lib: peer_manager: refactor Kconfig options

doc/nrf-bm/libraries/bluetooth/peer_manager.rst

@@ -73,7 +73,7 @@ The Security Dispatcher interfaces with the SoftDevice and the non-volatile stor
 LE Secure Connections support
 =============================
 
-You can enable support for LE Secure Connections (LESC) pairing by setting the :kconfig:option:`CONFIG_PM_LESC_ENABLED` Kconfig option.
+You can enable support for LE Secure Connections (LESC) pairing by setting the :kconfig:option:`CONFIG_PM_LESC` Kconfig option.
 This functionality is disabled by default.
 In this mode, the Peer Manager handles internally all requests for Diffie-Hellman keys from the SoftDevice.
 When enabled, it is necessary to call the :c:func:`nrf_ble_lesc_request_handler` function in the main context of the application.
@@ -82,7 +82,7 @@ If there is any pending DH key request, the function will calculate the requeste
 Repeated pairing attempts protection
 ====================================
 
-You can enable protection against repeated pairing attempts by setting the :kconfig:option:`CONFIG_PM_RA_PROTECTION_ENABLED` Kconfig option.
+You can enable protection against repeated pairing attempts by setting the :kconfig:option:`CONFIG_PM_RA_PROTECTION` Kconfig option.
 This functionality is disabled by default.
 In this mode, the Peer Manager uses the timing module to keep track of peers that failed at the pairing procedure.
 Future pairing attempts from these peers are rejected for a certain period of time.
@@ -131,8 +131,8 @@ Set the :kconfig:option:`CONFIG_PEER_MANAGER` Kconfig option to enable the libra
 
 Some features are disabled by default and can be optionally enabled:
 
-* :kconfig:option:`CONFIG_PM_LESC_ENABLED` - Enables LESC support in Peer Manager.
-* :kconfig:option:`CONFIG_PM_RA_PROTECTION_ENABLED` - Enables protection against repeated pairing attempts in Peer Manager.
+* :kconfig:option:`CONFIG_PM_LESC` - Enables LESC support in Peer Manager.
+* :kconfig:option:`CONFIG_PM_RA_PROTECTION` - Enables protection against repeated pairing attempts in Peer Manager.
 
 Initialization
 ==============

doc/nrf-bm/release_notes/release_notes_changelog.rst

@@ -57,6 +57,16 @@ Libraries
 
    * Added missing Kconfig dependencies.
 
+* :ref:`lib_peer_manager` library:
+
+   * Updated:
+
+     * The ``CONFIG_PM_SERVICE_CHANGED_ENABLED`` Kconfig option is renamed to :kconfig:option:`CONFIG_PM_SERVICE_CHANGED`.
+     * The ``CONFIG_PM_PEER_RANKS_ENABLED`` Kconfig option is renamed to :kconfig:option:`CONFIG_PM_PEER_RANKS`.
+     * The ``CONFIG_PM_LESC_ENABLED`` Kconfig option is renamed to :kconfig:option:`CONFIG_PM_LESC`.
+     * The ``CONFIG_PM_RA_PROTECTION_ENABLED`` Kconfig option is renamed to :kconfig:option:`CONFIG_PM_RA_PROTECTION`.
+     * The :kconfig:option:`CONFIG_PM_SERVICE_CHANGED` Kconfig option to depend on the :kconfig:option:`CONFIG_NRF_SDH_BLE_SERVICE_CHANGED` Kconfig option.
+
 Samples
 =======
 

include/bluetooth/peer_manager/peer_manager.h

@@ -200,9 +200,9 @@ uint32_t pm_conn_sec_params_reply(uint16_t conn_handle, ble_gap_sec_params_t *p_
  *          PM_EVT_SERVICE_CHANGED_IND_CONFIRMED when the peer sends its confirmation. Peers that
  *          are not subscribed to the service changed indication when this function is called do not
  *          receive an indication, and no events are sent to the user. Likewise, if the service
- *          changed characteristic is not present in the local database, or if the @ref
- *          PM_SERVICE_CHANGED_ENABLED is set to 0, no indications are sent peers, and no events are
- *          sent to the user.
+ *          changed characteristic is not present in the local database, or if the
+ *          @c CONFIG_PM_SERVICE_CHANGED Kconfig option is disabled, no indications are sent to
+ *          the peers, and no events are sent to the user.
  */
 void pm_local_database_has_changed(void);
 
