3 * neard - Near Field Communication manager
5 * Copyright (C) 2011 Intel Corporation. All rights reserved.
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License version 2 as
9 * published by the Free Software Foundation.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
30 #include <sys/socket.h>
32 #include <linux/socket.h>
33 #include <linux/nfc.h>
35 #include <near/plugin.h>
37 #include <near/types.h>
38 #include <near/adapter.h>
40 #include <near/ndef.h>
43 #define ARRAY_SIZE(a) (sizeof(a)/sizeof(a[0]))
46 #define NFC_STATUS_BYTE_LEN 1
48 #define STATUS_WORD_1 1
49 #define STATUS_WORD_2 2
50 #define APDU_HEADER_LEN 5
51 #define APDU_OK 0x9000
52 #define APDU_NOT_FOUND 0x6A82
54 /* PICC Level Commands */
55 #define PICC_CLASS 0x90
56 #define GET_VERSION 0x60
57 #define CREATE_APPLICATION 0xCA
58 #define SELECT_APPLICATION 0x5A
59 #define CREATE_STD_DATA_FILE 0xCD
60 #define WRITE_DATA_TO_FILE 0x3D
62 #define DESFire_EV1_MAJOR_VERSION 0x01
63 #define PICC_LEVEL_APDU_OK 0x9100
64 #define GET_VERSION_FRAME_RESPONSE_BYTE 0xAF
65 #define DESFIRE_KEY_SETTINGS 0x0F
66 #define DESFIRE_NUM_OF_KEYS 0x21
67 #define DESFIRE_CC_FILE_NUM 0x01
68 #define DESFIRE_NDEF_FILE_NUM 0x02
69 #define DESFIRE_COMMSET 0x00
70 #define MAPPING_VERSION 0x20
71 #define FREE_READ_ACCESS 0x00
72 #define FREE_WRITE_ACCESS 0x00
74 #define T4_ALL_ACCESS 0x00
75 #define T4_READ_ONLY 0xFF
77 #define APDU_STATUS(a) (g_ntohs(*((uint16_t *)(a))))
79 /* Tag Type 4 version ID */
80 static uint8_t iso_appname_v1[] = { 0xd2, 0x76, 0x0, 0x0, 0x85, 0x01, 0x0 };
81 static uint8_t iso_appname_v2[] = { 0xd2, 0x76, 0x0, 0x0, 0x85, 0x01, 0x1 };
84 static uint8_t iso_cc_fileid[] = { 0xe1, 0x03 };
85 #define LEN_ISO_CC_FILEID 2
87 #define LEN_ISO_CC_READ_SIZE 0x0F
89 #define CMD_HEADER_SIZE 5
90 struct type4_cmd { /* iso 7816 */
97 } __attribute__((packed));
99 struct type4_NDEF_file_control_tlv {
100 uint8_t tag ; /* should be 4 */
101 uint8_t len ; /* should be 6 */
103 uint16_t max_ndef_size ;
104 uint8_t read_access ;
105 uint8_t write_access ;
106 } __attribute__((packed));
108 struct type4_cc { /* Capability Container */
110 uint8_t mapping_version;
111 uint16_t max_R_apdu_data_size;
112 uint16_t max_C_apdu_data_size;
113 struct type4_NDEF_file_control_tlv tlv_fc ;
114 uint8_t tlv_blocks[];
115 } __attribute__((packed));
119 uint8_t key_settings;
120 uint8_t number_of_keys;
122 uint8_t iso_appname[7];
123 } __attribute__((packed));
125 struct desfire_std_file {
129 uint8_t access_rights[2];
131 } __attribute__((packed));
133 struct desfire_cc_file {
142 uint8_t ndef_size[2];
144 uint8_t write_access;
145 } __attribute__((packed));
148 uint32_t adapter_idx;
151 struct near_tag *tag;
153 uint16_t r_apdu_max_size;
154 uint16_t c_apdu_max_size;
155 uint16_t max_ndef_size;
156 uint8_t write_access;
157 struct near_ndef_message *ndef;
158 uint16_t memory_size;
161 /* ISO functions: This code prepares APDU */
162 static int ISO_send_cmd(uint8_t class,
167 uint8_t cmd_data_length,
172 struct type4_cmd *cmd;
173 struct t4_cookie *in_rcv = in_data;
174 uint8_t total_cmd_length;
177 DBG("CLA-%02x INS-%02x P1-%02x P2-%02x",
178 class, instruction, param1, param2);
182 total_cmd_length = APDU_HEADER_LEN + cmd_data_length;
184 total_cmd_length = APDU_HEADER_LEN;
185 } else { /* Extra byte for Le */
186 total_cmd_length = APDU_HEADER_LEN + cmd_data_length + 1;
189 cmd = g_try_malloc0(total_cmd_length);
191 DBG("Mem alloc failed");
197 cmd->instruction = instruction ;
198 cmd->param1 = param1 ;
199 cmd->param2 = param2 ;
