1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  * HCI based Driver for STMicroelectronics NFC Chip
4  *
5  * Copyright (C) 2014  STMicroelectronics SAS. All rights reserved.
6  */
7 
8 #include <linux/module.h>
9 #include <linux/nfc.h>
10 #include <net/nfc/hci.h>
11 
12 #include "st21nfca.h"
13 
14 #define DRIVER_DESC "HCI NFC driver for ST21NFCA"
15 
16 #define FULL_VERSION_LEN 3
17 
18 /* Proprietary gates, events, commands and registers */
19 
20 /* Commands that apply to all RF readers */
21 #define ST21NFCA_RF_READER_CMD_PRESENCE_CHECK	0x30
22 
23 #define ST21NFCA_RF_READER_ISO15693_GATE	0x12
24 #define ST21NFCA_RF_READER_ISO15693_INVENTORY	0x01
25 
26 /*
27  * Reader gate for communication with contact-less cards using Type A
28  * protocol ISO14443-3 but not compliant with ISO14443-4
29  */
30 #define ST21NFCA_RF_READER_14443_3_A_GATE	0x15
31 #define ST21NFCA_RF_READER_14443_3_A_UID	0x02
32 #define ST21NFCA_RF_READER_14443_3_A_ATQA	0x03
33 #define ST21NFCA_RF_READER_14443_3_A_SAK	0x04
34 
35 #define ST21NFCA_RF_READER_F_DATARATE		0x01
36 #define ST21NFCA_RF_READER_F_DATARATE_106	0x01
37 #define ST21NFCA_RF_READER_F_DATARATE_212	0x02
38 #define ST21NFCA_RF_READER_F_DATARATE_424	0x04
39 #define ST21NFCA_RF_READER_F_POL_REQ		0x02
40 #define ST21NFCA_RF_READER_F_POL_REQ_DEFAULT	0xffff0000
41 #define ST21NFCA_RF_READER_F_NFCID2		0x03
42 #define ST21NFCA_RF_READER_F_NFCID1		0x04
43 
44 #define ST21NFCA_RF_CARD_F_MODE			0x01
45 #define ST21NFCA_RF_CARD_F_NFCID2_LIST		0x04
46 #define ST21NFCA_RF_CARD_F_NFCID1		0x05
47 #define ST21NFCA_RF_CARD_F_SENS_RES		0x06
48 #define ST21NFCA_RF_CARD_F_SEL_RES		0x07
49 #define ST21NFCA_RF_CARD_F_DATARATE		0x08
50 #define ST21NFCA_RF_CARD_F_DATARATE_212_424	0x01
51 
52 #define ST21NFCA_DEVICE_MGNT_PIPE		0x02
53 
54 #define ST21NFCA_DM_GETINFO			0x13
55 #define ST21NFCA_DM_GETINFO_PIPE_LIST		0x02
56 #define ST21NFCA_DM_GETINFO_PIPE_INFO		0x01
57 #define ST21NFCA_DM_PIPE_CREATED		0x02
58 #define ST21NFCA_DM_PIPE_OPEN			0x04
59 #define ST21NFCA_DM_RF_ACTIVE			0x80
60 #define ST21NFCA_DM_DISCONNECT			0x30
61 
62 #define ST21NFCA_DM_IS_PIPE_OPEN(p) \
63 	((p & 0x0f) == (ST21NFCA_DM_PIPE_CREATED | ST21NFCA_DM_PIPE_OPEN))
64 
65 #define ST21NFCA_NFC_MODE			0x03	/* NFC_MODE parameter*/
66 
67 #define ST21NFCA_EVT_HOT_PLUG			0x03
68 #define ST21NFCA_EVT_HOT_PLUG_IS_INHIBITED(x) (x->data[0] & 0x80)
69 
70 #define ST21NFCA_SE_TO_PIPES			2000
71 
72 static DECLARE_BITMAP(dev_mask, ST21NFCA_NUM_DEVICES);
73 
74 static const struct nfc_hci_gate st21nfca_gates[] = {
75 	{NFC_HCI_ADMIN_GATE, NFC_HCI_ADMIN_PIPE},
76 	{NFC_HCI_LINK_MGMT_GATE, NFC_HCI_LINK_MGMT_PIPE},
77 	{ST21NFCA_DEVICE_MGNT_GATE, ST21NFCA_DEVICE_MGNT_PIPE},
78 
79 	{NFC_HCI_LOOPBACK_GATE, NFC_HCI_INVALID_PIPE},
80 	{NFC_HCI_ID_MGMT_GATE, NFC_HCI_INVALID_PIPE},
81 	{NFC_HCI_RF_READER_B_GATE, NFC_HCI_INVALID_PIPE},
82 	{NFC_HCI_RF_READER_A_GATE, NFC_HCI_INVALID_PIPE},
83 	{ST21NFCA_RF_READER_F_GATE, NFC_HCI_INVALID_PIPE},
84 	{ST21NFCA_RF_READER_14443_3_A_GATE, NFC_HCI_INVALID_PIPE},
85 	{ST21NFCA_RF_READER_ISO15693_GATE, NFC_HCI_INVALID_PIPE},
86 	{ST21NFCA_RF_CARD_F_GATE, NFC_HCI_INVALID_PIPE},
87 
88 	/* Secure element pipes are created by secure element host */
89 	{ST21NFCA_CONNECTIVITY_GATE, NFC_HCI_DO_NOT_CREATE_PIPE},
90 	{ST21NFCA_APDU_READER_GATE, NFC_HCI_DO_NOT_CREATE_PIPE},
91 };
92 
93 struct st21nfca_pipe_info {
94 	u8 pipe_state;
95 	u8 src_host_id;
96 	u8 src_gate_id;
97 	u8 dst_host_id;
98 	u8 dst_gate_id;
99 } __packed;
100 
101 /* Largest headroom needed for outgoing custom commands */
102 #define ST21NFCA_CMDS_HEADROOM  7
103 
st21nfca_hci_load_session(struct nfc_hci_dev * hdev)104 static int st21nfca_hci_load_session(struct nfc_hci_dev *hdev)
105 {
106 	int i, j, r;
107 	struct sk_buff *skb_pipe_list, *skb_pipe_info;
108 	struct st21nfca_pipe_info *info;
109 
110 	u8 pipe_list[] = { ST21NFCA_DM_GETINFO_PIPE_LIST,
111 		NFC_HCI_TERMINAL_HOST_ID
112 	};
113 	u8 pipe_info[] = { ST21NFCA_DM_GETINFO_PIPE_INFO,
114 		NFC_HCI_TERMINAL_HOST_ID, 0
115 	};
116 
117 	/* On ST21NFCA device pipes number are dynamics
118 	 * A maximum of 16 pipes can be created at the same time
119 	 * If pipes are already created, hci_dev_up will fail.
120 	 * Doing a clear all pipe is a bad idea because:
121 	 * - It does useless EEPROM cycling
122 	 * - It might cause issue for secure elements support
123 	 * (such as removing connectivity or APDU reader pipe)
124 	 * A better approach on ST21NFCA is to:
125 	 * - get a pipe list for each host.
126 	 * (eg: NFC_HCI_HOST_CONTROLLER_ID for now).
127 	 * (TODO Later on UICC HOST and eSE HOST)
128 	 * - get pipe information
129 	 * - match retrieved pipe list in st21nfca_gates
130 	 * ST21NFCA_DEVICE_MGNT_GATE is a proprietary gate
131 	 * with ST21NFCA_DEVICE_MGNT_PIPE.
132 	 * Pipe can be closed and need to be open.
133 	 */
134 	r = nfc_hci_connect_gate(hdev, NFC_HCI_HOST_CONTROLLER_ID,
135 				ST21NFCA_DEVICE_MGNT_GATE,
136 				ST21NFCA_DEVICE_MGNT_PIPE);
137 	if (r < 0)
138 		return r;
139 
140 	/* Get pipe list */
141 	r = nfc_hci_send_cmd(hdev, ST21NFCA_DEVICE_MGNT_GATE,
142 			ST21NFCA_DM_GETINFO, pipe_list, sizeof(pipe_list),
143 			&skb_pipe_list);
144 	if (r < 0)
145 		return r;
146 
147 	/* Complete the existing gate_pipe table */
148 	for (i = 0; i < skb_pipe_list->len; i++) {
149 		pipe_info[2] = skb_pipe_list->data[i];
150 		r = nfc_hci_send_cmd(hdev, ST21NFCA_DEVICE_MGNT_GATE,
151 					ST21NFCA_DM_GETINFO, pipe_info,
152 					sizeof(pipe_info), &skb_pipe_info);
153 		if (r)
154 			continue;
155 
156 		/*
157 		 * Match pipe ID and gate ID
158 		 * Output format from ST21NFC_DM_GETINFO is:
159 		 * - pipe state (1byte)
160 		 * - source hid (1byte)
161 		 * - source gid (1byte)
162 		 * - destination hid (1byte)
163 		 * - destination gid (1byte)
164 		 */
165 		info = (struct st21nfca_pipe_info *) skb_pipe_info->data;
166 		if (info->dst_gate_id == ST21NFCA_APDU_READER_GATE &&
167 			info->src_host_id == NFC_HCI_UICC_HOST_ID) {
168 			pr_err("Unexpected apdu_reader pipe on host %x\n",
169 				info->src_host_id);
170 			kfree_skb(skb_pipe_info);
171 			continue;
172 		}
173 
174 		for (j = 3; (j < ARRAY_SIZE(st21nfca_gates)) &&
175 			(st21nfca_gates[j].gate != info->dst_gate_id) ; j++)
176 			;
177 
178 		if (j < ARRAY_SIZE(st21nfca_gates) &&
179 			st21nfca_gates[j].gate == info->dst_gate_id &&
180 			ST21NFCA_DM_IS_PIPE_OPEN(info->pipe_state)) {
181 			hdev->init_data.gates[j].pipe = pipe_info[2];
182 
183 			hdev->gate2pipe[st21nfca_gates[j].gate] =
184 						pipe_info[2];
185 			hdev->pipes[pipe_info[2]].gate =
186 						st21nfca_gates[j].gate;
187 			hdev->pipes[pipe_info[2]].dest_host =
188 						info->src_host_id;
189 		}
190 		kfree_skb(skb_pipe_info);
191 	}
192 
193 	/*
194 	 * 3 gates have a well known pipe ID. Only NFC_HCI_LINK_MGMT_GATE
195 	 * is not yet open at this stage.
196 	 */
197 	r = nfc_hci_connect_gate(hdev, NFC_HCI_HOST_CONTROLLER_ID,
198 				 NFC_HCI_LINK_MGMT_GATE,
199 				 NFC_HCI_LINK_MGMT_PIPE);
200 
201 	kfree_skb(skb_pipe_list);
202 	return r;
203 }
204 
st21nfca_hci_open(struct nfc_hci_dev * hdev)205 static int st21nfca_hci_open(struct nfc_hci_dev *hdev)
206 {
207 	struct st21nfca_hci_info *info = nfc_hci_get_clientdata(hdev);
208 	int r;
209 
210 	mutex_lock(&info->info_lock);
211 
212 	if (info->state != ST21NFCA_ST_COLD) {
213 		r = -EBUSY;
214 		goto out;
215 	}
216 
217 	r = info->phy_ops->enable(info->phy_id);
218 
219 	if (r == 0)
220 		info->state = ST21NFCA_ST_READY;
221 
222 out:
223 	mutex_unlock(&info->info_lock);
224 	return r;
225 }
226 
st21nfca_hci_close(struct nfc_hci_dev * hdev)227 static void st21nfca_hci_close(struct nfc_hci_dev *hdev)
228 {
229 	struct st21nfca_hci_info *info = nfc_hci_get_clientdata(hdev);
230 
231 	mutex_lock(&info->info_lock);
232 
233 	if (info->state == ST21NFCA_ST_COLD)
234 		goto out;
235 
236 	info->phy_ops->disable(info->phy_id);
237 	info->state = ST21NFCA_ST_COLD;
238 
239 out:
240 	mutex_unlock(&info->info_lock);
241 }
242 
st21nfca_hci_ready(struct nfc_hci_dev * hdev)243 static int st21nfca_hci_ready(struct nfc_hci_dev *hdev)
244 {
245 	struct st21nfca_hci_info *info = nfc_hci_get_clientdata(hdev);
246 	struct sk_buff *skb;
247 
248 	u8 param;
249 	u8 white_list[2];
250 	int wl_size = 0;
251 	int r;
252 
253 	if (info->se_status->is_uicc_present)
254 		white_list[wl_size++] = NFC_HCI_UICC_HOST_ID;
255 	if (info->se_status->is_ese_present)
256 		white_list[wl_size++] = ST21NFCA_ESE_HOST_ID;
257 
258 	if (wl_size) {
259 		r = nfc_hci_set_param(hdev, NFC_HCI_ADMIN_GATE,
260 					NFC_HCI_ADMIN_WHITELIST,
261 					(u8 *) &white_list, wl_size);
262 		if (r < 0)
263 			return r;
264 	}
265 
266 	/* Set NFC_MODE in device management gate to enable */
267 	r = nfc_hci_get_param(hdev, ST21NFCA_DEVICE_MGNT_GATE,
268 			      ST21NFCA_NFC_MODE, &skb);
269 	if (r < 0)
270 		return r;
271 
272 	param = skb->data[0];
273 	kfree_skb(skb);
274 	if (param == 0) {
275 		param = 1;
276 
277 		r = nfc_hci_set_param(hdev, ST21NFCA_DEVICE_MGNT_GATE,
278 					ST21NFCA_NFC_MODE, &param, 1);
279 		if (r < 0)
280 			return r;
281 	}
282 
283 	r = nfc_hci_send_event(hdev, NFC_HCI_RF_READER_A_GATE,
284 			       NFC_HCI_EVT_END_OPERATION, NULL, 0);
285 	if (r < 0)
286 		return r;
287 
288 	r = nfc_hci_get_param(hdev, NFC_HCI_ID_MGMT_GATE,
289 			      NFC_HCI_ID_MGMT_VERSION_SW, &skb);
290 	if (r < 0)
291 		return r;
292 
293 	if (skb->len != FULL_VERSION_LEN) {
294 		kfree_skb(skb);
295 		return -EINVAL;
296 	}
297 
298 	print_hex_dump(KERN_DEBUG, "FULL VERSION SOFTWARE INFO: ",
299 		       DUMP_PREFIX_NONE, 16, 1,
300 		       skb->data, FULL_VERSION_LEN, false);
301 
302 	kfree_skb(skb);
303 
304 	return 0;
305 }
306 
st21nfca_hci_xmit(struct nfc_hci_dev * hdev,struct sk_buff * skb)307 static int st21nfca_hci_xmit(struct nfc_hci_dev *hdev, struct sk_buff *skb)
308 {
309 	struct st21nfca_hci_info *info = nfc_hci_get_clientdata(hdev);
310 
311 	return info->phy_ops->write(info->phy_id, skb);
312 }
313 
st21nfca_hci_start_poll(struct nfc_hci_dev * hdev,u32 im_protocols,u32 tm_protocols)314 static int st21nfca_hci_start_poll(struct nfc_hci_dev *hdev,
315 				   u32 im_protocols, u32 tm_protocols)
316 {
317 	int r;
318 	u32 pol_req;
319 	u8 param[19];
320 	struct sk_buff *datarate_skb;
321 
322 	pr_info(DRIVER_DESC ": %s protocols 0x%x 0x%x\n",
323 		__func__, im_protocols, tm_protocols);
324 
325 	r = nfc_hci_send_event(hdev, NFC_HCI_RF_READER_A_GATE,
326 			       NFC_HCI_EVT_END_OPERATION, NULL, 0);
327 	if (r < 0)
328 		return r;
329 	if (im_protocols) {
330 		/*
331 		 * enable polling according to im_protocols & tm_protocols
332 		 * - CLOSE pipe according to im_protocols & tm_protocols
333 		 */
334 		if ((NFC_HCI_RF_READER_B_GATE & im_protocols) == 0) {
335 			r = nfc_hci_disconnect_gate(hdev,
336 					NFC_HCI_RF_READER_B_GATE);
337 			if (r < 0)
338 				return r;
339 		}
340 
341 		if ((NFC_HCI_RF_READER_A_GATE & im_protocols) == 0) {
342 			r = nfc_hci_disconnect_gate(hdev,
343 					NFC_HCI_RF_READER_A_GATE);
344 			if (r < 0)
345 				return r;
346 		}
347 
348 		if ((ST21NFCA_RF_READER_F_GATE & im_protocols) == 0) {
349 			r = nfc_hci_disconnect_gate(hdev,
350 					ST21NFCA_RF_READER_F_GATE);
351 			if (r < 0)
352 				return r;
353 		} else {
354 			hdev->gb = nfc_get_local_general_bytes(hdev->ndev,
355 							       &hdev->gb_len);
356 
357 			if (hdev->gb == NULL || hdev->gb_len == 0) {
358 				im_protocols &= ~NFC_PROTO_NFC_DEP_MASK;
359 				tm_protocols &= ~NFC_PROTO_NFC_DEP_MASK;
360 			}
361 
362 			param[0] = ST21NFCA_RF_READER_F_DATARATE_106 |
363 			    ST21NFCA_RF_READER_F_DATARATE_212 |
364 			    ST21NFCA_RF_READER_F_DATARATE_424;
365 			r = nfc_hci_set_param(hdev, ST21NFCA_RF_READER_F_GATE,
366 					      ST21NFCA_RF_READER_F_DATARATE,
367 					      param, 1);
368 			if (r < 0)
369 				return r;
370 
371 			pol_req = be32_to_cpu((__force __be32)
372 					ST21NFCA_RF_READER_F_POL_REQ_DEFAULT);
373 			r = nfc_hci_set_param(hdev, ST21NFCA_RF_READER_F_GATE,
374 					      ST21NFCA_RF_READER_F_POL_REQ,
375 					      (u8 *) &pol_req, 4);
376 			if (r < 0)
377 				return r;
378 		}
379 
380 		if ((ST21NFCA_RF_READER_14443_3_A_GATE & im_protocols) == 0) {
381 			r = nfc_hci_disconnect_gate(hdev,
382 					ST21NFCA_RF_READER_14443_3_A_GATE);
383 			if (r < 0)
384 				return r;
385 		}
386 
387 		if ((ST21NFCA_RF_READER_ISO15693_GATE & im_protocols) == 0) {
388 			r = nfc_hci_disconnect_gate(hdev,
389 					ST21NFCA_RF_READER_ISO15693_GATE);
390 			if (r < 0)
391 				return r;
392 		}
393 
394 		r = nfc_hci_send_event(hdev, NFC_HCI_RF_READER_A_GATE,
395 				       NFC_HCI_EVT_READER_REQUESTED, NULL, 0);
396 		if (r < 0)
397 			nfc_hci_send_event(hdev, NFC_HCI_RF_READER_A_GATE,
398 					   NFC_HCI_EVT_END_OPERATION, NULL, 0);
399 	}
400 
401 	if (tm_protocols & NFC_PROTO_NFC_DEP_MASK) {
402 		r = nfc_hci_get_param(hdev, ST21NFCA_RF_CARD_F_GATE,
403 				      ST21NFCA_RF_CARD_F_DATARATE,
404 				      &datarate_skb);
405 		if (r < 0)
406 			return r;
407 
408 		/* Configure the maximum supported datarate to 424Kbps */
409 		if (datarate_skb->len > 0 &&
410 		    datarate_skb->data[0] !=
411 		    ST21NFCA_RF_CARD_F_DATARATE_212_424) {
412 			param[0] = ST21NFCA_RF_CARD_F_DATARATE_212_424;
413 			r = nfc_hci_set_param(hdev, ST21NFCA_RF_CARD_F_GATE,
414 					      ST21NFCA_RF_CARD_F_DATARATE,
415 					      param, 1);
416 			if (r < 0) {
417 				kfree_skb(datarate_skb);
418 				return r;
419 			}
420 		}
421 		kfree_skb(datarate_skb);
422 
423 		/*
424 		 * Configure sens_res
425 		 *
426 		 * NFC Forum Digital Spec Table 7:
427 		 * NFCID1 size: triple (10 bytes)
428 		 */
429 		param[0] = 0x00;
430 		param[1] = 0x08;
431 		r = nfc_hci_set_param(hdev, ST21NFCA_RF_CARD_F_GATE,
432 				      ST21NFCA_RF_CARD_F_SENS_RES, param, 2);
433 		if (r < 0)
434 			return r;
435 
436 		/*
437 		 * Configure sel_res
438 		 *
439 		 * NFC Forum Digistal Spec Table 17:
440 		 * b3 set to 0b (value b7-b6):
441 		 * - 10b: Configured for NFC-DEP Protocol
442 		 */
443 		param[0] = 0x40;
444 		r = nfc_hci_set_param(hdev, ST21NFCA_RF_CARD_F_GATE,
445 				      ST21NFCA_RF_CARD_F_SEL_RES, param, 1);
446 		if (r < 0)
447 			return r;
448 
449 		/* Configure NFCID1 Random uid */
450 		r = nfc_hci_set_param(hdev, ST21NFCA_RF_CARD_F_GATE,
451 				      ST21NFCA_RF_CARD_F_NFCID1, NULL, 0);
452 		if (r < 0)
453 			return r;
454 
455 		/* Configure NFCID2_LIST */
456 		/* System Code */
457 		param[0] = 0x00;
458 		param[1] = 0x00;
459 		/* NFCID2 */
460 		param[2] = 0x01;
461 		param[3] = 0xfe;
462 		param[4] = 'S';
463 		param[5] = 'T';
464 		param[6] = 'M';
465 		param[7] = 'i';
466 		param[8] = 'c';
467 		param[9] = 'r';
468 		/* 8 byte Pad bytes used for polling respone frame */
469 
470 		/*
471 		 * Configuration byte:
472 		 * - bit 0: define the default NFCID2 entry used when the
473 		 * system code is equal to 'FFFF'
474 		 * - bit 1: use a random value for lowest 6 bytes of
475 		 * NFCID2 value
476 		 * - bit 2: ignore polling request frame if request code
477 		 * is equal to '01'
478 		 * - Other bits are RFU
479 		 */
480 		param[18] = 0x01;
481 		r = nfc_hci_set_param(hdev, ST21NFCA_RF_CARD_F_GATE,
482 				      ST21NFCA_RF_CARD_F_NFCID2_LIST, param,
483 				      19);
484 		if (r < 0)
485 			return r;
486 
487 		param[0] = 0x02;
488 		r = nfc_hci_set_param(hdev, ST21NFCA_RF_CARD_F_GATE,
489 				      ST21NFCA_RF_CARD_F_MODE, param, 1);
490 	}
491 
492 	return r;
493 }
494 
st21nfca_hci_stop_poll(struct nfc_hci_dev * hdev)495 static void st21nfca_hci_stop_poll(struct nfc_hci_dev *hdev)
496 {
497 	nfc_hci_send_cmd(hdev, ST21NFCA_DEVICE_MGNT_GATE,
498 			ST21NFCA_DM_DISCONNECT, NULL, 0, NULL);
499 }
500 
st21nfca_get_iso14443_3_atqa(struct nfc_hci_dev * hdev,u16 * atqa)501 static int st21nfca_get_iso14443_3_atqa(struct nfc_hci_dev *hdev, u16 *atqa)
502 {
503 	int r;
504 	struct sk_buff *atqa_skb = NULL;
505 
506 	r = nfc_hci_get_param(hdev, ST21NFCA_RF_READER_14443_3_A_GATE,
507 			      ST21NFCA_RF_READER_14443_3_A_ATQA, &atqa_skb);
508 	if (r < 0)
509 		goto exit;
510 
511 	if (atqa_skb->len != 2) {
512 		r = -EPROTO;
513 		goto exit;
514 	}
515 
516 	*atqa = be16_to_cpu(*(__be16 *) atqa_skb->data);
517 
518 exit:
519 	kfree_skb(atqa_skb);
520 	return r;
521 }
522 
st21nfca_get_iso14443_3_sak(struct nfc_hci_dev * hdev,u8 * sak)523 static int st21nfca_get_iso14443_3_sak(struct nfc_hci_dev *hdev, u8 *sak)
524 {
525 	int r;
526 	struct sk_buff *sak_skb = NULL;
527 
528 	r = nfc_hci_get_param(hdev, ST21NFCA_RF_READER_14443_3_A_GATE,
