1 /*****************************************************************************
2 * Copyright (C) 2015 ST Microelectronics S.A.
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 *******************************************************************************/
16
17 /******************************************************************************
18 *
19 * This file contains the implementation for Mifare Classic tag in
20 * Reader/Writer mode.
21 *
22 ******************************************************************************/
23 #include <android-base/stringprintf.h>
24 #include <base/logging.h>
25 #include <log/log.h>
26 #include <string.h>
27
28 #include "bt_types.h"
29 #include "gki.h"
30 #include "nfc_api.h"
31 #include "nfc_int.h"
32 #include "nfc_target.h"
33 #include "rw_api.h"
34 #include "rw_int.h"
35 #include "tags_int.h"
36
37 #define MFC_KeyA 0x60
38 #define MFC_KeyB 0x61
39 #define MFC_Read 0x30
40 #define MFC_Write 0xA0
41
42 /* main state */
43 /* Mifare Classic is not activated */
44 #define RW_MFC_STATE_NOT_ACTIVATED 0x00
45 /* waiting for upper layer API */
46 #define RW_MFC_STATE_IDLE 0x01
47 /* performing NDEF detection precedure */
48 #define RW_MFC_STATE_DETECT_NDEF 0x02
49 /* performing read NDEF procedure */
50 #define RW_MFC_STATE_READ_NDEF 0x03
51 /* performing update NDEF procedure */
52 #define RW_MFC_STATE_UPDATE_NDEF 0x04
53 /* checking presence of tag */
54 #define RW_MFC_STATE_PRESENCE_CHECK 0x05
55 /* convert tag to read only */
56 #define RW_MFC_STATE_SET_READ_ONLY 0x06
57 /* detect tlv */
58 #define RW_MFC_STATE_DETECT_TLV 0x7
59 /* NDef Format */
60 #define RW_MFC_STATE_NDEF_FORMAT 0x8
61
62 #define RW_MFC_SUBSTATE_NONE 0x00
63 #define RW_MFC_SUBSTATE_IDLE 0x01
64 #define RW_MFC_SUBSTATE_WAIT_ACK 0x02
65 #define RW_MFC_SUBSTATE_READ_BLOCK 0x03
66 #define RW_MFC_SUBSTATE_FORMAT_BLOCK 0x04
67 #define RW_MFC_SUBSTATE_WRITE_BLOCK 0x05
68
69 #define RW_MFC_LONG_TLV_SIZE 4
70 #define RW_MFC_SHORT_TLV_SIZE 2
71
72 #define RW_MFC_4K_Support 0x10
73
74 #define RW_MFC_1K_BLOCK_SIZE 16
75
76 uint8_t KeyNDEF[6] = {0xD3, 0XF7, 0xD3, 0XF7, 0xD3, 0XF7};
77 uint8_t KeyMAD[6] = {0xA0, 0XA1, 0xA2, 0XA3, 0xA4, 0XA5};
78 uint8_t KeyDefault[6] = {0xFF, 0XFF, 0xFF, 0XFF, 0xFF, 0XFF};
79 uint8_t access_permission_nfc[4] = {0x7F, 0x07, 0x88, 0x40};
80 uint8_t access_permission_mad[4] = {0x78, 0x77, 0x88, 0xC1};
81 uint8_t MAD_B1[16] = {0x14, 0x01, 0x03, 0xE1, 0x03, 0xE1, 0x03, 0xE1,
82 0x03, 0xE1, 0x03, 0xE1, 0x03, 0xE1, 0x03, 0xE1};
83 uint8_t MAD_B2[16] = {0x03, 0xE1, 0x03, 0xE1, 0x03, 0xE1, 0x03, 0xE1,
84 0x03, 0xE1, 0x03, 0xE1, 0x03, 0xE1, 0x03, 0xE1};
85 uint8_t MAD_B64[16] = {0xE8, 0x01, 0x03, 0xE1, 0x03, 0xE1, 0x03, 0xE1,
86 0x03, 0xE1, 0x03, 0xE1, 0x03, 0xE1, 0x03, 0xE1};
87 uint8_t NFC_B0[16] = {0x03, 0x00, 0xFE, 0x00, 0x00, 0x00, 0x00, 0x00,
88 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
89
90 static bool rw_mfc_send_to_lower(NFC_HDR* p_c_apdu);
91 static bool rw_mfc_authenticate(int sector, bool KeyA);
92 static tNFC_STATUS rw_mfc_readBlock(int block);
93 static void rw_mfc_handle_tlv_detect_rsp(uint8_t* p_data);
94 static tNFC_STATUS rw_MfcLocateTlv(uint8_t tlv_type);
95 static void rw_mfc_conn_cback(uint8_t conn_id, tNFC_CONN_EVT event,
96 tNFC_CONN* p_data);
97 static void rw_mfc_resume_op();
98 static bool rw_nfc_decodeTlv(uint8_t* p_data);
99 static void rw_mfc_ntf_tlv_detect_complete(tNFC_STATUS status);
100 static void rw_mfc_handle_read_op(uint8_t* data);
101 static void rw_mfc_handle_op_complete(void);
102 static void rw_mfc_handle_ndef_read_rsp(uint8_t* p_data);
103 static void rw_mfc_process_error();
104
105 static tNFC_STATUS rw_mfc_formatBlock(int block);
106 static void rw_mfc_handle_format_rsp(uint8_t* p_data);
107 static void rw_mfc_handle_format_op();
108 static tNFC_STATUS rw_mfc_writeBlock(int block);
109 static void rw_mfc_handle_write_rsp(uint8_t* p_data);
110 static void rw_mfc_handle_write_op();
111
112 using android::base::StringPrintf;
113 extern bool nfc_debug_enabled;
114
115 /*****************************************************************************
116 **
117 ** Function RW_MfcFormatNDef
118 **
119 ** Description
120 ** Format Tag content
121 **
122 ** Returns
123 ** NFC_STATUS_OK, Command sent to format Tag
124 ** NFC_STATUS_REJECTED: cannot format the tag
125 ** NFC_STATUS_FAILED: other error
126 **
127 *****************************************************************************/
RW_MfcFormatNDef(void)128 tNFC_STATUS RW_MfcFormatNDef(void) {
129 tRW_MFC_CB* p_mfc = &rw_cb.tcb.mfc;
130 tNFC_STATUS status = NFC_STATUS_OK;
131
132 if (p_mfc->state != RW_MFC_STATE_IDLE) {
133 LOG(ERROR) << StringPrintf(
134 "%s Mifare Classic tag not activated or Busy - State:%d", __func__,
135 p_mfc->state);
136 return NFC_STATUS_BUSY;
137 }
138
139 p_mfc->state = RW_MFC_STATE_NDEF_FORMAT;
140 p_mfc->substate = RW_MFC_SUBSTATE_NONE;
141 p_mfc->last_block_accessed.block = 1;
142 p_mfc->next_block.block = 1;
143
144 status = rw_mfc_formatBlock(p_mfc->next_block.block);
145 if (status == NFC_STATUS_OK) {
146 p_mfc->state = RW_MFC_STATE_NDEF_FORMAT;
147 } else {
148 p_mfc->substate = RW_MFC_SUBSTATE_NONE;
149 }
150
151 return status;
152 }
153
154 /*******************************************************************************
155 **
156 ** Function rw_mfc_formatBlock
157 **
158 ** Description This function format a given block.
