xref: /linux/net/nfc/digital_technology.c (revision 6fdcba32711044c35c0e1b094cbd8f3f0b4472c9)
1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  * NFC Digital Protocol stack
4  * Copyright (c) 2013, Intel Corporation.
5  */
6 
7 #define pr_fmt(fmt) "digital: %s: " fmt, __func__
8 
9 #include "digital.h"
10 
11 #define DIGITAL_CMD_SENS_REQ    0x26
12 #define DIGITAL_CMD_ALL_REQ     0x52
13 #define DIGITAL_CMD_SEL_REQ_CL1 0x93
14 #define DIGITAL_CMD_SEL_REQ_CL2 0x95
15 #define DIGITAL_CMD_SEL_REQ_CL3 0x97
16 
17 #define DIGITAL_SDD_REQ_SEL_PAR 0x20
18 
19 #define DIGITAL_SDD_RES_CT  0x88
20 #define DIGITAL_SDD_RES_LEN 5
21 #define DIGITAL_SEL_RES_LEN 1
22 
23 #define DIGITAL_SEL_RES_NFCID1_COMPLETE(sel_res) (!((sel_res) & 0x04))
24 #define DIGITAL_SEL_RES_IS_T2T(sel_res) (!((sel_res) & 0x60))
25 #define DIGITAL_SEL_RES_IS_T4T(sel_res) ((sel_res) & 0x20)
26 #define DIGITAL_SEL_RES_IS_NFC_DEP(sel_res) ((sel_res) & 0x40)
27 
28 #define DIGITAL_SENS_RES_IS_T1T(sens_res) (((sens_res) & 0x0C00) == 0x0C00)
29 #define DIGITAL_SENS_RES_IS_VALID(sens_res) \
30 	((!((sens_res) & 0x001F) && (((sens_res) & 0x0C00) == 0x0C00)) || \
31 	(((sens_res) & 0x001F) && ((sens_res) & 0x0C00) != 0x0C00))
32 
33 #define DIGITAL_MIFARE_READ_RES_LEN 16
34 #define DIGITAL_MIFARE_ACK_RES	0x0A
35 
36 #define DIGITAL_CMD_SENSB_REQ			0x05
37 #define DIGITAL_SENSB_ADVANCED			BIT(5)
38 #define DIGITAL_SENSB_EXTENDED			BIT(4)
39 #define DIGITAL_SENSB_ALLB_REQ			BIT(3)
40 #define DIGITAL_SENSB_N(n)			((n) & 0x7)
41 
42 #define DIGITAL_CMD_SENSB_RES			0x50
43 
44 #define DIGITAL_CMD_ATTRIB_REQ			0x1D
45 #define DIGITAL_ATTRIB_P1_TR0_DEFAULT		(0x0 << 6)
46 #define DIGITAL_ATTRIB_P1_TR1_DEFAULT		(0x0 << 4)
47 #define DIGITAL_ATTRIB_P1_SUPRESS_EOS		BIT(3)
48 #define DIGITAL_ATTRIB_P1_SUPRESS_SOS		BIT(2)
49 #define DIGITAL_ATTRIB_P2_LISTEN_POLL_1		(0x0 << 6)
50 #define DIGITAL_ATTRIB_P2_POLL_LISTEN_1		(0x0 << 4)
51 #define DIGITAL_ATTRIB_P2_MAX_FRAME_256		0x8
52 #define DIGITAL_ATTRIB_P4_DID(n)		((n) & 0xf)
53 
54 #define DIGITAL_CMD_SENSF_REQ	0x00
55 #define DIGITAL_CMD_SENSF_RES	0x01
56 
57 #define DIGITAL_SENSF_RES_MIN_LENGTH 17
58 #define DIGITAL_SENSF_RES_RD_AP_B1   0x00
59 #define DIGITAL_SENSF_RES_RD_AP_B2   0x8F
60 
61 #define DIGITAL_SENSF_REQ_RC_NONE 0
62 #define DIGITAL_SENSF_REQ_RC_SC   1
63 #define DIGITAL_SENSF_REQ_RC_AP   2
64 
65 #define DIGITAL_CMD_ISO15693_INVENTORY_REQ	0x01
66 
67 #define DIGITAL_ISO15693_REQ_FLAG_DATA_RATE	BIT(1)
68 #define DIGITAL_ISO15693_REQ_FLAG_INVENTORY	BIT(2)
69 #define DIGITAL_ISO15693_REQ_FLAG_NB_SLOTS	BIT(5)
70 #define DIGITAL_ISO15693_RES_FLAG_ERROR		BIT(0)
71 #define DIGITAL_ISO15693_RES_IS_VALID(flags) \
72 	(!((flags) & DIGITAL_ISO15693_RES_FLAG_ERROR))
73 
74 #define DIGITAL_ISO_DEP_I_PCB	 0x02
75 #define DIGITAL_ISO_DEP_PNI(pni) ((pni) & 0x01)
76 
77 #define DIGITAL_ISO_DEP_PCB_TYPE(pcb) ((pcb) & 0xC0)
78 
79 #define DIGITAL_ISO_DEP_I_BLOCK 0x00
80 
81 #define DIGITAL_ISO_DEP_BLOCK_HAS_DID(pcb) ((pcb) & 0x08)
82 
83 static const u8 digital_ats_fsc[] = {
84 	 16,  24,  32,  40,  48,  64,  96, 128,
85 };
86 
87 #define DIGITAL_ATS_FSCI(t0) ((t0) & 0x0F)
88 #define DIGITAL_SENSB_FSCI(pi2) (((pi2) & 0xF0) >> 4)
89 #define DIGITAL_ATS_MAX_FSC  256
90 
91 #define DIGITAL_RATS_BYTE1 0xE0
92 #define DIGITAL_RATS_PARAM 0x80
93 
94 struct digital_sdd_res {
95 	u8 nfcid1[4];
96 	u8 bcc;
97 } __packed;
98 
99 struct digital_sel_req {
100 	u8 sel_cmd;
101 	u8 b2;
102 	u8 nfcid1[4];
103 	u8 bcc;
104 } __packed;
105 
106 struct digital_sensb_req {
107 	u8 cmd;
108 	u8 afi;
109 	u8 param;
110 } __packed;
111 
112 struct digital_sensb_res {
113 	u8 cmd;
114 	u8 nfcid0[4];
115 	u8 app_data[4];
116 	u8 proto_info[3];
117 } __packed;
118 
119 struct digital_attrib_req {
120 	u8 cmd;
121 	u8 nfcid0[4];
122 	u8 param1;
123 	u8 param2;
124 	u8 param3;
125 	u8 param4;
126 } __packed;
127 
128 struct digital_attrib_res {
129 	u8 mbli_did;
130 } __packed;
131 
132 struct digital_sensf_req {
133 	u8 cmd;
134 	u8 sc1;
135 	u8 sc2;
136 	u8 rc;
137 	u8 tsn;
138 } __packed;
139 
140 struct digital_sensf_res {
