1 /*
2 * HCI based Driver for STMicroelectronics NFC Chip
3 *
4 * Copyright (C) 2014 STMicroelectronics SAS. All rights reserved.
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms and conditions of the GNU General Public License,
8 * version 2, as published by the Free Software Foundation.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, see <http://www.gnu.org/licenses/>.
17 */
18
19 #include <linux/module.h>
20 #include <linux/nfc.h>
21 #include <net/nfc/hci.h>
22 #include <net/nfc/llc.h>
23
24 #include "st21nfca.h"
25
26 #define DRIVER_DESC "HCI NFC driver for ST21NFCA"
27
28 #define FULL_VERSION_LEN 3
29
30 /* Proprietary gates, events, commands and registers */
31
32 /* Commands that apply to all RF readers */
33 #define ST21NFCA_RF_READER_CMD_PRESENCE_CHECK 0x30
34
35 #define ST21NFCA_RF_READER_ISO15693_GATE 0x12
36 #define ST21NFCA_RF_READER_ISO15693_INVENTORY 0x01
37
38 /*
39 * Reader gate for communication with contact-less cards using Type A
40 * protocol ISO14443-3 but not compliant with ISO14443-4
41 */
42 #define ST21NFCA_RF_READER_14443_3_A_GATE 0x15
43 #define ST21NFCA_RF_READER_14443_3_A_UID 0x02
44 #define ST21NFCA_RF_READER_14443_3_A_ATQA 0x03
45 #define ST21NFCA_RF_READER_14443_3_A_SAK 0x04
46
47 #define ST21NFCA_RF_READER_F_DATARATE 0x01
48 #define ST21NFCA_RF_READER_F_DATARATE_106 0x01
49 #define ST21NFCA_RF_READER_F_DATARATE_212 0x02
50 #define ST21NFCA_RF_READER_F_DATARATE_424 0x04
51 #define ST21NFCA_RF_READER_F_POL_REQ 0x02
52 #define ST21NFCA_RF_READER_F_POL_REQ_DEFAULT 0xffff0000
53 #define ST21NFCA_RF_READER_F_NFCID2 0x03
54 #define ST21NFCA_RF_READER_F_NFCID1 0x04
55
56 #define ST21NFCA_RF_CARD_F_MODE 0x01
57 #define ST21NFCA_RF_CARD_F_NFCID2_LIST 0x04
58 #define ST21NFCA_RF_CARD_F_NFCID1 0x05
59 #define ST21NFCA_RF_CARD_F_SENS_RES 0x06
60 #define ST21NFCA_RF_CARD_F_SEL_RES 0x07
61 #define ST21NFCA_RF_CARD_F_DATARATE 0x08
62 #define ST21NFCA_RF_CARD_F_DATARATE_212_424 0x01
63
64 #define ST21NFCA_DEVICE_MGNT_PIPE 0x02
65
66 #define ST21NFCA_DM_GETINFO 0x13
67 #define ST21NFCA_DM_GETINFO_PIPE_LIST 0x02
68 #define ST21NFCA_DM_GETINFO_PIPE_INFO 0x01
69 #define ST21NFCA_DM_PIPE_CREATED 0x02
70 #define ST21NFCA_DM_PIPE_OPEN 0x04
71 #define ST21NFCA_DM_RF_ACTIVE 0x80
72 #define ST21NFCA_DM_DISCONNECT 0x30
73
74 #define ST21NFCA_DM_IS_PIPE_OPEN(p) \
75 ((p & 0x0f) == (ST21NFCA_DM_PIPE_CREATED | ST21NFCA_DM_PIPE_OPEN))
76
77 #define ST21NFCA_NFC_MODE 0x03 /* NFC_MODE parameter*/
78
79 #define ST21NFCA_EVT_HOT_PLUG 0x03
80 #define ST21NFCA_EVT_HOT_PLUG_IS_INHIBITED(x) (x->data[0] & 0x80)
81
82 #define ST21NFCA_SE_TO_PIPES 2000
83
84 static DECLARE_BITMAP(dev_mask, ST21NFCA_NUM_DEVICES);
85
86 static struct nfc_hci_gate st21nfca_gates[] = {
87 {NFC_HCI_ADMIN_GATE, NFC_HCI_ADMIN_PIPE},
88 {NFC_HCI_LINK_MGMT_GATE, NFC_HCI_LINK_MGMT_PIPE},
89 {ST21NFCA_DEVICE_MGNT_GATE, ST21NFCA_DEVICE_MGNT_PIPE},
90
91 {NFC_HCI_LOOPBACK_GATE, NFC_HCI_INVALID_PIPE},
92 {NFC_HCI_ID_MGMT_GATE, NFC_HCI_INVALID_PIPE},
93 {NFC_HCI_RF_READER_B_GATE, NFC_HCI_INVALID_PIPE},
94 {NFC_HCI_RF_READER_A_GATE, NFC_HCI_INVALID_PIPE},
95 {ST21NFCA_RF_READER_F_GATE, NFC_HCI_INVALID_PIPE},
96 {ST21NFCA_RF_READER_14443_3_A_GATE, NFC_HCI_INVALID_PIPE},
97 {ST21NFCA_RF_READER_ISO15693_GATE, NFC_HCI_INVALID_PIPE},
98 {ST21NFCA_RF_CARD_F_GATE, NFC_HCI_INVALID_PIPE},
99
100 /* Secure element pipes are created by secure element host */
101 {ST21NFCA_CONNECTIVITY_GATE, NFC_HCI_DO_NOT_CREATE_PIPE},
102 {ST21NFCA_APDU_READER_GATE, NFC_HCI_DO_NOT_CREATE_PIPE},
103 };
104
105 struct st21nfca_pipe_info {
106 u8 pipe_state;
107 u8 src_host_id;
108 u8 src_gate_id;
109 u8 dst_host_id;
110 u8 dst_gate_id;
111 } __packed;
112
113 /* Largest headroom needed for outgoing custom commands */
114 #define ST21NFCA_CMDS_HEADROOM 7
115
st21nfca_hci_load_session(struct nfc_hci_dev * hdev)116 static int st21nfca_hci_load_session(struct nfc_hci_dev *hdev)
117 {
118 int i, j, r;
119 struct sk_buff *skb_pipe_list, *skb_pipe_info;
120 struct st21nfca_pipe_info *info;
121
122 u8 pipe_list[] = { ST21NFCA_DM_GETINFO_PIPE_LIST,
123 NFC_HCI_TERMINAL_HOST_ID
124 };
125 u8 pipe_info[] = { ST21NFCA_DM_GETINFO_PIPE_INFO,
126 NFC_HCI_TERMINAL_HOST_ID, 0
127 };
128
129 /* On ST21NFCA device pipes number are dynamics
130 * A maximum of 16 pipes can be created at the same time
131 * If pipes are already created, hci_dev_up will fail.
132 * Doing a clear all pipe is a bad idea because:
133 * - It does useless EEPROM cycling
134 * - It might cause issue for secure elements support
135 * (such as removing connectivity or APDU reader pipe)
136 * A better approach on ST21NFCA is to:
137 * - get a pipe list for each host.
138 * (eg: NFC_HCI_HOST_CONTROLLER_ID for now).
139 * (TODO Later on UICC HOST and eSE HOST)
140 * - get pipe information
141 * - match retrieved pipe list in st21nfca_gates
142 * ST21NFCA_DEVICE_MGNT_GATE is a proprietary gate
143 * with ST21NFCA_DEVICE_MGNT_PIPE.
144 * Pipe can be closed and need to be open.
145 */
146 r = nfc_hci_connect_gate(hdev, NFC_HCI_HOST_CONTROLLER_ID,
147 ST21NFCA_DEVICE_MGNT_GATE,
148 ST21NFCA_DEVICE_MGNT_PIPE);
149 if (r < 0)
150 return r;
151
152 /* Get pipe list */
153 r = nfc_hci_send_cmd(hdev, ST21NFCA_DEVICE_MGNT_GATE,
154 ST21NFCA_DM_GETINFO, pipe_list, sizeof(pipe_list),
155 &skb_pipe_list);
156 if (r < 0)
157 return r;
158
159 /* Complete the existing gate_pipe table */
160 for (i = 0; i < skb_pipe_list->len; i++) {
161 pipe_info[2] = skb_pipe_list->data[i];
162 r = nfc_hci_send_cmd(hdev, ST21NFCA_DEVICE_MGNT_GATE,
163 ST21NFCA_DM_GETINFO, pipe_info,
164 sizeof(pipe_info), &skb_pipe_info);
165 if (r)
166 continue;
167
168 /*
169 * Match pipe ID and gate ID
170 * Output format from ST21NFC_DM_GETINFO is:
171 * - pipe state (1byte)
172 * - source hid (1byte)
173 * - source gid (1byte)
174 * - destination hid (1byte)
175 * - destination gid (1byte)
176 */
177 info = (struct st21nfca_pipe_info *) skb_pipe_info->data;
178 if (info->dst_gate_id == ST21NFCA_APDU_READER_GATE &&
179 info->src_host_id != ST21NFCA_ESE_HOST_ID) {
180 pr_err("Unexpected apdu_reader pipe on host %x\n",
181 info->src_host_id);
182 kfree_skb(skb_pipe_info);
183 continue;
184 }
185
186 for (j = 3; (j < ARRAY_SIZE(st21nfca_gates)) &&
187 (st21nfca_gates[j].gate != info->dst_gate_id) ; j++)
188 ;
189
190 if (j < ARRAY_SIZE(st21nfca_gates) &&
191 st21nfca_gates[j].gate == info->dst_gate_id &&
192 ST21NFCA_DM_IS_PIPE_OPEN(info->pipe_state)) {
193 hdev->init_data.gates[j].pipe = pipe_info[2];
194
195 hdev->gate2pipe[st21nfca_gates[j].gate] =
196 pipe_info[2];
197 hdev->pipes[pipe_info[2]].gate =
198 st21nfca_gates[j].gate;
199 hdev->pipes[pipe_info[2]].dest_host =
200 info->src_host_id;
201 }
202 kfree_skb(skb_pipe_info);
203 }
204
205 /*
206 * 3 gates have a well known pipe ID. Only NFC_HCI_LINK_MGMT_GATE
207 * is not yet open at this stage.
208 */
209 r = nfc_hci_connect_gate(hdev, NFC_HCI_HOST_CONTROLLER_ID,
210 NFC_HCI_LINK_MGMT_GATE,
211 NFC_HCI_LINK_MGMT_PIPE);
212
213 kfree_skb(skb_pipe_list);
214 return r;
215 }
216
st21nfca_hci_open(struct nfc_hci_dev * hdev)217 static int st21nfca_hci_open(struct nfc_hci_dev *hdev)
218 {
219 struct st21nfca_hci_info *info = nfc_hci_get_clientdata(hdev);
220 int r;
221
222 mutex_lock(&info->info_lock);
223
224 if (info->state != ST21NFCA_ST_COLD) {
225 r = -EBUSY;
226 goto out;
227 }
228
229 r = info->phy_ops->enable(info->phy_id);
230
231 if (r == 0)
232 info->state = ST21NFCA_ST_READY;
233
234 out:
235 mutex_unlock(&info->info_lock);
236 return r;
237 }
238
st21nfca_hci_close(struct nfc_hci_dev * hdev)239 static void st21nfca_hci_close(struct nfc_hci_dev *hdev)
240 {
241 struct st21nfca_hci_info *info = nfc_hci_get_clientdata(hdev);
242
243 mutex_lock(&info->info_lock);
244
245 if (info->state == ST21NFCA_ST_COLD)
246 goto out;
247
248 info->phy_ops->disable(info->phy_id);
249 info->state = ST21NFCA_ST_COLD;
250
251 out:
252 mutex_unlock(&info->info_lock);
253 }
254
st21nfca_hci_ready(struct nfc_hci_dev * hdev)255 static int st21nfca_hci_ready(struct nfc_hci_dev *hdev)
256 {
257 struct st21nfca_hci_info *info = nfc_hci_get_clientdata(hdev);
258 struct sk_buff *skb;
259
260 u8 param;
261 u8 white_list[2];
262 int wl_size = 0;
263 int r;
264
265 if (info->se_status->is_ese_present &&
266 info->se_status->is_uicc_present) {
267 white_list[wl_size++] = NFC_HCI_UICC_HOST_ID;
268 white_list[wl_size++] = ST21NFCA_ESE_HOST_ID;
269 } else if (!info->se_status->is_ese_present &&
270 info->se_status->is_uicc_present) {
271 white_list[wl_size++] = NFC_HCI_UICC_HOST_ID;
272 } else if (info->se_status->is_ese_present &&
273 !info->se_status->is_uicc_present) {
274 white_list[wl_size++] = ST21NFCA_ESE_HOST_ID;
275 }
276
277 if (wl_size) {
278 r = nfc_hci_set_param(hdev, NFC_HCI_ADMIN_GATE,
279 NFC_HCI_ADMIN_WHITELIST,
280 (u8 *) &white_list, wl_size);
281 if (r < 0)
282 return r;
283 }
284
285 /* Set NFC_MODE in device management gate to enable */
286 r = nfc_hci_get_param(hdev, ST21NFCA_DEVICE_MGNT_GATE,
287 ST21NFCA_NFC_MODE, &skb);
288 if (r < 0)
289 return r;
290
291 param = skb->data[0];
292 kfree_skb(skb);
293 if (param == 0) {
294 param = 1;
295
296 r = nfc_hci_set_param(hdev, ST21NFCA_DEVICE_MGNT_GATE,
297 ST21NFCA_NFC_MODE, ¶m, 1);
298 if (r < 0)
299 return r;
300 }
301
302 r = nfc_hci_send_event(hdev, NFC_HCI_RF_READER_A_GATE,
303 NFC_HCI_EVT_END_OPERATION, NULL, 0);
304 if (r < 0)
305 return r;
306
307 r = nfc_hci_get_param(hdev, NFC_HCI_ID_MGMT_GATE,
308 NFC_HCI_ID_MGMT_VERSION_SW, &skb);
309 if (r < 0)
310 return r;
311
312 if (skb->len != FULL_VERSION_LEN) {
313 kfree_skb(skb);
314 return -EINVAL;
315 }
316
317 print_hex_dump(KERN_DEBUG, "FULL VERSION SOFTWARE INFO: ",
318 DUMP_PREFIX_NONE, 16, 1,
319 skb->data, FULL_VERSION_LEN, false);
320
321 kfree_skb(skb);
322
323 return 0;
324 }
325
st21nfca_hci_xmit(struct nfc_hci_dev * hdev,struct sk_buff * skb)326 static int st21nfca_hci_xmit(struct nfc_hci_dev *hdev, struct sk_buff *skb)
327 {
328 struct st21nfca_hci_info *info = nfc_hci_get_clientdata(hdev);
329
330 return info->phy_ops->write(info->phy_id, skb);
331 }
332
st21nfca_hci_start_poll(struct nfc_hci_dev * hdev,u32 im_protocols,u32 tm_protocols)333 static int st21nfca_hci_start_poll(struct nfc_hci_dev *hdev,
334 u32 im_protocols, u32 tm_protocols)
335 {
336 int r;
337 u32 pol_req;
338 u8 param[19];
339 struct sk_buff *datarate_skb;
340
341 pr_info(DRIVER_DESC ": %s protocols 0x%x 0x%x\n",
342 __func__, im_protocols, tm_protocols);
343
344 r = nfc_hci_send_event(hdev, NFC_HCI_RF_READER_A_GATE,
345 NFC_HCI_EVT_END_OPERATION, NULL, 0);
346 if (r < 0)
347 return r;
348 if (im_protocols) {
349 /*
350 * enable polling according to im_protocols & tm_protocols
351 * - CLOSE pipe according to im_protocols & tm_protocols
352 */
353 if ((NFC_HCI_RF_READER_B_GATE & im_protocols) == 0) {
354 r = nfc_hci_disconnect_gate(hdev,
355 NFC_HCI_RF_READER_B_GATE);
356 if (r < 0)
357 return r;
358 }
359
360 if ((NFC_HCI_RF_READER_A_GATE & im_protocols) == 0) {
361 r = nfc_hci_disconnect_gate(hdev,
362 NFC_HCI_RF_READER_A_GATE);
363 if (r < 0)
364 return r;
365 }
366
367 if ((ST21NFCA_RF_READER_F_GATE & im_protocols) == 0) {
368 r = nfc_hci_disconnect_gate(hdev,
369 ST21NFCA_RF_READER_F_GATE);
370 if (r < 0)
371 return r;
372 } else {
373 hdev->gb = nfc_get_local_general_bytes(hdev->ndev,
