Implemented PASE Rate Limiter Protocol.

A time-based rate limiter for PASE negotiation attempts is implemented.
  -- The mechanism limits all PASE attempts to 3 failures within a 15 second period.
     These parameters are build time defines and can be adjusted for each platform.
  -- PASE attempts beyond the limit are rejected immediately with a Common:Busy
     status code.
  -- For PASE negotiations with key confirmation option enabled: only attempts that
     failed with key confirmation error are counted. Successful PASE negotiations
     do not reset the rate limiter.
  -- For PASE negotiations with key confirmation option disabled: every
     PASE negotiation, successful or otherwise, is added to the rate limiter.

This change addresses CVE security vulnerability: CVE-2019-5035

Author: emargolis

src/lib/core/WeaveConfig.h

@@ -426,6 +426,37 @@
 #endif // WEAVE_CONFIG_USE_MICRO_ECC
 #endif // WEAVE_CONFIG_PASE_MESSAGE_PAYLOAD_ALIGNMENT
 
+/**
+ *  @def WEAVE_CONFIG_PASE_RATE_LIMITER_TIMEOUT
+ *
+ *  @brief
+ *    The amount of time (in milliseconds) in which the Security Manager
+ *    is allowed to have maximum #WEAVE_CONFIG_PASE_RATE_LIMITER_MAX_ATTEMPTS
+ *    counted PASE attempts.
+ *
+ */
+#ifndef WEAVE_CONFIG_PASE_RATE_LIMITER_TIMEOUT
+#define WEAVE_CONFIG_PASE_RATE_LIMITER_TIMEOUT              15000
+#endif // WEAVE_CONFIG_PASE_RATE_LIMITER_TIMEOUT
+
+/**
+ *  @def WEAVE_CONFIG_PASE_RATE_LIMITER_MAX_ATTEMPTS
+ *
+ *  @brief
+ *    The maximum number of PASE attempts after which the
+ *    next PASE session establishment attempt will be allowed
+ *    only after #WEAVE_CONFIG_PASE_RATE_LIMITER_TIMEOUT expires.
+ *     * For PASE negotiations with key confirmation option enabled:
+ *       only attempts that failed with key confirmation error are counted.
+ *       Successful PASE negotiations do not reset the rate limiter.
+ *     * For PASE negotiations with key confirmation option disabled:
+ *       every PASE negotiation, successful or otherwise, is added
+ *       to the rate limiter.
+ *
+ */
+#ifndef WEAVE_CONFIG_PASE_RATE_LIMITER_MAX_ATTEMPTS
+#define WEAVE_CONFIG_PASE_RATE_LIMITER_MAX_ATTEMPTS         3
+#endif // WEAVE_CONFIG_PASE_RATE_LIMITER_MAX_ATTEMPTS
 
 /**
  *  @name Weave Security Manager Memory Management Configuration

src/lib/core/WeaveSecurityMgr.cpp

@@ -98,6 +98,10 @@ WEAVE_ERROR WeaveSecurityManager::Init(WeaveExchangeManager& aExchangeMgr, Syste
 #if WEAVE_CONFIG_ENABLE_PASE_INITIATOR || WEAVE_CONFIG_ENABLE_PASE_RESPONDER
     mPASEEngine = NULL;
 #endif
+#if WEAVE_CONFIG_ENABLE_PASE_RESPONDER
+    mPASERateLimiterTimeout = 0;
+    mPASERateLimiterCount = 0;
+#endif
 #if WEAVE_CONFIG_ENABLE_CASE_INITIATOR || WEAVE_CONFIG_ENABLE_CASE_RESPONDER
     mCASEEngine = NULL;
     mDefaultAuthDelegate = NULL;
@@ -223,6 +227,14 @@ void WeaveSecurityManager::HandleUnsolicitedMessage(ExchangeContext *ec, const I
         // PASE is not supported over WRMP.
         VerifyOrExit(ec->Con != NULL, err = WEAVE_ERROR_INVALID_ARGUMENT);
 
