nimble/host: add support for asynchronous authorization

SumeetSingh19 · piotrnarajowski · commit 3b12f5a09397 · 2025-03-24T16:32:33.000+01:00
This introduces handling authorization in nimble. Each operation on characteristic that has authorize flags will require authorization. Application can respond to GAP authorization event with accept, reject or pending response. The latter response should trigger user action to either accept or reject request and finish handling att request. This is done on top of PR #1668 by SumeetSingh19
diff --git a/apps/bleprph/src/main.c b/apps/bleprph/src/main.c
@@ -270,6 +270,14 @@ bleprph_gap_event(struct ble_gap_event *event, void *arg)
         phy_update(event->phy_updated.tx_phy);
         return 0;
 #endif
+
+    case BLE_GAP_EVENT_AUTHORIZE:
+        MODLOG_DFLT(INFO, "authorize event: conn_handle=%d attr_handle=%d is_read=%d",
+                    event->authorize.conn_handle,
+                    event->authorize.attr_handle,
+                    event->authorize.access_opcode);
+        /* Always reject for async authorization testing */
+        return BLE_GAP_AUTHORIZE_REJECT;
     }
 
     return 0;
diff --git a/nimble/host/include/host/ble_gap.h b/nimble/host/include/host/ble_gap.h
@@ -261,6 +261,9 @@ struct hci_conn_update;
 /** GAP event: BIG (Broadcast Isochronous Group) information report */
 #define BLE_GAP_EVENT_BIGINFO_REPORT        30
 
+/** GAP event: Authorization request for GATT operations */
+#define BLE_GAP_EVENT_AUTHORIZE             31
+
 /** @} */
 
 /**
@@ -295,6 +298,28 @@ struct hci_conn_update;
 
 /** @} */
 
+/**
+ * @defgroup GAP Authorize event possible responses.
+ * @{
+ */
+
+/** GAP Authorize event response: reject */
+#define BLE_GAP_AUTHORIZE_REJECT            0
+
+/** GAP Authorize event response: accept */
+#define BLE_GAP_AUTHORIZE_ACCEPT            1
+
+/** GAP Authorize event response: pending */
+#define BLE_GAP_AUTHORIZE_PENDING           2
+
+/** @} */
+
+///** GATT Access Opcodes operations */
+//enum acces_op {
+//    GATT_ACCESS_OP_READ_CHR = 0,
+//    GATT_ACCESS_OP_WRITE_CHR,
+//};
+
 /** Connection security state */
 struct ble_gap_sec_state {
     /** If connection is encrypted */
@@ -1308,6 +1333,29 @@ struct ble_gap_event {
             uint8_t length;
         } unhandled_hci;
 #endif
+
+        /**
+         * GATT Authorization Event. Ask the user to authorize a GATT
+         * read/write operation.
+         *
+         * Valid for the following event types:
+         * o BLE_GAP_EVENT_AUTHORIZE
+         *
+         * Valid responses from user:
+         * o BLE_GAP_AUTHORIZE_ACCEPT
+         * o BLE_GAP_AUTHORIZE_REJECT
+         * o BLE_GAP_AUTHORIZE_PENDING
+         */
+        struct {
+            /* Connection Handle */
+            uint16_t conn_handle;
+
+            /* Attribute handle of the attribute being accessed. */
+            uint16_t attr_handle;
+
+            /* ATT access opcode. */
+            uint8_t access_opcode;
+        } authorize;
     };
 };
 
diff --git a/nimble/host/include/host/ble_hs.h b/nimble/host/include/host/ble_hs.h
@@ -159,6 +159,9 @@ extern "C" {
 /** Operation stalled. */
 #define BLE_HS_ESTALLED             31
 
+/** Operation pending. */
+#define BLE_HS_EPENDING             32
+
 /** Error base for ATT errors */
 #define BLE_HS_ERR_ATT_BASE         0x100
 
diff --git a/nimble/host/src/ble_att_priv.h b/nimble/host/src/ble_att_priv.h
@@ -125,6 +125,18 @@ struct ble_att_svr_conn {
     ble_npl_time_t basc_prep_timeout_at;
 };
 