200 cmd->data_length = cmd_data_length;
203 memcpy(cmd->data, cmd_data, cmd_data_length);
204 /* The Le byte set to 0x00 defined that any length
205 * of PICC response is allowed */
207 cmd->data[cmd_data_length] = 0;
210 err = near_adapter_send(in_rcv->adapter_idx, (uint8_t *)cmd,
211 total_cmd_length, cb, in_rcv);
216 /* On exit, clean memory */
222 /* ISO 7816 command: Select applications or files
223 * p1=0 select by "file id"
224 * P1=4 select by "DF name"
226 static int ISO_Select(uint8_t *filename, uint8_t fnamelen, uint8_t P1,
227 near_recv cb, void *cookie)
233 0xA4, /* INS: Select file */
234 P1, /* P1: select by name */
235 0x00, /* P2: First or only occurrence */
236 filename, /* cmd_data */
237 fnamelen, /* uint8_t cmd_data_length*/
243 /* ISO 7816 command: Read binary data from files */
244 static int ISO_ReadBinary(uint16_t offset, uint8_t readsize,
245 near_recv cb, void *cookie)
250 0xB0, /* INS: Select file */
251 (uint8_t)((offset & 0xFF00)>>8),
252 (uint8_t)(offset & 0xFF),
253 0, /* no data send */
254 readsize, /* bytes to read */
260 /* ISO 7816 command: Update data */
261 static int ISO_Update(uint16_t offset, uint8_t nlen,
262 uint8_t *data, near_recv cb, void *cookie)
267 0xD6, /* INS: Select file */
268 (uint8_t)((offset & 0xFF00) >> 8),
269 (uint8_t)(offset & 0xFF),
270 data, /* length of NDEF data */
271 nlen, /* NLEN + NDEF data */
277 static int t4_cookie_release(int err, struct t4_cookie *cookie)
282 if (err < 0 && cookie->cb)
283 cookie->cb(cookie->adapter_idx, cookie->target_idx, err);
286 g_free(cookie->ndef->data);
288 g_free(cookie->ndef);
294 static int data_read_cb(uint8_t *resp, int length, void *data)
296 struct t4_cookie *cookie = data ;
298 size_t data_length, length_read, current_length;
299 uint16_t remain_bytes;
305 return t4_cookie_release(err, cookie);
307 if (APDU_STATUS(resp + length - 2) != APDU_OK) {
308 DBG("Fail read_cb SW:x%04x", APDU_STATUS(resp + length - 2));
310 return t4_cookie_release(err, cookie);
313 nfc_data = near_tag_get_data(cookie->tag, &data_length);
315 /* Remove SW1 / SW2 and NFC header */
316 length_read = length - NFC_HEADER_SIZE - 2 ;
317 length = length_read;
319 current_length = cookie->read_data;
321 if (current_length + (length_read) > data_length)
322 length_read = data_length - current_length;
324 memcpy(nfc_data + current_length, resp + NFC_HEADER_SIZE, length_read);
325 if (current_length + length_read == data_length) {
330 records = near_ndef_parse(nfc_data, data_length);
331 near_tag_add_records(cookie->tag, records, cookie->cb, 0);
337 cookie->read_data += length ;
338 remain_bytes = (data_length - cookie->read_data);
340 if (remain_bytes >= cookie->r_apdu_max_size)
341 err = ISO_ReadBinary(cookie->read_data + 2,
342 cookie->r_apdu_max_size, data_read_cb, cookie);
344 err = ISO_ReadBinary(cookie->read_data + 2,
345 (uint8_t)remain_bytes, data_read_cb, cookie);
352 return t4_cookie_release(err, cookie);
355 static int t4_readbin_NDEF_ID(uint8_t *resp, int length, void *data)
357 struct t4_cookie *cookie = data ;
358 struct near_tag *tag;
368 if (APDU_STATUS(resp + length - 2) != APDU_OK) {
369 DBG("Fail SW:x%04x", APDU_STATUS(resp + length - 2));
374 /* Add data to the tag */
375 err = near_tag_add_data(cookie->adapter_idx, cookie->target_idx, NULL,
376 g_ntohs(*((uint16_t *)(resp + NFC_STATUS_BYTE_LEN))));
380 tag = near_tag_get_tag(cookie->adapter_idx, cookie->target_idx);
386 near_tag_set_max_ndef_size(tag, cookie->max_ndef_size);
387 near_tag_set_c_apdu_max_size(tag, cookie->c_apdu_max_size);
