1 /*****************************************************************************
2 * Copyright (C) 2015 ST Microelectronics S.A.
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 *******************************************************************************/
16
17 /******************************************************************************
18 *
19 * This file contains the implementation for Mifare Classic tag in
20 * Reader/Writer mode.
21 *
22 ******************************************************************************/
23 #include <android-base/stringprintf.h>
24 #include <base/logging.h>
25 #include <log/log.h>
26 #include <string.h>
27 #include "bt_types.h"
28 #include "nfc_target.h"
29
30 #include "gki.h"
31 #include "nfc_api.h"
32 #include "nfc_int.h"
33 #include "rw_api.h"
34 #include "rw_int.h"
35 #include "tags_int.h"
36
37 #define MFC_KeyA 0x60
38 #define MFC_KeyB 0x61
39 #define MFC_Read 0x30
40 #define MFC_Write 0xA0
41
42 /* main state */
43 /* Mifare Classic is not activated */
44 #define RW_MFC_STATE_NOT_ACTIVATED 0x00
45 /* waiting for upper layer API */
46 #define RW_MFC_STATE_IDLE 0x01
47 /* performing NDEF detection precedure */
48 #define RW_MFC_STATE_DETECT_NDEF 0x02
49 /* performing read NDEF procedure */
50 #define RW_MFC_STATE_READ_NDEF 0x03
51 /* performing update NDEF procedure */
52 #define RW_MFC_STATE_UPDATE_NDEF 0x04
53 /* checking presence of tag */
54 #define RW_MFC_STATE_PRESENCE_CHECK 0x05
55 /* convert tag to read only */
56 #define RW_MFC_STATE_SET_READ_ONLY 0x06
57 /* detect tlv */
58 #define RW_MFC_STATE_DETECT_TLV 0x7
59 /* NDef Format */
60 #define RW_MFC_STATE_NDEF_FORMAT 0x8
61
62 #define RW_MFC_SUBSTATE_NONE 0x00
63 #define RW_MFC_SUBSTATE_IDLE 0x01
64 #define RW_MFC_SUBSTATE_WAIT_ACK 0x02
65 #define RW_MFC_SUBSTATE_READ_BLOCK 0x03
66 #define RW_MFC_SUBSTATE_FORMAT_BLOCK 0x04
67 #define RW_MFC_SUBSTATE_WRITE_BLOCK 0x05
68
69 #define RW_MFC_LONG_TLV_SIZE 4
70 #define RW_MFC_SHORT_TLV_SIZE 2
71
72 #define RW_MFC_4K_Support 0x10
73
74 #define RW_MFC_1K_BLOCK_SIZE 16
75
76 uint8_t KeyNDEF[6] = {0xD3, 0XF7, 0xD3, 0XF7, 0xD3, 0XF7};
77 uint8_t KeyMAD[6] = {0xA0, 0XA1, 0xA2, 0XA3, 0xA4, 0XA5};
78 uint8_t KeyDefault[6] = {0xFF, 0XFF, 0xFF, 0XFF, 0xFF, 0XFF};
79 uint8_t access_permission_nfc[4] = {0x7F, 0x07, 0x88, 0x40};
80 uint8_t access_permission_mad[4] = {0x78, 0x77, 0x88, 0xC1};
81 uint8_t MAD_B1[16] = {0x14, 0x01, 0x03, 0xE1, 0x03, 0xE1, 0x03, 0xE1,
82 0x03, 0xE1, 0x03, 0xE1, 0x03, 0xE1, 0x03, 0xE1};
83 uint8_t MAD_B2[16] = {0x03, 0xE1, 0x03, 0xE1, 0x03, 0xE1, 0x03, 0xE1,
84 0x03, 0xE1, 0x03, 0xE1, 0x03, 0xE1, 0x03, 0xE1};
85 uint8_t MAD_B64[16] = {0xE8, 0x01, 0x03, 0xE1, 0x03, 0xE1, 0x03, 0xE1,
86 0x03, 0xE1, 0x03, 0xE1, 0x03, 0xE1, 0x03, 0xE1};
87 uint8_t NFC_B0[16] = {0x03, 0x00, 0xFE, 0x00, 0x00, 0x00, 0x00, 0x00,
88 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
89
90 static bool rw_mfc_send_to_lower(NFC_HDR* p_c_apdu);
91 static bool rw_mfc_authenticate(int sector, bool KeyA);
92 static tNFC_STATUS rw_mfc_readBlock(int block);
93 static void rw_mfc_handle_tlv_detect_rsp(uint8_t* p_data);
94 static tNFC_STATUS rw_MfcLocateTlv(uint8_t tlv_type);
95 static void rw_mfc_conn_cback(uint8_t conn_id, tNFC_CONN_EVT event,
96 tNFC_CONN* p_data);
97 static void rw_mfc_resume_op();
98 static bool rw_nfc_decodeTlv(uint8_t* p_data);
99 static void rw_mfc_ntf_tlv_detect_complete(tNFC_STATUS status);
100 static void rw_mfc_handle_read_op(uint8_t* data);
101 static void rw_mfc_handle_op_complete(void);
102 static void rw_mfc_handle_ndef_read_rsp(uint8_t* p_data);
103 static void rw_mfc_process_error();
104
105 static tNFC_STATUS rw_mfc_formatBlock(int block);
106 static void rw_mfc_handle_format_rsp(uint8_t* p_data);
107 static void rw_mfc_handle_format_op();
108 static tNFC_STATUS rw_mfc_writeBlock(int block);
109 static void rw_mfc_handle_write_rsp(uint8_t* p_data);
110 static void rw_mfc_handle_write_op();
111
112 using android::base::StringPrintf;
113 extern bool nfc_debug_enabled;
114
115 /*****************************************************************************
116 **
117 ** Function RW_MfcFormatNDef
118 **
119 ** Description
120 ** Format Tag content
121 **
122 ** Returns
123 ** NFC_STATUS_OK, Command sent to format Tag
124 ** NFC_STATUS_REJECTED: cannot format the tag
125 ** NFC_STATUS_FAILED: other error
126 **
127 *****************************************************************************/
RW_MfcFormatNDef(void)128 tNFC_STATUS RW_MfcFormatNDef(void) {
129 tRW_MFC_CB* p_mfc = &rw_cb.tcb.mfc;
130 tNFC_STATUS status = NFC_STATUS_OK;
131
132 if (p_mfc->state != RW_MFC_STATE_IDLE) {
133 LOG(ERROR) << StringPrintf(
134 "%s Mifare Classic tag not activated or Busy - State:%d", __func__,
135 p_mfc->state);
136 return NFC_STATUS_BUSY;
137 }
138
139 p_mfc->state = RW_MFC_STATE_NDEF_FORMAT;
140 p_mfc->substate = RW_MFC_SUBSTATE_NONE;
141 p_mfc->last_block_accessed.block = 1;
142 p_mfc->next_block.block = 1;
143
144 status = rw_mfc_formatBlock(p_mfc->next_block.block);
145 if (status == NFC_STATUS_OK) {
146 p_mfc->state = RW_MFC_STATE_NDEF_FORMAT;
147 } else {
148 p_mfc->substate = RW_MFC_SUBSTATE_NONE;
149 }
150
151 return status;
152 }
153
154 /*******************************************************************************
155 **
156 ** Function rw_mfc_formatBlock
157 **
158 ** Description This function format a given block.