141 	u8 cmd;
142 	u8 nfcid2[8];
143 	u8 pad0[2];
144 	u8 pad1[3];
145 	u8 mrti_check;
146 	u8 mrti_update;
147 	u8 pad2;
148 	u8 rd[2];
149 } __packed;
150 
151 struct digital_iso15693_inv_req {
152 	u8 flags;
153 	u8 cmd;
154 	u8 mask_len;
155 	u64 mask;
156 } __packed;
157 
158 struct digital_iso15693_inv_res {
159 	u8 flags;
160 	u8 dsfid;
161 	u64 uid;
162 } __packed;
163 
164 static int digital_in_send_sdd_req(struct nfc_digital_dev *ddev,
165 				   struct nfc_target *target);
166 
167 int digital_in_iso_dep_pull_sod(struct nfc_digital_dev *ddev,
168 				struct sk_buff *skb)
169 {
170 	u8 pcb;
171 	u8 block_type;
172 
173 	if (skb->len < 1)
174 		return -EIO;
175 
176 	pcb = *skb->data;
177 	block_type = DIGITAL_ISO_DEP_PCB_TYPE(pcb);
178 
179 	/* No support fo R-block nor S-block */
180 	if (block_type != DIGITAL_ISO_DEP_I_BLOCK) {
181 		pr_err("ISO_DEP R-block and S-block not supported\n");
182 		return -EIO;
183 	}
184 
185 	if (DIGITAL_ISO_DEP_BLOCK_HAS_DID(pcb)) {
186 		pr_err("DID field in ISO_DEP PCB not supported\n");
187 		return -EIO;
188 	}
189 
190 	skb_pull(skb, 1);
191 
192 	return 0;
193 }
194 
195 int digital_in_iso_dep_push_sod(struct nfc_digital_dev *ddev,
196 				struct sk_buff *skb)
197 {
198 	/*
199 	 * Chaining not supported so skb->len + 1 PCB byte + 2 CRC bytes must
200 	 * not be greater than remote FSC
201 	 */
202 	if (skb->len + 3 > ddev->target_fsc)
203 		return -EIO;
204 
205 	skb_push(skb, 1);
206 
207 	*skb->data = DIGITAL_ISO_DEP_I_PCB | ddev->curr_nfc_dep_pni;
208 
209 	ddev->curr_nfc_dep_pni =
210 		DIGITAL_ISO_DEP_PNI(ddev->curr_nfc_dep_pni + 1);
211 
212 	return 0;
213 }
214 
215 static void digital_in_recv_ats(struct nfc_digital_dev *ddev, void *arg,
216 				struct sk_buff *resp)
217 {
218 	struct nfc_target *target = arg;
219 	u8 fsdi;
220 	int rc;
221 
222 	if (IS_ERR(resp)) {
223 		rc = PTR_ERR(resp);
224 		resp = NULL;
225 		goto exit;
226 	}
227 
228 	if (resp->len < 2) {
229 		rc = -EIO;
230 		goto exit;
231 	}
232 
233 	fsdi = DIGITAL_ATS_FSCI(resp->data[1]);
234 	if (fsdi >= 8)
235 		ddev->target_fsc = DIGITAL_ATS_MAX_FSC;
236 	else
237 		ddev->target_fsc = digital_ats_fsc[fsdi];
238 
239 	ddev->curr_nfc_dep_pni = 0;
240 
241 	rc = digital_target_found(ddev, target, NFC_PROTO_ISO14443);
242 
243 exit:
244 	dev_kfree_skb(resp);
245 	kfree(target);
246 
247 	if (rc)
248 		digital_poll_next_tech(ddev);
249 }
250 
251 static int digital_in_send_rats(struct nfc_digital_dev *ddev,
252 				struct nfc_target *target)
253 {
254 	int rc;
255 	struct sk_buff *skb;
256 
257 	skb = digital_skb_alloc(ddev, 2);
258 	if (!skb)
259 		return -ENOMEM;
260 
261 	skb_put_u8(skb, DIGITAL_RATS_BYTE1);
262 	skb_put_u8(skb, DIGITAL_RATS_PARAM);
263 
264 	rc = digital_in_send_cmd(ddev, skb, 30, digital_in_recv_ats,
265 				 target);
266 	if (rc)
267 		kfree_skb(skb);
268 
269 	return rc;
270 }
271 
272 static void digital_in_recv_sel_res(struct nfc_digital_dev *ddev, void *arg,
273 				    struct sk_buff *resp)
274 {
275 	struct nfc_target *target = arg;
276 	int rc;
277 	u8 sel_res;
278 	u8 nfc_proto;
279 
280 	if (IS_ERR(resp)) {
281 		rc = PTR_ERR(resp);
282 		resp = NULL;
283 		goto exit;
284 	}
285 
286 	if (!DIGITAL_DRV_CAPS_IN_CRC(ddev)) {
287 		rc = digital_skb_check_crc_a(resp);
288 		if (rc) {
289 			PROTOCOL_ERR("4.4.1.3");
290 			goto exit;
291 		}
292 	}
293 
294 	if (resp->len != DIGITAL_SEL_RES_LEN) {
295 		rc = -EIO;
296 		goto exit;
297 	}
298 
299 	sel_res = resp->data[0];
300 
301 	if (!DIGITAL_SEL_RES_NFCID1_COMPLETE(sel_res)) {
302 		rc = digital_in_send_sdd_req(ddev, target);
303 		if (rc)
304 			goto exit;
305 
306 		goto exit_free_skb;
307 	}
308 
309 	target->sel_res = sel_res;
310 
311 	if (DIGITAL_SEL_RES_IS_T2T(sel_res)) {
312 		nfc_proto = NFC_PROTO_MIFARE;
313 	} else if (DIGITAL_SEL_RES_IS_NFC_DEP(sel_res)) {
314 		nfc_proto = NFC_PROTO_NFC_DEP;
315 	} else if (DIGITAL_SEL_RES_IS_T4T(sel_res)) {
316 		rc = digital_in_send_rats(ddev, target);
317 		if (rc)
318 			goto exit;
319 		/*
320 		 * Skip target_found and don't free it for now. This will be
