From 1b0d7f9bb40814f34c6c72c30b54ea9191af69a8 Mon Sep 17 00:00:00 2001 From: Pirmin Vogel Date: Fri, 12 Jan 2024 13:26:01 +0000 Subject: [PATCH 1/2] [tvla] Enable passing lists of selected rounds/bytes for specific AES Previously, we could only: - compute all rounds and all bytes - select individual rounds but all bytes and vice versa - select one round and one byte This commit enables passing a list of bytes and rounds. All combinations of the combined lists are then evaluated, e.g. --round-select 0 --round-select 1 --byte-select 0 --byte-select 15 will evaluate Bytes 0 and 15 in both Round 0 and Round 1, i.e., there will be for tests. This is helps reducing the memory consumption and compute load if only few rounds or bytes need to be analyzed as well as for CI. Signed-off-by: Pirmin Vogel --- .../tvla_cfg_aes_specific_byte0_rnd0.yaml | 4 +- analysis/tvla.py | 39 ++++++++++++------- .../ci_tvla_cfg_aes_specific_byte0_rnd0.yaml | 4 +- 3 files changed, 28 insertions(+), 19 deletions(-) diff --git a/analysis/configs/tvla_cfg_aes_specific_byte0_rnd0.yaml b/analysis/configs/tvla_cfg_aes_specific_byte0_rnd0.yaml index 7a74e3c8..e4c68706 100644 --- a/analysis/configs/tvla_cfg_aes_specific_byte0_rnd0.yaml +++ b/analysis/configs/tvla_cfg_aes_specific_byte0_rnd0.yaml @@ -5,8 +5,8 @@ trace_end: null leakage_file: null save_to_disk: null save_to_disk_ttest: null -round_select: 0 -byte_select: 0 +round_select: [0] +byte_select: [0] input_histogram_file: null output_histogram_file: null number_of_steps: 1 diff --git a/analysis/tvla.py b/analysis/tvla.py index d60ea430..d5517559 100755 --- a/analysis/tvla.py +++ b/analysis/tvla.py @@ -255,22 +255,25 @@ def run_tvla(ctx: typer.Context): general_test = (cfg["mode"] == "kmac" or cfg["mode"] == "otbn" or cfg["mode"] == "sha3" or cfg["general_test"] is True) + aes_num_rnds = 11 + aes_num_bytes = 16 + if general_test: # We don't care about the round select or byte select in this mode. # Set them to 0 for code compatibility. rnd_list = [0] byte_list = [0] else: - if cfg["round_select"] is None: - rnd_list = list(range(11)) + if not cfg["round_select"]: + rnd_list = list(range(aes_num_rnds)) else: - rnd_list = [int(cfg["round_select"])] - if cfg["byte_select"] is None: - byte_list = list(range(16)) + rnd_list = cfg["round_select"] + if not cfg["byte_select"]: + byte_list = list(range(aes_num_bytes)) else: - byte_list = [int(cfg["byte_select"])] - assert all(rnd >= 0 and rnd < 11 for rnd in rnd_list) - assert all(byte >= 0 and byte < 16 for byte in byte_list) + byte_list = cfg["byte_select"] + assert all(rnd >= 0 and rnd < aes_num_rnds for rnd in rnd_list) + assert all(byte >= 0 and byte < aes_num_bytes for byte in byte_list) num_rnds = len(rnd_list) num_bytes = len(byte_list) @@ -1021,11 +1024,13 @@ def run_tvla(ctx: typer.Context): help_save_to_disk_ttest = inspect.cleandoc("""Save t-test files to disk. Ignored when ttset-step-file is not None. Default: """ + str(default_save_to_disk_ttest)) help_round_select = inspect.cleandoc("""Index of the AES round for which the histograms are to be - computed: 0-10. If not provided, the histograms for all AES rounds are computed. Default: - """ + str(default_round_select)) + computed: 0-10. If not provided, the histograms for all AES rounds are computed. To select + multiple but not all rounds, specify the argument once per selected round, e.g., + "--round-select 0 --round-select 1". Default: """ + str(default_round_select)) help_byte_select = inspect.cleandoc("""Index of the AES state byte for which the histograms are to - be computed: 0-15. If not provided, the histograms for all AES state bytes are computed. - Default: """ + str(default_byte_select)) + be computed: 0-15. If not provided, the histograms for all AES state bytes are computed. To + select multiple but not all bytes, specify the argument once per selected byte, e.g., + "--byte-select 0 --byte-select 1". Default: """ + str(default_byte_select)) help_input_histogram_file = inspect.cleandoc("""Name of the input file containing the histograms. Not required. If both -input_histogram_file and -output_histogram_file are provided, the input file is appended with more data to produce the output file. @@ -1066,8 +1071,8 @@ def main(ctx: typer.Context, leakage_file: str = typer.Option(None, help=help_leakage_file), save_to_disk: bool = typer.Option(None, help=help_save_to_disk), save_to_disk_ttest: bool = typer.Option(None, help=help_save_to_disk_ttest), - round_select: int = typer.Option(None, help=help_round_select), - byte_select: int = typer.Option(None, help=help_byte_select), + round_select: list[int] = typer.Option(None, help=help_round_select), + byte_select: list[int] = typer.Option(None, help=help_byte_select), input_histogram_file: str = typer.Option(None, help=help_input_histogram_file), output_histogram_file: str = typer.Option(None, help=help_output_histogram_file), number_of_steps: int = typer.Option(None, help=help_number_of_steps), @@ -1098,11 +1103,15 @@ def main(ctx: typer.Context, # Overwrite options from CLI, if provided. for v in ['project_file', 'trace_file', 'trace_start', 'trace_end', 'leakage_file', - 'save_to_disk', 'save_to_disk_ttest', 'round_select', 'byte_select', + 'save_to_disk', 'save_to_disk_ttest', 'input_histogram_file', 'output_histogram_file', 'number_of_steps', 'ttest_step_file', 'plot_figures', 'general_test', 'mode', 'filter_traces']: run_cmd = f'''if {v} is not None: cfg[v] = {v}''' exec(run_cmd) + # The list arguments need to be handled a bit differently. + for v in ['round_select', 'byte_select']: + run_cmd = f'''if {v}: cfg[v] = {v}''' + exec(run_cmd) if not os.path.exists(str(script_dir) + "/tmp"): os.makedirs(str(script_dir) + "/tmp") diff --git a/ci/cfg/ci_tvla_cfg_aes_specific_byte0_rnd0.yaml b/ci/cfg/ci_tvla_cfg_aes_specific_byte0_rnd0.yaml index 879b3623..004cd57f 100644 --- a/ci/cfg/ci_tvla_cfg_aes_specific_byte0_rnd0.yaml +++ b/ci/cfg/ci_tvla_cfg_aes_specific_byte0_rnd0.yaml @@ -5,8 +5,8 @@ trace_end: null leakage_file: null save_to_disk: null save_to_disk_ttest: null -round_select: 0 -byte_select: 0 +round_select: [0] +byte_select: [0] input_histogram_file: null output_histogram_file: null number_of_steps: 1 From 50b30b2553990294baceedd1f6f77b38ac88482d Mon Sep 17 00:00:00 2001 From: Pirmin Vogel Date: Fri, 12 Jan 2024 13:42:14 +0000 Subject: [PATCH 2/2] [ci] Add job for byte-specific AES TVLA and with multiple steps This is related to lowRISC/ot-sca#287. Signed-off-by: Pirmin Vogel --- ci/azure-pipelines.yml | 10 ++++++++++ ...la_cfg_aes_specific_byte_0_15_rnd_0_1.yaml | 19 +++++++++++++++++++ 2 files changed, 29 insertions(+) create mode 100644 ci/cfg/ci_tvla_cfg_aes_specific_byte_0_15_rnd_0_1.yaml diff --git a/ci/azure-pipelines.yml b/ci/azure-pipelines.yml index d8febbb8..cb16d274 100644 --- a/ci/azure-pipelines.yml +++ b/ci/azure-pipelines.yml @@ -154,6 +154,16 @@ jobs: - publish: ./ci/projects/aes_sca_random_cw305.html artifact: traces_aes_random_cw305 displayName: "Upload AES Random traces" + - bash: | + set -e + pushd ci + ../analysis/tvla.py --cfg-file cfg/ci_tvla_cfg_aes_specific_byte_0_15_rnd_0_1.yaml run-tvla + popd + displayName: "Perform specific TVLA on AES Random traces" + continueOnError: True + - publish: ./ci/tmp/figures + artifact: tvla_figures_aes_specific + displayName: "Upload figures of specific TVLA for AES." - job: kmac_sca_capture_cw310 displayName: "Capture KMAC SCA traces (CW310)" timeoutInMinutes: 30 diff --git a/ci/cfg/ci_tvla_cfg_aes_specific_byte_0_15_rnd_0_1.yaml b/ci/cfg/ci_tvla_cfg_aes_specific_byte_0_15_rnd_0_1.yaml new file mode 100644 index 00000000..c9d76ed2 --- /dev/null +++ b/ci/cfg/ci_tvla_cfg_aes_specific_byte_0_15_rnd_0_1.yaml @@ -0,0 +1,19 @@ +project_file: projects/aes_sca_random_cw305 +trace_file: null +trace_start: null +trace_end: null +leakage_file: null +save_to_disk: null +save_to_disk_ttest: true +round_select: [0, 1] +byte_select: [0, 15] +input_histogram_file: null +output_histogram_file: null +number_of_steps: 4 +ttest_step_file: null +plot_figures: true +general_test: false +mode: aes +filter_traces: false +sample_start: 0 +num_samples: 300