1 /* $NetBSD: hid.c,v 1.17 2001/11/13 06:24:53 lukem Exp $ */ 2 3 4 #include <sys/cdefs.h> 5 __FBSDID("$FreeBSD$"); 6 /*- 7 * Copyright (c) 1998 The NetBSD Foundation, Inc. 8 * All rights reserved. 9 * 10 * This code is derived from software contributed to The NetBSD Foundation 11 * by Lennart Augustsson (lennart@augustsson.net) at 12 * Carlstedt Research & Technology. 13 * 14 * Redistribution and use in source and binary forms, with or without 15 * modification, are permitted provided that the following conditions 16 * are met: 17 * 1. Redistributions of source code must retain the above copyright 18 * notice, this list of conditions and the following disclaimer. 19 * 2. Redistributions in binary form must reproduce the above copyright 20 * notice, this list of conditions and the following disclaimer in the 21 * documentation and/or other materials provided with the distribution. 22 * 3. All advertising materials mentioning features or use of this software 23 * must display the following acknowledgement: 24 * This product includes software developed by the NetBSD 25 * Foundation, Inc. and its contributors. 26 * 4. Neither the name of The NetBSD Foundation nor the names of its 27 * contributors may be used to endorse or promote products derived 28 * from this software without specific prior written permission. 29 * 30 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 31 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 32 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 33 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 34 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 35 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 36 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 37 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 38 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 39 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 40 * POSSIBILITY OF SUCH DAMAGE. 41 */ 42 43 #include <dev/usb/usb.h> 44 #include <dev/usb/usb_mfunc.h> 45 #include <dev/usb/usb_error.h> 46 #include <dev/usb/usb_defs.h> 47 #include <dev/usb/usbhid.h> 48 49 #define USB_DEBUG_VAR usb2_debug 50 51 #include <dev/usb/usb_core.h> 52 #include <dev/usb/usb_debug.h> 53 #include <dev/usb/usb_parse.h> 54 #include <dev/usb/usb_process.h> 55 #include <dev/usb/usb_device.h> 56 #include <dev/usb/usb_request.h> 57 #include <dev/usb/usb_hid.h> 58 59 static void hid_clear_local(struct hid_item *); 60 static uint8_t hid_get_byte(struct hid_data *s, const uint16_t wSize); 61 62 #define MAXUSAGE 64 63 #define MAXPUSH 4 64 struct hid_data { 65 const uint8_t *start; 66 const uint8_t *end; 67 const uint8_t *p; 68 struct hid_item cur[MAXPUSH]; 69 int32_t usages_min[MAXUSAGE]; 70 int32_t usages_max[MAXUSAGE]; 71 int32_t usage_last; /* last seen usage */ 72 uint32_t loc_size; /* last seen size */ 73 uint32_t loc_count; /* last seen count */ 74 uint8_t kindset; /* we have 5 kinds so 8 bits are enough */ 75 uint8_t pushlevel; /* current pushlevel */ 76 uint8_t ncount; /* end usage item count */ 77 uint8_t icount; /* current usage item count */ 78 uint8_t nusage; /* end "usages_min/max" index */ 79 uint8_t iusage; /* current "usages_min/max" index */ 80 uint8_t ousage; /* current "usages_min/max" offset */ 81 uint8_t susage; /* usage set flags */ 82 }; 83 84 /*------------------------------------------------------------------------* 85 * hid_clear_local 86 *------------------------------------------------------------------------*/ 87 static void 88 hid_clear_local(struct hid_item *c) 89 { 90 91 c->loc.count = 0; 92 c->loc.size = 0; 93 c->usage = 0; 94 c->usage_minimum = 0; 95 c->usage_maximum = 0; 96 c->designator_index = 0; 97 c->designator_minimum = 