374 &hdev->gb_len);
375
376 if (hdev->gb == NULL || hdev->gb_len == 0) {
377 im_protocols &= ~NFC_PROTO_NFC_DEP_MASK;
378 tm_protocols &= ~NFC_PROTO_NFC_DEP_MASK;
379 }
380
381 param[0] = ST21NFCA_RF_READER_F_DATARATE_106 |
382 ST21NFCA_RF_READER_F_DATARATE_212 |
383 ST21NFCA_RF_READER_F_DATARATE_424;
384 r = nfc_hci_set_param(hdev, ST21NFCA_RF_READER_F_GATE,
385 ST21NFCA_RF_READER_F_DATARATE,
386 param, 1);
387 if (r < 0)
388 return r;
389
390 pol_req = be32_to_cpu((__force __be32)
391 ST21NFCA_RF_READER_F_POL_REQ_DEFAULT);
392 r = nfc_hci_set_param(hdev, ST21NFCA_RF_READER_F_GATE,
393 ST21NFCA_RF_READER_F_POL_REQ,
394 (u8 *) &pol_req, 4);
395 if (r < 0)
396 return r;
397 }
398
399 if ((ST21NFCA_RF_READER_14443_3_A_GATE & im_protocols) == 0) {
400 r = nfc_hci_disconnect_gate(hdev,
401 ST21NFCA_RF_READER_14443_3_A_GATE);
402 if (r < 0)
403 return r;
404 }
405
406 if ((ST21NFCA_RF_READER_ISO15693_GATE & im_protocols) == 0) {
407 r = nfc_hci_disconnect_gate(hdev,
408 ST21NFCA_RF_READER_ISO15693_GATE);
409 if (r < 0)
410 return r;
411 }
412
413 r = nfc_hci_send_event(hdev, NFC_HCI_RF_READER_A_GATE,
414 NFC_HCI_EVT_READER_REQUESTED, NULL, 0);
415 if (r < 0)
416 nfc_hci_send_event(hdev, NFC_HCI_RF_READER_A_GATE,
417 NFC_HCI_EVT_END_OPERATION, NULL, 0);
418 }
419
420 if (tm_protocols & NFC_PROTO_NFC_DEP_MASK) {
421 r = nfc_hci_get_param(hdev, ST21NFCA_RF_CARD_F_GATE,
422 ST21NFCA_RF_CARD_F_DATARATE,
423 &datarate_skb);
424 if (r < 0)
425 return r;
426
427 /* Configure the maximum supported datarate to 424Kbps */
428 if (datarate_skb->len > 0 &&
429 datarate_skb->data[0] !=
430 ST21NFCA_RF_CARD_F_DATARATE_212_424) {
431 param[0] = ST21NFCA_RF_CARD_F_DATARATE_212_424;
432 r = nfc_hci_set_param(hdev, ST21NFCA_RF_CARD_F_GATE,
433 ST21NFCA_RF_CARD_F_DATARATE,
434 param, 1);
435 if (r < 0) {
436 kfree_skb(datarate_skb);
437 return r;
438 }
439 }
440 kfree_skb(datarate_skb);
441
442 /*
443 * Configure sens_res
444 *
445 * NFC Forum Digital Spec Table 7:
446 * NFCID1 size: triple (10 bytes)
447 */
448 param[0] = 0x00;
449 param[1] = 0x08;
450 r = nfc_hci_set_param(hdev, ST21NFCA_RF_CARD_F_GATE,
451 ST21NFCA_RF_CARD_F_SENS_RES, param, 2);
452 if (r < 0)
453 return r;
454
455 /*
456 * Configure sel_res
457 *
458 * NFC Forum Digistal Spec Table 17:
459 * b3 set to 0b (value b7-b6):
460 * - 10b: Configured for NFC-DEP Protocol
461 */
462 param[0] = 0x40;
463 r = nfc_hci_set_param(hdev, ST21NFCA_RF_CARD_F_GATE,
464 ST21NFCA_RF_CARD_F_SEL_RES, param, 1);
465 if (r < 0)
466 return r;
467
468 /* Configure NFCID1 Random uid */
469 r = nfc_hci_set_param(hdev, ST21NFCA_RF_CARD_F_GATE,
470 ST21NFCA_RF_CARD_F_NFCID1, NULL, 0);
471 if (r < 0)
472 return r;
473
474 /* Configure NFCID2_LIST */
475 /* System Code */
476 param[0] = 0x00;
477 param[1] = 0x00;
478 /* NFCID2 */
479 param[2] = 0x01;
480 param[3] = 0xfe;
481 param[4] = 'S';
482 param[5] = 'T';
483 param[6] = 'M';
484 param[7] = 'i';
485 param[8] = 'c';
486 param[9] = 'r';
487 /* 8 byte Pad bytes used for polling respone frame */
488
489 /*
490 * Configuration byte:
491 * - bit 0: define the default NFCID2 entry used when the
492 * system code is equal to 'FFFF'
493 * - bit 1: use a random value for lowest 6 bytes of
494 * NFCID2 value
495 * - bit 2: ignore polling request frame if request code
496 * is equal to '01'
497 * - Other bits are RFU
498 */
499 param[18] = 0x01;
500 r = nfc_hci_set_param(hdev, ST21NFCA_RF_CARD_F_GATE,
501 ST21NFCA_RF_CARD_F_NFCID2_LIST, param,
502 19);
503 if (r < 0)
504 return r;
505
506 param[0] = 0x02;
507 r = nfc_hci_set_param(hdev, ST21NFCA_RF_CARD_F_GATE,
508 ST21NFCA_RF_CARD_F_MODE, param, 1);
509 }
510
511 return r;
512 }
513
st21nfca_hci_stop_poll(struct nfc_hci_dev * hdev)514 static void st21nfca_hci_stop_poll(struct nfc_hci_dev *hdev)
515 {
516 nfc_hci_send_cmd(hdev, ST21NFCA_DEVICE_MGNT_GATE,
517 ST21NFCA_DM_DISCONNECT, NULL, 0, NULL);
518 }
519
st21nfca_get_iso14443_3_atqa(struct nfc_hci_dev * hdev,u16 * atqa)520 static int st21nfca_get_iso14443_3_atqa(struct nfc_hci_dev *hdev, u16 *atqa)
521 {
522 int r;
523 struct sk_buff *atqa_skb = NULL;
524
525 r = nfc_hci_get_param(hdev, ST21NFCA_RF_READER_14443_3_A_GATE,
526 ST21NFCA_RF_READER_14443_3_A_ATQA, &atqa_skb);
527 if (r < 0)
528 goto exit;
529
530 if (atqa_skb->len != 2) {
531 r = -EPROTO;
532 goto exit;
533 }
534
535 *atqa = be16_to_cpu(*(__be16 *) atqa_skb->data);
536
537 exit:
538 kfree_skb(atqa_skb);
539 return r;
540 }
541
