initial commit for RZN2L board Support

IDE/Renesas/e2studio/RZN2L/README.md

@@ -0,0 +1,536 @@
+wolfSSL for Renesas RZN2L Board
+=================================================
+
+## Description
+
+This directory contains e2studio projects targeted at the Renesas RZ MCUs.
+The example projects include a wolfSSL TLS client and server.
+They also include benchmark and cryptography tests for the wolfCrypt library.
+
+The example project contains both the wolfSSL and wolfCrypt libraries.
+It is built as a `Renesas RZ/N C/C++ FSP Project` and contains the Renesas RZ
+configuration. The wolfssl project uses `Renesas Secure IP on RZ` 
+as hardware acceleration for cyptography.
+
+**Limitation**
+
+Due to lacking of TLS related feature on RSIP driver version, TLS connection examples below use `SHA` and `Random generation` of RSIP driver.
+
+The example project summary is listed below and is relevant for every project.
+
+### Project Summary
+|Item|Name/Version|
+|:--|:--|
+|Board|RZN2L|
+|Device|R9A07G084M04GBG|
+|Toolchain|GCC for Renesas RZ|
+|Toolchain Version|10.3.1.20210824|
+|FSP Version|1.2.0|
+
+#### Selected software components
+
+|Components|Version|Note|
+|:--|:--|:--|
+|Board Support Package Common Files|v1.20||
+|I/O Port|v1.2.0||
+|Arm CMSIS Version 5 - Core (M)|v5.7.0+renesas.1||
+|Board support package for R9A07G084M04GBG|v1.2.0|| 
+|Board support package for RZN2L|v1.2.0||
+|Board support package for RZN2L - FSP Data|v1.2.0|| 
+|RSK+RZN2L Board Support Files (RAM execution without flash memory)|v1.2.0||
+|FreeRTOS - Buffer Allocation 2|v1.2.0||
+|FreeRTOS - Memory Management - Heap 4|v1.2.0||
+|FreeRTOS+TCP|v1.2.0||
+|Ethernet PHY |v1.2.0||
+|Ethernet Selector|v1.2.0||
+|Ethernet|v1.2.0||
+|Ethernet Switch|v1.2.0||
+|SCI UART|v1.2.0||
+|r_ether to FreeRTOS+TCP Wrapper|v1.2.0||
+|Renesas Secure IP Driver|v1.3.0+fsp.1.2.0|Need to contact Renesas to get RSIP module|
+|RSIP Engine for RZ/N2L|v1.3.0+fsp.1.2.0|Need to contact Renesas to get RSIP module|
+
+
+## Setup Steps and Build wolfSSL Library
+
+1.) Import  projects from [File]->[Open projects from File System]
+
++ Select folder at /path/to/wolfssl/IDE/Renesas/e2studio/RZN2L/test
+
+2.) Create a `dummy_application` Renesas RZ/N C/C++ FSP Project.
+
++ Click File->New->`RZ/N C/C++ FSP Project`.
++ Enter project name `dummu_application`.
++ Select Board: to `RSK+RZN2L (RAM execution without flash memory)`.
++ Select Device: to `R9A07G084M04GBG`. Click Next.
++ Check to `Executable`
++ Select FreeRTOS from RTOS selection. Click Finish.
++ Check `FreeRTOS minimal - Static Allocation`. Click Finish.
++ Open FSP Configurator by clicking configuration.xml in the project -->
++ Go to `Stacks` tab
++ Add new thread by clicking `New Thread`, and set properties below
+
+|Property|Value|
+|:--|:--|
+|Thread Symbol|rzn2l_tst_thread|
+|Thread Name|rzn2l_tst_thread|
+|Thread Stack size|increase depending on your environment<br> e.g. 0xA000|
+|Thread MemoryAllocation|Dyamic|
+|Common General Use Mutexes|Enabled|
+|Common General Enable Backward Compatibility|Enabled|
+|Common Memory Allocation Support Dynamic Allocation|Enabled|
+|Common Memory Allocation Total Heap Size|increase depending on your environment<br> e.g. 0x20000|
+
++ Add `Heap 4` stack to rzn2l_tst_thread from `New Stack` -> `FreeRTOS` -> `FreeRTOS Heap 4`
++ Add `UART Driver` stack to rzn2l_tst_thread from `New Stack` -> `Connectivity` -> `UART Driver`
++ Add `FreeRTOS + TCP` stack to rzn2l_tst_thread from `New Stack` -> -> `FreeRTOS` -> `Libraries` -> `FreeRTOS+TCP` and set properties
+  
++ Save `dummy_application` FSP configuration
++ Copy <u>configuration.xml</u> under `dummy_application` to `test_RZN2L`
++ Open FSP configuration by clicking copied configuration.xml at `test_RZN2L`
++ Click `Generate Project Content` on FSP configuration GUI
+
+3.) Prepare UART to logging
+
++ Download Sample package from [BACnet Start-Up](https://www.renesas.com/us/en/products/microcontrollers-microprocessors/rz-mpus/bacnet-start-rzn2l-rsk)
++ Copy the following C source files from the project to src/serial_io folder of `test_RZN2L`
+      + um_serial_io_uart.c
+      + um_serial_io_task_writer.c
+      + um_serial_io_cfg.h
+      + um_common_api.h
+      + um_common_cfg.h
+      + um_serial_io.c
+      + um_serial_io.h
+      + um_serial_io_api.h
+      + um_serial_io_internal.h
++ Open um_serial_io_task_writer.c and re-name printf to uart_printf
+  
+3.) Build `test_RZN2L` project
+
+## Run `test_RZN2L`
+
+1). Right click the project and Select menu Debug -> Renesas GDB Hardware debugging
+2). Select J-Link ARM and R9A07G084M04
+3). Break at Entory point. Change `cpsr` register value from 0xXXXXX1yy to 0xXXXXX1da
+
+## Run TLS 1.3 Client
+1.) Enable `WOLFSSL_TLS13` macro in `user_settings.h`
+
+2.) Enable `TLS_CLIENT` macro in `wolfssl_demo.h` of test_RZN2L project
+
+3.) Client IP address and Server IP address
+
++ Client IP address can be changed by the following line in `rzn2l_tst_thread_entry.c`.
+```
+static const byte ucIPAddress[4]          = { 192, 168, 11, 241 };
+```
++ Server IP address can be changed by the following line in wolf_client.c.
+```
+#define SERVER_IP    "192.168.11.65"
+```
+
+3.) Build test_RZN2L project
+
+4.) Prepare peer wolfssl server
+
++ On Linux
++ Clone wolfssl from [github repository](https://github.com/wolfssl/wolfssl.git)
+```
+$ ./autogen.sh
+$ ./configure
+$ make
+```
+
++ Run peer wolfSSL server
+
++ RSA sign and verify use, launch server with the following option
+```
+$./examples/server/server -b -d -i -v 4
+```
+
++ For ECDSA sign and verify use, 
+Enable the `USE_CRT_BUFFER_256` macro in `wolfssl_demo.h`
+Disble the `USE_CRT_BUFFER_2048` macro in `wolfssl_demo.h`
+
++ launch server with the following option.
+```
+$./examples/server/server -b -d -i -v 4 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem
+```
+
+5.) Run the example Client
+
+You will see the following message on a UART terminal when using RSA sign and verify or ECDSA sign and verify.
+```
+ Started Serial I/O interface.
+ Start TLS Connection to 192.168.11.65 port(11111)
+ Error [-116]: FreeRTOS_connect. <-- A number of messages will be showed by depending on number of connection failures.
+ Start to connect to the server.
+  Cipher : TLS13-AES128-GCM-SHA256
+ Received: I hear you fa shizzle!
+
+ Start to connect to the server.
+  Cipher : TLS13-AES256-GCM-SHA384
+ Received: I hear you fa shizzle!
+
+ End of Client Example
+```
+
+## Run TLS 1.2 Client
+1.) Disable `WOLFSSL_TLS13` macro in `user_settings.h`
+
+2.) Enable `TLS_CLIENT` macro in `wolfssl_demo.h` of test_RZN2L project
+
+3.) Client IP address and Server IP address
+
++ Client IP address can be changed by the following line in `rzn2l_tst_thread_entry.c`.
+```
+static const byte ucIPAddress[4]          = { 192, 168, 11, 241 };
+```
++ Server IP address can be changed by the following line in wolf_client.c.
+```
+#define SERVER_IP    "192.168.11.65"
+```
+
+3.) Build test_RZN2L project
+
+4.) Prepare peer wolfssl server
+
++ On Linux
++ Clone wolfssl from [github repository](https://github.com/wolfssl/wolfssl.git)
+```
+$ ./autogen.sh
+$ ./configure
+$ make
+```
+
++ Run peer wolfSSL server
+
++ RSA sign and verify use, launch server with the following option
+```
+$./examples/server/server -b -d -i -v 3
+```
+
++ For ECDSA sign and verify use, 
+Enable the `USE_CRT_BUFFER_256` macro in `wolfssl_demo.h`
+Disble the `USE_CRT_BUFFER_2048` macro in `wolfssl_demo.h`
+
++ launch server with the following option.
+```
+$./examples/server/server -b -d -i -v 3 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem
+```
+
+5.) Run the example Client
+
+You will see the following message on a UART terminal when using RSA sign and verify.
+```
+Started Serial I/O interface.
+ Start TLS Connection to 192.168.11.65 port(11111)
+ Error [-116]: FreeRTOS_connect.
+ Start to connect to the server.
+  Cipher : ECDHE-RSA-AES128-GCM-SHA256
+ Received: I hear you fa shizzle!
+
+ Start to connect to the server.
+  Cipher : ECDHE-RSA-AES256-SHA
+ Received: I hear you fa shizzle!
+
+ Start to connect to the server.
+  Cipher : ECDHE-RSA-AES128-SHA256
+ Received: I hear you fa shizzle!
+
+
+ End of Client Example
+```
+
+You will see the following message on a UART terminal when using ECDSA sign and verify.
+```
+Started Serial I/O interface.
+ Start TLS Connection to 192.168.11.65 port(11111)
+ Error [-116]: FreeRTOS_connect.
+ Start to connect to the server.
+  Cipher : ECDHE-ECDSA-AES128-GCM-SHA256
+ Received: I hear you fa shizzle!
+
+ Start to connect to the server.
+  Cipher : ECDHE-ECDSA-AES256-SHA
+ Received: I hear you fa shizzle!
+
+ Start to connect to the server.
+  Cipher : ECDHE-ECDSA-AES128-SHA256
+ Received: I hear you fa shizzle!
+
+
+ End of Client Example
+```
+
+## Run TLS 1.3 Server
+1.) Enable `WOLFSSL_TLS13` macro in `user_settings.h`
+
+2.) Enable `TLS_SERVER` macro in `wolfssl_demo.h` of test_RZN2L project
+
+3.) Client IP address and Server IP address
+
++ Server IP address can be changed by the following line in `rzn2l_tst_thread_entry.c`.
+```
+static const byte ucIPAddress[4]          = { 192, 168, 11, 241 };
+```
+
+3.) Build test_RZN2L project
+
++ For ECDSA sign and verify use, 
+Enable the `USE_CRT_BUFFER_256` macro in `wolfssl_demo.h`
+Disble the `USE_CRT_BUFFER_2048` macro in `wolfssl_demo.h`
+
++ launch server from e2studio
+
+4.) Prepare peer wolfssl client
+
++ On Linux
++ Clone wolfssl from [github repository](https://github.com/wolfssl/wolfssl.git)
+```
+$ ./autogen.sh
+$ ./configure
+$ make
+```
+
+5.) Run peer wolfSSL client
+
++ RSA sign and verify use, run peer client with the following option
+```
+$./examples/client/client -h 192.168.11.241 -p 11111 -v 4
+```
+
+You will see the following message on a UART terminal when using RSA sign and verify.
+```
+Started Serial I/O interface.
+ Start TLS Accept at 192.168.011.241 port(11111)
+Received: hello wolfssl!
+Cleaning up socket and wolfSSL objects.
+Waiting connection....
+```
+
+You will see the follwoing message on Linux terminal.
+```
+$ ./examples/client/client -h 192.168.11.241 -p 11111 -v 4
+SSL version is TLSv1.3
+SSL cipher suite is TLS_AES_128_GCM_SHA256
+SSL curve name is SECP256R1
+I hear ya fa s
+```
+
++ ECDSA sign and verify use, run peer client with the following option
+```
+$./examples/client/client -h 192.168.11.241 -p 11111 -v 3 -A ./certs/ca-ecc-cert.pem -c ./certs/client-ecc-cert.pem  -k ./certs/ecc-client-key.pem
+```
+
+You will see the following message on a UART terminal when using ECDSA sign and verify.
+```
+Started Serial I/O interface.
+ Start TLS Accept at 192.168.011.241 port(11111)
+Received: hello wolfssl!
+Cleaning up socket and wolfSSL objects.
+Waiting connection....
+```
+You will see the follwoing message on Linux terminal.
+```
+$ ./examples/client/client -h 192.168.11.241 -p 11111 -v 4 -A ./certs/ca-ecc-cert.pem -c ./certs/client-ecc-cert.pem  -k ./cert
+s/ecc-client-key.pem
+SSL version is TLSv1.3
+SSL cipher suite is TLS_AES_128_GCM_SHA256
+SSL curve name is SECP256R1
+I hear ya fa s
+```
+
+## Run TLS 1.2 Server
+1.) Disable `WOLFSSL_TLS13` macro in `user_settings.h`
+
+2.) Enable `TLS_SERVER` macro in `wolfssl_demo.h` of test_RZN2L project
+
+3.) Client IP address and Server IP address
+
++ Server IP address can be changed by the following line in `rzn2l_tst_thread_entry.c`.
+```
+static const byte ucIPAddress[4]          = { 192, 168, 11, 241 };
+```
+
+3.) Build test_RZN2L project
+
++ For ECDSA sign and verify use, 
+Enable the `USE_CRT_BUFFER_256` macro in `wolfssl_demo.h`
+Disble the `USE_CRT_BUFFER_2048` macro in `wolfssl_demo.h`
+
++ launch server from e2studio
+
+4.) Prepare peer wolfssl client
+
++ On Linux
++ Clone wolfssl from [github repository](https://github.com/wolfssl/wolfssl.git)
+```
+$ ./autogen.sh
+$ ./configure
+$ make
+```
+
+5.) Run peer wolfSSL client
+
++ RSA sign and verify use, run peer client with the following option
+```
+$./examples/client/client -h 192.168.11.241 -p 11111 -v 4
+```
+
+You will see the following message on a UART terminal when using RSA sign and verify.
+```
+Started Serial I/O interface.
+ Start TLS Accept at 192.168.011.241 port(11111)
+Received: hello wolfssl!
+Cleaning up socket and wolfSSL objects.
+Waiting connection....
+```
+
+You will see the follwoing message on Linux terminal.
+```
+$ ./examples/client/client -h 192.168.11.241 -p 11111 -v 3
+SSL version is TLSv1.2
+SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+SSL curve name is SECP256R1
+I hear ya fa s
+```
+
++ ECDSA sign and verify use, run peer client with the following option
+```
+$./examples/client/client -h 192.168.11.241 -p 11111 -v 3 -A ./certs/ca-ecc-cert.pem -c ./certs/client-ecc-cert.pem  -k ./certs/ecc-client-key.pem
+```
+
+You will see the following message on a UART terminal when using ECDSA sign and verify.
+```
+Started Serial I/O interface.
+ Start TLS Accept at 192.168.011.241 port(11111)
+Received: hello wolfssl!
+Cleaning up socket and wolfSSL objects.
+Waiting connection....
+```
+You will see the follwoing message on Linux terminal.
+```
+$ ./examples/client/client -h 192.168.11.241 -p 11111 -v 3 -A ./certs/ca-ecc-cert.pem -c ./certs/client-ecc-cert.pem  -k ./certs/ecc-client-key.pem
+SSL version is TLSv1.2
+SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+SSL curve name is SECP256R1
+I hear ya fa s
+```
+## Run Crypt test 
+1.) Enable `CRYPT_TEST` macro in `wolfssl_demo.h`
+
+2.) Run `test_RZN2L` from e2studio
+
+Sample Output 
+
+```
+------------------------------------------------------------------------------
+ wolfSSL version 5.6.3
+------------------------------------------------------------------------------
+error    test passed!
+MEMORY   test passed!
+base64   test passed!
+asn      test passed!
+RANDOM   test passed!
+MD5      test passed!
+MD4      test passed!
+SHA      test passed!
+SHA-224  test passed!
+SHA-256  test passed!
+SHA-384  test passed!
+SHA-512  test passed!
+SHA-512/224  test passed!
+SHA-512/256  test passed!
+Hash     test passed!
+HMAC-MD5 test passed!
+HMAC-SHA test passed!
+HMAC-SHA224 test passed!
+HMAC-SHA256 test passed!
+HMAC-SHA384 test passed!
+HMAC-SHA512 test passed!
+HMAC-KDF    test passed!
+TLSv1.3 KDF test passed!
+DES      test passed!
+DES3     test passed!
+AES      test passed!
+AES256   test passed!
+AES-GCM  test passed!
+RSA      test passed!
+PWDBASED test passed!
+ECC      test passed!
+ECC buffer test passed!
+CURVE25519 test passed!
+logging  test passed!
+time test passed!
+mutex    test passed!
+crypto callback test passed!
+Test complete
+ End wolfCrypt Test
+```
+
+**Note**
+`SHA1/224/256/384/512` and `Randome generation` of RSIP driver are enabled at the sampele output above while running wolfCrypt test.
+
+## Run Benchmark
+
+1.) Enable `BENCHMARK` macro in `wolfssl_demo.h`
+
+2.) Run `test_RZN2L` from e2studio
+
+Sample Output 
+```
+Started Serial I/O interface. Start wolfCrypt Benchmark
+wolfCrypt Benchmark (block bytes 1024, min 1.0 sec each)
+RNG                      825.0 KiB took 1.021 seconds, 808.031 KiB/s
+AES-128-CBC-enc          1.0 MiB took 1.006 seconds, 1.189 MiB/s
+AES-128-CBC-dec          1.0 MiB took 1.000 seconds, 1.221 MiB/s
+AES-192-CBC-enc          1.0 MiB took 1.015 seconds, 1.058 MiB/s
+AES-192-CBC-dec          1.0 MiB took 1.020 seconds, 1.077 MiB/s
+AES-256-CBC-enc          1000.0 KiB took 1.020 seconds, 980.392 KiB/s
+AES-256-CBC-dec          1000.0 KiB took 1.010 seconds, 990.099 KiB/s
+AES-128-GCM-enc          400.0 KiB took 1.019 seconds, 392.542 KiB/s
+AES-128-GCM-dec          400.0 KiB took 1.019 seconds, 392.542 KiB/s
+AES-192-GCM-enc          400.0 KiB took 1.061 seconds, 377.003 KiB/s
+AES-192-GCM-dec          400.0 KiB took 1.061 seconds, 377.003 KiB/s
+AES-256-GCM-enc          375.0 KiB took 1.034 seconds, 362.669 KiB/s
+AES-256-GCM-dec          375.0 KiB took 1.033 seconds, 363.020 KiB/s
+AES-128-GCM-enc-no_AAD   400.0 KiB took 1.009 seconds, 396.432 KiB/s
+AES-128-GCM-dec-no_AAD   400.0 KiB took 1.008 seconds, 396.825 KiB/s
+AES-192-GCM-enc-no_AAD   400.0 KiB took 1.051 seconds, 380.590 KiB/s
+AES-192-GCM-dec-no_AAD   400.0 KiB took 1.051 seconds, 380.590 KiB/s
+AES-256-GCM-enc-no_AAD   375.0 KiB took 1.023 seconds, 366.569 KiB/s
+AES-256-GCM-dec-no_AAD   375.0 KiB took 1.024 seconds, 366.211 KiB/s
+GMAC Default             589.0 KiB took 1.001 seconds, 588.412 KiB/s
+3DES                     325.0 KiB took 1.043 seconds, 311.601 KiB/s
+MD5                      12.0 MiB took 1.000 seconds, 12.231 MiB/s
+SHA                      2.0 MiB took 1.001 seconds, 2.171 MiB/s
+SHA-224                  2.0 MiB took 1.001 seconds, 2.171 MiB/s
+SHA-256                  2.0 MiB took 1.002 seconds, 2.169 MiB/s
+SHA-384                  2.0 MiB took 1.001 seconds, 2.171 MiB/s
+SHA-512                  2.0 MiB took 1.002 seconds, 2.169 MiB/s
+SHA-512/224              2.0 MiB took 1.002 seconds, 2.169 MiB/s
+SHA-512/256              2.0 MiB took 1.002 seconds, 2.169 MiB/s
+HMAC-MD5                 12.0 MiB took 1.001 seconds, 12.195 MiB/s
+HMAC-SHA                 2.0 MiB took 1.001 seconds, 2.146 MiB/s
+HMAC-SHA224              2.0 MiB took 1.001 seconds, 2.146 MiB/s
+HMAC-SHA256              2.0 MiB took 1.002 seconds, 2.144 MiB/s
+HMAC-SHA384              2.0 MiB took 1.007 seconds, 2.134 MiB/s
+HMAC-SHA512              2.0 MiB took 1.007 seconds, 2.134 MiB/s
+PBKDF2                   288.0 bytes took 1.025 seconds, 280.976 bytes/s
+RSA     2048   public        48 ops took 1.028 sec, avg 21.417 ms, 46.693 ops/sec
+RSA     2048  private         2 ops took 2.787 sec, avg 1393.500 ms, 0.718 ops/sec
+ECC   [      SECP256R1]   256  key gen         2 ops took 1.467 sec, avg 733.500 ms, 1.363 ops/sec
+ECDHE [      SECP256R1]   256    agree         2 ops took 1.465 sec, avg 732.500 ms, 1.365 ops/sec
+ECDSA [      SECP256R1]   256     sign         2 ops took 8.049 sec, avg 4024.500 ms, 0.248 ops/sec
+ECDSA [      SECP256R1]   256   verify         2 ops took 2.794 sec, avg 1396.1000 ms, 0.716 ops/sec
+CURVE  25519  key gen         2 ops took 1.077 sec, avg 538.500 ms, 1.857 ops/sec
+CURVE  25519    agree         2 ops took 1.077 sec, avg 538.500 ms, 1.857 ops/sec
+Benchmark complete
+ End wolfCrypt Benchmark
+```
+**Note**
+`SHA1/224/256/384/512` and `Randome generation` of RSIP driver are enabled at the sampele output above.
+## Support
+
+For support inquiries and questions, please email support@wolfssl.com. Feel free to reach out to info@wolfssl.jp as well.

IDE/Renesas/e2studio/RZN2L/common/user_settings.h

@@ -0,0 +1,112 @@
+/* user_settings.h
+ *
+ * Copyright (C) 2006-2023 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+/* Operating Environment and Threading */
+#if defined(WOLFSSL_RENESAS_RSIP)
+    /* FSP SM stands for Flexible Software Package Security Module
+    *  WOLFSSL_RENESAS_FSPSM enables fundamental code when it uses.
+    *    e.g. Open/Close/Random generator
+    *  WOLFSSL_RENESAS_FSPSPM_TLS enables TLS related code for FSP SM
+    *    e.g. Certificate verification, Master Secret Generation
+    *  WOLFSSL_RENESAS_SCEPROTECT enables specific code for SCE if needed
+    */
+    #define    WOLFSSL_RENESAS_FSPSM
+    /* Not yet supported TLS related capabilities */
+    /* #   define WOLFSSL_RENESAS_FSPSM_TLS */
+
+#endif
+
+    /* XXX_CRYPTONLY definition enables FSP SM module for Crypto only use.
+    *  Therefore, it disables TLS related API use
+    */
+/* #define WOLFSSL_RENESAS_RSIP_CRYPTONLY */
+
+#if defined(WOLFSSL_RENESAS_RSIP_CRYPTONLY)
+    #undef  WOLFSSL_RENESAS_FSPSM_TLS
+    #define WOLFSSL_RENESAS_FSPSM_CRYPTONLY
+
+    #if !defined(WOLFSSL_RENESAS_RSPI)
+        #define WOLFSSL_RENESAS_RSPI
+    #endif
+#endif
+
+#define FREERTOS
+#define FREERTOS_TCP
+
+#define NO_MAIN_DRIVER
+#define BENCH_EMBEDDED
+#define NO_WRITEV
+#define WOLFSSL_NO_FLOAT_FMT
+
+#define NO_DEV_RANDOM
+#define SIZEOF_LONG_LONG 8
+#define NO_WOLFSSL_DIR
+#define WOLFSSL_NO_CURRDIR
+#define NO_WOLF_C99
+#define NO_MULTIBYTE_PRINT
+#define NO_FILESYSTEM
+
+#define XVALIDATEDATE(d, f,t) (0)
+
+#define TFM_TIMING_RESISTANT
+#define ECC_TIMING_RESISTANT
+#define WC_RSA_BLINDING
+
+#define HAVE_AESGCM
+#define WOLFSSL_SHA224
+#define WOLFSSL_SHA384
+#define WOLFSSL_SHA512
+#define HAVE_ECC
+#define HAVE_CURVE25519
+#define CURVE25519_SMALL
+
+#define WOLFSSL_SMALL_STACK
+#define USE_FAST_MATH
+
+/* static RSA */
+#define WOLFSSL_STATIC_RSA
+
+/* Enable to use TLS1.3 */
+#define WOLFSSL_TLS13
+
+#if defined(WOLFSSL_TLS13)
+    #include <sys/time.h>
+    #define HAVE_FFDHE_2048
+    #define HAVE_HKDF
+    #define WC_RSA_PSS
+    #define HAVE_TLS_EXTENSIONS
+    #define HAVE_SUPPORTED_CURVES
+#endif
+
+#define WOLF_CRYPTO_CB
+#if defined(WOLFSSL_RENESAS_RSIP_CRYPTONLY)
+    #define HAVE_RENESAS_SYNC
+    #define WC_USE_DEVID 7890
+    #define NO_AES_192
+    #define NO_SW_BENCH
+#endif
+
+#if defined(WOLFSSL_RENESAS_RSIP_CRYPTONLY)
+    #define WOLFSSL_KEY_GEN
+#endif
+
+int uart_printf (const char *__restrict format, ...);
+#undef printf
+#define printf uart_printf

IDE/Renesas/e2studio/RZN2L/common/wolfssl_demo.h

@@ -0,0 +1,108 @@
+/* wolfssl_demo.h
+ *
+ * Copyright (C) 2006-2023 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFSSL_DEMO_H_
+#define WOLFSSL_DEMO_H_
+
+#include <wolfssl/ssl.h>
+#include "FreeRTOS_IP.h"
+#include "FreeRTOS_Sockets.h"
+
+#define FREQ 10000 /* Hz */
+
+/* Client connects to the server with these details. */
+#define SERVER_IP    "192.168.11.65"
+#define DEFAULT_PORT 11111
+
+typedef struct tagTestInfo
+{
+     int  id;
+     int  port;
+     char name[32];
+     const char* cipher;
+     WOLFSSL_CTX* ctx;
+} TestInfo;
+
+/* Enable Crypt Unit Test */
+/* #define UNIT_TEST */
+
+/* Enable wolfcrypt test */
+/* can be enabled with benchmark test */
+#define CRYPT_TEST
+
+/* Enable benchmark               */
+/* can be enabled with cyrpt test */
+/* #define BENCHMARK */
+
+/* Enable TLS client */
+/* #define TLS_CLIENT */
+
+/* Enable TLS Server */
+/* #define TLS_SERVER */
+
+#if defined(TLS_CLIENT)
+    extern WOLFSSL_CTX *client_ctx;
+
+    /* Use RSA certificates */
+    #define USE_CERT_BUFFERS_2048
+    /* Use ECC certificates */
+    /*#define USE_CERT_BUFFERS_256*/
+#endif
+
+#if defined(TLS_SERVER)
+    extern WOLFSSL_CTX *server_ctx;
+
+    /* Use RSA certificates */
+    #define USE_CERT_BUFFERS_2048
+    /* Use ECC certificates */
+    /*#define USE_CERT_BUFFERS_256*/
+#endif
+
+#if defined(USE_CERT_BUFFERS_2048) && defined(USE_CERT_BUFFERS_256)
+    #error please set either macro USE_CERT_BUFFERS_2048 or USE_CERT_BUFFERS_256
+#endif
+
+#define FR_SOCKET_SUCCESS 0
+
+static void util_Cleanup(WOLFSSL_CTX *ctx, WOLFSSL *ssl) {
+    printf("Cleaning up socket and wolfSSL objects.\n");
+    if (ssl != NULL)
+        wolfSSL_free(ssl);
+    if (ctx != NULL)
+        wolfSSL_CTX_free(ctx);
+    wolfSSL_Cleanup();
+}
+
+static inline void util_inf_loop(WOLFSSL_CTX *ctx, WOLFSSL *ssl) {
+    util_Cleanup(ctx, ssl);
+    printf("Reached infinite loop.\n");
+    while (1)
+        ;
+}
+
+void TCPInit();
+void wolfSSL_TLS_client_init();
+int wolfSSL_TLS_client_do(void *pvParam);
+void wolfSSL_TLS_server_init();
+int wolfSSL_TLS_server_do(void *pvParam);
+void wolfSSL_TLS_cleanup();
+
+#endif /* WOLFSSL_DEMO_H_ */