0; 98 c->designator_maximum = 0; 99 c->string_index = 0; 100 c->string_minimum = 0; 101 c->string_maximum = 0; 102 c->set_delimiter = 0; 103 } 104 105 /*------------------------------------------------------------------------* 106 * hid_start_parse 107 *------------------------------------------------------------------------*/ 108 struct hid_data * 109 hid_start_parse(const void *d, int len, int kindset) 110 { 111 struct hid_data *s; 112 113 if ((kindset-1) & kindset) { 114 DPRINTFN(0, "Only one bit can be " 115 "set in the kindset\n"); 116 return (NULL); 117 } 118 119 s = malloc(sizeof *s, M_TEMP, M_WAITOK | M_ZERO); 120 s->start = s->p = d; 121 s->end = ((const uint8_t *)d) + len; 122 s->kindset = kindset; 123 return (s); 124 } 125 126 /*------------------------------------------------------------------------* 127 * hid_end_parse 128 *------------------------------------------------------------------------*/ 129 void 130 hid_end_parse(struct hid_data *s) 131 { 132 if (s == NULL) 133 return; 134 135 free(s, M_TEMP); 136 } 137 138 /*------------------------------------------------------------------------* 139 * get byte from HID descriptor 140 *------------------------------------------------------------------------*/ 141 static uint8_t 142 hid_get_byte(struct hid_data *s, const uint16_t wSize) 143 { 144 const uint8_t *ptr; 145 uint8_t retval; 146 147 ptr = s->p; 148 149 /* check if end is reached */ 150 if (ptr == s->end) 151 return (0); 152 153 /* read out a byte */ 154 retval = *ptr; 155 156 /* check if data pointer can be advanced by "wSize" bytes */ 157 if ((s->end - ptr) < wSize) 158 ptr = s->end; 159 else 160 ptr += wSize; 161 162 /* update pointer */ 163 s->p = ptr; 164 165 return (retval); 166 } 167 168 /*------------------------------------------------------------------------* 169 * hid_get_item 170 *------------------------------------------------------------------------*/ 171 int 172 hid_get_item(struct hid_data *s, struct hid_item *h) 173 { 174 struct hid_item *c; 175 unsigned int bTag, bType, bSize; 176 uint32_t oldpos; 177 int32_t mask; 178 int32_t dval; 179 180 if (s == NULL) 181 return (0); 182 183 c = &s->cur[s->pushlevel]; 184 185 top: 186 /* check if there is an array of items */ 187 if (s->icount < s->ncount) { 188 /* get current usage */ 189 if (s->iusage < s->nusage) { 190 dval = s->usages_min[s->iusage] + s->ousage; 191 c->usage = dval; 192 s->usage_last = dval; 193 if (dval == s->usages_max[s->iusage]) { 194 s->iusage ++; 195 s->ousage = 0; 196 } else { 197 s->ousage ++; 198 } 199 } else { 200 DPRINTFN(1, "Using last usage\n"); 201 dval = s->usage_last; 202 } 203 s->icount ++; 204 /* 205 * Only copy HID item, increment position and return 206 * if correct kindset! 207 */ 208 if (s->kindset & (1 << c->kind)) { 209 *h = *c; 210 DPRINTFN(1, "%u,%u,%u\n", h->loc.pos, 211 h->loc.size, h->loc.count); 212 c->loc.pos += c->loc.size * c->loc.count; 213 return (1); 214 } 215 } 216 217 /* reset state variables */ 218 s->icount = 0; 219 s->ncount = 0; 220 s->iusage = 0; 221 s->nusage = 0; 222 s->susage = 0; 223 s->ousage = 0; 224 hid_clear_local(c); 225 226 /* get next item */ 227 while (s->p != s->end) { 228 229 bSize = hid_get_byte(s, 1); 230 if (bSize == 0xfe) { 231 /* long item */ 232 bSize = hid_get_byte(s, 1); 233 bSize |= hid_get_byte(s, 1) << 8; 234 bTag = hid_get_byte(s, 1); 235 bType = 0xff; /* XXX what should it be */ 236 } else { 237 /* short item */ 238 bTag = bSize >> 4; 239 bType = (bSize >> 2) & 3; 240 bSize &= 3; 241 if (bSize == 3) 242 bSize = 4; 243 } 244 switch (bSize) { 245 case 0: 246 dval = 0; 247 mask = 0; 248 break; 249 case 1: 250 dval = (int8_t)hid_get_byte(s, 1); 251 mask = 0xFF; 252 break; 253 case 2: 254 