1 /*
2  * Copyright (C) 2017 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #include "include/ese/teq1.h"
18 #include "../libese/include/ese/ese.h"
19 #include "../libese/include/ese/log.h"
20 
21 #include "teq1_private.h"
22 
teq1_rule_result_to_name(enum RuleResult result)23 const char *teq1_rule_result_to_name(enum RuleResult result) {
24   switch (result) {
25   case kRuleResultComplete:
26     return "Complete";
27   case kRuleResultAbort:
28     return "Abort";
29   case kRuleResultContinue:
30     return "Continue";
31   case kRuleResultHardFail:
32     return "Hard failure";
33   case kRuleResultResetDevice:
34     return "Reset device";
35   case kRuleResultResetSession:
36     return "Reset session";
37   case kRuleResultRetransmit:
38     return "Retransmit";
39   case kRuleResultSingleShot:
40     return "Single shot";
41   };
42 }
43 
teq1_pcb_to_name(uint8_t pcb)44 const char *teq1_pcb_to_name(uint8_t pcb) {
45   switch (pcb) {
46   case I(0, 0):
47     return "I(0, 0)";
48   case I(0, 1):
49     return "I(0, 1)";
50   case I(1, 0):
51     return "I(1, 0)";
52   case I(1, 1):
53     return "I(1, 1)";
54   case R(0, 0, 0):
55     return "R(0, 0, 0)";
56   case R(0, 0, 1):
57     return "R(0, 0, 1)";
58   case R(0, 1, 0):
59     return "R(0, 1, 0)";
60   case R(0, 1, 1):
61     return "R(0, 1, 1)";
62   case R(1, 0, 0):
63     return "R(1, 0, 0)";
64   case R(1, 0, 1):
65     return "R(1, 0, 1)";
66   case R(1, 1, 0):
67     return "R(1, 1, 0)";
68   case R(1, 1, 1):
69     return "R(1, 1, 1)";
70   case S(RESYNC, REQUEST):
71     return "S(RESYNC, REQUEST)";
72   case S(RESYNC, RESPONSE):
73     return "S(RESYNC, RESPONSE)";
74   case S(IFS, REQUEST):
75     return "S(IFS, REQUEST)";
76   case S(IFS, RESPONSE):
77     return "S(IFS, RESPONSE)";
78   case S(ABORT, REQUEST):
79     return "S(ABORT, REQUEST)";
80   case S(ABORT, RESPONSE):
81     return "S(ABORT, RESPONSE)";
82   case S(WTX, REQUEST):
83     return "S(WTX, REQUEST)";
84   case S(WTX, RESPONSE):
85     return "S(WTX, RESPONSE)";
86   case 255:
87     return "INTERNAL-ERROR";
88   default:
89     return "???";
90   }
91 }
92 
teq1_dump_buf(const char * prefix,const uint8_t * buf,uint32_t len)93 void teq1_dump_buf(const char *prefix, const uint8_t *buf, uint32_t len) {
94   uint32_t recvd = 0;
95   for (recvd = 0; recvd < len; ++recvd)
96     ALOGV("%s[%u]: %.2X", prefix, recvd, buf[recvd]);
97 }
98 
teq1_transmit(struct EseInterface * ese,const struct Teq1ProtocolOptions * opts,struct Teq1Frame * frame)99 int teq1_transmit(struct EseInterface *ese,
100                   const struct Teq1ProtocolOptions *opts,
101                   struct Teq1Frame *frame) {
102   /* Set correct node address. */
103   frame->header.NAD = opts->node_address;
104 
105   /* Compute the LRC */
106   frame->INF[frame->header.LEN] = teq1_compute_LRC(frame);
107 
108   /*
109    * If the card does something weird, like expect an CRC/LRC based on a
110    * different header value, the preprocessing can handle it.
111    */
112   if (opts->preprocess) {
113     opts->preprocess(opts, frame, 1);
114   }
115 
116   /*
117    * Begins transmission and ignore errors.
118    * Failed transmissions will result eventually in a resync then reset.
