From 3a8efdf19dd3d33046dd21b71513909c655a92b3 Mon Sep 17 00:00:00 2001
From: pennam <m.pennasilico@arduino.cc>
Date: Wed, 20 Dec 2023 12:09:39 +0100
Subject: [PATCH 1/2] SSLClient: fix SE050 keySlot configuration

---
 libraries/SSLClient/src/SSLClient.cpp | 7 +++++--
 libraries/SSLClient/src/SSLClient.h   | 2 +-
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/libraries/SSLClient/src/SSLClient.cpp b/libraries/SSLClient/src/SSLClient.cpp
index 81a720f7c..95df36edf 100644
--- a/libraries/SSLClient/src/SSLClient.cpp
+++ b/libraries/SSLClient/src/SSLClient.cpp
@@ -349,7 +349,7 @@ bool SSLClient::loadPrivateKey(Stream& stream, size_t size) {
   return ret;
 }
 
-void SSLClient::setEccSlot(int KeySlot, const byte cert[], int certLen) {
+void SSLClient::setEccSlot(unsigned int KeySlot, const byte cert[], int certLen) {
     unsigned char buf[1024];
     size_t olen;
     int ret;
@@ -377,7 +377,10 @@ void SSLClient::setEccSlot(int KeySlot, const byte cert[], int certLen) {
         0x83, 0xA3, 0x5E, 0x5B, 0x64, 0x1D, 0x29, 0xED, 0x85
     };
 
-    key[28] = KeySlot;
+    key[25] = (KeySlot >> 24) & 0xFF;
+    key[26] = (KeySlot >> 16) & 0xFF;
+    key[27] = (KeySlot >>  8) & 0xFF;
+    key[28] = KeySlot & 0xFF;
 
     if ((ret = mbedtls_pem_write_buffer("-----BEGIN EC PRIVATE KEY-----\n",
                                         "-----END EC PRIVATE KEY-----\n",
diff --git a/libraries/SSLClient/src/SSLClient.h b/libraries/SSLClient/src/SSLClient.h
index d57dc9d97..a5cfbf040 100644
--- a/libraries/SSLClient/src/SSLClient.h
+++ b/libraries/SSLClient/src/SSLClient.h
@@ -79,7 +79,7 @@ class SSLClient : public Client
     bool loadCACert(Stream& stream, size_t size);
     bool loadCertificate(Stream& stream, size_t size);
     bool loadPrivateKey(Stream& stream, size_t size);
-    void setEccSlot(int KeySlot, const byte cert[], int certLen);
+    void setEccSlot(unsigned int KeySlot, const byte cert[], int certLen);
     bool verify(const char* fingerprint, const char* domain_name);
     void setHandshakeTimeout(unsigned long handshake_timeout);
 

From 58d04ac147e10d7a6ad46243c97f2e5f088adbd4 Mon Sep 17 00:00:00 2001
From: pennam <m.pennasilico@arduino.cc>
Date: Wed, 20 Dec 2023 12:11:00 +0100
Subject: [PATCH 2/2] mbedtls_alt: fix signature algo setting for SE050

---
 extras/tls/mbedtls_alt/ecdsa_se05x.c          |  29 +++++++++++++++++-
 .../SSLClient/src/cortex-m33/libmbedse05x.a   | Bin 6908 -> 7012 bytes
 2 files changed, 28 insertions(+), 1 deletion(-)

diff --git a/extras/tls/mbedtls_alt/ecdsa_se05x.c b/extras/tls/mbedtls_alt/ecdsa_se05x.c
index 2ec3f733b..b8ca6f7d2 100644
--- a/extras/tls/mbedtls_alt/ecdsa_se05x.c
+++ b/extras/tls/mbedtls_alt/ecdsa_se05x.c
@@ -166,9 +166,36 @@ int mbedtls_ecdsa_sign(mbedtls_ecp_group *grp,
         return -1;
     }
 
