3 * neard - Near Field Communication manager
5 * Copyright (C) 2011 Intel Corporation. All rights reserved.
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License version 2 as
9 * published by the Free Software Foundation.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
29 #include <sys/socket.h>
31 #include <linux/socket.h>
32 #include <linux/nfc.h>
34 #include <near/plugin.h>
36 #include <near/types.h>
37 #include <near/adapter.h>
38 #include <near/target.h>
40 #include <near/ndef.h>
43 #define CMD_READ_ALL 0x00 /* Read seg 0 (incl: HR) */
44 #define CMD_READ_SEGS 0x10 /* Read 16 blocks (128 bytes) */
46 #define CMD_WRITE_E 0x53 /* Write with erase */
47 #define CMD_WRITE_NE 0x1A /* Write no erase */
49 #define OFFSET_STATUS_CMD 0x00
50 #define OFFSET_HEADER_ROM 0x01
52 #define HR0_TYPE1_STATIC 0x11
53 #define HR0_TYPE2_HIGH 0x10
54 #define HR0_TYPE2_LOW 0x0F
57 #define LEN_STATUS_BYTE 0x01 /* Status byte */
58 #define LEN_SPEC_BYTES (LEN_STATUS_BYTE + 0x02) /* HRx */
59 #define LEN_UID_BYTES (LEN_STATUS_BYTE + 0x07) /* UID bytes */
60 #define LEN_CC_BYTES 0x04 /* Capab. container */
61 #define LEN_DYN_BYTES 0x0A /* Bytes CtrlIT and TLV - Dyn. only */
63 #define TYPE1_MAGIC 0xe1
65 #define TAG_T1_DATA_CC(data) ((data) + LEN_SPEC_BYTES + LEN_UID_BYTES)
66 #define TAG_T1_DATA_LENGTH(cc) ((cc[2] + 1) * 8 - LEN_CC_BYTES)
68 #define TAG_T1_DATA_NFC(cc) ((cc)[0] & TYPE1_MAGIC)
70 #define TYPE1_NOWRITE_ACCESS 0x0F
71 #define TAG_T1_WRITE_FLAG(cc) ((cc)[3] & TYPE1_NOWRITE_ACCESS)
72 #define TAG_T1_SEGMENT_SIZE 128
74 #define TYPE1_STATIC_MAX_DATA_SIZE 0x60
80 } __attribute__((packed));
84 uint16_t current_block;
96 uint32_t current_block; /* Static tag */
97 uint32_t current_byte; /* Static tag */
98 struct near_ndef_message *ndef;
102 static void t1_cookie_release(struct t1_cookie *cookie)
108 g_free(cookie->ndef->data);
110 g_free(cookie->ndef);
115 /* Read segments (128 bytes)and store them to the tag data block */
116 static int segment_read_recv(uint8_t *resp, int length, void *data)
118 struct type1_tag *t1_tag = data;
119 struct type1_cmd t1_cmd;
132 length = length - LEN_STATUS_BYTE; /* ignore first byte */
134 /* Add data to tag mem*/
135 tagdata = near_tag_get_data(t1_tag->tag, &data_length);
136 memcpy(tagdata + t1_tag->data_read, resp+1, length);
139 t1_tag->data_read = t1_tag->data_read + length;
140 t1_tag->current_seg = t1_tag->current_seg + 1;
142 if (t1_tag->current_seg <= t1_tag->last_seg) {
144 t1_cmd.cmd = CMD_READ_SEGS;
145 t1_cmd.addr = (t1_tag->current_seg << 4) & 0xFF;
147 err = near_adapter_send(t1_tag->adapter_idx,
148 (uint8_t *)&t1_cmd, sizeof(t1_cmd),
149 segment_read_recv, t1_tag);
152 } else { /* This is the end */
153 DBG("READ complete");
155 err = near_tlv_parse(t1_tag->tag, t1_tag->cb);
165 /* The dynamic read function:
167 * [4..8]: TLV Lock ControlIT (0x01, 0x03, v1, V2, V3)
168 * [9..13]: TLV Reserved Memory Control (0x02, 0x03, V1, V2, V3)
169 * [14..]: TLV NDEF (0x03, L0, L1, L2, V1,V2 ...)
