Merge pull request #6301 from miyazakh/ra_cryptonly

Add Renesas SCE RSA Crypt Only support

IDE/Renesas/e2studio/RA6M4/README.md

@@ -30,21 +30,21 @@ The wolfssl Project Summary is listed below and is relevant for every project.
 
 |Components|Version|
 |:--|:--|
-|Board Support Package Common Files|v3.5.0|
-|Secure Cryptography Engine on RA6 Protected Mode|v3.5.0|
-|I/O Port|v3.5.0|
-|Arm CMSIS Version 5 - Core (M)|v5.8.0+fsp.3.5.0|
+|Board Support Package Common Files|v3.6.0|
+|Secure Cryptography Engine on RA6 Protected Mode|v3.6.0|
+|I/O Port|v3.6.0|
+|Arm CMSIS Version 5 - Core (M)|v5.8.0+fsp.3.6.0|
 |RA6M4-EK Board Support Files|v3.5.0|
-|Board support package for R7FA6M4AF3CFB|v3.5.0|
-|Board support package for RA6M4|v3.5.0|
-|Board support package for RA6M4 - FSP Data|v3.5.0|
-|FreeRTOS|v10.4.3-LTS.Patch.2+fsp.3.5.0|
-|FreeRTOS - Memory Management - Heap 4|v10.4.3-LTS.Patch.2+fsp.3.5.0|
-|r_ether to FreeRTOS+TCP Wrapper|v3.5.0|
-|Ethernet|v3.5.0|
-|Ethernet PHY|v3.5.0|
-|FreeRTOS+TCP|v2.3.2-LTS.Patch.1+fsp.3.5.0|
-|FreeRTOS - Buffer Allocation 2|v2.3.2-LTS.Patch.1+fsp.3.5.0|
+|Board support package for R7FA6M4AF3CFB|v3.6.0|
+|Board support package for RA6M4|v3.6.0|
+|Board support package for RA6M4 - FSP Data|v3.6.0|
+|FreeRTOS|v10.4.3-LTS.Patch.2+fsp.3.6.0|
+|FreeRTOS - Memory Management - Heap 4|v10.4.3-LTS.Patch.2+fsp.3.6.0|
+|r_ether to FreeRTOS+TCP Wrapper|v3.6.0|
+|Ethernet|v3.6.0|
+|Ethernet PHY|v3.6.0|
+|FreeRTOS+TCP|v2.3.2-LTS.Patch.1+fsp.3.6.0|
+|FreeRTOS - Buffer Allocation 2|v2.3.2-LTS.Patch.1+fsp.3.6.0|
 
 ## Setup Steps and Build wolfSSL Library
 
@@ -168,7 +168,7 @@ $./examples/server/server -b -d -i
 
 ECDSA sign and verify use, launch server with the following option
 ```
-$./examples/server/server -b -d -c -i ./certs/server-ecc.pem -k ./certs/ecc-key.pem
+$./examples/server/server -b -d -i -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem
 ```
 
 5.) Run the example Client

IDE/Renesas/e2studio/RA6M4/common/user_settings.h

@@ -78,3 +78,7 @@
 #if defined(WOLFSSL_RENESAS_SCEPROTECT) && defined(SCEKEY_INSTALLED)
     #define HAVE_RENESAS_SYNC
 #endif
+
+#if defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)
+    #define WOLFSSL_KEY_GEN
+#endif