321 		 * done when receiving the ATS
322 		 */
323 		goto exit_free_skb;
324 	} else {
325 		rc = -EOPNOTSUPP;
326 		goto exit;
327 	}
328 
329 	rc = digital_target_found(ddev, target, nfc_proto);
330 
331 exit:
332 	kfree(target);
333 
334 exit_free_skb:
335 	dev_kfree_skb(resp);
336 
337 	if (rc)
338 		digital_poll_next_tech(ddev);
339 }
340 
341 static int digital_in_send_sel_req(struct nfc_digital_dev *ddev,
342 				   struct nfc_target *target,
343 				   struct digital_sdd_res *sdd_res)
344 {
345 	struct sk_buff *skb;
346 	struct digital_sel_req *sel_req;
347 	u8 sel_cmd;
348 	int rc;
349 
350 	skb = digital_skb_alloc(ddev, sizeof(struct digital_sel_req));
351 	if (!skb)
352 		return -ENOMEM;
353 
354 	skb_put(skb, sizeof(struct digital_sel_req));
355 	sel_req = (struct digital_sel_req *)skb->data;
356 
357 	if (target->nfcid1_len <= 4)
358 		sel_cmd = DIGITAL_CMD_SEL_REQ_CL1;
359 	else if (target->nfcid1_len < 10)
360 		sel_cmd = DIGITAL_CMD_SEL_REQ_CL2;
361 	else
362 		sel_cmd = DIGITAL_CMD_SEL_REQ_CL3;
363 
364 	sel_req->sel_cmd = sel_cmd;
365 	sel_req->b2 = 0x70;
366 	memcpy(sel_req->nfcid1, sdd_res->nfcid1, 4);
367 	sel_req->bcc = sdd_res->bcc;
368 
369 	if (DIGITAL_DRV_CAPS_IN_CRC(ddev)) {
370 		rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
371 				NFC_DIGITAL_FRAMING_NFCA_STANDARD_WITH_CRC_A);
372 		if (rc)
373 			goto exit;
374 	} else {
375 		digital_skb_add_crc_a(skb);
376 	}
377 
378 	rc = digital_in_send_cmd(ddev, skb, 30, digital_in_recv_sel_res,
379 				 target);
380 exit:
381 	if (rc)
382 		kfree_skb(skb);
383 
384 	return rc;
385 }
386 
387 static void digital_in_recv_sdd_res(struct nfc_digital_dev *ddev, void *arg,
388 				    struct sk_buff *resp)
389 {
390 	struct nfc_target *target = arg;
391 	struct digital_sdd_res *sdd_res;
392 	int rc;
393 	u8 offset, size;
394 	u8 i, bcc;
395 
396 	if (IS_ERR(resp)) {
397 		rc = PTR_ERR(resp);
398 		resp = NULL;
399 		goto exit;
400 	}
401 
402 	if (resp->len < DIGITAL_SDD_RES_LEN) {
403 		PROTOCOL_ERR("4.7.2.8");
404 		rc = -EINVAL;
405 		goto exit;
406 	}
407 
408 	sdd_res = (struct digital_sdd_res *)resp->data;
409 
410 	for (i = 0, bcc = 0; i < 4; i++)
411 		bcc ^= sdd_res->nfcid1[i];
412 
413 	if (bcc != sdd_res->bcc) {
414 		PROTOCOL_ERR("4.7.2.6");
415 		rc = -EINVAL;
416 		goto exit;
417 	}
418 
419 	if (sdd_res->nfcid1[0] == DIGITAL_SDD_RES_CT) {
420 		offset = 1;
421 		size = 3;
422 	} else {
423 		offset = 0;
424 		size = 4;
425 	}
426 
427 	memcpy(target->nfcid1 + target->nfcid1_len, sdd_res->nfcid1 + offset,
428 	       size);
429 	target->nfcid1_len += size;
430 
431 	rc = digital_in_send_sel_req(ddev, target, sdd_res);
432 
433 exit:
434 	dev_kfree_skb(resp);
435 
436 	if (rc) {
437 		kfree(target);
438 		digital_poll_next_tech(ddev);
439 	}
440 }
441 
442 static int digital_in_send_sdd_req(struct nfc_digital_dev *ddev,
443 				   struct nfc_target *target)
444 {
445 	int rc;
446 	struct sk_buff *skb;
447 	u8 sel_cmd;
448 
449 	rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
450 				     NFC_DIGITAL_FRAMING_NFCA_STANDARD);
451 	if (rc)
452 		return rc;
453 
454 	skb = digital_skb_alloc(ddev, 2);
455 	if (!skb)
456 		return -ENOMEM;
457 
458 	if (target->nfcid1_len == 0)
459 		sel_cmd = DIGITAL_CMD_SEL_REQ_CL1;
460 	else if (target->nfcid1_len == 3)
461 		sel_cmd = DIGITAL_CMD_SEL_REQ_CL2;
462 	else
463 		sel_cmd = DIGITAL_CMD_SEL_REQ_CL3;
464 
465 	skb_put_u8(skb, sel_cmd);
466 	skb_put_u8(skb, DIGITAL_SDD_REQ_SEL_PAR);
467 
468 	return digital_in_send_cmd(ddev, skb, 30, digital_in_recv_sdd_res,
469 				   target);
470 }
471 
472 static void digital_in_recv_sens_res(struct nfc_digital_dev *ddev, void *arg,
473 				     struct sk_buff *resp)
474 {
475 	struct nfc_target *target = NULL;
476 	int rc;
477 
478 	if (IS_ERR(resp)) {
479 		rc = PTR_ERR(resp);
480 		resp = NULL;
481 		goto exit;
482 	}
483 
484 	if (resp->len < sizeof(u16)) {
485 		rc = -EIO;
486 		goto exit;
487 	}
488 
489 	target = kzalloc(sizeof(struct nfc_target), GFP_KERNEL);
490 	if (!target) {
491 		rc = -ENOMEM;
