1 /*
2 * NFC Digital Protocol stack
3 * Copyright (c) 2013, Intel Corporation.
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms and conditions of the GNU General Public License,
7 * version 2, as published by the Free Software Foundation.
8 *
9 * This program is distributed in the hope it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
12 * more details.
13 *
14 */
15
16 #define pr_fmt(fmt) "digital: %s: " fmt, __func__
17
18 #include "digital.h"
19
20 #define DIGITAL_CMD_SENS_REQ 0x26
21 #define DIGITAL_CMD_ALL_REQ 0x52
22 #define DIGITAL_CMD_SEL_REQ_CL1 0x93
23 #define DIGITAL_CMD_SEL_REQ_CL2 0x95
24 #define DIGITAL_CMD_SEL_REQ_CL3 0x97
25
26 #define DIGITAL_SDD_REQ_SEL_PAR 0x20
27
28 #define DIGITAL_SDD_RES_CT 0x88
29 #define DIGITAL_SDD_RES_LEN 5
30 #define DIGITAL_SEL_RES_LEN 1
31
32 #define DIGITAL_SEL_RES_NFCID1_COMPLETE(sel_res) (!((sel_res) & 0x04))
33 #define DIGITAL_SEL_RES_IS_T2T(sel_res) (!((sel_res) & 0x60))
34 #define DIGITAL_SEL_RES_IS_T4T(sel_res) ((sel_res) & 0x20)
35 #define DIGITAL_SEL_RES_IS_NFC_DEP(sel_res) ((sel_res) & 0x40)
36
37 #define DIGITAL_SENS_RES_IS_T1T(sens_res) (((sens_res) & 0x0C00) == 0x0C00)
38 #define DIGITAL_SENS_RES_IS_VALID(sens_res) \
39 ((!((sens_res) & 0x001F) && (((sens_res) & 0x0C00) == 0x0C00)) || \
40 (((sens_res) & 0x001F) && ((sens_res) & 0x0C00) != 0x0C00))
41
42 #define DIGITAL_MIFARE_READ_RES_LEN 16
43 #define DIGITAL_MIFARE_ACK_RES 0x0A
44
45 #define DIGITAL_CMD_SENSB_REQ 0x05
46 #define DIGITAL_SENSB_ADVANCED BIT(5)
47 #define DIGITAL_SENSB_EXTENDED BIT(4)
48 #define DIGITAL_SENSB_ALLB_REQ BIT(3)
49 #define DIGITAL_SENSB_N(n) ((n) & 0x7)
50
51 #define DIGITAL_CMD_SENSB_RES 0x50
52
53 #define DIGITAL_CMD_ATTRIB_REQ 0x1D
54 #define DIGITAL_ATTRIB_P1_TR0_DEFAULT (0x0 << 6)
55 #define DIGITAL_ATTRIB_P1_TR1_DEFAULT (0x0 << 4)
56 #define DIGITAL_ATTRIB_P1_SUPRESS_EOS BIT(3)
57 #define DIGITAL_ATTRIB_P1_SUPRESS_SOS BIT(2)
58 #define DIGITAL_ATTRIB_P2_LISTEN_POLL_1 (0x0 << 6)
59 #define DIGITAL_ATTRIB_P2_POLL_LISTEN_1 (0x0 << 4)
60 #define DIGITAL_ATTRIB_P2_MAX_FRAME_256 0x8
61 #define DIGITAL_ATTRIB_P4_DID(n) ((n) & 0xf)
62
63 #define DIGITAL_CMD_SENSF_REQ 0x00
64 #define DIGITAL_CMD_SENSF_RES 0x01
65
66 #define DIGITAL_SENSF_RES_MIN_LENGTH 17
67 #define DIGITAL_SENSF_RES_RD_AP_B1 0x00
68 #define DIGITAL_SENSF_RES_RD_AP_B2 0x8F
69
70 #define DIGITAL_SENSF_REQ_RC_NONE 0
71 #define DIGITAL_SENSF_REQ_RC_SC 1
72 #define DIGITAL_SENSF_REQ_RC_AP 2
73
74 #define DIGITAL_CMD_ISO15693_INVENTORY_REQ 0x01
75
76 #define DIGITAL_ISO15693_REQ_FLAG_DATA_RATE BIT(1)
77 #define DIGITAL_ISO15693_REQ_FLAG_INVENTORY BIT(2)
78 #define DIGITAL_ISO15693_REQ_FLAG_NB_SLOTS BIT(5)
79 #define DIGITAL_ISO15693_RES_FLAG_ERROR BIT(0)
80 #define DIGITAL_ISO15693_RES_IS_VALID(flags) \
81 (!((flags) & DIGITAL_ISO15693_RES_FLAG_ERROR))
82
83 #define DIGITAL_ISO_DEP_I_PCB 0x02
84 #define DIGITAL_ISO_DEP_PNI(pni) ((pni) & 0x01)
85
86 #define DIGITAL_ISO_DEP_PCB_TYPE(pcb) ((pcb) & 0xC0)
87
88 #define DIGITAL_ISO_DEP_I_BLOCK 0x00
89
90 #define DIGITAL_ISO_DEP_BLOCK_HAS_DID(pcb) ((pcb) & 0x08)
91
92 static const u8 digital_ats_fsc[] = {
93 16, 24, 32, 40, 48, 64, 96, 128,
94 };
95
96 #define DIGITAL_ATS_FSCI(t0) ((t0) & 0x0F)
97 #define DIGITAL_SENSB_FSCI(pi2) (((pi2) & 0xF0) >> 4)
98 #define DIGITAL_ATS_MAX_FSC 256
99
100 #define DIGITAL_RATS_BYTE1 0xE0
101 #define DIGITAL_RATS_PARAM 0x80
102
103 struct digital_sdd_res {
104 u8 nfcid1[4];
105 u8 bcc;
106 } __packed;
107
108 struct digital_sel_req {
109 u8 sel_cmd;
110 u8 b2;
111 u8 nfcid1[4];
112 u8 bcc;
113 } __packed;
114
115 struct digital_sensb_req {
116 u8 cmd;
117 u8 afi;
118 u8 param;
119 } __packed;
120
121 struct digital_sensb_res {
122 u8 cmd;
123 u8 nfcid0[4];
124 u8 app_data[4];
125 u8 proto_info[3];
126 } __packed;
127
128 struct digital_attrib_req {
129 u8 cmd;
130 u8 nfcid0[4];
131 u8 param1;
132 u8 param2;
133 u8 param3;
134 u8 param4;
135 } __packed;
136
137 struct digital_attrib_res {
138 u8 mbli_did;
139 } __packed;
140
141 struct digital_sensf_req {
142 u8 cmd;
143 u8 sc1;
144 u8 sc2;
145 u8 rc;
146 u8 tsn;
147 } __packed;
148
149 struct digital_sensf_res {
150 u8 cmd;
151 u8 nfcid2[8];
152 u8 pad0[2];
153 u8 pad1[3];
