1 /*****************************************************************************
2 * Copyright (C) 2015 ST Microelectronics S.A.
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 *******************************************************************************/
16
17 /******************************************************************************
18 *
19 * This file contains the implementation for Mifare Classic tag in
20 * Reader/Writer mode.
21 *
22 ******************************************************************************/
23 #include <android-base/stringprintf.h>
24 #include <base/logging.h>
25 #include <log/log.h>
26 #include <string.h>
27 #include "bt_types.h"
28 #include "nfc_target.h"
29
30 #include "gki.h"
31 #include "nfc_api.h"
32 #include "nfc_int.h"
33 #include "rw_api.h"
34 #include "rw_int.h"
35 #include "tags_int.h"
36
37 #define MFC_KeyA 0x60
38 #define MFC_KeyB 0x61
39 #define MFC_Read 0x30
40 #define MFC_Write 0xA0
41
42 /* main state */
43 /* Mifare Classic is not activated */
44 #define RW_MFC_STATE_NOT_ACTIVATED 0x00
45 /* waiting for upper layer API */
46 #define RW_MFC_STATE_IDLE 0x01
47 /* performing NDEF detection precedure */
48 #define RW_MFC_STATE_DETECT_NDEF 0x02
49 /* performing read NDEF procedure */
50 #define RW_MFC_STATE_READ_NDEF 0x03
51 /* performing update NDEF procedure */
52 #define RW_MFC_STATE_UPDATE_NDEF 0x04
53 /* checking presence of tag */
54 #define RW_MFC_STATE_PRESENCE_CHECK 0x05
55 /* convert tag to read only */
56 #define RW_MFC_STATE_SET_READ_ONLY 0x06
57 /* detect tlv */
58 #define RW_MFC_STATE_DETECT_TLV 0x7
59 /* NDef Format */
60 #define RW_MFC_STATE_NDEF_FORMAT 0x8
61
62 #define RW_MFC_SUBSTATE_NONE 0x00
63 #define RW_MFC_SUBSTATE_IDLE 0x01
64 #define RW_MFC_SUBSTATE_WAIT_ACK 0x02
65 #define RW_MFC_SUBSTATE_READ_BLOCK 0x03
66 #define RW_MFC_SUBSTATE_FORMAT_BLOCK 0x04
67 #define RW_MFC_SUBSTATE_WRITE_BLOCK 0x05
68
69 #define RW_MFC_LONG_TLV_SIZE 4
70 #define RW_MFC_SHORT_TLV_SIZE 2
71
72 #define RW_MFC_4K_Support 0x10
73
74 #define RW_MFC_1K_BLOCK_SIZE 16
75
76 uint8_t KeyNDEF[6] = {0xD3, 0XF7, 0xD3, 0XF7, 0xD3, 0XF7};
77 uint8_t KeyMAD[6] = {0xA0, 0XA1, 0xA2, 0XA3, 0xA4, 0XA5};
78 uint8_t KeyDefault[6] = {0xFF, 0XFF, 0xFF, 0XFF, 0xFF, 0XFF};
79 uint8_t access_permission_nfc[4] = {0x7F, 0x07, 0x88, 0x40};
80 uint8_t access_permission_mad[4] = {0x78, 0x77, 0x88, 0xC1};
81 uint8_t MAD_B1[16] = {0x14, 0x01, 0x03, 0xE1, 0x03, 0xE1, 0x03, 0xE1,
82 0x03, 0xE1, 0x03, 0xE1, 0x03, 0xE1, 0x03, 0xE1};
83 uint8_t MAD_B2[16] = {0x03, 0xE1, 0x03, 0xE1, 0x03, 0xE1, 0x03, 0xE1,
84 0x03, 0xE1, 0x03, 0xE1, 0x03, 0xE1, 0x03, 0xE1};
85 uint8_t MAD_B64[16] = {0xE8, 0x01, 0x03, 0xE1, 0x03, 0xE1, 0x03, 0xE1,
86 0x03, 0xE1, 0x03, 0xE1, 0x03, 0xE1, 0x03, 0xE1};
87 uint8_t NFC_B0[16] = {0x03, 0x00, 0xFE, 0x00, 0x00, 0x00, 0x00, 0x00,
88 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
89
90 static bool rw_mfc_send_to_lower(NFC_HDR* p_c_apdu);
91 static bool rw_mfc_authenticate(int sector, bool KeyA);
92 static tNFC_STATUS rw_mfc_readBlock(int block);
93 static void rw_mfc_handle_tlv_detect_rsp(uint8_t* p_data);
94 static tNFC_STATUS rw_MfcLocateTlv(uint8_t tlv_type);
95 static void rw_mfc_conn_cback(uint8_t conn_id, tNFC_CONN_EVT event,
96 tNFC_CONN* p_data);
97 static void rw_mfc_resume_op();
98 static bool rw_nfc_decodeTlv(uint8_t* p_data);
99 static void rw_mfc_ntf_tlv_detect_complete(tNFC_STATUS status);
100 static void rw_mfc_handle_read_op(uint8_t* data);
101 static void rw_mfc_handle_op_complete(void);
102 static void rw_mfc_handle_ndef_read_rsp(uint8_t* p_data);
103 static void rw_mfc_process_error();
104
105 static tNFC_STATUS rw_mfc_formatBlock(int block);
106 static void rw_mfc_handle_format_rsp(uint8_t* p_data);
107 static void rw_mfc_handle_format_op();
108 static tNFC_STATUS rw_mfc_writeBlock(int block);
109 static void rw_mfc_handle_write_rsp(uint8_t* p_data);
110 static void rw_mfc_handle_write_op();
111
112 using android::base::StringPrintf;
113 extern bool nfc_debug_enabled;
114
115 /*****************************************************************************
116 **
117 ** Function RW_MfcFormatNDef
118 **
119 ** Description
120 ** Format Tag content
121 **
122 ** Returns
123 ** NFC_STATUS_OK, Command sent to format Tag
124 ** NFC_STATUS_REJECTED: cannot format the tag
125 ** NFC_STATUS_FAILED: other error
126 **
127 *****************************************************************************/
RW_MfcFormatNDef(void)128 tNFC_STATUS RW_MfcFormatNDef(void) {
129 tRW_MFC_CB* p_mfc = &rw_cb.tcb.mfc;
130 tNFC_STATUS status = NFC_STATUS_OK;
131
132 if (p_mfc->state != RW_MFC_STATE_IDLE) {
133 LOG(ERROR) << __func__
134 << " Mifare Classic tag not activated or Busy - State:"
135 << p_mfc->state;
136 return NFC_STATUS_BUSY;
137 }
138
139 p_mfc->state = RW_MFC_STATE_NDEF_FORMAT;
140 p_mfc->substate = RW_MFC_SUBSTATE_NONE;
141 p_mfc->last_block_accessed.block = 1;
142 p_mfc->next_block.block = 1;
143
144 status = rw_mfc_formatBlock(p_mfc->next_block.block);
145 if (status == NFC_STATUS_OK) {
146 p_mfc->state = RW_MFC_STATE_NDEF_FORMAT;
147 } else {
148 p_mfc->substate = RW_MFC_SUBSTATE_NONE;
149 }
150
151 return status;
152 }
153
154 /*******************************************************************************
155 **
156 ** Function rw_mfc_formatBlock
157 **
158 ** Description This function format a given block.