492 		goto exit;
493 	}
494 
495 	target->sens_res = __le16_to_cpu(*(__le16 *)resp->data);
496 
497 	if (!DIGITAL_SENS_RES_IS_VALID(target->sens_res)) {
498 		PROTOCOL_ERR("4.6.3.3");
499 		rc = -EINVAL;
500 		goto exit;
501 	}
502 
503 	if (DIGITAL_SENS_RES_IS_T1T(target->sens_res))
504 		rc = digital_target_found(ddev, target, NFC_PROTO_JEWEL);
505 	else
506 		rc = digital_in_send_sdd_req(ddev, target);
507 
508 exit:
509 	dev_kfree_skb(resp);
510 
511 	if (rc) {
512 		kfree(target);
513 		digital_poll_next_tech(ddev);
514 	}
515 }
516 
517 int digital_in_send_sens_req(struct nfc_digital_dev *ddev, u8 rf_tech)
518 {
519 	struct sk_buff *skb;
520 	int rc;
521 
522 	rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_RF_TECH,
523 				     NFC_DIGITAL_RF_TECH_106A);
524 	if (rc)
525 		return rc;
526 
527 	rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
528 				     NFC_DIGITAL_FRAMING_NFCA_SHORT);
529 	if (rc)
530 		return rc;
531 
532 	skb = digital_skb_alloc(ddev, 1);
533 	if (!skb)
534 		return -ENOMEM;
535 
536 	skb_put_u8(skb, DIGITAL_CMD_SENS_REQ);
537 
538 	rc = digital_in_send_cmd(ddev, skb, 30, digital_in_recv_sens_res, NULL);
539 	if (rc)
540 		kfree_skb(skb);
541 
542 	return rc;
543 }
544 
545 int digital_in_recv_mifare_res(struct sk_buff *resp)
546 {
547 	/* Successful READ command response is 16 data bytes + 2 CRC bytes long.
548 	 * Since the driver can't differentiate a ACK/NACK response from a valid
549 	 * READ response, the CRC calculation must be handled at digital level
550 	 * even if the driver supports it for this technology.
551 	 */
552 	if (resp->len == DIGITAL_MIFARE_READ_RES_LEN + DIGITAL_CRC_LEN) {
553 		if (digital_skb_check_crc_a(resp)) {
554 			PROTOCOL_ERR("9.4.1.2");
555 			return -EIO;
556 		}
557 
558 		return 0;
559 	}
560 
561 	/* ACK response (i.e. successful WRITE). */
562 	if (resp->len == 1 && resp->data[0] == DIGITAL_MIFARE_ACK_RES) {
563 		resp->data[0] = 0;
564 		return 0;
565 	}
566 
567 	/* NACK and any other responses are treated as error. */
568 	return -EIO;
569 }
570 
571 static void digital_in_recv_attrib_res(struct nfc_digital_dev *ddev, void *arg,
572 				       struct sk_buff *resp)
573 {
574 	struct nfc_target *target = arg;
575 	struct digital_attrib_res *attrib_res;
576 	int rc;
577 
578 	if (IS_ERR(resp)) {
579 		rc = PTR_ERR(resp);
580 		resp = NULL;
581 		goto exit;
582 	}
583 
584 	if (resp->len < sizeof(*attrib_res)) {
585 		PROTOCOL_ERR("12.6.2");
586 		rc = -EIO;
587 		goto exit;
588 	}
589 
590 	attrib_res = (struct digital_attrib_res *)resp->data;
591 
592 	if (attrib_res->mbli_did & 0x0f) {
593 		PROTOCOL_ERR("12.6.2.1");
594 		rc = -EIO;
595 		goto exit;
596 	}
597 
598 	rc = digital_target_found(ddev, target, NFC_PROTO_ISO14443_B);
599 
600 exit:
601 	dev_kfree_skb(resp);
602 	kfree(target);
603 
604 	if (rc)
605 		digital_poll_next_tech(ddev);
606 }
607 
608 static int digital_in_send_attrib_req(struct nfc_digital_dev *ddev,
609 			       struct nfc_target *target,
610 			       struct digital_sensb_res *sensb_res)
611 {
612 	struct digital_attrib_req *attrib_req;
613 	struct sk_buff *skb;
614 	int rc;
615 
616 	skb = digital_skb_alloc(ddev, sizeof(*attrib_req));
617 	if (!skb)
618 		return -ENOMEM;
619 
620 	attrib_req = skb_put(skb, sizeof(*attrib_req));
621 
622 	attrib_req->cmd = DIGITAL_CMD_ATTRIB_REQ;
623 	memcpy(attrib_req->nfcid0, sensb_res->nfcid0,
624 	       sizeof(attrib_req->nfcid0));
625 	attrib_req->param1 = DIGITAL_ATTRIB_P1_TR0_DEFAULT |
626 			     DIGITAL_ATTRIB_P1_TR1_DEFAULT;
627 	attrib_req->param2 = DIGITAL_ATTRIB_P2_LISTEN_POLL_1 |
628 			     DIGITAL_ATTRIB_P2_POLL_LISTEN_1 |
629 			     DIGITAL_ATTRIB_P2_MAX_FRAME_256;
630 	attrib_req->param3 = sensb_res->proto_info[1] & 0x07;
631 	attrib_req->param4 = DIGITAL_ATTRIB_P4_DID(0);
632 
633 	rc = digital_in_send_cmd(ddev, skb, 30, digital_in_recv_attrib_res,
634 				 target);
635 	if (rc)
636 		kfree_skb(skb);
637 
638 	return rc;
639 }
640 
641 static void digital_in_recv_sensb_res(struct nfc_digital_dev *ddev, void *arg,