IDE/Renesas/e2studio/RA6M4/test/key_data/key_data_sce.c

@@ -72,32 +72,32 @@ const st_user_key_block_data_t g_key_block_data =
  * This is used for Root Certificate verify by SCE */
 const unsigned char ca_cert_der_sign[] =
 {
-        0x0E, 0x7F, 0xB2, 0x0B, 0x4E, 0x8C, 0x11, 0x5E, 0xAC, 0xD7,
-        0x77, 0x3D, 0x9E, 0xA0, 0x4B, 0xA5, 0xE2, 0x9F, 0x97, 0xEB,
-        0xD0, 0x1B, 0x65, 0x08, 0x7D, 0x39, 0x2E, 0xD0, 0x97, 0x19,
-        0xB6, 0x47, 0xF4, 0xCC, 0xA0, 0x24, 0xFA, 0xA6, 0x08, 0x11,
-        0xF4, 0xDC, 0x82, 0xCC, 0xB6, 0x14, 0xF1, 0x4A, 0x63, 0x67,
-        0xF2, 0x87, 0x0C, 0xA9, 0x31, 0x03, 0xAF, 0xD5, 0x4B, 0x1B,
-        0xD9, 0x99, 0x6E, 0xB4, 0xBD, 0xAB, 0x7F, 0x64, 0xB8, 0x8B,
-        0xFF, 0x45, 0xFC, 0xE5, 0x86, 0xE8, 0x95, 0x4E, 0xBD, 0x7F,
-        0x21, 0xB5, 0xCD, 0x25, 0x85, 0x16, 0x32, 0x6C, 0x8A, 0xC5,
-        0xE7, 0xEB, 0x58, 0xA8, 0xCC, 0xD2, 0x33, 0xFC, 0xBB, 0x88,
-        0xBC, 0x15, 0xDB, 0xDD, 0x6B, 0x15, 0xE3, 0x43, 0x31, 0xA9,
-        0xA2, 0x2E, 0x9C, 0x8C, 0x44, 0x69, 0x1A, 0x72, 0x49, 0xAD,
-        0x94, 0x8B, 0xD9, 0xA7, 0x47, 0x91, 0xA1, 0xF0, 0xAA, 0xA4,
-        0xAB, 0x5B, 0xC9, 0x8F, 0x48, 0xFE, 0x6B, 0x06, 0x7A, 0xF0,
-        0xC0, 0x39, 0xEF, 0xF1, 0x38, 0x96, 0x03, 0xC8, 0xDC, 0xBE,
-        0xF7, 0xDB, 0xBA, 0x09, 0xA4, 0x62, 0xD1, 0x39, 0xAD, 0x1D,
-        0xEB, 0x28, 0x85, 0x53, 0x76, 0xF2, 0x52, 0x3B, 0x26, 0xF2,
-        0x16, 0x01, 0xB0, 0xEF, 0x2B, 0x09, 0x2F, 0x30, 0x17, 0x6F,
-        0x04, 0x5C, 0x75, 0xE5, 0x7D, 0xD0, 0xCB, 0x84, 0xDE, 0xEB,
-        0x24, 0x45, 0x3D, 0x3A, 0x56, 0xC4, 0x64, 0x63, 0xD9, 0x00,
-        0x23, 0x5F, 0xEE, 0xD9, 0x2E, 0xA9, 0xDC, 0x94, 0xA7, 0x8D,
-        0xB6, 0xD9, 0xDF, 0x96, 0x8F, 0x8B, 0x81, 0x83, 0x8A, 0x8E,
-        0x36, 0x45, 0xC7, 0xB7, 0x59, 0xA0, 0x9D, 0xE8, 0xFE, 0x62,
-        0x5C, 0x7A, 0xF2, 0x9E, 0xF9, 0xB6, 0x75, 0x46, 0x44, 0x6D,
-        0x96, 0xFC, 0x3E, 0xE2, 0x17, 0x52, 0x0D, 0x70, 0x37, 0xD9,
-        0xAE, 0x1D, 0x25, 0x30, 0xF7, 0xD9
+        0x19, 0xB4, 0xD1, 0x53, 0xBB, 0x87, 0x0B, 0xD8, 0xD8, 0xFC,
+        0x22, 0x21, 0xA6, 0xC1, 0xE5, 0xB2, 0x7A, 0xEF, 0xAF, 0x89,
+        0x8B, 0x92, 0xC9, 0x4E, 0x59, 0xF0, 0x0B, 0xAB, 0x24, 0x84,
+        0x60, 0x2D, 0x81, 0x42, 0x4A, 0x05, 0x2F, 0x2D, 0xAB, 0x20,
+        0x3F, 0x8D, 0xCA, 0x9F, 0x37, 0x4B, 0xDF, 0xE3, 0x2A, 0xA3,
+        0x3F, 0x4E, 0x09, 0x20, 0x08, 0xD4, 0x46, 0xD9, 0xF0, 0xD8,
+        0xA7, 0x43, 0x60, 0xE2, 0x1D, 0xF7, 0x25, 0x64, 0x38, 0xD2,
+        0xB1, 0x4E, 0x1F, 0x84, 0xFC, 0xC5, 0x55, 0x2C, 0x1A, 0xA2,
+        0xCE, 0x99, 0xD0, 0x21, 0x93, 0xA5, 0xDB, 0x6F, 0x14, 0x2C,
+        0xDF, 0x9A, 0x01, 0x6A, 0x9A, 0xCC, 0xB0, 0x08, 0xD8, 0xCF,
+        0xA8, 0x94, 0x41, 0x23, 0xBB, 0xC2, 0xA3, 0x8B, 0x77, 0x35,
+        0x27, 0x0D, 0x94, 0x16, 0xF3, 0xCA, 0x16, 0xA2, 0x4C, 0x2F,
+        0xB0, 0x8D, 0xE6, 0x38, 0xCC, 0x9C, 0x34, 0xE8, 0xDC, 0xDC,
+        0x1C, 0x5C, 0x88, 0x52, 0x97, 0x47, 0xC6, 0xB6, 0x66, 0xCF,
+        0xCE, 0xBF, 0xF0, 0x24, 0x19, 0x0F, 0x07, 0xA5, 0xC4, 0xC6,
+        0x37, 0x0D, 0x2A, 0x11, 0x6A, 0x66, 0x64, 0x62, 0x0E, 0xE6,
+        0xCB, 0xAF, 0xFB, 0x2E, 0x8E, 0x37, 0x1E, 0x6D, 0xD1, 0xAD,
+        0xE4, 0x16, 0x06, 0xFB, 0x43, 0x2E, 0x4D, 0x64, 0x18, 0xB2,
+        0x4C, 0xE7, 0xD3, 0xE9, 0x9B, 0x95, 0x13, 0x7D, 0x7D, 0x93,
+        0xC2, 0x34, 0x43, 0x0C, 0xFF, 0x58, 0xD3, 0xA7, 0x21, 0x8E,
+        0x2B, 0xB3, 0x36, 0x90, 0xF1, 0x1E, 0x0E, 0x87, 0x41, 0x48,
+        0xC9, 0x69, 0x57, 0x89, 0xD0, 0xF7, 0x86, 0x47, 0x8F, 0xF5,
+        0xA8, 0x13, 0x24, 0x0A, 0x7E, 0xE3, 0xBB, 0x9F, 0xF1, 0xDF,
+        0x30, 0xE7, 0x88, 0x70, 0x8A, 0x46, 0xD9, 0x1A, 0x50, 0x42,
+        0x4F, 0xCF, 0xC3, 0xCB, 0xCF, 0xE4, 0xA7, 0xA3, 0x74, 0x0A,
+        0xDE, 0x14, 0xAF, 0xA5, 0x7F, 0xE2
 };
 
