diff --git a/.wolfssl_known_macro_extras b/.wolfssl_known_macro_extras index aeade5d0d..bf8fcf633 100644 --- a/.wolfssl_known_macro_extras +++ b/.wolfssl_known_macro_extras @@ -485,6 +485,8 @@ THREADED_SNIFFTEST TIME_T_NOT_LONG TI_DUMMY_BUILD TLS13_RSA_PSS_SIGN_CB_NO_PREHASH +TSIP_RSAES_1024 +TSIP_RSAES_2048 UNICODE USER_CA_CB USER_CUSTOM_SNIFFX diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 73f060074..35ab4dd14 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -25447,7 +25447,8 @@ int SetSerialNumber(const byte* sn, word32 snSz, byte* output, #endif /* !NO_CERTS */ #if defined(WOLFSSL_ASN_TEMPLATE) || defined(HAVE_PKCS12) || \ - (defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT)) + (defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT)) || \ + (!defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)) int SetMyVersion(word32 version, byte* output, int header) { int i = 0; diff --git a/wolfcrypt/src/port/Renesas/renesas_common.c b/wolfcrypt/src/port/Renesas/renesas_common.c index 5e81b2f42..ea2a60878 100644 --- a/wolfcrypt/src/port/Renesas/renesas_common.c +++ b/wolfcrypt/src/port/Renesas/renesas_common.c @@ -255,6 +255,34 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) #if defined(WOLFSSL_KEY_GEN) && defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) if (info->pk.type == WC_PK_TYPE_RSA_KEYGEN) { ret = wc_tsip_MakeRsaKey(info->pk.rsakg.size, (void*)ctx); + if (ret == 0) { + TsipUserCtx* tsipCtx = (TsipUserCtx*)ctx; + RsaKey* key = info->pk.rsakg.key; + #if defined(TSIP_RSAES_1024) && TSIP_RSAES_1024 == 1 + if (info->pk.rsakg.size == 1024) { + /* export generated public key to the RsaKey structure */ + ret = wc_RsaPublicKeyDecodeRaw( + tsipCtx->rsa1024pub_keyIdx->value.key_n, + R_TSIP_RSA_1024_KEY_N_LENGTH_BYTE_SIZE, + tsipCtx->rsa1024pub_keyIdx->value.key_e, + R_TSIP_RSA_1024_KEY_E_LENGTH_BYTE_SIZE, + key + ); + } + #endif + #if defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 1 + if (info->pk.rsakg.size == 2048) { + /* export generated public key to the RsaKey structure */ + ret = wc_RsaPublicKeyDecodeRaw( + tsipCtx->rsa2048pub_keyIdx->value.key_n, + R_TSIP_RSA_2048_KEY_N_LENGTH_BYTE_SIZE, + tsipCtx->rsa2048pub_keyIdx->value.key_e, + R_TSIP_RSA_2048_KEY_E_LENGTH_BYTE_SIZE, + key + ); + } + #endif + } } #endif /* tsip only supports PKCSV15 padding scheme */ diff --git a/wolfcrypt/src/port/Renesas/renesas_tsip_rsa.c b/wolfcrypt/src/port/Renesas/renesas_tsip_rsa.c index 9b926d926..33bf4df8c 100644 --- a/wolfcrypt/src/port/Renesas/renesas_tsip_rsa.c +++ b/wolfcrypt/src/port/Renesas/renesas_tsip_rsa.c @@ -1,4 +1,4 @@ -/* renesas_sce_rsa.c +/* renesas_tsip_rsa.c * * Copyright (C) 2006-2025 wolfSSL Inc. * @@ -38,7 +38,13 @@ #include #include -#ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY +/* Make sure at least RSA 1024 or RSA 2048 is enabled */ +#if (defined(TSIP_RSAES_1024) && TSIP_RSAES_1024 == 0) && \ + (defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 0) + #error Please enable TSIP RSA 1024 or 2048. \ +This code assumes at least one is enabled +#endif + /* Make RSA key for TSIP and set it to callback ctx * Assumes to be called by Crypt Callback * @@ -50,63 +56,84 @@ int wc_tsip_MakeRsaKey(int size, void* ctx) { e_tsip_err_t ret; TsipUserCtx *info = (TsipUserCtx*)ctx; - +#if defined(TSIP_RSAES_1024) && TSIP_RSAES_1024 == 1 tsip_rsa1024_key_pair_index_t *tsip_pair1024_key = NULL; +#endif +#if defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 1 tsip_rsa2048_key_pair_index_t *tsip_pair2048_key = NULL; +#endif /* sanity check */ if (ctx == NULL) return BAD_FUNC_ARG; + if (size != 1024 && size != 2048) { - WOLFSSL_MSG("Failed to generate key pair by TSIP"); + WOLFSSL_MSG("TSIP RSA KeyGen bit size not supported"); return CRYPTOCB_UNAVAILABLE; } +#if defined(TSIP_RSAES_1024) && TSIP_RSAES_1024 == 0 + if (size == 1024) + return CRYPTOCB_UNAVAILABLE; +#endif +#if defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 0 + if (size == 2048) + return CRYPTOCB_UNAVAILABLE; +#endif if ((ret = tsip_hw_lock()) == 0) { if (size == 1024) { +#if defined(TSIP_RSAES_1024) && TSIP_RSAES_1024 == 1 tsip_pair1024_key = - (tsip_rsa1024_key_pair_index_t*)XMALLOC( - sizeof(tsip_rsa1024_key_pair_index_t), NULL, - DYNAMIC_TYPE_RSA_BUFFER); - if (tsip_pair1024_key == NULL) + (tsip_rsa1024_key_pair_index_t*)XMALLOC( + sizeof(tsip_rsa1024_key_pair_index_t), NULL, + DYNAMIC_TYPE_RSA_BUFFER); + if (tsip_pair1024_key == NULL) { + tsip_hw_unlock(); return MEMORY_E; - + } ret = R_TSIP_GenerateRsa1024RandomKeyIndex(tsip_pair1024_key); +#endif } else if (size == 2048) { +#if defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 1 tsip_pair2048_key = - (tsip_rsa2048_key_pair_index_t*)XMALLOC( - sizeof(tsip_rsa2048_key_pair_index_t), NULL, - DYNAMIC_TYPE_RSA_BUFFER); - if (tsip_pair2048_key == NULL) + (tsip_rsa2048_key_pair_index_t*)XMALLOC( + sizeof(tsip_rsa2048_key_pair_index_t), NULL, + DYNAMIC_TYPE_RSA_BUFFER); + if (tsip_pair2048_key == NULL) { + tsip_hw_unlock(); return MEMORY_E; - + } ret = R_TSIP_GenerateRsa2048RandomKeyIndex(tsip_pair2048_key); +#endif } - if (ret == TSIP_SUCCESS) { if (size == 1024) { +#if defined(TSIP_RSAES_1024) && TSIP_RSAES_1024 == 1 XFREE(info->rsa1024pri_keyIdx, NULL, DYNAMIC_TYPE_RSA_BUFFER); XFREE(info->rsa1024pub_keyIdx, NULL, DYNAMIC_TYPE_RSA_BUFFER); + info->rsa1024pri_keyIdx = - (tsip_rsa1024_private_key_index_t*)XMALLOC( - sizeof(tsip_rsa1024_private_key_index_t), NULL, - DYNAMIC_TYPE_RSA_BUFFER); + (tsip_rsa1024_private_key_index_t*)XMALLOC( + sizeof(tsip_rsa1024_private_key_index_t), NULL, + DYNAMIC_TYPE_RSA_BUFFER); if (info->rsa1024pri_keyIdx == NULL) { XFREE(tsip_pair1024_key, NULL, DYNAMIC_TYPE_RSA_BUFFER); + tsip_hw_unlock(); return