1 /* ISO 14443-3 B anticollision implementation
3 * (C) 2005 by Harald Welte <laforge@gnumonks.org>
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License version 2
10 * as published by the Free Software Foundation
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
26 #include <rfid/rfid.h>
27 #include <rfid/rfid_layer2.h>
28 #include <rfid/rfid_reader.h>
29 #include <rfid/rfid_layer2_iso14443b.h>
31 #include "rfid_iso14443_common.h"
33 #define ATQB_TIMEOUT ((256*10e6/ISO14443_FREQ_SUBCARRIER) \
34 +(200*10e6/ISO14443_FREQ_SUBCARRIER))
37 fwi_to_fwt(struct rfid_layer2_handle *h, unsigned int *fwt, unsigned int fwi)
39 unsigned int multiplier, tmp;
45 /* According to ISO 14443-3:200(E), Chapter 7.9.4.3, the forumala is
46 * (256 * 16 / fC) * 2^fwi We avoid floating point computations by
47 * shifting everything into the microsecond range. In integer
48 * calculations 1000000*256*16/13560000 evaluates to 302 (instead of
49 * 302.064897), which provides sufficient precision, IMHO. The max
50 * result is 302 * 16384 (4947968), which fits well within the 31/32
51 * bit range of an integer */
53 multiplier = 1 << fwi; /* 2 to the power of fwi */
55 tmp = (unsigned int) 1000000 * 256 * 16;
57 return (tmp / h->rh->ah->asic->fc) * multiplier;
61 parse_atqb(struct rfid_layer2_handle *h, struct iso14443b_atqb *atqb)
65 if (atqb->fifty != 0x50)
68 if (atqb->protocol_info.fo & 0x01)
69 h->priv.iso14443b.flags |= ISO14443B_CID_SUPPORTED;
70 if (atqb->protocol_info.fo & 0x02)
71 h->priv.iso14443b.flags |= ISO14443B_NAD_SUPPORTED;
73 ret = fwi_to_fwt(h, &h->priv.iso14443b.fwt, atqb->protocol_info.fwi);
75 DEBUGP("invalid fwi %u\n", atqb->protocol_info.fwi);
79 if (atqb->protocol_info.protocol_type == 0x1) {
80 DEBUGP("we have a T=CL compliant PICC\n");
81 h->priv.iso14443b.tcl_capable = 1;
83 DEBUGP("we have a T!=CL PICC\n");
84 h->priv.iso14443b.tcl_capable = 0;
87 iso14443_fsdi_to_fsd(&h->priv.iso14443b.fsc,
88 atqb->protocol_info.max_frame_size);
90 /* FIXME: speed capability */
92 memcpy(h->priv.iso14443b.pupi, atqb->pupi,
93 sizeof(h->priv.iso14443b.pupi));
99 send_reqb(struct rfid_layer2_handle *h, unsigned char afi,
100 unsigned int is_wup, unsigned int num_initial_slots)
103 unsigned char reqb[3];
104 struct iso14443b_atqb atqb;
105 unsigned int atqb_len = sizeof(atqb);
106 unsigned int num_slot_idx = num_initial_slots;
111 for (num_slot_idx = num_initial_slots; num_slot_idx <= 4;
113 reqb[2] = num_slot_idx & 0x07;
117 ret = h->rh->reader->transcieve(h->rh, reqb, sizeof(reqb),
118 (unsigned char *)&atqb,
119 &atqb_len, ATQB_TIMEOUT, 0);
120 h->priv.iso14443b.state = ISO14443B_STATE_REQB_SENT;
122 DEBUGP("error during transcieve of REQB/WUBP\n");
126 /* FIXME: send N-1 slot marker frames */
128 if (atqb_len != sizeof(atqb)) {
129 DEBUGP("error: atqb_len = %u instead of %Zu\n",
130 atqb_len, sizeof(atqb));
134 /* FIXME: how to detect a collission at 14443B ? I guess we
135 * can only rely on the CRC checking (CRCErr in ErrorFlag
138 if (parse_atqb(h, &atqb) >= 0) {
139 h->priv.iso14443b.state = ISO14443B_STATE_ATQB_RCVD;
147 static inline unsigned int mbli_to_mbl(struct rfid_layer2_handle *h,
150 return (h->priv.iso14443b.fsc * 2 ^ (mbli-1));
154 transcieve_attrib(struct rfid_layer2_handle *h, const unsigned char *inf,
155 unsigned int inf_len, unsigned char *rx_data, unsigned int *rx_len)
157 struct iso14443b_attrib_hdr *attrib;
158 unsigned int attrib_size = sizeof(*attrib) + inf_len;
159 unsigned char *rx_buf;
163 DEBUGP("fsd is %u\n", h->priv.iso14443b.fsd);
164 attrib = malloc(attrib_size);
166 perror("attrib_alloc");
170 DEBUGP("fsd is %u\n", h->priv.iso14443b.fsd);
171 rx_buf = malloc(*rx_len+1);
173 perror("rx_buf malloc");
178 /* initialize attrib frame */
179 memset(attrib, 0, attrib_size);
181 memcpy((unsigned char *)attrib+sizeof(*attrib), inf, inf_len);
183 attrib->one_d = 0x1d;
184 memcpy(attrib->identifier, h->priv.iso14443b.pupi, 4);
186 /* FIXME: do we want to change TR0/TR1 from its default ? */
187 /* FIXME: do we want to change SOF/EOF from its default ? */
189 ret = iso14443_fsd_to_fsdi(&fsdi, h->priv.iso14443b.fsd);
191 DEBUGP("unable to map FSD(%u) to FSDI\n",
192 h->priv.iso14443b.fsd);
195 attrib->param2.fsdi = fsdi;
197 /* FIXME: spd_in / spd_out */
198 if (h->priv.iso14443b.tcl_capable == 1)
199 attrib->param3.protocol_type = 0x1;
201 *rx_len = *rx_len + 1;
202 ret = h->rh->reader->transcieve(h->rh, (unsigned char *) attrib,
203 sizeof(*attrib)+inf_len,
204 rx_buf, rx_len, h->priv.iso14443b.fwt,
206 h->priv.iso14443b.state = ISO14443B_STATE_ATTRIB_SENT;
208 DEBUGP("transcieve problem\n");
212 if ((rx_buf[0] & 0x0f) != h->priv.iso14443b.cid) {
213 DEBUGP("ATTRIB response with invalid CID %u\n",
219 h->priv.iso14443b.state = ISO14443B_STATE_SELECTED;
221 h->priv.iso14443b.mbl = mbli_to_mbl(h, (rx_data[0] & 0xf0) >> 4);
223 *rx_len = *rx_len - 1;
224 memcpy(rx_data, rx_buf+1, *rx_len);
235 iso14443b_hltb(struct rfid_layer2_handle *h)
238 unsigned char hltb[5];
239 unsigned char hltb_resp[1];
240 unsigned int hltb_len = 1;
243 memcpy(hltb+1, h->priv.iso14443b.pupi, 4);
245 ret = h->rh->reader->transcieve(h->rh, hltb, 5,
246 hltb_resp, &hltb_len,
247 h->priv.iso14443b.fwt, 0);
248 h->priv.iso14443b.state = ISO14443B_STATE_HLTB_SENT;
250 DEBUGP("transcieve problem\n");
254 if (hltb_len != 1 || hltb_resp[0] != 0x00) {
255 DEBUGP("bad HLTB response\n");
258 h->priv.iso14443b.state = ISO14443B_STATE_HALTED;
264 iso14443b_anticol(struct rfid_layer2_handle *handle)
266 unsigned char afi = 0; /* FIXME */
268 unsigned char buf[255];
269 unsigned int buf_len = sizeof(buf);
271 ret = send_reqb(handle, afi, 0, 0);
275 ret = transcieve_attrib(handle, NULL, 0, buf, &buf_len);
282 static struct rfid_layer2_handle *
283 iso14443b_init(struct rfid_reader_handle *rh)
286 struct rfid_layer2_handle *h = malloc(sizeof(*h));
290 h->l2 = &rfid_layer2_iso14443b;
292 h->priv.iso14443b.state = ISO14443B_STATE_NONE;
294 h->priv.iso14443b.fsd = iso14443_fsd_approx(rh->ah->mru);
295 DEBUGP("fsd is %u\n", h->priv.iso14443b.fsd);
297 /* 14443-3 Section 7.1.6 */
298 h->priv.iso14443b.tr0 = (256/ISO14443_FREQ_SUBCARRIER)*10e6;
299 h->priv.iso14443b.tr1 = (200/ISO14443_FREQ_SUBCARRIER)*10e6;
301 ret = h->rh->reader->iso14443b.init(h->rh);
303 DEBUGP("error during reader 14443b init\n");
312 iso14443b_fini(struct rfid_layer2_handle *handle)
319 iso14443b_transcieve(struct rfid_layer2_handle *handle,
320 const unsigned char *tx_buf, unsigned int tx_len,
321 unsigned char *rx_buf, unsigned int *rx_len,
322 u_int64_t timeout, unsigned int flags)
324 DEBUGP("transcieving %u bytes, expecting max %u\n", tx_len, *rx_len);
325 return handle->rh->reader->transcieve(handle->rh, tx_buf, tx_len,
326 rx_buf, rx_len, timeout, flags);
329 struct rfid_layer2 rfid_layer2_iso14443b = {
330 .id = RFID_LAYER2_ISO14443B,
331 .name = "ISO 14443-3 B",
333 .init = &iso14443b_init,
334 .open = &iso14443b_anticol,
335 .transcieve = &iso14443b_transcieve,
336 .close = &iso14443b_hltb,
337 .fini = &iso14443b_fini,