 const int sizeof_ca_cert_der_sign = sizeof(ca_cert_der_sign);
@@ -108,32 +108,32 @@ const int sizeof_ca_cert_der_sign = sizeof(ca_cert_der_sign);
  */
 const unsigned char ca_ecc_cert_der_sign[] =
 {
-        0x41, 0xFC, 0x2C, 0xFD, 0x21, 0xFB, 0xF2, 0x98, 0xF3, 0x25,
-        0x06, 0x8C, 0x2C, 0x4A, 0x12, 0xDB, 0xDD, 0x38, 0x39, 0x83,
-        0xD5, 0x80, 0xB4, 0x52, 0xA5, 0x35, 0xA6, 0x5C, 0x38, 0x41,
-        0xDA, 0xBE, 0x64, 0x84, 0x7C, 0x63, 0x7D, 0x2A, 0xBB, 0xB9,
-        0x93, 0xED, 0x27, 0xE3, 0x2B, 0xAB, 0xC4, 0xBC, 0x08, 0xBE,
-        0xA6, 0xF7, 0x40, 0xA3, 0x1E, 0xB1, 0x8C, 0xF8, 0x4B, 0x78,
-        0x9F, 0xFE, 0xAA, 0x86, 0x15, 0xF5, 0xDD, 0xB3, 0xCD, 0xF5,
-        0x3A, 0x81, 0x26, 0x3E, 0x04, 0x05, 0x65, 0xF9, 0x53, 0x8E,
-        0x10, 0x1F, 0xE8, 0xD9, 0x3F, 0xA1, 0x6E, 0x8C, 0xAD, 0xFA,
-        0x50, 0x36, 0xFE, 0x89, 0x4E, 0xAC, 0x27, 0xDB, 0x59, 0x80,
-        0xE3, 0x77, 0x20, 0x4F, 0xC1, 0x03, 0xA4, 0x1D, 0xE5, 0x34,
-        0xCB, 0x8F, 0x88, 0xD6, 0x38, 0x2A, 0x31, 0xE0, 0xC2, 0xAA,
-        0x78, 0x34, 0x9C, 0xFE, 0x8F, 0x8D, 0x76, 0xDB, 0x24, 0x38,
-        0xE1, 0xAB, 0xAE, 0xBA, 0xD0, 0xA9, 0x1C, 0x59, 0x01, 0xE3,
-        0x49, 0x9B, 0x13, 0x7D, 0x25, 0x7C, 0x8D, 0x12, 0x36, 0xA1,
-        0xEF, 0x7B, 0xD4, 0x16, 0x58, 0x3A, 0x0E, 0xE7, 0x5A, 0x36,
-        0xDD, 0xD4, 0x31, 0x23, 0xBF, 0xC9, 0x49, 0x62, 0xA4, 0x01,
-        0xA3, 0xAC, 0x62, 0xAB, 0xA0, 0x48, 0xE3, 0xDA, 0x72, 0xD3,
-        0x6D, 0xF3, 0x57, 0x61, 0x9E, 0xEA, 0x31, 0xA7, 0x82, 0xDD,
-        0x79, 0x3C, 0x8E, 0x01, 0xE9, 0xE5, 0xB2, 0x49, 0x2F, 0x3F,
-        0x3F, 0x16, 0x2C, 0xCC, 0x3D, 0x78, 0x6E, 0xB6, 0x6D, 0x34,
-        0x38, 0x46, 0xCC, 0xFF, 0xEF, 0x26, 0x74, 0xD8, 0x68, 0x90,
-        0xF1, 0x2A, 0xAA, 0xF3, 0xF3, 0x5A, 0xFC, 0x75, 0x00, 0xE6,
-        0x11, 0xE7, 0x21, 0x05, 0x6B, 0xAA, 0x53, 0x25, 0x59, 0x33,
-        0xB0, 0xC0, 0x66, 0x14, 0x2F, 0x00, 0x59, 0xF3, 0xFF, 0x5E,
-        0xCC, 0x10, 0x84, 0x0E, 0xE6, 0x17
+        0x66, 0x96, 0xB4, 0x9F, 0x0B, 0x56, 0x60, 0x1F, 0x01, 0x7A,
+        0xDE, 0x65, 0xD6, 0x8C, 0x2A, 0xE2, 0x20, 0xA0, 0xE8, 0x19,
+        0x99, 0x70, 0x8B, 0x17, 0x1B, 0xDA, 0x8C, 0x3A, 0x87, 0x07,
+        0xE7, 0xF9, 0x1B, 0x7C, 0xC1, 0x32, 0x55, 0x38, 0x15, 0x9C,
+        0x7B, 0x89, 0xDA, 0x9D, 0x57, 0x80, 0x50, 0xCF, 0xA6, 0x4C,
+        0x51, 0x71, 0xBA, 0x52, 0xFA, 0x58, 0x4C, 0xE7, 0x33, 0x08,
+        0xB9, 0xE7, 0x5F, 0x7E, 0x8A, 0x1D, 0xCC, 0xA8, 0x4A, 0xA9,
+        0xAF, 0xE5, 0xA1, 0x87, 0x59, 0xD0, 0xF7, 0x23, 0xAE, 0xC5,
+        0x42, 0x99, 0xFA, 0x4A, 0xAB, 0xFA, 0x08, 0xF9, 0x7C, 0x8D,
+        0xD3, 0xB1, 0xF7, 0xD8, 0x01, 0x3C, 0x06, 0xD5, 0x2C, 0xBF,
+        0x18, 0xF1, 0x45, 0x47, 0x5D, 0xA4, 0x7F, 0x90, 0x4E, 0x0C,
+        0x86, 0x41, 0x5F, 0x26, 0x25, 0x8B, 0x8A, 0xD8, 0x3F, 0x4B,
+        0xAF, 0xD5, 0xBE, 0xD9, 0xC6, 0x46, 0x2A, 0x2B, 0xC3, 0x10,
+        0x93, 0xCB, 0x1E, 0xFB, 0x3D, 0x8A, 0x39, 0xB6, 0x03, 0x9D,
+        0xC2, 0x16, 0xA1, 0xB5, 0x9C, 0x0D, 0x05, 0x5E, 0x1B, 0x30,
+        0x9F, 0x53, 0xEE, 0xF2, 0x27, 0xE1, 0xE3, 0x2F, 0xD9, 0xEB,
+        0xF2, 0xFE, 0xD3, 0x6C, 0x71, 0xCE, 0x28, 0x56, 0x9F, 0x85,
+        0x34, 0xAD, 0x9D, 0x3D, 0x22, 0x3A, 0x33, 0x3B, 0x9F, 0x55,
+        0x4F, 0x10, 0xA9, 0xD2, 0xAB, 0xE0, 0x29, 0x7A, 0x09, 0xF3,
+        0x4E, 0xC1, 0x21, 0xA7, 0xF4, 0xE5, 0x34, 0x6D, 0x68, 0x36,
+        0xE9, 0x7B, 0xD4, 0x42, 0x0A, 0xBC, 0xC4, 0x1F, 0x6C, 0x58,
+        0xB6, 0x65, 0x3F, 0x9F, 0x92, 0x65, 0xF9, 0x83, 0x7A, 0x94,
+        0x66, 0x7C, 0xB2, 0x03, 0x16, 0x65, 0x9E, 0xBF, 0x8C, 0x77,
+        0xB8, 0xA4, 0x13, 0x8B, 0xD3, 0x82, 0x39, 0x94, 0xD1, 0x2A,
+        0xE3, 0x3E, 0x51, 0xEB, 0x56, 0xE2, 0x92, 0x5C, 0x6B, 0xD1,
+        0x30, 0xD1, 0x91, 0x77, 0x6E, 0x28
 };
 static const int sizeof_ca_ecc_cert_der_sign = sizeof(ca_ecc_cert_der_sign);
 #endif /*  USE_CERT_BUFFERS_256 */

IDE/Renesas/e2studio/RA6M4/test/src/test_main.c

@@ -25,7 +25,8 @@
 #include <wolfssl/wolfcrypt/settings.h>
 #include <wolfssl/wolfcrypt/types.h>
 
-#if defined(WOLFSSL_RENESAS_SCEPROTECT)
+#if defined(WOLFSSL_RENESAS_SCEPROTECT) || \
+defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)
  #include <wolfssl/wolfcrypt/port/Renesas/renesas-sce-crypt.h>
 #if defined(TLS_MULTITHREAD_TEST)
  User_SCEPKCbInfo guser_PKCbInfo_taskA;
@@ -127,10 +128,42 @@ static void my_Logging_cb(const int logLevel, const char *const logMessage)
 }
 #endif
 
