1 /*
2 * HCI based Driver for STMicroelectronics NFC Chip
3 *
4 * Copyright (C) 2014 STMicroelectronics SAS. All rights reserved.
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms and conditions of the GNU General Public License,
8 * version 2, as published by the Free Software Foundation.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, see <http://www.gnu.org/licenses/>.
17 */
18
19 #include <linux/module.h>
20 #include <linux/nfc.h>
21 #include <net/nfc/hci.h>
22 #include <net/nfc/llc.h>
23
24 #include "st21nfca.h"
25 #include "st21nfca_dep.h"
26 #include "st21nfca_se.h"
27
28 #define DRIVER_DESC "HCI NFC driver for ST21NFCA"
29
30 #define FULL_VERSION_LEN 3
31
32 /* Proprietary gates, events, commands and registers */
33
34 /* Commands that apply to all RF readers */
35 #define ST21NFCA_RF_READER_CMD_PRESENCE_CHECK 0x30
36
37 #define ST21NFCA_RF_READER_ISO15693_GATE 0x12
38 #define ST21NFCA_RF_READER_ISO15693_INVENTORY 0x01
39
40 /*
41 * Reader gate for communication with contact-less cards using Type A
42 * protocol ISO14443-3 but not compliant with ISO14443-4
43 */
44 #define ST21NFCA_RF_READER_14443_3_A_GATE 0x15
45 #define ST21NFCA_RF_READER_14443_3_A_UID 0x02
46 #define ST21NFCA_RF_READER_14443_3_A_ATQA 0x03
47 #define ST21NFCA_RF_READER_14443_3_A_SAK 0x04
48
49 #define ST21NFCA_RF_READER_F_DATARATE 0x01
50 #define ST21NFCA_RF_READER_F_DATARATE_106 0x01
51 #define ST21NFCA_RF_READER_F_DATARATE_212 0x02
52 #define ST21NFCA_RF_READER_F_DATARATE_424 0x04
53 #define ST21NFCA_RF_READER_F_POL_REQ 0x02
54 #define ST21NFCA_RF_READER_F_POL_REQ_DEFAULT 0xffff0000
55 #define ST21NFCA_RF_READER_F_NFCID2 0x03
56 #define ST21NFCA_RF_READER_F_NFCID1 0x04
57
58 #define ST21NFCA_RF_CARD_F_MODE 0x01
59 #define ST21NFCA_RF_CARD_F_NFCID2_LIST 0x04
60 #define ST21NFCA_RF_CARD_F_NFCID1 0x05
61 #define ST21NFCA_RF_CARD_F_SENS_RES 0x06
62 #define ST21NFCA_RF_CARD_F_SEL_RES 0x07
63 #define ST21NFCA_RF_CARD_F_DATARATE 0x08
64 #define ST21NFCA_RF_CARD_F_DATARATE_212_424 0x01
65
66 #define ST21NFCA_DEVICE_MGNT_PIPE 0x02
67
68 #define ST21NFCA_DM_GETINFO 0x13
69 #define ST21NFCA_DM_GETINFO_PIPE_LIST 0x02
70 #define ST21NFCA_DM_GETINFO_PIPE_INFO 0x01
71 #define ST21NFCA_DM_PIPE_CREATED 0x02
72 #define ST21NFCA_DM_PIPE_OPEN 0x04
73 #define ST21NFCA_DM_RF_ACTIVE 0x80
74 #define ST21NFCA_DM_DISCONNECT 0x30
75
76 #define ST21NFCA_DM_IS_PIPE_OPEN(p) \
77 ((p & 0x0f) == (ST21NFCA_DM_PIPE_CREATED | ST21NFCA_DM_PIPE_OPEN))
78
79 #define ST21NFCA_NFC_MODE 0x03 /* NFC_MODE parameter*/
80
81 #define ST21NFCA_EVT_HOT_PLUG 0x03
82 #define ST21NFCA_EVT_HOT_PLUG_IS_INHIBITED(x) (x->data[0] & 0x80)
83
84 #define ST21NFCA_SE_TO_PIPES 2000
85
86 static DECLARE_BITMAP(dev_mask, ST21NFCA_NUM_DEVICES);
87
88 static struct nfc_hci_gate st21nfca_gates[] = {
89 {NFC_HCI_ADMIN_GATE, NFC_HCI_ADMIN_PIPE},
90 {NFC_HCI_LOOPBACK_GATE, NFC_HCI_INVALID_PIPE},
91 {NFC_HCI_ID_MGMT_GATE, NFC_HCI_INVALID_PIPE},
92 {NFC_HCI_LINK_MGMT_GATE, NFC_HCI_LINK_MGMT_PIPE},
93 {NFC_HCI_RF_READER_B_GATE, NFC_HCI_INVALID_PIPE},
94 {NFC_HCI_RF_READER_A_GATE, NFC_HCI_INVALID_PIPE},
95 {ST21NFCA_DEVICE_MGNT_GATE, ST21NFCA_DEVICE_MGNT_PIPE},
96 {ST21NFCA_RF_READER_F_GATE, NFC_HCI_INVALID_PIPE},
97 {ST21NFCA_RF_READER_14443_3_A_GATE, NFC_HCI_INVALID_PIPE},
98 {ST21NFCA_RF_READER_ISO15693_GATE, NFC_HCI_INVALID_PIPE},
99 {ST21NFCA_RF_CARD_F_GATE, NFC_HCI_INVALID_PIPE},
100
101 /* Secure element pipes are created by secure element host */
102 {ST21NFCA_CONNECTIVITY_GATE, NFC_HCI_DO_NOT_CREATE_PIPE},
103 {ST21NFCA_APDU_READER_GATE, NFC_HCI_DO_NOT_CREATE_PIPE},
104 };
105
106 struct st21nfca_pipe_info {
107 u8 pipe_state;
108 u8 src_host_id;
109 u8 src_gate_id;
110 u8 dst_host_id;
111 u8 dst_gate_id;
112 } __packed;
113
114 /* Largest headroom needed for outgoing custom commands */
115 #define ST21NFCA_CMDS_HEADROOM 7
116
st21nfca_hci_load_session(struct nfc_hci_dev * hdev)117 static int st21nfca_hci_load_session(struct nfc_hci_dev *hdev)
118 {
119 int i, j, r;
120 struct sk_buff *skb_pipe_list, *skb_pipe_info;
121 struct st21nfca_pipe_info *info;
122
123 u8 pipe_list[] = { ST21NFCA_DM_GETINFO_PIPE_LIST,
124 NFC_HCI_TERMINAL_HOST_ID
125 };
126 u8 pipe_info[] = { ST21NFCA_DM_GETINFO_PIPE_INFO,
127 NFC_HCI_TERMINAL_HOST_ID, 0
128 };
129
130 /* On ST21NFCA device pipes number are dynamics
131 * A maximum of 16 pipes can be created at the same time
132 * If pipes are already created, hci_dev_up will fail.
