git.rot13.org Git - librfid/blob - src/rfid_layer2_iso14443a.c

   1 /* ISO 14443-3 A anticollision implementation
   2  *
   3  * (C) 2005-2006 by Harald Welte <laforge@gnumonks.org>
   4  *
   5  */
   6
   7 /*
   8  *  This program is free software; you can redistribute it and/or modify
   9  *  it under the terms of the GNU General Public License version 2
  10  *  as published by the Free Software Foundation
  11  *
  12  *  This program is distributed in the hope that it will be useful,
  13  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  14  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15  *  GNU General Public License for more details.
  16  *
  17  *  You should have received a copy of the GNU General Public License
  18  *  along with this program; if not, write to the Free Software
  19  *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  20  */
  21
  22 #include <stdlib.h>
  23 #include <unistd.h>
  24 #include <string.h>
  25 #include <errno.h>
  26
  27 // #define DEBUG_LIBRFID
  28
  29 #include <librfid/rfid.h>
  30 #include <librfid/rfid_layer2.h>
  31 #include <librfid/rfid_reader.h>
  32 #include <librfid/rfid_layer2_iso14443a.h>
  33 #include <librfid/rfid_protocol.h>
  34
  35 #define TIMEOUT 1236
  36
  37 unsigned long randctx[4]={0x22d4a017,0x773a1f44,0xc39e1460,0x9cde8801};
  38
  39 /* Transceive a 7-bit short frame */
  40 int
  41 iso14443a_transceive_sf(struct rfid_layer2_handle *handle,
  42                          unsigned char cmd,
  43                          struct iso14443a_atqa *atqa)
  44 {
  45         struct rfid_reader *rdr = handle->rh->reader;
  46
  47         return rdr->iso14443a.transceive_sf(handle->rh, cmd, atqa);
  48 }
  49
  50 /* Transmit an anticollission bit frame */
  51 static int
  52 iso14443a_transceive_acf(struct rfid_layer2_handle *handle,
  53                          struct iso14443a_anticol_cmd *acf,
  54                          unsigned int *bit_of_col)
  55 {
  56         struct rfid_reader *rdr = handle->rh->reader;
  57
  58         return rdr->iso14443a.transceive_acf(handle->rh, acf, bit_of_col);
  59 }
  60
  61 /* Transmit a regular frame */
  62 static int
  63 iso14443a_transceive(struct rfid_layer2_handle *handle,
  64                      enum rfid_frametype frametype,
  65                         const unsigned char *tx_buf, unsigned int tx_len,
  66                         unsigned char *rx_buf, unsigned int *rx_len,
  67                         u_int64_t timeout, unsigned int flags)
  68 {
  69         return handle->rh->reader->transceive(handle->rh, frametype, tx_buf,
  70                                         tx_len, rx_buf, rx_len, timeout, flags);
  71 }
  72
  73 static int
  74 iso14443a_code_nvb_bits(unsigned char *nvb, unsigned int bits)
  75 {
  76         unsigned int byte_count = bits / 8;
  77         unsigned int bit_count = bits % 8;
  78
  79         if (byte_count < 2 || byte_count > 7)
  80                 return -1;
  81
  82         *nvb = ((byte_count & 0xf) << 4) | bit_count;
  83
  84         return 0;
  85 }
  86
  87 int random_bit(void)
  88 {
  89     unsigned long e;
  90
  91     e = randctx[0];
  92     randctx[0]=randctx[1];
  93     randctx[1]=(randctx[2]<<19) + (randctx[2]>>13) + randctx[3];
  94     randctx[2]=randctx[3] ^ randctx[0];
  95     randctx[3]=e+randctx[1];
  96
  97     return randctx[1]&1;
  98 }
  99
 100 /* first bit is '1', second bit '2' */
 101 static void
 102 rnd_toggle_bit_in_field(unsigned char *bitfield, unsigned int size, unsigned int bit)
 103 {
 104     unsigned int byte,rnd;
 105
 106     if(bit && (bit <= (size*8)) )
 107     {
 108         rnd=random_bit();
 109
 110         DEBUGP("xor'ing bit %u with %u\n",bit,rnd);
 111         bit--;
 112         byte=bit/8;
 113         bit=rnd<<(bit%8);
 114         bitfield[byte] ^= bit;
 115     }
 116 }
 117
 118
 119 static int
 120 iso14443a_anticol(struct rfid_layer2_handle *handle)
 121 {
 122         int ret;
 123         unsigned int uid_size;
 124         struct iso14443a_handle *h = &handle->priv.iso14443a;
 125         struct iso14443a_atqa *atqa = &h->atqa;
 126         struct iso14443a_anticol_cmd acf;
 127         unsigned int bit_of_col;
 128         unsigned char sak[3];
 129         unsigned int rx_len = sizeof(sak);
 130         char *aqptr = (char *) atqa;
 131
 132         memset(handle->uid, 0, sizeof(handle->uid));
 133         memset(sak, 0, sizeof(sak));
 134         memset(atqa, 0, sizeof(&atqa));
 135         memset(&acf, 0, sizeof(acf));
 136
 137         if (handle->flags & RFID_OPT_LAYER2_WUP)
 138                 ret = iso14443a_transceive_sf(handle, ISO14443A_SF_CMD_WUPA, atqa);
 139         else
 140                 ret = iso14443a_transceive_sf(handle, ISO14443A_SF_CMD_REQA, atqa);
 141         if (ret < 0) {
 142                 h->state = ISO14443A_STATE_REQA_SENT;
 143                 DEBUGP("error during transceive_sf: %d\n", ret);
 144                 return ret;
 145         }
 146         h->state = ISO14443A_STATE_ATQA_RCVD;
 147
 148         DEBUGP("ATQA: 0x%02x 0x%02x\n", *aqptr, *(aqptr+1));
 149
 150         if (!atqa->bf_anticol) {
 151                 h->state = ISO14443A_STATE_NO_BITFRAME_ANTICOL;
 152                 DEBUGP("no bitframe anticollission bits set, aborting\n");
 153                 return -1;
 154         }
 155
 156         if (atqa->uid_size == 2 || atqa->uid_size == 3)
 157                 uid_size = 3;
 158         else if (atqa->uid_size == 1)
 159                 uid_size = 2;
 160         else
 161                 uid_size = 1;
 162
 163         acf.sel_code = ISO14443A_AC_SEL_CODE_CL1;
 164
 165         h->state = ISO14443A_STATE_ANTICOL_RUNNING;
 166         h->level = ISO14443A_LEVEL_CL1;
 167
 168 cascade:
 169         rx_len = sizeof(sak);
 170         iso14443a_code_nvb_bits(&acf.nvb, 16);
 171
 172         ret = iso14443a_transceive_acf(handle, &acf, &bit_of_col);
 173         if (ret < 0)
 174                 return ret;
 175
 176         while (bit_of_col != ISO14443A_BITOFCOL_NONE) {
 177                 DEBUGP("collision at pos %u\n", bit_of_col);
 178
 179                 iso14443a_code_nvb_bits(&acf.nvb, bit_of_col);
 180                 rnd_toggle_bit_in_field(acf.uid_bits, sizeof(acf.uid_bits), bit_of_col);
 181                 DEBUGP("acf: nvb=0x%02X uid_bits=%s\n",acf.nvb,rfid_hexdump(acf.uid_bits,sizeof(acf.uid_bits)));
 182                 ret = iso14443a_transceive_acf(handle, &acf, &bit_of_col);
 183                 if (ret < 0)
 184                         return ret;
 185         }
 186
 187         iso14443a_code_nvb_bits(&acf.nvb, 7*8);
 188
 189         ret = iso14443a_transceive(handle, RFID_14443A_FRAME_REGULAR,
 190                                    (unsigned char *)&acf, 7,
 191                                    (unsigned char *) &sak, &rx_len,
 192                                    TIMEOUT, 0);
 193         if (ret < 0)
 194                 return ret;
 195
 196         if (sak[0] & 0x04) {
 197                 /* Cascade bit set, UID not complete */
 198                 switch (acf.sel_code) {
 199                 case ISO14443A_AC_SEL_CODE_CL1:
 200                         /* cascading from CL1 to CL2 */
 201                         if (acf.uid_bits[0] != 0x88) {
 202                                 DEBUGP("Cascade bit set, but UID0 != 0x88\n");
 203                                 return -1;
 204                         }
 205                         memcpy(&handle->uid[0], &acf.uid_bits[1], 3);
 206                         acf.sel_code = ISO14443A_AC_SEL_CODE_CL2;
 207                         h->level = ISO14443A_LEVEL_CL2;
 208                         break;
 209                 case ISO14443A_AC_SEL_CODE_CL2:
 210                         /* cascading from CL2 to CL3 */
 211                         memcpy(&handle->uid[3], &acf.uid_bits[1], 3);
 212                         acf.sel_code = ISO14443A_AC_SEL_CODE_CL3;
 213                         h->level = ISO14443A_LEVEL_CL3;
 214                         break;
 215                 default:
 216                         DEBUGP("cannot cascade any further than CL3\n");
 217                         h->state = ISO14443A_STATE_ERROR;
 218                         return -1;
 219                         break;
 220                 }
 221                 goto cascade;
 222
 223         } else {
 224                 switch (acf.sel_code) {
 225                 case ISO14443A_AC_SEL_CODE_CL1:
 226                         /* single size UID (4 bytes) */
 227                         memcpy(&handle->uid[0], &acf.uid_bits[0], 4);
 228                         break;
 229                 case ISO14443A_AC_SEL_CODE_CL2:
 230                         /* double size UID (7 bytes) */
 231                         memcpy(&handle->uid[3], &acf.uid_bits[0], 4);
 232                         break;
 233                 case ISO14443A_AC_SEL_CODE_CL3:
 234                         /* triple size UID (10 bytes) */
 235                         memcpy(&handle->uid[6], &acf.uid_bits[0], 4);
 236                         break;
 237                 }
 238         }
 239
 240         h->level = ISO14443A_LEVEL_NONE;
 241         h->state = ISO14443A_STATE_SELECTED;
 242
 243         {
 244                 if (uid_size == 1)
 245                         handle->uid_len = 4;
 246                 else if (uid_size == 2)
 247                         handle->uid_len = 7;
 248                 else
 249                         handle->uid_len = 10;
 250
 251                 DEBUGP("UID %s\n", rfid_hexdump(handle->uid, handle->uid_len));
 252         }
 253
 254         if (sak[0] & 0x20) {
 255                 DEBUGP("we have a T=CL compliant PICC\n");
 256                 handle->proto_supported = 1 << RFID_PROTOCOL_TCL;
 257                 h->tcl_capable = 1;
 258         } else {
 259                 DEBUGP("we have a T!=CL PICC\n");
 260                 handle->proto_supported = (1 << RFID_PROTOCOL_MIFARE_UL)|
 261                                           (1 << RFID_PROTOCOL_MIFARE_CLASSIC);
 262                 h->tcl_capable = 0;
 263         }
 264
 265         return 0;
 266 }
 267
 268 static int
 269 iso14443a_hlta(struct rfid_layer2_handle *handle)
 270 {
 271         int ret;
 272         unsigned char tx_buf[2] = { 0x50, 0x00 };
 273         unsigned char rx_buf[10];
 274         unsigned int rx_len = sizeof(rx_buf);
 275
 276         ret = iso14443a_transceive(handle, RFID_14443A_FRAME_REGULAR,
 277                                    tx_buf, sizeof(tx_buf),
 278                                    rx_buf, &rx_len, 1000 /* 1ms */, 0);
 279         if (ret < 0) {
 280                 /* "error" case: we don't get somethng back from the card */
