SSLClient SE050: fix KeySlot and signature algo configuration

extras/tls/mbedtls_alt/ecdsa_se05x.c

@@ -166,9 +166,36 @@ int mbedtls_ecdsa_sign(mbedtls_ecp_group *grp,
         return -1;
     }
 
+    SE05x_ECSignatureAlgo_t signatureAlgo = kSE05x_ECSignatureAlgo_NA;
+
+    switch (blen) {
+    case 20:
+        signatureAlgo = kSE05x_ECSignatureAlgo_SHA;
+        break;
+    case 28:
+        signatureAlgo = kSE05x_ECSignatureAlgo_SHA_224;
+        break;
+    case 32:
+        signatureAlgo = kSE05x_ECSignatureAlgo_SHA_256;
+        break;
+    case 48:
+        signatureAlgo = kSE05x_ECSignatureAlgo_SHA_384;
+        break;
+    case 64:
+        signatureAlgo = kSE05x_ECSignatureAlgo_SHA_512;
+        break;
+    default:
+        break;
+    }
+
+    if (signatureAlgo == kSE05x_ECSignatureAlgo_NA) {
+        SMLOG_E("Unknown EC signature algo %d\r\n", blen);
+        return -1;
+    }
+
     SMLOG_I("Using SE05x for ecdsa sign. blen: %d\r\n", blen);
     status = Se05x_API_ECDSASign(
-        pSession, keyID, kSE05x_ECSignatureAlgo_SHA_384, (uint8_t *)buf, blen, signature, &signature_len);
+        pSession, keyID, signatureAlgo, (uint8_t *)buf, blen, signature, &signature_len);
     if (status != SM_OK) {
         SMLOG_E("Error in Se05x_API_ECDSASign\r\n");
         return -1;

libraries/SSLClient/src/SSLClient.cpp

@@ -349,7 +349,7 @@ bool SSLClient::loadPrivateKey(Stream& stream, size_t size) {
   return ret;
 }
 
-void SSLClient::setEccSlot(int KeySlot, const byte cert[], int certLen) {
+void SSLClient::setEccSlot(unsigned int KeySlot, const byte cert[], int certLen) {
     unsigned char buf[1024];
     size_t olen;
     int ret;
@@ -377,7 +377,10 @@ void SSLClient::setEccSlot(int KeySlot, const byte cert[], int certLen) {
         0x83, 0xA3, 0x5E, 0x5B, 0x64, 0x1D, 0x29, 0xED, 0x85
     };
 
-    key[28] = KeySlot;
+    key[25] = (KeySlot >> 24) & 0xFF;
+    key[26] = (KeySlot >> 16) & 0xFF;
+    key[27] = (KeySlot >>  8) & 0xFF;
+    key[28] = KeySlot & 0xFF;
 
     if ((ret = mbedtls_pem_write_buffer("-----BEGIN EC PRIVATE KEY-----\n",
                                         "-----END EC PRIVATE KEY-----\n",

libraries/SSLClient/src/SSLClient.h

@@ -79,7 +79,7 @@ class SSLClient : public Client
     bool loadCACert(Stream& stream, size_t size);
     bool loadCertificate(Stream& stream, size_t size);
     bool loadPrivateKey(Stream& stream, size_t size);
-    void setEccSlot(int KeySlot, const byte cert[], int certLen);
+    void setEccSlot(unsigned int KeySlot, const byte cert[], int certLen);
     bool verify(const char* fingerprint, const char* domain_name);
     void setHandshakeTimeout(unsigned long handshake_timeout);