1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * HCI based Driver for STMicroelectronics NFC Chip
4 *
5 * Copyright (C) 2014 STMicroelectronics SAS. All rights reserved.
6 */
7
8 #include <linux/module.h>
9 #include <linux/nfc.h>
10 #include <net/nfc/hci.h>
11
12 #include "st21nfca.h"
13
14 #define DRIVER_DESC "HCI NFC driver for ST21NFCA"
15
16 #define FULL_VERSION_LEN 3
17
18 /* Proprietary gates, events, commands and registers */
19
20 /* Commands that apply to all RF readers */
21 #define ST21NFCA_RF_READER_CMD_PRESENCE_CHECK 0x30
22
23 #define ST21NFCA_RF_READER_ISO15693_GATE 0x12
24 #define ST21NFCA_RF_READER_ISO15693_INVENTORY 0x01
25
26 /*
27 * Reader gate for communication with contact-less cards using Type A
28 * protocol ISO14443-3 but not compliant with ISO14443-4
29 */
30 #define ST21NFCA_RF_READER_14443_3_A_GATE 0x15
31 #define ST21NFCA_RF_READER_14443_3_A_UID 0x02
32 #define ST21NFCA_RF_READER_14443_3_A_ATQA 0x03
33 #define ST21NFCA_RF_READER_14443_3_A_SAK 0x04
34
35 #define ST21NFCA_RF_READER_F_DATARATE 0x01
36 #define ST21NFCA_RF_READER_F_DATARATE_106 0x01
37 #define ST21NFCA_RF_READER_F_DATARATE_212 0x02
38 #define ST21NFCA_RF_READER_F_DATARATE_424 0x04
39 #define ST21NFCA_RF_READER_F_POL_REQ 0x02
40 #define ST21NFCA_RF_READER_F_POL_REQ_DEFAULT 0xffff0000
41 #define ST21NFCA_RF_READER_F_NFCID2 0x03
42 #define ST21NFCA_RF_READER_F_NFCID1 0x04
43
44 #define ST21NFCA_RF_CARD_F_MODE 0x01
45 #define ST21NFCA_RF_CARD_F_NFCID2_LIST 0x04
46 #define ST21NFCA_RF_CARD_F_NFCID1 0x05
47 #define ST21NFCA_RF_CARD_F_SENS_RES 0x06
48 #define ST21NFCA_RF_CARD_F_SEL_RES 0x07
49 #define ST21NFCA_RF_CARD_F_DATARATE 0x08
50 #define ST21NFCA_RF_CARD_F_DATARATE_212_424 0x01
51
52 #define ST21NFCA_DEVICE_MGNT_PIPE 0x02
53
54 #define ST21NFCA_DM_GETINFO 0x13
55 #define ST21NFCA_DM_GETINFO_PIPE_LIST 0x02
56 #define ST21NFCA_DM_GETINFO_PIPE_INFO 0x01
57 #define ST21NFCA_DM_PIPE_CREATED 0x02
58 #define ST21NFCA_DM_PIPE_OPEN 0x04
59 #define ST21NFCA_DM_RF_ACTIVE 0x80
60 #define ST21NFCA_DM_DISCONNECT 0x30
61
62 #define ST21NFCA_DM_IS_PIPE_OPEN(p) \
63 ((p & 0x0f) == (ST21NFCA_DM_PIPE_CREATED | ST21NFCA_DM_PIPE_OPEN))
64
65 #define ST21NFCA_NFC_MODE 0x03 /* NFC_MODE parameter*/
66
67 #define ST21NFCA_EVT_HOT_PLUG 0x03
68 #define ST21NFCA_EVT_HOT_PLUG_IS_INHIBITED(x) (x->data[0] & 0x80)
69
70 #define ST21NFCA_SE_TO_PIPES 2000
71
72 static DECLARE_BITMAP(dev_mask, ST21NFCA_NUM_DEVICES);
73
74 static const struct nfc_hci_gate st21nfca_gates[] = {
75 {NFC_HCI_ADMIN_GATE, NFC_HCI_ADMIN_PIPE},
76 {NFC_HCI_LINK_MGMT_GATE, NFC_HCI_LINK_MGMT_PIPE},
77 {ST21NFCA_DEVICE_MGNT_GATE, ST21NFCA_DEVICE_MGNT_PIPE},
78
79 {NFC_HCI_LOOPBACK_GATE, NFC_HCI_INVALID_PIPE},
80 {NFC_HCI_ID_MGMT_GATE, NFC_HCI_INVALID_PIPE},
81 {NFC_HCI_RF_READER_B_GATE, NFC_HCI_INVALID_PIPE},
82 {NFC_HCI_RF_READER_A_GATE, NFC_HCI_INVALID_PIPE},
83 {ST21NFCA_RF_READER_F_GATE, NFC_HCI_INVALID_PIPE},
84 {ST21NFCA_RF_READER_14443_3_A_GATE, NFC_HCI_INVALID_PIPE},
85 {ST21NFCA_RF_READER_ISO15693_GATE, NFC_HCI_INVALID_PIPE},
86 {ST21NFCA_RF_CARD_F_GATE, NFC_HCI_INVALID_PIPE},
87
88 /* Secure element pipes are created by secure element host */
89 {ST21NFCA_CONNECTIVITY_GATE, NFC_HCI_DO_NOT_CREATE_PIPE},
90 {ST21NFCA_APDU_READER_GATE, NFC_HCI_DO_NOT_CREATE_PIPE},
91 };
92
93 struct st21nfca_pipe_info {
94 u8 pipe_state;
95 u8 src_host_id;
96 u8 src_gate_id;
97 u8 dst_host_id;
98 u8 dst_gate_id;
99 } __packed;
100
101 /* Largest headroom needed for outgoing custom commands */
102 #define ST21NFCA_CMDS_HEADROOM 7
103
st21nfca_hci_load_session(struct nfc_hci_dev * hdev)104 static int st21nfca_hci_load_session(struct nfc_hci_dev *hdev)
105 {
106 int i, j, r;
107 struct sk_buff *skb_pipe_list, *skb_pipe_info;
108 struct st21nfca_pipe_info *info;
109
110 u8 pipe_list[] = { ST21NFCA_DM_GETINFO_PIPE_LIST,
111 NFC_HCI_TERMINAL_HOST_ID
112 };
113 u8 pipe_info[] = { ST21NFCA_DM_GETINFO_PIPE_INFO,
114 NFC_HCI_TERMINAL_HOST_ID, 0
115 };
116
117 /* On ST21NFCA device pipes number are dynamics
118 * A maximum of 16 pipes can be created at the same time
119 * If pipes are already created, hci_dev_up will fail.
120 * Doing a clear all pipe is a bad idea because:
121 * - It does useless EEPROM cycling
122 * - It might cause issue for secure elements support
123 * (such as removing connectivity or APDU reader pipe)
124 * A better approach on ST21NFCA is to:
125 * - get a pipe list for each host.
126 * (eg: NFC_HCI_HOST_CONTROLLER_ID for now).
127 * (TODO Later on UICC HOST and eSE HOST)
128 * - get pipe information
129 * - match retrieved pipe list in st21nfca_gates
130 * ST21NFCA_DEVICE_MGNT_GATE is a proprietary gate
131 * with ST21NFCA_DEVICE_MGNT_PIPE.
132 * Pipe can be closed and need to be open.
133 */
134 r = nfc_hci_connect_gate(hdev, NFC_HCI_HOST_CONTROLLER_ID,
135 ST21NFCA_DEVICE_MGNT_GATE,
136 ST21NFCA_DEVICE_MGNT_PIPE);
137 if (r < 0)
138 return r;
139
140 /* Get pipe list */
141 r = nfc_hci_send_cmd(hdev, ST21NFCA_DEVICE_MGNT_GATE,
142 ST21NFCA_DM_GETINFO, pipe_list, sizeof(pipe_list),
143 &skb_pipe_list);
144 if (r < 0)
145 return r;
146
147 /* Complete the existing gate_pipe table */
148 for (i = 0; i < skb_pipe_list->len; i++) {
149 pipe_info[2] = skb_pipe_list->data[i];
150 r = nfc_hci_send_cmd(hdev, ST21NFCA_DEVICE_MGNT_GATE,
151 ST21NFCA_DM_GETINFO, pipe_info,
152 sizeof(pipe_info), &skb_pipe_info);
153 if (r)
154 continue;
155
156 /*
157 * Match pipe ID and gate ID
158 * Output format from ST21NFC_DM_GETINFO is:
159 * - pipe state (1byte)
160 * - source hid (1byte)
161 * - source gid (1byte)
162 * - destination hid (1byte)
163 * - destination gid (1byte)
164 */
165 info = (struct st21nfca_pipe_info *) skb_pipe_info->data;
166 if (info->dst_gate_id == ST21NFCA_APDU_READER_GATE &&
167 info->src_host_id == NFC_HCI_UICC_HOST_ID) {
168 pr_err("Unexpected apdu_reader pipe on host %x\n",
169 info->src_host_id);
170 kfree_skb(skb_pipe_info);
171 continue;
172 }
173
174 for (j = 3; (j < ARRAY_SIZE(st21nfca_gates)) &&
175 (st21nfca_gates[j].gate != info->dst_gate_id) ; j++)
176 ;
177
178 if (j < ARRAY_SIZE(st21nfca_gates) &&
179 st21nfca_gates[j].gate == info->dst_gate_id &&
180 ST21NFCA_DM_IS_PIPE_OPEN(info->pipe_state)) {
181 hdev->init_data.gates[j].pipe = pipe_info[2];
182
183 hdev->gate2pipe[st21nfca_gates[j].gate] =
184 pipe_info[2];
185 hdev->pipes[pipe_info[2]].gate =
186 st21nfca_gates[j].gate;
187 hdev->pipes[pipe_info[2]].dest_host =
188 info->src_host_id;
189 }
190 kfree_skb(skb_pipe_info);
191 }
192
193 /*
194 * 3 gates have a well known pipe ID. Only NFC_HCI_LINK_MGMT_GATE
195 * is not yet open at this stage.