171 static int read_dynamic_tag(uint8_t *cc, int length, void *data)
173 struct type1_tag *t1_tag = data;
174 struct type1_cmd t1_cmd;
182 tagdata = near_tag_get_data(t1_tag->tag, &data_length);
184 /* Skip un-needed bytes */
185 pndef = cc + 4; /* right after CC bytes */
186 pndef = pndef + 5; /* skip TLV Lock bits bytes */
187 pndef = pndef + 5; /* skip TLV ControlIT bytes */
189 /* Save first NFC bytes to tag memory
190 * 10 blocks[0x3..0xC] of 8 bytes + 2 bytes from block 2
192 memcpy(tagdata, pndef, 10 * BLOCK_SIZE + 2);
194 /* Read the next one, up to the end of the data area */
195 t1_tag->current_seg = 1;
196 t1_tag->last_seg = ((cc[2] * BLOCK_SIZE) / TAG_T1_SEGMENT_SIZE);
197 t1_tag->data_read = 10 * BLOCK_SIZE + 2;
199 /* T1 read segment */
200 t1_cmd.cmd = CMD_READ_SEGS;
201 /* 5.3.3 ADDS operand is [b8..b5] */
202 t1_cmd.addr = (t1_tag->current_seg << 4) & 0xFF;
204 return near_adapter_send(t1_tag->adapter_idx,
205 (uint8_t *)&t1_cmd, sizeof(t1_cmd),
206 segment_read_recv, t1_tag);
209 static int meta_recv(uint8_t *resp, int length, void *data)
211 struct t1_cookie *cookie = data;
212 struct near_tag *tag;
213 struct type1_tag *t1_tag = NULL;
216 int err = -EOPNOTSUPP;
225 /* First byte is cmd status */
226 if (resp[OFFSET_STATUS_CMD] != 0) {
227 DBG("Command failed: 0x%x",resp[OFFSET_STATUS_CMD]);
232 /* Check Magic NFC tag */
233 cc = TAG_T1_DATA_CC(resp);
234 if (TAG_T1_DATA_NFC(cc) == 0) {
235 DBG("Not a valid NFC magic tag: 0x%x",cc[0]);
240 /* Add data to the tag */
241 err = near_tag_add_data(cookie->adapter_idx, cookie->target_idx,
242 NULL, TAG_T1_DATA_LENGTH(cc));
246 tag = near_tag_get_tag(cookie->adapter_idx, cookie->target_idx);
252 t1_tag = g_try_malloc0(sizeof(struct type1_tag));
253 if (t1_tag == NULL) {
260 t1_tag->adapter_idx = cookie->adapter_idx;
261 t1_tag->cb = cookie->cb;
264 /*s Set the ReadWrite flag */
265 if (TAG_T1_WRITE_FLAG(cc) == TYPE1_NOWRITE_ACCESS)
266 near_tag_set_ro(tag, TRUE);
268 near_tag_set_ro(tag, FALSE);
270 /* Check Static or Dynamic memory model */
271 if (resp[OFFSET_HEADER_ROM] == HR0_TYPE1_STATIC) {
275 DBG("READ Static complete");
277 tagdata = near_tag_get_data(t1_tag->tag, &data_length);
278 memcpy(tagdata, cc + LEN_CC_BYTES, TAG_T1_DATA_LENGTH(cc));
280 near_tag_set_memory_layout(tag, NEAR_TAG_MEMORY_STATIC);
282 err = near_tlv_parse(t1_tag->tag, t1_tag->cb);
289 } else if ((resp[OFFSET_HEADER_ROM] & 0xF0) == HR0_TYPE2_HIGH) {
290 near_tag_set_memory_layout(tag, NEAR_TAG_MEMORY_DYNAMIC);
291 err = read_dynamic_tag(cc, length, t1_tag);
299 if (err < 0 && cookie->cb)
300 cookie->cb(cookie->adapter_idx, cookie->target_idx, err);
302 t1_cookie_release(cookie);
309 /* First step: READALL to read a maximum of 124 bytes
310 * This cmd is common to static and dynamic targets
311 * This should allow to get the HR0 byte
313 static int nfctype1_read_tag(uint32_t adapter_idx,
314 uint32_t target_idx, near_tag_io_cb cb)
316 struct type1_cmd t1_cmd;
317 struct t1_cookie *cookie;
321 t1_cmd.cmd = CMD_READ_ALL; /* Read ALL cmd give 124 bytes */
322 t1_cmd.addr = 0; /* NA */
324 cookie = g_try_malloc0(sizeof(struct t1_cookie));
325 cookie->adapter_idx = adapter_idx;
326 cookie->target_idx = target_idx;
329 return near_adapter_send(adapter_idx, (uint8_t *)&t1_cmd, sizeof(t1_cmd),
334 static int write_nmn_e1_resp(uint8_t *resp, int length, void *data)
337 struct t1_cookie *cookie = data;
344 if (resp[OFFSET_STATUS_CMD] != 0)
349 cookie->cb(cookie->adapter_idx, cookie->target_idx, err);
351 t1_cookie_release(cookie);
356 static int write_nmn_e1(struct t1_cookie *cookie)
358 struct type1_cmd cmd;
362 cmd.cmd = CMD_WRITE_E;
364 cmd.data[0] = TYPE1_MAGIC;
366 return near_adapter_send(cookie->adapter_idx, (uint8_t *)&cmd,
367 sizeof(cmd), write_nmn_e1_resp, cookie);
