fc-sim-sniff: doc/Sniffer-FPGA-design annotate

annotate doc/Sniffer-FPGA-design @ 5:07c5aac6e84f

doc: add ISO7816-specs pointer article

author	Mychaela Falconia <falcon@freecalypso.org>
date	Sat, 29 Jul 2023 07:53:49 +0000
parents	b275c69c1b80
children	41e6026e5d1a

rev	line source
4 b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	1 The first FPGA gateware function to be implemented in the SIMtrace-ice project
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	2 is the passive sniffer: receiving level-shifted SIM RST, CLK and I/O signals
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	3 from the 74LVC4T3144 buffer and capturing all exchanges that happen on the SIM
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	4 interface between a DUS and a SIM.
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	5
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	6 The sniffer FPGA logic function will be implemented on the inexpensive off-the-
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	7 shelf Icestick board, featuring an iCE40HX1K FPGA and an FT2232H-based USB host
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	8 interface. This FPGA logic function will operate principally as a byte
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	9 forwarder from the ISO 7816-3 sniffer block to the FT2232H UART: every time the
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	10 bus sniffer block captures a character (in ISO 7816-3 terminology) being passed
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	11 on the SIM electrical interface in either direction (the two directions of
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	12 transmission are indistinguishable to a tap sniffer that does not actively
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	13 participate in the protocol), the FPGA will forward this character to the
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	14 connected host computer (by way of FT2232H UART) for further processing in
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	15 software. The UART data line going from the FPGA to the FT2232H will be the
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	16 sole functional output from this FPGA, beyond debug outputs being added during
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	17 logic development and troubleshooting. The other UART data line going the
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	18 opposite direction (output from FT2232H) will remain unused, i.e., the host
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	19 software application will only read/receive from the ttyUSBx FPGA device and
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	20 won't send anything to it. All modem control lines on this UART interface will
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	21 likewise remain unused.
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	22
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	23 Serial interface format
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	24 =======================
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	25
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	26 For every ISO 7816-3 character captured by the sniffer, two back-to-back UART
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	27 bytes will be transferred from the FPGA to the host computer; more generally,
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	28 the FPGA will only transmit pairs of back-to-back bytes on this UART and no
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	29 singletons or other arrangements - thus the host receiver can always recover
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	30 synchronization by dropping any partially received two-byte message (the first
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	31 byte of an expected pair) during prolonged pauses. The FPGA will transmit the
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	32 two back-to-back UART bytes as a single shift-out of 20 bits, conveying two
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	33 bytes in 8N1 framing.
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	34
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	35 Why are we turning every captured ISO 7816-3 character into a pair of bytes on
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	36 our internal UART interface, why not simply forward it as a single byte? The
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	37 reason is that we need to pass some additional bits beyond the 8 that comprise
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	38 the ISO 7816-3 character payload; the additional bits which we need to pass are
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	39 as follows:
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	40
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	41 - the received parity bit;
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	42 - a flag indicating whether or not an error signal (ISO 7816-3 section 7.3)
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	43 was seen;
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	44 - additional flag bits communicating SIM RST assertion and negation events,
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	45 as distinct from ISO 7816-3 characters;
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	46 - an additional flag indicating an action of the integrated PPS catcher state
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	47 machine, to be described later in this document.
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	48
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	49 Assertion or negation of SIM RST is the only other possible event (besides ISO
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	50 7816-3 character capture, with or without attendant PPS catcher state machine
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	51 action) that can cause the FPGA to send a byte-pair UART message to the host
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	52 computer. One bit in the 16-bit message will distinguish between characters
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	53 and RST events, another bit will indicate the state of RST at the time of the
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	54 event (new RST for transitions, 1 for characters), and all other bits are
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	55 meaningful only for characters.
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	56
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	57 Clocking design
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	58 ===============
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	59
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	60 The FPGA on the Icestick board receives a 12 MHz clock input; the on-chip PLL
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	61 will be used to multiply this clock by 4, producing a 48 MHz system clock.
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	62 This 48 MHz SYSCLK will be used for the entirety of the present logic design -
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	63 a single-clock fully synchronous design is the best current practice.