IDE/Renesas/e2studio/RZN2L/include.am

@@ -0,0 +1,17 @@
+# vim:ft=automake
+# included from Top Level Makefile.am
+# All paths should be given relative to the root
+
+EXTRA_DIST+= IDE/Renesas/e2studio/RZN2L/README.md
+EXTRA_DIST+= IDE/Renesas/e2studio/RZN2L/test/.cproject
+EXTRA_DIST+= IDE/Renesas/e2studio/RZN2L/test/.project
+EXTRA_DIST+= IDE/Renesas/e2studio/RZN2L/test/src/rzn2l_tst_thread_entry.c
+EXTRA_DIST+= IDE/Renesas/e2studio/RZN2L/test/src/wolfssl_dummy.c
+EXTRA_DIST+= IDE/Renesas/e2studio/RZN2L/test/src/test/wolf_client.c
+EXTRA_DIST+= IDE/Renesas/e2studio/RZN2L/test/src/test/wolf_server.c
+EXTRA_DIST+= IDE/Renesas/e2studio/RZN2L/test/src/test/wolfssl_rsip_unit_test.c
+EXTRA_DIST+= IDE/Renesas/e2studio/RZN2L/test/src/serial_io/.gitignore
+EXTRA_DIST+= IDE/Renesas/e2studio/RZN2L/test/src/wolfCrypt/.gitignore
+EXTRA_DIST+= IDE/Renesas/e2studio/RZN2L/test/src/wolfSSL/.gitignore
+EXTRA_DIST+= IDE/Renesas/e2studio/RZN2L/common/wolfssl_demo.h
+EXTRA_DIST+= IDE/Renesas/e2studio/RZN2L/common/user_settings.h

IDE/Renesas/e2studio/RZN2L/test/.project

@@ -0,0 +1,440 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<projectDescription>
+	<name>test_RZN2L</name>
+	<comment></comment>
+	<projects>
+	</projects>
+	<buildSpec>
+		<buildCommand>
+			<name>com.renesas.cdt.ddsc.contentgen.ddscBuilder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+		<buildCommand>
+			<name>org.eclipse.cdt.managedbuilder.core.genmakebuilder</name>
+			<triggers>clean,full,incremental,</triggers>
+			<arguments>
+			</arguments>
+		</buildCommand>
+		<buildCommand>
+			<name>org.eclipse.cdt.managedbuilder.core.ScannerConfigBuilder</name>
+			<triggers>full,incremental,</triggers>
+			<arguments>
+			</arguments>
+		</buildCommand>
+		<buildCommand>
+			<name>com.renesas.cdt.ddsc.contentgen.ddscInterlockBundleBuilder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+	</buildSpec>
+	<natures>
+		<nature>org.eclipse.cdt.core.cnature</nature>
+		<nature>org.eclipse.cdt.managedbuilder.core.managedBuildNature</nature>
+		<nature>org.eclipse.cdt.managedbuilder.core.ScannerConfigNature</nature>
+		<nature>com.renesas.cdt.ddsc.contentgen.ddscNature</nature>
+		<nature>com.renesas.cdt.rz.ddsc.contentgen.rznNature</nature>
+	</natures>
+	<linkedResources>
+		<link>
+			<name>common/user_settings.h</name>
+			<type>1</type>
+			<locationURI>PARENT-1-PROJECT_LOC/common/user_settings.h</locationURI>
+		</link>
+		<link>
+			<name>common/wolfssl_demo.h</name>
+			<type>1</type>
+			<locationURI>PARENT-1-PROJECT_LOC/common/wolfssl_demo.h</locationURI>
+		</link>
+		<link>
+			<name>src/test/benchmark.c</name>
+			<type>1</type>
+			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/benchmark/benchmark.c</locationURI>
+		</link>
+		<link>
+			<name>src/test/test.c</name>
+			<type>1</type>
+			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/test/test.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfCrypt/aes.c</name>
+			<type>1</type>
+			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/aes.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfCrypt/arc4.c</name>
+			<type>1</type>
+			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/arc4.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfCrypt/asm.c</name>
+			<type>1</type>
+			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/asm.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfCrypt/asn.c</name>
+			<type>1</type>
+			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/asn.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfCrypt/blake2b.c</name>
+			<type>1</type>
+			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/blake2b.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfCrypt/camellia.c</name>
+			<type>1</type>
+			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/camellia.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfCrypt/chacha.c</name>
+			<type>1</type>
+			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/chacha.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfCrypt/chacha20_poly1305.c</name>
+			<type>1</type>
+			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/chacha20_poly1305.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfCrypt/cmac.c</name>
+			<type>1</type>
+			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/cmac.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfCrypt/coding.c</name>
+			<type>1</type>
+			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/coding.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfCrypt/compress.c</name>
+			<type>1</type>
+			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/compress.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfCrypt/cpuid.c</name>
+			<type>1</type>
+			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/cpuid.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfCrypt/cryptocb.c</name>
+			<type>1</type>
+			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/cryptocb.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfCrypt/curve25519.c</name>
+			<type>1</type>
+			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/curve25519.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfCrypt/des3.c</name>
+			<type>1</type>
+			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/des3.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfCrypt/dh.c</name>
+			<type>1</type>
+			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/dh.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfCrypt/dsa.c</name>
+			<type>1</type>
+			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/dsa.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfCrypt/ecc.c</name>
+			<type>1</type>
+			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/ecc.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfCrypt/ecc_fp.c</name>
+			<type>1</type>
+			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/ecc_fp.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfCrypt/ed25519.c</name>
+			<type>1</type>
+			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/ed25519.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfCrypt/error.c</name>
+			<type>1</type>
+			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/error.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfCrypt/fe_low_mem.c</name>
+			<type>1</type>
+			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/fe_low_mem.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfCrypt/fe_operations.c</name>
+			<type>1</type>
+			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/fe_operations.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfCrypt/ge_low_mem.c</name>
+			<type>1</type>
+			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/ge_low_mem.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfCrypt/ge_operations.c</name>
+			<type>1</type>
+			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/ge_operations.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfCrypt/hash.c</name>
+			<type>1</type>
+			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/hash.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfCrypt/hmac.c</name>
+			<type>1</type>
+			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/hmac.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfCrypt/integer.c</name>
+			<type>1</type>
+			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/integer.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfCrypt/kdf.c</name>
+			<type>1</type>
+			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/kdf.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfCrypt/logging.c</name>
+			<type>1</type>
+			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/logging.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfCrypt/md2.c</name>
+			<type>1</type>
+			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/md2.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfCrypt/md4.c</name>
+			<type>1</type>
+			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/md4.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfCrypt/md5.c</name>
+			<type>1</type>
+			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/md5.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfCrypt/memory.c</name>
+			<type>1</type>
+			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/memory.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfCrypt/pkcs12.c</name>
+			<type>1</type>
+			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/pkcs12.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfCrypt/pkcs7.c</name>
+			<type>1</type>
+			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/pkcs7.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfCrypt/poly1305.c</name>
+			<type>1</type>
+			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/poly1305.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfCrypt/pwdbased.c</name>
+			<type>1</type>
+			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/pwdbased.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfCrypt/random.c</name>
+			<type>1</type>
+			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/random.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfCrypt/rsa.c</name>
+			<type>1</type>
+			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/rsa.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfCrypt/sha.c</name>
+			<type>1</type>
+			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/sha.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfCrypt/sha256.c</name>
+			<type>1</type>
+			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/sha256.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfCrypt/sha3.c</name>
+			<type>1</type>
+			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/sha3.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfCrypt/sha512.c</name>
+			<type>1</type>
+			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/sha512.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfCrypt/signature.c</name>
+			<type>1</type>
+			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/signature.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfCrypt/sp_arm32.c</name>
+			<type>1</type>
+			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/sp_arm32.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfCrypt/sp_arm64.c</name>
+			<type>1</type>
+			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/sp_arm64.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfCrypt/sp_armthumb.c</name>
+			<type>1</type>
+			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/sp_armthumb.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfCrypt/sp_c32.c</name>
+			<type>1</type>
+			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/sp_c32.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfCrypt/sp_c64.c</name>
+			<type>1</type>
+			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/sp_c64.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfCrypt/sp_cortexm.c</name>
+			<type>1</type>
+			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/sp_cortexm.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfCrypt/sp_dsp32.c</name>
+			<type>1</type>
+			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/sp_dsp32.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfCrypt/sp_int.c</name>
+			<type>1</type>
+			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/sp_int.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfCrypt/sp_x86_64.c</name>
+			<type>1</type>
+			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/sp_x86_64.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfCrypt/srp.c</name>
+			<type>1</type>
+			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/srp.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfCrypt/tfm.c</name>
+			<type>1</type>
+			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/tfm.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfCrypt/wc_dsp.c</name>
+			<type>1</type>
+			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/wc_dsp.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfCrypt/wc_encrypt.c</name>
+			<type>1</type>
+			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/wc_encrypt.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfCrypt/wc_pkcs11.c</name>
+			<type>1</type>
+			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/wc_pkcs11.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfCrypt/wc_port.c</name>
+			<type>1</type>
+			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/wc_port.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfCrypt/wolfevent.c</name>
+			<type>1</type>
+			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/wolfevent.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfCrypt/wolfmath.c</name>
+			<type>1</type>
+			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/wolfmath.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfSSL/crl.c</name>
+			<type>1</type>
+			<locationURI>PARENT-5-PROJECT_LOC/src/crl.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfSSL/internal.c</name>
+			<type>1</type>
+			<locationURI>PARENT-5-PROJECT_LOC/src/internal.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfSSL/keys.c</name>
+			<type>1</type>
+			<locationURI>PARENT-5-PROJECT_LOC/src/keys.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfSSL/ocsp.c</name>
+			<type>1</type>
+			<locationURI>PARENT-5-PROJECT_LOC/src/ocsp.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfSSL/sniffer.c</name>
+			<type>1</type>
+			<locationURI>PARENT-5-PROJECT_LOC/src/sniffer.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfSSL/ssl.c</name>
+			<type>1</type>
+			<locationURI>PARENT-5-PROJECT_LOC/src/ssl.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfSSL/tls.c</name>
+			<type>1</type>
+			<locationURI>PARENT-5-PROJECT_LOC/src/tls.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfSSL/tls13.c</name>
+			<type>1</type>
+			<locationURI>PARENT-5-PROJECT_LOC/src/tls13.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfSSL/wolfio.c</name>
+			<type>1</type>
+			<locationURI>PARENT-5-PROJECT_LOC/src/wolfio.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfCrypt/port/renesas_common.c</name>
+			<type>1</type>
+			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/port/Renesas/renesas_common.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfCrypt/port/renesas_fspsm_aes.c</name>
+			<type>1</type>
+			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/port/Renesas/renesas_fspsm_aes.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfCrypt/port/renesas_fspsm_rsa.c</name>
+			<type>1</type>
+			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/port/Renesas/renesas_fspsm_rsa.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfCrypt/port/renesas_fspsm_sha.c</name>
+			<type>1</type>
+			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfCrypt/port/renesas_fspsm_util.c</name>
+			<type>1</type>
+			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/port/Renesas/renesas_fspsm_util.c</locationURI>
+		</link>
+	</linkedResources>
+</projectDescription>

IDE/Renesas/e2studio/RZN2L/test/script/fsp_ram_execution.ld

@@ -0,0 +1,243 @@
+/*
+                  Linker File for Renesas RZ/N2L FSP
+*/
+
+MEMORY
+{
+    ATCM : ORIGIN = 0x00000000, LENGTH = 0x00020000
+    BTCM : ORIGIN = 0x00100000, LENGTH = 0x00020000
+    SYSTEM_RAM : ORIGIN = 0x10000000, LENGTH = 0x00180000
+    SYSTEM_RAM_MIRROR : ORIGIN = 0x30000000, LENGTH = 0x00180000
+    xSPI0_CS0_SPACE_MIRROR : ORIGIN = 0x40000000, LENGTH = 0x04000000
+    xSPI0_CS1_SPACE_MIRROR : ORIGIN = 0x44000000, LENGTH = 0x04000000
+    xSPI1_CS0_SPACE_MIRROR : ORIGIN = 0x48000000, LENGTH = 0x04000000
+    xSPI1_CS1_SPACE_MIRROR : ORIGIN = 0x4C000000, LENGTH = 0x04000000
+    CS0_SPACE_MIRROR : ORIGIN = 0x50000000, LENGTH = 0x04000000
+    CS2_SPACE_MIRROR : ORIGIN = 0x54000000, LENGTH = 0x04000000
+    CS3_SPACE_MIRROR : ORIGIN = 0x58000000, LENGTH = 0x04000000
+    CS5_SPACE_MIRROR : ORIGIN = 0x5C000000, LENGTH = 0x04000000
+    xSPI0_CS0_SPACE : ORIGIN = 0x60000000, LENGTH = 0x04000000
+    xSPI0_CS1_SPACE : ORIGIN = 0x64000000, LENGTH = 0x04000000
+    xSPI1_CS0_SPACE : ORIGIN = 0x68000000, LENGTH = 0x04000000
+    xSPI1_CS1_SPACE : ORIGIN = 0x6C000000, LENGTH = 0x04000000
+    CS0_SPACE : ORIGIN = 0x70000000, LENGTH = 0x04000000
+    CS2_SPACE : ORIGIN = 0x74000000, LENGTH = 0x04000000
+    CS3_SPACE : ORIGIN = 0x78000000, LENGTH = 0x04000000
+    CS5_SPACE : ORIGIN = 0x7C000000, LENGTH = 0x04000000
+}
+
+SECTIONS
+{
+    .loader_text 0x00102000 : AT (0x00102000)
+    {
+        *(.loader_text)
+        */fsp/src/bsp/cmsis/Device/RENESAS/Source/*.o(.text*)
+        */fsp/src/bsp/mcu/all/bsp_clocks.o(.text*)
+        */fsp/src/bsp/mcu/all/bsp_irq.o(.text*)
+        */fsp/src/bsp/mcu/all/bsp_register_protection.o(.text*)
+        */fsp/src/r_ioport/r_ioport.o(.text*)
+        KEEP(*(.warm_start))
+    } > BTCM
+    .loader_data :
+    {
+        */fsp/src/bsp/cmsis/Device/RENESAS/Source/*.o(.data*)
+        */fsp/src/bsp/mcu/all/bsp_clocks.o(.data*)
+        */fsp/src/bsp/mcu/all/bsp_irq.o(.data*)
+        */fsp/src/bsp/mcu/all/bsp_register_protection.o(.data*)
+        */fsp/src/r_ioport/r_ioport.o(.data*)
+        __loader_bss_start = .;
+        */fsp/src/bsp/cmsis/Device/RENESAS/Source/*.o(.bss*)
+        */fsp/src/bsp/mcu/all/bsp_clocks.o(.bss*)
+        */fsp/src/bsp/mcu/all/bsp_irq.o(.bss*)
+        */fsp/src/bsp/mcu/all/bsp_register_protection.o(.bss*)
+        */fsp/src/r_ioport/r_ioport.o(.bss*)
+        */fsp/src/bsp/cmsis/Device/RENESAS/Source/*.o(COMMON)
+        */fsp/src/bsp/mcu/all/bsp_clocks.o(COMMON)
+        */fsp/src/bsp/mcu/all/bsp_irq.o(COMMON)
+        */fsp/src/bsp/mcu/all/bsp_register_protection.o(.COMMON)
+        */fsp/src/r_ioport/r_ioport.o(.COMMON)
+        __loader_bss_end = . ;
+    } > BTCM
+    .intvec 0x00000000 : AT (0x00000000)
+    {
+        _fvector_start = .;
+        KEEP(*(.intvec))
+        _fvector_end = .;
+    } > ATCM
+    .text 0x30000000 : AT (0x30000000)
+    {
+        _text_start = .;
+        *(.text*)
+
+        KEEP(*(.init))
+        KEEP(*(.fini))
+
+        /* .ctors */
+        *crtbegin.o(.ctors)
+        *crtbegin?.o(.ctors)
+        *(EXCLUDE_FILE(*crtend?.o *crtend.o) .ctors)
+        *(SORT(.ctors.*))
+        *(.ctors)
+        _ctor_end = .;
+
+        /* .dtors */
+        *crtbegin.o(.dtors)
+        *crtbegin?.o(.dtors)
+        *(EXCLUDE_FILE(*crtend?.o *crtend.o) .dtors)
+        *(SORT(.dtors.*))
+        *(.dtors)
+        _dtor_end = .;
+
+        *(.rodata*)
+        _erodata = .;
+        KEEP(*(.eh_frame*))
+    } > SYSTEM_RAM_MIRROR
+    .rvectors :
+    {
+        _rvectors_start = .;
+        KEEP(*(.rvectors))
+        _rvectors_end = .;
+    } > SYSTEM_RAM_MIRROR
+    .ARM.extab :
+    {
+        *(.ARM.extab* .gnu.linkonce.armextab.*)
+    } > SYSTEM_RAM_MIRROR
+    __exidx_start = .;
+    .ARM.exidx :
+    {
+        *(.ARM.exidx* .gnu.linkonce.armexidx.*)
+    } > SYSTEM_RAM_MIRROR
+    __exidx_end = .;
+    .got :
+    {
+        *(.got)
+        *(.got.plt)
+        _text_end = .;
+    } > SYSTEM_RAM_MIRROR
+    .data :
+    {
+        _data_start = .;
+
+        *(vtable)
+        *(.data.*)
+        *(.data)
+
+        . = ALIGN(4);
+        /* preinit data */
+        PROVIDE_HIDDEN (__preinit_array_start = .);
+        KEEP(*(.preinit_array))
+        PROVIDE_HIDDEN (__preinit_array_end = .);
+
+        . = ALIGN(4);
+        /* init data */
+        PROVIDE_HIDDEN (__init_array_start = .);
+        KEEP(*(SORT(.init_array.*)))
+        KEEP(*(.init_array))
+        PROVIDE_HIDDEN (__init_array_end = .);
+
+        . = ALIGN(4);
+        /* finit data */
+        PROVIDE_HIDDEN (__fini_array_start = .);
+        KEEP(*(SORT(.fini_array.*)))
+        KEEP(*(.fini_array))
+        PROVIDE_HIDDEN (__fini_array_end = .);
+
+        KEEP(*(.jcr*))
+
+        . = ALIGN(4);
+
+        /* All data end */
+        _data_end = .;
+    } > SYSTEM_RAM_MIRROR
+    .bss :
+    {
+        . = ALIGN(4);
+        __bss_start__ = .;
+        _bss = .;
+        *(.bss*)
+        *(COMMON)
+        . = ALIGN(4);
+        __bss_end__ = .;
+        _ebss = .;
+        _end = .;
+    } > SYSTEM_RAM_MIRROR
+    .heap (NOLOAD) :
+    {
+        . = ALIGN(8);
+        __HeapBase = .;
+        /* Place the STD heap here. */
+        KEEP(*(.heap))
+        __HeapLimit = .;
+    } > SYSTEM_RAM_MIRROR
+    .thread_stack (NOLOAD):
+    {
+        . = ALIGN(8);
+        __ThreadStackBase = .;
+        /* Place the Thread stacks here. */
+        KEEP(*(.stack*))
+        __ThreadStackLimit = .;
+    } > SYSTEM_RAM_MIRROR
+    .sys_stack (NOLOAD) :
+    {
+        . = ALIGN(8);
+        __SysStackBase = .;
+        /* Place the sys_stack here. */
+        KEEP(*(.sys_stack))
+        __SysStackLimit = .;
+    } > BTCM
+    .svc_stack (NOLOAD) :
+    {
+        . = ALIGN(8);
+        __SvcStackBase = .;
+        /* Place the svc_stack here. */
+        KEEP(*(.svc_stack))
+        __SvcStackLimit = .;
+    } > BTCM
+    .irq_stack (NOLOAD) :
+    {
+        . = ALIGN(8);
+        __IrqStackBase = .;
+        /* Place the irq_stack here. */
+        KEEP(*(.irq_stack))
+        __IrqStackLimit = .;
+    } > BTCM
+    .fiq_stack (NOLOAD) :
+    {
+        . = ALIGN(8);
+        __FiqStackBase = .;
+        /* Place the fiq_stack here. */
+        KEEP(*(.fiq_stack))
+        __FiqStackLimit = .;
+    } > BTCM
+    .und_stack (NOLOAD) :
+    {
+        . = ALIGN(8);
+        __UndStackBase = .;
+        /* Place the und_stack here. */
+        KEEP(*(.und_stack))
+        __UndStackLimit = .;
+    } > BTCM
+    .abt_stack (NOLOAD) :
+    {
+        . = ALIGN(8);
+        __AbtStackBase = .;
+        /* Place the abt_stack here. */
+        KEEP(*(.abt_stack))
+        __AbtStackLimit = .;
+    } > BTCM
+    .shared_noncache_buffer 0x300C0000 : AT (0x300C0000)
+    {
+        . = ALIGN(32);
+        _sncbuffer_start = .;
+        KEEP(*(.shared_noncache_buffer*))
+        _sncbuffer_end = .;
+    } > SYSTEM_RAM_MIRROR
+    .noncache_buffer 0x30100000 : AT (0x30100000)
+    {
+        . = ALIGN(32);
+        _ncbuffer_start = .;
+        KEEP(*(.noncache_buffer*))
+        _ncbuffer_end = .;
+    } > SYSTEM_RAM_MIRROR
+}
+

