net/nfc/digital_technology.c

   1 /*
   2  * NFC Digital Protocol stack
   3  * Copyright (c) 2013, Intel Corporation.
   4  *
   5  * This program is free software; you can redistribute it and/or modify it
   6  * under the terms and conditions of the GNU General Public License,
   7  * version 2, as published by the Free Software Foundation.
   8  *
   9  * This program is distributed in the hope it will be useful, but WITHOUT
  10  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  11  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
  12  * more details.
  13  *
  14  */
  15
  16 #define pr_fmt(fmt) "digital: %s: " fmt, __func__
  17
  18 #include "digital.h"
  19
  20 #define DIGITAL_CMD_SENS_REQ    0x26
  21 #define DIGITAL_CMD_ALL_REQ     0x52
  22 #define DIGITAL_CMD_SEL_REQ_CL1 0x93
  23 #define DIGITAL_CMD_SEL_REQ_CL2 0x95
  24 #define DIGITAL_CMD_SEL_REQ_CL3 0x97
  25
  26 #define DIGITAL_SDD_REQ_SEL_PAR 0x20
  27
  28 #define DIGITAL_SDD_RES_CT  0x88
  29 #define DIGITAL_SDD_RES_LEN 5
  30
  31 #define DIGITAL_SEL_RES_NFCID1_COMPLETE(sel_res) (!((sel_res) & 0x04))
  32 #define DIGITAL_SEL_RES_IS_T2T(sel_res) (!((sel_res) & 0x60))
  33 #define DIGITAL_SEL_RES_IS_NFC_DEP(sel_res) ((sel_res) & 0x40)
  34
  35 #define DIGITAL_SENS_RES_IS_T1T(sens_res) (((sens_res) & 0x0C00) == 0x0C00)
  36 #define DIGITAL_SENS_RES_IS_VALID(sens_res) \
  37         ((!((sens_res) & 0x001F) && (((sens_res) & 0x0C00) == 0x0C00)) || \
  38         (((sens_res) & 0x001F) && ((sens_res) & 0x0C00) != 0x0C00))
  39
  40 #define DIGITAL_MIFARE_READ_RES_LEN 16
  41 #define DIGITAL_MIFARE_ACK_RES  0x0A
  42
  43 #define DIGITAL_CMD_SENSF_REQ   0x00
  44 #define DIGITAL_CMD_SENSF_RES   0x01
  45
  46 #define DIGITAL_SENSF_RES_MIN_LENGTH 17
  47 #define DIGITAL_SENSF_RES_RD_AP_B1   0x00
  48 #define DIGITAL_SENSF_RES_RD_AP_B2   0x8F
  49
  50 #define DIGITAL_SENSF_REQ_RC_NONE 0
  51 #define DIGITAL_SENSF_REQ_RC_SC   1
  52 #define DIGITAL_SENSF_REQ_RC_AP   2
  53
  54 struct digital_sdd_res {
  55         u8 nfcid1[4];
  56         u8 bcc;
  57 } __packed;
  58
  59 struct digital_sel_req {
  60         u8 sel_cmd;
  61         u8 b2;
  62         u8 nfcid1[4];
  63         u8 bcc;
  64 } __packed;
  65
  66 struct digital_sensf_req {
  67         u8 cmd;
  68         u8 sc1;
  69         u8 sc2;
  70         u8 rc;
  71         u8 tsn;
  72 } __packed;
  73
  74 struct digital_sensf_res {
  75         u8 cmd;
  76         u8 nfcid2[8];
  77         u8 pad0[2];
  78         u8 pad1[3];
  79         u8 mrti_check;
  80         u8 mrti_update;
  81         u8 pad2;
  82         u8 rd[2];
  83 } __packed;
  84
  85 static int digital_in_send_sdd_req(struct nfc_digital_dev *ddev,
  86                                    struct nfc_target *target);
  87
  88 static void digital_in_recv_sel_res(struct nfc_digital_dev *ddev, void *arg,
  89                                     struct sk_buff *resp)
  90 {
  91         struct nfc_target *target = arg;
  92         int rc;
  93         u8 sel_res;
  94         u8 nfc_proto;
  95
  96         if (IS_ERR(resp)) {
  97                 rc = PTR_ERR(resp);
  98                 resp = NULL;
  99                 goto exit;
 100         }
 101
 102         if (!DIGITAL_DRV_CAPS_IN_CRC(ddev)) {
 103                 rc = digital_skb_check_crc_a(resp);
 104                 if (rc) {
 105                         PROTOCOL_ERR("4.4.1.3");
 106                         goto exit;
 107                 }
 108         }
 109
 110         if (!resp->len) {
 111                 rc = -EIO;
 112                 goto exit;
 113         }
 114
 115         sel_res = resp->data[0];
 116
 117         if (!DIGITAL_SEL_RES_NFCID1_COMPLETE(sel_res)) {
 118                 rc = digital_in_send_sdd_req(ddev, target);
 119                 if (rc)
