1 /* 2 * HCI based Driver for STMicroelectronics NFC Chip 3 * 4 * Copyright (C) 2014 STMicroelectronics SAS. All rights reserved. 5 * 6 * This program is free software; you can redistribute it and/or modify it 7 * under the terms and conditions of the GNU General Public License, 8 * version 2, as published by the Free Software Foundation. 9 * 10 * This program is distributed in the hope that it will be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 * GNU General Public License for more details. 14 * 15 * You should have received a copy of the GNU General Public License 16 * along with this program; if not, see <http://www.gnu.org/licenses/>. 17 */ 18 19 #include <linux/module.h> 20 #include <linux/nfc.h> 21 #include <net/nfc/hci.h> 22 #include <net/nfc/llc.h> 23 24 #include "st21nfca.h" 25 26 #define DRIVER_DESC "HCI NFC driver for ST21NFCA" 27 28 #define FULL_VERSION_LEN 3 29 30 /* Proprietary gates, events, commands and registers */ 31 32 /* Commands that apply to all RF readers */ 33 #define ST21NFCA_RF_READER_CMD_PRESENCE_CHECK 0x30 34 35 #define ST21NFCA_RF_READER_ISO15693_GATE 0x12 36 #define ST21NFCA_RF_READER_ISO15693_INVENTORY 0x01 37 38 /* 39 * Reader gate for communication with contact-less cards using Type A 40 * protocol ISO14443-3 but not compliant with ISO14443-4 41 */ 42 #define ST21NFCA_RF_READER_14443_3_A_GATE 0x15 43 #define ST21NFCA_RF_READER_14443_3_A_UID 0x02 44 #define ST21NFCA_RF_READER_14443_3_A_ATQA 0x03 45 #define ST21NFCA_RF_READER_14443_3_A_SAK 0x04 46 47 #define ST21NFCA_RF_READER_F_DATARATE 0x01 48 #define ST21NFCA_RF_READER_F_DATARATE_106 0x01 49 #define ST21NFCA_RF_READER_F_DATARATE_212 0x02 50 #define ST21NFCA_RF_READER_F_DATARATE_424 0x04 51 #define ST21NFCA_RF_READER_F_POL_REQ 0x02 52 #define ST21NFCA_RF_READER_F_POL_REQ_DEFAULT 0xffff0000 53 #define ST21NFCA_RF_READER_F_NFCID2 0x03 54 #define ST21NFCA_RF_READER_F_NFCID1 0x04 55 56 #define ST21NFCA_RF_CARD_F_MODE 0x01 57 #define ST21NFCA_RF_CARD_F_NFCID2_LIST 0x04 58 #define ST21NFCA_RF_CARD_F_NFCID1 0x05 59 #define ST21NFCA_RF_CARD_F_SENS_RES 0x06 60 #define ST21NFCA_RF_CARD_F_SEL_RES 0x07 61 #define ST21NFCA_RF_CARD_F_DATARATE 0x08 62 #define ST21NFCA_RF_CARD_F_DATARATE_212_424 0x01 63 64 #define ST21NFCA_DEVICE_MGNT_PIPE 0x02 65 66 #define ST21NFCA_DM_GETINFO 0x13 67 #define ST21NFCA_DM_GETINFO_PIPE_LIST 0x02 68 #define ST21NFCA_DM_GETINFO_PIPE_INFO 0x01 69 #define ST21NFCA_DM_PIPE_CREATED 0x02 70 #define ST21NFCA_DM_PIPE_OPEN 0x04 71 #define ST21NFCA_DM_RF_ACTIVE 0x80 72 #define ST21NFCA_DM_DISCONNECT 0x30 73 74 #define ST21NFCA_DM_IS_PIPE_OPEN(p) \ 75 ((p & 0x0f) == (ST21NFCA_DM_PIPE_CREATED | ST21NFCA_DM_PIPE_OPEN)) 76 77 #define ST21NFCA_NFC_MODE 0x03 /* NFC_MODE parameter*/ 78 79 #define ST21NFCA_EVT_HOT_PLUG 0x03 80 #define ST21NFCA_EVT_HOT_PLUG_IS_INHIBITED(x) (x->data[0] & 0x80) 81 82 #define ST21NFCA_SE_TO_PIPES 2000 83 84 static DECLARE_BITMAP(dev_mask, ST21NFCA_NUM_DEVICES); 85 86 static struct nfc_hci_gate st21nfca_gates[] = { 87 {NFC_HCI_ADMIN_GATE, NFC_HCI_ADMIN_PIPE}, 88 {NFC_HCI_LINK_MGMT_GATE, NFC_HCI_LINK_MGMT_PIPE}, 89 {ST21NFCA_DEVICE_MGNT_GATE, ST21NFCA_DEVICE_MGNT_PIPE}, 90 91 {NFC_HCI_LOOPBACK_GATE, NFC_HCI_INVALID_PIPE}, 92 {NFC_HCI_ID_MGMT_GATE, NFC_HCI_INVALID_PIPE}, 93 {NFC_HCI_RF_READER_B_GATE, NFC_HCI_INVALID_PIPE}, 94 {NFC_HCI_RF_READER_A_GATE, NFC_HCI_INVALID_PIPE}, 95 {ST21NFCA_RF_READER_F_GATE, NFC_HCI_INVALID_PIPE}, 96 {ST21NFCA_RF_READER_14443_3_A_GATE, NFC_HCI_INVALID_PIPE}, 97 {ST21NFCA_RF_READER_ISO15693_GATE, NFC_HCI_INVALID_PIPE}, 98 {ST21NFCA_RF_CARD_F_GATE, NFC_HCI_INVALID_PIPE}, 99 100 /* Secure element pipes are created by secure element host */ 101 {ST21NFCA_CONNECTIVITY_GATE, NFC_HCI_DO_NOT_CREATE_PIPE}, 102 {ST21NFCA_APDU_READER_GATE, NFC_HCI_DO_NOT_CREATE_PIPE}, 