154 u8 mrti_check;
155 u8 mrti_update;
156 u8 pad2;
157 u8 rd[2];
158 } __packed;
159
160 struct digital_iso15693_inv_req {
161 u8 flags;
162 u8 cmd;
163 u8 mask_len;
164 u64 mask;
165 } __packed;
166
167 struct digital_iso15693_inv_res {
168 u8 flags;
169 u8 dsfid;
170 u64 uid;
171 } __packed;
172
173 static int digital_in_send_sdd_req(struct nfc_digital_dev *ddev,
174 struct nfc_target *target);
175
digital_in_iso_dep_pull_sod(struct nfc_digital_dev * ddev,struct sk_buff * skb)176 int digital_in_iso_dep_pull_sod(struct nfc_digital_dev *ddev,
177 struct sk_buff *skb)
178 {
179 u8 pcb;
180 u8 block_type;
181
182 if (skb->len < 1)
183 return -EIO;
184
185 pcb = *skb->data;
186 block_type = DIGITAL_ISO_DEP_PCB_TYPE(pcb);
187
188 /* No support fo R-block nor S-block */
189 if (block_type != DIGITAL_ISO_DEP_I_BLOCK) {
190 pr_err("ISO_DEP R-block and S-block not supported\n");
191 return -EIO;
192 }
193
194 if (DIGITAL_ISO_DEP_BLOCK_HAS_DID(pcb)) {
195 pr_err("DID field in ISO_DEP PCB not supported\n");
196 return -EIO;
197 }
198
199 skb_pull(skb, 1);
200
201 return 0;
202 }
203
digital_in_iso_dep_push_sod(struct nfc_digital_dev * ddev,struct sk_buff * skb)204 int digital_in_iso_dep_push_sod(struct nfc_digital_dev *ddev,
205 struct sk_buff *skb)
206 {
207 /*
208 * Chaining not supported so skb->len + 1 PCB byte + 2 CRC bytes must
209 * not be greater than remote FSC
210 */
211 if (skb->len + 3 > ddev->target_fsc)
212 return -EIO;
213
214 skb_push(skb, 1);
215
216 *skb->data = DIGITAL_ISO_DEP_I_PCB | ddev->curr_nfc_dep_pni;
217
218 ddev->curr_nfc_dep_pni =
219 DIGITAL_ISO_DEP_PNI(ddev->curr_nfc_dep_pni + 1);
220
221 return 0;
222 }
223
digital_in_recv_ats(struct nfc_digital_dev * ddev,void * arg,struct sk_buff * resp)224 static void digital_in_recv_ats(struct nfc_digital_dev *ddev, void *arg,
225 struct sk_buff *resp)
226 {
227 struct nfc_target *target = arg;
228 u8 fsdi;
229 int rc;
230
231 if (IS_ERR(resp)) {
232 rc = PTR_ERR(resp);
233 resp = NULL;
234 goto exit;
235 }
236
237 if (resp->len < 2) {
238 rc = -EIO;
239 goto exit;
240 }
241
242 fsdi = DIGITAL_ATS_FSCI(resp->data[1]);
243 if (fsdi >= 8)
244 ddev->target_fsc = DIGITAL_ATS_MAX_FSC;
245 else
246 ddev->target_fsc = digital_ats_fsc[fsdi];
247
248 ddev->curr_nfc_dep_pni = 0;
249
250 rc = digital_target_found(ddev, target, NFC_PROTO_ISO14443);
251
252 exit:
253 dev_kfree_skb(resp);
254 kfree(target);
255
256 if (rc)
257 digital_poll_next_tech(ddev);
258 }
259
digital_in_send_rats(struct nfc_digital_dev * ddev,struct nfc_target * target)260 static int digital_in_send_rats(struct nfc_digital_dev *ddev,
261 struct nfc_target *target)
262 {
263 int rc;
264 struct sk_buff *skb;
265
266 skb = digital_skb_alloc(ddev, 2);
267 if (!skb)
268 return -ENOMEM;
269
270 skb_put_u8(skb, DIGITAL_RATS_BYTE1);
271 skb_put_u8(skb, DIGITAL_RATS_PARAM);
272
273 rc = digital_in_send_cmd(ddev, skb, 30, digital_in_recv_ats,
274 target);
275 if (rc)
276 kfree_skb(skb);
277
278 return rc;
279 }
280
digital_in_recv_sel_res(struct nfc_digital_dev * ddev,void * arg,struct sk_buff * resp)281 static void digital_in_recv_sel_res(struct nfc_digital_dev *ddev, void *arg,
282 struct sk_buff *resp)
283 {
284 struct nfc_target *target = arg;
285 int rc;
286 u8 sel_res;
287 u8 nfc_proto;
288
289 if (IS_ERR(resp)) {
290 rc = PTR_ERR(resp);
291 resp = NULL;
292 goto exit;
293 }
294
295 if (!DIGITAL_DRV_CAPS_IN_CRC(ddev)) {
296 rc = digital_skb_check_crc_a(resp);
297 if (rc) {
298 PROTOCOL_ERR("4.4.1.3");
299 goto exit;
300 }
301 }
302
303 if (resp->len != DIGITAL_SEL_RES_LEN) {
304 rc = -EIO;
305 goto exit;
306 }
307
308 sel_res = resp->data[0];
309
310 if (!DIGITAL_SEL_RES_NFCID1_COMPLETE(sel_res)) {
311 rc = digital_in_send_sdd_req(ddev, target);
312 if (rc)
313 goto exit;
314
315 goto exit_free_skb;
316 }
317
318 target->sel_res = sel_res;
319
320 if (DIGITAL_SEL_RES_IS_T2T(sel_res)) {
321 nfc_proto = NFC_PROTO_MIFARE;
322 } else if (DIGITAL_SEL_RES_IS_NFC_DEP(sel_res)) {
323 nfc_proto = NFC_PROTO_NFC_DEP;
324 } else if (DIGITAL_SEL_RES_IS_T4T(sel_res)) {
325 rc = digital_in_send_rats(ddev, target);
326 if (rc)
327 goto exit;
328 /*
329 * Skip target_found and don't free it for now. This will be
