1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * HCI based Driver for STMicroelectronics NFC Chip 4 * 5 * Copyright (C) 2014 STMicroelectronics SAS. All rights reserved. 6 */ 7 8 #include <linux/module.h> 9 #include <linux/nfc.h> 10 #include <net/nfc/hci.h> 11 12 #include "st21nfca.h" 13 14 #define DRIVER_DESC "HCI NFC driver for ST21NFCA" 15 16 #define FULL_VERSION_LEN 3 17 18 /* Proprietary gates, events, commands and registers */ 19 20 /* Commands that apply to all RF readers */ 21 #define ST21NFCA_RF_READER_CMD_PRESENCE_CHECK 0x30 22 23 #define ST21NFCA_RF_READER_ISO15693_GATE 0x12 24 #define ST21NFCA_RF_READER_ISO15693_INVENTORY 0x01 25 26 /* 27 * Reader gate for communication with contact-less cards using Type A 28 * protocol ISO14443-3 but not compliant with ISO14443-4 29 */ 30 #define ST21NFCA_RF_READER_14443_3_A_GATE 0x15 31 #define ST21NFCA_RF_READER_14443_3_A_UID 0x02 32 #define ST21NFCA_RF_READER_14443_3_A_ATQA 0x03 33 #define ST21NFCA_RF_READER_14443_3_A_SAK 0x04 34 35 #define ST21NFCA_RF_READER_F_DATARATE 0x01 36 #define ST21NFCA_RF_READER_F_DATARATE_106 0x01 37 #define ST21NFCA_RF_READER_F_DATARATE_212 0x02 38 #define ST21NFCA_RF_READER_F_DATARATE_424 0x04 39 #define ST21NFCA_RF_READER_F_POL_REQ 0x02 40 #define ST21NFCA_RF_READER_F_POL_REQ_DEFAULT 0xffff0000 41 #define ST21NFCA_RF_READER_F_NFCID2 0x03 42 #define ST21NFCA_RF_READER_F_NFCID1 0x04 43 44 #define ST21NFCA_RF_CARD_F_MODE 0x01 45 #define ST21NFCA_RF_CARD_F_NFCID2_LIST 0x04 46 #define ST21NFCA_RF_CARD_F_NFCID1 0x05 47 #define ST21NFCA_RF_CARD_F_SENS_RES 0x06 48 #define ST21NFCA_RF_CARD_F_SEL_RES 0x07 49 #define ST21NFCA_RF_CARD_F_DATARATE 0x08 50 #define ST21NFCA_RF_CARD_F_DATARATE_212_424 0x01 51 52 #define ST21NFCA_DEVICE_MGNT_PIPE 0x02 53 54 #define ST21NFCA_DM_GETINFO 0x13 55 #define ST21NFCA_DM_GETINFO_PIPE_LIST 0x02 56 #define ST21NFCA_DM_GETINFO_PIPE_INFO 0x01 57 #define ST21NFCA_DM_PIPE_CREATED 0x02 58 #define ST21NFCA_DM_PIPE_OPEN 0x04 59 #define ST21NFCA_DM_RF_ACTIVE 0x80 60 #define ST21NFCA_DM_DISCONNECT 0x30 61 62 #define ST21NFCA_DM_IS_PIPE_OPEN(p) \ 63 ((p & 0x0f) == (ST21NFCA_DM_PIPE_CREATED | ST21NFCA_DM_PIPE_OPEN)) 64 65 #define ST21NFCA_NFC_MODE 0x03 /* NFC_MODE parameter*/ 66 67 #define ST21NFCA_EVT_HOT_PLUG 0x03 68 #define ST21NFCA_EVT_HOT_PLUG_IS_INHIBITED(x) (x->data[0] & 0x80) 69 70 #define ST21NFCA_SE_TO_PIPES 2000 71 72 static DECLARE_BITMAP(dev_mask, ST21NFCA_NUM_DEVICES); 73 74 static const struct nfc_hci_gate st21nfca_gates[] = { 75 {NFC_HCI_ADMIN_GATE, NFC_HCI_ADMIN_PIPE}, 76 {NFC_HCI_LINK_MGMT_GATE, NFC_HCI_LINK_MGMT_PIPE}, 77 {ST21NFCA_DEVICE_MGNT_GATE, ST21NFCA_DEVICE_MGNT_PIPE}, 78 79 {NFC_HCI_LOOPBACK_GATE, NFC_HCI_INVALID_PIPE}, 80 {NFC_HCI_ID_MGMT_GATE, NFC_HCI_INVALID_PIPE}, 81 {NFC_HCI_RF_READER_B_GATE, NFC_HCI_INVALID_PIPE}, 82 {NFC_HCI_RF_READER_A_GATE, NFC_HCI_INVALID_PIPE}, 83 {ST21NFCA_RF_READER_F_GATE, NFC_HCI_INVALID_PIPE}, 84 {ST21NFCA_RF_READER_14443_3_A_GATE, NFC_HCI_INVALID_PIPE}, 85 {ST21NFCA_RF_READER_ISO15693_GATE, NFC_HCI_INVALID_PIPE}, 86 {ST21NFCA_RF_CARD_F_GATE, NFC_HCI_INVALID_PIPE}, 87 88 /* Secure element pipes are created by secure element host */ 89 {ST21NFCA_CONNECTIVITY_GATE, NFC_HCI_DO_NOT_CREATE_PIPE}, 90 {ST21NFCA_APDU_READER_GATE, NFC_HCI_DO_NOT_CREATE_PIPE}, 91 }; 92 93 struct st21nfca_pipe_info { 94 u8 pipe_state; 95 u8 src_host_id; 96 u8 src_gate_id; 97 u8 dst_host_id; 98 u8 dst_gate_id; 99 } __packed; 100 101 /* Largest headroom needed for outgoing custom commands */ 102 #define ST21NFCA_CMDS_HEADROOM 7 103 104 static int st21nfca_hci_load_session(struct nfc_hci_dev *hdev) 105 { 106 int i, j, r; 107 struct sk_buff *skb_pipe_list, *skb_pipe_info; 