3 * neard - Near Field Communication manager
5 * Copyright (C) 2011 Intel Corporation. All rights reserved.
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License version 2 as
9 * published by the Free Software Foundation.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
29 #include <sys/socket.h>
31 #include <linux/socket.h>
32 #include <linux/nfc.h>
34 #include <near/plugin.h>
36 #include <near/types.h>
37 #include <near/adapter.h>
39 #include <near/ndef.h>
42 #define CMD_READ_ALL 0x00 /* Read seg 0 (incl: HR) */
43 #define CMD_READ_SEGS 0x10 /* Read 16 blocks (128 bytes) */
44 #define CMD_RID 0x78 /* Read tag UID */
46 #define CMD_WRITE_E 0x53 /* Write with erase */
47 #define CMD_WRITE_NE 0x1A /* Write no erase */
49 #define OFFSET_STATUS_CMD 0x00
50 #define OFFSET_HEADER_ROM 0x01
52 #define HR0_TYPE1_STATIC 0x11
53 #define HR0_TYPE2_HIGH 0x10
54 #define HR0_TYPE2_LOW 0x0F
57 #define LEN_STATUS_BYTE 0x01 /* Status byte */
58 #define LEN_SPEC_BYTES (LEN_STATUS_BYTE + 0x02) /* HRx */
59 #define LEN_UID_BYTES (LEN_STATUS_BYTE + 0x07) /* UID bytes */
60 #define LEN_CC_BYTES 0x04 /* Capab. container */
61 #define LEN_DYN_BYTES 0x0A /* Bytes CtrlIT and TLV - Dyn. only */
63 #define TYPE1_MAGIC 0xe1
65 #define TAG_T1_DATA_UID(data) ((data) + LEN_SPEC_BYTES)
66 #define TAG_T1_DATA_CC(data) ((data) + LEN_SPEC_BYTES + LEN_UID_BYTES)
67 #define TAG_T1_DATA_LENGTH(cc) ((cc[2] + 1) * 8 - LEN_CC_BYTES)
69 #define TAG_T1_DATA_NFC(cc) ((cc)[0] & TYPE1_MAGIC)
71 #define TYPE1_NOWRITE_ACCESS 0x0F
72 #define TAG_T1_WRITE_FLAG(cc) ((cc)[3] & TYPE1_NOWRITE_ACCESS)
73 #define TAG_T1_SEGMENT_SIZE 128
75 #define TYPE1_STATIC_MAX_DATA_SIZE 0x60
79 #define TYPE1_TAG_VER_1_1 0x11
80 #define TYPE1_TAG_STATIC_SIZE_120 0x0E
81 #define TYPE1_READ_WRITE_ACCESS 0x00
82 #define TYPE1_STATIC_TAG_DATA_LENGTH 116
88 uint8_t uid[UID_LENGTH];
89 } __attribute__((packed));
93 uint16_t current_block;
97 uint8_t uid[UID_LENGTH];
100 struct near_tag *tag;
104 uint32_t adapter_idx;
106 uint8_t uid[UID_LENGTH];
107 uint32_t current_block; /* Static tag */
108 uint32_t current_byte; /* Static tag */
109 struct near_ndef_message *ndef;
111 uint8_t cc[LEN_CC_BYTES];
114 static void t1_init_cmd(struct type1_tag *tag, struct type1_cmd *cmd)
116 if (tag == NULL || cmd == NULL)
119 memcpy(cmd->uid, tag->uid, UID_LENGTH);
122 static void t1_cookie_release(struct t1_cookie *cookie)
128 g_free(cookie->ndef->data);
130 g_free(cookie->ndef);
135 /* Read segments (128 bytes)and store them to the tag data block */
136 static int segment_read_recv(uint8_t *resp, int length, void *data)
138 struct type1_tag *t1_tag = data;
139 struct type1_cmd t1_cmd;
152 length = length - LEN_STATUS_BYTE; /* ignore first byte */
154 /* Add data to tag mem*/
155 tagdata = near_tag_get_data(t1_tag->tag, &data_length);
156 memcpy(tagdata + t1_tag->data_read, resp+1, length);
159 t1_tag->data_read = t1_tag->data_read + length;
160 t1_tag->current_seg = t1_tag->current_seg + 1;
162 if (t1_tag->current_seg <= t1_tag->last_seg) {
164 t1_init_cmd(t1_tag, &t1_cmd);
166 t1_cmd.cmd = CMD_READ_SEGS;
167 t1_cmd.addr = (t1_tag->current_seg << 4) & 0xFF;
169 err = near_adapter_send(t1_tag->adapter_idx,
170 (uint8_t *)&t1_cmd, sizeof(t1_cmd),
171 segment_read_recv, t1_tag);
174 } else { /* This is the end */
177 DBG("READ complete");
179 records = near_tlv_parse(tagdata, data_length);
180 near_tag_add_records(t1_tag->tag, records, t1_tag->cb, 0);
192 /* The dynamic read function:
194 * [4..8]: TLV Lock ControlIT (0x01, 0x03, v1, V2, V3)
195 * [9..13]: TLV Reserved Memory Control (0x02, 0x03, V1, V2, V3)
196 * [14..]: TLV NDEF (0x03, L0, L1, L2, V1,V2 ...)
