3 * neard - Near Field Communication manager
5 * Copyright (C) 2011 Intel Corporation. All rights reserved.
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License version 2 as
9 * published by the Free Software Foundation.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
31 #include <sys/socket.h>
33 #include <linux/socket.h>
35 #include <near/nfc_copy.h>
36 #include <near/plugin.h>
38 #include <near/types.h>
39 #include <near/adapter.h>
41 #include <near/ndef.h>
44 #define ARRAY_SIZE(a) (sizeof(a) / sizeof(a[0]))
47 #define NFC_STATUS_BYTE_LEN 1
49 #define STATUS_WORD_1 1
50 #define STATUS_WORD_2 2
51 #define APDU_HEADER_LEN 5
52 #define APDU_OK 0x9000
53 #define APDU_NOT_FOUND 0x6A82
55 /* PICC Level Commands */
56 #define PICC_CLASS 0x90
57 #define GET_VERSION 0x60
58 #define CREATE_APPLICATION 0xCA
59 #define SELECT_APPLICATION 0x5A
60 #define CREATE_STD_DATA_FILE 0xCD
61 #define WRITE_DATA_TO_FILE 0x3D
63 #define DESFire_EV1_MAJOR_VERSION 0x01
64 #define PICC_LEVEL_APDU_OK 0x9100
65 #define GET_VERSION_FRAME_RESPONSE_BYTE 0xAF
66 #define DESFIRE_KEY_SETTINGS 0x0F
67 #define DESFIRE_NUM_OF_KEYS 0x21
68 #define DESFIRE_CC_FILE_NUM 0x01
69 #define DESFIRE_NDEF_FILE_NUM 0x02
70 #define DESFIRE_COMMSET 0x00
71 #define MAPPING_VERSION 0x20
72 #define FREE_READ_ACCESS 0x00
73 #define FREE_WRITE_ACCESS 0x00
75 #define T4_ALL_ACCESS 0x00
76 #define T4_READ_ONLY 0xFF
78 #define APDU_STATUS(a) near_get_be16(a)
80 /* Tag Type 4 version ID */
81 static uint8_t iso_appname_v1[] = { 0xd2, 0x76, 0x0, 0x0, 0x85, 0x01, 0x0 };
82 static uint8_t iso_appname_v2[] = { 0xd2, 0x76, 0x0, 0x0, 0x85, 0x01, 0x1 };
85 static uint8_t iso_cc_fileid[] = { 0xe1, 0x03 };
86 #define LEN_ISO_CC_FILEID 2
88 #define LEN_ISO_CC_READ_SIZE 0x0F
90 #define CMD_HEADER_SIZE 5
91 struct type4_cmd { /* iso 7816 */
98 } __attribute__((packed));
100 struct type4_NDEF_file_control_tlv {
101 uint8_t tag ; /* should be 4 */
102 uint8_t len ; /* should be 6 */
104 uint16_t max_ndef_size ;
105 uint8_t read_access ;
106 uint8_t write_access ;
107 } __attribute__((packed));
109 struct type4_cc { /* Capability Container */
111 uint8_t mapping_version;
112 uint16_t max_R_apdu_data_size;
113 uint16_t max_C_apdu_data_size;
114 struct type4_NDEF_file_control_tlv tlv_fc ;
115 uint8_t tlv_blocks[];
116 } __attribute__((packed));
120 uint8_t key_settings;
121 uint8_t number_of_keys;
123 uint8_t iso_appname[7];
124 } __attribute__((packed));
126 struct desfire_std_file {
130 uint8_t access_rights[2];
132 } __attribute__((packed));
134 struct desfire_cc_file {
143 uint8_t ndef_size[2];
145 uint8_t write_access;
146 } __attribute__((packed));
149 uint32_t adapter_idx;
152 struct near_tag *tag;
154 uint16_t r_apdu_max_size;
155 uint16_t c_apdu_max_size;
156 uint16_t max_ndef_size;
157 uint8_t write_access;
158 struct near_ndef_message *ndef;
159 uint16_t memory_size;
162 static int t4_cookie_release(int err, void *data)
164 struct t4_cookie *cookie = data;
171 if (err < 0 && cookie->cb)
172 cookie->cb(cookie->adapter_idx, cookie->target_idx, err);
175 g_free(cookie->ndef->data);
177 g_free(cookie->ndef);
183 /* ISO functions: This code prepares APDU */
184 static int ISO_send_cmd(uint8_t class,
189 uint8_t cmd_data_length,
194 struct type4_cmd *cmd;
195 struct t4_cookie *in_rcv = in_data;
196 uint8_t total_cmd_length;
199 DBG("CLA-%02x INS-%02x P1-%02x P2-%02x",
200 class, instruction, param1, param2);
204 total_cmd_length = APDU_HEADER_LEN + cmd_data_length;
206 total_cmd_length = APDU_HEADER_LEN;
207 } else { /* Extra byte for Le */
208 total_cmd_length = APDU_HEADER_LEN + cmd_data_length + 1;
211 cmd = g_try_malloc0(total_cmd_length);