103 }; 104 105 struct st21nfca_pipe_info { 106 u8 pipe_state; 107 u8 src_host_id; 108 u8 src_gate_id; 109 u8 dst_host_id; 110 u8 dst_gate_id; 111 } __packed; 112 113 /* Largest headroom needed for outgoing custom commands */ 114 #define ST21NFCA_CMDS_HEADROOM 7 115 116 static int st21nfca_hci_load_session(struct nfc_hci_dev *hdev) 117 { 118 int i, j, r; 119 struct sk_buff *skb_pipe_list, *skb_pipe_info; 120 struct st21nfca_pipe_info *info; 121 122 u8 pipe_list[] = { ST21NFCA_DM_GETINFO_PIPE_LIST, 123 NFC_HCI_TERMINAL_HOST_ID 124 }; 125 u8 pipe_info[] = { ST21NFCA_DM_GETINFO_PIPE_INFO, 126 NFC_HCI_TERMINAL_HOST_ID, 0 127 }; 128 129 /* On ST21NFCA device pipes number are dynamics 130 * A maximum of 16 pipes can be created at the same time 131 * If pipes are already created, hci_dev_up will fail. 132 * Doing a clear all pipe is a bad idea because: 133 * - It does useless EEPROM cycling 134 * - It might cause issue for secure elements support 135 * (such as removing connectivity or APDU reader pipe) 136 * A better approach on ST21NFCA is to: 137 * - get a pipe list for each host. 138 * (eg: NFC_HCI_HOST_CONTROLLER_ID for now). 139 * (TODO Later on UICC HOST and eSE HOST) 140 * - get pipe information 141 * - match retrieved pipe list in st21nfca_gates 142 * ST21NFCA_DEVICE_MGNT_GATE is a proprietary gate 143 * with ST21NFCA_DEVICE_MGNT_PIPE. 144 * Pipe can be closed and need to be open. 145 */ 146 r = nfc_hci_connect_gate(hdev, NFC_HCI_HOST_CONTROLLER_ID, 147 ST21NFCA_DEVICE_MGNT_GATE, 148 ST21NFCA_DEVICE_MGNT_PIPE); 149 if (r < 0) 150 return r; 151 152 /* Get pipe list */ 153 r = nfc_hci_send_cmd(hdev, ST21NFCA_DEVICE_MGNT_GATE, 154 ST21NFCA_DM_GETINFO, pipe_list, sizeof(pipe_list), 155 &skb_pipe_list); 156 if (r < 0) 157 return r; 158 159 /* Complete the existing gate_pipe table */ 160 for (i = 0; i < skb_pipe_list->len; i++) { 161 pipe_info[2] = skb_pipe_list->data[i]; 162 r = nfc_hci_send_cmd(hdev, ST21NFCA_DEVICE_MGNT_GATE, 163 ST21NFCA_DM_GETINFO, pipe_info, 164 sizeof(pipe_info), &skb_pipe_info); 165 if (r) 166 continue; 167 168 /* 169 * Match pipe ID and gate ID 170 * Output format from ST21NFC_DM_GETINFO is: 171 * - pipe state (1byte) 172 * - source hid (1byte) 173 * - source gid (1byte) 174 * - destination hid (1byte) 175 * - destination gid (1byte) 176 */ 177 info = (struct st21nfca_pipe_info *) skb_pipe_info->data; 178 if (info->dst_gate_id == ST21NFCA_APDU_READER_GATE && 179 info->src_host_id != ST21NFCA_ESE_HOST_ID) { 180 pr_err("Unexpected apdu_reader pipe on host %x\n", 181 info->src_host_id); 182 kfree_skb(skb_pipe_info); 183 continue; 184 } 185 186 for (j = 3; (j < ARRAY_SIZE(st21nfca_gates)) && 187 (st21nfca_gates[j].gate != info->dst_gate_id) ; j++) 188 ; 189 190 if (j < ARRAY_SIZE(st21nfca_gates) && 191 st21nfca_gates[j].gate == info->dst_gate_id && 192 ST21NFCA_DM_IS_PIPE_OPEN(info->pipe_state)) { 193 hdev->init_data.gates[j].pipe = pipe_info[2]; 194 195 hdev->gate2pipe[st21nfca_gates[j].gate] = 196 pipe_info[2]; 197 hdev->pipes[pipe_info[2]].gate = 198 st21nfca_gates[j].gate; 199 hdev->pipes[pipe_info[2]].dest_host = 200 info->src_host_id; 201 } 202 kfree_skb(skb_pipe_info); 203 } 204 205 /* 206 * 3 gates have a well known pipe ID. Only NFC_HCI_LINK_MGMT_GATE 207 * is not yet open at this stage. 