feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #8595 from dgarske/renesas_rx_tsip

Browse Source 
Fixes for Renesas RX TSIP
This commit is contained in:
JacobBarthelmeh
2025-04-11 11:22:13 -06:00
committed by GitHub
parent 11001c86f0 e37dc29c1c
commit 704e97bca6
7 changed files with 160 additions and 65 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.wolfssl_known_macro_extras
View File

@ -486,6 +486,8 @@ THREADED_SNIFFTEST
TIME_T_NOT_LONG
TI_DUMMY_BUILD
TLS13_RSA_PSS_SIGN_CB_NO_PREHASH
TSIP_RSAES_1024
TSIP_RSAES_2048
UNICODE
USER_CA_CB
USER_CUSTOM_SNIFFX

3
wolfcrypt/src/asn.c
View File

@ -25447,7 +25447,8 @@ int SetSerialNumber(const byte* sn, word32 snSz, byte* output,
#endif /* !NO_CERTS */
#if defined(WOLFSSL_ASN_TEMPLATE) || defined(HAVE_PKCS12) || \
(defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT))
(defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT)) || \
(!defined(NO_RSA) && defined(WOLFSSL_KEY_GEN))
int SetMyVersion(word32 version, byte* output, int header)
{
int i = 0;

28
wolfcrypt/src/port/Renesas/renesas_common.c
View File

@ -255,6 +255,34 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
#if defined(WOLFSSL_KEY_GEN) && defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
if (info->pk.type == WC_PK_TYPE_RSA_KEYGEN) {
ret = wc_tsip_MakeRsaKey(info->pk.rsakg.size, (void*)ctx);
if (ret == 0) {
TsipUserCtx* tsipCtx = (TsipUserCtx*)ctx;
RsaKey* key = info->pk.rsakg.key;
#if defined(TSIP_RSAES_1024) && TSIP_RSAES_1024 == 1
if (info->pk.rsakg.size == 1024) {
/* export generated public key to the RsaKey structure */
ret = wc_RsaPublicKeyDecodeRaw(
tsipCtx->rsa1024pub_keyIdx->value.key_n,
R_TSIP_RSA_1024_KEY_N_LENGTH_BYTE_SIZE,
tsipCtx->rsa1024pub_keyIdx->value.key_e,
R_TSIP_RSA_1024_KEY_E_LENGTH_BYTE_SIZE,
key
);
}
#endif
#if defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 1
if (info->pk.rsakg.size == 2048) {
/* export generated public key to the RsaKey structure */
ret = wc_RsaPublicKeyDecodeRaw(
tsipCtx->rsa2048pub_keyIdx->value.key_n,
R_TSIP_RSA_2048_KEY_N_LENGTH_BYTE_SIZE,
tsipCtx->rsa2048pub_keyIdx->value.key_e,
R_TSIP_RSA_2048_KEY_E_LENGTH_BYTE_SIZE,
key
);
}
#endif
}
}
#endif
/* tsip only supports PKCSV15 padding scheme */

148
wolfcrypt/src/port/Renesas/renesas_tsip_rsa.c
View File

@ -1,4 +1,4 @@
/* renesas_sce_rsa.c
/* renesas_tsip_rsa.c
*
* Copyright (C) 2006-2025 wolfSSL Inc.
*
@ -38,7 +38,13 @@
#include <wolfssl/wolfcrypt/rsa.h>
#include <wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h>
#ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY
/* Make sure at least RSA 1024 or RSA 2048 is enabled */
#if (defined(TSIP_RSAES_1024) && TSIP_RSAES_1024 == 0) && \
(defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 0)
#error Please enable TSIP RSA 1024 or 2048. \
This code assumes at least one is enabled
#endif
/* Make RSA key for TSIP and set it to callback ctx
* Assumes to be called by Crypt Callback
*
@ -50,63 +56,84 @@ int wc_tsip_MakeRsaKey(int size, void* ctx)
{
e_tsip_err_t ret;
TsipUserCtx *info = (TsipUserCtx*)ctx;
#if defined(TSIP_RSAES_1024) && TSIP_RSAES_1024 == 1
tsip_rsa1024_key_pair_index_t *tsip_pair1024_key = NULL;
#endif
#if defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 1
tsip_rsa2048_key_pair_index_t *tsip_pair2048_key = NULL;
#endif
/* sanity check */
if (ctx == NULL)
return BAD_FUNC_ARG;
if (size != 1024 && size != 2048) {
WOLFSSL_MSG("Failed to generate key pair by TSIP");
WOLFSSL_MSG("TSIP RSA KeyGen bit size not supported");
return CRYPTOCB_UNAVAILABLE;
}
#if defined(TSIP_RSAES_1024) && TSIP_RSAES_1024 == 0
if (size == 1024)
return CRYPTOCB_UNAVAILABLE;
#endif
#if defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 0
if (size == 2048)
return CRYPTOCB_UNAVAILABLE;
#endif
if ((ret = tsip_hw_lock()) == 0) {
if (size == 1024) {
#if defined(TSIP_RSAES_1024) && TSIP_RSAES_1024 == 1
tsip_pair1024_key =
(tsip_rsa1024_key_pair_index_t*)XMALLOC(
sizeof(tsip_rsa1024_key_pair_index_t), NULL,
DYNAMIC_TYPE_RSA_BUFFER);
if (tsip_pair1024_key == NULL)
(tsip_rsa1024_key_pair_index_t*)XMALLOC(
sizeof(tsip_rsa1024_key_pair_index_t), NULL,
DYNAMIC_TYPE_RSA_BUFFER);
if (tsip_pair1024_key == NULL) {
tsip_hw_unlock();
return MEMORY_E;
}
ret = R_TSIP_GenerateRsa1024RandomKeyIndex(tsip_pair1024_key);
#endif
}
else if (size == 2048) {
#if defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 1
tsip_pair2048_key =
(tsip_rsa2048_key_pair_index_t*)XMALLOC(
sizeof(tsip_rsa2048_key_pair_index_t), NULL,
DYNAMIC_TYPE_RSA_BUFFER);
if (tsip_pair2048_key == NULL)
(tsip_rsa2048_key_pair_index_t*)XMALLOC(
sizeof(tsip_rsa2048_key_pair_index_t), NULL,
DYNAMIC_TYPE_RSA_BUFFER);
if (tsip_pair2048_key == NULL) {
tsip_hw_unlock();
return MEMORY_E;
}
ret = R_TSIP_GenerateRsa2048RandomKeyIndex(tsip_pair2048_key);
#endif
}
if (ret == TSIP_SUCCESS) {
if (size == 1024) {
#if defined(TSIP_RSAES_1024) && TSIP_RSAES_1024 == 1
XFREE(info->rsa1024pri_keyIdx, NULL, DYNAMIC_TYPE_RSA_BUFFER);
XFREE(info->rsa1024pub_keyIdx, NULL, DYNAMIC_TYPE_RSA_BUFFER);
info->rsa1024pri_keyIdx =
(tsip_rsa1024_private_key_index_t*)XMALLOC(
sizeof(tsip_rsa1024_private_key_index_t), NULL,
DYNAMIC_TYPE_RSA_BUFFER);
(tsip_rsa1024_private_key_index_t*)XMALLOC(
sizeof(tsip_rsa1024_private_key_index_t), NULL,
DYNAMIC_TYPE_RSA_BUFFER);
if (info->rsa1024pri_keyIdx == NULL) {
XFREE(tsip_pair1024_key, NULL, DYNAMIC_TYPE_RSA_BUFFER);
tsip_hw_unlock();
return MEMORY_E;
}
info->rsa1024pub_keyIdx =
(tsip_rsa1024_public_key_index_t*)XMALLOC(
sizeof(tsip_rsa1024_public_key_index_t), NULL,
DYNAMIC_TYPE_RSA_BUFFER);
(tsip_rsa1024_public_key_index_t*)XMALLOC(
sizeof(tsip_rsa1024_public_key_index_t), NULL,
DYNAMIC_TYPE_RSA_BUFFER);
if (info->rsa1024pub_keyIdx == NULL) {
XFREE(tsip_pair1024_key, NULL, DYNAMIC_TYPE_RSA_BUFFER);
XFREE(info->rsa1024pri_keyIdx, NULL, DYNAMIC_TYPE_RSA_BUFFER);
tsip_hw_unlock();
return MEMORY_E;
}
/* copy generated key pair and free malloced key */
@ -121,17 +148,21 @@ int wc_tsip_MakeRsaKey(int size, void* ctx)
info->keyflgs_crypt.bits.rsapri1024_key_set = 1;
info->keyflgs_crypt.bits.rsapub1024_key_set = 1;
info->wrappedKeyType = TSIP_KEY_TYPE_RSA1024;
#endif
}
else if (size == 2048) {
#if defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 1
XFREE(info->rsa2048pri_keyIdx, NULL, DYNAMIC_TYPE_RSA_BUFFER);
XFREE(info->rsa2048pub_keyIdx, NULL, DYNAMIC_TYPE_RSA_BUFFER);
info->rsa2048pri_keyIdx =
(tsip_rsa2048_private_key_index_t*)XMALLOC(
sizeof(tsip_rsa2048_private_key_index_t), NULL,
DYNAMIC_TYPE_RSA_BUFFER);
(tsip_rsa2048_private_key_index_t*)XMALLOC(
sizeof(tsip_rsa2048_private_key_index_t), NULL,
DYNAMIC_TYPE_RSA_BUFFER);
if (info->rsa2048pri_keyIdx == NULL) {
XFREE(tsip_pair2048_key, NULL, DYNAMIC_TYPE_RSA_BUFFER);
tsip_hw_unlock();
return MEMORY_E;
}
@ -144,6 +175,7 @@ int wc_tsip_MakeRsaKey(int size, void* ctx)
XFREE(tsip_pair2048_key, NULL, DYNAMIC_TYPE_RSA_BUFFER);
XFREE(info->rsa2048pri_keyIdx, NULL,
DYNAMIC_TYPE_RSA_BUFFER);
tsip_hw_unlock();
return MEMORY_E;
}
@ -159,15 +191,15 @@ int wc_tsip_MakeRsaKey(int size, void* ctx)
info->keyflgs_crypt.bits.rsapri2048_key_set = 1;
info->keyflgs_crypt.bits.rsapub2048_key_set = 1;
info->wrappedKeyType = TSIP_KEY_TYPE_RSA2048;
#endif
}
}
tsip_hw_unlock();
}
return 0;
}
/* Generate TSIP key index if needed
*
* tuc struct pointer of TsipUserCtx
@ -178,6 +210,7 @@ static int tsip_RsakeyImport(TsipUserCtx* tuc)
int ret = 0;
switch (tuc->wrappedKeyType) {
#if defined(TSIP_RSAES_1024) && TSIP_RSAES_1024 == 1
case TSIP_KEY_TYPE_RSA1024:
if (tuc->keyflgs_crypt.bits.rsapub1024_key_set != 1) {
ret = tsip_ImportPublicKey(tuc, tuc->wrappedKeyType);
@ -188,6 +221,8 @@ static int tsip_RsakeyImport(TsipUserCtx* tuc)
}
break;
#endif
#if defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 1
case TSIP_KEY_TYPE_RSA2048:
if (tuc->keyflgs_crypt.bits.rsapub2048_key_set != 1) {
ret = tsip_ImportPublicKey(tuc, tuc->wrappedKeyType);
@ -197,6 +232,7 @@ static int tsip_RsakeyImport(TsipUserCtx* tuc)
ret = CRYPTOCB_UNAVAILABLE;
}
break;
#endif
default:
WOLFSSL_MSG("wrapped private key is not supported");
ret = CRYPTOCB_UNAVAILABLE;
@ -220,7 +256,6 @@ int wc_tsip_RsaFunction(wc_CryptoInfo* info, TsipUserCtx* tuc)
int type;
tsip_rsa_byte_data_t plain, cipher;
if (info == NULL || tuc == NULL) {
return BAD_FUNC_ARG;
}
@ -230,48 +265,57 @@ int wc_tsip_RsaFunction(wc_CryptoInfo* info, TsipUserCtx* tuc)
keySize = (int)tuc->wrappedKeyType;
if ((ret = tsip_hw_lock()) == 0) {
if (type == RSA_PUBLIC_ENCRYPT || type == RSA_PUBLIC_DECRYPT) {
if (type == RSA_PUBLIC_ENCRYPT ||
type == RSA_PUBLIC_DECRYPT)
{
plain.pdata = (uint8_t*)info->pk.rsa.in;
plain.data_length = info->pk.rsa.inLen;
cipher.pdata = (uint8_t*)info->pk.rsa.out;
cipher.data_length = *(info->pk.rsa.outLen);
if (keySize == TSIP_KEY_TYPE_RSA1024) {
switch (keySize) {
#if defined(TSIP_RSAES_1024) && TSIP_RSAES_1024 == 1
case TSIP_KEY_TYPE_RSA1024:
ret = R_TSIP_RsaesPkcs1024Encrypt(&plain, &cipher,
tuc->rsa1024pub_keyIdx);
}
else if (keySize == TSIP_KEY_TYPE_RSA2048) {
break;
#endif
#if defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 1
case TSIP_KEY_TYPE_RSA2048:
ret = R_TSIP_RsaesPkcs2048Encrypt(&plain, &cipher,
tuc->rsa2048pub_keyIdx);
}
else {
WOLFSSL_MSG("keySize is invalid, neither 128 or 256 bytes, "
"1024 or 2048 bits.");
return BAD_FUNC_ARG;
break;
#endif
default:
ret = CRYPTOCB_UNAVAILABLE;
}
if (ret == 0) {
*(info->pk.rsa.outLen) = cipher.data_length;
}
}
else if (type == RSA_PRIVATE_DECRYPT || type == RSA_PRIVATE_ENCRYPT)
else if (type == RSA_PRIVATE_DECRYPT ||
type == RSA_PRIVATE_ENCRYPT)
{
plain.pdata = (uint8_t*)info->pk.rsa.out;
plain.data_length = *(info->pk.rsa.outLen);
cipher.pdata = (uint8_t*)info->pk.rsa.in;
cipher.data_length = info->pk.rsa.inLen;
if (keySize == TSIP_KEY_TYPE_RSA1024) {
switch (keySize) {
#if defined(TSIP_RSAES_1024) && TSIP_RSAES_1024 == 1
case TSIP_KEY_TYPE_RSA1024:
ret = R_TSIP_RsaesPkcs1024Decrypt(&cipher, &plain,
tuc->rsa1024pri_keyIdx);
}
else if (keySize == TSIP_KEY_TYPE_RSA2048) {
break;
#endif
#if defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 1
case TSIP_KEY_TYPE_RSA2048:
ret = R_TSIP_RsaesPkcs2048Decrypt(&cipher, &plain,
tuc->rsa2048pri_keyIdx);
}
else {
WOLFSSL_MSG("keySize is invalid, neither 128 or 256 bytes, "
"1024 or 2048 bits.");
return BAD_FUNC_ARG;
break;
#endif
default:
ret = CRYPTOCB_UNAVAILABLE;
}
if (ret == 0) {
*(info->pk.rsa.outLen) = plain.data_length;
@ -280,6 +324,10 @@ int wc_tsip_RsaFunction(wc_CryptoInfo* info, TsipUserCtx* tuc)
tsip_hw_unlock();
}
}
if (ret != 0) {
WOLFSSL_MSG("RSA key size is not supported (only 1024 or 2048 bits)");
}
return ret;
}
/* Perform Rsa verify by TSIP
@ -324,6 +372,7 @@ int wc_tsip_RsaVerifyPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
if ((ret = tsip_hw_lock()) == 0) {
switch (tuc->wrappedKeyType) {
#if defined(TSIP_RSAES_1024) && TSIP_RSAES_1024 == 1
case TSIP_KEY_TYPE_RSA1024:
err = R_TSIP_RsassaPkcs1024SignatureVerification(&sigData,
&hashData,
@ -340,6 +389,8 @@ int wc_tsip_RsaVerifyPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
ret = WC_HW_E;
}
break;
#endif
#if defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 1
case TSIP_KEY_TYPE_RSA2048:
err = R_TSIP_RsassaPkcs2048SignatureVerification(&sigData,
&hashData,
@ -356,6 +407,9 @@ int wc_tsip_RsaVerifyPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
ret = WC_HW_E;
}
break;
#endif
default:
ret = CRYPTOCB_UNAVAILABLE;
}
tsip_hw_unlock();
}
@ -363,6 +417,4 @@ int wc_tsip_RsaVerifyPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
return ret;
}
#endif /* WOLFSSL_RENESAS_TSIP_CRYPTONLY */
#endif /* WOLFSSL_RENESAS_TSIP_TLS || \
WOLFSSL_RENESAS_TSIP_CRYPTONLY */
#endif /* !NO_RSA && WOLFSSL_RENESAS_TSIP_CRYPTONLY */

19
wolfcrypt/src/port/Renesas/renesas_tsip_util.c
View File

@ -2425,6 +2425,7 @@ WOLFSSL_LOCAL int tsip_ImportPublicKey(TsipUserCtx* tuc, int keyType)
switch (keyType) {
#if !defined(NO_RSA)
#if defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 1
case TSIP_KEY_TYPE_RSA2048:
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
tuc->ClientRsa2048PubKey_set = 0;
@ -2458,7 +2459,7 @@ WOLFSSL_LOCAL int tsip_ImportPublicKey(TsipUserCtx* tuc, int keyType)
ret = WC_HW_E;
}
break;
#endif /* TSIP_RSAES_2048 */
case TSIP_KEY_TYPE_RSA4096:
/* not supported as of TSIPv1.15 */
ret = CRYPTOCB_UNAVAILABLE;
@ -3705,18 +3706,22 @@ int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
}
switch (tuc->wrappedKeyType) {
#if defined(TSIP_RSAES_1024) && TSIP_RSAES_1024 == 1
case TSIP_KEY_TYPE_RSA1024:
if (tuc->keyflgs_crypt.bits.rsapri1024_key_set != 1) {
WOLFSSL_MSG("tsip rsa private key 1024 not set");
ret = CRYPTOCB_UNAVAILABLE;
}
break;
#endif
#if defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 1
case TSIP_KEY_TYPE_RSA2048:
if (tuc->keyflgs_crypt.bits.rsapri2048_key_set != 1) {
WOLFSSL_MSG("tsip rsa private key 2048 not set");
ret = CRYPTOCB_UNAVAILABLE;
}
break;
#endif
default:
WOLFSSL_MSG("wrapped private key is not supported");
ret = CRYPTOCB_UNAVAILABLE;
@ -3739,7 +3744,7 @@ int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
#endif
if ((ret = tsip_hw_lock()) == 0) {
switch (tuc->wrappedKeyType) {
#ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY
#if defined(TSIP_RSAES_1024) && TSIP_RSAES_1024 == 1
case TSIP_KEY_TYPE_RSA1024:
err = R_TSIP_RsassaPkcs1024SignatureGenerate(
&hashData, &sigData,
@ -3751,7 +3756,8 @@ int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
ret = WC_HW_E;
}
break;
#endif
#endif
#if defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 1
case TSIP_KEY_TYPE_RSA2048:
err = R_TSIP_RsassaPkcs2048SignatureGenerate(
&hashData, &sigData,
@ -3766,8 +3772,9 @@ int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
if (err != TSIP_SUCCESS) {
ret = WC_HW_E;
}
*(info->pk.rsa.outLen) = sigData.data_length;
break;
#endif
case TSIP_KEY_TYPE_RSA4096:
ret = CRYPTOCB_UNAVAILABLE;
break;
@ -3848,7 +3855,7 @@ WOLFSSL_LOCAL int tsip_VerifyRsaPkcsCb(
if ((ret = tsip_hw_lock()) == 0) {
switch (tuc->wrappedKeyType) {
#if defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 1
case TSIP_KEY_TYPE_RSA2048:
sigData.data_length = 256;
err = R_TSIP_RsassaPkcs2048SignatureVerification(
@ -3866,7 +3873,7 @@ WOLFSSL_LOCAL int tsip_VerifyRsaPkcsCb(
ret = WC_HW_E;
}
break;
#endif
case TSIP_KEY_TYPE_RSA4096:
ret = CRYPTOCB_UNAVAILABLE;
break;

21
wolfcrypt/src/rsa.c
View File

@ -3161,12 +3161,13 @@ static int wc_RsaFunction_ex(const byte* in, word32 inLen, byte* out,
int checkSmallCt)
{
int ret = 0;
(void)rng;
(void)checkSmallCt;
#if defined(WOLF_CRYPTO_CB) && defined(WOLF_CRYPTO_CB_RSA_PAD)
RsaPadding padding;
#endif
(void)rng;
(void)checkSmallCt;
if (key == NULL || in == NULL || inLen == 0 || out == NULL ||
outLen == NULL || *outLen == 0 || type == RSA_TYPE_UNKNOWN) {
return BAD_FUNC_ARG;
@ -4862,17 +4863,17 @@ int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng)
#endif
{
err = wc_CryptoCb_MakeRsaKey(key, size, e, rng);
#ifndef WOLF_CRYPTO_CB_ONLY_RSA
if (err != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
goto out;
/* fall-through when unavailable */
#endif
#ifdef WOLF_CRYPTO_CB_ONLY_RSA
if (err == WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
#ifdef WOLF_CRYPTO_CB_ONLY_RSA
if (err == WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) {
err = NO_VALID_DEVID;
goto out;
}
#endif
#else
if (err != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) {
goto out;
}
/* fall-through when unavailable */
#endif
}
#endif

4
wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h
View File

@ -301,10 +301,14 @@ typedef struct TsipUserCtx {
/* for tsip crypt only mode */
#ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY
#ifndef NO_RSA
#if defined(TSIP_RSAES_1024) && TSIP_RSAES_1024 == 1
tsip_rsa1024_private_key_index_t* rsa1024pri_keyIdx;
tsip_rsa1024_public_key_index_t* rsa1024pub_keyIdx;
#endif
#if defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 1
tsip_rsa2048_private_key_index_t* rsa2048pri_keyIdx;
tsip_rsa2048_public_key_index_t* rsa2048pub_keyIdx;
#endif
#endif
#ifdef HAVE_ECC
#ifdef HAVE_ECC_SIGN