1 /*
2 * HCI based Driver for NXP PN544 NFC Chip
3 *
4 * Copyright (C) 2012 Intel Corporation. All rights reserved.
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms and conditions of the GNU General Public License,
8 * version 2, as published by the Free Software Foundation.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, see <http://www.gnu.org/licenses/>.
17 */
18
19 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
20
21 #include <linux/delay.h>
22 #include <linux/slab.h>
23 #include <linux/module.h>
24
25 #include <linux/nfc.h>
26 #include <net/nfc/hci.h>
27 #include <net/nfc/llc.h>
28
29 #include "pn544.h"
30
31 /* Timing restrictions (ms) */
32 #define PN544_HCI_RESETVEN_TIME 30
33
34 enum pn544_state {
35 PN544_ST_COLD,
36 PN544_ST_FW_READY,
37 PN544_ST_READY,
38 };
39
40 #define FULL_VERSION_LEN 11
41
42 /* Proprietary commands */
43 #define PN544_WRITE 0x3f
44 #define PN544_TEST_SWP 0x21
45
46 /* Proprietary gates, events, commands and registers */
47
48 /* NFC_HCI_RF_READER_A_GATE additional registers and commands */
49 #define PN544_RF_READER_A_AUTO_ACTIVATION 0x10
50 #define PN544_RF_READER_A_CMD_CONTINUE_ACTIVATION 0x12
51 #define PN544_MIFARE_CMD 0x21
52
53 /* Commands that apply to all RF readers */
54 #define PN544_RF_READER_CMD_PRESENCE_CHECK 0x30
55 #define PN544_RF_READER_CMD_ACTIVATE_NEXT 0x32
56
57 /* NFC_HCI_ID_MGMT_GATE additional registers */
58 #define PN544_ID_MGMT_FULL_VERSION_SW 0x10
59
60 #define PN544_RF_READER_ISO15693_GATE 0x12
61
62 #define PN544_RF_READER_F_GATE 0x14
63 #define PN544_FELICA_ID 0x04
64 #define PN544_FELICA_RAW 0x20
65
66 #define PN544_RF_READER_JEWEL_GATE 0x15
67 #define PN544_JEWEL_RAW_CMD 0x23
68
69 #define PN544_RF_READER_NFCIP1_INITIATOR_GATE 0x30
70 #define PN544_RF_READER_NFCIP1_TARGET_GATE 0x31
71
72 #define PN544_SYS_MGMT_GATE 0x90
73 #define PN544_SYS_MGMT_INFO_NOTIFICATION 0x02
74
75 #define PN544_POLLING_LOOP_MGMT_GATE 0x94
76 #define PN544_DEP_MODE 0x01
77 #define PN544_DEP_ATR_REQ 0x02
78 #define PN544_DEP_ATR_RES 0x03
79 #define PN544_DEP_MERGE 0x0D
80 #define PN544_PL_RDPHASES 0x06
81 #define PN544_PL_EMULATION 0x07
82 #define PN544_PL_NFCT_DEACTIVATED 0x09
83
84 #define PN544_SWP_MGMT_GATE 0xA0
85 #define PN544_SWP_DEFAULT_MODE 0x01
86
87 #define PN544_NFC_WI_MGMT_GATE 0xA1
88 #define PN544_NFC_ESE_DEFAULT_MODE 0x01
89
90 #define PN544_HCI_EVT_SND_DATA 0x01
91 #define PN544_HCI_EVT_ACTIVATED 0x02
92 #define PN544_HCI_EVT_DEACTIVATED 0x03
93 #define PN544_HCI_EVT_RCV_DATA 0x04
94 #define PN544_HCI_EVT_CONTINUE_MI 0x05
95 #define PN544_HCI_EVT_SWITCH_MODE 0x03
96
97 #define PN544_HCI_CMD_ATTREQUEST 0x12
98 #define PN544_HCI_CMD_CONTINUE_ACTIVATION 0x13
99
100 static struct nfc_hci_gate pn544_gates[] = {
101 {NFC_HCI_ADMIN_GATE, NFC_HCI_INVALID_PIPE},
102 {NFC_HCI_LOOPBACK_GATE, NFC_HCI_INVALID_PIPE},
103 {NFC_HCI_ID_MGMT_GATE, NFC_HCI_INVALID_PIPE},
104 {NFC_HCI_LINK_MGMT_GATE, NFC_HCI_INVALID_PIPE},
105 {NFC_HCI_RF_READER_B_GATE, NFC_HCI_INVALID_PIPE},
106 {NFC_HCI_RF_READER_A_GATE, NFC_HCI_INVALID_PIPE},
107 {PN544_SYS_MGMT_GATE, NFC_HCI_INVALID_PIPE},
108 {PN544_SWP_MGMT_GATE, NFC_HCI_INVALID_PIPE},
109 {PN544_POLLING_LOOP_MGMT_GATE, NFC_HCI_INVALID_PIPE},
110 {PN544_NFC_WI_MGMT_GATE, NFC_HCI_INVALID_PIPE},
111 {PN544_RF_READER_F_GATE, NFC_HCI_INVALID_PIPE},
112 {PN544_RF_READER_JEWEL_GATE, NFC_HCI_INVALID_PIPE},
113 {PN544_RF_READER_ISO15693_GATE, NFC_HCI_INVALID_PIPE},
114 {PN544_RF_READER_NFCIP1_INITIATOR_GATE, NFC_HCI_INVALID_PIPE},
