xref: /linux/net/nfc/digital_technology.c (revision 96ac6d435100450f0565708d9b885ea2a7400e0a)
1 /*
2  * NFC Digital Protocol stack
3  * Copyright (c) 2013, Intel Corporation.
4  *
5  * This program is free software; you can redistribute it and/or modify it
6  * under the terms and conditions of the GNU General Public License,
7  * version 2, as published by the Free Software Foundation.
8  *
9  * This program is distributed in the hope it will be useful, but WITHOUT
10  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
12  * more details.
13  *
14  */
15 
16 #define pr_fmt(fmt) "digital: %s: " fmt, __func__
17 
18 #include "digital.h"
19 
20 #define DIGITAL_CMD_SENS_REQ    0x26
21 #define DIGITAL_CMD_ALL_REQ     0x52
22 #define DIGITAL_CMD_SEL_REQ_CL1 0x93
23 #define DIGITAL_CMD_SEL_REQ_CL2 0x95
24 #define DIGITAL_CMD_SEL_REQ_CL3 0x97
25 
26 #define DIGITAL_SDD_REQ_SEL_PAR 0x20
27 
28 #define DIGITAL_SDD_RES_CT  0x88
29 #define DIGITAL_SDD_RES_LEN 5
30 #define DIGITAL_SEL_RES_LEN 1
31 
32 #define DIGITAL_SEL_RES_NFCID1_COMPLETE(sel_res) (!((sel_res) & 0x04))
33 #define DIGITAL_SEL_RES_IS_T2T(sel_res) (!((sel_res) & 0x60))
34 #define DIGITAL_SEL_RES_IS_T4T(sel_res) ((sel_res) & 0x20)
35 #define DIGITAL_SEL_RES_IS_NFC_DEP(sel_res) ((sel_res) & 0x40)
36 
37 #define DIGITAL_SENS_RES_IS_T1T(sens_res) (((sens_res) & 0x0C00) == 0x0C00)
38 #define DIGITAL_SENS_RES_IS_VALID(sens_res) \
39 	((!((sens_res) & 0x001F) && (((sens_res) & 0x0C00) == 0x0C00)) || \
40 	(((sens_res) & 0x001F) && ((sens_res) & 0x0C00) != 0x0C00))
41 
42 #define DIGITAL_MIFARE_READ_RES_LEN 16
43 #define DIGITAL_MIFARE_ACK_RES	0x0A
44 
45 #define DIGITAL_CMD_SENSB_REQ			0x05
46 #define DIGITAL_SENSB_ADVANCED			BIT(5)
47 #define DIGITAL_SENSB_EXTENDED			BIT(4)
48 #define DIGITAL_SENSB_ALLB_REQ			BIT(3)
49 #define DIGITAL_SENSB_N(n)			((n) & 0x7)
50 
51 #define DIGITAL_CMD_SENSB_RES			0x50
52 
53 #define DIGITAL_CMD_ATTRIB_REQ			0x1D
54 #define DIGITAL_ATTRIB_P1_TR0_DEFAULT		(0x0 << 6)
55 #define DIGITAL_ATTRIB_P1_TR1_DEFAULT		(0x0 << 4)
56 #define DIGITAL_ATTRIB_P1_SUPRESS_EOS		BIT(3)
57 #define DIGITAL_ATTRIB_P1_SUPRESS_SOS		BIT(2)
58 #define DIGITAL_ATTRIB_P2_LISTEN_POLL_1		(0x0 << 6)
59 #define DIGITAL_ATTRIB_P2_POLL_LISTEN_1		(0x0 << 4)
60 #define DIGITAL_ATTRIB_P2_MAX_FRAME_256		0x8
61 #define DIGITAL_ATTRIB_P4_DID(n)		((n) & 0xf)
62 
63 #define DIGITAL_CMD_SENSF_REQ	0x00
64 #define DIGITAL_CMD_SENSF_RES	0x01
65 
66 #define DIGITAL_SENSF_RES_MIN_LENGTH 17
67 #define DIGITAL_SENSF_RES_RD_AP_B1   0x00
68 #define DIGITAL_SENSF_RES_RD_AP_B2   0x8F
69 
70 #define DIGITAL_SENSF_REQ_RC_NONE 0
71 #define DIGITAL_SENSF_REQ_RC_SC   1
72 #define DIGITAL_SENSF_REQ_RC_AP   2
73 
74 #define DIGITAL_CMD_ISO15693_INVENTORY_REQ	0x01
75 
76 #define DIGITAL_ISO15693_REQ_FLAG_DATA_RATE	BIT(1)
77 #define DIGITAL_ISO15693_REQ_FLAG_INVENTORY	BIT(2)
78 #define DIGITAL_ISO15693_REQ_FLAG_NB_SLOTS	BIT(5)
79 #define DIGITAL_ISO15693_RES_FLAG_ERROR		BIT(0)
80 #define DIGITAL_ISO15693_RES_IS_VALID(flags) \
81 	(!((flags) & DIGITAL_ISO15693_RES_FLAG_ERROR))
82 
83 #define DIGITAL_ISO_DEP_I_PCB	 0x02
84 #define DIGITAL_ISO_DEP_PNI(pni) ((pni) & 0x01)
85 
86 #define DIGITAL_ISO_DEP_PCB_TYPE(pcb) ((pcb) & 0xC0)
87 
88 #define DIGITAL_ISO_DEP_I_BLOCK 0x00
89 
90 #define DIGITAL_ISO_DEP_BLOCK_HAS_DID(pcb) ((pcb) & 0x08)
91 
92 static const u8 digital_ats_fsc[] = {
93 	 16,  24,  32,  40,  48,  64,  96, 128,
94 };
95 
96 #define DIGITAL_ATS_FSCI(t0) ((t0) & 0x0F)
97 #define DIGITAL_SENSB_FSCI(pi2) (((pi2) & 0xF0) >> 4)
98 #define DIGITAL_ATS_MAX_FSC  256
99 
100 #define DIGITAL_RATS_BYTE1 0xE0
101 #define DIGITAL_RATS_PARAM 0x80
102 
103 struct digital_sdd_res {
104 	u8 nfcid1[4];
105 	u8 bcc;
106 } __packed;
107 
108 struct digital_sel_req {
109 	u8 sel_cmd;
110 	u8 b2;
111 	u8 nfcid1[4];
112 	u8 bcc;
113 } __packed;
114 
115 struct digital_sensb_req {
116 	u8 cmd;
117 	u8 afi;
118 	u8 param;
119 } __packed;
120 
121 struct digital_sensb_res {
122 	u8 cmd;
123 	u8 nfcid0[4];
124 	u8 app_data[4];
125 	u8 proto_info[3];
126 } __packed;
127 
128 struct digital_attrib_req {
129 	u8 cmd;
130 	u8 nfcid0[4];
131 	u8 param1;
132 	u8 param2;
133 	u8 param3;
134 	u8 param4;
135 } __packed;
136 
137 struct digital_attrib_res {
138 	u8 mbli_did;
139 } __packed;
140 
141 struct digital_sensf_req {
142 	u8 cmd;
143 	u8 sc1;
144 	u8 sc2;
145 	u8 rc;
146 	u8 tsn;
147 } __packed;
148 
149 struct digital_sensf_res {
150 	u8 cmd;
151 	u8 nfcid2[8];
152 	u8 pad0[2];
153 	u8 pad1[3];
154 	u8 mrti_check;
155 	u8 mrti_update;
156 	u8 pad2;
157 	u8 rd[2];
158 } __packed;
159 
160 struct digital_iso15693_inv_req {
161 	u8 flags;
162 	u8 cmd;
163 	u8 mask_len;
164 	u64 mask;
165 } __packed;
166 
167 struct digital_iso15693_inv_res {
168 	u8 flags;
169 	u8 dsfid;
170 	u64 uid;
171 } __packed;
172 
173 static int digital_in_send_sdd_req(struct nfc_digital_dev *ddev,
174 				   struct nfc_target *target);
175 
176 int digital_in_iso_dep_pull_sod(struct nfc_digital_dev *ddev,
177 				struct sk_buff *skb)
178 {
179 	u8 pcb;
180 	u8 block_type;
181 
182 	if (skb->len < 1)
183 		return -EIO;
184 
185 	pcb = *skb->data;
186 	block_type = DIGITAL_ISO_DEP_PCB_TYPE(pcb);
187 
188 	/* No support fo R-block nor S-block */
189 	if (block_type != DIGITAL_ISO_DEP_I_BLOCK) {
190 		pr_err("ISO_DEP R-block and S-block not supported\n");
191 		return -EIO;
192 	}
193 
194 	if (DIGITAL_ISO_DEP_BLOCK_HAS_DID(pcb)) {
195 		pr_err("DID field in ISO_DEP PCB not supported\n");
196 		return -EIO;
197 	}
198 
199 	skb_pull(skb, 1);
200 
201 	return 0;
202 }
203 
204 int digital_in_iso_dep_push_sod(struct nfc_digital_dev *ddev,
205 				struct sk_buff *skb)
206 {
207 	/*
208 	 * Chaining not supported so skb->len + 1 PCB byte + 2 CRC bytes must
209 	 * not be greater than remote FSC
210 	 */
211 	if (skb->len + 3 > ddev->target_fsc)
212 		return -EIO;
213 
214 	skb_push(skb, 1);
215 
216 	*skb->data = DIGITAL_ISO_DEP_I_PCB | ddev->curr_nfc_dep_pni;
217 
218 	ddev->curr_nfc_dep_pni =
219 		DIGITAL_ISO_DEP_PNI(ddev->curr_nfc_dep_pni + 1);
220 
221 	return 0;
222 }
223 
224 static void digital_in_recv_ats(struct nfc_digital_dev *ddev, void *arg,
225 				struct sk_buff *resp)
226 {
227 	struct nfc_target *target = arg;
228 	u8 fsdi;
229 	int rc;
230 
231 	if (IS_ERR(resp)) {
232 		rc = PTR_ERR(resp);
233 		resp = NULL;
234 		goto exit;
235 	}
236 
237 	if (resp->len < 2) {
238 		rc = -EIO;
239 		goto exit;
240 	}
241 
242 	fsdi = DIGITAL_ATS_FSCI(resp->data[1]);
243 	if (fsdi >= 8)
244 		ddev->target_fsc = DIGITAL_ATS_MAX_FSC;
245 	else
246 		ddev->target_fsc = digital_ats_fsc[fsdi];
247 
248 	ddev->curr_nfc_dep_pni = 0;
249 
250 	rc = digital_target_found(ddev, target, NFC_PROTO_ISO14443);
251 
252 exit:
253 	dev_kfree_skb(resp);
254 	kfree(target);
255 
256 	if (rc)
257 		digital_poll_next_tech(ddev);
258 }
259 
260 static int digital_in_send_rats(struct nfc_digital_dev *ddev,
261 				struct nfc_target *target)
262 {
263 	int rc;
264 	struct sk_buff *skb;
265 
266 	skb = digital_skb_alloc(ddev, 2);
267 	if (!skb)
268 		return -ENOMEM;
269 
270 	skb_put_u8(skb, DIGITAL_RATS_BYTE1);
271 	skb_put_u8(skb, DIGITAL_RATS_PARAM);
272 
273 	rc = digital_in_send_cmd(ddev, skb, 30, digital_in_recv_ats,
274 				 target);
275 	if (rc)
276 		kfree_skb(skb);
277 
278 	return rc;
279 }
280 
281 static void digital_in_recv_sel_res(struct nfc_digital_dev *ddev, void *arg,
282 				    struct sk_buff *resp)
283 {
284 	struct nfc_target *target = arg;
285 	int rc;
286 	u8 sel_res;
287 	u8 nfc_proto;
288 
289 	if (IS_ERR(resp)) {
290 		rc = PTR_ERR(resp);
291 		resp = NULL;
292 		goto exit;
293 	}
294 
295 	if (!DIGITAL_DRV_CAPS_IN_CRC(ddev)) {
296 		rc = digital_skb_check_crc_a(resp);
297 		if (rc) {
298 			PROTOCOL_ERR("4.4.1.3");
299 			goto exit;
300 		}
301 	}
302 
303 	if (resp->len != DIGITAL_SEL_RES_LEN) {
304 		rc = -EIO;
305 		goto exit;
306 	}
307 
308 	sel_res = resp->data[0];
309 
310 	if (!DIGITAL_SEL_RES_NFCID1_COMPLETE(sel_res)) {
311 		rc = digital_in_send_sdd_req(ddev, target);
312 		if (rc)
313 			goto exit;
314 
315 		goto exit_free_skb;
316 	}
317 
318 	target->sel_res = sel_res;
319 
320 	if (DIGITAL_SEL_RES_IS_T2T(sel_res)) {
321 		nfc_proto = NFC_PROTO_MIFARE;
322 	} else if (DIGITAL_SEL_RES_IS_NFC_DEP(sel_res)) {
323 		nfc_proto = NFC_PROTO_NFC_DEP;
324 	} else if (DIGITAL_SEL_RES_IS_T4T(sel_res)) {
325 		rc = digital_in_send_rats(ddev, target);
326 		if (rc)
327 			goto exit;
328 		/*
329 		 * Skip target_found and don't free it for now. This will be
330 		 * done when receiving the ATS
331 		 */
332 		goto exit_free_skb;
333 	} else {
334 		rc = -EOPNOTSUPP;
335 		goto exit;
336 	}
337 
338 	rc = digital_target_found(ddev, target, nfc_proto);
339 
340 exit:
341 	kfree(target);
342 
343 exit_free_skb:
344 	dev_kfree_skb(resp);
345 
346 	if (rc)
347 		digital_poll_next_tech(ddev);
348 }
349 
350 static int digital_in_send_sel_req(struct nfc_digital_dev *ddev,
351 				   struct nfc_target *target,
352 				   struct digital_sdd_res *sdd_res)
353 {
354 	struct sk_buff *skb;
355 	struct digital_sel_req *sel_req;
356 	u8 sel_cmd;
357 	int rc;
358 
359 	skb = digital_skb_alloc(ddev, sizeof(struct digital_sel_req));
360 	if (!skb)
361 		return -ENOMEM;
362 
363 	skb_put(skb, sizeof(struct digital_sel_req));
364 	sel_req = (struct digital_sel_req *)skb->data;
365 
366 	if (target->nfcid1_len <= 4)
367 		sel_cmd = DIGITAL_CMD_SEL_REQ_CL1;
368 	else if (target->nfcid1_len < 10)
369 		sel_cmd = DIGITAL_CMD_SEL_REQ_CL2;
370 	else
371 		sel_cmd = DIGITAL_CMD_SEL_REQ_CL3;
372 
373 	sel_req->sel_cmd = sel_cmd;
374 	sel_req->b2 = 0x70;
375 	memcpy(sel_req->nfcid1, sdd_res->nfcid1, 4);
376 	sel_req->bcc = sdd_res->bcc;
377 
378 	if (DIGITAL_DRV_CAPS_IN_CRC(ddev)) {
379 		rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
380 				NFC_DIGITAL_FRAMING_NFCA_STANDARD_WITH_CRC_A);
381 		if (rc)
382 			goto exit;
383 	} else {
384 		digital_skb_add_crc_a(skb);
385 	}
386 
387 	rc = digital_in_send_cmd(ddev, skb, 30, digital_in_recv_sel_res,
388 				 target);
389 exit:
390 	if (rc)
391 		kfree_skb(skb);
392 
393 	return rc;
394 }
395 
396 static void digital_in_recv_sdd_res(struct nfc_digital_dev *ddev, void *arg,
397 				    struct sk_buff *resp)
398 {
399 	struct nfc_target *target = arg;
400 	struct digital_sdd_res *sdd_res;
401 	int rc;
402 	u8 offset, size;
403 	u8 i, bcc;
404 
405 	if (IS_ERR(resp)) {
406 		rc = PTR_ERR(resp);
407 		resp = NULL;
408 		goto exit;
409 	}
410 
411 	if (resp->len < DIGITAL_SDD_RES_LEN) {
412 		PROTOCOL_ERR("4.7.2.8");
413 		rc = -EINVAL;
414 		goto exit;
415 	}
416 
417 	sdd_res = (struct digital_sdd_res *)resp->data;
418 
419 	for (i = 0, bcc = 0; i < 4; i++)
420 		bcc ^= sdd_res->nfcid1[i];
421 
422 	if (bcc != sdd_res->bcc) {
423 		PROTOCOL_ERR("4.7.2.6");
424 		rc = -EINVAL;
425 		goto exit;
426 	}
427 
428 	if (sdd_res->nfcid1[0] == DIGITAL_SDD_RES_CT) {
429 		offset = 1;
430 		size = 3;
431 	} else {
432 		offset = 0;
433 		size = 4;
434 	}
435 
436 	memcpy(target->nfcid1 + target->nfcid1_len, sdd_res->nfcid1 + offset,
437 	       size);
438 	target->nfcid1_len += size;
439 
440 	rc = digital_in_send_sel_req(ddev, target, sdd_res);
441 
442 exit:
443 	dev_kfree_skb(resp);
444 
445 	if (rc) {
446 		kfree(target);
447 		digital_poll_next_tech(ddev);
448 	}
449 }
450 
451 static int digital_in_send_sdd_req(struct nfc_digital_dev *ddev,
452 				   struct nfc_target *target)
453 {
454 	int rc;
455 	struct sk_buff *skb;
456 	u8 sel_cmd;
457 
458 	rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
459 				     NFC_DIGITAL_FRAMING_NFCA_STANDARD);
460 	if (rc)
461 		return rc;
462 
463 	skb = digital_skb_alloc(ddev, 2);
464 	if (!skb)
465 		return -ENOMEM;
466 
467 	if (target->nfcid1_len == 0)
468 		sel_cmd = DIGITAL_CMD_SEL_REQ_CL1;
469 	else if (target->nfcid1_len == 3)
470 		sel_cmd = DIGITAL_CMD_SEL_REQ_CL2;
471 	else
472 		sel_cmd = DIGITAL_CMD_SEL_REQ_CL3;
473 
474 	skb_put_u8(skb, sel_cmd);
475 	skb_put_u8(skb, DIGITAL_SDD_REQ_SEL_PAR);
476 
477 	return digital_in_send_cmd(ddev, skb, 30, digital_in_recv_sdd_res,
478 				   target);
479 }
480 
481 static void digital_in_recv_sens_res(struct nfc_digital_dev *ddev, void *arg,
482 				     struct sk_buff *resp)
483 {
484 	struct nfc_target *target = NULL;
485 	int rc;
486 
487 	if (IS_ERR(resp)) {
488 		rc = PTR_ERR(resp);
489 		resp = NULL;
490 		goto exit;
491 	}
492 
493 	if (resp->len < sizeof(u16)) {
494 		rc = -EIO;
495 		goto exit;
496 	}
497 
498 	target = kzalloc(sizeof(struct nfc_target), GFP_KERNEL);
499 	if (!target) {
500 		rc = -ENOMEM;
501 		goto exit;
502 	}
503 
504 	target->sens_res = __le16_to_cpu(*(__le16 *)resp->data);
505 
506 	if (!DIGITAL_SENS_RES_IS_VALID(target->sens_res)) {
507 		PROTOCOL_ERR("4.6.3.3");
508 		rc = -EINVAL;
509 		goto exit;
510 	}
511 
512 	if (DIGITAL_SENS_RES_IS_T1T(target->sens_res))
513 		rc = digital_target_found(ddev, target, NFC_PROTO_JEWEL);
514 	else
515 		rc = digital_in_send_sdd_req(ddev, target);
516 
517 exit:
518 	dev_kfree_skb(resp);
519 
520 	if (rc) {
521 		kfree(target);
522 		digital_poll_next_tech(ddev);
523 	}
524 }
525 
526 int digital_in_send_sens_req(struct nfc_digital_dev *ddev, u8 rf_tech)
527 {
528 	struct sk_buff *skb;
529 	int rc;
530 
531 	rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_RF_TECH,
532 				     NFC_DIGITAL_RF_TECH_106A);
533 	if (rc)
534 		return rc;
535 
536 	rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
537 				     NFC_DIGITAL_FRAMING_NFCA_SHORT);
538 	if (rc)
539 		return rc;
540 
541 	skb = digital_skb_alloc(ddev, 1);
542 	if (!skb)
543 		return -ENOMEM;
544 
545 	skb_put_u8(skb, DIGITAL_CMD_SENS_REQ);
546 
547 	rc = digital_in_send_cmd(ddev, skb, 30, digital_in_recv_sens_res, NULL);
548 	if (rc)
549 		kfree_skb(skb);
550 
551 	return rc;
552 }
553 
554 int digital_in_recv_mifare_res(struct sk_buff *resp)
555 {
556 	/* Successful READ command response is 16 data bytes + 2 CRC bytes long.
557 	 * Since the driver can't differentiate a ACK/NACK response from a valid
558 	 * READ response, the CRC calculation must be handled at digital level
559 	 * even if the driver supports it for this technology.
560 	 */
561 	if (resp->len == DIGITAL_MIFARE_READ_RES_LEN + DIGITAL_CRC_LEN) {
562 		if (digital_skb_check_crc_a(resp)) {
563 			PROTOCOL_ERR("9.4.1.2");
564 			return -EIO;
565 		}
566 
567 		return 0;
568 	}
569 
570 	/* ACK response (i.e. successful WRITE). */
571 	if (resp->len == 1 && resp->data[0] == DIGITAL_MIFARE_ACK_RES) {
572 		resp->data[0] = 0;
573 		return 0;
574 	}
575 
576 	/* NACK and any other responses are treated as error. */
577 	return -EIO;
578 }
579 
580 static void digital_in_recv_attrib_res(struct nfc_digital_dev *ddev, void *arg,
581 				       struct sk_buff *resp)
582 {
583 	struct nfc_target *target = arg;
584 	struct digital_attrib_res *attrib_res;
585 	int rc;
586 
587 	if (IS_ERR(resp)) {
588 		rc = PTR_ERR(resp);
589 		resp = NULL;
590 		goto exit;
591 	}
592 
593 	if (resp->len < sizeof(*attrib_res)) {
594 		PROTOCOL_ERR("12.6.2");
595 		rc = -EIO;
596 		goto exit;
597 	}
598 
599 	attrib_res = (struct digital_attrib_res *)resp->data;
600 
601 	if (attrib_res->mbli_did & 0x0f) {
602 		PROTOCOL_ERR("12.6.2.1");
603 		rc = -EIO;
604 		goto exit;
605 	}
606 
607 	rc = digital_target_found(ddev, target, NFC_PROTO_ISO14443_B);
608 
609 exit:
610 	dev_kfree_skb(resp);
611 	kfree(target);
612 
613 	if (rc)
614 		digital_poll_next_tech(ddev);
615 }
616 
617 static int digital_in_send_attrib_req(struct nfc_digital_dev *ddev,
618 			       struct nfc_target *target,
619 			       struct digital_sensb_res *sensb_res)
620 {
621 	struct digital_attrib_req *attrib_req;
622 	struct sk_buff *skb;
623 	int rc;
624 
625 	skb = digital_skb_alloc(ddev, sizeof(*attrib_req));
626 	if (!skb)
627 		return -ENOMEM;
628 
629 	attrib_req = skb_put(skb, sizeof(*attrib_req));
630 
631 	attrib_req->cmd = DIGITAL_CMD_ATTRIB_REQ;
632 	memcpy(attrib_req->nfcid0, sensb_res->nfcid0,
633 	       sizeof(attrib_req->nfcid0));
634 	attrib_req->param1 = DIGITAL_ATTRIB_P1_TR0_DEFAULT |
635 			     DIGITAL_ATTRIB_P1_TR1_DEFAULT;
636 	attrib_req->param2 = DIGITAL_ATTRIB_P2_LISTEN_POLL_1 |
637 			     DIGITAL_ATTRIB_P2_POLL_LISTEN_1 |
638 			     DIGITAL_ATTRIB_P2_MAX_FRAME_256;
639 	attrib_req->param3 = sensb_res->proto_info[1] & 0x07;
640 	attrib_req->param4 = DIGITAL_ATTRIB_P4_DID(0);
641 
642 	rc = digital_in_send_cmd(ddev, skb, 30, digital_in_recv_attrib_res,
643 				 target);
644 	if (rc)
645 		kfree_skb(skb);
646 
647 	return rc;
648 }
649 
650 static void digital_in_recv_sensb_res(struct nfc_digital_dev *ddev, void *arg,
651 				      struct sk_buff *resp)
652 {
653 	struct nfc_target *target = NULL;
654 	struct digital_sensb_res *sensb_res;
655 	u8 fsci;
656 	int rc;
657 
658 	if (IS_ERR(resp)) {
659 		rc = PTR_ERR(resp);
660 		resp = NULL;
661 		goto exit;
662 	}
663 
664 	if (resp->len != sizeof(*sensb_res)) {
665 		PROTOCOL_ERR("5.6.2.1");
666 		rc = -EIO;
667 		goto exit;
668 	}
669 
670 	sensb_res = (struct digital_sensb_res *)resp->data;
671 
672 	if (sensb_res->cmd != DIGITAL_CMD_SENSB_RES) {
673 		PROTOCOL_ERR("5.6.2");
674 		rc = -EIO;
675 		goto exit;
676 	}
677 
678 	if (!(sensb_res->proto_info[1] & BIT(0))) {
679 		PROTOCOL_ERR("5.6.2.12");
680 		rc = -EIO;
681 		goto exit;
682 	}
683 
684 	if (sensb_res->proto_info[1] & BIT(3)) {
685 		PROTOCOL_ERR("5.6.2.16");
686 		rc = -EIO;
687 		goto exit;
688 	}
689 
690 	fsci = DIGITAL_SENSB_FSCI(sensb_res->proto_info[1]);
691 	if (fsci >= 8)
692 		ddev->target_fsc = DIGITAL_ATS_MAX_FSC;
693 	else
694 		ddev->target_fsc = digital_ats_fsc[fsci];
695 
696 	target = kzalloc(sizeof(struct nfc_target), GFP_KERNEL);
697 	if (!target) {
698 		rc = -ENOMEM;
699 		goto exit;
700 	}
701 
702 	rc = digital_in_send_attrib_req(ddev, target, sensb_res);
703 
704 exit:
705 	dev_kfree_skb(resp);
706 
707 	if (rc) {
708 		kfree(target);
709 		digital_poll_next_tech(ddev);
710 	}
711 }
712 
713 int digital_in_send_sensb_req(struct nfc_digital_dev *ddev, u8 rf_tech)
714 {
715 	struct digital_sensb_req *sensb_req;
716 	struct sk_buff *skb;
717 	int rc;
718 
719 	rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_RF_TECH,
720 				     NFC_DIGITAL_RF_TECH_106B);
721 	if (rc)
722 		return rc;
723 
724 	rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
725 				     NFC_DIGITAL_FRAMING_NFCB);
726 	if (rc)
727 		return rc;
728 
729 	skb = digital_skb_alloc(ddev, sizeof(*sensb_req));
730 	if (!skb)
731 		return -ENOMEM;
732 
733 	sensb_req = skb_put(skb, sizeof(*sensb_req));
734 
735 	sensb_req->cmd = DIGITAL_CMD_SENSB_REQ;
736 	sensb_req->afi = 0x00; /* All families and sub-families */
737 	sensb_req->param = DIGITAL_SENSB_N(0);
738 
739 	rc = digital_in_send_cmd(ddev, skb, 30, digital_in_recv_sensb_res,
740 				 NULL);
741 	if (rc)
742 		kfree_skb(skb);
743 
744 	return rc;
745 }
746 
747 static void digital_in_recv_sensf_res(struct nfc_digital_dev *ddev, void *arg,
748 				   struct sk_buff *resp)
749 {
750 	int rc;
751 	u8 proto;
752 	struct nfc_target target;
753 	struct digital_sensf_res *sensf_res;
754 
755 	if (IS_ERR(resp)) {
756 		rc = PTR_ERR(resp);
757 		resp = NULL;
758 		goto exit;
759 	}
760 
761 	if (resp->len < DIGITAL_SENSF_RES_MIN_LENGTH) {
762 		rc = -EIO;
763 		goto exit;
764 	}
765 
766 	if (!DIGITAL_DRV_CAPS_IN_CRC(ddev)) {
767 		rc = digital_skb_check_crc_f(resp);
768 		if (rc) {
769 			PROTOCOL_ERR("6.4.1.8");
770 			goto exit;
771 		}
772 	}
773 
774 	skb_pull(resp, 1);
775 
776 	memset(&target, 0, sizeof(struct nfc_target));
777 
778 	sensf_res = (struct digital_sensf_res *)resp->data;
779 
780 	memcpy(target.sensf_res, sensf_res, resp->len);
781 	target.sensf_res_len = resp->len;
782 
783 	memcpy(target.nfcid2, sensf_res->nfcid2, NFC_NFCID2_MAXSIZE);
784 	target.nfcid2_len = NFC_NFCID2_MAXSIZE;
785 
786 	if (target.nfcid2[0] == DIGITAL_SENSF_NFCID2_NFC_DEP_B1 &&
787 	    target.nfcid2[1] == DIGITAL_SENSF_NFCID2_NFC_DEP_B2)
788 		proto = NFC_PROTO_NFC_DEP;
789 	else
790 		proto = NFC_PROTO_FELICA;
791 
792 	rc = digital_target_found(ddev, &target, proto);
793 
794 exit:
795 	dev_kfree_skb(resp);
796 
797 	if (rc)
798 		digital_poll_next_tech(ddev);
799 }
800 
801 int digital_in_send_sensf_req(struct nfc_digital_dev *ddev, u8 rf_tech)
802 {
803 	struct digital_sensf_req *sensf_req;
804 	struct sk_buff *skb;
805 	int rc;
806 	u8 size;
807 
808 	rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_RF_TECH, rf_tech);
809 	if (rc)
810 		return rc;
811 
812 	rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
813 				     NFC_DIGITAL_FRAMING_NFCF);