+void Clr_CallbackCtx(User_SCEPKCbInfo *g)
+{
+    if (g->sce_wrapped_key_aes256 != NULL)
+        XFREE(g->sce_wrapped_key_aes256,
+                            NULL, DYNAMIC_TYPE_TMP_BUFFER);
+
+    if (g->sce_wrapped_key_aes128 != NULL)
+        XFREE(g->sce_wrapped_key_aes128,
+                            NULL, DYNAMIC_TYPE_TMP_BUFFER);
+                            
+   #if defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)
+    if (g->sce_wrapped_key_rsapri2048 != NULL)
+        XFREE(g->sce_wrapped_key_rsapri2048,
+                            NULL, DYNAMIC_TYPE_TMP_BUFFER);
+
+    if (g->sce_wrapped_key_rsapub2048 != NULL)
+        XFREE(g->sce_wrapped_key_rsapub2048,
+                            NULL, DYNAMIC_TYPE_TMP_BUFFER);
+
+    if (g->sce_wrapped_key_rsapri1024 != NULL)
+        XFREE(g->sce_wrapped_key_rsapri1024,
+                            NULL, DYNAMIC_TYPE_TMP_BUFFER);
+
+    if (g->sce_wrapped_key_rsapub2048 != NULL)
+        XFREE(g->sce_wrapped_key_rsapub1024,
+                            NULL, DYNAMIC_TYPE_TMP_BUFFER);
+   #endif
+    XMEMSET(g, 0, sizeof(User_SCEPKCbInfo));
+}
+
 void sce_test(void)
 {
 
-#if defined(SCE_CRYPT_UNIT_TEST) && defined(WOLFSSL_RENESAS_SCEPROTECT)
+#if defined(SCE_CRYPT_UNIT_TEST) && \
+        (defined(WOLFSSL_RENESAS_SCEPROTECT) || \
+        defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY))
     int ret = 0;
     BaseType_t xRet;
 
@@ -169,7 +202,9 @@ void sce_test(void)
         printf("wolfCrypt_Cleanup failed %d\n", ret);
     }
 
-#elif defined(CRYPT_TEST)
+#elif defined(CRYPT_TEST)  && \
+        (defined(WOLFSSL_RENESAS_SCEPROTECT) || \
+        defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY))
     int ret;
     func_args args = { 0 };
 
@@ -185,7 +220,11 @@ void sce_test(void)
         printf("wolfCrypt_Cleanup failed %d\n", ret);
     }
 
-#elif defined(BENCHMARK)
+    Clr_CallbackCtx(&guser_PKCbInfo);
+
+#elif defined(BENCHMARK)  && \
+        (defined(WOLFSSL_RENESAS_SCEPROTECT) || \
+        defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY))
     #include "hal_data.h"
     #include "r_sce.h"
 
@@ -194,25 +233,46 @@ void sce_test(void)
     #if defined(WOLFSSL_RENESAS_SCEPROTECT) && defined(SCEKEY_INSTALLED)
 
         /* aes 256 */
-        memcpy(guser_PKCbInfo.sce_wrapped_key_aes256.value,
-               (uint32_t *)DIRECT_KEY_ADDRESS_256, 
-               HW_SCE_AES256_KEY_INDEX_WORD_SIZE*4);
-        guser_PKCbInfo.sce_wrapped_key_aes256.type = SCE_KEY_INDEX_TYPE_AES256;
-        guser_PKCbInfo.aes256_installedkey_set = 1;
-
-        /* aes 128 */
-        memcpy(guser_PKCbInfo.sce_wrapped_key_aes128.value,
-                   (uint32_t *)DIRECT_KEY_ADDRESS_128, 
-                   HW_SCE_AES128_KEY_INDEX_WORD_SIZE*4);
-
-        guser_PKCbInfo.sce_wrapped_key_aes128.type = SCE_KEY_INDEX_TYPE_AES128;
-        guser_PKCbInfo.aes128_installedkey_set = 1;
-
+        XMEMSET(&guser_PKCbInfo, 0, sizeof(guser_PKCbInfo));
+        sce_aes_wrapped_key_t *p1 = NULL;
+        sce_aes_wrapped_key_t *p2 = NULL;
+
+        guser_PKCbInfo.sce_wrapped_key_aes256 = 
+            (sce_aes_wrapped_key_t*)XMALLOC(sizeof(sce_aes_wrapped_key_t), 
+                                            NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        p1 = (sce_aes_wrapped_key_t*)guser_PKCbInfo.sce_wrapped_key_aes256;
+
+        guser_PKCbInfo.sce_wrapped_key_aes128 = 
+            (sce_aes_wrapped_key_t*)XMALLOC(sizeof(sce_aes_wrapped_key_t), 
+                                            NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        p2 = (sce_aes_wrapped_key_t*)guser_PKCbInfo.sce_wrapped_key_aes128;
+
+        if ( p1 == NULL || p2 == NULL) {
+            printf("failed to alloc memory!");
+        }
+        else {
+            memcpy(p1->value,
+                   (uint32_t *)DIRECT_KEY_ADDRESS_256, 
+                   HW_SCE_AES256_KEY_INDEX_WORD_SIZE*4);
+            p1->type = SCE_KEY_INDEX_TYPE_AES256;
+            guser_PKCbInfo.keyflgs_crypt.bits.aes256_installedkey_set = 1;
+
+            /* aes 128 */
+            memcpy(p2->value,
+                       (uint32_t *)DIRECT_KEY_ADDRESS_128, 
+                       HW_SCE_AES128_KEY_INDEX_WORD_SIZE*4);
+
+            p2->type = SCE_KEY_INDEX_TYPE_AES128;
+            guser_PKCbInfo.keyflgs_crypt.bits.aes128_installedkey_set = 1;
+        }
     #endif
     printf("Start wolfCrypt Benchmark\n");
     benchmark_test(NULL);
     printf("End wolfCrypt Benchmark\n");
     
+    /* free */
+    Clr_CallbackCtx(&guser_PKCbInfo);
+
 #elif defined(TLS_CLIENT)
     #include "hal_data.h"
     #include "r_sce.h"

IDE/Renesas/e2studio/RA6M4/test/src/wolfssl_sce_unit_test.c

@@ -28,6 +28,7 @@
 #include <wolfssl/wolfcrypt/sha.h>
 #include <wolfssl/wolfcrypt/sha256.h>
 #include <wolfssl/wolfcrypt/aes.h>
+#include <wolfssl/wolfcrypt/rsa.h>
 #include <wolfssl/wolfcrypt/port/Renesas/renesas-sce-crypt.h>
 
 #include "FreeRTOS.h"
@@ -62,6 +63,8 @@ int sce_crypt_Sha_AesCbcGcm_multitest();
 int sce_crypt_sha_multitest();
 int sce_crypt_test();
 
+extern User_SCEPKCbInfo guser_PKCbInfo;
+
 #if defined(HAVE_AES_CBC)
 
 #if defined(WOLFSSL_AES_128)
@@ -76,6 +79,9 @@ int sce_crypt_test();
 
 #endif
 
+#if !defined(NO_RSA)
+    sce_rsa2048_wrapped_pair_key_t g_wrapped_pair_key;
+#endif
 typedef struct tagInfo
 {
     sce_aes_wrapped_key_t aes_key;
@@ -379,9 +385,8 @@ static int sce_aesgcm256_test(int prnt, sce_aes_wrapped_key_t* aes256_key)
         ret = -3;
         goto out;
     } else {
-        XMEMCPY(&userContext.sce_wrapped_key_aes256, aes256_key,
-                                sizeof(sce_aes_wrapped_key_t));
-        userContext.aes256_installedkey_set = 1;
+        userContext.sce_wrapped_key_aes256 = (void*)aes256_key;
+        userContext.keyflgs_crypt.bits.aes256_installedkey_set = 1;
         enc->ctx.keySize = (word32)enc->keylen;
     }
 
