1 /******************************************************************************
2  *
3  *  Copyright (C) 2010-2014 Broadcom Corporation
4  *
5  *  Licensed under the Apache License, Version 2.0 (the "License");
6  *  you may not use this file except in compliance with the License.
7  *  You may obtain a copy of the License at:
8  *
9  *  http://www.apache.org/licenses/LICENSE-2.0
10  *
11  *  Unless required by applicable law or agreed to in writing, software
12  *  distributed under the License is distributed on an "AS IS" BASIS,
13  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  *  See the License for the specific language governing permissions and
15  *  limitations under the License.
16  *
17  ******************************************************************************/
18 
19 /******************************************************************************
20  *
21  *  This file contains source code for some utility functions to help parse
22  *  and build NFC Data Exchange Format (NDEF) messages
23  *
24  ******************************************************************************/
25 #include "ndef_utils.h"
26 
27 #include <log/log.h>
28 #include <string.h>
29 
30 /*******************************************************************************
31 **
32 **              Static Local Functions
33 **
34 *******************************************************************************/
35 
36 /*******************************************************************************
37 **
38 ** Function         shiftdown
39 **
40 ** Description      shift memory down (to make space to insert a record)
41 **
42 *******************************************************************************/
shiftdown(uint8_t * p_mem,uint32_t len,uint32_t shift_amount)43 static void shiftdown(uint8_t* p_mem, uint32_t len, uint32_t shift_amount) {
44   uint8_t* ps = p_mem + len - 1;
45   uint8_t* pd = ps + shift_amount;
46   uint32_t xx;
47 
48   for (xx = 0; xx < len; xx++) *pd-- = *ps--;
49 }
50 
51 /*******************************************************************************
52 **
53 ** Function         shiftup
54 **
55 ** Description      shift memory up (to delete a record)
56 **
57 *******************************************************************************/
shiftup(uint8_t * p_dest,uint8_t * p_src,uint32_t len)58 static void shiftup(uint8_t* p_dest, uint8_t* p_src, uint32_t len) {
59   uint8_t* ps = p_src;
60   uint8_t* pd = p_dest;
61   uint32_t xx;
62 
63   for (xx = 0; xx < len; xx++) *pd++ = *ps++;
64 }
65 
66 /*******************************************************************************
67 **
68 ** Function         NDEF_MsgValidate
69 **
70 ** Description      This function validates an NDEF message.
71 **
72 ** Returns          TRUE if all OK, or FALSE if the message is invalid.
73 **
74 *******************************************************************************/
NDEF_MsgValidate(uint8_t * p_msg,uint32_t msg_len,bool b_allow_chunks)75 tNDEF_STATUS NDEF_MsgValidate(uint8_t* p_msg, uint32_t msg_len,
76                               bool b_allow_chunks) {
77   uint8_t* p_rec = p_msg;
78   uint8_t* p_end = p_msg + msg_len;
79   uint8_t* p_new;
80   uint8_t rec_hdr = 0, type_len, id_len;
81   int count;
82   uint32_t payload_len;
83   bool bInChunk = false;
84 
85   if ((p_msg == nullptr) || (msg_len < 3)) return (NDEF_MSG_TOO_SHORT);
86 
87   /* The first record must have the MB bit set */
88   if ((*p_msg & NDEF_MB_MASK) == 0) return (NDEF_MSG_NO_MSG_BEGIN);
89 
90   /* The first record cannot be a chunk */
91   if ((*p_msg & NDEF_TNF_MASK) == NDEF_TNF_UNCHANGED)
92     return (NDEF_MSG_UNEXPECTED_CHUNK);
93 
94   for (count = 0; p_rec < p_end; count++) {
95     /* if less than short record header */
96     if (p_rec + 3 > p_end) return (NDEF_MSG_TOO_SHORT);
97 
98     rec_hdr = *p_rec++;
99 
100     /* header should have a valid TNF */
101     if ((rec_hdr & NDEF_TNF_MASK) == NDEF_TNF_MASK)
102       return NDEF_MSG_INVALID_CHUNK;
103 
104     /* The second and all subsequent records must NOT have the MB bit set */
105     if ((count > 0) && (rec_hdr & NDEF_MB_MASK))
106       return (NDEF_MSG_EXTRA_MSG_BEGIN);
107 
108     /* Type field length */
109     type_len = *p_rec++;
110 
111     /* If the record is chunked, first record must contain the type unless
112      * it's Type Name Format is Unknown */
113     if ((rec_hdr & NDEF_CF_MASK) && (rec_hdr & NDEF_MB_MASK) && type_len == 0 &&
114         (rec_hdr & NDEF_TNF_MASK) != NDEF_TNF_UNKNOWN)
115       return (NDEF_MSG_INVALID_CHUNK);
116 
117     /* Payload length - can be 1 or 4 bytes */
118     if (rec_hdr & NDEF_SR_MASK)
119       payload_len = *p_rec++;
120     else {
121       /* if less than 4 bytes payload length */
122       if (p_rec + 4 > p_end) return (NDEF_MSG_TOO_SHORT);
123 
124       BE_STREAM_TO_UINT32(payload_len, p_rec);
125     }
126 
127     /* ID field Length */
128     if (rec_hdr & NDEF_IL_MASK) {
129       /* if less than 1 byte ID field length */
130       if (p_rec + 1 > p_end) return (NDEF_MSG_TOO_SHORT);
131 
132       id_len = *p_rec++;
133     } else {
134       id_len = 0;
135       /* Empty record must have the id_len */
136       if ((rec_hdr & NDEF_TNF_MASK) == NDEF_TNF_EMPTY)
137         return (NDEF_MSG_INVALID_EMPTY_REC);
138     }
139 
140     /* A chunk must have type "unchanged", and no type or ID fields */
141     if (rec_hdr & NDEF_CF_MASK) {
142       if (!b_allow_chunks) return (NDEF_MSG_UNEXPECTED_CHUNK);
143 
144       /* Inside a chunk, the type must be unchanged and no type or ID field i
145        * sallowed */
146       if (bInChunk) {
147         if ((type_len != 0) || (id_len != 0) ||
148             ((rec_hdr & NDEF_TNF_MASK) != NDEF_TNF_UNCHANGED))
149           return (NDEF_MSG_INVALID_CHUNK);
150       } else {
