1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * HCI based Driver for STMicroelectronics NFC Chip 4 * 5 * Copyright (C) 2014 STMicroelectronics SAS. All rights reserved. 6 */ 7 8 #include <linux/module.h> 9 #include <linux/nfc.h> 10 #include <net/nfc/hci.h> 11 #include <net/nfc/llc.h> 12 13 #include "st21nfca.h" 14 15 #define DRIVER_DESC "HCI NFC driver for ST21NFCA" 16 17 #define FULL_VERSION_LEN 3 18 19 /* Proprietary gates, events, commands and registers */ 20 21 /* Commands that apply to all RF readers */ 22 #define ST21NFCA_RF_READER_CMD_PRESENCE_CHECK 0x30 23 24 #define ST21NFCA_RF_READER_ISO15693_GATE 0x12 25 #define ST21NFCA_RF_READER_ISO15693_INVENTORY 0x01 26 27 /* 28 * Reader gate for communication with contact-less cards using Type A 29 * protocol ISO14443-3 but not compliant with ISO14443-4 30 */ 31 #define ST21NFCA_RF_READER_14443_3_A_GATE 0x15 32 #define ST21NFCA_RF_READER_14443_3_A_UID 0x02 33 #define ST21NFCA_RF_READER_14443_3_A_ATQA 0x03 34 #define ST21NFCA_RF_READER_14443_3_A_SAK 0x04 35 36 #define ST21NFCA_RF_READER_F_DATARATE 0x01 37 #define ST21NFCA_RF_READER_F_DATARATE_106 0x01 38 #define ST21NFCA_RF_READER_F_DATARATE_212 0x02 39 #define ST21NFCA_RF_READER_F_DATARATE_424 0x04 40 #define ST21NFCA_RF_READER_F_POL_REQ 0x02 41 #define ST21NFCA_RF_READER_F_POL_REQ_DEFAULT 0xffff0000 42 #define ST21NFCA_RF_READER_F_NFCID2 0x03 43 #define ST21NFCA_RF_READER_F_NFCID1 0x04 44 45 #define ST21NFCA_RF_CARD_F_MODE 0x01 46 #define ST21NFCA_RF_CARD_F_NFCID2_LIST 0x04 47 #define ST21NFCA_RF_CARD_F_NFCID1 0x05 48 #define ST21NFCA_RF_CARD_F_SENS_RES 0x06 49 #define ST21NFCA_RF_CARD_F_SEL_RES 0x07 50 #define ST21NFCA_RF_CARD_F_DATARATE 0x08 51 #define ST21NFCA_RF_CARD_F_DATARATE_212_424 0x01 52 53 #define ST21NFCA_DEVICE_MGNT_PIPE 0x02 54 55 #define ST21NFCA_DM_GETINFO 0x13 56 #define ST21NFCA_DM_GETINFO_PIPE_LIST 0x02 57 #define ST21NFCA_DM_GETINFO_PIPE_INFO 0x01 58 #define ST21NFCA_DM_PIPE_CREATED 0x02 59 #define ST21NFCA_DM_PIPE_OPEN 0x04 60 #define ST21NFCA_DM_RF_ACTIVE 0x80 61 #define ST21NFCA_DM_DISCONNECT 0x30 62 63 #define ST21NFCA_DM_IS_PIPE_OPEN(p) \ 64 ((p & 0x0f) == (ST21NFCA_DM_PIPE_CREATED | ST21NFCA_DM_PIPE_OPEN)) 65 66 #define ST21NFCA_NFC_MODE 0x03 /* NFC_MODE parameter*/ 67 68 #define ST21NFCA_EVT_HOT_PLUG 0x03 69 #define ST21NFCA_EVT_HOT_PLUG_IS_INHIBITED(x) (x->data[0] & 0x80) 70 71 #define ST21NFCA_SE_TO_PIPES 2000 72 73 static DECLARE_BITMAP(dev_mask, ST21NFCA_NUM_DEVICES); 74 75 static const struct nfc_hci_gate st21nfca_gates[] = { 76 {NFC_HCI_ADMIN_GATE, NFC_HCI_ADMIN_PIPE}, 77 {NFC_HCI_LINK_MGMT_GATE, NFC_HCI_LINK_MGMT_PIPE}, 78 {ST21NFCA_DEVICE_MGNT_GATE, ST21NFCA_DEVICE_MGNT_PIPE}, 79 80 {NFC_HCI_LOOPBACK_GATE, NFC_HCI_INVALID_PIPE}, 81 {NFC_HCI_ID_MGMT_GATE, NFC_HCI_INVALID_PIPE}, 82 {NFC_HCI_RF_READER_B_GATE, NFC_HCI_INVALID_PIPE}, 83 {NFC_HCI_RF_READER_A_GATE, NFC_HCI_INVALID_PIPE}, 84 {ST21NFCA_RF_READER_F_GATE, NFC_HCI_INVALID_PIPE}, 85 {ST21NFCA_RF_READER_14443_3_A_GATE, NFC_HCI_INVALID_PIPE}, 86 {ST21NFCA_RF_READER_ISO15693_GATE, NFC_HCI_INVALID_PIPE}, 87 {ST21NFCA_RF_CARD_F_GATE, NFC_HCI_INVALID_PIPE}, 88 89 /* Secure element pipes are created by secure element host */ 90 {ST21NFCA_CONNECTIVITY_GATE, NFC_HCI_DO_NOT_CREATE_PIPE}, 91 {ST21NFCA_APDU_READER_GATE, NFC_HCI_DO_NOT_CREATE_PIPE}, 92 }; 93 94 struct st21nfca_pipe_info { 95 u8 pipe_state; 96 u8 src_host_id; 97 u8 src_gate_id; 98 u8 dst_host_id; 99 u8 dst_gate_id; 100 } __packed; 101 102 /* Largest headroom needed for outgoing custom commands */ 103 #define ST21NFCA_CMDS_HEADROOM 7 104 105 static int st21nfca_hci_load_session(struct nfc_hci_dev *hdev) 106 { 107 int i, j, r; 108 struct sk_buff *skb_pipe_list, *skb_pipe_info; 109 struct st21nfca_pipe_info *info; 110 111 u8 pipe_list[] = { ST21NFCA_DM_GETINFO_PIPE_LIST, 112 NFC_HCI_TERMINAL_HOST_ID 113 }; 114 u8 pipe_info[] = { ST21NFCA_DM_GETINFO_PIPE_INFO, 115 NFC_HCI_TERMINAL_HOST_ID, 0 116 }; 117 118 /* On ST21NFCA device pipes number are dynamics 119 * A maximum of 16 pipes can be created at the same time 120 * If pipes are already created, hci_dev_up will fail. 121 * Doing a clear all pipe is a bad idea because: 122 * - It does useless EEPROM cycling 123 * - It might cause issue for secure elements support 124 * (such as removing connectivity or APDU reader pipe) 125 * A better approach on ST21NFCA is to: 126 * - get a pipe list for each host. 127 * (eg: NFC_HCI_HOST_CONTROLLER_ID for now). 128 * (TODO Later on UICC HOST and eSE HOST) 129 * - get pipe information 130 * - match retrieved pipe list in st21nfca_gates 131 * ST21NFCA_DEVICE_MGNT_GATE is a proprietary gate 132 * with ST21NFCA_DEVICE_MGNT_PIPE. 133 * Pipe can be closed and need to be open. 134 */ 135 r = nfc_hci_connect_gate(hdev, NFC_HCI_HOST_CONTROLLER_ID, 136 ST21NFCA_DEVICE_MGNT_GATE, 137 ST21NFCA_DEVICE_MGNT_PIPE); 138 if (r < 0) 139 return r; 140 141 /* Get pipe list */ 142 r = nfc_hci_send_cmd(hdev, ST21NFCA_DEVICE_MGNT_GATE, 143 ST21NFCA_DM_GETINFO, pipe_list, sizeof(pipe_list), 144 &skb_pipe_list); 145 if (r < 0) 146 return r; 147 148 /* Complete the existing gate_pipe table */ 149 for (i = 0; i < skb_pipe_list->len; i++) { 150 pipe_info[2] = skb_pipe_list->data[i]; 151 r = nfc_hci_send_cmd(hdev, ST21NFCA_DEVICE_MGNT_GATE, 152 ST21NFCA_DM_GETINFO, pipe_info, 153 sizeof(pipe_info), &skb_pipe_info); 154 if (r) 155 continue; 156 157 /* 158 * Match pipe ID and gate ID 159 * Output format from ST21NFC_DM_GETINFO is: 160 * - pipe state (1byte) 161 * - source hid (1byte) 162 * - source gid (1byte) 163 * - destination hid (1byte) 164 * - destination gid (1byte) 165 */ 166 info = (struct st21nfca_pipe_info *) skb_pipe_info->data; 167 if (info->dst_gate_id == ST21NFCA_APDU_READER_GATE && 168 info->src_host_id == NFC_HCI_UICC_HOST_ID) { 169 pr_err("Unexpected apdu_reader pipe on host %x\n", 170 info->src_host_id); 171 kfree_skb(skb_pipe_info); 172 continue; 173 } 174 175 for (j = 3; (j < ARRAY_SIZE(st21nfca_gates)) && 176 (st21nfca_gates[j].gate != info->dst_gate_id) ; j++) 177 ; 178 179 if (j < ARRAY_SIZE(st21nfca_gates) && 180 st21nfca_gates[j].gate == info->dst_gate_id && 181 ST21NFCA_DM_IS_PIPE_OPEN(info->pipe_state)) { 182 hdev->init_data.gates[j].pipe = pipe_info[2]; 183 184 hdev->gate2pipe[st21nfca_gates[j].gate] = 185 pipe_info[2]; 186 hdev->pipes[pipe_info[2]].gate = 187 st21nfca_gates[j].gate; 188 hdev->pipes[pipe_info[2]].dest_host = 189 info->src_host_id; 190 } 191 kfree_skb(skb_pipe_info); 192 } 193 194 /* 195 * 3 gates have a well known pipe ID. Only NFC_HCI_LINK_MGMT_GATE 196 * is not yet open at this stage. 197 */ 198 r = nfc_hci_connect_gate(hdev, NFC_HCI_HOST_CONTROLLER_ID, 199 NFC_HCI_LINK_MGMT_GATE, 200 NFC_HCI_LINK_MGMT_PIPE); 201 202 kfree_skb(skb_pipe_list); 203 return r; 204 } 205 206 static int st21nfca_hci_open(struct nfc_hci_dev *hdev) 207 { 208 struct st21nfca_hci_info *info = nfc_hci_get_clientdata(hdev); 209 int r; 210 211 mutex_lock(&info->info_lock); 212 213 if (info->state != ST21NFCA_ST_COLD) { 214 r = -EBUSY; 215 goto out; 216 } 217 218 r = info->phy_ops->enable(info->phy_id); 219 220 if (r == 0) 221 info->state = ST21NFCA_ST_READY; 222 223 out: 224 mutex_unlock(&info->info_lock); 225 return r; 226 } 227 228 static void st21nfca_hci_close(struct nfc_hci_dev *hdev) 229 { 230 struct st21nfca_hci_info *info = nfc_hci_get_clientdata(hdev); 