119    */
120   teq1_trace_transmit(frame->header.PCB, frame->header.LEN);
121   teq1_dump_transmit(frame->val, sizeof(frame->header) + frame->header.LEN + 1);
122   ese->ops->hw_transmit(ese, frame->val,
123                         sizeof(frame->header) + frame->header.LEN + 1, 1);
124   /*
125    * Even though in practice any WTX BWT extension starts when the above
126    * transmit ends, it is easier to implement it in the polling timeout of
127    * receive.
128    */
129   return 0;
130 }
131 
teq1_receive(struct EseInterface * ese,const struct Teq1ProtocolOptions * opts,float timeout,struct Teq1Frame * frame)132 int teq1_receive(struct EseInterface *ese,
133                  const struct Teq1ProtocolOptions *opts, float timeout,
134                  struct Teq1Frame *frame) {
135   /* Poll the bus until we see the start of frame indicator, the interface NAD.
136    */
137   int bytes_consumed = ese->ops->poll(ese, opts->host_address, timeout, 0);
138   if (bytes_consumed < 0 || bytes_consumed > 1) {
139     /* Timed out or comm error. */
140     ALOGV("%s: comm error: %d", __func__, bytes_consumed);
141     return -1;
142   }
143   /* We polled for the NAD above -- if it was consumed, set it here. */
144   if (bytes_consumed) {
145     frame->header.NAD = opts->host_address;
146   }
147   /* Get the remainder of the header, but keep the line &open. */
148   ese->ops->hw_receive(ese, (uint8_t *)(&frame->header.NAD + bytes_consumed),
149                        sizeof(frame->header) - bytes_consumed, 0);
150   teq1_dump_receive((uint8_t *)(&frame->header.NAD + bytes_consumed),
151                     sizeof(frame->header) - bytes_consumed);
152   if (frame->header.LEN == 255) {
153     ALOGV("received invalid LEN of 255");
154     /* Close the receive window and return failure. */
155     ese->ops->hw_receive(ese, NULL, 0, 1);
156     return -1;
157   }
158   /*
159    * Get the data and the first byte of CRC data.
160    * Note, CRC support is not implemented. Only a single LRC byte is expected.
161    */
162   ese->ops->hw_receive(ese, (uint8_t *)(&(frame->INF[0])),
163                        frame->header.LEN + 1, 1);
164   teq1_dump_receive((uint8_t *)(&(frame->INF[0])), frame->header.LEN + 1);
165   teq1_trace_receive(frame->header.PCB, frame->header.LEN);
166 
167   /*
168    * If the card does something weird, like expect an CRC/LRC based on a
169    * different
170    * header value, the preprocessing should fix up here prior to the LRC check.
171    */
172   if (opts->preprocess) {
173     opts->preprocess(opts, frame, 0);
174   }
175 
176   /* LRC and other protocol goodness checks are not done here. */
177   return frame->header.LEN; /* Return data bytes read. */
178 }
179 
teq1_fill_info_block(struct Teq1State * state,struct Teq1Frame * frame)180 uint8_t teq1_fill_info_block(struct Teq1State *state, struct Teq1Frame *frame) {
181   uint32_t inf_len = INF_LEN;
182   if (state->ifs < inf_len) {
183     inf_len = state->ifs;
184   }
185   switch (bs_get(PCB.type, frame->header.PCB)) {
186   case kPcbTypeInfo0:
187   case kPcbTypeInfo1: {
188     uint32_t len = state->app_data.tx_total;
189     uint32_t copied = 0;
190     if (len > inf_len) {
191       len = inf_len;
192     }
193     copied = ese_sg_to_buf(state->app_data.tx, state->app_data.tx_count,
194                            state->app_data.tx_offset, len, frame->INF);
195     if (copied != len) {
196       ALOGE("Failed to copy %x bytes of app data for transmission",
197             frame->header.LEN);
198       /* TODO(wad): This return code is largely ignored. Is the precondition
199        * checking elsewhere enough? */
200       return 255;
201     }
202     frame->header.LEN = (len & 0xff);
203     ALOGV("Copying %x bytes of app data for transmission", frame->header.LEN);
204     /* Incrementing here means the caller MUST handle retransmit with prepared
205      * data. */
206     state->app_data.tx_offset += copied;
207     state->app_data.tx_total -= copied;
208     /* Perform chained transmission if needed. */
209     bs_assign(&frame->header.PCB, PCB.I.more_data, 0);
210     if (state->app_data.tx_total > 0) {
211       frame->header.PCB |= bs_mask(PCB.I.more_data, 1);
212     }
213     return len;
214   }
215   case kPcbTypeSupervisory:
216   case kPcbTypeReceiveReady:
217   default:
218     break;
219   }
220   return 255; /* Invalid block type. */
221 }
222 
teq1_get_app_data(struct Teq1State * state,const struct Teq1Frame * frame)223 void teq1_get_app_data(struct Teq1State *state, const struct Teq1Frame *frame) {
224   switch (bs_get(PCB.type, frame->header.PCB)) {
225   case kPcbTypeInfo0:
226   case kPcbTypeInfo1: {
227     uint32_t len = frame->header.LEN;
228     /* TODO(wad): Some data will be left on the table. Should this error out? */
229     if (len > state->app_data.rx_total) {
230       len = state->app_data.rx_total;
231     }
232     ese_sg_from_buf(state->app_data.rx, state->app_data.rx_count,
233                     state->app_data.rx_offset, len, frame->INF);
234     /* The original caller must retain the starting pointer to determine
235      * actual available data.
