xref: /linux/net/nfc/digital_technology.c (revision c8bfe3fad4f86a029da7157bae9699c816f0c309)
1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  * NFC Digital Protocol stack
4  * Copyright (c) 2013, Intel Corporation.
5  */
6 
7 #define pr_fmt(fmt) "digital: %s: " fmt, __func__
8 
9 #include "digital.h"
10 
11 #define DIGITAL_CMD_SENS_REQ    0x26
12 #define DIGITAL_CMD_ALL_REQ     0x52
13 #define DIGITAL_CMD_SEL_REQ_CL1 0x93
14 #define DIGITAL_CMD_SEL_REQ_CL2 0x95
15 #define DIGITAL_CMD_SEL_REQ_CL3 0x97
16 
17 #define DIGITAL_SDD_REQ_SEL_PAR 0x20
18 
19 #define DIGITAL_SDD_RES_CT  0x88
20 #define DIGITAL_SDD_RES_LEN 5
21 #define DIGITAL_SEL_RES_LEN 1
22 
23 #define DIGITAL_SEL_RES_NFCID1_COMPLETE(sel_res) (!((sel_res) & 0x04))
24 #define DIGITAL_SEL_RES_IS_T2T(sel_res) (!((sel_res) & 0x60))
25 #define DIGITAL_SEL_RES_IS_T4T(sel_res) ((sel_res) & 0x20)
26 #define DIGITAL_SEL_RES_IS_NFC_DEP(sel_res) ((sel_res) & 0x40)
27 
28 #define DIGITAL_SENS_RES_IS_T1T(sens_res) (((sens_res) & 0x0C00) == 0x0C00)
29 #define DIGITAL_SENS_RES_IS_VALID(sens_res) \
30 	((!((sens_res) & 0x001F) && (((sens_res) & 0x0C00) == 0x0C00)) || \
31 	(((sens_res) & 0x001F) && ((sens_res) & 0x0C00) != 0x0C00))
32 
33 #define DIGITAL_MIFARE_READ_RES_LEN 16
34 #define DIGITAL_MIFARE_ACK_RES	0x0A
35 
36 #define DIGITAL_CMD_SENSB_REQ			0x05
37 #define DIGITAL_SENSB_ADVANCED			BIT(5)
38 #define DIGITAL_SENSB_EXTENDED			BIT(4)
39 #define DIGITAL_SENSB_ALLB_REQ			BIT(3)
40 #define DIGITAL_SENSB_N(n)			((n) & 0x7)
41 
42 #define DIGITAL_CMD_SENSB_RES			0x50
43 
44 #define DIGITAL_CMD_ATTRIB_REQ			0x1D
45 #define DIGITAL_ATTRIB_P1_TR0_DEFAULT		(0x0 << 6)
46 #define DIGITAL_ATTRIB_P1_TR1_DEFAULT		(0x0 << 4)
47 #define DIGITAL_ATTRIB_P1_SUPRESS_EOS		BIT(3)
48 #define DIGITAL_ATTRIB_P1_SUPRESS_SOS		BIT(2)
49 #define DIGITAL_ATTRIB_P2_LISTEN_POLL_1		(0x0 << 6)
50 #define DIGITAL_ATTRIB_P2_POLL_LISTEN_1		(0x0 << 4)
51 #define DIGITAL_ATTRIB_P2_MAX_FRAME_256		0x8
52 #define DIGITAL_ATTRIB_P4_DID(n)		((n) & 0xf)
53 
54 #define DIGITAL_CMD_SENSF_REQ	0x00
55 #define DIGITAL_CMD_SENSF_RES	0x01
56 
57 #define DIGITAL_SENSF_RES_MIN_LENGTH 17
58 #define DIGITAL_SENSF_RES_RD_AP_B1   0x00
59 #define DIGITAL_SENSF_RES_RD_AP_B2   0x8F
60 
61 #define DIGITAL_SENSF_REQ_RC_NONE 0
62 #define DIGITAL_SENSF_REQ_RC_SC   1
63 #define DIGITAL_SENSF_REQ_RC_AP   2
64 
65 #define DIGITAL_CMD_ISO15693_INVENTORY_REQ	0x01
66 
67 #define DIGITAL_ISO15693_REQ_FLAG_DATA_RATE	BIT(1)
68 #define DIGITAL_ISO15693_REQ_FLAG_INVENTORY	BIT(2)
69 #define DIGITAL_ISO15693_REQ_FLAG_NB_SLOTS	BIT(5)
70 #define DIGITAL_ISO15693_RES_FLAG_ERROR		BIT(0)
71 #define DIGITAL_ISO15693_RES_IS_VALID(flags) \
72 	(!((flags) & DIGITAL_ISO15693_RES_FLAG_ERROR))
73 
74 #define DIGITAL_ISO_DEP_I_PCB	 0x02
75 #define DIGITAL_ISO_DEP_PNI(pni) ((pni) & 0x01)
76 
77 #define DIGITAL_ISO_DEP_PCB_TYPE(pcb) ((pcb) & 0xC0)
78 
79 #define DIGITAL_ISO_DEP_I_BLOCK 0x00
80 
81 #define DIGITAL_ISO_DEP_BLOCK_HAS_DID(pcb) ((pcb) & 0x08)
82 
83 static const u8 digital_ats_fsc[] = {
84 	 16,  24,  32,  40,  48,  64,  96, 128,
85 };
86 
87 #define DIGITAL_ATS_FSCI(t0) ((t0) & 0x0F)
88 #define DIGITAL_SENSB_FSCI(pi2) (((pi2) & 0xF0) >> 4)
89 #define DIGITAL_ATS_MAX_FSC  256
90 
91 #define DIGITAL_RATS_BYTE1 0xE0
92 #define DIGITAL_RATS_PARAM 0x80
93 
94 struct digital_sdd_res {
95 	u8 nfcid1[4];
96 	u8 bcc;
97 } __packed;
98 
99 struct digital_sel_req {
100 	u8 sel_cmd;
101 	u8 b2;
102 	u8 nfcid1[4];
103 	u8 bcc;
104 } __packed;
105 
106 struct digital_sensb_req {
107 	u8 cmd;
108 	u8 afi;
109 	u8 param;
110 } __packed;
111 
112 struct digital_sensb_res {
113 	u8 cmd;
114 	u8 nfcid0[4];
115 	u8 app_data[4];
116 	u8 proto_info[3];
117 } __packed;
118 
119 struct digital_attrib_req {
120 	u8 cmd;
121 	u8 nfcid0[4];
122 	u8 param1;
123 	u8 param2;
124 	u8 param3;
125 	u8 param4;
126 } __packed;
127 
128 struct digital_attrib_res {
129 	u8 mbli_did;
130 } __packed;
131 
132 struct digital_sensf_req {
133 	u8 cmd;
134 	u8 sc1;
135 	u8 sc2;
136 	u8 rc;
137 	u8 tsn;
138 } __packed;
139 
140 struct digital_sensf_res {
