xref: /linux/drivers/nfc/pn544/pn544.c (revision 63307d015b91e626c97bb82e88054af3d0b74643)
1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  * HCI based Driver for NXP PN544 NFC Chip
4  *
5  * Copyright (C) 2012  Intel Corporation. All rights reserved.
6  */
7 
8 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
9 
10 #include <linux/delay.h>
11 #include <linux/slab.h>
12 #include <linux/module.h>
13 
14 #include <linux/nfc.h>
15 #include <net/nfc/hci.h>
16 #include <net/nfc/llc.h>
17 
18 #include "pn544.h"
19 
20 /* Timing restrictions (ms) */
21 #define PN544_HCI_RESETVEN_TIME		30
22 
23 enum pn544_state {
24 	PN544_ST_COLD,
25 	PN544_ST_FW_READY,
26 	PN544_ST_READY,
27 };
28 
29 #define FULL_VERSION_LEN 11
30 
31 /* Proprietary commands */
32 #define PN544_WRITE		0x3f
33 #define PN544_TEST_SWP		0x21
34 
35 /* Proprietary gates, events, commands and registers */
36 
37 /* NFC_HCI_RF_READER_A_GATE additional registers and commands */
38 #define PN544_RF_READER_A_AUTO_ACTIVATION			0x10
39 #define PN544_RF_READER_A_CMD_CONTINUE_ACTIVATION		0x12
40 #define PN544_MIFARE_CMD					0x21
41 
42 /* Commands that apply to all RF readers */
43 #define PN544_RF_READER_CMD_PRESENCE_CHECK	0x30
44 #define PN544_RF_READER_CMD_ACTIVATE_NEXT	0x32
45 
46 /* NFC_HCI_ID_MGMT_GATE additional registers */
47 #define PN544_ID_MGMT_FULL_VERSION_SW		0x10
48 
49 #define PN544_RF_READER_ISO15693_GATE		0x12
50 
51 #define PN544_RF_READER_F_GATE			0x14
52 #define PN544_FELICA_ID				0x04
53 #define PN544_FELICA_RAW			0x20
54 
55 #define PN544_RF_READER_JEWEL_GATE		0x15
56 #define PN544_JEWEL_RAW_CMD			0x23
57 
58 #define PN544_RF_READER_NFCIP1_INITIATOR_GATE	0x30
59 #define PN544_RF_READER_NFCIP1_TARGET_GATE	0x31
60 
61 #define PN544_SYS_MGMT_GATE			0x90
62 #define PN544_SYS_MGMT_INFO_NOTIFICATION	0x02
63 
64 #define PN544_POLLING_LOOP_MGMT_GATE		0x94
65 #define PN544_DEP_MODE				0x01
66 #define PN544_DEP_ATR_REQ			0x02
67 #define PN544_DEP_ATR_RES			0x03
68 #define PN544_DEP_MERGE				0x0D
69 #define PN544_PL_RDPHASES			0x06
70 #define PN544_PL_EMULATION			0x07
71 #define PN544_PL_NFCT_DEACTIVATED		0x09
72 
73 #define PN544_SWP_MGMT_GATE			0xA0
74 #define PN544_SWP_DEFAULT_MODE			0x01
75 
76 #define PN544_NFC_WI_MGMT_GATE			0xA1
77 #define PN544_NFC_ESE_DEFAULT_MODE		0x01
78 
79 #define PN544_HCI_EVT_SND_DATA			0x01
80 #define PN544_HCI_EVT_ACTIVATED			0x02
81 #define PN544_HCI_EVT_DEACTIVATED		0x03
82 #define PN544_HCI_EVT_RCV_DATA			0x04
83 #define PN544_HCI_EVT_CONTINUE_MI		0x05
84 #define PN544_HCI_EVT_SWITCH_MODE		0x03
85 
86 #define PN544_HCI_CMD_ATTREQUEST		0x12
87 #define PN544_HCI_CMD_CONTINUE_ACTIVATION	0x13
88 
89 static struct nfc_hci_gate pn544_gates[] = {
90 	{NFC_HCI_ADMIN_GATE, NFC_HCI_INVALID_PIPE},
91 	{NFC_HCI_LOOPBACK_GATE, NFC_HCI_INVALID_PIPE},
92 	{NFC_HCI_ID_MGMT_GATE, NFC_HCI_INVALID_PIPE},
93 	{NFC_HCI_LINK_MGMT_GATE, NFC_HCI_INVALID_PIPE},
94 	{NFC_HCI_RF_READER_B_GATE, NFC_HCI_INVALID_PIPE},
95 	{NFC_HCI_RF_READER_A_GATE, NFC_HCI_INVALID_PIPE},
96 	{PN544_SYS_MGMT_GATE, NFC_HCI_INVALID_PIPE},
97 	{PN544_SWP_MGMT_GATE, NFC_HCI_INVALID_PIPE},
98 	{PN544_POLLING_LOOP_MGMT_GATE, NFC_HCI_INVALID_PIPE},
99 	{PN544_NFC_WI_MGMT_GATE, NFC_HCI_INVALID_PIPE},
100 	{PN544_RF_READER_F_GATE, NFC_HCI_INVALID_PIPE},
101 	{PN544_RF_READER_JEWEL_GATE, NFC_HCI_INVALID_PIPE},
102 	{PN544_RF_READER_ISO15693_GATE, NFC_HCI_INVALID_PIPE},
103 	{PN544_RF_READER_NFCIP1_INITIATOR_GATE, NFC_HCI_INVALID_PIPE},
104 	{PN544_RF_READER_NFCIP1_TARGET_GATE, NFC_HCI_INVALID_PIPE}
105 };
106 
107 /* Largest headroom needed for outgoing custom commands */
108 #define PN544_CMDS_HEADROOM	2
109 
110 struct pn544_hci_info {
111 	struct nfc_phy_ops *phy_ops;
112 	void *phy_id;
113 
114 	struct nfc_hci_dev *hdev;
115 
116 	enum pn544_state state;
117 
118 	struct mutex info_lock;
119 
120 	int async_cb_type;
121 	data_exchange_cb_t async_cb;
122 	void *async_cb_context;
123 
124 	fw_download_t fw_download;
125 };
126 
127 static int pn544_hci_open(struct nfc_hci_dev *hdev)
128 {
129 	struct pn544_hci_info *info = nfc_hci_get_clientdata(hdev);
130 	int r = 0;
131 
132 	mutex_lock(&info->info_lock);
133 
134 	if (info->state != PN544_ST_COLD) {
135 		r = -EBUSY;
136 		goto out;
137 	}
138 
139 	r = info->phy_ops->enable(info->phy_id);
140 
141 	if (r == 0)
142 		info->state = PN544_ST_READY;
143 
144 out:
145 	mutex_unlock(&info->info_lock);
146 	return r;
147 }
148 
149 static void pn544_hci_close(struct nfc_hci_dev *hdev)
150 {
151 	struct pn544_hci_info *info = nfc_hci_get_clientdata(hdev);
152 
153 	mutex_lock(&info->info_lock);
154 
155 	if (info->state == PN544_ST_COLD)
156 		goto out;
157 
158 	info->phy_ops->disable(info->phy_id);
159 
160 	info->state = PN544_ST_COLD;
161 
162 out:
163 	mutex_unlock(&info->info_lock);
164 }
165 
166 static int pn544_hci_ready(struct nfc_hci_dev *hdev)
167 {
168 	struct sk_buff *skb;
169 	static struct hw_config {
170 		u8 adr[2];
171 		u8 value;
172 	} hw_config[] = {
173 		{{0x9f, 0x9a}, 0x00},
174 
175 		{{0x98, 0x10}, 0xbc},
176 
177 		{{0x9e, 0x71}, 0x00},
178 
179 		{{0x98, 0x09}, 0x00},
180 
181 		{{0x9e, 0xb4}, 0x00},
182 
183 		{{0x9c, 0x01}, 0x08},
184 
185 		{{0x9e, 0xaa}, 0x01},
186 
187 		{{0x9b, 0xd1}, 0x17},
188 		{{0x9b, 0xd2}, 0x58},
189 		{{0x9b, 0xd3}, 0x10},
190 		{{0x9b, 0xd4}, 0x47},
191 		{{0x9b, 0xd5}, 0x0c},
192 		{{0x9b, 0xd6}, 0x37},
193 		{{0x9b, 0xdd}, 0x33},
194 
195 		{{0x9b, 0x84}, 0x00},
196 		{{0x99, 0x81}, 0x79},
197 		{{0x99, 0x31}, 0x79},
198 
199 		{{0x98, 0x00}, 0x3f},
200 
201 		{{0x9f, 0x09}, 0x02},
202 
203 		{{0x9f, 0x0a}, 0x05},
204 
205 		{{0x9e, 0xd1}, 0xa1},
206 		{{0x99, 0x23}, 0x01},
207 
208 		{{0x9e, 0x74}, 0x00},
209 		{{0x9e, 0x90}, 0x00},
210 		{{0x9f, 0x28}, 0x10},
211 
212 		{{0x9f, 0x35}, 0x04},
213 
214 		{{0x9f, 0x36}, 0x11},
215 
216 		{{0x9c, 0x31}, 0x00},
217 
218 		{{0x9c, 0x32}, 0x00},
219 
220 		{{0x9c, 0x19}, 0x0a},
221 
222 		{{0x9c, 0x1a}, 0x0a},
223 
224 		{{0x9c, 0x0c}, 0x00},
225 
226 		{{0x9c, 0x0d}, 0x00},
227 
228 		{{0x9c, 0x12}, 0x00},
229 
230 		{{0x9c, 0x13}, 0x00},
231 
232 		{{0x98, 0xa2}, 0x09},
233 
234 		{{0x98, 0x93}, 0x00},
235 
236 		{{0x98, 0x7d}, 0x08},
237 		{{0x98, 0x7e}, 0x00},
238 		{{0x9f, 0xc8}, 0x00},
239 	};
240 	struct hw_config *p = hw_config;
241 	int count = ARRAY_SIZE(hw_config);
242 	struct sk_buff *res_skb;
243 	u8 param[4];
244 	int r;
245 
246 	param[0] = 0;
247 	while (count--) {
248 		param[1] = p->adr[0];
249 		param[2] = p->adr[1];
250 		param[3] = p->value;
251 
252 		r = nfc_hci_send_cmd(hdev, PN544_SYS_MGMT_GATE, PN544_WRITE,
253 				     param, 4, &res_skb);
254 		if (r < 0)
255 			return r;
256 
257 		if (res_skb->len != 1) {
258 			kfree_skb(res_skb);
259 			return -EPROTO;
260 		}
261 
262 		if (res_skb->data[0] != p->value) {
263 			kfree_skb(res_skb);
264 			return -EIO;
265 		}
266 
267 		kfree_skb(res_skb);
268 
269 		p++;
270 	}
271 
272 	param[0] = NFC_HCI_UICC_HOST_ID;
273 	r = nfc_hci_set_param(hdev, NFC_HCI_ADMIN_GATE,
