• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /******************************************************************************
2  *
3  *  Copyright (C) 2010-2013 Broadcom Corporation
4  *
5  *  Licensed under the Apache License, Version 2.0 (the "License");
6  *  you may not use this file except in compliance with the License.
7  *  You may obtain a copy of the License at:
8  *
9  *  http://www.apache.org/licenses/LICENSE-2.0
10  *
11  *  Unless required by applicable law or agreed to in writing, software
12  *  distributed under the License is distributed on an "AS IS" BASIS,
13  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  *  See the License for the specific language governing permissions and
15  *  limitations under the License.
16  *
17  ******************************************************************************/
18 
19 
20 /******************************************************************************
21  *
22  *  This file contains the implementation for Type 4 tag in Reader/Writer
23  *  mode.
24  *
25  ******************************************************************************/
26 #include <string.h>
27 #include "nfc_target.h"
28 #include "bt_types.h"
29 #include "trace_api.h"
30 
31 #if (NFC_INCLUDED == TRUE)
32 
33 #include "nfc_api.h"
34 #include "nfc_int.h"
35 #include "rw_api.h"
36 #include "rw_int.h"
37 #include "tags_int.h"
38 #include "gki.h"
39 
40 /* main state */
41 #define RW_T4T_STATE_NOT_ACTIVATED              0x00    /* T4T is not activated                 */
42 #define RW_T4T_STATE_IDLE                       0x01    /* waiting for upper layer API          */
43 #define RW_T4T_STATE_DETECT_NDEF                0x02    /* performing NDEF detection precedure  */
44 #define RW_T4T_STATE_READ_NDEF                  0x03    /* performing read NDEF procedure       */
45 #define RW_T4T_STATE_UPDATE_NDEF                0x04    /* performing update NDEF procedure     */
46 #define RW_T4T_STATE_PRESENCE_CHECK             0x05    /* checking presence of tag             */
47 #define RW_T4T_STATE_SET_READ_ONLY              0x06    /* convert tag to read only             */
48 
49 /* sub state */
50 #define RW_T4T_SUBSTATE_WAIT_SELECT_APP         0x00    /* waiting for response of selecting AID    */
51 #define RW_T4T_SUBSTATE_WAIT_SELECT_CC          0x01    /* waiting for response of selecting CC     */
52 #define RW_T4T_SUBSTATE_WAIT_CC_FILE            0x02    /* waiting for response of reading CC       */
53 #define RW_T4T_SUBSTATE_WAIT_SELECT_NDEF_FILE   0x03    /* waiting for response of selecting NDEF   */
54 #define RW_T4T_SUBSTATE_WAIT_READ_NLEN          0x04    /* waiting for response of reading NLEN     */
55 #define RW_T4T_SUBSTATE_WAIT_READ_RESP          0x05    /* waiting for response of reading file     */
56 #define RW_T4T_SUBSTATE_WAIT_UPDATE_RESP        0x06    /* waiting for response of updating file    */
57 #define RW_T4T_SUBSTATE_WAIT_UPDATE_NLEN        0x07    /* waiting for response of updating NLEN    */
58 #define RW_T4T_SUBSTATE_WAIT_UPDATE_CC          0x08    /* waiting for response of updating CC      */
59 
60 #if (BT_TRACE_VERBOSE == TRUE)
61 static char *rw_t4t_get_state_name (UINT8 state);
62 static char *rw_t4t_get_sub_state_name (UINT8 sub_state);
63 #endif
64 
65 static BOOLEAN rw_t4t_send_to_lower (BT_HDR *p_c_apdu);
66 static BOOLEAN rw_t4t_select_file (UINT16 file_id);
67 static BOOLEAN rw_t4t_read_file (UINT16 offset, UINT16 length, BOOLEAN is_continue);
68 static BOOLEAN rw_t4t_update_nlen (UINT16 ndef_len);
69 static BOOLEAN rw_t4t_update_file (void);
70 static BOOLEAN rw_t4t_update_cc_to_readonly (void);
71 static BOOLEAN rw_t4t_select_application (UINT8 version);
72 static BOOLEAN rw_t4t_validate_cc_file (void);
73 static void rw_t4t_handle_error (tNFC_STATUS status, UINT8 sw1, UINT8 sw2);
74 static void rw_t4t_sm_detect_ndef (BT_HDR *p_r_apdu);
75 static void rw_t4t_sm_read_ndef (BT_HDR *p_r_apdu);
76 static void rw_t4t_sm_update_ndef (BT_HDR  *p_r_apdu);
77 static void rw_t4t_sm_set_readonly (BT_HDR  *p_r_apdu);
78 static void rw_t4t_data_cback (UINT8 conn_id, tNFC_CONN_EVT event, tNFC_CONN *p_data);
79 
80 /*******************************************************************************
81 **
82 ** Function         rw_t4t_send_to_lower
83 **
84 ** Description      Send C-APDU to lower layer
85 **
86 ** Returns          TRUE if success
87 **
88 *******************************************************************************/
rw_t4t_send_to_lower(BT_HDR * p_c_apdu)89 static BOOLEAN rw_t4t_send_to_lower (BT_HDR *p_c_apdu)
90 {
91 #if (BT_TRACE_PROTOCOL == TRUE)
92     DispRWT4Tags (p_c_apdu, FALSE);
93 #endif
94 
95     if (NFC_SendData (NFC_RF_CONN_ID, p_c_apdu) != NFC_STATUS_OK)
96     {
97         RW_TRACE_ERROR0 ("rw_t4t_send_to_lower (): NFC_SendData () failed");
98         return FALSE;
99     }
100 
101     nfc_start_quick_timer (&rw_cb.tcb.t4t.timer, NFC_TTYPE_RW_T4T_RESPONSE,
102                            (RW_T4T_TOUT_RESP * QUICK_TIMER_TICKS_PER_SEC) / 1000);
103 
104     return TRUE;
105 }
106 
107 /*******************************************************************************
108 **
109 ** Function         rw_t4t_select_file
110 **
111 ** Description      Send Select Command (by File ID) to peer
112 **
113 ** Returns          TRUE if success
114 **
115 *******************************************************************************/
rw_t4t_select_file(UINT16 file_id)116 static BOOLEAN rw_t4t_select_file (UINT16 file_id)
117 {
118     BT_HDR      *p_c_apdu;
119     UINT8       *p;
120 
121     RW_TRACE_DEBUG1 ("rw_t4t_select_file (): File ID:0x%04X", file_id);
122 
123     p_c_apdu = (BT_HDR *) GKI_getpoolbuf (NFC_RW_POOL_ID);
124 
125     if (!p_c_apdu)
126     {
127         RW_TRACE_ERROR0 ("rw_t4t_select_file (): Cannot allocate buffer");
128         return FALSE;
129     }
130 
131     p_c_apdu->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
132     p = (UINT8 *) (p_c_apdu + 1) + p_c_apdu->offset;
133 
134     UINT8_TO_BE_STREAM (p, T4T_CMD_CLASS);
135     UINT8_TO_BE_STREAM (p, T4T_CMD_INS_SELECT);
136     UINT8_TO_BE_STREAM (p, T4T_CMD_P1_SELECT_BY_FILE_ID);
137 
138     /* if current version mapping is V2.0 */
139     if (rw_cb.tcb.t4t.version == T4T_VERSION_2_0)
140     {
141         UINT8_TO_BE_STREAM (p, T4T_CMD_P2_FIRST_OR_ONLY_0CH);
142     }
143     else /* version 1.0 */
144     {
145         UINT8_TO_BE_STREAM (p, T4T_CMD_P2_FIRST_OR_ONLY_00H);
146     }
147 
148     UINT8_TO_BE_STREAM (p, T4T_FILE_ID_SIZE);
149     UINT16_TO_BE_STREAM (p, file_id);
150 
151     p_c_apdu->len = T4T_CMD_MAX_HDR_SIZE + T4T_FILE_ID_SIZE;
152 
153     if (!rw_t4t_send_to_lower (p_c_apdu))
154     {
155         return FALSE;
156     }
157 
158     return TRUE;
159 }
160 
161 /*******************************************************************************
162 **
163 ** Function         rw_t4t_read_file
164 **
165 ** Description      Send ReadBinary Command to peer
166 **
167 ** Returns          TRUE if success
168 **
169 *******************************************************************************/
rw_t4t_read_file(UINT16 offset,UINT16 length,BOOLEAN is_continue)170 static BOOLEAN rw_t4t_read_file (UINT16 offset, UINT16 length, BOOLEAN is_continue)
171 {
172     tRW_T4T_CB      *p_t4t = &rw_cb.tcb.t4t;
173     BT_HDR          *p_c_apdu;
174     UINT8           *p;
175 
176     RW_TRACE_DEBUG3 ("rw_t4t_read_file () offset:%d, length:%d, is_continue:%d, ",
177                       offset, length, is_continue);
178 
179     p_c_apdu = (BT_HDR *) GKI_getpoolbuf (NFC_RW_POOL_ID);
180 
181     if (!p_c_apdu)
182     {
183         RW_TRACE_ERROR0 ("rw_t4t_read_file (): Cannot allocate buffer");
184         return FALSE;
185     }
186 
187     /* if this is the first reading */
188     if (is_continue == FALSE)
189     {
190         /* initialise starting offset and total length */
191         /* these will be updated when receiving response */
192         p_t4t->rw_offset = offset;
193         p_t4t->rw_length = length;
194     }
195 
196     /* adjust reading length if payload is bigger than max size per single command */
197     if (length > p_t4t->max_read_size)
198     {
199         length = (UINT8) (p_t4t->max_read_size);
200     }
201 
202     p_c_apdu->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
203     p = (UINT8 *) (p_c_apdu + 1) + p_c_apdu->offset;
204 
205     UINT8_TO_BE_STREAM (p, T4T_CMD_CLASS);
206     UINT8_TO_BE_STREAM (p, T4T_CMD_INS_READ_BINARY);
207     UINT16_TO_BE_STREAM (p, offset);
208     UINT8_TO_BE_STREAM (p, length); /* Le */
209 
210     p_c_apdu->len = T4T_CMD_MIN_HDR_SIZE + 1; /* adding Le */
211 
212     if (!rw_t4t_send_to_lower (p_c_apdu))
213     {
214         return FALSE;
215     }
216 
217     return TRUE;
218 }
219 
220 /*******************************************************************************
221 **
222 ** Function         rw_t4t_update_nlen
223 **
224 ** Description      Send UpdateBinary Command to update NLEN to peer
225 **
226 ** Returns          TRUE if success
227 **
228 *******************************************************************************/
rw_t4t_update_nlen(UINT16 ndef_len)229 static BOOLEAN rw_t4t_update_nlen (UINT16 ndef_len)
230 {
231     BT_HDR          *p_c_apdu;
232     UINT8           *p;
233 
234     RW_TRACE_DEBUG1 ("rw_t4t_update_nlen () NLEN:%d", ndef_len);
235 
236     p_c_apdu = (BT_HDR *) GKI_getpoolbuf (NFC_RW_POOL_ID);
237 
238     if (!p_c_apdu)
239     {
240         RW_TRACE_ERROR0 ("rw_t4t_update_nlen (): Cannot allocate buffer");
241         return FALSE;
242     }
243 
244     p_c_apdu->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
245     p = (UINT8 *) (p_c_apdu + 1) + p_c_apdu->offset;
246 
247     UINT8_TO_BE_STREAM (p, T4T_CMD_CLASS);
248     UINT8_TO_BE_STREAM (p, T4T_CMD_INS_UPDATE_BINARY);
249     UINT16_TO_BE_STREAM (p, 0x0000);                    /* offset for NLEN */
250     UINT8_TO_BE_STREAM (p, T4T_FILE_LENGTH_SIZE);
251     UINT16_TO_BE_STREAM (p, ndef_len);
252 
253     p_c_apdu->len = T4T_CMD_MAX_HDR_SIZE + T4T_FILE_LENGTH_SIZE;
254 
255     if (!rw_t4t_send_to_lower (p_c_apdu))
256     {
257         return FALSE;
258     }
259 
260     return TRUE;
261 }
262 
263 /*******************************************************************************
264 **
265 ** Function         rw_t4t_update_file
266 **
267 ** Description      Send UpdateBinary Command to peer
268 **
269 ** Returns          TRUE if success
270 **
271 *******************************************************************************/
rw_t4t_update_file(void)272 static BOOLEAN rw_t4t_update_file (void)
273 {
274     tRW_T4T_CB      *p_t4t = &rw_cb.tcb.t4t;
275     BT_HDR          *p_c_apdu;
276     UINT8           *p;
277     UINT16          length;
278 
279     RW_TRACE_DEBUG2 ("rw_t4t_update_file () rw_offset:%d, rw_length:%d",
280                       p_t4t->rw_offset, p_t4t->rw_length);
281 
282     p_c_apdu = (BT_HDR *) GKI_getpoolbuf (NFC_RW_POOL_ID);
283 
284     if (!p_c_apdu)
285     {
286         RW_TRACE_ERROR0 ("rw_t4t_write_file (): Cannot allocate buffer");
287         return FALSE;
288     }
289 
290     /* try to send all of remaining data */
291     length = p_t4t->rw_length;
292 
293     /* adjust updating length if payload is bigger than max size per single command */
294     if (length > p_t4t->max_update_size)
295     {
296         length = (UINT8) (p_t4t->max_update_size);
297     }
298 
299     p_c_apdu->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
300     p = (UINT8 *) (p_c_apdu + 1) + p_c_apdu->offset;
301 
302     UINT8_TO_BE_STREAM (p, T4T_CMD_CLASS);
303     UINT8_TO_BE_STREAM (p, T4T_CMD_INS_UPDATE_BINARY);
304     UINT16_TO_BE_STREAM (p, p_t4t->rw_offset);
305     UINT8_TO_BE_STREAM (p, length);
306 
307     memcpy (p, p_t4t->p_update_data, length);
308 
309     p_c_apdu->len = T4T_CMD_MAX_HDR_SIZE + length;
310 
311     if (!rw_t4t_send_to_lower (p_c_apdu))
312     {
313         return FALSE;
314     }
315 
316     /* adjust offset, length and pointer for remaining data */
317     p_t4t->rw_offset     += length;
318     p_t4t->rw_length     -= length;
319     p_t4t->p_update_data += length;
320 
321     return TRUE;
322 }
323 
324 /*******************************************************************************
325 **
326 ** Function         rw_t4t_update_cc_to_readonly
327 **
328 ** Description      Send UpdateBinary Command for changing Write access
329 **
330 ** Returns          TRUE if success
331 **
332 *******************************************************************************/
rw_t4t_update_cc_to_readonly(void)333 static BOOLEAN rw_t4t_update_cc_to_readonly (void)
334 {
335     BT_HDR          *p_c_apdu;
336     UINT8           *p;
337 
338     RW_TRACE_DEBUG0 ("rw_t4t_update_cc_to_readonly (): Remove Write access from CC");
339 
340     p_c_apdu = (BT_HDR *) GKI_getpoolbuf (NFC_RW_POOL_ID);
341 
342     if (!p_c_apdu)
343     {
344         RW_TRACE_ERROR0 ("rw_t4t_update_cc_to_readonly (): Cannot allocate buffer");
345         return FALSE;
346     }
347 
348     p_c_apdu->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
349     p = (UINT8 *) (p_c_apdu + 1) + p_c_apdu->offset;
350 
351     /* Add Command Header */
352     UINT8_TO_BE_STREAM (p, T4T_CMD_CLASS);
353     UINT8_TO_BE_STREAM (p, T4T_CMD_INS_UPDATE_BINARY);
354     UINT16_TO_BE_STREAM (p, (T4T_FC_TLV_OFFSET_IN_CC + T4T_FC_WRITE_ACCESS_OFFSET_IN_TLV)); /* Offset for Read Write access byte of CC */
355     UINT8_TO_BE_STREAM (p, 1); /* Length of write access field in cc interms of bytes */
356 
357     /* Remove Write access */
358     UINT8_TO_BE_STREAM (p, T4T_FC_NO_WRITE_ACCESS);
359 
360 
361     p_c_apdu->len = T4T_CMD_MAX_HDR_SIZE + 1;
362 
363     if (!rw_t4t_send_to_lower (p_c_apdu))
364     {
365         return FALSE;
366     }
367 
368     return TRUE;
369 }
370 
371 /*******************************************************************************
372 **
373 ** Function         rw_t4t_select_application
374 **
375 ** Description      Select Application
376 **
377 **                  NDEF Tag Application Select - C-APDU
378 **
379 **                        CLA INS P1 P2 Lc Data(AID)      Le
380 **                  V1.0: 00  A4  04 00 07 D2760000850100 -
381 **                  V2.0: 00  A4  04 00 07 D2760000850101 00
382 **
383 ** Returns          TRUE if success
384 **
385 *******************************************************************************/
rw_t4t_select_application(UINT8 version)386 static BOOLEAN rw_t4t_select_application (UINT8 version)
387 {
388     BT_HDR      *p_c_apdu;
389     UINT8       *p;
390 
391     RW_TRACE_DEBUG1 ("rw_t4t_select_application () version:0x%X", version);
392 
393     p_c_apdu = (BT_HDR *) GKI_getpoolbuf (NFC_RW_POOL_ID);
394 
395     if (!p_c_apdu)
396     {
397         RW_TRACE_ERROR0 ("rw_t4t_select_application (): Cannot allocate buffer");
398         return FALSE;
399     }
400 
401     p_c_apdu->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
402     p = (UINT8 *) (p_c_apdu + 1) + p_c_apdu->offset;
403 
404     UINT8_TO_BE_STREAM (p, T4T_CMD_CLASS);
405     UINT8_TO_BE_STREAM (p, T4T_CMD_INS_SELECT);
406     UINT8_TO_BE_STREAM (p, T4T_CMD_P1_SELECT_BY_NAME);
407     UINT8_TO_BE_STREAM (p, T4T_CMD_P2_FIRST_OR_ONLY_00H);
408 
409     if (version == T4T_VERSION_1_0)   /* this is for V1.0 */
410     {
411         UINT8_TO_BE_STREAM (p, T4T_V10_NDEF_TAG_AID_LEN);
412 
413         memcpy (p, t4t_v10_ndef_tag_aid, T4T_V10_NDEF_TAG_AID_LEN);