388 near_tag_set_blank(tag, FALSE);
393 /* Set write conditions */
394 if (cookie->write_access == T4_READ_ONLY)
395 near_tag_set_ro(tag, TRUE);
397 near_tag_set_ro(tag, FALSE);
399 /* TODO: see how we can get the UID value:
400 * near_tag_set_uid(tag, resp + NFC_HEADER_SIZE, 8);
404 err = ISO_ReadBinary(2, cookie->r_apdu_max_size - 2,
405 data_read_cb, cookie);
412 return t4_cookie_release(err, cookie);
415 static int t4_select_NDEF_ID(uint8_t *resp, int length, void *data)
417 struct t4_cookie *cookie = data;
427 /* Check for APDU error */
428 if (APDU_STATUS(resp + STATUS_WORD_1) != APDU_OK) {
429 DBG("Fail SW:x%04x", APDU_STATUS(resp + STATUS_WORD_1));
434 /* Read 0x0f bytes, to grab the NDEF msg length */
435 err = ISO_ReadBinary(0, LEN_ISO_CC_READ_SIZE,
436 t4_readbin_NDEF_ID, cookie);
443 return t4_cookie_release(err, cookie);
446 static int t4_readbin_cc(uint8_t *resp, int length, void *data)
448 struct t4_cookie *cookie = data ;
449 struct type4_cc *read_cc ;
459 /* Check APDU error ( the two last bytes of the resp) */
460 if (APDU_STATUS(resp + length - 2) != APDU_OK) {
461 DBG("Fail SW:x%04x", APDU_STATUS(resp + length - 2));
466 /* -2 for status word and -1 is for NFC first byte... */
467 read_cc = g_try_malloc0(length - 2 - NFC_STATUS_BYTE_LEN);
468 if (read_cc == NULL) {
469 DBG("Mem alloc failed");
474 memcpy(read_cc, &resp[1], length - 2 - NFC_STATUS_BYTE_LEN) ;
476 cookie->r_apdu_max_size = g_ntohs(read_cc->max_R_apdu_data_size) -
478 cookie->c_apdu_max_size = g_ntohs(read_cc->max_C_apdu_data_size);
479 cookie->max_ndef_size = g_ntohs(read_cc->tlv_fc.max_ndef_size);
481 /* TODO 5.1.1 :TLV blocks can be zero, one or more... */
482 /* TODO 5.1.2 :Must ignore proprietary blocks (x05)... */
483 if (read_cc->tlv_fc.tag != 0x4) {
484 DBG("NDEF File Control tag not found !") ;
489 /* save rw conditions */
490 cookie->write_access = read_cc->tlv_fc.write_access;
492 err = ISO_Select((uint8_t *)&read_cc->tlv_fc.file_id,
493 LEN_ISO_CC_FILEID, 0, t4_select_NDEF_ID, cookie);
500 return t4_cookie_release(err, cookie);
503 static int t4_select_cc(uint8_t *resp, int length, void *data)
505 struct t4_cookie *cookie = data;
515 /* Check for APDU error */
516 if (APDU_STATUS(resp + STATUS_WORD_1) != APDU_OK) {
518 DBG(" Found empty tag");
519 /* Add data to the tag */
520 err = near_tag_add_data(cookie->adapter_idx, cookie->target_idx,
521 NULL, 1 /* dummy length */);
525 cookie->tag = near_tag_get_tag(cookie->adapter_idx,
527 if (cookie->tag == NULL) {
532 near_tag_set_blank(cookie->tag, TRUE);
535 cookie->cb(cookie->adapter_idx, cookie->target_idx, 0);
537 return t4_cookie_release(0, cookie);
540 err = ISO_ReadBinary(0, LEN_ISO_CC_READ_SIZE, t4_readbin_cc, cookie);
547 return t4_cookie_release(err, cookie);
550 static int t4_select_file_by_name_v1(uint8_t *resp, int length, void *data)
552 struct t4_cookie *cookie = data;
562 /* Check for APDU error */
563 if (APDU_STATUS(resp + STATUS_WORD_1) != APDU_OK) {
564 DBG("V1 Fail SW:x%04x", APDU_STATUS(resp + STATUS_WORD_1));
569 if (resp[NFC_STATUS] != 0) {
574 /* Jump to select phase */
575 err = ISO_Select(iso_cc_fileid, LEN_ISO_CC_FILEID, 0,
576 t4_select_cc, cookie);
583 return t4_cookie_release(err, cookie);
586 static int t4_select_file_by_name_v2(uint8_t *resp, int length, void *data)
588 struct t4_cookie *cookie = data;
598 /* Check for APDU error - Not found */
599 if (APDU_STATUS(resp + STATUS_WORD_1) == APDU_NOT_FOUND) {
600 DBG("Fallback to V1");
601 err = ISO_Select(iso_appname_v1, ARRAY_SIZE(iso_appname_v1),
