1 /******************************************************************************
2 *
3 * Copyright (C) 2011-2014 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 /******************************************************************************
20 *
21 * This file contains the implementation for ISO 15693 in Reader/Writer
22 * mode.
23 *
24 ******************************************************************************/
25 #include <log/log.h>
26 #include <string.h>
27
28 #include <android-base/stringprintf.h>
29 #include <base/logging.h>
30
31 #include "nfc_target.h"
32
33 #include "bt_types.h"
34 #include "nfc_api.h"
35 #include "nfc_int.h"
36 #include "rw_api.h"
37 #include "rw_int.h"
38
39 using android::base::StringPrintf;
40
41 extern bool nfc_debug_enabled;
42
43 /* Response timeout */
44 #define RW_I93_TOUT_RESP 1000
45 /* stay quiet timeout */
46 #define RW_I93_TOUT_STAY_QUIET 200
47 /* max reading data if read multi block is supported */
48 #define RW_I93_READ_MULTI_BLOCK_SIZE 128
49 /* CC, zero length NDEF, Terminator TLV */
50 #define RW_I93_FORMAT_DATA_LEN 8
51 /* max getting lock status if get multi block sec is supported */
52 #define RW_I93_GET_MULTI_BLOCK_SEC_SIZE 253
53 /*Capability Container CC Size */
54 #define RW_I93_CC_SIZE 4
55
56 /* main state */
57 enum {
58 RW_I93_STATE_NOT_ACTIVATED, /* ISO15693 is not activated */
59 RW_I93_STATE_IDLE, /* waiting for upper layer API */
60 RW_I93_STATE_BUSY, /* waiting for response from tag */
61
62 RW_I93_STATE_DETECT_NDEF, /* performing NDEF detection precedure */
63 RW_I93_STATE_READ_NDEF, /* performing read NDEF procedure */
64 RW_I93_STATE_UPDATE_NDEF, /* performing update NDEF procedure */
65 RW_I93_STATE_FORMAT, /* performing format procedure */
66 RW_I93_STATE_SET_READ_ONLY, /* performing set read-only procedure */
67
68 RW_I93_STATE_PRESENCE_CHECK /* checking presence of tag */
69 };
70
71 /* sub state */
72 enum {
73 RW_I93_SUBSTATE_WAIT_UID, /* waiting for response of inventory */
74 RW_I93_SUBSTATE_WAIT_SYS_INFO, /* waiting for response of get sys info */
75 RW_I93_SUBSTATE_WAIT_CC, /* waiting for reading CC */
76 RW_I93_SUBSTATE_SEARCH_NDEF_TLV, /* searching NDEF TLV */
77 RW_I93_SUBSTATE_CHECK_LOCK_STATUS, /* check if any NDEF TLV is locked */
78
79 RW_I93_SUBSTATE_RESET_LEN, /* set length to 0 to update NDEF TLV */
80 RW_I93_SUBSTATE_WRITE_NDEF, /* writing NDEF and Terminator TLV */
81 RW_I93_SUBSTATE_UPDATE_LEN, /* set length into NDEF TLV */
82
83 RW_I93_SUBSTATE_WAIT_RESET_DSFID_AFI, /* reset DSFID and AFI */
84 RW_I93_SUBSTATE_CHECK_READ_ONLY, /* check if any block is locked */
85 RW_I93_SUBSTATE_WRITE_CC_NDEF_TLV, /* write CC and empty NDEF/Terminator TLV
86 */
87
88 RW_I93_SUBSTATE_WAIT_UPDATE_CC, /* updating CC as read-only */
89 RW_I93_SUBSTATE_LOCK_NDEF_TLV, /* lock blocks of NDEF TLV */
90 RW_I93_SUBSTATE_WAIT_LOCK_CC /* lock block of CC */
91 };
92
93 static std::string rw_i93_get_state_name(uint8_t state);
94 static std::string rw_i93_get_sub_state_name(uint8_t sub_state);
95 static std::string rw_i93_get_tag_name(uint8_t product_version);
96
97 static void rw_i93_data_cback(uint8_t conn_id, tNFC_CONN_EVT event,
98 tNFC_CONN* p_data);
99 void rw_i93_handle_error(tNFC_STATUS status);
100 tNFC_STATUS rw_i93_send_cmd_get_sys_info(uint8_t* p_uid, uint8_t extra_flag);
101 tNFC_STATUS rw_i93_send_cmd_get_ext_sys_info(uint8_t* p_uid);
102
103 /*******************************************************************************
104 **
105 ** Function rw_i93_get_product_version
106 **
107 ** Description Get product version from UID
108 **
109 ** Returns void
110 **
111 *******************************************************************************/
rw_i93_get_product_version(uint8_t * p_uid)112 void rw_i93_get_product_version(uint8_t* p_uid) {
113 tRW_I93_CB* p_i93 = &rw_cb.tcb.i93;
114
115 if (!memcmp(p_i93->uid, p_uid, I93_UID_BYTE_LEN)) {
116 return;
117 }
118
119 DLOG_IF(INFO, nfc_debug_enabled) << __func__;
120
121 memcpy(p_i93->uid, p_uid, I93_UID_BYTE_LEN);
122
123 if (p_uid[1] == I93_UID_IC_MFG_CODE_NXP) {
124 if (p_uid[2] == I93_UID_ICODE_SLI)
125 p_i93->product_version = RW_I93_ICODE_SLI;
126 else if (p_uid[2] == I93_UID_ICODE_SLI_S)
127 p_i93->product_version = RW_I93_ICODE_SLI_S;
128 else if (p_uid[2] == I93_UID_ICODE_SLI_L)
129 p_i93->product_version = RW_I93_ICODE_SLI_L;
130 else
131 p_i93->product_version = RW_I93_UNKNOWN_PRODUCT;
132 } else if (p_uid[1] == I93_UID_IC_MFG_CODE_TI) {
133 if ((p_uid[2] & I93_UID_TAG_IT_HF_I_PRODUCT_ID_MASK) ==
134 I93_UID_TAG_IT_HF_I_PLUS_INLAY)
135 p_i93->product_version = RW_I93_TAG_IT_HF_I_PLUS_INLAY;
136 else if ((p_uid[2] & I93_UID_TAG_IT_HF_I_PRODUCT_ID_MASK) ==
137 I93_UID_TAG_IT_HF_I_PLUS_CHIP)
138 p_i93->product_version = RW_I93_TAG_IT_HF_I_PLUS_CHIP;
139 else if ((p_uid[2] & I93_UID_TAG_IT_HF_I_PRODUCT_ID_MASK) ==
140 I93_UID_TAG_IT_HF_I_STD_CHIP_INLAY)
141 p_i93->product_version = RW_I93_TAG_IT_HF_I_STD_CHIP_INLAY;
142 else if ((p_uid[2] & I93_UID_TAG_IT_HF_I_PRODUCT_ID_MASK) ==
143 I93_UID_TAG_IT_HF_I_PRO_CHIP_INLAY)
144 p_i93->product_version = RW_I93_TAG_IT_HF_I_PRO_CHIP_INLAY;
145 else
146 p_i93->product_version = RW_I93_UNKNOWN_PRODUCT;
147 } else if ((p_uid[1] == I93_UID_IC_MFG_CODE_STM) &&
148 (p_i93->info_flags & I93_INFO_FLAG_IC_REF)) {
149 if (p_i93->ic_reference == I93_IC_REF_STM_M24LR04E_R)
150 p_i93->product_version = RW_I93_STM_M24LR04E_R;
151 else if (p_i93->ic_reference == I93_IC_REF_STM_M24LR16E_R)
152 p_i93->product_version = RW_I93_STM_M24LR16E_R;
153 else if (p_i93->ic_reference == I93_IC_REF_STM_M24LR64E_R)
154 p_i93->product_version = RW_I93_STM_M24LR64E_R;
155 else if (p_i93->ic_reference == I93_IC_REF_STM_ST25DVHIK)
156 p_i93->product_version = RW_I93_STM_ST25DVHIK;
157 else if (p_i93->ic_reference == I93_IC_REF_STM_ST25DV04K)
158 p_i93->product_version = RW_I93_STM_ST25DV04K;
159 else {
160 switch (p_i93->ic_reference & I93_IC_REF_STM_MASK) {
161 case I93_IC_REF_STM_LRI1K:
162 p_i93->product_version = RW_I93_STM_LRI1K;
163 break;
164 case I93_IC_REF_STM_LRI2K:
165 p_i93->product_version = RW_I93_STM_LRI2K;
166 break;
167 case I93_IC_REF_STM_LRIS2K:
168 p_i93->product_version = RW_I93_STM_LRIS2K;
169 break;
170 case I93_IC_REF_STM_LRIS64K:
171 p_i93->product_version = RW_I93_STM_LRIS64K;
172 break;
173 case I93_IC_REF_STM_M24LR64_R:
174 p_i93->product_version = RW_I93_STM_M24LR64_R;
175 break;
176 default:
177 p_i93->product_version = RW_I93_UNKNOWN_PRODUCT;
178 break;
179 }
180 }
181 } else if ((p_uid[1] == I93_UID_IC_MFG_CODE_ONS) &&
182 (p_i93->info_flags & I93_INFO_FLAG_IC_REF)) {
183 switch (p_i93->ic_reference) {
184 case I93_IC_REF_ONS_N36RW02:
185 p_i93->product_version = RW_I93_ONS_N36RW02;
186 break;
187 case I93_IC_REF_ONS_N24RF04:
188 p_i93->product_version = RW_I93_ONS_N24RF04;
189 break;
190 case I93_IC_REF_ONS_N24RF04E:
191 p_i93->product_version = RW_I93_ONS_N24RF04E;
192 break;
193 case I93_IC_REF_ONS_N24RF16:
194 p_i93->product_version = RW_I93_ONS_N24RF16;
195 break;
196 case I93_IC_REF_ONS_N24RF16E:
197 p_i93->product_version = RW_I93_ONS_N24RF16E;
198 break;
199 case I93_IC_REF_ONS_N24RF64:
200 p_i93->product_version = RW_I93_ONS_N24RF64;
201 break;
202 case I93_IC_REF_ONS_N24RF64E:
203 p_i93->product_version = RW_I93_ONS_N24RF64E;
204 break;
205 default:
206 p_i93->product_version = RW_I93_UNKNOWN_PRODUCT;
207 break;
208 }
209 } else {
210 p_i93->product_version = RW_I93_UNKNOWN_PRODUCT;
211 }
212
213 DLOG_IF(INFO, nfc_debug_enabled)
214 << StringPrintf("product_version = <%s>",
215 rw_i93_get_tag_name(p_i93->product_version).c_str());
216
217 switch (p_i93->product_version) {
218 case RW_I93_TAG_IT_HF_I_STD_CHIP_INLAY:
219 case RW_I93_TAG_IT_HF_I_PRO_CHIP_INLAY:
220 /* these don't support Get System Information Command */
221 /* these support only Inventory, Stay Quiet, Read Single Block, Write
222 * Single Block, Lock Block */
223 p_i93->block_size = I93_TAG_IT_HF_I_STD_PRO_CHIP_INLAY_BLK_SIZE;
224 p_i93->num_block = I93_TAG_IT_HF_I_STD_PRO_CHIP_INLAY_NUM_USER_BLK;
225 break;
226 default:
227 break;
228 }
229 }
230
231 /*******************************************************************************
232 **
233 ** Function rw_i93_process_ext_sys_info
234 **
235 ** Description Store extended system information of tag
236 **
237 ** Returns FALSE if retrying with protocol extension flag
238 **
239 *******************************************************************************/
rw_i93_process_ext_sys_info(uint8_t * p_data,uint16_t length)240 bool rw_i93_process_ext_sys_info(uint8_t* p_data, uint16_t length) {
241 uint8_t* p = p_data;
242 tRW_I93_CB* p_i93 = &rw_cb.tcb.i93;
243 uint8_t uid[I93_UID_BYTE_LEN], *p_uid;
244
245 DLOG_IF(INFO, nfc_debug_enabled) << __func__;
246
247 if (length < (I93_UID_BYTE_LEN + 1)) {
248 android_errorWriteLog(0x534e4554, "122316913");
249 return false;
250 }
251
252 STREAM_TO_UINT8(p_i93->info_flags, p);
253 length--;
254
255 p_uid = uid;
256 STREAM_TO_ARRAY8(p_uid, p);
257 length -= I93_UID_BYTE_LEN;
258
259 if (p_i93->info_flags & I93_INFO_FLAG_DSFID) {
260 if (length < I93_INFO_DSFID_LEN) {
261 android_errorWriteLog(0x534e4554, "122316913");
262 return false;
263 }
264 STREAM_TO_UINT8(p_i93->dsfid, p);
265 length--;
266 }
267 if (p_i93->info_flags & I93_INFO_FLAG_AFI) {
268 if (length < I93_INFO_AFI_LEN) {
269 android_errorWriteLog(0x534e4554, "122316913");
270 return false;
271 }
272 STREAM_TO_UINT8(p_i93->afi, p);
273 length--;
274 }
275 if (p_i93->info_flags & I93_INFO_FLAG_MEM_SIZE) {
276 if (length < I93_INFO_16BIT_NUM_BLOCK_LEN + I93_INFO_BLOCK_SIZE_LEN) {
277 android_errorWriteLog(0x534e4554, "122316913");
278 return false;
279 }
280 STREAM_TO_UINT16(p_i93->num_block, p);
281 length -= I93_INFO_16BIT_NUM_BLOCK_LEN;
282
283 /* it is one less than actual number of bytes */
284 p_i93->num_block += 1;
285
286 STREAM_TO_UINT8(p_i93->block_size, p);
287 length--;
288 /* it is one less than actual number of blocks */
289 p_i93->block_size = (p_i93->block_size & 0x1F) + 1;
290 }
291 if (p_i93->info_flags & I93_INFO_FLAG_IC_REF) {
292 if (length < I93_INFO_IC_REF_LEN) {
293 android_errorWriteLog(0x534e4554, "122316913");
294 return false;
295 }
296 STREAM_TO_UINT8(p_i93->ic_reference, p);
297 length--;
298
299 /* clear existing UID to set product version */
300 p_i93->uid[0] = 0x00;
301
302 /* store UID and get product version */
303 rw_i93_get_product_version(p_uid);
304
305 if (p_i93->uid[0] == I93_UID_FIRST_BYTE) {
306 if ((p_i93->uid[1] == I93_UID_IC_MFG_CODE_STM) || (p_i93->uid[1] == I93_UID_IC_MFG_CODE_ONS)){
307 /* STM & ONS supports more than 2040 bytes */
308 p_i93->intl_flags |= RW_I93_FLAG_EXT_COMMANDS;
309 }
310 }
311 }
312 return true;
313 }
314
315 /*******************************************************************************
316 **
317 ** Function rw_i93_process_sys_info
318 **
319 ** Description Store system information of tag
320 **
321 ** Returns FALSE if retrying with protocol extension flag
322 **
323 *******************************************************************************/
rw_i93_process_sys_info(uint8_t * p_data,uint16_t length)324 bool rw_i93_process_sys_info(uint8_t* p_data, uint16_t length) {
325 uint8_t* p = p_data;
326 tRW_I93_CB* p_i93 = &rw_cb.tcb.i93;
327 uint8_t uid[I93_UID_BYTE_LEN], *p_uid;
328
329 DLOG_IF(INFO, nfc_debug_enabled) << __func__;
330
331 if (length < (I93_UID_BYTE_LEN + 1)) {
332 android_errorWriteLog(0x534e4554, "121259048");
333 return false;
334 }
335 STREAM_TO_UINT8(p_i93->info_flags, p);
336 length--;
337
338 p_uid = uid;
339 STREAM_TO_ARRAY8(p_uid, p);
340 length -= I93_UID_BYTE_LEN;
341
342 if (p_i93->info_flags & I93_INFO_FLAG_DSFID) {
343 if (length == 0) {
344 android_errorWriteLog(0x534e4554, "121259048");
345 return false;
346 }
347 STREAM_TO_UINT8(p_i93->dsfid, p);
348 length--;
349 }
350 if (p_i93->info_flags & I93_INFO_FLAG_AFI) {
351 if (length == 0) {
352 android_errorWriteLog(0x534e4554, "121259048");
353 return false;
354 }
355 STREAM_TO_UINT8(p_i93->afi, p);
356 length--;
357 }
358 if (p_i93->info_flags & I93_INFO_FLAG_MEM_SIZE) {
359 bool block_16_bit = p_i93->intl_flags & RW_I93_FLAG_16BIT_NUM_BLOCK;
360 if (block_16_bit && length > 2) {
361 STREAM_TO_UINT16(p_i93->num_block, p);
362 length -= 2;
363 } else if (!block_16_bit && length > 1) {
364 STREAM_TO_UINT8(p_i93->num_block, p);
365 length--;
366 } else {
367 android_errorWriteLog(0x534e4554, "121259048");
368 return false;
369 }
370 /* it is one less than actual number of bytes */
371 p_i93->num_block += 1;
372
373 STREAM_TO_UINT8(p_i93->block_size, p);
374 length--;
375 /* it is one less than actual number of blocks */
376 p_i93->block_size = (p_i93->block_size & 0x1F) + 1;
377 }
378 if (p_i93->info_flags & I93_INFO_FLAG_IC_REF) {
379 if (length == 0) {
380 android_errorWriteLog(0x534e4554, "121259048");
381 return false;
382 }
383 STREAM_TO_UINT8(p_i93->ic_reference, p);
384
385 /* clear existing UID to set product version */
386 p_i93->uid[0] = 0x00;
387
388 /* store UID and get product version */
389 rw_i93_get_product_version(p_uid);
390
391 if (p_i93->uid[0] == I93_UID_FIRST_BYTE) {
392 if ((p_i93->uid[1] == I93_UID_IC_MFG_CODE_NXP) &&
393 (p_i93->ic_reference == I93_IC_REF_ICODE_SLI_L)) {
394 p_i93->num_block = 8;
395 p_i93->block_size = 4;
396 } else if (p_i93->uid[1] == I93_UID_IC_MFG_CODE_STM) {
397 /*
398 ** LRI1K: 010000xx(b), blockSize: 4, numberBlocks: 0x20
399 ** LRI2K: 001000xx(b), blockSize: 4, numberBlocks: 0x40
400 ** LRIS2K: 001010xx(b), blockSize: 4, numberBlocks: 0x40
401 ** LRIS64K: 010001xx(b), blockSize: 4, numberBlocks: 0x800
402 ** M24LR64-R: 001011xx(b), blockSize: 4, numberBlocks: 0x800
403 ** M24LR04E-R: 01011010(b), blockSize: 4, numberBlocks: 0x80
404 ** M24LR16E-R: 01001110(b), blockSize: 4, numberBlocks: 0x200
405 ** M24LR64E-R: 01011110(b), blockSize: 4, numberBlocks: 0x800
406 */
407 if ((p_i93->product_version == RW_I93_STM_M24LR16E_R) ||
408 (p_i93->product_version == RW_I93_STM_M24LR64E_R)) {
409 /*
410 ** M24LR16E-R or M24LR64E-R returns system information
411 ** without memory size, if option flag is not set.
412 ** LRIS64K and M24LR64-R return error if option flag is not
413 ** set.