159 **
160 ** Returns true if success
161 **
162 *******************************************************************************/
rw_mfc_formatBlock(int block)163 static tNFC_STATUS rw_mfc_formatBlock(int block) {
164 NFC_HDR* mfcbuf;
165 uint8_t* p;
166 tRW_MFC_CB* p_mfc = &rw_cb.tcb.mfc;
167 int sectorlength = block / 4;
168 tNFC_STATUS status = NFC_STATUS_OK;
169
170 DLOG_IF(INFO, nfc_debug_enabled) << __func__ << ": block : " << block;
171
172 if (block > 128) {
173 sectorlength = (p_mfc->next_block.block - 128) / 16 + 32;
174 }
175
176 if (sectorlength != p_mfc->sector_authentified) {
177 if (rw_mfc_authenticate(block, true) == true) {
178 return NFC_STATUS_OK;
179 }
180 return NFC_STATUS_FAILED;
181 }
182
183 mfcbuf = (NFC_HDR*)GKI_getpoolbuf(NFC_RW_POOL_ID);
184
185 if (!mfcbuf) {
186 LOG(ERROR) << __func__ << ": Cannot allocate buffer";
187 return NFC_STATUS_REJECTED;
188 }
189
190 mfcbuf->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
191 p = (uint8_t*)(mfcbuf + 1) + mfcbuf->offset;
192
193 UINT8_TO_BE_STREAM(p, MFC_Write);
194 UINT8_TO_BE_STREAM(p, block);
195
196 if (block == 1) {
197 ARRAY_TO_BE_STREAM(p, MAD_B1, 16);
198 } else if (block == 2 || block == 65 || block == 66) {
199 ARRAY_TO_BE_STREAM(p, MAD_B2, 16);
200 } else if (block == 3 || block == 67) {
201 ARRAY_TO_BE_STREAM(p, KeyMAD, 6);
202 ARRAY_TO_BE_STREAM(p, access_permission_mad, 4);
203 ARRAY_TO_BE_STREAM(p, KeyDefault, 6);
204 } else if (block == 4) {
205 ARRAY_TO_BE_STREAM(p, NFC_B0, 16);
206 } else if (block == 64) {
207 ARRAY_TO_BE_STREAM(p, MAD_B64, 16);
208 } else {
209 ARRAY_TO_BE_STREAM(p, KeyNDEF, 6);
210 ARRAY_TO_BE_STREAM(p, access_permission_nfc, 4);
211 ARRAY_TO_BE_STREAM(p, KeyDefault, 6);
212 }
213 mfcbuf->len = 18;
214
215 if (!rw_mfc_send_to_lower(mfcbuf)) {
216 return NFC_STATUS_REJECTED;
217 }
218 p_mfc->current_block = block;
219 p_mfc->substate = RW_MFC_SUBSTATE_FORMAT_BLOCK;
220
221 return status;
222 }
223
rw_mfc_handle_format_rsp(uint8_t * p_data)224 static void rw_mfc_handle_format_rsp(uint8_t* p_data) {
225 tRW_MFC_CB* p_mfc = &rw_cb.tcb.mfc;
226 NFC_HDR* mfc_data;
227 uint8_t* p;
228
229 mfc_data = (NFC_HDR*)p_data;
230 /* Assume the data is just the response byte sequence */
231 p = (uint8_t*)(mfc_data + 1) + mfc_data->offset;
232
233 switch (p_mfc->substate) {
234 case RW_MFC_SUBSTATE_WAIT_ACK:
235 p_mfc->last_block_accessed.block = p_mfc->current_block;
236
237 if (p[0] == 0x0) {
238 p_mfc->next_block.auth = true;
239 p_mfc->last_block_accessed.auth = true;
240
241 if (p_mfc->next_block.block < 128) {
242 p_mfc->sector_authentified = p_mfc->next_block.block / 4;
243 } else {
244 p_mfc->sector_authentified =
245 (p_mfc->next_block.block - 128) / 16 + 32;
246 }
247 rw_mfc_resume_op();
248 } else {
249 p_mfc->next_block.auth = false;
250 p_mfc->last_block_accessed.auth = false;
251 nfc_stop_quick_timer(&p_mfc->timer);
252 rw_mfc_process_error();
253 }
254 break;
255
256 case RW_MFC_SUBSTATE_FORMAT_BLOCK:
257 if (p[0] == 0x0) {
258 rw_mfc_handle_format_op();
259 } else {
260 nfc_stop_quick_timer(&p_mfc->timer);
261 rw_mfc_process_error();
262 }
263 break;
264 }
265 }
266
rw_mfc_handle_format_op()267 static void rw_mfc_handle_format_op() {
268 tRW_MFC_CB* p_mfc = &rw_cb.tcb.mfc;
269 tRW_READ_DATA evt_data;
270 int num_of_blocks = 0;
271
272 /* Total blockes of Mifare 1k/4K */
273 if (p_mfc->selres & RW_MFC_4K_Support)
274 num_of_blocks = 256;
275 else
276 num_of_blocks = 64;
277
278 p_mfc->last_block_accessed.block = p_mfc->current_block;
279
280 // Find next block needed to format
281 if (p_mfc->current_block < 4) {
282 p_mfc->next_block.block = p_mfc->current_block + 1;
283 } else if (p_mfc->current_block == 4) {
284 p_mfc->next_block.block = 7;
285 } else if (p_mfc->current_block >= 63 && p_mfc->current_block < 67) {
286 p_mfc->next_block.block = p_mfc->current_block + 1;
287 } else if (p_mfc->current_block < 127) {
288 p_mfc->next_block.block = p_mfc->current_block + 4;
289 } else {
290 p_mfc->next_block.block = p_mfc->current_block + 16;
291 }
292
293 if (p_mfc->next_block.block < num_of_blocks) {
294 /* Format next blocks */
295 if (rw_mfc_formatBlock(p_mfc->next_block.block) != NFC_STATUS_OK) {
296 evt_data.status = NFC_STATUS_FAILED;
297 evt_data.p_data = NULL;
298 (*rw_cb.p_cback)(RW_MFC_NDEF_FORMAT_CPLT_EVT, (tRW_DATA*)&evt_data);
299 }
300 } else {
301 evt_data.status = NFC_STATUS_OK;
302 evt_data.p_data = NULL;
303 rw_mfc_handle_op_complete();
304 (*rw_cb.p_cback)(RW_MFC_NDEF_FORMAT_CPLT_EVT, (tRW_DATA*)&evt_data);
305 }
306 }
307
308 /*******************************************************************************
309 **
310 ** Function RW_MfcWriteNDef
311 **
312 ** Description This function can be called to write an NDEF message to the
313 ** tag.
314 **
315 ** Parameters: buf_len: The length of the buffer
316 ** p_buffer: The NDEF message to write
317 **
318 ** Returns NCI_STATUS_OK, if write was started. Otherwise, error
319 ** status.
320 **
321 *******************************************************************************/
RW_MfcWriteNDef(uint16_t buf_len,uint8_t * p_buffer)322 tNFC_STATUS RW_MfcWriteNDef(uint16_t buf_len, uint8_t* p_buffer) {
323 tRW_MFC_CB* p_mfc = &rw_cb.tcb.mfc;
324 tNFC_STATUS status = NFC_STATUS_OK;
325
326 if (p_mfc->state != RW_MFC_STATE_IDLE) {
327 return NFC_STATUS_BUSY;
328 }
329
330 p_mfc->state = RW_MFC_STATE_UPDATE_NDEF;
331 p_mfc->substate = RW_MFC_SUBSTATE_NONE;
332 p_mfc->last_block_accessed.block = 4;
333 p_mfc->next_block.block = 4;
334
335 p_mfc->p_ndef_buffer = p_buffer;
336 p_mfc->ndef_length = buf_len;
337 p_mfc->work_offset = 0;
338
339 status = rw_mfc_writeBlock(p_mfc->next_block.block);
340 if (status == NFC_STATUS_OK) {
341 p_mfc->state = RW_MFC_STATE_UPDATE_NDEF;
342 } else {
343 p_mfc->substate = RW_MFC_SUBSTATE_NONE;
344 }
345
346 return status;
347 }
348
349 /*******************************************************************************
350 **
351 ** Function rw_mfc_writeBlock
352 **
353 ** Description This function write a given block.