213 DBG("Mem alloc failed");
219 cmd->instruction = instruction ;
220 cmd->param1 = param1 ;
221 cmd->param2 = param2 ;
222 cmd->data_length = cmd_data_length;
225 memcpy(cmd->data, cmd_data, cmd_data_length);
226 /* The Le byte set to 0x00 defined that any length
227 * of PICC response is allowed */
229 cmd->data[cmd_data_length] = 0;
232 return near_adapter_send(in_rcv->adapter_idx, (uint8_t *) cmd,
233 total_cmd_length, cb, in_rcv,
237 /* On exit, clean memory */
243 /* ISO 7816 command: Select applications or files
244 * p1=0 select by "file id"
245 * P1=4 select by "DF name"
247 static int ISO_Select(uint8_t *filename, uint8_t fnamelen, uint8_t P1,
248 near_recv cb, void *cookie)
254 0xA4, /* INS: Select file */
255 P1, /* P1: select by name */
256 0x00, /* P2: First or only occurrence */
257 filename, /* cmd_data */
258 fnamelen, /* uint8_t cmd_data_length*/
264 /* ISO 7816 command: Read binary data from files */
265 static int ISO_ReadBinary(uint16_t offset, uint8_t readsize,
266 near_recv cb, void *cookie)
271 0xB0, /* INS: Select file */
272 (uint8_t) ((offset & 0xFF00) >> 8),
273 (uint8_t) (offset & 0xFF),
274 0, /* no data send */
275 readsize, /* bytes to read */
281 /* ISO 7816 command: Update data */
282 static int ISO_Update(uint16_t offset, uint8_t nlen,
283 uint8_t *data, near_recv cb, void *cookie)
288 0xD6, /* INS: Select file */
289 (uint8_t) ((offset & 0xFF00) >> 8),
290 (uint8_t) (offset & 0xFF),
291 data, /* length of NDEF data */
292 nlen, /* NLEN + NDEF data */
298 static int data_read_cb(uint8_t *resp, int length, void *data)
300 struct t4_cookie *cookie = data ;
302 size_t data_length, length_read, current_length;
303 uint16_t remain_bytes;
308 return t4_cookie_release(length, cookie);
310 if (APDU_STATUS(resp + length - 2) != APDU_OK) {
311 DBG("Fail read_cb SW:x%04x", APDU_STATUS(resp + length - 2));
313 return t4_cookie_release(-EIO, cookie);
316 nfc_data = near_tag_get_data(cookie->tag, &data_length);
318 /* Remove SW1 / SW2 and NFC header */
319 length_read = length - NFC_HEADER_SIZE - 2 ;
320 length = length_read;
322 current_length = cookie->read_data;
324 if (current_length + (length_read) > data_length)
325 length_read = data_length - current_length;
327 memcpy(nfc_data + current_length, resp + NFC_HEADER_SIZE, length_read);
328 if (current_length + length_read == data_length) {
333 records = near_ndef_parse_msg(nfc_data, data_length, NULL);
334 near_tag_add_records(cookie->tag, records, cookie->cb, 0);
336 return t4_cookie_release(0, cookie);
339 cookie->read_data += length ;
340 remain_bytes = (data_length - cookie->read_data);
342 if (remain_bytes >= cookie->r_apdu_max_size)
343 return ISO_ReadBinary(cookie->read_data + 2,
344 cookie->r_apdu_max_size, data_read_cb, cookie);
346 return ISO_ReadBinary(cookie->read_data + 2,
347 (uint8_t) remain_bytes, data_read_cb, cookie);
350 static int t4_readbin_NDEF_ID(uint8_t *resp, int length, void *data)
352 struct t4_cookie *cookie = data;
353 struct near_tag *tag;
359 return t4_cookie_release(length, cookie);
361 if (APDU_STATUS(resp + length - 2) != APDU_OK) {
362 DBG("Fail SW:x%04x", APDU_STATUS(resp + length - 2));
364 return t4_cookie_release(-EIO, cookie);
367 /* Add data to the tag */
368 err = near_tag_add_data(cookie->adapter_idx, cookie->target_idx, NULL,
369 near_get_be16(resp + NFC_STATUS_BYTE_LEN));
371 return t4_cookie_release(err, cookie);
373 tag = near_tag_get_tag(cookie->adapter_idx, cookie->target_idx);
375 return t4_cookie_release(-ENOMEM, cookie);
377 near_tag_set_max_ndef_size(tag, cookie->max_ndef_size);
378 near_tag_set_c_apdu_max_size(tag, cookie->c_apdu_max_size);
379 near_tag_set_blank(tag, FALSE);
