samples: bt: hids: add a non authenticated mode to the sample

The HIDs sample is currently setup with a passkey callback and requires
authenticated write and read access.

Add a sample option to disable the passkey callbacks, and automatically
set the GATT attributes as encryption required. This is a useful sample
setup as real world HID devices (mice, keyboards...) usually don't have
a passkey mechanism, and removing the callback to reproduce that setup
while not changing the GATT permission leads to automatic disconnections
for encryption failures that can be fairly hard to troubleshoot.

Signed-off-by: Fabio Baltieri <fabiobaltieri@google.com>

samples/bluetooth/peripheral_hids/Kconfig

@@ -0,0 +1,13 @@
+# Copyright 2023 Google LLC
+# SPDX-License-Identifier: Apache-2.0
+
+mainmenu "Bluetooth: Peripheral HIDs"
+
+config SAMPLE_BT_USE_AUTHENTICATION
+	bool "Enable passkey authentication"
+	default y
+	help
+	  Enable the passkey authentication callback and register the GATT
+	  read and and write attributes as authentication required.
+
+source "Kconfig.zephyr"

samples/bluetooth/peripheral_hids/README.rst

@@ -10,6 +10,11 @@ Similar to the :ref:`Peripheral <ble_peripheral>` sample, except that this
 application specifically exposes the HID GATT Service. The report map used is
 for a generic mouse.
 
+In the default configuration the sample uses passkey authentication (displays a
+code on the peripheral and requires that to be entered on the host during
+pairing) and requires an authenticated link to access the GATT characteristics.
+To disable authentication and just use encrypted channels instead, build the
+sample with `CONFIG_SAMPLE_BT_USE_AUTHENTICATION=n`.
 
 Requirements
 ************

samples/bluetooth/peripheral_hids/sample.yaml

@@ -8,3 +8,11 @@ tests:
     tags: bluetooth
     integration_platforms:
       - qemu_cortex_m3
+  sample.bluetooth.peripheral_hids.no_authentication:
+    harness: bluetooth
+    extra_configs:
+      - CONFIG_SAMPLE_BT_USE_AUTHENTICATION=n
+    platform_allow: qemu_cortex_m3 qemu_x86
+    tags: bluetooth
+    integration_platforms:
+      - qemu_cortex_m3

samples/bluetooth/peripheral_hids/src/hog.c

@@ -141,6 +141,16 @@ static ssize_t write_ctrl_point(struct bt_conn *conn,
 	return len;
 }
 
+#if CONFIG_SAMPLE_BT_USE_AUTHENTICATION
+/* Require encryption using authenticated link-key. */
+#define SAMPLE_BT_PERM_READ BT_GATT_PERM_READ_AUTHEN
+#define SAMPLE_BT_PERM_WRITE BT_GATT_PERM_WRITE_AUTHEN
+#else
+/* Require encryption. */
+#define SAMPLE_BT_PERM_READ BT_GATT_PERM_READ_ENCRYPT
+#define SAMPLE_BT_PERM_WRITE BT_GATT_PERM_WRITE_ENCRYPT
+#endif
+
 /* HID Service Declaration */
 BT_GATT_SERVICE_DEFINE(hog_svc,
 	BT_GATT_PRIMARY_SERVICE(BT_UUID_HIDS),
@@ -150,10 +160,10 @@ BT_GATT_SERVICE_DEFINE(hog_svc,
 			       BT_GATT_PERM_READ, read_report_map, NULL, NULL),
 	BT_GATT_CHARACTERISTIC(BT_UUID_HIDS_REPORT,
 			       BT_GATT_CHRC_READ | BT_GATT_CHRC_NOTIFY,
-			       BT_GATT_PERM_READ_AUTHEN,
+			       SAMPLE_BT_PERM_READ,
 			       read_input_report, NULL, NULL),
 	BT_GATT_CCC(input_ccc_changed,
-		    BT_GATT_PERM_READ_AUTHEN | BT_GATT_PERM_WRITE_AUTHEN),
+		    SAMPLE_BT_PERM_READ | SAMPLE_BT_PERM_WRITE),
 	BT_GATT_DESCRIPTOR(BT_UUID_HIDS_REPORT_REF, BT_GATT_PERM_READ,
 			   read_report, NULL, &input),
 	BT_GATT_CHARACTERISTIC(BT_UUID_HIDS_CTRL_POINT,

samples/bluetooth/peripheral_hids/src/main.c

@@ -137,7 +137,10 @@ void main(void)
 		return;
 	}
 
-	bt_conn_auth_cb_register(&auth_cb_display);
+	if (IS_ENABLED(CONFIG_SAMPLE_BT_USE_AUTHENTICATION)) {
+		bt_conn_auth_cb_register(&auth_cb_display);
+		printk("Bluetooth authentication callbacks registered.\n");
+	}
 
 	hog_button_loop();
 }