141 	u8 cmd;
142 	u8 nfcid2[8];
143 	u8 pad0[2];
144 	u8 pad1[3];
145 	u8 mrti_check;
146 	u8 mrti_update;
147 	u8 pad2;
148 	u8 rd[2];
149 } __packed;
150 
151 struct digital_iso15693_inv_req {
152 	u8 flags;
153 	u8 cmd;
154 	u8 mask_len;
155 	u64 mask;
156 } __packed;
157 
158 struct digital_iso15693_inv_res {
159 	u8 flags;
160 	u8 dsfid;
161 	u64 uid;
162 } __packed;
163 
164 static int digital_in_send_sdd_req(struct nfc_digital_dev *ddev,
165 				   struct nfc_target *target);
166 
167 int digital_in_iso_dep_pull_sod(struct nfc_digital_dev *ddev,
168 				struct sk_buff *skb)
169 {
170 	u8 pcb;
171 	u8 block_type;
172 
173 	if (skb->len < 1)
174 		return -EIO;
175 
176 	pcb = *skb->data;
177 	block_type = DIGITAL_ISO_DEP_PCB_TYPE(pcb);
178 
179 	/* No support fo R-block nor S-block */
180 	if (block_type != DIGITAL_ISO_DEP_I_BLOCK) {
181 		pr_err("ISO_DEP R-block and S-block not supported\n");
182 		return -EIO;
183 	}
184 
185 	if (DIGITAL_ISO_DEP_BLOCK_HAS_DID(pcb)) {
186 		pr_err("DID field in ISO_DEP PCB not supported\n");
187 		return -EIO;
188 	}
189 
190 	skb_pull(skb, 1);
191 
192 	return 0;
193 }
194 
195 int digital_in_iso_dep_push_sod(struct nfc_digital_dev *ddev,
196 				struct sk_buff *skb)
197 {
198 	/*
199 	 * Chaining not supported so skb->len + 1 PCB byte + 2 CRC bytes must
200 	 * not be greater than remote FSC
201 	 */
202 	if (skb->len + 3 > ddev->target_fsc)
203 		return -EIO;
204 
205 	skb_push(skb, 1);
206 
207 	*skb->data = DIGITAL_ISO_DEP_I_PCB | ddev->curr_nfc_dep_pni;
208 
209 	ddev->curr_nfc_dep_pni =
210 		DIGITAL_ISO_DEP_PNI(ddev->curr_nfc_dep_pni + 1);
211 
212 	return 0;
213 }
214 
215 static void digital_in_recv_ats(struct nfc_digital_dev *ddev, void *arg,
216 				struct sk_buff *resp)
217 {
218 	struct nfc_target *target = arg;
219 	u8 fsdi;
220 	int rc;
221 
222 	if (IS_ERR(resp)) {
223 		rc = PTR_ERR(resp);
224 		resp = NULL;
225 		goto exit;
226 	}
227 
228 	if (resp->len < 2) {
229 		rc = -EIO;
230 		goto exit;
231 	}
232 
233 	fsdi = DIGITAL_ATS_FSCI(resp->data[1]);
234 	if (fsdi >= 8)
235 		ddev->target_fsc = DIGITAL_ATS_MAX_FSC;
236 	else
237 		ddev->target_fsc = digital_ats_fsc[fsdi];
238 
239 	ddev->curr_nfc_dep_pni = 0;
240 
241 	rc = digital_target_found(ddev, target, NFC_PROTO_ISO14443);
242 
243 exit:
244 	dev_kfree_skb(resp);
245 	kfree(target);
246 
247 	if (rc)
248 		digital_poll_next_tech(ddev);
249 }
250 
251 static int digital_in_send_rats(struct nfc_digital_dev *ddev,
252 				struct nfc_target *target)
253 {
254 	int rc;
255 	struct sk_buff *skb;
256 
257 	skb = digital_skb_alloc(ddev, 2);
258 	if (!skb)
259 		return -ENOMEM;
260 
261 	skb_put_u8(skb, DIGITAL_RATS_BYTE1);
262 	skb_put_u8(skb, DIGITAL_RATS_PARAM);
263 
264 	rc = digital_in_send_cmd(ddev, skb, 30, digital_in_recv_ats,
265 				 target);
266 	if (rc)
267 		kfree_skb(skb);
268 
269 	return rc;
270 }
271 
272 static void digital_in_recv_sel_res(struct nfc_digital_dev *ddev, void *arg,
273 				    struct sk_buff *resp)
274 {
275 	struct nfc_target *target = arg;
276 	int rc;
277 	u8 sel_res;
278 	u8 nfc_proto;
279 
280 	if (IS_ERR(resp)) {
281 		rc = PTR_ERR(resp);
282 		resp = NULL;
283 		goto exit;
284 	}
285 
286 	if (!DIGITAL_DRV_CAPS_IN_CRC(ddev)) {
287 		rc = digital_skb_check_crc_a(resp);
288 		if (rc) {
289 			PROTOCOL_ERR("4.4.1.3");
290 			goto exit;
291 		}
292 	}
293 
294 	if (resp->len != DIGITAL_SEL_RES_LEN) {
295 		rc = -EIO;
296 		goto exit;
297 	}
298 
299 	sel_res = resp->data[0];
300 
301 	if (!DIGITAL_SEL_RES_NFCID1_COMPLETE(sel_res)) {
302 		rc = digital_in_send_sdd_req(ddev, target);
303 		if (rc)
304 			goto exit;
305 
306 		goto exit_free_skb;
307 	}
308 
309 	target->sel_res = sel_res;
310 
311 	if (DIGITAL_SEL_RES_IS_T2T(sel_res)) {
312 		nfc_proto = NFC_PROTO_MIFARE;
313 	} else if (DIGITAL_SEL_RES_IS_NFC_DEP(sel_res)) {
314 		nfc_proto = NFC_PROTO_NFC_DEP;
315 	} else if (DIGITAL_SEL_RES_IS_T4T(sel_res)) {
316 		rc = digital_in_send_rats(ddev, target);
317 		if (rc)
318 			goto exit;
319 		/*
320 		 * Skip target_found and don't free it for now. This will be