384 /* Set write conditions */
385 if (cookie->write_access == T4_READ_ONLY)
386 near_tag_set_ro(tag, TRUE);
388 near_tag_set_ro(tag, FALSE);
391 * TODO: see how we can get the UID value:
392 * near_tag_set_uid(tag, resp + NFC_HEADER_SIZE, 8);
396 return ISO_ReadBinary(2, cookie->r_apdu_max_size - 2,
397 data_read_cb, cookie);
400 static int t4_select_NDEF_ID(uint8_t *resp, int length, void *data)
402 struct t4_cookie *cookie = data;
407 return t4_cookie_release(length, cookie);
409 /* Check for APDU error */
410 if (APDU_STATUS(resp + STATUS_WORD_1) != APDU_OK) {
411 DBG("Fail SW:x%04x", APDU_STATUS(resp + STATUS_WORD_1));
413 return t4_cookie_release(-EIO, cookie);
416 /* Read 0x0f bytes, to grab the NDEF msg length */
417 return ISO_ReadBinary(0, LEN_ISO_CC_READ_SIZE,
418 t4_readbin_NDEF_ID, cookie);
421 static int t4_readbin_cc(uint8_t *resp, int length, void *data)
423 struct t4_cookie *cookie = data;
424 struct type4_cc *read_cc = (struct type4_cc *)&resp[1];
429 return t4_cookie_release(length, cookie);
431 /* Check APDU error ( the two last bytes of the resp) */
432 if (APDU_STATUS(resp + length - 2) != APDU_OK) {
433 DBG("Fail SW:x%04x", APDU_STATUS(resp + length - 2));
435 return t4_cookie_release(-EIO, cookie);
438 cookie->r_apdu_max_size = g_ntohs(read_cc->max_R_apdu_data_size) -
440 cookie->c_apdu_max_size = g_ntohs(read_cc->max_C_apdu_data_size);
441 cookie->max_ndef_size = g_ntohs(read_cc->tlv_fc.max_ndef_size);
443 /* TODO 5.1.1: TLV blocks can be zero, one or more... */
444 /* TODO 5.1.2: Must ignore proprietary blocks (x05)... */
445 if (read_cc->tlv_fc.tag != 0x4) {
446 DBG("NDEF File Control tag not found");
448 return t4_cookie_release(-EINVAL, cookie);
451 /* save rw conditions */
452 cookie->write_access = read_cc->tlv_fc.write_access;
454 return ISO_Select((uint8_t *) &read_cc->tlv_fc.file_id,
455 LEN_ISO_CC_FILEID, 0, t4_select_NDEF_ID, cookie);
458 static int t4_select_cc(uint8_t *resp, int length, void *data)
460 struct t4_cookie *cookie = data;
466 return t4_cookie_release(length, cookie);
468 /* Check for APDU error */
469 if (APDU_STATUS(resp + STATUS_WORD_1) != APDU_OK) {
471 DBG(" Found empty tag");
472 /* Add data to the tag */
473 err = near_tag_add_data(cookie->adapter_idx, cookie->target_idx,
474 NULL, 1 /* dummy length */);
476 return t4_cookie_release(err, cookie);
478 cookie->tag = near_tag_get_tag(cookie->adapter_idx,
481 return t4_cookie_release(-ENOMEM, cookie);
483 near_tag_set_blank(cookie->tag, TRUE);
486 cookie->cb(cookie->adapter_idx, cookie->target_idx, 0);
488 return t4_cookie_release(0, cookie);
491 return ISO_ReadBinary(0, LEN_ISO_CC_READ_SIZE, t4_readbin_cc, cookie);
494 static int t4_select_file_by_name_v1(uint8_t *resp, int length, void *data)
496 struct t4_cookie *cookie = data;
501 return t4_cookie_release(length, cookie);
503 /* Check for APDU error */
504 if (APDU_STATUS(resp + STATUS_WORD_1) != APDU_OK) {
505 DBG("V1 Fail SW:x%04x", APDU_STATUS(resp + STATUS_WORD_1));
507 return t4_cookie_release(-EIO, cookie);
510 if (resp[NFC_STATUS] != 0)
511 return t4_cookie_release(-EIO, cookie);
513 /* Jump to select phase */
514 return ISO_Select(iso_cc_fileid, LEN_ISO_CC_FILEID, 0,
515 t4_select_cc, cookie);
518 static int t4_select_file_by_name_v2(uint8_t *resp, int length, void *data)
520 struct t4_cookie *cookie = data;
525 return t4_cookie_release(length, cookie);
527 /* Check for APDU error - Not found */
528 if (APDU_STATUS(resp + STATUS_WORD_1) == APDU_NOT_FOUND) {
529 DBG("Fallback to V1");
531 return ISO_Select(iso_appname_v1, ARRAY_SIZE(iso_appname_v1),
532 0x4, t4_select_file_by_name_v1, cookie);