st21nfca_get_iso14443_3_sak(struct nfc_hci_dev * hdev,u8 * sak)542 static int st21nfca_get_iso14443_3_sak(struct nfc_hci_dev *hdev, u8 *sak)
543 {
544 int r;
545 struct sk_buff *sak_skb = NULL;
546
547 r = nfc_hci_get_param(hdev, ST21NFCA_RF_READER_14443_3_A_GATE,
548 ST21NFCA_RF_READER_14443_3_A_SAK, &sak_skb);
549 if (r < 0)
550 goto exit;
551
552 if (sak_skb->len != 1) {
553 r = -EPROTO;
554 goto exit;
555 }
556
557 *sak = sak_skb->data[0];
558
559 exit:
560 kfree_skb(sak_skb);
561 return r;
562 }
563
st21nfca_get_iso14443_3_uid(struct nfc_hci_dev * hdev,u8 * uid,int * len)564 static int st21nfca_get_iso14443_3_uid(struct nfc_hci_dev *hdev, u8 *uid,
565 int *len)
566 {
567 int r;
568 struct sk_buff *uid_skb = NULL;
569
570 r = nfc_hci_get_param(hdev, ST21NFCA_RF_READER_14443_3_A_GATE,
571 ST21NFCA_RF_READER_14443_3_A_UID, &uid_skb);
572 if (r < 0)
573 goto exit;
574
575 if (uid_skb->len == 0 || uid_skb->len > NFC_NFCID1_MAXSIZE) {
576 r = -EPROTO;
577 goto exit;
578 }
579
580 memcpy(uid, uid_skb->data, uid_skb->len);
581 *len = uid_skb->len;
582 exit:
583 kfree_skb(uid_skb);
584 return r;
585 }
586
st21nfca_get_iso15693_inventory(struct nfc_hci_dev * hdev,struct nfc_target * target)587 static int st21nfca_get_iso15693_inventory(struct nfc_hci_dev *hdev,
588 struct nfc_target *target)
589 {
590 int r;
591 struct sk_buff *inventory_skb = NULL;
592
593 r = nfc_hci_get_param(hdev, ST21NFCA_RF_READER_ISO15693_GATE,
594 ST21NFCA_RF_READER_ISO15693_INVENTORY,
595 &inventory_skb);
596 if (r < 0)
597 goto exit;
598
599 skb_pull(inventory_skb, 2);
600
601 if (inventory_skb->len == 0 ||
602 inventory_skb->len > NFC_ISO15693_UID_MAXSIZE) {
603 r = -EPROTO;
604 goto exit;
605 }
606
607 memcpy(target->iso15693_uid, inventory_skb->data, inventory_skb->len);
608 target->iso15693_dsfid = inventory_skb->data[1];
609 target->is_iso15693 = 1;
610 exit:
611 kfree_skb(inventory_skb);
612 return r;
613 }
614
st21nfca_hci_dep_link_up(struct nfc_hci_dev * hdev,struct nfc_target * target,u8 comm_mode,u8 * gb,size_t gb_len)615 static int st21nfca_hci_dep_link_up(struct nfc_hci_dev *hdev,
616 struct nfc_target *target, u8 comm_mode,
617 u8 *gb, size_t gb_len)
618 {
619 struct st21nfca_hci_info *info = nfc_hci_get_clientdata(hdev);
620
621 info->dep_info.idx = target->idx;
622 return st21nfca_im_send_atr_req(hdev, gb, gb_len);
623 }
624
st21nfca_hci_dep_link_down(struct nfc_hci_dev * hdev)625 static int st21nfca_hci_dep_link_down(struct nfc_hci_dev *hdev)
626 {
627 struct st21nfca_hci_info *info = nfc_hci_get_clientdata(hdev);
628
629 info->state = ST21NFCA_ST_READY;
630
631 return nfc_hci_send_cmd(hdev, ST21NFCA_DEVICE_MGNT_GATE,
632 ST21NFCA_DM_DISCONNECT, NULL, 0, NULL);
633 }
634
st21nfca_hci_target_from_gate(struct nfc_hci_dev * hdev,u8 gate,struct nfc_target * target)635 static int st21nfca_hci_target_from_gate(struct nfc_hci_dev *hdev, u8 gate,
636 struct nfc_target *target)
637 {
638 int r, len;
639 u16 atqa;
640 u8 sak;
641 u8 uid[NFC_NFCID1_MAXSIZE];
642
643 switch (gate) {
644 case ST21NFCA_RF_READER_F_GATE:
645 target->supported_protocols = NFC_PROTO_FELICA_MASK;
646 break;
647 case ST21NFCA_RF_READER_14443_3_A_GATE:
648 /* ISO14443-3 type 1 or 2 tags */
649 r = st21nfca_get_iso14443_3_atqa(hdev, &atqa);
650 if (r < 0)
651 return r;
652 if (atqa == 0x000c) {
653 target->supported_protocols = NFC_PROTO_JEWEL_MASK;
654 target->sens_res = 0x0c00;
655 } else {
656 r = st21nfca_get_iso14443_3_sak(hdev, &sak);
657 if (r < 0)
658 return r;
659
660 r = st21nfca_get_iso14443_3_uid(hdev, uid, &len);
661 if (r < 0)
662 return r;
663
664 target->supported_protocols =
665 nfc_hci_sak_to_protocol(sak);
666 if (target->supported_protocols == 0xffffffff)
667 return -EPROTO;
668
669 target->sens_res = atqa;
670 target->sel_res = sak;
671 memcpy(target->nfcid1, uid, len);
672 target->nfcid1_len = len;
673 }
674
675 break;
676 case ST21NFCA_RF_READER_ISO15693_GATE:
677 target->supported_protocols = NFC_PROTO_ISO15693_MASK;
678 r = st21nfca_get_iso15693_inventory(hdev, target);
679 if (r < 0)
680 return r;
681 break;
682 default:
683 return -EPROTO;
684 }
685
686 return 0;
687 }
688
st21nfca_hci_complete_target_discovered(struct nfc_hci_dev * hdev,u8 gate,struct nfc_target * target)689 static int st21nfca_hci_complete_target_discovered(struct nfc_hci_dev *hdev,
690 u8 gate,
691 struct nfc_target *target)
692 {
693 int r;
694 struct sk_buff *nfcid_skb = NULL;
695
696 if (gate == ST21NFCA_RF_READER_F_GATE) {
697 r = nfc_hci_get_param(hdev, ST21NFCA_RF_READER_F_GATE,
698 ST21NFCA_RF_READER_F_NFCID2, &nfcid_skb);
699 if (r < 0)
700 goto exit;
701
702 if (nfcid_skb->len > NFC_SENSF_RES_MAXSIZE) {
703 r = -EPROTO;
704 goto exit;
705 }
706
707 /*
708 * - After the recepton of polling response for type F frame
709 * at 212 or 424 Kbit/s, NFCID2 registry parameters will be
710 * updated.
711 * - After the reception of SEL_RES with NFCIP-1 compliant bit
712 * set for type A frame NFCID1 will be updated
713 */
714 if (nfcid_skb->len > 0) {
715 /* P2P in type F */
716 memcpy(target->sensf_res, nfcid_skb->data,
717 nfcid_skb->len);
718 target->sensf_res_len = nfcid_skb->len;
719 /* NFC Forum Digital Protocol Table 44 */
720 if (target->sensf_res[0] == 0x01 &&
721 target->sensf_res[1] == 0xfe)
722 target->supported_protocols =
723 NFC_PROTO_NFC_DEP_MASK;
724 else
725 target->supported_protocols =
726 NFC_PROTO_FELICA_MASK;
727 } else {
728 kfree_skb(nfcid_skb);
729 nfcid_skb = NULL;
730 /* P2P in type A */
731 r = nfc_hci_get_param(hdev, ST21NFCA_RF_READER_F_GATE,
732 ST21NFCA_RF_READER_F_NFCID1,
733 &nfcid_skb);
734 if (r < 0)
735 goto exit;
736
737 if (nfcid_skb->len > NFC_NFCID1_MAXSIZE) {
738 r = -EPROTO;
739 goto exit;
740 }
741 memcpy(target->sensf_res, nfcid_skb->data,
742 nfcid_skb->len);
743 target->sensf_res_len = nfcid_skb->len;
744 target->supported_protocols = NFC_PROTO_NFC_DEP_MASK;
745 }
746 target->hci_reader_gate = ST21NFCA_RF_READER_F_GATE;
747 }
748 r = 1;
749 exit:
750 kfree_skb(nfcid_skb);
751 return r;
752 }
753
754 #define ST21NFCA_CB_TYPE_READER_ISO15693 1
st21nfca_hci_data_exchange_cb(void * context,struct sk_buff * skb,int err)755 static void st21nfca_hci_data_exchange_cb(void *context, struct sk_buff *skb,
756 int err)
757 {
758 struct st21nfca_hci_info *info = context;
759
760 switch (info->async_cb_type) {
761 case ST21NFCA_CB_TYPE_READER_ISO15693:
762 if (err == 0)
763 skb_trim(skb, skb->len - 1);
764 info->async_cb(info->async_cb_context, skb, err);
765 break;
766 default:
767 if (err == 0)
768 kfree_skb(skb);
769 break;
770 }
771 }
772
773 /*
774 * Returns:
775 * <= 0: driver handled the data exchange
776 * 1: driver doesn't especially handle, please do standard processing
777 */
st21nfca_hci_im_transceive(struct nfc_hci_dev * hdev,struct nfc_target * target,struct sk_buff * skb,data_exchange_cb_t cb,void * cb_context)778 static int st21nfca_hci_im_transceive(struct nfc_hci_dev *hdev,
779 struct nfc_target *target,
780 struct sk_buff *skb,
781 data_exchange_cb_t cb, void *cb_context)
782 {
783 struct st21nfca_hci_info *info = nfc_hci_get_clientdata(hdev);
784
785 pr_info(DRIVER_DESC ": %s for gate=%d len=%d\n", __func__,
786 target->hci_reader_gate, skb->len);
787
788 switch (target->hci_reader_gate) {
789 case ST21NFCA_RF_READER_F_GATE:
790 if (target->supported_protocols == NFC_PROTO_NFC_DEP_MASK)
791 return st21nfca_im_send_dep_req(hdev, skb);
792
793 *skb_push(skb, 1) = 0x1a;
794 return nfc_hci_send_cmd_async(hdev, target->hci_reader_gate,
795 ST21NFCA_WR_XCHG_DATA, skb->data,
796 skb->len, cb, cb_context);
797 case ST21NFCA_RF_READER_14443_3_A_GATE:
798 *skb_push(skb, 1) = 0x1a; /* CTR, see spec:10.2.2.1 */
799
800 return nfc_hci_send_cmd_async(hdev, target->hci_reader_gate,
801 ST21NFCA_WR_XCHG_DATA, skb->data,
802 skb->len, cb, cb_context);
803 case ST21NFCA_RF_READER_ISO15693_GATE:
804 info->async_cb_type = ST21NFCA_CB_TYPE_READER_ISO15693;
805 info->async_cb = cb;
806 info->async_cb_context = cb_context;
807
808 *skb_push(skb, 1) = 0x17;
809
810 return nfc_hci_send_cmd_async(hdev, target->hci_reader_gate,
811 ST21NFCA_WR_XCHG_DATA, skb->data,
812 skb->len,
813 st21nfca_hci_data_exchange_cb,
814 info);
815 break;
816 default:
817 return 1;
818 }
819 }
820
st21nfca_hci_tm_send(struct nfc_hci_dev * hdev,struct sk_buff * skb)821 static int st21nfca_hci_tm_send(struct nfc_hci_dev *hdev, struct sk_buff *skb)
822 {
823 return st21nfca_tm_send_dep_res(hdev, skb);
824 }
825
st21nfca_hci_check_presence(struct nfc_hci_dev * hdev,struct nfc_target * target)826 static int st21nfca_hci_check_presence(struct nfc_hci_dev *hdev,
827 struct nfc_target *target)
828 {
829 u8 fwi = 0x11;
830
831 switch (target->hci_reader_gate) {
832 case NFC_HCI_RF_READER_A_GATE:
833 case NFC_HCI_RF_READER_B_GATE:
834 /*
835 * PRESENCE_CHECK on those gates is available
836 * However, the answer to this command is taking 3 * fwi
837 * if the card is no present.