108 struct st21nfca_pipe_info *info; 109 110 u8 pipe_list[] = { ST21NFCA_DM_GETINFO_PIPE_LIST, 111 NFC_HCI_TERMINAL_HOST_ID 112 }; 113 u8 pipe_info[] = { ST21NFCA_DM_GETINFO_PIPE_INFO, 114 NFC_HCI_TERMINAL_HOST_ID, 0 115 }; 116 117 /* On ST21NFCA device pipes number are dynamics 118 * A maximum of 16 pipes can be created at the same time 119 * If pipes are already created, hci_dev_up will fail. 120 * Doing a clear all pipe is a bad idea because: 121 * - It does useless EEPROM cycling 122 * - It might cause issue for secure elements support 123 * (such as removing connectivity or APDU reader pipe) 124 * A better approach on ST21NFCA is to: 125 * - get a pipe list for each host. 126 * (eg: NFC_HCI_HOST_CONTROLLER_ID for now). 127 * (TODO Later on UICC HOST and eSE HOST) 128 * - get pipe information 129 * - match retrieved pipe list in st21nfca_gates 130 * ST21NFCA_DEVICE_MGNT_GATE is a proprietary gate 131 * with ST21NFCA_DEVICE_MGNT_PIPE. 132 * Pipe can be closed and need to be open. 133 */ 134 r = nfc_hci_connect_gate(hdev, NFC_HCI_HOST_CONTROLLER_ID, 135 ST21NFCA_DEVICE_MGNT_GATE, 136 ST21NFCA_DEVICE_MGNT_PIPE); 137 if (r < 0) 138 return r; 139 140 /* Get pipe list */ 141 r = nfc_hci_send_cmd(hdev, ST21NFCA_DEVICE_MGNT_GATE, 142 ST21NFCA_DM_GETINFO, pipe_list, sizeof(pipe_list), 143 &skb_pipe_list); 144 if (r < 0) 145 return r; 146 147 /* Complete the existing gate_pipe table */ 148 for (i = 0; i < skb_pipe_list->len; i++) { 149 pipe_info[2] = skb_pipe_list->data[i]; 150 r = nfc_hci_send_cmd(hdev, ST21NFCA_DEVICE_MGNT_GATE, 151 ST21NFCA_DM_GETINFO, pipe_info, 152 sizeof(pipe_info), &skb_pipe_info); 153 if (r) 154 continue; 155 156 /* 157 * Match pipe ID and gate ID 158 * Output format from ST21NFC_DM_GETINFO is: 159 * - pipe state (1byte) 160 * - source hid (1byte) 161 * - source gid (1byte) 162 * - destination hid (1byte) 163 * - destination gid (1byte) 164 */ 165 info = (struct st21nfca_pipe_info *) skb_pipe_info->data; 166 if (info->dst_gate_id == ST21NFCA_APDU_READER_GATE && 167 info->src_host_id == NFC_HCI_UICC_HOST_ID) { 168 pr_err("Unexpected apdu_reader pipe on host %x\n", 169 info->src_host_id); 170 kfree_skb(skb_pipe_info); 171 continue; 172 } 173 174 for (j = 3; (j < ARRAY_SIZE(st21nfca_gates)) && 175 (st21nfca_gates[j].gate != info->dst_gate_id) ; j++) 176 ; 177 178 if (j < ARRAY_SIZE(st21nfca_gates) && 179 st21nfca_gates[j].gate == info->dst_gate_id && 180 ST21NFCA_DM_IS_PIPE_OPEN(info->pipe_state)) { 181 hdev->init_data.gates[j].pipe = pipe_info[2]; 182 183 hdev->gate2pipe[st21nfca_gates[j].gate] = 184 pipe_info[2]; 185 hdev->pipes[pipe_info[2]].gate = 186 st21nfca_gates[j].gate; 187 hdev->pipes[pipe_info[2]].dest_host = 188 info->src_host_id; 189 } 190 kfree_skb(skb_pipe_info); 191 } 192 193 /* 194 * 3 gates have a well known pipe ID. Only NFC_HCI_LINK_MGMT_GATE 195 * is not yet open at this stage. 196 */ 197 r = nfc_hci_connect_gate(hdev, NFC_HCI_HOST_CONTROLLER_ID, 198 NFC_HCI_LINK_MGMT_GATE, 199 NFC_HCI_LINK_MGMT_PIPE); 200 201 kfree_skb(skb_pipe_list); 202 return r; 203 } 204 205 static int st21nfca_hci_open(struct nfc_hci_dev *hdev) 206 { 207 struct st21nfca_hci_info *info = nfc_hci_get_clientdata(hdev); 208 int r; 209 210 mutex_lock(&info->info_lock); 211 212 if (info->state != ST21NFCA_ST_COLD) { 213 r = -EBUSY; 214 goto out; 215 } 216 217 r = info->phy_ops->enable(info->phy_id); 218 219 if (r == 0) 220 info->state = ST21NFCA_ST_READY; 221 222 out: 223 mutex_unlock(&info->info_lock); 224 return r; 225 } 226 227 static void st21nfca_hci_close(struct nfc_hci_dev *hdev) 228 { 229 struct st21nfca_hci_info *info = nfc_hci_get_clientdata(hdev); 230 231 