535 if (APDU_STATUS(resp + STATUS_WORD_1) != APDU_OK) {
536 DBG("V2 Fail SW:x%04x", APDU_STATUS(resp + STATUS_WORD_1));
538 return t4_cookie_release(-EIO, cookie);
541 if (resp[NFC_STATUS] != 0)
542 return t4_cookie_release(-EIO, cookie);
544 /* Jump to select phase */
545 return ISO_Select(iso_cc_fileid, LEN_ISO_CC_FILEID, 0, t4_select_cc,
549 static int nfctype4_read(uint32_t adapter_idx,
550 uint32_t target_idx, near_tag_io_cb cb)
552 struct t4_cookie *cookie;
556 cookie = g_try_malloc0(sizeof(struct t4_cookie));
560 cookie->adapter_idx = adapter_idx;
561 cookie->target_idx = target_idx;
564 cookie->read_data = 0;
566 /* Check for V2 type 4 tag */
567 return ISO_Select(iso_appname_v2, ARRAY_SIZE(iso_appname_v2),
568 0x4, t4_select_file_by_name_v2, cookie);
571 static int data_write_cb(uint8_t *resp, int length, void *data)
573 struct t4_cookie *cookie = data;
579 return t4_cookie_release(length, cookie);
581 if (APDU_STATUS(resp + length - 2) != APDU_OK) {
582 near_error("write failed SWx%04x",
583 APDU_STATUS(resp + length - 2));
585 return t4_cookie_release(-EIO, cookie);
588 if (cookie->ndef->offset >= cookie->ndef->length) {
592 cookie->cb(cookie->adapter_idx, cookie->target_idx, 0);
594 return t4_cookie_release(0, cookie);
597 if ((cookie->ndef->length - cookie->ndef->offset) >
598 cookie->c_apdu_max_size) {
599 err = ISO_Update(cookie->ndef->offset,
600 cookie->c_apdu_max_size,
601 cookie->ndef->data + cookie->ndef->offset,
602 data_write_cb, cookie);
603 cookie->ndef->offset += cookie->c_apdu_max_size;
605 err = ISO_Update(cookie->ndef->offset,
606 cookie->ndef->length - cookie->ndef->offset,
607 cookie->ndef->data + cookie->ndef->offset,
608 data_write_cb, cookie);
609 cookie->ndef->offset = cookie->ndef->length;
613 return t4_cookie_release(err, cookie);
618 static int data_write(uint32_t adapter_idx, uint32_t target_idx,
619 struct near_ndef_message *ndef,
620 struct near_tag *tag, near_tag_io_cb cb)
622 struct t4_cookie *cookie;
625 cookie = g_try_malloc0(sizeof(struct t4_cookie));
631 cb(adapter_idx, target_idx, err);
636 cookie->adapter_idx = adapter_idx;
637 cookie->target_idx = target_idx;
640 cookie->read_data = 0;
641 cookie->max_ndef_size = near_tag_get_max_ndef_size(tag);
642 cookie->c_apdu_max_size = near_tag_get_c_apdu_max_size(tag);
645 if (cookie->max_ndef_size < cookie->ndef->length) {
646 near_error("not enough space on tag to write data");
648 return t4_cookie_release(-ENOMEM, cookie);
651 if ((cookie->ndef->length - cookie->ndef->offset) >
652 cookie->c_apdu_max_size) {
653 err = ISO_Update(cookie->ndef->offset,
654 cookie->c_apdu_max_size,
656 data_write_cb, cookie);
657 cookie->ndef->offset += cookie->c_apdu_max_size;
659 err = ISO_Update(cookie->ndef->offset,
660 cookie->ndef->length,
662 data_write_cb, cookie);
663 cookie->ndef->offset = cookie->ndef->length;
672 return t4_cookie_release(err, cookie);
675 static int nfctype4_write(uint32_t adapter_idx, uint32_t target_idx,
676 struct near_ndef_message *ndef, near_tag_io_cb cb)
678 struct near_tag *tag;
688 tag = near_tag_get_tag(adapter_idx, target_idx);
694 err = data_write(adapter_idx, target_idx, ndef, tag, cb);
698 cb(adapter_idx, target_idx, err);
703 static int check_presence(uint8_t *resp, int length, void *data)
705 struct t4_cookie *cookie = data;
714 cookie->cb(cookie->adapter_idx,
715 cookie->target_idx, err);
717 return t4_cookie_release(err, cookie);
720 static int nfctype4_check_presence(uint32_t adapter_idx,
721 uint32_t target_idx, near_tag_io_cb cb)
723 struct t4_cookie *cookie;
727 cookie = g_try_malloc0(sizeof(struct t4_cookie));
731 cookie->adapter_idx = adapter_idx;
732 cookie->target_idx = target_idx;