414 
415         p_c_apdu->len = T4T_CMD_MAX_HDR_SIZE + T4T_V10_NDEF_TAG_AID_LEN;
416     }
417     else if (version == T4T_VERSION_2_0)   /* this is for V2.0 */
418     {
419         UINT8_TO_BE_STREAM (p, T4T_V20_NDEF_TAG_AID_LEN);
420 
421         memcpy (p, t4t_v20_ndef_tag_aid, T4T_V20_NDEF_TAG_AID_LEN);
422         p += T4T_V20_NDEF_TAG_AID_LEN;
423 
424         UINT8_TO_BE_STREAM (p, 0x00); /* Le set to 0x00 */
425 
426         p_c_apdu->len = T4T_CMD_MAX_HDR_SIZE + T4T_V20_NDEF_TAG_AID_LEN + 1;
427     }
428     else
429     {
430         return FALSE;
431     }
432 
433     if (!rw_t4t_send_to_lower (p_c_apdu))
434     {
435         return FALSE;
436     }
437 
438     return TRUE;
439 }
440 
441 /*******************************************************************************
442 **
443 ** Function         rw_t4t_validate_cc_file
444 **
445 ** Description      Validate CC file and mandatory NDEF TLV
446 **
447 ** Returns          TRUE if success
448 **
449 *******************************************************************************/
rw_t4t_validate_cc_file(void)450 static BOOLEAN rw_t4t_validate_cc_file (void)
451 {
452     tRW_T4T_CB  *p_t4t = &rw_cb.tcb.t4t;
453 
454     RW_TRACE_DEBUG0 ("rw_t4t_validate_cc_file ()");
455 
456     if (p_t4t->cc_file.cclen < T4T_CC_FILE_MIN_LEN)
457     {
458         RW_TRACE_ERROR1 ("rw_t4t_validate_cc_file (): CCLEN (%d) is too short",
459                          p_t4t->cc_file.cclen);
460         return FALSE;
461     }
462 
463     if (T4T_GET_MAJOR_VERSION (p_t4t->cc_file.version) != T4T_GET_MAJOR_VERSION (p_t4t->version))
464     {
465         RW_TRACE_ERROR2 ("rw_t4t_validate_cc_file (): Peer version (0x%02X) is matched to ours (0x%02X)",
466                          p_t4t->cc_file.version, p_t4t->version);
467         return FALSE;
468     }
469 
470     if (p_t4t->cc_file.max_le < 0x000F)
471     {
472         RW_TRACE_ERROR1 ("rw_t4t_validate_cc_file (): MaxLe (%d) is too small",
473                          p_t4t->cc_file.max_le);
474         return FALSE;
475     }
476 
477     if (p_t4t->cc_file.max_lc < 0x0001)
478     {
479         RW_TRACE_ERROR1 ("rw_t4t_validate_cc_file (): MaxLc (%d) is too small",
480                          p_t4t->cc_file.max_lc);
481         return FALSE;
482     }
483 
484     if (  (p_t4t->cc_file.ndef_fc.file_id == T4T_CC_FILE_ID)
485         ||(p_t4t->cc_file.ndef_fc.file_id == 0xE102)
486         ||(p_t4t->cc_file.ndef_fc.file_id == 0xE103)
487         ||((p_t4t->cc_file.ndef_fc.file_id == 0x0000) && (p_t4t->cc_file.version == 0x20))
488         ||(p_t4t->cc_file.ndef_fc.file_id == 0x3F00)
489         ||(p_t4t->cc_file.ndef_fc.file_id == 0x3FFF)
490         ||(p_t4t->cc_file.ndef_fc.file_id == 0xFFFF)  )
491     {
492         RW_TRACE_ERROR1 ("rw_t4t_validate_cc_file (): File ID (0x%04X) is invalid",
493                           p_t4t->cc_file.ndef_fc.file_id);
494         return FALSE;
495     }
496 
497     if (  (p_t4t->cc_file.ndef_fc.max_file_size < 0x0005)
498         ||(p_t4t->cc_file.ndef_fc.max_file_size == 0xFFFF)  )
499     {
500         RW_TRACE_ERROR1 ("rw_t4t_validate_cc_file (): max_file_size (%d) is reserved",
501                          p_t4t->cc_file.ndef_fc.max_file_size);
502         return FALSE;
503     }
504 
505     if (p_t4t->cc_file.ndef_fc.read_access != T4T_FC_READ_ACCESS)
506     {
507         RW_TRACE_ERROR1 ("rw_t4t_validate_cc_file (): Read Access (0x%02X) is invalid",
508                           p_t4t->cc_file.ndef_fc.read_access);
509         return FALSE;
510     }
511 
512     if (  (p_t4t->cc_file.ndef_fc.write_access != T4T_FC_WRITE_ACCESS)
513         &&(p_t4t->cc_file.ndef_fc.write_access != T4T_FC_NO_WRITE_ACCESS)  )
514     {
515         RW_TRACE_ERROR1 ("rw_t4t_validate_cc_file (): Write Access (0x%02X) is invalid",
516                           p_t4t->cc_file.ndef_fc.write_access);
517         return FALSE;
518     }
519 
520     return TRUE;
521 }
522 
523 /*******************************************************************************
524 **
525 ** Function         rw_t4t_handle_error
526 **
527 ** Description      notify error to application and clean up
528 **
529 ** Returns          none
530 **
531 *******************************************************************************/
rw_t4t_handle_error(tNFC_STATUS status,UINT8 sw1,UINT8 sw2)532 static void rw_t4t_handle_error (tNFC_STATUS status, UINT8 sw1, UINT8 sw2)
533 {
534     tRW_T4T_CB  *p_t4t = &rw_cb.tcb.t4t;
535     tRW_DATA    rw_data;
536     tRW_EVENT   event;
537 
538     RW_TRACE_DEBUG4 ("rw_t4t_handle_error (): status:0%02X, sw1:0x%02X, sw2:0x%02X, state:0x%X",
539                       status, sw1, sw2, p_t4t->state);
540 
541     nfc_stop_quick_timer (&p_t4t->timer);
542 
543     if (rw_cb.p_cback)
544     {
545         rw_data.status = status;
546 
547         rw_data.t4t_sw.sw1    = sw1;
548         rw_data.t4t_sw.sw2    = sw2;
549 
550         switch (p_t4t->state)
551         {
552         case RW_T4T_STATE_DETECT_NDEF:
553             rw_data.ndef.flags  = RW_NDEF_FL_UNKNOWN;
554             event = RW_T4T_NDEF_DETECT_EVT;
555             break;
556 
557         case RW_T4T_STATE_READ_NDEF:
558             event = RW_T4T_NDEF_READ_FAIL_EVT;
559             break;
560 
561         case RW_T4T_STATE_UPDATE_NDEF:
562             event = RW_T4T_NDEF_UPDATE_FAIL_EVT;
563             break;
564 
565         case RW_T4T_STATE_PRESENCE_CHECK:
566             event = RW_T4T_PRESENCE_CHECK_EVT;
567             rw_data.status = NFC_STATUS_FAILED;
568             break;
569 
570         case RW_T4T_STATE_SET_READ_ONLY:
571             event = RW_T4T_SET_TO_RO_EVT;
572             break;
573 
574         default:
575             event = RW_T4T_MAX_EVT;
576             break;
577         }
578 
579         p_t4t->state = RW_T4T_STATE_IDLE;
580 
581         if (event != RW_T4T_MAX_EVT)
582         {
583             (*(rw_cb.p_cback)) (event, &rw_data);
584         }
585     }
586     else
587     {
588         p_t4t->state = RW_T4T_STATE_IDLE;
589     }
590 }
591 
592 /*******************************************************************************
593 **
594 ** Function         rw_t4t_sm_detect_ndef
595 **
596 ** Description      State machine for NDEF detection procedure
597 **
598 ** Returns          none
599 **
600 *******************************************************************************/
rw_t4t_sm_detect_ndef(BT_HDR * p_r_apdu)601 static void rw_t4t_sm_detect_ndef (BT_HDR *p_r_apdu)
602 {
603     tRW_T4T_CB  *p_t4t = &rw_cb.tcb.t4t;
604     UINT8       *p, type, length;
605     UINT16      status_words, nlen;
606     tRW_DATA    rw_data;
607 
608 #if (BT_TRACE_VERBOSE == TRUE)
609     RW_TRACE_DEBUG2 ("rw_t4t_sm_detect_ndef (): sub_state:%s (%d)",
610                       rw_t4t_get_sub_state_name (p_t4t->sub_state), p_t4t->sub_state);
611 #else
612     RW_TRACE_DEBUG1 ("rw_t4t_sm_detect_ndef (): sub_state=%d", p_t4t->sub_state);
613 #endif
614 
615     /* get status words */
616     p = (UINT8 *) (p_r_apdu + 1) + p_r_apdu->offset;
617     p += (p_r_apdu->len - T4T_RSP_STATUS_WORDS_SIZE);
618     BE_STREAM_TO_UINT16 (status_words, p);
619 
620     if (status_words != T4T_RSP_CMD_CMPLTED)
621     {
622         /* try V1.0 after failing of V2.0 */
623         if (  (p_t4t->sub_state == RW_T4T_SUBSTATE_WAIT_SELECT_APP)
624             &&(p_t4t->version   == T4T_VERSION_2_0)  )
625         {
626             p_t4t->version = T4T_VERSION_1_0;
627 
628             RW_TRACE_DEBUG1 ("rw_t4t_sm_detect_ndef (): retry with version=0x%02X",
629                               p_t4t->version);
630 
631             if (!rw_t4t_select_application (T4T_VERSION_1_0))
632             {
633                 rw_t4t_handle_error (NFC_STATUS_FAILED, 0, 0);