198 static int read_dynamic_tag(uint8_t *cc, int length, void *data)
200 struct type1_tag *t1_tag = data;
201 struct type1_cmd t1_cmd;
209 tagdata = near_tag_get_data(t1_tag->tag, &data_length);
211 /* Skip un-needed bytes */
212 pndef = cc + 4; /* right after CC bytes */
213 pndef = pndef + 5; /* skip TLV Lock bits bytes */
214 pndef = pndef + 5; /* skip TLV ControlIT bytes */
216 /* Save first NFC bytes to tag memory
217 * 10 blocks[0x3..0xC] of 8 bytes + 2 bytes from block 2
219 memcpy(tagdata, pndef, 10 * BLOCK_SIZE + 2);
221 /* Read the next one, up to the end of the data area */
222 t1_tag->current_seg = 1;
223 t1_tag->last_seg = ((cc[2] * BLOCK_SIZE) / TAG_T1_SEGMENT_SIZE);
224 t1_tag->data_read = 10 * BLOCK_SIZE + 2;
226 t1_init_cmd(t1_tag, &t1_cmd);
228 /* T1 read segment */
229 t1_cmd.cmd = CMD_READ_SEGS;
230 /* 5.3.3 ADDS operand is [b8..b5] */
231 t1_cmd.addr = (t1_tag->current_seg << 4) & 0xFF;
233 return near_adapter_send(t1_tag->adapter_idx,
234 (uint8_t *)&t1_cmd, sizeof(t1_cmd),
235 segment_read_recv, t1_tag);
238 static int meta_recv(uint8_t *resp, int length, void *data)
240 struct t1_cookie *cookie = data;
241 struct near_tag *tag;
242 struct type1_tag *t1_tag = NULL;
245 int err = -EOPNOTSUPP;
254 /* First byte is cmd status */
255 if (resp[OFFSET_STATUS_CMD] != 0) {
256 DBG("Command failed: 0x%x",resp[OFFSET_STATUS_CMD]);
261 /* Check Magic NFC tag */
262 cc = TAG_T1_DATA_CC(resp);
263 if (TAG_T1_DATA_NFC(cc) == 0) {
264 if (resp[OFFSET_HEADER_ROM] == HR0_TYPE1_STATIC) {
265 err = near_tag_add_data(cookie->adapter_idx,
268 TYPE1_STATIC_TAG_DATA_LENGTH);
270 near_error("Not a valid NFC magic tag 0x%x", cc[0]);
275 /* Add data to the tag */
276 err = near_tag_add_data(cookie->adapter_idx, cookie->target_idx,
277 NULL, TAG_T1_DATA_LENGTH(cc));
283 tag = near_tag_get_tag(cookie->adapter_idx, cookie->target_idx);
289 t1_tag = g_try_malloc0(sizeof(struct type1_tag));
290 if (t1_tag == NULL) {
295 t1_tag->adapter_idx = cookie->adapter_idx;
296 t1_tag->cb = cookie->cb;
298 memcpy(t1_tag->uid, cookie->uid, UID_LENGTH);
300 /*s Set the ReadWrite flag */
301 if (TAG_T1_WRITE_FLAG(cc) == TYPE1_NOWRITE_ACCESS)
302 near_tag_set_ro(tag, TRUE);
304 near_tag_set_ro(tag, FALSE);
306 /* Check Static or Dynamic memory model */
307 if (resp[OFFSET_HEADER_ROM] == HR0_TYPE1_STATIC) {
312 if (TAG_T1_DATA_NFC(cc) == 0)
313 near_tag_set_blank(tag, TRUE);
315 near_tag_set_blank(tag, FALSE);
317 DBG("READ Static complete");
319 tagdata = near_tag_get_data(t1_tag->tag, &data_length);
320 memcpy(tagdata, cc + LEN_CC_BYTES, TAG_T1_DATA_LENGTH(cc));
322 near_tag_set_memory_layout(tag, NEAR_TAG_MEMORY_STATIC);
324 records = near_tlv_parse(tagdata, data_length);
325 near_tag_add_records(t1_tag->tag, records, t1_tag->cb, 0);
330 } else if ((resp[OFFSET_HEADER_ROM] & 0xF0) == HR0_TYPE2_HIGH) {
331 near_tag_set_memory_layout(tag, NEAR_TAG_MEMORY_DYNAMIC);
332 err = read_dynamic_tag(cc, length, t1_tag);
340 if (err < 0 && cookie->cb)
341 cookie->cb(cookie->adapter_idx, cookie->target_idx, err);
343 t1_cookie_release(cookie);
349 * READALL to read a maximum of 124 bytes.