159 **
160 ** Returns true if success
161 **
162 *******************************************************************************/
rw_mfc_formatBlock(int block)163 static tNFC_STATUS rw_mfc_formatBlock(int block) {
164 NFC_HDR* mfcbuf;
165 uint8_t* p;
166 tRW_MFC_CB* p_mfc = &rw_cb.tcb.mfc;
167 int sectorlength = block / 4;
168 tNFC_STATUS status = NFC_STATUS_OK;
169
170 DLOG_IF(INFO, nfc_debug_enabled) << __func__ << ": block : " << block;
171
172 if (block > 128) {
173 sectorlength = (p_mfc->next_block.block - 128) / 16 + 32;
174 }
175
176 if (sectorlength != p_mfc->sector_authentified) {
177 if (rw_mfc_authenticate(block, true) == true) {
178 return NFC_STATUS_OK;
179 }
180 return NFC_STATUS_FAILED;
181 }
182
183 mfcbuf = (NFC_HDR*)GKI_getpoolbuf(NFC_RW_POOL_ID);
184
185 if (!mfcbuf) {
186 LOG(ERROR) << __func__ << ": Cannot allocate buffer";
187 return NFC_STATUS_REJECTED;
188 }
189
190 mfcbuf->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
191 p = (uint8_t*)(mfcbuf + 1) + mfcbuf->offset;
192
193 UINT8_TO_BE_STREAM(p, MFC_Write);
194 UINT8_TO_BE_STREAM(p, block);
195
196 if (block == 1) {
197 ARRAY_TO_BE_STREAM(p, MAD_B1, 16);
198 } else if (block == 2 || block == 65 || block == 66) {
199 ARRAY_TO_BE_STREAM(p, MAD_B2, 16);
200 } else if (block == 3 || block == 67) {
201 ARRAY_TO_BE_STREAM(p, KeyMAD, 6);
202 ARRAY_TO_BE_STREAM(p, access_permission_mad, 4);
203 ARRAY_TO_BE_STREAM(p, KeyDefault, 6);
204 } else if (block == 4) {
205 ARRAY_TO_BE_STREAM(p, NFC_B0, 16);
206 } else if (block == 64) {
207 ARRAY_TO_BE_STREAM(p, MAD_B64, 16);
208 } else {
209 ARRAY_TO_BE_STREAM(p, KeyNDEF, 6);
210 ARRAY_TO_BE_STREAM(p, access_permission_nfc, 4);
211 ARRAY_TO_BE_STREAM(p, KeyDefault, 6);
212 }
213 mfcbuf->len = 18;
214
215 if (!rw_mfc_send_to_lower(mfcbuf)) {
216 return NFC_STATUS_REJECTED;
217 }
218 p_mfc->current_block = block;
219 p_mfc->substate = RW_MFC_SUBSTATE_FORMAT_BLOCK;
220
221 return status;
222 }
223
rw_mfc_handle_format_rsp(uint8_t * p_data)224 static void rw_mfc_handle_format_rsp(uint8_t* p_data) {
225 tRW_MFC_CB* p_mfc = &rw_cb.tcb.mfc;
226 NFC_HDR* mfc_data;
227 uint8_t* p;
228
229 mfc_data = (NFC_HDR*)p_data;
230 /* Assume the data is just the response byte sequence */
231 p = (uint8_t*)(mfc_data + 1) + mfc_data->offset;
232
233 switch (p_mfc->substate) {
234 case RW_MFC_SUBSTATE_WAIT_ACK:
235 p_mfc->last_block_accessed.block = p_mfc->current_block;
236
237 if (p[0] == 0x0) {
238 p_mfc->next_block.auth = true;
239 p_mfc->last_block_accessed.auth = true;
240
241 if (p_mfc->next_block.block < 128) {
242 p_mfc->sector_authentified = p_mfc->next_block.block / 4;
243 } else {
244 p_mfc->sector_authentified =
245 (p_mfc->next_block.block - 128) / 16 + 32;
246 }
247 rw_mfc_resume_op();
248 } else {
249 p_mfc->next_block.auth = false;
250 p_mfc->last_block_accessed.auth = false;
251 nfc_stop_quick_timer(&p_mfc->timer);
252 rw_mfc_process_error();
253 }
254 break;
255
256 case RW_MFC_SUBSTATE_FORMAT_BLOCK:
257 if (p[0] == 0x0) {
258 rw_mfc_handle_format_op();
259 } else {
260 nfc_stop_quick_timer(&p_mfc->timer);
261 rw_mfc_process_error();
262 }
263 break;
264 }
265 }
266
rw_mfc_handle_format_op()267 static void rw_mfc_handle_format_op() {
268 tRW_MFC_CB* p_mfc = &rw_cb.tcb.mfc;
269 tRW_READ_DATA evt_data;
270 int num_of_blocks = 0;
271
272 /* Total blockes of Mifare 1k/4K */
273 if (p_mfc->selres & RW_MFC_4K_Support)
274 num_of_blocks = 256;
275 else
276 num_of_blocks = 64;
277
278 p_mfc->last_block_accessed.block = p_mfc->current_block;
279
280 // Find next block needed to format
281 if (p_mfc->current_block < 4) {
282 p_mfc->next_block.block = p_mfc->current_block + 1;
283 } else if (p_mfc->current_block == 4) {
284 p_mfc->next_block.block = 7;
285 } else if (p_mfc->current_block >= 63 && p_mfc->current_block < 67) {
286 p_mfc->next_block.block = p_mfc->current_block + 1;
287 } else if (p_mfc->current_block < 127) {
288 p_mfc->next_block.block = p_mfc->current_block + 4;
289 } else {
290 p_mfc->next_block.block = p_mfc->current_block + 16;
291 }
292
293 if (p_mfc->next_block.block < num_of_blocks) {
294 /* Format next blocks */
295 if (rw_mfc_formatBlock(p_mfc->next_block.block) != NFC_STATUS_OK) {
296 evt_data.status = NFC_STATUS_FAILED;
297 evt_data.p_data = NULL;
298 (*rw_cb.p_cback)(RW_MFC_NDEF_FORMAT_CPLT_EVT, (tRW_DATA*)&evt_data);
299 }
300 } else {
301 evt_data.status = NFC_STATUS_OK;
302 evt_data.p_data = NULL;
303 rw_mfc_handle_op_complete();
304 (*rw_cb.p_cback)(RW_MFC_NDEF_FORMAT_CPLT_EVT, (tRW_DATA*)&evt_data);
305 }
306 }
307
308 /*******************************************************************************
309 **
310 ** Function RW_MfcWriteNDef
311 **
312 ** Description This function can be called to write an NDEF message to the
313 ** tag.
314 **
315 ** Parameters: buf_len: The length of the buffer
316 ** p_buffer: The NDEF message to write
317 **
318 ** Returns NCI_STATUS_OK, if write was started. Otherwise, error
319 ** status.
320 **
321 *******************************************************************************/
RW_MfcWriteNDef(uint16_t buf_len,uint8_t * p_buffer)322 tNFC_STATUS RW_MfcWriteNDef(uint16_t buf_len, uint8_t* p_buffer) {
323 tRW_MFC_CB* p_mfc = &rw_cb.tcb.mfc;
324 tNFC_STATUS status = NFC_STATUS_OK;
325
326 if (p_mfc->state != RW_MFC_STATE_IDLE) {
327 return NFC_STATUS_BUSY;
328 }
329
330 p_mfc->state = RW_MFC_STATE_UPDATE_NDEF;
331 p_mfc->substate = RW_MFC_SUBSTATE_NONE;
332 p_mfc->last_block_accessed.block = 4;
333 p_mfc->next_block.block = 4;
334
335 p_mfc->p_ndef_buffer = p_buffer;
336 p_mfc->ndef_length = buf_len;
337 p_mfc->work_offset = 0;
338
339 status = rw_mfc_writeBlock(p_mfc->next_block.block);
340 if (status == NFC_STATUS_OK) {
341 p_mfc->state = RW_MFC_STATE_UPDATE_NDEF;
342 } else {
343 p_mfc->substate = RW_MFC_SUBSTATE_NONE;
344 }
345
346 return status;
347 }
348
349 /*******************************************************************************
350 **
351 ** Function rw_mfc_writeBlock
352 **
353 ** Description This function write a given block.
354 **
355 ** Returns true if success
356 **
357 *******************************************************************************/
rw_mfc_writeBlock(int block)358 static tNFC_STATUS rw_mfc_writeBlock(int block) {
359 NFC_HDR* mfcbuf;
360 uint8_t* p;
361 tRW_MFC_CB* p_mfc = &rw_cb.tcb.mfc;
362 int sectorlength = block / 4;
363 tNFC_STATUS status = NFC_STATUS_OK;
364
365 DLOG_IF(INFO, nfc_debug_enabled) << __func__ << ": block : " << block;
366
367 if (block > 128) {
368 sectorlength = (p_mfc->next_block.block - 128) / 16 + 32;
369 }
370
371 if (sectorlength != p_mfc->sector_authentified) {
372 if (rw_mfc_authenticate(block, true) == true) {
373 return NFC_STATUS_OK;
374 }
375 return NFC_STATUS_FAILED;
376 }
377
378 mfcbuf = (NFC_HDR*)GKI_getpoolbuf(NFC_RW_POOL_ID);
379
380 if (!mfcbuf) {
381 LOG(ERROR) << __func__ << ": Cannot allocate buffer";
382 return NFC_STATUS_REJECTED;
383 }
384
385 mfcbuf->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
386 p = (uint8_t*)(mfcbuf + 1) + mfcbuf->offset;
387
388 UINT8_TO_BE_STREAM(p, MFC_Write);
389 UINT8_TO_BE_STREAM(p, block);
390 int index = 0;
391 while (index < RW_MFC_1K_BLOCK_SIZE) {
392 if (p_mfc->work_offset == 0) {
393 if (p_mfc->ndef_length < 0xFF) {
394 UINT8_TO_BE_STREAM(p, 0x03);
395 UINT8_TO_BE_STREAM(p, p_mfc->ndef_length);
396 index = index + 2;
397 } else {
398 UINT8_TO_BE_STREAM(p, 0x03);
399 UINT8_TO_BE_STREAM(p, 0xFF);
400 UINT8_TO_BE_STREAM(p, (uint8_t)(p_mfc->ndef_length >> 8));
401 UINT8_TO_BE_STREAM(p, (uint8_t)(p_mfc->ndef_length & 0xFF));
402 index = index + 4;
403 }
404 }
405
406 if (p_mfc->work_offset == p_mfc->ndef_length) {
407 UINT8_TO_BE_STREAM(p, 0xFE);
408 } else if (p_mfc->work_offset > p_mfc->ndef_length) {
409 UINT8_TO_BE_STREAM(p, 0x00);
410 } else {
411 UINT8_TO_BE_STREAM(p, p_mfc->p_ndef_buffer[p_mfc->work_offset]);
412 }
413 p_mfc->work_offset++;
414 index++;
415 }
416 mfcbuf->len = 18;
417
418 if (!rw_mfc_send_to_lower(mfcbuf)) {
419 return NFC_STATUS_REJECTED;
420 }
421 p_mfc->current_block = block;
422 p_mfc->substate = RW_MFC_SUBSTATE_WRITE_BLOCK;
423
424 return status;
425 }
426
rw_mfc_handle_write_rsp(uint8_t * p_data)427 static void rw_mfc_handle_write_rsp(uint8_t* p_data) {
428 tRW_MFC_CB* p_mfc = &rw_cb.tcb.mfc;
429 NFC_HDR* mfc_data;
430 uint8_t* p;
431
432 mfc_data = (NFC_HDR*)p_data;
433 /* Assume the data is just the response byte sequence */
434 p = (uint8_t*)(mfc_data + 1) + mfc_data->offset;
435
436 switch (p_mfc->substate) {
437 case RW_MFC_SUBSTATE_WAIT_ACK:
438 p_mfc->last_block_accessed.block = p_mfc->current_block;
439
440 if (p[0] == 0x0) {
441 p_mfc->next_block.auth = true;
442 p_mfc->last_block_accessed.auth = true;
443
444 if (p_mfc->next_block.block < 128) {
445 p_mfc->sector_authentified = p_mfc->next_block.block / 4;
446 } else {
447 p_mfc->sector_authentified =
448 (p_mfc->next_block.block - 128) / 16 + 32;
449 }
450 rw_mfc_resume_op();
451 } else {
452 p_mfc->next_block.auth = false;
453 p_mfc->last_block_accessed.auth = false;
454 nfc_stop_quick_timer(&p_mfc->timer);
455 rw_mfc_process_error();
456 }
457 break;
458
459 case RW_MFC_SUBSTATE_WRITE_BLOCK:
460 if (p[0] == 0x0) {
461 rw_mfc_handle_write_op();
462 } else {
463 nfc_stop_quick_timer(&p_mfc->timer);
464 rw_mfc_process_error();
465 }
466 break;
467 }
468 }
469
rw_mfc_handle_write_op()470 static void rw_mfc_handle_write_op() {
471 tRW_MFC_CB* p_mfc = &rw_cb.tcb.mfc;
472 tRW_READ_DATA evt_data;
473
474 if (p_mfc->work_offset >= p_mfc->ndef_length) {
475 evt_data.status = NFC_STATUS_OK;
476 evt_data.p_data = NULL;
477 rw_mfc_handle_op_complete();
478 (*rw_cb.p_cback)(RW_MFC_NDEF_WRITE_CPLT_EVT, (tRW_DATA*)&evt_data);
479 } else {
480 p_mfc->last_block_accessed.block = p_mfc->current_block;
481
482 if (p_mfc->current_block % 4 == 2) {
483 p_mfc->next_block.block = p_mfc->current_block + 2;
484 } else {
485 p_mfc->next_block.block = p_mfc->current_block + 1;
486 }
487
488 /* Do not read block 16 (MAD2) - Mifare Classic4 k */
489 if (p_mfc->next_block.block == 64) {
490 p_mfc->next_block.block += 4;
491 }
492
493 if ((p_mfc->selres & RW_MFC_4K_Support) &&
494 (p_mfc->next_block.block >= 128)) {
495 if (p_mfc->current_block % 16 == 14) {
496 p_mfc->next_block.block = p_mfc->current_block + 2;
497 } else {
498 p_mfc->next_block.block = p_mfc->current_block + 1;
499 }
500 }
501
502 /* Write next blocks */
503 if (rw_mfc_writeBlock(p_mfc->next_block.block) != NFC_STATUS_OK) {
504 evt_data.status = NFC_STATUS_FAILED;
505 evt_data.p_data = NULL;
506 rw_mfc_handle_op_complete();
507 (*rw_cb.p_cback)(RW_MFC_NDEF_WRITE_FAIL_EVT, (tRW_DATA*)&evt_data);
508 }
509 }
510 }
511
512 /*****************************************************************************
513 **
514 ** Function RW_MfcDetectNDef
515 **
516 ** Description
517 ** This function is used to perform NDEF detection on a Mifare Classic
518 ** tag, and retrieve the tag's NDEF attribute information.
519 ** Before using this API, the application must call RW_SelectTagType to
520 ** indicate that a Type 1 tag has been activated.
521 **
522 ** Returns
523 ** NFC_STATUS_OK: ndef detection procedure started
524 ** NFC_STATUS_WRONG_PROTOCOL: type 1 tag not activated
525 ** NFC_STATUS_BUSY: another command is already in progress
526 ** NFC_STATUS_FAILED: other error
527 **
528 *****************************************************************************/
RW_MfcDetectNDef(void)529 tNFC_STATUS RW_MfcDetectNDef(void) {
530 LOG(ERROR) << __func__;
531 return rw_MfcLocateTlv(TAG_NDEF_TLV);
532 }
533
534 /*******************************************************************************
535 **
536 ** Function rw_mfc_select
537 **
538 ** Description This function will set the callback function to
539 ** receive data from lower layers.
