Commit c12bc361 authored by YUSHIQIAN's avatar YUSHIQIAN

fix index is not initialized 0

parent 15abe4c4
......@@ -60,10 +60,13 @@ int p_table[32] = {
};
tr_context ctx; /* Trace context (see traces.h) */
int best_guess[32]; /* Best guess */
int best_idx[32]; /* Best argmax */
float best_max[32]; /* Best max sample value */
int best_guess[32][2]; /* Best guess */
int best_idx[32][2]; /* Best argmax */
float best_max[32][2]; /* Best max sample value */
float *dpa[64]; /* 64 DPA traces */
int nBest = 2;
int nBytes = 8;
int nBits = 6;
/* A function to allocate cipher texts and power traces, read the
* datafile and store its content in allocated context. */
......@@ -95,6 +98,9 @@ main (int argc, char **argv)
int target_bit; /* Index of target bit. */
int target_sbox; /* Index of target SBox. */
printf("%f\n", pow(4 * nBest, nBytes));
uint64_t subkey[][9] = {{0}, {0}, {0}, {0}, {0}, {0}, {0}, {0}, {0}}; /* subkey 48 bits for every round */
/************************************************************************/
/* Before doing anything else, check the correctness of the DES library */
/************************************************************************/
......@@ -141,15 +147,14 @@ main (int argc, char **argv)
* the average power trace, type: $ gnuplot -persist average.cmd
*****************************************************************************/
average ("average");
if (target_bit == 0){
int ordered_best_guess[8][4]; /* Best guess */
int ordered_best_idx[8][4]; /* Best argmax */
float ordered_best_max[8][4]; /* Best max sample value */
int ordered_target_bit[8][4];
int ordered_best_guess[8][4 * nBest]; /* Best guess */
int ordered_best_idx[8][4 * nBest]; /* Best argmax */
float ordered_best_max[8][4 * nBest]; /* Best max sample value */
int ordered_target_bit[8][4 * nBest];
char *key_bits[8] = {"1-6", "7-12", "13-18", "19-24", "25-30", "31-36", "37-42", "43-48"};
int sbox_idx[8] = {0};
int sbox_idx[8] = {0,0,0,0,0,0,0,0};
int i = 0;
int j = 0;
......@@ -160,7 +165,7 @@ main (int argc, char **argv)
/* Compute index of corresponding SBox */
target_sbox = (p_table[i - 1] - 1) / 4 + 1;
printf ("targetting bit %d sbox %d index %d\n", i, target_sbox, sbox_idx[target_sbox]);
printf ("targetting bit %d sbox %d index %d\n", i, target_sbox, sbox_idx[target_sbox-1]);
/***************************************************************
......@@ -168,14 +173,19 @@ main (int argc, char **argv)
***************************************************************/
dpa_attack (i);
ordered_best_guess[target_sbox-1][sbox_idx[target_sbox-1]] = best_guess[i-1];
ordered_best_max[target_sbox-1][sbox_idx[target_sbox-1]] = best_max[i-1];
ordered_best_idx[target_sbox-1][sbox_idx[target_sbox-1]] = best_idx[i-1];
ordered_target_bit[target_sbox-1][sbox_idx[target_sbox-1]] = i;
sbox_idx[target_sbox-1]++;
printf ("end.....\n");
}
for (j = 0; j < nBest; j++)
{
ordered_best_guess[target_sbox-1][sbox_idx[target_sbox-1]] = best_guess[i-1][j];
ordered_best_max[target_sbox-1][sbox_idx[target_sbox-1]] = best_max[i-1][j];
ordered_best_idx[target_sbox-1][sbox_idx[target_sbox-1]] = best_idx[i-1][j];
sbox_idx[target_sbox-1]++;
}
printf ("end.....%d\n", sbox_idx[target_sbox-1]);
} /* end of 32 bits */
/*****************
......@@ -183,21 +193,27 @@ main (int argc, char **argv)
*****************/
printf ("DES chart.................\n");
int w = 20;
uint64_t subkey[(int)pow(4, 8)][8+1]; /* subkey 48 bits for every round */
int nBytes = 8;
int nBits = 6;
printf ("%*s%*s%*s%*s%*s\n", w, "key bits", w, "best guess", w, "target bit", w, "max amplitue", w, "max index");
for (i = 0; i < 8; i++) /* for every sbox */
for (i = 0; i < nBytes; i++) /* for every sbox */
{
for (j = 0; j < 4; j++) /* for every best key guess */
for (j = 0; j < 4; j++)
{
printf ("%*s%10d (0x%02x)%20d%20.2f%20d\n", w, key_bits[i], ordered_best_guess[i][j], ordered_best_guess[i][j],
ordered_target_bit[i][j], ordered_best_max[i][j]*1000, ordered_best_idx[i][j]);
for (k = 0; k < (int)pow(4, j); k++)
printf ("%*s%10d (0x%02x),%d (0x%02x)%10d%15.2f,%5.2f%16d,%d\n", w, key_bits[i],
ordered_best_guess[i][2*j], ordered_best_guess[i][2*j],
ordered_best_guess[i][2*j+1], ordered_best_guess[i][2*j+1],
ordered_target_bit[i][2*j],
ordered_best_max[i][2*j]*1000, ordered_best_max[i][2*j+1]*1000,
ordered_best_idx[i][2*j],ordered_best_idx[i][2*j+1]);
}
printf("print end\n");
for (j = 0; j < 4 * nBest; j = j + 2) /* for every best key guess of every target key */
{
for (k = 0; k < (int)pow(4 * nBest, i); k++)
{