634             }
635             return;
636         }
637 
638         p_t4t->ndef_status &= ~ (RW_T4T_NDEF_STATUS_NDEF_DETECTED);
639         rw_t4t_handle_error (NFC_STATUS_CMD_NOT_CMPLTD, *(p-2), *(p-1));
640         return;
641     }
642 
643     switch (p_t4t->sub_state)
644     {
645     case RW_T4T_SUBSTATE_WAIT_SELECT_APP:
646 
647         /* NDEF Tag application has been selected then select CC file */
648         if (!rw_t4t_select_file (T4T_CC_FILE_ID))
649         {
650             rw_t4t_handle_error (NFC_STATUS_FAILED, 0, 0);
651         }
652         else
653         {
654             p_t4t->sub_state = RW_T4T_SUBSTATE_WAIT_SELECT_CC;
655         }
656         break;
657 
658     case RW_T4T_SUBSTATE_WAIT_SELECT_CC:
659 
660         /* CC file has been selected then read mandatory part of CC file */
661         if (!rw_t4t_read_file (0x00, T4T_CC_FILE_MIN_LEN, FALSE))
662         {
663             rw_t4t_handle_error (NFC_STATUS_FAILED, 0, 0);
664         }
665         else
666         {
667             p_t4t->sub_state = RW_T4T_SUBSTATE_WAIT_CC_FILE;
668         }
669         break;
670 
671     case RW_T4T_SUBSTATE_WAIT_CC_FILE:
672 
673         /* CC file has been read then validate and select mandatory NDEF file */
674         if (p_r_apdu->len >= T4T_CC_FILE_MIN_LEN + T4T_RSP_STATUS_WORDS_SIZE)
675         {
676             p = (UINT8 *) (p_r_apdu + 1) + p_r_apdu->offset;
677 
678             BE_STREAM_TO_UINT16 (p_t4t->cc_file.cclen, p);
679             BE_STREAM_TO_UINT8 (p_t4t->cc_file.version, p);
680             BE_STREAM_TO_UINT16 (p_t4t->cc_file.max_le, p);
681             BE_STREAM_TO_UINT16 (p_t4t->cc_file.max_lc, p);
682 
683             BE_STREAM_TO_UINT8 (type, p);
684             BE_STREAM_TO_UINT8 (length, p);
685 
686             if (  (type == T4T_NDEF_FILE_CONTROL_TYPE)
687                 &&(length == T4T_FILE_CONTROL_LENGTH)  )
688             {
689                 BE_STREAM_TO_UINT16 (p_t4t->cc_file.ndef_fc.file_id, p);
690                 BE_STREAM_TO_UINT16 (p_t4t->cc_file.ndef_fc.max_file_size, p);
691                 BE_STREAM_TO_UINT8 (p_t4t->cc_file.ndef_fc.read_access, p);
692                 BE_STREAM_TO_UINT8 (p_t4t->cc_file.ndef_fc.write_access, p);
693 
694 #if (BT_TRACE_VERBOSE == TRUE)
695                 RW_TRACE_DEBUG0 ("Capability Container (CC) file");
696                 RW_TRACE_DEBUG1 ("  CCLEN:  0x%04X",    p_t4t->cc_file.cclen);
697                 RW_TRACE_DEBUG1 ("  Version:0x%02X",    p_t4t->cc_file.version);
698                 RW_TRACE_DEBUG1 ("  MaxLe:  0x%04X",    p_t4t->cc_file.max_le);
699                 RW_TRACE_DEBUG1 ("  MaxLc:  0x%04X",    p_t4t->cc_file.max_lc);
700                 RW_TRACE_DEBUG0 ("  NDEF File Control TLV");
701                 RW_TRACE_DEBUG1 ("    FileID:      0x%04X", p_t4t->cc_file.ndef_fc.file_id);
702                 RW_TRACE_DEBUG1 ("    MaxFileSize: 0x%04X", p_t4t->cc_file.ndef_fc.max_file_size);
703                 RW_TRACE_DEBUG1 ("    ReadAccess:  0x%02X", p_t4t->cc_file.ndef_fc.read_access);
704                 RW_TRACE_DEBUG1 ("    WriteAccess: 0x%02X", p_t4t->cc_file.ndef_fc.write_access);
705 #endif
706 
707                 if (rw_t4t_validate_cc_file ())
708                 {
709                     if (!rw_t4t_select_file (p_t4t->cc_file.ndef_fc.file_id))
710                     {
711                         rw_t4t_handle_error (NFC_STATUS_FAILED, 0, 0);
712                     }
713                     else
714                     {
715                         p_t4t->sub_state = RW_T4T_SUBSTATE_WAIT_SELECT_NDEF_FILE;
716                     }
717                     break;
718                 }
719             }
720         }
721 
722         /* invalid response or CC file */
723         p_t4t->ndef_status &= ~ (RW_T4T_NDEF_STATUS_NDEF_DETECTED);
724         rw_t4t_handle_error (NFC_STATUS_BAD_RESP, 0, 0);
725         break;
726 
727     case RW_T4T_SUBSTATE_WAIT_SELECT_NDEF_FILE:
728 
729         /* NDEF file has been selected then read the first 2 bytes (NLEN) */
730         if (!rw_t4t_read_file (0, T4T_FILE_LENGTH_SIZE, FALSE))
731         {
732             rw_t4t_handle_error (NFC_STATUS_FAILED, 0, 0);
733         }
734         else
735         {
736             p_t4t->sub_state = RW_T4T_SUBSTATE_WAIT_READ_NLEN;
737         }
738         break;
739 
740     case RW_T4T_SUBSTATE_WAIT_READ_NLEN:
741 
742         /* NLEN has been read then report upper layer */
743         if (p_r_apdu->len == T4T_FILE_LENGTH_SIZE + T4T_RSP_STATUS_WORDS_SIZE)
744         {
745             /* get length of NDEF */
746             p = (UINT8 *) (p_r_apdu + 1) + p_r_apdu->offset;
747             BE_STREAM_TO_UINT16 (nlen, p);
748 
749             if (nlen <= p_t4t->cc_file.ndef_fc.max_file_size - T4T_FILE_LENGTH_SIZE)
750             {
751                 p_t4t->ndef_status = RW_T4T_NDEF_STATUS_NDEF_DETECTED;
752 
753                 if (p_t4t->cc_file.ndef_fc.write_access != T4T_FC_WRITE_ACCESS)
754                 {
755                     p_t4t->ndef_status |= RW_T4T_NDEF_STATUS_NDEF_READ_ONLY;
756                 }
757 
758                 /* Get max bytes to read per command */
759                 if (p_t4t->cc_file.max_le >= RW_T4T_MAX_DATA_PER_READ)
760                 {
761                     p_t4t->max_read_size = RW_T4T_MAX_DATA_PER_READ;
762                 }
763                 else
764                 {
765                     p_t4t->max_read_size = p_t4t->cc_file.max_le;
766                 }
767 
768                 /* Le: valid range is 0x01 to 0xFF */
769                 if (p_t4t->max_read_size >= T4T_MAX_LENGTH_LE)
770                 {
771                     p_t4t->max_read_size = T4T_MAX_LENGTH_LE;
772                 }
773 
774                 /* Get max bytes to update per command */
775                 if (p_t4t->cc_file.max_lc >= RW_T4T_MAX_DATA_PER_WRITE)
776                 {
777                     p_t4t->max_update_size = RW_T4T_MAX_DATA_PER_WRITE;
778                 }
779                 else
780                 {
781                     p_t4t->max_update_size = p_t4t->cc_file.max_lc;
782                 }
783 
784                 /* Lc: valid range is 0x01 to 0xFF */
785                 if (p_t4t->max_update_size >= T4T_MAX_LENGTH_LC)
786                 {
787                     p_t4t->max_update_size = T4T_MAX_LENGTH_LC;
788                 }
789 
790                 p_t4t->ndef_length = nlen;
791                 p_t4t->state       = RW_T4T_STATE_IDLE;
792 
793                 if (rw_cb.p_cback)
794                 {
795                     rw_data.ndef.status   = NFC_STATUS_OK;
796                     rw_data.ndef.protocol = NFC_PROTOCOL_ISO_DEP;
797                     rw_data.ndef.max_size = (UINT32) (p_t4t->cc_file.ndef_fc.max_file_size - (UINT16) T4T_FILE_LENGTH_SIZE);
798                     rw_data.ndef.cur_size = nlen;
799                     rw_data.ndef.flags    = RW_NDEF_FL_SUPPORTED | RW_NDEF_FL_FORMATED;
800                     if (p_t4t->cc_file.ndef_fc.write_access != T4T_FC_WRITE_ACCESS)
801                     {
802                         rw_data.ndef.flags    |= RW_NDEF_FL_READ_ONLY;
803                     }
804 
805                     (*(rw_cb.p_cback)) (RW_T4T_NDEF_DETECT_EVT, &rw_data);
806 
807                     RW_TRACE_DEBUG0 ("rw_t4t_sm_detect_ndef (): Sent RW_T4T_NDEF_DETECT_EVT");
808                 }
809             }
810             else
811             {
812                 /* NLEN should be less than max file size */
813                 RW_TRACE_ERROR2 ("rw_t4t_sm_detect_ndef (): NLEN (%d) + 2 must be <= max file size (%d)",
814                                  nlen, p_t4t->cc_file.ndef_fc.max_file_size);
815 
816                 p_t4t->ndef_status &= ~ (RW_T4T_NDEF_STATUS_NDEF_DETECTED);
817                 rw_t4t_handle_error (NFC_STATUS_BAD_RESP, 0, 0);
818             }
819         }
820         else
821         {
822             /* response payload size should be T4T_FILE_LENGTH_SIZE */
823             RW_TRACE_ERROR2 ("rw_t4t_sm_detect_ndef (): Length (%d) of R-APDU must be %d",
824                              p_r_apdu->len, T4T_FILE_LENGTH_SIZE + T4T_RSP_STATUS_WORDS_SIZE);
825 
826             p_t4t->ndef_status &= ~ (RW_T4T_NDEF_STATUS_NDEF_DETECTED);
827             rw_t4t_handle_error (NFC_STATUS_BAD_RESP, 0, 0);
828         }
829         break;
830 
831     default:
832         RW_TRACE_ERROR1 ("rw_t4t_sm_detect_ndef (): unknown sub_state=%d", p_t4t->sub_state);
833         rw_t4t_handle_error (NFC_STATUS_FAILED, 0, 0);
834         break;
835     }
836 }
837 
838 /*******************************************************************************
839 **
840 ** Function         rw_t4t_sm_read_ndef
841 **
842 ** Description      State machine for NDEF read procedure
843 **
844 ** Returns          none
845 **
846 *******************************************************************************/
rw_t4t_sm_read_ndef(BT_HDR * p_r_apdu)847 static void rw_t4t_sm_read_ndef (BT_HDR *p_r_apdu)
848 {
849     tRW_T4T_CB  *p_t4t = &rw_cb.tcb.t4t;
850     UINT8       *p;
851     UINT16      status_words;
852     tRW_DATA    rw_data;
853 
854 #if (BT_TRACE_VERBOSE == TRUE)
855     RW_TRACE_DEBUG2 ("rw_t4t_sm_read_ndef (): sub_state:%s (%d)",
856                       rw_t4t_get_sub_state_name (p_t4t->sub_state), p_t4t->sub_state);
857 #else
858     RW_TRACE_DEBUG1 ("rw_t4t_sm_read_ndef (): sub_state=%d", p_t4t->sub_state);
859 #endif
860 
861     /* get status words */
862     p = (UINT8 *) (p_r_apdu + 1) + p_r_apdu->offset;
863     p += (p_r_apdu->len - T4T_RSP_STATUS_WORDS_SIZE);
864     BE_STREAM_TO_UINT16 (status_words, p);
865 
866     if (status_words != T4T_RSP_CMD_CMPLTED)
867     {
868         rw_t4t_handle_error (NFC_STATUS_CMD_NOT_CMPLTD, *(p-2), *(p-1));
869         GKI_freebuf (p_r_apdu);
870         return;
871     }
872 
873     switch (p_t4t->sub_state)
874     {
875     case RW_T4T_SUBSTATE_WAIT_READ_RESP:
876 
877         /* Read partial or complete data */
878         p_r_apdu->len -= T4T_RSP_STATUS_WORDS_SIZE;
879 
880         if ((p_r_apdu->len > 0) && (p_r_apdu->len <= p_t4t->rw_length))
881         {
882             p_t4t->rw_length -= p_r_apdu->len;
883             p_t4t->rw_offset += p_r_apdu->len;
884 
885             if (rw_cb.p_cback)
886             {
887                 rw_data.data.status = NFC_STATUS_OK;
888                 rw_data.data.p_data = p_r_apdu;
889 
890                 /* if need to read more data */
891                 if (p_t4t->rw_length > 0)
892                 {
893                     (*(rw_cb.p_cback)) (RW_T4T_NDEF_READ_EVT, &rw_data);
894 
895                     if (!rw_t4t_read_file (p_t4t->rw_offset, p_t4t->rw_length, TRUE))
896                     {
897                         rw_t4t_handle_error (NFC_STATUS_FAILED, 0, 0);
898                     }
899                 }
900                 else
901                 {
902                     p_t4t->state = RW_T4T_STATE_IDLE;
903 
904                     (*(rw_cb.p_cback)) (RW_T4T_NDEF_READ_CPLT_EVT, &rw_data);
905 
906                     RW_TRACE_DEBUG0 ("rw_t4t_sm_read_ndef (): Sent RW_T4T_NDEF_READ_CPLT_EVT");
907 
908                 }
909 
910                 p_r_apdu = NULL;
911             }
912             else
913             {
914                 p_t4t->rw_length = 0;
915                 p_t4t->state = RW_T4T_STATE_IDLE;
916             }
917         }
918         else
919         {
920             RW_TRACE_ERROR2 ("rw_t4t_sm_read_ndef (): invalid payload length (%d), rw_length (%d)",
921                              p_r_apdu->len, p_t4t->rw_length);
922             rw_t4t_handle_error (NFC_STATUS_BAD_RESP, 0, 0);
923         }
924         break;
925 
926     default:
927         RW_TRACE_ERROR1 ("rw_t4t_sm_read_ndef (): unknown sub_state = %d", p_t4t->sub_state);
928         rw_t4t_handle_error (NFC_STATUS_FAILED, 0, 0);
929         break;
930     }
931 
932     if (p_r_apdu)
933         GKI_freebuf (p_r_apdu);
934 }
935 
936 /*******************************************************************************
937 **
938 ** Function         rw_t4t_sm_update_ndef
939 **
940 ** Description      State machine for NDEF update procedure
941 **
942 ** Returns          none
943 **
944 *******************************************************************************/
rw_t4t_sm_update_ndef(BT_HDR * p_r_apdu)945 static void rw_t4t_sm_update_ndef (BT_HDR  *p_r_apdu)
946 {
947     tRW_T4T_CB  *p_t4t = &rw_cb.tcb.t4t;
948     UINT8       *p;
949     UINT16      status_words;
950     tRW_DATA    rw_data;
951 
952 #if (BT_TRACE_VERBOSE == TRUE)
953     RW_TRACE_DEBUG2 ("rw_t4t_sm_update_ndef (): sub_state:%s (%d)",
954                       rw_t4t_get_sub_state_name (p_t4t->sub_state), p_t4t->sub_state);
955 #else
956     RW_TRACE_DEBUG1 ("rw_t4t_sm_update_ndef (): sub_state=%d", p_t4t->sub_state);
957 #endif
958 
959     /* Get status words */
960     p = (UINT8 *) (p_r_apdu + 1) + p_r_apdu->offset;
961     p += (p_r_apdu->len - T4T_RSP_STATUS_WORDS_SIZE);
962     BE_STREAM_TO_UINT16 (status_words, p);
963 
964     if (status_words != T4T_RSP_CMD_CMPLTED)
965     {
966         rw_t4t_handle_error (NFC_STATUS_CMD_NOT_CMPLTD, *(p-2), *(p-1));
967         return;
968     }
969 
970     switch (p_t4t->sub_state)
971     {
972     case RW_T4T_SUBSTATE_WAIT_UPDATE_NLEN:
973 
974         /* NLEN has been updated */
975         /* if need to update data */
976         if (p_t4t->p_update_data)
977         {
978             p_t4t->sub_state = RW_T4T_SUBSTATE_WAIT_UPDATE_RESP;
979 
980             if (!rw_t4t_update_file ())
981             {
982                 rw_t4t_handle_error (NFC_STATUS_FAILED, 0, 0);
983                 p_t4t->p_update_data = NULL;
984             }
985         }
986         else
987         {
988             p_t4t->state = RW_T4T_STATE_IDLE;
989 
990             /* just finished last step of updating (updating NLEN) */
991             if (rw_cb.p_cback)
992             {
993                 rw_data.status = NFC_STATUS_OK;
994 
995                 (*(rw_cb.p_cback)) (RW_T4T_NDEF_UPDATE_CPLT_EVT, &rw_data);
996                 RW_TRACE_DEBUG0 ("rw_t4t_sm_update_ndef (): Sent RW_T4T_NDEF_UPDATE_CPLT_EVT");
997             }
998         }
999         break;
1000 
1001     case RW_T4T_SUBSTATE_WAIT_UPDATE_RESP:
1002 
1003         /* if updating is not completed */
1004         if (p_t4t->rw_length > 0)
1005         {
1006             if (!rw_t4t_update_file ())
1007             {
1008                 rw_t4t_handle_error (NFC_STATUS_FAILED, 0, 0);
1009                 p_t4t->p_update_data = NULL;
1010             }
1011         }
1012         else
1013         {
1014             p_t4t->p_update_data = NULL;
1015 
1016             /* update NLEN as last step of updating file */
1017             if (!rw_t4t_update_nlen (p_t4t->ndef_length))
1018             {
1019                 rw_t4t_handle_error (NFC_STATUS_FAILED, 0, 0);
1020             }
1021             else
1022             {
1023                 p_t4t->sub_state = RW_T4T_SUBSTATE_WAIT_UPDATE_NLEN;
1024             }
1025         }
1026         break;
1027 
1028     default:
1029         RW_TRACE_ERROR1 ("rw_t4t_sm_update_ndef (): unknown sub_state = %d", p_t4t->sub_state);
1030         rw_t4t_handle_error (NFC_STATUS_FAILED, 0, 0);
1031         break;
1032     }
1033 }
1034 
1035 /*******************************************************************************
1036 **
1037 ** Function         rw_t4t_sm_set_readonly