540 **
541 ** Returns tNFC_STATUS
542 **
543 *******************************************************************************/
rw_mfc_select(uint8_t selres,uint8_t uid[MFC_UID_LEN])544 tNFC_STATUS rw_mfc_select(uint8_t selres, uint8_t uid[MFC_UID_LEN]) {
545 tRW_MFC_CB* p_mfc = &rw_cb.tcb.mfc;
546
547 p_mfc->state = RW_MFC_STATE_NOT_ACTIVATED;
548
549 /* Alloc cmd buf for retransmissions */
550 if (p_mfc->p_cur_cmd_buf == NULL) {
551 DLOG_IF(INFO, nfc_debug_enabled) << __func__;
552 p_mfc->p_cur_cmd_buf = (NFC_HDR*)GKI_getpoolbuf(NFC_RW_POOL_ID);
553 if (p_mfc->p_cur_cmd_buf == NULL) {
554 LOG(ERROR) << __func__
555 << ": unable to allocate buffer for retransmission";
556
557 return NFC_STATUS_FAILED;
558 }
559 }
560 p_mfc->selres = selres;
561 memcpy(p_mfc->uid, uid, MFC_UID_LEN);
562
563 NFC_SetStaticRfCback(rw_mfc_conn_cback);
564
565 p_mfc->state = RW_MFC_STATE_IDLE;
566 p_mfc->substate = RW_MFC_SUBSTATE_IDLE;
567 p_mfc->last_block_accessed.block = -1;
568 p_mfc->last_block_accessed.auth = false;
569 p_mfc->next_block.block = 4;
570 p_mfc->next_block.auth = false;
571 p_mfc->sector_authentified = -1;
572
573 return NFC_STATUS_OK;
574 }
575
576 /*******************************************************************************
577 **
578 ** Function rw_mfc_send_to_lower
579 **
580 ** Description Send C-APDU to lower layer
581 **
582 ** Returns true if success
583 **
584 *******************************************************************************/
rw_mfc_send_to_lower(NFC_HDR * p_data)585 static bool rw_mfc_send_to_lower(NFC_HDR* p_data) {
586 tRW_MFC_CB* p_mfc = &rw_cb.tcb.mfc;
587 /* Indicate first attempt to send command, back up cmd buffer in case needed
588 * for retransmission */
589 rw_cb.cur_retry = 0;
590 memcpy(p_mfc->p_cur_cmd_buf, p_data,
591 sizeof(NFC_HDR) + p_data->offset + p_data->len);
592
593 if (NFC_SendData(NFC_RF_CONN_ID, p_data) != NFC_STATUS_OK) {
594 LOG(ERROR) << __func__ << ": NFC_SendData () failed";
595 return false;
596 }
597
598 nfc_start_quick_timer(&rw_cb.tcb.mfc.timer, NFC_TTYPE_RW_MFC_RESPONSE,
599 (RW_MFC_TOUT_RESP * QUICK_TIMER_TICKS_PER_SEC) / 1000);
600
601 return true;
602 }
603
604 /*******************************************************************************
605 **
606 ** Function rw_mfc_process_timeout
607 **
608 ** Description handles timeout event
609 **
610 ** Returns none
611 **
612 *******************************************************************************/
rw_mfc_process_timeout(TIMER_LIST_ENT * p_tle)613 void rw_mfc_process_timeout(TIMER_LIST_ENT* p_tle) {
614 DLOG_IF(INFO, nfc_debug_enabled) << __func__ << " event=" << p_tle->event;
615
616 if (p_tle->event == NFC_TTYPE_RW_MFC_RESPONSE) {
617 rw_mfc_process_error();
618 } else {
619 LOG(ERROR) << __func__ << " unknown event=" << p_tle->event;
620 }
621 }
622
623 /*******************************************************************************
624 **
625 ** Function rw_mfc_conn_cback
626 **
627 ** Description This callback function receives the events/data from NFCC.
628 **
629 ** Returns none
630 **
631 *******************************************************************************/
rw_mfc_conn_cback(uint8_t conn_id,tNFC_CONN_EVT event,tNFC_CONN * p_data)632 static void rw_mfc_conn_cback(uint8_t conn_id, tNFC_CONN_EVT event,
633 tNFC_CONN* p_data) {
634 tRW_MFC_CB* p_mfc = &rw_cb.tcb.mfc;
635 tRW_READ_DATA evt_data;
636 NFC_HDR* mfc_data = nullptr;
637 tRW_DATA rw_data;
638
639 if (!p_data) {
640 LOG(ERROR) << __func__ << "Invalid p_data";
641 return;
642 }
643
644 DLOG_IF(INFO, nfc_debug_enabled)
645 << StringPrintf("%s conn_id=%i, evt=0x%x", __func__, conn_id, event);
646 /* Only handle static conn_id */
647 if (conn_id != NFC_RF_CONN_ID) {
648 LOG(ERROR) << StringPrintf("%s Not static connection id =%d", __func__,
649 conn_id);
650 return;
651 }
652
653 switch (event) {
654 case NFC_CONN_CREATE_CEVT:
655 case NFC_CONN_CLOSE_CEVT:
656 break;
657
658 case NFC_DEACTIVATE_CEVT:
659
660 /* Stop mfc timer (if started) */
661 nfc_stop_quick_timer(&p_mfc->timer);
662 /* Free cmd buf for retransmissions */
663 if (p_mfc->p_cur_cmd_buf) {
664 GKI_freebuf(p_mfc->p_cur_cmd_buf);
665 p_mfc->p_cur_cmd_buf = NULL;
666 }
667
668 p_mfc->state = RW_MFC_STATE_NOT_ACTIVATED;
669 NFC_SetStaticRfCback(NULL);
670 break;
671
672 case NFC_DATA_CEVT:
673 if ((p_data != NULL) && (p_data->data.status == NFC_STATUS_OK)) {
674 mfc_data = (NFC_HDR*)p_data->data.p_data;
675 break;
676 }
677 /* Data event with error status...fall through to NFC_ERROR_CEVT case */
678 FALLTHROUGH_INTENDED;
679 case NFC_ERROR_CEVT:
680
681 if ((p_mfc->state == RW_MFC_STATE_NOT_ACTIVATED) ||
682 (p_mfc->state == RW_MFC_STATE_IDLE)) {
683 if (event == NFC_ERROR_CEVT) {
684 evt_data.status = (tNFC_STATUS)(*(uint8_t*)p_data);
685 } else if (p_data) {
686 evt_data.status = p_data->status;
687 }
688 evt_data.p_data = NULL;
689 (*rw_cb.p_cback)(RW_MFC_INTF_ERROR_EVT, (tRW_DATA*)&evt_data);
690 break;
691 }
692 nfc_stop_quick_timer(&p_mfc->timer);
693 break;
694
695 default:
696 break;
697 }
698
699 if ((p_mfc->state != RW_MFC_STATE_IDLE) && (mfc_data == NULL)) {
700 if (p_mfc->state != RW_MFC_STATE_NOT_ACTIVATED) {
701 LOG(ERROR) << StringPrintf("%s NULL pointer", __func__);
702 }
703 return;
704 }
705
706 switch (p_mfc->state) {
707 case RW_MFC_STATE_IDLE:
708 /* Unexpected R-APDU, it should be raw frame response */
709 /* forward to upper layer without parsing */
710 if (rw_cb.p_cback) {
711 rw_data.raw_frame.status = p_data->data.status;
712 rw_data.raw_frame.p_data = mfc_data;
713 (*(rw_cb.p_cback))(RW_MFC_RAW_FRAME_EVT, &rw_data);
714 mfc_data = NULL;
715 } else {
716 GKI_freebuf(mfc_data);
717 }
718 break;
719 case RW_MFC_STATE_DETECT_TLV:
720 rw_mfc_handle_tlv_detect_rsp((uint8_t*)mfc_data);
721 GKI_freebuf(mfc_data);
722 break;
723
724 case RW_MFC_STATE_READ_NDEF:
725 rw_mfc_handle_ndef_read_rsp((uint8_t*)mfc_data);
726 GKI_freebuf(mfc_data);
727 break;
