1 /******************************************************************************
2 *
3 * Copyright (C) 2011-2014 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 /******************************************************************************
20 *
21 * This file contains the implementation for ISO 15693 in Reader/Writer
22 * mode.
23 *
24 ******************************************************************************/
25 #include <android-base/logging.h>
26 #include <android-base/stringprintf.h>
27 #include <com_android_nfc_nci_flags.h>
28 #include <log/log.h>
29 #include <string.h>
30
31 #include "bt_types.h"
32 #include "nfc_api.h"
33 #include "nfc_config.h"
34 #include "nfc_int.h"
35 #include "nfc_target.h"
36 #include "rw_api.h"
37 #include "rw_int.h"
38
39 using android::base::StringPrintf;
40 using com::android::nfc::nci::flags::t5t_no_getsysinfo;
41
42 extern unsigned char appl_dta_mode_flag;
43 extern unsigned int t5t_mute_legacy;
44
45 /* Response timeout */
46 #define RW_I93_TOUT_RESP 1000
47 /* stay quiet timeout */
48 #define RW_I93_TOUT_STAY_QUIET 200
49 /* max reading data if read multi block is supported */
50 #define RW_I93_READ_MULTI_BLOCK_SIZE 128
51 /* CC, zero length NDEF, Terminator TLV */
52 #define RW_I93_FORMAT_DATA_LEN 8
53 /* max getting lock status if get multi block sec is supported */
54 #define RW_I93_GET_MULTI_BLOCK_SEC_SIZE 253
55
56 static std::string rw_i93_get_tag_name(uint8_t product_version);
57
58 static void rw_i93_data_cback(uint8_t conn_id, tNFC_CONN_EVT event,
59 tNFC_CONN* p_data);
60 void rw_i93_handle_error(tNFC_STATUS status);
61 tNFC_STATUS rw_i93_send_cmd_get_sys_info(uint8_t* p_uid, uint8_t extra_flag);
62 tNFC_STATUS rw_i93_send_cmd_get_ext_sys_info(uint8_t* p_uid);
63
64 /*******************************************************************************
65 **
66 ** Function rw_i93_get_product_version
67 **
68 ** Description Get product version from UID
69 **
70 ** Returns void
71 **
72 *******************************************************************************/
rw_i93_get_product_version(uint8_t * p_uid)73 void rw_i93_get_product_version(uint8_t* p_uid) {
74 tRW_I93_CB* p_i93 = &rw_cb.tcb.i93;
75
76 if (!memcmp(p_i93->uid, p_uid, I93_UID_BYTE_LEN)) {
77 return;
78 }
79
80 LOG(VERBOSE) << __func__;
81
82 memcpy(p_i93->uid, p_uid, I93_UID_BYTE_LEN);
83
84 if (p_uid[1] == I93_UID_IC_MFG_CODE_NXP) {
85 if (p_uid[2] == I93_UID_ICODE_SLI)
86 p_i93->product_version = RW_I93_ICODE_SLI;
87 else if (p_uid[2] == I93_UID_ICODE_SLI_S)
88 p_i93->product_version = RW_I93_ICODE_SLI_S;
89 else if (p_uid[2] == I93_UID_ICODE_SLI_L)
90 p_i93->product_version = RW_I93_ICODE_SLI_L;
91 else
92 p_i93->product_version = RW_I93_UNKNOWN_PRODUCT;
93 } else if (p_uid[1] == I93_UID_IC_MFG_CODE_TI) {
94 if ((p_uid[2] & I93_UID_TAG_IT_HF_I_PRODUCT_ID_MASK) ==
95 I93_UID_TAG_IT_HF_I_PLUS_INLAY)
96 p_i93->product_version = RW_I93_TAG_IT_HF_I_PLUS_INLAY;
97 else if ((p_uid[2] & I93_UID_TAG_IT_HF_I_PRODUCT_ID_MASK) ==
98 I93_UID_TAG_IT_HF_I_PLUS_CHIP)
99 p_i93->product_version = RW_I93_TAG_IT_HF_I_PLUS_CHIP;
100 else if ((p_uid[2] & I93_UID_TAG_IT_HF_I_PRODUCT_ID_MASK) ==
101 I93_UID_TAG_IT_HF_I_STD_CHIP_INLAY)
102 p_i93->product_version = RW_I93_TAG_IT_HF_I_STD_CHIP_INLAY;
103 else if ((p_uid[2] & I93_UID_TAG_IT_HF_I_PRODUCT_ID_MASK) ==
104 I93_UID_TAG_IT_HF_I_PRO_CHIP_INLAY)
105 p_i93->product_version = RW_I93_TAG_IT_HF_I_PRO_CHIP_INLAY;
106 else
107 p_i93->product_version = RW_I93_UNKNOWN_PRODUCT;
108 } else if ((p_uid[1] == I93_UID_IC_MFG_CODE_STM) &&
109 (p_i93->info_flags & I93_INFO_FLAG_IC_REF)) {
110 if (p_i93->ic_reference == I93_IC_REF_STM_M24LR04E_R)
111 p_i93->product_version = RW_I93_STM_M24LR04E_R;
112 else if (p_i93->ic_reference == I93_IC_REF_STM_M24LR16E_R)
113 p_i93->product_version = RW_I93_STM_M24LR16E_R;
114 else if (p_i93->ic_reference == I93_IC_REF_STM_M24LR16D_W)
115 p_i93->product_version = RW_I93_STM_M24LR16D_W;
116 else if (p_i93->ic_reference == I93_IC_REF_STM_M24LR64E_R)
117 p_i93->product_version = RW_I93_STM_M24LR64E_R;
118 else if (p_i93->ic_reference == I93_IC_REF_STM_ST25DVHIK)
119 p_i93->product_version = RW_I93_STM_ST25DVHIK;
120 else if (p_i93->ic_reference == I93_IC_REF_STM_ST25DV04K)
121 p_i93->product_version = RW_I93_STM_ST25DV04K;
122 else {
123 switch (p_i93->ic_reference & I93_IC_REF_STM_MASK) {
124 case I93_IC_REF_STM_LRI1K:
125 p_i93->product_version = RW_I93_STM_LRI1K;
126 break;
127 case I93_IC_REF_STM_LRI2K:
128 p_i93->product_version = RW_I93_STM_LRI2K;
129 break;
130 case I93_IC_REF_STM_LRIS2K:
131 p_i93->product_version = RW_I93_STM_LRIS2K;
132 break;
133 case I93_IC_REF_STM_LRIS64K:
134 p_i93->product_version = RW_I93_STM_LRIS64K;
135 break;
136 case I93_IC_REF_STM_M24LR64_R:
137 p_i93->product_version = RW_I93_STM_M24LR64_R;
138 break;
139 default:
140 p_i93->product_version = RW_I93_UNKNOWN_PRODUCT;
141 break;
142 }
143 }
144 } else if ((p_uid[1] == I93_UID_IC_MFG_CODE_ONS) &&
145 (p_i93->info_flags & I93_INFO_FLAG_IC_REF)) {
146 switch (p_i93->ic_reference) {
147 case I93_IC_REF_ONS_N36RW02:
148 p_i93->product_version = RW_I93_ONS_N36RW02;
149 break;
150 case I93_IC_REF_ONS_N24RF04:
151 p_i93->product_version = RW_I93_ONS_N24RF04;
152 break;
153 case I93_IC_REF_ONS_N24RF04E:
154 p_i93->product_version = RW_I93_ONS_N24RF04E;
155 break;
156 case I93_IC_REF_ONS_N24RF16:
157 p_i93->product_version = RW_I93_ONS_N24RF16;
158 break;
159 case I93_IC_REF_ONS_N24RF16E:
160 p_i93->product_version = RW_I93_ONS_N24RF16E;
161 break;
162 case I93_IC_REF_ONS_N24RF64:
163 p_i93->product_version = RW_I93_ONS_N24RF64;
164 break;
165 case I93_IC_REF_ONS_N24RF64E:
166 p_i93->product_version = RW_I93_ONS_N24RF64E;
167 break;
168 default:
169 p_i93->product_version = RW_I93_UNKNOWN_PRODUCT;
170 break;
171 }
172 } else {
173 p_i93->product_version = RW_I93_UNKNOWN_PRODUCT;
174 }
175
176 LOG(VERBOSE) << StringPrintf(
177 "product_version = <%s>",
178 rw_i93_get_tag_name(p_i93->product_version).c_str());
179
180 switch (p_i93->product_version) {
181 case RW_I93_TAG_IT_HF_I_STD_CHIP_INLAY:
182 case RW_I93_TAG_IT_HF_I_PRO_CHIP_INLAY:
183 /* these don't support Get System Information Command */
184 /* these support only Inventory, Stay Quiet, Read Single Block, Write
185 * Single Block, Lock Block */
186 p_i93->block_size = I93_TAG_IT_HF_I_STD_PRO_CHIP_INLAY_BLK_SIZE;
187 p_i93->num_block = I93_TAG_IT_HF_I_STD_PRO_CHIP_INLAY_NUM_USER_BLK;
188 break;
189 default:
190 break;
191 }
192 }
193
194 /*******************************************************************************
195 **
196 ** Function rw_i93_process_ext_sys_info
197 **
198 ** Description Store extended system information of tag
199 **
200 ** Returns FALSE if retrying with protocol extension flag
201 **
202 *******************************************************************************/
rw_i93_process_ext_sys_info(uint8_t * p_data,uint16_t length)203 bool rw_i93_process_ext_sys_info(uint8_t* p_data, uint16_t length) {
204 uint8_t* p = p_data;
205 tRW_I93_CB* p_i93 = &rw_cb.tcb.i93;
206 uint8_t uid[I93_UID_BYTE_LEN], *p_uid;
207
208 LOG(VERBOSE) << __func__;
209
210 if (length < (I93_UID_BYTE_LEN + 1)) {
211 android_errorWriteLog(0x534e4554, "122316913");
212 return false;
213 }
214
215 STREAM_TO_UINT8(p_i93->info_flags, p);
216 length--;
217
218 p_uid = uid;
219 STREAM_TO_ARRAY8(p_uid, p);
220 length -= I93_UID_BYTE_LEN;
221
222 if (p_i93->info_flags & I93_INFO_FLAG_DSFID) {
223 if (length < I93_INFO_DSFID_LEN) {
224 android_errorWriteLog(0x534e4554, "122316913");
225 return false;
226 }
227 STREAM_TO_UINT8(p_i93->dsfid, p);
228 length--;
229 }
230 if (p_i93->info_flags & I93_INFO_FLAG_AFI) {
231 if (length < I93_INFO_AFI_LEN) {
232 android_errorWriteLog(0x534e4554, "122316913");
233 return false;
234 }
235 STREAM_TO_UINT8(p_i93->afi, p);
236 length--;
237 }
238 if (p_i93->info_flags & I93_INFO_FLAG_MEM_SIZE) {
239 if (length < I93_INFO_16BIT_NUM_BLOCK_LEN + I93_INFO_BLOCK_SIZE_LEN) {
240 android_errorWriteLog(0x534e4554, "122316913");
241 return false;
242 }
243 STREAM_TO_UINT16(p_i93->num_block, p);
244 length -= I93_INFO_16BIT_NUM_BLOCK_LEN;
245
246 /* it is one less than actual number of bytes */
247 p_i93->num_block += 1;
248
249 STREAM_TO_UINT8(p_i93->block_size, p);
250 length--;
251 /* it is one less than actual number of blocks */
252 p_i93->block_size = (p_i93->block_size & 0x1F) + 1;
253 }
254 if (p_i93->info_flags & I93_INFO_FLAG_IC_REF) {
255 if (length < I93_INFO_IC_REF_LEN) {
256 android_errorWriteLog(0x534e4554, "122316913");
257 return false;
258 }
259 STREAM_TO_UINT8(p_i93->ic_reference, p);
260 length--;
261
262 /* clear existing UID to set product version */
263 p_i93->uid[0] = 0x00;
264
265 /* store UID and get product version */
266 rw_i93_get_product_version(p_uid);
267
268 if (p_i93->uid[0] == I93_UID_FIRST_BYTE) {
269 if ((p_i93->uid[1] == I93_UID_IC_MFG_CODE_STM) ||
270 (p_i93->uid[1] == I93_UID_IC_MFG_CODE_ONS)) {
271 /* STM & ONS supports more than 2040 bytes */
272 p_i93->intl_flags |= RW_I93_FLAG_EXT_COMMANDS;
273 }
274 }
275 }
276 return true;
277 }
278
279 /*******************************************************************************
280 **
281 ** Function rw_i93_process_sys_info
282 **
283 ** Description Store system information of tag
284 **
285 ** Returns FALSE if retrying with protocol extension flag
286 **
287 *******************************************************************************/
rw_i93_process_sys_info(uint8_t * p_data,uint16_t length)288 bool rw_i93_process_sys_info(uint8_t* p_data, uint16_t length) {
289 uint8_t* p = p_data;
290 tRW_I93_CB* p_i93 = &rw_cb.tcb.i93;
291 uint8_t uid[I93_UID_BYTE_LEN], *p_uid;
292
293 LOG(VERBOSE) << __func__;
294
295 if (length < (I93_UID_BYTE_LEN + 1)) {
296 android_errorWriteLog(0x534e4554, "121259048");
297 return false;
298 }
299 STREAM_TO_UINT8(p_i93->info_flags, p);
300 length--;
301
302 p_uid = uid;
303 STREAM_TO_ARRAY8(p_uid, p);
304 length -= I93_UID_BYTE_LEN;
305
306 if (p_i93->info_flags & I93_INFO_FLAG_DSFID) {
307 if (length == 0) {
308 android_errorWriteLog(0x534e4554, "121259048");
309 return false;
310 }
311 STREAM_TO_UINT8(p_i93->dsfid, p);
312 length--;
313 }
314 if (p_i93->info_flags & I93_INFO_FLAG_AFI) {
315 if (length == 0) {
316 android_errorWriteLog(0x534e4554, "121259048");
317 return false;
318 }
319 STREAM_TO_UINT8(p_i93->afi, p);
320 length--;
321 }
322 if (p_i93->info_flags & I93_INFO_FLAG_MEM_SIZE) {
323 bool block_16_bit = p_i93->intl_flags & RW_I93_FLAG_16BIT_NUM_BLOCK;
324 if (block_16_bit && length > 2) {
325 STREAM_TO_UINT16(p_i93->num_block, p);
326 length -= 2;
327 } else if (!block_16_bit && length > 1) {
328 STREAM_TO_UINT8(p_i93->num_block, p);
329 length--;
330 } else {
331 android_errorWriteLog(0x534e4554, "121259048");
332 return false;
333 }
334 /* it is one less than actual number of bytes */
335 p_i93->num_block += 1;
336
337 STREAM_TO_UINT8(p_i93->block_size, p);
338 length--;
339 /* it is one less than actual number of blocks */
340 p_i93->block_size = (p_i93->block_size & 0x1F) + 1;
341 }
342 if (p_i93->info_flags & I93_INFO_FLAG_IC_REF) {
343 if (length == 0) {
344 android_errorWriteLog(0x534e4554, "121259048");
345 return false;
346 }
347 STREAM_TO_UINT8(p_i93->ic_reference, p);
348
349 /* clear existing UID to set product version */
350 p_i93->uid[0] = 0x00;
351
352 /* store UID and get product version */
353 rw_i93_get_product_version(p_uid);
354
355 if (p_i93->uid[0] == I93_UID_FIRST_BYTE) {
356 if ((p_i93->uid[1] == I93_UID_IC_MFG_CODE_NXP) &&
357 (p_i93->ic_reference == I93_IC_REF_ICODE_SLI_L)) {
358 p_i93->num_block = 8;
359 p_i93->block_size = 4;
360 } else if (p_i93->uid[1] == I93_UID_IC_MFG_CODE_STM) {
361 /*
362 ** LRI1K: 010000xx(b), blockSize: 4, numberBlocks: 0x20
363 ** LRI2K: 001000xx(b), blockSize: 4, numberBlocks: 0x40
364 ** LRIS2K: 001010xx(b), blockSize: 4, numberBlocks: 0x40
365 ** LRIS64K: 010001xx(b), blockSize: 4, numberBlocks: 0x800
366 ** M24LR64-R: 001011xx(b), blockSize: 4, numberBlocks: 0x800
367 ** M24LR04E-R: 01011010(b), blockSize: 4, numberBlocks: 0x80
368 ** M24LR16E-R: 01001110(b), blockSize: 4, numberBlocks: 0x200
369 ** M24LR16D-W: 01001101(b), blockSize: 4, numberBlocks: 0x200
370 ** M24LR64E-R: 01011110(b), blockSize: 4, numberBlocks: 0x800
371 */
372 if ((p_i93->product_version == RW_I93_STM_M24LR16E_R) ||
373 (p_i93->product_version == RW_I93_STM_M24LR16D_W) ||
374 (p_i93->product_version == RW_I93_STM_M24LR64E_R)) {
375 /*
376 ** M24LR16E-R or M24LR16D-W or M24LR64E-R returns system information
377 ** without memory size, if option flag is not set.
378 ** LRIS64K and M24LR64-R return error if option flag is not
379 ** set.
380 */
381 if (!(p_i93->intl_flags & RW_I93_FLAG_16BIT_NUM_BLOCK)) {
382 /* get memory size with protocol extension flag */
383 if (rw_i93_send_cmd_get_sys_info(nullptr, I93_FLAG_PROT_EXT_YES) ==
384 NFC_STATUS_OK) {
385 /* STM supports more than 2040 bytes */
386 p_i93->intl_flags |= RW_I93_FLAG_16BIT_NUM_BLOCK;
387
388 return false;
389 }
390 }
391 } else if ((p_i93->product_version == RW_I93_STM_LRI2K) &&
392 (p_i93->ic_reference == 0x21)) {
393 /* workaround of byte order in memory size information */
394 p_i93->num_block = 64;
395 p_i93->block_size = 4;
396 } else if (!(p_i93->info_flags & I93_INFO_FLAG_MEM_SIZE)) {
397 if (!(p_i93->intl_flags & RW_I93_FLAG_EXT_COMMANDS)) {
398 if (rw_i93_send_cmd_get_ext_sys_info(nullptr) == NFC_STATUS_OK) {
399 /* STM supports more than 2040 bytes */
400 p_i93->intl_flags |= RW_I93_FLAG_EXT_COMMANDS;
401
402 return false;
403 }
404 }
405 }
406 } else if (p_i93->uid[1] == I93_UID_IC_MFG_CODE_ONS) {
407 /*
408 ** N36RW02: 00011010(b), blockSize: 4, numberBlocks: 0x40
409 ** N24RF04: 00101110(b), blockSize: 4, numberBlocks: 0x80
410 ** N24RF04E: 00101010(b), blockSize: 4, numberBlocks: 0x80
411 ** N24RF16: 01001010(b), blockSize: 4, numberBlocks: 0x200
412 ** N24RF16E: 01001110(b), blockSize: 4, numberBlocks: 0x200
413 ** N24RF64: 01101010(b), blockSize: 4, numberBlocks: 0x800
414 ** N24RF64E: 01101110(b), blockSize: 4, numberBlocks: 0x800
415 */
416 p_i93->block_size = 4;
417 switch (p_i93->product_version) {
418 case RW_I93_ONS_N36RW02:
419 p_i93->num_block = 0x40;
420 break;
421 case RW_I93_ONS_N24RF04:
422 case RW_I93_ONS_N24RF04E:
423 p_i93->num_block = 0x80;
424 break;
425 case RW_I93_ONS_N24RF16:
426 case RW_I93_ONS_N24RF16E:
427 p_i93->num_block = 0x200;
428 p_i93->intl_flags |= RW_I93_FLAG_16BIT_NUM_BLOCK;
429 break;
430 case RW_I93_ONS_N24RF64:
431 case RW_I93_ONS_N24RF64E:
432 p_i93->num_block = 0x800;
433 p_i93->intl_flags |= RW_I93_FLAG_16BIT_NUM_BLOCK;
434 break;
435 default:
436 return false;
437 }
438 }
439 }
440 }
441
442 return true;
443 }
444
445 /*******************************************************************************
446 **
447 ** Function rw_i93_check_sys_info_prot_ext
448 **
449 ** Description Check if need to set protocol extension flag to get system
450 ** info
451 **
452 ** Returns TRUE if sent Get System Info with protocol extension flag
453 **
454 *******************************************************************************/
rw_i93_check_sys_info_prot_ext(uint8_t error_code)455 bool rw_i93_check_sys_info_prot_ext(uint8_t error_code) {
456 tRW_I93_CB* p_i93 = &rw_cb.tcb.i93;
457
458 LOG(VERBOSE) << __func__;
459
460 if (((p_i93->uid[1] == I93_UID_IC_MFG_CODE_STM) ||
461 (p_i93->uid[1] == I93_UID_IC_MFG_CODE_ONS)) &&
462 (p_i93->sent_cmd == I93_CMD_GET_SYS_INFO) &&
463 (error_code == I93_ERROR_CODE_OPTION_NOT_SUPPORTED) &&
464 (rw_i93_send_cmd_get_sys_info(nullptr, I93_FLAG_PROT_EXT_YES) ==
465 NFC_STATUS_OK)) {
466 return true;
467 } else {
468 return false;
469 }
470 }
471
472 /*******************************************************************************
473 **
474 ** Function rw_i93_send_to_upper
475 **
476 ** Description Send response to upper layer
477 **
478 ** Returns void
479 **
480 *******************************************************************************/
rw_i93_send_to_upper(NFC_HDR * p_resp)481 void rw_i93_send_to_upper(NFC_HDR* p_resp) {
482 uint8_t *p = (uint8_t*)(p_resp + 1) + p_resp->offset, *p_uid;
483 uint16_t length = p_resp->len;
484 tRW_I93_CB* p_i93 = &rw_cb.tcb.i93;
485 tRW_DATA rw_data;
486 uint8_t event = RW_I93_MAX_EVT;
487 uint8_t flags;
488 NFC_HDR* p_buff;
489
490 LOG(VERBOSE) << __func__;
491
492 if (length == 0) {
493 android_errorWriteLog(0x534e4554, "121035878");
494 rw_data.i93_cmd_cmpl.status = NFC_STATUS_FAILED;
495 rw_data.i93_cmd_cmpl.command = p_i93->sent_cmd;
496 rw_cb.tcb.i93.sent_cmd = 0;
497 (*(rw_cb.p_cback))(RW_I93_CMD_CMPL_EVT, &rw_data);
498 return;
499 }
500
501 STREAM_TO_UINT8(flags, p);
502 length--;
503
504 if (flags & I93_FLAG_ERROR_DETECTED) {
505 if ((length) && (rw_i93_check_sys_info_prot_ext(*p))) {
506 /* getting system info with protocol extension flag */
507 /* This STM & ONS tag supports more than 2040 bytes */
508 p_i93->intl_flags |= RW_I93_FLAG_16BIT_NUM_BLOCK;
509 p_i93->state = RW_I93_STATE_BUSY;
510 } else if (length) {
511 /* notify error to upper layer */
512 rw_data.i93_cmd_cmpl.status = NFC_STATUS_FAILED;
513 rw_data.i93_cmd_cmpl.command = p_i93->sent_cmd;
514 STREAM_TO_UINT8(rw_data.i93_cmd_cmpl.error_code, p);
515
516 rw_cb.tcb.i93.sent_cmd = 0;
517 (*(rw_cb.p_cback))(RW_I93_CMD_CMPL_EVT, &rw_data);
518 }
519 return;
520 }
521
522 switch (p_i93->sent_cmd) {
523 case I93_CMD_INVENTORY:
524 if (length < I93_INFO_DSFID_LEN + I93_UID_BYTE_LEN) return;
525
526 /* forward inventory response */
527 rw_data.i93_inventory.status = NFC_STATUS_OK;
528 STREAM_TO_UINT8(rw_data.i93_inventory.dsfid, p);
529
530 p_uid = rw_data.i93_inventory.uid;
531 STREAM_TO_ARRAY8(p_uid, p);
532
533 /* store UID and get product version */
534 rw_i93_get_product_version(p_uid);
535
536 event = RW_I93_INVENTORY_EVT;
537 break;
538
539 case I93_CMD_READ_SINGLE_BLOCK:
540 case I93_CMD_EXT_READ_SINGLE_BLOCK:
541 case I93_CMD_READ_MULTI_BLOCK:
542 case I93_CMD_EXT_READ_MULTI_BLOCK:
543 case I93_CMD_GET_MULTI_BLK_SEC:
544 case I93_CMD_EXT_GET_MULTI_BLK_SEC:
545
546 if (UINT16_MAX - length < NFC_HDR_SIZE) {
547 rw_data.i93_cmd_cmpl.status = NFC_STATUS_FAILED;
548 rw_data.i93_cmd_cmpl.command = p_i93->sent_cmd;
549 rw_cb.tcb.i93.sent_cmd = 0;
550
551 event = RW_I93_CMD_CMPL_EVT;
552 break;
553 }
554
555 /* forward tag data or security status */
556 p_buff = (NFC_HDR*)GKI_getbuf((uint16_t)(length + NFC_HDR_SIZE));
557
558 if (p_buff) {
559 p_buff->offset = 0;
560 p_buff->len = length;
561
562 memcpy((p_buff + 1), p, length);
563
564 rw_data.i93_data.status = NFC_STATUS_OK;
565 rw_data.i93_data.command = p_i93->sent_cmd;
566 rw_data.i93_data.p_data = p_buff;
567
568 event = RW_I93_DATA_EVT;
569 } else {
570 rw_data.i93_cmd_cmpl.status = NFC_STATUS_NO_BUFFERS;
571 rw_data.i93_cmd_cmpl.command = p_i93->sent_cmd;
572 rw_data.i93_cmd_cmpl.error_code = 0;
573
574 event = RW_I93_CMD_CMPL_EVT;
575 }
576 break;
577
578 case I93_CMD_WRITE_SINGLE_BLOCK:
579 case I93_CMD_EXT_WRITE_SINGLE_BLOCK:
580 case I93_CMD_LOCK_BLOCK:
581 case I93_CMD_EXT_LOCK_BLOCK:
582 case I93_CMD_WRITE_MULTI_BLOCK:
583 case I93_CMD_EXT_WRITE_MULTI_BLOCK:
584 case I93_CMD_SELECT:
585 case I93_CMD_RESET_TO_READY:
586 case I93_CMD_WRITE_AFI:
587 case I93_CMD_LOCK_AFI:
588 case I93_CMD_WRITE_DSFID:
589 case I93_CMD_LOCK_DSFID:
590
591 /* notify the complete of command */
592 rw_data.i93_cmd_cmpl.status = NFC_STATUS_OK;
593 rw_data.i93_cmd_cmpl.command = p_i93->sent_cmd;
594 rw_data.i93_cmd_cmpl.error_code = 0;
595
596 event = RW_I93_CMD_CMPL_EVT;
597 break;
598
599 case I93_CMD_GET_SYS_INFO:
600
601 if (rw_i93_process_sys_info(p, length)) {
602 rw_data.i93_sys_info.status = NFC_STATUS_OK;
603 rw_data.i93_sys_info.info_flags = p_i93->info_flags;
604 rw_data.i93_sys_info.dsfid = p_i93->dsfid;
605 rw_data.i93_sys_info.afi = p_i93->afi;
606 rw_data.i93_sys_info.num_block = p_i93->num_block;
607 rw_data.i93_sys_info.block_size = p_i93->block_size;
608 rw_data.i93_sys_info.IC_reference = p_i93->ic_reference;
609
610 memcpy(rw_data.i93_sys_info.uid, p_i93->uid, I93_UID_BYTE_LEN);
611
612 p_i93->i93_t5t_mode = RW_I93_GET_SYS_INFO_MEM_INFO;
613 event = RW_I93_SYS_INFO_EVT;
614 } else {
615 /* retrying with protocol extension flag */
616 p_i93->state = RW_I93_STATE_BUSY;
617 return;
618 }
619 break;
620
621 case I93_CMD_EXT_GET_SYS_INFO:
622
623 if (rw_i93_process_ext_sys_info(p, length)) {
624 rw_data.i93_sys_info.status = NFC_STATUS_OK;
625 rw_data.i93_sys_info.info_flags = p_i93->info_flags;
626 rw_data.i93_sys_info.dsfid = p_i93->dsfid;
627 rw_data.i93_sys_info.afi = p_i93->afi;
628 rw_data.i93_sys_info.num_block = p_i93->num_block;
629 rw_data.i93_sys_info.block_size = p_i93->block_size;
630 rw_data.i93_sys_info.IC_reference = p_i93->ic_reference;
631
632 memcpy(rw_data.i93_sys_info.uid, p_i93->uid, I93_UID_BYTE_LEN);
633
634 p_i93->i93_t5t_mode = RW_I93_GET_SYS_INFO_MEM_INFO;
635 event = RW_I93_SYS_INFO_EVT;
636 } else {
637 /* retrying with protocol extension flag or with extended sys info
638 * command */
639 p_i93->state = RW_I93_STATE_BUSY;
640 return;
641 }
642 break;
643
644 default:
645 break;
646 }
647
648 rw_cb.tcb.i93.sent_cmd = 0;
649 if (event != RW_I93_MAX_EVT) {
650 (*(rw_cb.p_cback))(event, &rw_data);
651 } else {
652 LOG(ERROR) << StringPrintf("Invalid response");
653 }
654 }
655
656 /*******************************************************************************
657 **
658 ** Function rw_i93_send_to_lower
659 **
660 ** Description Send Request frame to lower layer
661 **
662 ** Returns TRUE if success
663 **
664 *******************************************************************************/
rw_i93_send_to_lower(NFC_HDR * p_msg)665 bool rw_i93_send_to_lower(NFC_HDR* p_msg) {
666 /* store command for retransmitting */
667 if (rw_cb.tcb.i93.p_retry_cmd) {
668 GKI_freebuf(rw_cb.tcb.i93.p_retry_cmd);
669 rw_cb.tcb.i93.p_retry_cmd = nullptr;
670 }
671
672 uint16_t msg_size = sizeof(NFC_HDR) + p_msg->offset + p_msg->len;
673
674 rw_cb.tcb.i93.p_retry_cmd = (NFC_HDR*)GKI_getpoolbuf(NFC_RW_POOL_ID);
675
676 if (rw_cb.tcb.i93.p_retry_cmd &&
677 GKI_get_pool_bufsize(NFC_RW_POOL_ID) >= msg_size) {
678 memcpy(rw_cb.tcb.i93.p_retry_cmd, p_msg, msg_size);
679 } else {
680 LOG(ERROR) << StringPrintf("Memory allocation error");
681 android_errorWriteLog(0x534e4554, "157650357");
682 return false;
683 }
684
685 if (NFC_SendData(NFC_RF_CONN_ID, p_msg) != NFC_STATUS_OK) {
686 LOG(ERROR) << StringPrintf("failed");
687 return false;
688 }
689
690 int timeout = (RW_I93_TOUT_RESP * QUICK_TIMER_TICKS_PER_SEC) / 1000;
691 if (rw_cb.tcb.i93.in_pres_check)
692 timeout = (200 * QUICK_TIMER_TICKS_PER_SEC) / 1000;
693 nfc_start_quick_timer(&rw_cb.tcb.i93.timer, NFC_TTYPE_RW_I93_RESPONSE,
694 timeout);
695
696 return true;
697 }
698
699 /*******************************************************************************
700 **
701 ** Function rw_i93_send_cmd_inventory
702 **
703 ** Description Send Inventory Request to VICC
704 **
705 ** Returns tNFC_STATUS
706 **
707 *******************************************************************************/
rw_i93_send_cmd_inventory(uint8_t * p_uid,bool including_afi,uint8_t afi)708 tNFC_STATUS rw_i93_send_cmd_inventory(uint8_t* p_uid, bool including_afi,
709 uint8_t afi) {
710 NFC_HDR* p_cmd;
711 uint8_t *p, flags;
712
713 LOG(VERBOSE) << StringPrintf("including_afi:%d, AFI:0x%02X", including_afi,
714 afi);
715
716 p_cmd = (NFC_HDR*)GKI_getpoolbuf(NFC_RW_POOL_ID);
717
718 if (!p_cmd) {
719 LOG(ERROR) << StringPrintf("Cannot allocate buffer");
720 return NFC_STATUS_NO_BUFFERS;
721 }
722
723 p_cmd->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
724 p_cmd->len = 3;
725 p = (uint8_t*)(p_cmd + 1) + p_cmd->offset;
726
727 /* Flags */
728 flags = (I93_FLAG_SLOT_ONE | I93_FLAG_INVENTORY_SET |
729 RW_I93_FLAG_SUB_CARRIER | RW_I93_FLAG_DATA_RATE);
730 if (including_afi) {
731 flags |= I93_FLAG_AFI_PRESENT;
732 }
733
734 UINT8_TO_STREAM(p, flags);
735
736 /* Command Code */
737 UINT8_TO_STREAM(p, I93_CMD_INVENTORY);
738
739 if (including_afi) {
740 /* Parameters */
741 UINT8_TO_STREAM(p, afi); /* Optional AFI */
742 p_cmd->len++;
743 }
744
745 if (p_uid) {
746 UINT8_TO_STREAM(p, I93_UID_BYTE_LEN * 8); /* Mask Length */
747 ARRAY8_TO_STREAM(p, p_uid); /* UID */
748 p_cmd->len += I93_UID_BYTE_LEN;
749 } else {
750 UINT8_TO_STREAM(p, 0x00); /* Mask Length */
751 }
752
753 if (rw_i93_send_to_lower(p_cmd)) {
754 rw_cb.tcb.i93.sent_cmd = I93_CMD_INVENTORY;
755 return NFC_STATUS_OK;
756 } else {
757 return NFC_STATUS_FAILED;
758 }
759 }
760
761 /*******************************************************************************
762 **
763 ** Function rw_i93_send_cmd_stay_quiet
764 **
765 ** Description Send Stay Quiet Request to VICC
766 **
767 ** Returns tNFC_STATUS
768 **
769 *******************************************************************************/
rw_i93_send_cmd_stay_quiet(uint8_t * p_uid)770 tNFC_STATUS rw_i93_send_cmd_stay_quiet(uint8_t* p_uid) {
771 NFC_HDR* p_cmd;
772 uint8_t* p;
773
774 LOG(VERBOSE) << __func__;
775
776 p_cmd = (NFC_HDR*)GKI_getpoolbuf(NFC_RW_POOL_ID);
777
778 if (!p_cmd) {
779 LOG(ERROR) << StringPrintf("Cannot allocate buffer");
780 return NFC_STATUS_NO_BUFFERS;
781 }
782
783 p_cmd->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
784 p_cmd->len = 10;
785 p = (uint8_t*)(p_cmd + 1) + p_cmd->offset;
786
787 /* Flags */
788 UINT8_TO_STREAM(p, (I93_FLAG_ADDRESS_SET | RW_I93_FLAG_SUB_CARRIER |
789 RW_I93_FLAG_DATA_RATE));
790
791 /* Command Code */
792 UINT8_TO_STREAM(p, I93_CMD_STAY_QUIET);
793
794 /* Parameters */
795 /* Beware the UID is provided with the same order as the transmission
796 one (LSB first) */
797 ARRAY_TO_STREAM(p, p_uid, I93_UID_BYTE_LEN); /* UID */
798
799 if (rw_i93_send_to_lower(p_cmd)) {
800 rw_cb.tcb.i93.sent_cmd = I93_CMD_STAY_QUIET;
801
802 /* restart timer for stay quiet */
803 nfc_start_quick_timer(
804 &rw_cb.tcb.i93.timer, NFC_TTYPE_RW_I93_RESPONSE,
805 (RW_I93_TOUT_STAY_QUIET * QUICK_TIMER_TICKS_PER_SEC) / 1000);
806 return NFC_STATUS_OK;
807 } else {
808 return NFC_STATUS_FAILED;
809 }
810 }
811
812 /*******************************************************************************
813 **
814 ** Function rw_i93_send_cmd_read_single_block
815 **
816 ** Description Send Read Single Block Request to VICC
817 **
818 ** Returns tNFC_STATUS
819 **
820 *******************************************************************************/
rw_i93_send_cmd_read_single_block(uint32_t block_number,bool read_security)821 tNFC_STATUS rw_i93_send_cmd_read_single_block(uint32_t block_number,
822 bool read_security) {
823 NFC_HDR* p_cmd;
824 uint8_t *p, flags;
825 tRW_I93_CB* p_i93 = &rw_cb.tcb.i93;
826
827 LOG(VERBOSE) << __func__;
828
829 p_cmd = (NFC_HDR*)GKI_getpoolbuf(NFC_RW_POOL_ID);
830
831 if (!p_cmd) {
832 LOG(ERROR) << StringPrintf("Cannot allocate buffer");
833 return NFC_STATUS_NO_BUFFERS;
834 }
835
836 p_cmd->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
837 if (p_i93->addr_mode == RW_I93_MODE_ADDRESSED)
838 p_cmd->len = 11;
839 else
840 p_cmd->len = 3;
841 p = (uint8_t*)(p_cmd + 1) + p_cmd->offset;
842
843 /* Flags */
844 if (p_i93->addr_mode == RW_I93_MODE_ADDRESSED) {
845 flags = (I93_FLAG_ADDRESS_SET | RW_I93_FLAG_SUB_CARRIER |
846 RW_I93_FLAG_DATA_RATE);
847 } else {
848 flags = (RW_I93_FLAG_SUB_CARRIER | RW_I93_FLAG_DATA_RATE);
849
850 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_SELECTED_STATE)
851 flags |= I93_FLAG_SELECT_SET;
852 }
853 if (read_security) flags |= I93_FLAG_OPTION_SET;
854
855 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_16BIT_NUM_BLOCK)
856 flags |= I93_FLAG_PROT_EXT_YES;
857
858 UINT8_TO_STREAM(p, flags);
859
860 /* Command Code */
861 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_EXT_COMMANDS) {
862 UINT8_TO_STREAM(p, I93_CMD_EXT_READ_SINGLE_BLOCK);
863 } else {
864 UINT8_TO_STREAM(p, I93_CMD_READ_SINGLE_BLOCK);
865 }
866
867 /* Parameters */
868 if (flags & I93_FLAG_ADDRESS_SET)
869 ARRAY8_TO_STREAM(p, rw_cb.tcb.i93.uid); /* UID */
870
871 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_16BIT_NUM_BLOCK ||
872 rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_EXT_COMMANDS) {
873 UINT16_TO_STREAM(p, block_number); /* Block number */
874 p_cmd->len++;
875 } else {
876 UINT8_TO_STREAM(p, block_number); /* Block number */
877 }
878
879 if (rw_i93_send_to_lower(p_cmd)) {
880 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_EXT_COMMANDS)
881 rw_cb.tcb.i93.sent_cmd = I93_CMD_EXT_READ_SINGLE_BLOCK;
882 else
883 rw_cb.tcb.i93.sent_cmd = I93_CMD_READ_SINGLE_BLOCK;
884 return NFC_STATUS_OK;
885 } else {
886 return NFC_STATUS_FAILED;
887 }
888 }
889
890 /*******************************************************************************
891 **
892 ** Function rw_i93_send_cmd_write_single_block
893 **
894 ** Description Send Write Single Block Request to VICC
895 **
896 ** Returns tNFC_STATUS
897 **
898 *******************************************************************************/
rw_i93_send_cmd_write_single_block(uint32_t block_number,uint8_t * p_data)899 tNFC_STATUS rw_i93_send_cmd_write_single_block(uint32_t block_number,
900 uint8_t* p_data) {
901 NFC_HDR* p_cmd;
902 uint8_t *p, flags;
903 tRW_I93_CB* p_i93 = &rw_cb.tcb.i93;
904
905 LOG(VERBOSE) << __func__;
906
907 p_cmd = (NFC_HDR*)GKI_getpoolbuf(NFC_RW_POOL_ID);
908
909 if (!p_cmd) {
910 LOG(ERROR) << StringPrintf("Cannot allocate buffer");
911 return NFC_STATUS_NO_BUFFERS;
912 }
913
914 p_cmd->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
915 if (p_i93->addr_mode == RW_I93_MODE_ADDRESSED)
916 p_cmd->len = 11 + rw_cb.tcb.i93.block_size;
917 else
918 p_cmd->len = 3 + rw_cb.tcb.i93.block_size;
919 p = (uint8_t*)(p_cmd + 1) + p_cmd->offset;
920
921 /* Flags */
922 if ((rw_cb.tcb.i93.product_version == RW_I93_TAG_IT_HF_I_PLUS_INLAY) ||
923 (rw_cb.tcb.i93.product_version == RW_I93_TAG_IT_HF_I_PLUS_CHIP) ||
924 (rw_cb.tcb.i93.product_version == RW_I93_TAG_IT_HF_I_STD_CHIP_INLAY) ||
925 (rw_cb.tcb.i93.product_version == RW_I93_TAG_IT_HF_I_PRO_CHIP_INLAY)) {
926 /* Option must be set for TI tag */
927 flags = (I93_FLAG_ADDRESS_SET | I93_FLAG_OPTION_SET |
928 RW_I93_FLAG_SUB_CARRIER | RW_I93_FLAG_DATA_RATE);
929 } else {
930 if (p_i93->addr_mode == RW_I93_MODE_ADDRESSED) {
931 flags = (I93_FLAG_ADDRESS_SET | RW_I93_FLAG_SUB_CARRIER |
932 RW_I93_FLAG_DATA_RATE);
933 } else {
934 flags = (RW_I93_FLAG_SUB_CARRIER | RW_I93_FLAG_DATA_RATE);
935 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_SELECTED_STATE)
936 flags |= I93_FLAG_SELECT_SET;
937 }
938
939 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_SPECIAL_FRAME) {
940 /* Option Flag bit must be set */
941 flags |= I93_FLAG_OPTION_SET;
942 }
943 }
944
945 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_16BIT_NUM_BLOCK)
946 flags |= I93_FLAG_PROT_EXT_YES;
947
948 UINT8_TO_STREAM(p, flags);
949
950 /* Command Code */
951 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_EXT_COMMANDS) {
952 UINT8_TO_STREAM(p, I93_CMD_EXT_WRITE_SINGLE_BLOCK);
953 } else {
954 UINT8_TO_STREAM(p, I93_CMD_WRITE_SINGLE_BLOCK);
955 }
956
957 /* Parameters */
958 if (flags & I93_FLAG_ADDRESS_SET)
959 ARRAY8_TO_STREAM(p, rw_cb.tcb.i93.uid); /* UID */
960
961 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_16BIT_NUM_BLOCK ||
962 rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_EXT_COMMANDS) {
963 UINT16_TO_STREAM(p, block_number); /* Block number */
964 p_cmd->len++;
965 } else {
966 UINT8_TO_STREAM(p, block_number); /* Block number */
967 }
968
969 /* Data */
970 ARRAY_TO_STREAM(p, p_data, rw_cb.tcb.i93.block_size);
971
972 if (rw_i93_send_to_lower(p_cmd)) {
973 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_EXT_COMMANDS)
974 rw_cb.tcb.i93.sent_cmd = I93_CMD_EXT_WRITE_SINGLE_BLOCK;
975 else
976 rw_cb.tcb.i93.sent_cmd = I93_CMD_WRITE_SINGLE_BLOCK;
977 return NFC_STATUS_OK;
978 } else {
979 return NFC_STATUS_FAILED;
980 }
981 }
982
983 /*******************************************************************************
984 **
985 ** Function rw_i93_send_cmd_lock_block
986 **
987 ** Description Send Lock Block Request to VICC
988 **
989 ** STM LRIS64K, M24LR64-R, M24LR04E-R, M24LR16E-R, M24LR64E-R,
990 ** M24LR16D-W do not support.
991 **
992 ** Returns tNFC_STATUS
993 **
994 *******************************************************************************/
rw_i93_send_cmd_lock_block(uint32_t block_number)995 tNFC_STATUS rw_i93_send_cmd_lock_block(uint32_t block_number) {
996 NFC_HDR* p_cmd;
997 uint8_t* p;
998 tRW_I93_CB* p_i93 = &rw_cb.tcb.i93;
999 uint8_t flags;
1000
1001 LOG(VERBOSE) << __func__;
1002
1003 p_cmd = (NFC_HDR*)GKI_getpoolbuf(NFC_RW_POOL_ID);
1004
1005 if (!p_cmd) {
1006 LOG(ERROR) << StringPrintf("Cannot allocate buffer");
1007 return NFC_STATUS_NO_BUFFERS;
1008 }
1009
1010 p_cmd->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
1011 if (p_i93->addr_mode == RW_I93_MODE_ADDRESSED)
1012 p_cmd->len = 11;
1013 else
1014 p_cmd->len = 3;
1015 p = (uint8_t*)(p_cmd + 1) + p_cmd->offset;
1016
1017 /* Flags */
1018 if ((rw_cb.tcb.i93.product_version == RW_I93_TAG_IT_HF_I_PLUS_INLAY) ||
1019 (rw_cb.tcb.i93.product_version == RW_I93_TAG_IT_HF_I_PLUS_CHIP) ||
1020 (rw_cb.tcb.i93.product_version == RW_I93_TAG_IT_HF_I_STD_CHIP_INLAY) ||
1021 (rw_cb.tcb.i93.product_version == RW_I93_TAG_IT_HF_I_PRO_CHIP_INLAY)) {
1022 /* Option must be set for TI tag */
1023 UINT8_TO_STREAM(p, (I93_FLAG_ADDRESS_SET | I93_FLAG_OPTION_SET |
1024 RW_I93_FLAG_SUB_CARRIER | RW_I93_FLAG_DATA_RATE));
1025 } else {
1026 if (p_i93->addr_mode == RW_I93_MODE_ADDRESSED) {
1027 /* Address Mode Selector must be set */
1028 flags = I93_FLAG_ADDRESS_SET | RW_I93_FLAG_SUB_CARRIER |
1029 RW_I93_FLAG_DATA_RATE;
1030 } else {
1031 flags = RW_I93_FLAG_SUB_CARRIER | RW_I93_FLAG_DATA_RATE;
1032
1033 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_SELECTED_STATE)
1034 flags |= I93_FLAG_SELECT_SET;
1035 }
1036 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_SPECIAL_FRAME) {
1037 /* Option Flag bit must be set */
1038 flags |= I93_FLAG_OPTION_SET;
1039 }
1040 UINT8_TO_STREAM(p, flags);
1041 }
1042
1043 /* Command Code */
1044 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_EXT_COMMANDS) {
1045 UINT8_TO_STREAM(p, I93_CMD_EXT_LOCK_BLOCK);
1046 } else {
1047 UINT8_TO_STREAM(p, I93_CMD_LOCK_BLOCK);
1048 }
1049
1050 /* Parameters */
1051 if (p_i93->addr_mode == RW_I93_MODE_ADDRESSED)
1052 ARRAY8_TO_STREAM(p, rw_cb.tcb.i93.uid); /* UID */
1053
1054 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_EXT_COMMANDS) {
1055 UINT16_TO_STREAM(p, block_number); /* Block number */
1056 p_cmd->len++;
1057 } else {
1058 UINT8_TO_STREAM(p, block_number); /* Block number */
1059 }
1060
1061 if (rw_i93_send_to_lower(p_cmd)) {
1062 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_EXT_COMMANDS)
1063 rw_cb.tcb.i93.sent_cmd = I93_CMD_EXT_LOCK_BLOCK;
1064 else
1065 rw_cb.tcb.i93.sent_cmd = I93_CMD_LOCK_BLOCK;
1066 return NFC_STATUS_OK;
1067 } else {
1068 return NFC_STATUS_FAILED;
1069 }
1070 }
1071
1072 /*******************************************************************************
1073 **
1074 ** Function rw_i93_send_cmd_read_multi_blocks
1075 **
1076 ** Description Send Read Multiple Blocks Request to VICC
1077 **
1078 ** Returns tNFC_STATUS
1079 **
1080 *******************************************************************************/
rw_i93_send_cmd_read_multi_blocks(uint32_t first_block_number,uint32_t number_blocks)1081 tNFC_STATUS rw_i93_send_cmd_read_multi_blocks(uint32_t first_block_number,
1082 uint32_t number_blocks) {
1083 NFC_HDR* p_cmd;
1084 uint8_t *p, flags;
1085 tRW_I93_CB* p_i93 = &rw_cb.tcb.i93;
1086
1087 LOG(VERBOSE) << __func__;
1088
1089 p_cmd = (NFC_HDR*)GKI_getpoolbuf(NFC_RW_POOL_ID);
1090
1091 if (!p_cmd) {
1092 LOG(ERROR) << StringPrintf("Cannot allocate buffer");
1093 return NFC_STATUS_NO_BUFFERS;
1094 }
1095
1096 p_cmd->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
1097 if (p_i93->addr_mode == RW_I93_MODE_ADDRESSED)
1098 p_cmd->len = 12;
1099 else
1100 p_cmd->len = 4;
1101 p = (uint8_t*)(p_cmd + 1) + p_cmd->offset;
1102
1103 /* Flags */
1104 if (p_i93->addr_mode == RW_I93_MODE_ADDRESSED) {
1105 flags = (I93_FLAG_ADDRESS_SET | RW_I93_FLAG_SUB_CARRIER |
1106 RW_I93_FLAG_DATA_RATE);
1107 } else {
1108 flags = (RW_I93_FLAG_SUB_CARRIER | RW_I93_FLAG_DATA_RATE);
1109
1110 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_SELECTED_STATE)
1111 flags |= I93_FLAG_SELECT_SET;
1112 }
1113
1114 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_16BIT_NUM_BLOCK) {
1115 flags |= I93_FLAG_PROT_EXT_YES;
1116 }
1117
1118 UINT8_TO_STREAM(p, flags);
1119
1120 /* Command Code */
1121 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_EXT_COMMANDS) {
1122 UINT8_TO_STREAM(p, I93_CMD_EXT_READ_MULTI_BLOCK);
1123 } else {
1124 UINT8_TO_STREAM(p, I93_CMD_READ_MULTI_BLOCK);
1125 }
1126
1127 /* Parameters */
1128 if (flags & I93_FLAG_ADDRESS_SET)
1129 ARRAY8_TO_STREAM(p, rw_cb.tcb.i93.uid); /* UID */
1130
1131 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_16BIT_NUM_BLOCK ||
1132 rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_EXT_COMMANDS) {
1133 UINT16_TO_STREAM(p, first_block_number); /* First block number */
1134 p_cmd->len++;
1135 } else {
1136 UINT8_TO_STREAM(p, first_block_number); /* First block number */
1137 }
1138
1139 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_EXT_COMMANDS) {
1140 UINT16_TO_STREAM(
1141 p, number_blocks - 1); /* Number of blocks, 0x00 to read one block */
1142 p_cmd->len++;
1143 } else {
1144 UINT8_TO_STREAM(
1145 p, number_blocks - 1); /* Number of blocks, 0x00 to read one block */
1146 }
1147
1148 if (rw_i93_send_to_lower(p_cmd)) {
1149 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_EXT_COMMANDS)
1150 rw_cb.tcb.i93.sent_cmd = I93_CMD_EXT_READ_MULTI_BLOCK;
1151 else
1152 rw_cb.tcb.i93.sent_cmd = I93_CMD_READ_MULTI_BLOCK;
1153 return NFC_STATUS_OK;
1154 } else {
1155 return NFC_STATUS_FAILED;
1156 }
1157 }
1158
1159 /*******************************************************************************
1160 **
1161 ** Function rw_i93_send_cmd_write_multi_blocks
1162 **
1163 ** Description Send Write Multiple Blocks Request to VICC
1164 **
1165 ** Returns tNFC_STATUS
1166 **
1167 *******************************************************************************/
rw_i93_send_cmd_write_multi_blocks(uint32_t first_block_number,uint32_t number_blocks,uint8_t * p_data)1168 tNFC_STATUS rw_i93_send_cmd_write_multi_blocks(uint32_t first_block_number,
1169 uint32_t number_blocks,
1170 uint8_t* p_data) {
1171 NFC_HDR* p_cmd;
1172 uint8_t* p;
1173
1174 LOG(VERBOSE) << __func__;
1175
1176 if (number_blocks * rw_cb.tcb.i93.block_size >
1177 GKI_get_pool_bufsize(NFC_RW_POOL_ID) - NCI_MSG_OFFSET_SIZE -
1178 NCI_DATA_HDR_SIZE - 1 -
1179 (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_EXT_COMMANDS ? 2 : 0) - 12) {
1180 android_errorWriteLog(0x534e4554, "157650365");
1181 return NFC_STATUS_FAILED;
1182 }
1183 p_cmd = (NFC_HDR*)GKI_getpoolbuf(NFC_RW_POOL_ID);
1184
1185 if (!p_cmd) {
1186 LOG(ERROR) << StringPrintf("Cannot allocate buffer");
1187 return NFC_STATUS_NO_BUFFERS;
1188 }
1189
1190 p_cmd->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
1191 p_cmd->len = 12 + number_blocks * rw_cb.tcb.i93.block_size;
1192 p = (uint8_t*)(p_cmd + 1) + p_cmd->offset;
1193
1194 /* Flags */
1195 UINT8_TO_STREAM(p, (I93_FLAG_ADDRESS_SET | RW_I93_FLAG_SUB_CARRIER |
1196 RW_I93_FLAG_DATA_RATE));
1197
1198 /* Command Code */
1199 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_EXT_COMMANDS) {
1200 INT8_TO_STREAM(p, I93_CMD_EXT_WRITE_MULTI_BLOCK);
1201 } else {
1202 UINT8_TO_STREAM(p, I93_CMD_WRITE_MULTI_BLOCK);
1203 }
1204
1205 /* Parameters */
1206 ARRAY8_TO_STREAM(p, rw_cb.tcb.i93.uid); /* UID */
1207 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_EXT_COMMANDS) {
1208 UINT16_TO_STREAM(p, first_block_number); /* Block number */
1209 UINT16_TO_STREAM(
1210 p, number_blocks - 1); /* Number of blocks, 0x00 to read one block */
1211 p_cmd->len += 2;
1212 } else {
1213 UINT8_TO_STREAM(p, first_block_number); /* Block number */
1214 UINT8_TO_STREAM(
1215 p, number_blocks - 1); /* Number of blocks, 0x00 to read one block */
1216 }
1217
1218 /* Data */
1219 ARRAY_TO_STREAM(p, p_data, number_blocks * rw_cb.tcb.i93.block_size);
1220
1221 if (rw_i93_send_to_lower(p_cmd)) {
1222 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_EXT_COMMANDS)
1223 rw_cb.tcb.i93.sent_cmd = I93_CMD_EXT_WRITE_MULTI_BLOCK;
1224 else
1225 rw_cb.tcb.i93.sent_cmd = I93_CMD_WRITE_MULTI_BLOCK;
1226 return NFC_STATUS_OK;
1227 } else {
1228 return NFC_STATUS_FAILED;
1229 }
1230 }
1231
1232 /*******************************************************************************
1233 **
1234 ** Function rw_i93_send_cmd_select
1235 **
1236 ** Description Send Select Request to VICC
1237 **
1238 ** Returns tNFC_STATUS
1239 **
1240 *******************************************************************************/
rw_i93_send_cmd_select(uint8_t * p_uid)1241 tNFC_STATUS rw_i93_send_cmd_select(uint8_t* p_uid) {
1242 NFC_HDR* p_cmd;
1243 uint8_t* p;
1244
1245 LOG(VERBOSE) << __func__;
1246
1247 p_cmd = (NFC_HDR*)GKI_getpoolbuf(NFC_RW_POOL_ID);
1248
1249 if (!p_cmd) {
1250 LOG(ERROR) << StringPrintf("Cannot allocate buffer");
1251 return NFC_STATUS_NO_BUFFERS;
1252 }
1253
1254 p_cmd->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
1255 p_cmd->len = 10;
1256 p = (uint8_t*)(p_cmd + 1) + p_cmd->offset;
1257
1258 /* Flags */
1259 UINT8_TO_STREAM(p, (I93_FLAG_ADDRESS_SET | RW_I93_FLAG_SUB_CARRIER |
1260 RW_I93_FLAG_DATA_RATE));
1261
1262 /* Command Code */
1263 UINT8_TO_STREAM(p, I93_CMD_SELECT);
1264
1265 /* Parameters */
1266 /* Beware the UID is provided with the same order as the transmission
1267 one (LSB first) */
1268 ARRAY_TO_STREAM(p, p_uid, I93_UID_BYTE_LEN); /* UID */
1269
1270 if (rw_i93_send_to_lower(p_cmd)) {
1271 rw_cb.tcb.i93.sent_cmd = I93_CMD_SELECT;
1272 return NFC_STATUS_OK;
1273 } else {
1274 return NFC_STATUS_FAILED;
1275 }
1276 }
1277
1278 /*******************************************************************************
1279 **
1280 ** Function rw_i93_send_cmd_reset_to_ready
1281 **
1282 ** Description Send Reset to Ready Request to VICC
1283 **
1284 ** Returns tNFC_STATUS
1285 **
1286 *******************************************************************************/
rw_i93_send_cmd_reset_to_ready(void)1287 tNFC_STATUS rw_i93_send_cmd_reset_to_ready(void) {
1288 NFC_HDR* p_cmd;
1289 uint8_t* p;
1290
1291 LOG(VERBOSE) << __func__;
1292
1293 p_cmd = (NFC_HDR*)GKI_getpoolbuf(NFC_RW_POOL_ID);
1294
1295 if (!p_cmd) {
1296 LOG(ERROR) << StringPrintf("Cannot allocate buffer");
1297 return NFC_STATUS_NO_BUFFERS;
1298 }
1299
1300 p_cmd->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
1301 p_cmd->len = 10;
1302 p = (uint8_t*)(p_cmd + 1) + p_cmd->offset;
1303
1304 /* Flags */
1305 UINT8_TO_STREAM(p, (I93_FLAG_ADDRESS_SET | RW_I93_FLAG_SUB_CARRIER |
1306 RW_I93_FLAG_DATA_RATE));
1307
1308 /* Command Code */
1309 UINT8_TO_STREAM(p, I93_CMD_RESET_TO_READY);
1310
1311 /* Parameters */
1312 ARRAY8_TO_STREAM(p, rw_cb.tcb.i93.uid); /* UID */
1313
1314 if (rw_i93_send_to_lower(p_cmd)) {
1315 rw_cb.tcb.i93.sent_cmd = I93_CMD_RESET_TO_READY;
1316 return NFC_STATUS_OK;
1317 } else {
1318 return NFC_STATUS_FAILED;
1319 }
1320 }
1321
1322 /*******************************************************************************
1323 **
1324 ** Function rw_i93_send_cmd_write_afi
1325 **
1326 ** Description Send Write AFI Request to VICC
1327 **
1328 ** Returns tNFC_STATUS
1329 **
1330 *******************************************************************************/
rw_i93_send_cmd_write_afi(uint8_t afi)1331 tNFC_STATUS rw_i93_send_cmd_write_afi(uint8_t afi) {
1332 NFC_HDR* p_cmd;
1333 uint8_t* p;
1334
1335 LOG(VERBOSE) << __func__;
1336
1337 p_cmd = (NFC_HDR*)GKI_getpoolbuf(NFC_RW_POOL_ID);
1338
1339 if (!p_cmd) {
1340 LOG(ERROR) << StringPrintf("Cannot allocate buffer");
1341 return NFC_STATUS_NO_BUFFERS;
1342 }
1343
1344 p_cmd->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
1345 p_cmd->len = 11;
1346 p = (uint8_t*)(p_cmd + 1) + p_cmd->offset;
1347
1348 /* Flags */
1349 UINT8_TO_STREAM(p, (I93_FLAG_ADDRESS_SET | RW_I93_FLAG_SUB_CARRIER |
1350 RW_I93_FLAG_DATA_RATE));
1351
1352 /* Command Code */
1353 UINT8_TO_STREAM(p, I93_CMD_WRITE_AFI);
1354
1355 /* Parameters */
1356 ARRAY8_TO_STREAM(p, rw_cb.tcb.i93.uid); /* UID */
1357 UINT8_TO_STREAM(p, afi); /* AFI */
1358
1359 if (rw_i93_send_to_lower(p_cmd)) {
1360 rw_cb.tcb.i93.sent_cmd = I93_CMD_WRITE_AFI;
1361 return NFC_STATUS_OK;
1362 } else {
1363 return NFC_STATUS_FAILED;
1364 }
1365 }
1366
1367 /*******************************************************************************
1368 **
1369 ** Function rw_i93_send_cmd_lock_afi
1370 **
1371 ** Description Send Lock AFI Request to VICC
1372 **
1373 ** Returns tNFC_STATUS
1374 **
1375 *******************************************************************************/
rw_i93_send_cmd_lock_afi(void)1376 tNFC_STATUS rw_i93_send_cmd_lock_afi(void) {
1377 NFC_HDR* p_cmd;
1378 uint8_t* p;
1379
1380 LOG(VERBOSE) << __func__;
1381
1382 p_cmd = (NFC_HDR*)GKI_getpoolbuf(NFC_RW_POOL_ID);
1383
1384 if (!p_cmd) {
1385 LOG(ERROR) << StringPrintf("Cannot allocate buffer");
1386 return NFC_STATUS_NO_BUFFERS;
1387 }
1388
1389 p_cmd->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
1390 p_cmd->len = 10;
1391 p = (uint8_t*)(p_cmd + 1) + p_cmd->offset;
1392
1393 /* Flags */
1394 UINT8_TO_STREAM(p, (I93_FLAG_ADDRESS_SET | RW_I93_FLAG_SUB_CARRIER |
1395 RW_I93_FLAG_DATA_RATE));
1396
1397 /* Command Code */
1398 UINT8_TO_STREAM(p, I93_CMD_LOCK_AFI);
1399
1400 /* Parameters */
1401 ARRAY8_TO_STREAM(p, rw_cb.tcb.i93.uid); /* UID */
1402
1403 if (rw_i93_send_to_lower(p_cmd)) {
1404 rw_cb.tcb.i93.sent_cmd = I93_CMD_LOCK_AFI;
1405 return NFC_STATUS_OK;
1406 } else {
1407 return NFC_STATUS_FAILED;
1408 }
1409 }
1410
1411 /*******************************************************************************
1412 **
1413 ** Function rw_i93_send_cmd_write_dsfid
1414 **
1415 ** Description Send Write DSFID Request to VICC
1416 **
1417 ** Returns tNFC_STATUS
1418 **
1419 *******************************************************************************/
rw_i93_send_cmd_write_dsfid(uint8_t dsfid)1420 tNFC_STATUS rw_i93_send_cmd_write_dsfid(uint8_t dsfid) {
1421 NFC_HDR* p_cmd;
1422 uint8_t* p;
1423
1424 LOG(VERBOSE) << __func__;
1425
1426 p_cmd = (NFC_HDR*)GKI_getpoolbuf(NFC_RW_POOL_ID);
1427
1428 if (!p_cmd) {
1429 LOG(ERROR) << StringPrintf("Cannot allocate buffer");
1430 return NFC_STATUS_NO_BUFFERS;
1431 }
1432
1433 p_cmd->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
1434 p_cmd->len = 11;
1435 p = (uint8_t*)(p_cmd + 1) + p_cmd->offset;
1436
1437 /* Flags */
1438 UINT8_TO_STREAM(p, (I93_FLAG_ADDRESS_SET | RW_I93_FLAG_SUB_CARRIER |
1439 RW_I93_FLAG_DATA_RATE));
1440
1441 /* Command Code */
1442 UINT8_TO_STREAM(p, I93_CMD_WRITE_DSFID);
1443
1444 /* Parameters */
1445 ARRAY8_TO_STREAM(p, rw_cb.tcb.i93.uid); /* UID */
1446 UINT8_TO_STREAM(p, dsfid); /* DSFID */
1447
1448 if (rw_i93_send_to_lower(p_cmd)) {
1449 rw_cb.tcb.i93.sent_cmd = I93_CMD_WRITE_DSFID;
1450 return NFC_STATUS_OK;
1451 } else {
1452 return NFC_STATUS_FAILED;
1453 }
1454 }
1455
1456 /*******************************************************************************
1457 **
1458 ** Function rw_i93_send_cmd_lock_dsfid
1459 **
1460 ** Description Send Lock DSFID Request to VICC
1461 **
1462 ** Returns tNFC_STATUS
1463 **
1464 *******************************************************************************/
rw_i93_send_cmd_lock_dsfid(void)1465 tNFC_STATUS rw_i93_send_cmd_lock_dsfid(void) {
1466 NFC_HDR* p_cmd;
1467 uint8_t* p;
1468
1469 LOG(VERBOSE) << __func__;
1470
1471 p_cmd = (NFC_HDR*)GKI_getpoolbuf(NFC_RW_POOL_ID);
1472
1473 if (!p_cmd) {
1474 LOG(ERROR) << StringPrintf("Cannot allocate buffer");
1475 return NFC_STATUS_NO_BUFFERS;
1476 }
1477
1478 p_cmd->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
1479 p_cmd->len = 10;
1480 p = (uint8_t*)(p_cmd + 1) + p_cmd->offset;
1481
1482 /* Flags */
1483 UINT8_TO_STREAM(p, (I93_FLAG_ADDRESS_SET | RW_I93_FLAG_SUB_CARRIER |
1484 RW_I93_FLAG_DATA_RATE));
1485
1486 /* Command Code */
1487 UINT8_TO_STREAM(p, I93_CMD_LOCK_DSFID);
1488
1489 /* Parameters */
1490 ARRAY8_TO_STREAM(p, rw_cb.tcb.i93.uid); /* UID */
1491
1492 if (rw_i93_send_to_lower(p_cmd)) {
1493 rw_cb.tcb.i93.sent_cmd = I93_CMD_LOCK_DSFID;
1494 return NFC_STATUS_OK;
1495 } else {
1496 return NFC_STATUS_FAILED;
1497 }
1498 }
1499
1500 /*******************************************************************************
1501 **
1502 ** Function rw_i93_send_cmd_get_ext_sys_info
1503 **
1504 ** Description Send Get Extended System Information Request to VICC
1505 **
1506 ** Returns tNFC_STATUS
1507 **
1508 *******************************************************************************/
rw_i93_send_cmd_get_ext_sys_info(uint8_t * p_uid)1509 tNFC_STATUS rw_i93_send_cmd_get_ext_sys_info(uint8_t* p_uid) {
1510 NFC_HDR* p_cmd;
1511 uint8_t* p;
1512
1513 LOG(VERBOSE) << __func__;
1514
1515 p_cmd = (NFC_HDR*)GKI_getpoolbuf(NFC_RW_POOL_ID);
1516
1517 if (!p_cmd) {
1518 LOG(VERBOSE) << __func__ << "Cannot allocate buffer";
1519 return NFC_STATUS_NO_BUFFERS;
1520 }
1521
1522 p_cmd->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
1523 p_cmd->len = 11;
1524 p = (uint8_t*)(p_cmd + 1) + p_cmd->offset;
1525
1526 /* Flags */
1527 UINT8_TO_STREAM(p, (I93_FLAG_ADDRESS_SET | RW_I93_FLAG_SUB_CARRIER |
1528 RW_I93_FLAG_DATA_RATE));
1529
1530 /* Command Code */
1531 UINT8_TO_STREAM(p, I93_CMD_EXT_GET_SYS_INFO);
1532
1533 /* Parameters request field */
1534 UINT8_TO_STREAM(p,
1535 (I93_INFO_FLAG_MOI | I93_INFO_FLAG_DSFID | I93_INFO_FLAG_AFI |
1536 I93_INFO_FLAG_MEM_SIZE | I93_INFO_FLAG_IC_REF));
1537
1538 /* Parameters */
1539 if (p_uid) {
1540 ARRAY8_TO_STREAM(p, p_uid); /* UID */
1541 } else {
1542 ARRAY8_TO_STREAM(p, rw_cb.tcb.i93.uid); /* UID */
1543 }
1544
1545 if (rw_i93_send_to_lower(p_cmd)) {
1546 rw_cb.tcb.i93.sent_cmd = I93_CMD_EXT_GET_SYS_INFO;
1547 return NFC_STATUS_OK;
1548 } else {
1549 return NFC_STATUS_FAILED;
1550 }
1551 }
1552
1553 /*******************************************************************************
1554 **
1555 ** Function rw_i93_send_cmd_get_sys_info
1556 **
1557 ** Description Send Get System Information Request to VICC
1558 **
1559 ** Returns tNFC_STATUS
1560 **
1561 *******************************************************************************/
rw_i93_send_cmd_get_sys_info(uint8_t * p_uid,uint8_t extra_flags)1562 tNFC_STATUS rw_i93_send_cmd_get_sys_info(uint8_t* p_uid, uint8_t extra_flags) {
1563 NFC_HDR* p_cmd;
1564 uint8_t* p;
1565
1566 LOG(VERBOSE) << __func__;
1567
1568 p_cmd = (NFC_HDR*)GKI_getpoolbuf(NFC_RW_POOL_ID);
1569
1570 if (!p_cmd) {
1571 LOG(ERROR) << StringPrintf("Cannot allocate buffer");
1572 return NFC_STATUS_NO_BUFFERS;
1573 }
1574
1575 p_cmd->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
1576 p_cmd->len = 10;
1577 p = (uint8_t*)(p_cmd + 1) + p_cmd->offset;
1578
1579 /* Flags */
1580 UINT8_TO_STREAM(p, (I93_FLAG_ADDRESS_SET | RW_I93_FLAG_SUB_CARRIER |
1581 RW_I93_FLAG_DATA_RATE | extra_flags));
1582
1583 /* Command Code */
1584 UINT8_TO_STREAM(p, I93_CMD_GET_SYS_INFO);
1585
1586 /* Parameters */
1587 if (p_uid) {
1588 ARRAY8_TO_STREAM(p, p_uid); /* UID */
1589 } else {
1590 ARRAY8_TO_STREAM(p, rw_cb.tcb.i93.uid); /* UID */
1591 }
1592
1593 if (rw_i93_send_to_lower(p_cmd)) {
1594 rw_cb.tcb.i93.sent_cmd = I93_CMD_GET_SYS_INFO;
1595 return NFC_STATUS_OK;
1596 } else {
1597 return NFC_STATUS_FAILED;
1598 }
1599 }
1600
1601 /*******************************************************************************
1602 **
1603 ** Function rw_i93_send_cmd_get_multi_block_sec
1604 **
1605 ** Description Send Get Multiple Block Security Status Request to VICC
1606 **
1607 ** Returns tNFC_STATUS
1608 **
1609 *******************************************************************************/
rw_i93_send_cmd_get_multi_block_sec(uint32_t first_block_number,uint32_t number_blocks)1610 tNFC_STATUS rw_i93_send_cmd_get_multi_block_sec(uint32_t first_block_number,
1611 uint32_t number_blocks) {
1612 NFC_HDR* p_cmd;
1613 uint8_t *p, flags;
1614
1615 LOG(VERBOSE) << __func__;
1616
1617 p_cmd = (NFC_HDR*)GKI_getpoolbuf(NFC_RW_POOL_ID);
1618
1619 if (!p_cmd) {
1620 LOG(ERROR) << StringPrintf("Cannot allocate buffer");
1621 return NFC_STATUS_NO_BUFFERS;
1622 }
1623
1624 p_cmd->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
1625 p_cmd->len = 12;
1626 p = (uint8_t*)(p_cmd + 1) + p_cmd->offset;
1627
1628 /* Flags */
1629 flags =
1630 (I93_FLAG_ADDRESS_SET | RW_I93_FLAG_SUB_CARRIER | RW_I93_FLAG_DATA_RATE);
1631
1632 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_16BIT_NUM_BLOCK)
1633 flags |= I93_FLAG_PROT_EXT_YES;
1634
1635 UINT8_TO_STREAM(p, flags);
1636
1637 /* Command Code */
1638 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_EXT_COMMANDS) {
1639 UINT8_TO_STREAM(p, I93_CMD_EXT_GET_MULTI_BLK_SEC);
1640 } else {
1641 UINT8_TO_STREAM(p, I93_CMD_GET_MULTI_BLK_SEC);
1642 }
1643
1644 /* Parameters */
1645 ARRAY8_TO_STREAM(p, rw_cb.tcb.i93.uid); /* UID */
1646
1647 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_16BIT_NUM_BLOCK ||
1648 rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_EXT_COMMANDS) {
1649 UINT16_TO_STREAM(p, first_block_number); /* First block number */
1650 UINT16_TO_STREAM(
1651 p, number_blocks - 1); /* Number of blocks, 0x00 to read one block */
1652 p_cmd->len += 2;
1653 } else {
1654 UINT8_TO_STREAM(p, first_block_number); /* First block number */
1655 UINT8_TO_STREAM(
1656 p, number_blocks - 1); /* Number of blocks, 0x00 to read one block */
1657 }
1658
1659 if (rw_i93_send_to_lower(p_cmd)) {
1660 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_EXT_COMMANDS)
1661 rw_cb.tcb.i93.sent_cmd = I93_CMD_EXT_GET_MULTI_BLK_SEC;
1662 else
1663 rw_cb.tcb.i93.sent_cmd = I93_CMD_GET_MULTI_BLK_SEC;
1664 return NFC_STATUS_OK;
1665 } else {
1666 return NFC_STATUS_FAILED;
1667 }
1668 }
1669
1670 /*******************************************************************************
1671 **
1672 ** Function rw_i93_get_next_blocks
1673 **
1674 ** Description Read as many blocks as possible (up to
1675 ** RW_I93_READ_MULTI_BLOCK_SIZE)
1676 **
1677 ** Returns tNFC_STATUS
1678 **
1679 *******************************************************************************/
rw_i93_get_next_blocks(uint32_t offset)1680 tNFC_STATUS rw_i93_get_next_blocks(uint32_t offset) {
1681 tRW_I93_CB* p_i93 = &rw_cb.tcb.i93;
1682 uint32_t first_block;
1683 uint32_t num_block;
1684
1685 LOG(VERBOSE) << __func__;
1686
1687 first_block = offset / p_i93->block_size;
1688
1689 /* more blocks, more efficent but more error rate */
1690
1691 if (p_i93->intl_flags & RW_I93_FLAG_READ_MULTI_BLOCK) {
1692 num_block = RW_I93_READ_MULTI_BLOCK_SIZE / p_i93->block_size;
1693
1694 // first_block is an offset related to the beginning of the T5T_Area for T5T
1695 // tags but physical memory for ISO15693 tags
1696 if (p_i93->i93_t5t_mode == RW_I93_GET_SYS_INFO_MEM_INFO) {
1697 if (num_block + first_block > p_i93->num_block)
1698 num_block = p_i93->num_block - first_block;
1699 } else {
1700 if (num_block + first_block >
1701 p_i93->num_block + p_i93->t5t_area_start_block)
1702 num_block =
1703 p_i93->num_block - first_block + p_i93->t5t_area_start_block;
1704 }
1705
1706 if (p_i93->uid[1] == I93_UID_IC_MFG_CODE_STM) {
1707 /* LRIS64K, M24LR64-R, M24LR04E-R, M24LR16E-R, M24LR16D-W, M24LR64E-R
1708 ** require
1709 ** - The max number of blocks is 32 and they are all located in the
1710 ** same sector.
1711 ** - The sector is 32 blocks of 4 bytes.
1712 */
1713 if ((p_i93->product_version == RW_I93_STM_LRIS64K) ||
1714 (p_i93->product_version == RW_I93_STM_M24LR64_R) ||
1715 (p_i93->product_version == RW_I93_STM_M24LR04E_R) ||
1716 (p_i93->product_version == RW_I93_STM_M24LR16E_R) ||
1717 (p_i93->product_version == RW_I93_STM_M24LR16D_W) ||
1718 (p_i93->product_version == RW_I93_STM_M24LR64E_R)) {
1719 if (num_block > I93_STM_MAX_BLOCKS_PER_READ)
1720 num_block = I93_STM_MAX_BLOCKS_PER_READ;
1721
1722 if ((first_block / I93_STM_BLOCKS_PER_SECTOR) !=
1723 ((first_block + num_block - 1) / I93_STM_BLOCKS_PER_SECTOR)) {
1724 num_block = I93_STM_BLOCKS_PER_SECTOR -
1725 (first_block % I93_STM_BLOCKS_PER_SECTOR);
1726 }
1727 }
1728 }
1729
1730 if (p_i93->uid[1] == I93_UID_IC_MFG_CODE_ONS) {
1731 /* N24RF04, N24RF04E, N24RF16, N24RF16E, N24RF64, N24RF64E requires
1732 ** - The max number of blocks is 32 and they are all located in the
1733 ** same sector.
1734 ** - The sector is 32 blocks of 4 bytes.
1735 */
1736 if ((p_i93->product_version == RW_I93_ONS_N36RW02) ||
1737 (p_i93->product_version == RW_I93_ONS_N24RF04) ||
1738 (p_i93->product_version == RW_I93_ONS_N24RF04E) ||
1739 (p_i93->product_version == RW_I93_ONS_N24RF16) ||
1740 (p_i93->product_version == RW_I93_ONS_N24RF16E) ||
1741 (p_i93->product_version == RW_I93_ONS_N24RF64) ||
1742 (p_i93->product_version == RW_I93_ONS_N24RF64E)) {
1743 if (num_block > I93_ONS_MAX_BLOCKS_PER_READ)
1744 num_block = I93_ONS_MAX_BLOCKS_PER_READ;
1745
1746 if ((first_block / I93_ONS_BLOCKS_PER_SECTOR) !=
1747 ((first_block + num_block - 1) / I93_ONS_BLOCKS_PER_SECTOR)) {
1748 num_block = I93_ONS_BLOCKS_PER_SECTOR -
1749 (first_block % I93_ONS_BLOCKS_PER_SECTOR);
1750 }
1751 }
1752 }
1753
1754 if (num_block == 0) {
1755 /* only one remaining block to read */
1756 return rw_i93_send_cmd_read_single_block(first_block, false);
1757 }
1758
1759 return rw_i93_send_cmd_read_multi_blocks(first_block, num_block);
1760 } else {
1761 return rw_i93_send_cmd_read_single_block(first_block, false);
1762 }
1763 }
1764
1765 /*******************************************************************************
1766 **
1767 ** Function rw_i93_get_next_block_sec
1768 **
1769 ** Description Get as many security of blocks as possible from
1770 ** p_i93->rw_offset (up to RW_I93_GET_MULTI_BLOCK_SEC_SIZE)
1771 **
1772 ** Returns tNFC_STATUS
1773 **
1774 *******************************************************************************/
rw_i93_get_next_block_sec(void)1775 tNFC_STATUS rw_i93_get_next_block_sec(void) {
1776 tRW_I93_CB* p_i93 = &rw_cb.tcb.i93;
1777 uint32_t num_blocks;
1778
1779 LOG(VERBOSE) << __func__;
1780
1781 if (p_i93->num_block <= p_i93->rw_offset) {
1782 LOG(ERROR) << StringPrintf(
1783 "rw_offset(0x%x) must be less than num_block(0x%x)", p_i93->rw_offset,
1784 p_i93->num_block);
1785 return NFC_STATUS_FAILED;
1786 }
1787
1788 num_blocks = p_i93->num_block - p_i93->rw_offset;
1789
1790 if (num_blocks > RW_I93_GET_MULTI_BLOCK_SEC_SIZE)
1791 num_blocks = RW_I93_GET_MULTI_BLOCK_SEC_SIZE;
1792
1793 LOG(VERBOSE) << StringPrintf("%s intl_flags=%d", __func__,
1794 rw_cb.tcb.i93.intl_flags);
1795 return rw_i93_send_cmd_get_multi_block_sec(p_i93->rw_offset, num_blocks);
1796 }
1797
1798 /*******************************************************************************
1799 **
1800 ** Function rw_i93_sm_detect_ndef
1801 **
1802 ** Description Process NDEF detection procedure
1803 **
1804 ** 1. Get UID if not having yet
1805 ** 2. Get System Info if not having yet
1806 ** 3. Read first block for CC
1807 ** 4. Search NDEF Type and length
1808 ** 5. Get block status to get max NDEF size and read-only
1809 ** status
1810 **
1811 ** Returns void
1812 **
1813 *******************************************************************************/
rw_i93_sm_detect_ndef(NFC_HDR * p_resp)1814 void rw_i93_sm_detect_ndef(NFC_HDR* p_resp) {
1815 uint8_t *p = (uint8_t*)(p_resp + 1) + p_resp->offset, *p_uid;
1816 uint8_t flags, u8 = 0, cc[4];
1817 uint16_t length = p_resp->len, xx;
1818 uint32_t block, first_block, last_block, num_blocks;
1819 tRW_I93_CB* p_i93 = &rw_cb.tcb.i93;
1820 tRW_DATA rw_data;
1821 tNFC_STATUS status = NFC_STATUS_FAILED;
1822
1823 LOG(VERBOSE) << StringPrintf(
1824 "%s - sub_state:%s (0x%x)", __func__,
1825 rw_i93_get_sub_state_name(p_i93->sub_state).c_str(), p_i93->sub_state);
1826
1827 if (length == 0) {
1828 android_errorWriteLog(0x534e4554, "121260197");
1829 rw_i93_handle_error(NFC_STATUS_FAILED);
1830 return;
1831 }
1832 STREAM_TO_UINT8(flags, p);
1833 length--;
1834
1835 if (flags & I93_FLAG_ERROR_DETECTED) {
1836 if ((length) && (rw_i93_check_sys_info_prot_ext(*p))) {
1837 /* getting system info with protocol extension flag */
1838 /* This STM & ONS tag supports more than 2040 bytes */
1839 p_i93->intl_flags |= RW_I93_FLAG_16BIT_NUM_BLOCK;
1840 } else {
1841 LOG(VERBOSE) << StringPrintf("%s - Got error flags (0x%02x)", __func__,
1842 flags);
1843 rw_i93_handle_error(NFC_STATUS_FAILED);
1844 }
1845 return;
1846 }
1847
1848 switch (p_i93->sub_state) {
1849 case RW_I93_SUBSTATE_WAIT_UID:
1850
1851 if (length < (I93_UID_BYTE_LEN + 1)) {
1852 android_errorWriteLog(0x534e4554, "121260197");
1853 rw_i93_handle_error(NFC_STATUS_FAILED);
1854 return;
1855 }
1856 STREAM_TO_UINT8(u8, p); /* DSFID */
1857 p_uid = p_i93->uid;
1858 STREAM_TO_ARRAY8(p_uid, p);
1859
1860 if (u8 != I93_DFS_UNSUPPORTED) {
1861 /* if Data Storage Format is unknown */
1862 LOG(VERBOSE) << StringPrintf("%s - Got unknown DSFID (0x%02x)", __func__,
1863 u8);
1864 rw_i93_handle_error(NFC_STATUS_FAILED);
1865 } else {
1866 /* get system information to get memory size */
1867 if (rw_i93_send_cmd_get_sys_info(nullptr, I93_FLAG_PROT_EXT_NO) ==
1868 NFC_STATUS_OK) {
1869 p_i93->sub_state = RW_I93_SUBSTATE_WAIT_SYS_INFO;
1870 } else {
1871 rw_i93_handle_error(NFC_STATUS_FAILED);
1872 }
1873 }
1874 break;
1875
1876 case RW_I93_SUBSTATE_WAIT_SYS_INFO:
1877
1878 p_i93->block_size = 0;
1879 p_i93->num_block = 0;
1880
1881 if (!rw_i93_process_sys_info(p, length)) {
1882 /* retrying with protocol extension flag */
1883 break;
1884 }
1885
1886 if ((p_i93->block_size == 0) || (p_i93->num_block == 0)) {
1887 LOG(VERBOSE) << StringPrintf("%s - Unable to get tag memory size",
1888 __func__);
1889 rw_i93_handle_error(status);
1890 } else {
1891 /* read CC in the first block */
1892 if (rw_i93_send_cmd_read_single_block(0x0000, false) == NFC_STATUS_OK) {
1893 p_i93->sub_state = RW_I93_SUBSTATE_WAIT_CC;
1894 } else {
1895 rw_i93_handle_error(NFC_STATUS_FAILED);
1896 }
1897 }
1898 break;
1899
1900 case RW_I93_SUBSTATE_WAIT_CC:
1901
1902 if (length < RW_I93_CC_SIZE) {
1903 android_errorWriteLog(0x534e4554, "139188579");
1904 rw_i93_handle_error(NFC_STATUS_FAILED);
1905 return;
1906 }
1907
1908 /* assume block size is more than RW_I93_CC_SIZE 4 */
1909 STREAM_TO_ARRAY(cc, p, RW_I93_CC_SIZE);
1910
1911 status = NFC_STATUS_FAILED;
1912
1913 /*
1914 ** Capability Container (CC)
1915 **
1916 ** CC[0] : magic number (0xE1)
1917 ** CC[1] : Bit 7-6:Major version number
1918 ** : Bit 5-4:Minor version number
1919 ** : Bit 3-2:Read access condition (00b: read access granted
1920 ** without any security)
1921 ** : Bit 1-0:Write access condition (00b: write access granted
1922 ** without any security)
1923 ** CC[2] : Memory size in 8 bytes (Ex. 0x04 is 32 bytes) [STM, ONS set
1924 ** to 0xFF if more than 2040bytes]
1925 ** CC[3] : Bit 0:Read multiple blocks is supported [NXP, STM, ONS]
1926 ** : Bit 1:Inventory page read is supported [NXP]
1927 ** : Bit 2:More than 2040 bytes are supported [STM, ONS]
1928 */
1929
1930 LOG(VERBOSE) << StringPrintf("%s - cc[0-3]: 0x%02X 0x%02X 0x%02X 0x%02X",
1931 __func__, cc[0], cc[1], cc[2], cc[3]);
1932
1933 LOG(VERBOSE) << StringPrintf("%s - Total blocks:0x%04X, Block size:0x%02X",
1934 __func__, p_i93->num_block, p_i93->block_size);
1935
1936 if ((cc[0] == I93_ICODE_CC_MAGIC_NUMER_E1) ||
1937 (cc[0] == I93_ICODE_CC_MAGIC_NUMER_E2)) {
1938 if ((cc[1] & 0xC0) > I93_VERSION_1_x) {
1939 LOG(VERBOSE) << StringPrintf("%s - Major mapping version above 1 %d.x",
1940 __func__, cc[1] >> 6);
1941 /* major mapping version above 1 not supported */
1942 rw_i93_handle_error(NFC_STATUS_FAILED);
1943 break;
1944 }
1945 if ((cc[1] & I93_ICODE_CC_READ_ACCESS_MASK) ==
1946 I93_ICODE_CC_READ_ACCESS_GRANTED) {
1947 if ((cc[1] & I93_ICODE_CC_WRITE_ACCESS_MASK) !=
1948 I93_ICODE_CC_WRITE_ACCESS_GRANTED) {
1949 /* read-only or password required to write */
1950 p_i93->intl_flags |= RW_I93_FLAG_READ_ONLY;
1951 }
1952 if (cc[3] & I93_ICODE_CC_MBREAD_MASK) {
1953 /* tag supports read multiple blocks command */
1954 p_i93->intl_flags |= RW_I93_FLAG_READ_MULTI_BLOCK;
1955 }
1956 if (cc[3] & I93_ICODE_CC_SPECIAL_FRAME_MASK) {
1957 /* tag supports Special Frame for Write-Alike commands */
1958 p_i93->intl_flags |= RW_I93_FLAG_SPECIAL_FRAME;
1959 }
1960 if (cc[0] == I93_ICODE_CC_MAGIC_NUMER_E2) {
1961 p_i93->intl_flags |= RW_I93_FLAG_EXT_COMMANDS;
1962 }
1963 status = NFC_STATUS_OK;
1964 }
1965 }
1966
1967 if (status == NFC_STATUS_OK) {
1968 /* seach NDEF TLV from offset 4 when CC file coded on 4 bytes NFC Forum
1969 */
1970 if (cc[2] != 0)
1971 p_i93->rw_offset = 4;
1972 else
1973 p_i93->rw_offset = 8;
1974
1975 if (rw_i93_get_next_blocks(p_i93->rw_offset) == NFC_STATUS_OK) {
1976 p_i93->sub_state = RW_I93_SUBSTATE_SEARCH_NDEF_TLV;
1977 p_i93->tlv_detect_state = RW_I93_TLV_DETECT_STATE_TYPE;
1978 } else {
1979 rw_i93_handle_error(NFC_STATUS_FAILED);
1980 }
1981 } else {
1982 rw_i93_handle_error(NFC_STATUS_FAILED);
1983 }
1984 break;
1985
1986 case RW_I93_SUBSTATE_SEARCH_NDEF_TLV:
1987
1988 /* search TLV within read blocks */
1989 for (xx = 0; xx < length; xx++) {
1990 /* if looking for type */
1991 if (p_i93->tlv_detect_state == RW_I93_TLV_DETECT_STATE_TYPE) {
1992 if (*(p + xx) == I93_ICODE_TLV_TYPE_NULL) {
1993 continue;
1994 } else if ((*(p + xx) == I93_ICODE_TLV_TYPE_NDEF) ||
1995 (*(p + xx) == I93_ICODE_TLV_TYPE_PROP)) {
1996 /* store found type and get length field */
1997 p_i93->tlv_type = *(p + xx);
1998 p_i93->ndef_tlv_start_offset = p_i93->rw_offset + xx;
1999
2000 p_i93->tlv_detect_state = RW_I93_TLV_DETECT_STATE_LENGTH_1;
2001 } else if (*(p + xx) == I93_ICODE_TLV_TYPE_TERM) {
2002 /* no NDEF TLV found */
2003 p_i93->tlv_type = I93_ICODE_TLV_TYPE_TERM;
2004 break;
2005 } else {
2006 LOG(VERBOSE) << StringPrintf("%s - Invalid type: 0x%02x", __func__,
2007 *(p + xx));
2008 rw_i93_handle_error(NFC_STATUS_FAILED);
2009 return;
2010 }
2011 } else if (p_i93->tlv_detect_state ==
2012 RW_I93_TLV_DETECT_STATE_LENGTH_1) {
2013 /* if 3 bytes length field */
2014 if (*(p + xx) == 0xFF) {
2015 /* need 2 more bytes for length field */
2016 p_i93->tlv_detect_state = RW_I93_TLV_DETECT_STATE_LENGTH_2;
2017 } else {
2018 p_i93->tlv_length = *(p + xx);
2019 p_i93->tlv_detect_state = RW_I93_TLV_DETECT_STATE_VALUE;
2020
2021 if (p_i93->tlv_type == I93_ICODE_TLV_TYPE_NDEF) {
2022 p_i93->ndef_tlv_last_offset =
2023 p_i93->ndef_tlv_start_offset + 1 + p_i93->tlv_length;
2024 break;
2025 }
2026 }
2027 } else if (p_i93->tlv_detect_state ==
2028 RW_I93_TLV_DETECT_STATE_LENGTH_2) {
2029 /* the second byte of 3 bytes length field */
2030 p_i93->tlv_length = *(p + xx);
2031 p_i93->tlv_detect_state = RW_I93_TLV_DETECT_STATE_LENGTH_3;
2032 } else if (p_i93->tlv_detect_state ==
2033 RW_I93_TLV_DETECT_STATE_LENGTH_3) {
2034 /* the last byte of 3 bytes length field */
2035 p_i93->tlv_length = (p_i93->tlv_length << 8) + *(p + xx);
2036 p_i93->tlv_detect_state = RW_I93_TLV_DETECT_STATE_VALUE;
2037
2038 if (p_i93->tlv_type == I93_ICODE_TLV_TYPE_NDEF) {
2039 p_i93->ndef_tlv_last_offset =
2040 p_i93->ndef_tlv_start_offset + 3 + p_i93->tlv_length;
2041 break;
2042 }
2043 } else if (p_i93->tlv_detect_state == RW_I93_TLV_DETECT_STATE_VALUE) {
2044 /* this is other than NDEF TLV */
2045 if (p_i93->tlv_length <= length - xx) {
2046 /* skip value field */
2047 xx += (uint8_t)p_i93->tlv_length;
2048 p_i93->tlv_detect_state = RW_I93_TLV_DETECT_STATE_TYPE;
2049 } else {
2050 /* read more data */
2051 p_i93->tlv_length -= (length - xx);
2052 break;
2053 }
2054 }
2055 }
2056
2057 /* found NDEF TLV and read length field */
2058 if ((p_i93->tlv_type == I93_ICODE_TLV_TYPE_NDEF) &&
2059 (p_i93->tlv_detect_state == RW_I93_TLV_DETECT_STATE_VALUE)) {
2060 p_i93->ndef_length = p_i93->tlv_length;
2061
2062 /* get lock status to see if read-only */
2063 if ((p_i93->product_version == RW_I93_TAG_IT_HF_I_STD_CHIP_INLAY) ||
2064 (p_i93->product_version == RW_I93_TAG_IT_HF_I_PRO_CHIP_INLAY) ||
2065 ((p_i93->uid[1] == I93_UID_IC_MFG_CODE_NXP) &&
2066 (p_i93->ic_reference & I93_ICODE_IC_REF_MBREAD_MASK))) {
2067 /* these doesn't support GetMultiBlockSecurityStatus */
2068
2069 p_i93->rw_offset = p_i93->ndef_tlv_start_offset;
2070 first_block = p_i93->ndef_tlv_start_offset / p_i93->block_size;
2071
2072 /* read block to get lock status */
2073 rw_i93_send_cmd_read_single_block(first_block, true);
2074 p_i93->sub_state = RW_I93_SUBSTATE_CHECK_LOCK_STATUS;
2075 } else {
2076 /* block offset for read-only check */
2077 p_i93->rw_offset = 0;
2078
2079 if (rw_i93_get_next_block_sec() == NFC_STATUS_OK) {
2080 p_i93->sub_state = RW_I93_SUBSTATE_CHECK_LOCK_STATUS;
2081 } else {
2082 rw_i93_handle_error(NFC_STATUS_FAILED);
2083 }
2084 }
2085 } else {
2086 /* read more data */
2087 p_i93->rw_offset += length;
2088
2089 if (p_i93->rw_offset >= p_i93->block_size * p_i93->num_block) {
2090 rw_i93_handle_error(NFC_STATUS_FAILED);
2091 } else if (rw_i93_get_next_blocks(p_i93->rw_offset) == NFC_STATUS_OK) {
2092 p_i93->sub_state = RW_I93_SUBSTATE_SEARCH_NDEF_TLV;
2093 } else {
2094 rw_i93_handle_error(NFC_STATUS_FAILED);
2095 }
2096 }
2097 break;
2098
2099 case RW_I93_SUBSTATE_CHECK_LOCK_STATUS:
2100
2101 if ((p_i93->product_version == RW_I93_TAG_IT_HF_I_STD_CHIP_INLAY) ||
2102 (p_i93->product_version == RW_I93_TAG_IT_HF_I_PRO_CHIP_INLAY) ||
2103 ((p_i93->uid[1] == I93_UID_IC_MFG_CODE_NXP) &&
2104 (p_i93->ic_reference & I93_ICODE_IC_REF_MBREAD_MASK))) {
2105 /* these doesn't support GetMultiBlockSecurityStatus */
2106
2107 block = (p_i93->rw_offset / p_i93->block_size);
2108 last_block = (p_i93->ndef_tlv_last_offset / p_i93->block_size);
2109
2110 if (length == 0) {
2111 rw_i93_handle_error(NFC_STATUS_FAILED);
2112 }
2113 if ((*p) & I93_BLOCK_LOCKED) {
2114 if (block <= last_block) {
2115 p_i93->intl_flags |= RW_I93_FLAG_READ_ONLY;
2116 }
2117 } else {
2118 /* if we need to check more user blocks */
2119 if (block + 1 < p_i93->num_block) {
2120 p_i93->rw_offset += p_i93->block_size;
2121
2122 /* read block to get lock status */
2123 rw_i93_send_cmd_read_single_block(
2124 (uint32_t)(p_i93->rw_offset / p_i93->block_size), true);
2125 break;
2126 }
2127 }
2128
2129 p_i93->max_ndef_length =
2130 p_i93->ndef_length
2131 /* add available bytes including the last block of NDEF TLV */
2132 + (p_i93->block_size * (block - last_block) + 1) -
2133 (p_i93->ndef_tlv_last_offset % p_i93->block_size) - 1;
2134 } else {
2135 if (p_i93->rw_offset == 0) {
2136 p_i93->max_ndef_length =
2137 p_i93->ndef_length
2138 /* add available bytes in the last block of NDEF TLV */
2139 + p_i93->block_size -
2140 (p_i93->ndef_tlv_last_offset % p_i93->block_size) - 1;
2141
2142 first_block = (p_i93->ndef_tlv_start_offset / p_i93->block_size);
2143 } else {
2144 first_block = 0;
2145 }
2146
2147 last_block = (p_i93->ndef_tlv_last_offset / p_i93->block_size);
2148 num_blocks = length;
2149
2150 for (block = first_block; block < num_blocks; block++) {
2151 /* if any block of NDEF TLV is locked */
2152 if ((block + p_i93->rw_offset) <= last_block) {
2153 if (*(p + block) & I93_BLOCK_LOCKED) {
2154 p_i93->intl_flags |= RW_I93_FLAG_READ_ONLY;
2155 break;
2156 }
2157 } else {
2158 if (*(p + block) & I93_BLOCK_LOCKED) {
2159 /* no more consecutive unlocked block */
2160 break;
2161 } else {
2162 /* add block size if not locked */
2163 p_i93->max_ndef_length += p_i93->block_size;
2164 }
2165 }
2166 }
2167
2168 /* update next security of block to check */
2169 p_i93->rw_offset += num_blocks;
2170
2171 /* if need to check more */
2172 if (p_i93->num_block > p_i93->rw_offset) {
2173 if (rw_i93_get_next_block_sec() != NFC_STATUS_OK) {
2174 rw_i93_handle_error(NFC_STATUS_FAILED);
2175 }
2176 break;
2177 }
2178 }
2179
2180 /* check if need to adjust max NDEF length */
2181 if ((p_i93->ndef_length < 0xFF) && (p_i93->max_ndef_length >= 0xFF)) {
2182 /* 3 bytes length field must be used */
2183 p_i93->max_ndef_length -= 2;
2184 }
2185
2186 rw_data.ndef.status = NFC_STATUS_OK;
2187 rw_data.ndef.protocol = NFC_PROTOCOL_T5T;
2188 rw_data.ndef.flags = 0;
2189 rw_data.ndef.flags |= RW_NDEF_FL_SUPPORTED;
2190 rw_data.ndef.flags |= RW_NDEF_FL_FORMATED;
2191 rw_data.ndef.flags |= RW_NDEF_FL_FORMATABLE;
2192 rw_data.ndef.cur_size = p_i93->ndef_length;
2193
2194 if (p_i93->intl_flags & RW_I93_FLAG_READ_ONLY) {
2195 rw_data.ndef.flags |= RW_NDEF_FL_READ_ONLY;
2196 rw_data.ndef.max_size = p_i93->ndef_length;
2197 } else {
2198 rw_data.ndef.flags |= RW_NDEF_FL_HARD_LOCKABLE;
2199 rw_data.ndef.max_size = p_i93->max_ndef_length;
2200 }
2201
2202 p_i93->state = RW_I93_STATE_IDLE;
2203 p_i93->sent_cmd = 0;
2204
2205 LOG(VERBOSE) << StringPrintf(
2206 "%s - NDEF cur_size(%d),max_size (%d), flags (0x%x)", __func__,
2207 rw_data.ndef.cur_size, rw_data.ndef.max_size, rw_data.ndef.flags);
2208
2209 (*(rw_cb.p_cback))(RW_I93_NDEF_DETECT_EVT, &rw_data);
2210 break;
2211
2212 default:
2213 break;
2214 }
2215 }
2216
2217 /*******************************************************************************
2218 **
2219 ** Function rw_i93_sm_read_ndef
2220 **
2221 ** Description Process NDEF read procedure
2222 **
2223 ** Returns void
2224 **
2225 *******************************************************************************/
rw_i93_sm_read_ndef(NFC_HDR * p_resp)2226 void rw_i93_sm_read_ndef(NFC_HDR* p_resp) {
2227 uint8_t* p = (uint8_t*)(p_resp + 1) + p_resp->offset;
2228 uint8_t flags;
2229 uint32_t offset;
2230 uint16_t length = p_resp->len;
2231 tRW_I93_CB* p_i93 = &rw_cb.tcb.i93;
2232 tRW_DATA rw_data;
2233
2234 LOG(VERBOSE) << __func__;
2235
2236 if (length == 0) {
2237 android_errorWriteLog(0x534e4554, "122035770");
2238 rw_i93_handle_error(NFC_STATUS_FAILED);
2239 return;
2240 }
2241
2242 STREAM_TO_UINT8(flags, p);
2243 length--;
2244
2245 if (flags & I93_FLAG_ERROR_DETECTED) {
2246 LOG(VERBOSE) << StringPrintf("%s - Got error flags (0x%02x)", __func__,
2247 flags);
2248 rw_i93_handle_error(NFC_STATUS_FAILED);
2249 return;
2250 }
2251
2252 /* if this is the first block */
2253 if (p_i93->rw_length == 0) {
2254 /* get start of NDEF in the first block */
2255 offset = p_i93->ndef_tlv_start_offset % p_i93->block_size;
2256
2257 if (p_i93->ndef_length < 0xFF) {
2258 offset += 2;
2259 } else {
2260 offset += 4;
2261 }
2262
2263 /* adjust offset if read more blocks because the first block doesn't have
2264 * NDEF */
2265 offset -= (p_i93->rw_offset - p_i93->ndef_tlv_start_offset);
2266 } else {
2267 offset = 0;
2268 }
2269
2270 /* if read enough data to skip type and length field for the beginning */
2271 if (offset < length) {
2272 offset++; /* flags */
2273 p_resp->offset += offset;
2274 p_resp->len -= offset;
2275
2276 rw_data.data.status = NFC_STATUS_OK;
2277 rw_data.data.p_data = p_resp;
2278
2279 p_i93->rw_length += p_resp->len;
2280 } else {
2281 /* in case of no Ndef data included */
2282 p_resp->len = 0;
2283 }
2284
2285 /* if read all of NDEF data */
2286 if (p_i93->rw_length >= p_i93->ndef_length) {
2287 /* remove extra btyes in the last block */
2288 p_resp->len -= (p_i93->rw_length - p_i93->ndef_length);
2289
2290 p_i93->state = RW_I93_STATE_IDLE;
2291 p_i93->sent_cmd = 0;
2292
2293 LOG(VERBOSE) << StringPrintf("%s - NDEF read complete read (%d)/total (%d)",
2294 __func__, p_resp->len, p_i93->ndef_length);
2295
2296 (*(rw_cb.p_cback))(RW_I93_NDEF_READ_CPLT_EVT, &rw_data);
2297 } else {
2298 LOG(VERBOSE) << StringPrintf("%s - NDEF read segment read (%d)/total (%d)",
2299 __func__, p_resp->len, p_i93->ndef_length);
2300
2301 if (p_resp->len > 0) {
2302 (*(rw_cb.p_cback))(RW_I93_NDEF_READ_EVT, &rw_data);
2303 } else {
2304 // free buffer, if len == 0
2305 GKI_freebuf(p_resp);
2306 }
2307
2308 /* this will make read data from next block */
2309 p_i93->rw_offset += length;
2310
2311 if (rw_i93_get_next_blocks(p_i93->rw_offset) != NFC_STATUS_OK) {
2312 rw_i93_handle_error(NFC_STATUS_FAILED);
2313 }
2314 }
2315 }
2316
2317 /*******************************************************************************
2318 **
2319 ** Function rw_i93_sm_update_ndef
2320 **
2321 ** Description Process NDEF update procedure
2322 **
2323 ** 1. Set length field to zero
2324 ** 2. Write NDEF and Terminator TLV