115 {PN544_RF_READER_NFCIP1_TARGET_GATE, NFC_HCI_INVALID_PIPE}
116 };
117
118 /* Largest headroom needed for outgoing custom commands */
119 #define PN544_CMDS_HEADROOM 2
120
121 struct pn544_hci_info {
122 struct nfc_phy_ops *phy_ops;
123 void *phy_id;
124
125 struct nfc_hci_dev *hdev;
126
127 enum pn544_state state;
128
129 struct mutex info_lock;
130
131 int async_cb_type;
132 data_exchange_cb_t async_cb;
133 void *async_cb_context;
134
135 fw_download_t fw_download;
136 };
137
pn544_hci_open(struct nfc_hci_dev * hdev)138 static int pn544_hci_open(struct nfc_hci_dev *hdev)
139 {
140 struct pn544_hci_info *info = nfc_hci_get_clientdata(hdev);
141 int r = 0;
142
143 mutex_lock(&info->info_lock);
144
145 if (info->state != PN544_ST_COLD) {
146 r = -EBUSY;
147 goto out;
148 }
149
150 r = info->phy_ops->enable(info->phy_id);
151
152 if (r == 0)
153 info->state = PN544_ST_READY;
154
155 out:
156 mutex_unlock(&info->info_lock);
157 return r;
158 }
159
pn544_hci_close(struct nfc_hci_dev * hdev)160 static void pn544_hci_close(struct nfc_hci_dev *hdev)
161 {
162 struct pn544_hci_info *info = nfc_hci_get_clientdata(hdev);
163
164 mutex_lock(&info->info_lock);
165
166 if (info->state == PN544_ST_COLD)
167 goto out;
168
169 info->phy_ops->disable(info->phy_id);
170
171 info->state = PN544_ST_COLD;
172
173 out:
174 mutex_unlock(&info->info_lock);
175 }
176
pn544_hci_ready(struct nfc_hci_dev * hdev)177 static int pn544_hci_ready(struct nfc_hci_dev *hdev)
178 {
179 struct sk_buff *skb;
180 static struct hw_config {
181 u8 adr[2];
182 u8 value;
183 } hw_config[] = {
184 {{0x9f, 0x9a}, 0x00},
185
186 {{0x98, 0x10}, 0xbc},
187
188 {{0x9e, 0x71}, 0x00},
189
190 {{0x98, 0x09}, 0x00},
191
192 {{0x9e, 0xb4}, 0x00},
193
194 {{0x9c, 0x01}, 0x08},
195
196 {{0x9e, 0xaa}, 0x01},
197
198 {{0x9b, 0xd1}, 0x17},
199 {{0x9b, 0xd2}, 0x58},
200 {{0x9b, 0xd3}, 0x10},
201 {{0x9b, 0xd4}, 0x47},
202 {{0x9b, 0xd5}, 0x0c},
203 {{0x9b, 0xd6}, 0x37},
204 {{0x9b, 0xdd}, 0x33},
205
206 {{0x9b, 0x84}, 0x00},
207 {{0x99, 0x81}, 0x79},
208 {{0x99, 0x31}, 0x79},
209
210 {{0x98, 0x00}, 0x3f},
211
212 {{0x9f, 0x09}, 0x02},
213
214 {{0x9f, 0x0a}, 0x05},
215
216 {{0x9e, 0xd1}, 0xa1},
217 {{0x99, 0x23}, 0x01},
218
219 {{0x9e, 0x74}, 0x00},
220 {{0x9e, 0x90}, 0x00},
221 {{0x9f, 0x28}, 0x10},
222
223 {{0x9f, 0x35}, 0x04},
224
225 {{0x9f, 0x36}, 0x11},
226
227 {{0x9c, 0x31}, 0x00},
228
229 {{0x9c, 0x32}, 0x00},
230
231 {{0x9c, 0x19}, 0x0a},
232
233 {{0x9c, 0x1a}, 0x0a},
234
235 {{0x9c, 0x0c}, 0x00},
236
237 {{0x9c, 0x0d}, 0x00},
238
239 {{0x9c, 0x12}, 0x00},
240
241 {{0x9c, 0x13}, 0x00},
242
243 {{0x98, 0xa2}, 0x09},
244
245 {{0x98, 0x93}, 0x00},
246
247 {{0x98, 0x7d}, 0x08},
248 {{0x98, 0x7e}, 0x00},
249 {{0x9f, 0xc8}, 0x00},
250 };
251 struct hw_config *p = hw_config;
252 int count = ARRAY_SIZE(hw_config);
253 struct sk_buff *res_skb;
254 u8 param[4];
255 int r;
256
257 param[0] = 0;
258 while (count--) {
259 param[1] = p->adr[0];
260 param[2] = p->adr[1];
261 param[3] = p->value;
262
263 r = nfc_hci_send_cmd(hdev, PN544_SYS_MGMT_GATE, PN544_WRITE,
264 param, 4, &res_skb);
265 if (r < 0)
266 return r;
267
268 if (res_skb->len != 1) {
269 kfree_skb(res_skb);
270 return -EPROTO;
271 }
272
273 if (res_skb->data[0] != p->value) {
274 kfree_skb(res_skb);
275 return -EIO;
276 }
277
278 kfree_skb(res_skb);
279
280 p++;
281 }
282
283 param[0] = NFC_HCI_UICC_HOST_ID;
284 r = nfc_hci_set_param(hdev, NFC_HCI_ADMIN_GATE,
285 NFC_HCI_ADMIN_WHITELIST, param, 1);
286 if (r < 0)
287 return r;
288
289 param[0] = 0x3d;
290 r = nfc_hci_set_param(hdev, PN544_SYS_MGMT_GATE,
291 PN544_SYS_MGMT_INFO_NOTIFICATION, param, 1);
292 if (r < 0)
293 return r;
294
295 param[0] = 0x0;
296 r = nfc_hci_set_param(hdev, NFC_HCI_RF_READER_A_GATE,
297 PN544_RF_READER_A_AUTO_ACTIVATION, param, 1);
298 if (r < 0)
299 return r;
300
301 r = nfc_hci_send_event(hdev, NFC_HCI_RF_READER_A_GATE,
302 NFC_HCI_EVT_END_OPERATION, NULL, 0);
303 if (r < 0)
304 return r;
305
306 param[0] = 0x1;
307 r = nfc_hci_set_param(hdev, PN544_POLLING_LOOP_MGMT_GATE,
308 PN544_PL_NFCT_DEACTIVATED, param, 1);
309 if (r < 0)
310 return r;
311
312 param[0] = 0x0;
313 r = nfc_hci_set_param(hdev, PN544_POLLING_LOOP_MGMT_GATE,
314 PN544_PL_RDPHASES, param, 1);
315 if (r < 0)
316 return r;
317
318 r = nfc_hci_get_param(hdev, NFC_HCI_ID_MGMT_GATE,
319 PN544_ID_MGMT_FULL_VERSION_SW, &skb);
320 if (r < 0)
321 return r;
322
323 if (skb->len != FULL_VERSION_LEN) {
324 kfree_skb(skb);
325 return -EINVAL;
326 }
327
328 print_hex_dump(KERN_DEBUG, "FULL VERSION SOFTWARE INFO: ",
329 DUMP_PREFIX_NONE, 16, 1,
330 skb->data, FULL_VERSION_LEN, false);
331
332 kfree_skb(skb);
333
334 return 0;
335 }
336
pn544_hci_xmit(struct nfc_hci_dev * hdev,struct sk_buff * skb)337 static int pn544_hci_xmit(struct nfc_hci_dev *hdev, struct sk_buff *skb)
338 {
339 struct pn544_hci_info *info = nfc_hci_get_clientdata(hdev);
340
341 return info->phy_ops->write(info->phy_id, skb);
342 }
343
pn544_hci_start_poll(struct nfc_hci_dev * hdev,u32 im_protocols,u32 tm_protocols)344 static int pn544_hci_start_poll(struct nfc_hci_dev *hdev,
345 u32 im_protocols, u32 tm_protocols)
346 {
347 u8 phases = 0;
348 int r;
349 u8 duration[2];
350 u8 activated;
351 u8 i_mode = 0x3f; /* Enable all supported modes */
352 u8 t_mode = 0x0f;
353 u8 t_merge = 0x01; /* Enable merge by default */
354
355 pr_info(DRIVER_DESC ": %s protocols 0x%x 0x%x\n",
356 __func__, im_protocols, tm_protocols);
357
358 r = nfc_hci_send_event(hdev, NFC_HCI_RF_READER_A_GATE,
359 NFC_HCI_EVT_END_OPERATION, NULL, 0);
360 if (r < 0)
361 return r;
362
363 duration[0] = 0x18;
364 duration[1] = 0x6a;
365 r = nfc_hci_set_param(hdev, PN544_POLLING_LOOP_MGMT_GATE,
366 PN544_PL_EMULATION, duration, 2);
367 if (r < 0)
368 return r;
369
370 activated = 0;
371 r = nfc_hci_set_param(hdev, PN544_POLLING_LOOP_MGMT_GATE,
372 PN544_PL_NFCT_DEACTIVATED, &activated, 1);
373 if (r < 0)
374 return r;
375
376 if (im_protocols & (NFC_PROTO_ISO14443_MASK | NFC_PROTO_MIFARE_MASK |
377 NFC_PROTO_JEWEL_MASK))
378 phases |= 1; /* Type A */
379 if (im_protocols & NFC_PROTO_FELICA_MASK) {
380 phases |= (1 << 2); /* Type F 212 */
381 phases |= (1 << 3); /* Type F 424 */
382 }
383
384 phases |= (1 << 5); /* NFC active */
385
386 r = nfc_hci_set_param(hdev, PN544_POLLING_LOOP_MGMT_GATE,
387 PN544_PL_RDPHASES, &phases, 1);
388 if (r < 0)
389 return r;
390
391 if ((im_protocols | tm_protocols) & NFC_PROTO_NFC_DEP_MASK) {
392 hdev->gb = nfc_get_local_general_bytes(hdev->ndev,
393 &hdev->gb_len);
394 pr_debug("generate local bytes %p\n", hdev->gb);
395 if (hdev->gb == NULL || hdev->gb_len == 0) {
396 im_protocols &= ~NFC_PROTO_NFC_DEP_MASK;
397 tm_protocols &= ~NFC_PROTO_NFC_DEP_MASK;
398 }
399 }
400
401 if (im_protocols & NFC_PROTO_NFC_DEP_MASK) {
402 r = nfc_hci_send_event(hdev,
403 PN544_RF_READER_NFCIP1_INITIATOR_GATE,
404 NFC_HCI_EVT_END_OPERATION, NULL, 0);
405 if (r < 0)
406 return r;