IDE/Renesas/e2studio/RZN2L/test/src/rzn2l_tst_thread_entry.c

@@ -0,0 +1,438 @@
+/* rzn2l_tst_thread_entry.c
+ *
+ * Copyright (C) 2006-2023 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+#include "rzn2l_tst_thread.h"
+
+#include "um_common_cfg.h"
+#include "um_common_api.h"
+#include "um_serial_io_api.h"
+#include "um_serial_io.h"
+
+#include "wolfssl_demo.h"
+#include "user_settings.h"
+
+typedef struct func_args {
+    int    argc;
+    char** argv;
+    int    return_code;
+} func_args;
+
+static serial_io_instance_ctrl_t g_serial_io0_ctrl;
+static serial_io_cfg_t const g_serial_io0_cfg =
+{
+    .p_uart_instance = &g_uart0,
+};
+serial_io_instance_t const g_serial_io0 =
+{
+    .p_ctrl = &g_serial_io0_ctrl,
+    .p_cfg  = &g_serial_io0_cfg,
+    .p_api  = &g_serial_io_on_serial_io,
+};
+
+FSP_CPP_HEADER
+void R_BSP_WarmStart(bsp_warm_start_event_t event)
+BSP_PLACE_IN_SECTION(".warm_start");
+FSP_CPP_FOOTER
+
+void R_BSP_WarmStart(bsp_warm_start_event_t event)
+{
+    if (BSP_WARM_START_RESET == event) {
+    }
+
+    if (BSP_WARM_START_POST_C == event){
+        R_IOPORT_Open (&g_ioport_ctrl, &g_bsp_pin_cfg);
+    }
+}
+
+#if defined(TLS_CLIENT) || \
+    defined(TLS_SERVER)
+    extern uint8_t g_ether0_mac_address[6];
+    const byte ucIPAddress[4]          = { 192, 168, 11, 241 };
+    const byte ucNetMask[4]            = { 255, 255, 255, 0 };
+    const byte ucGatewayAddress[4]     = { 192, 168, 11, 1 };
+    const byte ucDNSServerAddress[4]   = { 192, 168, 11, 1 };
+#endif
+
+#if  defined(WOLFSSL_RENESAS_FSPSM) && \
+     defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
+
+#if defined(UNIT_TEST)
+ int rsip_crypt_test();
+#endif
+
+#if (defined(BENCHMARK) || defined(CRYPT_TEST)) \
+    && defined(HAVE_RENESAS_SYNC) && defined(HAVE_AES_CBC)
+    FSPSM_ST guser_PKCbInfo;
+#endif
+
+void Clr_CallbackCtx(FSPSM_ST *g);
+void RSIP_KeyGeneration(FSPSM_ST *g);
+
+void RSIP_KeyGeneration(FSPSM_ST *g)
+{
+    fsp_err_t rsip_error_code = FSP_SUCCESS;
+
+    if (g->wrapped_key_aes128 != NULL) {
+        rsip_error_code = R_RSIP_KeyGenerate(&gFSPSM_ctrl,
+                                         RSIP_KEY_TYPE_AES_128,
+                                         g->wrapped_key_aes128);
+        if (rsip_error_code == FSP_SUCCESS)
+            g->keyflgs_crypt.bits.aes128_installedkey_set = 1;
+    }
+
+    if (g->wrapped_key_aes256 != NULL) {
+        rsip_error_code = R_RSIP_KeyGenerate(&gFSPSM_ctrl,
+                                         RSIP_KEY_TYPE_AES_256,
+                                         g->wrapped_key_aes256);
+        if (rsip_error_code == FSP_SUCCESS)
+            g->keyflgs_crypt.bits.aes256_installedkey_set = 1;
+    }
+
+    if (g->wrapped_key_rsapri1024 != NULL &&
+        g->wrapped_key_rsapub1024 != NULL) {
+        rsip_error_code = R_RSIP_KeyPairGenerate(&gFSPSM_ctrl,
+                                 RSIP_KEY_PAIR_TYPE_RSA_1024,
+                                 g->wrapped_key_rsapub1024,
+                                 g->wrapped_key_rsapri1024);
+        if (rsip_error_code == FSP_SUCCESS) {
+            g->keyflgs_crypt.bits.rsapri1024_installedkey_set = 1;
+            g->keyflgs_crypt.bits.rsapub1024_installedkey_set = 1;
+        }
+    }
+
+    if (g->wrapped_key_rsapri2048 != NULL &&
+        g->wrapped_key_rsapub2048 != NULL) {
+        rsip_error_code = R_RSIP_KeyPairGenerate(&gFSPSM_ctrl,
+                                 RSIP_KEY_PAIR_TYPE_RSA_2048,
+                                 g->wrapped_key_rsapub2048,
+                                 g->wrapped_key_rsapri2048);
+        if (rsip_error_code == FSP_SUCCESS) {
+            g->keyflgs_crypt.bits.rsapri2048_installedkey_set = 1;
+            g->keyflgs_crypt.bits.rsapub2048_installedkey_set = 1;
+        }
+    }
+}
+
+/* only pointer sets to NULL     */
+/* onwer of keys should be freed */
+void Clr_CallbackCtx(FSPSM_ST *g)
+{
+    (void) g;
+
+    if (g->wrapped_key_aes256 != NULL)
+        g->wrapped_key_aes256 = NULL;
+
+    if (g->wrapped_key_aes128 != NULL)
+        g->wrapped_key_aes128 = NULL;
+
+   #if defined(WOLFSSL_RENESAS_RSIP_CRYPTONLY)
+    if (g->wrapped_key_rsapri2048 != NULL)
+        g->wrapped_key_rsapri2048 = NULL;
+
+    if (g->wrapped_key_rsapub2048 != NULL)
+        g->wrapped_key_rsapub2048 = NULL;
+
+    if (g->wrapped_key_rsapri1024 != NULL)
+        g->wrapped_key_rsapri1024 = NULL;
+
+    if (g->wrapped_key_rsapub2048 != NULL)
+        g->wrapped_key_rsapub2048 = NULL;
+   #endif
+
+    XMEMSET(g, 0, sizeof(FSPSM_ST));
+}
+#endif
+
+
+#if defined(TLS_CLIENT) || \
+    defined(TLS_SERVER)
+
+extern WOLFSSL_CTX *client_ctx;
+extern WOLFSSL_CTX *server_ctx;
+
+void TCPInit( )
+{
+   BaseType_t fr_status;
+
+   /* FreeRTOS+TCP Ethernet and IP Setup */
+   fr_status = FreeRTOS_IPInit(ucIPAddress,
+                               ucNetMask,
+                               ucGatewayAddress,
+                               ucDNSServerAddress,
+                               g_ether0_mac_address);
+
+   if (pdPASS != fr_status) {
+       printf("Error [%ld]: FreeRTOS_IPInit.\n",fr_status);
+   }
+}
+
+
+void wolfSSL_TLS_cleanup()
+{
+#if defined(TLS_CLIENT)
+    if (client_ctx) {
+        wolfSSL_CTX_free(client_ctx);
+    }
+#endif
+#if defined(TLS_SERVER)
+    if (server_ctx) {
+        wolfSSL_CTX_free(server_ctx);
+    }
+#endif
+    wolfSSL_Cleanup();
+}
+
+#endif
+
+serial_io_instance_t   const * gp_serial_io0   = &g_serial_io0;
+static void serial_init()
+{
+    usr_err_t usr_err;
+
+    /** Open Serial I/O module. */
+    usr_err = gp_serial_io0->p_api->open
+            (gp_serial_io0->p_ctrl, gp_serial_io0->p_cfg );
+    if( USR_SUCCESS != usr_err )
+    {
+      USR_DEBUG_BLOCK_CPU();
+    }
+
+    /** Start Serial I/O module. */
+    usr_err = gp_serial_io0->p_api->start( gp_serial_io0->p_ctrl );
+    if( USR_SUCCESS != usr_err )
+    {
+      USR_DEBUG_BLOCK_CPU();
+    }
+    printf( " Started Serial I/O interface." );
+}
+
+/* rzn2l_tst_thread entry function */
+/* pvParameters contains TaskHandle_t */
+void rzn2l_tst_thread_entry(void *pvParameters)
+{
+    FSP_PARAMETER_NOT_USED (pvParameters);
+
+
+    serial_init();
+
+#if defined(UNIT_TEST)
+
+    int ret;
+
+    printf("\n");
+    printf("\n Start wolf RSIP Crypt Test\n");
+
+    if ((ret = wolfCrypt_Init()) != 0) {
+        printf(" wolfCrypt_Init failed %d\n", ret);
+    }
+#if defined(WOLFSSL_RENESAS_FSPSM) && \
+    defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
+    printf(" \n");
+    printf(" RSIP Unit Test\n");
+    rsip_crypt_test();
+#else
+    printf(" \n");
+    printf(" RSIP Unit Test Not Run\n");
+#endif
+    printf(" \n");
+    printf(" End wolf RSIP crypt Test\n");
+
+    if ((ret = wolfCrypt_Cleanup()) != 0) {
+        printf("wolfCrypt_Cleanup failed %d\n", ret);
+    }
+
+#elif defined(CRYPT_TEST)
+    #include "wolfcrypt/test/test.h"
+#if defined(HAVE_RENESAS_SYNC) && \
+    defined(HAVE_AES_CBC)
+
+    Clr_CallbackCtx(&guser_PKCbInfo);
+
+    #if defined(WOLFSSL_AES_128)
+        uint8_t        wrapped_key1[RSIP_BYTE_SIZE_WRAPPED_KEY_AES_128];
+        FSPSM_AES_WKEY user_aes128_key_index =
+                            (FSPSM_AES_WKEY)wrapped_key1;
+        guser_PKCbInfo.wrapped_key_aes128 = user_aes128_key_index;
+    #endif
+
+    #if defined(WOLFSSL_AES_256)
+        uint8_t        wrapped_key2[RSIP_BYTE_SIZE_WRAPPED_KEY_AES_256];
+        FSPSM_AES_WKEY user_aes256_key_index =
+                            (FSPSM_AES_WKEY)wrapped_key2;
+        guser_PKCbInfo.wrapped_key_aes256 = user_aes256_key_index;
+    #endif
+    /* Generate Wrapped aes key */
+    RSIP_KeyGeneration(&guser_PKCbInfo);
+#endif
+
+    int ret;
+
+    func_args args = { 0 };
+
+    if ((ret = wolfCrypt_Init()) != 0) {
+        printf("wolfCrypt_Init failed %d\n", ret);
+    }
+
+    printf("\n");
+    printf("\n Start wolfCrypt Test\n");
+    wolfcrypt_test((void*)&args);
+    printf(" End wolfCrypt Test\n");
+
+    if ((ret = wolfCrypt_Cleanup()) != 0) {
+       printf("wolfCrypt_Cleanup failed %d\n", ret);
+    }
+#if defined(HAVE_RENESAS_SYNC) && \
+    defined(HAVE_AES_CBC)
+    Clr_CallbackCtx(&guser_PKCbInfo);
+#endif
+
+#elif defined(BENCHMARK)
+#if defined(HAVE_RENESAS_SYNC) && \
+    defined(HAVE_AES_CBC)
+
+    Clr_CallbackCtx(&guser_PKCbInfo);
+
+    #if defined(WOLFSSL_AES_128)
+        uint8_t        wrapped_key1[RSIP_BYTE_SIZE_WRAPPED_KEY_AES_128];
+        FSPSM_AES_WKEY user_aes128_key_index =
+                            (FSPSM_AES_WKEY)wrapped_key1;
+        guser_PKCbInfo.wrapped_key_aes128 = user_aes128_key_index;
+    #endif
+
+    #if defined(WOLFSSL_AES_256)
+        uint8_t        wrapped_key2[RSIP_BYTE_SIZE_WRAPPED_KEY_AES_256];
+        FSPSM_AES_WKEY user_aes256_key_index =
+                            (FSPSM_AES_WKEY)wrapped_key2;
+        guser_PKCbInfo.wrapped_key_aes256 = user_aes256_key_index;
+    #endif
+    /* Generate Wrapped aes key */
+    RSIP_KeyGeneration(&guser_PKCbInfo);
+#endif
+    printf(" Start wolfCrypt Benchmark\n");
+
+    benchmark_test(NULL);
+
+    printf(" End wolfCrypt Benchmark\n");
+#if defined(HAVE_RENESAS_SYNC) && \
+    defined(HAVE_AES_CBC)
+    Clr_CallbackCtx(&guser_PKCbInfo);
+#endif
+
+#elif defined(TLS_CLIENT)
+
+    int i = 0;
+    const int Max_Retry = 10;
+
+    #if defined(WOLFSSL_TLS13)
+        const char* cipherlist[] = {
+            "TLS13-AES128-GCM-SHA256",
+            "TLS13-AES256-GCM-SHA384",
+        };
+        const int cipherlist_sz = 2;
+        TestInfo info[cipherlist_sz];
+    #elif defined(USE_CERT_BUFFERS_2048)
+        const char* cipherlist[] = {
+             "ECDHE-RSA-AES128-GCM-SHA256",
+             "ECDHE-RSA-AES256-SHA",
+             "ECDHE-RSA-AES128-SHA256"
+        };
+        const int cipherlist_sz = 3;
+        TestInfo info[cipherlist_sz];
+    #elif defined(USE_CERT_BUFFERS_256)
+        const char* cipherlist[] = {
+           "ECDHE-ECDSA-AES128-GCM-SHA256",
+           "ECDHE-ECDSA-AES256-SHA",
+           "ECDHE-ECDSA-AES128-SHA256"
+        };
+        const int cipherlist_sz = 3;
+        TestInfo info[cipherlist_sz];
+    #endif
+
+    TCPInit();
+
+    int TCP_connect_retry = 0;
+
+    printf("\n Start TLS Connection to %s port(%d)\n", SERVER_IP, DEFAULT_PORT);
+    wolfSSL_TLS_client_init();
+
+    do {
+
+        info[i].port = DEFAULT_PORT;
+        info[i].cipher = cipherlist[i];
+        info[i].ctx = client_ctx;
+        info[i].id = i;
+
+        XMEMSET(info[i].name, 0, sizeof(info[i].name));
+        XSPRINTF(info[i].name, "wolfSSL_TLS_client_do(%02d)", i);
+
+        if(wolfSSL_TLS_client_do(&info[i]) == -116) {
+            TCP_connect_retry++;
+            continue;
+        }
+        TCP_connect_retry = 0;
+        i++;
+    } while (i < cipherlist_sz && TCP_connect_retry < Max_Retry);
+
+    printf("\n End of Client Example");
+
+    wolfSSL_TLS_cleanup();
+#elif defined(TLS_SERVER)
+
+    int i = 0;
+    const int Max_Retry = 10;
+    TestInfo info;
+
+    TCPInit();
+
+    int TCP_connect_retry = 0;
+
+    printf("\n Start TLS Accept at %03d.%03d.%03d.%03d port(%d)\n",
+                                                   ucIPAddress[0],
+                                                   ucIPAddress[1],
+                                                   ucIPAddress[2],
+                                                   ucIPAddress[3],DEFAULT_PORT);
+    wolfSSL_TLS_server_init();
+
+    do {
+
+        info.port = DEFAULT_PORT;
+        info.cipher = NULL;
+        info.ctx = server_ctx;
+        info.id = i;
+
+        XMEMSET(info.name, 0, sizeof(info.name));
+        XSPRINTF(info.name, "wolfSSL_TLS_server_do(%02d)",
+                                                 TCP_connect_retry);
+        if(wolfSSL_TLS_server_do(&info) == -116) {
+            TCP_connect_retry++;
+            continue;
+        }
+        TCP_connect_retry = 0;
+    } while (TCP_connect_retry < Max_Retry);
+
+    printf("\n End of Client Example");
+
+#endif
+    /* TODO: add your own code here */
+    while (1)
+    {
+        vTaskDelay (1);
+    }
+}

IDE/Renesas/e2studio/RZN2L/test/src/serial_io/.gitignore

@@ -0,0 +1,2 @@
+*
+!.gitignore

IDE/Renesas/e2studio/RZN2L/test/src/test/wolf_client.c

@@ -0,0 +1,184 @@
+/* wolf_client.c
+ *
+ * Copyright (C) 2006-2023 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include "wolfssl_demo.h"
+
+#if defined(TLS_CLIENT)
+
+#include <stdio.h>
+#include <string.h>
+#include <sys/time.h>
+#include "wolfssl/wolfcrypt/settings.h"
+#include "wolfssl/ssl.h"
+#include "wolfssl/certs_test.h"
+
+WOLFSSL_CTX *client_ctx = NULL;
+
+void wolfSSL_TLS_client_init()
+{
+    #ifndef NO_FILESYSTEM
+        #ifdef USE_ECC_CERT
+        char *cert       = "./certs/ca-ecc-cert.pem";
+        #else
+        char *cert       = "./certs/ca-cert.pem";
+        #endif
+    #else
+        #ifdef USE_CERT_BUFFERS_256
+        const unsigned char *cert       = ca_ecc_cert_der_256;
+        #define  SIZEOF_CERT sizeof_ca_ecc_cert_der_256
+        #else
+        const unsigned char *cert       = ca_cert_der_2048;
+        #define  SIZEOF_CERT sizeof_ca_cert_der_2048
+        #endif
+    #endif
+
+    wolfSSL_Init();
+
+    /* Create and initialize WOLFSSL_CTX */
+    if ((client_ctx = wolfSSL_CTX_new(
+                        wolfSSLv23_client_method_ex((void *)NULL))) == NULL) {
+        printf("ERROR: failed to create WOLFSSL_CTX\n");
+        return;
+    }
+    
+    #if !defined(NO_FILESYSTEM)
+    if (wolfSSL_CTX_load_verify_locations(client_ctx, cert, 0) != SSL_SUCCESS) {
+        printf("ERROR: can't load \"%s\"\n", cert);
+        return NULL;
+    }
+    #else
+    if (wolfSSL_CTX_load_verify_buffer(client_ctx, cert, SIZEOF_CERT, 
+                                            SSL_FILETYPE_ASN1) != SSL_SUCCESS){
+           printf("ERROR: can't load certificate data\n");
+       return;
+    }
+    #endif
+}
+
+int wolfSSL_TLS_client_do(void *pvParam)
+{
+
+    int ret;
+
+    TestInfo* p = (TestInfo*)pvParam;
+    /* FreeRTOS+TCP Objects */
+    socklen_t xSize = sizeof(struct freertos_sockaddr);
+    xSocket_t xClientSocket = NULL;
+    struct freertos_sockaddr xRemoteAddress;
+    
+    WOLFSSL_CTX *ctx = (WOLFSSL_CTX *)p->ctx;
+    WOLFSSL *ssl = NULL;
+
+    #define BUFF_SIZE 256
+    static const char sendBuff[]= "Hello Server\n" ;
+    
+    char    rcvBuff[BUFF_SIZE] = {0};
+
+    /* Client Socket Setup */
+    xRemoteAddress.sin_port = FreeRTOS_htons(p->port);
+    xRemoteAddress.sin_addr = FreeRTOS_inet_addr(SERVER_IP);
+
+     /* Create a FreeRTOS TCP Socket and connect */
+     xClientSocket = FreeRTOS_socket(FREERTOS_AF_INET,
+                                             FREERTOS_SOCK_STREAM,
+                                             FREERTOS_IPPROTO_TCP);
+
+     configASSERT(xClientSocket != FREERTOS_INVALID_SOCKET);
+
+     FreeRTOS_bind(xClientSocket, NULL, sizeof(xSize));
+
+     /* Client Socket Connect */
+     ret = FreeRTOS_connect(xClientSocket,
+                                 &xRemoteAddress,
+                                 sizeof(xRemoteAddress));
+
+     if (ret != FR_SOCKET_SUCCESS) {
+         printf(" Error [%d]: FreeRTOS_connect.\n", ret);
+         goto out;
+     }
+
+     printf(" Start to connect to the server.\n");
+
+     if((ssl = wolfSSL_new(ctx)) == NULL) {
+          printf(" ERROR wolfSSL_new: %d\n", wolfSSL_get_error(ssl, 0));
+          goto out;
+     }
+
+     /* Attach wolfSSL to the socket */
+     ret = wolfSSL_set_fd(ssl, (int) xClientSocket);
+     if (ret != WOLFSSL_SUCCESS) {
+         printf(" Error [%d]: wolfSSL_set_fd.\n",ret);
+     }
+
+     printf("  Cipher : %s\n", 
+                                    (p->cipher == NULL) ? "NULL" : p->cipher);
+     /* use specific cipher */
+     if (p->cipher != NULL && wolfSSL_set_cipher_list(ssl, p->cipher) 
+                                                           != WOLFSSL_SUCCESS) {
+          printf(" client can't set cipher list 1");
+          goto out;
+     }
+
+     #ifdef DEBUG_WOLFSSL
+     wolfSSL_Debugging_ON();
+     #endif
+
+     if(wolfSSL_connect(ssl) != SSL_SUCCESS) {
+        printf(" ERROR SSL connect: %d\n",  wolfSSL_get_error(ssl, 0));
+        goto out;
+     }
+
+     #ifdef DEBUG_WOLFSSL
+     wolfSSL_Debugging_OFF();
+     #endif
+
+     if (wolfSSL_write(ssl, sendBuff, (int)strlen(sendBuff)) 
+                                                    != (int)strlen(sendBuff)) {
+        printf(" ERROR SSL write: %d\n", wolfSSL_get_error(ssl, 0));
+        goto out;
+     }
+
+     if ((ret=wolfSSL_read(ssl, rcvBuff, BUFF_SIZE)) < 0) {
+         printf(" ERROR SSL read: %d\n", wolfSSL_get_error(ssl, 0));
+         goto out;
+     }
+
+     rcvBuff[ret] = '\0' ;
+     printf(" Received: %s\n\n", rcvBuff);
+
+ out:
+    if (ssl) {
+        wolfSSL_shutdown(ssl);
+        wolfSSL_free(ssl);
+        ssl = NULL;
+        /* need to reset callback */
+    }
+    /* clean up socket */
+    if (xClientSocket) {
+        FreeRTOS_shutdown(xClientSocket, FREERTOS_SHUT_RDWR);
+        FreeRTOS_closesocket(xClientSocket);
+        xClientSocket = NULL;
+    }
+
+    return ret;
+}
+
+#endif /* TLS_CLIENT */

IDE/Renesas/e2studio/RZN2L/test/src/test/wolf_server.c

@@ -0,0 +1,210 @@
+/* wolf_server.c
+ *
+ * Copyright (C) 2006-2023 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+#include "wolfssl_demo.h"
+
+#if defined(TLS_SERVER)
+
+#include <stdio.h>
+#include <string.h>
+
+#include "wolfssl/wolfcrypt/settings.h"
+#include "wolfssl/ssl.h"
+#include "wolfssl/certs_test.h"
+#include "wolfssl_demo.h"
+
+WOLFSSL_CTX *server_ctx = NULL;
+
+void wolfSSL_TLS_server_init()
+{
+
+    int ret;
+
+    #if defined(USE_CERT_BUFFERS_256)
+        const unsigned char *cert       = serv_ecc_der_256;
+        #define  sizeof_cert sizeof_serv_ecc_der_256
+        const unsigned char *key        = ecc_key_der_256;
+        #define  sizeof_key  sizeof_serv_ecc_der_256
+        const unsigned char *clientCert = cliecc_cert_der_256;
+        #define  sizeof_clicert sizeof_cliecc_cert_der_256
+    #else
+        const unsigned char *cert       = server_cert_der_2048;
+        #define sizeof_cert sizeof_server_cert_der_2048
+        const unsigned char *key        = server_key_der_2048;
+        #define  sizeof_key sizeof_server_key_der_2048
+        const unsigned char *clientCert = client_cert_der_2048;
+        #define  sizeof_clicert sizeof_client_cert_der_2048
+    #endif
+
+    wolfSSL_Init();
+
+    #ifdef DEBUG_WOLFSSL
+        wolfSSL_Debugging_ON();
+    #endif
+
+    /* Create and initialize WOLFSSL_CTX */
+    if ((server_ctx = wolfSSL_CTX_new(
+            wolfSSLv23_server_method_ex((void *)NULL))) == NULL) {
+        printf("ERROR: failed to create WOLFSSL_CTX\n");
+        return;
+    }
+
+    ret = wolfSSL_CTX_use_certificate_buffer(server_ctx, cert,
+                                         sizeof_cert, SSL_FILETYPE_ASN1);
+    if (ret != SSL_SUCCESS) {
+        printf("Error %d loading server-cert!\n", ret);
+        return;
+    }
+
+    /* Load server key into WOLFSSL_CTX */
+    ret = wolfSSL_CTX_use_PrivateKey_buffer(server_ctx, key, sizeof_key,
+                                                    SSL_FILETYPE_ASN1);
+    if (ret != SSL_SUCCESS) {
+        printf("Error %d loading server-key!\n", ret);
+        return;
+    }
+
+    if (1) {
+        wolfSSL_CTX_set_verify(server_ctx, WOLFSSL_VERIFY_PEER |
+                            WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0);
+        if (wolfSSL_CTX_load_verify_buffer(server_ctx, clientCert,
+                                           sizeof_clicert,
+                                           SSL_FILETYPE_ASN1) != SSL_SUCCESS)
+            printf("can't load ca file, Please run from wolfSSL home dir\n");
+   }
+}
+
+int wolfSSL_TLS_server_do(void *pvParam)
+{
+    int ret;
+    WOLFSSL *ssl = NULL;
+    word32  len;
+    #define BUFF_SIZE 256
+    char buff[BUFF_SIZE];
+
+    TestInfo* p = (TestInfo*)pvParam;
+    WOLFSSL_CTX *ctx = (WOLFSSL_CTX *)p->ctx;;
+
+    /* FreeRTOS+TCP parameters and objects */
+    struct freertos_sockaddr xClient, xBindAddress;
+    Socket_t xListeningSocket, xConnectedSocket;
+    socklen_t xSize = sizeof(xClient);
+    const BaseType_t xBacklog = 1; /* Max number of connections */
+    static const TickType_t xReceiveTimeOut = portMAX_DELAY;
+
+    /* Send/Receive Message */
+    const char *reply = "I hear ya fa shizzle!\n";
+    len = (word32)XSTRLEN(*reply);
+
+    /* Attempt to open the socket. */
+    xListeningSocket = FreeRTOS_socket(FREERTOS_AF_INET,
+                                    FREERTOS_SOCK_STREAM,
+                                    FREERTOS_IPPROTO_TCP);
+    configASSERT(xListeningSocket != FREERTOS_INVALID_SOCKET);
+
+    /* Set a time out so accept() will just wait for a connection. */
+    FreeRTOS_setsockopt(xListeningSocket, 0,
+    FREERTOS_SO_RCVTIMEO, &xReceiveTimeOut, sizeof(xReceiveTimeOut));
+
+    xBindAddress.sin_port = (uint16_t) DEFAULT_PORT;
+    xBindAddress.sin_port = FreeRTOS_htons(xBindAddress.sin_port);
+
+    configASSERT(xListeningSocket != FREERTOS_INVALID_SOCKET);
+
+    ret = FreeRTOS_bind(xListeningSocket, &xBindAddress, sizeof(xBindAddress));
+    if (ret == FR_SOCKET_SUCCESS)
+        ret = FreeRTOS_listen(xListeningSocket, xBacklog);
+
+    if (ret != FR_SOCKET_SUCCESS) {
+        printf("Error [%d]: FreeRTOS_bind.\n",ret);
+        goto out;
+    }
+
+     while (1) {
+        ret = WOLFSSL_FAILURE;
+        xConnectedSocket = FreeRTOS_accept(xListeningSocket, &xClient, &xSize);
+        configASSERT(xConnectedSocket != FREERTOS_INVALID_SOCKET);
+
+        if((ssl = wolfSSL_new(ctx)) == NULL) {
+            printf("ERROR: failed wolfSSL_new\n");
+            goto out;
+        }
+        /* Attach wolfSSL to the socket */
+        ret = wolfSSL_set_fd(ssl, (int) xConnectedSocket);
+        /* Establish TLS connection */
+        if (ret != WOLFSSL_SUCCESS) {
+            printf("Error [%d]: wolfSSL_set_fd.\n",ret);
+            goto out;
+        }
+
+        if (wolfSSL_accept(ssl) < 0) {
+            printf("ERROR: SSL Accept(%d)\n", wolfSSL_get_error(ssl, 0));
+            goto out;
+        }
+
+
+        if ((len = wolfSSL_read(ssl, buff, sizeof(buff) - 1)) < 0) {
+            printf("ERROR: SSL Read(%d)\n", wolfSSL_get_error(ssl, 0));
+            goto out;
+        }
+
+        buff[len] = '\0';
+        printf("Received: %s\n", buff);
+
+        /* Write our reply into buff */
+        memset(buff, 0, sizeof(buff));
+        memcpy(buff, reply, len);
+
+        /* Reply back to the client */
+        if (wolfSSL_write(ssl, buff, len) != len) {
+            printf("ERROR: SSL Write(%d)\n", wolfSSL_get_error(ssl, 0));
+        }
+
+        /* Cleanup after this connection */
+        printf("Cleaning up socket and wolfSSL objects.\n");
+        if (xConnectedSocket != NULL)
+            FreeRTOS_closesocket(xConnectedSocket);
+        if (ssl != NULL)
+            wolfSSL_free(ssl);
+
+        printf("Waiting connection....");
+    }
+
+out:
+    if (ssl) {
+        wolfSSL_shutdown(ssl);
+        wolfSSL_free(ssl);
+    }
+
+    /* clean up socket */
+    if (xConnectedSocket) {
+        FreeRTOS_shutdown(xConnectedSocket, FREERTOS_SHUT_RDWR);
+        FreeRTOS_closesocket(xConnectedSocket);
+        xConnectedSocket = NULL;
+    }
+    if (xListeningSocket) {
+        FreeRTOS_shutdown(xListeningSocket, FREERTOS_SHUT_RDWR);
+        FreeRTOS_closesocket(xListeningSocket);
+        xListeningSocket = NULL;
+    }
+
+    return ret;
+}
+#endif /* TLS_SERVER */

IDE/Renesas/e2studio/RZN2L/test/src/wolfCrypt/.gitignore

@@ -0,0 +1,2 @@
+*
+!.gitignore

IDE/Renesas/e2studio/RZN2L/test/src/wolfSSL/.gitignore

@@ -0,0 +1,2 @@
+*
+!.gitignore

IDE/Renesas/e2studio/RZN2L/test/src/wolfssl_dummy.c

@@ -0,0 +1,33 @@
+/* wolfssl_dummy.c
+ *
+ * Copyright (C) 2006-2023 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <wolfssl/wolfcrypt/wc_port.h>
+
+#define YEAR 2023
+#define MON  5
+
+static int tick = 0;
+
+time_t time(time_t *t)
+{
+    (void)t;
+    return ((YEAR-1970)*365+30*MON)*24*60*60 + tick++;
+}

IDE/include.am

@@ -35,6 +35,7 @@ include IDE/Renesas/e2studio/RX65N/GR-ROSE/include.am
 include IDE/Renesas/e2studio/RX72N/EnvisionKit/include.am
 include IDE/Renesas/e2studio/RX65N/RSK/include.am
 include IDE/Renesas/e2studio/RA6M4/include.am
+include IDE/Renesas/e2studio/RZN2L/include.am
 include IDE/WICED-STUDIO/include.am
 include IDE/CRYPTOCELL/include.am
 include IDE/M68K/include.am

wolfcrypt/benchmark/benchmark.c

@@ -1323,7 +1323,11 @@ static const char* bench_result_words2[][5] = {
     #ifndef NO_HW_BENCH
         #define BENCH_DEVID
     #endif
-    #define BENCH_DEVID_GET_NAME(useDeviceID) (useDeviceID) ? "HW" : "SW"
+    #ifndef HAVE_RENESAS_SYNC
+        #define BENCH_DEVID_GET_NAME(useDeviceID) (useDeviceID) ? "HW" : "SW"
+    #else
+        #define BENCH_DEVID_GET_NAME(useDeviceID) ""
+    #endif
 #else
     #define BENCH_DEVID_GET_NAME(useDeviceID) ""
 #endif
@@ -1587,7 +1591,10 @@ static const XGEN_ALIGN byte bench_iv_buf[] =
 };
 static THREAD_LS_T byte* bench_key = NULL;
 static THREAD_LS_T byte* bench_iv = NULL;
-
+#ifdef HAVE_RENESAS_SYNC
+static THREAD_LS_T byte* bench_key1 = NULL;
+static THREAD_LS_T byte* bench_key2 = NULL;
+#endif
 #ifdef WOLFSSL_STATIC_MEMORY
     #ifdef WOLFSSL_STATIC_MEMORY_TEST_SZ
         static byte gBenchMemory[WOLFSSL_STATIC_MEMORY_TEST_SZ];
@@ -2381,6 +2388,11 @@ static void* benchmarks_do(void* args)
     }
     XMEMCPY(bench_key, bench_key_buf, sizeof(bench_key_buf));
     XMEMCPY(bench_iv, bench_iv_buf, sizeof(bench_iv_buf));
+#elif defined(HAVE_RENESAS_SYNC)
+    bench_key1 = (byte*)guser_PKCbInfo.wrapped_key_aes128;
+    bench_key2 = (byte*)guser_PKCbInfo.wrapped_key_aes256;
+    bench_key = (byte*)bench_key_buf;
+    bench_iv = (byte*)bench_iv_buf;
 #else
     bench_key = (byte*)bench_key_buf;
     bench_iv = (byte*)bench_iv_buf;
@@ -2396,7 +2408,7 @@ static void* benchmarks_do(void* args)
     #ifndef NO_SW_BENCH
         bench_aescbc(0);
     #endif
-    #if defined(BENCH_DEVID) || defined(HAVE_RENESAS_SYNC)
+    #if defined(BENCH_DEVID)
         bench_aescbc(1);
     #endif
     }
@@ -2412,8 +2424,12 @@ static void* benchmarks_do(void* args)
         !defined(NO_HW_BENCH)
         bench_aes_aad_options_wrap(bench_aesgcm, 1);
     #endif
-
-        bench_gmac();
+        #ifndef NO_SW_BENCH
+        bench_gmac(0);
+    #endif
+    #if defined(BENCH_DEVID)
+        bench_gmac(1);
+    #endif
     }
 #endif
 #ifdef HAVE_AES_ECB
@@ -2765,6 +2781,7 @@ static void* benchmarks_do(void* args)
 #endif
 