dval = hid_get_byte(s, 1); 255 dval |= hid_get_byte(s, 1) << 8; 256 dval = (int16_t)dval; 257 mask = 0xFFFF; 258 break; 259 case 4: 260 dval = hid_get_byte(s, 1); 261 dval |= hid_get_byte(s, 1) << 8; 262 dval |= hid_get_byte(s, 1) << 16; 263 dval |= hid_get_byte(s, 1) << 24; 264 mask = 0xFFFFFFFF; 265 break; 266 default: 267 dval = hid_get_byte(s, bSize); 268 DPRINTFN(0, "bad length %u (data=0x%02x)\n", 269 bSize, dval); 270 continue; 271 } 272 273 switch (bType) { 274 case 0: /* Main */ 275 switch (bTag) { 276 case 8: /* Input */ 277 c->kind = hid_input; 278 c->flags = dval; 279 ret: 280 c->loc.count = s->loc_count; 281 c->loc.size = s->loc_size; 282 283 if (c->flags & HIO_VARIABLE) { 284 /* range check usage count */ 285 if (c->loc.count > 255) { 286 DPRINTFN(0, "Number of " 287 "items truncated to 255\n"); 288 s->ncount = 255; 289 } else 290 s->ncount = c->loc.count; 291 292 /* 293 * The "top" loop will return 294 * one and one item: 295 */ 296 c->loc.count = 1; 297 } else { 298 s->ncount = 1; 299 } 300 /* set default usage */ 301 /* use the undefined HID PAGE */ 302 s->usage_last = 0; 303 goto top; 304 305 case 9: /* Output */ 306 c->kind = hid_output; 307 c->flags = dval; 308 goto ret; 309 case 10: /* Collection */ 310 c->kind = hid_collection; 311 c->collection = dval; 312 c->collevel++; 313 *h = *c; 314 return (1); 315 case 11: /* Feature */ 316 c->kind = hid_feature; 317 c->flags = dval; 318 goto ret; 319 case 12: /* End collection */ 320 c->kind = hid_endcollection; 321 if (c->collevel == 0) { 322 DPRINTFN(0, "invalid end collection\n"); 323 return (0); 324 } 325 c->collevel--; 326 *h = *c; 327 return (1); 328 default: 329 DPRINTFN(0, "Main bTag=%d\n", bTag); 330 break; 331 } 332 break; 333 case 1: /* Global */ 334 switch (bTag) { 335 case 0: 336 c->_usage_page = dval << 16; 337 break; 338 case 1: 339 c->logical_minimum = dval; 340 break; 341 case 2: 342 c->logical_maximum = dval; 343 break; 344 case 3: 345 c->physical_minimum = dval; 346 break; 347 case 4: 348 c->physical_maximum = dval; 349 break; 350 case 5: 351 c->unit_exponent = dval; 352 break; 353 case 6: 354 c->unit = dval; 355 break; 356 case 7: 357 /* mask because value is unsigned */ 358 s->loc_size = dval & mask; 359 break; 360 case 8: 361 c->report_ID = dval; 362 /* new report - reset position */ 363 c->loc.pos = 0; 364 break; 365 case 9: 366 /* mask because value is unsigned */ 367 s->loc_count = dval & mask; 368 break; 369 case 10: /* Push */ 370 s->pushlevel ++; 371 if (s->pushlevel < MAXPUSH) { 372 s->cur[s->pushlevel] = *c; 373 /* store size and count */ 374 c->loc.size = s->loc_size; 375 c->loc.count = s->loc_count; 376 /* update current item pointer */ 377 c = &s->cur[s->pushlevel]; 378 } else { 379 DPRINTFN(0, "Cannot push " 380 "item @ %d!\n", s->pushlevel); 381 } 382 break; 383 case 11: /* Pop */ 384 s->pushlevel --; 385 if (s->pushlevel < MAXPUSH) { 386 /* preserve position */ 387 oldpos = c->loc.pos; 388 c = &s->cur[s->pushlevel]; 389 /* restore size and count */ 390 s->loc_size = c->loc.size; 391 s->loc_count = c->loc.count; 392 /* set default item location */ 393 c->loc.pos = oldpos; 394 c->loc.size = 0; 395 c->loc.count = 0; 396 } else { 397 DPRINTFN(0, "Cannot pop " 398 "item @ %d!\n", s->pushlevel); 399 } 400 break; 401 default: 402 DPRINTFN(0, "Global bTag=%d\n", bTag); 403 break; 404 } 405 break; 406 case 2: /* Local */ 407 switch (bTag) { 408 case 0: 409 if (bSize != 4) 410 dval = (dval & mask) | c->_usage_page; 411 412 if (s->nusage < MAXUSAGE) { 413 s->usages_min[s->nusage] = dval; 414 s->usages_max[s->nusage] = dval; 415 s->nusage ++; 416 } else { 417 DPRINTFN(0, "max usage reached!