1 /* ISO 14443-4 (T=CL) implementation, PCD side.
3 * (C) 2005-2006 by Harald Welte <laforge@gnumonks.org>
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License version 2
10 * as published by the Free Software Foundation
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
28 #include <librfid/rfid.h>
29 #include <librfid/rfid_protocol_tcl.h>
30 #include <librfid/rfid_protocol.h>
31 #include <librfid/rfid_layer2.h>
32 #include <librfid/rfid_layer2_iso14443b.h>
34 #include <librfid/rfid_asic.h>
35 #include <librfid/rfid_reader.h>
37 #include "rfid_iso14443_common.h"
39 #define RFID_MAX_FRAMELEN 256
41 #define is_s_block(x) ((x & 0xc0) == 0xc0)
42 #define is_r_block(x) ((x & 0xc0) == 0x80)
43 #define is_i_block(x) ((x & 0xc0) == 0x00)
45 static enum rfid_frametype l2_to_frame(unsigned int layer2)
48 case RFID_LAYER2_ISO14443A:
49 return RFID_14443A_FRAME_REGULAR;
51 case RFID_LAYER2_ISO14443B:
52 return RFID_14443B_FRAME_REGULAR;
58 static unsigned int sfgi_to_sfgt(struct rfid_protocol_handle *h,
61 unsigned int multiplier;
67 multiplier = 1 << sfgi; /* 2 to the power of sfgi */
69 /* ISO 14443-4:2000(E) Section 5.2.5:
70 * (256 * 16 / h->l2h->rh->ah->fc) * (2 ^ sfgi) */
71 tmp = (unsigned int) 1000000 * 256 * 16;
73 return (tmp / h->l2h->rh->ah->fc) * multiplier;
76 static unsigned int fwi_to_fwt(struct rfid_protocol_handle *h,
79 unsigned int multiplier, tmp;
84 multiplier = 1 << fwi; /* 2 to the power of fwi */
86 /* ISO 14443-4:2000(E) Section 7.2.:
87 * (256*16 / h->l2h->rh->ah->fc) * (2 ^ fwi) */
89 tmp = (unsigned int) 1000000 * 256 * 16;
91 return (tmp / h->l2h->rh->ah->fc) * multiplier;
94 /* 4.9seconds as microseconds (4.9 billion seconds) exceeds 2^32 */
95 #define activation_fwt(x) (((u_int64_t)1000000 * 65536 / x->l2h->rh->ah->fc))
96 #define deactivation_fwt(x) activation_fwt(x)
99 tcl_parse_ats(struct rfid_protocol_handle *h,
100 unsigned char *ats, unsigned int size)
102 unsigned char len = ats[0];
106 if (len == 0 || size == 0)
115 /* FIXME: assume some default values */
116 h->priv.tcl.fsc = 32;
117 h->priv.tcl.ta = 0x80; /* 0x80 (same d for both dirs) */
118 h->priv.tcl.sfgt = sfgi_to_sfgt(h, 0);
119 if (h->l2h->l2->id == RFID_LAYER2_ISO14443A) {
120 /* Section 7.2: fwi default for type A is 4 */
121 h->priv.tcl.fwt = fwi_to_fwt(h, 4);
123 /* Section 7.2: fwi for type B is always in ATQB */
124 /* Value is assigned in tcl_connect() */
125 /* This function is never called for Type B,
126 * since Type B has no (R)ATS */
131 /* guarateed to be at least 2 bytes in size */
136 iso14443_fsdi_to_fsd(&h->priv.tcl.fsc, t0 & 0x0f);
137 if (h->priv.tcl.fsc > h->l2h->rh->ah->mtu)
138 h->priv.tcl.fsc = h->l2h->rh->ah->mtu;