728 case RW_MFC_STATE_NOT_ACTIVATED:
729 DLOG_IF(INFO, nfc_debug_enabled)
730 << __func__ << " RW_MFC_STATE_NOT_ACTIVATED";
731 /* p_r_apdu may send upper layer */
732 break;
733 case RW_MFC_STATE_NDEF_FORMAT:
734 rw_mfc_handle_format_rsp((uint8_t*)mfc_data);
735 GKI_freebuf(mfc_data);
736 break;
737 case RW_MFC_STATE_UPDATE_NDEF:
738 rw_mfc_handle_write_rsp((uint8_t*)mfc_data);
739 GKI_freebuf(mfc_data);
740 break;
741 default:
742 LOG(ERROR) << StringPrintf("%s : invalid state=%d", __func__,
743 p_mfc->state);
744 break;
745 }
746 }
747
748 /*******************************************************************************
749 **
750 ** Function rw_MfcLocateTlv
751 **
752 ** Description This function performs NDEF detection procedure
753 **
754 ** RW_MFC_NDEF_DETECT_EVT will be returned
755 **
756 ** Returns NFC_STATUS_OK if success
757 ** NFC_STATUS_FAILED if Mifare classic tag is busy or other
758 ** error
759 **
760 *******************************************************************************/
rw_MfcLocateTlv(uint8_t tlv_type)761 static tNFC_STATUS rw_MfcLocateTlv(uint8_t tlv_type) {
762 DLOG_IF(INFO, nfc_debug_enabled) << __func__;
763
764 tRW_MFC_CB* p_mfc = &rw_cb.tcb.mfc;
765 tNFC_STATUS success = NFC_STATUS_OK;
766
767 if (p_mfc->state != RW_MFC_STATE_IDLE) {
768 LOG(ERROR) << StringPrintf(
769 "%s Mifare Classic tag not activated or Busy - State:%d", __func__,
770 p_mfc->state);
771
772 return NFC_STATUS_BUSY;
773 }
774
775 if ((tlv_type != TAG_LOCK_CTRL_TLV) && (tlv_type != TAG_MEM_CTRL_TLV) &&
776 (tlv_type != TAG_NDEF_TLV) && (tlv_type != TAG_PROPRIETARY_TLV)) {
777 DLOG_IF(INFO, nfc_debug_enabled)
778 << StringPrintf("%s - Cannot search TLV: 0x%02x", __func__, tlv_type);
779 return NFC_STATUS_FAILED;
780 }
781 if (tlv_type == TAG_NDEF_TLV) {
782 p_mfc->ndef_length = 0;
783 p_mfc->ndef_start_pos = 0;
784 p_mfc->ndef_first_block = 0;
785 p_mfc->work_offset = 0;
786 p_mfc->ndef_status = MFC_NDEF_NOT_DETECTED;
787 }
788
789 p_mfc->substate = RW_MFC_SUBSTATE_READ_BLOCK;
790 p_mfc->state = RW_MFC_STATE_DETECT_TLV;
791
792 success = rw_mfc_readBlock(p_mfc->next_block.block);
793 if (success == NFC_STATUS_OK) {
794 p_mfc->state = RW_MFC_STATE_DETECT_TLV;
795 DLOG_IF(INFO, nfc_debug_enabled) << StringPrintf(
796 "%s RW_MFC_STATE_DETECT_TLV state=%d", __func__, p_mfc->state);
797 } else {
798 p_mfc->substate = RW_MFC_SUBSTATE_NONE;
799 DLOG_IF(INFO, nfc_debug_enabled)
800 << StringPrintf("%s rw_MfcLocateTlv state=%d", __func__, p_mfc->state);
801 }
802
803 return NFC_STATUS_OK;
804 }
805
806 /*******************************************************************************
807 **
808 ** Function rw_mfc_authenticate
809 **
810 ** Description This function performs the authentication of a given
811 ** block.
812 **
813 ** Returns true if success
814 **
815 *******************************************************************************/
rw_mfc_authenticate(int block,bool KeyA)816 static bool rw_mfc_authenticate(int block, bool KeyA) {
817 NFC_HDR* mfcbuf;
818 tRW_MFC_CB* p_mfc = &rw_cb.tcb.mfc;
819 uint8_t* p;
820
821 DLOG_IF(INFO, nfc_debug_enabled) << __func__ << ": block:" << block;
822
823 uint8_t* KeyToUse;
824
825 mfcbuf = (NFC_HDR*)GKI_getpoolbuf(NFC_RW_POOL_ID);
826
827 if (!mfcbuf) {
828 LOG(ERROR) << __func__ << ": Cannot allocate buffer";
829 return false;
830 }
831
832 mfcbuf->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
833 p = (uint8_t*)(mfcbuf + 1) + mfcbuf->offset;
834
835 if (KeyA) {
836 UINT8_TO_BE_STREAM(p, MFC_KeyA);
837 } else {
838 UINT8_TO_BE_STREAM(p, MFC_KeyB);
839 }
840
841 UINT8_TO_BE_STREAM(p, block);
842 ARRAY_TO_BE_STREAM(p, p_mfc->uid, 4);
843
844 if (p_mfc->state == RW_MFC_STATE_NDEF_FORMAT)
845 KeyToUse = KeyDefault;
846 else {
847 if (block >= 0 && block < 4) {
848 KeyToUse = KeyMAD;
849 } else {
850 KeyToUse = KeyNDEF;
851 }
852 }
853 ARRAY_TO_BE_STREAM(p, KeyToUse, 6);
854
855 mfcbuf->len = 12;
856
857 if (!rw_mfc_send_to_lower(mfcbuf)) {
858 return false;
859 }
860 /* Backup the current substate to move back to this substate after changing
861 * sector */
862 p_mfc->prev_substate = p_mfc->substate;
863 p_mfc->substate = RW_MFC_SUBSTATE_WAIT_ACK;
864 return true;
865 }
866
867 /*******************************************************************************
868 **
869 ** Function rw_mfc_readBlock
870 **
871 ** Description This function read a given block.
872 **
873 ** Returns true if success
874 **
875 *******************************************************************************/
rw_mfc_readBlock(int block)876 static tNFC_STATUS rw_mfc_readBlock(int block) {
877 NFC_HDR* mfcbuf;
878 uint8_t* p;
879 tRW_MFC_CB* p_mfc = &rw_cb.tcb.mfc;
880 int sectorlength = block / 4;
881 tNFC_STATUS status = NFC_STATUS_OK;
882
883 DLOG_IF(INFO, nfc_debug_enabled) << __func__ << ": block : " << block;
884
885 if (block > 128) {
886 sectorlength = (p_mfc->next_block.block - 128) / 16 + 32;
887 }
888
889 if (sectorlength != p_mfc->sector_authentified) {
890 if (rw_mfc_authenticate(block, true) == true) {
891 LOG(ERROR) << __func__ << ": RW_MFC_SUBSTATE_WAIT_ACK";
892 return NFC_STATUS_OK;
893 }
894 return NFC_STATUS_FAILED;
895 }
896
897 mfcbuf = (NFC_HDR*)GKI_getpoolbuf(NFC_RW_POOL_ID);
898
899 if (!mfcbuf) {
900 LOG(ERROR) << __func__ << ": Cannot allocate buffer";
901 return NFC_STATUS_REJECTED;
902 }
903
904 mfcbuf->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
905 p = (uint8_t*)(mfcbuf + 1) + mfcbuf->offset;
906
907 UINT8_TO_BE_STREAM(p, MFC_Read);
908 UINT8_TO_BE_STREAM(p, block);
909
910 mfcbuf->len = 2;
911
912 if (!rw_mfc_send_to_lower(mfcbuf)) {
913 return NFC_STATUS_REJECTED;
914 }
915 p_mfc->current_block = block;
916 p_mfc->substate = RW_MFC_SUBSTATE_READ_BLOCK;
917
918 return status;
919 }
920
921 /*******************************************************************************
922 **
923 ** Function rw_mfc_handle_tlv_detect_rsp
924 **
925 ** Description Handle TLV detection.