350 * This cmd is common to static and dynamic targets
351 * This should allow to get the HR0 byte.
353 static int rid_resp(uint8_t *resp, int length, void *data)
355 struct t1_cookie *cookie = data;
356 struct type1_cmd t1_cmd;
362 /* First byte is cmd status */
363 if (resp[OFFSET_STATUS_CMD] != 0) {
364 DBG("Command failed: 0x%x",resp[OFFSET_STATUS_CMD]);
369 uid = TAG_T1_DATA_UID(resp);
371 DBG("UID 0x%x 0x%x 0x%x 0x%x", uid[0], uid[1], uid[2], uid[3]);
373 near_tag_set_nfcid(cookie->adapter_idx, cookie->target_idx,
376 t1_cmd.cmd = CMD_READ_ALL; /* Read ALL cmd give 124 bytes */
377 t1_cmd.addr = 0; /* NA */
379 memcpy(t1_cmd.uid, uid, UID_LENGTH);
381 memcpy(cookie->uid, uid, UID_LENGTH);
383 return near_adapter_send(cookie->adapter_idx,
384 (uint8_t *)&t1_cmd, sizeof(t1_cmd),
390 if (err < 0 && cookie->cb)
391 cookie->cb(cookie->adapter_idx, cookie->target_idx, err);
393 t1_cookie_release(cookie);
398 /* First step: RID to get the tag UID */
399 static int nfctype1_read(uint32_t adapter_idx,
400 uint32_t target_idx, near_tag_io_cb cb)
402 struct type1_cmd t1_cmd;
403 struct t1_cookie *cookie;
404 uint8_t *uid, uid_length;
408 uid = near_tag_get_nfcid(adapter_idx, target_idx, &uid_length);
409 if (uid == NULL || uid_length != UID_LENGTH) {
410 if (uid != NULL && uid_length != UID_LENGTH) {
411 near_error("Invalid UID");
417 t1_cmd.cmd = CMD_RID;
420 memset(t1_cmd.uid, 0, UID_LENGTH);
422 cookie = g_try_malloc0(sizeof(struct t1_cookie));
423 if (cookie == NULL) {
428 cookie->adapter_idx = adapter_idx;
429 cookie->target_idx = target_idx;
432 return near_adapter_send(adapter_idx,
433 (uint8_t *)&t1_cmd, sizeof(t1_cmd),
437 t1_cmd.cmd = CMD_READ_ALL; /* Read ALL cmd give 124 bytes */
438 t1_cmd.addr = 0; /* NA */
440 memcpy(t1_cmd.uid, uid, UID_LENGTH);
442 cookie = g_try_malloc0(sizeof(struct t1_cookie));
443 if (cookie == NULL) {
448 cookie->adapter_idx = adapter_idx;
449 cookie->target_idx = target_idx;
450 memcpy(cookie->uid, uid, UID_LENGTH);
455 return near_adapter_send(adapter_idx, (uint8_t *)&t1_cmd, sizeof(t1_cmd),
459 static int write_nmn_e1_resp(uint8_t *resp, int length, void *data)
462 struct t1_cookie *cookie = data;
469 if (resp[OFFSET_STATUS_CMD] != 0)
474 cookie->cb(cookie->adapter_idx, cookie->target_idx, err);
476 t1_cookie_release(cookie);
481 static int write_nmn_e1(struct t1_cookie *cookie)
483 struct type1_cmd cmd;
487 cmd.cmd = CMD_WRITE_E;
489 cmd.data[0] = TYPE1_MAGIC;
490 memcpy(cmd.uid, cookie->uid, UID_LENGTH);
