Bluetooth: Add config option to disable security checks
This adds CONFIG_BT_CONN_DISABLE_SECURITY which can be used to disable security checks for incoming requests enabling to test accessing GATT attributes and L2CAP channels that would otherwise require encryption/authentication in order to be accessed. It depends on BT_TESTING to indicate to the users that this is a testing feature which shall not be used in production. Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
This commit is contained in:
parent
38997a5719
commit
75f47a56b5
5 changed files with 36 additions and 2 deletions
|
@ -54,6 +54,7 @@ BT_OOB_DATA_FIXED,n
|
|||
BT_DEBUG_KEYS,n
|
||||
BT_USE_DEBUG_KEYS,n
|
||||
BT_STORE_DEBUG_KEYS,n
|
||||
BT_CONN_DISABLE_SECURITY,n
|
||||
CAN_NET,n,experimental
|
||||
CONSOLE_SUBSYS,n,experimental
|
||||
CRYPTO,n,experimental
|
||||
|
|
Can't render this file because it has a wrong number of fields in line 45.
|
|
@ -77,3 +77,11 @@ if(CONFIG_BT_USE_DEBUG_KEYS OR CONFIG_BT_STORE_DEBUG_KEYS)
|
|||
Do not use in production."
|
||||
)
|
||||
endif()
|
||||
if(CONFIG_BT_CONN_DISABLE_SECURITY)
|
||||
message(WARNING "CONFIG_BT_CONN_DISABLE_SECURITY is enabled.
|
||||
Security is disabled for incoming requests for GATT attributes and L2CAP
|
||||
channels that would otherwise require encryption/authentication in order to
|
||||
be accessed.
|
||||
Do not use in production."
|
||||
)
|
||||
endif()
|
||||
|
|
|
@ -732,6 +732,17 @@ config BT_TESTING
|
|||
This option enables custom Bluetooth testing interface.
|
||||
Shall only be used for testing purposes.
|
||||
|
||||
config BT_CONN_DISABLE_SECURITY
|
||||
bool "Disable security"
|
||||
depends on BT_TESTING
|
||||
help
|
||||
This option disables security checks for incoming requests enabling
|
||||
to test accessing GATT attributes and L2CAP channels that would
|
||||
otherwise require encryption/authentication in order to be accessed.
|
||||
|
||||
WARNING: This option enables anyone to snoop on-air traffic.
|
||||
Use of this feature in production is strongly discouraged.
|
||||
|
||||
config BT_BREDR
|
||||
bool "Bluetooth BR/EDR support [EXPERIMENTAL]"
|
||||
depends on BT_HCI_HOST
|
||||
|
|
|
@ -2130,6 +2130,10 @@ uint16_t bt_gatt_get_mtu(struct bt_conn *conn)
|
|||
uint8_t bt_gatt_check_perm(struct bt_conn *conn, const struct bt_gatt_attr *attr,
|
||||
uint8_t mask)
|
||||
{
|
||||
if (IS_ENABLED(CONFIG_BT_CONN_DISABLE_SECURITY)) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
if ((mask & BT_GATT_PERM_READ) &&
|
||||
(!(attr->perm & BT_GATT_PERM_READ_MASK) || !attr->read)) {
|
||||
return BT_ATT_ERR_READ_NOT_PERMITTED;
|
||||
|
|
|
@ -981,6 +981,16 @@ static uint16_t l2cap_chan_accept(struct bt_conn *conn,
|
|||
return BT_L2CAP_LE_SUCCESS;
|
||||
}
|
||||
|
||||
static bool l2cap_check_security(struct bt_conn *conn,
|
||||
struct bt_l2cap_server *server)
|
||||
{
|
||||
if (IS_ENABLED(CONFIG_BT_CONN_DISABLE_SECURITY)) {
|
||||
return true;
|
||||
}
|
||||
|
||||
return conn->sec_level >= server->sec_level;
|
||||
}
|
||||
|
||||
static void le_conn_req(struct bt_l2cap *l2cap, uint8_t ident,
|
||||
struct net_buf *buf)
|
||||
{
|
||||
|
@ -1029,7 +1039,7 @@ static void le_conn_req(struct bt_l2cap *l2cap, uint8_t ident,
|
|||
}
|
||||
|
||||
/* Check if connection has minimum required security level */
|
||||
if (conn->sec_level < server->sec_level) {
|
||||
if (!l2cap_check_security(conn, server)) {
|
||||
rsp->result = sys_cpu_to_le16(BT_L2CAP_LE_ERR_AUTHENTICATION);
|
||||
goto rsp;
|
||||
}
|
||||
|
@ -1095,7 +1105,7 @@ static void le_ecred_conn_req(struct bt_l2cap *l2cap, uint8_t ident,
|
|||
}
|
||||
|
||||
/* Check if connection has minimum required security level */
|
||||
if (conn->sec_level < server->sec_level) {
|
||||
if (!l2cap_check_security(conn, server)) {
|
||||
result = BT_L2CAP_LE_ERR_AUTHENTICATION;
|
||||
goto response;
|
||||
}
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue