3 * neard - Near Field Communication manager
5 * Copyright (C) 2012 Intel Corporation. All rights reserved.
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License version 2 as
9 * published by the Free Software Foundation.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
29 #include <sys/socket.h>
31 #include <linux/socket.h>
34 #include <near/plugin.h>
36 #include <near/types.h>
37 #include <near/adapter.h>
39 #include <near/ndef.h>
43 * NXP Application Notes:
45 * http://www.nxp.com/technical-support-portal/53420/71108/application-notes
49 int mifare_read(uint32_t adapter_idx, uint32_t target_idx,
50 near_tag_io_cb cb, enum near_tag_sub_type tgt_subtype);
52 int mifare_check_presence(uint32_t adapter_idx, uint32_t target_idx,
53 near_tag_io_cb cb, enum near_tag_sub_type tgt_subtype);
55 int mifare_write(uint32_t adapter_idx, uint32_t target_idx,
56 struct near_ndef_message *ndef,
57 near_tag_io_cb cb, enum near_tag_sub_type tgt_subtype);
59 /* MIFARE command set */
60 #define MF_CMD_WRITE 0xA0
61 #define MF_CMD_READ 0x30
62 #define MF_CMD_AUTH_KEY_A 0x60
64 #define NFC_AID_TAG 0xE103
67 * Define boundaries for 1K / 2K / 4K
68 * 1K: sector 0 to 15 (3 blocks each + trailer block )
69 * 2K: sector 0 to 31 (3 blocks each + trailer block )
70 * 4K: sector 0 to 31 (3 blocks each + trailer block )
71 * and sector 32 to 39 (15 blocks each + trailer block )
73 #define DEFAULT_BLOCK_SIZE 16 /* MF_CMD_READ */
75 #define STD_BLK_SECT_TRAILER 4 /* bl per sect with trailer 1K/2K */
76 #define EXT_BLK_SECT_TRAILER 16 /* bl per sect with trailer 4K */
78 #define STD_BLK_PER_SECT 3 /* 1 sect == 3blocks */
79 #define EXT_BLK_PER_SECT 15 /* for 4K tags */
81 /* Usual sector size, including trailer */
82 #define STD_SECTOR_SIZE (4 * DEFAULT_BLOCK_SIZE) /* 00-31 */
83 #define EXT_SECTOR_SIZE (16 * DEFAULT_BLOCK_SIZE) /* 32-39 */
85 /* Usual sector size, without trailer */
86 #define SECTOR_SIZE (3 * DEFAULT_BLOCK_SIZE)
87 #define BIG_SECTOR_SIZE (15 * DEFAULT_BLOCK_SIZE)
89 #define T4K_BOUNDARY 32
90 #define T4K_BLK_OFF 0x80 /* blocks count before sector 32 */
93 #define WITH_TRAILER 1
96 /* Default MAD keys. Key length = 6 bytes */
98 static uint8_t MAD_public_key[] = {0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5};
99 static uint8_t MAD_NFC_key[] = {0xd3, 0xf7, 0xd3, 0xf7, 0xd3, 0xf7};
101 #define MAD1_SECTOR 0x00 /* Sector 0 is for MAD1 */
102 #define MAD1_1ST_BLOCK 0x00 /* 1st block of sector 0 */
103 #define MAD2_GPB_BITS 0x02 /* MAD v2 flag */
105 #define MAD2_SECTOR 0x10 /* Sector 16 is for MAD2 */
106 #define MAD2_1ST_BLOCK 0x40 /* 1st block of MAD2 */
108 #define MAD_V1_AIDS_LEN 15 /* 1 to 0x0F */
109 #define MAD_V2_AIDS_LEN 23 /*0x11 to 0x27 */
111 #define NFC_1ST_BLOCK 0x04 /* Sectors from 1 are for NFC */
113 #define ACC_BITS_LEN 3
115 /* Access bits for data blocks mask */
116 static uint8_t DATA_access_mask[] = {0x77, 0x77, 0x77};
118 /* Write with key A access bits configuration */
119 static uint8_t WRITE_with_key_A[] = {0x77, 0x07, 0x00};
121 /* MAD1 sector structure. Start at block 0x00 */
123 uint8_t man_info[16];
125 uint16_t aids[MAD_V1_AIDS_LEN];
127 uint8_t key_A[MAD_KEY_LEN];
128 uint8_t access_cond[3];
130 uint8_t key_B[MAD_KEY_LEN];
131 } __attribute__((packed));
133 /* MAD2 sector structure. Start at block 0x40 */
136 uint16_t aids[MAD_V2_AIDS_LEN];
138 uint8_t key_A[MAD_KEY_LEN];
139 uint8_t access_cond[3];
141 uint8_t key_B[MAD_KEY_LEN];
142 } __attribute__((packed));
