linux/net/nfc/digital_technology.c
<<
>>
Prefs
   1// SPDX-License-Identifier: GPL-2.0-only
   2/*
   3 * NFC Digital Protocol stack
   4 * Copyright (c) 2013, Intel Corporation.
   5 */
   6
   7#define pr_fmt(fmt) "digital: %s: " fmt, __func__
   8
   9#include "digital.h"
  10
  11#define DIGITAL_CMD_SENS_REQ    0x26
  12#define DIGITAL_CMD_ALL_REQ     0x52
  13#define DIGITAL_CMD_SEL_REQ_CL1 0x93
  14#define DIGITAL_CMD_SEL_REQ_CL2 0x95
  15#define DIGITAL_CMD_SEL_REQ_CL3 0x97
  16
  17#define DIGITAL_SDD_REQ_SEL_PAR 0x20
  18
  19#define DIGITAL_SDD_RES_CT  0x88
  20#define DIGITAL_SDD_RES_LEN 5
  21#define DIGITAL_SEL_RES_LEN 1
  22
  23#define DIGITAL_SEL_RES_NFCID1_COMPLETE(sel_res) (!((sel_res) & 0x04))
  24#define DIGITAL_SEL_RES_IS_T2T(sel_res) (!((sel_res) & 0x60))
  25#define DIGITAL_SEL_RES_IS_T4T(sel_res) ((sel_res) & 0x20)
  26#define DIGITAL_SEL_RES_IS_NFC_DEP(sel_res) ((sel_res) & 0x40)
  27
  28#define DIGITAL_SENS_RES_IS_T1T(sens_res) (((sens_res) & 0x0C00) == 0x0C00)
  29#define DIGITAL_SENS_RES_IS_VALID(sens_res) \
  30        ((!((sens_res) & 0x001F) && (((sens_res) & 0x0C00) == 0x0C00)) || \
  31        (((sens_res) & 0x001F) && ((sens_res) & 0x0C00) != 0x0C00))
  32
  33#define DIGITAL_MIFARE_READ_RES_LEN 16
  34#define DIGITAL_MIFARE_ACK_RES  0x0A
  35
  36#define DIGITAL_CMD_SENSB_REQ                   0x05
  37#define DIGITAL_SENSB_ADVANCED                  BIT(5)
  38#define DIGITAL_SENSB_EXTENDED                  BIT(4)
  39#define DIGITAL_SENSB_ALLB_REQ                  BIT(3)
  40#define DIGITAL_SENSB_N(n)                      ((n) & 0x7)
  41
  42#define DIGITAL_CMD_SENSB_RES                   0x50
  43
  44#define DIGITAL_CMD_ATTRIB_REQ                  0x1D
  45#define DIGITAL_ATTRIB_P1_TR0_DEFAULT           (0x0 << 6)
  46#define DIGITAL_ATTRIB_P1_TR1_DEFAULT           (0x0 << 4)
  47#define DIGITAL_ATTRIB_P1_SUPRESS_EOS           BIT(3)
  48#define DIGITAL_ATTRIB_P1_SUPRESS_SOS           BIT(2)
  49#define DIGITAL_ATTRIB_P2_LISTEN_POLL_1         (0x0 << 6)
  50#define DIGITAL_ATTRIB_P2_POLL_LISTEN_1         (0x0 << 4)
  51#define DIGITAL_ATTRIB_P2_MAX_FRAME_256         0x8
  52#define DIGITAL_ATTRIB_P4_DID(n)                ((n) & 0xf)
  53
  54#define DIGITAL_CMD_SENSF_REQ   0x00
  55#define DIGITAL_CMD_SENSF_RES   0x01
  56
  57#define DIGITAL_SENSF_RES_MIN_LENGTH 17
  58#define DIGITAL_SENSF_RES_RD_AP_B1   0x00
  59#define DIGITAL_SENSF_RES_RD_AP_B2   0x8F
  60
  61#define DIGITAL_SENSF_REQ_RC_NONE 0
  62#define DIGITAL_SENSF_REQ_RC_SC   1
  63#define DIGITAL_SENSF_REQ_RC_AP   2
  64
  65#define DIGITAL_CMD_ISO15693_INVENTORY_REQ      0x01
  66
  67#define DIGITAL_ISO15693_REQ_FLAG_DATA_RATE     BIT(1)
  68#define DIGITAL_ISO15693_REQ_FLAG_INVENTORY     BIT(2)
  69#define DIGITAL_ISO15693_REQ_FLAG_NB_SLOTS      BIT(5)
  70#define DIGITAL_ISO15693_RES_FLAG_ERROR         BIT(0)
  71#define DIGITAL_ISO15693_RES_IS_VALID(flags) \
  72        (!((flags) & DIGITAL_ISO15693_RES_FLAG_ERROR))
  73
  74#define DIGITAL_ISO_DEP_I_PCB    0x02
  75#define DIGITAL_ISO_DEP_PNI(pni) ((pni) & 0x01)
  76
  77#define DIGITAL_ISO_DEP_PCB_TYPE(pcb) ((pcb) & 0xC0)
  78
  79#define DIGITAL_ISO_DEP_I_BLOCK 0x00
  80
  81#define DIGITAL_ISO_DEP_BLOCK_HAS_DID(pcb) ((pcb) & 0x08)
  82
  83static const u8 digital_ats_fsc[] = {
  84         16,  24,  32,  40,  48,  64,  96, 128,
  85};
  86
  87#define DIGITAL_ATS_FSCI(t0) ((t0) & 0x0F)
  88#define DIGITAL_SENSB_FSCI(pi2) (((pi2) & 0xF0) >> 4)
  89#define DIGITAL_ATS_MAX_FSC  256
  90
  91#define DIGITAL_RATS_BYTE1 0xE0
  92#define DIGITAL_RATS_PARAM 0x80
  93
  94struct digital_sdd_res {
  95        u8 nfcid1[4];
  96        u8 bcc;
  97} __packed;
  98
  99struct digital_sel_req {
 100        u8 sel_cmd;
 101        u8 b2;
 102        u8 nfcid1[4];
 103        u8 bcc;
 104} __packed;
 105
 106struct digital_sensb_req {
 107        u8 cmd;
 108        u8 afi;
 109        u8 param;
 110} __packed;
 111
 112struct digital_sensb_res {
 113        u8 cmd;
 114        u8 nfcid0[4];
 115        u8 app_data[4];
 116        u8 proto_info[3];
 117} __packed;
 118
 119struct digital_attrib_req {
 120        u8 cmd;
 121        u8 nfcid0[4];
 122        u8 param1;
 123        u8 param2;
 124        u8 param3;
 125        u8 param4;
 126} __packed;
 127
 128struct digital_attrib_res {
 129        u8 mbli_did;
 130} __packed;
 131
 132struct digital_sensf_req {
 133        u8 cmd;
 134        u8 sc1;
 135        u8 sc2;
 136        u8 rc;
 137        u8 tsn;
 138} __packed;
 139
 140struct digital_sensf_res {
 141        u8 cmd;
 142        u8 nfcid2[8];
 143        u8 pad0[2];
 144        u8 pad1[3];
 145        u8 mrti_check;
 146        u8 mrti_update;
 147        u8 pad2;
 148        u8 rd[2];
 149} __packed;
 150
 151struct digital_iso15693_inv_req {
 152        u8 flags;
 153        u8 cmd;
 154        u8 mask_len;
 155        u64 mask;
 156} __packed;
 157
 158struct digital_iso15693_inv_res {
 159        u8 flags;
 160        u8 dsfid;
 161        u64 uid;
 162} __packed;
 163
 164static int digital_in_send_sdd_req(struct nfc_digital_dev *ddev,
 165                                   struct nfc_target *target);
 166
 167int digital_in_iso_dep_pull_sod(struct nfc_digital_dev *ddev,
 168                                struct sk_buff *skb)
 169{
 170        u8 pcb;
 171        u8 block_type;
 172
 173        if (skb->len < 1)
 174                return -EIO;
 175
 176        pcb = *skb->data;
 177        block_type = DIGITAL_ISO_DEP_PCB_TYPE(pcb);
 178
 179        /* No support fo R-block nor S-block */
 180        if (block_type != DIGITAL_ISO_DEP_I_BLOCK) {
 181                pr_err("ISO_DEP R-block and S-block not supported\n");
 182                return -EIO;
 183        }
 184
 185        if (DIGITAL_ISO_DEP_BLOCK_HAS_DID(pcb)) {
 186                pr_err("DID field in ISO_DEP PCB not supported\n");
 187                return -EIO;
 188        }
 189
 190        skb_pull(skb, 1);
 191
 192        return 0;
 193}
 194
 195int digital_in_iso_dep_push_sod(struct nfc_digital_dev *ddev,
 196                                struct sk_buff *skb)
 197{
 198        /*
 199         * Chaining not supported so skb->len + 1 PCB byte + 2 CRC bytes must
 200         * not be greater than remote FSC
 201         */
 202        if (skb->len + 3 > ddev->target_fsc)
 203                return -EIO;
 204
 205        skb_push(skb, 1);
 206
 207        *skb->data = DIGITAL_ISO_DEP_I_PCB | ddev->curr_nfc_dep_pni;
 208
 209        ddev->curr_nfc_dep_pni =
 210                DIGITAL_ISO_DEP_PNI(ddev->curr_nfc_dep_pni + 1);
 211
 212        return 0;
 213}
 214
 215static void digital_in_recv_ats(struct nfc_digital_dev *ddev, void *arg,
 216                                struct sk_buff *resp)
 217{
 218        struct nfc_target *target = arg;
 219        u8 fsdi;
 220        int rc;
 221
 222        if (IS_ERR(resp)) {
 223                rc = PTR_ERR(resp);
 224                resp = NULL;
 225                goto exit;
 226        }
 227
 228        if (resp->len < 2) {
 229                rc = -EIO;
 230                goto exit;
 231        }
 232
 233        fsdi = DIGITAL_ATS_FSCI(resp->data[1]);
 234        if (fsdi >= 8)
 235                ddev->target_fsc = DIGITAL_ATS_MAX_FSC;
 236        else
 237                ddev->target_fsc = digital_ats_fsc[fsdi];
 238
 239        ddev->curr_nfc_dep_pni = 0;
 240
 241        rc = digital_target_found(ddev, target, NFC_PROTO_ISO14443);
 242
 243exit:
 244        dev_kfree_skb(resp);
 245        kfree(target);
 246
 247        if (rc)
 248                digital_poll_next_tech(ddev);
 249}
 250
 251static int digital_in_send_rats(struct nfc_digital_dev *ddev,
 252                                struct nfc_target *target)
 253{
 254        int rc;
 255        struct sk_buff *skb;
 256
 257        skb = digital_skb_alloc(ddev, 2);
 258        if (!skb)
 259                return -ENOMEM;
 260
 261        skb_put_u8(skb, DIGITAL_RATS_BYTE1);
 262        skb_put_u8(skb, DIGITAL_RATS_PARAM);
 263
 264        rc = digital_in_send_cmd(ddev, skb, 30, digital_in_recv_ats,
 265                                 target);
 266        if (rc)
 267                kfree_skb(skb);
 268
 269        return rc;
 270}
 271
 272static void digital_in_recv_sel_res(struct nfc_digital_dev *ddev, void *arg,
 273                                    struct sk_buff *resp)
 274{
 275        struct nfc_target *target = arg;
 276        int rc;
 277        u8 sel_res;
 278        u8 nfc_proto;
 279
 280        if (IS_ERR(resp)) {
 281                rc = PTR_ERR(resp);
 282                resp = NULL;
 283                goto exit;
 284        }
 285
 286        if (!DIGITAL_DRV_CAPS_IN_CRC(ddev)) {
 287                rc = digital_skb_check_crc_a(resp);
 288                if (rc) {
 289                        PROTOCOL_ERR("4.4.1.3");
 290                        goto exit;
 291                }
 292        }
 293
 294        if (resp->len != DIGITAL_SEL_RES_LEN) {
 295                rc = -EIO;
 296                goto exit;
 297        }
 298
 299        sel_res = resp->data[0];
 300
 301        if (!DIGITAL_SEL_RES_NFCID1_COMPLETE(sel_res)) {
 302                rc = digital_in_send_sdd_req(ddev, target);
 303                if (rc)
 304                        goto exit;
 305
 306                goto exit_free_skb;
 307        }
 308
 309        target->sel_res = sel_res;
 310
 311        if (DIGITAL_SEL_RES_IS_T2T(sel_res)) {
 312                nfc_proto = NFC_PROTO_MIFARE;
 313        } else if (DIGITAL_SEL_RES_IS_NFC_DEP(sel_res)) {
 314                nfc_proto = NFC_PROTO_NFC_DEP;
 315        } else if (DIGITAL_SEL_RES_IS_T4T(sel_res)) {
 316                rc = digital_in_send_rats(ddev, target);
 317                if (rc)
 318                        goto exit;
 319                /*
 320                 * Skip target_found and don't free it for now. This will be
 321                 * done when receiving the ATS
 322                 */
 323                goto exit_free_skb;
 324        } else {
 325                rc = -EOPNOTSUPP;
 326                goto exit;
 327        }
 328
 329        rc = digital_target_found(ddev, target, nfc_proto);
 330
 331exit:
 332        kfree(target);
 333
 334exit_free_skb:
 335        dev_kfree_skb(resp);
 336
 337        if (rc)
 338                digital_poll_next_tech(ddev);
 339}
 340
 341static int digital_in_send_sel_req(struct nfc_digital_dev *ddev,
 342                                   struct nfc_target *target,
 343                                   struct digital_sdd_res *sdd_res)
 344{
 345        struct sk_buff *skb;
 346        struct digital_sel_req *sel_req;
 347        u8 sel_cmd;
 348        int rc;
 349
 350        skb = digital_skb_alloc(ddev, sizeof(struct digital_sel_req));
 351        if (!skb)
 352                return -ENOMEM;
 353
 354        skb_put(skb, sizeof(struct digital_sel_req));
 355        sel_req = (struct digital_sel_req *)skb->data;
 356
 357        if (target->nfcid1_len <= 4)
 358                sel_cmd = DIGITAL_CMD_SEL_REQ_CL1;
 359        else if (target->nfcid1_len < 10)
 360                sel_cmd = DIGITAL_CMD_SEL_REQ_CL2;
 361        else
 362                sel_cmd = DIGITAL_CMD_SEL_REQ_CL3;
 363
 364        sel_req->sel_cmd = sel_cmd;
 365        sel_req->b2 = 0x70;
 366        memcpy(sel_req->nfcid1, sdd_res->nfcid1, 4);
 367        sel_req->bcc = sdd_res->bcc;
 368
 369        if (DIGITAL_DRV_CAPS_IN_CRC(ddev)) {
 370                rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
 371                                NFC_DIGITAL_FRAMING_NFCA_STANDARD_WITH_CRC_A);
 372                if (rc)
 373                        goto exit;
 374        } else {
 375                digital_skb_add_crc_a(skb);
 376        }
 377
 378        rc = digital_in_send_cmd(ddev, skb, 30, digital_in_recv_sel_res,
 379                                 target);
 380exit:
 381        if (rc)
 382                kfree_skb(skb);
 383
 384        return rc;
 385}
 386
 387static void digital_in_recv_sdd_res(struct nfc_digital_dev *ddev, void *arg,
 388                                    struct sk_buff *resp)
 389{
 390        struct nfc_target *target = arg;
 391        struct digital_sdd_res *sdd_res;
 392        int rc;
 393        u8 offset, size;
 394        u8 i, bcc;
 395
 396        if (IS_ERR(resp)) {
 397                rc = PTR_ERR(resp);
 398                resp = NULL;
 399                goto exit;
 400        }
 401
 402        if (resp->len < DIGITAL_SDD_RES_LEN) {
 403                PROTOCOL_ERR("4.7.2.8");
 404                rc = -EINVAL;
 405                goto exit;
 406        }
 407
 408        sdd_res = (struct digital_sdd_res *)resp->data;
 409
 410        for (i = 0, bcc = 0; i < 4; i++)
 411                bcc ^= sdd_res->nfcid1[i];
 412
 413        if (bcc != sdd_res->bcc) {
 414                PROTOCOL_ERR("4.7.2.6");
 415                rc = -EINVAL;
 416                goto exit;
 417        }
 418
 419        if (sdd_res->nfcid1[0] == DIGITAL_SDD_RES_CT) {
 420                offset = 1;
 421                size = 3;
 422        } else {
 423                offset = 0;
 424                size = 4;
 425        }
 426
 427        memcpy(target->nfcid1 + target->nfcid1_len, sdd_res->nfcid1 + offset,
 428               size);
 429        target->nfcid1_len += size;
 430
 431        rc = digital_in_send_sel_req(ddev, target, sdd_res);
 432
 433exit:
 434        dev_kfree_skb(resp);
 435
 436        if (rc) {
 437                kfree(target);
 438                digital_poll_next_tech(ddev);
 439        }
 440}
 441
 442static int digital_in_send_sdd_req(struct nfc_digital_dev *ddev,
 443                                   struct nfc_target *target)
 444{
 445        int rc;
 446        struct sk_buff *skb;
 447        u8 sel_cmd;
 448
 449        rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
 450                                     NFC_DIGITAL_FRAMING_NFCA_STANDARD);
 451        if (rc)
 452                return rc;
 453
 454        skb = digital_skb_alloc(ddev, 2);
 455        if (!skb)
 456                return -ENOMEM;
 457
 458        if (target->nfcid1_len == 0)
 459                sel_cmd = DIGITAL_CMD_SEL_REQ_CL1;
 460        else if (target->nfcid1_len == 3)
 461                sel_cmd = DIGITAL_CMD_SEL_REQ_CL2;
 462        else
 463                sel_cmd = DIGITAL_CMD_SEL_REQ_CL3;
 464
 465        skb_put_u8(skb, sel_cmd);
 466        skb_put_u8(skb, DIGITAL_SDD_REQ_SEL_PAR);
 467
 468        return digital_in_send_cmd(ddev, skb, 30, digital_in_recv_sdd_res,
 469                                   target);
 470}
 471
 472static void digital_in_recv_sens_res(struct nfc_digital_dev *ddev, void *arg,
 473                                     struct sk_buff *resp)
 474{
 475        struct nfc_target *target = NULL;
 476        int rc;
 477
 478        if (IS_ERR(resp)) {
 479                rc = PTR_ERR(resp);
 480                resp = NULL;
 481                goto exit;
 482        }
 483
 484        if (resp->len < sizeof(u16)) {
 485                rc = -EIO;
 486                goto exit;
 487        }
 488
 489        target = kzalloc(sizeof(struct nfc_target), GFP_KERNEL);
 490        if (!target) {
 491                rc = -ENOMEM;
 492                goto exit;
 493        }
 494
 495        target->sens_res = __le16_to_cpu(*(__le16 *)resp->data);