236      */
237     state->app_data.rx_total -= len;
238     state->app_data.rx_offset += len;
239     return;
240   }
241   case kPcbTypeReceiveReady:
242   case kPcbTypeSupervisory:
243   default:
244     break;
245   }
246   return;
247 }
248 
249 /* Returns an R(0) frame with error bits set. */
teq1_frame_error_check(struct Teq1State * state,struct Teq1Frame * tx_frame,struct Teq1Frame * rx_frame)250 uint8_t teq1_frame_error_check(struct Teq1State *state,
251                                struct Teq1Frame *tx_frame,
252                                struct Teq1Frame *rx_frame) {
253   uint8_t lrc = 0;
254   int chained = 0;
255   if (rx_frame->header.PCB == 255) {
256     return R(0, 1, 0); /* Other error */
257   }
258 
259   lrc = teq1_compute_LRC(rx_frame);
260   if (rx_frame->INF[rx_frame->header.LEN] != lrc) {
261     ALOGE("Invalid LRC %x instead of %x", rx_frame->INF[rx_frame->header.LEN],
262           lrc);
263     return R(0, 0, 1); /* Parity error */
264   }
265 
266   /* Check if we were chained and increment the last sent sequence. */
267   switch (bs_get(PCB.type, tx_frame->header.PCB)) {
268   case kPcbTypeInfo0:
269   case kPcbTypeInfo1:
270     chained = bs_get(PCB.I.more_data, tx_frame->header.PCB);
271     state->card_state->seq.interface =
272         bs_get(PCB.I.send_seq, tx_frame->header.PCB);
273   }
274 
275   /* Check if we've gone down an easy to catch error hole. The rest will turn up
276    * on the
277    * txrx switch.
278    */
279   switch (bs_get(PCB.type, rx_frame->header.PCB)) {
280   case kPcbTypeSupervisory:
281     if (rx_frame->header.PCB != S(RESYNC, RESPONSE) &&
282         rx_frame->header.LEN != 1) {
283       ALOGE("Invalid supervisory RX frame.");
284       return R(0, 1, 0);
285     }
286     break;
287   case kPcbTypeReceiveReady:
288     if (rx_frame->header.LEN != 0) {
289       ALOGE("Invalid ReceiveReady RX frame.");
290       return R(0, 1, 0);
291     }
292     break;
293   case kPcbTypeInfo0:
294   case kPcbTypeInfo1:
295     /* I-blocks must always alternate for each endpoint. */
296     if ((bs_get(PCB.I.send_seq, rx_frame->header.PCB)) ==
297         state->card_state->seq.card) {
298       ALOGW("Got seq %d expected %d",
299             bs_get(PCB.I.send_seq, rx_frame->header.PCB),
300             state->card_state->seq.card);
301       ALOGE("Invalid Info RX frame.");
302       return R(0, 1, 0);
303     }
304     /* Update the card's last I-block seq. */
305     state->card_state->seq.card = bs_get(PCB.I.send_seq, rx_frame->header.PCB);
306   default:
307     break;
308   };
309   return 0;
310 }
311 
teq1_rules(struct Teq1State * state,struct Teq1Frame * tx_frame,struct Teq1Frame * rx_frame,struct Teq1Frame * next_tx)312 enum RuleResult teq1_rules(struct Teq1State *state, struct Teq1Frame *tx_frame,