208 */ 209 r = nfc_hci_connect_gate(hdev, NFC_HCI_HOST_CONTROLLER_ID, 210 NFC_HCI_LINK_MGMT_GATE, 211 NFC_HCI_LINK_MGMT_PIPE); 212 213 kfree_skb(skb_pipe_list); 214 return r; 215 } 216 217 static int st21nfca_hci_open(struct nfc_hci_dev *hdev) 218 { 219 struct st21nfca_hci_info *info = nfc_hci_get_clientdata(hdev); 220 int r; 221 222 mutex_lock(&info->info_lock); 223 224 if (info->state != ST21NFCA_ST_COLD) { 225 r = -EBUSY; 226 goto out; 227 } 228 229 r = info->phy_ops->enable(info->phy_id); 230 231 if (r == 0) 232 info->state = ST21NFCA_ST_READY; 233 234 out: 235 mutex_unlock(&info->info_lock); 236 return r; 237 } 238 239 static void st21nfca_hci_close(struct nfc_hci_dev *hdev) 240 { 241 struct st21nfca_hci_info *info = nfc_hci_get_clientdata(hdev); 242 243 mutex_lock(&info->info_lock); 244 245 if (info->state == ST21NFCA_ST_COLD) 246 goto out; 247 248 info->phy_ops->disable(info->phy_id); 249 info->state = ST21NFCA_ST_COLD; 250 251 out: 252 mutex_unlock(&info->info_lock); 253 } 254 255 static int st21nfca_hci_ready(struct nfc_hci_dev *hdev) 256 { 257 struct st21nfca_hci_info *info = nfc_hci_get_clientdata(hdev); 258 struct sk_buff *skb; 259 260 u8 param; 261 u8 white_list[2]; 262 int wl_size = 0; 263 int r; 264 265 if (info->se_status->is_ese_present && 266 info->se_status->is_uicc_present) { 267 white_list[wl_size++] = NFC_HCI_UICC_HOST_ID; 268 white_list[wl_size++] = ST21NFCA_ESE_HOST_ID; 269 } else if (!info->se_status->is_ese_present && 270 info->se_status->is_uicc_present) { 271 white_list[wl_size++] = NFC_HCI_UICC_HOST_ID; 272 } else if (info->se_status->is_ese_present && 273 !info->se_status->is_uicc_present) { 274 white_list[wl_size++] = ST21NFCA_ESE_HOST_ID; 275 } 276 277 if (wl_size) { 278 r = nfc_hci_set_param(hdev, NFC_HCI_ADMIN_GATE, 279 NFC_HCI_ADMIN_WHITELIST, 280 (u8 *) &white_list, wl_size); 281 if (r < 0) 282 return r; 283 } 284 285 /* Set NFC_MODE in device management gate to enable */ 286 r = nfc_hci_get_param(hdev, ST21NFCA_DEVICE_MGNT_GATE, 287 ST21NFCA_NFC_MODE, &skb); 288 if (r < 0) 289 return r; 290 291 param = skb->data[0]; 292 kfree_skb(skb); 293 if (param == 0) { 294 param = 1; 295 296 r = nfc_hci_set_param(hdev, ST21NFCA_DEVICE_MGNT_GATE, 297 ST21NFCA_NFC_MODE, ¶m, 1); 298 if (r < 0) 299 return r; 300 } 301 302 r = nfc_hci_send_event(hdev, NFC_HCI_RF_READER_A_GATE, 303 NFC_HCI_EVT_END_OPERATION, NULL, 0); 304 if (r < 0) 305 return r; 306 307 r = nfc_hci_get_param(hdev, NFC_HCI_ID_MGMT_GATE, 308 NFC_HCI_ID_MGMT_VERSION_SW, &skb); 309 if (r < 0) 310 return r; 311 312 if (skb->len != FULL_VERSION_LEN) { 313 kfree_skb(skb); 314 return -EINVAL; 315 } 316 317 print_hex_dump(KERN_DEBUG, "FULL VERSION SOFTWARE INFO: ", 318 DUMP_PREFIX_NONE, 16, 1, 319 skb->data, FULL_VERSION_LEN, false); 320 321 kfree_skb(skb); 322 323 return 0; 324 } 325 326 static int st21nfca_hci_xmit(struct nfc_hci_dev *hdev, struct sk_buff *skb) 327 { 328 struct st21nfca_hci_info *info = nfc_hci_get_clientdata(hdev); 329 330 return info->phy_ops->write(info->phy_id, skb); 331 } 332 333 static int st21nfca_hci_start_poll(struct nfc_hci_dev *hdev, 334 u32 im_protocols, u32 tm_protocols) 335 { 336 int r; 337 u32 pol_req; 338 u8 param[19]; 339 struct sk_buff *datarate_skb; 340 341 pr_info(DRIVER_DESC ": %s protocols 0x%x 0x%x\n", 342 __func__, im_protocols, tm_protocols); 343 344 r = nfc_hci_send_event(hdev, NFC_HCI_RF_READER_A_GATE, 345 NFC_HCI_EVT_END_OPERATION, NULL, 0); 346 if (r < 0) 347 return r; 348 if (im_protocols) { 349 /* 350 * enable polling according to im_protocols & tm_protocols 351 * - CLOSE pipe according to im_protocols & tm_protocols 352 */ 353 if ((NFC_HCI_RF_READER_B_GATE & im_protocols) == 0) { 354 r = nfc_hci_disconnect_gate(hdev, 355 NFC_HCI_RF_READER_B_GATE); 356 if (r < 0) 357 return r; 358 } 359 360 if ((NFC_HCI_RF_READER_A_GATE & im_protocols) == 0) { 361 r = nfc_hci_disconnect_gate(hdev, 362 NFC_HCI_RF_READER_A_GATE); 363 if (r < 0) 364 return r; 365 } 366 367 if ((ST21NFCA_RF_READER_F_GATE & im_protocols) == 0) { 368 r = nfc_hci_disconnect_gate(hdev, 369 ST21NFCA_RF_READER_F_GATE); 370 if (r < 0) 371 return r; 372 } else { 373 hdev->gb = nfc_get_local_general_bytes(hdev->ndev, 374 &hdev->gb_len); 375 