144 struct mifare_cookie {
145 uint32_t adapter_idx;
150 struct near_tag *tag;
152 near_recv next_far_func;
157 GSList *g_sect_list; /* Global sectors list */
159 /* For read and write functions */
160 near_recv rws_next_fct; /* next function */
161 int rws_block_start; /* first block */
162 int rws_block_end; /* last block */
163 int rws_completed; /* read blocks */
167 int rs_length; /* read length */
168 uint8_t *rs_pmem; /* Stored read sector */
169 int rs_max_length; /* available size */
171 size_t nfc_data_length;
174 struct near_ndef_message *ndef; /* message to write */
175 size_t ndef_length; /* message length */
177 /* For access check */
178 int (*acc_check_function)(void *data); /* acc check fnc */
179 uint8_t *acc_bits_mask; /* blocks to check */
180 uint8_t *acc_rights; /* condition */
181 int (*acc_denied_fct)(void *data);/* fnc to call on access denial */
182 GSList *acc_sect; /* sector from g_sect_list to check */
189 } __attribute__((packed));
191 struct mf_write_cmd {
194 uint8_t data[DEFAULT_BLOCK_SIZE];
195 } __attribute__((packed));
200 uint8_t key[MAD_KEY_LEN];
201 uint8_t nfcid[NFC_NFCID1_MAXSIZE];
202 } __attribute__((packed));
204 static int mifare_release(int err, void *data)
206 struct mifare_cookie *cookie = data;
213 if (err < 0 && cookie->cb) {
214 cookie->cb(cookie->adapter_idx, cookie->target_idx, err);
215 near_adapter_disconnect(cookie->adapter_idx);
218 /* Now free allocs */
219 g_free(cookie->nfcid1);
220 g_slist_free(cookie->g_sect_list);
221 g_free(cookie->mad_1);
222 g_free(cookie->mad_2);
225 g_free(cookie->ndef->data);
227 g_free(cookie->ndef);
235 * Mifare_generic MAD unlock block function
236 * This function send unlock code to the tag, and so, allow access
237 * to the complete related sector.
239 static int mifare_unlock_sector(int block_id,
240 near_recv next_far_fct,
243 struct mifare_cmd cmd;
244 struct mifare_cookie *cookie = data;
248 * For MADs sectors we use public key A (a0a1a2a3a4a5) but
249 - * for NFC sectors we use NFC_KEY_A (d3f7d3f7d3f7)
251 if ((block_id == MAD1_1ST_BLOCK) || (block_id == MAD2_1ST_BLOCK))
252 key_ref = MAD_public_key;
254 key_ref = MAD_NFC_key;
256 /* CMD AUTHENTICATION */
257 cmd.cmd = MF_CMD_AUTH_KEY_A;
259 /* Authenticate will be on the 1st block of the sector */
260 cmd.block = block_id;
262 /* Store the AUTH KEY */
263 memcpy(&cmd.key, key_ref, MAD_KEY_LEN);
266 memcpy(&cmd.nfcid, cookie->nfcid1, cookie->nfcid1_len);
268 return near_adapter_send(cookie->adapter_idx, (uint8_t *)&cmd,
269 sizeof(cmd) - NFC_NFCID1_MAXSIZE + cookie->nfcid1_len,
270 next_far_fct, cookie, mifare_release);
274 * Common MIFARE Block read:
275 * Each call will read 16 bytes from tag... so to read 1 sector,
276 * it has to be called it 4 times or 16 times
277 * (minus 1 or not for the trailer block)
279 * data: mifare_cookie *mf_ck
280 * mf_ck->read_block: block number to read
282 static int mifare_read_block(uint8_t block_id,
286 struct type2_cmd cmd;
287 struct mifare_cookie *mf_ck = data;
289 cmd.cmd = MF_CMD_READ; /* MIFARE READ */
290 cmd.block = block_id;
292 return near_adapter_send(mf_ck->adapter_idx, (uint8_t *) &cmd, 2,
293 far_func, mf_ck, mifare_release);
297 * Check access rights
298 * Function processes sector trailer received from tag and checks access rights.
299 * In case specified access isn't granted it calls appropriate
300 * access denial function.
301 * If access is granted, previous action (e.g. read, write) is continued.
