Bluetooth: smp: Warn on enabling several Bluetooth options

Add warning about enabling the options below so that users are
aware that this is a security risk.

- CONFIG_BT_DEBUG_SMP
- CONFIG_BT_DEBUG_KEYS
- CONFIG_BT_OOB_DATA_FIXED
- CONFIG_BT_USE_DEBUG_KEYS
- CONFIG_BT_STORE_DEBUG_KEYS

Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
This commit is contained in:
Carles Cufi 2020-06-15 14:01:46 +02:00 committed by Johan Hedberg
commit 88f25df9ac
3 changed files with 48 additions and 8 deletions

View file

@ -49,6 +49,11 @@ BT_BREDR,n,experimental
BT_H5,n,experimental,
BT_HFP_HF,n,experimental
BT_RFCOMM,n,experimental
BT_DEBUG_SMP,n
BT_OOB_DATA_FIXED,n
BT_DEBUG_KEYS,n
BT_USE_DEBUG_KEYS,n
BT_STORE_DEBUG_KEYS,n
CAN_NET,n,experimental
CONSOLE_SUBSYS,n,experimental
CRYPTO,n,experimental

Can't render this file because it has a wrong number of fields in line 45.

View file

@ -56,3 +56,24 @@ if(CONFIG_BT_HCI_HOST)
endif()
endif()
endif()
if(CONFIG_BT_DEBUG_SMP OR CONFIG_BT_DEBUG_KEYS)
message(WARNING "One or both these options are enabled:
CONFIG_BT_DEBUG_SMP CONFIG_BT_DEBUG_KEYS.
Private security keys such as the LTK will be printed out, do not use in
production."
)
endif()
if(CONFIG_BT_OOB_DATA_FIXED)
message(WARNING "CONFIG_BT_OOB_DATA_FIXED is enabled.
A hardcoded OOB data set will be stored in the image, do not use in
production."
)
endif()
if(CONFIG_BT_USE_DEBUG_KEYS OR CONFIG_BT_STORE_DEBUG_KEYS)
message(WARNING "One or both these options are enabled:
CONFIG_BT_USE_DEBUG_KEYS CONFIG_BT_STORE_DEBUG_KEYS.
A predefined, publicly available keypair intended for testing will be used.
Do not use in production."
)
endif()

View file

@ -429,10 +429,10 @@ config BT_USE_DEBUG_KEYS
help
This option places Security Manager in a Debug Mode. In this mode
predefined Diffie-Hellman private/public key pair is used as described
in Core Specification Vol. 3, Part H, 2.3.5.6.1. This option should
only be enabled for debugging and should never be used in production.
If this option is enabled anyone is able to decipher encrypted air
traffic.
in Core Specification Vol. 3, Part H, 2.3.5.6.1.
WARNING: This option enables anyone to decrypt on-air traffic.
Use of this feature in production is strongly discouraged.
config BT_BONDABLE
bool "Bondable Mode"
@ -454,8 +454,12 @@ config BT_STORE_DEBUG_KEYS
bool "Store Debug Mode bonds"
help
This option enables support for storing bonds where either of devices
has the Security Manager in Debug mode. This option should
only be enabled for debugging and should never be used in production.
is using the predefined Diffie-Hellman private/public key pair as
described in the Core Specification Vol 3, Part H, 2.3.5.6.1.
WARNING: This option potentially enables anyone to decrypt on-air
traffic.
Use of this feature in production is strongly discouraged.
config BT_SMP_ENFORCE_MITM
bool "Enforce MITM protection"
@ -471,8 +475,10 @@ config BT_OOB_DATA_FIXED
help
With this option enabled, the application will be able to perform LESC
pairing with OOB data that consists of fixed random number and confirm
value. This option should only be enabled for debugging and should
never be used in production.
value.
WARNING: This option stores a hardcoded Out-of-Band value in the image.
Use of this feature in production is strongly discouraged.
config BT_KEYS_OVERWRITE_OLDEST
bool "Overwrite oldest keys with new ones if key storage is full"
@ -645,6 +651,10 @@ config BT_DEBUG_KEYS
This option enables debug support for the handling of
Bluetooth security keys.
WARNING: This option prints out private security keys such as
the Long Term Key.
Use of this feature in production is strongly discouraged.
config BT_DEBUG_SMP
bool "Bluetooth Security Manager Protocol (SMP) debug"
depends on BT_HCI_HOST
@ -653,6 +663,10 @@ config BT_DEBUG_SMP
This option enables debug support for the Bluetooth
Security Manager Protocol (SMP).
WARNING: This option prints out private security keys such as
the Long Term Key.
Use of this feature in production is strongly discouraged.
config BT_SMP_SELFTEST
bool "Bluetooth SMP self tests executed on init"
depends on BT_DEBUG_SMP