159 **
160 ** Returns true if success
161 **
162 *******************************************************************************/
rw_mfc_formatBlock(int block)163 static tNFC_STATUS rw_mfc_formatBlock(int block) {
164 NFC_HDR* mfcbuf;
165 uint8_t* p;
166 tRW_MFC_CB* p_mfc = &rw_cb.tcb.mfc;
167 int sectorlength = block / 4;
168 tNFC_STATUS status = NFC_STATUS_OK;
169
170 DLOG_IF(INFO, nfc_debug_enabled) << __func__ << ": block : " << block;
171
172 if (block > 128) {
173 sectorlength = (p_mfc->next_block.block - 128) / 16 + 32;
174 }
175
176 if (sectorlength != p_mfc->sector_authentified) {
177 if (rw_mfc_authenticate(block, true) == true) {
178 return NFC_STATUS_OK;
179 }
180 return NFC_STATUS_FAILED;
181 }
182
183 mfcbuf = (NFC_HDR*)GKI_getpoolbuf(NFC_RW_POOL_ID);
184
185 if (!mfcbuf) {
186 LOG(ERROR) << __func__ << ": Cannot allocate buffer";
187 return NFC_STATUS_REJECTED;
188 }
189
190 mfcbuf->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
191 p = (uint8_t*)(mfcbuf + 1) + mfcbuf->offset;
192
193 UINT8_TO_BE_STREAM(p, MFC_Write);
194 UINT8_TO_BE_STREAM(p, block);
195
196 if (block == 1) {
197 ARRAY_TO_BE_STREAM(p, MAD_B1, 16);
198 } else if (block == 2 || block == 65 || block == 66) {
199 ARRAY_TO_BE_STREAM(p, MAD_B2, 16);
200 } else if (block == 3 || block == 67) {
201 ARRAY_TO_BE_STREAM(p, KeyMAD, 6);
202 ARRAY_TO_BE_STREAM(p, access_permission_mad, 4);
203 ARRAY_TO_BE_STREAM(p, KeyDefault, 6);
204 } else if (block == 4) {
205 ARRAY_TO_BE_STREAM(p, NFC_B0, 16);
206 } else if (block == 64) {
207 ARRAY_TO_BE_STREAM(p, MAD_B64, 16);
208 } else {
209 ARRAY_TO_BE_STREAM(p, KeyNDEF, 6);
210 ARRAY_TO_BE_STREAM(p, access_permission_nfc, 4);
211 ARRAY_TO_BE_STREAM(p, KeyDefault, 6);
212 }
213 mfcbuf->len = 18;
214
215 if (!rw_mfc_send_to_lower(mfcbuf)) {
216 return NFC_STATUS_REJECTED;
217 }
218 p_mfc->current_block = block;
219 p_mfc->substate = RW_MFC_SUBSTATE_FORMAT_BLOCK;
220
221 return status;
222 }
223
rw_mfc_handle_format_rsp(uint8_t * p_data)224 static void rw_mfc_handle_format_rsp(uint8_t* p_data) {
225 tRW_MFC_CB* p_mfc = &rw_cb.tcb.mfc;
226 NFC_HDR* mfc_data;
227 uint8_t* p;
228
229 mfc_data = (NFC_HDR*)p_data;
230 /* Assume the data is just the response byte sequence */
231 p = (uint8_t*)(mfc_data + 1) + mfc_data->offset;
232
233 switch (p_mfc->substate) {
234 case RW_MFC_SUBSTATE_WAIT_ACK:
235 p_mfc->last_block_accessed.block = p_mfc->current_block;
236
237 if (p[0] == 0x0) {
238 p_mfc->next_block.auth = true;
239 p_mfc->last_block_accessed.auth = true;
240
241 if (p_mfc->next_block.block < 128) {
242 p_mfc->sector_authentified = p_mfc->next_block.block / 4;
243 } else {
244 p_mfc->sector_authentified =
245 (p_mfc->next_block.block - 128) / 16 + 32;
246 }
247 rw_mfc_resume_op();
248 } else {
249 p_mfc->next_block.auth = false;
250 p_mfc->last_block_accessed.auth = false;
251 nfc_stop_quick_timer(&p_mfc->timer);
252 rw_mfc_process_error();
253 }
254 break;
255
256 case RW_MFC_SUBSTATE_FORMAT_BLOCK:
257 if (p[0] == 0x0) {
258 rw_mfc_handle_format_op();
259 } else {
260 nfc_stop_quick_timer(&p_mfc->timer);
261 rw_mfc_process_error();
262 }
263 break;
264 }
265 }
266
rw_mfc_handle_format_op()267 static void rw_mfc_handle_format_op() {
268 tRW_MFC_CB* p_mfc = &rw_cb.tcb.mfc;
269 tRW_READ_DATA evt_data;
270 int num_of_blocks = 0;
271
272 /* Total blockes of Mifare 1k/4K */
273 if (p_mfc->selres & RW_MFC_4K_Support)
274 num_of_blocks = 256;
275 else
276 num_of_blocks = 64;
277
278 p_mfc->last_block_accessed.block = p_mfc->current_block;
279
280 // Find next block needed to format
281 if (p_mfc->current_block < 4) {
282 p_mfc->next_block.block = p_mfc->current_block + 1;
283 } else if (p_mfc->current_block == 4) {
284 p_mfc->next_block.block = 7;
285 } else if (p_mfc->current_block >= 63 && p_mfc->current_block < 67) {
286 p_mfc->next_block.block = p_mfc->current_block + 1;
287 } else if (p_mfc->current_block < 127) {
288 p_mfc->next_block.block = p_mfc->current_block + 4;
289 } else {
290 p_mfc->next_block.block = p_mfc->current_block + 16;
291 }
292
293 if (p_mfc->next_block.block < num_of_blocks) {
294 /* Format next blocks */
295 if (rw_mfc_formatBlock(p_mfc->next_block.block) != NFC_STATUS_OK) {
296 evt_data.status = NFC_STATUS_FAILED;
297 evt_data.p_data = NULL;
298 (*rw_cb.p_cback)(RW_MFC_NDEF_FORMAT_CPLT_EVT, (tRW_DATA*)&evt_data);
299 }
300 } else {
301 evt_data.status = NFC_STATUS_OK;
302 evt_data.p_data = NULL;
303 rw_mfc_handle_op_complete();
304 (*rw_cb.p_cback)(RW_MFC_NDEF_FORMAT_CPLT_EVT, (tRW_DATA*)&evt_data);
305 }
306 }
307
308 /*******************************************************************************
309 **
310 ** Function RW_MfcWriteNDef
311 **
312 ** Description This function can be called to write an NDEF message to the
313 ** tag.
314 **
315 ** Parameters: buf_len: The length of the buffer
316 ** p_buffer: The NDEF message to write
317 **
318 ** Returns NCI_STATUS_OK, if write was started. Otherwise, error
319 ** status.
320 **
321 *******************************************************************************/
RW_MfcWriteNDef(uint16_t buf_len,uint8_t * p_buffer)322 tNFC_STATUS RW_MfcWriteNDef(uint16_t buf_len, uint8_t* p_buffer) {
323 tRW_MFC_CB* p_mfc = &rw_cb.tcb.mfc;
324 tNFC_STATUS status = NFC_STATUS_OK;
325
326 if (p_mfc->state != RW_MFC_STATE_IDLE) {
327 return NFC_STATUS_BUSY;
328 }
329
330 p_mfc->state = RW_MFC_STATE_UPDATE_NDEF;
331 p_mfc->substate = RW_MFC_SUBSTATE_NONE;
332 p_mfc->last_block_accessed.block = 4;
333 p_mfc->next_block.block = 4;
334
335 p_mfc->p_ndef_buffer = p_buffer;
336 p_mfc->ndef_length = buf_len;
337 p_mfc->work_offset = 0;
338
339 status = rw_mfc_writeBlock(p_mfc->next_block.block);
340 if (status == NFC_STATUS_OK) {
341 p_mfc->state = RW_MFC_STATE_UPDATE_NDEF;
342 } else {
343 p_mfc->substate = RW_MFC_SUBSTATE_NONE;
344 }
345
346 return status;
347 }
348
349 /*******************************************************************************
350 **
351 ** Function rw_mfc_writeBlock
352 **
353 ** Description This function write a given block.
