1 /* ISO 14443-4 (T=CL) implementation, PCD side.
3 * (C) 2005 by Harald Welte <laforge@gnumonks.org>
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License version 2
10 * as published by the Free Software Foundation
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
28 #include <librfid/rfid.h>
29 #include <librfid/rfid_protocol_tcl.h>
30 #include <librfid/rfid_protocol.h>
31 #include <librfid/rfid_layer2.h>
32 #include <librfid/rfid_layer2_iso14443b.h>
34 #include <librfid/rfid_asic.h>
35 #include <librfid/rfid_reader.h>
37 #include "rfid_iso14443_common.h"
39 #define RFID_MAX_FRAMELEN 256
41 #define is_s_block(x) ((x & 0xc0) == 0xc0)
42 #define is_r_block(x) ((x & 0xc0) == 0x80)
43 #define is_i_block(x) ((x & 0xc0) == 0x00)
45 static enum rfid_frametype l2_to_frame(unsigned int layer2)
48 case RFID_LAYER2_ISO14443A:
49 return RFID_14443A_FRAME_REGULAR;
51 case RFID_LAYER2_ISO14443B:
52 return RFID_14443B_FRAME_REGULAR;
58 static unsigned int sfgi_to_sfgt(struct rfid_protocol_handle *h,
61 unsigned int multiplier;
67 multiplier = 1 << sfgi; /* 2 to the power of sfgi */
69 /* ISO 14443-4:2000(E) Section 5.2.5:
70 * (256 * 16 / h->l2h->rh->ah->fc) * (2 ^ sfgi) */
71 tmp = (unsigned int) 1000000 * 256 * 16;
73 return (tmp / h->l2h->rh->ah->fc) * multiplier;
76 static unsigned int fwi_to_fwt(struct rfid_protocol_handle *h,
79 unsigned int multiplier, tmp;
84 multiplier = 1 << fwi; /* 2 to the power of fwi */
86 /* ISO 14443-4:2000(E) Section 7.2.:
87 * (256*16 / h->l2h->rh->ah->fc) * (2 ^ fwi) */
89 tmp = (unsigned int) 1000000 * 256 * 16;
91 return (tmp / h->l2h->rh->ah->fc) * multiplier;
94 /* 4.9seconds as microseconds (4.9 billion seconds) exceeds 2^32 */
95 #define activation_fwt(x) (((u_int64_t)1000000 * 65536 / x->l2h->rh->ah->fc))
96 #define deactivation_fwt(x) activation_fwt(x)
99 tcl_parse_ats(struct rfid_protocol_handle *h,
100 unsigned char *ats, unsigned int size)
102 unsigned char len = ats[0];
106 if (len == 0 || size == 0)
115 /* FIXME: assume some default values */
116 h->priv.tcl.fsc = 32;
117 h->priv.tcl.ta = 0x80; /* 0x80 (same d for both dirs) */
118 h->priv.tcl.sfgt = sfgi_to_sfgt(h, 0);
119 if (h->l2h->l2->id == RFID_LAYER2_ISO14443A) {
120 /* Section 7.2: fwi default for type A is 4 */
121 h->priv.tcl.fwt = fwi_to_fwt(h, 4);
123 /* Section 7.2: fwi for type B is always in ATQB */
124 /* Value is assigned in tcl_connect() */
125 /* This function is never called for Type B, since it has no (R)ATS */
130 /* guarateed to be at least 2 bytes in size */
135 iso14443_fsdi_to_fsd(&h->priv.tcl.fsc, t0 & 0x0f);
136 if (h->priv.tcl.fsc > h->l2h->rh->ah->mtu)
137 h->priv.tcl.fsc = h->l2h->rh->ah->mtu;
140 /* TA is transmitted */
141 h->priv.tcl.ta = *cur++;
145 /* TB is transmitted */
146 h->priv.tcl.sfgt = sfgi_to_sfgt(h, *cur & 0x0f);
147 h->priv.tcl.fwt = fwi_to_fwt(h, (*cur & 0xf0) >> 4);
152 /* TC is transmitted */
154 h->priv.tcl.flags |= TCL_HANDLE_F_NAD_SUPPORTED;
156 h->priv.tcl.flags |= TCL_HANDLE_F_CID_SUPPORTED;
160 h->priv.tcl.historical_len = (ats+len) - cur;