321 		 * done when receiving the ATS
322 		 */
323 		goto exit_free_skb;
324 	} else {
325 		rc = -EOPNOTSUPP;
326 		goto exit;
327 	}
328 
329 	rc = digital_target_found(ddev, target, nfc_proto);
330 
331 exit:
332 	kfree(target);
333 
334 exit_free_skb:
335 	dev_kfree_skb(resp);
336 
337 	if (rc)
338 		digital_poll_next_tech(ddev);
339 }
340 
341 static int digital_in_send_sel_req(struct nfc_digital_dev *ddev,
342 				   struct nfc_target *target,
343 				   struct digital_sdd_res *sdd_res)
344 {
345 	struct sk_buff *skb;
346 	struct digital_sel_req *sel_req;
347 	u8 sel_cmd;
348 	int rc;
349 
350 	skb = digital_skb_alloc(ddev, sizeof(struct digital_sel_req));
351 	if (!skb)
352 		return -ENOMEM;
353 
354 	skb_put(skb, sizeof(struct digital_sel_req));
355 	sel_req = (struct digital_sel_req *)skb->data;
356 
357 	if (target->nfcid1_len <= 4)
358 		sel_cmd = DIGITAL_CMD_SEL_REQ_CL1;
359 	else if (target->nfcid1_len < 10)
360 		sel_cmd = DIGITAL_CMD_SEL_REQ_CL2;
361 	else
362 		sel_cmd = DIGITAL_CMD_SEL_REQ_CL3;
363 
364 	sel_req->sel_cmd = sel_cmd;
365 	sel_req->b2 = 0x70;
366 	memcpy(sel_req->nfcid1, sdd_res->nfcid1, 4);
367 	sel_req->bcc = sdd_res->bcc;
368 
369 	if (DIGITAL_DRV_CAPS_IN_CRC(ddev)) {
370 		rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
371 				NFC_DIGITAL_FRAMING_NFCA_STANDARD_WITH_CRC_A);
372 		if (rc)
373 			goto exit;
374 	} else {
375 		digital_skb_add_crc_a(skb);
376 	}
377 
378 	rc = digital_in_send_cmd(ddev, skb, 30, digital_in_recv_sel_res,
379 				 target);
380 exit:
381 	if (rc)
382 		kfree_skb(skb);
383 
384 	return rc;
385 }
386 
387 static void digital_in_recv_sdd_res(struct nfc_digital_dev *ddev, void *arg,
388 				    struct sk_buff *resp)
389 {
390 	struct nfc_target *target = arg;
391 	struct digital_sdd_res *sdd_res;
392 	int rc;
393 	u8 offset, size;
394 	u8 i, bcc;
395 
396 	if (IS_ERR(resp)) {
397 		rc = PTR_ERR(resp);
398 		resp = NULL;
399 		goto exit;
400 	}
401 
402 	if (resp->len < DIGITAL_SDD_RES_LEN) {
403 		PROTOCOL_ERR("4.7.2.8");
404 		rc = -EINVAL;
405 		goto exit;
406 	}
407 
408 	sdd_res = (struct digital_sdd_res *)resp->data;
409 
410 	for (i = 0, bcc = 0; i < 4; i++)
411 		bcc ^= sdd_res->nfcid1[i];
412 
413 	if (bcc != sdd_res->bcc) {
414 		PROTOCOL_ERR("4.7.2.6");
415 		rc = -EINVAL;
416 		goto exit;
417 	}
418 
419 	if (sdd_res->nfcid1[0] == DIGITAL_SDD_RES_CT) {
420 		offset = 1;
421 		size = 3;
422 	} else {
423 		offset = 0;
424 		size = 4;
425 	}
426 
427 	memcpy(target->nfcid1 + target->nfcid1_len, sdd_res->nfcid1 + offset,
428 	       size);
429 	target->nfcid1_len += size;
430 
431 	rc = digital_in_send_sel_req(ddev, target, sdd_res);
432 
433 exit:
434 	dev_kfree_skb(resp);
435 
436 	if (rc) {
437 		kfree(target);
438 		digital_poll_next_tech(ddev);
439 	}
440 }
441 
442 static int digital_in_send_sdd_req(struct nfc_digital_dev *ddev,
443 				   struct nfc_target *target)
444 {
445 	int rc;
446 	struct sk_buff *skb;
447 	u8 sel_cmd;
448 
449 	rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
450 				     NFC_DIGITAL_FRAMING_NFCA_STANDARD);
451 	if (rc)
452 		return rc;
453 
454 	skb = digital_skb_alloc(ddev, 2);
455 	if (!skb)
456 		return -ENOMEM;
457 
458 	if (target->nfcid1_len == 0)
459 		sel_cmd = DIGITAL_CMD_SEL_REQ_CL1;
460 	else if (target->nfcid1_len == 3)
461 		sel_cmd = DIGITAL_CMD_SEL_REQ_CL2;
462 	else
463 		sel_cmd = DIGITAL_CMD_SEL_REQ_CL3;
464 
465 	skb_put_u8(skb, sel_cmd);
466 	skb_put_u8(skb, DIGITAL_SDD_REQ_SEL_PAR);
467 
468 	rc = digital_in_send_cmd(ddev, skb, 30, digital_in_recv_sdd_res,
469 				 target);
470 	if (rc)
471 		kfree_skb(skb);
472 
473 	return rc;
474 }
475 
476 static void digital_in_recv_sens_res(struct nfc_digital_dev *ddev, void *arg,
477 				     struct sk_buff *resp)
478 {
479 	struct nfc_target *target = NULL;
480 	int rc;
481 
482 	if (IS_ERR(resp)) {
483 		rc = PTR_ERR(resp);
484 		resp = NULL;
485 		goto exit;
486 	}
487 
488 	if (resp->len < sizeof(u16)) {
489 		rc = -EIO;
490 		goto exit;
491 	}
492 
493 	target = kzalloc(sizeof(struct nfc_target), GFP_KERNEL);