196 */
197 r = nfc_hci_connect_gate(hdev, NFC_HCI_HOST_CONTROLLER_ID,
198 NFC_HCI_LINK_MGMT_GATE,
199 NFC_HCI_LINK_MGMT_PIPE);
200
201 kfree_skb(skb_pipe_list);
202 return r;
203 }
204
st21nfca_hci_open(struct nfc_hci_dev * hdev)205 static int st21nfca_hci_open(struct nfc_hci_dev *hdev)
206 {
207 struct st21nfca_hci_info *info = nfc_hci_get_clientdata(hdev);
208 int r;
209
210 mutex_lock(&info->info_lock);
211
212 if (info->state != ST21NFCA_ST_COLD) {
213 r = -EBUSY;
214 goto out;
215 }
216
217 r = info->phy_ops->enable(info->phy_id);
218
219 if (r == 0)
220 info->state = ST21NFCA_ST_READY;
221
222 out:
223 mutex_unlock(&info->info_lock);
224 return r;
225 }
226
st21nfca_hci_close(struct nfc_hci_dev * hdev)227 static void st21nfca_hci_close(struct nfc_hci_dev *hdev)
228 {
229 struct st21nfca_hci_info *info = nfc_hci_get_clientdata(hdev);
230
231 mutex_lock(&info->info_lock);
232
233 if (info->state == ST21NFCA_ST_COLD)
234 goto out;
235
236 info->phy_ops->disable(info->phy_id);
237 info->state = ST21NFCA_ST_COLD;
238
239 out:
240 mutex_unlock(&info->info_lock);
241 }
242
st21nfca_hci_ready(struct nfc_hci_dev * hdev)243 static int st21nfca_hci_ready(struct nfc_hci_dev *hdev)
244 {
245 struct st21nfca_hci_info *info = nfc_hci_get_clientdata(hdev);
246 struct sk_buff *skb;
247
248 u8 param;
249 u8 white_list[2];
250 int wl_size = 0;
251 int r;
252
253 if (info->se_status->is_uicc_present)
254 white_list[wl_size++] = NFC_HCI_UICC_HOST_ID;
255 if (info->se_status->is_ese_present)
256 white_list[wl_size++] = ST21NFCA_ESE_HOST_ID;
257
258 if (wl_size) {
259 r = nfc_hci_set_param(hdev, NFC_HCI_ADMIN_GATE,
260 NFC_HCI_ADMIN_WHITELIST,
261 (u8 *) &white_list, wl_size);
262 if (r < 0)
263 return r;
264 }
265
266 /* Set NFC_MODE in device management gate to enable */
267 r = nfc_hci_get_param(hdev, ST21NFCA_DEVICE_MGNT_GATE,
268 ST21NFCA_NFC_MODE, &skb);
269 if (r < 0)
270 return r;
271
272 param = skb->data[0];
273 kfree_skb(skb);
274 if (param == 0) {
275 param = 1;
276
277 r = nfc_hci_set_param(hdev, ST21NFCA_DEVICE_MGNT_GATE,
278 ST21NFCA_NFC_MODE, ¶m, 1);
279 if (r < 0)
280 return r;
281 }
282
283 r = nfc_hci_send_event(hdev, NFC_HCI_RF_READER_A_GATE,
284 NFC_HCI_EVT_END_OPERATION, NULL, 0);
285 if (r < 0)
286 return r;
287
288 r = nfc_hci_get_param(hdev, NFC_HCI_ID_MGMT_GATE,
289 NFC_HCI_ID_MGMT_VERSION_SW, &skb);
290 if (r < 0)
291 return r;
292
293 if (skb->len != FULL_VERSION_LEN) {
294 kfree_skb(skb);
295 return -EINVAL;
296 }
297
298 print_hex_dump(KERN_DEBUG, "FULL VERSION SOFTWARE INFO: ",
299 DUMP_PREFIX_NONE, 16, 1,
300 skb->data, FULL_VERSION_LEN, false);
301
302 kfree_skb(skb);
303
304 return 0;
305 }
306
st21nfca_hci_xmit(struct nfc_hci_dev * hdev,struct sk_buff * skb)307 static int st21nfca_hci_xmit(struct nfc_hci_dev *hdev, struct sk_buff *skb)
308 {
309 struct st21nfca_hci_info *info = nfc_hci_get_clientdata(hdev);
310
311 return info->phy_ops->write(info->phy_id, skb);
312 }
313
st21nfca_hci_start_poll(struct nfc_hci_dev * hdev,u32 im_protocols,u32 tm_protocols)314 static int st21nfca_hci_start_poll(struct nfc_hci_dev *hdev,
315 u32 im_protocols, u32 tm_protocols)
316 {
317 int r;
318 u32 pol_req;
319 u8 param[19];
320 struct sk_buff *datarate_skb;
321
322 pr_info(DRIVER_DESC ": %s protocols 0x%x 0x%x\n",
323 __func__, im_protocols, tm_protocols);
324
325 r = nfc_hci_send_event(hdev, NFC_HCI_RF_READER_A_GATE,
326 NFC_HCI_EVT_END_OPERATION, NULL, 0);
327 if (r < 0)
328 return r;
329 if (im_protocols) {
330 /*
331 * enable polling according to im_protocols & tm_protocols
332 * - CLOSE pipe according to im_protocols & tm_protocols
333 */
334 if ((NFC_HCI_RF_READER_B_GATE & im_protocols) == 0) {
335 r = nfc_hci_disconnect_gate(hdev,
336 NFC_HCI_RF_READER_B_GATE);
337 if (r < 0)
338 return r;
339 }
340
341 if ((NFC_HCI_RF_READER_A_GATE & im_protocols) == 0) {
342 r = nfc_hci_disconnect_gate(hdev,
343 NFC_HCI_RF_READER_A_GATE);
344 if (r < 0)
345 return r;
346 }
347
348 if ((ST21NFCA_RF_READER_F_GATE & im_protocols) == 0) {
349 r = nfc_hci_disconnect_gate(hdev,
350 ST21NFCA_RF_READER_F_GATE);
351 if (r < 0)
352 return r;
353 } else {
354 hdev->gb = nfc_get_local_general_bytes(hdev->ndev,
355 &hdev->gb_len);
356
357 if (hdev->gb == NULL || hdev->gb_len == 0) {
358 im_protocols &= ~NFC_PROTO_NFC_DEP_MASK;
359 tm_protocols &= ~NFC_PROTO_NFC_DEP_MASK;
360 }
361
362 param[0] = ST21NFCA_RF_READER_F_DATARATE_106 |
363 ST21NFCA_RF_READER_F_DATARATE_212 |
364 ST21NFCA_RF_READER_F_DATARATE_424;
