3 * neard - Near Field Communication manager
5 * Copyright (C) 2011 Intel Corporation. All rights reserved.
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License version 2 as
9 * published by the Free Software Foundation.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
30 #include <sys/socket.h>
32 #include <linux/socket.h>
34 #include <near/nfc_copy.h>
35 #include <near/plugin.h>
37 #include <near/types.h>
38 #include <near/adapter.h>
40 #include <near/ndef.h>
43 #define CMD_READ_ALL 0x00 /* Read seg 0 (incl: HR) */
44 #define CMD_READ_SEGS 0x10 /* Read 16 blocks (128 bytes) */
45 #define CMD_RID 0x78 /* Read tag UID */
47 #define CMD_WRITE_E 0x53 /* Write with erase */
48 #define CMD_WRITE_NE 0x1A /* Write no erase */
50 #define OFFSET_STATUS_CMD 0x00
51 #define OFFSET_HEADER_ROM 0x01
53 #define HR0_TYPE1_STATIC 0x11
54 #define HR0_TYPE2_HIGH 0x10
55 #define HR0_TYPE2_LOW 0x0F
58 #define LEN_STATUS_BYTE 0x01 /* Status byte */
59 #define LEN_SPEC_BYTES (LEN_STATUS_BYTE + 0x02) /* HRx */
60 #define LEN_UID_BYTES (LEN_STATUS_BYTE + 0x07) /* UID bytes */
61 #define LEN_CC_BYTES 0x04 /* Capab. container */
62 #define LEN_DYN_BYTES 0x0A /* Bytes CtrlIT and TLV - Dyn. only */
64 #define TYPE1_MAGIC 0xe1
66 #define TAG_T1_DATA_UID(data) ((data) + LEN_SPEC_BYTES)
67 #define TAG_T1_DATA_CC(data) ((data) + LEN_SPEC_BYTES + LEN_UID_BYTES)
68 #define TAG_T1_DATA_LENGTH(cc) ((cc[2] + 1) * 8 - LEN_CC_BYTES)
70 #define TAG_T1_DATA_NFC(cc) ((cc)[0] & TYPE1_MAGIC)
72 #define TYPE1_NOWRITE_ACCESS 0x0F
73 #define TAG_T1_WRITE_FLAG(cc) ((cc)[3] & TYPE1_NOWRITE_ACCESS)
74 #define TAG_T1_SEGMENT_SIZE 128
76 #define TYPE1_STATIC_MAX_DATA_SIZE 0x60
80 #define TYPE1_TAG_VER_1_1 0x11
81 #define TYPE1_TAG_STATIC_SIZE_120 0x0E
82 #define TYPE1_READ_WRITE_ACCESS 0x00
83 #define TYPE1_STATIC_TAG_DATA_LENGTH 116
89 uint8_t uid[UID_LENGTH];
90 } __attribute__((packed));
94 uint16_t current_block;
98 uint8_t uid[UID_LENGTH];
101 struct near_tag *tag;
105 uint32_t adapter_idx;
107 uint8_t uid[UID_LENGTH];
108 uint32_t current_block; /* Static tag */
109 uint32_t current_byte; /* Static tag */
110 struct near_ndef_message *ndef;
112 uint8_t cc[LEN_CC_BYTES];
115 static void t1_init_cmd(struct type1_tag *tag, struct type1_cmd *cmd)
120 memcpy(cmd->uid, tag->uid, UID_LENGTH);
123 static int t1_cookie_release(int err, void *data)
125 struct t1_cookie *cookie = data;
133 cookie->cb(cookie->adapter_idx, cookie->target_idx, err);
136 g_free(cookie->ndef->data);
138 g_free(cookie->ndef);
145 /* Read segments (128 bytes) and store them to the tag data block */
146 static int data_recv(uint8_t *resp, int length, void *data)
148 struct type1_tag *t1_tag = data;
149 struct type1_cmd t1_cmd;
158 length = length - LEN_STATUS_BYTE; /* ignore first byte */
160 /* Add data to tag mem */
161 tagdata = near_tag_get_data(t1_tag->tag, &data_length);
163 /* Check that we have enough free space */
164 if (data_length - t1_tag->data_read < (uint)length)
167 memcpy(tagdata + t1_tag->data_read, resp + 1, length);
170 t1_tag->data_read = t1_tag->data_read + length;
171 t1_tag->current_seg = t1_tag->current_seg + 1;
173 if (t1_tag->current_seg <= t1_tag->last_seg) {
175 t1_init_cmd(t1_tag, &t1_cmd);
177 t1_cmd.cmd = CMD_READ_SEGS;
178 t1_cmd.addr = (t1_tag->current_seg << 4) & 0xFF;
180 return near_adapter_send(t1_tag->adapter_idx,
181 (uint8_t *) &t1_cmd, sizeof(t1_cmd),
182 data_recv, t1_tag, NULL);
183 } else { /* This is the end */
186 DBG("READ complete");
188 records = near_tlv_parse(tagdata, data_length);
189 near_tag_add_records(t1_tag->tag, records, t1_tag->cb, 0);
199 * The dynamic read function:
201 * [4..8]: TLV Lock ControlIT (0x01, 0x03, v1, V2, V3)
202 * [9..13]: TLV Reserved Memory Control (0x02, 0x03, V1, V2, V3)
203 * [14..]: TLV NDEF (0x03, L0, L1, L2, V1,V2 ...)