@@ -576,9 +581,8 @@ static int sce_aesgcm128_test(int prnt, sce_aes_wrapped_key_t* aes128_key)
         ret = -3;
         goto out;
     } else {
-        XMEMCPY(&userContext.sce_wrapped_key_aes128, aes128_key,
-                                sizeof(sce_aes_wrapped_key_t));
-        userContext.aes128_installedkey_set = 1;
+        userContext.sce_wrapped_key_aes128 = aes128_key;
+        userContext.keyflgs_crypt.bits.aes128_installedkey_set = 1;
         enc->ctx.keySize = (word32)enc->keylen;
     }
     /* AES-GCM encrypt and decrypt both use AES encrypt internally */
@@ -634,6 +638,185 @@ static void tskAes128_Gcm_Test(void *pvParam)
 
 #endif
 
+#if !defined(NO_RSA)
+
+/* testing rsa sign/verify w/ rsa 2048 bit key */
+#define TEST_STRING     "Everyone gets Friday off."
+#define TEST_STRING2    "Everyone gets Friday ofv."
+#define TEST_STRING_SZ   25
+#define RSA_TEST_BYTES   256 /* up to 2048-bit key */
+
+static int sce_rsa_test(int prnt, int keySize)
+{
+    int ret = 0;
+    
+    RsaKey *key = (RsaKey *)XMALLOC(sizeof *key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    WC_RNG rng;
+    const char inStr [] = TEST_STRING;
+    const char inStr2[] = TEST_STRING2;
+    const word32 inLen = (word32)TEST_STRING_SZ;
+    const word32 outSz = RSA_TEST_BYTES;
+    byte *in = NULL;
+    byte *in2 = NULL;
+    byte *out= NULL;
+    byte *out2 = NULL;
+    
+    in = (byte*)XMALLOC(inLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    in2 = (byte*)XMALLOC(inLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    out= (byte*)XMALLOC(outSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    out2 = (byte*)XMALLOC(outSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+
+    if (key == NULL || in == NULL || out == NULL ||
+        in2 == NULL || out2 == NULL) {
+        ret = -1;
+        goto out;
+    }
+    
+    XMEMSET(&rng, 0, sizeof(rng));
+    XMEMSET(key, 0, sizeof *key);
+    XMEMCPY(in, inStr, inLen);
+    XMEMCPY(in2, inStr2, inLen);
+    XMEMSET(out,  0, outSz);
+    XMEMSET(out2, 0, outSz);
+    
+    ret = wc_InitRsaKey_ex(key, NULL, 7890/* fixed devid for TSIP/SCE*/);
+    if (ret != 0) {
+        goto out;
+    }
+    
+    if ((ret = wc_InitRng(&rng)) != 0)
+        goto out;
+
+    if ((ret = wc_RsaSetRNG(key, &rng)) != 0)
+        goto out;
+
+    /* make rsa key by SCE */
+    if ((ret = wc_MakeRsaKey(key, keySize, 65537, &rng)) != 0) {
+        goto out;
+    }
+    
+    ret = wc_RsaPublicEncrypt(in, inLen, out, outSz, key, &rng);
+    if (ret < 0) {
+        goto out;
+    }
+
+    ret = wc_RsaPrivateDecrypt(out, keySize/8, out2, outSz, key);
+    if (ret < 0) {
+        ret = -1;
+        goto out;
+    }
+    if (XMEMCMP(in, out2, inLen) != 0) {
+        ret = -2;
+        goto out;
+    }
+
+    ret = 0;
+out:
+    if (key != NULL) {
+        wc_FreeRsaKey(key);
+        XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    }
+    if (in != NULL) {
+        XFREE(in, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    }
+    if (in2 != NULL) {
+        XFREE(in2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    }
+    if (out != NULL) {
+        XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    }
+    if (out2 != NULL) {
+        XFREE(out2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    }
+    
+    return ret;
+}
+
+static int sce_rsa_SignVerify_test(int prnt, int keySize)
+{
+    int ret = 0;
+    
+    RsaKey *key = (RsaKey *)XMALLOC(sizeof *key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    WC_RNG rng;
+    const char inStr [] = TEST_STRING;
+    const char inStr2[] = TEST_STRING2;
+    const word32 inLen = (word32)TEST_STRING_SZ;
+    const word32 outSz = RSA_TEST_BYTES;
+
+    byte *in = NULL;
+    byte *in2 = NULL;
+    byte *out= NULL;
+
+    in = (byte*)XMALLOC(inLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    in2 = (byte*)XMALLOC(inLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    out= (byte*)XMALLOC(outSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    
+    (void) prnt;
+
+    if (key == NULL || in == NULL || out == NULL) {
+        ret = -1;
+        goto out;
+    }
+    
+    XMEMSET(&rng, 0, sizeof(rng));
+    XMEMSET(key, 0, sizeof *key);
+    XMEMCPY(in, inStr, inLen);
+    XMEMCPY(in2, inStr2, inLen);
+
+    ret = wc_InitRsaKey_ex(key, NULL, 7890/* fixed devid for TSIP/SCE*/);
+    if (ret != 0) {
+        goto out;
+    }
+    
+    if ((ret = wc_InitRng(&rng)) != 0)
+        goto out;
+    
+    if ((ret = wc_RsaSetRNG(key, &rng)) != 0)
+        goto out;
+
+    /* make rsa key by SCE */
+    if ((ret = wc_MakeRsaKey(key, keySize, 65537, &rng)) != 0) {
+        goto out;
+    }
+    
+    guser_PKCbInfo.keyflgs_crypt.bits.message_type = 0;
+    ret = wc_RsaSSL_Sign(in, inLen, out, outSz, key, &rng);
+    if (ret < 0) {
+        goto out;
+    }
+
+    /* this should fail */
+    ret = wc_RsaSSL_Verify(in2, inLen, out, keySize/8, key);
+    if (ret != FSP_ERR_CRYPTO_SCE_AUTHENTICATION) {
+        ret = -1;
+        goto out;
+    }
+    /* this should succeed */
+    ret = wc_RsaSSL_Verify(in, inLen, out, keySize/8, key);
+    if (ret < 0) {
+        ret = -1;
+        goto out;
+    }
+    ret = 0;
+  out:
+    if (key != NULL) {
+        wc_FreeRsaKey(key);
+        XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    }
+    if (in != NULL) {
+        XFREE(in, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    }
+    if (in2 != NULL) {
+        XFREE(in2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    }
+    if (out != NULL) {
+        XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    }
+    
+    return ret;
+}
+#endif
+
 int sce_crypt_test()
 {
     int ret = 0;
@@ -641,20 +824,71 @@ int sce_crypt_test()
 