2325 ** 3. Set length field to NDEF length
2326 **
2327 ** Returns void
2328 **
2329 *******************************************************************************/
rw_i93_sm_update_ndef(NFC_HDR * p_resp)2330 void rw_i93_sm_update_ndef(NFC_HDR* p_resp) {
2331 uint8_t* p = (uint8_t*)(p_resp + 1) + p_resp->offset;
2332 uint8_t flags, buff[I93_MAX_BLOCK_LENGH];
2333 uint16_t length = p_resp->len, xx;
2334 uint32_t length_offset, block_number;
2335
2336 tRW_I93_CB* p_i93 = &rw_cb.tcb.i93;
2337 tRW_DATA rw_data;
2338
2339 LOG(VERBOSE) << StringPrintf(
2340 "%s - sub_state:%s (0x%x)", __func__,
2341 rw_i93_get_sub_state_name(p_i93->sub_state).c_str(), p_i93->sub_state);
2342
2343 if (length == 0 || p_i93->block_size > I93_MAX_BLOCK_LENGH) {
2344 android_errorWriteLog(0x534e4554, "122320256");
2345 rw_i93_handle_error(NFC_STATUS_FAILED);
2346 return;
2347 }
2348
2349 STREAM_TO_UINT8(flags, p);
2350 length--;
2351
2352 if (flags & I93_FLAG_ERROR_DETECTED) {
2353 if (((p_i93->product_version == RW_I93_TAG_IT_HF_I_PLUS_INLAY) ||
2354 (p_i93->product_version == RW_I93_TAG_IT_HF_I_PLUS_CHIP) ||
2355 (p_i93->product_version == RW_I93_TAG_IT_HF_I_STD_CHIP_INLAY) ||
2356 (p_i93->product_version == RW_I93_TAG_IT_HF_I_PRO_CHIP_INLAY)) &&
2357 (*p == I93_ERROR_CODE_BLOCK_FAIL_TO_WRITE)) {
2358 /* ignore error */
2359 } else {
2360 LOG(VERBOSE) << StringPrintf("%s - Got error flags (0x%02x)", __func__,
2361 flags);
2362 rw_i93_handle_error(NFC_STATUS_FAILED);
2363 return;
2364 }
2365 }
2366
2367 switch (p_i93->sub_state) {
2368 case RW_I93_SUBSTATE_RESET_LEN:
2369
2370 /* get offset of length field */
2371 length_offset = (p_i93->ndef_tlv_start_offset + 1) % p_i93->block_size;
2372
2373 if (length < length_offset) {
2374 android_errorWriteLog(0x534e4554, "122320256");
2375 rw_i93_handle_error(NFC_STATUS_FAILED);
2376 return;
2377 }
2378
2379 /* set length to zero */
2380 *(p + length_offset) = 0x00;
2381
2382 if (p_i93->ndef_length > 0) {
2383 /* if 3 bytes length field is needed */
2384 if (p_i93->ndef_length >= 0xFF) {
2385 xx = length_offset + 3;
2386 } else {
2387 xx = length_offset + 1;
2388 }
2389
2390 /* write the first part of NDEF in the same block */
2391 for (; xx < p_i93->block_size; xx++) {
2392 if (xx > length || p_i93->rw_length > p_i93->ndef_length) {
2393 android_errorWriteLog(0x534e4554, "122320256");
2394 rw_i93_handle_error(NFC_STATUS_FAILED);
2395 return;
2396 }
2397 if (p_i93->rw_length < p_i93->ndef_length) {
2398 *(p + xx) = *(p_i93->p_update_data + p_i93->rw_length++);
2399 } else {
2400 *(p + xx) = I93_ICODE_TLV_TYPE_NULL;
2401 }
2402 }
2403 }
2404
2405 block_number = (p_i93->ndef_tlv_start_offset + 1) / p_i93->block_size;
2406
2407 if (length < p_i93->block_size) {
2408 android_errorWriteLog(0x534e4554, "143109193");
2409 rw_i93_handle_error(NFC_STATUS_FAILED);
2410 } else if (rw_i93_send_cmd_write_single_block(block_number, p) ==
2411 NFC_STATUS_OK) {
2412 /* update next writing offset */
2413 p_i93->rw_offset = (block_number + 1) * p_i93->block_size;
2414 p_i93->sub_state = RW_I93_SUBSTATE_WRITE_NDEF;
2415 } else {
2416 rw_i93_handle_error(NFC_STATUS_FAILED);
2417 }
2418 break;
2419
2420 case RW_I93_SUBSTATE_WRITE_NDEF:
2421
2422 /* if it's not the end of tag memory */
2423 if (p_i93->rw_offset < p_i93->block_size * p_i93->num_block) {
2424 block_number = p_i93->rw_offset / p_i93->block_size;
2425
2426 /* if we have more data to write */
2427 if (p_i93->rw_length < p_i93->ndef_length) {
2428 p = p_i93->p_update_data + p_i93->rw_length;
2429
2430 p_i93->rw_offset += p_i93->block_size;
2431 p_i93->rw_length += p_i93->block_size;
2432
2433 /* if this is the last block of NDEF TLV */
2434 if (p_i93->rw_length > p_i93->ndef_length) {
2435 /* length of NDEF TLV in the block */
2436 xx = (uint8_t)(p_i93->block_size -
2437 (p_i93->rw_length - p_i93->ndef_length));
2438
2439 /* set NULL TLV in the unused part of block */
2440 memset(buff, I93_ICODE_TLV_TYPE_NULL, p_i93->block_size);
2441 memcpy(buff, p, xx);
2442 p = buff;
2443
2444 /* if it's the end of tag memory */
2445 if ((p_i93->rw_offset >= p_i93->block_size * p_i93->num_block) &&
2446 (xx < p_i93->block_size)) {
2447 buff[xx] = I93_ICODE_TLV_TYPE_TERM;
2448 }
2449
2450 p_i93->ndef_tlv_last_offset =
2451 p_i93->rw_offset - p_i93->block_size + xx - 1;
2452 }
2453
2454 if (rw_i93_send_cmd_write_single_block(block_number, p) !=
2455 NFC_STATUS_OK) {
2456 rw_i93_handle_error(NFC_STATUS_FAILED);
2457 }
2458 } else {
2459 /* if this is the very next block of NDEF TLV */
2460 if (block_number ==
2461 (p_i93->ndef_tlv_last_offset / p_i93->block_size) + 1) {
2462 p_i93->rw_offset += p_i93->block_size;
2463
2464 /* write Terminator TLV and NULL TLV */
2465 memset(buff, I93_ICODE_TLV_TYPE_NULL, p_i93->block_size);
2466 buff[0] = I93_ICODE_TLV_TYPE_TERM;
2467 p = buff;
2468
2469 if (rw_i93_send_cmd_write_single_block(block_number, p) !=
2470 NFC_STATUS_OK) {
2471 rw_i93_handle_error(NFC_STATUS_FAILED);
2472 }
2473 } else {
2474 /* finished writing NDEF and Terminator TLV */
2475 /* read length field to update length */
2476 block_number =
2477 (p_i93->ndef_tlv_start_offset + 1) / p_i93->block_size;
2478
2479 if (rw_i93_send_cmd_read_single_block(block_number, false) ==
2480 NFC_STATUS_OK) {
2481 /* set offset to length field */
2482 p_i93->rw_offset = p_i93->ndef_tlv_start_offset + 1;
2483
2484 /* get size of length field */
2485 if (p_i93->ndef_length >= 0xFF) {
2486 p_i93->rw_length = 3;
2487 } else if (p_i93->ndef_length > 0) {
2488 p_i93->rw_length = 1;
2489 } else {
2490 p_i93->rw_length = 0;
2491 }
2492
2493 p_i93->sub_state = RW_I93_SUBSTATE_UPDATE_LEN;
2494 } else {
2495 rw_i93_handle_error(NFC_STATUS_FAILED);
2496 }
2497 }
2498 }
2499 } else {
2500 /* if we have no more data to write */
2501 if (p_i93->rw_length >= p_i93->ndef_length) {
2502 /* finished writing NDEF and Terminator TLV */
2503 /* read length field to update length */
2504 block_number = (p_i93->ndef_tlv_start_offset + 1) / p_i93->block_size;
2505
2506 if (rw_i93_send_cmd_read_single_block(block_number, false) ==
2507 NFC_STATUS_OK) {
2508 /* set offset to length field */
2509 p_i93->rw_offset = p_i93->ndef_tlv_start_offset + 1;
2510
2511 /* get size of length field */
2512 if (p_i93->ndef_length >= 0xFF) {
2513 p_i93->rw_length = 3;
2514 } else if (p_i93->ndef_length > 0) {
2515 p_i93->rw_length = 1;
2516 } else {
2517 p_i93->rw_length = 0;
2518 }
2519
2520 p_i93->sub_state = RW_I93_SUBSTATE_UPDATE_LEN;
2521 break;
2522 }
2523 }
2524 rw_i93_handle_error(NFC_STATUS_FAILED);
2525 }
2526 break;
2527
2528 case RW_I93_SUBSTATE_UPDATE_LEN:
2529
2530 /* if we have more length field to write */
2531 if (p_i93->rw_length > 0) {
2532 /* if we got ack for writing, read next block to update rest of length
2533 * field */
2534 if (length == 0) {
2535 block_number = p_i93->rw_offset / p_i93->block_size;
2536
2537 if (rw_i93_send_cmd_read_single_block(block_number, false) !=
2538 NFC_STATUS_OK) {
2539 rw_i93_handle_error(NFC_STATUS_FAILED);
2540 }
2541 } else {
2542 length_offset = p_i93->rw_offset % p_i93->block_size;
2543
2544 /* update length field within the read block */
2545 for (xx = length_offset; xx < p_i93->block_size; xx++) {
2546 if (xx > length) {
2547 android_errorWriteLog(0x534e4554, "122320256");
2548 rw_i93_handle_error(NFC_STATUS_FAILED);
2549 return;
2550 }
2551
2552 if (p_i93->rw_length == 3)
2553 *(p + xx) = 0xFF;
2554 else if (p_i93->rw_length == 2)
2555 *(p + xx) = (uint8_t)((p_i93->ndef_length >> 8) & 0xFF);
2556 else if (p_i93->rw_length == 1)
2557 *(p + xx) = (uint8_t)(p_i93->ndef_length & 0xFF);
2558
2559 p_i93->rw_length--;
2560 if (p_i93->rw_length == 0) break;
2561 }
2562
2563 block_number = (p_i93->rw_offset / p_i93->block_size);
2564
2565 if (length < p_i93->block_size) {
2566 android_errorWriteLog(0x534e4554, "143155861");
2567 rw_i93_handle_error(NFC_STATUS_FAILED);
2568 } else if (rw_i93_send_cmd_write_single_block(block_number, p) ==
2569 NFC_STATUS_OK) {
2570 /* set offset to the beginning of next block */
2571 p_i93->rw_offset +=
2572 p_i93->block_size - (p_i93->rw_offset % p_i93->block_size);
2573 } else {
2574 rw_i93_handle_error(NFC_STATUS_FAILED);
2575 }
2576 }
2577 } else {
2578 LOG(VERBOSE) << StringPrintf(
2579 "%s - NDEF update complete, %d bytes, (%d-%d)", __func__,
2580 p_i93->ndef_length, p_i93->ndef_tlv_start_offset,
2581 p_i93->ndef_tlv_last_offset);
2582
2583 p_i93->state = RW_I93_STATE_IDLE;
2584 p_i93->sent_cmd = 0;
2585 p_i93->p_update_data = nullptr;
2586
2587 rw_data.status = NFC_STATUS_OK;
2588 (*(rw_cb.p_cback))(RW_I93_NDEF_UPDATE_CPLT_EVT, &rw_data);
2589 }
2590 break;
2591
2592 default:
2593 break;
2594 }
2595 }
2596
2597 /*******************************************************************************
2598 **
2599 ** Function rw_i93_sm_format
2600 **
2601 ** Description Process format procedure
2602 **
2603 ** 1. Get UID
2604 ** 2. Get sys info for memory size (reset AFI/DSFID)
2605 ** 3. Get block status to get read-only status
2606 ** 4. Write CC and empty NDEF
2607 **
2608 ** Returns void
2609 **
2610 *******************************************************************************/
rw_i93_sm_format(NFC_HDR * p_resp)2611 void rw_i93_sm_format(NFC_HDR* p_resp) {
2612 uint8_t *p = (uint8_t*)(p_resp + 1) + p_resp->offset, *p_uid;
2613 uint8_t flags;
2614 uint16_t length = p_resp->len, xx;
2615 uint32_t block_number;
2616 tRW_I93_CB* p_i93 = &rw_cb.tcb.i93;
2617 tRW_DATA rw_data;
2618 tNFC_STATUS status = NFC_STATUS_FAILED;
2619
2620 LOG(VERBOSE) << StringPrintf(
2621 "sub_state:%s (0x%x)",
2622 rw_i93_get_sub_state_name(p_i93->sub_state).c_str(), p_i93->sub_state);
2623
2624 if (length == 0) {
2625 android_errorWriteLog(0x534e4554, "122323053");
2626 return;
2627 }
2628 STREAM_TO_UINT8(flags, p);
2629 length--;
2630
2631 if (flags & I93_FLAG_ERROR_DETECTED) {
2632 if (((p_i93->product_version == RW_I93_TAG_IT_HF_I_PLUS_INLAY) ||
2633 (p_i93->product_version == RW_I93_TAG_IT_HF_I_PLUS_CHIP) ||
2634 (p_i93->product_version == RW_I93_TAG_IT_HF_I_STD_CHIP_INLAY) ||
2635 (p_i93->product_version == RW_I93_TAG_IT_HF_I_PRO_CHIP_INLAY)) &&
2636 (*p == I93_ERROR_CODE_BLOCK_FAIL_TO_WRITE)) {
2637 /* ignore error */
2638 } else if ((length) && (rw_i93_check_sys_info_prot_ext(*p))) {
2639 /* getting system info with protocol extension flag */
2640 /* This STM & ONS tag supports more than 2040 bytes */
2641 p_i93->intl_flags |= RW_I93_FLAG_16BIT_NUM_BLOCK;
2642 return;
2643 } else {
2644 LOG(VERBOSE) << StringPrintf("Got error flags (0x%02x)", flags);
2645 rw_i93_handle_error(NFC_STATUS_FAILED);
2646 return;
2647 }
2648 }
2649
2650 switch (p_i93->sub_state) {
2651 case RW_I93_SUBSTATE_WAIT_UID:
2652
2653 if (length < (I93_UID_BYTE_LEN + 1)) {
2654 android_errorWriteLog(0x534e4554, "122323053");
2655 return;
2656 }
2657 p++; /* skip DSFID */
2658 p_uid = p_i93->uid;
2659 STREAM_TO_ARRAY8(p_uid, p); /* store UID */
2660
2661 /* get system information to get memory size */
2662 if (rw_i93_send_cmd_get_sys_info(nullptr, I93_FLAG_PROT_EXT_NO) ==
2663 NFC_STATUS_OK) {
2664 p_i93->sub_state = RW_I93_SUBSTATE_WAIT_SYS_INFO;
2665 } else {
2666 rw_i93_handle_error(NFC_STATUS_FAILED);
2667 }
2668 break;
2669
2670 case RW_I93_SUBSTATE_WAIT_SYS_INFO:
2671
2672 p_i93->block_size = 0;
2673 p_i93->num_block = 0;
2674
2675 if (!rw_i93_process_sys_info(p, length)) {
2676 /* retrying with protocol extension flag */
2677 break;
2678 }
2679
2680 if (p_i93->info_flags & I93_INFO_FLAG_DSFID) {
2681 /* DSFID, if any DSFID then reset */
2682 if (p_i93->dsfid != I93_DFS_UNSUPPORTED) {
2683 p_i93->intl_flags |= RW_I93_FLAG_RESET_DSFID;
2684 }
2685 }
2686 if (p_i93->info_flags & I93_INFO_FLAG_AFI) {
2687 /* AFI, reset to 0 */
2688 if (p_i93->afi != 0x00) {
2689 p_i93->intl_flags |= RW_I93_FLAG_RESET_AFI;
2690 }
2691 }
2692
2693 if ((p_i93->block_size == 0) || (p_i93->num_block == 0)) {
2694 LOG(VERBOSE) << StringPrintf("Unable to get tag memory size");
2695 rw_i93_handle_error(status);
2696 } else if (p_i93->intl_flags & RW_I93_FLAG_RESET_DSFID) {
2697 if (rw_i93_send_cmd_write_dsfid(I93_DFS_UNSUPPORTED) == NFC_STATUS_OK) {
2698 p_i93->sub_state = RW_I93_SUBSTATE_WAIT_RESET_DSFID_AFI;
2699 } else {
2700 rw_i93_handle_error(NFC_STATUS_FAILED);
2701 }
2702 } else if (p_i93->intl_flags & RW_I93_FLAG_RESET_AFI) {
2703 if (rw_i93_send_cmd_write_afi(0x00) == NFC_STATUS_OK) {
2704 p_i93->sub_state = RW_I93_SUBSTATE_WAIT_RESET_DSFID_AFI;
2705 } else {
2706 rw_i93_handle_error(NFC_STATUS_FAILED);
2707 }
2708 } else {
2709 /* get lock status to see if read-only */
2710 if ((p_i93->uid[1] == I93_UID_IC_MFG_CODE_NXP) &&
2711 (p_i93->ic_reference & I93_ICODE_IC_REF_MBREAD_MASK)) {
2712 /* these doesn't support GetMultiBlockSecurityStatus */
2713
2714 rw_cb.tcb.i93.rw_offset = 0;
2715
2716 /* read blocks with option flag to get block security status */
2717 if (rw_i93_send_cmd_read_single_block(0x0000, true) ==
2718 NFC_STATUS_OK) {
2719 p_i93->sub_state = RW_I93_SUBSTATE_CHECK_READ_ONLY;
2720 } else {
2721 rw_i93_handle_error(NFC_STATUS_FAILED);
2722 }
2723 } else {
2724 /* block offset for read-only check */
2725 p_i93->rw_offset = 0;
2726
2727 if (rw_i93_get_next_block_sec() == NFC_STATUS_OK) {
2728 p_i93->sub_state = RW_I93_SUBSTATE_CHECK_READ_ONLY;
2729 } else {
2730 rw_i93_handle_error(NFC_STATUS_FAILED);
2731 }
2732 }
2733 }
2734
2735 break;
2736
2737 case RW_I93_SUBSTATE_WAIT_RESET_DSFID_AFI:
2738
2739 if (p_i93->sent_cmd == I93_CMD_WRITE_DSFID) {
2740 p_i93->intl_flags &= ~RW_I93_FLAG_RESET_DSFID;
2741 } else if (p_i93->sent_cmd == I93_CMD_WRITE_AFI) {
2742 p_i93->intl_flags &= ~RW_I93_FLAG_RESET_AFI;
2743 }
2744
2745 if (p_i93->intl_flags & RW_I93_FLAG_RESET_DSFID) {
2746 if (rw_i93_send_cmd_write_dsfid(I93_DFS_UNSUPPORTED) == NFC_STATUS_OK) {
2747 p_i93->sub_state = RW_I93_SUBSTATE_WAIT_RESET_DSFID_AFI;
2748 } else {
2749 rw_i93_handle_error(NFC_STATUS_FAILED);
2750 }
2751 } else if (p_i93->intl_flags & RW_I93_FLAG_RESET_AFI) {
2752 if (rw_i93_send_cmd_write_afi(0x00) == NFC_STATUS_OK) {
2753 p_i93->sub_state = RW_I93_SUBSTATE_WAIT_RESET_DSFID_AFI;
2754 } else {
2755 rw_i93_handle_error(NFC_STATUS_FAILED);
2756 }
2757 } else {
2758 /* get lock status to see if read-only */
2759 if ((p_i93->uid[1] == I93_UID_IC_MFG_CODE_NXP) &&
2760 (p_i93->ic_reference & I93_ICODE_IC_REF_MBREAD_MASK)) {
2761 /* these doesn't support GetMultiBlockSecurityStatus */
2762
2763 rw_cb.tcb.i93.rw_offset = 0;
2764
2765 /* read blocks with option flag to get block security status */
2766 if (rw_i93_send_cmd_read_single_block(0x0000, true) ==
2767 NFC_STATUS_OK) {
2768 p_i93->sub_state = RW_I93_SUBSTATE_CHECK_READ_ONLY;
2769 } else {
2770 rw_i93_handle_error(NFC_STATUS_FAILED);
2771 }
2772 } else {
2773 /* block offset for read-only check */
2774 p_i93->rw_offset = 0;
2775
2776 if (rw_i93_get_next_block_sec() == NFC_STATUS_OK) {
2777 p_i93->sub_state = RW_I93_SUBSTATE_CHECK_READ_ONLY;
2778 } else {
2779 rw_i93_handle_error(NFC_STATUS_FAILED);
2780 }
2781 }
2782 }
2783 break;
2784
2785 case RW_I93_SUBSTATE_CHECK_READ_ONLY:
2786
2787 if ((p_i93->product_version == RW_I93_TAG_IT_HF_I_STD_CHIP_INLAY) ||
2788 (p_i93->product_version == RW_I93_TAG_IT_HF_I_PRO_CHIP_INLAY) ||
2789 ((p_i93->uid[1] == I93_UID_IC_MFG_CODE_NXP) &&
2790 (p_i93->ic_reference & I93_ICODE_IC_REF_MBREAD_MASK))) {
2791 if (length == 0 || ((*p) & I93_BLOCK_LOCKED)) {
2792 rw_i93_handle_error(NFC_STATUS_FAILED);
2793 break;
2794 }
2795
2796 /* if we checked all of user blocks */
2797 if ((p_i93->rw_offset / p_i93->block_size) + 1 == p_i93->num_block) {
2798 if ((p_i93->product_version == RW_I93_TAG_IT_HF_I_STD_CHIP_INLAY) ||
2799 (p_i93->product_version == RW_I93_TAG_IT_HF_I_PRO_CHIP_INLAY)) {
2800 /* read the block which has AFI */
2801 p_i93->rw_offset = I93_TAG_IT_HF_I_STD_PRO_CHIP_INLAY_AFI_LOCATION;
2802 rw_i93_send_cmd_read_single_block(
2803 (uint32_t)(p_i93->rw_offset / p_i93->block_size), true);
2804 break;
2805 }
2806 } else if (p_i93->rw_offset ==
2807 I93_TAG_IT_HF_I_STD_PRO_CHIP_INLAY_AFI_LOCATION) {
2808 /* no block is locked */
2809 } else {
2810 p_i93->rw_offset += p_i93->block_size;
2811 rw_i93_send_cmd_read_single_block(
2812 (uint32_t)(p_i93->rw_offset / p_i93->block_size), true);
2813 break;
2814 }
2815 } else {
2816 /* if any block is locked, we cannot format it */
2817 for (xx = 0; xx < length; xx++) {
2818 if (*(p + xx) & I93_BLOCK_LOCKED) {
2819 rw_i93_handle_error(NFC_STATUS_FAILED);
2820 break;
2821 }
2822 }
2823
2824 /* update block offset for read-only check */
2825 p_i93->rw_offset += length;
2826
2827 /* if need to get more lock status of blocks */
2828 if (p_i93->num_block > p_i93->rw_offset) {
2829 if (rw_i93_get_next_block_sec() != NFC_STATUS_OK) {
2830 rw_i93_handle_error(NFC_STATUS_FAILED);
2831 }
2832 break;
2833 }
2834 }
2835
2836 /* get buffer to store CC, zero length NDEF TLV and Terminator TLV */
2837 /* Block size could be either 4 or 8 or 16 or 32 bytes */
2838 /* Get buffer for the largest block size I93_MAX_BLOCK_LENGH */
2839 p_i93->p_update_data = (uint8_t*)GKI_getbuf(I93_MAX_BLOCK_LENGH);
2840
2841 if (!p_i93->p_update_data) {
2842 LOG(ERROR) << StringPrintf("Cannot allocate buffer");
2843 rw_i93_handle_error(NFC_STATUS_FAILED);
2844 break;
2845 } else {
2846 switch (p_i93->block_size) {
2847 case 4:
2848 case 8:
2849 break;
2850 case 16:
2851 case 32: /* initialize unpopulated buffer b/139738828 */
2852 memset(p_i93->p_update_data, I93_ICODE_TLV_TYPE_NULL,
2853 I93_MAX_BLOCK_LENGH);
2854 break;
2855 default:
2856 android_errorWriteLog(0x534e4554, "157650336");
2857 rw_i93_handle_error(NFC_STATUS_FAILED);
2858 return;
2859 }
2860 }
2861
2862 p = p_i93->p_update_data;
2863
2864 /* Capability Container */
2865 *(p++) = I93_ICODE_CC_MAGIC_NUMER_E1; /* magic number */
2866 *(p++) = 0x40; /* version 1.0, read/write */
2867
2868 /* if memory size is less than 2048 bytes */
2869 if (((p_i93->num_block * p_i93->block_size) / 8) < 0x100)
2870 *(p++) = (uint8_t)((p_i93->num_block * p_i93->block_size) /
2871 8); /* memory size */
2872 else
2873 *(p++) = 0xFF;
2874
2875 if ((p_i93->product_version == RW_I93_ICODE_SLI) ||
2876 (p_i93->product_version == RW_I93_ICODE_SLI_S) ||
2877 (p_i93->product_version == RW_I93_ICODE_SLI_L)) {
2878 if (p_i93->ic_reference & I93_ICODE_IC_REF_MBREAD_MASK)
2879 *(p++) = I93_ICODE_CC_IPREAD_MASK; /* IPREAD */
2880 else
2881 *(p++) = I93_ICODE_CC_MBREAD_MASK; /* MBREAD, read multi block command
2882 supported */
2883 } else if ((p_i93->product_version == RW_I93_TAG_IT_HF_I_PLUS_INLAY) ||
2884 (p_i93->product_version == RW_I93_TAG_IT_HF_I_PLUS_CHIP)) {
2885 *(p++) = I93_ICODE_CC_MBREAD_MASK; /* MBREAD, read multi block command
2886 supported */
2887 } else if ((p_i93->product_version ==
2888 RW_I93_TAG_IT_HF_I_STD_CHIP_INLAY) ||
2889 (p_i93->product_version ==
2890 RW_I93_TAG_IT_HF_I_PRO_CHIP_INLAY)) {
2891 *(p++) = 0;
2892 } else {
2893 /* STM except LRIS2K, ONS, Broadcom supports read multi block command */
2894
2895 /* if memory size is more than 2040 bytes (which is not LRIS2K) */
2896 if (((p_i93->num_block * p_i93->block_size) / 8) > 0xFF)
2897 *(p++) = (I93_ICODE_CC_MBREAD_MASK | I93_STM_CC_OVERFLOW_MASK);
2898 else if (p_i93->product_version == RW_I93_STM_LRIS2K)
2899 *(p++) = 0x00;
2900 else
2901 *(p++) = I93_ICODE_CC_MBREAD_MASK;
2902 }
2903
2904 /* zero length NDEF and Terminator TLV */
2905 *(p++) = I93_ICODE_TLV_TYPE_NDEF;
2906 *(p++) = 0x00;
2907 *(p++) = I93_ICODE_TLV_TYPE_TERM;
2908 *(p++) = I93_ICODE_TLV_TYPE_NULL;
2909
2910 /* start from block 0 */
2911 p_i93->rw_offset = 0;
2912
2913 if (rw_i93_send_cmd_write_single_block(0, p_i93->p_update_data) ==
2914 NFC_STATUS_OK) {
2915 p_i93->sub_state = RW_I93_SUBSTATE_WRITE_CC_NDEF_TLV;
2916 p_i93->rw_offset += p_i93->block_size;
2917 } else {
2918 rw_i93_handle_error(NFC_STATUS_FAILED);
2919 }
2920 break;
2921
2922 case RW_I93_SUBSTATE_WRITE_CC_NDEF_TLV:
2923
2924 /* if we have more data to write */
2925 if (p_i93->rw_offset < RW_I93_FORMAT_DATA_LEN) {
2926 block_number = (p_i93->rw_offset / p_i93->block_size);
2927 p = p_i93->p_update_data + p_i93->rw_offset;
2928
2929 if (rw_i93_send_cmd_write_single_block(block_number, p) ==
2930 NFC_STATUS_OK) {
2931 p_i93->sub_state = RW_I93_SUBSTATE_WRITE_CC_NDEF_TLV;
2932 p_i93->rw_offset += p_i93->block_size;
2933 } else {
2934 rw_i93_handle_error(NFC_STATUS_FAILED);
2935 }
2936 } else {
2937 GKI_freebuf(p_i93->p_update_data);
2938 p_i93->p_update_data = nullptr;
2939
2940 p_i93->state = RW_I93_STATE_IDLE;
2941 p_i93->sent_cmd = 0;
2942
2943 rw_data.status = NFC_STATUS_OK;
2944 (*(rw_cb.p_cback))(RW_I93_FORMAT_CPLT_EVT, &rw_data);
2945 }
2946 break;
2947
2948 default:
2949 break;
2950 }
2951 }
2952
2953 /*******************************************************************************
2954 **
2955 ** Function rw_i93_sm_set_read_only
2956 **
2957 ** Description Process read-only procedure
2958 **
2959 ** 1. Update CC as read-only
2960 ** 2. Lock all block of NDEF TLV
2961 ** 3. Lock block of CC
2962 **
2963 ** Returns void
2964 **
2965 *******************************************************************************/
rw_i93_sm_set_read_only(NFC_HDR * p_resp)2966 void rw_i93_sm_set_read_only(NFC_HDR* p_resp) {
2967 uint8_t* p = (uint8_t*)(p_resp + 1) + p_resp->offset;
2968 uint8_t flags, block_number;
2969 uint16_t length = p_resp->len;
2970 tRW_I93_CB* p_i93 = &rw_cb.tcb.i93;
2971 tRW_DATA rw_data;
2972
2973 LOG(VERBOSE) << StringPrintf(
2974 "sub_state:%s (0x%x)",
2975 rw_i93_get_sub_state_name(p_i93->sub_state).c_str(), p_i93->sub_state);
2976
2977 if (length == 0) {
2978 android_errorWriteLog(0x534e4554, "122322613");
2979 rw_i93_handle_error(NFC_STATUS_FAILED);
2980 return;
2981 }
2982
2983 STREAM_TO_UINT8(flags, p);
2984 length--;
2985
2986 if (flags & I93_FLAG_ERROR_DETECTED) {
2987 if (((p_i93->product_version == RW_I93_TAG_IT_HF_I_PLUS_INLAY) ||
2988 (p_i93->product_version == RW_I93_TAG_IT_HF_I_PLUS_CHIP) ||
2989 (p_i93->product_version == RW_I93_TAG_IT_HF_I_STD_CHIP_INLAY) ||
2990 (p_i93->product_version == RW_I93_TAG_IT_HF_I_PRO_CHIP_INLAY)) &&
2991 (*p == I93_ERROR_CODE_BLOCK_FAIL_TO_WRITE)) {
2992 /* ignore error */
2993 } else {
2994 LOG(VERBOSE) << StringPrintf("Got error flags (0x%02x)", flags);
2995 rw_i93_handle_error(NFC_STATUS_FAILED);
2996 return;
2997 }
2998 }
2999
3000 switch (p_i93->sub_state) {
3001 case RW_I93_SUBSTATE_WAIT_CC:
3002
3003 if (length < RW_I93_CC_SIZE) {
3004 android_errorWriteLog(0x534e4554, "139188579");
3005 rw_i93_handle_error(NFC_STATUS_FAILED);
3006 return;
3007 }
3008
3009 /* mark CC as read-only */
3010 *(p + 1) |= I93_ICODE_CC_READ_ONLY;
3011
3012 if (length < p_i93->block_size) {
3013 android_errorWriteLog(0x534e4554, "143106535");
3014 rw_i93_handle_error(NFC_STATUS_FAILED);
3015 } else if (rw_i93_send_cmd_write_single_block(0, p) == NFC_STATUS_OK) {
3016 p_i93->sub_state = RW_I93_SUBSTATE_WAIT_UPDATE_CC;
3017 } else {
3018 rw_i93_handle_error(NFC_STATUS_FAILED);
3019 }
3020 break;
3021
3022 case RW_I93_SUBSTATE_WAIT_UPDATE_CC:
3023
3024 /* successfully write CC then lock all blocks of NDEF TLV */
3025 p_i93->rw_offset = p_i93->ndef_tlv_start_offset;
3026 block_number = (uint8_t)(p_i93->rw_offset / p_i93->block_size);
3027
3028 if (rw_i93_send_cmd_lock_block(block_number) == NFC_STATUS_OK) {
3029 p_i93->rw_offset += p_i93->block_size;
3030 p_i93->sub_state = RW_I93_SUBSTATE_LOCK_NDEF_TLV;
3031 } else {
3032 rw_i93_handle_error(NFC_STATUS_FAILED);
3033 }
3034 break;
3035
3036 case RW_I93_SUBSTATE_LOCK_NDEF_TLV:
3037
3038 /* if we need to lock more blocks */
3039 if (p_i93->rw_offset < p_i93->ndef_tlv_last_offset) {
3040 /* get the next block of NDEF TLV */
3041 block_number = (uint8_t)(p_i93->rw_offset / p_i93->block_size);
3042
3043 if (rw_i93_send_cmd_lock_block(block_number) == NFC_STATUS_OK) {
3044 p_i93->rw_offset += p_i93->block_size;
3045 } else {
3046 rw_i93_handle_error(NFC_STATUS_FAILED);
3047 }
3048 }
3049 /* if the first block of NDEF TLV is different from block of CC */
3050 else if (p_i93->ndef_tlv_start_offset / p_i93->block_size != 0) {
3051 /* lock block of CC */
3052 if (rw_i93_send_cmd_lock_block(0) == NFC_STATUS_OK) {
3053 p_i93->sub_state = RW_I93_SUBSTATE_WAIT_LOCK_CC;
3054 } else {
3055 rw_i93_handle_error(NFC_STATUS_FAILED);
3056 }
3057 } else {
3058 p_i93->intl_flags |= RW_I93_FLAG_READ_ONLY;
3059 p_i93->state = RW_I93_STATE_IDLE;
3060 p_i93->sent_cmd = 0;
3061
3062 rw_data.status = NFC_STATUS_OK;
3063 (*(rw_cb.p_cback))(RW_I93_SET_TAG_RO_EVT, &rw_data);
3064 }
3065 break;
3066
3067 case RW_I93_SUBSTATE_WAIT_LOCK_CC:
3068
3069 p_i93->intl_flags |= RW_I93_FLAG_READ_ONLY;
3070 p_i93->state = RW_I93_STATE_IDLE;
3071 p_i93->sent_cmd = 0;
3072
3073 rw_data.status = NFC_STATUS_OK;
3074 (*(rw_cb.p_cback))(RW_I93_SET_TAG_RO_EVT, &rw_data);
3075 break;
3076
3077 default:
3078 break;
3079 }
3080 }
3081
3082 /*******************************************************************************
3083 **
3084 ** Function rw_i93_handle_error
3085 **
3086 ** Description notify error to application and clean up
3087 **
3088 ** Returns none
3089 **
3090 *******************************************************************************/
rw_i93_handle_error(tNFC_STATUS status)3091 void rw_i93_handle_error(tNFC_STATUS status) {
3092 tRW_I93_CB* p_i93 = &rw_cb.tcb.i93;
3093 tRW_DATA rw_data;
3094 tRW_EVENT event;
3095
3096 LOG(VERBOSE) << StringPrintf("%s - status:0x%02X, state:0x%X", __func__, status,
3097 p_i93->state);
3098
3099 nfc_stop_quick_timer(&p_i93->timer);
3100
3101 if (rw_cb.p_cback) {
3102 rw_data.status = status;
3103 switch (p_i93->state) {
3104 case RW_I93_STATE_IDLE: /* in case of RawFrame */
3105 event = RW_I93_INTF_ERROR_EVT;
3106 break;
3107
3108 case RW_I93_STATE_BUSY:
3109 if (p_i93->sent_cmd == I93_CMD_STAY_QUIET) {
3110 /* There is no response to Stay Quiet command */
3111 rw_data.i93_cmd_cmpl.status = NFC_STATUS_OK;
3112 rw_data.i93_cmd_cmpl.command = I93_CMD_STAY_QUIET;
3113 rw_data.i93_cmd_cmpl.error_code = 0;
3114 event = RW_I93_CMD_CMPL_EVT;
3115 } else {
3116 event = RW_I93_INTF_ERROR_EVT;
3117 }
3118 break;
3119
3120 case RW_I93_STATE_DETECT_NDEF:
3121 rw_data.ndef.protocol = NFC_PROTOCOL_T5T;
3122 rw_data.ndef.cur_size = 0;
3123 rw_data.ndef.max_size = 0;
3124 rw_data.ndef.flags = 0;
3125 rw_data.ndef.flags |= RW_NDEF_FL_FORMATABLE;
3126 rw_data.ndef.flags |= RW_NDEF_FL_UNKNOWN;
3127 event = RW_I93_NDEF_DETECT_EVT;
3128 break;
3129
3130 case RW_I93_STATE_READ_NDEF:
3131 event = RW_I93_NDEF_READ_FAIL_EVT;
3132 break;
3133
3134 case RW_I93_STATE_UPDATE_NDEF:
3135 p_i93->p_update_data = nullptr;
3136 event = RW_I93_NDEF_UPDATE_FAIL_EVT;
3137 break;
3138
3139 case RW_I93_STATE_FORMAT:
3140 if (p_i93->p_update_data) {
3141 GKI_freebuf(p_i93->p_update_data);
3142 p_i93->p_update_data = nullptr;
3143 }
3144 event = RW_I93_FORMAT_CPLT_EVT;
3145 break;
3146
3147 case RW_I93_STATE_SET_READ_ONLY:
3148 event = RW_I93_SET_TAG_RO_EVT;
3149 break;
3150
3151 case RW_I93_STATE_PRESENCE_CHECK:
3152 event = RW_I93_PRESENCE_CHECK_EVT;
3153 LOG(VERBOSE) << StringPrintf("%s - in pres check, may change status:0x%X",
3154 __func__, status);
3155 if (status == NFC_STATUS_TIMEOUT) {
3156 rw_data.status = NFC_STATUS_RF_FRAME_CORRUPTED;
3157 }
3158 break;
3159
3160 default:
3161 event = RW_I93_MAX_EVT;
3162 break;
3163 }
3164
3165 p_i93->state = RW_I93_STATE_IDLE;
3166 p_i93->sent_cmd = 0;
3167
3168 if (event != RW_I93_MAX_EVT) {
3169 (*(rw_cb.p_cback))(event, &rw_data);
3170 }
3171 } else {
3172 p_i93->state = RW_I93_STATE_IDLE;
3173 }
3174 }
3175
3176 /*******************************************************************************
3177 **
3178 ** Function rw_i93_process_timeout
3179 **
3180 ** Description process timeout event
3181 **
3182 ** Returns none
3183 **
3184 *******************************************************************************/
rw_i93_process_timeout(TIMER_LIST_ENT * p_tle)3185 void rw_i93_process_timeout(TIMER_LIST_ENT* p_tle) {
3186 NFC_HDR* p_buf;
3187
3188 LOG(VERBOSE) << StringPrintf("%s - event=%d", __func__, p_tle->event);
3189
3190 if (rw_cb.tcb.i93.state == RW_I93_STATE_PRESENCE_CHECK) {
3191 rw_i93_handle_error(NFC_STATUS_RF_FRAME_CORRUPTED);
3192 return;
3193 }
3194 if (p_tle->event == NFC_TTYPE_RW_I93_RESPONSE) {
3195 if ((rw_cb.tcb.i93.retry_count < RW_MAX_RETRIES) &&
3196 (rw_cb.tcb.i93.p_retry_cmd) &&
3197 (rw_cb.tcb.i93.sent_cmd != I93_CMD_STAY_QUIET)) {
3198 rw_cb.tcb.i93.retry_count++;
3199 LOG(ERROR) << StringPrintf("%s - retry_count = %d", __func__,
3200 rw_cb.tcb.i93.retry_count);
3201
3202 p_buf = rw_cb.tcb.i93.p_retry_cmd;
3203 rw_cb.tcb.i93.p_retry_cmd = nullptr;
3204
3205 if (rw_i93_send_to_lower(p_buf)) {
3206 return;
3207 }
3208 }
3209
3210 /* all retrial is done or failed to send command to lower layer */
3211 if (rw_cb.tcb.i93.p_retry_cmd) {
3212 GKI_freebuf(rw_cb.tcb.i93.p_retry_cmd);
3213 rw_cb.tcb.i93.p_retry_cmd = nullptr;
3214 rw_cb.tcb.i93.retry_count = 0;
3215 }
3216
3217 if (t5t_no_getsysinfo() &&
3218 ((rw_cb.tcb.i93.sent_cmd == I93_CMD_GET_SYS_INFO) ||
3219 (rw_cb.tcb.i93.sent_cmd == I93_CMD_EXT_GET_SYS_INFO))) {
3220 /* read CC in the first block */
3221 rw_cb.tcb.i93.intl_flags = 0;
3222 rw_i93_send_cmd_read_single_block(0x0000, false);
3223 rw_cb.tcb.i93.sub_state = RW_I93_SUBSTATE_WAIT_CC;
3224 return;
3225 }
3226 rw_i93_handle_error(NFC_STATUS_TIMEOUT);
3227 } else {
3228 LOG(ERROR) << StringPrintf("%s - unknown event=%d", __func__, p_tle->event);
3229 }
3230 }
3231
3232 /*******************************************************************************
3233 **
3234 ** Function rw_i93_data_cback
3235 **
3236 ** Description This callback function receives the data from NFCC.
3237 **
3238 ** Returns none
3239 **
3240 *******************************************************************************/
rw_i93_data_cback(uint8_t conn_id,tNFC_CONN_EVT event,tNFC_CONN * p_data)3241 static void rw_i93_data_cback(__attribute__((unused)) uint8_t conn_id,
3242 tNFC_CONN_EVT event, tNFC_CONN* p_data) {
3243 tRW_I93_CB* p_i93 = &rw_cb.tcb.i93;
3244 NFC_HDR* p_resp;
3245 tRW_DATA rw_data;
3246
3247 uint8_t begin_state = p_i93->state;
3248
3249 LOG(VERBOSE) << StringPrintf("%s - event = 0x%X", __func__, event);
3250
3251 if ((event == NFC_DEACTIVATE_CEVT) || (event == NFC_ERROR_CEVT) ||
3252 ((event == NFC_DATA_CEVT) && (p_data->status != NFC_STATUS_OK))) {
3253 nfc_stop_quick_timer(&p_i93->timer);
3254
3255 if (event == NFC_ERROR_CEVT || (p_data->status != NFC_STATUS_OK)) {
3256 if ((p_i93->retry_count < RW_MAX_RETRIES) && (p_i93->p_retry_cmd)) {
3257 p_i93->retry_count++;
3258
3259 LOG(ERROR) << StringPrintf("%s - retry_count = %d", __func__,
3260 p_i93->retry_count);
3261
3262 p_resp = p_i93->p_retry_cmd;
3263 p_i93->p_retry_cmd = nullptr;
3264 if (rw_i93_send_to_lower(p_resp)) {
3265 if (event == NFC_DATA_CEVT) {
3266 p_resp = (NFC_HDR*)p_data->data.p_data;
3267 GKI_freebuf(p_resp);
3268 }
3269 return;
3270 }
3271 }
3272
3273 /* all retrial is done or failed to send command to lower layer */
3274 if (p_i93->p_retry_cmd) {
3275 GKI_freebuf(p_i93->p_retry_cmd);
3276 p_i93->p_retry_cmd = nullptr;
3277 p_i93->retry_count = 0;
3278 }
3279
3280 rw_i93_handle_error((tNFC_STATUS)(*(uint8_t*)p_data));
3281 } else {
3282 /* free retry buffer */
3283 if (p_i93->p_retry_cmd) {
3284 GKI_freebuf(p_i93->p_retry_cmd);
3285 p_i93->p_retry_cmd = nullptr;
3286 p_i93->retry_count = 0;
3287 }
3288 NFC_SetStaticRfCback(nullptr);
3289 p_i93->state = RW_I93_STATE_NOT_ACTIVATED;
3290 }
3291 if ((event == NFC_DATA_CEVT) && (p_data->status != NFC_STATUS_OK)) {
3292 p_resp = (NFC_HDR*)p_data->data.p_data;
3293 GKI_freebuf(p_resp);
3294 }
3295 return;
3296 }
3297
3298 if (event != NFC_DATA_CEVT) {
3299 return;
3300 }
3301
3302 p_resp = (NFC_HDR*)p_data->data.p_data;
3303
3304 nfc_stop_quick_timer(&p_i93->timer);
3305
3306 /* free retry buffer */
3307 if (p_i93->p_retry_cmd) {
3308 GKI_freebuf(p_i93->p_retry_cmd);
3309 p_i93->p_retry_cmd = nullptr;
3310 p_i93->retry_count = 0;
3311 }
3312
3313 LOG(VERBOSE) << StringPrintf("%s - RW I93 state: <%s (%d)>", __func__,
3314 rw_i93_get_state_name(p_i93->state).c_str(),
3315 p_i93->state);
3316
3317 switch (p_i93->state) {
3318 case RW_I93_STATE_IDLE:
3319 /* Unexpected Response from VICC, it should be raw frame response */
3320 /* forward to upper layer without parsing */
3321 p_i93->sent_cmd = 0;
3322 if (rw_cb.p_cback) {
3323 rw_data.raw_frame.status = p_data->data.status;
3324 rw_data.raw_frame.p_data = p_resp;
3325 (*(rw_cb.p_cback))(RW_I93_RAW_FRAME_EVT, &rw_data);
3326 p_resp = nullptr;
3327 } else {
3328 GKI_freebuf(p_resp);
3329 }
3330 break;
3331 case RW_I93_STATE_BUSY:
3332 p_i93->state = RW_I93_STATE_IDLE;
3333 rw_i93_send_to_upper(p_resp);
3334 GKI_freebuf(p_resp);
3335 break;
3336
3337 case RW_I93_STATE_DETECT_NDEF:
3338 if (p_i93->i93_t5t_mode == RW_I93_GET_SYS_INFO_MEM_INFO) {
3339 LOG(VERBOSE) << StringPrintf("%s - rw_i93_sm_detect_ndef()", __func__);
3340 rw_i93_sm_detect_ndef(p_resp);
3341 } else {
3342 LOG(VERBOSE) << StringPrintf("%s - rw_t5t_sm_detect_ndef()", __func__);
3343 rw_t5t_sm_detect_ndef(p_resp);
3344 }
3345 GKI_freebuf(p_resp);
3346 break;
3347
3348 case RW_I93_STATE_READ_NDEF:
3349 rw_i93_sm_read_ndef(p_resp);
3350 /* p_resp may send upper lyaer */
3351 break;
3352
3353 case RW_I93_STATE_UPDATE_NDEF:
3354 if (p_i93->i93_t5t_mode == RW_I93_GET_SYS_INFO_MEM_INFO) {
3355 LOG(VERBOSE) << StringPrintf("%s - rw_i93_sm_update_ndef()", __func__);
3356 rw_i93_sm_update_ndef(p_resp);
3357 } else {
3358 LOG(VERBOSE) << StringPrintf("%s - rw_t5t_sm_update_ndef()", __func__);
3359 rw_t5t_sm_update_ndef(p_resp);
3360 }
3361 GKI_freebuf(p_resp);
3362 break;
3363
3364 case RW_I93_STATE_FORMAT:
3365 rw_i93_sm_format(p_resp);
3366 GKI_freebuf(p_resp);
3367 break;
3368
3369 case RW_I93_STATE_SET_READ_ONLY:
3370 if (p_i93->i93_t5t_mode == RW_I93_GET_SYS_INFO_MEM_INFO) {
3371 LOG(VERBOSE) << StringPrintf("%s - rw_i93_sm_set_read_only()", __func__);
3372 rw_i93_sm_set_read_only(p_resp);
3373 } else {
3374 LOG(VERBOSE) << StringPrintf("%s - rw_t5t_sm_set_read_only()", __func__);
3375 rw_t5t_sm_set_read_only(p_resp);
3376 }
3377 GKI_freebuf(p_resp);
3378 break;
3379
3380 case RW_I93_STATE_PRESENCE_CHECK:
3381 p_i93->state = RW_I93_STATE_IDLE;
3382 p_i93->sent_cmd = 0;
3383
3384 /* if any response, send presence check with ok */
3385 rw_data.status = NFC_STATUS_OK;
3386 (*(rw_cb.p_cback))(RW_I93_PRESENCE_CHECK_EVT, &rw_data);
3387 GKI_freebuf(p_resp);
3388 break;
3389
3390 default:
3391 LOG(ERROR) << StringPrintf("%s - invalid state=%d", __func__,
3392 p_i93->state);
3393 GKI_freebuf(p_resp);
3394 break;
3395 }
3396
3397 if (begin_state != p_i93->state) {
3398 LOG(VERBOSE) << StringPrintf("%s - RW I93 state changed:<%s> -> <%s>",
3399 __func__,
3400 rw_i93_get_state_name(begin_state).c_str(),
3401 rw_i93_get_state_name(p_i93->state).c_str());
3402 }
3403 }
3404
3405 /*******************************************************************************
3406 **
3407 ** Function rw_i93_select
3408 **
3409 ** Description Initialise ISO 15693 / T5T RW
3410 **
3411 ** Returns NFC_STATUS_OK if success
3412 **
3413 *******************************************************************************/
rw_i93_select(uint8_t * p_uid)3414 tNFC_STATUS rw_i93_select(uint8_t* p_uid) {
3415 tRW_I93_CB* p_i93 = &rw_cb.tcb.i93;
3416 uint8_t uid[I93_UID_BYTE_LEN], *p;
3417
3418 LOG(VERBOSE) << __func__;
3419
3420 NFC_SetStaticRfCback(rw_i93_data_cback);
3421
3422 p_i93->state = RW_I93_STATE_IDLE;
3423
3424 /* convert UID to big endian format - MSB(0xE0) in first byte */
3425 p = uid;
3426 STREAM_TO_ARRAY8(p, p_uid);
3427
3428 rw_i93_get_product_version(uid);
3429
3430 return NFC_STATUS_OK;
3431 }
3432
3433 /*******************************************************************************
3434 **
3435 ** Function RW_I93Inventory
3436 **
3437 ** Description This function send Inventory command with/without AFI
3438 ** If UID is provided then set UID[0]:MSB, ... UID[7]:LSB
3439 **
3440 ** RW_I93_RESPONSE_EVT will be returned
3441 **
3442 ** Returns NFC_STATUS_OK if success
3443 ** NFC_STATUS_NO_BUFFERS if out of buffer
3444 ** NFC_STATUS_BUSY if busy
3445 ** NFC_STATUS_FAILED if other error
3446 **
3447 *******************************************************************************/
RW_I93Inventory(bool including_afi,uint8_t afi,uint8_t * p_uid)3448 tNFC_STATUS RW_I93Inventory(bool including_afi, uint8_t afi, uint8_t* p_uid) {
3449 tNFC_STATUS status;
3450
3451 LOG(VERBOSE) << StringPrintf(", including_afi:%d, AFI:0x%02X", including_afi,
3452 afi);
3453
3454 if (rw_cb.tcb.i93.state != RW_I93_STATE_IDLE) {
3455 LOG(ERROR) << StringPrintf("Unable to start command at state (0x%X)",
3456 rw_cb.tcb.i93.state);
3457 return NFC_STATUS_BUSY;
3458 }
3459
3460 status = rw_i93_send_cmd_inventory(p_uid, including_afi, afi);
3461
3462 if (status == NFC_STATUS_OK) {
3463 rw_cb.tcb.i93.state = RW_I93_STATE_BUSY;
3464 }
3465
3466 return (status);
3467 }
3468
3469 /*******************************************************************************
3470 **
3471 ** Function RW_I93StayQuiet
3472 **
3473 ** Description This function send Inventory command
3474 **
3475 ** RW_I93_CMD_CMPL_EVT will be returned
3476 **
3477 ** Returns NFC_STATUS_OK if success
3478 ** NFC_STATUS_NO_BUFFERS if out of buffer
3479 ** NFC_STATUS_BUSY if busy
3480 ** NFC_STATUS_FAILED if other error
3481 **
3482 *******************************************************************************/
RW_I93StayQuiet(uint8_t * p_uid)3483 tNFC_STATUS RW_I93StayQuiet(uint8_t* p_uid) {
3484 tNFC_STATUS status = NFC_STATUS_FAILED;
3485
3486 LOG(VERBOSE) << __func__;
3487
3488 if (rw_cb.tcb.i93.state != RW_I93_STATE_IDLE) {
3489 LOG(ERROR) << StringPrintf("%s - Unable to start command at state (0x%X)",
3490 __func__, rw_cb.tcb.i93.state);
3491 return NFC_STATUS_BUSY;
3492 }
3493
3494 if (p_uid) {
3495 status = rw_i93_send_cmd_stay_quiet(p_uid);
3496 if (status == NFC_STATUS_OK) {
3497 rw_cb.tcb.i93.state = RW_I93_STATE_BUSY;
3498 rw_cb.tcb.i93.addr_mode = RW_I93_MODE_ADDRESSED;
3499 }
3500 }
3501
3502 return status;
3503 }
3504
3505 /*******************************************************************************
3506 **
3507 ** Function RW_I93ReadSingleBlock
3508 **
3509 ** Description This function send Read Single Block command
3510 **
3511 ** RW_I93_RESPONSE_EVT will be returned
3512 **
3513 ** Returns NFC_STATUS_OK if success
3514 ** NFC_STATUS_NO_BUFFERS if out of buffer
3515 ** NFC_STATUS_BUSY if busy
3516 ** NFC_STATUS_FAILED if other error
3517 **
3518 *******************************************************************************/
RW_I93ReadSingleBlock(uint16_t block_number)3519 tNFC_STATUS RW_I93ReadSingleBlock(uint16_t block_number) {
3520 tNFC_STATUS status;
3521
3522 LOG(VERBOSE) << StringPrintf("%s - block_number:0x%02X", __func__,
3523 block_number);
3524
3525 if (rw_cb.tcb.i93.state != RW_I93_STATE_IDLE) {
3526 LOG(ERROR) << StringPrintf("Unable to start command at state (0x%X)",
3527 rw_cb.tcb.i93.state);
3528 return NFC_STATUS_BUSY;
3529 }
3530
3531 status = rw_i93_send_cmd_read_single_block(block_number, false);
3532 if (status == NFC_STATUS_OK) {
3533 rw_cb.tcb.i93.state = RW_I93_STATE_BUSY;
3534 }
3535
3536 return status;
3537 }
3538
3539 /*******************************************************************************
3540 **
3541 ** Function RW_I93WriteSingleBlock
3542 **
3543 ** Description This function send Write Single Block command
3544 ** Application must get block size first by calling
3545 ** RW_I93GetSysInfo().
