1 /******************************************************************************
2  *
3  *  Copyright (C) 2011-2014 Broadcom Corporation
4  *
5  *  Licensed under the Apache License, Version 2.0 (the "License");
6  *  you may not use this file except in compliance with the License.
7  *  You may obtain a copy of the License at:
8  *
9  *  http://www.apache.org/licenses/LICENSE-2.0
10  *
11  *  Unless required by applicable law or agreed to in writing, software
12  *  distributed under the License is distributed on an "AS IS" BASIS,
13  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  *  See the License for the specific language governing permissions and
15  *  limitations under the License.
16  *
17  ******************************************************************************/
18 
19 /******************************************************************************
20  *
21  *  This file contains the implementation for ISO 15693 in Reader/Writer
22  *  mode.
23  *
24  ******************************************************************************/
25 #include <log/log.h>
26 #include <string.h>
27 
28 #include <android-base/stringprintf.h>
29 #include <base/logging.h>
30 
31 #include "nfc_target.h"
32 
33 #include "bt_types.h"
34 #include "nfc_api.h"
35 #include "nfc_int.h"
36 #include "rw_api.h"
37 #include "rw_int.h"
38 
39 using android::base::StringPrintf;
40 
41 extern bool nfc_debug_enabled;
42 extern unsigned char appl_dta_mode_flag;
43 
44 /* Response timeout     */
45 #define RW_I93_TOUT_RESP 1000
46 /* stay quiet timeout   */
47 #define RW_I93_TOUT_STAY_QUIET 200
48 /* max reading data if read multi block is supported */
49 #define RW_I93_READ_MULTI_BLOCK_SIZE 128
50 /* CC, zero length NDEF, Terminator TLV              */
51 #define RW_I93_FORMAT_DATA_LEN 8
52 /* max getting lock status if get multi block sec is supported */
53 #define RW_I93_GET_MULTI_BLOCK_SEC_SIZE 253
54 
55 static std::string rw_i93_get_tag_name(uint8_t product_version);
56 
57 static void rw_i93_data_cback(uint8_t conn_id, tNFC_CONN_EVT event,
58                               tNFC_CONN* p_data);
59 void rw_i93_handle_error(tNFC_STATUS status);
60 tNFC_STATUS rw_i93_send_cmd_get_sys_info(uint8_t* p_uid, uint8_t extra_flag);
61 tNFC_STATUS rw_i93_send_cmd_get_ext_sys_info(uint8_t* p_uid);
62 
63 /*******************************************************************************
64 **
65 ** Function         rw_i93_get_product_version
66 **
67 ** Description      Get product version from UID
68 **
69 ** Returns          void
70 **
71 *******************************************************************************/
rw_i93_get_product_version(uint8_t * p_uid)72 void rw_i93_get_product_version(uint8_t* p_uid) {
73   tRW_I93_CB* p_i93 = &rw_cb.tcb.i93;
74 
75   if (!memcmp(p_i93->uid, p_uid, I93_UID_BYTE_LEN)) {
76     return;
77   }
78 
79   DLOG_IF(INFO, nfc_debug_enabled) << __func__;
80 
81   memcpy(p_i93->uid, p_uid, I93_UID_BYTE_LEN);
82 
83   if (p_uid[1] == I93_UID_IC_MFG_CODE_NXP) {
84     if (p_uid[2] == I93_UID_ICODE_SLI)
85       p_i93->product_version = RW_I93_ICODE_SLI;
86     else if (p_uid[2] == I93_UID_ICODE_SLI_S)
87       p_i93->product_version = RW_I93_ICODE_SLI_S;
88     else if (p_uid[2] == I93_UID_ICODE_SLI_L)
89       p_i93->product_version = RW_I93_ICODE_SLI_L;
90     else
91       p_i93->product_version = RW_I93_UNKNOWN_PRODUCT;
92   } else if (p_uid[1] == I93_UID_IC_MFG_CODE_TI) {
93     if ((p_uid[2] & I93_UID_TAG_IT_HF_I_PRODUCT_ID_MASK) ==
94         I93_UID_TAG_IT_HF_I_PLUS_INLAY)
95       p_i93->product_version = RW_I93_TAG_IT_HF_I_PLUS_INLAY;
96     else if ((p_uid[2] & I93_UID_TAG_IT_HF_I_PRODUCT_ID_MASK) ==
97              I93_UID_TAG_IT_HF_I_PLUS_CHIP)
98       p_i93->product_version = RW_I93_TAG_IT_HF_I_PLUS_CHIP;
99     else if ((p_uid[2] & I93_UID_TAG_IT_HF_I_PRODUCT_ID_MASK) ==
100              I93_UID_TAG_IT_HF_I_STD_CHIP_INLAY)
101       p_i93->product_version = RW_I93_TAG_IT_HF_I_STD_CHIP_INLAY;
102     else if ((p_uid[2] & I93_UID_TAG_IT_HF_I_PRODUCT_ID_MASK) ==
103              I93_UID_TAG_IT_HF_I_PRO_CHIP_INLAY)
104       p_i93->product_version = RW_I93_TAG_IT_HF_I_PRO_CHIP_INLAY;
105     else
106       p_i93->product_version = RW_I93_UNKNOWN_PRODUCT;
107   } else if ((p_uid[1] == I93_UID_IC_MFG_CODE_STM) &&
108              (p_i93->info_flags & I93_INFO_FLAG_IC_REF)) {
109     if (p_i93->ic_reference == I93_IC_REF_STM_M24LR04E_R)
110       p_i93->product_version = RW_I93_STM_M24LR04E_R;
111     else if (p_i93->ic_reference == I93_IC_REF_STM_M24LR16E_R)
112       p_i93->product_version = RW_I93_STM_M24LR16E_R;
113     else if (p_i93->ic_reference == I93_IC_REF_STM_M24LR16D_W)
114       p_i93->product_version = RW_I93_STM_M24LR16D_W;
115     else if (p_i93->ic_reference == I93_IC_REF_STM_M24LR64E_R)
116       p_i93->product_version = RW_I93_STM_M24LR64E_R;
117     else if (p_i93->ic_reference == I93_IC_REF_STM_ST25DVHIK)
118       p_i93->product_version = RW_I93_STM_ST25DVHIK;
119     else if (p_i93->ic_reference == I93_IC_REF_STM_ST25DV04K)
120       p_i93->product_version = RW_I93_STM_ST25DV04K;
121     else {
122       switch (p_i93->ic_reference & I93_IC_REF_STM_MASK) {
123         case I93_IC_REF_STM_LRI1K:
124           p_i93->product_version = RW_I93_STM_LRI1K;
125           break;
126         case I93_IC_REF_STM_LRI2K:
127           p_i93->product_version = RW_I93_STM_LRI2K;
128           break;
129         case I93_IC_REF_STM_LRIS2K:
130           p_i93->product_version = RW_I93_STM_LRIS2K;
131           break;
132         case I93_IC_REF_STM_LRIS64K:
133           p_i93->product_version = RW_I93_STM_LRIS64K;
134           break;
135         case I93_IC_REF_STM_M24LR64_R:
136           p_i93->product_version = RW_I93_STM_M24LR64_R;
137           break;
138         default:
139           p_i93->product_version = RW_I93_UNKNOWN_PRODUCT;
140           break;
141       }
142     }
143   } else if ((p_uid[1] == I93_UID_IC_MFG_CODE_ONS) &&
144              (p_i93->info_flags & I93_INFO_FLAG_IC_REF)) {
145       switch (p_i93->ic_reference) {
146         case I93_IC_REF_ONS_N36RW02:
147           p_i93->product_version = RW_I93_ONS_N36RW02;
148           break;
149         case I93_IC_REF_ONS_N24RF04:
150           p_i93->product_version = RW_I93_ONS_N24RF04;
151           break;
152         case I93_IC_REF_ONS_N24RF04E:
153           p_i93->product_version = RW_I93_ONS_N24RF04E;
154           break;
155         case I93_IC_REF_ONS_N24RF16:
156           p_i93->product_version = RW_I93_ONS_N24RF16;
157           break;
158         case I93_IC_REF_ONS_N24RF16E:
159           p_i93->product_version = RW_I93_ONS_N24RF16E;
160           break;
161         case I93_IC_REF_ONS_N24RF64:
162           p_i93->product_version = RW_I93_ONS_N24RF64;
163           break;
164         case I93_IC_REF_ONS_N24RF64E:
165           p_i93->product_version = RW_I93_ONS_N24RF64E;
166           break;
167         default:
168           p_i93->product_version = RW_I93_UNKNOWN_PRODUCT;
169         break;
170       }
171   } else {
172     p_i93->product_version = RW_I93_UNKNOWN_PRODUCT;
173   }
174 
175   DLOG_IF(INFO, nfc_debug_enabled)
176       << StringPrintf("product_version = <%s>",
177                       rw_i93_get_tag_name(p_i93->product_version).c_str());
178 
179   switch (p_i93->product_version) {
180     case RW_I93_TAG_IT_HF_I_STD_CHIP_INLAY:
181     case RW_I93_TAG_IT_HF_I_PRO_CHIP_INLAY:
182       /* these don't support Get System Information Command */
183       /* these support only Inventory, Stay Quiet, Read Single Block, Write
184        * Single Block, Lock Block */
185       p_i93->block_size = I93_TAG_IT_HF_I_STD_PRO_CHIP_INLAY_BLK_SIZE;
186       p_i93->num_block = I93_TAG_IT_HF_I_STD_PRO_CHIP_INLAY_NUM_USER_BLK;
187       break;
188     default:
189       break;
190   }
191 }
192 
193 /*******************************************************************************
194 **
195 ** Function         rw_i93_process_ext_sys_info
196 **
197 ** Description      Store extended system information of tag
198 **
199 ** Returns          FALSE if retrying with protocol extension flag
200 **
201 *******************************************************************************/
rw_i93_process_ext_sys_info(uint8_t * p_data,uint16_t length)202 bool rw_i93_process_ext_sys_info(uint8_t* p_data, uint16_t length) {
203   uint8_t* p = p_data;
204   tRW_I93_CB* p_i93 = &rw_cb.tcb.i93;
205   uint8_t uid[I93_UID_BYTE_LEN], *p_uid;
206 
207   DLOG_IF(INFO, nfc_debug_enabled) << __func__;
208 
209   if (length < (I93_UID_BYTE_LEN + 1)) {
210     android_errorWriteLog(0x534e4554, "122316913");
211     return false;
212   }
213 
214   STREAM_TO_UINT8(p_i93->info_flags, p);
215   length--;
216 
217   p_uid = uid;
218   STREAM_TO_ARRAY8(p_uid, p);
219   length -= I93_UID_BYTE_LEN;
220 
221   if (p_i93->info_flags & I93_INFO_FLAG_DSFID) {
222     if (length < I93_INFO_DSFID_LEN) {
223       android_errorWriteLog(0x534e4554, "122316913");
224       return false;
225     }
226     STREAM_TO_UINT8(p_i93->dsfid, p);
227     length--;
228   }
229   if (p_i93->info_flags & I93_INFO_FLAG_AFI) {
230     if (length < I93_INFO_AFI_LEN) {
231       android_errorWriteLog(0x534e4554, "122316913");
232       return false;
233     }
234     STREAM_TO_UINT8(p_i93->afi, p);
235     length--;
236   }
237   if (p_i93->info_flags & I93_INFO_FLAG_MEM_SIZE) {
238     if (length < I93_INFO_16BIT_NUM_BLOCK_LEN + I93_INFO_BLOCK_SIZE_LEN) {
239       android_errorWriteLog(0x534e4554, "122316913");
240       return false;
241     }
242     STREAM_TO_UINT16(p_i93->num_block, p);
243     length -= I93_INFO_16BIT_NUM_BLOCK_LEN;
244 
245     /* it is one less than actual number of bytes */
246     p_i93->num_block += 1;
247 
248     STREAM_TO_UINT8(p_i93->block_size, p);
249     length--;
250     /* it is one less than actual number of blocks */
251     p_i93->block_size = (p_i93->block_size & 0x1F) + 1;
252   }
253   if (p_i93->info_flags & I93_INFO_FLAG_IC_REF) {
254     if (length < I93_INFO_IC_REF_LEN) {
255       android_errorWriteLog(0x534e4554, "122316913");
256       return false;
257     }
258     STREAM_TO_UINT8(p_i93->ic_reference, p);
259     length--;
260 
261     /* clear existing UID to set product version */
262     p_i93->uid[0] = 0x00;
263 
264     /* store UID and get product version */
265     rw_i93_get_product_version(p_uid);
266 
267     if (p_i93->uid[0] == I93_UID_FIRST_BYTE) {
268       if ((p_i93->uid[1] == I93_UID_IC_MFG_CODE_STM) || (p_i93->uid[1] == I93_UID_IC_MFG_CODE_ONS)){
269         /* STM & ONS supports more than 2040 bytes */
270         p_i93->intl_flags |= RW_I93_FLAG_EXT_COMMANDS;
271       }
272     }
273   }
274   return true;
275 }
276 
277 /*******************************************************************************
278 **
279 ** Function         rw_i93_process_sys_info
280 **
281 ** Description      Store system information of tag
282 **
283 ** Returns          FALSE if retrying with protocol extension flag
284 **
285 *******************************************************************************/
rw_i93_process_sys_info(uint8_t * p_data,uint16_t length)286 bool rw_i93_process_sys_info(uint8_t* p_data, uint16_t length) {
287   uint8_t* p = p_data;
288   tRW_I93_CB* p_i93 = &rw_cb.tcb.i93;
289   uint8_t uid[I93_UID_BYTE_LEN], *p_uid;
290 
291   DLOG_IF(INFO, nfc_debug_enabled) << __func__;
292 
293   if (length < (I93_UID_BYTE_LEN + 1)) {
294     android_errorWriteLog(0x534e4554, "121259048");
295     return false;
296   }
297   STREAM_TO_UINT8(p_i93->info_flags, p);
298   length--;
299 
300   p_uid = uid;
301   STREAM_TO_ARRAY8(p_uid, p);
302   length -= I93_UID_BYTE_LEN;
303 
304   if (p_i93->info_flags & I93_INFO_FLAG_DSFID) {
305     if (length == 0) {
306       android_errorWriteLog(0x534e4554, "121259048");
307       return false;
308     }
309     STREAM_TO_UINT8(p_i93->dsfid, p);
310     length--;
311   }
312   if (p_i93->info_flags & I93_INFO_FLAG_AFI) {
313     if (length == 0) {
314       android_errorWriteLog(0x534e4554, "121259048");
315       return false;
316     }
317     STREAM_TO_UINT8(p_i93->afi, p);
318     length--;
319   }
320   if (p_i93->info_flags & I93_INFO_FLAG_MEM_SIZE) {
321     bool block_16_bit = p_i93->intl_flags & RW_I93_FLAG_16BIT_NUM_BLOCK;
322     if (block_16_bit && length > 2) {
323       STREAM_TO_UINT16(p_i93->num_block, p);
324       length -= 2;
325     } else if (!block_16_bit && length > 1) {
326       STREAM_TO_UINT8(p_i93->num_block, p);
327       length--;
328     } else {
329       android_errorWriteLog(0x534e4554, "121259048");
330       return false;
331     }
332     /* it is one less than actual number of bytes */
333     p_i93->num_block += 1;
334 
335     STREAM_TO_UINT8(p_i93->block_size, p);
336     length--;
337     /* it is one less than actual number of blocks */
338     p_i93->block_size = (p_i93->block_size & 0x1F) + 1;
339   }
340   if (p_i93->info_flags & I93_INFO_FLAG_IC_REF) {
341     if (length == 0) {
342       android_errorWriteLog(0x534e4554, "121259048");
343       return false;
344     }
345     STREAM_TO_UINT8(p_i93->ic_reference, p);
346 
347     /* clear existing UID to set product version */
348     p_i93->uid[0] = 0x00;
349 
350     /* store UID and get product version */
351     rw_i93_get_product_version(p_uid);
352 
353     if (p_i93->uid[0] == I93_UID_FIRST_BYTE) {
354       if ((p_i93->uid[1] == I93_UID_IC_MFG_CODE_NXP) &&
355           (p_i93->ic_reference == I93_IC_REF_ICODE_SLI_L)) {
356         p_i93->num_block = 8;
357         p_i93->block_size = 4;
358       } else if (p_i93->uid[1] == I93_UID_IC_MFG_CODE_STM) {
359         /*
360         **  LRI1K:      010000xx(b), blockSize: 4, numberBlocks: 0x20
361         **  LRI2K:      001000xx(b), blockSize: 4, numberBlocks: 0x40
362         **  LRIS2K:     001010xx(b), blockSize: 4, numberBlocks: 0x40
363         **  LRIS64K:    010001xx(b), blockSize: 4, numberBlocks: 0x800
364         **  M24LR64-R:  001011xx(b), blockSize: 4, numberBlocks: 0x800
365         **  M24LR04E-R: 01011010(b), blockSize: 4, numberBlocks: 0x80
366         **  M24LR16E-R: 01001110(b), blockSize: 4, numberBlocks: 0x200
367         **  M24LR16D-W: 01001101(b), blockSize: 4, numberBlocks: 0x200
368         **  M24LR64E-R: 01011110(b), blockSize: 4, numberBlocks: 0x800
369         */
370         if ((p_i93->product_version == RW_I93_STM_M24LR16E_R) ||
371             (p_i93->product_version == RW_I93_STM_M24LR16D_W) ||
372             (p_i93->product_version == RW_I93_STM_M24LR64E_R)) {
373           /*
374           ** M24LR16E-R or M24LR16D-W or M24LR64E-R returns system information
375           ** without memory size, if option flag is not set.
376           ** LRIS64K and M24LR64-R return error if option flag is not
377           ** set.
378           */
379           if (!(p_i93->intl_flags & RW_I93_FLAG_16BIT_NUM_BLOCK)) {
380             /* get memory size with protocol extension flag */
381             if (rw_i93_send_cmd_get_sys_info(nullptr, I93_FLAG_PROT_EXT_YES) ==
382                 NFC_STATUS_OK) {
383               /* STM supports more than 2040 bytes */
384               p_i93->intl_flags |= RW_I93_FLAG_16BIT_NUM_BLOCK;
385 
386               return false;
387             }
388           }
389         } else if ((p_i93->product_version == RW_I93_STM_LRI2K) &&
390                    (p_i93->ic_reference == 0x21)) {
391           /* workaround of byte order in memory size information */
392           p_i93->num_block = 64;
393           p_i93->block_size = 4;
394         } else if (!(p_i93->info_flags & I93_INFO_FLAG_MEM_SIZE)) {
395           if (!(p_i93->intl_flags & RW_I93_FLAG_EXT_COMMANDS)) {
396             if (rw_i93_send_cmd_get_ext_sys_info(nullptr) == NFC_STATUS_OK) {
397               /* STM supports more than 2040 bytes */
398               p_i93->intl_flags |= RW_I93_FLAG_EXT_COMMANDS;
399 
400               return false;
401             }
402           }
403         }
404       } else if (p_i93->uid[1] == I93_UID_IC_MFG_CODE_ONS) {
405         /*
406         **  N36RW02:  00011010(b), blockSize: 4, numberBlocks: 0x40
407         **  N24RF04:  00101110(b), blockSize: 4, numberBlocks: 0x80
408         **  N24RF04E: 00101010(b), blockSize: 4, numberBlocks: 0x80
409         **  N24RF16:  01001010(b), blockSize: 4, numberBlocks: 0x200
410         **  N24RF16E: 01001110(b), blockSize: 4, numberBlocks: 0x200
411         **  N24RF64:  01101010(b), blockSize: 4, numberBlocks: 0x800
412         **  N24RF64E: 01101110(b), blockSize: 4, numberBlocks: 0x800
413         */
414           p_i93->block_size = 4;
415           switch (p_i93->product_version){
416             case RW_I93_ONS_N36RW02:
417                  p_i93->num_block = 0x40;
418                  break;
419             case RW_I93_ONS_N24RF04:
420             case RW_I93_ONS_N24RF04E:
421                  p_i93->num_block = 0x80;
422                  break;
423             case RW_I93_ONS_N24RF16:
424             case RW_I93_ONS_N24RF16E:
425                  p_i93->num_block = 0x200;
426                  p_i93->intl_flags |= RW_I93_FLAG_16BIT_NUM_BLOCK;
427                  break;
428             case RW_I93_ONS_N24RF64:
429             case RW_I93_ONS_N24RF64E:
430                  p_i93->num_block = 0x800;
431                  p_i93->intl_flags |= RW_I93_FLAG_16BIT_NUM_BLOCK;
432                  break;
433             default:
434                  return false;
435           }
436       }
437     }
438   }
439 
440   return true;
441 }
442 
443 /*******************************************************************************
444 **
445 ** Function         rw_i93_check_sys_info_prot_ext
446 **
447 ** Description      Check if need to set protocol extension flag to get system
448 **                  info
449 **
450 ** Returns          TRUE if sent Get System Info with protocol extension flag
451 **
452 *******************************************************************************/
rw_i93_check_sys_info_prot_ext(uint8_t error_code)453 bool rw_i93_check_sys_info_prot_ext(uint8_t error_code) {
454   tRW_I93_CB* p_i93 = &rw_cb.tcb.i93;
455 
456   DLOG_IF(INFO, nfc_debug_enabled) << __func__;
457 
458   if (((p_i93->uid[1] == I93_UID_IC_MFG_CODE_STM) || (p_i93->uid[1] == I93_UID_IC_MFG_CODE_ONS)) &&
459       (p_i93->sent_cmd == I93_CMD_GET_SYS_INFO) &&
460       (error_code == I93_ERROR_CODE_OPTION_NOT_SUPPORTED) &&
461       (rw_i93_send_cmd_get_sys_info(nullptr, I93_FLAG_PROT_EXT_YES) ==
462        NFC_STATUS_OK)) {
463     return true;
464   } else {
465     return false;
466   }
467 }
468 
469 /*******************************************************************************
470 **
471 ** Function         rw_i93_send_to_upper
472 **
473 ** Description      Send response to upper layer
474 **
475 ** Returns          void
476 **
477 *******************************************************************************/
rw_i93_send_to_upper(NFC_HDR * p_resp)478 void rw_i93_send_to_upper(NFC_HDR* p_resp) {
479   uint8_t *p = (uint8_t*)(p_resp + 1) + p_resp->offset, *p_uid;
480   uint16_t length = p_resp->len;
481   tRW_I93_CB* p_i93 = &rw_cb.tcb.i93;
482   tRW_DATA rw_data;
483   uint8_t event = RW_I93_MAX_EVT;
484   uint8_t flags;
485   NFC_HDR* p_buff;
486 
487   DLOG_IF(INFO, nfc_debug_enabled) << __func__;
488 
489   if (length == 0) {
490     android_errorWriteLog(0x534e4554, "121035878");
491     rw_data.i93_cmd_cmpl.status = NFC_STATUS_FAILED;
492     rw_data.i93_cmd_cmpl.command = p_i93->sent_cmd;
493     rw_cb.tcb.i93.sent_cmd = 0;
494     (*(rw_cb.p_cback))(RW_I93_CMD_CMPL_EVT, &rw_data);
495     return;
496   }
497 
498   STREAM_TO_UINT8(flags, p);
499   length--;
500 
501   if (flags & I93_FLAG_ERROR_DETECTED) {
502     if ((length) && (rw_i93_check_sys_info_prot_ext(*p))) {
503       /* getting system info with protocol extension flag */
504       /* This STM & ONS tag supports more than 2040 bytes */
505       p_i93->intl_flags |= RW_I93_FLAG_16BIT_NUM_BLOCK;
506       p_i93->state = RW_I93_STATE_BUSY;
507     } else if (length) {
508       /* notify error to upper layer */
509       rw_data.i93_cmd_cmpl.status = NFC_STATUS_FAILED;
510       rw_data.i93_cmd_cmpl.command = p_i93->sent_cmd;
511       STREAM_TO_UINT8(rw_data.i93_cmd_cmpl.error_code, p);
512 
513       rw_cb.tcb.i93.sent_cmd = 0;
514       (*(rw_cb.p_cback))(RW_I93_CMD_CMPL_EVT, &rw_data);
515     }
516     return;
517   }
518 
519   switch (p_i93->sent_cmd) {
520     case I93_CMD_INVENTORY:
521       if (length < I93_INFO_DSFID_LEN + I93_UID_BYTE_LEN) return;
522 
523       /* forward inventory response */
524       rw_data.i93_inventory.status = NFC_STATUS_OK;
525       STREAM_TO_UINT8(rw_data.i93_inventory.dsfid, p);
526 
527       p_uid = rw_data.i93_inventory.uid;
528       STREAM_TO_ARRAY8(p_uid, p);
529 
530       /* store UID and get product version */
531       rw_i93_get_product_version(p_uid);
532 
533       event = RW_I93_INVENTORY_EVT;
534       break;
535 
536     case I93_CMD_READ_SINGLE_BLOCK:
537     case I93_CMD_EXT_READ_SINGLE_BLOCK:
538     case I93_CMD_READ_MULTI_BLOCK:
539     case I93_CMD_EXT_READ_MULTI_BLOCK:
540     case I93_CMD_GET_MULTI_BLK_SEC:
541     case I93_CMD_EXT_GET_MULTI_BLK_SEC:
542 
543       /* forward tag data or security status */
544       p_buff = (NFC_HDR*)GKI_getbuf((uint16_t)(length + NFC_HDR_SIZE));
545 
546       if (p_buff) {
547         p_buff->offset = 0;
548         p_buff->len = length;
549 
550         memcpy((p_buff + 1), p, length);
551 
552         rw_data.i93_data.status = NFC_STATUS_OK;
553         rw_data.i93_data.command = p_i93->sent_cmd;
554         rw_data.i93_data.p_data = p_buff;
555 
556         event = RW_I93_DATA_EVT;
557       } else {
558         rw_data.i93_cmd_cmpl.status = NFC_STATUS_NO_BUFFERS;
559         rw_data.i93_cmd_cmpl.command = p_i93->sent_cmd;
560         rw_data.i93_cmd_cmpl.error_code = 0;
561 
562         event = RW_I93_CMD_CMPL_EVT;
563       }
564       break;
565 
566     case I93_CMD_WRITE_SINGLE_BLOCK:
567     case I93_CMD_EXT_WRITE_SINGLE_BLOCK:
568     case I93_CMD_LOCK_BLOCK:
569     case I93_CMD_EXT_LOCK_BLOCK:
570     case I93_CMD_WRITE_MULTI_BLOCK:
571     case I93_CMD_EXT_WRITE_MULTI_BLOCK:
572     case I93_CMD_SELECT:
573     case I93_CMD_RESET_TO_READY:
574     case I93_CMD_WRITE_AFI:
575     case I93_CMD_LOCK_AFI:
576     case I93_CMD_WRITE_DSFID:
577     case I93_CMD_LOCK_DSFID:
578 
579       /* notify the complete of command */
580       rw_data.i93_cmd_cmpl.status = NFC_STATUS_OK;
581       rw_data.i93_cmd_cmpl.command = p_i93->sent_cmd;
582       rw_data.i93_cmd_cmpl.error_code = 0;
583 
584       event = RW_I93_CMD_CMPL_EVT;
585       break;
586 
587     case I93_CMD_GET_SYS_INFO:
588 
589       if (rw_i93_process_sys_info(p, length)) {
590         rw_data.i93_sys_info.status = NFC_STATUS_OK;
591         rw_data.i93_sys_info.info_flags = p_i93->info_flags;
592         rw_data.i93_sys_info.dsfid = p_i93->dsfid;
593         rw_data.i93_sys_info.afi = p_i93->afi;
594         rw_data.i93_sys_info.num_block = p_i93->num_block;
595         rw_data.i93_sys_info.block_size = p_i93->block_size;
596         rw_data.i93_sys_info.IC_reference = p_i93->ic_reference;
597 
598         memcpy(rw_data.i93_sys_info.uid, p_i93->uid, I93_UID_BYTE_LEN);
599 
600         p_i93->i93_t5t_mode = RW_I93_GET_SYS_INFO_MEM_INFO;
601         event = RW_I93_SYS_INFO_EVT;
602       } else {
603         /* retrying with protocol extension flag */
604         p_i93->state = RW_I93_STATE_BUSY;
605         return;
606       }
607       break;
608 
609     case I93_CMD_EXT_GET_SYS_INFO:
610 
611       if (rw_i93_process_ext_sys_info(p, length)) {
612         rw_data.i93_sys_info.status = NFC_STATUS_OK;
613         rw_data.i93_sys_info.info_flags = p_i93->info_flags;
614         rw_data.i93_sys_info.dsfid = p_i93->dsfid;
615         rw_data.i93_sys_info.afi = p_i93->afi;
616         rw_data.i93_sys_info.num_block = p_i93->num_block;
617         rw_data.i93_sys_info.block_size = p_i93->block_size;
618         rw_data.i93_sys_info.IC_reference = p_i93->ic_reference;
619 
620         memcpy(rw_data.i93_sys_info.uid, p_i93->uid, I93_UID_BYTE_LEN);
621 
622         p_i93->i93_t5t_mode = RW_I93_GET_SYS_INFO_MEM_INFO;
623         event = RW_I93_SYS_INFO_EVT;
624       } else {
625         /* retrying with protocol extension flag or with extended sys info
626          * command */
627         p_i93->state = RW_I93_STATE_BUSY;
628         return;
629       }
630       break;
631 
632     default:
633       break;
634   }
635 
636   rw_cb.tcb.i93.sent_cmd = 0;
637   if (event != RW_I93_MAX_EVT) {
638     (*(rw_cb.p_cback))(event, &rw_data);
639   } else {
640     LOG(ERROR) << StringPrintf("Invalid response");
641   }
642 }
643 
644 /*******************************************************************************
645 **
646 ** Function         rw_i93_send_to_lower
647 **
648 ** Description      Send Request frame to lower layer
649 **
650 ** Returns          TRUE if success
651 **
652 *******************************************************************************/
rw_i93_send_to_lower(NFC_HDR * p_msg)653 bool rw_i93_send_to_lower(NFC_HDR* p_msg) {
654   /* store command for retransmitting */
655   if (rw_cb.tcb.i93.p_retry_cmd) {
656     GKI_freebuf(rw_cb.tcb.i93.p_retry_cmd);
657     rw_cb.tcb.i93.p_retry_cmd = nullptr;
658   }
659 
660   uint16_t msg_size = sizeof(NFC_HDR) + p_msg->offset + p_msg->len;
661 
662   rw_cb.tcb.i93.p_retry_cmd = (NFC_HDR*)GKI_getpoolbuf(NFC_RW_POOL_ID);
663 
664   if (rw_cb.tcb.i93.p_retry_cmd &&
665       GKI_get_pool_bufsize(NFC_RW_POOL_ID) >= msg_size) {
666     memcpy(rw_cb.tcb.i93.p_retry_cmd, p_msg, msg_size);
667   } else {
668     LOG(ERROR) << StringPrintf("Memory allocation error");
669     android_errorWriteLog(0x534e4554, "157650357");
670     return false;
671   }
672 
673   if (NFC_SendData(NFC_RF_CONN_ID, p_msg) != NFC_STATUS_OK) {
674     LOG(ERROR) << StringPrintf("failed");
675     return false;
676   }
677 
678   nfc_start_quick_timer(&rw_cb.tcb.i93.timer, NFC_TTYPE_RW_I93_RESPONSE,
679                         (RW_I93_TOUT_RESP * QUICK_TIMER_TICKS_PER_SEC) / 1000);
680 
681   return true;
682 }
683 
684 /*******************************************************************************
685 **
686 ** Function         rw_i93_send_cmd_inventory
687 **
688 ** Description      Send Inventory Request to VICC
689 **
690 ** Returns          tNFC_STATUS
691 **
692 *******************************************************************************/
rw_i93_send_cmd_inventory(uint8_t * p_uid,bool including_afi,uint8_t afi)693 tNFC_STATUS rw_i93_send_cmd_inventory(uint8_t* p_uid, bool including_afi,
694                                       uint8_t afi) {
695   NFC_HDR* p_cmd;
696   uint8_t *p, flags;
697 
698   DLOG_IF(INFO, nfc_debug_enabled)
699       << StringPrintf("including_afi:%d, AFI:0x%02X", including_afi, afi);
700 
701   p_cmd = (NFC_HDR*)GKI_getpoolbuf(NFC_RW_POOL_ID);
702 
703   if (!p_cmd) {
704     LOG(ERROR) << StringPrintf("Cannot allocate buffer");
705     return NFC_STATUS_NO_BUFFERS;
706   }
707 
708   p_cmd->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
709   p_cmd->len = 3;
710   p = (uint8_t*)(p_cmd + 1) + p_cmd->offset;
711 
712   /* Flags */
713   flags = (I93_FLAG_SLOT_ONE | I93_FLAG_INVENTORY_SET |
714            RW_I93_FLAG_SUB_CARRIER | RW_I93_FLAG_DATA_RATE);
715   if (including_afi) {
716     flags |= I93_FLAG_AFI_PRESENT;
717   }
718 
719   UINT8_TO_STREAM(p, flags);
720 
721   /* Command Code */
722   UINT8_TO_STREAM(p, I93_CMD_INVENTORY);
723 
724   if (including_afi) {
725     /* Parameters */
726     UINT8_TO_STREAM(p, afi); /* Optional AFI */
727     p_cmd->len++;
728   }
729 
730   if (p_uid) {
731     UINT8_TO_STREAM(p, I93_UID_BYTE_LEN * 8); /* Mask Length */
732     ARRAY8_TO_STREAM(p, p_uid);               /* UID */
733     p_cmd->len += I93_UID_BYTE_LEN;
734   } else {
735     UINT8_TO_STREAM(p, 0x00); /* Mask Length */
736   }
737 
738   if (rw_i93_send_to_lower(p_cmd)) {
739     rw_cb.tcb.i93.sent_cmd = I93_CMD_INVENTORY;
740     return NFC_STATUS_OK;
741   } else {
742     return NFC_STATUS_FAILED;
743   }
744 }
745 
746 /*******************************************************************************
747 **
748 ** Function         rw_i93_send_cmd_stay_quiet
749 **
750 ** Description      Send Stay Quiet Request to VICC
751 **
752 ** Returns          tNFC_STATUS
753 **
754 *******************************************************************************/
rw_i93_send_cmd_stay_quiet(uint8_t * p_uid)755 tNFC_STATUS rw_i93_send_cmd_stay_quiet(uint8_t* p_uid) {
756   NFC_HDR* p_cmd;
757   uint8_t* p;
758 
759   DLOG_IF(INFO, nfc_debug_enabled) << __func__;
760 
761   p_cmd = (NFC_HDR*)GKI_getpoolbuf(NFC_RW_POOL_ID);
762 
763   if (!p_cmd) {
764     LOG(ERROR) << StringPrintf("Cannot allocate buffer");
765     return NFC_STATUS_NO_BUFFERS;
766   }
767 
768   p_cmd->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
769   p_cmd->len = 10;
770   p = (uint8_t*)(p_cmd + 1) + p_cmd->offset;
771 
772   /* Flags */
773   UINT8_TO_STREAM(p, (I93_FLAG_ADDRESS_SET | RW_I93_FLAG_SUB_CARRIER |
774                       RW_I93_FLAG_DATA_RATE));
775 
776   /* Command Code */
777   UINT8_TO_STREAM(p, I93_CMD_STAY_QUIET);
778 
779   /* Parameters */
780   /* Beware the UID is provided with the same order as the transmission
781      one (LSB first) */
782   ARRAY_TO_STREAM(p, p_uid, I93_UID_BYTE_LEN); /* UID */
783 
784   if (rw_i93_send_to_lower(p_cmd)) {
785     rw_cb.tcb.i93.sent_cmd = I93_CMD_STAY_QUIET;
786 
787     /* restart timer for stay quiet */
788     nfc_start_quick_timer(
789         &rw_cb.tcb.i93.timer, NFC_TTYPE_RW_I93_RESPONSE,
790         (RW_I93_TOUT_STAY_QUIET * QUICK_TIMER_TICKS_PER_SEC) / 1000);
791     return NFC_STATUS_OK;
792   } else {
793     return NFC_STATUS_FAILED;
794   }
795 }
796 
797 /*******************************************************************************
798 **
799 ** Function         rw_i93_send_cmd_read_single_block
800 **
801 ** Description      Send Read Single Block Request to VICC
802 **
803 ** Returns          tNFC_STATUS
804 **
805 *******************************************************************************/
rw_i93_send_cmd_read_single_block(uint16_t block_number,bool read_security)806 tNFC_STATUS rw_i93_send_cmd_read_single_block(uint16_t block_number,
807                                               bool read_security) {
808   NFC_HDR* p_cmd;
809   uint8_t *p, flags;
810   tRW_I93_CB* p_i93 = &rw_cb.tcb.i93;
811 
812   DLOG_IF(INFO, nfc_debug_enabled) << __func__;
813 
814   p_cmd = (NFC_HDR*)GKI_getpoolbuf(NFC_RW_POOL_ID);
815 
816   if (!p_cmd) {
817     LOG(ERROR) << StringPrintf("Cannot allocate buffer");
818     return NFC_STATUS_NO_BUFFERS;
819   }
820 
821   p_cmd->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
822   if (p_i93->addr_mode == RW_I93_MODE_ADDRESSED)
823     p_cmd->len = 11;
824   else
825     p_cmd->len = 3;
826   p = (uint8_t*)(p_cmd + 1) + p_cmd->offset;
827 
828   /* Flags */
829   if (p_i93->addr_mode == RW_I93_MODE_ADDRESSED) {
830     flags = (I93_FLAG_ADDRESS_SET | RW_I93_FLAG_SUB_CARRIER |
831              RW_I93_FLAG_DATA_RATE);
832   } else {
833     flags = (RW_I93_FLAG_SUB_CARRIER | RW_I93_FLAG_DATA_RATE);
834 
835     if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_SELECTED_STATE)
836       flags |= I93_FLAG_SELECT_SET;
837   }
838   if (read_security) flags |= I93_FLAG_OPTION_SET;
839 
840   if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_16BIT_NUM_BLOCK)
841     flags |= I93_FLAG_PROT_EXT_YES;
842 
843   UINT8_TO_STREAM(p, flags);
844 
845   /* Command Code */
846   if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_EXT_COMMANDS) {
847     UINT8_TO_STREAM(p, I93_CMD_EXT_READ_SINGLE_BLOCK);
848   } else {
849     UINT8_TO_STREAM(p, I93_CMD_READ_SINGLE_BLOCK);
850   }
851 
852   /* Parameters */
853   if (flags & I93_FLAG_ADDRESS_SET)
854     ARRAY8_TO_STREAM(p, rw_cb.tcb.i93.uid); /* UID */
855 
856   if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_16BIT_NUM_BLOCK ||
857       rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_EXT_COMMANDS) {
858     UINT16_TO_STREAM(p, block_number); /* Block number */
859     p_cmd->len++;
860   } else {
861     UINT8_TO_STREAM(p, block_number); /* Block number */
862   }
863 
864   if (rw_i93_send_to_lower(p_cmd)) {
865     if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_EXT_COMMANDS)
866       rw_cb.tcb.i93.sent_cmd = I93_CMD_EXT_READ_SINGLE_BLOCK;
867     else
868       rw_cb.tcb.i93.sent_cmd = I93_CMD_READ_SINGLE_BLOCK;
869     return NFC_STATUS_OK;
870   } else {
871     return NFC_STATUS_FAILED;
872   }
873 }
874 
875 /*******************************************************************************
876 **
877 ** Function         rw_i93_send_cmd_write_single_block
878 **
879 ** Description      Send Write Single Block Request to VICC
880 **
881 ** Returns          tNFC_STATUS
882 **
883 *******************************************************************************/
rw_i93_send_cmd_write_single_block(uint16_t block_number,uint8_t * p_data)884 tNFC_STATUS rw_i93_send_cmd_write_single_block(uint16_t block_number,
885                                                uint8_t* p_data) {
886   NFC_HDR* p_cmd;
887   uint8_t *p, flags;
888   tRW_I93_CB* p_i93 = &rw_cb.tcb.i93;
889 
890   DLOG_IF(INFO, nfc_debug_enabled) << __func__;
891 
892   p_cmd = (NFC_HDR*)GKI_getpoolbuf(NFC_RW_POOL_ID);
893 
894   if (!p_cmd) {
895     LOG(ERROR) << StringPrintf("Cannot allocate buffer");
896     return NFC_STATUS_NO_BUFFERS;
897   }
898 
899   p_cmd->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
900   if (p_i93->addr_mode == RW_I93_MODE_ADDRESSED)
901     p_cmd->len = 11 + rw_cb.tcb.i93.block_size;
902   else
903     p_cmd->len = 3 + rw_cb.tcb.i93.block_size;
904   p = (uint8_t*)(p_cmd + 1) + p_cmd->offset;
905 
906   /* Flags */
907   if ((rw_cb.tcb.i93.product_version == RW_I93_TAG_IT_HF_I_PLUS_INLAY) ||
908       (rw_cb.tcb.i93.product_version == RW_I93_TAG_IT_HF_I_PLUS_CHIP) ||
909       (rw_cb.tcb.i93.product_version == RW_I93_TAG_IT_HF_I_STD_CHIP_INLAY) ||
910       (rw_cb.tcb.i93.product_version == RW_I93_TAG_IT_HF_I_PRO_CHIP_INLAY)) {
911     /* Option must be set for TI tag */
912     flags = (I93_FLAG_ADDRESS_SET | I93_FLAG_OPTION_SET |
913              RW_I93_FLAG_SUB_CARRIER | RW_I93_FLAG_DATA_RATE);
914   } else {
915     if (p_i93->addr_mode == RW_I93_MODE_ADDRESSED) {
916       flags = (I93_FLAG_ADDRESS_SET | RW_I93_FLAG_SUB_CARRIER |
917                RW_I93_FLAG_DATA_RATE);
918     } else {
919       flags = (RW_I93_FLAG_SUB_CARRIER | RW_I93_FLAG_DATA_RATE);
920       if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_SELECTED_STATE)
921         flags |= I93_FLAG_SELECT_SET;
922     }
923 
924     if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_SPECIAL_FRAME) {
925       /* Option Flag bit must be set */
926       flags |= I93_FLAG_OPTION_SET;
927     }
928   }
929 
930   if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_16BIT_NUM_BLOCK)
931     flags |= I93_FLAG_PROT_EXT_YES;
932 
933   UINT8_TO_STREAM(p, flags);
934 
935   /* Command Code */
936   if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_EXT_COMMANDS) {
937     UINT8_TO_STREAM(p, I93_CMD_EXT_WRITE_SINGLE_BLOCK);
938   } else {
939     UINT8_TO_STREAM(p, I93_CMD_WRITE_SINGLE_BLOCK);
940   }
941 
942   /* Parameters */
943   if (flags & I93_FLAG_ADDRESS_SET)
944     ARRAY8_TO_STREAM(p, rw_cb.tcb.i93.uid); /* UID */
945 
946   if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_16BIT_NUM_BLOCK ||
947       rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_EXT_COMMANDS) {
948     UINT16_TO_STREAM(p, block_number); /* Block number */
949     p_cmd->len++;
950   } else {
951     UINT8_TO_STREAM(p, block_number); /* Block number */
952   }
953 
954   /* Data */
955   ARRAY_TO_STREAM(p, p_data, rw_cb.tcb.i93.block_size);
956 
957   if (rw_i93_send_to_lower(p_cmd)) {
958     if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_EXT_COMMANDS)
959       rw_cb.tcb.i93.sent_cmd = I93_CMD_EXT_WRITE_SINGLE_BLOCK;
960     else
961       rw_cb.tcb.i93.sent_cmd = I93_CMD_WRITE_SINGLE_BLOCK;
962     return NFC_STATUS_OK;
963   } else {
964     return NFC_STATUS_FAILED;
965   }
966 }
967 
968 /*******************************************************************************
969 **
970 ** Function         rw_i93_send_cmd_lock_block
971 **
972 ** Description      Send Lock Block Request to VICC
973 **
974 **                  STM LRIS64K, M24LR64-R, M24LR04E-R, M24LR16E-R, M24LR64E-R,
975 **                  M24LR16D-W do not support.
976 **
977 ** Returns          tNFC_STATUS
978 **
979 *******************************************************************************/
rw_i93_send_cmd_lock_block(uint16_t block_number)980 tNFC_STATUS rw_i93_send_cmd_lock_block(uint16_t block_number) {
981   NFC_HDR* p_cmd;
982   uint8_t* p;
983   tRW_I93_CB* p_i93 = &rw_cb.tcb.i93;
984   uint8_t flags;
985 
986   DLOG_IF(INFO, nfc_debug_enabled) << __func__;
987 
988   p_cmd = (NFC_HDR*)GKI_getpoolbuf(NFC_RW_POOL_ID);
989 
990   if (!p_cmd) {
991     LOG(ERROR) << StringPrintf("Cannot allocate buffer");
992     return NFC_STATUS_NO_BUFFERS;
993   }
994 
995   p_cmd->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
996   if (p_i93->addr_mode == RW_I93_MODE_ADDRESSED)
997     p_cmd->len = 11;
998   else
999     p_cmd->len = 3;
1000   p = (uint8_t*)(p_cmd + 1) + p_cmd->offset;
1001 
1002   /* Flags */
1003   if ((rw_cb.tcb.i93.product_version == RW_I93_TAG_IT_HF_I_PLUS_INLAY) ||
1004       (rw_cb.tcb.i93.product_version == RW_I93_TAG_IT_HF_I_PLUS_CHIP) ||
1005       (rw_cb.tcb.i93.product_version == RW_I93_TAG_IT_HF_I_STD_CHIP_INLAY) ||
1006       (rw_cb.tcb.i93.product_version == RW_I93_TAG_IT_HF_I_PRO_CHIP_INLAY)) {
1007     /* Option must be set for TI tag */
1008     UINT8_TO_STREAM(p, (I93_FLAG_ADDRESS_SET | I93_FLAG_OPTION_SET |
1009                         RW_I93_FLAG_SUB_CARRIER | RW_I93_FLAG_DATA_RATE));
1010   } else {
1011     if (p_i93->addr_mode == RW_I93_MODE_ADDRESSED) {
1012       /* Address Mode Selector must be set */
1013       flags = I93_FLAG_ADDRESS_SET | RW_I93_FLAG_SUB_CARRIER |
1014               RW_I93_FLAG_DATA_RATE;
1015     } else {
1016       flags = RW_I93_FLAG_SUB_CARRIER | RW_I93_FLAG_DATA_RATE;
1017 
1018       if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_SELECTED_STATE)
1019         flags |= I93_FLAG_SELECT_SET;
1020     }
1021     if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_SPECIAL_FRAME) {
1022       /* Option Flag bit must be set */
1023       flags |= I93_FLAG_OPTION_SET;
1024     }
1025     UINT8_TO_STREAM(p, flags);
1026   }
1027 
1028   /* Command Code */
1029   if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_EXT_COMMANDS) {
1030     UINT8_TO_STREAM(p, I93_CMD_EXT_LOCK_BLOCK);
1031   } else {
1032     UINT8_TO_STREAM(p, I93_CMD_LOCK_BLOCK);
1033   }
1034 
1035   /* Parameters */
1036   if (p_i93->addr_mode == RW_I93_MODE_ADDRESSED)
1037     ARRAY8_TO_STREAM(p, rw_cb.tcb.i93.uid); /* UID */
1038 
1039   if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_EXT_COMMANDS) {
1040     UINT16_TO_STREAM(p, block_number); /* Block number */
1041     p_cmd->len++;
1042   } else {
1043     UINT8_TO_STREAM(p, block_number); /* Block number */
1044   }
1045 
1046   if (rw_i93_send_to_lower(p_cmd)) {
1047     if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_EXT_COMMANDS)
1048       rw_cb.tcb.i93.sent_cmd = I93_CMD_EXT_LOCK_BLOCK;
1049     else
1050       rw_cb.tcb.i93.sent_cmd = I93_CMD_LOCK_BLOCK;
1051     return NFC_STATUS_OK;
1052   } else {
1053     return NFC_STATUS_FAILED;
1054   }
1055 }
1056 
1057 /*******************************************************************************
1058 **
1059 ** Function         rw_i93_send_cmd_read_multi_blocks
1060 **
1061 ** Description      Send Read Multiple Blocks Request to VICC
1062 **
1063 ** Returns          tNFC_STATUS
1064 **
1065 *******************************************************************************/
rw_i93_send_cmd_read_multi_blocks(uint16_t first_block_number,uint16_t number_blocks)1066 tNFC_STATUS rw_i93_send_cmd_read_multi_blocks(uint16_t first_block_number,
1067                                               uint16_t number_blocks) {
1068   NFC_HDR* p_cmd;
1069   uint8_t *p, flags;
1070   tRW_I93_CB* p_i93 = &rw_cb.tcb.i93;
1071 
1072   DLOG_IF(INFO, nfc_debug_enabled) << __func__;
1073 
1074   p_cmd = (NFC_HDR*)GKI_getpoolbuf(NFC_RW_POOL_ID);
1075 
1076   if (!p_cmd) {
1077     LOG(ERROR) << StringPrintf("Cannot allocate buffer");
1078     return NFC_STATUS_NO_BUFFERS;
1079   }
1080 
1081   p_cmd->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
1082   if (p_i93->addr_mode == RW_I93_MODE_ADDRESSED)
1083     p_cmd->len = 12;
1084   else
1085     p_cmd->len = 4;
1086   p = (uint8_t*)(p_cmd + 1) + p_cmd->offset;
1087 
1088   /* Flags */
1089   if (p_i93->addr_mode == RW_I93_MODE_ADDRESSED) {
1090     flags = (I93_FLAG_ADDRESS_SET | RW_I93_FLAG_SUB_CARRIER |
1091              RW_I93_FLAG_DATA_RATE);
1092   } else {
1093     flags = (RW_I93_FLAG_SUB_CARRIER | RW_I93_FLAG_DATA_RATE);
1094 
1095     if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_SELECTED_STATE)
1096       flags |= I93_FLAG_SELECT_SET;
1097   }
1098 
1099   if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_16BIT_NUM_BLOCK) {
1100     flags |= I93_FLAG_PROT_EXT_YES;
1101   }
1102 
1103   UINT8_TO_STREAM(p, flags);
1104 
1105   /* Command Code */
1106   if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_EXT_COMMANDS) {
1107     UINT8_TO_STREAM(p, I93_CMD_EXT_READ_MULTI_BLOCK);
1108   } else {
1109     UINT8_TO_STREAM(p, I93_CMD_READ_MULTI_BLOCK);
1110   }
1111 
1112   /* Parameters */
1113   if (flags & I93_FLAG_ADDRESS_SET)
1114     ARRAY8_TO_STREAM(p, rw_cb.tcb.i93.uid); /* UID */
1115 
1116   if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_16BIT_NUM_BLOCK ||
1117       rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_EXT_COMMANDS) {
1118     UINT16_TO_STREAM(p, first_block_number); /* First block number */
1119     p_cmd->len++;
1120   } else {
1121     UINT8_TO_STREAM(p, first_block_number); /* First block number */
1122   }
1123 
1124   if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_EXT_COMMANDS) {
1125     UINT16_TO_STREAM(
1126         p, number_blocks - 1); /* Number of blocks, 0x00 to read one block */
1127     p_cmd->len++;
1128   } else {
1129     UINT8_TO_STREAM(
1130         p, number_blocks - 1); /* Number of blocks, 0x00 to read one block */
1131   }
1132 
1133   if (rw_i93_send_to_lower(p_cmd)) {
1134     if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_EXT_COMMANDS)
1135       rw_cb.tcb.i93.sent_cmd = I93_CMD_EXT_READ_MULTI_BLOCK;
1136     else
1137       rw_cb.tcb.i93.sent_cmd = I93_CMD_READ_MULTI_BLOCK;
1138     return NFC_STATUS_OK;
1139   } else {
1140     return NFC_STATUS_FAILED;
1141   }
1142 }
1143 
1144 /*******************************************************************************
1145 **
1146 ** Function         rw_i93_send_cmd_write_multi_blocks
1147 **
1148 ** Description      Send Write Multiple Blocks Request to VICC
1149 **
1150 ** Returns          tNFC_STATUS
1151 **
1152 *******************************************************************************/
rw_i93_send_cmd_write_multi_blocks(uint16_t first_block_number,uint16_t number_blocks,uint8_t * p_data)1153 tNFC_STATUS rw_i93_send_cmd_write_multi_blocks(uint16_t first_block_number,
1154                                                uint16_t number_blocks,
1155                                                uint8_t* p_data) {
1156   NFC_HDR* p_cmd;
1157   uint8_t* p;
1158 
1159   DLOG_IF(INFO, nfc_debug_enabled) << __func__;
1160 
1161   if (number_blocks * rw_cb.tcb.i93.block_size >
1162       GKI_get_pool_bufsize(NFC_RW_POOL_ID) - NCI_MSG_OFFSET_SIZE -
1163           NCI_DATA_HDR_SIZE - 1 -
1164           (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_EXT_COMMANDS ? 2 : 0) - 12) {
1165     android_errorWriteLog(0x534e4554, "157650365");
1166     return NFC_STATUS_FAILED;
1167   }
1168   p_cmd = (NFC_HDR*)GKI_getpoolbuf(NFC_RW_POOL_ID);
1169 
1170   if (!p_cmd) {
1171     LOG(ERROR) << StringPrintf("Cannot allocate buffer");
1172     return NFC_STATUS_NO_BUFFERS;
1173   }
1174 
1175   p_cmd->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
1176   p_cmd->len = 12 + number_blocks * rw_cb.tcb.i93.block_size;
1177   p = (uint8_t*)(p_cmd + 1) + p_cmd->offset;
1178 
1179   /* Flags */
1180   UINT8_TO_STREAM(p, (I93_FLAG_ADDRESS_SET | RW_I93_FLAG_SUB_CARRIER |
1181                       RW_I93_FLAG_DATA_RATE));
1182 
1183   /* Command Code */
1184   if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_EXT_COMMANDS) {
1185     INT8_TO_STREAM(p, I93_CMD_EXT_WRITE_MULTI_BLOCK);
1186   } else {
1187     UINT8_TO_STREAM(p, I93_CMD_WRITE_MULTI_BLOCK);
1188   }
1189 
1190   /* Parameters */
1191   ARRAY8_TO_STREAM(p, rw_cb.tcb.i93.uid); /* UID */
1192   if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_EXT_COMMANDS) {
1193     UINT16_TO_STREAM(p, first_block_number); /* Block number */
1194     UINT16_TO_STREAM(
1195         p, number_blocks - 1); /* Number of blocks, 0x00 to read one block */
1196     p_cmd->len += 2;
1197   } else {
1198     UINT8_TO_STREAM(p, first_block_number); /* Block number */
1199     UINT8_TO_STREAM(
1200         p, number_blocks - 1); /* Number of blocks, 0x00 to read one block */
1201   }
1202 
1203   /* Data */
1204   ARRAY_TO_STREAM(p, p_data, number_blocks * rw_cb.tcb.i93.block_size);
1205 
1206   if (rw_i93_send_to_lower(p_cmd)) {
1207     if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_EXT_COMMANDS)
1208       rw_cb.tcb.i93.sent_cmd = I93_CMD_EXT_WRITE_MULTI_BLOCK;
1209     else
1210       rw_cb.tcb.i93.sent_cmd = I93_CMD_WRITE_MULTI_BLOCK;
1211     return NFC_STATUS_OK;
1212   } else {
1213     return NFC_STATUS_FAILED;
1214   }
1215 }
1216 
1217 /*******************************************************************************
1218 **
1219 ** Function         rw_i93_send_cmd_select
1220 **
1221 ** Description      Send Select Request to VICC
1222 **
1223 ** Returns          tNFC_STATUS
1224 **
1225 *******************************************************************************/
rw_i93_send_cmd_select(uint8_t * p_uid)1226 tNFC_STATUS rw_i93_send_cmd_select(uint8_t* p_uid) {
1227   NFC_HDR* p_cmd;
1228   uint8_t* p;
1229 
1230   DLOG_IF(INFO, nfc_debug_enabled) << __func__;
1231 
1232   p_cmd = (NFC_HDR*)GKI_getpoolbuf(NFC_RW_POOL_ID);
1233 
1234   if (!p_cmd) {
1235     LOG(ERROR) << StringPrintf("Cannot allocate buffer");
1236     return NFC_STATUS_NO_BUFFERS;
1237   }
1238 
1239   p_cmd->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
1240   p_cmd->len = 10;
1241   p = (uint8_t*)(p_cmd + 1) + p_cmd->offset;
1242 
1243   /* Flags */
1244   UINT8_TO_STREAM(p, (I93_FLAG_ADDRESS_SET | RW_I93_FLAG_SUB_CARRIER |
1245                       RW_I93_FLAG_DATA_RATE));
1246 
1247   /* Command Code */
1248   UINT8_TO_STREAM(p, I93_CMD_SELECT);
1249 
1250   /* Parameters */
1251   /* Beware the UID is provided with the same order as the transmission
1252      one (LSB first) */
1253   ARRAY_TO_STREAM(p, p_uid, I93_UID_BYTE_LEN); /* UID */
1254 
1255   if (rw_i93_send_to_lower(p_cmd)) {
1256     rw_cb.tcb.i93.sent_cmd = I93_CMD_SELECT;
1257     return NFC_STATUS_OK;
1258   } else {
1259     return NFC_STATUS_FAILED;
1260   }
1261 }
1262 
1263 /*******************************************************************************
1264 **
1265 ** Function         rw_i93_send_cmd_reset_to_ready
1266 **
1267 ** Description      Send Reset to Ready Request to VICC
1268 **
1269 ** Returns          tNFC_STATUS
1270 **
1271 *******************************************************************************/
rw_i93_send_cmd_reset_to_ready(void)1272 tNFC_STATUS rw_i93_send_cmd_reset_to_ready(void) {
1273   NFC_HDR* p_cmd;
1274   uint8_t* p;
1275 
1276   DLOG_IF(INFO, nfc_debug_enabled) << __func__;
1277 
1278   p_cmd = (NFC_HDR*)GKI_getpoolbuf(NFC_RW_POOL_ID);
1279 
1280   if (!p_cmd) {
1281     LOG(ERROR) << StringPrintf("Cannot allocate buffer");
1282     return NFC_STATUS_NO_BUFFERS;
1283   }
1284 
1285   p_cmd->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
1286   p_cmd->len = 10;
1287   p = (uint8_t*)(p_cmd + 1) + p_cmd->offset;
1288 
1289   /* Flags */
1290   UINT8_TO_STREAM(p, (I93_FLAG_ADDRESS_SET | RW_I93_FLAG_SUB_CARRIER |
1291                       RW_I93_FLAG_DATA_RATE));
1292 
1293   /* Command Code */
1294   UINT8_TO_STREAM(p, I93_CMD_RESET_TO_READY);
1295 
1296   /* Parameters */
1297   ARRAY8_TO_STREAM(p, rw_cb.tcb.i93.uid); /* UID */
1298 
1299   if (rw_i93_send_to_lower(p_cmd)) {
1300     rw_cb.tcb.i93.sent_cmd = I93_CMD_RESET_TO_READY;
1301     return NFC_STATUS_OK;
1302   } else {
1303     return NFC_STATUS_FAILED;
1304   }
1305 }
1306 
1307 /*******************************************************************************
1308 **
1309 ** Function         rw_i93_send_cmd_write_afi
1310 **
1311 ** Description      Send Write AFI Request to VICC
1312 **
1313 ** Returns          tNFC_STATUS
1314 **
1315 *******************************************************************************/
rw_i93_send_cmd_write_afi(uint8_t afi)1316 tNFC_STATUS rw_i93_send_cmd_write_afi(uint8_t afi) {
1317   NFC_HDR* p_cmd;
1318   uint8_t* p;
1319 
1320   DLOG_IF(INFO, nfc_debug_enabled) << __func__;
1321 
1322   p_cmd = (NFC_HDR*)GKI_getpoolbuf(NFC_RW_POOL_ID);
1323 
1324   if (!p_cmd) {
1325     LOG(ERROR) << StringPrintf("Cannot allocate buffer");
1326     return NFC_STATUS_NO_BUFFERS;
1327   }
1328 
1329   p_cmd->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
1330   p_cmd->len = 11;
1331   p = (uint8_t*)(p_cmd + 1) + p_cmd->offset;
1332 
1333   /* Flags */
1334   UINT8_TO_STREAM(p, (I93_FLAG_ADDRESS_SET | RW_I93_FLAG_SUB_CARRIER |
1335                       RW_I93_FLAG_DATA_RATE));
1336 
1337   /* Command Code */
1338   UINT8_TO_STREAM(p, I93_CMD_WRITE_AFI);
1339 
1340   /* Parameters */
1341   ARRAY8_TO_STREAM(p, rw_cb.tcb.i93.uid); /* UID */
1342   UINT8_TO_STREAM(p, afi);                /* AFI */
1343 
1344   if (rw_i93_send_to_lower(p_cmd)) {
1345     rw_cb.tcb.i93.sent_cmd = I93_CMD_WRITE_AFI;
1346     return NFC_STATUS_OK;
1347   } else {
1348     return NFC_STATUS_FAILED;
1349   }
1350 }
1351 
1352 /*******************************************************************************
1353 **
1354 ** Function         rw_i93_send_cmd_lock_afi
1355 **
1356 ** Description      Send Lock AFI Request to VICC
1357 **
1358 ** Returns          tNFC_STATUS
1359 **
1360 *******************************************************************************/
rw_i93_send_cmd_lock_afi(void)1361 tNFC_STATUS rw_i93_send_cmd_lock_afi(void) {
1362   NFC_HDR* p_cmd;
1363   uint8_t* p;
1364 
1365   DLOG_IF(INFO, nfc_debug_enabled) << __func__;
1366 
1367   p_cmd = (NFC_HDR*)GKI_getpoolbuf(NFC_RW_POOL_ID);
1368 
1369   if (!p_cmd) {
1370     LOG(ERROR) << StringPrintf("Cannot allocate buffer");
1371     return NFC_STATUS_NO_BUFFERS;
1372   }
1373 
1374   p_cmd->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
1375   p_cmd->len = 10;
1376   p = (uint8_t*)(p_cmd + 1) + p_cmd->offset;
1377 
1378   /* Flags */
1379   UINT8_TO_STREAM(p, (I93_FLAG_ADDRESS_SET | RW_I93_FLAG_SUB_CARRIER |
1380                       RW_I93_FLAG_DATA_RATE));
1381 
1382   /* Command Code */
1383   UINT8_TO_STREAM(p, I93_CMD_LOCK_AFI);
1384 
1385   /* Parameters */
1386   ARRAY8_TO_STREAM(p, rw_cb.tcb.i93.uid); /* UID */
1387 
1388   if (rw_i93_send_to_lower(p_cmd)) {
1389     rw_cb.tcb.i93.sent_cmd = I93_CMD_LOCK_AFI;
1390     return NFC_STATUS_OK;
1391   } else {
1392     return NFC_STATUS_FAILED;
1393   }
1394 }
1395 
1396 /*******************************************************************************
1397 **
1398 ** Function         rw_i93_send_cmd_write_dsfid
1399 **
1400 ** Description      Send Write DSFID Request to VICC
1401 **
1402 ** Returns          tNFC_STATUS
1403 **
1404 *******************************************************************************/
rw_i93_send_cmd_write_dsfid(uint8_t dsfid)1405 tNFC_STATUS rw_i93_send_cmd_write_dsfid(uint8_t dsfid) {
1406   NFC_HDR* p_cmd;
1407   uint8_t* p;
1408 
1409   DLOG_IF(INFO, nfc_debug_enabled) << __func__;
1410 
1411   p_cmd = (NFC_HDR*)GKI_getpoolbuf(NFC_RW_POOL_ID);
1412 
1413   if (!p_cmd) {
1414     LOG(ERROR) << StringPrintf("Cannot allocate buffer");
1415     return NFC_STATUS_NO_BUFFERS;
1416   }
1417 
1418   p_cmd->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
1419   p_cmd->len = 11;
1420   p = (uint8_t*)(p_cmd + 1) + p_cmd->offset;
1421 
1422   /* Flags */
1423   UINT8_TO_STREAM(p, (I93_FLAG_ADDRESS_SET | RW_I93_FLAG_SUB_CARRIER |
1424                       RW_I93_FLAG_DATA_RATE));
1425 
1426   /* Command Code */
1427   UINT8_TO_STREAM(p, I93_CMD_WRITE_DSFID);
1428 
1429   /* Parameters */
1430   ARRAY8_TO_STREAM(p, rw_cb.tcb.i93.uid); /* UID */
1431   UINT8_TO_STREAM(p, dsfid);              /* DSFID */
1432 
1433   if (rw_i93_send_to_lower(p_cmd)) {
1434     rw_cb.tcb.i93.sent_cmd = I93_CMD_WRITE_DSFID;
1435     return NFC_STATUS_OK;
1436   } else {
1437     return NFC_STATUS_FAILED;
1438   }
1439 }
1440 
1441 /*******************************************************************************
1442 **
1443 ** Function         rw_i93_send_cmd_lock_dsfid
1444 **
1445 ** Description      Send Lock DSFID Request to VICC
1446 **
1447 ** Returns          tNFC_STATUS
1448 **
1449 *******************************************************************************/
rw_i93_send_cmd_lock_dsfid(void)1450 tNFC_STATUS rw_i93_send_cmd_lock_dsfid(void) {
1451   NFC_HDR* p_cmd;
1452   uint8_t* p;
1453 
1454   DLOG_IF(INFO, nfc_debug_enabled) << __func__;
1455 
1456   p_cmd = (NFC_HDR*)GKI_getpoolbuf(NFC_RW_POOL_ID);
1457 
1458   if (!p_cmd) {
1459     LOG(ERROR) << StringPrintf("Cannot allocate buffer");
1460     return NFC_STATUS_NO_BUFFERS;
1461   }
1462 
1463   p_cmd->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
1464   p_cmd->len = 10;
1465   p = (uint8_t*)(p_cmd + 1) + p_cmd->offset;
1466 
1467   /* Flags */
1468   UINT8_TO_STREAM(p, (I93_FLAG_ADDRESS_SET | RW_I93_FLAG_SUB_CARRIER |
1469                       RW_I93_FLAG_DATA_RATE));
1470 
1471   /* Command Code */
1472   UINT8_TO_STREAM(p, I93_CMD_LOCK_DSFID);
1473 
1474   /* Parameters */
1475   ARRAY8_TO_STREAM(p, rw_cb.tcb.i93.uid); /* UID */
1476 
1477   if (rw_i93_send_to_lower(p_cmd)) {
1478     rw_cb.tcb.i93.sent_cmd = I93_CMD_LOCK_DSFID;
1479     return NFC_STATUS_OK;
1480   } else {
1481     return NFC_STATUS_FAILED;
1482   }
1483 }
1484 
1485 /*******************************************************************************
1486 **
1487 ** Function         rw_i93_send_cmd_get_ext_sys_info
1488 **
1489 ** Description      Send Get Extended System Information Request to VICC
1490 **
1491 ** Returns          tNFC_STATUS
1492 **
1493 *******************************************************************************/
rw_i93_send_cmd_get_ext_sys_info(uint8_t * p_uid)1494 tNFC_STATUS rw_i93_send_cmd_get_ext_sys_info(uint8_t* p_uid) {
1495   NFC_HDR* p_cmd;
1496   uint8_t* p;
1497 
1498   DLOG_IF(INFO, nfc_debug_enabled) << __func__;
1499 
1500   p_cmd = (NFC_HDR*)GKI_getpoolbuf(NFC_RW_POOL_ID);
1501 
1502   if (!p_cmd) {
1503     DLOG_IF(INFO, nfc_debug_enabled) << __func__ << "Cannot allocate buffer";
1504     return NFC_STATUS_NO_BUFFERS;
1505   }
1506 
1507   p_cmd->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
1508   p_cmd->len = 11;
1509   p = (uint8_t*)(p_cmd + 1) + p_cmd->offset;
1510 
1511   /* Flags */
1512   UINT8_TO_STREAM(p, (I93_FLAG_ADDRESS_SET | RW_I93_FLAG_SUB_CARRIER |
1513                       RW_I93_FLAG_DATA_RATE));
1514 
1515   /* Command Code */
1516   UINT8_TO_STREAM(p, I93_CMD_EXT_GET_SYS_INFO);
1517 
1518   /* Parameters request field */
1519   UINT8_TO_STREAM(p,
1520                   (I93_INFO_FLAG_MOI | I93_INFO_FLAG_DSFID | I93_INFO_FLAG_AFI |
1521                    I93_INFO_FLAG_MEM_SIZE | I93_INFO_FLAG_IC_REF));
1522 
1523   /* Parameters */
1524   if (p_uid) {
1525     ARRAY8_TO_STREAM(p, p_uid); /* UID */
1526   } else {
1527     ARRAY8_TO_STREAM(p, rw_cb.tcb.i93.uid); /* UID */
1528   }
1529 
1530   if (rw_i93_send_to_lower(p_cmd)) {
1531     rw_cb.tcb.i93.sent_cmd = I93_CMD_EXT_GET_SYS_INFO;
1532     return NFC_STATUS_OK;
1533   } else {
1534     return NFC_STATUS_FAILED;
1535   }
1536 }
1537 
1538 /*******************************************************************************
1539 **
1540 ** Function         rw_i93_send_cmd_get_sys_info
1541 **
1542 ** Description      Send Get System Information Request to VICC
1543 **
1544 ** Returns          tNFC_STATUS
1545 **
1546 *******************************************************************************/
rw_i93_send_cmd_get_sys_info(uint8_t * p_uid,uint8_t extra_flags)1547 tNFC_STATUS rw_i93_send_cmd_get_sys_info(uint8_t* p_uid, uint8_t extra_flags) {
1548   NFC_HDR* p_cmd;
1549   uint8_t* p;
1550 
1551   DLOG_IF(INFO, nfc_debug_enabled) << __func__;
1552 
1553   p_cmd = (NFC_HDR*)GKI_getpoolbuf(NFC_RW_POOL_ID);
1554 
1555   if (!p_cmd) {
1556     LOG(ERROR) << StringPrintf("Cannot allocate buffer");
1557     return NFC_STATUS_NO_BUFFERS;
1558   }
1559 
1560   p_cmd->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
1561   p_cmd->len = 10;
1562   p = (uint8_t*)(p_cmd + 1) + p_cmd->offset;
1563 
1564   /* Flags */
1565   UINT8_TO_STREAM(p, (I93_FLAG_ADDRESS_SET | RW_I93_FLAG_SUB_CARRIER |
1566                       RW_I93_FLAG_DATA_RATE | extra_flags));
1567 
1568   /* Command Code */
1569   UINT8_TO_STREAM(p, I93_CMD_GET_SYS_INFO);
1570 
1571   /* Parameters */
1572   if (p_uid) {
1573     ARRAY8_TO_STREAM(p, p_uid); /* UID */
1574   } else {
1575     ARRAY8_TO_STREAM(p, rw_cb.tcb.i93.uid); /* UID */
1576   }
1577 
1578   if (rw_i93_send_to_lower(p_cmd)) {
1579     rw_cb.tcb.i93.sent_cmd = I93_CMD_GET_SYS_INFO;
1580     return NFC_STATUS_OK;
1581   } else {
1582     return NFC_STATUS_FAILED;
1583   }
1584 }
1585 
1586 /*******************************************************************************
1587 **
1588 ** Function         rw_i93_send_cmd_get_multi_block_sec
1589 **
1590 ** Description      Send Get Multiple Block Security Status Request to VICC
1591 **
1592 ** Returns          tNFC_STATUS
1593 **
1594 *******************************************************************************/
rw_i93_send_cmd_get_multi_block_sec(uint16_t first_block_number,uint16_t number_blocks)1595 tNFC_STATUS rw_i93_send_cmd_get_multi_block_sec(uint16_t first_block_number,
1596                                                 uint16_t number_blocks) {
1597   NFC_HDR* p_cmd;
1598   uint8_t *p, flags;
1599 
1600   DLOG_IF(INFO, nfc_debug_enabled) << __func__;
1601 
1602   p_cmd = (NFC_HDR*)GKI_getpoolbuf(NFC_RW_POOL_ID);
1603 
1604   if (!p_cmd) {
1605     LOG(ERROR) << StringPrintf("Cannot allocate buffer");
1606     return NFC_STATUS_NO_BUFFERS;
1607   }
1608 
1609   p_cmd->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
1610   p_cmd->len = 12;
1611   p = (uint8_t*)(p_cmd + 1) + p_cmd->offset;
1612 
1613   /* Flags */
1614   flags =
1615       (I93_FLAG_ADDRESS_SET | RW_I93_FLAG_SUB_CARRIER | RW_I93_FLAG_DATA_RATE);
1616 
1617   if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_16BIT_NUM_BLOCK)
1618     flags |= I93_FLAG_PROT_EXT_YES;
1619 
1620   UINT8_TO_STREAM(p, flags);
1621 
1622   /* Command Code */
1623   if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_EXT_COMMANDS) {
1624     UINT8_TO_STREAM(p, I93_CMD_EXT_GET_MULTI_BLK_SEC);
1625   } else {
1626     UINT8_TO_STREAM(p, I93_CMD_GET_MULTI_BLK_SEC);
1627   }
1628 
1629   /* Parameters */
1630   ARRAY8_TO_STREAM(p, rw_cb.tcb.i93.uid); /* UID */
1631 
1632   if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_16BIT_NUM_BLOCK ||
1633       rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_EXT_COMMANDS) {
1634     UINT16_TO_STREAM(p, first_block_number); /* First block number */
1635     UINT16_TO_STREAM(
1636         p, number_blocks - 1); /* Number of blocks, 0x00 to read one block */
1637     p_cmd->len += 2;
1638   } else {
1639     UINT8_TO_STREAM(p, first_block_number); /* First block number */
1640     UINT8_TO_STREAM(
1641         p, number_blocks - 1); /* Number of blocks, 0x00 to read one block */
1642   }
1643 
1644   if (rw_i93_send_to_lower(p_cmd)) {
1645     if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_EXT_COMMANDS)
1646       rw_cb.tcb.i93.sent_cmd = I93_CMD_EXT_GET_MULTI_BLK_SEC;
1647     else
1648       rw_cb.tcb.i93.sent_cmd = I93_CMD_GET_MULTI_BLK_SEC;
1649     return NFC_STATUS_OK;
1650   } else {
1651     return NFC_STATUS_FAILED;
1652   }
1653 }
1654 
1655 /*******************************************************************************
1656 **
1657 ** Function         rw_i93_get_next_blocks
1658 **
1659 ** Description      Read as many blocks as possible (up to
1660 **                  RW_I93_READ_MULTI_BLOCK_SIZE)
1661 **
1662 ** Returns          tNFC_STATUS
1663 **
1664 *******************************************************************************/
rw_i93_get_next_blocks(uint16_t offset)1665 tNFC_STATUS rw_i93_get_next_blocks(uint16_t offset) {
1666   tRW_I93_CB* p_i93 = &rw_cb.tcb.i93;
1667   uint16_t first_block;
1668   uint16_t num_block;
1669 
1670   DLOG_IF(INFO, nfc_debug_enabled) << __func__;
1671 
1672   first_block = offset / p_i93->block_size;
1673 
1674   /* more blocks, more efficent but more error rate */
1675 
1676   if (p_i93->intl_flags & RW_I93_FLAG_READ_MULTI_BLOCK) {
1677     num_block = RW_I93_READ_MULTI_BLOCK_SIZE / p_i93->block_size;
1678 
1679     // first_block is an offset related to the beginning of the T5T_Area for T5T
1680     // tags but physical memory for ISO15693 tags
1681     if (p_i93->i93_t5t_mode == RW_I93_GET_SYS_INFO_MEM_INFO) {
1682       if (num_block + first_block > p_i93->num_block)
1683         num_block = p_i93->num_block - first_block;
1684     } else {
1685       if (num_block + first_block >
1686           p_i93->num_block + p_i93->t5t_area_start_block)
1687         num_block =
1688             p_i93->num_block - first_block + p_i93->t5t_area_start_block;
1689     }
1690 
1691     if (p_i93->uid[1] == I93_UID_IC_MFG_CODE_STM) {
1692       /* LRIS64K, M24LR64-R, M24LR04E-R, M24LR16E-R, M24LR16D-W, M24LR64E-R
1693       ** require
1694       ** - The max number of blocks is 32 and they are all located in the
1695       **   same sector.
1696       ** - The sector is 32 blocks of 4 bytes.
1697       */
1698       if ((p_i93->product_version == RW_I93_STM_LRIS64K) ||
1699           (p_i93->product_version == RW_I93_STM_M24LR64_R) ||
1700           (p_i93->product_version == RW_I93_STM_M24LR04E_R) ||
1701           (p_i93->product_version == RW_I93_STM_M24LR16E_R) ||
1702           (p_i93->product_version == RW_I93_STM_M24LR16D_W) ||
1703           (p_i93->product_version == RW_I93_STM_M24LR64E_R)) {
1704         if (num_block > I93_STM_MAX_BLOCKS_PER_READ)
1705           num_block = I93_STM_MAX_BLOCKS_PER_READ;
1706 
1707         if ((first_block / I93_STM_BLOCKS_PER_SECTOR) !=
1708             ((first_block + num_block - 1) / I93_STM_BLOCKS_PER_SECTOR)) {
1709           num_block = I93_STM_BLOCKS_PER_SECTOR -
1710                       (first_block % I93_STM_BLOCKS_PER_SECTOR);
1711         }
1712       }
1713     }
1714 
1715     if (p_i93->uid[1] == I93_UID_IC_MFG_CODE_ONS) {
1716       /* N24RF04, N24RF04E, N24RF16, N24RF16E, N24RF64, N24RF64E requires
1717       ** - The max number of blocks is 32 and they are all located in the
1718       **   same sector.
1719       ** - The sector is 32 blocks of 4 bytes.
1720       */
1721       if ((p_i93->product_version == RW_I93_ONS_N36RW02) ||
1722           (p_i93->product_version == RW_I93_ONS_N24RF04) ||
1723           (p_i93->product_version == RW_I93_ONS_N24RF04E)||
1724           (p_i93->product_version == RW_I93_ONS_N24RF16) ||
1725           (p_i93->product_version == RW_I93_ONS_N24RF16E)||
1726           (p_i93->product_version == RW_I93_ONS_N24RF64) ||
1727           (p_i93->product_version == RW_I93_ONS_N24RF64E)) {
1728         if (num_block > I93_ONS_MAX_BLOCKS_PER_READ)
1729           num_block = I93_ONS_MAX_BLOCKS_PER_READ;
1730 
1731         if ((first_block / I93_ONS_BLOCKS_PER_SECTOR) !=
1732             ((first_block + num_block - 1) / I93_ONS_BLOCKS_PER_SECTOR)) {
1733           num_block = I93_ONS_BLOCKS_PER_SECTOR -
1734                       (first_block % I93_ONS_BLOCKS_PER_SECTOR);
1735         }
1736       }
1737     }
1738 
1739     if (num_block == 0) {
1740       /* only one remaining block to read */
1741       return rw_i93_send_cmd_read_single_block(first_block, false);
1742     }
1743 
1744     return rw_i93_send_cmd_read_multi_blocks(first_block, num_block);
1745   } else {
1746     return rw_i93_send_cmd_read_single_block(first_block, false);
1747   }
1748 }
1749 
1750 /*******************************************************************************
1751 **
1752 ** Function         rw_i93_get_next_block_sec
1753 **
1754 ** Description      Get as many security of blocks as possible from
1755 **                  p_i93->rw_offset (up to RW_I93_GET_MULTI_BLOCK_SEC_SIZE)
1756 **
1757 ** Returns          tNFC_STATUS
1758 **
1759 *******************************************************************************/
rw_i93_get_next_block_sec(void)1760 tNFC_STATUS rw_i93_get_next_block_sec(void) {
1761   tRW_I93_CB* p_i93 = &rw_cb.tcb.i93;
1762   uint16_t num_blocks;
1763 
1764   DLOG_IF(INFO, nfc_debug_enabled) << __func__;
1765 
1766   if (p_i93->num_block <= p_i93->rw_offset) {
1767     LOG(ERROR) << StringPrintf(
1768         "rw_offset(0x%x) must be less than num_block(0x%x)", p_i93->rw_offset,
1769         p_i93->num_block);
1770     return NFC_STATUS_FAILED;
1771   }
1772 
1773   num_blocks = p_i93->num_block - p_i93->rw_offset;
1774 
1775   if (num_blocks > RW_I93_GET_MULTI_BLOCK_SEC_SIZE)
1776     num_blocks = RW_I93_GET_MULTI_BLOCK_SEC_SIZE;
1777 
1778   DLOG_IF(INFO, nfc_debug_enabled)
1779       << __func__ << std::hex << rw_cb.tcb.i93.intl_flags;
1780   return rw_i93_send_cmd_get_multi_block_sec(p_i93->rw_offset, num_blocks);
1781 }
1782 
1783 /*******************************************************************************
1784 **
1785 ** Function         rw_i93_sm_detect_ndef
1786 **
1787 ** Description      Process NDEF detection procedure
1788 **
1789 **                  1. Get UID if not having yet
1790 **                  2. Get System Info if not having yet
1791 **                  3. Read first block for CC
1792 **                  4. Search NDEF Type and length
1793 **                  5. Get block status to get max NDEF size and read-only
1794 **                     status
1795 **
1796 ** Returns          void
1797 **
1798 *******************************************************************************/
rw_i93_sm_detect_ndef(NFC_HDR * p_resp)1799 void rw_i93_sm_detect_ndef(NFC_HDR* p_resp) {
1800   uint8_t *p = (uint8_t*)(p_resp + 1) + p_resp->offset, *p_uid;
1801   uint8_t flags, u8 = 0, cc[4];
1802   uint16_t length = p_resp->len, xx, block, first_block, last_block, num_blocks;
1803   tRW_I93_CB* p_i93 = &rw_cb.tcb.i93;
1804   tRW_DATA rw_data;
1805   tNFC_STATUS status = NFC_STATUS_FAILED;
1806 
1807   DLOG_IF(INFO, nfc_debug_enabled) << StringPrintf(
1808       "%s - sub_state:%s (0x%x)", __func__,
1809       rw_i93_get_sub_state_name(p_i93->sub_state).c_str(), p_i93->sub_state);
1810 
1811   if (length == 0) {
1812     android_errorWriteLog(0x534e4554, "121260197");
1813     rw_i93_handle_error(NFC_STATUS_FAILED);
1814     return;
1815   }
1816   STREAM_TO_UINT8(flags, p);
1817   length--;
1818 
1819   if (flags & I93_FLAG_ERROR_DETECTED) {
1820     if ((length) && (rw_i93_check_sys_info_prot_ext(*p))) {
1821       /* getting system info with protocol extension flag */
1822       /* This STM & ONS tag supports more than 2040 bytes */
1823       p_i93->intl_flags |= RW_I93_FLAG_16BIT_NUM_BLOCK;
1824     } else {
1825       DLOG_IF(INFO, nfc_debug_enabled)
1826           << StringPrintf("%s - Got error flags (0x%02x)", __func__, flags);
1827       rw_i93_handle_error(NFC_STATUS_FAILED);
1828     }
1829     return;
1830   }
1831 
1832   switch (p_i93->sub_state) {
1833     case RW_I93_SUBSTATE_WAIT_UID:
1834 
1835       if (length < (I93_UID_BYTE_LEN + 1)) {
1836         android_errorWriteLog(0x534e4554, "121260197");
1837         rw_i93_handle_error(NFC_STATUS_FAILED);
1838         return;
1839       }
1840       STREAM_TO_UINT8(u8, p); /* DSFID */
1841       p_uid = p_i93->uid;
1842       STREAM_TO_ARRAY8(p_uid, p);
1843 
1844       if (u8 != I93_DFS_UNSUPPORTED) {
1845         /* if Data Storage Format is unknown */
1846         DLOG_IF(INFO, nfc_debug_enabled)
1847             << StringPrintf("%s - Got unknown DSFID (0x%02x)", __func__, u8);
1848         rw_i93_handle_error(NFC_STATUS_FAILED);
1849       } else {
1850         /* get system information to get memory size */
1851         if (rw_i93_send_cmd_get_sys_info(nullptr, I93_FLAG_PROT_EXT_NO) ==
1852             NFC_STATUS_OK) {
1853           p_i93->sub_state = RW_I93_SUBSTATE_WAIT_SYS_INFO;
1854         } else {
1855           rw_i93_handle_error(NFC_STATUS_FAILED);
1856         }
1857       }
1858       break;
1859 
1860     case RW_I93_SUBSTATE_WAIT_SYS_INFO:
1861 
1862       p_i93->block_size = 0;
1863       p_i93->num_block = 0;
1864 
1865       if (!rw_i93_process_sys_info(p, length)) {
1866         /* retrying with protocol extension flag */
1867         break;
1868       }
1869 
1870       if ((p_i93->block_size == 0) || (p_i93->num_block == 0)) {
1871         DLOG_IF(INFO, nfc_debug_enabled)
1872             << StringPrintf("%s - Unable to get tag memory size", __func__);
1873         rw_i93_handle_error(status);
1874       } else {
1875         /* read CC in the first block */
1876         if (rw_i93_send_cmd_read_single_block(0x0000, false) == NFC_STATUS_OK) {
1877           p_i93->sub_state = RW_I93_SUBSTATE_WAIT_CC;
1878         } else {
1879           rw_i93_handle_error(NFC_STATUS_FAILED);
1880         }
1881       }
1882       break;
1883 
1884     case RW_I93_SUBSTATE_WAIT_CC:
1885 
1886       if (length < RW_I93_CC_SIZE) {
1887         android_errorWriteLog(0x534e4554, "139188579");
1888         rw_i93_handle_error(NFC_STATUS_FAILED);
1889         return;
1890       }
1891 
1892       /* assume block size is more than RW_I93_CC_SIZE 4 */
1893       STREAM_TO_ARRAY(cc, p, RW_I93_CC_SIZE);
1894 
1895       status = NFC_STATUS_FAILED;
1896 
1897       /*
1898       ** Capability Container (CC)
1899       **
1900       ** CC[0] : magic number (0xE1)
1901       ** CC[1] : Bit 7-6:Major version number
1902       **       : Bit 5-4:Minor version number
1903       **       : Bit 3-2:Read access condition (00b: read access granted
1904       **         without any security)
1905       **       : Bit 1-0:Write access condition (00b: write access granted
1906       **         without any security)
1907       ** CC[2] : Memory size in 8 bytes (Ex. 0x04 is 32 bytes) [STM, ONS set
1908       **         to 0xFF if more than 2040bytes]
1909       ** CC[3] : Bit 0:Read multiple blocks is supported [NXP, STM, ONS]
1910       **       : Bit 1:Inventory page read is supported [NXP]
1911       **       : Bit 2:More than 2040 bytes are supported [STM, ONS]
1912       */
1913 
1914       DLOG_IF(INFO, nfc_debug_enabled)
1915           << StringPrintf("%s - cc[0-3]: 0x%02X 0x%02X 0x%02X 0x%02X", __func__,
1916                           cc[0], cc[1], cc[2], cc[3]);
1917 
1918       DLOG_IF(INFO, nfc_debug_enabled)
1919           << StringPrintf("%s - Total blocks:0x%04X, Block size:0x%02X",
1920                           __func__, p_i93->num_block, p_i93->block_size);
1921 
1922       if ((cc[0] == I93_ICODE_CC_MAGIC_NUMER_E1) ||
1923           (cc[0] == I93_ICODE_CC_MAGIC_NUMER_E2)) {
1924         if ((cc[1] & 0xC0) > I93_VERSION_1_x) {
1925           DLOG_IF(INFO, nfc_debug_enabled) << StringPrintf(
1926               "%s - Major mapping version above 1 %d.x", __func__, cc[1] >> 6);
1927           /* major mapping version above 1 not supported */
1928           rw_i93_handle_error(NFC_STATUS_FAILED);
1929           break;
1930         }
1931         if ((cc[1] & I93_ICODE_CC_READ_ACCESS_MASK) ==
1932             I93_ICODE_CC_READ_ACCESS_GRANTED) {
1933           if ((cc[1] & I93_ICODE_CC_WRITE_ACCESS_MASK) !=
1934               I93_ICODE_CC_WRITE_ACCESS_GRANTED) {
1935             /* read-only or password required to write */
1936             p_i93->intl_flags |= RW_I93_FLAG_READ_ONLY;
1937           }
1938           if (cc[3] & I93_ICODE_CC_MBREAD_MASK) {
1939             /* tag supports read multiple blocks command */
1940             p_i93->intl_flags |= RW_I93_FLAG_READ_MULTI_BLOCK;
1941           }
1942           if (cc[3] & I93_ICODE_CC_SPECIAL_FRAME_MASK) {
1943             /* tag supports Special Frame for Write-Alike commands */
1944             p_i93->intl_flags |= RW_I93_FLAG_SPECIAL_FRAME;
1945           }
1946           if (cc[0] == I93_ICODE_CC_MAGIC_NUMER_E2) {
1947             p_i93->intl_flags |= RW_I93_FLAG_EXT_COMMANDS;
1948           }
1949           status = NFC_STATUS_OK;
1950         }
1951       }
1952 
1953       if (status == NFC_STATUS_OK) {
1954         /* seach NDEF TLV from offset 4 when CC file coded on 4 bytes NFC Forum
1955          */
1956         if (cc[2] != 0)
1957           p_i93->rw_offset = 4;
1958         else
1959           p_i93->rw_offset = 8;
1960 
1961         if (rw_i93_get_next_blocks(p_i93->rw_offset) == NFC_STATUS_OK) {
1962           p_i93->sub_state = RW_I93_SUBSTATE_SEARCH_NDEF_TLV;
1963           p_i93->tlv_detect_state = RW_I93_TLV_DETECT_STATE_TYPE;
1964         } else {
1965           rw_i93_handle_error(NFC_STATUS_FAILED);
1966         }
1967       } else {
1968         rw_i93_handle_error(NFC_STATUS_FAILED);
1969       }
1970       break;
1971 
1972     case RW_I93_SUBSTATE_SEARCH_NDEF_TLV:
1973 
1974       /* search TLV within read blocks */
1975       for (xx = 0; xx < length; xx++) {
1976         /* if looking for type */
1977         if (p_i93->tlv_detect_state == RW_I93_TLV_DETECT_STATE_TYPE) {
1978           if (*(p + xx) == I93_ICODE_TLV_TYPE_NULL) {
1979             continue;
1980           } else if ((*(p + xx) == I93_ICODE_TLV_TYPE_NDEF) ||
1981                      (*(p + xx) == I93_ICODE_TLV_TYPE_PROP)) {
1982             /* store found type and get length field */
1983             p_i93->tlv_type = *(p + xx);
1984             p_i93->ndef_tlv_start_offset = p_i93->rw_offset + xx;
1985 
1986             p_i93->tlv_detect_state = RW_I93_TLV_DETECT_STATE_LENGTH_1;
1987           } else if (*(p + xx) == I93_ICODE_TLV_TYPE_TERM) {
1988             /* no NDEF TLV found */
1989             p_i93->tlv_type = I93_ICODE_TLV_TYPE_TERM;
1990             break;
1991           } else {
1992             DLOG_IF(INFO, nfc_debug_enabled) << StringPrintf(
1993                 "%s - Invalid type: 0x%02x", __func__, *(p + xx));
1994             rw_i93_handle_error(NFC_STATUS_FAILED);
1995             return;
1996           }
1997         } else if (p_i93->tlv_detect_state ==
1998                    RW_I93_TLV_DETECT_STATE_LENGTH_1) {
1999           /* if 3 bytes length field */
2000           if (*(p + xx) == 0xFF) {
2001             /* need 2 more bytes for length field */
2002             p_i93->tlv_detect_state = RW_I93_TLV_DETECT_STATE_LENGTH_2;
2003           } else {
2004             p_i93->tlv_length = *(p + xx);
2005             p_i93->tlv_detect_state = RW_I93_TLV_DETECT_STATE_VALUE;
2006 
2007             if (p_i93->tlv_type == I93_ICODE_TLV_TYPE_NDEF) {
2008               p_i93->ndef_tlv_last_offset =
2009                   p_i93->ndef_tlv_start_offset + 1 + p_i93->tlv_length;
2010               break;
2011             }
2012           }
2013         } else if (p_i93->tlv_detect_state ==
2014                    RW_I93_TLV_DETECT_STATE_LENGTH_2) {
2015           /* the second byte of 3 bytes length field */
2016           p_i93->tlv_length = *(p + xx);
2017           p_i93->tlv_detect_state = RW_I93_TLV_DETECT_STATE_LENGTH_3;
2018         } else if (p_i93->tlv_detect_state ==
2019                    RW_I93_TLV_DETECT_STATE_LENGTH_3) {
2020           /* the last byte of 3 bytes length field */
2021           p_i93->tlv_length = (p_i93->tlv_length << 8) + *(p + xx);
2022           p_i93->tlv_detect_state = RW_I93_TLV_DETECT_STATE_VALUE;
2023 
2024           if (p_i93->tlv_type == I93_ICODE_TLV_TYPE_NDEF) {
2025             p_i93->ndef_tlv_last_offset =
2026                 p_i93->ndef_tlv_start_offset + 3 + p_i93->tlv_length;
2027             break;
2028           }
2029         } else if (p_i93->tlv_detect_state == RW_I93_TLV_DETECT_STATE_VALUE) {
2030           /* this is other than NDEF TLV */
2031           if (p_i93->tlv_length <= length - xx) {
2032             /* skip value field */
2033             xx += (uint8_t)p_i93->tlv_length;
2034             p_i93->tlv_detect_state = RW_I93_TLV_DETECT_STATE_TYPE;
2035           } else {
2036             /* read more data */
2037             p_i93->tlv_length -= (length - xx);
2038             break;
2039           }
2040         }
2041       }
2042 
2043       /* found NDEF TLV and read length field */
2044       if ((p_i93->tlv_type == I93_ICODE_TLV_TYPE_NDEF) &&
2045           (p_i93->tlv_detect_state == RW_I93_TLV_DETECT_STATE_VALUE)) {
2046         p_i93->ndef_length = p_i93->tlv_length;
2047 
2048         /* get lock status to see if read-only */
2049         if ((p_i93->product_version == RW_I93_TAG_IT_HF_I_STD_CHIP_INLAY) ||
2050             (p_i93->product_version == RW_I93_TAG_IT_HF_I_PRO_CHIP_INLAY) ||
2051             ((p_i93->uid[1] == I93_UID_IC_MFG_CODE_NXP) &&
2052              (p_i93->ic_reference & I93_ICODE_IC_REF_MBREAD_MASK))) {
2053           /* these doesn't support GetMultiBlockSecurityStatus */
2054 
2055           p_i93->rw_offset = p_i93->ndef_tlv_start_offset;
2056           first_block = p_i93->ndef_tlv_start_offset / p_i93->block_size;
2057 
2058           /* read block to get lock status */
2059           rw_i93_send_cmd_read_single_block(first_block, true);
2060           p_i93->sub_state = RW_I93_SUBSTATE_CHECK_LOCK_STATUS;
2061         } else {
2062           /* block offset for read-only check */
2063           p_i93->rw_offset = 0;
2064 
2065           if (rw_i93_get_next_block_sec() == NFC_STATUS_OK) {
2066             p_i93->sub_state = RW_I93_SUBSTATE_CHECK_LOCK_STATUS;
2067           } else {
2068             rw_i93_handle_error(NFC_STATUS_FAILED);
2069           }
2070         }
2071       } else {
2072         /* read more data */
2073         p_i93->rw_offset += length;
2074 
2075         if (p_i93->rw_offset >= p_i93->block_size * p_i93->num_block) {
2076           rw_i93_handle_error(NFC_STATUS_FAILED);
2077         } else if (rw_i93_get_next_blocks(p_i93->rw_offset) == NFC_STATUS_OK) {
2078           p_i93->sub_state = RW_I93_SUBSTATE_SEARCH_NDEF_TLV;
2079         } else {
2080           rw_i93_handle_error(NFC_STATUS_FAILED);
2081         }
2082       }
2083       break;
2084 
2085     case RW_I93_SUBSTATE_CHECK_LOCK_STATUS:
2086 
2087       if ((p_i93->product_version == RW_I93_TAG_IT_HF_I_STD_CHIP_INLAY) ||
2088           (p_i93->product_version == RW_I93_TAG_IT_HF_I_PRO_CHIP_INLAY) ||
2089           ((p_i93->uid[1] == I93_UID_IC_MFG_CODE_NXP) &&
2090            (p_i93->ic_reference & I93_ICODE_IC_REF_MBREAD_MASK))) {
2091         /* these doesn't support GetMultiBlockSecurityStatus */
2092 
2093         block = (p_i93->rw_offset / p_i93->block_size);
2094         last_block = (p_i93->ndef_tlv_last_offset / p_i93->block_size);
2095 
2096         if (length == 0) {
2097           rw_i93_handle_error(NFC_STATUS_FAILED);
2098         }
2099         if ((*p) & I93_BLOCK_LOCKED) {
2100           if (block <= last_block) {
2101             p_i93->intl_flags |= RW_I93_FLAG_READ_ONLY;
2102           }
2103         } else {
2104           /* if we need to check more user blocks */
2105           if (block + 1 < p_i93->num_block) {
2106             p_i93->rw_offset += p_i93->block_size;
2107 
2108             /* read block to get lock status */
2109             rw_i93_send_cmd_read_single_block(
2110                 (uint16_t)(p_i93->rw_offset / p_i93->block_size), true);
2111             break;
2112           }
2113         }
2114 
2115         p_i93->max_ndef_length =
2116             p_i93->ndef_length
2117             /* add available bytes including the last block of NDEF TLV */
2118             + (p_i93->block_size * (block - last_block) + 1) -
2119             (p_i93->ndef_tlv_last_offset % p_i93->block_size) - 1;
2120       } else {
2121         if (p_i93->rw_offset == 0) {
2122           p_i93->max_ndef_length =
2123               p_i93->ndef_length
2124               /* add available bytes in the last block of NDEF TLV */
2125               + p_i93->block_size -
2126               (p_i93->ndef_tlv_last_offset % p_i93->block_size) - 1;
2127 
2128           first_block = (p_i93->ndef_tlv_start_offset / p_i93->block_size);
2129         } else {
2130           first_block = 0;
2131         }
2132 
2133         last_block = (p_i93->ndef_tlv_last_offset / p_i93->block_size);
2134         num_blocks = length;
2135 
2136         for (block = first_block; block < num_blocks; block++) {
2137           /* if any block of NDEF TLV is locked */
2138           if ((block + p_i93->rw_offset) <= last_block) {
2139             if (*(p + block) & I93_BLOCK_LOCKED) {
2140               p_i93->intl_flags |= RW_I93_FLAG_READ_ONLY;
2141               break;
2142             }
2143           } else {
2144             if (*(p + block) & I93_BLOCK_LOCKED) {
2145               /* no more consecutive unlocked block */
2146               break;
2147             } else {
2148               /* add block size if not locked */
2149               p_i93->max_ndef_length += p_i93->block_size;
2150             }
2151           }
2152         }
2153 
2154         /* update next security of block to check */
2155         p_i93->rw_offset += num_blocks;
2156 
2157         /* if need to check more */
2158         if (p_i93->num_block > p_i93->rw_offset) {
2159           if (rw_i93_get_next_block_sec() != NFC_STATUS_OK) {
2160             rw_i93_handle_error(NFC_STATUS_FAILED);
2161           }
2162           break;
2163         }
2164       }
2165 
2166       /* check if need to adjust max NDEF length */
2167       if ((p_i93->ndef_length < 0xFF) && (p_i93->max_ndef_length >= 0xFF)) {
2168         /* 3 bytes length field must be used */
2169         p_i93->max_ndef_length -= 2;
2170       }
2171 
2172       rw_data.ndef.status = NFC_STATUS_OK;
2173       rw_data.ndef.protocol = NFC_PROTOCOL_T5T;
2174       rw_data.ndef.flags = 0;
2175       rw_data.ndef.flags |= RW_NDEF_FL_SUPPORTED;
2176       rw_data.ndef.flags |= RW_NDEF_FL_FORMATED;
2177       rw_data.ndef.flags |= RW_NDEF_FL_FORMATABLE;
2178       rw_data.ndef.cur_size = p_i93->ndef_length;
2179 
2180       if (p_i93->intl_flags & RW_I93_FLAG_READ_ONLY) {
2181         rw_data.ndef.flags |= RW_NDEF_FL_READ_ONLY;
2182         rw_data.ndef.max_size = p_i93->ndef_length;
2183       } else {
2184         rw_data.ndef.flags |= RW_NDEF_FL_HARD_LOCKABLE;
2185         rw_data.ndef.max_size = p_i93->max_ndef_length;
2186       }
2187 
2188       p_i93->state = RW_I93_STATE_IDLE;
2189       p_i93->sent_cmd = 0;
2190 
2191       DLOG_IF(INFO, nfc_debug_enabled) << StringPrintf(
2192           "%s - NDEF cur_size(%d),max_size (%d), flags (0x%x)", __func__,
2193           rw_data.ndef.cur_size, rw_data.ndef.max_size, rw_data.ndef.flags);
2194 
2195       (*(rw_cb.p_cback))(RW_I93_NDEF_DETECT_EVT, &rw_data);
2196       break;
2197 
2198     default:
2199       break;
2200   }
2201 }
2202 
2203 /*******************************************************************************
2204 **
2205 ** Function         rw_i93_sm_read_ndef
2206 **
2207 ** Description      Process NDEF read procedure
2208 **
2209 ** Returns          void
2210 **
2211 *******************************************************************************/
rw_i93_sm_read_ndef(NFC_HDR * p_resp)2212 void rw_i93_sm_read_ndef(NFC_HDR* p_resp) {
2213   uint8_t* p = (uint8_t*)(p_resp + 1) + p_resp->offset;
2214   uint8_t flags;
2215   uint16_t offset, length = p_resp->len;
2216   tRW_I93_CB* p_i93 = &rw_cb.tcb.i93;
2217   tRW_DATA rw_data;
2218 
2219   DLOG_IF(INFO, nfc_debug_enabled) << __func__;
2220 
2221   if (length == 0) {
2222     android_errorWriteLog(0x534e4554, "122035770");
2223     rw_i93_handle_error(NFC_STATUS_FAILED);
2224     return;
2225   }
2226 
2227   STREAM_TO_UINT8(flags, p);
2228   length--;
2229 
2230   if (flags & I93_FLAG_ERROR_DETECTED) {
2231     DLOG_IF(INFO, nfc_debug_enabled)
2232         << StringPrintf("%s - Got error flags (0x%02x)", __func__, flags);
2233     rw_i93_handle_error(NFC_STATUS_FAILED);
2234     return;
2235   }
2236 
2237   /* if this is the first block */
2238   if (p_i93->rw_length == 0) {
2239     /* get start of NDEF in the first block */
2240     offset = p_i93->ndef_tlv_start_offset % p_i93->block_size;
2241 
2242     if (p_i93->ndef_length < 0xFF) {
2243       offset += 2;
2244     } else {
2245       offset += 4;
2246     }
2247 
2248     /* adjust offset if read more blocks because the first block doesn't have
2249      * NDEF */
2250     offset -= (p_i93->rw_offset - p_i93->ndef_tlv_start_offset);
2251   } else {
2252     offset = 0;
2253   }
2254 
2255   /* if read enough data to skip type and length field for the beginning */
2256   if (offset < length) {
2257     offset++; /* flags */
2258     p_resp->offset += offset;
2259     p_resp->len -= offset;
2260 
2261     rw_data.data.status = NFC_STATUS_OK;
2262     rw_data.data.p_data = p_resp;
2263 
2264     p_i93->rw_length += p_resp->len;
2265   } else {
2266     /* in case of no Ndef data included */
2267     p_resp->len = 0;
2268   }
2269 
2270   /* if read all of NDEF data */
2271   if (p_i93->rw_length >= p_i93->ndef_length) {
2272     /* remove extra btyes in the last block */
2273     p_resp->len -= (p_i93->rw_length - p_i93->ndef_length);
2274 
2275     p_i93->state = RW_I93_STATE_IDLE;
2276     p_i93->sent_cmd = 0;
2277 
2278     DLOG_IF(INFO, nfc_debug_enabled)
2279         << StringPrintf("%s - NDEF read complete read (%d)/total (%d)",
2280                         __func__, p_resp->len, p_i93->ndef_length);
2281 
2282     (*(rw_cb.p_cback))(RW_I93_NDEF_READ_CPLT_EVT, &rw_data);
2283   } else {
2284     DLOG_IF(INFO, nfc_debug_enabled)
2285         << StringPrintf("%s - NDEF read segment read (%d)/total (%d)", __func__,
2286                         p_resp->len, p_i93->ndef_length);
2287 
2288     if (p_resp->len > 0) {
2289       (*(rw_cb.p_cback))(RW_I93_NDEF_READ_EVT, &rw_data);
2290     }
2291 
2292     /* this will make read data from next block */
2293     p_i93->rw_offset += length;
2294 
2295     if (rw_i93_get_next_blocks(p_i93->rw_offset) != NFC_STATUS_OK) {
2296       rw_i93_handle_error(NFC_STATUS_FAILED);
2297     }
2298   }
2299 }
2300 
2301 /*******************************************************************************
2302 **
2303 ** Function         rw_i93_sm_update_ndef
2304 **
2305 ** Description      Process NDEF update procedure
2306 **
2307 **                  1. Set length field to zero
2308 **                  2. Write NDEF and Terminator TLV
2309 **                  3. Set length field to NDEF length
2310 **
2311 ** Returns          void
2312 **
2313 *******************************************************************************/
rw_i93_sm_update_ndef(NFC_HDR * p_resp)2314 void rw_i93_sm_update_ndef(NFC_HDR* p_resp) {
2315   uint8_t* p = (uint8_t*)(p_resp + 1) + p_resp->offset;
2316   uint8_t flags, xx, length_offset, buff[I93_MAX_BLOCK_LENGH];
2317   uint16_t length = p_resp->len, block_number;
2318   tRW_I93_CB* p_i93 = &rw_cb.tcb.i93;
2319   tRW_DATA rw_data;
2320 
2321   DLOG_IF(INFO, nfc_debug_enabled) << StringPrintf(
2322       "%s - sub_state:%s (0x%x)", __func__,
2323       rw_i93_get_sub_state_name(p_i93->sub_state).c_str(), p_i93->sub_state);
2324 
2325   if (length == 0 || p_i93->block_size > I93_MAX_BLOCK_LENGH) {
2326     android_errorWriteLog(0x534e4554, "122320256");
2327     rw_i93_handle_error(NFC_STATUS_FAILED);
2328     return;
2329   }
2330 
2331   STREAM_TO_UINT8(flags, p);
2332   length--;
2333 
2334   if (flags & I93_FLAG_ERROR_DETECTED) {
2335     if (((p_i93->product_version == RW_I93_TAG_IT_HF_I_PLUS_INLAY) ||
2336          (p_i93->product_version == RW_I93_TAG_IT_HF_I_PLUS_CHIP) ||
2337          (p_i93->product_version == RW_I93_TAG_IT_HF_I_STD_CHIP_INLAY) ||
2338          (p_i93->product_version == RW_I93_TAG_IT_HF_I_PRO_CHIP_INLAY)) &&
2339         (*p == I93_ERROR_CODE_BLOCK_FAIL_TO_WRITE)) {
2340       /* ignore error */
2341     } else {
2342       DLOG_IF(INFO, nfc_debug_enabled)
2343           << StringPrintf("%s - Got error flags (0x%02x)", __func__, flags);
2344       rw_i93_handle_error(NFC_STATUS_FAILED);
2345       return;
2346     }
2347   }
2348 
2349   switch (p_i93->sub_state) {
2350     case RW_I93_SUBSTATE_RESET_LEN:
2351 
2352       /* get offset of length field */
2353       length_offset = (p_i93->ndef_tlv_start_offset + 1) % p_i93->block_size;
2354 
2355       if (length < length_offset) {
2356         android_errorWriteLog(0x534e4554, "122320256");
2357         rw_i93_handle_error(NFC_STATUS_FAILED);
2358         return;
2359       }
2360 
2361       /* set length to zero */
2362       *(p + length_offset) = 0x00;
2363 
2364       if (p_i93->ndef_length > 0) {
2365         /* if 3 bytes length field is needed */
2366         if (p_i93->ndef_length >= 0xFF) {
2367           xx = length_offset + 3;
2368         } else {
2369           xx = length_offset + 1;
2370         }
2371 
2372         /* write the first part of NDEF in the same block */
2373         for (; xx < p_i93->block_size; xx++) {
2374           if (xx > length || p_i93->rw_length > p_i93->ndef_length) {
2375             android_errorWriteLog(0x534e4554, "122320256");
2376             rw_i93_handle_error(NFC_STATUS_FAILED);
2377             return;
2378           }
2379           if (p_i93->rw_length < p_i93->ndef_length) {
2380             *(p + xx) = *(p_i93->p_update_data + p_i93->rw_length++);
2381           } else {
2382             *(p + xx) = I93_ICODE_TLV_TYPE_NULL;
2383           }
2384         }
2385       }
2386 
2387       block_number = (p_i93->ndef_tlv_start_offset + 1) / p_i93->block_size;
2388 
2389       if (length < p_i93->block_size) {
2390         android_errorWriteLog(0x534e4554, "143109193");
2391         rw_i93_handle_error(NFC_STATUS_FAILED);
2392       } else if (rw_i93_send_cmd_write_single_block(block_number, p) ==
2393                  NFC_STATUS_OK) {
2394         /* update next writing offset */
2395         p_i93->rw_offset = (block_number + 1) * p_i93->block_size;
2396         p_i93->sub_state = RW_I93_SUBSTATE_WRITE_NDEF;
2397       } else {
2398         rw_i93_handle_error(NFC_STATUS_FAILED);
2399       }
2400       break;
2401 
2402     case RW_I93_SUBSTATE_WRITE_NDEF:
2403 
2404       /* if it's not the end of tag memory */
2405       if (p_i93->rw_offset < p_i93->block_size * p_i93->num_block) {
2406         block_number = p_i93->rw_offset / p_i93->block_size;
2407 
2408         /* if we have more data to write */
2409         if (p_i93->rw_length < p_i93->ndef_length) {
2410           p = p_i93->p_update_data + p_i93->rw_length;
2411 
2412           p_i93->rw_offset += p_i93->block_size;
2413           p_i93->rw_length += p_i93->block_size;
2414 
2415           /* if this is the last block of NDEF TLV */
2416           if (p_i93->rw_length > p_i93->ndef_length) {
2417             /* length of NDEF TLV in the block */
2418             xx = (uint8_t)(p_i93->block_size -
2419                            (p_i93->rw_length - p_i93->ndef_length));
2420 
2421             /* set NULL TLV in the unused part of block */
2422             memset(buff, I93_ICODE_TLV_TYPE_NULL, p_i93->block_size);
2423             memcpy(buff, p, xx);
2424             p = buff;
2425 
2426             /* if it's the end of tag memory */
2427             if ((p_i93->rw_offset >= p_i93->block_size * p_i93->num_block) &&
2428                 (xx < p_i93->block_size)) {
2429               buff[xx] = I93_ICODE_TLV_TYPE_TERM;
2430             }
2431 
2432             p_i93->ndef_tlv_last_offset =
2433                 p_i93->rw_offset - p_i93->block_size + xx - 1;
2434           }
2435 
2436           if (rw_i93_send_cmd_write_single_block(block_number, p) !=
2437               NFC_STATUS_OK) {
2438             rw_i93_handle_error(NFC_STATUS_FAILED);
2439           }
2440         } else {
2441           /* if this is the very next block of NDEF TLV */
2442           if (block_number ==
2443               (p_i93->ndef_tlv_last_offset / p_i93->block_size) + 1) {
2444             p_i93->rw_offset += p_i93->block_size;
2445 
2446             /* write Terminator TLV and NULL TLV */
2447             memset(buff, I93_ICODE_TLV_TYPE_NULL, p_i93->block_size);
2448             buff[0] = I93_ICODE_TLV_TYPE_TERM;
2449             p = buff;
2450 
2451             if (rw_i93_send_cmd_write_single_block(block_number, p) !=
2452                 NFC_STATUS_OK) {
2453               rw_i93_handle_error(NFC_STATUS_FAILED);
2454             }
2455           } else {
2456             /* finished writing NDEF and Terminator TLV */
2457             /* read length field to update length       */
2458             block_number =
2459                 (p_i93->ndef_tlv_start_offset + 1) / p_i93->block_size;
2460 
2461             if (rw_i93_send_cmd_read_single_block(block_number, false) ==
2462                 NFC_STATUS_OK) {
2463               /* set offset to length field */
2464               p_i93->rw_offset = p_i93->ndef_tlv_start_offset + 1;
2465 
2466               /* get size of length field */
2467               if (p_i93->ndef_length >= 0xFF) {
2468                 p_i93->rw_length = 3;
2469               } else if (p_i93->ndef_length > 0) {
2470                 p_i93->rw_length = 1;
2471               } else {
2472                 p_i93->rw_length = 0;
2473               }
2474 
2475               p_i93->sub_state = RW_I93_SUBSTATE_UPDATE_LEN;
2476             } else {
2477               rw_i93_handle_error(NFC_STATUS_FAILED);
2478             }
2479           }
2480         }
2481       } else {
2482         /* if we have no more data to write */
2483         if (p_i93->rw_length >= p_i93->ndef_length) {
2484           /* finished writing NDEF and Terminator TLV */
2485           /* read length field to update length       */
2486           block_number = (p_i93->ndef_tlv_start_offset + 1) / p_i93->block_size;
2487 
2488           if (rw_i93_send_cmd_read_single_block(block_number, false) ==
2489               NFC_STATUS_OK) {
2490             /* set offset to length field */
2491             p_i93->rw_offset = p_i93->ndef_tlv_start_offset + 1;
2492 
2493             /* get size of length field */
2494             if (p_i93->ndef_length >= 0xFF) {
2495               p_i93->rw_length = 3;
2496             } else if (p_i93->ndef_length > 0) {
2497               p_i93->rw_length = 1;
2498             } else {
2499               p_i93->rw_length = 0;
2500             }
2501 
2502             p_i93->sub_state = RW_I93_SUBSTATE_UPDATE_LEN;
2503             break;
2504           }
2505         }
2506         rw_i93_handle_error(NFC_STATUS_FAILED);
2507       }
2508       break;
2509 
2510     case RW_I93_SUBSTATE_UPDATE_LEN:
2511 
2512       /* if we have more length field to write */
2513       if (p_i93->rw_length > 0) {
2514         /* if we got ack for writing, read next block to update rest of length
2515          * field */
2516         if (length == 0) {
2517           block_number = p_i93->rw_offset / p_i93->block_size;
2518 
2519           if (rw_i93_send_cmd_read_single_block(block_number, false) !=
2520               NFC_STATUS_OK) {
2521             rw_i93_handle_error(NFC_STATUS_FAILED);
2522           }
2523         } else {
2524           length_offset = p_i93->rw_offset % p_i93->block_size;
2525 
2526           /* update length field within the read block */
2527           for (xx = length_offset; xx < p_i93->block_size; xx++) {
2528             if (xx > length) {
2529               android_errorWriteLog(0x534e4554, "122320256");
2530               rw_i93_handle_error(NFC_STATUS_FAILED);
2531               return;
2532             }
2533 
2534             if (p_i93->rw_length == 3)
2535               *(p + xx) = 0xFF;
2536             else if (p_i93->rw_length == 2)
2537               *(p + xx) = (uint8_t)((p_i93->ndef_length >> 8) & 0xFF);
2538             else if (p_i93->rw_length == 1)
2539               *(p + xx) = (uint8_t)(p_i93->ndef_length & 0xFF);
2540 
2541             p_i93->rw_length--;
2542             if (p_i93->rw_length == 0) break;
2543           }
2544 
2545           block_number = (p_i93->rw_offset / p_i93->block_size);
2546 
2547           if (length < p_i93->block_size) {
2548             android_errorWriteLog(0x534e4554, "143155861");
2549             rw_i93_handle_error(NFC_STATUS_FAILED);
2550           } else if (rw_i93_send_cmd_write_single_block(block_number, p) ==
2551                      NFC_STATUS_OK) {
2552             /* set offset to the beginning of next block */
2553             p_i93->rw_offset +=
2554                 p_i93->block_size - (p_i93->rw_offset % p_i93->block_size);
2555           } else {
2556             rw_i93_handle_error(NFC_STATUS_FAILED);
2557           }
2558         }
2559       } else {
2560         DLOG_IF(INFO, nfc_debug_enabled) << StringPrintf(
2561             "%s - NDEF update complete, %d bytes, (%d-%d)", __func__,
2562             p_i93->ndef_length, p_i93->ndef_tlv_start_offset,
2563             p_i93->ndef_tlv_last_offset);
2564 
2565         p_i93->state = RW_I93_STATE_IDLE;
2566         p_i93->sent_cmd = 0;
2567         p_i93->p_update_data = nullptr;
2568 
2569         rw_data.status = NFC_STATUS_OK;
2570         (*(rw_cb.p_cback))(RW_I93_NDEF_UPDATE_CPLT_EVT, &rw_data);
2571       }
2572       break;
2573 
2574     default:
2575       break;
2576   }
2577 }
2578 
2579 /*******************************************************************************
2580 **
2581 ** Function         rw_i93_sm_format
2582 **
2583 ** Description      Process format procedure
2584 **
2585 **                  1. Get UID
2586 **                  2. Get sys info for memory size (reset AFI/DSFID)
2587 **                  3. Get block status to get read-only status
2588 **                  4. Write CC and empty NDEF
2589 **
2590 ** Returns          void
2591 **
2592 *******************************************************************************/
rw_i93_sm_format(NFC_HDR * p_resp)2593 void rw_i93_sm_format(NFC_HDR* p_resp) {
2594   uint8_t *p = (uint8_t*)(p_resp + 1) + p_resp->offset, *p_uid;
2595   uint8_t flags;
2596   uint16_t length = p_resp->len, xx, block_number;
2597   tRW_I93_CB* p_i93 = &rw_cb.tcb.i93;
2598   tRW_DATA rw_data;
2599   tNFC_STATUS status = NFC_STATUS_FAILED;
2600 
2601   DLOG_IF(INFO, nfc_debug_enabled) << StringPrintf(
2602       "sub_state:%s (0x%x)",
2603       rw_i93_get_sub_state_name(p_i93->sub_state).c_str(), p_i93->sub_state);
2604 
2605   if (length == 0) {
2606     android_errorWriteLog(0x534e4554, "122323053");
2607     return;
2608   }
2609   STREAM_TO_UINT8(flags, p);
2610   length--;
2611 
2612   if (flags & I93_FLAG_ERROR_DETECTED) {
2613     if (((p_i93->product_version == RW_I93_TAG_IT_HF_I_PLUS_INLAY) ||
2614          (p_i93->product_version == RW_I93_TAG_IT_HF_I_PLUS_CHIP) ||
2615          (p_i93->product_version == RW_I93_TAG_IT_HF_I_STD_CHIP_INLAY) ||
2616          (p_i93->product_version == RW_I93_TAG_IT_HF_I_PRO_CHIP_INLAY)) &&
2617         (*p == I93_ERROR_CODE_BLOCK_FAIL_TO_WRITE)) {
2618       /* ignore error */
2619     } else if ((length) && (rw_i93_check_sys_info_prot_ext(*p))) {
2620       /* getting system info with protocol extension flag */
2621       /* This STM & ONS tag supports more than 2040 bytes */
2622       p_i93->intl_flags |= RW_I93_FLAG_16BIT_NUM_BLOCK;
2623       return;
2624     } else {
2625       DLOG_IF(INFO, nfc_debug_enabled)
2626           << StringPrintf("Got error flags (0x%02x)", flags);
2627       rw_i93_handle_error(NFC_STATUS_FAILED);
2628       return;
2629     }
2630   }
2631 
2632   switch (p_i93->sub_state) {
2633     case RW_I93_SUBSTATE_WAIT_UID:
2634 
2635       if (length < (I93_UID_BYTE_LEN + 1)) {
2636         android_errorWriteLog(0x534e4554, "122323053");
2637         return;
2638       }
2639       p++; /* skip DSFID */
2640       p_uid = p_i93->uid;
2641       STREAM_TO_ARRAY8(p_uid, p); /* store UID */
2642 
2643       /* get system information to get memory size */
2644       if (rw_i93_send_cmd_get_sys_info(nullptr, I93_FLAG_PROT_EXT_NO) ==
2645           NFC_STATUS_OK) {
2646         p_i93->sub_state = RW_I93_SUBSTATE_WAIT_SYS_INFO;
2647       } else {
2648         rw_i93_handle_error(NFC_STATUS_FAILED);
2649       }
2650       break;
2651 
2652     case RW_I93_SUBSTATE_WAIT_SYS_INFO:
2653 
2654       p_i93->block_size = 0;
2655       p_i93->num_block = 0;
2656 
2657       if (!rw_i93_process_sys_info(p, length)) {
2658         /* retrying with protocol extension flag */
2659         break;
2660       }
2661 
2662       if (p_i93->info_flags & I93_INFO_FLAG_DSFID) {
2663         /* DSFID, if any DSFID then reset */
2664         if (p_i93->dsfid != I93_DFS_UNSUPPORTED) {
2665           p_i93->intl_flags |= RW_I93_FLAG_RESET_DSFID;
2666         }
2667       }
2668       if (p_i93->info_flags & I93_INFO_FLAG_AFI) {
2669         /* AFI, reset to 0 */
2670         if (p_i93->afi != 0x00) {
2671           p_i93->intl_flags |= RW_I93_FLAG_RESET_AFI;
2672         }
2673       }
2674 
2675       if ((p_i93->block_size == 0) || (p_i93->num_block == 0)) {
2676         DLOG_IF(INFO, nfc_debug_enabled)
2677             << StringPrintf("Unable to get tag memory size");
2678         rw_i93_handle_error(status);
2679       } else if (p_i93->intl_flags & RW_I93_FLAG_RESET_DSFID) {
2680         if (rw_i93_send_cmd_write_dsfid(I93_DFS_UNSUPPORTED) == NFC_STATUS_OK) {
2681           p_i93->sub_state = RW_I93_SUBSTATE_WAIT_RESET_DSFID_AFI;
2682         } else {
2683           rw_i93_handle_error(NFC_STATUS_FAILED);
2684         }
2685       } else if (p_i93->intl_flags & RW_I93_FLAG_RESET_AFI) {
2686         if (rw_i93_send_cmd_write_afi(0x00) == NFC_STATUS_OK) {
2687           p_i93->sub_state = RW_I93_SUBSTATE_WAIT_RESET_DSFID_AFI;
2688         } else {
2689           rw_i93_handle_error(NFC_STATUS_FAILED);
2690         }
2691       } else {
2692         /* get lock status to see if read-only */
2693         if ((p_i93->uid[1] == I93_UID_IC_MFG_CODE_NXP) &&
2694             (p_i93->ic_reference & I93_ICODE_IC_REF_MBREAD_MASK)) {
2695           /* these doesn't support GetMultiBlockSecurityStatus */
2696 
2697           rw_cb.tcb.i93.rw_offset = 0;
2698 
2699           /* read blocks with option flag to get block security status */
2700           if (rw_i93_send_cmd_read_single_block(0x0000, true) ==
2701               NFC_STATUS_OK) {
2702             p_i93->sub_state = RW_I93_SUBSTATE_CHECK_READ_ONLY;
2703           } else {
2704             rw_i93_handle_error(NFC_STATUS_FAILED);
2705           }
2706         } else {
2707           /* block offset for read-only check */
2708           p_i93->rw_offset = 0;
2709 
2710           if (rw_i93_get_next_block_sec() == NFC_STATUS_OK) {
2711             p_i93->sub_state = RW_I93_SUBSTATE_CHECK_READ_ONLY;
2712           } else {
2713             rw_i93_handle_error(NFC_STATUS_FAILED);
2714           }
2715         }
2716       }
2717 
2718       break;
2719 
2720     case RW_I93_SUBSTATE_WAIT_RESET_DSFID_AFI:
2721 
2722       if (p_i93->sent_cmd == I93_CMD_WRITE_DSFID) {
2723         p_i93->intl_flags &= ~RW_I93_FLAG_RESET_DSFID;
2724       } else if (p_i93->sent_cmd == I93_CMD_WRITE_AFI) {
2725         p_i93->intl_flags &= ~RW_I93_FLAG_RESET_AFI;
2726       }
2727 
2728       if (p_i93->intl_flags & RW_I93_FLAG_RESET_DSFID) {
2729         if (rw_i93_send_cmd_write_dsfid(I93_DFS_UNSUPPORTED) == NFC_STATUS_OK) {
2730           p_i93->sub_state = RW_I93_SUBSTATE_WAIT_RESET_DSFID_AFI;
2731         } else {
2732           rw_i93_handle_error(NFC_STATUS_FAILED);
2733         }
2734       } else if (p_i93->intl_flags & RW_I93_FLAG_RESET_AFI) {
2735         if (rw_i93_send_cmd_write_afi(0x00) == NFC_STATUS_OK) {
2736           p_i93->sub_state = RW_I93_SUBSTATE_WAIT_RESET_DSFID_AFI;
2737         } else {
2738           rw_i93_handle_error(NFC_STATUS_FAILED);
2739         }
2740       } else {
2741         /* get lock status to see if read-only */
2742         if ((p_i93->uid[1] == I93_UID_IC_MFG_CODE_NXP) &&
2743             (p_i93->ic_reference & I93_ICODE_IC_REF_MBREAD_MASK)) {
2744           /* these doesn't support GetMultiBlockSecurityStatus */
2745 
2746           rw_cb.tcb.i93.rw_offset = 0;
2747 
2748           /* read blocks with option flag to get block security status */
2749           if (rw_i93_send_cmd_read_single_block(0x0000, true) ==
2750               NFC_STATUS_OK) {
2751             p_i93->sub_state = RW_I93_SUBSTATE_CHECK_READ_ONLY;
2752           } else {
2753             rw_i93_handle_error(NFC_STATUS_FAILED);
2754           }
2755         } else {
2756           /* block offset for read-only check */
2757           p_i93->rw_offset = 0;
2758 
2759           if (rw_i93_get_next_block_sec() == NFC_STATUS_OK) {
2760             p_i93->sub_state = RW_I93_SUBSTATE_CHECK_READ_ONLY;
2761           } else {
2762             rw_i93_handle_error(NFC_STATUS_FAILED);
2763           }
2764         }
2765       }
2766       break;
2767 
2768     case RW_I93_SUBSTATE_CHECK_READ_ONLY:
2769 
2770       if ((p_i93->product_version == RW_I93_TAG_IT_HF_I_STD_CHIP_INLAY) ||
2771           (p_i93->product_version == RW_I93_TAG_IT_HF_I_PRO_CHIP_INLAY) ||
2772           ((p_i93->uid[1] == I93_UID_IC_MFG_CODE_NXP) &&
2773            (p_i93->ic_reference & I93_ICODE_IC_REF_MBREAD_MASK))) {
2774         if (length == 0 || ((*p) & I93_BLOCK_LOCKED)) {
2775           rw_i93_handle_error(NFC_STATUS_FAILED);
2776           break;
2777         }
2778 
2779         /* if we checked all of user blocks */
2780         if ((p_i93->rw_offset / p_i93->block_size) + 1 == p_i93->num_block) {
2781           if ((p_i93->product_version == RW_I93_TAG_IT_HF_I_STD_CHIP_INLAY) ||
2782               (p_i93->product_version == RW_I93_TAG_IT_HF_I_PRO_CHIP_INLAY)) {
2783             /* read the block which has AFI */
2784             p_i93->rw_offset = I93_TAG_IT_HF_I_STD_PRO_CHIP_INLAY_AFI_LOCATION;
2785             rw_i93_send_cmd_read_single_block(
2786                 (uint16_t)(p_i93->rw_offset / p_i93->block_size), true);
2787             break;
2788           }
2789         } else if (p_i93->rw_offset ==
2790                    I93_TAG_IT_HF_I_STD_PRO_CHIP_INLAY_AFI_LOCATION) {
2791           /* no block is locked */
2792         } else {
2793           p_i93->rw_offset += p_i93->block_size;
2794           rw_i93_send_cmd_read_single_block(
2795               (uint16_t)(p_i93->rw_offset / p_i93->block_size), true);
2796           break;
2797         }
2798       } else {
2799         /* if any block is locked, we cannot format it */
2800         for (xx = 0; xx < length; xx++) {
2801           if (*(p + xx) & I93_BLOCK_LOCKED) {
2802             rw_i93_handle_error(NFC_STATUS_FAILED);
2803             break;
2804           }
2805         }
2806 
2807         /* update block offset for read-only check */
2808         p_i93->rw_offset += length;
2809 
2810         /* if need to get more lock status of blocks */
2811         if (p_i93->num_block > p_i93->rw_offset) {
2812           if (rw_i93_get_next_block_sec() != NFC_STATUS_OK) {
2813             rw_i93_handle_error(NFC_STATUS_FAILED);
2814           }
2815           break;
2816         }
2817       }
2818 
2819       /* get buffer to store CC, zero length NDEF TLV and Terminator TLV */
2820       /* Block size could be either 4 or 8 or 16 or 32 bytes */
2821       /* Get buffer for the largest block size I93_MAX_BLOCK_LENGH */
2822       p_i93->p_update_data = (uint8_t*)GKI_getbuf(I93_MAX_BLOCK_LENGH);
2823 
2824       if (!p_i93->p_update_data) {
2825         LOG(ERROR) << StringPrintf("Cannot allocate buffer");
2826         rw_i93_handle_error(NFC_STATUS_FAILED);
2827         break;
2828       } else {
2829         switch (p_i93->block_size) {
2830           case 4:
2831           case 8:
2832             break;
2833           case 16:
2834           case 32: /* initialize unpopulated buffer b/139738828 */
2835             memset(p_i93->p_update_data, I93_ICODE_TLV_TYPE_NULL,
2836                    I93_MAX_BLOCK_LENGH);
2837             break;
2838           default:
2839             android_errorWriteLog(0x534e4554, "157650336");
2840             rw_i93_handle_error(NFC_STATUS_FAILED);
2841             return;
2842         }
2843       }
2844 
2845       p = p_i93->p_update_data;
2846 
2847       /* Capability Container */
2848       *(p++) = I93_ICODE_CC_MAGIC_NUMER_E1; /* magic number */
2849       *(p++) = 0x40;                     /* version 1.0, read/write */
2850 
2851       /* if memory size is less than 2048 bytes */
2852       if (((p_i93->num_block * p_i93->block_size) / 8) < 0x100)
2853         *(p++) = (uint8_t)((p_i93->num_block * p_i93->block_size) /
2854                            8); /* memory size */
2855       else
2856         *(p++) = 0xFF;
2857 
2858       if ((p_i93->product_version == RW_I93_ICODE_SLI) ||
2859           (p_i93->product_version == RW_I93_ICODE_SLI_S) ||
2860           (p_i93->product_version == RW_I93_ICODE_SLI_L)) {
2861         if (p_i93->ic_reference & I93_ICODE_IC_REF_MBREAD_MASK)
2862           *(p++) = I93_ICODE_CC_IPREAD_MASK; /* IPREAD */
2863         else
2864           *(p++) = I93_ICODE_CC_MBREAD_MASK; /* MBREAD, read multi block command
2865                                                 supported */
2866       } else if ((p_i93->product_version == RW_I93_TAG_IT_HF_I_PLUS_INLAY) ||
2867                  (p_i93->product_version == RW_I93_TAG_IT_HF_I_PLUS_CHIP)) {
2868         *(p++) = I93_ICODE_CC_MBREAD_MASK; /* MBREAD, read multi block command
2869                                               supported */
2870       } else if ((p_i93->product_version ==
2871                   RW_I93_TAG_IT_HF_I_STD_CHIP_INLAY) ||
2872                  (p_i93->product_version ==
2873                   RW_I93_TAG_IT_HF_I_PRO_CHIP_INLAY)) {
2874         *(p++) = 0;
2875       } else {
2876         /* STM except LRIS2K, ONS, Broadcom supports read multi block command */
2877 
2878         /* if memory size is more than 2040 bytes (which is not LRIS2K) */
2879         if (((p_i93->num_block * p_i93->block_size) / 8) > 0xFF)
2880           *(p++) = (I93_ICODE_CC_MBREAD_MASK | I93_STM_CC_OVERFLOW_MASK);
2881         else if (p_i93->product_version == RW_I93_STM_LRIS2K)
2882           *(p++) = 0x00;
2883         else
2884           *(p++) = I93_ICODE_CC_MBREAD_MASK;
2885       }
2886 
2887       /* zero length NDEF and Terminator TLV */
2888       *(p++) = I93_ICODE_TLV_TYPE_NDEF;
2889       *(p++) = 0x00;
2890       *(p++) = I93_ICODE_TLV_TYPE_TERM;
2891       *(p++) = I93_ICODE_TLV_TYPE_NULL;
2892 
2893       /* start from block 0 */
2894       p_i93->rw_offset = 0;
2895 
2896       if (rw_i93_send_cmd_write_single_block(0, p_i93->p_update_data) ==
2897           NFC_STATUS_OK) {
2898         p_i93->sub_state = RW_I93_SUBSTATE_WRITE_CC_NDEF_TLV;
2899         p_i93->rw_offset += p_i93->block_size;
2900       } else {
2901         rw_i93_handle_error(NFC_STATUS_FAILED);
2902       }
2903       break;
2904 
2905     case RW_I93_SUBSTATE_WRITE_CC_NDEF_TLV:
2906 
2907       /* if we have more data to write */
2908       if (p_i93->rw_offset < RW_I93_FORMAT_DATA_LEN) {
2909         block_number = (p_i93->rw_offset / p_i93->block_size);
2910         p = p_i93->p_update_data + p_i93->rw_offset;
2911 
2912         if (rw_i93_send_cmd_write_single_block(block_number, p) ==
2913             NFC_STATUS_OK) {
2914           p_i93->sub_state = RW_I93_SUBSTATE_WRITE_CC_NDEF_TLV;
2915           p_i93->rw_offset += p_i93->block_size;
2916         } else {
2917           rw_i93_handle_error(NFC_STATUS_FAILED);
2918         }
2919       } else {
2920         GKI_freebuf(p_i93->p_update_data);
2921         p_i93->p_update_data = nullptr;
2922 
2923         p_i93->state = RW_I93_STATE_IDLE;
2924         p_i93->sent_cmd = 0;
2925 
2926         rw_data.status = NFC_STATUS_OK;
2927         (*(rw_cb.p_cback))(RW_I93_FORMAT_CPLT_EVT, &rw_data);
2928       }
2929       break;
2930 
2931     default:
2932       break;
2933   }
2934 }
2935 
2936 /*******************************************************************************
2937 **
2938 ** Function         rw_i93_sm_set_read_only
2939 **
2940 ** Description      Process read-only procedure
2941 **
2942 **                  1. Update CC as read-only
2943 **                  2. Lock all block of NDEF TLV
2944 **                  3. Lock block of CC
2945 **
2946 ** Returns          void
2947 **
2948 *******************************************************************************/
rw_i93_sm_set_read_only(NFC_HDR * p_resp)2949 void rw_i93_sm_set_read_only(NFC_HDR* p_resp) {
2950   uint8_t* p = (uint8_t*)(p_resp + 1) + p_resp->offset;
2951   uint8_t flags, block_number;
2952   uint16_t length = p_resp->len;
2953   tRW_I93_CB* p_i93 = &rw_cb.tcb.i93;
2954   tRW_DATA rw_data;
2955 
2956   DLOG_IF(INFO, nfc_debug_enabled) << StringPrintf(
2957       "sub_state:%s (0x%x)",
2958       rw_i93_get_sub_state_name(p_i93->sub_state).c_str(), p_i93->sub_state);
2959 
2960   if (length == 0) {
2961     android_errorWriteLog(0x534e4554, "122322613");
2962     rw_i93_handle_error(NFC_STATUS_FAILED);
2963     return;
2964   }
2965 
2966   STREAM_TO_UINT8(flags, p);
2967   length--;
2968 
2969   if (flags & I93_FLAG_ERROR_DETECTED) {
2970     if (((p_i93->product_version == RW_I93_TAG_IT_HF_I_PLUS_INLAY) ||
2971          (p_i93->product_version == RW_I93_TAG_IT_HF_I_PLUS_CHIP) ||
2972          (p_i93->product_version == RW_I93_TAG_IT_HF_I_STD_CHIP_INLAY) ||
2973          (p_i93->product_version == RW_I93_TAG_IT_HF_I_PRO_CHIP_INLAY)) &&
2974         (*p == I93_ERROR_CODE_BLOCK_FAIL_TO_WRITE)) {
2975       /* ignore error */
2976     } else {
2977       DLOG_IF(INFO, nfc_debug_enabled)
2978           << StringPrintf("Got error flags (0x%02x)", flags);
2979       rw_i93_handle_error(NFC_STATUS_FAILED);
2980       return;
2981     }
2982   }
2983 
2984   switch (p_i93->sub_state) {
2985     case RW_I93_SUBSTATE_WAIT_CC:
2986 
2987       if (length < RW_I93_CC_SIZE) {
2988         android_errorWriteLog(0x534e4554, "139188579");
2989         rw_i93_handle_error(NFC_STATUS_FAILED);
2990         return;
2991       }
2992 
2993       /* mark CC as read-only */
2994       *(p + 1) |= I93_ICODE_CC_READ_ONLY;
2995 
2996       if (length < p_i93->block_size) {
2997         android_errorWriteLog(0x534e4554, "143106535");
2998         rw_i93_handle_error(NFC_STATUS_FAILED);
2999       } else if (rw_i93_send_cmd_write_single_block(0, p) == NFC_STATUS_OK) {
3000         p_i93->sub_state = RW_I93_SUBSTATE_WAIT_UPDATE_CC;
3001       } else {
3002         rw_i93_handle_error(NFC_STATUS_FAILED);
3003       }
3004       break;
3005 
3006     case RW_I93_SUBSTATE_WAIT_UPDATE_CC:
3007 
3008       /* successfully write CC then lock all blocks of NDEF TLV */
3009       p_i93->rw_offset = p_i93->ndef_tlv_start_offset;
3010       block_number = (uint8_t)(p_i93->rw_offset / p_i93->block_size);
3011 
3012       if (rw_i93_send_cmd_lock_block(block_number) == NFC_STATUS_OK) {
3013         p_i93->rw_offset += p_i93->block_size;
3014         p_i93->sub_state = RW_I93_SUBSTATE_LOCK_NDEF_TLV;
3015       } else {
3016         rw_i93_handle_error(NFC_STATUS_FAILED);
3017       }
3018       break;
3019 
3020     case RW_I93_SUBSTATE_LOCK_NDEF_TLV:
3021 
3022       /* if we need to lock more blocks */
3023       if (p_i93->rw_offset < p_i93->ndef_tlv_last_offset) {
3024         /* get the next block of NDEF TLV */
3025         block_number = (uint8_t)(p_i93->rw_offset / p_i93->block_size);
3026 
3027         if (rw_i93_send_cmd_lock_block(block_number) == NFC_STATUS_OK) {
3028           p_i93->rw_offset += p_i93->block_size;
3029         } else {
3030           rw_i93_handle_error(NFC_STATUS_FAILED);
3031         }
3032       }
3033       /* if the first block of NDEF TLV is different from block of CC */
3034       else if (p_i93->ndef_tlv_start_offset / p_i93->block_size != 0) {
3035         /* lock block of CC */
3036         if (rw_i93_send_cmd_lock_block(0) == NFC_STATUS_OK) {
3037           p_i93->sub_state = RW_I93_SUBSTATE_WAIT_LOCK_CC;
3038         } else {
3039           rw_i93_handle_error(NFC_STATUS_FAILED);
3040         }
3041       } else {
3042         p_i93->intl_flags |= RW_I93_FLAG_READ_ONLY;
3043         p_i93->state = RW_I93_STATE_IDLE;
3044         p_i93->sent_cmd = 0;
3045 
3046         rw_data.status = NFC_STATUS_OK;
3047         (*(rw_cb.p_cback))(RW_I93_SET_TAG_RO_EVT, &rw_data);
3048       }
3049       break;
3050 
3051     case RW_I93_SUBSTATE_WAIT_LOCK_CC:
3052 
3053       p_i93->intl_flags |= RW_I93_FLAG_READ_ONLY;
3054       p_i93->state = RW_I93_STATE_IDLE;
3055       p_i93->sent_cmd = 0;
3056 
3057       rw_data.status = NFC_STATUS_OK;
3058       (*(rw_cb.p_cback))(RW_I93_SET_TAG_RO_EVT, &rw_data);
3059       break;
3060 
3061     default:
3062       break;
3063   }
3064 }
3065 
3066 /*******************************************************************************
3067 **
3068 ** Function         rw_i93_handle_error
3069 **
3070 ** Description      notify error to application and clean up
3071 **
3072 ** Returns          none
3073 **
3074 *******************************************************************************/
rw_i93_handle_error(tNFC_STATUS status)3075 void rw_i93_handle_error(tNFC_STATUS status) {
3076   tRW_I93_CB* p_i93 = &rw_cb.tcb.i93;
3077   tRW_DATA rw_data;
3078   tRW_EVENT event;
3079 
3080   DLOG_IF(INFO, nfc_debug_enabled) << StringPrintf(
3081       "%s - status:0x%02X, state:0x%X", __func__, status, p_i93->state);
3082 
3083   nfc_stop_quick_timer(&p_i93->timer);
3084 
3085   if (rw_cb.p_cback) {
3086     rw_data.status = status;
3087 
3088     switch (p_i93->state) {
3089       case RW_I93_STATE_IDLE: /* in case of RawFrame */
3090         event = RW_I93_INTF_ERROR_EVT;
3091         break;
3092 
3093       case RW_I93_STATE_BUSY:
3094         if (p_i93->sent_cmd == I93_CMD_STAY_QUIET) {
3095           /* There is no response to Stay Quiet command */
3096           rw_data.i93_cmd_cmpl.status = NFC_STATUS_OK;
3097           rw_data.i93_cmd_cmpl.command = I93_CMD_STAY_QUIET;
3098           rw_data.i93_cmd_cmpl.error_code = 0;
3099           event = RW_I93_CMD_CMPL_EVT;
3100         } else {
3101           event = RW_I93_INTF_ERROR_EVT;
3102         }
3103         break;
3104 
3105       case RW_I93_STATE_DETECT_NDEF:
3106         rw_data.ndef.protocol = NFC_PROTOCOL_T5T;
3107         rw_data.ndef.cur_size = 0;
3108         rw_data.ndef.max_size = 0;
3109         rw_data.ndef.flags = 0;
3110         rw_data.ndef.flags |= RW_NDEF_FL_FORMATABLE;
3111         rw_data.ndef.flags |= RW_NDEF_FL_UNKNOWN;
3112         event = RW_I93_NDEF_DETECT_EVT;
3113         break;
3114 
3115       case RW_I93_STATE_READ_NDEF:
3116         event = RW_I93_NDEF_READ_FAIL_EVT;
3117         break;
3118 
3119       case RW_I93_STATE_UPDATE_NDEF:
3120         p_i93->p_update_data = nullptr;
3121         event = RW_I93_NDEF_UPDATE_FAIL_EVT;
3122         break;
3123 
3124       case RW_I93_STATE_FORMAT:
3125         if (p_i93->p_update_data) {
3126           GKI_freebuf(p_i93->p_update_data);
3127           p_i93->p_update_data = nullptr;
3128         }
3129         event = RW_I93_FORMAT_CPLT_EVT;
3130         break;
3131 
3132       case RW_I93_STATE_SET_READ_ONLY:
3133         event = RW_I93_SET_TAG_RO_EVT;
3134         break;
3135 
3136       case RW_I93_STATE_PRESENCE_CHECK:
3137         event = RW_I93_PRESENCE_CHECK_EVT;
3138         break;
3139 
3140       default:
3141         event = RW_I93_MAX_EVT;
3142         break;
3143     }
3144 
3145     p_i93->state = RW_I93_STATE_IDLE;
3146     p_i93->sent_cmd = 0;
3147 
3148     if (event != RW_I93_MAX_EVT) {
3149       (*(rw_cb.p_cback))(event, &rw_data);
3150     }
3151   } else {
3152     p_i93->state = RW_I93_STATE_IDLE;
3153   }
3154 }
3155 
3156 /*******************************************************************************
3157 **
3158 ** Function         rw_i93_process_timeout
3159 **
3160 ** Description      process timeout event
3161 **
3162 ** Returns          none
3163 **
3164 *******************************************************************************/
rw_i93_process_timeout(TIMER_LIST_ENT * p_tle)3165 void rw_i93_process_timeout(TIMER_LIST_ENT* p_tle) {
3166   NFC_HDR* p_buf;
3167 
3168   DLOG_IF(INFO, nfc_debug_enabled)
3169       << StringPrintf("%s - event=%d", __func__, p_tle->event);
3170 
3171   if (p_tle->event == NFC_TTYPE_RW_I93_RESPONSE) {
3172     if ((rw_cb.tcb.i93.retry_count < RW_MAX_RETRIES) &&
3173         (rw_cb.tcb.i93.p_retry_cmd) &&
3174         (rw_cb.tcb.i93.sent_cmd != I93_CMD_STAY_QUIET)) {
3175       rw_cb.tcb.i93.retry_count++;
3176       LOG(ERROR) << StringPrintf("%s - retry_count = %d", __func__,
3177                                  rw_cb.tcb.i93.retry_count);
3178 
3179       p_buf = rw_cb.tcb.i93.p_retry_cmd;
3180       rw_cb.tcb.i93.p_retry_cmd = nullptr;
3181 
3182       if (rw_i93_send_to_lower(p_buf)) {
3183         return;
3184       }
3185     }
3186 
3187     /* all retrial is done or failed to send command to lower layer */
3188     if (rw_cb.tcb.i93.p_retry_cmd) {
3189       GKI_freebuf(rw_cb.tcb.i93.p_retry_cmd);
3190       rw_cb.tcb.i93.p_retry_cmd = nullptr;
3191       rw_cb.tcb.i93.retry_count = 0;
3192     }
3193     rw_i93_handle_error(NFC_STATUS_TIMEOUT);
3194   } else {
3195     LOG(ERROR) << StringPrintf("%s - unknown event=%d", __func__, p_tle->event);
3196   }
3197 }
3198 
3199 /*******************************************************************************
3200 **
3201 ** Function         rw_i93_data_cback
3202 **
3203 ** Description      This callback function receives the data from NFCC.