814 	if (rc)
815 		return rc;
816 
817 	size = sizeof(struct digital_sensf_req);
818 
819 	skb = digital_skb_alloc(ddev, size);
820 	if (!skb)
821 		return -ENOMEM;
822 
823 	skb_put(skb, size);
824 
825 	sensf_req = (struct digital_sensf_req *)skb->data;
826 	sensf_req->cmd = DIGITAL_CMD_SENSF_REQ;
827 	sensf_req->sc1 = 0xFF;
828 	sensf_req->sc2 = 0xFF;
829 	sensf_req->rc = 0;
830 	sensf_req->tsn = 0;
831 
832 	*(u8 *)skb_push(skb, 1) = size + 1;
833 
834 	if (!DIGITAL_DRV_CAPS_IN_CRC(ddev))
835 		digital_skb_add_crc_f(skb);
836 
837 	rc = digital_in_send_cmd(ddev, skb, 30, digital_in_recv_sensf_res,
838 				 NULL);
839 	if (rc)
840 		kfree_skb(skb);
841 
842 	return rc;
843 }
844 
845 static void digital_in_recv_iso15693_inv_res(struct nfc_digital_dev *ddev,
846 		void *arg, struct sk_buff *resp)
847 {
848 	struct digital_iso15693_inv_res *res;
849 	struct nfc_target *target = NULL;
850 	int rc;
851 
852 	if (IS_ERR(resp)) {
853 		rc = PTR_ERR(resp);
854 		resp = NULL;
855 		goto out_free_skb;
856 	}
857 
858 	if (resp->len != sizeof(*res)) {
859 		rc = -EIO;
860 		goto out_free_skb;
861 	}
862 
863 	res = (struct digital_iso15693_inv_res *)resp->data;
864 
865 	if (!DIGITAL_ISO15693_RES_IS_VALID(res->flags)) {
866 		PROTOCOL_ERR("ISO15693 - 10.3.1");
867 		rc = -EINVAL;
868 		goto out_free_skb;
869 	}
870 
871 	target = kzalloc(sizeof(*target), GFP_KERNEL);
872 	if (!target) {
873 		rc = -ENOMEM;
874 		goto out_free_skb;
875 	}
876 
877 	target->is_iso15693 = 1;
878 	target->iso15693_dsfid = res->dsfid;
879 	memcpy(target->iso15693_uid, &res->uid, sizeof(target->iso15693_uid));
880 
881 	rc = digital_target_found(ddev, target, NFC_PROTO_ISO15693);
882 
883 	kfree(target);
884 
885 out_free_skb:
886 	dev_kfree_skb(resp);
887 
888 	if (rc)
889 		digital_poll_next_tech(ddev);
890 }
891 
892 int digital_in_send_iso15693_inv_req(struct nfc_digital_dev *ddev, u8 rf_tech)
893 {
894 	struct digital_iso15693_inv_req *req;
895 	struct sk_buff *skb;
896 	int rc;
897 
898 	rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_RF_TECH,
899 				     NFC_DIGITAL_RF_TECH_ISO15693);
900 	if (rc)
901 		return rc;
902 
903 	rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
904 				     NFC_DIGITAL_FRAMING_ISO15693_INVENTORY);
905 	if (rc)
906 		return rc;
907 
908 	skb = digital_skb_alloc(ddev, sizeof(*req));
909 	if (!skb)
910 		return -ENOMEM;
911 
912 	skb_put(skb, sizeof(*req) - sizeof(req->mask)); /* No mask */
913 	req = (struct digital_iso15693_inv_req *)skb->data;
914 
915 	/* Single sub-carrier, high data rate, no AFI, single slot
916 	 * Inventory command
917 	 */
918 	req->flags = DIGITAL_ISO15693_REQ_FLAG_DATA_RATE |
919 		     DIGITAL_ISO15693_REQ_FLAG_INVENTORY |
920 		     DIGITAL_ISO15693_REQ_FLAG_NB_SLOTS;
921 	req->cmd = DIGITAL_CMD_ISO15693_INVENTORY_REQ;
922 	req->mask_len = 0;
923 
924 	rc = digital_in_send_cmd(ddev, skb, 30,
925 				 digital_in_recv_iso15693_inv_res, NULL);
926 	if (rc)
927 		kfree_skb(skb);
928 
929 	return rc;
930 }
931 
932 static int digital_tg_send_sel_res(struct nfc_digital_dev *ddev)
933 {
934 	struct sk_buff *skb;
935 	int rc;
936 
937 	skb = digital_skb_alloc(ddev, 1);
938 	if (!skb)
939 		return -ENOMEM;
940 
941 	skb_put_u8(skb, DIGITAL_SEL_RES_NFC_DEP);
942 
943 	if (!DIGITAL_DRV_CAPS_TG_CRC(ddev))
944 		digital_skb_add_crc_a(skb);
945 
946 	rc = digital_tg_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
947 				     NFC_DIGITAL_FRAMING_NFCA_ANTICOL_COMPLETE);
948 	if (rc) {
949 		kfree_skb(skb);
950 		return rc;
951 	}
952 
953 	rc = digital_tg_send_cmd(ddev, skb, 300, digital_tg_recv_atr_req,
954 				 NULL);
955 	if (rc)
956 		kfree_skb(skb);
957 
958 	return rc;
959 }
960 
961 static void digital_tg_recv_sel_req(struct nfc_digital_dev *ddev, void *arg,
962 				    struct sk_buff *resp)
963 {
964 	int rc;
965 
966 	if (IS_ERR(resp)) {
967 		rc = PTR_ERR(resp);
968 		resp = NULL;
969 		goto exit;
970 	}
971 
972 	if (!DIGITAL_DRV_CAPS_TG_CRC(ddev)) {
973 		rc = digital_skb_check_crc_a(resp);
974 		if (rc) {
975 			PROTOCOL_ERR("4.4.1.3");
976 			goto exit;
977 		}
978 	}
