📄 security.psm
字号:
JUMP disp_SN_loop
;
end_disp_SN: CALL send_CR
RETURN
;
;
;**************************************************************************************
; Compute a 16-bit CRC value for the StrataFLASH 64-bit serial number.
;**************************************************************************************
;
; This routing performs a 16-bit CRC calculation for the 64-bit unique serial number
; of the StrataFLASH memory which forms the authentication value for the design.
;
; The 16-bit CRC value returned in register pair [sE,sD] will be reflective of the unique
; serial number. This will be used as the authentication value for the design which is
; stored at known locations in the FLASH memory.
;
; A direct copy of the FLASH contents will not authorise a design to operate because the
; authentication value will not match the CRC value generated from the different serial number.
;
; To complicate the CRC value generation the CRC register can be seeded with a value rather
; than starting with a clear register.
;
;
; Registers used s0,s1,s2,s3
;
compute_seeded_CRC: LOAD s4, serial_number0 ;pointer to scratch pad memory holding serial number
CRC_send_loop: FETCH s3, (s4) ;read serial number byte
CALL compute_CRC16 ;compute CRC for value in 's3'
COMPARE s4, serial_number7 ;check for 8 bytes processed
RETURN Z
ADD s4, 01 ;increment memory pointer
JUMP CRC_send_loop
;
;
;**************************************************************************************
; Compute 16-bit CRC using the polynomial X16 + X15 + X2 + 1.
;**************************************************************************************
;
;
; This routine computes a 16-bit CRC in the register pair [sE,sD] and these
; registers must not be disturbed between calls of this routine.
;
; This routine has been written such that the CRC can be computed one
; byte at a time. The byte to be processed should be provided in register 's3'
; and the contents of this register are preserved.
;
; Before starting a CRC computation either clear or pre-load (seed) the register pair
; [sE,sD] and do not disturb the value of the register pair between calling this routine.
;
; Registers used s0,s1,s3,sD,sE
; s3 is preserved.
; sD and sE should not be disturbed between calls if CRC value is required.
;
;
;
compute_CRC16: LOAD s1, 08 ;8-bits to shift
crc16_loop: LOAD s0, sD ;copy current CRC value
XOR s0, s3 ;Need to know LSB XOR next input bit
TEST s0, 01 ;test result of XOR in LSB
JUMP NC, crc16_shift
XOR sD, 02 ;compliment bit 1 of CRC
XOR sE, 40 ;compliment bit 14 of CRC
crc16_shift: SR0 s0 ;Carry gets LSB XOR next input bit
SRA sE ;shift Carry into MSB to form new CRC value
SRA sD
RR s3 ;shift input value
SUB s1, 01 ;count bits
JUMP NZ, crc16_loop ;next bit
RETURN
;
;
;**************************************************************************************
; Read 256 bytes of StrataFLASH memory including the authentication value.
;**************************************************************************************
;
; This routine reads the authentication value from the StrataFLASH memory. In this
; design the authentication value is only 2 bytes which once read will be returned
; in the register pair [sB,sA].
;
; To make the authentication value more difficult to identify, it is hidden in 256 bytes
; of pseudo random values which will also appear different in each FLASH device inspected.
; This routine deliberately reads all 256 bytes that are stored and abstracts the required
; 2 bytes of information from them otherwise it would be easy to observe which addresses
; of the block were being accessed.
;
; Another way that an attacker may deduce which address locations are important would be to
; observe the time between read accesses and note when there is any difference. In this case
; the attacker is attempting to detect when PicoBlaze takes slightly longer to execute the
; instructions which store the important bytes in scratch pad memory. So to avoid this
; detection this routine inserts an additional random delay between reads to mask any code
; execution differences.
;
; The 256 bytes are stored at addresses 060000 to 0600FF hex (the first block above the
; XC3S500E configuration image which occupies 000000 to 04547F hex). The 2 bytes forming the
; actual authentication value are stored as 4-bit nibbles in 4 different locations in this range.
