net/nfc/digital_technology.c

   1 // SPDX-License-Identifier: GPL-2.0-only
   2 /*
   3  * NFC Digital Protocol stack
   4  * Copyright (c) 2013, Intel Corporation.
   5  */
   6
   7 #define pr_fmt(fmt) "digital: %s: " fmt, __func__
   8
   9 #include "digital.h"
  10
  11 #define DIGITAL_CMD_SENS_REQ    0x26
  12 #define DIGITAL_CMD_ALL_REQ     0x52
  13 #define DIGITAL_CMD_SEL_REQ_CL1 0x93
  14 #define DIGITAL_CMD_SEL_REQ_CL2 0x95
  15 #define DIGITAL_CMD_SEL_REQ_CL3 0x97
  16
  17 #define DIGITAL_SDD_REQ_SEL_PAR 0x20
  18
  19 #define DIGITAL_SDD_RES_CT  0x88
  20 #define DIGITAL_SDD_RES_LEN 5
  21 #define DIGITAL_SEL_RES_LEN 1
  22
  23 #define DIGITAL_SEL_RES_NFCID1_COMPLETE(sel_res) (!((sel_res) & 0x04))
  24 #define DIGITAL_SEL_RES_IS_T2T(sel_res) (!((sel_res) & 0x60))
  25 #define DIGITAL_SEL_RES_IS_T4T(sel_res) ((sel_res) & 0x20)
  26 #define DIGITAL_SEL_RES_IS_NFC_DEP(sel_res) ((sel_res) & 0x40)
  27
  28 #define DIGITAL_SENS_RES_IS_T1T(sens_res) (((sens_res) & 0x0C00) == 0x0C00)
  29 #define DIGITAL_SENS_RES_IS_VALID(sens_res) \
  30         ((!((sens_res) & 0x001F) && (((sens_res) & 0x0C00) == 0x0C00)) || \
  31         (((sens_res) & 0x001F) && ((sens_res) & 0x0C00) != 0x0C00))
  32
  33 #define DIGITAL_MIFARE_READ_RES_LEN 16
  34 #define DIGITAL_MIFARE_ACK_RES  0x0A
  35
  36 #define DIGITAL_CMD_SENSB_REQ                   0x05
  37 #define DIGITAL_SENSB_ADVANCED                  BIT(5)
  38 #define DIGITAL_SENSB_EXTENDED                  BIT(4)
  39 #define DIGITAL_SENSB_ALLB_REQ                  BIT(3)
  40 #define DIGITAL_SENSB_N(n)                      ((n) & 0x7)
  41
  42 #define DIGITAL_CMD_SENSB_RES                   0x50
  43
  44 #define DIGITAL_CMD_ATTRIB_REQ                  0x1D
  45 #define DIGITAL_ATTRIB_P1_TR0_DEFAULT           (0x0 << 6)
  46 #define DIGITAL_ATTRIB_P1_TR1_DEFAULT           (0x0 << 4)
  47 #define DIGITAL_ATTRIB_P1_SUPRESS_EOS           BIT(3)
  48 #define DIGITAL_ATTRIB_P1_SUPRESS_SOS           BIT(2)
  49 #define DIGITAL_ATTRIB_P2_LISTEN_POLL_1         (0x0 << 6)
  50 #define DIGITAL_ATTRIB_P2_POLL_LISTEN_1         (0x0 << 4)
  51 #define DIGITAL_ATTRIB_P2_MAX_FRAME_256         0x8
  52 #define DIGITAL_ATTRIB_P4_DID(n)                ((n) & 0xf)
  53
  54 #define DIGITAL_CMD_SENSF_REQ   0x00
  55 #define DIGITAL_CMD_SENSF_RES   0x01
  56
  57 #define DIGITAL_SENSF_RES_MIN_LENGTH 17
  58 #define DIGITAL_SENSF_RES_RD_AP_B1   0x00
  59 #define DIGITAL_SENSF_RES_RD_AP_B2   0x8F
  60
  61 #define DIGITAL_SENSF_REQ_RC_NONE 0
  62 #define DIGITAL_SENSF_REQ_RC_SC   1
  63 #define DIGITAL_SENSF_REQ_RC_AP   2
  64
  65 #define DIGITAL_CMD_ISO15693_INVENTORY_REQ      0x01
  66
  67 #define DIGITAL_ISO15693_REQ_FLAG_DATA_RATE     BIT(1)
  68 #define DIGITAL_ISO15693_REQ_FLAG_INVENTORY     BIT(2)
  69 #define DIGITAL_ISO15693_REQ_FLAG_NB_SLOTS      BIT(5)
  70 #define DIGITAL_ISO15693_RES_FLAG_ERROR         BIT(0)
  71 #define DIGITAL_ISO15693_RES_IS_VALID(flags) \
  72         (!((flags) & DIGITAL_ISO15693_RES_FLAG_ERROR))
  73
  74 #define DIGITAL_ISO_DEP_I_PCB    0x02
  75 #define DIGITAL_ISO_DEP_PNI(pni) ((pni) & 0x01)
  76
  77 #define DIGITAL_ISO_DEP_PCB_TYPE(pcb) ((pcb) & 0xC0)
  78
  79 #define DIGITAL_ISO_DEP_I_BLOCK 0x00
  80
  81 #define DIGITAL_ISO_DEP_BLOCK_HAS_DID(pcb) ((pcb) & 0x08)
  82
  83 static const u8 digital_ats_fsc[] = {
  84          16,  24,  32,  40,  48,  64,  96, 128,
  85 };
  86
  87 #define DIGITAL_ATS_FSCI(t0) ((t0) & 0x0F)
  88 #define DIGITAL_SENSB_FSCI(pi2) (((pi2) & 0xF0) >> 4)
  89 #define DIGITAL_ATS_MAX_FSC  256
  90
  91 #define DIGITAL_RATS_BYTE1 0xE0
  92 #define DIGITAL_RATS_PARAM 0x80
  93
  94 struct digital_sdd_res {
  95         u8 nfcid1[4];
  96         u8 bcc;
  97 } __packed;
  98
  99 struct digital_sel_req {
 100         u8 sel_cmd;
 101         u8 b2;
 102         u8 nfcid1[4];
 103         u8 bcc;
 104 } __packed;
 105
 106 struct digital_sensb_req {
 107         u8 cmd;
 108         u8 afi;
 109         u8 param;
 110 } __packed;
 111
 112 struct digital_sensb_res {
 113         u8 cmd;
 114         u8 nfcid0[4];
 115         u8 app_data[4];
 116         u8 proto_info[3];
 117 } __packed;
 118
 119 struct digital_attrib_req {
 120         u8 cmd;
 121         u8 nfcid0[4];
 122         u8 param1;
 123         u8 param2;
 124         u8 param3;
 125         u8 param4;
 126 } __packed;
 127
 128 struct digital_attrib_res {
 129         u8 mbli_did;
 130 } __packed;
 131
 132 struct digital_sensf_req {
 133         u8 cmd;
 134         u8 sc1;
 135         u8 sc2;
 136         u8 rc;
 137         u8 tsn;
 138 } __packed;
 139
 140 struct digital_sensf_res {
 141         u8 cmd;
 142         u8 nfcid2[8];
 143         u8 pad0[2];
 144         u8 pad1[3];
 145         u8 mrti_check;
 146         u8 mrti_update;
 147         u8 pad2;
 148         u8 rd[2];
 149 } __packed;
 150
 151 struct digital_iso15693_inv_req {
 152         u8 flags;
 153         u8 cmd;
 154         u8 mask_len;
 155         u64 mask;
 156 } __packed;
 157
 158 struct digital_iso15693_inv_res {
 159         u8 flags;
 160         u8 dsfid;
 161         u64 uid;
 162 } __packed;
 163
 164 static int digital_in_send_sdd_req(struct nfc_digital_dev *ddev,
 165                                    struct nfc_target *target);
 166
 167 int digital_in_iso_dep_pull_sod(struct nfc_digital_dev *ddev,
 168                                 struct sk_buff *skb)
 169 {
 170         u8 pcb;
 171         u8 block_type;
 172
 173         if (skb->len < 1)
 174                 return -EIO;
 175
 176         pcb = *skb->data;
 177         block_type = DIGITAL_ISO_DEP_PCB_TYPE(pcb);
 178
 179         /* No support fo R-block nor S-block */
 180         if (block_type != DIGITAL_ISO_DEP_I_BLOCK) {
 181                 pr_err("ISO_DEP R-block and S-block not supported\n");
 182                 return -EIO;
 183         }
 184
 185         if (DIGITAL_ISO_DEP_BLOCK_HAS_DID(pcb)) {
 186                 pr_err("DID field in ISO_DEP PCB not supported\n");
 187                 return -EIO;
 188         }
 189
 190         skb_pull(skb, 1);
 191
 192         return 0;
 193 }
 194
 195 int digital_in_iso_dep_push_sod(struct nfc_digital_dev *ddev,
 196                                 struct sk_buff *skb)
 197 {
 198         /*
 199          * Chaining not supported so skb->len + 1 PCB byte + 2 CRC bytes must
 200          * not be greater than remote FSC
 201          */
 202         if (skb->len + 3 > ddev->target_fsc)
 203                 return -EIO;
 204
 205         skb_push(skb, 1);
 206
 207         *skb->data = DIGITAL_ISO_DEP_I_PCB | ddev->curr_nfc_dep_pni;
 208
 209         ddev->curr_nfc_dep_pni =
 210                 DIGITAL_ISO_DEP_PNI(ddev->curr_nfc_dep_pni + 1);
 211
 212         return 0;
 213 }
 214
 215 static void digital_in_recv_ats(struct nfc_digital_dev *ddev, void *arg,
 216                                 struct sk_buff *resp)
 217 {
 218         struct nfc_target *target = arg;
 219         u8 fsdi;
 220         int rc;
 221
 222         if (IS_ERR(resp)) {
 223                 rc = PTR_ERR(resp);
 224                 resp = NULL;
 225                 goto exit;
 226         }
 227
 228         if (resp->len < 2) {
 229                 rc = -EIO;
 230                 goto exit;
 231         }
 232
 233         fsdi = DIGITAL_ATS_FSCI(resp->data[1]);
 234         if (fsdi >= 8)
 235                 ddev->target_fsc = DIGITAL_ATS_MAX_FSC;
 236         else
 237                 ddev->target_fsc = digital_ats_fsc[fsdi];
 238
 239         ddev->curr_nfc_dep_pni = 0;
 240
 241         rc = digital_target_found(ddev, target, NFC_PROTO_ISO14443);
 242
 243 exit:
 244         dev_kfree_skb(resp);
 245         kfree(target);
 246
 247         if (rc)
 248                 digital_poll_next_tech(ddev);
 249 }
 250
 251 static int digital_in_send_rats(struct nfc_digital_dev *ddev,
 252                                 struct nfc_target *target)
 253 {
 254         int rc;
 255         struct sk_buff *skb;
 256
 257         skb = digital_skb_alloc(ddev, 2);
 258         if (!skb)
 259                 return -ENOMEM;
 260
 261         skb_put_u8(skb, DIGITAL_RATS_BYTE1);
 262         skb_put_u8(skb, DIGITAL_RATS_PARAM);
 263
 264         rc = digital_in_send_cmd(ddev, skb, 30, digital_in_recv_ats,
 265                                  target);
 266         if (rc)
 267                 kfree_skb(skb);
 268
 269         return rc;
 270 }
 271
 272 static void digital_in_recv_sel_res(struct nfc_digital_dev *ddev, void *arg,
 273                                     struct sk_buff *resp)
 274 {
 275         struct nfc_target *target = arg;
 276         int rc;
 277         u8 sel_res;
 278         u8 nfc_proto;
 279
 280         if (IS_ERR(resp)) {
 281                 rc = PTR_ERR(resp);
 282                 resp = NULL;
 283                 goto exit;
 284         }
 285
 286         if (!DIGITAL_DRV_CAPS_IN_CRC(ddev)) {
 287                 rc = digital_skb_check_crc_a(resp);
 288                 if (rc) {
 289                         PROTOCOL_ERR("4.4.1.3");
 290                         goto exit;
 291                 }
 292         }
 293
 294         if (resp->len != DIGITAL_SEL_RES_LEN) {
 295                 rc = -EIO;
 296                 goto exit;
 297         }
 298
 299         sel_res = resp->data[0];
 300
 301         if (!DIGITAL_SEL_RES_NFCID1_COMPLETE(sel_res)) {
 302                 rc = digital_in_send_sdd_req(ddev, target);
 303                 if (rc)
 304                         goto exit;
 305
 306                 goto exit_free_skb;
 307         }
 308
 309         target->sel_res = sel_res;
 310
 311         if (DIGITAL_SEL_RES_IS_T2T(sel_res)) {
 312                 nfc_proto = NFC_PROTO_MIFARE;
 313         } else if (DIGITAL_SEL_RES_IS_NFC_DEP(sel_res)) {
 314                 nfc_proto = NFC_PROTO_NFC_DEP;
 315         } else if (DIGITAL_SEL_RES_IS_T4T(sel_res)) {
 316                 rc = digital_in_send_rats(ddev, target);
 317                 if (rc)
 318                         goto exit;
 319                 /*
 320                  * Skip target_found and don't free it for now. This will be
 321                  * done when receiving the ATS
 322                  */
 323                 goto exit_free_skb;
 324         } else {
 325                 rc = -EOPNOTSUPP;
 326                 goto exit;
 327         }
 328
 329         rc = digital_target_found(ddev, target, nfc_proto);
 330
 331 exit:
 332         kfree(target);
 333
 334 exit_free_skb:
 335         dev_kfree_skb(resp);
 336
 337         if (rc)
 338                 digital_poll_next_tech(ddev);
 339 }
 340
 341 static int digital_in_send_sel_req(struct nfc_digital_dev *ddev,
 342                                    struct nfc_target *target,
 343                                    struct digital_sdd_res *sdd_res)
 344 {
 345         struct sk_buff *skb;
 346         struct digital_sel_req *sel_req;
 347         u8 sel_cmd;
 348         int rc;
 349
 350         skb = digital_skb_alloc(ddev, sizeof(struct digital_sel_req));
 351         if (!skb)
 352                 return -ENOMEM;
 353
 354         skb_put(skb, sizeof(struct digital_sel_req));
 355         sel_req = (struct digital_sel_req *)skb->data;
 356
 357         if (target->nfcid1_len <= 4)
 358                 sel_cmd = DIGITAL_CMD_SEL_REQ_CL1;
 359         else if (target->nfcid1_len < 10)
 360                 sel_cmd = DIGITAL_CMD_SEL_REQ_CL2;
 361         else
 362                 sel_cmd = DIGITAL_CMD_SEL_REQ_CL3;
 363
 364         sel_req->sel_cmd = sel_cmd;
 365         sel_req->b2 = 0x70;
 366         memcpy(sel_req->nfcid1, sdd_res->nfcid1, 4);
 367         sel_req->bcc = sdd_res->bcc;
 368
 369         if (DIGITAL_DRV_CAPS_IN_CRC(ddev)) {
 370                 rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
 371                                 NFC_DIGITAL_FRAMING_NFCA_STANDARD_WITH_CRC_A);
 372                 if (rc)
 373                         goto exit;
 374         } else {
 375                 digital_skb_add_crc_a(skb);
 376         }
 377
 378         rc = digital_in_send_cmd(ddev, skb, 30, digital_in_recv_sel_res,
 379                                  target);
 380 exit:
 381         if (rc)
 382                 kfree_skb(skb);
 383
 384         return rc;
 385 }
 386
 387 static void digital_in_recv_sdd_res(struct nfc_digital_dev *ddev, void *arg,
 388                                     struct sk_buff *resp)
 389 {
 390         struct nfc_target *target = arg;
 391         struct digital_sdd_res *sdd_res;
 392         int rc;
 393         u8 offset, size;
 394         u8 i, bcc;
 395
 396         if (IS_ERR(resp)) {
 397                 rc = PTR_ERR(resp);
 398                 resp = NULL;
 399                 goto exit;
 400         }
 401
 402         if (resp->len < DIGITAL_SDD_RES_LEN) {
 403                 PROTOCOL_ERR("4.7.2.8");
 404                 rc = -EINVAL;
 405                 goto exit;
 406         }
 407
 408         sdd_res = (struct digital_sdd_res *)resp->data;
 409
 410         for (i = 0, bcc = 0; i < 4; i++)
 411                 bcc ^= sdd_res->nfcid1[i];
 412
 413         if (bcc != sdd_res->bcc) {
 414                 PROTOCOL_ERR("4.7.2.6");
 415                 rc = -EINVAL;
 416                 goto exit;
 417         }
 418
 419         if (sdd_res->nfcid1[0] == DIGITAL_SDD_RES_CT) {
 420                 offset = 1;
 421                 size = 3;
 422         } else {
 423                 offset = 0;
 424                 size = 4;
 425         }
 426
 427         memcpy(target->nfcid1 + target->nfcid1_len, sdd_res->nfcid1 + offset,
 428                size);
 429         target->nfcid1_len += size;
 430
 431         rc = digital_in_send_sel_req(ddev, target, sdd_res);
 432
 433 exit:
 434         dev_kfree_skb(resp);
 435
 436         if (rc) {
 437                 kfree(target);
 438                 digital_poll_next_tech(ddev);
 439         }
 440 }
 441
 442 static int digital_in_send_sdd_req(struct nfc_digital_dev *ddev,
 443                                    struct nfc_target *target)
 444 {
 445         int rc;
 446         struct sk_buff *skb;
 447         u8 sel_cmd;
 448
 449         rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
 450                                      NFC_DIGITAL_FRAMING_NFCA_STANDARD);
 451         if (rc)
 452                 return rc;
 453
 454         skb = digital_skb_alloc(ddev, 2);
 455         if (!skb)
 456                 return -ENOMEM;
 457
 458         if (target->nfcid1_len == 0)
 459                 sel_cmd = DIGITAL_CMD_SEL_REQ_CL1;
 460         else if (target->nfcid1_len == 3)
 461                 sel_cmd = DIGITAL_CMD_SEL_REQ_CL2;
 462         else
 463                 sel_cmd = DIGITAL_CMD_SEL_REQ_CL3;
 464
 465         skb_put_u8(skb, sel_cmd);
 466         skb_put_u8(skb, DIGITAL_SDD_REQ_SEL_PAR);
 467
 468         rc = digital_in_send_cmd(ddev, skb, 30, digital_in_recv_sdd_res,
 469                                  target);
 470         if (rc)
 471                 kfree_skb(skb);
 472
 473         return rc;
 474 }
 475
 476 static void digital_in_recv_sens_res(struct nfc_digital_dev *ddev, void *arg,
 477                                      struct sk_buff *resp)
 478 {
 479         struct nfc_target *target = NULL;
 480         int rc;
 481
 482         if (IS_ERR(resp)) {
 483                 rc = PTR_ERR(resp);
 484                 resp = NULL;
 485                 goto exit;
 486         }
 487
 488         if (resp->len < sizeof(u16)) {
 489                 rc = -EIO;
 490                 goto exit;
 491         }
 492
 493         target = kzalloc(sizeof(struct nfc_target), GFP_KERNEL);
 494         if (!target) {
 495                 rc = -ENOMEM;
 496                 goto exit;
 497         }
 498
 499         target->sens_res = __le16_to_cpu(*(__le16 *)resp->data);
 500
 501         if (!DIGITAL_SENS_RES_IS_VALID(target->sens_res)) {
 502                 PROTOCOL_ERR("4.6.3.3");
 503                 rc = -EINVAL;
 504                 goto exit;
 505         }
 506
 507         if (DIGITAL_SENS_RES_IS_T1T(target->sens_res))
 508                 rc = digital_target_found(ddev, target, NFC_PROTO_JEWEL);
 509         else
 510                 rc = digital_in_send_sdd_req(ddev, target);
 511
 512 exit:
 513         dev_kfree_skb(resp);
 514
 515         if (rc) {
 516                 kfree(target);
 517                 digital_poll_next_tech(ddev);
 518         }
 519 }
 520
 521 int digital_in_send_sens_req(struct nfc_digital_dev *ddev, u8 rf_tech)
 522 {
 523         struct sk_buff *skb;
 524         int rc;
 525
 526         rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_RF_TECH,
 527                                      NFC_DIGITAL_RF_TECH_106A);
 528         if (rc)
 529                 return rc;
 530
 531         rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
 532                                      NFC_DIGITAL_FRAMING_NFCA_SHORT);
 533         if (rc)
 534                 return rc;
 535
 536         skb = digital_skb_alloc(ddev, 1);
 537         if (!skb)
 538                 return -ENOMEM;
 539
 540         skb_put_u8(skb, DIGITAL_CMD_SENS_REQ);
 541
 542         rc = digital_in_send_cmd(ddev, skb, 30, digital_in_recv_sens_res, NULL);
 543         if (rc)
 544                 kfree_skb(skb);
 545
 546         return rc;
 547 }
 548
 549 int digital_in_recv_mifare_res(struct sk_buff *resp)
 550 {
 551         /* Successful READ command response is 16 data bytes + 2 CRC bytes long.
 552          * Since the driver can't differentiate a ACK/NACK response from a valid
 553          * READ response, the CRC calculation must be handled at digital level
 554          * even if the driver supports it for this technology.
 555          */
 556         if (resp->len == DIGITAL_MIFARE_READ_RES_LEN + DIGITAL_CRC_LEN) {
 557                 if (digital_skb_check_crc_a(resp)) {
 558                         PROTOCOL_ERR("9.4.1.2");
 559                         return -EIO;
 560                 }
 561
 562                 return 0;
 563         }
 564
 565         /* ACK response (i.e. successful WRITE). */
 566         if (resp->len == 1 && resp->data[0] == DIGITAL_MIFARE_ACK_RES) {
 567                 resp->data[0] = 0;
 568                 return 0;
 569         }
 570
 571         /* NACK and any other responses are treated as error. */
 572         return -EIO;
 573 }
 574
 575 static void digital_in_recv_attrib_res(struct nfc_digital_dev *ddev, void *arg,
 576                                        struct sk_buff *resp)
 577 {
 578         struct nfc_target *target = arg;
 579         struct digital_attrib_res *attrib_res;
 580         int rc;
 581
 582         if (IS_ERR(resp)) {
 583                 rc = PTR_ERR(resp);
 584                 resp = NULL;
 585                 goto exit;
 586         }
 587
 588         if (resp->len < sizeof(*attrib_res)) {
 589                 PROTOCOL_ERR("12.6.2");
 590                 rc = -EIO;
 591                 goto exit;
 592         }
 593
 594         attrib_res = (struct digital_attrib_res *)resp->data;
 595
 596         if (attrib_res->mbli_did & 0x0f) {
 597                 PROTOCOL_ERR("12.6.2.1");
 598                 rc = -EIO;
 599                 goto exit;
 600         }
 601
 602         rc = digital_target_found(ddev, target, NFC_PROTO_ISO14443_B);
 603
 604 exit:
 605         dev_kfree_skb(resp);
 606         kfree(target);
 607
 608         if (rc)
 609                 digital_poll_next_tech(ddev);
 610 }
 611
 612 static int digital_in_send_attrib_req(struct nfc_digital_dev *ddev,
 613                                struct nfc_target *target,
 614                                struct digital_sensb_res *sensb_res)
 615 {
 616         struct digital_attrib_req *attrib_req;
 617         struct sk_buff *skb;
 618         int rc;
 619
 620         skb = digital_skb_alloc(ddev, sizeof(*attrib_req));
 621         if (!skb)
 622                 return -ENOMEM;
 623
 624         attrib_req = skb_put(skb, sizeof(*attrib_req));
 625
 626         attrib_req->cmd = DIGITAL_CMD_ATTRIB_REQ;
 627         memcpy(attrib_req->nfcid0, sensb_res->nfcid0,
 628                sizeof(attrib_req->nfcid0));
 629         attrib_req->param1 = DIGITAL_ATTRIB_P1_TR0_DEFAULT |
 630                              DIGITAL_ATTRIB_P1_TR1_DEFAULT;
 631         attrib_req->param2 = DIGITAL_ATTRIB_P2_LISTEN_POLL_1 |
 632                              DIGITAL_ATTRIB_P2_POLL_LISTEN_1 |
 633                              DIGITAL_ATTRIB_P2_MAX_FRAME_256;
 634         attrib_req->param3 = sensb_res->proto_info[1] & 0x07;
 635         attrib_req->param4 = DIGITAL_ATTRIB_P4_DID(0);
 636
 637         rc = digital_in_send_cmd(ddev, skb, 30, digital_in_recv_attrib_res,
 638                                  target);
 639         if (rc)
 640                 kfree_skb(skb);
 641
 642         return rc;
 643 }
 644
 645 static void digital_in_recv_sensb_res(struct nfc_digital_dev *ddev, void *arg,
 646                                       struct sk_buff *resp)
 647 {
 648         struct nfc_target *target = NULL;
 649         struct digital_sensb_res *sensb_res;
 650         u8 fsci;
 651         int rc;
 652
 653         if (IS_ERR(resp)) {
 654                 rc = PTR_ERR(resp);
 655                 resp = NULL;
 656                 goto exit;
 657         }
 658
 659         if (resp->len != sizeof(*sensb_res)) {
 660                 PROTOCOL_ERR("5.6.2.1");
 661                 rc = -EIO;
 662                 goto exit;
 663         }
 664
 665         sensb_res = (struct digital_sensb_res *)resp->data;
 666
 667         if (sensb_res->cmd != DIGITAL_CMD_SENSB_RES) {
 668                 PROTOCOL_ERR("5.6.2");
 669                 rc = -EIO;
 670                 goto exit;
 671         }
 672
 673         if (!(sensb_res->proto_info[1] & BIT(0))) {
 674                 PROTOCOL_ERR("5.6.2.12");
 675                 rc = -EIO;
 676                 goto exit;
 677         }
 678
 679         if (sensb_res->proto_info[1] & BIT(3)) {
 680                 PROTOCOL_ERR("5.6.2.16");
 681                 rc = -EIO;
 682                 goto exit;
 683         }
 684
 685         fsci = DIGITAL_SENSB_FSCI(sensb_res->proto_info[1]);
 686         if (fsci >= 8)
 687                 ddev->target_fsc = DIGITAL_ATS_MAX_FSC;
 688         else
 689                 ddev->target_fsc = digital_ats_fsc[fsci];
 690
 691         target = kzalloc(sizeof(struct nfc_target), GFP_KERNEL);
 692         if (!target) {
 693                 rc = -ENOMEM;
 694                 goto exit;
 695         }
 696
 697         rc = digital_in_send_attrib_req(ddev, target, sensb_res);
 698
 699 exit:
 700         dev_kfree_skb(resp);
 701
 702         if (rc) {
 703                 kfree(target);
 704                 digital_poll_next_tech(ddev);
 705         }
 706 }
 707
 708 int digital_in_send_sensb_req(struct nfc_digital_dev *ddev, u8 rf_tech)
 709 {
 710         struct digital_sensb_req *sensb_req;
 711         struct sk_buff *skb;
 712         int rc;
 713
 714         rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_RF_TECH,
 715                                      NFC_DIGITAL_RF_TECH_106B);
 716         if (rc)
 717                 return rc;
 718
 719         rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
 720                                      NFC_DIGITAL_FRAMING_NFCB);
 721         if (rc)
 722                 return rc;
 723
 724         skb = digital_skb_alloc(ddev, sizeof(*sensb_req));
 725         if (!skb)
 726                 return -ENOMEM;
 727
 728         sensb_req = skb_put(skb, sizeof(*sensb_req));
 729
 730         sensb_req->cmd = DIGITAL_CMD_SENSB_REQ;
 731         sensb_req->afi = 0x00; /* All families and sub-families */
 732         sensb_req->param = DIGITAL_SENSB_N(0);
 733
 734         rc = digital_in_send_cmd(ddev, skb, 30, digital_in_recv_sensb_res,
 735                                  NULL);
 736         if (rc)
 737                 kfree_skb(skb);
 738
 739         return rc;
 740 }
 741
 742 static void digital_in_recv_sensf_res(struct nfc_digital_dev *ddev, void *arg,
 743                                    struct sk_buff *resp)
 744 {
 745         int rc;
 746         u8 proto;
 747         struct nfc_target target;
 748         struct digital_sensf_res *sensf_res;
 749
 750         if (IS_ERR(resp)) {
 751                 rc = PTR_ERR(resp);
 752                 resp = NULL;
 753                 goto exit;
 754         }
 755
 756         if (resp->len < DIGITAL_SENSF_RES_MIN_LENGTH) {
 757                 rc = -EIO;
 758                 goto exit;
 759         }
 760
 761         if (!DIGITAL_DRV_CAPS_IN_CRC(ddev)) {
 762                 rc = digital_skb_check_crc_f(resp);
 763                 if (rc) {
 764                         PROTOCOL_ERR("6.4.1.8");
 765                         goto exit;
 766                 }
 767         }
 768
 769         skb_pull(resp, 1);
 770
 771         memset(&target, 0, sizeof(struct nfc_target));
 772
 773         sensf_res = (struct digital_sensf_res *)resp->data;
 774
 775         memcpy(target.sensf_res, sensf_res, resp->len);
 776         target.sensf_res_len = resp->len;
 777
 778         memcpy(target.nfcid2, sensf_res->nfcid2, NFC_NFCID2_MAXSIZE);
 779         target.nfcid2_len = NFC_NFCID2_MAXSIZE;
 780
 781         if (target.nfcid2[0] == DIGITAL_SENSF_NFCID2_NFC_DEP_B1 &&
 782             target.nfcid2[1] == DIGITAL_SENSF_NFCID2_NFC_DEP_B2)
 783                 proto = NFC_PROTO_NFC_DEP;
 784         else
 785                 proto = NFC_PROTO_FELICA;
 786
 787         rc = digital_target_found(ddev, &target, proto);
 788
 789 exit:
 790         dev_kfree_skb(resp);
 791
 792         if (rc)
 793                 digital_poll_next_tech(ddev);
 794 }
 795
 796 int digital_in_send_sensf_req(struct nfc_digital_dev *ddev, u8 rf_tech)
 797 {
 798         struct digital_sensf_req *sensf_req;
 799         struct sk_buff *skb;
 800         int rc;
 801         u8 size;
 802
 803         rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_RF_TECH, rf_tech);
 804         if (rc)
 805                 return rc;
 806
 807         rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
 808                                      NFC_DIGITAL_FRAMING_NFCF);