3546 **
3547 ** RW_I93_CMD_CMPL_EVT will be returned
3548 **
3549 ** Returns NFC_STATUS_OK if success
3550 ** NFC_STATUS_NO_BUFFERS if out of buffer
3551 ** NFC_STATUS_BUSY if busy
3552 ** NFC_STATUS_FAILED if other error
3553 **
3554 *******************************************************************************/
RW_I93WriteSingleBlock(uint16_t block_number,uint8_t * p_data)3555 tNFC_STATUS RW_I93WriteSingleBlock(uint16_t block_number, uint8_t* p_data) {
3556 tNFC_STATUS status;
3557
3558 LOG(VERBOSE) << __func__;
3559
3560 if (rw_cb.tcb.i93.state != RW_I93_STATE_IDLE) {
3561 LOG(ERROR) << StringPrintf("Unable to start command at state (0x%X)",
3562 rw_cb.tcb.i93.state);
3563 return NFC_STATUS_BUSY;
3564 }
3565
3566 if (rw_cb.tcb.i93.block_size == 0) {
3567 LOG(ERROR) << StringPrintf("Block size is unknown");
3568 return NFC_STATUS_FAILED;
3569 }
3570
3571 status = rw_i93_send_cmd_write_single_block(block_number, p_data);
3572 if (status == NFC_STATUS_OK) {
3573 rw_cb.tcb.i93.state = RW_I93_STATE_BUSY;
3574 }
3575
3576 return status;
3577 }
3578
3579 /*******************************************************************************
3580 **
3581 ** Function RW_I93LockBlock
3582 **
3583 ** Description This function send Lock Block command
3584 **
3585 ** RW_I93_CMD_CMPL_EVT will be returned
3586 **
3587 ** Returns NFC_STATUS_OK if success
3588 ** NFC_STATUS_NO_BUFFERS if out of buffer
3589 ** NFC_STATUS_BUSY if busy
3590 ** NFC_STATUS_FAILED if other error
3591 **
3592 *******************************************************************************/
RW_I93LockBlock(uint8_t block_number)3593 tNFC_STATUS RW_I93LockBlock(uint8_t block_number) {
3594 tNFC_STATUS status;
3595
3596 LOG(VERBOSE) << __func__;
3597
3598 if (rw_cb.tcb.i93.state != RW_I93_STATE_IDLE) {
3599 LOG(ERROR) << StringPrintf("Unable to start command at state (0x%X)",
3600 rw_cb.tcb.i93.state);
3601 return NFC_STATUS_BUSY;
3602 }
3603
3604 status = rw_i93_send_cmd_lock_block(block_number);
3605 if (status == NFC_STATUS_OK) {
3606 rw_cb.tcb.i93.state = RW_I93_STATE_BUSY;
3607 }
3608
3609 return status;
3610 }
3611
3612 /*******************************************************************************
3613 **
3614 ** Function RW_I93ReadMultipleBlocks
3615 **
3616 ** Description This function send Read Multiple Blocks command
3617 **
3618 ** RW_I93_RESPONSE_EVT will be returned
3619 **
3620 ** Returns NFC_STATUS_OK if success
3621 ** NFC_STATUS_NO_BUFFERS if out of buffer
3622 ** NFC_STATUS_BUSY if busy
3623 ** NFC_STATUS_FAILED if other error
3624 **
3625 *******************************************************************************/
RW_I93ReadMultipleBlocks(uint16_t first_block_number,uint16_t number_blocks)3626 tNFC_STATUS RW_I93ReadMultipleBlocks(uint16_t first_block_number,
3627 uint16_t number_blocks) {
3628 tNFC_STATUS status;
3629
3630 LOG(VERBOSE) << __func__;
3631
3632 if (rw_cb.tcb.i93.state != RW_I93_STATE_IDLE) {
3633 LOG(ERROR) << StringPrintf("Unable to start command at state (0x%X)",
3634 rw_cb.tcb.i93.state);
3635 return NFC_STATUS_BUSY;
3636 }
3637
3638 status = rw_i93_send_cmd_read_multi_blocks(first_block_number, number_blocks);
3639 if (status == NFC_STATUS_OK) {
3640 rw_cb.tcb.i93.state = RW_I93_STATE_BUSY;
3641 }
3642
3643 return status;
3644 }
3645
3646 /*******************************************************************************
3647 **
3648 ** Function RW_I93WriteMultipleBlocks
3649 **
3650 ** Description This function send Write Multiple Blocks command
3651 **
3652 ** RW_I93_CMD_CMPL_EVT will be returned
3653 **
3654 ** Returns NFC_STATUS_OK if success
3655 ** NFC_STATUS_NO_BUFFERS if out of buffer
3656 ** NFC_STATUS_BUSY if busy
3657 ** NFC_STATUS_FAILED if other error
3658 **
3659 *******************************************************************************/
RW_I93WriteMultipleBlocks(uint16_t first_block_number,uint16_t number_blocks,uint8_t * p_data)3660 tNFC_STATUS RW_I93WriteMultipleBlocks(uint16_t first_block_number,
3661 uint16_t number_blocks, uint8_t* p_data) {
3662 tNFC_STATUS status;
3663
3664 LOG(VERBOSE) << __func__;
3665
3666 if (rw_cb.tcb.i93.state != RW_I93_STATE_IDLE) {
3667 LOG(ERROR) << StringPrintf("Unable to start command at state (0x%X)",
3668 rw_cb.tcb.i93.state);
3669 return NFC_STATUS_BUSY;
3670 }
3671
3672 if (rw_cb.tcb.i93.block_size == 0) {
3673 LOG(ERROR) << StringPrintf("Block size is unknown");
3674 return NFC_STATUS_FAILED;
3675 }
3676
3677 status = rw_i93_send_cmd_write_multi_blocks(first_block_number, number_blocks,
3678 p_data);
3679 if (status == NFC_STATUS_OK) {
3680 rw_cb.tcb.i93.state = RW_I93_STATE_BUSY;
3681 }
3682
3683 return status;
3684 }
3685
3686 /*******************************************************************************
3687 **
3688 ** Function RW_I93Select
3689 **
3690 ** Description This function send Select command
3691 **
3692 ** UID[0]: 0xE0, MSB
3693 ** UID[1]: IC Mfg Code
3694 ** ...
3695 ** UID[7]: LSB
3696 **
3697 ** RW_I93_CMD_CMPL_EVT will be returned
3698 **
3699 ** Returns NFC_STATUS_OK if success
3700 ** NFC_STATUS_NO_BUFFERS if out of buffer
3701 ** NFC_STATUS_BUSY if busy
3702 ** NFC_STATUS_FAILED if other error
3703 **
3704 *******************************************************************************/
RW_I93Select(uint8_t * p_uid)3705 tNFC_STATUS RW_I93Select(uint8_t* p_uid) {
3706 tNFC_STATUS status;
3707
3708 LOG(VERBOSE) << __func__;
3709
3710 if (rw_cb.tcb.i93.state != RW_I93_STATE_IDLE) {
3711 LOG(ERROR) << StringPrintf("%s - Unable to start command at state (0x%X)",
3712 __func__, rw_cb.tcb.i93.state);
3713 return NFC_STATUS_BUSY;
3714 }
3715
3716 if (p_uid) {
3717 status = rw_i93_send_cmd_select(p_uid);
3718 if (status == NFC_STATUS_OK) {
3719 rw_cb.tcb.i93.state = RW_I93_STATE_BUSY;
3720 rw_cb.tcb.i93.addr_mode = RW_I93_MODE_NON_ADDRESSED;
3721 rw_cb.tcb.i93.intl_flags |= RW_I93_FLAG_SELECTED_STATE;
3722 }
3723 } else {
3724 LOG(ERROR) << StringPrintf("%s - UID shall be provided", __func__);
3725 status = NFC_STATUS_FAILED;
3726 }
3727
3728 return status;
3729 }
3730
3731 /*******************************************************************************
3732 **
3733 ** Function RW_I93ResetToReady
3734 **
3735 ** Description This function send Reset To Ready command
3736 **
3737 ** RW_I93_CMD_CMPL_EVT will be returned
3738 **
3739 ** Returns NFC_STATUS_OK if success
3740 ** NFC_STATUS_NO_BUFFERS if out of buffer
3741 ** NFC_STATUS_BUSY if busy
3742 ** NFC_STATUS_FAILED if other error
3743 **
3744 *******************************************************************************/
RW_I93ResetToReady(void)3745 tNFC_STATUS RW_I93ResetToReady(void) {
3746 tNFC_STATUS status;
3747
3748 LOG(VERBOSE) << __func__;
3749
3750 if (rw_cb.tcb.i93.state != RW_I93_STATE_IDLE) {
3751 LOG(ERROR) << StringPrintf("%s - Unable to start command at state (0x%X)",
3752 __func__, rw_cb.tcb.i93.state);
3753 return NFC_STATUS_BUSY;
3754 }
3755
3756 status = rw_i93_send_cmd_reset_to_ready();
3757 if (status == NFC_STATUS_OK) {
3758 rw_cb.tcb.i93.state = RW_I93_STATE_BUSY;
3759 }
3760
3761 return status;
3762 }
3763
3764 /*******************************************************************************
3765 **
3766 ** Function RW_I93WriteAFI
3767 **
3768 ** Description This function send Write AFI command
3769 **
3770 ** RW_I93_CMD_CMPL_EVT will be returned
3771 **
3772 ** Returns NFC_STATUS_OK if success
3773 ** NFC_STATUS_NO_BUFFERS if out of buffer
3774 ** NFC_STATUS_BUSY if busy
3775 ** NFC_STATUS_FAILED if other error
3776 **
3777 *******************************************************************************/
RW_I93WriteAFI(uint8_t afi)3778 tNFC_STATUS RW_I93WriteAFI(uint8_t afi) {
3779 tNFC_STATUS status;
3780
3781 LOG(VERBOSE) << __func__;
3782
3783 if (rw_cb.tcb.i93.state != RW_I93_STATE_IDLE) {
3784 LOG(ERROR) << StringPrintf("Unable to start command at state (0x%X)",
3785 rw_cb.tcb.i93.state);
3786 return NFC_STATUS_BUSY;
3787 }
3788
3789 status = rw_i93_send_cmd_write_afi(afi);
3790 if (status == NFC_STATUS_OK) {
3791 rw_cb.tcb.i93.state = RW_I93_STATE_BUSY;
3792 }
3793
3794 return status;
3795 }
3796
3797 /*******************************************************************************
3798 **
3799 ** Function RW_I93LockAFI
3800 **
3801 ** Description This function send Lock AFI command
3802 **
3803 ** RW_I93_CMD_CMPL_EVT will be returned
3804 **
3805 ** Returns NFC_STATUS_OK if success
3806 ** NFC_STATUS_NO_BUFFERS if out of buffer
3807 ** NFC_STATUS_BUSY if busy
3808 ** NFC_STATUS_FAILED if other error
3809 **
3810 *******************************************************************************/
RW_I93LockAFI(void)3811 tNFC_STATUS RW_I93LockAFI(void) {
3812 tNFC_STATUS status;
3813
3814 LOG(VERBOSE) << __func__;
3815
3816 if (rw_cb.tcb.i93.state != RW_I93_STATE_IDLE) {
3817 LOG(ERROR) << StringPrintf("Unable to start command at state (0x%X)",
3818 rw_cb.tcb.i93.state);
3819 return NFC_STATUS_BUSY;
3820 }
3821
3822 status = rw_i93_send_cmd_lock_afi();
3823 if (status == NFC_STATUS_OK) {
3824 rw_cb.tcb.i93.state = RW_I93_STATE_BUSY;
3825 }
3826
3827 return status;
3828 }
3829
3830 /*******************************************************************************
3831 **
3832 ** Function RW_I93WriteDSFID
3833 **
3834 ** Description This function send Write DSFID command
3835 **
3836 ** RW_I93_CMD_CMPL_EVT will be returned
3837 **
3838 ** Returns NFC_STATUS_OK if success
3839 ** NFC_STATUS_NO_BUFFERS if out of buffer
3840 ** NFC_STATUS_BUSY if busy
3841 ** NFC_STATUS_FAILED if other error
3842 **
3843 *******************************************************************************/
RW_I93WriteDSFID(uint8_t dsfid)3844 tNFC_STATUS RW_I93WriteDSFID(uint8_t dsfid) {
3845 tNFC_STATUS status;
3846
3847 LOG(VERBOSE) << __func__;
3848
3849 if (rw_cb.tcb.i93.state != RW_I93_STATE_IDLE) {
3850 LOG(ERROR) << StringPrintf("Unable to start command at state (0x%X)",
3851 rw_cb.tcb.i93.state);
3852 return NFC_STATUS_BUSY;
3853 }
3854
3855 status = rw_i93_send_cmd_write_dsfid(dsfid);
3856 if (status == NFC_STATUS_OK) {
3857 rw_cb.tcb.i93.state = RW_I93_STATE_BUSY;
3858 }
3859
3860 return status;
3861 }
3862
3863 /*******************************************************************************
3864 **
3865 ** Function RW_I93LockDSFID
3866 **
3867 ** Description This function send Lock DSFID command
3868 **
3869 ** RW_I93_CMD_CMPL_EVT will be returned
3870 **
3871 ** Returns NFC_STATUS_OK if success
3872 ** NFC_STATUS_NO_BUFFERS if out of buffer
3873 ** NFC_STATUS_BUSY if busy
3874 ** NFC_STATUS_FAILED if other error
3875 **
3876 *******************************************************************************/
RW_I93LockDSFID(void)3877 tNFC_STATUS RW_I93LockDSFID(void) {
3878 tNFC_STATUS status;
3879
3880 LOG(VERBOSE) << __func__;
3881
3882 if (rw_cb.tcb.i93.state != RW_I93_STATE_IDLE) {
3883 LOG(ERROR) << StringPrintf("Unable to start command at state (0x%X)",
3884 rw_cb.tcb.i93.state);
3885 return NFC_STATUS_BUSY;
3886 }
3887
3888 status = rw_i93_send_cmd_lock_dsfid();
3889 if (status == NFC_STATUS_OK) {
3890 rw_cb.tcb.i93.state = RW_I93_STATE_BUSY;
3891 }
3892
3893 return status;
3894 }
3895
3896 /*******************************************************************************
3897 **
3898 ** Function RW_I93GetSysInfo
3899 **
3900 ** Description This function send Get System Information command
3901 **
3902 ** RW_I93_RESPONSE_EVT will be returned
3903 **
3904 ** Returns NFC_STATUS_OK if success
3905 ** NFC_STATUS_NO_BUFFERS if out of buffer
3906 ** NFC_STATUS_BUSY if busy
3907 ** NFC_STATUS_FAILED if other error
3908 **
3909 *******************************************************************************/
RW_I93GetSysInfo(uint8_t * p_uid)3910 tNFC_STATUS RW_I93GetSysInfo(uint8_t* p_uid) {
3911 tNFC_STATUS status;
3912
3913 LOG(VERBOSE) << __func__;
3914
3915 if (rw_cb.tcb.i93.state != RW_I93_STATE_IDLE) {
3916 LOG(ERROR) << StringPrintf("%s - Unable to start command at state (0x%X)",
3917 __func__, rw_cb.tcb.i93.state);
3918 return NFC_STATUS_BUSY;
3919 }
3920
3921 if (p_uid) {
3922 status = rw_i93_send_cmd_get_sys_info(p_uid, I93_FLAG_PROT_EXT_NO);
3923 } else {
3924 status = rw_i93_send_cmd_get_sys_info(nullptr, I93_FLAG_PROT_EXT_NO);
3925 }
3926
3927 if (status == NFC_STATUS_OK) {
3928 rw_cb.tcb.i93.state = RW_I93_STATE_BUSY;
3929 }
3930
3931 return status;
3932 }
3933
3934 /*******************************************************************************
3935 **
3936 ** Function RW_I93GetMultiBlockSecurityStatus
3937 **
3938 ** Description This function send Get Multiple Block Security Status
3939 ** command
3940 **
3941 ** RW_I93_RESPONSE_EVT will be returned
3942 **
3943 ** Returns NFC_STATUS_OK if success
3944 ** NFC_STATUS_NO_BUFFERS if out of buffer
3945 ** NFC_STATUS_BUSY if busy
3946 ** NFC_STATUS_FAILED if other error
3947 **
3948 *******************************************************************************/
RW_I93GetMultiBlockSecurityStatus(uint16_t first_block_number,uint16_t number_blocks)3949 tNFC_STATUS RW_I93GetMultiBlockSecurityStatus(uint16_t first_block_number,
3950 uint16_t number_blocks) {
3951 tNFC_STATUS status;
3952
3953 LOG(VERBOSE) << __func__;
3954
3955 if (rw_cb.tcb.i93.state != RW_I93_STATE_IDLE) {
3956 LOG(ERROR) << StringPrintf(
3957 "Unable to start command at state "
3958 "(0x%X)",
3959 rw_cb.tcb.i93.state);
3960 return NFC_STATUS_BUSY;
3961 }
3962
3963 status =
3964 rw_i93_send_cmd_get_multi_block_sec(first_block_number, number_blocks);
3965 if (status == NFC_STATUS_OK) {
3966 rw_cb.tcb.i93.state = RW_I93_STATE_BUSY;
3967 }
3968
3969 return status;
3970 }
3971
3972 /*******************************************************************************
3973 **
3974 ** Function RW_I93DetectNDef
3975 **
3976 ** Description This function performs NDEF detection procedure
3977 **
3978 ** RW_I93_NDEF_DETECT_EVT will be returned
3979 **
3980 ** Returns NFC_STATUS_OK if success
3981 ** NFC_STATUS_FAILED if busy or other error
3982 **
3983 *******************************************************************************/
RW_I93DetectNDef(void)3984 tNFC_STATUS RW_I93DetectNDef(void) {
3985 tNFC_STATUS status;
3986 tRW_I93_RW_SUBSTATE sub_state;
3987
3988 LOG(VERBOSE) << __func__;
3989
3990 if (rw_cb.tcb.i93.state != RW_I93_STATE_IDLE) {
3991 LOG(ERROR) << StringPrintf("%s - Unable to start command at state (0x%X)",
3992 __func__, rw_cb.tcb.i93.state);
3993 return NFC_STATUS_FAILED;
3994 }
3995
3996 if (rw_cb.tcb.i93.uid[0] != I93_UID_FIRST_BYTE) {
3997 status = rw_i93_send_cmd_inventory(nullptr, false, 0x00);
3998 sub_state = RW_I93_SUBSTATE_WAIT_UID;
3999
4000 } else if (((rw_cb.tcb.i93.num_block == 0) ||
4001 (rw_cb.tcb.i93.block_size == 0)) &&
4002 RW_I93CheckLegacyProduct(rw_cb.tcb.i93.uid[1],
4003 rw_cb.tcb.i93.uid[2])) {
4004 status =
4005 rw_i93_send_cmd_get_sys_info(rw_cb.tcb.i93.uid, I93_FLAG_PROT_EXT_NO);
4006 sub_state = RW_I93_SUBSTATE_WAIT_SYS_INFO;
4007
4008 /* clear all flags */
4009 rw_cb.tcb.i93.intl_flags = 0;
4010 } else {
4011 /* read CC in the first block */
4012 status = rw_i93_send_cmd_read_single_block(0x0000, false);
4013 sub_state = RW_I93_SUBSTATE_WAIT_CC;
4014 }
4015
4016 if (status == NFC_STATUS_OK) {
4017 rw_cb.tcb.i93.state = RW_I93_STATE_DETECT_NDEF;
4018 rw_cb.tcb.i93.sub_state = sub_state;
4019
4020 /* clear flags except flag for 2 bytes of number of blocks */
4021 rw_cb.tcb.i93.intl_flags &= RW_I93_FLAG_16BIT_NUM_BLOCK;
4022 }
4023
4024 return (status);
4025 }
4026
4027 /*******************************************************************************
4028 **
4029 ** Function RW_I93ReadNDef
4030 **
4031 ** Description This function performs NDEF read procedure
4032 ** Note: RW_I93DetectNDef () must be called before using this
4033 **
4034 ** The following event will be returned
4035 ** RW_I93_NDEF_READ_EVT for each segmented NDEF message
4036 ** RW_I93_NDEF_READ_CPLT_EVT for the last segment or
4037 ** complete NDEF
4038 ** RW_I93_NDEF_READ_FAIL_EVT for failure
4039 **
4040 ** Returns NFC_STATUS_OK if success
4041 ** NFC_STATUS_FAILED if I93 is busy or other error
4042 **
4043 *******************************************************************************/
RW_I93ReadNDef(void)4044 tNFC_STATUS RW_I93ReadNDef(void) {
4045 LOG(VERBOSE) << __func__;
4046
4047 if (rw_cb.tcb.i93.state != RW_I93_STATE_IDLE) {
4048 LOG(ERROR) << StringPrintf("%s - Unable to start command at state (0x%X)",
4049 __func__, rw_cb.tcb.i93.state);
4050 return NFC_STATUS_FAILED;
4051 }
4052
4053 if ((rw_cb.tcb.i93.tlv_type == I93_ICODE_TLV_TYPE_NDEF) &&
4054 (rw_cb.tcb.i93.ndef_length > 0)) {
4055 rw_cb.tcb.i93.rw_offset = rw_cb.tcb.i93.ndef_tlv_start_offset;
4056 rw_cb.tcb.i93.rw_length = 0;
4057
4058 if (rw_i93_get_next_blocks(rw_cb.tcb.i93.rw_offset) == NFC_STATUS_OK) {
4059 rw_cb.tcb.i93.state = RW_I93_STATE_READ_NDEF;
4060 } else {
4061 return NFC_STATUS_FAILED;
4062 }
4063 } else {