303 static int mifare_check_rights_cb(uint8_t *resp, int length, void *data)
305 struct mifare_cookie *mf_ck = data;
315 /* skip reader byte and key A */
316 c = resp + 1 + MAD_KEY_LEN;
318 for (i = 0; i < ACC_BITS_LEN; i++) {
319 if ((c[i] & mf_ck->acc_bits_mask[i]) != mf_ck->acc_rights[i]) {
320 (*mf_ck->acc_denied_fct)(data);
325 /* Continue previous action (read/write) */
326 err = (*mf_ck->rws_next_fct)(resp, length, data);
334 return mifare_release(err, mf_ck);
337 /* Calls to mifare_read_block to get sector trailer */
338 static int mifare_check_rights(uint8_t *resp, int length, void *data)
340 struct mifare_cookie *mf_ck = data;
343 err = mifare_read_block(mf_ck->rws_block_start, mf_ck,
344 mifare_check_rights_cb);
347 return mifare_release(err, mf_ck);
352 static int mifare_read_sector_cb(uint8_t *resp, int length, void *data)
354 struct mifare_cookie *mf_ck = data;
363 length = length - 1; /* ignore first byte - Reader byte */
365 /* save the length: */
366 mf_ck->rs_length = mf_ck->rs_length + length;
368 memcpy(mf_ck->rs_pmem + mf_ck->rws_completed * DEFAULT_BLOCK_SIZE,
369 resp + 1,/* ignore reader byte */
373 mf_ck->rws_completed = mf_ck->rws_completed + 1;
375 if ((mf_ck->rws_block_start + mf_ck->rws_completed)
376 < mf_ck->rws_block_end)
377 err = mifare_read_block(
378 (mf_ck->rws_block_start + mf_ck->rws_completed),
380 mifare_read_sector_cb);
382 /* Now Process the callback ! */
383 err = (*mf_ck->rws_next_fct)(mf_ck->rs_pmem,
384 mf_ck->rs_length, data);
392 return mifare_release(err, mf_ck);
395 static int mifare_read_sector_unlocked(uint8_t *resp, int length, void *data)
397 struct mifare_cookie *mf_ck = data;
404 /* And run the read process on the first block of the sector */
405 err = mifare_read_block(mf_ck->rws_block_start, data,
406 mifare_read_sector_cb);
413 return mifare_release(err, mf_ck);
417 * This function reads a complete sector, using block per block function.
418 * sector sizes can be:
420 * 48 bytes: 3*16 no trailer
421 * 64 bytes: 4*16 with trailer
423 * 240 bytes: 15*16 no trailer
424 * 256 bytes: 16*16 with trailer
426 * Unlock is done at the beginning of first sector.
428 static int mifare_read_sector(void *cookie,
429 uint8_t *pmem, /* memory to fill */
430 uint16_t memsize, /* remaining free size */
431 uint8_t sector_id, /* sector to read */
432 near_bool_t trailer, /* Add trailer or not */
435 struct mifare_cookie *mf_ck = cookie;
441 /* Prepare call values */
442 mf_ck->rs_pmem = pmem; /* where to store */
443 mf_ck->rs_max_length = memsize; /* max size to store */
444 mf_ck->rs_length = 0; /* no bytes yet */
445 mf_ck->rws_completed = 0; /* blocks read */
447 /* According to tag size, compute the correct block offset */
448 if (sector_id < T4K_BOUNDARY)
449 mf_ck->rws_block_start = sector_id * 4; /* 1st block to read */
451 mf_ck->rws_block_start =
452 (sector_id - T4K_BOUNDARY) * 16 + T4K_BLK_OFF;
454 /* Find blocks_per_sect, according to position and trailer or not */
455 if (sector_id < T4K_BOUNDARY)
456 blocks_count = (STD_BLK_PER_SECT + trailer);
458 blocks_count = (EXT_BLK_PER_SECT + trailer);
460 mf_ck->rws_block_end = mf_ck->rws_block_start + blocks_count;
462 mf_ck->rws_next_fct = next_func; /* leaving function */
464 /* Being on the first block of a sector, unlock it */
465 err = mifare_unlock_sector(mf_ck->rws_block_start,
466 mifare_read_sector_unlocked, mf_ck);
471 static int mifare_read_NFC_loop(uint8_t *resp, int length, void *data)
473 struct mifare_cookie *mf_ck = data;
483 /* ptr to the next read ptr */
484 mf_ck->nfc_data = mf_ck->nfc_data + length;
486 /* remaining free mem */
487 mf_ck->nfc_data_length = mf_ck->nfc_data_length - length;
490 /* Additional sectors to read ? */;
491 if (mf_ck->g_sect_list != NULL && mf_ck->g_sect_list->next != NULL) {
493 err = mifare_read_sector(data, /* cookie */
494 mf_ck->nfc_data, /* where to store */
495 (int) mf_ck->nfc_data_length, /* global length */
496 GPOINTER_TO_INT(mf_ck->g_sect_list->data), /* id */
497 NO_TRAILER, /* Trailer ? */
498 mifare_read_NFC_loop); /* next function */
500 mf_ck->g_sect_list = g_slist_remove(mf_ck->g_sect_list,
501 mf_ck->g_sect_list->data);
509 size_t nfc_data_length;
513 nfc_data = near_tag_get_data(mf_ck->tag, &nfc_data_length);
514 if (nfc_data == NULL) {
519 records = near_tlv_parse(nfc_data, nfc_data_length);
520 near_tag_add_records(mf_ck->tag, records, mf_ck->cb, 0);
526 return mifare_release(err, mf_ck);
529 /* Prepare read NFC loop */
530 static int mifare_read_NFC(uint8_t *resp, int length, void *data)
532 struct mifare_cookie *mf_ck = data;
535 /* save tag memory pointer to data_block */
536 mf_ck->nfc_data = near_tag_get_data(mf_ck->tag,
537 &mf_ck->nfc_data_length);
539 /* First read here: */
540 err = mifare_read_sector(data, /* cookie */
541 mf_ck->nfc_data, /* where to store */
542 mf_ck->nfc_data_length, /* global length */
543 GPOINTER_TO_INT(mf_ck->g_sect_list->data), /* sector id */
544 NO_TRAILER, /* Don't want Trailer */
545 mifare_read_NFC_loop); /* next function */
547 mf_ck->g_sect_list = g_slist_remove(mf_ck->g_sect_list,
548 mf_ck->g_sect_list->data);
554 return mifare_release(err, mf_ck);
557 static int mifare_process_MADs(void *data)
559 struct mifare_cookie *mf_ck = data;
562 int global_tag_size = 0;
569 /* Parse MAD entries to get the global size and fill the array */
570 if (mf_ck->mad_1 == NULL) {
575 /* Skip non-NFC sectors at the beginning of the tag, if any */
576 for (i = 0 ; i < MAD_V1_AIDS_LEN; i++) {
577 if (mf_ck->mad_1->aids[i] == NFC_AID_TAG)
582 * NFC sectors have to be continuous,
583 * so only some sectors at the beginning and at the end of tag
586 for (; i < MAD_V1_AIDS_LEN; i++) {
587 if (mf_ck->mad_1->aids[i] != NFC_AID_TAG)
590 /* Save in the global list */
591 mf_ck->g_sect_list = g_slist_append(mf_ck->g_sect_list,
592 GINT_TO_POINTER(i + 1));
593 global_tag_size += SECTOR_SIZE;
597 ioffset = MAD_V1_AIDS_LEN + 1 + 1; /* skip 0x10 */
598 if (mf_ck->mad_2 == NULL)
602 * If all sectors from MAD1 were non-NFC,
603 * skip initial non-NFC sectors from MAD2
607 if (global_tag_size == 0)
608 for (; i < MAD_V2_AIDS_LEN; i++)
609 if (mf_ck->mad_2->aids[i] == NFC_AID_TAG)
612 for (; i < MAD_V2_AIDS_LEN; i++) {
613 if (mf_ck->mad_2->aids[i] != NFC_AID_TAG)
616 mf_ck->g_sect_list = g_slist_append( mf_ck->g_sect_list,
617 GINT_TO_POINTER(ioffset + i));
618 if (i < EXT_BLK_PER_SECT)
619 global_tag_size += SECTOR_SIZE;
621 global_tag_size += BIG_SECTOR_SIZE;
625 if (global_tag_size == 0) {
627 /* no NFC sectors - mark tag as blank */
628 near_error("TAG Global size: [%d], not valid NFC tag.",
633 /* n sectors, each sector is 3 blocks, each block is 16 bytes */
634 DBG("TAG Global size: [%d]", global_tag_size);
636 mf_ck->tag = near_tag_get_tag(mf_ck->adapter_idx, mf_ck->target_idx);
637 if (mf_ck->tag == NULL) {
642 /* don't allocate new data before writing */
