This introduces SecureConnections option to main.conf that can be used to
configure this on adapter initialization.
This is useful for:
- disable for adapters that have a problems with SecureConnections enabled
- if you want to disable CTKD (cross transport key derivation)
- add option to enable only SecureConnections
---
src/adapter.c | 2 +-
src/btd.h | 7 +++++++
src/main.c | 15 +++++++++++++++
src/main.conf | 11 +++++++++++
4 files changed, 34 insertions(+), 1 deletion(-)
diff --git a/src/adapter.c b/src/adapter.c
index 8fb2acdc8..747f8f8ca 100644
--- a/src/adapter.c
+++ b/src/adapter.c
@@ -10146,7 +10146,7 @@ static void read_info_complete(uint8_t status, uint16_t length,
}
if (missing_settings & MGMT_SETTING_SECURE_CONN)
- set_mode(adapter, MGMT_OP_SET_SECURE_CONN, 0x01);
+ set_mode(adapter, MGMT_OP_SET_SECURE_CONN, btd_opts.secure_conn);
if (adapter->supported_settings & MGMT_SETTING_PRIVACY)
set_privacy(adapter, btd_opts.privacy);
diff --git a/src/btd.h b/src/btd.h
index 63be6d8d4..42cffcde4 100644
--- a/src/btd.h
+++ b/src/btd.h
@@ -36,6 +36,12 @@ enum mps_mode_t {
MPS_MULTIPLE,
};
+enum sc_mode_t {
+ SC_OFF,
+ SC_ON,
+ SC_ONLY,
+};
+
struct btd_br_defaults {
uint16_t page_scan_type;
uint16_t page_scan_interval;
@@ -105,6 +111,7 @@ struct btd_opts {
uint8_t privacy;
bool device_privacy;
uint32_t name_request_retry_delay;
+ uint8_t secure_conn;
struct btd_defaults defaults;
diff --git a/src/main.c b/src/main.c
index 1d357161f..99d9c508f 100644
--- a/src/main.c
+++ b/src/main.c
@@ -80,6 +80,7 @@ static const char *supported_options[] = {
"MaxControllers"
"MultiProfile",
"FastConnectable",
+ "SecureConnections",
"Privacy",
"JustWorksRepairing",
"TemporaryTimeout",
@@ -881,6 +882,19 @@ static void parse_config(GKeyFile *config)
btd_opts.name_request_retry_delay = val;
}
+ str = g_key_file_get_string(config, "General",
+ "SecureConnections", &err);
+ if (err)
+ g_clear_error(&err);
+ else {
+ if (!strcmp(str, "off"))
+ btd_opts.secure_conn = SC_OFF;
+ else if (!strcmp(str, "on"))
+ btd_opts.secure_conn = SC_ON;
+ else if (!strcmp(str, "only"))
+ btd_opts.secure_conn = SC_ONLY;
+ }
+
str = g_key_file_get_string(config, "GATT", "Cache", &err);
if (err) {
DBG("%s", err->message);
@@ -993,6 +1007,7 @@ static void init_defaults(void)
btd_opts.debug_keys = FALSE;
btd_opts.refresh_discovery = TRUE;
btd_opts.name_request_retry_delay = DEFAULT_NAME_REQUEST_RETRY_DELAY;
+ btd_opts.secure_conn = SC_ON;
btd_opts.defaults.num_entries = 0;
btd_opts.defaults.br.page_scan_type = 0xFFFF;
diff --git a/src/main.conf b/src/main.conf
index 2796f155e..f187c9aaa 100644
--- a/src/main.conf
+++ b/src/main.conf
@@ -111,6 +111,17 @@
# profile is connected. Defaults to true.
#RefreshDiscovery = true
+# Default Secure Connections setting.
+# Enables the Secure Connections setting for adapters that support it. It
+# provides better crypto algorithms for BT links and also enables CTKD (cross
+# transport key derivation) during pairing on any link.
+# Possible values: "off", "on", "only"
+# - "off": Secure Connections are disabled
+# - "on": Secure Connections are enabled when peer device supports them
+# - "only": we allow only Secure Connections
+# Defaults to "on"
+#SecureConnections = on
+
# Enables D-Bus experimental interfaces
# Possible values: true or false
#Experimental = false
--
2.34.1
This is automated email and please do not reply to this email!
Dear submitter,
Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=696767
---Test result---
Test Summary:
CheckPatch FAIL 0.75 seconds
GitLint PASS 0.38 seconds
BuildEll PASS 27.34 seconds
BluezMake PASS 924.14 seconds
MakeCheck PASS 11.33 seconds
MakeDistcheck PASS 145.52 seconds
CheckValgrind PASS 230.75 seconds
bluezmakeextell PASS 92.12 seconds
IncrementalBuild PASS 812.66 seconds
ScanBuild PASS 1013.20 seconds
Details
##############################
Test: CheckPatch - FAIL
Desc: Run checkpatch.pl script
Output:
[BlueZ] main.conf: Add SecureConnections option
WARNING:LONG_LINE: line length of 81 exceeds 80 columns
#98: FILE: src/adapter.c:10149:
+ set_mode(adapter, MGMT_OP_SET_SECURE_CONN, btd_opts.secure_conn);
/github/workspace/src/src/13047733.patch total: 0 errors, 1 warnings, 77 lines checked
NOTE: For some of the reported defects, checkpatch may be able to
mechanically convert to the typical style using --fix or --fix-inplace.
/github/workspace/src/src/13047733.patch has style problems, please review.
NOTE: Ignored message types: COMMIT_MESSAGE COMPLEX_MACRO CONST_STRUCT FILE_PATH_CHANGES MISSING_SIGN_OFF PREFER_PACKED SPDX_LICENSE_TAG SPLIT_STRING SSCANF_TO_KSTRTO
NOTE: If any of the errors are false positives, please report
them to the maintainer, see CHECKPATCH in MAINTAINERS.
---
Regards,
Linux Bluetooth
This is automated email and please do not reply to this email!
Dear submitter,
Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=696767
---Test result---
Test Summary:
CheckPatch FAIL 0.64 seconds
GitLint PASS 0.21 seconds
BuildEll PASS 25.78 seconds
BluezMake PASS 966.32 seconds
MakeCheck PASS 10.74 seconds
MakeDistcheck PASS 139.32 seconds
CheckValgrind PASS 230.10 seconds
bluezmakeextell PASS 93.31 seconds
IncrementalBuild PASS 824.68 seconds
ScanBuild PASS 995.49 seconds
Details
##############################
Test: CheckPatch - FAIL
Desc: Run checkpatch.pl script
Output:
[BlueZ] main.conf: Add SecureConnections option
WARNING:LONG_LINE: line length of 81 exceeds 80 columns
#98: FILE: src/adapter.c:10149:
+ set_mode(adapter, MGMT_OP_SET_SECURE_CONN, btd_opts.secure_conn);
/github/workspace/src/src/13047733.patch total: 0 errors, 1 warnings, 77 lines checked
NOTE: For some of the reported defects, checkpatch may be able to
mechanically convert to the typical style using --fix or --fix-inplace.
/github/workspace/src/src/13047733.patch has style problems, please review.
NOTE: Ignored message types: COMMIT_MESSAGE COMPLEX_MACRO CONST_STRUCT FILE_PATH_CHANGES MISSING_SIGN_OFF PREFER_PACKED SPDX_LICENSE_TAG SPLIT_STRING SSCANF_TO_KSTRTO
NOTE: If any of the errors are false positives, please report
them to the maintainer, see CHECKPATCH in MAINTAINERS.
---
Regards,
Linux Bluetooth
This is automated email and please do not reply to this email!
Dear submitter,
Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=696767
---Test result---
Test Summary:
CheckPatch FAIL 0.60 seconds
GitLint PASS 0.28 seconds
BuildEll PASS 26.96 seconds
BluezMake PASS 754.53 seconds
MakeCheck PASS 10.83 seconds
MakeDistcheck PASS 145.29 seconds
CheckValgrind PASS 237.73 seconds
bluezmakeextell PASS 93.18 seconds
IncrementalBuild PASS 606.92 seconds
ScanBuild PASS 956.74 seconds
Details
##############################
Test: CheckPatch - FAIL
Desc: Run checkpatch.pl script
Output:
[BlueZ] main.conf: Add SecureConnections option
WARNING:LONG_LINE: line length of 81 exceeds 80 columns
#98: FILE: src/adapter.c:10149:
+ set_mode(adapter, MGMT_OP_SET_SECURE_CONN, btd_opts.secure_conn);
/github/workspace/src/src/13047733.patch total: 0 errors, 1 warnings, 77 lines checked
NOTE: For some of the reported defects, checkpatch may be able to
mechanically convert to the typical style using --fix or --fix-inplace.
/github/workspace/src/src/13047733.patch has style problems, please review.
NOTE: Ignored message types: COMMIT_MESSAGE COMPLEX_MACRO CONST_STRUCT FILE_PATH_CHANGES MISSING_SIGN_OFF PREFER_PACKED SPDX_LICENSE_TAG SPLIT_STRING SSCANF_TO_KSTRTO
NOTE: If any of the errors are false positives, please report
them to the maintainer, see CHECKPATCH in MAINTAINERS.
---
Regards,
Linux Bluetooth