3204 **
3205 ** Returns          none
3206 **
3207 *******************************************************************************/
rw_i93_data_cback(uint8_t conn_id,tNFC_CONN_EVT event,tNFC_CONN * p_data)3208 static void rw_i93_data_cback(__attribute__((unused)) uint8_t conn_id,
3209                               tNFC_CONN_EVT event, tNFC_CONN* p_data) {
3210   tRW_I93_CB* p_i93 = &rw_cb.tcb.i93;
3211   NFC_HDR* p_resp;
3212   tRW_DATA rw_data;
3213 
3214   uint8_t begin_state = p_i93->state;
3215 
3216   DLOG_IF(INFO, nfc_debug_enabled)
3217       << StringPrintf("%s - event = 0x%X", __func__, event);
3218 
3219   if ((event == NFC_DEACTIVATE_CEVT) || (event == NFC_ERROR_CEVT) ||
3220       ((event == NFC_DATA_CEVT) && (p_data->status != NFC_STATUS_OK))) {
3221     nfc_stop_quick_timer(&p_i93->timer);
3222 
3223     if (event == NFC_ERROR_CEVT || (p_data->status != NFC_STATUS_OK)) {
3224       if ((p_i93->retry_count < RW_MAX_RETRIES) && (p_i93->p_retry_cmd)) {
3225         p_i93->retry_count++;
3226 
3227         LOG(ERROR) << StringPrintf("%s - retry_count = %d", __func__,
3228                                    p_i93->retry_count);
3229 
3230         p_resp = p_i93->p_retry_cmd;
3231         p_i93->p_retry_cmd = nullptr;
3232         if (rw_i93_send_to_lower(p_resp)) {
3233           if (event == NFC_DATA_CEVT) {
3234             p_resp = (NFC_HDR*)p_data->data.p_data;
3235             GKI_freebuf(p_resp);
3236           }
3237           return;
3238         }
3239       }
3240 
3241       /* all retrial is done or failed to send command to lower layer */
3242       if (p_i93->p_retry_cmd) {
3243         GKI_freebuf(p_i93->p_retry_cmd);
3244         p_i93->p_retry_cmd = nullptr;
3245         p_i93->retry_count = 0;
3246       }
3247 
3248       rw_i93_handle_error((tNFC_STATUS)(*(uint8_t*)p_data));
3249     } else {
3250       /* free retry buffer */
3251       if (p_i93->p_retry_cmd) {
3252         GKI_freebuf(p_i93->p_retry_cmd);
3253         p_i93->p_retry_cmd = nullptr;
3254         p_i93->retry_count = 0;
3255       }
3256       NFC_SetStaticRfCback(nullptr);
3257       p_i93->state = RW_I93_STATE_NOT_ACTIVATED;
3258     }
3259     if ((event == NFC_DATA_CEVT) && (p_data->status != NFC_STATUS_OK)) {
3260       p_resp = (NFC_HDR*)p_data->data.p_data;
3261       GKI_freebuf(p_resp);
3262     }
3263     return;
3264   }
3265 
3266   if (event != NFC_DATA_CEVT) {
3267     return;
3268   }
3269 
3270   p_resp = (NFC_HDR*)p_data->data.p_data;
3271 
3272   nfc_stop_quick_timer(&p_i93->timer);
3273 
3274   /* free retry buffer */
3275   if (p_i93->p_retry_cmd) {
3276     GKI_freebuf(p_i93->p_retry_cmd);
3277     p_i93->p_retry_cmd = nullptr;
3278     p_i93->retry_count = 0;
3279   }
3280 
3281   DLOG_IF(INFO, nfc_debug_enabled) << StringPrintf(
3282       "%s - RW I93 state: <%s (%d)>", __func__,
3283       rw_i93_get_state_name(p_i93->state).c_str(), p_i93->state);
3284 
3285   switch (p_i93->state) {
3286     case RW_I93_STATE_IDLE:
3287       /* Unexpected Response from VICC, it should be raw frame response */
3288       /* forward to upper layer without parsing */
3289       p_i93->sent_cmd = 0;
3290       if (rw_cb.p_cback) {
3291         rw_data.raw_frame.status = p_data->data.status;
3292         rw_data.raw_frame.p_data = p_resp;
3293         (*(rw_cb.p_cback))(RW_I93_RAW_FRAME_EVT, &rw_data);
3294         p_resp = nullptr;
3295       } else {
3296         GKI_freebuf(p_resp);
3297       }
3298       break;
3299     case RW_I93_STATE_BUSY:
3300       p_i93->state = RW_I93_STATE_IDLE;
3301       rw_i93_send_to_upper(p_resp);
3302       GKI_freebuf(p_resp);
3303       break;
3304 
3305     case RW_I93_STATE_DETECT_NDEF:
3306       if (p_i93->i93_t5t_mode == RW_I93_GET_SYS_INFO_MEM_INFO) {
3307         DLOG_IF(INFO, nfc_debug_enabled)
3308             << StringPrintf("%s - rw_i93_sm_detect_ndef()", __func__);
3309         rw_i93_sm_detect_ndef(p_resp);
3310       } else {
3311         DLOG_IF(INFO, nfc_debug_enabled)
3312             << StringPrintf("%s - rw_t5t_sm_detect_ndef()", __func__);
3313         rw_t5t_sm_detect_ndef(p_resp);
3314       }
3315       GKI_freebuf(p_resp);
3316       break;
3317 
3318     case RW_I93_STATE_READ_NDEF:
3319       rw_i93_sm_read_ndef(p_resp);
3320       /* p_resp may send upper lyaer */
3321       break;
3322 
3323     case RW_I93_STATE_UPDATE_NDEF:
3324       if (p_i93->i93_t5t_mode == RW_I93_GET_SYS_INFO_MEM_INFO) {
3325         DLOG_IF(INFO, nfc_debug_enabled)
3326             << StringPrintf("%s - rw_i93_sm_update_ndef()", __func__);
3327         rw_i93_sm_update_ndef(p_resp);
3328       } else {
3329         DLOG_IF(INFO, nfc_debug_enabled)
3330             << StringPrintf("%s - rw_t5t_sm_update_ndef()", __func__);
3331         rw_t5t_sm_update_ndef(p_resp);
3332       }
3333       GKI_freebuf(p_resp);
3334       break;
3335 
3336     case RW_I93_STATE_FORMAT:
3337       rw_i93_sm_format(p_resp);
3338       GKI_freebuf(p_resp);
3339       break;
3340 
3341     case RW_I93_STATE_SET_READ_ONLY:
3342       if (p_i93->i93_t5t_mode == RW_I93_GET_SYS_INFO_MEM_INFO) {
3343         DLOG_IF(INFO, nfc_debug_enabled)
3344             << StringPrintf("%s - rw_i93_sm_set_read_only()", __func__);
3345         rw_i93_sm_set_read_only(p_resp);
3346       } else {
3347         DLOG_IF(INFO, nfc_debug_enabled)
3348             << StringPrintf("%s - rw_t5t_sm_set_read_only()", __func__);
3349         rw_t5t_sm_set_read_only(p_resp);
3350       }
3351       GKI_freebuf(p_resp);
3352       break;
3353 
3354     case RW_I93_STATE_PRESENCE_CHECK:
3355       p_i93->state = RW_I93_STATE_IDLE;
3356       p_i93->sent_cmd = 0;
3357 
3358       /* if any response, send presence check with ok */
3359       rw_data.status = NFC_STATUS_OK;
3360       (*(rw_cb.p_cback))(RW_I93_PRESENCE_CHECK_EVT, &rw_data);
3361       GKI_freebuf(p_resp);
3362       break;
3363 
3364     default:
3365       LOG(ERROR) << StringPrintf("%s - invalid state=%d", __func__,
3366                                  p_i93->state);
3367       GKI_freebuf(p_resp);
3368       break;
3369   }
3370 
3371   if (begin_state != p_i93->state) {
3372     DLOG_IF(INFO, nfc_debug_enabled)
3373         << StringPrintf("%s - RW I93 state changed:<%s> -> <%s>", __func__,
3374                         rw_i93_get_state_name(begin_state).c_str(),
3375                         rw_i93_get_state_name(p_i93->state).c_str());
3376   }
3377 }
3378 
3379 /*******************************************************************************
3380 **
3381 ** Function         rw_i93_select
3382 **
3383 ** Description      Initialise ISO 15693 / T5T RW
3384 **
3385 ** Returns          NFC_STATUS_OK if success
3386 **
3387 *******************************************************************************/
rw_i93_select(uint8_t * p_uid)3388 tNFC_STATUS rw_i93_select(uint8_t* p_uid) {
3389   tRW_I93_CB* p_i93 = &rw_cb.tcb.i93;
3390   uint8_t uid[I93_UID_BYTE_LEN], *p;
3391 
3392   DLOG_IF(INFO, nfc_debug_enabled) << __func__;
3393 
3394   NFC_SetStaticRfCback(rw_i93_data_cback);
3395 
3396   p_i93->state = RW_I93_STATE_IDLE;
3397 
3398   /* convert UID to big endian format - MSB(0xE0) in first byte */
3399   p = uid;
3400   STREAM_TO_ARRAY8(p, p_uid);
3401 
3402   rw_i93_get_product_version(uid);
3403 
3404   return NFC_STATUS_OK;
3405 }
3406 
3407 /*******************************************************************************
3408 **
3409 ** Function         RW_I93Inventory
3410 **
3411 ** Description      This function send Inventory command with/without AFI
3412 **                  If UID is provided then set UID[0]:MSB, ... UID[7]:LSB
3413 **
3414 **                  RW_I93_RESPONSE_EVT will be returned
3415 **
3416 ** Returns          NFC_STATUS_OK if success
3417 **                  NFC_STATUS_NO_BUFFERS if out of buffer
3418 **                  NFC_STATUS_BUSY if busy
3419 **                  NFC_STATUS_FAILED if other error
3420 **
3421 *******************************************************************************/
RW_I93Inventory(bool including_afi,uint8_t afi,uint8_t * p_uid)3422 tNFC_STATUS RW_I93Inventory(bool including_afi, uint8_t afi, uint8_t* p_uid) {
3423   tNFC_STATUS status;
3424 
3425   DLOG_IF(INFO, nfc_debug_enabled)
3426       << StringPrintf(", including_afi:%d, AFI:0x%02X", including_afi, afi);
3427 
3428   if (rw_cb.tcb.i93.state != RW_I93_STATE_IDLE) {
3429     LOG(ERROR) << StringPrintf("Unable to start command at state (0x%X)",
3430                                rw_cb.tcb.i93.state);
3431     return NFC_STATUS_BUSY;
3432   }
3433 
3434   status = rw_i93_send_cmd_inventory(p_uid, including_afi, afi);
3435 
3436   if (status == NFC_STATUS_OK) {
3437     rw_cb.tcb.i93.state = RW_I93_STATE_BUSY;
3438   }
3439 
3440   return (status);
3441 }
3442 
3443 /*******************************************************************************
3444 **
3445 ** Function         RW_I93StayQuiet
3446 **
3447 ** Description      This function send Inventory command
3448 **
3449 **                  RW_I93_CMD_CMPL_EVT will be returned
3450 **
3451 ** Returns          NFC_STATUS_OK if success
3452 **                  NFC_STATUS_NO_BUFFERS if out of buffer
3453 **                  NFC_STATUS_BUSY if busy
3454 **                  NFC_STATUS_FAILED if other error
3455 **
3456 *******************************************************************************/
RW_I93StayQuiet(uint8_t * p_uid)3457 tNFC_STATUS RW_I93StayQuiet(uint8_t* p_uid) {
3458   tNFC_STATUS status = NFC_STATUS_FAILED;
3459 
3460   DLOG_IF(INFO, nfc_debug_enabled) << __func__;
3461 
3462   if (rw_cb.tcb.i93.state != RW_I93_STATE_IDLE) {
3463     LOG(ERROR) << StringPrintf("%s - Unable to start command at state (0x%X)",
3464                                __func__, rw_cb.tcb.i93.state);
3465     return NFC_STATUS_BUSY;
3466   }
3467 
3468   if (p_uid) {
3469     status = rw_i93_send_cmd_stay_quiet(p_uid);
3470     if (status == NFC_STATUS_OK) {
3471       rw_cb.tcb.i93.state = RW_I93_STATE_BUSY;
3472       rw_cb.tcb.i93.addr_mode = RW_I93_MODE_ADDRESSED;
3473     }
3474   }
3475 
3476   return status;
3477 }
3478 
3479 /*******************************************************************************
3480 **
3481 ** Function         RW_I93ReadSingleBlock
3482 **
3483 ** Description      This function send Read Single Block command
3484 **
3485 **                  RW_I93_RESPONSE_EVT will be returned
3486 **
3487 ** Returns          NFC_STATUS_OK if success
3488 **                  NFC_STATUS_NO_BUFFERS if out of buffer
3489 **                  NFC_STATUS_BUSY if busy
3490 **                  NFC_STATUS_FAILED if other error
3491 **
3492 *******************************************************************************/
RW_I93ReadSingleBlock(uint16_t block_number)3493 tNFC_STATUS RW_I93ReadSingleBlock(uint16_t block_number) {
3494   tNFC_STATUS status;
3495 
3496   DLOG_IF(INFO, nfc_debug_enabled)
3497       << StringPrintf("%s - block_number:0x%02X", __func__, block_number);
3498 
3499   if (rw_cb.tcb.i93.state != RW_I93_STATE_IDLE) {
3500     LOG(ERROR) << StringPrintf("Unable to start command at state (0x%X)",
3501                                rw_cb.tcb.i93.state);
3502     return NFC_STATUS_BUSY;
3503   }
3504 
3505   status = rw_i93_send_cmd_read_single_block(block_number, false);
3506   if (status == NFC_STATUS_OK) {
3507     rw_cb.tcb.i93.state = RW_I93_STATE_BUSY;
3508   }
3509 
3510   return status;
3511 }
3512 
3513 /*******************************************************************************
3514 **
3515 ** Function         RW_I93WriteSingleBlock
3516 **
3517 ** Description      This function send Write Single Block command
3518 **                  Application must get block size first by calling
3519 **                  RW_I93GetSysInfo().
3520 **
3521 **                  RW_I93_CMD_CMPL_EVT will be returned
3522 **
3523 ** Returns          NFC_STATUS_OK if success
3524 **                  NFC_STATUS_NO_BUFFERS if out of buffer
3525 **                  NFC_STATUS_BUSY if busy
3526 **                  NFC_STATUS_FAILED if other error
3527 **
3528 *******************************************************************************/
RW_I93WriteSingleBlock(uint16_t block_number,uint8_t * p_data)3529 tNFC_STATUS RW_I93WriteSingleBlock(uint16_t block_number, uint8_t* p_data) {
3530   tNFC_STATUS status;
3531 
3532   DLOG_IF(INFO, nfc_debug_enabled) << __func__;
3533 
3534   if (rw_cb.tcb.i93.state != RW_I93_STATE_IDLE) {
3535     LOG(ERROR) << StringPrintf("Unable to start command at state (0x%X)",
3536                                rw_cb.tcb.i93.state);
3537     return NFC_STATUS_BUSY;
3538   }
3539 
3540   if (rw_cb.tcb.i93.block_size == 0) {
3541     LOG(ERROR) << StringPrintf("Block size is unknown");
3542     return NFC_STATUS_FAILED;
3543   }
3544 
3545   status = rw_i93_send_cmd_write_single_block(block_number, p_data);
3546   if (status == NFC_STATUS_OK) {
3547     rw_cb.tcb.i93.state = RW_I93_STATE_BUSY;
3548   }
3549 
3550   return status;
3551 }
3552 
3553 /*******************************************************************************
3554 **
3555 ** Function         RW_I93LockBlock
3556 **
3557 ** Description      This function send Lock Block command
3558 **
3559 **                  RW_I93_CMD_CMPL_EVT will be returned
3560 **
3561 ** Returns          NFC_STATUS_OK if success
3562 **                  NFC_STATUS_NO_BUFFERS if out of buffer
3563 **                  NFC_STATUS_BUSY if busy
3564 **                  NFC_STATUS_FAILED if other error
3565 **
3566 *******************************************************************************/
RW_I93LockBlock(uint8_t block_number)3567 tNFC_STATUS RW_I93LockBlock(uint8_t block_number) {
3568   tNFC_STATUS status;
3569 
3570   DLOG_IF(INFO, nfc_debug_enabled) << __func__;
3571 
3572   if (rw_cb.tcb.i93.state != RW_I93_STATE_IDLE) {
3573     LOG(ERROR) << StringPrintf("Unable to start command at state (0x%X)",
3574                                rw_cb.tcb.i93.state);
3575     return NFC_STATUS_BUSY;
3576   }
3577 
3578   status = rw_i93_send_cmd_lock_block(block_number);
3579   if (status == NFC_STATUS_OK) {
3580     rw_cb.tcb.i93.state = RW_I93_STATE_BUSY;
3581   }
3582 
3583   return status;
3584 }
3585 
3586 /*******************************************************************************
3587 **
3588 ** Function         RW_I93ReadMultipleBlocks
3589 **
3590 ** Description      This function send Read Multiple Blocks command
3591 **
3592 **                  RW_I93_RESPONSE_EVT will be returned
3593 **
3594 ** Returns          NFC_STATUS_OK if success
3595 **                  NFC_STATUS_NO_BUFFERS if out of buffer
3596 **                  NFC_STATUS_BUSY if busy
3597 **                  NFC_STATUS_FAILED if other error
3598 **
3599 *******************************************************************************/
RW_I93ReadMultipleBlocks(uint16_t first_block_number,uint16_t number_blocks)3600 tNFC_STATUS RW_I93ReadMultipleBlocks(uint16_t first_block_number,
3601                                      uint16_t number_blocks) {
3602   tNFC_STATUS status;
3603 
3604   DLOG_IF(INFO, nfc_debug_enabled) << __func__;
3605 
3606   if (rw_cb.tcb.i93.state != RW_I93_STATE_IDLE) {
3607     LOG(ERROR) << StringPrintf("Unable to start command at state (0x%X)",
3608                                rw_cb.tcb.i93.state);
3609     return NFC_STATUS_BUSY;
3610   }
3611 
3612   status = rw_i93_send_cmd_read_multi_blocks(first_block_number, number_blocks);
3613   if (status == NFC_STATUS_OK) {
3614     rw_cb.tcb.i93.state = RW_I93_STATE_BUSY;
3615   }
3616 
3617   return status;
3618 }
3619 
3620 /*******************************************************************************
3621 **
3622 ** Function         RW_I93WriteMultipleBlocks
3623 **
3624 ** Description      This function send Write Multiple Blocks command
3625 **
3626 **                  RW_I93_CMD_CMPL_EVT will be returned
3627 **
3628 ** Returns          NFC_STATUS_OK if success
3629 **                  NFC_STATUS_NO_BUFFERS if out of buffer
3630 **                  NFC_STATUS_BUSY if busy
3631 **                  NFC_STATUS_FAILED if other error
3632 **
3633 *******************************************************************************/
RW_I93WriteMultipleBlocks(uint16_t first_block_number,uint16_t number_blocks,uint8_t * p_data)3634 tNFC_STATUS RW_I93WriteMultipleBlocks(uint16_t first_block_number,
3635                                       uint16_t number_blocks, uint8_t* p_data) {
3636   tNFC_STATUS status;
3637 
3638   DLOG_IF(INFO, nfc_debug_enabled) << __func__;
3639 
3640   if (rw_cb.tcb.i93.state != RW_I93_STATE_IDLE) {
3641     LOG(ERROR) << StringPrintf("Unable to start command at state (0x%X)",
3642                                rw_cb.tcb.i93.state);
3643     return NFC_STATUS_BUSY;
3644   }
3645 
3646   if (rw_cb.tcb.i93.block_size == 0) {
3647     LOG(ERROR) << StringPrintf("Block size is unknown");
3648     return NFC_STATUS_FAILED;
3649   }
3650 
3651   status = rw_i93_send_cmd_write_multi_blocks(first_block_number, number_blocks,
3652                                               p_data);
3653   if (status == NFC_STATUS_OK) {
3654     rw_cb.tcb.i93.state = RW_I93_STATE_BUSY;
3655   }
3656 
3657   return status;
3658 }
3659 
3660 /*******************************************************************************
3661 **
3662 ** Function         RW_I93Select
3663 **
3664 ** Description      This function send Select command
3665 **
3666 **                  UID[0]: 0xE0, MSB
3667 **                  UID[1]: IC Mfg Code
3668 **                  ...
3669 **                  UID[7]: LSB
3670 **
3671 **                  RW_I93_CMD_CMPL_EVT will be returned
3672 **
3673 ** Returns          NFC_STATUS_OK if success
3674 **                  NFC_STATUS_NO_BUFFERS if out of buffer
3675 **                  NFC_STATUS_BUSY if busy
3676 **                  NFC_STATUS_FAILED if other error
3677 **
3678 *******************************************************************************/
RW_I93Select(uint8_t * p_uid)3679 tNFC_STATUS RW_I93Select(uint8_t* p_uid) {
3680   tNFC_STATUS status;
3681 
3682   DLOG_IF(INFO, nfc_debug_enabled) << __func__;
3683 
3684   if (rw_cb.tcb.i93.state != RW_I93_STATE_IDLE) {
3685     LOG(ERROR) << StringPrintf("%s - Unable to start command at state (0x%X)",
3686                                __func__, rw_cb.tcb.i93.state);
3687     return NFC_STATUS_BUSY;
3688   }
3689 
3690   if (p_uid) {
3691     status = rw_i93_send_cmd_select(p_uid);
3692     if (status == NFC_STATUS_OK) {
3693       rw_cb.tcb.i93.state = RW_I93_STATE_BUSY;
3694       rw_cb.tcb.i93.addr_mode = RW_I93_MODE_NON_ADDRESSED;
3695       rw_cb.tcb.i93.intl_flags |= RW_I93_FLAG_SELECTED_STATE;
3696     }
3697   } else {
3698     LOG(ERROR) << StringPrintf("%s - UID shall be provided", __func__);
3699     status = NFC_STATUS_FAILED;
3700   }
3701 
3702   return status;
3703 }
3704 
3705 /*******************************************************************************
3706 **
3707 ** Function         RW_I93ResetToReady
3708 **
3709 ** Description      This function send Reset To Ready command
3710 **
3711 **                  RW_I93_CMD_CMPL_EVT will be returned
3712 **
3713 ** Returns          NFC_STATUS_OK if success
3714 **                  NFC_STATUS_NO_BUFFERS if out of buffer
3715 **                  NFC_STATUS_BUSY if busy
3716 **                  NFC_STATUS_FAILED if other error
3717 **
3718 *******************************************************************************/
RW_I93ResetToReady(void)3719 tNFC_STATUS RW_I93ResetToReady(void) {
3720   tNFC_STATUS status;
3721 
3722   DLOG_IF(INFO, nfc_debug_enabled) << __func__;
3723 
3724   if (rw_cb.tcb.i93.state != RW_I93_STATE_IDLE) {
3725     LOG(ERROR) << StringPrintf("%s - Unable to start command at state (0x%X)",
3726                                __func__, rw_cb.tcb.i93.state);
3727     return NFC_STATUS_BUSY;
3728   }
3729 
3730   status = rw_i93_send_cmd_reset_to_ready();
3731   if (status == NFC_STATUS_OK) {
3732     rw_cb.tcb.i93.state = RW_I93_STATE_BUSY;
3733   }
3734 
3735   return status;
3736 }
3737 
3738 /*******************************************************************************
3739 **
3740 ** Function         RW_I93WriteAFI
3741 **
3742 ** Description      This function send Write AFI command
3743 **
3744 **                  RW_I93_CMD_CMPL_EVT will be returned
3745 **
3746 ** Returns          NFC_STATUS_OK if success
3747 **                  NFC_STATUS_NO_BUFFERS if out of buffer
3748 **                  NFC_STATUS_BUSY if busy
3749 **                  NFC_STATUS_FAILED if other error
3750 **
3751 *******************************************************************************/
RW_I93WriteAFI(uint8_t afi)3752 tNFC_STATUS RW_I93WriteAFI(uint8_t afi) {
3753   tNFC_STATUS status;
3754 
3755   DLOG_IF(INFO, nfc_debug_enabled) << __func__;
3756 
3757   if (rw_cb.tcb.i93.state != RW_I93_STATE_IDLE) {
3758     LOG(ERROR) << StringPrintf("Unable to start command at state (0x%X)",
3759                                rw_cb.tcb.i93.state);
3760     return NFC_STATUS_BUSY;
3761   }
3762 
3763   status = rw_i93_send_cmd_write_afi(afi);
3764   if (status == NFC_STATUS_OK) {
3765     rw_cb.tcb.i93.state = RW_I93_STATE_BUSY;
3766   }
3767 
3768   return status;
3769 }
3770 
3771 /*******************************************************************************
3772 **
3773 ** Function         RW_I93LockAFI
3774 **
3775 ** Description      This function send Lock AFI command
3776 **
3777 **                  RW_I93_CMD_CMPL_EVT will be returned
3778 **
3779 ** Returns          NFC_STATUS_OK if success
3780 **                  NFC_STATUS_NO_BUFFERS if out of buffer
3781 **                  NFC_STATUS_BUSY if busy
3782 **                  NFC_STATUS_FAILED if other error
3783 **
3784 *******************************************************************************/
RW_I93LockAFI(void)3785 tNFC_STATUS RW_I93LockAFI(void) {
3786   tNFC_STATUS status;
3787 
3788   DLOG_IF(INFO, nfc_debug_enabled) << __func__;
3789 
3790   if (rw_cb.tcb.i93.state != RW_I93_STATE_IDLE) {
3791     LOG(ERROR) << StringPrintf("Unable to start command at state (0x%X)",
3792                                rw_cb.tcb.i93.state);
3793     return NFC_STATUS_BUSY;
3794   }
3795 
3796   status = rw_i93_send_cmd_lock_afi();
3797   if (status == NFC_STATUS_OK) {
3798     rw_cb.tcb.i93.state = RW_I93_STATE_BUSY;
3799   }
3800 
3801   return status;
3802 }
3803 
3804 /*******************************************************************************
3805 **
3806 ** Function         RW_I93WriteDSFID
3807 **
3808 ** Description      This function send Write DSFID command
3809 **
3810 **                  RW_I93_CMD_CMPL_EVT will be returned
3811 **
3812 ** Returns          NFC_STATUS_OK if success
3813 **                  NFC_STATUS_NO_BUFFERS if out of buffer
3814 **                  NFC_STATUS_BUSY if busy
3815 **                  NFC_STATUS_FAILED if other error
3816 **
3817 *******************************************************************************/
RW_I93WriteDSFID(uint8_t dsfid)3818 tNFC_STATUS RW_I93WriteDSFID(uint8_t dsfid) {
3819   tNFC_STATUS status;
3820 
3821   DLOG_IF(INFO, nfc_debug_enabled) << __func__;
3822 
3823   if (rw_cb.tcb.i93.state != RW_I93_STATE_IDLE) {
3824     LOG(ERROR) << StringPrintf("Unable to start command at state (0x%X)",
3825                                rw_cb.tcb.i93.state);
3826     return NFC_STATUS_BUSY;
3827   }
3828 
3829   status = rw_i93_send_cmd_write_dsfid(dsfid);
3830   if (status == NFC_STATUS_OK) {
3831     rw_cb.tcb.i93.state = RW_I93_STATE_BUSY;
3832   }
3833 
3834   return status;
3835 }
3836 
3837 /*******************************************************************************
3838 **
3839 ** Function         RW_I93LockDSFID
3840 **
3841 ** Description      This function send Lock DSFID command
3842 **
3843 **                  RW_I93_CMD_CMPL_EVT will be returned
3844 **
