3 * neard - Near Field Communication manager
5 * Copyright (C) 2011 Intel Corporation. All rights reserved.
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License version 2 as
9 * published by the Free Software Foundation.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
30 #include <sys/socket.h>
32 #include <linux/socket.h>
33 #include <linux/nfc.h>
35 #include <near/plugin.h>
37 #include <near/types.h>
38 #include <near/adapter.h>
40 #include <near/ndef.h>
43 #define ARRAY_SIZE(a) (sizeof(a) / sizeof(a[0]))
46 #define NFC_STATUS_BYTE_LEN 1
48 #define STATUS_WORD_1 1
49 #define STATUS_WORD_2 2
50 #define APDU_HEADER_LEN 5
51 #define APDU_OK 0x9000
52 #define APDU_NOT_FOUND 0x6A82
54 /* PICC Level Commands */
55 #define PICC_CLASS 0x90
56 #define GET_VERSION 0x60
57 #define CREATE_APPLICATION 0xCA
58 #define SELECT_APPLICATION 0x5A
59 #define CREATE_STD_DATA_FILE 0xCD
60 #define WRITE_DATA_TO_FILE 0x3D
62 #define DESFire_EV1_MAJOR_VERSION 0x01
63 #define PICC_LEVEL_APDU_OK 0x9100
64 #define GET_VERSION_FRAME_RESPONSE_BYTE 0xAF
65 #define DESFIRE_KEY_SETTINGS 0x0F
66 #define DESFIRE_NUM_OF_KEYS 0x21
67 #define DESFIRE_CC_FILE_NUM 0x01
68 #define DESFIRE_NDEF_FILE_NUM 0x02
69 #define DESFIRE_COMMSET 0x00
70 #define MAPPING_VERSION 0x20
71 #define FREE_READ_ACCESS 0x00
72 #define FREE_WRITE_ACCESS 0x00
74 #define T4_ALL_ACCESS 0x00
75 #define T4_READ_ONLY 0xFF
77 #define APDU_STATUS(a) (g_ntohs(*((uint16_t *)(a))))
79 /* Tag Type 4 version ID */
80 static uint8_t iso_appname_v1[] = { 0xd2, 0x76, 0x0, 0x0, 0x85, 0x01, 0x0 };
81 static uint8_t iso_appname_v2[] = { 0xd2, 0x76, 0x0, 0x0, 0x85, 0x01, 0x1 };
84 static uint8_t iso_cc_fileid[] = { 0xe1, 0x03 };
85 #define LEN_ISO_CC_FILEID 2
87 #define LEN_ISO_CC_READ_SIZE 0x0F
89 #define CMD_HEADER_SIZE 5
90 struct type4_cmd { /* iso 7816 */
97 } __attribute__((packed));
99 struct type4_NDEF_file_control_tlv {
100 uint8_t tag ; /* should be 4 */
101 uint8_t len ; /* should be 6 */
103 uint16_t max_ndef_size ;
104 uint8_t read_access ;
105 uint8_t write_access ;
106 } __attribute__((packed));
108 struct type4_cc { /* Capability Container */
110 uint8_t mapping_version;
111 uint16_t max_R_apdu_data_size;
112 uint16_t max_C_apdu_data_size;
113 struct type4_NDEF_file_control_tlv tlv_fc ;
114 uint8_t tlv_blocks[];
115 } __attribute__((packed));
119 uint8_t key_settings;
120 uint8_t number_of_keys;
122 uint8_t iso_appname[7];
123 } __attribute__((packed));
125 struct desfire_std_file {
129 uint8_t access_rights[2];
131 } __attribute__((packed));
133 struct desfire_cc_file {
142 uint8_t ndef_size[2];
144 uint8_t write_access;
145 } __attribute__((packed));
148 uint32_t adapter_idx;
151 struct near_tag *tag;
153 uint16_t r_apdu_max_size;
154 uint16_t c_apdu_max_size;
155 uint16_t max_ndef_size;
156 uint8_t write_access;
157 struct near_ndef_message *ndef;
158 uint16_t memory_size;
161 /* ISO functions: This code prepares APDU */
162 static int ISO_send_cmd(uint8_t class,
167 uint8_t cmd_data_length,
172 struct type4_cmd *cmd;
173 struct t4_cookie *in_rcv = in_data;
174 uint8_t total_cmd_length;
177 DBG("CLA-%02x INS-%02x P1-%02x P2-%02x",
178 class, instruction, param1, param2);
182 total_cmd_length = APDU_HEADER_LEN + cmd_data_length;
184 total_cmd_length = APDU_HEADER_LEN;
185 } else { /* Extra byte for Le */
186 total_cmd_length = APDU_HEADER_LEN + cmd_data_length + 1;
189 cmd = g_try_malloc0(total_cmd_length);
191 DBG("Mem alloc failed");
197 cmd->instruction = instruction ;
198 cmd->param1 = param1 ;
199 cmd->param2 = param2 ;
