diff --git a/features/FEATURE_BLE/ble/generic/FileSecurityDb.h b/features/FEATURE_BLE/ble/generic/FileSecurityDb.h index 7268b2708e..62cf6fcc48 100644 --- a/features/FEATURE_BLE/ble/generic/FileSecurityDb.h +++ b/features/FEATURE_BLE/ble/generic/FileSecurityDb.h @@ -36,8 +36,7 @@ private: static const size_t MAX_ENTRIES = 5; - static entry_t* as_entry(entry_handle_t db_handle) - { + static entry_t* as_entry(entry_handle_t db_handle) { return reinterpret_cast(db_handle); } @@ -111,7 +110,7 @@ public: virtual void restore(); - virtual void sync(); + virtual void sync(entry_handle_t db_handle); virtual void set_restore(bool reload); diff --git a/features/FEATURE_BLE/ble/generic/MemorySecurityDb.h b/features/FEATURE_BLE/ble/generic/MemorySecurityDb.h index f1ea0b2534..6ca9c3b3b0 100644 --- a/features/FEATURE_BLE/ble/generic/MemorySecurityDb.h +++ b/features/FEATURE_BLE/ble/generic/MemorySecurityDb.h @@ -26,13 +26,12 @@ namespace generic { class MemorySecurityDb : public SecurityDb { private: struct entry_t { - entry_t() : peer_sign_counter(0) { }; + entry_t() { }; SecurityDistributionFlags_t flags; SecurityEntryKeys_t local_keys; SecurityEntryKeys_t peer_keys; SecurityEntryIdentity_t peer_identity; SecurityEntrySigning_t peer_signing; - sign_count_t peer_sign_counter; }; static const size_t MAX_ENTRIES = 5; diff --git a/features/FEATURE_BLE/ble/generic/SecurityDb.h b/features/FEATURE_BLE/ble/generic/SecurityDb.h index 93a8419e8c..0186205c23 100644 --- a/features/FEATURE_BLE/ble/generic/SecurityDb.h +++ b/features/FEATURE_BLE/ble/generic/SecurityDb.h @@ -86,6 +86,7 @@ struct SecurityEntryKeys_t { /** CSRK and sign counter used to verify messages */ struct SecurityEntrySigning_t { + SecurityEntrySigning_t() : counter(0) { }; /** Signing key */ csrk_t csrk; /** counter used to verify message to guard from replay attacks */ @@ -526,7 +527,7 @@ public: if (flags) { flags->connected = false; } - sync(); + sync(db_handle); } /** @@ -650,7 +651,7 @@ public: /** * Flush all values which might be stored in memory into NVM. */ - virtual void sync() { }; + virtual void sync(entry_handle_t db_handle) { }; /** * Toggle whether values should be preserved across resets. diff --git a/features/FEATURE_BLE/source/generic/FileSecurityDb.cpp b/features/FEATURE_BLE/source/generic/FileSecurityDb.cpp index f883dfeebf..e2698d6c9d 100644 --- a/features/FEATURE_BLE/source/generic/FileSecurityDb.cpp +++ b/features/FEATURE_BLE/source/generic/FileSecurityDb.cpp @@ -25,19 +25,20 @@ const uint16_t DB_VERSION = 1; #define DB_STORE_OFFSET_PEER_KEYS (DB_STORE_OFFSET_LOCAL_KEYS + sizeof(SecurityEntryKeys_t)) #define DB_STORE_OFFSET_PEER_IDENTITY (DB_STORE_OFFSET_PEER_KEYS + sizeof(SecurityEntryKeys_t)) #define DB_STORE_OFFSET_PEER_SIGNING (DB_STORE_OFFSET_PEER_IDENTITY + sizeof(SecurityEntryIdentity_t)) -#define DB_SIZE_STORE_PEER_SIGN_COUNT (DB_STORE_OFFSET_PEER_SIGNING + sizeof(SecurityEntrySigning_t)) -#define DB_STORE_OFFSET_PEER_IDENTITY_ADDRESS (DB_STORE_OFFSET_PEER_IDENTITY) -#define DB_STORE_OFFSET_PEER_IDENTITY_IRK (DB_STORE_OFFSET_PEER_IDENTITY + sizeof(address_t)) -#define DB_STORE_OFFSET_PEER_IDENTITY_ADDRESS_IS_PUBLIC (DB_STORE_OFFSET_PEER_IDENTITY_IRK + sizeof(irk_t)) +#define DB_STORE_OFFSET_LOCAL_KEYS_LTK (DB_STORE_OFFSET_LOCAL_KEYS) +#define DB_STORE_OFFSET_LOCAL_KEYS_EDIV (DB_STORE_OFFSET_LOCAL_KEYS_LTK + sizeof(ltk_t)) +#define DB_STORE_OFFSET_LOCAL_KEYS_RAND (DB_STORE_OFFSET_LOCAL_KEYS_EDIV + sizeof(ediv_t)) #define DB_STORE_OFFSET_PEER_KEYS_LTK (DB_STORE_OFFSET_PEER_KEYS) #define DB_STORE_OFFSET_PEER_KEYS_EDIV (DB_STORE_OFFSET_PEER_KEYS_LTK + sizeof(ltk_t)) #define DB_STORE_OFFSET_PEER_KEYS_RAND (DB_STORE_OFFSET_PEER_KEYS_EDIV + sizeof(ediv_t)) -#define DB_STORE_OFFSET_LOCAL_KEYS_LTK (DB_STORE_OFFSET_LOCAL_KEYS) -#define DB_STORE_OFFSET_LOCAL_KEYS_EDIV (DB_STORE_OFFSET_LOCAL_KEYS_LTK + sizeof(ltk_t)) -#define DB_STORE_OFFSET_LOCAL_KEYS_RAND (DB_STORE_OFFSET_LOCAL_KEYS_EDIV + sizeof(ediv_t)) +#define DB_STORE_OFFSET_PEER_IDENTITY_ADDRESS (DB_STORE_OFFSET_PEER_IDENTITY) +#define DB_STORE_OFFSET_PEER_IDENTITY_IRK (DB_STORE_OFFSET_PEER_IDENTITY + sizeof(address_t)) +#define DB_STORE_OFFSET_PEER_IDENTITY_ADDRESS_IS_PUBLIC (DB_STORE_OFFSET_PEER_IDENTITY_IRK + sizeof(irk_t)) + +#define DB_STORE_OFFSET_PEER_SIGNING_COUNT (DB_STORE_OFFSET_PEER_SIGNING + sizeof(csrk_t)) #define DB_SIZE_STORE \ (sizeof(SecurityEntryKeys_t) + \ @@ -280,7 +281,14 @@ void FileSecurityDb::set_entry_peer_sign_counter( void FileSecurityDb::restore() { } -void FileSecurityDb::sync() { +void FileSecurityDb::sync(entry_handle_t db_handle) { + entry_t *entry = as_entry(db_handle); + if (!entry) { + return; + } + + fseek(_db_file, entry->file_offset + DB_STORE_OFFSET_PEER_SIGNING_COUNT, SEEK_SET); + fwrite(&entry->peer_sign_counter, sizeof(sign_count_t), 1, _db_file); } void FileSecurityDb::set_restore(bool reload) { diff --git a/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp b/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp index a8fb9a7679..b8d6a85a78 100644 --- a/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp +++ b/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp @@ -109,8 +109,6 @@ ble_error_t GenericSecurityManager::init( } ble_error_t GenericSecurityManager::reset(void) { - MBED_ASSERT(_db); - _db->sync(); _pal.reset(); SecurityManager::reset(); @@ -901,8 +899,6 @@ void GenericSecurityManager::on_disconnected( _db->close_entry(cb->db_entry); release_control_block(cb); - - _db->sync(); } void GenericSecurityManager::on_security_entry_retrieved(