3 * neard - Near Field Communication manager
5 * Copyright (C) 2011 Intel Corporation. All rights reserved.
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License version 2 as
9 * published by the Free Software Foundation.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
29 #include <sys/socket.h>
31 #include <linux/socket.h>
32 #include <linux/nfc.h>
34 #include <near/plugin.h>
36 #include <near/types.h>
37 #include <near/adapter.h>
39 #include <near/ndef.h>
42 #define CMD_READ_ALL 0x00 /* Read seg 0 (incl: HR) */
43 #define CMD_READ_SEGS 0x10 /* Read 16 blocks (128 bytes) */
44 #define CMD_RID 0x78 /* Read tag UID */
46 #define CMD_WRITE_E 0x53 /* Write with erase */
47 #define CMD_WRITE_NE 0x1A /* Write no erase */
49 #define OFFSET_STATUS_CMD 0x00
50 #define OFFSET_HEADER_ROM 0x01
52 #define HR0_TYPE1_STATIC 0x11
53 #define HR0_TYPE2_HIGH 0x10
54 #define HR0_TYPE2_LOW 0x0F
57 #define LEN_STATUS_BYTE 0x01 /* Status byte */
58 #define LEN_SPEC_BYTES (LEN_STATUS_BYTE + 0x02) /* HRx */
59 #define LEN_UID_BYTES (LEN_STATUS_BYTE + 0x07) /* UID bytes */
60 #define LEN_CC_BYTES 0x04 /* Capab. container */
61 #define LEN_DYN_BYTES 0x0A /* Bytes CtrlIT and TLV - Dyn. only */
63 #define TYPE1_MAGIC 0xe1
65 #define TAG_T1_DATA_UID(data) ((data) + LEN_SPEC_BYTES)
66 #define TAG_T1_DATA_CC(data) ((data) + LEN_SPEC_BYTES + LEN_UID_BYTES)
67 #define TAG_T1_DATA_LENGTH(cc) ((cc[2] + 1) * 8 - LEN_CC_BYTES)
69 #define TAG_T1_DATA_NFC(cc) ((cc)[0] & TYPE1_MAGIC)
71 #define TYPE1_NOWRITE_ACCESS 0x0F
72 #define TAG_T1_WRITE_FLAG(cc) ((cc)[3] & TYPE1_NOWRITE_ACCESS)
73 #define TAG_T1_SEGMENT_SIZE 128
75 #define TYPE1_STATIC_MAX_DATA_SIZE 0x60
79 #define TYPE1_TAG_VER_1_1 0x11
80 #define TYPE1_TAG_STATIC_SIZE_120 0x0E
81 #define TYPE1_READ_WRITE_ACCESS 0x00
82 #define TYPE1_STATIC_TAG_DATA_LENGTH 116
88 uint8_t uid[UID_LENGTH];
89 } __attribute__((packed));
93 uint16_t current_block;
97 uint8_t uid[UID_LENGTH];
100 struct near_tag *tag;
104 uint32_t adapter_idx;
106 uint8_t uid[UID_LENGTH];
107 uint32_t current_block; /* Static tag */
108 uint32_t current_byte; /* Static tag */
109 struct near_ndef_message *ndef;
111 uint8_t cc[LEN_CC_BYTES];
114 static void t1_init_cmd(struct type1_tag *tag, struct type1_cmd *cmd)
116 if (tag == NULL || cmd == NULL)
119 memcpy(cmd->uid, tag->uid, UID_LENGTH);
122 static int t1_cookie_release(int err, void *data)
124 struct t1_cookie *cookie = data;
132 g_free(cookie->ndef->data);
134 g_free(cookie->ndef);
141 /* Read segments (128 bytes) and store them to the tag data block */
142 static int data_recv(uint8_t *resp, int length, void *data)
144 struct type1_tag *t1_tag = data;
145 struct type1_cmd t1_cmd;
158 length = length - LEN_STATUS_BYTE; /* ignore first byte */
160 /* Add data to tag mem */
161 tagdata = near_tag_get_data(t1_tag->tag, &data_length);
162 memcpy(tagdata + t1_tag->data_read, resp + 1, length);
165 t1_tag->data_read = t1_tag->data_read + length;
166 t1_tag->current_seg = t1_tag->current_seg + 1;
168 if (t1_tag->current_seg <= t1_tag->last_seg) {
170 t1_init_cmd(t1_tag, &t1_cmd);
172 t1_cmd.cmd = CMD_READ_SEGS;
173 t1_cmd.addr = (t1_tag->current_seg << 4) & 0xFF;
175 err = near_adapter_send(t1_tag->adapter_idx,
176 (uint8_t *) &t1_cmd, sizeof(t1_cmd),
180 } else { /* This is the end */
183 DBG("READ complete");
185 records = near_tlv_parse(tagdata, data_length);
186 near_tag_add_records(t1_tag->tag, records, t1_tag->cb, 0);
199 * The dynamic read function:
201 * [4..8]: TLV Lock ControlIT (0x01, 0x03, v1, V2, V3)
202 * [9..13]: TLV Reserved Memory Control (0x02, 0x03, V1, V2, V3)
203 * [14..]: TLV NDEF (0x03, L0, L1, L2, V1,V2 ...)