602 0x4, t4_select_file_by_name_v1, cookie);
609 if (APDU_STATUS(resp + STATUS_WORD_1) != APDU_OK) {
610 DBG("V2 Fail SW:x%04x", APDU_STATUS(resp + STATUS_WORD_1));
615 if (resp[NFC_STATUS] != 0) {
620 /* Jump to select phase */
621 err = ISO_Select(iso_cc_fileid, LEN_ISO_CC_FILEID, 0,
622 t4_select_cc, cookie);
629 return t4_cookie_release(err, cookie);
632 static int nfctype4_read(uint32_t adapter_idx,
633 uint32_t target_idx, near_tag_io_cb cb)
635 struct t4_cookie *cookie;
640 cookie = g_try_malloc0(sizeof(struct t4_cookie));
641 if (cookie == NULL) {
646 cookie->adapter_idx = adapter_idx;
647 cookie->target_idx = target_idx;
650 cookie->read_data = 0;;
652 /* Check for V2 type 4 tag */
653 err = ISO_Select(iso_appname_v2, ARRAY_SIZE(iso_appname_v2),
654 0x4, t4_select_file_by_name_v2, cookie);
661 return t4_cookie_release(err, cookie);
664 static int data_write_cb(uint8_t *resp, int length, void *data)
666 struct t4_cookie *cookie = data;
672 return t4_cookie_release(err, cookie);
674 if (APDU_STATUS(resp + length - 2) != APDU_OK) {
675 near_error("write failed SWx%04x",
676 APDU_STATUS(resp + length - 2));
679 return t4_cookie_release(err, cookie);
682 if (cookie->ndef->offset >= cookie->ndef->length) {
684 near_adapter_disconnect(cookie->adapter_idx);
687 cookie->cb(cookie->adapter_idx, cookie->target_idx, 0);
689 return t4_cookie_release(0, cookie);
692 if ((cookie->ndef->length - cookie->ndef->offset) >
693 cookie->c_apdu_max_size) {
694 err = ISO_Update(cookie->ndef->offset,
695 cookie->c_apdu_max_size,
696 cookie->ndef->data + cookie->ndef->offset,
697 data_write_cb, cookie);
698 cookie->ndef->offset += cookie->c_apdu_max_size;
700 err = ISO_Update(cookie->ndef->offset,
701 cookie->ndef->length - cookie->ndef->offset,
702 cookie->ndef->data + cookie->ndef->offset,
703 data_write_cb, cookie);
704 cookie->ndef->offset = cookie->ndef->length;
708 return t4_cookie_release(err, cookie);
713 static int data_write(uint32_t adapter_idx, uint32_t target_idx,
714 struct near_ndef_message *ndef,
715 struct near_tag *tag, near_tag_io_cb cb)
717 struct t4_cookie *cookie;
720 cookie = g_try_malloc0(sizeof(struct t4_cookie));
721 if (cookie == NULL) {
726 cookie->adapter_idx = adapter_idx;
727 cookie->target_idx = target_idx;
730 cookie->read_data = 0;
731 cookie->max_ndef_size = near_tag_get_max_ndef_size(tag);
732 cookie->c_apdu_max_size = near_tag_get_c_apdu_max_size(tag);
735 if (cookie->max_ndef_size < cookie->ndef->length) {
736 near_error("not enough space on tag to write data");
741 if ((cookie->ndef->length - cookie->ndef->offset) >
742 cookie->c_apdu_max_size) {
743 err = ISO_Update(cookie->ndef->offset,
744 cookie->c_apdu_max_size,
746 data_write_cb, cookie);
747 cookie->ndef->offset += cookie->c_apdu_max_size;
749 err = ISO_Update(cookie->ndef->offset,
750 cookie->ndef->length,
752 data_write_cb, cookie);
753 cookie->ndef->offset = cookie->ndef->length;
762 t4_cookie_release(err, cookie);
767 static int nfctype4_write(uint32_t adapter_idx, uint32_t target_idx,
768 struct near_ndef_message *ndef, near_tag_io_cb cb)
770 struct near_tag *tag;
774 if (ndef == NULL || cb == NULL)
777 tag = near_tag_get_tag(adapter_idx, target_idx);
781 return data_write(adapter_idx, target_idx, ndef, tag, cb);
784 static int check_presence(uint8_t *resp, int length, void *data)
786 struct t4_cookie *cookie = data;
795 cookie->cb(cookie->adapter_idx,
796 cookie->target_idx, err);
798 return t4_cookie_release(err, cookie);
801 static int nfctype4_check_presence(uint32_t adapter_idx,
802 uint32_t target_idx, near_tag_io_cb cb)
804 struct t4_cookie *cookie;
809 cookie = g_try_malloc0(sizeof(struct t4_cookie));
810 if (cookie == NULL) {
815 cookie->adapter_idx = adapter_idx;
816 cookie->target_idx = target_idx;
819 cookie->read_data = 0;;
821 /* Check for V2 type 4 tag */
822 err = ISO_Select(iso_appname_v2, ARRAY_SIZE(iso_appname_v2),
823 0x4, check_presence, cookie);
830 return t4_cookie_release(err, cookie);
833 static int select_ndef_file(uint8_t *resp, int length, void *data)
835 struct t4_cookie *cookie = data;
845 if (APDU_STATUS(resp + STATUS_WORD_1) != APDU_OK) {
846 near_error("select ndef file resp failed %02X",
852 DBG("ndef file selected");
855 cookie->cb(cookie->adapter_idx, cookie->target_idx, 0);
858 return t4_cookie_release(err, cookie);
861 static int read_cc_file(uint8_t *resp, int length, void *data)
863 struct t4_cookie *cookie = data;
864 struct near_tag *tag;
865 struct type4_cc *read_cc = NULL;
875 /* Check APDU error ( the two last bytes of the resp) */
876 if (APDU_STATUS(resp + length - 2) != APDU_OK) {
877 near_error("read cc failed SWx%04x",
878 APDU_STATUS(resp + length - 2));
883 /* -2 for status word and -1 is for NFC first byte... */
884 read_cc = g_try_malloc0(length - 2 - NFC_STATUS_BYTE_LEN);
885 if (read_cc == NULL) {
890 memcpy(read_cc, &resp[1], length - 2 - NFC_STATUS_BYTE_LEN) ;
891 cookie->c_apdu_max_size = g_ntohs(read_cc->max_C_apdu_data_size);
892 cookie->max_ndef_size = g_ntohs(read_cc->tlv_fc.max_ndef_size);
894 tag = near_tag_get_tag(cookie->adapter_idx, cookie->target_idx);
900 near_tag_set_max_ndef_size(tag, cookie->memory_size);
901 near_tag_set_c_apdu_max_size(tag, cookie->c_apdu_max_size);
903 if (read_cc->tlv_fc.tag != 0x4) {
904 near_error("NDEF File not found") ;
909 err = ISO_Select((uint8_t *)&read_cc->tlv_fc.file_id,
910 LEN_ISO_CC_FILEID, 0, select_ndef_file, cookie);
912 near_error("select ndef file req failed %d", err);
921 return t4_cookie_release(err, cookie);
924 static int select_cc_file(uint8_t *resp, int length, void *data)
927 struct t4_cookie *cookie = data;
930 near_error("CC file select resp failed %d", length);
935 if (APDU_STATUS(resp + STATUS_WORD_1) != APDU_OK) {
936 near_error("CC file select response %02X",
942 err = ISO_ReadBinary(0, LEN_ISO_CC_READ_SIZE, read_cc_file, cookie);
944 near_error("read cc file req failed %d", err);
951 return t4_cookie_release(err, cookie);
954 static int select_iso_appname_v2(uint8_t *resp, int length, void *data)
957 struct t4_cookie *cookie = data;
960 near_error("iso app select resp failed %d", length);
965 if (resp[NFC_STATUS] != 0x00) {
966 near_error("iso app select response %02X",
972 err = ISO_Select(iso_cc_fileid, LEN_ISO_CC_FILEID, 0,
973 select_cc_file, cookie);
975 near_error("select cc req failed %d", err);
982 return t4_cookie_release(err, cookie);
985 static int format_resp(uint8_t *resp, int length, void *data)
988 struct t4_cookie *cookie = data;
989 struct near_tag *tag;
994 near_error("write data to ndef file resp failed %d", length);
999 if (APDU_STATUS(resp + 1) != PICC_LEVEL_APDU_OK) {
1000 near_error("wrtie data to ndef file response %02X",
1006 tag = near_tag_get_tag(cookie->adapter_idx, cookie->target_idx);
1012 DBG("Formatting is done");
1013 near_tag_set_blank(tag, FALSE);
1016 * 1) Till now all commands which are used for formatting are
1017 * at mifare desfire level. Now select iso appname_v2,
1018 * cc file and ndef file with ISO 7816-4 commands.
1019 * 2) Selecting ndef file means making sure that read write
1020 * operations will perform on NDEF file.