;
;
; High Order Nibble Low Order Nibble
; (NNNNxxxx) (xxxxNNNN)
;
; LS-Byte in 'sA' Addr=060010 Addr=06007F
; MS-Byte in 'sB' Addr=060025 Addr=0600FA
;
;
read_authentication: LOAD s9, 06 ;start address in FLASH
LOAD s8, 00
LOAD s7, 00
auth_read_loop: CALL SF_byte_read ;read byte from FLASH into s0
COMPARE s7, 10 ;check for bytes/nibbles that contain real information
JUMP NZ, auth_check2
LOAD sA, s0 ;isolate upper order nibble for LS-Byte
AND sA, F0
auth_check2: COMPARE s7, 25
JUMP NZ, auth_check3
LOAD sB, s0 ;isolate upper order nibble for MS-Byte
AND sB, F0
auth_check3: COMPARE s7, 7F
JUMP NZ, auth_check4
AND s0, 0F ;isolate lower order nibble for LS-Byte
OR sA, s0 ; and merge with upper order nibble
auth_check4: COMPARE s7, FA
JUMP NZ, next_auth_read
AND s0, 0F ;isolate lower order nibble for MS-Byte
OR sB, s0 ; and merge with upper order nibble
next_auth_read: ADD s7, 01 ;increment address
RETURN Z ;complete after 256 reads
INPUT s0, random_value_port ;random delay between reads
auth_read_delay: SUB s0, 01
JUMP NZ, auth_read_delay
JUMP auth_read_loop
;
;
;**************************************************************************************
; Read 256 bytes (page) of StrataFLASH memory containing the authentication value.
;**************************************************************************************
;
; This routine reads the StrataFLASH memory and displays the contents on the PC display
; via the UART. The display will be 256 bytes from address range 060000 to 0600FF displayed
; as 16 lines of 16 bytes with each line commencing with the address of the first byte.
;
send_auth_page: LOAD s9, 06 ;start address in FLASH
LOAD s8, 00
LOAD s7, 00
auth_line_loop: CALL send_CR
CALL send_hex_3bytes ;display address
CALL send_space
auth_byte_loop: CALL send_space
CALL SF_byte_read ;read byte into s0
CALL send_hex_byte ;display byte
ADD s7, 01 ;increment FLASH address
TEST s7, 0F ;test for 16 byte boundary
JUMP NZ, auth_byte_loop
TEST s7, FF ;test for roll over of 256 bytes
JUMP NZ, auth_line_loop
CALL send_CR
RETURN
;
;
;
;
;**************************************************************************************
; Write 256 bytes of StrataFLASH memory including the authentication value.
;**************************************************************************************
;
; This routine writes the authentication value to the StrataFLASH memory. This routine
; would normally be part of a production programming mechanism and not part of the
; final design which only reads and confirms authentication. This routine does not
; require and special measures to confuse an attacker if it is only used in a secure
; production environment.
;
; The 2 bytes forming the actual authentication value are stored as 4-bit nibbles in
; 4 different locations in the address range 600000 to 6000FF hex (256 bytes) with
; all remaining locations filled with pseudo random values.
;
; The authentication value to be stored in StrataFLASH memory should be provided in
; the register pair [sE,sD] and will be stored in the following locations.
;
; High Order Nibble Low Order Nibble
; (NNNNxxxx) (xxxxNNNN)
;
; LS-Byte in 'sD' Addr=060010 Addr=06007F
; MS-Byte in 'sE' Addr=060025 Addr=0600FA
;
;
write_authentication: LOAD s9, 06 ;start address in FLASH
LOAD s8, 00
LOAD s7, 00
auth_write_loop: INPUT s0, random_value_port ;Obtain random value
COMPARE s7, 10 ;check for bytes/nibbles that need to be real information
JUMP NZ, auth_write_check2
LOAD s1, sD ;merge upper order nibble for LS-Byte with random
AND s1, F0
AND s0, 0F
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -