3 * neard - Near Field Communication manager
5 * Copyright (C) 2011 Intel Corporation. All rights reserved.
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License version 2 as
9 * published by the Free Software Foundation.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
30 #include <sys/socket.h>
32 #include <linux/socket.h>
34 #include <near/nfc_copy.h>
35 #include <near/plugin.h>
37 #include <near/types.h>
38 #include <near/adapter.h>
40 #include <near/ndef.h>
44 #define RESP_POLL 0x01
46 #define CMD_REQUEST_SERVICE 0x02
47 #define RESP_REQUEST_SERVICE 0x03
49 #define CMD_REQUEST_RESPONSE 0x04
50 #define RESP_REQUEST_RESPONSE 0x05
52 #define CMD_READ_WO_ENCRYPT 0x06
53 #define RESP_READ_WO_ENCRYPT 0x07
55 #define CMD_WRITE_WO_ENCRYPT 0x08
56 #define RESP_WRITE_WO_ENCRYPT 0x09
58 #define CMD_REQUEST_SYS_CODE 0x0C
59 #define RESP_REQUEST_SYS_CODE 0x0D
61 #define CMD_AUTHENTICATION_1 0x10
62 #define RESP_AUTHENTICATION_1 0x11
64 #define CMD_AUTHENTICATION_2 0x12
65 #define RESP_AUTHENTICATION_2 0x13
68 #define RESP_READ 0x15
70 #define CMD_WRITE 0x16
71 #define RESP_WRITE 0x17
73 #define NFC_SERVICE_CODE 0x000B
75 #define META_BLOCK_START 0
76 #define DATA_BLOCK_START 1
80 #define LEN_REPLY_CMD 0x02
81 #define LEN_CMD_LEN 0x01
84 #define OFS_NFC_STATUS 0
86 #define OFS_CMD_RESP 2
88 #define OFS_CMD_DATA (LEN_CMD_LEN + LEN_CMD + LEN_ID)
89 #define OFS_READ_FLAG 12
90 #define OFS_READ_DATA 14
92 #define CHECKSUM_LEN 2
94 #define MAX_DATA_SIZE 254
96 #define NDEF_MAPPING_VERSION 0x10
97 #define MAX_READ_BLOCKS_PER_CHECK 0x04
98 #define MAX_WRITE_BLOCKS_PER_UPDATE 0x01
99 #define MAX_BLOCKS_FOR_NDEF_DATA 0x000D
100 #define ATTR_BLOCK_WRITE_FLAG 0x00
101 #define ATTR_BLOCK_RW_FLAG 0x01
103 #define IC_TYPE_OFFSET 12
104 #define SYSTEM_OPTION_OFFSET 17
105 #define FELICA_LITE_MC_BLOCK 0x88
106 #define FELICA_LITE_IC_TYPE 0xF0
107 #define FELICA_LITE_S_IC_TYPE 0xF1
108 #define FELICA_PLUG_IC_TYPE 0xE0
110 #define FELICA_LITE_AND_LITE_S_SYS_CODE 0x88B4
115 uint8_t data[MAX_DATA_SIZE];
116 } __attribute__((packed));
119 uint32_t adapter_idx;
120 uint16_t current_block;
124 struct near_tag *tag;
128 uint32_t adapter_idx;
132 uint8_t current_block;
133 uint8_t attr[BLOCK_SIZE];
134 struct near_ndef_message *ndef;
136 uint8_t mc_block[BLOCK_SIZE];
139 static int t3_cookie_release(int err, void *data)
141 struct t3_cookie *cookie = data;
149 cookie->cb(cookie->adapter_idx, cookie->target_idx, err);
152 g_free(cookie->ndef->data);
154 g_free(cookie->ndef);
161 /* common: Initialize structure to write block */
162 static void prepare_write_block(uint8_t *UID, struct type3_cmd *cmd,
163 uint8_t block, uint8_t *data)
165 cmd->cmd = CMD_WRITE_WO_ENCRYPT; /* command */
166 memcpy(cmd->data, UID, LEN_ID); /* IDm */
168 cmd->data[LEN_ID] = 1; /* number of services */
169 cmd->data[LEN_ID + 1] = 0x09; /* service 0x0009 */
170 cmd->data[LEN_ID + 2] = 0x00;
172 cmd->data[LEN_ID + 3] = 0x01; /* number of blocks */
173 cmd->data[LEN_ID + 4] = 0x80; /* 2 byte block number format */