161 h->priv.tcl.historical_bytes = cur;
167 /* request an ATS from the PICC */
169 tcl_request_ats(struct rfid_protocol_handle *h)
172 unsigned char rats[2];
175 if (h->priv.tcl.state != TCL_STATE_INITIAL)
178 ret = iso14443_fsd_to_fsdi(&fsdi, h->priv.tcl.fsd);
180 DEBUGP("unable to encode FSD of %u as FSDI\n", h->priv.tcl.fsd);
185 rats[1] = (h->priv.tcl.cid & 0x0f) | ((fsdi << 4) & 0xf0);
187 /* transceive (with CRC) */
188 ret = rfid_layer2_transceive(h->l2h, RFID_14443A_FRAME_REGULAR,
189 rats, 2, h->priv.tcl.ats,
190 &h->priv.tcl.ats_len, activation_fwt(h),
191 TCL_TRANSP_F_TX_CRC);
193 DEBUGP("transceive of rats failed\n");
194 h->priv.tcl.state = TCL_STATE_RATS_SENT;
195 /* FIXME: retransmit */
198 h->priv.tcl.state = TCL_STATE_ATS_RCVD;
200 ret = tcl_parse_ats(h, h->priv.tcl.ats, h->priv.tcl.ats_len);
202 DEBUGP("parsing of ats failed\n");
209 #define ATS_TA_DIV_2 1
210 #define ATS_TA_DIV_4 2
211 #define ATS_TA_DIV_8 4
217 static unsigned char d_to_di(struct rfid_protocol_handle *h, unsigned char D)
220 unsigned int speed = h->l2h->rh->reader->iso14443a.speed;
222 if ((D & ATS_TA_DIV_8) && (speed & RFID_14443A_SPEED_848K))
224 else if ((D & ATS_TA_DIV_4) && (speed & RFID_14443A_SPEED_424K))
226 else if ((D & ATS_TA_DIV_2) && (speed & RFID_14443A_SPEED_212K))
234 static unsigned int di_to_speed(unsigned char DI)
238 return RFID_14443A_SPEED_848K;
241 return RFID_14443A_SPEED_424K;
244 return RFID_14443A_SPEED_212K;
247 return RFID_14443A_SPEED_106K;
252 /* start a PPS run (autimatically configure highest possible speed */
254 tcl_do_pps(struct rfid_protocol_handle *h)
257 unsigned char ppss[3];
258 unsigned char pps_response[1];
259 unsigned int rx_len = 1;
260 unsigned char Dr, Ds, DrI, DsI;
263 if (h->priv.tcl.state != TCL_STATE_ATS_RCVD)
266 Dr = h->priv.tcl.ta & 0x07;
267 Ds = h->priv.tcl.ta & 0x70 >> 4;
268 DEBUGP("Dr = 0x%x, Ds = 0x%x\n", Dr, Ds);
270 if (Dr != Ds && !(h->priv.tcl.ta & 0x80)) {
271 /* device supports different divisors for rx and tx, but not
273 DEBUGP("PICC has contradictory TA, aborting PPS\n");
277 /* ISO 14443-4:2000(E) Section 5.3. */
279 ppss[0] = 0xd0 | (h->priv.tcl.cid & 0x0f);
283 /* FIXME: deal with different speed for each direction */
284 DrI = d_to_di(h, Dr);
285 DsI = d_to_di(h, Ds);
286 DEBUGP("DrI = 0x%x, DsI = 0x%x\n", DrI, DsI);
288 ppss[2] = (ppss[2] & 0xf0) | (DrI | DsI << 2);
290 ret = rfid_layer2_transceive(h->l2h, RFID_14443A_FRAME_REGULAR,
291 ppss, 3, pps_response, &rx_len,
292 h->priv.tcl.fwt, TCL_TRANSP_F_TX_CRC);
296 if (pps_response[0] != ppss[0]) {
297 DEBUGP("PPS Response != PPSS\n");
301 speed = di_to_speed(DrI);
303 ret = rfid_layer2_setopt(h->l2h, RFID_OPT_14443A_SPEED_RX,
304 &speed, sizeof(speed));
308 ret = rfid_layer2_setopt(h->l2h, RFID_OPT_14443A_SPEED_TX,
309 &speed, sizeof(speed));
318 tcl_build_prologue2(struct tcl_handle *th,
319 unsigned char *prlg, unsigned int *prlg_len,
326 if (!is_s_block(pcb)) {
328 /* we've sent a toggle bit last time */
331 /* we've not sent a toggle last time: send one */