376 if (hdev->gb == NULL || hdev->gb_len == 0) { 377 im_protocols &= ~NFC_PROTO_NFC_DEP_MASK; 378 tm_protocols &= ~NFC_PROTO_NFC_DEP_MASK; 379 } 380 381 param[0] = ST21NFCA_RF_READER_F_DATARATE_106 | 382 ST21NFCA_RF_READER_F_DATARATE_212 | 383 ST21NFCA_RF_READER_F_DATARATE_424; 384 r = nfc_hci_set_param(hdev, ST21NFCA_RF_READER_F_GATE, 385 ST21NFCA_RF_READER_F_DATARATE, 386 param, 1); 387 if (r < 0) 388 return r; 389 390 pol_req = be32_to_cpu((__force __be32) 391 ST21NFCA_RF_READER_F_POL_REQ_DEFAULT); 392 r = nfc_hci_set_param(hdev, ST21NFCA_RF_READER_F_GATE, 393 ST21NFCA_RF_READER_F_POL_REQ, 394 (u8 *) &pol_req, 4); 395 if (r < 0) 396 return r; 397 } 398 399 if ((ST21NFCA_RF_READER_14443_3_A_GATE & im_protocols) == 0) { 400 r = nfc_hci_disconnect_gate(hdev, 401 ST21NFCA_RF_READER_14443_3_A_GATE); 402 if (r < 0) 403 return r; 404 } 405 406 if ((ST21NFCA_RF_READER_ISO15693_GATE & im_protocols) == 0) { 407 r = nfc_hci_disconnect_gate(hdev, 408 ST21NFCA_RF_READER_ISO15693_GATE); 409 if (r < 0) 410 return r; 411 } 412 413 r = nfc_hci_send_event(hdev, NFC_HCI_RF_READER_A_GATE, 414 NFC_HCI_EVT_READER_REQUESTED, NULL, 0); 415 if (r < 0) 416 nfc_hci_send_event(hdev, NFC_HCI_RF_READER_A_GATE, 417 NFC_HCI_EVT_END_OPERATION, NULL, 0); 418 } 419 420 if (tm_protocols & NFC_PROTO_NFC_DEP_MASK) { 421 r = nfc_hci_get_param(hdev, ST21NFCA_RF_CARD_F_GATE, 422 ST21NFCA_RF_CARD_F_DATARATE, 423 &datarate_skb); 424 if (r < 0) 425 return r; 426 427 /* Configure the maximum supported datarate to 424Kbps */ 428 if (datarate_skb->len > 0 && 429 datarate_skb->data[0] != 430 ST21NFCA_RF_CARD_F_DATARATE_212_424) { 431 param[0] = ST21NFCA_RF_CARD_F_DATARATE_212_424; 432 r = nfc_hci_set_param(hdev, ST21NFCA_RF_CARD_F_GATE, 433 ST21NFCA_RF_CARD_F_DATARATE, 434 param, 1); 435 if (r < 0) { 436 kfree_skb(datarate_skb); 437 return r; 438 } 439 } 440 kfree_skb(datarate_skb); 441 442 /* 443 * Configure sens_res 444 * 445 * NFC Forum Digital Spec Table 7: 446 * NFCID1 size: triple (10 bytes) 447 */ 448 param[0] = 0x00; 449 param[1] = 0x08; 450 r = nfc_hci_set_param(hdev, ST21NFCA_RF_CARD_F_GATE, 451 ST21NFCA_RF_CARD_F_SENS_RES, param, 2); 452 if (r < 0) 453 return r; 454 455 /* 456 * Configure sel_res 457 * 458 * NFC Forum Digistal Spec Table 17: 459 * b3 set to 0b (value b7-b6): 460 * - 10b: Configured for NFC-DEP Protocol 461 */ 462 param[0] = 0x40; 463 r = nfc_hci_set_param(hdev, ST21NFCA_RF_CARD_F_GATE, 464 ST21NFCA_RF_CARD_F_SEL_RES, param, 1); 465 if (r < 0) 466 return r; 467 468 /* Configure NFCID1 Random uid */ 469 r = nfc_hci_set_param(hdev, ST21NFCA_RF_CARD_F_GATE, 470 ST21NFCA_RF_CARD_F_NFCID1, NULL, 0); 471 if (r < 0) 472 return r; 473 474 /* Configure NFCID2_LIST */ 475 /* System Code */ 476 param[0] = 0x00; 477 param[1] = 0x00; 478 /* NFCID2 */ 479 param[2] = 0x01; 480 param[3] = 0xfe; 481 param[4] = 'S'; 482 param[5] = 'T'; 483 param[6] = 'M'; 484 param[7] = 'i'; 485 param[8] = 'c'; 486 param[9] = 'r'; 487 /* 8 byte Pad bytes used for polling respone frame */ 488 489 /* 490 * Configuration byte: 491 * - bit 0: define the default NFCID2 entry used when the 492 * system code is equal to 'FFFF' 493 * - bit 1: use a random value for lowest 6 bytes of 494 * NFCID2 value 495 * - bit 2: ignore polling request frame if request code 496 * is equal to '01' 497 * - Other bits are RFU 498 */ 499 param[18] = 0x01; 500 r = nfc_hci_set_param(hdev, ST21NFCA_RF_CARD_F_GATE, 501 ST21NFCA_RF_CARD_F_NFCID2_LIST, param, 502 19); 503 if (r < 0) 504 return r; 505 506 param[0] = 0x02; 507 r = nfc_hci_set_param(hdev, ST21NFCA_RF_CARD_F_GATE, 508 ST21NFCA_RF_CARD_F_MODE, param, 1); 509 } 510 511 return r; 512 } 513 514 static void st21nfca_hci_stop_poll(struct nfc_hci_dev *hdev) 515 { 516 nfc_hci_send_cmd(hdev, ST21NFCA_DEVICE_MGNT_GATE, 517 ST21NFCA_DM_DISCONNECT, NULL, 0, NULL); 518 } 519 520 static int st21nfca_get_iso14443_3_atqa(struct nfc_hci_dev *hdev, u16 *atqa) 521 { 522 int r; 523 struct sk_buff *atqa_skb = NULL; 524 525 r = nfc_hci_get_param(hdev, ST21NFCA_RF_READER_14443_3_A_GATE, 526 ST21NFCA_RF_READER_14443_3_A_ATQA, &atqa_skb); 527 if (r < 0) 528 goto exit; 529 530 if (atqa_skb->len != 2) { 531 r = -EPROTO; 532 goto exit; 533 } 534 535 *atqa = be16_to_cpu(*(__be16 *) atqa_skb->data); 536 537 exit: 538 kfree_skb(atqa_skb); 539 return r; 540 } 541 542 static int st21nfca_get_iso14443_3_sak(struct nfc_hci_dev *hdev, u8 *sak) 543 { 544 int r; 545 struct sk_buff *sak_skb = NULL; 546 547 r = nfc_hci_get_param(hdev, ST21NFCA_RF_READER_14443_3_A_GATE, 548 ST21NFCA_RF_READER_14443_3_A_SAK, &sak_skb); 549 if (r < 0) 550 goto exit; 551 552 if (sak_skb->len != 1) { 553 r = -EPROTO; 554 goto exit; 555 } 556 557 *sak = sak_skb->data[0]; 558 559 exit: 560 kfree_skb(sak_skb); 561 return r; 562 } 563 564 static int st21nfca_get_iso14443_3_uid(struct nfc_hci_dev *hdev, u8 *uid, 565 int *len) 566 { 567 int r; 568 struct sk_buff *uid_skb = NULL; 569 570 r = nfc_hci_get_param(hdev, ST21NFCA_RF_READER_14443_3_A_GATE, 571 ST21NFCA_RF_READER_14443_3_A_UID, &uid_skb); 572 if (r < 0) 573 goto exit; 574 575 if (uid_skb->len == 0 || uid_skb->len > NFC_NFCID1_MAXSIZE) { 576 r = -EPROTO; 577 goto exit; 578 } 579 580 memcpy(uid, uid_skb->data, uid_skb->len); 581 *len = uid_skb->len; 582 exit: 583 kfree_skb(uid_skb); 584 return r; 585 } 586 587 static int st21nfca_get_iso15693_inventory(struct nfc_hci_dev *hdev, 588 struct nfc_target *target) 589 { 590 int r; 591 struct sk_buff *inventory_skb = NULL; 592 593 r = nfc_hci_get_param(hdev, ST21NFCA_RF_READER_ISO15693_GATE, 594 ST21NFCA_RF_READER_ISO15693_INVENTORY, 595 &inventory_skb); 596 if (r < 0) 597 goto exit; 598 599 skb_pull(inventory_skb, 2); 600 601 if (inventory_skb->len == 0 || 602 inventory_skb->len > NFC_ISO15693_UID_MAXSIZE) { 603 r = -EPROTO; 604 goto exit; 605 } 606 607 memcpy(target->iso15693_uid, inventory_skb->data, inventory_skb->len); 608 target->iso15693_dsfid = inventory_skb->data[1]; 609 target->is_iso15693 = 1; 610 exit: 611 kfree_skb(inventory_skb); 612 return r; 613 } 614 615 static int st21nfca_hci_dep_link_up(struct nfc_hci_dev *hdev, 616 struct nfc_target *target, u8 comm_mode, 617 u8 *gb, size_t gb_len) 618 { 619 struct st21nfca_hci_info *info = nfc_hci_get_clientdata(hdev); 620 621 info->dep_info.idx = target->idx; 622 return st21nfca_im_send_atr_req(hdev, gb, gb_len); 623 } 624 625 static int st21nfca_hci_dep_link_down(struct nfc_hci_dev *hdev) 626 { 627 struct st21nfca_hci_info *info = nfc_hci_get_clientdata(hdev); 628 629 info->state = ST21NFCA_ST_READY; 630 631 return nfc_hci_send_cmd(hdev, ST21NFCA_DEVICE_MGNT_GATE, 632 ST21NFCA_DM_DISCONNECT, NULL, 0, NULL); 633 } 634 635 static int st21nfca_hci_target_from_gate(struct nfc_hci_dev *hdev, u8 gate, 636 struct nfc_target *target) 637 { 638 int r, len; 639 u16 atqa; 640 u8 sak; 641 u8 uid[NFC_NFCID1_MAXSIZE]; 642 643 switch (gate) { 644 case ST21NFCA_RF_READER_F_GATE: 645 target->supported_protocols = NFC_PROTO_FELICA_MASK; 646 break; 647 case ST21NFCA_RF_READER_14443_3_A_GATE: 648 /* ISO14443-3 type 1 or 2 tags */ 649 r = st21nfca_get_iso14443_3_atqa(hdev, &atqa); 650 if (r < 0) 651 return r; 652 if (atqa == 0x000c) { 653 target->supported_protocols = NFC_PROTO_JEWEL_MASK; 654 target->sens_res = 0x0c00; 655 } else { 656 r = st21nfca_get_iso14443_3_sak(hdev, &sak); 657 if (r < 0) 658 return r; 659 660 r = st21nfca_get_iso14443_3_uid(hdev, uid, &len); 661 if (r < 0) 662 return r; 663 664 target->supported_protocols = 665 nfc_hci_sak_to_protocol(sak); 666 if (target->supported_protocols == 