231 232 mutex_lock(&info->info_lock); 233 234 if (info->state == ST21NFCA_ST_COLD) 235 goto out; 236 237 info->phy_ops->disable(info->phy_id); 238 info->state = ST21NFCA_ST_COLD; 239 240 out: 241 mutex_unlock(&info->info_lock); 242 } 243 244 static int st21nfca_hci_ready(struct nfc_hci_dev *hdev) 245 { 246 struct st21nfca_hci_info *info = nfc_hci_get_clientdata(hdev); 247 struct sk_buff *skb; 248 249 u8 param; 250 u8 white_list[2]; 251 int wl_size = 0; 252 int r; 253 254 if (info->se_status->is_uicc_present) 255 white_list[wl_size++] = NFC_HCI_UICC_HOST_ID; 256 if (info->se_status->is_ese_present) 257 white_list[wl_size++] = ST21NFCA_ESE_HOST_ID; 258 259 if (wl_size) { 260 r = nfc_hci_set_param(hdev, NFC_HCI_ADMIN_GATE, 261 NFC_HCI_ADMIN_WHITELIST, 262 (u8 *) &white_list, wl_size); 263 if (r < 0) 264 return r; 265 } 266 267 /* Set NFC_MODE in device management gate to enable */ 268 r = nfc_hci_get_param(hdev, ST21NFCA_DEVICE_MGNT_GATE, 269 ST21NFCA_NFC_MODE, &skb); 270 if (r < 0) 271 return r; 272 273 param = skb->data[0]; 274 kfree_skb(skb); 275 if (param == 0) { 276 param = 1; 277 278 r = nfc_hci_set_param(hdev, ST21NFCA_DEVICE_MGNT_GATE, 279 ST21NFCA_NFC_MODE, ¶m, 1); 280 if (r < 0) 281 return r; 282 } 283 284 r = nfc_hci_send_event(hdev, NFC_HCI_RF_READER_A_GATE, 285 NFC_HCI_EVT_END_OPERATION, NULL, 0); 286 if (r < 0) 287 return r; 288 289 r = nfc_hci_get_param(hdev, NFC_HCI_ID_MGMT_GATE, 290 NFC_HCI_ID_MGMT_VERSION_SW, &skb); 291 if (r < 0) 292 return r; 293 294 if (skb->len != FULL_VERSION_LEN) { 295 kfree_skb(skb); 296 return -EINVAL; 297 } 298 299 print_hex_dump(KERN_DEBUG, "FULL VERSION SOFTWARE INFO: ", 300 DUMP_PREFIX_NONE, 16, 1, 301 skb->data, FULL_VERSION_LEN, false); 302 303 kfree_skb(skb); 304 305 return 0; 306 } 307 308 static int st21nfca_hci_xmit(struct nfc_hci_dev *hdev, struct sk_buff *skb) 309 { 310 struct st21nfca_hci_info *info = nfc_hci_get_clientdata(hdev); 311 312 return info->phy_ops->write(info->phy_id, skb); 313 } 314 315 static int st21nfca_hci_start_poll(struct nfc_hci_dev *hdev, 316 u32 im_protocols, u32 tm_protocols) 317 { 318 int r; 319 u32 pol_req; 320 u8 param[19]; 321 struct sk_buff *datarate_skb; 322 323 pr_info(DRIVER_DESC ": %s protocols 0x%x 0x%x\n", 324 __func__, im_protocols, tm_protocols); 325 326 r = nfc_hci_send_event(hdev, NFC_HCI_RF_READER_A_GATE, 327 NFC_HCI_EVT_END_OPERATION, NULL, 0); 328 if (r < 0) 329 return r; 330 if (im_protocols) { 331 /* 332 * enable polling according to im_protocols & tm_protocols 333 * - CLOSE pipe according to im_protocols & tm_protocols 334 */ 335 if ((NFC_HCI_RF_READER_B_GATE & im_protocols) == 0) { 336 r = nfc_hci_disconnect_gate(hdev, 337 NFC_HCI_RF_READER_B_GATE); 338 if (r < 0) 339 return r; 340 } 341 342 if ((NFC_HCI_RF_READER_A_GATE & im_protocols) == 0) { 343 r = nfc_hci_disconnect_gate(hdev, 344 NFC_HCI_RF_READER_A_GATE); 345 if (r < 0) 346 return r; 347 } 348 349 if ((ST21NFCA_RF_READER_F_GATE & im_protocols) == 0) { 350 r = nfc_hci_disconnect_gate(hdev, 351 ST21NFCA_RF_READER_F_GATE); 352 if (r < 0) 353 return r; 354 } else { 355 hdev->gb = nfc_get_local_general_bytes(hdev->ndev, 356 &hdev->gb_len); 357 358 if (hdev->gb == NULL || hdev->gb_len == 0) { 359 im_protocols &= ~NFC_PROTO_NFC_DEP_MASK; 360 tm_protocols &= ~NFC_PROTO_NFC_DEP_MASK; 361 } 362 363 param[0] = ST21NFCA_RF_READER_F_DATARATE_106 | 364 ST21NFCA_RF_READER_F_DATARATE_212 | 365 ST21NFCA_RF_READER_F_DATARATE_424; 366 r = nfc_hci_set_param(hdev, ST21NFCA_RF_READER_F_GATE, 367 ST21NFCA_RF_READER_F_DATARATE, 368 param, 1); 369 if (r < 0) 370 return r; 371 372 pol_req = be32_to_cpu((__force __be32) 373 ST21NFCA_RF_READER_F_POL_REQ_DEFAULT); 