mutex_lock(&info->info_lock); 232 233 if (info->state == ST21NFCA_ST_COLD) 234 goto out; 235 236 info->phy_ops->disable(info->phy_id); 237 info->state = ST21NFCA_ST_COLD; 238 239 out: 240 mutex_unlock(&info->info_lock); 241 } 242 243 static int st21nfca_hci_ready(struct nfc_hci_dev *hdev) 244 { 245 struct st21nfca_hci_info *info = nfc_hci_get_clientdata(hdev); 246 struct sk_buff *skb; 247 248 u8 param; 249 u8 white_list[2]; 250 int wl_size = 0; 251 int r; 252 253 if (info->se_status->is_uicc_present) 254 white_list[wl_size++] = NFC_HCI_UICC_HOST_ID; 255 if (info->se_status->is_ese_present) 256 white_list[wl_size++] = ST21NFCA_ESE_HOST_ID; 257 258 if (wl_size) { 259 r = nfc_hci_set_param(hdev, NFC_HCI_ADMIN_GATE, 260 NFC_HCI_ADMIN_WHITELIST, 261 (u8 *) &white_list, wl_size); 262 if (r < 0) 263 return r; 264 } 265 266 /* Set NFC_MODE in device management gate to enable */ 267 r = nfc_hci_get_param(hdev, ST21NFCA_DEVICE_MGNT_GATE, 268 ST21NFCA_NFC_MODE, &skb); 269 if (r < 0) 270 return r; 271 272 param = skb->data[0]; 273 kfree_skb(skb); 274 if (param == 0) { 275 param = 1; 276 277 r = nfc_hci_set_param(hdev, ST21NFCA_DEVICE_MGNT_GATE, 278 ST21NFCA_NFC_MODE, ¶m, 1); 279 if (r < 0) 280 return r; 281 } 282 283 r = nfc_hci_send_event(hdev, NFC_HCI_RF_READER_A_GATE, 284 NFC_HCI_EVT_END_OPERATION, NULL, 0); 285 if (r < 0) 286 return r; 287 288 r = nfc_hci_get_param(hdev, NFC_HCI_ID_MGMT_GATE, 289 NFC_HCI_ID_MGMT_VERSION_SW, &skb); 290 if (r < 0) 291 return r; 292 293 if (skb->len != FULL_VERSION_LEN) { 294 kfree_skb(skb); 295 return -EINVAL; 296 } 297 298 print_hex_dump(KERN_DEBUG, "FULL VERSION SOFTWARE INFO: ", 299 DUMP_PREFIX_NONE, 16, 1, 300 skb->data, FULL_VERSION_LEN, false); 301 302 kfree_skb(skb); 303 304 return 0; 305 } 306 307 static int st21nfca_hci_xmit(struct nfc_hci_dev *hdev, struct sk_buff *skb) 308 { 309 struct st21nfca_hci_info *info = nfc_hci_get_clientdata(hdev); 310 311 return info->phy_ops->write(info->phy_id, skb); 312 } 313 314 static int st21nfca_hci_start_poll(struct nfc_hci_dev *hdev, 315 u32 im_protocols, u32 tm_protocols) 316 { 317 int r; 318 u32 pol_req; 319 u8 param[19]; 320 struct sk_buff *datarate_skb; 321 322 pr_info(DRIVER_DESC ": %s protocols 0x%x 0x%x\n", 323 __func__, im_protocols, tm_protocols); 324 325 r = nfc_hci_send_event(hdev, NFC_HCI_RF_READER_A_GATE, 326 NFC_HCI_EVT_END_OPERATION, NULL, 0); 327 if (r < 0) 328 return r; 329 if (im_protocols) { 330 /* 331 * enable polling according to im_protocols & tm_protocols 332 * - CLOSE pipe according to im_protocols & tm_protocols 333 */ 334 if ((NFC_HCI_RF_READER_B_GATE & im_protocols) == 0) { 335 r = nfc_hci_disconnect_gate(hdev, 336 NFC_HCI_RF_READER_B_GATE); 337 if (r < 0) 338 return r; 339 } 340 341 if ((NFC_HCI_RF_READER_A_GATE & im_protocols) == 0) { 342 r = nfc_hci_disconnect_gate(hdev, 343 NFC_HCI_RF_READER_A_GATE); 344 if (r < 0) 345 return r; 346 } 347 348 if ((ST21NFCA_RF_READER_F_GATE & im_protocols) == 0) { 349 r = nfc_hci_disconnect_gate(hdev, 350 ST21NFCA_RF_READER_F_GATE); 351 if (r < 0) 352 return r; 353 } else { 354 hdev->gb = nfc_get_local_general_bytes(hdev->ndev, 355 &hdev->gb_len); 356 357 if (hdev->gb == NULL || hdev->gb_len == 0) { 358 im_protocols &= ~NFC_PROTO_NFC_DEP_MASK; 359 tm_protocols &= ~NFC_PROTO_NFC_DEP_MASK; 360 } 361 362 param[0] = ST21NFCA_RF_READER_F_DATARATE_106 | 363 ST21NFCA_RF_READER_F_DATARATE_212 | 364 ST21NFCA_RF_READER_F_DATARATE_424; 365 r = nfc_hci_set_param(hdev, ST21NFCA_RF_READER_F_GATE, 366 ST21NFCA_RF_READER_F_DATARATE, 367 param, 1); 368 if (r < 0) 369 return r; 370 371 pol_req = be32_to_cpu((__force __be32) 372 ST21NFCA_RF_READER_F_POL_REQ_DEFAULT); 373 r = nfc_hci_set_param(hdev, ST21NFCA_RF_READER_F_GATE, 374 ST21NFCA_RF_READER_F_POL_REQ, 375 (u8 *) &pol_req, 4); 376 if (r < 0) 377 return r; 378 } 379 380 if ((ST21NFCA_RF_READER_14443_3_A_GATE & im_protocols) == 0) { 381 r = nfc_hci_disconnect_gate(hdev, 382 ST21NFCA_RF_READER_14443_3_A_GATE); 383 if (r < 0) 384 return r; 385 } 386 387 if ((ST21NFCA_RF_READER_ISO15693_GATE & im_protocols) == 0) { 388 r = nfc_hci_disconnect_gate(hdev, 389 ST21NFCA_RF_READER_ISO15693_GATE); 390 if (r < 0) 391 return r; 392 } 393 394 r = nfc_hci_send_event(hdev, NFC_HCI_RF_READER_A_GATE, 395 NFC_HCI_EVT_READER_REQUESTED, NULL, 0); 396 if (r < 0) 397 nfc_hci_send_event(hdev, NFC_HCI_RF_READER_A_GATE, 398 NFC_HCI_EVT_END_OPERATION, NULL, 0); 399 } 400 401 if (tm_protocols & NFC_PROTO_NFC_DEP_MASK) { 402 r = nfc_hci_get_param(hdev, ST21NFCA_RF_CARD_F_GATE, 403 ST21NFCA_RF_CARD_F_DATARATE, 404 &datarate_skb); 405 if (r < 0) 406 return r; 407 408 /* Configure the maximum supported datarate to 424Kbps */ 409 if (datarate_skb->len > 0 && 410 datarate_skb->data[0] != 411 ST21NFCA_RF_CARD_F_DATARATE_212_424) { 412 param[0] = ST21NFCA_RF_CARD_F_DATARATE_212_424; 413 r = nfc_hci_set_param(hdev, ST21NFCA_RF_CARD_F_GATE, 414 ST21NFCA_RF_CARD_F_DATARATE, 415 param, 1); 416 if (r < 0) { 417 kfree_skb(datarate_skb); 418 return r; 419 } 420 } 421 kfree_skb(datarate_skb); 422 423 /* 424 * Configure sens_res 425 * 426 * NFC Forum Digital Spec Table 7: 427 * NFCID1 size: triple (10 bytes) 428 */ 429 param[0] = 0x00; 430 param[1] = 0x08; 431 r = nfc_hci_set_param(hdev, ST21NFCA_RF_CARD_F_GATE, 432 ST21NFCA_RF_CARD_F_SENS_RES, param, 2); 433 if (r < 0) 434 return r; 435 436 /* 437 * Configure sel_res 438 * 439 * NFC Forum Digistal Spec Table 17: 440 * b3 set to 0b (value b7-b6): 441 * - 10b: Configured for NFC-DEP Protocol 442 */ 443 param[0] = 0x40; 444 r = nfc_hci_set_param(hdev, ST21NFCA_RF_CARD_F_GATE, 445 ST21NFCA_RF_CARD_F_SEL_RES, param, 1); 446 if (r < 0) 447 return r; 448 449 /* Configure NFCID1 Random uid */ 450 r = nfc_hci_set_param(hdev, ST21NFCA_RF_CARD_F_GATE, 451 ST21NFCA_RF_CARD_F_NFCID1, NULL, 0); 452 if (r < 0) 453 return r; 454 455 /* Configure NFCID2_LIST */ 456 /* System Code */ 457 param[0] = 0x00; 458 param[1] = 0x00; 459 /* NFCID2 */ 460 param[2] = 0x01; 461 param[3] = 0xfe; 462 param[4] = 'S'; 463 param[5] = 'T'; 464 param[6] = 'M'; 465 param[7] = 'i'; 466 param[8] = 'c'; 467 param[9] = 'r'; 468 /* 8 byte Pad bytes used for polling respone frame */ 469 470 /* 471 * Configuration byte: 472 * - bit 0: define the default NFCID2 entry used when the 473 * system code is equal to 'FFFF' 474 * - bit 1: use a random value for lowest 6 bytes of 475 * NFCID2 value 476 * - bit 2: ignore polling request frame if request code 477 * is equal to '01' 478 * - Other bits are RFU 479 */ 480 param[18] = 0x01; 481 r = nfc_hci_set_param(hdev, ST21NFCA_RF_CARD_F_GATE, 482 ST21NFCA_RF_CARD_F_NFCID2_LIST, param, 483 19); 484 if (r < 0) 485 return r; 486 487 param[0] = 0x02; 488 r = nfc_hci_set_param(hdev, ST21NFCA_RF_CARD_F_GATE, 489 ST21NFCA_RF_CARD_F_MODE, param, 1); 490 } 491 492 return r; 493 } 494 495 static void st21nfca_hci_stop_poll(struct nfc_hci_dev *hdev) 496 { 497 nfc_hci_send_cmd(hdev, ST21NFCA_DEVICE_MGNT_GATE, 498 ST21NFCA_DM_DISCONNECT, NULL, 0, NULL); 499 } 500 501 static int st21nfca_get_iso14443_3_atqa(struct nfc_hci_dev *hdev, u16 *atqa) 502 { 503 int r; 504 struct sk_buff *atqa_skb = NULL; 505 506 r = nfc_hci_get_param(hdev, ST21NFCA_RF_READER_14443_3_A_GATE, 507 ST21NFCA_RF_READER_14443_3_A_ATQA, &atqa_skb); 508 if (r < 0) 509 goto exit; 510 511 if (atqa_skb->len != 2) { 512 r = -EPROTO; 513 goto exit; 