174 cmd->data[LEN_ID + 5] = block; /* block number */
175 memcpy(cmd->data + LEN_ID + 6, data, BLOCK_SIZE); /* data to write */
177 cmd->len = LEN_ID + LEN_CMD + LEN_CMD_LEN + 6 + BLOCK_SIZE;
180 /* common: Initialize structure to read block */
181 static void prepare_read_block(uint8_t cur_block,
183 struct type3_cmd *cmd)
185 cmd->cmd = CMD_READ_WO_ENCRYPT; /* command */
186 memcpy(cmd->data, UID, LEN_ID); /* IDm */
188 cmd->data[LEN_ID] = 1; /* number of service */
189 cmd->data[LEN_ID + 1] = 0x0B; /* service x000B */
190 cmd->data[LEN_ID + 2] = 0x00;
192 cmd->data[LEN_ID + 3] = 0x01; /* number of block */
193 cmd->data[LEN_ID + 4] = 0x80; /* 2 bytes block id*/
194 cmd->data[LEN_ID + 5] = cur_block; /* block number */
196 cmd->len = LEN_ID + LEN_CMD + LEN_CMD_LEN + 6;
199 /* common: Simple checks on received frame */
200 static int check_recv_frame(uint8_t *resp, uint8_t reply_code)
202 if (resp[OFS_NFC_STATUS] != 0) {
203 DBG("NFC Command failed: 0x%x", resp[OFS_NFC_STATUS]);
207 if (resp[OFS_CMD_RESP] != reply_code) {
208 DBG("Felica cmd failed: 0x%x", resp[OFS_CMD_RESP]);
215 static int data_recv(uint8_t *resp, int length, void *data)
217 struct type3_tag *tag = data;
218 struct type3_cmd cmd;
220 size_t current_length, length_read, data_length;
221 uint32_t adapter_idx;
228 adapter_idx = near_tag_get_adapter_idx(tag->tag);
229 target_idx = near_tag_get_target_idx(tag->tag);
236 nfc_data = near_tag_get_data(tag->tag, &data_length);
237 length_read = length - OFS_READ_DATA;
238 current_length = tag->current_block * BLOCK_SIZE;
239 if (current_length + (length - OFS_READ_DATA) > data_length)
240 length_read = data_length - current_length;
242 memcpy(nfc_data + current_length, resp + OFS_READ_DATA, length_read);
244 if (current_length + length_read >= data_length) {
247 tag->current_block = 0;
249 DBG("Done reading %zd bytes at %p", data_length, nfc_data);
250 records = near_ndef_parse_msg(nfc_data, data_length, NULL);
251 near_tag_add_records(tag->tag, records, tag->cb, 0);
258 /* Read the next block */
259 read_blocks = length / BLOCK_SIZE;
260 tag->current_block += read_blocks;
262 prepare_read_block(DATA_BLOCK_START + tag->current_block,
265 err = near_adapter_send(adapter_idx, (uint8_t *) &cmd, cmd.len,
266 data_recv, tag, NULL);
274 if (err < 0 && tag->cb)
275 tag->cb(adapter_idx, target_idx, err);
282 static int data_read(struct type3_tag *tag)
284 struct type3_cmd cmd;
285 uint32_t adapter_idx;
289 tag->current_block = 0;
291 prepare_read_block(DATA_BLOCK_START + tag->current_block,
294 adapter_idx = near_tag_get_adapter_idx(tag->tag);
296 return near_adapter_send(adapter_idx,
297 (uint8_t *) &cmd, cmd.len,
298 data_recv, tag, NULL);
301 /* Read block 0 to retrieve the data length */
302 static int nfctype3_recv_block_0(uint8_t *resp, int length, void *data)
304 struct t3_cookie *cookie = data;
306 struct near_tag *tag;
307 struct type3_tag *t3_tag = NULL;
308 uint32_t ndef_data_length;
317 err = check_recv_frame(resp, RESP_READ_WO_ENCRYPT);
321 if (resp[OFS_READ_FLAG] != 0) {
322 DBG("Status 0x%x", resp[OFS_READ_FLAG]);
327 /* Block 0:[11 - 13]: length is a 3 bytes value */
328 ndef_data_length = resp[OFS_READ_DATA + 11] * 0x100;
329 ndef_data_length += resp[OFS_READ_DATA + 12];
330 ndef_data_length *= 0x100;
331 ndef_data_length += resp[OFS_READ_DATA + 13];
333 /* Add data to the tag */
334 err = near_tag_add_data(cookie->adapter_idx, cookie->target_idx,
335 NULL, ndef_data_length);
339 tag = near_tag_get_tag(cookie->adapter_idx, cookie->target_idx);
345 /* Block 0:[10]: RW Flag. 1 for RW */
346 if (resp[OFS_READ_DATA + 10] == 0)
347 near_tag_set_ro(tag, TRUE);
349 near_tag_set_ro(tag, FALSE);
351 t3_tag = g_try_malloc0(sizeof(struct type3_tag));
357 memcpy(t3_tag->IDm, cookie->IDm, LEN_ID);
359 near_tag_set_idm(tag, cookie->IDm, LEN_ID);
360 near_tag_set_attr_block(tag, resp + OFS_READ_DATA, BLOCK_SIZE);
361 near_tag_set_blank(tag, FALSE);
362 near_tag_set_ic_type(tag, cookie->ic_type);
364 t3_tag->adapter_idx = cookie->adapter_idx;
365 t3_tag->cb = cookie->cb;
368 err = data_read(t3_tag);
371 * As reading isn't complete,
372 * callback shouldn't be called while freeing the cookie
381 return t3_cookie_release(err, cookie);
384 static int poll_ndef_system_code(uint8_t *resp, int length, void *data)
386 struct t3_cookie *cookie = data;
388 struct type3_cmd cmd;
390 DBG("length: %d", length);
397 err = check_recv_frame(resp, RESP_POLL);
401 prepare_read_block(META_BLOCK_START, cookie->IDm, &cmd);
403 err = near_adapter_send(cookie->adapter_idx, (uint8_t *) &cmd,
404 cmd.len, nfctype3_recv_block_0, cookie, NULL);
411 return t3_cookie_release(err, cookie);
414 static int check_sys_op_in_mc_block(uint8_t *resp, int length, void *data)
416 struct type3_cmd cmd;
417 struct near_tag *tag;
418 struct t3_cookie *cookie = data;
421 DBG("length %d", length);
428 err = check_recv_frame(resp, RESP_READ_WO_ENCRYPT);
432 if (resp[SYSTEM_OPTION_OFFSET] == 0x00) {
433 DBG("Blank tag detected");
435 err = near_tag_add_data(cookie->adapter_idx,
437 NULL, 1 /* dummy length */);
441 tag = near_tag_get_tag(cookie->adapter_idx,
448 near_tag_set_idm(tag, cookie->IDm, LEN_ID);
449 near_tag_set_ic_type(tag, cookie->ic_type);
450 near_tag_set_blank(tag, TRUE);
452 return t3_cookie_release(0, cookie);
455 cmd.cmd = CMD_POLL; /* POLL command */
456 cmd.data[0] = 0x12; /* System code (NFC SC) */
458 cmd.data[2] = 01; /* request code */
459 cmd.data[3] = 0x00; /* time slot */
460 /* data len + 2 bytes */
461 cmd.len = LEN_CMD + LEN_CMD_LEN + 4 ;
463 err = near_adapter_send(cookie->adapter_idx, (uint8_t *) &cmd,
464 cmd.len , poll_ndef_system_code, cookie, NULL);
473 return t3_cookie_release(err, cookie);
476 static int receive_system_code(uint8_t *resp, int length, void *data)
478 struct t3_cookie *cookie = data;
480 struct type3_cmd cmd;
482 DBG("length: %d", length);
489 err = check_recv_frame(resp, RESP_POLL);
493 cookie->ic_type = resp[IC_TYPE_OFFSET];
494 memcpy(cookie->IDm, resp + OFS_IDM, LEN_ID);
496 switch (resp[IC_TYPE_OFFSET]) {
497 case FELICA_LITE_IC_TYPE:
498 prepare_read_block(FELICA_LITE_MC_BLOCK, cookie->IDm, &cmd);
499 err = near_adapter_send(cookie->adapter_idx, (uint8_t *) &cmd,
500 cmd.len, check_sys_op_in_mc_block,
506 cmd.cmd = CMD_POLL; /* POLL command */
507 cmd.data[0] = 0x12; /* System code (NFC SC) */
509 cmd.data[2] = 01; /* request code */
510 cmd.data[3] = 0x00; /* time slot */
511 /* data len + 2 bytes */
512 cmd.len = LEN_CMD + LEN_CMD_LEN + 4 ;
514 err = near_adapter_send(cookie->adapter_idx, (uint8_t *) &cmd,
515 cmd.len, poll_ndef_system_code, cookie,
525 return t3_cookie_release(err, cookie);
528 static int nfctype3_read(uint32_t adapter_idx,
529 uint32_t target_idx, near_tag_io_cb cb)
531 struct type3_cmd cmd;
532 struct t3_cookie *cookie;
537 cmd.cmd = CMD_POLL; /* POLL command */
538 cmd.data[0] = 0xFF; /* System code */
540 cmd.data[2] = 01; /* request code */
541 cmd.data[3] = 0x00; /* time slot */
543 /* data len + 2 bytes */
544 cmd.len = LEN_CMD + LEN_CMD_LEN + 4;
546 cookie = g_try_malloc0(sizeof(struct t3_cookie));
550 cookie->adapter_idx = adapter_idx;
551 cookie->target_idx = target_idx;
554 return near_adapter_send(adapter_idx, (uint8_t *) &cmd, cmd.len,
555 receive_system_code, cookie,
559 static int update_attr_block_cb(uint8_t *resp, int length, void *data)
561 struct t3_cookie *cookie = data;
571 err = check_recv_frame(resp, RESP_WRITE_WO_ENCRYPT);
578 return t3_cookie_release(err, cookie);
581 static int update_attr_block(struct t3_cookie *cookie)
583 struct type3_cmd cmd;
589 cookie->attr[9] = 0x00; /* writing data completed */
590 cookie->attr[11] = (uint8_t) (cookie->ndef->length >> 16);
591 cookie->attr[12] = (uint8_t) (cookie->ndef->length >> 8);
592 cookie->attr[13] = (uint8_t) cookie->ndef->length;
595 for (i = 0; i < (BLOCK_SIZE - CHECKSUM_LEN); i++)
596 checksum += cookie->attr[i];
598 cookie->attr[14] = (uint8_t) (checksum >> 8);
599 cookie->attr[15] = (uint8_t) checksum;
601 prepare_write_block(cookie->IDm, &cmd, 0, cookie->attr);
603 return near_adapter_send(cookie->adapter_idx, (uint8_t *) &cmd, cmd.len,
604 update_attr_block_cb, cookie,
608 static int data_write_resp(uint8_t *resp, int length, void *data)
610 struct t3_cookie *cookie = data;
611 struct type3_cmd cmd;
612 uint8_t padding[BLOCK_SIZE] = {0};
622 err = check_recv_frame(resp, RESP_WRITE_WO_ENCRYPT);
626 if (cookie->ndef->offset >= cookie->ndef->length) {
627 err = update_attr_block(cookie);
634 if ((cookie->ndef->length - cookie->ndef->offset) <
636 memcpy(padding, cookie->ndef->data + cookie->ndef->offset,
637 cookie->ndef->length - cookie->ndef->offset);
638 prepare_write_block(cookie->IDm, &cmd,
639 cookie->current_block, padding);
641 prepare_write_block(cookie->IDm, &cmd, cookie->current_block,
642 cookie->ndef->data + cookie->ndef->offset);
645 cookie->current_block++;
646 cookie->ndef->offset += BLOCK_SIZE;
648 err = near_adapter_send(cookie->adapter_idx, (uint8_t *) &cmd, cmd.len,
649 data_write_resp, cookie, NULL);