529 			      ST21NFCA_RF_READER_14443_3_A_SAK, &sak_skb);
530 	if (r < 0)
531 		goto exit;
532 
533 	if (sak_skb->len != 1) {
534 		r = -EPROTO;
535 		goto exit;
536 	}
537 
538 	*sak = sak_skb->data[0];
539 
540 exit:
541 	kfree_skb(sak_skb);
542 	return r;
543 }
544 
st21nfca_get_iso14443_3_uid(struct nfc_hci_dev * hdev,u8 * uid,int * len)545 static int st21nfca_get_iso14443_3_uid(struct nfc_hci_dev *hdev, u8 *uid,
546 				       int *len)
547 {
548 	int r;
549 	struct sk_buff *uid_skb = NULL;
550 
551 	r = nfc_hci_get_param(hdev, ST21NFCA_RF_READER_14443_3_A_GATE,
552 			      ST21NFCA_RF_READER_14443_3_A_UID, &uid_skb);
553 	if (r < 0)
554 		goto exit;
555 
556 	if (uid_skb->len == 0 || uid_skb->len > NFC_NFCID1_MAXSIZE) {
557 		r = -EPROTO;
558 		goto exit;
559 	}
560 
561 	memcpy(uid, uid_skb->data, uid_skb->len);
562 	*len = uid_skb->len;
563 exit:
564 	kfree_skb(uid_skb);
565 	return r;
566 }
567 
st21nfca_get_iso15693_inventory(struct nfc_hci_dev * hdev,struct nfc_target * target)568 static int st21nfca_get_iso15693_inventory(struct nfc_hci_dev *hdev,
569 					   struct nfc_target *target)
570 {
571 	int r;
572 	struct sk_buff *inventory_skb = NULL;
573 
574 	r = nfc_hci_get_param(hdev, ST21NFCA_RF_READER_ISO15693_GATE,
575 			      ST21NFCA_RF_READER_ISO15693_INVENTORY,
576 			      &inventory_skb);
577 	if (r < 0)
578 		goto exit;
579 
580 	skb_pull(inventory_skb, 2);
581 
582 	if (inventory_skb->len == 0 ||
583 	    inventory_skb->len > NFC_ISO15693_UID_MAXSIZE) {
584 		r = -EPROTO;
585 		goto exit;
586 	}
587 
588 	memcpy(target->iso15693_uid, inventory_skb->data, inventory_skb->len);
589 	target->iso15693_dsfid	= inventory_skb->data[1];
590 	target->is_iso15693 = 1;
591 exit:
592 	kfree_skb(inventory_skb);
593 	return r;
594 }
595 
st21nfca_hci_dep_link_up(struct nfc_hci_dev * hdev,struct nfc_target * target,u8 comm_mode,u8 * gb,size_t gb_len)596 static int st21nfca_hci_dep_link_up(struct nfc_hci_dev *hdev,
597 				    struct nfc_target *target, u8 comm_mode,
598 				    u8 *gb, size_t gb_len)
599 {
600 	struct st21nfca_hci_info *info = nfc_hci_get_clientdata(hdev);
601 
602 	info->dep_info.idx = target->idx;
603 	return st21nfca_im_send_atr_req(hdev, gb, gb_len);
604 }
605 
st21nfca_hci_dep_link_down(struct nfc_hci_dev * hdev)606 static int st21nfca_hci_dep_link_down(struct nfc_hci_dev *hdev)
607 {
608 	struct st21nfca_hci_info *info = nfc_hci_get_clientdata(hdev);
609 
610 	info->state = ST21NFCA_ST_READY;
611 
612 	return nfc_hci_send_cmd(hdev, ST21NFCA_DEVICE_MGNT_GATE,
613 				ST21NFCA_DM_DISCONNECT, NULL, 0, NULL);
614 }
615 
st21nfca_hci_target_from_gate(struct nfc_hci_dev * hdev,u8 gate,struct nfc_target * target)616 static int st21nfca_hci_target_from_gate(struct nfc_hci_dev *hdev, u8 gate,
617 					 struct nfc_target *target)
618 {
619 	int r, len;
620 	u16 atqa;
621 	u8 sak;
622 	u8 uid[NFC_NFCID1_MAXSIZE];
623 
624 	switch (gate) {
625 	case ST21NFCA_RF_READER_F_GATE:
626 		target->supported_protocols = NFC_PROTO_FELICA_MASK;
627 		break;
628 	case ST21NFCA_RF_READER_14443_3_A_GATE:
629 		/* ISO14443-3 type 1 or 2 tags */
630 		r = st21nfca_get_iso14443_3_atqa(hdev, &atqa);
631 		if (r < 0)
632 			return r;
633 		if (atqa == 0x000c) {
634 			target->supported_protocols = NFC_PROTO_JEWEL_MASK;
635 			target->sens_res = 0x0c00;
636 		} else {
637 			r = st21nfca_get_iso14443_3_sak(hdev, &sak);
638 			if (r < 0)
639 				return r;
640 
641 			r = st21nfca_get_iso14443_3_uid(hdev, uid, &len);
642 			if (r < 0)
643 				return r;
644 
645 			target->supported_protocols =
646 			    nfc_hci_sak_to_protocol(sak);
647 			if (target->supported_protocols == 0xffffffff)
648 				return -EPROTO;
649 
650 			target->sens_res = atqa;
651 			target->sel_res = sak;
652 			memcpy(target->nfcid1, uid, len);
653 			target->nfcid1_len = len;
654 		}
655 
656 		break;
657 	case ST21NFCA_RF_READER_ISO15693_GATE:
658 		target->supported_protocols = NFC_PROTO_ISO15693_MASK;
659 		r = st21nfca_get_iso15693_inventory(hdev, target);
660 		if (r < 0)
661 			return r;
662 		break;
663 	default:
664 		return -EPROTO;
665 	}
666 
667 	return 0;
668 }
669 
st21nfca_hci_complete_target_discovered(struct nfc_hci_dev * hdev,u8 gate,struct nfc_target * target)670 static int st21nfca_hci_complete_target_discovered(struct nfc_hci_dev *hdev,
671 						u8 gate,
672 						struct nfc_target *target)
673 {
674 	int r;
675 	struct sk_buff *nfcid_skb = NULL;
676 
677 	if (gate == ST21NFCA_RF_READER_F_GATE) {
678 		r = nfc_hci_get_param(hdev, ST21NFCA_RF_READER_F_GATE,
679 				ST21NFCA_RF_READER_F_NFCID2, &nfcid_skb);
680 		if (r < 0)
681 			goto exit;
682 
683 		if (nfcid_skb->len > NFC_SENSF_RES_MAXSIZE) {
684 			r = -EPROTO;
685 			goto exit;
686 		}
687 
688 		/*
689 		 * - After the recepton of polling response for type F frame
690 		 * at 212 or 424 Kbit/s, NFCID2 registry parameters will be
691 		 * updated.
692 		 * - After the reception of SEL_RES with NFCIP-1 compliant bit
693 		 * set for type A frame NFCID1 will be updated
694 		 */
695 		if (nfcid_skb->len > 0) {
696 			/* P2P in type F */
697 			memcpy(target->sensf_res, nfcid_skb->data,
698 				nfcid_skb->len);
699 			target->sensf_res_len = nfcid_skb->len;
700 			/* NFC Forum Digital Protocol Table 44 */
701 			if (target->sensf_res[0] == 0x01 &&
702 			    target->sensf_res[1] == 0xfe)
703 				target->supported_protocols =
704 							NFC_PROTO_NFC_DEP_MASK;
705 			else
706 				target->supported_protocols =
707 							NFC_PROTO_FELICA_MASK;
708 		} else {
709 			kfree_skb(nfcid_skb);
710 			nfcid_skb = NULL;
711 			/* P2P in type A */
712 			r = nfc_hci_get_param(hdev, ST21NFCA_RF_READER_F_GATE,
713 					ST21NFCA_RF_READER_F_NFCID1,
714 					&nfcid_skb);
715 			if (r < 0)
716 				goto exit;
717 
718 			if (nfcid_skb->len > NFC_NFCID1_MAXSIZE) {
719 				r = -EPROTO;
720 				goto exit;
721 			}
722 			memcpy(target->sensf_res, nfcid_skb->data,
723 				nfcid_skb->len);
724 			target->sensf_res_len = nfcid_skb->len;
725 			target->supported_protocols = NFC_PROTO_NFC_DEP_MASK;
726 		}
727 		target->hci_reader_gate = ST21NFCA_RF_READER_F_GATE;
728 	}
729 	r = 1;
730 exit:
731 	kfree_skb(nfcid_skb);
732 	return r;
733 }
734 
735 #define ST21NFCA_CB_TYPE_READER_ISO15693 1
st21nfca_hci_data_exchange_cb(void * context,struct sk_buff * skb,int err)736 static void st21nfca_hci_data_exchange_cb(void *context, struct sk_buff *skb,
737 					  int err)
738 {
739 	struct st21nfca_hci_info *info = context;
740 
741 	switch (info->async_cb_type) {
742 	case ST21NFCA_CB_TYPE_READER_ISO15693:
743 		if (err == 0)
744 			skb_trim(skb, skb->len - 1);
745 		info->async_cb(info->async_cb_context, skb, err);
746 		break;
747 	default:
748 		if (err == 0)
749 			kfree_skb(skb);
750 		break;
751 	}
752 }
753 
754 /*
755  * Returns:
756  * <= 0: driver handled the data exchange
757  *    1: driver doesn't especially handle, please do standard processing
758  */
st21nfca_hci_im_transceive(struct nfc_hci_dev * hdev,struct nfc_target * target,struct sk_buff * skb,data_exchange_cb_t cb,void * cb_context)759 static int st21nfca_hci_im_transceive(struct nfc_hci_dev *hdev,
760 				      struct nfc_target *target,
761 				      struct sk_buff *skb,
762 				      data_exchange_cb_t cb, void *cb_context)
763 {
764 	struct st21nfca_hci_info *info = nfc_hci_get_clientdata(hdev);
765 
766 	pr_info(DRIVER_DESC ": %s for gate=%d len=%d\n", __func__,
767 		target->hci_reader_gate, skb->len);
768 
769 	switch (target->hci_reader_gate) {
770 	case ST21NFCA_RF_READER_F_GATE:
771 		if (target->supported_protocols == NFC_PROTO_NFC_DEP_MASK)
772 			return st21nfca_im_send_dep_req(hdev, skb);
773 
774 		*(u8 *)skb_push(skb, 1) = 0x1a;
775 		return nfc_hci_send_cmd_async(hdev, target->hci_reader_gate,
776 					      ST21NFCA_WR_XCHG_DATA, skb->data,
777 					      skb->len, cb, cb_context);
778 	case ST21NFCA_RF_READER_14443_3_A_GATE:
779 		*(u8 *)skb_push(skb, 1) = 0x1a;	/* CTR, see spec:10.2.2.1 */
780 
781 		return nfc_hci_send_cmd_async(hdev, target->hci_reader_gate,
782 					      ST21NFCA_WR_XCHG_DATA, skb->data,
783 					      skb->len, cb, cb_context);
784 	case ST21NFCA_RF_READER_ISO15693_GATE:
785 		info->async_cb_type = ST21NFCA_CB_TYPE_READER_ISO15693;
786 		info->async_cb = cb;
787 		info->async_cb_context = cb_context;
788 
789 		*(u8 *)skb_push(skb, 1) = 0x17;
790 
791 		return nfc_hci_send_cmd_async(hdev, target->hci_reader_gate,
792 					      ST21NFCA_WR_XCHG_DATA, skb->data,
793 					      skb->len,
794 					      st21nfca_hci_data_exchange_cb,
795 					      info);
796 	default:
797 		return 1;
798 	}
799 }
800 
st21nfca_hci_tm_send(struct nfc_hci_dev * hdev,struct sk_buff * skb)801 static int st21nfca_hci_tm_send(struct nfc_hci_dev *hdev, struct sk_buff *skb)
802 {
803 	return st21nfca_tm_send_dep_res(hdev, skb);
804 }
805 
st21nfca_hci_check_presence(struct nfc_hci_dev * hdev,struct nfc_target * target)806 static int st21nfca_hci_check_presence(struct nfc_hci_dev *hdev,
807 				       struct nfc_target *target)
808 {
809 	u8 fwi = 0x11;
810 
811 	switch (target->hci_reader_gate) {
812 	case NFC_HCI_RF_READER_A_GATE:
813 	case NFC_HCI_RF_READER_B_GATE:
814 		/*
815 		 * PRESENCE_CHECK on those gates is available
816 		 * However, the answer to this command is taking 3 * fwi
817 		 * if the card is no present.
