From b787cc088d874568a94fe168bfa30a7cc340a4d0 Mon Sep 17 00:00:00 2001
From: Fabio Baltieri <fabiobaltieri@google.com>
Date: Mon, 23 Jan 2023 19:18:10 +0000
Subject: [PATCH] samples: bt: hids: add a non authenticated mode to the sample

The HIDs sample is currently setup with a passkey callback and requires
authenticated write and read access.

Add a sample option to disable the passkey callbacks, and automatically
set the GATT attributes as encryption required. This is a useful sample
setup as real world HID devices (mice, keyboards...) usually don't have
a passkey mechanism, and removing the callback to reproduce that setup
while not changing the GATT permission leads to automatic disconnections
for encryption failures that can be fairly hard to troubleshoot.

Signed-off-by: Fabio Baltieri <fabiobaltieri@google.com>
---
 samples/bluetooth/peripheral_hids/Kconfig     | 13 +++++++++++++
 samples/bluetooth/peripheral_hids/README.rst  |  5 +++++
 samples/bluetooth/peripheral_hids/sample.yaml |  8 ++++++++
 samples/bluetooth/peripheral_hids/src/hog.c   | 14 ++++++++++++--
 samples/bluetooth/peripheral_hids/src/main.c  |  5 ++++-
 5 files changed, 42 insertions(+), 3 deletions(-)
 create mode 100644 samples/bluetooth/peripheral_hids/Kconfig

diff --git a/samples/bluetooth/peripheral_hids/Kconfig b/samples/bluetooth/peripheral_hids/Kconfig
new file mode 100644
index 00000000000..efea45cdead
--- /dev/null
+++ b/samples/bluetooth/peripheral_hids/Kconfig
@@ -0,0 +1,13 @@
+# Copyright 2023 Google LLC
+# SPDX-License-Identifier: Apache-2.0
+
+mainmenu "Bluetooth: Peripheral HIDs"
+
+config SAMPLE_BT_USE_AUTHENTICATION
+	bool "Enable passkey authentication"
+	default y
+	help
+	  Enable the passkey authentication callback and register the GATT
+	  read and and write attributes as authentication required.
+
+source "Kconfig.zephyr"
diff --git a/samples/bluetooth/peripheral_hids/README.rst b/samples/bluetooth/peripheral_hids/README.rst
index 9fc6e43e6af..de1e35aaa38 100644
--- a/samples/bluetooth/peripheral_hids/README.rst
+++ b/samples/bluetooth/peripheral_hids/README.rst
@@ -10,6 +10,11 @@ Similar to the :ref:`Peripheral <ble_peripheral>` sample, except that this
 application specifically exposes the HID GATT Service. The report map used is
 for a generic mouse.
 
+In the default configuration the sample uses passkey authentication (displays a
+code on the peripheral and requires that to be entered on the host during
+pairing) and requires an authenticated link to access the GATT characteristics.
+To disable authentication and just use encrypted channels instead, build the
+sample with `CONFIG_SAMPLE_BT_USE_AUTHENTICATION=n`.
 
 Requirements
 ************
diff --git a/samples/bluetooth/peripheral_hids/sample.yaml b/samples/bluetooth/peripheral_hids/sample.yaml
index 5dd680aa41a..1c73ba4e45d 100644
--- a/samples/bluetooth/peripheral_hids/sample.yaml
+++ b/samples/bluetooth/peripheral_hids/sample.yaml
@@ -8,3 +8,11 @@ tests:
     tags: bluetooth
     integration_platforms:
       - qemu_cortex_m3
+  sample.bluetooth.peripheral_hids.no_authentication:
+    harness: bluetooth
+    extra_configs:
+      - CONFIG_SAMPLE_BT_USE_AUTHENTICATION=n
+    platform_allow: qemu_cortex_m3 qemu_x86
+    tags: bluetooth
+    integration_platforms:
+      - qemu_cortex_m3
diff --git a/samples/bluetooth/peripheral_hids/src/hog.c b/samples/bluetooth/peripheral_hids/src/hog.c
index be8104c33b0..cf67521517d 100644
--- a/samples/bluetooth/peripheral_hids/src/hog.c
+++ b/samples/bluetooth/peripheral_hids/src/hog.c
@@ -141,6 +141,16 @@ static ssize_t write_ctrl_point(struct bt_conn *conn,
 	return len;
 }
 
+#if CONFIG_SAMPLE_BT_USE_AUTHENTICATION
+/* Require encryption using authenticated link-key. */
+#define SAMPLE_BT_PERM_READ BT_GATT_PERM_READ_AUTHEN
+#define SAMPLE_BT_PERM_WRITE BT_GATT_PERM_WRITE_AUTHEN
+#else
+/* Require encryption. */
+#define SAMPLE_BT_PERM_READ BT_GATT_PERM_READ_ENCRYPT
+#define SAMPLE_BT_PERM_WRITE BT_GATT_PERM_WRITE_ENCRYPT
+#endif
+
 /* HID Service Declaration */
 BT_GATT_SERVICE_DEFINE(hog_svc,
 	BT_GATT_PRIMARY_SERVICE(BT_UUID_HIDS),
@@ -150,10 +160,10 @@ BT_GATT_SERVICE_DEFINE(hog_svc,
 			       BT_GATT_PERM_READ, read_report_map, NULL, NULL),
 	BT_GATT_CHARACTERISTIC(BT_UUID_HIDS_REPORT,
 			       BT_GATT_CHRC_READ | BT_GATT_CHRC_NOTIFY,
-			       BT_GATT_PERM_READ_AUTHEN,
+			       SAMPLE_BT_PERM_READ,
 			       read_input_report, NULL, NULL),
 	BT_GATT_CCC(input_ccc_changed,
-		    BT_GATT_PERM_READ_AUTHEN | BT_GATT_PERM_WRITE_AUTHEN),
+		    SAMPLE_BT_PERM_READ | SAMPLE_BT_PERM_WRITE),
 	BT_GATT_DESCRIPTOR(BT_UUID_HIDS_REPORT_REF, BT_GATT_PERM_READ,
 			   read_report, NULL, &input),
 	BT_GATT_CHARACTERISTIC(BT_UUID_HIDS_CTRL_POINT,
diff --git a/samples/bluetooth/peripheral_hids/src/main.c b/samples/bluetooth/peripheral_hids/src/main.c
index 52067c47760..111b4957acc 100644
--- a/samples/bluetooth/peripheral_hids/src/main.c
+++ b/samples/bluetooth/peripheral_hids/src/main.c
@@ -137,7 +137,10 @@ void main(void)
 		return;
 	}
 
-	bt_conn_auth_cb_register(&auth_cb_display);
+	if (IS_ENABLED(CONFIG_SAMPLE_BT_USE_AUTHENTICATION)) {
+		bt_conn_auth_cb_register(&auth_cb_display);
+		printk("Bluetooth authentication callbacks registered.\n");
+	}
 
 	hog_button_loop();
 }