133 * Doing a clear all pipe is a bad idea because:
134 * - It does useless EEPROM cycling
135 * - It might cause issue for secure elements support
136 * (such as removing connectivity or APDU reader pipe)
137 * A better approach on ST21NFCA is to:
138 * - get a pipe list for each host.
139 * (eg: NFC_HCI_HOST_CONTROLLER_ID for now).
140 * (TODO Later on UICC HOST and eSE HOST)
141 * - get pipe information
142 * - match retrieved pipe list in st21nfca_gates
143 * ST21NFCA_DEVICE_MGNT_GATE is a proprietary gate
144 * with ST21NFCA_DEVICE_MGNT_PIPE.
145 * Pipe can be closed and need to be open.
146 */
147 r = nfc_hci_connect_gate(hdev, NFC_HCI_HOST_CONTROLLER_ID,
148 ST21NFCA_DEVICE_MGNT_GATE,
149 ST21NFCA_DEVICE_MGNT_PIPE);
150 if (r < 0)
151 return r;
152
153 /* Get pipe list */
154 r = nfc_hci_send_cmd(hdev, ST21NFCA_DEVICE_MGNT_GATE,
155 ST21NFCA_DM_GETINFO, pipe_list, sizeof(pipe_list),
156 &skb_pipe_list);
157 if (r < 0)
158 return r;
159
160 /* Complete the existing gate_pipe table */
161 for (i = 0; i < skb_pipe_list->len; i++) {
162 pipe_info[2] = skb_pipe_list->data[i];
163 r = nfc_hci_send_cmd(hdev, ST21NFCA_DEVICE_MGNT_GATE,
164 ST21NFCA_DM_GETINFO, pipe_info,
165 sizeof(pipe_info), &skb_pipe_info);
166
167 if (r)
168 continue;
169
170 /*
171 * Match pipe ID and gate ID
172 * Output format from ST21NFC_DM_GETINFO is:
173 * - pipe state (1byte)
174 * - source hid (1byte)
175 * - source gid (1byte)
176 * - destination hid (1byte)
177 * - destination gid (1byte)
178 */
179 info = (struct st21nfca_pipe_info *) skb_pipe_info->data;
180 if (info->dst_gate_id == ST21NFCA_APDU_READER_GATE &&
181 info->src_host_id != ST21NFCA_ESE_HOST_ID) {
182 pr_err("Unexpected apdu_reader pipe on host %x\n",
183 info->src_host_id);
184 kfree_skb(skb_pipe_info);
185 continue;
186 }
187
188 for (j = 0; (j < ARRAY_SIZE(st21nfca_gates)) &&
189 (st21nfca_gates[j].gate != info->dst_gate_id) ; j++)
190 ;
191
192 if (j < ARRAY_SIZE(st21nfca_gates) &&
193 st21nfca_gates[j].gate == info->dst_gate_id &&
194 ST21NFCA_DM_IS_PIPE_OPEN(info->pipe_state)) {
195 st21nfca_gates[j].pipe = pipe_info[2];
196
197 hdev->gate2pipe[st21nfca_gates[j].gate] =
198 st21nfca_gates[j].pipe;
199 hdev->pipes[st21nfca_gates[j].pipe].gate =
200 st21nfca_gates[j].gate;
201 hdev->pipes[st21nfca_gates[j].pipe].dest_host =
202 info->src_host_id;
203 }
204 kfree_skb(skb_pipe_info);
205 }
206
207 /*
208 * 3 gates have a well known pipe ID.