 809         if (rc)
 810                 return rc;
 811
 812         size = sizeof(struct digital_sensf_req);
 813
 814         skb = digital_skb_alloc(ddev, size);
 815         if (!skb)
 816                 return -ENOMEM;
 817
 818         skb_put(skb, size);
 819
 820         sensf_req = (struct digital_sensf_req *)skb->data;
 821         sensf_req->cmd = DIGITAL_CMD_SENSF_REQ;
 822         sensf_req->sc1 = 0xFF;
 823         sensf_req->sc2 = 0xFF;
 824         sensf_req->rc = 0;
 825         sensf_req->tsn = 0;
 826
 827         *(u8 *)skb_push(skb, 1) = size + 1;
 828
 829         if (!DIGITAL_DRV_CAPS_IN_CRC(ddev))
 830                 digital_skb_add_crc_f(skb);
 831
 832         rc = digital_in_send_cmd(ddev, skb, 30, digital_in_recv_sensf_res,
 833                                  NULL);
 834         if (rc)
 835                 kfree_skb(skb);
 836
 837         return rc;
 838 }
 839
 840 static void digital_in_recv_iso15693_inv_res(struct nfc_digital_dev *ddev,
 841                 void *arg, struct sk_buff *resp)
 842 {
 843         struct digital_iso15693_inv_res *res;
 844         struct nfc_target *target = NULL;
 845         int rc;
 846
 847         if (IS_ERR(resp)) {
 848                 rc = PTR_ERR(resp);
 849                 resp = NULL;
 850                 goto out_free_skb;
 851         }
 852
 853         if (resp->len != sizeof(*res)) {
 854                 rc = -EIO;
 855                 goto out_free_skb;
 856         }
 857
 858         res = (struct digital_iso15693_inv_res *)resp->data;
 859
 860         if (!DIGITAL_ISO15693_RES_IS_VALID(res->flags)) {
 861                 PROTOCOL_ERR("ISO15693 - 10.3.1");
 862                 rc = -EINVAL;
 863                 goto out_free_skb;
 864         }
 865
 866         target = kzalloc(sizeof(*target), GFP_KERNEL);
 867         if (!target) {
 868                 rc = -ENOMEM;
 869                 goto out_free_skb;
 870         }
 871
 872         target->is_iso15693 = 1;
 873         target->iso15693_dsfid = res->dsfid;
 874         memcpy(target->iso15693_uid, &res->uid, sizeof(target->iso15693_uid));
 875
 876         rc = digital_target_found(ddev, target, NFC_PROTO_ISO15693);
 877
 878         kfree(target);
 879
 880 out_free_skb:
 881         dev_kfree_skb(resp);
 882
 883         if (rc)
 884                 digital_poll_next_tech(ddev);
 885 }
 886
 887 int digital_in_send_iso15693_inv_req(struct nfc_digital_dev *ddev, u8 rf_tech)
 888 {
 889         struct digital_iso15693_inv_req *req;
 890         struct sk_buff *skb;
 891         int rc;
 892
 893         rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_RF_TECH,
 894                                      NFC_DIGITAL_RF_TECH_ISO15693);
 895         if (rc)
 896                 return rc;
 897
 898         rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
 899                                      NFC_DIGITAL_FRAMING_ISO15693_INVENTORY);
 900         if (rc)
 901                 return rc;
 902
 903         skb = digital_skb_alloc(ddev, sizeof(*req));
 904         if (!skb)
 905                 return -ENOMEM;
 906
 907         skb_put(skb, sizeof(*req) - sizeof(req->mask)); /* No mask */
 908         req = (struct digital_iso15693_inv_req *)skb->data;
 909
 910         /* Single sub-carrier, high data rate, no AFI, single slot
 911          * Inventory command
 912          */
 913         req->flags = DIGITAL_ISO15693_REQ_FLAG_DATA_RATE |
 914                      DIGITAL_ISO15693_REQ_FLAG_INVENTORY |
 915                      DIGITAL_ISO15693_REQ_FLAG_NB_SLOTS;
 916         req->cmd = DIGITAL_CMD_ISO15693_INVENTORY_REQ;
 917         req->mask_len = 0;
 918
 919         rc = digital_in_send_cmd(ddev, skb, 30,
 920                                  digital_in_recv_iso15693_inv_res, NULL);
 921         if (rc)
 922                 kfree_skb(skb);
 923
 924         return rc;
 925 }
 926
 927 static int digital_tg_send_sel_res(struct nfc_digital_dev *ddev)
 928 {
 929         struct sk_buff *skb;
 930         int rc;
 931
 932         skb = digital_skb_alloc(ddev, 1);
 933         if (!skb)
 934                 return -ENOMEM;
 935
 936         skb_put_u8(skb, DIGITAL_SEL_RES_NFC_DEP);
 937
 938         if (!DIGITAL_DRV_CAPS_TG_CRC(ddev))
 939                 digital_skb_add_crc_a(skb);
 940
 941         rc = digital_tg_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
 942                                      NFC_DIGITAL_FRAMING_NFCA_ANTICOL_COMPLETE);
 943         if (rc) {
 944                 kfree_skb(skb);
 945                 return rc;
 946         }
 947
 948         rc = digital_tg_send_cmd(ddev, skb, 300, digital_tg_recv_atr_req,
 949                                  NULL);
 950         if (rc)
 951                 kfree_skb(skb);
 952
 953         return rc;
 954 }
 955
 956 static void digital_tg_recv_sel_req(struct nfc_digital_dev *ddev, void *arg,
 957                                     struct sk_buff *resp)
 958 {
 959         int rc;
 960
 961         if (IS_ERR(resp)) {
 962                 rc = PTR_ERR(resp);
 963                 resp = NULL;
 964                 goto exit;
 965         }
 966
 967         if (!DIGITAL_DRV_CAPS_TG_CRC(ddev)) {
 968                 rc = digital_skb_check_crc_a(resp);
