crypto improvements

[CreateRemoteThread]

This framework needs wider support for different crypto primitives (or at least a way to work out whether they fit or not).

• des large keys
• aes192,aes256
• masked aes, second order trickery
• point multiplication (see donjonctf 2021 side channel)

I'm not sure how to manage this high-level. Maybe using the CW approach of scripts for each attack is correct.

[CreateRemoteThread]

AES / DES and friends

• AES 192/AES 256 forward sbox now supported (todo: port to other models).

  • To specify the first round key, use --opt knownKey:<hex_string_of_known_key> and ignore the bits of the second round key you don't need

• Last round backwards model also supported. Use ChipWhisperer's key calculator to reverse the key schedule

• nddla.py (non-profiled deep learning) works vs masked AES, and can load other attack models, but either needs manual adjustment of hyperparameters - or implement automated sensitivity analysis (todo)

• template attacks now work, but require significant model-specific fixes (e.g. cherrypicker.py).

  • can we reliably detect masking in a black-box scenario?
  • more broadly, how well can we detect code segments?

• 32-bit hardware accelerated AES (cw308_target, stm32f215) not yet working. Can cleanly spot the "encryption bracket" via PT / CT tlva, but can't recover the key.