337 if (th->flags & TCL_HANDLE_F_CID_USED) {
338 /* ISO 14443-4:2000(E) Section 7.1.1.2 */
339 *prlg |= TCL_PCB_CID_FOLLOWING;
341 prlg[*prlg_len] = th->cid & 0x0f;
344 /* nad only for I-block (0xc0 == 00) */
345 if ((th->flags & TCL_HANDLE_F_NAD_USED) &&
346 ((pcb & 0xc0) == 0x00)) {
347 /* ISO 14443-4:2000(E) Section 7.1.1.3 */
348 /* FIXME: in case of chaining only for first frame */
349 *prlg |= TCL_PCB_NAD_FOLLOWING;
350 prlg[*prlg_len] = th->nad;
358 tcl_build_prologue_i(struct tcl_handle *th,
359 unsigned char *prlg, unsigned int *prlg_len)
361 /* ISO 14443-4:2000(E) Section 7.1.1.1 */
362 return tcl_build_prologue2(th, prlg, prlg_len, 0x02);
366 tcl_build_prologue_r(struct tcl_handle *th,
367 unsigned char *prlg, unsigned int *prlg_len,
370 unsigned char pcb = 0xa2;
371 /* ISO 14443-4:2000(E) Section 7.1.1.1 */
376 return tcl_build_prologue2(th, prlg, prlg_len, pcb);
380 tcl_build_prologue_s(struct tcl_handle *th,
381 unsigned char *prlg, unsigned int *prlg_len)
383 /* ISO 14443-4:2000(E) Section 7.1.1.1 */
385 /* the only S-block from PCD->PICC is DESELECT,
386 * well, actually there is the S(WTX) response. */
387 return tcl_build_prologue2(th, prlg, prlg_len, 0xc2);
390 /* FIXME: WTXM implementation */
392 static int tcl_prlg_len(struct tcl_handle *th)
396 if (th->flags & TCL_HANDLE_F_CID_USED)
399 if (th->flags & TCL_HANDLE_F_NAD_USED)
405 #define max_net_tx_framesize(x) (x->fsc - tcl_prlg_len(x))
408 tcl_connect(struct rfid_protocol_handle *h)
412 if (h->priv.tcl.state != TCL_STATE_DESELECTED &&
413 h->priv.tcl.state != TCL_STATE_INITIAL)
416 switch (h->l2h->l2->id) {
417 case RFID_LAYER2_ISO14443A:
418 /* Start Type A T=CL Activation Sequence */
419 ret = tcl_request_ats(h);
423 /* Only do PPS if any non-default divisors supported */
424 if (h->priv.tcl.ta & 0x77) {
430 case RFID_LAYER2_ISO14443B:
431 /* initialized T=CL state from Type B Activation Data */
432 h->priv.tcl.cid = h->l2h->priv.iso14443b.cid;
433 h->priv.tcl.fsc = h->l2h->priv.iso14443b.fsc;
434 h->priv.tcl.fsd = h->l2h->priv.iso14443b.fsd;
435 h->priv.tcl.fwt = h->l2h->priv.iso14443b.fwt;
437 /* what about ta? sfgt? */
439 if (h->l2h->priv.iso14443b.flags & ISO14443B_CID_SUPPORTED)
440 h->priv.tcl.flags |= TCL_HANDLE_F_CID_SUPPORTED;
441 if (h->l2h->priv.iso14443b.flags & ISO14443B_NAD_SUPPORTED)
442 h->priv.tcl.flags |= TCL_HANDLE_F_NAD_SUPPORTED;
444 switch (h->l2h->priv.iso14443b.state) {
445 case ISO14443B_STATE_SELECTED:
446 h->priv.tcl.state = TCL_STATE_ATS_RCVD;
448 case ISO14443B_STATE_ATTRIB_SENT:
449 h->priv.tcl.state = TCL_STATE_RATS_SENT;
453 /* PUPI will be presented as ATS/historical bytes */
454 memcpy(h->priv.tcl.ats, h->l2h->uid, 4);
455 h->priv.tcl.ats_len = 4;
456 h->priv.tcl.historical_bytes = h->priv.tcl.ats;
460 DEBUGP("unsupported l2: %u\n", h->l2h->l2->id);
465 h->priv.tcl.state = TCL_STATE_ESTABLISHED;
471 tcl_deselect(struct rfid_protocol_handle *h)
473 /* ISO 14443-4:2000(E) Section 8 */
475 unsigned char frame[3]; /* 3 bytes prologue, no information */
477 unsigned int rx_len = sizeof(rx);