 496
 497        if (!DIGITAL_SENS_RES_IS_VALID(target->sens_res)) {
 498                PROTOCOL_ERR("4.6.3.3");
 499                rc = -EINVAL;
 500                goto exit;
 501        }
 502
 503        if (DIGITAL_SENS_RES_IS_T1T(target->sens_res))
 504                rc = digital_target_found(ddev, target, NFC_PROTO_JEWEL);
 505        else
 506                rc = digital_in_send_sdd_req(ddev, target);
 507
 508exit:
 509        dev_kfree_skb(resp);
 510
 511        if (rc) {
 512                kfree(target);
 513                digital_poll_next_tech(ddev);
 514        }
 515}
 516
 517int digital_in_send_sens_req(struct nfc_digital_dev *ddev, u8 rf_tech)
 518{
 519        struct sk_buff *skb;
 520        int rc;
 521
 522        rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_RF_TECH,
 523                                     NFC_DIGITAL_RF_TECH_106A);
 524        if (rc)
 525                return rc;
 526
 527        rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
 528                                     NFC_DIGITAL_FRAMING_NFCA_SHORT);
 529        if (rc)
 530                return rc;
 531
 532        skb = digital_skb_alloc(ddev, 1);
 533        if (!skb)
 534                return -ENOMEM;
 535
 536        skb_put_u8(skb, DIGITAL_CMD_SENS_REQ);
 537
 538        rc = digital_in_send_cmd(ddev, skb, 30, digital_in_recv_sens_res, NULL);
 539        if (rc)
 540                kfree_skb(skb);
 541
 542        return rc;
 543}
 544
 545int digital_in_recv_mifare_res(struct sk_buff *resp)
 546{
 547        /* Successful READ command response is 16 data bytes + 2 CRC bytes long.
 548         * Since the driver can't differentiate a ACK/NACK response from a valid
 549         * READ response, the CRC calculation must be handled at digital level
 550         * even if the driver supports it for this technology.
 551         */
 552        if (resp->len == DIGITAL_MIFARE_READ_RES_LEN + DIGITAL_CRC_LEN) {
 553                if (digital_skb_check_crc_a(resp)) {
 554                        PROTOCOL_ERR("9.4.1.2");
 555                        return -EIO;
 556                }
 557
 558                return 0;
 559        }
 560
 561        /* ACK response (i.e. successful WRITE). */
 562        if (resp->len == 1 && resp->data[0] == DIGITAL_MIFARE_ACK_RES) {
 563                resp->data[0] = 0;
 564                return 0;
 565        }
 566
 567        /* NACK and any other responses are treated as error. */
 568        return -EIO;
 569}
 570
 571static void digital_in_recv_attrib_res(struct nfc_digital_dev *ddev, void *arg,
 572                                       struct sk_buff *resp)
 573{
 574        struct nfc_target *target = arg;
 575        struct digital_attrib_res *attrib_res;
 576        int rc;
 577
 578        if (IS_ERR(resp)) {
 579                rc = PTR_ERR(resp);
 580                resp = NULL;
 581                goto exit;
 582        }
 583
 584        if (resp->len < sizeof(*attrib_res)) {
 585                PROTOCOL_ERR("12.6.2");
 586                rc = -EIO;
 587                goto exit;
 588        }
 589
 590        attrib_res = (struct digital_attrib_res *)resp->data;
 591
 592        if (attrib_res->mbli_did & 0x0f) {
 593                PROTOCOL_ERR("12.6.2.1");
 594                rc = -EIO;
 595                goto exit;
 596        }
 597
 598        rc = digital_target_found(ddev, target, NFC_PROTO_ISO14443_B);
 599
 600exit:
 601        dev_kfree_skb(resp);
 602        kfree(target);
 603
 604        if (rc)
 605                digital_poll_next_tech(ddev);
 606}
 607
 608static int digital_in_send_attrib_req(struct nfc_digital_dev *ddev,
 609                               struct nfc_target *target,
 610                               struct digital_sensb_res *sensb_res)
 611{
 612        struct digital_attrib_req *attrib_req;
 613        struct sk_buff *skb;
 614        int rc;
 615
 616        skb = digital_skb_alloc(ddev, sizeof(*attrib_req));
 617        if (!skb)
 618                return -ENOMEM;
 619
 620        attrib_req = skb_put(skb, sizeof(*attrib_req));
 621
 622        attrib_req->cmd = DIGITAL_CMD_ATTRIB_REQ;
 623        memcpy(attrib_req->nfcid0, sensb_res->nfcid0,
 624               sizeof(attrib_req->nfcid0));
 625        attrib_req->param1 = DIGITAL_ATTRIB_P1_TR0_DEFAULT |
 626                             DIGITAL_ATTRIB_P1_TR1_DEFAULT;
 627        attrib_req->param2 = DIGITAL_ATTRIB_P2_LISTEN_POLL_1 |
 628                             DIGITAL_ATTRIB_P2_POLL_LISTEN_1 |
 629                             DIGITAL_ATTRIB_P2_MAX_FRAME_256;
 630        attrib_req->param3 = sensb_res->proto_info[1] & 0x07;
 631        attrib_req->param4 = DIGITAL_ATTRIB_P4_DID(0);
 632
 633        rc = digital_in_send_cmd(ddev, skb, 30, digital_in_recv_attrib_res,
 634                                 target);
 635        if (rc)
 636                kfree_skb(skb);
 637
 638        return rc;
 639}
 640
 641static void digital_in_recv_sensb_res(struct nfc_digital_dev *ddev, void *arg,
 642                                      struct sk_buff *resp)
 643{
 644        struct nfc_target *target = NULL;
 645        struct digital_sensb_res *sensb_res;
 646        u8 fsci;
 647        int rc;
 648
 649        if (IS_ERR(resp)) {
 650                rc = PTR_ERR(resp);
 651                resp = NULL;
 652                goto exit;
 653        }
 654
 655        if (resp->len != sizeof(*sensb_res)) {
 656                PROTOCOL_ERR("5.6.2.1");
 657                rc = -EIO;
 658                goto exit;
 659        }
 660
 661        sensb_res = (struct digital_sensb_res *)resp->data;
 662
 663        if (sensb_res->cmd != DIGITAL_CMD_SENSB_RES) {
 664                PROTOCOL_ERR("5.6.2");
 665                rc = -EIO;
 666                goto exit;
 667        }
 668
 669        if (!(sensb_res->proto_info[1] & BIT(0))) {
 670                PROTOCOL_ERR("5.6.2.12");
 671                rc = -EIO;
 672                goto exit;
 673        }
 674
 675        if (sensb_res->proto_info[1] & BIT(3)) {
 676                PROTOCOL_ERR("5.6.2.16");
 677                rc = -EIO;
 678                goto exit;
 679        }
 680
 681        fsci = DIGITAL_SENSB_FSCI(sensb_res->proto_info[1]);
 682        if (fsci >= 8)
 683                ddev->target_fsc = DIGITAL_ATS_MAX_FSC;
 684        else
 685                ddev->target_fsc = digital_ats_fsc[fsci];
 686
 687        target = kzalloc(sizeof(struct nfc_target), GFP_KERNEL);
 688        if (!target) {
 689                rc = -ENOMEM;
 690                goto exit;
 691        }
 692
 693        rc = digital_in_send_attrib_req(ddev, target, sensb_res);
 694
 695exit:
 696        dev_kfree_skb(resp);
 697
 698        if (rc) {
 699                kfree(target);
 700                digital_poll_next_tech(ddev);
 701        }
 702}
 703
 704int digital_in_send_sensb_req(struct nfc_digital_dev *ddev, u8 rf_tech)
 705{
 706        struct digital_sensb_req *sensb_req;
 707        struct sk_buff *skb;
 708        int rc;
 709
 710        rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_RF_TECH,
 711                                     NFC_DIGITAL_RF_TECH_106B);
 712        if (rc)
 713                return rc;
 714
 715        rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
 716                                     NFC_DIGITAL_FRAMING_NFCB);
 717        if (rc)
 718                return rc;
 719
 720        skb = digital_skb_alloc(ddev, sizeof(*sensb_req));
 721        if (!skb)
 722                return -ENOMEM;
 723
 724        sensb_req = skb_put(skb, sizeof(*sensb_req));
 725
 726        sensb_req->cmd = DIGITAL_CMD_SENSB_REQ;
 727        sensb_req->afi = 0x00; /* All families and sub-families */
 728        sensb_req->param = DIGITAL_SENSB_N(0);
 729
 730        rc = digital_in_send_cmd(ddev, skb, 30, digital_in_recv_sensb_res,
 731                                 NULL);
 732        if (rc)
 733                kfree_skb(skb);
 734
 735        return rc;
 736}
 737
 738static void digital_in_recv_sensf_res(struct nfc_digital_dev *ddev, void *arg,
 739                                   struct sk_buff *resp)
 740{
 741        int rc;
 742        u8 proto;
 743        struct nfc_target target;
 744        struct digital_sensf_res *sensf_res;
 745
 746        if (IS_ERR(resp)) {
 747                rc = PTR_ERR(resp);
 748                resp = NULL;
 749                goto exit;
 750        }
 751
 752        if (resp->len < DIGITAL_SENSF_RES_MIN_LENGTH) {
 753                rc = -EIO;
 754                goto exit;
 755        }
 756
 757        if (!DIGITAL_DRV_CAPS_IN_CRC(ddev)) {
 758                rc = digital_skb_check_crc_f(resp);
 759                if (rc) {
 760                        PROTOCOL_ERR("6.4.1.8");
 761                        goto exit;
 762                }
 763        }
 764
 765        skb_pull(resp, 1);
 766
 767        memset(&target, 0, sizeof(struct nfc_target));
 768
 769        sensf_res = (struct digital_sensf_res *)resp->data;
 770
 771        memcpy(target.sensf_res, sensf_res, resp->len);
 772        target.sensf_res_len = resp->len;
 773
 774        memcpy(target.nfcid2, sensf_res->nfcid2, NFC_NFCID2_MAXSIZE);
 775        target.nfcid2_len = NFC_NFCID2_MAXSIZE;
 776
 777        if (target.nfcid2[0] == DIGITAL_SENSF_NFCID2_NFC_DEP_B1 &&
 778            target.nfcid2[1] == DIGITAL_SENSF_NFCID2_NFC_DEP_B2)
 779                proto = NFC_PROTO_NFC_DEP;
 780        else
 781                proto = NFC_PROTO_FELICA;
 782
 783        rc = digital_target_found(ddev, &target, proto);
 784
 785exit:
 786        dev_kfree_skb(resp);
 787
 788        if (rc)
 789                digital_poll_next_tech(ddev);
 790}
 791
 792int digital_in_send_sensf_req(struct nfc_digital_dev *ddev, u8 rf_tech)
 793{
 794        struct digital_sensf_req *sensf_req;
 795        struct sk_buff *skb;
 796        int rc;
 797        u8 size;
 798
 799        rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_RF_TECH, rf_tech);
 800        if (rc)
 801                return rc;
 802
 803        rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
 804                                     NFC_DIGITAL_FRAMING_NFCF);
 805        if (rc)
 806                return rc;
 807
 808        size = sizeof(struct digital_sensf_req);
 809
 810        skb = digital_skb_alloc(ddev, size);
 811        if (!skb)
 812                return -ENOMEM;
 813
 814        skb_put(skb, size);
 815
 816        sensf_req = (struct digital_sensf_req *)skb->data;
 817        sensf_req->cmd = DIGITAL_CMD_SENSF_REQ;
 818        sensf_req->sc1 = 0xFF;
 819        sensf_req->sc2 = 0xFF;
 820        sensf_req->rc = 0;
 821        sensf_req->tsn = 0;
 822
 823        *(u8 *)skb_push(skb, 1) = size + 1;
 824
 825        if (!DIGITAL_DRV_CAPS_IN_CRC(ddev))
 826                digital_skb_add_crc_f(skb);
 827
 828        rc = digital_in_send_cmd(ddev, skb, 30, digital_in_recv_sensf_res,
 829                                 NULL);
 830        if (rc)
 831                kfree_skb(skb);
 832
 833        return rc;
 834}
 835
 836static void digital_in_recv_iso15693_inv_res(struct nfc_digital_dev *ddev,
 837                void *arg, struct sk_buff *resp)
 838{
 839        struct digital_iso15693_inv_res *res;
 840        struct nfc_target *target = NULL;
 841        int rc;
 842
 843        if (IS_ERR(resp)) {
 844                rc = PTR_ERR(resp);
 845                resp = NULL;
 846                goto out_free_skb;
 847        }
 848
 849        if (resp->len != sizeof(*res)) {
 850                rc = -EIO;
 851                goto out_free_skb;
 852        }
 853
 854        res = (struct digital_iso15693_inv_res *)resp->data;
 855
 856        if (!DIGITAL_ISO15693_RES_IS_VALID(res->flags)) {
 857                PROTOCOL_ERR("ISO15693 - 10.3.1");
 858                rc = -EINVAL;
 859                goto out_free_skb;
 860        }
 861
 862        target = kzalloc(sizeof(*target), GFP_KERNEL);
 863        if (!target) {
 864                rc = -ENOMEM;
 865                goto out_free_skb;
 866        }
 867
 868        target->is_iso15693 = 1;
 869        target->iso15693_dsfid = res->dsfid;
 870        memcpy(target->iso15693_uid, &res->uid, sizeof(target->iso15693_uid));
 871
 872        rc = digital_target_found(ddev, target, NFC_PROTO_ISO15693);
 873
 874        kfree(target);
 875
 876out_free_skb:
 877        dev_kfree_skb(resp);
 878
 879        if (rc)
 880                digital_poll_next_tech(ddev);
 881}
 882
 883int digital_in_send_iso15693_inv_req(struct nfc_digital_dev *ddev, u8 rf_tech)
 884{
 885        struct digital_iso15693_inv_req *req;
 886        struct sk_buff *skb;
 887        int rc;
 888
 889        rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_RF_TECH,
 890                                     NFC_DIGITAL_RF_TECH_ISO15693);
 891        if (rc)
 892                return rc;
 893
 894        rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
 895                                     NFC_DIGITAL_FRAMING_ISO15693_INVENTORY);
 896        if (rc)
 897                return rc;
 898
 899        skb = digital_skb_alloc(ddev, sizeof(*req));
 900        if (!skb)
 901                return -ENOMEM;
 902
 903        skb_put(skb, sizeof(*req) - sizeof(req->mask)); /* No mask */
 904        req = (struct digital_iso15693_inv_req *)skb->data;
 905
 906        /* Single sub-carrier, high data rate, no AFI, single slot
 907         * Inventory command
 908         */
 909        req->flags = DIGITAL_ISO15693_REQ_FLAG_DATA_RATE |
 910                     DIGITAL_ISO15693_REQ_FLAG_INVENTORY |
 911                     DIGITAL_ISO15693_REQ_FLAG_NB_SLOTS;
 912        req->cmd = DIGITAL_CMD_ISO15693_INVENTORY_REQ;
 913        req->mask_len = 0;
 914
 915        rc = digital_in_send_cmd(ddev, skb, 30,
 916                                 digital_in_recv_iso15693_inv_res, NULL);
 917        if (rc)
 918                kfree_skb(skb);
 919
 920        return rc;
 921}
 922
 923static int digital_tg_send_sel_res(struct nfc_digital_dev *ddev)
 924{
 925        struct sk_buff *skb;
 926        int rc;
 927
 928        skb = digital_skb_alloc(ddev, 1);
 929        if (!skb)
 930                return -ENOMEM;
 931
 932        skb_put_u8(skb, DIGITAL_SEL_RES_NFC_DEP);
 933
 934        if (!DIGITAL_DRV_CAPS_TG_CRC(ddev))
 935                digital_skb_add_crc_a(skb);
 936
 937        rc = digital_tg_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
 938                                     NFC_DIGITAL_FRAMING_NFCA_ANTICOL_COMPLETE);
 939        if (rc) {
 940                kfree_skb(skb);
 941                return rc;
 942        }
 943
 944        rc = digital_tg_send_cmd(ddev, skb, 300, digital_tg_recv_atr_req,
 945                                 NULL);
 946        if (rc)
 947                kfree_skb(skb);
 948
 949        return rc;
 950}
 951
 952static void digital_tg_recv_sel_req(struct nfc_digital_dev *ddev, void *arg,
 953                                    struct sk_buff *resp)
 954{
 955        int rc;
 956
 957        if (IS_ERR(resp)) {
 958                rc = PTR_ERR(resp);
 959                resp = NULL;
 960                goto exit;
 961        }
 962
 963        if (!DIGITAL_DRV_CAPS_TG_CRC(ddev)) {
 964                rc = digital_skb_check_crc_a(resp);
 965                if (rc) {
 966                        PROTOCOL_ERR("4.4.1.3");
 967                        goto exit;
 968                }
 969        }
 970
 971        /* Silently ignore SEL_REQ content and send a SEL_RES for NFC-DEP */
 972
 973        rc = digital_tg_send_sel_res(ddev);
 974
 975exit:
 976        if (rc)
 977                digital_poll_next_tech(ddev);
 978
 979        dev_kfree_skb(resp);
 980}
 981
 982static int digital_tg_send_sdd_res(struct nfc_digital_dev *ddev)
 983{
 984        struct sk_buff *skb;
 985        struct digital_sdd_res *sdd_res;
 986        int rc, i;
 987
 988        skb = digital_skb_alloc(ddev, sizeof(struct digital_sdd_res));
 989        if (!skb)
 990                return -ENOMEM;
 991
 992        skb_put(skb, sizeof(struct digital_sdd_res));
 993        sdd_res = (struct digital_sdd_res *)skb->data;
 994
 995        sdd_res->nfcid1[0] = 0x08;
 996        get_random_bytes(sdd_res->nfcid1 + 1, 3);
 997
 998        sdd_res->bcc = 0;
 999        for (i = 0; i < 4; i++)
1000                sdd_res->bcc ^= sdd_res->nfcid1[i];
1001
1002        rc = digital_tg_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
1003                                NFC_DIGITAL_FRAMING_NFCA_STANDARD_WITH_CRC_A);
1004        if (rc) {
1005                kfree_skb(skb);
1006                return rc;
1007        }
1008
1009        rc = digital_tg_send_cmd(ddev, skb, 300, digital_tg_recv_sel_req,
1010                                 NULL);
1011        if (rc)
1012                kfree_skb(skb);
1013
1014        return rc;
1015}
1016
1017static void digital_tg_recv_sdd_req(struct nfc_digital_dev *ddev, void *arg,
1018                                    struct sk_buff *resp)
1019{
1020        u8 *sdd_req;
1021        int rc;
1022
1023        if (IS_ERR(resp)) {
1024                rc = PTR_ERR(resp);
1025                resp = NULL;
1026                goto exit;
1027        }
1028
1029        sdd_req = resp->data;
1030
1031        if (resp->len < 2 || sdd_req[0] != DIGITAL_CMD_SEL_REQ_CL1 ||
1032            sdd_req[1] != DIGITAL_SDD_REQ_SEL_PAR) {
1033                rc = -EINVAL;
1034                goto exit;
1035        }
1036
1037        rc = digital_tg_send_sdd_res(ddev);
1038
1039exit:
1040        if (rc)
1041                digital_poll_next_tech(ddev);
1042
1043        dev_kfree_skb(resp);
1044}
1045
1046static int digital_tg_send_sens_res(struct nfc_digital_dev *ddev)
1047{
1048        struct sk_buff *skb;
1049        u8 *sens_res;
1050        int rc;
1051
1052        skb = digital_skb_alloc(ddev, 2);
1053        if (!skb)
1054                return -ENOMEM;
1055
1056        sens_res = skb_put(skb, 2);
1057
1058        sens_res[0] = (DIGITAL_SENS_RES_NFC_DEP >> 8) & 0xFF;
1059        sens_res[1] = DIGITAL_SENS_RES_NFC_DEP & 0xFF;
1060
1061        rc = digital_tg_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
1062                                     NFC_DIGITAL_FRAMING_NFCA_STANDARD);
1063        if (rc) {
1064                kfree_skb(skb);
1065                return rc;
1066        }
1067
1068        rc = digital_tg_send_cmd(ddev, skb, 300, digital_tg_recv_sdd_req,
1069                                 NULL);
1070        if (rc)
1071                kfree_skb(skb);
1072
1073        return rc;
1074}
1075
1076void digital_tg_recv_sens_req(struct nfc_digital_dev *ddev, void *arg,
1077                              struct sk_buff *resp)
1078{
1079        u8 sens_req;
1080        int rc;
1081
1082        if (IS_ERR(resp)) {
1083                rc = PTR_ERR(resp);
1084                resp = NULL;
1085                goto exit;
1086        }
1087
1088        sens_req = resp->data[0];
1089
1090        if (!resp->len || (sens_req != DIGITAL_CMD_SENS_REQ &&
1091            sens_req != DIGITAL_CMD_ALL_REQ)) {
1092                rc = -EINVAL;
1093                goto exit;
1094        }
1095
1096        rc = digital_tg_send_sens_res(ddev);
1097
1098exit:
1099        if (rc)
1100                digital_poll_next_tech(ddev);
1101
1102        dev_kfree_skb(resp);
1103}
1104
1105static void digital_tg_recv_atr_or_sensf_req(struct nfc_digital_dev *ddev,
1106                void *arg, struct sk_buff *resp)
1107{
1108        if (!IS_ERR(resp) && (resp->len >= 2) &&
1109                        (resp->data[1] == DIGITAL_CMD_SENSF_REQ))
1110                digital_tg_recv_sensf_req(ddev, arg, resp);
1111        else
1112                digital_tg_recv_atr_req(ddev, arg, resp);
1113
1114        return;
1115}
1116
1117static int digital_tg_send_sensf_res(struct nfc_digital_dev *ddev,
1118                              struct digital_sensf_req *sensf_req)
1119{
1120        struct sk_buff *skb;
1121        u8 size;
1122        int rc;
1123        struct digital_sensf_res *sensf_res;
1124
1125        size = sizeof(struct digital_sensf_res);
1126
1127        if (sensf_req->rc == DIGITAL_SENSF_REQ_RC_NONE)
1128                size -= sizeof(sensf_res->rd);
1129
1130        skb = digital_skb_alloc(ddev, size);
1131        if (!skb)
1132                return -ENOMEM;
1133
1134        skb_put(skb, size);
1135
1136        sensf_res = (struct digital_sensf_res *)skb->data;