643 tag_data = near_tag_get_data(mf_ck->tag, &data_size);
644 if (tag_data == NULL) {
645 err = near_tag_add_data(mf_ck->adapter_idx,
654 /* Check access rights */
655 err = mf_ck->acc_check_function(data);
663 return mifare_release(err, mf_ck);
666 /* Transitional function - async */
667 static int read_MAD2_complete(uint8_t *empty, int iempty, void *data)
669 return mifare_process_MADs(data);
672 /* This function reads the MAD2 sector */
673 static int mifare_read_MAD2(void *data)
675 struct mifare_cookie *mf_ck = data;
680 /* As auth is ok, allocate Mifare Access Directory v1 */
681 mf_ck->mad_2 = g_try_malloc0(STD_SECTOR_SIZE);
682 if (mf_ck->mad_2 == NULL) {
683 near_error("Memory allocation failed (MAD2)");
688 err = mifare_read_sector(data,
689 (uint8_t *) mf_ck->mad_2,
690 (int) STD_SECTOR_SIZE,
691 MAD2_SECTOR, /* sector 0x10 */
692 WITH_TRAILER, /* Want Trailer */
700 return mifare_release(err, mf_ck);
704 * This function checks, in MAD1, if there's a MAD2 directory
705 * available. This is is the case for 2K and 4K tag
706 * If MAD2 exists, read it, elsewhere process the current MAD
708 static int read_MAD1_complete(uint8_t *empty, int iempty, void *data)
710 struct mifare_cookie *mf_ck = data;
715 /* Check if there's a need to get MAD2 sector */
716 if ((mf_ck->mad_1->GPB & 0x03) == MAD2_GPB_BITS)
717 err = mifare_read_MAD2(mf_ck);
719 err = mifare_process_MADs(data);
725 * Function called to read the first MAD sector
728 static int mifare_read_MAD1(uint8_t *resp, int length, void *data)
730 struct mifare_cookie *mf_ck = data;
733 DBG("%p %d", data, length);
741 * As auth is ok, allocate Mifare Access Directory v1
742 * allocated size is also STD_SECTOR_SIZE
744 mf_ck->mad_1 = g_try_malloc0(STD_SECTOR_SIZE);
745 if (mf_ck->mad_1 == NULL) {
746 near_error("Memory allocation failed (MAD1)");
751 /* Call to mifare_read_sector */
752 err = mifare_read_sector(data,
753 (uint8_t *)mf_ck->mad_1, /* where to store */
754 (int) STD_SECTOR_SIZE, /* allocated size */
755 MAD1_SECTOR, /* sector 0 */
756 WITH_TRAILER, /* Want Trailer */
764 return mifare_release(err, mf_ck);
767 /* If first NFC sector isn't writable, mark whole tag as read only */
768 static int is_read_only(void *data)
770 struct mifare_cookie *mf_ck = data;
772 DBG("Tag is read only");
774 near_tag_set_ro(mf_ck->tag, TRUE);
776 /* Continue previous action (read) */
777 (*mf_ck->rws_next_fct)(NULL, 0, data);
783 static int mifare_check_read_only(void *data)
785 struct mifare_cookie *mf_ck = data;
791 * As authorisation with key B is not supported,
792 * in case writing with key A is not permitted, tag is read-only
794 mf_ck->acc_bits_mask = DATA_access_mask;
795 mf_ck->acc_rights = WRITE_with_key_A;
797 /* Check acces rights of first NFC sector */
798 mf_ck->rws_block_start = NFC_1ST_BLOCK + STD_BLK_PER_SECT;
799 /* Afterwards read tag */
800 mf_ck->rws_next_fct = mifare_read_NFC;
801 /* In case of writing access denial, set read only */
802 mf_ck->acc_denied_fct = is_read_only;
804 err = mifare_unlock_sector(mf_ck->rws_block_start,
805 mifare_check_rights, mf_ck);
808 return mifare_release(err, mf_ck);
814 * MIFARE: entry point:
815 * Read all the MAD sectors (0x00, 0x10) to get the Application Directory
817 * On sector 0x00, App. directory is on block 0x01 & block 0x02
818 * On sector 0x10, App. directory is on block 0x40, 0x41 & 0x42
819 * On reading, CRC is ignored.