492 return near_adapter_send(cookie->adapter_idx, (uint8_t *)&cmd,
493 sizeof(cmd), write_nmn_e1_resp, cookie);
496 static int data_write(uint8_t *resp, int length, void *data)
498 struct t1_cookie *cookie = data;
500 struct type1_cmd cmd;
510 if (resp[OFFSET_STATUS_CMD] != 0) {
515 if (cookie->ndef->offset > cookie->ndef->length)
516 return write_nmn_e1(cookie);
518 if (cookie->current_byte >= BLOCK_SIZE) {
519 cookie->current_byte = 0;
520 cookie->current_block++;
523 cmd.cmd = CMD_WRITE_E;
524 addr = cookie->current_block << 3;
525 cmd.addr = addr | (cookie->current_byte & 0x7);
526 cmd.data[0] = cookie->ndef->data[cookie->ndef->offset];
527 memcpy(cmd.uid, cookie->uid, UID_LENGTH);
528 cookie->ndef->offset++;
529 cookie->current_byte++;
531 err = near_adapter_send(cookie->adapter_idx, (uint8_t *)&cmd,
532 sizeof(cmd), data_write, cookie);
539 if (err < 0 && cookie->cb)
540 cookie->cb(cookie->adapter_idx, cookie->target_idx, err);
542 t1_cookie_release(cookie);
547 static int write_nmn_0(uint32_t adapter_idx, uint32_t target_idx,
548 struct near_ndef_message *ndef, near_tag_io_cb cb)
551 struct type1_cmd cmd;
552 struct t1_cookie *cookie;
553 uint8_t *uid, uid_length;
557 uid = near_tag_get_nfcid(adapter_idx, target_idx, &uid_length);
558 if (uid == NULL || uid_length != UID_LENGTH) {
559 near_error("Invalid type 1 UID");
563 cmd.cmd = CMD_WRITE_E;
566 memcpy(cmd.uid, uid, UID_LENGTH);
568 cookie = g_try_malloc0(sizeof(struct t1_cookie));
569 if (cookie == NULL) {
575 cookie->adapter_idx = adapter_idx;
576 cookie->target_idx = target_idx;
577 memcpy(cookie->uid, uid, UID_LENGTH);
578 cookie->current_block = 1;
579 cookie->current_byte = LEN_CC_BYTES;
585 err = near_adapter_send(cookie->adapter_idx, (uint8_t *)&cmd,
586 sizeof(cmd), data_write, cookie);
593 t1_cookie_release(cookie);
599 * The writing of a new NDEF message SHALL occur as follows:
600 * Write NMN = 00h to indicate that no valid NDEF message is present
601 * during writing to allow error detection in the event that the tag
602 * is removed from the field prior to completion of operation.
603 * Write VNo and RWA if required
604 * Write NDEF Message TLV
605 * Write NDEF Message data
606 * Write NMN = E1h as the last byte to be written
608 static int nfctype1_write(uint32_t adapter_idx, uint32_t target_idx,
609 struct near_ndef_message *ndef,
612 struct near_tag *tag;
616 if (ndef == NULL || cb == NULL)
619 tag = near_tag_get_tag(adapter_idx, target_idx);
623 /* This check is valid for only static tags.