 120                         goto exit;
 121
 122                 goto exit_free_skb;
 123         }
 124
 125         if (DIGITAL_SEL_RES_IS_T2T(sel_res)) {
 126                 nfc_proto = NFC_PROTO_MIFARE;
 127         } else if (DIGITAL_SEL_RES_IS_NFC_DEP(sel_res)) {
 128                 nfc_proto = NFC_PROTO_NFC_DEP;
 129         } else {
 130                 rc = -EOPNOTSUPP;
 131                 goto exit;
 132         }
 133
 134         target->sel_res = sel_res;
 135
 136         rc = digital_target_found(ddev, target, nfc_proto);
 137
 138 exit:
 139         kfree(target);
 140
 141 exit_free_skb:
 142         dev_kfree_skb(resp);
 143
 144         if (rc)
 145                 digital_poll_next_tech(ddev);
 146 }
 147
 148 static int digital_in_send_sel_req(struct nfc_digital_dev *ddev,
 149                                    struct nfc_target *target,
 150                                    struct digital_sdd_res *sdd_res)
 151 {
 152         struct sk_buff *skb;
 153         struct digital_sel_req *sel_req;
 154         u8 sel_cmd;
 155         int rc;
 156
 157         skb = digital_skb_alloc(ddev, sizeof(struct digital_sel_req));
 158         if (!skb)
 159                 return -ENOMEM;
 160
 161         skb_put(skb, sizeof(struct digital_sel_req));
 162         sel_req = (struct digital_sel_req *)skb->data;
 163
 164         if (target->nfcid1_len <= 4)
 165                 sel_cmd = DIGITAL_CMD_SEL_REQ_CL1;
 166         else if (target->nfcid1_len < 10)
 167                 sel_cmd = DIGITAL_CMD_SEL_REQ_CL2;
 168         else
 169                 sel_cmd = DIGITAL_CMD_SEL_REQ_CL3;
 170
 171         sel_req->sel_cmd = sel_cmd;
 172         sel_req->b2 = 0x70;
 173         memcpy(sel_req->nfcid1, sdd_res->nfcid1, 4);
 174         sel_req->bcc = sdd_res->bcc;
 175
 176         if (DIGITAL_DRV_CAPS_IN_CRC(ddev)) {
 177                 rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
 178                                 NFC_DIGITAL_FRAMING_NFCA_STANDARD_WITH_CRC_A);
 179                 if (rc)
 180                         goto exit;
 181         } else {
 182                 digital_skb_add_crc_a(skb);
 183         }
 184
 185         rc = digital_in_send_cmd(ddev, skb, 30, digital_in_recv_sel_res,
 186                                  target);
 187 exit:
 188         if (rc)
 189                 kfree_skb(skb);
 190
 191         return rc;
 192 }
 193
 194 static void digital_in_recv_sdd_res(struct nfc_digital_dev *ddev, void *arg,
 195                                     struct sk_buff *resp)
 196 {
 197         struct nfc_target *target = arg;
 198         struct digital_sdd_res *sdd_res;
 199         int rc;
 200         u8 offset, size;
 201         u8 i, bcc;
 202
 203         if (IS_ERR(resp)) {
 204                 rc = PTR_ERR(resp);
 205                 resp = NULL;
 206                 goto exit;
 207         }
 208
 209         if (resp->len < DIGITAL_SDD_RES_LEN) {
 210                 PROTOCOL_ERR("4.7.2.8");
 211                 rc = -EINVAL;
 212                 goto exit;
 213         }
 214
 215         sdd_res = (struct digital_sdd_res *)resp->data;
 216
 217         for (i = 0, bcc = 0; i < 4; i++)
 218                 bcc ^= sdd_res->nfcid1[i];
 219
 220         if (bcc != sdd_res->bcc) {
 221                 PROTOCOL_ERR("4.7.2.6");
 222                 rc = -EINVAL;
 223                 goto exit;
 224         }
 225
 226         if (sdd_res->nfcid1[0] == DIGITAL_SDD_RES_CT) {
 227                 offset = 1;
 228                 size = 3;
 229         } else {
 230                 offset = 0;
 231                 size = 4;
 232         }
 233
 234         memcpy(target->nfcid1 + target->nfcid1_len, sdd_res->nfcid1 + offset,
 235                size);
 236         target->nfcid1_len += size;