478 unsigned int prlg_len;
479 struct tcl_handle *th = &h->priv.tcl;
481 if (th->state != TCL_STATE_ESTABLISHED) {
482 /* FIXME: not sure whether deselect is possible here,
483 * probably better send a HLTA? */
486 /* build DESELECT S-block */
487 ret = tcl_build_prologue_s(th, frame, &prlg_len);
491 ret = rfid_layer2_transceive(h->l2h, RFID_14443A_FRAME_REGULAR,
493 &rx_len, deactivation_fwt(h),
494 TCL_TRANSP_F_TX_CRC);
496 /* FIXME: retransmit, HLT(A|B) */
500 th->state = TCL_STATE_DESELECTED;
506 unsigned int frame_len; /* length of frame */
507 unsigned int hdr_len; /* length of header within frame */
508 unsigned char data[RFID_MAX_FRAMELEN];
511 #define frb_payload(x) (x.data + x.hdr_len)
514 /* RFID transceive buffer. */
516 struct rfix_xcvb *next; /* next in queue of buffers */
518 u_int64_t timeout; /* timeout to wait for reply */
522 //struct rfid_protocol_handle *h; /* connection to which we belong */
525 struct tcl_tx_context {
526 const unsigned char *tx;
528 const unsigned char *next_tx_byte;
529 unsigned char *next_rx_byte;
532 struct rfid_protocol_handle *h;
535 #define tcl_ctx_todo(ctx) (ctx->tx_len - (ctx->next_tx_byte - ctx->tx))
538 tcl_refill_xcvb(struct rfid_xcvb *xcvb, struct tcl_tx_context *ctx)
540 struct tcl_handle *th = &ctx->h->priv.tcl;
542 if (ctx->next_tx_byte >= ctx->tx + ctx->tx_len) {
543 DEBUGP("tyring to refill tx xcvb but no data left!\n");
547 if (tcl_build_prologue_i(th, xcvb->tx.data,
548 &xcvb->tx.hdr_len) < 0)
551 if (tcl_ctx_todo(ctx) > th->fsc - xcvb->tx.hdr_len)
552 xcvb->tx.frame_len = max_net_tx_framesize(th);
554 xcvb->tx.frame_len = tcl_ctx_todo(ctx);
556 memcpy(frb_payload(xcvb->tx), ctx->next_tx_byte,
559 ctx->next_tx_byte += xcvb->tx.frame_len;
561 /* check whether we need to set the chaining bit */
562 if (ctx->next_tx_byte < ctx->tx + ctx->tx_len)
563 xcvb->tx.data[0] |= 0x10;
565 /* add hdr_len after copying the net payload */
566 xcvb->tx.frame_len += xcvb->tx.hdr_len;
568 xcvb->timeout = th->fwt;
573 static void fill_xcvb_wtxm(struct tcl_handle *th, struct rfid_xcvb *xcvb,
576 /* Acknowledge WTXM */
577 tcl_build_prologue_s(th, xcvb->tx.data, &xcvb->tx.hdr_len);
578 /* set two bits that make this block a wtx */
579 xcvb->tx.data[0] |= 0x30;
580 xcvb->tx.data[xcvb->tx.hdr_len] = inf;
581 xcvb->tx.frame_len = xcvb->tx.hdr_len+1;
582 xcvb->timeout = th->fwt * inf;
585 static int check_cid(struct tcl_handle *th, struct rfid_xcvb *xcvb)
587 if (xcvb->rx.data[0] & TCL_PCB_CID_FOLLOWING) {
588 if (xcvb->rx.data[1] != th->cid) {
589 DEBUGP("CID %u is not valid, we expected %u\n",
590 xcvb->rx.data[1], th->cid);
598 tcl_transceive(struct rfid_protocol_handle *h,
599 const unsigned char *tx_data, unsigned int tx_len,
600 unsigned char *rx_data, unsigned int *rx_len,
601 unsigned int timeout, unsigned int flags)
605 struct rfid_xcvb xcvb;
606 struct tcl_tx_context tcl_ctx;
607 struct tcl_handle *th = &h->priv.tcl;
609 unsigned char ack[10];
610 unsigned int ack_len;
612 /* initialize context */