656 return t3_cookie_release(err, cookie);
659 static int data_write(uint32_t adapter_idx, uint32_t target_idx,
660 struct near_ndef_message *ndef,
661 struct near_tag *tag,
664 struct t3_cookie *cookie;
665 struct type3_cmd cmd;
666 uint16_t checksum, nmaxb;
673 cookie = g_try_malloc0(sizeof(struct t3_cookie));
679 cb(adapter_idx, target_idx, err);
684 cookie->adapter_idx = adapter_idx;
685 cookie->target_idx = target_idx;
688 cookie->current_block = 0;
690 idm = near_tag_get_idm(tag, &len);
692 return t3_cookie_release(-EINVAL, cookie);
694 memcpy(cookie->IDm, idm, len);
696 attr = near_tag_get_attr_block(tag, &len);
698 return t3_cookie_release(-EINVAL, cookie);
700 memcpy(cookie->attr, attr, len);
701 nmaxb = (((uint16_t) (cookie->attr[3])) << 8) | cookie->attr[4];
703 if (cookie->ndef->length > (nmaxb * BLOCK_SIZE)) {
704 near_error("not enough space on tag");
706 return t3_cookie_release(-ENOSPC, cookie);
709 cookie->attr[9] = 0x0F; /* writing data in progress */
712 for (i = 0; i < 14; i++)
713 checksum += cookie->attr[i];
715 cookie->attr[14] = (uint8_t) (checksum >> 8);
716 cookie->attr[15] = (uint8_t) checksum;
718 prepare_write_block(cookie->IDm, &cmd, cookie->current_block,
720 cookie->current_block++;
722 return near_adapter_send(adapter_idx, (uint8_t *) &cmd, cmd.len,
723 data_write_resp, cookie,
727 static int nfctype3_write(uint32_t adapter_idx, uint32_t target_idx,
728 struct near_ndef_message *ndef,
731 struct near_tag *tag;
741 tag = near_tag_get_tag(adapter_idx, target_idx);
747 err = data_write(adapter_idx, target_idx, ndef, tag, cb);
751 cb(adapter_idx, target_idx, err);
756 static int check_presence(uint8_t *resp, int length, void *data)
758 struct t3_cookie *cookie = data;
761 DBG("length %d", length);
766 return t3_cookie_release(err, cookie);
769 static int nfctype3_check_presence(uint32_t adapter_idx,
770 uint32_t target_idx, near_tag_io_cb cb)
772 struct type3_cmd cmd;
773 struct t3_cookie *cookie;
778 cmd.cmd = CMD_POLL; /* POLL command */
779 cmd.data[0] = 0xFF; /* System code */
781 cmd.data[2] = 01; /* request code */
782 cmd.data[3] = 0x00; /* time slot */
784 /* data len + 2 bytes */
785 cmd.len = LEN_CMD + LEN_CMD_LEN + 4 ;
787 cookie = g_try_malloc0(sizeof(struct t3_cookie));
791 cookie->adapter_idx = adapter_idx;
792 cookie->target_idx = target_idx;
795 return near_adapter_send(adapter_idx, (uint8_t *) &cmd,
796 cmd.len, check_presence, cookie,
800 static int format_resp(uint8_t *resp, int length, void *data)
802 struct near_tag *tag;
803 struct t3_cookie *cookie = data;
813 err = check_recv_frame(resp, RESP_WRITE_WO_ENCRYPT);
817 tag = near_tag_get_tag(cookie->adapter_idx, cookie->target_idx);
823 near_tag_set_ro(tag, FALSE);
824 near_tag_set_idm(tag, cookie->IDm, LEN_ID);
825 near_tag_set_attr_block(tag, cookie->attr, BLOCK_SIZE);
826 near_tag_set_blank(tag, FALSE);
828 DBG("Formatting is done");
831 return t3_cookie_release(err, cookie);
834 static int write_attr_block(uint8_t *resp, int length , void *data)