205 static int read_dynamic_tag(uint8_t *cc, int length, void *data)
207 struct type1_tag *t1_tag = data;
208 struct type1_cmd t1_cmd;
216 tagdata = near_tag_get_data(t1_tag->tag, &data_length);
218 /* Skip un-needed bytes */
219 pndef = cc + 4; /* right after CC bytes */
220 pndef = pndef + 5; /* skip TLV Lock bits bytes */
221 pndef = pndef + 5; /* skip TLV ControlIT bytes */
224 * Save first NFC bytes to tag memory
225 * 10 blocks[0x3..0xC] of 8 bytes + 2 bytes from block 2
227 memcpy(tagdata, pndef, 10 * BLOCK_SIZE + 2);
229 /* Read the next one, up to the end of the data area */
230 t1_tag->current_seg = 1;
231 t1_tag->last_seg = ((cc[2] * BLOCK_SIZE) / TAG_T1_SEGMENT_SIZE);
232 t1_tag->data_read = 10 * BLOCK_SIZE + 2;
234 t1_init_cmd(t1_tag, &t1_cmd);
236 /* T1 read segment */
237 t1_cmd.cmd = CMD_READ_SEGS;
238 /* 5.3.3 ADDS operand is [b8..b5] */
239 t1_cmd.addr = (t1_tag->current_seg << 4) & 0xFF;
241 return near_adapter_send(t1_tag->adapter_idx,
242 (uint8_t *)&t1_cmd, sizeof(t1_cmd),
246 static int meta_recv(uint8_t *resp, int length, void *data)
248 struct t1_cookie *cookie = data;
249 struct near_tag *tag;
250 struct type1_tag *t1_tag;
253 int err = -EOPNOTSUPP;
262 /* First byte is cmd status */
263 if (resp[OFFSET_STATUS_CMD] != 0) {
264 DBG("Command failed: 0x%x", resp[OFFSET_STATUS_CMD]);
269 /* Check Magic NFC tag */
270 cc = TAG_T1_DATA_CC(resp);
271 if (TAG_T1_DATA_NFC(cc) == 0) {
272 if (resp[OFFSET_HEADER_ROM] == HR0_TYPE1_STATIC) {
273 err = near_tag_add_data(cookie->adapter_idx,
276 TYPE1_STATIC_TAG_DATA_LENGTH);
278 near_error("Not a valid NFC magic tag 0x%x", cc[0]);
283 /* Add data to the tag */
284 err = near_tag_add_data(cookie->adapter_idx, cookie->target_idx,
285 NULL, TAG_T1_DATA_LENGTH(cc));
291 tag = near_tag_get_tag(cookie->adapter_idx, cookie->target_idx);
297 t1_tag = g_try_malloc0(sizeof(struct type1_tag));
298 if (t1_tag == NULL) {
303 t1_tag->adapter_idx = cookie->adapter_idx;
304 t1_tag->cb = cookie->cb;
306 memcpy(t1_tag->uid, cookie->uid, UID_LENGTH);
308 /* Set the ReadWrite flag */
309 if (TAG_T1_WRITE_FLAG(cc) == TYPE1_NOWRITE_ACCESS)
310 near_tag_set_ro(tag, TRUE);
312 near_tag_set_ro(tag, FALSE);
314 /* Check Static or Dynamic memory model */
315 if (resp[OFFSET_HEADER_ROM] == HR0_TYPE1_STATIC) {
320 if (TAG_T1_DATA_NFC(cc) == 0)
321 near_tag_set_blank(tag, TRUE);
323 near_tag_set_blank(tag, FALSE);
325 DBG("READ Static complete");
327 tagdata = near_tag_get_data(t1_tag->tag, &data_length);
328 memcpy(tagdata, cc + LEN_CC_BYTES, TAG_T1_DATA_LENGTH(cc));
330 near_tag_set_memory_layout(tag, NEAR_TAG_MEMORY_STATIC);
332 records = near_tlv_parse(tagdata, data_length);
333 near_tag_add_records(t1_tag->tag, records, t1_tag->cb, 0);
338 } else if ((resp[OFFSET_HEADER_ROM] & 0xF0) == HR0_TYPE2_HIGH) {
339 near_tag_set_memory_layout(tag, NEAR_TAG_MEMORY_DYNAMIC);
340 err = read_dynamic_tag(cc, length, t1_tag);
351 if (err < 0 && cookie->cb)
352 cookie->cb(cookie->adapter_idx, cookie->target_idx, err);
354 return t1_cookie_release(err, cookie);
358 * READALL to read a maximum of 124 bytes.