330 * done when receiving the ATS
331 */
332 goto exit_free_skb;
333 } else {
334 rc = -EOPNOTSUPP;
335 goto exit;
336 }
337
338 rc = digital_target_found(ddev, target, nfc_proto);
339
340 exit:
341 kfree(target);
342
343 exit_free_skb:
344 dev_kfree_skb(resp);
345
346 if (rc)
347 digital_poll_next_tech(ddev);
348 }
349
digital_in_send_sel_req(struct nfc_digital_dev * ddev,struct nfc_target * target,struct digital_sdd_res * sdd_res)350 static int digital_in_send_sel_req(struct nfc_digital_dev *ddev,
351 struct nfc_target *target,
352 struct digital_sdd_res *sdd_res)
353 {
354 struct sk_buff *skb;
355 struct digital_sel_req *sel_req;
356 u8 sel_cmd;
357 int rc;
358
359 skb = digital_skb_alloc(ddev, sizeof(struct digital_sel_req));
360 if (!skb)
361 return -ENOMEM;
362
363 skb_put(skb, sizeof(struct digital_sel_req));
364 sel_req = (struct digital_sel_req *)skb->data;
365
366 if (target->nfcid1_len <= 4)
367 sel_cmd = DIGITAL_CMD_SEL_REQ_CL1;
368 else if (target->nfcid1_len < 10)
369 sel_cmd = DIGITAL_CMD_SEL_REQ_CL2;
370 else
371 sel_cmd = DIGITAL_CMD_SEL_REQ_CL3;
372
373 sel_req->sel_cmd = sel_cmd;
374 sel_req->b2 = 0x70;
375 memcpy(sel_req->nfcid1, sdd_res->nfcid1, 4);
376 sel_req->bcc = sdd_res->bcc;
377
378 if (DIGITAL_DRV_CAPS_IN_CRC(ddev)) {
379 rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
380 NFC_DIGITAL_FRAMING_NFCA_STANDARD_WITH_CRC_A);
381 if (rc)
382 goto exit;
383 } else {
384 digital_skb_add_crc_a(skb);
385 }
386
387 rc = digital_in_send_cmd(ddev, skb, 30, digital_in_recv_sel_res,
388 target);
389 exit:
390 if (rc)
391 kfree_skb(skb);
392
393 return rc;
394 }
395
digital_in_recv_sdd_res(struct nfc_digital_dev * ddev,void * arg,struct sk_buff * resp)396 static void digital_in_recv_sdd_res(struct nfc_digital_dev *ddev, void *arg,
397 struct sk_buff *resp)
398 {
399 struct nfc_target *target = arg;
400 struct digital_sdd_res *sdd_res;
401 int rc;
402 u8 offset, size;
403 u8 i, bcc;
404
405 if (IS_ERR(resp)) {
406 rc = PTR_ERR(resp);
407 resp = NULL;
408 goto exit;
409 }
410
411 if (resp->len < DIGITAL_SDD_RES_LEN) {
412 PROTOCOL_ERR("4.7.2.8");
413 rc = -EINVAL;
414 goto exit;
415 }
416
417 sdd_res = (struct digital_sdd_res *)resp->data;
418
419 for (i = 0, bcc = 0; i < 4; i++)
420 bcc ^= sdd_res->nfcid1[i];
421
422 if (bcc != sdd_res->bcc) {
423 PROTOCOL_ERR("4.7.2.6");
424 rc = -EINVAL;
425 goto exit;
426 }
427
428 if (sdd_res->nfcid1[0] == DIGITAL_SDD_RES_CT) {
429 offset = 1;
430 size = 3;
431 } else {
432 offset = 0;
433 size = 4;
434 }
435
436 memcpy(target->nfcid1 + target->nfcid1_len, sdd_res->nfcid1 + offset,
437 size);
438 target->nfcid1_len += size;
439
440 rc = digital_in_send_sel_req(ddev, target, sdd_res);
441
442 exit:
443 dev_kfree_skb(resp);
444
445 if (rc) {
446 kfree(target);
447 digital_poll_next_tech(ddev);
448 }
449 }
450
digital_in_send_sdd_req(struct nfc_digital_dev * ddev,struct nfc_target * target)451 static int digital_in_send_sdd_req(struct nfc_digital_dev *ddev,
452 struct nfc_target *target)
453 {
454 int rc;
455 struct sk_buff *skb;
456 u8 sel_cmd;
457
458 rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
459 NFC_DIGITAL_FRAMING_NFCA_STANDARD);
460 if (rc)
461 return rc;
462
463 skb = digital_skb_alloc(ddev, 2);
464 if (!skb)
465 return -ENOMEM;
466
467 if (target->nfcid1_len == 0)
468 sel_cmd = DIGITAL_CMD_SEL_REQ_CL1;
469 else if (target->nfcid1_len == 3)
470 sel_cmd = DIGITAL_CMD_SEL_REQ_CL2;
471 else
472 sel_cmd = DIGITAL_CMD_SEL_REQ_CL3;
473
474 skb_put_u8(skb, sel_cmd);
475 skb_put_u8(skb, DIGITAL_SDD_REQ_SEL_PAR);
476
477 return digital_in_send_cmd(ddev, skb, 30, digital_in_recv_sdd_res,
478 target);
479 }
480
digital_in_recv_sens_res(struct nfc_digital_dev * ddev,void * arg,struct sk_buff * resp)481 static void digital_in_recv_sens_res(struct nfc_digital_dev *ddev, void *arg,
482 struct sk_buff *resp)
483 {
484 struct nfc_target *target = NULL;
485 int rc;
486
487 if (IS_ERR(resp)) {
488 rc = PTR_ERR(resp);
489 resp = NULL;
490 goto exit;
491 }
492
493 if (resp->len < sizeof(u16)) {
494 rc = -EIO;
495 goto exit;
496 }
497
498 target = kzalloc(sizeof(struct nfc_target), GFP_KERNEL);
499 if (!target) {
500 rc = -ENOMEM;
501 goto exit;
502 }
503
504 target->sens_res = __le16_to_cpu(*(__le16 *)resp->data);
505
506 if (!DIGITAL_SENS_RES_IS_VALID(target->sens_res)) {
507 PROTOCOL_ERR("4.6.3.3");
508 rc = -EINVAL;
509 goto exit;
510 }
511
512 if (DIGITAL_SENS_RES_IS_T1T(target->sens_res))
513 rc = digital_target_found(ddev, target, NFC_PROTO_JEWEL);
514 else
515 rc = digital_in_send_sdd_req(ddev, target);
516
517 exit:
518 dev_kfree_skb(resp);
519
520 if (rc) {
521 kfree(target);
522 digital_poll_next_tech(ddev);
523 }
524 }
525
digital_in_send_sens_req(struct nfc_digital_dev * ddev,u8 rf_tech)526 int digital_in_send_sens_req(struct nfc_digital_dev *ddev, u8 rf_tech)
527 {
528 struct sk_buff *skb;
529 int rc;
530
531 rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_RF_TECH,
532 NFC_DIGITAL_RF_TECH_106A);
533 if (rc)
534 return rc;
535
536 rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
537 NFC_DIGITAL_FRAMING_NFCA_SHORT);
538 if (rc)
539 return rc;
540
541 skb = digital_skb_alloc(ddev, 1);
542 if (!skb)
543 return -ENOMEM;
544
545 skb_put_u8(skb, DIGITAL_CMD_SENS_REQ);
546
547 rc = digital_in_send_cmd(ddev, skb, 30, digital_in_recv_sens_res, NULL);
548 if (rc)
549 kfree_skb(skb);
550
551 return rc;
552 }
553
digital_in_recv_mifare_res(struct sk_buff * resp)554 int digital_in_recv_mifare_res(struct sk_buff *resp)
555 {
556 /* Successful READ command response is 16 data bytes + 2 CRC bytes long.
557 * Since the driver can't differentiate a ACK/NACK response from a valid
558 * READ response, the CRC calculation must be handled at digital level
559 * even if the driver supports it for this technology.
560 */
561 if (resp->len == DIGITAL_MIFARE_READ_RES_LEN + DIGITAL_CRC_LEN) {
562 if (digital_skb_check_crc_a(resp)) {
563 PROTOCOL_ERR("9.4.1.2");
564 return -EIO;
565 }
566
567 return 0;
568 }
569
570 /* ACK response (i.e. successful WRITE). */
571 if (resp->len == 1 && resp->data[0] == DIGITAL_MIFARE_ACK_RES) {
572 resp->data[0] = 0;
573 return 0;
574 }
575
576 /* NACK and any other responses are treated as error. */
577 return -EIO;
578 }
579
digital_in_recv_attrib_res(struct nfc_digital_dev * ddev,void * arg,struct sk_buff * resp)580 static void digital_in_recv_attrib_res(struct nfc_digital_dev *ddev, void *arg,
581 struct sk_buff *resp)
582 {
583 struct nfc_target *target = arg;
584 struct digital_attrib_res *attrib_res;
585 int rc;
586
587 if (IS_ERR(resp)) {
588 rc = PTR_ERR(resp);
589 resp = NULL;
590 goto exit;
591 }
592
593 if (resp->len < sizeof(*attrib_res)) {
594 PROTOCOL_ERR("12.6.2");
595 rc = -EIO;
596 goto exit;
597 }
598
599 attrib_res = (struct digital_attrib_res *)resp->data;
600
601 if (attrib_res->mbli_did & 0x0f) {
602 PROTOCOL_ERR("12.6.2.1");
603 rc = -EIO;
604 goto exit;
605 }
606
607 rc = digital_target_found(ddev, target, NFC_PROTO_ISO14443_B);
608
609 exit:
610 dev_kfree_skb(resp);
611 kfree(target);
612
613 if (rc)
614 digital_poll_next_tech(ddev);
615 }
616
digital_in_send_attrib_req(struct nfc_digital_dev * ddev,struct nfc_target * target,struct digital_sensb_res * sensb_res)617 static int digital_in_send_attrib_req(struct nfc_digital_dev *ddev,
618 struct nfc_target *target,
619 struct digital_sensb_res *sensb_res)
620 {
621 struct digital_attrib_req *attrib_req;
622 struct sk_buff *skb;
623 int rc;
624
625 skb = digital_skb_alloc(ddev, sizeof(*attrib_req));
626 if (!skb)
627 return -ENOMEM;
628
629 attrib_req = skb_put(skb, sizeof(*attrib_req));
630
631 attrib_req->cmd = DIGITAL_CMD_ATTRIB_REQ;
632 memcpy(attrib_req->nfcid0, sensb_res->nfcid0,
633 sizeof(attrib_req->nfcid0));
634 attrib_req->param1 = DIGITAL_ATTRIB_P1_TR0_DEFAULT |
635 DIGITAL_ATTRIB_P1_TR1_DEFAULT;
636 attrib_req->param2 = DIGITAL_ATTRIB_P2_LISTEN_POLL_1 |
637 DIGITAL_ATTRIB_P2_POLL_LISTEN_1 |
638 DIGITAL_ATTRIB_P2_MAX_FRAME_256;
639 attrib_req->param3 = sensb_res->proto_info[1] & 0x07;
640 attrib_req->param4 = DIGITAL_ATTRIB_P4_DID(0);
641
642 rc = digital_in_send_cmd(ddev, skb, 30, digital_in_recv_attrib_res,
643 target);
644 if (rc)
645 kfree_skb(skb);
646
647 return rc;
648 }
649
digital_in_recv_sensb_res(struct nfc_digital_dev * ddev,void * arg,struct sk_buff * resp)650 static void digital_in_recv_sensb_res(struct nfc_digital_dev *ddev, void *arg,