642 				      struct sk_buff *resp)
643 {
644 	struct nfc_target *target = NULL;
645 	struct digital_sensb_res *sensb_res;
646 	u8 fsci;
647 	int rc;
648 
649 	if (IS_ERR(resp)) {
650 		rc = PTR_ERR(resp);
651 		resp = NULL;
652 		goto exit;
653 	}
654 
655 	if (resp->len != sizeof(*sensb_res)) {
656 		PROTOCOL_ERR("5.6.2.1");
657 		rc = -EIO;
658 		goto exit;
659 	}
660 
661 	sensb_res = (struct digital_sensb_res *)resp->data;
662 
663 	if (sensb_res->cmd != DIGITAL_CMD_SENSB_RES) {
664 		PROTOCOL_ERR("5.6.2");
665 		rc = -EIO;
666 		goto exit;
667 	}
668 
669 	if (!(sensb_res->proto_info[1] & BIT(0))) {
670 		PROTOCOL_ERR("5.6.2.12");
671 		rc = -EIO;
672 		goto exit;
673 	}
674 
675 	if (sensb_res->proto_info[1] & BIT(3)) {
676 		PROTOCOL_ERR("5.6.2.16");
677 		rc = -EIO;
678 		goto exit;
679 	}
680 
681 	fsci = DIGITAL_SENSB_FSCI(sensb_res->proto_info[1]);
682 	if (fsci >= 8)
683 		ddev->target_fsc = DIGITAL_ATS_MAX_FSC;
684 	else
685 		ddev->target_fsc = digital_ats_fsc[fsci];
686 
687 	target = kzalloc(sizeof(struct nfc_target), GFP_KERNEL);
688 	if (!target) {
689 		rc = -ENOMEM;
690 		goto exit;
691 	}
692 
693 	rc = digital_in_send_attrib_req(ddev, target, sensb_res);
694 
695 exit:
696 	dev_kfree_skb(resp);
697 
698 	if (rc) {
699 		kfree(target);
700 		digital_poll_next_tech(ddev);
701 	}
702 }
703 
704 int digital_in_send_sensb_req(struct nfc_digital_dev *ddev, u8 rf_tech)
705 {
706 	struct digital_sensb_req *sensb_req;
707 	struct sk_buff *skb;
708 	int rc;
709 
710 	rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_RF_TECH,
711 				     NFC_DIGITAL_RF_TECH_106B);
712 	if (rc)
713 		return rc;
714 
715 	rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
716 				     NFC_DIGITAL_FRAMING_NFCB);
717 	if (rc)
718 		return rc;
719 
720 	skb = digital_skb_alloc(ddev, sizeof(*sensb_req));
721 	if (!skb)
722 		return -ENOMEM;
723 
724 	sensb_req = skb_put(skb, sizeof(*sensb_req));
725 
726 	sensb_req->cmd = DIGITAL_CMD_SENSB_REQ;
727 	sensb_req->afi = 0x00; /* All families and sub-families */
728 	sensb_req->param = DIGITAL_SENSB_N(0);
729 
730 	rc = digital_in_send_cmd(ddev, skb, 30, digital_in_recv_sensb_res,
731 				 NULL);
732 	if (rc)
733 		kfree_skb(skb);
734 
735 	return rc;
736 }
737 
738 static void digital_in_recv_sensf_res(struct nfc_digital_dev *ddev, void *arg,
739 				   struct sk_buff *resp)
740 {
741 	int rc;
742 	u8 proto;
743 	struct nfc_target target;
744 	struct digital_sensf_res *sensf_res;
745 
746 	if (IS_ERR(resp)) {
747 		rc = PTR_ERR(resp);
748 		resp = NULL;
749 		goto exit;
750 	}
751 
752 	if (resp->len < DIGITAL_SENSF_RES_MIN_LENGTH) {
753 		rc = -EIO;
754 		goto exit;
755 	}
756 
757 	if (!DIGITAL_DRV_CAPS_IN_CRC(ddev)) {
758 		rc = digital_skb_check_crc_f(resp);
759 		if (rc) {
760 			PROTOCOL_ERR("6.4.1.8");
761 			goto exit;
762 		}
763 	}
764 
765 	skb_pull(resp, 1);
766 
767 	memset(&target, 0, sizeof(struct nfc_target));
768 
769 	sensf_res = (struct digital_sensf_res *)resp->data;
770 
771 	memcpy(target.sensf_res, sensf_res, resp->len);
772 	target.sensf_res_len = resp->len;
773 
774 	memcpy(target.nfcid2, sensf_res->nfcid2, NFC_NFCID2_MAXSIZE);
775 	target.nfcid2_len = NFC_NFCID2_MAXSIZE;
776 
777 	if (target.nfcid2[0] == DIGITAL_SENSF_NFCID2_NFC_DEP_B1 &&
778 	    target.nfcid2[1] == DIGITAL_SENSF_NFCID2_NFC_DEP_B2)
779 		proto = NFC_PROTO_NFC_DEP;
780 	else
781 		proto = NFC_PROTO_FELICA;
782 
783 	rc = digital_target_found(ddev, &target, proto);
784 
785 exit:
786 	dev_kfree_skb(resp);
787 
788 	if (rc)
789 		digital_poll_next_tech(ddev);
790 }
791 
792 int digital_in_send_sensf_req(struct nfc_digital_dev *ddev, u8 rf_tech)
793 {
794 	struct digital_sensf_req *sensf_req;
795 	struct sk_buff *skb;
796 	int rc;
797 	u8 size;
798 
799 	rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_RF_TECH, rf_tech);
800 	if (rc)
801 		return rc;
802 
803 	rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
804 				     NFC_DIGITAL_FRAMING_NFCF);
805 	if (rc)
806 		return rc;
807 
808 	size = sizeof(struct digital_sensf_req);
809 
810 	skb = digital_skb_alloc(ddev, size);