274 			      NFC_HCI_ADMIN_WHITELIST, param, 1);
275 	if (r < 0)
276 		return r;
277 
278 	param[0] = 0x3d;
279 	r = nfc_hci_set_param(hdev, PN544_SYS_MGMT_GATE,
280 			      PN544_SYS_MGMT_INFO_NOTIFICATION, param, 1);
281 	if (r < 0)
282 		return r;
283 
284 	param[0] = 0x0;
285 	r = nfc_hci_set_param(hdev, NFC_HCI_RF_READER_A_GATE,
286 			      PN544_RF_READER_A_AUTO_ACTIVATION, param, 1);
287 	if (r < 0)
288 		return r;
289 
290 	r = nfc_hci_send_event(hdev, NFC_HCI_RF_READER_A_GATE,
291 			       NFC_HCI_EVT_END_OPERATION, NULL, 0);
292 	if (r < 0)
293 		return r;
294 
295 	param[0] = 0x1;
296 	r = nfc_hci_set_param(hdev, PN544_POLLING_LOOP_MGMT_GATE,
297 			      PN544_PL_NFCT_DEACTIVATED, param, 1);
298 	if (r < 0)
299 		return r;
300 
301 	param[0] = 0x0;
302 	r = nfc_hci_set_param(hdev, PN544_POLLING_LOOP_MGMT_GATE,
303 			      PN544_PL_RDPHASES, param, 1);
304 	if (r < 0)
305 		return r;
306 
307 	r = nfc_hci_get_param(hdev, NFC_HCI_ID_MGMT_GATE,
308 			      PN544_ID_MGMT_FULL_VERSION_SW, &skb);
309 	if (r < 0)
310 		return r;
311 
312 	if (skb->len != FULL_VERSION_LEN) {
313 		kfree_skb(skb);
314 		return -EINVAL;
315 	}
316 
317 	print_hex_dump(KERN_DEBUG, "FULL VERSION SOFTWARE INFO: ",
318 		       DUMP_PREFIX_NONE, 16, 1,
319 		       skb->data, FULL_VERSION_LEN, false);
320 
321 	kfree_skb(skb);
322 
323 	return 0;
324 }
325 
326 static int pn544_hci_xmit(struct nfc_hci_dev *hdev, struct sk_buff *skb)
327 {
328 	struct pn544_hci_info *info = nfc_hci_get_clientdata(hdev);
329 
330 	return info->phy_ops->write(info->phy_id, skb);
331 }
332 
333 static int pn544_hci_start_poll(struct nfc_hci_dev *hdev,
334 				u32 im_protocols, u32 tm_protocols)
335 {
336 	u8 phases = 0;
337 	int r;
338 	u8 duration[2];
339 	u8 activated;
340 	u8 i_mode = 0x3f; /* Enable all supported modes */
341 	u8 t_mode = 0x0f;
342 	u8 t_merge = 0x01; /* Enable merge by default */
343 
344 	pr_info(DRIVER_DESC ": %s protocols 0x%x 0x%x\n",
345 		__func__, im_protocols, tm_protocols);
346 
347 	r = nfc_hci_send_event(hdev, NFC_HCI_RF_READER_A_GATE,
348 			       NFC_HCI_EVT_END_OPERATION, NULL, 0);
349 	if (r < 0)
350 		return r;
351 
352 	duration[0] = 0x18;
353 	duration[1] = 0x6a;
354 	r = nfc_hci_set_param(hdev, PN544_POLLING_LOOP_MGMT_GATE,
355 			      PN544_PL_EMULATION, duration, 2);
356 	if (r < 0)
357 		return r;
358 
359 	activated = 0;
360 	r = nfc_hci_set_param(hdev, PN544_POLLING_LOOP_MGMT_GATE,
361 			      PN544_PL_NFCT_DEACTIVATED, &activated, 1);
362 	if (r < 0)
363 		return r;
364 
365 	if (im_protocols & (NFC_PROTO_ISO14443_MASK | NFC_PROTO_MIFARE_MASK |
366 			 NFC_PROTO_JEWEL_MASK))
367 		phases |= 1;		/* Type A */
368 	if (im_protocols & NFC_PROTO_FELICA_MASK) {
369 		phases |= (1 << 2);	/* Type F 212 */
370 		phases |= (1 << 3);	/* Type F 424 */
371 	}
372 
373 	phases |= (1 << 5);		/* NFC active */
374 
375 	r = nfc_hci_set_param(hdev, PN544_POLLING_LOOP_MGMT_GATE,
376 			      PN544_PL_RDPHASES, &phases, 1);
377 	if (r < 0)
378 		return r;
379 
380 	if ((im_protocols | tm_protocols) & NFC_PROTO_NFC_DEP_MASK) {
381 		hdev->gb = nfc_get_local_general_bytes(hdev->ndev,
382 							&hdev->gb_len);
383 		pr_debug("generate local bytes %p\n", hdev->gb);
384 		if (hdev->gb == NULL || hdev->gb_len == 0) {
385 			im_protocols &= ~NFC_PROTO_NFC_DEP_MASK;
386 			tm_protocols &= ~NFC_PROTO_NFC_DEP_MASK;
387 		}
388 	}
389 
390 	if (im_protocols & NFC_PROTO_NFC_DEP_MASK) {
391 		r = nfc_hci_send_event(hdev,