651 struct sk_buff *resp)
652 {
653 struct nfc_target *target = NULL;
654 struct digital_sensb_res *sensb_res;
655 u8 fsci;
656 int rc;
657
658 if (IS_ERR(resp)) {
659 rc = PTR_ERR(resp);
660 resp = NULL;
661 goto exit;
662 }
663
664 if (resp->len != sizeof(*sensb_res)) {
665 PROTOCOL_ERR("5.6.2.1");
666 rc = -EIO;
667 goto exit;
668 }
669
670 sensb_res = (struct digital_sensb_res *)resp->data;
671
672 if (sensb_res->cmd != DIGITAL_CMD_SENSB_RES) {
673 PROTOCOL_ERR("5.6.2");
674 rc = -EIO;
675 goto exit;
676 }
677
678 if (!(sensb_res->proto_info[1] & BIT(0))) {
679 PROTOCOL_ERR("5.6.2.12");
680 rc = -EIO;
681 goto exit;
682 }
683
684 if (sensb_res->proto_info[1] & BIT(3)) {
685 PROTOCOL_ERR("5.6.2.16");
686 rc = -EIO;
687 goto exit;
688 }
689
690 fsci = DIGITAL_SENSB_FSCI(sensb_res->proto_info[1]);
691 if (fsci >= 8)
692 ddev->target_fsc = DIGITAL_ATS_MAX_FSC;
693 else
694 ddev->target_fsc = digital_ats_fsc[fsci];
695
696 target = kzalloc(sizeof(struct nfc_target), GFP_KERNEL);
697 if (!target) {
698 rc = -ENOMEM;
699 goto exit;
700 }
701
702 rc = digital_in_send_attrib_req(ddev, target, sensb_res);
703
704 exit:
705 dev_kfree_skb(resp);
706
707 if (rc) {
708 kfree(target);
709 digital_poll_next_tech(ddev);
710 }
711 }
712
digital_in_send_sensb_req(struct nfc_digital_dev * ddev,u8 rf_tech)713 int digital_in_send_sensb_req(struct nfc_digital_dev *ddev, u8 rf_tech)
714 {
715 struct digital_sensb_req *sensb_req;
716 struct sk_buff *skb;
717 int rc;
718
719 rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_RF_TECH,
720 NFC_DIGITAL_RF_TECH_106B);
721 if (rc)
722 return rc;
723
724 rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
725 NFC_DIGITAL_FRAMING_NFCB);
726 if (rc)
727 return rc;
728
729 skb = digital_skb_alloc(ddev, sizeof(*sensb_req));
730 if (!skb)
731 return -ENOMEM;
732
733 sensb_req = skb_put(skb, sizeof(*sensb_req));
734
735 sensb_req->cmd = DIGITAL_CMD_SENSB_REQ;
736 sensb_req->afi = 0x00; /* All families and sub-families */
737 sensb_req->param = DIGITAL_SENSB_N(0);
738
739 rc = digital_in_send_cmd(ddev, skb, 30, digital_in_recv_sensb_res,
740 NULL);
741 if (rc)
742 kfree_skb(skb);
743
744 return rc;
745 }
746
digital_in_recv_sensf_res(struct nfc_digital_dev * ddev,void * arg,struct sk_buff * resp)747 static void digital_in_recv_sensf_res(struct nfc_digital_dev *ddev, void *arg,
748 struct sk_buff *resp)
749 {
750 int rc;
751 u8 proto;
752 struct nfc_target target;
753 struct digital_sensf_res *sensf_res;
754
755 if (IS_ERR(resp)) {
756 rc = PTR_ERR(resp);
757 resp = NULL;
758 goto exit;
759 }
760
761 if (resp->len < DIGITAL_SENSF_RES_MIN_LENGTH) {
762 rc = -EIO;
763 goto exit;
764 }
765
766 if (!DIGITAL_DRV_CAPS_IN_CRC(ddev)) {
767 rc = digital_skb_check_crc_f(resp);
768 if (rc) {
769 PROTOCOL_ERR("6.4.1.8");
770 goto exit;
771 }
772 }
773
774 skb_pull(resp, 1);
775
776 memset(&target, 0, sizeof(struct nfc_target));
777
778 sensf_res = (struct digital_sensf_res *)resp->data;
779
780 memcpy(target.sensf_res, sensf_res, resp->len);
781 target.sensf_res_len = resp->len;
782
783 memcpy(target.nfcid2, sensf_res->nfcid2, NFC_NFCID2_MAXSIZE);
784 target.nfcid2_len = NFC_NFCID2_MAXSIZE;
785
786 if (target.nfcid2[0] == DIGITAL_SENSF_NFCID2_NFC_DEP_B1 &&
787 target.nfcid2[1] == DIGITAL_SENSF_NFCID2_NFC_DEP_B2)
788 proto = NFC_PROTO_NFC_DEP;
789 else
790 proto = NFC_PROTO_FELICA;
791
792 rc = digital_target_found(ddev, &target, proto);
793
794 exit:
795 dev_kfree_skb(resp);
796
797 if (rc)
798 digital_poll_next_tech(ddev);
799 }
800
digital_in_send_sensf_req(struct nfc_digital_dev * ddev,u8 rf_tech)801 int digital_in_send_sensf_req(struct nfc_digital_dev *ddev, u8 rf_tech)
802 {
803 struct digital_sensf_req *sensf_req;
804 struct sk_buff *skb;
805 int rc;
806 u8 size;
807
808 rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_RF_TECH, rf_tech);
809 if (rc)
810 return rc;
811
812 rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
813 NFC_DIGITAL_FRAMING_NFCF);
814 if (rc)
815 return rc;
816
817 size = sizeof(struct digital_sensf_req);
818
819 skb = digital_skb_alloc(ddev, size);
820 if (!skb)
821 return -ENOMEM;
822
823 skb_put(skb, size);
824
825 sensf_req = (struct digital_sensf_req *)skb->data;