 237
 238         rc = digital_in_send_sel_req(ddev, target, sdd_res);
 239
 240 exit:
 241         dev_kfree_skb(resp);
 242
 243         if (rc) {
 244                 kfree(target);
 245                 digital_poll_next_tech(ddev);
 246         }
 247 }
 248
 249 static int digital_in_send_sdd_req(struct nfc_digital_dev *ddev,
 250                                    struct nfc_target *target)
 251 {
 252         int rc;
 253         struct sk_buff *skb;
 254         u8 sel_cmd;
 255
 256         rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
 257                                      NFC_DIGITAL_FRAMING_NFCA_STANDARD);
 258         if (rc)
 259                 return rc;
 260
 261         skb = digital_skb_alloc(ddev, 2);
 262         if (!skb)
 263                 return -ENOMEM;
 264
 265         if (target->nfcid1_len == 0)
 266                 sel_cmd = DIGITAL_CMD_SEL_REQ_CL1;
 267         else if (target->nfcid1_len == 3)
 268                 sel_cmd = DIGITAL_CMD_SEL_REQ_CL2;
 269         else
 270                 sel_cmd = DIGITAL_CMD_SEL_REQ_CL3;
 271
 272         *skb_put(skb, sizeof(u8)) = sel_cmd;
 273         *skb_put(skb, sizeof(u8)) = DIGITAL_SDD_REQ_SEL_PAR;
 274
 275         return digital_in_send_cmd(ddev, skb, 30, digital_in_recv_sdd_res,
 276                                    target);
 277 }
 278
 279 static void digital_in_recv_sens_res(struct nfc_digital_dev *ddev, void *arg,
 280                                      struct sk_buff *resp)
 281 {
 282         struct nfc_target *target = NULL;
 283         int rc;
 284
 285         if (IS_ERR(resp)) {
 286                 rc = PTR_ERR(resp);
 287                 resp = NULL;
 288                 goto exit;
 289         }
 290
 291         if (resp->len < sizeof(u16)) {
 292                 rc = -EIO;
 293                 goto exit;
 294         }
 295
 296         target = kzalloc(sizeof(struct nfc_target), GFP_KERNEL);
 297         if (!target) {
 298                 rc = -ENOMEM;
 299                 goto exit;
 300         }
 301
 302         target->sens_res = __le16_to_cpu(*(__le16 *)resp->data);
 303
 304         if (!DIGITAL_SENS_RES_IS_VALID(target->sens_res)) {
 305                 PROTOCOL_ERR("4.6.3.3");
 306                 rc = -EINVAL;
 307                 goto exit;
 308         }
 309
 310         if (DIGITAL_SENS_RES_IS_T1T(target->sens_res))
 311                 rc = digital_target_found(ddev, target, NFC_PROTO_JEWEL);
 312         else
 313                 rc = digital_in_send_sdd_req(ddev, target);
 314
 315 exit:
 316         dev_kfree_skb(resp);
 317
 318         if (rc) {
 319                 kfree(target);
 320                 digital_poll_next_tech(ddev);
 321         }
 322 }
 323
 324 int digital_in_send_sens_req(struct nfc_digital_dev *ddev, u8 rf_tech)
 325 {
 326         struct sk_buff *skb;
 327         int rc;
 328
 329         rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_RF_TECH,
 330                                      NFC_DIGITAL_RF_TECH_106A);
 331         if (rc)
 332                 return rc;
 333
 334         rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
 335                                      NFC_DIGITAL_FRAMING_NFCA_SHORT);
 336         if (rc)
 337                 return rc;
 338
 339         skb = digital_skb_alloc(ddev, 1);
 340         if (!skb)
 341                 return -ENOMEM;
 342
 343         *skb_put(skb, sizeof(u8)) = DIGITAL_CMD_SENS_REQ;
 344
 345         rc = digital_in_send_cmd(ddev, skb, 30, digital_in_recv_sens_res, NULL);
 346         if (rc)
 347                 kfree_skb(skb);
 348
 349         return rc;
 350 }
 351
 352 int digital_in_recv_mifare_res(struct sk_buff *resp)
 353 {
 354         /* Successful READ command response is 16 data bytes + 2 CRC bytes long.