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	64
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	65 The 3 inputs to the FPGA coming from the SIM electrical sniffer (buffered and
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	66 level-shifted SIM RST, CLK and I/O lines) will pass through two cascaded DFFs,
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	67 bringing them into our internal clock domain. The delay added by these cascaded
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	68 DFFs is not a concern: we are a passive sniffer without any output back to the
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	69 SIM interface, and all 3 signal inputs will be subject to the same delay.
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	70
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	71 The baud rate on the UART interface between the FPGA and the FT2232H converter
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	72 will be 3000000 bps. The UART output block in the FPGA will use a simple /16
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	73 divider from SYSCLK to time its output bits; future derivative designs that will
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	74 use the UART interface bidirectionally (such as the planned card emulator FPGA
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	75 design) will use SYSCLK directly as the 16x clock for UART reception. This
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	76 high (and very non-RS232-standard) UART baud rate was chosen for the following
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	77 reasons:
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	78
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	79 * Our UART interface is totally private, going nowhere but the on-board FT2232H,
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	80 thus it doesn't matter if the baud rate is standard-ish or totally
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	81 non-standard.
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	82
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	83 * No cables of any kind are used, instead the UART interface is confined to
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	84 short PCB traces running between the FPGA and the FTDI chip on the same board
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	85 - hence high baud rates are not a problem.
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	86
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	87 * Our UART baud rate needs to be high enough to provide good margin, despite
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	88 our 2x expansion, at the highest possible effective bps rate on the SIM
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	89 interface, meaning the highest possible SIM CLK frequency and the most
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	90 aggressive F/D ratio. The combination of SIM CLK at 5 MHz, F=512 and D=64
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	91 corresponds to 625000 bps effective on the SIM interface; running our UART at
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	92 3 Mbps provides sufficient margin.
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	93
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	94 ISO 7816-3 sniffer block
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	95 ========================
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	96
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	97 Our ISO 7816-3 receiver will trigger on the falling edge of the I/O line. Once
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	98 it detects a high-to-low transition on the SYSCLK-synchronized SIM_IO input, it
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	99 will start counting SIM CLK cycles - we are arbitrarily choosing low-to-high
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	100 transition of SYSCLK-synchronized SIM_CLK input as the trigger point. (This
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	101 choice is arbitrary because per the spec there is no defined phase relation
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	102 between SIM CLK and SIM I/O transitions.) Our ISO 7816-3 receiver will need to
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	103 know how many SIM CLK cycles constitute one etu - or more precisely, our
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	104 sniffing receiver will operate in half-etu counts, as we need to measure 0.5 etu
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	105 to get from the initial falling edge on the I/O line to the mid-etu data
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	106 sampling point. Following the session-opening low-to-high transition on the RST
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	107 line, our half-etu register will be set to 8'd186, corresponding to F/D=372.
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	108 Our PPS catcher state machine will then overwrite this register with a smaller
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	109 value based on the captured PPS exchange.
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	110
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	111 Direct and inverse coding conventions
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	112 =====================================
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	113
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	114 Only the card and not the DUS (interface device in ISO 7816-3 terminology)
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	115 determines which coding convention is used, direct or inverse. So far we
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	116 (FreeCalypso) have not yet encountered a real-life SIM that uses the inverse
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	117 convention, only the direct convention kind. In the sniffer function of
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	118 SIMtrace-ice, we are going to keep our FPGA gateware simple in this regard and
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	119 punt all inverse convention handling to the software application on the host
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	120 computer: the FPGA will pass the 9 received bits (8 data bits and 1 parity bit)
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	121 to the 16-bit UART message as-is, without inverting or reordering them.
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	122
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	123 Integrated PPS catcher
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	124 ======================
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	125
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	126 The logic described so far will be sufficient to capture all exchanges on the
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	127 SIM interface between a DUS and a SIM if the etu-defining F/D ratio is never
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	128 switched from the basic default of 372. However, given that most SIM cards of
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	129 interest to us (our own FCSIM1, as well as SIMs issued by various commercial