 969                 if (rc) {
 970                         PROTOCOL_ERR("4.4.1.3");
 971                         goto exit;
 972                 }
 973         }
 974
 975         /* Silently ignore SEL_REQ content and send a SEL_RES for NFC-DEP */
 976
 977         rc = digital_tg_send_sel_res(ddev);
 978
 979 exit:
 980         if (rc)
 981                 digital_poll_next_tech(ddev);
 982
 983         dev_kfree_skb(resp);
 984 }
 985
 986 static int digital_tg_send_sdd_res(struct nfc_digital_dev *ddev)
 987 {
 988         struct sk_buff *skb;
 989         struct digital_sdd_res *sdd_res;
 990         int rc, i;
 991
 992         skb = digital_skb_alloc(ddev, sizeof(struct digital_sdd_res));
 993         if (!skb)
 994                 return -ENOMEM;
 995
 996         skb_put(skb, sizeof(struct digital_sdd_res));
 997         sdd_res = (struct digital_sdd_res *)skb->data;
 998
 999         sdd_res->nfcid1[0] = 0x08;
1000         get_random_bytes(sdd_res->nfcid1 + 1, 3);
1001
1002         sdd_res->bcc = 0;
1003         for (i = 0; i < 4; i++)
1004                 sdd_res->bcc ^= sdd_res->nfcid1[i];
1005
1006         rc = digital_tg_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
1007                                 NFC_DIGITAL_FRAMING_NFCA_STANDARD_WITH_CRC_A);
1008         if (rc) {
1009                 kfree_skb(skb);
1010                 return rc;
1011         }
1012
1013         rc = digital_tg_send_cmd(ddev, skb, 300, digital_tg_recv_sel_req,
1014                                  NULL);
1015         if (rc)
1016                 kfree_skb(skb);
1017
1018         return rc;
1019 }
1020
1021 static void digital_tg_recv_sdd_req(struct nfc_digital_dev *ddev, void *arg,
1022                                     struct sk_buff *resp)
1023 {
1024         u8 *sdd_req;
1025         int rc;
1026
1027         if (IS_ERR(resp)) {
1028                 rc = PTR_ERR(resp);
1029                 resp = NULL;
1030                 goto exit;
1031         }
1032
1033         sdd_req = resp->data;
1034
1035         if (resp->len < 2 || sdd_req[0] != DIGITAL_CMD_SEL_REQ_CL1 ||
1036             sdd_req[1] != DIGITAL_SDD_REQ_SEL_PAR) {
1037                 rc = -EINVAL;
1038                 goto exit;
1039         }
1040
1041         rc = digital_tg_send_sdd_res(ddev);
1042
1043 exit:
1044         if (rc)
1045                 digital_poll_next_tech(ddev);
1046
1047         dev_kfree_skb(resp);
1048 }
1049
1050 static int digital_tg_send_sens_res(struct nfc_digital_dev *ddev)
1051 {
1052         struct sk_buff *skb;
1053         u8 *sens_res;
1054         int rc;
1055
1056         skb = digital_skb_alloc(ddev, 2);
1057         if (!skb)
1058                 return -ENOMEM;
1059
1060         sens_res = skb_put(skb, 2);
1061
1062         sens_res[0] = (DIGITAL_SENS_RES_NFC_DEP >> 8) & 0xFF;
1063         sens_res[1] = DIGITAL_SENS_RES_NFC_DEP & 0xFF;
1064
1065         rc = digital_tg_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
1066                                      NFC_DIGITAL_FRAMING_NFCA_STANDARD);
1067         if (rc) {
1068                 kfree_skb(skb);
1069                 return rc;
1070         }
1071
1072         rc = digital_tg_send_cmd(ddev, skb, 300, digital_tg_recv_sdd_req,
1073                                  NULL);
1074         if (rc)
1075                 kfree_skb(skb);
1076
1077         return rc;
1078 }
1079
1080 void digital_tg_recv_sens_req(struct nfc_digital_dev *ddev, void *arg,
1081                               struct sk_buff *resp)
1082 {
1083         u8 sens_req;
1084         int rc;
1085
1086         if (IS_ERR(resp)) {
1087                 rc = PTR_ERR(resp);
1088                 resp = NULL;
1089                 goto exit;
1090         }
1091
1092         sens_req = resp->data[0];
1093
1094         if (!resp->len || (sens_req != DIGITAL_CMD_SENS_REQ &&
1095             sens_req != DIGITAL_CMD_ALL_REQ)) {
1096                 rc = -EINVAL;
1097                 goto exit;
1098         }
1099
1100         rc = digital_tg_send_sens_res(ddev);
1101
1102 exit:
1103         if (rc)
1104                 digital_poll_next_tech(ddev);
1105
1106         dev_kfree_skb(resp);
1107 }
1108
1109 static void digital_tg_recv_atr_or_sensf_req(struct nfc_digital_dev *ddev,
1110                 void *arg, struct sk_buff *resp)
1111 {
1112         if (!IS_ERR(resp) && (resp->len >= 2) &&
1113                         (resp->data[1] == DIGITAL_CMD_SENSF_REQ))
1114                 digital_tg_recv_sensf_req(ddev, arg, resp);
1115         else
1116                 digital_tg_recv_atr_req(ddev, arg, resp);
1117
1118         return;
1119 }
1120
1121 static int digital_tg_send_sensf_res(struct nfc_digital_dev *ddev,
1122                               struct digital_sensf_req *sensf_req)
1123 {
1124         struct sk_buff *skb;
1125         u8 size;
1126         int rc;
1127         struct digital_sensf_res *sensf_res;
1128
1129         size = sizeof(struct digital_sensf_res);
1130
1131         if (sensf_req->rc == DIGITAL_SENSF_REQ_RC_NONE)
1132                 size -= sizeof(sensf_res->rd);
1133
1134         skb = digital_skb_alloc(ddev, size);
1135         if (!skb)
1136                 return -ENOMEM;
1137
1138         skb_put(skb, size);
1139