613 tcl_ctx.next_tx_byte = tcl_ctx.tx = tx_data;
614 tcl_ctx.next_rx_byte = tcl_ctx.rx = rx_data;
615 tcl_ctx.rx_len = *rx_len;
616 tcl_ctx.tx_len = tx_len;
619 /* initialize xcvb */
620 xcvb.timeout = th->fwt;
623 if (tcl_refill_xcvb(&xcvb, &tcl_ctx) < 0) {
629 xcvb.rx.frame_len = sizeof(xcvb.rx.data);
630 ret = rfid_layer2_transceive(h->l2h, l2_to_frame(h->l2h->l2->id),
631 xcvb.tx.data, xcvb.tx.frame_len,
632 xcvb.rx.data, &xcvb.rx.frame_len,
635 DEBUGP("l2 transceive finished\n");
639 if (is_r_block(xcvb.rx.data[0])) {
642 if ((xcvb.rx.data[0] & 0x01) != h->priv.tcl.toggle) {
643 DEBUGP("response with wrong toggle bit\n");
647 /* Handle ACK frame in case of chaining */
648 if (!check_cid(th, &xcvb))
652 } else if (is_s_block(xcvb.rx.data[0])) {
654 unsigned int prlg_len;
657 /* Handle Wait Time Extension */
659 if (!check_cid(th, &xcvb))
662 if (xcvb.rx.data[0] & TCL_PCB_CID_FOLLOWING) {
663 if (xcvb.rx.frame_len < 3) {
664 DEBUGP("S-Block with CID but short len\n");
668 inf = xcvb.rx.data[2];
670 inf = xcvb.rx.data[1];
672 if ((xcvb.rx.data[0] & 0x30) != 0x30) {
673 DEBUGP("S-Block but not WTX?\n");
677 inf &= 0x3f; /* only lower 6 bits code WTXM */
678 if (inf == 0 || (inf >= 60 && inf <= 63)) {
679 DEBUGP("WTXM %u is RFU!\n", inf);
684 fill_xcvb_wtxm(th, &xcvb, inf);
685 /* start over with next transceive */
687 } else if (is_i_block(xcvb.rx.data[0])) {
688 unsigned int net_payload_len;
689 /* we're actually receiving payload data */
693 if ((xcvb.rx.data[0] & 0x01) != h->priv.tcl.toggle) {
694 DEBUGP("response with wrong toggle bit\n");
700 if (!check_cid(th, &xcvb))
703 if (xcvb.rx.data[0] & TCL_PCB_CID_FOLLOWING)
705 if (xcvb.rx.data[0] & TCL_PCB_NAD_FOLLOWING)
708 net_payload_len = xcvb.rx.frame_len - xcvb.rx.hdr_len;
709 DEBUGPC("%u bytes\n", net_payload_len);
710 memcpy(tcl_ctx.next_rx_byte, &xcvb.rx.data[xcvb.rx.hdr_len],
712 tcl_ctx.next_rx_byte += net_payload_len;
714 if (xcvb.rx.data[0] & 0x10) {
715 /* we're not the last frame in the chain, continue rx */
716 DEBUGP("not the last frame in the chain, continue\n");
717 ack_len = sizeof(ack);
718 tcl_build_prologue_r(th, xcvb.tx.data, &xcvb.tx.frame_len, 0);
719 xcvb.timeout = th->fwt;
725 *rx_len = tcl_ctx.next_rx_byte - tcl_ctx.rx;
729 static struct rfid_protocol_handle *
730 tcl_init(struct rfid_layer2_handle *l2h)
732 struct rfid_protocol_handle *th;
733 unsigned int mru = l2h->rh->ah->mru;
735 th = malloc(sizeof(struct rfid_protocol_handle) + mru);
739 /* FIXME: mru should be attribute of layer2 (in case it adds/removes
741 memset(th, 0, sizeof(struct rfid_protocol_handle) + mru);
743 /* maximum received ats length equals mru of asic/reader */
744 th->priv.tcl.state = TCL_STATE_INITIAL;
745 th->priv.tcl.ats_len = mru;
746 th->priv.tcl.toggle = 1;
748 th->priv.tcl.fsd = iso14443_fsd_approx(mru);
754 tcl_fini(struct rfid_protocol_handle *ph)
760 struct rfid_protocol rfid_protocol_tcl = {
761 .id = RFID_PROTOCOL_TCL,
762 .name = "ISO 14443-4 / T=CL",
765 .open = &tcl_connect,
766 .transceive = &tcl_transceive,
767 .close = &tcl_deselect,