     /* Generate AES sce Key */
     sce_error_code = R_SCE_AES128_WrappedKeyGenerate(&g_user_aes128_key_index1);
-    
+
     if (sce_error_code == FSP_SUCCESS)
         sce_error_code = R_SCE_AES128_WrappedKeyGenerate(
                                                 &g_user_aes128_key_index2);
-                        
+
     if (sce_error_code == FSP_SUCCESS)
         sce_error_code = R_SCE_AES256_WrappedKeyGenerate(
                                                 &g_user_aes256_key_index1);
-    
+
     if (sce_error_code == FSP_SUCCESS)
         sce_error_code = R_SCE_AES256_WrappedKeyGenerate(
                                                 &g_user_aes256_key_index2);
-                            
-    if (sce_error_code == FSP_SUCCESS) {
+   
+   if (sce_error_code == FSP_SUCCESS) {
+       #if defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)
+        /* set up Crypt Call back */
+       
+        Clr_CallbackCtx(&guser_PKCbInfo);
+
+        ret = wc_CryptoCb_CryptInitRenesasCmn(NULL, &guser_PKCbInfo);
+
+        if ( ret > 0)
+            ret = 0;
+
+        if (ret == 0) {
+            printf(" sce_rsa_test(512)(this will be done"
+            " by SW because SCE doesn't support 512 bits key size.)");
+            ret = sce_rsa_test(1, 512);
+            RESULT_STR(ret)
+        }
+        
+        if (ret == 0) {
+            printf(" sce_rsa_test(1024)");
+            ret = sce_rsa_test(1, 1024);
+            RESULT_STR(ret)
+        }
+        
+        if (ret == 0) {
+            printf(" sce_rsa_SignVerify_test(512)(this will be done"
+            " by SW because SCE doesn't support 512 bits key size.)");
+            ret = sce_rsa_SignVerify_test(1, 512);
+            RESULT_STR(ret)
+        }
+        
+        if (ret == 0) {
+            printf(" sce_rsa_SignVerify_test(1024)");
+            ret = sce_rsa_SignVerify_test(1, 1024);
+            RESULT_STR(ret)
+        }
+        
+        Clr_CallbackCtx(&guser_PKCbInfo);
+        
+        if (ret == 0) {
+            printf(" sce_rsa_test(2048)");
+            ret = sce_rsa_test(1, 2048);
+            RESULT_STR(ret)
+        }
+        
+        if (ret == 0 && sce_error_code == FSP_SUCCESS) {
+            printf(" sce_rsa_SignVerify_test(2048)");
+            ret = sce_rsa_SignVerify_test(1, 2048);
+            RESULT_STR(ret)
+        }
+
+       #endif /* WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY */
 
    #ifndef NO_SHA256
         printf(" sha256_test()");
@@ -675,7 +909,7 @@ int sce_crypt_test()
             ret = sce_aesgcm128_test(1, &g_user_aes128_key_index1);
 
         }
-        
+
         if (ret == 0) {
 
             ret = sce_aesgcm256_test(1, &g_user_aes256_key_index1);

IDE/Renesas/e2studio/RA6M4/wolfssl/.project

@@ -401,6 +401,11 @@
 			<type>1</type>
 			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/port/Renesas/renesas_sce_aes.c</locationURI>
 		</link>
+		<link>
+			<name>wolfCrypt/port/renesas_sce_rsa.c</name>
+			<type>1</type>
+			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/port/Renesas/renesas_sce_rsa.c</locationURI>
+		</link>
 		<link>
 			<name>wolfCrypt/port/renesas_sce_sha.c</name>
 			<type>1</type>

wolfcrypt/src/include.am

@@ -124,6 +124,7 @@ EXTRA_DIST += wolfcrypt/src/port/ti/ti-aes.c \
               wolfcrypt/src/port/Renesas/renesas_sce_util.c \
               wolfcrypt/src/port/Renesas/renesas_sce_aes.c \
               wolfcrypt/src/port/Renesas/renesas_sce_sha.c \
+              wolfcrypt/src/port/Renesas/renesas_sce_rsa.c \
               wolfcrypt/src/port/Renesas/renesas_common.c \
               wolfcrypt/src/port/Renesas/renesas_rx64_hw_sha.c \
               wolfcrypt/src/port/Renesas/renesas_rx64_hw_util.c \

wolfcrypt/src/port/Renesas/renesas_common.c

@@ -21,9 +21,12 @@
 
 #include <wolfssl/wolfcrypt/settings.h>
 
-#if defined(WOLFSSL_RENESAS_SCEPROTECT) || defined(WOLFSSL_RENESAS_TSIP_TLS)
+#if defined(WOLFSSL_RENESAS_SCEPROTECT) \
+    || defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY) \
+    || defined(WOLFSSL_RENESAS_TSIP_TLS)
 
-#if defined(WOLFSSL_RENESAS_SCEPROTECT)
+#if defined(WOLFSSL_RENESAS_SCEPROTECT) || \
+    defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)
   #include <wolfssl/wolfcrypt/port/Renesas/renesas-sce-crypt.h>
   #define cmn_hw_lock    wc_sce_hw_lock
   #define cmn_hw_unlock  wc_sce_hw_unlock
@@ -128,7 +131,8 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
 
 #if defined(WOLFSSL_RENESAS_TSIP_TLS)
     TsipUserCtx*      cbInfo = (TsipUserCtx*)ctx;
-#elif defined(WOLFSSL_RENESAS_SCEPROTECT)
+#elif defined(WOLFSSL_RENESAS_SCEPROTECT) || \
+        defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)
     User_SCEPKCbInfo* cbInfo = (User_SCEPKCbInfo*)ctx;
 #endif
 
@@ -221,7 +225,8 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
         }
         #endif /* HAVE_ECC */
     }
-#elif defined(WOLFSSL_RENESAS_SCEPROTECT)
+#elif defined(WOLFSSL_RENESAS_SCEPROTECT) ||\
+        defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)
 
     if (info->algo_type == WC_ALGO_TYPE_CIPHER) {
 
@@ -230,13 +235,13 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
         if (info->cipher.type == WC_CIPHER_AES_GCM) {
 
             if (info->cipher.enc &&
-                (cbInfo->session_key_set == 1 ||
-                 (cbInfo->aes256_installedkey_set == 1 &&
+                (cbInfo->keyflgs_tls.bits.session_key_set == 1 ||
+                 (cbInfo->keyflgs_crypt.bits.aes256_installedkey_set == 1 &&
                   info->cipher.aesgcm_enc.aes->keylen == 32) ||
-                 (cbInfo->aes128_installedkey_set == 1 &&
+                 (cbInfo->keyflgs_crypt.bits.aes128_installedkey_set == 1 &&
                   info->cipher.aesgcm_enc.aes->keylen == 16))) {
 