821 int mifare_read(uint32_t adapter_idx, uint32_t target_idx,
822 near_tag_io_cb cb, enum near_tag_sub_type tgt_subtype)
824 struct mifare_cookie *cookie;
829 /*Check supported and tested Mifare type */
830 switch (tgt_subtype) {
831 case NEAR_TAG_NFC_T2_MIFARE_CLASSIC_1K:
832 case NEAR_TAG_NFC_T2_MIFARE_CLASSIC_4K:
835 near_error("Mifare tag type [%d] not supported.", tgt_subtype);
839 /* Alloc global cookie */
840 cookie = g_try_malloc0(sizeof(struct mifare_cookie));
845 cookie->nfcid1 = near_tag_get_nfcid(adapter_idx, target_idx,
846 &cookie->nfcid1_len);
847 cookie->adapter_idx = adapter_idx;
848 cookie->target_idx = target_idx;
851 /* check access rights - while reading just check read only */
852 cookie->acc_check_function = mifare_check_read_only;
855 * Need to unlock before reading
856 * This will check if public keys are allowed (and, so, NDEF could
859 err = mifare_unlock_sector(MAD1_1ST_BLOCK, /* related block */
860 mifare_read_MAD1, /* callback function */
861 cookie); /* target data */
863 return mifare_release(err, cookie);
868 static int check_presence(uint8_t *resp, int length, void *data)
870 struct mifare_cookie *cookie = data;
881 cookie->cb(cookie->adapter_idx, cookie->target_idx, err);
884 return mifare_release(err, cookie);
887 int mifare_check_presence(uint32_t adapter_idx, uint32_t target_idx,
888 near_tag_io_cb cb, enum near_tag_sub_type tgt_subtype)
890 struct mifare_cmd cmd;
891 struct mifare_cookie *cookie;
892 uint8_t *key_ref = MAD_public_key;
896 /* Check supported and tested Mifare type */
897 switch (tgt_subtype) {
898 case NEAR_TAG_NFC_T2_MIFARE_CLASSIC_1K:
899 case NEAR_TAG_NFC_T2_MIFARE_CLASSIC_4K:
902 near_error("Mifare tag type %d not supported.", tgt_subtype);
906 /* Alloc global cookie */
907 cookie = g_try_malloc0(sizeof(struct mifare_cookie));
912 cookie->nfcid1 = near_tag_get_nfcid(adapter_idx, target_idx,
913 &cookie->nfcid1_len);
914 cookie->adapter_idx = adapter_idx;
915 cookie->target_idx = target_idx;
919 * To check presence of Mifare Classic Tag,
920 * send authentication command instead of read one
922 cmd.cmd = MF_CMD_AUTH_KEY_A;
924 /* Authenticate the 1st block of the MAD sector */
925 cmd.block = MAD1_1ST_BLOCK;
927 /* Store the AUTH KEY */
928 memcpy(&cmd.key, key_ref, MAD_KEY_LEN);
931 memcpy(&cmd.nfcid, cookie->nfcid1, cookie->nfcid1_len);
933 return near_adapter_send(cookie->adapter_idx,
935 sizeof(cmd) - NFC_NFCID1_MAXSIZE + cookie->nfcid1_len,
937 cookie, mifare_release);
941 * Common MIFARE Block write:
942 * Each call will write 16 bytes to tag... so to write 1 sector,
943 * it has to be called it 4 or 16 times (minus 1 for the trailer block)
945 static int mifare_write_block(uint8_t block_id, void *data,
948 struct mf_write_cmd cmd;
949 struct mifare_cookie *mf_ck = data;
951 memset(&cmd, 0, sizeof(cmd));
952 cmd.cmd = MF_CMD_WRITE; /* MIFARE WRITE */
953 cmd.block = block_id;
955 if ((mf_ck->ndef->offset + DEFAULT_BLOCK_SIZE) <
956 mf_ck->ndef->length) {
957 memcpy(cmd.data, mf_ck->ndef->data +
958 mf_ck->ndef->offset, DEFAULT_BLOCK_SIZE);
959 mf_ck->ndef->offset += DEFAULT_BLOCK_SIZE;
961 memcpy(cmd.data, mf_ck->ndef->data + mf_ck->ndef->offset,
962 mf_ck->ndef->length - mf_ck->ndef->offset);
963 mf_ck->ndef->offset = mf_ck->ndef->length + 1;
966 return near_adapter_send(mf_ck->adapter_idx,
967 (uint8_t *) &cmd, sizeof(cmd),
968 far_func, data, NULL);
971 static int mifare_correct_length_cb(uint8_t *resp, int length, void *data)
973 struct mifare_cookie *mf_ck = data;
978 mf_ck->cb(mf_ck->adapter_idx, mf_ck->target_idx, 0);
980 return mifare_release(0, mf_ck);
983 /* After writing ndef message, its length has to be updated */
984 static int mifare_correct_length(uint8_t *resp, int length, void *data)
986 struct mifare_cookie *mf_ck = data;
990 /* Correct length field */
991 mf_ck->ndef->data[1] = mf_ck->ndef_length;
992 /* and ndef offset so it points to the beginning */
993 mf_ck->ndef->offset = 0;
995 /* Run the write process only on the first block of the sector */
996 return mifare_write_block(NFC_1ST_BLOCK, mf_ck,
997 mifare_correct_length_cb);
1000 static int mifare_write_sector_cb(uint8_t *resp, int length, void *data)
1002 struct mifare_cookie *mf_ck = data;
1006 mf_ck->rws_completed = mf_ck->rws_completed + 1;
1008 /* Check if it's the last block */
1009 if ((mf_ck->rws_block_start + mf_ck->rws_completed)
1010 < mf_ck->rws_block_end) {
1011 /* then check if there's still data to write */
1012 if (mf_ck->ndef->offset < mf_ck->ndef->length)
1013 err = mifare_write_block(
1014 mf_ck->rws_block_start + mf_ck->rws_completed,
1015 data, mifare_write_sector_cb);
1017 /* No more Data to write */
1018 /* Correct length of the ndef message */
1019 err = mifare_unlock_sector(NFC_1ST_BLOCK,
1020 mifare_correct_length, mf_ck);
1022 /* Process the callback */
1023 err = (*mf_ck->rws_next_fct)(resp, length, data);
1027 return mifare_release(err, mf_ck);
1033 static int mifare_write_sector_unlocked(uint8_t *resp, int length, void *data)
1035 struct mifare_cookie *mf_ck = data;
1043 /* Run the write process on the first block of the sector */
1044 err = mifare_write_block(mf_ck->rws_block_start, data,
1045 mifare_write_sector_cb);
1052 return mifare_release(err, mf_ck);
1056 * This function writes a complete sector, using block per block function.