818 		 * Instead, we send an empty I-Frame with a very short
819 		 * configurable fwi ~604µs.
820 		 */
821 		return nfc_hci_send_cmd(hdev, target->hci_reader_gate,
822 					ST21NFCA_WR_XCHG_DATA, &fwi, 1, NULL);
823 	case ST21NFCA_RF_READER_14443_3_A_GATE:
824 		return nfc_hci_send_cmd(hdev, target->hci_reader_gate,
825 					ST21NFCA_RF_READER_CMD_PRESENCE_CHECK,
826 					NULL, 0, NULL);
827 	default:
828 		return -EOPNOTSUPP;
829 	}
830 }
831 
st21nfca_hci_cmd_received(struct nfc_hci_dev * hdev,u8 pipe,u8 cmd,struct sk_buff * skb)832 static void st21nfca_hci_cmd_received(struct nfc_hci_dev *hdev, u8 pipe, u8 cmd,
833 				struct sk_buff *skb)
834 {
835 	struct st21nfca_hci_info *info = nfc_hci_get_clientdata(hdev);
836 	u8 gate = hdev->pipes[pipe].gate;
837 
838 	pr_debug("cmd: %x\n", cmd);
839 
840 	switch (cmd) {
841 	case NFC_HCI_ANY_OPEN_PIPE:
842 		if (gate != ST21NFCA_APDU_READER_GATE &&
843 			hdev->pipes[pipe].dest_host != NFC_HCI_UICC_HOST_ID)
844 			info->se_info.count_pipes++;
845 
846 		if (info->se_info.count_pipes == info->se_info.expected_pipes) {
847 			del_timer_sync(&info->se_info.se_active_timer);
848 			info->se_info.se_active = false;
849 			info->se_info.count_pipes = 0;
850 			complete(&info->se_info.req_completion);
851 		}
852 	break;
853 	}
854 }
855 
st21nfca_admin_event_received(struct nfc_hci_dev * hdev,u8 event,struct sk_buff * skb)856 static int st21nfca_admin_event_received(struct nfc_hci_dev *hdev, u8 event,
857 					struct sk_buff *skb)
858 {
859 	struct st21nfca_hci_info *info = nfc_hci_get_clientdata(hdev);
860 
861 	pr_debug("admin event: %x\n", event);
862 
863 	switch (event) {
864 	case ST21NFCA_EVT_HOT_PLUG:
865 		if (info->se_info.se_active) {
866 			if (!ST21NFCA_EVT_HOT_PLUG_IS_INHIBITED(skb)) {
867 				del_timer_sync(&info->se_info.se_active_timer);
868 				info->se_info.se_active = false;
869 				complete(&info->se_info.req_completion);
870 			} else {
871 				mod_timer(&info->se_info.se_active_timer,
872 					jiffies +
873 					msecs_to_jiffies(ST21NFCA_SE_TO_PIPES));
874 			}
875 		}
876 	break;
877 	default:
878 		nfc_err(&hdev->ndev->dev, "Unexpected event on admin gate\n");
879 	}
880 	kfree_skb(skb);
881 	return 0;
882 }
883 
884 /*
885  * Returns:
886  * <= 0: driver handled the event, skb consumed
887  *    1: driver does not handle the event, please do standard processing
888  */
st21nfca_hci_event_received(struct nfc_hci_dev * hdev,u8 pipe,u8 event,struct sk_buff * skb)889 static int st21nfca_hci_event_received(struct nfc_hci_dev *hdev, u8 pipe,
890 				       u8 event, struct sk_buff *skb)
891 {
892 	u8 gate = hdev->pipes[pipe].gate;
893 	u8 host = hdev->pipes[pipe].dest_host;
894 
895 	pr_debug("hci event: %d gate: %x\n", event, gate);
896 
897 	switch (gate) {
898 	case NFC_HCI_ADMIN_GATE:
899 		return st21nfca_admin_event_received(hdev, event, skb);
900 	case ST21NFCA_RF_CARD_F_GATE:
901 		return st21nfca_dep_event_received(hdev, event, skb);
902 	case ST21NFCA_CONNECTIVITY_GATE:
903 		return st21nfca_connectivity_event_received(hdev, host,
904 							event, skb);
905 	case ST21NFCA_APDU_READER_GATE:
906 		return st21nfca_apdu_reader_event_received(hdev, event, skb);
907 	case NFC_HCI_LOOPBACK_GATE:
908 		return st21nfca_hci_loopback_event_received(hdev, event, skb);
909 	default:
910 		return 1;
911 	}
912 }
913 
914 static const struct nfc_hci_ops st21nfca_hci_ops = {
915 	.open = st21nfca_hci_open,
916 	.close = st21nfca_hci_close,
917 	.load_session = st21nfca_hci_load_session,
918 	.hci_ready = st21nfca_hci_ready,
919 	.xmit = st21nfca_hci_xmit,
920 	.start_poll = st21nfca_hci_start_poll,
921 	.stop_poll = st21nfca_hci_stop_poll,
922 	.dep_link_up = st21nfca_hci_dep_link_up,