313                            struct Teq1Frame *rx_frame,
314                            struct Teq1Frame *next_tx) {
315   /* Rule 1 is enforced by first call∴ Start with I(0,M). */
316   /* 0 = TX, 1 = RX */
317   /* msb = tx pcb, lsb = rx pcb */
318   /* BUG_ON(!rx_frame && !tx_frame && !next_tx); */
319   uint16_t txrx = TEQ1_RULE(tx_frame->header.PCB, rx_frame->header.PCB);
320   uint8_t R_err;
321 
322   while (1) {
323     /* Timeout errors come like invalid frames: 255. */
324     if ((R_err = teq1_frame_error_check(state, tx_frame, rx_frame)) != 0) {
325       ALOGW("incoming frame failed the error check");
326       state->last_error_message = "Invalid frame received";
327       /* Mark the frame as bad for our rule evaluation. */
328       txrx = TEQ1_RULE(tx_frame->header.PCB, 255);
329       state->errors++;
330       /* Rule 6.4 */
331       if (state->errors >= 6) {
332         return kRuleResultResetDevice;
333       }
334       /* Rule 7.4.2 */
335       if (state->errors >= 3) {
336         /* Rule 7.4.1: state should start with error count = 2 */
337         if (tx_frame->header.PCB != S(RESYNC, REQUEST)) {
338           next_tx->header.PCB = S(RESYNC, REQUEST);
339           return kRuleResultContinue;
340         }
341         return kRuleResultRetransmit;
342       }
343     }
344 
345     /* Specific matches */
346     switch (txrx) {
347     /*** Rule 2.1: I() -> I() ***/
348     /* Error check will determine if the card seq is right. */
349     case TEQ1_RULE(I(0, 0), I(0, 0)):
350     case TEQ1_RULE(I(0, 0), I(1, 0)):
351     case TEQ1_RULE(I(1, 0), I(1, 0)):
352     case TEQ1_RULE(I(1, 0), I(0, 0)):
353       /* Read app data & return. */
354       teq1_get_app_data(state, rx_frame);
355       return kRuleResultComplete;
356 
357     /* Card begins chained response. */
358     case TEQ1_RULE(I(0, 0), I(0, 1)):
359     case TEQ1_RULE(I(1, 0), I(1, 1)):
360       /* Prep R(N(S)) */
361       teq1_get_app_data(state, rx_frame);
362       next_tx->header.PCB =
363           TEQ1_R(!bs_get(PCB.I.send_seq, rx_frame->header.PCB), 0, 0);
364       next_tx->header.LEN = 0;
365       return kRuleResultContinue;
366 
367     /*** Rule 2.2, Rule 5: Chained transmission ***/
368     case TEQ1_RULE(I(0, 1), R(1, 0, 0)):
369     case TEQ1_RULE(I(1, 1), R(0, 0, 0)):
370       /* Send next block -- error-checking assures the R seq is our next seq. */
371       next_tx->header.PCB =
372           TEQ1_I(bs_get(PCB.R.next_seq, rx_frame->header.PCB), 0);
373       teq1_fill_info_block(state, next_tx); /* Sets M-bit and LEN. */
374       return kRuleResultContinue;
375 
376     /*** Rule 3 ***/
377     case TEQ1_RULE(I(0, 0), S(WTX, REQUEST)):
378     case TEQ1_RULE(I(1, 0), S(WTX, REQUEST)):
379       /* Note: Spec is unclear on if WTX can occur during chaining so we make it
380       an error for now.