209 * They will never appear in the pipe list
210 */
211 if (skb_pipe_list->len + 3 < ARRAY_SIZE(st21nfca_gates)) {
212 for (i = skb_pipe_list->len + 3;
213 i < ARRAY_SIZE(st21nfca_gates) - 2; i++) {
214 r = nfc_hci_connect_gate(hdev,
215 NFC_HCI_HOST_CONTROLLER_ID,
216 st21nfca_gates[i].gate,
217 st21nfca_gates[i].pipe);
218 if (r < 0)
219 goto free_list;
220 }
221 }
222
223 memcpy(hdev->init_data.gates, st21nfca_gates, sizeof(st21nfca_gates));
224 free_list:
225 kfree_skb(skb_pipe_list);
226 return r;
227 }
228
st21nfca_hci_open(struct nfc_hci_dev * hdev)229 static int st21nfca_hci_open(struct nfc_hci_dev *hdev)
230 {
231 struct st21nfca_hci_info *info = nfc_hci_get_clientdata(hdev);
232 int r;
233
234 mutex_lock(&info->info_lock);
235
236 if (info->state != ST21NFCA_ST_COLD) {
237 r = -EBUSY;
238 goto out;
239 }
240
241 r = info->phy_ops->enable(info->phy_id);
242
243 if (r == 0)
244 info->state = ST21NFCA_ST_READY;
245
246 out:
247 mutex_unlock(&info->info_lock);
248 return r;
249 }
250
st21nfca_hci_close(struct nfc_hci_dev * hdev)251 static void st21nfca_hci_close(struct nfc_hci_dev *hdev)
252 {
253 struct st21nfca_hci_info *info = nfc_hci_get_clientdata(hdev);
254
255 mutex_lock(&info->info_lock);
256
257 if (info->state == ST21NFCA_ST_COLD)
258 goto out;
259
260 info->phy_ops->disable(info->phy_id);
261 info->state = ST21NFCA_ST_COLD;
262
263 out:
264 mutex_unlock(&info->info_lock);
265 }
266
st21nfca_hci_ready(struct nfc_hci_dev * hdev)267 static int st21nfca_hci_ready(struct nfc_hci_dev *hdev)
268 {
269 struct st21nfca_hci_info *info = nfc_hci_get_clientdata(hdev);
270 struct sk_buff *skb;
271
272 u8 param;
273 u8 white_list[2];
274 int wl_size = 0;
275 int r;
276
277 if (info->se_status->is_ese_present &&
278 info->se_status->is_uicc_present) {
279 white_list[wl_size++] = NFC_HCI_UICC_HOST_ID;
280 white_list[wl_size++] = ST21NFCA_ESE_HOST_ID;
281 } else if (!info->se_status->is_ese_present &&
282 info->se_status->is_uicc_present) {
283 white_list[wl_size++] = NFC_HCI_UICC_HOST_ID;
284 } else if (info->se_status->is_ese_present &&
285 !info->se_status->is_uicc_present) {
286 white_list[wl_size++] = ST21NFCA_ESE_HOST_ID;
287 }
288
289 if (wl_size) {
290 r = nfc_hci_set_param(hdev, NFC_HCI_ADMIN_GATE,
291 NFC_HCI_ADMIN_WHITELIST,
292 (u8 *) &white_list, wl_size);
293 if (r < 0)
294 return r;
295 }
296
297 /* Set NFC_MODE in device management gate to enable */
298 r = nfc_hci_get_param(hdev, ST21NFCA_DEVICE_MGNT_GATE,
299 ST21NFCA_NFC_MODE, &skb);
300 if (r < 0)
301 return r;
302
303 param = skb->data[0];
304 kfree_skb(skb);
305 if (param == 0) {
306 param = 1;
307
308 r = nfc_hci_set_param(hdev, ST21NFCA_DEVICE_MGNT_GATE,
309 ST21NFCA_NFC_MODE, ¶m, 1);
310 if (r < 0)
311 return r;
312 }
313
314 r = nfc_hci_send_event(hdev, NFC_HCI_RF_READER_A_GATE,
315 NFC_HCI_EVT_END_OPERATION, NULL, 0);
316 if (r < 0)
317 return r;
318
319 r = nfc_hci_get_param(hdev, NFC_HCI_ID_MGMT_GATE,
320 NFC_HCI_ID_MGMT_VERSION_SW, &skb);
321 if (r < 0)
322 return r;
323
324 if (skb->len != FULL_VERSION_LEN) {
325 kfree_skb(skb);
326 return -EINVAL;
327 }
328
329 print_hex_dump(KERN_DEBUG, "FULL VERSION SOFTWARE INFO: ",
330 DUMP_PREFIX_NONE, 16, 1,
331 skb->data, FULL_VERSION_LEN, false);
332
333 kfree_skb(skb);
334
335 return 0;
336 }
337
st21nfca_hci_xmit(struct nfc_hci_dev * hdev,struct sk_buff * skb)338 static int st21nfca_hci_xmit(struct nfc_hci_dev *hdev, struct sk_buff *skb)
339 {
340 struct st21nfca_hci_info *info = nfc_hci_get_clientdata(hdev);
341
342 return info->phy_ops->write(info->phy_id, skb);
343 }
344
st21nfca_hci_start_poll(struct nfc_hci_dev * hdev,u32 im_protocols,u32 tm_protocols)345 static int st21nfca_hci_start_poll(struct nfc_hci_dev *hdev,
346 u32 im_protocols, u32 tm_protocols)
347 {
348 int r;
349 u32 pol_req;
350 u8 param[19];
351 struct sk_buff *datarate_skb;
352
353 pr_info(DRIVER_DESC ": %s protocols 0x%x 0x%x\n",
354 __func__, im_protocols, tm_protocols);
355
356 r = nfc_hci_send_event(hdev, NFC_HCI_RF_READER_A_GATE,
357 NFC_HCI_EVT_END_OPERATION, NULL, 0);
358 if (r < 0)
359 return r;
360 if (im_protocols) {
361 /*
362 * enable polling according to im_protocols & tm_protocols