1022 err = ISO_Select(iso_appname_v2, ARRAY_SIZE(iso_appname_v2),
1023 0x4, select_iso_appname_v2, cookie);
1025 near_error("iso_select appnamev2 req failed %d", err);
1032 return t4_cookie_release(err, cookie);
1035 static int write_data_to_ndef_file(uint8_t *resp, int length, void *data)
1038 struct t4_cookie *cookie = data;
1039 uint8_t *cmd_data = NULL;
1040 uint8_t cmd_data_length;
1041 uint8_t ndef_file_offset[] = {0x00, 0x00, 0x00};
1042 uint8_t empty_ndef_file_len[] = {0x02, 0x00, 0x00}; /* 000002h */
1043 uint8_t ndef_nlen[] = {0x00, 0x00}; /* 0000h */
1048 near_error("create ndef file resp failed %d", length);
1053 if (APDU_STATUS(resp + 1) != PICC_LEVEL_APDU_OK) {
1054 near_error("create ndef file response %02X",
1060 /* Step8 : Write data to NDEF file ( no NDEF message) */
1061 cmd_data_length = 1 /* File num */
1062 + ARRAY_SIZE(ndef_file_offset)
1063 + ARRAY_SIZE(empty_ndef_file_len)
1064 + ARRAY_SIZE(ndef_nlen);
1066 cmd_data = g_try_malloc0(cmd_data_length);
1067 if (cmd_data == NULL) {
1072 cmd_data[0] = DESFIRE_NDEF_FILE_NUM;
1073 memcpy(cmd_data + 1, ndef_file_offset, ARRAY_SIZE(ndef_file_offset));
1074 memcpy(cmd_data + 4, empty_ndef_file_len,
1075 ARRAY_SIZE(empty_ndef_file_len));
1076 memcpy(cmd_data + 7, ndef_nlen, ARRAY_SIZE(ndef_nlen));
1078 err = ISO_send_cmd(PICC_CLASS, WRITE_DATA_TO_FILE,
1079 0x00, 0x00, cmd_data, cmd_data_length,
1080 TRUE, format_resp, cookie);
1082 near_error("wrtie data to ndef file req failed %d", err);
1091 return t4_cookie_release(err, cookie);
1094 static int create_ndef_file(uint8_t *resp, int length, void *data)
1097 struct t4_cookie *cookie = data;
1098 struct desfire_std_file *ndef = NULL;
1099 uint8_t iso_ndef_file_id[] = {0x04, 0xE1}; /* E104h */
1100 uint8_t ndef_file_access_rights[] = {0xE0, 0xEE}; /* EEE0h */
1105 near_error("write data to cc file resp failed %d", length);
1110 if (APDU_STATUS(resp + 1) != PICC_LEVEL_APDU_OK) {
1111 near_error("write data to cc file response %02X",
1117 ndef = g_try_malloc0(sizeof(struct desfire_std_file));
1123 ndef->file_num = DESFIRE_NDEF_FILE_NUM;
1124 memcpy(ndef->file_id, iso_ndef_file_id, ARRAY_SIZE(iso_ndef_file_id));
1125 ndef->comm_set = DESFIRE_COMMSET;
1126 memcpy(ndef->access_rights, ndef_file_access_rights,
1127 ARRAY_SIZE(ndef_file_access_rights));
1129 ndef->size[1] = (uint8_t) (cookie->memory_size >> 8);
1130 ndef->size[2] = (uint8_t) cookie->memory_size;
1132 err = ISO_send_cmd(PICC_CLASS, CREATE_STD_DATA_FILE,
1133 0x00, 0x00, (uint8_t *)ndef,
1134 sizeof(struct desfire_std_file),
1135 TRUE, write_data_to_ndef_file, cookie);
1137 near_error("create ndef file req failed %d", err);
1146 return t4_cookie_release(err, cookie);
1149 static int write_data_to_cc_file(uint8_t *resp, int length, void *data)
1152 struct t4_cookie *cookie = data;
1153 struct desfire_cc_file *cc = NULL;
1154 uint8_t cc_file_offset[] = {0x00, 0x00, 0x00};
1155 uint8_t cc_file_max_len[] = {0x0F, 0x00, 0x00}; /* 00000Fh */
1156 uint8_t cc_len[] = {0x00, 0x0F}; /* 000Fh*/
1157 uint8_t mle_r_apdu[] = {0x00, 0x3B}; /* 003Bh */
1158 uint8_t mlc_c_apdu[] = {0x00, 0x34}; /* 0034h */
1159 /* T: 04, L: 06: V: E104h (NDEF ISO FID = E104h)*/
1160 uint8_t ndef_tlv[] = {0x04, 0x06, 0xE1, 0x04};
1166 near_error("create cc file resp failed %d", length);
1171 if (APDU_STATUS(resp + 1) != PICC_LEVEL_APDU_OK) {
1172 near_error("create cc file response %02X",
1178 cc = g_try_malloc0(sizeof(struct desfire_cc_file));
1184 cc->file_num = DESFIRE_CC_FILE_NUM;
1185 memcpy(cc->offset, cc_file_offset, ARRAY_SIZE(cc_file_offset));
1186 memcpy(cc->max_len, cc_file_max_len, ARRAY_SIZE(cc_file_max_len));
1187 memcpy(cc->cc_len, cc_len, ARRAY_SIZE(cc_len));
1188 cc->version = MAPPING_VERSION;
1189 memcpy(cc->mle, mle_r_apdu, ARRAY_SIZE(mle_r_apdu));
1190 memcpy(cc->mlc, mlc_c_apdu, ARRAY_SIZE(mlc_c_apdu));
1191 memcpy(cc->ndef_tlv, ndef_tlv, ARRAY_SIZE(ndef_tlv));
1192 cc->ndef_size[0] = (uint8_t) (cookie->memory_size >> 8);
1193 cc->ndef_size[1] = (uint8_t) cookie->memory_size;