 355          * Since the driver can't differentiate a ACK/NACK response from a valid
 356          * READ response, the CRC calculation must be handled at digital level
 357          * even if the driver supports it for this technology.
 358          */
 359         if (resp->len == DIGITAL_MIFARE_READ_RES_LEN + DIGITAL_CRC_LEN) {
 360                 if (digital_skb_check_crc_a(resp)) {
 361                         PROTOCOL_ERR("9.4.1.2");
 362                         return -EIO;
 363                 }
 364
 365                 return 0;
 366         }
 367
 368         /* ACK response (i.e. successful WRITE). */
 369         if (resp->len == 1 && resp->data[0] == DIGITAL_MIFARE_ACK_RES) {
 370                 resp->data[0] = 0;
 371                 return 0;
 372         }
 373
 374         /* NACK and any other responses are treated as error. */
 375         return -EIO;
 376 }
 377
 378 static void digital_in_recv_sensf_res(struct nfc_digital_dev *ddev, void *arg,
 379                                    struct sk_buff *resp)
 380 {
 381         int rc;
 382         u8 proto;
 383         struct nfc_target target;
 384         struct digital_sensf_res *sensf_res;
 385
 386         if (IS_ERR(resp)) {
 387                 rc = PTR_ERR(resp);
 388                 resp = NULL;
 389                 goto exit;
 390         }
 391
 392         if (resp->len < DIGITAL_SENSF_RES_MIN_LENGTH) {
 393                 rc = -EIO;
 394                 goto exit;
 395         }
 396
 397         if (!DIGITAL_DRV_CAPS_IN_CRC(ddev)) {
 398                 rc = digital_skb_check_crc_f(resp);
 399                 if (rc) {
 400                         PROTOCOL_ERR("6.4.1.8");
 401                         goto exit;
 402                 }
 403         }
 404
 405         skb_pull(resp, 1);
 406
 407         memset(&target, 0, sizeof(struct nfc_target));
 408
 409         sensf_res = (struct digital_sensf_res *)resp->data;
 410
 411         memcpy(target.sensf_res, sensf_res, resp->len);
 412         target.sensf_res_len = resp->len;
 413
 414         memcpy(target.nfcid2, sensf_res->nfcid2, NFC_NFCID2_MAXSIZE);
 415         target.nfcid2_len = NFC_NFCID2_MAXSIZE;
 416
 417         if (target.nfcid2[0] == DIGITAL_SENSF_NFCID2_NFC_DEP_B1 &&
 418             target.nfcid2[1] == DIGITAL_SENSF_NFCID2_NFC_DEP_B2)
 419                 proto = NFC_PROTO_NFC_DEP;
 420         else
 421                 proto = NFC_PROTO_FELICA;
 422
 423         rc = digital_target_found(ddev, &target, proto);
 424
 425 exit:
 426         dev_kfree_skb(resp);
 427
 428         if (rc)
 429                 digital_poll_next_tech(ddev);
 430 }
 431
 432 int digital_in_send_sensf_req(struct nfc_digital_dev *ddev, u8 rf_tech)
 433 {
 434         struct digital_sensf_req *sensf_req;
 435         struct sk_buff *skb;
 436         int rc;
 437         u8 size;
 438
 439         rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_RF_TECH, rf_tech);
 440         if (rc)
 441                 return rc;
 442
 443         rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
 444                                      NFC_DIGITAL_FRAMING_NFCF);
 445         if (rc)
 446                 return rc;
 447
 448         size = sizeof(struct digital_sensf_req);
 449
 450         skb = digital_skb_alloc(ddev, size);