354 **
355 ** Returns true if success
356 **
357 *******************************************************************************/
rw_mfc_writeBlock(int block)358 static tNFC_STATUS rw_mfc_writeBlock(int block) {
359 NFC_HDR* mfcbuf;
360 uint8_t* p;
361 tRW_MFC_CB* p_mfc = &rw_cb.tcb.mfc;
362 int sectorlength = block / 4;
363 tNFC_STATUS status = NFC_STATUS_OK;
364
365 DLOG_IF(INFO, nfc_debug_enabled) << __func__ << ": block : " << block;
366
367 if (block > 128) {
368 sectorlength = (p_mfc->next_block.block - 128) / 16 + 32;
369 }
370
371 if (sectorlength != p_mfc->sector_authentified) {
372 if (rw_mfc_authenticate(block, true) == true) {
373 return NFC_STATUS_OK;
374 }
375 return NFC_STATUS_FAILED;
376 }
377
378 mfcbuf = (NFC_HDR*)GKI_getpoolbuf(NFC_RW_POOL_ID);
379
380 if (!mfcbuf) {
381 LOG(ERROR) << __func__ << ": Cannot allocate buffer";
382 return NFC_STATUS_REJECTED;
383 }
384
385 mfcbuf->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
386 p = (uint8_t*)(mfcbuf + 1) + mfcbuf->offset;
387
388 UINT8_TO_BE_STREAM(p, MFC_Write);
389 UINT8_TO_BE_STREAM(p, block);
390 int index = 0;
391 while (index < RW_MFC_1K_BLOCK_SIZE) {
392 if (p_mfc->work_offset == 0) {
393 if (p_mfc->ndef_length < 0xFF) {
394 UINT8_TO_BE_STREAM(p, 0x03);
395 UINT8_TO_BE_STREAM(p, p_mfc->ndef_length);
396 index = index + 2;
397 } else {
398 UINT8_TO_BE_STREAM(p, 0x03);
399 UINT8_TO_BE_STREAM(p, 0xFF);
400 UINT8_TO_BE_STREAM(p, (uint8_t)(p_mfc->ndef_length >>8));
401 UINT8_TO_BE_STREAM(p, (uint8_t)(p_mfc->ndef_length & 0xFF));
402 index = index + 4;
403 }
404 }
405
406 if (p_mfc->work_offset == p_mfc->ndef_length) {
407 UINT8_TO_BE_STREAM(p, 0xFE);
408 } else if (p_mfc->work_offset > p_mfc->ndef_length) {
409 UINT8_TO_BE_STREAM(p, 0x00);
410 } else {
411 UINT8_TO_BE_STREAM(p, p_mfc->p_ndef_buffer[p_mfc->work_offset]);
412 }
413 p_mfc->work_offset++;
414 index++;
415 }
416 mfcbuf->len = 18;
417
418 if (!rw_mfc_send_to_lower(mfcbuf)) {
419 return NFC_STATUS_REJECTED;
420 }
421 p_mfc->current_block = block;
422 p_mfc->substate = RW_MFC_SUBSTATE_WRITE_BLOCK;
423
424 return status;
425 }
426
rw_mfc_handle_write_rsp(uint8_t * p_data)427 static void rw_mfc_handle_write_rsp(uint8_t* p_data) {
428 tRW_MFC_CB* p_mfc = &rw_cb.tcb.mfc;
429 NFC_HDR* mfc_data;
430 uint8_t* p;
431
432 mfc_data = (NFC_HDR*)p_data;
433 /* Assume the data is just the response byte sequence */
434 p = (uint8_t*)(mfc_data + 1) + mfc_data->offset;
435
436 switch (p_mfc->substate) {
437 case RW_MFC_SUBSTATE_WAIT_ACK:
438 p_mfc->last_block_accessed.block = p_mfc->current_block;
439
440 if (p[0] == 0x0) {
441 p_mfc->next_block.auth = true;
442 p_mfc->last_block_accessed.auth = true;
443
444 if (p_mfc->next_block.block < 128) {
445 p_mfc->sector_authentified = p_mfc->next_block.block / 4;
446 } else {
447 p_mfc->sector_authentified =
448 (p_mfc->next_block.block - 128) / 16 + 32;
449 }
450 rw_mfc_resume_op();
451 } else {
452 p_mfc->next_block.auth = false;
453 p_mfc->last_block_accessed.auth = false;
454 nfc_stop_quick_timer(&p_mfc->timer);
455 rw_mfc_process_error();
456 }
457 break;
458
459 case RW_MFC_SUBSTATE_WRITE_BLOCK:
460 if (p[0] == 0x0) {
461 rw_mfc_handle_write_op();
462 } else {
463 nfc_stop_quick_timer(&p_mfc->timer);
464 rw_mfc_process_error();
465 }
466 break;
467 }
468 }
469
rw_mfc_handle_write_op()470 static void rw_mfc_handle_write_op() {
471 tRW_MFC_CB* p_mfc = &rw_cb.tcb.mfc;
472 tRW_READ_DATA evt_data;
473
474 if (p_mfc->work_offset >= p_mfc->ndef_length) {
475 evt_data.status = NFC_STATUS_OK;
476 evt_data.p_data = NULL;
477 (*rw_cb.p_cback)(RW_MFC_NDEF_WRITE_CPLT_EVT, (tRW_DATA*)&evt_data);
478 } else {
479 p_mfc->last_block_accessed.block = p_mfc->current_block;
480
481 if (p_mfc->current_block % 4 == 2) {
482 p_mfc->next_block.block = p_mfc->current_block + 2;
483 } else {
484 p_mfc->next_block.block = p_mfc->current_block + 1;
485 }
486
487 /* Do not read block 16 (MAD2) - Mifare Classic4 k */
488 if (p_mfc->next_block.block == 64) {
489 p_mfc->next_block.block += 4;
490 }
491
492 if ((p_mfc->selres & RW_MFC_4K_Support) &&
493 (p_mfc->next_block.block >= 128)) {
494 if (p_mfc->current_block % 16 == 14) {
495 p_mfc->next_block.block = p_mfc->current_block + 2;
496 } else {
497 p_mfc->next_block.block = p_mfc->current_block + 1;
498 }
499 }
500
501 /* Write next blocks */
502 if (rw_mfc_writeBlock(p_mfc->next_block.block) != NFC_STATUS_OK) {
503 evt_data.status = NFC_STATUS_FAILED;
504 evt_data.p_data = NULL;
505 (*rw_cb.p_cback)(RW_MFC_NDEF_WRITE_FAIL_EVT, (tRW_DATA*)&evt_data);
506 }
507 }
508 }
509
510 /*****************************************************************************
511 **
512 ** Function RW_MfcDetectNDef
513 **
514 ** Description
515 ** This function is used to perform NDEF detection on a Mifare Classic
516 ** tag, and retrieve the tag's NDEF attribute information.
517 ** Before using this API, the application must call RW_SelectTagType to
518 ** indicate that a Type 1 tag has been activated.
519 **
520 ** Returns
521 ** NFC_STATUS_OK: ndef detection procedure started
522 ** NFC_STATUS_WRONG_PROTOCOL: type 1 tag not activated
523 ** NFC_STATUS_BUSY: another command is already in progress
524 ** NFC_STATUS_FAILED: other error
525 **
526 *****************************************************************************/
RW_MfcDetectNDef(void)527 tNFC_STATUS RW_MfcDetectNDef(void) {
528 LOG(ERROR) << __func__;
529 return rw_MfcLocateTlv(TAG_NDEF_TLV);
530 }
531
532 /*******************************************************************************
533 **
534 ** Function rw_mfc_select
535 **
536 ** Description This function will set the callback function to
537 ** receive data from lower layers.
538 **
539 ** Returns tNFC_STATUS
540 **
541 *******************************************************************************/
rw_mfc_select(uint8_t selres,uint8_t uid[MFC_UID_LEN])542 tNFC_STATUS rw_mfc_select(uint8_t selres, uint8_t uid[MFC_UID_LEN]) {
543 tRW_MFC_CB* p_mfc = &rw_cb.tcb.mfc;
544
545 p_mfc->state = RW_MFC_STATE_NOT_ACTIVATED;
546
547 /* Alloc cmd buf for retransmissions */
548 if (p_mfc->p_cur_cmd_buf == NULL) {
549 DLOG_IF(INFO, nfc_debug_enabled) << __func__;
550 p_mfc->p_cur_cmd_buf = (NFC_HDR*)GKI_getpoolbuf(NFC_RW_POOL_ID);
551 if (p_mfc->p_cur_cmd_buf == NULL) {
552 LOG(ERROR) << __func__
553 << ": unable to allocate buffer for retransmission";
554
555 return NFC_STATUS_FAILED;
556 }
557 }
558 p_mfc->selres = selres;
559 memcpy(p_mfc->uid, uid, MFC_UID_LEN);
560
561 NFC_SetStaticRfCback(rw_mfc_conn_cback);
562
563 p_mfc->state = RW_MFC_STATE_IDLE;
564 p_mfc->substate = RW_MFC_SUBSTATE_IDLE;
565 p_mfc->last_block_accessed.block = -1;
566 p_mfc->last_block_accessed.auth = false;
567 p_mfc->next_block.block = 4;
568 p_mfc->next_block.auth = false;
569 p_mfc->sector_authentified = -1;
570
571 return NFC_STATUS_OK;
572 }
573
574 /*******************************************************************************
575 **
576 ** Function rw_mfc_send_to_lower
577 **
578 ** Description Send C-APDU to lower layer
579 **
580 ** Returns true if success
581 **
582 *******************************************************************************/
rw_mfc_send_to_lower(NFC_HDR * p_data)583 static bool rw_mfc_send_to_lower(NFC_HDR* p_data) {
584 tRW_MFC_CB* p_mfc = &rw_cb.tcb.mfc;
585 /* Indicate first attempt to send command, back up cmd buffer in case needed
586 * for retransmission */
587 rw_cb.cur_retry = 0;
588 memcpy(p_mfc->p_cur_cmd_buf, p_data,
589 sizeof(NFC_HDR) + p_data->offset + p_data->len);
590
591 if (NFC_SendData(NFC_RF_CONN_ID, p_data) != NFC_STATUS_OK) {
592 LOG(ERROR) << __func__ << ": NFC_SendData () failed";
593 return false;
594 }
595
596 nfc_start_quick_timer(&rw_cb.tcb.mfc.timer, NFC_TTYPE_RW_MFC_RESPONSE,
597 (RW_MFC_TOUT_RESP * QUICK_TIMER_TICKS_PER_SEC) / 1000);
598
599 return true;
600 }
601
602 /*******************************************************************************
603 **
604 ** Function rw_mfc_process_timeout
605 **
606 ** Description handles timeout event
607 **
608 ** Returns none
609 **
610 *******************************************************************************/
rw_mfc_process_timeout(TIMER_LIST_ENT * p_tle)611 void rw_mfc_process_timeout(TIMER_LIST_ENT* p_tle) {
612 DLOG_IF(INFO, nfc_debug_enabled) << __func__ << " event=" << p_tle->event;
613
614 if (p_tle->event == NFC_TTYPE_RW_MFC_RESPONSE) {
615 rw_mfc_process_error();
616 } else {
617 LOG(ERROR) << __func__ << " unknown event=" << p_tle->event;
618 }
619 }
620
621 /*******************************************************************************
622 **
623 ** Function rw_mfc_conn_cback
624 **
625 ** Description This callback function receives the events/data from NFCC.
626 **
627 ** Returns none
628 **
629 *******************************************************************************/
rw_mfc_conn_cback(uint8_t conn_id,tNFC_CONN_EVT event,tNFC_CONN * p_data)630 static void rw_mfc_conn_cback(uint8_t conn_id, tNFC_CONN_EVT event,
631 tNFC_CONN* p_data) {
632 tRW_MFC_CB* p_mfc = &rw_cb.tcb.mfc;
633 tRW_READ_DATA evt_data;
634 NFC_HDR* mfc_data = nullptr;
635 tRW_DATA rw_data;
636
637 if (!p_data) {
638 LOG(ERROR) << __func__ << "Invalid p_data";
639 return;
640 }
641
642 DLOG_IF(INFO, nfc_debug_enabled)
643 << StringPrintf("%s conn_id=%i, evt=0x%x", __func__, conn_id, event);
644 /* Only handle static conn_id */
645 if (conn_id != NFC_RF_CONN_ID) {
646 LOG(ERROR) << StringPrintf("%s Not static connection id =%d", __func__,
647 conn_id);
648 return;
649 }
650
651 switch (event) {
652 case NFC_CONN_CREATE_CEVT:
653 case NFC_CONN_CLOSE_CEVT:
654 break;
655
656 case NFC_DEACTIVATE_CEVT:
657
658 /* Stop mfc timer (if started) */
659 nfc_stop_quick_timer(&p_mfc->timer);
660 /* Free cmd buf for retransmissions */
661 if (p_mfc->p_cur_cmd_buf) {
662 GKI_freebuf(p_mfc->p_cur_cmd_buf);
663 p_mfc->p_cur_cmd_buf = NULL;
664 }
665
666 p_mfc->state = RW_MFC_STATE_NOT_ACTIVATED;
667 NFC_SetStaticRfCback(NULL);
668 break;
669
670 case NFC_DATA_CEVT:
671 if ((p_data != NULL) && (p_data->data.status == NFC_STATUS_OK)) {
672 mfc_data = (NFC_HDR*)p_data->data.p_data;
673 break;
674 }
675 /* Data event with error status...fall through to NFC_ERROR_CEVT case */
676 FALLTHROUGH_INTENDED;
677 case NFC_ERROR_CEVT:
678
679 if ((p_mfc->state == RW_MFC_STATE_NOT_ACTIVATED) ||
680 (p_mfc->state == RW_MFC_STATE_IDLE)) {
681 if (event == NFC_ERROR_CEVT) {
682 evt_data.status = (tNFC_STATUS)(*(uint8_t*)p_data);
683 } else if (p_data) {
684 evt_data.status = p_data->status;
685 }
686 evt_data.p_data = NULL;
687 (*rw_cb.p_cback)(RW_MFC_INTF_ERROR_EVT, (tRW_DATA*)&evt_data);
688 break;
689 }
690 nfc_stop_quick_timer(&p_mfc->timer);
691 break;
692
693 default:
694 break;
695 }
696
697 if ((p_mfc->state != RW_MFC_STATE_IDLE) && (mfc_data == NULL)) {
698 if (p_mfc->state != RW_MFC_STATE_NOT_ACTIVATED) {
699 LOG(ERROR) << StringPrintf("%s NULL pointer", __func__);
700 }
701 return;
702 }
703
704 switch (p_mfc->state) {
705 case RW_MFC_STATE_IDLE:
706 /* Unexpected R-APDU, it should be raw frame response */
707 /* forward to upper layer without parsing */
708 if (rw_cb.p_cback) {
709 rw_data.raw_frame.status = p_data->data.status;
710 rw_data.raw_frame.p_data = mfc_data;
711 (*(rw_cb.p_cback))(RW_MFC_RAW_FRAME_EVT, &rw_data);
712 mfc_data = NULL;
713 } else {
714 GKI_freebuf(mfc_data);
715 }
716 break;
717 case RW_MFC_STATE_DETECT_TLV:
718 rw_mfc_handle_tlv_detect_rsp((uint8_t*)mfc_data);
719 GKI_freebuf(mfc_data);
720 break;
721
722 case RW_MFC_STATE_READ_NDEF:
723 rw_mfc_handle_ndef_read_rsp((uint8_t*)mfc_data);
724 GKI_freebuf(mfc_data);
725 break;