735 cookie->read_data = 0;
737 /* Check for V2 type 4 tag */
738 return ISO_Select(iso_appname_v2, ARRAY_SIZE(iso_appname_v2),
739 0x4, check_presence, cookie);
742 static int select_ndef_file(uint8_t *resp, int length, void *data)
744 struct t4_cookie *cookie = data;
749 return t4_cookie_release(length, cookie);
751 if (APDU_STATUS(resp + STATUS_WORD_1) != APDU_OK) {
752 near_error("select ndef file resp failed %02X",
755 return t4_cookie_release(-EIO, cookie);
758 DBG("ndef file selected");
761 cookie->cb(cookie->adapter_idx, cookie->target_idx, 0);
763 return t4_cookie_release(0, cookie);
766 static int read_cc_file(uint8_t *resp, int length, void *data)
768 struct t4_cookie *cookie = data;
769 struct near_tag *tag;
770 struct type4_cc *read_cc = NULL;
780 /* Check APDU error ( the two last bytes of the resp) */
781 if (APDU_STATUS(resp + length - 2) != APDU_OK) {
782 near_error("read cc failed SWx%04x",
783 APDU_STATUS(resp + length - 2));
788 /* -2 for status word and -1 is for NFC first byte... */
789 read_cc = g_try_malloc0(length - 2 - NFC_STATUS_BYTE_LEN);
795 memcpy(read_cc, &resp[1], length - 2 - NFC_STATUS_BYTE_LEN) ;
796 cookie->c_apdu_max_size = g_ntohs(read_cc->max_C_apdu_data_size);
797 cookie->max_ndef_size = g_ntohs(read_cc->tlv_fc.max_ndef_size);
799 tag = near_tag_get_tag(cookie->adapter_idx, cookie->target_idx);
805 near_tag_set_max_ndef_size(tag, cookie->memory_size);
806 near_tag_set_c_apdu_max_size(tag, cookie->c_apdu_max_size);
808 if (read_cc->tlv_fc.tag != 0x4) {
809 near_error("NDEF File not found") ;
814 err = ISO_Select((uint8_t *)&read_cc->tlv_fc.file_id,
815 LEN_ISO_CC_FILEID, 0, select_ndef_file, cookie);
817 near_error("select ndef file req failed %d", err);
826 return t4_cookie_release(err, cookie);
829 static int select_cc_file(uint8_t *resp, int length, void *data)
832 struct t4_cookie *cookie = data;
835 near_error("CC file select resp failed %d", length);
837 return t4_cookie_release(length, cookie);
840 if (APDU_STATUS(resp + STATUS_WORD_1) != APDU_OK) {
841 near_error("CC file select response %02X",
844 return t4_cookie_release(-EIO, cookie);
847 err = ISO_ReadBinary(0, LEN_ISO_CC_READ_SIZE, read_cc_file, cookie);
849 near_error("read cc file req failed %d", err);
856 return t4_cookie_release(err, cookie);
859 static int select_iso_appname_v2(uint8_t *resp, int length, void *data)
862 struct t4_cookie *cookie = data;
865 near_error("iso app select resp failed %d", length);
867 return t4_cookie_release(length, cookie);
870 if (resp[NFC_STATUS] != 0x00) {
871 near_error("iso app select response %02X",
874 return t4_cookie_release(-EIO, cookie);
877 err = ISO_Select(iso_cc_fileid, LEN_ISO_CC_FILEID, 0,
878 select_cc_file, cookie);
880 near_error("select cc req failed %d", err);
887 return t4_cookie_release(err, cookie);
890 static int format_resp(uint8_t *resp, int length, void *data)
893 struct t4_cookie *cookie = data;
894 struct near_tag *tag;
899 near_error("write data to ndef file resp failed %d", length);
901 return t4_cookie_release(length, cookie);
904 if (APDU_STATUS(resp + 1) != PICC_LEVEL_APDU_OK) {
905 near_error("wrtie data to ndef file response %02X",
908 return t4_cookie_release(-EIO, cookie);
911 tag = near_tag_get_tag(cookie->adapter_idx, cookie->target_idx);
913 return t4_cookie_release(-EINVAL, cookie);
915 DBG("Formatting is done");
916 near_tag_set_blank(tag, FALSE);
919 * 1) Till now all commands which are used for formatting are
920 * at mifare desfire level. Now select iso appname_v2,
921 * cc file and ndef file with ISO 7816-4 commands.
922 * 2) Selecting ndef file means making sure that read write
923 * operations will perform on NDEF file.