1057 * sector sizes can be:
1059 * 48 bytes: 3*16 (no trailer)
1061 * 240 bytes: 15*16 (no trailer)
1063 * Unlock is done at the beginning of each sector.
1065 static int mifare_write_sector(void *cookie,
1066 uint8_t sector_id, /* sector to write */
1067 near_recv next_func)
1069 struct mifare_cookie *mf_ck = cookie;
1074 /* Prepare call values */
1076 /* According to tag size, compute the correct block offset */
1077 if (sector_id < T4K_BOUNDARY)
1078 mf_ck->rws_block_start = sector_id * STD_BLK_SECT_TRAILER;
1080 mf_ck->rws_block_start = T4K_BLK_OFF +
1081 (sector_id - T4K_BOUNDARY) * EXT_BLK_SECT_TRAILER;
1083 /* Find blocks_per_sect, according to position, no trailer */
1084 if (sector_id < T4K_BOUNDARY)
1085 blocks_count = STD_BLK_PER_SECT;
1087 blocks_count = EXT_BLK_PER_SECT;
1089 mf_ck->rws_block_end = mf_ck->rws_block_start + blocks_count;
1090 mf_ck->rws_completed = 0;
1091 mf_ck->rws_next_fct = next_func;
1093 /* Being on the first block of the sector, unlock it */
1094 return mifare_unlock_sector(mf_ck->rws_block_start,
1095 mifare_write_sector_unlocked, mf_ck);
1098 static int mifare_write_NFC_loop(uint8_t *resp, int length, void *data)
1100 struct mifare_cookie *mf_ck = data;
1103 if (length < 0 || resp[0] != 0) {
1108 /* Something more to write? */;
1109 if (mf_ck->ndef->offset < mf_ck->ndef->length) {
1110 err = mifare_write_sector(data, /* cookie */
1111 GPOINTER_TO_INT(mf_ck->g_sect_list->data),
1112 mifare_write_NFC_loop); /* next function */
1114 mf_ck->g_sect_list = g_slist_remove(mf_ck->g_sect_list,
1115 mf_ck->g_sect_list->data);
1121 /* Correct length of an NDEF message */
1122 err = mifare_unlock_sector(NFC_1ST_BLOCK,
1123 mifare_correct_length, mf_ck);
1131 return mifare_release(err, mf_ck);
1134 static int mifare_write_NFC(void *data)
1136 struct mifare_cookie *mf_ck = data;
1141 mf_ck->rws_completed = 0; /* written blocks */
1143 /* First write here: */
1144 err = mifare_write_sector(data, /* cookie */
1145 GPOINTER_TO_INT(mf_ck->g_sect_list->data), /* sector id */
1146 mifare_write_NFC_loop); /* next function */
1148 mf_ck->g_sect_list = g_slist_remove(mf_ck->g_sect_list,
1149 mf_ck->g_sect_list->data);
1152 return mifare_release(err, mf_ck);
1157 static int mifare_check_rights_loop(uint8_t *resp, int length, void *data)
1159 struct mifare_cookie *mf_ck = data;
1163 if (mf_ck->acc_sect->next != NULL) {
1165 mf_ck->acc_sect = mf_ck->acc_sect->next;
1166 sector_id = GPOINTER_TO_INT(mf_ck->acc_sect->data);
1168 if (sector_id < T4K_BOUNDARY)
1169 mf_ck->rws_block_start = sector_id * 4
1172 mf_ck->rws_block_start = T4K_BLK_OFF + EXT_BLK_PER_SECT
1173 + (sector_id - T4K_BOUNDARY) * 16;
1175 err = mifare_unlock_sector(mf_ck->rws_block_start,
1176 mifare_check_rights, mf_ck);
1178 /* Full access granted, start writing */
1179 err = mifare_write_NFC(data);
1183 return mifare_release(err, mf_ck);
1190 * If one of NFC sectors isn't writable,
1191 * tag size for writing is smaller than actual memory size,
1192 * so calculate it and check if it is enough for ndef message.
