From e39bb4b92c911cc57f57d4ea714a2b21b456d5fb Mon Sep 17 00:00:00 2001
From: Vincent Coubard <vincent.coubard@arm.com>
Date: Tue, 1 May 2018 11:38:30 +0100
Subject: [PATCH] BLE - GenericGattClient: Exploit ENCRYPTED_WITH_SC_AND_MITM
 encryption.

IF link is encrypted, authenticated or authenticated with lesc then signed write must be transformed into regular write commands.
---
 features/FEATURE_BLE/source/generic/GenericGattClient.cpp | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/features/FEATURE_BLE/source/generic/GenericGattClient.cpp b/features/FEATURE_BLE/source/generic/GenericGattClient.cpp
index cbf61a9246..9e6fae41dd 100644
--- a/features/FEATURE_BLE/source/generic/GenericGattClient.cpp
+++ b/features/FEATURE_BLE/source/generic/GenericGattClient.cpp
@@ -1089,9 +1089,11 @@ ble_error_t GenericGattClient::write(
         ble::link_encryption_t encryption(ble::link_encryption_t::NOT_ENCRYPTED);
         SecurityManager &sm = createBLEInstance()->getSecurityManager();
         ble_error_t status = sm.getLinkEncryption(connection_handle, &encryption);
-        if (status == BLE_ERROR_NONE
-            || encryption == ble::link_encryption_t::ENCRYPTED
-            || encryption == ble::link_encryption_t::ENCRYPTED_WITH_MITM) {
+        if (status == BLE_ERROR_NONE &&
+            (encryption == link_encryption_t::ENCRYPTED ||
+             encryption == link_encryption_t::ENCRYPTED_WITH_MITM ||
+             encryption == link_encryption_t::ENCRYPTED_WITH_SC_AND_MITM)
+        ) {
             cmd = GattClient::GATT_OP_WRITE_CMD;
         }
     }