826 sensf_req->cmd = DIGITAL_CMD_SENSF_REQ;
827 sensf_req->sc1 = 0xFF;
828 sensf_req->sc2 = 0xFF;
829 sensf_req->rc = 0;
830 sensf_req->tsn = 0;
831
832 *(u8 *)skb_push(skb, 1) = size + 1;
833
834 if (!DIGITAL_DRV_CAPS_IN_CRC(ddev))
835 digital_skb_add_crc_f(skb);
836
837 rc = digital_in_send_cmd(ddev, skb, 30, digital_in_recv_sensf_res,
838 NULL);
839 if (rc)
840 kfree_skb(skb);
841
842 return rc;
843 }
844
digital_in_recv_iso15693_inv_res(struct nfc_digital_dev * ddev,void * arg,struct sk_buff * resp)845 static void digital_in_recv_iso15693_inv_res(struct nfc_digital_dev *ddev,
846 void *arg, struct sk_buff *resp)
847 {
848 struct digital_iso15693_inv_res *res;
849 struct nfc_target *target = NULL;
850 int rc;
851
852 if (IS_ERR(resp)) {
853 rc = PTR_ERR(resp);
854 resp = NULL;
855 goto out_free_skb;
856 }
857
858 if (resp->len != sizeof(*res)) {
859 rc = -EIO;
860 goto out_free_skb;
861 }
862
863 res = (struct digital_iso15693_inv_res *)resp->data;
864
865 if (!DIGITAL_ISO15693_RES_IS_VALID(res->flags)) {
866 PROTOCOL_ERR("ISO15693 - 10.3.1");
867 rc = -EINVAL;
868 goto out_free_skb;
869 }
870
871 target = kzalloc(sizeof(*target), GFP_KERNEL);
872 if (!target) {
873 rc = -ENOMEM;
874 goto out_free_skb;
875 }
876
877 target->is_iso15693 = 1;
878 target->iso15693_dsfid = res->dsfid;
879 memcpy(target->iso15693_uid, &res->uid, sizeof(target->iso15693_uid));
880
881 rc = digital_target_found(ddev, target, NFC_PROTO_ISO15693);
882
883 kfree(target);
884
885 out_free_skb:
886 dev_kfree_skb(resp);
887
888 if (rc)
889 digital_poll_next_tech(ddev);
890 }
891
digital_in_send_iso15693_inv_req(struct nfc_digital_dev * ddev,u8 rf_tech)892 int digital_in_send_iso15693_inv_req(struct nfc_digital_dev *ddev, u8 rf_tech)
893 {
894 struct digital_iso15693_inv_req *req;
895 struct sk_buff *skb;
896 int rc;
897
898 rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_RF_TECH,
899 NFC_DIGITAL_RF_TECH_ISO15693);
900 if (rc)
901 return rc;
902
903 rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
904 NFC_DIGITAL_FRAMING_ISO15693_INVENTORY);
905 if (rc)
906 return rc;
907
908 skb = digital_skb_alloc(ddev, sizeof(*req));
909 if (!skb)
910 return -ENOMEM;
911
912 skb_put(skb, sizeof(*req) - sizeof(req->mask)); /* No mask */
913 req = (struct digital_iso15693_inv_req *)skb->data;
914
915 /* Single sub-carrier, high data rate, no AFI, single slot
916 * Inventory command
917 */
918 req->flags = DIGITAL_ISO15693_REQ_FLAG_DATA_RATE |
919 DIGITAL_ISO15693_REQ_FLAG_INVENTORY |
920 DIGITAL_ISO15693_REQ_FLAG_NB_SLOTS;
921 req->cmd = DIGITAL_CMD_ISO15693_INVENTORY_REQ;
922 req->mask_len = 0;
923
924 rc = digital_in_send_cmd(ddev, skb, 30,
925 digital_in_recv_iso15693_inv_res, NULL);
926 if (rc)
927 kfree_skb(skb);
928
929 return rc;
930 }
931
digital_tg_send_sel_res(struct nfc_digital_dev * ddev)932 static int digital_tg_send_sel_res(struct nfc_digital_dev *ddev)
933 {
934 struct sk_buff *skb;
935 int rc;
936
937 skb = digital_skb_alloc(ddev, 1);
938 if (!skb)
939 return -ENOMEM;
940
941 skb_put_u8(skb, DIGITAL_SEL_RES_NFC_DEP);
942
943 if (!DIGITAL_DRV_CAPS_TG_CRC(ddev))
944 digital_skb_add_crc_a(skb);
945
946 rc = digital_tg_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
947 NFC_DIGITAL_FRAMING_NFCA_ANTICOL_COMPLETE);
948 if (rc) {
949 kfree_skb(skb);
950 return rc;
951 }
952
953 rc = digital_tg_send_cmd(ddev, skb, 300, digital_tg_recv_atr_req,
954 NULL);
955 if (rc)
956 kfree_skb(skb);
957
958 return rc;
959 }
960
digital_tg_recv_sel_req(struct nfc_digital_dev * ddev,void * arg,struct sk_buff * resp)961 static void digital_tg_recv_sel_req(struct nfc_digital_dev *ddev, void *arg,
962 struct sk_buff *resp)
963 {
964 int rc;
965
966 if (IS_ERR(resp)) {
967 rc = PTR_ERR(resp);
968 resp = NULL;
969 goto exit;
970 }
971
972 if (!DIGITAL_DRV_CAPS_TG_CRC(ddev)) {
973 rc = digital_skb_check_crc_a(resp);
974 if (rc) {
975 PROTOCOL_ERR("4.4.1.3");
976 goto exit;
977 }
978 }
979
980 /* Silently ignore SEL_REQ content and send a SEL_RES for NFC-DEP */
981
982 rc = digital_tg_send_sel_res(ddev);
983
984 exit:
985 if (rc)
986 digital_poll_next_tech(ddev);
987
988 dev_kfree_skb(resp);
989 }
990