726 case RW_MFC_STATE_NOT_ACTIVATED:
727 DLOG_IF(INFO, nfc_debug_enabled)
728 << __func__ << " RW_MFC_STATE_NOT_ACTIVATED";
729 /* p_r_apdu may send upper layer */
730 break;
731 case RW_MFC_STATE_NDEF_FORMAT:
732 rw_mfc_handle_format_rsp((uint8_t*)mfc_data);
733 GKI_freebuf(mfc_data);
734 break;
735 case RW_MFC_STATE_UPDATE_NDEF:
736 rw_mfc_handle_write_rsp((uint8_t*)mfc_data);
737 GKI_freebuf(mfc_data);
738 break;
739 default:
740 LOG(ERROR) << StringPrintf("%s : invalid state=%d", __func__,
741 p_mfc->state);
742 break;
743 }
744 }
745
746 /*******************************************************************************
747 **
748 ** Function rw_MfcLocateTlv
749 **
750 ** Description This function performs NDEF detection procedure
751 **
752 ** RW_MFC_NDEF_DETECT_EVT will be returned
753 **
754 ** Returns NFC_STATUS_OK if success
755 ** NFC_STATUS_FAILED if Mifare classic tag is busy or other
756 ** error
757 **
758 *******************************************************************************/
rw_MfcLocateTlv(uint8_t tlv_type)759 static tNFC_STATUS rw_MfcLocateTlv(uint8_t tlv_type) {
760 DLOG_IF(INFO, nfc_debug_enabled) << __func__;
761
762 tRW_MFC_CB* p_mfc = &rw_cb.tcb.mfc;
763 tNFC_STATUS success = NFC_STATUS_OK;
764
765 if (p_mfc->state != RW_MFC_STATE_IDLE) {
766 LOG(ERROR) << StringPrintf(
767 "%s Mifare Classic tag not activated or Busy - State:%d", __func__,
768 p_mfc->state);
769
770 return NFC_STATUS_BUSY;
771 }
772
773 if ((tlv_type != TAG_LOCK_CTRL_TLV) && (tlv_type != TAG_MEM_CTRL_TLV) &&
774 (tlv_type != TAG_NDEF_TLV) && (tlv_type != TAG_PROPRIETARY_TLV)) {
775 DLOG_IF(INFO, nfc_debug_enabled)
776 << StringPrintf("%s - Cannot search TLV: 0x%02x", __func__, tlv_type);
777 return NFC_STATUS_FAILED;
778 }
779 if (tlv_type == TAG_NDEF_TLV) {
780 p_mfc->ndef_length = 0;
781 p_mfc->ndef_start_pos = 0;
782 p_mfc->ndef_first_block = 0;
783 p_mfc->work_offset = 0;
784 p_mfc->ndef_status = MFC_NDEF_NOT_DETECTED;
785 }
786
787 p_mfc->substate = RW_MFC_SUBSTATE_READ_BLOCK;
788 p_mfc->state = RW_MFC_STATE_DETECT_TLV;
789
790 success = rw_mfc_readBlock(p_mfc->next_block.block);
791 if (success == NFC_STATUS_OK) {
792 p_mfc->state = RW_MFC_STATE_DETECT_TLV;
793 DLOG_IF(INFO, nfc_debug_enabled) << StringPrintf(
794 "%s RW_MFC_STATE_DETECT_TLV state=%d", __func__, p_mfc->state);
795 } else {
796 p_mfc->substate = RW_MFC_SUBSTATE_NONE;
797 DLOG_IF(INFO, nfc_debug_enabled)
798 << StringPrintf("%s rw_MfcLocateTlv state=%d", __func__, p_mfc->state);
799 }
800
801 return NFC_STATUS_OK;
802 }
803
804 /*******************************************************************************
805 **
806 ** Function rw_mfc_authenticate
807 **
808 ** Description This function performs the authentication of a given
809 ** block.
810 **
811 ** Returns true if success
812 **
813 *******************************************************************************/
rw_mfc_authenticate(int block,bool KeyA)814 static bool rw_mfc_authenticate(int block, bool KeyA) {
815 NFC_HDR* mfcbuf;
816 tRW_MFC_CB* p_mfc = &rw_cb.tcb.mfc;
817 uint8_t* p;
818
819 DLOG_IF(INFO, nfc_debug_enabled) << __func__ << ": block:" << block;
820
821 uint8_t* KeyToUse;
822
823 mfcbuf = (NFC_HDR*)GKI_getpoolbuf(NFC_RW_POOL_ID);
824
825 if (!mfcbuf) {
826 LOG(ERROR) << __func__ << ": Cannot allocate buffer";
827 return false;
828 }
829
830 mfcbuf->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
831 p = (uint8_t*)(mfcbuf + 1) + mfcbuf->offset;
832
833 if (KeyA) {
834 UINT8_TO_BE_STREAM(p, MFC_KeyA);
835 } else {
836 UINT8_TO_BE_STREAM(p, MFC_KeyB);
837 }
838
839 UINT8_TO_BE_STREAM(p, block);
840 ARRAY_TO_BE_STREAM(p, p_mfc->uid, 4);
841
842 if (p_mfc->state == RW_MFC_STATE_NDEF_FORMAT)
843 KeyToUse = KeyDefault;
844 else {
845 if (block >= 0 && block < 4) {
846 KeyToUse = KeyMAD;
847 } else {
848 KeyToUse = KeyNDEF;
849 }
850 }
851 ARRAY_TO_BE_STREAM(p, KeyToUse, 6);
852
853 mfcbuf->len = 12;
854
855 if (!rw_mfc_send_to_lower(mfcbuf)) {
856 return false;
857 }
858 /* Backup the current substate to move back to this substate after changing
859 * sector */
860 p_mfc->prev_substate = p_mfc->substate;
861 p_mfc->substate = RW_MFC_SUBSTATE_WAIT_ACK;
862 return true;
863 }
864
865 /*******************************************************************************
866 **
867 ** Function rw_mfc_readBlock
868 **
869 ** Description This function read a given block.
870 **
871 ** Returns true if success
872 **
873 *******************************************************************************/
rw_mfc_readBlock(int block)874 static tNFC_STATUS rw_mfc_readBlock(int block) {
875 NFC_HDR* mfcbuf;
876 uint8_t* p;
877 tRW_MFC_CB* p_mfc = &rw_cb.tcb.mfc;
878 int sectorlength = block / 4;
879 tNFC_STATUS status = NFC_STATUS_OK;
880
881 DLOG_IF(INFO, nfc_debug_enabled) << __func__ << ": block : " << block;
882
883 if (block > 128) {
884 sectorlength = (p_mfc->next_block.block - 128) / 16 + 32;
885 }
886
887 if (sectorlength != p_mfc->sector_authentified) {
888 if (rw_mfc_authenticate(block, true) == true) {
889 LOG(ERROR) << __func__ << ": RW_MFC_SUBSTATE_WAIT_ACK";
890 return NFC_STATUS_OK;
891 }
892 return NFC_STATUS_FAILED;
893 }
894
895 mfcbuf = (NFC_HDR*)GKI_getpoolbuf(NFC_RW_POOL_ID);
896
897 if (!mfcbuf) {
898 LOG(ERROR) << __func__ << ": Cannot allocate buffer";
899 return NFC_STATUS_REJECTED;
900 }
901
902 mfcbuf->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
903 p = (uint8_t*)(mfcbuf + 1) + mfcbuf->offset;
904
905 UINT8_TO_BE_STREAM(p, MFC_Read);
906 UINT8_TO_BE_STREAM(p, block);
907
908 mfcbuf->len = 2;
909
910 if (!rw_mfc_send_to_lower(mfcbuf)) {
911 return NFC_STATUS_REJECTED;
912 }
913 p_mfc->current_block = block;
914 p_mfc->substate = RW_MFC_SUBSTATE_READ_BLOCK;
915
916 return status;
917 }
918
919 /*******************************************************************************
920 **
921 ** Function rw_mfc_handle_tlv_detect_rsp
922 **
923 ** Description Handle TLV detection.
924 **
925 ** Returns none
926 **
927 *******************************************************************************/
rw_mfc_handle_tlv_detect_rsp(uint8_t * p_data)928 static void rw_mfc_handle_tlv_detect_rsp(uint8_t* p_data) {
929 tRW_MFC_CB* p_mfc = &rw_cb.tcb.mfc;
930 NFC_HDR* mfc_data;
931 uint8_t* p;
932
933 mfc_data = (NFC_HDR*)p_data;
934 /* Assume the data is just the response byte sequence */
935 p = (uint8_t*)(mfc_data + 1) + mfc_data->offset;
936
937 p_mfc->last_block_accessed.block = p_mfc->next_block.block;
938 switch (p_mfc->substate) {
939 case RW_MFC_SUBSTATE_WAIT_ACK:
940 /* Search for the tlv */
941 if (p[0] == 0x0) {
942 p_mfc->next_block.auth = true;
943 p_mfc->last_block_accessed.auth = true;
944 p_mfc->sector_authentified = p_mfc->next_block.block / 4;
945
946 rw_mfc_resume_op();
947 } else {
948 p_mfc->next_block.auth = false;
949 p_mfc->last_block_accessed.auth = false;
950 DLOG_IF(INFO, nfc_debug_enabled)
951 << StringPrintf("%s : status=%d", __func__, p[0]);
952 nfc_stop_quick_timer(&p_mfc->timer);
953 rw_mfc_process_error();
954 }
955 break;
956
957 case RW_MFC_SUBSTATE_READ_BLOCK:
958 /* Search for the tlv */
959 if (mfc_data->len == 0x10) {
960 p_mfc->last_block_accessed.block = p_mfc->next_block.block;
961 p_mfc->next_block.block += 1;
962 p_mfc->next_block.auth = false;
963 rw_mfc_handle_read_op((uint8_t*)mfc_data);
964 }
965 break;
966 }
967 }
968 /*******************************************************************************
969 **
970 ** Function rw_mfc_resume_op
971 **
972 ** Description This function will continue operation after moving to new
973 ** sector
974 **
975 ** Returns none
976 **
977 *******************************************************************************/
rw_mfc_resume_op()978 static void rw_mfc_resume_op() {
979 tRW_MFC_CB* p_mfc = &rw_cb.tcb.mfc;
980
981 switch (p_mfc->state) {
982 case RW_MFC_STATE_DETECT_TLV:
983 rw_mfc_readBlock(p_mfc->next_block.block);
984 break;
985 case RW_MFC_STATE_READ_NDEF:
986 rw_mfc_readBlock(p_mfc->next_block.block);
987 break;
988 case RW_MFC_STATE_NDEF_FORMAT:
989 rw_mfc_formatBlock(p_mfc->next_block.block);
990 break;
991 case RW_MFC_STATE_UPDATE_NDEF:
992 rw_mfc_writeBlock(p_mfc->next_block.block);
993 break;
994 }
995 }
996
997 /*******************************************************************************
998 **
999 ** Function rw_mfc_handle_read_op
1000 **
1001 ** Description This function handles all the read operation.
1002 **
1003 ** Returns none
1004 **
1005 *******************************************************************************/
rw_mfc_handle_read_op(uint8_t * data)1006 static void rw_mfc_handle_read_op(uint8_t* data) {
1007 uint8_t* p;
1008 tRW_MFC_CB* p_mfc = &rw_cb.tcb.mfc;
1009 bool tlv_found = false;
1010 NFC_HDR* mfc_data;
1011 uint16_t len;
1012 uint16_t offset;
1013 uint16_t saved_length;
1014 bool failed = false;
1015 bool done = false;
1016 tRW_READ_DATA evt_data;
1017
1018 mfc_data = (NFC_HDR*)data;
1019 p = (uint8_t*)(mfc_data + 1) + mfc_data->offset;
1020
1021 switch (p_mfc->state) {
1022 case RW_MFC_STATE_DETECT_TLV:
1023 tlv_found = rw_nfc_decodeTlv(data);
1024 if (tlv_found) {
1025 p_mfc->ndef_status = MFC_NDEF_DETECTED;
1026 p_mfc->ndef_first_block = p_mfc->last_block_accessed.block;
1027 rw_mfc_ntf_tlv_detect_complete(NFC_STATUS_OK);
1028 }
1029 break;
1030
1031 case RW_MFC_STATE_READ_NDEF:
1032 /* On the first read, adjust for any partial block offset */
1033 offset = 0;
1034 len = RW_MFC_1K_BLOCK_SIZE;
1035 saved_length = p_mfc->ndef_length;
1036
1037 if (p_mfc->work_offset == 0) {
1038 /* The Ndef Message offset may be present in the read 16 bytes */
1039 offset = p_mfc->ndef_start_pos;
1040
1041 if (!rw_nfc_decodeTlv(data)) {
1042 failed = true;
1043 DLOG_IF(INFO, nfc_debug_enabled) << __func__ << " FAILED finding TLV";
1044 }
1045 }
1046
1047 if (!failed && saved_length >= p_mfc->ndef_length) {
1048 /* Skip all reserved and lock bytes */
1049 while ((offset < len) && (p_mfc->work_offset < p_mfc->ndef_length))
1050
1051 {
1052 /* Collect the NDEF Message */
1053 p_mfc->p_ndef_buffer[p_mfc->work_offset] = p[offset];
1054 p_mfc->work_offset++;
1055 offset++;
1056 }
1057 } else {
1058 android_errorWriteLog(0x534e4554, "178725766");
1059 }
1060
1061 if (p_mfc->work_offset >= p_mfc->ndef_length) {
1062 done = true;
1063 p_mfc->ndef_status = MFC_NDEF_READ;
1064 } else {
1065 /* Read next blocks */
1066 if (rw_mfc_readBlock(p_mfc->next_block.block) != NFC_STATUS_OK) {
1067 failed = true;
1068 DLOG_IF(INFO, nfc_debug_enabled)
1069 << __func__ << " FAILED reading next";
1070 }
1071 }
1072
1073 if (failed || done) {
1074 evt_data.status = failed ? NFC_STATUS_FAILED : NFC_STATUS_OK;
1075 evt_data.p_data = NULL;
1076 rw_mfc_handle_op_complete();
1077 (*rw_cb.p_cback)(RW_MFC_NDEF_READ_EVT, (tRW_DATA*)&evt_data);
1078 }
1079 break;
1080 }
1081 }
1082 /*******************************************************************************
1083 **
1084 ** Function rw_nfc_decodeTlv
1085 **
1086 ** Description Decode the NDEF data length from the Mifare TLV
1087 ** Leading null TLVs (0x0) are skipped
1088 **
1089 ** Returns true if success
1090 **
1091 *******************************************************************************/
rw_nfc_decodeTlv(uint8_t * data)1092 static bool rw_nfc_decodeTlv(uint8_t* data) {
1093 tRW_MFC_CB* p_mfc = &rw_cb.tcb.mfc;
1094 NFC_HDR* mfc_data;
1095 uint8_t* p;
1096
1097 mfc_data = (NFC_HDR*)data;
1098 p = (uint8_t*)(mfc_data + 1) + mfc_data->offset;
1099 int i = 0;
1100
1101 do {
1102 if (p[i] == 0x0) {
1103 // do nothing, skip
1104 } else if (p[i] == 0x3) {
