From 1e6455da0ba868448e21e2ec082a1bb8293adc7c Mon Sep 17 00:00:00 2001
From: paul-szczepanek-arm
 <33840200+paul-szczepanek-arm@users.noreply.github.com>
Date: Wed, 11 Apr 2018 13:37:04 +0100
Subject: [PATCH] check encryption before signing

---
 .../source/generic/GenericGattClient.cpp            | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/features/FEATURE_BLE/source/generic/GenericGattClient.cpp b/features/FEATURE_BLE/source/generic/GenericGattClient.cpp
index 088e120dd6..cbf61a9246 100644
--- a/features/FEATURE_BLE/source/generic/GenericGattClient.cpp
+++ b/features/FEATURE_BLE/source/generic/GenericGattClient.cpp
@@ -1084,6 +1084,18 @@ ble_error_t GenericGattClient::write(
 
     uint16_t mtu = get_mtu(connection_handle);
 
+    /* if link is encrypted signed writes should be normal writes */
+    if (cmd == GattClient::GATT_OP_SIGNED_WRITE_CMD) {
+        ble::link_encryption_t encryption(ble::link_encryption_t::NOT_ENCRYPTED);
+        SecurityManager &sm = createBLEInstance()->getSecurityManager();
+        ble_error_t status = sm.getLinkEncryption(connection_handle, &encryption);
+        if (status == BLE_ERROR_NONE
+            || encryption == ble::link_encryption_t::ENCRYPTED
+            || encryption == ble::link_encryption_t::ENCRYPTED_WITH_MITM) {
+            cmd = GattClient::GATT_OP_WRITE_CMD;
+        }
+    }
+
     if (cmd == GattClient::GATT_OP_WRITE_CMD) {
         if (length > (uint16_t) (mtu - WRITE_HEADER_LENGTH)) {
             return BLE_ERROR_PARAM_OUT_OF_RANGE;
@@ -1094,7 +1106,6 @@ ble_error_t GenericGattClient::write(
             make_const_ArrayView(value, length)
         );
     } else if (cmd == GattClient::GATT_OP_SIGNED_WRITE_CMD) {
-        /*TODO check encryption status */
         if (length > (uint16_t) (mtu - WRITE_HEADER_LENGTH - CMAC_LENGTH - MAC_COUNTER_LENGTH)) {
             return BLE_ERROR_PARAM_OUT_OF_RANGE;
         }