nimble/host: add support for asynchronous authorization

apps/bleprph/src/main.c

@@ -270,6 +270,14 @@ bleprph_gap_event(struct ble_gap_event *event, void *arg)
         phy_update(event->phy_updated.tx_phy);
         return 0;
 #endif
+
+    case BLE_GAP_EVENT_AUTHORIZE:
+        MODLOG_DFLT(INFO, "authorize event: conn_handle=%d attr_handle=,"
+                          " is_read=%d\n",
+                    event->authorize.conn_handle,
+                    event->authorize.attr_handle,
+                    event->authorize.access_opcode);
+        return BLE_GAP_AUTHORIZE_REJECT;
     }
 
     return 0;

apps/btshell/src/btshell.h

@@ -97,6 +97,23 @@ struct btshell_scan_opts {
 extern struct btshell_conn btshell_conns[MYNEWT_VAL(BLE_MAX_CONNECTIONS)];
 extern int btshell_num_conns;
 
+/* BLE_GATT_READ_MAX_ATTRS * (1 ATT + 1 EATT chan) */
+#define PENDING_ATTR_MAX MYNEWT_VAL(BLE_GATT_READ_MAX_ATTRS) * 2
+
+struct auth_attr {
+    uint16_t conn_handle;
+    uint16_t attr_handle;
+};
+
+extern struct auth_attr authorized_attrs[PENDING_ATTR_MAX];
+
+struct pend_attr {
+    uint16_t attr_handle;
+    uint16_t cid;
+};
+
+extern struct pend_attr pending_attr;
+
 int btshell_exchange_mtu(uint16_t conn_handle);
 int btshell_disc_svcs(uint16_t conn_handle);
 int btshell_disc_svc_by_uuid(uint16_t conn_handle, const ble_uuid_t *uuid);

apps/btshell/src/cmd.c

@@ -176,6 +176,71 @@ cmd_parse_addr(const char *prefix, ble_addr_t *addr)
     return parse_dev_addr(prefix, cmd_addr_type, addr);
 }
 
+static int
+pending_operation_authorize(int argc, char **argv)
+{
+    uint16_t conn_handle;
+    uint16_t attr_handle;
+    bool auth;
+    int rc;
+
+    rc = parse_arg_init(argc - 1, argv + 1);
+    if (rc != 0) {
+        return rc;
+    }
+
+    conn_handle = parse_arg_uint16("conn", &rc);
+    if (rc != 0) {
+        console_printf("invalid 'conn' parameter\n");
+        return rc;
+    }
+
+    attr_handle = parse_arg_uint16("attr", &rc);
+    if (rc != 0) {
+        console_printf("invalid 'attr' parameter\n");
+        return rc;
+    }
+
+    auth = parse_arg_bool_dflt("auth", 1, &rc);
+    if (rc != 0) {
+        console_printf("invalid 'auth' parameter\n");
+        return rc;
+    }
+
+    if (auth) {
+        for (int i = 0; i < PENDING_ATTR_MAX; i++) {
+            if (authorized_attrs[i].conn_handle == 0 &&
+            authorized_attrs[i].attr_handle == 0) {
+                authorized_attrs[i].conn_handle = conn_handle;
+                authorized_attrs[i].attr_handle = attr_handle;
+                break;
+            }
+        }
+        attr_handle = 0;
+    } else {
+        attr_handle = pending_attr.attr_handle;
+    }
+
+    ble_gatts_pending_req_auth(conn_handle, attr_handle, pending_attr.cid);
+
+    return 0;
+}
+
+#if MYNEWT_VAL(SHELL_CMD_HELP)
+static const struct shell_param authorize_params[] = {
+    {"conn", "connection handle parameter, usage: =<UINT16>"},
+    {"attr", "attribute handle parameter to authorize, usage: =<UINT16>"},
+    {"auth", "whether to authorize access, usage: =[0-1], default=1"},
+    {NULL, NULL}
+};
+
+static const struct shell_cmd_help authorize_help = {
+    .summary = "authorize command",
+    .usage = NULL,
+    .params = authorize_params,
+};
+#endif
+
 /*****************************************************************************
  * $advertise                                                                *
  *****************************************************************************/
@@ -4374,6 +4439,11 @@ static const struct shell_cmd_help leaudio_broadcast_stop_help = {
 #endif /* BLE_AUDIO && BLE_ISO_BROADCAST_SOURCE */
 
 static const struct shell_cmd btshell_commands[] = {
+    {
+        .sc_cmd = "authorize",
+        .sc_cmd_func = pending_operation_authorize,
+        .help = &authorize_help,
+    },
 #if MYNEWT_VAL(BLE_EXT_ADV)
     {
         .sc_cmd = "advertise-configure",

apps/btshell/src/gatt_svr.c

@@ -46,6 +46,7 @@
 #define  PTS_DSC_READ_WRITE              0x000b
 #define  PTS_DSC_READ_WRITE_ENC          0x000c
 #define  PTS_DSC_READ_WRITE_AUTHEN       0x000d
+#define  PTS_CHR_READ_WRITE_AUTHOR       0x000e
 