 #ifndef NO_RSA
+#ifndef HAVE_RENESAS_SYNC
     #ifdef WOLFSSL_KEY_GEN
         if (bench_all || (bench_asym_algs & BENCH_RSA_KEYGEN)) {
         #ifndef NO_SW_BENCH
@@ -2806,6 +2823,7 @@ static void* benchmarks_do(void* args)
     }
     #endif
 #endif
+#endif
 
 #ifndef NO_DH
     if (bench_all || (bench_asym_algs & BENCH_DH)) {
@@ -3440,17 +3458,27 @@ exit:
 void bench_aescbc(int useDeviceID)
 {
 #ifdef WOLFSSL_AES_128
+#ifdef HAVE_RENESAS_SYNC
+    bench_aescbc_internal(useDeviceID, bench_key1, 16, bench_iv,
+                 "AES-128-CBC-enc", "AES-128-CBC-dec");
+#else
     bench_aescbc_internal(useDeviceID, bench_key, 16, bench_iv,
                  "AES-128-CBC-enc", "AES-128-CBC-dec");
 #endif
+#endif
 #ifdef WOLFSSL_AES_192
     bench_aescbc_internal(useDeviceID, bench_key, 24, bench_iv,
                  "AES-192-CBC-enc", "AES-192-CBC-dec");
 #endif
 #ifdef WOLFSSL_AES_256
+#ifdef HAVE_RENESAS_SYNC
+    bench_aescbc_internal(useDeviceID, bench_key2, 32, bench_iv,
+                 "AES-256-CBC-enc", "AES-256-CBC-dec");
+#else
     bench_aescbc_internal(useDeviceID, bench_key, 32, bench_iv,
                  "AES-256-CBC-enc", "AES-256-CBC-dec");
 #endif
+#endif
 }
 
 #endif /* HAVE_AES_CBC */
@@ -3756,18 +3784,28 @@ void bench_aesgcm(int useDeviceID)
 #if defined(WOLFSSL_AES_128) && !defined(WOLFSSL_AFALG_XILINX_AES) \
         && !defined(WOLFSSL_XILINX_CRYPT)                          \
         ||  defined(WOLFSSL_XILINX_CRYPT_VERSAL)
+#ifdef HAVE_RENESAS_SYNC
+    bench_aesgcm_internal(useDeviceID, bench_key1, 16, bench_iv, 12,
+                          AES_GCM_STRING(128, enc), AES_GCM_STRING(128, dec));
+#else
     bench_aesgcm_internal(useDeviceID, bench_key, 16, bench_iv, 12,
                           AES_GCM_STRING(128, enc), AES_GCM_STRING(128, dec));
 #endif
+#endif
 #if defined(WOLFSSL_AES_192) && !defined(WOLFSSL_AFALG_XILINX_AES) \
         && !defined(WOLFSSL_XILINX_CRYPT)
     bench_aesgcm_internal(useDeviceID, bench_key, 24, bench_iv, 12,
                           AES_GCM_STRING(192, enc), AES_GCM_STRING(192, dec));
 #endif
 #ifdef WOLFSSL_AES_256
+#ifdef HAVE_RENESAS_SYNC
+    bench_aesgcm_internal(useDeviceID, bench_key2, 32, bench_iv, 12,
+                          AES_GCM_STRING(256, enc), AES_GCM_STRING(256, dec));
+#else
     bench_aesgcm_internal(useDeviceID, bench_key, 32, bench_iv, 12,
                           AES_GCM_STRING(256, enc), AES_GCM_STRING(256, dec));
 #endif
+#endif
 #ifdef WOLFSSL_AESGCM_STREAM
 #undef AES_GCM_STRING
 #define AES_GCM_STRING(n, dir)  AES_AAD_STRING("AES-" #n "-GCM-STREAM-" #dir)
@@ -3791,7 +3829,7 @@ void bench_aesgcm(int useDeviceID)
 }
 
 /* GMAC */
-void bench_gmac(void)
+void bench_gmac(int useDeviceID)
 {
     int ret, count = 0;
     Gmac gmac;
@@ -3815,9 +3853,13 @@ void bench_gmac(void)
     XMEMSET(bench_plain, 0, bench_size);
     XMEMSET(tag, 0, sizeof(tag));
     XMEMSET(&gmac, 0, sizeof(Gmac)); /* clear context */
-    (void)wc_AesInit((Aes*)&gmac, HEAP_HINT, INVALID_DEVID);
+    (void)wc_AesInit((Aes*)&gmac, HEAP_HINT,
+                useDeviceID ? devId: INVALID_DEVID);
+#ifdef HAVE_RENESAS_SYNC
+    wc_GmacSetKey(&gmac, bench_key1, 16);
+#else
     wc_GmacSetKey(&gmac, bench_key, 16);
-
+#endif
     bench_stats_start(&count, &start);
     do {
         ret = wc_GmacUpdate(&gmac, bench_iv, 12, bench_plain, bench_size,

wolfcrypt/benchmark/benchmark.h

@@ -51,7 +51,7 @@ void bench_chacha(void);
 void bench_chacha20_poly1305_aead(void);
 void bench_aescbc(int useDeviceID);
 void bench_aesgcm(int useDeviceID);
-void bench_gmac(void);
+void bench_gmac(int useDeviceID);
 void bench_aesccm(int useDeviceID);
 void bench_aesecb(int useDeviceID);
 void bench_aesxts(void);

wolfcrypt/src/aes.c

@@ -2796,6 +2796,11 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt(
 #elif defined(WOLFSSL_SILABS_SE_ACCEL)
     /* implemented in wolfcrypt/src/port/silabs/silabs_aes.c */
 
+#elif ((defined(WOLFSSL_RENESAS_FSPSM_TLS) || \
+      defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)) && \
+     !defined(NO_WOLFSSL_RENESAS_FSPSM_AES))
+    /* implemented in wolfcrypt/src/port/renesas/renesas_fspsm_aes.c */
+
 #else
 
     /* Software AES - SetKey */
@@ -4816,6 +4821,7 @@ int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len)
 
     if (!((len == 16) || (len == 24) || (len == 32)))
         return BAD_FUNC_ARG;
+
     if (aes == NULL) {
 #ifdef WOLFSSL_IMX6_CAAM_BLOB
         ForceZero(local, sizeof(local));
@@ -4832,7 +4838,6 @@ int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len)
 #ifdef WOLFSSL_AESGCM_STREAM
     aes->gcmKeySet = 1;
 #endif
-
     #ifdef WOLFSSL_AESNI
         /* AES-NI code generates its own H value. */
         if (haveAESNI)
@@ -4844,6 +4849,12 @@ int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len)
         }
     #endif /* WOLFSSL_SECO_CAAM */
 
+    #if ((defined(WOLFSSL_RENESAS_FSPSM_TLS) || \
+        defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)) && \
+        !defined(NO_WOLFSSL_RENESAS_FSPSM_AES))
+        return ret;
+    #endif /* WOLFSSL_RENESAS_RSIP && WOLFSSL_RENESAS_FSPSM_CRYPTONLY*/
+
 #if !defined(FREESCALE_LTC_AES_GCM)
     if (ret == 0)
         ret = wc_AesEncrypt(aes, iv, aes->gcm.H);
@@ -9651,6 +9662,9 @@ int wc_AesInit(Aes* aes, void* heap, int devId)
     ret = wc_psa_aes_init(aes);
 #endif
 
+#if defined(WOLFSSL_RENESAS_FSPSM)
+    XMEMSET(&aes->ctx, 0, sizeof(aes->ctx));
+#endif
     return ret;
 }
 
@@ -9764,6 +9778,12 @@ void wc_AesFree(Aes* aes)
 #ifdef WOLFSSL_CHECK_MEM_ZERO
     wc_MemZero_Check(aes, sizeof(Aes));
 #endif
+
+#if ((defined(WOLFSSL_RENESAS_FSPSM_TLS) || \
+    defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)) && \
+    !defined(NO_WOLFSSL_RENESAS_FSPSM_AES))
+    wc_fspsm_Aesfree(aes);
+#endif
 }
 
 

wolfcrypt/src/port/Renesas/renesas_common.c

@@ -51,6 +51,8 @@ uint32_t   g_CAscm_Idx = (uint32_t)-1; /* index of CM table    */
 static int gdevId = 7890;           /* initial dev Id for Crypt Callback */
 
 #ifdef WOLF_CRYPTO_CB
+/* store callback ctx by devId */
+FSPSM_ST    *gCbCtx[MAX_FSPSM_CBINDEX];
 
 #include <wolfssl/wolfcrypt/cryptocb.h>
 
@@ -271,25 +273,6 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
                  (cbInfo->keyflgs_crypt.bits.aes128_installedkey_set == 1 &&
                   info->cipher.aesgcm_enc.aes->keylen == 16))) {
 
-                if (cbInfo->keyflgs_crypt.bits.aes256_installedkey_set == 1 &&
-                  info->cipher.aesgcm_enc.aes->keylen == 32) {
-
-                    XMEMCPY(&info->cipher.aesgcm_enc.aes->ctx.wrapped_key,
-                        &cbInfo->wrapped_key_aes256,
-                        sizeof(FSPSM_AES_WKEY));
-                    info->cipher.aesgcm_enc.aes->ctx.keySize = 32;
-
-                }
-                else if (
-                    cbInfo->keyflgs_crypt.bits.aes128_installedkey_set == 1 &&
-                    info->cipher.aesgcm_enc.aes->keylen == 16) {
-
-                    XMEMCPY(&info->cipher.aesgcm_enc.aes->ctx.wrapped_key,
-                            &cbInfo->wrapped_key_aes128,
-                            sizeof(FSPSM_AES_WKEY));
-                    info->cipher.aesgcm_enc.aes->ctx.keySize = 16;
-                }
-
                 ret = wc_fspsm_AesGcmEncrypt(
                         info->cipher.aesgcm_enc.aes,
                         (byte*)info->cipher.aesgcm_enc.out,
@@ -310,25 +293,6 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
                     (cbInfo->keyflgs_crypt.bits.aes128_installedkey_set == 1 &&
                        info->cipher.aesgcm_dec.aes->keylen == 16)) {
 
-                if (cbInfo->keyflgs_crypt.bits.aes256_installedkey_set == 1 &&
-                  info->cipher.aesgcm_dec.aes->keylen == 32) {
-
-                    XMEMCPY(&info->cipher.aesgcm_dec.aes->ctx.wrapped_key,
-                            &cbInfo->wrapped_key_aes256,
-                            sizeof(FSPSM_AES_WKEY));
-                    info->cipher.aesgcm_dec.aes->ctx.keySize = 32;
-
-                }
-                else if (
-                    cbInfo->keyflgs_crypt.bits.aes128_installedkey_set == 1 &&
-                    info->cipher.aesgcm_dec.aes->keylen == 16) {
-
-                    XMEMCPY(&info->cipher.aesgcm_dec.aes->ctx.wrapped_key,
-                            &cbInfo->wrapped_key_aes128,
-                            sizeof(FSPSM_AES_WKEY));
-                    info->cipher.aesgcm_dec.aes->ctx.keySize = 16;
-                }
-
                 ret = wc_fspsm_AesGcmDecrypt(
                         info->cipher.aesgcm_dec.aes,
                         (byte*)info->cipher.aesgcm_dec.out,
@@ -351,26 +315,7 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
                 info->cipher.aescbc.aes->keylen == 32) ||
             (cbInfo->keyflgs_crypt.bits.aes128_installedkey_set == 1 &&
                 info->cipher.aescbc.aes->keylen == 16))) {
-
                 if (info->cipher.enc) {
-                    if (
-                    cbInfo->keyflgs_crypt.bits.aes256_installedkey_set == 1 &&
-                    info->cipher.aescbc.aes->keylen == 32) {
-                        XMEMCPY(&info->cipher.aescbc.aes->ctx.wrapped_key,
-                                &cbInfo->wrapped_key_aes256,
-                                sizeof(FSPSM_AES_WKEY));
-                        info->cipher.aescbc.aes->ctx.keySize = 32;
-
-                    }
-                    else if (
-                        cbInfo->keyflgs_crypt.bits.aes128_installedkey_set == 1
-                        && info->cipher.aescbc.aes->keylen == 16) {
-                        XMEMCPY(&info->cipher.aescbc.aes->ctx.wrapped_key,
-                                &cbInfo->wrapped_key_aes128,
-                                sizeof(FSPSM_AES_WKEY));
-                        info->cipher.aescbc.aes->ctx.keySize = 16;
-                    }
-
                     ret = wc_fspsm_AesCbcEncrypt(
                         info->cipher.aescbc.aes,
                         (byte*)info->cipher.aescbc.out,
@@ -378,22 +323,6 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
                         info->cipher.aescbc.sz);
                 }
                 else {
-                    if (
-                    cbInfo->keyflgs_crypt.bits.aes256_installedkey_set == 1 &&
-                    info->cipher.aescbc.aes->keylen == 32) {
-                        XMEMCPY(&info->cipher.aescbc.aes->ctx.wrapped_key,
-                                &cbInfo->wrapped_key_aes256,
-                                sizeof(FSPSM_AES_WKEY));
-                        info->cipher.aescbc.aes->ctx.keySize = 32;
-                    }  else if (
-                        cbInfo->keyflgs_crypt.bits.aes128_installedkey_set == 1
-                        && info->cipher.aescbc.aes->keylen == 16) {
-                        XMEMCPY(&info->cipher.aescbc.aes->ctx.wrapped_key,
-                                &cbInfo->wrapped_key_aes128,
-                                sizeof(FSPSM_AES_WKEY));
-                        info->cipher.aescbc.aes->ctx.keySize = 16;
-                    }
-
                     ret = wc_fspsm_AesCbcDecrypt(
                         info->cipher.aescbc.aes,
                         (byte*)info->cipher.aescbc.out,
@@ -412,7 +341,8 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
         if (info->pk.type == WC_PK_TYPE_RSA_KEYGEN &&
             (info->pk.rsakg.size == 1024 ||
              info->pk.rsakg.size == 2048)) {
-            ret = wc_fspsm_MakeRsaKey(info->pk.rsakg.size, (void*)ctx);
+            ret = wc_fspsm_MakeRsaKey(info->pk.rsakg.key,
+                    info->pk.rsakg.size, (void*)ctx);
         }
        #endif
         if (info->pk.type == WC_PK_TYPE_RSA) {
@@ -420,14 +350,8 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
              * in advance. SCE supports 1024 or 2048 bits key size.
              * otherwise, falls-through happens.
              */
-            if (cbInfo->keyflgs_crypt.bits.rsapri2048_installedkey_set == 1
-                 ||
-                 cbInfo->keyflgs_crypt.bits.rsapub2048_installedkey_set == 1
-                ||
-                cbInfo->keyflgs_crypt.bits.rsapri1024_installedkey_set == 1
-                 ||
-                 cbInfo->keyflgs_crypt.bits.rsapub1024_installedkey_set == 1
-                ) {
+            if (info->pk.rsa.key->ctx.keySz == 1024 ||
+                info->pk.rsa.key->ctx.keySz == 2048) {
 
                 if (info->pk.rsa.type == RSA_PRIVATE_DECRYPT ||
                     info->pk.rsa.type == RSA_PUBLIC_ENCRYPT  )
@@ -435,11 +359,10 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
                         ret = wc_fspsm_RsaFunction(info->pk.rsa.in,
                                         info->pk.rsa.inLen,
                                         info->pk.rsa.out,
-                                        info->pk.rsa.outLen,
+                                        &info->pk.rsa.outLen,
                                         info->pk.rsa.type,
                                         info->pk.rsa.key,
-                                        info->pk.rsa.rng,
-                                        (void*)ctx);
+                                        info->pk.rsa.rng);
                 }
                 else if (info->pk.rsa.type == RSA_PRIVATE_ENCRYPT /* sign */){
                    ret = wc_fspsm_RsaSign(info->pk.rsa.in,
@@ -498,6 +421,21 @@ int Renesas_cmn_usable(const WOLFSSL* ssl, byte session_key_generated)
     return ret;
 }
 
+/* Renesas Security Library Common Method
+ * Get Callback ctx by devId
+ *
+ * devId   : devId to get its CTX
+ * return  asocciated CTX when the method is succesfully called.
+ *         otherwise, NULL
+ */
+WOLFSSL_LOCAL void *Renesas_cmn_GetCbCtxBydevId(int devId)
+{
+    if (devId >= 7890 && devId <= (MAX_FSPSM_CBINDEX + 7890))
+        return gCbCtx[devId - 7890];
+    else
+        return NULL;
+}
+
 /* Renesas Security Library Common Method
  * Crypt Callback initialization
  *
@@ -559,6 +497,8 @@ int wc_CryptoCb_CryptInitRenesasCmn(WOLFSSL* ssl, void* ctx)
         gdevId = 7890;
     }
 
+    gCbCtx[cbInfo->devId - 7890] = (void*)cbInfo;
+    
     return cbInfo->devId;
 }
 

wolfcrypt/src/port/Renesas/renesas_fspsm_aes.c

@@ -34,6 +34,9 @@
 #include <wolfssl/wolfcrypt/error-crypt.h>
 #include <wolfssl/internal.h>
 #include <wolfssl/wolfcrypt/aes.h>
+#ifdef WOLF_CRYPTO_CB
+    #include <wolfssl/wolfcrypt/cryptocb.h>
+#endif
 #include "wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h"
 
 #ifdef NO_INLINE
@@ -45,8 +48,14 @@
 
 struct Aes;
 
+WOLFSSL_LOCAL void *Renesas_cmn_GetCbCtxBydevId(int devId);
+
 #define SCE_AES_GCM_AUTH_TAG_SIZE  16
 
+#if defined(WOLFSSL_RENESAS_RSIP)
+extern FSPSM_INSTANCE   gFSPSM_ctrl;
+#endif
+
 typedef fsp_err_t (*aesGcmEncInitFn)
         (FSPSM_AESGCM_HANDLE*, FSPSM_AES_WKEY*, uint8_t*, uint32_t);
 typedef fsp_err_t (*aesGcmEncUpdateFn)
@@ -61,6 +70,134 @@ typedef fsp_err_t (*aesGcmDecUpdateFn)
 typedef fsp_err_t (*aesGcmDecFinalFn)
         (FSPSM_AESGCM_HANDLE*, uint8_t*, uint32_t*, uint8_t*, uint32_t);
 
+#if defined(WOLFSSL_RENESAS_RSIP)
+/* wrapper for Gcm enrypt init */
+static fsp_err_t _R_RSIP_AES_GCM_EncryptInit(FSPSM_AESGCM_HANDLE* h, 
+                                        FSPSM_AES_WKEY* k, uint8_t* iv, 
+                                        uint32_t iv_l)
+{
+    (void) h;
+    return R_RSIP_AES_GCM_EncryptInit(&gFSPSM_ctrl, (FSPSM_AES_WKEY const)*k, 
+                                            (uint8_t* const)iv, iv_l);
+}
+/* wrapper for Gcm enrypt update */
+static fsp_err_t _R_RSIP_AES_GCM_EncryptUpdate(FSPSM_AESGCM_HANDLE* h, 
+        uint8_t* p_plain, uint8_t* p_cipher, uint32_t plain_length, 
+        uint8_t* p_add, uint32_t add_len)
+{
+    (void) h;
+    return R_RSIP_AES_GCM_EncryptUpdate(&gFSPSM_ctrl, (uint8_t* const) p_plain,
+                                      (uint8_t* const) p_cipher,
+                                      (uint32_t const) plain_length,
+                                      (uint8_t* const) p_add,
+                                      (uint32_t const) add_len);
+}
+/* wrapper for Gcm enrypt final */
+static fsp_err_t _R_RSIP_AES_GCM_EncryptFinal(FSPSM_AESGCM_HANDLE* h, 
+                                        uint8_t* p_cipher, uint32_t* c_len, 
+                                        uint8_t* p_atag)
+{
+    (void) h;
+    return R_RSIP_AES_GCM_EncryptFinal(&gFSPSM_ctrl, (uint8_t* const) p_cipher,
+                                      (uint32_t* const) c_len,
+                                      (uint8_t* const) p_atag);
+}
+/* wrapper for Gcm decrypt init */
+static fsp_err_t _R_RSIP_AES_GCM_DecryptInit(FSPSM_AESGCM_HANDLE* h, 
+                                FSPSM_AES_WKEY* k, uint8_t* iv, uint32_t iv_l)
+{
+    (void) h;
+    return R_RSIP_AES_GCM_DecryptInit(&gFSPSM_ctrl, (FSPSM_AES_WKEY const)*k, 
+                                                    (uint8_t* const)iv, iv_l);
+}
+/* wrapper for Gcm decrypt update */
+static fsp_err_t _R_RSIP_AES_GCM_DecryptUpdate(FSPSM_AESGCM_HANDLE* h, 
+        uint8_t* p_cipher, uint8_t* p_plain, uint32_t c_length, 
+        uint8_t* p_add, uint32_t add_len)
+{
+    (void) h;
+    return R_RSIP_AES_GCM_DecryptUpdate(&gFSPSM_ctrl, (uint8_t* const) p_cipher,
+                                      (uint8_t* const) p_plain,
+                                      (uint32_t const) c_length,
+                                      (uint8_t* const) p_add,
+                                      (uint32_t const) add_len);
+}
+/* wrapper for Gcm decrypt final */
+static fsp_err_t _R_RSIP_AES_GCM_DecryptFinal(FSPSM_AESGCM_HANDLE* h, 
+                                        uint8_t* p_plain, uint32_t* plain_len, 
+                                        uint8_t* p_atag, uint32_t atag_len)
+{
+    (void) h;
+    return R_RSIP_AES_GCM_DecryptFinal(&gFSPSM_ctrl, (uint8_t* const) p_plain,
+                                      (uint32_t* const) plain_len,
+                                      (uint8_t* const) p_atag,
+                                      (uint32_t const) atag_len);
+}
+/* wrapper for aes cbc encrypt init */
+static fsp_err_t _R_RSIP_AESCBC_Cipher_EncryptInit(FSPSM_AES_HANDLE* h,
+                                      FSPSM_AES_WKEY k,
+                                      uint8_t* iv)
+{
+    (void) h;
+    return R_RSIP_AES_Cipher_EncryptInit(&gFSPSM_ctrl,
+                                        RSIP_AES_MODE_CBC,
+                                        k, iv);
+}
+/* wrapper for aes cbc encrypt update */
+static fsp_err_t _R_RSIP_AESCBC_Cipher_EncryptUpdate(FSPSM_AES_HANDLE* h,
+                                      uint8_t* p_plain,
+                                      uint8_t* p_cipher,
+                                      uint32_t plain_length)
+{
+    (void) h;
+    return R_RSIP_AES_Cipher_EncryptUpdate(&gFSPSM_ctrl,
+                                        (const uint8_t* const)p_plain,
+                                        (uint8_t* const)p_cipher,
+                                        (const uint32_t)plain_length);
+}
+/* wrapper for aes cbc encrypt final */
+static fsp_err_t _R_RSIP_AESCBC_Cipher_EncryptFinal(FSPSM_AES_HANDLE* h,
+                                      uint8_t* p_cipher,
+                                      uint32_t* cipher_lengh)
+{
+    (void) h;
+    return R_RSIP_AES_Cipher_EncryptFinal(&gFSPSM_ctrl,
+                                        (uint8_t* const)p_cipher,
+                                        (uint32_t* const)cipher_lengh);
+}
+/* wrapper for aes cbc decrypt init */
+static fsp_err_t _R_RSIP_AESCBC_Cipher_DecryptInit(FSPSM_AES_HANDLE* h,
+                                      FSPSM_AES_WKEY k,
+                                      uint8_t* iv)
+{
+    (void) h;
+    return R_RSIP_AES_Cipher_DecryptInit(&gFSPSM_ctrl,
+                                        RSIP_AES_MODE_CBC,
+                                        k, iv);
+}
+/* wrapper for aes cbc decrypt update */
+static fsp_err_t _R_RSIP_AESCBC_Cipher_DecryptUpdate(FSPSM_AES_HANDLE* h,
+                                      uint8_t* p_cipher,
+                                      uint8_t* p_plain,
+                                      uint32_t cipher_lengh)
+{
+    (void) h;
+    return R_RSIP_AES_Cipher_DecryptUpdate(&gFSPSM_ctrl,
+                                        (const uint8_t* const)p_cipher,
+                                        (uint8_t* const)p_plain,
+                                        (const uint32_t)cipher_lengh);
+}
+/* wrapper for aes cbc encrypt final */
+static fsp_err_t _R_RSIP_AESCBC_Cipher_DecryptFinal(FSPSM_AES_HANDLE* h,
+                                      uint8_t* p_plain,
+                                      uint32_t* plain_lengh)
+{
+    (void) h;
+    return R_RSIP_AES_Cipher_DecryptFinal(&gFSPSM_ctrl,
+                                        (uint8_t* const)p_plain,
+                                        (uint32_t* const)plain_lengh);
+}
+#endif
 /* Perform Aes Gcm encryption by FSP SM
  *
  * aes    The AES object.
@@ -97,11 +234,14 @@ WOLFSSL_LOCAL int  wc_fspsm_AesGcmEncrypt(struct Aes* aes, byte* out,
     const uint8_t* iv_l = NULL;
     uint32_t ivSz_l = 0;
 
+#ifdef WOLFSSL_RENESAS_FSPSM_TLS
     FSPSM_HMAC_WKEY key_client_mac;
     FSPSM_HMAC_WKEY key_server_mac;
+#endif
     FSPSM_AES_WKEY      key_client_aes;
     FSPSM_AES_WKEY      key_server_aes;
-
+    (void) key_server_aes;
+    
     /* sanity check */
     if (aes == NULL || authTagSz > AES_BLOCK_SIZE || ivSz == 0 || ctx == NULL) {
         return BAD_FUNC_ARG;
@@ -136,13 +276,14 @@ WOLFSSL_LOCAL int  wc_fspsm_AesGcmEncrypt(struct Aes* aes, byte* out,
          * those buffers 32bit aligned as SCE requests.
          */
          delta = ((sz % AES_BLOCK_SIZE) == 0) ? 0 :
-                             AES_BLOCK_SIZE - (sz % AES_BLOCK_SIZE);
+                             (byte)(AES_BLOCK_SIZE - (sz % AES_BLOCK_SIZE));
         plainBuf  = XMALLOC(sz, aes->heap, DYNAMIC_TYPE_AES);
         cipherBuf = XMALLOC(sz + delta, aes->heap, DYNAMIC_TYPE_AES);
         aTagBuf   = XMALLOC(SCE_AES_GCM_AUTH_TAG_SIZE, aes->heap,
                                                         DYNAMIC_TYPE_AES);
 