494 	if (!target) {
495 		rc = -ENOMEM;
496 		goto exit;
497 	}
498 
499 	target->sens_res = __le16_to_cpu(*(__le16 *)resp->data);
500 
501 	if (!DIGITAL_SENS_RES_IS_VALID(target->sens_res)) {
502 		PROTOCOL_ERR("4.6.3.3");
503 		rc = -EINVAL;
504 		goto exit;
505 	}
506 
507 	if (DIGITAL_SENS_RES_IS_T1T(target->sens_res))
508 		rc = digital_target_found(ddev, target, NFC_PROTO_JEWEL);
509 	else
510 		rc = digital_in_send_sdd_req(ddev, target);
511 
512 exit:
513 	dev_kfree_skb(resp);
514 
515 	if (rc) {
516 		kfree(target);
517 		digital_poll_next_tech(ddev);
518 	}
519 }
520 
521 int digital_in_send_sens_req(struct nfc_digital_dev *ddev, u8 rf_tech)
522 {
523 	struct sk_buff *skb;
524 	int rc;
525 
526 	rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_RF_TECH,
527 				     NFC_DIGITAL_RF_TECH_106A);
528 	if (rc)
529 		return rc;
530 
531 	rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
532 				     NFC_DIGITAL_FRAMING_NFCA_SHORT);
533 	if (rc)
534 		return rc;
535 
536 	skb = digital_skb_alloc(ddev, 1);
537 	if (!skb)
538 		return -ENOMEM;
539 
540 	skb_put_u8(skb, DIGITAL_CMD_SENS_REQ);
541 
542 	rc = digital_in_send_cmd(ddev, skb, 30, digital_in_recv_sens_res, NULL);
543 	if (rc)
544 		kfree_skb(skb);
545 
546 	return rc;
547 }
548 
549 int digital_in_recv_mifare_res(struct sk_buff *resp)
550 {
551 	/* Successful READ command response is 16 data bytes + 2 CRC bytes long.
552 	 * Since the driver can't differentiate a ACK/NACK response from a valid
553 	 * READ response, the CRC calculation must be handled at digital level
554 	 * even if the driver supports it for this technology.
555 	 */
556 	if (resp->len == DIGITAL_MIFARE_READ_RES_LEN + DIGITAL_CRC_LEN) {
557 		if (digital_skb_check_crc_a(resp)) {
558 			PROTOCOL_ERR("9.4.1.2");
559 			return -EIO;
560 		}
561 
562 		return 0;
563 	}
564 
565 	/* ACK response (i.e. successful WRITE). */
566 	if (resp->len == 1 && resp->data[0] == DIGITAL_MIFARE_ACK_RES) {
567 		resp->data[0] = 0;
568 		return 0;
569 	}
570 
571 	/* NACK and any other responses are treated as error. */
572 	return -EIO;
573 }
574 
575 static void digital_in_recv_attrib_res(struct nfc_digital_dev *ddev, void *arg,
576 				       struct sk_buff *resp)
577 {
578 	struct nfc_target *target = arg;
579 	struct digital_attrib_res *attrib_res;
580 	int rc;
581 
582 	if (IS_ERR(resp)) {
583 		rc = PTR_ERR(resp);
584 		resp = NULL;
585 		goto exit;
586 	}
587 
588 	if (resp->len < sizeof(*attrib_res)) {
589 		PROTOCOL_ERR("12.6.2");
590 		rc = -EIO;
591 		goto exit;
592 	}
593 
594 	attrib_res = (struct digital_attrib_res *)resp->data;
595 
596 	if (attrib_res->mbli_did & 0x0f) {
597 		PROTOCOL_ERR("12.6.2.1");
598 		rc = -EIO;
599 		goto exit;
600 	}
601 
602 	rc = digital_target_found(ddev, target, NFC_PROTO_ISO14443_B);
603 
604 exit:
605 	dev_kfree_skb(resp);
606 	kfree(target);
607 
608 	if (rc)
609 		digital_poll_next_tech(ddev);
610 }
611 
612 static int digital_in_send_attrib_req(struct nfc_digital_dev *ddev,
613 			       struct nfc_target *target,
614 			       struct digital_sensb_res *sensb_res)
615 {
616 	struct digital_attrib_req *attrib_req;
617 	struct sk_buff *skb;
618 	int rc;
619 
620 	skb = digital_skb_alloc(ddev, sizeof(*attrib_req));
621 	if (!skb)
622 		return -ENOMEM;
623 
624 	attrib_req = skb_put(skb, sizeof(*attrib_req));
625 
626 	attrib_req->cmd = DIGITAL_CMD_ATTRIB_REQ;
627 	memcpy(attrib_req->nfcid0, sensb_res->nfcid0,
628 	       sizeof(attrib_req->nfcid0));
629 	attrib_req->param1 = DIGITAL_ATTRIB_P1_TR0_DEFAULT |
630 			     DIGITAL_ATTRIB_P1_TR1_DEFAULT;
631 	attrib_req->param2 = DIGITAL_ATTRIB_P2_LISTEN_POLL_1 |
632 			     DIGITAL_ATTRIB_P2_POLL_LISTEN_1 |
633 			     DIGITAL_ATTRIB_P2_MAX_FRAME_256;
634 	attrib_req->param3 = sensb_res->proto_info[1] & 0x07;
635 	attrib_req->param4 = DIGITAL_ATTRIB_P4_DID(0);
636 
637 	rc = digital_in_send_cmd(ddev, skb, 30, digital_in_recv_attrib_res,
638 				 target);
639 	if (rc)
640 		kfree_skb(skb);
641 
642 	return rc;
643 }
644 
645 static void digital_in_recv_sensb_res(struct nfc_digital_dev *ddev, void *arg,
