apps: btshell: add support for authorization

piotrnarajowski · piotrnarajowski · commit 129408da4a40 · 2025-04-08T15:49:14.000+02:00
For authorization testing purposes two characteristics with
authorize flags and authorize shell command are added.
diff --git a/apps/btshell/src/btshell.h b/apps/btshell/src/btshell.h
@@ -97,6 +97,23 @@ struct btshell_scan_opts {
 extern struct btshell_conn btshell_conns[MYNEWT_VAL(BLE_MAX_CONNECTIONS)];
 extern int btshell_num_conns;
 
+/* BLE_GATT_READ_MAX_ATTRS * (1 ATT + 1 EATT chan) */
+#define PENDING_ATTR_MAX MYNEWT_VAL(BLE_GATT_READ_MAX_ATTRS) * 2
+
+struct auth_attr {
+    uint16_t conn_handle;
+    uint16_t attr_handle;
+};
+
+extern struct auth_attr authorized_attrs[PENDING_ATTR_MAX];
+
+struct pend_attr {
+    uint16_t attr_handle;
+    uint16_t cid;
+};
+
+extern struct pend_attr pending_attr;
+
 int btshell_exchange_mtu(uint16_t conn_handle);
 int btshell_disc_svcs(uint16_t conn_handle);
 int btshell_disc_svc_by_uuid(uint16_t conn_handle, const ble_uuid_t *uuid);
diff --git a/apps/btshell/src/cmd.c b/apps/btshell/src/cmd.c
@@ -176,6 +176,72 @@ cmd_parse_addr(const char *prefix, ble_addr_t *addr)
     return parse_dev_addr(prefix, cmd_addr_type, addr);
 }
 
+static int
+pending_operation_authorize(int argc, char **argv)
+{
+    uint16_t conn_handle;
+    uint16_t attr_handle;
+    bool auth;
+    int rc;
+
+    rc = parse_arg_init(argc - 1, argv + 1);
+    if (rc != 0) {
+        return rc;
+    }
+
+    conn_handle = parse_arg_uint16("conn", &rc);
+    if (rc != 0) {
+        console_printf("invalid 'conn' parameter\n");
+        return rc;
+    }
+
+    attr_handle = parse_arg_uint16("attr", &rc);
+    if (rc != 0) {
+        console_printf("invalid 'attr' parameter\n");
+        return rc;
+    }
+
+    auth = parse_arg_bool_dflt("auth", 1, &rc);
+    if (rc != 0) {
+        console_printf("invalid 'auth' parameter\n");
+        return rc;
+    }
+
+    if (auth) {
+        for (int i = 0; i < PENDING_ATTR_MAX; i++) {
+            if (authorized_attrs[i].conn_handle == 0 &&
+            authorized_attrs[i].attr_handle == 0) {
+                authorized_attrs[i].conn_handle = conn_handle;
+                authorized_attrs[i].attr_handle = attr_handle;
+                break;
+            }
+        }
+        attr_handle = 0;
+    } else {
+        attr_handle = pending_attr.attr_handle;
+    }
+
+    ble_gatts_pending_req_auth(conn_handle, attr_handle, pending_attr.cid);
+
+    return 0;
+}
+
+#if MYNEWT_VAL(SHELL_CMD_HELP)
+static const struct shell_param authorize_params[] = {
+    {"conn", "connection handle parameter, usage: =<UINT16>"},
+    {"attr", "attribute hndle parameter to authorize, usage: =<UINT16>"},
+    {"attr", "attribute handles parameter to authorize, usage: =<UINT16>"},
+    {"auth", "whether to authorize access, usage: =[0-1], default=1"},
+    {NULL, NULL}
+};
+
+static const struct shell_cmd_help authorize_help = {
+    .summary = "authorize command",
+    .usage = NULL,
+    .params = authorize_params,
+};
+#endif
+
 /*****************************************************************************
  * $advertise                                                                *
  *****************************************************************************/
@@ -4374,6 +4440,11 @@ static const struct shell_cmd_help leaudio_broadcast_stop_help = {
 #endif /* BLE_AUDIO && BLE_ISO_BROADCAST_SOURCE */
 
 static const struct shell_cmd btshell_commands[] = {
+    {
+        .sc_cmd = "authorize",
+        .sc_cmd_func = pending_operation_authorize,
+        .help = &authorize_help,
+    },
 #if MYNEWT_VAL(BLE_EXT_ADV)
     {
         .sc_cmd = "advertise-configure",
diff --git a/apps/btshell/src/gatt_svr.c b/apps/btshell/src/gatt_svr.c
@@ -46,6 +46,7 @@
 #define  PTS_DSC_READ_WRITE              0x000b
 #define  PTS_DSC_READ_WRITE_ENC          0x000c
 #define  PTS_DSC_READ_WRITE_AUTHEN       0x000d
+#define  PTS_CHR_READ_WRITE_AUTHOR       0x000e
 
 #define  PTS_LONG_SVC                    0x0011
 #define  PTS_LONG_CHR_READ               0x0012
@@ -60,6 +61,7 @@
 #define  PTS_LONG_DSC_READ_WRITE         0x001b
 #define  PTS_LONG_DSC_READ_WRITE_ENC     0x001c
 #define  PTS_LONG_DSC_READ_WRITE_AUTHEN  0x001d
+#define  PTS_LONG_CHR_READ_WRITE_AUTHOR  0x0020
 
 #define  PTS_INC_SVC                     0x001e
 #define  PTS_CHR_READ_WRITE_ALT          0x001f
@@ -178,8 +180,14 @@ static const struct ble_gatt_svc_def gatt_svr_svcs[] = {
                         0, /* No more descriptors in this characteristic. */
                     } }
             }, {
-                0, /* No more characteristics in this service. */
-            } },
+                .uuid = PTS_UUID_DECLARE(PTS_CHR_READ_WRITE_AUTHOR),
+                .access_cb = gatt_svr_access_test,
+                .flags = BLE_GATT_CHR_F_READ_AUTHOR | BLE_GATT_CHR_F_READ |
+                         BLE_GATT_CHR_F_WRITE_AUTHOR | BLE_GATT_CHR_F_WRITE
+            }, {
+                0,  /* No more characteristics in this service. */
+            }
+        },
     },
 
     {
@@ -206,6 +214,11 @@ static const struct ble_gatt_svc_def gatt_svr_svcs[] = {
                 .uuid = PTS_UUID_DECLARE(PTS_LONG_CHR_READ_WRITE_ALT),
                 .access_cb = gatt_svr_long_access_test,
                 .flags = BLE_GATT_CHR_F_READ | BLE_GATT_CHR_F_WRITE,
+            },{
+                .uuid = PTS_UUID_DECLARE(PTS_LONG_CHR_READ_WRITE_AUTHOR),
+                .access_cb = gatt_svr_long_access_test,
+                .flags = BLE_GATT_CHR_F_READ_AUTHOR | BLE_GATT_CHR_F_READ |
+                         BLE_GATT_CHR_F_WRITE_AUTHOR | BLE_GATT_CHR_F_WRITE
             }, {
                 .uuid = PTS_UUID_DECLARE(PTS_LONG_CHR_READ_WRITE_ENC),
                 .access_cb = gatt_svr_long_access_test,
@@ -427,6 +440,7 @@ gatt_svr_access_test(uint16_t conn_handle, uint16_t attr_handle,
     case PTS_CHR_READ_WRITE_ENC:
     case PTS_CHR_READ_WRITE_AUTHEN:
     case PTS_CHR_READ_WRITE_ALT:
+    case PTS_CHR_READ_WRITE_AUTHOR:
         if (ctxt->op == BLE_GATT_ACCESS_OP_WRITE_CHR) {
             rc = gatt_svr_chr_write(ctxt->om,0,
                                     sizeof gatt_svr_pts_static_val,
@@ -467,6 +481,7 @@ gatt_svr_access_test(uint16_t conn_handle, uint16_t attr_handle,
         }
         assert(0);
         break;
+
     default:
         assert(0);
         break;
@@ -531,6 +546,7 @@ gatt_svr_long_access_test(uint16_t conn_handle, uint16_t attr_handle,
 
     case PTS_LONG_CHR_READ_WRITE_ENC:
     case PTS_LONG_CHR_READ_WRITE_AUTHEN:
+    case PTS_LONG_CHR_READ_WRITE_AUTHOR:
         if (ctxt->op == BLE_GATT_ACCESS_OP_WRITE_CHR) {
             rc = gatt_svr_chr_write(ctxt->om,0,
                                     sizeof gatt_svr_pts_static_long_val,
diff --git a/apps/btshell/src/main.c b/apps/btshell/src/main.c
@@ -135,6 +135,8 @@ int btshell_full_disc_prev_chr_val;
 
 struct ble_sm_sc_oob_data oob_data_local;
 struct ble_sm_sc_oob_data oob_data_remote;
+struct auth_attr authorized_attrs[PENDING_ATTR_MAX];
+struct pend_attr pending_attr;
 
 #if MYNEWT_VAL(BLE_AUDIO) && MYNEWT_VAL(BLE_ISO_BROADCAST_SOURCE)
 static struct {struct ble_audio_base *base; uint8_t adv_instance;}
@@ -1292,6 +1294,7 @@ btshell_gap_event(struct ble_gap_event *event, void *arg)
     struct ble_gap_conn_desc desc;
     int conn_idx;
     int rc;
+    int i;
 #if MYNEWT_VAL(BLE_PERIODIC_ADV)
     struct psync *psync;
 #endif
@@ -1318,6 +1321,7 @@ btshell_gap_event(struct ble_gap_event *event, void *arg)
         if (conn_idx != -1) {
             btshell_conn_delete_idx(conn_idx);
         }
+        memset(&authorized_attrs, 0, sizeof(authorized_attrs));
 
         return btshell_restart_adv(event);
 #if MYNEWT_VAL(BLE_EXT_ADV)
@@ -1555,6 +1559,25 @@ btshell_gap_event(struct ble_gap_event *event, void *arg)
         return 0;
 #endif
 #endif
+    case BLE_GAP_EVENT_AUTHORIZE:
+        for (i = 0; i < PENDING_ATTR_MAX; i++) {
+            if (authorized_attrs[i].conn_handle ==
+            event->authorize.conn_handle && authorized_attrs[i].attr_handle ==
+            event->authorize.attr_handle) {
+                console_printf("Access to attribute %d already authorized\n",
+                               event->authorize.attr_handle);
+                return BLE_GAP_AUTHORIZE_ACCEPT;
+            }
+        }
+        console_printf("Authorize access to attribute: conn_handle=%d,"
+                       "access_opcode=%d, cid=%d, attr=%d\n",
+                       event->authorize.conn_handle,
+                       event->authorize.access_opcode,
+                       event->authorize.cid,
+                       event->authorize.attr_handle);
+        pending_attr.cid = event->authorize.cid;
+        pending_attr.attr_handle = event->authorize.attr_handle;
+        return BLE_GAP_AUTHORIZE_PENDING;
     default:
         return 0;
     }