381       case TEQ1_RULE(I(0, 1), S(WTX, REQUEST)):
382       case TEQ1_RULE(I(1, 1), S(WTX, REQUEST)):
383       */
384       /* Send S(WTX, RESPONSE) with same INF */
385       next_tx->header.PCB = S(WTX, RESPONSE);
386       next_tx->header.LEN = 1;
387       next_tx->INF[0] = rx_frame->INF[0];
388       state->wait_mult = rx_frame->INF[0];
389       /* Then wait BWT*INF[0] after transmission. */
390       return kRuleResultSingleShot; /* Send then call back in with same tx_frame
391                                        and new rx_frame. */
392 
393     /*** Rule 4 ***/
394     case TEQ1_RULE(S(IFS, REQUEST), S(IFS, RESPONSE)):
395       /* XXX: Check INFs match. */
396       return kRuleResultComplete; /* This is treated as an unique operation. */
397     case TEQ1_RULE(I(0, 0), S(IFS, REQUEST)):
398     case TEQ1_RULE(I(0, 1), S(IFS, REQUEST)):
399     case TEQ1_RULE(I(1, 0), S(IFS, REQUEST)):
400     case TEQ1_RULE(I(1, 1), S(IFS, REQUEST)):
401     /* Don't support a IFS_REQUEST if we sent an error R-block. */
402     case TEQ1_RULE(R(0, 0, 0), S(IFS, REQUEST)):
403     case TEQ1_RULE(R(1, 0, 0), S(IFS, REQUEST)):
404       next_tx->header.PCB = S(IFS, RESPONSE);
405       next_tx->header.LEN = 1;
406       next_tx->INF[0] = rx_frame->INF[0];
407       state->ifs = rx_frame->INF[0];
408       return kRuleResultSingleShot;
409 
410     /*** Rule 5  (see Rule 2.2 for the chained-tx side. ) ***/
411     case TEQ1_RULE(R(0, 0, 0), I(0, 0)):
412     case TEQ1_RULE(R(1, 0, 0), I(1, 0)):
413       /* Chaining ended with terminal I-block. */
414       teq1_get_app_data(state, rx_frame);
415       return kRuleResultComplete;
416     case TEQ1_RULE(R(0, 0, 0), I(0, 1)):
417     case TEQ1_RULE(R(1, 0, 0), I(1, 1)):
418       /* Chaining continued; consume partial data and send R(N(S)) */
419       teq1_get_app_data(state, rx_frame);
420       /* The card seq bit will be tracked/validated earlier. */
421       next_tx->header.PCB =
422           TEQ1_R(!bs_get(PCB.I.send_seq, rx_frame->header.PCB), 0, 0);
423       return kRuleResultContinue;
424 
425     /* Rule 6: Interface can send a RESYNC */
426     /* Rule 6.1: timeout BWT right. No case here. */
427     /* Rule 6.2, 6.3 */
428     case TEQ1_RULE(S(RESYNC, REQUEST), S(RESYNC, RESPONSE)):
429       /* Rule 6.5: indicates that the card should assume its prior
430        * block was lost _and_ the interface gets transmit privilege,
431        * so we just start fresh.
432        */
433       return kRuleResultResetSession; /* Start a new exchange (rule 6.3) */
434     case TEQ1_RULE(S(RESYNC, REQUEST), 255):
435       /* Retransmit the same frame up to 3 times. */
436       return kRuleResultRetransmit;
437 
438     /* Rule 7.1, 7.5, 7.6 */
439     case TEQ1_RULE(I(0, 0), 255):
440     case TEQ1_RULE(I(1, 0), 255):
441     case TEQ1_RULE(I(0, 1), 255):
442     case TEQ1_RULE(I(1, 1), 255):
443       next_tx->header.PCB = R_err;
444       bs_assign(&next_tx->header.PCB, PCB.R.next_seq,
445                 bs_get(PCB.I.send_seq, tx_frame->header.PCB));
446       ALOGW("Rule 7.1,7.5,7.6: bad rx - sending error R: %x = %s",
447             next_tx->header.PCB, teq1_pcb_to_name(next_tx->header.PCB));
448       return kRuleResultSingleShot; /* So we still can retransmit the original.