646 				      struct sk_buff *resp)
647 {
648 	struct nfc_target *target = NULL;
649 	struct digital_sensb_res *sensb_res;
650 	u8 fsci;
651 	int rc;
652 
653 	if (IS_ERR(resp)) {
654 		rc = PTR_ERR(resp);
655 		resp = NULL;
656 		goto exit;
657 	}
658 
659 	if (resp->len != sizeof(*sensb_res)) {
660 		PROTOCOL_ERR("5.6.2.1");
661 		rc = -EIO;
662 		goto exit;
663 	}
664 
665 	sensb_res = (struct digital_sensb_res *)resp->data;
666 
667 	if (sensb_res->cmd != DIGITAL_CMD_SENSB_RES) {
668 		PROTOCOL_ERR("5.6.2");
669 		rc = -EIO;
670 		goto exit;
671 	}
672 
673 	if (!(sensb_res->proto_info[1] & BIT(0))) {
674 		PROTOCOL_ERR("5.6.2.12");
675 		rc = -EIO;
676 		goto exit;
677 	}
678 
679 	if (sensb_res->proto_info[1] & BIT(3)) {
680 		PROTOCOL_ERR("5.6.2.16");
681 		rc = -EIO;
682 		goto exit;
683 	}
684 
685 	fsci = DIGITAL_SENSB_FSCI(sensb_res->proto_info[1]);
686 	if (fsci >= 8)
687 		ddev->target_fsc = DIGITAL_ATS_MAX_FSC;
688 	else
689 		ddev->target_fsc = digital_ats_fsc[fsci];
690 
691 	target = kzalloc(sizeof(struct nfc_target), GFP_KERNEL);
692 	if (!target) {
693 		rc = -ENOMEM;
694 		goto exit;
695 	}
696 
697 	rc = digital_in_send_attrib_req(ddev, target, sensb_res);
698 
699 exit:
700 	dev_kfree_skb(resp);
701 
702 	if (rc) {
703 		kfree(target);
704 		digital_poll_next_tech(ddev);
705 	}
706 }
707 
708 int digital_in_send_sensb_req(struct nfc_digital_dev *ddev, u8 rf_tech)
709 {
710 	struct digital_sensb_req *sensb_req;
711 	struct sk_buff *skb;
712 	int rc;
713 
714 	rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_RF_TECH,
715 				     NFC_DIGITAL_RF_TECH_106B);
716 	if (rc)
717 		return rc;
718 
719 	rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
720 				     NFC_DIGITAL_FRAMING_NFCB);
721 	if (rc)
722 		return rc;
723 
724 	skb = digital_skb_alloc(ddev, sizeof(*sensb_req));
725 	if (!skb)
726 		return -ENOMEM;
727 
728 	sensb_req = skb_put(skb, sizeof(*sensb_req));
729 
730 	sensb_req->cmd = DIGITAL_CMD_SENSB_REQ;
731 	sensb_req->afi = 0x00; /* All families and sub-families */
732 	sensb_req->param = DIGITAL_SENSB_N(0);
733 
734 	rc = digital_in_send_cmd(ddev, skb, 30, digital_in_recv_sensb_res,
735 				 NULL);
736 	if (rc)
737 		kfree_skb(skb);
738 
739 	return rc;
740 }
741 
742 static void digital_in_recv_sensf_res(struct nfc_digital_dev *ddev, void *arg,
743 				   struct sk_buff *resp)
744 {
745 	int rc;
746 	u8 proto;
747 	struct nfc_target target;
748 	struct digital_sensf_res *sensf_res;
749 
750 	if (IS_ERR(resp)) {
751 		rc = PTR_ERR(resp);
752 		resp = NULL;
753 		goto exit;
754 	}
755 
756 	if (resp->len < DIGITAL_SENSF_RES_MIN_LENGTH) {
757 		rc = -EIO;
758 		goto exit;
759 	}
760 
761 	if (!DIGITAL_DRV_CAPS_IN_CRC(ddev)) {
762 		rc = digital_skb_check_crc_f(resp);
763 		if (rc) {
764 			PROTOCOL_ERR("6.4.1.8");
765 			goto exit;
766 		}
767 	}
768 
769 	skb_pull(resp, 1);
770 
771 	memset(&target, 0, sizeof(struct nfc_target));
772 
773 	sensf_res = (struct digital_sensf_res *)resp->data;
774 
775 	memcpy(target.sensf_res, sensf_res, resp->len);
776 	target.sensf_res_len = resp->len;
777 
778 	memcpy(target.nfcid2, sensf_res->nfcid2, NFC_NFCID2_MAXSIZE);
779 	target.nfcid2_len = NFC_NFCID2_MAXSIZE;
780 
781 	if (target.nfcid2[0] == DIGITAL_SENSF_NFCID2_NFC_DEP_B1 &&
782 	    target.nfcid2[1] == DIGITAL_SENSF_NFCID2_NFC_DEP_B2)
783 		proto = NFC_PROTO_NFC_DEP;
784 	else
785 		proto = NFC_PROTO_FELICA;
786 
787 	rc = digital_target_found(ddev, &target, proto);
788 
789 exit:
790 	dev_kfree_skb(resp);
791 
792 	if (rc)
793 		digital_poll_next_tech(ddev);
794 }
795 
796 int digital_in_send_sensf_req(struct nfc_digital_dev *ddev, u8 rf_tech)
797 {
798 	struct digital_sensf_req *sensf_req;
799 	struct sk_buff *skb;
800 	int rc;
801 	u8 size;
802 
803 	rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_RF_TECH, rf_tech);
804 	if (rc)
805 		return rc;
806 
807 	rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
808 				     NFC_DIGITAL_FRAMING_NFCF);
809 	if (rc)
810 		return rc;
811 
812 	size = sizeof(struct digital_sensf_req);
813 
814 	skb = digital_skb_alloc(ddev, size);
815 	if (!skb)
816 		return -ENOMEM;
817 
818 	skb_put(skb, size);
819 
820 	sensf_req = (struct digital_sensf_req *)skb->data;
821 	sensf_req->cmd = DIGITAL_CMD_SENSF_REQ;
822 	sensf_req->sc1 = 0xFF;
823 	sensf_req->sc2 = 0xFF;
824 	sensf_req->rc = 0;
825 	sensf_req->tsn = 0;
826 
827 	*(u8 *)skb_push(skb, 1) = size + 1;
828 
829 	if (!DIGITAL_DRV_CAPS_IN_CRC(ddev))
830 		digital_skb_add_crc_f(skb);
831 
832 	rc = digital_in_send_cmd(ddev, skb, 30, digital_in_recv_sensf_res,
833 				 NULL);
834 	if (rc)
835 		kfree_skb(skb);
836 
837 	return rc;
838 }
839 
840 static void digital_in_recv_iso15693_inv_res(struct nfc_digital_dev *ddev,
841 		void *arg, struct sk_buff *resp)
842 {
843 	struct digital_iso15693_inv_res *res;
844 	struct nfc_target *target = NULL;
845 	int rc;
846 
847 	if (IS_ERR(resp)) {
848 		rc = PTR_ERR(resp);
849 		resp = NULL;
850 		goto out_free_skb;
851 	}
852 
853 	if (resp->len != sizeof(*res)) {
854 		rc = -EIO;
855 		goto out_free_skb;
856 	}
857 
858 	res = (struct digital_iso15693_inv_res *)resp->data;
859 
860 	if (!DIGITAL_ISO15693_RES_IS_VALID(res->flags)) {
861 		PROTOCOL_ERR("ISO15693 - 10.3.1");
862 		rc = -EINVAL;
863 		goto out_free_skb;
864 	}
865 
866 	target = kzalloc(sizeof(*target), GFP_KERNEL);
867 	if (!target) {
868 		rc = -ENOMEM;
869 		goto out_free_skb;
870 	}
871 
872 	target->is_iso15693 = 1;
873 	target->iso15693_dsfid = res->dsfid;
874 	memcpy(target->iso15693_uid, &res->uid, sizeof(target->iso15693_uid));
875 
876 	rc = digital_target_found(ddev, target, NFC_PROTO_ISO15693);
877 
878 	kfree(target);
879 
880 out_free_skb:
881 	dev_kfree_skb(resp);
882 
883 	if (rc)
884 		digital_poll_next_tech(ddev);
885 }
886 
887 int digital_in_send_iso15693_inv_req(struct nfc_digital_dev *ddev, u8 rf_tech)
888 {
889 	struct digital_iso15693_inv_req *req;
890 	struct sk_buff *skb;
891 	int rc;
892 
893 	rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_RF_TECH,
894 				     NFC_DIGITAL_RF_TECH_ISO15693);
895 	if (rc)
896 		return rc;
897 
898 	rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
899 				     NFC_DIGITAL_FRAMING_ISO15693_INVENTORY);
900 	if (rc)
901 		return rc;
902 
903 	skb = digital_skb_alloc(ddev, sizeof(*req));
904 	if (!skb)
905 		return -ENOMEM;
906 
907 	skb_put(skb, sizeof(*req) - sizeof(req->mask)); /* No mask */
908 	req = (struct digital_iso15693_inv_req *)skb->data;
909 
910 	/* Single sub-carrier, high data rate, no AFI, single slot
911 	 * Inventory command
912 	 */
913 	req->flags = DIGITAL_ISO15693_REQ_FLAG_DATA_RATE |
914 		     DIGITAL_ISO15693_REQ_FLAG_INVENTORY |
915 		     DIGITAL_ISO15693_REQ_FLAG_NB_SLOTS;
916 	req->cmd = DIGITAL_CMD_ISO15693_INVENTORY_REQ;
917 	req->mask_len = 0;
918 
919 	rc = digital_in_send_cmd(ddev, skb, 30,
920 				 digital_in_recv_iso15693_inv_res, NULL);
921 	if (rc)
922 		kfree_skb(skb);
923 
924 	return rc;
925 }
926 
927 static int digital_tg_send_sel_res(struct nfc_digital_dev *ddev)
928 {
929 	struct sk_buff *skb;
930 	int rc;
931 
932 	skb = digital_skb_alloc(ddev, 1);
933 	if (!skb)
934 		return -ENOMEM;
935 
936 	skb_put_u8(skb, DIGITAL_SEL_RES_NFC_DEP);
937 
938 	if (!DIGITAL_DRV_CAPS_TG_CRC(ddev))
939 		digital_skb_add_crc_a(skb);
940 
941 	rc = digital_tg_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
942 				     NFC_DIGITAL_FRAMING_NFCA_ANTICOL_COMPLETE);
943 	if (rc) {
944 		kfree_skb(skb);
945 		return rc;
946 	}
947 
948 	rc = digital_tg_send_cmd(ddev, skb, 300, digital_tg_recv_atr_req,
949 				 NULL);
950 	if (rc)
951 		kfree_skb(skb);
952 
953 	return rc;
954 }
955 
956 static void digital_tg_recv_sel_req(struct nfc_digital_dev *ddev, void *arg,
957 				    struct sk_buff *resp)
958 {
959 	int rc;
960 
961 	if (IS_ERR(resp)) {
962 		rc = PTR_ERR(resp);
963 		resp = NULL;
964 		goto exit;
965 	}
966 
967 	if (!DIGITAL_DRV_CAPS_TG_CRC(ddev)) {
968 		rc = digital_skb_check_crc_a(resp);
969 		if (rc) {
970 			PROTOCOL_ERR("4.4.1.3");
971 			goto exit;
972 		}
973 	}
974 
975 	/* Silently ignore SEL_REQ content and send a SEL_RES for NFC-DEP */