407
408 r = nfc_hci_set_param(hdev,
409 PN544_RF_READER_NFCIP1_INITIATOR_GATE,
410 PN544_DEP_MODE, &i_mode, 1);
411 if (r < 0)
412 return r;
413
414 r = nfc_hci_set_param(hdev,
415 PN544_RF_READER_NFCIP1_INITIATOR_GATE,
416 PN544_DEP_ATR_REQ, hdev->gb, hdev->gb_len);
417 if (r < 0)
418 return r;
419
420 r = nfc_hci_send_event(hdev,
421 PN544_RF_READER_NFCIP1_INITIATOR_GATE,
422 NFC_HCI_EVT_READER_REQUESTED, NULL, 0);
423 if (r < 0)
424 nfc_hci_send_event(hdev,
425 PN544_RF_READER_NFCIP1_INITIATOR_GATE,
426 NFC_HCI_EVT_END_OPERATION, NULL, 0);
427 }
428
429 if (tm_protocols & NFC_PROTO_NFC_DEP_MASK) {
430 r = nfc_hci_set_param(hdev, PN544_RF_READER_NFCIP1_TARGET_GATE,
431 PN544_DEP_MODE, &t_mode, 1);
432 if (r < 0)
433 return r;
434
435 r = nfc_hci_set_param(hdev, PN544_RF_READER_NFCIP1_TARGET_GATE,
436 PN544_DEP_ATR_RES, hdev->gb, hdev->gb_len);
437 if (r < 0)
438 return r;
439
440 r = nfc_hci_set_param(hdev, PN544_RF_READER_NFCIP1_TARGET_GATE,
441 PN544_DEP_MERGE, &t_merge, 1);
442 if (r < 0)
443 return r;
444 }
445
446 r = nfc_hci_send_event(hdev, NFC_HCI_RF_READER_A_GATE,
447 NFC_HCI_EVT_READER_REQUESTED, NULL, 0);
448 if (r < 0)
449 nfc_hci_send_event(hdev, NFC_HCI_RF_READER_A_GATE,
450 NFC_HCI_EVT_END_OPERATION, NULL, 0);
451
452 return r;
453 }
454
pn544_hci_dep_link_up(struct nfc_hci_dev * hdev,struct nfc_target * target,u8 comm_mode,u8 * gb,size_t gb_len)455 static int pn544_hci_dep_link_up(struct nfc_hci_dev *hdev,
456 struct nfc_target *target, u8 comm_mode,
457 u8 *gb, size_t gb_len)
458 {
459 struct sk_buff *rgb_skb = NULL;
460 int r;
461
462 r = nfc_hci_get_param(hdev, target->hci_reader_gate,
463 PN544_DEP_ATR_RES, &rgb_skb);
464 if (r < 0)
465 return r;
466
467 if (rgb_skb->len == 0 || rgb_skb->len > NFC_GB_MAXSIZE) {
468 r = -EPROTO;
469 goto exit;
470 }
471 print_hex_dump(KERN_DEBUG, "remote gb: ", DUMP_PREFIX_OFFSET,
472 16, 1, rgb_skb->data, rgb_skb->len, true);
473
474 r = nfc_set_remote_general_bytes(hdev->ndev, rgb_skb->data,
475 rgb_skb->len);
476
477 if (r == 0)
478 r = nfc_dep_link_is_up(hdev->ndev, target->idx, comm_mode,
479 NFC_RF_INITIATOR);
480 exit:
481 kfree_skb(rgb_skb);
482 return r;
483 }
484
pn544_hci_dep_link_down(struct nfc_hci_dev * hdev)485 static int pn544_hci_dep_link_down(struct nfc_hci_dev *hdev)
486 {
487
488 return nfc_hci_send_event(hdev, PN544_RF_READER_NFCIP1_INITIATOR_GATE,
489 NFC_HCI_EVT_END_OPERATION, NULL, 0);
490 }
491
pn544_hci_target_from_gate(struct nfc_hci_dev * hdev,u8 gate,struct nfc_target * target)492 static int pn544_hci_target_from_gate(struct nfc_hci_dev *hdev, u8 gate,
493 struct nfc_target *target)
494 {
495 switch (gate) {
496 case PN544_RF_READER_F_GATE:
497 target->supported_protocols = NFC_PROTO_FELICA_MASK;
498 break;
499 case PN544_RF_READER_JEWEL_GATE:
500 target->supported_protocols = NFC_PROTO_JEWEL_MASK;
501 target->sens_res = 0x0c00;
502 break;
503 case PN544_RF_READER_NFCIP1_INITIATOR_GATE:
504 target->supported_protocols = NFC_PROTO_NFC_DEP_MASK;
505 break;
506 default:
507 return -EPROTO;
508 }
509
510 return 0;
511 }
512
pn544_hci_complete_target_discovered(struct nfc_hci_dev * hdev,u8 gate,struct nfc_target * target)513 static int pn544_hci_complete_target_discovered(struct nfc_hci_dev *hdev,
514 u8 gate,
515 struct nfc_target *target)
516 {
517 struct sk_buff *uid_skb;
518 int r = 0;
519
520 if (gate == PN544_RF_READER_NFCIP1_INITIATOR_GATE)
521 return r;
522
523 if (target->supported_protocols & NFC_PROTO_NFC_DEP_MASK) {