+struct pending_attr {
+    SLIST_ENTRY(pending_attr) next;
+    uint16_t conn_handle;
+    struct ble_att_svr_entry *entry;
+    uint16_t offset;
+    struct os_mbuf *om;
+    uint16_t opcode;
+};
+
+SLIST_HEAD(pending_attr_list_head, pending_attr);
+extern struct pending_attr_list_head pending_attr_list;
+
 /**
  * Handles a host attribute request.
  *
diff --git a/nimble/host/src/ble_att_svr.c b/nimble/host/src/ble_att_svr.c
@@ -81,6 +81,46 @@ ble_att_svr_entry_free(struct ble_att_svr_entry *entry)
     os_memblock_put(&ble_att_svr_entry_pool, entry);
 }
 
+struct pending_attr_list_head pending_attr_list =
+    SLIST_HEAD_INITIALIZER(pending_attr_list);
+
+static void pending_att_prepare(uint16_t conn_handle,
+                                struct ble_att_svr_entry *entry,
+                                uint16_t offset, struct os_mbuf *om,
+                                uint8_t access_opcode, uint8_t att_opcode)
+{
+    struct pending_attr *pending;
+    struct pending_attr *e;
+    struct pending_attr *last;
+
+    pending = malloc(sizeof(struct pending_attr));
+
+    memset(pending, 0, sizeof(*pending));
+
+    pending->conn_handle = conn_handle;
+    pending->entry = (struct ble_att_svr_entry *) entry;
+    pending->offset = offset;
+    pending->om = om;
+    pending->access_opcode = access_opcode;
+    pending->att_opcode = att_opcode;
+    ble_hs_lock();
+    if (SLIST_EMPTY(&pending_attr_list)) {
+        SLIST_INSERT_HEAD(&pending_attr_list, pending, next);
+    } else {
+        last = NULL;
+        /* find last and insert at tail */
+        SLIST_FOREACH(e, &pending_attr_list, next) {
+            if ((SLIST_NEXT(e, next) = NULL)) {
+                last = e;
+                SLIST_INSERT_AFTER(last, pending, next);
+            }
+        }
+    }
+    ble_hs_unlock();
+
+    return;
+}
+
 /**
  * Allocate the next handle id and return it.
  *
@@ -333,7 +373,19 @@ ble_att_svr_check_perms(uint16_t conn_handle, int is_read,
     }
 
     if (author) {
-        /* XXX: Prompt user for authorization. */
+        rc = ble_gap_authorize_event(conn_handle, entry->ha_handle_id,
+                                     is_read);
+        switch (rc) {
+        case BLE_GAP_AUTHORIZE_ACCEPT:
+            break;
+
+        case BLE_GAP_AUTHORIZE_REJECT:
+            *out_att_err = BLE_ATT_ERR_INSUFFICIENT_AUTHOR;
+            return BLE_HS_ATT_ERR(*out_att_err);
+
+        case BLE_GAP_AUTHORIZE_PENDING:
+            return BLE_HS_EPENDING;
+        }
     }
 
     return 0;
@@ -406,6 +458,11 @@ ble_att_svr_read(uint16_t conn_handle,
 
     if (conn_handle != BLE_HS_CONN_HANDLE_NONE) {
         rc = ble_att_svr_check_perms(conn_handle, 1, entry, &att_err);
+        if (rc == BLE_HS_EPENDING) {
+            pending_att_prepare(conn_handle, entry, offset, om,
+                                BLE_ATT_ACCESS_OP_READ, BLE_ATT_OP_READ_REQ);
+            return rc;
+        }
         if (rc != 0) {
             goto err;
         }
@@ -532,6 +589,11 @@ ble_att_svr_write(uint16_t conn_handle, struct ble_att_svr_entry *entry,
 
     if (conn_handle != BLE_HS_CONN_HANDLE_NONE) {
         rc = ble_att_svr_check_perms(conn_handle, 0, entry, &att_err);
+        if (rc == BLE_HS_EPENDING) {
+            pending_att_prepare(conn_handle, entry, offset, *om,
+                                BLE_ATT_ACCESS_OP_WRITE, BLE_ATT_OP_WRITE_REQ);
+            return rc;
+        }
         if (rc != 0) {
             goto done;
         }
@@ -621,7 +683,7 @@ ble_att_svr_tx_error_rsp(uint16_t conn_handle, uint16_t cid, struct os_mbuf *txo
  *                                  of the error message's attribute handle
  *                                  field.
  */
-static int
+int
 ble_att_svr_tx_rsp(uint16_t conn_handle, uint16_t cid, int hs_status, struct os_mbuf *om,
                    uint8_t att_op, uint8_t err_status, uint16_t err_handle)
 {
@@ -1502,6 +1564,9 @@ ble_att_svr_rx_read(uint16_t conn_handle, uint16_t cid, struct os_mbuf **rxom)
     }
 