976 
977 	rc = digital_tg_send_sel_res(ddev);
978 
979 exit:
980 	if (rc)
981 		digital_poll_next_tech(ddev);
982 
983 	dev_kfree_skb(resp);
984 }
985 
986 static int digital_tg_send_sdd_res(struct nfc_digital_dev *ddev)
987 {
988 	struct sk_buff *skb;
989 	struct digital_sdd_res *sdd_res;
990 	int rc, i;
991 
992 	skb = digital_skb_alloc(ddev, sizeof(struct digital_sdd_res));
993 	if (!skb)
994 		return -ENOMEM;
995 
996 	skb_put(skb, sizeof(struct digital_sdd_res));
997 	sdd_res = (struct digital_sdd_res *)skb->data;
998 
999 	sdd_res->nfcid1[0] = 0x08;
1000 	get_random_bytes(sdd_res->nfcid1 + 1, 3);
1001 
1002 	sdd_res->bcc = 0;
1003 	for (i = 0; i < 4; i++)
1004 		sdd_res->bcc ^= sdd_res->nfcid1[i];
1005 
1006 	rc = digital_tg_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
1007 				NFC_DIGITAL_FRAMING_NFCA_STANDARD_WITH_CRC_A);
1008 	if (rc) {
1009 		kfree_skb(skb);
1010 		return rc;
1011 	}
1012 
1013 	rc = digital_tg_send_cmd(ddev, skb, 300, digital_tg_recv_sel_req,
1014 				 NULL);
1015 	if (rc)
1016 		kfree_skb(skb);
1017 
1018 	return rc;
1019 }
1020 
1021 static void digital_tg_recv_sdd_req(struct nfc_digital_dev *ddev, void *arg,
1022 				    struct sk_buff *resp)
1023 {
1024 	u8 *sdd_req;
1025 	int rc;
1026 
1027 	if (IS_ERR(resp)) {
1028 		rc = PTR_ERR(resp);
1029 		resp = NULL;
1030 		goto exit;
1031 	}
1032 
1033 	sdd_req = resp->data;
1034 
1035 	if (resp->len < 2 || sdd_req[0] != DIGITAL_CMD_SEL_REQ_CL1 ||
1036 	    sdd_req[1] != DIGITAL_SDD_REQ_SEL_PAR) {
1037 		rc = -EINVAL;
1038 		goto exit;
1039 	}
1040 
1041 	rc = digital_tg_send_sdd_res(ddev);
1042 
1043 exit:
1044 	if (rc)
1045 		digital_poll_next_tech(ddev);
1046 
1047 	dev_kfree_skb(resp);
1048 }
1049 
1050 static int digital_tg_send_sens_res(struct nfc_digital_dev *ddev)
1051 {
1052 	struct sk_buff *skb;
1053 	u8 *sens_res;
1054 	int rc;
1055 
1056 	skb = digital_skb_alloc(ddev, 2);
1057 	if (!skb)
1058 		return -ENOMEM;
1059 
1060 	sens_res = skb_put(skb, 2);
1061 
1062 	sens_res[0] = (DIGITAL_SENS_RES_NFC_DEP >> 8) & 0xFF;
1063 	sens_res[1] = DIGITAL_SENS_RES_NFC_DEP & 0xFF;
1064 
1065 	rc = digital_tg_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
1066 				     NFC_DIGITAL_FRAMING_NFCA_STANDARD);
1067 	if (rc) {
1068 		kfree_skb(skb);
1069 		return rc;
1070 	}
1071 
1072 	rc = digital_tg_send_cmd(ddev, skb, 300, digital_tg_recv_sdd_req,
1073 				 NULL);
1074 	if (rc)
1075 		kfree_skb(skb);
1076 
1077 	return rc;
1078 }
1079 
1080 void digital_tg_recv_sens_req(struct nfc_digital_dev *ddev, void *arg,
1081 			      struct sk_buff *resp)
1082 {
1083 	u8 sens_req;
1084 	int rc;
1085 
1086 	if (IS_ERR(resp)) {
1087 		rc = PTR_ERR(resp);
1088 		resp = NULL;
1089 		goto exit;
1090 	}
1091 
1092 	sens_req = resp->data[0];
1093 
1094 	if (!resp->len || (sens_req != DIGITAL_CMD_SENS_REQ &&
1095 	    sens_req != DIGITAL_CMD_ALL_REQ)) {
1096 		rc = -EINVAL;
1097 		goto exit;
1098 	}
1099 
1100 	rc = digital_tg_send_sens_res(ddev);
1101 
1102 exit:
1103 	if (rc)
1104 		digital_poll_next_tech(ddev);
1105 
1106 	dev_kfree_skb(resp);
1107 }
1108 
1109 static void digital_tg_recv_atr_or_sensf_req(struct nfc_digital_dev *ddev,
1110 		void *arg, struct sk_buff *resp)
1111 {
1112 	if (!IS_ERR(resp) && (resp->len >= 2) &&
1113 			(resp->data[1] == DIGITAL_CMD_SENSF_REQ))
1114 		digital_tg_recv_sensf_req(ddev, arg, resp);
1115 	else
1116 		digital_tg_recv_atr_req(ddev, arg, resp);
1117 
1118 	return;
1119 }
1120 
1121 static int digital_tg_send_sensf_res(struct nfc_digital_dev *ddev,
1122 			      struct digital_sensf_req *sensf_req)
1123 {
1124 	struct sk_buff *skb;
1125 	u8 size;
1126 	int rc;
1127 	struct digital_sensf_res *sensf_res;
1128 
1129 	size = sizeof(struct digital_sensf_res);
1130 
1131 	if (sensf_req->rc == DIGITAL_SENSF_REQ_RC_NONE)
1132 		size -= sizeof(sensf_res->rd);
1133 
1134 	skb = digital_skb_alloc(ddev, size);
1135 	if (!skb)
1136 		return -ENOMEM;
1137 
1138 	skb_put(skb, size);
1139 
1140 	sensf_res = (struct digital_sensf_res *)skb->data;
1141 
1142 	memset(sensf_res, 0, size);
1143 
1144 	sensf_res->cmd = DIGITAL_CMD_SENSF_RES;
1145 	sensf_res->nfcid2[0] = DIGITAL_SENSF_NFCID2_NFC_DEP_B1;
1146 	sensf_res->nfcid2[1] = DIGITAL_SENSF_NFCID2_NFC_DEP_B2;
1147 	get_random_bytes(&sensf_res->nfcid2[2], 6);
1148 
1149 	switch (sensf_req->rc) {
1150 	case DIGITAL_SENSF_REQ_RC_SC:
1151 		sensf_res->rd[0] = sensf_req->sc1;
1152 		sensf_res->rd[1] = sensf_req->sc2;
1153 		break;
1154 	case DIGITAL_SENSF_REQ_RC_AP:
1155 		sensf_res->rd[0] = DIGITAL_SENSF_RES_RD_AP_B1;
1156 		sensf_res->rd[1] = DIGITAL_SENSF_RES_RD_AP_B2;
1157 		break;
1158 	}
1159 
1160 	*(u8 *)skb_push(skb, sizeof(u8)) = size + 1;
1161 
1162 	if (!DIGITAL_DRV_CAPS_TG_CRC(ddev))
1163 		digital_skb_add_crc_f(skb);
1164 
1165 	rc = digital_tg_send_cmd(ddev, skb, 300,
1166 				 digital_tg_recv_atr_or_sensf_req, NULL);
1167 	if (rc)
1168 		kfree_skb(skb);
1169 
1170 	return rc;
1171 }
1172 
1173 void digital_tg_recv_sensf_req(struct nfc_digital_dev *ddev, void *arg,
1174 			       struct sk_buff *resp)
1175 {
1176 	struct digital_sensf_req *sensf_req;
1177 	int rc;
1178 
1179 	if (IS_ERR(resp)) {
1180 		rc = PTR_ERR(resp);
1181 		resp = NULL;
1182 		goto exit;
1183 	}
1184 
1185 	if (!DIGITAL_DRV_CAPS_TG_CRC(ddev)) {
1186 		rc = digital_skb_check_crc_f(resp);
1187 		if (rc) {
1188 			PROTOCOL_ERR("6.4.1.8");
1189 			goto exit;
1190 		}
1191 	}
1192 
1193 	if (resp->len != sizeof(struct digital_sensf_req) + 1) {
1194 		rc = -EINVAL;
1195 		goto exit;
1196 	}
1197 
1198 	skb_pull(resp, 1);
1199 	sensf_req = (struct digital_sensf_req *)resp->data;
1200 
1201 	if (sensf_req->cmd != DIGITAL_CMD_SENSF_REQ) {
1202 		rc = -EINVAL;
1203 		goto exit;
1204 	}
1205 
1206 	rc = digital_tg_send_sensf_res(ddev, sensf_req);
1207 
1208 exit:
1209 	if (rc)
1210 		digital_poll_next_tech(ddev);
1211 
1212 	dev_kfree_skb(resp);
1213 }
1214 
1215 static int digital_tg_config_nfca(struct nfc_digital_dev *ddev)
1216 {
1217 	int rc;
1218 
1219 	rc = digital_tg_configure_hw(ddev, NFC_DIGITAL_CONFIG_RF_TECH,
1220 				     NFC_DIGITAL_RF_TECH_106A);
1221 	if (rc)
1222 		return rc;
1223 
1224 	return digital_tg_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
1225 				       NFC_DIGITAL_FRAMING_NFCA_NFC_DEP);
1226 }
1227 
1228 int digital_tg_listen_nfca(struct nfc_digital_dev *ddev, u8 rf_tech)
1229 {
1230 	int rc;
1231 
1232 	rc = digital_tg_config_nfca(ddev);
1233 	if (rc)
1234 		return rc;
1235 
1236 	return digital_tg_listen(ddev, 300, digital_tg_recv_sens_req, NULL);
1237 }
1238 
1239 static int digital_tg_config_nfcf(struct nfc_digital_dev *ddev, u8 rf_tech)
1240 {
1241 	int rc;
1242 
1243 	rc = digital_tg_configure_hw(ddev, NFC_DIGITAL_CONFIG_RF_TECH, rf_tech);
1244 	if (rc)
1245 		return rc;
1246 
1247 	return digital_tg_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
1248 				       NFC_DIGITAL_FRAMING_NFCF_NFC_DEP);
1249 }
1250 
1251 int digital_tg_listen_nfcf(struct nfc_digital_dev *ddev, u8 rf_tech)
1252 {
1253 	int rc;
1254 
1255 	rc = digital_tg_config_nfcf(ddev, rf_tech);
1256 	if (rc)
1257 		return rc;
1258 
1259 	return digital_tg_listen(ddev, 300, digital_tg_recv_sensf_req, NULL);
1260 }
1261 
1262 void digital_tg_recv_md_req(struct nfc_digital_dev *ddev, void *arg,
1263 			    struct sk_buff *resp)
1264 {
1265 	u8 rf_tech;
1266 	int rc;
1267 
1268 	if (IS_ERR(resp)) {
1269 		resp = NULL;
1270 		goto exit_free_skb;
1271 	}
1272 
1273 	rc = ddev->ops->tg_get_rf_tech(ddev, &rf_tech);
1274 	if (rc)
1275 		goto exit_free_skb;
1276 
1277 	switch (rf_tech) {
1278 	case NFC_DIGITAL_RF_TECH_106A:
1279 		rc = digital_tg_config_nfca(ddev);
1280 		if (rc)
1281 			goto exit_free_skb;
1282 		digital_tg_recv_sens_req(ddev, arg, resp);
1283 		break;
1284 	case NFC_DIGITAL_RF_TECH_212F:
1285 	case NFC_DIGITAL_RF_TECH_424F:
1286 		rc = digital_tg_config_nfcf(ddev, rf_tech);
1287 		if (rc)
1288 			goto exit_free_skb;
1289 		digital_tg_recv_sensf_req(ddev, arg, resp);
1290 		break;
1291 	default:
1292 		goto exit_free_skb;
1293 	}
1294 
1295 	return;
1296 
1297 exit_free_skb:
1298 	digital_poll_next_tech(ddev);
1299 	dev_kfree_skb(resp);
1300 }
1301