digital_tg_send_sdd_res(struct nfc_digital_dev * ddev)991 static int digital_tg_send_sdd_res(struct nfc_digital_dev *ddev)
992 {
993 struct sk_buff *skb;
994 struct digital_sdd_res *sdd_res;
995 int rc, i;
996
997 skb = digital_skb_alloc(ddev, sizeof(struct digital_sdd_res));
998 if (!skb)
999 return -ENOMEM;
1000
1001 skb_put(skb, sizeof(struct digital_sdd_res));
1002 sdd_res = (struct digital_sdd_res *)skb->data;
1003
1004 sdd_res->nfcid1[0] = 0x08;
1005 get_random_bytes(sdd_res->nfcid1 + 1, 3);
1006
1007 sdd_res->bcc = 0;
1008 for (i = 0; i < 4; i++)
1009 sdd_res->bcc ^= sdd_res->nfcid1[i];
1010
1011 rc = digital_tg_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
1012 NFC_DIGITAL_FRAMING_NFCA_STANDARD_WITH_CRC_A);
1013 if (rc) {
1014 kfree_skb(skb);
1015 return rc;
1016 }
1017
1018 rc = digital_tg_send_cmd(ddev, skb, 300, digital_tg_recv_sel_req,
1019 NULL);
1020 if (rc)
1021 kfree_skb(skb);
1022
1023 return rc;
1024 }
1025
digital_tg_recv_sdd_req(struct nfc_digital_dev * ddev,void * arg,struct sk_buff * resp)1026 static void digital_tg_recv_sdd_req(struct nfc_digital_dev *ddev, void *arg,
1027 struct sk_buff *resp)
1028 {
1029 u8 *sdd_req;
1030 int rc;
1031
1032 if (IS_ERR(resp)) {
1033 rc = PTR_ERR(resp);
1034 resp = NULL;
1035 goto exit;
1036 }
1037
1038 sdd_req = resp->data;
1039
1040 if (resp->len < 2 || sdd_req[0] != DIGITAL_CMD_SEL_REQ_CL1 ||
1041 sdd_req[1] != DIGITAL_SDD_REQ_SEL_PAR) {
1042 rc = -EINVAL;
1043 goto exit;
1044 }
1045
1046 rc = digital_tg_send_sdd_res(ddev);
1047
1048 exit:
1049 if (rc)
1050 digital_poll_next_tech(ddev);
1051
1052 dev_kfree_skb(resp);
1053 }
1054
digital_tg_send_sens_res(struct nfc_digital_dev * ddev)1055 static int digital_tg_send_sens_res(struct nfc_digital_dev *ddev)
1056 {
1057 struct sk_buff *skb;
1058 u8 *sens_res;
1059 int rc;
1060
1061 skb = digital_skb_alloc(ddev, 2);
1062 if (!skb)
1063 return -ENOMEM;
1064
1065 sens_res = skb_put(skb, 2);
1066
1067 sens_res[0] = (DIGITAL_SENS_RES_NFC_DEP >> 8) & 0xFF;
1068 sens_res[1] = DIGITAL_SENS_RES_NFC_DEP & 0xFF;
1069
1070 rc = digital_tg_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
1071 NFC_DIGITAL_FRAMING_NFCA_STANDARD);
1072 if (rc) {
1073 kfree_skb(skb);
1074 return rc;
1075 }
1076
1077 rc = digital_tg_send_cmd(ddev, skb, 300, digital_tg_recv_sdd_req,
1078 NULL);
1079 if (rc)
1080 kfree_skb(skb);
1081
1082 return rc;
1083 }
1084
digital_tg_recv_sens_req(struct nfc_digital_dev * ddev,void * arg,struct sk_buff * resp)1085 void digital_tg_recv_sens_req(struct nfc_digital_dev *ddev, void *arg,
1086 struct sk_buff *resp)
1087 {
1088 u8 sens_req;
1089 int rc;
1090
1091 if (IS_ERR(resp)) {
1092 rc = PTR_ERR(resp);
1093 resp = NULL;
1094 goto exit;
1095 }
1096
1097 sens_req = resp->data[0];
1098
1099 if (!resp->len || (sens_req != DIGITAL_CMD_SENS_REQ &&
1100 sens_req != DIGITAL_CMD_ALL_REQ)) {
1101 rc = -EINVAL;
1102 goto exit;
1103 }
1104
1105 rc = digital_tg_send_sens_res(ddev);
1106
1107 exit:
1108 if (rc)
1109 digital_poll_next_tech(ddev);
1110
1111 dev_kfree_skb(resp);
1112 }
1113
digital_tg_recv_atr_or_sensf_req(struct nfc_digital_dev * ddev,void * arg,struct sk_buff * resp)1114 static void digital_tg_recv_atr_or_sensf_req(struct nfc_digital_dev *ddev,
1115 void *arg, struct sk_buff *resp)
1116 {
1117 if (!IS_ERR(resp) && (resp->len >= 2) &&
1118 (resp->data[1] == DIGITAL_CMD_SENSF_REQ))
1119 digital_tg_recv_sensf_req(ddev, arg, resp);
1120 else
1121 digital_tg_recv_atr_req(ddev, arg, resp);
1122
1123 return;
1124 }
1125
digital_tg_send_sensf_res(struct nfc_digital_dev * ddev,struct digital_sensf_req * sensf_req)1126 static int digital_tg_send_sensf_res(struct nfc_digital_dev *ddev,
1127 struct digital_sensf_req *sensf_req)
1128 {
1129 struct sk_buff *skb;
1130 u8 size;
1131 int rc;
1132 struct digital_sensf_res *sensf_res;
1133
1134 size = sizeof(struct digital_sensf_res);
1135
1136 if (sensf_req->rc == DIGITAL_SENSF_REQ_RC_NONE)
1137 size -= sizeof(sensf_res->rd);
1138
1139 skb = digital_skb_alloc(ddev, size);
1140 if (!skb)
1141 return -ENOMEM;
1142
1143 skb_put(skb, size);
1144
1145 sensf_res = (struct digital_sensf_res *)skb->data;
1146
1147 memset(sensf_res, 0, size);
1148
1149 sensf_res->cmd = DIGITAL_CMD_SENSF_RES;
1150 sensf_res->nfcid2[0] = DIGITAL_SENSF_NFCID2_NFC_DEP_B1;
