1 /* ISO 14443-4 (T=CL) implementation, PCD side.
3 * (C) 2005 by Harald Welte <laforge@gnumonks.org>
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License version 2
10 * as published by the Free Software Foundation
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
28 #include <librfid/rfid.h>
29 #include <librfid/rfid_protocol_tcl.h>
30 #include <librfid/rfid_protocol.h>
31 #include <librfid/rfid_layer2.h>
32 #include <librfid/rfid_layer2_iso14443b.h>
34 #include <librfid/rfid_asic.h>
35 #include <librfid/rfid_reader.h>
37 #include "rfid_iso14443_common.h"
39 #define RFID_MAX_FRAMELEN 256
41 static enum rfid_frametype l2_to_frame(unsigned int layer2)
44 case RFID_LAYER2_ISO14443A:
45 return RFID_14443A_FRAME_REGULAR;
47 case RFID_LAYER2_ISO14443B:
48 return RFID_14443B_FRAME_REGULAR;
54 static unsigned int sfgi_to_sfgt(struct rfid_protocol_handle *h,
57 unsigned int multiplier;
63 multiplier = 1 << sfgi; /* 2 to the power of sfgi */
65 /* ISO 14443-4:2000(E) Section 5.2.5:
66 * (256 * 16 / h->l2h->rh->ah->fc) * (2 ^ sfgi) */
67 tmp = (unsigned int) 1000000 * 256 * 16;
69 return (tmp / h->l2h->rh->ah->fc) * multiplier;
72 static unsigned int fwi_to_fwt(struct rfid_protocol_handle *h,
75 unsigned int multiplier, tmp;
80 multiplier = 1 << fwi; /* 2 to the power of fwi */
82 /* ISO 14443-4:2000(E) Section 7.2.:
83 * (256*16 / h->l2h->rh->ah->fc) * (2 ^ fwi) */
85 tmp = (unsigned int) 1000000 * 256 * 16;
87 return (tmp / h->l2h->rh->ah->fc) * multiplier;
90 /* 4.9seconds as microseconds (4.9 billion seconds) exceeds 2^32 */
91 #define activation_fwt(x) (((u_int64_t)1000000 * 65536 / x->l2h->rh->ah->fc))
92 #define deactivation_fwt(x) activation_fwt(x)
95 tcl_parse_ats(struct rfid_protocol_handle *h,
96 unsigned char *ats, unsigned int size)
98 unsigned char len = ats[0];
102 if (len == 0 || size == 0)
111 /* FIXME: assume some default values */
112 h->priv.tcl.fsc = 32;
113 h->priv.tcl.ta = 0x80; /* 0x80 (same d for both dirs) */
114 h->priv.tcl.sfgt = sfgi_to_sfgt(h, 0);
115 if (h->l2h->l2->id == RFID_LAYER2_ISO14443A) {
116 /* Section 7.2: fwi default for type A is 4 */
117 h->priv.tcl.fwt = fwi_to_fwt(h, 4);
119 /* Section 7.2: fwi for type B is always in ATQB */
120 /* Value is assigned in tcl_connect() */
121 /* This function is never called for Type B, since it has no (R)ATS */
126 /* guarateed to be at least 2 bytes in size */
131 iso14443_fsdi_to_fsd(&h->priv.tcl.fsc, t0 & 0x0f);
132 if (h->priv.tcl.fsc > h->l2h->rh->ah->mtu)
133 h->priv.tcl.fsc = h->l2h->rh->ah->mtu;
136 /* TA is transmitted */
137 h->priv.tcl.ta = *cur++;
141 /* TB is transmitted */
142 h->priv.tcl.sfgt = sfgi_to_sfgt(h, *cur & 0x0f);
143 h->priv.tcl.fwt = fwi_to_fwt(h, (*cur & 0xf0) >> 4);
148 /* TC is transmitted */
150 h->priv.tcl.flags |= TCL_HANDLE_F_NAD_SUPPORTED;
152 h->priv.tcl.flags |= TCL_HANDLE_F_CID_SUPPORTED;
156 h->priv.tcl.historical_len = (ats+len) - cur;
157 h->priv.tcl.historical_bytes = cur;
163 /* request an ATS from the PICC */