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	130 operators) support Fi=512 Di=8 or higher, and given that even very classic
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	131 implementations of GSM ME (including our dear Calypso) support this F=512 D=8
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	132 speed enhancement mode endorsed by GSM 11.11 spec, many real-life DUS-to-SIM
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	133 sessions (which we would like to sniff and trace) will include a PPS exchange
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	134 switching to a smaller number of SIM CLK cycles per etu.
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	135
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	136 The main difficulty with capturing SIM interface sessions that use speed
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	137 enhancement is as follows: in order for the session capture to be complete,
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	138 without any lost bits, the sniffing receiver's knowledge of how many SIM CLK
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	139 cycles constitute a half-etu needs to change to the new value at exactly the
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	140 correct moment in time, which is the moment immediately after the last byte
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	141 (PCK) of the SIM's PPS response passes across the wire. If we were to rely on
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	142 host software to decode all byte exchanges up to this point (ATR from the SIM,
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	143 PPS request from the DUS, then PPS response) and command the FPGA (UART in the
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	144 other direction, or a modem control line) to switch the half-etu counter, we
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	145 stand very little chance of getting this command to the FPGA in time, before
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	146 the DUS starts transmitting its next command to the SIM using the new etu
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	147 definition.
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	148
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	149 The Mother's proposed solution is to embed a PPS catcher state machine in the
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	150 sniffer FPGA. This state machine will be set to its initial state upon the
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	151 session-opening low-to-high transition on the RST line, and it will look at
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	152 every ISO 7816-3 character received by the sniffer. The machine will need to
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	153 step through the following states between this starting point and the final
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	154 action of changing the half-etu count register:
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	155
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	156 * As the ATR bytes are transferred, the state machine will need to understand
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	157 enough of ATR format to know which byte constitutes the end of ATR. A fatal
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	158 error in ATR real-time parsing (if the first byte is anything other than
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	159 8'h3B) will put the machine into its inactive state for the remainder of the
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	160 session until next reset.
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	161
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	162 * If the byte following ATR is 8'hFF, the machine will proceed into PPS request
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	163 real-time parsing state. If this byte equals any other value, go to the
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	164 inactive state for the remainder of the session.
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	165
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	166 * In the PPS request real-time parsing series of states, the state machine will
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	167 need to catch the PPS0 byte and based on this byte, figure out how many bytes
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	168 it needs to skip.
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	169
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	170 * Following the PPS request, the machine will need to real-time-parse the PPS
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	171 response. Any invalid conditions will take it to the inactive state; however,
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	172 if the PPS exchange is valid, the machine will need to capture the PPS1 byte
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	173 and then step through states until the final PCK byte of the PPS response.
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	174
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	175 * Upon receiving that last PCK byte after all prior bytes following the expected
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	176 protocol, effect the half-etu count change. Either way, the inactive state
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	177 is entered at this point, and the state machine will take no further action
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	178 for the remainder of the session.
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	179
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	180 This state machine is of course going to be very complicated, as evident from
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	181 the functional requirements listed above. The first version of SIMtrace-ice
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	182 sniffer FPGA will omit this block altogether, and we will get the rest of the
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	183 system working for DUS-to-SIM sessions that stick with F/D=372 - a good test
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	184 configuration would be to use a FreeCalypso GSM ME as DUS, with SIM speed
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	185 enhancement disabled via AT@SPENH=0. Then we shall embark on implementing this
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	186 proposed PPS catcher state machine.
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	187
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	188 The addition of this PPS catcher state machine may increase the complexity of
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	189 our logic beyond the capacity of the iCE40HX1K FPGA on the Icestick board. If
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	190 we run into this problem, we'll have to look for a board with a bigger FPGA -
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	191 but we'll try to fit into the Icestick first.

FreeCalypso > hg > fc-sim-sniff

annotate doc/Sniffer-FPGA-design @ 5:07c5aac6e84f