 451         if (!skb)
 452                 return -ENOMEM;
 453
 454         skb_put(skb, size);
 455
 456         sensf_req = (struct digital_sensf_req *)skb->data;
 457         sensf_req->cmd = DIGITAL_CMD_SENSF_REQ;
 458         sensf_req->sc1 = 0xFF;
 459         sensf_req->sc2 = 0xFF;
 460         sensf_req->rc = 0;
 461         sensf_req->tsn = 0;
 462
 463         *skb_push(skb, 1) = size + 1;
 464
 465         if (!DIGITAL_DRV_CAPS_IN_CRC(ddev))
 466                 digital_skb_add_crc_f(skb);
 467
 468         rc = digital_in_send_cmd(ddev, skb, 30, digital_in_recv_sensf_res,
 469                                  NULL);
 470         if (rc)
 471                 kfree_skb(skb);
 472
 473         return rc;
 474 }
 475
 476 static int digital_tg_send_sel_res(struct nfc_digital_dev *ddev)
 477 {
 478         struct sk_buff *skb;
 479         int rc;
 480
 481         skb = digital_skb_alloc(ddev, 1);
 482         if (!skb)
 483                 return -ENOMEM;
 484
 485         *skb_put(skb, 1) = DIGITAL_SEL_RES_NFC_DEP;
 486
 487         if (!DIGITAL_DRV_CAPS_TG_CRC(ddev))
 488                 digital_skb_add_crc_a(skb);
 489
 490         rc = digital_tg_send_cmd(ddev, skb, 300, digital_tg_recv_atr_req,
 491                                  NULL);
 492         if (rc)
 493                 kfree_skb(skb);
 494
 495         return rc;
 496 }
 497
 498 static void digital_tg_recv_sel_req(struct nfc_digital_dev *ddev, void *arg,
 499                                     struct sk_buff *resp)
 500 {
 501         int rc;
 502
 503         if (IS_ERR(resp)) {
 504                 rc = PTR_ERR(resp);
 505                 resp = NULL;
 506                 goto exit;
 507         }
 508
 509         if (!DIGITAL_DRV_CAPS_TG_CRC(ddev)) {
 510                 rc = digital_skb_check_crc_a(resp);
 511                 if (rc) {
 512                         PROTOCOL_ERR("4.4.1.3");
 513                         goto exit;
 514                 }
 515         }
 516
 517         /* Silently ignore SEL_REQ content and send a SEL_RES for NFC-DEP */
 518
 519         rc = digital_tg_send_sel_res(ddev);
 520
 521 exit:
 522         if (rc)
 523                 digital_poll_next_tech(ddev);
 524
 525         dev_kfree_skb(resp);
 526 }
 527
 528 static int digital_tg_send_sdd_res(struct nfc_digital_dev *ddev)
 529 {
 530         struct sk_buff *skb;
 531         struct digital_sdd_res *sdd_res;
 532         int rc, i;
 533
 534         skb = digital_skb_alloc(ddev, sizeof(struct digital_sdd_res));
 535         if (!skb)
 536                 return -ENOMEM;
 537
 538         skb_put(skb, sizeof(struct digital_sdd_res));
 539         sdd_res = (struct digital_sdd_res *)skb->data;
 540
 541         sdd_res->nfcid1[0] = 0x08;
 542         get_random_bytes(sdd_res->nfcid1 + 1, 3);
 543
 544         sdd_res->bcc = 0;
 545         for (i = 0; i < 4; i++)
 546                 sdd_res->bcc ^= sdd_res->nfcid1[i];
 547
 548         rc = digital_tg_send_cmd(ddev, skb, 300, digital_tg_recv_sel_req,
 549                                  NULL);
 550         if (rc)
 551                 kfree_skb(skb);
 552
 553         return rc;
 554 }
 555
 556 static void digital_tg_recv_sdd_req(struct nfc_digital_dev *ddev, void *arg,
 557                                     struct sk_buff *resp)
 558 {
 559         u8 *sdd_req;