205 static int read_dynamic_tag(uint8_t *cc, int length, void *data)
207 struct type1_tag *t1_tag = data;
208 struct type1_cmd t1_cmd;
215 tagdata = near_tag_get_data(t1_tag->tag, &data_length);
217 /* Skip capability container bytes */
218 pndef = cc + 4; /* right after CC bytes */
221 * Save first NFC bytes to tag memory
222 * 10 blocks[0x3..0xC] of 8 bytes + 2 bytes from block 2
224 memcpy(tagdata, pndef, 10 * BLOCK_SIZE + 2);
226 /* Read the next one, up to the end of the data area */
227 t1_tag->current_seg = 1;
228 t1_tag->last_seg = ((cc[2] * BLOCK_SIZE) / TAG_T1_SEGMENT_SIZE);
229 t1_tag->data_read = 10 * BLOCK_SIZE + 2;
231 t1_init_cmd(t1_tag, &t1_cmd);
233 /* T1 read segment */
234 t1_cmd.cmd = CMD_READ_SEGS;
235 /* 5.3.3 ADDS operand is [b8..b5] */
236 t1_cmd.addr = (t1_tag->current_seg << 4) & 0xFF;
238 return near_adapter_send(t1_tag->adapter_idx,
239 (uint8_t *)&t1_cmd, sizeof(t1_cmd),
240 data_recv, t1_tag, NULL);
243 static int meta_recv(uint8_t *resp, int length, void *data)
245 struct t1_cookie *cookie = data;
246 struct near_tag *tag;
247 struct type1_tag *t1_tag;
249 int err = -EOPNOTSUPP;
258 /* First byte is cmd status */
259 if (resp[OFFSET_STATUS_CMD] != 0) {
260 DBG("Command failed: 0x%x", resp[OFFSET_STATUS_CMD]);
265 /* Check Magic NFC tag */
266 cc = TAG_T1_DATA_CC(resp);
267 if (TAG_T1_DATA_NFC(cc) == 0) {
268 if (resp[OFFSET_HEADER_ROM] == HR0_TYPE1_STATIC) {
269 err = near_tag_add_data(cookie->adapter_idx,
272 TYPE1_STATIC_TAG_DATA_LENGTH);
274 near_error("Not a valid NFC magic tag 0x%x", cc[0]);
279 /* Add data to the tag */
280 err = near_tag_add_data(cookie->adapter_idx, cookie->target_idx,
281 NULL, TAG_T1_DATA_LENGTH(cc));
287 tag = near_tag_get_tag(cookie->adapter_idx, cookie->target_idx);
293 t1_tag = g_try_malloc0(sizeof(struct type1_tag));
299 t1_tag->adapter_idx = cookie->adapter_idx;
300 t1_tag->cb = cookie->cb;
302 memcpy(t1_tag->uid, cookie->uid, UID_LENGTH);
304 /* Set the ReadWrite flag */
305 if (TAG_T1_WRITE_FLAG(cc) == TYPE1_NOWRITE_ACCESS)
306 near_tag_set_ro(tag, TRUE);
308 near_tag_set_ro(tag, FALSE);
310 /* Check Static or Dynamic memory model */
311 if (resp[OFFSET_HEADER_ROM] == HR0_TYPE1_STATIC) {
316 if (TAG_T1_DATA_NFC(cc) == 0)
317 near_tag_set_blank(tag, TRUE);
319 near_tag_set_blank(tag, FALSE);
321 DBG("READ Static complete");
323 tagdata = near_tag_get_data(t1_tag->tag, &data_length);
325 /* Check that we have enough free space */
326 if (data_length < (size_t)TAG_T1_DATA_LENGTH(cc))
329 memcpy(tagdata, cc + LEN_CC_BYTES, TAG_T1_DATA_LENGTH(cc));
331 near_tag_set_memory_layout(tag, NEAR_TAG_MEMORY_STATIC);
333 records = near_tlv_parse(tagdata, data_length);
334 near_tag_add_records(t1_tag->tag, records, t1_tag->cb, 0);
339 } else if ((resp[OFFSET_HEADER_ROM] & 0xF0) == HR0_TYPE2_HIGH) {
340 near_tag_set_memory_layout(tag, NEAR_TAG_MEMORY_DYNAMIC);
341 err = read_dynamic_tag(cc, length, t1_tag);
343 * As reading isn't complete,
344 * callback shouldn't be called while freeing the cookie
357 return t1_cookie_release(err, cookie);
361 * READALL to read a maximum of 124 bytes.
362 * This cmd is common to static and dynamic targets
363 * This should allow to get the HR0 byte.
365 static int rid_resp(uint8_t *resp, int length, void *data)
367 struct t1_cookie *cookie = data;
368 struct type1_cmd t1_cmd;
374 /* First byte is cmd status */
375 if (resp[OFFSET_STATUS_CMD] != 0) {
376 DBG("Command failed: 0x%x", resp[OFFSET_STATUS_CMD]);
381 uid = TAG_T1_DATA_UID(resp);
383 DBG("UID 0x%x 0x%x 0x%x 0x%x", uid[0], uid[1], uid[2], uid[3]);
385 near_tag_set_nfcid(cookie->adapter_idx, cookie->target_idx,
388 t1_cmd.cmd = CMD_READ_ALL; /* Read ALL cmd give 124 bytes */
389 t1_cmd.addr = 0; /* NA */
391 memcpy(t1_cmd.uid, uid, UID_LENGTH);
393 memcpy(cookie->uid, uid, UID_LENGTH);
395 return near_adapter_send(cookie->adapter_idx,
396 (uint8_t *)&t1_cmd, sizeof(t1_cmd),
397 meta_recv, cookie, t1_cookie_release);
402 return t1_cookie_release(err, cookie);
405 static int nfctype1_read_meta(uint32_t adapter_idx, uint32_t target_idx,
406 near_tag_io_cb cb, uint8_t *uid)
408 struct type1_cmd cmd;
409 struct t1_cookie *cookie;
413 memset(&cmd, 0, sizeof(cmd));
415 cookie = g_try_malloc0(sizeof(struct t1_cookie));
419 cookie->adapter_idx = adapter_idx;
420 cookie->target_idx = target_idx;
424 cmd.cmd = CMD_READ_ALL; /* Read ALL cmd give 124 bytes */
425 memcpy(cmd.uid, uid, UID_LENGTH);
426 memcpy(cookie->uid, uid, UID_LENGTH);
428 return near_adapter_send(adapter_idx, (uint8_t *) &cmd,
429 sizeof(cmd), meta_recv, cookie,
434 return near_adapter_send(adapter_idx, (uint8_t *) &cmd,
435 sizeof(cmd), rid_resp, cookie,
440 /* First step: RID to get the tag UID */
441 static int nfctype1_read(uint32_t adapter_idx,
442 uint32_t target_idx, near_tag_io_cb cb)
450 uid = near_tag_get_nfcid(adapter_idx, target_idx, &uid_length);
451 if (!uid || uid_length != UID_LENGTH) {
453 near_error("Invalid UID");
459 return nfctype1_read_meta(adapter_idx, target_idx, cb, NULL);
462 err = nfctype1_read_meta(adapter_idx, target_idx, cb, uid);
469 static int write_nmn_e1_resp(uint8_t *resp, int length, void *data)
472 struct t1_cookie *cookie = data;
479 if (resp[OFFSET_STATUS_CMD] != 0)
484 return t1_cookie_release(err, cookie);
487 static int write_nmn_e1(struct t1_cookie *cookie)
489 struct type1_cmd cmd;
493 cmd.cmd = CMD_WRITE_E;
495 cmd.data[0] = TYPE1_MAGIC;
496 memcpy(cmd.uid, cookie->uid, UID_LENGTH);
498 return near_adapter_send(cookie->adapter_idx, (uint8_t *) &cmd,
499 sizeof(cmd), write_nmn_e1_resp, cookie,
503 static int data_write_resp(uint8_t *resp, int length, void *data)
505 struct t1_cookie *cookie = data;
507 struct type1_cmd cmd;
517 if (resp[OFFSET_STATUS_CMD] != 0) {
522 if (cookie->ndef->offset > cookie->ndef->length)
523 return write_nmn_e1(cookie);
525 if (cookie->current_byte >= BLOCK_SIZE) {
526 cookie->current_byte = 0;
527 cookie->current_block++;
530 cmd.cmd = CMD_WRITE_E;
531 addr = cookie->current_block << 3;
532 cmd.addr = addr | (cookie->current_byte & 0x7);
533 cmd.data[0] = cookie->ndef->data[cookie->ndef->offset];
534 memcpy(cmd.uid, cookie->uid, UID_LENGTH);
535 cookie->ndef->offset++;
536 cookie->current_byte++;
538 err = near_adapter_send(cookie->adapter_idx, (uint8_t *) &cmd,
539 sizeof(cmd), data_write_resp, cookie,
547 return t1_cookie_release(err, cookie);
550 static int data_write(uint32_t adapter_idx, uint32_t target_idx,
551 struct near_ndef_message *ndef, near_tag_io_cb cb)
554 struct type1_cmd cmd;
555 struct t1_cookie *cookie;
556 uint8_t *uid, uid_length;
560 uid = near_tag_get_nfcid(adapter_idx, target_idx, &uid_length);
561 if (!uid || uid_length != UID_LENGTH) {
562 near_error("Invalid type 1 UID");
567 cmd.cmd = CMD_WRITE_E;
570 memcpy(cmd.uid, uid, UID_LENGTH);
572 cookie = g_try_malloc0(sizeof(struct t1_cookie));
579 cookie->adapter_idx = adapter_idx;
580 cookie->target_idx = target_idx;
581 memcpy(cookie->uid, uid, UID_LENGTH);
582 cookie->current_block = 1;
583 cookie->current_byte = LEN_CC_BYTES;
589 return near_adapter_send(cookie->adapter_idx, (uint8_t *) &cmd,
590 sizeof(cmd), data_write_resp, cookie,
594 cb(adapter_idx, target_idx, err);
600 * The writing of a new NDEF message SHALL occur as follows:
601 * Write NMN = 00h to indicate that no valid NDEF message is present
602 * during writing to allow error detection in the event that the tag
603 * is removed from the field prior to completion of operation.
604 * Write VNo and RWA if required
605 * Write NDEF Message TLV
606 * Write NDEF Message data
607 * Write NMN = E1h as the last byte to be written
609 static int nfctype1_write(uint32_t adapter_idx, uint32_t target_idx,
610 struct near_ndef_message *ndef,
613 struct near_tag *tag;
623 tag = near_tag_get_tag(adapter_idx, target_idx);
629 /* This check is valid for only static tags.