1038 **
1039 ** Description      State machine for CC update procedure
1040 **
1041 ** Returns          none
1042 **
1043 *******************************************************************************/
rw_t4t_sm_set_readonly(BT_HDR * p_r_apdu)1044 static void rw_t4t_sm_set_readonly (BT_HDR  *p_r_apdu)
1045 {
1046     tRW_T4T_CB  *p_t4t = &rw_cb.tcb.t4t;
1047     UINT8       *p;
1048     UINT16      status_words;
1049     tRW_DATA    rw_data;
1050 
1051 #if (BT_TRACE_VERBOSE == TRUE)
1052     RW_TRACE_DEBUG2 ("rw_t4t_sm_set_readonly (): sub_state:%s (%d)",
1053                       rw_t4t_get_sub_state_name (p_t4t->sub_state), p_t4t->sub_state);
1054 #else
1055     RW_TRACE_DEBUG1 ("rw_t4t_sm_set_readonly (): sub_state=%d", p_t4t->sub_state);
1056 #endif
1057 
1058     /* Get status words */
1059     p = (UINT8 *) (p_r_apdu + 1) + p_r_apdu->offset;
1060     p += (p_r_apdu->len - T4T_RSP_STATUS_WORDS_SIZE);
1061     BE_STREAM_TO_UINT16 (status_words, p);
1062 
1063     if (status_words != T4T_RSP_CMD_CMPLTED)
1064     {
1065         rw_t4t_handle_error (NFC_STATUS_CMD_NOT_CMPLTD, *(p-2), *(p-1));
1066         return;
1067     }
1068 
1069     switch (p_t4t->sub_state)
1070     {
1071     case RW_T4T_SUBSTATE_WAIT_SELECT_CC:
1072 
1073         /* CC file has been selected then update write access to read-only in CC file */
1074         if (!rw_t4t_update_cc_to_readonly ())
1075         {
1076             rw_t4t_handle_error (NFC_STATUS_FAILED, 0, 0);
1077         }
1078         else
1079         {
1080             p_t4t->sub_state = RW_T4T_SUBSTATE_WAIT_UPDATE_CC;
1081         }
1082         break;
1083 
1084     case RW_T4T_SUBSTATE_WAIT_UPDATE_CC:
1085         /* CC Updated, Select NDEF File to allow NDEF operation */
1086         p_t4t->cc_file.ndef_fc.write_access = T4T_FC_NO_WRITE_ACCESS;
1087         p_t4t->ndef_status |= RW_T4T_NDEF_STATUS_NDEF_READ_ONLY;
1088 
1089         if (!rw_t4t_select_file (p_t4t->cc_file.ndef_fc.file_id))
1090         {
1091             rw_t4t_handle_error (NFC_STATUS_FAILED, 0, 0);
1092         }
1093         else
1094         {
1095             p_t4t->sub_state = RW_T4T_SUBSTATE_WAIT_SELECT_NDEF_FILE;
1096         }
1097         break;
1098 
1099     case RW_T4T_SUBSTATE_WAIT_SELECT_NDEF_FILE:
1100         p_t4t->state = RW_T4T_STATE_IDLE;
1101         /* just finished last step of configuring tag read only (Selecting NDEF file CC) */
1102         if (rw_cb.p_cback)
1103         {
1104             rw_data.status = NFC_STATUS_OK;
1105 
1106             RW_TRACE_DEBUG0 ("rw_t4t_sm_set_readonly (): Sent RW_T4T_SET_TO_RO_EVT");
1107             (*(rw_cb.p_cback)) (RW_T4T_SET_TO_RO_EVT, &rw_data);
1108         }
1109         break;
1110 
1111     default:
1112         RW_TRACE_ERROR1 ("rw_t4t_sm_set_readonly (): unknown sub_state = %d", p_t4t->sub_state);
1113         rw_t4t_handle_error (NFC_STATUS_FAILED, 0, 0);
1114         break;
1115     }
1116 }
1117 
1118 /*******************************************************************************
1119 **
1120 ** Function         rw_t4t_process_timeout
1121 **
1122 ** Description      process timeout event
1123 **
1124 ** Returns          none
1125 **
1126 *******************************************************************************/
rw_t4t_process_timeout(TIMER_LIST_ENT * p_tle)1127 void rw_t4t_process_timeout (TIMER_LIST_ENT *p_tle)
1128 {
1129     RW_TRACE_DEBUG1 ("rw_t4t_process_timeout () event=%d", p_tle->event);
1130 
1131     if (p_tle->event == NFC_TTYPE_RW_T4T_RESPONSE)
1132     {
1133         rw_t4t_handle_error (NFC_STATUS_TIMEOUT, 0, 0);
1134     }
1135     else
1136     {
1137         RW_TRACE_ERROR1 ("rw_t4t_process_timeout () unknown event=%d", p_tle->event);
1138     }
1139 }
1140 
1141 /*******************************************************************************
1142 **
1143 ** Function         rw_t4t_data_cback
1144 **
1145 ** Description      This callback function receives the data from NFCC.
1146 **
1147 ** Returns          none
1148 **
1149 *******************************************************************************/
rw_t4t_data_cback(UINT8 conn_id,tNFC_CONN_EVT event,tNFC_CONN * p_data)1150 static void rw_t4t_data_cback (UINT8 conn_id, tNFC_CONN_EVT event, tNFC_CONN *p_data)
1151 {
1152     tRW_T4T_CB *p_t4t    = &rw_cb.tcb.t4t;
1153     BT_HDR     *p_r_apdu = (BT_HDR *) p_data->data.p_data;
1154     tRW_DATA    rw_data;
1155 
1156 #if (BT_TRACE_VERBOSE == TRUE)
1157     UINT8  begin_state   = p_t4t->state;
1158 #endif
1159 
1160     RW_TRACE_DEBUG1 ("rw_t4t_data_cback () event = 0x%X", event);
1161     nfc_stop_quick_timer (&p_t4t->timer);
1162 
1163     switch (event)
1164     {
1165     case NFC_DEACTIVATE_CEVT:
1166         NFC_SetStaticRfCback (NULL);
1167         p_t4t->state = RW_T4T_STATE_NOT_ACTIVATED;
1168         return;
1169 
1170     case NFC_ERROR_CEVT:
1171         if (p_t4t->state == RW_T4T_STATE_PRESENCE_CHECK)
1172         {
1173             p_t4t->state   = RW_T4T_STATE_IDLE;
1174             rw_data.status = NFC_STATUS_FAILED;
1175             (*(rw_cb.p_cback)) (RW_T4T_PRESENCE_CHECK_EVT, &rw_data);
1176         }
1177         else
1178         {
1179             p_t4t->state   = RW_T4T_STATE_IDLE;
1180             rw_data.status = (tNFC_STATUS) (*(UINT8*) p_data);
1181             (*(rw_cb.p_cback)) (RW_T4T_INTF_ERROR_EVT, &rw_data);
1182         }
1183         return;
1184 
1185     case NFC_DATA_CEVT:
1186         break;
1187 
1188     default:
1189         return;
1190     }
1191 
1192 #if (BT_TRACE_PROTOCOL == TRUE)
1193     DispRWT4Tags (p_r_apdu, TRUE);
1194 #endif
1195 
1196 #if (BT_TRACE_VERBOSE == TRUE)
1197     RW_TRACE_DEBUG2 ("RW T4T state: <%s (%d)>",
1198                         rw_t4t_get_state_name (p_t4t->state), p_t4t->state);
1199 #else
1200     RW_TRACE_DEBUG1 ("RW T4T state: %d", p_t4t->state);
1201 #endif
1202 
1203     switch (p_t4t->state)
1204     {
1205     case RW_T4T_STATE_IDLE:
1206         /* Unexpected R-APDU, it should be raw frame response */
1207         /* forward to upper layer without parsing */
1208         if (rw_cb.p_cback)
1209         {
1210             rw_data.raw_frame.status = NFC_STATUS_OK;
1211             rw_data.raw_frame.p_data = p_r_apdu;
1212             (*(rw_cb.p_cback)) (RW_T4T_RAW_FRAME_EVT, &rw_data);
1213             p_r_apdu = NULL;
1214         }
1215         else
1216         {
1217             GKI_freebuf (p_r_apdu);
1218         }
1219         break;
1220     case RW_T4T_STATE_DETECT_NDEF:
1221         rw_t4t_sm_detect_ndef (p_r_apdu);
1222         GKI_freebuf (p_r_apdu);
1223         break;
1224     case RW_T4T_STATE_READ_NDEF:
1225         rw_t4t_sm_read_ndef (p_r_apdu);
1226         /* p_r_apdu may send upper lyaer */
1227         break;
1228     case RW_T4T_STATE_UPDATE_NDEF:
1229         rw_t4t_sm_update_ndef (p_r_apdu);
1230         GKI_freebuf (p_r_apdu);
1231         break;
1232     case RW_T4T_STATE_PRESENCE_CHECK:
1233         /* if any response, send presence check with ok */
1234         rw_data.status = NFC_STATUS_OK;
1235         p_t4t->state = RW_T4T_STATE_IDLE;
1236         (*(rw_cb.p_cback)) (RW_T4T_PRESENCE_CHECK_EVT, &rw_data);
1237         GKI_freebuf (p_r_apdu);
1238         break;
1239     case RW_T4T_STATE_SET_READ_ONLY:
1240         rw_t4t_sm_set_readonly (p_r_apdu);
1241         GKI_freebuf (p_r_apdu);
1242         break;
1243     default:
1244         RW_TRACE_ERROR1 ("rw_t4t_data_cback (): invalid state=%d", p_t4t->state);
1245         GKI_freebuf (p_r_apdu);
1246         break;
1247     }
1248 
1249 #if (BT_TRACE_VERBOSE == TRUE)
1250     if (begin_state != p_t4t->state)
1251     {
1252         RW_TRACE_DEBUG2 ("RW T4T state changed:<%s> -> <%s>",
1253                           rw_t4t_get_state_name (begin_state),