365 r = nfc_hci_set_param(hdev, ST21NFCA_RF_READER_F_GATE,
366 ST21NFCA_RF_READER_F_DATARATE,
367 param, 1);
368 if (r < 0)
369 return r;
370
371 pol_req = be32_to_cpu((__force __be32)
372 ST21NFCA_RF_READER_F_POL_REQ_DEFAULT);
373 r = nfc_hci_set_param(hdev, ST21NFCA_RF_READER_F_GATE,
374 ST21NFCA_RF_READER_F_POL_REQ,
375 (u8 *) &pol_req, 4);
376 if (r < 0)
377 return r;
378 }
379
380 if ((ST21NFCA_RF_READER_14443_3_A_GATE & im_protocols) == 0) {
381 r = nfc_hci_disconnect_gate(hdev,
382 ST21NFCA_RF_READER_14443_3_A_GATE);
383 if (r < 0)
384 return r;
385 }
386
387 if ((ST21NFCA_RF_READER_ISO15693_GATE & im_protocols) == 0) {
388 r = nfc_hci_disconnect_gate(hdev,
389 ST21NFCA_RF_READER_ISO15693_GATE);
390 if (r < 0)
391 return r;
392 }
393
394 r = nfc_hci_send_event(hdev, NFC_HCI_RF_READER_A_GATE,
395 NFC_HCI_EVT_READER_REQUESTED, NULL, 0);
396 if (r < 0)
397 nfc_hci_send_event(hdev, NFC_HCI_RF_READER_A_GATE,
398 NFC_HCI_EVT_END_OPERATION, NULL, 0);
399 }
400
401 if (tm_protocols & NFC_PROTO_NFC_DEP_MASK) {
402 r = nfc_hci_get_param(hdev, ST21NFCA_RF_CARD_F_GATE,
403 ST21NFCA_RF_CARD_F_DATARATE,
404 &datarate_skb);
405 if (r < 0)
406 return r;
407
408 /* Configure the maximum supported datarate to 424Kbps */
409 if (datarate_skb->len > 0 &&
410 datarate_skb->data[0] !=
411 ST21NFCA_RF_CARD_F_DATARATE_212_424) {
412 param[0] = ST21NFCA_RF_CARD_F_DATARATE_212_424;
413 r = nfc_hci_set_param(hdev, ST21NFCA_RF_CARD_F_GATE,
414 ST21NFCA_RF_CARD_F_DATARATE,
415 param, 1);
416 if (r < 0) {
417 kfree_skb(datarate_skb);
418 return r;
419 }
420 }
421 kfree_skb(datarate_skb);
422
423 /*
424 * Configure sens_res
425 *
426 * NFC Forum Digital Spec Table 7:
427 * NFCID1 size: triple (10 bytes)
428 */
429 param[0] = 0x00;
430 param[1] = 0x08;
431 r = nfc_hci_set_param(hdev, ST21NFCA_RF_CARD_F_GATE,
432 ST21NFCA_RF_CARD_F_SENS_RES, param, 2);
433 if (r < 0)
434 return r;
435
436 /*
437 * Configure sel_res
438 *
439 * NFC Forum Digistal Spec Table 17:
440 * b3 set to 0b (value b7-b6):
441 * - 10b: Configured for NFC-DEP Protocol
442 */
443 param[0] = 0x40;
444 r = nfc_hci_set_param(hdev, ST21NFCA_RF_CARD_F_GATE,
445 ST21NFCA_RF_CARD_F_SEL_RES, param, 1);
446 if (r < 0)
447 return r;
448
449 /* Configure NFCID1 Random uid */
450 r = nfc_hci_set_param(hdev, ST21NFCA_RF_CARD_F_GATE,
451 ST21NFCA_RF_CARD_F_NFCID1, NULL, 0);
452 if (r < 0)
453 return r;
454
455 /* Configure NFCID2_LIST */
456 /* System Code */
457 param[0] = 0x00;
458 param[1] = 0x00;
459 /* NFCID2 */
460 param[2] = 0x01;
461 param[3] = 0xfe;
462 param[4] = 'S';
463 param[5] = 'T';
464 param[6] = 'M';
465 param[7] = 'i';
466 param[8] = 'c';
467 param[9] = 'r';
468 /* 8 byte Pad bytes used for polling respone frame */
469
470 /*
471 * Configuration byte:
472 * - bit 0: define the default NFCID2 entry used when the
473 * system code is equal to 'FFFF'
474 * - bit 1: use a random value for lowest 6 bytes of
475 * NFCID2 value
476 * - bit 2: ignore polling request frame if request code
477 * is equal to '01'
478 * - Other bits are RFU
479 */
480 param[18] = 0x01;
481 r = nfc_hci_set_param(hdev, ST21NFCA_RF_CARD_F_GATE,
482 ST21NFCA_RF_CARD_F_NFCID2_LIST, param,
483 19);
484 if (r < 0)
485 return r;
486
487 param[0] = 0x02;
488 r = nfc_hci_set_param(hdev, ST21NFCA_RF_CARD_F_GATE,
489 ST21NFCA_RF_CARD_F_MODE, param, 1);
490 }
491
492 return r;
493 }
494
st21nfca_hci_stop_poll(struct nfc_hci_dev * hdev)495 static void st21nfca_hci_stop_poll(struct nfc_hci_dev *hdev)
496 {
497 nfc_hci_send_cmd(hdev, ST21NFCA_DEVICE_MGNT_GATE,
498 ST21NFCA_DM_DISCONNECT, NULL, 0, NULL);
499 }
500
st21nfca_get_iso14443_3_atqa(struct nfc_hci_dev * hdev,u16 * atqa)501 static int st21nfca_get_iso14443_3_atqa(struct nfc_hci_dev *hdev, u16 *atqa)
502 {
503 int r;
504 struct sk_buff *atqa_skb = NULL;
505
506 r = nfc_hci_get_param(hdev, ST21NFCA_RF_READER_14443_3_A_GATE,
507 ST21NFCA_RF_READER_14443_3_A_ATQA, &atqa_skb);
508 if (r < 0)
509 goto exit;
510
511 if (atqa_skb->len != 2) {
512 r = -EPROTO;
513 goto exit;
514 }
515
516 *atqa = be16_to_cpu(*(__be16 *) atqa_skb->data);
517
518 exit:
519 kfree_skb(atqa_skb);
520 return r;
521 }
522
st21nfca_get_iso14443_3_sak(struct nfc_hci_dev * hdev,u8 * sak)523 static int st21nfca_get_iso14443_3_sak(struct nfc_hci_dev *hdev, u8 *sak)
524 {
525 int r;
526 struct sk_buff *sak_skb = NULL;
527
528 r = nfc_hci_get_param(hdev, ST21NFCA_RF_READER_14443_3_A_GATE,
529 ST21NFCA_RF_READER_14443_3_A_SAK, &sak_skb);
530 if (r < 0)
531 goto exit;
532