@@ -241,15 +241,16 @@ bool pm_sec_is_sufficient(uint16_t conn_handle, pm_conn_sec_status_t *p_sec_stat
  *
  * @note The key must continue to reside in application memory as it is not copied by Peer Manager.
  *
- * @note This function is deprecated. LESC keys are now handled internally if @ref PM_LESC_ENABLED
- *       is true. If @ref PM_LESC_ENABLED is false, this function works as before.
+ * @note This function is deprecated. LESC keys are now handled internally if the @c CONFIG_PM_LESC
+ *       Kconfig option is enabled. If the @c CONFIG_PM_LESC Kconfig option is disabled, this
+ *       function works as before.
  *
  * @param[in]  p_public_key  The public key to use for all subsequent LESC operations.
  *
  * @retval NRF_SUCCESS                    If pairing was initiated successfully.
  * @retval NRF_ERROR_INVALID_STATE        If the Peer Manager is not initialized.
- * @retval NRF_ERROR_FORBIDDEN            If LESC module support is enabled (see @ref
- * PM_LESC_ENABLED).
+ * @retval NRF_ERROR_FORBIDDEN            If LESC module support is enabled (see the
+ *                                        @c CONFIG_PM_LESC Kconfig option).
  */
 uint32_t pm_lesc_public_key_set(ble_gap_lesc_p256_pk_t *p_public_key);
 
@@ -772,8 +773,8 @@ uint32_t pm_peers_delete(void);
  * @retval NRF_ERROR_NOT_FOUND      If no peer with stored peer rank was found.
  * @retval NRF_ERROR_INVALID_STATE  If the Peer Manager is not initialized.
  * @retval NRF_ERROR_INTERNAL       If an internal error occurred.
- * @retval NRF_ERROR_NOT_SUPPORTED  If peer rank functionality has been disabled via the @ref
- *                                  PM_PEER_RANKS_ENABLED configuration option.
+ * @retval NRF_ERROR_NOT_SUPPORTED  If peer rank functionality has been disabled via the
+ *                                  @c CONFIG_PM_PEER_RANKS Kconfig option.
  */
 uint32_t pm_peer_ranks_get(pm_peer_id_t *p_highest_ranked_peer, uint32_t *p_highest_rank,
 			   pm_peer_id_t *p_lowest_ranked_peer, uint32_t *p_lowest_rank);
@@ -807,8 +808,8 @@ uint32_t pm_peer_ranks_get(pm_peer_id_t *p_highest_ranked_peer, uint32_t *p_high
  *                                  around to 0. To fix this, manually update all ranks to smaller
  *                                  values, while still keeping their order.
  * @retval NRF_ERROR_INTERNAL       If an internal error occurred.
- * @retval NRF_ERROR_NOT_SUPPORTED  If peer rank functionality has been disabled via the @ref
- *                                  PM_PEER_RANKS_ENABLED configuration option.
+ * @retval NRF_ERROR_NOT_SUPPORTED  If peer rank functionality has been disabled via the
+ *                                  @c CONFIG_PM_PEER_RANKS Kconfig option.
  */
 uint32_t pm_peer_rank_highest(pm_peer_id_t peer_id);
 

lib/peer_manager/Kconfig

@@ -18,46 +18,41 @@ menuconfig PEER_MANAGER
 if PEER_MANAGER
 
 config PM_BM_ZMS_SECTOR_SIZE
-	int "Sector size"
+	int "BM_ZMS sector size"
 	default 1024
 
 config PM_BLE_OBSERVER_PRIO
-	int "Priority with which BLE events are dispatched to the Peer Manager module."
+	int "BLE events priority"
 	default 1
 	help
 	  Priority with which BLE events are dispatched to the Peer Manager module.
 
 config PM_MAX_REGISTRANTS
-	int "Number of event handlers that can be registered."
+	int "Maximum number of event handlers that can be registered"
 	default 3
-	help
-	  Number of event handlers that can be registered.
 
 config PM_FLASH_BUFFERS
-	int "Number of internal buffers for flash operations."
+	int "Number of internal buffers for non-volatile storage operations"
 	default 4
 	help
-	  Number of internal buffers for flash operations.
-	  Decrease this value to lower RAM usage.
+	  Decrease this value to reduce RAM usage.
 
-config PM_SERVICE_CHANGED_ENABLED
-	bool "Enable/disable the service changed management for GATT server in Peer Manager."
+config PM_SERVICE_CHANGED
+	bool "Service changed management for GATT server"
+	depends on NRF_SDH_BLE_SERVICE_CHANGED
 	default y
 	help
-	  Enable/disable the service changed management for GATT server in Peer Manager.
-	  If not using a GATT server, or using a server without a service changed characteristic,
-	  disable this to save code space.
+	  Disable this option to reduce memory usage if not using a GATT server, or using a server
+	  without a service changed characteristic.
 
-config PM_PEER_RANKS_ENABLED
-	bool "Enable/disable the peer rank management in Peer Manager."
+config PM_PEER_RANKS
+	bool "Peer rank management"
 	default y
 	help
-	  Enable/disable the peer rank management in Peer Manager.
-	  Set this to false to save code space if not using the peer rank API.
+	  Disable this option to reduce memory usage if not using the peer rank API.
 
-config PM_LESC_ENABLED
-	bool "Enable/disable LESC support in Peer Manager."
-	default n
+config PM_LESC
+	bool "LE Secure Connections (LESC) support"
 	depends on PSA_WANT_ALG_ECDH
 	depends on PSA_WANT_GENERATE_RANDOM
 	depends on PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE
@@ -68,16 +63,14 @@ config PM_LESC_ENABLED
 		   MBEDTLS_ENABLE_HEAP
 
 	help
-	  Enable/disable LESC support in Peer Manager.
-	  If set to true, you need to call nrf_ble_lesc_request_handler() in the main loop to
-	  respond to LESC-related BLE events. If LESC support is not required, set this to false to
-	  save code space.
+	  If enabled, you need to call nrf_ble_lesc_request_handler() in the main loop to
+	  respond to LESC-related BLE events. If LESC support is not required, disable this option
+	  to reduce memory usage.
 
-if PM_LESC_ENABLED
+if PM_LESC
 
 config PM_LESC_GENERATE_NEW_KEYS
 	bool "Generate new LESC key pair after every pairing attempt"
-	default n
 	help
 	  New LESC keys are generated on the auth status event.
 
@@ -87,45 +80,42 @@ config PM_LESC_PRIVATE_KEY_EXPORT
 	  Export private key.
 	  This is for for debugging purposes only and is not to be used in production!
 
-endif # PM_LESC_ENABLED
+endif # PM_LESC
 
-config PM_RA_PROTECTION_ENABLED
-	bool "Enable/disable protection against repeated pairing attempts in Peer Manager."
-	default n
+config PM_RA_PROTECTION
+	bool "Protection against repeated pairing attempts"
 	help
-	  Enable/disable protection against repeated pairing attempts in Peer Manager.
+	  Enable protection against repeated Bluetooth pairing attempts from the same device.
+	  Offending peers will be temporarily blacklisted with increasing backoff times to
+	  prevent pairing spam or brute-force attacks.
+
+if PM_RA_PROTECTION
 
 config PM_RA_PROTECTION_TRACKED_PEERS_NUM
-	int "Maximum number of peers whose authorization status can be tracked."
+	int "Maximum number of peers whose authorization status can be tracked"
 	default 8
-	help
-	  Maximum number of peers whose authorization status can be tracked.
 
 config PM_RA_PROTECTION_MIN_WAIT_INTERVAL
-	int "Minimum waiting interval (in ms) before a new pairing attempt can be initiated."
+	int "Minimum waiting interval (in ms) before a new pairing attempt can be initiated"
 	default 4000
-	help
-	  Minimum waiting interval (in ms) before a new pairing attempt can be initiated.
 
 config PM_RA_PROTECTION_MAX_WAIT_INTERVAL
-	int "Maximum waiting interval (in ms) before a new pairing attempt can be initiated."
+	int "Maximum waiting interval (in ms) before a new pairing attempt can be initiated"
 	default 64000
-	help
-	  Maximum waiting interval (in ms) before a new pairing attempt can be initiated.
 
 config PM_RA_PROTECTION_REWARD_PERIOD
-	int "Reward period (in ms)."
+	int "Reward period (in ms)"
 	default 10000
 	help
-	  Reward period (in ms).
 	  The waiting interval is gradually decreased when no new failed pairing attempts are made
 	  during reward period.
 
+endif # PM_RA_PROTECTION
+
 config PM_HANDLER_SEC_DELAY_MS
-	int "Delay before starting security."
+	int "Delay before starting security"
 	default 0
 	help
-	  Delay before starting security.
 	  This might be necessary for interoperability reasons, especially as peripheral.
 
 module=PEER_MANAGER

lib/peer_manager/modules/CMakeLists.txt

@@ -4,11 +4,11 @@
 # SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
 #
 
-zephyr_library_sources(auth_status_tracker.c)
+zephyr_library_sources_ifdef(CONFIG_PM_RA_PROTECTION auth_status_tracker.c)
 zephyr_library_sources(gatt_cache_manager.c)
 zephyr_library_sources(gatts_cache_manager.c)
 zephyr_library_sources(id_manager.c)
-zephyr_library_sources_ifdef(CONFIG_PM_LESC_ENABLED nrf_ble_lesc.c)
+zephyr_library_sources_ifdef(CONFIG_PM_LESC nrf_ble_lesc.c)
 zephyr_library_sources(peer_data_storage.c)
 zephyr_library_sources(peer_database.c)
 zephyr_library_sources(peer_id.c)

lib/peer_manager/modules/gatt_cache_manager.c

@@ -127,15 +127,6 @@ static int m_flag_car_handle_queried;
  */
 static int m_flag_car_value_queried;
 
-#ifdef CONFIG_PM_SERVICE_CHANGED_ENABLED
-BUILD_ASSERT(IS_ENABLED(CONFIG_PM_SERVICE_CHANGED_ENABLED) ||
-	     !IS_ENABLED(CONFIG_NRF_SDH_BLE_SERVICE_CHANGED),
-	"CONFIG_PM_SERVICE_CHANGED_ENABLED should be enabled "
-	"if NRF_SDH_BLE_SERVICE_CHANGED is enabled.");
-#else
-#define CONFIG_PM_SERVICE_CHANGED_ENABLED 1
-#endif
-
 /**
  * @brief Function for resetting the module variable(s) of the GSCM module.
  *
@@ -310,7 +301,7 @@ static bool local_db_update_in_evt(uint16_t conn_handle)
 	return success;
 }
 
-#if CONFIG_PM_SERVICE_CHANGED_ENABLED
+#if defined(CONFIG_PM_SERVICE_CHANGED)
 
 /**
  * @brief Function for getting the value of the CCCD for the service changed characteristic.
@@ -450,7 +441,7 @@ static void db_update_pending_handle(uint16_t conn_handle, void *p_context)
 	}
 }
 
-#if CONFIG_PM_SERVICE_CHANGED_ENABLED
+#if defined(CONFIG_PM_SERVICE_CHANGED)
 static void sc_send_pending_handle(uint16_t conn_handle, void *p_context)
 {
 	ARG_UNUSED(p_context);
@@ -529,7 +520,7 @@ void gcm_im_evt_handler(pm_evt_t *p_event)
 	switch (p_event->evt_id) {
 	case PM_EVT_BONDED_PEER_CONNECTED:
 		local_db_apply_in_evt(p_event->conn_handle);
-#if (CONFIG_PM_SERVICE_CHANGED_ENABLED == 1)
+#if defined(CONFIG_PM_SERVICE_CHANGED)
 		service_changed_needed(p_event->conn_handle);
 #endif
 		car_update_needed(p_event->conn_handle);
@@ -561,7 +552,7 @@ void gcm_pdb_evt_handler(pm_evt_t *p_event)
 			break;
 		}
 
-#if CONFIG_PM_SERVICE_CHANGED_ENABLED
+#if defined(CONFIG_PM_SERVICE_CHANGED)
 		case PM_PEER_DATA_ID_SERVICE_CHANGED_PENDING: {
 			uint32_t err_code;
 			bool service_changed_pending = false;
@@ -676,7 +667,7 @@ void gcm_ble_evt_handler(ble_evt_t const *p_ble_evt)
 		local_db_apply_in_evt(conn_handle);
 		break;
 
-#if CONFIG_PM_SERVICE_CHANGED_ENABLED
+#if defined(CONFIG_PM_SERVICE_CHANGED)
 	case BLE_GATTS_EVT_SC_CONFIRM: {
 		pm_evt_t event = {
 			.evt_id = PM_EVT_SERVICE_CHANGED_IND_CONFIRMED,
@@ -779,7 +770,7 @@ void gcm_ble_evt_handler(ble_evt_t const *p_ble_evt)
 	}
 
 	apply_pending_flags_check();
-#if CONFIG_PM_SERVICE_CHANGED_ENABLED
+#if defined(CONFIG_PM_SERVICE_CHANGED)
 	service_changed_pending_flags_check();
 #endif
 }
@@ -794,7 +785,7 @@ uint32_t gcm_local_db_cache_update(uint16_t conn_handle)
 	return NRF_SUCCESS;
 }
 
-#if CONFIG_PM_SERVICE_CHANGED_ENABLED
+#if defined(CONFIG_PM_SERVICE_CHANGED)
 void gcm_local_database_has_changed(void)
 {
 	gscm_local_database_has_changed();

lib/peer_manager/modules/gatts_cache_manager.c

@@ -21,7 +21,7 @@
 
 LOG_MODULE_DECLARE(peer_manager, CONFIG_PEER_MANAGER_LOG_LEVEL);
 
-#if !defined(CONFIG_PM_SERVICE_CHANGED_ENABLED) || (CONFIG_PM_SERVICE_CHANGED_ENABLED == 1)
+#if defined(CONFIG_PM_SERVICE_CHANGED)
 
 /* The number of registered event handlers. */
 #define GSCM_EVENT_HANDLERS_CNT ARRAY_SIZE(m_evt_handlers)
@@ -49,11 +49,11 @@ static void internal_state_reset(void)
 	m_module_initialized = false;
 	m_current_sc_store_peer_id = PM_PEER_ID_INVALID;
 
-	/* If CONFIG_PM_SERVICE_CHANGED_ENABLED is 0, this variable is unused. */
+	/* If CONFIG_PM_SERVICE_CHANGED is 0, this variable is unused. */
 	UNUSED_VARIABLE(m_current_sc_store_peer_id);
 }
 
-#if !defined(CONFIG_PM_SERVICE_CHANGED_ENABLED) || (CONFIG_PM_SERVICE_CHANGED_ENABLED == 1)
+#if defined(CONFIG_PM_SERVICE_CHANGED)
 static void evt_send(pm_evt_t *p_gscm_evt)
 {
 	p_gscm_evt->conn_handle = im_conn_handle_get(p_gscm_evt->peer_id);
@@ -319,7 +319,7 @@ uint32_t gscm_local_db_cache_apply(uint16_t conn_handle)
 	return err_code;
 }
 
-#if !defined(CONFIG_PM_SERVICE_CHANGED_ENABLED) || (CONFIG_PM_SERVICE_CHANGED_ENABLED == 1)
+#if defined(CONFIG_PM_SERVICE_CHANGED)
 void gscm_local_database_has_changed(void)
 {
 	NRF_PM_DEBUG_CHECK(m_module_initialized);

lib/peer_manager/modules/peer_database.c

@@ -38,7 +38,7 @@ LOG_MODULE_DECLARE(peer_manager, CONFIG_PEER_MANAGER_LOG_LEVEL);
 /* Peer Database event handlers in other Peer Manager submodules. */
 extern void pm_pdb_evt_handler(pm_evt_t *p_event);
 extern void sm_pdb_evt_handler(pm_evt_t *p_event);
-#if !defined(CONFIG_PM_SERVICE_CHANGED_ENABLED) || (CONFIG_PM_SERVICE_CHANGED_ENABLED == 1)
+#if defined(CONFIG_PM_SERVICE_CHANGED)
 extern void gscm_pdb_evt_handler(pm_evt_t *p_event);
 #endif
 extern void gcm_pdb_evt_handler(pm_evt_t *p_event);
@@ -50,7 +50,7 @@ extern void gcm_pdb_evt_handler(pm_evt_t *p_event);
 static pm_evt_handler_internal_t const m_evt_handlers[] = {
 	pm_pdb_evt_handler,
 	sm_pdb_evt_handler,
-#if !defined(CONFIG_PM_SERVICE_CHANGED_ENABLED) || (CONFIG_PM_SERVICE_CHANGED_ENABLED == 1)
+#if defined(CONFIG_PM_SERVICE_CHANGED)
 	gscm_pdb_evt_handler,
 #endif
 	gcm_pdb_evt_handler,

lib/peer_manager/modules/peer_id.c

@@ -4,7 +4,6 @@
  * SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
  */
 
-
 #include <stdint.h>
 #include <string.h>
 #include <limits.h>