923 	.dep_link_down = st21nfca_hci_dep_link_down,
924 	.target_from_gate = st21nfca_hci_target_from_gate,
925 	.complete_target_discovered = st21nfca_hci_complete_target_discovered,
926 	.im_transceive = st21nfca_hci_im_transceive,
927 	.tm_send = st21nfca_hci_tm_send,
928 	.check_presence = st21nfca_hci_check_presence,
929 	.event_received = st21nfca_hci_event_received,
930 	.cmd_received = st21nfca_hci_cmd_received,
931 	.discover_se = st21nfca_hci_discover_se,
932 	.enable_se = st21nfca_hci_enable_se,
933 	.disable_se = st21nfca_hci_disable_se,
934 	.se_io = st21nfca_hci_se_io,
935 };
936 
st21nfca_hci_probe(void * phy_id,const struct nfc_phy_ops * phy_ops,char * llc_name,int phy_headroom,int phy_tailroom,int phy_payload,struct nfc_hci_dev ** hdev,struct st21nfca_se_status * se_status)937 int st21nfca_hci_probe(void *phy_id, const struct nfc_phy_ops *phy_ops,
938 		       char *llc_name, int phy_headroom, int phy_tailroom,
939 		       int phy_payload, struct nfc_hci_dev **hdev,
940 			   struct st21nfca_se_status *se_status)
941 {
942 	struct st21nfca_hci_info *info;
943 	int r = 0;
944 	int dev_num;
945 	u32 protocols;
946 	struct nfc_hci_init_data init_data;
947 	unsigned long quirks = 0;
948 
949 	info = kzalloc(sizeof(struct st21nfca_hci_info), GFP_KERNEL);
950 	if (!info)
951 		return -ENOMEM;
952 
953 	info->phy_ops = phy_ops;
954 	info->phy_id = phy_id;
955 	info->state = ST21NFCA_ST_COLD;
956 	mutex_init(&info->info_lock);
957 
958 	init_data.gate_count = ARRAY_SIZE(st21nfca_gates);
959 
960 	memcpy(init_data.gates, st21nfca_gates, sizeof(st21nfca_gates));
961 
962 	/*
963 	 * Session id must include the driver name + i2c bus addr
964 	 * persistent info to discriminate 2 identical chips
965 	 */
966 	dev_num = find_first_zero_bit(dev_mask, ST21NFCA_NUM_DEVICES);
967 	if (dev_num >= ST21NFCA_NUM_DEVICES) {
968 		r = -ENODEV;
969 		goto err_alloc_hdev;
970 	}
971 
972 	set_bit(dev_num, dev_mask);
973 
974 	scnprintf(init_data.session_id, sizeof(init_data.session_id), "%s%2x",
975 		  "ST21AH", dev_num);
976 
977 	protocols = NFC_PROTO_JEWEL_MASK |
978 	    NFC_PROTO_MIFARE_MASK |
979 	    NFC_PROTO_FELICA_MASK |
980 	    NFC_PROTO_ISO14443_MASK |
981 	    NFC_PROTO_ISO14443_B_MASK |
982 	    NFC_PROTO_ISO15693_MASK |
983 	    NFC_PROTO_NFC_DEP_MASK;
984 
985 	set_bit(NFC_HCI_QUIRK_SHORT_CLEAR, &quirks);
986 
987 	info->hdev =
988 	    nfc_hci_allocate_device(&st21nfca_hci_ops, &init_data, quirks,
989 				    protocols, llc_name,
990 				    phy_headroom + ST21NFCA_CMDS_HEADROOM,
991 				    phy_tailroom, phy_payload);
992 
993 	if (!info->hdev) {
994 		pr_err("Cannot allocate nfc hdev.\n");
995 		r = -ENOMEM;
996 		goto err_alloc_hdev;
997 	}
998 
999 	info->se_status = se_status;
1000 
1001 	nfc_hci_set_clientdata(info->hdev, info);
1002 
1003 	r = nfc_hci_register_device(info->hdev);
1004 	if (r)
1005 		goto err_regdev;
1006 
1007 	*hdev = info->hdev;
1008 	st21nfca_dep_init(info->hdev);
1009 	st21nfca_se_init(info->hdev);
1010 	st21nfca_vendor_cmds_init(info->hdev);
1011 
1012 	return 0;
1013 
1014 err_regdev:
1015 	nfc_hci_free_device(info->hdev);
1016 
1017 err_alloc_hdev:
1018 	kfree(info);
1019 
1020 	return r;
1021 }
1022 EXPORT_SYMBOL(st21nfca_hci_probe);
1023 
st21nfca_hci_remove(struct nfc_hci_dev * hdev)1024 void st21nfca_hci_remove(struct nfc_hci_dev *hdev)
1025 {
1026 	struct st21nfca_hci_info *info = nfc_hci_get_clientdata(hdev);
1027 
1028 	st21nfca_dep_deinit(hdev);
1029 	st21nfca_se_deinit(hdev);
1030 	nfc_hci_unregister_device(hdev);
1031 	nfc_hci_free_device(hdev);
1032 	kfree(info);
1033 }
1034 EXPORT_SYMBOL(st21nfca_hci_remove);
1035 
1036 MODULE_LICENSE("GPL");
1037 MODULE_DESCRIPTION(DRIVER_DESC);
1038