1 /******************************************************************************
2 *
3 * Copyright (C) 2011-2014 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 /******************************************************************************
20 *
21 * This file contains the implementation for ISO 15693 in Reader/Writer
22 * mode.
23 *
24 ******************************************************************************/
25 #include <android-base/logging.h>
26 #include <android-base/stringprintf.h>
27 #include <com_android_nfc_nci_flags.h>
28 #include <log/log.h>
29 #include <string.h>
30
31 #include "bt_types.h"
32 #include "nfc_api.h"
33 #include "nfc_int.h"
34 #include "nfc_target.h"
35 #include "rw_api.h"
36 #include "rw_int.h"
37
38 using android::base::StringPrintf;
39 using com::android::nfc::nci::flags::t5t_no_getsysinfo;
40
41 extern unsigned char appl_dta_mode_flag;
42
43 /* Response timeout */
44 #define RW_I93_TOUT_RESP 1000
45 /* stay quiet timeout */
46 #define RW_I93_TOUT_STAY_QUIET 200
47 /* max reading data if read multi block is supported */
48 #define RW_I93_READ_MULTI_BLOCK_SIZE 128
49 /* CC, zero length NDEF, Terminator TLV */
50 #define RW_I93_FORMAT_DATA_LEN 8
51 /* max getting lock status if get multi block sec is supported */
52 #define RW_I93_GET_MULTI_BLOCK_SEC_SIZE 253
53
54 static std::string rw_i93_get_tag_name(uint8_t product_version);
55
56 static void rw_i93_data_cback(uint8_t conn_id, tNFC_CONN_EVT event,
57 tNFC_CONN* p_data);
58 void rw_i93_handle_error(tNFC_STATUS status);
59 tNFC_STATUS rw_i93_send_cmd_get_sys_info(uint8_t* p_uid, uint8_t extra_flag);
60 tNFC_STATUS rw_i93_send_cmd_get_ext_sys_info(uint8_t* p_uid);
61
62 /*******************************************************************************
63 **
64 ** Function rw_i93_get_product_version
65 **
66 ** Description Get product version from UID
67 **
68 ** Returns void
69 **
70 *******************************************************************************/
rw_i93_get_product_version(uint8_t * p_uid)71 void rw_i93_get_product_version(uint8_t* p_uid) {
72 tRW_I93_CB* p_i93 = &rw_cb.tcb.i93;
73
74 if (!memcmp(p_i93->uid, p_uid, I93_UID_BYTE_LEN)) {
75 return;
76 }
77
78 LOG(VERBOSE) << __func__;
79
80 memcpy(p_i93->uid, p_uid, I93_UID_BYTE_LEN);
81
82 if (p_uid[1] == I93_UID_IC_MFG_CODE_NXP) {
83 if (p_uid[2] == I93_UID_ICODE_SLI)
84 p_i93->product_version = RW_I93_ICODE_SLI;
85 else if (p_uid[2] == I93_UID_ICODE_SLI_S)
86 p_i93->product_version = RW_I93_ICODE_SLI_S;
87 else if (p_uid[2] == I93_UID_ICODE_SLI_L)
88 p_i93->product_version = RW_I93_ICODE_SLI_L;
89 else
90 p_i93->product_version = RW_I93_UNKNOWN_PRODUCT;
91 } else if (p_uid[1] == I93_UID_IC_MFG_CODE_TI) {
92 if ((p_uid[2] & I93_UID_TAG_IT_HF_I_PRODUCT_ID_MASK) ==
93 I93_UID_TAG_IT_HF_I_PLUS_INLAY)
94 p_i93->product_version = RW_I93_TAG_IT_HF_I_PLUS_INLAY;
95 else if ((p_uid[2] & I93_UID_TAG_IT_HF_I_PRODUCT_ID_MASK) ==
96 I93_UID_TAG_IT_HF_I_PLUS_CHIP)
97 p_i93->product_version = RW_I93_TAG_IT_HF_I_PLUS_CHIP;
98 else if ((p_uid[2] & I93_UID_TAG_IT_HF_I_PRODUCT_ID_MASK) ==
99 I93_UID_TAG_IT_HF_I_STD_CHIP_INLAY)
100 p_i93->product_version = RW_I93_TAG_IT_HF_I_STD_CHIP_INLAY;
101 else if ((p_uid[2] & I93_UID_TAG_IT_HF_I_PRODUCT_ID_MASK) ==
102 I93_UID_TAG_IT_HF_I_PRO_CHIP_INLAY)
103 p_i93->product_version = RW_I93_TAG_IT_HF_I_PRO_CHIP_INLAY;
104 else
105 p_i93->product_version = RW_I93_UNKNOWN_PRODUCT;
106 } else if ((p_uid[1] == I93_UID_IC_MFG_CODE_STM) &&
107 (p_i93->info_flags & I93_INFO_FLAG_IC_REF)) {
108 if (p_i93->ic_reference == I93_IC_REF_STM_M24LR04E_R)
109 p_i93->product_version = RW_I93_STM_M24LR04E_R;
110 else if (p_i93->ic_reference == I93_IC_REF_STM_M24LR16E_R)
111 p_i93->product_version = RW_I93_STM_M24LR16E_R;
112 else if (p_i93->ic_reference == I93_IC_REF_STM_M24LR16D_W)
113 p_i93->product_version = RW_I93_STM_M24LR16D_W;
114 else if (p_i93->ic_reference == I93_IC_REF_STM_M24LR64E_R)
115 p_i93->product_version = RW_I93_STM_M24LR64E_R;
116 else if (p_i93->ic_reference == I93_IC_REF_STM_ST25DVHIK)
117 p_i93->product_version = RW_I93_STM_ST25DVHIK;
118 else if (p_i93->ic_reference == I93_IC_REF_STM_ST25DV04K)
119 p_i93->product_version = RW_I93_STM_ST25DV04K;
120 else {
121 switch (p_i93->ic_reference & I93_IC_REF_STM_MASK) {
122 case I93_IC_REF_STM_LRI1K:
123 p_i93->product_version = RW_I93_STM_LRI1K;
124 break;
125 case I93_IC_REF_STM_LRI2K:
126 p_i93->product_version = RW_I93_STM_LRI2K;
127 break;
128 case I93_IC_REF_STM_LRIS2K:
129 p_i93->product_version = RW_I93_STM_LRIS2K;
130 break;
131 case I93_IC_REF_STM_LRIS64K:
132 p_i93->product_version = RW_I93_STM_LRIS64K;
133 break;
134 case I93_IC_REF_STM_M24LR64_R:
135 p_i93->product_version = RW_I93_STM_M24LR64_R;
136 break;
137 default:
138 p_i93->product_version = RW_I93_UNKNOWN_PRODUCT;
139 break;
140 }
141 }
142 } else if ((p_uid[1] == I93_UID_IC_MFG_CODE_ONS) &&
143 (p_i93->info_flags & I93_INFO_FLAG_IC_REF)) {
144 switch (p_i93->ic_reference) {
145 case I93_IC_REF_ONS_N36RW02:
146 p_i93->product_version = RW_I93_ONS_N36RW02;
147 break;
148 case I93_IC_REF_ONS_N24RF04:
149 p_i93->product_version = RW_I93_ONS_N24RF04;
150 break;
151 case I93_IC_REF_ONS_N24RF04E:
152 p_i93->product_version = RW_I93_ONS_N24RF04E;
153 break;
154 case I93_IC_REF_ONS_N24RF16:
155 p_i93->product_version = RW_I93_ONS_N24RF16;
156 break;
157 case I93_IC_REF_ONS_N24RF16E:
158 p_i93->product_version = RW_I93_ONS_N24RF16E;
159 break;
160 case I93_IC_REF_ONS_N24RF64:
161 p_i93->product_version = RW_I93_ONS_N24RF64;
162 break;
163 case I93_IC_REF_ONS_N24RF64E:
164 p_i93->product_version = RW_I93_ONS_N24RF64E;
165 break;
166 default:
167 p_i93->product_version = RW_I93_UNKNOWN_PRODUCT;
168 break;
169 }
170 } else {
171 p_i93->product_version = RW_I93_UNKNOWN_PRODUCT;
172 }
173
174 LOG(VERBOSE) << StringPrintf(
175 "product_version = <%s>",
176 rw_i93_get_tag_name(p_i93->product_version).c_str());
177
178 switch (p_i93->product_version) {
179 case RW_I93_TAG_IT_HF_I_STD_CHIP_INLAY:
180 case RW_I93_TAG_IT_HF_I_PRO_CHIP_INLAY:
181 /* these don't support Get System Information Command */
182 /* these support only Inventory, Stay Quiet, Read Single Block, Write
183 * Single Block, Lock Block */
184 p_i93->block_size = I93_TAG_IT_HF_I_STD_PRO_CHIP_INLAY_BLK_SIZE;
185 p_i93->num_block = I93_TAG_IT_HF_I_STD_PRO_CHIP_INLAY_NUM_USER_BLK;
186 break;
187 default:
188 break;
189 }
190 }
191
192 /*******************************************************************************
193 **
194 ** Function rw_i93_process_ext_sys_info
195 **
196 ** Description Store extended system information of tag
197 **
198 ** Returns FALSE if retrying with protocol extension flag
199 **
200 *******************************************************************************/
rw_i93_process_ext_sys_info(uint8_t * p_data,uint16_t length)201 bool rw_i93_process_ext_sys_info(uint8_t* p_data, uint16_t length) {
202 uint8_t* p = p_data;
203 tRW_I93_CB* p_i93 = &rw_cb.tcb.i93;
204 uint8_t uid[I93_UID_BYTE_LEN], *p_uid;
205
206 LOG(VERBOSE) << __func__;
207
208 if (length < (I93_UID_BYTE_LEN + 1)) {
209 android_errorWriteLog(0x534e4554, "122316913");
210 return false;
211 }
212
213 STREAM_TO_UINT8(p_i93->info_flags, p);
214 length--;
215
216 p_uid = uid;
217 STREAM_TO_ARRAY8(p_uid, p);
218 length -= I93_UID_BYTE_LEN;
219
220 if (p_i93->info_flags & I93_INFO_FLAG_DSFID) {
221 if (length < I93_INFO_DSFID_LEN) {
222 android_errorWriteLog(0x534e4554, "122316913");
223 return false;
224 }
225 STREAM_TO_UINT8(p_i93->dsfid, p);
226 length--;
227 }
228 if (p_i93->info_flags & I93_INFO_FLAG_AFI) {
229 if (length < I93_INFO_AFI_LEN) {
230 android_errorWriteLog(0x534e4554, "122316913");
231 return false;
232 }
233 STREAM_TO_UINT8(p_i93->afi, p);
234 length--;
235 }
236 if (p_i93->info_flags & I93_INFO_FLAG_MEM_SIZE) {
237 if (length < I93_INFO_16BIT_NUM_BLOCK_LEN + I93_INFO_BLOCK_SIZE_LEN) {
238 android_errorWriteLog(0x534e4554, "122316913");
239 return false;
240 }
241 STREAM_TO_UINT16(p_i93->num_block, p);
242 length -= I93_INFO_16BIT_NUM_BLOCK_LEN;
243
244 /* it is one less than actual number of bytes */
245 p_i93->num_block += 1;
246
247 STREAM_TO_UINT8(p_i93->block_size, p);
248 length--;
249 /* it is one less than actual number of blocks */
250 p_i93->block_size = (p_i93->block_size & 0x1F) + 1;
251 }
252 if (p_i93->info_flags & I93_INFO_FLAG_IC_REF) {
253 if (length < I93_INFO_IC_REF_LEN) {
254 android_errorWriteLog(0x534e4554, "122316913");
255 return false;
256 }
257 STREAM_TO_UINT8(p_i93->ic_reference, p);
258 length--;
259
260 /* clear existing UID to set product version */
261 p_i93->uid[0] = 0x00;
262
263 /* store UID and get product version */
264 rw_i93_get_product_version(p_uid);
265
266 if (p_i93->uid[0] == I93_UID_FIRST_BYTE) {
267 if ((p_i93->uid[1] == I93_UID_IC_MFG_CODE_STM) ||
268 (p_i93->uid[1] == I93_UID_IC_MFG_CODE_ONS)) {
269 /* STM & ONS supports more than 2040 bytes */
270 p_i93->intl_flags |= RW_I93_FLAG_EXT_COMMANDS;
271 }
272 }
273 }
274 return true;
275 }
276
277 /*******************************************************************************
278 **
279 ** Function rw_i93_process_sys_info
280 **
281 ** Description Store system information of tag
282 **
283 ** Returns FALSE if retrying with protocol extension flag
284 **
285 *******************************************************************************/
rw_i93_process_sys_info(uint8_t * p_data,uint16_t length)286 bool rw_i93_process_sys_info(uint8_t* p_data, uint16_t length) {
287 uint8_t* p = p_data;
288 tRW_I93_CB* p_i93 = &rw_cb.tcb.i93;
289 uint8_t uid[I93_UID_BYTE_LEN], *p_uid;
290
291 LOG(VERBOSE) << __func__;
292
293 if (length < (I93_UID_BYTE_LEN + 1)) {
294 android_errorWriteLog(0x534e4554, "121259048");
295 return false;
296 }
297 STREAM_TO_UINT8(p_i93->info_flags, p);
298 length--;
299
300 p_uid = uid;
301 STREAM_TO_ARRAY8(p_uid, p);
302 length -= I93_UID_BYTE_LEN;
303
304 if (p_i93->info_flags & I93_INFO_FLAG_DSFID) {
305 if (length == 0) {
306 android_errorWriteLog(0x534e4554, "121259048");
307 return false;
308 }
309 STREAM_TO_UINT8(p_i93->dsfid, p);
310 length--;
311 }
312 if (p_i93->info_flags & I93_INFO_FLAG_AFI) {
313 if (length == 0) {
314 android_errorWriteLog(0x534e4554, "121259048");
315 return false;
316 }
317 STREAM_TO_UINT8(p_i93->afi, p);
318 length--;
319 }
320 if (p_i93->info_flags & I93_INFO_FLAG_MEM_SIZE) {
321 bool block_16_bit = p_i93->intl_flags & RW_I93_FLAG_16BIT_NUM_BLOCK;
322 if (block_16_bit && length > 2) {
323 STREAM_TO_UINT16(p_i93->num_block, p);
324 length -= 2;
325 } else if (!block_16_bit && length > 1) {
326 STREAM_TO_UINT8(p_i93->num_block, p);
327 length--;
328 } else {
329 android_errorWriteLog(0x534e4554, "121259048");
330 return false;
331 }
332 /* it is one less than actual number of bytes */
333 p_i93->num_block += 1;
334
335 STREAM_TO_UINT8(p_i93->block_size, p);
336 length--;
337 /* it is one less than actual number of blocks */
338 p_i93->block_size = (p_i93->block_size & 0x1F) + 1;
339 }
340 if (p_i93->info_flags & I93_INFO_FLAG_IC_REF) {
341 if (length == 0) {
342 android_errorWriteLog(0x534e4554, "121259048");
343 return false;
344 }
345 STREAM_TO_UINT8(p_i93->ic_reference, p);
346
347 /* clear existing UID to set product version */
348 p_i93->uid[0] = 0x00;
349
350 /* store UID and get product version */
351 rw_i93_get_product_version(p_uid);
352
353 if (p_i93->uid[0] == I93_UID_FIRST_BYTE) {
354 if ((p_i93->uid[1] == I93_UID_IC_MFG_CODE_NXP) &&
355 (p_i93->ic_reference == I93_IC_REF_ICODE_SLI_L)) {
356 p_i93->num_block = 8;
357 p_i93->block_size = 4;
358 } else if (p_i93->uid[1] == I93_UID_IC_MFG_CODE_STM) {
359 /*
360 ** LRI1K: 010000xx(b), blockSize: 4, numberBlocks: 0x20
361 ** LRI2K: 001000xx(b), blockSize: 4, numberBlocks: 0x40
362 ** LRIS2K: 001010xx(b), blockSize: 4, numberBlocks: 0x40
363 ** LRIS64K: 010001xx(b), blockSize: 4, numberBlocks: 0x800
364 ** M24LR64-R: 001011xx(b), blockSize: 4, numberBlocks: 0x800
365 ** M24LR04E-R: 01011010(b), blockSize: 4, numberBlocks: 0x80
366 ** M24LR16E-R: 01001110(b), blockSize: 4, numberBlocks: 0x200
367 ** M24LR16D-W: 01001101(b), blockSize: 4, numberBlocks: 0x200
368 ** M24LR64E-R: 01011110(b), blockSize: 4, numberBlocks: 0x800
369 */
370 if ((p_i93->product_version == RW_I93_STM_M24LR16E_R) ||
371 (p_i93->product_version == RW_I93_STM_M24LR16D_W) ||
372 (p_i93->product_version == RW_I93_STM_M24LR64E_R)) {
373 /*
374 ** M24LR16E-R or M24LR16D-W or M24LR64E-R returns system information
375 ** without memory size, if option flag is not set.
376 ** LRIS64K and M24LR64-R return error if option flag is not
377 ** set.
378 */
379 if (!(p_i93->intl_flags & RW_I93_FLAG_16BIT_NUM_BLOCK)) {
380 /* get memory size with protocol extension flag */
381 if (rw_i93_send_cmd_get_sys_info(nullptr, I93_FLAG_PROT_EXT_YES) ==
382 NFC_STATUS_OK) {
383 /* STM supports more than 2040 bytes */
384 p_i93->intl_flags |= RW_I93_FLAG_16BIT_NUM_BLOCK;
385
386 return false;
387 }
388 }
389 } else if ((p_i93->product_version == RW_I93_STM_LRI2K) &&
390 (p_i93->ic_reference == 0x21)) {
391 /* workaround of byte order in memory size information */
392 p_i93->num_block = 64;
393 p_i93->block_size = 4;
394 } else if (!(p_i93->info_flags & I93_INFO_FLAG_MEM_SIZE)) {
395 if (!(p_i93->intl_flags & RW_I93_FLAG_EXT_COMMANDS)) {
396 if (rw_i93_send_cmd_get_ext_sys_info(nullptr) == NFC_STATUS_OK) {
397 /* STM supports more than 2040 bytes */
398 p_i93->intl_flags |= RW_I93_FLAG_EXT_COMMANDS;
399
400 return false;
401 }
402 }
403 }
404 } else if (p_i93->uid[1] == I93_UID_IC_MFG_CODE_ONS) {
405 /*
406 ** N36RW02: 00011010(b), blockSize: 4, numberBlocks: 0x40
407 ** N24RF04: 00101110(b), blockSize: 4, numberBlocks: 0x80
408 ** N24RF04E: 00101010(b), blockSize: 4, numberBlocks: 0x80
409 ** N24RF16: 01001010(b), blockSize: 4, numberBlocks: 0x200
410 ** N24RF16E: 01001110(b), blockSize: 4, numberBlocks: 0x200
411 ** N24RF64: 01101010(b), blockSize: 4, numberBlocks: 0x800
412 ** N24RF64E: 01101110(b), blockSize: 4, numberBlocks: 0x800
413 */
414 p_i93->block_size = 4;
415 switch (p_i93->product_version) {
416 case RW_I93_ONS_N36RW02:
417 p_i93->num_block = 0x40;
418 break;
419 case RW_I93_ONS_N24RF04:
420 case RW_I93_ONS_N24RF04E:
421 p_i93->num_block = 0x80;
422 break;
423 case RW_I93_ONS_N24RF16:
424 case RW_I93_ONS_N24RF16E:
425 p_i93->num_block = 0x200;
426 p_i93->intl_flags |= RW_I93_FLAG_16BIT_NUM_BLOCK;
427 break;
428 case RW_I93_ONS_N24RF64:
429 case RW_I93_ONS_N24RF64E:
430 p_i93->num_block = 0x800;
431 p_i93->intl_flags |= RW_I93_FLAG_16BIT_NUM_BLOCK;
432 break;
433 default:
434 return false;
435 }
436 }
437 }
438 }
439
440 return true;
441 }
442
443 /*******************************************************************************
444 **
445 ** Function rw_i93_check_sys_info_prot_ext
446 **
447 ** Description Check if need to set protocol extension flag to get system
448 ** info
449 **
450 ** Returns TRUE if sent Get System Info with protocol extension flag
451 **
452 *******************************************************************************/
rw_i93_check_sys_info_prot_ext(uint8_t error_code)453 bool rw_i93_check_sys_info_prot_ext(uint8_t error_code) {
454 tRW_I93_CB* p_i93 = &rw_cb.tcb.i93;
455
456 LOG(VERBOSE) << __func__;
457
458 if (((p_i93->uid[1] == I93_UID_IC_MFG_CODE_STM) ||
459 (p_i93->uid[1] == I93_UID_IC_MFG_CODE_ONS)) &&
460 (p_i93->sent_cmd == I93_CMD_GET_SYS_INFO) &&
461 (error_code == I93_ERROR_CODE_OPTION_NOT_SUPPORTED) &&
462 (rw_i93_send_cmd_get_sys_info(nullptr, I93_FLAG_PROT_EXT_YES) ==
463 NFC_STATUS_OK)) {
464 return true;
465 } else {
466 return false;
467 }
468 }
469
470 /*******************************************************************************
471 **
472 ** Function rw_i93_send_to_upper
473 **
474 ** Description Send response to upper layer
475 **
476 ** Returns void
477 **
478 *******************************************************************************/
rw_i93_send_to_upper(NFC_HDR * p_resp)479 void rw_i93_send_to_upper(NFC_HDR* p_resp) {
480 uint8_t *p = (uint8_t*)(p_resp + 1) + p_resp->offset, *p_uid;