 281                 return 0;
 282         }
 283         return -1;
 284 }
 285
 286 static int
 287 iso14443a_setopt(struct rfid_layer2_handle *handle, int optname,
 288                  const void *optval, unsigned int optlen)
 289 {
 290         int ret = -EINVAL;
 291         struct rfid_reader *rdr = handle->rh->reader;
 292         unsigned int speed;
 293
 294         switch (optname) {
 295         case RFID_OPT_14443A_SPEED_RX:
 296                 if (!rdr->iso14443a.set_speed)
 297                         return -ENOTSUP;
 298                 speed = *(unsigned int *)optval;
 299                 ret = rdr->iso14443a.set_speed(handle->rh, 0, speed);
 300                 break;
 301         case RFID_OPT_14443A_SPEED_TX:
 302                 if (!rdr->iso14443a.set_speed)
 303                         return -ENOTSUP;
 304                 speed = *(unsigned int *)optval;
 305                 ret = rdr->iso14443a.set_speed(handle->rh, 1, speed);
 306                 break;
 307         case RFID_OPT_14443A_WUPA:
 308                 if((unsigned int*)optval)
 309                         handle->flags |= RFID_OPT_LAYER2_WUP;
 310                 else
 311                         handle->flags &= ~RFID_OPT_LAYER2_WUP;
 312                 ret = 0;
 313                 break;
 314         };
 315
 316         return ret;
 317 }
 318
 319 static int
 320 iso14443a_getopt(struct rfid_layer2_handle *handle, int optname,
 321                  void *optval, unsigned int *optlen)
 322 {
 323         int ret = -EINVAL;
 324         struct iso14443a_handle *h = &handle->priv.iso14443a;
 325         struct iso14443a_atqa *atqa = optval;
 326         int *wupa = optval;
 327
 328         switch (optname) {
 329         case RFID_OPT_14443A_ATQA:
 330                 *atqa = h->atqa;
 331                 ret = 0;
 332                 break;
 333         case RFID_OPT_14443A_WUPA:
 334                 *wupa = ((handle->flags & RFID_OPT_LAYER2_WUP) != 0);
 335                 ret = 0;
 336                 break;
 337         };
 338
 339         return ret;
 340 }
 341
 342
 343 static struct rfid_layer2_handle *
 344 iso14443a_init(struct rfid_reader_handle *rh)
 345 {
 346         int ret;
 347         struct rfid_layer2_handle *h = malloc_layer2_handle(sizeof(*h));
 348         if (!h)
 349                 return NULL;
 350
 351         memset(h, 0, sizeof(*h));
 352
 353         h->l2 = &rfid_layer2_iso14443a;
 354         h->rh = rh;
 355         h->priv.iso14443a.state = ISO14443A_STATE_NONE;
 356         h->priv.iso14443a.level = ISO14443A_LEVEL_NONE;
 357
 358         ret = h->rh->reader->iso14443a.init(h->rh);
 359         if (ret < 0) {
 360                 free_layer2_handle(h);
 361                 return NULL;
 362         }
 363
 364         return h;
 365 }
 366
 367 static int
 368 iso14443a_fini(struct rfid_layer2_handle *handle)
 369 {
 370         free_layer2_handle(handle);
 371         return 0;
 372 }
 373
 374
 375 const struct rfid_layer2 rfid_layer2_iso14443a = {
 376         .id     = RFID_LAYER2_ISO14443A,
 377         .name   = "ISO 14443-3 A",
 378         .fn     = {
 379                 .init           = &iso14443a_init,
 380                 .open           = &iso14443a_anticol,
 381                 .transceive     = &iso14443a_transceive,
 382                 .close          = &iso14443a_hlta,
 383                 .fini           = &iso14443a_fini,
 384                 .setopt         = &iso14443a_setopt,
 385                 .getopt         = &iso14443a_getopt,
 386         },
 387 };
 388