-        if (plainBuf == NULL || cipherBuf == NULL || aTagBuf == NULL) {
+        if ((sz > 0 && plainBuf == NULL) || 
+            ((sz + delta) > 0 && cipherBuf == NULL) || aTagBuf == NULL) {
             WOLFSSL_MSG("wc_fspsm_AesGcmEncrypt: buffer allocation failed");
             ret = -1;
         }
@@ -183,14 +324,22 @@ WOLFSSL_LOCAL int  wc_fspsm_AesGcmEncrypt(struct Aes* aes, byte* out,
             if (info->keyflgs_crypt.bits.aes256_installedkey_set == 1 ||
                 info->keyflgs_crypt.bits.aes128_installedkey_set == 1) {
                 if (aes->ctx.keySize == 32) {
+                #if defined(WOLFSSL_RENESAS_RSIP)
+                    key_client_aes = aes->ctx.wrapped_key;
+                #else
                     XMEMCPY(&key_client_aes, 
                         (FSPSM_AES_WKEY*)info->wrapped_key_aes256,
                         sizeof(FSPSM_AES_WKEY));
+                #endif
                 }
                 else {
+                #if defined(WOLFSSL_RENESAS_RSIP)
+                    key_client_aes = aes->ctx.wrapped_key;
+                #else
                     XMEMCPY(&key_client_aes, 
                         (FSPSM_AES_WKEY*)info->wrapped_key_aes128,
                         sizeof(FSPSM_AES_WKEY));
+                #endif
                 }
                 iv_l = iv;
                 ivSz_l = ivSz;
@@ -297,11 +446,13 @@ WOLFSSL_LOCAL int  wc_fspsm_AesGcmDecrypt(struct Aes* aes, byte* out,
     const uint8_t* iv_l = NULL;
     uint32_t ivSz_l = 0;
 
+#ifdef WOLFSSL_RENESAS_TLS
     FSPSM_HMAC_WKEY key_client_mac;
     FSPSM_HMAC_WKEY key_server_mac;
+#endif
     FSPSM_AES_WKEY      key_client_aes;
     FSPSM_AES_WKEY      key_server_aes;
-
+    (void) key_client_aes;
     /* sanity check */
     if (aes == NULL || authTagSz > AES_BLOCK_SIZE || ivSz == 0 || ctx == NULL) {
         return BAD_FUNC_ARG;
@@ -334,7 +485,7 @@ WOLFSSL_LOCAL int  wc_fspsm_AesGcmDecrypt(struct Aes* aes, byte* out,
          * TSIP requests those buffers 32bit aligned.
          */
          delta = ((sz % AES_BLOCK_SIZE) == 0) ? 0 :
-                                      AES_BLOCK_SIZE - (sz % AES_BLOCK_SIZE);
+                            (byte)(AES_BLOCK_SIZE - (sz % AES_BLOCK_SIZE));
         cipherBuf = XMALLOC(sz, aes->heap, DYNAMIC_TYPE_AES);
         plainBuf  = XMALLOC(sz + delta, aes->heap, DYNAMIC_TYPE_AES);
         aTagBuf   = XMALLOC(SCE_AES_GCM_AUTH_TAG_SIZE, aes->heap,
@@ -378,14 +529,22 @@ WOLFSSL_LOCAL int  wc_fspsm_AesGcmDecrypt(struct Aes* aes, byte* out,
             if (info->keyflgs_crypt.bits.aes256_installedkey_set == 1 ||
                 info->keyflgs_crypt.bits.aes128_installedkey_set == 1) {
                 if (aes->ctx.keySize == 32) {
+                #if defined(WOLFSSL_RENESAS_RSIP)
+                    key_server_aes = aes->ctx.wrapped_key;
+                #else
                     XMEMCPY(&key_server_aes, 
                         (FSPSM_AES_WKEY*)info->wrapped_key_aes256,
                         sizeof(FSPSM_AES_WKEY));
+                #endif
                 }
                 else {
+                #if defined(WOLFSSL_RENESAS_RSIP)
+                    key_server_aes = aes->ctx.wrapped_key;
+                #else
                     XMEMCPY(&key_server_aes, 
                         (FSPSM_AES_WKEY*)info->wrapped_key_aes128,
                         sizeof(FSPSM_AES_WKEY));
+                #endif
                 }
                 iv_l = iv;
                 ivSz_l = ivSz;
@@ -480,10 +639,22 @@ WOLFSSL_LOCAL int wc_fspsm_AesCbcEncrypt(struct Aes* aes, byte* out,
     }
 
     if (aes->ctx.keySize == 16) {
-        ret = FSPSM_AES128CBCEnc_Init(&_handle, &aes->ctx.wrapped_key, iv);
+        ret = FSPSM_AES128CBCEnc_Init(&_handle,
+        #ifdef WOLFSSL_RENESAS_RSIP
+            aes->ctx.wrapped_key,
+        #else
+            &aes->ctx.wrapped_key,
+        #endif
+            iv);
     }
     else if (aes->ctx.keySize == 32) {
-        ret = FSPSM_AES256CBCEnc_Init(&_handle, &aes->ctx.wrapped_key, iv);
+        ret = FSPSM_AES256CBCEnc_Init(&_handle,
+        #ifdef WOLFSSL_RENESAS_RSIP
+            aes->ctx.wrapped_key,
+        #else
+            &aes->ctx.wrapped_key,
+        #endif
+            iv);
     }
     else {
         WOLFSSL_MSG("invalid key Size for SCE. Key size is neither 16 or 32.");
@@ -548,10 +719,22 @@ WOLFSSL_LOCAL int wc_fspsm_AesCbcDecrypt(struct Aes* aes, byte* out,
     }
 
     if (aes->ctx.keySize == 16) {
-        ret = FSPSM_AES128CBCDec_Init(&_handle, &aes->ctx.wrapped_key, iv);
+        ret = FSPSM_AES128CBCDec_Init(&_handle,
+        #ifdef WOLFSSL_RENESAS_RSIP
+            aes->ctx.wrapped_key,
+        #else
+            &aes->ctx.wrapped_key,
+        #endif
+            iv);
     }
     else if (aes->ctx.keySize == 32) {
-        ret = FSPSM_AES256CBCDec_Init(&_handle, &aes->ctx.wrapped_key, iv);
+        ret = FSPSM_AES256CBCDec_Init(&_handle,
+        #ifdef WOLFSSL_RENESAS_RSIP
+            aes->ctx.wrapped_key,
+        #else
+            &aes->ctx.wrapped_key,
+        #endif
+            iv);
     }
     else {
         wc_fspsm_hw_unlock();
@@ -586,5 +769,56 @@ WOLFSSL_LOCAL int wc_fspsm_AesCbcDecrypt(struct Aes* aes, byte* out,
     return ret;
 }
 
-#endif /* WOLFSSL_RENESAS_TSIP_CRYPT */
+
+/* free contentx related to FSP SM
+ *
+ * aes    The AES object.
+ * return none
+ */
+WOLFSSL_LOCAL void wc_fspsm_Aesfree(Aes* aes)
+{
+#if defined(WOLFSSL_RENESAS_RSIP)
+    if (aes->ctx.wrapped_key) {
+        /* aes ctx just points user created wrapped key.
+         * therefore, it just sets pointing to NULL.
+         * user key should be freed by owenr(user)
+         */
+        aes->ctx.wrapped_key = NULL;
+    }
+#endif
+}
+
+int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen,
+    const byte* iv, int dir)
+{
+    (void) userKey;
+    (void) dir;
+    
+    if (aes == NULL || userKey == NULL || 
+            !((keylen == 16) || (keylen == 32))) {
+        return BAD_FUNC_ARG;
+    }
+
+    if (aes->devId == INVALID_DEVID) {
+        return BAD_FUNC_ARG;
+    }
+
+#ifdef WOLFSSL_AES_COUNTER
+    aes->left = 0;
+#endif
+
+    /* if there is previous key, free */
+    if(aes->ctx.wrapped_key)
+        wc_fspsm_Aesfree(aes);
+        
+    /* generate aes key beased on length */
+    aes->ctx.wrapped_key = (FSPSM_AES_WKEY)userKey;
+    aes->keylen = (int)keylen;
+    aes->ctx.keySize = keylen;
+    
+    return wc_AesSetIV(aes, iv);
+}
+#endif /* WOLFSSL_RENESAS_FSPSM_TLS
+          WOLFSSL_RENESAS_FSPSM_CRYPTONLY
+          NO_WOLFSSL_RENESAS_FSPSM_AES */
 #endif /* NO_AES */

wolfcrypt/src/port/Renesas/renesas_fspsm_rsa.c

@@ -36,147 +36,76 @@
 #include <wolfssl/wolfcrypt/rsa.h>
 #include <wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h>
 
-/* Make Rsa key for SCE and set it to callback ctx
- * Assumes to be called by Crypt Callback
+#if defined(WOLFSSL_RENESAS_RSIP)
+extern FSPSM_INSTANCE   gFSPSM_ctrl;
+#endif
+
+/* Set Ctx pointer to NULL. 
+ * A created wrapped key should be freed by user
  *
+ * key    RsaKey object
+ * return none
+ */
+WOLFSSL_LOCAL void wc_fspsm_RsaKeyFree(RsaKey *key)
+{
+    if (key == NULL)
+        return;
+
+    if(key->ctx.wrapped_pri1024_key)
+        key->ctx.wrapped_pri1024_key = NULL;
+
+    if(key->ctx.wrapped_pub1024_key)
+        key->ctx.wrapped_pub1024_key = NULL;
+
+    if(key->ctx.wrapped_pri2048_key)
+        key->ctx.wrapped_pri2048_key = NULL;
+
+    if(key->ctx.wrapped_pub2048_key)
+        key->ctx.wrapped_pub2048_key = NULL;
+}
+
+/* Set Rsa key by pre-created wrapped user key
+ *
+ * key    RsaKey object
  * size   desired keylenth, in bits. supports 1024 or 2048 bits
  * ctx    Callback context including pointer to hold generated key
  * return FSP_SUCCESS(0) on Success, otherwise negative value
  */
-WOLFSSL_LOCAL int wc_fspsm_MakeRsaKey(int size, void* ctx)
+WOLFSSL_LOCAL int wc_fspsm_MakeRsaKey(RsaKey *key, int size, void* ctx)
 {
-    fsp_err_t   ret;
     FSPSM_ST    *info = (FSPSM_ST*)ctx;
 
-    FSPSM_RSA1024_WPA_KEY *wrapped_pair1024_key = NULL;
-    FSPSM_RSA2048_WPA_KEY *wrapped_pair2048_key = NULL;
-
     /* sanity check */
-    if (ctx == NULL)
+    if (key == NULL || size < 0 || ctx == NULL)
         return BAD_FUNC_ARG;
-    
 
-    if ((ret = wc_fspsm_hw_lock()) == 0) {
-        if (size == 1024) {
-            wrapped_pair1024_key = 
-            (FSPSM_RSA1024_WPA_KEY*)XMALLOC(
-                sizeof(FSPSM_RSA1024_WPA_KEY), NULL,
-                                                DYNAMIC_TYPE_RSA_BUFFER);
-            if (wrapped_pair1024_key == NULL)
-                return MEMORY_E;
-                
-            ret = FSPSM_RSA1024_KEYPA_GEN(wrapped_pair1024_key);
+    if (size == 1024) {
+        if(info->keyflgs_crypt.bits.rsapri1024_installedkey_set != 1 ||
+           info->keyflgs_crypt.bits.rsapub1024_installedkey_set != 1) {
+            WOLFSSL_MSG("Caller should create user key in advance.");
+            WOLFSSL_MSG("Caller also need to installedkey to 1.");
+            return BAD_FUNC_ARG;
         }
-        else if (size == 2048) {
-            wrapped_pair2048_key = 
-            (FSPSM_RSA2048_WPA_KEY*)XMALLOC(
-                sizeof(FSPSM_RSA2048_WPA_KEY), NULL, 
-                                                DYNAMIC_TYPE_RSA_BUFFER);
-            if (wrapped_pair2048_key == NULL)
-                return MEMORY_E;
-                
-            ret = FSPSM_RSA1024_KEYPA_GEN(wrapped_pair2048_key);
+        key->ctx.wrapped_pri1024_key = info->wrapped_key_rsapri1024;
+        key->ctx.wrapped_pub1024_key = info->wrapped_key_rsapub1024;
+        key->ctx.keySz = 1024;
+    } else if (size == 2048) {
+        if(info->keyflgs_crypt.bits.rsapri2048_installedkey_set != 1 ||
+            info->keyflgs_crypt.bits.rsapub2048_installedkey_set != 1) {
+                WOLFSSL_MSG("Caller should create user key in advance.");
+                WOLFSSL_MSG("Caller also need to installedkey to 1.");
+                return BAD_FUNC_ARG;
         }
-        else
-            return CRYPTOCB_UNAVAILABLE;
-            
-        if (ret == FSP_SUCCESS) {
-            if (size == 1024) {
-                if (info->wrapped_key_rsapri1024 != NULL) {
-                    XFREE(info->wrapped_key_rsapri1024, NULL, 
-                                                DYNAMIC_TYPE_RSA_BUFFER);
-                }
-                if (info->wrapped_key_rsapub1024 != NULL) {
-                    XFREE(info->wrapped_key_rsapub1024, NULL, 
-                                                DYNAMIC_TYPE_RSA_BUFFER);
-                }
-                info->wrapped_key_rsapri1024 = 
-                (FSPSM_RSA1024_WPI_KEY*)XMALLOC(
-                    sizeof(FSPSM_RSA1024_WPI_KEY), NULL, 
-                                                DYNAMIC_TYPE_RSA_BUFFER);
-                    
-                if (info->wrapped_key_rsapri1024 == NULL) {
-                    XFREE(wrapped_pair1024_key, 0, DYNAMIC_TYPE_RSA_BUFFER);
-                    return MEMORY_E;
-                }
-                
-                info->wrapped_key_rsapub1024 =
-                (FSPSM_RSA1024_WPB_KEY*)XMALLOC(
-                    sizeof(FSPSM_RSA1024_WPB_KEY), NULL, 
-                                                DYNAMIC_TYPE_RSA_BUFFER);
-                    
-                if (info->wrapped_key_rsapub1024 == NULL) {
-                    XFREE(wrapped_pair1024_key, 0, DYNAMIC_TYPE_RSA_BUFFER);
-                    XFREE(info->wrapped_key_rsapub1024, 0, 
-                                                DYNAMIC_TYPE_RSA_BUFFER);
-                    return MEMORY_E;
-                }
-                /* copy generated key pair and free malloced key */
-                XMEMCPY(info->wrapped_key_rsapri1024, 
-                                    &wrapped_pair1024_key->priv_key,
-                                    sizeof(FSPSM_RSA1024_WPI_KEY));
-                XMEMCPY(info->wrapped_key_rsapub1024, 
-                                    &wrapped_pair1024_key->pub_key,
-                                    sizeof(FSPSM_RSA1024_WPB_KEY));
-                XFREE(wrapped_pair1024_key, 0, DYNAMIC_TYPE_RSA_BUFFER);
-                
-                info->keyflgs_crypt.bits.rsapri1024_installedkey_set = 1;
-                info->keyflgs_crypt.bits.rsapub1024_installedkey_set = 1;
-            }
-            else if (size == 2048) {
-                if (info->wrapped_key_rsapri2048 != NULL) {
-                    XFREE(info->wrapped_key_rsapri2048, NULL, 
-                                    DYNAMIC_TYPE_RSA_BUFFER);
-                }
-                if (info->wrapped_key_rsapub2048 != NULL) {
-                    XFREE(info->wrapped_key_rsapub2048, NULL, 
-                                    DYNAMIC_TYPE_RSA_BUFFER);
-                }
-                info->wrapped_key_rsapri2048 = 
-                (FSPSM_RSA2048_WPI_KEY*)XMALLOC(
-                    sizeof(FSPSM_RSA2048_WPI_KEY), NULL, 
-                                    DYNAMIC_TYPE_RSA_BUFFER);
-                    
-                if (info->wrapped_key_rsapri2048 == NULL) {
-                    XFREE(wrapped_pair2048_key, 0, DYNAMIC_TYPE_RSA_BUFFER);
-                    return MEMORY_E;
-                }
-                
-                info->wrapped_key_rsapub2048 =
-                (FSPSM_RSA2048_WPB_KEY*)XMALLOC(
-                    sizeof(FSPSM_RSA2048_WPB_KEY), NULL, 
-                                    DYNAMIC_TYPE_RSA_BUFFER);
-                    
-                if (info->wrapped_key_rsapub2048 == NULL) {
-                    XFREE(wrapped_pair2048_key, 0, DYNAMIC_TYPE_RSA_BUFFER);
-                    XFREE(info->wrapped_key_rsapub1024, 0, 
-                                    DYNAMIC_TYPE_RSA_BUFFER);
-                    return MEMORY_E;
-                }
-                /* copy generated key pair and free malloced key */
-                XMEMCPY(info->wrapped_key_rsapri2048, 
-                            &wrapped_pair2048_key->priv_key,
-                            sizeof(FSPSM_RSA2048_WPI_KEY));
-                XMEMCPY(info->wrapped_key_rsapub2048, 
-                            &wrapped_pair2048_key->pub_key,
-                            sizeof(FSPSM_RSA2048_WPB_KEY));
-                XFREE(wrapped_pair2048_key, 0, DYNAMIC_TYPE_RSA_BUFFER);
-                
-                info->keyflgs_crypt.bits.rsapri2048_installedkey_set = 1;
-                info->keyflgs_crypt.bits.rsapub2048_installedkey_set = 1;
-                
-            }
-        }
-        else {
-            WOLFSSL_MSG("Failed to generate key pair by SCE");
-            return CRYPTOCB_UNAVAILABLE;
-        }
-        
-        wc_fspsm_hw_unlock();
-    }
+        key->ctx.wrapped_pri2048_key = info->wrapped_key_rsapri2048;
+        key->ctx.wrapped_pub2048_key = info->wrapped_key_rsapub2048;
+        key->ctx.keySz = 2048;
+    } else
+        return CRYPTOCB_UNAVAILABLE;
+
+    return 0;
 }
 
-/* Perform rsa encryption/decryption by SCE
+/* Perform rsa encryption/decryption by FSP SM
  * Assumes to be called by Crypt Callback
  *
  * in     Buffer to hold plain text
@@ -189,14 +118,13 @@ WOLFSSL_LOCAL int wc_fspsm_MakeRsaKey(int size, void* ctx)
  * return FSP_SUCCESS(0) on Success, otherwise negative value
  */
 WOLFSSL_LOCAL int wc_fspsm_RsaFunction(const byte* in, word32 inLen, byte* out,
-                    word32 outLen, int type, struct RsaKey* key, 
-                    struct WC_RNG* rng, void* ctx)
+                    word32 *outLen, int type, struct RsaKey* key,
+                    struct WC_RNG* rng)
 {
     int ret;
     
     FSPSM_RSA_DATA plain;
     FSPSM_RSA_DATA cipher;
-    FSPSM_ST    *info = (FSPSM_ST*)ctx;
     
     int keySize;
     
@@ -204,79 +132,53 @@ WOLFSSL_LOCAL int wc_fspsm_RsaFunction(const byte* in, word32 inLen, byte* out,
     (void) rng;
     
     /* sanity check */
-    if (in == NULL || out == NULL || outLen == NULL ||
-                                            ctx == NULL){
+    if (in == NULL || out == NULL ||
+      ((key == NULL) && (key->ctx.keySz != 1024 && key->ctx.keySz != 2048))){
         return BAD_FUNC_ARG;
     }
     
-    keySize = 0;
-    if (info->keyflgs_crypt.bits.rsapri2048_installedkey_set == 1 ||
-        info->keyflgs_crypt.bits.rsapub2048_installedkey_set == 1 )
-        keySize = 2048;
-    else if (info->keyflgs_crypt.bits.rsapri1024_installedkey_set == 1 ||
-             info->keyflgs_crypt.bits.rsapub1024_installedkey_set == 1 )
-        keySize = 1024;
+    keySize = (int)key->ctx.keySz;
     
     if (keySize == 0) {
         WOLFSSL_MSG("keySize is invalid, neither 128 or 256 bytes, "
                                                         "1024 or 2048 bits.");
         return BAD_FUNC_ARG;
     }
-    
+
     if ((ret = wc_fspsm_hw_lock()) == 0) {
         if (type == RSA_PUBLIC_ENCRYPT) {
             
             plain.pdata = (byte*)in;
             plain.data_length = inLen;
             cipher.pdata = out;
-            cipher.data_length = outLen;
+            cipher.data_length = *outLen;
 
             if (keySize == 1024) {
-                if(info->keyflgs_crypt.bits.rsapub1024_installedkey_set == 1)
-                    ret = FSPSM_RSA1024_PKCSENC_FUNC(&plain, &cipher,
-                        (FSPSM_RSA1024_WPB_KEY*)
-                            info->wrapped_key_rsapub1024);
-                else {
-                    WOLFSSL_MSG("wrapped public 1024 bits key is not set.");
-                    return BAD_FUNC_ARG;
-                }
+               ret = FSPSM_RSA1024_PKCSENC_FUNC(&plain, &cipher,
+                            (FSPSM_RSA1024_WPB_KEY*)
+                                     key->ctx.wrapped_pub1024_key);
             }
             else {
-                if(info->keyflgs_crypt.bits.rsapub2048_installedkey_set == 1)
-                    ret = FSPSM_RSA2048_PKCSENC_FUNC(&plain, &cipher,
+               ret = FSPSM_RSA2048_PKCSENC_FUNC(&plain, &cipher,
                             (FSPSM_RSA2048_WPB_KEY*)
-                                info->wrapped_key_rsapub2048);
-                else {
-                    WOLFSSL_MSG("wrapped public 2048 bits key is not set.");
-                    return BAD_FUNC_ARG;
-                }
+                                    key->ctx.wrapped_pub2048_key);
             }
         }
         else if (type == RSA_PRIVATE_DECRYPT) {
             plain.pdata = out;
-            plain.data_length = outLen;
+            plain.data_length = *outLen;
             cipher.pdata = (byte*)in;
             cipher.data_length = inLen;
             
             if (keySize == 1024) {
-                if(info->keyflgs_crypt.bits.rsapri1024_installedkey_set == 1)
-                    ret = FSPSM_RSA1024_PKCSDEC_FUNC(&cipher, &plain,
+                ret = FSPSM_RSA1024_PKCSDEC_FUNC(&cipher, &plain,
                             (FSPSM_RSA1024_WPI_KEY*)
-                                info->wrapped_key_rsapri1024);
-                else {
-                    WOLFSSL_MSG("wrapped private 2048 bits key is not set.");
-                    return BAD_FUNC_ARG;
-                }
+                                key->ctx.wrapped_pri1024_key, &outLen);
             }
             else {
-                if(info->keyflgs_crypt.bits.rsapri2048_installedkey_set == 1)
-                    ret = FSPSM_RSA2048_PKCSDEC_FUNC(&cipher, &plain,
+                ret = FSPSM_RSA2048_PKCSDEC_FUNC(&cipher, &plain,
                             (FSPSM_RSA2048_WPI_KEY*)
-                                info->wrapped_key_rsapri2048);
-                else {
-                    WOLFSSL_MSG("wrapped private 2048 bits key is not set.");
-                    return BAD_FUNC_ARG;
-                }
+                                key->ctx.wrapped_pri2048_key, &outLen);
             }
         }
         
@@ -285,7 +187,7 @@ WOLFSSL_LOCAL int wc_fspsm_RsaFunction(const byte* in, word32 inLen, byte* out,
     return ret;
 }
 
-/* Perform Rsa sign by SCE
+/* Perform Rsa sign by FSP SM
  * Assumes to be called by Crypt Callback
  * 
  * in     Buffer to hold plaintext
@@ -307,49 +209,41 @@ WOLFSSL_LOCAL int wc_fspsm_RsaSign(const byte* in, word32 inLen, byte* out,
     FSPSM_ST    *info = (FSPSM_ST*)ctx;
     int keySize;
     
-    (void) key;
-    
     /* sanity check */
-    if (in == NULL || out == NULL || outLen == NULL ||
-                                key == NULL || ctx == NULL){
+    if (in == NULL || out == NULL || (word32*)outLen <= 0 || info == NULL ||
+      ((key == NULL) && (key->ctx.keySz != 1024 && key->ctx.keySz != 2048))){
         return BAD_FUNC_ARG;
     }
     
-    keySize = 0;
-    if (info->keyflgs_crypt.bits.rsapri2048_installedkey_set == 1 ||
-        info->keyflgs_crypt.bits.rsapub2048_installedkey_set == 1 )
-        keySize = 2048;
-    else if (info->keyflgs_crypt.bits.rsapri1024_installedkey_set == 1 ||
-             info->keyflgs_crypt.bits.rsapub1024_installedkey_set == 1 )
-        keySize = 1024;
-        
-    if (keySize == 0) {
-        WOLFSSL_MSG("keySize is invalid, neither 1024 or 2048 bits.");
-        return BAD_FUNC_ARG;
-    }
+    keySize = (int)key->ctx.keySz;
     
-    message_hash.pdata = in;
+    message_hash.pdata = (byte *)in;
     message_hash.data_length = inLen;
     message_hash.data_type = 
             info->keyflgs_crypt.bits.message_type;/* message 0, hash 1 */
     signature.pdata = out;
-    signature.data_length = outLen;
+    signature.data_length = (word32*)outLen;
+    
+    #if defined(WOLFSSL_RENESAS_RSIP)
+    message_hash.hash_type = signature.hash_type = 
+                info->hash_type;   /* hash type */
+    #endif
     
     if ((ret = wc_fspsm_hw_lock()) == 0) {
         if (keySize == 1024) {
             
-            ret = FSPSM_RSA1024_SIGN_FUNC(&message_hash, 
+            ret = FSPSM_RSA1024_SIGN_FUNC(&message_hash,
                         &signature,
                         (FSPSM_RSA1024_WPI_KEY *)
-                                    info->wrapped_key_rsapri1024,
+                                    key->ctx.wrapped_pri1024_key,
                         HW_SCE_RSA_HASH_SHA256);
         }
         else {
             
-            ret = FSPSM_RSA2048_SIGN_FUNC(&message_hash, 
+            ret = FSPSM_RSA2048_SIGN_FUNC(&message_hash,
                         &signature,
                         (FSPSM_RSA2048_WPI_KEY *)
-                                    info->wrapped_key_rsapri2048,
+                                    key->ctx.wrapped_pri2048_key,
                         HW_SCE_RSA_HASH_SHA256);
         }
         
@@ -359,7 +253,7 @@ WOLFSSL_LOCAL int wc_fspsm_RsaSign(const byte* in, word32 inLen, byte* out,
     return ret;
 }
 
-/* Perform Rsa verify by SCE
+/* Perform Rsa verify by FSP SM
  * Assumes to be called by Crypt Callback
  * 
  * in     Buffer to hold plaintext
@@ -384,51 +278,41 @@ WOLFSSL_LOCAL int wc_fspsm_RsaVerify(const byte* in, word32 inLen, byte* out,
     (void) key;
     
     /* sanity check */
-    if (in == NULL || out == NULL || outLen == NULL ||
-                                key == NULL || ctx == NULL){
+    if (in == NULL || out == NULL || (word32*)outLen <= 0 || info == NULL ||
+      ((key == NULL) && (key->ctx.keySz != 1024 && key->ctx.keySz != 2048))){
         return BAD_FUNC_ARG;
     }
     
-    keySize = 0;
-    if (info->keyflgs_crypt.bits.rsapri2048_installedkey_set == 1 ||
-        info->keyflgs_crypt.bits.rsapub2048_installedkey_set == 1 )
-        keySize = 2048;
-    else if (info->keyflgs_crypt.bits.rsapri1024_installedkey_set == 1 ||
-             info->keyflgs_crypt.bits.rsapub1024_installedkey_set == 1 )
-        keySize = 1024;
-        
-    if (keySize == 0) {
-        WOLFSSL_MSG("keySize is invalid, neither 1024 or 2048 bits.");
-        return BAD_FUNC_ARG;
-    }
+    keySize = (int)key->ctx.keySz;
     
     
-    message_hash.pdata = in;
+    message_hash.pdata =(byte*)in;
     message_hash.data_length = inLen;
     message_hash.data_type = 
             info->keyflgs_crypt.bits.message_type;/* message 0, hash 1 */
     
     signature.pdata = out;
-    signature.data_length = outLen;
+    signature.data_length = (word32*)outLen;
+    #if defined(WOLFSSL_RENESAS_RSIP)
+    message_hash.hash_type = signature.hash_type = 
+                info->hash_type;   /* hash type */
+    #endif
     
     if ((ret = wc_fspsm_hw_lock()) == 0) {
         if (keySize == 1024) {
-            
             ret = FSPSM_RSA1024_VRY_FUNC(&signature,
                   &message_hash,
                   (FSPSM_RSA1024_WPB_KEY *)
-                        info->wrapped_key_rsapub1024,
+                        key->ctx.wrapped_pub1024_key,
                   HW_SCE_RSA_HASH_SHA256);
         }
         else {
-            
                 ret = FSPSM_RSA2048_VRY_FUNC(&signature, 
                     &message_hash,
                     (FSPSM_RSA2048_WPB_KEY *)
-                         info->wrapped_key_rsapub2048,
+                         key->ctx.wrapped_pub2048_key,
                     HW_SCE_RSA_HASH_SHA256 );
         }
-        
         wc_fspsm_hw_unlock();
     }
     

wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c

@@ -30,12 +30,65 @@
 
 #include <wolfssl/wolfcrypt/logging.h>
 
-#if defined(WOLFSSL_RENESAS_FSPSM_TLS) || \
+#if defined(WOLFSSL_RENESAS_RSIP) || \
+    defined(WOLFSSL_RENESAS_FSPSM_TLS) || \
     defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
 
 #include <wolfssl/wolfcrypt/error-crypt.h>
 #include <wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h>
 
+#if defined(WOLFSSL_RENESAS_RSIP)
+extern FSPSM_INSTANCE   gFSPSM_ctrl;
+
+/* wrapper for RSIP SHA1 Init */
+static fsp_err_t _R_RSIP_SHA1_GenerateInit(FSPSM_SHA_HANDLE* h)
+{
+    return R_RSIP_SHA_GenerateInit(&gFSPSM_ctrl, h, RSIP_HASH_TYPE_SHA1 );
+}
+/* wrapper for RSIP SHA224 Init */
+static fsp_err_t _R_RSIP_SHA224_GenerateInit(FSPSM_SHA_HANDLE* h)
+{
+    return R_RSIP_SHA_GenerateInit(&gFSPSM_ctrl, h, RSIP_HASH_TYPE_SHA224 );
+}
+/* wrapper for RSIP SHA256 Init */
+static fsp_err_t _R_RSIP_SHA256_GenerateInit(FSPSM_SHA_HANDLE* h)
+{
+    return R_RSIP_SHA_GenerateInit(&gFSPSM_ctrl, h, RSIP_HASH_TYPE_SHA256 );
+}
+/* wrapper for RSIP SHA384 Init */
+static fsp_err_t _R_RSIP_SHA384_GenerateInit(FSPSM_SHA_HANDLE* h)
+{
+    return R_RSIP_SHA_GenerateInit(&gFSPSM_ctrl, h, RSIP_HASH_TYPE_SHA384 );
+}
+/* wrapper for RSIP SHA512 Init */
+static fsp_err_t _R_RSIP_SHA512_GenerateInit(FSPSM_SHA_HANDLE* h)
+{
+    return R_RSIP_SHA_GenerateInit(&gFSPSM_ctrl, h, RSIP_HASH_TYPE_SHA512 );
+}
+/* wrapper for RSIP SHA512_224 Init */
+static fsp_err_t _R_RSIP_SHA512_224_GenerateInit(FSPSM_SHA_HANDLE* h)
+{
+    return R_RSIP_SHA_GenerateInit(&gFSPSM_ctrl, h, RSIP_HASH_TYPE_SHA512_224 );
+}
+/* wrapper for RSIP SHA512_256 Init */
+static fsp_err_t _R_RSIP_SHA512_256_GenerateInit(FSPSM_SHA_HANDLE* h)
+{
+    return R_RSIP_SHA_GenerateInit(&gFSPSM_ctrl, h, RSIP_HASH_TYPE_SHA512_256 );
+}
+/* wrapper for RSIP SHA Update */
+static fsp_err_t _R_RSIP_SHA_GenerateUpdate(FSPSM_SHA_HANDLE* h,
+                                            uint8_t* m, uint32_t len)
+{
+    return R_RSIP_SHA_GenerateUpdate(&gFSPSM_ctrl, h, m, len );
+}
+/* wrapper for RSIP SHA Final */
+static fsp_err_t _R_RSIP_SHA_GenerateFinal(FSPSM_SHA_HANDLE* h,
+                                                uint8_t* d, uint32_t *sz)
+{
+    (void) sz;
+    return R_RSIP_SHA_GenerateFinal(&gFSPSM_ctrl, h, d);
+}
+#endif /* WOLFSSL_RENESAS_RSIP */
 /* Free up allocation for msg
  *
  * hash    The FSPSM Hash object.
@@ -137,11 +190,13 @@ static int FSPSM_HashUpdate(wolfssl_FSPSM_Hash* hash,
  */
 static int FSPSM_HashFinal(wolfssl_FSPSM_Hash* hash, byte* out, word32 outSz)
 {
-    int ret;
+    int ret = FSP_SUCCESS;
     void* heap;
     FSPSM_SHA_HANDLE handle;
     uint32_t sz;
 
+    (void) outSz;
+
     fsp_err_t (*Init)(FSPSM_SHA_HANDLE*);
     fsp_err_t (*Update)(FSPSM_SHA_HANDLE*, uint8_t*, uint32_t);
     fsp_err_t (*Final )(FSPSM_SHA_HANDLE*, uint8_t*, uint32_t*);
@@ -154,8 +209,33 @@ static int FSPSM_HashFinal(wolfssl_FSPSM_Hash* hash, byte* out, word32 outSz)
         Init = FSPSM_SHA256_Init;
         Update = FSPSM_SHA256_Up;
         Final = FSPSM_SHA256_Final;
-    }
-    else
+#if defined(WOLFSSL_RENESAS_RSIP)
+    } else if (hash->sha_type == FSPSM_SHA1) {
+        Init = FSPSM_SHA1_Init;
+        Update = FSPSM_SHA1_Up;
+        Final = FSPSM_SHA1_Final;
+    } else if (hash->sha_type == FSPSM_SHA224) {
+        Init = FSPSM_SHA224_Init;
+        Update = FSPSM_SHA224_Up;
+        Final = FSPSM_SHA224_Final;
+    } else if (hash->sha_type == FSPSM_SHA384) {
+        Init = FSPSM_SHA384_Init;
+        Update = FSPSM_SHA384_Up;
+        Final = FSPSM_SHA384_Final;
+    } else if (hash->sha_type == FSPSM_SHA512) {
+        Init = FSPSM_SHA512_Init;
+        Update = FSPSM_SHA512_Up;
+        Final = FSPSM_SHA512_Final;
+    } else if (hash->sha_type == FSPSM_SHA512_224) {
+        Init = FSPSM_SHA512_224_Init;
+        Update = FSPSM_SHA512_224_Up;
+        Final = FSPSM_SHA512_224_Final;
+    } else if (hash->sha_type == FSPSM_SHA512_256) {
+        Init = FSPSM_SHA512_256_Init;
+        Update = FSPSM_SHA512_256_Up;
+        Final = FSPSM_SHA512_256_Final;
+#endif
+    } else
         return BAD_FUNC_ARG;
 
     heap = hash->heap;
@@ -166,22 +246,32 @@ static int FSPSM_HashFinal(wolfssl_FSPSM_Hash* hash, byte* out, word32 outSz)
         ret = Update(&handle, (uint8_t*)hash->msg, hash->used);
         if (ret == FSP_SUCCESS) {
             ret = Final(&handle, out, (uint32_t*)&sz);
-            if (ret != FSP_SUCCESS || sz != outSz) {
-                return ret;
+            if (ret != FSP_SUCCESS
+            #if defined(WOLFSSL_RENESAS_SCEPROTECT)
+             || sz != outSz
+            #endif
+            ) {
+                WOLFSSL_MSG("Sha operation failed");
+                WOLFSSL_ERROR(WC_HW_E);
+                ret = WC_HW_E;
             }
         }
     }
     wc_fspsm_hw_unlock();
 
     FSPSM_HashFree(hash);
-    return FSPSM_HashInit(hash, heap, 0, hash->sha_type);
+    FSPSM_HashInit(hash, heap, 0, hash->sha_type);
+
+    return ret;
 }
 /* Hash operation to message and return a result */
 static int FSPSM_HashGet(wolfssl_FSPSM_Hash* hash, byte* out, word32 outSz)
 {
-    int ret;
+    int ret = FSP_SUCCESS;
     FSPSM_SHA_HANDLE handle;
-    uint32_t sz;
+    uint32_t sz = 0;
+
+    (void) outSz;
 
     fsp_err_t (*Init)(FSPSM_SHA_HANDLE*);
     fsp_err_t (*Update)(FSPSM_SHA_HANDLE*, uint8_t*, uint32_t);
@@ -195,8 +285,33 @@ static int FSPSM_HashGet(wolfssl_FSPSM_Hash* hash, byte* out, word32 outSz)
         Init = FSPSM_SHA256_Init;
         Update = FSPSM_SHA256_Up;
         Final = FSPSM_SHA256_Final;
-    }
-    else
+#if defined(WOLFSSL_RENESAS_RSIP)
+    } else if (hash->sha_type == FSPSM_SHA1) {
+        Init = FSPSM_SHA1_Init;
+        Update = FSPSM_SHA1_Up;
+        Final = FSPSM_SHA1_Final;
+    } else if (hash->sha_type == FSPSM_SHA224) {
+        Init = FSPSM_SHA224_Init;
+        Update = FSPSM_SHA224_Up;
+        Final = FSPSM_SHA224_Final;
+    } else if (hash->sha_type == FSPSM_SHA384) {
+        Init = FSPSM_SHA384_Init;
+        Update = FSPSM_SHA384_Up;
+        Final = FSPSM_SHA384_Final;
+    } else if (hash->sha_type == FSPSM_SHA512) {
+        Init = FSPSM_SHA512_Init;
+        Update = FSPSM_SHA512_Up;
+        Final = FSPSM_SHA512_Final;
+    } else if (hash->sha_type == FSPSM_SHA512_224) {
+        Init = FSPSM_SHA512_224_Init;
+        Update = FSPSM_SHA512_224_Up;
+        Final = FSPSM_SHA512_224_Final;
+    } else if (hash->sha_type == FSPSM_SHA512_256) {
+        Init = FSPSM_SHA512_256_Init;
+        Update = FSPSM_SHA512_256_Up;
+        Final = FSPSM_SHA512_256_Final;
+#endif
+    } else
         return BAD_FUNC_ARG;
 
     wc_fspsm_hw_lock();
@@ -205,15 +320,21 @@ static int FSPSM_HashGet(wolfssl_FSPSM_Hash* hash, byte* out, word32 outSz)
         ret = Update(&handle, (uint8_t*)hash->msg, hash->used);
         if (ret == FSP_SUCCESS) {
             ret = Final(&handle, out, &sz);
-            if (ret != FSP_SUCCESS || sz != outSz) {
-                return ret;
+            if (ret != FSP_SUCCESS
+            #if defined(WOLFSSL_RENESAS_SCEPROTECT)
+             || sz != outSz
+            #endif
+            ) {
+                WOLFSSL_MSG("Sha operation failed");
+                WOLFSSL_ERROR(WC_HW_E);
+                ret = WC_HW_E;
             }
         }
     }
 
     wc_fspsm_hw_unlock();
 
-    return 0;
+    return ret;
 }
 /* copy hash result from src to dst */
 static int FSPSM_HashCopy(wolfssl_FSPSM_Hash* src, wolfssl_FSPSM_Hash* dst)
@@ -235,7 +356,71 @@ static int FSPSM_HashCopy(wolfssl_FSPSM_Hash* src, wolfssl_FSPSM_Hash* dst)
     return 0;
 }
 
+#if !defined(NO_SHA) && defined(WOLFSSL_RENESAS_RSIP) && \
+    !defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH)
+#include <wolfssl/wolfcrypt/sha.h>
+
+int wc_InitSha_ex(wc_Sha* sha, void* heap, int devId)
+{
+    return FSPSM_HashInit(sha, heap, devId, FSPSM_SHA1);
+}
+
+int wc_ShaUpdate(wc_Sha* sha, const byte* in, word32 sz)
+{
+    return FSPSM_HashUpdate(sha, in, sz);
+}
+
+int wc_ShaFinal(wc_Sha* sha, byte* hash)
+{
+    return FSPSM_HashFinal(sha, hash, WC_SHA_DIGEST_SIZE);
+}
+
+int wc_ShaGetHash(wc_Sha* sha, byte* hash)
+{
+    return FSPSM_HashGet(sha, hash, WC_SHA_DIGEST_SIZE);
+}
+
+int wc_ShaCopy(wc_Sha* src, wc_Sha* dst)
+{
+    return FSPSM_HashCopy(src, dst);
+}
+#endif /* !NO_SHA && WOLFSSL_RENESAS_RSIP*/
+
+#if defined(WOLFSSL_SHA224) && defined(WOLFSSL_RENESAS_RSIP) && \
+    !defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH)
+#include <wolfssl/wolfcrypt/sha256.h>
+
+/* WolfCrypt wrapper function for RX64 SHA224 Init */
+int wc_InitSha224_ex(wc_Sha224* sha, void* heap, int devId)
+{
+    return FSPSM_HashInit(sha, heap, devId, FSPSM_SHA224);
+}
+/* WolfCrypt wrapper function for RX64 SHA224 Update */
+int wc_Sha224Update(wc_Sha224* sha, const byte* in, word32 sz)
+{
+    return FSPSM_HashUpdate(sha, in, sz);
+}
+/* WolfCrypt wrapper function for RX64 SHA224 Final */
+int wc_Sha224Final(wc_Sha224* sha, byte* hash)
+{
+    return FSPSM_HashFinal(sha, hash, WC_SHA224_DIGEST_SIZE);
+}
+/* WolfCrypt wrapper function for RX64 SHA224 Get */
+int wc_Sha224GetHash(wc_Sha224* sha, byte* hash)
+{
+    return FSPSM_HashGet(sha, hash, WC_SHA224_DIGEST_SIZE);
+}
+/* WolfCrypt wrapper function for RX64 SHA224 Copy */
+int wc_Sha224Copy(wc_Sha224* src, wc_Sha224* dst)
+{
+    return FSPSM_HashCopy(src, dst);
+}
+#endif /* WOLFSSL_SHA224 */
+
 #if !defined(NO_SHA256)
+#if (defined(WOLFSSL_RENESAS_SCEPROTECT) || \
+    defined(WOLFSSL_RENESAS_RSIP)) && \
+    !defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH)
 #include <wolfssl/wolfcrypt/sha256.h>
 
 /*  wrapper for wc_InitSha256_ex */
@@ -264,5 +449,125 @@ int wc_Sha256Copy(wc_Sha256* src, wc_Sha256* dst)
     return FSPSM_HashCopy(src, dst);
 }
 #endif /* !NO_SHA256 */
+#endif /* WOLFSSL_RENESAS_SCEPROTECT) || \
+        * WOLFSSL_RENESAS_RSIP */
+
+#if defined(WOLFSSL_SHA384) && defined(WOLFSSL_RENESAS_RSIP) && \
+    !defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH)
+#include <wolfssl/wolfcrypt/sha512.h>
+/*  wrapper for wc_InitSha384_ex */
+int wc_InitSha384_ex(wc_Sha384* sha, void* heap, int devid)
+{
+    return FSPSM_HashInit(sha, heap, devid, FSPSM_SHA384);
+}
+/*  wrapper for wc_InitSha384_ex */
+int wc_Sha384Update(wc_Sha384* sha, const byte* in, word32 sz)
+{
+    return FSPSM_HashUpdate(sha, in, sz);
+}
+/*  wrapper for wc_Sha384Final */
+int wc_Sha384Final(wc_Sha384* sha, byte* hash)
+{
+    return FSPSM_HashFinal(sha, hash, WC_SHA384_DIGEST_SIZE);
+}
+/*  wrapper for wc_Sha384GetHash */
+int wc_Sha384GetHash(wc_Sha384* sha, byte* hash)
+{
+    return FSPSM_HashGet(sha, hash, WC_SHA384_DIGEST_SIZE);
+}
+/*  wrapper for wc_Sha384Copy */
+int wc_Sha384Copy(wc_Sha384* src, wc_Sha384* dst)
+{
+    return FSPSM_HashCopy(src, dst);
+}
+#endif /* WOLFSSL_SHA384 */
+
+#if defined(WOLFSSL_SHA512) && defined(WOLFSSL_RENESAS_RSIP) && \
+    !defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH)
+#include <wolfssl/wolfcrypt/sha512.h>
+
+/*  wrapper for wc_InitSha512_ex */
+int wc_InitSha512_ex(wc_Sha512* sha, void* heap, int devid)
+{
+    return FSPSM_HashInit(sha, heap, devid, FSPSM_SHA512);
+}
+
+/*  wrapper for wc_Sha512Update */
+int wc_Sha512Update(wc_Sha512* sha, const byte* in, word32 sz)
+{
+    return FSPSM_HashUpdate(sha, in, sz);
+}
+
+/*  wrapper for wc_Sha512Final */
+int wc_Sha512Final(wc_Sha512* sha, byte* hash)
+{
+    return FSPSM_HashFinal(sha, hash, WC_SHA512_DIGEST_SIZE);
+}
+/*  wrapper for wc_Sha512GetHash */
+int wc_Sha512GetHash(wc_Sha512* sha, byte* hash)
+{
+   return FSPSM_HashGet(sha, hash, WC_SHA512_DIGEST_SIZE);
+}
+/*  wrapper for wc_Sha512Copy */
+int wc_Sha512Copy(wc_Sha512* src, wc_Sha512* dst)
+{
+    return FSPSM_HashCopy(src, dst);
+}
+
+#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
+#if !defined(WOLFSSL_NOSHA512_224) && \
+    (defined(WOLFSSL_RENESAS_RSIP) && \
+    !defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH))
+
+/* create KCAPI handle for SHA512 operation */
+int wc_InitSha512_224_ex(wc_Sha512* sha, void* heap, int devid)
+{
+    return FSPSM_HashInit(sha, heap, devid, FSPSM_SHA512_224);
+}
+
+int wc_Sha512_224Final(wc_Sha512* sha, byte* hash)
+{
+    return FSPSM_HashFinal(sha, hash, WC_SHA512_224_DIGEST_SIZE);
+}
+int wc_Sha512_224GetHash(wc_Sha512* sha, byte* hash)
+{
+    return FSPSM_HashGet(sha, hash, WC_SHA512_224_DIGEST_SIZE);
+}
+
+int wc_Sha512_224Copy(wc_Sha512* src, wc_Sha512* dst)
+{
+    return FSPSM_HashCopy(src, dst);
+}
+#endif /* !WOLFSSL_NOSHA512_224 */
+
+#if !defined(WOLFSSL_NOSHA512_256) && \
+    (defined(WOLFSSL_RENESAS_RSIP) && \
+    !defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH))
+
+/* create KCAPI handle for SHA512 operation */
+int wc_InitSha512_256_ex(wc_Sha512* sha, void* heap, int devid)
+{
+    return FSPSM_HashInit(sha, heap, devid, FSPSM_SHA512_256);
+}
+
+int wc_Sha512_256Final(wc_Sha512* sha, byte* hash)
+{
+    return FSPSM_HashFinal(sha, hash, WC_SHA512_256_DIGEST_SIZE);
+}
+int wc_Sha512_256GetHash(wc_Sha512* sha, byte* hash)
+{
+    return FSPSM_HashGet(sha, hash, WC_SHA512_224_DIGEST_SIZE);
+}
+
+int wc_Sha512_256Copy(wc_Sha512* src, wc_Sha512* dst)
+{
+    return FSPSM_HashCopy(src, dst);
+}
+#endif /* !WOLFSSL_NOSHA512_256 */
+#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
+
+#endif /* WOLFSSL_SHA512 */
+
+
 #endif /* WOLFSSL_RENESAS_FSPSM_TLS */
 #endif /* #if !defined(NO_SHA) || !defined(NO_SHA256) */

wolfcrypt/src/port/Renesas/renesas_fspsm_util.c

@@ -20,9 +20,17 @@
  */
 #include <wolfssl/wolfcrypt/types.h>
 
-#if defined(WOLFSSL_RENESAS_FSPSM_TLS) || \
-    defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
 
+#if defined(WOLFSSL_RENESAS_RSIP) || \
+    defined(WOLFSSL_RENESAS_SCEPROTECT)
+
+#include <wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-types.h>
+
+/* expect to have these variables defined at user application */
+extern FSPSM_INSTANCE   gFSPSM_ctrl;
+extern FSPSM_CONFIG     gFSPSM_cfg;
+
+#if defined(WOLFSSL_RENESAS_FSPSM)
 
 #include <wolfssl/wolfcrypt/wc_port.h>
 #include <wolfssl/wolfcrypt/error-crypt.h>
@@ -47,9 +55,6 @@
 WOLFSSL_GLOBAL FSPSM_ST_PKC gPKCbInfo;
 #endif
 
-/* expect to have these variables defined at user application */
-extern FSPSM_INSTANCE   gFSPSM_ctrl;
-extern FSPSM_CONFIG     gFSPSM_cfg;
 
 #ifdef WOLFSSL_RENESAS_FSPSM_TLS
 static const byte*  ca_cert_sig;
@@ -57,11 +62,14 @@ static fspsm_key_data g_user_key_info;
 
 static uint32_t     g_encrypted_publicCA_key[HW_SCE_SINST_WORD_SIZE];
 extern uint32_t     g_CAscm_Idx;          /* index of CM table    */
+static uint32_t     fspsm_sess_idx = 0;
 #endif
 
+#endif /* WOLFSSL_RENESAS_FSPSM*/
+
 wolfSSL_Mutex       fspsm_mutex;
 static int          fspsm_CryptHwMutexInit_ = 0;
-static uint32_t     fspsm_sess_idx = 0;
+
 
 /* Mutex Init */
 static int fspsm_CryptHwMutexInit(wolfSSL_Mutex* mutex)
@@ -175,7 +183,8 @@ WOLFSSL_LOCAL void wc_fspsm_Close()
     }
 }
 
-#ifdef WOLFSSL_RENESAS_FSPSM_TLS
+#if defined(WOLFSSL_RENESAS_FSPSM) && \
+    defined(WOLFSSL_RENESAS_FSPSM_TLS)
 
 #if defined(WOLFSSL_RENESAS_FSPSM_ECC)
 /* Verify Server Key Exchange while doing ECDH key exchange */
@@ -346,6 +355,9 @@ WOLFSSL_LOCAL int wc_fspsm_EccVerifyTLS(WOLFSSL* ssl, const uint8_t* sig,
     return ret;
 }
 
+#if defined(WOLFSSL_RENESAS_FSPSM_TLS) || \
+    defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
+    
 /* Callback for ECC shared secret */
 WOLFSSL_LOCAL int fspsm_EccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey,
         uint8_t* pubKeyDer, unsigned int* pubKeySz,
@@ -1185,3 +1197,4 @@ WOLFSSL_API int wc_fspsm_set_callback_ctx(WOLFSSL* ssl, void* user_ctx)
 #endif /*  !WOLFSSL_RENESAS_FSPSM_CRYPTONLY */
 
 #endif /* WOLFSSL_RENESAS_FSPSM_TLS || WOLFSSL_RENESAS_FSPSM_CRYPTONLY */
+#endif /* WOLFSSL_RENESAS_FSPSM) &&  WOLFSSL_RENESAS_FSPSM_TLS */

wolfcrypt/src/random.c

@@ -3476,7 +3476,15 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
     }
 #elif defined(WOLFSSL_RENESAS_FSPSM) || \
           defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
+
+   #if defined(WOLFSSL_RENESAS_SCEPROTECT)
     #include "r_sce.h"
+    #define R_RANDOM_GEN(b) R_SCE_RandomNumberGenerate(b)
+   #elif defined(WOLFSSL_RENESAS_RSIP)
+    #include "r_rsip.h"
+    extern rsip_ctrl_t rsip_ctrl;
+    #define R_RANDOM_GEN(b) R_RSIP_RandomNumberGenerate(&rsip_ctrl,b)
+   #endif
 
     int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
     {
@@ -3490,7 +3498,7 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
                 len = sz;
             }
             /* return 4 words random number*/
-            ret = R_SCE_RandomNumberGenerate(buffer);
+            ret = R_RANDOM_GEN(buffer);
             if(ret == FSP_SUCCESS) {
                 XMEMCPY(output, &buffer, len);
                 output += len;

wolfcrypt/src/rsa.c

@@ -235,6 +235,14 @@ int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId)
     key->handle = NULL;
 #endif
 
+
+#if defined(WOLFSSL_RENESAS_FSPSM)
+    key->ctx.wrapped_pri1024_key = NULL;
+    key->ctx.wrapped_pub1024_key = NULL;
+    key->ctx.wrapped_pri2048_key = NULL;
+    key->ctx.wrapped_pub2048_key = NULL;
+    key->ctx.keySz = 0;
+#endif
     return ret;
 }
 
@@ -589,6 +597,11 @@ int wc_FreeRsaKey(RsaKey* key)
     wc_MemZero_Check(key, sizeof(RsaKey));
 #endif
 
+#if defined(WOLFSSL_RENESAS_FSPSM_TLS) || \
+    defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
+    wc_fspsm_RsaKeyFree(key);
+#endif
+
     return ret;
 }
 

wolfcrypt/src/sha.c

@@ -308,6 +308,11 @@
 
     /* implemented in wolfcrypt/src/port/Renesas/renesas_tsip_sha.c */
 
+#elif defined(WOLFSSL_RENESAS_RSIP) && \
+     !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH)
+
+    /* implemented in wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c */
+
 #elif defined(WOLFSSL_IMXRT_DCP)
     #include <wolfssl/wolfcrypt/port/nxp/dcp_port.h>
     /* implemented in wolfcrypt/src/port/nxp/dcp_port.c */
@@ -886,6 +891,8 @@ void wc_ShaFree(wc_Sha* sha)
 #if (defined(WOLFSSL_RENESAS_TSIP_TLS) || \
      defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)) && \
     !defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH) || \
+    (defined(WOLFSSL_RENESAS_RSIP) && \
+    !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH)) || \
     defined(WOLFSSL_RENESAS_RX64_HASH)
     if (sha->msg != NULL) {
         XFREE(sha->msg, sha->heap, DYNAMIC_TYPE_TMP_BUFFER);
@@ -902,9 +909,11 @@ void wc_ShaFree(wc_Sha* sha)
 
 #if !defined(WOLFSSL_TI_HASH) && !defined(WOLFSSL_IMXRT_DCP)
 
-#if (!defined(WOLFSSL_RENESAS_TSIP_TLS) && \
+#if ((!defined(WOLFSSL_RENESAS_TSIP_TLS) && \
      !defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)) || \
-    defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH)
+    defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH)) && \
+    (!defined(WOLFSSL_RENESAS_RSIP) || \
+      defined(NO_WOLFSSL_RENESAS_FSPSM_HASH))
 #if !defined(WOLFSSL_RENESAS_RX64_HASH)
 