363 * - CLOSE pipe according to im_protocols & tm_protocols
364 */
365 if ((NFC_HCI_RF_READER_B_GATE & im_protocols) == 0) {
366 r = nfc_hci_disconnect_gate(hdev,
367 NFC_HCI_RF_READER_B_GATE);
368 if (r < 0)
369 return r;
370 }
371
372 if ((NFC_HCI_RF_READER_A_GATE & im_protocols) == 0) {
373 r = nfc_hci_disconnect_gate(hdev,
374 NFC_HCI_RF_READER_A_GATE);
375 if (r < 0)
376 return r;
377 }
378
379 if ((ST21NFCA_RF_READER_F_GATE & im_protocols) == 0) {
380 r = nfc_hci_disconnect_gate(hdev,
381 ST21NFCA_RF_READER_F_GATE);
382 if (r < 0)
383 return r;
384 } else {
385 hdev->gb = nfc_get_local_general_bytes(hdev->ndev,
386 &hdev->gb_len);
387
388 if (hdev->gb == NULL || hdev->gb_len == 0) {
389 im_protocols &= ~NFC_PROTO_NFC_DEP_MASK;
390 tm_protocols &= ~NFC_PROTO_NFC_DEP_MASK;
391 }
392
393 param[0] = ST21NFCA_RF_READER_F_DATARATE_106 |
394 ST21NFCA_RF_READER_F_DATARATE_212 |
395 ST21NFCA_RF_READER_F_DATARATE_424;
396 r = nfc_hci_set_param(hdev, ST21NFCA_RF_READER_F_GATE,
397 ST21NFCA_RF_READER_F_DATARATE,
398 param, 1);
399 if (r < 0)
400 return r;
401
402 pol_req = be32_to_cpu((__force __be32)
403 ST21NFCA_RF_READER_F_POL_REQ_DEFAULT);
404 r = nfc_hci_set_param(hdev, ST21NFCA_RF_READER_F_GATE,
405 ST21NFCA_RF_READER_F_POL_REQ,
406 (u8 *) &pol_req, 4);
407 if (r < 0)
408 return r;
409 }
410
411 if ((ST21NFCA_RF_READER_14443_3_A_GATE & im_protocols) == 0) {
412 r = nfc_hci_disconnect_gate(hdev,
413 ST21NFCA_RF_READER_14443_3_A_GATE);
414 if (r < 0)
415 return r;
416 }
417
418 if ((ST21NFCA_RF_READER_ISO15693_GATE & im_protocols) == 0) {
419 r = nfc_hci_disconnect_gate(hdev,
420 ST21NFCA_RF_READER_ISO15693_GATE);
421 if (r < 0)
422 return r;
423 }
424
425 r = nfc_hci_send_event(hdev, NFC_HCI_RF_READER_A_GATE,
426 NFC_HCI_EVT_READER_REQUESTED, NULL, 0);
427 if (r < 0)
428 nfc_hci_send_event(hdev, NFC_HCI_RF_READER_A_GATE,
429 NFC_HCI_EVT_END_OPERATION, NULL, 0);
430 }
431
432 if (tm_protocols & NFC_PROTO_NFC_DEP_MASK) {
433 r = nfc_hci_get_param(hdev, ST21NFCA_RF_CARD_F_GATE,
434 ST21NFCA_RF_CARD_F_DATARATE,
435 &datarate_skb);
436 if (r < 0)
437 return r;
438
439 /* Configure the maximum supported datarate to 424Kbps */
440 if (datarate_skb->len > 0 &&
441 datarate_skb->data[0] !=
442 ST21NFCA_RF_CARD_F_DATARATE_212_424) {
443 param[0] = ST21NFCA_RF_CARD_F_DATARATE_212_424;
444 r = nfc_hci_set_param(hdev, ST21NFCA_RF_CARD_F_GATE,
445 ST21NFCA_RF_CARD_F_DATARATE,
446 param, 1);
447 if (r < 0) {
448 kfree_skb(datarate_skb);
449 return r;
450 }
451 }
452 kfree_skb(datarate_skb);
453
454 /*
455 * Configure sens_res
456 *
457 * NFC Forum Digital Spec Table 7:
458 * NFCID1 size: triple (10 bytes)
459 */
460 param[0] = 0x00;
461 param[1] = 0x08;
462 r = nfc_hci_set_param(hdev, ST21NFCA_RF_CARD_F_GATE,
463 ST21NFCA_RF_CARD_F_SENS_RES, param, 2);
464 if (r < 0)
465 return r;
466
467 /*
468 * Configure sel_res
469 *
470 * NFC Forum Digistal Spec Table 17:
471 * b3 set to 0b (value b7-b6):
472 * - 10b: Configured for NFC-DEP Protocol
473 */
474 param[0] = 0x40;
475 r = nfc_hci_set_param(hdev, ST21NFCA_RF_CARD_F_GATE,
476 ST21NFCA_RF_CARD_F_SEL_RES, param, 1);
477 if (r < 0)
478 return r;
479
480 /* Configure NFCID1 Random uid */
481 r = nfc_hci_set_param(hdev, ST21NFCA_RF_CARD_F_GATE,
482 ST21NFCA_RF_CARD_F_NFCID1, NULL, 0);
483 if (r < 0)
484 return r;
485
486 /* Configure NFCID2_LIST */
487 /* System Code */
488 param[0] = 0x00;
489 param[1] = 0x00;
490 /* NFCID2 */
491 param[2] = 0x01;
492 param[3] = 0xfe;
493 param[4] = 'S';
494 param[5] = 'T';
495 param[6] = 'M';
496 param[7] = 'i';
497 param[8] = 'c';
498 param[9] = 'r';
499 /* 8 byte Pad bytes used for polling respone frame */
500
501 /*
502 * Configuration byte:
503 * - bit 0: define the default NFCID2 entry used when the
504 * system code is equal to 'FFFF'
505 * - bit 1: use a random value for lowest 6 bytes of
506 * NFCID2 value
507 * - bit 2: ignore polling request frame if request code
508 * is equal to '01'
509 * - Other bits are RFU
510 */
511 param[18] = 0x01;
512 r = nfc_hci_set_param(hdev, ST21NFCA_RF_CARD_F_GATE,
513 ST21NFCA_RF_CARD_F_NFCID2_LIST, param,
514 19);
515 if (r < 0)
516 return r;
517