838 * Instead, we send an empty I-Frame with a very short
839 * configurable fwi ~604µs.
840 */
841 return nfc_hci_send_cmd(hdev, target->hci_reader_gate,
842 ST21NFCA_WR_XCHG_DATA, &fwi, 1, NULL);
843 case ST21NFCA_RF_READER_14443_3_A_GATE:
844 return nfc_hci_send_cmd(hdev, target->hci_reader_gate,
845 ST21NFCA_RF_READER_CMD_PRESENCE_CHECK,
846 NULL, 0, NULL);
847 default:
848 return -EOPNOTSUPP;
849 }
850 }
851
st21nfca_hci_cmd_received(struct nfc_hci_dev * hdev,u8 pipe,u8 cmd,struct sk_buff * skb)852 static void st21nfca_hci_cmd_received(struct nfc_hci_dev *hdev, u8 pipe, u8 cmd,
853 struct sk_buff *skb)
854 {
855 struct st21nfca_hci_info *info = nfc_hci_get_clientdata(hdev);
856 u8 gate = hdev->pipes[pipe].gate;
857
858 pr_debug("cmd: %x\n", cmd);
859
860 switch (cmd) {
861 case NFC_HCI_ANY_OPEN_PIPE:
862 if (gate != ST21NFCA_APDU_READER_GATE &&
863 hdev->pipes[pipe].dest_host != NFC_HCI_UICC_HOST_ID)
864 info->se_info.count_pipes++;
865
866 if (info->se_info.count_pipes == info->se_info.expected_pipes) {
867 del_timer_sync(&info->se_info.se_active_timer);
868 info->se_info.se_active = false;
869 info->se_info.count_pipes = 0;
870 complete(&info->se_info.req_completion);
871 }
872 break;
873 }
874 }
875
st21nfca_admin_event_received(struct nfc_hci_dev * hdev,u8 event,struct sk_buff * skb)876 static int st21nfca_admin_event_received(struct nfc_hci_dev *hdev, u8 event,
877 struct sk_buff *skb)
878 {
879 struct st21nfca_hci_info *info = nfc_hci_get_clientdata(hdev);
880
881 pr_debug("admin event: %x\n", event);
882
883 switch (event) {
884 case ST21NFCA_EVT_HOT_PLUG:
885 if (info->se_info.se_active) {
886 if (!ST21NFCA_EVT_HOT_PLUG_IS_INHIBITED(skb)) {
887 del_timer_sync(&info->se_info.se_active_timer);
888 info->se_info.se_active = false;
889 complete(&info->se_info.req_completion);
890 } else {
891 mod_timer(&info->se_info.se_active_timer,
892 jiffies +
893 msecs_to_jiffies(ST21NFCA_SE_TO_PIPES));
894 }
895 }
896 break;
897 default:
898 nfc_err(&hdev->ndev->dev, "Unexpected event on admin gate\n");
899 }
900 kfree_skb(skb);
901 return 0;
902 }
903
904 /*
905 * Returns:
906 * <= 0: driver handled the event, skb consumed
907 * 1: driver does not handle the event, please do standard processing
908 */
st21nfca_hci_event_received(struct nfc_hci_dev * hdev,u8 pipe,u8 event,struct sk_buff * skb)909 static int st21nfca_hci_event_received(struct nfc_hci_dev *hdev, u8 pipe,
910 u8 event, struct sk_buff *skb)
911 {
912 u8 gate = hdev->pipes[pipe].gate;
913 u8 host = hdev->pipes[pipe].dest_host;
914
915 pr_debug("hci event: %d gate: %x\n", event, gate);
916
917 switch (gate) {
918 case NFC_HCI_ADMIN_GATE:
919 return st21nfca_admin_event_received(hdev, event, skb);
920 case ST21NFCA_RF_CARD_F_GATE:
921 return st21nfca_dep_event_received(hdev, event, skb);
922 case ST21NFCA_CONNECTIVITY_GATE:
923 return st21nfca_connectivity_event_received(hdev, host,
924 event, skb);
925 case ST21NFCA_APDU_READER_GATE:
926 return st21nfca_apdu_reader_event_received(hdev, event, skb);
927 case NFC_HCI_LOOPBACK_GATE:
928 return st21nfca_hci_loopback_event_received(hdev, event, skb);
929 default:
930 return 1;
931 }
932 }
933
934 static struct nfc_hci_ops st21nfca_hci_ops = {
935 .open = st21nfca_hci_open,
936 .close = st21nfca_hci_close,
937 .load_session = st21nfca_hci_load_session,
938 .hci_ready = st21nfca_hci_ready,
939 .xmit = st21nfca_hci_xmit,
940 .start_poll = st21nfca_hci_start_poll,
941 .stop_poll = st21nfca_hci_stop_poll,
942 .dep_link_up = st21nfca_hci_dep_link_up,