-                if (cbInfo->aes256_installedkey_set == 1 &&
+                if (cbInfo->keyflgs_crypt.bits.aes256_installedkey_set == 1 &&
                   info->cipher.aesgcm_enc.aes->keylen == 32) {
 
                     XMEMCPY(&info->cipher.aesgcm_enc.aes->ctx.sce_wrapped_key,
@@ -245,7 +250,8 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
                     info->cipher.aesgcm_enc.aes->ctx.keySize = 32;
 
                 }
-                else if (cbInfo->aes128_installedkey_set == 1 &&
+                else if (
+                    cbInfo->keyflgs_crypt.bits.aes128_installedkey_set == 1 &&
                     info->cipher.aesgcm_enc.aes->keylen == 16) {
 
                     XMEMCPY(&info->cipher.aesgcm_enc.aes->ctx.sce_wrapped_key,
@@ -268,13 +274,13 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
                         (void*)ctx);
 
             }
-            else if (cbInfo->session_key_set == 1 ||
-                      (cbInfo->aes256_installedkey_set == 1 &&
+            else if (cbInfo->keyflgs_tls.bits.session_key_set == 1 ||
+                    (cbInfo->keyflgs_crypt.bits.aes256_installedkey_set == 1 &&
                        info->cipher.aesgcm_dec.aes->keylen == 32) ||
-                      (cbInfo->aes128_installedkey_set == 1 &&
+                    (cbInfo->keyflgs_crypt.bits.aes128_installedkey_set == 1 &&
                        info->cipher.aesgcm_dec.aes->keylen == 16)) {
 
-                if (cbInfo->aes256_installedkey_set == 1 &&
+                if (cbInfo->keyflgs_crypt.bits.aes256_installedkey_set == 1 &&
                   info->cipher.aesgcm_dec.aes->keylen == 32) {
 
                     XMEMCPY(&info->cipher.aesgcm_dec.aes->ctx.sce_wrapped_key,
@@ -283,7 +289,8 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
                     info->cipher.aesgcm_dec.aes->ctx.keySize = 32;
 
                 }
-                else if (cbInfo->aes128_installedkey_set == 1 &&
+                else if (
+                    cbInfo->keyflgs_crypt.bits.aes128_installedkey_set == 1 &&
                     info->cipher.aesgcm_dec.aes->keylen == 16) {
 
                     XMEMCPY(&info->cipher.aesgcm_dec.aes->ctx.sce_wrapped_key,
@@ -309,23 +316,25 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
     #endif /* HAVE_AESGCM */
     #ifdef HAVE_AES_CBC
         if ((info->cipher.type == WC_CIPHER_AES_CBC) &&
-            (cbInfo->session_key_set == 1 ||
-            (cbInfo->aes256_installedkey_set == 1 &&
+            (cbInfo->keyflgs_tls.bits.session_key_set == 1 ||
+            (cbInfo->keyflgs_crypt.bits.aes256_installedkey_set == 1 &&
                 info->cipher.aescbc.aes->keylen == 32) ||
-            (cbInfo->aes128_installedkey_set == 1 &&
+            (cbInfo->keyflgs_crypt.bits.aes128_installedkey_set == 1 &&
                 info->cipher.aescbc.aes->keylen == 16))) {
 
                 if (info->cipher.enc) {
-                    if (cbInfo->aes256_installedkey_set == 1 &&
-                       info->cipher.aescbc.aes->keylen == 32) {
+                    if (
+                    cbInfo->keyflgs_crypt.bits.aes256_installedkey_set == 1 &&
+                    info->cipher.aescbc.aes->keylen == 32) {
                         XMEMCPY(&info->cipher.aescbc.aes->ctx.sce_wrapped_key,
                                 &cbInfo->sce_wrapped_key_aes256,
                                 sizeof(sce_aes_wrapped_key_t));
                         info->cipher.aescbc.aes->ctx.keySize = 32;
 
                     }
-                    else if (cbInfo->aes128_installedkey_set == 1 &&
-                       info->cipher.aescbc.aes->keylen == 16) {
+                    else if (
+                        cbInfo->keyflgs_crypt.bits.aes128_installedkey_set == 1 
+                        && info->cipher.aescbc.aes->keylen == 16) {
                         XMEMCPY(&info->cipher.aescbc.aes->ctx.sce_wrapped_key,
                                 &cbInfo->sce_wrapped_key_aes128,
                                 sizeof(sce_aes_wrapped_key_t));
@@ -339,15 +348,16 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
                         info->cipher.aescbc.sz);
                 }
                 else {
-                    if (cbInfo->aes256_installedkey_set == 1 &&
-                       info->cipher.aescbc.aes->keylen == 32) {
+                    if (
+                    cbInfo->keyflgs_crypt.bits.aes256_installedkey_set == 1 &&
+                    info->cipher.aescbc.aes->keylen == 32) {
                         XMEMCPY(&info->cipher.aescbc.aes->ctx.sce_wrapped_key,
                                 &cbInfo->sce_wrapped_key_aes256,
                                 sizeof(sce_aes_wrapped_key_t));
                         info->cipher.aescbc.aes->ctx.keySize = 32;
-
-                    }  else if (cbInfo->aes128_installedkey_set == 1 &&
-                       info->cipher.aescbc.aes->keylen == 16) {
+                    }  else if (
+                        cbInfo->keyflgs_crypt.bits.aes128_installedkey_set == 1
+                        && info->cipher.aescbc.aes->keylen == 16) {
                         XMEMCPY(&info->cipher.aescbc.aes->ctx.sce_wrapped_key,
                                 &cbInfo->sce_wrapped_key_aes128,
                                 sizeof(sce_aes_wrapped_key_t));
@@ -364,6 +374,71 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
     #endif /* HAVE_AES_CBC */
     #endif /* !NO_AES || !NO_DES3 */
     }
+    #if !defined(NO_RSA) && defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)
+    else if (info->algo_type == WC_ALGO_TYPE_PK) {
+        
+       #if !defined(NO_RSA)
+       #if defined(WOLFSSL_KEY_GEN)
+        if (info->pk.type == WC_PK_TYPE_RSA_KEYGEN &&
+            (info->pk.rsakg.size == 1024 ||
+             info->pk.rsakg.size == 2048)) {
+            ret = wc_sce_MakeRsaKey(info->pk.rsakg.size, (void*)ctx);
+        }
+       #endif
+        if (info->pk.type == WC_PK_TYPE_RSA) {
+            /* to perform RSA on SCE, wrapped keys should be installed 
+             * in advance. SCE supports 1024 or 2048 bits key size.
+             * otherwise, falls-through happens.
+             */
+            if (cbInfo->keyflgs_crypt.bits.rsapri2048_installedkey_set == 1
+                 ||
+                 cbInfo->keyflgs_crypt.bits.rsapub2048_installedkey_set == 1
+                || 
+                cbInfo->keyflgs_crypt.bits.rsapri1024_installedkey_set == 1 
+                 ||
+                 cbInfo->keyflgs_crypt.bits.rsapub1024_installedkey_set == 1 
+                ) {
+                
+                if (info->pk.rsa.type == RSA_PRIVATE_DECRYPT ||
+                    info->pk.rsa.type == RSA_PUBLIC_ENCRYPT  )
+                    {
+                        ret = wc_sce_RsaFunction(info->pk.rsa.in,
+                                        info->pk.rsa.inLen,
+                                        info->pk.rsa.out,
+                                        info->pk.rsa.outLen,
+                                        info->pk.rsa.type,
+                                        info->pk.rsa.key,
+                                        info->pk.rsa.rng,
+                                        (void*)ctx);
+                }
+                else if (info->pk.rsa.type == RSA_PRIVATE_ENCRYPT /* sign */){
+                   ret = wc_sce_RsaSign(info->pk.rsa.in,
+                                        info->pk.rsa.inLen,
+                                        info->pk.rsa.out,
+                                        info->pk.rsa.outLen,
+                                        info->pk.rsa.key,
+                                        (void*)ctx);
+                }
+                else if (info->pk.rsa.type == RSA_PUBLIC_DECRYPT /* verify */) {
+                    ret = wc_sce_RsaVerify(info->pk.rsa.in,
+                                        info->pk.rsa.inLen,
+                                        info->pk.rsa.out,
+                                        info->pk.rsa.outLen,
+                                        info->pk.rsa.key,
+                                        (void*)ctx);
+                }
+            }
+            else {
+                WOLFSSL_MSG(
+                    "SCE can handle 1024 or 2048 bit key size. "
+                    "key size is not either 1024 or 2048. "
+                    "Or wrapped key is not installed. "
+                    "RSA operation falls through to SW operation.");
+            }
+        }
+       #endif /* NO_RSA && WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY */
+    }
+    #endif /* NO_RSA */
 #endif /* TSIP or SCE */
 