414 */
415 if (!(p_i93->intl_flags & RW_I93_FLAG_16BIT_NUM_BLOCK)) {
416 /* get memory size with protocol extension flag */
417 if (rw_i93_send_cmd_get_sys_info(nullptr, I93_FLAG_PROT_EXT_YES) ==
418 NFC_STATUS_OK) {
419 /* STM supports more than 2040 bytes */
420 p_i93->intl_flags |= RW_I93_FLAG_16BIT_NUM_BLOCK;
421
422 return false;
423 }
424 }
425 } else if ((p_i93->product_version == RW_I93_STM_LRI2K) &&
426 (p_i93->ic_reference == 0x21)) {
427 /* workaround of byte order in memory size information */
428 p_i93->num_block = 64;
429 p_i93->block_size = 4;
430 } else if (!(p_i93->info_flags & I93_INFO_FLAG_MEM_SIZE)) {
431 if (!(p_i93->intl_flags & RW_I93_FLAG_EXT_COMMANDS)) {
432 if (rw_i93_send_cmd_get_ext_sys_info(nullptr) == NFC_STATUS_OK) {
433 /* STM supports more than 2040 bytes */
434 p_i93->intl_flags |= RW_I93_FLAG_EXT_COMMANDS;
435
436 return false;
437 }
438 }
439 }
440 } else if (p_i93->uid[1] == I93_UID_IC_MFG_CODE_ONS) {
441 /*
442 ** N36RW02: 00011010(b), blockSize: 4, numberBlocks: 0x40
443 ** N24RF04: 00101110(b), blockSize: 4, numberBlocks: 0x80
444 ** N24RF04E: 00101010(b), blockSize: 4, numberBlocks: 0x80
445 ** N24RF16: 01001010(b), blockSize: 4, numberBlocks: 0x200
446 ** N24RF16E: 01001110(b), blockSize: 4, numberBlocks: 0x200
447 ** N24RF64: 01101010(b), blockSize: 4, numberBlocks: 0x800
448 ** N24RF64E: 01101110(b), blockSize: 4, numberBlocks: 0x800
449 */
450 p_i93->block_size = 4;
451 switch (p_i93->product_version){
452 case RW_I93_ONS_N36RW02:
453 p_i93->num_block = 0x40;
454 break;
455 case RW_I93_ONS_N24RF04:
456 case RW_I93_ONS_N24RF04E:
457 p_i93->num_block = 0x80;
458 break;
459 case RW_I93_ONS_N24RF16:
460 case RW_I93_ONS_N24RF16E:
461 p_i93->num_block = 0x200;
462 p_i93->intl_flags |= RW_I93_FLAG_16BIT_NUM_BLOCK;
463 break;
464 case RW_I93_ONS_N24RF64:
465 case RW_I93_ONS_N24RF64E:
466 p_i93->num_block = 0x800;
467 p_i93->intl_flags |= RW_I93_FLAG_16BIT_NUM_BLOCK;
468 break;
469 default:
470 return false;
471 }
472 }
473 }
474 }
475
476 return true;
477 }
478
479 /*******************************************************************************
480 **
481 ** Function rw_i93_check_sys_info_prot_ext
482 **
483 ** Description Check if need to set protocol extension flag to get system
484 ** info
485 **
486 ** Returns TRUE if sent Get System Info with protocol extension flag
487 **
488 *******************************************************************************/
rw_i93_check_sys_info_prot_ext(uint8_t error_code)489 bool rw_i93_check_sys_info_prot_ext(uint8_t error_code) {
490 tRW_I93_CB* p_i93 = &rw_cb.tcb.i93;
491
492 DLOG_IF(INFO, nfc_debug_enabled) << __func__;
493
494 if (((p_i93->uid[1] == I93_UID_IC_MFG_CODE_STM) || (p_i93->uid[1] == I93_UID_IC_MFG_CODE_ONS)) &&
495 (p_i93->sent_cmd == I93_CMD_GET_SYS_INFO) &&
496 (error_code == I93_ERROR_CODE_OPTION_NOT_SUPPORTED) &&
497 (rw_i93_send_cmd_get_sys_info(nullptr, I93_FLAG_PROT_EXT_YES) ==
498 NFC_STATUS_OK)) {
499 return true;
500 } else {
501 return false;
502 }
503 }
504
505 /*******************************************************************************
506 **
507 ** Function rw_i93_send_to_upper
508 **
509 ** Description Send response to upper layer
510 **
511 ** Returns void
512 **
513 *******************************************************************************/
rw_i93_send_to_upper(NFC_HDR * p_resp)514 void rw_i93_send_to_upper(NFC_HDR* p_resp) {
515 uint8_t *p = (uint8_t*)(p_resp + 1) + p_resp->offset, *p_uid;
516 uint16_t length = p_resp->len;
517 tRW_I93_CB* p_i93 = &rw_cb.tcb.i93;
518 tRW_DATA rw_data;
519 uint8_t event = RW_I93_MAX_EVT;
520 uint8_t flags;
521 NFC_HDR* p_buff;
522
523 DLOG_IF(INFO, nfc_debug_enabled) << __func__;
524
525 if (length == 0) {
526 android_errorWriteLog(0x534e4554, "121035878");
527 rw_data.i93_cmd_cmpl.status = NFC_STATUS_FAILED;
528 rw_data.i93_cmd_cmpl.command = p_i93->sent_cmd;
529 rw_cb.tcb.i93.sent_cmd = 0;
530 (*(rw_cb.p_cback))(RW_I93_CMD_CMPL_EVT, &rw_data);
531 return;
532 }
533
534 STREAM_TO_UINT8(flags, p);
535 length--;
536
537 if (flags & I93_FLAG_ERROR_DETECTED) {
538 if ((length) && (rw_i93_check_sys_info_prot_ext(*p))) {
539 /* getting system info with protocol extension flag */
540 /* This STM & ONS tag supports more than 2040 bytes */
541 p_i93->intl_flags |= RW_I93_FLAG_16BIT_NUM_BLOCK;
542 p_i93->state = RW_I93_STATE_BUSY;
543 } else if (length) {
544 /* notify error to upper layer */
545 rw_data.i93_cmd_cmpl.status = NFC_STATUS_FAILED;
546 rw_data.i93_cmd_cmpl.command = p_i93->sent_cmd;
547 STREAM_TO_UINT8(rw_data.i93_cmd_cmpl.error_code, p);
548
549 rw_cb.tcb.i93.sent_cmd = 0;
550 (*(rw_cb.p_cback))(RW_I93_CMD_CMPL_EVT, &rw_data);
551 }
552 return;
553 }
554
555 switch (p_i93->sent_cmd) {
556 case I93_CMD_INVENTORY:
557 if (length < I93_INFO_DSFID_LEN + I93_UID_BYTE_LEN) return;
558
559 /* forward inventory response */
560 rw_data.i93_inventory.status = NFC_STATUS_OK;
561 STREAM_TO_UINT8(rw_data.i93_inventory.dsfid, p);
562
563 p_uid = rw_data.i93_inventory.uid;
564 STREAM_TO_ARRAY8(p_uid, p);
565
566 /* store UID and get product version */
567 rw_i93_get_product_version(p_uid);
568
569 event = RW_I93_INVENTORY_EVT;
570 break;
571
572 case I93_CMD_READ_SINGLE_BLOCK:
573 case I93_CMD_EXT_READ_SINGLE_BLOCK:
574 case I93_CMD_READ_MULTI_BLOCK:
575 case I93_CMD_EXT_READ_MULTI_BLOCK:
576 case I93_CMD_GET_MULTI_BLK_SEC:
577 case I93_CMD_EXT_GET_MULTI_BLK_SEC:
578
579 /* forward tag data or security status */
580 p_buff = (NFC_HDR*)GKI_getbuf((uint16_t)(length + NFC_HDR_SIZE));
581
582 if (p_buff) {
583 p_buff->offset = 0;
584 p_buff->len = length;
585
586 memcpy((p_buff + 1), p, length);
587
588 rw_data.i93_data.status = NFC_STATUS_OK;
589 rw_data.i93_data.command = p_i93->sent_cmd;
590 rw_data.i93_data.p_data = p_buff;
591
592 event = RW_I93_DATA_EVT;
593 } else {
594 rw_data.i93_cmd_cmpl.status = NFC_STATUS_NO_BUFFERS;
595 rw_data.i93_cmd_cmpl.command = p_i93->sent_cmd;
596 rw_data.i93_cmd_cmpl.error_code = 0;
597
598 event = RW_I93_CMD_CMPL_EVT;
599 }
600 break;
601
602 case I93_CMD_WRITE_SINGLE_BLOCK:
603 case I93_CMD_EXT_WRITE_SINGLE_BLOCK:
604 case I93_CMD_LOCK_BLOCK:
605 case I93_CMD_EXT_LOCK_BLOCK:
606 case I93_CMD_WRITE_MULTI_BLOCK:
607 case I93_CMD_EXT_WRITE_MULTI_BLOCK:
608 case I93_CMD_SELECT:
609 case I93_CMD_RESET_TO_READY:
610 case I93_CMD_WRITE_AFI:
611 case I93_CMD_LOCK_AFI:
612 case I93_CMD_WRITE_DSFID:
613 case I93_CMD_LOCK_DSFID:
614
615 /* notify the complete of command */
616 rw_data.i93_cmd_cmpl.status = NFC_STATUS_OK;
617 rw_data.i93_cmd_cmpl.command = p_i93->sent_cmd;
618 rw_data.i93_cmd_cmpl.error_code = 0;
619
620 event = RW_I93_CMD_CMPL_EVT;
621 break;
622
623 case I93_CMD_GET_SYS_INFO:
624
625 if (rw_i93_process_sys_info(p, length)) {
626 rw_data.i93_sys_info.status = NFC_STATUS_OK;
627 rw_data.i93_sys_info.info_flags = p_i93->info_flags;
628 rw_data.i93_sys_info.dsfid = p_i93->dsfid;
629 rw_data.i93_sys_info.afi = p_i93->afi;
630 rw_data.i93_sys_info.num_block = p_i93->num_block;
631 rw_data.i93_sys_info.block_size = p_i93->block_size;
632 rw_data.i93_sys_info.IC_reference = p_i93->ic_reference;
633
634 memcpy(rw_data.i93_sys_info.uid, p_i93->uid, I93_UID_BYTE_LEN);
635
636 event = RW_I93_SYS_INFO_EVT;
637 } else {
638 /* retrying with protocol extension flag */
639 p_i93->state = RW_I93_STATE_BUSY;
640 return;
641 }
642 break;
643
644 case I93_CMD_EXT_GET_SYS_INFO:
645
646 if (rw_i93_process_ext_sys_info(p, length)) {
647 rw_data.i93_sys_info.status = NFC_STATUS_OK;
648 rw_data.i93_sys_info.info_flags = p_i93->info_flags;
649 rw_data.i93_sys_info.dsfid = p_i93->dsfid;
650 rw_data.i93_sys_info.afi = p_i93->afi;
651 rw_data.i93_sys_info.num_block = p_i93->num_block;
652 rw_data.i93_sys_info.block_size = p_i93->block_size;
653 rw_data.i93_sys_info.IC_reference = p_i93->ic_reference;
654
655 memcpy(rw_data.i93_sys_info.uid, p_i93->uid, I93_UID_BYTE_LEN);
656
657 event = RW_I93_SYS_INFO_EVT;
658 } else {
659 /* retrying with protocol extension flag or with extended sys info
660 * command */
661 p_i93->state = RW_I93_STATE_BUSY;
662 return;
663 }
664 break;
665
666 default:
667 break;
668 }
669
670 rw_cb.tcb.i93.sent_cmd = 0;
671 if (event != RW_I93_MAX_EVT) {
672 (*(rw_cb.p_cback))(event, &rw_data);
673 } else {
674 LOG(ERROR) << StringPrintf("Invalid response");
675 }
676 }
677
678 /*******************************************************************************
679 **
680 ** Function rw_i93_send_to_lower
681 **
682 ** Description Send Request frame to lower layer
683 **
684 ** Returns TRUE if success
685 **
686 *******************************************************************************/
rw_i93_send_to_lower(NFC_HDR * p_msg)687 bool rw_i93_send_to_lower(NFC_HDR* p_msg) {
688 /* store command for retransmitting */
689 if (rw_cb.tcb.i93.p_retry_cmd) {
690 GKI_freebuf(rw_cb.tcb.i93.p_retry_cmd);
691 rw_cb.tcb.i93.p_retry_cmd = nullptr;
692 }
693
694 rw_cb.tcb.i93.p_retry_cmd = (NFC_HDR*)GKI_getpoolbuf(NFC_RW_POOL_ID);
695
696 if (rw_cb.tcb.i93.p_retry_cmd) {
697 memcpy(rw_cb.tcb.i93.p_retry_cmd, p_msg,
698 sizeof(NFC_HDR) + p_msg->offset + p_msg->len);
699 }
700
701 if (NFC_SendData(NFC_RF_CONN_ID, p_msg) != NFC_STATUS_OK) {
702 LOG(ERROR) << StringPrintf("failed");
703 return false;
704 }
705
706 nfc_start_quick_timer(&rw_cb.tcb.i93.timer, NFC_TTYPE_RW_I93_RESPONSE,
707 (RW_I93_TOUT_RESP * QUICK_TIMER_TICKS_PER_SEC) / 1000);
708
709 return true;
710 }
711
712 /*******************************************************************************
713 **
714 ** Function rw_i93_send_cmd_inventory
715 **
716 ** Description Send Inventory Request to VICC
717 **
718 ** Returns tNFC_STATUS
719 **
720 *******************************************************************************/
rw_i93_send_cmd_inventory(uint8_t * p_uid,bool including_afi,uint8_t afi)721 tNFC_STATUS rw_i93_send_cmd_inventory(uint8_t* p_uid, bool including_afi,
722 uint8_t afi) {
723 NFC_HDR* p_cmd;
724 uint8_t *p, flags;
725
726 DLOG_IF(INFO, nfc_debug_enabled)
727 << StringPrintf("including_afi:%d, AFI:0x%02X", including_afi, afi);
728
729 p_cmd = (NFC_HDR*)GKI_getpoolbuf(NFC_RW_POOL_ID);
730
731 if (!p_cmd) {
732 LOG(ERROR) << StringPrintf("Cannot allocate buffer");
733 return NFC_STATUS_NO_BUFFERS;
734 }
735
736 p_cmd->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
737 p_cmd->len = 3;
738 p = (uint8_t*)(p_cmd + 1) + p_cmd->offset;
739
740 /* Flags */
741 flags = (I93_FLAG_SLOT_ONE | I93_FLAG_INVENTORY_SET |
742 RW_I93_FLAG_SUB_CARRIER | RW_I93_FLAG_DATA_RATE);
743 if (including_afi) {
744 flags |= I93_FLAG_AFI_PRESENT;
745 }
746
747 UINT8_TO_STREAM(p, flags);
748
749 /* Command Code */
750 UINT8_TO_STREAM(p, I93_CMD_INVENTORY);
751
752 if (including_afi) {
753 /* Parameters */
754 UINT8_TO_STREAM(p, afi); /* Optional AFI */
755 p_cmd->len++;
756 }
757
758 if (p_uid) {
759 UINT8_TO_STREAM(p, I93_UID_BYTE_LEN * 8); /* Mask Length */
760 ARRAY8_TO_STREAM(p, p_uid); /* UID */
761 p_cmd->len += I93_UID_BYTE_LEN;
762 } else {
763 UINT8_TO_STREAM(p, 0x00); /* Mask Length */
764 }
765
766 if (rw_i93_send_to_lower(p_cmd)) {
767 rw_cb.tcb.i93.sent_cmd = I93_CMD_INVENTORY;
768 return NFC_STATUS_OK;
769 } else {
770 return NFC_STATUS_FAILED;
771 }
772 }
773
774 /*******************************************************************************
775 **
776 ** Function rw_i93_send_cmd_stay_quiet
777 **
778 ** Description Send Stay Quiet Request to VICC
779 **
780 ** Returns tNFC_STATUS
781 **
782 *******************************************************************************/
rw_i93_send_cmd_stay_quiet(void)783 tNFC_STATUS rw_i93_send_cmd_stay_quiet(void) {
784 NFC_HDR* p_cmd;
785 uint8_t* p;
786
787 DLOG_IF(INFO, nfc_debug_enabled) << __func__;
788
789 p_cmd = (NFC_HDR*)GKI_getpoolbuf(NFC_RW_POOL_ID);
790
791 if (!p_cmd) {
792 LOG(ERROR) << StringPrintf("Cannot allocate buffer");
793 return NFC_STATUS_NO_BUFFERS;
794 }
795
796 p_cmd->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
797 p_cmd->len = 10;
798 p = (uint8_t*)(p_cmd + 1) + p_cmd->offset;
799
800 /* Flags */
801 UINT8_TO_STREAM(p, (I93_FLAG_ADDRESS_SET | RW_I93_FLAG_SUB_CARRIER |
802 RW_I93_FLAG_DATA_RATE));
803
804 /* Command Code */
805 UINT8_TO_STREAM(p, I93_CMD_STAY_QUIET);
806
807 /* Parameters */
808 ARRAY8_TO_STREAM(p, rw_cb.tcb.i93.uid); /* UID */
809
810 if (rw_i93_send_to_lower(p_cmd)) {
811 rw_cb.tcb.i93.sent_cmd = I93_CMD_STAY_QUIET;
812
813 /* restart timer for stay quiet */
814 nfc_start_quick_timer(
815 &rw_cb.tcb.i93.timer, NFC_TTYPE_RW_I93_RESPONSE,
816 (RW_I93_TOUT_STAY_QUIET * QUICK_TIMER_TICKS_PER_SEC) / 1000);
817 return NFC_STATUS_OK;
818 } else {
819 return NFC_STATUS_FAILED;
820 }
821 }
822
823 /*******************************************************************************
824 **
825 ** Function rw_i93_send_cmd_read_single_block
826 **
827 ** Description Send Read Single Block Request to VICC
828 **
829 ** Returns tNFC_STATUS
830 **
831 *******************************************************************************/
rw_i93_send_cmd_read_single_block(uint16_t block_number,bool read_security)832 tNFC_STATUS rw_i93_send_cmd_read_single_block(uint16_t block_number,
833 bool read_security) {
834 NFC_HDR* p_cmd;
835 uint8_t *p, flags;
836
837 DLOG_IF(INFO, nfc_debug_enabled) << __func__;
838
839 p_cmd = (NFC_HDR*)GKI_getpoolbuf(NFC_RW_POOL_ID);
840
841 if (!p_cmd) {
842 LOG(ERROR) << StringPrintf("Cannot allocate buffer");
843 return NFC_STATUS_NO_BUFFERS;
844 }
845
846 p_cmd->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
847 p_cmd->len = 11;
848 p = (uint8_t*)(p_cmd + 1) + p_cmd->offset;
849
850 /* Flags */
851 flags =
852 (I93_FLAG_ADDRESS_SET | RW_I93_FLAG_SUB_CARRIER | RW_I93_FLAG_DATA_RATE);
853
854 if (read_security) flags |= I93_FLAG_OPTION_SET;
855
856 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_16BIT_NUM_BLOCK)
857 flags |= I93_FLAG_PROT_EXT_YES;
858
859 UINT8_TO_STREAM(p, flags);
860
861 /* Command Code */
862 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_EXT_COMMANDS) {
863 UINT8_TO_STREAM(p, I93_CMD_EXT_READ_SINGLE_BLOCK);
864 } else {
865 UINT8_TO_STREAM(p, I93_CMD_READ_SINGLE_BLOCK);
866 }
867
868 /* Parameters */
869 ARRAY8_TO_STREAM(p, rw_cb.tcb.i93.uid); /* UID */
870
871 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_16BIT_NUM_BLOCK ||
872 rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_EXT_COMMANDS) {
873 UINT16_TO_STREAM(p, block_number); /* Block number */
874 p_cmd->len++;
875 } else {
876 UINT8_TO_STREAM(p, block_number); /* Block number */
877 }
878
879 if (rw_i93_send_to_lower(p_cmd)) {
880 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_EXT_COMMANDS)
881 rw_cb.tcb.i93.sent_cmd = I93_CMD_EXT_READ_SINGLE_BLOCK;
882 else
883 rw_cb.tcb.i93.sent_cmd = I93_CMD_READ_SINGLE_BLOCK;
884 return NFC_STATUS_OK;
885 } else {
886 return NFC_STATUS_FAILED;
887 }
888 }
889
890 /*******************************************************************************
891 **
892 ** Function rw_i93_send_cmd_write_single_block
893 **
894 ** Description Send Write Single Block Request to VICC
895 **
896 ** Returns tNFC_STATUS
897 **
898 *******************************************************************************/
rw_i93_send_cmd_write_single_block(uint16_t block_number,uint8_t * p_data)899 tNFC_STATUS rw_i93_send_cmd_write_single_block(uint16_t block_number,
900 uint8_t* p_data) {
901 NFC_HDR* p_cmd;
902 uint8_t *p, flags;
903
904 DLOG_IF(INFO, nfc_debug_enabled) << __func__;
905
906 p_cmd = (NFC_HDR*)GKI_getpoolbuf(NFC_RW_POOL_ID);
907
908 if (!p_cmd) {
909 LOG(ERROR) << StringPrintf("Cannot allocate buffer");
910 return NFC_STATUS_NO_BUFFERS;
911 }
912
913 p_cmd->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
914 p_cmd->len = 11 + rw_cb.tcb.i93.block_size;
915 p = (uint8_t*)(p_cmd + 1) + p_cmd->offset;
916
917 /* Flags */
918 if ((rw_cb.tcb.i93.product_version == RW_I93_TAG_IT_HF_I_PLUS_INLAY) ||
919 (rw_cb.tcb.i93.product_version == RW_I93_TAG_IT_HF_I_PLUS_CHIP) ||
920 (rw_cb.tcb.i93.product_version == RW_I93_TAG_IT_HF_I_STD_CHIP_INLAY) ||
921 (rw_cb.tcb.i93.product_version == RW_I93_TAG_IT_HF_I_PRO_CHIP_INLAY)) {
922 /* Option must be set for TI tag */
923 flags = (I93_FLAG_ADDRESS_SET | I93_FLAG_OPTION_SET |
924 RW_I93_FLAG_SUB_CARRIER | RW_I93_FLAG_DATA_RATE);
925 } else {
926 flags = (I93_FLAG_ADDRESS_SET | RW_I93_FLAG_SUB_CARRIER |
927 RW_I93_FLAG_DATA_RATE);
928 }
929
930 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_16BIT_NUM_BLOCK)
931 flags |= I93_FLAG_PROT_EXT_YES;
932
933 UINT8_TO_STREAM(p, flags);
934
935 /* Command Code */
936 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_EXT_COMMANDS) {
937 UINT8_TO_STREAM(p, I93_CMD_EXT_WRITE_SINGLE_BLOCK);
938 } else {
939 UINT8_TO_STREAM(p, I93_CMD_WRITE_SINGLE_BLOCK);
940 }
941
942 /* Parameters */
943 ARRAY8_TO_STREAM(p, rw_cb.tcb.i93.uid); /* UID */
944
945 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_16BIT_NUM_BLOCK ||
946 rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_EXT_COMMANDS) {
947 UINT16_TO_STREAM(p, block_number); /* Block number */
948 p_cmd->len++;
949 } else {
950 UINT8_TO_STREAM(p, block_number); /* Block number */
951 }
952
953 /* Data */
954 ARRAY_TO_STREAM(p, p_data, rw_cb.tcb.i93.block_size);
955
956 if (rw_i93_send_to_lower(p_cmd)) {
957 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_EXT_COMMANDS)
958 rw_cb.tcb.i93.sent_cmd = I93_CMD_EXT_WRITE_SINGLE_BLOCK;
959 else
960 rw_cb.tcb.i93.sent_cmd = I93_CMD_WRITE_SINGLE_BLOCK;
961 return NFC_STATUS_OK;
962 } else {
963 return NFC_STATUS_FAILED;
964 }
965 }
966
967 /*******************************************************************************
968 **
969 ** Function rw_i93_send_cmd_lock_block
970 **
971 ** Description Send Lock Block Request to VICC
972 **
973 ** STM LRIS64K, M24LR64-R, M24LR04E-R, M24LR16E-R, M24LR64E-R
974 ** do not support.
975 **
976 ** Returns tNFC_STATUS
977 **
978 *******************************************************************************/
rw_i93_send_cmd_lock_block(uint8_t block_number)979 tNFC_STATUS rw_i93_send_cmd_lock_block(uint8_t block_number) {
980 NFC_HDR* p_cmd;
981 uint8_t* p;
982
983 DLOG_IF(INFO, nfc_debug_enabled) << __func__;
984
985 p_cmd = (NFC_HDR*)GKI_getpoolbuf(NFC_RW_POOL_ID);
986
987 if (!p_cmd) {
988 LOG(ERROR) << StringPrintf("Cannot allocate buffer");
989 return NFC_STATUS_NO_BUFFERS;
990 }
991
992 p_cmd->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
993 p_cmd->len = 11;
994 p = (uint8_t*)(p_cmd + 1) + p_cmd->offset;
995
996 /* Flags */
997 if ((rw_cb.tcb.i93.product_version == RW_I93_TAG_IT_HF_I_PLUS_INLAY) ||
998 (rw_cb.tcb.i93.product_version == RW_I93_TAG_IT_HF_I_PLUS_CHIP) ||
999 (rw_cb.tcb.i93.product_version == RW_I93_TAG_IT_HF_I_STD_CHIP_INLAY) ||
1000 (rw_cb.tcb.i93.product_version == RW_I93_TAG_IT_HF_I_PRO_CHIP_INLAY)) {
1001 /* Option must be set for TI tag */
1002 UINT8_TO_STREAM(p, (I93_FLAG_ADDRESS_SET | I93_FLAG_OPTION_SET |
1003 RW_I93_FLAG_SUB_CARRIER | RW_I93_FLAG_DATA_RATE));
1004 } else {
1005 UINT8_TO_STREAM(p, (I93_FLAG_ADDRESS_SET | RW_I93_FLAG_SUB_CARRIER |
1006 RW_I93_FLAG_DATA_RATE));
1007 }
1008
1009 /* Command Code */
1010 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_EXT_COMMANDS) {
1011 UINT8_TO_STREAM(p, I93_CMD_EXT_LOCK_BLOCK);
1012 } else {
1013 UINT8_TO_STREAM(p, I93_CMD_LOCK_BLOCK);
1014 }
1015
1016 /* Parameters */
1017 ARRAY8_TO_STREAM(p, rw_cb.tcb.i93.uid); /* UID */
1018
1019 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_EXT_COMMANDS) {
1020 UINT8_TO_STREAM(p, block_number); /* Block number */
1021 p_cmd->len++;
1022 } else {
1023 UINT8_TO_STREAM(p, block_number); /* Block number */
1024 }
1025
1026 if (rw_i93_send_to_lower(p_cmd)) {
1027 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_EXT_COMMANDS)
1028 rw_cb.tcb.i93.sent_cmd = I93_CMD_EXT_LOCK_BLOCK;
1029 else
1030 rw_cb.tcb.i93.sent_cmd = I93_CMD_LOCK_BLOCK;
1031 return NFC_STATUS_OK;
1032 } else {
1033 return NFC_STATUS_FAILED;
1034 }
1035 }
1036
1037 /*******************************************************************************
1038 **
1039 ** Function rw_i93_send_cmd_read_multi_blocks
1040 **
1041 ** Description Send Read Multiple Blocks Request to VICC
1042 **
1043 ** Returns tNFC_STATUS
1044 **
1045 *******************************************************************************/
rw_i93_send_cmd_read_multi_blocks(uint16_t first_block_number,uint16_t number_blocks)1046 tNFC_STATUS rw_i93_send_cmd_read_multi_blocks(uint16_t first_block_number,
1047 uint16_t number_blocks) {
1048 NFC_HDR* p_cmd;
1049 uint8_t *p, flags;
1050
1051 DLOG_IF(INFO, nfc_debug_enabled) << __func__;
1052
1053 p_cmd = (NFC_HDR*)GKI_getpoolbuf(NFC_RW_POOL_ID);
1054
1055 if (!p_cmd) {
1056 LOG(ERROR) << StringPrintf("Cannot allocate buffer");
1057 return NFC_STATUS_NO_BUFFERS;
1058 }
1059
1060 p_cmd->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
1061 p_cmd->len = 12;
1062 p = (uint8_t*)(p_cmd + 1) + p_cmd->offset;
1063
1064 /* Flags */
1065 flags =
1066 (I93_FLAG_ADDRESS_SET | RW_I93_FLAG_SUB_CARRIER | RW_I93_FLAG_DATA_RATE);
1067
1068 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_16BIT_NUM_BLOCK) {
1069 flags |= I93_FLAG_PROT_EXT_YES;
1070 }
1071
1072 UINT8_TO_STREAM(p, flags);
1073
1074 /* Command Code */
1075 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_EXT_COMMANDS) {
1076 UINT8_TO_STREAM(p, I93_CMD_EXT_READ_MULTI_BLOCK);
1077 } else {
1078 UINT8_TO_STREAM(p, I93_CMD_READ_MULTI_BLOCK);
1079 }
1080
1081 /* Parameters */
1082 ARRAY8_TO_STREAM(p, rw_cb.tcb.i93.uid); /* UID */
1083
1084 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_16BIT_NUM_BLOCK ||
1085 rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_EXT_COMMANDS) {
1086 UINT16_TO_STREAM(p, first_block_number); /* First block number */
1087 p_cmd->len++;
1088 } else {
1089 UINT8_TO_STREAM(p, first_block_number); /* First block number */
1090 }
1091
1092 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_EXT_COMMANDS) {
1093 UINT16_TO_STREAM(
1094 p, number_blocks - 1); /* Number of blocks, 0x00 to read one block */
1095 p_cmd->len++;
1096 } else {
1097 UINT8_TO_STREAM(
1098 p, number_blocks - 1); /* Number of blocks, 0x00 to read one block */
1099 }
1100
1101 if (rw_i93_send_to_lower(p_cmd)) {
1102 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_EXT_COMMANDS)
1103 rw_cb.tcb.i93.sent_cmd = I93_CMD_EXT_READ_MULTI_BLOCK;
1104 else
1105 rw_cb.tcb.i93.sent_cmd = I93_CMD_READ_MULTI_BLOCK;
1106 return NFC_STATUS_OK;
1107 } else {
1108 return NFC_STATUS_FAILED;
1109 }
1110 }
1111
1112 /*******************************************************************************
1113 **
1114 ** Function rw_i93_send_cmd_write_multi_blocks
1115 **
1116 ** Description Send Write Multiple Blocks Request to VICC
1117 **
1118 ** Returns tNFC_STATUS
1119 **
1120 *******************************************************************************/
rw_i93_send_cmd_write_multi_blocks(uint16_t first_block_number,uint16_t number_blocks,uint8_t * p_data)1121 tNFC_STATUS rw_i93_send_cmd_write_multi_blocks(uint16_t first_block_number,
1122 uint16_t number_blocks,
1123 uint8_t* p_data) {
1124 NFC_HDR* p_cmd;
1125 uint8_t* p;
1126
1127 DLOG_IF(INFO, nfc_debug_enabled) << __func__;
1128
1129 p_cmd = (NFC_HDR*)GKI_getpoolbuf(NFC_RW_POOL_ID);
1130
1131 if (!p_cmd) {
1132 LOG(ERROR) << StringPrintf("Cannot allocate buffer");
1133 return NFC_STATUS_NO_BUFFERS;
1134 }
1135
1136 p_cmd->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
1137 p_cmd->len = 12 + number_blocks * rw_cb.tcb.i93.block_size;
1138 p = (uint8_t*)(p_cmd + 1) + p_cmd->offset;
1139
1140 /* Flags */
1141 UINT8_TO_STREAM(p, (I93_FLAG_ADDRESS_SET | RW_I93_FLAG_SUB_CARRIER |
1142 RW_I93_FLAG_DATA_RATE));
1143
1144 /* Command Code */
1145 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_EXT_COMMANDS) {
1146 INT8_TO_STREAM(p, I93_CMD_EXT_WRITE_MULTI_BLOCK);
1147 } else {
1148 UINT8_TO_STREAM(p, I93_CMD_WRITE_MULTI_BLOCK);
1149 }
1150
1151 /* Parameters */
1152 ARRAY8_TO_STREAM(p, rw_cb.tcb.i93.uid); /* UID */
1153 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_EXT_COMMANDS) {
1154 UINT16_TO_STREAM(p, first_block_number); /* Block number */
1155 UINT16_TO_STREAM(
1156 p, number_blocks - 1); /* Number of blocks, 0x00 to read one block */
1157 p_cmd->len += 2;
1158 } else {
1159 UINT8_TO_STREAM(p, first_block_number); /* Block number */
1160 UINT8_TO_STREAM(
1161 p, number_blocks - 1); /* Number of blocks, 0x00 to read one block */
1162 }
1163
1164 UINT8_TO_STREAM(
1165 p, number_blocks - 1); /* Number of blocks, 0x00 to read one block */
1166
1167 /* Data */
1168 ARRAY_TO_STREAM(p, p_data, number_blocks * rw_cb.tcb.i93.block_size);
1169
1170 if (rw_i93_send_to_lower(p_cmd)) {
1171 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_EXT_COMMANDS)
1172 rw_cb.tcb.i93.sent_cmd = I93_CMD_EXT_WRITE_MULTI_BLOCK;
1173 else
1174 rw_cb.tcb.i93.sent_cmd = I93_CMD_WRITE_MULTI_BLOCK;
1175 return NFC_STATUS_OK;
1176 } else {
1177 return NFC_STATUS_FAILED;
1178 }
1179 }
1180
1181 /*******************************************************************************
1182 **
1183 ** Function rw_i93_send_cmd_select
1184 **
1185 ** Description Send Select Request to VICC
1186 **
1187 ** Returns tNFC_STATUS
1188 **
1189 *******************************************************************************/
rw_i93_send_cmd_select(uint8_t * p_uid)1190 tNFC_STATUS rw_i93_send_cmd_select(uint8_t* p_uid) {
1191 NFC_HDR* p_cmd;
1192 uint8_t* p;
1193
1194 DLOG_IF(INFO, nfc_debug_enabled) << __func__;
1195
1196 p_cmd = (NFC_HDR*)GKI_getpoolbuf(NFC_RW_POOL_ID);
1197
1198 if (!p_cmd) {
1199 LOG(ERROR) << StringPrintf("Cannot allocate buffer");
1200 return NFC_STATUS_NO_BUFFERS;
1201 }
1202
1203 p_cmd->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
1204 p_cmd->len = 10;
1205 p = (uint8_t*)(p_cmd + 1) + p_cmd->offset;
1206
1207 /* Flags */
1208 UINT8_TO_STREAM(p, (I93_FLAG_ADDRESS_SET | RW_I93_FLAG_SUB_CARRIER |
1209 RW_I93_FLAG_DATA_RATE));
1210
1211 /* Command Code */
1212 UINT8_TO_STREAM(p, I93_CMD_SELECT);
1213
1214 /* Parameters */
1215 ARRAY8_TO_STREAM(p, p_uid); /* UID */
1216
1217 if (rw_i93_send_to_lower(p_cmd)) {
1218 rw_cb.tcb.i93.sent_cmd = I93_CMD_SELECT;
1219 return NFC_STATUS_OK;
1220 } else {
1221 return NFC_STATUS_FAILED;
1222 }
1223 }
1224
1225 /*******************************************************************************
1226 **
1227 ** Function rw_i93_send_cmd_reset_to_ready
1228 **
1229 ** Description Send Reset to Ready Request to VICC
1230 **
1231 ** Returns tNFC_STATUS
1232 **
1233 *******************************************************************************/
rw_i93_send_cmd_reset_to_ready(void)1234 tNFC_STATUS rw_i93_send_cmd_reset_to_ready(void) {
1235 NFC_HDR* p_cmd;
1236 uint8_t* p;
1237
1238 DLOG_IF(INFO, nfc_debug_enabled) << __func__;
1239
1240 p_cmd = (NFC_HDR*)GKI_getpoolbuf(NFC_RW_POOL_ID);
1241
1242 if (!p_cmd) {
1243 LOG(ERROR) << StringPrintf("Cannot allocate buffer");
1244 return NFC_STATUS_NO_BUFFERS;
1245 }
1246
1247 p_cmd->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
1248 p_cmd->len = 10;
1249 p = (uint8_t*)(p_cmd + 1) + p_cmd->offset;
1250
1251 /* Flags */
1252 UINT8_TO_STREAM(p, (I93_FLAG_ADDRESS_SET | RW_I93_FLAG_SUB_CARRIER |
1253 RW_I93_FLAG_DATA_RATE));
1254
1255 /* Command Code */
1256 UINT8_TO_STREAM(p, I93_CMD_RESET_TO_READY);
1257
1258 /* Parameters */
1259 ARRAY8_TO_STREAM(p, rw_cb.tcb.i93.uid); /* UID */
1260
1261 if (rw_i93_send_to_lower(p_cmd)) {
1262 rw_cb.tcb.i93.sent_cmd = I93_CMD_RESET_TO_READY;
1263 return NFC_STATUS_OK;
1264 } else {
1265 return NFC_STATUS_FAILED;
1266 }
1267 }
1268
1269 /*******************************************************************************
1270 **
1271 ** Function rw_i93_send_cmd_write_afi
1272 **
1273 ** Description Send Write AFI Request to VICC
1274 **
1275 ** Returns tNFC_STATUS
1276 **
1277 *******************************************************************************/
rw_i93_send_cmd_write_afi(uint8_t afi)1278 tNFC_STATUS rw_i93_send_cmd_write_afi(uint8_t afi) {
1279 NFC_HDR* p_cmd;
1280 uint8_t* p;
1281
1282 DLOG_IF(INFO, nfc_debug_enabled) << __func__;
1283
1284 p_cmd = (NFC_HDR*)GKI_getpoolbuf(NFC_RW_POOL_ID);
1285
1286 if (!p_cmd) {
1287 LOG(ERROR) << StringPrintf("Cannot allocate buffer");
1288 return NFC_STATUS_NO_BUFFERS;
1289 }
1290
1291 p_cmd->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
1292 p_cmd->len = 11;
1293 p = (uint8_t*)(p_cmd + 1) + p_cmd->offset;
1294
1295 /* Flags */
1296 UINT8_TO_STREAM(p, (I93_FLAG_ADDRESS_SET | RW_I93_FLAG_SUB_CARRIER |
1297 RW_I93_FLAG_DATA_RATE));
1298
1299 /* Command Code */
1300 UINT8_TO_STREAM(p, I93_CMD_WRITE_AFI);
1301
1302 /* Parameters */
1303 ARRAY8_TO_STREAM(p, rw_cb.tcb.i93.uid); /* UID */
1304 UINT8_TO_STREAM(p, afi); /* AFI */
1305
1306 if (rw_i93_send_to_lower(p_cmd)) {
1307 rw_cb.tcb.i93.sent_cmd = I93_CMD_WRITE_AFI;
1308 return NFC_STATUS_OK;
1309 } else {
1310 return NFC_STATUS_FAILED;
1311 }
1312 }
1313
1314 /*******************************************************************************
1315 **
1316 ** Function rw_i93_send_cmd_lock_afi
1317 **
1318 ** Description Send Lock AFI Request to VICC
1319 **
1320 ** Returns tNFC_STATUS
1321 **
1322 *******************************************************************************/
rw_i93_send_cmd_lock_afi(void)1323 tNFC_STATUS rw_i93_send_cmd_lock_afi(void) {
1324 NFC_HDR* p_cmd;
1325 uint8_t* p;
1326
1327 DLOG_IF(INFO, nfc_debug_enabled) << __func__;
1328
1329 p_cmd = (NFC_HDR*)GKI_getpoolbuf(NFC_RW_POOL_ID);
1330
1331 if (!p_cmd) {
1332 LOG(ERROR) << StringPrintf("Cannot allocate buffer");
1333 return NFC_STATUS_NO_BUFFERS;
1334 }
1335
1336 p_cmd->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
1337 p_cmd->len = 10;
1338 p = (uint8_t*)(p_cmd + 1) + p_cmd->offset;
1339
1340 /* Flags */
1341 UINT8_TO_STREAM(p, (I93_FLAG_ADDRESS_SET | RW_I93_FLAG_SUB_CARRIER |
1342 RW_I93_FLAG_DATA_RATE));
1343
1344 /* Command Code */
1345 UINT8_TO_STREAM(p, I93_CMD_LOCK_AFI);
1346
1347 /* Parameters */
1348 ARRAY8_TO_STREAM(p, rw_cb.tcb.i93.uid); /* UID */
1349
1350 if (rw_i93_send_to_lower(p_cmd)) {
1351 rw_cb.tcb.i93.sent_cmd = I93_CMD_LOCK_AFI;
1352 return NFC_STATUS_OK;
1353 } else {
1354 return NFC_STATUS_FAILED;
1355 }
1356 }
1357
1358 /*******************************************************************************
1359 **
1360 ** Function rw_i93_send_cmd_write_dsfid
1361 **
1362 ** Description Send Write DSFID Request to VICC
1363 **
1364 ** Returns tNFC_STATUS
1365 **
1366 *******************************************************************************/
rw_i93_send_cmd_write_dsfid(uint8_t dsfid)1367 tNFC_STATUS rw_i93_send_cmd_write_dsfid(uint8_t dsfid) {
1368 NFC_HDR* p_cmd;
1369 uint8_t* p;
1370
1371 DLOG_IF(INFO, nfc_debug_enabled) << __func__;
1372
1373 p_cmd = (NFC_HDR*)GKI_getpoolbuf(NFC_RW_POOL_ID);
1374
1375 if (!p_cmd) {
1376 LOG(ERROR) << StringPrintf("Cannot allocate buffer");
1377 return NFC_STATUS_NO_BUFFERS;
1378 }
1379
1380 p_cmd->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
1381 p_cmd->len = 11;
1382 p = (uint8_t*)(p_cmd + 1) + p_cmd->offset;
1383
1384 /* Flags */
1385 UINT8_TO_STREAM(p, (I93_FLAG_ADDRESS_SET | RW_I93_FLAG_SUB_CARRIER |
1386 RW_I93_FLAG_DATA_RATE));
1387
1388 /* Command Code */
1389 UINT8_TO_STREAM(p, I93_CMD_WRITE_DSFID);
1390
1391 /* Parameters */
1392 ARRAY8_TO_STREAM(p, rw_cb.tcb.i93.uid); /* UID */
1393 UINT8_TO_STREAM(p, dsfid); /* DSFID */
1394
1395 if (rw_i93_send_to_lower(p_cmd)) {
1396 rw_cb.tcb.i93.sent_cmd = I93_CMD_WRITE_DSFID;
1397 return NFC_STATUS_OK;
1398 } else {
1399 return NFC_STATUS_FAILED;
1400 }
1401 }
1402
1403 /*******************************************************************************
1404 **
1405 ** Function rw_i93_send_cmd_lock_dsfid
1406 **
1407 ** Description Send Lock DSFID Request to VICC
1408 **
1409 ** Returns tNFC_STATUS
1410 **
1411 *******************************************************************************/
rw_i93_send_cmd_lock_dsfid(void)1412 tNFC_STATUS rw_i93_send_cmd_lock_dsfid(void) {
1413 NFC_HDR* p_cmd;
1414 uint8_t* p;
1415
1416 DLOG_IF(INFO, nfc_debug_enabled) << __func__;
1417
1418 p_cmd = (NFC_HDR*)GKI_getpoolbuf(NFC_RW_POOL_ID);
1419
1420 if (!p_cmd) {
1421 LOG(ERROR) << StringPrintf("Cannot allocate buffer");
1422 return NFC_STATUS_NO_BUFFERS;
1423 }
1424
1425 p_cmd->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
1426 p_cmd->len = 10;
1427 p = (uint8_t*)(p_cmd + 1) + p_cmd->offset;
1428
1429 /* Flags */
1430 UINT8_TO_STREAM(p, (I93_FLAG_ADDRESS_SET | RW_I93_FLAG_SUB_CARRIER |
1431 RW_I93_FLAG_DATA_RATE));
1432
1433 /* Command Code */
1434 UINT8_TO_STREAM(p, I93_CMD_LOCK_DSFID);
1435
1436 /* Parameters */
1437 ARRAY8_TO_STREAM(p, rw_cb.tcb.i93.uid); /* UID */
1438
1439 if (rw_i93_send_to_lower(p_cmd)) {
1440 rw_cb.tcb.i93.sent_cmd = I93_CMD_LOCK_DSFID;
1441 return NFC_STATUS_OK;
1442 } else {
1443 return NFC_STATUS_FAILED;
1444 }
1445 }
1446
1447 /*******************************************************************************
1448 **
1449 ** Function rw_i93_send_cmd_get_ext_sys_info
1450 **
1451 ** Description Send Get Extended System Information Request to VICC
1452 **
1453 ** Returns tNFC_STATUS
1454 **
1455 *******************************************************************************/
rw_i93_send_cmd_get_ext_sys_info(uint8_t * p_uid)1456 tNFC_STATUS rw_i93_send_cmd_get_ext_sys_info(uint8_t* p_uid) {
1457 NFC_HDR* p_cmd;
1458 uint8_t* p;
1459
1460 DLOG_IF(INFO, nfc_debug_enabled) << __func__;
1461
1462 p_cmd = (NFC_HDR*)GKI_getpoolbuf(NFC_RW_POOL_ID);
1463
1464 if (!p_cmd) {
1465 DLOG_IF(INFO, nfc_debug_enabled) << __func__ << "Cannot allocate buffer";
1466 return NFC_STATUS_NO_BUFFERS;
1467 }
1468
1469 p_cmd->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
1470 p_cmd->len = 11;
1471 p = (uint8_t*)(p_cmd + 1) + p_cmd->offset;
1472
1473 /* Flags */
1474 UINT8_TO_STREAM(p, (I93_FLAG_ADDRESS_SET | RW_I93_FLAG_SUB_CARRIER |
1475 RW_I93_FLAG_DATA_RATE));
1476
1477 /* Command Code */
1478 UINT8_TO_STREAM(p, I93_CMD_EXT_GET_SYS_INFO);
1479
1480 /* Parameters request field */
1481 UINT8_TO_STREAM(p,
1482 (I93_INFO_FLAG_MOI | I93_INFO_FLAG_DSFID | I93_INFO_FLAG_AFI |
1483 I93_INFO_FLAG_MEM_SIZE | I93_INFO_FLAG_IC_REF));
1484
1485 /* Parameters */
1486 if (p_uid) {
1487 ARRAY8_TO_STREAM(p, p_uid); /* UID */
1488 } else {
1489 ARRAY8_TO_STREAM(p, rw_cb.tcb.i93.uid); /* UID */
1490 }
1491
1492 if (rw_i93_send_to_lower(p_cmd)) {
1493 rw_cb.tcb.i93.sent_cmd = I93_CMD_EXT_GET_SYS_INFO;
1494 return NFC_STATUS_OK;
1495 } else {
1496 return NFC_STATUS_FAILED;
1497 }
1498 }
1499
1500 /*******************************************************************************
1501 **
1502 ** Function rw_i93_send_cmd_get_sys_info
1503 **
1504 ** Description Send Get System Information Request to VICC
1505 **
1506 ** Returns tNFC_STATUS
1507 **
1508 *******************************************************************************/
rw_i93_send_cmd_get_sys_info(uint8_t * p_uid,uint8_t extra_flags)1509 tNFC_STATUS rw_i93_send_cmd_get_sys_info(uint8_t* p_uid, uint8_t extra_flags) {
1510 NFC_HDR* p_cmd;
1511 uint8_t* p;
1512
1513 DLOG_IF(INFO, nfc_debug_enabled) << __func__;
1514
1515 p_cmd = (NFC_HDR*)GKI_getpoolbuf(NFC_RW_POOL_ID);
1516
1517 if (!p_cmd) {
1518 LOG(ERROR) << StringPrintf("Cannot allocate buffer");
1519 return NFC_STATUS_NO_BUFFERS;
1520 }
1521
1522 p_cmd->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
1523 p_cmd->len = 10;
1524 p = (uint8_t*)(p_cmd + 1) + p_cmd->offset;
1525
1526 /* Flags */
1527 UINT8_TO_STREAM(p, (I93_FLAG_ADDRESS_SET | RW_I93_FLAG_SUB_CARRIER |
1528 RW_I93_FLAG_DATA_RATE | extra_flags));
1529
1530 /* Command Code */
1531 UINT8_TO_STREAM(p, I93_CMD_GET_SYS_INFO);
1532
1533 /* Parameters */
1534 if (p_uid) {
1535 ARRAY8_TO_STREAM(p, p_uid); /* UID */
1536 } else {
1537 ARRAY8_TO_STREAM(p, rw_cb.tcb.i93.uid); /* UID */
1538 }
1539
1540 if (rw_i93_send_to_lower(p_cmd)) {
1541 rw_cb.tcb.i93.sent_cmd = I93_CMD_GET_SYS_INFO;
1542 return NFC_STATUS_OK;
1543 } else {
1544 return NFC_STATUS_FAILED;
1545 }
1546 }
1547
1548 /*******************************************************************************
1549 **
1550 ** Function rw_i93_send_cmd_get_multi_block_sec
1551 **
1552 ** Description Send Get Multiple Block Security Status Request to VICC
1553 **
1554 ** Returns tNFC_STATUS
1555 **
1556 *******************************************************************************/
rw_i93_send_cmd_get_multi_block_sec(uint16_t first_block_number,uint16_t number_blocks)1557 tNFC_STATUS rw_i93_send_cmd_get_multi_block_sec(uint16_t first_block_number,
1558 uint16_t number_blocks) {
1559 NFC_HDR* p_cmd;
1560 uint8_t *p, flags;
1561
1562 DLOG_IF(INFO, nfc_debug_enabled) << __func__;
1563
1564 p_cmd = (NFC_HDR*)GKI_getpoolbuf(NFC_RW_POOL_ID);
1565
1566 if (!p_cmd) {
1567 LOG(ERROR) << StringPrintf("Cannot allocate buffer");
1568 return NFC_STATUS_NO_BUFFERS;
1569 }
1570
1571 p_cmd->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
1572 p_cmd->len = 12;
1573 p = (uint8_t*)(p_cmd + 1) + p_cmd->offset;
1574
1575 /* Flags */
1576 flags =
1577 (I93_FLAG_ADDRESS_SET | RW_I93_FLAG_SUB_CARRIER | RW_I93_FLAG_DATA_RATE);
1578
1579 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_16BIT_NUM_BLOCK)
1580 flags |= I93_FLAG_PROT_EXT_YES;
1581
1582 UINT8_TO_STREAM(p, flags);
1583
1584 /* Command Code */
1585 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_EXT_COMMANDS) {
1586 UINT8_TO_STREAM(p, I93_CMD_EXT_GET_MULTI_BLK_SEC);
1587 } else {
1588 UINT8_TO_STREAM(p, I93_CMD_GET_MULTI_BLK_SEC);
1589 }
1590
1591 /* Parameters */
1592 ARRAY8_TO_STREAM(p, rw_cb.tcb.i93.uid); /* UID */
1593
1594 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_16BIT_NUM_BLOCK ||
1595 rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_EXT_COMMANDS) {
1596 UINT16_TO_STREAM(p, first_block_number); /* First block number */
1597 UINT16_TO_STREAM(
1598 p, number_blocks - 1); /* Number of blocks, 0x00 to read one block */
1599 p_cmd->len += 2;
1600 } else {
1601 UINT8_TO_STREAM(p, first_block_number); /* First block number */
1602 UINT8_TO_STREAM(
1603 p, number_blocks - 1); /* Number of blocks, 0x00 to read one block */
1604 }
1605
1606 if (rw_i93_send_to_lower(p_cmd)) {
1607 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_EXT_COMMANDS)
1608 rw_cb.tcb.i93.sent_cmd = I93_CMD_EXT_GET_MULTI_BLK_SEC;
1609 else
1610 rw_cb.tcb.i93.sent_cmd = I93_CMD_GET_MULTI_BLK_SEC;
1611 return NFC_STATUS_OK;
1612 } else {
1613 return NFC_STATUS_FAILED;
1614 }
1615 }
1616
1617 /*******************************************************************************
1618 **
1619 ** Function rw_i93_get_next_blocks
1620 **
1621 ** Description Read as many blocks as possible (up to
1622 ** RW_I93_READ_MULTI_BLOCK_SIZE)
1623 **
1624 ** Returns tNFC_STATUS
1625 **
1626 *******************************************************************************/
rw_i93_get_next_blocks(uint16_t offset)1627 tNFC_STATUS rw_i93_get_next_blocks(uint16_t offset) {
1628 tRW_I93_CB* p_i93 = &rw_cb.tcb.i93;
1629 uint16_t first_block;
1630 uint16_t num_block;
1631
1632 DLOG_IF(INFO, nfc_debug_enabled) << __func__;
1633
1634 first_block = offset / p_i93->block_size;
1635
1636 /* more blocks, more efficent but more error rate */
1637
1638 if (p_i93->intl_flags & RW_I93_FLAG_READ_MULTI_BLOCK) {
1639 num_block = RW_I93_READ_MULTI_BLOCK_SIZE / p_i93->block_size;
1640
1641 if (num_block + first_block > p_i93->num_block)
1642 num_block = p_i93->num_block - first_block;
1643
1644 if (p_i93->uid[1] == I93_UID_IC_MFG_CODE_STM) {
1645 /* LRIS64K, M24LR64-R, M24LR04E-R, M24LR16E-R, M24LR64E-R requires
1646 ** - The max number of blocks is 32 and they are all located in the
1647 ** same sector.
1648 ** - The sector is 32 blocks of 4 bytes.
1649 */
1650 if ((p_i93->product_version == RW_I93_STM_LRIS64K) ||
1651 (p_i93->product_version == RW_I93_STM_M24LR64_R) ||
1652 (p_i93->product_version == RW_I93_STM_M24LR04E_R) ||
1653 (p_i93->product_version == RW_I93_STM_M24LR16E_R) ||
1654 (p_i93->product_version == RW_I93_STM_M24LR64E_R)) {
1655 if (num_block > I93_STM_MAX_BLOCKS_PER_READ)
1656 num_block = I93_STM_MAX_BLOCKS_PER_READ;
1657
1658 if ((first_block / I93_STM_BLOCKS_PER_SECTOR) !=
1659 ((first_block + num_block - 1) / I93_STM_BLOCKS_PER_SECTOR)) {
1660 num_block = I93_STM_BLOCKS_PER_SECTOR -
1661 (first_block % I93_STM_BLOCKS_PER_SECTOR);
1662 }
1663 }
1664 }
1665
1666 if (p_i93->uid[1] == I93_UID_IC_MFG_CODE_ONS) {
1667 /* N24RF04, N24RF04E, N24RF16, N24RF16E, N24RF64, N24RF64E requires
1668 ** - The max number of blocks is 32 and they are all located in the
1669 ** same sector.
1670 ** - The sector is 32 blocks of 4 bytes.
1671 */
1672 if ((p_i93->product_version == RW_I93_ONS_N36RW02) ||
1673 (p_i93->product_version == RW_I93_ONS_N24RF04) ||
1674 (p_i93->product_version == RW_I93_ONS_N24RF04E)||
1675 (p_i93->product_version == RW_I93_ONS_N24RF16) ||
1676 (p_i93->product_version == RW_I93_ONS_N24RF16E)||
1677 (p_i93->product_version == RW_I93_ONS_N24RF64) ||
1678 (p_i93->product_version == RW_I93_ONS_N24RF64E)) {
1679 if (num_block > I93_ONS_MAX_BLOCKS_PER_READ)
1680 num_block = I93_ONS_MAX_BLOCKS_PER_READ;
1681
1682 if ((first_block / I93_ONS_BLOCKS_PER_SECTOR) !=
1683 ((first_block + num_block - 1) / I93_ONS_BLOCKS_PER_SECTOR)) {
1684 num_block = I93_ONS_BLOCKS_PER_SECTOR -
1685 (first_block % I93_ONS_BLOCKS_PER_SECTOR);
1686 }
1687 }
1688 }
1689
1690 return rw_i93_send_cmd_read_multi_blocks(first_block, num_block);
1691 } else {
1692 return rw_i93_send_cmd_read_single_block(first_block, false);
1693 }
1694 }
1695
1696 /*******************************************************************************
1697 **
1698 ** Function rw_i93_get_next_block_sec
1699 **
1700 ** Description Get as many security of blocks as possible from
1701 ** p_i93->rw_offset (up to RW_I93_GET_MULTI_BLOCK_SEC_SIZE)
1702 **
1703 ** Returns tNFC_STATUS
1704 **
1705 *******************************************************************************/
rw_i93_get_next_block_sec(void)1706 tNFC_STATUS rw_i93_get_next_block_sec(void) {
1707 tRW_I93_CB* p_i93 = &rw_cb.tcb.i93;
1708 uint16_t num_blocks;
1709
1710 DLOG_IF(INFO, nfc_debug_enabled) << __func__;
1711
1712 if (p_i93->num_block <= p_i93->rw_offset) {
1713 LOG(ERROR) << StringPrintf(
1714 "rw_offset(0x%x) must be less than num_block(0x%x)", p_i93->rw_offset,
1715 p_i93->num_block);
1716 return NFC_STATUS_FAILED;
1717 }
1718
1719 num_blocks = p_i93->num_block - p_i93->rw_offset;
1720
1721 if (num_blocks > RW_I93_GET_MULTI_BLOCK_SEC_SIZE)
1722 num_blocks = RW_I93_GET_MULTI_BLOCK_SEC_SIZE;
1723
1724 DLOG_IF(INFO, nfc_debug_enabled)
1725 << __func__ << std::hex << rw_cb.tcb.i93.intl_flags;
1726 return rw_i93_send_cmd_get_multi_block_sec(p_i93->rw_offset, num_blocks);
1727 }
1728
1729 /*******************************************************************************
1730 **
1731 ** Function rw_i93_sm_detect_ndef
1732 **
1733 ** Description Process NDEF detection procedure
1734 **
1735 ** 1. Get UID if not having yet
1736 ** 2. Get System Info if not having yet
1737 ** 3. Read first block for CC
1738 ** 4. Search NDEF Type and length
1739 ** 5. Get block status to get max NDEF size and read-only
1740 ** status
1741 **
1742 ** Returns void
1743 **
1744 *******************************************************************************/
rw_i93_sm_detect_ndef(NFC_HDR * p_resp)1745 void rw_i93_sm_detect_ndef(NFC_HDR* p_resp) {
1746 uint8_t *p = (uint8_t*)(p_resp + 1) + p_resp->offset, *p_uid;
1747 uint8_t flags, u8 = 0, cc[4];
1748 uint16_t length = p_resp->len, xx, block, first_block, last_block, num_blocks;
1749 tRW_I93_CB* p_i93 = &rw_cb.tcb.i93;
1750 tRW_DATA rw_data;
1751 tNFC_STATUS status = NFC_STATUS_FAILED;
1752
1753 DLOG_IF(INFO, nfc_debug_enabled) << StringPrintf(
1754 "sub_state:%s (0x%x)",
1755 rw_i93_get_sub_state_name(p_i93->sub_state).c_str(), p_i93->sub_state);
1756
1757 if (length == 0) {
1758 android_errorWriteLog(0x534e4554, "121260197");
1759 rw_i93_handle_error(NFC_STATUS_FAILED);
1760 return;
1761 }
1762 STREAM_TO_UINT8(flags, p);
1763 length--;
1764
1765 if (flags & I93_FLAG_ERROR_DETECTED) {
1766 if ((length) && (rw_i93_check_sys_info_prot_ext(*p))) {
1767 /* getting system info with protocol extension flag */
1768 /* This STM & ONS tag supports more than 2040 bytes */
1769 p_i93->intl_flags |= RW_I93_FLAG_16BIT_NUM_BLOCK;
1770 } else {
1771 DLOG_IF(INFO, nfc_debug_enabled)
1772 << StringPrintf("Got error flags (0x%02x)", flags);
1773 rw_i93_handle_error(NFC_STATUS_FAILED);
1774 }
1775 return;
1776 }
1777
1778 switch (p_i93->sub_state) {
1779 case RW_I93_SUBSTATE_WAIT_UID:
1780
1781 if (length < (I93_UID_BYTE_LEN + 1)) {
1782 android_errorWriteLog(0x534e4554, "121260197");
1783 rw_i93_handle_error(NFC_STATUS_FAILED);
1784 return;
1785 }
1786 STREAM_TO_UINT8(u8, p); /* DSFID */
1787 p_uid = p_i93->uid;
1788 STREAM_TO_ARRAY8(p_uid, p);
1789
1790 if (u8 != I93_DFS_UNSUPPORTED) {
1791 /* if Data Storage Format is unknown */
1792 DLOG_IF(INFO, nfc_debug_enabled)
1793 << StringPrintf("Got unknown DSFID (0x%02x)", u8);
1794 rw_i93_handle_error(NFC_STATUS_FAILED);
1795 } else {
1796 /* get system information to get memory size */
1797 if (rw_i93_send_cmd_get_sys_info(nullptr, I93_FLAG_PROT_EXT_NO) ==
1798 NFC_STATUS_OK) {
1799 p_i93->sub_state = RW_I93_SUBSTATE_WAIT_SYS_INFO;
1800 } else {
1801 rw_i93_handle_error(NFC_STATUS_FAILED);
1802 }
1803 }
1804 break;
1805
1806 case RW_I93_SUBSTATE_WAIT_SYS_INFO:
1807
1808 p_i93->block_size = 0;
1809 p_i93->num_block = 0;
1810
1811 if (!rw_i93_process_sys_info(p, length)) {
1812 /* retrying with protocol extension flag */
1813 break;
1814 }
1815
1816 if ((p_i93->block_size == 0) || (p_i93->num_block == 0)) {
1817 DLOG_IF(INFO, nfc_debug_enabled)
1818 << StringPrintf("Unable to get tag memory size");
1819 rw_i93_handle_error(status);
1820 } else {
1821 /* read CC in the first block */
1822 if (rw_i93_send_cmd_read_single_block(0x0000, false) == NFC_STATUS_OK) {
1823 p_i93->sub_state = RW_I93_SUBSTATE_WAIT_CC;
1824 } else {
1825 rw_i93_handle_error(NFC_STATUS_FAILED);
1826 }
1827 }
1828 break;
1829
1830 case RW_I93_SUBSTATE_WAIT_CC:
1831
1832 if (length < RW_I93_CC_SIZE) {
1833 android_errorWriteLog(0x534e4554, "139188579");
1834 rw_i93_handle_error(NFC_STATUS_FAILED);
1835 return;
1836 }
1837
1838 /* assume block size is more than RW_I93_CC_SIZE 4 */
1839 STREAM_TO_ARRAY(cc, p, RW_I93_CC_SIZE);
1840
1841 status = NFC_STATUS_FAILED;
1842
1843 /*
1844 ** Capability Container (CC)
1845 **
1846 ** CC[0] : magic number (0xE1)
1847 ** CC[1] : Bit 7-6:Major version number
1848 ** : Bit 5-4:Minor version number
1849 ** : Bit 3-2:Read access condition (00b: read access granted
1850 ** without any security)
1851 ** : Bit 1-0:Write access condition (00b: write access granted
1852 ** without any security)
1853 ** CC[2] : Memory size in 8 bytes (Ex. 0x04 is 32 bytes) [STM, ONS set
1854 ** to 0xFF if more than 2040bytes]
1855 ** CC[3] : Bit 0:Read multiple blocks is supported [NXP, STM, ONS]
1856 ** : Bit 1:Inventory page read is supported [NXP]
1857 ** : Bit 2:More than 2040 bytes are supported [STM, ONS]
1858 */
1859
1860 DLOG_IF(INFO, nfc_debug_enabled) << StringPrintf(
1861 "cc: 0x%02X 0x%02X 0x%02X 0x%02X", cc[0], cc[1], cc[2], cc[3]);
1862 DLOG_IF(INFO, nfc_debug_enabled)
1863 << StringPrintf("Total blocks:0x%04X, Block size:0x%02X",
1864 p_i93->num_block, p_i93->block_size);
1865
1866 if ((cc[0] == I93_ICODE_CC_MAGIC_NUMER_E1) ||
1867 (cc[0] == I93_ICODE_CC_MAGIC_NUMER_E2)) {
1868 if ((cc[1] & I93_ICODE_CC_READ_ACCESS_MASK) ==
1869 I93_ICODE_CC_READ_ACCESS_GRANTED) {
1870 if ((cc[1] & I93_ICODE_CC_WRITE_ACCESS_MASK) !=
1871 I93_ICODE_CC_WRITE_ACCESS_GRANTED) {
1872 /* read-only or password required to write */
1873 p_i93->intl_flags |= RW_I93_FLAG_READ_ONLY;
1874 }
1875 if (cc[3] & I93_ICODE_CC_MBREAD_MASK) {
1876 /* tag supports read multi blocks command */
1877 p_i93->intl_flags |= RW_I93_FLAG_READ_MULTI_BLOCK;
1878 }
1879 if (cc[0] == I93_ICODE_CC_MAGIC_NUMER_E2) {
1880 p_i93->intl_flags |= RW_I93_FLAG_EXT_COMMANDS;
1881 }
1882 status = NFC_STATUS_OK;
1883 }
1884 }
1885
1886 if (status == NFC_STATUS_OK) {
1887 /* seach NDEF TLV from offset 4 when CC file coded on 4 bytes NFC Forum
1888 */
1889 if (cc[2] != 0)
1890 p_i93->rw_offset = 4;
1891 else
1892 p_i93->rw_offset = 8;
1893
1894 if (rw_i93_get_next_blocks(p_i93->rw_offset) == NFC_STATUS_OK) {
1895 p_i93->sub_state = RW_I93_SUBSTATE_SEARCH_NDEF_TLV;
1896 p_i93->tlv_detect_state = RW_I93_TLV_DETECT_STATE_TYPE;
1897 } else {
1898 rw_i93_handle_error(NFC_STATUS_FAILED);
1899 }
1900 } else {
1901 rw_i93_handle_error(NFC_STATUS_FAILED);
1902 }
1903 break;
1904
1905 case RW_I93_SUBSTATE_SEARCH_NDEF_TLV:
1906
1907 /* search TLV within read blocks */
1908 for (xx = 0; xx < length; xx++) {
1909 /* if looking for type */
1910 if (p_i93->tlv_detect_state == RW_I93_TLV_DETECT_STATE_TYPE) {
1911 if (*(p + xx) == I93_ICODE_TLV_TYPE_NULL) {
1912 continue;
1913 } else if ((*(p + xx) == I93_ICODE_TLV_TYPE_NDEF) ||
1914 (*(p + xx) == I93_ICODE_TLV_TYPE_PROP)) {
1915 /* store found type and get length field */
1916 p_i93->tlv_type = *(p + xx);
1917 p_i93->ndef_tlv_start_offset = p_i93->rw_offset + xx;
1918
1919 p_i93->tlv_detect_state = RW_I93_TLV_DETECT_STATE_LENGTH_1;
1920 } else if (*(p + xx) == I93_ICODE_TLV_TYPE_TERM) {
1921 /* no NDEF TLV found */
1922 p_i93->tlv_type = I93_ICODE_TLV_TYPE_TERM;
1923 break;
1924 } else {
1925 DLOG_IF(INFO, nfc_debug_enabled)
1926 << StringPrintf("Invalid type: 0x%02x", *(p + xx));
1927 rw_i93_handle_error(NFC_STATUS_FAILED);
1928 return;
1929 }
1930 } else if (p_i93->tlv_detect_state ==
1931 RW_I93_TLV_DETECT_STATE_LENGTH_1) {
1932 /* if 3 bytes length field */
1933 if (*(p + xx) == 0xFF) {
1934 /* need 2 more bytes for length field */
1935 p_i93->tlv_detect_state = RW_I93_TLV_DETECT_STATE_LENGTH_2;
1936 } else {
1937 p_i93->tlv_length = *(p + xx);
1938 p_i93->tlv_detect_state = RW_I93_TLV_DETECT_STATE_VALUE;
1939
1940 if (p_i93->tlv_type == I93_ICODE_TLV_TYPE_NDEF) {
1941 p_i93->ndef_tlv_last_offset =
1942 p_i93->ndef_tlv_start_offset + 1 + p_i93->tlv_length;
1943 break;
1944 }
1945 }
1946 } else if (p_i93->tlv_detect_state ==
1947 RW_I93_TLV_DETECT_STATE_LENGTH_2) {
1948 /* the second byte of 3 bytes length field */
1949 p_i93->tlv_length = *(p + xx);
1950 p_i93->tlv_detect_state = RW_I93_TLV_DETECT_STATE_LENGTH_3;
1951 } else if (p_i93->tlv_detect_state ==
1952 RW_I93_TLV_DETECT_STATE_LENGTH_3) {
1953 /* the last byte of 3 bytes length field */
1954 p_i93->tlv_length = (p_i93->tlv_length << 8) + *(p + xx);
1955 p_i93->tlv_detect_state = RW_I93_TLV_DETECT_STATE_VALUE;
1956
1957 if (p_i93->tlv_type == I93_ICODE_TLV_TYPE_NDEF) {
1958 p_i93->ndef_tlv_last_offset =
1959 p_i93->ndef_tlv_start_offset + 3 + p_i93->tlv_length;
1960 break;
1961 }
1962 } else if (p_i93->tlv_detect_state == RW_I93_TLV_DETECT_STATE_VALUE) {
1963 /* this is other than NDEF TLV */
1964 if (p_i93->tlv_length <= length - xx) {
1965 /* skip value field */
1966 xx += (uint8_t)p_i93->tlv_length;
1967 p_i93->tlv_detect_state = RW_I93_TLV_DETECT_STATE_TYPE;
1968 } else {
1969 /* read more data */
1970 p_i93->tlv_length -= (length - xx);
1971 break;
1972 }
1973 }
1974 }
1975
1976 /* found NDEF TLV and read length field */
1977 if ((p_i93->tlv_type == I93_ICODE_TLV_TYPE_NDEF) &&
1978 (p_i93->tlv_detect_state == RW_I93_TLV_DETECT_STATE_VALUE)) {
1979 p_i93->ndef_length = p_i93->tlv_length;
1980
1981 /* get lock status to see if read-only */
1982 if ((p_i93->product_version == RW_I93_TAG_IT_HF_I_STD_CHIP_INLAY) ||
1983 (p_i93->product_version == RW_I93_TAG_IT_HF_I_PRO_CHIP_INLAY) ||
1984 ((p_i93->uid[1] == I93_UID_IC_MFG_CODE_NXP) &&
1985 (p_i93->ic_reference & I93_ICODE_IC_REF_MBREAD_MASK))) {
1986 /* these doesn't support GetMultiBlockSecurityStatus */
1987
1988 p_i93->rw_offset = p_i93->ndef_tlv_start_offset;
1989 first_block = p_i93->ndef_tlv_start_offset / p_i93->block_size;
1990
1991 /* read block to get lock status */
1992 rw_i93_send_cmd_read_single_block(first_block, true);
1993 p_i93->sub_state = RW_I93_SUBSTATE_CHECK_LOCK_STATUS;
1994 } else {
1995 /* block offset for read-only check */
1996 p_i93->rw_offset = 0;
1997
1998 if (rw_i93_get_next_block_sec() == NFC_STATUS_OK) {
1999 p_i93->sub_state = RW_I93_SUBSTATE_CHECK_LOCK_STATUS;
2000 } else {
2001 rw_i93_handle_error(NFC_STATUS_FAILED);
2002 }
2003 }
2004 } else {
2005 /* read more data */
2006 p_i93->rw_offset += length;
2007
2008 if (p_i93->rw_offset >= p_i93->block_size * p_i93->num_block) {
2009 rw_i93_handle_error(NFC_STATUS_FAILED);
2010 } else if (rw_i93_get_next_blocks(p_i93->rw_offset) == NFC_STATUS_OK) {
2011 p_i93->sub_state = RW_I93_SUBSTATE_SEARCH_NDEF_TLV;
2012 } else {
2013 rw_i93_handle_error(NFC_STATUS_FAILED);
2014 }
2015 }
2016 break;
2017
2018 case RW_I93_SUBSTATE_CHECK_LOCK_STATUS:
2019
2020 if ((p_i93->product_version == RW_I93_TAG_IT_HF_I_STD_CHIP_INLAY) ||
2021 (p_i93->product_version == RW_I93_TAG_IT_HF_I_PRO_CHIP_INLAY) ||
2022 ((p_i93->uid[1] == I93_UID_IC_MFG_CODE_NXP) &&
2023 (p_i93->ic_reference & I93_ICODE_IC_REF_MBREAD_MASK))) {
2024 /* these doesn't support GetMultiBlockSecurityStatus */
2025
2026 block = (p_i93->rw_offset / p_i93->block_size);
2027 last_block = (p_i93->ndef_tlv_last_offset / p_i93->block_size);
2028
2029 if (length == 0) {
2030 rw_i93_handle_error(NFC_STATUS_FAILED);
2031 }
2032 if ((*p) & I93_BLOCK_LOCKED) {
2033 if (block <= last_block) {
2034 p_i93->intl_flags |= RW_I93_FLAG_READ_ONLY;
2035 }
2036 } else {
2037 /* if we need to check more user blocks */
2038 if (block + 1 < p_i93->num_block) {
2039 p_i93->rw_offset += p_i93->block_size;
2040
2041 /* read block to get lock status */
2042 rw_i93_send_cmd_read_single_block(
2043 (uint16_t)(p_i93->rw_offset / p_i93->block_size), true);
2044 break;
2045 }
2046 }
2047
2048 p_i93->max_ndef_length =
2049 p_i93->ndef_length
2050 /* add available bytes including the last block of NDEF TLV */
2051 + (p_i93->block_size * (block - last_block) + 1) -
2052 (p_i93->ndef_tlv_last_offset % p_i93->block_size) - 1;
2053 } else {
2054 if (p_i93->rw_offset == 0) {
2055 p_i93->max_ndef_length =
2056 p_i93->ndef_length
2057 /* add available bytes in the last block of NDEF TLV */
2058 + p_i93->block_size -
2059 (p_i93->ndef_tlv_last_offset % p_i93->block_size) - 1;
2060
2061 first_block = (p_i93->ndef_tlv_start_offset / p_i93->block_size);
2062 } else {
2063 first_block = 0;
2064 }
2065
2066 last_block = (p_i93->ndef_tlv_last_offset / p_i93->block_size);
2067 num_blocks = length;
2068
2069 for (block = first_block; block < num_blocks; block++) {
2070 /* if any block of NDEF TLV is locked */
2071 if ((block + p_i93->rw_offset) <= last_block) {
2072 if (*(p + block) & I93_BLOCK_LOCKED) {
2073 p_i93->intl_flags |= RW_I93_FLAG_READ_ONLY;
2074 break;
2075 }
2076 } else {
2077 if (*(p + block) & I93_BLOCK_LOCKED) {
2078 /* no more consecutive unlocked block */
2079 break;
2080 } else {
2081 /* add block size if not locked */
2082 p_i93->max_ndef_length += p_i93->block_size;
2083 }
2084 }
2085 }
2086
2087 /* update next security of block to check */
2088 p_i93->rw_offset += num_blocks;
2089
2090 /* if need to check more */
2091 if (p_i93->num_block > p_i93->rw_offset) {
2092 if (rw_i93_get_next_block_sec() != NFC_STATUS_OK) {
2093 rw_i93_handle_error(NFC_STATUS_FAILED);
2094 }
2095 break;
2096 }
2097 }
2098
2099 /* check if need to adjust max NDEF length */
2100 if ((p_i93->ndef_length < 0xFF) && (p_i93->max_ndef_length >= 0xFF)) {
2101 /* 3 bytes length field must be used */
2102 p_i93->max_ndef_length -= 2;
2103 }
2104
2105 rw_data.ndef.status = NFC_STATUS_OK;
2106 rw_data.ndef.protocol = NFC_PROTOCOL_T5T;
2107 rw_data.ndef.flags = 0;
2108 rw_data.ndef.flags |= RW_NDEF_FL_SUPPORTED;
2109 rw_data.ndef.flags |= RW_NDEF_FL_FORMATED;
2110 rw_data.ndef.flags |= RW_NDEF_FL_FORMATABLE;
2111 rw_data.ndef.cur_size = p_i93->ndef_length;
2112
2113 if (p_i93->intl_flags & RW_I93_FLAG_READ_ONLY) {
2114 rw_data.ndef.flags |= RW_NDEF_FL_READ_ONLY;
2115 rw_data.ndef.max_size = p_i93->ndef_length;
2116 } else {
2117 rw_data.ndef.flags |= RW_NDEF_FL_HARD_LOCKABLE;
2118 rw_data.ndef.max_size = p_i93->max_ndef_length;
2119 }
2120
2121 p_i93->state = RW_I93_STATE_IDLE;
2122 p_i93->sent_cmd = 0;
2123
2124 DLOG_IF(INFO, nfc_debug_enabled) << StringPrintf(
2125 "NDEF cur_size(%d),max_size (%d), flags (0x%x)",
2126 rw_data.ndef.cur_size, rw_data.ndef.max_size, rw_data.ndef.flags);
2127
2128 (*(rw_cb.p_cback))(RW_I93_NDEF_DETECT_EVT, &rw_data);
2129 break;
2130
2131 default:
2132 break;
2133 }
2134 }
2135
2136 /*******************************************************************************
2137 **
2138 ** Function rw_i93_sm_read_ndef
2139 **
2140 ** Description Process NDEF read procedure
2141 **
2142 ** Returns void
2143 **
2144 *******************************************************************************/
rw_i93_sm_read_ndef(NFC_HDR * p_resp)2145 void rw_i93_sm_read_ndef(NFC_HDR* p_resp) {
2146 uint8_t* p = (uint8_t*)(p_resp + 1) + p_resp->offset;
2147 uint8_t flags;
2148 uint16_t offset, length = p_resp->len;
2149 tRW_I93_CB* p_i93 = &rw_cb.tcb.i93;
2150 tRW_DATA rw_data;
2151
2152 DLOG_IF(INFO, nfc_debug_enabled) << __func__;
2153
2154 if (length == 0) {
2155 android_errorWriteLog(0x534e4554, "122035770");
2156 rw_i93_handle_error(NFC_STATUS_FAILED);
2157 return;
2158 }
2159
2160 STREAM_TO_UINT8(flags, p);
2161 length--;
2162
2163 if (flags & I93_FLAG_ERROR_DETECTED) {
2164 DLOG_IF(INFO, nfc_debug_enabled)
2165 << StringPrintf("Got error flags (0x%02x)", flags);
2166 rw_i93_handle_error(NFC_STATUS_FAILED);
2167 return;
2168 }
2169
2170 /* if this is the first block */
2171 if (p_i93->rw_length == 0) {
2172 /* get start of NDEF in the first block */
2173 offset = p_i93->ndef_tlv_start_offset % p_i93->block_size;
2174
2175 if (p_i93->ndef_length < 0xFF) {
2176 offset += 2;
2177 } else {
2178 offset += 4;
2179 }
2180
2181 /* adjust offset if read more blocks because the first block doesn't have
2182 * NDEF */
2183 offset -= (p_i93->rw_offset - p_i93->ndef_tlv_start_offset);
2184 } else {
2185 offset = 0;
2186 }
2187
2188 /* if read enough data to skip type and length field for the beginning */
2189 if (offset < length) {
2190 offset++; /* flags */
2191 p_resp->offset += offset;
2192 p_resp->len -= offset;
2193
2194 rw_data.data.status = NFC_STATUS_OK;
2195 rw_data.data.p_data = p_resp;
2196
2197 p_i93->rw_length += p_resp->len;
2198 } else {
2199 /* in case of no Ndef data included */
2200 p_resp->len = 0;
2201 }
2202
2203 /* if read all of NDEF data */
2204 if (p_i93->rw_length >= p_i93->ndef_length) {
2205 /* remove extra btyes in the last block */
2206 p_resp->len -= (p_i93->rw_length - p_i93->ndef_length);
2207
2208 p_i93->state = RW_I93_STATE_IDLE;
2209 p_i93->sent_cmd = 0;
2210
2211 DLOG_IF(INFO, nfc_debug_enabled)
2212 << StringPrintf("NDEF read complete read (%d)/total (%d)", p_resp->len,
2213 p_i93->ndef_length);
2214
2215 (*(rw_cb.p_cback))(RW_I93_NDEF_READ_CPLT_EVT, &rw_data);
2216 } else {
2217 DLOG_IF(INFO, nfc_debug_enabled)
2218 << StringPrintf("NDEF read segment read (%d)/total (%d)", p_resp->len,
2219 p_i93->ndef_length);
2220
2221 if (p_resp->len > 0) {
2222 (*(rw_cb.p_cback))(RW_I93_NDEF_READ_EVT, &rw_data);
2223 }
2224
2225 /* this will make read data from next block */
2226 p_i93->rw_offset += length;
2227
2228 if (rw_i93_get_next_blocks(p_i93->rw_offset) != NFC_STATUS_OK) {
2229 rw_i93_handle_error(NFC_STATUS_FAILED);
2230 }
2231 }
2232 }
2233
2234 /*******************************************************************************
2235 **
2236 ** Function rw_i93_sm_update_ndef
2237 **
2238 ** Description Process NDEF update procedure
2239 **
2240 ** 1. Set length field to zero
2241 ** 2. Write NDEF and Terminator TLV
2242 ** 3. Set length field to NDEF length
2243 **
2244 ** Returns void
2245 **
2246 *******************************************************************************/
rw_i93_sm_update_ndef(NFC_HDR * p_resp)2247 void rw_i93_sm_update_ndef(NFC_HDR* p_resp) {
2248 uint8_t* p = (uint8_t*)(p_resp + 1) + p_resp->offset;
2249 uint8_t flags, xx, length_offset, buff[I93_MAX_BLOCK_LENGH];
2250 uint16_t length = p_resp->len, block_number;
2251 tRW_I93_CB* p_i93 = &rw_cb.tcb.i93;
2252 tRW_DATA rw_data;
2253
2254 DLOG_IF(INFO, nfc_debug_enabled) << StringPrintf(
2255 "sub_state:%s (0x%x)",
2256 rw_i93_get_sub_state_name(p_i93->sub_state).c_str(), p_i93->sub_state);
2257
2258 if (length == 0 || p_i93->block_size > I93_MAX_BLOCK_LENGH) {
2259 android_errorWriteLog(0x534e4554, "122320256");
2260 rw_i93_handle_error(NFC_STATUS_FAILED);
2261 return;
2262 }
2263
2264 STREAM_TO_UINT8(flags, p);
2265 length--;
2266
2267 if (flags & I93_FLAG_ERROR_DETECTED) {
2268 if (((p_i93->product_version == RW_I93_TAG_IT_HF_I_PLUS_INLAY) ||
2269 (p_i93->product_version == RW_I93_TAG_IT_HF_I_PLUS_CHIP) ||
2270 (p_i93->product_version == RW_I93_TAG_IT_HF_I_STD_CHIP_INLAY) ||
2271 (p_i93->product_version == RW_I93_TAG_IT_HF_I_PRO_CHIP_INLAY)) &&
2272 (*p == I93_ERROR_CODE_BLOCK_FAIL_TO_WRITE)) {
2273 /* ignore error */
2274 } else {
2275 DLOG_IF(INFO, nfc_debug_enabled)
2276 << StringPrintf("Got error flags (0x%02x)", flags);
2277 rw_i93_handle_error(NFC_STATUS_FAILED);
2278 return;
2279 }
2280 }
2281
2282 switch (p_i93->sub_state) {
2283 case RW_I93_SUBSTATE_RESET_LEN:
2284
2285 /* get offset of length field */
2286 length_offset = (p_i93->ndef_tlv_start_offset + 1) % p_i93->block_size;
2287
2288 if (length < length_offset) {
2289 android_errorWriteLog(0x534e4554, "122320256");
2290 rw_i93_handle_error(NFC_STATUS_FAILED);
2291 return;
2292 }
2293
2294 /* set length to zero */
2295 *(p + length_offset) = 0x00;
2296
2297 if (p_i93->ndef_length > 0) {
2298 /* if 3 bytes length field is needed */
2299 if (p_i93->ndef_length >= 0xFF) {
2300 xx = length_offset + 3;
2301 } else {
2302 xx = length_offset + 1;
2303 }
2304
2305 /* write the first part of NDEF in the same block */
2306 for (; xx < p_i93->block_size; xx++) {
2307 if (xx > length || p_i93->rw_length > p_i93->ndef_length) {
2308 android_errorWriteLog(0x534e4554, "122320256");
2309 rw_i93_handle_error(NFC_STATUS_FAILED);
2310 return;
2311 }
2312 if (p_i93->rw_length < p_i93->ndef_length) {
2313 *(p + xx) = *(p_i93->p_update_data + p_i93->rw_length++);
2314 } else {
2315 *(p + xx) = I93_ICODE_TLV_TYPE_NULL;
2316 }
2317 }
2318 }
2319
2320 block_number = (p_i93->ndef_tlv_start_offset + 1) / p_i93->block_size;
2321
2322 if (length < p_i93->block_size) {
2323 android_errorWriteLog(0x534e4554, "143109193");
2324 rw_i93_handle_error(NFC_STATUS_FAILED);
2325 } else if (rw_i93_send_cmd_write_single_block(block_number, p) ==
2326 NFC_STATUS_OK) {
2327 /* update next writing offset */
2328 p_i93->rw_offset = (block_number + 1) * p_i93->block_size;
2329 p_i93->sub_state = RW_I93_SUBSTATE_WRITE_NDEF;
2330 } else {
2331 rw_i93_handle_error(NFC_STATUS_FAILED);
2332 }
2333 break;
2334
2335 case RW_I93_SUBSTATE_WRITE_NDEF:
2336
2337 /* if it's not the end of tag memory */
2338 if (p_i93->rw_offset < p_i93->block_size * p_i93->num_block) {
2339 block_number = p_i93->rw_offset / p_i93->block_size;
2340
2341 /* if we have more data to write */
2342 if (p_i93->rw_length < p_i93->ndef_length) {
2343 p = p_i93->p_update_data + p_i93->rw_length;
2344
2345 p_i93->rw_offset += p_i93->block_size;
2346 p_i93->rw_length += p_i93->block_size;
2347
2348 /* if this is the last block of NDEF TLV */
2349 if (p_i93->rw_length > p_i93->ndef_length) {
2350 /* length of NDEF TLV in the block */
2351 xx = (uint8_t)(p_i93->block_size -
2352 (p_i93->rw_length - p_i93->ndef_length));
2353
2354 /* set NULL TLV in the unused part of block */
2355 memset(buff, I93_ICODE_TLV_TYPE_NULL, p_i93->block_size);
2356 memcpy(buff, p, xx);
2357 p = buff;
2358
2359 /* if it's the end of tag memory */
2360 if ((p_i93->rw_offset >= p_i93->block_size * p_i93->num_block) &&
2361 (xx < p_i93->block_size)) {
2362 buff[xx] = I93_ICODE_TLV_TYPE_TERM;
2363 }
2364
2365 p_i93->ndef_tlv_last_offset =
2366 p_i93->rw_offset - p_i93->block_size + xx - 1;
2367 }
2368
2369 if (rw_i93_send_cmd_write_single_block(block_number, p) !=
2370 NFC_STATUS_OK) {
2371 rw_i93_handle_error(NFC_STATUS_FAILED);
2372 }
2373 } else {
2374 /* if this is the very next block of NDEF TLV */
2375 if (block_number ==
2376 (p_i93->ndef_tlv_last_offset / p_i93->block_size) + 1) {
2377 p_i93->rw_offset += p_i93->block_size;
2378
2379 /* write Terminator TLV and NULL TLV */
2380 memset(buff, I93_ICODE_TLV_TYPE_NULL, p_i93->block_size);
2381 buff[0] = I93_ICODE_TLV_TYPE_TERM;
2382 p = buff;
2383
2384 if (rw_i93_send_cmd_write_single_block(block_number, p) !=
2385 NFC_STATUS_OK) {
2386 rw_i93_handle_error(NFC_STATUS_FAILED);
2387 }
2388 } else {
2389 /* finished writing NDEF and Terminator TLV */
2390 /* read length field to update length */
2391 block_number =
2392 (p_i93->ndef_tlv_start_offset + 1) / p_i93->block_size;
2393
2394 if (rw_i93_send_cmd_read_single_block(block_number, false) ==
2395 NFC_STATUS_OK) {
2396 /* set offset to length field */
2397 p_i93->rw_offset = p_i93->ndef_tlv_start_offset + 1;
2398
2399 /* get size of length field */
2400 if (p_i93->ndef_length >= 0xFF) {
2401 p_i93->rw_length = 3;
2402 } else if (p_i93->ndef_length > 0) {
2403 p_i93->rw_length = 1;
2404 } else {
2405 p_i93->rw_length = 0;
2406 }
2407
2408 p_i93->sub_state = RW_I93_SUBSTATE_UPDATE_LEN;
2409 } else {
2410 rw_i93_handle_error(NFC_STATUS_FAILED);
2411 }
2412 }
2413 }
2414 } else {
2415 /* if we have no more data to write */
2416 if (p_i93->rw_length >= p_i93->ndef_length) {
2417 /* finished writing NDEF and Terminator TLV */
2418 /* read length field to update length */
2419 block_number = (p_i93->ndef_tlv_start_offset + 1) / p_i93->block_size;
2420
2421 if (rw_i93_send_cmd_read_single_block(block_number, false) ==
2422 NFC_STATUS_OK) {
2423 /* set offset to length field */
2424 p_i93->rw_offset = p_i93->ndef_tlv_start_offset + 1;
2425
2426 /* get size of length field */
2427 if (p_i93->ndef_length >= 0xFF) {
2428 p_i93->rw_length = 3;
2429 } else if (p_i93->ndef_length > 0) {
2430 p_i93->rw_length = 1;
2431 } else {
2432 p_i93->rw_length = 0;
2433 }
2434
2435 p_i93->sub_state = RW_I93_SUBSTATE_UPDATE_LEN;
2436 break;
2437 }
2438 }
2439 rw_i93_handle_error(NFC_STATUS_FAILED);
2440 }
2441 break;
2442
2443 case RW_I93_SUBSTATE_UPDATE_LEN:
2444
2445 /* if we have more length field to write */
2446 if (p_i93->rw_length > 0) {
2447 /* if we got ack for writing, read next block to update rest of length
2448 * field */
2449 if (length == 0) {
2450 block_number = p_i93->rw_offset / p_i93->block_size;
2451
2452 if (rw_i93_send_cmd_read_single_block(block_number, false) !=
2453 NFC_STATUS_OK) {
2454 rw_i93_handle_error(NFC_STATUS_FAILED);
2455 }
2456 } else {
2457 length_offset = p_i93->rw_offset % p_i93->block_size;
2458
2459 /* update length field within the read block */
2460 for (xx = length_offset; xx < p_i93->block_size; xx++) {
2461 if (xx > length) {
2462 android_errorWriteLog(0x534e4554, "122320256");
2463 rw_i93_handle_error(NFC_STATUS_FAILED);
2464 return;
2465 }
2466
2467 if (p_i93->rw_length == 3)
2468 *(p + xx) = 0xFF;
2469 else if (p_i93->rw_length == 2)
2470 *(p + xx) = (uint8_t)((p_i93->ndef_length >> 8) & 0xFF);
2471 else if (p_i93->rw_length == 1)
2472 *(p + xx) = (uint8_t)(p_i93->ndef_length & 0xFF);
2473
2474 p_i93->rw_length--;
2475 if (p_i93->rw_length == 0) break;
2476 }
2477
2478 block_number = (p_i93->rw_offset / p_i93->block_size);
2479
2480 if (length < p_i93->block_size) {
2481 android_errorWriteLog(0x534e4554, "143155861");
2482 rw_i93_handle_error(NFC_STATUS_FAILED);
2483 } else if (rw_i93_send_cmd_write_single_block(block_number, p) ==
2484 NFC_STATUS_OK) {
2485 /* set offset to the beginning of next block */
2486 p_i93->rw_offset +=
2487 p_i93->block_size - (p_i93->rw_offset % p_i93->block_size);
2488 } else {
2489 rw_i93_handle_error(NFC_STATUS_FAILED);
2490 }
2491 }
2492 } else {
2493 DLOG_IF(INFO, nfc_debug_enabled) << StringPrintf(
2494 "NDEF update complete, %d bytes, (%d-%d)", p_i93->ndef_length,
2495 p_i93->ndef_tlv_start_offset, p_i93->ndef_tlv_last_offset);
2496
2497 p_i93->state = RW_I93_STATE_IDLE;
2498 p_i93->sent_cmd = 0;
2499 p_i93->p_update_data = nullptr;
2500
2501 rw_data.status = NFC_STATUS_OK;
2502 (*(rw_cb.p_cback))(RW_I93_NDEF_UPDATE_CPLT_EVT, &rw_data);
2503 }
2504 break;
2505
2506 default:
2507 break;
2508 }
2509 }
2510
2511 /*******************************************************************************
2512 **
2513 ** Function rw_i93_sm_format
2514 **
2515 ** Description Process format procedure
2516 **
2517 ** 1. Get UID
2518 ** 2. Get sys info for memory size (reset AFI/DSFID)
2519 ** 3. Get block status to get read-only status
2520 ** 4. Write CC and empty NDEF
2521 **
2522 ** Returns void
2523 **
2524 *******************************************************************************/
rw_i93_sm_format(NFC_HDR * p_resp)2525 void rw_i93_sm_format(NFC_HDR* p_resp) {
2526 uint8_t *p = (uint8_t*)(p_resp + 1) + p_resp->offset, *p_uid;
2527 uint8_t flags;
2528 uint16_t length = p_resp->len, xx, block_number;
2529 tRW_I93_CB* p_i93 = &rw_cb.tcb.i93;
2530 tRW_DATA rw_data;
2531 tNFC_STATUS status = NFC_STATUS_FAILED;
2532
2533 DLOG_IF(INFO, nfc_debug_enabled) << StringPrintf(
2534 "sub_state:%s (0x%x)",
2535 rw_i93_get_sub_state_name(p_i93->sub_state).c_str(), p_i93->sub_state);
2536
2537 if (length == 0) {
2538 android_errorWriteLog(0x534e4554, "122323053");
2539 return;
2540 }
2541 STREAM_TO_UINT8(flags, p);
2542 length--;
2543
2544 if (flags & I93_FLAG_ERROR_DETECTED) {
2545 if (((p_i93->product_version == RW_I93_TAG_IT_HF_I_PLUS_INLAY) ||
2546 (p_i93->product_version == RW_I93_TAG_IT_HF_I_PLUS_CHIP) ||
2547 (p_i93->product_version == RW_I93_TAG_IT_HF_I_STD_CHIP_INLAY) ||
2548 (p_i93->product_version == RW_I93_TAG_IT_HF_I_PRO_CHIP_INLAY)) &&
2549 (*p == I93_ERROR_CODE_BLOCK_FAIL_TO_WRITE)) {
2550 /* ignore error */
2551 } else if ((length) && (rw_i93_check_sys_info_prot_ext(*p))) {
2552 /* getting system info with protocol extension flag */
2553 /* This STM & ONS tag supports more than 2040 bytes */
2554 p_i93->intl_flags |= RW_I93_FLAG_16BIT_NUM_BLOCK;
2555 return;
2556 } else {
2557 DLOG_IF(INFO, nfc_debug_enabled)
2558 << StringPrintf("Got error flags (0x%02x)", flags);
2559 rw_i93_handle_error(NFC_STATUS_FAILED);
2560 return;
2561 }
2562 }
2563
2564 switch (p_i93->sub_state) {
2565 case RW_I93_SUBSTATE_WAIT_UID:
2566
2567 if (length < (I93_UID_BYTE_LEN + 1)) {
2568 android_errorWriteLog(0x534e4554, "122323053");
2569 return;
2570 }
2571 p++; /* skip DSFID */
2572 p_uid = p_i93->uid;
2573 STREAM_TO_ARRAY8(p_uid, p); /* store UID */
2574
2575 /* get system information to get memory size */
2576 if (rw_i93_send_cmd_get_sys_info(nullptr, I93_FLAG_PROT_EXT_NO) ==
2577 NFC_STATUS_OK) {
2578 p_i93->sub_state = RW_I93_SUBSTATE_WAIT_SYS_INFO;
2579 } else {
2580 rw_i93_handle_error(NFC_STATUS_FAILED);
2581 }
2582 break;
2583
2584 case RW_I93_SUBSTATE_WAIT_SYS_INFO:
2585
2586 p_i93->block_size = 0;
2587 p_i93->num_block = 0;
2588
2589 if (!rw_i93_process_sys_info(p, length)) {
2590 /* retrying with protocol extension flag */
2591 break;
2592 }
2593
2594 if (p_i93->info_flags & I93_INFO_FLAG_DSFID) {
2595 /* DSFID, if any DSFID then reset */
2596 if (p_i93->dsfid != I93_DFS_UNSUPPORTED) {
2597 p_i93->intl_flags |= RW_I93_FLAG_RESET_DSFID;
2598 }
2599 }
2600 if (p_i93->info_flags & I93_INFO_FLAG_AFI) {
2601 /* AFI, reset to 0 */
2602 if (p_i93->afi != 0x00) {
2603 p_i93->intl_flags |= RW_I93_FLAG_RESET_AFI;
2604 }
2605 }
2606
2607 if ((p_i93->block_size == 0) || (p_i93->num_block == 0)) {
2608 DLOG_IF(INFO, nfc_debug_enabled)
2609 << StringPrintf("Unable to get tag memory size");
2610 rw_i93_handle_error(status);
2611 } else if (p_i93->intl_flags & RW_I93_FLAG_RESET_DSFID) {
2612 if (rw_i93_send_cmd_write_dsfid(I93_DFS_UNSUPPORTED) == NFC_STATUS_OK) {
2613 p_i93->sub_state = RW_I93_SUBSTATE_WAIT_RESET_DSFID_AFI;
2614 } else {
2615 rw_i93_handle_error(NFC_STATUS_FAILED);
2616 }
2617 } else if (p_i93->intl_flags & RW_I93_FLAG_RESET_AFI) {
2618 if (rw_i93_send_cmd_write_afi(0x00) == NFC_STATUS_OK) {
2619 p_i93->sub_state = RW_I93_SUBSTATE_WAIT_RESET_DSFID_AFI;
2620 } else {
2621 rw_i93_handle_error(NFC_STATUS_FAILED);
2622 }
2623 } else {
2624 /* get lock status to see if read-only */
2625 if ((p_i93->uid[1] == I93_UID_IC_MFG_CODE_NXP) &&
2626 (p_i93->ic_reference & I93_ICODE_IC_REF_MBREAD_MASK)) {
2627 /* these doesn't support GetMultiBlockSecurityStatus */
2628
2629 rw_cb.tcb.i93.rw_offset = 0;
2630
2631 /* read blocks with option flag to get block security status */
2632 if (rw_i93_send_cmd_read_single_block(0x0000, true) ==
2633 NFC_STATUS_OK) {
2634 p_i93->sub_state = RW_I93_SUBSTATE_CHECK_READ_ONLY;
2635 } else {
2636 rw_i93_handle_error(NFC_STATUS_FAILED);
2637 }
2638 } else {
2639 /* block offset for read-only check */
2640 p_i93->rw_offset = 0;
2641
2642 if (rw_i93_get_next_block_sec() == NFC_STATUS_OK) {
2643 p_i93->sub_state = RW_I93_SUBSTATE_CHECK_READ_ONLY;
2644 } else {
2645 rw_i93_handle_error(NFC_STATUS_FAILED);
2646 }
2647 }
2648 }
2649
2650 break;
2651
2652 case RW_I93_SUBSTATE_WAIT_RESET_DSFID_AFI:
2653
2654 if (p_i93->sent_cmd == I93_CMD_WRITE_DSFID) {
2655 p_i93->intl_flags &= ~RW_I93_FLAG_RESET_DSFID;
2656 } else if (p_i93->sent_cmd == I93_CMD_WRITE_AFI) {
2657 p_i93->intl_flags &= ~RW_I93_FLAG_RESET_AFI;
2658 }
2659
2660 if (p_i93->intl_flags & RW_I93_FLAG_RESET_DSFID) {
2661 if (rw_i93_send_cmd_write_dsfid(I93_DFS_UNSUPPORTED) == NFC_STATUS_OK) {
2662 p_i93->sub_state = RW_I93_SUBSTATE_WAIT_RESET_DSFID_AFI;
2663 } else {
2664 rw_i93_handle_error(NFC_STATUS_FAILED);
2665 }
2666 } else if (p_i93->intl_flags & RW_I93_FLAG_RESET_AFI) {
2667 if (rw_i93_send_cmd_write_afi(0x00) == NFC_STATUS_OK) {
2668 p_i93->sub_state = RW_I93_SUBSTATE_WAIT_RESET_DSFID_AFI;
2669 } else {
2670 rw_i93_handle_error(NFC_STATUS_FAILED);
2671 }
2672 } else {
2673 /* get lock status to see if read-only */
2674 if ((p_i93->uid[1] == I93_UID_IC_MFG_CODE_NXP) &&
2675 (p_i93->ic_reference & I93_ICODE_IC_REF_MBREAD_MASK)) {
2676 /* these doesn't support GetMultiBlockSecurityStatus */
2677
2678 rw_cb.tcb.i93.rw_offset = 0;
2679
2680 /* read blocks with option flag to get block security status */
2681 if (rw_i93_send_cmd_read_single_block(0x0000, true) ==
2682 NFC_STATUS_OK) {
2683 p_i93->sub_state = RW_I93_SUBSTATE_CHECK_READ_ONLY;
2684 } else {
2685 rw_i93_handle_error(NFC_STATUS_FAILED);
2686 }
2687 } else {
2688 /* block offset for read-only check */
2689 p_i93->rw_offset = 0;
2690
2691 if (rw_i93_get_next_block_sec() == NFC_STATUS_OK) {
2692 p_i93->sub_state = RW_I93_SUBSTATE_CHECK_READ_ONLY;
2693 } else {
2694 rw_i93_handle_error(NFC_STATUS_FAILED);
2695 }
2696 }
2697 }
2698 break;
2699
2700 case RW_I93_SUBSTATE_CHECK_READ_ONLY:
2701
2702 if ((p_i93->product_version == RW_I93_TAG_IT_HF_I_STD_CHIP_INLAY) ||
2703 (p_i93->product_version == RW_I93_TAG_IT_HF_I_PRO_CHIP_INLAY) ||
2704 ((p_i93->uid[1] == I93_UID_IC_MFG_CODE_NXP) &&
2705 (p_i93->ic_reference & I93_ICODE_IC_REF_MBREAD_MASK))) {
2706 if (length == 0 || ((*p) & I93_BLOCK_LOCKED)) {
2707 rw_i93_handle_error(NFC_STATUS_FAILED);
2708 break;
2709 }
2710
2711 /* if we checked all of user blocks */
2712 if ((p_i93->rw_offset / p_i93->block_size) + 1 == p_i93->num_block) {
2713 if ((p_i93->product_version == RW_I93_TAG_IT_HF_I_STD_CHIP_INLAY) ||
2714 (p_i93->product_version == RW_I93_TAG_IT_HF_I_PRO_CHIP_INLAY)) {
2715 /* read the block which has AFI */
2716 p_i93->rw_offset = I93_TAG_IT_HF_I_STD_PRO_CHIP_INLAY_AFI_LOCATION;
2717 rw_i93_send_cmd_read_single_block(
2718 (uint16_t)(p_i93->rw_offset / p_i93->block_size), true);
2719 break;
2720 }
2721 } else if (p_i93->rw_offset ==
2722 I93_TAG_IT_HF_I_STD_PRO_CHIP_INLAY_AFI_LOCATION) {
2723 /* no block is locked */
2724 } else {
2725 p_i93->rw_offset += p_i93->block_size;
2726 rw_i93_send_cmd_read_single_block(
2727 (uint16_t)(p_i93->rw_offset / p_i93->block_size), true);
2728 break;
2729 }
2730 } else {
2731 /* if any block is locked, we cannot format it */
2732 for (xx = 0; xx < length; xx++) {
2733 if (*(p + xx) & I93_BLOCK_LOCKED) {
2734 rw_i93_handle_error(NFC_STATUS_FAILED);
2735 break;
2736 }
2737 }
2738
2739 /* update block offset for read-only check */
2740 p_i93->rw_offset += length;
2741
2742 /* if need to get more lock status of blocks */
2743 if (p_i93->num_block > p_i93->rw_offset) {
2744 if (rw_i93_get_next_block_sec() != NFC_STATUS_OK) {
2745 rw_i93_handle_error(NFC_STATUS_FAILED);
2746 }
2747 break;
2748 }
2749 }
2750
2751 /* get buffer to store CC, zero length NDEF TLV and Terminator TLV */
2752 /* Block size could be either 4 or 8 or 16 or 32 bytes */
2753 /* Get buffer for the largest block size I93_MAX_BLOCK_LENGH */
2754 p_i93->p_update_data = (uint8_t*)GKI_getbuf(I93_MAX_BLOCK_LENGH);
2755
2756 if (!p_i93->p_update_data) {
2757 LOG(ERROR) << StringPrintf("Cannot allocate buffer");
2758 rw_i93_handle_error(NFC_STATUS_FAILED);
2759 break;
2760 } else if (p_i93->block_size > RW_I93_FORMAT_DATA_LEN) {
2761 /* Possible leaking information from previous NFC transactions */
2762 /* Clear previous values */
2763 memset(p_i93->p_update_data, I93_ICODE_TLV_TYPE_NULL,
2764 I93_MAX_BLOCK_LENGH);
2765 android_errorWriteLog(0x534e4554, "139738828");
2766 }
2767
2768 p = p_i93->p_update_data;
2769
2770 /* Capability Container */
2771 *(p++) = I93_ICODE_CC_MAGIC_NUMER_E1; /* magic number */
2772 *(p++) = 0x40; /* version 1.0, read/write */
2773
2774 /* if memory size is less than 2048 bytes */
2775 if (((p_i93->num_block * p_i93->block_size) / 8) < 0x100)
2776 *(p++) = (uint8_t)((p_i93->num_block * p_i93->block_size) /
2777 8); /* memory size */
2778 else
2779 *(p++) = 0xFF;
2780
2781 if ((p_i93->product_version == RW_I93_ICODE_SLI) ||
2782 (p_i93->product_version == RW_I93_ICODE_SLI_S) ||
2783 (p_i93->product_version == RW_I93_ICODE_SLI_L)) {
2784 if (p_i93->ic_reference & I93_ICODE_IC_REF_MBREAD_MASK)
2785 *(p++) = I93_ICODE_CC_IPREAD_MASK; /* IPREAD */
2786 else
2787 *(p++) = I93_ICODE_CC_MBREAD_MASK; /* MBREAD, read multi block command
2788 supported */
2789 } else if ((p_i93->product_version == RW_I93_TAG_IT_HF_I_PLUS_INLAY) ||
2790 (p_i93->product_version == RW_I93_TAG_IT_HF_I_PLUS_CHIP)) {
2791 *(p++) = I93_ICODE_CC_MBREAD_MASK; /* MBREAD, read multi block command
2792 supported */
2793 } else if ((p_i93->product_version ==
2794 RW_I93_TAG_IT_HF_I_STD_CHIP_INLAY) ||
2795 (p_i93->product_version ==
2796 RW_I93_TAG_IT_HF_I_PRO_CHIP_INLAY)) {
2797 *(p++) = 0;
2798 } else {
2799 /* STM except LRIS2K, ONS, Broadcom supports read multi block command */
2800
2801 /* if memory size is more than 2040 bytes (which is not LRIS2K) */
2802 if (((p_i93->num_block * p_i93->block_size) / 8) > 0xFF)
2803 *(p++) = (I93_ICODE_CC_MBREAD_MASK | I93_STM_CC_OVERFLOW_MASK);
2804 else if (p_i93->product_version == RW_I93_STM_LRIS2K)
2805 *(p++) = 0x00;
2806 else
2807 *(p++) = I93_ICODE_CC_MBREAD_MASK;
2808 }
2809
2810 /* zero length NDEF and Terminator TLV */
2811 *(p++) = I93_ICODE_TLV_TYPE_NDEF;
2812 *(p++) = 0x00;
2813 *(p++) = I93_ICODE_TLV_TYPE_TERM;
2814 *(p++) = I93_ICODE_TLV_TYPE_NULL;
2815
2816 /* start from block 0 */
2817 p_i93->rw_offset = 0;
2818
2819 if (rw_i93_send_cmd_write_single_block(0, p_i93->p_update_data) ==
2820 NFC_STATUS_OK) {
2821 p_i93->sub_state = RW_I93_SUBSTATE_WRITE_CC_NDEF_TLV;
2822 p_i93->rw_offset += p_i93->block_size;
2823 } else {
2824 rw_i93_handle_error(NFC_STATUS_FAILED);
2825 }
2826 break;
2827
2828 case RW_I93_SUBSTATE_WRITE_CC_NDEF_TLV:
2829
2830 /* if we have more data to write */
2831 if (p_i93->rw_offset < RW_I93_FORMAT_DATA_LEN) {
2832 block_number = (p_i93->rw_offset / p_i93->block_size);
2833 p = p_i93->p_update_data + p_i93->rw_offset;
2834
2835 if (rw_i93_send_cmd_write_single_block(block_number, p) ==
2836 NFC_STATUS_OK) {
2837 p_i93->sub_state = RW_I93_SUBSTATE_WRITE_CC_NDEF_TLV;
2838 p_i93->rw_offset += p_i93->block_size;
2839 } else {
2840 rw_i93_handle_error(NFC_STATUS_FAILED);
2841 }
2842 } else {
2843 GKI_freebuf(p_i93->p_update_data);
2844 p_i93->p_update_data = nullptr;
2845
2846 p_i93->state = RW_I93_STATE_IDLE;
2847 p_i93->sent_cmd = 0;
2848
2849 rw_data.status = NFC_STATUS_OK;
2850 (*(rw_cb.p_cback))(RW_I93_FORMAT_CPLT_EVT, &rw_data);
2851 }
2852 break;
2853
2854 default:
2855 break;
2856 }
2857 }
2858
2859 /*******************************************************************************
2860 **
2861 ** Function rw_i93_sm_set_read_only
2862 **
2863 ** Description Process read-only procedure
2864 **
2865 ** 1. Update CC as read-only
2866 ** 2. Lock all block of NDEF TLV
2867 ** 3. Lock block of CC
2868 **
2869 ** Returns void
2870 **
2871 *******************************************************************************/
rw_i93_sm_set_read_only(NFC_HDR * p_resp)2872 void rw_i93_sm_set_read_only(NFC_HDR* p_resp) {
2873 uint8_t* p = (uint8_t*)(p_resp + 1) + p_resp->offset;
2874 uint8_t flags, block_number;
2875 uint16_t length = p_resp->len;
2876 tRW_I93_CB* p_i93 = &rw_cb.tcb.i93;
2877 tRW_DATA rw_data;
2878
2879 DLOG_IF(INFO, nfc_debug_enabled) << StringPrintf(
2880 "sub_state:%s (0x%x)",
2881 rw_i93_get_sub_state_name(p_i93->sub_state).c_str(), p_i93->sub_state);
2882
2883 if (length == 0) {
2884 android_errorWriteLog(0x534e4554, "122322613");
2885 rw_i93_handle_error(NFC_STATUS_FAILED);
2886 return;
2887 }
2888
2889 STREAM_TO_UINT8(flags, p);
2890 length--;
2891
2892 if (flags & I93_FLAG_ERROR_DETECTED) {
2893 if (((p_i93->product_version == RW_I93_TAG_IT_HF_I_PLUS_INLAY) ||
2894 (p_i93->product_version == RW_I93_TAG_IT_HF_I_PLUS_CHIP) ||
2895 (p_i93->product_version == RW_I93_TAG_IT_HF_I_STD_CHIP_INLAY) ||
2896 (p_i93->product_version == RW_I93_TAG_IT_HF_I_PRO_CHIP_INLAY)) &&
2897 (*p == I93_ERROR_CODE_BLOCK_FAIL_TO_WRITE)) {
2898 /* ignore error */
2899 } else {
2900 DLOG_IF(INFO, nfc_debug_enabled)
2901 << StringPrintf("Got error flags (0x%02x)", flags);
2902 rw_i93_handle_error(NFC_STATUS_FAILED);
2903 return;
2904 }
2905 }
2906
2907 switch (p_i93->sub_state) {
2908 case RW_I93_SUBSTATE_WAIT_CC:
2909
2910 if (length < RW_I93_CC_SIZE) {
2911 android_errorWriteLog(0x534e4554, "139188579");
2912 rw_i93_handle_error(NFC_STATUS_FAILED);
2913 return;
2914 }
2915
2916 /* mark CC as read-only */
2917 *(p + 1) |= I93_ICODE_CC_READ_ONLY;
2918
2919 if (length < p_i93->block_size) {
2920 android_errorWriteLog(0x534e4554, "143106535");
2921 rw_i93_handle_error(NFC_STATUS_FAILED);
2922 } else if (rw_i93_send_cmd_write_single_block(0, p) == NFC_STATUS_OK) {
2923 p_i93->sub_state = RW_I93_SUBSTATE_WAIT_UPDATE_CC;
2924 } else {
2925 rw_i93_handle_error(NFC_STATUS_FAILED);
2926 }
2927 break;
2928
2929 case RW_I93_SUBSTATE_WAIT_UPDATE_CC:
2930
2931 /* successfully write CC then lock all blocks of NDEF TLV */
2932 p_i93->rw_offset = p_i93->ndef_tlv_start_offset;
2933 block_number = (uint8_t)(p_i93->rw_offset / p_i93->block_size);
2934
2935 if (rw_i93_send_cmd_lock_block(block_number) == NFC_STATUS_OK) {
2936 p_i93->rw_offset += p_i93->block_size;
2937 p_i93->sub_state = RW_I93_SUBSTATE_LOCK_NDEF_TLV;
2938 } else {
2939 rw_i93_handle_error(NFC_STATUS_FAILED);
2940 }
2941 break;
2942
2943 case RW_I93_SUBSTATE_LOCK_NDEF_TLV:
2944
2945 /* if we need to lock more blocks */
2946 if (p_i93->rw_offset < p_i93->ndef_tlv_last_offset) {
2947 /* get the next block of NDEF TLV */
2948 block_number = (uint8_t)(p_i93->rw_offset / p_i93->block_size);
2949
2950 if (rw_i93_send_cmd_lock_block(block_number) == NFC_STATUS_OK) {
2951 p_i93->rw_offset += p_i93->block_size;
2952 } else {
2953 rw_i93_handle_error(NFC_STATUS_FAILED);
2954 }
2955 }
2956 /* if the first block of NDEF TLV is different from block of CC */
2957 else if (p_i93->ndef_tlv_start_offset / p_i93->block_size != 0) {
2958 /* lock block of CC */
2959 if (rw_i93_send_cmd_lock_block(0) == NFC_STATUS_OK) {
2960 p_i93->sub_state = RW_I93_SUBSTATE_WAIT_LOCK_CC;
2961 } else {
2962 rw_i93_handle_error(NFC_STATUS_FAILED);
2963 }
2964 } else {
2965 p_i93->intl_flags |= RW_I93_FLAG_READ_ONLY;
2966 p_i93->state = RW_I93_STATE_IDLE;
2967 p_i93->sent_cmd = 0;
2968
2969 rw_data.status = NFC_STATUS_OK;
2970 (*(rw_cb.p_cback))(RW_I93_SET_TAG_RO_EVT, &rw_data);
2971 }
2972 break;
2973
2974 case RW_I93_SUBSTATE_WAIT_LOCK_CC:
2975
2976 p_i93->intl_flags |= RW_I93_FLAG_READ_ONLY;
2977 p_i93->state = RW_I93_STATE_IDLE;
2978 p_i93->sent_cmd = 0;
2979
2980 rw_data.status = NFC_STATUS_OK;
2981 (*(rw_cb.p_cback))(RW_I93_SET_TAG_RO_EVT, &rw_data);
2982 break;
2983
2984 default:
2985 break;
2986 }
2987 }
2988
2989 /*******************************************************************************
2990 **
2991 ** Function rw_i93_handle_error
2992 **
2993 ** Description notify error to application and clean up
2994 **
2995 ** Returns none
2996 **
2997 *******************************************************************************/
rw_i93_handle_error(tNFC_STATUS status)2998 void rw_i93_handle_error(tNFC_STATUS status) {
2999 tRW_I93_CB* p_i93 = &rw_cb.tcb.i93;
3000 tRW_DATA rw_data;
3001 tRW_EVENT event;
3002
3003 DLOG_IF(INFO, nfc_debug_enabled)
3004 << StringPrintf("status:0x%02X, state:0x%X", status, p_i93->state);
3005
3006 nfc_stop_quick_timer(&p_i93->timer);
3007
3008 if (rw_cb.p_cback) {
3009 rw_data.status = status;
3010
3011 switch (p_i93->state) {
3012 case RW_I93_STATE_IDLE: /* in case of RawFrame */
3013 event = RW_I93_INTF_ERROR_EVT;
3014 break;
3015
3016 case RW_I93_STATE_BUSY:
3017 if (p_i93->sent_cmd == I93_CMD_STAY_QUIET) {
3018 /* There is no response to Stay Quiet command */
3019 rw_data.i93_cmd_cmpl.status = NFC_STATUS_OK;
3020 rw_data.i93_cmd_cmpl.command = I93_CMD_STAY_QUIET;
3021 rw_data.i93_cmd_cmpl.error_code = 0;
3022 event = RW_I93_CMD_CMPL_EVT;
3023 } else {
3024 event = RW_I93_INTF_ERROR_EVT;
3025 }
3026 break;
3027
3028 case RW_I93_STATE_DETECT_NDEF:
3029 rw_data.ndef.protocol = NFC_PROTOCOL_T5T;
3030 rw_data.ndef.cur_size = 0;
3031 rw_data.ndef.max_size = 0;
3032 rw_data.ndef.flags = 0;
3033 rw_data.ndef.flags |= RW_NDEF_FL_FORMATABLE;
3034 rw_data.ndef.flags |= RW_NDEF_FL_UNKNOWN;
3035 event = RW_I93_NDEF_DETECT_EVT;
3036 break;
3037
3038 case RW_I93_STATE_READ_NDEF:
3039 event = RW_I93_NDEF_READ_FAIL_EVT;
3040 break;
3041
3042 case RW_I93_STATE_UPDATE_NDEF:
3043 p_i93->p_update_data = nullptr;
3044 event = RW_I93_NDEF_UPDATE_FAIL_EVT;
3045 break;
3046
3047 case RW_I93_STATE_FORMAT:
3048 if (p_i93->p_update_data) {
3049 GKI_freebuf(p_i93->p_update_data);
3050 p_i93->p_update_data = nullptr;
3051 }
3052 event = RW_I93_FORMAT_CPLT_EVT;
3053 break;
3054
3055 case RW_I93_STATE_SET_READ_ONLY:
3056 event = RW_I93_SET_TAG_RO_EVT;
3057 break;
3058
3059 case RW_I93_STATE_PRESENCE_CHECK:
3060 event = RW_I93_PRESENCE_CHECK_EVT;
3061 break;
3062
3063 default:
3064 event = RW_I93_MAX_EVT;
3065 break;
3066 }
3067
3068 p_i93->state = RW_I93_STATE_IDLE;
3069 p_i93->sent_cmd = 0;
3070
3071 if (event != RW_I93_MAX_EVT) {
3072 (*(rw_cb.p_cback))(event, &rw_data);
3073 }
3074 } else {
3075 p_i93->state = RW_I93_STATE_IDLE;
3076 }
3077 }
3078
3079 /*******************************************************************************
3080 **
3081 ** Function rw_i93_process_timeout
3082 **
3083 ** Description process timeout event
3084 **
3085 ** Returns none
3086 **
3087 *******************************************************************************/
rw_i93_process_timeout(TIMER_LIST_ENT * p_tle)3088 void rw_i93_process_timeout(TIMER_LIST_ENT* p_tle) {
3089 NFC_HDR* p_buf;
3090
3091 DLOG_IF(INFO, nfc_debug_enabled) << StringPrintf("event=%d", p_tle->event);
3092
3093 if (p_tle->event == NFC_TTYPE_RW_I93_RESPONSE) {
3094 if ((rw_cb.tcb.i93.retry_count < RW_MAX_RETRIES) &&
3095 (rw_cb.tcb.i93.p_retry_cmd) &&
3096 (rw_cb.tcb.i93.sent_cmd != I93_CMD_STAY_QUIET)) {
3097 rw_cb.tcb.i93.retry_count++;
3098 LOG(ERROR) << StringPrintf("retry_count = %d", rw_cb.tcb.i93.retry_count);
3099
3100 p_buf = rw_cb.tcb.i93.p_retry_cmd;
3101 rw_cb.tcb.i93.p_retry_cmd = nullptr;
3102
3103 if (rw_i93_send_to_lower(p_buf)) {
3104 return;
3105 }
3106 }
3107
3108 /* all retrial is done or failed to send command to lower layer */
3109 if (rw_cb.tcb.i93.p_retry_cmd) {
3110 GKI_freebuf(rw_cb.tcb.i93.p_retry_cmd);
3111 rw_cb.tcb.i93.p_retry_cmd = nullptr;
3112 rw_cb.tcb.i93.retry_count = 0;
3113 }
3114 rw_i93_handle_error(NFC_STATUS_TIMEOUT);
3115 } else {
3116 LOG(ERROR) << StringPrintf("unknown event=%d", p_tle->event);
3117 }
3118 }
3119
3120 /*******************************************************************************
3121 **
3122 ** Function rw_i93_data_cback
3123 **
3124 ** Description This callback function receives the data from NFCC.
3125 **
3126 ** Returns none
3127 **
3128 *******************************************************************************/
rw_i93_data_cback(uint8_t conn_id,tNFC_CONN_EVT event,tNFC_CONN * p_data)3129 static void rw_i93_data_cback(__attribute__((unused)) uint8_t conn_id,
3130 tNFC_CONN_EVT event, tNFC_CONN* p_data) {
3131 tRW_I93_CB* p_i93 = &rw_cb.tcb.i93;
3132 NFC_HDR* p_resp;
3133 tRW_DATA rw_data;
3134
3135 uint8_t begin_state = p_i93->state;
3136
3137 DLOG_IF(INFO, nfc_debug_enabled) << StringPrintf("event = 0x%X", event);
3138
3139 if ((event == NFC_DEACTIVATE_CEVT) || (event == NFC_ERROR_CEVT) ||
3140 ((event == NFC_DATA_CEVT) && (p_data->status != NFC_STATUS_OK))) {
3141 nfc_stop_quick_timer(&p_i93->timer);
3142
3143 if (event == NFC_ERROR_CEVT || (p_data->status != NFC_STATUS_OK)) {
3144 if ((p_i93->retry_count < RW_MAX_RETRIES) && (p_i93->p_retry_cmd)) {
3145 p_i93->retry_count++;
3146
3147 LOG(ERROR) << StringPrintf("retry_count = %d", p_i93->retry_count);
3148
3149 p_resp = p_i93->p_retry_cmd;
3150 p_i93->p_retry_cmd = nullptr;
3151 if (rw_i93_send_to_lower(p_resp)) {
3152 if (event == NFC_DATA_CEVT) {
3153 p_resp = (NFC_HDR*)p_data->data.p_data;
3154 GKI_freebuf(p_resp);
3155 }
3156 return;
3157 }
3158 }
3159
3160 /* all retrial is done or failed to send command to lower layer */
3161 if (p_i93->p_retry_cmd) {
3162 GKI_freebuf(p_i93->p_retry_cmd);
3163 p_i93->p_retry_cmd = nullptr;
3164 p_i93->retry_count = 0;
3165 }
3166
3167 rw_i93_handle_error((tNFC_STATUS)(*(uint8_t*)p_data));
3168 } else {
3169 /* free retry buffer */
3170 if (p_i93->p_retry_cmd) {
3171 GKI_freebuf(p_i93->p_retry_cmd);
3172 p_i93->p_retry_cmd = nullptr;
3173 p_i93->retry_count = 0;
3174 }
3175 NFC_SetStaticRfCback(nullptr);
3176 p_i93->state = RW_I93_STATE_NOT_ACTIVATED;
3177 }
3178 if ((event == NFC_DATA_CEVT) && (p_data->status != NFC_STATUS_OK)) {
3179 p_resp = (NFC_HDR*)p_data->data.p_data;
3180 GKI_freebuf(p_resp);
3181 }
3182 return;
3183 }
3184
3185 if (event != NFC_DATA_CEVT) {
3186 return;
3187 }
3188
3189 p_resp = (NFC_HDR*)p_data->data.p_data;
3190
3191 nfc_stop_quick_timer(&p_i93->timer);
3192
3193 /* free retry buffer */
3194 if (p_i93->p_retry_cmd) {
3195 GKI_freebuf(p_i93->p_retry_cmd);
3196 p_i93->p_retry_cmd = nullptr;
3197 p_i93->retry_count = 0;
3198 }
3199
3200 DLOG_IF(INFO, nfc_debug_enabled) << StringPrintf(
3201 "RW I93 state: <%s (%d)>", rw_i93_get_state_name(p_i93->state).c_str(),
3202 p_i93->state);
3203
3204 switch (p_i93->state) {
3205 case RW_I93_STATE_IDLE:
3206 /* Unexpected Response from VICC, it should be raw frame response */
3207 /* forward to upper layer without parsing */
3208 p_i93->sent_cmd = 0;
3209 if (rw_cb.p_cback) {
3210 rw_data.raw_frame.status = p_data->data.status;
3211 rw_data.raw_frame.p_data = p_resp;
3212 (*(rw_cb.p_cback))(RW_I93_RAW_FRAME_EVT, &rw_data);
3213 p_resp = nullptr;
3214 } else {
3215 GKI_freebuf(p_resp);
3216 }
3217 break;
3218 case RW_I93_STATE_BUSY:
3219 p_i93->state = RW_I93_STATE_IDLE;
3220 rw_i93_send_to_upper(p_resp);
3221 GKI_freebuf(p_resp);
3222 break;
3223
3224 case RW_I93_STATE_DETECT_NDEF:
3225 rw_i93_sm_detect_ndef(p_resp);
3226 GKI_freebuf(p_resp);
3227 break;
3228
3229 case RW_I93_STATE_READ_NDEF:
3230 rw_i93_sm_read_ndef(p_resp);
3231 /* p_resp may send upper lyaer */
3232 break;
3233
3234 case RW_I93_STATE_UPDATE_NDEF:
3235 rw_i93_sm_update_ndef(p_resp);
3236 GKI_freebuf(p_resp);
3237 break;
3238
3239 case RW_I93_STATE_FORMAT:
3240 rw_i93_sm_format(p_resp);
3241 GKI_freebuf(p_resp);
3242 break;
3243
3244 case RW_I93_STATE_SET_READ_ONLY:
3245 rw_i93_sm_set_read_only(p_resp);
3246 GKI_freebuf(p_resp);
3247 break;
3248
3249 case RW_I93_STATE_PRESENCE_CHECK:
3250 p_i93->state = RW_I93_STATE_IDLE;
3251 p_i93->sent_cmd = 0;
3252
3253 /* if any response, send presence check with ok */
3254 rw_data.status = NFC_STATUS_OK;
3255 (*(rw_cb.p_cback))(RW_I93_PRESENCE_CHECK_EVT, &rw_data);
3256 GKI_freebuf(p_resp);
3257 break;
3258
3259 default:
3260 LOG(ERROR) << StringPrintf("invalid state=%d", p_i93->state);
3261 GKI_freebuf(p_resp);
3262 break;
3263 }
3264
3265 if (begin_state != p_i93->state) {
3266 DLOG_IF(INFO, nfc_debug_enabled)
3267 << StringPrintf("RW I93 state changed:<%s> -> <%s>",
3268 rw_i93_get_state_name(begin_state).c_str(),
3269 rw_i93_get_state_name(p_i93->state).c_str());
3270 }
3271 }
3272
3273 /*******************************************************************************
3274 **
3275 ** Function rw_i93_select
3276 **
3277 ** Description Initialise ISO 15693 / T5T RW
3278 **
3279 ** Returns NFC_STATUS_OK if success
3280 **
3281 *******************************************************************************/
rw_i93_select(uint8_t * p_uid)3282 tNFC_STATUS rw_i93_select(uint8_t* p_uid) {
3283 tRW_I93_CB* p_i93 = &rw_cb.tcb.i93;
3284 uint8_t uid[I93_UID_BYTE_LEN], *p;
3285
3286 DLOG_IF(INFO, nfc_debug_enabled) << __func__;
3287
3288 NFC_SetStaticRfCback(rw_i93_data_cback);
3289
3290 p_i93->state = RW_I93_STATE_IDLE;
3291
3292 /* convert UID to big endian format - MSB(0xE0) in first byte */
3293 p = uid;
3294 STREAM_TO_ARRAY8(p, p_uid);
3295
3296 rw_i93_get_product_version(uid);
3297
3298 return NFC_STATUS_OK;
3299 }
3300
3301 /*******************************************************************************
3302 **
3303 ** Function RW_I93Inventory
3304 **
3305 ** Description This function send Inventory command with/without AFI
3306 ** If UID is provided then set UID[0]:MSB, ... UID[7]:LSB
3307 **
3308 ** RW_I93_RESPONSE_EVT will be returned
3309 **
3310 ** Returns NFC_STATUS_OK if success
3311 ** NFC_STATUS_NO_BUFFERS if out of buffer
3312 ** NFC_STATUS_BUSY if busy
3313 ** NFC_STATUS_FAILED if other error
3314 **
3315 *******************************************************************************/
RW_I93Inventory(bool including_afi,uint8_t afi,uint8_t * p_uid)3316 tNFC_STATUS RW_I93Inventory(bool including_afi, uint8_t afi, uint8_t* p_uid) {
3317 tNFC_STATUS status;
3318
3319 DLOG_IF(INFO, nfc_debug_enabled)
3320 << StringPrintf(", including_afi:%d, AFI:0x%02X", including_afi, afi);
3321
3322 if (rw_cb.tcb.i93.state != RW_I93_STATE_IDLE) {
3323 LOG(ERROR) << StringPrintf("Unable to start command at state (0x%X)",
3324 rw_cb.tcb.i93.state);
3325 return NFC_STATUS_BUSY;
3326 }
3327
3328 status = rw_i93_send_cmd_inventory(p_uid, including_afi, afi);
3329
3330 if (status == NFC_STATUS_OK) {
3331 rw_cb.tcb.i93.state = RW_I93_STATE_BUSY;
3332 }
3333
3334 return (status);
3335 }
3336
3337 /*******************************************************************************
3338 **
3339 ** Function RW_I93StayQuiet
3340 **
3341 ** Description This function send Inventory command
3342 **
3343 ** RW_I93_CMD_CMPL_EVT will be returned
3344 **
3345 ** Returns NFC_STATUS_OK if success
3346 ** NFC_STATUS_NO_BUFFERS if out of buffer
3347 ** NFC_STATUS_BUSY if busy
3348 ** NFC_STATUS_FAILED if other error
3349 **
3350 *******************************************************************************/
RW_I93StayQuiet(void)3351 tNFC_STATUS RW_I93StayQuiet(void) {
3352 tNFC_STATUS status;
3353
3354 DLOG_IF(INFO, nfc_debug_enabled) << __func__;
3355
3356 if (rw_cb.tcb.i93.state != RW_I93_STATE_IDLE) {
3357 LOG(ERROR) << StringPrintf("Unable to start command at state (0x%X)",
3358 rw_cb.tcb.i93.state);
3359 return NFC_STATUS_BUSY;
3360 }
3361
3362 status = rw_i93_send_cmd_stay_quiet();
3363 if (status == NFC_STATUS_OK) {
3364 rw_cb.tcb.i93.state = RW_I93_STATE_BUSY;
3365 }
3366
3367 return status;
3368 }
3369
3370 /*******************************************************************************
3371 **
3372 ** Function RW_I93ReadSingleBlock
3373 **
3374 ** Description This function send Read Single Block command
3375 **
3376 ** RW_I93_RESPONSE_EVT will be returned
3377 **
3378 ** Returns NFC_STATUS_OK if success
3379 ** NFC_STATUS_NO_BUFFERS if out of buffer
3380 ** NFC_STATUS_BUSY if busy
3381 ** NFC_STATUS_FAILED if other error
3382 **
3383 *******************************************************************************/
RW_I93ReadSingleBlock(uint16_t block_number)3384 tNFC_STATUS RW_I93ReadSingleBlock(uint16_t block_number) {
3385 tNFC_STATUS status;
3386
3387 DLOG_IF(INFO, nfc_debug_enabled)
3388 << StringPrintf("block_number:0x%02X", block_number);
3389
3390 if (rw_cb.tcb.i93.state != RW_I93_STATE_IDLE) {
3391 LOG(ERROR) << StringPrintf("Unable to start command at state (0x%X)",
3392 rw_cb.tcb.i93.state);
3393 return NFC_STATUS_BUSY;
3394 }
3395
3396 status = rw_i93_send_cmd_read_single_block(block_number, false);
3397 if (status == NFC_STATUS_OK) {
3398 rw_cb.tcb.i93.state = RW_I93_STATE_BUSY;
3399 }
3400
3401 return status;
3402 }
3403
3404 /*******************************************************************************
3405 **
3406 ** Function RW_I93WriteSingleBlock
3407 **
3408 ** Description This function send Write Single Block command
3409 ** Application must get block size first by calling
3410 ** RW_I93GetSysInfo().
3411 **
3412 ** RW_I93_CMD_CMPL_EVT will be returned
3413 **
3414 ** Returns NFC_STATUS_OK if success
3415 ** NFC_STATUS_NO_BUFFERS if out of buffer
3416 ** NFC_STATUS_BUSY if busy
3417 ** NFC_STATUS_FAILED if other error
3418 **
3419 *******************************************************************************/
RW_I93WriteSingleBlock(uint16_t block_number,uint8_t * p_data)3420 tNFC_STATUS RW_I93WriteSingleBlock(uint16_t block_number, uint8_t* p_data) {
3421 tNFC_STATUS status;
3422
3423 DLOG_IF(INFO, nfc_debug_enabled) << __func__;
3424
3425 if (rw_cb.tcb.i93.state != RW_I93_STATE_IDLE) {
3426 LOG(ERROR) << StringPrintf("Unable to start command at state (0x%X)",
3427 rw_cb.tcb.i93.state);
3428 return NFC_STATUS_BUSY;
3429 }
3430
3431 if (rw_cb.tcb.i93.block_size == 0) {
3432 LOG(ERROR) << StringPrintf("Block size is unknown");
3433 return NFC_STATUS_FAILED;
3434 }
3435
3436 status = rw_i93_send_cmd_write_single_block(block_number, p_data);
3437 if (status == NFC_STATUS_OK) {
3438 rw_cb.tcb.i93.state = RW_I93_STATE_BUSY;
3439 }
3440
3441 return status;
3442 }
3443
3444 /*******************************************************************************
3445 **
3446 ** Function RW_I93LockBlock
3447 **
3448 ** Description This function send Lock Block command
3449 **
3450 ** RW_I93_CMD_CMPL_EVT will be returned
3451 **
3452 ** Returns NFC_STATUS_OK if success
3453 ** NFC_STATUS_NO_BUFFERS if out of buffer
3454 ** NFC_STATUS_BUSY if busy
3455 ** NFC_STATUS_FAILED if other error
3456 **
3457 *******************************************************************************/
RW_I93LockBlock(uint8_t block_number)3458 tNFC_STATUS RW_I93LockBlock(uint8_t block_number) {
3459 tNFC_STATUS status;
3460
3461 DLOG_IF(INFO, nfc_debug_enabled) << __func__;
3462
3463 if (rw_cb.tcb.i93.state != RW_I93_STATE_IDLE) {
3464 LOG(ERROR) << StringPrintf("Unable to start command at state (0x%X)",
3465 rw_cb.tcb.i93.state);
3466 return NFC_STATUS_BUSY;
3467 }
3468
3469 status = rw_i93_send_cmd_lock_block(block_number);
3470 if (status == NFC_STATUS_OK) {
3471 rw_cb.tcb.i93.state = RW_I93_STATE_BUSY;
3472 }
3473
3474 return status;
3475 }
3476
3477 /*******************************************************************************
3478 **
3479 ** Function RW_I93ReadMultipleBlocks
3480 **
3481 ** Description This function send Read Multiple Blocks command
3482 **
3483 ** RW_I93_RESPONSE_EVT will be returned
3484 **
3485 ** Returns NFC_STATUS_OK if success
3486 ** NFC_STATUS_NO_BUFFERS if out of buffer
3487 ** NFC_STATUS_BUSY if busy
3488 ** NFC_STATUS_FAILED if other error
3489 **
3490 *******************************************************************************/
RW_I93ReadMultipleBlocks(uint16_t first_block_number,uint16_t number_blocks)3491 tNFC_STATUS RW_I93ReadMultipleBlocks(uint16_t first_block_number,
3492 uint16_t number_blocks) {
3493 tNFC_STATUS status;
3494
3495 DLOG_IF(INFO, nfc_debug_enabled) << __func__;
3496
3497 if (rw_cb.tcb.i93.state != RW_I93_STATE_IDLE) {
3498 LOG(ERROR) << StringPrintf("Unable to start command at state (0x%X)",
3499 rw_cb.tcb.i93.state);
3500 return NFC_STATUS_BUSY;
3501 }
3502
3503 status = rw_i93_send_cmd_read_multi_blocks(first_block_number, number_blocks);
3504 if (status == NFC_STATUS_OK) {
3505 rw_cb.tcb.i93.state = RW_I93_STATE_BUSY;
3506 }
3507
3508 return status;
3509 }
3510
3511 /*******************************************************************************
3512 **
3513 ** Function RW_I93WriteMultipleBlocks
3514 **
3515 ** Description This function send Write Multiple Blocks command
3516 **
3517 ** RW_I93_CMD_CMPL_EVT will be returned
3518 **
3519 ** Returns NFC_STATUS_OK if success
3520 ** NFC_STATUS_NO_BUFFERS if out of buffer
3521 ** NFC_STATUS_BUSY if busy
3522 ** NFC_STATUS_FAILED if other error
3523 **
3524 *******************************************************************************/
RW_I93WriteMultipleBlocks(uint16_t first_block_number,uint16_t number_blocks,uint8_t * p_data)3525 tNFC_STATUS RW_I93WriteMultipleBlocks(uint16_t first_block_number,
3526 uint16_t number_blocks, uint8_t* p_data) {
3527 tNFC_STATUS status;
3528
3529 DLOG_IF(INFO, nfc_debug_enabled) << __func__;
3530
3531 if (rw_cb.tcb.i93.state != RW_I93_STATE_IDLE) {
3532 LOG(ERROR) << StringPrintf("Unable to start command at state (0x%X)",
3533 rw_cb.tcb.i93.state);
3534 return NFC_STATUS_BUSY;
3535 }
3536
3537 if (rw_cb.tcb.i93.block_size == 0) {
3538 LOG(ERROR) << StringPrintf("Block size is unknown");
3539 return NFC_STATUS_FAILED;
3540 }
3541
3542 status = rw_i93_send_cmd_write_multi_blocks(first_block_number, number_blocks,
3543 p_data);
3544 if (status == NFC_STATUS_OK) {
3545 rw_cb.tcb.i93.state = RW_I93_STATE_BUSY;
3546 }
3547
3548 return status;
3549 }
3550
3551 /*******************************************************************************
3552 **
3553 ** Function RW_I93Select
3554 **
3555 ** Description This function send Select command
3556 **
3557 ** UID[0]: 0xE0, MSB
3558 ** UID[1]: IC Mfg Code
3559 ** ...
3560 ** UID[7]: LSB
3561 **
3562 ** RW_I93_CMD_CMPL_EVT will be returned
3563 **
3564 ** Returns NFC_STATUS_OK if success
3565 ** NFC_STATUS_NO_BUFFERS if out of buffer
3566 ** NFC_STATUS_BUSY if busy
3567 ** NFC_STATUS_FAILED if other error
3568 **
3569 *******************************************************************************/
RW_I93Select(uint8_t * p_uid)3570 tNFC_STATUS RW_I93Select(uint8_t* p_uid) {
3571 tNFC_STATUS status;
3572
3573 DLOG_IF(INFO, nfc_debug_enabled) << __func__;
3574
3575 if (rw_cb.tcb.i93.state != RW_I93_STATE_IDLE) {
3576 LOG(ERROR) << StringPrintf("Unable to start command at state (0x%X)",
3577 rw_cb.tcb.i93.state);
3578 return NFC_STATUS_BUSY;
3579 }
3580
3581 if (p_uid) {
3582 status = rw_i93_send_cmd_select(p_uid);
3583 if (status == NFC_STATUS_OK) {
3584 rw_cb.tcb.i93.state = RW_I93_STATE_BUSY;
3585 }
3586 } else {
3587 LOG(ERROR) << StringPrintf("UID shall be provided");
3588 status = NFC_STATUS_FAILED;
3589 }
3590
3591 return status;
3592 }
3593
3594 /*******************************************************************************
3595 **
3596 ** Function RW_I93ResetToReady
3597 **
3598 ** Description This function send Reset To Ready command
3599 **
3600 ** RW_I93_CMD_CMPL_EVT will be returned
3601 **
3602 ** Returns NFC_STATUS_OK if success
3603 ** NFC_STATUS_NO_BUFFERS if out of buffer
3604 ** NFC_STATUS_BUSY if busy
3605 ** NFC_STATUS_FAILED if other error
3606 **
3607 *******************************************************************************/
RW_I93ResetToReady(void)3608 tNFC_STATUS RW_I93ResetToReady(void) {
3609 tNFC_STATUS status;
3610
3611 DLOG_IF(INFO, nfc_debug_enabled) << __func__;
3612
3613 if (rw_cb.tcb.i93.state != RW_I93_STATE_IDLE) {
3614 LOG(ERROR) << StringPrintf("Unable to start command at state (0x%X)",
3615 rw_cb.tcb.i93.state);
3616 return NFC_STATUS_BUSY;
3617 }
3618
3619 status = rw_i93_send_cmd_reset_to_ready();
3620 if (status == NFC_STATUS_OK) {
3621 rw_cb.tcb.i93.state = RW_I93_STATE_BUSY;
3622 }
3623
3624 return status;
3625 }
3626
3627 /*******************************************************************************
3628 **
3629 ** Function RW_I93WriteAFI
3630 **
3631 ** Description This function send Write AFI command
3632 **
3633 ** RW_I93_CMD_CMPL_EVT will be returned
3634 **
3635 ** Returns NFC_STATUS_OK if success
3636 ** NFC_STATUS_NO_BUFFERS if out of buffer
3637 ** NFC_STATUS_BUSY if busy
3638 ** NFC_STATUS_FAILED if other error
3639 **
3640 *******************************************************************************/
RW_I93WriteAFI(uint8_t afi)3641 tNFC_STATUS RW_I93WriteAFI(uint8_t afi) {
3642 tNFC_STATUS status;
3643
3644 DLOG_IF(INFO, nfc_debug_enabled) << __func__;
3645
3646 if (rw_cb.tcb.i93.state != RW_I93_STATE_IDLE) {
3647 LOG(ERROR) << StringPrintf("Unable to start command at state (0x%X)",
3648 rw_cb.tcb.i93.state);
3649 return NFC_STATUS_BUSY;
3650 }
3651
3652 status = rw_i93_send_cmd_write_afi(afi);
3653 if (status == NFC_STATUS_OK) {
3654 rw_cb.tcb.i93.state = RW_I93_STATE_BUSY;
3655 }
3656
3657 return status;
3658 }
3659
3660 /*******************************************************************************
3661 **
3662 ** Function RW_I93LockAFI
3663 **
3664 ** Description This function send Lock AFI command
3665 **
3666 ** RW_I93_CMD_CMPL_EVT will be returned
3667 **
3668 ** Returns NFC_STATUS_OK if success
3669 ** NFC_STATUS_NO_BUFFERS if out of buffer
3670 ** NFC_STATUS_BUSY if busy
3671 ** NFC_STATUS_FAILED if other error
3672 **
3673 *******************************************************************************/
RW_I93LockAFI(void)3674 tNFC_STATUS RW_I93LockAFI(void) {
3675 tNFC_STATUS status;
3676
3677 DLOG_IF(INFO, nfc_debug_enabled) << __func__;
3678
3679 if (rw_cb.tcb.i93.state != RW_I93_STATE_IDLE) {
3680 LOG(ERROR) << StringPrintf("Unable to start command at state (0x%X)",
3681 rw_cb.tcb.i93.state);
3682 return NFC_STATUS_BUSY;
3683 }
3684
3685 status = rw_i93_send_cmd_lock_afi();
3686 if (status == NFC_STATUS_OK) {
3687 rw_cb.tcb.i93.state = RW_I93_STATE_BUSY;
3688 }
3689
3690 return status;
3691 }
3692
3693 /*******************************************************************************
3694 **
3695 ** Function RW_I93WriteDSFID
3696 **
3697 ** Description This function send Write DSFID command
3698 **
3699 ** RW_I93_CMD_CMPL_EVT will be returned
3700 **
3701 ** Returns NFC_STATUS_OK if success
3702 ** NFC_STATUS_NO_BUFFERS if out of buffer
3703 ** NFC_STATUS_BUSY if busy
3704 ** NFC_STATUS_FAILED if other error
3705 **
3706 *******************************************************************************/
RW_I93WriteDSFID(uint8_t dsfid)3707 tNFC_STATUS RW_I93WriteDSFID(uint8_t dsfid) {
3708 tNFC_STATUS status;
3709
3710 DLOG_IF(INFO, nfc_debug_enabled) << __func__;
3711
3712 if (rw_cb.tcb.i93.state != RW_I93_STATE_IDLE) {
3713 LOG(ERROR) << StringPrintf("Unable to start command at state (0x%X)",
3714 rw_cb.tcb.i93.state);
3715 return NFC_STATUS_BUSY;