481 uint16_t length = p_resp->len;
482 tRW_I93_CB* p_i93 = &rw_cb.tcb.i93;
483 tRW_DATA rw_data;
484 uint8_t event = RW_I93_MAX_EVT;
485 uint8_t flags;
486 NFC_HDR* p_buff;
487
488 LOG(VERBOSE) << __func__;
489
490 if (length == 0) {
491 android_errorWriteLog(0x534e4554, "121035878");
492 rw_data.i93_cmd_cmpl.status = NFC_STATUS_FAILED;
493 rw_data.i93_cmd_cmpl.command = p_i93->sent_cmd;
494 rw_cb.tcb.i93.sent_cmd = 0;
495 (*(rw_cb.p_cback))(RW_I93_CMD_CMPL_EVT, &rw_data);
496 return;
497 }
498
499 STREAM_TO_UINT8(flags, p);
500 length--;
501
502 if (flags & I93_FLAG_ERROR_DETECTED) {
503 if ((length) && (rw_i93_check_sys_info_prot_ext(*p))) {
504 /* getting system info with protocol extension flag */
505 /* This STM & ONS tag supports more than 2040 bytes */
506 p_i93->intl_flags |= RW_I93_FLAG_16BIT_NUM_BLOCK;
507 p_i93->state = RW_I93_STATE_BUSY;
508 } else if (length) {
509 /* notify error to upper layer */
510 rw_data.i93_cmd_cmpl.status = NFC_STATUS_FAILED;
511 rw_data.i93_cmd_cmpl.command = p_i93->sent_cmd;
512 STREAM_TO_UINT8(rw_data.i93_cmd_cmpl.error_code, p);
513
514 rw_cb.tcb.i93.sent_cmd = 0;
515 (*(rw_cb.p_cback))(RW_I93_CMD_CMPL_EVT, &rw_data);
516 }
517 return;
518 }
519
520 switch (p_i93->sent_cmd) {
521 case I93_CMD_INVENTORY:
522 if (length < I93_INFO_DSFID_LEN + I93_UID_BYTE_LEN) return;
523
524 /* forward inventory response */
525 rw_data.i93_inventory.status = NFC_STATUS_OK;
526 STREAM_TO_UINT8(rw_data.i93_inventory.dsfid, p);
527
528 p_uid = rw_data.i93_inventory.uid;
529 STREAM_TO_ARRAY8(p_uid, p);
530
531 /* store UID and get product version */
532 rw_i93_get_product_version(p_uid);
533
534 event = RW_I93_INVENTORY_EVT;
535 break;
536
537 case I93_CMD_READ_SINGLE_BLOCK:
538 case I93_CMD_EXT_READ_SINGLE_BLOCK:
539 case I93_CMD_READ_MULTI_BLOCK:
540 case I93_CMD_EXT_READ_MULTI_BLOCK:
541 case I93_CMD_GET_MULTI_BLK_SEC:
542 case I93_CMD_EXT_GET_MULTI_BLK_SEC:
543
544 if (UINT16_MAX - length < NFC_HDR_SIZE) {
545 rw_data.i93_cmd_cmpl.status = NFC_STATUS_FAILED;
546 rw_data.i93_cmd_cmpl.command = p_i93->sent_cmd;
547 rw_cb.tcb.i93.sent_cmd = 0;
548
549 event = RW_I93_CMD_CMPL_EVT;
550 break;
551 }
552
553 /* forward tag data or security status */
554 p_buff = (NFC_HDR*)GKI_getbuf((uint16_t)(length + NFC_HDR_SIZE));
555
556 if (p_buff) {
557 p_buff->offset = 0;
558 p_buff->len = length;
559
560 memcpy((p_buff + 1), p, length);
561
562 rw_data.i93_data.status = NFC_STATUS_OK;
563 rw_data.i93_data.command = p_i93->sent_cmd;
564 rw_data.i93_data.p_data = p_buff;
565
566 event = RW_I93_DATA_EVT;
567 } else {
568 rw_data.i93_cmd_cmpl.status = NFC_STATUS_NO_BUFFERS;
569 rw_data.i93_cmd_cmpl.command = p_i93->sent_cmd;
570 rw_data.i93_cmd_cmpl.error_code = 0;
571
572 event = RW_I93_CMD_CMPL_EVT;
573 }
574 break;
575
576 case I93_CMD_WRITE_SINGLE_BLOCK:
577 case I93_CMD_EXT_WRITE_SINGLE_BLOCK:
578 case I93_CMD_LOCK_BLOCK:
579 case I93_CMD_EXT_LOCK_BLOCK:
580 case I93_CMD_WRITE_MULTI_BLOCK:
581 case I93_CMD_EXT_WRITE_MULTI_BLOCK:
582 case I93_CMD_SELECT:
583 case I93_CMD_RESET_TO_READY:
584 case I93_CMD_WRITE_AFI:
585 case I93_CMD_LOCK_AFI:
586 case I93_CMD_WRITE_DSFID:
587 case I93_CMD_LOCK_DSFID:
588
589 /* notify the complete of command */
590 rw_data.i93_cmd_cmpl.status = NFC_STATUS_OK;
591 rw_data.i93_cmd_cmpl.command = p_i93->sent_cmd;
592 rw_data.i93_cmd_cmpl.error_code = 0;
593
594 event = RW_I93_CMD_CMPL_EVT;
595 break;
596
597 case I93_CMD_GET_SYS_INFO:
598
599 if (rw_i93_process_sys_info(p, length)) {
600 rw_data.i93_sys_info.status = NFC_STATUS_OK;
601 rw_data.i93_sys_info.info_flags = p_i93->info_flags;
602 rw_data.i93_sys_info.dsfid = p_i93->dsfid;
603 rw_data.i93_sys_info.afi = p_i93->afi;
604 rw_data.i93_sys_info.num_block = p_i93->num_block;
605 rw_data.i93_sys_info.block_size = p_i93->block_size;
606 rw_data.i93_sys_info.IC_reference = p_i93->ic_reference;
607
608 memcpy(rw_data.i93_sys_info.uid, p_i93->uid, I93_UID_BYTE_LEN);
609
610 p_i93->i93_t5t_mode = RW_I93_GET_SYS_INFO_MEM_INFO;
611 event = RW_I93_SYS_INFO_EVT;
612 } else {
613 /* retrying with protocol extension flag */
614 p_i93->state = RW_I93_STATE_BUSY;
615 return;
616 }
617 break;
618
619 case I93_CMD_EXT_GET_SYS_INFO:
620
621 if (rw_i93_process_ext_sys_info(p, length)) {
622 rw_data.i93_sys_info.status = NFC_STATUS_OK;
623 rw_data.i93_sys_info.info_flags = p_i93->info_flags;
624 rw_data.i93_sys_info.dsfid = p_i93->dsfid;
625 rw_data.i93_sys_info.afi = p_i93->afi;
626 rw_data.i93_sys_info.num_block = p_i93->num_block;
627 rw_data.i93_sys_info.block_size = p_i93->block_size;
628 rw_data.i93_sys_info.IC_reference = p_i93->ic_reference;
629
630 memcpy(rw_data.i93_sys_info.uid, p_i93->uid, I93_UID_BYTE_LEN);
631
632 p_i93->i93_t5t_mode = RW_I93_GET_SYS_INFO_MEM_INFO;
633 event = RW_I93_SYS_INFO_EVT;
634 } else {
635 /* retrying with protocol extension flag or with extended sys info
636 * command */
637 p_i93->state = RW_I93_STATE_BUSY;
638 return;
639 }
640 break;
641
642 default:
643 break;
644 }
645
646 rw_cb.tcb.i93.sent_cmd = 0;
647 if (event != RW_I93_MAX_EVT) {
648 (*(rw_cb.p_cback))(event, &rw_data);
649 } else {
650 LOG(ERROR) << StringPrintf("Invalid response");
651 }
652 }
653
654 /*******************************************************************************
655 **
656 ** Function rw_i93_send_to_lower
657 **
658 ** Description Send Request frame to lower layer
659 **
660 ** Returns TRUE if success
661 **
662 *******************************************************************************/
rw_i93_send_to_lower(NFC_HDR * p_msg)663 bool rw_i93_send_to_lower(NFC_HDR* p_msg) {
664 /* store command for retransmitting */
665 if (rw_cb.tcb.i93.p_retry_cmd) {
666 GKI_freebuf(rw_cb.tcb.i93.p_retry_cmd);
667 rw_cb.tcb.i93.p_retry_cmd = nullptr;
668 }
669
670 uint16_t msg_size = sizeof(NFC_HDR) + p_msg->offset + p_msg->len;
671
672 rw_cb.tcb.i93.p_retry_cmd = (NFC_HDR*)GKI_getpoolbuf(NFC_RW_POOL_ID);
673
674 if (rw_cb.tcb.i93.p_retry_cmd &&
675 GKI_get_pool_bufsize(NFC_RW_POOL_ID) >= msg_size) {
676 memcpy(rw_cb.tcb.i93.p_retry_cmd, p_msg, msg_size);
677 } else {
678 LOG(ERROR) << StringPrintf("Memory allocation error");
679 android_errorWriteLog(0x534e4554, "157650357");
680 return false;
681 }
682
683 if (NFC_SendData(NFC_RF_CONN_ID, p_msg) != NFC_STATUS_OK) {
684 LOG(ERROR) << StringPrintf("failed");
685 return false;
686 }
687
688 int timeout = (RW_I93_TOUT_RESP * QUICK_TIMER_TICKS_PER_SEC) / 1000;
689 if (rw_cb.tcb.i93.in_pres_check)
690 timeout = (200 * QUICK_TIMER_TICKS_PER_SEC) / 1000;
691 nfc_start_quick_timer(&rw_cb.tcb.i93.timer, NFC_TTYPE_RW_I93_RESPONSE,
692 timeout);
693
694 return true;
695 }
696
697 /*******************************************************************************
698 **
699 ** Function rw_i93_send_cmd_inventory
700 **
701 ** Description Send Inventory Request to VICC
702 **
703 ** Returns tNFC_STATUS
704 **
705 *******************************************************************************/
rw_i93_send_cmd_inventory(uint8_t * p_uid,bool including_afi,uint8_t afi)706 tNFC_STATUS rw_i93_send_cmd_inventory(uint8_t* p_uid, bool including_afi,
707 uint8_t afi) {
708 NFC_HDR* p_cmd;
709 uint8_t *p, flags;
710
711 LOG(VERBOSE) << StringPrintf("including_afi:%d, AFI:0x%02X", including_afi,
712 afi);
713
714 p_cmd = (NFC_HDR*)GKI_getpoolbuf(NFC_RW_POOL_ID);
715
716 if (!p_cmd) {
717 LOG(ERROR) << StringPrintf("Cannot allocate buffer");
718 return NFC_STATUS_NO_BUFFERS;
719 }
720
721 p_cmd->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
722 p_cmd->len = 3;
723 p = (uint8_t*)(p_cmd + 1) + p_cmd->offset;
724
725 /* Flags */
726 flags = (I93_FLAG_SLOT_ONE | I93_FLAG_INVENTORY_SET |
727 RW_I93_FLAG_SUB_CARRIER | RW_I93_FLAG_DATA_RATE);
728 if (including_afi) {
729 flags |= I93_FLAG_AFI_PRESENT;
730 }
731
732 UINT8_TO_STREAM(p, flags);
733
734 /* Command Code */
735 UINT8_TO_STREAM(p, I93_CMD_INVENTORY);
736
737 if (including_afi) {
738 /* Parameters */
739 UINT8_TO_STREAM(p, afi); /* Optional AFI */
740 p_cmd->len++;
741 }
742
743 if (p_uid) {
744 UINT8_TO_STREAM(p, I93_UID_BYTE_LEN * 8); /* Mask Length */
745 ARRAY8_TO_STREAM(p, p_uid); /* UID */
746 p_cmd->len += I93_UID_BYTE_LEN;
747 } else {
748 UINT8_TO_STREAM(p, 0x00); /* Mask Length */
749 }
750
751 if (rw_i93_send_to_lower(p_cmd)) {
752 rw_cb.tcb.i93.sent_cmd = I93_CMD_INVENTORY;
753 return NFC_STATUS_OK;
754 } else {
755 return NFC_STATUS_FAILED;
756 }
757 }
758
759 /*******************************************************************************
760 **
761 ** Function rw_i93_send_cmd_stay_quiet
762 **
763 ** Description Send Stay Quiet Request to VICC
764 **
765 ** Returns tNFC_STATUS
766 **
767 *******************************************************************************/
rw_i93_send_cmd_stay_quiet(uint8_t * p_uid)768 tNFC_STATUS rw_i93_send_cmd_stay_quiet(uint8_t* p_uid) {
769 NFC_HDR* p_cmd;
770 uint8_t* p;
771
772 LOG(VERBOSE) << __func__;
773
774 p_cmd = (NFC_HDR*)GKI_getpoolbuf(NFC_RW_POOL_ID);
775
776 if (!p_cmd) {
777 LOG(ERROR) << StringPrintf("Cannot allocate buffer");
778 return NFC_STATUS_NO_BUFFERS;
779 }
780
781 p_cmd->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
782 p_cmd->len = 10;
783 p = (uint8_t*)(p_cmd + 1) + p_cmd->offset;
784
785 /* Flags */
786 UINT8_TO_STREAM(p, (I93_FLAG_ADDRESS_SET | RW_I93_FLAG_SUB_CARRIER |
787 RW_I93_FLAG_DATA_RATE));
788
789 /* Command Code */
790 UINT8_TO_STREAM(p, I93_CMD_STAY_QUIET);
791
792 /* Parameters */
793 /* Beware the UID is provided with the same order as the transmission
794 one (LSB first) */
795 ARRAY_TO_STREAM(p, p_uid, I93_UID_BYTE_LEN); /* UID */
796
797 if (rw_i93_send_to_lower(p_cmd)) {
798 rw_cb.tcb.i93.sent_cmd = I93_CMD_STAY_QUIET;
799
800 /* restart timer for stay quiet */
801 nfc_start_quick_timer(
802 &rw_cb.tcb.i93.timer, NFC_TTYPE_RW_I93_RESPONSE,
803 (RW_I93_TOUT_STAY_QUIET * QUICK_TIMER_TICKS_PER_SEC) / 1000);
804 return NFC_STATUS_OK;
805 } else {
806 return NFC_STATUS_FAILED;
807 }
808 }
809
810 /*******************************************************************************
811 **
812 ** Function rw_i93_send_cmd_read_single_block
813 **
814 ** Description Send Read Single Block Request to VICC
815 **
816 ** Returns tNFC_STATUS
817 **
818 *******************************************************************************/
rw_i93_send_cmd_read_single_block(uint32_t block_number,bool read_security)819 tNFC_STATUS rw_i93_send_cmd_read_single_block(uint32_t block_number,
820 bool read_security) {
821 NFC_HDR* p_cmd;
822 uint8_t *p, flags;
823 tRW_I93_CB* p_i93 = &rw_cb.tcb.i93;
824
825 LOG(VERBOSE) << __func__;
826
827 p_cmd = (NFC_HDR*)GKI_getpoolbuf(NFC_RW_POOL_ID);
828
829 if (!p_cmd) {
830 LOG(ERROR) << StringPrintf("Cannot allocate buffer");
831 return NFC_STATUS_NO_BUFFERS;
832 }
833
834 p_cmd->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
835 if (p_i93->addr_mode == RW_I93_MODE_ADDRESSED)
836 p_cmd->len = 11;
837 else
838 p_cmd->len = 3;
839 p = (uint8_t*)(p_cmd + 1) + p_cmd->offset;
840
841 /* Flags */
842 if (p_i93->addr_mode == RW_I93_MODE_ADDRESSED) {
843 flags = (I93_FLAG_ADDRESS_SET | RW_I93_FLAG_SUB_CARRIER |
844 RW_I93_FLAG_DATA_RATE);
845 } else {
846 flags = (RW_I93_FLAG_SUB_CARRIER | RW_I93_FLAG_DATA_RATE);
847
848 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_SELECTED_STATE)
849 flags |= I93_FLAG_SELECT_SET;
850 }
851 if (read_security) flags |= I93_FLAG_OPTION_SET;
852
853 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_16BIT_NUM_BLOCK)
854 flags |= I93_FLAG_PROT_EXT_YES;
855
856 UINT8_TO_STREAM(p, flags);
857
858 /* Command Code */
859 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_EXT_COMMANDS) {
860 UINT8_TO_STREAM(p, I93_CMD_EXT_READ_SINGLE_BLOCK);
861 } else {
862 UINT8_TO_STREAM(p, I93_CMD_READ_SINGLE_BLOCK);
863 }
864
865 /* Parameters */
866 if (flags & I93_FLAG_ADDRESS_SET)
867 ARRAY8_TO_STREAM(p, rw_cb.tcb.i93.uid); /* UID */
868
869 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_16BIT_NUM_BLOCK ||
870 rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_EXT_COMMANDS) {
871 UINT16_TO_STREAM(p, block_number); /* Block number */
872 p_cmd->len++;
873 } else {
874 UINT8_TO_STREAM(p, block_number); /* Block number */
875 }
876
877 if (rw_i93_send_to_lower(p_cmd)) {
878 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_EXT_COMMANDS)
879 rw_cb.tcb.i93.sent_cmd = I93_CMD_EXT_READ_SINGLE_BLOCK;
880 else
881 rw_cb.tcb.i93.sent_cmd = I93_CMD_READ_SINGLE_BLOCK;
882 return NFC_STATUS_OK;
883 } else {
884 return NFC_STATUS_FAILED;
885 }
886 }
887
888 /*******************************************************************************
889 **
890 ** Function rw_i93_send_cmd_write_single_block
891 **
892 ** Description Send Write Single Block Request to VICC
893 **
894 ** Returns tNFC_STATUS
895 **
896 *******************************************************************************/
rw_i93_send_cmd_write_single_block(uint32_t block_number,uint8_t * p_data)897 tNFC_STATUS rw_i93_send_cmd_write_single_block(uint32_t block_number,
898 uint8_t* p_data) {
899 NFC_HDR* p_cmd;
900 uint8_t *p, flags;
901 tRW_I93_CB* p_i93 = &rw_cb.tcb.i93;
902
903 LOG(VERBOSE) << __func__;
904
905 p_cmd = (NFC_HDR*)GKI_getpoolbuf(NFC_RW_POOL_ID);
906
907 if (!p_cmd) {
908 LOG(ERROR) << StringPrintf("Cannot allocate buffer");
909 return NFC_STATUS_NO_BUFFERS;
910 }
911
912 p_cmd->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
913 if (p_i93->addr_mode == RW_I93_MODE_ADDRESSED)
914 p_cmd->len = 11 + rw_cb.tcb.i93.block_size;
915 else
916 p_cmd->len = 3 + rw_cb.tcb.i93.block_size;
917 p = (uint8_t*)(p_cmd + 1) + p_cmd->offset;
918
919 /* Flags */
920 if ((rw_cb.tcb.i93.product_version == RW_I93_TAG_IT_HF_I_PLUS_INLAY) ||
921 (rw_cb.tcb.i93.product_version == RW_I93_TAG_IT_HF_I_PLUS_CHIP) ||
922 (rw_cb.tcb.i93.product_version == RW_I93_TAG_IT_HF_I_STD_CHIP_INLAY) ||
923 (rw_cb.tcb.i93.product_version == RW_I93_TAG_IT_HF_I_PRO_CHIP_INLAY)) {
924 /* Option must be set for TI tag */
925 flags = (I93_FLAG_ADDRESS_SET | I93_FLAG_OPTION_SET |
926 RW_I93_FLAG_SUB_CARRIER | RW_I93_FLAG_DATA_RATE);
927 } else {
928 if (p_i93->addr_mode == RW_I93_MODE_ADDRESSED) {
929 flags = (I93_FLAG_ADDRESS_SET | RW_I93_FLAG_SUB_CARRIER |
930 RW_I93_FLAG_DATA_RATE);
931 } else {
932 flags = (RW_I93_FLAG_SUB_CARRIER | RW_I93_FLAG_DATA_RATE);
933 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_SELECTED_STATE)
934 flags |= I93_FLAG_SELECT_SET;
935 }
936
937 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_SPECIAL_FRAME) {
938 /* Option Flag bit must be set */
939 flags |= I93_FLAG_OPTION_SET;
940 }
941 }
942
943 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_16BIT_NUM_BLOCK)
944 flags |= I93_FLAG_PROT_EXT_YES;
945
946 UINT8_TO_STREAM(p, flags);
947
948 /* Command Code */
949 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_EXT_COMMANDS) {
950 UINT8_TO_STREAM(p, I93_CMD_EXT_WRITE_SINGLE_BLOCK);
951 } else {
952 UINT8_TO_STREAM(p, I93_CMD_WRITE_SINGLE_BLOCK);
953 }
954
955 /* Parameters */
956 if (flags & I93_FLAG_ADDRESS_SET)
957 ARRAY8_TO_STREAM(p, rw_cb.tcb.i93.uid); /* UID */
958
959 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_16BIT_NUM_BLOCK ||
960 rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_EXT_COMMANDS) {
961 UINT16_TO_STREAM(p, block_number); /* Block number */
962 p_cmd->len++;
963 } else {
964 UINT8_TO_STREAM(p, block_number); /* Block number */
965 }
966
967 /* Data */
968 ARRAY_TO_STREAM(p, p_data, rw_cb.tcb.i93.block_size);
969
970 if (rw_i93_send_to_lower(p_cmd)) {
971 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_EXT_COMMANDS)
972 rw_cb.tcb.i93.sent_cmd = I93_CMD_EXT_WRITE_SINGLE_BLOCK;
973 else
974 rw_cb.tcb.i93.sent_cmd = I93_CMD_WRITE_SINGLE_BLOCK;
975 return NFC_STATUS_OK;
976 } else {
977 return NFC_STATUS_FAILED;
978 }
979 }
980
981 /*******************************************************************************
982 **
983 ** Function rw_i93_send_cmd_lock_block
984 **
985 ** Description Send Lock Block Request to VICC
986 **
987 ** STM LRIS64K, M24LR64-R, M24LR04E-R, M24LR16E-R, M24LR64E-R,
988 ** M24LR16D-W do not support.
989 **
990 ** Returns tNFC_STATUS
991 **
992 *******************************************************************************/
rw_i93_send_cmd_lock_block(uint32_t block_number)993 tNFC_STATUS rw_i93_send_cmd_lock_block(uint32_t block_number) {
994 NFC_HDR* p_cmd;
995 uint8_t* p;
996 tRW_I93_CB* p_i93 = &rw_cb.tcb.i93;
997 uint8_t flags;
998
999 LOG(VERBOSE) << __func__;
1000
1001 p_cmd = (NFC_HDR*)GKI_getpoolbuf(NFC_RW_POOL_ID);
1002
1003 if (!p_cmd) {
1004 LOG(ERROR) << StringPrintf("Cannot allocate buffer");
1005 return NFC_STATUS_NO_BUFFERS;
1006 }
1007
1008 p_cmd->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
1009 if (p_i93->addr_mode == RW_I93_MODE_ADDRESSED)
1010 p_cmd->len = 11;
1011 else
1012 p_cmd->len = 3;
1013 p = (uint8_t*)(p_cmd + 1) + p_cmd->offset;
1014
1015 /* Flags */
1016 if ((rw_cb.tcb.i93.product_version == RW_I93_TAG_IT_HF_I_PLUS_INLAY) ||
1017 (rw_cb.tcb.i93.product_version == RW_I93_TAG_IT_HF_I_PLUS_CHIP) ||
1018 (rw_cb.tcb.i93.product_version == RW_I93_TAG_IT_HF_I_STD_CHIP_INLAY) ||
1019 (rw_cb.tcb.i93.product_version == RW_I93_TAG_IT_HF_I_PRO_CHIP_INLAY)) {
1020 /* Option must be set for TI tag */
1021 UINT8_TO_STREAM(p, (I93_FLAG_ADDRESS_SET | I93_FLAG_OPTION_SET |
1022 RW_I93_FLAG_SUB_CARRIER | RW_I93_FLAG_DATA_RATE));
1023 } else {
1024 if (p_i93->addr_mode == RW_I93_MODE_ADDRESSED) {
1025 /* Address Mode Selector must be set */
1026 flags = I93_FLAG_ADDRESS_SET | RW_I93_FLAG_SUB_CARRIER |
1027 RW_I93_FLAG_DATA_RATE;
1028 } else {
1029 flags = RW_I93_FLAG_SUB_CARRIER | RW_I93_FLAG_DATA_RATE;
1030
1031 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_SELECTED_STATE)
1032 flags |= I93_FLAG_SELECT_SET;
1033 }
1034 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_SPECIAL_FRAME) {
1035 /* Option Flag bit must be set */
1036 flags |= I93_FLAG_OPTION_SET;
1037 }
1038 UINT8_TO_STREAM(p, flags);
1039 }
1040
1041 /* Command Code */
1042 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_EXT_COMMANDS) {
1043 UINT8_TO_STREAM(p, I93_CMD_EXT_LOCK_BLOCK);
1044 } else {
1045 UINT8_TO_STREAM(p, I93_CMD_LOCK_BLOCK);
1046 }
1047
1048 /* Parameters */
1049 if (p_i93->addr_mode == RW_I93_MODE_ADDRESSED)
1050 ARRAY8_TO_STREAM(p, rw_cb.tcb.i93.uid); /* UID */
1051
1052 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_EXT_COMMANDS) {
1053 UINT16_TO_STREAM(p, block_number); /* Block number */
1054 p_cmd->len++;
1055 } else {
1056 UINT8_TO_STREAM(p, block_number); /* Block number */
1057 }
1058
1059 if (rw_i93_send_to_lower(p_cmd)) {
1060 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_EXT_COMMANDS)
1061 rw_cb.tcb.i93.sent_cmd = I93_CMD_EXT_LOCK_BLOCK;
1062 else
1063 rw_cb.tcb.i93.sent_cmd = I93_CMD_LOCK_BLOCK;
1064 return NFC_STATUS_OK;
1065 } else {
1066 return NFC_STATUS_FAILED;
1067 }
1068 }
1069
1070 /*******************************************************************************
1071 **
1072 ** Function rw_i93_send_cmd_read_multi_blocks
1073 **
1074 ** Description Send Read Multiple Blocks Request to VICC
1075 **
1076 ** Returns tNFC_STATUS
1077 **
1078 *******************************************************************************/
rw_i93_send_cmd_read_multi_blocks(uint32_t first_block_number,uint32_t number_blocks)1079 tNFC_STATUS rw_i93_send_cmd_read_multi_blocks(uint32_t first_block_number,
1080 uint32_t number_blocks) {
1081 NFC_HDR* p_cmd;
1082 uint8_t *p, flags;
1083 tRW_I93_CB* p_i93 = &rw_cb.tcb.i93;
1084
1085 LOG(VERBOSE) << __func__;
1086
1087 p_cmd = (NFC_HDR*)GKI_getpoolbuf(NFC_RW_POOL_ID);
1088
1089 if (!p_cmd) {
1090 LOG(ERROR) << StringPrintf("Cannot allocate buffer");
1091 return NFC_STATUS_NO_BUFFERS;
1092 }
1093
1094 p_cmd->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
1095 if (p_i93->addr_mode == RW_I93_MODE_ADDRESSED)
1096 p_cmd->len = 12;
1097 else
1098 p_cmd->len = 4;
1099 p = (uint8_t*)(p_cmd + 1) + p_cmd->offset;
1100
1101 /* Flags */
1102 if (p_i93->addr_mode == RW_I93_MODE_ADDRESSED) {
1103 flags = (I93_FLAG_ADDRESS_SET | RW_I93_FLAG_SUB_CARRIER |
1104 RW_I93_FLAG_DATA_RATE);
1105 } else {
1106 flags = (RW_I93_FLAG_SUB_CARRIER | RW_I93_FLAG_DATA_RATE);
1107
1108 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_SELECTED_STATE)
1109 flags |= I93_FLAG_SELECT_SET;
1110 }
1111
1112 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_16BIT_NUM_BLOCK) {
1113 flags |= I93_FLAG_PROT_EXT_YES;
1114 }
1115
1116 UINT8_TO_STREAM(p, flags);
1117
1118 /* Command Code */
1119 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_EXT_COMMANDS) {
1120 UINT8_TO_STREAM(p, I93_CMD_EXT_READ_MULTI_BLOCK);
1121 } else {
1122 UINT8_TO_STREAM(p, I93_CMD_READ_MULTI_BLOCK);
1123 }
1124
1125 /* Parameters */
1126 if (flags & I93_FLAG_ADDRESS_SET)
1127 ARRAY8_TO_STREAM(p, rw_cb.tcb.i93.uid); /* UID */
1128
1129 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_16BIT_NUM_BLOCK ||
1130 rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_EXT_COMMANDS) {
1131 UINT16_TO_STREAM(p, first_block_number); /* First block number */
1132 p_cmd->len++;
1133 } else {
1134 UINT8_TO_STREAM(p, first_block_number); /* First block number */
1135 }
1136
1137 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_EXT_COMMANDS) {
1138 UINT16_TO_STREAM(
1139 p, number_blocks - 1); /* Number of blocks, 0x00 to read one block */
1140 p_cmd->len++;
1141 } else {
1142 UINT8_TO_STREAM(
1143 p, number_blocks - 1); /* Number of blocks, 0x00 to read one block */
1144 }
1145
1146 if (rw_i93_send_to_lower(p_cmd)) {
1147 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_EXT_COMMANDS)
1148 rw_cb.tcb.i93.sent_cmd = I93_CMD_EXT_READ_MULTI_BLOCK;
1149 else
1150 rw_cb.tcb.i93.sent_cmd = I93_CMD_READ_MULTI_BLOCK;
1151 return NFC_STATUS_OK;
1152 } else {
1153 return NFC_STATUS_FAILED;
1154 }
1155 }
1156
1157 /*******************************************************************************
1158 **
1159 ** Function rw_i93_send_cmd_write_multi_blocks
1160 **
1161 ** Description Send Write Multiple Blocks Request to VICC
1162 **
1163 ** Returns tNFC_STATUS
1164 **
1165 *******************************************************************************/
rw_i93_send_cmd_write_multi_blocks(uint32_t first_block_number,uint32_t number_blocks,uint8_t * p_data)1166 tNFC_STATUS rw_i93_send_cmd_write_multi_blocks(uint32_t first_block_number,
1167 uint32_t number_blocks,
1168 uint8_t* p_data) {
1169 NFC_HDR* p_cmd;
1170 uint8_t* p;
1171
1172 LOG(VERBOSE) << __func__;
1173
1174 if (number_blocks * rw_cb.tcb.i93.block_size >
1175 GKI_get_pool_bufsize(NFC_RW_POOL_ID) - NCI_MSG_OFFSET_SIZE -
1176 NCI_DATA_HDR_SIZE - 1 -
1177 (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_EXT_COMMANDS ? 2 : 0) - 12) {
1178 android_errorWriteLog(0x534e4554, "157650365");
1179 return NFC_STATUS_FAILED;
1180 }
1181 p_cmd = (NFC_HDR*)GKI_getpoolbuf(NFC_RW_POOL_ID);
1182
1183 if (!p_cmd) {
1184 LOG(ERROR) << StringPrintf("Cannot allocate buffer");
1185 return NFC_STATUS_NO_BUFFERS;
1186 }
1187
1188 p_cmd->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
1189 p_cmd->len = 12 + number_blocks * rw_cb.tcb.i93.block_size;
1190 p = (uint8_t*)(p_cmd + 1) + p_cmd->offset;
1191
1192 /* Flags */
1193 UINT8_TO_STREAM(p, (I93_FLAG_ADDRESS_SET | RW_I93_FLAG_SUB_CARRIER |
1194 RW_I93_FLAG_DATA_RATE));
1195
1196 /* Command Code */
1197 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_EXT_COMMANDS) {
1198 INT8_TO_STREAM(p, I93_CMD_EXT_WRITE_MULTI_BLOCK);
1199 } else {
1200 UINT8_TO_STREAM(p, I93_CMD_WRITE_MULTI_BLOCK);
1201 }
1202
1203 /* Parameters */
1204 ARRAY8_TO_STREAM(p, rw_cb.tcb.i93.uid); /* UID */
1205 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_EXT_COMMANDS) {
1206 UINT16_TO_STREAM(p, first_block_number); /* Block number */
1207 UINT16_TO_STREAM(
1208 p, number_blocks - 1); /* Number of blocks, 0x00 to read one block */
1209 p_cmd->len += 2;
1210 } else {
1211 UINT8_TO_STREAM(p, first_block_number); /* Block number */
1212 UINT8_TO_STREAM(
1213 p, number_blocks - 1); /* Number of blocks, 0x00 to read one block */
1214 }
1215
1216 /* Data */
1217 ARRAY_TO_STREAM(p, p_data, number_blocks * rw_cb.tcb.i93.block_size);
1218
1219 if (rw_i93_send_to_lower(p_cmd)) {
1220 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_EXT_COMMANDS)
1221 rw_cb.tcb.i93.sent_cmd = I93_CMD_EXT_WRITE_MULTI_BLOCK;
1222 else
1223 rw_cb.tcb.i93.sent_cmd = I93_CMD_WRITE_MULTI_BLOCK;
1224 return NFC_STATUS_OK;
1225 } else {
1226 return NFC_STATUS_FAILED;
1227 }
1228 }
1229
1230 /*******************************************************************************
1231 **
1232 ** Function rw_i93_send_cmd_select
1233 **
1234 ** Description Send Select Request to VICC
1235 **
1236 ** Returns tNFC_STATUS
1237 **
1238 *******************************************************************************/
rw_i93_send_cmd_select(uint8_t * p_uid)1239 tNFC_STATUS rw_i93_send_cmd_select(uint8_t* p_uid) {
1240 NFC_HDR* p_cmd;
1241 uint8_t* p;
1242
1243 LOG(VERBOSE) << __func__;
1244
1245 p_cmd = (NFC_HDR*)GKI_getpoolbuf(NFC_RW_POOL_ID);
1246
1247 if (!p_cmd) {
1248 LOG(ERROR) << StringPrintf("Cannot allocate buffer");
1249 return NFC_STATUS_NO_BUFFERS;
1250 }
1251
1252 p_cmd->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
1253 p_cmd->len = 10;
1254 p = (uint8_t*)(p_cmd + 1) + p_cmd->offset;
1255
1256 /* Flags */
1257 UINT8_TO_STREAM(p, (I93_FLAG_ADDRESS_SET | RW_I93_FLAG_SUB_CARRIER |
1258 RW_I93_FLAG_DATA_RATE));
1259
1260 /* Command Code */
1261 UINT8_TO_STREAM(p, I93_CMD_SELECT);
1262
1263 /* Parameters */
1264 /* Beware the UID is provided with the same order as the transmission
1265 one (LSB first) */
1266 ARRAY_TO_STREAM(p, p_uid, I93_UID_BYTE_LEN); /* UID */
1267
1268 if (rw_i93_send_to_lower(p_cmd)) {
1269 rw_cb.tcb.i93.sent_cmd = I93_CMD_SELECT;
1270 return NFC_STATUS_OK;
1271 } else {
1272 return NFC_STATUS_FAILED;
1273 }
1274 }
1275
1276 /*******************************************************************************
1277 **
1278 ** Function rw_i93_send_cmd_reset_to_ready
1279 **
1280 ** Description Send Reset to Ready Request to VICC
1281 **
1282 ** Returns tNFC_STATUS
1283 **
1284 *******************************************************************************/
rw_i93_send_cmd_reset_to_ready(void)1285 tNFC_STATUS rw_i93_send_cmd_reset_to_ready(void) {
1286 NFC_HDR* p_cmd;
1287 uint8_t* p;
1288
1289 LOG(VERBOSE) << __func__;
1290
1291 p_cmd = (NFC_HDR*)GKI_getpoolbuf(NFC_RW_POOL_ID);
1292
1293 if (!p_cmd) {
1294 LOG(ERROR) << StringPrintf("Cannot allocate buffer");
1295 return NFC_STATUS_NO_BUFFERS;
1296 }
1297
1298 p_cmd->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
1299 p_cmd->len = 10;
1300 p = (uint8_t*)(p_cmd + 1) + p_cmd->offset;
1301
1302 /* Flags */
1303 UINT8_TO_STREAM(p, (I93_FLAG_ADDRESS_SET | RW_I93_FLAG_SUB_CARRIER |
1304 RW_I93_FLAG_DATA_RATE));
1305
1306 /* Command Code */
1307 UINT8_TO_STREAM(p, I93_CMD_RESET_TO_READY);
1308
1309 /* Parameters */
1310 ARRAY8_TO_STREAM(p, rw_cb.tcb.i93.uid); /* UID */
1311
1312 if (rw_i93_send_to_lower(p_cmd)) {
1313 rw_cb.tcb.i93.sent_cmd = I93_CMD_RESET_TO_READY;
1314 return NFC_STATUS_OK;
1315 } else {
1316 return NFC_STATUS_FAILED;
1317 }
1318 }
1319
1320 /*******************************************************************************
1321 **
1322 ** Function rw_i93_send_cmd_write_afi
1323 **
1324 ** Description Send Write AFI Request to VICC
1325 **
1326 ** Returns tNFC_STATUS
1327 **
1328 *******************************************************************************/
rw_i93_send_cmd_write_afi(uint8_t afi)1329 tNFC_STATUS rw_i93_send_cmd_write_afi(uint8_t afi) {
1330 NFC_HDR* p_cmd;
1331 uint8_t* p;
1332
1333 LOG(VERBOSE) << __func__;
1334
1335 p_cmd = (NFC_HDR*)GKI_getpoolbuf(NFC_RW_POOL_ID);
1336
1337 if (!p_cmd) {
1338 LOG(ERROR) << StringPrintf("Cannot allocate buffer");
1339 return NFC_STATUS_NO_BUFFERS;
1340 }
1341
1342 p_cmd->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
1343 p_cmd->len = 11;
1344 p = (uint8_t*)(p_cmd + 1) + p_cmd->offset;
1345
1346 /* Flags */
1347 UINT8_TO_STREAM(p, (I93_FLAG_ADDRESS_SET | RW_I93_FLAG_SUB_CARRIER |
1348 RW_I93_FLAG_DATA_RATE));
1349
1350 /* Command Code */
1351 UINT8_TO_STREAM(p, I93_CMD_WRITE_AFI);
1352
1353 /* Parameters */
1354 ARRAY8_TO_STREAM(p, rw_cb.tcb.i93.uid); /* UID */
1355 UINT8_TO_STREAM(p, afi); /* AFI */
1356
1357 if (rw_i93_send_to_lower(p_cmd)) {
1358 rw_cb.tcb.i93.sent_cmd = I93_CMD_WRITE_AFI;
1359 return NFC_STATUS_OK;
1360 } else {
1361 return NFC_STATUS_FAILED;
1362 }
1363 }
1364
1365 /*******************************************************************************
1366 **
1367 ** Function rw_i93_send_cmd_lock_afi
1368 **
1369 ** Description Send Lock AFI Request to VICC
1370 **
1371 ** Returns tNFC_STATUS
1372 **
1373 *******************************************************************************/
rw_i93_send_cmd_lock_afi(void)1374 tNFC_STATUS rw_i93_send_cmd_lock_afi(void) {
1375 NFC_HDR* p_cmd;
1376 uint8_t* p;
1377
1378 LOG(VERBOSE) << __func__;
1379
1380 p_cmd = (NFC_HDR*)GKI_getpoolbuf(NFC_RW_POOL_ID);
1381
1382 if (!p_cmd) {
1383 LOG(ERROR) << StringPrintf("Cannot allocate buffer");
1384 return NFC_STATUS_NO_BUFFERS;
1385 }
1386
1387 p_cmd->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
1388 p_cmd->len = 10;
1389 p = (uint8_t*)(p_cmd + 1) + p_cmd->offset;
1390
1391 /* Flags */
1392 UINT8_TO_STREAM(p, (I93_FLAG_ADDRESS_SET | RW_I93_FLAG_SUB_CARRIER |
1393 RW_I93_FLAG_DATA_RATE));
1394
1395 /* Command Code */
1396 UINT8_TO_STREAM(p, I93_CMD_LOCK_AFI);
1397
1398 /* Parameters */
1399 ARRAY8_TO_STREAM(p, rw_cb.tcb.i93.uid); /* UID */
1400
1401 if (rw_i93_send_to_lower(p_cmd)) {
1402 rw_cb.tcb.i93.sent_cmd = I93_CMD_LOCK_AFI;
1403 return NFC_STATUS_OK;
1404 } else {
1405 return NFC_STATUS_FAILED;
1406 }
1407 }
1408
1409 /*******************************************************************************
1410 **
1411 ** Function rw_i93_send_cmd_write_dsfid
1412 **
1413 ** Description Send Write DSFID Request to VICC
1414 **
1415 ** Returns tNFC_STATUS
1416 **
1417 *******************************************************************************/
rw_i93_send_cmd_write_dsfid(uint8_t dsfid)1418 tNFC_STATUS rw_i93_send_cmd_write_dsfid(uint8_t dsfid) {
1419 NFC_HDR* p_cmd;
1420 uint8_t* p;
1421
1422 LOG(VERBOSE) << __func__;
1423
1424 p_cmd = (NFC_HDR*)GKI_getpoolbuf(NFC_RW_POOL_ID);
1425
1426 if (!p_cmd) {
1427 LOG(ERROR) << StringPrintf("Cannot allocate buffer");
1428 return NFC_STATUS_NO_BUFFERS;
1429 }
1430
1431 p_cmd->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
1432 p_cmd->len = 11;
1433 p = (uint8_t*)(p_cmd + 1) + p_cmd->offset;
1434
1435 /* Flags */
1436 UINT8_TO_STREAM(p, (I93_FLAG_ADDRESS_SET | RW_I93_FLAG_SUB_CARRIER |
1437 RW_I93_FLAG_DATA_RATE));
1438
1439 /* Command Code */
1440 UINT8_TO_STREAM(p, I93_CMD_WRITE_DSFID);
1441
1442 /* Parameters */
1443 ARRAY8_TO_STREAM(p, rw_cb.tcb.i93.uid); /* UID */
1444 UINT8_TO_STREAM(p, dsfid); /* DSFID */
1445
1446 if (rw_i93_send_to_lower(p_cmd)) {
1447 rw_cb.tcb.i93.sent_cmd = I93_CMD_WRITE_DSFID;
1448 return NFC_STATUS_OK;
1449 } else {
1450 return NFC_STATUS_FAILED;
1451 }
1452 }
1453
1454 /*******************************************************************************
1455 **
1456 ** Function rw_i93_send_cmd_lock_dsfid
1457 **
1458 ** Description Send Lock DSFID Request to VICC
1459 **
1460 ** Returns tNFC_STATUS
1461 **
1462 *******************************************************************************/
rw_i93_send_cmd_lock_dsfid(void)1463 tNFC_STATUS rw_i93_send_cmd_lock_dsfid(void) {
1464 NFC_HDR* p_cmd;
1465 uint8_t* p;
1466
1467 LOG(VERBOSE) << __func__;
1468
1469 p_cmd = (NFC_HDR*)GKI_getpoolbuf(NFC_RW_POOL_ID);
1470
1471 if (!p_cmd) {
1472 LOG(ERROR) << StringPrintf("Cannot allocate buffer");
1473 return NFC_STATUS_NO_BUFFERS;
1474 }
1475
1476 p_cmd->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
1477 p_cmd->len = 10;
1478 p = (uint8_t*)(p_cmd + 1) + p_cmd->offset;
1479
1480 /* Flags */
1481 UINT8_TO_STREAM(p, (I93_FLAG_ADDRESS_SET | RW_I93_FLAG_SUB_CARRIER |
1482 RW_I93_FLAG_DATA_RATE));
1483
1484 /* Command Code */
1485 UINT8_TO_STREAM(p, I93_CMD_LOCK_DSFID);
1486
1487 /* Parameters */
1488 ARRAY8_TO_STREAM(p, rw_cb.tcb.i93.uid); /* UID */
1489
1490 if (rw_i93_send_to_lower(p_cmd)) {
1491 rw_cb.tcb.i93.sent_cmd = I93_CMD_LOCK_DSFID;
1492 return NFC_STATUS_OK;
1493 } else {
1494 return NFC_STATUS_FAILED;
1495 }
1496 }
1497
1498 /*******************************************************************************
1499 **
1500 ** Function rw_i93_send_cmd_get_ext_sys_info
1501 **
1502 ** Description Send Get Extended System Information Request to VICC
1503 **
1504 ** Returns tNFC_STATUS
1505 **
1506 *******************************************************************************/
rw_i93_send_cmd_get_ext_sys_info(uint8_t * p_uid)1507 tNFC_STATUS rw_i93_send_cmd_get_ext_sys_info(uint8_t* p_uid) {
1508 NFC_HDR* p_cmd;
1509 uint8_t* p;
1510
1511 LOG(VERBOSE) << __func__;
1512
1513 p_cmd = (NFC_HDR*)GKI_getpoolbuf(NFC_RW_POOL_ID);
1514
1515 if (!p_cmd) {
1516 LOG(VERBOSE) << __func__ << "Cannot allocate buffer";
1517 return NFC_STATUS_NO_BUFFERS;
1518 }
1519
1520 p_cmd->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
1521 p_cmd->len = 11;
1522 p = (uint8_t*)(p_cmd + 1) + p_cmd->offset;
1523
1524 /* Flags */
1525 UINT8_TO_STREAM(p, (I93_FLAG_ADDRESS_SET | RW_I93_FLAG_SUB_CARRIER |
1526 RW_I93_FLAG_DATA_RATE));
1527
1528 /* Command Code */
1529 UINT8_TO_STREAM(p, I93_CMD_EXT_GET_SYS_INFO);
1530
1531 /* Parameters request field */
1532 UINT8_TO_STREAM(p,
1533 (I93_INFO_FLAG_MOI | I93_INFO_FLAG_DSFID | I93_INFO_FLAG_AFI |
1534 I93_INFO_FLAG_MEM_SIZE | I93_INFO_FLAG_IC_REF));
1535
1536 /* Parameters */
1537 if (p_uid) {
1538 ARRAY8_TO_STREAM(p, p_uid); /* UID */
1539 } else {
1540 ARRAY8_TO_STREAM(p, rw_cb.tcb.i93.uid); /* UID */
1541 }
1542
1543 if (rw_i93_send_to_lower(p_cmd)) {
1544 rw_cb.tcb.i93.sent_cmd = I93_CMD_EXT_GET_SYS_INFO;
1545 return NFC_STATUS_OK;
1546 } else {
1547 return NFC_STATUS_FAILED;
1548 }
1549 }
1550
1551 /*******************************************************************************
1552 **
1553 ** Function rw_i93_send_cmd_get_sys_info
1554 **
1555 ** Description Send Get System Information Request to VICC
1556 **
1557 ** Returns tNFC_STATUS
1558 **
1559 *******************************************************************************/
rw_i93_send_cmd_get_sys_info(uint8_t * p_uid,uint8_t extra_flags)1560 tNFC_STATUS rw_i93_send_cmd_get_sys_info(uint8_t* p_uid, uint8_t extra_flags) {
1561 NFC_HDR* p_cmd;
1562 uint8_t* p;
1563
1564 LOG(VERBOSE) << __func__;
1565
1566 p_cmd = (NFC_HDR*)GKI_getpoolbuf(NFC_RW_POOL_ID);
1567
1568 if (!p_cmd) {
1569 LOG(ERROR) << StringPrintf("Cannot allocate buffer");
1570 return NFC_STATUS_NO_BUFFERS;
1571 }
1572
1573 p_cmd->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
1574 p_cmd->len = 10;
1575 p = (uint8_t*)(p_cmd + 1) + p_cmd->offset;
1576
1577 /* Flags */
1578 UINT8_TO_STREAM(p, (I93_FLAG_ADDRESS_SET | RW_I93_FLAG_SUB_CARRIER |
1579 RW_I93_FLAG_DATA_RATE | extra_flags));
1580
1581 /* Command Code */
1582 UINT8_TO_STREAM(p, I93_CMD_GET_SYS_INFO);
1583
1584 /* Parameters */
1585 if (p_uid) {
1586 ARRAY8_TO_STREAM(p, p_uid); /* UID */
1587 } else {
1588 ARRAY8_TO_STREAM(p, rw_cb.tcb.i93.uid); /* UID */
1589 }
1590
1591 if (rw_i93_send_to_lower(p_cmd)) {
1592 rw_cb.tcb.i93.sent_cmd = I93_CMD_GET_SYS_INFO;
1593 return NFC_STATUS_OK;
1594 } else {
1595 return NFC_STATUS_FAILED;
1596 }
1597 }
1598
1599 /*******************************************************************************
1600 **
1601 ** Function rw_i93_send_cmd_get_multi_block_sec
1602 **
1603 ** Description Send Get Multiple Block Security Status Request to VICC
1604 **
1605 ** Returns tNFC_STATUS
1606 **
1607 *******************************************************************************/
rw_i93_send_cmd_get_multi_block_sec(uint32_t first_block_number,uint32_t number_blocks)1608 tNFC_STATUS rw_i93_send_cmd_get_multi_block_sec(uint32_t first_block_number,
1609 uint32_t number_blocks) {
1610 NFC_HDR* p_cmd;
1611 uint8_t *p, flags;
1612
1613 LOG(VERBOSE) << __func__;
1614
1615 p_cmd = (NFC_HDR*)GKI_getpoolbuf(NFC_RW_POOL_ID);
1616
1617 if (!p_cmd) {
1618 LOG(ERROR) << StringPrintf("Cannot allocate buffer");
1619 return NFC_STATUS_NO_BUFFERS;
1620 }
1621
1622 p_cmd->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
1623 p_cmd->len = 12;
1624 p = (uint8_t*)(p_cmd + 1) + p_cmd->offset;
1625
1626 /* Flags */
1627 flags =
1628 (I93_FLAG_ADDRESS_SET | RW_I93_FLAG_SUB_CARRIER | RW_I93_FLAG_DATA_RATE);
1629
1630 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_16BIT_NUM_BLOCK)
1631 flags |= I93_FLAG_PROT_EXT_YES;
1632
1633 UINT8_TO_STREAM(p, flags);
1634
1635 /* Command Code */
1636 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_EXT_COMMANDS) {
1637 UINT8_TO_STREAM(p, I93_CMD_EXT_GET_MULTI_BLK_SEC);
1638 } else {
1639 UINT8_TO_STREAM(p, I93_CMD_GET_MULTI_BLK_SEC);
1640 }
1641
1642 /* Parameters */
1643 ARRAY8_TO_STREAM(p, rw_cb.tcb.i93.uid); /* UID */
1644
1645 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_16BIT_NUM_BLOCK ||
1646 rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_EXT_COMMANDS) {
1647 UINT16_TO_STREAM(p, first_block_number); /* First block number */
1648 UINT16_TO_STREAM(
1649 p, number_blocks - 1); /* Number of blocks, 0x00 to read one block */
1650 p_cmd->len += 2;
1651 } else {
1652 UINT8_TO_STREAM(p, first_block_number); /* First block number */
1653 UINT8_TO_STREAM(
1654 p, number_blocks - 1); /* Number of blocks, 0x00 to read one block */
1655 }
1656
1657 if (rw_i93_send_to_lower(p_cmd)) {
1658 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_EXT_COMMANDS)
1659 rw_cb.tcb.i93.sent_cmd = I93_CMD_EXT_GET_MULTI_BLK_SEC;
1660 else
1661 rw_cb.tcb.i93.sent_cmd = I93_CMD_GET_MULTI_BLK_SEC;
1662 return NFC_STATUS_OK;
1663 } else {
1664 return NFC_STATUS_FAILED;
1665 }
1666 }
1667
1668 /*******************************************************************************
1669 **
1670 ** Function rw_i93_get_next_blocks
1671 **
1672 ** Description Read as many blocks as possible (up to
1673 ** RW_I93_READ_MULTI_BLOCK_SIZE)
1674 **
1675 ** Returns tNFC_STATUS
1676 **
1677 *******************************************************************************/
rw_i93_get_next_blocks(uint32_t offset)1678 tNFC_STATUS rw_i93_get_next_blocks(uint32_t offset) {
1679 tRW_I93_CB* p_i93 = &rw_cb.tcb.i93;
1680 uint32_t first_block;
1681 uint32_t num_block;
1682
1683 LOG(VERBOSE) << __func__;
1684
1685 first_block = offset / p_i93->block_size;
1686
1687 /* more blocks, more efficent but more error rate */
1688
1689 if (p_i93->intl_flags & RW_I93_FLAG_READ_MULTI_BLOCK) {
1690 num_block = RW_I93_READ_MULTI_BLOCK_SIZE / p_i93->block_size;
1691
1692 // first_block is an offset related to the beginning of the T5T_Area for T5T
1693 // tags but physical memory for ISO15693 tags
1694 if (p_i93->i93_t5t_mode == RW_I93_GET_SYS_INFO_MEM_INFO) {
1695 if (num_block + first_block > p_i93->num_block)
1696 num_block = p_i93->num_block - first_block;
1697 } else {
1698 if (num_block + first_block >
1699 p_i93->num_block + p_i93->t5t_area_start_block)
1700 num_block =
1701 p_i93->num_block - first_block + p_i93->t5t_area_start_block;
1702 }
1703
1704 if (p_i93->uid[1] == I93_UID_IC_MFG_CODE_STM) {
1705 /* LRIS64K, M24LR64-R, M24LR04E-R, M24LR16E-R, M24LR16D-W, M24LR64E-R
1706 ** require
1707 ** - The max number of blocks is 32 and they are all located in the
1708 ** same sector.
1709 ** - The sector is 32 blocks of 4 bytes.
1710 */
1711 if ((p_i93->product_version == RW_I93_STM_LRIS64K) ||
1712 (p_i93->product_version == RW_I93_STM_M24LR64_R) ||
1713 (p_i93->product_version == RW_I93_STM_M24LR04E_R) ||
1714 (p_i93->product_version == RW_I93_STM_M24LR16E_R) ||
1715 (p_i93->product_version == RW_I93_STM_M24LR16D_W) ||
1716 (p_i93->product_version == RW_I93_STM_M24LR64E_R)) {
1717 if (num_block > I93_STM_MAX_BLOCKS_PER_READ)
1718 num_block = I93_STM_MAX_BLOCKS_PER_READ;
1719
1720 if ((first_block / I93_STM_BLOCKS_PER_SECTOR) !=
1721 ((first_block + num_block - 1) / I93_STM_BLOCKS_PER_SECTOR)) {
1722 num_block = I93_STM_BLOCKS_PER_SECTOR -
1723 (first_block % I93_STM_BLOCKS_PER_SECTOR);
1724 }
1725 }
1726 }
1727
1728 if (p_i93->uid[1] == I93_UID_IC_MFG_CODE_ONS) {
1729 /* N24RF04, N24RF04E, N24RF16, N24RF16E, N24RF64, N24RF64E requires
1730 ** - The max number of blocks is 32 and they are all located in the
1731 ** same sector.
1732 ** - The sector is 32 blocks of 4 bytes.
1733 */
1734 if ((p_i93->product_version == RW_I93_ONS_N36RW02) ||
1735 (p_i93->product_version == RW_I93_ONS_N24RF04) ||
1736 (p_i93->product_version == RW_I93_ONS_N24RF04E) ||
1737 (p_i93->product_version == RW_I93_ONS_N24RF16) ||
1738 (p_i93->product_version == RW_I93_ONS_N24RF16E) ||
1739 (p_i93->product_version == RW_I93_ONS_N24RF64) ||
1740 (p_i93->product_version == RW_I93_ONS_N24RF64E)) {
1741 if (num_block > I93_ONS_MAX_BLOCKS_PER_READ)
1742 num_block = I93_ONS_MAX_BLOCKS_PER_READ;
1743
1744 if ((first_block / I93_ONS_BLOCKS_PER_SECTOR) !=
1745 ((first_block + num_block - 1) / I93_ONS_BLOCKS_PER_SECTOR)) {
1746 num_block = I93_ONS_BLOCKS_PER_SECTOR -
1747 (first_block % I93_ONS_BLOCKS_PER_SECTOR);
1748 }
1749 }
1750 }
1751
1752 if (num_block == 0) {
1753 /* only one remaining block to read */
1754 return rw_i93_send_cmd_read_single_block(first_block, false);
1755 }
1756
1757 return rw_i93_send_cmd_read_multi_blocks(first_block, num_block);
1758 } else {
1759 return rw_i93_send_cmd_read_single_block(first_block, false);
1760 }
1761 }
1762
1763 /*******************************************************************************
1764 **
1765 ** Function rw_i93_get_next_block_sec
1766 **
1767 ** Description Get as many security of blocks as possible from
1768 ** p_i93->rw_offset (up to RW_I93_GET_MULTI_BLOCK_SEC_SIZE)
1769 **
1770 ** Returns tNFC_STATUS
1771 **
1772 *******************************************************************************/
rw_i93_get_next_block_sec(void)1773 tNFC_STATUS rw_i93_get_next_block_sec(void) {
1774 tRW_I93_CB* p_i93 = &rw_cb.tcb.i93;
1775 uint32_t num_blocks;
1776
1777 LOG(VERBOSE) << __func__;
1778
1779 if (p_i93->num_block <= p_i93->rw_offset) {
1780 LOG(ERROR) << StringPrintf(
1781 "rw_offset(0x%x) must be less than num_block(0x%x)", p_i93->rw_offset,
1782 p_i93->num_block);
1783 return NFC_STATUS_FAILED;
1784 }
1785
1786 num_blocks = p_i93->num_block - p_i93->rw_offset;
1787
1788 if (num_blocks > RW_I93_GET_MULTI_BLOCK_SEC_SIZE)
1789 num_blocks = RW_I93_GET_MULTI_BLOCK_SEC_SIZE;
1790
1791 LOG(VERBOSE) << StringPrintf("%s intl_flags=%d", __func__,
1792 rw_cb.tcb.i93.intl_flags);
1793 return rw_i93_send_cmd_get_multi_block_sec(p_i93->rw_offset, num_blocks);
1794 }
1795
1796 /*******************************************************************************
1797 **
1798 ** Function rw_i93_sm_detect_ndef
1799 **
1800 ** Description Process NDEF detection procedure
1801 **
1802 ** 1. Get UID if not having yet
1803 ** 2. Get System Info if not having yet
1804 ** 3. Read first block for CC
1805 ** 4. Search NDEF Type and length
1806 ** 5. Get block status to get max NDEF size and read-only
1807 ** status
1808 **
1809 ** Returns void
1810 **
1811 *******************************************************************************/
rw_i93_sm_detect_ndef(NFC_HDR * p_resp)1812 void rw_i93_sm_detect_ndef(NFC_HDR* p_resp) {
1813 uint8_t *p = (uint8_t*)(p_resp + 1) + p_resp->offset, *p_uid;
1814 uint8_t flags, u8 = 0, cc[4];
1815 uint16_t length = p_resp->len, xx;
1816 uint32_t block, first_block, last_block, num_blocks;
1817 tRW_I93_CB* p_i93 = &rw_cb.tcb.i93;
1818 tRW_DATA rw_data;
1819 tNFC_STATUS status = NFC_STATUS_FAILED;
1820
1821 LOG(VERBOSE) << StringPrintf(
1822 "%s - sub_state:%s (0x%x)", __func__,
1823 rw_i93_get_sub_state_name(p_i93->sub_state).c_str(), p_i93->sub_state);
1824
1825 if (length == 0) {
1826 android_errorWriteLog(0x534e4554, "121260197");
1827 rw_i93_handle_error(NFC_STATUS_FAILED);
1828 return;
1829 }
1830 STREAM_TO_UINT8(flags, p);
1831 length--;
1832
1833 if (flags & I93_FLAG_ERROR_DETECTED) {
1834 if ((length) && (rw_i93_check_sys_info_prot_ext(*p))) {
1835 /* getting system info with protocol extension flag */
1836 /* This STM & ONS tag supports more than 2040 bytes */
1837 p_i93->intl_flags |= RW_I93_FLAG_16BIT_NUM_BLOCK;
1838 } else {
1839 LOG(VERBOSE) << StringPrintf("%s - Got error flags (0x%02x)", __func__,
1840 flags);
1841 rw_i93_handle_error(NFC_STATUS_FAILED);
1842 }
1843 return;
1844 }
1845
1846 switch (p_i93->sub_state) {
1847 case RW_I93_SUBSTATE_WAIT_UID:
1848
1849 if (length < (I93_UID_BYTE_LEN + 1)) {
1850 android_errorWriteLog(0x534e4554, "121260197");
1851 rw_i93_handle_error(NFC_STATUS_FAILED);
1852 return;
1853 }
1854 STREAM_TO_UINT8(u8, p); /* DSFID */
1855 p_uid = p_i93->uid;
1856 STREAM_TO_ARRAY8(p_uid, p);
1857
1858 if (u8 != I93_DFS_UNSUPPORTED) {
1859 /* if Data Storage Format is unknown */
1860 LOG(VERBOSE) << StringPrintf("%s - Got unknown DSFID (0x%02x)", __func__,
1861 u8);
1862 rw_i93_handle_error(NFC_STATUS_FAILED);
1863 } else {
1864 /* get system information to get memory size */
1865 if (rw_i93_send_cmd_get_sys_info(nullptr, I93_FLAG_PROT_EXT_NO) ==
1866 NFC_STATUS_OK) {
1867 p_i93->sub_state = RW_I93_SUBSTATE_WAIT_SYS_INFO;
1868 } else {
1869 rw_i93_handle_error(NFC_STATUS_FAILED);
1870 }
1871 }
1872 break;
1873
1874 case RW_I93_SUBSTATE_WAIT_SYS_INFO:
1875
1876 p_i93->block_size = 0;
1877 p_i93->num_block = 0;
1878
1879 if (!rw_i93_process_sys_info(p, length)) {
1880 /* retrying with protocol extension flag */
1881 break;
1882 }
1883
1884 if ((p_i93->block_size == 0) || (p_i93->num_block == 0)) {
1885 LOG(VERBOSE) << StringPrintf("%s - Unable to get tag memory size",
1886 __func__);
1887 rw_i93_handle_error(status);
1888 } else {
1889 /* read CC in the first block */
1890 if (rw_i93_send_cmd_read_single_block(0x0000, false) == NFC_STATUS_OK) {
1891 p_i93->sub_state = RW_I93_SUBSTATE_WAIT_CC;
1892 } else {
1893 rw_i93_handle_error(NFC_STATUS_FAILED);
1894 }
1895 }
1896 break;
1897
1898 case RW_I93_SUBSTATE_WAIT_CC:
1899
1900 if (length < RW_I93_CC_SIZE) {
1901 android_errorWriteLog(0x534e4554, "139188579");
1902 rw_i93_handle_error(NFC_STATUS_FAILED);
1903 return;
1904 }
1905
1906 /* assume block size is more than RW_I93_CC_SIZE 4 */
1907 STREAM_TO_ARRAY(cc, p, RW_I93_CC_SIZE);
1908
1909 status = NFC_STATUS_FAILED;
1910
1911 /*
1912 ** Capability Container (CC)
1913 **
1914 ** CC[0] : magic number (0xE1)
1915 ** CC[1] : Bit 7-6:Major version number
1916 ** : Bit 5-4:Minor version number
1917 ** : Bit 3-2:Read access condition (00b: read access granted
1918 ** without any security)
1919 ** : Bit 1-0:Write access condition (00b: write access granted
1920 ** without any security)
1921 ** CC[2] : Memory size in 8 bytes (Ex. 0x04 is 32 bytes) [STM, ONS set
1922 ** to 0xFF if more than 2040bytes]
1923 ** CC[3] : Bit 0:Read multiple blocks is supported [NXP, STM, ONS]
1924 ** : Bit 1:Inventory page read is supported [NXP]
1925 ** : Bit 2:More than 2040 bytes are supported [STM, ONS]
1926 */
1927
1928 LOG(VERBOSE) << StringPrintf("%s - cc[0-3]: 0x%02X 0x%02X 0x%02X 0x%02X",
1929 __func__, cc[0], cc[1], cc[2], cc[3]);
1930
1931 LOG(VERBOSE) << StringPrintf("%s - Total blocks:0x%04X, Block size:0x%02X",
1932 __func__, p_i93->num_block, p_i93->block_size);
1933
1934 if ((cc[0] == I93_ICODE_CC_MAGIC_NUMER_E1) ||
1935 (cc[0] == I93_ICODE_CC_MAGIC_NUMER_E2)) {
1936 if ((cc[1] & 0xC0) > I93_VERSION_1_x) {
1937 LOG(VERBOSE) << StringPrintf("%s - Major mapping version above 1 %d.x",
1938 __func__, cc[1] >> 6);
1939 /* major mapping version above 1 not supported */
1940 rw_i93_handle_error(NFC_STATUS_FAILED);
1941 break;
1942 }
1943 if ((cc[1] & I93_ICODE_CC_READ_ACCESS_MASK) ==
1944 I93_ICODE_CC_READ_ACCESS_GRANTED) {
1945 if ((cc[1] & I93_ICODE_CC_WRITE_ACCESS_MASK) !=
1946 I93_ICODE_CC_WRITE_ACCESS_GRANTED) {
1947 /* read-only or password required to write */
1948 p_i93->intl_flags |= RW_I93_FLAG_READ_ONLY;
1949 }
1950 if (cc[3] & I93_ICODE_CC_MBREAD_MASK) {
1951 /* tag supports read multiple blocks command */
1952 p_i93->intl_flags |= RW_I93_FLAG_READ_MULTI_BLOCK;
1953 }
1954 if (cc[3] & I93_ICODE_CC_SPECIAL_FRAME_MASK) {
1955 /* tag supports Special Frame for Write-Alike commands */
1956 p_i93->intl_flags |= RW_I93_FLAG_SPECIAL_FRAME;
1957 }
1958 if (cc[0] == I93_ICODE_CC_MAGIC_NUMER_E2) {
1959 p_i93->intl_flags |= RW_I93_FLAG_EXT_COMMANDS;
1960 }
1961 status = NFC_STATUS_OK;
1962 }
1963 }
1964
1965 if (status == NFC_STATUS_OK) {
1966 /* seach NDEF TLV from offset 4 when CC file coded on 4 bytes NFC Forum
1967 */
1968 if (cc[2] != 0)
1969 p_i93->rw_offset = 4;
1970 else
1971 p_i93->rw_offset = 8;
1972
1973 if (rw_i93_get_next_blocks(p_i93->rw_offset) == NFC_STATUS_OK) {
1974 p_i93->sub_state = RW_I93_SUBSTATE_SEARCH_NDEF_TLV;
1975 p_i93->tlv_detect_state = RW_I93_TLV_DETECT_STATE_TYPE;
1976 } else {
1977 rw_i93_handle_error(NFC_STATUS_FAILED);
1978 }
1979 } else {
1980 rw_i93_handle_error(NFC_STATUS_FAILED);
1981 }
1982 break;
1983
1984 case RW_I93_SUBSTATE_SEARCH_NDEF_TLV:
1985
1986 /* search TLV within read blocks */
1987 for (xx = 0; xx < length; xx++) {
1988 /* if looking for type */
1989 if (p_i93->tlv_detect_state == RW_I93_TLV_DETECT_STATE_TYPE) {
1990 if (*(p + xx) == I93_ICODE_TLV_TYPE_NULL) {
1991 continue;
1992 } else if ((*(p + xx) == I93_ICODE_TLV_TYPE_NDEF) ||
1993 (*(p + xx) == I93_ICODE_TLV_TYPE_PROP)) {
1994 /* store found type and get length field */
1995 p_i93->tlv_type = *(p + xx);
1996 p_i93->ndef_tlv_start_offset = p_i93->rw_offset + xx;
1997
1998 p_i93->tlv_detect_state = RW_I93_TLV_DETECT_STATE_LENGTH_1;
1999 } else if (*(p + xx) == I93_ICODE_TLV_TYPE_TERM) {
2000 /* no NDEF TLV found */
2001 p_i93->tlv_type = I93_ICODE_TLV_TYPE_TERM;
2002 break;
2003 } else {
2004 LOG(VERBOSE) << StringPrintf("%s - Invalid type: 0x%02x", __func__,
2005 *(p + xx));
2006 rw_i93_handle_error(NFC_STATUS_FAILED);
2007 return;
2008 }
2009 } else if (p_i93->tlv_detect_state ==
2010 RW_I93_TLV_DETECT_STATE_LENGTH_1) {
2011 /* if 3 bytes length field */
2012 if (*(p + xx) == 0xFF) {
2013 /* need 2 more bytes for length field */
2014 p_i93->tlv_detect_state = RW_I93_TLV_DETECT_STATE_LENGTH_2;
2015 } else {
2016 p_i93->tlv_length = *(p + xx);
2017 p_i93->tlv_detect_state = RW_I93_TLV_DETECT_STATE_VALUE;
2018
2019 if (p_i93->tlv_type == I93_ICODE_TLV_TYPE_NDEF) {
2020 p_i93->ndef_tlv_last_offset =
2021 p_i93->ndef_tlv_start_offset + 1 + p_i93->tlv_length;
2022 break;
2023 }
2024 }
2025 } else if (p_i93->tlv_detect_state ==
2026 RW_I93_TLV_DETECT_STATE_LENGTH_2) {
2027 /* the second byte of 3 bytes length field */
2028 p_i93->tlv_length = *(p + xx);
2029 p_i93->tlv_detect_state = RW_I93_TLV_DETECT_STATE_LENGTH_3;
2030 } else if (p_i93->tlv_detect_state ==
2031 RW_I93_TLV_DETECT_STATE_LENGTH_3) {
2032 /* the last byte of 3 bytes length field */
2033 p_i93->tlv_length = (p_i93->tlv_length << 8) + *(p + xx);
2034 p_i93->tlv_detect_state = RW_I93_TLV_DETECT_STATE_VALUE;
2035
2036 if (p_i93->tlv_type == I93_ICODE_TLV_TYPE_NDEF) {
2037 p_i93->ndef_tlv_last_offset =
2038 p_i93->ndef_tlv_start_offset + 3 + p_i93->tlv_length;
2039 break;
2040 }
2041 } else if (p_i93->tlv_detect_state == RW_I93_TLV_DETECT_STATE_VALUE) {
2042 /* this is other than NDEF TLV */
2043 if (p_i93->tlv_length <= length - xx) {
2044 /* skip value field */
2045 xx += (uint8_t)p_i93->tlv_length;
2046 p_i93->tlv_detect_state = RW_I93_TLV_DETECT_STATE_TYPE;
2047 } else {
2048 /* read more data */
2049 p_i93->tlv_length -= (length - xx);
2050 break;
2051 }
2052 }
2053 }
2054
2055 /* found NDEF TLV and read length field */
2056 if ((p_i93->tlv_type == I93_ICODE_TLV_TYPE_NDEF) &&
2057 (p_i93->tlv_detect_state == RW_I93_TLV_DETECT_STATE_VALUE)) {
2058 p_i93->ndef_length = p_i93->tlv_length;
2059
2060 /* get lock status to see if read-only */
2061 if ((p_i93->product_version == RW_I93_TAG_IT_HF_I_STD_CHIP_INLAY) ||
2062 (p_i93->product_version == RW_I93_TAG_IT_HF_I_PRO_CHIP_INLAY) ||
2063 ((p_i93->uid[1] == I93_UID_IC_MFG_CODE_NXP) &&
2064 (p_i93->ic_reference & I93_ICODE_IC_REF_MBREAD_MASK))) {
2065 /* these doesn't support GetMultiBlockSecurityStatus */
2066
2067 p_i93->rw_offset = p_i93->ndef_tlv_start_offset;
2068 first_block = p_i93->ndef_tlv_start_offset / p_i93->block_size;
2069
2070 /* read block to get lock status */
2071 rw_i93_send_cmd_read_single_block(first_block, true);
2072 p_i93->sub_state = RW_I93_SUBSTATE_CHECK_LOCK_STATUS;
2073 } else {
2074 /* block offset for read-only check */
2075 p_i93->rw_offset = 0;
2076
2077 if (rw_i93_get_next_block_sec() == NFC_STATUS_OK) {
2078 p_i93->sub_state = RW_I93_SUBSTATE_CHECK_LOCK_STATUS;
2079 } else {
2080 rw_i93_handle_error(NFC_STATUS_FAILED);
2081 }
2082 }
2083 } else {
2084 /* read more data */
2085 p_i93->rw_offset += length;
2086
2087 if (p_i93->rw_offset >= p_i93->block_size * p_i93->num_block) {
2088 rw_i93_handle_error(NFC_STATUS_FAILED);
2089 } else if (rw_i93_get_next_blocks(p_i93->rw_offset) == NFC_STATUS_OK) {
2090 p_i93->sub_state = RW_I93_SUBSTATE_SEARCH_NDEF_TLV;
2091 } else {
2092 rw_i93_handle_error(NFC_STATUS_FAILED);
2093 }
2094 }
2095 break;
2096
2097 case RW_I93_SUBSTATE_CHECK_LOCK_STATUS:
2098
2099 if ((p_i93->product_version == RW_I93_TAG_IT_HF_I_STD_CHIP_INLAY) ||
2100 (p_i93->product_version == RW_I93_TAG_IT_HF_I_PRO_CHIP_INLAY) ||
2101 ((p_i93->uid[1] == I93_UID_IC_MFG_CODE_NXP) &&
2102 (p_i93->ic_reference & I93_ICODE_IC_REF_MBREAD_MASK))) {
2103 /* these doesn't support GetMultiBlockSecurityStatus */
2104
2105 block = (p_i93->rw_offset / p_i93->block_size);
2106 last_block = (p_i93->ndef_tlv_last_offset / p_i93->block_size);
2107
2108 if (length == 0) {
2109 rw_i93_handle_error(NFC_STATUS_FAILED);
2110 }
2111 if ((*p) & I93_BLOCK_LOCKED) {
2112 if (block <= last_block) {
2113 p_i93->intl_flags |= RW_I93_FLAG_READ_ONLY;
2114 }
2115 } else {
2116 /* if we need to check more user blocks */
2117 if (block + 1 < p_i93->num_block) {
2118 p_i93->rw_offset += p_i93->block_size;
2119
2120 /* read block to get lock status */
2121 rw_i93_send_cmd_read_single_block(
2122 (uint32_t)(p_i93->rw_offset / p_i93->block_size), true);
2123 break;
2124 }
2125 }
2126
2127 p_i93->max_ndef_length =
2128 p_i93->ndef_length
2129 /* add available bytes including the last block of NDEF TLV */
2130 + (p_i93->block_size * (block - last_block) + 1) -
2131 (p_i93->ndef_tlv_last_offset % p_i93->block_size) - 1;
2132 } else {
2133 if (p_i93->rw_offset == 0) {
2134 p_i93->max_ndef_length =
2135 p_i93->ndef_length
2136 /* add available bytes in the last block of NDEF TLV */
2137 + p_i93->block_size -
2138 (p_i93->ndef_tlv_last_offset % p_i93->block_size) - 1;
2139
2140 first_block = (p_i93->ndef_tlv_start_offset / p_i93->block_size);
2141 } else {
2142 first_block = 0;
2143 }
2144
2145 last_block = (p_i93->ndef_tlv_last_offset / p_i93->block_size);
2146 num_blocks = length;
2147
2148 for (block = first_block; block < num_blocks; block++) {
2149 /* if any block of NDEF TLV is locked */
2150 if ((block + p_i93->rw_offset) <= last_block) {
2151 if (*(p + block) & I93_BLOCK_LOCKED) {
2152 p_i93->intl_flags |= RW_I93_FLAG_READ_ONLY;
2153 break;
2154 }
2155 } else {
2156 if (*(p + block) & I93_BLOCK_LOCKED) {
2157 /* no more consecutive unlocked block */
2158 break;
2159 } else {
2160 /* add block size if not locked */
2161 p_i93->max_ndef_length += p_i93->block_size;
2162 }
2163 }
2164 }
2165
2166 /* update next security of block to check */
2167 p_i93->rw_offset += num_blocks;
2168
2169 /* if need to check more */
2170 if (p_i93->num_block > p_i93->rw_offset) {
2171 if (rw_i93_get_next_block_sec() != NFC_STATUS_OK) {
2172 rw_i93_handle_error(NFC_STATUS_FAILED);
2173 }
2174 break;
2175 }
2176 }
2177
2178 /* check if need to adjust max NDEF length */
2179 if ((p_i93->ndef_length < 0xFF) && (p_i93->max_ndef_length >= 0xFF)) {
2180 /* 3 bytes length field must be used */
2181 p_i93->max_ndef_length -= 2;
2182 }
2183
2184 rw_data.ndef.status = NFC_STATUS_OK;
2185 rw_data.ndef.protocol = NFC_PROTOCOL_T5T;
2186 rw_data.ndef.flags = 0;
2187 rw_data.ndef.flags |= RW_NDEF_FL_SUPPORTED;
2188 rw_data.ndef.flags |= RW_NDEF_FL_FORMATED;
2189 rw_data.ndef.flags |= RW_NDEF_FL_FORMATABLE;
2190 rw_data.ndef.cur_size = p_i93->ndef_length;
2191
2192 if (p_i93->intl_flags & RW_I93_FLAG_READ_ONLY) {
2193 rw_data.ndef.flags |= RW_NDEF_FL_READ_ONLY;
2194 rw_data.ndef.max_size = p_i93->ndef_length;
2195 } else {
2196 rw_data.ndef.flags |= RW_NDEF_FL_HARD_LOCKABLE;
2197 rw_data.ndef.max_size = p_i93->max_ndef_length;
2198 }
2199
2200 p_i93->state = RW_I93_STATE_IDLE;
2201 p_i93->sent_cmd = 0;
2202
2203 LOG(VERBOSE) << StringPrintf(
2204 "%s - NDEF cur_size(%d),max_size (%d), flags (0x%x)", __func__,
2205 rw_data.ndef.cur_size, rw_data.ndef.max_size, rw_data.ndef.flags);
2206
2207 (*(rw_cb.p_cback))(RW_I93_NDEF_DETECT_EVT, &rw_data);
2208 break;
2209
2210 default:
2211 break;
2212 }
2213 }
2214
2215 /*******************************************************************************
2216 **
2217 ** Function rw_i93_sm_read_ndef
2218 **
2219 ** Description Process NDEF read procedure
2220 **
2221 ** Returns void
2222 **
2223 *******************************************************************************/
rw_i93_sm_read_ndef(NFC_HDR * p_resp)2224 void rw_i93_sm_read_ndef(NFC_HDR* p_resp) {
2225 uint8_t* p = (uint8_t*)(p_resp + 1) + p_resp->offset;
2226 uint8_t flags;
2227 uint32_t offset;
2228 uint16_t length = p_resp->len;
2229 tRW_I93_CB* p_i93 = &rw_cb.tcb.i93;
2230 tRW_DATA rw_data;
2231
2232 LOG(VERBOSE) << __func__;
2233
2234 if (length == 0) {
2235 android_errorWriteLog(0x534e4554, "122035770");
2236 rw_i93_handle_error(NFC_STATUS_FAILED);
2237 return;
2238 }
2239
2240 STREAM_TO_UINT8(flags, p);
2241 length--;
2242
2243 if (flags & I93_FLAG_ERROR_DETECTED) {
2244 LOG(VERBOSE) << StringPrintf("%s - Got error flags (0x%02x)", __func__,
2245 flags);
2246 rw_i93_handle_error(NFC_STATUS_FAILED);
2247 return;
2248 }
2249
2250 /* if this is the first block */
2251 if (p_i93->rw_length == 0) {
2252 /* get start of NDEF in the first block */
2253 offset = p_i93->ndef_tlv_start_offset % p_i93->block_size;
2254
2255 if (p_i93->ndef_length < 0xFF) {
2256 offset += 2;
2257 } else {
2258 offset += 4;
2259 }
2260
2261 /* adjust offset if read more blocks because the first block doesn't have
2262 * NDEF */
2263 offset -= (p_i93->rw_offset - p_i93->ndef_tlv_start_offset);
2264 } else {
2265 offset = 0;
2266 }
2267
2268 /* if read enough data to skip type and length field for the beginning */
2269 if (offset < length) {
2270 offset++; /* flags */
2271 p_resp->offset += offset;
2272 p_resp->len -= offset;
2273
2274 rw_data.data.status = NFC_STATUS_OK;
2275 rw_data.data.p_data = p_resp;
2276
2277 p_i93->rw_length += p_resp->len;
2278 } else {
2279 /* in case of no Ndef data included */
2280 p_resp->len = 0;
2281 }
2282
2283 /* if read all of NDEF data */
2284 if (p_i93->rw_length >= p_i93->ndef_length) {
2285 /* remove extra btyes in the last block */
2286 p_resp->len -= (p_i93->rw_length - p_i93->ndef_length);
2287
2288 p_i93->state = RW_I93_STATE_IDLE;
2289 p_i93->sent_cmd = 0;
2290
2291 LOG(VERBOSE) << StringPrintf("%s - NDEF read complete read (%d)/total (%d)",
2292 __func__, p_resp->len, p_i93->ndef_length);
2293
2294 (*(rw_cb.p_cback))(RW_I93_NDEF_READ_CPLT_EVT, &rw_data);
2295 } else {
2296 LOG(VERBOSE) << StringPrintf("%s - NDEF read segment read (%d)/total (%d)",
2297 __func__, p_resp->len, p_i93->ndef_length);
2298
2299 if (p_resp->len > 0) {
2300 (*(rw_cb.p_cback))(RW_I93_NDEF_READ_EVT, &rw_data);
2301 } else {
2302 // free buffer, if len == 0
2303 GKI_freebuf(p_resp);
2304 }
2305
2306 /* this will make read data from next block */
2307 p_i93->rw_offset += length;
2308
2309 if (rw_i93_get_next_blocks(p_i93->rw_offset) != NFC_STATUS_OK) {
2310 rw_i93_handle_error(NFC_STATUS_FAILED);
2311 }
2312 }
2313 }
2314
2315 /*******************************************************************************
2316 **
2317 ** Function rw_i93_sm_update_ndef
2318 **
2319 ** Description Process NDEF update procedure
2320 **
2321 ** 1. Set length field to zero
2322 ** 2. Write NDEF and Terminator TLV
2323 ** 3. Set length field to NDEF length
2324 **
2325 ** Returns void
2326 **
2327 *******************************************************************************/
rw_i93_sm_update_ndef(NFC_HDR * p_resp)2328 void rw_i93_sm_update_ndef(NFC_HDR* p_resp) {
2329 uint8_t* p = (uint8_t*)(p_resp + 1) + p_resp->offset;
2330 uint8_t flags, buff[I93_MAX_BLOCK_LENGH];
2331 uint16_t length = p_resp->len, xx;
2332 uint32_t length_offset, block_number;
2333
2334 tRW_I93_CB* p_i93 = &rw_cb.tcb.i93;
2335 tRW_DATA rw_data;
2336
2337 LOG(VERBOSE) << StringPrintf(
2338 "%s - sub_state:%s (0x%x)", __func__,
2339 rw_i93_get_sub_state_name(p_i93->sub_state).c_str(), p_i93->sub_state);
2340
2341 if (length == 0 || p_i93->block_size > I93_MAX_BLOCK_LENGH) {
2342 android_errorWriteLog(0x534e4554, "122320256");
2343 rw_i93_handle_error(NFC_STATUS_FAILED);
2344 return;
2345 }
2346
2347 STREAM_TO_UINT8(flags, p);
2348 length--;
2349
2350 if (flags & I93_FLAG_ERROR_DETECTED) {
2351 if (((p_i93->product_version == RW_I93_TAG_IT_HF_I_PLUS_INLAY) ||
2352 (p_i93->product_version == RW_I93_TAG_IT_HF_I_PLUS_CHIP) ||
2353 (p_i93->product_version == RW_I93_TAG_IT_HF_I_STD_CHIP_INLAY) ||
2354 (p_i93->product_version == RW_I93_TAG_IT_HF_I_PRO_CHIP_INLAY)) &&
2355 (*p == I93_ERROR_CODE_BLOCK_FAIL_TO_WRITE)) {
2356 /* ignore error */
2357 } else {
2358 LOG(VERBOSE) << StringPrintf("%s - Got error flags (0x%02x)", __func__,
2359 flags);
2360 rw_i93_handle_error(NFC_STATUS_FAILED);
2361 return;
2362 }
2363 }
2364
2365 switch (p_i93->sub_state) {
2366 case RW_I93_SUBSTATE_RESET_LEN:
2367
2368 /* get offset of length field */
2369 length_offset = (p_i93->ndef_tlv_start_offset + 1) % p_i93->block_size;
2370
2371 if (length < length_offset) {
2372 android_errorWriteLog(0x534e4554, "122320256");
2373 rw_i93_handle_error(NFC_STATUS_FAILED);
2374 return;
2375 }
2376
2377 /* set length to zero */
2378 *(p + length_offset) = 0x00;
2379
2380 if (p_i93->ndef_length > 0) {
2381 /* if 3 bytes length field is needed */
2382 if (p_i93->ndef_length >= 0xFF) {
2383 xx = length_offset + 3;
2384 } else {
2385 xx = length_offset + 1;
2386 }
2387
2388 /* write the first part of NDEF in the same block */
2389 for (; xx < p_i93->block_size; xx++) {
2390 if (xx > length || p_i93->rw_length > p_i93->ndef_length) {
2391 android_errorWriteLog(0x534e4554, "122320256");
2392 rw_i93_handle_error(NFC_STATUS_FAILED);
2393 return;
2394 }
2395 if (p_i93->rw_length < p_i93->ndef_length) {
2396 *(p + xx) = *(p_i93->p_update_data + p_i93->rw_length++);
2397 } else {
2398 *(p + xx) = I93_ICODE_TLV_TYPE_NULL;
2399 }
2400 }
2401 }
2402
2403 block_number = (p_i93->ndef_tlv_start_offset + 1) / p_i93->block_size;
2404
2405 if (length < p_i93->block_size) {
2406 android_errorWriteLog(0x534e4554, "143109193");
2407 rw_i93_handle_error(NFC_STATUS_FAILED);
2408 } else if (rw_i93_send_cmd_write_single_block(block_number, p) ==
2409 NFC_STATUS_OK) {
2410 /* update next writing offset */
2411 p_i93->rw_offset = (block_number + 1) * p_i93->block_size;
2412 p_i93->sub_state = RW_I93_SUBSTATE_WRITE_NDEF;
2413 } else {
2414 rw_i93_handle_error(NFC_STATUS_FAILED);
2415 }
2416 break;
2417
2418 case RW_I93_SUBSTATE_WRITE_NDEF:
2419
2420 /* if it's not the end of tag memory */
2421 if (p_i93->rw_offset < p_i93->block_size * p_i93->num_block) {
2422 block_number = p_i93->rw_offset / p_i93->block_size;
2423
2424 /* if we have more data to write */
2425 if (p_i93->rw_length < p_i93->ndef_length) {
2426 p = p_i93->p_update_data + p_i93->rw_length;
2427
2428 p_i93->rw_offset += p_i93->block_size;
2429 p_i93->rw_length += p_i93->block_size;
2430
2431 /* if this is the last block of NDEF TLV */
2432 if (p_i93->rw_length > p_i93->ndef_length) {
2433 /* length of NDEF TLV in the block */
2434 xx = (uint8_t)(p_i93->block_size -
2435 (p_i93->rw_length - p_i93->ndef_length));
2436
2437 /* set NULL TLV in the unused part of block */
2438 memset(buff, I93_ICODE_TLV_TYPE_NULL, p_i93->block_size);
2439 memcpy(buff, p, xx);
2440 p = buff;
2441
2442 /* if it's the end of tag memory */
2443 if ((p_i93->rw_offset >= p_i93->block_size * p_i93->num_block) &&
2444 (xx < p_i93->block_size)) {
2445 buff[xx] = I93_ICODE_TLV_TYPE_TERM;
2446 }
2447
2448 p_i93->ndef_tlv_last_offset =
2449 p_i93->rw_offset - p_i93->block_size + xx - 1;
2450 }
2451
2452 if (rw_i93_send_cmd_write_single_block(block_number, p) !=
2453 NFC_STATUS_OK) {
2454 rw_i93_handle_error(NFC_STATUS_FAILED);
2455 }
2456 } else {
2457 /* if this is the very next block of NDEF TLV */
2458 if (block_number ==
2459 (p_i93->ndef_tlv_last_offset / p_i93->block_size) + 1) {
2460 p_i93->rw_offset += p_i93->block_size;
2461
2462 /* write Terminator TLV and NULL TLV */
2463 memset(buff, I93_ICODE_TLV_TYPE_NULL, p_i93->block_size);
2464 buff[0] = I93_ICODE_TLV_TYPE_TERM;
2465 p = buff;
2466
2467 if (rw_i93_send_cmd_write_single_block(block_number, p) !=
2468 NFC_STATUS_OK) {
2469 rw_i93_handle_error(NFC_STATUS_FAILED);
2470 }
2471 } else {
2472 /* finished writing NDEF and Terminator TLV */
2473 /* read length field to update length */
2474 block_number =
2475 (p_i93->ndef_tlv_start_offset + 1) / p_i93->block_size;
2476
2477 if (rw_i93_send_cmd_read_single_block(block_number, false) ==
2478 NFC_STATUS_OK) {
2479 /* set offset to length field */
2480 p_i93->rw_offset = p_i93->ndef_tlv_start_offset + 1;
2481
2482 /* get size of length field */
2483 if (p_i93->ndef_length >= 0xFF) {
2484 p_i93->rw_length = 3;
2485 } else if (p_i93->ndef_length > 0) {
2486 p_i93->rw_length = 1;
2487 } else {
2488 p_i93->rw_length = 0;
2489 }
2490
2491 p_i93->sub_state = RW_I93_SUBSTATE_UPDATE_LEN;
2492 } else {
2493 rw_i93_handle_error(NFC_STATUS_FAILED);
2494 }
2495 }
2496 }
2497 } else {
2498 /* if we have no more data to write */
2499 if (p_i93->rw_length >= p_i93->ndef_length) {
2500 /* finished writing NDEF and Terminator TLV */
2501 /* read length field to update length */
2502 block_number = (p_i93->ndef_tlv_start_offset + 1) / p_i93->block_size;
2503
2504 if (rw_i93_send_cmd_read_single_block(block_number, false) ==
2505 NFC_STATUS_OK) {
2506 /* set offset to length field */
2507 p_i93->rw_offset = p_i93->ndef_tlv_start_offset + 1;
2508
2509 /* get size of length field */
2510 if (p_i93->ndef_length >= 0xFF) {
2511 p_i93->rw_length = 3;
2512 } else if (p_i93->ndef_length > 0) {
2513 p_i93->rw_length = 1;
2514 } else {
2515 p_i93->rw_length = 0;
2516 }
2517
2518 p_i93->sub_state = RW_I93_SUBSTATE_UPDATE_LEN;
2519 break;
2520 }
2521 }
2522 rw_i93_handle_error(NFC_STATUS_FAILED);
2523 }
2524 break;
2525
2526 case RW_I93_SUBSTATE_UPDATE_LEN:
2527
2528 /* if we have more length field to write */
2529 if (p_i93->rw_length > 0) {
2530 /* if we got ack for writing, read next block to update rest of length
2531 * field */
2532 if (length == 0) {
2533 block_number = p_i93->rw_offset / p_i93->block_size;
2534
2535 if (rw_i93_send_cmd_read_single_block(block_number, false) !=
2536 NFC_STATUS_OK) {
2537 rw_i93_handle_error(NFC_STATUS_FAILED);
2538 }
2539 } else {
2540 length_offset = p_i93->rw_offset % p_i93->block_size;
2541
2542 /* update length field within the read block */
2543 for (xx = length_offset; xx < p_i93->block_size; xx++) {
2544 if (xx > length) {
2545 android_errorWriteLog(0x534e4554, "122320256");
2546 rw_i93_handle_error(NFC_STATUS_FAILED);
2547 return;
2548 }
2549
2550 if (p_i93->rw_length == 3)
2551 *(p + xx) = 0xFF;
2552 else if (p_i93->rw_length == 2)
2553 *(p + xx) = (uint8_t)((p_i93->ndef_length >> 8) & 0xFF);
2554 else if (p_i93->rw_length == 1)
2555 *(p + xx) = (uint8_t)(p_i93->ndef_length & 0xFF);
2556
2557 p_i93->rw_length--;
2558 if (p_i93->rw_length == 0) break;
2559 }
2560
2561 block_number = (p_i93->rw_offset / p_i93->block_size);
2562
2563 if (length < p_i93->block_size) {
2564 android_errorWriteLog(0x534e4554, "143155861");
2565 rw_i93_handle_error(NFC_STATUS_FAILED);
2566 } else if (rw_i93_send_cmd_write_single_block(block_number, p) ==
2567 NFC_STATUS_OK) {
2568 /* set offset to the beginning of next block */
2569 p_i93->rw_offset +=
2570 p_i93->block_size - (p_i93->rw_offset % p_i93->block_size);
2571 } else {
2572 rw_i93_handle_error(NFC_STATUS_FAILED);
2573 }
2574 }
2575 } else {
2576 LOG(VERBOSE) << StringPrintf(
2577 "%s - NDEF update complete, %d bytes, (%d-%d)", __func__,
2578 p_i93->ndef_length, p_i93->ndef_tlv_start_offset,
2579 p_i93->ndef_tlv_last_offset);
2580
2581 p_i93->state = RW_I93_STATE_IDLE;
2582 p_i93->sent_cmd = 0;
2583 p_i93->p_update_data = nullptr;
2584
2585 rw_data.status = NFC_STATUS_OK;
2586 (*(rw_cb.p_cback))(RW_I93_NDEF_UPDATE_CPLT_EVT, &rw_data);
2587 }
2588 break;
2589
2590 default:
2591 break;
2592 }
2593 }
2594
2595 /*******************************************************************************
2596 **
2597 ** Function rw_i93_sm_format
2598 **
2599 ** Description Process format procedure
2600 **
2601 ** 1. Get UID
2602 ** 2. Get sys info for memory size (reset AFI/DSFID)
2603 ** 3. Get block status to get read-only status
2604 ** 4. Write CC and empty NDEF
2605 **
2606 ** Returns void
2607 **
2608 *******************************************************************************/
rw_i93_sm_format(NFC_HDR * p_resp)2609 void rw_i93_sm_format(NFC_HDR* p_resp) {
2610 uint8_t *p = (uint8_t*)(p_resp + 1) + p_resp->offset, *p_uid;
2611 uint8_t flags;
2612 uint16_t length = p_resp->len, xx;
2613 uint32_t block_number;
2614 tRW_I93_CB* p_i93 = &rw_cb.tcb.i93;
2615 tRW_DATA rw_data;
2616 tNFC_STATUS status = NFC_STATUS_FAILED;
2617
2618 LOG(VERBOSE) << StringPrintf(
2619 "sub_state:%s (0x%x)",
2620 rw_i93_get_sub_state_name(p_i93->sub_state).c_str(), p_i93->sub_state);
2621
2622 if (length == 0) {
2623 android_errorWriteLog(0x534e4554, "122323053");
2624 return;
2625 }
2626 STREAM_TO_UINT8(flags, p);
2627 length--;
2628
2629 if (flags & I93_FLAG_ERROR_DETECTED) {
2630 if (((p_i93->product_version == RW_I93_TAG_IT_HF_I_PLUS_INLAY) ||
2631 (p_i93->product_version == RW_I93_TAG_IT_HF_I_PLUS_CHIP) ||
2632 (p_i93->product_version == RW_I93_TAG_IT_HF_I_STD_CHIP_INLAY) ||
2633 (p_i93->product_version == RW_I93_TAG_IT_HF_I_PRO_CHIP_INLAY)) &&
2634 (*p == I93_ERROR_CODE_BLOCK_FAIL_TO_WRITE)) {
2635 /* ignore error */
2636 } else if ((length) && (rw_i93_check_sys_info_prot_ext(*p))) {
2637 /* getting system info with protocol extension flag */
2638 /* This STM & ONS tag supports more than 2040 bytes */
2639 p_i93->intl_flags |= RW_I93_FLAG_16BIT_NUM_BLOCK;
2640 return;
2641 } else {
2642 LOG(VERBOSE) << StringPrintf("Got error flags (0x%02x)", flags);
2643 rw_i93_handle_error(NFC_STATUS_FAILED);
2644 return;
2645 }
2646 }
2647
2648 switch (p_i93->sub_state) {
2649 case RW_I93_SUBSTATE_WAIT_UID:
2650
2651 if (length < (I93_UID_BYTE_LEN + 1)) {
2652 android_errorWriteLog(0x534e4554, "122323053");
2653 return;
2654 }
2655 p++; /* skip DSFID */
2656 p_uid = p_i93->uid;
2657 STREAM_TO_ARRAY8(p_uid, p); /* store UID */
2658
2659 /* get system information to get memory size */
2660 if (rw_i93_send_cmd_get_sys_info(nullptr, I93_FLAG_PROT_EXT_NO) ==
2661 NFC_STATUS_OK) {
2662 p_i93->sub_state = RW_I93_SUBSTATE_WAIT_SYS_INFO;
2663 } else {
2664 rw_i93_handle_error(NFC_STATUS_FAILED);
2665 }
2666 break;
2667
2668 case RW_I93_SUBSTATE_WAIT_SYS_INFO:
2669
2670 p_i93->block_size = 0;
2671 p_i93->num_block = 0;
2672
2673 if (!rw_i93_process_sys_info(p, length)) {
2674 /* retrying with protocol extension flag */
2675 break;
2676 }
2677
2678 if (p_i93->info_flags & I93_INFO_FLAG_DSFID) {
2679 /* DSFID, if any DSFID then reset */
2680 if (p_i93->dsfid != I93_DFS_UNSUPPORTED) {
2681 p_i93->intl_flags |= RW_I93_FLAG_RESET_DSFID;
2682 }
2683 }
2684 if (p_i93->info_flags & I93_INFO_FLAG_AFI) {
2685 /* AFI, reset to 0 */
2686 if (p_i93->afi != 0x00) {
2687 p_i93->intl_flags |= RW_I93_FLAG_RESET_AFI;
2688 }
2689 }
2690
2691 if ((p_i93->block_size == 0) || (p_i93->num_block == 0)) {
2692 LOG(VERBOSE) << StringPrintf("Unable to get tag memory size");
2693 rw_i93_handle_error(status);
2694 } else if (p_i93->intl_flags & RW_I93_FLAG_RESET_DSFID) {
2695 if (rw_i93_send_cmd_write_dsfid(I93_DFS_UNSUPPORTED) == NFC_STATUS_OK) {
2696 p_i93->sub_state = RW_I93_SUBSTATE_WAIT_RESET_DSFID_AFI;
2697 } else {
2698 rw_i93_handle_error(NFC_STATUS_FAILED);
2699 }
2700 } else if (p_i93->intl_flags & RW_I93_FLAG_RESET_AFI) {
2701 if (rw_i93_send_cmd_write_afi(0x00) == NFC_STATUS_OK) {
2702 p_i93->sub_state = RW_I93_SUBSTATE_WAIT_RESET_DSFID_AFI;
2703 } else {
2704 rw_i93_handle_error(NFC_STATUS_FAILED);
2705 }
2706 } else {
2707 /* get lock status to see if read-only */
2708 if ((p_i93->uid[1] == I93_UID_IC_MFG_CODE_NXP) &&
2709 (p_i93->ic_reference & I93_ICODE_IC_REF_MBREAD_MASK)) {
2710 /* these doesn't support GetMultiBlockSecurityStatus */
2711
2712 rw_cb.tcb.i93.rw_offset = 0;
2713
2714 /* read blocks with option flag to get block security status */
2715 if (rw_i93_send_cmd_read_single_block(0x0000, true) ==
2716 NFC_STATUS_OK) {
2717 p_i93->sub_state = RW_I93_SUBSTATE_CHECK_READ_ONLY;
2718 } else {
2719 rw_i93_handle_error(NFC_STATUS_FAILED);
2720 }
2721 } else {
2722 /* block offset for read-only check */
2723 p_i93->rw_offset = 0;
2724
2725 if (rw_i93_get_next_block_sec() == NFC_STATUS_OK) {