359 * This cmd is common to static and dynamic targets
360 * This should allow to get the HR0 byte.
362 static int rid_resp(uint8_t *resp, int length, void *data)
364 struct t1_cookie *cookie = data;
365 struct type1_cmd t1_cmd;
371 /* First byte is cmd status */
372 if (resp[OFFSET_STATUS_CMD] != 0) {
373 DBG("Command failed: 0x%x", resp[OFFSET_STATUS_CMD]);
378 uid = TAG_T1_DATA_UID(resp);
380 DBG("UID 0x%x 0x%x 0x%x 0x%x", uid[0], uid[1], uid[2], uid[3]);
382 near_tag_set_nfcid(cookie->adapter_idx, cookie->target_idx,
385 t1_cmd.cmd = CMD_READ_ALL; /* Read ALL cmd give 124 bytes */
386 t1_cmd.addr = 0; /* NA */
388 memcpy(t1_cmd.uid, uid, UID_LENGTH);
390 memcpy(cookie->uid, uid, UID_LENGTH);
392 return near_adapter_send(cookie->adapter_idx,
393 (uint8_t *)&t1_cmd, sizeof(t1_cmd),
399 if (err < 0 && cookie->cb)
400 cookie->cb(cookie->adapter_idx, cookie->target_idx, err);
402 return t1_cookie_release(err, cookie);
405 static int nfctype1_read_meta(uint32_t adapter_idx, uint32_t target_idx,
406 near_tag_io_cb cb, uint8_t *uid)
408 struct type1_cmd cmd;
409 struct t1_cookie *cookie;
414 memset(&cmd, 0, sizeof(cmd));
416 cookie = g_try_malloc0(sizeof(struct t1_cookie));
420 cookie->adapter_idx = adapter_idx;
421 cookie->target_idx = target_idx;
425 cmd.cmd = CMD_READ_ALL; /* Read ALL cmd give 124 bytes */
426 memcpy(cmd.uid, uid, UID_LENGTH);
427 memcpy(cookie->uid, uid, UID_LENGTH);
429 err = near_adapter_send(adapter_idx, (uint8_t *) &cmd,
430 sizeof(cmd), meta_recv, cookie);
434 err = near_adapter_send(adapter_idx, (uint8_t *) &cmd,
435 sizeof(cmd), rid_resp, cookie);
439 t1_cookie_release(err, cookie);
444 /* First step: RID to get the tag UID */
445 static int nfctype1_read(uint32_t adapter_idx,
446 uint32_t target_idx, near_tag_io_cb cb)
454 uid = near_tag_get_nfcid(adapter_idx, target_idx, &uid_length);
455 if (uid == NULL || uid_length != UID_LENGTH) {
457 near_error("Invalid UID");
463 return nfctype1_read_meta(adapter_idx, target_idx, cb, NULL);
466 err = nfctype1_read_meta(adapter_idx, target_idx, cb, uid);
473 static int write_nmn_e1_resp(uint8_t *resp, int length, void *data)
476 struct t1_cookie *cookie = data;
483 if (resp[OFFSET_STATUS_CMD] != 0)
488 cookie->cb(cookie->adapter_idx, cookie->target_idx, err);
490 return t1_cookie_release(err, cookie);
493 static int write_nmn_e1(struct t1_cookie *cookie)
495 struct type1_cmd cmd;
499 cmd.cmd = CMD_WRITE_E;
501 cmd.data[0] = TYPE1_MAGIC;
502 memcpy(cmd.uid, cookie->uid, UID_LENGTH);
