Skip to content

Commit

Permalink
[build] Fix SECURITY_TEST_MODE to be disabled for all builds. Warn/fa…
Browse files Browse the repository at this point in the history
…il builds with it enabled. (#12166)
  • Loading branch information
turon authored and pull[bot] committed Nov 30, 2021
1 parent c8002fb commit 1672308
Show file tree
Hide file tree
Showing 6 changed files with 8 additions and 4 deletions.
2 changes: 2 additions & 0 deletions config/standalone/CHIPProjectConfig.h
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,8 @@
// WARNING: These options make it possible to circumvent basic Chip security functionality,
// including message encryption. Because of this they MUST NEVER BE ENABLED IN PRODUCTION BUILDS.
//
// To build with this flag, pass 'treat_warnings_as_errors=false' to gn/ninja.
//
#define CHIP_CONFIG_SECURITY_TEST_MODE 0
#define CHIP_CONFIG_REQUIRE_AUTH 1

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@
// authentication in various protocols.
// WARNING: These options make it possible to circumvent basic CHIP security functionality,
// including message encryption. Because of this they MUST NEVER BE ENABLED IN PRODUCTION BUILDS.
#define CHIP_CONFIG_SECURITY_TEST_MODE 1
#define CHIP_CONFIG_SECURITY_TEST_MODE 0
#define CHIP_CONFIG_REQUIRE_AUTH 0

// Use a default pairing code if one hasn't been provisioned in flash.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@
// authentication in various protocols.
// WARNING: These options make it possible to circumvent basic CHIP security functionality,
// including message encryption. Because of this they MUST NEVER BE ENABLED IN PRODUCTION BUILDS.
#define CHIP_CONFIG_SECURITY_TEST_MODE 1
#define CHIP_CONFIG_SECURITY_TEST_MODE 0
#define CHIP_CONFIG_REQUIRE_AUTH 0

// Use a default pairing code if one hasn't been provisioned in flash.
Expand Down
2 changes: 1 addition & 1 deletion examples/platform/qpg/project_include/CHIPProjectConfig.h
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@
// WARNING: These options make it possible to circumvent basic Chip security functionality,
// including message encryption. Because of this they MUST NEVER BE ENABLED IN PRODUCTION BUILDS.
//
#define CHIP_CONFIG_SECURITY_TEST_MODE 1
#define CHIP_CONFIG_SECURITY_TEST_MODE 0
#define CHIP_CONFIG_REQUIRE_AUTH 0

/**
Expand Down
2 changes: 2 additions & 0 deletions src/lib/core/CHIPConfig.h
Original file line number Diff line number Diff line change
Expand Up @@ -1403,6 +1403,8 @@
* @note
* WARNING: This option makes it possible to circumvent basic chip security functionality,
* including message encryption. Because of this it SHOULD NEVER BE ENABLED IN PRODUCTION BUILDS.
*
* To build with this flag, pass 'treat_warnings_as_errors=false' to gn/ninja.
*/
#ifndef CHIP_CONFIG_SECURITY_TEST_MODE
#define CHIP_CONFIG_SECURITY_TEST_MODE 0
Expand Down
2 changes: 1 addition & 1 deletion src/transport/CryptoContext.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -96,7 +96,7 @@ CHIP_ERROR CryptoContext::InitFromSecret(const ByteSpan & secret, const ByteSpan
(void) info;
(void) infoLen;

#pragma message \
#warning \
"Warning: CONFIG_SECURITY_TEST_MODE=1 bypassing key negotiation... All sessions will use known, fixed test key. Node can only communicate with other nodes built with this flag set."
ChipLogError(SecureChannel,
"Warning: CONFIG_SECURITY_TEST_MODE=1 bypassing key negotiation... All sessions will use known, fixed test key. "
Expand Down

0 comments on commit 1672308

Please sign in to comment.