+        uint64_t nowTimeMS = System::Layer::GetClock_MonotonicMS();
+
+        // PASE rate limiter.
+        // Reject the request if too many PASE attempts in a given time period.
+        VerifyOrExit(secMgr->mPASERateLimiterCount < WEAVE_CONFIG_PASE_RATE_LIMITER_MAX_ATTEMPTS ||
+                     secMgr->mPASERateLimiterTimeout < nowTimeMS,
+                     err = WEAVE_ERROR_RATE_LIMIT_EXCEEDED);
+
         secMgr->HandlePASESessionStart(ec, pktInfo, msgInfo, msgBuf);
         msgBuf = NULL;
 #else
@@ -2853,6 +2865,33 @@ void WeaveSecurityManager::HandleMsgCounterSyncRespMsg(WeaveMessageInfo *msgInfo
 
 #endif // WEAVE_CONFIG_USE_APP_GROUP_KEYS_FOR_MSG_ENC
 
+#if WEAVE_CONFIG_ENABLE_PASE_RESPONDER
+void WeaveSecurityManager::UpdatePASERateLimiter(WEAVE_ERROR err)
+{
+    // Update PASE rate limiter parameters in the following cases:
+    //   -- PASE with key confirmation: count only PASE attempts that fail with key confirmation error.
+    //   -- PASE without key confirmation: every PASE attempt counts as failure.
+    if (State == kState_PASEInProgress && mPASEEngine->IsResponder() &&
+        ((mPASEEngine->PerformKeyConfirmation && err == WEAVE_ERROR_KEY_CONFIRMATION_FAILED) ||
+         (!mPASEEngine->PerformKeyConfirmation && err == WEAVE_NO_ERROR)))
+    {
+        uint64_t nowTimeMS = System::Layer::GetClock_MonotonicMS();
+
+        // Reset PASE rate limiter parameters if timeout expired.
+        if (nowTimeMS > mPASERateLimiterTimeout)
+        {
+            mPASERateLimiterTimeout = nowTimeMS + WEAVE_CONFIG_PASE_RATE_LIMITER_TIMEOUT;
+            mPASERateLimiterCount = 1;
+        }
+        // Otherwise, increment PASE rate limiter counter.
+        else
+        {
+            mPASERateLimiterCount++;
+        }
+    }
+}
+#endif // WEAVE_CONFIG_ENABLE_PASE_RESPONDER
+
 WEAVE_ERROR WeaveSecurityManager::HandleSessionEstablished(void)
 {
     WEAVE_ERROR err = WEAVE_NO_ERROR;
@@ -2892,6 +2931,10 @@ WEAVE_ERROR WeaveSecurityManager::HandleSessionEstablished(void)
         // Form the key auth mode based on the password source.
         authMode = PASEAuthMode(mPASEEngine->PwSource);
 
+#if WEAVE_CONFIG_ENABLE_PASE_RESPONDER
+        UpdatePASERateLimiter(WEAVE_NO_ERROR);
+#endif
+
         break;
 #endif
 
@@ -2980,6 +3023,10 @@ void WeaveSecurityManager::HandleSessionError(WEAVE_ERROR err, PacketBuffer* sta
         StatusReport rcvdStatusReport;
         StatusReport *statusReportPtr = NULL;
 
+#if WEAVE_CONFIG_ENABLE_PASE_RESPONDER
+        UpdatePASERateLimiter(err);
+#endif
+
         // If a status report was received from the peer, parse it and arrange to pass it
         // to the callbacks.
         if (err == WEAVE_ERROR_STATUS_REPORT_RECEIVED)

src/lib/core/WeaveSecurityMgr.h

@@ -405,6 +405,11 @@ class NL_DLL_EXPORT WeaveSecurityManager
         void *mStartSecureSession_ReqState;
         void *mStartKeyExport_ReqState;
     };
+#if WEAVE_CONFIG_ENABLE_PASE_RESPONDER
+    uint32_t mPASERateLimiterTimeout;
+    uint8_t mPASERateLimiterCount;
+    void UpdatePASERateLimiter(WEAVE_ERROR err);
+#endif
 #if WEAVE_CONFIG_ENABLE_CASE_INITIATOR || WEAVE_CONFIG_ENABLE_CASE_RESPONDER
     WeaveCASEAuthDelegate *mDefaultAuthDelegate;
 #endif