518 param[0] = 0x02;
519 r = nfc_hci_set_param(hdev, ST21NFCA_RF_CARD_F_GATE,
520 ST21NFCA_RF_CARD_F_MODE, param, 1);
521 }
522
523 return r;
524 }
525
st21nfca_hci_stop_poll(struct nfc_hci_dev * hdev)526 static void st21nfca_hci_stop_poll(struct nfc_hci_dev *hdev)
527 {
528 nfc_hci_send_cmd(hdev, ST21NFCA_DEVICE_MGNT_GATE,
529 ST21NFCA_DM_DISCONNECT, NULL, 0, NULL);
530 }
531
st21nfca_get_iso14443_3_atqa(struct nfc_hci_dev * hdev,u16 * atqa)532 static int st21nfca_get_iso14443_3_atqa(struct nfc_hci_dev *hdev, u16 *atqa)
533 {
534 int r;
535 struct sk_buff *atqa_skb = NULL;
536
537 r = nfc_hci_get_param(hdev, ST21NFCA_RF_READER_14443_3_A_GATE,
538 ST21NFCA_RF_READER_14443_3_A_ATQA, &atqa_skb);
539 if (r < 0)
540 goto exit;
541
542 if (atqa_skb->len != 2) {
543 r = -EPROTO;
544 goto exit;
545 }
546
547 *atqa = be16_to_cpu(*(__be16 *) atqa_skb->data);
548
549 exit:
550 kfree_skb(atqa_skb);
551 return r;
552 }
553
st21nfca_get_iso14443_3_sak(struct nfc_hci_dev * hdev,u8 * sak)554 static int st21nfca_get_iso14443_3_sak(struct nfc_hci_dev *hdev, u8 *sak)
555 {
556 int r;
557 struct sk_buff *sak_skb = NULL;
558
559 r = nfc_hci_get_param(hdev, ST21NFCA_RF_READER_14443_3_A_GATE,
560 ST21NFCA_RF_READER_14443_3_A_SAK, &sak_skb);
561 if (r < 0)
562 goto exit;
563
564 if (sak_skb->len != 1) {
565 r = -EPROTO;
566 goto exit;
567 }
568
569 *sak = sak_skb->data[0];
570
571 exit:
572 kfree_skb(sak_skb);
573 return r;
574 }
575
st21nfca_get_iso14443_3_uid(struct nfc_hci_dev * hdev,u8 * uid,int * len)576 static int st21nfca_get_iso14443_3_uid(struct nfc_hci_dev *hdev, u8 *uid,
577 int *len)
578 {
579 int r;
580 struct sk_buff *uid_skb = NULL;
581
582 r = nfc_hci_get_param(hdev, ST21NFCA_RF_READER_14443_3_A_GATE,
583 ST21NFCA_RF_READER_14443_3_A_UID, &uid_skb);
584 if (r < 0)
585 goto exit;
586
587 if (uid_skb->len == 0 || uid_skb->len > NFC_NFCID1_MAXSIZE) {
588 r = -EPROTO;
589 goto exit;
590 }
591
592 memcpy(uid, uid_skb->data, uid_skb->len);
593 *len = uid_skb->len;
594 exit:
595 kfree_skb(uid_skb);
596 return r;
597 }
598
st21nfca_get_iso15693_inventory(struct nfc_hci_dev * hdev,struct nfc_target * target)599 static int st21nfca_get_iso15693_inventory(struct nfc_hci_dev *hdev,
600 struct nfc_target *target)
601 {
602 int r;
603 struct sk_buff *inventory_skb = NULL;
604
605 r = nfc_hci_get_param(hdev, ST21NFCA_RF_READER_ISO15693_GATE,
606 ST21NFCA_RF_READER_ISO15693_INVENTORY,
607 &inventory_skb);
608 if (r < 0)
609 goto exit;
610
611 skb_pull(inventory_skb, 2);
612
613 if (inventory_skb->len == 0 ||
614 inventory_skb->len > NFC_ISO15693_UID_MAXSIZE) {
615 r = -EPROTO;
616 goto exit;
617 }
618
619 memcpy(target->iso15693_uid, inventory_skb->data, inventory_skb->len);
620 target->iso15693_dsfid = inventory_skb->data[1];
621 target->is_iso15693 = 1;
622 exit:
623 kfree_skb(inventory_skb);
624 return r;
625 }
626
st21nfca_hci_dep_link_up(struct nfc_hci_dev * hdev,struct nfc_target * target,u8 comm_mode,u8 * gb,size_t gb_len)627 static int st21nfca_hci_dep_link_up(struct nfc_hci_dev *hdev,
628 struct nfc_target *target, u8 comm_mode,
629 u8 *gb, size_t gb_len)
630 {
631 struct st21nfca_hci_info *info = nfc_hci_get_clientdata(hdev);
632
633 info->dep_info.idx = target->idx;
634 return st21nfca_im_send_atr_req(hdev, gb, gb_len);
635 }
636
st21nfca_hci_dep_link_down(struct nfc_hci_dev * hdev)637 static int st21nfca_hci_dep_link_down(struct nfc_hci_dev *hdev)
638 {
639 struct st21nfca_hci_info *info = nfc_hci_get_clientdata(hdev);
640
641 info->state = ST21NFCA_ST_READY;
642
643 return nfc_hci_send_cmd(hdev, ST21NFCA_DEVICE_MGNT_GATE,
644 ST21NFCA_DM_DISCONNECT, NULL, 0, NULL);
645 }
646
st21nfca_hci_target_from_gate(struct nfc_hci_dev * hdev,u8 gate,struct nfc_target * target)647 static int st21nfca_hci_target_from_gate(struct nfc_hci_dev *hdev, u8 gate,
648 struct nfc_target *target)
649 {
650 int r, len;
651 u16 atqa;
652 u8 sak;
653 u8 uid[NFC_NFCID1_MAXSIZE];
654
655 switch (gate) {
656 case ST21NFCA_RF_READER_F_GATE:
657 target->supported_protocols = NFC_PROTO_FELICA_MASK;
658 break;
659 case ST21NFCA_RF_READER_14443_3_A_GATE:
660 /* ISO14443-3 type 1 or 2 tags */
661 r = st21nfca_get_iso14443_3_atqa(hdev, &atqa);