\n"); 418 } 419 420 /* clear any pending usage sets */ 421 s->susage = 0; 422 break; 423 case 1: 424 s->susage |= 1; 425 426 if (bSize != 4) 427 dval = (dval & mask) | c->_usage_page; 428 c->usage_minimum = dval; 429 430 goto check_set; 431 case 2: 432 s->susage |= 2; 433 434 if (bSize != 4) 435 dval = (dval & mask) | c->_usage_page; 436 c->usage_maximum = dval; 437 438 check_set: 439 if (s->susage != 3) 440 break; 441 442 /* sanity check */ 443 if ((s->nusage < MAXUSAGE) && 444 (c->usage_minimum < c->usage_maximum)) { 445 /* add usage range */ 446 s->usages_min[s->nusage] = 447 c->usage_minimum; 448 s->usages_max[s->nusage] = 449 c->usage_maximum; 450 s->nusage ++; 451 } else { 452 DPRINTFN(0, "Usage set dropped!\n"); 453 } 454 s->susage = 0; 455 break; 456 case 3: 457 c->designator_index = dval; 458 break; 459 case 4: 460 c->designator_minimum = dval; 461 break; 462 case 5: 463 c->designator_maximum = dval; 464 break; 465 case 7: 466 c->string_index = dval; 467 break; 468 case 8: 469 c->string_minimum = dval; 470 break; 471 case 9: 472 c->string_maximum = dval; 473 break; 474 case 10: 475 c->set_delimiter = dval; 476 break; 477 default: 478 DPRINTFN(0, "Local bTag=%d\n", bTag); 479 break; 480 } 481 break; 482 default: 483 DPRINTFN(0, "default bType=%d\n", bType); 484 break; 485 } 486 } 487 return (0); 488 } 489 490 /*------------------------------------------------------------------------* 491 * hid_report_size 492 *------------------------------------------------------------------------*/ 493 int 494 hid_report_size(const void *buf, int len, enum hid_kind k, uint8_t *id) 495 { 496 struct hid_data *d; 497 struct hid_item h; 498 uint32_t temp; 499 uint32_t hpos; 500 uint32_t lpos; 501 uint8_t any_id; 502 503 any_id = 0; 504 hpos = 0; 505 lpos = 0xFFFFFFFF; 506 507 for (d = hid_start_parse(buf, len, 1 << k); hid_get_item(d, &h);) { 508 if (h.kind == k) { 509 /* check for ID-byte presense */ 510 if ((h.report_ID != 0) && !any_id) { 511 if (id != NULL) 512 *id = h.report_ID; 513 any_id = 1; 514 } 515 /* compute minimum */ 516 if (lpos > h.loc.pos) 517 lpos = h.loc.pos; 518 /* compute end position */ 519 temp = h.loc.pos + (h.loc.size * h.loc.count); 520 /* compute maximum */ 521 if (hpos < temp) 522 hpos = temp; 523 } 524 } 525 hid_end_parse(d); 526 527 /* safety check - can happen in case of currupt descriptors */ 528 if (lpos > hpos) 529 temp = 0; 530 else 531 temp = hpos - lpos; 532 533 /* check for ID byte */ 534 if (any_id) 535 temp += 8; 536 else if (id != NULL) 537 *id = 0; 538 539 /* return length in bytes rounded up */ 540 return ((temp + 7) / 8); 541 } 542 543 /*------------------------------------------------------------------------* 544 * hid_locate 545 *------------------------------------------------------------------------*/ 546 int 547 hid_locate(const void *desc, int size, uint32_t u, enum hid_kind k, 548 struct hid_location *loc, uint32_t *flags, uint8_t *id) 549 { 550 struct hid_data *d; 551 struct hid_item h; 552 553 for (d = hid_start_parse(desc, size, 1 << k); hid_get_item(d, &h);) { 554 if (h.kind == k && !(h.flags & HIO_CONST) && h.usage == u) { 555 if (loc != NULL) 556 *loc = h.loc; 557 if (flags != NULL) 558 *flags = h.flags; 559 if (id != NULL) 560 *id = h.report_ID; 561 hid_end_parse(d); 562 return (1); 563 } 564 } 565 if (loc != NULL) 566 loc->size = 0; 567 if (flags != NULL) 568 *flags = 0; 569 if (id != NULL) 570 *id = 0; 571 hid_end_parse(d); 572 return (0); 573 } 574 575 /*------------------------------------------------------------------------* 576 * hid_get_data 577 *------------------------------------------------------------------------*/ 578 uint32_t 579 hid_get_data(const uint8_t *buf, uint32_t len, struct hid_location *loc) 580 { 581 uint32_t hpos = loc->pos; 582 uint32_t