MEMORY_E; } info->rsa1024pub_keyIdx = - (tsip_rsa1024_public_key_index_t*)XMALLOC( - sizeof(tsip_rsa1024_public_key_index_t), NULL, - DYNAMIC_TYPE_RSA_BUFFER); + (tsip_rsa1024_public_key_index_t*)XMALLOC( + sizeof(tsip_rsa1024_public_key_index_t), NULL, + DYNAMIC_TYPE_RSA_BUFFER); if (info->rsa1024pub_keyIdx == NULL) { XFREE(tsip_pair1024_key, NULL, DYNAMIC_TYPE_RSA_BUFFER); XFREE(info->rsa1024pri_keyIdx, NULL, DYNAMIC_TYPE_RSA_BUFFER); + tsip_hw_unlock(); return MEMORY_E; } /* copy generated key pair and free malloced key */ @@ -121,17 +148,21 @@ int wc_tsip_MakeRsaKey(int size, void* ctx) info->keyflgs_crypt.bits.rsapri1024_key_set = 1; info->keyflgs_crypt.bits.rsapub1024_key_set = 1; info->wrappedKeyType = TSIP_KEY_TYPE_RSA1024; +#endif } else if (size == 2048) { +#if defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 1 XFREE(info->rsa2048pri_keyIdx, NULL, DYNAMIC_TYPE_RSA_BUFFER); XFREE(info->rsa2048pub_keyIdx, NULL, DYNAMIC_TYPE_RSA_BUFFER); + info->rsa2048pri_keyIdx = - (tsip_rsa2048_private_key_index_t*)XMALLOC( - sizeof(tsip_rsa2048_private_key_index_t), NULL, - DYNAMIC_TYPE_RSA_BUFFER); + (tsip_rsa2048_private_key_index_t*)XMALLOC( + sizeof(tsip_rsa2048_private_key_index_t), NULL, + DYNAMIC_TYPE_RSA_BUFFER); if (info->rsa2048pri_keyIdx == NULL) { XFREE(tsip_pair2048_key, NULL, DYNAMIC_TYPE_RSA_BUFFER); + tsip_hw_unlock(); return MEMORY_E; } @@ -144,6 +175,7 @@ int wc_tsip_MakeRsaKey(int size, void* ctx) XFREE(tsip_pair2048_key, NULL, DYNAMIC_TYPE_RSA_BUFFER); XFREE(info->rsa2048pri_keyIdx, NULL, DYNAMIC_TYPE_RSA_BUFFER); + tsip_hw_unlock(); return MEMORY_E; } @@ -159,15 +191,15 @@ int wc_tsip_MakeRsaKey(int size, void* ctx) info->keyflgs_crypt.bits.rsapri2048_key_set = 1; info->keyflgs_crypt.bits.rsapub2048_key_set = 1; info->wrappedKeyType = TSIP_KEY_TYPE_RSA2048; +#endif } } - tsip_hw_unlock(); } - return 0; } + /* Generate TSIP key index if needed * * tuc struct pointer of TsipUserCtx @@ -178,6 +210,7 @@ static int tsip_RsakeyImport(TsipUserCtx* tuc) int ret = 0; switch (tuc->wrappedKeyType) { +#if defined(TSIP_RSAES_1024) && TSIP_RSAES_1024 == 1 case TSIP_KEY_TYPE_RSA1024: if (tuc->keyflgs_crypt.bits.rsapub1024_key_set != 1) { ret = tsip_ImportPublicKey(tuc, tuc->wrappedKeyType); @@ -188,6 +221,8 @@ static int tsip_RsakeyImport(TsipUserCtx* tuc) } break; +#endif +#if defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 1 case TSIP_KEY_TYPE_RSA2048: if (tuc->keyflgs_crypt.bits.rsapub2048_key_set != 1) { ret = tsip_ImportPublicKey(tuc, tuc->wrappedKeyType); @@ -197,6 +232,7 @@ static int tsip_RsakeyImport(TsipUserCtx* tuc) ret = CRYPTOCB_UNAVAILABLE; } break; +#endif default: WOLFSSL_MSG("wrapped private key is not supported"); ret = CRYPTOCB_UNAVAILABLE; @@ -220,7 +256,6 @@ int wc_tsip_RsaFunction(wc_CryptoInfo* info, TsipUserCtx* tuc) int