943 .dep_link_down = st21nfca_hci_dep_link_down,
944 .target_from_gate = st21nfca_hci_target_from_gate,
945 .complete_target_discovered = st21nfca_hci_complete_target_discovered,
946 .im_transceive = st21nfca_hci_im_transceive,
947 .tm_send = st21nfca_hci_tm_send,
948 .check_presence = st21nfca_hci_check_presence,
949 .event_received = st21nfca_hci_event_received,
950 .cmd_received = st21nfca_hci_cmd_received,
951 .discover_se = st21nfca_hci_discover_se,
952 .enable_se = st21nfca_hci_enable_se,
953 .disable_se = st21nfca_hci_disable_se,
954 .se_io = st21nfca_hci_se_io,
955 };
956
st21nfca_hci_probe(void * phy_id,struct nfc_phy_ops * phy_ops,char * llc_name,int phy_headroom,int phy_tailroom,int phy_payload,struct nfc_hci_dev ** hdev,struct st21nfca_se_status * se_status)957 int st21nfca_hci_probe(void *phy_id, struct nfc_phy_ops *phy_ops,
958 char *llc_name, int phy_headroom, int phy_tailroom,
959 int phy_payload, struct nfc_hci_dev **hdev,
960 struct st21nfca_se_status *se_status)
961 {
962 struct st21nfca_hci_info *info;
963 int r = 0;
964 int dev_num;
965 u32 protocols;
966 struct nfc_hci_init_data init_data;
967 unsigned long quirks = 0;
968
969 info = kzalloc(sizeof(struct st21nfca_hci_info), GFP_KERNEL);
970 if (!info) {
971 r = -ENOMEM;
972 goto err_alloc_hdev;
973 }
974
975 info->phy_ops = phy_ops;
976 info->phy_id = phy_id;
977 info->state = ST21NFCA_ST_COLD;
978 mutex_init(&info->info_lock);
979
980 init_data.gate_count = ARRAY_SIZE(st21nfca_gates);
981
982 memcpy(init_data.gates, st21nfca_gates, sizeof(st21nfca_gates));
983
984 /*
985 * Session id must include the driver name + i2c bus addr
986 * persistent info to discriminate 2 identical chips
987 */
988 dev_num = find_first_zero_bit(dev_mask, ST21NFCA_NUM_DEVICES);
989 if (dev_num >= ST21NFCA_NUM_DEVICES)
990 return -ENODEV;
991
992 set_bit(dev_num, dev_mask);
993
994 scnprintf(init_data.session_id, sizeof(init_data.session_id), "%s%2x",
995 "ST21AH", dev_num);
996
997 protocols = NFC_PROTO_JEWEL_MASK |
998 NFC_PROTO_MIFARE_MASK |
999 NFC_PROTO_FELICA_MASK |
1000 NFC_PROTO_ISO14443_MASK |
1001 NFC_PROTO_ISO14443_B_MASK |
1002 NFC_PROTO_ISO15693_MASK |
1003 NFC_PROTO_NFC_DEP_MASK;
1004
1005 set_bit(NFC_HCI_QUIRK_SHORT_CLEAR, &quirks);
1006
1007 info->hdev =
1008 nfc_hci_allocate_device(&st21nfca_hci_ops, &init_data, quirks,
1009 protocols, llc_name,
1010 phy_headroom + ST21NFCA_CMDS_HEADROOM,
1011 phy_tailroom, phy_payload);
1012
1013 if (!info->hdev) {
1014 pr_err("Cannot allocate nfc hdev.\n");
1015 r = -ENOMEM;
1016 goto err_alloc_hdev;
1017 }
1018
1019 info->se_status = se_status;
1020
1021 nfc_hci_set_clientdata(info->hdev, info);
1022
1023 r = nfc_hci_register_device(info->hdev);
1024 if (r)
1025 goto err_regdev;
1026
1027 *hdev = info->hdev;
1028 st21nfca_dep_init(info->hdev);
1029 st21nfca_se_init(info->hdev);
1030 st21nfca_vendor_cmds_init(info->hdev);
1031
1032 return 0;
1033
1034 err_regdev:
1035 nfc_hci_free_device(info->hdev);
1036
1037 err_alloc_hdev:
1038 kfree(info);
1039
1040 return r;
1041 }
1042 EXPORT_SYMBOL(st21nfca_hci_probe);
1043
st21nfca_hci_remove(struct nfc_hci_dev * hdev)1044 void st21nfca_hci_remove(struct nfc_hci_dev *hdev)
1045 {
1046 struct st21nfca_hci_info *info = nfc_hci_get_clientdata(hdev);
1047
1048 st21nfca_dep_deinit(hdev);
1049 st21nfca_se_deinit(hdev);
1050 nfc_hci_unregister_device(hdev);
1051 nfc_hci_free_device(hdev);
1052 kfree(info);
1053 }
1054 EXPORT_SYMBOL(st21nfca_hci_remove);
1055
1056 MODULE_LICENSE("GPL");
1057 MODULE_DESCRIPTION(DRIVER_DESC);
1058