0xffffffff) 667 return -EPROTO; 668 669 target->sens_res = atqa; 670 target->sel_res = sak; 671 memcpy(target->nfcid1, uid, len); 672 target->nfcid1_len = len; 673 } 674 675 break; 676 case ST21NFCA_RF_READER_ISO15693_GATE: 677 target->supported_protocols = NFC_PROTO_ISO15693_MASK; 678 r = st21nfca_get_iso15693_inventory(hdev, target); 679 if (r < 0) 680 return r; 681 break; 682 default: 683 return -EPROTO; 684 } 685 686 return 0; 687 } 688 689 static int st21nfca_hci_complete_target_discovered(struct nfc_hci_dev *hdev, 690 u8 gate, 691 struct nfc_target *target) 692 { 693 int r; 694 struct sk_buff *nfcid_skb = NULL; 695 696 if (gate == ST21NFCA_RF_READER_F_GATE) { 697 r = nfc_hci_get_param(hdev, ST21NFCA_RF_READER_F_GATE, 698 ST21NFCA_RF_READER_F_NFCID2, &nfcid_skb); 699 if (r < 0) 700 goto exit; 701 702 if (nfcid_skb->len > NFC_SENSF_RES_MAXSIZE) { 703 r = -EPROTO; 704 goto exit; 705 } 706 707 /* 708 * - After the recepton of polling response for type F frame 709 * at 212 or 424 Kbit/s, NFCID2 registry parameters will be 710 * updated. 711 * - After the reception of SEL_RES with NFCIP-1 compliant bit 712 * set for type A frame NFCID1 will be updated 713 */ 714 if (nfcid_skb->len > 0) { 715 /* P2P in type F */ 716 memcpy(target->sensf_res, nfcid_skb->data, 717 nfcid_skb->len); 718 target->sensf_res_len = nfcid_skb->len; 719 /* NFC Forum Digital Protocol Table 44 */ 720 if (target->sensf_res[0] == 0x01 && 721 target->sensf_res[1] == 0xfe) 722 target->supported_protocols = 723 NFC_PROTO_NFC_DEP_MASK; 724 else 725 target->supported_protocols = 726 NFC_PROTO_FELICA_MASK; 727 } else { 728 kfree_skb(nfcid_skb); 729 /* P2P in type A */ 730 r = nfc_hci_get_param(hdev, ST21NFCA_RF_READER_F_GATE, 731 ST21NFCA_RF_READER_F_NFCID1, 732 &nfcid_skb); 733 if (r < 0) 734 goto exit; 735 736 if (nfcid_skb->len > NFC_NFCID1_MAXSIZE) { 737 r = -EPROTO; 738 goto exit; 739 } 740 memcpy(target->sensf_res, nfcid_skb->data, 741 nfcid_skb->len); 742 target->sensf_res_len = nfcid_skb->len; 743 target->supported_protocols = NFC_PROTO_NFC_DEP_MASK; 744 } 745 target->hci_reader_gate = ST21NFCA_RF_READER_F_GATE; 746 } 747 r = 1; 748 exit: 749 kfree_skb(nfcid_skb); 750 return r; 751 } 752 753 #define ST21NFCA_CB_TYPE_READER_ISO15693 1 754 static void st21nfca_hci_data_exchange_cb(void *context, struct sk_buff *skb, 755 int err) 756 { 757 struct st21nfca_hci_info *info = context; 758 759 switch (info->async_cb_type) { 760 case ST21NFCA_CB_TYPE_READER_ISO15693: 761 if (err == 0) 762 skb_trim(skb, skb->len - 1); 763 info->async_cb(info->async_cb_context, skb, err); 764 break; 765 default: 766 if (err == 0) 767 kfree_skb(skb); 768 break; 769 } 770 } 771 772 /* 773 * Returns: 774 * <= 0: driver handled the data exchange 775 * 1: driver doesn't especially handle, please do standard processing 776 */ 777 static int st21nfca_hci_im_transceive(struct nfc_hci_dev *hdev, 778 struct nfc_target *target, 779 struct sk_buff *skb, 780 data_exchange_cb_t cb, void *cb_context) 781 { 782 struct st21nfca_hci_info *info = nfc_hci_get_clientdata(hdev); 783 784 pr_info(DRIVER_DESC ": %s for gate=%d len=%d\n", __func__, 785 target->hci_reader_gate, skb->len); 786 787 switch (target->hci_reader_gate) { 788 case ST21NFCA_RF_READER_F_GATE: 789 if (target->supported_protocols == NFC_PROTO_NFC_DEP_MASK) 790 return st21nfca_im_send_dep_req(hdev, skb); 791 792 *skb_push(skb, 1) = 0x1a; 793 return nfc_hci_send_cmd_async(hdev, target->hci_reader_gate, 794 ST21NFCA_WR_XCHG_DATA, skb->data, 795 skb->len, cb, cb_context); 796 case ST21NFCA_RF_READER_14443_3_A_GATE: 797 *skb_push(skb, 1) = 0x1a; /* CTR, see spec:10.2.2.1 */ 798 799 return nfc_hci_send_cmd_async(hdev, target->hci_reader_gate, 800 ST21NFCA_WR_XCHG_DATA, skb->data, 801 skb->len, cb, cb_context); 