1137
1138        memset(sensf_res, 0, size);
1139
1140        sensf_res->cmd = DIGITAL_CMD_SENSF_RES;
1141        sensf_res->nfcid2[0] = DIGITAL_SENSF_NFCID2_NFC_DEP_B1;
1142        sensf_res->nfcid2[1] = DIGITAL_SENSF_NFCID2_NFC_DEP_B2;
1143        get_random_bytes(&sensf_res->nfcid2[2], 6);
1144
1145        switch (sensf_req->rc) {
1146        case DIGITAL_SENSF_REQ_RC_SC:
1147                sensf_res->rd[0] = sensf_req->sc1;
1148                sensf_res->rd[1] = sensf_req->sc2;
1149                break;
1150        case DIGITAL_SENSF_REQ_RC_AP:
1151                sensf_res->rd[0] = DIGITAL_SENSF_RES_RD_AP_B1;
1152                sensf_res->rd[1] = DIGITAL_SENSF_RES_RD_AP_B2;
1153                break;
1154        }
1155
1156        *(u8 *)skb_push(skb, sizeof(u8)) = size + 1;
1157
1158        if (!DIGITAL_DRV_CAPS_TG_CRC(ddev))
1159                digital_skb_add_crc_f(skb);
1160
1161        rc = digital_tg_send_cmd(ddev, skb, 300,
1162                                 digital_tg_recv_atr_or_sensf_req, NULL);
1163        if (rc)
1164                kfree_skb(skb);
1165
1166        return rc;
1167}
1168
1169void digital_tg_recv_sensf_req(struct nfc_digital_dev *ddev, void *arg,
1170                               struct sk_buff *resp)
1171{
1172        struct digital_sensf_req *sensf_req;
1173        int rc;
1174
1175        if (IS_ERR(resp)) {
1176                rc = PTR_ERR(resp);
1177                resp = NULL;
1178                goto exit;
1179        }
1180
1181        if (!DIGITAL_DRV_CAPS_TG_CRC(ddev)) {
1182                rc = digital_skb_check_crc_f(resp);
1183                if (rc) {
1184                        PROTOCOL_ERR("6.4.1.8");
1185                        goto exit;
1186                }
1187        }
1188
1189        if (resp->len != sizeof(struct digital_sensf_req) + 1) {
1190                rc = -EINVAL;
1191                goto exit;
1192        }
1193
1194        skb_pull(resp, 1);
1195        sensf_req = (struct digital_sensf_req *)resp->data;
1196
1197        if (sensf_req->cmd != DIGITAL_CMD_SENSF_REQ) {
1198                rc = -EINVAL;
1199                goto exit;
1200        }
1201
1202        rc = digital_tg_send_sensf_res(ddev, sensf_req);
1203
1204exit:
1205        if (rc)
1206                digital_poll_next_tech(ddev);
1207
1208        dev_kfree_skb(resp);
1209}
1210
1211static int digital_tg_config_nfca(struct nfc_digital_dev *ddev)
1212{
1213        int rc;
1214
1215        rc = digital_tg_configure_hw(ddev, NFC_DIGITAL_CONFIG_RF_TECH,
1216                                     NFC_DIGITAL_RF_TECH_106A);
1217        if (rc)
1218                return rc;
1219
1220        return digital_tg_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
1221                                       NFC_DIGITAL_FRAMING_NFCA_NFC_DEP);
1222}
1223
1224int digital_tg_listen_nfca(struct nfc_digital_dev *ddev, u8 rf_tech)
1225{
1226        int rc;
1227
1228        rc = digital_tg_config_nfca(ddev);
1229        if (rc)
1230                return rc;
1231
1232        return digital_tg_listen(ddev, 300, digital_tg_recv_sens_req, NULL);
1233}
1234
1235static int digital_tg_config_nfcf(struct nfc_digital_dev *ddev, u8 rf_tech)
1236{
1237        int rc;
1238
1239        rc = digital_tg_configure_hw(ddev, NFC_DIGITAL_CONFIG_RF_TECH, rf_tech);
1240        if (rc)
1241                return rc;
1242
1243        return digital_tg_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
1244                                       NFC_DIGITAL_FRAMING_NFCF_NFC_DEP);
1245}
1246
1247int digital_tg_listen_nfcf(struct nfc_digital_dev *ddev, u8 rf_tech)
1248{
1249        int rc;
1250
1251        rc = digital_tg_config_nfcf(ddev, rf_tech);
1252        if (rc)
1253                return rc;
1254
1255        return digital_tg_listen(ddev, 300, digital_tg_recv_sensf_req, NULL);
1256}
1257
1258void digital_tg_recv_md_req(struct nfc_digital_dev *ddev, void *arg,
1259                            struct sk_buff *resp)
1260{
1261        u8 rf_tech;
1262        int rc;
1263
1264        if (IS_ERR(resp)) {
1265                resp = NULL;
1266                goto exit_free_skb;
1267        }
1268
1269        rc = ddev->ops->tg_get_rf_tech(ddev, &rf_tech);
1270        if (rc)
1271                goto exit_free_skb;
1272
1273        switch (rf_tech) {
1274        case NFC_DIGITAL_RF_TECH_106A:
1275                rc = digital_tg_config_nfca(ddev);
1276                if (rc)
1277                        goto exit_free_skb;
1278                digital_tg_recv_sens_req(ddev, arg, resp);
1279                break;
1280        case NFC_DIGITAL_RF_TECH_212F:
1281        case NFC_DIGITAL_RF_TECH_424F:
1282                rc = digital_tg_config_nfcf(ddev, rf_tech);
1283                if (rc)
1284                        goto exit_free_skb;
1285                digital_tg_recv_sensf_req(ddev, arg, resp);
1286                break;
1287        default:
1288                goto exit_free_skb;
1289        }
1290
1291        return;
1292
1293exit_free_skb:
1294        digital_poll_next_tech(ddev);
1295        dev_kfree_skb(resp);
1296}
1297