533 if (sak_skb->len != 1) {
534 r = -EPROTO;
535 goto exit;
536 }
537
538 *sak = sak_skb->data[0];
539
540 exit:
541 kfree_skb(sak_skb);
542 return r;
543 }
544
st21nfca_get_iso14443_3_uid(struct nfc_hci_dev * hdev,u8 * uid,int * len)545 static int st21nfca_get_iso14443_3_uid(struct nfc_hci_dev *hdev, u8 *uid,
546 int *len)
547 {
548 int r;
549 struct sk_buff *uid_skb = NULL;
550
551 r = nfc_hci_get_param(hdev, ST21NFCA_RF_READER_14443_3_A_GATE,
552 ST21NFCA_RF_READER_14443_3_A_UID, &uid_skb);
553 if (r < 0)
554 goto exit;
555
556 if (uid_skb->len == 0 || uid_skb->len > NFC_NFCID1_MAXSIZE) {
557 r = -EPROTO;
558 goto exit;
559 }
560
561 memcpy(uid, uid_skb->data, uid_skb->len);
562 *len = uid_skb->len;
563 exit:
564 kfree_skb(uid_skb);
565 return r;
566 }
567
st21nfca_get_iso15693_inventory(struct nfc_hci_dev * hdev,struct nfc_target * target)568 static int st21nfca_get_iso15693_inventory(struct nfc_hci_dev *hdev,
569 struct nfc_target *target)
570 {
571 int r;
572 struct sk_buff *inventory_skb = NULL;
573
574 r = nfc_hci_get_param(hdev, ST21NFCA_RF_READER_ISO15693_GATE,
575 ST21NFCA_RF_READER_ISO15693_INVENTORY,
576 &inventory_skb);
577 if (r < 0)
578 goto exit;
579
580 skb_pull(inventory_skb, 2);
581
582 if (inventory_skb->len == 0 ||
583 inventory_skb->len > NFC_ISO15693_UID_MAXSIZE) {
584 r = -EPROTO;
585 goto exit;
586 }
587
588 memcpy(target->iso15693_uid, inventory_skb->data, inventory_skb->len);
589 target->iso15693_dsfid = inventory_skb->data[1];
590 target->is_iso15693 = 1;
591 exit:
592 kfree_skb(inventory_skb);
593 return r;
594 }
595
st21nfca_hci_dep_link_up(struct nfc_hci_dev * hdev,struct nfc_target * target,u8 comm_mode,u8 * gb,size_t gb_len)596 static int st21nfca_hci_dep_link_up(struct nfc_hci_dev *hdev,
597 struct nfc_target *target, u8 comm_mode,
598 u8 *gb, size_t gb_len)
599 {
600 struct st21nfca_hci_info *info = nfc_hci_get_clientdata(hdev);
601
602 info->dep_info.idx = target->idx;
603 return st21nfca_im_send_atr_req(hdev, gb, gb_len);
604 }
605
st21nfca_hci_dep_link_down(struct nfc_hci_dev * hdev)606 static int st21nfca_hci_dep_link_down(struct nfc_hci_dev *hdev)
607 {
608 struct st21nfca_hci_info *info = nfc_hci_get_clientdata(hdev);
609
610 info->state = ST21NFCA_ST_READY;
611
612 return nfc_hci_send_cmd(hdev, ST21NFCA_DEVICE_MGNT_GATE,
613 ST21NFCA_DM_DISCONNECT, NULL, 0, NULL);
614 }
615
st21nfca_hci_target_from_gate(struct nfc_hci_dev * hdev,u8 gate,struct nfc_target * target)616 static int st21nfca_hci_target_from_gate(struct nfc_hci_dev *hdev, u8 gate,
617 struct nfc_target *target)
618 {
619 int r, len;
620 u16 atqa;
621 u8 sak;
622 u8 uid[NFC_NFCID1_MAXSIZE];
623
624 switch (gate) {
625 case ST21NFCA_RF_READER_F_GATE:
626 target->supported_protocols = NFC_PROTO_FELICA_MASK;
627 break;
628 case ST21NFCA_RF_READER_14443_3_A_GATE:
629 /* ISO14443-3 type 1 or 2 tags */
630 r = st21nfca_get_iso14443_3_atqa(hdev, &atqa);
631 if (r < 0)
632 return r;
633 if (atqa == 0x000c) {
634 target->supported_protocols = NFC_PROTO_JEWEL_MASK;
635 target->sens_res = 0x0c00;
636 } else {
637 r = st21nfca_get_iso14443_3_sak(hdev, &sak);
638 if (r < 0)
639 return r;
640
641 r = st21nfca_get_iso14443_3_uid(hdev, uid, &len);
642 if (r < 0)
643 return r;
644
645 target->supported_protocols =
646 nfc_hci_sak_to_protocol(sak);
647 if (target->supported_protocols == 0xffffffff)
648 return -EPROTO;
649
650 target->sens_res = atqa;
651 target->sel_res = sak;
652 memcpy(target->nfcid1, uid, len);
653 target->nfcid1_len = len;
654 }
655
656 break;
657 case ST21NFCA_RF_READER_ISO15693_GATE:
658 target->supported_protocols = NFC_PROTO_ISO15693_MASK;
659 r = st21nfca_get_iso15693_inventory(hdev, target);
660 if (r < 0)
661 return r;
662 break;
663 default:
664 return -EPROTO;
665 }
666
667 return 0;
668 }
669
st21nfca_hci_complete_target_discovered(struct nfc_hci_dev * hdev,u8 gate,struct nfc_target * target)670 static int st21nfca_hci_complete_target_discovered(struct nfc_hci_dev *hdev,
671 u8 gate,
672 struct nfc_target *target)
673 {
674 int r;
675 struct sk_buff *nfcid_skb = NULL;
676
677 if (gate == ST21NFCA_RF_READER_F_GATE) {
678 r = nfc_hci_get_param(hdev, ST21NFCA_RF_READER_F_GATE,
679 ST21NFCA_RF_READER_F_NFCID2, &nfcid_skb);
680 if (r < 0)
681 goto exit;
682
683 if (nfcid_skb->len > NFC_SENSF_RES_MAXSIZE) {
684 r = -EPROTO;
685 goto exit;
686 }
687
688 /*
689 * - After the recepton of polling response for type F frame
690 * at 212 or 424 Kbit/s, NFCID2 registry parameters will be
691 * updated.