392 				PN544_RF_READER_NFCIP1_INITIATOR_GATE,
393 				NFC_HCI_EVT_END_OPERATION, NULL, 0);
394 		if (r < 0)
395 			return r;
396 
397 		r = nfc_hci_set_param(hdev,
398 				PN544_RF_READER_NFCIP1_INITIATOR_GATE,
399 				PN544_DEP_MODE, &i_mode, 1);
400 		if (r < 0)
401 			return r;
402 
403 		r = nfc_hci_set_param(hdev,
404 				PN544_RF_READER_NFCIP1_INITIATOR_GATE,
405 				PN544_DEP_ATR_REQ, hdev->gb, hdev->gb_len);
406 		if (r < 0)
407 			return r;
408 
409 		r = nfc_hci_send_event(hdev,
410 				PN544_RF_READER_NFCIP1_INITIATOR_GATE,
411 				NFC_HCI_EVT_READER_REQUESTED, NULL, 0);
412 		if (r < 0)
413 			nfc_hci_send_event(hdev,
414 					PN544_RF_READER_NFCIP1_INITIATOR_GATE,
415 					NFC_HCI_EVT_END_OPERATION, NULL, 0);
416 	}
417 
418 	if (tm_protocols & NFC_PROTO_NFC_DEP_MASK) {
419 		r = nfc_hci_set_param(hdev, PN544_RF_READER_NFCIP1_TARGET_GATE,
420 				PN544_DEP_MODE, &t_mode, 1);
421 		if (r < 0)
422 			return r;
423 
424 		r = nfc_hci_set_param(hdev, PN544_RF_READER_NFCIP1_TARGET_GATE,
425 				PN544_DEP_ATR_RES, hdev->gb, hdev->gb_len);
426 		if (r < 0)
427 			return r;
428 
429 		r = nfc_hci_set_param(hdev, PN544_RF_READER_NFCIP1_TARGET_GATE,
430 				PN544_DEP_MERGE, &t_merge, 1);
431 		if (r < 0)
432 			return r;
433 	}
434 
435 	r = nfc_hci_send_event(hdev, NFC_HCI_RF_READER_A_GATE,
436 			       NFC_HCI_EVT_READER_REQUESTED, NULL, 0);
437 	if (r < 0)
438 		nfc_hci_send_event(hdev, NFC_HCI_RF_READER_A_GATE,
439 				   NFC_HCI_EVT_END_OPERATION, NULL, 0);
440 
441 	return r;
442 }
443 
444 static int pn544_hci_dep_link_up(struct nfc_hci_dev *hdev,
445 				struct nfc_target *target, u8 comm_mode,
446 				u8 *gb, size_t gb_len)
447 {
448 	struct sk_buff *rgb_skb = NULL;
449 	int r;
450 
451 	r = nfc_hci_get_param(hdev, target->hci_reader_gate,
452 				PN544_DEP_ATR_RES, &rgb_skb);
453 	if (r < 0)
454 		return r;
455 
456 	if (rgb_skb->len == 0 || rgb_skb->len > NFC_GB_MAXSIZE) {
457 		r = -EPROTO;
458 		goto exit;
459 	}
460 	print_hex_dump(KERN_DEBUG, "remote gb: ", DUMP_PREFIX_OFFSET,
461 			16, 1, rgb_skb->data, rgb_skb->len, true);
462 
463 	r = nfc_set_remote_general_bytes(hdev->ndev, rgb_skb->data,
464 						rgb_skb->len);
465 
466 	if (r == 0)
467 		r = nfc_dep_link_is_up(hdev->ndev, target->idx, comm_mode,
468 					NFC_RF_INITIATOR);
469 exit:
470 	kfree_skb(rgb_skb);
471 	return r;
472 }
473 
474 static int pn544_hci_dep_link_down(struct nfc_hci_dev *hdev)
475 {
476 
477 	return nfc_hci_send_event(hdev, PN544_RF_READER_NFCIP1_INITIATOR_GATE,
478 					NFC_HCI_EVT_END_OPERATION, NULL, 0);
479 }
480 
481 static int pn544_hci_target_from_gate(struct nfc_hci_dev *hdev, u8 gate,
482 				      struct nfc_target *target)
483 {
484 	switch (gate) {
485 	case PN544_RF_READER_F_GATE:
486 		target->supported_protocols = NFC_PROTO_FELICA_MASK;
487 		break;
488 	case PN544_RF_READER_JEWEL_GATE:
489 		target->supported_protocols = NFC_PROTO_JEWEL_MASK;
490 		target->sens_res = 0x0c00;
491 		break;
492 	case PN544_RF_READER_NFCIP1_INITIATOR_GATE:
493 		target->supported_protocols = NFC_PROTO_NFC_DEP_MASK;
494 		break;
495 	default:
496 		return -EPROTO;
497 	}
498 
499 	return 0;
500 }
501 
502 static int pn544_hci_complete_target_discovered(struct nfc_hci_dev *hdev,
503 						u8 gate,
504 						struct nfc_target *target)
505 {
506 	struct sk_buff *uid_skb;
507 	int r = 0;
508 
509 	if (gate == PN544_RF_READER_NFCIP1_INITIATOR_GATE)
510 		return r;
511 
512 	if (target->supported_protocols & NFC_PROTO_NFC_DEP_MASK) {
513 		r = nfc_hci_send_cmd(hdev,
