row 4, col 3
  102.         rank: 1, score 30, kb 0xc6
  103.         rank: 2, score 18, kb 0xfd
  104.         rank: 3, score 17, kb 0x85
  105.         rank: 4, score 16, kb 0xf8
  106.         rank: 5, score 15, kb 0x73
  108. row 4, col 4
  109.         rank: 1, score 24, kb 0x5c
  110.         rank: 2, score 18, kb 0x18
  111.         rank: 3, score 17, kb 0x37
  112.         rank: 4, score 15, kb 0x12
  113.         rank: 5, score 15, kb 0x30

Take a look at tests/dfa-aes-tests.jl if you want to see how to generate these faults.

DES example

Take a look at test/dfa-des-tests.jl. Code is a bit more involved since it recovers two round keys.