     rc = ble_att_svr_read_handle(conn_handle, err_handle, 0, txom, &att_err);
+    if (rc == BLE_HS_EPENDING) {
+        return rc;
+    }
     if (rc != 0) {
         goto done;
     }
@@ -1553,6 +1618,9 @@ ble_att_svr_rx_read_blob(uint16_t conn_handle, uint16_t cid, struct os_mbuf **rx
 
     rc = ble_att_svr_read_handle(conn_handle, err_handle, offset,
                                  txom, &att_err);
+    if (rc == BLE_HS_EPENDING) {
+        return rc;
+    }
     if (rc != 0) {
         goto done;
     }
@@ -2068,7 +2136,7 @@ ble_att_svr_rx_read_group_type(uint16_t conn_handle, uint16_t cid, struct os_mbu
     return rc;
 }
 
-static int
+int
 ble_att_svr_build_write_rsp(struct os_mbuf **rxom, struct os_mbuf **out_txom,
                             uint8_t *att_err)
 {
@@ -2135,6 +2203,9 @@ ble_att_svr_rx_write(uint16_t conn_handle, uint16_t cid, struct os_mbuf **rxom)
     os_mbuf_adj(*rxom, sizeof(*req));
 
     rc = ble_att_svr_write_handle(conn_handle, handle, 0, rxom, &att_err);
+    if (rc == BLE_HS_EPENDING) {
+        return rc;
+    }
     if (rc != 0) {
         goto done;
     }
@@ -2481,6 +2552,11 @@ ble_att_svr_rx_prep_write(uint16_t conn_handle, uint16_t cid, struct os_mbuf **r
 
     /* <1>, <2>, <4>, <6> */
     rc = ble_att_svr_check_perms(conn_handle, 0, attr_entry, &att_err);
+    if (rc == BLE_HS_EPENDING) {
+        pending_att_prepare(conn_handle, attr_entry, 0, txom,
+                            0, BLE_ATT_OP_PREP_WRITE_REQ);
+        return rc;
+    }
     if (rc != 0) {
         goto done;
     }
@@ -2942,6 +3018,7 @@ ble_att_svr_init(void)
 
     STAILQ_INIT(&ble_att_svr_list);
     STAILQ_INIT(&ble_att_svr_hidden_list);
+    SLIST_INIT(&pending_attr_list);
 
     ble_att_svr_id = 0;
 
diff --git a/nimble/host/src/ble_gap.c b/nimble/host/src/ble_gap.c
@@ -6864,6 +6864,29 @@ ble_gap_unhandled_hci_event(bool is_le_meta, bool is_vs, const void *buf,
 }
 #endif
 
+int
+ble_gap_authorize_event(uint16_t conn_handle, uint16_t attr_handle,
+                        int is_read)
+{
+#if MYNEWT_VAL(BLE_ROLE_PERIPHERAL)
+    struct ble_gap_event event;
+    uint8_t op;
+    int rc;
+
+    op = is_read ? BLE_ATT_ACCESS_OP_READ : BLE_ATT_ACCESS_OP_WRITE;
+
+    memset(&event, 0, sizeof event);
+    event.type = BLE_GAP_EVENT_AUTHORIZE;
+    event.authorize.conn_handle = conn_handle;
+    event.authorize.attr_handle = attr_handle;
+    event.authorize.access_opcode = op;
+
+    rc = ble_gap_call_conn_event_cb(&event, conn_handle);
+    return rc;
+#endif
+    return BLE_GAP_AUTHORIZE_REJECT;
+}
+
 /*****************************************************************************
  * $preempt                                                                  *
  *****************************************************************************/
diff --git a/nimble/host/src/ble_gap_priv.h b/nimble/host/src/ble_gap_priv.h
@@ -144,6 +144,7 @@ void ble_gap_pairing_complete_event(uint16_t conn_handle, int status);
 void ble_gap_unhandled_hci_event(bool is_le_meta, bool is_vs, const void *buf,
                                  uint8_t len);
 int ble_gap_master_in_progress(void);
+int ble_gap_authorize_event(uint16_t conn_handle, uint16_t attr_handle, int is_read);
 
 void ble_gap_preempt(void);
 void ble_gap_preempt_done(void);