504 return near_adapter_send(cookie->adapter_idx, (uint8_t *) &cmd,
505 sizeof(cmd), write_nmn_e1_resp, cookie);
508 static int data_write_resp(uint8_t *resp, int length, void *data)
510 struct t1_cookie *cookie = data;
512 struct type1_cmd cmd;
522 if (resp[OFFSET_STATUS_CMD] != 0) {
527 if (cookie->ndef->offset > cookie->ndef->length)
528 return write_nmn_e1(cookie);
530 if (cookie->current_byte >= BLOCK_SIZE) {
531 cookie->current_byte = 0;
532 cookie->current_block++;
535 cmd.cmd = CMD_WRITE_E;
536 addr = cookie->current_block << 3;
537 cmd.addr = addr | (cookie->current_byte & 0x7);
538 cmd.data[0] = cookie->ndef->data[cookie->ndef->offset];
539 memcpy(cmd.uid, cookie->uid, UID_LENGTH);
540 cookie->ndef->offset++;
541 cookie->current_byte++;
543 err = near_adapter_send(cookie->adapter_idx, (uint8_t *) &cmd,
544 sizeof(cmd), data_write_resp, cookie);
551 if (err < 0 && cookie->cb)
552 cookie->cb(cookie->adapter_idx, cookie->target_idx, err);
554 return t1_cookie_release(err, cookie);
557 static int data_write(uint32_t adapter_idx, uint32_t target_idx,
558 struct near_ndef_message *ndef, near_tag_io_cb cb)
561 struct type1_cmd cmd;
562 struct t1_cookie *cookie;
563 uint8_t *uid, uid_length;
567 uid = near_tag_get_nfcid(adapter_idx, target_idx, &uid_length);
568 if (uid == NULL || uid_length != UID_LENGTH) {
569 near_error("Invalid type 1 UID");
573 cmd.cmd = CMD_WRITE_E;
576 memcpy(cmd.uid, uid, UID_LENGTH);
578 cookie = g_try_malloc0(sizeof(struct t1_cookie));
579 if (cookie == NULL) {
585 cookie->adapter_idx = adapter_idx;
586 cookie->target_idx = target_idx;
587 memcpy(cookie->uid, uid, UID_LENGTH);
588 cookie->current_block = 1;
589 cookie->current_byte = LEN_CC_BYTES;
595 err = near_adapter_send(cookie->adapter_idx, (uint8_t *) &cmd,
596 sizeof(cmd), data_write_resp, cookie);
603 return t1_cookie_release(err, cookie);
607 * The writing of a new NDEF message SHALL occur as follows:
608 * Write NMN = 00h to indicate that no valid NDEF message is present
609 * during writing to allow error detection in the event that the tag
610 * is removed from the field prior to completion of operation.
611 * Write VNo and RWA if required
612 * Write NDEF Message TLV
613 * Write NDEF Message data
614 * Write NMN = E1h as the last byte to be written
616 static int nfctype1_write(uint32_t adapter_idx, uint32_t target_idx,
617 struct near_ndef_message *ndef,
620 struct near_tag *tag;
624 if (ndef == NULL || cb == NULL)
627 tag = near_tag_get_tag(adapter_idx, target_idx);
631 /* This check is valid for only static tags.