1194 cc->read_access = FREE_READ_ACCESS;
1195 cc->write_access = FREE_WRITE_ACCESS;
1197 err = ISO_send_cmd(PICC_CLASS, WRITE_DATA_TO_FILE,
1198 0x00, 0x00, (uint8_t *)cc,
1199 sizeof(struct desfire_cc_file),
1200 TRUE, create_ndef_file, cookie);
1202 near_error("write data to cc file req failed %d", err);
1211 return t4_cookie_release(err, cookie);
1214 static int create_cc_file(uint8_t *resp, int length, void *data)
1217 struct t4_cookie *cookie = data;
1218 struct desfire_std_file *cc = NULL;
1219 uint8_t iso_cc_file_id[] = {0x03, 0xe1}; /* E103h */
1220 uint8_t cc_file_access_rights[] = {0xE0, 0xEE}; /* EEE0h */
1221 uint8_t cc_file_max_len[] = {0x0F, 0x00, 0x00}; /* 00000Fh */
1226 near_error("select application1 resp failed %d", length);
1231 if (APDU_STATUS(resp + 1) != PICC_LEVEL_APDU_OK) {
1232 near_error("select application1 response %02X",
1238 cc = g_try_malloc0(sizeof(struct desfire_std_file));
1244 cc->file_num = DESFIRE_CC_FILE_NUM;
1245 memcpy(cc->file_id, iso_cc_file_id, ARRAY_SIZE(iso_cc_file_id));
1246 cc->comm_set = DESFIRE_COMMSET;
1247 memcpy(cc->access_rights, cc_file_access_rights,
1248 ARRAY_SIZE(cc_file_access_rights));
1249 memcpy(cc->size, cc_file_max_len, ARRAY_SIZE(cc_file_max_len));
1251 err = ISO_send_cmd(PICC_CLASS,
1252 CREATE_STD_DATA_FILE,
1253 0x00, 0x00, (uint8_t *)cc,
1254 sizeof(struct desfire_std_file),
1255 TRUE, write_data_to_cc_file, cookie);
1257 near_error("create cc file req failed %d", err);
1266 return t4_cookie_release(err, cookie);
1269 static int select_application_1(uint8_t *resp, int length, void *data)
1272 struct t4_cookie *cookie = data;
1273 uint8_t *cmd_data = NULL;
1274 uint8_t cmd_data_length;
1275 uint8_t desfire_aid_1[] = {0x01, 0x00, 0x00}; /* 000001h */
1280 near_error("create application resp failed %d", length);
1285 if (APDU_STATUS(resp + 1) != PICC_LEVEL_APDU_OK) {
1286 near_error("create application response %02X",
1292 /* Step4 : Select application (which is created just now) */
1293 cmd_data_length = ARRAY_SIZE(desfire_aid_1);
1294 cmd_data = g_try_malloc0(cmd_data_length);
1295 if (cmd_data == NULL) {
1300 memcpy(cmd_data, desfire_aid_1, cmd_data_length);
1301 err = ISO_send_cmd(PICC_CLASS, SELECT_APPLICATION,
1302 0x00, 0x00, cmd_data, cmd_data_length,
1303 TRUE, create_cc_file, cookie);
1305 near_error("select application1 req failed %d", err);
1314 return t4_cookie_release(err, cookie);
1317 static int create_application(uint8_t *resp, int length, void *data)
1320 struct t4_cookie *cookie = data;
1321 uint8_t desfire_aid_1[] = {0x01, 0x00, 0x00}; /* 000001h */
1322 uint8_t desfire_file_id[] = {0x10, 0xE1}; /* E110h */
1323 struct desfire_app *app = NULL;
1328 near_error("select application resp failed %d", length);
1333 if (APDU_STATUS(resp + 1) != PICC_LEVEL_APDU_OK) {
1334 near_error("select application response %02X",
1340 app = g_try_malloc0(sizeof(struct desfire_app));
1346 memcpy(app->aid, desfire_aid_1, ARRAY_SIZE(desfire_aid_1));
1347 app->key_settings = DESFIRE_KEY_SETTINGS;
1348 app->number_of_keys = DESFIRE_NUM_OF_KEYS;
1349 memcpy(app->file_id, desfire_file_id, ARRAY_SIZE(desfire_file_id));
1350 memcpy(app->iso_appname, iso_appname_v2, ARRAY_SIZE(iso_appname_v2));
1352 /* Step3 : Create Application */
1353 err = ISO_send_cmd(PICC_CLASS, CREATE_APPLICATION,
1354 0x00, 0x00, (uint8_t *)app,
1355 sizeof(struct desfire_app),
1356 TRUE, select_application_1, cookie);
1358 near_error("create application req failed %d", err);
1367 return t4_cookie_release(err, cookie);
1370 static int select_application(uint8_t *resp, int length, void *data)
1373 struct t4_cookie *cookie = data;
1374 uint8_t *cmd_data = NULL;
1375 uint8_t cmd_data_length;
1376 uint8_t desfire_aid[] = {0x00, 0x00, 0x00}; /* 000000h */
1381 near_error("get version3 resp failed %d", length);
1386 if (resp[length - 1] != 0x00) {
1387 near_error("get version3 response %02X",
1394 cmd_data_length = ARRAY_SIZE(desfire_aid);
1395 cmd_data = g_try_malloc0(cmd_data_length);