141 /* TA is transmitted */
142 h->priv.tcl.ta = *cur++;
146 /* TB is transmitted */
147 h->priv.tcl.sfgt = sfgi_to_sfgt(h, *cur & 0x0f);
148 h->priv.tcl.fwt = fwi_to_fwt(h, (*cur & 0xf0) >> 4);
153 /* TC is transmitted */
155 h->priv.tcl.flags |= TCL_HANDLE_F_NAD_SUPPORTED;
156 DEBUGP("This PICC supports NAD\n");
159 h->priv.tcl.flags |= TCL_HANDLE_F_CID_SUPPORTED;
160 DEBUGP("This PICC supports CID\n");
165 h->priv.tcl.historical_len = (ats+len) - cur;
166 h->priv.tcl.historical_bytes = cur;
168 DEBUGP("ATS parsed: %s\n", rfid_hexdump(ats, size));
174 /* request an ATS from the PICC */
176 tcl_request_ats(struct rfid_protocol_handle *h)
179 unsigned char rats[2];
182 if (h->priv.tcl.state != TCL_STATE_INITIAL)
185 ret = iso14443_fsd_to_fsdi(&fsdi, h->priv.tcl.fsd);
187 DEBUGP("unable to encode FSD of %u as FSDI\n", h->priv.tcl.fsd);
192 rats[1] = (h->priv.tcl.cid & 0x0f) | ((fsdi << 4) & 0xf0);
194 /* transceive (with CRC) */
195 ret = rfid_layer2_transceive(h->l2h, RFID_14443A_FRAME_REGULAR,
196 rats, 2, h->priv.tcl.ats,
197 &h->priv.tcl.ats_len, activation_fwt(h),
198 TCL_TRANSP_F_TX_CRC);
200 DEBUGP("transceive of rats failed\n");
201 h->priv.tcl.state = TCL_STATE_RATS_SENT;
202 /* FIXME: retransmit */
205 h->priv.tcl.state = TCL_STATE_ATS_RCVD;
207 ret = tcl_parse_ats(h, h->priv.tcl.ats, h->priv.tcl.ats_len);
209 DEBUGP("parsing of ats failed\n");
216 #define ATS_TA_DIV_2 1
217 #define ATS_TA_DIV_4 2
218 #define ATS_TA_DIV_8 4
224 static unsigned char d_to_di(struct rfid_protocol_handle *h, unsigned char D)
227 unsigned int speed = h->l2h->rh->reader->iso14443a.speed;
229 if ((D & ATS_TA_DIV_8) && (speed & RFID_14443A_SPEED_848K))
231 else if ((D & ATS_TA_DIV_4) && (speed & RFID_14443A_SPEED_424K))
233 else if ((D & ATS_TA_DIV_2) && (speed & RFID_14443A_SPEED_212K))
241 static unsigned int di_to_speed(unsigned char DI)
245 return RFID_14443A_SPEED_848K;
248 return RFID_14443A_SPEED_424K;
251 return RFID_14443A_SPEED_212K;
254 return RFID_14443A_SPEED_106K;
259 /* start a PPS run (autimatically configure highest possible speed */
261 tcl_do_pps(struct rfid_protocol_handle *h)
264 unsigned char ppss[3];
265 /* FIXME: this stinks like hell. IF we reduce pps_response size to one,
266 we'll get stack corruption! */
267 unsigned char pps_response[10];
268 unsigned int rx_len = 1;
269 unsigned char Dr, Ds, DrI, DsI;
272 if (h->priv.tcl.state != TCL_STATE_ATS_RCVD)
275 Dr = h->priv.tcl.ta & 0x07;
276 Ds = h->priv.tcl.ta & 0x70 >> 4;
277 DEBUGP("Dr = 0x%x, Ds = 0x%x\n", Dr, Ds);
279 if (Dr != Ds && !(h->priv.tcl.ta & 0x80)) {
280 /* device supports different divisors for rx and tx, but not
282 DEBUGP("PICC has contradictory TA, aborting PPS\n");
286 /* ISO 14443-4:2000(E) Section 5.3. */
288 ppss[0] = 0xd0 | (h->priv.tcl.cid & 0x0f);
292 /* FIXME: deal with different speed for each direction */
293 DrI = d_to_di(h, Dr);
294 DsI = d_to_di(h, Ds);
295 DEBUGP("DrI = 0x%x, DsI = 0x%x\n", DrI, DsI);
297 ppss[2] = (ppss[2] & 0xf0) | (DrI | DsI << 2);
299 ret = rfid_layer2_transceive(h->l2h, RFID_14443A_FRAME_REGULAR,
300 ppss, 3, pps_response, &rx_len,
301 h->priv.tcl.fwt, TCL_TRANSP_F_TX_CRC);
305 if (pps_response[0] != ppss[0]) {
306 DEBUGP("PPS Response != PPSS\n");
310 speed = di_to_speed(DrI);
312 ret = rfid_layer2_setopt(h->l2h, RFID_OPT_14443A_SPEED_RX,
313 &speed, sizeof(speed));
317 ret = rfid_layer2_setopt(h->l2h, RFID_OPT_14443A_SPEED_TX,
318 &speed, sizeof(speed));
327 tcl_build_prologue2(struct tcl_handle *th,
328 unsigned char *prlg, unsigned int *prlg_len,
335 if (!is_s_block(pcb)) {
337 /* we've sent a toggle bit last time */
340 /* we've not sent a toggle last time: send one */
346 if (th->flags & TCL_HANDLE_F_CID_USED) {
347 /* ISO 14443-4:2000(E) Section 7.1.1.2 */
348 *prlg |= TCL_PCB_CID_FOLLOWING;
350 prlg[*prlg_len] = th->cid & 0x0f;
353 /* nad only for I-block */
354 if ((th->flags & TCL_HANDLE_F_NAD_USED) && is_i_block(pcb)) {
355 /* ISO 14443-4:2000(E) Section 7.1.1.3 */
356 /* FIXME: in case of chaining only for first frame */
357 *prlg |= TCL_PCB_NAD_FOLLOWING;
358 prlg[*prlg_len] = th->nad;
366 tcl_build_prologue_i(struct tcl_handle *th,
367 unsigned char *prlg, unsigned int *prlg_len)
369 /* ISO 14443-4:2000(E) Section 7.1.1.1 */
370 return tcl_build_prologue2(th, prlg, prlg_len, 0x02);
374 tcl_build_prologue_r(struct tcl_handle *th,
375 unsigned char *prlg, unsigned int *prlg_len,
378 unsigned char pcb = 0xa2;
379 /* ISO 14443-4:2000(E) Section 7.1.1.1 */
384 return tcl_build_prologue2(th, prlg, prlg_len, pcb);
388 tcl_build_prologue_s(struct tcl_handle *th,
389 unsigned char *prlg, unsigned int *prlg_len)
391 /* ISO 14443-4:2000(E) Section 7.1.1.1 */
393 /* the only S-block from PCD->PICC is DESELECT,
394 * well, actually there is the S(WTX) response. */
395 return tcl_build_prologue2(th, prlg, prlg_len, 0xc2);
398 /* FIXME: WTXM implementation */
400 static int tcl_prlg_len(struct tcl_handle *th)
404 if (th->flags & TCL_HANDLE_F_CID_USED)
407 if (th->flags & TCL_HANDLE_F_NAD_USED)
413 #define max_net_tx_framesize(x) (x->fsc - tcl_prlg_len(x))
416 tcl_connect(struct rfid_protocol_handle *h)
420 if (h->priv.tcl.state != TCL_STATE_DESELECTED &&
421 h->priv.tcl.state != TCL_STATE_INITIAL)
424 switch (h->l2h->l2->id) {
425 case RFID_LAYER2_ISO14443A:
426 /* Start Type A T=CL Activation Sequence */
427 ret = tcl_request_ats(h);
431 /* Only do PPS if any non-default divisors supported */
432 if (h->priv.tcl.ta & 0x77) {
438 case RFID_LAYER2_ISO14443B:
439 /* initialized T=CL state from Type B Activation Data */
440 h->priv.tcl.cid = h->l2h->priv.iso14443b.cid;
441 h->priv.tcl.fsc = h->l2h->priv.iso14443b.fsc;
442 h->priv.tcl.fsd = h->l2h->priv.iso14443b.fsd;
443 h->priv.tcl.fwt = h->l2h->priv.iso14443b.fwt;
445 /* what about ta? sfgt? */
447 if (h->l2h->priv.iso14443b.flags & ISO14443B_CID_SUPPORTED)
448 h->priv.tcl.flags |= TCL_HANDLE_F_CID_SUPPORTED;
449 if (h->l2h->priv.iso14443b.flags & ISO14443B_NAD_SUPPORTED)
450 h->priv.tcl.flags |= TCL_HANDLE_F_NAD_SUPPORTED;
452 switch (h->l2h->priv.iso14443b.state) {
453 case ISO14443B_STATE_SELECTED:
454 h->priv.tcl.state = TCL_STATE_ATS_RCVD;
456 case ISO14443B_STATE_ATTRIB_SENT:
457 h->priv.tcl.state = TCL_STATE_RATS_SENT;
461 /* PUPI will be presented as ATS/historical bytes */
462 memcpy(h->priv.tcl.ats, h->l2h->uid, 4);
463 h->priv.tcl.ats_len = 4;
464 h->priv.tcl.historical_bytes = h->priv.tcl.ats;
468 DEBUGP("unsupported l2: %u\n", h->l2h->l2->id);
473 h->priv.tcl.state = TCL_STATE_ESTABLISHED;
479 tcl_deselect(struct rfid_protocol_handle *h)
481 /* ISO 14443-4:2000(E) Section 8 */
483 unsigned char frame[3]; /* 3 bytes prologue, no information */
485 unsigned int rx_len = sizeof(rx);
486 unsigned int prlg_len;
487 struct tcl_handle *th = &h->priv.tcl;
489 if (th->state != TCL_STATE_ESTABLISHED) {
490 /* FIXME: not sure whether deselect is possible here,
491 * probably better send a HLTA? */
494 /* build DESELECT S-block */
495 ret = tcl_build_prologue_s(th, frame, &prlg_len);
499 ret = rfid_layer2_transceive(h->l2h, RFID_14443A_FRAME_REGULAR,
501 &rx_len, deactivation_fwt(h),
502 TCL_TRANSP_F_TX_CRC);
504 /* FIXME: retransmit, HLT(A|B) */
508 th->state = TCL_STATE_DESELECTED;
514 unsigned int frame_len; /* length of frame */
515 unsigned int hdr_len; /* length of header within frame */
516 unsigned char data[RFID_MAX_FRAMELEN];
519 #define frb_payload(x) (x.data + x.hdr_len)
522 /* RFID transceive buffer. */
524 struct rfix_xcvb *next; /* next in queue of buffers */
526 u_int64_t timeout; /* timeout to wait for reply */
530 //struct rfid_protocol_handle *h; /* connection to which we belong */
533 struct tcl_tx_context {
534 const unsigned char *tx;
536 const unsigned char *next_tx_byte;
537 unsigned char *next_rx_byte;
540 struct rfid_protocol_handle *h;
543 #define tcl_ctx_todo(ctx) (ctx->tx_len - (ctx->next_tx_byte - ctx->tx))
546 tcl_refill_xcvb(struct rfid_xcvb *xcvb, struct tcl_tx_context *ctx)
548 struct tcl_handle *th = &ctx->h->priv.tcl;
550 if (ctx->next_tx_byte >= ctx->tx + ctx->tx_len) {