165 tcl_request_ats(struct rfid_protocol_handle *h)
168 unsigned char rats[2];
171 if (h->priv.tcl.state != TCL_STATE_INITIAL)
174 ret = iso14443_fsd_to_fsdi(&fsdi, h->priv.tcl.fsd);
176 DEBUGP("unable to encode FSD of %u as FSDI\n", h->priv.tcl.fsd);
181 rats[1] = (h->priv.tcl.cid & 0x0f) | ((fsdi << 4) & 0xf0);
183 /* transceive (with CRC) */
184 ret = rfid_layer2_transceive(h->l2h, RFID_14443A_FRAME_REGULAR,
185 rats, 2, h->priv.tcl.ats,
186 &h->priv.tcl.ats_len, activation_fwt(h),
187 TCL_TRANSP_F_TX_CRC);
189 DEBUGP("transceive of rats failed\n");
190 h->priv.tcl.state = TCL_STATE_RATS_SENT;
191 /* FIXME: retransmit */
194 h->priv.tcl.state = TCL_STATE_ATS_RCVD;
196 ret = tcl_parse_ats(h, h->priv.tcl.ats, h->priv.tcl.ats_len);
198 DEBUGP("parsing of ats failed\n");
205 #define ATS_TA_DIV_2 1
206 #define ATS_TA_DIV_4 2
207 #define ATS_TA_DIV_8 4
213 static unsigned char d_to_di(struct rfid_protocol_handle *h, unsigned char D)
216 unsigned int speed = h->l2h->rh->reader->iso14443a.speed;
218 if ((D & ATS_TA_DIV_8) && (speed & RFID_14443A_SPEED_848K))
220 else if ((D & ATS_TA_DIV_4) && (speed & RFID_14443A_SPEED_424K))
222 else if ((D & ATS_TA_DIV_2) && (speed & RFID_14443A_SPEED_212K))
230 static unsigned int di_to_speed(unsigned char DI)
234 return RFID_14443A_SPEED_848K;
237 return RFID_14443A_SPEED_424K;
240 return RFID_14443A_SPEED_212K;
243 return RFID_14443A_SPEED_106K;
248 /* start a PPS run (autimatically configure highest possible speed */
250 tcl_do_pps(struct rfid_protocol_handle *h)
253 unsigned char ppss[3];
254 unsigned char pps_response[1];
255 unsigned int rx_len = 1;
256 unsigned char Dr, Ds, DrI, DsI;
259 if (h->priv.tcl.state != TCL_STATE_ATS_RCVD)
262 Dr = h->priv.tcl.ta & 0x07;
263 Ds = h->priv.tcl.ta & 0x70 >> 4;
264 DEBUGP("Dr = 0x%x, Ds = 0x%x\n", Dr, Ds);
266 if (Dr != Ds && !(h->priv.tcl.ta & 0x80)) {
267 /* device supports different divisors for rx and tx, but not
269 DEBUGP("PICC has contradictory TA, aborting PPS\n");
273 /* ISO 14443-4:2000(E) Section 5.3. */
275 ppss[0] = 0xd0 | (h->priv.tcl.cid & 0x0f);
279 /* FIXME: deal with different speed for each direction */
280 DrI = d_to_di(h, Dr);
281 DsI = d_to_di(h, Ds);
282 DEBUGP("DrI = 0x%x, DsI = 0x%x\n", DrI, DsI);
284 ppss[2] = (ppss[2] & 0xf0) | (DrI | DsI << 2);
286 ret = rfid_layer2_transceive(h->l2h, RFID_14443A_FRAME_REGULAR,
287 ppss, 3, pps_response, &rx_len,
288 h->priv.tcl.fwt, TCL_TRANSP_F_TX_CRC);
292 if (pps_response[0] != ppss[0]) {
293 DEBUGP("PPS Response != PPSS\n");
297 speed = di_to_speed(DrI);
299 ret = rfid_layer2_setopt(h->l2h, RFID_OPT_14443A_SPEED_RX,
300 &speed, sizeof(speed));
304 ret = rfid_layer2_setopt(h->l2h, RFID_OPT_14443A_SPEED_TX,
305 &speed, sizeof(speed));
314 tcl_build_prologue2(struct tcl_handle *th,
315 unsigned char *prlg, unsigned int *prlg_len,
323 /* we've sent a toggle bit last time */
326 /* we've not sent a toggle last time: send one */
331 if (th->flags & TCL_HANDLE_F_CID_USED) {
332 /* ISO 14443-4:2000(E) Section 7.1.1.2 */
333 *prlg |= TCL_PCB_CID_FOLLOWING;
335 prlg[*prlg_len] = th->cid & 0x0f;
338 /* nad only for I-block (0xc0 == 00) */
339 if ((th->flags & TCL_HANDLE_F_NAD_USED) &&
340 ((pcb & 0xc0) == 0x00)) {
341 /* ISO 14443-4:2000(E) Section 7.1.1.3 */
342 /* FIXME: in case of chaining only for first frame */
343 *prlg |= TCL_PCB_NAD_FOLLOWING;
344 prlg[*prlg_len] = th->nad;
352 tcl_build_prologue_i(struct tcl_handle *th,
353 unsigned char *prlg, unsigned int *prlg_len)
355 /* ISO 14443-4:2000(E) Section 7.1.1.1 */
356 return tcl_build_prologue2(th, prlg, prlg_len, 0x02);
360 tcl_build_prologue_r(struct tcl_handle *th,
361 unsigned char *prlg, unsigned int *prlg_len,
364 unsigned char pcb = 0xa2;
365 /* ISO 14443-4:2000(E) Section 7.1.1.1 */
370 return tcl_build_prologue2(th, prlg, prlg_len, pcb);
374 tcl_build_prologue_s(struct tcl_handle *th,
375 unsigned char *prlg, unsigned int *prlg_len)
377 /* ISO 14443-4:2000(E) Section 7.1.1.1 */
379 /* the only S-block from PCD->PICC is DESELECT,
380 * well, actually there is the S(WTX) response. */
381 return tcl_build_prologue2(th, prlg, prlg_len, 0xc2);
384 /* FIXME: WTXM implementation */
386 static int tcl_prlg_len(struct tcl_handle *th)
390 if (th->flags & TCL_HANDLE_F_CID_USED)
393 if (th->flags & TCL_HANDLE_F_NAD_USED)
399 #define max_net_tx_framesize(x) (x->fsc - tcl_prlg_len(x))
402 tcl_connect(struct rfid_protocol_handle *h)
406 if (h->priv.tcl.state != TCL_STATE_DESELECTED &&
407 h->priv.tcl.state != TCL_STATE_INITIAL)
410 switch (h->l2h->l2->id) {
411 case RFID_LAYER2_ISO14443A:
412 /* Start Type A T=CL Activation Sequence */
413 ret = tcl_request_ats(h);
417 /* Only do PPS if any non-default divisors supported */
418 if (h->priv.tcl.ta & 0x77) {
424 case RFID_LAYER2_ISO14443B:
425 /* initialized T=CL state from Type B Activation Data */
426 h->priv.tcl.cid = h->l2h->priv.iso14443b.cid;
427 h->priv.tcl.fsc = h->l2h->priv.iso14443b.fsc;
428 h->priv.tcl.fsd = h->l2h->priv.iso14443b.fsd;
429 h->priv.tcl.fwt = h->l2h->priv.iso14443b.fwt;
431 /* what about ta? sfgt? */
433 if (h->l2h->priv.iso14443b.flags & ISO14443B_CID_SUPPORTED)
434 h->priv.tcl.flags |= TCL_HANDLE_F_CID_SUPPORTED;
435 if (h->l2h->priv.iso14443b.flags & ISO14443B_NAD_SUPPORTED)
436 h->priv.tcl.flags |= TCL_HANDLE_F_NAD_SUPPORTED;
438 switch (h->l2h->priv.iso14443b.state) {
439 case ISO14443B_STATE_SELECTED:
440 h->priv.tcl.state = TCL_STATE_ATS_RCVD;
442 case ISO14443B_STATE_ATTRIB_SENT:
443 h->priv.tcl.state = TCL_STATE_RATS_SENT;
447 /* PUPI will be presented as ATS/historical bytes */
448 memcpy(h->priv.tcl.ats, h->l2h->uid, 4);
449 h->priv.tcl.ats_len = 4;
450 h->priv.tcl.historical_bytes = h->priv.tcl.ats;
454 DEBUGP("unsupported l2: %u\n", h->l2h->l2->id);
459 h->priv.tcl.state = TCL_STATE_ESTABLISHED;
465 tcl_deselect(struct rfid_protocol_handle *h)
467 /* ISO 14443-4:2000(E) Section 8 */
469 unsigned char frame[3]; /* 3 bytes prologue, no information */
471 unsigned int rx_len = sizeof(rx);
472 unsigned int prlg_len;
473 struct tcl_handle *th = &h->priv.tcl;