662 if (r < 0)
663 return r;
664 if (atqa == 0x000c) {
665 target->supported_protocols = NFC_PROTO_JEWEL_MASK;
666 target->sens_res = 0x0c00;
667 } else {
668 r = st21nfca_get_iso14443_3_sak(hdev, &sak);
669 if (r < 0)
670 return r;
671
672 r = st21nfca_get_iso14443_3_uid(hdev, uid, &len);
673 if (r < 0)
674 return r;
675
676 target->supported_protocols =
677 nfc_hci_sak_to_protocol(sak);
678 if (target->supported_protocols == 0xffffffff)
679 return -EPROTO;
680
681 target->sens_res = atqa;
682 target->sel_res = sak;
683 memcpy(target->nfcid1, uid, len);
684 target->nfcid1_len = len;
685 }
686
687 break;
688 case ST21NFCA_RF_READER_ISO15693_GATE:
689 target->supported_protocols = NFC_PROTO_ISO15693_MASK;
690 r = st21nfca_get_iso15693_inventory(hdev, target);
691 if (r < 0)
692 return r;
693 break;
694 default:
695 return -EPROTO;
696 }
697
698 return 0;
699 }
700
st21nfca_hci_complete_target_discovered(struct nfc_hci_dev * hdev,u8 gate,struct nfc_target * target)701 static int st21nfca_hci_complete_target_discovered(struct nfc_hci_dev *hdev,
702 u8 gate,
703 struct nfc_target *target)
704 {
705 int r;
706 struct sk_buff *nfcid_skb = NULL;
707
708 if (gate == ST21NFCA_RF_READER_F_GATE) {
709 r = nfc_hci_get_param(hdev, ST21NFCA_RF_READER_F_GATE,
710 ST21NFCA_RF_READER_F_NFCID2, &nfcid_skb);
711 if (r < 0)
712 goto exit;
713
714 if (nfcid_skb->len > NFC_SENSF_RES_MAXSIZE) {
715 r = -EPROTO;
716 goto exit;
717 }
718
719 /*
720 * - After the recepton of polling response for type F frame
721 * at 212 or 424 Kbit/s, NFCID2 registry parameters will be
722 * updated.
723 * - After the reception of SEL_RES with NFCIP-1 compliant bit
724 * set for type A frame NFCID1 will be updated
725 */
726 if (nfcid_skb->len > 0) {
727 /* P2P in type F */
728 memcpy(target->sensf_res, nfcid_skb->data,
729 nfcid_skb->len);
730 target->sensf_res_len = nfcid_skb->len;
731 /* NFC Forum Digital Protocol Table 44 */
732 if (target->sensf_res[0] == 0x01 &&
733 target->sensf_res[1] == 0xfe)
734 target->supported_protocols =
735 NFC_PROTO_NFC_DEP_MASK;
736 else
737 target->supported_protocols =
738 NFC_PROTO_FELICA_MASK;
739 } else {
740 kfree_skb(nfcid_skb);
741 /* P2P in type A */
742 r = nfc_hci_get_param(hdev, ST21NFCA_RF_READER_F_GATE,
743 ST21NFCA_RF_READER_F_NFCID1,
744 &nfcid_skb);
745 if (r < 0)
746 goto exit;
747
748 if (nfcid_skb->len > NFC_NFCID1_MAXSIZE) {
749 r = -EPROTO;
750 goto exit;
751 }
752 memcpy(target->sensf_res, nfcid_skb->data,
753 nfcid_skb->len);
754 target->sensf_res_len = nfcid_skb->len;
755 target->supported_protocols = NFC_PROTO_NFC_DEP_MASK;
756 }
757 target->hci_reader_gate = ST21NFCA_RF_READER_F_GATE;
758 }
759 r = 1;
760 exit:
761 kfree_skb(nfcid_skb);
762 return r;
763 }
764
765 #define ST21NFCA_CB_TYPE_READER_ISO15693 1
st21nfca_hci_data_exchange_cb(void * context,struct sk_buff * skb,int err)766 static void st21nfca_hci_data_exchange_cb(void *context, struct sk_buff *skb,
767 int err)
768 {
769 struct st21nfca_hci_info *info = context;
770
771 switch (info->async_cb_type) {
772 case ST21NFCA_CB_TYPE_READER_ISO15693:
773 if (err == 0)
774 skb_trim(skb, skb->len - 1);
775 info->async_cb(info->async_cb_context, skb, err);
776 break;
777 default:
778 if (err == 0)
779 kfree_skb(skb);
780 break;
781 }
782 }
783
784 /*
785 * Returns:
786 * <= 0: driver handled the data exchange
787 * 1: driver doesn't especially handle, please do standard processing
788 */
st21nfca_hci_im_transceive(struct nfc_hci_dev * hdev,struct nfc_target * target,struct sk_buff * skb,data_exchange_cb_t cb,void * cb_context)789 static int st21nfca_hci_im_transceive(struct nfc_hci_dev *hdev,
790 struct nfc_target *target,
791 struct sk_buff *skb,
792 data_exchange_cb_t cb, void *cb_context)
793 {
794 struct st21nfca_hci_info *info = nfc_hci_get_clientdata(hdev);
795
796 pr_info(DRIVER_DESC ": %s for gate=%d len=%d\n", __func__,
797 target->hci_reader_gate, skb->len);
798
799 switch (target->hci_reader_gate) {
800 case ST21NFCA_RF_READER_F_GATE:
801 if (target->supported_protocols == NFC_PROTO_NFC_DEP_MASK)
802 return st21nfca_im_send_dep_req(hdev, skb);
803
804 *skb_push(skb, 1) = 0x1a;