524 r = nfc_hci_send_cmd(hdev,
525 PN544_RF_READER_NFCIP1_INITIATOR_GATE,
526 PN544_HCI_CMD_CONTINUE_ACTIVATION, NULL, 0, NULL);
527 if (r < 0)
528 return r;
529
530 target->hci_reader_gate = PN544_RF_READER_NFCIP1_INITIATOR_GATE;
531 } else if (target->supported_protocols & NFC_PROTO_MIFARE_MASK) {
532 if (target->nfcid1_len != 4 && target->nfcid1_len != 7 &&
533 target->nfcid1_len != 10)
534 return -EPROTO;
535
536 r = nfc_hci_send_cmd(hdev, NFC_HCI_RF_READER_A_GATE,
537 PN544_RF_READER_CMD_ACTIVATE_NEXT,
538 target->nfcid1, target->nfcid1_len, NULL);
539 } else if (target->supported_protocols & NFC_PROTO_FELICA_MASK) {
540 r = nfc_hci_get_param(hdev, PN544_RF_READER_F_GATE,
541 PN544_FELICA_ID, &uid_skb);
542 if (r < 0)
543 return r;
544
545 if (uid_skb->len != 8) {
546 kfree_skb(uid_skb);
547 return -EPROTO;
548 }
549
550 /* Type F NFC-DEP IDm has prefix 0x01FE */
551 if ((uid_skb->data[0] == 0x01) && (uid_skb->data[1] == 0xfe)) {
552 kfree_skb(uid_skb);
553 r = nfc_hci_send_cmd(hdev,
554 PN544_RF_READER_NFCIP1_INITIATOR_GATE,
555 PN544_HCI_CMD_CONTINUE_ACTIVATION,
556 NULL, 0, NULL);
557 if (r < 0)
558 return r;
559
560 target->supported_protocols = NFC_PROTO_NFC_DEP_MASK;
561 target->hci_reader_gate =
562 PN544_RF_READER_NFCIP1_INITIATOR_GATE;
563 } else {
564 r = nfc_hci_send_cmd(hdev, PN544_RF_READER_F_GATE,
565 PN544_RF_READER_CMD_ACTIVATE_NEXT,
566 uid_skb->data, uid_skb->len, NULL);
567 kfree_skb(uid_skb);
568 }
569 } else if (target->supported_protocols & NFC_PROTO_ISO14443_MASK) {
570 /*
571 * TODO: maybe other ISO 14443 require some kind of continue
572 * activation, but for now we've seen only this one below.
573 */
574 if (target->sens_res == 0x4403) /* Type 4 Mifare DESFire */
575 r = nfc_hci_send_cmd(hdev, NFC_HCI_RF_READER_A_GATE,
576 PN544_RF_READER_A_CMD_CONTINUE_ACTIVATION,
577 NULL, 0, NULL);
578 }
579
580 return r;
581 }
582
583 #define PN544_CB_TYPE_READER_F 1
584
pn544_hci_data_exchange_cb(void * context,struct sk_buff * skb,int err)585 static void pn544_hci_data_exchange_cb(void *context, struct sk_buff *skb,
586 int err)
587 {
588 struct pn544_hci_info *info = context;
589
590 switch (info->async_cb_type) {
591 case PN544_CB_TYPE_READER_F:
592 if (err == 0)
593 skb_pull(skb, 1);
594 info->async_cb(info->async_cb_context, skb, err);
595 break;
596 default:
597 if (err == 0)
598 kfree_skb(skb);
599 break;
600 }
601 }
602
603 #define MIFARE_CMD_AUTH_KEY_A 0x60
604 #define MIFARE_CMD_AUTH_KEY_B 0x61
605 #define MIFARE_CMD_HEADER 2
606 #define MIFARE_UID_LEN 4
607 #define MIFARE_KEY_LEN 6
608 #define MIFARE_CMD_LEN 12
609 /*
610 * Returns:
611 * <= 0: driver handled the data exchange
612 * 1: driver doesn't especially handle, please do standard processing
613 */
pn544_hci_im_transceive(struct nfc_hci_dev * hdev,struct nfc_target * target,struct sk_buff * skb,data_exchange_cb_t cb,void * cb_context)614 static int pn544_hci_im_transceive(struct nfc_hci_dev *hdev,
615 struct nfc_target *target,
616 struct sk_buff *skb, data_exchange_cb_t cb,
617 void *cb_context)
618 {
619 struct pn544_hci_info *info = nfc_hci_get_clientdata(hdev);
620
621 pr_info(DRIVER_DESC ": %s for gate=%d\n", __func__,
622 target->hci_reader_gate);
623
624 switch (target->hci_reader_gate) {
625 case NFC_HCI_RF_READER_A_GATE:
626 if (target->supported_protocols & NFC_PROTO_MIFARE_MASK) {
627 /*
628 * It seems that pn544 is inverting key and UID for
629 * MIFARE authentication commands.
