Bluetooth: Add config option to disable security checks
This adds CONFIG_BT_CONN_DISABLE_SECURITY which can be used to disable
security checks for incoming requests enabling to test accessing GATT
attributes and L2CAP channels that would otherwise require
encryption/authentication in order to be accessed.
It depends on BT_TESTING to indicate to the users that this is a
testing feature which shall not be used in production.
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
diff --git a/scripts/kconfig/hardened.csv b/scripts/kconfig/hardened.csv
index c062c61..4fe376c 100644
--- a/scripts/kconfig/hardened.csv
+++ b/scripts/kconfig/hardened.csv
@@ -54,6 +54,7 @@
BT_DEBUG_KEYS,n
BT_USE_DEBUG_KEYS,n
BT_STORE_DEBUG_KEYS,n
+BT_CONN_DISABLE_SECURITY,n
CAN_NET,n,experimental
CONSOLE_SUBSYS,n,experimental
CRYPTO,n,experimental
diff --git a/subsys/bluetooth/host/CMakeLists.txt b/subsys/bluetooth/host/CMakeLists.txt
index d36c3f4..b4af951 100644
--- a/subsys/bluetooth/host/CMakeLists.txt
+++ b/subsys/bluetooth/host/CMakeLists.txt
@@ -77,3 +77,11 @@
Do not use in production."
)
endif()
+if(CONFIG_BT_CONN_DISABLE_SECURITY)
+ message(WARNING "CONFIG_BT_CONN_DISABLE_SECURITY is enabled.
+ Security is disabled for incoming requests for GATT attributes and L2CAP
+ channels that would otherwise require encryption/authentication in order to
+ be accessed.
+ Do not use in production."
+ )
+endif()
diff --git a/subsys/bluetooth/host/Kconfig b/subsys/bluetooth/host/Kconfig
index 6a05bf2..ca885a5 100644
--- a/subsys/bluetooth/host/Kconfig
+++ b/subsys/bluetooth/host/Kconfig
@@ -732,6 +732,17 @@
This option enables custom Bluetooth testing interface.
Shall only be used for testing purposes.
+config BT_CONN_DISABLE_SECURITY
+ bool "Disable security"
+ depends on BT_TESTING
+ help
+ This option disables security checks for incoming requests enabling
+ to test accessing GATT attributes and L2CAP channels that would
+ otherwise require encryption/authentication in order to be accessed.
+
+ WARNING: This option enables anyone to snoop on-air traffic.
+ Use of this feature in production is strongly discouraged.
+
config BT_BREDR
bool "Bluetooth BR/EDR support [EXPERIMENTAL]"
depends on BT_HCI_HOST
diff --git a/subsys/bluetooth/host/gatt.c b/subsys/bluetooth/host/gatt.c
index b617b27..08f00d5 100644
--- a/subsys/bluetooth/host/gatt.c
+++ b/subsys/bluetooth/host/gatt.c
@@ -2130,6 +2130,10 @@
uint8_t bt_gatt_check_perm(struct bt_conn *conn, const struct bt_gatt_attr *attr,
uint8_t mask)
{
+ if (IS_ENABLED(CONFIG_BT_CONN_DISABLE_SECURITY)) {
+ return 0;
+ }
+
if ((mask & BT_GATT_PERM_READ) &&
(!(attr->perm & BT_GATT_PERM_READ_MASK) || !attr->read)) {
return BT_ATT_ERR_READ_NOT_PERMITTED;
diff --git a/subsys/bluetooth/host/l2cap.c b/subsys/bluetooth/host/l2cap.c
index ca7c712..4b61cb6 100644
--- a/subsys/bluetooth/host/l2cap.c
+++ b/subsys/bluetooth/host/l2cap.c
@@ -981,6 +981,16 @@
return BT_L2CAP_LE_SUCCESS;
}
+static bool l2cap_check_security(struct bt_conn *conn,
+ struct bt_l2cap_server *server)
+{
+ if (IS_ENABLED(CONFIG_BT_CONN_DISABLE_SECURITY)) {
+ return true;
+ }
+
+ return conn->sec_level >= server->sec_level;
+}
+
static void le_conn_req(struct bt_l2cap *l2cap, uint8_t ident,
struct net_buf *buf)
{
@@ -1029,7 +1039,7 @@
}
/* Check if connection has minimum required security level */
- if (conn->sec_level < server->sec_level) {
+ if (!l2cap_check_security(conn, server)) {
rsp->result = sys_cpu_to_le16(BT_L2CAP_LE_ERR_AUTHENTICATION);
goto rsp;
}
@@ -1095,7 +1105,7 @@
}
/* Check if connection has minimum required security level */
- if (conn->sec_level < server->sec_level) {
+ if (!l2cap_check_security(conn, server)) {
result = BT_L2CAP_LE_ERR_AUTHENTICATION;
goto response;
}