1105 p_mfc->tlv_detect = TAG_NDEF_TLV;
1106 break;
1107
1108 } else {
1109 DLOG_IF(INFO, nfc_debug_enabled) << __func__ << ": Unknown TLV";
1110 p_mfc->tlv_detect = TAG_PROPRIETARY_TLV;
1111 break;
1112 }
1113 i++;
1114 } while (i < mfc_data->len);
1115
1116 DLOG_IF(INFO, nfc_debug_enabled) << __func__ << ": i=" << i;
1117
1118 if ((i + 1) >= mfc_data->len || i < 0 || p[i] != 0x3) {
1119 LOG(ERROR) << __func__ << ": Can't decode message length";
1120 } else {
1121 if (p[i + 1] != 0xFF) {
1122 p_mfc->ndef_length = p[i + 1];
1123 p_mfc->ndef_start_pos = i + RW_MFC_SHORT_TLV_SIZE;
1124 DLOG_IF(INFO, nfc_debug_enabled)
1125 << __func__ << " short NDEF SIZE=" << p_mfc->ndef_length;
1126 return true;
1127 } else if ((i + 3) < mfc_data->len) {
1128 p_mfc->ndef_length = (((uint16_t)p[i + 2]) << 8) | ((uint16_t)(p[i + 3]));
1129 p_mfc->ndef_start_pos = i + RW_MFC_LONG_TLV_SIZE;
1130 DLOG_IF(INFO, nfc_debug_enabled)
1131 << __func__ << " long NDEF SIZE=" << p_mfc->ndef_length;
1132 return true;
1133 } else {
1134 LOG(ERROR) << __func__ << ": Can't decode ndef length";
1135 }
1136 }
1137 return false;
1138 }
1139
1140 /*******************************************************************************
1141 **
1142 ** Function rw_mfc_ntf_tlv_detect_complete
1143 **
1144 ** Description Notify TLV detection complete to upper layer
1145 **
1146 ** Returns none
1147 **
1148 *******************************************************************************/
rw_mfc_ntf_tlv_detect_complete(tNFC_STATUS status)1149 static void rw_mfc_ntf_tlv_detect_complete(tNFC_STATUS status) {
1150 tRW_MFC_CB* p_mfc = &rw_cb.tcb.mfc;
1151 tRW_DETECT_NDEF_DATA ndef_data = {};
1152
1153 DLOG_IF(INFO, nfc_debug_enabled) << __func__;
1154 if (p_mfc->tlv_detect == TAG_NDEF_TLV) {
1155 /* Notify upper layer the result of NDEF detect op */
1156 ndef_data.status = NFC_STATUS_OK; // status;
1157 ndef_data.protocol = NFC_PROTOCOL_MIFARE;
1158 ndef_data.flags = 0;
1159 ndef_data.cur_size = p_mfc->ndef_length;
1160
1161 if (status == NFC_STATUS_OK) {
1162 ndef_data.flags |= RW_NDEF_FL_FORMATED;
1163 }
1164
1165 // TODO - calculate max size based on MAD sectr NFC_AID condition
1166 // Set max size as format condition
1167 if (p_mfc->selres & RW_MFC_4K_Support)
1168 ndef_data.max_size = 3356;
1169 else
1170 ndef_data.max_size = 716;
1171
1172 rw_mfc_handle_op_complete();
1173 (*rw_cb.p_cback)(RW_MFC_NDEF_DETECT_EVT, (tRW_DATA*)&ndef_data);
1174 }
1175 }
1176
1177 /*******************************************************************************
1178 **
1179 ** Function RW_MfcReadNDef
1180 **
1181 ** Description Retrieve NDEF contents from a Mifare Classic tag..
1182 **
1183 ** The RW_MFC_NDEF_READ_EVT event is used to notify the
1184 ** application after reading the NDEF message.
1185 **
1186 ** Before using this API, the RW_MfcReadNDef function must
1187 ** be called to verify that the tag contains NDEF data, and to
1188 ** retrieve the NDEF attributes.
1189 **
1190 ** Internally, this command will be separated into multiple
1191 ** Mifare Classic Read commands (if necessary) - depending
1192 ** on the NDEF Msg size.
1193 **
1194 ** Parameters: p_buffer: The buffer into which to read the NDEF message
1195 ** buf_len: The length of the buffer
1196 **
1197 ** Returns NCI_STATUS_OK, if read was started. Otherwise, error
1198 ** status.
1199 **
1200 *******************************************************************************/
RW_MfcReadNDef(uint8_t * p_buffer,uint16_t buf_len)1201 tNFC_STATUS RW_MfcReadNDef(uint8_t* p_buffer, uint16_t buf_len) {
1202 tRW_MFC_CB* p_mfc = &rw_cb.tcb.mfc;
1203 tNFC_STATUS status = NFC_STATUS_OK;
1204
1205 if (p_mfc->state != RW_MFC_STATE_IDLE) {
1206 LOG(ERROR) << StringPrintf(
1207 "%s Mifare Classic tag not activated or Busy - State=%d", __func__,
1208 p_mfc->state);
1209 return NFC_STATUS_FAILED;
1210 }
1211
1212 if (p_mfc->ndef_status == MFC_NDEF_NOT_DETECTED) {
1213 LOG(ERROR) << __func__ << " NDEF detection not performed yet";
1214 return NFC_STATUS_FAILED;
1215 }
1216
1217 if (buf_len < p_mfc->ndef_length) {
1218 LOG(ERROR) << __func__ << " buffer size=" << buf_len
1219 << "less than NDEF msg sise=" << p_mfc->ndef_length;
1220 return NFC_STATUS_FAILED;
1221 }
1222
1223 if (!p_mfc->ndef_length) {
1224 LOG(ERROR) << __func__ << " NDEF Message length is zero ";
1225 return NFC_STATUS_NOT_INITIALIZED;
1226 }
1227
1228 p_mfc->p_ndef_buffer = p_buffer;
1229 p_mfc->work_offset = 0;
1230
1231 p_mfc->last_block_accessed.block = 0;
1232 p_mfc->next_block.block = p_mfc->ndef_first_block;
1233 p_mfc->substate = RW_MFC_SUBSTATE_NONE;
1234
1235 /* Start reading NDEF Message */
1236 status = rw_mfc_readBlock(p_mfc->next_block.block);
1237 if (status == NFC_STATUS_OK) {
1238 p_mfc->state = RW_MFC_STATE_READ_NDEF;
1239 }
1240
1241 return status;
1242 }
1243
1244 /*****************************************************************************
1245 **
1246 ** Function rw_mfc_handle_op_complete
1247 **
1248 ** Description Reset to IDLE state
1249 **
1250 ** Returns none
1251 **
1252 *****************************************************************************/
rw_mfc_handle_op_complete(void)1253 static void rw_mfc_handle_op_complete(void) {
1254 tRW_MFC_CB* p_mfc = &rw_cb.tcb.mfc;
1255
1256 p_mfc->last_block_accessed.auth = false;
1257 p_mfc->next_block.auth = false;
1258 p_mfc->state = RW_MFC_STATE_IDLE;
1259 p_mfc->substate = RW_MFC_SUBSTATE_NONE;
1260 return;
1261 }
1262
1263 /*******************************************************************************
1264 **
1265 ** Function rw_mfc_handle_ndef_read_rsp
1266 **
1267 ** Description Handle TLV detection.