subkey[j*(int)pow(4, j) + k][j+1] = subkey[k][j] | ((uint64_t)ordered_best_guess[i][j] << ((nBytes-j-1) * nBits));
subkey[j*(int)pow(4 * nBest, i) + k][i+1] = subkey[k][i] | ((uint64_t)ordered_best_guess[i][j] << ((nBytes-i-1) * nBits));
}
}
}
......@@ -211,12 +227,13 @@ main (int argc, char **argv)
printf ("the right round key is 0x%llx\n", ks[15]);
for (i = 0; i < (int)pow(4, 8); i++)
for (i = 0; i < (int)pow(4*nBest, 8); i++)
{
if (subkey[i][nBytes] == ks[15])
{
/* If guessed 16th round key matches actual 16th round key */
printf ("We got it!!!\n"); /* Cheers */
printf ("We got it!!! the secret key is 0x%llx\n", subkey[i][nBytes]); /* Cheers */
break;
}
/*
else
......@@ -238,9 +255,9 @@ main (int argc, char **argv)
printf ("Target bit: %d\n", target_bit);
printf ("Target SBox: %d\n", target_sbox);
printf ("Best guess: %d (0x%02x)\n", best_guess[target_bit-1], best_guess[target_bit-1]);
printf ("Maximum of DPA trace: %e\n", best_max[target_bit-1]);
printf ("Index of maximum in DPA trace: %d\n", best_idx[target_bit-1]);
printf ("Best guess: %d (0x%02x),%d (0x%02x)\n", best_guess[target_bit-1][0], best_guess[target_bit-1][0], best_guess[target_bit-1][1], best_guess[target_bit-1][1]);
printf ("Maximum of DPA trace: %e,%e\n", best_max[target_bit-1][0], best_max[target_bit-1][1]);
printf ("Index of maximum in DPA trace: %d,%d\n", best_idx[target_bit-1][0], best_idx[target_bit-1][1]);
printf ("DPA traces stored in file 'dpa.dat'. In order to plot them, type:\n");
printf ("$ gnuplot -persist dpa.cmd\n");
......@@ -253,7 +270,7 @@ main (int argc, char **argv)
* and heaxdecimal forms of the 6 bits best guess.
*****************************************************************************/
/* Plot DPA traces in dpa.dat, gnuplot commands in dpa.cmd */
tr_plot (ctx, "dpa", 64, best_guess[target_bit-1], dpa);
tr_plot (ctx, "dpa", 64, best_guess[target_bit-1][0], dpa);
}
/*************************
......@@ -336,7 +353,7 @@ dpa_attack (int target_bit)
int i; /* Loop index */
int n; /* Number of traces. */
int g; /* Guess on a 6-bits subkey */
int idx; /* Argmax (index of sample with maximum value in a trace) */
int idx = 0;; /* Argmax (index of sample with maximum value in a trace) */
int d[64]; /* Decisions on the target bit */
float *t; /* Power trace */
......@@ -382,9 +399,14 @@ dpa_attack (int target_bit)
}
} /* End for guesses */
} /* End for experiments */
best_guess[target_bit-1] = 0; /* Initialize best guess */
best_max[target_bit-1] = 0.0; /* Initialize best maximum sample */
best_idx[target_bit-1] = 0; /* Initialize best argmax (index of maximum sample) */
best_guess[target_bit-1][0] = 0; /* Initialize best guess */
best_max[target_bit-1][0] = 0.0; /* Initialize best maximum sample */
best_idx[target_bit-1][0] = 0; /* Initialize best argmax (index of maximum sample) */
best_guess[target_bit-1][1] = 0; /* Initialize best guess */
best_max[target_bit-1][1] = 0.0; /* Initialize best maximum sample */
best_idx[target_bit-1][1] = 0; /* Initialize best argmax (index of maximum sample) */
for (g = 0; g < 64; g++) /* For all guesses for 6-bits subkey */
{
tr_scalar_div (ctx, t0[g], t0[g], (float) (n0[g])); /* Normalize zero-set */
......@@ -403,28 +425,19 @@ dpa_attack (int target_bit)
}
}
for (ikey = 0; ikey < keyCandidates; ikey++){
for (jkey = ikey+1; jkey < keyCandidates; jkey++){
if (pcc[ikey] < pcc[jkey]){
tmp = pcc[ikey];
idxTmp = idxKey[ikey];
pcc[ikey] = pcc[jkey];
idxKey[ikey] = idxKey[jkey];
pcc[jkey] = tmp;
idxKey[jkey] = idxTmp;
}
}
}
/* pick two maximum dpa */
max = tr_max (ctx, tmp_dpa, &idx); /* Get max and argmax of DPA trace */
if (max > best_max[target_bit-1] || g == 0) /* If better than current best max (or if first guess) */
if (max > best_max[target_bit-1][0] || g == 0) /* If better than current best max (or if first guess) */
{
best_max[target_bit-1] = max; /* Overwrite best max with new one */
best_idx[target_bit-1] = idx; /* Overwrite best argmax with new one */
best_guess[target_bit-1] = g; /* Overwrite best guess with new one */
best_max[target_bit-1][1] = best_max[target_bit-1][0];
best_idx[target_bit-1][1] = best_idx[target_bit-1][0];
best_guess[target_bit-1][1] = best_guess[target_bit-1][0];
best_max[target_bit-1][0] = max; /* Overwrite best max with new one */
best_idx[target_bit-1][0] = idx; /* Overwrite best argmax with new one */
best_guess[target_bit-1][0] = g; /* Overwrite best guess with new one */
}
} /* End for all guesses */
/* Free allocated traces */
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment