1 /* ISO 14443-3 A anticollision implementation
3 * (C) 2005-2006 by Harald Welte <laforge@gnumonks.org>
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License version 2
10 * as published by the Free Software Foundation
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
30 #include <librfid/rfid.h>
31 #include <librfid/rfid_layer2.h>
32 #include <librfid/rfid_reader.h>
33 #include <librfid/rfid_layer2_iso14443a.h>
34 #include <librfid/rfid_protocol.h>
38 unsigned long randctx[4]={0x22d4a017,0x773a1f44,0xc39e1460,0x9cde8801};
40 /* Transceive a 7-bit short frame */
42 iso14443a_transceive_sf(struct rfid_layer2_handle *handle,
44 struct iso14443a_atqa *atqa)
46 const struct rfid_reader *rdr = handle->rh->reader;
48 return rdr->iso14443a.transceive_sf(handle->rh, cmd, atqa);
51 /* Transmit an anticollission bit frame */
53 iso14443a_transceive_acf(struct rfid_layer2_handle *handle,
54 struct iso14443a_anticol_cmd *acf,
55 unsigned int *bit_of_col)
57 const struct rfid_reader *rdr = handle->rh->reader;
59 return rdr->iso14443a.transceive_acf(handle->rh, acf, bit_of_col);
62 /* Transmit a regular frame */
64 iso14443a_transceive(struct rfid_layer2_handle *handle,
65 enum rfid_frametype frametype,
66 const unsigned char *tx_buf, unsigned int tx_len,
67 unsigned char *rx_buf, unsigned int *rx_len,
68 u_int64_t timeout, unsigned int flags)
70 return handle->rh->reader->transceive(handle->rh, frametype, tx_buf,
71 tx_len, rx_buf, rx_len, timeout, flags);
75 iso14443a_code_nvb_bits(unsigned char *nvb, unsigned int bits)
77 unsigned int byte_count = bits / 8;
78 unsigned int bit_count = bits % 8;
80 if (byte_count < 2 || byte_count > 7)
83 *nvb = ((byte_count & 0xf) << 4) | bit_count;
93 randctx[0]=randctx[1];
94 randctx[1]=(randctx[2]<<19) + (randctx[2]>>13) + randctx[3];
95 randctx[2]=randctx[3] ^ randctx[0];
96 randctx[3]=e+randctx[1];
101 /* first bit is '1', second bit '2' */
103 rnd_toggle_bit_in_field(unsigned char *bitfield, unsigned int size, unsigned int bit)
105 unsigned int byte,rnd;
107 if(bit && (bit <= (size*8)) )
111 DEBUGP("xor'ing bit %u with %u\n",bit,rnd);
115 bitfield[byte] ^= bit;
121 iso14443a_anticol(struct rfid_layer2_handle *handle)
124 unsigned int uid_size;
125 struct iso14443a_handle *h = &handle->priv.iso14443a;
126 struct iso14443a_atqa *atqa = &h->atqa;
127 struct iso14443a_anticol_cmd acf;
128 unsigned int bit_of_col;
129 unsigned char sak[3];
130 unsigned int rx_len = sizeof(sak);
131 char *aqptr = (char *) atqa;
133 memset(handle->uid, 0, sizeof(handle->uid));
134 memset(sak, 0, sizeof(sak));
135 memset(atqa, 0, sizeof(&atqa));
136 memset(&acf, 0, sizeof(acf));
138 if (handle->flags & RFID_OPT_LAYER2_WUP)
139 ret = iso14443a_transceive_sf(handle, ISO14443A_SF_CMD_WUPA, atqa);
141 ret = iso14443a_transceive_sf(handle, ISO14443A_SF_CMD_REQA, atqa);
143 h->state = ISO14443A_STATE_REQA_SENT;
144 DEBUGP("error during transceive_sf: %d\n", ret);
147 h->state = ISO14443A_STATE_ATQA_RCVD;
149 DEBUGP("ATQA: 0x%02x 0x%02x\n", *aqptr, *(aqptr+1));
151 if (!atqa->bf_anticol) {
152 h->state = ISO14443A_STATE_NO_BITFRAME_ANTICOL;
153 DEBUGP("no bitframe anticollission bits set, aborting\n");
157 if (atqa->uid_size == 2 || atqa->uid_size == 3)
159 else if (atqa->uid_size == 1)
164 acf.sel_code = ISO14443A_AC_SEL_CODE_CL1;
166 h->state = ISO14443A_STATE_ANTICOL_RUNNING;
167 h->level = ISO14443A_LEVEL_CL1;
170 rx_len = sizeof(sak);
171 iso14443a_code_nvb_bits(&acf.nvb, 16);
173 ret = iso14443a_transceive_acf(handle, &acf, &bit_of_col);
177 while (bit_of_col != ISO14443A_BITOFCOL_NONE) {
178 DEBUGP("collision at pos %u\n", bit_of_col);
180 iso14443a_code_nvb_bits(&acf.nvb, bit_of_col);
181 rnd_toggle_bit_in_field(acf.uid_bits, sizeof(acf.uid_bits), bit_of_col);
182 DEBUGP("acf: nvb=0x%02X uid_bits=%s\n",acf.nvb,rfid_hexdump(acf.uid_bits,sizeof(acf.uid_bits)));
183 ret = iso14443a_transceive_acf(handle, &acf, &bit_of_col);