630 */
631 if (skb->len == MIFARE_CMD_LEN &&
632 (skb->data[0] == MIFARE_CMD_AUTH_KEY_A ||
633 skb->data[0] == MIFARE_CMD_AUTH_KEY_B)) {
634 u8 uid[MIFARE_UID_LEN];
635 u8 *data = skb->data + MIFARE_CMD_HEADER;
636
637 memcpy(uid, data + MIFARE_KEY_LEN,
638 MIFARE_UID_LEN);
639 memmove(data + MIFARE_UID_LEN, data,
640 MIFARE_KEY_LEN);
641 memcpy(data, uid, MIFARE_UID_LEN);
642 }
643
644 return nfc_hci_send_cmd_async(hdev,
645 target->hci_reader_gate,
646 PN544_MIFARE_CMD,
647 skb->data, skb->len,
648 cb, cb_context);
649 } else
650 return 1;
651 case PN544_RF_READER_F_GATE:
652 *(u8 *)skb_push(skb, 1) = 0;
653 *(u8 *)skb_push(skb, 1) = 0;
654
655 info->async_cb_type = PN544_CB_TYPE_READER_F;
656 info->async_cb = cb;
657 info->async_cb_context = cb_context;
658
659 return nfc_hci_send_cmd_async(hdev, target->hci_reader_gate,
660 PN544_FELICA_RAW, skb->data,
661 skb->len,
662 pn544_hci_data_exchange_cb, info);
663 case PN544_RF_READER_JEWEL_GATE:
664 return nfc_hci_send_cmd_async(hdev, target->hci_reader_gate,
665 PN544_JEWEL_RAW_CMD, skb->data,
666 skb->len, cb, cb_context);
667 case PN544_RF_READER_NFCIP1_INITIATOR_GATE:
668 *(u8 *)skb_push(skb, 1) = 0;
669
670 return nfc_hci_send_event(hdev, target->hci_reader_gate,
671 PN544_HCI_EVT_SND_DATA, skb->data,
672 skb->len);
673 default:
674 return 1;
675 }
676 }
677
pn544_hci_tm_send(struct nfc_hci_dev * hdev,struct sk_buff * skb)678 static int pn544_hci_tm_send(struct nfc_hci_dev *hdev, struct sk_buff *skb)
679 {
680 int r;
681
682 /* Set default false for multiple information chaining */
683 *(u8 *)skb_push(skb, 1) = 0;
684
685 r = nfc_hci_send_event(hdev, PN544_RF_READER_NFCIP1_TARGET_GATE,
686 PN544_HCI_EVT_SND_DATA, skb->data, skb->len);
687
688 kfree_skb(skb);
689
690 return r;
691 }
692
pn544_hci_check_presence(struct nfc_hci_dev * hdev,struct nfc_target * target)693 static int pn544_hci_check_presence(struct nfc_hci_dev *hdev,
694 struct nfc_target *target)
695 {
696 pr_debug("supported protocol %d\b", target->supported_protocols);
697 if (target->supported_protocols & (NFC_PROTO_ISO14443_MASK |
698 NFC_PROTO_ISO14443_B_MASK)) {
699 return nfc_hci_send_cmd(hdev, target->hci_reader_gate,
700 PN544_RF_READER_CMD_PRESENCE_CHECK,
701 NULL, 0, NULL);
702 } else if (target->supported_protocols & NFC_PROTO_MIFARE_MASK) {
703 if (target->nfcid1_len != 4 && target->nfcid1_len != 7 &&
704 target->nfcid1_len != 10)
705 return -EOPNOTSUPP;
706
707 return nfc_hci_send_cmd(hdev, NFC_HCI_RF_READER_A_GATE,
708 PN544_RF_READER_CMD_ACTIVATE_NEXT,
709 target->nfcid1, target->nfcid1_len, NULL);
710 } else if (target->supported_protocols & (NFC_PROTO_JEWEL_MASK |
711 NFC_PROTO_FELICA_MASK)) {
712 return -EOPNOTSUPP;
713 } else if (target->supported_protocols & NFC_PROTO_NFC_DEP_MASK) {
714 return nfc_hci_send_cmd(hdev, target->hci_reader_gate,
715 PN544_HCI_CMD_ATTREQUEST,
716 NULL, 0, NULL);
717 }
718
719 return 0;
720 }
721
722 /*
723 * Returns:
724 * <= 0: driver handled the event, skb consumed
725 * 1: driver does not handle the event, please do standard processing
726 */
pn544_hci_event_received(struct nfc_hci_dev * hdev,u8 pipe,u8 event,struct sk_buff * skb)727 static int pn544_hci_event_received(struct nfc_hci_dev *hdev, u8 pipe, u8 event,
728 struct sk_buff *skb)
729 {
730 struct sk_buff *rgb_skb = NULL;
731 u8 gate = hdev->pipes[pipe].gate;
732 int r;
733
734 pr_debug("hci event %d\n", event);
735 switch (event) {
736 case PN544_HCI_EVT_ACTIVATED:
737 if (gate == PN544_RF_READER_NFCIP1_INITIATOR_GATE) {