802 case ST21NFCA_RF_READER_ISO15693_GATE: 803 info->async_cb_type = ST21NFCA_CB_TYPE_READER_ISO15693; 804 info->async_cb = cb; 805 info->async_cb_context = cb_context; 806 807 *skb_push(skb, 1) = 0x17; 808 809 return nfc_hci_send_cmd_async(hdev, target->hci_reader_gate, 810 ST21NFCA_WR_XCHG_DATA, skb->data, 811 skb->len, 812 st21nfca_hci_data_exchange_cb, 813 info); 814 break; 815 default: 816 return 1; 817 } 818 } 819 820 static int st21nfca_hci_tm_send(struct nfc_hci_dev *hdev, struct sk_buff *skb) 821 { 822 return st21nfca_tm_send_dep_res(hdev, skb); 823 } 824 825 static int st21nfca_hci_check_presence(struct nfc_hci_dev *hdev, 826 struct nfc_target *target) 827 { 828 u8 fwi = 0x11; 829 830 switch (target->hci_reader_gate) { 831 case NFC_HCI_RF_READER_A_GATE: 832 case NFC_HCI_RF_READER_B_GATE: 833 /* 834 * PRESENCE_CHECK on those gates is available 835 * However, the answer to this command is taking 3 * fwi 836 * if the card is no present. 837 * Instead, we send an empty I-Frame with a very short 838 * configurable fwi ~604µs. 839 */ 840 return nfc_hci_send_cmd(hdev, target->hci_reader_gate, 841 ST21NFCA_WR_XCHG_DATA, &fwi, 1, NULL); 842 case ST21NFCA_RF_READER_14443_3_A_GATE: 843 return nfc_hci_send_cmd(hdev, target->hci_reader_gate, 844 ST21NFCA_RF_READER_CMD_PRESENCE_CHECK, 845 NULL, 0, NULL); 846 default: 847 return -EOPNOTSUPP; 848 } 849 } 850 851 static void st21nfca_hci_cmd_received(struct nfc_hci_dev *hdev, u8 pipe, u8 cmd, 852 struct sk_buff *skb) 853 { 854 struct st21nfca_hci_info *info = nfc_hci_get_clientdata(hdev); 855 u8 gate = hdev->pipes[pipe].gate; 856 857 pr_debug("cmd: %x\n", cmd); 858 859 switch (cmd) { 860 case NFC_HCI_ANY_OPEN_PIPE: 861 if (gate != ST21NFCA_APDU_READER_GATE && 862 hdev->pipes[pipe].dest_host != NFC_HCI_UICC_HOST_ID) 863 info->se_info.count_pipes++; 864 865 if (info->se_info.count_pipes == info->se_info.expected_pipes) { 866 del_timer_sync(&info->se_info.se_active_timer); 867 info->se_info.se_active = false; 868 info->se_info.count_pipes = 0; 869 complete(&info->se_info.req_completion); 870 } 871 break; 872 } 873 } 874 875 static int st21nfca_admin_event_received(struct nfc_hci_dev *hdev, u8 event, 876 struct sk_buff *skb) 877 { 878 struct st21nfca_hci_info *info = nfc_hci_get_clientdata(hdev); 879 880 pr_debug("admin event: %x\n", event); 881 882 switch (event) { 883 case ST21NFCA_EVT_HOT_PLUG: 884 if (info->se_info.se_active) { 885 if (!ST21NFCA_EVT_HOT_PLUG_IS_INHIBITED(skb)) { 886 del_timer_sync(&info->se_info.se_active_timer); 887 info->se_info.se_active = false; 888 complete(&info->se_info.req_completion); 889 } else { 890 mod_timer(&info->se_info.se_active_timer, 891 jiffies + 892 msecs_to_jiffies(ST21NFCA_SE_TO_PIPES)); 893 } 894 } 895 break; 896 default: 897 nfc_err(&hdev->ndev->dev, "Unexpected event on admin gate\n"); 898 } 899 kfree_skb(skb); 900 return 0; 901 } 902 903 /* 904 * Returns: 905 * <= 0: driver handled the event, skb consumed 906 * 1: driver does not handle the event, please do standard processing 907 */ 908 static int st21nfca_hci_event_received(struct nfc_hci_dev *hdev, u8 pipe, 909 u8 event, struct sk_buff *skb) 910 { 911 u8 gate = hdev->pipes[pipe].gate; 912 u8 host = hdev->pipes[pipe].dest_host; 913 914 pr_debug("hci event: %d gate: %x\n", event, gate); 915 916 switch (gate) { 917 case NFC_HCI_ADMIN_GATE: 918 return st21nfca_admin_event_received(hdev, event, skb); 919 case ST21NFCA_RF_CARD_F_GATE: 920 return st21nfca_dep_event_received(hdev, event, skb); 921 case ST21NFCA_CONNECTIVITY_GATE: 922 return st21nfca_connectivity_event_received(hdev, host, 923 event, skb); 924 case ST21NFCA_APDU_READER_GATE: 925 return st21nfca_apdu_reader_event_received(hdev, event, skb); 926 case NFC_HCI_LOOPBACK_GATE: 927 