151         /* First record of a chunk must NOT have type "unchanged" */
152         if ((rec_hdr & NDEF_TNF_MASK) == NDEF_TNF_UNCHANGED)
153           return (NDEF_MSG_INVALID_CHUNK);
154 
155         bInChunk = true;
156       }
157     } else {
158       /* This may be the last guy in a chunk. */
159       if (bInChunk) {
160         if ((type_len != 0) || (id_len != 0) ||
161             ((rec_hdr & NDEF_TNF_MASK) != NDEF_TNF_UNCHANGED))
162           return (NDEF_MSG_INVALID_CHUNK);
163 
164         bInChunk = false;
165       } else {
166         /* If not in a chunk, the record must NOT have type "unchanged" */
167         if ((rec_hdr & NDEF_TNF_MASK) == NDEF_TNF_UNCHANGED)
168           return (NDEF_MSG_INVALID_CHUNK);
169       }
170     }
171 
172     /* An empty record must NOT have a type, ID or payload */
173     if ((rec_hdr & NDEF_TNF_MASK) == NDEF_TNF_EMPTY) {
174       if ((type_len != 0) || (id_len != 0) || (payload_len != 0))
175         return (NDEF_MSG_INVALID_EMPTY_REC);
176     }
177 
178     if ((rec_hdr & NDEF_TNF_MASK) == NDEF_TNF_UNKNOWN) {
179       if (type_len != 0) return (NDEF_MSG_LENGTH_MISMATCH);
180     }
181 
182     /* External type should have non-zero type length */
183     if ((rec_hdr & NDEF_TNF_MASK) == NDEF_TNF_EXT) {
184       if (type_len == 0) return (NDEF_MSG_LENGTH_MISMATCH);
185     }
186 
187     /* External type and Well Known types should have valid characters
188        in the TYPE field */
189     if ((rec_hdr & NDEF_TNF_MASK) == NDEF_TNF_EXT ||
190         (rec_hdr & NDEF_TNF_MASK) == NDEF_TNF_WKT) {
191       uint8_t* p_rec_type = p_rec;
192       if ((p_rec_type + type_len) > p_end) return (NDEF_MSG_TOO_SHORT);
193 
194       for (int type_index = 0; type_index < type_len; type_index++) {
195         if (p_rec_type[type_index] < NDEF_RTD_VALID_START ||
196             p_rec_type[type_index] > NDEF_RTD_VALID_END)
197           return (NDEF_MSG_INVALID_TYPE);
198       }
199     }
200 
201     /* Check for OOB */
202     if (payload_len + type_len + id_len < payload_len ||
203         payload_len + type_len + id_len > msg_len) {
204       return (NDEF_MSG_LENGTH_MISMATCH);
205     }
206     p_new = p_rec + (payload_len + type_len + id_len);
207     if (p_rec > p_new || p_end < p_new) {
208       android_errorWriteLog(0x534e4554, "126200054");
209       return (NDEF_MSG_LENGTH_MISMATCH);
210     }
211 
212     /* Point to next record */
213     p_rec += (payload_len + type_len + id_len);
214 
215     if (rec_hdr & NDEF_ME_MASK) break;
216 
217     rec_hdr = 0;
218   }
219 
220   /* The last record should have the ME bit set */
221   if ((rec_hdr & NDEF_ME_MASK) == 0) return (NDEF_MSG_NO_MSG_END);
222 
223   /* p_rec should equal p_end if all the length fields were correct */
224   if (p_rec != p_end) return (NDEF_MSG_LENGTH_MISMATCH);
225 
226   return (NDEF_OK);
227 }
228 
229 /*******************************************************************************
230 **
231 ** Function         NDEF_MsgGetNumRecs
232 **
233 ** Description      This function gets the number of records in the given NDEF
234 **                  message.
235 **
236 ** Returns          The record count, or 0 if the message is invalid.
237 **
238 *******************************************************************************/
NDEF_MsgGetNumRecs(uint8_t * p_msg)239 int32_t NDEF_MsgGetNumRecs(uint8_t* p_msg) {
240   uint8_t* p_rec = p_msg;
241   uint8_t rec_hdr, type_len, id_len;
242   int count;
243   uint32_t payload_len;
244 
245   for (count = 0;;) {
246     count++;
247 
248     rec_hdr = *p_rec++;
249 
250     if (rec_hdr & NDEF_ME_MASK) break;
251 
252     /* Type field length */
253     type_len = *p_rec++;
254 
255     /* Payload length - can be 1 or 4 bytes */
256     if (rec_hdr & NDEF_SR_MASK)
257       payload_len = *p_rec++;
258     else
259       BE_STREAM_TO_UINT32(payload_len, p_rec);
260 
261     /* ID field Length */
262     if (rec_hdr & NDEF_IL_MASK)
263       id_len = *p_rec++;
264     else
265       id_len = 0;
266 
267     /* Point to next record */
268     p_rec += (payload_len + type_len + id_len);
269   }
270 
271   /* Return the number of records found */
272   return (count);
273 }
274 
275 /*******************************************************************************
276 **
277 ** Function         NDEF_MsgGetRecLength
278 **
279 ** Description      This function returns length of the current record in the
280 **                  given NDEF message.
281 **
282 ** Returns          Length of record
283 **
284 *******************************************************************************/
NDEF_MsgGetRecLength(uint8_t * p_cur_rec)285 uint32_t NDEF_MsgGetRecLength(uint8_t* p_cur_rec) {
286   uint8_t rec_hdr, type_len, id_len;
287   uint32_t rec_len = 0;
288   uint32_t payload_len;
289 
290   /* Get the current record's header */
291   rec_hdr = *p_cur_rec++;
292   rec_len++;
293 
294   /* Type field length */
295   type_len = *p_cur_rec++;
296   rec_len++;
297 
298   /* Payload length - can be 1 or 4 bytes */
299   if (rec_hdr & NDEF_SR_MASK) {
300     payload_len = *p_cur_rec++;
301     rec_len++;
302   } else {
303     BE_STREAM_TO_UINT32(payload_len, p_cur_rec);
304     rec_len += 4;
305   }
306 
307   /* ID field Length */
308   if (rec_hdr & NDEF_IL_MASK) {
309     id_len = *p_cur_rec++;
310     rec_len++;
311   } else
312     id_len = 0;
313 
314   /* Total length of record */
315   rec_len += (payload_len + type_len + id_len);
316 
317   return (rec_len);
318 }
319 
320 /*******************************************************************************
321 **
322 ** Function         NDEF_MsgGetNextRec
323 **
324 ** Description      This function gets a pointer to the next record in the given
325 **                  NDEF message. If the current record pointer is NULL, a
326 **                  pointer to the first record is returned.
327 **
328 ** Returns          Pointer to the start of the record, or NULL if no more
329 **
330 *******************************************************************************/
NDEF_MsgGetNextRec(uint8_t * p_cur_rec)331 uint8_t* NDEF_MsgGetNextRec(uint8_t* p_cur_rec) {
332   uint8_t rec_hdr, type_len, id_len;
333   uint32_t payload_len;
334 
335   /* Get the current record's header */
336   rec_hdr = *p_cur_rec++;
337 
338   /* If this is the last record, return NULL */
339   if (rec_hdr & NDEF_ME_MASK) return (nullptr);
340 
341   /* Type field length */
342   type_len = *p_cur_rec++;
343 
344   /* Payload length - can be 1 or 4 bytes */
345   if (rec_hdr & NDEF_SR_MASK)
346     payload_len = *p_cur_rec++;
347   else
348     BE_STREAM_TO_UINT32(payload_len, p_cur_rec);
349 
350   /* ID field Length */
351   if (rec_hdr & NDEF_IL_MASK)
352     id_len = *p_cur_rec++;
353   else
354     id_len = 0;
355 
356   /* Point to next record */
357   p_cur_rec += (payload_len + type_len + id_len);
358 
359   return (p_cur_rec);
360 }
361 
362 /*******************************************************************************
363 **
364 ** Function         NDEF_MsgGetRecByIndex
365 **
366 ** Description      This function gets a pointer to the record with the given
367 **                  index (0-based index) in the given NDEF message.
368 **
369 ** Returns          Pointer to the start of the record, or NULL
370 **
371 *******************************************************************************/
NDEF_MsgGetRecByIndex(uint8_t * p_msg,int32_t index)372 uint8_t* NDEF_MsgGetRecByIndex(uint8_t* p_msg, int32_t index) {
373   uint8_t* p_rec = p_msg;
374   uint8_t rec_hdr, type_len, id_len;
375   int32_t count;
376   uint32_t payload_len;
377 
378   for (count = 0;; count++) {
379     if (count == index) return (p_rec);
380 
381     rec_hdr = *p_rec++;
382 
383     if (rec_hdr & NDEF_ME_MASK) return (nullptr);
384 
385     /* Type field length */
386     type_len = *p_rec++;
387 
388     /* Payload length - can be 1 or 4 bytes */
389     if (rec_hdr & NDEF_SR_MASK)
390       payload_len = *p_rec++;
391     else
392       BE_STREAM_TO_UINT32(payload_len, p_rec);
393 
394     /* ID field Length */
395     if (rec_hdr & NDEF_IL_MASK)
396       id_len = *p_rec++;
397     else
398       id_len = 0;
399 
400     /* Point to next record */
401     p_rec += (payload_len + type_len + id_len);
402   }
403 
404   /* If here, there is no record of that index */
405   return (nullptr);
406 }
407 
408 /*******************************************************************************
409 **
410 ** Function         NDEF_MsgGetLastRecInMsg
411 **
412 ** Description      This function gets a pointer to the last record in the
413 **                  given NDEF message.
414 **
415 ** Returns          Pointer to the start of the last record, or NULL if some
416 **                  problem
417 **
418 *******************************************************************************/
NDEF_MsgGetLastRecInMsg(uint8_t * p_msg)419 uint8_t* NDEF_MsgGetLastRecInMsg(uint8_t* p_msg) {
420   uint8_t* p_rec = p_msg;
421   uint8_t* pRecStart;
422   uint8_t rec_hdr, type_len, id_len;
423   uint32_t payload_len;
424 
425   for (;;) {
426     pRecStart = p_rec;
427     rec_hdr = *p_rec++;
428 
429     if (rec_hdr & NDEF_ME_MASK) break;
430 
431     /* Type field length */
432     type_len = *p_rec++;
433 
434     /* Payload length - can be 1 or 4 bytes */
435     if (rec_hdr & NDEF_SR_MASK)
436       payload_len = *p_rec++;
437     else
438       BE_STREAM_TO_UINT32(payload_len, p_rec);
439 
440     /* ID field Length */
441     if (rec_hdr & NDEF_IL_MASK)
442       id_len = *p_rec++;
443     else
444       id_len = 0;
445 
446     /* Point to next record */
447     p_rec += (payload_len + type_len + id_len);
448   }
449 
450   return (pRecStart);
451 }
452 
453 /*******************************************************************************
454 **
455 ** Function         NDEF_MsgGetFirstRecByType
456 **
457 ** Description      This function gets a pointer to the first record with the
458 **                  given record type in the given NDEF message.
459 **
460 ** Returns          Pointer to the start of the record, or NULL
461 **
462 *******************************************************************************/
NDEF_MsgGetFirstRecByType(uint8_t * p_msg,uint8_t tnf,uint8_t * p_type,uint8_t tlen)463 uint8_t* NDEF_MsgGetFirstRecByType(uint8_t* p_msg, uint8_t tnf, uint8_t* p_type,
464                                    uint8_t tlen) {
465   uint8_t* p_rec = p_msg;
466   uint8_t* pRecStart;
467   uint8_t rec_hdr, type_len, id_len;
468   uint32_t payload_len;
469 
470   for (;;) {
471     pRecStart = p_rec;
472 
473     rec_hdr = *p_rec++;
474 
475     /* Type field length */
476     type_len = *p_rec++;
477 
478     /* Payload length - can be 1 or 4 bytes */
479     if (rec_hdr & NDEF_SR_MASK)
480       payload_len = *p_rec++;
481     else
482       BE_STREAM_TO_UINT32(payload_len, p_rec);
483 
484     /* ID field Length */
485     if (rec_hdr & NDEF_IL_MASK)
486       id_len = *p_rec++;
487     else
488       id_len = 0;
489 
490     /* At this point, p_rec points to the start of the type field. We need to */
491     /* compare the type of the type, the length of the type and the data     */
492     if (((rec_hdr & NDEF_TNF_MASK) == tnf) && (type_len == tlen) &&
493         (!memcmp(p_rec, p_type, tlen)))
494       return (pRecStart);
495 
496     /* If this was the last record, return NULL */
497     if (rec_hdr & NDEF_ME_MASK) return (nullptr);
498 
499     /* Point to next record */
500     p_rec += (payload_len + type_len + id_len);
501   }
502 
503   /* If here, there is no record of that type */
504   return (nullptr);
505 }
506 
507 /*******************************************************************************
508 **
509 ** Function         NDEF_MsgGetNextRecByType
510 **
511 ** Description      This function gets a pointer to the next record with the
512 **                  given record type in the given NDEF message.
513 **
514 ** Returns          Pointer to the start of the record, or NULL
515 **
516 *******************************************************************************/
NDEF_MsgGetNextRecByType(uint8_t * p_cur_rec,uint8_t tnf,uint8_t * p_type,uint8_t tlen)517 uint8_t* NDEF_MsgGetNextRecByType(uint8_t* p_cur_rec, uint8_t tnf,
518                                   uint8_t* p_type, uint8_t tlen) {
519   uint8_t* p_rec;
520   uint8_t* pRecStart;
521   uint8_t rec_hdr, type_len, id_len;
522   uint32_t payload_len;
523 
524   /* If this is the last record in the message, return NULL */
525   p_rec = NDEF_MsgGetNextRec(p_cur_rec);
526   if (p_rec == nullptr) return (nullptr);
527 
528   for (;;) {
529     pRecStart = p_rec;
530 
531     rec_hdr = *p_rec++;
532 
533     /* Type field length */
534     type_len = *p_rec++;
535 
536     /* Payload length - can be 1 or 4 bytes */
537     if (rec_hdr & NDEF_SR_MASK)
538       payload_len = *p_rec++;
539     else
540       BE_STREAM_TO_UINT32(payload_len, p_rec);
541 
542     /* ID field Length */
543     if (rec_hdr & NDEF_IL_MASK)
544       id_len = *p_rec++;
545     else
546       id_len = 0;
547 
548     /* At this point, p_rec points to the start of the type field. We need to */
549     /* compare the type of the type, the length of the type and the data     */
550     if (((rec_hdr & NDEF_TNF_MASK) == tnf) && (type_len == tlen) &&
551         (!memcmp(p_rec, p_type, tlen)))
552       return (pRecStart);
553 
554     /* If this was the last record, return NULL */
555     if (rec_hdr & NDEF_ME_MASK) break;
556 
557     /* Point to next record */
558     p_rec += (payload_len + type_len + id_len);
559   }
560 
561   /* If here, there is no record of that type */
562   return (nullptr);
563 }
564 
565 /*******************************************************************************
566 **
567 ** Function         NDEF_MsgGetFirstRecById
568 **
569 ** Description      This function gets a pointer to the first record with the
570 **                  given record id in the given NDEF message.
571 **
572 ** Returns          Pointer to the start of the record, or NULL
573 **
574 *******************************************************************************/
NDEF_MsgGetFirstRecById(uint8_t * p_msg,uint8_t * p_id,uint8_t ilen)575 uint8_t* NDEF_MsgGetFirstRecById(uint8_t* p_msg, uint8_t* p_id, uint8_t ilen) {
576   uint8_t* p_rec = p_msg;
577   uint8_t* pRecStart;
578   uint8_t rec_hdr, type_len, id_len;
579   uint32_t payload_len;
580 
581   for (;;) {
582     pRecStart = p_rec;
583 
584     rec_hdr = *p_rec++;
585 
586     /* Type field length */
587     type_len = *p_rec++;
588 
589     /* Payload length - can be 1 or 4 bytes */
590     if (rec_hdr & NDEF_SR_MASK)
591       payload_len = *p_rec++;
592     else
593       BE_STREAM_TO_UINT32(payload_len, p_rec);
594 
595     /* ID field Length */
596     if (rec_hdr & NDEF_IL_MASK)
597       id_len = *p_rec++;
598     else
599       id_len = 0;
600 
601     /* At this point, p_rec points to the start of the type field. Skip it */
602     p_rec += type_len;
603 
604     /* At this point, p_rec points to the start of the ID field. Compare length
605      * and data */
606     if ((id_len == ilen) && (!memcmp(p_rec, p_id, ilen))) return (pRecStart);
607 
608     /* If this was the last record, return NULL */
609     if (rec_hdr & NDEF_ME_MASK) return (nullptr);
610 
611     /* Point to next record */
612     p_rec += (id_len + payload_len);
613   }
614 
615   /* If here, there is no record of that ID */
616   return (nullptr);
617 }
618 
619 /*******************************************************************************
620 **
621 ** Function         NDEF_MsgGetNextRecById
622 **
623 ** Description      This function gets a pointer to the next record with the
624 **                  given record id in the given NDEF message.
625 **
626 ** Returns          Pointer to the start of the record, or NULL
627 **
628 *******************************************************************************/
NDEF_MsgGetNextRecById(uint8_t * p_cur_rec,uint8_t * p_id,uint8_t ilen)629 uint8_t* NDEF_MsgGetNextRecById(uint8_t* p_cur_rec, uint8_t* p_id,
630                                 uint8_t ilen) {
631   uint8_t* p_rec;
632   uint8_t* pRecStart;
633   uint8_t rec_hdr, type_len, id_len;
634   uint32_t payload_len;
635 
636   /* If this is the last record in the message, return NULL */
637   p_rec = NDEF_MsgGetNextRec(p_cur_rec);
638   if (p_rec == nullptr) return (nullptr);
639 
640   for (;;) {
641     pRecStart = p_rec;
642 
643     rec_hdr = *p_rec++;
644 
645     /* Type field length */
646     type_len = *p_rec++;
647 
648     /* Payload length - can be 1 or 4 bytes */
649     if (rec_hdr & NDEF_SR_MASK)
650       payload_len = *p_rec++;
651     else
652       BE_STREAM_TO_UINT32(payload_len, p_rec);
653 
654     /* ID field Length */
655     if (rec_hdr & NDEF_IL_MASK)
656       id_len = *p_rec++;
657     else
658       id_len = 0;
659 
660     /* At this point, p_rec points to the start of the type field. Skip it */
661     p_rec += type_len;
662 
663     /* At this point, p_rec points to the start of the ID field. Compare length
664      * and data */
665     if ((id_len == ilen) && (!memcmp(p_rec, p_id, ilen))) return (pRecStart);
666 
667     /* If this was the last record, return NULL */
668     if (rec_hdr & NDEF_ME_MASK) break;
669 
670     /* Point to next record */
671     p_rec += (id_len + payload_len);
672   }
673 
674   /* If here, there is no record of that ID */
675   return (nullptr);
676 }
677 
678 /*******************************************************************************
679 **
680 ** Function         NDEF_RecGetType
681 **
682 ** Description      This function gets a pointer to the record type for the
683 **                  given NDEF record.
684 **
685 ** Returns          Pointer to Type (NULL if none). TNF and len are filled in.
686 **
687 *******************************************************************************/
NDEF_RecGetType(uint8_t * p_rec,uint8_t * p_tnf,uint8_t * p_type_len)688 uint8_t* NDEF_RecGetType(uint8_t* p_rec, uint8_t* p_tnf, uint8_t* p_type_len) {
689   uint8_t rec_hdr, type_len;
690 
691   /* First byte is the record header */
692   rec_hdr = *p_rec++;
693 
694   /* Next byte is the type field length */
695   type_len = *p_rec++;
696 
697   /* Skip the payload length */
698   if (rec_hdr & NDEF_SR_MASK)
699     p_rec += 1;
700   else
701     p_rec += 4;
702 
703   /* Skip ID field Length, if present */
704   if (rec_hdr & NDEF_IL_MASK) p_rec++;
705 
706   /* At this point, p_rec points to the start of the type field.  */
707   *p_type_len = type_len;
708   *p_tnf = rec_hdr & NDEF_TNF_MASK;
709 
710   if (type_len == 0)
711     return (nullptr);
712   else
713     return (p_rec);
714 }
715 
716 /*******************************************************************************
717 **
718 ** Function         NDEF_RecGetId
719 **
720 ** Description      This function gets a pointer to the record id for the given
721 **                  NDEF record.
722 **
723 ** Returns          Pointer to Id (NULL if none). ID Len is filled in.
724 **
725 *******************************************************************************/
NDEF_RecGetId(uint8_t * p_rec,uint8_t * p_id_len)726 uint8_t* NDEF_RecGetId(uint8_t* p_rec, uint8_t* p_id_len) {
727   uint8_t rec_hdr, type_len;
728 
729   /* First byte is the record header */
730   rec_hdr = *p_rec++;
731 
732   /* Next byte is the type field length */
733   type_len = *p_rec++;
734 
735   /* Skip the payload length */
736   if (rec_hdr & NDEF_SR_MASK)
737     p_rec++;
738   else
739     p_rec += 4;
740 
741   /* ID field Length */
742   if (rec_hdr & NDEF_IL_MASK)
743     *p_id_len = *p_rec++;
744   else
745     *p_id_len = 0;
746 
747   /* p_rec now points to the start of the type field. The ID field follows it */
748   if (*p_id_len == 0)
749     return (nullptr);
750   else
751     return (p_rec + type_len);
752 }
753 
754 /*******************************************************************************
755 **
756 ** Function         NDEF_RecGetPayload
757 **
758 ** Description      This function gets a pointer to the payload for the given
759 **                  NDEF record.
760 **
761 ** Returns          a pointer to the payload (or NULL none). Payload len filled
762 **                  in.
763 **
764 *******************************************************************************/
NDEF_RecGetPayload(uint8_t * p_rec,uint32_t * p_payload_len)765 uint8_t* NDEF_RecGetPayload(uint8_t* p_rec, uint32_t* p_payload_len) {
766   uint8_t rec_hdr, type_len, id_len;
767   uint32_t payload_len;
768 
769   /* First byte is the record header */
770   rec_hdr = *p_rec++;
771 
772   /* Next byte is the type field length */
773   type_len = *p_rec++;
774 
775   /* Next is the payload length (1 or 4 bytes) */
776   if (rec_hdr & NDEF_SR_MASK)
777     payload_len = *p_rec++;
778   else
779     BE_STREAM_TO_UINT32(payload_len, p_rec);
780 
781   *p_payload_len = payload_len;
782 
783   /* ID field Length */
784   if (rec_hdr & NDEF_IL_MASK)
785     id_len = *p_rec++;
786   else
787     id_len = 0;
788 
789   /* p_rec now points to the start of the type field. The ID field follows it,
790    * then the payload */
791   if (payload_len == 0)
792     return (nullptr);
793   else
794     return (p_rec + type_len + id_len);
795 }
796 
797 /*******************************************************************************
798 **
799 ** Function         NDEF_MsgInit
800 **
801 ** Description      This function initializes an NDEF message.
802 **
803 ** Returns          void
804 **                  *p_cur_size is initialized to 0
805 **
806 *******************************************************************************/
NDEF_MsgInit(uint8_t * p_msg,uint32_t max_size,uint32_t * p_cur_size)807 void NDEF_MsgInit(uint8_t* p_msg, uint32_t max_size, uint32_t* p_cur_size) {
808   *p_cur_size = 0;
809   memset(p_msg, 0, max_size);
810 }
811 
812 /*******************************************************************************
813 **
814 ** Function         NDEF_MsgAddRec
815 **
816 ** Description      This function adds an NDEF record to the end of an NDEF
817 **                  message.
818 **
819 ** Returns          OK, or error if the record did not fit
820 **                  *p_cur_size is updated
821 **
822 *******************************************************************************/
NDEF_MsgAddRec(uint8_t * p_msg,uint32_t max_size,uint32_t * p_cur_size,uint8_t tnf,uint8_t * p_type,uint8_t type_len,uint8_t * p_id,uint8_t id_len,uint8_t * p_payload,uint32_t payload_len)823 extern tNDEF_STATUS NDEF_MsgAddRec(uint8_t* p_msg, uint32_t max_size,
824                                    uint32_t* p_cur_size, uint8_t tnf,
825                                    uint8_t* p_type, uint8_t type_len,
826                                    uint8_t* p_id, uint8_t id_len,
827                                    uint8_t* p_payload, uint32_t payload_len) {
828   uint8_t* p_rec = p_msg + *p_cur_size;
829   uint32_t recSize;
830   int plen = (payload_len < 256) ? 1 : 4;
831   int ilen = (id_len == 0) ? 0 : 1;
832 
833   if (tnf > NDEF_TNF_RESERVED) {
834     tnf = NDEF_TNF_UNKNOWN;
835     type_len = 0;
836   }
837 
838   /* First, make sure the record will fit. we need at least 2 bytes for header
839    * and type length */
840   recSize = payload_len + 2 + type_len + plen + ilen + id_len;
841 
842   if ((*p_cur_size + recSize) > max_size) return (NDEF_MSG_INSUFFICIENT_MEM);
843 
844   /* Construct the record header. For the first record, set both begin and end
845    * bits */
846   if (*p_cur_size == 0)
847     *p_rec = tnf | NDEF_MB_MASK | NDEF_ME_MASK;
848   else {
849     /* Find the previous last and clear his 'Message End' bit */
850     uint8_t* pLast = NDEF_MsgGetLastRecInMsg(p_msg);
851 
852     if (!pLast) return (NDEF_MSG_NO_MSG_END);
853 
854     *pLast &= ~NDEF_ME_MASK;
855     *p_rec = tnf | NDEF_ME_MASK;
856   }
857 
858   if (plen == 1) *p_rec |= NDEF_SR_MASK;
859 
860   if (ilen != 0) *p_rec |= NDEF_IL_MASK;
861 
862   p_rec++;
863 
864   /* The next byte is the type field length */
865   *p_rec++ = type_len;
866 
867   /* Payload length - can be 1 or 4 bytes */
868   if (plen == 1)
869     *p_rec++ = (uint8_t)payload_len;
870   else
871     UINT32_TO_BE_STREAM(p_rec, payload_len);
872 
873   /* ID field Length (optional) */
874   if (ilen > 0) *p_rec++ = id_len;
875 
876   /* Next comes the type */
877   if (type_len) {
878     if (p_type) memcpy(p_rec, p_type, type_len);
879 
880     p_rec += type_len;
881   }
882 
883   /* Next comes the ID */
884   if (id_len) {
885     if (p_id) memcpy(p_rec, p_id, id_len);
886 
887     p_rec += id_len;
888   }
889 
890   /* And lastly the payload. If NULL, the app just wants to reserve memory */
891   if (p_payload) memcpy(p_rec, p_payload, payload_len);
892 
893   *p_cur_size += recSize;
894 
895   return (NDEF_OK);
896 }
897 
898 /*******************************************************************************
899 **
900 ** Function         NDEF_MsgAppendPayload
901 **
902 ** Description      This function appends extra payload to a specific record in
903 **                  the given NDEF message
904 **
905 ** Returns          OK, or error if the extra payload did not fit
906 **                  *p_cur_size is updated
907 **
908 *******************************************************************************/
NDEF_MsgAppendPayload(uint8_t * p_msg,uint32_t max_size,uint32_t * p_cur_size,uint8_t * p_rec,uint8_t * p_add_pl,uint32_t add_pl_len)909 tNDEF_STATUS NDEF_MsgAppendPayload(uint8_t* p_msg, uint32_t max_size,
910                                    uint32_t* p_cur_size, uint8_t* p_rec,
911                                    uint8_t* p_add_pl, uint32_t add_pl_len) {
912   uint32_t prev_paylen, new_paylen;
913   uint8_t *p_prev_pl, *pp;
914   uint8_t incr_lenfld = 0;
915   uint8_t type_len, id_len;
916 
917   /* Skip header */
918   pp = p_rec + 1;
919 
920   /* Next byte is the type field length */
921   type_len = *pp++;
922 
923   /* Next is the payload length (1 or 4 bytes) */
924   if (*p_rec & NDEF_SR_MASK)
925     prev_paylen = *pp++;
926   else
927     BE_STREAM_TO_UINT32(prev_paylen, pp);
928 
929   /* ID field Length */
930   if (*p_rec & NDEF_IL_MASK)
931     id_len = *pp++;
932   else
933     id_len = 0;
934 
935   p_prev_pl = pp + type_len + id_len;
936 
937   new_paylen = prev_paylen + add_pl_len;
938 
939   /* Previous payload may be < 256, and this addition may make it larger than
940    * 256 */
941   /* If that were to happen, the payload length field goes from 1 byte to 4
942    * bytes */
943   if ((prev_paylen < 256) && (new_paylen > 255)) incr_lenfld = 3;
944 
945   /* Check that it all fits */
946   if ((*p_cur_size + add_pl_len + incr_lenfld) > max_size)
947     return (NDEF_MSG_INSUFFICIENT_MEM);
948 
949   /* Point to payload length field */
950   pp = p_rec + 2;
951 
952   /* If we need to increase the length field from 1 to 4 bytes, do it first */
953   if (incr_lenfld) {
954     shiftdown(pp + 1, (uint32_t)(*p_cur_size - (pp - p_msg) - 1), 3);
955     p_prev_pl += 3;
956   }
957 
958   /* Store in the new length */
959   if (new_paylen > 255) {
960     *p_rec &= ~NDEF_SR_MASK;
961     UINT32_TO_BE_STREAM(pp, new_paylen);
962   } else
963     *pp = (uint8_t)new_paylen;
964 
965   /* Point to the end of the previous payload */
966   pp = p_prev_pl + prev_paylen;
967 
968   /* If we are not the last record, make space for the extra payload */
969   if ((*p_rec & NDEF_ME_MASK) == 0)
970     shiftdown(pp, (uint32_t)(*p_cur_size - (pp - p_msg)), add_pl_len);
971 
972   /* Now copy in the additional payload data */
973   memcpy(pp, p_add_pl, add_pl_len);
974 
975   *p_cur_size += add_pl_len + incr_lenfld;
976 
977   return (NDEF_OK);
978 }
979 
980 /*******************************************************************************
981 **
982 ** Function         NDEF_MsgReplacePayload
983 **
984 ** Description      This function replaces the payload of a specific record in
985 **                  the given NDEF message
986 **
987 ** Returns          OK, or error if the new payload did not fit
988 **                  *p_cur_size is updated
989 **
990 *******************************************************************************/
NDEF_MsgReplacePayload(uint8_t * p_msg,uint32_t max_size,uint32_t * p_cur_size,uint8_t * p_rec,uint8_t * p_new_pl,uint32_t new_pl_len)991 tNDEF_STATUS NDEF_MsgReplacePayload(uint8_t* p_msg, uint32_t max_size,
992                                     uint32_t* p_cur_size, uint8_t* p_rec,
993                                     uint8_t* p_new_pl, uint32_t new_pl_len) {
994   uint32_t prev_paylen;
995   uint8_t *p_prev_pl, *pp;
996   uint32_t paylen_delta;
997   uint8_t type_len, id_len;
998 
999   /* Skip header */
1000   pp = p_rec + 1;
1001 
1002   /* Next byte is the type field length */
1003   type_len = *pp++;
1004 
1005   /* Next is the payload length (1 or 4 bytes) */
1006   if (*p_rec & NDEF_SR_MASK)
1007     prev_paylen = *pp++;
1008   else
1009     BE_STREAM_TO_UINT32(prev_paylen, pp);
1010 
1011   /* ID field Length */
1012   if (*p_rec & NDEF_IL_MASK)
1013     id_len = *pp++;
1014   else
1015     id_len = 0;
1016 
1017   p_prev_pl = pp + type_len + id_len;
1018 
1019   /* Point to payload length field again */
1020   pp = p_rec + 2;
1021 
1022   if (new_pl_len > prev_paylen) {
1023     /* New payload is larger than the previous */
1024     paylen_delta = new_pl_len - prev_paylen;
1025 
1026     /* If the previous payload length was < 256, and new is > 255 */
1027     /* the payload length field goes from 1 byte to 4 bytes       */
1028     if ((prev_paylen < 256) && (new_pl_len > 255)) {
1029       if ((*p_cur_size + paylen_delta + 3) > max_size)
1030         return (NDEF_MSG_INSUFFICIENT_MEM);
1031 
1032       shiftdown(pp + 1, (uint32_t)(*p_cur_size - (pp - p_msg) - 1), 3);
1033       p_prev_pl += 3;
1034       *p_cur_size += 3;
1035       *p_rec &= ~NDEF_SR_MASK;
1036     } else if ((*p_cur_size + paylen_delta) > max_size)
1037       return (NDEF_MSG_INSUFFICIENT_MEM);
1038 
1039     /* Store in the new length */
1040     if (new_pl_len > 255) {
1041       UINT32_TO_BE_STREAM(pp, new_pl_len);
1042     } else
1043       *pp = (uint8_t)new_pl_len;
1044 
1045     /* Point to the end of the previous payload */
1046     pp = p_prev_pl + prev_paylen;
1047 
1048     /* If we are not the last record, make space for the extra payload */
1049     if ((*p_rec & NDEF_ME_MASK) == 0)
1050       shiftdown(pp, (uint32_t)(*p_cur_size - (pp - p_msg)), paylen_delta);
1051 
1052     *p_cur_size += paylen_delta;
1053   } else if (new_pl_len < prev_paylen) {
1054     /* New payload is smaller than the previous */
1055     paylen_delta = prev_paylen - new_pl_len;
1056 
1057     /* If the previous payload was > 256, and new is less than 256 */
1058     /* the payload length field goes from 4 bytes to 1 byte        */
1059     if ((prev_paylen > 255) && (new_pl_len < 256)) {
1060       shiftup(pp + 1, pp + 4, (uint32_t)(*p_cur_size - (pp - p_msg) - 3));
1061       p_prev_pl -= 3;
1062       *p_cur_size -= 3;
1063       *p_rec |= NDEF_SR_MASK;
1064     }
1065 
1066     /* Store in the new length */
1067     if (new_pl_len > 255) {
1068       UINT32_TO_BE_STREAM(pp, new_pl_len);
1069     } else
1070       *pp = (uint8_t)new_pl_len;
1071 
1072     /* Point to the end of the previous payload */
1073     pp = p_prev_pl + prev_paylen;
1074 
1075     /* If we are not the last record, remove the extra space from the previous
1076      * payload */
1077     if ((*p_rec & NDEF_ME_MASK) == 0)
1078       shiftup(pp - paylen_delta, pp, (uint32_t)(*p_cur_size - (pp - p_msg)));
1079 
1080     *p_cur_size -= paylen_delta;
1081   }
1082 
1083   /* Now copy in the new payload data */