1254                           rw_t4t_get_state_name (p_t4t->state));
1255     }
1256 #endif
1257 }
1258 
1259 
1260 /*******************************************************************************
1261 **
1262 ** Function         rw_t4t_select
1263 **
1264 ** Description      Initialise T4T
1265 **
1266 ** Returns          NFC_STATUS_OK if success
1267 **
1268 *******************************************************************************/
rw_t4t_select(void)1269 tNFC_STATUS rw_t4t_select (void)
1270 {
1271     tRW_T4T_CB  *p_t4t = &rw_cb.tcb.t4t;
1272 
1273     RW_TRACE_DEBUG0 ("rw_t4t_select ()");
1274 
1275     NFC_SetStaticRfCback (rw_t4t_data_cback);
1276 
1277     p_t4t->state   = RW_T4T_STATE_IDLE;
1278     p_t4t->version = T4T_MY_VERSION;
1279 
1280     /* set it min of max R-APDU data size before reading CC file */
1281     p_t4t->cc_file.max_le = T4T_MIN_MLE;
1282 
1283     /* These will be udated during NDEF detection */
1284     p_t4t->max_read_size   = T4T_MAX_LENGTH_LE;
1285     p_t4t->max_update_size = T4T_MAX_LENGTH_LC;
1286 
1287     return NFC_STATUS_OK;
1288 }
1289 
1290 /*******************************************************************************
1291 **
1292 ** Function         RW_T4tDetectNDef
1293 **
1294 ** Description      This function performs NDEF detection procedure
1295 **
1296 **                  RW_T4T_NDEF_DETECT_EVT will be returned
1297 **
1298 ** Returns          NFC_STATUS_OK if success
1299 **                  NFC_STATUS_FAILED if T4T is busy or other error
1300 **
1301 *******************************************************************************/
RW_T4tDetectNDef(void)1302 tNFC_STATUS RW_T4tDetectNDef (void)
1303 {
1304     RW_TRACE_API0 ("RW_T4tDetectNDef ()");
1305 
1306     if (rw_cb.tcb.t4t.state != RW_T4T_STATE_IDLE)
1307     {
1308         RW_TRACE_ERROR1 ("RW_T4tDetectNDef ():Unable to start command at state (0x%X)",
1309                           rw_cb.tcb.t4t.state);
1310         return NFC_STATUS_FAILED;
1311     }
1312 
1313     if (rw_cb.tcb.t4t.ndef_status & RW_T4T_NDEF_STATUS_NDEF_DETECTED)
1314     {
1315         /* NDEF Tag application has been selected then select CC file */
1316         if (!rw_t4t_select_file (T4T_CC_FILE_ID))
1317         {
1318             return NFC_STATUS_FAILED;
1319         }
1320         rw_cb.tcb.t4t.sub_state = RW_T4T_SUBSTATE_WAIT_SELECT_CC;
1321     }
1322     else
1323     {
1324         /* Select NDEF Tag Application */
1325         if (!rw_t4t_select_application (rw_cb.tcb.t4t.version))
1326         {
1327             return NFC_STATUS_FAILED;
1328         }
1329         rw_cb.tcb.t4t.sub_state = RW_T4T_SUBSTATE_WAIT_SELECT_APP;
1330     }
1331 
1332     rw_cb.tcb.t4t.state     = RW_T4T_STATE_DETECT_NDEF;
1333 
1334     return NFC_STATUS_OK;
1335 }
1336 
1337 /*******************************************************************************
1338 **
1339 ** Function         RW_T4tReadNDef
1340 **
1341 ** Description      This function performs NDEF read procedure
1342 **                  Note: RW_T4tDetectNDef () must be called before using this
1343 **
1344 **                  The following event will be returned
1345 **                      RW_T4T_NDEF_READ_EVT for each segmented NDEF message
1346 **                      RW_T4T_NDEF_READ_CPLT_EVT for the last segment or complete NDEF
1347 **                      RW_T4T_NDEF_READ_FAIL_EVT for failure
1348 **
1349 ** Returns          NFC_STATUS_OK if success
1350 **                  NFC_STATUS_FAILED if T4T is busy or other error
1351 **
1352 *******************************************************************************/
RW_T4tReadNDef(void)1353 tNFC_STATUS RW_T4tReadNDef (void)
1354 {
1355     RW_TRACE_API0 ("RW_T4tReadNDef ()");
1356 
1357     if (rw_cb.tcb.t4t.state != RW_T4T_STATE_IDLE)
1358     {
1359         RW_TRACE_ERROR1 ("RW_T4tReadNDef ():Unable to start command at state (0x%X)",
1360                           rw_cb.tcb.t4t.state);
1361         return NFC_STATUS_FAILED;
1362     }
1363 
1364     /* if NDEF has been detected */
1365     if (rw_cb.tcb.t4t.ndef_status & RW_T4T_NDEF_STATUS_NDEF_DETECTED)
1366     {
1367         /* start reading NDEF */
1368         if (!rw_t4t_read_file (T4T_FILE_LENGTH_SIZE, rw_cb.tcb.t4t.ndef_length, FALSE))
1369         {
1370             return NFC_STATUS_FAILED;
1371         }
1372 
1373         rw_cb.tcb.t4t.state     = RW_T4T_STATE_READ_NDEF;
1374         rw_cb.tcb.t4t.sub_state = RW_T4T_SUBSTATE_WAIT_READ_RESP;
1375 
1376         return NFC_STATUS_OK;
1377     }
1378     else
1379     {
1380         RW_TRACE_ERROR0 ("RW_T4tReadNDef ():No NDEF detected");
1381         return NFC_STATUS_FAILED;
1382     }
1383 }
1384 
1385 /*******************************************************************************
1386 **
1387 ** Function         RW_T4tUpdateNDef
1388 **
1389 ** Description      This function performs NDEF update procedure
1390 **                  Note: RW_T4tDetectNDef () must be called before using this
1391 **                        Updating data must not be removed until returning event
1392 **
1393 **                  The following event will be returned
1394 **                      RW_T4T_NDEF_UPDATE_CPLT_EVT for complete
1395 **                      RW_T4T_NDEF_UPDATE_FAIL_EVT for failure
1396 **
1397 ** Returns          NFC_STATUS_OK if success
1398 **                  NFC_STATUS_FAILED if T4T is busy or other error
1399 **
1400 *******************************************************************************/
RW_T4tUpdateNDef(UINT16 length,UINT8 * p_data)1401 tNFC_STATUS RW_T4tUpdateNDef (UINT16 length, UINT8 *p_data)
1402 {
1403     RW_TRACE_API1 ("RW_T4tUpdateNDef () length:%d", length);
1404 
1405     if (rw_cb.tcb.t4t.state != RW_T4T_STATE_IDLE)
1406     {
1407         RW_TRACE_ERROR1 ("RW_T4tUpdateNDef ():Unable to start command at state (0x%X)",
1408                           rw_cb.tcb.t4t.state);
1409         return NFC_STATUS_FAILED;
1410     }
1411 
1412     /* if NDEF has been detected */
1413     if (rw_cb.tcb.t4t.ndef_status & RW_T4T_NDEF_STATUS_NDEF_DETECTED)
1414     {
1415         /* if read-only */
1416         if (rw_cb.tcb.t4t.ndef_status & RW_T4T_NDEF_STATUS_NDEF_READ_ONLY)
1417         {
1418             RW_TRACE_ERROR0 ("RW_T4tUpdateNDef ():NDEF is read-only");
1419             return NFC_STATUS_FAILED;
1420         }
1421 
1422         if (rw_cb.tcb.t4t.cc_file.ndef_fc.max_file_size < length + T4T_FILE_LENGTH_SIZE)
1423         {
1424             RW_TRACE_ERROR2 ("RW_T4tUpdateNDef ():data (%d bytes) plus NLEN is more than max file size (%d)",
1425                               length, rw_cb.tcb.t4t.cc_file.ndef_fc.max_file_size);
1426             return NFC_STATUS_FAILED;
1427         }
1428 
1429         /* store NDEF length and data */
1430         rw_cb.tcb.t4t.ndef_length   = length;
1431         rw_cb.tcb.t4t.p_update_data = p_data;
1432 
1433         rw_cb.tcb.t4t.rw_offset     = T4T_FILE_LENGTH_SIZE;
1434         rw_cb.tcb.t4t.rw_length     = length;
1435 
1436         /* set NLEN to 0x0000 for the first step */
1437         if (!rw_t4t_update_nlen (0x0000))
1438         {
1439             return NFC_STATUS_FAILED;
1440         }
1441 
1442         rw_cb.tcb.t4t.state     = RW_T4T_STATE_UPDATE_NDEF;
1443         rw_cb.tcb.t4t.sub_state = RW_T4T_SUBSTATE_WAIT_UPDATE_NLEN;
1444 
1445         return NFC_STATUS_OK;
1446     }
1447     else
1448     {
1449         RW_TRACE_ERROR0 ("RW_T4tUpdateNDef ():No NDEF detected");
1450         return NFC_STATUS_FAILED;
1451     }
1452 }
1453 
1454 /*****************************************************************************
1455 **
1456 ** Function         RW_T4tPresenceCheck
1457 **
1458 ** Description
1459 **      Check if the tag is still in the field.
