Masking class that provides functionality for masking and unmasking AES-decryption. More...

#include <masking.h>

Collaboration diagram for Masking:

Classes
struct	mask_t
	Structure for masks. Masks always come in pairs, with an input & output mask. More...

Public Member Functions
	Masking ()=default
	Construct a new Masking object.

void	init ()
	Initialize the masks & the masked inverse S-Box. More...

void	maskSubKeys (const sub_keys_t subKeys, sub_keys_t maskedSubKeys) const
	Mask the `subKeys` & store the masked keys in `maskedSubKeys`. More...

void	invMaskState (state_t state) const
	(Inverse) mask the state before the first AddRoundKey step. More...

void	invReMaskState (state_t state) const
	(Inverse) re-mask the state after every MixCol step. More...

void	invUnMaskState (state_t state) const
	(Inverse) un-mask the state after the last AddRoundKey step. More...

uint8_t	getInvMaskedSBoxValue (const uint8_t index) const
	Get a value of the (inverse) masked S-Box at a specific index. More...

Private Member Functions
void	initInvMaskedSBox (uint8_t maskedSBox[], const mask_t &subByteMask) const
	Compute the (inverse) masked S-Box. More...

void	initMixColInputMask (mask_t mixColMasks[]) const
	Compute masks m_i, i=1..4, by performing a MixCol operation on masks m_i'. More...

Private Attributes
uint8_t	mInvMaskedSBox [SBOX_BYTES]
	Inverse S-Box with masked values.

mask_t	mSubByteMask = {}
	SubByte input & output mask. More...

mask_t	mMixColMasks [4] = {}
	4 MixCol input & output masks. More...

RNG	mRNG
	Random-Number-Generator.

Logger	mLog
	Logger.

Detailed Description

Masking class that provides functionality for masking and unmasking AES-decryption.

The masking techniques used here are strongly based on the work presented by Mangard, Oswald & Popp in their book "Power Analysis Attacks: Revealing the Secrets of Smart Cards". The implementation presented on pp. 228 ff. for encryption was adjusted to fit the decryption that was implemented here.

Authors: Philipp Karg (phili.nosp@m.pp.k.nosp@m.arg@t.nosp@m.um.d.nosp@m.e)

Date: 28.06.2022

Copyright: Philipp Karg 2022

Member Function Documentation

◆ getInvMaskedSBoxValue()

uint8_t Masking::getInvMaskedSBoxValue ( const uint8_t index ) const

inline

Get a value of the (inverse) masked S-Box at a specific index.

Parameters

[in] index (const uint8_t): Index to get value for.

Returns: (uint8_t): The value at index.

◆ init()

void Masking::init ( )

Initialize the masks & the masked inverse S-Box.

Seed the Random-Number-Generator.
Create random m & m' masks.
Create the masked inverse S-Box, by calling initInvMaskedSBox().
Create random masks m_i', i=1..4.
Calculate the corresponding masks m_i, i=1..4 by calling initMixColInputMask().

◆ initInvMaskedSBox()

void Masking::initInvMaskedSBox	(	uint8_t	maskedSBox[],
		const mask_t &	subByteMask
	)		const

private

Compute the (inverse) masked S-Box.

Masking is done as follows: S_masked(x + m') = S(x) + m, where x is any index of the S-Box.

See also: "Power Analysis Attacks" by Mangard et. al. p. 228 ff.

Parameters

[out]	maskedSBox	(uint8_t*): The masked S-Box.
[in]	subByteMask	(const mask_t): Masks m & m'.

◆ initMixColInputMask()

void Masking::initMixColInputMask ( mask_t mixColMasks[] ) const

private

Compute masks m_i, i=1..4, by performing a MixCol operation on masks m_i'.

See also: "Power Analysis Attacks" by Mangard et. al. p. 228 ff.

Parameters

[in,out] mixColMasks ( mask_t): Masks m_i & m_i'.

◆ invMaskState()

void Masking::invMaskState ( state_t state ) const

(Inverse) mask the state before the first AddRoundKey step.

XOR the state with (m_i' ^ m ^ m'), i=1..4.

See also: "Power Analysis Attacks" by Mangard et. al. p. 228 ff.

Parameters

[in,out] state ( state_t): State to be masked.

◆ invReMaskState()

void Masking::invReMaskState ( state_t state ) const

(Inverse) re-mask the state after every MixCol step.

XOR the state with (m_i ^ m'), i=1..4.

See also: "Power Analysis Attacks" by Mangard et. al. p. 228 ff.

Parameters

[in,out] state ( state_t): State to be re-masked.

◆ invUnMaskState()

void Masking::invUnMaskState ( state_t state ) const

(Inverse) un-mask the state after the last AddRoundKey step.

XOR the state mit m_i', i=1..4.

See also: "Power Analysis Attacks" by Mangard et. al. p. 228 ff.

Parameters

[in,out] state ( state_t): State to be un-masked.

◆ maskSubKeys()

void Masking::maskSubKeys	(	const sub_keys_t	subKeys,
		sub_keys_t	maskedSubKeys
	)		const

Mask the subKeys & store the masked keys in maskedSubKeys.

XOR the original keys with masks (m_i' ^ m), i=1..4.

See also: "Power Analysis Attacks" by Mangard et. al. p. 228 ff.

Parameters

[in]	subKeys	(const sub_keys_t): Original sub-keys to be masked.
[out]	maskedSubKeys	( sub_keys_t): Masked sub-keys.

Member Data Documentation

◆ mMixColMasks

mask_t Masking::mMixColMasks[4] = {}

private

4 MixCol input & output masks.

In "Power Analysis Attacks" by Mangard et. al. p. 228 ff., the MixCol input masks are noted as m_i, while the output masks are noted as m_i', where i=1..4.

◆ mSubByteMask

mask_t Masking::mSubByteMask = {}

private

SubByte input & output mask.

In "Power Analysis Attacks" by Mangard et. al. p. 228 ff., the SubByte mask input mask is noted as m, while the output mask is noted as m'.

The documentation for this class was generated from the following file:

masking.h

Classes

Public Member Functions

Private Member Functions

Private Attributes

Detailed Description

Member Function Documentation

◆ getInvMaskedSBoxValue()

◆ init()

◆ initInvMaskedSBox()

◆ initMixColInputMask()

◆ invMaskState()

◆ invReMaskState()

◆ invUnMaskState()

◆ maskSubKeys()

Member Data Documentation

◆ mMixColMasks

◆ mSubByteMask