 #if !defined(WOLFSSL_HAVE_PSA) || defined(WOLFSSL_PSA_NO_HASH)

wolfcrypt/src/sha256.c

@@ -176,8 +176,8 @@ on the specific device platform.
      defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH)) && \
     !defined(WOLFSSL_PSOC6_CRYPTO) && !defined(WOLFSSL_IMXRT_DCP) && !defined(WOLFSSL_SILABS_SE_ACCEL) && \
     !defined(WOLFSSL_KCAPI_HASH) && !defined(WOLFSSL_SE050_HASH) && \
-    ((!defined(WOLFSSL_RENESAS_FSPSM_TLS) && \
-      !defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)) \
+    ((!defined(WOLFSSL_RENESAS_SCEPROTECT) && \
+      !defined(WOLFSSL_RENESAS_RSIP)) \
       || defined(NO_WOLFSSL_RENESAS_FSPSM_HASH)) && \
     (!defined(WOLFSSL_HAVE_PSA) || defined(WOLFSSL_PSA_NO_HASH)) && \
     !defined(WOLFSSL_RENESAS_RX64_HASH)
@@ -757,8 +757,8 @@ static int InitSha256(wc_Sha256* sha256)
 
     /* implemented in wolfcrypt/src/port/Renesas/renesas_tsip_sha.c */
 
-#elif defined(WOLFSSL_RENESAS_SCEPROTECT) && \
-     !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH)
+#elif (defined(WOLFSSL_RENESAS_SCEPROTECT) || defined(WOLFSSL_RENESAS_RSIP)) \
+     && !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH)
 
     /* implemented in wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c */
 
@@ -1513,6 +1513,11 @@ static int InitSha256(wc_Sha256* sha256)
 
 /* implemented in wolfcrypt/src/port/Renesas/renesas_rx64_hw_sha.c */
 
+#elif defined(WOLFSSL_RENESAS_RSIP) && \
+     !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH)
+
+    /* implemented in wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c */
+
 #else
 
     #define NEED_SOFT_SHA224
@@ -1708,7 +1713,9 @@ static int InitSha256(wc_Sha256* sha256)
     #if defined(WOLFSSL_KCAPI_HASH)
         KcapiHashFree(&sha224->kcapi);
     #endif
-    #if defined(WOLFSSL_RENESAS_RX64_HASH)
+    #if defined(WOLFSSL_RENESAS_RX64_HASH) || \
+        (defined(WOLFSSL_RENESAS_RSIP) && \
+        !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH))
         if (sha224->msg != NULL) {
             ForceZero(sha224->msg, sha224->len);
             XFREE(sha224->msg, sha224->heap, DYNAMIC_TYPE_TMP_BUFFER);
@@ -1771,7 +1778,7 @@ void wc_Sha256Free(wc_Sha256* sha256)
     ((defined(WOLFSSL_RENESAS_TSIP_TLS) || \
       defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)) && \
     !defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH)) || \
-    (defined(WOLFSSL_RENESAS_SCEPROTECT) && \
+    ((defined(WOLFSSL_RENESAS_SCEPROTECT) || defined(WOLFSSL_RENESAS_RSIP)) && \
     !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH)) || \
     defined(WOLFSSL_RENESAS_RX64_HASH) || \
     defined(WOLFSSL_HASH_KEEP)
@@ -1847,7 +1854,9 @@ int wc_Sha224_Grow(wc_Sha224* sha224, const byte* in, int inSz)
 
 
 #ifndef WOLFSSL_TI_HASH
-#if !defined(WOLFSSL_RENESAS_RX64_HASH)
+#if !defined(WOLFSSL_RENESAS_RX64_HASH) && \
+    (!defined(WOLFSSL_RENESAS_RSIP) || \
+      defined(NO_WOLFSSL_RENESAS_FSPSM_HASH))
 #ifdef WOLFSSL_SHA224
 
 #if defined(WOLFSSL_KCAPI_HASH) && !defined(WOLFSSL_NO_KCAPI_SHA224)
@@ -1968,10 +1977,10 @@ int wc_Sha224_Grow(wc_Sha224* sha224, const byte* in, int inSz)
 
     /* implemented in wolfcrypt/src/port/Renesas/renesas_tsip_sha.c */
 
-#elif defined(WOLFSSL_RENESAS_SCEPROTECT) && \
-     !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH)
+#elif (defined(WOLFSSL_RENESAS_SCEPROTECT) || defined(WOLFSSL_RENESAS_RSIP))\
+     && !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH)
 
-    /* implemented in wolfcrypt/src/port/Renesas/renesas_sce_sha.c */
+    /* implemented in wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c */
 
 #elif defined(WOLFSSL_PSOC6_CRYPTO)
     /* implemented in wolfcrypt/src/port/cypress/psoc6_crypto.c */

wolfcrypt/src/sha512.c

@@ -136,6 +136,10 @@
 #elif defined(WOLFSSL_KCAPI_HASH)
     /* functions defined in wolfcrypt/src/port/kcapi/kcapi_hash.c */
 
+#elif defined(WOLFSSL_RENESAS_RSIP) && \
+     !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH)
+    /* functions defined in wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c */
+
 #elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
     int wc_InitSha512(wc_Sha512* sha512)
     {
@@ -896,6 +900,9 @@ int wc_Sha512Update(wc_Sha512* sha512, const byte* data, word32 len)
 
 #if defined(WOLFSSL_KCAPI_HASH)
     /* functions defined in wolfcrypt/src/port/kcapi/kcapi_hash.c */
+#elif defined(WOLFSSL_RENESAS_RSIP) && \
+   !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH)
+    /* functions defined in wolfcrypt/src/port/renesas/renesas_fspsm_sha.c */
 #elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
 
 #else
@@ -1032,6 +1039,10 @@ static WC_INLINE int Sha512Final(wc_Sha512* sha512)
     /* functions defined in wolfcrypt/src/port/kcapi/kcapi_hash.c */
 #elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
 
+#elif defined(WOLFSSL_RENESAS_RSIP) && \
+     !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH)
+    /* functions defined in wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c */
+
 #else
 
 static int Sha512FinalRaw(wc_Sha512* sha512, byte* hash, size_t digestSz)
@@ -1136,7 +1147,9 @@ void wc_Sha512Free(wc_Sha512* sha512)
     KcapiHashFree(&sha512->kcapi);
 #endif
 
-#if defined(WOLFSSL_HASH_KEEP)
+#if defined(WOLFSSL_HASH_KEEP) || \
+    (defined(WOLFSSL_RENESAS_RSIP) && \
+    !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH))
     if (sha512->msg != NULL) {
         ForceZero(sha512->msg, sha512->len);
         XFREE(sha512->msg, sha512->heap, DYNAMIC_TYPE_TMP_BUFFER);
@@ -1254,6 +1267,10 @@ int wc_Sha512Transform(wc_Sha512* sha, const unsigned char* data)
 #elif defined(WOLFSSL_KCAPI_HASH)
     /* functions defined in wolfcrypt/src/port/kcapi/kcapi_hash.c */
 
+#elif defined(WOLFSSL_RENESAS_RSIP) && \
+     !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH)
+    /* functions defined in wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c */
+
 #else
 
 static int InitSha384(wc_Sha384* sha384)
@@ -1461,7 +1478,8 @@ void wc_Sha384Free(wc_Sha384* sha384)
     KcapiHashFree(&sha384->kcapi);
 #endif
 
-#if defined(WOLFSSL_HASH_KEEP)
+#if defined(WOLFSSL_HASH_KEEP) || \
+    (defined(WOLFSSL_RENESAS_RSIP) && !defined(NO_WOLFSSL_RENESAS_HASH))
     if (sha384->msg != NULL) {
         ForceZero(sha384->msg, sha384->len);
         XFREE(sha384->msg, sha384->heap, DYNAMIC_TYPE_TMP_BUFFER);
@@ -1494,6 +1512,10 @@ void wc_Sha384Free(wc_Sha384* sha384)
 #if defined(WOLFSSL_KCAPI_HASH)
     /* functions defined in wolfcrypt/src/port/kcapi/kcapi_hash.c */
 
+#elif defined(WOLFSSL_RENESAS_RSIP) && \
+     !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH)
+    /* functions defined in wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c */
+
 #else
 
 static int Sha512_Family_GetHash(wc_Sha512* sha512, byte* hash,
@@ -1617,6 +1639,10 @@ int wc_Sha512_224Update(wc_Sha512* sha, const byte* data, word32 len)
 
 #if defined(WOLFSSL_KCAPI_HASH)
     /* functions defined in wolfcrypt/src/port/kcapi/kcapi_hash.c */
+#elif defined(WOLFSSL_RENESAS_RSIP) && \
+     !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH)
+    /* functions defined in wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c */
+
 #elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
 
 #else
@@ -1641,6 +1667,9 @@ void wc_Sha512_224Free(wc_Sha512* sha)
     /* functions defined in wolfcrypt/src/port/kcapi/kcapi_hash.c */
 #elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
 
+#elif defined(WOLFSSL_RENESAS_RSIP) && \
+     !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH)
+    /* functions defined in wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c */
 
 #else
 int wc_Sha512_224GetHash(wc_Sha512* sha512, byte* hash)
@@ -1689,6 +1718,10 @@ int wc_Sha512_256Update(wc_Sha512* sha, const byte* data, word32 len)
 }
 #if defined(WOLFSSL_KCAPI_HASH)
     /* functions defined in wolfcrypt/src/port/kcapi/kcapi_hash.c */
+#elif defined(WOLFSSL_RENESAS_RSIP) && \
+     !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH)
+    /* functions defined in wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c */
+
 #elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
 
 #else
@@ -1711,6 +1744,9 @@ void wc_Sha512_256Free(wc_Sha512* sha)
 
 #if defined(WOLFSSL_KCAPI_HASH)
     /* functions defined in wolfcrypt/src/port/kcapi/kcapi_hash.c */
+#elif defined(WOLFSSL_RENESAS_RSIP) && \
+     !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH)
+    /* functions defined in wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c */
 
 #else
 int wc_Sha512_256GetHash(wc_Sha512* sha512, byte* hash)
@@ -1750,7 +1786,9 @@ int wc_Sha512_256Transform(wc_Sha512* sha, const unsigned char* data)
 
 #if defined(WOLFSSL_KCAPI_HASH)
     /* functions defined in wolfcrypt/src/port/kcapi/kcapi_hash.c */
-
+#elif defined(WOLFSSL_RENESAS_RSIP) && \
+     !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH)
+    /* functions defined in wolfcrypt/src/port/renesas/renesas_fspsm_sha.c */
 #else
 
 int wc_Sha384GetHash(wc_Sha384* sha384, byte* hash)

wolfcrypt/test/test.c

@@ -346,6 +346,9 @@ const byte const_byte_array[] = "A+Gd\0\0\0";
     #ifdef HAVE_CAVIUM_OCTEON_SYNC
         #include <wolfssl/wolfcrypt/port/cavium/cavium_octeon_sync.h>
     #endif
+    #ifdef HAVE_RENESAS_SYNC
+        #include <wolfssl/wolfcrypt/port/renesas/renesas_sync.h>
+    #endif
 #endif
 
 #ifdef _MSC_VER
@@ -402,6 +405,7 @@ const byte const_byte_array[] = "A+Gd\0\0\0";
 #endif
 
 #if defined(WOLFSSL_RENESAS_TSIP) || defined(WOLFSSL_RENESAS_SCEPROTECT) || \
+    defined(WOLFSSL_RENESAS_RSIP) || \
     defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY) || \
     defined(WOLFSSL_SECO_CAAM)
     #define HASH_SIZE_LIMIT
@@ -1005,6 +1009,12 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
         printf("Couldn't init the Cavium Octeon\n");
     }
 #endif
+#ifdef HAVE_RENESAS_SYNC
+    devId = wc_CryptoCb_CryptInitRenesasCmn(NULL, &guser_PKCbInfo);
+    if (devId == INVALID_DEVID) {
+        printf("Couldn't get the Renesas device ID\n");
+    }
+#endif
 #endif
 
 #if defined(WOLF_CRYPTO_CB) && !defined(HAVE_HASHDRBG) && \
@@ -1289,7 +1299,8 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
 #endif
 
 #if defined(HAVE_AESGCM) && defined(WOLFSSL_AES_128) && \
-   !defined(WOLFSSL_AFALG_XILINX_AES) && !defined(WOLFSSL_XILINX_CRYPT)
+   !defined(WOLFSSL_AFALG_XILINX_AES) && !defined(WOLFSSL_XILINX_CRYPT) && \
+   !defined(WOLFSSL_RENESAS_FSPSM)
     if ( (ret = gmac_test()) != 0)
         TEST_FAIL("GMAC     test failed!\n", ret);
     else
@@ -1365,14 +1376,15 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
     else
         TEST_PASS("AES      test passed!\n");
 
-#ifdef WOLFSSL_AES_192
+#if defined(WOLFSSL_AES_192)  && \
+   !defined(WOLFSSL_RENESAS_FSPSM)
     if ( (ret = aes192_test()) != 0)
         TEST_FAIL("AES192   test failed!\n", ret);
     else
         TEST_PASS("AES192   test passed!\n");
 #endif
 
-#ifdef WOLFSSL_AES_256
+#if defined(WOLFSSL_AES_256)
     if ( (ret = aes256_test()) != 0)
         TEST_FAIL("AES256   test failed!\n", ret);
     else
@@ -1392,6 +1404,7 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
         TEST_FAIL("AES-GCM  test failed!\n", ret);
     #endif
     #if !defined(WOLFSSL_AFALG_XILINX_AES) && !defined(WOLFSSL_XILINX_CRYPT) && \
+        !defined(WOLFSSL_RENESAS_FSPSM) && \
         !defined(WOLFSSL_KCAPI_AES) && !(defined(WOLF_CRYPTO_CB) && \
             (defined(HAVE_INTEL_QA_SYNC) || defined(HAVE_CAVIUM_OCTEON_SYNC)))
     if ((ret = aesgcm_default_test()) != 0) {
@@ -1454,7 +1467,7 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
         TEST_PASS("SM-4     test passed!\n");
 #endif
 
-#if !defined(NO_RSA)
+#if !defined(NO_RSA) && !defined(HAVE_RENESAS_SYNC)
     #ifdef WC_RSA_NO_PADDING
     if ( (ret = rsa_no_pad_test()) != 0)
         TEST_FAIL("RSA NOPAD test failed!\n", ret);
@@ -1754,7 +1767,7 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
 
 #if defined(WOLF_CRYPTO_CB) && \
     !(defined(HAVE_INTEL_QAT_SYNC) || defined(HAVE_CAVIUM_OCTEON_SYNC) || \
-      defined(WOLFSSL_QNX_CAAM))
+      defined(WOLFSSL_QNX_CAAM) || defined(HAVE_RENESAS_SYNC))
     if ( (ret = cryptocb_test()) != 0)
         TEST_FAIL("crypto callback test failed!\n", ret);
     else
@@ -2696,7 +2709,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha_test(void)
     /* BEGIN LARGE HASH TEST */ {
     byte large_input[1024];
 #if defined(WOLFSSL_RENESAS_TSIP) || defined(WOLFSSL_RENESAS_SCEPROTECT) || \
-    defined(HASH_SIZE_LIMIT)
+    defined(WOLFSSL_RENESAS_RSIP) || defined(HASH_SIZE_LIMIT)
     const char* large_digest =
             "\x1d\x6a\x5a\xf6\xe5\x7c\x86\xce\x7f\x7c\xaf\xd5\xdb\x08\xcd\x59"
             "\x15\x8c\x6d\xb6";
@@ -2709,7 +2722,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha_test(void)
         large_input[i] = (byte)(i & 0xFF);
     }
 #if defined(WOLFSSL_RENESAS_TSIP) || defined(WOLFSSL_RENESAS_SCEPROTECT) || \
-    defined(HASH_SIZE_LIMIT)
+    defined(WOLFSSL_RENESAS_RSIP) || defined(HASH_SIZE_LIMIT)
     times = 20;
 #else
     times = 100;
@@ -10734,8 +10747,13 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_test(void)
         0x95,0x94,0x92,0x57,0x5f,0x42,0x81,0x53,
         0x2c,0xcc,0x9d,0x46,0x77,0xa2,0x33,0xcb
     };
-
-    WOLFSSL_SMALL_STACK_STATIC const byte key[] = "0123456789abcdef   ";  /* align */
+    #ifdef HAVE_RENESAS_SYNC
+        const byte *key =
+                (byte*)guser_PKCbInfo.wrapped_key_aes128;
+    #else
+        WOLFSSL_SMALL_STACK_STATIC const
+            byte key[] = "0123456789abcdef   ";  /* align */
+    #endif
     WOLFSSL_SMALL_STACK_STATIC const byte iv[]  = "1234567890abcdef   ";  /* align */
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
@@ -10788,8 +10806,11 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_test(void)
     if (XMEMCMP(plain, msg, AES_BLOCK_SIZE))
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 #endif /* HAVE_AES_DECRYPT */
+    /* skipped because wrapped key use in case of renesas sm */
+    #ifndef HAVE_RENESAS_SYNC
     if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE))
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+    #endif
 #endif /* WOLFSSL_AES_128 */
 
 #if defined(WOLFSSL_AESNI) && defined(HAVE_AES_DECRYPT)
@@ -10920,7 +10941,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_test(void)
 #endif /* WOLFSSL_AESNI && HAVE_AES_DECRYPT */
 
     /* Test of AES IV state with encrypt/decrypt */
-#ifdef WOLFSSL_AES_128
+#if defined(WOLFSSL_AES_128) && !defined(HAVE_RENESAS_SYNC)
     {
         /* Test Vector from "NIST Special Publication 800-38A, 2001 Edition"
          * https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-38a.pdf
@@ -10960,9 +10981,10 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_test(void)
     #endif
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    #ifndef HAVE_RENESAS_SYNC
         if (XMEMCMP(cipher, verify2, AES_BLOCK_SIZE))
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
-
+    #endif
         ret = wc_AesCbcEncrypt(enc, cipher + AES_BLOCK_SIZE,
                 msg2 + AES_BLOCK_SIZE, AES_BLOCK_SIZE);
     #if defined(WOLFSSL_ASYNC_CRYPT)
@@ -11001,7 +11023,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_test(void)
 
         #endif /* HAVE_AES_DECRYPT */
     }
-#endif /* WOLFSSL_AES_128 */
+#endif /* WOLFSSL_AES_128 && !HAVE_RENESAS_SYNC */
 #endif /* HAVE_AES_CBC */
 
 #ifdef WOLFSSL_AES_COUNTER
@@ -11068,11 +11090,14 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_test(void)
     }
 #endif /* WOLFSSL_AES_DIRECT && WOLFSSL_AES_256 */
 
+#ifndef HAVE_RENESAS_SYNC
     ret = aes_key_size_test();
     if (ret != 0)
         goto out;
+#endif
 
-#if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
+#if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) && \
+    !defined(HAVE_RENESAS_SYNC)
     ret = aes_cbc_test();
     if (ret != 0)
         goto out;
@@ -11304,13 +11329,19 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes256_test(void)
         0xf5,0x8c,0x4c,0x04,0xd6,0xe5,0xf1,0xba,
         0x77,0x9e,0xab,0xfb,0x5f,0x7b,0xfb,0xd6
     };
-
+#ifdef HAVE_RENESAS_SYNC
+    byte *key =
+                (byte*)guser_PKCbInfo.wrapped_key_aes256;
+    int kyeSz = (256/8);
+#else
     WOLFSSL_SMALL_STACK_STATIC byte key[] = {
         0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
         0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
         0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
         0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
     };
+    int kyeSz = (int)sizeof(key);
+#endif
     WOLFSSL_SMALL_STACK_STATIC byte iv[]  = {
         0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
         0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F
@@ -11334,11 +11365,11 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes256_test(void)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 #endif
 
-    ret = wc_AesSetKey(enc, key, (int) sizeof(key), iv, AES_ENCRYPTION);
+    ret = wc_AesSetKey(enc, key, kyeSz, iv, AES_ENCRYPTION);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 #ifdef HAVE_AES_DECRYPT
-    ret = wc_AesSetKey(dec, key, (int) sizeof(key), iv, AES_DECRYPTION);
+    ret = wc_AesSetKey(dec, key, kyeSz, iv, AES_DECRYPTION);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 #endif
@@ -11362,10 +11393,10 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes256_test(void)
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
     }
 #endif
-
+#ifndef HAVE_RENESAS_SYNC
     if (XMEMCMP(cipher, verify, (int) sizeof(cipher)))
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
-
+#endif
     wc_AesFree(enc);
 #ifdef HAVE_AES_DECRYPT
     wc_AesFree(dec);
@@ -11638,6 +11669,10 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void)
 #endif
 
 #ifdef WOLFSSL_AES_256
+#ifdef HAVE_RENESAS_SYNC
+    const byte *k1 = (byte*)guser_PKCbInfo.wrapped_key_aes256;
+    int k1Sz = (int)(256/8);
+#else
     WOLFSSL_SMALL_STACK_STATIC const byte k1[] =
     {
         0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
@@ -11645,7 +11680,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void)
         0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
         0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
     };
-
+    int k1Sz = (int)sizeof(k1);
+#endif
     WOLFSSL_SMALL_STACK_STATIC const byte iv1[] =
     {
         0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
@@ -11731,11 +11767,18 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void)
         0x8e, 0x1a, 0xa2, 0x3b, 0x77, 0xcb, 0xaf, 0xe2
     };
 
+#ifdef HAVE_RENESAS_SYNC
+    const byte *k3 =
+        (byte*)guser_PKCbInfo.wrapped_key_aes128;
+    int k3Sz = (int)(128/8);
+#else
     WOLFSSL_SMALL_STACK_STATIC const byte k3[] =
     {
         0xbb, 0x01, 0xd7, 0x03, 0x81, 0x1c, 0x10, 0x1a,
         0x35, 0xe0, 0xff, 0xd2, 0x91, 0xba, 0xf2, 0x4b
     };
+    int k3Sz = (int)sizeof(k3);
+#endif
 
     WOLFSSL_SMALL_STACK_STATIC const byte iv3[] =
     {
@@ -11826,7 +11869,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
 #ifdef WOLFSSL_AES_256
-    ret = wc_AesGcmSetKey(enc, k1, sizeof(k1));
+    ret = wc_AesGcmSetKey(enc, k1, k1Sz);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
@@ -11838,13 +11881,15 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void)
 #endif
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+#ifndef HAVE_RENESAS_SYNC
     if (XMEMCMP(c1, resultC, sizeof(c1)))
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
     if (XMEMCMP(t1, resultT, sizeof(t1)))
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+#endif
 
 #ifdef HAVE_AES_DECRYPT
-    ret = wc_AesGcmSetKey(dec, k1, sizeof(k1));
+    ret = wc_AesGcmSetKey(dec, k1, k1Sz);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
@@ -11890,7 +11935,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void)
 #endif /* BENCH_AESGCM_LARGE */
 #if defined(ENABLE_NON_12BYTE_IV_TEST) && defined(WOLFSSL_AES_256)
     /* Variable IV length test */
-    for (ivlen=1; ivlen<(int)sizeof(k1); ivlen++) {
+    for (ivlen=1; ivlen<k1Sz; ivlen++) {
          /* AES-GCM encrypt and decrypt both use AES encrypt internally */
          ret = wc_AesGcmEncrypt(enc, resultC, p, sizeof(p), k1,
                          (word32)ivlen, resultT, sizeof(t1), a, sizeof(a));
@@ -11952,7 +11997,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void)
     }
 
     /* Test unaligned memory of all potential arguments */
-    ret = wc_AesGcmSetKey(enc, k1, sizeof(k1));
+    ret = wc_AesGcmSetKey(enc, k1, k1Sz);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
@@ -11969,7 +12014,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void)
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
 #ifdef HAVE_AES_DECRYPT
-    ret = wc_AesGcmSetKey(dec, k1, sizeof(k1));
+    ret = wc_AesGcmSetKey(dec, k1, k1Sz);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
@@ -12072,7 +12117,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void)
     XMEMSET(resultP, 0, sizeof(resultP));
 #endif /* WOLFSSL_AES_192 */
 #ifdef WOLFSSL_AES_128
-    wc_AesGcmSetKey(enc, k3, sizeof(k3));
+    wc_AesGcmSetKey(enc, k3, k3Sz);
     /* AES-GCM encrypt and decrypt both use AES encrypt internally */
     ret = wc_AesGcmEncrypt(enc, resultC, p3, sizeof(p3), iv3, sizeof(iv3),
                                         resultT, sizeof(t3), a3, sizeof(a3));
@@ -12081,10 +12126,12 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void)
 #endif
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+#ifndef HAVE_RENESAS_SYNC
     if (XMEMCMP(c3, resultC, sizeof(c3)))
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
     if (XMEMCMP(t3, resultT, sizeof(t3)))
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+#endif
 
 #ifdef HAVE_AES_DECRYPT
     ret = wc_AesGcmDecrypt(enc, resultP, resultC, sizeof(c3),
@@ -12108,7 +12155,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void)
     XMEMSET(resultC, 0, sizeof(resultC));
     XMEMSET(resultP, 0, sizeof(resultP));
 
-    wc_AesGcmSetKey(enc, k1, sizeof(k1));
+    wc_AesGcmSetKey(enc, k1, k1Sz);
     /* AES-GCM encrypt and decrypt both use AES encrypt internally */
     ret = wc_AesGcmEncrypt(enc, resultC, p, sizeof(p), iv1, sizeof(iv1),
                                 resultT + 1, sizeof(t1) - 1, a, sizeof(a));
@@ -12117,11 +12164,12 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void)
 #endif
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+#ifndef HAVE_RENESAS_SYNC
     if (XMEMCMP(c1, resultC, sizeof(c1)))
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
     if (XMEMCMP(t1, resultT + 1, sizeof(t1) - 1))
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
-
+#endif
 #ifdef HAVE_AES_DECRYPT
     ret = wc_AesGcmDecrypt(enc, resultP, resultC, sizeof(p),
               iv1, sizeof(iv1), resultT + 1, sizeof(t1) - 1, a, sizeof(a));
@@ -12153,7 +12201,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void)
         XMEMSET(resultC, 0, sizeof(resultC));
         XMEMSET(resultP, 0, sizeof(resultP));
 
-        wc_AesGcmSetKey(enc, k1, sizeof(k1));
+        wc_AesGcmSetKey(enc, k1, k1Sz);
         ret = wc_AesGcmSetIV(enc, sizeof(randIV), NULL, 0, &rng);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
@@ -12180,7 +12228,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void)
         }
 
 #ifdef HAVE_AES_DECRYPT
-        wc_AesGcmSetKey(dec, k1, sizeof(k1));
+        wc_AesGcmSetKey(dec, k1, k1Sz);
         ret = wc_AesGcmSetIV(dec, sizeof(randIV), NULL, 0, &rng);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);

wolfssl/wolfcrypt/aes.h

@@ -298,7 +298,7 @@ struct Aes {
     defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
     TSIP_AES_CTX ctx;
 #endif
-#if defined(WOLFSSL_RENESAS_SCEPROTECT)
+#if defined(WOLFSSL_RENESAS_FSPSM)
     FSPSM_AES_CTX ctx;
 #endif
 #if defined(WOLFSSL_IMXRT_DCP)

wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h

@@ -31,7 +31,7 @@ extern "C" {
 #define WOLFSSL_FSPSM_ILLEGAL_CIPHERSUITE     -1
 #define MAX_FSPSM_CBINDEX 5
 
-typedef void* FSP_W_KEYVAR;
+typedef void* FSPSM_W_KEYVAR;
 
 /* flsgas related to TLS */
 struct FSPSM_tls_flg_ST {
@@ -71,17 +71,20 @@ typedef struct FSPSM_tag_ST {
 