624 * Max data length on Type 2 Tag including TLV's
625 * is TYPE1_STATIC_MAX_DATA_SIZE */
626 if (near_tag_get_memory_layout(tag) == NEAR_TAG_MEMORY_STATIC) {
627 if ((ndef->length + 3) > TYPE1_STATIC_MAX_DATA_SIZE) {
628 near_error("not enough space on data");
633 return write_nmn_0(adapter_idx, target_idx, ndef, cb);
636 static int check_presence(uint8_t *resp, int length, void *data)
638 struct t1_cookie *cookie = data;
647 cookie->cb(cookie->adapter_idx,
648 cookie->target_idx, err);
650 t1_cookie_release(cookie);
655 static int nfctype1_check_presence(uint32_t adapter_idx,
656 uint32_t target_idx, near_tag_io_cb cb)
658 struct type1_cmd t1_cmd;
659 struct t1_cookie *cookie;
660 uint8_t *uid, uid_length;
665 uid = near_tag_get_nfcid(adapter_idx, target_idx, &uid_length);
666 if (uid == NULL || uid_length != UID_LENGTH) {
667 near_error("Invalid type 1 UID");
671 t1_cmd.cmd = CMD_READ_ALL; /* Read ALL cmd give 124 bytes */
672 t1_cmd.addr = 0; /* NA */
674 memcpy(t1_cmd.uid, uid, UID_LENGTH);
678 cookie = g_try_malloc0(sizeof(struct t1_cookie));
682 cookie->adapter_idx = adapter_idx;
683 cookie->target_idx = target_idx;
686 err = near_adapter_send(adapter_idx, (uint8_t *)&t1_cmd, sizeof(t1_cmd),
687 check_presence, cookie);
694 t1_cookie_release(cookie);
699 static int format_resp(uint8_t *resp, int length, void *data)
702 struct t1_cookie *cookie = data;
703 struct near_tag *tag;
704 struct type1_cmd cmd;
709 if (length < 0 || resp[0] != 0) {
714 if (cookie->current_byte < LEN_CC_BYTES) {
715 cmd.cmd = CMD_WRITE_E;
716 addr = cookie->current_block << 3;
717 cmd.addr = addr | (cookie->current_byte & 0x7);
718 cmd.data[0] = cookie->cc[cookie->current_byte];
719 cookie->current_byte++;
720 memcpy(cmd.uid, cookie->uid, UID_LENGTH);
722 err = near_adapter_send(cookie->adapter_idx, (uint8_t *)&cmd,
723 sizeof(cmd), format_resp, cookie);
729 tag = near_tag_get_tag(cookie->adapter_idx, cookie->target_idx);
735 DBG("Done formatting");
736 near_tag_set_blank(tag, FALSE);
741 cookie->cb(cookie->adapter_idx, cookie->target_idx, err);
743 t1_cookie_release(cookie);
748 static int nfctype1_format(uint32_t adapter_idx, uint32_t target_idx,
752 struct near_tag *tag;
753 struct type1_cmd cmd;
754 struct t1_cookie *cookie;
755 uint8_t *uid, uid_length, addr;
759 tag = near_tag_get_tag(adapter_idx, target_idx);
763 /* TODO: Dynamic tag format */
764 if (near_tag_get_memory_layout(tag) != NEAR_TAG_MEMORY_STATIC)
767 uid = near_tag_get_nfcid(adapter_idx, target_idx, &uid_length);
768 if (uid == NULL || uid_length != UID_LENGTH) {
769 near_error("Invalid type 1 UID");
773 cookie = g_try_malloc0(sizeof(struct t1_cookie));
774 if (cookie == NULL) {
779 cookie->adapter_idx = adapter_idx;
780 cookie->target_idx = target_idx;
782 memcpy(cookie->uid, uid, UID_LENGTH);
783 cookie->cc[0] = TYPE1_MAGIC;
784 cookie->cc[1] = TYPE1_TAG_VER_1_1;
785 cookie->cc[2] = TYPE1_TAG_STATIC_SIZE_120;
786 cookie->cc[3] = TYPE1_READ_WRITE_ACCESS;
787 cookie->current_block = 1;
788 cookie->current_byte = 0;
790 cmd.cmd = CMD_WRITE_E;
791 addr = cookie->current_block << 3;
792 cmd.addr = addr | (cookie->current_byte & 0x7);
793 cmd.data[0] = cookie->cc[cookie->current_byte];
794 cookie->current_byte++;
795 memcpy(cmd.uid, cookie->uid, UID_LENGTH);
798 err = near_adapter_send(cookie->adapter_idx, (uint8_t *)&cmd,
799 sizeof(cmd), format_resp, cookie);
812 static struct near_tag_driver type1_driver = {
813 .type = NFC_PROTO_JEWEL,
814 .priority = NEAR_TAG_PRIORITY_DEFAULT,
815 .read = nfctype1_read,
816 .write = nfctype1_write,
817 .check_presence = nfctype1_check_presence,
818 .format = nfctype1_format,
821 static int nfctype1_init(void)
825 return near_tag_driver_register(&type1_driver);
828 static void nfctype1_exit(void)
832 near_tag_driver_unregister(&type1_driver);
835 NEAR_PLUGIN_DEFINE(nfctype1, "NFC Forum Type 1 tags support", VERSION,
836 NEAR_PLUGIN_PRIORITY_HIGH, nfctype1_init, nfctype1_exit)