1140         sensf_res = (struct digital_sensf_res *)skb->data;
1141
1142         memset(sensf_res, 0, size);
1143
1144         sensf_res->cmd = DIGITAL_CMD_SENSF_RES;
1145         sensf_res->nfcid2[0] = DIGITAL_SENSF_NFCID2_NFC_DEP_B1;
1146         sensf_res->nfcid2[1] = DIGITAL_SENSF_NFCID2_NFC_DEP_B2;
1147         get_random_bytes(&sensf_res->nfcid2[2], 6);
1148
1149         switch (sensf_req->rc) {
1150         case DIGITAL_SENSF_REQ_RC_SC:
1151                 sensf_res->rd[0] = sensf_req->sc1;
1152                 sensf_res->rd[1] = sensf_req->sc2;
1153                 break;
1154         case DIGITAL_SENSF_REQ_RC_AP:
1155                 sensf_res->rd[0] = DIGITAL_SENSF_RES_RD_AP_B1;
1156                 sensf_res->rd[1] = DIGITAL_SENSF_RES_RD_AP_B2;
1157                 break;
1158         }
1159
1160         *(u8 *)skb_push(skb, sizeof(u8)) = size + 1;
1161
1162         if (!DIGITAL_DRV_CAPS_TG_CRC(ddev))
1163                 digital_skb_add_crc_f(skb);
1164
1165         rc = digital_tg_send_cmd(ddev, skb, 300,
1166                                  digital_tg_recv_atr_or_sensf_req, NULL);
1167         if (rc)
1168                 kfree_skb(skb);
1169
1170         return rc;
1171 }
1172
1173 void digital_tg_recv_sensf_req(struct nfc_digital_dev *ddev, void *arg,
1174                                struct sk_buff *resp)
1175 {
1176         struct digital_sensf_req *sensf_req;
1177         int rc;
1178
1179         if (IS_ERR(resp)) {
1180                 rc = PTR_ERR(resp);
1181                 resp = NULL;
1182                 goto exit;
1183         }
1184
1185         if (!DIGITAL_DRV_CAPS_TG_CRC(ddev)) {
1186                 rc = digital_skb_check_crc_f(resp);
1187                 if (rc) {
1188                         PROTOCOL_ERR("6.4.1.8");
1189                         goto exit;
1190                 }
1191         }
1192
1193         if (resp->len != sizeof(struct digital_sensf_req) + 1) {
1194                 rc = -EINVAL;
1195                 goto exit;
1196         }
1197
1198         skb_pull(resp, 1);
1199         sensf_req = (struct digital_sensf_req *)resp->data;
1200
1201         if (sensf_req->cmd != DIGITAL_CMD_SENSF_REQ) {
1202                 rc = -EINVAL;
1203                 goto exit;
1204         }
1205
1206         rc = digital_tg_send_sensf_res(ddev, sensf_req);
1207
1208 exit:
1209         if (rc)
1210                 digital_poll_next_tech(ddev);
1211
1212         dev_kfree_skb(resp);
1213 }
1214
1215 static int digital_tg_config_nfca(struct nfc_digital_dev *ddev)
1216 {
1217         int rc;
1218
1219         rc = digital_tg_configure_hw(ddev, NFC_DIGITAL_CONFIG_RF_TECH,
1220                                      NFC_DIGITAL_RF_TECH_106A);
1221         if (rc)
1222                 return rc;
1223
1224         return digital_tg_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
1225                                        NFC_DIGITAL_FRAMING_NFCA_NFC_DEP);
1226 }
1227
1228 int digital_tg_listen_nfca(struct nfc_digital_dev *ddev, u8 rf_tech)
1229 {
1230         int rc;
1231
1232         rc = digital_tg_config_nfca(ddev);
1233         if (rc)
1234                 return rc;
1235
1236         return digital_tg_listen(ddev, 300, digital_tg_recv_sens_req, NULL);
1237 }
1238
1239 static int digital_tg_config_nfcf(struct nfc_digital_dev *ddev, u8 rf_tech)
1240 {
1241         int rc;
1242
1243         rc = digital_tg_configure_hw(ddev, NFC_DIGITAL_CONFIG_RF_TECH, rf_tech);
1244         if (rc)
1245                 return rc;
1246
1247         return digital_tg_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
1248                                        NFC_DIGITAL_FRAMING_NFCF_NFC_DEP);
1249 }
1250
1251 int digital_tg_listen_nfcf(struct nfc_digital_dev *ddev, u8 rf_tech)
1252 {
1253         int rc;
1254
1255         rc = digital_tg_config_nfcf(ddev, rf_tech);
1256         if (rc)
1257                 return rc;
1258
1259         return digital_tg_listen(ddev, 300, digital_tg_recv_sensf_req, NULL);
1260 }
1261
1262 void digital_tg_recv_md_req(struct nfc_digital_dev *ddev, void *arg,
1263                             struct sk_buff *resp)
1264 {
1265         u8 rf_tech;
1266         int rc;
1267
1268         if (IS_ERR(resp)) {
1269                 resp = NULL;
1270                 goto exit_free_skb;
1271         }
1272
1273         rc = ddev->ops->tg_get_rf_tech(ddev, &rf_tech);
1274         if (rc)
1275                 goto exit_free_skb;
1276
1277         switch (rf_tech) {
1278         case NFC_DIGITAL_RF_TECH_106A:
1279                 rc = digital_tg_config_nfca(ddev);
1280                 if (rc)
1281                         goto exit_free_skb;
1282                 digital_tg_recv_sens_req(ddev, arg, resp);
1283                 break;
1284         case NFC_DIGITAL_RF_TECH_212F:
1285         case NFC_DIGITAL_RF_TECH_424F:
1286                 rc = digital_tg_config_nfcf(ddev, rf_tech);
1287                 if (rc)
1288                         goto exit_free_skb;
1289                 digital_tg_recv_sensf_req(ddev, arg, resp);
1290                 break;
1291         default:
1292                 goto exit_free_skb;
1293         }
1294
1295         return;
1296
1297 exit_free_skb:
1298         digital_poll_next_tech(ddev);
1299         dev_kfree_skb(resp);
1300 }