LXR linux/net/nfc/digital

   1/*
   2 * NFC Digital Protocol stack
   3 * Copyright (c) 2013, Intel Corporation.
   4 *
   5 * This program is free software; you can redistribute it and/or modify it
   6 * under the terms and conditions of the GNU General Public License,
   7 * version 2, as published by the Free Software Foundation.
   8 *
   9 * This program is distributed in the hope it will be useful, but WITHOUT
  10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  11 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
  12 * more details.
  13 *
  14 */
  15
  16#define pr_fmt(fmt) "digital: %s: " fmt, __func__
  17
  18#include "digital.h"
  19
  20#define DIGITAL_CMD_SENS_REQ    0x26
  21#define DIGITAL_CMD_ALL_REQ     0x52
  22#define DIGITAL_CMD_SEL_REQ_CL1 0x93
  23#define DIGITAL_CMD_SEL_REQ_CL2 0x95
  24#define DIGITAL_CMD_SEL_REQ_CL3 0x97
  25
  26#define DIGITAL_SDD_REQ_SEL_PAR 0x20
  27
  28#define DIGITAL_SDD_RES_CT  0x88
  29#define DIGITAL_SDD_RES_LEN 5
  30
  31#define DIGITAL_SEL_RES_NFCID1_COMPLETE(sel_res) (!((sel_res) & 0x04))
  32#define DIGITAL_SEL_RES_IS_T2T(sel_res) (!((sel_res) & 0x60))
  33#define DIGITAL_SEL_RES_IS_T4T(sel_res) ((sel_res) & 0x20)
  34#define DIGITAL_SEL_RES_IS_NFC_DEP(sel_res) ((sel_res) & 0x40)
  35
  36#define DIGITAL_SENS_RES_IS_T1T(sens_res) (((sens_res) & 0x0C00) == 0x0C00)
  37#define DIGITAL_SENS_RES_IS_VALID(sens_res) \
  38        ((!((sens_res) & 0x001F) && (((sens_res) & 0x0C00) == 0x0C00)) || \
  39        (((sens_res) & 0x001F) && ((sens_res) & 0x0C00) != 0x0C00))
  40
  41#define DIGITAL_MIFARE_READ_RES_LEN 16
  42#define DIGITAL_MIFARE_ACK_RES  0x0A
  43
  44#define DIGITAL_CMD_SENSB_REQ                   0x05
  45#define DIGITAL_SENSB_ADVANCED                  BIT(5)
  46#define DIGITAL_SENSB_EXTENDED                  BIT(4)
  47#define DIGITAL_SENSB_ALLB_REQ                  BIT(3)
  48#define DIGITAL_SENSB_N(n)                      ((n) & 0x7)
  49
  50#define DIGITAL_CMD_SENSB_RES                   0x50
  51
  52#define DIGITAL_CMD_ATTRIB_REQ                  0x1D
  53#define DIGITAL_ATTRIB_P1_TR0_DEFAULT           (0x0 << 6)
  54#define DIGITAL_ATTRIB_P1_TR1_DEFAULT           (0x0 << 4)
  55#define DIGITAL_ATTRIB_P1_SUPRESS_EOS           BIT(3)
  56#define DIGITAL_ATTRIB_P1_SUPRESS_SOS           BIT(2)
  57#define DIGITAL_ATTRIB_P2_LISTEN_POLL_1         (0x0 << 6)
  58#define DIGITAL_ATTRIB_P2_POLL_LISTEN_1         (0x0 << 4)
  59#define DIGITAL_ATTRIB_P2_MAX_FRAME_256         0x8
  60#define DIGITAL_ATTRIB_P4_DID(n)                ((n) & 0xf)
  61
  62#define DIGITAL_CMD_SENSF_REQ   0x00
  63#define DIGITAL_CMD_SENSF_RES   0x01
  64
  65#define DIGITAL_SENSF_RES_MIN_LENGTH 17
  66#define DIGITAL_SENSF_RES_RD_AP_B1   0x00
  67#define DIGITAL_SENSF_RES_RD_AP_B2   0x8F
  68
  69#define DIGITAL_SENSF_REQ_RC_NONE 0
  70#define DIGITAL_SENSF_REQ_RC_SC   1
  71#define DIGITAL_SENSF_REQ_RC_AP   2
  72
  73#define DIGITAL_CMD_ISO15693_INVENTORY_REQ      0x01
  74
  75#define DIGITAL_ISO15693_REQ_FLAG_DATA_RATE     BIT(1)
  76#define DIGITAL_ISO15693_REQ_FLAG_INVENTORY     BIT(2)
  77#define DIGITAL_ISO15693_REQ_FLAG_NB_SLOTS      BIT(5)
  78#define DIGITAL_ISO15693_RES_FLAG_ERROR         BIT(0)
  79#define DIGITAL_ISO15693_RES_IS_VALID(flags) \
  80        (!((flags) & DIGITAL_ISO15693_RES_FLAG_ERROR))
  81
  82#define DIGITAL_ISO_DEP_I_PCB    0x02
  83#define DIGITAL_ISO_DEP_PNI(pni) ((pni) & 0x01)
  84
  85#define DIGITAL_ISO_DEP_PCB_TYPE(pcb) ((pcb) & 0xC0)
  86
  87#define DIGITAL_ISO_DEP_I_BLOCK 0x00
  88
  89#define DIGITAL_ISO_DEP_BLOCK_HAS_DID(pcb) ((pcb) & 0x08)
  90
  91static const u8 digital_ats_fsc[] = {
  92         16,  24,  32,  40,  48,  64,  96, 128,
  93};
  94
  95#define DIGITAL_ATS_FSCI(t0) ((t0) & 0x0F)
  96#define DIGITAL_SENSB_FSCI(pi2) (((pi2) & 0xF0) >> 4)
  97#define DIGITAL_ATS_MAX_FSC  256
  98
  99#define DIGITAL_RATS_BYTE1 0xE0
 100#define DIGITAL_RATS_PARAM 0x80
 101
 102struct digital_sdd_res {
 103        u8 nfcid1[4];
 104        u8 bcc;
 105} __packed;
 106
 107struct digital_sel_req {
 108        u8 sel_cmd;
 109        u8 b2;
 110        u8 nfcid1[4];
 111        u8 bcc;
 112} __packed;
 113
 114struct digital_sensb_req {
 115        u8 cmd;
 116        u8 afi;
 117        u8 param;
 118} __packed;
 119
 120struct digital_sensb_res {
 121        u8 cmd;
 122        u8 nfcid0[4];
 123        u8 app_data[4];
 124        u8 proto_info[3];
 125} __packed;
 126
 127struct digital_attrib_req {
 128        u8 cmd;
 129        u8 nfcid0[4];
 130        u8 param1;
 131        u8 param2;
 132        u8 param3;
 133        u8 param4;
 134} __packed;
 135
 136struct digital_attrib_res {
 137        u8 mbli_did;
 138} __packed;
 139
 140struct digital_sensf_req {
 141        u8 cmd;
 142        u8 sc1;
 143        u8 sc2;
 144        u8 rc;
 145        u8 tsn;
 146} __packed;
 147
 148struct digital_sensf_res {
 149        u8 cmd;
 150        u8 nfcid2[8];
 151        u8 pad0[2];
 152        u8 pad1[3];
 153        u8 mrti_check;
 154        u8 mrti_update;
 155        u8 pad2;
 156        u8 rd[2];
 157} __packed;
 158
 159struct digital_iso15693_inv_req {
 160        u8 flags;
 161        u8 cmd;
 162        u8 mask_len;
 163        u64 mask;
 164} __packed;
 165
 166struct digital_iso15693_inv_res {
 167        u8 flags;
 168        u8 dsfid;
 169        u64 uid;
 170} __packed;
 171
 172static int digital_in_send_sdd_req(struct nfc_digital_dev *ddev,
 173                                   struct nfc_target *target);
 174
 175int digital_in_iso_dep_pull_sod(struct nfc_digital_dev *ddev,
 176                                struct sk_buff *skb)
 177{
 178        u8 pcb;
 179        u8 block_type;
 180
 181        if (skb->len < 1)
 182                return -EIO;
 183
 184        pcb = *skb->data;
 185        block_type = DIGITAL_ISO_DEP_PCB_TYPE(pcb);
 186
 187        /* No support fo R-block nor S-block */
 188        if (block_type != DIGITAL_ISO_DEP_I_BLOCK) {
 189                pr_err("ISO_DEP R-block and S-block not supported\n");
 190                return -EIO;
 191        }
 192
 193        if (DIGITAL_ISO_DEP_BLOCK_HAS_DID(pcb)) {
 194                pr_err("DID field in ISO_DEP PCB not supported\n");
 195                return -EIO;
 196        }
 197
 198        skb_pull(skb, 1);
 199
 200        return 0;
 201}
 202
 203int digital_in_iso_dep_push_sod(struct nfc_digital_dev *ddev,
 204                                struct sk_buff *skb)
 205{
 206        /*
 207         * Chaining not supported so skb->len + 1 PCB byte + 2 CRC bytes must
 208         * not be greater than remote FSC
 209         */
 210        if (skb->len + 3 > ddev->target_fsc)
 211                return -EIO;
 212
 213        skb_push(skb, 1);
 214
 215        *skb->data = DIGITAL_ISO_DEP_I_PCB | ddev->curr_nfc_dep_pni;
 216
 217        ddev->curr_nfc_dep_pni =
 218                DIGITAL_ISO_DEP_PNI(ddev->curr_nfc_dep_pni + 1);
 219
 220        return 0;
 221}
 222
 223static void digital_in_recv_ats(struct nfc_digital_dev *ddev, void *arg,
 224                                struct sk_buff *resp)
 225{
 226        struct nfc_target *target = arg;
 227        u8 fsdi;
 228        int rc;
 229
 230        if (IS_ERR(resp)) {
 231                rc = PTR_ERR(resp);
 232                resp = NULL;
 233                goto exit;
 234        }
 235
 236        if (resp->len < 2) {
 237                rc = -EIO;
 238                goto exit;
 239        }
 240
 241        fsdi = DIGITAL_ATS_FSCI(resp->data[1]);
 242        if (fsdi >= 8)
 243                ddev->target_fsc = DIGITAL_ATS_MAX_FSC;
 244        else
 245                ddev->target_fsc = digital_ats_fsc[fsdi];
 246
 247        ddev->curr_nfc_dep_pni = 0;
 248
 249        rc = digital_target_found(ddev, target, NFC_PROTO_ISO14443);
 250
 251exit:
 252        dev_kfree_skb(resp);
 253        kfree(target);
 254
 255        if (rc)
 256                digital_poll_next_tech(ddev);
 257}
 258
 259static int digital_in_send_rats(struct nfc_digital_dev *ddev,
 260                                struct nfc_target *target)
 261{
 262        int rc;
 263        struct sk_buff *skb;
 264
 265        skb = digital_skb_alloc(ddev, 2);
 266        if (!skb)
 267                return -ENOMEM;
 268
 269        *skb_put(skb, 1) = DIGITAL_RATS_BYTE1;
 270        *skb_put(skb, 1) = DIGITAL_RATS_PARAM;
 271
 272        rc = digital_in_send_cmd(ddev, skb, 30, digital_in_recv_ats,
 273                                 target);
 274        if (rc)
 275                kfree_skb(skb);
 276
 277        return rc;
 278}
 279
 280static void digital_in_recv_sel_res(struct nfc_digital_dev *ddev, void *arg,
 281                                    struct sk_buff *resp)
 282{
 283        struct nfc_target *target = arg;
 284        int rc;
 285        u8 sel_res;
 286        u8 nfc_proto;
 287
 288        if (IS_ERR(resp)) {
 289                rc = PTR_ERR(resp);
 290                resp = NULL;
 291                goto exit;
 292        }
 293
 294        if (!DIGITAL_DRV_CAPS_IN_CRC(ddev)) {
 295                rc = digital_skb_check_crc_a(resp);
 296                if (rc) {
 297                        PROTOCOL_ERR("4.4.1.3");
 298                        goto exit;
 299                }
 300        }
 301
 302        if (!resp->len) {
 303                rc = -EIO;
 304                goto exit;
 305        }
 306
 307        sel_res = resp->data[0];
 308
 309        if (!DIGITAL_SEL_RES_NFCID1_COMPLETE(sel_res)) {
 310                rc = digital_in_send_sdd_req(ddev, target);
 311                if (rc)
 312                        goto exit;
 313
 314                goto exit_free_skb;
 315        }
 316
 317        target->sel_res = sel_res;
 318
 319        if (DIGITAL_SEL_RES_IS_T2T(sel_res)) {
 320                nfc_proto = NFC_PROTO_MIFARE;
 321        } else if (DIGITAL_SEL_RES_IS_NFC_DEP(sel_res)) {
 322                nfc_proto = NFC_PROTO_NFC_DEP;
 323        } else if (DIGITAL_SEL_RES_IS_T4T(sel_res)) {
 324                rc = digital_in_send_rats(ddev, target);
 325                if (rc)
 326                        goto exit;
 327                /*
 328                 * Skip target_found and don't free it for now. This will be
 329                 * done when receiving the ATS
 330                 */
 331                goto exit_free_skb;
 332        } else {
 333                rc = -EOPNOTSUPP;
 334                goto exit;
 335        }
 336
 337        rc = digital_target_found(ddev, target, nfc_proto);
 338
 339exit:
 340        kfree(target);
 341
 342exit_free_skb:
 343        dev_kfree_skb(resp);
 344
 345        if (rc)
 346                digital_poll_next_tech(ddev);
 347}
 348
 349static int digital_in_send_sel_req(struct nfc_digital_dev *ddev,
 350                                   struct nfc_target *target,
 351                                   struct digital_sdd_res *sdd_res)
 352{
 353        struct sk_buff *skb;
 354        struct digital_sel_req *sel_req;
 355        u8 sel_cmd;
 356        int rc;
 357
 358        skb = digital_skb_alloc(ddev, sizeof(struct digital_sel_req));
 359        if (!skb)
 360                return -ENOMEM;
 361
 362        skb_put(skb, sizeof(struct digital_sel_req));
 363        sel_req = (struct digital_sel_req *)skb->data;
 364
 365        if (target->nfcid1_len <= 4)
 366                sel_cmd = DIGITAL_CMD_SEL_REQ_CL1;
 367        else if (target->nfcid1_len < 10)
 368                sel_cmd = DIGITAL_CMD_SEL_REQ_CL2;
 369        else
 370                sel_cmd = DIGITAL_CMD_SEL_REQ_CL3;
 371
 372        sel_req->sel_cmd = sel_cmd;
 373        sel_req->b2 = 0x70;
 374        memcpy(sel_req->nfcid1, sdd_res->nfcid1, 4);
 375        sel_req->bcc = sdd_res->bcc;
 376
 377        if (DIGITAL_DRV_CAPS_IN_CRC(ddev)) {
 378                rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
 379                                NFC_DIGITAL_FRAMING_NFCA_STANDARD_WITH_CRC_A);
 380                if (rc)
 381                        goto exit;
 382        } else {
 383                digital_skb_add_crc_a(skb);
 384        }
 385
 386        rc = digital_in_send_cmd(ddev, skb, 30, digital_in_recv_sel_res,
 387                                 target);
 388exit:
 389        if (rc)
 390                kfree_skb(skb);
 391
 392        return rc;
 393}
 394
 395static void digital_in_recv_sdd_res(struct nfc_digital_dev *ddev, void *arg,
 396                                    struct sk_buff *resp)
 397{
 398        struct nfc_target *target = arg;
 399        struct digital_sdd_res *sdd_res;
 400        int rc;
 401        u8 offset, size;
 402        u8 i, bcc;
 403
 404        if (IS_ERR(resp)) {
 405                rc = PTR_ERR(resp);
 406                resp = NULL;
 407                goto exit;
 408        }
 409
 410        if (resp->len < DIGITAL_SDD_RES_LEN) {
 411                PROTOCOL_ERR("4.7.2.8");
 412                rc = -EINVAL;
 413                goto exit;
 414        }
 415
 416        sdd_res = (struct digital_sdd_res *)resp->data;
 417
 418        for (i = 0, bcc = 0; i < 4; i++)
 419                bcc ^= sdd_res->nfcid1[i];
 420
 421        if (bcc != sdd_res->bcc) {
 422                PROTOCOL_ERR("4.7.2.6");
 423                rc = -EINVAL;
 424                goto exit;
 425        }
 426
 427        if (sdd_res->nfcid1[0] == DIGITAL_SDD_RES_CT) {
 428                offset = 1;
 429                size = 3;
 430        } else {
 431                offset = 0;
 432                size = 4;
 433        }
 434
 435        memcpy(target->nfcid1 + target->nfcid1_len, sdd_res->nfcid1 + offset,
 436               size);
 437        target->nfcid1_len += size;
 438
 439        rc = digital_in_send_sel_req(ddev, target, sdd_res);
 440
 441exit:
 442        dev_kfree_skb(resp);
 443
 444        if (rc) {
 445                kfree(target);
 446                digital_poll_next_tech(ddev);
 447        }
 448}
 449
 450static int digital_in_send_sdd_req(struct nfc_digital_dev *ddev,
 451                                   struct nfc_target *target)
 452{
 453        int rc;
 454        struct sk_buff *skb;
 455        u8 sel_cmd;
 456
 457        rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
 458                                     NFC_DIGITAL_FRAMING_NFCA_STANDARD);
 459        if (rc)
 460                return rc;
 461
 462        skb = digital_skb_alloc(ddev, 2);
 463        if (!skb)
 464                return -ENOMEM;
 465
 466        if (target->nfcid1_len == 0)
 467                sel_cmd = DIGITAL_CMD_SEL_REQ_CL1;
 468        else if (target->nfcid1_len == 3)
 469                sel_cmd = DIGITAL_CMD_SEL_REQ_CL2;
 470        else
 471                sel_cmd = DIGITAL_CMD_SEL_REQ_CL3;
 472
 473        *skb_put(skb, sizeof(u8)) = sel_cmd;
 474        *skb_put(skb, sizeof(u8)) = DIGITAL_SDD_REQ_SEL_PAR;
 475
 476        return digital_in_send_cmd(ddev, skb, 30, digital_in_recv_sdd_res,
 477                                   target);
 478}
 479
 480static void digital_in_recv_sens_res(struct nfc_digital_dev *ddev, void *arg,
 481                                     struct sk_buff *resp)
 482{
 483        struct nfc_target *target = NULL;
 484        int rc;
 485
 486        if (IS_ERR(resp)) {
 487                rc = PTR_ERR(resp);
 488                resp = NULL;
 489                goto exit;
 490        }
 491
 492        if (resp->len < sizeof(u16)) {
 493                rc = -EIO;
 494                goto exit;
 495        }
 496
 497        target = kzalloc(sizeof(struct nfc_target), GFP_KERNEL);
 498        if (!target) {
 499                rc = -ENOMEM;
 500                goto exit;
 501        }
 502
 503        target->sens_res = __le16_to_cpu(*(__le16 *)resp->data);
 504
 505        if (!DIGITAL_SENS_RES_IS_VALID(target->sens_res)) {
 506                PROTOCOL_ERR("4.6.3.3");
 507                rc = -EINVAL;
 508                goto exit;
 509        }
 510
 511        if (DIGITAL_SENS_RES_IS_T1T(target->sens_res))
 512                rc = digital_target_found(ddev, target, NFC_PROTO_JEWEL);
 513        else
 514                rc = digital_in_send_sdd_req(ddev, target);
 515
 516exit:
 517        dev_kfree_skb(resp);
 518
 519        if (rc) {
 520                kfree(target);
 521                digital_poll_next_tech(ddev);
 522        }
 523}
 524
 525int digital_in_send_sens_req(struct nfc_digital_dev *ddev, u8 rf_tech)
 526{
 527        struct sk_buff *skb;
 528        int rc;
 529
 530        rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_RF_TECH,
 531                                     NFC_DIGITAL_RF_TECH_106A);
 532        if (rc)
 533                return rc;
 534
 535        rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
 536                                     NFC_DIGITAL_FRAMING_NFCA_SHORT);
 537        if (rc)
 538                return rc;
 539
 540        skb = digital_skb_alloc(ddev, 1);
 541        if (!skb)
 542                return -ENOMEM;
 543
 544        *skb_put(skb, sizeof(u8)) = DIGITAL_CMD_SENS_REQ;
 545
 546        rc = digital_in_send_cmd(ddev, skb, 30, digital_in_recv_sens_res, NULL);
 547        if (rc)
 548                kfree_skb(skb);
 549
 550        return rc;
 551}
 552
 553int digital_in_recv_mifare_res(struct sk_buff *resp)
 554{
 555        /* Successful READ command response is 16 data bytes + 2 CRC bytes long.
 556         * Since the driver can't differentiate a ACK/NACK response from a valid
 557         * READ response, the CRC calculation must be handled at digital level
 558         * even if the driver supports it for this technology.
 559         */
 560        if (resp->len == DIGITAL_MIFARE_READ_RES_LEN + DIGITAL_CRC_LEN) {
 561                if (digital_skb_check_crc_a(resp)) {
 562                        PROTOCOL_ERR("9.4.1.2");
 563                        return -EIO;
 564                }
 565
 566                return 0;
 567        }
 568
 569        /* ACK response (i.e. successful WRITE). */
 570        if (resp->len == 1 && resp->data[0] == DIGITAL_MIFARE_ACK_RES) {
 571                resp->data[0] = 0;
 572                return 0;
 573        }
 574
 575        /* NACK and any other responses are treated as error. */
 576        return -EIO;
 577}
 578
 579static void digital_in_recv_attrib_res(struct nfc_digital_dev *ddev, void *arg,
 580                                       struct sk_buff *resp)
 581{
 582        struct nfc_target *target = arg;
 583        struct digital_attrib_res *attrib_res;
 584        int rc;
 585
 586        if (IS_ERR(resp)) {
 587                rc = PTR_ERR(resp);
 588                resp = NULL;
 589                goto exit;
 590        }
 591
 592        if (resp->len < sizeof(*attrib_res)) {
 593                PROTOCOL_ERR("12.6.2");
 594                rc = -EIO;
 595                goto exit;
 596        }
 597
 598        attrib_res = (struct digital_attrib_res *)resp->data;
 599
 600        if (attrib_res->mbli_did & 0x0f) {
 601                PROTOCOL_ERR("12.6.2.1");
 602                rc = -EIO;
 603                goto exit;
 604        }
 605
 606        rc = digital_target_found(ddev, target, NFC_PROTO_ISO14443_B);
 607
 608exit:
 609        dev_kfree_skb(resp);
 610        kfree(target);
 611
 612        if (rc)
 613                digital_poll_next_tech(ddev);
 614}
 615
 616static int digital_in_send_attrib_req(struct nfc_digital_dev *ddev,
 617                               struct nfc_target *target,
 618                               struct digital_sensb_res *sensb_res)
 619{
 620        struct digital_attrib_req *attrib_req;
 621        struct sk_buff *skb;
 622        int rc;
 623
 624        skb = digital_skb_alloc(ddev, sizeof(*attrib_req));
 625        if (!skb)
 626                return -ENOMEM;
 627
 628        attrib_req = (struct digital_attrib_req *)skb_put(skb,
 629                                                          sizeof(*attrib_req));
 630
 631        attrib_req->cmd = DIGITAL_CMD_ATTRIB_REQ;
 632        memcpy(attrib_req->nfcid0, sensb_res->nfcid0,
 633               sizeof(attrib_req->nfcid0));
 634        attrib_req->param1 = DIGITAL_ATTRIB_P1_TR0_DEFAULT |
 635                             DIGITAL_ATTRIB_P1_TR1_DEFAULT;
 636        attrib_req->param2 = DIGITAL_ATTRIB_P2_LISTEN_POLL_1 |
 637                             DIGITAL_ATTRIB_P2_POLL_LISTEN_1 |
 638                             DIGITAL_ATTRIB_P2_MAX_FRAME_256;
 639        attrib_req->param3 = sensb_res->proto_info[1] & 0x07;
 640        attrib_req->param4 = DIGITAL_ATTRIB_P4_DID(0);
 641
 642        rc = digital_in_send_cmd(ddev, skb, 30, digital_in_recv_attrib_res,
 643                                 target);
 644        if (rc)
 645                kfree_skb(skb);
 646
 647        return rc;
 648}
 649
 650static void digital_in_recv_sensb_res(struct nfc_digital_dev *ddev, void *arg,
 651                                      struct sk_buff *resp)
 652{
 653        struct nfc_target *target = NULL;
 654        struct digital_sensb_res *sensb_res;
 655        u8 fsci;
 656        int rc;
 657
 658        if (IS_ERR(resp)) {
 659                rc = PTR_ERR(resp);
 660                resp = NULL;
 661                goto exit;
 662        }
 663
 664        if (resp->len != sizeof(*sensb_res)) {
 665                PROTOCOL_ERR("5.6.2.1");
 666                rc = -EIO;
 667                goto exit;
 668        }
 669
 670        sensb_res = (struct digital_sensb_res *)resp->data;
 671
 672        if (sensb_res->cmd != DIGITAL_CMD_SENSB_RES) {
 673                PROTOCOL_ERR("5.6.2");
 674                rc = -EIO;
 675                goto exit;
 676        }
 677
 678        if (!(sensb_res->proto_info[1] & BIT(0))) {
 679                PROTOCOL_ERR("5.6.2.12");
 680                rc = -EIO;
 681                goto exit;
 682        }
 683
 684        if (sensb_res->proto_info[1] & BIT(3)) {
 685                PROTOCOL_ERR("5.6.2.16");
 686                rc = -EIO;
 687                goto exit;
 688        }
 689
 690        fsci = DIGITAL_SENSB_FSCI(sensb_res->proto_info[1]);
 691        if (fsci >= 8)
 692                ddev->target_fsc = DIGITAL_ATS_MAX_FSC;
 693        else
 694                ddev->target_fsc = digital_ats_fsc[fsci];
 695
 696        target = kzalloc(sizeof(struct nfc_target), GFP_KERNEL);
 697        if (!target) {
 698                rc = -ENOMEM;
 699                goto exit;
 700        }
 701
 702        rc = digital_in_send_attrib_req(ddev, target, sensb_res);
 703
 704exit:
 705        dev_kfree_skb(resp);
 706
 707        if (rc) {
 708                kfree(target);
 709                digital_poll_next_tech(ddev);
 710        }
 711}
 712
 713int digital_in_send_sensb_req(struct nfc_digital_dev *ddev, u8 rf_tech)
 714{
 715        struct digital_sensb_req *sensb_req;
 716        struct sk_buff *skb;
 717        int rc;
 718
 719        rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_RF_TECH,
 720                                     NFC_DIGITAL_RF_TECH_106B);
 721        if (rc)
 722                return rc;
 723
 724        rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
 725                                     NFC_DIGITAL_FRAMING_NFCB);
 726        if (rc)
 727                return rc;
 728
 729        skb = digital_skb_alloc(ddev, sizeof(*sensb_req));
 730        if (!skb)
 731                return -ENOMEM;
 732
 733        sensb_req = (struct digital_sensb_req *)skb_put(skb,
 734                                                        sizeof(*sensb_req));
 735
 736        sensb_req->cmd = DIGITAL_CMD_SENSB_REQ;
 737        sensb_req->afi = 0x00; /* All families and sub-families */
 738        sensb_req->param = DIGITAL_SENSB_N(0);
 739
 740        rc = digital_in_send_cmd(ddev, skb, 30, digital_in_recv_sensb_res,
 741                                 NULL);
 742        if (rc)
 743                kfree_skb(skb);
 744
 745        return rc;
 746}
 747
 748static void digital_in_recv_sensf_res(struct nfc_digital_dev *ddev, void *arg,
 749                                   struct sk_buff *resp)
 750{
 751        int rc;
 752        u8 proto;
 753        struct nfc_target target;
 754        struct digital_sensf_res *sensf_res;
 755
 756        if (IS_ERR(resp)) {
 757                rc = PTR_ERR(resp);
 758                resp = NULL;
 759                goto exit;
 760        }
 761
 762        if (resp->len < DIGITAL_SENSF_RES_MIN_LENGTH) {
 763                rc = -EIO;
 764                goto exit;
 765        }
 766
 767        if (!DIGITAL_DRV_CAPS_IN_CRC(ddev)) {
 768                rc = digital_skb_check_crc_f(resp);
 769                if (rc) {
 770                        PROTOCOL_ERR("6.4.1.8");
 771                        goto exit;
 772                }
 773        }
 774
 775        skb_pull(resp, 1);
 776
 777        memset(&target, 0, sizeof(struct nfc_target));
 778
 779        sensf_res = (struct digital_sensf_res *)resp->data;
 780
 781        memcpy(target.sensf_res, sensf_res, resp->len);
 782        target.sensf_res_len = resp->len;
 783
 784        memcpy(target.nfcid2, sensf_res->nfcid2, NFC_NFCID2_MAXSIZE);
 785        target.nfcid2_len = NFC_NFCID2_MAXSIZE;
 786
 787        if (target.nfcid2[0] == DIGITAL_SENSF_NFCID2_NFC_DEP_B1 &&
 788            target.nfcid2[1] == DIGITAL_SENSF_NFCID2_NFC_DEP_B2)
 789                proto = NFC_PROTO_NFC_DEP;
 790        else
 791                proto = NFC_PROTO_FELICA;
 792
 793        rc = digital_target_found(ddev, &target, proto);
 794
 795exit:
 796        dev_kfree_skb(resp);
 797
 798        if (rc)
 799                digital_poll_next_tech(ddev);
 800}
 801
 802int digital_in_send_sensf_req(struct nfc_digital_dev *ddev, u8 rf_tech)
 803{
 804        struct digital_sensf_req *sensf_req;
 805        struct sk_buff *skb;
 806        int rc;
 807        u8 size;
 808
 809        rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_RF_TECH, rf_tech);
 810        if (rc)
 811                return rc;
 812
 813        rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
 814                                     NFC_DIGITAL_FRAMING_NFCF);
 815        if (rc)
 816                return rc;
 817
 818        size = sizeof(struct digital_sensf_req);
 819
 820        skb = digital_skb_alloc(ddev, size);
 821        if (!skb)
 822                return -ENOMEM;
 823
 824        skb_put(skb, size);
 825
 826        sensf_req = (struct digital_sensf_req *)skb->data;
 827        sensf_req->cmd = DIGITAL_CMD_SENSF_REQ;
 828        sensf_req->sc1 = 0xFF;
 829        sensf_req->sc2 = 0xFF;
 830        sensf_req->rc = 0;
 831        sensf_req->tsn = 0;
 832
 833        *skb_push(skb, 1) = size + 1;
 834
 835        if (!DIGITAL_DRV_CAPS_IN_CRC(ddev))
 836                digital_skb_add_crc_f(skb);
 837
 838        rc = digital_in_send_cmd(ddev, skb, 30, digital_in_recv_sensf_res,
 839                                 NULL);
 840        if (rc)
 841                kfree_skb(skb);
 842
 843        return rc;
 844}
 845
 846static void digital_in_recv_iso15693_inv_res(struct nfc_digital_dev *ddev,
 847                void *arg, struct sk_buff *resp)
 848{
 849        struct digital_iso15693_inv_res *res;
 850        struct nfc_target *target = NULL;
 851        int rc;
 852
 853        if (IS_ERR(resp)) {
 854                rc = PTR_ERR(resp);
 855                resp = NULL;
 856                goto out_free_skb;
 857        }
 858
 859        if (resp->len != sizeof(*res)) {
 860                rc = -EIO;
 861                goto out_free_skb;
 862        }
 863
 864        res = (struct digital_iso15693_inv_res *)resp->data;
 865
 866        if (!DIGITAL_ISO15693_RES_IS_VALID(res->flags)) {
 867                PROTOCOL_ERR("ISO15693 - 10.3.1");
 868                rc = -EINVAL;
 869                goto out_free_skb;
 870        }
 871
 872        target = kzalloc(sizeof(*target), GFP_KERNEL);
 873        if (!target) {
 874                rc = -ENOMEM;
 875                goto out_free_skb;
 876        }
 877
 878        target->is_iso15693 = 1;
 879        target->iso15693_dsfid = res->dsfid;
 880        memcpy(target->iso15693_uid, &res->uid, sizeof(target->iso15693_uid));
 881
 882        rc = digital_target_found(ddev, target, NFC_PROTO_ISO15693);
 883
 884        kfree(target);
 885
 886out_free_skb:
 887        dev_kfree_skb(resp);
 888
 889        if (rc)
 890                digital_poll_next_tech(ddev);
 891}
 892
 893int digital_in_send_iso15693_inv_req(struct nfc_digital_dev *ddev, u8 rf_tech)
 894{
 895        struct digital_iso15693_inv_req *req;
 896        struct sk_buff *skb;
 897        int rc;
 898
 899        rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_RF_TECH,
 900                                     NFC_DIGITAL_RF_TECH_ISO15693);
 901        if (rc)
 902                return rc;
 903
 904        rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
 905                                     NFC_DIGITAL_FRAMING_ISO15693_INVENTORY);
 906        if (rc)
 907                return rc;
 908
 909        skb = digital_skb_alloc(ddev, sizeof(*req));
 910        if (!skb)
 911                return -ENOMEM;
 912
 913        skb_put(skb, sizeof(*req) - sizeof(req->mask)); /* No mask */
 914        req = (struct digital_iso15693_inv_req *)skb->data;
 915
 916        /* Single sub-carrier, high data rate, no AFI, single slot
 917         * Inventory command
 918         */
 919        req->flags = DIGITAL_ISO15693_REQ_FLAG_DATA_RATE |
 920                     DIGITAL_ISO15693_REQ_FLAG_INVENTORY |
 921                     DIGITAL_ISO15693_REQ_FLAG_NB_SLOTS;
 922        req->cmd = DIGITAL_CMD_ISO15693_INVENTORY_REQ;
 923        req->mask_len = 0;
 924
 925        rc = digital_in_send_cmd(ddev, skb, 30,
 926                                 digital_in_recv_iso15693_inv_res, NULL);
 927        if (rc)
 928                kfree_skb(skb);
 929
 930        return rc;
 931}
 932
 933static int digital_tg_send_sel_res(struct nfc_digital_dev *ddev)
 934{
 935        struct sk_buff *skb;
 936        int rc;
 937
 938        skb = digital_skb_alloc(ddev, 1);
 939        if (!skb)
 940                return -ENOMEM;
 941
 942        *skb_put(skb, 1) = DIGITAL_SEL_RES_NFC_DEP;
 943
 944        if (!DIGITAL_DRV_CAPS_TG_CRC(ddev))
 945                digital_skb_add_crc_a(skb);
 946
 947        rc = digital_tg_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
 948                                     NFC_DIGITAL_FRAMING_NFCA_ANTICOL_COMPLETE);
 949        if (rc) {
 950                kfree_skb(skb);
 951                return rc;
 952        }
 953
 954        rc = digital_tg_send_cmd(ddev, skb, 300, digital_tg_recv_atr_req,
 955                                 NULL);
 956        if (rc)
 957                kfree_skb(skb);
 958
 959        return rc;
 960}
 961
 962static void digital_tg_recv_sel_req(struct nfc_digital_dev *ddev, void *arg,
 963                                    struct sk_buff *resp)
 964{
 965        int rc;
 966
 967        if (IS_ERR(resp)) {
 968                rc = PTR_ERR(resp);
 969                resp = NULL;
 970                goto exit;
 971        }
 972
 973        if (!DIGITAL_DRV_CAPS_TG_CRC(ddev)) {
 974                rc = digital_skb_check_crc_a(resp);
 975                if (rc) {
 976                        PROTOCOL_ERR("4.4.1.3");
 977                        goto exit;