926 **
927 ** Returns none
928 **
929 *******************************************************************************/
rw_mfc_handle_tlv_detect_rsp(uint8_t * p_data)930 static void rw_mfc_handle_tlv_detect_rsp(uint8_t* p_data) {
931 tRW_MFC_CB* p_mfc = &rw_cb.tcb.mfc;
932 NFC_HDR* mfc_data;
933 uint8_t* p;
934
935 mfc_data = (NFC_HDR*)p_data;
936 /* Assume the data is just the response byte sequence */
937 p = (uint8_t*)(mfc_data + 1) + mfc_data->offset;
938
939 p_mfc->last_block_accessed.block = p_mfc->next_block.block;
940 switch (p_mfc->substate) {
941 case RW_MFC_SUBSTATE_WAIT_ACK:
942 /* Search for the tlv */
943 if (p[0] == 0x0) {
944 p_mfc->next_block.auth = true;
945 p_mfc->last_block_accessed.auth = true;
946 p_mfc->sector_authentified = p_mfc->next_block.block / 4;
947
948 rw_mfc_resume_op();
949 } else {
950 p_mfc->next_block.auth = false;
951 p_mfc->last_block_accessed.auth = false;
952 DLOG_IF(INFO, nfc_debug_enabled)
953 << StringPrintf("%s : status=%d", __func__, p[0]);
954 nfc_stop_quick_timer(&p_mfc->timer);
955 rw_mfc_process_error();
956 }
957 break;
958
959 case RW_MFC_SUBSTATE_READ_BLOCK:
960 /* Search for the tlv */
961 if (mfc_data->len == 0x10) {
962 p_mfc->last_block_accessed.block = p_mfc->next_block.block;
963 p_mfc->next_block.block += 1;
964 p_mfc->next_block.auth = false;
965 rw_mfc_handle_read_op((uint8_t*)mfc_data);
966 }
967 break;
968 }
969 }
970 /*******************************************************************************
971 **
972 ** Function rw_mfc_resume_op
973 **
974 ** Description This function will continue operation after moving to new
975 ** sector
976 **
977 ** Returns none
978 **
979 *******************************************************************************/
rw_mfc_resume_op()980 static void rw_mfc_resume_op() {
981 tRW_MFC_CB* p_mfc = &rw_cb.tcb.mfc;
982
983 switch (p_mfc->state) {
984 case RW_MFC_STATE_DETECT_TLV:
985 rw_mfc_readBlock(p_mfc->next_block.block);
986 break;
987 case RW_MFC_STATE_READ_NDEF:
988 rw_mfc_readBlock(p_mfc->next_block.block);
989 break;
990 case RW_MFC_STATE_NDEF_FORMAT:
991 rw_mfc_formatBlock(p_mfc->next_block.block);
992 break;
993 case RW_MFC_STATE_UPDATE_NDEF:
994 rw_mfc_writeBlock(p_mfc->next_block.block);
995 break;
996 }
997 }
998
999 /*******************************************************************************
1000 **
1001 ** Function rw_mfc_handle_read_op
1002 **
1003 ** Description This function handles all the read operation.
1004 **
1005 ** Returns none
1006 **
1007 *******************************************************************************/
rw_mfc_handle_read_op(uint8_t * data)1008 static void rw_mfc_handle_read_op(uint8_t* data) {
1009 uint8_t* p;
1010 tRW_MFC_CB* p_mfc = &rw_cb.tcb.mfc;
1011 bool tlv_found = false;
1012 NFC_HDR* mfc_data;
1013 uint16_t len;
1014 uint16_t offset;
1015 uint16_t saved_length;
1016 bool failed = false;
1017 bool done = false;
1018 tRW_READ_DATA evt_data;
1019
1020 mfc_data = (NFC_HDR*)data;
1021 p = (uint8_t*)(mfc_data + 1) + mfc_data->offset;
1022
1023 switch (p_mfc->state) {
1024 case RW_MFC_STATE_DETECT_TLV:
1025 tlv_found = rw_nfc_decodeTlv(data);
1026 if (tlv_found) {
1027 p_mfc->ndef_status = MFC_NDEF_DETECTED;
1028 p_mfc->ndef_first_block = p_mfc->last_block_accessed.block;
1029 rw_mfc_ntf_tlv_detect_complete(NFC_STATUS_OK);
1030 }
1031 break;
1032
1033 case RW_MFC_STATE_READ_NDEF:
1034 /* On the first read, adjust for any partial block offset */
1035 offset = 0;
1036 len = RW_MFC_1K_BLOCK_SIZE;
1037 saved_length = p_mfc->ndef_length;
1038
1039 if (p_mfc->work_offset == 0) {
1040 if (!rw_nfc_decodeTlv(data)) {
1041 failed = true;
1042 DLOG_IF(INFO, nfc_debug_enabled) << __func__ << " FAILED finding TLV";
1043 }
1044 /* Ndef message offset update post response TLV decode */
1045 offset = p_mfc->ndef_start_pos;
1046 }
1047
1048 if (!failed && saved_length >= p_mfc->ndef_length) {
1049 /* Skip all reserved and lock bytes */
1050 while ((offset < len) && (p_mfc->work_offset < p_mfc->ndef_length))
1051
1052 {
1053 /* Collect the NDEF Message */
1054 p_mfc->p_ndef_buffer[p_mfc->work_offset] = p[offset];
1055 p_mfc->work_offset++;
1056 offset++;
1057 }
1058 } else {
1059 android_errorWriteLog(0x534e4554, "178725766");
1060 }
1061
1062 if (p_mfc->work_offset >= p_mfc->ndef_length) {
1063 done = true;
1064 p_mfc->ndef_status = MFC_NDEF_READ;
1065 } else {
1066 /* Read next blocks */
1067 if (rw_mfc_readBlock(p_mfc->next_block.block) != NFC_STATUS_OK) {
1068 failed = true;
1069 DLOG_IF(INFO, nfc_debug_enabled)
1070 << __func__ << " FAILED reading next";
1071 }
1072 }
1073
1074 if (failed || done) {
1075 evt_data.status = failed ? NFC_STATUS_FAILED : NFC_STATUS_OK;
1076 evt_data.p_data = NULL;
1077 rw_mfc_handle_op_complete();
1078 (*rw_cb.p_cback)(RW_MFC_NDEF_READ_EVT, (tRW_DATA*)&evt_data);
1079 }
1080 break;
1081 }
1082 }
1083 /*******************************************************************************
1084 **
1085 ** Function rw_nfc_decodeTlv
1086 **
1087 ** Description Decode the NDEF data length from the Mifare TLV
1088 ** Leading null TLVs (0x0) are skipped
1089 **
1090 ** Returns true if success
1091 **
1092 *******************************************************************************/
rw_nfc_decodeTlv(uint8_t * data)1093 static bool rw_nfc_decodeTlv(uint8_t* data) {
1094 tRW_MFC_CB* p_mfc = &rw_cb.tcb.mfc;
1095 NFC_HDR* mfc_data;
1096 uint8_t* p;
1097
1098 mfc_data = (NFC_HDR*)data;
1099 p = (uint8_t*)(mfc_data + 1) + mfc_data->offset;
1100 int i = 0;
1101
1102 do {
1103 if (p[i] == 0x0) {
1104 // do nothing, skip
1105 } else if (p[i] == 0x3) {
1106 p_mfc->tlv_detect = TAG_NDEF_TLV;