 560         int rc;
 561
 562         if (IS_ERR(resp)) {
 563                 rc = PTR_ERR(resp);
 564                 resp = NULL;
 565                 goto exit;
 566         }
 567
 568         sdd_req = resp->data;
 569
 570         if (resp->len < 2 || sdd_req[0] != DIGITAL_CMD_SEL_REQ_CL1 ||
 571             sdd_req[1] != DIGITAL_SDD_REQ_SEL_PAR) {
 572                 rc = -EINVAL;
 573                 goto exit;
 574         }
 575
 576         rc = digital_tg_send_sdd_res(ddev);
 577
 578 exit:
 579         if (rc)
 580                 digital_poll_next_tech(ddev);
 581
 582         dev_kfree_skb(resp);
 583 }
 584
 585 static int digital_tg_send_sens_res(struct nfc_digital_dev *ddev)
 586 {
 587         struct sk_buff *skb;
 588         u8 *sens_res;
 589         int rc;
 590
 591         skb = digital_skb_alloc(ddev, 2);
 592         if (!skb)
 593                 return -ENOMEM;
 594
 595         sens_res = skb_put(skb, 2);
 596
 597         sens_res[0] = (DIGITAL_SENS_RES_NFC_DEP >> 8) & 0xFF;
 598         sens_res[1] = DIGITAL_SENS_RES_NFC_DEP & 0xFF;
 599
 600         rc = digital_tg_send_cmd(ddev, skb, 300, digital_tg_recv_sdd_req,
 601                                  NULL);
 602         if (rc)
 603                 kfree_skb(skb);
 604
 605         return rc;
 606 }
 607
 608 void digital_tg_recv_sens_req(struct nfc_digital_dev *ddev, void *arg,
 609                               struct sk_buff *resp)
 610 {
 611         u8 sens_req;
 612         int rc;
 613
 614         if (IS_ERR(resp)) {
 615                 rc = PTR_ERR(resp);
 616                 resp = NULL;
 617                 goto exit;
 618         }
 619
 620         sens_req = resp->data[0];
 621
 622         if (!resp->len || (sens_req != DIGITAL_CMD_SENS_REQ &&
 623             sens_req != DIGITAL_CMD_ALL_REQ)) {
 624                 rc = -EINVAL;
 625                 goto exit;
 626         }
 627
 628         rc = digital_tg_send_sens_res(ddev);
 629
 630 exit:
 631         if (rc)
 632                 digital_poll_next_tech(ddev);
 633
 634         dev_kfree_skb(resp);
 635 }
 636
 637 static int digital_tg_send_sensf_res(struct nfc_digital_dev *ddev,
 638                               struct digital_sensf_req *sensf_req)
 639 {
 640         struct sk_buff *skb;
 641         u8 size;
 642         int rc;
 643         struct digital_sensf_res *sensf_res;
 644
 645         size = sizeof(struct digital_sensf_res);
 646
 647         if (sensf_req->rc != DIGITAL_SENSF_REQ_RC_NONE)
 648                 size -= sizeof(sensf_res->rd);
 649
 650         skb = digital_skb_alloc(ddev, size);
 651         if (!skb)
 652                 return -ENOMEM;
 653
 654         skb_put(skb, size);
 655
 656         sensf_res = (struct digital_sensf_res *)skb->data;
 657
 658         memset(sensf_res, 0, size);
 659
 660         sensf_res->cmd = DIGITAL_CMD_SENSF_RES;
 661         sensf_res->nfcid2[0] = DIGITAL_SENSF_NFCID2_NFC_DEP_B1;
 662         sensf_res->nfcid2[1] = DIGITAL_SENSF_NFCID2_NFC_DEP_B2;
 663         get_random_bytes(&sensf_res->nfcid2[2], 6);
 664
 665         switch (sensf_req->rc) {
 666         case DIGITAL_SENSF_REQ_RC_SC:
 667                 sensf_res->rd[0] = sensf_req->sc1;
 668                 sensf_res->rd[1] = sensf_req->sc2;
 669                 break;
 670         case DIGITAL_SENSF_REQ_RC_AP:
 671                 sensf_res->rd[0] = DIGITAL_SENSF_RES_RD_AP_B1;
 672                 sensf_res->rd[1] = DIGITAL_SENSF_RES_RD_AP_B2;
 673                 break;
 674         }
 675
 676         *skb_push(skb, sizeof(u8)) = size + 1;
 677
 678         if (!DIGITAL_DRV_CAPS_TG_CRC(ddev))
 679                 digital_skb_add_crc_f(skb);
 680
 681         rc = digital_tg_send_cmd(ddev, skb, 300,
 682                                  digital_tg_recv_atr_req, NULL);
 683         if (rc)
 684                 kfree_skb(skb);
 685
 686         return rc;
 687 }
 688
 689 void digital_tg_recv_sensf_req(struct nfc_digital_dev *ddev, void *arg,
 690                                struct sk_buff *resp)
 691 {
 692         struct digital_sensf_req *sensf_req;
 693         int rc;
 694
 695         if (IS_ERR(resp)) {
 696                 rc = PTR_ERR(resp);
 697                 resp = NULL;
 698                 goto exit;
 699         }
 700
 701         if (!DIGITAL_DRV_CAPS_TG_CRC(ddev)) {
 702                 rc = digital_skb_check_crc_f(resp);
 703                 if (rc) {
 704                         PROTOCOL_ERR("6.4.1.8");
 705                         goto exit;
 706                 }
 707         }
 708
 709         if (resp->len != sizeof(struct digital_sensf_req) + 1) {
 710                 rc = -EINVAL;
 711                 goto exit;
 712         }
 713
 714         skb_pull(resp, 1);
 715         sensf_req = (struct digital_sensf_req *)resp->data;
 716
 717         if (sensf_req->cmd != DIGITAL_CMD_SENSF_REQ) {
 718                 rc = -EINVAL;
 719                 goto exit;
 720         }
 721
 722         rc = digital_tg_send_sensf_res(ddev, sensf_req);
 723
 724 exit:
 725         if (rc)
 726                 digital_poll_next_tech(ddev);
 727
 728         dev_kfree_skb(resp);
 729 }
 730
 731 int digital_tg_listen_nfca(struct nfc_digital_dev *ddev, u8 rf_tech)
 732 {
 733         int rc;
 734
 735         rc = digital_tg_configure_hw(ddev, NFC_DIGITAL_CONFIG_RF_TECH, rf_tech);
 736         if (rc)
 737                 return rc;
 738
 739         rc = digital_tg_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
 740                                      NFC_DIGITAL_FRAMING_NFCA_NFC_DEP);
 741         if (rc)
 742                 return rc;
 743
 744         return digital_tg_listen(ddev, 300, digital_tg_recv_sens_req, NULL);
 745 }
 746
 747 int digital_tg_listen_nfcf(struct nfc_digital_dev *ddev, u8 rf_tech)
 748 {
 749         int rc;
 750         u8 *nfcid2;
 751
 752         rc = digital_tg_configure_hw(ddev, NFC_DIGITAL_CONFIG_RF_TECH, rf_tech);
 753         if (rc)
 754                 return rc;
 755
 756         rc = digital_tg_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
 757                                      NFC_DIGITAL_FRAMING_NFCF_NFC_DEP);
 758         if (rc)
 759                 return rc;
 760
 761         nfcid2 = kzalloc(NFC_NFCID2_MAXSIZE, GFP_KERNEL);
 762         if (!nfcid2)
 763                 return -ENOMEM;
 764
 765         nfcid2[0] = DIGITAL_SENSF_NFCID2_NFC_DEP_B1;
 766         nfcid2[1] = DIGITAL_SENSF_NFCID2_NFC_DEP_B2;
 767         get_random_bytes(nfcid2 + 2, NFC_NFCID2_MAXSIZE - 2);
 768
 769         return digital_tg_listen(ddev, 300, digital_tg_recv_sensf_req, nfcid2);
 770 }