1084   if (p_new_pl) memcpy(p_prev_pl, p_new_pl, new_pl_len);
1085 
1086   return (NDEF_OK);
1087 }
1088 
1089 /*******************************************************************************
1090 **
1091 ** Function         NDEF_MsgReplaceType
1092 **
1093 ** Description      This function replaces the type field of a specific record
1094 **                  in the given NDEF message
1095 **
1096 ** Returns          OK, or error if the new type field did not fit
1097 **                  *p_cur_size is updated
1098 **
1099 *******************************************************************************/
NDEF_MsgReplaceType(uint8_t * p_msg,uint32_t max_size,uint32_t * p_cur_size,uint8_t * p_rec,uint8_t * p_new_type,uint8_t new_type_len)1100 tNDEF_STATUS NDEF_MsgReplaceType(uint8_t* p_msg, uint32_t max_size,
1101                                  uint32_t* p_cur_size, uint8_t* p_rec,
1102                                  uint8_t* p_new_type, uint8_t new_type_len) {
1103   uint8_t typelen_delta;
1104   uint8_t *p_prev_type, prev_type_len;
1105   uint8_t* pp;
1106 
1107   /* Skip header */
1108   pp = p_rec + 1;
1109 
1110   /* Next byte is the type field length */
1111   prev_type_len = *pp++;
1112 
1113   /* Skip the payload length */
1114   if (*p_rec & NDEF_SR_MASK)
1115     pp += 1;
1116   else
1117     pp += 4;
1118 
1119   if (*p_rec & NDEF_IL_MASK) pp++;
1120 
1121   /* Save pointer to the start of the type field */
1122   p_prev_type = pp;
1123 
1124   if (new_type_len > prev_type_len) {
1125     /* New type is larger than the previous */
1126     typelen_delta = new_type_len - prev_type_len;
1127 
1128     if ((*p_cur_size + typelen_delta) > max_size)
1129       return (NDEF_MSG_INSUFFICIENT_MEM);
1130 
1131     /* Point to the end of the previous type, and make space for the extra data
1132      */
1133     pp = p_prev_type + prev_type_len;
1134     shiftdown(pp, (uint32_t)(*p_cur_size - (pp - p_msg)), typelen_delta);
1135 
1136     *p_cur_size += typelen_delta;
1137   } else if (new_type_len < prev_type_len) {
1138     /* New type field is smaller than the previous */
1139     typelen_delta = prev_type_len - new_type_len;
1140 
1141     /* Point to the end of the previous type, and shift up to fill the the
1142      * unused space */
1143     pp = p_prev_type + prev_type_len;
1144     shiftup(pp - typelen_delta, pp, (uint32_t)(*p_cur_size - (pp - p_msg)));
1145 
1146     *p_cur_size -= typelen_delta;
1147   }
1148 
1149   /* Save in new type length */
1150   p_rec[1] = new_type_len;
1151 
1152   /* Now copy in the new type field data */
1153   if (p_new_type) memcpy(p_prev_type, p_new_type, new_type_len);
1154 
1155   return (NDEF_OK);
1156 }
1157 
1158 /*******************************************************************************
1159 **
1160 ** Function         NDEF_MsgReplaceId
1161 **
1162 ** Description      This function replaces the ID field of a specific record in
1163 **                  the given NDEF message
1164 **
1165 ** Returns          OK, or error if the new ID field did not fit
1166 **                  *p_cur_size is updated
1167 **
1168 *******************************************************************************/
NDEF_MsgReplaceId(uint8_t * p_msg,uint32_t max_size,uint32_t * p_cur_size,uint8_t * p_rec,uint8_t * p_new_id,uint8_t new_id_len)1169 tNDEF_STATUS NDEF_MsgReplaceId(uint8_t* p_msg, uint32_t max_size,
1170                                uint32_t* p_cur_size, uint8_t* p_rec,
1171                                uint8_t* p_new_id, uint8_t new_id_len) {
1172   uint8_t idlen_delta;
1173   uint8_t *p_prev_id, *p_idlen_field;
1174   uint8_t prev_id_len, type_len;
1175   uint8_t* pp;
1176 
1177   /* Skip header */
1178   pp = p_rec + 1;
1179 
1180   /* Next byte is the type field length */
1181   type_len = *pp++;
1182 
1183   /* Skip the payload length */
1184   if (*p_rec & NDEF_SR_MASK)
1185     pp += 1;
1186   else
1187     pp += 4;
1188 
1189   p_idlen_field = pp;
1190 
1191   if (*p_rec & NDEF_IL_MASK)
1192     prev_id_len = *pp++;
1193   else
1194     prev_id_len = 0;
1195 
1196   /* Save pointer to the start of the ID field (right after the type field) */
1197   p_prev_id = pp + type_len;
1198 
1199   if (new_id_len > prev_id_len) {
1200     /* New ID field is larger than the previous */
1201     idlen_delta = new_id_len - prev_id_len;
1202 
1203     /* If the previous ID length was 0, we need to add a 1-byte ID length */
1204     if (prev_id_len == 0) {
1205       if ((*p_cur_size + idlen_delta + 1) > max_size)
1206         return (NDEF_MSG_INSUFFICIENT_MEM);
1207 
1208       shiftdown(p_idlen_field,
1209                 (uint32_t)(*p_cur_size - (p_idlen_field - p_msg)), 1);
1210       p_prev_id += 1;
1211       *p_cur_size += 1;
1212       *p_rec |= NDEF_IL_MASK;
1213     } else if ((*p_cur_size + idlen_delta) > max_size)
1214       return (NDEF_MSG_INSUFFICIENT_MEM);
1215 
1216     /* Point to the end of the previous ID field, and make space for the extra
1217      * data */
1218     pp = p_prev_id + prev_id_len;
1219     shiftdown(pp, (uint32_t)(*p_cur_size - (pp - p_msg)), idlen_delta);
1220 
1221     *p_cur_size += idlen_delta;
1222   } else if (new_id_len < prev_id_len) {
1223     /* New ID field is smaller than the previous */
1224     idlen_delta = prev_id_len - new_id_len;
1225 
1226     /* Point to the end of the previous ID, and shift up to fill the the unused
1227      * space */
1228     pp = p_prev_id + prev_id_len;
1229     shiftup(pp - idlen_delta, pp, (uint32_t)(*p_cur_size - (pp - p_msg)));
1230 
1231     *p_cur_size -= idlen_delta;
1232 
1233     /* If removing the ID, make sure that length field is also removed */
1234     if (new_id_len == 0) {
1235       shiftup(p_idlen_field, p_idlen_field + 1,
1236               (uint32_t)(*p_cur_size - (p_idlen_field - p_msg - (uint32_t)1)));
1237       *p_rec &= ~NDEF_IL_MASK;
1238       *p_cur_size -= 1;
1239     }
1240   }
1241 
1242   /* Save in new ID length and data */
1243   if (new_id_len) {
1244     *p_idlen_field = new_id_len;
1245 
1246     if (p_new_id) memcpy(p_prev_id, p_new_id, new_id_len);
1247   }
1248 
1249   return (NDEF_OK);
1250 }
1251 
1252 /*******************************************************************************
1253 **
1254 ** Function         NDEF_MsgRemoveRec
1255 **
1256 ** Description      This function removes the record at the given
1257 **                  index in the given NDEF message.