354 **
355 ** Returns true if success
356 **
357 *******************************************************************************/
rw_mfc_writeBlock(int block)358 static tNFC_STATUS rw_mfc_writeBlock(int block) {
359 NFC_HDR* mfcbuf;
360 uint8_t* p;
361 tRW_MFC_CB* p_mfc = &rw_cb.tcb.mfc;
362 int sectorlength = block / 4;
363 tNFC_STATUS status = NFC_STATUS_OK;
364
365 DLOG_IF(INFO, nfc_debug_enabled) << __func__ << ": block : " << block;
366
367 if (block > 128) {
368 sectorlength = (p_mfc->next_block.block - 128) / 16 + 32;
369 }
370
371 if (sectorlength != p_mfc->sector_authentified) {
372 if (rw_mfc_authenticate(block, true) == true) {
373 return NFC_STATUS_OK;
374 }
375 return NFC_STATUS_FAILED;
376 }
377
378 mfcbuf = (NFC_HDR*)GKI_getpoolbuf(NFC_RW_POOL_ID);
379
380 if (!mfcbuf) {
381 LOG(ERROR) << __func__ << ": Cannot allocate buffer";
382 return NFC_STATUS_REJECTED;
383 }
384
385 mfcbuf->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
386 p = (uint8_t*)(mfcbuf + 1) + mfcbuf->offset;
387
388 UINT8_TO_BE_STREAM(p, MFC_Write);
389 UINT8_TO_BE_STREAM(p, block);
390 int index = 0;
391 while (index < RW_MFC_1K_BLOCK_SIZE) {
392 if (p_mfc->work_offset == 0) {
393 if (p_mfc->ndef_length < 0xFF) {
394 UINT8_TO_BE_STREAM(p, 0x03);
395 UINT8_TO_BE_STREAM(p, p_mfc->ndef_length);
396 index = index + 2;
397 } else {
398 UINT8_TO_BE_STREAM(p, 0x03);
399 UINT8_TO_BE_STREAM(p, 0xFF);
400 UINT8_TO_BE_STREAM(p, (uint8_t)(p_mfc->ndef_length >>8));
401 UINT8_TO_BE_STREAM(p, (uint8_t)(p_mfc->ndef_length & 0xFF));
402 index = index + 4;
403 }
404 }
405
406 if (p_mfc->work_offset == p_mfc->ndef_length) {
407 UINT8_TO_BE_STREAM(p, 0xFE);
408 } else if (p_mfc->work_offset > p_mfc->ndef_length) {
409 UINT8_TO_BE_STREAM(p, 0x00);
410 } else {
411 UINT8_TO_BE_STREAM(p, p_mfc->p_ndef_buffer[p_mfc->work_offset]);
412 }
413 p_mfc->work_offset++;
414 index++;
415 }
416 mfcbuf->len = 18;
417
418 if (!rw_mfc_send_to_lower(mfcbuf)) {
419 return NFC_STATUS_REJECTED;
420 }
421 p_mfc->current_block = block;
422 p_mfc->substate = RW_MFC_SUBSTATE_WRITE_BLOCK;
423
424 return status;
425 }
426
rw_mfc_handle_write_rsp(uint8_t * p_data)427 static void rw_mfc_handle_write_rsp(uint8_t* p_data) {
428 tRW_MFC_CB* p_mfc = &rw_cb.tcb.mfc;
429 NFC_HDR* mfc_data;
430 uint8_t* p;
431
432 mfc_data = (NFC_HDR*)p_data;
433 /* Assume the data is just the response byte sequence */
434 p = (uint8_t*)(mfc_data + 1) + mfc_data->offset;
435
436 switch (p_mfc->substate) {
437 case RW_MFC_SUBSTATE_WAIT_ACK:
438 p_mfc->last_block_accessed.block = p_mfc->current_block;
439
440 if (p[0] == 0x0) {
441 p_mfc->next_block.auth = true;
442 p_mfc->last_block_accessed.auth = true;
443
444 if (p_mfc->next_block.block < 128) {
445 p_mfc->sector_authentified = p_mfc->next_block.block / 4;
446 } else {
447 p_mfc->sector_authentified =
448 (p_mfc->next_block.block - 128) / 16 + 32;
449 }
450 rw_mfc_resume_op();
451 } else {
452 p_mfc->next_block.auth = false;
453 p_mfc->last_block_accessed.auth = false;
454 nfc_stop_quick_timer(&p_mfc->timer);
455 rw_mfc_process_error();
456 }
457 break;
458
459 case RW_MFC_SUBSTATE_WRITE_BLOCK:
460 if (p[0] == 0x0) {
461 rw_mfc_handle_write_op();
462 } else {
463 nfc_stop_quick_timer(&p_mfc->timer);
464 rw_mfc_process_error();
465 }
466 break;
467 }
468 }
469
rw_mfc_handle_write_op()470 static void rw_mfc_handle_write_op() {
471 tRW_MFC_CB* p_mfc = &rw_cb.tcb.mfc;
472 tRW_READ_DATA evt_data;
473
474 if (p_mfc->work_offset >= p_mfc->ndef_length) {
475 evt_data.status = NFC_STATUS_OK;
476 evt_data.p_data = NULL;
477 (*rw_cb.p_cback)(RW_MFC_NDEF_WRITE_CPLT_EVT, (tRW_DATA*)&evt_data);
478 } else {
479 p_mfc->last_block_accessed.block = p_mfc->current_block;
480
481 if (p_mfc->current_block % 4 == 2) {
482 p_mfc->next_block.block = p_mfc->current_block + 2;
483 } else {
484 p_mfc->next_block.block = p_mfc->current_block + 1;
485 }
486
487 /* Do not read block 16 (MAD2) - Mifare Classic4 k */
488 if (p_mfc->next_block.block == 64) {
489 p_mfc->next_block.block += 4;
490 }
491
492 if ((p_mfc->selres & RW_MFC_4K_Support) &&
493 (p_mfc->next_block.block >= 128)) {
494 if (p_mfc->current_block % 16 == 14) {
495 p_mfc->next_block.block = p_mfc->current_block + 2;
496 } else {
497 p_mfc->next_block.block = p_mfc->current_block + 1;
498 }
499 }
500
501 /* Write next blocks */
502 if (rw_mfc_writeBlock(p_mfc->next_block.block) != NFC_STATUS_OK) {
503 evt_data.status = NFC_STATUS_FAILED;
504 evt_data.p_data = NULL;
505 (*rw_cb.p_cback)(RW_MFC_NDEF_WRITE_FAIL_EVT, (tRW_DATA*)&evt_data);
506 }
507 }
508 }
509
510 /*****************************************************************************
511 **
512 ** Function RW_MfcDetectNDef
513 **
514 ** Description
515 ** This function is used to perform NDEF detection on a Mifare Classic
516 ** tag, and retrieve the tag's NDEF attribute information.
517 ** Before using this API, the application must call RW_SelectTagType to
518 ** indicate that a Type 1 tag has been activated.
519 **
520 ** Returns
521 ** NFC_STATUS_OK: ndef detection procedure started
522 ** NFC_STATUS_WRONG_PROTOCOL: type 1 tag not activated
523 ** NFC_STATUS_BUSY: another command is already in progress
524 ** NFC_STATUS_FAILED: other error
525 **
526 *****************************************************************************/
RW_MfcDetectNDef(void)527 tNFC_STATUS RW_MfcDetectNDef(void) {
528 LOG(ERROR) << __func__;
529 return rw_MfcLocateTlv(TAG_NDEF_TLV);
530 }
531
532 /*******************************************************************************
533 **
534 ** Function rw_mfc_select
535 **
536 ** Description This function will set the callback function to
537 ** receive data from lower layers.
538 **
539 ** Returns tNFC_STATUS
540 **
541 *******************************************************************************/
rw_mfc_select(uint8_t selres,uint8_t uid[MFC_UID_LEN])542 tNFC_STATUS rw_mfc_select(uint8_t selres, uint8_t uid[MFC_UID_LEN]) {
543 tRW_MFC_CB* p_mfc = &rw_cb.tcb.mfc;
544
545 p_mfc->state = RW_MFC_STATE_NOT_ACTIVATED;
546
547 /* Alloc cmd buf for retransmissions */
548 if (p_mfc->p_cur_cmd_buf == NULL) {
549 DLOG_IF(INFO, nfc_debug_enabled) << __func__;
550 p_mfc->p_cur_cmd_buf = (NFC_HDR*)GKI_getpoolbuf(NFC_RW_POOL_ID);
551 if (p_mfc->p_cur_cmd_buf == NULL) {
552 LOG(ERROR) << __func__
553 << ": unable to allocate buffer for retransmission";
554
555 return NFC_STATUS_FAILED;
556 }
557 }
558 p_mfc->selres = selres;
559 memcpy(p_mfc->uid, uid, MFC_UID_LEN);
560
561 NFC_SetStaticRfCback(rw_mfc_conn_cback);
562
563 p_mfc->state = RW_MFC_STATE_IDLE;
564 p_mfc->substate = RW_MFC_SUBSTATE_IDLE;
565 p_mfc->last_block_accessed.block = -1;
566 p_mfc->last_block_accessed.auth = false;
567 p_mfc->next_block.block = 4;
568 p_mfc->next_block.auth = false;
569 p_mfc->sector_authentified = -1;
570
571 return NFC_STATUS_OK;
572 }
573
574 /*******************************************************************************
575 **
576 ** Function rw_mfc_send_to_lower
577 **
578 ** Description Send C-APDU to lower layer
579 **
580 ** Returns true if success
581 **
582 *******************************************************************************/
rw_mfc_send_to_lower(NFC_HDR * p_data)583 static bool rw_mfc_send_to_lower(NFC_HDR* p_data) {
584 tRW_MFC_CB* p_mfc = &rw_cb.tcb.mfc;
585 /* Indicate first attempt to send command, back up cmd buffer in case needed
586 * for retransmission */
587 rw_cb.cur_retry = 0;
588 memcpy(p_mfc->p_cur_cmd_buf, p_data,
589 sizeof(NFC_HDR) + p_data->offset + p_data->len);
590
591 if (NFC_SendData(NFC_RF_CONN_ID, p_data) != NFC_STATUS_OK) {
592 LOG(ERROR) << __func__ << ": NFC_SendData () failed";
593 return false;
594 }
595
596 nfc_start_quick_timer(&rw_cb.tcb.mfc.timer, NFC_TTYPE_RW_MFC_RESPONSE,
597 (RW_MFC_TOUT_RESP * QUICK_TIMER_TICKS_PER_SEC) / 1000);
598
599 return true;
600 }
601
602 /*******************************************************************************
603 **
604 ** Function rw_mfc_process_timeout
605 **
606 ** Description handles timeout event
607 **
608 ** Returns none
609 **
610 *******************************************************************************/
rw_mfc_process_timeout(TIMER_LIST_ENT * p_tle)611 void rw_mfc_process_timeout(TIMER_LIST_ENT* p_tle) {
612 DLOG_IF(INFO, nfc_debug_enabled) << __func__ << " event=" << p_tle->event;
613
614 if (p_tle->event == NFC_TTYPE_RW_MFC_RESPONSE) {
615 rw_mfc_process_error();
616 } else {
617 LOG(ERROR) << __func__ << " unknown event=" << p_tle->event;
618 }
619 }
620
621 /*******************************************************************************
622 **
623 ** Function rw_mfc_conn_cback
624 **
625 ** Description This callback function receives the events/data from NFCC.
626 **
627 ** Returns none
628 **
629 *******************************************************************************/
rw_mfc_conn_cback(uint8_t conn_id,tNFC_CONN_EVT event,tNFC_CONN * p_data)630 static void rw_mfc_conn_cback(uint8_t conn_id, tNFC_CONN_EVT event,
631 tNFC_CONN* p_data) {
632 tRW_MFC_CB* p_mfc = &rw_cb.tcb.mfc;
633 tRW_READ_DATA evt_data;
634 NFC_HDR* mfc_data = nullptr;
635 tRW_DATA rw_data;
636
637 if (!p_data) {
638 LOG(ERROR) << __func__ << "Invalid p_data";
639 return;
640 }
641
642 DLOG_IF(INFO, nfc_debug_enabled)
643 << StringPrintf("%s conn_id=%i, evt=0x%x", __func__, conn_id, event);
644 /* Only handle static conn_id */
645 if (conn_id != NFC_RF_CONN_ID) {
646 LOG(ERROR) << __func__ << " Not static connection id =" << conn_id;
647 return;
648 }
649
650 switch (event) {
651 case NFC_CONN_CREATE_CEVT:
652 case NFC_CONN_CLOSE_CEVT:
653 break;
654
655 case NFC_DEACTIVATE_CEVT:
656
657 /* Stop mfc timer (if started) */
658 nfc_stop_quick_timer(&p_mfc->timer);
659 /* Free cmd buf for retransmissions */
660 if (p_mfc->p_cur_cmd_buf) {
661 GKI_freebuf(p_mfc->p_cur_cmd_buf);
662 p_mfc->p_cur_cmd_buf = NULL;
663 }
664
665 p_mfc->state = RW_MFC_STATE_NOT_ACTIVATED;
666 NFC_SetStaticRfCback(NULL);
667 break;
668
669 case NFC_DATA_CEVT:
670 if ((p_data != NULL) && (p_data->data.status == NFC_STATUS_OK)) {
671 mfc_data = (NFC_HDR*)p_data->data.p_data;
672 break;
673 }
674 /* Data event with error status...fall through to NFC_ERROR_CEVT case */
675 FALLTHROUGH_INTENDED;
676 case NFC_ERROR_CEVT:
677
678 if ((p_mfc->state == RW_MFC_STATE_NOT_ACTIVATED) ||
679 (p_mfc->state == RW_MFC_STATE_IDLE)) {
680 if (event == NFC_ERROR_CEVT) {
681 evt_data.status = (tNFC_STATUS)(*(uint8_t*)p_data);
682 } else if (p_data) {
683 evt_data.status = p_data->status;
684 }
685 evt_data.p_data = NULL;
686 (*rw_cb.p_cback)(RW_MFC_INTF_ERROR_EVT, (tRW_DATA*)&evt_data);
687 break;
688 }
689 nfc_stop_quick_timer(&p_mfc->timer);
690 break;
691
692 default:
693 break;
694 }
695
696 if ((p_mfc->state != RW_MFC_STATE_IDLE) && (mfc_data == NULL)) {
697 LOG(ERROR) << StringPrintf("%s NULL pointer", __func__);
698 return;
699 }
700
701 switch (p_mfc->state) {
702 case RW_MFC_STATE_IDLE:
703 /* Unexpected R-APDU, it should be raw frame response */
704 /* forward to upper layer without parsing */
705 if (rw_cb.p_cback) {
706 rw_data.raw_frame.status = p_data->data.status;
707 rw_data.raw_frame.p_data = mfc_data;
708 (*(rw_cb.p_cback))(RW_MFC_RAW_FRAME_EVT, &rw_data);
709 mfc_data = NULL;
710 } else {
711 GKI_freebuf(mfc_data);
712 }
713 break;
714 case RW_MFC_STATE_DETECT_TLV:
715 rw_mfc_handle_tlv_detect_rsp((uint8_t*)mfc_data);
716 GKI_freebuf(mfc_data);
717 break;
718
719 case RW_MFC_STATE_READ_NDEF:
720 rw_mfc_handle_ndef_read_rsp((uint8_t*)mfc_data);
721 GKI_freebuf(mfc_data);
722 break;
723 case RW_MFC_STATE_NOT_ACTIVATED:
724 DLOG_IF(INFO, nfc_debug_enabled)
725 << __func__ << " RW_MFC_STATE_NOT_ACTIVATED";
726 /* p_r_apdu may send upper layer */
727 break;
728 case RW_MFC_STATE_NDEF_FORMAT:
729 rw_mfc_handle_format_rsp((uint8_t*)mfc_data);
730 GKI_freebuf(mfc_data);
731 break;
732 case RW_MFC_STATE_UPDATE_NDEF:
733 rw_mfc_handle_write_rsp((uint8_t*)mfc_data);
734 GKI_freebuf(mfc_data);
735 break;
736 default:
737 LOG(ERROR) << __func__ << ": invalid state=" << p_mfc->state;
738 break;
739 }
740 }
741
742 /*******************************************************************************
743 **
744 ** Function rw_MfcLocateTlv
745 **
746 ** Description This function performs NDEF detection procedure
747 **
748 ** RW_MFC_NDEF_DETECT_EVT will be returned
749 **
750 ** Returns NFC_STATUS_OK if success
751 ** NFC_STATUS_FAILED if Mifare classic tag is busy or other
752 ** error
753 **
754 *******************************************************************************/
rw_MfcLocateTlv(uint8_t tlv_type)755 static tNFC_STATUS rw_MfcLocateTlv(uint8_t tlv_type) {
756 DLOG_IF(INFO, nfc_debug_enabled) << __func__;
757
758 tRW_MFC_CB* p_mfc = &rw_cb.tcb.mfc;
759 tNFC_STATUS success = NFC_STATUS_OK;
760
761 if (p_mfc->state != RW_MFC_STATE_IDLE) {
762 LOG(ERROR) << __func__
763 << " Mifare Classic tag not activated or Busy - State:"
764 << p_mfc->state;
765 return NFC_STATUS_BUSY;
766 }
767
768 if ((tlv_type != TAG_LOCK_CTRL_TLV) && (tlv_type != TAG_MEM_CTRL_TLV) &&
769 (tlv_type != TAG_NDEF_TLV) && (tlv_type != TAG_PROPRIETARY_TLV)) {
770 DLOG_IF(INFO, nfc_debug_enabled)
771 << StringPrintf("%s - Cannot search TLV: 0x%02x", __func__, tlv_type);
772 return NFC_STATUS_FAILED;
773 }
774 if (tlv_type == TAG_NDEF_TLV) {
775 p_mfc->ndef_length = 0;
776 p_mfc->ndef_start_pos = 0;
777 p_mfc->ndef_first_block = 0;
778 p_mfc->work_offset = 0;
779 p_mfc->ndef_status = MFC_NDEF_NOT_DETECTED;
780 }
781
782 p_mfc->substate = RW_MFC_SUBSTATE_READ_BLOCK;
783 p_mfc->state = RW_MFC_STATE_DETECT_TLV;
784
785 success = rw_mfc_readBlock(p_mfc->next_block.block);
786 if (success == NFC_STATUS_OK) {
787 p_mfc->state = RW_MFC_STATE_DETECT_TLV;
788 DLOG_IF(INFO, nfc_debug_enabled)
789 << __func__ << " RW_MFC_STATE_DETECT_TLV state=" << p_mfc->state;
790 } else {
791 p_mfc->substate = RW_MFC_SUBSTATE_NONE;
792 DLOG_IF(INFO, nfc_debug_enabled)
793 << __func__ << " rw_MfcLocateTlv state=" << p_mfc->state;
794 }
795
796 return NFC_STATUS_OK;
797 }
798
799 /*******************************************************************************
800 **
801 ** Function rw_mfc_authenticate
802 **
803 ** Description This function performs the authentication of a given
804 ** block.
805 **
806 ** Returns true if success
807 **
808 *******************************************************************************/
rw_mfc_authenticate(int block,bool KeyA)809 static bool rw_mfc_authenticate(int block, bool KeyA) {
810 NFC_HDR* mfcbuf;
811 tRW_MFC_CB* p_mfc = &rw_cb.tcb.mfc;
812 uint8_t* p;
813
814 DLOG_IF(INFO, nfc_debug_enabled) << __func__ << ": block:" << block;
815
816 uint8_t* KeyToUse;
817
818 mfcbuf = (NFC_HDR*)GKI_getpoolbuf(NFC_RW_POOL_ID);
819
820 if (!mfcbuf) {
821 LOG(ERROR) << __func__ << ": Cannot allocate buffer";
822 return false;
823 }
824
825 mfcbuf->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
826 p = (uint8_t*)(mfcbuf + 1) + mfcbuf->offset;
827
828 if (KeyA) {
829 UINT8_TO_BE_STREAM(p, MFC_KeyA);
830 } else {
831 UINT8_TO_BE_STREAM(p, MFC_KeyB);
832 }
833
834 UINT8_TO_BE_STREAM(p, block);
835 ARRAY_TO_BE_STREAM(p, p_mfc->uid, 4);
836
837 if (p_mfc->state == RW_MFC_STATE_NDEF_FORMAT)
838 KeyToUse = KeyDefault;
839 else {
840 if (block >= 0 && block < 4) {
841 KeyToUse = KeyMAD;
842 } else {
843 KeyToUse = KeyNDEF;
844 }
845 }
846 ARRAY_TO_BE_STREAM(p, KeyToUse, 6);
847
848 mfcbuf->len = 12;
849
850 if (!rw_mfc_send_to_lower(mfcbuf)) {
851 return false;
852 }
853 /* Backup the current substate to move back to this substate after changing
854 * sector */
855 p_mfc->prev_substate = p_mfc->substate;
856 p_mfc->substate = RW_MFC_SUBSTATE_WAIT_ACK;
857 return true;
858 }
859
860 /*******************************************************************************
861 **
862 ** Function rw_mfc_readBlock
863 **
864 ** Description This function read a given block.
865 **
866 ** Returns true if success
867 **
868 *******************************************************************************/
rw_mfc_readBlock(int block)869 static tNFC_STATUS rw_mfc_readBlock(int block) {
870 NFC_HDR* mfcbuf;
871 uint8_t* p;
872 tRW_MFC_CB* p_mfc = &rw_cb.tcb.mfc;
873 int sectorlength = block / 4;
874 tNFC_STATUS status = NFC_STATUS_OK;
875
876 DLOG_IF(INFO, nfc_debug_enabled) << __func__ << ": block : " << block;
877
878 if (block > 128) {
879 sectorlength = (p_mfc->next_block.block - 128) / 16 + 32;
880 }
881
882 if (sectorlength != p_mfc->sector_authentified) {
883 if (rw_mfc_authenticate(block, true) == true) {
884 LOG(ERROR) << __func__ << ": RW_MFC_SUBSTATE_WAIT_ACK";
885 return NFC_STATUS_OK;
886 }
887 return NFC_STATUS_FAILED;
888 }
889
890 mfcbuf = (NFC_HDR*)GKI_getpoolbuf(NFC_RW_POOL_ID);
891
892 if (!mfcbuf) {
893 LOG(ERROR) << __func__ << ": Cannot allocate buffer";
894 return NFC_STATUS_REJECTED;
895 }
896
897 mfcbuf->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
898 p = (uint8_t*)(mfcbuf + 1) + mfcbuf->offset;
899
900 UINT8_TO_BE_STREAM(p, MFC_Read);
901 UINT8_TO_BE_STREAM(p, block);
902
903 mfcbuf->len = 2;
904
905 if (!rw_mfc_send_to_lower(mfcbuf)) {
906 return NFC_STATUS_REJECTED;
907 }
908 p_mfc->current_block = block;
909 p_mfc->substate = RW_MFC_SUBSTATE_READ_BLOCK;
910
911 return status;
912 }
913
914 /*******************************************************************************
915 **
916 ** Function rw_mfc_handle_tlv_detect_rsp
917 **
918 ** Description Handle TLV detection.
919 **
920 ** Returns none
921 **
922 *******************************************************************************/
rw_mfc_handle_tlv_detect_rsp(uint8_t * p_data)923 static void rw_mfc_handle_tlv_detect_rsp(uint8_t* p_data) {
924 tRW_MFC_CB* p_mfc = &rw_cb.tcb.mfc;
925 NFC_HDR* mfc_data;
926 uint8_t* p;
927
928 mfc_data = (NFC_HDR*)p_data;
929 /* Assume the data is just the response byte sequence */
930 p = (uint8_t*)(mfc_data + 1) + mfc_data->offset;
931
932 p_mfc->last_block_accessed.block = p_mfc->next_block.block;
933 switch (p_mfc->substate) {
934 case RW_MFC_SUBSTATE_WAIT_ACK:
935 /* Search for the tlv */
936 if (p[0] == 0x0) {
937 p_mfc->next_block.auth = true;
938 p_mfc->last_block_accessed.auth = true;
939 p_mfc->sector_authentified = p_mfc->next_block.block / 4;
940
941 rw_mfc_resume_op();
942 } else {
943 p_mfc->next_block.auth = false;
944 p_mfc->last_block_accessed.auth = false;
945 DLOG_IF(INFO, nfc_debug_enabled) << __func__ << ": status=" << p[0];
946 nfc_stop_quick_timer(&p_mfc->timer);
947 rw_mfc_process_error();
948 }
949 break;
950
951 case RW_MFC_SUBSTATE_READ_BLOCK:
952 /* Search for the tlv */
953 if (mfc_data->len == 0x10) {
954 p_mfc->last_block_accessed.block = p_mfc->next_block.block;
955 p_mfc->next_block.block += 1;
956 p_mfc->next_block.auth = false;
957 rw_mfc_handle_read_op((uint8_t*)mfc_data);
958 }
959 break;
960 }
961 }
962 /*******************************************************************************
963 **
964 ** Function rw_mfc_resume_op
965 **
966 ** Description This function will continue operation after moving to new
967 ** sector
968 **
969 ** Returns none
970 **
971 *******************************************************************************/
rw_mfc_resume_op()972 static void rw_mfc_resume_op() {
973 tRW_MFC_CB* p_mfc = &rw_cb.tcb.mfc;
974 bool status = true;
975
976 switch (p_mfc->state) {
977 case RW_MFC_STATE_DETECT_TLV:
978 status = rw_mfc_readBlock(p_mfc->next_block.block);
979 break;
980 case RW_MFC_STATE_READ_NDEF:
981 status = rw_mfc_readBlock(p_mfc->next_block.block);
982 break;
983 case RW_MFC_STATE_NDEF_FORMAT:
984 status = rw_mfc_formatBlock(p_mfc->next_block.block);
985 break;
986 case RW_MFC_STATE_UPDATE_NDEF:
987 status = rw_mfc_writeBlock(p_mfc->next_block.block);
988 break;
989 }
990 }
991
992 /*******************************************************************************
993 **
994 ** Function rw_mfc_handle_read_op
995 **
996 ** Description This function handles all the read operation.
997 **
998 ** Returns none
999 **
1000 *******************************************************************************/
rw_mfc_handle_read_op(uint8_t * data)1001 static void rw_mfc_handle_read_op(uint8_t* data) {
1002 uint8_t* p;
1003 tRW_MFC_CB* p_mfc = &rw_cb.tcb.mfc;
1004 bool tlv_found = false;
1005 NFC_HDR* mfc_data;
1006 uint16_t len;
1007 uint16_t offset;
1008 uint16_t saved_length;
1009 bool failed = false;
1010 bool done = false;
1011 tRW_READ_DATA evt_data;
1012
1013 mfc_data = (NFC_HDR*)data;
1014 p = (uint8_t*)(mfc_data + 1) + mfc_data->offset;
1015
1016 switch (p_mfc->state) {
1017 case RW_MFC_STATE_DETECT_TLV:
1018 tlv_found = rw_nfc_decodeTlv(data);
1019 if (tlv_found) {
1020 p_mfc->ndef_status = MFC_NDEF_DETECTED;
1021 p_mfc->ndef_first_block = p_mfc->last_block_accessed.block;
1022 rw_mfc_ntf_tlv_detect_complete(NFC_STATUS_OK);
1023 }
1024 break;
1025
1026 case RW_MFC_STATE_READ_NDEF:
1027 /* On the first read, adjust for any partial block offset */
1028 offset = 0;
1029 len = RW_MFC_1K_BLOCK_SIZE;
1030 saved_length = p_mfc->ndef_length;
1031
1032 if (p_mfc->work_offset == 0) {
1033 /* The Ndef Message offset may be present in the read 16 bytes */
1034 offset = p_mfc->ndef_start_pos;
1035
1036 if (!rw_nfc_decodeTlv(data)) {
1037 failed = true;
1038 DLOG_IF(INFO, nfc_debug_enabled) << __func__ << " FAILED finding TLV";
1039 }
1040 }
1041
1042 if (!failed && saved_length >= p_mfc->ndef_length) {
1043 /* Skip all reserved and lock bytes */
1044 while ((offset < len) && (p_mfc->work_offset < p_mfc->ndef_length))
1045
1046 {
1047 /* Collect the NDEF Message */
1048 p_mfc->p_ndef_buffer[p_mfc->work_offset] = p[offset];
1049 p_mfc->work_offset++;
1050 offset++;
1051 }
1052 } else {
1053 android_errorWriteLog(0x534e4554, "178725766");
1054 }
1055
1056 if (p_mfc->work_offset >= p_mfc->ndef_length) {
1057 done = true;
1058 p_mfc->ndef_status = MFC_NDEF_READ;
1059 } else {
1060 /* Read next blocks */
1061 if (rw_mfc_readBlock(p_mfc->next_block.block) != NFC_STATUS_OK) {
1062 failed = true;
1063 DLOG_IF(INFO, nfc_debug_enabled)
1064 << __func__ << " FAILED reading next";
1065 }
1066 }
1067
1068 if (failed || done) {
1069 evt_data.status = failed ? NFC_STATUS_FAILED : NFC_STATUS_OK;
1070 evt_data.p_data = NULL;
1071 rw_mfc_handle_op_complete();
1072 (*rw_cb.p_cback)(RW_MFC_NDEF_READ_EVT, (tRW_DATA*)&evt_data);
1073 }
1074 break;
1075 }
1076 }
1077 /*******************************************************************************
1078 **
1079 ** Function rw_nfc_decodeTlv
1080 **
1081 ** Description Decode the NDEF data length from the Mifare TLV
1082 ** Leading null TLVs (0x0) are skipped
1083 **
1084 ** Returns true if success
1085 **
1086 *******************************************************************************/
rw_nfc_decodeTlv(uint8_t * data)1087 static bool rw_nfc_decodeTlv(uint8_t* data) {
1088 tRW_MFC_CB* p_mfc = &rw_cb.tcb.mfc;
1089 NFC_HDR* mfc_data;
1090 uint8_t* p;
1091
1092 mfc_data = (NFC_HDR*)data;
1093 p = (uint8_t*)(mfc_data + 1) + mfc_data->offset;
1094 int i = 0;
1095
1096 do {
1097 if (p[i] == 0x0) {
1098 // do nothing, skip
1099 } else if (p[i] == 0x3) {