1268 **
1269 ** Returns none
1270 **
1271 *******************************************************************************/
rw_mfc_handle_ndef_read_rsp(uint8_t * p_data)1272 static void rw_mfc_handle_ndef_read_rsp(uint8_t* p_data) {
1273 tRW_MFC_CB* p_mfc = &rw_cb.tcb.mfc;
1274 NFC_HDR* mfc_data;
1275 uint8_t* p;
1276
1277 mfc_data = (NFC_HDR*)p_data;
1278 /* Assume the data is just the response byte sequence */
1279 p = (uint8_t*)(mfc_data + 1) + mfc_data->offset;
1280
1281 switch (p_mfc->substate) {
1282 case RW_MFC_SUBSTATE_WAIT_ACK:
1283 /* Search for the tlv */
1284 p_mfc->last_block_accessed.block = p_mfc->current_block;
1285
1286 if (p[0] == 0x0) {
1287 p_mfc->next_block.auth = true;
1288 p_mfc->last_block_accessed.auth = true;
1289
1290 if (p_mfc->current_block < 128) {
1291 p_mfc->sector_authentified = p_mfc->next_block.block / 4;
1292 }
1293
1294 else
1295 p_mfc->sector_authentified =
1296 (p_mfc->next_block.block - 128) / 16 + 32;
1297
1298 rw_mfc_resume_op();
1299 DLOG_IF(INFO, nfc_debug_enabled) << StringPrintf(
1300 "rw_mfc_handle_ndef_read_rsp () sector authentified: %d",
1301 p_mfc->sector_authentified);
1302 } else {
1303 p_mfc->next_block.auth = false;
1304 p_mfc->last_block_accessed.auth = false;
1305 }
1306 break;
1307
1308 case RW_MFC_SUBSTATE_READ_BLOCK:
1309 /* Search for the tlv */
1310
1311 if (mfc_data->len == 0x10) {
1312 p_mfc->last_block_accessed.block = p_mfc->current_block;
1313
1314 if (p_mfc->current_block % 4 == 2) {
1315 p_mfc->next_block.block = p_mfc->current_block + 2;
1316 } else {
1317 p_mfc->next_block.block = p_mfc->current_block + 1;
1318 }
1319
1320 /* Do not read block 16 (MAD2) - Mifare Classic4 k */
1321 if (p_mfc->next_block.block == 64) {
1322 p_mfc->next_block.block += 4;
1323 }
1324
1325 if ((p_mfc->selres & RW_MFC_4K_Support) &&
1326 (p_mfc->next_block.block >= 128)) {
1327 if (p_mfc->current_block % 16 == 14) {
1328 p_mfc->next_block.block = p_mfc->current_block + 2;
1329 } else {
1330 p_mfc->next_block.block = p_mfc->current_block + 1;
1331 }
1332 }
1333
1334 p_mfc->next_block.auth = false;
1335 rw_mfc_handle_read_op((uint8_t*)mfc_data);
1336 }
1337 break;
1338 }
1339 }
1340
1341 /*******************************************************************************
1342 **
1343 ** Function rw_mfc_process_error
1344 **
1345 ** Description Process error including Timeout, Frame error. This function
1346 ** will retry atleast till RW_MAX_RETRIES before give up and
1347 ** sending negative notification to upper layer
1348 **
1349 ** Returns none
1350 **
1351 *******************************************************************************/
rw_mfc_process_error()1352 static void rw_mfc_process_error() {
1353 tRW_READ_DATA evt_data = tRW_READ_DATA();
1354 tRW_EVENT rw_event = RW_MFC_NDEF_DETECT_EVT;
1355 NFC_HDR* p_cmd_buf;
1356 tRW_MFC_CB* p_mfc = &rw_cb.tcb.mfc;
1357 tRW_DETECT_NDEF_DATA ndef_data;
1358
1359 DLOG_IF(INFO, nfc_debug_enabled)
1360 << StringPrintf("%s State=%d", __func__, p_mfc->state);
1361
1362 evt_data.status = NFC_STATUS_FAILED;
1363
1364 /* Retry sending command if retry-count < max */
1365 if (rw_cb.cur_retry < RW_MAX_RETRIES) {
1366 /* retry sending the command */
1367 rw_cb.cur_retry++;
1368
1369 DLOG_IF(INFO, nfc_debug_enabled)
1370 << __func__ << "Mifare Classic retransmission attempt "
1371 << rw_cb.cur_retry << " of " << RW_MAX_RETRIES;
1372
1373 /* allocate a new buffer for message */
1374 p_cmd_buf = (NFC_HDR*)GKI_getpoolbuf(NFC_RW_POOL_ID);
1375 if (p_cmd_buf != NULL) {
1376 memcpy(p_cmd_buf, p_mfc->p_cur_cmd_buf,
1377 sizeof(NFC_HDR) + p_mfc->p_cur_cmd_buf->offset +
1378 p_mfc->p_cur_cmd_buf->len);
1379
1380 if (NFC_SendData(NFC_RF_CONN_ID, p_cmd_buf) == NFC_STATUS_OK) {
1381 /* Start timer for waiting for response */
1382 nfc_start_quick_timer(
1383 &p_mfc->timer, NFC_TTYPE_RW_MFC_RESPONSE,
1384 (RW_MFC_TOUT_RESP * QUICK_TIMER_TICKS_PER_SEC) / 1000);
1385
1386 return;
1387 }
1388 }
1389 } else {
1390 DLOG_IF(INFO, nfc_debug_enabled)
1391 << __func__ << "MFC maximum retransmission attempts reached "
1392 << RW_MAX_RETRIES;
1393 }
1394
1395 if (p_mfc->state == RW_MFC_STATE_DETECT_TLV) {
1396 rw_event = RW_MFC_NDEF_DETECT_EVT;
1397 } else if (p_mfc->state == RW_MFC_STATE_READ_NDEF) {
1398 rw_event = RW_MFC_NDEF_READ_EVT;
1399 } else if (p_mfc->state == RW_MFC_STATE_UPDATE_NDEF) {
1400 rw_event = RW_MFC_NDEF_WRITE_FAIL_EVT;
1401 } else if (p_mfc->state == RW_MFC_STATE_NDEF_FORMAT) {
1402 rw_event = RW_MFC_NDEF_FORMAT_CPLT_EVT;
1403 }
1404
1405 if (rw_event == RW_MFC_NDEF_DETECT_EVT) {
1406 ndef_data.status = evt_data.status;
1407 ndef_data.protocol = NFC_PROTOCOL_MIFARE;
1408 ndef_data.flags = RW_NDEF_FL_UNKNOWN;
1409 ndef_data.max_size = 0;
1410 ndef_data.cur_size = 0;
1411 DLOG_IF(INFO, nfc_debug_enabled)
1412 << StringPrintf("%s status=%d", __func__, evt_data.status);
1413 /* If not Halt move to idle state */
1414 rw_mfc_handle_op_complete();
1415
1416 (*rw_cb.p_cback)(rw_event, (tRW_DATA*)&ndef_data);
1417 } else {
1418 evt_data.p_data = NULL;
1419 /* If activated and not Halt move to idle state */
1420 if (p_mfc->state != RW_MFC_STATE_NOT_ACTIVATED) {
1421 rw_mfc_handle_op_complete();
1422 }
1423
1424 DLOG_IF(INFO, nfc_debug_enabled)
1425 << StringPrintf("%s status=%d", __func__, evt_data.status);
1426 p_mfc->substate = RW_MFC_SUBSTATE_NONE;
1427 (*rw_cb.p_cback)(rw_event, (tRW_DATA*)&evt_data);
1428 }
1429 }
1430