2726 p_i93->sub_state = RW_I93_SUBSTATE_CHECK_READ_ONLY;
2727 } else {
2728 rw_i93_handle_error(NFC_STATUS_FAILED);
2729 }
2730 }
2731 }
2732
2733 break;
2734
2735 case RW_I93_SUBSTATE_WAIT_RESET_DSFID_AFI:
2736
2737 if (p_i93->sent_cmd == I93_CMD_WRITE_DSFID) {
2738 p_i93->intl_flags &= ~RW_I93_FLAG_RESET_DSFID;
2739 } else if (p_i93->sent_cmd == I93_CMD_WRITE_AFI) {
2740 p_i93->intl_flags &= ~RW_I93_FLAG_RESET_AFI;
2741 }
2742
2743 if (p_i93->intl_flags & RW_I93_FLAG_RESET_DSFID) {
2744 if (rw_i93_send_cmd_write_dsfid(I93_DFS_UNSUPPORTED) == NFC_STATUS_OK) {
2745 p_i93->sub_state = RW_I93_SUBSTATE_WAIT_RESET_DSFID_AFI;
2746 } else {
2747 rw_i93_handle_error(NFC_STATUS_FAILED);
2748 }
2749 } else if (p_i93->intl_flags & RW_I93_FLAG_RESET_AFI) {
2750 if (rw_i93_send_cmd_write_afi(0x00) == NFC_STATUS_OK) {
2751 p_i93->sub_state = RW_I93_SUBSTATE_WAIT_RESET_DSFID_AFI;
2752 } else {
2753 rw_i93_handle_error(NFC_STATUS_FAILED);
2754 }
2755 } else {
2756 /* get lock status to see if read-only */
2757 if ((p_i93->uid[1] == I93_UID_IC_MFG_CODE_NXP) &&
2758 (p_i93->ic_reference & I93_ICODE_IC_REF_MBREAD_MASK)) {
2759 /* these doesn't support GetMultiBlockSecurityStatus */
2760
2761 rw_cb.tcb.i93.rw_offset = 0;
2762
2763 /* read blocks with option flag to get block security status */
2764 if (rw_i93_send_cmd_read_single_block(0x0000, true) ==
2765 NFC_STATUS_OK) {
2766 p_i93->sub_state = RW_I93_SUBSTATE_CHECK_READ_ONLY;
2767 } else {
2768 rw_i93_handle_error(NFC_STATUS_FAILED);
2769 }
2770 } else {
2771 /* block offset for read-only check */
2772 p_i93->rw_offset = 0;
2773
2774 if (rw_i93_get_next_block_sec() == NFC_STATUS_OK) {
2775 p_i93->sub_state = RW_I93_SUBSTATE_CHECK_READ_ONLY;
2776 } else {
2777 rw_i93_handle_error(NFC_STATUS_FAILED);
2778 }
2779 }
2780 }
2781 break;
2782
2783 case RW_I93_SUBSTATE_CHECK_READ_ONLY:
2784
2785 if ((p_i93->product_version == RW_I93_TAG_IT_HF_I_STD_CHIP_INLAY) ||
2786 (p_i93->product_version == RW_I93_TAG_IT_HF_I_PRO_CHIP_INLAY) ||
2787 ((p_i93->uid[1] == I93_UID_IC_MFG_CODE_NXP) &&
2788 (p_i93->ic_reference & I93_ICODE_IC_REF_MBREAD_MASK))) {
2789 if (length == 0 || ((*p) & I93_BLOCK_LOCKED)) {
2790 rw_i93_handle_error(NFC_STATUS_FAILED);
2791 break;
2792 }
2793
2794 /* if we checked all of user blocks */
2795 if ((p_i93->rw_offset / p_i93->block_size) + 1 == p_i93->num_block) {
2796 if ((p_i93->product_version == RW_I93_TAG_IT_HF_I_STD_CHIP_INLAY) ||
2797 (p_i93->product_version == RW_I93_TAG_IT_HF_I_PRO_CHIP_INLAY)) {
2798 /* read the block which has AFI */
2799 p_i93->rw_offset = I93_TAG_IT_HF_I_STD_PRO_CHIP_INLAY_AFI_LOCATION;
2800 rw_i93_send_cmd_read_single_block(
2801 (uint32_t)(p_i93->rw_offset / p_i93->block_size), true);
2802 break;
2803 }
2804 } else if (p_i93->rw_offset ==
2805 I93_TAG_IT_HF_I_STD_PRO_CHIP_INLAY_AFI_LOCATION) {
2806 /* no block is locked */
2807 } else {
2808 p_i93->rw_offset += p_i93->block_size;
2809 rw_i93_send_cmd_read_single_block(
2810 (uint32_t)(p_i93->rw_offset / p_i93->block_size), true);
2811 break;
2812 }
2813 } else {
2814 /* if any block is locked, we cannot format it */
2815 for (xx = 0; xx < length; xx++) {
2816 if (*(p + xx) & I93_BLOCK_LOCKED) {
2817 rw_i93_handle_error(NFC_STATUS_FAILED);
2818 break;
2819 }
2820 }
2821
2822 /* update block offset for read-only check */
2823 p_i93->rw_offset += length;
2824
2825 /* if need to get more lock status of blocks */
2826 if (p_i93->num_block > p_i93->rw_offset) {
2827 if (rw_i93_get_next_block_sec() != NFC_STATUS_OK) {
2828 rw_i93_handle_error(NFC_STATUS_FAILED);
2829 }
2830 break;
2831 }
2832 }
2833
2834 /* get buffer to store CC, zero length NDEF TLV and Terminator TLV */
2835 /* Block size could be either 4 or 8 or 16 or 32 bytes */
2836 /* Get buffer for the largest block size I93_MAX_BLOCK_LENGH */
2837 p_i93->p_update_data = (uint8_t*)GKI_getbuf(I93_MAX_BLOCK_LENGH);
2838
2839 if (!p_i93->p_update_data) {
2840 LOG(ERROR) << StringPrintf("Cannot allocate buffer");
2841 rw_i93_handle_error(NFC_STATUS_FAILED);
2842 break;
2843 } else {
2844 switch (p_i93->block_size) {
2845 case 4:
2846 case 8:
2847 break;
2848 case 16:
2849 case 32: /* initialize unpopulated buffer b/139738828 */
2850 memset(p_i93->p_update_data, I93_ICODE_TLV_TYPE_NULL,
2851 I93_MAX_BLOCK_LENGH);
2852 break;
2853 default:
2854 android_errorWriteLog(0x534e4554, "157650336");
2855 rw_i93_handle_error(NFC_STATUS_FAILED);
2856 return;
2857 }
2858 }
2859
2860 p = p_i93->p_update_data;
2861
2862 /* Capability Container */
2863 *(p++) = I93_ICODE_CC_MAGIC_NUMER_E1; /* magic number */
2864 *(p++) = 0x40; /* version 1.0, read/write */
2865
2866 /* if memory size is less than 2048 bytes */
2867 if (((p_i93->num_block * p_i93->block_size) / 8) < 0x100)
2868 *(p++) = (uint8_t)((p_i93->num_block * p_i93->block_size) /
2869 8); /* memory size */
2870 else
2871 *(p++) = 0xFF;
2872
2873 if ((p_i93->product_version == RW_I93_ICODE_SLI) ||
2874 (p_i93->product_version == RW_I93_ICODE_SLI_S) ||
2875 (p_i93->product_version == RW_I93_ICODE_SLI_L)) {
2876 if (p_i93->ic_reference & I93_ICODE_IC_REF_MBREAD_MASK)
2877 *(p++) = I93_ICODE_CC_IPREAD_MASK; /* IPREAD */
2878 else
2879 *(p++) = I93_ICODE_CC_MBREAD_MASK; /* MBREAD, read multi block command
2880 supported */
2881 } else if ((p_i93->product_version == RW_I93_TAG_IT_HF_I_PLUS_INLAY) ||
2882 (p_i93->product_version == RW_I93_TAG_IT_HF_I_PLUS_CHIP)) {
2883 *(p++) = I93_ICODE_CC_MBREAD_MASK; /* MBREAD, read multi block command
2884 supported */
2885 } else if ((p_i93->product_version ==
2886 RW_I93_TAG_IT_HF_I_STD_CHIP_INLAY) ||
2887 (p_i93->product_version ==
2888 RW_I93_TAG_IT_HF_I_PRO_CHIP_INLAY)) {
2889 *(p++) = 0;
2890 } else {
2891 /* STM except LRIS2K, ONS, Broadcom supports read multi block command */
2892
2893 /* if memory size is more than 2040 bytes (which is not LRIS2K) */
2894 if (((p_i93->num_block * p_i93->block_size) / 8) > 0xFF)
2895 *(p++) = (I93_ICODE_CC_MBREAD_MASK | I93_STM_CC_OVERFLOW_MASK);
2896 else if (p_i93->product_version == RW_I93_STM_LRIS2K)
2897 *(p++) = 0x00;
2898 else
2899 *(p++) = I93_ICODE_CC_MBREAD_MASK;
2900 }
2901
2902 /* zero length NDEF and Terminator TLV */
2903 *(p++) = I93_ICODE_TLV_TYPE_NDEF;
2904 *(p++) = 0x00;
2905 *(p++) = I93_ICODE_TLV_TYPE_TERM;
2906 *(p++) = I93_ICODE_TLV_TYPE_NULL;
2907
2908 /* start from block 0 */
2909 p_i93->rw_offset = 0;
2910
2911 if (rw_i93_send_cmd_write_single_block(0, p_i93->p_update_data) ==
2912 NFC_STATUS_OK) {
2913 p_i93->sub_state = RW_I93_SUBSTATE_WRITE_CC_NDEF_TLV;
2914 p_i93->rw_offset += p_i93->block_size;
2915 } else {
2916 rw_i93_handle_error(NFC_STATUS_FAILED);
2917 }
2918 break;
2919
2920 case RW_I93_SUBSTATE_WRITE_CC_NDEF_TLV:
2921
2922 /* if we have more data to write */
2923 if (p_i93->rw_offset < RW_I93_FORMAT_DATA_LEN) {
2924 block_number = (p_i93->rw_offset / p_i93->block_size);
2925 p = p_i93->p_update_data + p_i93->rw_offset;
2926
2927 if (rw_i93_send_cmd_write_single_block(block_number, p) ==
2928 NFC_STATUS_OK) {
2929 p_i93->sub_state = RW_I93_SUBSTATE_WRITE_CC_NDEF_TLV;
2930 p_i93->rw_offset += p_i93->block_size;
2931 } else {
2932 rw_i93_handle_error(NFC_STATUS_FAILED);
2933 }
2934 } else {
2935 GKI_freebuf(p_i93->p_update_data);
2936 p_i93->p_update_data = nullptr;
2937
2938 p_i93->state = RW_I93_STATE_IDLE;
2939 p_i93->sent_cmd = 0;
2940
2941 rw_data.status = NFC_STATUS_OK;
2942 (*(rw_cb.p_cback))(RW_I93_FORMAT_CPLT_EVT, &rw_data);
2943 }
2944 break;
2945
2946 default:
2947 break;
2948 }
2949 }
2950
2951 /*******************************************************************************
2952 **
2953 ** Function rw_i93_sm_set_read_only
2954 **
2955 ** Description Process read-only procedure
2956 **
2957 ** 1. Update CC as read-only
2958 ** 2. Lock all block of NDEF TLV
2959 ** 3. Lock block of CC
2960 **
2961 ** Returns void
2962 **
2963 *******************************************************************************/
rw_i93_sm_set_read_only(NFC_HDR * p_resp)2964 void rw_i93_sm_set_read_only(NFC_HDR* p_resp) {
2965 uint8_t* p = (uint8_t*)(p_resp + 1) + p_resp->offset;
2966 uint8_t flags, block_number;
2967 uint16_t length = p_resp->len;
2968 tRW_I93_CB* p_i93 = &rw_cb.tcb.i93;
2969 tRW_DATA rw_data;
2970
2971 LOG(VERBOSE) << StringPrintf(
2972 "sub_state:%s (0x%x)",
2973 rw_i93_get_sub_state_name(p_i93->sub_state).c_str(), p_i93->sub_state);
2974
2975 if (length == 0) {
2976 android_errorWriteLog(0x534e4554, "122322613");
2977 rw_i93_handle_error(NFC_STATUS_FAILED);
2978 return;
2979 }
2980
2981 STREAM_TO_UINT8(flags, p);
2982 length--;
2983
2984 if (flags & I93_FLAG_ERROR_DETECTED) {
2985 if (((p_i93->product_version == RW_I93_TAG_IT_HF_I_PLUS_INLAY) ||
2986 (p_i93->product_version == RW_I93_TAG_IT_HF_I_PLUS_CHIP) ||
2987 (p_i93->product_version == RW_I93_TAG_IT_HF_I_STD_CHIP_INLAY) ||
2988 (p_i93->product_version == RW_I93_TAG_IT_HF_I_PRO_CHIP_INLAY)) &&
2989 (*p == I93_ERROR_CODE_BLOCK_FAIL_TO_WRITE)) {
2990 /* ignore error */
2991 } else {
2992 LOG(VERBOSE) << StringPrintf("Got error flags (0x%02x)", flags);
2993 rw_i93_handle_error(NFC_STATUS_FAILED);
2994 return;
2995 }
2996 }
2997
2998 switch (p_i93->sub_state) {
2999 case RW_I93_SUBSTATE_WAIT_CC:
3000
3001 if (length < RW_I93_CC_SIZE) {
3002 android_errorWriteLog(0x534e4554, "139188579");
3003 rw_i93_handle_error(NFC_STATUS_FAILED);
3004 return;
3005 }
3006
3007 /* mark CC as read-only */
3008 *(p + 1) |= I93_ICODE_CC_READ_ONLY;
3009
3010 if (length < p_i93->block_size) {
3011 android_errorWriteLog(0x534e4554, "143106535");
3012 rw_i93_handle_error(NFC_STATUS_FAILED);
3013 } else if (rw_i93_send_cmd_write_single_block(0, p) == NFC_STATUS_OK) {
3014 p_i93->sub_state = RW_I93_SUBSTATE_WAIT_UPDATE_CC;
3015 } else {
3016 rw_i93_handle_error(NFC_STATUS_FAILED);
3017 }
3018 break;
3019
3020 case RW_I93_SUBSTATE_WAIT_UPDATE_CC:
3021
3022 /* successfully write CC then lock all blocks of NDEF TLV */
3023 p_i93->rw_offset = p_i93->ndef_tlv_start_offset;
3024 block_number = (uint8_t)(p_i93->rw_offset / p_i93->block_size);
3025
3026 if (rw_i93_send_cmd_lock_block(block_number) == NFC_STATUS_OK) {
3027 p_i93->rw_offset += p_i93->block_size;
3028 p_i93->sub_state = RW_I93_SUBSTATE_LOCK_NDEF_TLV;
3029 } else {
3030 rw_i93_handle_error(NFC_STATUS_FAILED);
3031 }
3032 break;
3033
3034 case RW_I93_SUBSTATE_LOCK_NDEF_TLV:
3035
3036 /* if we need to lock more blocks */
3037 if (p_i93->rw_offset < p_i93->ndef_tlv_last_offset) {
3038 /* get the next block of NDEF TLV */
3039 block_number = (uint8_t)(p_i93->rw_offset / p_i93->block_size);
3040
3041 if (rw_i93_send_cmd_lock_block(block_number) == NFC_STATUS_OK) {
3042 p_i93->rw_offset += p_i93->block_size;
3043 } else {
3044 rw_i93_handle_error(NFC_STATUS_FAILED);
3045 }
3046 }
3047 /* if the first block of NDEF TLV is different from block of CC */
3048 else if (p_i93->ndef_tlv_start_offset / p_i93->block_size != 0) {
3049 /* lock block of CC */
3050 if (rw_i93_send_cmd_lock_block(0) == NFC_STATUS_OK) {
3051 p_i93->sub_state = RW_I93_SUBSTATE_WAIT_LOCK_CC;
3052 } else {
3053 rw_i93_handle_error(NFC_STATUS_FAILED);
3054 }
3055 } else {
3056 p_i93->intl_flags |= RW_I93_FLAG_READ_ONLY;
3057 p_i93->state = RW_I93_STATE_IDLE;
3058 p_i93->sent_cmd = 0;
3059
3060 rw_data.status = NFC_STATUS_OK;
3061 (*(rw_cb.p_cback))(RW_I93_SET_TAG_RO_EVT, &rw_data);
3062 }
3063 break;
3064
3065 case RW_I93_SUBSTATE_WAIT_LOCK_CC:
3066
3067 p_i93->intl_flags |= RW_I93_FLAG_READ_ONLY;
3068 p_i93->state = RW_I93_STATE_IDLE;
3069 p_i93->sent_cmd = 0;
3070
3071 rw_data.status = NFC_STATUS_OK;
3072 (*(rw_cb.p_cback))(RW_I93_SET_TAG_RO_EVT, &rw_data);
3073 break;
3074
3075 default:
3076 break;
3077 }
3078 }
3079
3080 /*******************************************************************************
3081 **
3082 ** Function rw_i93_handle_error
3083 **
3084 ** Description notify error to application and clean up
3085 **
3086 ** Returns none
3087 **
3088 *******************************************************************************/
rw_i93_handle_error(tNFC_STATUS status)3089 void rw_i93_handle_error(tNFC_STATUS status) {
3090 tRW_I93_CB* p_i93 = &rw_cb.tcb.i93;
3091 tRW_DATA rw_data;
3092 tRW_EVENT event;
3093
3094 LOG(VERBOSE) << StringPrintf("%s - status:0x%02X, state:0x%X", __func__, status,
3095 p_i93->state);
3096
3097 nfc_stop_quick_timer(&p_i93->timer);
3098
3099 if (rw_cb.p_cback) {
3100 rw_data.status = status;
3101 switch (p_i93->state) {
3102 case RW_I93_STATE_IDLE: /* in case of RawFrame */
3103 event = RW_I93_INTF_ERROR_EVT;
3104 break;
3105
3106 case RW_I93_STATE_BUSY:
3107 if (p_i93->sent_cmd == I93_CMD_STAY_QUIET) {
3108 /* There is no response to Stay Quiet command */
3109 rw_data.i93_cmd_cmpl.status = NFC_STATUS_OK;
3110 rw_data.i93_cmd_cmpl.command = I93_CMD_STAY_QUIET;
3111 rw_data.i93_cmd_cmpl.error_code = 0;
3112 event = RW_I93_CMD_CMPL_EVT;
3113 } else {
3114 event = RW_I93_INTF_ERROR_EVT;
3115 }
3116 break;
3117
3118 case RW_I93_STATE_DETECT_NDEF:
3119 rw_data.ndef.protocol = NFC_PROTOCOL_T5T;
3120 rw_data.ndef.cur_size = 0;
3121 rw_data.ndef.max_size = 0;
3122 rw_data.ndef.flags = 0;
3123 rw_data.ndef.flags |= RW_NDEF_FL_FORMATABLE;
3124 rw_data.ndef.flags |= RW_NDEF_FL_UNKNOWN;
3125 event = RW_I93_NDEF_DETECT_EVT;
3126 break;
3127
3128 case RW_I93_STATE_READ_NDEF:
3129 event = RW_I93_NDEF_READ_FAIL_EVT;
3130 break;
3131
3132 case RW_I93_STATE_UPDATE_NDEF:
3133 p_i93->p_update_data = nullptr;
3134 event = RW_I93_NDEF_UPDATE_FAIL_EVT;
3135 break;
3136
3137 case RW_I93_STATE_FORMAT:
3138 if (p_i93->p_update_data) {
3139 GKI_freebuf(p_i93->p_update_data);
3140 p_i93->p_update_data = nullptr;
3141 }
3142 event = RW_I93_FORMAT_CPLT_EVT;
3143 break;
3144
3145 case RW_I93_STATE_SET_READ_ONLY:
3146 event = RW_I93_SET_TAG_RO_EVT;
3147 break;
3148
3149 case RW_I93_STATE_PRESENCE_CHECK:
3150 event = RW_I93_PRESENCE_CHECK_EVT;
3151 LOG(VERBOSE) << StringPrintf("%s - in pres check, may change status:0x%X",
3152 __func__, status);
3153 if (status == NFC_STATUS_TIMEOUT) {
3154 rw_data.status = NFC_STATUS_RF_FRAME_CORRUPTED;
3155 }
3156 break;
3157
3158 default:
3159 event = RW_I93_MAX_EVT;
3160 break;
3161 }
3162
3163 p_i93->state = RW_I93_STATE_IDLE;
3164 p_i93->sent_cmd = 0;
3165
3166 if (event != RW_I93_MAX_EVT) {
3167 (*(rw_cb.p_cback))(event, &rw_data);
3168 }
3169 } else {
3170 p_i93->state = RW_I93_STATE_IDLE;
3171 }
3172 }
3173
3174 /*******************************************************************************
3175 **
3176 ** Function rw_i93_process_timeout
3177 **
3178 ** Description process timeout event
3179 **
3180 ** Returns none
3181 **
3182 *******************************************************************************/
rw_i93_process_timeout(TIMER_LIST_ENT * p_tle)3183 void rw_i93_process_timeout(TIMER_LIST_ENT* p_tle) {
3184 NFC_HDR* p_buf;
3185
3186 LOG(VERBOSE) << StringPrintf("%s - event=%d", __func__, p_tle->event);
3187
3188 if (rw_cb.tcb.i93.state == RW_I93_STATE_PRESENCE_CHECK) {
3189 rw_i93_handle_error(NFC_STATUS_RF_FRAME_CORRUPTED);
3190 return;
3191 }
3192 if (p_tle->event == NFC_TTYPE_RW_I93_RESPONSE) {
3193 if ((rw_cb.tcb.i93.retry_count < RW_MAX_RETRIES) &&
3194 (rw_cb.tcb.i93.p_retry_cmd) &&
3195 (rw_cb.tcb.i93.sent_cmd != I93_CMD_STAY_QUIET)) {
3196 rw_cb.tcb.i93.retry_count++;
3197 LOG(ERROR) << StringPrintf("%s - retry_count = %d", __func__,
3198 rw_cb.tcb.i93.retry_count);
3199
3200 p_buf = rw_cb.tcb.i93.p_retry_cmd;
3201 rw_cb.tcb.i93.p_retry_cmd = nullptr;
3202
3203 if (rw_i93_send_to_lower(p_buf)) {
3204 return;
3205 }
3206 }
3207
3208 /* all retrial is done or failed to send command to lower layer */
3209 if (rw_cb.tcb.i93.p_retry_cmd) {
3210 GKI_freebuf(rw_cb.tcb.i93.p_retry_cmd);
3211 rw_cb.tcb.i93.p_retry_cmd = nullptr;
3212 rw_cb.tcb.i93.retry_count = 0;
3213 }
3214
3215 if (t5t_no_getsysinfo() &&
3216 ((rw_cb.tcb.i93.sent_cmd == I93_CMD_GET_SYS_INFO) ||
3217 (rw_cb.tcb.i93.sent_cmd == I93_CMD_EXT_GET_SYS_INFO))) {
3218 /* read CC in the first block */
3219 rw_cb.tcb.i93.intl_flags = 0;
3220 rw_i93_send_cmd_read_single_block(0x0000, false);
3221 rw_cb.tcb.i93.sub_state = RW_I93_SUBSTATE_WAIT_CC;
3222 return;
3223 }
3224 rw_i93_handle_error(NFC_STATUS_TIMEOUT);
3225 } else {
3226 LOG(ERROR) << StringPrintf("%s - unknown event=%d", __func__, p_tle->event);
3227 }
3228 }
3229
3230 /*******************************************************************************
3231 **
3232 ** Function rw_i93_data_cback
3233 **
3234 ** Description This callback function receives the data from NFCC.
3235 **
3236 ** Returns none
3237 **
3238 *******************************************************************************/
rw_i93_data_cback(uint8_t conn_id,tNFC_CONN_EVT event,tNFC_CONN * p_data)3239 static void rw_i93_data_cback(__attribute__((unused)) uint8_t conn_id,
3240 tNFC_CONN_EVT event, tNFC_CONN* p_data) {
3241 tRW_I93_CB* p_i93 = &rw_cb.tcb.i93;
3242 NFC_HDR* p_resp;
3243 tRW_DATA rw_data;
3244
3245 uint8_t begin_state = p_i93->state;
3246
3247 LOG(VERBOSE) << StringPrintf("%s - event = 0x%X", __func__, event);
3248
3249 if ((event == NFC_DEACTIVATE_CEVT) || (event == NFC_ERROR_CEVT) ||
3250 ((event == NFC_DATA_CEVT) && (p_data->status != NFC_STATUS_OK))) {
3251 nfc_stop_quick_timer(&p_i93->timer);
3252
3253 if (event == NFC_ERROR_CEVT || (p_data->status != NFC_STATUS_OK)) {
3254 if ((p_i93->retry_count < RW_MAX_RETRIES) && (p_i93->p_retry_cmd)) {
3255 p_i93->retry_count++;
3256
3257 LOG(ERROR) << StringPrintf("%s - retry_count = %d", __func__,
3258 p_i93->retry_count);
3259
3260 p_resp = p_i93->p_retry_cmd;
3261 p_i93->p_retry_cmd = nullptr;
3262 if (rw_i93_send_to_lower(p_resp)) {
3263 if (event == NFC_DATA_CEVT) {
3264 p_resp = (NFC_HDR*)p_data->data.p_data;
3265 GKI_freebuf(p_resp);
3266 }
3267 return;
3268 }
3269 }
3270
3271 /* all retrial is done or failed to send command to lower layer */
3272 if (p_i93->p_retry_cmd) {
3273 GKI_freebuf(p_i93->p_retry_cmd);
3274 p_i93->p_retry_cmd = nullptr;
3275 p_i93->retry_count = 0;
3276 }
3277
3278 rw_i93_handle_error((tNFC_STATUS)(*(uint8_t*)p_data));
3279 } else {
3280 /* free retry buffer */
3281 if (p_i93->p_retry_cmd) {
3282 GKI_freebuf(p_i93->p_retry_cmd);
3283 p_i93->p_retry_cmd = nullptr;
3284 p_i93->retry_count = 0;
3285 }
3286 NFC_SetStaticRfCback(nullptr);
3287 p_i93->state = RW_I93_STATE_NOT_ACTIVATED;
3288 }
3289 if ((event == NFC_DATA_CEVT) && (p_data->status != NFC_STATUS_OK)) {
3290 p_resp = (NFC_HDR*)p_data->data.p_data;
3291 GKI_freebuf(p_resp);
3292 }
3293 return;
3294 }
3295
3296 if (event != NFC_DATA_CEVT) {
3297 return;
3298 }
3299
3300 p_resp = (NFC_HDR*)p_data->data.p_data;
3301
3302 nfc_stop_quick_timer(&p_i93->timer);
3303
3304 /* free retry buffer */
3305 if (p_i93->p_retry_cmd) {
3306 GKI_freebuf(p_i93->p_retry_cmd);
3307 p_i93->p_retry_cmd = nullptr;
3308 p_i93->retry_count = 0;
3309 }
3310
3311 LOG(VERBOSE) << StringPrintf("%s - RW I93 state: <%s (%d)>", __func__,
3312 rw_i93_get_state_name(p_i93->state).c_str(),
3313 p_i93->state);
3314
3315 switch (p_i93->state) {
3316 case RW_I93_STATE_IDLE:
3317 /* Unexpected Response from VICC, it should be raw frame response */
3318 /* forward to upper layer without parsing */
3319 p_i93->sent_cmd = 0;
3320 if (rw_cb.p_cback) {
3321 rw_data.raw_frame.status = p_data->data.status;
3322 rw_data.raw_frame.p_data = p_resp;
3323 (*(rw_cb.p_cback))(RW_I93_RAW_FRAME_EVT, &rw_data);
3324 p_resp = nullptr;
3325 } else {
3326 GKI_freebuf(p_resp);
3327 }
3328 break;
3329 case RW_I93_STATE_BUSY:
3330 p_i93->state = RW_I93_STATE_IDLE;
3331 rw_i93_send_to_upper(p_resp);
3332 GKI_freebuf(p_resp);
3333 break;
3334
3335 case RW_I93_STATE_DETECT_NDEF:
3336 if (p_i93->i93_t5t_mode == RW_I93_GET_SYS_INFO_MEM_INFO) {
3337 LOG(VERBOSE) << StringPrintf("%s - rw_i93_sm_detect_ndef()", __func__);
3338 rw_i93_sm_detect_ndef(p_resp);
3339 } else {
3340 LOG(VERBOSE) << StringPrintf("%s - rw_t5t_sm_detect_ndef()", __func__);
3341 rw_t5t_sm_detect_ndef(p_resp);
3342 }
3343 GKI_freebuf(p_resp);
3344 break;
3345
3346 case RW_I93_STATE_READ_NDEF:
3347 rw_i93_sm_read_ndef(p_resp);
3348 /* p_resp may send upper lyaer */
3349 break;
3350
3351 case RW_I93_STATE_UPDATE_NDEF:
3352 if (p_i93->i93_t5t_mode == RW_I93_GET_SYS_INFO_MEM_INFO) {
3353 LOG(VERBOSE) << StringPrintf("%s - rw_i93_sm_update_ndef()", __func__);
3354 rw_i93_sm_update_ndef(p_resp);
3355 } else {
3356 LOG(VERBOSE) << StringPrintf("%s - rw_t5t_sm_update_ndef()", __func__);
3357 rw_t5t_sm_update_ndef(p_resp);
3358 }
3359 GKI_freebuf(p_resp);
3360 break;
3361
3362 case RW_I93_STATE_FORMAT:
3363 rw_i93_sm_format(p_resp);
3364 GKI_freebuf(p_resp);
3365 break;
3366
3367 case RW_I93_STATE_SET_READ_ONLY:
3368 if (p_i93->i93_t5t_mode == RW_I93_GET_SYS_INFO_MEM_INFO) {
3369 LOG(VERBOSE) << StringPrintf("%s - rw_i93_sm_set_read_only()", __func__);
3370 rw_i93_sm_set_read_only(p_resp);
3371 } else {
3372 LOG(VERBOSE) << StringPrintf("%s - rw_t5t_sm_set_read_only()", __func__);
3373 rw_t5t_sm_set_read_only(p_resp);
3374 }
3375 GKI_freebuf(p_resp);
3376 break;
3377
3378 case RW_I93_STATE_PRESENCE_CHECK:
3379 p_i93->state = RW_I93_STATE_IDLE;
3380 p_i93->sent_cmd = 0;
3381
3382 /* if any response, send presence check with ok */
3383 rw_data.status = NFC_STATUS_OK;
3384 (*(rw_cb.p_cback))(RW_I93_PRESENCE_CHECK_EVT, &rw_data);
3385 GKI_freebuf(p_resp);
3386 break;
3387
3388 default:
3389 LOG(ERROR) << StringPrintf("%s - invalid state=%d", __func__,
3390 p_i93->state);
3391 GKI_freebuf(p_resp);
3392 break;
3393 }
3394
3395 if (begin_state != p_i93->state) {
3396 LOG(VERBOSE) << StringPrintf("%s - RW I93 state changed:<%s> -> <%s>",
3397 __func__,
3398 rw_i93_get_state_name(begin_state).c_str(),
3399 rw_i93_get_state_name(p_i93->state).c_str());
3400 }
3401 }
3402
3403 /*******************************************************************************
3404 **
3405 ** Function rw_i93_select
3406 **
3407 ** Description Initialise ISO 15693 / T5T RW
3408 **
3409 ** Returns NFC_STATUS_OK if success
3410 **
3411 *******************************************************************************/
rw_i93_select(uint8_t * p_uid)3412 tNFC_STATUS rw_i93_select(uint8_t* p_uid) {
3413 tRW_I93_CB* p_i93 = &rw_cb.tcb.i93;
3414 uint8_t uid[I93_UID_BYTE_LEN], *p;
3415
3416 LOG(VERBOSE) << __func__;
3417
3418 NFC_SetStaticRfCback(rw_i93_data_cback);
3419
3420 p_i93->state = RW_I93_STATE_IDLE;
3421
3422 /* convert UID to big endian format - MSB(0xE0) in first byte */
3423 p = uid;
3424 STREAM_TO_ARRAY8(p, p_uid);
3425
3426 rw_i93_get_product_version(uid);
3427
3428 return NFC_STATUS_OK;
3429 }
3430
3431 /*******************************************************************************
3432 **
3433 ** Function RW_I93Inventory
3434 **
3435 ** Description This function send Inventory command with/without AFI
3436 ** If UID is provided then set UID[0]:MSB, ... UID[7]:LSB
3437 **
3438 ** RW_I93_RESPONSE_EVT will be returned
3439 **
3440 ** Returns NFC_STATUS_OK if success
3441 ** NFC_STATUS_NO_BUFFERS if out of buffer
3442 ** NFC_STATUS_BUSY if busy
3443 ** NFC_STATUS_FAILED if other error
3444 **
3445 *******************************************************************************/
RW_I93Inventory(bool including_afi,uint8_t afi,uint8_t * p_uid)3446 tNFC_STATUS RW_I93Inventory(bool including_afi, uint8_t afi, uint8_t* p_uid) {
3447 tNFC_STATUS status;
3448
3449 LOG(VERBOSE) << StringPrintf(", including_afi:%d, AFI:0x%02X", including_afi,
3450 afi);
3451
3452 if (rw_cb.tcb.i93.state != RW_I93_STATE_IDLE) {
3453 LOG(ERROR) << StringPrintf("Unable to start command at state (0x%X)",
3454 rw_cb.tcb.i93.state);
3455 return NFC_STATUS_BUSY;
3456 }
3457
3458 status = rw_i93_send_cmd_inventory(p_uid, including_afi, afi);
3459
3460 if (status == NFC_STATUS_OK) {
3461 rw_cb.tcb.i93.state = RW_I93_STATE_BUSY;
3462 }
3463
3464 return (status);
3465 }
3466
3467 /*******************************************************************************
3468 **
3469 ** Function RW_I93StayQuiet
3470 **
3471 ** Description This function send Inventory command
3472 **
3473 ** RW_I93_CMD_CMPL_EVT will be returned
3474 **
3475 ** Returns NFC_STATUS_OK if success
3476 ** NFC_STATUS_NO_BUFFERS if out of buffer
3477 ** NFC_STATUS_BUSY if busy
3478 ** NFC_STATUS_FAILED if other error
3479 **
3480 *******************************************************************************/
RW_I93StayQuiet(uint8_t * p_uid)3481 tNFC_STATUS RW_I93StayQuiet(uint8_t* p_uid) {
3482 tNFC_STATUS status = NFC_STATUS_FAILED;
3483
3484 LOG(VERBOSE) << __func__;
3485
3486 if (rw_cb.tcb.i93.state != RW_I93_STATE_IDLE) {
3487 LOG(ERROR) << StringPrintf("%s - Unable to start command at state (0x%X)",
3488 __func__, rw_cb.tcb.i93.state);
3489 return NFC_STATUS_BUSY;
3490 }
3491
3492 if (p_uid) {
3493 status = rw_i93_send_cmd_stay_quiet(p_uid);
3494 if (status == NFC_STATUS_OK) {
3495 rw_cb.tcb.i93.state = RW_I93_STATE_BUSY;
3496 rw_cb.tcb.i93.addr_mode = RW_I93_MODE_ADDRESSED;
3497 }
3498 }
3499
3500 return status;
3501 }
3502
3503 /*******************************************************************************
3504 **
3505 ** Function RW_I93ReadSingleBlock
3506 **
3507 ** Description This function send Read Single Block command
3508 **
3509 ** RW_I93_RESPONSE_EVT will be returned
3510 **
3511 ** Returns NFC_STATUS_OK if success
3512 ** NFC_STATUS_NO_BUFFERS if out of buffer
3513 ** NFC_STATUS_BUSY if busy
3514 ** NFC_STATUS_FAILED if other error
3515 **
3516 *******************************************************************************/
RW_I93ReadSingleBlock(uint16_t block_number)3517 tNFC_STATUS RW_I93ReadSingleBlock(uint16_t block_number) {
3518 tNFC_STATUS status;
3519
3520 LOG(VERBOSE) << StringPrintf("%s - block_number:0x%02X", __func__,
3521 block_number);
3522
3523 if (rw_cb.tcb.i93.state != RW_I93_STATE_IDLE) {
3524 LOG(ERROR) << StringPrintf("Unable to start command at state (0x%X)",
3525 rw_cb.tcb.i93.state);
3526 return NFC_STATUS_BUSY;
3527 }
3528
3529 status = rw_i93_send_cmd_read_single_block(block_number, false);
3530 if (status == NFC_STATUS_OK) {
3531 rw_cb.tcb.i93.state = RW_I93_STATE_BUSY;
3532 }
3533
3534 return status;
3535 }
3536
3537 /*******************************************************************************
3538 **
3539 ** Function RW_I93WriteSingleBlock
3540 **
3541 ** Description This function send Write Single Block command
3542 ** Application must get block size first by calling
3543 ** RW_I93GetSysInfo().
3544 **
3545 ** RW_I93_CMD_CMPL_EVT will be returned
3546 **
3547 ** Returns NFC_STATUS_OK if success
3548 ** NFC_STATUS_NO_BUFFERS if out of buffer
3549 ** NFC_STATUS_BUSY if busy
3550 ** NFC_STATUS_FAILED if other error
3551 **
3552 *******************************************************************************/
RW_I93WriteSingleBlock(uint16_t block_number,uint8_t * p_data)3553 tNFC_STATUS RW_I93WriteSingleBlock(uint16_t block_number, uint8_t* p_data) {
3554 tNFC_STATUS status;
3555
3556 LOG(VERBOSE) << __func__;
3557
3558 if (rw_cb.tcb.i93.state != RW_I93_STATE_IDLE) {
3559 LOG(ERROR) << StringPrintf("Unable to start command at state (0x%X)",
3560 rw_cb.tcb.i93.state);
3561 return NFC_STATUS_BUSY;
3562 }
3563
3564 if (rw_cb.tcb.i93.block_size == 0) {
3565 LOG(ERROR) << StringPrintf("Block size is unknown");
3566 return NFC_STATUS_FAILED;
3567 }
3568
3569 status = rw_i93_send_cmd_write_single_block(block_number, p_data);
3570 if (status == NFC_STATUS_OK) {
3571 rw_cb.tcb.i93.state = RW_I93_STATE_BUSY;
3572 }
3573
3574 return status;
3575 }
3576
3577 /*******************************************************************************
3578 **
3579 ** Function RW_I93LockBlock
3580 **
3581 ** Description This function send Lock Block command
3582 **
3583 ** RW_I93_CMD_CMPL_EVT will be returned
3584 **
3585 ** Returns NFC_STATUS_OK if success
3586 ** NFC_STATUS_NO_BUFFERS if out of buffer
3587 ** NFC_STATUS_BUSY if busy
3588 ** NFC_STATUS_FAILED if other error
3589 **
3590 *******************************************************************************/
RW_I93LockBlock(uint8_t block_number)3591 tNFC_STATUS RW_I93LockBlock(uint8_t block_number) {
3592 tNFC_STATUS status;
3593
3594 LOG(VERBOSE) << __func__;
3595
3596 if (rw_cb.tcb.i93.state != RW_I93_STATE_IDLE) {
3597 LOG(ERROR) << StringPrintf("Unable to start command at state (0x%X)",
3598 rw_cb.tcb.i93.state);
3599 return NFC_STATUS_BUSY;
3600 }
3601
3602 status = rw_i93_send_cmd_lock_block(block_number);
3603 if (status == NFC_STATUS_OK) {
3604 rw_cb.tcb.i93.state = RW_I93_STATE_BUSY;
3605 }
3606
3607 return status;
3608 }
3609
3610 /*******************************************************************************
3611 **
3612 ** Function RW_I93ReadMultipleBlocks
3613 **
3614 ** Description This function send Read Multiple Blocks command
3615 **
3616 ** RW_I93_RESPONSE_EVT will be returned
3617 **
3618 ** Returns NFC_STATUS_OK if success
3619 ** NFC_STATUS_NO_BUFFERS if out of buffer
3620 ** NFC_STATUS_BUSY if busy
3621 ** NFC_STATUS_FAILED if other error
3622 **
3623 *******************************************************************************/
RW_I93ReadMultipleBlocks(uint16_t first_block_number,uint16_t number_blocks)3624 tNFC_STATUS RW_I93ReadMultipleBlocks(uint16_t first_block_number,
3625 uint16_t number_blocks) {
3626 tNFC_STATUS status;
3627
3628 LOG(VERBOSE) << __func__;
3629
3630 if (rw_cb.tcb.i93.state != RW_I93_STATE_IDLE) {
3631 LOG(ERROR) << StringPrintf("Unable to start command at state (0x%X)",
3632 rw_cb.tcb.i93.state);
3633 return NFC_STATUS_BUSY;
3634 }
3635
3636 status = rw_i93_send_cmd_read_multi_blocks(first_block_number, number_blocks);
3637 if (status == NFC_STATUS_OK) {
3638 rw_cb.tcb.i93.state = RW_I93_STATE_BUSY;
3639 }
3640
3641 return status;
3642 }
3643
3644 /*******************************************************************************
3645 **
3646 ** Function RW_I93WriteMultipleBlocks
3647 **
3648 ** Description This function send Write Multiple Blocks command
3649 **
3650 ** RW_I93_CMD_CMPL_EVT will be returned
3651 **
3652 ** Returns NFC_STATUS_OK if success
3653 ** NFC_STATUS_NO_BUFFERS if out of buffer
3654 ** NFC_STATUS_BUSY if busy
3655 ** NFC_STATUS_FAILED if other error
3656 **
3657 *******************************************************************************/
RW_I93WriteMultipleBlocks(uint16_t first_block_number,uint16_t number_blocks,uint8_t * p_data)3658 tNFC_STATUS RW_I93WriteMultipleBlocks(uint16_t first_block_number,
3659 uint16_t number_blocks, uint8_t* p_data) {
3660 tNFC_STATUS status;
3661
3662 LOG(VERBOSE) << __func__;
3663
3664 if (rw_cb.tcb.i93.state != RW_I93_STATE_IDLE) {
3665 LOG(ERROR) << StringPrintf("Unable to start command at state (0x%X)",
3666 rw_cb.tcb.i93.state);
3667 return NFC_STATUS_BUSY;
3668 }
3669
3670 if (rw_cb.tcb.i93.block_size == 0) {
3671 LOG(ERROR) << StringPrintf("Block size is unknown");
3672 return NFC_STATUS_FAILED;
3673 }
3674
3675 status = rw_i93_send_cmd_write_multi_blocks(first_block_number, number_blocks,
3676 p_data);
3677 if (status == NFC_STATUS_OK) {
3678 rw_cb.tcb.i93.state = RW_I93_STATE_BUSY;
3679 }
3680
3681 return status;
3682 }
3683
3684 /*******************************************************************************
3685 **
3686 ** Function RW_I93Select
3687 **
3688 ** Description This function send Select command
3689 **
3690 ** UID[0]: 0xE0, MSB
3691 ** UID[1]: IC Mfg Code
3692 ** ...
3693 ** UID[7]: LSB
3694 **
3695 ** RW_I93_CMD_CMPL_EVT will be returned
3696 **
3697 ** Returns NFC_STATUS_OK if success
3698 ** NFC_STATUS_NO_BUFFERS if out of buffer
3699 ** NFC_STATUS_BUSY if busy
3700 ** NFC_STATUS_FAILED if other error
3701 **
3702 *******************************************************************************/
RW_I93Select(uint8_t * p_uid)3703 tNFC_STATUS RW_I93Select(uint8_t* p_uid) {
3704 tNFC_STATUS status;
3705
3706 LOG(VERBOSE) << __func__;
3707
3708 if (rw_cb.tcb.i93.state != RW_I93_STATE_IDLE) {
3709 LOG(ERROR) << StringPrintf("%s - Unable to start command at state (0x%X)",
3710 __func__, rw_cb.tcb.i93.state);
3711 return NFC_STATUS_BUSY;
3712 }
3713
3714 if (p_uid) {
3715 status = rw_i93_send_cmd_select(p_uid);
3716 if (status == NFC_STATUS_OK) {
3717 rw_cb.tcb.i93.state = RW_I93_STATE_BUSY;
3718 rw_cb.tcb.i93.addr_mode = RW_I93_MODE_NON_ADDRESSED;
3719 rw_cb.tcb.i93.intl_flags |= RW_I93_FLAG_SELECTED_STATE;
3720 }
3721 } else {
3722 LOG(ERROR) << StringPrintf("%s - UID shall be provided", __func__);
3723 status = NFC_STATUS_FAILED;
3724 }
3725
3726 return status;
3727 }
3728
3729 /*******************************************************************************
3730 **
3731 ** Function RW_I93ResetToReady
3732 **
3733 ** Description This function send Reset To Ready command
3734 **
3735 ** RW_I93_CMD_CMPL_EVT will be returned
3736 **
3737 ** Returns NFC_STATUS_OK if success
3738 ** NFC_STATUS_NO_BUFFERS if out of buffer
3739 ** NFC_STATUS_BUSY if busy
3740 ** NFC_STATUS_FAILED if other error
3741 **
3742 *******************************************************************************/
RW_I93ResetToReady(void)3743 tNFC_STATUS RW_I93ResetToReady(void) {
3744 tNFC_STATUS status;
3745
3746 LOG(VERBOSE) << __func__;
3747
3748 if (rw_cb.tcb.i93.state != RW_I93_STATE_IDLE) {
3749 LOG(ERROR) << StringPrintf("%s - Unable to start command at state (0x%X)",
3750 __func__, rw_cb.tcb.i93.state);
3751 return NFC_STATUS_BUSY;
3752 }
3753
3754 status = rw_i93_send_cmd_reset_to_ready();
3755 if (status == NFC_STATUS_OK) {
3756 rw_cb.tcb.i93.state = RW_I93_STATE_BUSY;
3757 }
3758
3759 return status;
3760 }
3761
3762 /*******************************************************************************
3763 **
3764 ** Function RW_I93WriteAFI
3765 **
3766 ** Description This function send Write AFI command
3767 **
3768 ** RW_I93_CMD_CMPL_EVT will be returned
3769 **
3770 ** Returns NFC_STATUS_OK if success
3771 ** NFC_STATUS_NO_BUFFERS if out of buffer
3772 ** NFC_STATUS_BUSY if busy
3773 ** NFC_STATUS_FAILED if other error
3774 **
3775 *******************************************************************************/
RW_I93WriteAFI(uint8_t afi)3776 tNFC_STATUS RW_I93WriteAFI(uint8_t afi) {
3777 tNFC_STATUS status;
3778
3779 LOG(VERBOSE) << __func__;
3780
3781 if (rw_cb.tcb.i93.state != RW_I93_STATE_IDLE) {
3782 LOG(ERROR) << StringPrintf("Unable to start command at state (0x%X)",
3783 rw_cb.tcb.i93.state);
3784 return NFC_STATUS_BUSY;
3785 }
3786
3787 status = rw_i93_send_cmd_write_afi(afi);
3788 if (status == NFC_STATUS_OK) {
3789 rw_cb.tcb.i93.state = RW_I93_STATE_BUSY;
3790 }
3791
3792 return status;
3793 }
3794
3795 /*******************************************************************************
3796 **
3797 ** Function RW_I93LockAFI
3798 **
3799 ** Description This function send Lock AFI command
3800 **
3801 ** RW_I93_CMD_CMPL_EVT will be returned
3802 **
3803 ** Returns NFC_STATUS_OK if success
3804 ** NFC_STATUS_NO_BUFFERS if out of buffer
3805 ** NFC_STATUS_BUSY if busy
3806 ** NFC_STATUS_FAILED if other error
3807 **
3808 *******************************************************************************/
RW_I93LockAFI(void)3809 tNFC_STATUS RW_I93LockAFI(void) {
3810 tNFC_STATUS status;
3811
3812 LOG(VERBOSE) << __func__;
3813
3814 if (rw_cb.tcb.i93.state != RW_I93_STATE_IDLE) {
3815 LOG(ERROR) << StringPrintf("Unable to start command at state (0x%X)",
3816 rw_cb.tcb.i93.state);
3817 return NFC_STATUS_BUSY;
3818 }
3819
3820 status = rw_i93_send_cmd_lock_afi();
3821 if (status == NFC_STATUS_OK) {
3822 rw_cb.tcb.i93.state = RW_I93_STATE_BUSY;
3823 }
3824
3825 return status;
3826 }
3827
3828 /*******************************************************************************
3829 **
3830 ** Function RW_I93WriteDSFID
3831 **
3832 ** Description This function send Write DSFID command
3833 **
3834 ** RW_I93_CMD_CMPL_EVT will be returned
3835 **
3836 ** Returns NFC_STATUS_OK if success
3837 ** NFC_STATUS_NO_BUFFERS if out of buffer
3838 ** NFC_STATUS_BUSY if busy
3839 ** NFC_STATUS_FAILED if other error
3840 **
3841 *******************************************************************************/
RW_I93WriteDSFID(uint8_t dsfid)3842 tNFC_STATUS RW_I93WriteDSFID(uint8_t dsfid) {
3843 tNFC_STATUS status;
3844
3845 LOG(VERBOSE) << __func__;
3846
3847 if (rw_cb.tcb.i93.state != RW_I93_STATE_IDLE) {
3848 LOG(ERROR) << StringPrintf("Unable to start command at state (0x%X)",
3849 rw_cb.tcb.i93.state);
3850 return NFC_STATUS_BUSY;
3851 }
3852
3853 status = rw_i93_send_cmd_write_dsfid(dsfid);
3854 if (status == NFC_STATUS_OK) {
3855 rw_cb.tcb.i93.state = RW_I93_STATE_BUSY;
3856 }
3857
3858 return status;
3859 }
3860
3861 /*******************************************************************************
3862 **
3863 ** Function RW_I93LockDSFID
3864 **
3865 ** Description This function send Lock DSFID command
3866 **
3867 ** RW_I93_CMD_CMPL_EVT will be returned
3868 **
3869 ** Returns NFC_STATUS_OK if success
3870 ** NFC_STATUS_NO_BUFFERS if out of buffer
3871 ** NFC_STATUS_BUSY if busy
3872 ** NFC_STATUS_FAILED if other error
3873 **
3874 *******************************************************************************/
RW_I93LockDSFID(void)3875 tNFC_STATUS RW_I93LockDSFID(void) {
3876 tNFC_STATUS status;
3877
3878 LOG(VERBOSE) << __func__;
3879
3880 if (rw_cb.tcb.i93.state != RW_I93_STATE_IDLE) {
3881 LOG(ERROR) << StringPrintf("Unable to start command at state (0x%X)",
3882 rw_cb.tcb.i93.state);
3883 return NFC_STATUS_BUSY;
3884 }
3885
3886 status = rw_i93_send_cmd_lock_dsfid();
3887 if (status == NFC_STATUS_OK) {
3888 rw_cb.tcb.i93.state = RW_I93_STATE_BUSY;
3889 }
3890
3891 return status;
3892 }
3893
3894 /*******************************************************************************
3895 **
3896 ** Function RW_I93GetSysInfo
3897 **
3898 ** Description This function send Get System Information command
3899 **
3900 ** RW_I93_RESPONSE_EVT will be returned
3901 **
3902 ** Returns NFC_STATUS_OK if success
3903 ** NFC_STATUS_NO_BUFFERS if out of buffer
3904 ** NFC_STATUS_BUSY if busy
3905 ** NFC_STATUS_FAILED if other error
3906 **
3907 *******************************************************************************/
RW_I93GetSysInfo(uint8_t * p_uid)3908 tNFC_STATUS RW_I93GetSysInfo(uint8_t* p_uid) {
3909 tNFC_STATUS status;
3910
3911 LOG(VERBOSE) << __func__;
