write back counter, sync entry by hand;e

features/FEATURE_BLE/ble/generic/FileSecurityDb.h

@@ -36,8 +36,7 @@ private:
 
     static const size_t MAX_ENTRIES = 5;
 
-    static entry_t* as_entry(entry_handle_t db_handle)
-    {
+    static entry_t* as_entry(entry_handle_t db_handle) {
         return reinterpret_cast<entry_t*>(db_handle);
     }
 
@@ -111,7 +110,7 @@ public:
 
     virtual void restore();
 
-    virtual void sync();
+    virtual void sync(entry_handle_t db_handle);
 
     virtual void set_restore(bool reload);
 

features/FEATURE_BLE/ble/generic/MemorySecurityDb.h

@@ -26,13 +26,12 @@ namespace generic {
 class MemorySecurityDb : public SecurityDb {
 private:
     struct entry_t {
-        entry_t() : peer_sign_counter(0) { };
+        entry_t() { };
         SecurityDistributionFlags_t flags;
         SecurityEntryKeys_t local_keys;
         SecurityEntryKeys_t peer_keys;
         SecurityEntryIdentity_t peer_identity;
         SecurityEntrySigning_t peer_signing;
-        sign_count_t peer_sign_counter;
     };
 
     static const size_t MAX_ENTRIES = 5;

features/FEATURE_BLE/ble/generic/SecurityDb.h

@@ -86,6 +86,7 @@ struct SecurityEntryKeys_t {
 
 /** CSRK and sign counter used to verify messages */
 struct SecurityEntrySigning_t {
+    SecurityEntrySigning_t() : counter(0) { };
     /** Signing key */
     csrk_t csrk;
     /** counter used to verify message to guard from replay attacks */
@@ -526,7 +527,7 @@ public:
         if (flags) {
             flags->connected = false;
         }
-        sync();
+        sync(db_handle);
     }
 
     /**
@@ -650,7 +651,7 @@ public:
     /**
      * Flush all values which might be stored in memory into NVM.
      */
-    virtual void sync() { };
+    virtual void sync(entry_handle_t db_handle) { };
 
     /**
      * Toggle whether values should be preserved across resets.

features/FEATURE_BLE/source/generic/FileSecurityDb.cpp

@@ -25,19 +25,20 @@ const uint16_t DB_VERSION = 1;
 #define DB_STORE_OFFSET_PEER_KEYS     (DB_STORE_OFFSET_LOCAL_KEYS + sizeof(SecurityEntryKeys_t))
 #define DB_STORE_OFFSET_PEER_IDENTITY (DB_STORE_OFFSET_PEER_KEYS + sizeof(SecurityEntryKeys_t))
 #define DB_STORE_OFFSET_PEER_SIGNING  (DB_STORE_OFFSET_PEER_IDENTITY + sizeof(SecurityEntryIdentity_t))
-#define DB_SIZE_STORE_PEER_SIGN_COUNT (DB_STORE_OFFSET_PEER_SIGNING + sizeof(SecurityEntrySigning_t))
 
-#define DB_STORE_OFFSET_PEER_IDENTITY_ADDRESS (DB_STORE_OFFSET_PEER_IDENTITY)
-#define DB_STORE_OFFSET_PEER_IDENTITY_IRK     (DB_STORE_OFFSET_PEER_IDENTITY + sizeof(address_t))
-#define DB_STORE_OFFSET_PEER_IDENTITY_ADDRESS_IS_PUBLIC (DB_STORE_OFFSET_PEER_IDENTITY_IRK + sizeof(irk_t))
+#define DB_STORE_OFFSET_LOCAL_KEYS_LTK  (DB_STORE_OFFSET_LOCAL_KEYS)
+#define DB_STORE_OFFSET_LOCAL_KEYS_EDIV (DB_STORE_OFFSET_LOCAL_KEYS_LTK + sizeof(ltk_t))
+#define DB_STORE_OFFSET_LOCAL_KEYS_RAND (DB_STORE_OFFSET_LOCAL_KEYS_EDIV + sizeof(ediv_t))
 
 #define DB_STORE_OFFSET_PEER_KEYS_LTK  (DB_STORE_OFFSET_PEER_KEYS)
 #define DB_STORE_OFFSET_PEER_KEYS_EDIV (DB_STORE_OFFSET_PEER_KEYS_LTK + sizeof(ltk_t))
 #define DB_STORE_OFFSET_PEER_KEYS_RAND (DB_STORE_OFFSET_PEER_KEYS_EDIV + sizeof(ediv_t))
 
-#define DB_STORE_OFFSET_LOCAL_KEYS_LTK  (DB_STORE_OFFSET_LOCAL_KEYS)
-#define DB_STORE_OFFSET_LOCAL_KEYS_EDIV (DB_STORE_OFFSET_LOCAL_KEYS_LTK + sizeof(ltk_t))
-#define DB_STORE_OFFSET_LOCAL_KEYS_RAND (DB_STORE_OFFSET_LOCAL_KEYS_EDIV + sizeof(ediv_t))
+#define DB_STORE_OFFSET_PEER_IDENTITY_ADDRESS (DB_STORE_OFFSET_PEER_IDENTITY)
+#define DB_STORE_OFFSET_PEER_IDENTITY_IRK     (DB_STORE_OFFSET_PEER_IDENTITY + sizeof(address_t))
+#define DB_STORE_OFFSET_PEER_IDENTITY_ADDRESS_IS_PUBLIC (DB_STORE_OFFSET_PEER_IDENTITY_IRK + sizeof(irk_t))
+
+#define DB_STORE_OFFSET_PEER_SIGNING_COUNT (DB_STORE_OFFSET_PEER_SIGNING + sizeof(csrk_t))
 
 #define DB_SIZE_STORE \
     (sizeof(SecurityEntryKeys_t) + \
@@ -280,7 +281,14 @@ void FileSecurityDb::set_entry_peer_sign_counter(
 void FileSecurityDb::restore() {
 }
 
-void FileSecurityDb::sync() {
+void FileSecurityDb::sync(entry_handle_t db_handle) {
+    entry_t *entry = as_entry(db_handle);
+    if (!entry) {
+        return;
+    }
+
+    fseek(_db_file, entry->file_offset + DB_STORE_OFFSET_PEER_SIGNING_COUNT, SEEK_SET);
+    fwrite(&entry->peer_sign_counter, sizeof(sign_count_t), 1, _db_file);
 }
 
 void FileSecurityDb::set_restore(bool reload) {

features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp

@@ -109,8 +109,6 @@ ble_error_t GenericSecurityManager::init(
 }
 
 ble_error_t GenericSecurityManager::reset(void) {
-    MBED_ASSERT(_db);
-    _db->sync();
     _pal.reset();
     SecurityManager::reset();
 
@@ -901,8 +899,6 @@ void GenericSecurityManager::on_disconnected(
 
     _db->close_entry(cb->db_entry);
     release_control_block(cb);
-
-    _db->sync();
 }
 
 void GenericSecurityManager::on_security_entry_retrieved(