514 			PN544_RF_READER_NFCIP1_INITIATOR_GATE,
515 			PN544_HCI_CMD_CONTINUE_ACTIVATION, NULL, 0, NULL);
516 		if (r < 0)
517 			return r;
518 
519 		target->hci_reader_gate = PN544_RF_READER_NFCIP1_INITIATOR_GATE;
520 	} else if (target->supported_protocols & NFC_PROTO_MIFARE_MASK) {
521 		if (target->nfcid1_len != 4 && target->nfcid1_len != 7 &&
522 		    target->nfcid1_len != 10)
523 			return -EPROTO;
524 
525 		r = nfc_hci_send_cmd(hdev, NFC_HCI_RF_READER_A_GATE,
526 				     PN544_RF_READER_CMD_ACTIVATE_NEXT,
527 				     target->nfcid1, target->nfcid1_len, NULL);
528 	} else if (target->supported_protocols & NFC_PROTO_FELICA_MASK) {
529 		r = nfc_hci_get_param(hdev, PN544_RF_READER_F_GATE,
530 				      PN544_FELICA_ID, &uid_skb);
531 		if (r < 0)
532 			return r;
533 
534 		if (uid_skb->len != 8) {
535 			kfree_skb(uid_skb);
536 			return -EPROTO;
537 		}
538 
539 		/* Type F NFC-DEP IDm has prefix 0x01FE */
540 		if ((uid_skb->data[0] == 0x01) && (uid_skb->data[1] == 0xfe)) {
541 			kfree_skb(uid_skb);
542 			r = nfc_hci_send_cmd(hdev,
543 					PN544_RF_READER_NFCIP1_INITIATOR_GATE,
544 					PN544_HCI_CMD_CONTINUE_ACTIVATION,
545 					NULL, 0, NULL);
546 			if (r < 0)
547 				return r;
548 
549 			target->supported_protocols = NFC_PROTO_NFC_DEP_MASK;
550 			target->hci_reader_gate =
551 				PN544_RF_READER_NFCIP1_INITIATOR_GATE;
552 		} else {
553 			r = nfc_hci_send_cmd(hdev, PN544_RF_READER_F_GATE,
554 					     PN544_RF_READER_CMD_ACTIVATE_NEXT,
555 					     uid_skb->data, uid_skb->len, NULL);
556 			kfree_skb(uid_skb);
557 		}
558 	} else if (target->supported_protocols & NFC_PROTO_ISO14443_MASK) {
559 		/*
560 		 * TODO: maybe other ISO 14443 require some kind of continue
561 		 * activation, but for now we've seen only this one below.
562 		 */
563 		if (target->sens_res == 0x4403)	/* Type 4 Mifare DESFire */
564 			r = nfc_hci_send_cmd(hdev, NFC_HCI_RF_READER_A_GATE,
565 			      PN544_RF_READER_A_CMD_CONTINUE_ACTIVATION,
566 			      NULL, 0, NULL);
567 	}
568 
569 	return r;
570 }
571 
572 #define PN544_CB_TYPE_READER_F 1
573 
574 static void pn544_hci_data_exchange_cb(void *context, struct sk_buff *skb,
575 				       int err)
576 {
577 	struct pn544_hci_info *info = context;
578 
579 	switch (info->async_cb_type) {
580 	case PN544_CB_TYPE_READER_F:
581 		if (err == 0)
582 			skb_pull(skb, 1);
583 		info->async_cb(info->async_cb_context, skb, err);
584 		break;
585 	default:
586 		if (err == 0)
587 			kfree_skb(skb);
588 		break;
589 	}
590 }
591 
592 #define MIFARE_CMD_AUTH_KEY_A	0x60
593 #define MIFARE_CMD_AUTH_KEY_B	0x61
594 #define MIFARE_CMD_HEADER	2
595 #define MIFARE_UID_LEN		4
596 #define MIFARE_KEY_LEN		6
597 #define MIFARE_CMD_LEN		12
598 /*
599  * Returns:
600  * <= 0: driver handled the data exchange
601  *    1: driver doesn't especially handle, please do standard processing
602  */
603 static int pn544_hci_im_transceive(struct nfc_hci_dev *hdev,
604 				   struct nfc_target *target,
605 				   struct sk_buff *skb, data_exchange_cb_t cb,
606 				   void *cb_context)
607 {
608 	struct pn544_hci_info *info = nfc_hci_get_clientdata(hdev);
609 
610 	pr_info(DRIVER_DESC ": %s for gate=%d\n", __func__,
611 		target->hci_reader_gate);
612 
613 	switch (target->hci_reader_gate) {
614 	case NFC_HCI_RF_READER_A_GATE:
615 		if (target->supported_protocols & NFC_PROTO_MIFARE_MASK) {
616 			/*
617 			 * It seems that pn544 is inverting key and UID for
618 			 * MIFARE authentication commands.