738 r = nfc_hci_target_discovered(hdev, gate);
739 } else if (gate == PN544_RF_READER_NFCIP1_TARGET_GATE) {
740 r = nfc_hci_get_param(hdev, gate, PN544_DEP_ATR_REQ,
741 &rgb_skb);
742 if (r < 0)
743 goto exit;
744
745 r = nfc_tm_activated(hdev->ndev, NFC_PROTO_NFC_DEP_MASK,
746 NFC_COMM_PASSIVE, rgb_skb->data,
747 rgb_skb->len);
748
749 kfree_skb(rgb_skb);
750 } else {
751 r = -EINVAL;
752 }
753 break;
754 case PN544_HCI_EVT_DEACTIVATED:
755 r = nfc_hci_send_event(hdev, gate, NFC_HCI_EVT_END_OPERATION,
756 NULL, 0);
757 break;
758 case PN544_HCI_EVT_RCV_DATA:
759 if (skb->len < 2) {
760 r = -EPROTO;
761 goto exit;
762 }
763
764 if (skb->data[0] != 0) {
765 pr_debug("data0 %d\n", skb->data[0]);
766 r = -EPROTO;
767 goto exit;
768 }
769
770 skb_pull(skb, 2);
771 return nfc_tm_data_received(hdev->ndev, skb);
772 default:
773 return 1;
774 }
775
776 exit:
777 kfree_skb(skb);
778
779 return r;
780 }
781
pn544_hci_fw_download(struct nfc_hci_dev * hdev,const char * firmware_name)782 static int pn544_hci_fw_download(struct nfc_hci_dev *hdev,
783 const char *firmware_name)
784 {
785 struct pn544_hci_info *info = nfc_hci_get_clientdata(hdev);
786
787 if (info->fw_download == NULL)
788 return -ENOTSUPP;
789
790 return info->fw_download(info->phy_id, firmware_name, hdev->sw_romlib);
791 }
792
pn544_hci_discover_se(struct nfc_hci_dev * hdev)793 static int pn544_hci_discover_se(struct nfc_hci_dev *hdev)
794 {
795 u32 se_idx = 0;
796 u8 ese_mode = 0x01; /* Default mode */
797 struct sk_buff *res_skb;
798 int r;
799
800 r = nfc_hci_send_cmd(hdev, PN544_SYS_MGMT_GATE, PN544_TEST_SWP,
801 NULL, 0, &res_skb);
802
803 if (r == 0) {
804 if (res_skb->len == 2 && res_skb->data[0] == 0x00)
805 nfc_add_se(hdev->ndev, se_idx++, NFC_SE_UICC);
806
807 kfree_skb(res_skb);
808 }
809
810 r = nfc_hci_send_event(hdev, PN544_NFC_WI_MGMT_GATE,
811 PN544_HCI_EVT_SWITCH_MODE,
812 &ese_mode, 1);
813 if (r == 0)
814 nfc_add_se(hdev->ndev, se_idx++, NFC_SE_EMBEDDED);
815
816 return !se_idx;
817 }
818
819 #define PN544_SE_MODE_OFF 0x00
820 #define PN544_SE_MODE_ON 0x01
pn544_hci_enable_se(struct nfc_hci_dev * hdev,u32 se_idx)821 static int pn544_hci_enable_se(struct nfc_hci_dev *hdev, u32 se_idx)
822 {
823 struct nfc_se *se;
824 u8 enable = PN544_SE_MODE_ON;
825 static struct uicc_gatelist {
826 u8 head;
827 u8 adr[2];
828 u8 value;
829 } uicc_gatelist[] = {
830 {0x00, {0x9e, 0xd9}, 0x23},
831 {0x00, {0x9e, 0xda}, 0x21},
832 {0x00, {0x9e, 0xdb}, 0x22},
833 {0x00, {0x9e, 0xdc}, 0x24},
834 };
835 struct uicc_gatelist *p = uicc_gatelist;
836 int count = ARRAY_SIZE(uicc_gatelist);
837 struct sk_buff *res_skb;
838 int r;
839
840 se = nfc_find_se(hdev->ndev, se_idx);
841
842 switch (se->type) {
843 case NFC_SE_UICC:
844 while (count--) {
845 r = nfc_hci_send_cmd(hdev, PN544_SYS_MGMT_GATE,
846 PN544_WRITE, (u8 *)p, 4, &res_skb);
847 if (r < 0)
848 return r;
849
850 if (res_skb->len != 1) {
851 kfree_skb(res_skb);
852 return -EPROTO;
853 }
854
855 if (res_skb->data[0] != p->value) {
856 kfree_skb(res_skb);
857 return -EIO;
858 }
859
860 kfree_skb(res_skb);
861
862 p++;
863 }
864
865 return nfc_hci_set_param(hdev, PN544_SWP_MGMT_GATE,
866 PN544_SWP_DEFAULT_MODE, &enable, 1);
867 case NFC_SE_EMBEDDED:
868 return nfc_hci_set_param(hdev, PN544_NFC_WI_MGMT_GATE,
869 PN544_NFC_ESE_DEFAULT_MODE, &enable, 1);
870
871 default:
872 return -EINVAL;
873 }
874 }
875
pn544_hci_disable_se(struct nfc_hci_dev * hdev,u32 se_idx)876 static int pn544_hci_disable_se(struct nfc_hci_dev *hdev, u32 se_idx)