925 err = ISO_Select(iso_appname_v2, ARRAY_SIZE(iso_appname_v2),
926 0x4, select_iso_appname_v2, cookie);
928 near_error("iso_select appnamev2 req failed %d", err);
935 return t4_cookie_release(err, cookie);
938 static int write_data_to_ndef_file(uint8_t *resp, int length, void *data)
941 struct t4_cookie *cookie = data;
942 uint8_t *cmd_data = NULL;
943 uint8_t cmd_data_length;
944 uint8_t ndef_file_offset[] = {0x00, 0x00, 0x00};
945 uint8_t empty_ndef_file_len[] = {0x02, 0x00, 0x00}; /* 000002h */
946 uint8_t ndef_nlen[] = {0x00, 0x00}; /* 0000h */
951 near_error("create ndef file resp failed %d", length);
956 if (APDU_STATUS(resp + 1) != PICC_LEVEL_APDU_OK) {
957 near_error("create ndef file response %02X",
963 /* Step8 : Write data to NDEF file ( no NDEF message) */
964 cmd_data_length = 1 /* File num */
965 + ARRAY_SIZE(ndef_file_offset)
966 + ARRAY_SIZE(empty_ndef_file_len)
967 + ARRAY_SIZE(ndef_nlen);
969 cmd_data = g_try_malloc0(cmd_data_length);
975 cmd_data[0] = DESFIRE_NDEF_FILE_NUM;
976 memcpy(cmd_data + 1, ndef_file_offset, ARRAY_SIZE(ndef_file_offset));
977 memcpy(cmd_data + 4, empty_ndef_file_len,
978 ARRAY_SIZE(empty_ndef_file_len));
979 memcpy(cmd_data + 7, ndef_nlen, ARRAY_SIZE(ndef_nlen));
981 err = ISO_send_cmd(PICC_CLASS, WRITE_DATA_TO_FILE,
982 0x00, 0x00, cmd_data, cmd_data_length,
983 true, format_resp, cookie);
985 near_error("wrtie data to ndef file req failed %d", err);
994 return t4_cookie_release(err, cookie);
997 static int create_ndef_file(uint8_t *resp, int length, void *data)
1000 struct t4_cookie *cookie = data;
1001 struct desfire_std_file *ndef = NULL;
1002 uint8_t iso_ndef_file_id[] = {0x04, 0xE1}; /* E104h */
1003 uint8_t ndef_file_access_rights[] = {0xE0, 0xEE}; /* EEE0h */
1008 near_error("write data to cc file resp failed %d", length);
1013 if (APDU_STATUS(resp + 1) != PICC_LEVEL_APDU_OK) {
1014 near_error("write data to cc file response %02X",
1020 ndef = g_try_malloc0(sizeof(struct desfire_std_file));
1026 ndef->file_num = DESFIRE_NDEF_FILE_NUM;
1027 memcpy(ndef->file_id, iso_ndef_file_id, ARRAY_SIZE(iso_ndef_file_id));
1028 ndef->comm_set = DESFIRE_COMMSET;
1029 memcpy(ndef->access_rights, ndef_file_access_rights,
1030 ARRAY_SIZE(ndef_file_access_rights));
1032 ndef->size[1] = (uint8_t) (cookie->memory_size >> 8);
1033 ndef->size[2] = (uint8_t) cookie->memory_size;
1035 err = ISO_send_cmd(PICC_CLASS, CREATE_STD_DATA_FILE,
1036 0x00, 0x00, (uint8_t *)ndef,
1037 sizeof(struct desfire_std_file),
1038 true, write_data_to_ndef_file, cookie);
1040 near_error("create ndef file req failed %d", err);
1049 return t4_cookie_release(err, cookie);
1052 static int write_data_to_cc_file(uint8_t *resp, int length, void *data)
1055 struct t4_cookie *cookie = data;
1056 struct desfire_cc_file *cc = NULL;
1057 uint8_t cc_file_offset[] = {0x00, 0x00, 0x00};
1058 uint8_t cc_file_max_len[] = {0x0F, 0x00, 0x00}; /* 00000Fh */
1059 uint8_t cc_len[] = {0x00, 0x0F}; /* 000Fh*/
1060 uint8_t mle_r_apdu[] = {0x00, 0x3B}; /* 003Bh */
1061 uint8_t mlc_c_apdu[] = {0x00, 0x34}; /* 0034h */
1062 /* T: 04, L: 06: V: E104h (NDEF ISO FID = E104h)*/
1063 uint8_t ndef_tlv[] = {0x04, 0x06, 0xE1, 0x04};
1069 near_error("create cc file resp failed %d", length);
1074 if (APDU_STATUS(resp + 1) != PICC_LEVEL_APDU_OK) {
1075 near_error("create cc file response %02X",
1081 cc = g_try_malloc0(sizeof(struct desfire_cc_file));
1087 cc->file_num = DESFIRE_CC_FILE_NUM;
1088 memcpy(cc->offset, cc_file_offset, ARRAY_SIZE(cc_file_offset));
1089 memcpy(cc->max_len, cc_file_max_len, ARRAY_SIZE(cc_file_max_len));
1090 memcpy(cc->cc_len, cc_len, ARRAY_SIZE(cc_len));
1091 cc->version = MAPPING_VERSION;
1092 memcpy(cc->mle, mle_r_apdu, ARRAY_SIZE(mle_r_apdu));
1093 memcpy(cc->mlc, mlc_c_apdu, ARRAY_SIZE(mlc_c_apdu));
1094 memcpy(cc->ndef_tlv, ndef_tlv, ARRAY_SIZE(ndef_tlv));
1095 cc->ndef_size[0] = (uint8_t) (cookie->memory_size >> 8);
1096 cc->ndef_size[1] = (uint8_t) cookie->memory_size;
1097 cc->read_access = FREE_READ_ACCESS;
1098 cc->write_access = FREE_WRITE_ACCESS;
1100 err = ISO_send_cmd(PICC_CLASS, WRITE_DATA_TO_FILE,
1101 0x00, 0x00, (uint8_t *)cc,
1102 sizeof(struct desfire_cc_file),
1103 true, create_ndef_file, cookie);
1105 near_error("write data to cc file req failed %d", err);
1114 return t4_cookie_release(err, cookie);
1117 static int create_cc_file(uint8_t *resp, int length, void *data)
1120 struct t4_cookie *cookie = data;
1121 struct desfire_std_file *cc = NULL;
1122 uint8_t iso_cc_file_id[] = {0x03, 0xe1}; /* E103h */
1123 uint8_t cc_file_access_rights[] = {0xE0, 0xEE}; /* EEE0h */
1124 uint8_t cc_file_max_len[] = {0x0F, 0x00, 0x00}; /* 00000Fh */
1129 near_error("select application1 resp failed %d", length);
1134 if (APDU_STATUS(resp + 1) != PICC_LEVEL_APDU_OK) {
1135 near_error("select application1 response %02X",
1141 cc = g_try_malloc0(sizeof(struct desfire_std_file));
1147 cc->file_num = DESFIRE_CC_FILE_NUM;
1148 memcpy(cc->file_id, iso_cc_file_id, ARRAY_SIZE(iso_cc_file_id));
1149 cc->comm_set = DESFIRE_COMMSET;
1150 memcpy(cc->access_rights, cc_file_access_rights,
1151 ARRAY_SIZE(cc_file_access_rights));
1152 memcpy(cc->size, cc_file_max_len, ARRAY_SIZE(cc_file_max_len));
1154 err = ISO_send_cmd(PICC_CLASS,
1155 CREATE_STD_DATA_FILE,
1156 0x00, 0x00, (uint8_t *)cc,
1157 sizeof(struct desfire_std_file),
1158 true, write_data_to_cc_file, cookie);
1160 near_error("create cc file req failed %d", err);
1169 return t4_cookie_release(err, cookie);
1172 static int select_application_1(uint8_t *resp, int length, void *data)
1175 struct t4_cookie *cookie = data;
1176 uint8_t *cmd_data = NULL;
1177 uint8_t cmd_data_length;
1178 uint8_t desfire_aid_1[] = {0x01, 0x00, 0x00}; /* 000001h */
1183 near_error("create application resp failed %d", length);
1188 if (APDU_STATUS(resp + 1) != PICC_LEVEL_APDU_OK) {
1189 near_error("create application response %02X",
1195 /* Step4 : Select application (which is created just now) */
1196 cmd_data_length = ARRAY_SIZE(desfire_aid_1);
1197 cmd_data = g_try_malloc0(cmd_data_length);
1203 memcpy(cmd_data, desfire_aid_1, cmd_data_length);
1204 err = ISO_send_cmd(PICC_CLASS, SELECT_APPLICATION,
1205 0x00, 0x00, cmd_data, cmd_data_length,
1206 true, create_cc_file, cookie);
1208 near_error("select application1 req failed %d", err);
1217 return t4_cookie_release(err, cookie);
1220 static int create_application(uint8_t *resp, int length, void *data)
1223 struct t4_cookie *cookie = data;
1224 uint8_t desfire_aid_1[] = {0x01, 0x00, 0x00}; /* 000001h */
1225 uint8_t desfire_file_id[] = {0x10, 0xE1}; /* E110h */
1226 struct desfire_app *app = NULL;
1231 near_error("select application resp failed %d", length);
1236 if (APDU_STATUS(resp + 1) != PICC_LEVEL_APDU_OK) {
1237 near_error("select application response %02X",
1243 app = g_try_malloc0(sizeof(struct desfire_app));
1249 memcpy(app->aid, desfire_aid_1, ARRAY_SIZE(desfire_aid_1));
1250 app->key_settings = DESFIRE_KEY_SETTINGS;
1251 app->number_of_keys = DESFIRE_NUM_OF_KEYS;
1252 memcpy(app->file_id, desfire_file_id, ARRAY_SIZE(desfire_file_id));
1253 memcpy(app->iso_appname, iso_appname_v2, ARRAY_SIZE(iso_appname_v2));
1255 /* Step3 : Create Application */
1256 err = ISO_send_cmd(PICC_CLASS, CREATE_APPLICATION,
1257 0x00, 0x00, (uint8_t *)app,
1258 sizeof(struct desfire_app),
1259 true, select_application_1, cookie);
1261 near_error("create application req failed %d", err);
1270 return t4_cookie_release(err, cookie);
1273 static int select_application(uint8_t *resp, int length, void *data)
1276 struct t4_cookie *cookie = data;
1277 uint8_t *cmd_data = NULL;
1278 uint8_t cmd_data_length;
1279 uint8_t desfire_aid[] = {0x00, 0x00, 0x00}; /* 000000h */
1284 near_error("get version3 resp failed %d", length);
1289 if (resp[length - 1] != 0x00) {
1290 near_error("get version3 response %02X",
1297 cmd_data_length = ARRAY_SIZE(desfire_aid);
1298 cmd_data = g_try_malloc0(cmd_data_length);
1304 memcpy(cmd_data, desfire_aid, cmd_data_length);
1305 /* Step2 : Select Application */
1306 err = ISO_send_cmd(PICC_CLASS,
1308 0x00, 0x00, cmd_data, cmd_data_length,
1309 true, create_application, cookie);
1311 near_error("select application req failed %d", err);
1320 return t4_cookie_release(err, cookie);
1323 static int get_version_frame3(uint8_t *resp, int length, void *data)
1326 struct t4_cookie *cookie = data;
1331 near_error("get version2 resp failed %d", length);
1333 return t4_cookie_release(length, cookie);
1336 if (resp[4] == 0x01 /* Major Version */
1337 && resp[length - 1] == GET_VERSION_FRAME_RESPONSE_BYTE) {
1339 err = ISO_send_cmd(PICC_CLASS,
1340 GET_VERSION_FRAME_RESPONSE_BYTE,
1341 0x00, 0x00, NULL, 0, false,
1342 select_application, cookie);
1344 near_error("get version3 req failed %d", err);
1346 return t4_cookie_release(err, cookie);
1349 near_error("get version2 response %02X", resp[length - 1]);
1351 return t4_cookie_release(-EIO, cookie);
1357 static int get_version_frame2(uint8_t *resp, int length, void *data)
1360 struct t4_cookie *cookie = data;
1365 near_error(" get version resp failed %d", length);
1367 return t4_cookie_release(length, cookie);
1370 if (resp[4] == 0x01 /* Major Version */
1371 && resp[length - 1] == GET_VERSION_FRAME_RESPONSE_BYTE) {
1374 * When N is the GET_VERSION response 6th byte,
1375 * the DESFire tag memory size is 2 ^ (N /2).