811 	if (!skb)
812 		return -ENOMEM;
813 
814 	skb_put(skb, size);
815 
816 	sensf_req = (struct digital_sensf_req *)skb->data;
817 	sensf_req->cmd = DIGITAL_CMD_SENSF_REQ;
818 	sensf_req->sc1 = 0xFF;
819 	sensf_req->sc2 = 0xFF;
820 	sensf_req->rc = 0;
821 	sensf_req->tsn = 0;
822 
823 	*(u8 *)skb_push(skb, 1) = size + 1;
824 
825 	if (!DIGITAL_DRV_CAPS_IN_CRC(ddev))
826 		digital_skb_add_crc_f(skb);
827 
828 	rc = digital_in_send_cmd(ddev, skb, 30, digital_in_recv_sensf_res,
829 				 NULL);
830 	if (rc)
831 		kfree_skb(skb);
832 
833 	return rc;
834 }
835 
836 static void digital_in_recv_iso15693_inv_res(struct nfc_digital_dev *ddev,
837 		void *arg, struct sk_buff *resp)
838 {
839 	struct digital_iso15693_inv_res *res;
840 	struct nfc_target *target = NULL;
841 	int rc;
842 
843 	if (IS_ERR(resp)) {
844 		rc = PTR_ERR(resp);
845 		resp = NULL;
846 		goto out_free_skb;
847 	}
848 
849 	if (resp->len != sizeof(*res)) {
850 		rc = -EIO;
851 		goto out_free_skb;
852 	}
853 
854 	res = (struct digital_iso15693_inv_res *)resp->data;
855 
856 	if (!DIGITAL_ISO15693_RES_IS_VALID(res->flags)) {
857 		PROTOCOL_ERR("ISO15693 - 10.3.1");
858 		rc = -EINVAL;
859 		goto out_free_skb;
860 	}
861 
862 	target = kzalloc(sizeof(*target), GFP_KERNEL);
863 	if (!target) {
864 		rc = -ENOMEM;
865 		goto out_free_skb;
866 	}
867 
868 	target->is_iso15693 = 1;
869 	target->iso15693_dsfid = res->dsfid;
870 	memcpy(target->iso15693_uid, &res->uid, sizeof(target->iso15693_uid));
871 
872 	rc = digital_target_found(ddev, target, NFC_PROTO_ISO15693);
873 
874 	kfree(target);
875 
876 out_free_skb:
877 	dev_kfree_skb(resp);
878 
879 	if (rc)
880 		digital_poll_next_tech(ddev);
881 }
882 
883 int digital_in_send_iso15693_inv_req(struct nfc_digital_dev *ddev, u8 rf_tech)
884 {
885 	struct digital_iso15693_inv_req *req;
886 	struct sk_buff *skb;
887 	int rc;
888 
889 	rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_RF_TECH,
890 				     NFC_DIGITAL_RF_TECH_ISO15693);
891 	if (rc)
892 		return rc;
893 
894 	rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
895 				     NFC_DIGITAL_FRAMING_ISO15693_INVENTORY);
896 	if (rc)
897 		return rc;
898 
899 	skb = digital_skb_alloc(ddev, sizeof(*req));
900 	if (!skb)
901 		return -ENOMEM;
902 
903 	skb_put(skb, sizeof(*req) - sizeof(req->mask)); /* No mask */
904 	req = (struct digital_iso15693_inv_req *)skb->data;
905 
906 	/* Single sub-carrier, high data rate, no AFI, single slot
907 	 * Inventory command
908 	 */
909 	req->flags = DIGITAL_ISO15693_REQ_FLAG_DATA_RATE |
910 		     DIGITAL_ISO15693_REQ_FLAG_INVENTORY |
911 		     DIGITAL_ISO15693_REQ_FLAG_NB_SLOTS;
912 	req->cmd = DIGITAL_CMD_ISO15693_INVENTORY_REQ;
913 	req->mask_len = 0;
914 
915 	rc = digital_in_send_cmd(ddev, skb, 30,
916 				 digital_in_recv_iso15693_inv_res, NULL);
917 	if (rc)
918 		kfree_skb(skb);
919 
920 	return rc;
921 }
922 
923 static int digital_tg_send_sel_res(struct nfc_digital_dev *ddev)
924 {
925 	struct sk_buff *skb;
926 	int rc;
927 
928 	skb = digital_skb_alloc(ddev, 1);
929 	if (!skb)
930 		return -ENOMEM;
931 
932 	skb_put_u8(skb, DIGITAL_SEL_RES_NFC_DEP);
933 
934 	if (!DIGITAL_DRV_CAPS_TG_CRC(ddev))
935 		digital_skb_add_crc_a(skb);
936 
937 	rc = digital_tg_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
938 				     NFC_DIGITAL_FRAMING_NFCA_ANTICOL_COMPLETE);
939 	if (rc) {
940 		kfree_skb(skb);
941 		return rc;
942 	}
943 
944 	rc = digital_tg_send_cmd(ddev, skb, 300, digital_tg_recv_atr_req,
945 				 NULL);
946 	if (rc)
947 		kfree_skb(skb);
948 
949 	return rc;
950 }
951 
952 static void digital_tg_recv_sel_req(struct nfc_digital_dev *ddev, void *arg,
953 				    struct sk_buff *resp)
954 {
955 	int rc;
956 
957 	if (IS_ERR(resp)) {
958 		rc = PTR_ERR(resp);
959 		resp = NULL;
960 		goto exit;
961 	}
962 
963 	if (!DIGITAL_DRV_CAPS_TG_CRC(ddev)) {
964 		rc = digital_skb_check_crc_a(resp);
965 		if (rc) {
966 			PROTOCOL_ERR("4.4.1.3");
967 			goto exit;
968 		}
969 	}
970 
971 	/* Silently ignore SEL_REQ content and send a SEL_RES for NFC-DEP */