200 cmd->data_length = cmd_data_length;
203 memcpy(cmd->data, cmd_data, cmd_data_length);
204 /* The Le byte set to 0x00 defined that any length
205 * of PICC response is allowed */
207 cmd->data[cmd_data_length] = 0;
210 err = near_adapter_send(in_rcv->adapter_idx, (uint8_t *) cmd,
211 total_cmd_length, cb, in_rcv);
216 /* On exit, clean memory */
222 /* ISO 7816 command: Select applications or files
223 * p1=0 select by "file id"
224 * P1=4 select by "DF name"
226 static int ISO_Select(uint8_t *filename, uint8_t fnamelen, uint8_t P1,
227 near_recv cb, void *cookie)
233 0xA4, /* INS: Select file */
234 P1, /* P1: select by name */
235 0x00, /* P2: First or only occurrence */
236 filename, /* cmd_data */
237 fnamelen, /* uint8_t cmd_data_length*/
243 /* ISO 7816 command: Read binary data from files */
244 static int ISO_ReadBinary(uint16_t offset, uint8_t readsize,
245 near_recv cb, void *cookie)
250 0xB0, /* INS: Select file */
251 (uint8_t) ((offset & 0xFF00) >> 8),
252 (uint8_t) (offset & 0xFF),
253 0, /* no data send */
254 readsize, /* bytes to read */
260 /* ISO 7816 command: Update data */
261 static int ISO_Update(uint16_t offset, uint8_t nlen,
262 uint8_t *data, near_recv cb, void *cookie)
267 0xD6, /* INS: Select file */
268 (uint8_t) ((offset & 0xFF00) >> 8),
269 (uint8_t) (offset & 0xFF),
270 data, /* length of NDEF data */
271 nlen, /* NLEN + NDEF data */
277 static int t4_cookie_release(int err, void *data)
279 struct t4_cookie *cookie = data;
286 if (err < 0 && cookie->cb)
287 cookie->cb(cookie->adapter_idx, cookie->target_idx, err);
290 g_free(cookie->ndef->data);
292 g_free(cookie->ndef);
298 static int data_read_cb(uint8_t *resp, int length, void *data)
300 struct t4_cookie *cookie = data ;
302 size_t data_length, length_read, current_length;
303 uint16_t remain_bytes;
309 return t4_cookie_release(err, cookie);
311 if (APDU_STATUS(resp + length - 2) != APDU_OK) {
312 DBG("Fail read_cb SW:x%04x", APDU_STATUS(resp + length - 2));
314 return t4_cookie_release(err, cookie);
317 nfc_data = near_tag_get_data(cookie->tag, &data_length);
319 /* Remove SW1 / SW2 and NFC header */
320 length_read = length - NFC_HEADER_SIZE - 2 ;
321 length = length_read;
323 current_length = cookie->read_data;
325 if (current_length + (length_read) > data_length)
326 length_read = data_length - current_length;
328 memcpy(nfc_data + current_length, resp + NFC_HEADER_SIZE, length_read);
329 if (current_length + length_read == data_length) {
334 records = near_ndef_parse(nfc_data, data_length);
335 near_tag_add_records(cookie->tag, records, cookie->cb, 0);
341 cookie->read_data += length ;
342 remain_bytes = (data_length - cookie->read_data);
344 if (remain_bytes >= cookie->r_apdu_max_size)
345 err = ISO_ReadBinary(cookie->read_data + 2,
346 cookie->r_apdu_max_size, data_read_cb, cookie);
348 err = ISO_ReadBinary(cookie->read_data + 2,
349 (uint8_t) remain_bytes, data_read_cb, cookie);
356 return t4_cookie_release(err, cookie);
359 static int t4_readbin_NDEF_ID(uint8_t *resp, int length, void *data)
361 struct t4_cookie *cookie = data;
362 struct near_tag *tag;
372 if (APDU_STATUS(resp + length - 2) != APDU_OK) {
373 DBG("Fail SW:x%04x", APDU_STATUS(resp + length - 2));
378 /* Add data to the tag */
379 err = near_tag_add_data(cookie->adapter_idx, cookie->target_idx, NULL,
380 g_ntohs(*((uint16_t *)(resp + NFC_STATUS_BYTE_LEN))));
384 tag = near_tag_get_tag(cookie->adapter_idx, cookie->target_idx);
390 near_tag_set_max_ndef_size(tag, cookie->max_ndef_size);
391 near_tag_set_c_apdu_max_size(tag, cookie->c_apdu_max_size);