3716 }
3717
3718 status = rw_i93_send_cmd_write_dsfid(dsfid);
3719 if (status == NFC_STATUS_OK) {
3720 rw_cb.tcb.i93.state = RW_I93_STATE_BUSY;
3721 }
3722
3723 return status;
3724 }
3725
3726 /*******************************************************************************
3727 **
3728 ** Function RW_I93LockDSFID
3729 **
3730 ** Description This function send Lock DSFID command
3731 **
3732 ** RW_I93_CMD_CMPL_EVT will be returned
3733 **
3734 ** Returns NFC_STATUS_OK if success
3735 ** NFC_STATUS_NO_BUFFERS if out of buffer
3736 ** NFC_STATUS_BUSY if busy
3737 ** NFC_STATUS_FAILED if other error
3738 **
3739 *******************************************************************************/
RW_I93LockDSFID(void)3740 tNFC_STATUS RW_I93LockDSFID(void) {
3741 tNFC_STATUS status;
3742
3743 DLOG_IF(INFO, nfc_debug_enabled) << __func__;
3744
3745 if (rw_cb.tcb.i93.state != RW_I93_STATE_IDLE) {
3746 LOG(ERROR) << StringPrintf("Unable to start command at state (0x%X)",
3747 rw_cb.tcb.i93.state);
3748 return NFC_STATUS_BUSY;
3749 }
3750
3751 status = rw_i93_send_cmd_lock_dsfid();
3752 if (status == NFC_STATUS_OK) {
3753 rw_cb.tcb.i93.state = RW_I93_STATE_BUSY;
3754 }
3755
3756 return status;
3757 }
3758
3759 /*******************************************************************************
3760 **
3761 ** Function RW_I93GetSysInfo
3762 **
3763 ** Description This function send Get System Information command
3764 **
3765 ** RW_I93_RESPONSE_EVT will be returned
3766 **
3767 ** Returns NFC_STATUS_OK if success
3768 ** NFC_STATUS_NO_BUFFERS if out of buffer
3769 ** NFC_STATUS_BUSY if busy
3770 ** NFC_STATUS_FAILED if other error
3771 **
3772 *******************************************************************************/
RW_I93GetSysInfo(uint8_t * p_uid)3773 tNFC_STATUS RW_I93GetSysInfo(uint8_t* p_uid) {
3774 tNFC_STATUS status;
3775
3776 DLOG_IF(INFO, nfc_debug_enabled) << __func__;
3777
3778 if (rw_cb.tcb.i93.state != RW_I93_STATE_IDLE) {
3779 LOG(ERROR) << StringPrintf("Unable to start command at state (0x%X)",
3780 rw_cb.tcb.i93.state);
3781 return NFC_STATUS_BUSY;
3782 }
3783
3784 if (p_uid) {
3785 status = rw_i93_send_cmd_get_sys_info(p_uid, I93_FLAG_PROT_EXT_NO);
3786 } else {
3787 status = rw_i93_send_cmd_get_sys_info(nullptr, I93_FLAG_PROT_EXT_NO);
3788 }
3789
3790 if (status == NFC_STATUS_OK) {
3791 rw_cb.tcb.i93.state = RW_I93_STATE_BUSY;
3792 }
3793
3794 return status;
3795 }
3796
3797 /*******************************************************************************
3798 **
3799 ** Function RW_I93GetMultiBlockSecurityStatus
3800 **
3801 ** Description This function send Get Multiple Block Security Status
3802 ** command
3803 **
3804 ** RW_I93_RESPONSE_EVT will be returned
3805 **
3806 ** Returns NFC_STATUS_OK if success
3807 ** NFC_STATUS_NO_BUFFERS if out of buffer
3808 ** NFC_STATUS_BUSY if busy
3809 ** NFC_STATUS_FAILED if other error
3810 **
3811 *******************************************************************************/
RW_I93GetMultiBlockSecurityStatus(uint16_t first_block_number,uint16_t number_blocks)3812 tNFC_STATUS RW_I93GetMultiBlockSecurityStatus(uint16_t first_block_number,
3813 uint16_t number_blocks) {
3814 tNFC_STATUS status;
3815
3816 DLOG_IF(INFO, nfc_debug_enabled) << __func__;
3817
3818 if (rw_cb.tcb.i93.state != RW_I93_STATE_IDLE) {
3819 LOG(ERROR) << StringPrintf(
3820 "Unable to start command at state "
3821 "(0x%X)",
3822 rw_cb.tcb.i93.state);
3823 return NFC_STATUS_BUSY;
3824 }
3825
3826 status =
3827 rw_i93_send_cmd_get_multi_block_sec(first_block_number, number_blocks);
3828 if (status == NFC_STATUS_OK) {
3829 rw_cb.tcb.i93.state = RW_I93_STATE_BUSY;
3830 }
3831
3832 return status;
3833 }
3834
3835 /*******************************************************************************
3836 **
3837 ** Function RW_I93DetectNDef
3838 **
3839 ** Description This function performs NDEF detection procedure
3840 **
3841 ** RW_I93_NDEF_DETECT_EVT will be returned
3842 **
3843 ** Returns NFC_STATUS_OK if success
3844 ** NFC_STATUS_FAILED if busy or other error
3845 **
3846 *******************************************************************************/
RW_I93DetectNDef(void)3847 tNFC_STATUS RW_I93DetectNDef(void) {
3848 tNFC_STATUS status;
3849 tRW_I93_RW_SUBSTATE sub_state;
3850
3851 DLOG_IF(INFO, nfc_debug_enabled) << __func__;
3852
3853 if (rw_cb.tcb.i93.state != RW_I93_STATE_IDLE) {
3854 LOG(ERROR) << StringPrintf("Unable to start command at state (0x%X)",
3855 rw_cb.tcb.i93.state);
3856 return NFC_STATUS_FAILED;
3857 }
3858
3859 if (rw_cb.tcb.i93.uid[0] != I93_UID_FIRST_BYTE) {
3860 status = rw_i93_send_cmd_inventory(nullptr, false, 0x00);
3861 sub_state = RW_I93_SUBSTATE_WAIT_UID;
3862 } else if ((rw_cb.tcb.i93.num_block == 0) ||
3863 (rw_cb.tcb.i93.block_size == 0)) {
3864 status =
3865 rw_i93_send_cmd_get_sys_info(rw_cb.tcb.i93.uid, I93_FLAG_PROT_EXT_NO);
3866 sub_state = RW_I93_SUBSTATE_WAIT_SYS_INFO;
3867
3868 /* clear all flags */
3869 rw_cb.tcb.i93.intl_flags = 0;
3870 } else {
3871 /* read CC in the first block */
3872 status = rw_i93_send_cmd_read_single_block(0x0000, false);
3873 sub_state = RW_I93_SUBSTATE_WAIT_CC;
3874 }
3875
3876 if (status == NFC_STATUS_OK) {
3877 rw_cb.tcb.i93.state = RW_I93_STATE_DETECT_NDEF;
3878 rw_cb.tcb.i93.sub_state = sub_state;
3879
3880 /* clear flags except flag for 2 bytes of number of blocks */
3881 rw_cb.tcb.i93.intl_flags &= RW_I93_FLAG_16BIT_NUM_BLOCK;
3882 }
3883
3884 return (status);
3885 }
3886
3887 /*******************************************************************************
3888 **
3889 ** Function RW_I93ReadNDef
3890 **
3891 ** Description This function performs NDEF read procedure
3892 ** Note: RW_I93DetectNDef () must be called before using this
3893 **
3894 ** The following event will be returned
3895 ** RW_I93_NDEF_READ_EVT for each segmented NDEF message
3896 ** RW_I93_NDEF_READ_CPLT_EVT for the last segment or
3897 ** complete NDEF
3898 ** RW_I93_NDEF_READ_FAIL_EVT for failure
3899 **
3900 ** Returns NFC_STATUS_OK if success
3901 ** NFC_STATUS_FAILED if I93 is busy or other error
3902 **
3903 *******************************************************************************/
RW_I93ReadNDef(void)3904 tNFC_STATUS RW_I93ReadNDef(void) {
3905 DLOG_IF(INFO, nfc_debug_enabled) << __func__;
3906
3907 if (rw_cb.tcb.i93.state != RW_I93_STATE_IDLE) {
3908 LOG(ERROR) << StringPrintf("Unable to start command at state (0x%X)",
3909 rw_cb.tcb.i93.state);
3910 return NFC_STATUS_FAILED;
3911 }
3912
3913 if ((rw_cb.tcb.i93.tlv_type == I93_ICODE_TLV_TYPE_NDEF) &&
3914 (rw_cb.tcb.i93.ndef_length > 0)) {
3915 rw_cb.tcb.i93.rw_offset = rw_cb.tcb.i93.ndef_tlv_start_offset;
3916 rw_cb.tcb.i93.rw_length = 0;
3917
3918 if (rw_i93_get_next_blocks(rw_cb.tcb.i93.rw_offset) == NFC_STATUS_OK) {
3919 rw_cb.tcb.i93.state = RW_I93_STATE_READ_NDEF;
3920 } else {
3921 return NFC_STATUS_FAILED;
3922 }
3923 } else {
3924 LOG(ERROR) << StringPrintf("No NDEF detected");
3925 return NFC_STATUS_FAILED;
3926 }
3927
3928 return NFC_STATUS_OK;
3929 }
3930
3931 /*******************************************************************************
3932 **
3933 ** Function RW_I93UpdateNDef
3934 **
3935 ** Description This function performs NDEF update procedure
3936 ** Note: RW_I93DetectNDef () must be called before using this
3937 ** Updating data must not be removed until returning
3938 ** event
3939 **
3940 ** The following event will be returned
3941 ** RW_I93_NDEF_UPDATE_CPLT_EVT for complete
3942 ** RW_I93_NDEF_UPDATE_FAIL_EVT for failure
3943 **
3944 ** Returns NFC_STATUS_OK if success
3945 ** NFC_STATUS_FAILED if I93 is busy or other error
3946 **
3947 *******************************************************************************/
RW_I93UpdateNDef(uint16_t length,uint8_t * p_data)3948 tNFC_STATUS RW_I93UpdateNDef(uint16_t length, uint8_t* p_data) {
3949 uint16_t block_number;
3950
3951 DLOG_IF(INFO, nfc_debug_enabled) << StringPrintf("length:%d", length);
3952
3953 if (rw_cb.tcb.i93.state != RW_I93_STATE_IDLE) {
3954 LOG(ERROR) << StringPrintf("Unable to start command at state (0x%X)",
3955 rw_cb.tcb.i93.state);
3956 return NFC_STATUS_FAILED;
3957 }
3958
3959 if (rw_cb.tcb.i93.tlv_type == I93_ICODE_TLV_TYPE_NDEF) {
3960 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_READ_ONLY) {
3961 LOG(ERROR) << StringPrintf("NDEF is read-only");
3962 return NFC_STATUS_FAILED;
3963 }
3964 if (rw_cb.tcb.i93.max_ndef_length < length) {
3965 LOG(ERROR) << StringPrintf(
3966 "data (%d bytes) is more than max NDEF length "
3967 "(%d)",
3968 length, rw_cb.tcb.i93.max_ndef_length);
3969 return NFC_STATUS_FAILED;
3970 }
3971
3972 rw_cb.tcb.i93.ndef_length = length;
3973 rw_cb.tcb.i93.p_update_data = p_data;
3974
3975 /* read length field */
3976 rw_cb.tcb.i93.rw_offset = rw_cb.tcb.i93.ndef_tlv_start_offset + 1;
3977 rw_cb.tcb.i93.rw_length = 0;
3978
3979 block_number = rw_cb.tcb.i93.rw_offset / rw_cb.tcb.i93.block_size;
3980
3981 if (rw_i93_send_cmd_read_single_block(block_number, false) ==
3982 NFC_STATUS_OK) {
3983 rw_cb.tcb.i93.state = RW_I93_STATE_UPDATE_NDEF;
3984 rw_cb.tcb.i93.sub_state = RW_I93_SUBSTATE_RESET_LEN;
3985 } else {
3986 return NFC_STATUS_FAILED;
3987 }
3988 } else {
3989 LOG(ERROR) << StringPrintf("No NDEF detected");
3990 return NFC_STATUS_FAILED;
3991 }
3992
3993 return NFC_STATUS_OK;
3994 }
3995
3996 /*******************************************************************************
3997 **
3998 ** Function RW_I93FormatNDef
3999 **
4000 ** Description This function performs formatting procedure
4001 **
4002 ** RW_I93_FORMAT_CPLT_EVT will be returned
4003 **
4004 ** Returns NFC_STATUS_OK if success
4005 ** NFC_STATUS_FAILED if busy or other error
4006 **
4007 *******************************************************************************/
RW_I93FormatNDef(void)4008 tNFC_STATUS RW_I93FormatNDef(void) {
4009 tNFC_STATUS status;
4010 tRW_I93_RW_SUBSTATE sub_state;
4011
4012 DLOG_IF(INFO, nfc_debug_enabled) << __func__;
4013
4014 if (rw_cb.tcb.i93.state != RW_I93_STATE_IDLE) {
4015 LOG(ERROR) << StringPrintf("Unable to start command at state (0x%X)",
4016 rw_cb.tcb.i93.state);
4017 return NFC_STATUS_FAILED;
4018 }
4019
4020 if ((rw_cb.tcb.i93.product_version == RW_I93_TAG_IT_HF_I_STD_CHIP_INLAY) ||
4021 (rw_cb.tcb.i93.product_version == RW_I93_TAG_IT_HF_I_PRO_CHIP_INLAY)) {
4022 /* These don't support GetSystemInformation and GetMultiBlockSecurityStatus
4023 */
4024 rw_cb.tcb.i93.rw_offset = 0;
4025
4026 /* read blocks with option flag to get block security status */
4027 status = rw_i93_send_cmd_read_single_block(0x0000, true);
4028 sub_state = RW_I93_SUBSTATE_CHECK_READ_ONLY;
4029 } else {
4030 status = rw_i93_send_cmd_inventory(rw_cb.tcb.i93.uid, false, 0x00);
4031 sub_state = RW_I93_SUBSTATE_WAIT_UID;
4032 }
4033
4034 if (status == NFC_STATUS_OK) {
4035 rw_cb.tcb.i93.state = RW_I93_STATE_FORMAT;
4036 rw_cb.tcb.i93.sub_state = sub_state;
4037 rw_cb.tcb.i93.intl_flags = 0;
4038 }
4039
4040 return (status);
4041 }
4042
4043 /*******************************************************************************
4044 **
4045 ** Function RW_I93SetTagReadOnly
4046 **
4047 ** Description This function performs NDEF read-only procedure
4048 ** Note: RW_I93DetectNDef () must be called before using this
4049 ** Updating data must not be removed until returning
4050 ** event
4051 **
4052 ** The RW_I93_SET_TAG_RO_EVT event will be returned.
4053 **
4054 ** Returns NFC_STATUS_OK if success
4055 ** NFC_STATUS_FAILED if I93 is busy or other error
4056 **
4057 *******************************************************************************/
RW_I93SetTagReadOnly(void)4058 tNFC_STATUS RW_I93SetTagReadOnly(void) {
4059 DLOG_IF(INFO, nfc_debug_enabled) << __func__;
4060
4061 if (rw_cb.tcb.i93.state != RW_I93_STATE_IDLE) {
4062 LOG(ERROR) << StringPrintf("Unable to start command at state (0x%X)",
4063 rw_cb.tcb.i93.state);
4064 return NFC_STATUS_FAILED;
4065 }
4066
4067 if (rw_cb.tcb.i93.tlv_type == I93_ICODE_TLV_TYPE_NDEF) {
4068 if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_READ_ONLY) {
4069 LOG(ERROR) << StringPrintf("NDEF is already read-only");
4070 return NFC_STATUS_FAILED;
4071 }
4072
4073 /* get CC in the first block */
4074 if (rw_i93_send_cmd_read_single_block(0, false) == NFC_STATUS_OK) {
4075 rw_cb.tcb.i93.state = RW_I93_STATE_SET_READ_ONLY;
4076 rw_cb.tcb.i93.sub_state = RW_I93_SUBSTATE_WAIT_CC;
4077 } else {
4078 return NFC_STATUS_FAILED;
4079 }
4080 } else {
4081 LOG(ERROR) << StringPrintf("No NDEF detected");
4082 return NFC_STATUS_FAILED;
4083 }
4084
4085 return NFC_STATUS_OK;
4086 }
4087
4088 /*****************************************************************************
4089 **
4090 ** Function RW_I93PresenceCheck
4091 **
4092 ** Description Check if the tag is still in the field.
4093 **
4094 ** The RW_I93_PRESENCE_CHECK_EVT w/ status is used to indicate
4095 ** presence or non-presence.
4096 **
4097 ** Returns NFC_STATUS_OK, if raw data frame sent
4098 ** NFC_STATUS_NO_BUFFERS: unable to allocate a buffer for this
4099 ** operation
4100 ** NFC_STATUS_FAILED: other error
4101 **
4102 *****************************************************************************/
RW_I93PresenceCheck(void)4103 tNFC_STATUS RW_I93PresenceCheck(void) {
4104 tNFC_STATUS status;
4105 tRW_DATA evt_data;
4106
4107 DLOG_IF(INFO, nfc_debug_enabled) << __func__;
4108
4109 if (!rw_cb.p_cback) {
4110 return NFC_STATUS_FAILED;
4111 } else if (rw_cb.tcb.i93.state == RW_I93_STATE_NOT_ACTIVATED) {
4112 evt_data.status = NFC_STATUS_FAILED;
4113 (*rw_cb.p_cback)(RW_T4T_PRESENCE_CHECK_EVT, &evt_data);
4114
4115 return NFC_STATUS_OK;
4116 } else if (rw_cb.tcb.i93.state != RW_I93_STATE_IDLE) {
4117 return NFC_STATUS_BUSY;
4118 } else {
4119 /* The support of AFI by the VICC is optional, so do not include AFI */
4120 status = rw_i93_send_cmd_inventory(rw_cb.tcb.i93.uid, false, 0x00);
4121
4122 if (status == NFC_STATUS_OK) {
4123 /* do not retry during presence check */
4124 rw_cb.tcb.i93.retry_count = RW_MAX_RETRIES;
4125 rw_cb.tcb.i93.state = RW_I93_STATE_PRESENCE_CHECK;
4126 }
4127 }
4128
4129 return (status);
4130 }
4131
4132 /*******************************************************************************
4133 **
4134 ** Function rw_i93_get_state_name
4135 **
4136 ** Description This function returns the state name.
4137 **
4138 ** NOTE conditionally compiled to save memory.
4139 **
4140 ** Returns pointer to the name
4141 **
4142 *******************************************************************************/
rw_i93_get_state_name(uint8_t state)4143 static std::string rw_i93_get_state_name(uint8_t state) {
4144 switch (state) {
4145 case RW_I93_STATE_NOT_ACTIVATED:
4146 return "NOT_ACTIVATED";
4147 case RW_I93_STATE_IDLE:
4148 return "IDLE";
4149 case RW_I93_STATE_BUSY:
4150 return "BUSY";
4151 case RW_I93_STATE_DETECT_NDEF:
4152 return "NDEF_DETECTION";
4153 case RW_I93_STATE_READ_NDEF:
4154 return "READ_NDEF";
4155 case RW_I93_STATE_UPDATE_NDEF:
4156 return "UPDATE_NDEF";
4157 case RW_I93_STATE_FORMAT:
4158 return "FORMAT";
4159 case RW_I93_STATE_SET_READ_ONLY:
4160 return "SET_READ_ONLY";
4161 case RW_I93_STATE_PRESENCE_CHECK:
4162 return "PRESENCE_CHECK";
4163 default:
4164 return "???? UNKNOWN STATE";
4165 }
4166 }
4167
4168 /*******************************************************************************
4169 **
4170 ** Function rw_i93_get_sub_state_name
4171 **
4172 ** Description This function returns the sub_state name.
4173 **
4174 ** NOTE conditionally compiled to save memory.
4175 **
4176 ** Returns pointer to the name
4177 **
4178 *******************************************************************************/
rw_i93_get_sub_state_name(uint8_t sub_state)4179 static std::string rw_i93_get_sub_state_name(uint8_t sub_state) {
4180 switch (sub_state) {
4181 case RW_I93_SUBSTATE_WAIT_UID:
4182 return "WAIT_UID";
4183 case RW_I93_SUBSTATE_WAIT_SYS_INFO:
4184 return "WAIT_SYS_INFO";
4185 case RW_I93_SUBSTATE_WAIT_CC:
4186 return "WAIT_CC";
4187 case RW_I93_SUBSTATE_SEARCH_NDEF_TLV:
4188 return "SEARCH_NDEF_TLV";
4189 case RW_I93_SUBSTATE_CHECK_LOCK_STATUS:
4190 return "CHECK_LOCK_STATUS";
4191 case RW_I93_SUBSTATE_RESET_LEN:
4192 return "RESET_LEN";
4193 case RW_I93_SUBSTATE_WRITE_NDEF:
4194 return "WRITE_NDEF";
4195 case RW_I93_SUBSTATE_UPDATE_LEN:
4196 return "UPDATE_LEN";
4197 case RW_I93_SUBSTATE_WAIT_RESET_DSFID_AFI:
4198 return "WAIT_RESET_DSFID_AFI";
4199 case RW_I93_SUBSTATE_CHECK_READ_ONLY:
4200 return "CHECK_READ_ONLY";
4201 case RW_I93_SUBSTATE_WRITE_CC_NDEF_TLV:
4202 return "WRITE_CC_NDEF_TLV";
4203 case RW_I93_SUBSTATE_WAIT_UPDATE_CC:
4204 return "WAIT_UPDATE_CC";
4205 case RW_I93_SUBSTATE_LOCK_NDEF_TLV:
4206 return "LOCK_NDEF_TLV";
4207 case RW_I93_SUBSTATE_WAIT_LOCK_CC:
4208 return "WAIT_LOCK_CC";
4209 default:
4210 return "???? UNKNOWN SUBSTATE";
4211 }
4212 }
4213
4214 /*******************************************************************************
4215 **
4216 ** Function rw_i93_get_tag_name
4217 **
4218 ** Description This function returns the tag name.
4219 **
4220 ** NOTE conditionally compiled to save memory.
4221 **
4222 ** Returns pointer to the name
4223 **
4224 *******************************************************************************/
rw_i93_get_tag_name(uint8_t product_version)4225 static std::string rw_i93_get_tag_name(uint8_t product_version) {
4226 switch (product_version) {
4227 case RW_I93_ICODE_SLI:
4228 return "SLI/SLIX";
4229 case RW_I93_ICODE_SLI_S:
4230 return "SLI-S/SLIX-S";
4231 case RW_I93_ICODE_SLI_L:
4232 return "SLI-L/SLIX-L";
4233 case RW_I93_TAG_IT_HF_I_PLUS_INLAY:
4234 return "Tag-it HF-I Plus Inlay";
4235 case RW_I93_TAG_IT_HF_I_PLUS_CHIP:
4236 return "Tag-it HF-I Plus Chip";
4237 case RW_I93_TAG_IT_HF_I_STD_CHIP_INLAY:
4238 return "Tag-it HF-I Standard Chip/Inlyas";
4239 case RW_I93_TAG_IT_HF_I_PRO_CHIP_INLAY:
4240 return "Tag-it HF-I Pro Chip/Inlays";
4241 case RW_I93_STM_LRI1K:
4242 return "LRi1K";
4243 case RW_I93_STM_LRI2K:
4244 return "LRi2K";
4245 case RW_I93_STM_LRIS2K:
4246 return "LRiS2K";
4247 case RW_I93_STM_LRIS64K:
4248 return "LRiS64K";
4249 case RW_I93_STM_M24LR64_R:
4250 return "M24LR64";
4251 case RW_I93_STM_M24LR04E_R:
4252 return "M24LR04E";
4253 case RW_I93_STM_M24LR16E_R:
4254 return "M24LR16E";
4255 case RW_I93_STM_M24LR64E_R:
4256 return "M24LR64E";
4257 case RW_I93_STM_ST25DV04K:
4258 return "ST25DV04";
4259 case RW_I93_STM_ST25DVHIK:
4260 return "ST25DV";
4261 case RW_I93_ONS_N36RW02:
4262 return ("N36RW02");
4263 case RW_I93_ONS_N24RF04:
4264 return ("N24RF04");
4265 case RW_I93_ONS_N24RF04E:
4266 return ("N24RF04E");
4267 case RW_I93_ONS_N24RF16:
4268 return ("N24RF16");
4269 case RW_I93_ONS_N24RF16E:
4270 return ("N24RF16E");
4271 case RW_I93_ONS_N24RF64:
4272 return ("N24RF64");
4273 case RW_I93_ONS_N24RF64E:
4274 return ("N24RF64E");
4275 case RW_I93_UNKNOWN_PRODUCT:
4276 default:
4277 return "UNKNOWN";
4278 }
4279 }