619 			 */
620 			if (skb->len == MIFARE_CMD_LEN &&
621 			    (skb->data[0] == MIFARE_CMD_AUTH_KEY_A ||
622 			     skb->data[0] == MIFARE_CMD_AUTH_KEY_B)) {
623 				u8 uid[MIFARE_UID_LEN];
624 				u8 *data = skb->data + MIFARE_CMD_HEADER;
625 
626 				memcpy(uid, data + MIFARE_KEY_LEN,
627 				       MIFARE_UID_LEN);
628 				memmove(data + MIFARE_UID_LEN, data,
629 					MIFARE_KEY_LEN);
630 				memcpy(data, uid, MIFARE_UID_LEN);
631 			}
632 
633 			return nfc_hci_send_cmd_async(hdev,
634 						      target->hci_reader_gate,
635 						      PN544_MIFARE_CMD,
636 						      skb->data, skb->len,
637 						      cb, cb_context);
638 		} else
639 			return 1;
640 	case PN544_RF_READER_F_GATE:
641 		*(u8 *)skb_push(skb, 1) = 0;
642 		*(u8 *)skb_push(skb, 1) = 0;
643 
644 		info->async_cb_type = PN544_CB_TYPE_READER_F;
645 		info->async_cb = cb;
646 		info->async_cb_context = cb_context;
647 
648 		return nfc_hci_send_cmd_async(hdev, target->hci_reader_gate,
649 					      PN544_FELICA_RAW, skb->data,
650 					      skb->len,
651 					      pn544_hci_data_exchange_cb, info);
652 	case PN544_RF_READER_JEWEL_GATE:
653 		return nfc_hci_send_cmd_async(hdev, target->hci_reader_gate,
654 					      PN544_JEWEL_RAW_CMD, skb->data,
655 					      skb->len, cb, cb_context);
656 	case PN544_RF_READER_NFCIP1_INITIATOR_GATE:
657 		*(u8 *)skb_push(skb, 1) = 0;
658 
659 		return nfc_hci_send_event(hdev, target->hci_reader_gate,
660 					PN544_HCI_EVT_SND_DATA, skb->data,
661 					skb->len);
662 	default:
663 		return 1;
664 	}
665 }
666 
667 static int pn544_hci_tm_send(struct nfc_hci_dev *hdev, struct sk_buff *skb)
668 {
669 	int r;
670 
671 	/* Set default false for multiple information chaining */
672 	*(u8 *)skb_push(skb, 1) = 0;
673 
674 	r = nfc_hci_send_event(hdev, PN544_RF_READER_NFCIP1_TARGET_GATE,
675 			       PN544_HCI_EVT_SND_DATA, skb->data, skb->len);
676 
677 	kfree_skb(skb);
678 
679 	return r;
680 }
681 
682 static int pn544_hci_check_presence(struct nfc_hci_dev *hdev,
683 				   struct nfc_target *target)
684 {
685 	pr_debug("supported protocol %d\b", target->supported_protocols);
686 	if (target->supported_protocols & (NFC_PROTO_ISO14443_MASK |
687 					NFC_PROTO_ISO14443_B_MASK)) {
688 		return nfc_hci_send_cmd(hdev, target->hci_reader_gate,
689 					PN544_RF_READER_CMD_PRESENCE_CHECK,
690 					NULL, 0, NULL);
691 	} else if (target->supported_protocols & NFC_PROTO_MIFARE_MASK) {
692 		if (target->nfcid1_len != 4 && target->nfcid1_len != 7 &&
693 		    target->nfcid1_len != 10)
694 			return -EOPNOTSUPP;
695 
696 		 return nfc_hci_send_cmd(hdev, NFC_HCI_RF_READER_A_GATE,
697 				     PN544_RF_READER_CMD_ACTIVATE_NEXT,
698 				     target->nfcid1, target->nfcid1_len, NULL);
699 	} else if (target->supported_protocols & (NFC_PROTO_JEWEL_MASK |
700 						NFC_PROTO_FELICA_MASK)) {
701 		return -EOPNOTSUPP;
702 	} else if (target->supported_protocols & NFC_PROTO_NFC_DEP_MASK) {
703 		return nfc_hci_send_cmd(hdev, target->hci_reader_gate,
704 					PN544_HCI_CMD_ATTREQUEST,
705 					NULL, 0, NULL);
706 	}
707 
708 	return 0;
709 }
710 
711 /*
712  * Returns:
713  * <= 0: driver handled the event, skb consumed
714  *    1: driver does not handle the event, please do standard processing
715  */
716 static int pn544_hci_event_received(struct nfc_hci_dev *hdev, u8 pipe, u8 event,
717 				    struct sk_buff *skb)
718 {
719 	struct sk_buff *rgb_skb = NULL;
720 	u8 gate = hdev->pipes[pipe].gate;
721 	int r;
722 
723 	pr_debug("hci event %d\n", event);
724 	switch (event) {
725 	case PN544_HCI_EVT_ACTIVATED:
726 		if (gate == PN544_RF_READER_NFCIP1_INITIATOR_GATE) {
727 			r = nfc_hci_target_discovered(hdev, gate);
728 		} else if (gate == PN544_RF_READER_NFCIP1_TARGET_GATE) {
729 			r = nfc_hci_get_param(hdev, gate, PN544_DEP_ATR_REQ,
730 					      &rgb_skb);
731 			if (r < 0)
732 				goto exit;
733 
734 			r = nfc_tm_activated(hdev->ndev, NFC_PROTO_NFC_DEP_MASK,
735 					     NFC_COMM_PASSIVE, rgb_skb->data,
736 					     rgb_skb->len);
737 
738 			kfree_skb(rgb_skb);
739 		} else {
740 			r = -EINVAL;
741 		}
742 		break;
743 	case PN544_HCI_EVT_DEACTIVATED:
744 		r = nfc_hci_send_event(hdev, gate, NFC_HCI_EVT_END_OPERATION,
745 				       NULL, 0);
746 		break;
747 	case PN544_HCI_EVT_RCV_DATA:
748 		if (skb->len < 2) {
749 			r = -EPROTO;
750 			goto exit;
751 		}
752 
753 		if (skb->data[0] != 0) {
754 			pr_debug("data0 %d\n", skb->data[0]);
755 			r = -EPROTO;
756 			goto exit;
757 		}
758 
759 		skb_pull(skb, 2);
760 		return nfc_tm_data_received(hdev->ndev, skb);
761 	default:
762 		return 1;
763 	}
764 
765 exit:
766 	kfree_skb(skb);
767 
768 	return r;
769 }
770 
771 static int pn544_hci_fw_download(struct nfc_hci_dev *hdev,
772 				 const char *firmware_name)
773 {
774 	struct pn544_hci_info *info = nfc_hci_get_clientdata(hdev);
775 
776 	if (info->fw_download == NULL)
777 		return -ENOTSUPP;
778 
779 	return info->fw_download(info->phy_id, firmware_name, hdev->sw_romlib);
780 }
781 
782 static int pn544_hci_discover_se(struct nfc_hci_dev *hdev)
783 {
784 	u32 se_idx = 0;
785 	u8 ese_mode = 0x01; /* Default mode */
786 	struct sk_buff *res_skb;
787 	int r;
788 
789 	r = nfc_hci_send_cmd(hdev, PN544_SYS_MGMT_GATE, PN544_TEST_SWP,
790 			     NULL, 0, &res_skb);
791 
792 	if (r == 0) {
793 		if (res_skb->len == 2 && res_skb->data[0] == 0x00)
794 			nfc_add_se(hdev->ndev, se_idx++, NFC_SE_UICC);
795 
796 		kfree_skb(res_skb);
797 	}
798 
799 	r = nfc_hci_send_event(hdev, PN544_NFC_WI_MGMT_GATE,
800 				PN544_HCI_EVT_SWITCH_MODE,
801 				&ese_mode, 1);
802 	if (r == 0)
803 		nfc_add_se(hdev->ndev, se_idx++, NFC_SE_EMBEDDED);
804 
805 	return !se_idx;
806 }
807 
808 #define PN544_SE_MODE_OFF	0x00
809 #define PN544_SE_MODE_ON	0x01
810 static int pn544_hci_enable_se(struct nfc_hci_dev *hdev, u32 se_idx)
811 {
812 	struct nfc_se *se;
813 	u8 enable = PN544_SE_MODE_ON;
814 	static struct uicc_gatelist {
815 		u8 head;
816 		u8 adr[2];
817 		u8 value;
818 	} uicc_gatelist[] = {
819 		{0x00, {0x9e, 0xd9}, 0x23},
820 		{0x00, {0x9e, 0xda}, 0x21},
821 		{0x00, {0x9e, 0xdb}, 0x22},
822 		{0x00, {0x9e, 0xdc}, 0x24},
823 	};
824 	struct uicc_gatelist *p = uicc_gatelist;
825 	int count = ARRAY_SIZE(uicc_gatelist);
826 	struct sk_buff *res_skb;
827 	int r;
828 
829 	se = nfc_find_se(hdev->ndev, se_idx);
830 
831 	switch (se->type) {
832 	case NFC_SE_UICC:
833 		while (count--) {
834 			r = nfc_hci_send_cmd(hdev, PN544_SYS_MGMT_GATE,
835 					PN544_WRITE, (u8 *)p, 4, &res_skb);
836 			if (r < 0)
837 				return r;
838 
839 			if (res_skb->len != 1) {
840 				kfree_skb(res_skb);
841 				return -EPROTO;
842 			}
843 
844 			if (res_skb->data[0] != p->value) {
845 				kfree_skb(res_skb);
846 				return -EIO;
847 			}
848 
849 			kfree_skb(res_skb);
850 
851 			p++;
852 		}
853 
854 		return nfc_hci_set_param(hdev, PN544_SWP_MGMT_GATE,
855 			      PN544_SWP_DEFAULT_MODE, &enable, 1);
856 	case NFC_SE_EMBEDDED:
857 		return nfc_hci_set_param(hdev, PN544_NFC_WI_MGMT_GATE,
858 			      PN544_NFC_ESE_DEFAULT_MODE, &enable, 1);
859 
860 	default:
861 		return -EINVAL;
862 	}
863 }
864 
865 static int pn544_hci_disable_se(struct nfc_hci_dev *hdev, u32 se_idx)
866 {
867 	struct nfc_se *se;
868 	u8 disable = PN544_SE_MODE_OFF;
869 
870 	se = nfc_find_se(hdev->ndev, se_idx);
871 
872 	switch (se->type) {
873 	case NFC_SE_UICC:
874 		return nfc_hci_set_param(hdev, PN544_SWP_MGMT_GATE,
875 			      PN544_SWP_DEFAULT_MODE, &disable, 1);
876 	case NFC_SE_EMBEDDED:
877 		return nfc_hci_set_param(hdev, PN544_NFC_WI_MGMT_GATE,
878 			      PN544_NFC_ESE_DEFAULT_MODE, &disable, 1);
879 	default:
880 		return -EINVAL;
881 	}
882 }
883 
884 static struct nfc_hci_ops pn544_hci_ops = {
885 	.open = pn544_hci_open,
886 	.close = pn544_hci_close,
887 	.hci_ready = pn544_hci_ready,
888 	.xmit = pn544_hci_xmit,
889 	.start_poll = pn544_hci_start_poll,
890 	.dep_link_up = pn544_hci_dep_link_up,
891 	.dep_link_down = pn544_hci_dep_link_down,
892 	.target_from_gate = pn544_hci_target_from_gate,
893 	.complete_target_discovered = pn544_hci_complete_target_discovered,
894 	.im_transceive = pn544_hci_im_transceive,
895 	.tm_send = pn544_hci_tm_send,
896 	.check_presence = pn544_hci_check_presence,
897 	.event_received = pn544_hci_event_received,
898 	.fw_download = pn544_hci_fw_download,
899 	.discover_se = pn544_hci_discover_se,
900 	.enable_se = pn544_hci_enable_se,
901 	.disable_se = pn544_hci_disable_se,
902 };
903 
904 int pn544_hci_probe(void *phy_id, struct nfc_phy_ops *phy_ops, char *llc_name,
905 		    int phy_headroom, int phy_tailroom, int phy_payload,
906 		    fw_download_t fw_download, struct nfc_hci_dev **hdev)
907 {
908 	struct pn544_hci_info *info;
909 	u32 protocols;
910 	struct nfc_hci_init_data init_data;
911 	int r;
912 
913 	info = kzalloc(sizeof(struct pn544_hci_info), GFP_KERNEL);
914 	if (!info) {
915 		r = -ENOMEM;
916 		goto err_info_alloc;
917 	}
918 
919 	info->phy_ops = phy_ops;
920 	info->phy_id = phy_id;
921 	info->fw_download = fw_download;
922 	info->state = PN544_ST_COLD;
923 	mutex_init(&info->info_lock);
924 
925 	init_data.gate_count = ARRAY_SIZE(pn544_gates);
926 
927 	memcpy(init_data.gates, pn544_gates, sizeof(pn544_gates));
928 
929 	/*
930 	 * TODO: Session id must include the driver name + some bus addr
931 	 * persistent info to discriminate 2 identical chips
932 	 */
933 	strcpy(init_data.session_id, "ID544HCI");
934 
935 	protocols = NFC_PROTO_JEWEL_MASK |
936 		    NFC_PROTO_MIFARE_MASK |
937 		    NFC_PROTO_FELICA_MASK |
938 		    NFC_PROTO_ISO14443_MASK |
939 		    NFC_PROTO_ISO14443_B_MASK |
940 		    NFC_PROTO_NFC_DEP_MASK;
941 
942 	info->hdev = nfc_hci_allocate_device(&pn544_hci_ops, &init_data, 0,
943 					     protocols, llc_name,
944 					     phy_headroom + PN544_CMDS_HEADROOM,
945 					     phy_tailroom, phy_payload);
946 	if (!info->hdev) {
947 		pr_err("Cannot allocate nfc hdev\n");
948 		r = -ENOMEM;
949 		goto err_alloc_hdev;
950 	}
951 
952 	nfc_hci_set_clientdata(info->hdev, info);
953 
954 	r = nfc_hci_register_device(info->hdev);
955 	if (r)
956 		goto err_regdev;
957 
958 	*hdev = info->hdev;
959 
960 	return 0;
961 
962 err_regdev:
963 	nfc_hci_free_device(info->hdev);
964 
965 err_alloc_hdev:
966 	kfree(info);
967 
968 err_info_alloc:
969 	return r;
970 }
971 EXPORT_SYMBOL(pn544_hci_probe);
972 
973 void pn544_hci_remove(struct nfc_hci_dev *hdev)
974 {
975 	struct pn544_hci_info *info = nfc_hci_get_clientdata(hdev);
976 
977 	nfc_hci_unregister_device(hdev);
978 	nfc_hci_free_device(hdev);
979 	kfree(info);
980 }
981 EXPORT_SYMBOL(pn544_hci_remove);
982 
983 MODULE_LICENSE("GPL");
984 MODULE_DESCRIPTION(DRIVER_DESC);
985