 #define  PTS_LONG_SVC                    0x0011
 #define  PTS_LONG_CHR_READ               0x0012
@@ -60,6 +61,7 @@
 #define  PTS_LONG_DSC_READ_WRITE         0x001b
 #define  PTS_LONG_DSC_READ_WRITE_ENC     0x001c
 #define  PTS_LONG_DSC_READ_WRITE_AUTHEN  0x001d
+#define  PTS_LONG_CHR_READ_WRITE_AUTHOR  0x0020
 
 #define  PTS_INC_SVC                     0x001e
 #define  PTS_CHR_READ_WRITE_ALT          0x001f
@@ -178,8 +180,14 @@ static const struct ble_gatt_svc_def gatt_svr_svcs[] = {
                         0, /* No more descriptors in this characteristic. */
                     } }
             }, {
-                0, /* No more characteristics in this service. */
-            } },
+                .uuid = PTS_UUID_DECLARE(PTS_CHR_READ_WRITE_AUTHOR),
+                .access_cb = gatt_svr_access_test,
+                .flags = BLE_GATT_CHR_F_READ_AUTHOR | BLE_GATT_CHR_F_READ |
+                         BLE_GATT_CHR_F_WRITE_AUTHOR | BLE_GATT_CHR_F_WRITE
+            }, {
+                0,  /* No more characteristics in this service. */
+            }
+        },
     },
 
     {
@@ -206,6 +214,11 @@ static const struct ble_gatt_svc_def gatt_svr_svcs[] = {
                 .uuid = PTS_UUID_DECLARE(PTS_LONG_CHR_READ_WRITE_ALT),
                 .access_cb = gatt_svr_long_access_test,
                 .flags = BLE_GATT_CHR_F_READ | BLE_GATT_CHR_F_WRITE,
+            },{
+                .uuid = PTS_UUID_DECLARE(PTS_LONG_CHR_READ_WRITE_AUTHOR),
+                .access_cb = gatt_svr_long_access_test,
+                .flags = BLE_GATT_CHR_F_READ_AUTHOR | BLE_GATT_CHR_F_READ |
+                         BLE_GATT_CHR_F_WRITE_AUTHOR | BLE_GATT_CHR_F_WRITE
             }, {
                 .uuid = PTS_UUID_DECLARE(PTS_LONG_CHR_READ_WRITE_ENC),
                 .access_cb = gatt_svr_long_access_test,
@@ -427,6 +440,7 @@ gatt_svr_access_test(uint16_t conn_handle, uint16_t attr_handle,
     case PTS_CHR_READ_WRITE_ENC:
     case PTS_CHR_READ_WRITE_AUTHEN:
     case PTS_CHR_READ_WRITE_ALT:
+    case PTS_CHR_READ_WRITE_AUTHOR:
         if (ctxt->op == BLE_GATT_ACCESS_OP_WRITE_CHR) {
             rc = gatt_svr_chr_write(ctxt->om,0,
                                     sizeof gatt_svr_pts_static_val,
@@ -531,6 +545,7 @@ gatt_svr_long_access_test(uint16_t conn_handle, uint16_t attr_handle,
 
     case PTS_LONG_CHR_READ_WRITE_ENC:
     case PTS_LONG_CHR_READ_WRITE_AUTHEN:
+    case PTS_LONG_CHR_READ_WRITE_AUTHOR:
         if (ctxt->op == BLE_GATT_ACCESS_OP_WRITE_CHR) {
             rc = gatt_svr_chr_write(ctxt->om,0,
                                     sizeof gatt_svr_pts_static_long_val,

apps/btshell/src/main.c

@@ -135,6 +135,8 @@ int btshell_full_disc_prev_chr_val;
 
 struct ble_sm_sc_oob_data oob_data_local;
 struct ble_sm_sc_oob_data oob_data_remote;
+struct auth_attr authorized_attrs[PENDING_ATTR_MAX];
+struct pend_attr pending_attr;
 
 #if MYNEWT_VAL(BLE_AUDIO) && MYNEWT_VAL(BLE_ISO_BROADCAST_SOURCE)
 static struct {struct ble_audio_base *base; uint8_t adv_instance;}
@@ -1292,6 +1294,7 @@ btshell_gap_event(struct ble_gap_event *event, void *arg)
     struct ble_gap_conn_desc desc;
     int conn_idx;
     int rc;
+    int i;
 #if MYNEWT_VAL(BLE_PERIODIC_ADV)
     struct psync *psync;
 #endif
@@ -1318,6 +1321,7 @@ btshell_gap_event(struct ble_gap_event *event, void *arg)
         if (conn_idx != -1) {
             btshell_conn_delete_idx(conn_idx);
         }
+        memset(&authorized_attrs, 0, sizeof(authorized_attrs));
 