1107 break;
1108
1109 } else {
1110 DLOG_IF(INFO, nfc_debug_enabled) << __func__ << ": Unknown TLV";
1111 p_mfc->tlv_detect = TAG_PROPRIETARY_TLV;
1112 break;
1113 }
1114 i++;
1115 } while (i < mfc_data->len);
1116
1117 DLOG_IF(INFO, nfc_debug_enabled) << __func__ << ": i=" << i;
1118
1119 if ((i + 1) >= mfc_data->len || i < 0 || p[i] != 0x3) {
1120 LOG(ERROR) << __func__ << ": Can't decode message length";
1121 } else {
1122 if (p[i + 1] != 0xFF) {
1123 p_mfc->ndef_length = p[i + 1];
1124 p_mfc->ndef_start_pos = i + RW_MFC_SHORT_TLV_SIZE;
1125 DLOG_IF(INFO, nfc_debug_enabled)
1126 << __func__ << " short NDEF SIZE=" << p_mfc->ndef_length;
1127 return true;
1128 } else if ((i + 3) < mfc_data->len) {
1129 p_mfc->ndef_length = (((uint16_t)p[i + 2]) << 8) | ((uint16_t)(p[i + 3]));
1130 p_mfc->ndef_start_pos = i + RW_MFC_LONG_TLV_SIZE;
1131 DLOG_IF(INFO, nfc_debug_enabled)
1132 << __func__ << " long NDEF SIZE=" << p_mfc->ndef_length;
1133 return true;
1134 } else {
1135 LOG(ERROR) << __func__ << ": Can't decode ndef length";
1136 }
1137 }
1138 return false;
1139 }
1140
1141 /*******************************************************************************
1142 **
1143 ** Function rw_mfc_ntf_tlv_detect_complete
1144 **
1145 ** Description Notify TLV detection complete to upper layer
1146 **
1147 ** Returns none
1148 **
1149 *******************************************************************************/
rw_mfc_ntf_tlv_detect_complete(tNFC_STATUS status)1150 static void rw_mfc_ntf_tlv_detect_complete(tNFC_STATUS status) {
1151 tRW_MFC_CB* p_mfc = &rw_cb.tcb.mfc;
1152 tRW_DETECT_NDEF_DATA ndef_data = {};
1153
1154 DLOG_IF(INFO, nfc_debug_enabled) << __func__;
1155 if (p_mfc->tlv_detect == TAG_NDEF_TLV) {
1156 /* Notify upper layer the result of NDEF detect op */
1157 ndef_data.status = NFC_STATUS_OK; // status;
1158 ndef_data.protocol = NFC_PROTOCOL_MIFARE;
1159 ndef_data.flags = 0;
1160 ndef_data.cur_size = p_mfc->ndef_length;
1161
1162 if (status == NFC_STATUS_OK) {
1163 ndef_data.flags |= RW_NDEF_FL_FORMATED;
1164 }
1165
1166 // TODO - calculate max size based on MAD sectr NFC_AID condition
1167 // Set max size as format condition
1168 if (p_mfc->selres & RW_MFC_4K_Support)
1169 ndef_data.max_size = 3356;
1170 else
1171 ndef_data.max_size = 716;
1172
1173 rw_mfc_handle_op_complete();
1174 (*rw_cb.p_cback)(RW_MFC_NDEF_DETECT_EVT, (tRW_DATA*)&ndef_data);
1175 }
1176 }
1177
1178 /*******************************************************************************
1179 **
1180 ** Function RW_MfcReadNDef
1181 **
1182 ** Description Retrieve NDEF contents from a Mifare Classic tag..
1183 **
1184 ** The RW_MFC_NDEF_READ_EVT event is used to notify the
1185 ** application after reading the NDEF message.
1186 **
1187 ** Before using this API, the RW_MfcReadNDef function must
1188 ** be called to verify that the tag contains NDEF data, and to
1189 ** retrieve the NDEF attributes.
1190 **
1191 ** Internally, this command will be separated into multiple
1192 ** Mifare Classic Read commands (if necessary) - depending
1193 ** on the NDEF Msg size.
1194 **
1195 ** Parameters: p_buffer: The buffer into which to read the NDEF message
1196 ** buf_len: The length of the buffer
1197 **
1198 ** Returns NCI_STATUS_OK, if read was started. Otherwise, error
1199 ** status.
1200 **
1201 *******************************************************************************/
RW_MfcReadNDef(uint8_t * p_buffer,uint16_t buf_len)1202 tNFC_STATUS RW_MfcReadNDef(uint8_t* p_buffer, uint16_t buf_len) {
1203 tRW_MFC_CB* p_mfc = &rw_cb.tcb.mfc;
1204 tNFC_STATUS status = NFC_STATUS_OK;
1205
1206 if (p_mfc->state != RW_MFC_STATE_IDLE) {
1207 LOG(ERROR) << StringPrintf(
1208 "%s Mifare Classic tag not activated or Busy - State=%d", __func__,
1209 p_mfc->state);
1210 return NFC_STATUS_FAILED;
1211 }
1212
1213 if (p_mfc->ndef_status == MFC_NDEF_NOT_DETECTED) {
1214 LOG(ERROR) << __func__ << " NDEF detection not performed yet";
1215 return NFC_STATUS_FAILED;
1216 }
1217
1218 if (buf_len < p_mfc->ndef_length) {
1219 LOG(ERROR) << __func__ << " buffer size=" << buf_len
1220 << "less than NDEF msg sise=" << p_mfc->ndef_length;
1221 return NFC_STATUS_FAILED;
1222 }
1223
1224 if (!p_mfc->ndef_length) {
1225 LOG(ERROR) << __func__ << " NDEF Message length is zero ";
1226 return NFC_STATUS_NOT_INITIALIZED;
1227 }
1228
1229 p_mfc->p_ndef_buffer = p_buffer;
1230 p_mfc->work_offset = 0;
1231
1232 p_mfc->last_block_accessed.block = 0;
1233 p_mfc->next_block.block = p_mfc->ndef_first_block;
1234 p_mfc->substate = RW_MFC_SUBSTATE_NONE;
1235
1236 /* Start reading NDEF Message */
1237 status = rw_mfc_readBlock(p_mfc->next_block.block);
1238 if (status == NFC_STATUS_OK) {
1239 p_mfc->state = RW_MFC_STATE_READ_NDEF;
1240 }
1241
1242 return status;
1243 }
1244
1245 /*****************************************************************************
1246 **
1247 ** Function rw_mfc_handle_op_complete
1248 **
1249 ** Description Reset to IDLE state
1250 **
1251 ** Returns none
1252 **
1253 *****************************************************************************/
rw_mfc_handle_op_complete(void)1254 static void rw_mfc_handle_op_complete(void) {
1255 tRW_MFC_CB* p_mfc = &rw_cb.tcb.mfc;
1256
1257 p_mfc->last_block_accessed.auth = false;
1258 p_mfc->next_block.auth = false;
1259 p_mfc->current_block = 0;
1260 p_mfc->state = RW_MFC_STATE_IDLE;
1261 p_mfc->substate = RW_MFC_SUBSTATE_NONE;
1262 return;
1263 }
1264
1265 /*******************************************************************************
1266 **
1267 ** Function rw_mfc_handle_ndef_read_rsp
1268 **
1269 ** Description Handle TLV detection.