188 iso14443a_code_nvb_bits(&acf.nvb, 7*8);
190 ret = iso14443a_transceive(handle, RFID_14443A_FRAME_REGULAR,
191 (unsigned char *)&acf, 7,
192 (unsigned char *) &sak, &rx_len,
198 /* Cascade bit set, UID not complete */
199 switch (acf.sel_code) {
200 case ISO14443A_AC_SEL_CODE_CL1:
201 /* cascading from CL1 to CL2 */
202 if (acf.uid_bits[0] != 0x88) {
203 DEBUGP("Cascade bit set, but UID0 != 0x88\n");
206 memcpy(&handle->uid[0], &acf.uid_bits[1], 3);
207 acf.sel_code = ISO14443A_AC_SEL_CODE_CL2;
208 h->level = ISO14443A_LEVEL_CL2;
210 case ISO14443A_AC_SEL_CODE_CL2:
211 /* cascading from CL2 to CL3 */
212 memcpy(&handle->uid[3], &acf.uid_bits[1], 3);
213 acf.sel_code = ISO14443A_AC_SEL_CODE_CL3;
214 h->level = ISO14443A_LEVEL_CL3;
217 DEBUGP("cannot cascade any further than CL3\n");
218 h->state = ISO14443A_STATE_ERROR;
225 switch (acf.sel_code) {
226 case ISO14443A_AC_SEL_CODE_CL1:
227 /* single size UID (4 bytes) */
228 memcpy(&handle->uid[0], &acf.uid_bits[0], 4);
230 case ISO14443A_AC_SEL_CODE_CL2:
231 /* double size UID (7 bytes) */
232 memcpy(&handle->uid[3], &acf.uid_bits[0], 4);
234 case ISO14443A_AC_SEL_CODE_CL3:
235 /* triple size UID (10 bytes) */
236 memcpy(&handle->uid[6], &acf.uid_bits[0], 4);
241 h->level = ISO14443A_LEVEL_NONE;
242 h->state = ISO14443A_STATE_SELECTED;
247 else if (uid_size == 2)
250 handle->uid_len = 10;
252 DEBUGP("UID %s\n", rfid_hexdump(handle->uid, handle->uid_len));
256 DEBUGP("we have a T=CL compliant PICC\n");
257 handle->proto_supported = 1 << RFID_PROTOCOL_TCL;
260 DEBUGP("we have a T!=CL PICC\n");
261 handle->proto_supported = (1 << RFID_PROTOCOL_MIFARE_UL)|
262 (1 << RFID_PROTOCOL_MIFARE_CLASSIC);
270 iso14443a_hlta(struct rfid_layer2_handle *handle)
273 unsigned char tx_buf[2] = { 0x50, 0x00 };
274 unsigned char rx_buf[10];
275 unsigned int rx_len = sizeof(rx_buf);
277 ret = iso14443a_transceive(handle, RFID_14443A_FRAME_REGULAR,
278 tx_buf, sizeof(tx_buf),
279 rx_buf, &rx_len, 1000 /* 1ms */, 0);
281 /* "error" case: we don't get somethng back from the card */
288 iso14443a_setopt(struct rfid_layer2_handle *handle, int optname,
289 const void *optval, unsigned int optlen)
292 const struct rfid_reader *rdr = handle->rh->reader;
296 case RFID_OPT_14443A_SPEED_RX:
297 if (!rdr->iso14443a.set_speed)
299 speed = *(unsigned int *)optval;
300 ret = rdr->iso14443a.set_speed(handle->rh, 0, speed);
302 case RFID_OPT_14443A_SPEED_TX:
303 if (!rdr->iso14443a.set_speed)
305 speed = *(unsigned int *)optval;
306 ret = rdr->iso14443a.set_speed(handle->rh, 1, speed);
308 case RFID_OPT_14443A_WUPA:
309 if((unsigned int*)optval)
310 handle->flags |= RFID_OPT_LAYER2_WUP;
312 handle->flags &= ~RFID_OPT_LAYER2_WUP;
321 iso14443a_getopt(struct rfid_layer2_handle *handle, int optname,
322 void *optval, unsigned int *optlen)
325 struct iso14443a_handle *h = &handle->priv.iso14443a;
326 struct iso14443a_atqa *atqa = optval;
330 case RFID_OPT_14443A_ATQA:
334 case RFID_OPT_14443A_WUPA:
335 *wupa = ((handle->flags & RFID_OPT_LAYER2_WUP) != 0);
344 static struct rfid_layer2_handle *
345 iso14443a_init(struct rfid_reader_handle *rh)
348 struct rfid_layer2_handle *h = malloc_layer2_handle(sizeof(*h));
352 memset(h, 0, sizeof(*h));
355 randctx[0] ^= GetTickCount();
356 #endif/*__MINGW32__*/
357 for(ret=0;ret<23;ret++)
360 h->l2 = &rfid_layer2_iso14443a;
362 h->priv.iso14443a.state = ISO14443A_STATE_NONE;
363 h->priv.iso14443a.level = ISO14443A_LEVEL_NONE;
365 ret = h->rh->reader->iso14443a.init(h->rh);
367 free_layer2_handle(h);
375 iso14443a_fini(struct rfid_layer2_handle *handle)
377 free_layer2_handle(handle);
382 const struct rfid_layer2 rfid_layer2_iso14443a = {
383 .id = RFID_LAYER2_ISO14443A,
384 .name = "ISO 14443-3 A",
386 .init = &iso14443a_init,
387 .open = &iso14443a_anticol,
388 .transceive = &iso14443a_transceive,
389 .close = &iso14443a_hlta,
390 .fini = &iso14443a_fini,
391 .setopt = &iso14443a_setopt,
392 .getopt = &iso14443a_getopt,