805 return nfc_hci_send_cmd_async(hdev, target->hci_reader_gate,
806 ST21NFCA_WR_XCHG_DATA, skb->data,
807 skb->len, cb, cb_context);
808 case ST21NFCA_RF_READER_14443_3_A_GATE:
809 *skb_push(skb, 1) = 0x1a; /* CTR, see spec:10.2.2.1 */
810
811 return nfc_hci_send_cmd_async(hdev, target->hci_reader_gate,
812 ST21NFCA_WR_XCHG_DATA, skb->data,
813 skb->len, cb, cb_context);
814 case ST21NFCA_RF_READER_ISO15693_GATE:
815 info->async_cb_type = ST21NFCA_CB_TYPE_READER_ISO15693;
816 info->async_cb = cb;
817 info->async_cb_context = cb_context;
818
819 *skb_push(skb, 1) = 0x17;
820
821 return nfc_hci_send_cmd_async(hdev, target->hci_reader_gate,
822 ST21NFCA_WR_XCHG_DATA, skb->data,
823 skb->len,
824 st21nfca_hci_data_exchange_cb,
825 info);
826 break;
827 default:
828 return 1;
829 }
830 }
831
st21nfca_hci_tm_send(struct nfc_hci_dev * hdev,struct sk_buff * skb)832 static int st21nfca_hci_tm_send(struct nfc_hci_dev *hdev, struct sk_buff *skb)
833 {
834 return st21nfca_tm_send_dep_res(hdev, skb);
835 }
836
st21nfca_hci_check_presence(struct nfc_hci_dev * hdev,struct nfc_target * target)837 static int st21nfca_hci_check_presence(struct nfc_hci_dev *hdev,
838 struct nfc_target *target)
839 {
840 u8 fwi = 0x11;
841
842 switch (target->hci_reader_gate) {
843 case NFC_HCI_RF_READER_A_GATE:
844 case NFC_HCI_RF_READER_B_GATE:
845 /*
846 * PRESENCE_CHECK on those gates is available
847 * However, the answer to this command is taking 3 * fwi
848 * if the card is no present.
849 * Instead, we send an empty I-Frame with a very short
850 * configurable fwi ~604µs.
851 */
852 return nfc_hci_send_cmd(hdev, target->hci_reader_gate,
853 ST21NFCA_WR_XCHG_DATA, &fwi, 1, NULL);
854 case ST21NFCA_RF_READER_14443_3_A_GATE:
855 return nfc_hci_send_cmd(hdev, target->hci_reader_gate,
856 ST21NFCA_RF_READER_CMD_PRESENCE_CHECK,
857 NULL, 0, NULL);
858 default:
859 return -EOPNOTSUPP;
860 }
861 }
862
st21nfca_hci_cmd_received(struct nfc_hci_dev * hdev,u8 pipe,u8 cmd,struct sk_buff * skb)863 static void st21nfca_hci_cmd_received(struct nfc_hci_dev *hdev, u8 pipe, u8 cmd,
864 struct sk_buff *skb)
865 {
866 struct st21nfca_hci_info *info = nfc_hci_get_clientdata(hdev);
867 u8 gate = hdev->pipes[pipe].gate;
868
869 pr_debug("cmd: %x\n", cmd);
870
871 switch (cmd) {
872 case NFC_HCI_ANY_OPEN_PIPE:
873 if (gate != ST21NFCA_APDU_READER_GATE &&
874 hdev->pipes[pipe].dest_host != NFC_HCI_UICC_HOST_ID)
875 info->se_info.count_pipes++;
876
877 if (info->se_info.count_pipes == info->se_info.expected_pipes) {
878 del_timer_sync(&info->se_info.se_active_timer);
879 info->se_info.se_active = false;
880 info->se_info.count_pipes = 0;
881 complete(&info->se_info.req_completion);
882 }
883 break;
884 }
885 }
886
st21nfca_admin_event_received(struct nfc_hci_dev * hdev,u8 event,struct sk_buff * skb)887 static int st21nfca_admin_event_received(struct nfc_hci_dev *hdev, u8 event,
888 struct sk_buff *skb)
889 {
890 struct st21nfca_hci_info *info = nfc_hci_get_clientdata(hdev);
891
892 pr_debug("admin event: %x\n", event);
893
894 switch (event) {
895 case ST21NFCA_EVT_HOT_PLUG:
896 if (info->se_info.se_active) {
897 if (!ST21NFCA_EVT_HOT_PLUG_IS_INHIBITED(skb)) {
898 del_timer_sync(&info->se_info.se_active_timer);
899 info->se_info.se_active = false;
900 complete(&info->se_info.req_completion);
901 } else {
902 mod_timer(&info->se_info.se_active_timer,
903 jiffies +
904 msecs_to_jiffies(ST21NFCA_SE_TO_PIPES));
905 }
906 }
907 break;
908 }
909 kfree_skb(skb);
910 return 0;
911 }
912
913 /*
914 * Returns:
915 * <= 0: driver handled the event, skb consumed
916 * 1: driver does not handle the event, please do standard processing
917 */
st21nfca_hci_event_received(struct nfc_hci_dev * hdev,u8 pipe,u8 event,struct sk_buff * skb)918 static int st21nfca_hci_event_received(struct nfc_hci_dev *hdev, u8 pipe,
919 u8 event, struct sk_buff *skb)
920 {
921 u8 gate = hdev->pipes[pipe].gate;
922 u8 host = hdev->pipes[pipe].dest_host;
923
924 pr_debug("hci event: %d gate: %x\n", event, gate);
925
926 switch (gate) {
927 case NFC_HCI_ADMIN_GATE:
928 return st21nfca_admin_event_received(hdev, event, skb);
929 case ST21NFCA_RF_CARD_F_GATE:
930 return st21nfca_dep_event_received(hdev, event, skb);
931 case ST21NFCA_CONNECTIVITY_GATE:
932 return st21nfca_connectivity_event_received(hdev, host,
933 event, skb);
934 case ST21NFCA_APDU_READER_GATE:
935 return st21nfca_apdu_reader_event_received(hdev, event, skb);
936 default:
937 return 1;
938 }
939 }
940
941 static struct nfc_hci_ops st21nfca_hci_ops = {
942 .open = st21nfca_hci_open,
943 .close = st21nfca_hci_close,
944 .load_session = st21nfca_hci_load_session,
945 .hci_ready = st21nfca_hci_ready,
946 .xmit = st21nfca_hci_xmit,
947 .start_poll = st21nfca_hci_start_poll,
948 .stop_poll = st21nfca_hci_stop_poll,
949 .dep_link_up = st21nfca_hci_dep_link_up,
950 .dep_link_down = st21nfca_hci_dep_link_down,
951 .target_from_gate = st21nfca_hci_target_from_gate,
952 .complete_target_discovered = st21nfca_hci_complete_target_discovered,
953 .im_transceive = st21nfca_hci_im_transceive,
954 .tm_send = st21nfca_hci_tm_send,
955 .check_presence = st21nfca_hci_check_presence,
956 .event_received = st21nfca_hci_event_received,
957 .cmd_received = st21nfca_hci_cmd_received,
958 .discover_se = st21nfca_hci_discover_se,
959 .enable_se = st21nfca_hci_enable_se,
960 .disable_se = st21nfca_hci_disable_se,
961 .se_io = st21nfca_hci_se_io,
962 };
963
st21nfca_hci_probe(void * phy_id,struct nfc_phy_ops * phy_ops,char * llc_name,int phy_headroom,int phy_tailroom,int phy_payload,struct nfc_hci_dev ** hdev,struct st21nfca_se_status * se_status)964 int st21nfca_hci_probe(void *phy_id, struct nfc_phy_ops *phy_ops,
965 char *llc_name, int phy_headroom, int phy_tailroom,
966 int phy_payload, struct nfc_hci_dev **hdev,
967 struct st21nfca_se_status *se_status)
968 {
969 struct st21nfca_hci_info *info;
970 int r = 0;
971 int dev_num;
972 u32 protocols;
973 struct nfc_hci_init_data init_data;
974 unsigned long quirks = 0;
975
976 info = kzalloc(sizeof(struct st21nfca_hci_info), GFP_KERNEL);
977 if (!info) {
978 r = -ENOMEM;
979 goto err_alloc_hdev;
980 }
981
982 info->phy_ops = phy_ops;
983 info->phy_id = phy_id;
984 info->state = ST21NFCA_ST_COLD;
985 mutex_init(&info->info_lock);
986
987 init_data.gate_count = ARRAY_SIZE(st21nfca_gates);
988
989 memcpy(init_data.gates, st21nfca_gates, sizeof(st21nfca_gates));
990
991 /*
992 * Session id must include the driver name + i2c bus addr
993 * persistent info to discriminate 2 identical chips
994 */
995 dev_num = find_first_zero_bit(dev_mask, ST21NFCA_NUM_DEVICES);
996
997 if (dev_num >= ST21NFCA_NUM_DEVICES)
998 return -ENODEV;
999
1000 set_bit(dev_num, dev_mask);
1001
1002 scnprintf(init_data.session_id, sizeof(init_data.session_id), "%s%2x",
1003 "ST21AH", dev_num);
1004
1005 protocols = NFC_PROTO_JEWEL_MASK |
1006 NFC_PROTO_MIFARE_MASK |
1007 NFC_PROTO_FELICA_MASK |
1008 NFC_PROTO_ISO14443_MASK |
1009 NFC_PROTO_ISO14443_B_MASK |
1010 NFC_PROTO_ISO15693_MASK |
1011 NFC_PROTO_NFC_DEP_MASK;
1012
1013 set_bit(NFC_HCI_QUIRK_SHORT_CLEAR, &quirks);
1014
1015 info->hdev =
1016 nfc_hci_allocate_device(&st21nfca_hci_ops, &init_data, quirks,
1017 protocols, llc_name,
1018 phy_headroom + ST21NFCA_CMDS_HEADROOM,
1019 phy_tailroom, phy_payload);
1020
1021 if (!info->hdev) {
1022 pr_err("Cannot allocate nfc hdev.\n");
1023 r = -ENOMEM;
1024 goto err_alloc_hdev;
1025 }
1026
1027 info->se_status = se_status;
1028
1029 nfc_hci_set_clientdata(info->hdev, info);
1030
1031 r = nfc_hci_register_device(info->hdev);
1032 if (r)
1033 goto err_regdev;
1034
1035 *hdev = info->hdev;
1036 st21nfca_dep_init(info->hdev);
1037 st21nfca_se_init(info->hdev);
1038
1039 return 0;
1040
1041 err_regdev:
1042 nfc_hci_free_device(info->hdev);
1043
1044 err_alloc_hdev:
1045 kfree(info);
1046
1047 return r;
1048 }
1049 EXPORT_SYMBOL(st21nfca_hci_probe);
1050
st21nfca_hci_remove(struct nfc_hci_dev * hdev)1051 void st21nfca_hci_remove(struct nfc_hci_dev *hdev)
1052 {
1053 struct st21nfca_hci_info *info = nfc_hci_get_clientdata(hdev);
1054
1055 st21nfca_dep_deinit(hdev);
1056 st21nfca_se_deinit(hdev);
1057 nfc_hci_unregister_device(hdev);
1058 nfc_hci_free_device(hdev);
1059 kfree(info);
1060 }
1061 EXPORT_SYMBOL(st21nfca_hci_remove);
1062
1063 MODULE_LICENSE("GPL");
1064 MODULE_DESCRIPTION(DRIVER_DESC);
1065