692 * - After the reception of SEL_RES with NFCIP-1 compliant bit
693 * set for type A frame NFCID1 will be updated
694 */
695 if (nfcid_skb->len > 0) {
696 /* P2P in type F */
697 memcpy(target->sensf_res, nfcid_skb->data,
698 nfcid_skb->len);
699 target->sensf_res_len = nfcid_skb->len;
700 /* NFC Forum Digital Protocol Table 44 */
701 if (target->sensf_res[0] == 0x01 &&
702 target->sensf_res[1] == 0xfe)
703 target->supported_protocols =
704 NFC_PROTO_NFC_DEP_MASK;
705 else
706 target->supported_protocols =
707 NFC_PROTO_FELICA_MASK;
708 } else {
709 kfree_skb(nfcid_skb);
710 nfcid_skb = NULL;
711 /* P2P in type A */
712 r = nfc_hci_get_param(hdev, ST21NFCA_RF_READER_F_GATE,
713 ST21NFCA_RF_READER_F_NFCID1,
714 &nfcid_skb);
715 if (r < 0)
716 goto exit;
717
718 if (nfcid_skb->len > NFC_NFCID1_MAXSIZE) {
719 r = -EPROTO;
720 goto exit;
721 }
722 memcpy(target->sensf_res, nfcid_skb->data,
723 nfcid_skb->len);
724 target->sensf_res_len = nfcid_skb->len;
725 target->supported_protocols = NFC_PROTO_NFC_DEP_MASK;
726 }
727 target->hci_reader_gate = ST21NFCA_RF_READER_F_GATE;
728 }
729 r = 1;
730 exit:
731 kfree_skb(nfcid_skb);
732 return r;
733 }
734
735 #define ST21NFCA_CB_TYPE_READER_ISO15693 1
st21nfca_hci_data_exchange_cb(void * context,struct sk_buff * skb,int err)736 static void st21nfca_hci_data_exchange_cb(void *context, struct sk_buff *skb,
737 int err)
738 {
739 struct st21nfca_hci_info *info = context;
740
741 switch (info->async_cb_type) {
742 case ST21NFCA_CB_TYPE_READER_ISO15693:
743 if (err == 0)
744 skb_trim(skb, skb->len - 1);
745 info->async_cb(info->async_cb_context, skb, err);
746 break;
747 default:
748 if (err == 0)
749 kfree_skb(skb);
750 break;
751 }
752 }
753
754 /*
755 * Returns:
756 * <= 0: driver handled the data exchange
757 * 1: driver doesn't especially handle, please do standard processing
758 */
st21nfca_hci_im_transceive(struct nfc_hci_dev * hdev,struct nfc_target * target,struct sk_buff * skb,data_exchange_cb_t cb,void * cb_context)759 static int st21nfca_hci_im_transceive(struct nfc_hci_dev *hdev,
760 struct nfc_target *target,
761 struct sk_buff *skb,
762 data_exchange_cb_t cb, void *cb_context)
763 {
764 struct st21nfca_hci_info *info = nfc_hci_get_clientdata(hdev);
765
766 pr_info(DRIVER_DESC ": %s for gate=%d len=%d\n", __func__,
767 target->hci_reader_gate, skb->len);
768
769 switch (target->hci_reader_gate) {
770 case ST21NFCA_RF_READER_F_GATE:
771 if (target->supported_protocols == NFC_PROTO_NFC_DEP_MASK)
772 return st21nfca_im_send_dep_req(hdev, skb);
773
774 *(u8 *)skb_push(skb, 1) = 0x1a;
775 return nfc_hci_send_cmd_async(hdev, target->hci_reader_gate,
776 ST21NFCA_WR_XCHG_DATA, skb->data,
777 skb->len, cb, cb_context);
778 case ST21NFCA_RF_READER_14443_3_A_GATE:
779 *(u8 *)skb_push(skb, 1) = 0x1a; /* CTR, see spec:10.2.2.1 */
780
781 return nfc_hci_send_cmd_async(hdev, target->hci_reader_gate,
782 ST21NFCA_WR_XCHG_DATA, skb->data,
783 skb->len, cb, cb_context);
784 case ST21NFCA_RF_READER_ISO15693_GATE:
785 info->async_cb_type = ST21NFCA_CB_TYPE_READER_ISO15693;
786 info->async_cb = cb;
787 info->async_cb_context = cb_context;
788
789 *(u8 *)skb_push(skb, 1) = 0x17;
790
791 return nfc_hci_send_cmd_async(hdev, target->hci_reader_gate,
792 ST21NFCA_WR_XCHG_DATA, skb->data,
793 skb->len,
794 st21nfca_hci_data_exchange_cb,
795 info);
796 default:
797 return 1;
798 }
799 }
800
st21nfca_hci_tm_send(struct nfc_hci_dev * hdev,struct sk_buff * skb)801 static int st21nfca_hci_tm_send(struct nfc_hci_dev *hdev, struct sk_buff *skb)
802 {
803 return st21nfca_tm_send_dep_res(hdev, skb);
804 }
805
st21nfca_hci_check_presence(struct nfc_hci_dev * hdev,struct nfc_target * target)806 static int st21nfca_hci_check_presence(struct nfc_hci_dev *hdev,
807 struct nfc_target *target)
808 {
809 u8 fwi = 0x11;
810
811 switch (target->hci_reader_gate) {
812 case NFC_HCI_RF_READER_A_GATE:
813 case NFC_HCI_RF_READER_B_GATE:
814 /*
815 * PRESENCE_CHECK on those gates is available
816 * However, the answer to this command is taking 3 * fwi
817 * if the card is no present.