979 
980 	/* Silently ignore SEL_REQ content and send a SEL_RES for NFC-DEP */
981 
982 	rc = digital_tg_send_sel_res(ddev);
983 
984 exit:
985 	if (rc)
986 		digital_poll_next_tech(ddev);
987 
988 	dev_kfree_skb(resp);
989 }
990 
991 static int digital_tg_send_sdd_res(struct nfc_digital_dev *ddev)
992 {
993 	struct sk_buff *skb;
994 	struct digital_sdd_res *sdd_res;
995 	int rc, i;
996 
997 	skb = digital_skb_alloc(ddev, sizeof(struct digital_sdd_res));
998 	if (!skb)
999 		return -ENOMEM;
1000 
1001 	skb_put(skb, sizeof(struct digital_sdd_res));
1002 	sdd_res = (struct digital_sdd_res *)skb->data;
1003 
1004 	sdd_res->nfcid1[0] = 0x08;
1005 	get_random_bytes(sdd_res->nfcid1 + 1, 3);
1006 
1007 	sdd_res->bcc = 0;
1008 	for (i = 0; i < 4; i++)
1009 		sdd_res->bcc ^= sdd_res->nfcid1[i];
1010 
1011 	rc = digital_tg_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
1012 				NFC_DIGITAL_FRAMING_NFCA_STANDARD_WITH_CRC_A);
1013 	if (rc) {
1014 		kfree_skb(skb);
1015 		return rc;
1016 	}
1017 
1018 	rc = digital_tg_send_cmd(ddev, skb, 300, digital_tg_recv_sel_req,
1019 				 NULL);
1020 	if (rc)
1021 		kfree_skb(skb);
1022 
1023 	return rc;
1024 }
1025 
1026 static void digital_tg_recv_sdd_req(struct nfc_digital_dev *ddev, void *arg,
1027 				    struct sk_buff *resp)
1028 {
1029 	u8 *sdd_req;
1030 	int rc;
1031 
1032 	if (IS_ERR(resp)) {
1033 		rc = PTR_ERR(resp);
1034 		resp = NULL;
1035 		goto exit;
1036 	}
1037 
1038 	sdd_req = resp->data;
1039 
1040 	if (resp->len < 2 || sdd_req[0] != DIGITAL_CMD_SEL_REQ_CL1 ||
1041 	    sdd_req[1] != DIGITAL_SDD_REQ_SEL_PAR) {
1042 		rc = -EINVAL;
1043 		goto exit;
1044 	}
1045 
1046 	rc = digital_tg_send_sdd_res(ddev);
1047 
1048 exit:
1049 	if (rc)
1050 		digital_poll_next_tech(ddev);
1051 
1052 	dev_kfree_skb(resp);
1053 }
1054 
1055 static int digital_tg_send_sens_res(struct nfc_digital_dev *ddev)
1056 {
1057 	struct sk_buff *skb;
1058 	u8 *sens_res;
1059 	int rc;
1060 
1061 	skb = digital_skb_alloc(ddev, 2);
1062 	if (!skb)
1063 		return -ENOMEM;
1064 
1065 	sens_res = skb_put(skb, 2);
1066 
1067 	sens_res[0] = (DIGITAL_SENS_RES_NFC_DEP >> 8) & 0xFF;
1068 	sens_res[1] = DIGITAL_SENS_RES_NFC_DEP & 0xFF;
1069 
1070 	rc = digital_tg_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
1071 				     NFC_DIGITAL_FRAMING_NFCA_STANDARD);
1072 	if (rc) {
1073 		kfree_skb(skb);
1074 		return rc;
1075 	}
1076 
1077 	rc = digital_tg_send_cmd(ddev, skb, 300, digital_tg_recv_sdd_req,
1078 				 NULL);
1079 	if (rc)
1080 		kfree_skb(skb);
1081 
1082 	return rc;
1083 }
1084 
1085 void digital_tg_recv_sens_req(struct nfc_digital_dev *ddev, void *arg,
1086 			      struct sk_buff *resp)
1087 {
1088 	u8 sens_req;
1089 	int rc;
1090 
1091 	if (IS_ERR(resp)) {
1092 		rc = PTR_ERR(resp);
1093 		resp = NULL;
1094 		goto exit;
1095 	}
1096 
1097 	sens_req = resp->data[0];
1098 
1099 	if (!resp->len || (sens_req != DIGITAL_CMD_SENS_REQ &&
1100 	    sens_req != DIGITAL_CMD_ALL_REQ)) {
1101 		rc = -EINVAL;
1102 		goto exit;
1103 	}
1104 
1105 	rc = digital_tg_send_sens_res(ddev);
1106 
1107 exit:
1108 	if (rc)
1109 		digital_poll_next_tech(ddev);
1110 
1111 	dev_kfree_skb(resp);
1112 }
1113 
1114 static void digital_tg_recv_atr_or_sensf_req(struct nfc_digital_dev *ddev,
1115 		void *arg, struct sk_buff *resp)
1116 {
1117 	if (!IS_ERR(resp) && (resp->len >= 2) &&
1118 			(resp->data[1] == DIGITAL_CMD_SENSF_REQ))
1119 		digital_tg_recv_sensf_req(ddev, arg, resp);
1120 	else
1121 		digital_tg_recv_atr_req(ddev, arg, resp);
1122 
1123 	return;
1124 }
1125 
1126 static int digital_tg_send_sensf_res(struct nfc_digital_dev *ddev,
1127 			      struct digital_sensf_req *sensf_req)
1128 {
1129 	struct sk_buff *skb;
1130 	u8 size;
1131 	int rc;
1132 	struct digital_sensf_res *sensf_res;
1133 
1134 	size = sizeof(struct digital_sensf_res);
1135 
1136 	if (sensf_req->rc == DIGITAL_SENSF_REQ_RC_NONE)
1137 		size -= sizeof(sensf_res->rd);
1138 
1139 	skb = digital_skb_alloc(ddev, size);
1140 	if (!skb)
1141 		return -ENOMEM;
1142 
1143 	skb_put(skb, size);
1144 
1145 	sensf_res = (struct digital_sensf_res *)skb->data;
1146 