836 struct type3_cmd cmd;
837 struct t3_cookie *cookie = data;
839 uint16_t checksum = 0;
841 DBG("length %d", length);
848 err = check_recv_frame(resp, RESP_WRITE_WO_ENCRYPT);
852 cookie->attr[0] = NDEF_MAPPING_VERSION;
853 cookie->attr[1] = MAX_READ_BLOCKS_PER_CHECK;
854 cookie->attr[2] = MAX_WRITE_BLOCKS_PER_UPDATE;
855 cookie->attr[3] = (uint8_t) (MAX_BLOCKS_FOR_NDEF_DATA >> 8);
856 cookie->attr[4] = (uint8_t) (MAX_BLOCKS_FOR_NDEF_DATA);
861 cookie->attr[9] = ATTR_BLOCK_WRITE_FLAG;
862 cookie->attr[10] = ATTR_BLOCK_RW_FLAG;
863 cookie->attr[11] = 0;
864 cookie->attr[12] = 0;
865 cookie->attr[13] = 0;
867 for (i = 0; i < (BLOCK_SIZE - CHECKSUM_LEN); i++)
868 checksum += cookie->attr[i];
870 cookie->attr[14] = (uint8_t) (checksum >> 8);
871 cookie->attr[15] = (uint8_t) checksum;
873 prepare_write_block(cookie->IDm, &cmd, META_BLOCK_START,
876 err = near_adapter_send(cookie->adapter_idx, (uint8_t *) &cmd,
877 cmd.len, format_resp, cookie, NULL);
884 return t3_cookie_release(err, cookie);
887 static int write_mc_block(uint8_t *resp, int length, void *data)
889 struct type3_cmd cmd;
890 struct t3_cookie *cookie = data;
893 DBG("length %d", length);
900 err = check_recv_frame(resp, RESP_READ_WO_ENCRYPT);
904 if (resp[OFS_READ_FLAG] != 0) {
905 DBG("Status 0x%x", resp[OFS_READ_FLAG]);
910 memcpy(cookie->mc_block, resp + 14, BLOCK_SIZE);
912 * By updating Byte3 to 01h means making Felica Lite
913 * compatible with NDEF.
915 cookie->mc_block[3] = 1;
916 prepare_write_block(cookie->IDm, &cmd, FELICA_LITE_MC_BLOCK,
918 err = near_adapter_send(cookie->adapter_idx, (uint8_t *) &cmd,
919 cmd.len, write_attr_block, cookie, NULL);
926 return t3_cookie_release(err, cookie);
929 static int nfctype3_format(uint32_t adapter_idx,
930 uint32_t target_idx, near_tag_io_cb cb)
932 struct type3_cmd cmd;
933 struct near_tag *tag;
934 struct t3_cookie *cookie;
940 tag = near_tag_get_tag(adapter_idx, target_idx);
944 ic_type = near_tag_get_ic_type(tag);
945 if (ic_type != FELICA_LITE_IC_TYPE)
948 cookie = g_try_malloc0(sizeof(struct t3_cookie));
952 cookie->adapter_idx = adapter_idx;
953 cookie->target_idx = target_idx;
955 cookie->ic_type = ic_type;
957 idm = near_tag_get_idm(tag, &len);
959 return t3_cookie_release(-EINVAL, cookie);
961 memcpy(cookie->IDm, idm, len);
963 prepare_read_block(FELICA_LITE_MC_BLOCK, cookie->IDm, &cmd);
965 return near_adapter_send(cookie->adapter_idx, (uint8_t *) &cmd, cmd.len,
966 write_mc_block, cookie,
971 static struct near_tag_driver type1_driver = {
972 .type = NFC_PROTO_FELICA,
973 .priority = NEAR_TAG_PRIORITY_DEFAULT,
974 .read = nfctype3_read,
975 .write = nfctype3_write,
976 .format = nfctype3_format,
977 .check_presence = nfctype3_check_presence,
980 static int nfctype3_init(void)
984 return near_tag_driver_register(&type1_driver);
987 static void nfctype3_exit(void)
991 near_tag_driver_unregister(&type1_driver);
994 NEAR_PLUGIN_DEFINE(nfctype3, "NFC Forum Type 3 tags support", VERSION,
995 NEAR_PLUGIN_PRIORITY_HIGH, nfctype3_init, nfctype3_exit)