449                                        */
450 
451     /* Caught in the error check. */
452     case TEQ1_RULE(I(0, 0), R(1, 0, 0)):
453     case TEQ1_RULE(I(0, 0), R(1, 0, 1)):
454     case TEQ1_RULE(I(0, 0), R(1, 1, 0)):
455     case TEQ1_RULE(I(0, 0), R(1, 1, 1)):
456     case TEQ1_RULE(I(1, 0), R(0, 0, 0)):
457     case TEQ1_RULE(I(1, 0), R(0, 0, 1)):
458     case TEQ1_RULE(I(1, 0), R(0, 1, 0)):
459     case TEQ1_RULE(I(1, 0), R(0, 1, 1)):
460       next_tx->header.PCB =
461           TEQ1_R(bs_get(PCB.I.send_seq, tx_frame->header.PCB), 0, 0);
462       ALOGW("Rule 7.1,7.5,7.6: weird rx - sending error R: %x = %s",
463             next_tx->header.PCB, teq1_pcb_to_name(next_tx->header.PCB));
464       return kRuleResultSingleShot;
465 
466     /* Rule 7.2: Retransmit the _same_ R-block. */
467     /* The remainder of this rule is implemented in the next switch. */
468     case TEQ1_RULE(R(0, 0, 0), 255):
469     case TEQ1_RULE(R(0, 0, 1), 255):
470     case TEQ1_RULE(R(0, 1, 0), 255):
471     case TEQ1_RULE(R(0, 1, 1), 255):
472     case TEQ1_RULE(R(1, 0, 0), 255):
473     case TEQ1_RULE(R(1, 0, 1), 255):
474     case TEQ1_RULE(R(1, 1, 0), 255):
475     case TEQ1_RULE(R(1, 1, 1), 255):
476       return kRuleResultRetransmit;
477 
478     /* Rule 7.3 request */
479     /* Note, 7.3 for transmission of S(*, RESPONSE) won't be seen because they
480      * are
481      * single shots.
482      * Instead, the invalid block will be handled as invalid for the prior TX.
483      * This should yield the correct R-block.
484      */
485     case TEQ1_RULE(I(0, 0), R(0, 0, 0)):
486     case TEQ1_RULE(I(0, 0), R(0, 0, 1)):
487     case TEQ1_RULE(I(0, 0), R(0, 1, 0)):
488     case TEQ1_RULE(I(0, 0), R(0, 1, 1)):
489     case TEQ1_RULE(I(1, 0), R(1, 0, 0)):
490     case TEQ1_RULE(I(1, 0), R(1, 1, 0)):
491     case TEQ1_RULE(I(1, 0), R(1, 0, 1)):
492     case TEQ1_RULE(I(1, 0), R(1, 1, 1)):
493     case TEQ1_RULE(I(0, 1), R(0, 0, 0)):
494     case TEQ1_RULE(I(0, 1), R(0, 1, 0)):
495     case TEQ1_RULE(I(0, 1), R(0, 0, 1)):
496     case TEQ1_RULE(I(0, 1), R(0, 1, 1)):
497     case TEQ1_RULE(I(1, 1), R(1, 0, 0)):
498     case TEQ1_RULE(I(1, 1), R(1, 1, 0)):
499     case TEQ1_RULE(I(1, 1), R(1, 0, 1)):
500     case TEQ1_RULE(I(1, 1), R(1, 1, 1)):
501       /* Retransmit I-block */
502       return kRuleResultRetransmit;
503 
504     /* Rule 8 is card only. */
505     /* Rule 9: aborting a chain.
506      * If a S(ABORT) is injected into this engine, then we may have sent an
507      * abort.
508      */
509     case TEQ1_RULE(S(ABORT, REQUEST), S(ABORT, RESPONSE)):
510       /* No need to send back a R() because we want to keep transmit. */
511       return kRuleResultComplete; /* If we sent it, then we are complete. */
512     case TEQ1_RULE(S(ABORT, RESPONSE), R(0, 0, 0)):
513     case TEQ1_RULE(S(ABORT, RESPONSE), R(1, 0, 0)):
514       /* Card triggered abortion complete but we can resume sending. */
515       return kRuleResultAbort;
516     /* An abort request can interrupt a chain anywhere and could occur
517      * after a failure path too.