392 near_tag_set_blank(tag, FALSE);
397 /* Set write conditions */
398 if (cookie->write_access == T4_READ_ONLY)
399 near_tag_set_ro(tag, TRUE);
401 near_tag_set_ro(tag, FALSE);
404 * TODO: see how we can get the UID value:
405 * near_tag_set_uid(tag, resp + NFC_HEADER_SIZE, 8);
409 err = ISO_ReadBinary(2, cookie->r_apdu_max_size - 2,
410 data_read_cb, cookie);
417 return t4_cookie_release(err, cookie);
420 static int t4_select_NDEF_ID(uint8_t *resp, int length, void *data)
422 struct t4_cookie *cookie = data;
432 /* Check for APDU error */
433 if (APDU_STATUS(resp + STATUS_WORD_1) != APDU_OK) {
434 DBG("Fail SW:x%04x", APDU_STATUS(resp + STATUS_WORD_1));
439 /* Read 0x0f bytes, to grab the NDEF msg length */
440 err = ISO_ReadBinary(0, LEN_ISO_CC_READ_SIZE,
441 t4_readbin_NDEF_ID, cookie);
448 return t4_cookie_release(err, cookie);
451 static int t4_readbin_cc(uint8_t *resp, int length, void *data)
453 struct t4_cookie *cookie = data;
454 struct type4_cc *read_cc;
464 /* Check APDU error ( the two last bytes of the resp) */
465 if (APDU_STATUS(resp + length - 2) != APDU_OK) {
466 DBG("Fail SW:x%04x", APDU_STATUS(resp + length - 2));
471 /* -2 for status word and -1 is for NFC first byte... */
472 read_cc = g_try_malloc0(length - 2 - NFC_STATUS_BYTE_LEN);
473 if (read_cc == NULL) {
474 DBG("Mem alloc failed");
479 memcpy(read_cc, &resp[1], length - 2 - NFC_STATUS_BYTE_LEN) ;
481 cookie->r_apdu_max_size = g_ntohs(read_cc->max_R_apdu_data_size) -
483 cookie->c_apdu_max_size = g_ntohs(read_cc->max_C_apdu_data_size);
484 cookie->max_ndef_size = g_ntohs(read_cc->tlv_fc.max_ndef_size);
486 /* TODO 5.1.1: TLV blocks can be zero, one or more... */
487 /* TODO 5.1.2: Must ignore proprietary blocks (x05)... */
488 if (read_cc->tlv_fc.tag != 0x4) {
489 DBG("NDEF File Control tag not found");
494 /* save rw conditions */
495 cookie->write_access = read_cc->tlv_fc.write_access;
497 err = ISO_Select((uint8_t *) &read_cc->tlv_fc.file_id,
498 LEN_ISO_CC_FILEID, 0, t4_select_NDEF_ID, cookie);
505 return t4_cookie_release(err, cookie);
508 static int t4_select_cc(uint8_t *resp, int length, void *data)
510 struct t4_cookie *cookie = data;
520 /* Check for APDU error */
521 if (APDU_STATUS(resp + STATUS_WORD_1) != APDU_OK) {
523 DBG(" Found empty tag");
524 /* Add data to the tag */
525 err = near_tag_add_data(cookie->adapter_idx, cookie->target_idx,
526 NULL, 1 /* dummy length */);
530 cookie->tag = near_tag_get_tag(cookie->adapter_idx,
532 if (cookie->tag == NULL) {
537 near_tag_set_blank(cookie->tag, TRUE);
540 cookie->cb(cookie->adapter_idx, cookie->target_idx, 0);
542 return t4_cookie_release(0, cookie);
545 err = ISO_ReadBinary(0, LEN_ISO_CC_READ_SIZE, t4_readbin_cc, cookie);
552 return t4_cookie_release(err, cookie);
555 static int t4_select_file_by_name_v1(uint8_t *resp, int length, void *data)
557 struct t4_cookie *cookie = data;
567 /* Check for APDU error */
568 if (APDU_STATUS(resp + STATUS_WORD_1) != APDU_OK) {
569 DBG("V1 Fail SW:x%04x", APDU_STATUS(resp + STATUS_WORD_1));
574 if (resp[NFC_STATUS] != 0) {
579 /* Jump to select phase */
580 err = ISO_Select(iso_cc_fileid, LEN_ISO_CC_FILEID, 0,
581 t4_select_cc, cookie);
588 return t4_cookie_release(err, cookie);
591 static int t4_select_file_by_name_v2(uint8_t *resp, int length, void *data)
593 struct t4_cookie *cookie = data;
603 /* Check for APDU error - Not found */
604 if (APDU_STATUS(resp + STATUS_WORD_1) == APDU_NOT_FOUND) {
605 DBG("Fallback to V1");
606 err = ISO_Select(iso_appname_v1, ARRAY_SIZE(iso_appname_v1),