551 DEBUGP("tyring to refill tx xcvb but no data left!\n");
555 if (tcl_build_prologue_i(th, xcvb->tx.data,
556 &xcvb->tx.hdr_len) < 0)
559 if (tcl_ctx_todo(ctx) > th->fsc - xcvb->tx.hdr_len)
560 xcvb->tx.frame_len = max_net_tx_framesize(th);
562 xcvb->tx.frame_len = tcl_ctx_todo(ctx);
564 memcpy(frb_payload(xcvb->tx), ctx->next_tx_byte,
567 ctx->next_tx_byte += xcvb->tx.frame_len;
569 /* check whether we need to set the chaining bit */
570 if (ctx->next_tx_byte < ctx->tx + ctx->tx_len)
571 xcvb->tx.data[0] |= 0x10;
573 /* add hdr_len after copying the net payload */
574 xcvb->tx.frame_len += xcvb->tx.hdr_len;
576 xcvb->timeout = th->fwt;
581 static void fill_xcvb_wtxm(struct tcl_handle *th, struct rfid_xcvb *xcvb,
584 /* Acknowledge WTXM */
585 tcl_build_prologue_s(th, xcvb->tx.data, &xcvb->tx.hdr_len);
586 /* set two bits that make this block a wtx */
587 xcvb->tx.data[0] |= 0x30;
588 xcvb->tx.data[xcvb->tx.hdr_len] = inf;
589 xcvb->tx.frame_len = xcvb->tx.hdr_len+1;
590 xcvb->timeout = th->fwt * inf;
593 static int check_cid(struct tcl_handle *th, struct rfid_xcvb *xcvb)
595 if (xcvb->rx.data[0] & TCL_PCB_CID_FOLLOWING) {
596 if (xcvb->rx.data[1] != th->cid) {
597 DEBUGP("CID %u is not valid, we expected %u\n",
598 xcvb->rx.data[1], th->cid);
606 tcl_transceive(struct rfid_protocol_handle *h,
607 const unsigned char *tx_data, unsigned int tx_len,
608 unsigned char *rx_data, unsigned int *rx_len,
609 unsigned int timeout, unsigned int flags)
613 struct rfid_xcvb xcvb;
614 struct tcl_tx_context tcl_ctx;
615 struct tcl_handle *th = &h->priv.tcl;
617 unsigned char ack[10];
618 unsigned int ack_len;
620 /* initialize context */
621 tcl_ctx.next_tx_byte = tcl_ctx.tx = tx_data;
622 tcl_ctx.next_rx_byte = tcl_ctx.rx = rx_data;
623 tcl_ctx.rx_len = *rx_len;
624 tcl_ctx.tx_len = tx_len;
627 /* initialize xcvb */
628 xcvb.timeout = th->fwt;
631 if (tcl_refill_xcvb(&xcvb, &tcl_ctx) < 0) {
637 xcvb.rx.frame_len = sizeof(xcvb.rx.data);
638 ret = rfid_layer2_transceive(h->l2h, l2_to_frame(h->l2h->l2->id),
639 xcvb.tx.data, xcvb.tx.frame_len,
640 xcvb.rx.data, &xcvb.rx.frame_len,
643 DEBUGP("l2 transceive finished\n");
647 if (is_r_block(xcvb.rx.data[0])) {
650 if ((xcvb.rx.data[0] & 0x01) != h->priv.tcl.toggle) {
651 DEBUGP("response with wrong toggle bit\n");
655 /* Handle ACK frame in case of chaining */
656 if (!check_cid(th, &xcvb))
660 } else if (is_s_block(xcvb.rx.data[0])) {
662 unsigned int prlg_len;
665 /* Handle Wait Time Extension */
667 if (!check_cid(th, &xcvb))
670 if (xcvb.rx.data[0] & TCL_PCB_CID_FOLLOWING) {
671 if (xcvb.rx.frame_len < 3) {
672 DEBUGP("S-Block with CID but short len\n");
676 inf = xcvb.rx.data[2];
678 inf = xcvb.rx.data[1];
680 if ((xcvb.rx.data[0] & 0x30) != 0x30) {
681 DEBUGP("S-Block but not WTX?\n");
685 inf &= 0x3f; /* only lower 6 bits code WTXM */
686 if (inf == 0 || (inf >= 60 && inf <= 63)) {
687 DEBUGP("WTXM %u is RFU!\n", inf);
692 fill_xcvb_wtxm(th, &xcvb, inf);
693 /* start over with next transceive */
695 } else if (is_i_block(xcvb.rx.data[0])) {
696 unsigned int net_payload_len;
697 /* we're actually receiving payload data */
701 if ((xcvb.rx.data[0] & 0x01) != h->priv.tcl.toggle) {
702 DEBUGP("response with wrong toggle bit\n");
708 if (!check_cid(th, &xcvb))
711 if (xcvb.rx.data[0] & TCL_PCB_CID_FOLLOWING)
713 if (xcvb.rx.data[0] & TCL_PCB_NAD_FOLLOWING)
716 net_payload_len = xcvb.rx.frame_len - xcvb.rx.hdr_len;
717 DEBUGPC("%u bytes\n", net_payload_len);
718 memcpy(tcl_ctx.next_rx_byte, &xcvb.rx.data[xcvb.rx.hdr_len],
720 tcl_ctx.next_rx_byte += net_payload_len;
722 if (xcvb.rx.data[0] & 0x10) {
723 /* we're not the last frame in the chain, continue rx */
724 DEBUGP("not the last frame in the chain, continue\n");
725 ack_len = sizeof(ack);
726 tcl_build_prologue_r(th, xcvb.tx.data, &xcvb.tx.frame_len, 0);
727 xcvb.timeout = th->fwt;
733 *rx_len = tcl_ctx.next_rx_byte - tcl_ctx.rx;
737 static struct rfid_protocol_handle *
738 tcl_init(struct rfid_layer2_handle *l2h)
740 struct rfid_protocol_handle *th;
741 unsigned int mru = l2h->rh->ah->mru;
743 th = malloc_protocol_handle(sizeof(struct rfid_protocol_handle));
747 /* FIXME: mru should be attribute of layer2 (in case it adds/removes
749 memset(th, 0, sizeof(struct rfid_protocol_handle));
751 /* maximum received ats length equals mru of asic/reader */
752 th->priv.tcl.state = TCL_STATE_INITIAL;
753 th->priv.tcl.ats_len = mru;
754 th->priv.tcl.toggle = 1;
756 th->priv.tcl.fsd = iso14443_fsd_approx(mru);
762 tcl_fini(struct rfid_protocol_handle *ph)
764 free_protocol_handle(ph);
769 tcl_getopt(struct rfid_protocol_handle *h, int optname, void *optval,
770 unsigned int *optlen)
772 u_int8_t *opt_str = optval;
775 case RFID_OPT_P_TCL_ATS:
776 if (h->priv.tcl.ats_len < *optlen)
777 *optlen = h->priv.tcl.ats_len;
778 memcpy(opt_str, h->priv.tcl.ats, *optlen);
780 case RFID_OPT_P_TCL_ATS_LEN:
781 if (*optlen < sizeof(u_int8_t))
783 *optlen = sizeof(u_int8_t);
784 *opt_str = h->priv.tcl.ats_len & 0xff;
794 tcl_setopt(struct rfid_protocol_handle *h, int optname, const void *optval,
807 const struct rfid_protocol rfid_protocol_tcl = {
808 .id = RFID_PROTOCOL_TCL,
809 .name = "ISO 14443-4 / T=CL",
812 .open = &tcl_connect,
813 .transceive = &tcl_transceive,
814 .close = &tcl_deselect,
816 .getopt = &tcl_getopt,
817 .setopt = &tcl_setopt,