hsize = loc->size; 583 uint32_t data; 584 uint32_t rpos; 585 uint8_t n; 586 587 DPRINTFN(11, "hid_get_data: loc %d/%d\n", hpos, hsize); 588 589 /* Range check and limit */ 590 if (hsize == 0) 591 return (0); 592 if (hsize > 32) 593 hsize = 32; 594 595 /* Get data in a safe way */ 596 data = 0; 597 rpos = (hpos / 8); 598 n = (hsize + 7) / 8; 599 rpos += n; 600 while (n--) { 601 rpos--; 602 if (rpos < len) 603 data |= buf[rpos] << (8 * n); 604 } 605 606 /* Correctly shift down data */ 607 data = (data >> (hpos % 8)); 608 609 /* Mask and sign extend in one */ 610 n = 32 - hsize; 611 data = ((int32_t)data << n) >> n; 612 613 DPRINTFN(11, "hid_get_data: loc %d/%d = %lu\n", 614 loc->pos, loc->size, (long)data); 615 return (data); 616 } 617 618 /*------------------------------------------------------------------------* 619 * hid_is_collection 620 *------------------------------------------------------------------------*/ 621 int 622 hid_is_collection(const void *desc, int size, uint32_t usage) 623 { 624 struct hid_data *hd; 625 struct hid_item hi; 626 int err; 627 628 hd = hid_start_parse(desc, size, hid_input); 629 if (hd == NULL) 630 return (0); 631 632 err = hid_get_item(hd, &hi) && 633 hi.kind == hid_collection && 634 hi.usage == usage; 635 hid_end_parse(hd); 636 return (err); 637 } 638 639 /*------------------------------------------------------------------------* 640 * hid_get_descriptor_from_usb 641 * 642 * This function will search for a HID descriptor between two USB 643 * interface descriptors. 644 * 645 * Return values: 646 * NULL: No more HID descriptors. 647 * Else: Pointer to HID descriptor. 648 *------------------------------------------------------------------------*/ 649 struct usb2_hid_descriptor * 650 hid_get_descriptor_from_usb(struct usb2_config_descriptor *cd, 651 struct usb2_interface_descriptor *id) 652 { 653 struct usb2_descriptor *desc = (void *)id; 654 655 if (desc == NULL) { 656 return (NULL); 657 } 658 while ((desc = usb2_desc_foreach(cd, desc))) { 659 if ((desc->bDescriptorType == UDESC_HID) && 660 (desc->bLength >= USB_HID_DESCRIPTOR_SIZE(0))) { 661 return (void *)desc; 662 } 663 if (desc->bDescriptorType == UDESC_INTERFACE) { 664 break; 665 } 666 } 667 return (NULL); 668 } 669 670 /*------------------------------------------------------------------------* 671 * usb2_req_get_hid_desc 672 * 673 * This function will read out an USB report descriptor from the USB 674 * device. 675 * 676 * Return values: 677 * NULL: Failure. 678 * Else: Success. The pointer should eventually be passed to free(). 679 *------------------------------------------------------------------------*/ 680 usb2_error_t 681 usb2_req_get_hid_desc(struct usb2_device *udev, struct mtx *mtx, 682 void **descp, uint16_t *sizep, 683 usb2_malloc_type mem, uint8_t iface_index) 684 { 685 struct usb2_interface *iface = usb2_get_iface(udev, iface_index); 686 struct usb2_hid_descriptor *hid; 687 usb2_error_t err; 688 689 if ((iface == NULL) || (iface->idesc == NULL)) { 690 return (USB_ERR_INVAL); 691 } 692 hid = hid_get_descriptor_from_usb 693 (usb2_get_config_descriptor(udev), iface->idesc); 694 695 if (hid == NULL) { 696 return (USB_ERR_IOERROR); 697 } 698 *sizep = UGETW(hid->descrs[0].wDescriptorLength); 699 if (*sizep == 0) { 700 return (USB_ERR_IOERROR); 701 } 702 if (mtx) 703 mtx_unlock(mtx); 704 705 *descp = malloc(*sizep, mem, M_ZERO | M_WAITOK); 706 707 if (mtx) 708 mtx_lock(mtx); 709 710 if (*descp == NULL) { 711 return (USB_ERR_NOMEM); 712 } 713 err = usb2_req_get_report_descriptor 714 (udev, mtx, *descp, *sizep, iface_index); 715 716 if (err) { 717 free(*descp, mem); 718 *descp = NULL; 719 return (err); 720 } 721 return (USB_ERR_NORMAL_COMPLETION); 722 } 723