return st21nfca_hci_loopback_event_received(hdev, event, skb); 928 default: 929 return 1; 930 } 931 } 932 933 static struct nfc_hci_ops st21nfca_hci_ops = { 934 .open = st21nfca_hci_open, 935 .close = st21nfca_hci_close, 936 .load_session = st21nfca_hci_load_session, 937 .hci_ready = st21nfca_hci_ready, 938 .xmit = st21nfca_hci_xmit, 939 .start_poll = st21nfca_hci_start_poll, 940 .stop_poll = st21nfca_hci_stop_poll, 941 .dep_link_up = st21nfca_hci_dep_link_up, 942 .dep_link_down = st21nfca_hci_dep_link_down, 943 .target_from_gate = st21nfca_hci_target_from_gate, 944 .complete_target_discovered = st21nfca_hci_complete_target_discovered, 945 .im_transceive = st21nfca_hci_im_transceive, 946 .tm_send = st21nfca_hci_tm_send, 947 .check_presence = st21nfca_hci_check_presence, 948 .event_received = st21nfca_hci_event_received, 949 .cmd_received = st21nfca_hci_cmd_received, 950 .discover_se = st21nfca_hci_discover_se, 951 .enable_se = st21nfca_hci_enable_se, 952 .disable_se = st21nfca_hci_disable_se, 953 .se_io = st21nfca_hci_se_io, 954 }; 955 956 int st21nfca_hci_probe(void *phy_id, struct nfc_phy_ops *phy_ops, 957 char *llc_name, int phy_headroom, int phy_tailroom, 958 int phy_payload, struct nfc_hci_dev **hdev, 959 struct st21nfca_se_status *se_status) 960 { 961 struct st21nfca_hci_info *info; 962 int r = 0; 963 int dev_num; 964 u32 protocols; 965 struct nfc_hci_init_data init_data; 966 unsigned long quirks = 0; 967 968 info = kzalloc(sizeof(struct st21nfca_hci_info), GFP_KERNEL); 969 if (!info) { 970 r = -ENOMEM; 971 goto err_alloc_hdev; 972 } 973 974 info->phy_ops = phy_ops; 975 info->phy_id = phy_id; 976 info->state = ST21NFCA_ST_COLD; 977 mutex_init(&info->info_lock); 978 979 init_data.gate_count = ARRAY_SIZE(st21nfca_gates); 980 981 memcpy(init_data.gates, st21nfca_gates, sizeof(st21nfca_gates)); 982 983 /* 984 * Session id must include the driver name + i2c bus addr 985 * persistent info to discriminate 2 identical chips 986 */ 987 dev_num = find_first_zero_bit(dev_mask, ST21NFCA_NUM_DEVICES); 988 if (dev_num >= ST21NFCA_NUM_DEVICES) 989 return -ENODEV; 990 991 set_bit(dev_num, dev_mask); 992 993 scnprintf(init_data.session_id, sizeof(init_data.session_id), "%s%2x", 994 "ST21AH", dev_num); 995 996 protocols = NFC_PROTO_JEWEL_MASK | 997 NFC_PROTO_MIFARE_MASK | 998 NFC_PROTO_FELICA_MASK | 999 NFC_PROTO_ISO14443_MASK | 1000 NFC_PROTO_ISO14443_B_MASK | 1001 NFC_PROTO_ISO15693_MASK | 1002 NFC_PROTO_NFC_DEP_MASK; 1003 1004 set_bit(NFC_HCI_QUIRK_SHORT_CLEAR, &quirks); 1005 1006 info->hdev = 1007 nfc_hci_allocate_device(&st21nfca_hci_ops, &init_data, quirks, 1008 protocols, llc_name, 1009 phy_headroom + ST21NFCA_CMDS_HEADROOM, 1010 phy_tailroom, phy_payload); 1011 1012 if (!info->hdev) { 1013 pr_err("Cannot allocate nfc hdev.\n"); 1014 r = -ENOMEM; 1015 goto err_alloc_hdev; 1016 } 1017 1018 info->se_status = se_status; 1019 1020 nfc_hci_set_clientdata(info->hdev, info); 1021 1022 r = nfc_hci_register_device(info->hdev); 1023 if (r) 1024 goto err_regdev; 1025 1026 *hdev = info->hdev; 1027 st21nfca_dep_init(info->hdev); 1028 st21nfca_se_init(info->hdev); 1029 st21nfca_vendor_cmds_init(info->hdev); 1030 1031 return 0; 1032 1033 err_regdev: 1034 nfc_hci_free_device(info->hdev); 1035 1036 err_alloc_hdev: 1037 kfree(info); 1038 1039 return r; 1040 } 1041 EXPORT_SYMBOL(st21nfca_hci_probe); 1042 1043 void st21nfca_hci_remove(struct nfc_hci_dev *hdev) 1044 { 1045 struct st21nfca_hci_info *info = nfc_hci_get_clientdata(hdev); 1046 1047 st21nfca_dep_deinit(hdev); 1048 st21nfca_se_deinit(hdev); 1049 nfc_hci_unregister_device(hdev); 1050 nfc_hci_free_device(hdev); 1051 kfree(info); 1052 } 1053 EXPORT_SYMBOL(st21nfca_hci_remove); 1054 1055 MODULE_LICENSE("GPL"); 1056 MODULE_DESCRIPTION(DRIVER_DESC); 1057