1460 **
1461 **      The RW_T4T_PRESENCE_CHECK_EVT w/ status is used to indicate presence
1462 **      or non-presence.
1463 **
1464 ** Returns
1465 **      NFC_STATUS_OK, if raw data frame sent
1466 **      NFC_STATUS_NO_BUFFERS: unable to allocate a buffer for this operation
1467 **      NFC_STATUS_FAILED: other error
1468 **
1469 *****************************************************************************/
RW_T4tPresenceCheck(void)1470 tNFC_STATUS RW_T4tPresenceCheck (void)
1471 {
1472     tNFC_STATUS retval = NFC_STATUS_OK;
1473     tRW_DATA    evt_data;
1474 
1475     RW_TRACE_API0 ("RW_T4tPresenceCheck ()");
1476 
1477     /* If RW_SelectTagType was not called (no conn_callback) return failure */
1478     if (!rw_cb.p_cback)
1479     {
1480         retval = NFC_STATUS_FAILED;
1481     }
1482     /* If we are not activated, then RW_T4T_PRESENCE_CHECK_EVT with NFC_STATUS_FAILED */
1483     else if (rw_cb.tcb.t4t.state == RW_T4T_STATE_NOT_ACTIVATED)
1484     {
1485         evt_data.status = NFC_STATUS_FAILED;
1486         (*rw_cb.p_cback) (RW_T4T_PRESENCE_CHECK_EVT, &evt_data);
1487     }
1488     /* If command is pending, assume tag is still present */
1489     else if (rw_cb.tcb.t4t.state != RW_T4T_STATE_IDLE)
1490     {
1491         evt_data.status = NFC_STATUS_OK;
1492         (*rw_cb.p_cback) (RW_T4T_PRESENCE_CHECK_EVT, &evt_data);
1493     }
1494     else
1495     {
1496         if (rw_t4t_read_file (0, 1, FALSE))
1497         {
1498             rw_cb.tcb.t4t.state = RW_T4T_STATE_PRESENCE_CHECK;
1499         }
1500         else
1501         {
1502             retval = NFC_STATUS_NO_BUFFERS;
1503         }
1504     }
1505 
1506     return (retval);
1507 }
1508 
1509 /*****************************************************************************
1510 **
1511 ** Function         RW_T4tSetNDefReadOnly
1512 **
1513 ** Description      This function performs NDEF read-only procedure
1514 **                  Note: RW_T4tDetectNDef() must be called before using this
1515 **
1516 **                  The RW_T4T_SET_TO_RO_EVT event will be returned.
1517 **
1518 ** Returns          NFC_STATUS_OK if success
1519 **                  NFC_STATUS_FAILED if T4T is busy or other error
1520 **
1521 *****************************************************************************/
RW_T4tSetNDefReadOnly(void)1522 tNFC_STATUS RW_T4tSetNDefReadOnly (void)
1523 {
1524     tNFC_STATUS retval = NFC_STATUS_OK;
1525     tRW_DATA    evt_data;
1526 
1527     RW_TRACE_API0 ("RW_T4tSetNDefReadOnly ()");
1528 
1529     if (rw_cb.tcb.t4t.state != RW_T4T_STATE_IDLE)
1530     {
1531         RW_TRACE_ERROR1 ("RW_T4tSetNDefReadOnly ():Unable to start command at state (0x%X)",
1532                           rw_cb.tcb.t4t.state);
1533         return NFC_STATUS_FAILED;
1534     }
1535 
1536     /* if NDEF has been detected */
1537     if (rw_cb.tcb.t4t.ndef_status & RW_T4T_NDEF_STATUS_NDEF_DETECTED)
1538     {
1539         /* if read-only */
1540         if (rw_cb.tcb.t4t.ndef_status & RW_T4T_NDEF_STATUS_NDEF_READ_ONLY)
1541         {
1542             evt_data.status = NFC_STATUS_OK;
1543             (*rw_cb.p_cback) (RW_T4T_SET_TO_RO_EVT, &evt_data);
1544             return (retval);
1545         }
1546 
1547         /* NDEF Tag application has been selected then select CC file */
1548         if (!rw_t4t_select_file (T4T_CC_FILE_ID))
1549         {
1550             return NFC_STATUS_FAILED;
1551         }
1552 
1553         rw_cb.tcb.t4t.state     = RW_T4T_STATE_SET_READ_ONLY;
1554         rw_cb.tcb.t4t.sub_state = RW_T4T_SUBSTATE_WAIT_SELECT_CC;
1555 
1556         return NFC_STATUS_OK;
1557     }
1558     else
1559     {
1560         RW_TRACE_ERROR0 ("RW_T4tSetNDefReadOnly ():No NDEF detected");
1561         return NFC_STATUS_FAILED;
1562     }
1563     return (retval);
1564 }
1565 
1566 #if (BT_TRACE_VERBOSE == TRUE)
1567 /*******************************************************************************
1568 **
1569 ** Function         rw_t4t_get_state_name
1570 **
1571 ** Description      This function returns the state name.
1572 **
1573 ** NOTE             conditionally compiled to save memory.
1574 **
1575 ** Returns          pointer to the name
1576 **
1577 *******************************************************************************/
rw_t4t_get_state_name(UINT8 state)1578 static char *rw_t4t_get_state_name (UINT8 state)
1579 {
1580     switch (state)
1581     {
1582     case RW_T4T_STATE_NOT_ACTIVATED:
1583         return ("NOT_ACTIVATED");
1584     case RW_T4T_STATE_IDLE:
1585         return ("IDLE");
1586     case RW_T4T_STATE_DETECT_NDEF:
1587         return ("NDEF_DETECTION");
1588     case RW_T4T_STATE_READ_NDEF:
1589         return ("READ_NDEF");
1590     case RW_T4T_STATE_UPDATE_NDEF:
1591         return ("UPDATE_NDEF");
1592     case RW_T4T_STATE_PRESENCE_CHECK:
1593         return ("PRESENCE_CHECK");
1594     default:
1595         return ("???? UNKNOWN STATE");
1596     }
1597 }
1598 
1599 /*******************************************************************************
1600 **
1601 ** Function         rw_t4t_get_sub_state_name
1602 **
1603 ** Description      This function returns the sub_state name.
1604 **
1605 ** NOTE             conditionally compiled to save memory.
1606 **
1607 ** Returns          pointer to the name
1608 **
1609 *******************************************************************************/
rw_t4t_get_sub_state_name(UINT8 sub_state)1610 static char *rw_t4t_get_sub_state_name (UINT8 sub_state)
1611 {
1612     switch (sub_state)
1613     {
1614     case RW_T4T_SUBSTATE_WAIT_SELECT_APP:
1615         return ("WAIT_SELECT_APP");
1616     case RW_T4T_SUBSTATE_WAIT_SELECT_CC:
1617         return ("WAIT_SELECT_CC");
1618     case RW_T4T_SUBSTATE_WAIT_CC_FILE:
1619         return ("WAIT_CC_FILE");
1620     case RW_T4T_SUBSTATE_WAIT_SELECT_NDEF_FILE:
1621         return ("WAIT_SELECT_NDEF_FILE");
1622     case RW_T4T_SUBSTATE_WAIT_READ_NLEN:
1623         return ("WAIT_READ_NLEN");
1624 
1625     case RW_T4T_SUBSTATE_WAIT_READ_RESP:
1626         return ("WAIT_READ_RESP");
1627     case RW_T4T_SUBSTATE_WAIT_UPDATE_RESP:
1628         return ("WAIT_UPDATE_RESP");
1629     case RW_T4T_SUBSTATE_WAIT_UPDATE_NLEN:
1630         return ("WAIT_UPDATE_NLEN");
1631     default:
1632         return ("???? UNKNOWN SUBSTATE");
1633     }
1634 }
1635 #endif
1636 
1637 #endif /* (NFC_INCLUDED == TRUE) */
1638