514 } 515 516 *atqa = be16_to_cpu(*(__be16 *) atqa_skb->data); 517 518 exit: 519 kfree_skb(atqa_skb); 520 return r; 521 } 522 523 static int st21nfca_get_iso14443_3_sak(struct nfc_hci_dev *hdev, u8 *sak) 524 { 525 int r; 526 struct sk_buff *sak_skb = NULL; 527 528 r = nfc_hci_get_param(hdev, ST21NFCA_RF_READER_14443_3_A_GATE, 529 ST21NFCA_RF_READER_14443_3_A_SAK, &sak_skb); 530 if (r < 0) 531 goto exit; 532 533 if (sak_skb->len != 1) { 534 r = -EPROTO; 535 goto exit; 536 } 537 538 *sak = sak_skb->data[0]; 539 540 exit: 541 kfree_skb(sak_skb); 542 return r; 543 } 544 545 static int st21nfca_get_iso14443_3_uid(struct nfc_hci_dev *hdev, u8 *uid, 546 int *len) 547 { 548 int r; 549 struct sk_buff *uid_skb = NULL; 550 551 r = nfc_hci_get_param(hdev, ST21NFCA_RF_READER_14443_3_A_GATE, 552 ST21NFCA_RF_READER_14443_3_A_UID, &uid_skb); 553 if (r < 0) 554 goto exit; 555 556 if (uid_skb->len == 0 || uid_skb->len > NFC_NFCID1_MAXSIZE) { 557 r = -EPROTO; 558 goto exit; 559 } 560 561 memcpy(uid, uid_skb->data, uid_skb->len); 562 *len = uid_skb->len; 563 exit: 564 kfree_skb(uid_skb); 565 return r; 566 } 567 568 static int st21nfca_get_iso15693_inventory(struct nfc_hci_dev *hdev, 569 struct nfc_target *target) 570 { 571 int r; 572 struct sk_buff *inventory_skb = NULL; 573 574 r = nfc_hci_get_param(hdev, ST21NFCA_RF_READER_ISO15693_GATE, 575 ST21NFCA_RF_READER_ISO15693_INVENTORY, 576 &inventory_skb); 577 if (r < 0) 578 goto exit; 579 580 skb_pull(inventory_skb, 2); 581 582 if (inventory_skb->len == 0 || 583 inventory_skb->len > NFC_ISO15693_UID_MAXSIZE) { 584 r = -EPROTO; 585 goto exit; 586 } 587 588 memcpy(target->iso15693_uid, inventory_skb->data, inventory_skb->len); 589 target->iso15693_dsfid = inventory_skb->data[1]; 590 target->is_iso15693 = 1; 591 exit: 592 kfree_skb(inventory_skb); 593 return r; 594 } 595 596 static int st21nfca_hci_dep_link_up(struct nfc_hci_dev *hdev, 597 struct nfc_target *target, u8 comm_mode, 598 u8 *gb, size_t gb_len) 599 { 600 struct st21nfca_hci_info *info = nfc_hci_get_clientdata(hdev); 601 602 info->dep_info.idx = target->idx; 603 return st21nfca_im_send_atr_req(hdev, gb, gb_len); 604 } 605 606 static int st21nfca_hci_dep_link_down(struct nfc_hci_dev *hdev) 607 { 608 struct st21nfca_hci_info *info = nfc_hci_get_clientdata(hdev); 609 610 info->state = ST21NFCA_ST_READY; 611 612 return nfc_hci_send_cmd(hdev, ST21NFCA_DEVICE_MGNT_GATE, 613 ST21NFCA_DM_DISCONNECT, NULL, 0, NULL); 614 } 615 616 static int st21nfca_hci_target_from_gate(struct nfc_hci_dev *hdev, u8 gate, 617 struct nfc_target *target) 618 { 619 int r, len; 620 u16 atqa; 621 u8 sak; 622 u8 uid[NFC_NFCID1_MAXSIZE]; 623 624 switch (gate) { 625 case ST21NFCA_RF_READER_F_GATE: 626 target->supported_protocols = NFC_PROTO_FELICA_MASK; 627 break; 628 case ST21NFCA_RF_READER_14443_3_A_GATE: 629 /* ISO14443-3 type 1 or 2 tags */ 630 r = st21nfca_get_iso14443_3_atqa(hdev, &atqa); 631 if (r < 0) 632 return r; 633 if (atqa == 0x000c) { 634 target->supported_protocols = NFC_PROTO_JEWEL_MASK; 635 target->sens_res = 0x0c00; 636 } else { 637 r = st21nfca_get_iso14443_3_sak(hdev, &sak); 638 if (r < 0) 639 return r; 640 641 r = st21nfca_get_iso14443_3_uid(hdev, uid, &len); 642 if (r < 0) 643 return r; 644 645 target->supported_protocols = 646 nfc_hci_sak_to_protocol(sak); 647 if (target->supported_protocols == 0xffffffff) 648 return -EPROTO; 649 650 target->sens_res = atqa; 651 target->sel_res = sak; 652 memcpy(target->nfcid1, uid, len); 653 target->nfcid1_len = len; 654 } 655 656 break; 657 case ST21NFCA_RF_READER_ISO15693_GATE: 658 target->supported_protocols = NFC_PROTO_ISO15693_MASK; 659 r = st21nfca_get_iso15693_inventory(hdev, target); 660 if (r < 0) 661 return r; 662 break; 663 default: 664 return -EPROTO; 665 } 666 667 return 0; 668 } 669 670 static int st21nfca_hci_complete_target_discovered(struct nfc_hci_dev *hdev, 671 u8 gate, 672 struct nfc_target *target) 673 { 674 int r; 675 struct sk_buff *nfcid_skb = NULL; 676 677 if (gate == ST21NFCA_RF_READER_F_GATE) { 678 r = nfc_hci_get_param(hdev, ST21NFCA_RF_READER_F_GATE, 679 ST21NFCA_RF_READER_F_NFCID2, &nfcid_skb); 680 if (r < 0) 681 goto exit; 682 683 if (nfcid_skb->len > NFC_SENSF_RES_MAXSIZE) { 684 r = -EPROTO; 685 goto exit; 686 } 687 688 /* 689 * - After the recepton of polling response for type F frame 690 * at 212 or 424 Kbit/s, NFCID2 registry parameters will be 691 * updated. 692 * - After the reception of SEL_RES with NFCIP-1 compliant bit 693 * set for type A frame NFCID1 will be updated 694 */ 695 if (nfcid_skb->len > 0) { 696 /* P2P in type F */ 697 memcpy(target->sensf_res, nfcid_skb->data, 698 nfcid_skb->len); 699 target->sensf_res_len = nfcid_skb->len; 700 /* NFC Forum Digital Protocol Table 44 */ 701 if (target->sensf_res[0] == 0x01 && 702 target->sensf_res[1] == 0xfe) 703 target->supported_protocols = 704 NFC_PROTO_NFC_DEP_MASK; 705 else 706 target->supported_protocols = 707 NFC_PROTO_FELICA_MASK; 708 } else { 709 kfree_skb(nfcid_skb); 710 nfcid_skb = NULL; 711 /* P2P in type A */ 712 r = nfc_hci_get_param(hdev, ST21NFCA_RF_READER_F_GATE, 713 ST21NFCA_RF_READER_F_NFCID1, 714 &nfcid_skb); 715 if (r < 0) 716 goto exit; 717 718 if (nfcid_skb->len > NFC_NFCID1_MAXSIZE) { 719 r = -EPROTO; 720 goto exit; 721 } 722 memcpy(target->sensf_res, nfcid_skb->data, 723 nfcid_skb->len); 724 target->sensf_res_len = nfcid_skb->len; 725 target->supported_protocols = NFC_PROTO_NFC_DEP_MASK; 726 } 727 target->hci_reader_gate = ST21NFCA_RF_READER_F_GATE; 728 } 729 r = 1; 730 exit: 731 kfree_skb(nfcid_skb); 732 return r; 733 } 734 735 #define ST21NFCA_CB_TYPE_READER_ISO15693 1 736 static void st21nfca_hci_data_exchange_cb(void *context, struct sk_buff *skb, 737 int err) 738 { 739 struct st21nfca_hci_info *info = context; 740 741 switch (info->async_cb_type) { 742 case ST21NFCA_CB_TYPE_READER_ISO15693: 743 if (err == 0) 744 skb_trim(skb, skb->len - 1); 745 info->async_cb(info->async_cb_context, skb, err); 746 break; 747 default: 748 if (err == 0) 749 kfree_skb(skb); 750 break; 751 } 752 } 753 754 /* 755 * Returns: 756 * <= 0: driver handled the data exchange 757 * 1: driver doesn't especially handle, please do standard processing 758 */ 759 static int st21nfca_hci_im_transceive(struct nfc_hci_dev *hdev, 760 struct nfc_target *target, 761 struct sk_buff *skb, 762 data_exchange_cb_t cb, void *cb_context) 763 { 764 struct st21nfca_hci_info *info = nfc_hci_get_clientdata(hdev); 765 766 pr_info(DRIVER_DESC ": %s for gate=%d len=%d\n", __func__, 767 target->hci_reader_gate, skb->len); 768 769 switch (target->hci_reader_gate) { 770 case ST21NFCA_RF_READER_F_GATE: 771 if (target->supported_protocols == NFC_PROTO_NFC_DEP_MASK) 772 return st21nfca_im_send_dep_req(hdev, skb); 773 774 *(u8 *)skb_push(skb, 1) = 0x1a; 775 return nfc_hci_send_cmd_async(hdev, target->hci_reader_gate, 776 ST21NFCA_WR_XCHG_DATA, skb->data, 777 skb->len, cb, cb_context); 778 case ST21NFCA_RF_READER_14443_3_A_GATE: 779 *(u8 *)skb_push(skb, 1) = 0x1a; /* CTR, see spec:10.2.2.1 */ 780 781 return nfc_hci_send_cmd_async(hdev, target->hci_reader_gate, 782 ST21NFCA_WR_XCHG_DATA, skb->data, 783 skb->len, cb, cb_context); 784 case ST21NFCA_RF_READER_ISO15693_GATE: 785 info->async_cb_type = ST21NFCA_CB_TYPE_READER_ISO15693; 786 info->async_cb = cb; 787 info->async_cb_context = cb_context; 788 789 *(u8 *)skb_push(skb, 1) = 0x17; 790 791 return nfc_hci_send_cmd_async(hdev, target->hci_reader_gate, 792 ST21NFCA_WR_XCHG_DATA, skb->data, 793 skb->len, 794 st21nfca_hci_data_exchange_cb, 795 info); 796 default: 797 return 1; 798 } 799 } 800 801 static int st21nfca_hci_tm_send(struct nfc_hci_dev *hdev, struct sk_buff *skb) 802 { 803 return st21nfca_tm_send_dep_res(hdev, skb); 804 } 805 806 static int st21nfca_hci_check_presence(struct nfc_hci_dev *hdev, 807 struct nfc_target *target) 808 { 809 u8 fwi = 0x11; 810 811 switch (target->hci_reader_gate) { 812 case NFC_HCI_RF_READER_A_GATE: 813 case NFC_HCI_RF_READER_B_GATE: 814 /* 815 * PRESENCE_CHECK on those gates is available 816 * However, the answer to this command is taking 3 * fwi 817 * if the card is no present. 818 * Instead, we send an empty I-Frame with a very short 819 * configurable fwi ~604µs. 820 */ 821 return nfc_hci_send_cmd(hdev, target->hci_reader_gate, 822 ST21NFCA_WR_XCHG_DATA, &fwi, 1, NULL); 823 case ST21NFCA_RF_READER_14443_3_A_GATE: 824 return nfc_hci_send_cmd(hdev, target->hci_reader_gate, 825 ST21NFCA_RF_READER_CMD_PRESENCE_CHECK, 826 NULL, 0, NULL); 827 default: 828 return -EOPNOTSUPP; 829 } 830 } 831 832 static void st21nfca_hci_cmd_received(struct nfc_hci_dev *hdev, u8 pipe, u8 cmd, 833 struct sk_buff *skb) 834 { 835 struct st21nfca_hci_info *info = nfc_hci_get_clientdata(hdev); 836 u8 gate = hdev->pipes[pipe].gate; 837 838 pr_debug("cmd: %x\n", cmd); 839 840 switch (cmd) { 841 case NFC_HCI_ANY_OPEN_PIPE: 842 if (gate != ST21NFCA_APDU_READER_GATE && 843 hdev->pipes[pipe].dest_host != NFC_HCI_UICC_HOST_ID) 844 info->se_info.count_pipes++; 845 846 if (info->se_info.count_pipes == info->se_info.expected_pipes) { 847 del_timer_sync(&info->se_info.se_active_timer); 848 info->se_info.se_active = false; 849 info->se_info.count_pipes = 0; 850 complete(&info->se_info.req_completion); 851 } 852 break; 853 } 854 } 855 856 static int st21nfca_admin_event_received(struct nfc_hci_dev *hdev, u8 event, 857 struct sk_buff *skb) 858 { 859 struct st21nfca_hci_info *info = nfc_hci_get_clientdata(hdev); 860 861 pr_debug("admin event: %x\n", event); 862 863 switch (event) { 864 case ST21NFCA_EVT_HOT_PLUG: 865 if (info->se_info.se_active) { 866 if (!ST21NFCA_EVT_HOT_PLUG_IS_INHIBITED(skb)) { 867 del_timer_sync(&info->se_info.se_active_timer); 868 info->se_info.se_active = false; 869 complete(&info->se_info.req_completion); 870 } else { 871 mod_timer(&info->se_info.se_active_timer, 872 jiffies + 873 msecs_to_jiffies(ST21NFCA_SE_TO_PIPES)); 874 } 875 } 876 break; 877 default: 878 nfc_err(&hdev->ndev->dev, "Unexpected event on admin gate\n"); 879 } 880 kfree_skb(skb); 881 return 0; 882 } 883 884 /* 885 * Returns: 886 * <= 0: driver handled the event, skb consumed 887 * 1: driver does not handle the event, please do standard processing 888 */ 889 static int st21nfca_hci_event_received(struct nfc_hci_dev *hdev, u8 pipe, 890 u8 event, struct sk_buff *skb) 891 { 892 u8 gate = hdev->pipes[pipe].gate; 893 u8 host = hdev->pipes[pipe].dest_host; 894 895 pr_debug("hci event: %d gate: %x\n", event, gate); 896 897 switch (gate) { 898 case NFC_HCI_ADMIN_GATE: 899 return st21nfca_admin_event_received(hdev, event, skb); 900 case ST21NFCA_RF_CARD_F_GATE: 901 return st21nfca_dep_event_received(hdev, event, skb); 902 case ST21NFCA_CONNECTIVITY_GATE: 903 return st21nfca_connectivity_event_received(hdev, host, 904 event, skb); 905 case ST21NFCA_APDU_READER_GATE: 906 return st21nfca_apdu_reader_event_received(hdev, event, skb); 907 case NFC_HCI_LOOPBACK_GATE: 908 return st21nfca_hci_loopback_event_received(hdev, event, skb); 909 default: 910 return 1; 911 } 912 } 913 914 static const struct nfc_hci_ops st21nfca_hci_ops = { 915 .open = st21nfca_hci_open, 916 .close = st21nfca_hci_close, 917 .load_session = st21nfca_hci_load_session, 918 .hci_ready = st21nfca_hci_ready, 919 .xmit = st21nfca_hci_xmit, 920 .start_poll = st21nfca_hci_start_poll, 921 .stop_poll = st21nfca_hci_stop_poll, 922 .dep_link_up = st21nfca_hci_dep_link_up, 923 .dep_link_down = st21nfca_hci_dep_link_down, 924 .target_from_gate = st21nfca_hci_target_from_gate, 925 .complete_target_discovered = st21nfca_hci_complete_target_discovered, 926 .im_transceive = st21nfca_hci_im_transceive, 927 .tm_send = st21nfca_hci_tm_send, 928 .check_presence = st21nfca_hci_check_presence, 929 .event_received = st21nfca_hci_event_received, 930 .cmd_received = st21nfca_hci_cmd_received, 931 .discover_se = st21nfca_hci_discover_se, 932 .enable_se = st21nfca_hci_enable_se, 933 .disable_se = st21nfca_hci_disable_se, 934 .se_io = st21nfca_hci_se_io, 935 }; 936 937 int st21nfca_hci_probe(void *phy_id, const struct nfc_phy_ops *phy_ops, 938 char *llc_name, int phy_headroom, int phy_tailroom, 939 int phy_payload, struct nfc_hci_dev **hdev, 940 struct st21nfca_se_status *se_status) 941 { 942 struct st21nfca_hci_info *info; 943 int r = 0; 944 int dev_num; 945 u32 protocols; 946 struct nfc_hci_init_data init_data; 947 unsigned long quirks = 0; 948 949 info = kzalloc(sizeof(struct st21nfca_hci_info), GFP_KERNEL); 950 if (!info) 951 return -ENOMEM; 952 953 info->phy_ops = phy_ops; 954 info->phy_id = phy_id; 955 info->state = ST21NFCA_ST_COLD; 956 mutex_init(&info->info_lock); 957 958 init_data.gate_count = ARRAY_SIZE(st21nfca_gates); 959 960 memcpy(init_data.gates, st21nfca_gates, sizeof(st21nfca_gates)); 961 962 /* 963 * Session id must include the driver name + i2c bus addr 964 * persistent info to discriminate 2 identical chips 965 */ 966 dev_num = find_first_zero_bit(dev_mask, ST21NFCA_NUM_DEVICES); 967 if (dev_num >= ST21NFCA_NUM_DEVICES) { 968 r = -ENODEV; 969 goto err_alloc_hdev; 970 } 971 972 set_bit(dev_num, dev_mask); 973 974 scnprintf(init_data.session_id, sizeof(init_data.session_id), "%s%2x", 975 "ST21AH", dev_num); 976 977 protocols = NFC_PROTO_JEWEL_MASK | 978 NFC_PROTO_MIFARE_MASK | 979 NFC_PROTO_FELICA_MASK | 980 NFC_PROTO_ISO14443_MASK | 981 NFC_PROTO_ISO14443_B_MASK | 982 NFC_PROTO_ISO15693_MASK | 983 NFC_PROTO_NFC_DEP_MASK; 984 985 set_bit(NFC_HCI_QUIRK_SHORT_CLEAR, &quirks); 986 987 info->hdev = 988 nfc_hci_allocate_device(&st21nfca_hci_ops, &init_data, quirks, 989 protocols, llc_name, 990 phy_headroom + ST21NFCA_CMDS_HEADROOM, 991 phy_tailroom, phy_payload); 992 993 if (!info->hdev) { 994 pr_err("Cannot allocate nfc hdev.\n"); 995 r = -ENOMEM; 996 goto err_alloc_hdev; 997 } 998 999 info->se_status = se_status; 1000 1001 nfc_hci_set_clientdata(info->hdev, info); 1002 1003 r = nfc_hci_register_device(info->hdev); 1004 if (r) 1005 goto err_regdev; 1006 1007 *hdev = info->hdev; 1008 st21nfca_dep_init(info->hdev); 1009 st21nfca_se_init(info->hdev); 1010 st21nfca_vendor_cmds_init(info->hdev); 1011 1012 return 0; 1013 1014 err_regdev: 1015 nfc_hci_free_device(info->hdev); 1016 1017 err_alloc_hdev: 1018 kfree(info); 1019 1020 return r; 1021 } 1022 EXPORT_SYMBOL(st21nfca_hci_probe); 1023 1024 void st21nfca_hci_remove(struct nfc_hci_dev *hdev) 1025 { 1026 struct st21nfca_hci_info *info = nfc_hci_get_clientdata(hdev); 1027 1028 st21nfca_dep_deinit(hdev); 1029 st21nfca_se_deinit(hdev); 1030 nfc_hci_unregister_device(hdev); 1031 nfc_hci_free_device(hdev); 1032 kfree(info); 1033 } 1034 EXPORT_SYMBOL(st21nfca_hci_remove); 1035 1036 MODULE_LICENSE("GPL"); 1037 MODULE_DESCRIPTION(DRIVER_DESC); 1038