475 if (th->state != TCL_STATE_ESTABLISHED) {
476 /* FIXME: not sure whether deselect is possible here,
477 * probably better send a HLTA? */
480 /* build DESELECT S-block */
481 ret = tcl_build_prologue_s(th, frame, &prlg_len);
485 ret = rfid_layer2_transceive(h->l2h, RFID_14443A_FRAME_REGULAR,
487 &rx_len, deactivation_fwt(h),
488 TCL_TRANSP_F_TX_CRC);
490 /* FIXME: retransmit, HLT(A|B) */
494 th->state = TCL_STATE_DESELECTED;
499 #define is_s_block(x) ((x & 0xc0) == 0xc0)
500 #define is_r_block(x) ((x & 0xc0) == 0x80)
501 #define is_i_block(x) ((x & 0xc0) == 0x00)
504 unsigned int frame_len; /* length of frame */
505 unsigned int hdr_len; /* length of header within frame */
506 unsigned char data[RFID_MAX_FRAMELEN];
509 #define frb_payload(x) (x.data + x.hdr_len)
512 /* RFID transceive buffer. */
514 struct rfix_xcvb *next; /* next in queue of buffers */
516 u_int64_t timeout; /* timeout to wait for reply */
520 //struct rfid_protocol_handle *h; /* connection to which we belong */
523 struct tcl_tx_context {
524 const unsigned char *tx;
526 const unsigned char *next_tx_byte;
527 unsigned char *next_rx_byte;
530 struct rfid_protocol_handle *h;
533 #define tcl_ctx_todo(ctx) (ctx->tx_len - (ctx->next_tx_byte - ctx->tx))
536 tcl_refill_xcvb(struct rfid_xcvb *xcvb, struct tcl_tx_context *ctx)
538 struct tcl_handle *th = &ctx->h->priv.tcl;
540 if (ctx->next_tx_byte >= ctx->tx + ctx->tx_len) {
541 DEBUGP("tyring to refill tx xcvb but no data left!\n");
545 if (tcl_build_prologue_i(th, xcvb->tx.data,
546 &xcvb->tx.hdr_len) < 0)
549 if (tcl_ctx_todo(ctx) > th->fsc - xcvb->tx.hdr_len)
550 xcvb->tx.frame_len = max_net_tx_framesize(th);
552 xcvb->tx.frame_len = tcl_ctx_todo(ctx);
554 memcpy(frb_payload(xcvb->tx), ctx->next_tx_byte,
557 ctx->next_tx_byte += xcvb->tx.frame_len;
559 /* check whether we need to set the chaining bit */
560 if (ctx->next_tx_byte < ctx->tx + ctx->tx_len)
561 xcvb->tx.data[0] |= 0x10;
563 /* add hdr_len after copying the net payload */
564 xcvb->tx.frame_len += xcvb->tx.hdr_len;
566 xcvb->timeout = th->fwt;
571 static void fill_xcvb_wtxm(struct tcl_handle *th, struct rfid_xcvb *xcvb,
574 /* Acknowledge WTXM */
575 tcl_build_prologue_s(th, xcvb->tx.data, &xcvb->tx.hdr_len);
576 /* set two bits that make this block a wtx */
577 xcvb->tx.data[0] |= 0x30;
578 xcvb->tx.data[xcvb->tx.hdr_len] = inf;
579 xcvb->tx.frame_len = xcvb->tx.hdr_len+1;
580 xcvb->timeout = th->fwt * inf;
583 static int check_cid(struct tcl_handle *th, struct rfid_xcvb *xcvb)
585 if (xcvb->rx.data[0] & TCL_PCB_CID_FOLLOWING) {
586 if (xcvb->rx.data[1] != th->cid) {
587 DEBUGP("CID %u is not valid, we expected %u\n",
588 xcvb->rx.data[1], th->cid);
596 tcl_transceive(struct rfid_protocol_handle *h,
597 const unsigned char *tx_data, unsigned int tx_len,
598 unsigned char *rx_data, unsigned int *rx_len,
599 unsigned int timeout, unsigned int flags)
603 struct rfid_xcvb xcvb;
604 struct tcl_tx_context tcl_ctx;
605 struct tcl_handle *th = &h->priv.tcl;
607 unsigned char ack[10];