518      */
519     case TEQ1_RULE(I(0, 1), S(ABORT, REQUEST)):
520     case TEQ1_RULE(I(1, 1), S(ABORT, REQUEST)):
521     case TEQ1_RULE(R(0, 0, 0), S(ABORT, REQUEST)):
522     case TEQ1_RULE(R(0, 0, 1), S(ABORT, REQUEST)):
523     case TEQ1_RULE(R(0, 1, 0), S(ABORT, REQUEST)):
524     case TEQ1_RULE(R(0, 1, 1), S(ABORT, REQUEST)):
525     case TEQ1_RULE(R(1, 0, 0), S(ABORT, REQUEST)):
526     case TEQ1_RULE(R(1, 0, 1), S(ABORT, REQUEST)):
527     case TEQ1_RULE(R(1, 1, 0), S(ABORT, REQUEST)):
528     case TEQ1_RULE(R(1, 1, 1), S(ABORT, REQUEST)):
529       next_tx->header.PCB = S(ABORT, REQUEST);
530       return kRuleResultContinue; /* Takes over prior flow. */
531     case TEQ1_RULE(S(ABORT, RESPONSE), 255):
532       return kRuleResultRetransmit;
533     /* Note, other blocks should be caught below. */
534     default:
535       break;
536     }
537 
538     /* Note, only S(ABORT, REQUEST) and S(IFS, REQUEST) are supported
539      * for transmitting to the card. Others will result in error
540      * flows.
541      *
542      * For supported flows: If an operation was paused to
543      * send it, the caller may then switch to that state and resume.
544      */
545     if (rx_frame->header.PCB != 255) {
546       ALOGW("Unexpected frame. Marking error and re-evaluating.");
547       rx_frame->header.PCB = 255;
548       continue;
549     }
550 
551     return kRuleResultHardFail;
552   }
553 }
554 
555 /*
556  * TODO(wad): Consider splitting teq1_transcieve() into
557  *   teq1_transcieve_init() and teq1_transceive_process_one()
558  *   if testing becomes onerous given the loop below.
559  */
teq1_transceive(struct EseInterface * ese,const struct Teq1ProtocolOptions * opts,const struct EseSgBuffer * tx_bufs,uint8_t tx_segs,struct EseSgBuffer * rx_bufs,uint8_t rx_segs)560 ESE_API uint32_t teq1_transceive(struct EseInterface *ese,
561                                  const struct Teq1ProtocolOptions *opts,
562                                  const struct EseSgBuffer *tx_bufs,
563                                  uint8_t tx_segs, struct EseSgBuffer *rx_bufs,
564                                  uint8_t rx_segs) {
565   struct Teq1Frame tx_frame[2];
566   struct Teq1Frame rx_frame;
567   struct Teq1Frame *tx = &tx_frame[0];
568   int active = 0;
569   bool was_reset = false;
570   bool needs_hw_reset = false;
571   int session_resets = 0;
572   bool done = false;
573   enum RuleResult result = kRuleResultComplete;
574   uint32_t rx_total = ese_sg_length(rx_bufs, rx_segs);
575   struct Teq1CardState *card_state = (struct Teq1CardState *)(&ese->pad[0]);
576   struct Teq1State init_state = TEQ1_INIT_STATE(
577       tx_bufs, tx_segs, ese_sg_length(tx_bufs, tx_segs), rx_bufs, rx_segs,
578       ese_sg_length(rx_bufs, rx_segs), card_state);
579   struct Teq1State state = TEQ1_INIT_STATE(
580       tx_bufs, tx_segs, ese_sg_length(tx_bufs, tx_segs), rx_bufs, rx_segs,
581       ese_sg_length(rx_bufs, rx_segs), card_state);
582 
583   _static_assert(TEQ1HEADER_SIZE == sizeof(struct Teq1Header),
584                  "Ensure compiler alignment/padding matches wire protocol.");
585   _static_assert(TEQ1FRAME_SIZE == sizeof(struct Teq1Frame),
586                  "Ensure compiler alignment/padding matches wire protocol.");
587 
588   /* First I-block is always I(0, M). After that, modulo 2. */
589   tx->header.PCB = TEQ1_I(!card_state->seq.interface, 0);
590   teq1_fill_info_block(&state, tx);
591 
592   teq1_trace_header();
593   while (!done) {
594     /* Populates the node address and LRC prior to attempting to transmit. */
595     teq1_transmit(ese, opts, tx);
596 
597     /* If tx was pointed to the inactive frame for a single shot, restore it
598      * now. */
599     tx = &tx_frame[active];
600 
601     /* Clear the RX frame. */
602     ese_memset(&rx_frame, 0xff, sizeof(rx_frame));
603 
604     /* -1 indicates a timeout or failure from hardware. */
605     if (teq1_receive(ese, opts, opts->bwt * (float)state.wait_mult, &rx_frame) <
606         0) {
607       /* TODO(wad): If the ese_error(ese) == 1, should this go ahead and fail?