1396 if (cmd_data == NULL) {
1401 memcpy(cmd_data, desfire_aid, cmd_data_length);
1402 /* Step2 : Select Application */
1403 err = ISO_send_cmd(PICC_CLASS,
1405 0x00, 0x00, cmd_data, cmd_data_length,
1406 TRUE, create_application, cookie);
1408 near_error("select application req failed %d", err);
1417 return t4_cookie_release(err, cookie);
1420 static int get_version_frame3(uint8_t *resp, int length, void *data)
1423 struct t4_cookie *cookie = data;
1428 near_error("get version2 resp failed %d", length);
1433 if (resp[4] == 0x01 /* Major Version */
1434 && resp[length - 1] == GET_VERSION_FRAME_RESPONSE_BYTE) {
1436 err = ISO_send_cmd(PICC_CLASS,
1437 GET_VERSION_FRAME_RESPONSE_BYTE,
1438 0x00, 0x00, NULL, 0, FALSE,
1439 select_application, cookie);
1441 near_error("get version3 req failed %d", err);
1445 near_error("get version2 response %02X", resp[length - 1]);
1453 return t4_cookie_release(err, cookie);
1456 static int get_version_frame2(uint8_t *resp, int length, void *data)
1459 struct t4_cookie *cookie = data;
1464 near_error(" get version resp failed %d", length);
1469 if (resp[4] == 0x01 /* Major Version */
1470 && resp[length - 1] == GET_VERSION_FRAME_RESPONSE_BYTE) {
1473 * When N is the GET_VERSION response 6th byte,
1474 * the DESFire tag memory size is 2 ^ (N /2).
1476 cookie->memory_size = (1 << (resp[6] / 2));
1477 err = ISO_send_cmd(PICC_CLASS,
1478 GET_VERSION_FRAME_RESPONSE_BYTE,
1479 0x00, 0x00, NULL, 0, FALSE,
1480 get_version_frame3, cookie);
1482 near_error("get version2 req failed %d", err);
1486 near_error("get version response %02X", resp[length - 1]);
1494 return t4_cookie_release(err, cookie);
1497 /* Steps to format Type 4 (MIFARE DESFire EV1) tag as per AN1104.pdf from nxp.
1498 * 1) Get version to determine memory size of tag
1499 * 2) Select applciation with AID equal to 000000h (PICC level)
1500 * 3) Create application with AID equal to 000001h
1501 * 4) Select application (Select previously created application in step3)
1502 * 5) Create std data file with File number equal to 01h (CC file), ISOFileID
1503 * equal to E103h, ComSet equal to 00h, AccesRights to EEEEh, FileSize bigger
1505 * 6) Write data to CC file with CCLEN equal to 000Fh, Mapping version equal to
1506 * 20h, MLe equal to 003Bh, MLc equal to 0034h, and NDEF File control TLV
1507 * equal to: T=04h, L=06h, V=E1 04 (NDEF ISO FID = E104h), 08 00 (NDEF File
1508 * size = 2048 Bytes) 00 (free read access) 00 (free write access)
1509 * 7) Create std data file with File number equal to 02h (NDEF File DESFireFId),
1510 * ISO FileID equal to E104h, ComSet equal to 00h, ComSet equal to 00h,
1511 * AccessRights equal to EEE0h, FileSize equal to 000800h (2048 bytes)
1512 * 8) Write data to write content of the NDEF File with NLEN equal to 0000h, and
1514 * 9) Now Formatting is done, then select ISO appname2, select CC file and read.
1515 * 10) Select NDEF file (by doing last two steps means, making sure that read
1516 * write operations perform on NDEF file).
1519 static int nfctype4_format(uint32_t adapter_idx, uint32_t target_idx,
1523 struct t4_cookie *cookie;
1527 cookie = g_try_malloc0(sizeof(struct t4_cookie));
1531 cookie->adapter_idx = adapter_idx;
1532 cookie->target_idx = target_idx;
1535 /* Step1 : Get Version */
1536 err = ISO_send_cmd(PICC_CLASS, GET_VERSION,
1537 0x00, 0x00, NULL, 0, FALSE,
1538 get_version_frame2, cookie);
1541 near_error("get version req failed %d", err);
1548 static struct near_tag_driver type4_driver = {
1549 .type = NFC_PROTO_ISO14443,
1550 .priority = NEAR_TAG_PRIORITY_DEFAULT,
1551 .read = nfctype4_read,
1552 .write = nfctype4_write,
1553 .check_presence = nfctype4_check_presence,
1554 .format = nfctype4_format,
1557 static int nfctype4_init(void)
1561 return near_tag_driver_register(&type4_driver);
1564 static void nfctype4_exit(void)
1568 near_tag_driver_unregister(&type4_driver);
1571 NEAR_PLUGIN_DEFINE(nfctype4, "NFC Forum Type 4 tags support", VERSION,
1572 NEAR_PLUGIN_PRIORITY_HIGH, nfctype4_init, nfctype4_exit)