972 
973 	rc = digital_tg_send_sel_res(ddev);
974 
975 exit:
976 	if (rc)
977 		digital_poll_next_tech(ddev);
978 
979 	dev_kfree_skb(resp);
980 }
981 
982 static int digital_tg_send_sdd_res(struct nfc_digital_dev *ddev)
983 {
984 	struct sk_buff *skb;
985 	struct digital_sdd_res *sdd_res;
986 	int rc, i;
987 
988 	skb = digital_skb_alloc(ddev, sizeof(struct digital_sdd_res));
989 	if (!skb)
990 		return -ENOMEM;
991 
992 	skb_put(skb, sizeof(struct digital_sdd_res));
993 	sdd_res = (struct digital_sdd_res *)skb->data;
994 
995 	sdd_res->nfcid1[0] = 0x08;
996 	get_random_bytes(sdd_res->nfcid1 + 1, 3);
997 
998 	sdd_res->bcc = 0;
999 	for (i = 0; i < 4; i++)
1000 		sdd_res->bcc ^= sdd_res->nfcid1[i];
1001 
1002 	rc = digital_tg_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
1003 				NFC_DIGITAL_FRAMING_NFCA_STANDARD_WITH_CRC_A);
1004 	if (rc) {
1005 		kfree_skb(skb);
1006 		return rc;
1007 	}
1008 
1009 	rc = digital_tg_send_cmd(ddev, skb, 300, digital_tg_recv_sel_req,
1010 				 NULL);
1011 	if (rc)
1012 		kfree_skb(skb);
1013 
1014 	return rc;
1015 }
1016 
1017 static void digital_tg_recv_sdd_req(struct nfc_digital_dev *ddev, void *arg,
1018 				    struct sk_buff *resp)
1019 {
1020 	u8 *sdd_req;
1021 	int rc;
1022 
1023 	if (IS_ERR(resp)) {
1024 		rc = PTR_ERR(resp);
1025 		resp = NULL;
1026 		goto exit;
1027 	}
1028 
1029 	sdd_req = resp->data;
1030 
1031 	if (resp->len < 2 || sdd_req[0] != DIGITAL_CMD_SEL_REQ_CL1 ||
1032 	    sdd_req[1] != DIGITAL_SDD_REQ_SEL_PAR) {
1033 		rc = -EINVAL;
1034 		goto exit;
1035 	}
1036 
1037 	rc = digital_tg_send_sdd_res(ddev);
1038 
1039 exit:
1040 	if (rc)
1041 		digital_poll_next_tech(ddev);
1042 
1043 	dev_kfree_skb(resp);
1044 }
1045 
1046 static int digital_tg_send_sens_res(struct nfc_digital_dev *ddev)
1047 {
1048 	struct sk_buff *skb;
1049 	u8 *sens_res;
1050 	int rc;
1051 
1052 	skb = digital_skb_alloc(ddev, 2);
1053 	if (!skb)
1054 		return -ENOMEM;
1055 
1056 	sens_res = skb_put(skb, 2);
1057 
1058 	sens_res[0] = (DIGITAL_SENS_RES_NFC_DEP >> 8) & 0xFF;
1059 	sens_res[1] = DIGITAL_SENS_RES_NFC_DEP & 0xFF;
1060 
1061 	rc = digital_tg_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
1062 				     NFC_DIGITAL_FRAMING_NFCA_STANDARD);
1063 	if (rc) {
1064 		kfree_skb(skb);
1065 		return rc;
1066 	}
1067 
1068 	rc = digital_tg_send_cmd(ddev, skb, 300, digital_tg_recv_sdd_req,
1069 				 NULL);
1070 	if (rc)
1071 		kfree_skb(skb);
1072 
1073 	return rc;
1074 }
1075 
1076 void digital_tg_recv_sens_req(struct nfc_digital_dev *ddev, void *arg,
1077 			      struct sk_buff *resp)
1078 {
1079 	u8 sens_req;
1080 	int rc;
1081 
1082 	if (IS_ERR(resp)) {
1083 		rc = PTR_ERR(resp);
1084 		resp = NULL;
1085 		goto exit;
1086 	}
1087 
1088 	sens_req = resp->data[0];
1089 
1090 	if (!resp->len || (sens_req != DIGITAL_CMD_SENS_REQ &&
1091 	    sens_req != DIGITAL_CMD_ALL_REQ)) {
1092 		rc = -EINVAL;
1093 		goto exit;
1094 	}
1095 
1096 	rc = digital_tg_send_sens_res(ddev);
1097 
1098 exit:
1099 	if (rc)
1100 		digital_poll_next_tech(ddev);
1101 
1102 	dev_kfree_skb(resp);
1103 }
1104 
1105 static void digital_tg_recv_atr_or_sensf_req(struct nfc_digital_dev *ddev,
1106 		void *arg, struct sk_buff *resp)
1107 {
1108 	if (!IS_ERR(resp) && (resp->len >= 2) &&
1109 			(resp->data[1] == DIGITAL_CMD_SENSF_REQ))
1110 		digital_tg_recv_sensf_req(ddev, arg, resp);
1111 	else
1112 		digital_tg_recv_atr_req(ddev, arg, resp);
1113 
1114 	return;
1115 }
1116 
1117 static int digital_tg_send_sensf_res(struct nfc_digital_dev *ddev,
1118 			      struct digital_sensf_req *sensf_req)
1119 {
1120 	struct sk_buff *skb;
1121 	u8 size;
1122 	int rc;
1123 	struct digital_sensf_res *sensf_res;
1124 
1125 	size = sizeof(struct digital_sensf_res);
1126 
1127 	if (sensf_req->rc == DIGITAL_SENSF_REQ_RC_NONE)
1128 		size -= sizeof(sensf_res->rd);
1129 
1130 	skb = digital_skb_alloc(ddev, size);
1131 	if (!skb)
1132 		return -ENOMEM;
1133 
1134 	skb_put(skb, size);
1135 
1136 	sensf_res = (struct digital_sensf_res *)skb->data;
1137 
1138 	memset(sensf_res, 0, size);
1139 