608        */
609       /* Failures are considered invalid blocks in the rule engine below. */
610       rx_frame.header.PCB = 255;
611     }
612     /* Always reset |wait_mult| once we have calculated the timeout. */
613     state.wait_mult = 1;
614 
615     /* Clear the inactive frame header for use as |next_tx|. */
616     ese_memset(&tx_frame[!active].header, 0, sizeof(tx_frame[!active].header));
617 
618     result = teq1_rules(&state, tx, &rx_frame, &tx_frame[!active]);
619     ALOGV("[ %s ]", teq1_rule_result_to_name(result));
620     switch (result) {
621     case kRuleResultComplete:
622       done = true;
623       break;
624     case kRuleResultRetransmit:
625       /* TODO(wad) Find a clean way to move into teq1_rules(). */
626       if (state.retransmits++ < 3) {
627         continue;
628       }
629       ALOGE("More than three retransmits have occurred");
630       if (tx->header.PCB == S(RESYNC, REQUEST)) {
631         /* More than three RESYNC retranmits have occurred. */
632         ese_set_error(ese, kTeq1ErrorHardFail);
633         return 0;
634       }
635       /* Fall through */
636       ALOGE("Triggering resynchronization.");
637       tx_frame[!active].header.PCB = S(RESYNC, REQUEST);
638     case kRuleResultContinue:
639       active = !active;
640       tx = &tx_frame[active];
641       /* Reset this to 0 to use the counter for RESYNC transmits. */
642       state.retransmits = 0;
643       /* Errors are not reset until the session is reset. */
644       continue;
645     case kRuleResultHardFail:
646       ese_set_error(ese, kTeq1ErrorHardFail);
647       return 0;
648     case kRuleResultAbort:
649       ese_set_error(ese, kTeq1ErrorAbort);
650       return 0;
651     case kRuleResultSingleShot:
652       /*
653        * Send the next_tx on loop, but tell the rule engine that
654        * the last sent state hasn't changed. This allows for easy error
655        * and supervisory block paths without nesting state.
656        */
657       tx = &tx_frame[!active];
658       continue;
659     case kRuleResultResetDevice:
660       needs_hw_reset = true;
661     /* Fall through to session reset. */
662     case kRuleResultResetSession:
663       /* Reset to initial state and possibly do hw reset */
664       if (session_resets++ > 4) {
665         /* If there have been more than 4 resyncs without a
666          * physical reset, we should pull the plug.
667          */
668         needs_hw_reset = true;
669       }
670       if (needs_hw_reset) {
671         needs_hw_reset = false;
672         if (was_reset || !ese->ops->hw_reset || ese->ops->hw_reset(ese) == -1) {
673           ese_set_error(ese, kTeq1ErrorDeviceReset);
674           return 0; /* Don't keep resetting -- hard fail. */
675         }
676         was_reset = true;
677         session_resets = 0;
678       }
679       state = init_state;
680       TEQ1_INIT_CARD_STATE(state.card_state);
681       /* Reset the active frame. */
682       ese_memset(tx, 0, sizeof(*tx));
683       /* Load initial I-block. */
684       tx->header.PCB = I(0, 0);
685       teq1_fill_info_block(&state, tx);
686       continue;
687     }
688   }
689   /* Return the number of bytes used in the RX buffers. */
690   return rx_total - state.app_data.rx_total;
691 }
692 
teq1_compute_LRC(const struct Teq1Frame * frame)693 ESE_API uint8_t teq1_compute_LRC(const struct Teq1Frame *frame) {
694   uint8_t lrc = 0;
695   const uint8_t *buffer = frame->val;
696   const uint8_t *end = buffer + frame->header.LEN + sizeof(frame->header);
697   while (buffer < end) {
698     lrc ^= *buffer++;
699   }
700   return lrc;
701 }
702