1147 	memset(sensf_res, 0, size);
1148 
1149 	sensf_res->cmd = DIGITAL_CMD_SENSF_RES;
1150 	sensf_res->nfcid2[0] = DIGITAL_SENSF_NFCID2_NFC_DEP_B1;
1151 	sensf_res->nfcid2[1] = DIGITAL_SENSF_NFCID2_NFC_DEP_B2;
1152 	get_random_bytes(&sensf_res->nfcid2[2], 6);
1153 
1154 	switch (sensf_req->rc) {
1155 	case DIGITAL_SENSF_REQ_RC_SC:
1156 		sensf_res->rd[0] = sensf_req->sc1;
1157 		sensf_res->rd[1] = sensf_req->sc2;
1158 		break;
1159 	case DIGITAL_SENSF_REQ_RC_AP:
1160 		sensf_res->rd[0] = DIGITAL_SENSF_RES_RD_AP_B1;
1161 		sensf_res->rd[1] = DIGITAL_SENSF_RES_RD_AP_B2;
1162 		break;
1163 	}
1164 
1165 	*(u8 *)skb_push(skb, sizeof(u8)) = size + 1;
1166 
1167 	if (!DIGITAL_DRV_CAPS_TG_CRC(ddev))
1168 		digital_skb_add_crc_f(skb);
1169 
1170 	rc = digital_tg_send_cmd(ddev, skb, 300,
1171 				 digital_tg_recv_atr_or_sensf_req, NULL);
1172 	if (rc)
1173 		kfree_skb(skb);
1174 
1175 	return rc;
1176 }
1177 
1178 void digital_tg_recv_sensf_req(struct nfc_digital_dev *ddev, void *arg,
1179 			       struct sk_buff *resp)
1180 {
1181 	struct digital_sensf_req *sensf_req;
1182 	int rc;
1183 
1184 	if (IS_ERR(resp)) {
1185 		rc = PTR_ERR(resp);
1186 		resp = NULL;
1187 		goto exit;
1188 	}
1189 
1190 	if (!DIGITAL_DRV_CAPS_TG_CRC(ddev)) {
1191 		rc = digital_skb_check_crc_f(resp);
1192 		if (rc) {
1193 			PROTOCOL_ERR("6.4.1.8");
1194 			goto exit;
1195 		}
1196 	}
1197 
1198 	if (resp->len != sizeof(struct digital_sensf_req) + 1) {
1199 		rc = -EINVAL;
1200 		goto exit;
1201 	}
1202 
1203 	skb_pull(resp, 1);
1204 	sensf_req = (struct digital_sensf_req *)resp->data;
1205 
1206 	if (sensf_req->cmd != DIGITAL_CMD_SENSF_REQ) {
1207 		rc = -EINVAL;
1208 		goto exit;
1209 	}
1210 
1211 	rc = digital_tg_send_sensf_res(ddev, sensf_req);
1212 
1213 exit:
1214 	if (rc)
1215 		digital_poll_next_tech(ddev);
1216 
1217 	dev_kfree_skb(resp);
1218 }
1219 
1220 static int digital_tg_config_nfca(struct nfc_digital_dev *ddev)
1221 {
1222 	int rc;
1223 
1224 	rc = digital_tg_configure_hw(ddev, NFC_DIGITAL_CONFIG_RF_TECH,
1225 				     NFC_DIGITAL_RF_TECH_106A);
1226 	if (rc)
1227 		return rc;
1228 
1229 	return digital_tg_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
1230 				       NFC_DIGITAL_FRAMING_NFCA_NFC_DEP);
1231 }
1232 
1233 int digital_tg_listen_nfca(struct nfc_digital_dev *ddev, u8 rf_tech)
1234 {
1235 	int rc;
1236 
1237 	rc = digital_tg_config_nfca(ddev);
1238 	if (rc)
1239 		return rc;
1240 
1241 	return digital_tg_listen(ddev, 300, digital_tg_recv_sens_req, NULL);
1242 }
1243 
1244 static int digital_tg_config_nfcf(struct nfc_digital_dev *ddev, u8 rf_tech)
1245 {
1246 	int rc;
1247 
1248 	rc = digital_tg_configure_hw(ddev, NFC_DIGITAL_CONFIG_RF_TECH, rf_tech);
1249 	if (rc)
1250 		return rc;
1251 
1252 	return digital_tg_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
1253 				       NFC_DIGITAL_FRAMING_NFCF_NFC_DEP);
1254 }
1255 
1256 int digital_tg_listen_nfcf(struct nfc_digital_dev *ddev, u8 rf_tech)
1257 {
1258 	int rc;
1259 
1260 	rc = digital_tg_config_nfcf(ddev, rf_tech);
1261 	if (rc)
1262 		return rc;
1263 
1264 	return digital_tg_listen(ddev, 300, digital_tg_recv_sensf_req, NULL);
1265 }
1266 
1267 void digital_tg_recv_md_req(struct nfc_digital_dev *ddev, void *arg,
1268 			    struct sk_buff *resp)
1269 {
1270 	u8 rf_tech;
1271 	int rc;
1272 
1273 	if (IS_ERR(resp)) {
1274 		resp = NULL;
1275 		goto exit_free_skb;
1276 	}
1277 
1278 	rc = ddev->ops->tg_get_rf_tech(ddev, &rf_tech);
1279 	if (rc)
1280 		goto exit_free_skb;
1281 
1282 	switch (rf_tech) {
1283 	case NFC_DIGITAL_RF_TECH_106A:
1284 		rc = digital_tg_config_nfca(ddev);
1285 		if (rc)
1286 			goto exit_free_skb;
1287 		digital_tg_recv_sens_req(ddev, arg, resp);
1288 		break;
1289 	case NFC_DIGITAL_RF_TECH_212F:
1290 	case NFC_DIGITAL_RF_TECH_424F:
1291 		rc = digital_tg_config_nfcf(ddev, rf_tech);
1292 		if (rc)
1293 			goto exit_free_skb;
1294 		digital_tg_recv_sensf_req(ddev, arg, resp);
1295 		break;
1296 	default:
1297 		goto exit_free_skb;
1298 	}
1299 
1300 	return;
1301 
1302 exit_free_skb:
1303 	digital_poll_next_tech(ddev);
1304 	dev_kfree_skb(resp);
1305 }
1306