1377 cookie->memory_size = (1 << (resp[6] / 2));
1378 err = ISO_send_cmd(PICC_CLASS,
1379 GET_VERSION_FRAME_RESPONSE_BYTE,
1380 0x00, 0x00, NULL, 0, false,
1381 get_version_frame3, cookie);
1383 near_error("get version2 req failed %d", err);
1385 return t4_cookie_release(err, cookie);
1388 near_error("get version response %02X", resp[length - 1]);
1390 return t4_cookie_release(-EIO, cookie);
1396 /* Steps to format Type 4 (MIFARE DESFire EV1) tag as per AN1104.pdf from nxp.
1397 * 1) Get version to determine memory size of tag
1398 * 2) Select applciation with AID equal to 000000h (PICC level)
1399 * 3) Create application with AID equal to 000001h
1400 * 4) Select application (Select previously created application in step3)
1401 * 5) Create std data file with File number equal to 01h (CC file), ISOFileID
1402 * equal to E103h, ComSet equal to 00h, AccesRights to EEEEh, FileSize bigger
1404 * 6) Write data to CC file with CCLEN equal to 000Fh, Mapping version equal to
1405 * 20h, MLe equal to 003Bh, MLc equal to 0034h, and NDEF File control TLV
1406 * equal to: T=04h, L=06h, V=E1 04 (NDEF ISO FID = E104h), 08 00 (NDEF File
1407 * size = 2048 Bytes) 00 (free read access) 00 (free write access)
1408 * 7) Create std data file with File number equal to 02h (NDEF File DESFireFId),
1409 * ISO FileID equal to E104h, ComSet equal to 00h, ComSet equal to 00h,
1410 * AccessRights equal to EEE0h, FileSize equal to 000800h (2048 bytes)
1411 * 8) Write data to write content of the NDEF File with NLEN equal to 0000h, and
1413 * 9) Now Formatting is done, then select ISO appname2, select CC file and read.
1414 * 10) Select NDEF file (by doing last two steps means, making sure that read
1415 * write operations perform on NDEF file).
1418 static int nfctype4_format(uint32_t adapter_idx, uint32_t target_idx,
1422 struct t4_cookie *cookie;
1426 cookie = g_try_malloc0(sizeof(struct t4_cookie));
1430 cookie->adapter_idx = adapter_idx;
1431 cookie->target_idx = target_idx;
1434 /* Step1 : Get Version */
1435 err = ISO_send_cmd(PICC_CLASS, GET_VERSION,
1436 0x00, 0x00, NULL, 0, false,
1437 get_version_frame2, cookie);
1440 near_error("get version req failed %d", err);
1447 static struct near_tag_driver type4a_driver = {
1448 .type = NFC_PROTO_ISO14443,
1449 .priority = NEAR_TAG_PRIORITY_DEFAULT,
1450 .read = nfctype4_read,
1451 .write = nfctype4_write,
1452 .check_presence = nfctype4_check_presence,
1453 .format = nfctype4_format,
1456 static struct near_tag_driver type4b_driver = {
1457 .type = NFC_PROTO_ISO14443_B,
1458 .priority = NEAR_TAG_PRIORITY_DEFAULT,
1459 .read = nfctype4_read,
1460 .write = nfctype4_write,
1461 .check_presence = nfctype4_check_presence,
1462 .format = nfctype4_format,
1465 static int nfctype4_init(void)
1471 ret = near_tag_driver_register(&type4b_driver);
1475 return near_tag_driver_register(&type4a_driver);
1478 static void nfctype4_exit(void)
1482 near_tag_driver_unregister(&type4a_driver);
1483 near_tag_driver_unregister(&type4b_driver);
1486 NEAR_PLUGIN_DEFINE(nfctype4, "NFC Forum Type 4 tags support", VERSION,
1487 NEAR_PLUGIN_PRIORITY_HIGH, nfctype4_init, nfctype4_exit)