linux/net/nfc/digital_technology.c
<<
>>
Prefs
   1/*
   2 * NFC Digital Protocol stack
   3 * Copyright (c) 2013, Intel Corporation.
   4 *
   5 * This program is free software; you can redistribute it and/or modify it
   6 * under the terms and conditions of the GNU General Public License,
   7 * version 2, as published by the Free Software Foundation.
   8 *
   9 * This program is distributed in the hope it will be useful, but WITHOUT
  10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  11 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
  12 * more details.
  13 *
  14 */
  15
  16#define pr_fmt(fmt) "digital: %s: " fmt, __func__
  17
  18#include "digital.h"
  19
  20#define DIGITAL_CMD_SENS_REQ    0x26
  21#define DIGITAL_CMD_ALL_REQ     0x52
  22#define DIGITAL_CMD_SEL_REQ_CL1 0x93
  23#define DIGITAL_CMD_SEL_REQ_CL2 0x95
  24#define DIGITAL_CMD_SEL_REQ_CL3 0x97
  25
  26#define DIGITAL_SDD_REQ_SEL_PAR 0x20
  27
  28#define DIGITAL_SDD_RES_CT  0x88
  29#define DIGITAL_SDD_RES_LEN 5
  30#define DIGITAL_SEL_RES_LEN 1
  31
  32#define DIGITAL_SEL_RES_NFCID1_COMPLETE(sel_res) (!((sel_res) & 0x04))
  33#define DIGITAL_SEL_RES_IS_T2T(sel_res) (!((sel_res) & 0x60))
  34#define DIGITAL_SEL_RES_IS_T4T(sel_res) ((sel_res) & 0x20)
  35#define DIGITAL_SEL_RES_IS_NFC_DEP(sel_res) ((sel_res) & 0x40)
  36
  37#define DIGITAL_SENS_RES_IS_T1T(sens_res) (((sens_res) & 0x0C00) == 0x0C00)
  38#define DIGITAL_SENS_RES_IS_VALID(sens_res) \
  39        ((!((sens_res) & 0x001F) && (((sens_res) & 0x0C00) == 0x0C00)) || \
  40        (((sens_res) & 0x001F) && ((sens_res) & 0x0C00) != 0x0C00))
  41
  42#define DIGITAL_MIFARE_READ_RES_LEN 16
  43#define DIGITAL_MIFARE_ACK_RES  0x0A
  44
  45#define DIGITAL_CMD_SENSB_REQ                   0x05
  46#define DIGITAL_SENSB_ADVANCED                  BIT(5)
  47#define DIGITAL_SENSB_EXTENDED                  BIT(4)
  48#define DIGITAL_SENSB_ALLB_REQ                  BIT(3)
  49#define DIGITAL_SENSB_N(n)                      ((n) & 0x7)
  50
  51#define DIGITAL_CMD_SENSB_RES                   0x50
  52
  53#define DIGITAL_CMD_ATTRIB_REQ                  0x1D
  54#define DIGITAL_ATTRIB_P1_TR0_DEFAULT           (0x0 << 6)
  55#define DIGITAL_ATTRIB_P1_TR1_DEFAULT           (0x0 << 4)
  56#define DIGITAL_ATTRIB_P1_SUPRESS_EOS           BIT(3)
  57#define DIGITAL_ATTRIB_P1_SUPRESS_SOS           BIT(2)
  58#define DIGITAL_ATTRIB_P2_LISTEN_POLL_1         (0x0 << 6)
  59#define DIGITAL_ATTRIB_P2_POLL_LISTEN_1         (0x0 << 4)
  60#define DIGITAL_ATTRIB_P2_MAX_FRAME_256         0x8
  61#define DIGITAL_ATTRIB_P4_DID(n)                ((n) & 0xf)
  62
  63#define DIGITAL_CMD_SENSF_REQ   0x00
  64#define DIGITAL_CMD_SENSF_RES   0x01
  65
  66#define DIGITAL_SENSF_RES_MIN_LENGTH 17
  67#define DIGITAL_SENSF_RES_RD_AP_B1   0x00
  68#define DIGITAL_SENSF_RES_RD_AP_B2   0x8F
  69
  70#define DIGITAL_SENSF_REQ_RC_NONE 0
  71#define DIGITAL_SENSF_REQ_RC_SC   1
  72#define DIGITAL_SENSF_REQ_RC_AP   2
  73
  74#define DIGITAL_CMD_ISO15693_INVENTORY_REQ      0x01
  75
  76#define DIGITAL_ISO15693_REQ_FLAG_DATA_RATE     BIT(1)
  77#define DIGITAL_ISO15693_REQ_FLAG_INVENTORY     BIT(2)
  78#define DIGITAL_ISO15693_REQ_FLAG_NB_SLOTS      BIT(5)
  79#define DIGITAL_ISO15693_RES_FLAG_ERROR         BIT(0)
  80#define DIGITAL_ISO15693_RES_IS_VALID(flags) \
  81        (!((flags) & DIGITAL_ISO15693_RES_FLAG_ERROR))
  82
  83#define DIGITAL_ISO_DEP_I_PCB    0x02
  84#define DIGITAL_ISO_DEP_PNI(pni) ((pni) & 0x01)
  85
  86#define DIGITAL_ISO_DEP_PCB_TYPE(pcb) ((pcb) & 0xC0)
  87
  88#define DIGITAL_ISO_DEP_I_BLOCK 0x00
  89
  90#define DIGITAL_ISO_DEP_BLOCK_HAS_DID(pcb) ((pcb) & 0x08)
  91
  92static const u8 digital_ats_fsc[] = {
  93         16,  24,  32,  40,  48,  64,  96, 128,
  94};
  95
  96#define DIGITAL_ATS_FSCI(t0) ((t0) & 0x0F)
  97#define DIGITAL_SENSB_FSCI(pi2) (((pi2) & 0xF0) >> 4)
  98#define DIGITAL_ATS_MAX_FSC  256
  99
 100#define DIGITAL_RATS_BYTE1 0xE0
 101#define DIGITAL_RATS_PARAM 0x80
 102
 103struct digital_sdd_res {
 104        u8 nfcid1[4];
 105        u8 bcc;
 106} __packed;
 107
 108struct digital_sel_req {
 109        u8 sel_cmd;
 110        u8 b2;
 111        u8 nfcid1[4];
 112        u8 bcc;
 113} __packed;
 114
 115struct digital_sensb_req {
 116        u8 cmd;
 117        u8 afi;
 118        u8 param;
 119} __packed;
 120
 121struct digital_sensb_res {
 122        u8 cmd;
 123        u8 nfcid0[4];
 124        u8 app_data[4];
 125        u8 proto_info[3];
 126} __packed;
 127
 128struct digital_attrib_req {
 129        u8 cmd;
 130        u8 nfcid0[4];
 131        u8 param1;
 132        u8 param2;
 133        u8 param3;
 134        u8 param4;
 135} __packed;
 136
 137struct digital_attrib_res {
 138        u8 mbli_did;
 139} __packed;
 140
 141struct digital_sensf_req {
 142        u8 cmd;
 143        u8 sc1;
 144        u8 sc2;
 145        u8 rc;
 146        u8 tsn;
 147} __packed;
 148
 149struct digital_sensf_res {
 150        u8 cmd;
 151        u8 nfcid2[8];
 152        u8 pad0[2];
 153        u8 pad1[3];
 154        u8 mrti_check;
 155        u8 mrti_update;
 156        u8 pad2;
 157        u8 rd[2];
 158} __packed;
 159
 160struct digital_iso15693_inv_req {
 161        u8 flags;
 162        u8 cmd;
 163        u8 mask_len;
 164        u64 mask;
 165} __packed;
 166
 167struct digital_iso15693_inv_res {
 168        u8 flags;
 169        u8 dsfid;
 170        u64 uid;
 171} __packed;
 172
 173static int digital_in_send_sdd_req(struct nfc_digital_dev *ddev,
 174                                   struct nfc_target *target);
 175
 176int digital_in_iso_dep_pull_sod(struct nfc_digital_dev *ddev,
 177                                struct sk_buff *skb)
 178{
 179        u8 pcb;
 180        u8 block_type;
 181
 182        if (skb->len < 1)
 183                return -EIO;
 184
 185        pcb = *skb->data;
 186        block_type = DIGITAL_ISO_DEP_PCB_TYPE(pcb);
 187
 188        /* No support fo R-block nor S-block */
 189        if (block_type != DIGITAL_ISO_DEP_I_BLOCK) {
 190                pr_err("ISO_DEP R-block and S-block not supported\n");
 191                return -EIO;
 192        }
 193
 194        if (DIGITAL_ISO_DEP_BLOCK_HAS_DID(pcb)) {
 195                pr_err("DID field in ISO_DEP PCB not supported\n");
 196                return -EIO;
 197        }
 198
 199        skb_pull(skb, 1);
 200
 201        return 0;
 202}
 203
 204int digital_in_iso_dep_push_sod(struct nfc_digital_dev *ddev,
 205                                struct sk_buff *skb)
 206{
 207        /*
 208         * Chaining not supported so skb->len + 1 PCB byte + 2 CRC bytes must
 209         * not be greater than remote FSC
 210         */
 211        if (skb->len + 3 > ddev->target_fsc)
 212                return -EIO;
 213
 214        skb_push(skb, 1);
 215
 216        *skb->data = DIGITAL_ISO_DEP_I_PCB | ddev->curr_nfc_dep_pni;
 217
 218        ddev->curr_nfc_dep_pni =
 219                DIGITAL_ISO_DEP_PNI(ddev->curr_nfc_dep_pni + 1);
 220
 221        return 0;
 222}
 223
 224static void digital_in_recv_ats(struct nfc_digital_dev *ddev, void *arg,
 225                                struct sk_buff *resp)
 226{
 227        struct nfc_target *target = arg;
 228        u8 fsdi;
 229        int rc;
 230
 231        if (IS_ERR(resp)) {
 232                rc = PTR_ERR(resp);
 233                resp = NULL;
 234                goto exit;
 235        }
 236
 237        if (resp->len < 2) {
 238                rc = -EIO;
 239                goto exit;
 240        }
 241
 242        fsdi = DIGITAL_ATS_FSCI(resp->data[1]);
 243        if (fsdi >= 8)
 244                ddev->target_fsc = DIGITAL_ATS_MAX_FSC;
 245        else
 246                ddev->target_fsc = digital_ats_fsc[fsdi];
 247
 248        ddev->curr_nfc_dep_pni = 0;
 249
 250        rc = digital_target_found(ddev, target, NFC_PROTO_ISO14443);
 251
 252exit:
 253        dev_kfree_skb(resp);
 254        kfree(target);
 255
 256        if (rc)
 257                digital_poll_next_tech(ddev);
 258}
 259
 260static int digital_in_send_rats(struct nfc_digital_dev *ddev,
 261                                struct nfc_target *target)
 262{
 263        int rc;
 264        struct sk_buff *skb;
 265
 266        skb = digital_skb_alloc(ddev, 2);
 267        if (!skb)
 268                return -ENOMEM;
 269
 270        skb_put_u8(skb, DIGITAL_RATS_BYTE1);
 271        skb_put_u8(skb, DIGITAL_RATS_PARAM);
 272
 273        rc = digital_in_send_cmd(ddev, skb, 30, digital_in_recv_ats,
 274                                 target);
 275        if (rc)
 276                kfree_skb(skb);
 277
 278        return rc;
 279}
 280
 281static void digital_in_recv_sel_res(struct nfc_digital_dev *ddev, void *arg,
 282                                    struct sk_buff *resp)
 283{
 284        struct nfc_target *target = arg;
 285        int rc;
 286        u8 sel_res;
 287        u8 nfc_proto;
 288
 289        if (IS_ERR(resp)) {
 290                rc = PTR_ERR(resp);
 291                resp = NULL;
 292                goto exit;
 293        }
 294
 295        if (!DIGITAL_DRV_CAPS_IN_CRC(ddev)) {
 296                rc = digital_skb_check_crc_a(resp);
 297                if (rc) {
 298                        PROTOCOL_ERR("4.4.1.3");
 299                        goto exit;
 300                }
 301        }
 302
 303        if (resp->len != DIGITAL_SEL_RES_LEN) {
 304                rc = -EIO;
 305                goto exit;
 306        }
 307
 308        sel_res = resp->data[0];
 309
 310        if (!DIGITAL_SEL_RES_NFCID1_COMPLETE(sel_res)) {
 311                rc = digital_in_send_sdd_req(ddev, target);
 312                if (rc)
 313                        goto exit;
 314
 315                goto exit_free_skb;
 316        }
 317
 318        target->sel_res = sel_res;
 319
 320        if (DIGITAL_SEL_RES_IS_T2T(sel_res)) {
 321                nfc_proto = NFC_PROTO_MIFARE;
 322        } else if (DIGITAL_SEL_RES_IS_NFC_DEP(sel_res)) {
 323                nfc_proto = NFC_PROTO_NFC_DEP;
 324        } else if (DIGITAL_SEL_RES_IS_T4T(sel_res)) {
 325                rc = digital_in_send_rats(ddev, target);
 326                if (rc)
 327                        goto exit;
 328                /*
 329                 * Skip target_found and don't free it for now. This will be
 330                 * done when receiving the ATS
 331                 */
 332                goto exit_free_skb;
 333        } else {
 334                rc = -EOPNOTSUPP;
 335                goto exit;
 336        }
 337
 338        rc = digital_target_found(ddev, target, nfc_proto);
 339
 340exit:
 341        kfree(target);
 342
 343exit_free_skb:
 344        dev_kfree_skb(resp);
 345
 346        if (rc)
 347                digital_poll_next_tech(ddev);
 348}
 349
 350static int digital_in_send_sel_req(struct nfc_digital_dev *ddev,
 351                                   struct nfc_target *target,
 352                                   struct digital_sdd_res *sdd_res)
 353{
 354        struct sk_buff *skb;
 355        struct digital_sel_req *sel_req;
 356        u8 sel_cmd;
 357        int rc;
 358
 359        skb = digital_skb_alloc(ddev, sizeof(struct digital_sel_req));
 360        if (!skb)
 361                return -ENOMEM;
 362
 363        skb_put(skb, sizeof(struct digital_sel_req));
 364        sel_req = (struct digital_sel_req *)skb->data;
 365
 366        if (target->nfcid1_len <= 4)
 367                sel_cmd = DIGITAL_CMD_SEL_REQ_CL1;
 368        else if (target->nfcid1_len < 10)
 369                sel_cmd = DIGITAL_CMD_SEL_REQ_CL2;
 370        else
 371                sel_cmd = DIGITAL_CMD_SEL_REQ_CL3;
 372
 373        sel_req->sel_cmd = sel_cmd;
 374        sel_req->b2 = 0x70;
 375        memcpy(sel_req->nfcid1, sdd_res->nfcid1, 4);
 376        sel_req->bcc = sdd_res->bcc;
 377
 378        if (DIGITAL_DRV_CAPS_IN_CRC(ddev)) {
 379                rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
 380                                NFC_DIGITAL_FRAMING_NFCA_STANDARD_WITH_CRC_A);
 381                if (rc)
 382                        goto exit;
 383        } else {
 384                digital_skb_add_crc_a(skb);
 385        }
 386
 387        rc = digital_in_send_cmd(ddev, skb, 30, digital_in_recv_sel_res,
 388                                 target);
 389exit:
 390        if (rc)
 391                kfree_skb(skb);
 392
 393        return rc;
 394}
 395
 396static void digital_in_recv_sdd_res(struct nfc_digital_dev *ddev, void *arg,
 397                                    struct sk_buff *resp)
 398{
 399        struct nfc_target *target = arg;
 400        struct digital_sdd_res *sdd_res;
 401        int rc;
 402        u8 offset, size;
 403        u8 i, bcc;
 404
 405        if (IS_ERR(resp)) {
 406                rc = PTR_ERR(resp);
 407                resp = NULL;
 408                goto exit;
 409        }
 410
 411        if (resp->len < DIGITAL_SDD_RES_LEN) {
 412                PROTOCOL_ERR("4.7.2.8");
 413                rc = -EINVAL;
 414                goto exit;
 415        }
 416
 417        sdd_res = (struct digital_sdd_res *)resp->data;
 418
 419        for (i = 0, bcc = 0; i < 4; i++)
 420                bcc ^= sdd_res->nfcid1[i];
 421
 422        if (bcc != sdd_res->bcc) {
 423                PROTOCOL_ERR("4.7.2.6");
 424                rc = -EINVAL;
 425                goto exit;
 426        }
 427
 428        if (sdd_res->nfcid1[0] == DIGITAL_SDD_RES_CT) {
 429                offset = 1;
 430                size = 3;
 431        } else {
 432                offset = 0;
 433                size = 4;
 434        }
 435
 436        memcpy(target->nfcid1 + target->nfcid1_len, sdd_res->nfcid1 + offset,
 437               size);
 438        target->nfcid1_len += size;
 439
 440        rc = digital_in_send_sel_req(ddev, target, sdd_res);
 441
 442exit:
 443        dev_kfree_skb(resp);
 444
 445        if (rc) {
 446                kfree(target);
 447                digital_poll_next_tech(ddev);
 448        }
 449}
 450
 451static int digital_in_send_sdd_req(struct nfc_digital_dev *ddev,
 452                                   struct nfc_target *target)
 453{
 454        int rc;
 455        struct sk_buff *skb;
 456        u8 sel_cmd;
 457
 458        rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
 459                                     NFC_DIGITAL_FRAMING_NFCA_STANDARD);
 460        if (rc)
 461                return rc;
 462
 463        skb = digital_skb_alloc(ddev, 2);
 464        if (!skb)
 465                return -ENOMEM;
 466
 467        if (target->nfcid1_len == 0)
 468                sel_cmd = DIGITAL_CMD_SEL_REQ_CL1;
 469        else if (target->nfcid1_len == 3)
 470                sel_cmd = DIGITAL_CMD_SEL_REQ_CL2;
 471        else
 472                sel_cmd = DIGITAL_CMD_SEL_REQ_CL3;
 473
 474        skb_put_u8(skb, sel_cmd);
 475        skb_put_u8(skb, DIGITAL_SDD_REQ_SEL_PAR);
 476
 477        return digital_in_send_cmd(ddev, skb, 30, digital_in_recv_sdd_res,
 478                                   target);
 479}
 480
 481static void digital_in_recv_sens_res(struct nfc_digital_dev *ddev, void *arg,
 482                                     struct sk_buff *resp)
 483{
 484        struct nfc_target *target = NULL;
 485        int rc;
 486
 487        if (IS_ERR(resp)) {
 488                rc = PTR_ERR(resp);
 489                resp = NULL;
 490                goto exit;
 491        }
 492
 493        if (resp->len < sizeof(u16)) {
 494                rc = -EIO;
 495                goto exit;
 496        }
 497
 498        target = kzalloc(sizeof(struct nfc_target), GFP_KERNEL);
 499        if (!target) {
 500                rc = -ENOMEM;
 501                goto exit;
 502        }
 503
 504        target->sens_res = __le16_to_cpu(*(__le16 *)resp->data);
 505
 506        if (!DIGITAL_SENS_RES_IS_VALID(target->sens_res)) {
 507                PROTOCOL_ERR("4.6.3.3");
 508                rc = -EINVAL;
 509                goto exit;
 510        }
 511
 512        if (DIGITAL_SENS_RES_IS_T1T(target->sens_res))
 513                rc = digital_target_found(ddev, target, NFC_PROTO_JEWEL);
 514        else
 515                rc = digital_in_send_sdd_req(ddev, target);
 516
 517exit:
 518        dev_kfree_skb(resp);
 519
 520        if (rc) {
 521                kfree(target);
 522                digital_poll_next_tech(ddev);
 523        }
 524}
 525
 526int digital_in_send_sens_req(struct nfc_digital_dev *ddev, u8 rf_tech)
 527{
 528        struct sk_buff *skb;
 529        int rc;
 530
 531        rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_RF_TECH,
 532                                     NFC_DIGITAL_RF_TECH_106A);
 533        if (rc)
 534                return rc;
 535
 536        rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
 537                                     NFC_DIGITAL_FRAMING_NFCA_SHORT);
 538        if (rc)
 539                return rc;
 540
 541        skb = digital_skb_alloc(ddev, 1);
 542        if (!skb)
 543                return -ENOMEM;
 544
 545        skb_put_u8(skb, DIGITAL_CMD_SENS_REQ);
 546
 547        rc = digital_in_send_cmd(ddev, skb, 30, digital_in_recv_sens_res, NULL);
 548        if (rc)
 549                kfree_skb(skb);
 550
 551        return rc;
 552}
 553
 554int digital_in_recv_mifare_res(struct sk_buff *resp)
 555{
 556        /* Successful READ command response is 16 data bytes + 2 CRC bytes long.
 557         * Since the driver can't differentiate a ACK/NACK response from a valid
 558         * READ response, the CRC calculation must be handled at digital level
 559         * even if the driver supports it for this technology.
 560         */
 561        if (resp->len == DIGITAL_MIFARE_READ_RES_LEN + DIGITAL_CRC_LEN) {
 562                if (digital_skb_check_crc_a(resp)) {
 563                        PROTOCOL_ERR("9.4.1.2");
 564                        return -EIO;
 565                }
 566
 567                return 0;
 568        }
 569
 570        /* ACK response (i.e. successful WRITE). */
 571        if (resp->len == 1 && resp->data[0] == DIGITAL_MIFARE_ACK_RES) {
 572                resp->data[0] = 0;
 573                return 0;
 574        }
 575
 576        /* NACK and any other responses are treated as error. */
 577        return -EIO;
 578}
 579
 580static void digital_in_recv_attrib_res(struct nfc_digital_dev *ddev, void *arg,
 581                                       struct sk_buff *resp)
 582{
 583        struct nfc_target *target = arg;
 584        struct digital_attrib_res *attrib_res;
 585        int rc;
 586
 587        if (IS_ERR(resp)) {
 588                rc = PTR_ERR(resp);
 589                resp = NULL;
 590                goto exit;
 591        }
 592
 593        if (resp->len < sizeof(*attrib_res)) {
 594                PROTOCOL_ERR("12.6.2");
 595                rc = -EIO;
 596                goto exit;
 597        }
 598
 599        attrib_res = (struct digital_attrib_res *)resp->data;
 600
 601        if (attrib_res->mbli_did & 0x0f) {
 602                PROTOCOL_ERR("12.6.2.1");
 603                rc = -EIO;
 604                goto exit;
 605        }
 606
 607        rc = digital_target_found(ddev, target, NFC_PROTO_ISO14443_B);
 608
 609exit:
 610        dev_kfree_skb(resp);
 611        kfree(target);
 612
 613        if (rc)
 614                digital_poll_next_tech(ddev);
 615}
 616
 617static int digital_in_send_attrib_req(struct nfc_digital_dev *ddev,
 618                               struct nfc_target *target,
 619                               struct digital_sensb_res *sensb_res)
 620{
 621        struct digital_attrib_req *attrib_req;
 622        struct sk_buff *skb;
 623        int rc;
 624
 625        skb = digital_skb_alloc(ddev, sizeof(*attrib_req));
 626        if (!skb)
 627                return -ENOMEM;
 628
 629        attrib_req = skb_put(skb, sizeof(*attrib_req));
 630
 631        attrib_req->cmd = DIGITAL_CMD_ATTRIB_REQ;
 632        memcpy(attrib_req->nfcid0, sensb_res->nfcid0,
 633               sizeof(attrib_req->nfcid0));
 634        attrib_req->param1 = DIGITAL_ATTRIB_P1_TR0_DEFAULT |
 635                             DIGITAL_ATTRIB_P1_TR1_DEFAULT;
 636        attrib_req->param2 = DIGITAL_ATTRIB_P2_LISTEN_POLL_1 |
 637                             DIGITAL_ATTRIB_P2_POLL_LISTEN_1 |
 638                             DIGITAL_ATTRIB_P2_MAX_FRAME_256;
 639        attrib_req->param3 = sensb_res->proto_info[1] & 0x07;
 640        attrib_req->param4 = DIGITAL_ATTRIB_P4_DID(0);
 641
 642        rc = digital_in_send_cmd(ddev, skb, 30, digital_in_recv_attrib_res,
 643                                 target);
 644        if (rc)
 645                kfree_skb(skb);
 646
 647        return rc;
 648}
 649
 650static void digital_in_recv_sensb_res(struct nfc_digital_dev *ddev, void *arg,
 651                                      struct sk_buff *resp)
 652{
 653        struct nfc_target *target = NULL;
 654        struct digital_sensb_res *sensb_res;
 655        u8 fsci;
 656        int rc;
 657
 658        if (IS_ERR(resp)) {
 659                rc = PTR_ERR(resp);
 660                resp = NULL;
 661                goto exit;
 662        }
 663
 664        if (resp->len != sizeof(*sensb_res)) {
 665                PROTOCOL_ERR("5.6.2.1");
 666                rc = -EIO;
 667                goto exit;
 668        }
 669
 670        sensb_res = (struct digital_sensb_res *)resp->data;
 671
 672        if (sensb_res->cmd != DIGITAL_CMD_SENSB_RES) {
 673                PROTOCOL_ERR("5.6.2");
 674                rc = -EIO;
 675                goto exit;
 676        }
 677
 678        if (!(sensb_res->proto_info[1] & BIT(0))) {
 679                PROTOCOL_ERR("5.6.2.12");
 680                rc = -EIO;
 681                goto exit;
 682        }
 683
 684        if (sensb_res->proto_info[1] & BIT(3)) {
 685                PROTOCOL_ERR("5.6.2.16");
 686                rc = -EIO;
 687                goto exit;
 688        }
 689
 690        fsci = DIGITAL_SENSB_FSCI(sensb_res->proto_info[1]);
 691        if (fsci >= 8)
 692                ddev->target_fsc = DIGITAL_ATS_MAX_FSC;
 693        else
 694                ddev->target_fsc = digital_ats_fsc[fsci];
 695
 696        target = kzalloc(sizeof(struct nfc_target), GFP_KERNEL);
 697        if (!target) {
 698                rc = -ENOMEM;
 699                goto exit;
 700        }
 701
 702        rc = digital_in_send_attrib_req(ddev, target, sensb_res);
 703
 704exit:
 705        dev_kfree_skb(resp);
 706
 707        if (rc) {
 708                kfree(target);
 709                digital_poll_next_tech(ddev);
 710        }
 711}
 712
 713int digital_in_send_sensb_req(struct nfc_digital_dev *ddev, u8 rf_tech)
 714{
 715        struct digital_sensb_req *sensb_req;
 716        struct sk_buff *skb;
 717        int rc;
 718
 719        rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_RF_TECH,
 720                                     NFC_DIGITAL_RF_TECH_106B);
 721        if (rc)
 722                return rc;
 723
 724        rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
 725                                     NFC_DIGITAL_FRAMING_NFCB);
 726        if (rc)
 727                return rc;
 728
 729        skb = digital_skb_alloc(ddev, sizeof(*sensb_req));
 730        if (!skb)
 731                return -ENOMEM;
 732
 733        sensb_req = skb_put(skb, sizeof(*sensb_req));
 734
 735        sensb_req->cmd = DIGITAL_CMD_SENSB_REQ;
 736        sensb_req->afi = 0x00; /* All families and sub-families */
 737        sensb_req->param = DIGITAL_SENSB_N(0);
 738
 739        rc = digital_in_send_cmd(ddev, skb, 30, digital_in_recv_sensb_res,
 740                                 NULL);
 741        if (rc)
 742                kfree_skb(skb);
 743
 744        return rc;
 745}
 746
 747static void digital_in_recv_sensf_res(struct nfc_digital_dev *ddev, void *arg,
 748                                   struct sk_buff *resp)
 749{
 750        int rc;
 751        u8 proto;
 752        struct nfc_target target;
 753        struct digital_sensf_res *sensf_res;
 754
 755        if (IS_ERR(resp)) {
 756                rc = PTR_ERR(resp);
 757                resp = NULL;
 758                goto exit;
 759        }
 760
 761        if (resp->len < DIGITAL_SENSF_RES_MIN_LENGTH) {
 762                rc = -EIO;
 763                goto exit;
 764        }
 765
 766        if (!DIGITAL_DRV_CAPS_IN_CRC(ddev)) {
 767                rc = digital_skb_check_crc_f(resp);
 768                if (rc) {
 769                        PROTOCOL_ERR("6.4.1.8");
 770                        goto exit;
 771                }
 772        }
 773
 774        skb_pull(resp, 1);
 775
 776        memset(&target, 0, sizeof(struct nfc_target));
 777
 778        sensf_res = (struct digital_sensf_res *)resp->data;
 779
 780        memcpy(target.sensf_res, sensf_res, resp->len);
 781        target.sensf_res_len = resp->len;
 782
 783        memcpy(target.nfcid2, sensf_res->nfcid2, NFC_NFCID2_MAXSIZE);
 784        target.nfcid2_len = NFC_NFCID2_MAXSIZE;
 785
 786        if (target.nfcid2[0] == DIGITAL_SENSF_NFCID2_NFC_DEP_B1 &&
 787            target.nfcid2[1] == DIGITAL_SENSF_NFCID2_NFC_DEP_B2)
 788                proto = NFC_PROTO_NFC_DEP;
 789        else
 790                proto = NFC_PROTO_FELICA;
 791
 792        rc = digital_target_found(ddev, &target, proto);
 793
 794exit:
 795        dev_kfree_skb(resp);
 796
 797        if (rc)
 798                digital_poll_next_tech(ddev);
 799}
 800
 801int digital_in_send_sensf_req(struct nfc_digital_dev *ddev, u8 rf_tech)
 802{
 803        struct digital_sensf_req *sensf_req;
 804        struct sk_buff *skb;
 805        int rc;
 806        u8 size;
 807
 808        rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_RF_TECH, rf_tech);
 809        if (rc)
 810                return rc;
 811
 812        rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
 813                                     NFC_DIGITAL_FRAMING_NFCF);
 814        if (rc)
 815                return rc;
 816
 817        size = sizeof(struct digital_sensf_req);
 818
 819        skb = digital_skb_alloc(ddev, size);
 820        if (!skb)
 821                return -ENOMEM;
 822
 823        skb_put(skb, size);
 824
 825        sensf_req = (struct digital_sensf_req *)skb->data;
 826        sensf_req->cmd = DIGITAL_CMD_SENSF_REQ;
 827        sensf_req->sc1 = 0xFF;
 828        sensf_req->sc2 = 0xFF;
 829        sensf_req->rc = 0;
 830        sensf_req->tsn = 0;
 831
 832        *(u8 *)skb_push(skb, 1) = size + 1;
 833
 834        if (!DIGITAL_DRV_CAPS_IN_CRC(ddev))
 835                digital_skb_add_crc_f(skb);
 836
 837        rc = digital_in_send_cmd(ddev, skb, 30, digital_in_recv_sensf_res,
 838                                 NULL);
 839        if (rc)
 840                kfree_skb(skb);
 841
 842        return rc;
 843}
 844
 845static void digital_in_recv_iso15693_inv_res(struct nfc_digital_dev *ddev,
 846                void *arg, struct sk_buff *resp)
 847{
 848        struct digital_iso15693_inv_res *res;
 849        struct nfc_target *target = NULL;
 850        int rc;
 851
 852        if (IS_ERR(resp)) {
 853                rc = PTR_ERR(resp);
 854                resp = NULL;
 855                goto out_free_skb;
 856        }
 857
 858        if (resp->len != sizeof(*res)) {
 859                rc = -EIO;
 860                goto out_free_skb;
 861        }
 862
 863        res = (struct digital_iso15693_inv_res *)resp->data;
 864
 865        if (!DIGITAL_ISO15693_RES_IS_VALID(res->flags)) {
 866                PROTOCOL_ERR("ISO15693 - 10.3.1");
 867                rc = -EINVAL;
 868                goto out_free_skb;
 869        }
 870
 871        target = kzalloc(sizeof(*target), GFP_KERNEL);
 872        if (!target) {
 873                rc = -ENOMEM;
 874                goto out_free_skb;
 875        }
 876
 877        target->is_iso15693 = 1;
 878        target->iso15693_dsfid = res->dsfid;
 879        memcpy(target->iso15693_uid, &res->uid, sizeof(target->iso15693_uid));
 880
 881        rc = digital_target_found(ddev, target, NFC_PROTO_ISO15693);
 882
 883        kfree(target);
 884
 885out_free_skb:
 886        dev_kfree_skb(resp);
 887
 888        if (rc)
 889                digital_poll_next_tech(ddev);
 890}
 891
 892int digital_in_send_iso15693_inv_req(struct nfc_digital_dev *ddev, u8 rf_tech)
 893{
 894        struct digital_iso15693_inv_req *req;
 895        struct sk_buff *skb;
 896        int rc;
 897
 898        rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_RF_TECH,
 899                                     NFC_DIGITAL_RF_TECH_ISO15693);
 900        if (rc)
 901                return rc;
 902
 903        rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
 904                                     NFC_DIGITAL_FRAMING_ISO15693_INVENTORY);
 905        if (rc)
 906                return rc;
 907
 908        skb = digital_skb_alloc(ddev, sizeof(*req));
 909        if (!skb)
 910                return -ENOMEM;
 911
 912        skb_put(skb, sizeof(*req) - sizeof(req->mask)); /* No mask */
 913        req = (struct digital_iso15693_inv_req *)skb->data;
 914
 915        /* Single sub-carrier, high data rate, no AFI, single slot
 916         * Inventory command
 917         */
 918        req->flags = DIGITAL_ISO15693_REQ_FLAG_DATA_RATE |
 919                     DIGITAL_ISO15693_REQ_FLAG_INVENTORY |
 920                     DIGITAL_ISO15693_REQ_FLAG_NB_SLOTS;
 921        req->cmd = DIGITAL_CMD_ISO15693_INVENTORY_REQ;
 922        req->mask_len = 0;
 923
 924        rc = digital_in_send_cmd(ddev, skb, 30,
 925                                 digital_in_recv_iso15693_inv_res, NULL);
 926        if (rc)
 927                kfree_skb(skb);
 928
 929        return rc;
 930}
 931
 932static int digital_tg_send_sel_res(struct nfc_digital_dev *ddev)
 933{
 934        struct sk_buff *skb;
 935        int rc;
 936
 937        skb = digital_skb_alloc(ddev, 1);
 938        if (!skb)
 939                return -ENOMEM;
 940
 941        skb_put_u8(skb, DIGITAL_SEL_RES_NFC_DEP);
 942
 943        if (!DIGITAL_DRV_CAPS_TG_CRC(ddev))
 944                digital_skb_add_crc_a(skb);
 945
 946        rc = digital_tg_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
 947                                     NFC_DIGITAL_FRAMING_NFCA_ANTICOL_COMPLETE);
 948        if (rc) {
 949                kfree_skb(skb);
 950                return rc;
 951        }
 952
 953        rc = digital_tg_send_cmd(ddev, skb, 300, digital_tg_recv_atr_req,
 954                                 NULL);
 955        if (rc)
 956                kfree_skb(skb);
 957
 958        return rc;
 959}
 960
 961static void digital_tg_recv_sel_req(struct nfc_digital_dev *ddev, void *arg,
 962                                    struct sk_buff *resp)
 963{
 964        int rc;
 965
 966        if (IS_ERR(resp)) {
 967                rc = PTR_ERR(resp);
 968                resp = NULL;
 969                goto exit;
 970        }
 971
 972        if (!DIGITAL_DRV_CAPS_TG_CRC(ddev)) {
 973                rc = digital_skb_check_crc_a(resp);
 974                if (rc) {
 975                        PROTOCOL_ERR("4.4.1.3");
 976                        goto exit;
 977                }
 978        }
 979
 980        /* Silently ignore SEL_REQ content and send a SEL_RES for NFC-DEP */
 981
 982        rc = digital_tg_send_sel_res(ddev);
 983
 984exit:
 985        if (rc)
 986                digital_poll_next_tech(ddev);
 987
 988        dev_kfree_skb(resp);
 989}
 990
 991static int digital_tg_send_sdd_res(struct nfc_digital_dev *ddev)
 992{
 993        struct sk_buff *skb;
 994        struct digital_sdd_res *sdd_res;
 995        int rc, i;
 996
 997        skb = digital_skb_alloc(ddev, sizeof(struct digital_sdd_res));
 998        if (!skb)
 999                return -ENOMEM;
1000
1001        skb_put(skb, sizeof(struct digital_sdd_res));
1002        sdd_res = (struct digital_sdd_res *)skb->data;
1003
1004        sdd_res->nfcid1[0] = 0x08;
1005        get_random_bytes(sdd_res->nfcid1 + 1, 3);
1006
1007        sdd_res->bcc = 0;
1008        for (i = 0; i < 4; i++)
1009                sdd_res->bcc ^= sdd_res->nfcid1[i];
1010
1011        rc = digital_tg_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
1012                                NFC_DIGITAL_FRAMING_NFCA_STANDARD_WITH_CRC_A);
1013        if (rc) {
1014                kfree_skb(skb);
1015                return rc;
1016        }
1017
1018        rc = digital_tg_send_cmd(ddev, skb, 300, digital_tg_recv_sel_req,
1019                                 NULL);
1020        if (rc)
1021                kfree_skb(skb);
1022
1023        return rc;
1024}
1025
1026static void digital_tg_recv_sdd_req(struct nfc_digital_dev *ddev, void *arg,
1027                                    struct sk_buff *resp)
1028{
1029        u8 *sdd_req;
1030        int rc;
1031
1032        if (IS_ERR(resp)) {
1033                rc = PTR_ERR(resp);
1034                resp = NULL;
1035                goto exit;
1036        }
1037
1038        sdd_req = resp->data;
1039
1040        if (resp->len < 2 || sdd_req[0] != DIGITAL_CMD_SEL_REQ_CL1 ||
1041            sdd_req[1] != DIGITAL_SDD_REQ_SEL_PAR) {
1042                rc = -EINVAL;
1043                goto exit;
1044        }
1045
1046        rc = digital_tg_send_sdd_res(ddev);
1047
1048exit:
1049        if (rc)
1050                digital_poll_next_tech(ddev);
1051
1052        dev_kfree_skb(resp);
1053}
1054
1055static int digital_tg_send_sens_res(struct nfc_digital_dev *ddev)
1056{
1057        struct sk_buff *skb;
1058        u8 *sens_res;
1059        int rc;
1060
1061        skb = digital_skb_alloc(ddev, 2);
1062        if (!skb)
1063                return -ENOMEM;
1064
1065        sens_res = skb_put(skb, 2);
1066
1067        sens_res[0] = (DIGITAL_SENS_RES_NFC_DEP >> 8) & 0xFF;
1068        sens_res[1] = DIGITAL_SENS_RES_NFC_DEP & 0xFF;
1069
1070        rc = digital_tg_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
1071                                     NFC_DIGITAL_FRAMING_NFCA_STANDARD);
1072        if (rc) {
1073                kfree_skb(skb);
1074                return rc;
1075        }
1076
1077        rc = digital_tg_send_cmd(ddev, skb, 300, digital_tg_recv_sdd_req,
1078                                 NULL);
1079        if (rc)
1080                kfree_skb(skb);
1081
1082        return rc;
1083}
1084
1085void digital_tg_recv_sens_req(struct nfc_digital_dev *ddev, void *arg,
1086                              struct sk_buff *resp)
1087{
1088        u8 sens_req;
1089        int rc;
1090
1091        if (IS_ERR(resp)) {
1092                rc = PTR_ERR(resp);
1093                resp = NULL;
1094                goto exit;
1095        }
1096
1097        sens_req = resp->data[0];
1098
1099        if (!resp->len || (sens_req != DIGITAL_CMD_SENS_REQ &&
1100            sens_req != DIGITAL_CMD_ALL_REQ)) {
1101                rc = -EINVAL;
1102                goto exit;
1103        }
1104
1105        rc = digital_tg_send_sens_res(ddev);
1106
1107exit:
1108        if (rc)
1109                digital_poll_next_tech(ddev);
1110
1111        dev_kfree_skb(resp);
1112}
1113
1114static void digital_tg_recv_atr_or_sensf_req(struct nfc_digital_dev *ddev,
1115                void *arg, struct sk_buff *resp)
1116{
1117        if (!IS_ERR(resp) && (resp->len >= 2) &&
1118                        (resp->data[1] == DIGITAL_CMD_SENSF_REQ))
1119                digital_tg_recv_sensf_req(ddev, arg, resp);
1120        else
1121                digital_tg_recv_atr_req(ddev, arg, resp);
1122
1123        return;
1124}
1125
1126static int digital_tg_send_sensf_res(struct nfc_digital_dev *ddev,
1127                              struct digital_sensf_req *sensf_req)
1128{
1129        struct sk_buff *skb;
1130        u8 size;
1131        int rc;
1132        struct digital_sensf_res *sensf_res;
1133
1134        size = sizeof(struct digital_sensf_res);
1135
1136        if (sensf_req->rc == DIGITAL_SENSF_REQ_RC_NONE)
1137                size -= sizeof(sensf_res->rd);
1138
1139        skb = digital_skb_alloc(ddev, size);
1140        if (!skb)
1141                return -ENOMEM;
1142
1143        skb_put(skb, size);
1144
1145        sensf_res = (struct digital_sensf_res *)skb->data;
1146
1147        memset(sensf_res, 0, size);
1148
1149        sensf_res->cmd = DIGITAL_CMD_SENSF_RES;
1150        sensf_res->nfcid2[0] = DIGITAL_SENSF_NFCID2_NFC_DEP_B1;
1151        sensf_res->nfcid2[1] = DIGITAL_SENSF_NFCID2_NFC_DEP_B2;
1152        get_random_bytes(&sensf_res->nfcid2[2], 6);
1153
1154        switch (sensf_req->rc) {
1155        case DIGITAL_SENSF_REQ_RC_SC:
1156                sensf_res->rd[0] = sensf_req->sc1;
1157                sensf_res->rd[1] = sensf_req->sc2;
1158                break;
1159        case DIGITAL_SENSF_REQ_RC_AP:
1160                sensf_res->rd[0] = DIGITAL_SENSF_RES_RD_AP_B1;
1161                sensf_res->rd[1] = DIGITAL_SENSF_RES_RD_AP_B2;
1162                break;
1163        }
1164
1165        *(u8 *)skb_push(skb, sizeof(u8)) = size + 1;
1166
1167        if (!DIGITAL_DRV_CAPS_TG_CRC(ddev))
1168                digital_skb_add_crc_f(skb);
1169
1170        rc = digital_tg_send_cmd(ddev, skb, 300,
1171                                 digital_tg_recv_atr_or_sensf_req, NULL);
1172        if (rc)
1173                kfree_skb(skb);
1174
1175        return rc;
1176}
1177
1178void digital_tg_recv_sensf_req(struct nfc_digital_dev *ddev, void *arg,
1179                               struct sk_buff *resp)
1180{
1181        struct digital_sensf_req *sensf_req;
1182        int rc;
1183
1184        if (IS_ERR(resp)) {
1185                rc = PTR_ERR(resp);
1186                resp = NULL;
1187                goto exit;
1188        }
1189
1190        if (!DIGITAL_DRV_CAPS_TG_CRC(ddev)) {
1191                rc = digital_skb_check_crc_f(resp);
1192                if (rc) {
1193                        PROTOCOL_ERR("6.4.1.8");
1194                        goto exit;
1195                }
1196        }
1197
1198        if (resp->len != sizeof(struct digital_sensf_req) + 1) {
1199                rc = -EINVAL;
1200                goto exit;
1201        }
1202
1203        skb_pull(resp, 1);
1204        sensf_req = (struct digital_sensf_req *)resp->data;
1205
1206        if (sensf_req->cmd != DIGITAL_CMD_SENSF_REQ) {
1207                rc = -EINVAL;
1208                goto exit;
1209        }
1210
1211        rc = digital_tg_send_sensf_res(ddev, sensf_req);
1212
1213exit:
1214        if (rc)
1215                digital_poll_next_tech(ddev);
1216
1217        dev_kfree_skb(resp);
1218}
1219
1220static int digital_tg_config_nfca(struct nfc_digital_dev *ddev)
1221{
1222        int rc;
1223
1224        rc = digital_tg_configure_hw(ddev, NFC_DIGITAL_CONFIG_RF_TECH,
1225                                     NFC_DIGITAL_RF_TECH_106A);
1226        if (rc)
1227                return rc;
1228
1229        return digital_tg_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
1230                                       NFC_DIGITAL_FRAMING_NFCA_NFC_DEP);
1231}
1232
1233int digital_tg_listen_nfca(struct nfc_digital_dev *ddev, u8 rf_tech)
1234{
1235        int rc;
1236
1237        rc = digital_tg_config_nfca(ddev);
1238        if (rc)
1239                return rc;
1240
1241        return digital_tg_listen(ddev, 300, digital_tg_recv_sens_req, NULL);
1242}
1243
1244static int digital_tg_config_nfcf(struct nfc_digital_dev *ddev, u8 rf_tech)
1245{
1246        int rc;
1247
1248        rc = digital_tg_configure_hw(ddev, NFC_DIGITAL_CONFIG_RF_TECH, rf_tech);
1249        if (rc)
1250                return rc;
1251
1252        return digital_tg_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
1253                                       NFC_DIGITAL_FRAMING_NFCF_NFC_DEP);
1254}
1255
1256int digital_tg_listen_nfcf(struct nfc_digital_dev *ddev, u8 rf_tech)
1257{
1258        int rc;
1259
1260        rc = digital_tg_config_nfcf(ddev, rf_tech);
1261        if (rc)
1262                return rc;
1263
1264        return digital_tg_listen(ddev, 300, digital_tg_recv_sensf_req, NULL);
1265}
1266
1267void digital_tg_recv_md_req(struct nfc_digital_dev *ddev, void *arg,
1268                            struct sk_buff *resp)
1269{
1270        u8 rf_tech;
1271        int rc;
1272
1273        if (IS_ERR(resp)) {
1274                resp = NULL;
1275                goto exit_free_skb;
1276        }
1277
1278        rc = ddev->ops->tg_get_rf_tech(ddev, &rf_tech);
1279        if (rc)
1280                goto exit_free_skb;
1281
1282        switch (rf_tech) {
1283        case NFC_DIGITAL_RF_TECH_106A:
1284                rc = digital_tg_config_nfca(ddev);
1285                if (rc)
1286                        goto exit_free_skb;
1287                digital_tg_recv_sens_req(ddev, arg, resp);
1288                break;
1289        case NFC_DIGITAL_RF_TECH_212F:
1290        case NFC_DIGITAL_RF_TECH_424F:
1291                rc = digital_tg_config_nfcf(ddev, rf_tech);
1292                if (rc)
1293                        goto exit_free_skb;
1294                digital_tg_recv_sensf_req(ddev, arg, resp);
1295                break;
1296        default:
1297                goto exit_free_skb;
1298        }
1299
1300        return;
1301
1302exit_free_skb:
1303        digital_poll_next_tech(ddev);
1304        dev_kfree_skb(resp);
1305}
1306