 978                }
 979        }
 980
 981        /* Silently ignore SEL_REQ content and send a SEL_RES for NFC-DEP */
 982
 983        rc = digital_tg_send_sel_res(ddev);
 984
 985exit:
 986        if (rc)
 987                digital_poll_next_tech(ddev);
 988
 989        dev_kfree_skb(resp);
 990}
 991
 992static int digital_tg_send_sdd_res(struct nfc_digital_dev *ddev)
 993{
 994        struct sk_buff *skb;
 995        struct digital_sdd_res *sdd_res;
 996        int rc, i;
 997
 998        skb = digital_skb_alloc(ddev, sizeof(struct digital_sdd_res));
 999        if (!skb)
1000                return -ENOMEM;

1001
1002        skb_put(skb, sizeof(struct digital_sdd_res));
1003        sdd_res = (struct digital_sdd_res *)skb->data;
1004
1005        sdd_res->nfcid1[0] = 0x08;
1006        get_random_bytes(sdd_res->nfcid1 + 1, 3);
1007
1008        sdd_res->bcc = 0;
1009        for (i = 0; i < 4; i++)
1010                sdd_res->bcc ^= sdd_res->nfcid1[i];
1011
1012        rc = digital_tg_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
1013                                NFC_DIGITAL_FRAMING_NFCA_STANDARD_WITH_CRC_A);
1014        if (rc) {
1015                kfree_skb(skb);
1016                return rc;
1017        }
1018
1019        rc = digital_tg_send_cmd(ddev, skb, 300, digital_tg_recv_sel_req,
1020                                 NULL);
1021        if (rc)
1022                kfree_skb(skb);
1023
1024        return rc;
1025}
1026
1027static void digital_tg_recv_sdd_req(struct nfc_digital_dev *ddev, void *arg,
1028                                    struct sk_buff *resp)
1029{
1030        u8 *sdd_req;
1031        int rc;
1032
1033        if (IS_ERR(resp)) {
1034                rc = PTR_ERR(resp);
1035                resp = NULL;
1036                goto exit;
1037        }
1038
1039        sdd_req = resp->data;
1040
1041        if (resp->len < 2 || sdd_req[0] != DIGITAL_CMD_SEL_REQ_CL1 ||
1042            sdd_req[1] != DIGITAL_SDD_REQ_SEL_PAR) {
1043                rc = -EINVAL;
1044                goto exit;
1045        }
1046
1047        rc = digital_tg_send_sdd_res(ddev);
1048
1049exit:
1050        if (rc)
1051                digital_poll_next_tech(ddev);
1052
1053        dev_kfree_skb(resp);
1054}
1055
1056static int digital_tg_send_sens_res(struct nfc_digital_dev *ddev)
1057{
1058        struct sk_buff *skb;
1059        u8 *sens_res;
1060        int rc;
1061
1062        skb = digital_skb_alloc(ddev, 2);
1063        if (!skb)
1064                return -ENOMEM;
1065
1066        sens_res = skb_put(skb, 2);
1067
1068        sens_res[0] = (DIGITAL_SENS_RES_NFC_DEP >> 8) & 0xFF;
1069        sens_res[1] = DIGITAL_SENS_RES_NFC_DEP & 0xFF;
1070
1071        rc = digital_tg_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
1072                                     NFC_DIGITAL_FRAMING_NFCA_STANDARD);
1073        if (rc) {
1074                kfree_skb(skb);
1075                return rc;
1076        }
1077
1078        rc = digital_tg_send_cmd(ddev, skb, 300, digital_tg_recv_sdd_req,
1079                                 NULL);
1080        if (rc)
1081                kfree_skb(skb);
1082
1083        return rc;
1084}
1085
1086void digital_tg_recv_sens_req(struct nfc_digital_dev *ddev, void *arg,
1087                              struct sk_buff *resp)
1088{
1089        u8 sens_req;
1090        int rc;
1091
1092        if (IS_ERR(resp)) {
1093                rc = PTR_ERR(resp);
1094                resp = NULL;
1095                goto exit;
1096        }
1097
1098        sens_req = resp->data[0];
1099
1100        if (!resp->len || (sens_req != DIGITAL_CMD_SENS_REQ &&
1101            sens_req != DIGITAL_CMD_ALL_REQ)) {
1102                rc = -EINVAL;
1103                goto exit;
1104        }
1105
1106        rc = digital_tg_send_sens_res(ddev);
1107
1108exit:
1109        if (rc)
1110                digital_poll_next_tech(ddev);
1111
1112        dev_kfree_skb(resp);
1113}
1114
1115static void digital_tg_recv_atr_or_sensf_req(struct nfc_digital_dev *ddev,
1116                void *arg, struct sk_buff *resp)
1117{
1118        if (!IS_ERR(resp) && (resp->len >= 2) &&
1119                        (resp->data[1] == DIGITAL_CMD_SENSF_REQ))
1120                digital_tg_recv_sensf_req(ddev, arg, resp);
1121        else
1122                digital_tg_recv_atr_req(ddev, arg, resp);
1123
1124        return;
1125}
1126
1127static int digital_tg_send_sensf_res(struct nfc_digital_dev *ddev,
1128                              struct digital_sensf_req *sensf_req)
1129{
1130        struct sk_buff *skb;
1131        u8 size;
1132        int rc;
1133        struct digital_sensf_res *sensf_res;
1134
1135        size = sizeof(struct digital_sensf_res);
1136
1137        if (sensf_req->rc == DIGITAL_SENSF_REQ_RC_NONE)
1138                size -= sizeof(sensf_res->rd);
1139
1140        skb = digital_skb_alloc(ddev, size);
1141        if (!skb)
1142                return -ENOMEM;
1143
1144        skb_put(skb, size);
1145
1146        sensf_res = (struct digital_sensf_res *)skb->data;
1147
1148        memset(sensf_res, 0, size);
1149
1150        sensf_res->cmd = DIGITAL_CMD_SENSF_RES;
1151        sensf_res->nfcid2[0] = DIGITAL_SENSF_NFCID2_NFC_DEP_B1;
1152        sensf_res->nfcid2[1] = DIGITAL_SENSF_NFCID2_NFC_DEP_B2;
1153        get_random_bytes(&sensf_res->nfcid2[2], 6);
1154
1155        switch (sensf_req->rc) {
1156        case DIGITAL_SENSF_REQ_RC_SC:
1157                sensf_res->rd[0] = sensf_req->sc1;
1158                sensf_res->rd[1] = sensf_req->sc2;
1159                break;
1160        case DIGITAL_SENSF_REQ_RC_AP:
1161                sensf_res->rd[0] = DIGITAL_SENSF_RES_RD_AP_B1;
1162                sensf_res->rd[1] = DIGITAL_SENSF_RES_RD_AP_B2;
1163                break;
1164        }
1165
1166        *skb_push(skb, sizeof(u8)) = size + 1;
1167
1168        if (!DIGITAL_DRV_CAPS_TG_CRC(ddev))
1169                digital_skb_add_crc_f(skb);
1170
1171        rc = digital_tg_send_cmd(ddev, skb, 300,
1172                                 digital_tg_recv_atr_or_sensf_req, NULL);
1173        if (rc)
1174                kfree_skb(skb);
1175
1176        return rc;
1177}
1178
1179void digital_tg_recv_sensf_req(struct nfc_digital_dev *ddev, void *arg,
1180                               struct sk_buff *resp)
1181{
1182        struct digital_sensf_req *sensf_req;
1183        int rc;
1184
1185        if (IS_ERR(resp)) {
1186                rc = PTR_ERR(resp);
1187                resp = NULL;
1188                goto exit;
1189        }
1190
1191        if (!DIGITAL_DRV_CAPS_TG_CRC(ddev)) {
1192                rc = digital_skb_check_crc_f(resp);
1193                if (rc) {
1194                        PROTOCOL_ERR("6.4.1.8");
1195                        goto exit;
1196                }
1197        }
1198
1199        if (resp->len != sizeof(struct digital_sensf_req) + 1) {
1200                rc = -EINVAL;
1201                goto exit;
1202        }
1203
1204        skb_pull(resp, 1);
1205        sensf_req = (struct digital_sensf_req *)resp->data;
1206
1207        if (sensf_req->cmd != DIGITAL_CMD_SENSF_REQ) {
1208                rc = -EINVAL;
1209                goto exit;
1210        }
1211
1212        rc = digital_tg_send_sensf_res(ddev, sensf_req);
1213
1214exit:
1215        if (rc)
1216                digital_poll_next_tech(ddev);
1217
1218        dev_kfree_skb(resp);
1219}
1220
1221static int digital_tg_config_nfca(struct nfc_digital_dev *ddev)
1222{
1223        int rc;
1224
1225        rc = digital_tg_configure_hw(ddev, NFC_DIGITAL_CONFIG_RF_TECH,
1226                                     NFC_DIGITAL_RF_TECH_106A);
1227        if (rc)
1228                return rc;
1229
1230        return digital_tg_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
1231                                       NFC_DIGITAL_FRAMING_NFCA_NFC_DEP);
1232}
1233
1234int digital_tg_listen_nfca(struct nfc_digital_dev *ddev, u8 rf_tech)
1235{
1236        int rc;
1237
1238        rc = digital_tg_config_nfca(ddev);
1239        if (rc)
1240                return rc;
1241
1242        return digital_tg_listen(ddev, 300, digital_tg_recv_sens_req, NULL);
1243}
1244
1245static int digital_tg_config_nfcf(struct nfc_digital_dev *ddev, u8 rf_tech)
1246{
1247        int rc;
1248
1249        rc = digital_tg_configure_hw(ddev, NFC_DIGITAL_CONFIG_RF_TECH, rf_tech);
1250        if (rc)
1251                return rc;
1252
1253        return digital_tg_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
1254                                       NFC_DIGITAL_FRAMING_NFCF_NFC_DEP);
1255}
1256
1257int digital_tg_listen_nfcf(struct nfc_digital_dev *ddev, u8 rf_tech)
1258{
1259        int rc;
1260        u8 *nfcid2;
1261
1262        rc = digital_tg_config_nfcf(ddev, rf_tech);
1263        if (rc)
1264                return rc;
1265
1266        nfcid2 = kzalloc(NFC_NFCID2_MAXSIZE, GFP_KERNEL);
1267        if (!nfcid2)
1268                return -ENOMEM;
1269
1270        nfcid2[0] = DIGITAL_SENSF_NFCID2_NFC_DEP_B1;
1271        nfcid2[1] = DIGITAL_SENSF_NFCID2_NFC_DEP_B2;
1272        get_random_bytes(nfcid2 + 2, NFC_NFCID2_MAXSIZE - 2);
1273
1274        return digital_tg_listen(ddev, 300, digital_tg_recv_sensf_req, nfcid2);
1275}
1276
1277void digital_tg_recv_md_req(struct nfc_digital_dev *ddev, void *arg,
1278                            struct sk_buff *resp)
1279{
1280        u8 rf_tech;
1281        int rc;
1282
1283        if (IS_ERR(resp)) {
1284                resp = NULL;
1285                goto exit_free_skb;
1286        }
1287
1288        rc = ddev->ops->tg_get_rf_tech(ddev, &rf_tech);
1289        if (rc)
1290                goto exit_free_skb;
1291
1292        switch (rf_tech) {
1293        case NFC_DIGITAL_RF_TECH_106A:
1294                rc = digital_tg_config_nfca(ddev);
1295                if (rc)
1296                        goto exit_free_skb;
1297                digital_tg_recv_sens_req(ddev, arg, resp);
1298                break;
1299        case NFC_DIGITAL_RF_TECH_212F:
1300        case NFC_DIGITAL_RF_TECH_424F:
1301                rc = digital_tg_config_nfcf(ddev, rf_tech);
1302                if (rc)
1303                        goto exit_free_skb;
1304                digital_tg_recv_sensf_req(ddev, arg, resp);
1305                break;
1306        default:
1307                goto exit_free_skb;
1308        }
1309
1310        return;
1311
1312exit_free_skb:
1313        digital_poll_next_tech(ddev);
1314        dev_kfree_skb(resp);
1315}
1316