1258 **
1259 ** Returns          TRUE if OK, FALSE if the index was invalid
1260 **                  *p_cur_size is updated
1261 **
1262 *******************************************************************************/
NDEF_MsgRemoveRec(uint8_t * p_msg,uint32_t * p_cur_size,int32_t index)1263 tNDEF_STATUS NDEF_MsgRemoveRec(uint8_t* p_msg, uint32_t* p_cur_size,
1264                                int32_t index) {
1265   uint8_t* p_rec = NDEF_MsgGetRecByIndex(p_msg, index);
1266   uint8_t *pNext, *pPrev;
1267 
1268   if (!p_rec) return (NDEF_REC_NOT_FOUND);
1269 
1270   /* If this is the first record in the message... */
1271   if (*p_rec & NDEF_MB_MASK) {
1272     /* Find the second record (if any) and set his 'Message Begin' bit */
1273     pNext = NDEF_MsgGetRecByIndex(p_msg, 1);
1274     if (pNext != nullptr) {
1275       *pNext |= NDEF_MB_MASK;
1276 
1277       *p_cur_size -= (uint32_t)(pNext - p_msg);
1278 
1279       shiftup(p_msg, pNext, *p_cur_size);
1280     } else
1281       *p_cur_size = 0; /* No more records, lenght must be zero */
1282 
1283     return (NDEF_OK);
1284   }
1285 
1286   /* If this is the last record in the message... */
1287   if (*p_rec & NDEF_ME_MASK) {
1288     if (index > 0) {
1289       /* Find the previous record and set his 'Message End' bit */
1290       pPrev = NDEF_MsgGetRecByIndex(p_msg, index - 1);
1291       if (pPrev == nullptr) return false;
1292 
1293       *pPrev |= NDEF_ME_MASK;
1294     }
1295     *p_cur_size = (uint32_t)(p_rec - p_msg);
1296 
1297     return (NDEF_OK);
1298   }
1299 
1300   /* Not the first or the last... get the address of the next record */
1301   pNext = NDEF_MsgGetNextRec(p_rec);
1302   if (pNext == nullptr) return false;
1303 
1304   /* We are removing p_rec, so shift from pNext to the end */
1305   shiftup(p_rec, pNext, (uint32_t)(*p_cur_size - (pNext - p_msg)));
1306 
1307   *p_cur_size -= (uint32_t)(pNext - p_rec);
1308 
1309   return (NDEF_OK);
1310 }
1311 
1312 /*******************************************************************************
1313 **
1314 ** Function         NDEF_MsgCopyAndDechunk
1315 **
1316 ** Description      This function copies and de-chunks an NDEF message.
1317 **                  It is assumed that the destination is at least as large
1318 **                  as the source, since the source may not actually contain
1319 **                  any chunks.
1320 **
1321 ** Returns          The output byte count
1322 **
1323 *******************************************************************************/
NDEF_MsgCopyAndDechunk(uint8_t * p_src,uint32_t src_len,uint8_t * p_dest,uint32_t * p_out_len)1324 tNDEF_STATUS NDEF_MsgCopyAndDechunk(uint8_t* p_src, uint32_t src_len,
1325                                     uint8_t* p_dest, uint32_t* p_out_len) {
1326   uint32_t out_len, max_out_len;
1327   uint8_t* p_rec;
1328   uint8_t* p_prev_rec = p_dest;
1329   uint8_t *p_type, *p_id, *p_pay;
1330   uint8_t type_len, id_len, tnf;
1331   uint32_t pay_len;
1332   tNDEF_STATUS status;
1333 
1334   /* First, validate the source */
1335   status = NDEF_MsgValidate(p_src, src_len, true);
1336   if (status != NDEF_OK) return (status);
1337 
1338   /* The output buffer must be at least as large as the input buffer */
1339   max_out_len = src_len;
1340 
1341   /* Initialize output */
1342   NDEF_MsgInit(p_dest, max_out_len, &out_len);
1343 
1344   p_rec = p_src;
1345 
1346   /* Now, copy record by record */
1347   while ((p_rec != nullptr) && (status == NDEF_OK)) {
1348     p_type = NDEF_RecGetType(p_rec, &tnf, &type_len);
1349     p_id = NDEF_RecGetId(p_rec, &id_len);
1350     p_pay = NDEF_RecGetPayload(p_rec, &pay_len);
1351 
1352     /* If this is the continuation of a chunk, append the payload to the
1353      * previous */
1354     if (tnf == NDEF_TNF_UNCHANGED) {
1355       if (p_pay) {
1356         status = NDEF_MsgAppendPayload(p_dest, max_out_len, &out_len,
1357                                        p_prev_rec, p_pay, pay_len);
1358       }
1359     } else {
1360       p_prev_rec = p_dest + out_len;
1361 
1362       status = NDEF_MsgAddRec(p_dest, max_out_len, &out_len, tnf, p_type,
1363                               type_len, p_id, id_len, p_pay, pay_len);
1364     }
1365 
1366     p_rec = NDEF_MsgGetNextRec(p_rec);
1367   }
1368 
1369   *p_out_len = out_len;
1370 
1371   return (status);
1372 }
1373