1100 p_mfc->tlv_detect = TAG_NDEF_TLV;
1101 break;
1102
1103 } else {
1104 DLOG_IF(INFO, nfc_debug_enabled) << __func__ << ": Unknown TLV";
1105 p_mfc->tlv_detect = TAG_PROPRIETARY_TLV;
1106 break;
1107 }
1108 i++;
1109 } while (i < mfc_data->len);
1110
1111 DLOG_IF(INFO, nfc_debug_enabled) << __func__ << ": i=" << i;
1112
1113 if ((i + 1) >= mfc_data->len || i < 0 || p[i] != 0x3) {
1114 LOG(ERROR) << __func__ << ": Can't decode message length";
1115 } else {
1116 if (p[i + 1] != 0xFF) {
1117 p_mfc->ndef_length = p[i + 1];
1118 p_mfc->ndef_start_pos = i + RW_MFC_SHORT_TLV_SIZE;
1119 DLOG_IF(INFO, nfc_debug_enabled)
1120 << __func__ << " short NDEF SIZE=" << p_mfc->ndef_length;
1121 return true;
1122 } else if ((i + 3) < mfc_data->len) {
1123 p_mfc->ndef_length = (((uint16_t)p[i + 2]) << 8) | ((uint16_t)(p[i + 3]));
1124 p_mfc->ndef_start_pos = i + RW_MFC_LONG_TLV_SIZE;
1125 DLOG_IF(INFO, nfc_debug_enabled)
1126 << __func__ << " long NDEF SIZE=" << p_mfc->ndef_length;
1127 return true;
1128 } else {
1129 LOG(ERROR) << __func__ << ": Can't decode ndef length";
1130 }
1131 }
1132 return false;
1133 }
1134
1135 /*******************************************************************************
1136 **
1137 ** Function rw_mfc_ntf_tlv_detect_complete
1138 **
1139 ** Description Notify TLV detection complete to upper layer
1140 **
1141 ** Returns none
1142 **
1143 *******************************************************************************/
rw_mfc_ntf_tlv_detect_complete(tNFC_STATUS status)1144 static void rw_mfc_ntf_tlv_detect_complete(tNFC_STATUS status) {
1145 tRW_MFC_CB* p_mfc = &rw_cb.tcb.mfc;
1146 tRW_DETECT_NDEF_DATA ndef_data = {};
1147
1148 DLOG_IF(INFO, nfc_debug_enabled) << __func__;
1149 if (p_mfc->tlv_detect == TAG_NDEF_TLV) {
1150 /* Notify upper layer the result of NDEF detect op */
1151 ndef_data.status = NFC_STATUS_OK; // status;
1152 ndef_data.protocol = NFC_PROTOCOL_MIFARE;
1153 ndef_data.flags = 0;
1154 ndef_data.cur_size = p_mfc->ndef_length;
1155
1156 if (status == NFC_STATUS_OK) {
1157 ndef_data.flags |= RW_NDEF_FL_FORMATED;
1158 }
1159
1160 // TODO - calculate max size based on MAD sectr NFC_AID condition
1161 // Set max size as format condition
1162 if (p_mfc->selres & RW_MFC_4K_Support)
1163 ndef_data.max_size = 3356;
1164 else
1165 ndef_data.max_size = 716;
1166
1167 rw_mfc_handle_op_complete();
1168 (*rw_cb.p_cback)(RW_MFC_NDEF_DETECT_EVT, (tRW_DATA*)&ndef_data);
1169 }
1170 }
1171
1172 /*******************************************************************************
1173 **
1174 ** Function RW_MfcReadNDef
1175 **
1176 ** Description Retrieve NDEF contents from a Mifare Classic tag..
1177 **
1178 ** The RW_MFC_NDEF_READ_EVT event is used to notify the
1179 ** application after reading the NDEF message.
1180 **
1181 ** Before using this API, the RW_MfcReadNDef function must
1182 ** be called to verify that the tag contains NDEF data, and to
1183 ** retrieve the NDEF attributes.
1184 **
1185 ** Internally, this command will be separated into multiple
1186 ** Mifare Classic Read commands (if necessary) - depending
1187 ** on the NDEF Msg size.
1188 **
1189 ** Parameters: p_buffer: The buffer into which to read the NDEF message
1190 ** buf_len: The length of the buffer
1191 **
1192 ** Returns NCI_STATUS_OK, if read was started. Otherwise, error
1193 ** status.
1194 **
1195 *******************************************************************************/
RW_MfcReadNDef(uint8_t * p_buffer,uint16_t buf_len)1196 tNFC_STATUS RW_MfcReadNDef(uint8_t* p_buffer, uint16_t buf_len) {
1197 tRW_MFC_CB* p_mfc = &rw_cb.tcb.mfc;
1198 tNFC_STATUS status = NFC_STATUS_OK;
1199
1200 if (p_mfc->state != RW_MFC_STATE_IDLE) {
1201 LOG(ERROR) << __func__
1202 << " Mifare Classic tag not activated or Busy - State="
1203 << p_mfc->state;
1204 return NFC_STATUS_FAILED;
1205 }
1206
1207 if (p_mfc->ndef_status == MFC_NDEF_NOT_DETECTED) {
1208 LOG(ERROR) << __func__ << " NDEF detection not performed yet";
1209 return NFC_STATUS_FAILED;
1210 }
1211
1212 if (buf_len < p_mfc->ndef_length) {
1213 LOG(ERROR) << __func__ << " buffer size=" << buf_len
1214 << "less than NDEF msg sise=" << p_mfc->ndef_length;
1215 return NFC_STATUS_FAILED;
1216 }
1217
1218 if (!p_mfc->ndef_length) {
1219 LOG(ERROR) << __func__ << " NDEF Message length is zero ";
1220 return NFC_STATUS_NOT_INITIALIZED;
1221 }
1222
1223 p_mfc->p_ndef_buffer = p_buffer;
1224 p_mfc->work_offset = 0;
1225
1226 p_mfc->last_block_accessed.block = 0;
1227 p_mfc->next_block.block = p_mfc->ndef_first_block;
1228 p_mfc->substate = RW_MFC_SUBSTATE_NONE;
1229
1230 /* Start reading NDEF Message */
1231 status = rw_mfc_readBlock(p_mfc->next_block.block);
1232 if (status == NFC_STATUS_OK) {
1233 p_mfc->state = RW_MFC_STATE_READ_NDEF;
1234 }
1235
1236 return status;
1237 }
1238
1239 /*****************************************************************************
1240 **
1241 ** Function rw_mfc_handle_op_complete
1242 **
1243 ** Description Reset to IDLE state
1244 **
1245 ** Returns none
1246 **
1247 *****************************************************************************/
rw_mfc_handle_op_complete(void)1248 static void rw_mfc_handle_op_complete(void) {
1249 tRW_MFC_CB* p_mfc = &rw_cb.tcb.mfc;
1250
1251 p_mfc->last_block_accessed.auth = false;
1252 p_mfc->next_block.auth = false;
1253 p_mfc->state = RW_MFC_STATE_IDLE;
1254 p_mfc->substate = RW_MFC_SUBSTATE_NONE;
1255 return;
1256 }
1257
1258 /*******************************************************************************
1259 **
1260 ** Function rw_mfc_handle_ndef_read_rsp
1261 **
1262 ** Description Handle TLV detection.