374 r = nfc_hci_set_param(hdev, ST21NFCA_RF_READER_F_GATE, 375 ST21NFCA_RF_READER_F_POL_REQ, 376 (u8 *) &pol_req, 4); 377 if (r < 0) 378 return r; 379 } 380 381 if ((ST21NFCA_RF_READER_14443_3_A_GATE & im_protocols) == 0) { 382 r = nfc_hci_disconnect_gate(hdev, 383 ST21NFCA_RF_READER_14443_3_A_GATE); 384 if (r < 0) 385 return r; 386 } 387 388 if ((ST21NFCA_RF_READER_ISO15693_GATE & im_protocols) == 0) { 389 r = nfc_hci_disconnect_gate(hdev, 390 ST21NFCA_RF_READER_ISO15693_GATE); 391 if (r < 0) 392 return r; 393 } 394 395 r = nfc_hci_send_event(hdev, NFC_HCI_RF_READER_A_GATE, 396 NFC_HCI_EVT_READER_REQUESTED, NULL, 0); 397 if (r < 0) 398 nfc_hci_send_event(hdev, NFC_HCI_RF_READER_A_GATE, 399 NFC_HCI_EVT_END_OPERATION, NULL, 0); 400 } 401 402 if (tm_protocols & NFC_PROTO_NFC_DEP_MASK) { 403 r = nfc_hci_get_param(hdev, ST21NFCA_RF_CARD_F_GATE, 404 ST21NFCA_RF_CARD_F_DATARATE, 405 &datarate_skb); 406 if (r < 0) 407 return r; 408 409 /* Configure the maximum supported datarate to 424Kbps */ 410 if (datarate_skb->len > 0 && 411 datarate_skb->data[0] != 412 ST21NFCA_RF_CARD_F_DATARATE_212_424) { 413 param[0] = ST21NFCA_RF_CARD_F_DATARATE_212_424; 414 r = nfc_hci_set_param(hdev, ST21NFCA_RF_CARD_F_GATE, 415 ST21NFCA_RF_CARD_F_DATARATE, 416 param, 1); 417 if (r < 0) { 418 kfree_skb(datarate_skb); 419 return r; 420 } 421 } 422 kfree_skb(datarate_skb); 423 424 /* 425 * Configure sens_res 426 * 427 * NFC Forum Digital Spec Table 7: 428 * NFCID1 size: triple (10 bytes) 429 */ 430 param[0] = 0x00; 431 param[1] = 0x08; 432 r = nfc_hci_set_param(hdev, ST21NFCA_RF_CARD_F_GATE, 433 ST21NFCA_RF_CARD_F_SENS_RES, param, 2); 434 if (r < 0) 435 return r; 436 437 /* 438 * Configure sel_res 439 * 440 * NFC Forum Digistal Spec Table 17: 441 * b3 set to 0b (value b7-b6): 442 * - 10b: Configured for NFC-DEP Protocol 443 */ 444 param[0] = 0x40; 445 r = nfc_hci_set_param(hdev, ST21NFCA_RF_CARD_F_GATE, 446 ST21NFCA_RF_CARD_F_SEL_RES, param, 1); 447 if (r < 0) 448 return r; 449 450 /* Configure NFCID1 Random uid */ 451 r = nfc_hci_set_param(hdev, ST21NFCA_RF_CARD_F_GATE, 452 ST21NFCA_RF_CARD_F_NFCID1, NULL, 0); 453 if (r < 0) 454 return r; 455 456 /* Configure NFCID2_LIST */ 457 /* System Code */ 458 param[0] = 0x00; 459 param[1] = 0x00; 460 /* NFCID2 */ 461 param[2] = 0x01; 462 param[3] = 0xfe; 463 param[4] = 'S'; 464 param[5] = 'T'; 465 param[6] = 'M'; 466 param[7] = 'i'; 467 param[8] = 'c'; 468 param[9] = 'r'; 469 /* 8 byte Pad bytes used for polling respone frame */ 470 471 /* 472 * Configuration byte: 473 * - bit 0: define the default NFCID2 entry used when the 474 * system code is equal to 'FFFF' 475 * - bit 1: use a random value for lowest 6 bytes of 476 * NFCID2 value 477 * - bit 2: ignore polling request frame if request code 478 * is equal to '01' 479 * - Other bits are RFU 480 */ 481 param[18] = 0x01; 482 r = nfc_hci_set_param(hdev, ST21NFCA_RF_CARD_F_GATE, 483 ST21NFCA_RF_CARD_F_NFCID2_LIST, param, 484 19); 485 if (r < 0) 486 return r; 487 488 param[0] = 0x02; 489 r = nfc_hci_set_param(hdev, ST21NFCA_RF_CARD_F_GATE, 490 ST21NFCA_RF_CARD_F_MODE, param, 1); 491 } 492 493 return r; 494 } 495 496 static void st21nfca_hci_stop_poll(struct nfc_hci_dev *hdev) 497 { 498 nfc_hci_send_cmd(hdev, ST21NFCA_DEVICE_MGNT_GATE, 499 ST21NFCA_DM_DISCONNECT, NULL, 0, NULL); 500 } 501 502 static int st21nfca_get_iso14443_3_atqa(struct nfc_hci_dev *hdev, u16 *atqa) 503 { 504 int r; 505 struct sk_buff *atqa_skb = NULL; 506 507 r = nfc_hci_get_param(hdev, ST21NFCA_RF_READER_14443_3_A_GATE, 508 ST21NFCA_RF_READER_14443_3_A_ATQA, &atqa_skb); 509 if (r < 0) 510 goto exit; 511 512 if (atqa_skb->len != 2) { 513 r = -EPROTO; 514 goto exit; 515 } 516 517 *atqa = be16_to_cpu(*(__be16 *) atqa_skb->data); 518 519 exit: 520 kfree_skb(atqa_skb); 521 return r; 522 } 523 524 static int st21nfca_get_iso14443_3_sak(struct nfc_hci_dev *hdev, u8 *sak) 525 { 526 int r; 527 struct sk_buff *sak_skb = NULL; 528 529 r = nfc_hci_get_param(hdev, ST21NFCA_RF_READER_14443_3_A_GATE, 530 ST21NFCA_RF_READER_14443_3_A_SAK, &sak_skb); 531 if (r < 0) 532 goto exit; 533 534 if (sak_skb->len != 1) { 535 r = -EPROTO; 536 goto exit; 537 } 538 539 *sak = sak_skb->data[0]; 540 541 exit: 542 kfree_skb(sak_skb); 543 return r; 544 } 545 546 static int st21nfca_get_iso14443_3_uid(struct nfc_hci_dev *hdev, u8 *uid, 547 int *len) 548 { 549 int r; 550 struct sk_buff *uid_skb = NULL; 551 552 r = nfc_hci_get_param(hdev, ST21NFCA_RF_READER_14443_3_A_GATE, 553 ST21NFCA_RF_READER_14443_3_A_UID, &uid_skb); 554 if (r < 0) 555 goto exit; 556 557 if (uid_skb->len == 0 || uid_skb->len > NFC_NFCID1_MAXSIZE) { 558 r = -EPROTO; 559 goto exit; 560 } 561 562 memcpy(uid, uid_skb->data, uid_skb->len); 563 *len = uid_skb->len; 564 exit: 565 kfree_skb(uid_skb); 566 return r; 567 } 568 569 static int st21nfca_get_iso15693_inventory(struct nfc_hci_dev *hdev, 570 struct nfc_target *target) 571 { 572 int r; 573 struct sk_buff *inventory_skb = NULL; 574 575 r = nfc_hci_get_param(hdev, ST21NFCA_RF_READER_ISO15693_GATE, 576 ST21NFCA_RF_READER_ISO15693_INVENTORY, 577 &inventory_skb); 578 if (r < 0) 579 goto exit; 580 581 skb_pull(inventory_skb, 2); 582 583 if (inventory_skb->len == 0 || 584 inventory_skb->len > NFC_ISO15693_UID_MAXSIZE) { 585 r = -EPROTO; 586 goto exit; 587 } 588 589 memcpy(target->iso15693_uid, inventory_skb->data, inventory_skb->len); 590 target->iso15693_dsfid = inventory_skb->data[1]; 591 target->is_iso15693 = 1; 592 exit: 593 kfree_skb(inventory_skb); 594 return r; 595 } 596 597 static int st21nfca_hci_dep_link_up(struct nfc_hci_dev *hdev, 598 struct nfc_target *target, u8 comm_mode, 599 u8 *gb, size_t gb_len) 600 { 601 struct st21nfca_hci_info *info = nfc_hci_get_clientdata(hdev); 602 603 info->dep_info.idx = target->idx; 604 return st21nfca_im_send_atr_req(hdev, gb, gb_len); 605 } 606 607 static int st21nfca_hci_dep_link_down(struct nfc_hci_dev *hdev) 608 { 609 struct st21nfca_hci_info *info = nfc_hci_get_clientdata(hdev); 610 611 info->state = ST21NFCA_ST_READY; 612 613 return nfc_hci_send_cmd(hdev, ST21NFCA_DEVICE_MGNT_GATE, 614 ST21NFCA_DM_DISCONNECT, NULL, 0, NULL); 615 } 616 617 static int st21nfca_hci_target_from_gate(struct nfc_hci_dev *hdev, u8 gate, 618 struct nfc_target *target) 619 { 620 int r, len; 621 u16 atqa; 622 u8 sak; 623 u8 uid[NFC_NFCID1_MAXSIZE]; 624 625 switch (gate) { 626 case ST21NFCA_RF_READER_F_GATE: 627 target->supported_protocols = NFC_PROTO_FELICA_MASK; 628 break; 629 case ST21NFCA_RF_READER_14443_3_A_GATE: 630 /* ISO14443-3 type 1 or 2 tags */ 631 r = st21nfca_get_iso14443_3_atqa(hdev, &atqa); 632 if (r < 0) 633 return r; 634 if (atqa == 0x000c) { 635 target->supported_protocols = NFC_PROTO_JEWEL_MASK; 636 target->sens_res = 0x0c00; 637 } else { 638 r = st21nfca_get_iso14443_3_sak(hdev, &sak); 639 if (r < 0) 640 return r; 641 642 r = st21nfca_get_iso14443_3_uid(hdev, uid, &len); 643 if (r < 0) 644 return r; 645 646 target->supported_protocols = 647 nfc_hci_sak_to_protocol(sak); 648 if (target->supported_protocols == 0xffffffff) 649 return -EPROTO; 650 651 target->sens_res = atqa; 652 target->sel_res = sak; 653 memcpy(target->nfcid1, uid, len); 654 target->nfcid1_len = len; 655 } 656 657 break; 658 case ST21NFCA_RF_READER_ISO15693_GATE: 659 target->supported_protocols = NFC_PROTO_ISO15693_MASK; 660 r = st21nfca_get_iso15693_inventory(hdev, target); 661 if (r < 0) 662 return r; 663 break; 664 default: 665 return -EPROTO; 666 } 667 668 return 0; 669 } 670 671 static int st21nfca_hci_complete_target_discovered(struct nfc_hci_dev *hdev, 672 u8 gate, 673 struct nfc_target *target) 674 { 675 int r; 676 struct sk_buff *nfcid_skb = NULL; 677 678 if (gate == ST21NFCA_RF_READER_F_GATE) { 679 r = nfc_hci_get_param(hdev, ST21NFCA_RF_READER_F_GATE, 680 ST21NFCA_RF_READER_F_NFCID2, &nfcid_skb); 681 if (r < 0) 682 goto exit; 683 684 if (nfcid_skb->len > NFC_SENSF_RES_MAXSIZE) { 685 r = -EPROTO; 686 goto exit; 687 } 688 689 /* 690 * - After the recepton of polling response for type F frame 691 * at 212 or 424 Kbit/s, NFCID2 registry parameters will be 692 * updated. 693 * - After the reception of SEL_RES with NFCIP-1 compliant bit 694 * set for type A frame NFCID1 will be updated 695 */ 696 if (nfcid_skb->len > 0) { 697 /* P2P in type F */ 698 memcpy(target->sensf_res, nfcid_skb->data, 699 nfcid_skb->len); 700 target->sensf_res_len = nfcid_skb->len; 701 /* NFC Forum Digital Protocol Table 44 */ 702 if (target->sensf_res[0] == 0x01 && 703 target->sensf_res[1] == 0xfe) 704 target->supported_protocols = 705 NFC_PROTO_NFC_DEP_MASK; 706 else 707 target->supported_protocols = 708 NFC_PROTO_FELICA_MASK; 709 } else { 710 kfree_skb(nfcid_skb); 711 nfcid_skb = NULL; 712 /* P2P in type A */ 713 r = nfc_hci_get_param(hdev, ST21NFCA_RF_READER_F_GATE, 714 ST21NFCA_RF_READER_F_NFCID1, 715 &nfcid_skb); 716 if (r < 0) 717 goto exit; 718 719 if (nfcid_skb->len > NFC_NFCID1_MAXSIZE) { 720 r = -EPROTO; 721 goto exit; 722 } 723 memcpy(target->sensf_res, nfcid_skb->data, 724 nfcid_skb->len); 725 target->sensf_res_len = nfcid_skb->len; 726 target->supported_protocols = NFC_PROTO_NFC_DEP_MASK; 727 } 728 target->hci_reader_gate = ST21NFCA_RF_READER_F_GATE; 729 } 730 r = 1; 731 exit: 732 kfree_skb(nfcid_skb); 733 return r; 734 } 735 736 #define ST21NFCA_CB_TYPE_READER_ISO15693 1 737 static void st21nfca_hci_data_exchange_cb(void *context, struct sk_buff *skb, 738 int err) 739 { 740 struct st21nfca_hci_info *info = context; 741 742 switch (info->async_cb_type) { 743 case ST21NFCA_CB_TYPE_READER_ISO15693: 744 if (err == 0) 745 skb_trim(skb, skb->len - 1); 746 info->async_cb(info->async_cb_context, skb, err); 747 break; 748 default: 749 if (err == 0) 750 kfree_skb(skb); 751 break; 752 } 753 } 754 755 /* 756 * Returns: 757 * <= 0: driver handled the data exchange 758 * 1: driver doesn't especially handle, please do standard processing 759 */ 760 static int st21nfca_hci_im_transceive(struct nfc_hci_dev *hdev, 761 struct nfc_target *target, 762 struct sk_buff *skb, 763 data_exchange_cb_t cb, void *cb_context) 764 { 765 struct st21nfca_hci_info *info = nfc_hci_get_clientdata(hdev); 766 767 pr_info(DRIVER_DESC ": %s for gate=%d len=%d\n", __func__, 768 target->hci_reader_gate, skb->len); 769 770 switch (target->hci_reader_gate) { 771 case ST21NFCA_RF_READER_F_GATE: 772 if (target->supported_protocols == NFC_PROTO_NFC_DEP_MASK) 773 return st21nfca_im_send_dep_req(hdev, skb); 774 775 *(u8 *)skb_push(skb, 1) = 0x1a; 776 return nfc_hci_send_cmd_async(hdev, target->hci_reader_gate, 777 ST21NFCA_WR_XCHG_DATA, skb->data, 778 skb->len, cb, cb_context); 779 case ST21NFCA_RF_READER_14443_3_A_GATE: 780 *(u8 *)skb_push(skb, 1) = 0x1a; /* CTR, see spec:10.2.2.1 */ 781 782 return nfc_hci_send_cmd_async(hdev, target->hci_reader_gate, 783 ST21NFCA_WR_XCHG_DATA, skb->data, 784 skb->len, cb, cb_context); 785 case ST21NFCA_RF_READER_ISO15693_GATE: 786 info->async_cb_type = ST21NFCA_CB_TYPE_READER_ISO15693; 787 info->async_cb = cb; 788 info->async_cb_context = cb_context; 789 790 *(u8 *)skb_push(skb, 1) = 0x17; 791 792 return nfc_hci_send_cmd_async(hdev, target->hci_reader_gate, 793 ST21NFCA_WR_XCHG_DATA, skb->data, 794 skb->len, 795 st21nfca_hci_data_exchange_cb, 796 info); 797 default: 798 return 1; 799 } 800 } 801 802 static int st21nfca_hci_tm_send(struct nfc_hci_dev *hdev, struct sk_buff *skb) 803 { 804 return st21nfca_tm_send_dep_res(hdev, skb); 805 } 806 807 static int st21nfca_hci_check_presence(struct nfc_hci_dev *hdev, 808 struct nfc_target *target) 809 { 810 u8 fwi = 0x11; 811 812 switch (target->hci_reader_gate) { 813 case NFC_HCI_RF_READER_A_GATE: 814 case NFC_HCI_RF_READER_B_GATE: 815 /* 816 * PRESENCE_CHECK on those gates is available 817 * However, the answer to this command is taking 3 * fwi 818 * if the card is no present. 819 * Instead, we send an empty I-Frame with a very short 820 * configurable fwi ~604µs. 821 */ 822 return nfc_hci_send_cmd(hdev, target->hci_reader_gate, 823 ST21NFCA_WR_XCHG_DATA, &fwi, 1, NULL); 824 case ST21NFCA_RF_READER_14443_3_A_GATE: 825 return nfc_hci_send_cmd(hdev, target->hci_reader_gate, 826 ST21NFCA_RF_READER_CMD_PRESENCE_CHECK, 827 NULL, 0, NULL); 828 default: 829 return -EOPNOTSUPP; 830 } 831 } 832 833 static void st21nfca_hci_cmd_received(struct nfc_hci_dev *hdev, u8 pipe, u8 cmd, 834 struct sk_buff *skb) 835 { 836 struct st21nfca_hci_info *info = nfc_hci_get_clientdata(hdev); 837 u8 gate = hdev->pipes[pipe].gate; 838 839 pr_debug("cmd: %x\n", cmd); 840 841 switch (cmd) { 842 case NFC_HCI_ANY_OPEN_PIPE: 843 if (gate != ST21NFCA_APDU_READER_GATE && 844 hdev->pipes[pipe].dest_host != NFC_HCI_UICC_HOST_ID) 845 info->se_info.count_pipes++; 846 847 if (info->se_info.count_pipes == info->se_info.expected_pipes) { 848 del_timer_sync(&info->se_info.se_active_timer); 849 info->se_info.se_active = false; 850 info->se_info.count_pipes = 0; 851 complete(&info->se_info.req_completion); 852 } 853 break; 854 } 855 } 856 857 static int st21nfca_admin_event_received(struct nfc_hci_dev *hdev, u8 event, 858 struct sk_buff *skb) 859 { 860 struct st21nfca_hci_info *info = nfc_hci_get_clientdata(hdev); 861 862 pr_debug("admin event: %x\n", event); 863 864 switch (event) { 865 case ST21NFCA_EVT_HOT_PLUG: 866 if (info->se_info.se_active) { 867 if (!ST21NFCA_EVT_HOT_PLUG_IS_INHIBITED(skb)) { 868 del_timer_sync(&info->se_info.se_active_timer); 869 info->se_info.se_active = false; 870 complete(&info->se_info.req_completion); 871 } else { 872 mod_timer(&info->se_info.se_active_timer, 873 jiffies + 874 msecs_to_jiffies(ST21NFCA_SE_TO_PIPES)); 875 } 876 } 877 break; 878 default: 879 nfc_err(&hdev->ndev->dev, "Unexpected event on admin gate\n"); 880 } 881 kfree_skb(skb); 882 return 0; 883 } 884 885 /* 886 * Returns: 887 * <= 0: driver handled the event, skb consumed 888 * 1: driver does not handle the event, please do standard processing 889 */ 890 static int st21nfca_hci_event_received(struct nfc_hci_dev *hdev, u8 pipe, 891 u8 event, struct sk_buff *skb) 892 { 893 u8 gate = hdev->pipes[pipe].gate; 894 u8 host = hdev->pipes[pipe].dest_host; 895 896 pr_debug("hci event: %d gate: %x\n", event, gate); 897 898 switch (gate) { 899 case NFC_HCI_ADMIN_GATE: 900 return st21nfca_admin_event_received(hdev, event, skb); 901 case ST21NFCA_RF_CARD_F_GATE: 902 return st21nfca_dep_event_received(hdev, event, skb); 903 case ST21NFCA_CONNECTIVITY_GATE: 904 return st21nfca_connectivity_event_received(hdev, host, 905 event, skb); 906 case ST21NFCA_APDU_READER_GATE: 907 return st21nfca_apdu_reader_event_received(hdev, event, skb); 908 case NFC_HCI_LOOPBACK_GATE: 909 return st21nfca_hci_loopback_event_received(hdev, event, skb); 910 default: 911 return 1; 912 } 913 } 914 915 static const struct nfc_hci_ops st21nfca_hci_ops = { 916 .open = st21nfca_hci_open, 917 .close = st21nfca_hci_close, 918 .load_session = st21nfca_hci_load_session, 919 .hci_ready = st21nfca_hci_ready, 920 .xmit = st21nfca_hci_xmit, 921 .start_poll = st21nfca_hci_start_poll, 922 .stop_poll = st21nfca_hci_stop_poll, 923 .dep_link_up = st21nfca_hci_dep_link_up, 924 .dep_link_down = st21nfca_hci_dep_link_down, 925 .target_from_gate = st21nfca_hci_target_from_gate, 926 .complete_target_discovered = st21nfca_hci_complete_target_discovered, 927 .im_transceive = st21nfca_hci_im_transceive, 928 .tm_send = st21nfca_hci_tm_send, 929 .check_presence = st21nfca_hci_check_presence, 930 .event_received = st21nfca_hci_event_received, 931 .cmd_received = st21nfca_hci_cmd_received, 932 .discover_se = st21nfca_hci_discover_se, 933 .enable_se = st21nfca_hci_enable_se, 934 .disable_se = st21nfca_hci_disable_se, 935 .se_io = st21nfca_hci_se_io, 936 }; 937 938 int st21nfca_hci_probe(void *phy_id, const struct nfc_phy_ops *phy_ops, 939 char *llc_name, int phy_headroom, int phy_tailroom, 940 int phy_payload, struct nfc_hci_dev **hdev, 941 struct st21nfca_se_status *se_status) 942 { 943 struct st21nfca_hci_info *info; 944 int r = 0; 945 int dev_num; 946 u32 protocols; 947 struct nfc_hci_init_data init_data; 948 unsigned long quirks = 0; 949 950 info = kzalloc(sizeof(struct st21nfca_hci_info), GFP_KERNEL); 951 if (!info) 952 return -ENOMEM; 953 954 info->phy_ops = phy_ops; 955 info->phy_id = phy_id; 956 info->state = ST21NFCA_ST_COLD; 957 mutex_init(&info->info_lock); 958 959 init_data.gate_count = ARRAY_SIZE(st21nfca_gates); 960 961 memcpy(init_data.gates, st21nfca_gates, sizeof(st21nfca_gates)); 962 963 /* 964 * Session id must include the driver name + i2c bus addr 965 * persistent info to discriminate 2 identical chips 966 */ 967 dev_num = find_first_zero_bit(dev_mask, ST21NFCA_NUM_DEVICES); 968 if (dev_num >= ST21NFCA_NUM_DEVICES) { 969 r = -ENODEV; 970 goto err_alloc_hdev; 971 } 972 973 set_bit(dev_num, dev_mask); 974 975 scnprintf(init_data.session_id, sizeof(init_data.session_id), "%s%2x", 976 "ST21AH", dev_num); 977 978 protocols = NFC_PROTO_JEWEL_MASK | 979 NFC_PROTO_MIFARE_MASK | 980 NFC_PROTO_FELICA_MASK | 981 NFC_PROTO_ISO14443_MASK | 982 NFC_PROTO_ISO14443_B_MASK | 983 NFC_PROTO_ISO15693_MASK | 984 NFC_PROTO_NFC_DEP_MASK; 985 986 set_bit(NFC_HCI_QUIRK_SHORT_CLEAR, &quirks); 987 988 info->hdev = 989 nfc_hci_allocate_device(&st21nfca_hci_ops, &init_data, quirks, 990 protocols, llc_name, 991 phy_headroom + ST21NFCA_CMDS_HEADROOM, 992 phy_tailroom, phy_payload); 993 994 if (!info->hdev) { 995 pr_err("Cannot allocate nfc hdev.\n"); 996 r = -ENOMEM; 997 goto err_alloc_hdev; 998 } 999 1000 info->se_status = se_status; 1001 1002 nfc_hci_set_clientdata(info->hdev, info); 1003 1004 r = nfc_hci_register_device(info->hdev); 1005 if (r) 1006 goto err_regdev; 1007 1008 *hdev = info->hdev; 1009 st21nfca_dep_init(info->hdev); 1010 st21nfca_se_init(info->hdev); 1011 st21nfca_vendor_cmds_init(info->hdev); 1012 1013 return 0; 1014 1015 err_regdev: 1016 nfc_hci_free_device(info->hdev); 1017 1018 err_alloc_hdev: 1019 kfree(info); 1020 1021 return r; 1022 } 1023 EXPORT_SYMBOL(st21nfca_hci_probe); 1024 1025 void st21nfca_hci_remove(struct nfc_hci_dev *hdev) 1026 { 1027 struct st21nfca_hci_info *info = nfc_hci_get_clientdata(hdev); 1028 1029 st21nfca_dep_deinit(hdev); 1030 st21nfca_se_deinit(hdev); 1031 nfc_hci_unregister_device(hdev); 1032 nfc_hci_free_device(hdev); 1033 kfree(info); 1034 } 1035 EXPORT_SYMBOL(st21nfca_hci_remove); 1036 1037 MODULE_LICENSE("GPL"); 1038 MODULE_DESCRIPTION(DRIVER_DESC); 1039