607 0x4, t4_select_file_by_name_v1, cookie);
614 if (APDU_STATUS(resp + STATUS_WORD_1) != APDU_OK) {
615 DBG("V2 Fail SW:x%04x", APDU_STATUS(resp + STATUS_WORD_1));
620 if (resp[NFC_STATUS] != 0) {
625 /* Jump to select phase */
626 err = ISO_Select(iso_cc_fileid, LEN_ISO_CC_FILEID, 0,
627 t4_select_cc, cookie);
634 return t4_cookie_release(err, cookie);
637 static int nfctype4_read(uint32_t adapter_idx,
638 uint32_t target_idx, near_tag_io_cb cb)
640 struct t4_cookie *cookie;
645 cookie = g_try_malloc0(sizeof(struct t4_cookie));
646 if (cookie == NULL) {
651 cookie->adapter_idx = adapter_idx;
652 cookie->target_idx = target_idx;
655 cookie->read_data = 0;
657 /* Check for V2 type 4 tag */
658 err = ISO_Select(iso_appname_v2, ARRAY_SIZE(iso_appname_v2),
659 0x4, t4_select_file_by_name_v2, cookie);
666 return t4_cookie_release(err, cookie);
669 static int data_write_cb(uint8_t *resp, int length, void *data)
671 struct t4_cookie *cookie = data;
677 return t4_cookie_release(err, cookie);
679 if (APDU_STATUS(resp + length - 2) != APDU_OK) {
680 near_error("write failed SWx%04x",
681 APDU_STATUS(resp + length - 2));
684 return t4_cookie_release(err, cookie);
687 if (cookie->ndef->offset >= cookie->ndef->length) {
689 near_adapter_disconnect(cookie->adapter_idx);
692 cookie->cb(cookie->adapter_idx, cookie->target_idx, 0);
694 return t4_cookie_release(0, cookie);
697 if ((cookie->ndef->length - cookie->ndef->offset) >
698 cookie->c_apdu_max_size) {
699 err = ISO_Update(cookie->ndef->offset,
700 cookie->c_apdu_max_size,
701 cookie->ndef->data + cookie->ndef->offset,
702 data_write_cb, cookie);
703 cookie->ndef->offset += cookie->c_apdu_max_size;
705 err = ISO_Update(cookie->ndef->offset,
706 cookie->ndef->length - cookie->ndef->offset,
707 cookie->ndef->data + cookie->ndef->offset,
708 data_write_cb, cookie);
709 cookie->ndef->offset = cookie->ndef->length;
713 return t4_cookie_release(err, cookie);
718 static int data_write(uint32_t adapter_idx, uint32_t target_idx,
719 struct near_ndef_message *ndef,
720 struct near_tag *tag, near_tag_io_cb cb)
722 struct t4_cookie *cookie;
725 cookie = g_try_malloc0(sizeof(struct t4_cookie));
726 if (cookie == NULL) {
731 cookie->adapter_idx = adapter_idx;
732 cookie->target_idx = target_idx;
735 cookie->read_data = 0;
736 cookie->max_ndef_size = near_tag_get_max_ndef_size(tag);
737 cookie->c_apdu_max_size = near_tag_get_c_apdu_max_size(tag);
740 if (cookie->max_ndef_size < cookie->ndef->length) {
741 near_error("not enough space on tag to write data");
746 if ((cookie->ndef->length - cookie->ndef->offset) >
747 cookie->c_apdu_max_size) {
748 err = ISO_Update(cookie->ndef->offset,
749 cookie->c_apdu_max_size,
751 data_write_cb, cookie);
752 cookie->ndef->offset += cookie->c_apdu_max_size;
754 err = ISO_Update(cookie->ndef->offset,
755 cookie->ndef->length,
757 data_write_cb, cookie);
758 cookie->ndef->offset = cookie->ndef->length;
767 return t4_cookie_release(err, cookie);
770 static int nfctype4_write(uint32_t adapter_idx, uint32_t target_idx,
771 struct near_ndef_message *ndef, near_tag_io_cb cb)
773 struct near_tag *tag;
777 if (ndef == NULL || cb == NULL)
780 tag = near_tag_get_tag(adapter_idx, target_idx);
784 return data_write(adapter_idx, target_idx, ndef, tag, cb);
787 static int check_presence(uint8_t *resp, int length, void *data)
789 struct t4_cookie *cookie = data;
798 cookie->cb(cookie->adapter_idx,
799 cookie->target_idx, err);
801 return t4_cookie_release(err, cookie);
804 static int nfctype4_check_presence(uint32_t adapter_idx,
805 uint32_t target_idx, near_tag_io_cb cb)
807 struct t4_cookie *cookie;
812 cookie = g_try_malloc0(sizeof(struct t4_cookie));
813 if (cookie == NULL) {
818 cookie->adapter_idx = adapter_idx;
819 cookie->target_idx = target_idx;
822 cookie->read_data = 0;
824 /* Check for V2 type 4 tag */
825 err = ISO_Select(iso_appname_v2, ARRAY_SIZE(iso_appname_v2),
826 0x4, check_presence, cookie);
833 return t4_cookie_release(err, cookie);
836 static int select_ndef_file(uint8_t *resp, int length, void *data)
838 struct t4_cookie *cookie = data;
848 if (APDU_STATUS(resp + STATUS_WORD_1) != APDU_OK) {
849 near_error("select ndef file resp failed %02X",
855 DBG("ndef file selected");
858 cookie->cb(cookie->adapter_idx, cookie->target_idx, 0);
861 return t4_cookie_release(err, cookie);
864 static int read_cc_file(uint8_t *resp, int length, void *data)
866 struct t4_cookie *cookie = data;
867 struct near_tag *tag;
868 struct type4_cc *read_cc = NULL;
878 /* Check APDU error ( the two last bytes of the resp) */
879 if (APDU_STATUS(resp + length - 2) != APDU_OK) {
880 near_error("read cc failed SWx%04x",
881 APDU_STATUS(resp + length - 2));
886 /* -2 for status word and -1 is for NFC first byte... */
887 read_cc = g_try_malloc0(length - 2 - NFC_STATUS_BYTE_LEN);
888 if (read_cc == NULL) {
893 memcpy(read_cc, &resp[1], length - 2 - NFC_STATUS_BYTE_LEN) ;
894 cookie->c_apdu_max_size = g_ntohs(read_cc->max_C_apdu_data_size);
895 cookie->max_ndef_size = g_ntohs(read_cc->tlv_fc.max_ndef_size);
897 tag = near_tag_get_tag(cookie->adapter_idx, cookie->target_idx);
903 near_tag_set_max_ndef_size(tag, cookie->memory_size);
904 near_tag_set_c_apdu_max_size(tag, cookie->c_apdu_max_size);
906 if (read_cc->tlv_fc.tag != 0x4) {
907 near_error("NDEF File not found") ;
912 err = ISO_Select((uint8_t *)&read_cc->tlv_fc.file_id,
913 LEN_ISO_CC_FILEID, 0, select_ndef_file, cookie);
915 near_error("select ndef file req failed %d", err);
924 return t4_cookie_release(err, cookie);
927 static int select_cc_file(uint8_t *resp, int length, void *data)
930 struct t4_cookie *cookie = data;
933 near_error("CC file select resp failed %d", length);
938 if (APDU_STATUS(resp + STATUS_WORD_1) != APDU_OK) {
939 near_error("CC file select response %02X",
945 err = ISO_ReadBinary(0, LEN_ISO_CC_READ_SIZE, read_cc_file, cookie);
947 near_error("read cc file req failed %d", err);
954 return t4_cookie_release(err, cookie);
957 static int select_iso_appname_v2(uint8_t *resp, int length, void *data)
960 struct t4_cookie *cookie = data;
963 near_error("iso app select resp failed %d", length);
968 if (resp[NFC_STATUS] != 0x00) {
969 near_error("iso app select response %02X",
975 err = ISO_Select(iso_cc_fileid, LEN_ISO_CC_FILEID, 0,
976 select_cc_file, cookie);
978 near_error("select cc req failed %d", err);
985 return t4_cookie_release(err, cookie);
988 static int format_resp(uint8_t *resp, int length, void *data)
991 struct t4_cookie *cookie = data;
992 struct near_tag *tag;
997 near_error("write data to ndef file resp failed %d", length);
1002 if (APDU_STATUS(resp + 1) != PICC_LEVEL_APDU_OK) {
1003 near_error("wrtie data to ndef file response %02X",
1009 tag = near_tag_get_tag(cookie->adapter_idx, cookie->target_idx);
1015 DBG("Formatting is done");
1016 near_tag_set_blank(tag, FALSE);
1019 * 1) Till now all commands which are used for formatting are
1020 * at mifare desfire level. Now select iso appname_v2,
1021 * cc file and ndef file with ISO 7816-4 commands.
1022 * 2) Selecting ndef file means making sure that read write
1023 * operations will perform on NDEF file.
1025 err = ISO_Select(iso_appname_v2, ARRAY_SIZE(iso_appname_v2),
1026 0x4, select_iso_appname_v2, cookie);
1028 near_error("iso_select appnamev2 req failed %d", err);
1035 return t4_cookie_release(err, cookie);
1038 static int write_data_to_ndef_file(uint8_t *resp, int length, void *data)
1041 struct t4_cookie *cookie = data;
1042 uint8_t *cmd_data = NULL;
1043 uint8_t cmd_data_length;
1044 uint8_t ndef_file_offset[] = {0x00, 0x00, 0x00};
1045 uint8_t empty_ndef_file_len[] = {0x02, 0x00, 0x00}; /* 000002h */
1046 uint8_t ndef_nlen[] = {0x00, 0x00}; /* 0000h */
1051 near_error("create ndef file resp failed %d", length);
1056 if (APDU_STATUS(resp + 1) != PICC_LEVEL_APDU_OK) {
1057 near_error("create ndef file response %02X",
1063 /* Step8 : Write data to NDEF file ( no NDEF message) */
1064 cmd_data_length = 1 /* File num */
1065 + ARRAY_SIZE(ndef_file_offset)
1066 + ARRAY_SIZE(empty_ndef_file_len)
1067 + ARRAY_SIZE(ndef_nlen);
1069 cmd_data = g_try_malloc0(cmd_data_length);
1070 if (cmd_data == NULL) {
1075 cmd_data[0] = DESFIRE_NDEF_FILE_NUM;
1076 memcpy(cmd_data + 1, ndef_file_offset, ARRAY_SIZE(ndef_file_offset));
1077 memcpy(cmd_data + 4, empty_ndef_file_len,
1078 ARRAY_SIZE(empty_ndef_file_len));
1079 memcpy(cmd_data + 7, ndef_nlen, ARRAY_SIZE(ndef_nlen));
1081 err = ISO_send_cmd(PICC_CLASS, WRITE_DATA_TO_FILE,
1082 0x00, 0x00, cmd_data, cmd_data_length,
1083 TRUE, format_resp, cookie);
1085 near_error("wrtie data to ndef file req failed %d", err);
1094 return t4_cookie_release(err, cookie);
1097 static int create_ndef_file(uint8_t *resp, int length, void *data)
1100 struct t4_cookie *cookie = data;
1101 struct desfire_std_file *ndef = NULL;
1102 uint8_t iso_ndef_file_id[] = {0x04, 0xE1}; /* E104h */
1103 uint8_t ndef_file_access_rights[] = {0xE0, 0xEE}; /* EEE0h */
1108 near_error("write data to cc file resp failed %d", length);
1113 if (APDU_STATUS(resp + 1) != PICC_LEVEL_APDU_OK) {
1114 near_error("write data to cc file response %02X",
1120 ndef = g_try_malloc0(sizeof(struct desfire_std_file));
1126 ndef->file_num = DESFIRE_NDEF_FILE_NUM;
1127 memcpy(ndef->file_id, iso_ndef_file_id, ARRAY_SIZE(iso_ndef_file_id));
1128 ndef->comm_set = DESFIRE_COMMSET;
1129 memcpy(ndef->access_rights, ndef_file_access_rights,
1130 ARRAY_SIZE(ndef_file_access_rights));
1132 ndef->size[1] = (uint8_t) (cookie->memory_size >> 8);
1133 ndef->size[2] = (uint8_t) cookie->memory_size;
1135 err = ISO_send_cmd(PICC_CLASS, CREATE_STD_DATA_FILE,
1136 0x00, 0x00, (uint8_t *)ndef,
1137 sizeof(struct desfire_std_file),
1138 TRUE, write_data_to_ndef_file, cookie);
1140 near_error("create ndef file req failed %d", err);
1149 return t4_cookie_release(err, cookie);
1152 static int write_data_to_cc_file(uint8_t *resp, int length, void *data)
1155 struct t4_cookie *cookie = data;
1156 struct desfire_cc_file *cc = NULL;
1157 uint8_t cc_file_offset[] = {0x00, 0x00, 0x00};
1158 uint8_t cc_file_max_len[] = {0x0F, 0x00, 0x00}; /* 00000Fh */
1159 uint8_t cc_len[] = {0x00, 0x0F}; /* 000Fh*/
1160 uint8_t mle_r_apdu[] = {0x00, 0x3B}; /* 003Bh */
1161 uint8_t mlc_c_apdu[] = {0x00, 0x34}; /* 0034h */
1162 /* T: 04, L: 06: V: E104h (NDEF ISO FID = E104h)*/
1163 uint8_t ndef_tlv[] = {0x04, 0x06, 0xE1, 0x04};
1169 near_error("create cc file resp failed %d", length);
1174 if (APDU_STATUS(resp + 1) != PICC_LEVEL_APDU_OK) {
1175 near_error("create cc file response %02X",
1181 cc = g_try_malloc0(sizeof(struct desfire_cc_file));
1187 cc->file_num = DESFIRE_CC_FILE_NUM;
1188 memcpy(cc->offset, cc_file_offset, ARRAY_SIZE(cc_file_offset));
1189 memcpy(cc->max_len, cc_file_max_len, ARRAY_SIZE(cc_file_max_len));
1190 memcpy(cc->cc_len, cc_len, ARRAY_SIZE(cc_len));
1191 cc->version = MAPPING_VERSION;
1192 memcpy(cc->mle, mle_r_apdu, ARRAY_SIZE(mle_r_apdu));
1193 memcpy(cc->mlc, mlc_c_apdu, ARRAY_SIZE(mlc_c_apdu));
1194 memcpy(cc->ndef_tlv, ndef_tlv, ARRAY_SIZE(ndef_tlv));
1195 cc->ndef_size[0] = (uint8_t) (cookie->memory_size >> 8);
1196 cc->ndef_size[1] = (uint8_t) cookie->memory_size;
1197 cc->read_access = FREE_READ_ACCESS;
1198 cc->write_access = FREE_WRITE_ACCESS;
1200 err = ISO_send_cmd(PICC_CLASS, WRITE_DATA_TO_FILE,
1201 0x00, 0x00, (uint8_t *)cc,
1202 sizeof(struct desfire_cc_file),
1203 TRUE, create_ndef_file, cookie);
1205 near_error("write data to cc file req failed %d", err);
1214 return t4_cookie_release(err, cookie);
1217 static int create_cc_file(uint8_t *resp, int length, void *data)
1220 struct t4_cookie *cookie = data;
1221 struct desfire_std_file *cc = NULL;
1222 uint8_t iso_cc_file_id[] = {0x03, 0xe1}; /* E103h */
1223 uint8_t cc_file_access_rights[] = {0xE0, 0xEE}; /* EEE0h */
1224 uint8_t cc_file_max_len[] = {0x0F, 0x00, 0x00}; /* 00000Fh */
1229 near_error("select application1 resp failed %d", length);
1234 if (APDU_STATUS(resp + 1) != PICC_LEVEL_APDU_OK) {
1235 near_error("select application1 response %02X",
1241 cc = g_try_malloc0(sizeof(struct desfire_std_file));
1247 cc->file_num = DESFIRE_CC_FILE_NUM;
1248 memcpy(cc->file_id, iso_cc_file_id, ARRAY_SIZE(iso_cc_file_id));
1249 cc->comm_set = DESFIRE_COMMSET;
1250 memcpy(cc->access_rights, cc_file_access_rights,
1251 ARRAY_SIZE(cc_file_access_rights));
1252 memcpy(cc->size, cc_file_max_len, ARRAY_SIZE(cc_file_max_len));
1254 err = ISO_send_cmd(PICC_CLASS,
1255 CREATE_STD_DATA_FILE,
1256 0x00, 0x00, (uint8_t *)cc,
1257 sizeof(struct desfire_std_file),
1258 TRUE, write_data_to_cc_file, cookie);
1260 near_error("create cc file req failed %d", err);
1269 return t4_cookie_release(err, cookie);
1272 static int select_application_1(uint8_t *resp, int length, void *data)
1275 struct t4_cookie *cookie = data;
1276 uint8_t *cmd_data = NULL;
1277 uint8_t cmd_data_length;
1278 uint8_t desfire_aid_1[] = {0x01, 0x00, 0x00}; /* 000001h */
1283 near_error("create application resp failed %d", length);
1288 if (APDU_STATUS(resp + 1) != PICC_LEVEL_APDU_OK) {
1289 near_error("create application response %02X",
1295 /* Step4 : Select application (which is created just now) */
1296 cmd_data_length = ARRAY_SIZE(desfire_aid_1);
1297 cmd_data = g_try_malloc0(cmd_data_length);
1298 if (cmd_data == NULL) {
1303 memcpy(cmd_data, desfire_aid_1, cmd_data_length);
1304 err = ISO_send_cmd(PICC_CLASS, SELECT_APPLICATION,
1305 0x00, 0x00, cmd_data, cmd_data_length,
1306 TRUE, create_cc_file, cookie);
1308 near_error("select application1 req failed %d", err);
1317 return t4_cookie_release(err, cookie);
1320 static int create_application(uint8_t *resp, int length, void *data)
1323 struct t4_cookie *cookie = data;
1324 uint8_t desfire_aid_1[] = {0x01, 0x00, 0x00}; /* 000001h */
1325 uint8_t desfire_file_id[] = {0x10, 0xE1}; /* E110h */
1326 struct desfire_app *app = NULL;
1331 near_error("select application resp failed %d", length);
1336 if (APDU_STATUS(resp + 1) != PICC_LEVEL_APDU_OK) {
1337 near_error("select application response %02X",
1343 app = g_try_malloc0(sizeof(struct desfire_app));
1349 memcpy(app->aid, desfire_aid_1, ARRAY_SIZE(desfire_aid_1));
1350 app->key_settings = DESFIRE_KEY_SETTINGS;
1351 app->number_of_keys = DESFIRE_NUM_OF_KEYS;
1352 memcpy(app->file_id, desfire_file_id, ARRAY_SIZE(desfire_file_id));
1353 memcpy(app->iso_appname, iso_appname_v2, ARRAY_SIZE(iso_appname_v2));
1355 /* Step3 : Create Application */
1356 err = ISO_send_cmd(PICC_CLASS, CREATE_APPLICATION,
1357 0x00, 0x00, (uint8_t *)app,
1358 sizeof(struct desfire_app),
1359 TRUE, select_application_1, cookie);
1361 near_error("create application req failed %d", err);
1370 return t4_cookie_release(err, cookie);
1373 static int select_application(uint8_t *resp, int length, void *data)
1376 struct t4_cookie *cookie = data;
1377 uint8_t *cmd_data = NULL;
1378 uint8_t cmd_data_length;
1379 uint8_t desfire_aid[] = {0x00, 0x00, 0x00}; /* 000000h */
1384 near_error("get version3 resp failed %d", length);
1389 if (resp[length - 1] != 0x00) {
1390 near_error("get version3 response %02X",
1397 cmd_data_length = ARRAY_SIZE(desfire_aid);
1398 cmd_data = g_try_malloc0(cmd_data_length);