     /* installed key handling */
     /* aes */
-    FSP_W_KEYVAR   wrapped_key_aes256;
-    FSP_W_KEYVAR   wrapped_key_aes128;
+    FSPSM_W_KEYVAR   wrapped_key_aes256;
+    FSPSM_W_KEYVAR   wrapped_key_aes128;
 
    #if defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
     /* rsa */
-    FSP_W_KEYVAR   wrapped_key_rsapri2048;
-    FSP_W_KEYVAR   wrapped_key_rsapub2048;
-    FSP_W_KEYVAR   wrapped_key_rsapri1024;
-    FSP_W_KEYVAR   wrapped_key_rsapub1024;
+    FSPSM_W_KEYVAR   wrapped_key_rsapri2048;
+    FSPSM_W_KEYVAR   wrapped_key_rsapub2048;
+    FSPSM_W_KEYVAR   wrapped_key_rsapri1024;
+    FSPSM_W_KEYVAR   wrapped_key_rsapub1024;
    #endif
 
+   #if defined(WOLFSSL_RENESAS_RSIP)
+    uint8_t hash_type;
+   #endif
     /* key status flags */
     /* flag whether encrypted ec key is set */
     union {
@@ -94,7 +97,6 @@ typedef struct FSPSM_tag_ST {
         uint8_t chr;
         struct FSPSM_key_flg_ST bits;
     } keyflgs_crypt;
-
 } FSPSM_ST;
 
 typedef struct tagPKCbInfo {
@@ -102,6 +104,7 @@ typedef struct tagPKCbInfo {
     uint32_t    num_session;
 } FSPSM_ST_PKC;
 
+#ifdef WOLFSSL_RENSAS_FSPSM_TLS
 typedef struct
 {
     uint8_t                          *encrypted_provisioning_key;
@@ -110,6 +113,7 @@ typedef struct
     uint32_t                         encrypted_user_tls_key_type;
     FSPSM_CACERT_PUB_WKEY            user_rsa2048_tls_wrappedkey;
 } fspsm_key_data;
+#endif
 
 struct WOLFSSL;
 struct WOLFSSL_CTX;
@@ -125,10 +129,10 @@ WOLFSSL_LOCAL int     wc_fspsm_usable(const struct WOLFSSL *ssl,
 typedef struct {
     FSPSM_AES_WKEY   wrapped_key;
     word32           keySize;
-    byte             setup;
 } FSPSM_AES_CTX;
 
 struct Aes;
+WOLFSSL_LOCAL void wc_fspsm_Aesfree(struct Aes* aes);
 WOLFSSL_LOCAL int wc_fspsm_AesCbcEncrypt(struct Aes* aes, byte* out,
                         const byte* in, word32 sz);
 WOLFSSL_LOCAL int wc_fspsm_AesCbcDecrypt(struct Aes* aes, byte* out,
@@ -148,10 +152,22 @@ WOLFSSL_LOCAL int  wc_fspsm_AesGcmDecrypt(struct Aes* aes, byte* out,
                           const byte* authIn, word32 authInSz,
                           void* ctx);
 
-#if !defined(NO_SHA256) && !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH)
+#if (!defined(NO_SHA) || !defined(NO_SHA256) || defined(WOLFSSL_SH224) || \
+    defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512)) && \
+    !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH)
 
 typedef enum {
+#if defined(WOLFSSL_RENESAS_SCEPROTECT)
     FSPSM_SHA256 = 1,
+#elif defined(WOLFSSL_RENESAS_RSIP)
+    FSPSM_SHA1 = RSIP_HASH_TYPE_SHA1,
+    FSPSM_SHA224 = RSIP_HASH_TYPE_SHA224,
+    FSPSM_SHA256 = RSIP_HASH_TYPE_SHA256,
+    FSPSM_SHA384 = RSIP_HASH_TYPE_SHA384,
+    FSPSM_SHA512 = RSIP_HASH_TYPE_SHA512,
+    FSPSM_SHA512_224 = RSIP_HASH_TYPE_SHA512_224,
+    FSPSM_SHA512_256 = RSIP_HASH_TYPE_SHA512_256,
+#endif
 } FSPSM_SHA_TYPE;
 
 typedef struct {
@@ -170,7 +186,31 @@ typedef struct {
 #undef  WOLFSSL_NO_HASH_RAW
 #define WOLFSSL_NO_HASH_RAW
 
-typedef wolfssl_FSPSM_Hash wc_Sha256;
+#if !defined(NO_SHA) && defined(WOLFSSL_RENESAS_RSIP)
+    typedef wolfssl_FSPSM_Hash wc_Sha;
+#endif
+
+#if defined(WOLFSSL_SHA224) && defined(WOLFSSL_RENESAS_RSIP)
+    typedef wolfssl_FSPSM_Hash wc_Sha224;
+    #define WC_SHA224_TYPE_DEFINED
+#endif
+
+#if !defined(NO_SHA256) && \
+    (defined(WOLFSSL_RENESAS_SCEPROTECT) || defined(WOLFSSL_RENESAS_RSIP))
+    typedef wolfssl_FSPSM_Hash wc_Sha256;
+#endif
+
+#if defined(WOLFSSL_SHA384) && defined(WOLFSSL_RENESAS_RSIP)
+    typedef wolfssl_FSPSM_Hash wc_Sha384;
+    #define WC_SHA384_TYPE_DEFINED
+#endif
+
+#if defined(WOLFSSL_SHA512) && defined(WOLFSSL_RENESAS_RSIP)
+    typedef wolfssl_FSPSM_Hash wc_Sha512;
+    typedef wolfssl_FSPSM_Hash wc_Sha512_224;
+    typedef wolfssl_FSPSM_Hash wc_Sha512_256;
+    #define WC_SHA512_TYPE_DEFINED
+#endif
 
 #endif /* NO_SHA */
 
@@ -270,18 +310,28 @@ WOLFSSL_API void FSPSM_CALLBACK_FUNC(struct WOLFSSL_CTX* ctx);
 WOLFSSL_API int  FSPSM_CALLBACK_CTX_FUNC(struct WOLFSSL* ssl, void* user_ctx);
 WOLFSSL_API void FSPSM_INFORM_CERT_SIGN(const uint8_t *sign);
 
-/* rsa */
-struct RsaKey;
-struct WC_RNG;
-WOLFSSL_API int  wc_fspsm_RsaFunction(const byte* in, word32 inLen, byte* out,
-    word32 outLen, int type, struct RsaKey* key, struct WC_RNG* rng, void* ctx);
-WOLFSSL_API int  wc_fspsm_MakeRsaKey(int size, void* ctx);
-WOLFSSL_API int  wc_fspsm_RsaSign(const byte* in, word32 inLen, byte* out,
-                    word32* outLen, struct RsaKey* key, void* ctx);
-WOLFSSL_API int  wc_fspsm_RsaVerify(const byte* in, word32 inLen, byte* out,
-                    word32* outLen,struct RsaKey* key, void* ctx);
 
 #endif  /* WOLFSSL_RENESAS_FSPSM_TLS && 
          * !WOLFSSL_RENESAS_FSPSM_CRYPT_ONLY */
 
+typedef struct FSPSM_RSA_CTX {
+    FSPSM_RSA1024_WPI_KEY *wrapped_pri1024_key;
+    FSPSM_RSA1024_WPB_KEY *wrapped_pub1024_key;
+    FSPSM_RSA2048_WPI_KEY *wrapped_pri2048_key;
+    FSPSM_RSA2048_WPB_KEY *wrapped_pub2048_key;
+    word32 keySz;
+} FSPSM_RSA_CTX;
+
+/* rsa */
+struct RsaKey;
+struct WC_RNG;
+WOLFSSL_LOCAL void wc_fspsm_RsaKeyFree(struct RsaKey *key);
+WOLFSSL_LOCAL int  wc_fspsm_RsaFunction(const byte* in, word32 inLen, byte* out,
+  word32 *outLen, int type, struct RsaKey* key, struct WC_RNG* rng);
+WOLFSSL_LOCAL int  wc_fspsm_MakeRsaKey(struct RsaKey* key, int size, void* ctx);
+WOLFSSL_LOCAL int  wc_fspsm_RsaSign(const byte* in, word32 inLen, byte* out,
+                    word32* outLen, struct RsaKey* key, void* ctx);
+WOLFSSL_LOCAL int  wc_fspsm_RsaVerify(const byte* in, word32 inLen, byte* out,
+                    word32* outLen,struct RsaKey* key, void* ctx);
+
 #endif  /* __RENESAS_FSPSM_CRYPT_H__ */

wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-types.h

@@ -41,6 +41,7 @@
     #define gFSPSM_ctrl             sce_ctrl
     #define FSPSM_CONFIG            sce_cfg_t
     #define gFSPSM_cfg              sce_cfg
+    #define H_INSTANCE              _handle
     #define FSPSM_OPEN              R_SCE_Open
     #define FSPSM_CLOSE             R_SCE_Close
 
@@ -125,18 +126,28 @@
     #define FSPSM_RSA2048_WPI_KEY   sce_rsa2048_private_wrapped_key_t
 
     /* rsa key gen */
-    #define FSPSM_RSA1024_KEYPA_GEN R_SCE_RSA1024_WrappedKeyPairGenerate
-    #define FSPSM_RSA2048_KEYPA_GEN R_SCE_RSA2048_WrappedKeyPairGenerate
+    #define FSPSM_RSA1024_KEYPA_GEN(x,y) R_SCE_RSA1024_WrappedKeyPairGenerate\
+                                    (x)
+    #define FSPSM_RSA2048_KEYPA_GEN(x,y) R_SCE_RSA2048_WrappedKeyPairGenerate\
+                                    (x)
 
     /* rsa function */
-    #define FSPSM_RSA1024_PKCSENC_FUNC R_SCE_RSAES_PKCS1024_Encrypt
-    #define FSPSM_RSA2048_PKCSENC_FUNC R_SCE_RSAES_PKCS2048_Encrypt
-    #define FSPSM_RSA1024_PKCSDEC_FUNC R_SCE_RSAES_PKCS1024_Decrypt
-    #define FSPSM_RSA2048_PKCSDEC_FUNC R_SCE_RSAES_PKCS2048_Decrypt
-    #define FSPSM_RSA1024_SIGN_FUNC R_SCE_RSASSA_PKCS1024_SignatureGenerate
-    #define FSPSM_RSA2048_SIGN_FUNC R_SCE_RSASSA_PKCS2048_SignatureGenerate
-    #define FSPSM_RSA1024_VRY_FUNC R_SCE_RSASSA_PKCS1024_SignatureVerify
-    #define FSPSM_RSA2048_VRY_FUNC R_SCE_RSASSA_PKCS2048_SignatureVerify
+    #define FSPSM_RSA1024_PKCSENC_FUNC(p,c,k) R_SCE_RSAES_PKCS1024_Encrypt\
+                                                            (p,c,k)
+    #define FSPSM_RSA2048_PKCSENC_FUNC(p,c,k) R_SCE_RSAES_PKCS2048_Encrypt\
+                                                            (p,c,k)
+    #define FSPSM_RSA1024_PKCSDEC_FUNC(p,c,k,l) R_SCE_RSAES_PKCS1024_Decrypt\
+                                                            (p,c,k)
+    #define FSPSM_RSA2048_PKCSDEC_FUNC(p,c,k,l) R_SCE_RSAES_PKCS2048_Decrypt\
+                                                            (p,c,k)
+    #define FSPSM_RSA1024_SIGN_FUNC(m,s,k,t) \
+                        R_SCE_RSASSA_PKCS1024_SignatureGenerate(m,s,k,t)
+    #define FSPSM_RSA2048_SIGN_FUNC(m,s,k,t)  \
+                        R_SCE_RSASSA_PKCS2048_SignatureGenerate(m,s,k,t)
+    #define FSPSM_RSA1024_VRY_FUNC(m,s,k,t) \
+                        R_SCE_RSASSA_PKCS1024_SignatureVerify(m,s,k,t)
+    #define FSPSM_RSA2048_VRY_FUNC(m,s,k,t) \
+                        R_SCE_RSASSA_PKCS2048_SignatureVerify(m,s,k,t)
     /* sha */
     #define FSPSM_SHA_HANDLE    sce_sha_md5_handle_t
     #define FSPSM_SHA256_Init   R_SCE_SHA256_Init
@@ -149,6 +160,159 @@
     #define FSPSM_CALLBACK_CTX_FUNC wc_sce_set_callback_ctx
     #define FSPSM_INFORM_CERT_SIGN  wc_sce_inform_cert_sign
 
+#elif defined(WOLFSSL_RENESAS_RSIP)
+
+    #include "r_rsip.h"
+
+    /* structure, type so on */
+    #define FSPSM_W_KEYVAR          renesas_rsip_wrappedkey
+    #define FSPSM_tls_flg_ST        rsip_keyflgs_tls
+    #define FSPSM_key_flg_ST        rsip_keyflgs_cryt
+    #define FSPSM_tag_ST            tagUser_RSIPPKCbInfo
+    #define FSPSM_ST                User_RSIPPKCbInfo
+    #define FSPSM_ST_PKC            RSIP_PKCbInfo
+    #define FSPSM_KEY_TYPE          rsip_key_type_t
+
+    #define FSPSM_INSTANCE          rsip_instance_ctrl_t
+    #define gFSPSM_ctrl             rsip_ctrl
+    #define FSPSM_CONFIG            rsip_cfg_t
+    #define gFSPSM_cfg              rsip_cfg
+    #define H_INSTANCE              gFSPSM_ctrl
+    #define FSPSM_OPEN              R_RSIP_Open
+    #define FSPSM_CLOSE             R_RSIP_Close
+
+    /* sha 1*/
+    #define FSPSM_SHA_HANDLE        rsip_sha_handle_t
+    #define FSPSM_SHA1_Init         _R_RSIP_SHA1_GenerateInit
+    #define FSPSM_SHA1_Up           _R_RSIP_SHA_GenerateUpdate
+    #define FSPSM_SHA1_Final        _R_RSIP_SHA_GenerateFinal
+
+    /* sha 224 */
+    #define FSPSM_SHA224_Init       _R_RSIP_SHA224_GenerateInit
+    #define FSPSM_SHA224_Up         _R_RSIP_SHA_GenerateUpdate
+    #define FSPSM_SHA224_Final      _R_RSIP_SHA_GenerateFinal
+
+    /* sha 256 */
+    #define FSPSM_SHA256_Init       _R_RSIP_SHA256_GenerateInit
+    #define FSPSM_SHA256_Up         _R_RSIP_SHA_GenerateUpdate
+    #define FSPSM_SHA256_Final      _R_RSIP_SHA_GenerateFinal
+
+    /* sha 384 */
+    #define FSPSM_SHA384_Init       _R_RSIP_SHA384_GenerateInit
+    #define FSPSM_SHA384_Up         _R_RSIP_SHA_GenerateUpdate
+    #define FSPSM_SHA384_Final      _R_RSIP_SHA_GenerateFinal
+
+    /* sha 512 */
+    #define FSPSM_SHA512_Init       _R_RSIP_SHA512_GenerateInit
+    #define FSPSM_SHA512_Up         _R_RSIP_SHA_GenerateUpdate
+    #define FSPSM_SHA512_Final      _R_RSIP_SHA_GenerateFinal
+
+    /* sha 512 224*/
+    #define FSPSM_SHA512_224_Init   _R_RSIP_SHA512_224_GenerateInit
+    #define FSPSM_SHA512_224_Up     _R_RSIP_SHA_GenerateUpdate
+    #define FSPSM_SHA512_224_Final  _R_RSIP_SHA_GenerateFinal
+
+     /* sha 512 256 */
+    #define FSPSM_SHA512_256_Init   _R_RSIP_SHA512_256_GenerateInit
+    #define FSPSM_SHA512_256_Up     _R_RSIP_SHA_GenerateUpdate
+    #define FSPSM_SHA512_256_Final  _R_RSIP_SHA_GenerateFinal
+    /* aes */
+    #define FSPSM_AES_WKEY          rsip_wrapped_key_t*
+    #define FSPSM_AESGCM_HANDLE     rsip_instance_ctrl_t*
+    #define FSPSM_AES_HANDLE        rsip_instance_ctrl_t*
+    #define FSPSM_AES_KEYGEN_FUNC   _R_RSIP_KeyGenerate
+
+    /* aes 128 cbc */
+    /* mode : RSIP_AES_MODE_CBC */
+    #define FSPSM_AES128CBCEnc_Init    _R_RSIP_AESCBC_Cipher_EncryptInit
+    #define FSPSM_AES128CBCEnc_Up      _R_RSIP_AESCBC_Cipher_EncryptUpdate
+    #define FSPSM_AES128CBCEnc_Final   _R_RSIP_AESCBC_Cipher_EncryptFinal
+    #define FSPSM_AES128CBCDec_Init    _R_RSIP_AESCBC_Cipher_DecryptInit
+    #define FSPSM_AES128CBCDec_Up      _R_RSIP_AESCBC_Cipher_DecryptUpdate
+    #define FSPSM_AES128CBCDec_Final   _R_RSIP_AESCBC_Cipher_DecryptFinal
+
+    /* aes 256 cbc */
+    /* mode : RSIP_AES_MODE_CBC */
+    #define FSPSM_AES256CBCEnc_Init    _R_RSIP_AESCBC_Cipher_EncryptInit
+    #define FSPSM_AES256CBCEnc_Up      _R_RSIP_AESCBC_Cipher_EncryptUpdate
+    #define FSPSM_AES256CBCEnc_Final   _R_RSIP_AESCBC_Cipher_EncryptFinal
+    #define FSPSM_AES256CBCDec_Init    _R_RSIP_AESCBC_Cipher_DecryptInit
+    #define FSPSM_AES256CBCDec_Up      _R_RSIP_AESCBC_Cipher_DecryptUpdate
+    #define FSPSM_AES256CBCDec_Final   _R_RSIP_AESCBC_Cipher_DecryptFinal
+
+    /* aes128 gcm */
+    #define FSPSM_AES128GCMEnc_Init    _R_RSIP_AES_GCM_EncryptInit
+    #define FSPSM_AES128GCMEnc_Up      _R_RSIP_AES_GCM_EncryptUpdate
+    #define FSPSM_AES128GCMEnc_Final   _R_RSIP_AES_GCM_EncryptFinal
+    #define FSPSM_AES128GCMDec_Init    _R_RSIP_AES_GCM_DecryptInit
+    #define FSPSM_AES128GCMDec_Up      _R_RSIP_AES_GCM_DecryptUpdate
+    #define FSPSM_AES128GCMDec_Final   _R_RSIP_AES_GCM_DecryptFinal
+
+    /* aes256 gcm */
+    #define FSPSM_AES256GCMEnc_Init    _R_RSIP_AES_GCM_EncryptInit
+    #define FSPSM_AES256GCMEnc_Up      _R_RSIP_AES_GCM_EncryptUpdate
+    #define FSPSM_AES256GCMEnc_Final   _R_RSIP_AES_GCM_EncryptFinal
+    #define FSPSM_AES256GCMDec_Init    _R_RSIP_AES_GCM_DecryptInit
+    #define FSPSM_AES256GCMDec_Up      _R_RSIP_AES_GCM_DecryptUpdate
+    #define FSPSM_AES256GCMDec_Final   _R_RSIP_AES_GCM_DecryptFinal
+
+    /* rsa */
+    /* rsa data */
+    typedef struct {
+        uint8_t *pdata;
+        uint32_t data_length;
+        uint32_t data_type;/* no use for RSIP */
+        uint32_t hash_type;/* for rsip, hash type */
+    } tmpRSIP_RSA_DATA;
+
+    #define FSPSM_RSA_DATA          tmpRSIP_RSA_DATA
+
+    /* rsa 1024 key */
+    #define FSPSM_RSA1024_WPA_KEY   rsip_wrapped_key_t
+    #define FSPSM_RSA1024_WPB_KEY   rsip_wrapped_key_t
+    #define FSPSM_RSA1024_WPI_KEY   rsip_wrapped_key_t
+    /* rsa 2048 key */
+    #define FSPSM_RSA2048_WPA_KEY   rsip_wrapped_key_t
+    #define FSPSM_RSA2048_WPB_KEY   rsip_wrapped_key_t
+    #define FSPSM_RSA2048_WPI_KEY   rsip_wrapped_key_t
+
+    /* rsa key gen */
+    #define FSPSM_RSA1024_KEYPA_GEN(x,y) R_RSIP_KeyPairGenerate\
+                                    (&gFSPSM_ctrl, RSIP_KEY_PAIR_TYPE_RSA_1024,\
+                                    x,y)
+    #define FSPSM_RSA2048_KEYPA_GEN(x,y) R_RSIP_KeyPairGenerate\
+                                    (&gFSPSM_ctrl, RSIP_KEY_PAIR_TYPE_RSA_2048,\
+                                    x,y)
+
+    /* rsa function */
+    /* encrypt */
+    #define FSPSM_RSA1024_PKCSENC_FUNC(p,c,k) R_RSIP_RSAES_PKCS1_V1_5_Encrypt\
+        (&gFSPSM_ctrl, k, (uint8_t const *const)(p)->pdata, \
+        (uint32_t const)(p)->data_length, \
+        (uint8_t *const)(c)->pdata);
+
+    #define FSPSM_RSA2048_PKCSENC_FUNC(p,c,k) FSPSM_RSA1024_PKCSENC_FUNC(p,c,k)
+    /* decrypt */
+    #define FSPSM_RSA1024_PKCSDEC_FUNC(c,p,k,l) R_RSIP_RSAES_PKCS1_V1_5_Decrypt\
+        (&gFSPSM_ctrl, k, (uint8_t const *const)(c)->pdata, \
+        (uint8_t *const)(p)->pdata,\
+        (uint32_t *const)l, \
+        (uint32_t const)(p)->data_length);
+    #define FSPSM_RSA2048_PKCSDEC_FUNC(c,p,k,l) \
+                                            FSPSM_RSA1024_PKCSDEC_FUNC(c,p,k,l)
+
+    /* sign */
+    #define FSPSM_RSA1024_SIGN_FUNC(m,s,k,t) R_RSIP_RSASSA_PKCS1_V1_5_Sign\
+        (&gFSPSM_ctrl, k, (m)->hash_type, (uint8_t const *const)(m)->pdata,\
+        (uint8_t *const)(s)->pdata)
+    #define FSPSM_RSA2048_SIGN_FUNC(m,s,k,t)  FSPSM_RSA1024_SIGN_FUNC(m,s,k,t)
+
+    /* verify */
+    #define FSPSM_RSA1024_VRY_FUNC(s,m,k,t)  R_RSIP_RSASSA_PKCS1_V1_5_Verify\
+        (&gFSPSM_ctrl, k, (m)->hash_type, (uint8_t const *const)(m)->pdata,\
+        (uint8_t *const)(s)->pdata)
+    #define FSPSM_RSA2048_VRY_FUNC(s,m,k,t)  FSPSM_RSA1024_VRY_FUNC(s,m,k,t)
+
 #endif
 
 #endif /* __RENESAS_FSP_CRYPT_H__ */

wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h

@@ -44,7 +44,7 @@ WOLFSSL_LOCAL int Renesas_cmn_RsaEnc(WOLFSSL* ssl, const unsigned char* in,
 WOLFSSL_LOCAL int Renesas_cmn_VerifyHmac(WOLFSSL *ssl, const byte* message, 
                     word32 messageSz, word32 macSz, word32 content, void* ctx);
 WOLFSSL_LOCAL int Renesas_cmn_EccVerify(WOLFSSL* ssl, const unsigned char* sig,
-		unsigned int sigSz, const unsigned char* hash, unsigned int hashSz,
+        unsigned int sigSz, const unsigned char* hash, unsigned int hashSz,
         const unsigned char* key, unsigned int keySz, int* result, void* ctx);
 WOLFSSL_LOCAL int Renesas_cmn_RsaVerify(WOLFSSL* ssl,
                                 unsigned char* sig, unsigned int sigSz,
@@ -68,6 +68,7 @@ WOLFSSL_LOCAL int Renesas_cmn_SigPkCbEccVerify(const unsigned char* sig, unsigne
        int* result, void* ctx);
 
 /* Common Methods */
+WOLFSSL_LOCAL void* Renesas_cmn_GetCbCtxBydevId(int devId);
 int wc_CryptoCb_CryptInitRenesasCmn(WOLFSSL* ssl, void* ctx);
 void wc_CryptoCb_CleanupRenesasCmn(int* id);
 int wc_Renesas_cmn_RootCertVerify(const byte* cert, word32 cert_len, 

wolfssl/wolfcrypt/port/Renesas/renesas_sync.h

@@ -25,8 +25,8 @@
 #ifdef HAVE_RENESAS_SYNC
 
 struct WOLFSSL;
-struct User_SCEPKCbInfo;
-extern User_SCEPKCbInfo guser_PKCbInfo;
+struct FSPSM_ST;
+extern FSPSM_ST guser_PKCbInfo;
 
 WOLFSSL_API int wc_CryptoCb_CryptInitRenesasCmn(struct WOLFSSL* ssl, void* ctx);
 WOLFSSL_API void wc_CryptoCb_CleanupRenesasCmn(int* id);

wolfssl/wolfcrypt/rsa.h

@@ -94,6 +94,10 @@ RSA keys can be used to encrypt, decrypt, sign and verify data.
     #include <wolfssl/wolfcrypt/port/devcrypto/wc_devcrypto.h>
 #endif
 
+#if defined(WOLFSSL_RENESAS_FSPSM)
+    #include <wolfssl/wolfcrypt/port/renesas/renesas-fspsm-crypt.h>
+#endif
+
 #ifdef __cplusplus
     extern "C" {
 #endif
@@ -255,6 +259,9 @@ struct RsaKey {
 #if defined(WOLFSSL_DEVCRYPTO_RSA)
     WC_CRYPTODEV ctx;
 #endif
+#if defined(WOLFSSL_RENESAS_FSPSM)
+    FSPSM_RSA_CTX ctx;
+#endif
 };
 
 #ifndef WC_RSAKEY_TYPE_DEFINED

wolfssl/wolfcrypt/sha.h

@@ -104,6 +104,9 @@ enum {
     #include "wolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h"
 #elif defined(WOLFSSL_RENESAS_RX64_HASH)
     #include "wolfssl/wolfcrypt/port/Renesas/renesas-rx64-hw-crypt.h"
+#elif defined(WOLFSSL_RENESAS_RSIP) && \
+    !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH)
+    #include "wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h"
 #else
 
 #if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)

wolfssl/wolfcrypt/sha256.h

@@ -134,7 +134,8 @@ enum {
        defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)) && \
    !defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH)
     #include "wolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h"
-#elif defined(WOLFSSL_RENESAS_SCEPROTECT) && \
+#elif (defined(WOLFSSL_RENESAS_SCEPROTECT) || \
+       defined(WOLFSSL_RENESAS_RSIP))    && \
      !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH)
     #include "wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h"
 #elif defined(WOLFSSL_RENESAS_RX64_HASH)

wolfssl/wolfcrypt/sha512.h

@@ -119,6 +119,10 @@ enum {
 
 #if defined(WOLFSSL_IMX6_CAAM) && !defined(WOLFSSL_QNX_CAAM)
     #include "wolfssl/wolfcrypt/port/caam/wolfcaam_sha.h"
+#elif defined(WOLFSSL_RENESAS_RSIP) && \
+     !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH)
+    #include "wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h"
+
 #else
 #if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
     #include "wolfssl/wolfcrypt/port/nxp/se050_port.h"

wolfssl/wolfio.h

@@ -171,7 +171,8 @@
     #endif
 
     #if defined(WOLFSSL_RENESAS_RA6M3G) || defined(WOLFSSL_RENESAS_RA6M3) ||\
-                    defined(WOLFSSL_RENESAS_RA6M4)
+                    defined(WOLFSSL_RENESAS_RA6M4) || \
+                    defined(WOLFSSL_RENESAS_RZN2L)
       /* Uses FREERTOS_TCP */
         #include <errno.h>
     #endif