608 unsigned int ack_len;
610 /* initialize context */
611 tcl_ctx.next_tx_byte = tcl_ctx.tx = tx_data;
612 tcl_ctx.next_rx_byte = tcl_ctx.rx = rx_data;
613 tcl_ctx.rx_len = *rx_len;
614 tcl_ctx.tx_len = tx_len;
617 /* initialize xcvb */
618 xcvb.timeout = th->fwt;
621 if (tcl_refill_xcvb(&xcvb, &tcl_ctx) < 0) {
627 xcvb.rx.frame_len = sizeof(xcvb.rx.data);
628 ret = rfid_layer2_transceive(h->l2h, l2_to_frame(h->l2h->l2->id),
629 xcvb.tx.data, xcvb.tx.frame_len,
630 xcvb.rx.data, &xcvb.rx.frame_len,
633 DEBUGP("l2 transceive finished\n");
637 if ((xcvb.rx.data[0] & 0x01) != h->priv.tcl.toggle) {
638 DEBUGP("response with wrong toggle bit\n");
642 if (is_r_block(xcvb.rx.data[0])) {
645 /* Handle ACK frame in case of chaining */
646 if (!check_cid(th, &xcvb))
650 } else if (is_s_block(xcvb.rx.data[0])) {
652 unsigned int prlg_len;
655 /* Handle Wait Time Extension */
657 if (!check_cid(th, &xcvb))
660 if (xcvb.rx.data[0] & TCL_PCB_CID_FOLLOWING) {
661 if (xcvb.rx.frame_len < 3) {
662 DEBUGP("S-Block with CID but short len\n");
666 inf = xcvb.rx.data[2];
668 inf = xcvb.rx.data[1];
670 if ((xcvb.rx.data[0] & 0x30) != 0x30) {
671 DEBUGP("S-Block but not WTX?\n");
675 inf &= 0x3f; /* only lower 6 bits code WTXM */
676 if (inf == 0 || (inf >= 60 && inf <= 63)) {
677 DEBUGP("WTXM %u is RFU!\n", inf);
682 fill_xcvb_wtxm(th, &xcvb, inf);
683 /* start over with next transceive */
685 } else if (is_i_block(xcvb.rx.data[0])) {
686 unsigned int net_payload_len;
687 /* we're actually receiving payload data */
692 if (!check_cid(th, &xcvb))
695 if (xcvb.rx.data[0] & TCL_PCB_CID_FOLLOWING)
697 if (xcvb.rx.data[0] & TCL_PCB_NAD_FOLLOWING)
700 net_payload_len = xcvb.rx.frame_len - xcvb.rx.hdr_len;
701 DEBUGPC("%u bytes\n", net_payload_len);
702 memcpy(tcl_ctx.next_rx_byte, &xcvb.rx.data[xcvb.rx.hdr_len],
704 tcl_ctx.next_rx_byte += net_payload_len;
706 if (xcvb.rx.data[0] & 0x10) {
707 /* we're not the last frame in the chain, continue rx */
708 DEBUGP("not the last frame in the chain, continue\n");
709 ack_len = sizeof(ack);
710 tcl_build_prologue_r(th, xcvb.tx.data, &xcvb.tx.frame_len, 0);
711 xcvb.timeout = th->fwt;
717 *rx_len = tcl_ctx.next_rx_byte - tcl_ctx.rx;
721 static struct rfid_protocol_handle *
722 tcl_init(struct rfid_layer2_handle *l2h)
724 struct rfid_protocol_handle *th;
725 unsigned int mru = l2h->rh->ah->mru;
727 th = malloc(sizeof(struct rfid_protocol_handle) + mru);
731 /* FIXME: mru should be attribute of layer2 (in case it adds/removes
733 memset(th, 0, sizeof(struct rfid_protocol_handle) + mru);
735 /* maximum received ats length equals mru of asic/reader */
736 th->priv.tcl.state = TCL_STATE_INITIAL;
737 th->priv.tcl.ats_len = mru;
738 th->priv.tcl.toggle = 1;
740 th->priv.tcl.fsd = iso14443_fsd_approx(mru);
746 tcl_fini(struct rfid_protocol_handle *ph)
752 struct rfid_protocol rfid_protocol_tcl = {
753 .id = RFID_PROTOCOL_TCL,
754 .name = "ISO 14443-4 / T=CL",
757 .open = &tcl_connect,
758 .transceive = &tcl_transceive,
759 .close = &tcl_deselect,