1263 **
1264 ** Returns none
1265 **
1266 *******************************************************************************/
rw_mfc_handle_ndef_read_rsp(uint8_t * p_data)1267 static void rw_mfc_handle_ndef_read_rsp(uint8_t* p_data) {
1268 tRW_MFC_CB* p_mfc = &rw_cb.tcb.mfc;
1269 NFC_HDR* mfc_data;
1270 uint8_t* p;
1271
1272 mfc_data = (NFC_HDR*)p_data;
1273 /* Assume the data is just the response byte sequence */
1274 p = (uint8_t*)(mfc_data + 1) + mfc_data->offset;
1275
1276 switch (p_mfc->substate) {
1277 case RW_MFC_SUBSTATE_WAIT_ACK:
1278 /* Search for the tlv */
1279 p_mfc->last_block_accessed.block = p_mfc->current_block;
1280
1281 if (p[0] == 0x0) {
1282 p_mfc->next_block.auth = true;
1283 p_mfc->last_block_accessed.auth = true;
1284
1285 if (p_mfc->current_block < 128) {
1286 p_mfc->sector_authentified = p_mfc->next_block.block / 4;
1287 }
1288
1289 else
1290 p_mfc->sector_authentified =
1291 (p_mfc->next_block.block - 128) / 16 + 32;
1292
1293 rw_mfc_resume_op();
1294 DLOG_IF(INFO, nfc_debug_enabled) << StringPrintf(
1295 "rw_mfc_handle_ndef_read_rsp () sector authentified: %d",
1296 p_mfc->sector_authentified);
1297 } else {
1298 p_mfc->next_block.auth = false;
1299 p_mfc->last_block_accessed.auth = false;
1300 }
1301 break;
1302
1303 case RW_MFC_SUBSTATE_READ_BLOCK:
1304 /* Search for the tlv */
1305
1306 if (mfc_data->len == 0x10) {
1307 p_mfc->last_block_accessed.block = p_mfc->current_block;
1308
1309 if (p_mfc->current_block % 4 == 2) {
1310 p_mfc->next_block.block = p_mfc->current_block + 2;
1311 } else {
1312 p_mfc->next_block.block = p_mfc->current_block + 1;
1313 }
1314
1315 /* Do not read block 16 (MAD2) - Mifare Classic4 k */
1316 if (p_mfc->next_block.block == 64) {
1317 p_mfc->next_block.block += 4;
1318 }
1319
1320 if ((p_mfc->selres & RW_MFC_4K_Support) &&
1321 (p_mfc->next_block.block >= 128)) {
1322 if (p_mfc->current_block % 16 == 14) {
1323 p_mfc->next_block.block = p_mfc->current_block + 2;
1324 } else {
1325 p_mfc->next_block.block = p_mfc->current_block + 1;
1326 }
1327 }
1328
1329 p_mfc->next_block.auth = false;
1330 rw_mfc_handle_read_op((uint8_t*)mfc_data);
1331 }
1332 break;
1333 }
1334 }
1335
1336 /*******************************************************************************
1337 **
1338 ** Function rw_mfc_process_error
1339 **
1340 ** Description Process error including Timeout, Frame error. This function
1341 ** will retry atleast till RW_MAX_RETRIES before give up and
1342 ** sending negative notification to upper layer
1343 **
1344 ** Returns none
1345 **
1346 *******************************************************************************/
rw_mfc_process_error()1347 static void rw_mfc_process_error() {
1348 tRW_READ_DATA evt_data = tRW_READ_DATA();
1349 tRW_EVENT rw_event = RW_MFC_NDEF_DETECT_EVT;
1350 NFC_HDR* p_cmd_buf;
1351 tRW_MFC_CB* p_mfc = &rw_cb.tcb.mfc;
1352 tRW_DETECT_NDEF_DATA ndef_data;
1353
1354 DLOG_IF(INFO, nfc_debug_enabled) << __func__ << " State=" << p_mfc->state;
1355 evt_data.status = NFC_STATUS_FAILED;
1356
1357 /* Retry sending command if retry-count < max */
1358 if (rw_cb.cur_retry < RW_MAX_RETRIES) {
1359 /* retry sending the command */
1360 rw_cb.cur_retry++;
1361
1362 DLOG_IF(INFO, nfc_debug_enabled)
1363 << __func__ << "Mifare Classic retransmission attempt "
1364 << rw_cb.cur_retry << " of " << RW_MAX_RETRIES;
1365
1366 /* allocate a new buffer for message */
1367 p_cmd_buf = (NFC_HDR*)GKI_getpoolbuf(NFC_RW_POOL_ID);
1368 if (p_cmd_buf != NULL) {
1369 memcpy(p_cmd_buf, p_mfc->p_cur_cmd_buf,
1370 sizeof(NFC_HDR) + p_mfc->p_cur_cmd_buf->offset +
1371 p_mfc->p_cur_cmd_buf->len);
1372
1373 if (NFC_SendData(NFC_RF_CONN_ID, p_cmd_buf) == NFC_STATUS_OK) {
1374 /* Start timer for waiting for response */
1375 nfc_start_quick_timer(
1376 &p_mfc->timer, NFC_TTYPE_RW_MFC_RESPONSE,
1377 (RW_MFC_TOUT_RESP * QUICK_TIMER_TICKS_PER_SEC) / 1000);
1378
1379 return;
1380 }
1381 }
1382 } else {
1383 DLOG_IF(INFO, nfc_debug_enabled)
1384 << __func__ << "MFC maximum retransmission attempts reached "
1385 << RW_MAX_RETRIES;
1386 }
1387
1388 if (p_mfc->state == RW_MFC_STATE_DETECT_TLV) {
1389 rw_event = RW_MFC_NDEF_DETECT_EVT;
1390 } else if (p_mfc->state == RW_MFC_STATE_READ_NDEF) {
1391 rw_event = RW_MFC_NDEF_READ_EVT;
1392 } else if (p_mfc->state == RW_MFC_STATE_UPDATE_NDEF) {
1393 rw_event = RW_MFC_NDEF_WRITE_FAIL_EVT;
1394 } else if (p_mfc->state == RW_MFC_STATE_NDEF_FORMAT) {
1395 rw_event = RW_MFC_NDEF_FORMAT_CPLT_EVT;
1396 }
1397
1398 if (rw_event == RW_MFC_NDEF_DETECT_EVT) {
1399 ndef_data.status = evt_data.status;
1400 ndef_data.protocol = NFC_PROTOCOL_MIFARE;
1401 ndef_data.flags = RW_NDEF_FL_UNKNOWN;
1402 ndef_data.max_size = 0;
1403 ndef_data.cur_size = 0;
1404 DLOG_IF(INFO, nfc_debug_enabled)
1405 << __func__ << " status=" << evt_data.status;
1406 /* If not Halt move to idle state */
1407 rw_mfc_handle_op_complete();
1408
1409 (*rw_cb.p_cback)(rw_event, (tRW_DATA*)&ndef_data);
1410 } else {
1411 evt_data.p_data = NULL;
1412 /* If activated and not Halt move to idle state */
1413 if (p_mfc->state != RW_MFC_STATE_NOT_ACTIVATED) {
1414 rw_mfc_handle_op_complete();
1415 }
1416
1417 DLOG_IF(INFO, nfc_debug_enabled)
1418 << __func__ << " status=" << evt_data.status;
1419 p_mfc->substate = RW_MFC_SUBSTATE_NONE;
1420 (*rw_cb.p_cback)(rw_event, (tRW_DATA*)&evt_data);
1421 }
1422 }
1423