1270 **
1271 ** Returns none
1272 **
1273 *******************************************************************************/
rw_mfc_handle_ndef_read_rsp(uint8_t * p_data)1274 static void rw_mfc_handle_ndef_read_rsp(uint8_t* p_data) {
1275 tRW_MFC_CB* p_mfc = &rw_cb.tcb.mfc;
1276 NFC_HDR* mfc_data;
1277 uint8_t* p;
1278
1279 mfc_data = (NFC_HDR*)p_data;
1280 /* Assume the data is just the response byte sequence */
1281 p = (uint8_t*)(mfc_data + 1) + mfc_data->offset;
1282
1283 switch (p_mfc->substate) {
1284 case RW_MFC_SUBSTATE_WAIT_ACK:
1285 /* Search for the tlv */
1286 p_mfc->last_block_accessed.block = p_mfc->current_block;
1287
1288 if (p[0] == 0x0) {
1289 p_mfc->next_block.auth = true;
1290 p_mfc->last_block_accessed.auth = true;
1291
1292 if (p_mfc->current_block < 128) {
1293 p_mfc->sector_authentified = p_mfc->next_block.block / 4;
1294 }
1295
1296 else
1297 p_mfc->sector_authentified =
1298 (p_mfc->next_block.block - 128) / 16 + 32;
1299
1300 rw_mfc_resume_op();
1301 DLOG_IF(INFO, nfc_debug_enabled) << StringPrintf(
1302 "rw_mfc_handle_ndef_read_rsp () sector authentified: %d",
1303 p_mfc->sector_authentified);
1304 } else {
1305 p_mfc->next_block.auth = false;
1306 p_mfc->last_block_accessed.auth = false;
1307 }
1308 break;
1309
1310 case RW_MFC_SUBSTATE_READ_BLOCK:
1311 /* Search for the tlv */
1312
1313 if (mfc_data->len == 0x10) {
1314 p_mfc->last_block_accessed.block = p_mfc->current_block;
1315
1316 if (p_mfc->current_block % 4 == 2) {
1317 p_mfc->next_block.block = p_mfc->current_block + 2;
1318 } else {
1319 p_mfc->next_block.block = p_mfc->current_block + 1;
1320 }
1321
1322 /* Do not read block 16 (MAD2) - Mifare Classic4 k */
1323 if (p_mfc->next_block.block == 64) {
1324 p_mfc->next_block.block += 4;
1325 }
1326
1327 if ((p_mfc->selres & RW_MFC_4K_Support) &&
1328 (p_mfc->next_block.block >= 128)) {
1329 if (p_mfc->current_block % 16 == 14) {
1330 p_mfc->next_block.block = p_mfc->current_block + 2;
1331 } else {
1332 p_mfc->next_block.block = p_mfc->current_block + 1;
1333 }
1334 }
1335
1336 p_mfc->next_block.auth = false;
1337 rw_mfc_handle_read_op((uint8_t*)mfc_data);
1338 }
1339 break;
1340 }
1341 }
1342
1343 /*******************************************************************************
1344 **
1345 ** Function rw_mfc_process_error
1346 **
1347 ** Description Process error including Timeout, Frame error. This function
1348 ** will retry atleast till RW_MAX_RETRIES before give up and
1349 ** sending negative notification to upper layer
1350 **
1351 ** Returns none
1352 **
1353 *******************************************************************************/
rw_mfc_process_error()1354 static void rw_mfc_process_error() {
1355 tRW_READ_DATA evt_data = tRW_READ_DATA();
1356 tRW_EVENT rw_event = RW_MFC_NDEF_DETECT_EVT;
1357 NFC_HDR* p_cmd_buf;
1358 tRW_MFC_CB* p_mfc = &rw_cb.tcb.mfc;
1359 tRW_DETECT_NDEF_DATA ndef_data;
1360
1361 DLOG_IF(INFO, nfc_debug_enabled)
1362 << StringPrintf("%s State=%d", __func__, p_mfc->state);
1363
1364 evt_data.status = NFC_STATUS_FAILED;
1365
1366 /* Retry sending command if retry-count < max */
1367 if (rw_cb.cur_retry < RW_MAX_RETRIES) {
1368 /* retry sending the command */
1369 rw_cb.cur_retry++;
1370
1371 DLOG_IF(INFO, nfc_debug_enabled)
1372 << __func__ << "Mifare Classic retransmission attempt "
1373 << rw_cb.cur_retry << " of " << RW_MAX_RETRIES;
1374
1375 /* allocate a new buffer for message */
1376 p_cmd_buf = (NFC_HDR*)GKI_getpoolbuf(NFC_RW_POOL_ID);
1377 if (p_cmd_buf != NULL) {
1378 memcpy(p_cmd_buf, p_mfc->p_cur_cmd_buf,
1379 sizeof(NFC_HDR) + p_mfc->p_cur_cmd_buf->offset +
1380 p_mfc->p_cur_cmd_buf->len);
1381
1382 if (NFC_SendData(NFC_RF_CONN_ID, p_cmd_buf) == NFC_STATUS_OK) {
1383 /* Start timer for waiting for response */
1384 nfc_start_quick_timer(
1385 &p_mfc->timer, NFC_TTYPE_RW_MFC_RESPONSE,
1386 (RW_MFC_TOUT_RESP * QUICK_TIMER_TICKS_PER_SEC) / 1000);
1387
1388 return;
1389 }
1390 }
1391 } else {
1392 DLOG_IF(INFO, nfc_debug_enabled)
1393 << __func__ << "MFC maximum retransmission attempts reached "
1394 << RW_MAX_RETRIES;
1395 }
1396
1397 if (p_mfc->state == RW_MFC_STATE_DETECT_TLV) {
1398 rw_event = RW_MFC_NDEF_DETECT_EVT;
1399 } else if (p_mfc->state == RW_MFC_STATE_READ_NDEF) {
1400 rw_event = RW_MFC_NDEF_READ_EVT;
1401 } else if (p_mfc->state == RW_MFC_STATE_UPDATE_NDEF) {
1402 rw_event = RW_MFC_NDEF_WRITE_FAIL_EVT;
1403 } else if (p_mfc->state == RW_MFC_STATE_NDEF_FORMAT) {
1404 rw_event = RW_MFC_NDEF_FORMAT_CPLT_EVT;
1405 }
1406
1407 if (rw_event == RW_MFC_NDEF_DETECT_EVT) {
1408 ndef_data.status = evt_data.status;
1409 ndef_data.protocol = NFC_PROTOCOL_MIFARE;
1410 ndef_data.flags = RW_NDEF_FL_UNKNOWN;
1411 ndef_data.max_size = 0;
1412 ndef_data.cur_size = 0;
1413 DLOG_IF(INFO, nfc_debug_enabled)
1414 << StringPrintf("%s status=%d", __func__, evt_data.status);
1415 /* If not Halt move to idle state */
1416 rw_mfc_handle_op_complete();
1417
1418 (*rw_cb.p_cback)(rw_event, (tRW_DATA*)&ndef_data);
1419 } else {
1420 evt_data.p_data = NULL;
1421 /* If activated and not Halt move to idle state */
1422 if (p_mfc->state != RW_MFC_STATE_NOT_ACTIVATED) {
1423 rw_mfc_handle_op_complete();
1424 }
1425
1426 DLOG_IF(INFO, nfc_debug_enabled)
1427 << StringPrintf("%s status=%d", __func__, evt_data.status);
1428 p_mfc->substate = RW_MFC_SUBSTATE_NONE;
1429 (*rw_cb.p_cback)(rw_event, (tRW_DATA*)&evt_data);
1430 }
1431 }
1432