+    SE05x_ECSignatureAlgo_t signatureAlgo = kSE05x_ECSignatureAlgo_NA;
+
+    switch (blen) {
+    case 20:
+        signatureAlgo = kSE05x_ECSignatureAlgo_SHA;
+        break;
+    case 28:
+        signatureAlgo = kSE05x_ECSignatureAlgo_SHA_224;
+        break;
+    case 32:
+        signatureAlgo = kSE05x_ECSignatureAlgo_SHA_256;
+        break;
+    case 48:
+        signatureAlgo = kSE05x_ECSignatureAlgo_SHA_384;
+        break;
+    case 64:
+        signatureAlgo = kSE05x_ECSignatureAlgo_SHA_512;
+        break;
+    default:
+        break;
+    }
+
+    if (signatureAlgo == kSE05x_ECSignatureAlgo_NA) {
+        SMLOG_E("Unknown EC signature algo %d\r\n", blen);
+        return -1;
+    }
+
     SMLOG_I("Using SE05x for ecdsa sign. blen: %d\r\n", blen);
     status = Se05x_API_ECDSASign(
-        pSession, keyID, kSE05x_ECSignatureAlgo_SHA_384, (uint8_t *)buf, blen, signature, &signature_len);
+        pSession, keyID, signatureAlgo, (uint8_t *)buf, blen, signature, &signature_len);
     if (status != SM_OK) {
         SMLOG_E("Error in Se05x_API_ECDSASign\r\n");
         return -1;
diff --git a/libraries/SSLClient/src/cortex-m33/libmbedse05x.a b/libraries/SSLClient/src/cortex-m33/libmbedse05x.a
index f62c48a63ac05ce74838f319a2213871974b5337..f13ce9f7276d07fe8b433722dced06fa6463d27a 100644
GIT binary patch
delta 998
zcmYk5dq`7J9LIm>Zdd2kwaq=8F=Y=mO`@yI6g4!PhdVJ=CLv*wJ;)x+NTrp7krhZ7
zC@1<ODFPwN!Uy{&K^XZ*|MXx&K@pKeaTTMs$h<+d&RLh}!uR+2y|};Mx!m)!>ciHN
zd|kEZ6|2P>@2IOP!`2R9YbU?>)1yzf{i{Sxs7Ux15fid&YQ!zXX)EO{S!6JKetqy{
zu;*;h*}TKqd;D0itFQmeQD@hwV?EAd(vWkn5H>9*0#Nd0`XU~}!_rlM0nWp3l@Ft-
zwcn{L1nKj%6*%lB4t-%gKZ$VZ%z(s7fkaBQFHR%{knZc;8TafymK~YtPge)VYO#i#
zAKQ+fEh7>d>%b(eug&gC7az;-l-uNy-Wu5_eU@)3W)YR6c!#tk&nBIQ+_>)5Y|>&V
ziq9q;)cWxrX`EI>gNtSw4c`|6i4p-V1`;m8k9VfuNQdBO3XHVjG8`IvqX4jFrdN#t
zA>J&_$$^APSfaLA_(-i=crSx1>@JJkElnTO6VfMdXNh!)I_Zw=?LHLZ>TWbC3*#ZK
ze0Aa44~^)@Q2rpM_3)lR0=SQ%hq2;wOPRhH^76@4)uMf($*7<wnmD2sRj$d$9dk*}
zz^`Z^-}hqSaA()vK?ju0#l}159j`OXurH=bro0hUNn3K<zTsy6b*_T4vlIlVVofga
zZNz@;#OxF+nN<hTOPjP$cHu^RLdSBt8MD+TS9I6l7M*rwH)1&`ZTPl%>Z=SfGyHu{
zAo|Bp*G1Jr)kAfiYKrPP)oKnk7TP3I`J)Af280^PexnzKqoc+(6tUB~K$}EHJwUxm
z%(xDqjnM#bfRXm~F&Y8FYRrZSCV+Xy+`mIv-+LC*E!kWaV@3-=kde+2I4UbdppZHA
z2$d=uDLEd%r&3bcs&bdgc9k6}J5?T3c|>Km%2O&&tL#ft0}zT{Fw?KnOCDJ~{9U?U
zm@HFoC=)<OOjZw9q$NSYMp~^#bc^h_Za}ZdW$Om6BZEv@OZX8Tz$N0+n#m`t>Hk}r
K7j@VcwSNEzgD7AC

delta 896
zcmYk*Ur19?7y$6^-0f~_b8U0pxom~o%<j}=^Y5CPI>zBn!L^8p@F5C9f}ncZN*h!U
zK1Fs))KLUQXi7Qu(t|N5p@;r3qXOwc3F9W3xzM(tTKBArbm89LIp24_`+Z!vOHIET
zukX+_dF$(%8$A1m?2RgJ6@XhMzuB`xuiCaUNfWBjZtaK(SryH0H>p89Go>Myb<fDj
zqWcZ|me)g2`EB|N9>fE}rQj}Hiu2h&`Tj1|q_HpDcf+B0?!m!vVOTR&h&w!(bm({c
z^_h}w2=j?E0u6`O^X{@mVe(-{3mS)N!Wy7a6&^{PD&#N5eON&*#5*xVqVb~`kw~13
z>3zCGh4ierkULHm^jxf4SQBsO%x+YT(m~;i7#$S~C!+D!%P0uM;c($d{9_J)HkjTt
zhETdwcqjHtbGgR(VH$Nt^qIR_xAcY<;e|M#1NVst(=z7I&fSYJ)f;m+e=6JuF;q{b
zln&P6#G!RSpCeCFd!lPGbs&Z6*i63hfpx-f$)T5uG)Pb6$%=ipnG9oKR~VHs@OG}O
z*Loyj1AZoTtT$sztA!Nu=mIV*q?k;;?veGHpPe`7kWQOJK&!bx6%OO_!pB`vv$xQD
zPKb(j+<{MP=+K%(v2aebv!h<zrBSYg5e)+0zR~mey9g;W{JXkI*sxRoLE3Cew+R7M
zB?k=c2r0=^V?An3W{g=BE0J>AB7hpI9>6Q>r)~%6p&9^ssnWUgR3kvYydR;O0A{Jh
z0BJeCM3qKiq`tJyN|l<`Ql&m`s2s%L6J1yUe#j~rsfY#8$QH>OWlLnOvNqXr*$P=+
zwno-1+aT+umL}KCK7<Yv7w2RLr3qR|SX%LFX?hanoXo6(+~F$O14;lNu`A7FN^3+B
d@|D}m=A<EO$+Fgoc+zI!|NnnVlUFT^%D+}q1+oAD