https://github.com/clarus/finja

Fork of https://gitorious.org/sensi/finja
https://github.com/clarus/finja

Last synced: 7 days ago
JSON representation

Fork of https://gitorious.org/sensi/finja

• Host: GitHub
• URL: https://github.com/clarus/finja
• Owner: clarus
• Created: 2014-05-06T15:32:52.000Z (about 11 years ago)
• Default Branch: master
• Last Pushed: 2014-05-06T15:33:45.000Z (about 11 years ago)
• Last Synced: 2025-02-16T14:24:52.312Z (4 months ago)
• Language: OCaml
• Size: 199 KB
• Stars: 1
• Watchers: 3
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README

Awesome Lists containing this project

README

        

          +=----------------------------------------=+

          | finja: fault injection analysis          |

          | http://pablo.rauzy.name/sensi/finja.html |

          +=----------------------------------------=+

The finja (fault injection analysis) tool is being developed as

part of my PhD work. It helps me to formally analyse some kinds

of fault injection attacks and countermeasures against them. It

uses modular arithmetic as a framework since it was first

developped to analyse BellCoRe attacks on CRT-RSA computations.

INTSALL

=======

- finja depends on:

  - OCaml  3.12.1+

  - Batteries  2.1+

  - menhir 

  - Sexplib 

  These dependencies can easily be installed using the OCaml

  Package Manager, OPAM .

- Once the dependencies are installed, compile finja with:

    ocamlbuild -use-ocamlfind finja.native

USAGE

=====

- Command line options:

  finja [options] 

    -o  HTML report (defaults to input-file.html)

    -l Only check syntax

    -a Only simplify the input term (no attacks)

    -s Print only successful attacks in the html report

    -t Enable transient faults (default is only permanent fault)

    -r Inject randomizing fault (default)

    -z Inject zeroing fault

    -n Specify the number of faults (default is 1).

       If specified, you can use the -r or -z option for each

       fault (last one is repeated).

- Input file formats:

  Input files are text files (which use the .fia extension by

  convention) which first contain a description of the

  computation term to analyze, then a line with a single '%%'

  symbol, then an attack success condition.

  The BNF of the syntax is given below.

    fia     ::= term '%%' cond

    term    ::= ( stmt )* 'return' mp_expr ';'

    stmt    ::= ( decl | assign | verif ) ';'

    decl    ::= 'noprop' mp_var ( ',' mp_var )*

              | 'prime' mp_var ( ',' mp_var )*

    assign  ::= var ':=' mp_expr

    verif   ::= 'if' mp_cond 'abort with' mp_expr

    mp_expr ::= '{' expr '}' | expr

    expr    ::= '(' mp_expr ')'

              | '0' | '1' | var

              | '-' mp_expr

              | mp_expr '+' mp_expr

              | mp_expr '-' mp_expr

              | mp_expr '*' mp_expr

              | mp_expr '^' mp_expr

              | mp_expr 'mod' mp_expr

    mp_cond ::= '{' cond '}' | cond

    cond    ::= '(' mp_cond ')'

              | mp_expr '=' mp_expr

              | mp_expr '!=' mp_expr

              | mp_expr '=[' mp_expr ']' mp_expr

              | mp_expr '!=[' mp_expr ']' mp_expr

              | mp_cond '/\' mp_cond

              | mp_cond '\/' mp_cond

    mp_var  ::= '{' var '}' | var

    var     ::= [a-zA-Z][a-zA-Z0-9_']*

  The "mp" in "mp_var", "mp_expr" and "mp_cond" stands for

  "maybe protected". A variable name at declaration time, an

  expression, or a condition surrounded by "{" and "}" can't be

  faulted.

  The attack success condition can use all the variables

  introduced in the computation term, plus two special variables

  "_" and "@" which respectively represent the returned

  expression of the computation term as given in the input file,

  and the returned expression of the computation term with

  injected faults.

  Examples of input files can be found in the "tests" directory.