877 {
878 struct nfc_se *se;
879 u8 disable = PN544_SE_MODE_OFF;
880
881 se = nfc_find_se(hdev->ndev, se_idx);
882
883 switch (se->type) {
884 case NFC_SE_UICC:
885 return nfc_hci_set_param(hdev, PN544_SWP_MGMT_GATE,
886 PN544_SWP_DEFAULT_MODE, &disable, 1);
887 case NFC_SE_EMBEDDED:
888 return nfc_hci_set_param(hdev, PN544_NFC_WI_MGMT_GATE,
889 PN544_NFC_ESE_DEFAULT_MODE, &disable, 1);
890 default:
891 return -EINVAL;
892 }
893 }
894
895 static struct nfc_hci_ops pn544_hci_ops = {
896 .open = pn544_hci_open,
897 .close = pn544_hci_close,
898 .hci_ready = pn544_hci_ready,
899 .xmit = pn544_hci_xmit,
900 .start_poll = pn544_hci_start_poll,
901 .dep_link_up = pn544_hci_dep_link_up,
902 .dep_link_down = pn544_hci_dep_link_down,
903 .target_from_gate = pn544_hci_target_from_gate,
904 .complete_target_discovered = pn544_hci_complete_target_discovered,
905 .im_transceive = pn544_hci_im_transceive,
906 .tm_send = pn544_hci_tm_send,
907 .check_presence = pn544_hci_check_presence,
908 .event_received = pn544_hci_event_received,
909 .fw_download = pn544_hci_fw_download,
910 .discover_se = pn544_hci_discover_se,
911 .enable_se = pn544_hci_enable_se,
912 .disable_se = pn544_hci_disable_se,
913 };
914
pn544_hci_probe(void * phy_id,struct nfc_phy_ops * phy_ops,char * llc_name,int phy_headroom,int phy_tailroom,int phy_payload,fw_download_t fw_download,struct nfc_hci_dev ** hdev)915 int pn544_hci_probe(void *phy_id, struct nfc_phy_ops *phy_ops, char *llc_name,
916 int phy_headroom, int phy_tailroom, int phy_payload,
917 fw_download_t fw_download, struct nfc_hci_dev **hdev)
918 {
919 struct pn544_hci_info *info;
920 u32 protocols;
921 struct nfc_hci_init_data init_data;
922 int r;
923
924 info = kzalloc(sizeof(struct pn544_hci_info), GFP_KERNEL);
925 if (!info) {
926 r = -ENOMEM;
927 goto err_info_alloc;
928 }
929
930 info->phy_ops = phy_ops;
931 info->phy_id = phy_id;
932 info->fw_download = fw_download;
933 info->state = PN544_ST_COLD;
934 mutex_init(&info->info_lock);
935
936 init_data.gate_count = ARRAY_SIZE(pn544_gates);
937
938 memcpy(init_data.gates, pn544_gates, sizeof(pn544_gates));
939
940 /*
941 * TODO: Session id must include the driver name + some bus addr
942 * persistent info to discriminate 2 identical chips
943 */
944 strcpy(init_data.session_id, "ID544HCI");
945
946 protocols = NFC_PROTO_JEWEL_MASK |
947 NFC_PROTO_MIFARE_MASK |
948 NFC_PROTO_FELICA_MASK |
949 NFC_PROTO_ISO14443_MASK |
950 NFC_PROTO_ISO14443_B_MASK |
951 NFC_PROTO_NFC_DEP_MASK;
952
953 info->hdev = nfc_hci_allocate_device(&pn544_hci_ops, &init_data, 0,
954 protocols, llc_name,
955 phy_headroom + PN544_CMDS_HEADROOM,
956 phy_tailroom, phy_payload);
957 if (!info->hdev) {
958 pr_err("Cannot allocate nfc hdev\n");
959 r = -ENOMEM;
960 goto err_alloc_hdev;
961 }
962
963 nfc_hci_set_clientdata(info->hdev, info);
964
965 r = nfc_hci_register_device(info->hdev);
966 if (r)
967 goto err_regdev;
968
969 *hdev = info->hdev;
970
971 return 0;
972
973 err_regdev:
974 nfc_hci_free_device(info->hdev);
975
976 err_alloc_hdev:
977 kfree(info);
978
979 err_info_alloc:
980 return r;
981 }
982 EXPORT_SYMBOL(pn544_hci_probe);
983
pn544_hci_remove(struct nfc_hci_dev * hdev)984 void pn544_hci_remove(struct nfc_hci_dev *hdev)
985 {
986 struct pn544_hci_info *info = nfc_hci_get_clientdata(hdev);
987
988 nfc_hci_unregister_device(hdev);
989 nfc_hci_free_device(hdev);
990 kfree(info);
991 }
992 EXPORT_SYMBOL(pn544_hci_remove);
993
994 MODULE_LICENSE("GPL");
995 MODULE_DESCRIPTION(DRIVER_DESC);
996