630 * Max data length on Type 1 Tag including TLV's
631 * is TYPE1_STATIC_MAX_DATA_SIZE */
632 if (near_tag_get_memory_layout(tag) == NEAR_TAG_MEMORY_STATIC) {
633 if ((ndef->length + 3) > TYPE1_STATIC_MAX_DATA_SIZE) {
634 near_error("not enough space on tag");
640 return data_write(adapter_idx, target_idx, ndef, cb);
644 cb(adapter_idx, target_idx, err);
649 static int check_presence(uint8_t *resp, int length, void *data)
651 struct t1_cookie *cookie = data;
659 return t1_cookie_release(err, cookie);
662 static int nfctype1_check_presence(uint32_t adapter_idx,
663 uint32_t target_idx, near_tag_io_cb cb)
665 struct type1_cmd t1_cmd;
666 struct t1_cookie *cookie;
667 uint8_t *uid, uid_length;
671 uid = near_tag_get_nfcid(adapter_idx, target_idx, &uid_length);
672 if (!uid || uid_length != UID_LENGTH) {
673 near_error("Invalid type 1 UID");
677 t1_cmd.cmd = CMD_READ_ALL; /* Read ALL cmd give 124 bytes */
678 t1_cmd.addr = 0; /* NA */
680 memcpy(t1_cmd.uid, uid, UID_LENGTH);
684 cookie = g_try_malloc0(sizeof(struct t1_cookie));
688 cookie->adapter_idx = adapter_idx;
689 cookie->target_idx = target_idx;
692 return near_adapter_send(adapter_idx, (uint8_t *) &t1_cmd,
693 sizeof(t1_cmd), check_presence, cookie,
697 static int format_resp(uint8_t *resp, int length, void *data)
700 struct t1_cookie *cookie = data;
701 struct near_tag *tag;
702 struct type1_cmd cmd;
707 if (length < 0 || resp[0] != 0) {
712 if (cookie->current_byte < LEN_CC_BYTES) {
713 cmd.cmd = CMD_WRITE_E;
714 addr = cookie->current_block << 3;
715 cmd.addr = addr | (cookie->current_byte & 0x7);
716 cmd.data[0] = cookie->cc[cookie->current_byte];
717 cookie->current_byte++;
718 memcpy(cmd.uid, cookie->uid, UID_LENGTH);
720 return near_adapter_send(cookie->adapter_idx, (uint8_t *) &cmd,
721 sizeof(cmd), format_resp, cookie,
724 tag = near_tag_get_tag(cookie->adapter_idx, cookie->target_idx);
730 DBG("Done formatting");
731 near_tag_set_blank(tag, FALSE);
735 return t1_cookie_release(err, cookie);
738 static int nfctype1_format(uint32_t adapter_idx, uint32_t target_idx,
742 struct near_tag *tag;
743 struct type1_cmd cmd;
744 struct t1_cookie *cookie;
745 uint8_t *uid, uid_length, addr;
749 tag = near_tag_get_tag(adapter_idx, target_idx);
753 /* TODO: Dynamic tag format */
754 if (near_tag_get_memory_layout(tag) != NEAR_TAG_MEMORY_STATIC)
757 uid = near_tag_get_nfcid(adapter_idx, target_idx, &uid_length);
758 if (!uid || uid_length != UID_LENGTH) {
759 near_error("Invalid type 1 UID");
763 cookie = g_try_malloc0(sizeof(struct t1_cookie));
769 cookie->adapter_idx = adapter_idx;
770 cookie->target_idx = target_idx;
772 memcpy(cookie->uid, uid, UID_LENGTH);
773 cookie->cc[0] = TYPE1_MAGIC;
774 cookie->cc[1] = TYPE1_TAG_VER_1_1;
775 cookie->cc[2] = TYPE1_TAG_STATIC_SIZE_120;
776 cookie->cc[3] = TYPE1_READ_WRITE_ACCESS;
777 cookie->current_block = 1;
778 cookie->current_byte = 0;
780 cmd.cmd = CMD_WRITE_E;
781 addr = cookie->current_block << 3;
782 cmd.addr = addr | (cookie->current_byte & 0x7);
783 cmd.data[0] = cookie->cc[cookie->current_byte];
784 cookie->current_byte++;
785 memcpy(cmd.uid, cookie->uid, UID_LENGTH);
788 err = near_adapter_send(cookie->adapter_idx, (uint8_t *) &cmd,
789 sizeof(cmd), format_resp, cookie,
803 static struct near_tag_driver type1_driver = {
804 .type = NFC_PROTO_JEWEL,
805 .priority = NEAR_TAG_PRIORITY_DEFAULT,
806 .read = nfctype1_read,
807 .write = nfctype1_write,
808 .check_presence = nfctype1_check_presence,
809 .format = nfctype1_format,
812 static int nfctype1_init(void)
816 return near_tag_driver_register(&type1_driver);
819 static void nfctype1_exit(void)
823 near_tag_driver_unregister(&type1_driver);
826 NEAR_PLUGIN_DEFINE(nfctype1, "NFC Forum Type 1 tags support", VERSION,
827 NEAR_PLUGIN_PRIORITY_HIGH, nfctype1_init, nfctype1_exit)