370 static int data_write(uint8_t *resp, int length, void *data)
372 struct t1_cookie *cookie = data;
374 struct type1_cmd cmd;
384 if (resp[OFFSET_STATUS_CMD] != 0) {
389 if (cookie->ndef->offset > cookie->ndef->length)
390 return write_nmn_e1(cookie);
392 if (cookie->current_byte >= BLOCK_SIZE) {
393 cookie->current_byte = 0;
394 cookie->current_block++;
397 cmd.cmd = CMD_WRITE_E;
398 addr = cookie->current_block << 3;
399 cmd.addr = addr | (cookie->current_byte & 0x7);
400 cmd.data[0] = cookie->ndef->data[cookie->ndef->offset];
401 cookie->ndef->offset++;
402 cookie->current_byte++;
404 err = near_adapter_send(cookie->adapter_idx, (uint8_t *)&cmd,
405 sizeof(cmd), data_write, cookie);
412 if (err < 0 && cookie->cb)
413 cookie->cb(cookie->adapter_idx, cookie->target_idx, err);
415 t1_cookie_release(cookie);
420 static int write_nmn_0(uint32_t adapter_idx, uint32_t target_idx,
421 struct near_ndef_message *ndef, near_tag_io_cb cb)
424 struct type1_cmd cmd;
425 struct t1_cookie *cookie;
429 cmd.cmd = CMD_WRITE_E;
433 cookie = g_try_malloc0(sizeof(struct t1_cookie));
434 if (cookie == NULL) {
439 cookie->adapter_idx = adapter_idx;
440 cookie->target_idx = target_idx;
441 cookie->current_block = 1;
442 cookie->current_byte = LEN_CC_BYTES;
446 err = near_adapter_send(cookie->adapter_idx, (uint8_t *)&cmd,
447 sizeof(cmd), data_write, cookie);
454 t1_cookie_release(cookie);
460 * The writing of a new NDEF message SHALL occur as follows:
461 * Write NMN = 00h to indicate that no valid NDEF message is present
462 * during writing to allow error detection in the event that the tag
463 * is removed from the field prior to completion of operation.
464 * Write VNo and RWA if required
465 * Write NDEF Message TLV
466 * Write NDEF Message data
467 * Write NMN = E1h as the last byte to be written
469 static int nfctype1_write_tag(uint32_t adapter_idx, uint32_t target_idx,
470 struct near_ndef_message *ndef,
473 struct near_tag *tag;
477 if (ndef == NULL || cb == NULL)
480 tag = near_tag_get_tag(adapter_idx, target_idx);
484 if (near_tag_get_ro(tag) == TRUE) {
485 DBG("tag is read-only");
489 /* This check is valid for only static tags.
490 * Max data length on Type 2 Tag including TLV's
491 * is TYPE1_STATIC_MAX_DATA_SIZE */
492 if (near_tag_get_memory_layout(tag) == NEAR_TAG_MEMORY_STATIC) {
493 if ((ndef->length + 3) > TYPE1_STATIC_MAX_DATA_SIZE) {
494 near_error("not enough space on data");
499 return write_nmn_0(adapter_idx, target_idx, ndef, cb);
502 static int check_presence(uint8_t *resp, int length, void *data)
504 struct t1_cookie *cookie = data;
513 cookie->cb(cookie->adapter_idx,
514 cookie->target_idx, err);
516 t1_cookie_release(cookie);
521 static int nfctype1_check_presence(uint32_t adapter_idx,
522 uint32_t target_idx, near_tag_io_cb cb)
524 struct type1_cmd t1_cmd;
525 struct t1_cookie *cookie;
530 t1_cmd.cmd = CMD_READ_ALL; /* Read ALL cmd give 124 bytes */
531 t1_cmd.addr = 0; /* NA */
533 cookie = g_try_malloc0(sizeof(struct t1_cookie));
537 cookie->adapter_idx = adapter_idx;
538 cookie->target_idx = target_idx;
541 err = near_adapter_send(adapter_idx, (uint8_t *)&t1_cmd, sizeof(t1_cmd),
542 check_presence, cookie);
549 t1_cookie_release(cookie);
554 static struct near_tag_driver type1_driver = {
555 .type = NFC_PROTO_JEWEL,
556 .priority = NEAR_TAG_PRIORITY_DEFAULT,
557 .read_tag = nfctype1_read_tag,
558 .add_ndef = nfctype1_write_tag,
559 .check_presence = nfctype1_check_presence,
562 static int nfctype1_init(void)
566 return near_tag_driver_register(&type1_driver);
569 static void nfctype1_exit(void)
573 near_tag_driver_unregister(&type1_driver);
576 NEAR_PLUGIN_DEFINE(nfctype1, "NFC Forum Type 1 tags support", VERSION,
577 NEAR_PLUGIN_PRIORITY_HIGH, nfctype1_init, nfctype1_exit)