4064 LOG(ERROR) << StringPrintf("%s - No NDEF detected", __func__);
4065 return NFC_STATUS_FAILED;
4066 }
4067
4068 return NFC_STATUS_OK;
4069 }
4070
4071 /*******************************************************************************
4072 **
4073 ** Function RW_I93UpdateNDef
4074 **
4075 ** Description This function performs NDEF update procedure
4076 ** Note: RW_I93DetectNDef () must be called before using this
4077 ** Updating data must not be removed until returning
4078 ** event
4079 **
4080 ** The following event will be returned
4081 ** RW_I93_NDEF_UPDATE_CPLT_EVT for complete
4082 ** RW_I93_NDEF_UPDATE_FAIL_EVT for failure
4083 **
4084 ** Returns NFC_STATUS_OK if success
4085 ** NFC_STATUS_FAILED if I93 is busy or other error
4086 **
4087 *******************************************************************************/
RW_I93UpdateNDef(uint32_t length,uint8_t * p_data)4088 tNFC_STATUS RW_I93UpdateNDef(uint32_t length, uint8_t* p_data) {
4089 uint32_t block_number;
4090
4091 LOG(VERBOSE) << StringPrintf("%s - length:%d", __func__, length);
4092
4093 if (rw_cb.tcb.i93.state != RW_I93_STATE_IDLE) {
4094 LOG(ERROR) << StringPrintf("%s - Unable to start command at state (0x%X)",
4095 __func__, rw_cb.tcb.i93.state);
4096 return NFC_STATUS_FAILED;
4097 }
4098
4099 if (rw_cb.tcb.i93.tlv_type == I93_ICODE_TLV_TYPE_NDEF) {
4100 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_READ_ONLY) {
4101 LOG(ERROR) << StringPrintf("%s - NDEF is read-only", __func__);
4102 return NFC_STATUS_FAILED;
4103 }
4104 if (rw_cb.tcb.i93.max_ndef_length < length) {
4105 LOG(ERROR) << StringPrintf(
4106 "%s - data (%d bytes) is more than max NDEF length "
4107 "(%d)",
4108 __func__, length, rw_cb.tcb.i93.max_ndef_length);
4109 return NFC_STATUS_FAILED;
4110 }
4111
4112 rw_cb.tcb.i93.ndef_length = length;
4113 rw_cb.tcb.i93.p_update_data = p_data;
4114
4115 /* read length field */
4116 rw_cb.tcb.i93.rw_offset = rw_cb.tcb.i93.ndef_tlv_start_offset + 1;
4117 rw_cb.tcb.i93.rw_length = 0;
4118
4119 block_number = rw_cb.tcb.i93.rw_offset / rw_cb.tcb.i93.block_size;
4120
4121 if (rw_i93_send_cmd_read_single_block(block_number, false) ==
4122 NFC_STATUS_OK) {
4123 rw_cb.tcb.i93.state = RW_I93_STATE_UPDATE_NDEF;
4124 rw_cb.tcb.i93.sub_state = RW_I93_SUBSTATE_RESET_LEN;
4125 } else {
4126 return NFC_STATUS_FAILED;
4127 }
4128 } else {
4129 LOG(ERROR) << StringPrintf("%s - No NDEF detected", __func__);
4130 return NFC_STATUS_FAILED;
4131 }
4132
4133 return NFC_STATUS_OK;
4134 }
4135
4136 /*******************************************************************************
4137 **
4138 ** Function RW_I93FormatNDef
4139 **
4140 ** Description This function performs formatting procedure
4141 **
4142 ** RW_I93_FORMAT_CPLT_EVT will be returned
4143 **
4144 ** Returns NFC_STATUS_OK if success
4145 ** NFC_STATUS_FAILED if busy or other error
4146 **
4147 *******************************************************************************/
RW_I93FormatNDef(void)4148 tNFC_STATUS RW_I93FormatNDef(void) {
4149 tNFC_STATUS status;
4150 tRW_I93_RW_SUBSTATE sub_state;
4151
4152 LOG(VERBOSE) << __func__;
4153
4154 if (rw_cb.tcb.i93.state != RW_I93_STATE_IDLE) {
4155 LOG(ERROR) << StringPrintf("Unable to start command at state (0x%X)",
4156 rw_cb.tcb.i93.state);
4157 return NFC_STATUS_FAILED;
4158 }
4159
4160 if ((rw_cb.tcb.i93.product_version == RW_I93_TAG_IT_HF_I_STD_CHIP_INLAY) ||
4161 (rw_cb.tcb.i93.product_version == RW_I93_TAG_IT_HF_I_PRO_CHIP_INLAY)) {
4162 /* These don't support GetSystemInformation and GetMultiBlockSecurityStatus
4163 */
4164 rw_cb.tcb.i93.rw_offset = 0;
4165
4166 /* read blocks with option flag to get block security status */
4167 status = rw_i93_send_cmd_read_single_block(0x0000, true);
4168 sub_state = RW_I93_SUBSTATE_CHECK_READ_ONLY;
4169 } else {
4170 status = rw_i93_send_cmd_inventory(rw_cb.tcb.i93.uid, false, 0x00);
4171 sub_state = RW_I93_SUBSTATE_WAIT_UID;
4172 }
4173
4174 if (status == NFC_STATUS_OK) {
4175 rw_cb.tcb.i93.state = RW_I93_STATE_FORMAT;
4176 rw_cb.tcb.i93.sub_state = sub_state;
4177 rw_cb.tcb.i93.intl_flags = 0;
4178 }
4179
4180 return (status);
4181 }
4182
4183 /*******************************************************************************
4184 **
4185 ** Function RW_I93SetTagReadOnly
4186 **
4187 ** Description This function performs NDEF read-only procedure
4188 ** Note: RW_I93DetectNDef () must be called before using this
4189 ** Updating data must not be removed until returning
4190 ** event
4191 **
4192 ** The RW_I93_SET_TAG_RO_EVT event will be returned.
4193 **
4194 ** Returns NFC_STATUS_OK if success
4195 ** NFC_STATUS_FAILED if I93 is busy or other error
4196 **
4197 *******************************************************************************/
RW_I93SetTagReadOnly(void)4198 tNFC_STATUS RW_I93SetTagReadOnly(void) {
4199 uint8_t cc_blk0[4];
4200
4201 LOG(VERBOSE) << __func__;
4202
4203 if (rw_cb.tcb.i93.state != RW_I93_STATE_IDLE) {
4204 LOG(ERROR) << StringPrintf("%s - Unable to start command at state (0x%X)",
4205 __func__, rw_cb.tcb.i93.state);
4206 return NFC_STATUS_FAILED;
4207 }
4208
4209 if ((rw_cb.tcb.i93.tlv_type == I93_ICODE_TLV_TYPE_NDEF) &&
4210 (rw_cb.tcb.i93.i93_t5t_mode != RW_T5T_CC_READ_MEM_INFO)) {
4211 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_READ_ONLY) {
4212 LOG(ERROR) << StringPrintf("%s - NDEF is already read-only", __func__);
4213 return NFC_STATUS_FAILED;
4214 }
4215
4216 /* get CC in the first block */
4217 if (rw_i93_send_cmd_read_single_block(0, false) == NFC_STATUS_OK) {
4218 rw_cb.tcb.i93.state = RW_I93_STATE_SET_READ_ONLY;
4219 rw_cb.tcb.i93.sub_state = RW_I93_SUBSTATE_WAIT_CC;
4220 } else {
4221 return NFC_STATUS_FAILED;
4222 }
4223 } else {
4224 if (rw_cb.tcb.i93.i93_t5t_mode == RW_T5T_CC_READ_MEM_INFO) {
4225 memcpy(cc_blk0, rw_cb.tcb.i93.gre_cc_content, 4);
4226
4227 /* mark CC as read-only */
4228 *(cc_blk0 + 1) |= I93_ICODE_CC_READ_ONLY;
4229
4230 LOG(VERBOSE) << StringPrintf(
4231 "%s - Set CC1 to RO - cc[0]=0x%02x, cc[1]=0x%02x, "
4232 "cc[2]=0x%02x, cc[3]=0x%02x",
4233 __func__, *cc_blk0, *(cc_blk0 + 1), *(cc_blk0 + 2), *(cc_blk0 + 3));
4234
4235 if (rw_i93_send_cmd_write_single_block(0, cc_blk0) == NFC_STATUS_OK) {
4236 rw_cb.tcb.i93.state = RW_I93_STATE_SET_READ_ONLY;
4237 rw_cb.tcb.i93.sub_state = RW_I93_SUBSTATE_WAIT_UPDATE_CC;
4238 } else {
4239 rw_i93_handle_error(NFC_STATUS_FAILED);
4240 return NFC_STATUS_FAILED;
4241 }
4242
4243 return NFC_STATUS_OK;
4244 }
4245 LOG(ERROR) << StringPrintf("%s - No NDEF detected", __func__);
4246 return NFC_STATUS_FAILED;
4247 }
4248
4249 return NFC_STATUS_OK;
4250 }
4251
4252 /*****************************************************************************
4253 **
4254 ** Function RW_I93PresenceCheck
4255 **
4256 ** Description Check if the tag is still in the field.
4257 **
4258 ** The RW_I93_PRESENCE_CHECK_EVT w/ status is used to indicate
4259 ** presence or non-presence.
4260 **
4261 ** Returns NFC_STATUS_OK, if raw data frame sent
4262 ** NFC_STATUS_NO_BUFFERS: unable to allocate a buffer for this
4263 ** operation
4264 ** NFC_STATUS_FAILED: other error
4265 **
4266 *****************************************************************************/
RW_I93PresenceCheck(void)4267 tNFC_STATUS RW_I93PresenceCheck(void) {
4268 tNFC_STATUS status;
4269 tRW_DATA evt_data;
4270
4271 LOG(VERBOSE) << __func__;
4272
4273 if (!rw_cb.p_cback) {
4274 return NFC_STATUS_FAILED;
4275 } else if (rw_cb.tcb.i93.state == RW_I93_STATE_NOT_ACTIVATED) {
4276 evt_data.status = NFC_STATUS_FAILED;
4277 (*rw_cb.p_cback)(RW_I93_PRESENCE_CHECK_EVT, &evt_data);
4278
4279 return NFC_STATUS_OK;
4280 } else if (rw_cb.tcb.i93.state != RW_I93_STATE_IDLE) {
4281 return NFC_STATUS_BUSY;
4282 } else {
4283 rw_cb.tcb.i93.in_pres_check = true;
4284 if (rw_cb.tcb.i93.i93_t5t_mode == RW_I93_GET_SYS_INFO_MEM_INFO) {
4285 /* The support of AFI by the VICC is optional, so do not include AFI */
4286 status = rw_i93_send_cmd_inventory(rw_cb.tcb.i93.uid, false, 0x00);
4287 } else {
4288 /* Extended command not expected for presence check */
4289 rw_cb.tcb.i93.intl_flags &= ~RW_I93_FLAG_EXT_COMMANDS;
4290 status = rw_i93_send_cmd_read_single_block(0, false);
4291 }
4292 rw_cb.tcb.i93.in_pres_check = false;
4293
4294 if (status == NFC_STATUS_OK) {
4295 /* do not retry during presence check */
4296 rw_cb.tcb.i93.retry_count = RW_MAX_RETRIES;
4297 rw_cb.tcb.i93.state = RW_I93_STATE_PRESENCE_CHECK;
4298 }
4299 }
4300
4301 return (status);
4302 }
4303
4304 /*****************************************************************************
4305 **
4306 ** Function RW_I93CheckLegacyProduct
4307 **
4308 ** Description Check if product is legacy and if its definition
4309 ** (blocks size, number of blocks) needs to be retrieved
4310 ** with (Extended)GetSystemInfo command.
4311 **
4312 ** Returns true if legacy product
4313 ** else false
4314 **
4315 *****************************************************************************/
RW_I93CheckLegacyProduct(uint8_t ic_manuf,uint8_t pdt_code)4316 bool RW_I93CheckLegacyProduct(uint8_t ic_manuf, uint8_t pdt_code) {
4317 if (t5t_mute_legacy) return false;
4318 if (appl_dta_mode_flag) return false;
4319 if (!t5t_no_getsysinfo()) return true;
4320 LOG(VERBOSE) << StringPrintf("%s - IC manufacturer:0x%x, Product code:0x%x",
4321 __func__, ic_manuf, pdt_code);
4322
4323 uint8_t pdt_code_family = 0;
4324
4325 if (ic_manuf == I93_UID_IC_MFG_CODE_NXP) {
4326 LOG(VERBOSE) << StringPrintf("%s - No I93 legacy product detected", __func__);
4327 return false;
4328 }
4329
4330 if (ic_manuf == I93_UID_IC_MFG_CODE_STM) {
4331 switch (pdt_code) {
4332 case I93_IC_REF_STM_ST25TV16K_64K:
4333 case I93_IC_REF_STM_ST25TV04K_E:
4334 LOG(VERBOSE) << StringPrintf("%s - ISO 15693 legacy product detected",
4335 __func__);
4336 return true;
4337 }
4338
4339 pdt_code_family = pdt_code & I93_IC_REF_STM_MASK;
4340 switch (pdt_code_family) {
4341 case I93_IC_REF_STM_LRI1K:
4342 case I93_PROD_CODE_STM_M24LR04E_R_MASK:
4343 case I93_PROD_CODE_STM_LRI2K_MASK:
4344 case I93_PROD_CODE_STM_LRIS2K_MASK:
4345 case I93_PROD_CODE_STM_LRIS64K_MASK:
4346 case I93_PROD_CODE_STM_M24LR16E_R_MASK:
4347 case I93_PROD_CODE_STM_M24LR64_R_MASK:
4348 case I93_PROD_CODE_STM_M24LR64E_R_MASK:
4349 case I93_PROD_CODE_STM_ST25DV_K_MASK:
4350 LOG(VERBOSE) << StringPrintf("%s - ISO 15693 legacy product detected",
4351 __func__);
4352 return true;
4353 default:
4354 LOG(VERBOSE) << StringPrintf("%s - T5T NFC Forum product detected",
4355 __func__);
4356 return false;
4357 }
4358 }
4359
4360 if ((ic_manuf == I93_UID_IC_MFG_CODE_TI) ||
4361 (ic_manuf == I93_UID_IC_MFG_CODE_ONS)) {
4362 LOG(VERBOSE) << StringPrintf("%s - I93 legacy product detected", __func__);
4363 return true;
4364 }
4365
4366 LOG(VERBOSE) << StringPrintf("%s - T5T NFC Forum product detected", __func__);
4367 return false;
4368 }
4369
4370 /*****************************************************************************
4371 **
4372 ** Function RW_I93SetAddressingMode
4373 **
4374 ** Description Set if the tag must be addressed with UID or not.
4375 **
4376 ** The addressing mode (addressed or non-addressed) must be
4377 ** done at the module initialization prior to the Tag
4378 ** activation.
4379 **
4380 ** Returns NFC_STATUS_OK, if mode is stored
4381 ** NFC_STATUS_FAILED: other error
4382 **
4383 *****************************************************************************/
RW_I93SetAddressingMode(bool mode)4384 tNFC_STATUS RW_I93SetAddressingMode(bool mode) {
4385 LOG(VERBOSE) << StringPrintf("%s - I93 state:%d", __func__,
4386 rw_cb.tcb.i93.state);
4387
4388 if (rw_cb.tcb.i93.state == RW_I93_STATE_IDLE) {
4389 LOG(VERBOSE) << StringPrintf("%s - mode:%d", __func__, mode);
4390 if (mode) {
4391 rw_cb.tcb.i93.addr_mode = RW_I93_MODE_ADDRESSED;
4392 } else {
4393 rw_cb.tcb.i93.addr_mode = RW_I93_MODE_NON_ADDRESSED;
4394 }
4395 return NFC_STATUS_OK;
4396 } else {
4397 return NFC_STATUS_FAILED;
4398 }
4399 }
4400
4401 /*******************************************************************************
4402 **
4403 ** Function rw_i93_get_state_name
4404 **
4405 ** Description This function returns the state name.
4406 **
4407 ** NOTE conditionally compiled to save memory.
4408 **
4409 ** Returns pointer to the name
4410 **
4411 *******************************************************************************/
rw_i93_get_state_name(uint8_t state)4412 std::string rw_i93_get_state_name(uint8_t state) {
4413 switch (state) {
4414 case RW_I93_STATE_NOT_ACTIVATED:
4415 return "NOT_ACTIVATED";
4416 case RW_I93_STATE_IDLE:
4417 return "IDLE";
4418 case RW_I93_STATE_BUSY:
4419 return "BUSY";
4420 case RW_I93_STATE_DETECT_NDEF:
4421 return "NDEF_DETECTION";
4422 case RW_I93_STATE_READ_NDEF:
4423 return "READ_NDEF";
4424 case RW_I93_STATE_UPDATE_NDEF:
4425 return "UPDATE_NDEF";
4426 case RW_I93_STATE_FORMAT:
4427 return "FORMAT";
4428 case RW_I93_STATE_SET_READ_ONLY:
4429 return "SET_READ_ONLY";
4430 case RW_I93_STATE_PRESENCE_CHECK:
4431 return "PRESENCE_CHECK";
4432 default:
4433 return "???? UNKNOWN STATE";
4434 }
4435 }
4436
4437 /*******************************************************************************
4438 **
4439 ** Function rw_i93_get_sub_state_name
4440 **
4441 ** Description This function returns the sub_state name.
4442 **
4443 ** NOTE conditionally compiled to save memory.
4444 **
4445 ** Returns pointer to the name
4446 **
4447 *******************************************************************************/
rw_i93_get_sub_state_name(uint8_t sub_state)4448 std::string rw_i93_get_sub_state_name(uint8_t sub_state) {
4449 switch (sub_state) {
4450 case RW_I93_SUBSTATE_WAIT_UID:
4451 return "WAIT_UID";
4452 case RW_I93_SUBSTATE_WAIT_SYS_INFO:
4453 return "WAIT_SYS_INFO";
4454 case RW_I93_SUBSTATE_WAIT_CC:
4455 return "WAIT_CC";
4456 case RW_I93_SUBSTATE_WAIT_CC_EXT:
4457 return "WAIT_CC_EXT";
4458 case RW_I93_SUBSTATE_SEARCH_NDEF_TLV:
4459 return "SEARCH_NDEF_TLV";
4460 case RW_I93_SUBSTATE_CHECK_LOCK_STATUS:
4461 return "CHECK_LOCK_STATUS";
4462 case RW_I93_SUBSTATE_RESET_LEN:
4463 return "RESET_LEN";
4464 case RW_I93_SUBSTATE_WRITE_NDEF:
4465 return "WRITE_NDEF";
4466 case RW_I93_SUBSTATE_UPDATE_LEN:
4467 return "UPDATE_LEN";
4468 case RW_I93_SUBSTATE_WAIT_RESET_DSFID_AFI:
4469 return "WAIT_RESET_DSFID_AFI";
4470 case RW_I93_SUBSTATE_CHECK_READ_ONLY:
4471 return "CHECK_READ_ONLY";
4472 case RW_I93_SUBSTATE_WRITE_CC_NDEF_TLV:
4473 return "WRITE_CC_NDEF_TLV";
4474 case RW_I93_SUBSTATE_WAIT_UPDATE_CC:
4475 return "WAIT_UPDATE_CC";
4476 case RW_I93_SUBSTATE_LOCK_NDEF_TLV:
4477 return "LOCK_NDEF_TLV";
4478 case RW_I93_SUBSTATE_WAIT_LOCK_CC:
4479 return "WAIT_LOCK_CC";
4480 case RW_I93_SUBSTATE_LOCK_T5T_AREA:
4481 return "LOCK_T5T_AREA";
4482 default:
4483 return "???? UNKNOWN SUBSTATE";
4484 }
4485 }
4486
4487 /*******************************************************************************
4488 **
4489 ** Function rw_i93_get_tag_name
4490 **
4491 ** Description This function returns the tag name.
4492 **
4493 ** NOTE conditionally compiled to save memory.
4494 **
4495 ** Returns pointer to the name
4496 **
4497 *******************************************************************************/
rw_i93_get_tag_name(uint8_t product_version)4498 static std::string rw_i93_get_tag_name(uint8_t product_version) {
4499 switch (product_version) {
4500 case RW_I93_ICODE_SLI:
4501 return "SLI/SLIX";
4502 case RW_I93_ICODE_SLI_S:
4503 return "SLI-S/SLIX-S";
4504 case RW_I93_ICODE_SLI_L:
4505 return "SLI-L/SLIX-L";
4506 case RW_I93_TAG_IT_HF_I_PLUS_INLAY:
4507 return "Tag-it HF-I Plus Inlay";
4508 case RW_I93_TAG_IT_HF_I_PLUS_CHIP:
4509 return "Tag-it HF-I Plus Chip";
4510 case RW_I93_TAG_IT_HF_I_STD_CHIP_INLAY:
4511 return "Tag-it HF-I Standard Chip/Inlyas";
4512 case RW_I93_TAG_IT_HF_I_PRO_CHIP_INLAY:
4513 return "Tag-it HF-I Pro Chip/Inlays";
4514 case RW_I93_STM_LRI1K:
4515 return "LRi1K";
4516 case RW_I93_STM_LRI2K:
4517 return "LRi2K";
4518 case RW_I93_STM_LRIS2K:
4519 return "LRiS2K";
4520 case RW_I93_STM_LRIS64K:
4521 return "LRiS64K";
4522 case RW_I93_STM_M24LR64_R:
4523 return "M24LR64";
4524 case RW_I93_STM_M24LR04E_R:
4525 return "M24LR04E";
4526 case RW_I93_STM_M24LR16E_R:
4527 return "M24LR16E";
4528 case RW_I93_STM_M24LR16D_W:
4529 return "M24LR16D-W";
4530 case RW_I93_STM_M24LR64E_R:
4531 return "M24LR64E";
4532 case RW_I93_STM_ST25DV04K:
4533 return "ST25DV04";
4534 case RW_I93_STM_ST25DVHIK:
4535 return "ST25DV";
4536 case RW_I93_ONS_N36RW02:
4537 return ("N36RW02");
4538 case RW_I93_ONS_N24RF04:
4539 return ("N24RF04");
4540 case RW_I93_ONS_N24RF04E:
4541 return ("N24RF04E");
4542 case RW_I93_ONS_N24RF16:
4543 return ("N24RF16");
4544 case RW_I93_ONS_N24RF16E:
4545 return ("N24RF16E");
4546 case RW_I93_ONS_N24RF64:
4547 return ("N24RF64");
4548 case RW_I93_ONS_N24RF64E:
4549 return ("N24RF64E");
4550 case RW_I93_UNKNOWN_PRODUCT:
4551 default:
4552 return "UNKNOWN";
4553 }
4554 }
4555