3845 ** Returns          NFC_STATUS_OK if success
3846 **                  NFC_STATUS_NO_BUFFERS if out of buffer
3847 **                  NFC_STATUS_BUSY if busy
3848 **                  NFC_STATUS_FAILED if other error
3849 **
3850 *******************************************************************************/
RW_I93LockDSFID(void)3851 tNFC_STATUS RW_I93LockDSFID(void) {
3852   tNFC_STATUS status;
3853 
3854   DLOG_IF(INFO, nfc_debug_enabled) << __func__;
3855 
3856   if (rw_cb.tcb.i93.state != RW_I93_STATE_IDLE) {
3857     LOG(ERROR) << StringPrintf("Unable to start command at state (0x%X)",
3858                                rw_cb.tcb.i93.state);
3859     return NFC_STATUS_BUSY;
3860   }
3861 
3862   status = rw_i93_send_cmd_lock_dsfid();
3863   if (status == NFC_STATUS_OK) {
3864     rw_cb.tcb.i93.state = RW_I93_STATE_BUSY;
3865   }
3866 
3867   return status;
3868 }
3869 
3870 /*******************************************************************************
3871 **
3872 ** Function         RW_I93GetSysInfo
3873 **
3874 ** Description      This function send Get System Information command
3875 **
3876 **                  RW_I93_RESPONSE_EVT will be returned
3877 **
3878 ** Returns          NFC_STATUS_OK if success
3879 **                  NFC_STATUS_NO_BUFFERS if out of buffer
3880 **                  NFC_STATUS_BUSY if busy
3881 **                  NFC_STATUS_FAILED if other error
3882 **
3883 *******************************************************************************/
RW_I93GetSysInfo(uint8_t * p_uid)3884 tNFC_STATUS RW_I93GetSysInfo(uint8_t* p_uid) {
3885   tNFC_STATUS status;
3886 
3887   DLOG_IF(INFO, nfc_debug_enabled) << __func__;
3888 
3889   if (rw_cb.tcb.i93.state != RW_I93_STATE_IDLE) {
3890     LOG(ERROR) << StringPrintf("%s - Unable to start command at state (0x%X)",
3891                                __func__, rw_cb.tcb.i93.state);
3892     return NFC_STATUS_BUSY;
3893   }
3894 
3895   if (p_uid) {
3896     status = rw_i93_send_cmd_get_sys_info(p_uid, I93_FLAG_PROT_EXT_NO);
3897   } else {
3898     status = rw_i93_send_cmd_get_sys_info(nullptr, I93_FLAG_PROT_EXT_NO);
3899   }
3900 
3901   if (status == NFC_STATUS_OK) {
3902     rw_cb.tcb.i93.state = RW_I93_STATE_BUSY;
3903   }
3904 
3905   return status;
3906 }
3907 
3908 /*******************************************************************************
3909 **
3910 ** Function         RW_I93GetMultiBlockSecurityStatus
3911 **
3912 ** Description      This function send Get Multiple Block Security Status
3913 **                  command
3914 **
3915 **                  RW_I93_RESPONSE_EVT will be returned
3916 **
3917 ** Returns          NFC_STATUS_OK if success
3918 **                  NFC_STATUS_NO_BUFFERS if out of buffer
3919 **                  NFC_STATUS_BUSY if busy
3920 **                  NFC_STATUS_FAILED if other error
3921 **
3922 *******************************************************************************/
RW_I93GetMultiBlockSecurityStatus(uint16_t first_block_number,uint16_t number_blocks)3923 tNFC_STATUS RW_I93GetMultiBlockSecurityStatus(uint16_t first_block_number,
3924                                               uint16_t number_blocks) {
3925   tNFC_STATUS status;
3926 
3927   DLOG_IF(INFO, nfc_debug_enabled) << __func__;
3928 
3929   if (rw_cb.tcb.i93.state != RW_I93_STATE_IDLE) {
3930     LOG(ERROR) << StringPrintf(
3931         "Unable to start command at state "
3932         "(0x%X)",
3933         rw_cb.tcb.i93.state);
3934     return NFC_STATUS_BUSY;
3935   }
3936 
3937   status =
3938       rw_i93_send_cmd_get_multi_block_sec(first_block_number, number_blocks);
3939   if (status == NFC_STATUS_OK) {
3940     rw_cb.tcb.i93.state = RW_I93_STATE_BUSY;
3941   }
3942 
3943   return status;
3944 }
3945 
3946 /*******************************************************************************
3947 **
3948 ** Function         RW_I93DetectNDef
3949 **
3950 ** Description      This function performs NDEF detection procedure
3951 **
3952 **                  RW_I93_NDEF_DETECT_EVT will be returned
3953 **
3954 ** Returns          NFC_STATUS_OK if success
3955 **                  NFC_STATUS_FAILED if busy or other error
3956 **
3957 *******************************************************************************/
RW_I93DetectNDef(void)3958 tNFC_STATUS RW_I93DetectNDef(void) {
3959   tNFC_STATUS status;
3960   tRW_I93_RW_SUBSTATE sub_state;
3961 
3962   DLOG_IF(INFO, nfc_debug_enabled) << __func__;
3963 
3964   if (rw_cb.tcb.i93.state != RW_I93_STATE_IDLE) {
3965     LOG(ERROR) << StringPrintf("%s - Unable to start command at state (0x%X)",
3966                                __func__, rw_cb.tcb.i93.state);
3967     return NFC_STATUS_FAILED;
3968   }
3969 
3970   if (rw_cb.tcb.i93.uid[0] != I93_UID_FIRST_BYTE) {
3971     status = rw_i93_send_cmd_inventory(nullptr, false, 0x00);
3972     sub_state = RW_I93_SUBSTATE_WAIT_UID;
3973 
3974   } else if (((rw_cb.tcb.i93.num_block == 0) ||
3975               (rw_cb.tcb.i93.block_size == 0)) &&
3976              (!appl_dta_mode_flag)) {
3977     status =
3978         rw_i93_send_cmd_get_sys_info(rw_cb.tcb.i93.uid, I93_FLAG_PROT_EXT_NO);
3979     sub_state = RW_I93_SUBSTATE_WAIT_SYS_INFO;
3980 
3981     /* clear all flags */
3982     rw_cb.tcb.i93.intl_flags = 0;
3983   } else {
3984     /* read CC in the first block */
3985     status = rw_i93_send_cmd_read_single_block(0x0000, false);
3986     sub_state = RW_I93_SUBSTATE_WAIT_CC;
3987   }
3988 
3989   if (status == NFC_STATUS_OK) {
3990     rw_cb.tcb.i93.state = RW_I93_STATE_DETECT_NDEF;
3991     rw_cb.tcb.i93.sub_state = sub_state;
3992 
3993     /* clear flags except flag for 2 bytes of number of blocks */
3994     rw_cb.tcb.i93.intl_flags &= RW_I93_FLAG_16BIT_NUM_BLOCK;
3995   }
3996 
3997   return (status);
3998 }
3999 
4000 /*******************************************************************************
4001 **
4002 ** Function         RW_I93ReadNDef
4003 **
4004 ** Description      This function performs NDEF read procedure
4005 **                  Note: RW_I93DetectNDef () must be called before using this
4006 **
4007 **                  The following event will be returned
4008 **                      RW_I93_NDEF_READ_EVT for each segmented NDEF message
4009 **                      RW_I93_NDEF_READ_CPLT_EVT for the last segment or
4010 **                      complete NDEF
4011 **                      RW_I93_NDEF_READ_FAIL_EVT for failure
4012 **
4013 ** Returns          NFC_STATUS_OK if success
4014 **                  NFC_STATUS_FAILED if I93 is busy or other error
4015 **
4016 *******************************************************************************/
RW_I93ReadNDef(void)4017 tNFC_STATUS RW_I93ReadNDef(void) {
4018   DLOG_IF(INFO, nfc_debug_enabled) << __func__;
4019 
4020   if (rw_cb.tcb.i93.state != RW_I93_STATE_IDLE) {
4021     LOG(ERROR) << StringPrintf("%s - Unable to start command at state (0x%X)",
4022                                __func__, rw_cb.tcb.i93.state);
4023     return NFC_STATUS_FAILED;
4024   }
4025 
4026   if ((rw_cb.tcb.i93.tlv_type == I93_ICODE_TLV_TYPE_NDEF) &&
4027       (rw_cb.tcb.i93.ndef_length > 0)) {
4028     rw_cb.tcb.i93.rw_offset = rw_cb.tcb.i93.ndef_tlv_start_offset;
4029     rw_cb.tcb.i93.rw_length = 0;
4030 
4031     if (rw_i93_get_next_blocks(rw_cb.tcb.i93.rw_offset) == NFC_STATUS_OK) {
4032       rw_cb.tcb.i93.state = RW_I93_STATE_READ_NDEF;
4033     } else {
4034       return NFC_STATUS_FAILED;
4035     }
4036   } else {
4037     LOG(ERROR) << StringPrintf("%s - No NDEF detected", __func__);
4038     return NFC_STATUS_FAILED;
4039   }
4040 
4041   return NFC_STATUS_OK;
4042 }
4043 
4044 /*******************************************************************************
4045 **
4046 ** Function         RW_I93UpdateNDef
4047 **
4048 ** Description      This function performs NDEF update procedure
4049 **                  Note: RW_I93DetectNDef () must be called before using this
4050 **                        Updating data must not be removed until returning
4051 **                        event
4052 **
4053 **                  The following event will be returned
4054 **                      RW_I93_NDEF_UPDATE_CPLT_EVT for complete
4055 **                      RW_I93_NDEF_UPDATE_FAIL_EVT for failure
4056 **
4057 ** Returns          NFC_STATUS_OK if success
4058 **                  NFC_STATUS_FAILED if I93 is busy or other error
4059 **
4060 *******************************************************************************/
RW_I93UpdateNDef(uint16_t length,uint8_t * p_data)4061 tNFC_STATUS RW_I93UpdateNDef(uint16_t length, uint8_t* p_data) {
4062   uint16_t block_number;
4063 
4064   DLOG_IF(INFO, nfc_debug_enabled)
4065       << StringPrintf("%s - length:%d", __func__, length);
4066 
4067   if (rw_cb.tcb.i93.state != RW_I93_STATE_IDLE) {
4068     LOG(ERROR) << StringPrintf("%s - Unable to start command at state (0x%X)",
4069                                __func__, rw_cb.tcb.i93.state);
4070     return NFC_STATUS_FAILED;
4071   }
4072 
4073   if (rw_cb.tcb.i93.tlv_type == I93_ICODE_TLV_TYPE_NDEF) {
4074     if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_READ_ONLY) {
4075       LOG(ERROR) << StringPrintf("%s - NDEF is read-only", __func__);
4076       return NFC_STATUS_FAILED;
4077     }
4078     if (rw_cb.tcb.i93.max_ndef_length < length) {
4079       LOG(ERROR) << StringPrintf(
4080           "%s - data (%d bytes) is more than max NDEF length "
4081           "(%d)",
4082           __func__, length, rw_cb.tcb.i93.max_ndef_length);
4083       return NFC_STATUS_FAILED;
4084     }
4085 
4086     rw_cb.tcb.i93.ndef_length = length;
4087     rw_cb.tcb.i93.p_update_data = p_data;
4088 
4089     /* read length field */
4090     rw_cb.tcb.i93.rw_offset = rw_cb.tcb.i93.ndef_tlv_start_offset + 1;
4091     rw_cb.tcb.i93.rw_length = 0;
4092 
4093     block_number = rw_cb.tcb.i93.rw_offset / rw_cb.tcb.i93.block_size;
4094 
4095     if (rw_i93_send_cmd_read_single_block(block_number, false) ==
4096         NFC_STATUS_OK) {
4097       rw_cb.tcb.i93.state = RW_I93_STATE_UPDATE_NDEF;
4098       rw_cb.tcb.i93.sub_state = RW_I93_SUBSTATE_RESET_LEN;
4099     } else {
4100       return NFC_STATUS_FAILED;
4101     }
4102   } else {
4103     LOG(ERROR) << StringPrintf("%s - No NDEF detected", __func__);
4104     return NFC_STATUS_FAILED;
4105   }
4106 
4107   return NFC_STATUS_OK;
4108 }
4109 
4110 /*******************************************************************************
4111 **
4112 ** Function         RW_I93FormatNDef
4113 **
4114 ** Description      This function performs formatting procedure
4115 **
4116 **                  RW_I93_FORMAT_CPLT_EVT will be returned
4117 **
4118 ** Returns          NFC_STATUS_OK if success
4119 **                  NFC_STATUS_FAILED if busy or other error
4120 **
4121 *******************************************************************************/
RW_I93FormatNDef(void)4122 tNFC_STATUS RW_I93FormatNDef(void) {
4123   tNFC_STATUS status;
4124   tRW_I93_RW_SUBSTATE sub_state;
4125 
4126   DLOG_IF(INFO, nfc_debug_enabled) << __func__;
4127 
4128   if (rw_cb.tcb.i93.state != RW_I93_STATE_IDLE) {
4129     LOG(ERROR) << StringPrintf("Unable to start command at state (0x%X)",
4130                                rw_cb.tcb.i93.state);
4131     return NFC_STATUS_FAILED;
4132   }
4133 
4134   if ((rw_cb.tcb.i93.product_version == RW_I93_TAG_IT_HF_I_STD_CHIP_INLAY) ||
4135       (rw_cb.tcb.i93.product_version == RW_I93_TAG_IT_HF_I_PRO_CHIP_INLAY)) {
4136     /* These don't support GetSystemInformation and GetMultiBlockSecurityStatus
4137      */
4138     rw_cb.tcb.i93.rw_offset = 0;
4139 
4140     /* read blocks with option flag to get block security status */
4141     status = rw_i93_send_cmd_read_single_block(0x0000, true);
4142     sub_state = RW_I93_SUBSTATE_CHECK_READ_ONLY;
4143   } else {
4144     status = rw_i93_send_cmd_inventory(rw_cb.tcb.i93.uid, false, 0x00);
4145     sub_state = RW_I93_SUBSTATE_WAIT_UID;
4146   }
4147 
4148   if (status == NFC_STATUS_OK) {
4149     rw_cb.tcb.i93.state = RW_I93_STATE_FORMAT;
4150     rw_cb.tcb.i93.sub_state = sub_state;
4151     rw_cb.tcb.i93.intl_flags = 0;
4152   }
4153 
4154   return (status);
4155 }
4156 
4157 /*******************************************************************************
4158 **
4159 ** Function         RW_I93SetTagReadOnly
4160 **
4161 ** Description      This function performs NDEF read-only procedure
4162 **                  Note: RW_I93DetectNDef () must be called before using this
4163 **                        Updating data must not be removed until returning
4164 **                        event
4165 **
4166 **                  The RW_I93_SET_TAG_RO_EVT event will be returned.
4167 **
4168 ** Returns          NFC_STATUS_OK if success
4169 **                  NFC_STATUS_FAILED if I93 is busy or other error
4170 **
4171 *******************************************************************************/
RW_I93SetTagReadOnly(void)4172 tNFC_STATUS RW_I93SetTagReadOnly(void) {
4173   uint8_t cc_blk0[4];
4174 
4175   DLOG_IF(INFO, nfc_debug_enabled) << __func__;
4176 
4177   if (rw_cb.tcb.i93.state != RW_I93_STATE_IDLE) {
4178     LOG(ERROR) << StringPrintf("%s - Unable to start command at state (0x%X)",
4179                                __func__, rw_cb.tcb.i93.state);
4180     return NFC_STATUS_FAILED;
4181   }
4182 
4183   if ((rw_cb.tcb.i93.tlv_type == I93_ICODE_TLV_TYPE_NDEF) &&
4184       (rw_cb.tcb.i93.i93_t5t_mode != RW_T5T_CC_READ_MEM_INFO)) {
4185     if (rw_cb.tcb.i93.intl_flags & RW_I93_FLAG_READ_ONLY) {
4186       LOG(ERROR) << StringPrintf("%s - NDEF is already read-only", __func__);
4187       return NFC_STATUS_FAILED;
4188     }
4189 
4190     /* get CC in the first block */
4191     if (rw_i93_send_cmd_read_single_block(0, false) == NFC_STATUS_OK) {
4192       rw_cb.tcb.i93.state = RW_I93_STATE_SET_READ_ONLY;
4193       rw_cb.tcb.i93.sub_state = RW_I93_SUBSTATE_WAIT_CC;
4194     } else {
4195       return NFC_STATUS_FAILED;
4196     }
4197   } else {
4198     if (rw_cb.tcb.i93.i93_t5t_mode == RW_T5T_CC_READ_MEM_INFO) {
4199       memcpy(cc_blk0, rw_cb.tcb.i93.gre_cc_content, 4);
4200 
4201       /* mark CC as read-only */
4202       *(cc_blk0 + 1) |= I93_ICODE_CC_READ_ONLY;
4203 
4204       DLOG_IF(INFO, nfc_debug_enabled) << StringPrintf(
4205           "%s - Set CC1 to RO - cc[0]=0x%02x, cc[1]=0x%02x, "
4206           "cc[2]=0x%02x, cc[3]=0x%02x",
4207           __func__, *cc_blk0, *(cc_blk0 + 1), *(cc_blk0 + 2), *(cc_blk0 + 3));
4208 
4209       if (rw_i93_send_cmd_write_single_block(0, cc_blk0) == NFC_STATUS_OK) {
4210         rw_cb.tcb.i93.state = RW_I93_STATE_SET_READ_ONLY;
4211         rw_cb.tcb.i93.sub_state = RW_I93_SUBSTATE_WAIT_UPDATE_CC;
4212       } else {
4213         rw_i93_handle_error(NFC_STATUS_FAILED);
4214         return NFC_STATUS_FAILED;
4215       }
4216 
4217       return NFC_STATUS_OK;
4218     }
4219     LOG(ERROR) << StringPrintf("%s - No NDEF detected", __func__);
4220     return NFC_STATUS_FAILED;
4221   }
4222 
4223   return NFC_STATUS_OK;
4224 }
4225 
4226 /*****************************************************************************
4227 **
4228 ** Function         RW_I93PresenceCheck
4229 **
4230 ** Description      Check if the tag is still in the field.
4231 **
4232 **                  The RW_I93_PRESENCE_CHECK_EVT w/ status is used to indicate
4233 **                  presence or non-presence.
4234 **
4235 ** Returns          NFC_STATUS_OK, if raw data frame sent
4236 **                  NFC_STATUS_NO_BUFFERS: unable to allocate a buffer for this
4237 **                  operation
4238 **                  NFC_STATUS_FAILED: other error
4239 **
4240 *****************************************************************************/
RW_I93PresenceCheck(void)4241 tNFC_STATUS RW_I93PresenceCheck(void) {
4242   tNFC_STATUS status;
4243   tRW_DATA evt_data;
4244 
4245   DLOG_IF(INFO, nfc_debug_enabled) << __func__;
4246 
4247   if (!rw_cb.p_cback) {
4248     return NFC_STATUS_FAILED;
4249   } else if (rw_cb.tcb.i93.state == RW_I93_STATE_NOT_ACTIVATED) {
4250     evt_data.status = NFC_STATUS_FAILED;
4251     (*rw_cb.p_cback)(RW_I93_PRESENCE_CHECK_EVT, &evt_data);
4252 
4253     return NFC_STATUS_OK;
4254   } else if (rw_cb.tcb.i93.state != RW_I93_STATE_IDLE) {
4255     return NFC_STATUS_BUSY;
4256   } else {
4257     if (rw_cb.tcb.i93.i93_t5t_mode == RW_I93_GET_SYS_INFO_MEM_INFO) {
4258       /* The support of AFI by the VICC is optional, so do not include AFI */
4259       status = rw_i93_send_cmd_inventory(rw_cb.tcb.i93.uid, false, 0x00);
4260     } else {
4261       /* Extended command not expected for presence check */
4262       rw_cb.tcb.i93.intl_flags &= ~RW_I93_FLAG_EXT_COMMANDS;
4263       status = rw_i93_send_cmd_read_single_block(0, false);
4264     }
4265 
4266     if (status == NFC_STATUS_OK) {
4267       /* do not retry during presence check */
4268       rw_cb.tcb.i93.retry_count = RW_MAX_RETRIES;
4269       rw_cb.tcb.i93.state = RW_I93_STATE_PRESENCE_CHECK;
4270     }
4271   }
4272 
4273   return (status);
4274 }
4275 
4276 /*****************************************************************************
4277 **
4278 ** Function         RW_I93SetAddressingMode
4279 **
4280 ** Description      Set if the tag must be addressed with UID or not.
4281 **
4282 **                  The addressing mode (addressed or non-addressed) must be
4283 **                  done at the module initialization prior to the Tag
4284 **                  activation.
4285 **
4286 ** Returns          NFC_STATUS_OK, if mode is stored
4287 **                  NFC_STATUS_FAILED: other error
4288 **
4289 *****************************************************************************/
RW_I93SetAddressingMode(bool mode)4290 tNFC_STATUS RW_I93SetAddressingMode(bool mode) {
4291   DLOG_IF(INFO, nfc_debug_enabled)
4292       << StringPrintf("%s - I93 state:%d", __func__, rw_cb.tcb.i93.state);
4293 
4294   if (rw_cb.tcb.i93.state == RW_I93_STATE_IDLE) {
4295     DLOG_IF(INFO, nfc_debug_enabled)
4296         << StringPrintf("%s - mode:%d", __func__, mode);
4297     if (mode) {
4298       rw_cb.tcb.i93.addr_mode = RW_I93_MODE_ADDRESSED;
4299     } else {
4300       rw_cb.tcb.i93.addr_mode = RW_I93_MODE_NON_ADDRESSED;
4301     }
4302     return NFC_STATUS_OK;
4303   } else {
4304     return NFC_STATUS_FAILED;
4305   }
4306 }
4307 
4308 /*******************************************************************************
4309 **
4310 ** Function         rw_i93_get_state_name
4311 **
4312 ** Description      This function returns the state name.
4313 **
4314 ** NOTE             conditionally compiled to save memory.
4315 **
4316 ** Returns          pointer to the name
4317 **
4318 *******************************************************************************/
rw_i93_get_state_name(uint8_t state)4319 std::string rw_i93_get_state_name(uint8_t state) {
4320   switch (state) {
4321     case RW_I93_STATE_NOT_ACTIVATED:
4322       return "NOT_ACTIVATED";
4323     case RW_I93_STATE_IDLE:
4324       return "IDLE";
4325     case RW_I93_STATE_BUSY:
4326       return "BUSY";
4327     case RW_I93_STATE_DETECT_NDEF:
4328       return "NDEF_DETECTION";
4329     case RW_I93_STATE_READ_NDEF:
4330       return "READ_NDEF";
4331     case RW_I93_STATE_UPDATE_NDEF:
4332       return "UPDATE_NDEF";
4333     case RW_I93_STATE_FORMAT:
4334       return "FORMAT";
4335     case RW_I93_STATE_SET_READ_ONLY:
4336       return "SET_READ_ONLY";
4337     case RW_I93_STATE_PRESENCE_CHECK:
4338       return "PRESENCE_CHECK";
4339     default:
4340       return "???? UNKNOWN STATE";
4341   }
4342 }
4343 
4344 /*******************************************************************************
4345 **
4346 ** Function         rw_i93_get_sub_state_name
4347 **
4348 ** Description      This function returns the sub_state name.
4349 **
4350 ** NOTE             conditionally compiled to save memory.
4351 **
4352 ** Returns          pointer to the name
4353 **
4354 *******************************************************************************/
rw_i93_get_sub_state_name(uint8_t sub_state)4355 std::string rw_i93_get_sub_state_name(uint8_t sub_state) {
4356   switch (sub_state) {
4357     case RW_I93_SUBSTATE_WAIT_UID:
4358       return "WAIT_UID";
4359     case RW_I93_SUBSTATE_WAIT_SYS_INFO:
4360       return "WAIT_SYS_INFO";
4361     case RW_I93_SUBSTATE_WAIT_CC:
4362       return "WAIT_CC";
4363     case RW_I93_SUBSTATE_WAIT_CC_EXT:
4364       return "WAIT_CC_EXT";
4365     case RW_I93_SUBSTATE_SEARCH_NDEF_TLV:
4366       return "SEARCH_NDEF_TLV";
4367     case RW_I93_SUBSTATE_CHECK_LOCK_STATUS:
4368       return "CHECK_LOCK_STATUS";
4369     case RW_I93_SUBSTATE_RESET_LEN:
4370       return "RESET_LEN";
4371     case RW_I93_SUBSTATE_WRITE_NDEF:
4372       return "WRITE_NDEF";
4373     case RW_I93_SUBSTATE_UPDATE_LEN:
4374       return "UPDATE_LEN";
4375     case RW_I93_SUBSTATE_WAIT_RESET_DSFID_AFI:
4376       return "WAIT_RESET_DSFID_AFI";
4377     case RW_I93_SUBSTATE_CHECK_READ_ONLY:
4378       return "CHECK_READ_ONLY";
4379     case RW_I93_SUBSTATE_WRITE_CC_NDEF_TLV:
4380       return "WRITE_CC_NDEF_TLV";
4381     case RW_I93_SUBSTATE_WAIT_UPDATE_CC:
4382       return "WAIT_UPDATE_CC";
4383     case RW_I93_SUBSTATE_LOCK_NDEF_TLV:
4384       return "LOCK_NDEF_TLV";
4385     case RW_I93_SUBSTATE_WAIT_LOCK_CC:
4386       return "WAIT_LOCK_CC";
4387     case RW_I93_SUBSTATE_LOCK_T5T_AREA:
4388       return "LOCK_T5T_AREA";
4389     default:
4390       return "???? UNKNOWN SUBSTATE";
4391   }
4392 }
4393 
4394 /*******************************************************************************
4395 **
4396 ** Function         rw_i93_get_tag_name
4397 **
4398 ** Description      This function returns the tag name.
4399 **
4400 ** NOTE             conditionally compiled to save memory.
4401 **
4402 ** Returns          pointer to the name
4403 **
4404 *******************************************************************************/
rw_i93_get_tag_name(uint8_t product_version)4405 static std::string rw_i93_get_tag_name(uint8_t product_version) {
4406   switch (product_version) {
4407     case RW_I93_ICODE_SLI:
4408       return "SLI/SLIX";
4409     case RW_I93_ICODE_SLI_S:
4410       return "SLI-S/SLIX-S";
4411     case RW_I93_ICODE_SLI_L:
4412       return "SLI-L/SLIX-L";
4413     case RW_I93_TAG_IT_HF_I_PLUS_INLAY:
4414       return "Tag-it HF-I Plus Inlay";
4415     case RW_I93_TAG_IT_HF_I_PLUS_CHIP:
4416       return "Tag-it HF-I Plus Chip";
4417     case RW_I93_TAG_IT_HF_I_STD_CHIP_INLAY:
4418       return "Tag-it HF-I Standard Chip/Inlyas";
4419     case RW_I93_TAG_IT_HF_I_PRO_CHIP_INLAY:
4420       return "Tag-it HF-I Pro Chip/Inlays";
4421     case RW_I93_STM_LRI1K:
4422       return "LRi1K";
4423     case RW_I93_STM_LRI2K:
4424       return "LRi2K";
4425     case RW_I93_STM_LRIS2K:
4426       return "LRiS2K";
4427     case RW_I93_STM_LRIS64K:
4428       return "LRiS64K";
4429     case RW_I93_STM_M24LR64_R:
4430       return "M24LR64";
4431     case RW_I93_STM_M24LR04E_R:
4432       return "M24LR04E";
4433     case RW_I93_STM_M24LR16E_R:
4434       return "M24LR16E";
4435     case RW_I93_STM_M24LR16D_W:
4436       return "M24LR16D-W";
4437     case RW_I93_STM_M24LR64E_R:
4438       return "M24LR64E";
4439     case RW_I93_STM_ST25DV04K:
4440       return "ST25DV04";
4441     case RW_I93_STM_ST25DVHIK:
4442       return "ST25DV";
4443     case RW_I93_ONS_N36RW02:
4444       return ("N36RW02");
4445     case RW_I93_ONS_N24RF04:
4446       return ("N24RF04");
4447     case RW_I93_ONS_N24RF04E:
4448       return ("N24RF04E");
4449     case RW_I93_ONS_N24RF16:
4450       return ("N24RF16");
4451     case RW_I93_ONS_N24RF16E:
4452       return ("N24RF16E");
4453     case RW_I93_ONS_N24RF64:
4454       return ("N24RF64");
4455     case RW_I93_ONS_N24RF64E:
4456       return ("N24RF64E");
4457     case RW_I93_UNKNOWN_PRODUCT:
4458     default:
4459       return "UNKNOWN";
4460   }
4461 }
4462