type; tsip_rsa_byte_data_t plain, cipher; - if (info == NULL || tuc == NULL) { return BAD_FUNC_ARG; } @@ -230,48 +265,57 @@ int wc_tsip_RsaFunction(wc_CryptoInfo* info, TsipUserCtx* tuc) keySize = (int)tuc->wrappedKeyType; if ((ret = tsip_hw_lock()) == 0) { - if (type == RSA_PUBLIC_ENCRYPT || type == RSA_PUBLIC_DECRYPT) { + if (type == RSA_PUBLIC_ENCRYPT || + type == RSA_PUBLIC_DECRYPT) + { plain.pdata = (uint8_t*)info->pk.rsa.in; plain.data_length = info->pk.rsa.inLen; cipher.pdata = (uint8_t*)info->pk.rsa.out; cipher.data_length = *(info->pk.rsa.outLen); - if (keySize == TSIP_KEY_TYPE_RSA1024) { + switch (keySize) { +#if defined(TSIP_RSAES_1024) && TSIP_RSAES_1024 == 1 + case TSIP_KEY_TYPE_RSA1024: ret = R_TSIP_RsaesPkcs1024Encrypt(&plain, &cipher, tuc->rsa1024pub_keyIdx); - } - else if (keySize == TSIP_KEY_TYPE_RSA2048) { + break; +#endif +#if defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 1 + case TSIP_KEY_TYPE_RSA2048: ret = R_TSIP_RsaesPkcs2048Encrypt(&plain, &cipher, tuc->rsa2048pub_keyIdx); - } - else { - WOLFSSL_MSG("keySize is invalid, neither 128 or 256 bytes, " - "1024 or 2048 bits."); - return BAD_FUNC_ARG; + break; +#endif + default: + ret = CRYPTOCB_UNAVAILABLE; } if (ret == 0) { *(info->pk.rsa.outLen) = cipher.data_length; } } - else if (type == RSA_PRIVATE_DECRYPT || type == RSA_PRIVATE_ENCRYPT) + else if (type == RSA_PRIVATE_DECRYPT || + type == RSA_PRIVATE_ENCRYPT) { plain.pdata = (uint8_t*)info->pk.rsa.out; plain.data_length = *(info->pk.rsa.outLen); cipher.pdata = (uint8_t*)info->pk.rsa.in; cipher.data_length = info->pk.rsa.inLen; - if (keySize == TSIP_KEY_TYPE_RSA1024) { + switch (keySize) { +#if defined(TSIP_RSAES_1024) && TSIP_RSAES_1024 == 1 + case TSIP_KEY_TYPE_RSA1024: ret = R_TSIP_RsaesPkcs1024Decrypt(&cipher, &plain, tuc->rsa1024pri_keyIdx); - } - else if (keySize == TSIP_KEY_TYPE_RSA2048) { + break; +#endif +#if defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 1 + case TSIP_KEY_TYPE_RSA2048: ret = R_TSIP_RsaesPkcs2048Decrypt(&cipher, &plain, tuc->rsa2048pri_keyIdx); - } - else { - WOLFSSL_MSG("keySize is invalid, neither 128 or 256 bytes, " - "1024 or 2048 bits."); - return BAD_FUNC_ARG; + break; +#endif + default: + ret = CRYPTOCB_UNAVAILABLE; } if (ret == 0) { *(info->pk.rsa.outLen) = plain.data_length; @@ -280,6 +324,10 @@ int wc_tsip_RsaFunction(wc_CryptoInfo* info, TsipUserCtx* tuc) tsip_hw_unlock(); } } + + if (ret != 0) { + WOLFSSL_MSG("RSA key size is not supported (only 1024 or 2048 bits)"); + } return ret; } /* Perform Rsa verify by TSIP @@ -324,6 +372,7 @@ int wc_tsip_RsaVerifyPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc) if ((ret = tsip_hw_lock()) == 0) { switch (tuc->wrappedKeyType) { +#if defined(TSIP_RSAES_1024) && TSIP_RSAES_1024 == 1 case TSIP_KEY_TYPE_RSA1024: err = R_TSIP_RsassaPkcs1024SignatureVerification(&sigData, &hashData, @@ -340,6 +389,8 @@ int wc_tsip_RsaVerifyPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc) ret = WC_HW_E; } break; +#endif +#if defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 1 case TSIP_KEY_TYPE_RSA2048: err = R_TSIP_RsassaPkcs2048SignatureVerification(&sigData, &hashData, @@ -356,6 +407,9 @@ int wc_tsip_RsaVerifyPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc) ret = WC_HW_E; } break; +#endif + default: + ret = CRYPTOCB_UNAVAILABLE; } tsip_hw_unlock(); } @@ -363,6 +417,4 @@ int wc_tsip_RsaVerifyPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc) return ret; } -#endif /* WOLFSSL_RENESAS_TSIP_CRYPTONLY */ -#endif /* WOLFSSL_RENESAS_TSIP_TLS || \ - WOLFSSL_RENESAS_TSIP_CRYPTONLY */ +#endif /* !NO_RSA && WOLFSSL_RENESAS_TSIP_CRYPTONLY */ diff --git a/wolfcrypt/src/port/Renesas/renesas_tsip_util.c b/wolfcrypt/src/port/Renesas/renesas_tsip_util.c index 0a12ddc6f..c19a21556 100644 --- a/wolfcrypt/src/port/Renesas/renesas_tsip_util.c +++ b/wolfcrypt/src/port/Renesas/renesas_tsip_util.c @@ -2425,6 +2425,7 @@ WOLFSSL_LOCAL int tsip_ImportPublicKey(TsipUserCtx* tuc, int keyType) switch (keyType) { #if !defined(NO_RSA) + #if defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 1 case TSIP_KEY_TYPE_RSA2048: #if defined(WOLFSSL_RENESAS_TSIP_TLS) tuc->ClientRsa2048PubKey_set = 0; @@ -2458,7 +2459,7 @@ WOLFSSL_LOCAL int tsip_ImportPublicKey(TsipUserCtx* tuc, int keyType) ret = WC_HW_E; } break; - + #endif /* TSIP_RSAES_2048 */ case TSIP_KEY_TYPE_RSA4096: /* not supported as of TSIPv1.15 */ ret = CRYPTOCB_UNAVAILABLE; @@ -3705,18 +3706,22 @@ int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc) } switch (tuc->wrappedKeyType) { +#if defined(TSIP_RSAES_1024) && TSIP_RSAES_1024 == 1 case TSIP_KEY_TYPE_RSA1024: if (tuc->keyflgs_crypt.bits.rsapri1024_key_set != 1) { WOLFSSL_MSG("tsip rsa private key 1024 not set"); ret = CRYPTOCB_UNAVAILABLE; } break; +#endif +#if defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 1 case TSIP_KEY_TYPE_RSA2048: if (tuc->keyflgs_crypt.bits.rsapri2048_key_set != 1) { WOLFSSL_MSG("tsip rsa private key 2048 not set"); ret = CRYPTOCB_UNAVAILABLE; } break; +#endif default: WOLFSSL_MSG("wrapped private key is not supported"); ret = CRYPTOCB_UNAVAILABLE; @@ -3739,7 +3744,7 @@ int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc) #endif if ((ret = tsip_hw_lock()) == 0) { switch (tuc->wrappedKeyType) { - #ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY +#if defined(TSIP_RSAES_1024) && TSIP_RSAES_1024 == 1 case TSIP_KEY_TYPE_RSA1024: err = R_TSIP_RsassaPkcs1024SignatureGenerate( &hashData, &sigData, @@ -3751,7 +3756,8 @@ int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc) ret = WC_HW_E; } break; - #endif +#endif +#if defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 1 case TSIP_KEY_TYPE_RSA2048: err = R_TSIP_RsassaPkcs2048SignatureGenerate( &hashData, &sigData, @@ -3766,8 +3772,9 @@ int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc) if (err != TSIP_SUCCESS) { ret = WC_HW_E; } + *(info->pk.rsa.outLen) = sigData.data_length; break; - +#endif case TSIP_KEY_TYPE_RSA4096: ret = CRYPTOCB_UNAVAILABLE; break; @@ -3848,7 +3855,7 @@ WOLFSSL_LOCAL int tsip_VerifyRsaPkcsCb( if ((ret = tsip_hw_lock()) == 0) { switch (tuc->wrappedKeyType) { - +#if defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 1 case TSIP_KEY_TYPE_RSA2048: sigData.data_length = 256; err = R_TSIP_RsassaPkcs2048SignatureVerification( @@ -3866,7 +3873,7 @@ WOLFSSL_LOCAL int tsip_VerifyRsaPkcsCb( ret = WC_HW_E; } break; - +#endif case TSIP_KEY_TYPE_RSA4096: ret = CRYPTOCB_UNAVAILABLE; break; diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index fadf56abd..78ec32286 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -3161,12 +3161,13 @@ static int wc_RsaFunction_ex(const byte* in, word32 inLen, byte* out, int checkSmallCt) { int ret = 0; - (void)rng; - (void)checkSmallCt; #if defined(WOLF_CRYPTO_CB) && defined(WOLF_CRYPTO_CB_RSA_PAD) RsaPadding padding; #endif + (void)rng; + (void)checkSmallCt; + if (key == NULL || in == NULL || inLen == 0 || out == NULL || outLen == NULL || *outLen == 0 || type == RSA_TYPE_UNKNOWN) { return BAD_FUNC_ARG; @@ -4862,17 +4863,17 @@ int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng) #endif { err = wc_CryptoCb_MakeRsaKey(key, size, e, rng); - #ifndef WOLF_CRYPTO_CB_ONLY_RSA - if (err != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) - goto out; - /* fall-through when unavailable */ - #endif - #ifdef WOLF_CRYPTO_CB_ONLY_RSA - if (err == WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) + #ifdef WOLF_CRYPTO_CB_ONLY_RSA + if (err == WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) { err = NO_VALID_DEVID; goto out; } - #endif + #else + if (err != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) { + goto out; + } + /* fall-through when unavailable */ + #endif } #endif diff --git a/wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h b/wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h index bbde10f82..a642506b0 100644 --- a/wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h +++ b/wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h @@ -301,10 +301,14 @@ typedef struct TsipUserCtx { /* for tsip crypt only mode */ #ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY #ifndef NO_RSA + #if defined(TSIP_RSAES_1024) && TSIP_RSAES_1024 == 1 tsip_rsa1024_private_key_index_t* rsa1024pri_keyIdx; tsip_rsa1024_public_key_index_t* rsa1024pub_keyIdx; + #endif + #if defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 1 tsip_rsa2048_private_key_index_t* rsa2048pri_keyIdx; tsip_rsa2048_public_key_index_t* rsa2048pub_keyIdx; + #endif #endif #ifdef HAVE_ECC #ifdef HAVE_ECC_SIGN