         return btshell_restart_adv(event);
 #if MYNEWT_VAL(BLE_EXT_ADV)
@@ -1555,6 +1559,25 @@ btshell_gap_event(struct ble_gap_event *event, void *arg)
         return 0;
 #endif
 #endif
+    case BLE_GAP_EVENT_AUTHORIZE:
+        for (i = 0; i < PENDING_ATTR_MAX; i++) {
+            if (authorized_attrs[i].conn_handle ==
+            event->authorize.conn_handle && authorized_attrs[i].attr_handle ==
+            event->authorize.attr_handle) {
+                console_printf("Access to attribute %d already authorized\n",
+                               event->authorize.attr_handle);
+                return BLE_GAP_AUTHORIZE_ACCEPT;
+            }
+        }
+        console_printf("Authorize access to attribute: conn_handle=%d,"
+                       "access_opcode=%d, cid=%d, attr=%d\n",
+                       event->authorize.conn_handle,
+                       event->authorize.access_opcode,
+                       event->authorize.cid,
+                       event->authorize.attr_handle);
+        pending_attr.cid = event->authorize.cid;
+        pending_attr.attr_handle = event->authorize.attr_handle;
+        return BLE_GAP_AUTHORIZE_PENDING;
     default:
         return 0;
     }

apps/bttester/src/btp_gap.c

@@ -1594,6 +1594,10 @@ gap_event_cb(struct ble_gap_event *event, void *arg)
         periodic_transfer_received(event);
         break;
 #endif
+    case BLE_GAP_EVENT_AUTHORIZE:
+        console_printf("Authorize event: conn_handle=%d",
+                       event->authorize.conn_handle);
+        return BLE_GAP_AUTHORIZE_REJECT;
     default:
         break;
     }

nimble/host/include/host/ble_gap.h

@@ -261,6 +261,9 @@ struct hci_conn_update;
 /** GAP event: BIG (Broadcast Isochronous Group) information report */
 #define BLE_GAP_EVENT_BIGINFO_REPORT        30
 
+/** GAP event: Authorization request for GATT operations */
+#define BLE_GAP_EVENT_AUTHORIZE             31
+
 /** @} */
 
 /**
@@ -295,6 +298,22 @@ struct hci_conn_update;
 
 /** @} */
 
+/**
+ * @defgroup GAP Authorize event possible responses.
+ * @{
+ */
+
+/** GAP Authorize event response: reject */
+#define BLE_GAP_AUTHORIZE_REJECT            0
+
+/** GAP Authorize event response: accept */
+#define BLE_GAP_AUTHORIZE_ACCEPT            1
+
+/** GAP Authorize event response: pending */
+#define BLE_GAP_AUTHORIZE_PENDING           2
+
+/** @} */
+
 /** Connection security state */
 struct ble_gap_sec_state {
     /** If connection is encrypted */
@@ -1308,6 +1327,32 @@ struct ble_gap_event {
             uint8_t length;
         } unhandled_hci;
 #endif
+
+        /**
+         * GATT Authorization Event. Ask the user to authorize a GATT
+         * read/write operation.
+         *
+         * Valid for the following event types:
+         * o BLE_GAP_EVENT_AUTHORIZE
+         *
+         * Valid responses from user:
+         * o BLE_GAP_AUTHORIZE_ACCEPT
+         * o BLE_GAP_AUTHORIZE_REJECT
+         * o BLE_GAP_AUTHORIZE_PENDING
+         */
+        struct {
+            /* Connection Handle */
+            uint16_t conn_handle;
+
+            /* Attribute handle of the attribute being accessed. */
+            uint16_t attr_handle;
+
+            /* ATT access opcode. */
+            uint8_t access_opcode;
+
+            /* Channel ID on which request has been received */
+            uint16_t cid;
+        } authorize;
     };
 };
 

nimble/host/include/host/ble_gatt.h

@@ -1214,6 +1214,23 @@ int ble_gatts_start(void);
  */
 int ble_gatts_peer_cl_sup_feat_get(uint16_t conn_handle, uint8_t *out_supported_feat, uint8_t len);
 
+/**
+ * Prepares and sends a response for pending ATT request.
+ *
+ * @param conn_handle           The connection over which to authorize a
+ *                                  pending ATT procedure
+ * @param attr_handle           The Handle of characteristic to perform att
+ *                                  procedure on.
+ * @param cid                   L2CAP channel ID on which request has been
+ *                                  received
+ *
+ * @return                      0 on success;
+ *                              BLE_HS_EAUTHOR if no matching attribute is
+ *                              found on pending_attr_list.
+ */
+int ble_gatts_pending_req_auth(uint16_t conn_handle, uint16_t attr_handle,
+                               uint16_t cid);
+
 #ifdef __cplusplus
 }
 #endif

nimble/host/include/host/ble_hs.h

@@ -159,6 +159,9 @@ extern "C" {
 /** Operation stalled. */
 #define BLE_HS_ESTALLED             31
 
+/** Operation pending. */
+#define BLE_HS_EPENDING             32
+
 /** Error base for ATT errors */
 #define BLE_HS_ERR_ATT_BASE         0x100