818 * Instead, we send an empty I-Frame with a very short
819 * configurable fwi ~604µs.
820 */
821 return nfc_hci_send_cmd(hdev, target->hci_reader_gate,
822 ST21NFCA_WR_XCHG_DATA, &fwi, 1, NULL);
823 case ST21NFCA_RF_READER_14443_3_A_GATE:
824 return nfc_hci_send_cmd(hdev, target->hci_reader_gate,
825 ST21NFCA_RF_READER_CMD_PRESENCE_CHECK,
826 NULL, 0, NULL);
827 default:
828 return -EOPNOTSUPP;
829 }
830 }
831
st21nfca_hci_cmd_received(struct nfc_hci_dev * hdev,u8 pipe,u8 cmd,struct sk_buff * skb)832 static void st21nfca_hci_cmd_received(struct nfc_hci_dev *hdev, u8 pipe, u8 cmd,
833 struct sk_buff *skb)
834 {
835 struct st21nfca_hci_info *info = nfc_hci_get_clientdata(hdev);
836 u8 gate = hdev->pipes[pipe].gate;
837
838 pr_debug("cmd: %x\n", cmd);
839
840 switch (cmd) {
841 case NFC_HCI_ANY_OPEN_PIPE:
842 if (gate != ST21NFCA_APDU_READER_GATE &&
843 hdev->pipes[pipe].dest_host != NFC_HCI_UICC_HOST_ID)
844 info->se_info.count_pipes++;
845
846 if (info->se_info.count_pipes == info->se_info.expected_pipes) {
847 del_timer_sync(&info->se_info.se_active_timer);
848 info->se_info.se_active = false;
849 info->se_info.count_pipes = 0;
850 complete(&info->se_info.req_completion);
851 }
852 break;
853 }
854 }
855
st21nfca_admin_event_received(struct nfc_hci_dev * hdev,u8 event,struct sk_buff * skb)856 static int st21nfca_admin_event_received(struct nfc_hci_dev *hdev, u8 event,
857 struct sk_buff *skb)
858 {
859 struct st21nfca_hci_info *info = nfc_hci_get_clientdata(hdev);
860
861 pr_debug("admin event: %x\n", event);
862
863 switch (event) {
864 case ST21NFCA_EVT_HOT_PLUG:
865 if (info->se_info.se_active) {
866 if (!ST21NFCA_EVT_HOT_PLUG_IS_INHIBITED(skb)) {
867 del_timer_sync(&info->se_info.se_active_timer);
868 info->se_info.se_active = false;
869 complete(&info->se_info.req_completion);
870 } else {
871 mod_timer(&info->se_info.se_active_timer,
872 jiffies +
873 msecs_to_jiffies(ST21NFCA_SE_TO_PIPES));
874 }
875 }
876 break;
877 default:
878 nfc_err(&hdev->ndev->dev, "Unexpected event on admin gate\n");
879 }
880 kfree_skb(skb);
881 return 0;
882 }
883
884 /*
885 * Returns:
886 * <= 0: driver handled the event, skb consumed
887 * 1: driver does not handle the event, please do standard processing
888 */
st21nfca_hci_event_received(struct nfc_hci_dev * hdev,u8 pipe,u8 event,struct sk_buff * skb)889 static int st21nfca_hci_event_received(struct nfc_hci_dev *hdev, u8 pipe,
890 u8 event, struct sk_buff *skb)
891 {
892 u8 gate = hdev->pipes[pipe].gate;
893 u8 host = hdev->pipes[pipe].dest_host;
894
895 pr_debug("hci event: %d gate: %x\n", event, gate);
896
897 switch (gate) {
898 case NFC_HCI_ADMIN_GATE:
899 return st21nfca_admin_event_received(hdev, event, skb);
900 case ST21NFCA_RF_CARD_F_GATE:
901 return st21nfca_dep_event_received(hdev, event, skb);
902 case ST21NFCA_CONNECTIVITY_GATE:
903 return st21nfca_connectivity_event_received(hdev, host,
904 event, skb);
905 case ST21NFCA_APDU_READER_GATE:
906 return st21nfca_apdu_reader_event_received(hdev, event, skb);
907 case NFC_HCI_LOOPBACK_GATE:
908 return st21nfca_hci_loopback_event_received(hdev, event, skb);
909 default:
910 return 1;
911 }
912 }
913
914 static const struct nfc_hci_ops st21nfca_hci_ops = {
915 .open = st21nfca_hci_open,
916 .close = st21nfca_hci_close,
917 .load_session = st21nfca_hci_load_session,
918 .hci_ready = st21nfca_hci_ready,
919 .xmit = st21nfca_hci_xmit,
920 .start_poll = st21nfca_hci_start_poll,
921 .stop_poll = st21nfca_hci_stop_poll,
922 .dep_link_up = st21nfca_hci_dep_link_up,