3912
3913 if (rw_cb.tcb.i93.state != RW_I93_STATE_IDLE) {
3914 LOG(ERROR) << StringPrintf("%s - Unable to start command at state (0x%X)",
3915 __func__, rw_cb.tcb.i93.state);
3916 return NFC_STATUS_BUSY;
3917 }
3918
3919 if (p_uid) {
3920 status = rw_i93_send_cmd_get_sys_info(p_uid, I93_FLAG_PROT_EXT_NO);
3921 } else {
3922 status = rw_i93_send_cmd_get_sys_info(nullptr, I93_FLAG_PROT_EXT_NO);
3923 }
3924
3925 if (status == NFC_STATUS_OK) {
3926 rw_cb.tcb.i93.state = RW_I93_STATE_BUSY;
3927 }
3928
3929 return status;
3930 }
3931
3932 /*******************************************************************************
3933 **
3934 ** Function RW_I93GetMultiBlockSecurityStatus
3935 **
3936 ** Description This function send Get Multiple Block Security Status
3937 ** command
3938 **
3939 ** RW_I93_RESPONSE_EVT will be returned
3940 **
3941 ** Returns NFC_STATUS_OK if success
3942 ** NFC_STATUS_NO_BUFFERS if out of buffer
3943 ** NFC_STATUS_BUSY if busy
3944 ** NFC_STATUS_FAILED if other error
3945 **
3946 *******************************************************************************/
RW_I93GetMultiBlockSecurityStatus(uint16_t first_block_number,uint16_t number_blocks)3947 tNFC_STATUS RW_I93GetMultiBlockSecurityStatus(uint16_t first_block_number,
3948 uint16_t number_blocks) {
3949 tNFC_STATUS status;
3950
3951 LOG(VERBOSE) << __func__;
3952
3953 if (rw_cb.tcb.i93.state != RW_I93_STATE_IDLE) {
3954 LOG(ERROR) << StringPrintf(
3955 "Unable to start command at state "
3956 "(0x%X)",
3957 rw_cb.tcb.i93.state);
3958 return NFC_STATUS_BUSY;
3959 }
3960
3961 status =
3962 rw_i93_send_cmd_get_multi_block_sec(first_block_number, number_blocks);
3963 if (status == NFC_STATUS_OK) {
3964 rw_cb.tcb.i93.state = RW_I93_STATE_BUSY;
3965 }
3966
3967 return status;
3968 }
3969
3970 /*******************************************************************************
3971 **
3972 ** Function RW_I93DetectNDef
3973 **
3974 ** Description This function performs NDEF detection procedure
3975 **
3976 ** RW_I93_NDEF_DETECT_EVT will be returned
3977 **
3978 ** Returns NFC_STATUS_OK if success
3979 ** NFC_STATUS_FAILED if busy or other error
3980 **
3981 *******************************************************************************/
RW_I93DetectNDef(void)3982 tNFC_STATUS RW_I93DetectNDef(void) {
3983 tNFC_STATUS status;
3984 tRW_I93_RW_SUBSTATE sub_state;
3985
3986 LOG(VERBOSE) << __func__;
3987
3988 if (rw_cb.tcb.i93.state != RW_I93_STATE_IDLE) {
3989 LOG(ERROR) << StringPrintf("%s - Unable to start command at state (0x%X)",
3990 __func__, rw_cb.tcb.i93.state);
3991 return NFC_STATUS_FAILED;
3992 }
3993
3994 if (rw_cb.tcb.i93.uid[0] != I93_UID_FIRST_BYTE) {
3995 status = rw_i93_send_cmd_inventory(nullptr, false, 0x00);
3996 sub_state = RW_I93_SUBSTATE_WAIT_UID;
3997
3998 } else if (((rw_cb.tcb.i93.num_block == 0) ||
3999 (rw_cb.tcb.i93.block_size == 0)) &&
4000 RW_I93CheckLegacyProduct(rw_cb.tcb.i93.uid[1],
4001 rw_cb.tcb.i93.uid[2])) {
4002 status =
4003 rw_i93_send_cmd_get_sys_info(rw_cb.tcb.i93.uid, I93_FLAG_PROT_EXT_NO);
4004 sub_state = RW_I93_SUBSTATE_WAIT_SYS_INFO;
4005
4006 /* clear all flags */
4007 rw_cb.tcb.i93.intl_flags = 0;
4008 } else {
4009 /* read CC in the first block */
4010 status = rw_i93_send_cmd_read_single_block(0x0000, false);
4011 sub_state = RW_I93_SUBSTATE_WAIT_CC;
4012 }
4013
4014 if (status == NFC_STATUS_OK) {
4015 rw_cb.tcb.i93.state = RW_I93_STATE_DETECT_NDEF;
4016 rw_cb.tcb.i93.sub_state = sub_state;
4017
4018 /* clear flags except flag for 2 bytes of number of blocks */
4019 rw_cb.tcb.i93.intl_flags &= RW_I93_FLAG_16BIT_NUM_BLOCK;
4020 }
4021
4022 return (status);
4023 }
4024
4025 /*******************************************************************************
4026 **
4027 ** Function RW_I93ReadNDef
4028 **
4029 ** Description This function performs NDEF read procedure
4030 ** Note: RW_I93DetectNDef () must be called before using this
4031 **
4032 ** The following event will be returned
4033 ** RW_I93_NDEF_READ_EVT for each segmented NDEF message
4034 ** RW_I93_NDEF_READ_CPLT_EVT for the last segment or
4035 ** complete NDEF
4036 ** RW_I93_NDEF_READ_FAIL_EVT for failure
4037 **
4038 ** Returns NFC_STATUS_OK if success
4039 ** NFC_STATUS_FAILED if I93 is busy or other error
4040 **
4041 *******************************************************************************/
RW_I93ReadNDef(void)4042 tNFC_STATUS RW_I93ReadNDef(void) {
4043 LOG(VERBOSE) << __func__;
4044
4045 if (rw_cb.tcb.i93.state != RW_I93_STATE_IDLE) {
4046 LOG(ERROR) << StringPrintf("%s - Unable to start command at state (0x%X)",
4047 __func__, rw_cb.tcb.i93.state);
4048 return NFC_STATUS_FAILED;
4049 }
4050
4051 if ((rw_cb.tcb.i93.tlv_type == I93_ICODE_TLV_TYPE_NDEF) &&
4052 (rw_cb.tcb.i93.ndef_length > 0)) {
4053 rw_cb.tcb.i93.rw_offset = rw_cb.tcb.i93.ndef_tlv_start_offset;
4054 rw_cb.tcb.i93.rw_length = 0;
4055
4056 if (rw_i93_get_next_blocks(rw_cb.tcb.i93.rw_offset) == NFC_STATUS_OK) {
4057 rw_cb.tcb.i93.state = RW_I93_STATE_READ_NDEF;
4058 } else {
4059 return NFC_STATUS_FAILED;
4060 }
4061 } else {
4062 LOG(ERROR) << StringPrintf("%s - No NDEF detected", __func__);
4063 return NFC_STATUS_FAILED;
4064 }
4065
4066 return NFC_STATUS_OK;
4067 }
4068
4069 /*******************************************************************************
4070 **
4071 ** Function RW_I93UpdateNDef
4072 **
4073 ** Description This function performs NDEF update procedure
4074 ** Note: RW_I93DetectNDef () must be called before using this
4075 ** Updating data must not be removed until returning
4076 ** event
4077 **
4078 ** The following event will be returned
4079 ** RW_I93_NDEF_UPDATE_CPLT_EVT for complete
4080 ** RW_I93_NDEF_UPDATE_FAIL_EVT for failure
4081 **
4082 ** Returns NFC_STATUS_OK if success
4083 ** NFC_STATUS_FAILED if I93 is busy or other error
4084 **
4085 *******************************************************************************/
RW_I93UpdateNDef(uint32_t length,uint8_t * p_data)4086 tNFC_STATUS RW_I93UpdateNDef(uint32_t length, uint8_t* p_data) {
4087 uint32_t block_number;
4088
4089 LOG(VERBOSE) << StringPrintf("%s - length:%d", __func__, length);
4090
4091 if (rw_cb.tcb.i93.state != RW_I93_STATE_IDLE) {
4092 LOG(ERROR) << StringPrintf("%s - Unable to start command at state (0x%X)",
4093 __func__, rw_cb.tcb.i93.state);
4094 return NFC_STATUS_FAILED;
4095 }
4096
4097 if (rw_cb.tcb.i93.tlv_type == I93_ICODE_TLV_TYPE_NDEF) {
4098 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_READ_ONLY) {
4099 LOG(ERROR) << StringPrintf("%s - NDEF is read-only", __func__);
4100 return NFC_STATUS_FAILED;
4101 }
4102 if (rw_cb.tcb.i93.max_ndef_length < length) {
4103 LOG(ERROR) << StringPrintf(
4104 "%s - data (%d bytes) is more than max NDEF length "
4105 "(%d)",
4106 __func__, length, rw_cb.tcb.i93.max_ndef_length);
4107 return NFC_STATUS_FAILED;
4108 }
4109
4110 rw_cb.tcb.i93.ndef_length = length;
4111 rw_cb.tcb.i93.p_update_data = p_data;
4112
4113 /* read length field */
4114 rw_cb.tcb.i93.rw_offset = rw_cb.tcb.i93.ndef_tlv_start_offset + 1;
4115 rw_cb.tcb.i93.rw_length = 0;
4116
4117 block_number = rw_cb.tcb.i93.rw_offset / rw_cb.tcb.i93.block_size;
4118
4119 if (rw_i93_send_cmd_read_single_block(block_number, false) ==
4120 NFC_STATUS_OK) {
4121 rw_cb.tcb.i93.state = RW_I93_STATE_UPDATE_NDEF;
4122 rw_cb.tcb.i93.sub_state = RW_I93_SUBSTATE_RESET_LEN;
4123 } else {
4124 return NFC_STATUS_FAILED;
4125 }
4126 } else {
4127 LOG(ERROR) << StringPrintf("%s - No NDEF detected", __func__);
4128 return NFC_STATUS_FAILED;
4129 }
4130
4131 return NFC_STATUS_OK;
4132 }
4133
4134 /*******************************************************************************
4135 **
4136 ** Function RW_I93FormatNDef
4137 **
4138 ** Description This function performs formatting procedure
4139 **
4140 ** RW_I93_FORMAT_CPLT_EVT will be returned
4141 **
4142 ** Returns NFC_STATUS_OK if success
4143 ** NFC_STATUS_FAILED if busy or other error
4144 **
4145 *******************************************************************************/
RW_I93FormatNDef(void)4146 tNFC_STATUS RW_I93FormatNDef(void) {
4147 tNFC_STATUS status;
4148 tRW_I93_RW_SUBSTATE sub_state;
4149
4150 LOG(VERBOSE) << __func__;
4151
4152 if (rw_cb.tcb.i93.state != RW_I93_STATE_IDLE) {
4153 LOG(ERROR) << StringPrintf("Unable to start command at state (0x%X)",
4154 rw_cb.tcb.i93.state);
4155 return NFC_STATUS_FAILED;
4156 }
4157
4158 if ((rw_cb.tcb.i93.product_version == RW_I93_TAG_IT_HF_I_STD_CHIP_INLAY) ||
4159 (rw_cb.tcb.i93.product_version == RW_I93_TAG_IT_HF_I_PRO_CHIP_INLAY)) {
4160 /* These don't support GetSystemInformation and GetMultiBlockSecurityStatus
4161 */
4162 rw_cb.tcb.i93.rw_offset = 0;
4163
4164 /* read blocks with option flag to get block security status */
4165 status = rw_i93_send_cmd_read_single_block(0x0000, true);
4166 sub_state = RW_I93_SUBSTATE_CHECK_READ_ONLY;
4167 } else {
4168 status = rw_i93_send_cmd_inventory(rw_cb.tcb.i93.uid, false, 0x00);
4169 sub_state = RW_I93_SUBSTATE_WAIT_UID;
4170 }
4171
4172 if (status == NFC_STATUS_OK) {
4173 rw_cb.tcb.i93.state = RW_I93_STATE_FORMAT;
4174 rw_cb.tcb.i93.sub_state = sub_state;
4175 rw_cb.tcb.i93.intl_flags = 0;
4176 }
4177
4178 return (status);
4179 }
4180
4181 /*******************************************************************************
4182 **
4183 ** Function RW_I93SetTagReadOnly
4184 **
4185 ** Description This function performs NDEF read-only procedure
4186 ** Note: RW_I93DetectNDef () must be called before using this
4187 ** Updating data must not be removed until returning
4188 ** event
4189 **
4190 ** The RW_I93_SET_TAG_RO_EVT event will be returned.
4191 **
4192 ** Returns NFC_STATUS_OK if success
4193 ** NFC_STATUS_FAILED if I93 is busy or other error
4194 **
4195 *******************************************************************************/
RW_I93SetTagReadOnly(void)4196 tNFC_STATUS RW_I93SetTagReadOnly(void) {
4197 uint8_t cc_blk0[4];
4198
4199 LOG(VERBOSE) << __func__;
4200
4201 if (rw_cb.tcb.i93.state != RW_I93_STATE_IDLE) {
4202 LOG(ERROR) << StringPrintf("%s - Unable to start command at state (0x%X)",
4203 __func__, rw_cb.tcb.i93.state);
4204 return NFC_STATUS_FAILED;
4205 }
4206
4207 if ((rw_cb.tcb.i93.tlv_type == I93_ICODE_TLV_TYPE_NDEF) &&
4208 (rw_cb.tcb.i93.i93_t5t_mode != RW_T5T_CC_READ_MEM_INFO)) {
4209 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_READ_ONLY) {
4210 LOG(ERROR) << StringPrintf("%s - NDEF is already read-only", __func__);
4211 return NFC_STATUS_FAILED;
4212 }
4213
4214 /* get CC in the first block */
4215 if (rw_i93_send_cmd_read_single_block(0, false) == NFC_STATUS_OK) {
4216 rw_cb.tcb.i93.state = RW_I93_STATE_SET_READ_ONLY;
4217 rw_cb.tcb.i93.sub_state = RW_I93_SUBSTATE_WAIT_CC;
4218 } else {
4219 return NFC_STATUS_FAILED;
4220 }
4221 } else {
4222 if (rw_cb.tcb.i93.i93_t5t_mode == RW_T5T_CC_READ_MEM_INFO) {
4223 memcpy(cc_blk0, rw_cb.tcb.i93.gre_cc_content, 4);
4224
4225 /* mark CC as read-only */
4226 *(cc_blk0 + 1) |= I93_ICODE_CC_READ_ONLY;
4227
4228 LOG(VERBOSE) << StringPrintf(
4229 "%s - Set CC1 to RO - cc[0]=0x%02x, cc[1]=0x%02x, "
4230 "cc[2]=0x%02x, cc[3]=0x%02x",
4231 __func__, *cc_blk0, *(cc_blk0 + 1), *(cc_blk0 + 2), *(cc_blk0 + 3));
4232
4233 if (rw_i93_send_cmd_write_single_block(0, cc_blk0) == NFC_STATUS_OK) {
4234 rw_cb.tcb.i93.state = RW_I93_STATE_SET_READ_ONLY;
4235 rw_cb.tcb.i93.sub_state = RW_I93_SUBSTATE_WAIT_UPDATE_CC;
4236 } else {
4237 rw_i93_handle_error(NFC_STATUS_FAILED);
4238 return NFC_STATUS_FAILED;
4239 }
4240
4241 return NFC_STATUS_OK;
4242 }
4243 LOG(ERROR) << StringPrintf("%s - No NDEF detected", __func__);
4244 return NFC_STATUS_FAILED;
4245 }
4246
4247 return NFC_STATUS_OK;
4248 }
4249
4250 /*****************************************************************************
4251 **
4252 ** Function RW_I93PresenceCheck
4253 **
4254 ** Description Check if the tag is still in the field.
4255 **
4256 ** The RW_I93_PRESENCE_CHECK_EVT w/ status is used to indicate
4257 ** presence or non-presence.
4258 **
4259 ** Returns NFC_STATUS_OK, if raw data frame sent
4260 ** NFC_STATUS_NO_BUFFERS: unable to allocate a buffer for this
4261 ** operation
4262 ** NFC_STATUS_FAILED: other error
4263 **
4264 *****************************************************************************/
RW_I93PresenceCheck(void)4265 tNFC_STATUS RW_I93PresenceCheck(void) {
4266 tNFC_STATUS status;
4267 tRW_DATA evt_data;
4268
4269 LOG(VERBOSE) << __func__;
4270
4271 if (!rw_cb.p_cback) {
4272 return NFC_STATUS_FAILED;
4273 } else if (rw_cb.tcb.i93.state == RW_I93_STATE_NOT_ACTIVATED) {
4274 evt_data.status = NFC_STATUS_FAILED;
4275 (*rw_cb.p_cback)(RW_I93_PRESENCE_CHECK_EVT, &evt_data);
4276
4277 return NFC_STATUS_OK;
4278 } else if (rw_cb.tcb.i93.state != RW_I93_STATE_IDLE) {
4279 return NFC_STATUS_BUSY;
4280 } else {
4281 rw_cb.tcb.i93.in_pres_check = true;
4282 if (rw_cb.tcb.i93.i93_t5t_mode == RW_I93_GET_SYS_INFO_MEM_INFO) {
4283 /* The support of AFI by the VICC is optional, so do not include AFI */
4284 status = rw_i93_send_cmd_inventory(rw_cb.tcb.i93.uid, false, 0x00);
4285 } else {
4286 /* Extended command not expected for presence check */
4287 rw_cb.tcb.i93.intl_flags &= ~RW_I93_FLAG_EXT_COMMANDS;
4288 status = rw_i93_send_cmd_read_single_block(0, false);
4289 }
4290 rw_cb.tcb.i93.in_pres_check = false;
4291
4292 if (status == NFC_STATUS_OK) {
4293 /* do not retry during presence check */
4294 rw_cb.tcb.i93.retry_count = RW_MAX_RETRIES;
4295 rw_cb.tcb.i93.state = RW_I93_STATE_PRESENCE_CHECK;
4296 }
4297 }
4298
4299 return (status);
4300 }
4301
4302 /*****************************************************************************
4303 **
4304 ** Function RW_I93CheckLegacyProduct
4305 **
4306 ** Description Check if product is legacy and if its definition
4307 ** (blocks size, number of blocks) needs to be retrieved
4308 ** with (Extended)GetSystemInfo command.
4309 **
4310 ** Returns true if legacy product
4311 ** else false
4312 **
4313 *****************************************************************************/
RW_I93CheckLegacyProduct(uint8_t ic_manuf,uint8_t pdt_code)4314 bool RW_I93CheckLegacyProduct(uint8_t ic_manuf, uint8_t pdt_code) {
4315 if (appl_dta_mode_flag) return false;
4316 if (!t5t_no_getsysinfo()) return true;
4317 LOG(VERBOSE) << StringPrintf("%s - IC manufacturer:0x%x, Product code:0x%x",
4318 __func__, ic_manuf, pdt_code);
4319
4320 uint8_t pdt_code_family = 0;
4321
4322 if (ic_manuf == I93_UID_IC_MFG_CODE_NXP) {
4323 LOG(VERBOSE) << StringPrintf("%s - No I93 legacy product detected", __func__);
4324 return false;
4325 }
4326
4327 if (ic_manuf == I93_UID_IC_MFG_CODE_STM) {
4328 pdt_code_family = pdt_code & I93_IC_REF_STM_MASK;
4329 switch (pdt_code_family) {
4330 case I93_IC_REF_STM_LRI1K:
4331 case I93_PROD_CODE_STM_M24LR04E_R_MASK:
4332 case I93_PROD_CODE_STM_LRI2K_MASK:
4333 case I93_PROD_CODE_STM_LRIS2K_MASK:
4334 case I93_PROD_CODE_STM_LRIS64K_MASK:
4335 case I93_PROD_CODE_STM_M24LR16E_R_MASK:
4336 case I93_PROD_CODE_STM_M24LR64_R_MASK:
4337 case I93_PROD_CODE_STM_M24LR64E_R_MASK:
4338 LOG(VERBOSE) << StringPrintf("%s - ISO 15693 legacy product detected",
4339 __func__);
4340 return true;
4341 default:
4342 LOG(VERBOSE) << StringPrintf("%s - T5T NFC Forum product detected",
4343 __func__);
4344 return false;
4345 }
4346 }
4347
4348 if ((ic_manuf == I93_UID_IC_MFG_CODE_TI) ||
4349 (ic_manuf == I93_UID_IC_MFG_CODE_ONS)) {
4350 LOG(VERBOSE) << StringPrintf("%s - I93 legacy product detected", __func__);
4351 return true;
4352 }
4353
4354 LOG(VERBOSE) << StringPrintf("%s - T5T NFC Forum product detected", __func__);
4355 return false;
4356 }
4357
4358 /*****************************************************************************
4359 **
4360 ** Function RW_I93SetAddressingMode
4361 **
4362 ** Description Set if the tag must be addressed with UID or not.
4363 **
4364 ** The addressing mode (addressed or non-addressed) must be
4365 ** done at the module initialization prior to the Tag
4366 ** activation.
4367 **
4368 ** Returns NFC_STATUS_OK, if mode is stored
4369 ** NFC_STATUS_FAILED: other error
4370 **
4371 *****************************************************************************/
RW_I93SetAddressingMode(bool mode)4372 tNFC_STATUS RW_I93SetAddressingMode(bool mode) {
4373 LOG(VERBOSE) << StringPrintf("%s - I93 state:%d", __func__,
4374 rw_cb.tcb.i93.state);
4375
4376 if (rw_cb.tcb.i93.state == RW_I93_STATE_IDLE) {
4377 LOG(VERBOSE) << StringPrintf("%s - mode:%d", __func__, mode);
4378 if (mode) {
4379 rw_cb.tcb.i93.addr_mode = RW_I93_MODE_ADDRESSED;
4380 } else {
4381 rw_cb.tcb.i93.addr_mode = RW_I93_MODE_NON_ADDRESSED;
4382 }
4383 return NFC_STATUS_OK;
4384 } else {
4385 return NFC_STATUS_FAILED;
4386 }
4387 }
4388
4389 /*******************************************************************************
4390 **
4391 ** Function rw_i93_get_state_name
4392 **
4393 ** Description This function returns the state name.
4394 **
4395 ** NOTE conditionally compiled to save memory.
4396 **
4397 ** Returns pointer to the name
4398 **
4399 *******************************************************************************/
rw_i93_get_state_name(uint8_t state)4400 std::string rw_i93_get_state_name(uint8_t state) {
4401 switch (state) {
4402 case RW_I93_STATE_NOT_ACTIVATED:
4403 return "NOT_ACTIVATED";
4404 case RW_I93_STATE_IDLE:
4405 return "IDLE";
4406 case RW_I93_STATE_BUSY:
4407 return "BUSY";
4408 case RW_I93_STATE_DETECT_NDEF:
4409 return "NDEF_DETECTION";
4410 case RW_I93_STATE_READ_NDEF:
4411 return "READ_NDEF";
4412 case RW_I93_STATE_UPDATE_NDEF:
4413 return "UPDATE_NDEF";
4414 case RW_I93_STATE_FORMAT:
4415 return "FORMAT";
4416 case RW_I93_STATE_SET_READ_ONLY:
4417 return "SET_READ_ONLY";
4418 case RW_I93_STATE_PRESENCE_CHECK:
4419 return "PRESENCE_CHECK";
4420 default:
4421 return "???? UNKNOWN STATE";
4422 }
4423 }
4424
4425 /*******************************************************************************
4426 **
4427 ** Function rw_i93_get_sub_state_name
4428 **
4429 ** Description This function returns the sub_state name.
4430 **
4431 ** NOTE conditionally compiled to save memory.
4432 **
4433 ** Returns pointer to the name
4434 **
4435 *******************************************************************************/
rw_i93_get_sub_state_name(uint8_t sub_state)4436 std::string rw_i93_get_sub_state_name(uint8_t sub_state) {
4437 switch (sub_state) {
4438 case RW_I93_SUBSTATE_WAIT_UID:
4439 return "WAIT_UID";
4440 case RW_I93_SUBSTATE_WAIT_SYS_INFO:
4441 return "WAIT_SYS_INFO";
4442 case RW_I93_SUBSTATE_WAIT_CC:
4443 return "WAIT_CC";
4444 case RW_I93_SUBSTATE_WAIT_CC_EXT:
4445 return "WAIT_CC_EXT";
4446 case RW_I93_SUBSTATE_SEARCH_NDEF_TLV:
4447 return "SEARCH_NDEF_TLV";
4448 case RW_I93_SUBSTATE_CHECK_LOCK_STATUS:
4449 return "CHECK_LOCK_STATUS";
4450 case RW_I93_SUBSTATE_RESET_LEN:
4451 return "RESET_LEN";
4452 case RW_I93_SUBSTATE_WRITE_NDEF:
4453 return "WRITE_NDEF";
4454 case RW_I93_SUBSTATE_UPDATE_LEN:
4455 return "UPDATE_LEN";
4456 case RW_I93_SUBSTATE_WAIT_RESET_DSFID_AFI:
4457 return "WAIT_RESET_DSFID_AFI";
4458 case RW_I93_SUBSTATE_CHECK_READ_ONLY:
4459 return "CHECK_READ_ONLY";
4460 case RW_I93_SUBSTATE_WRITE_CC_NDEF_TLV:
4461 return "WRITE_CC_NDEF_TLV";
4462 case RW_I93_SUBSTATE_WAIT_UPDATE_CC:
4463 return "WAIT_UPDATE_CC";
4464 case RW_I93_SUBSTATE_LOCK_NDEF_TLV:
4465 return "LOCK_NDEF_TLV";
4466 case RW_I93_SUBSTATE_WAIT_LOCK_CC:
4467 return "WAIT_LOCK_CC";
4468 case RW_I93_SUBSTATE_LOCK_T5T_AREA:
4469 return "LOCK_T5T_AREA";
4470 default:
4471 return "???? UNKNOWN SUBSTATE";
4472 }
4473 }
4474
4475 /*******************************************************************************
4476 **
4477 ** Function rw_i93_get_tag_name
4478 **
4479 ** Description This function returns the tag name.
4480 **
4481 ** NOTE conditionally compiled to save memory.
4482 **
4483 ** Returns pointer to the name
4484 **
4485 *******************************************************************************/
rw_i93_get_tag_name(uint8_t product_version)4486 static std::string rw_i93_get_tag_name(uint8_t product_version) {
4487 switch (product_version) {
4488 case RW_I93_ICODE_SLI:
4489 return "SLI/SLIX";
4490 case RW_I93_ICODE_SLI_S:
4491 return "SLI-S/SLIX-S";
4492 case RW_I93_ICODE_SLI_L:
4493 return "SLI-L/SLIX-L";
4494 case RW_I93_TAG_IT_HF_I_PLUS_INLAY:
4495 return "Tag-it HF-I Plus Inlay";
4496 case RW_I93_TAG_IT_HF_I_PLUS_CHIP:
4497 return "Tag-it HF-I Plus Chip";
4498 case RW_I93_TAG_IT_HF_I_STD_CHIP_INLAY:
4499 return "Tag-it HF-I Standard Chip/Inlyas";
4500 case RW_I93_TAG_IT_HF_I_PRO_CHIP_INLAY:
4501 return "Tag-it HF-I Pro Chip/Inlays";
4502 case RW_I93_STM_LRI1K:
4503 return "LRi1K";
4504 case RW_I93_STM_LRI2K:
4505 return "LRi2K";
4506 case RW_I93_STM_LRIS2K:
4507 return "LRiS2K";
4508 case RW_I93_STM_LRIS64K:
4509 return "LRiS64K";
4510 case RW_I93_STM_M24LR64_R:
4511 return "M24LR64";
4512 case RW_I93_STM_M24LR04E_R:
4513 return "M24LR04E";
4514 case RW_I93_STM_M24LR16E_R:
4515 return "M24LR16E";
4516 case RW_I93_STM_M24LR16D_W:
4517 return "M24LR16D-W";
4518 case RW_I93_STM_M24LR64E_R:
4519 return "M24LR64E";
4520 case RW_I93_STM_ST25DV04K:
4521 return "ST25DV04";
4522 case RW_I93_STM_ST25DVHIK:
4523 return "ST25DV";
4524 case RW_I93_ONS_N36RW02:
4525 return ("N36RW02");
4526 case RW_I93_ONS_N24RF04:
4527 return ("N24RF04");
4528 case RW_I93_ONS_N24RF04E:
4529 return ("N24RF04E");
4530 case RW_I93_ONS_N24RF16:
4531 return ("N24RF16");
4532 case RW_I93_ONS_N24RF16E:
4533 return ("N24RF16E");
4534 case RW_I93_ONS_N24RF64:
4535 return ("N24RF64");
4536 case RW_I93_ONS_N24RF64E:
4537 return ("N24RF64E");
4538 case RW_I93_UNKNOWN_PRODUCT:
4539 default:
4540 return "UNKNOWN";
4541 }
4542 }
4543