1194 static int writing_not_permitted(void *data)
1196 struct mifare_cookie *mf_ck = data;
1197 unsigned int new_tag_size = 0;
1201 sector_id = GPOINTER_TO_INT(mf_ck->acc_sect->data);
1202 DBG("Writing sector %i not permitted", sector_id);
1204 /* Read only sector found, calculate new tag size */
1205 if (sector_id <= MAD_V1_AIDS_LEN) {
1206 for (i = GPOINTER_TO_INT(mf_ck->g_sect_list->data);
1208 new_tag_size += SECTOR_SIZE;
1210 /* Start from first NFC sector */
1211 for (i = GPOINTER_TO_INT(mf_ck->g_sect_list->data);
1212 i <= MAD_V1_AIDS_LEN; i++)
1213 new_tag_size += SECTOR_SIZE;
1216 * If any of previous sector was NFC, skip MAD2
1217 * If not, leave "i" as it was
1219 if (i < MAD2_SECTOR)
1220 i = MAD2_SECTOR + 1;
1222 for (; i < sector_id; i++) {
1223 if (i < T4K_BOUNDARY)
1224 new_tag_size += SECTOR_SIZE;
1226 new_tag_size += BIG_SECTOR_SIZE;
1230 DBG("TAG writable sectors' size: [%d].", new_tag_size);
1232 /* Check if there's enough space on tag */
1233 if (new_tag_size < mf_ck->ndef->length) {
1234 near_error("Not enough space on tag");
1237 mf_ck->cb(mf_ck->adapter_idx,
1238 mf_ck->target_idx, -ENOSPC);
1240 mifare_release(0, data);
1244 /* Enough space on tag, continue writing */
1245 mifare_write_NFC(data);
1250 static int mifare_check_rights_NFC(void *data)
1252 struct mifare_cookie *mf_ck = data;
1258 * As authorisation with key B is not supported,
1259 * in case writing with key A is not permitted, tag is read-only
1261 mf_ck->acc_bits_mask = DATA_access_mask;
1262 mf_ck->acc_rights = WRITE_with_key_A;
1264 mf_ck->acc_sect = mf_ck->g_sect_list;
1265 mf_ck->rws_block_start = NFC_1ST_BLOCK + STD_BLK_PER_SECT;
1266 mf_ck->rws_next_fct = mifare_check_rights_loop;
1268 mf_ck->acc_denied_fct = writing_not_permitted;
1269 err = mifare_unlock_sector(mf_ck->rws_block_start,
1270 mifare_check_rights, mf_ck);
1273 return mifare_release(err, mf_ck);
1278 int mifare_write(uint32_t adapter_idx, uint32_t target_idx,
1279 struct near_ndef_message *ndef,
1280 near_tag_io_cb cb, enum near_tag_sub_type tgt_subtype)
1282 struct mifare_cookie *cookie;
1283 struct near_tag *tag;
1289 /* Check supported and tested Mifare type */
1290 switch (tgt_subtype) {
1291 case NEAR_TAG_NFC_T2_MIFARE_CLASSIC_1K:
1292 case NEAR_TAG_NFC_T2_MIFARE_CLASSIC_4K:
1295 near_error("Mifare tag type %d not supported.", tgt_subtype);
1299 /* Check if there's enough space on tag */
1300 tag = near_tag_get_tag(adapter_idx, target_idx);
1301 near_tag_get_data(tag, &tag_size);
1303 if (tag_size < ndef->length) {
1304 near_error("Not enough space on tag");
1308 /* Alloc global cookie */
1309 cookie = g_try_malloc0(sizeof(struct mifare_cookie));
1313 /* Get the nfcid1 */
1314 cookie->nfcid1 = near_tag_get_nfcid(adapter_idx, target_idx,
1315 &cookie->nfcid1_len);
1316 cookie->adapter_idx = adapter_idx;
1317 cookie->target_idx = target_idx;
1320 cookie->ndef = ndef;
1321 /* Save ndef length */
1322 cookie->ndef_length = cookie->ndef->data[1];
1323 cookie->ndef->data[1] = 0;
1326 * Check if all sectors are writable
1327 * if not, message may be too long to be written
1329 cookie->acc_check_function = mifare_check_rights_NFC;
1332 * Mifare Classic Tag needs to be unlocked before writing
1333 * This will check if public keys are allowed (NDEF could be "readable")
1335 err = mifare_unlock_sector(MAD1_1ST_BLOCK, /* related block */
1336 mifare_read_MAD1, /* callback */
1337 cookie); /* target data */
1340 return mifare_release(err, cookie);