1140 	sensf_res->cmd = DIGITAL_CMD_SENSF_RES;
1141 	sensf_res->nfcid2[0] = DIGITAL_SENSF_NFCID2_NFC_DEP_B1;
1142 	sensf_res->nfcid2[1] = DIGITAL_SENSF_NFCID2_NFC_DEP_B2;
1143 	get_random_bytes(&sensf_res->nfcid2[2], 6);
1144 
1145 	switch (sensf_req->rc) {
1146 	case DIGITAL_SENSF_REQ_RC_SC:
1147 		sensf_res->rd[0] = sensf_req->sc1;
1148 		sensf_res->rd[1] = sensf_req->sc2;
1149 		break;
1150 	case DIGITAL_SENSF_REQ_RC_AP:
1151 		sensf_res->rd[0] = DIGITAL_SENSF_RES_RD_AP_B1;
1152 		sensf_res->rd[1] = DIGITAL_SENSF_RES_RD_AP_B2;
1153 		break;
1154 	}
1155 
1156 	*(u8 *)skb_push(skb, sizeof(u8)) = size + 1;
1157 
1158 	if (!DIGITAL_DRV_CAPS_TG_CRC(ddev))
1159 		digital_skb_add_crc_f(skb);
1160 
1161 	rc = digital_tg_send_cmd(ddev, skb, 300,
1162 				 digital_tg_recv_atr_or_sensf_req, NULL);
1163 	if (rc)
1164 		kfree_skb(skb);
1165 
1166 	return rc;
1167 }
1168 
1169 void digital_tg_recv_sensf_req(struct nfc_digital_dev *ddev, void *arg,
1170 			       struct sk_buff *resp)
1171 {
1172 	struct digital_sensf_req *sensf_req;
1173 	int rc;
1174 
1175 	if (IS_ERR(resp)) {
1176 		rc = PTR_ERR(resp);
1177 		resp = NULL;
1178 		goto exit;
1179 	}
1180 
1181 	if (!DIGITAL_DRV_CAPS_TG_CRC(ddev)) {
1182 		rc = digital_skb_check_crc_f(resp);
1183 		if (rc) {
1184 			PROTOCOL_ERR("6.4.1.8");
1185 			goto exit;
1186 		}
1187 	}
1188 
1189 	if (resp->len != sizeof(struct digital_sensf_req) + 1) {
1190 		rc = -EINVAL;
1191 		goto exit;
1192 	}
1193 
1194 	skb_pull(resp, 1);
1195 	sensf_req = (struct digital_sensf_req *)resp->data;
1196 
1197 	if (sensf_req->cmd != DIGITAL_CMD_SENSF_REQ) {
1198 		rc = -EINVAL;
1199 		goto exit;
1200 	}
1201 
1202 	rc = digital_tg_send_sensf_res(ddev, sensf_req);
1203 
1204 exit:
1205 	if (rc)
1206 		digital_poll_next_tech(ddev);
1207 
1208 	dev_kfree_skb(resp);
1209 }
1210 
1211 static int digital_tg_config_nfca(struct nfc_digital_dev *ddev)
1212 {
1213 	int rc;
1214 
1215 	rc = digital_tg_configure_hw(ddev, NFC_DIGITAL_CONFIG_RF_TECH,
1216 				     NFC_DIGITAL_RF_TECH_106A);
1217 	if (rc)
1218 		return rc;
1219 
1220 	return digital_tg_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
1221 				       NFC_DIGITAL_FRAMING_NFCA_NFC_DEP);
1222 }
1223 
1224 int digital_tg_listen_nfca(struct nfc_digital_dev *ddev, u8 rf_tech)
1225 {
1226 	int rc;
1227 
1228 	rc = digital_tg_config_nfca(ddev);
1229 	if (rc)
1230 		return rc;
1231 
1232 	return digital_tg_listen(ddev, 300, digital_tg_recv_sens_req, NULL);
1233 }
1234 
1235 static int digital_tg_config_nfcf(struct nfc_digital_dev *ddev, u8 rf_tech)
1236 {
1237 	int rc;
1238 
1239 	rc = digital_tg_configure_hw(ddev, NFC_DIGITAL_CONFIG_RF_TECH, rf_tech);
1240 	if (rc)
1241 		return rc;
1242 
1243 	return digital_tg_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
1244 				       NFC_DIGITAL_FRAMING_NFCF_NFC_DEP);
1245 }
1246 
1247 int digital_tg_listen_nfcf(struct nfc_digital_dev *ddev, u8 rf_tech)
1248 {
1249 	int rc;
1250 
1251 	rc = digital_tg_config_nfcf(ddev, rf_tech);
1252 	if (rc)
1253 		return rc;
1254 
1255 	return digital_tg_listen(ddev, 300, digital_tg_recv_sensf_req, NULL);
1256 }
1257 
1258 void digital_tg_recv_md_req(struct nfc_digital_dev *ddev, void *arg,
1259 			    struct sk_buff *resp)
1260 {
1261 	u8 rf_tech;
1262 	int rc;
1263 
1264 	if (IS_ERR(resp)) {
1265 		resp = NULL;
1266 		goto exit_free_skb;
1267 	}
1268 
1269 	rc = ddev->ops->tg_get_rf_tech(ddev, &rf_tech);
1270 	if (rc)
1271 		goto exit_free_skb;
1272 
1273 	switch (rf_tech) {
1274 	case NFC_DIGITAL_RF_TECH_106A:
1275 		rc = digital_tg_config_nfca(ddev);
1276 		if (rc)
1277 			goto exit_free_skb;
1278 		digital_tg_recv_sens_req(ddev, arg, resp);
1279 		break;
1280 	case NFC_DIGITAL_RF_TECH_212F:
1281 	case NFC_DIGITAL_RF_TECH_424F:
1282 		rc = digital_tg_config_nfcf(ddev, rf_tech);
1283 		if (rc)
1284 			goto exit_free_skb;
1285 		digital_tg_recv_sensf_req(ddev, arg, resp);
1286 		break;
1287 	default:
1288 		goto exit_free_skb;
1289 	}
1290 
1291 	return;
1292 
1293 exit_free_skb:
1294 	digital_poll_next_tech(ddev);
1295 	dev_kfree_skb(resp);
1296 }
1297