1399 if (cmd_data == NULL) {
1404 memcpy(cmd_data, desfire_aid, cmd_data_length);
1405 /* Step2 : Select Application */
1406 err = ISO_send_cmd(PICC_CLASS,
1408 0x00, 0x00, cmd_data, cmd_data_length,
1409 TRUE, create_application, cookie);
1411 near_error("select application req failed %d", err);
1420 return t4_cookie_release(err, cookie);
1423 static int get_version_frame3(uint8_t *resp, int length, void *data)
1426 struct t4_cookie *cookie = data;
1431 near_error("get version2 resp failed %d", length);
1436 if (resp[4] == 0x01 /* Major Version */
1437 && resp[length - 1] == GET_VERSION_FRAME_RESPONSE_BYTE) {
1439 err = ISO_send_cmd(PICC_CLASS,
1440 GET_VERSION_FRAME_RESPONSE_BYTE,
1441 0x00, 0x00, NULL, 0, FALSE,
1442 select_application, cookie);
1444 near_error("get version3 req failed %d", err);
1448 near_error("get version2 response %02X", resp[length - 1]);
1456 return t4_cookie_release(err, cookie);
1459 static int get_version_frame2(uint8_t *resp, int length, void *data)
1462 struct t4_cookie *cookie = data;
1467 near_error(" get version resp failed %d", length);
1472 if (resp[4] == 0x01 /* Major Version */
1473 && resp[length - 1] == GET_VERSION_FRAME_RESPONSE_BYTE) {
1476 * When N is the GET_VERSION response 6th byte,
1477 * the DESFire tag memory size is 2 ^ (N /2).
1479 cookie->memory_size = (1 << (resp[6] / 2));
1480 err = ISO_send_cmd(PICC_CLASS,
1481 GET_VERSION_FRAME_RESPONSE_BYTE,
1482 0x00, 0x00, NULL, 0, FALSE,
1483 get_version_frame3, cookie);
1485 near_error("get version2 req failed %d", err);
1489 near_error("get version response %02X", resp[length - 1]);
1497 return t4_cookie_release(err, cookie);
1500 /* Steps to format Type 4 (MIFARE DESFire EV1) tag as per AN1104.pdf from nxp.
1501 * 1) Get version to determine memory size of tag
1502 * 2) Select applciation with AID equal to 000000h (PICC level)
1503 * 3) Create application with AID equal to 000001h
1504 * 4) Select application (Select previously created application in step3)
1505 * 5) Create std data file with File number equal to 01h (CC file), ISOFileID
1506 * equal to E103h, ComSet equal to 00h, AccesRights to EEEEh, FileSize bigger
1508 * 6) Write data to CC file with CCLEN equal to 000Fh, Mapping version equal to
1509 * 20h, MLe equal to 003Bh, MLc equal to 0034h, and NDEF File control TLV
1510 * equal to: T=04h, L=06h, V=E1 04 (NDEF ISO FID = E104h), 08 00 (NDEF File
1511 * size = 2048 Bytes) 00 (free read access) 00 (free write access)
1512 * 7) Create std data file with File number equal to 02h (NDEF File DESFireFId),
1513 * ISO FileID equal to E104h, ComSet equal to 00h, ComSet equal to 00h,
1514 * AccessRights equal to EEE0h, FileSize equal to 000800h (2048 bytes)
1515 * 8) Write data to write content of the NDEF File with NLEN equal to 0000h, and
1517 * 9) Now Formatting is done, then select ISO appname2, select CC file and read.
1518 * 10) Select NDEF file (by doing last two steps means, making sure that read
1519 * write operations perform on NDEF file).
1522 static int nfctype4_format(uint32_t adapter_idx, uint32_t target_idx,
1526 struct t4_cookie *cookie;
1530 cookie = g_try_malloc0(sizeof(struct t4_cookie));
1534 cookie->adapter_idx = adapter_idx;
1535 cookie->target_idx = target_idx;
1538 /* Step1 : Get Version */
1539 err = ISO_send_cmd(PICC_CLASS, GET_VERSION,
1540 0x00, 0x00, NULL, 0, FALSE,
1541 get_version_frame2, cookie);
1544 near_error("get version req failed %d", err);
1551 static struct near_tag_driver type4_driver = {
1552 .type = NFC_PROTO_ISO14443,
1553 .priority = NEAR_TAG_PRIORITY_DEFAULT,
1554 .read = nfctype4_read,
1555 .write = nfctype4_write,
1556 .check_presence = nfctype4_check_presence,
1557 .format = nfctype4_format,
1560 static int nfctype4_init(void)
1564 return near_tag_driver_register(&type4_driver);
1567 static void nfctype4_exit(void)
1571 near_tag_driver_unregister(&type4_driver);
1574 NEAR_PLUGIN_DEFINE(nfctype4, "NFC Forum Type 4 tags support", VERSION,
1575 NEAR_PLUGIN_PRIORITY_HIGH, nfctype4_init, nfctype4_exit)