632 * Max data length on Type 1 Tag including TLV's
633 * is TYPE1_STATIC_MAX_DATA_SIZE */
634 if (near_tag_get_memory_layout(tag) == NEAR_TAG_MEMORY_STATIC) {
635 if ((ndef->length + 3) > TYPE1_STATIC_MAX_DATA_SIZE) {
636 near_error("not enough space on tag");
641 return data_write(adapter_idx, target_idx, ndef, cb);
644 static int check_presence(uint8_t *resp, int length, void *data)
646 struct t1_cookie *cookie = data;
655 cookie->cb(cookie->adapter_idx,
656 cookie->target_idx, err);
658 return t1_cookie_release(err, cookie);
661 static int nfctype1_check_presence(uint32_t adapter_idx,
662 uint32_t target_idx, near_tag_io_cb cb)
664 struct type1_cmd t1_cmd;
665 struct t1_cookie *cookie;
666 uint8_t *uid, uid_length;
671 uid = near_tag_get_nfcid(adapter_idx, target_idx, &uid_length);
672 if (uid == NULL || uid_length != UID_LENGTH) {
673 near_error("Invalid type 1 UID");
677 t1_cmd.cmd = CMD_READ_ALL; /* Read ALL cmd give 124 bytes */
678 t1_cmd.addr = 0; /* NA */
680 memcpy(t1_cmd.uid, uid, UID_LENGTH);
684 cookie = g_try_malloc0(sizeof(struct t1_cookie));
688 cookie->adapter_idx = adapter_idx;
689 cookie->target_idx = target_idx;
692 err = near_adapter_send(adapter_idx, (uint8_t *) &t1_cmd,
693 sizeof(t1_cmd), check_presence, cookie);
700 return t1_cookie_release(err, cookie);
703 static int format_resp(uint8_t *resp, int length, void *data)
706 struct t1_cookie *cookie = data;
707 struct near_tag *tag;
708 struct type1_cmd cmd;
713 if (length < 0 || resp[0] != 0) {
718 if (cookie->current_byte < LEN_CC_BYTES) {
719 cmd.cmd = CMD_WRITE_E;
720 addr = cookie->current_block << 3;
721 cmd.addr = addr | (cookie->current_byte & 0x7);
722 cmd.data[0] = cookie->cc[cookie->current_byte];
723 cookie->current_byte++;
724 memcpy(cmd.uid, cookie->uid, UID_LENGTH);
726 err = near_adapter_send(cookie->adapter_idx, (uint8_t *) &cmd,
727 sizeof(cmd), format_resp, cookie);
733 tag = near_tag_get_tag(cookie->adapter_idx, cookie->target_idx);
739 DBG("Done formatting");
740 near_tag_set_blank(tag, FALSE);
745 cookie->cb(cookie->adapter_idx, cookie->target_idx, err);
747 return t1_cookie_release(err, cookie);
750 static int nfctype1_format(uint32_t adapter_idx, uint32_t target_idx,
754 struct near_tag *tag;
755 struct type1_cmd cmd;
756 struct t1_cookie *cookie;
757 uint8_t *uid, uid_length, addr;
761 tag = near_tag_get_tag(adapter_idx, target_idx);
765 /* TODO: Dynamic tag format */
766 if (near_tag_get_memory_layout(tag) != NEAR_TAG_MEMORY_STATIC)
769 uid = near_tag_get_nfcid(adapter_idx, target_idx, &uid_length);
770 if (uid == NULL || uid_length != UID_LENGTH) {
771 near_error("Invalid type 1 UID");
775 cookie = g_try_malloc0(sizeof(struct t1_cookie));
776 if (cookie == NULL) {
781 cookie->adapter_idx = adapter_idx;
782 cookie->target_idx = target_idx;
784 memcpy(cookie->uid, uid, UID_LENGTH);
785 cookie->cc[0] = TYPE1_MAGIC;
786 cookie->cc[1] = TYPE1_TAG_VER_1_1;
787 cookie->cc[2] = TYPE1_TAG_STATIC_SIZE_120;
788 cookie->cc[3] = TYPE1_READ_WRITE_ACCESS;
789 cookie->current_block = 1;
790 cookie->current_byte = 0;
792 cmd.cmd = CMD_WRITE_E;
793 addr = cookie->current_block << 3;
794 cmd.addr = addr | (cookie->current_byte & 0x7);
795 cmd.data[0] = cookie->cc[cookie->current_byte];
796 cookie->current_byte++;
797 memcpy(cmd.uid, cookie->uid, UID_LENGTH);
800 err = near_adapter_send(cookie->adapter_idx, (uint8_t *) &cmd,
801 sizeof(cmd), format_resp, cookie);
814 static struct near_tag_driver type1_driver = {
815 .type = NFC_PROTO_JEWEL,
816 .priority = NEAR_TAG_PRIORITY_DEFAULT,
817 .read = nfctype1_read,
818 .write = nfctype1_write,
819 .check_presence = nfctype1_check_presence,
820 .format = nfctype1_format,
823 static int nfctype1_init(void)
827 return near_tag_driver_register(&type1_driver);
830 static void nfctype1_exit(void)
834 near_tag_driver_unregister(&type1_driver);
837 NEAR_PLUGIN_DEFINE(nfctype1, "NFC Forum Type 1 tags support", VERSION,
838 NEAR_PLUGIN_PRIORITY_HIGH, nfctype1_init, nfctype1_exit)