923 .dep_link_down = st21nfca_hci_dep_link_down,
924 .target_from_gate = st21nfca_hci_target_from_gate,
925 .complete_target_discovered = st21nfca_hci_complete_target_discovered,
926 .im_transceive = st21nfca_hci_im_transceive,
927 .tm_send = st21nfca_hci_tm_send,
928 .check_presence = st21nfca_hci_check_presence,
929 .event_received = st21nfca_hci_event_received,
930 .cmd_received = st21nfca_hci_cmd_received,
931 .discover_se = st21nfca_hci_discover_se,
932 .enable_se = st21nfca_hci_enable_se,
933 .disable_se = st21nfca_hci_disable_se,
934 .se_io = st21nfca_hci_se_io,
935 };
936
st21nfca_hci_probe(void * phy_id,const struct nfc_phy_ops * phy_ops,char * llc_name,int phy_headroom,int phy_tailroom,int phy_payload,struct nfc_hci_dev ** hdev,struct st21nfca_se_status * se_status)937 int st21nfca_hci_probe(void *phy_id, const struct nfc_phy_ops *phy_ops,
938 char *llc_name, int phy_headroom, int phy_tailroom,
939 int phy_payload, struct nfc_hci_dev **hdev,
940 struct st21nfca_se_status *se_status)
941 {
942 struct st21nfca_hci_info *info;
943 int r = 0;
944 int dev_num;
945 u32 protocols;
946 struct nfc_hci_init_data init_data;
947 unsigned long quirks = 0;
948
949 info = kzalloc(sizeof(struct st21nfca_hci_info), GFP_KERNEL);
950 if (!info)
951 return -ENOMEM;
952
953 info->phy_ops = phy_ops;
954 info->phy_id = phy_id;
955 info->state = ST21NFCA_ST_COLD;
956 mutex_init(&info->info_lock);
957
958 init_data.gate_count = ARRAY_SIZE(st21nfca_gates);
959
960 memcpy(init_data.gates, st21nfca_gates, sizeof(st21nfca_gates));
961
962 /*
963 * Session id must include the driver name + i2c bus addr
964 * persistent info to discriminate 2 identical chips
965 */
966 dev_num = find_first_zero_bit(dev_mask, ST21NFCA_NUM_DEVICES);
967 if (dev_num >= ST21NFCA_NUM_DEVICES) {
968 r = -ENODEV;
969 goto err_alloc_hdev;
970 }
971
972 set_bit(dev_num, dev_mask);
973
974 scnprintf(init_data.session_id, sizeof(init_data.session_id), "%s%2x",
975 "ST21AH", dev_num);
976
977 protocols = NFC_PROTO_JEWEL_MASK |
978 NFC_PROTO_MIFARE_MASK |
979 NFC_PROTO_FELICA_MASK |
980 NFC_PROTO_ISO14443_MASK |
981 NFC_PROTO_ISO14443_B_MASK |
982 NFC_PROTO_ISO15693_MASK |
983 NFC_PROTO_NFC_DEP_MASK;
984
985 set_bit(NFC_HCI_QUIRK_SHORT_CLEAR, &quirks);
986
987 info->hdev =
988 nfc_hci_allocate_device(&st21nfca_hci_ops, &init_data, quirks,
989 protocols, llc_name,
990 phy_headroom + ST21NFCA_CMDS_HEADROOM,
991 phy_tailroom, phy_payload);
992
993 if (!info->hdev) {
994 pr_err("Cannot allocate nfc hdev.\n");
995 r = -ENOMEM;
996 goto err_alloc_hdev;
997 }
998
999 info->se_status = se_status;
1000
1001 nfc_hci_set_clientdata(info->hdev, info);
1002
1003 r = nfc_hci_register_device(info->hdev);
1004 if (r)
1005 goto err_regdev;
1006
1007 *hdev = info->hdev;
1008 st21nfca_dep_init(info->hdev);
1009 st21nfca_se_init(info->hdev);
1010 st21nfca_vendor_cmds_init(info->hdev);
1011
1012 return 0;
1013
1014 err_regdev:
1015 nfc_hci_free_device(info->hdev);
1016
1017 err_alloc_hdev:
1018 kfree(info);
1019
1020 return r;
1021 }
1022 EXPORT_SYMBOL(st21nfca_hci_probe);
1023
st21nfca_hci_remove(struct nfc_hci_dev * hdev)1024 void st21nfca_hci_remove(struct nfc_hci_dev *hdev)
1025 {
1026 struct st21nfca_hci_info *info = nfc_hci_get_clientdata(hdev);
1027
1028 st21nfca_dep_deinit(hdev);
1029 st21nfca_se_deinit(hdev);
1030 nfc_hci_unregister_device(hdev);
1031 nfc_hci_free_device(hdev);
1032 kfree(info);
1033 }
1034 EXPORT_SYMBOL(st21nfca_hci_remove);
1035
1036 MODULE_LICENSE("GPL");
1037 MODULE_DESCRIPTION(DRIVER_DESC);
1038