3 * neard - Near Field Communication manager
5 * Copyright (C) 2011 Intel Corporation. All rights reserved.
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License version 2 as
9 * published by the Free Software Foundation.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
29 #include <sys/socket.h>
31 #include <linux/socket.h>
32 #include <linux/nfc.h>
34 #include <near/plugin.h>
36 #include <near/types.h>
37 #include <near/adapter.h>
38 #include <near/target.h>
40 #include <near/ndef.h>
44 #define RESP_POLL 0x01
46 #define CMD_REQUEST_SERVICE 0x02
47 #define RESP_REQUEST_SERVICE 0x03
49 #define CMD_REQUEST_RESPONSE 0x04
50 #define RESP_REQUEST_RESPONSE 0x05
52 #define CMD_READ_WO_ENCRYPT 0x06
53 #define RESP_READ_WO_ENCRYPT 0x07
55 #define CMD_WRITE_WO_ENCRYPT 0x08
56 #define RESP_WRITE_WO_ENCRYPT 0x09
58 #define CMD_REQUEST_SYS_CODE 0x0C
59 #define RESP_REQUEST_SYS_CODE 0x0D
61 #define CMD_AUTHENTICATION_1 0x10
62 #define RESP_AUTHENTICATION_1 0x11
64 #define CMD_AUTHENTICATION_2 0x12
65 #define RESP_AUTHENTICATION_2 0x13
68 #define RESP_READ 0x15
70 #define CMD_WRITE 0x16
71 #define RESP_WRITE 0x17
73 #define NFC_SERVICE_CODE 0x000B
75 #define META_BLOCK_START 0
76 #define DATA_BLOCK_START 1
80 #define LEN_REPLY_CMD 0x02
81 #define LEN_CMD_LEN 0x01
84 #define OFS_NFC_STATUS 0
86 #define OFS_CMD_RESP 2
88 #define OFS_CMD_DATA (LEN_CMD_LEN + LEN_CMD + LEN_ID)
89 #define OFS_READ_FLAG 12
90 #define OFS_READ_DATA 14
92 #define CHECKSUM_LEN 2
94 #define MAX_DATA_SIZE 254
99 uint8_t data[MAX_DATA_SIZE];
100 } __attribute__((packed));
103 uint32_t adapter_idx;
104 uint16_t current_block;
108 struct near_tag *tag;
112 uint32_t adapter_idx;
116 uint8_t current_block;
117 uint8_t attr[BLOCK_SIZE];
118 struct near_ndef_message *ndef;
121 static void t3_cookie_release(struct t3_cookie *cookie)
126 if (cookie->ndef != NULL)
127 g_free(cookie->ndef->data);
129 g_free(cookie->ndef);
134 /* common: Intialize structure to write block */
135 static void prepare_write_block(uint8_t *UID, struct type3_cmd *cmd,
136 uint8_t block, uint8_t *data)
138 cmd->cmd = CMD_WRITE_WO_ENCRYPT; /* command */
139 memcpy(cmd->data, UID, LEN_ID); /* IDm */
141 cmd->data[LEN_ID] = 1; /* number of services */
142 cmd->data[LEN_ID + 1] = 0x09; /* service 0x0009 */
143 cmd->data[LEN_ID + 2] = 0x00;
145 cmd->data[LEN_ID + 3] = 0x01; /* number of blocks */
146 cmd->data[LEN_ID + 4] = 0x80; /* 2 byte block number format */
147 cmd->data[LEN_ID + 5] = block; /* block number */
148 memcpy(cmd->data + LEN_ID + 6, data, BLOCK_SIZE); /* data to write */
150 cmd->len = LEN_ID + LEN_CMD + LEN_CMD_LEN + 6 + BLOCK_SIZE;
154 /* common: Initialize structure to read block */
155 static void prepare_read_block(uint8_t cur_block,
157 struct type3_cmd *cmd )
159 cmd->cmd = CMD_READ_WO_ENCRYPT; /* command */
160 memcpy(cmd->data, UID, LEN_ID); /* IDm */
162 cmd->data[LEN_ID] = 1; /* number of service */
163 cmd->data[LEN_ID + 1] = 0x0B; /* service x000B */
164 cmd->data[LEN_ID + 2] = 0x00;
166 cmd->data[LEN_ID + 3] = 0x01; /* number of block */
167 cmd->data[LEN_ID + 4] = 0x80; /* 2 bytes block id*/
168 cmd->data[LEN_ID + 5] = cur_block; /* block number */
170 cmd->len = LEN_ID + LEN_CMD + LEN_CMD_LEN + 6;
173 /* common: Simple checks on received frame */
174 static int check_recv_frame(uint8_t *resp, uint8_t reply_code)
178 if (resp[OFS_NFC_STATUS] != 0) {
179 DBG("NFC Command failed: 0x%x",resp[OFS_NFC_STATUS]);
183 if (resp[OFS_CMD_RESP] != reply_code ) {
184 DBG("Felica cmd failed: 0x%x", resp[OFS_CMD_RESP]);
191 static int nfctype3_data_recv(uint8_t *resp, int length, void *data)
193 struct type3_tag *tag = data;
194 struct type3_cmd cmd;
196 uint16_t current_length, length_read, data_length;
197 uint32_t adapter_idx;
204 adapter_idx = near_tag_get_adapter_idx(tag->tag);
205 target_idx = near_tag_get_target_idx(tag->tag);
212 nfc_data = near_tag_get_data(tag->tag, (size_t *)&data_length);
213 length_read = length - OFS_READ_DATA ;
214 current_length = tag->current_block * BLOCK_SIZE;
215 if (current_length + (length - OFS_READ_DATA) > data_length)
216 length_read = data_length - current_length;
218 memcpy(nfc_data + current_length, resp + OFS_READ_DATA, length_read);
220 if (current_length + length_read >= data_length) {
221 tag->current_block = 0;
223 DBG("Done reading %d bytes at %p", data_length, nfc_data);
224 near_ndef_parse(tag->tag, nfc_data, data_length);
227 tag->cb(adapter_idx, target_idx, 0);
234 /* Read the next block */
235 read_blocks = length / BLOCK_SIZE;
236 tag->current_block += read_blocks;
238 prepare_read_block(DATA_BLOCK_START + tag->current_block,
241 err = near_adapter_send(adapter_idx, (uint8_t *)&cmd, cmd.len,
242 nfctype3_data_recv, tag);
249 if (err < 0 && tag->cb)
250 tag->cb(adapter_idx, target_idx, err);
257 static int nfctype3_data_read(struct type3_tag *tag)
259 struct type3_cmd cmd;
260 uint32_t adapter_idx;
264 tag->current_block = 0;
266 prepare_read_block(DATA_BLOCK_START + tag->current_block,
269 adapter_idx = near_tag_get_adapter_idx(tag->tag);
271 return near_adapter_send(adapter_idx,
272 (uint8_t *) &cmd, cmd.len,
273 nfctype3_data_recv, tag);
276 /* Read block 0 to retrieve the data length */
277 static int nfctype3_recv_block_0(uint8_t *resp, int length, void *data)
279 struct t3_cookie *cookie = data;
281 struct near_tag *tag;
282 struct type3_tag *t3_tag = NULL;
283 uint32_t ndef_data_length;
292 err = check_recv_frame(resp, RESP_READ_WO_ENCRYPT);
296 if (resp[OFS_READ_FLAG] != 0) {
297 DBG("Status 0x%x", resp[OFS_READ_FLAG]);
302 /* Block 0:[11 - 13]: length is a 3 bytes value */
303 ndef_data_length = resp[OFS_READ_DATA + 11] * 0x100;
304 ndef_data_length += resp[OFS_READ_DATA + 12];
305 ndef_data_length *= 0x100;
306 ndef_data_length += resp[OFS_READ_DATA + 13];
308 /* Add data to the tag */
309 err = near_tag_add_data(cookie->adapter_idx, cookie->target_idx,
310 NULL, ndef_data_length);
314 tag = near_tag_get_tag(cookie->adapter_idx, cookie->target_idx);
320 /* Block 0:[10]: RW Flag. 1 for RW */
321 if (resp[OFS_READ_DATA + 10] == 0)
322 near_tag_set_ro(tag, TRUE);
324 near_tag_set_ro(tag, FALSE);
326 t3_tag = g_try_malloc0(sizeof(struct type3_tag));
327 if (t3_tag == NULL) {
332 memcpy(t3_tag->IDm, cookie->IDm , LEN_ID);
334 near_tag_set_idm(tag, cookie->IDm, LEN_ID);
335 near_tag_set_attr_block(tag, resp + OFS_READ_DATA, BLOCK_SIZE);
337 t3_tag->adapter_idx = cookie->adapter_idx;
338 t3_tag->cb = cookie->cb;
341 err = nfctype3_data_read(t3_tag);
344 if (err < 0 && cookie->cb) {
345 cookie->cb(cookie->adapter_idx, cookie->target_idx, err);
349 t3_cookie_release(cookie);
354 static int nfctype3_recv_UID(uint8_t *resp, int length, void *data)
356 struct t3_cookie *rcv_cookie = data;
357 struct t3_cookie *snd_cookie;
359 struct type3_cmd cmd;
361 DBG(" length: %d", length);
368 err = check_recv_frame(resp, RESP_POLL);
372 snd_cookie = g_try_malloc0(sizeof(struct t3_cookie));
373 snd_cookie->adapter_idx = rcv_cookie->adapter_idx;
374 snd_cookie->target_idx = rcv_cookie->target_idx;
375 snd_cookie->cb = rcv_cookie->cb;
377 memcpy(snd_cookie->IDm, resp + OFS_IDM, LEN_ID);
379 prepare_read_block(META_BLOCK_START, snd_cookie->IDm, &cmd);
381 err = near_adapter_send(snd_cookie->adapter_idx,
382 (uint8_t *)&cmd, cmd.len, nfctype3_recv_block_0, snd_cookie);
385 if (err < 0 && rcv_cookie->cb)
386 rcv_cookie->cb(rcv_cookie->adapter_idx,
387 rcv_cookie->target_idx, err);
389 t3_cookie_release(rcv_cookie);
394 static int nfctype3_read_tag(uint32_t adapter_idx,
395 uint32_t target_idx, near_tag_io_cb cb)
397 struct type3_cmd cmd;
398 struct t3_cookie *cookie;
403 cmd.cmd = CMD_POLL; /* POLL command */
404 cmd.data[0] = 0x12; /* System code (NFC SC) */
406 cmd.data[2] = 01; /* request code */
407 cmd.data[3] = 0x00; /* time slot */
409 /* data len + 2 bytes */
410 cmd.len = LEN_CMD + LEN_CMD_LEN + 4 ;
412 cookie = g_try_malloc0(sizeof(struct t3_cookie));
413 cookie->adapter_idx = adapter_idx;
414 cookie->target_idx = target_idx;
417 return near_adapter_send(adapter_idx, (uint8_t *)&cmd,
418 cmd.len , nfctype3_recv_UID, cookie);
421 static int update_attr_block_cb(uint8_t *resp, int length, void *data)
423 struct t3_cookie *cookie = data;
433 err = check_recv_frame(resp, RESP_WRITE_WO_ENCRYPT);
441 cookie->cb(cookie->adapter_idx, cookie->target_idx, err);
443 t3_cookie_release(cookie);
448 static int update_attr_block(struct t3_cookie *cookie)
450 struct type3_cmd cmd;
456 cookie->attr[9] = 0x00; /* writing data completed */
457 cookie->attr[11] = (uint8_t) (cookie->ndef->length >> 16);
458 cookie->attr[12] = (uint8_t) (cookie->ndef->length >> 8);
459 cookie->attr[13] = (uint8_t) cookie->ndef->length;
462 for (i = 0; i < (BLOCK_SIZE - CHECKSUM_LEN); i++)
463 checksum += cookie->attr[i];
465 cookie->attr[14] = (uint8_t) (checksum >> 8);
466 cookie->attr[15] = (uint8_t) checksum;
468 prepare_write_block(cookie->IDm, &cmd, 0, cookie->attr);
470 return near_adapter_send(cookie->adapter_idx, (uint8_t *) &cmd, cmd.len,
471 update_attr_block_cb, cookie);
474 static int data_write_resp(uint8_t *resp, int length, void *data)
476 struct t3_cookie *cookie = data;
477 struct type3_cmd cmd;
478 uint8_t padding[BLOCK_SIZE] = {0};
488 err = check_recv_frame(resp, RESP_WRITE_WO_ENCRYPT);
492 if (cookie->ndef->offset >= cookie->ndef->length) {
493 err = update_attr_block(cookie);
500 if ((cookie->ndef->length - cookie->ndef->offset) <
502 memcpy(padding, cookie->ndef->data + cookie->ndef->offset,
503 cookie->ndef->length - cookie->ndef->offset);
504 prepare_write_block(cookie->IDm, &cmd,
505 cookie->current_block, padding);
507 prepare_write_block(cookie->IDm, &cmd, cookie->current_block,
508 cookie->ndef->data + cookie->ndef->offset);
511 cookie->current_block++;
512 cookie->ndef->offset += BLOCK_SIZE;
514 err = near_adapter_send(cookie->adapter_idx, (uint8_t *)&cmd, cmd.len,
515 data_write_resp, cookie);
522 if (err < 0 && cookie->cb)
523 cookie->cb(cookie->adapter_idx, cookie->target_idx, err);
525 t3_cookie_release(cookie);
530 static int data_write(uint32_t adapter_idx, uint32_t target_idx,
531 struct near_ndef_message *ndef,
532 struct near_tag *tag,
535 struct t3_cookie *cookie;
536 struct type3_cmd cmd;
537 uint16_t checksum, nmaxb;
544 cookie = g_try_malloc0(sizeof(struct t3_cookie));
545 if (cookie == NULL) {
550 cookie->adapter_idx = adapter_idx;
551 cookie->target_idx = target_idx;
554 cookie->current_block = 0;
556 idm = near_tag_get_idm(tag, &len);
562 memcpy(cookie->IDm, idm, len);
564 attr = near_tag_get_attr_block(tag, &len);
570 memcpy(cookie->attr, attr, len);
571 nmaxb = (((uint16_t)(cookie->attr[3])) << 8) | cookie->attr[4];
573 if (cookie->ndef->length > (nmaxb * BLOCK_SIZE)) {
574 near_error("not enough space on tag");
579 cookie->attr[9] = 0x0F; /* writing data in progress */
582 for (i = 0; i < 14; i++)
583 checksum += cookie->attr[i];
585 cookie->attr[14] = (uint8_t)(checksum >> 8);
586 cookie->attr[15] = (uint8_t)(checksum);
588 prepare_write_block(cookie->IDm, &cmd, cookie->current_block,
590 cookie->current_block++;
592 err = near_adapter_send(adapter_idx, (uint8_t *)&cmd, cmd.len,
593 data_write_resp, cookie);
600 t3_cookie_release(cookie);
605 static int nfctype3_write_tag(uint32_t adapter_idx, uint32_t target_idx,
606 struct near_ndef_message *ndef,
609 struct near_tag *tag;
613 if (ndef == NULL || cb == NULL)
616 tag = near_tag_get_tag(adapter_idx, target_idx);
620 if (near_tag_get_ro(tag) == TRUE) {
621 DBG("tag is read-only");
625 return data_write(adapter_idx, target_idx, ndef, tag, cb);
628 static int nfctype3_check_recv_UID(uint8_t *resp, int length, void *data)
630 struct t3_cookie *rcv_cookie = data;
633 DBG("length %d", length);
639 rcv_cookie->cb(rcv_cookie->adapter_idx,
640 rcv_cookie->target_idx, err);
642 t3_cookie_release(rcv_cookie);
647 static int nfctype3_check_presence(uint32_t adapter_idx,
648 uint32_t target_idx, near_tag_io_cb cb)
650 struct type3_cmd cmd;
651 struct t3_cookie *cookie;
657 cmd.cmd = CMD_POLL; /* POLL command */
658 cmd.data[0] = 0x12; /* System code (NFC SC) */
660 cmd.data[2] = 01; /* request code */
661 cmd.data[3] = 0x00; /* time slot */
663 /* data len + 2 bytes */
664 cmd.len = LEN_CMD + LEN_CMD_LEN + 4 ;
666 cookie = g_try_malloc0(sizeof(struct t3_cookie));
670 cookie->adapter_idx = adapter_idx;
671 cookie->target_idx = target_idx;
674 err = near_adapter_send(adapter_idx, (uint8_t *)&cmd,
675 cmd.len , nfctype3_check_recv_UID, cookie);
682 t3_cookie_release(cookie);
687 static struct near_tag_driver type1_driver = {
688 .type = NFC_PROTO_FELICA,
689 .priority = NEAR_TAG_PRIORITY_DEFAULT,
690 .read_tag = nfctype3_read_tag,
691 .add_ndef = nfctype3_write_tag,
692 .check_presence = nfctype3_check_presence,
695 static int nfctype3_init(void)
699 return near_tag_driver_register(&type1_driver);
702 static void nfctype3_exit(void)
706 near_tag_driver_unregister(&type1_driver);
709 NEAR_PLUGIN_DEFINE(nfctype3, "NFC Forum Type 3 tags support", VERSION,
710 NEAR_PLUGIN_PRIORITY_HIGH, nfctype3_init, nfctype3_exit)