1151 sensf_res->nfcid2[1] = DIGITAL_SENSF_NFCID2_NFC_DEP_B2;
1152 get_random_bytes(&sensf_res->nfcid2[2], 6);
1153
1154 switch (sensf_req->rc) {
1155 case DIGITAL_SENSF_REQ_RC_SC:
1156 sensf_res->rd[0] = sensf_req->sc1;
1157 sensf_res->rd[1] = sensf_req->sc2;
1158 break;
1159 case DIGITAL_SENSF_REQ_RC_AP:
1160 sensf_res->rd[0] = DIGITAL_SENSF_RES_RD_AP_B1;
1161 sensf_res->rd[1] = DIGITAL_SENSF_RES_RD_AP_B2;
1162 break;
1163 }
1164
1165 *(u8 *)skb_push(skb, sizeof(u8)) = size + 1;
1166
1167 if (!DIGITAL_DRV_CAPS_TG_CRC(ddev))
1168 digital_skb_add_crc_f(skb);
1169
1170 rc = digital_tg_send_cmd(ddev, skb, 300,
1171 digital_tg_recv_atr_or_sensf_req, NULL);
1172 if (rc)
1173 kfree_skb(skb);
1174
1175 return rc;
1176 }
1177
digital_tg_recv_sensf_req(struct nfc_digital_dev * ddev,void * arg,struct sk_buff * resp)1178 void digital_tg_recv_sensf_req(struct nfc_digital_dev *ddev, void *arg,
1179 struct sk_buff *resp)
1180 {
1181 struct digital_sensf_req *sensf_req;
1182 int rc;
1183
1184 if (IS_ERR(resp)) {
1185 rc = PTR_ERR(resp);
1186 resp = NULL;
1187 goto exit;
1188 }
1189
1190 if (!DIGITAL_DRV_CAPS_TG_CRC(ddev)) {
1191 rc = digital_skb_check_crc_f(resp);
1192 if (rc) {
1193 PROTOCOL_ERR("6.4.1.8");
1194 goto exit;
1195 }
1196 }
1197
1198 if (resp->len != sizeof(struct digital_sensf_req) + 1) {
1199 rc = -EINVAL;
1200 goto exit;
1201 }
1202
1203 skb_pull(resp, 1);
1204 sensf_req = (struct digital_sensf_req *)resp->data;
1205
1206 if (sensf_req->cmd != DIGITAL_CMD_SENSF_REQ) {
1207 rc = -EINVAL;
1208 goto exit;
1209 }
1210
1211 rc = digital_tg_send_sensf_res(ddev, sensf_req);
1212
1213 exit:
1214 if (rc)
1215 digital_poll_next_tech(ddev);
1216
1217 dev_kfree_skb(resp);
1218 }
1219
digital_tg_config_nfca(struct nfc_digital_dev * ddev)1220 static int digital_tg_config_nfca(struct nfc_digital_dev *ddev)
1221 {
1222 int rc;
1223
1224 rc = digital_tg_configure_hw(ddev, NFC_DIGITAL_CONFIG_RF_TECH,
1225 NFC_DIGITAL_RF_TECH_106A);
1226 if (rc)
1227 return rc;
1228
1229 return digital_tg_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
1230 NFC_DIGITAL_FRAMING_NFCA_NFC_DEP);
1231 }
1232
digital_tg_listen_nfca(struct nfc_digital_dev * ddev,u8 rf_tech)1233 int digital_tg_listen_nfca(struct nfc_digital_dev *ddev, u8 rf_tech)
1234 {
1235 int rc;
1236
1237 rc = digital_tg_config_nfca(ddev);
1238 if (rc)
1239 return rc;
1240
1241 return digital_tg_listen(ddev, 300, digital_tg_recv_sens_req, NULL);
1242 }
1243
digital_tg_config_nfcf(struct nfc_digital_dev * ddev,u8 rf_tech)1244 static int digital_tg_config_nfcf(struct nfc_digital_dev *ddev, u8 rf_tech)
1245 {
1246 int rc;
1247
1248 rc = digital_tg_configure_hw(ddev, NFC_DIGITAL_CONFIG_RF_TECH, rf_tech);
1249 if (rc)
1250 return rc;
1251
1252 return digital_tg_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
1253 NFC_DIGITAL_FRAMING_NFCF_NFC_DEP);
1254 }
1255
digital_tg_listen_nfcf(struct nfc_digital_dev * ddev,u8 rf_tech)1256 int digital_tg_listen_nfcf(struct nfc_digital_dev *ddev, u8 rf_tech)
1257 {
1258 int rc;
1259
1260 rc = digital_tg_config_nfcf(ddev, rf_tech);
1261 if (rc)
1262 return rc;
1263
1264 return digital_tg_listen(ddev, 300, digital_tg_recv_sensf_req, NULL);
1265 }
1266
digital_tg_recv_md_req(struct nfc_digital_dev * ddev,void * arg,struct sk_buff * resp)1267 void digital_tg_recv_md_req(struct nfc_digital_dev *ddev, void *arg,
1268 struct sk_buff *resp)
1269 {
1270 u8 rf_tech;
1271 int rc;
1272
1273 if (IS_ERR(resp)) {
1274 resp = NULL;
1275 goto exit_free_skb;
1276 }
1277
1278 rc = ddev->ops->tg_get_rf_tech(ddev, &rf_tech);
1279 if (rc)
1280 goto exit_free_skb;
1281
1282 switch (rf_tech) {
1283 case NFC_DIGITAL_RF_TECH_106A:
1284 rc = digital_tg_config_nfca(ddev);
1285 if (rc)
1286 goto exit_free_skb;
1287 digital_tg_recv_sens_req(ddev, arg, resp);
1288 break;
1289 case NFC_DIGITAL_RF_TECH_212F:
1290 case NFC_DIGITAL_RF_TECH_424F:
1291 rc = digital_tg_config_nfcf(ddev, rf_tech);
1292 if (rc)
1293 goto exit_free_skb;
1294 digital_tg_recv_sensf_req(ddev, arg, resp);
1295 break;
1296 default:
1297 goto exit_free_skb;
1298 }
1299
1300 return;
1301
1302 exit_free_skb:
1303 digital_poll_next_tech(ddev);
1304 dev_kfree_skb(resp);
1305 }
1306