     (void)devIdArg;
@@ -385,7 +460,8 @@ int Renesas_cmn_usable(const WOLFSSL* ssl, byte session_key_generated)
 
     #if defined(WOLFSSL_RENESAS_TSIP_TLS)
         ret = tsip_usable(ssl, session_key_generated);
-    #elif defined(WOLFSSL_RENESAS_SCEPROTECT)
+    #elif defined(WOLFSSL_RENESAS_SCEPROTECT) ||\
+            defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)
         ret = wc_sce_usable(ssl, session_key_generated);
     #endif
 
@@ -408,11 +484,19 @@ int wc_CryptoCb_CryptInitRenesasCmn(WOLFSSL* ssl, void* ctx)
 
  #if defined(WOLFSSL_RENESAS_TSIP_TLS)
     TsipUserCtx* cbInfo = (TsipUserCtx*)ctx;
- #elif defined(WOLFSSL_RENESAS_SCEPROTECT)
+ #elif defined(WOLFSSL_RENESAS_SCEPROTECT) || \
+       defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)
     User_SCEPKCbInfo* cbInfo = (User_SCEPKCbInfo*)ctx;
  #endif
 
-    if (cbInfo == NULL || ssl == NULL) {
+    if (cbInfo == NULL
+   #if !defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY) && \
+       !defined(HAVE_RENESAS_SYNC)
+        || ssl == NULL) {
+   #else
+     ) {
+   #endif
+        printf("Invalid devId\n");
         return INVALID_DEVID;
     }
     /* need exclusive control because of static variable */
@@ -432,9 +516,11 @@ int wc_CryptoCb_CryptInitRenesasCmn(WOLFSSL* ssl, void* ctx)
         return INVALID_DEVID;
     }
 
+   #if !defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY) && \
+       !defined(HAVE_RENESAS_SYNC)
     if (ssl)
         wolfSSL_SetDevId(ssl, cbInfo->devId);
-
+   #endif
     /* sanity check for overflow */
     if (gdevId < 0) {
         gdevId = 7890;
@@ -456,6 +542,10 @@ void wc_CryptoCb_CleanupRenesasCmn(int* id)
 }
 
 #endif /* WOLF_CRYPTO_CB */
+#endif /* WOLFSSL_RENESAS_SCEPROTECT || WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY
+	   /* WOLFSSL_RENESAS_TSIP_TLS*/
+
+#if defined(WOLFSSL_RENESAS_SCEPROTECT) || defined(WOLFSSL_RENESAS_TSIP_TLS)
 
 /* Renesas Security Library Common Method
  * Check CA index if CA can be used for SCE/TSIP because
@@ -591,8 +681,9 @@ WOLFSSL_LOCAL int Renesas_cmn_EccVerify(WOLFSSL* ssl, const unsigned char* sig,
  * cm_row      CA index
  * return FSP_SUCCESS(0) on success, otherwise WOLFSSL_FATAL_ERROR
  */
-int wc_Renesas_cmn_RootCertVerify(const byte* cert, word32 cert_len, word32 key_n_start,
-        word32 key_n_len, word32 key_e_start, word32 key_e_len, word32 cm_row)
+int wc_Renesas_cmn_RootCertVerify(const byte* cert, word32 cert_len, 
+        word32 key_n_start, word32 key_n_len, word32 key_e_start, 
+        word32 key_e_len, word32 cm_row)
 {
     int ret;
 
@@ -661,7 +752,8 @@ WOLFSSL_LOCAL int Renesas_cmn_TlsFinished(WOLFSSL* ssl, const byte *side,
 
 /* Renesas Security Library Common Callback
  * Callback for setting Encrypt Keys.
- * Register callback for setting Encrypt Keys when keys are generated by SCE/TSIP
+ * Register callback for setting Encrypt Keys when keys are generated 
+ * by SCE/TSIP
  *
  * ssl      the WOLFSSL object
  * ctx      Callback context
@@ -679,11 +771,14 @@ static int Renesas_cmn_EncryptKeys(WOLFSSL* ssl, void* ctx)
 
  #if defined(WOLFSSL_RENESAS_TSIP_TLS)
     TsipUserCtx* cbInfo = (TsipUserCtx*)ctx;
+    
+    if (cbInfo->session_key_set == 1) {
  #elif defined(WOLFSSL_RENESAS_SCEPROTECT)
     User_SCEPKCbInfo* cbInfo = (User_SCEPKCbInfo*)ctx;
- #endif
 
-    if (cbInfo->session_key_set == 1) {
+
+    if (cbInfo->keyflgs_tls.bits.session_key_set == 1) {
+ #endif
         ret = 0;
 
         wolfSSL_CTX_SetTlsFinishedCb(ssl->ctx, Renesas_cmn_TlsFinished);

wolfcrypt/src/port/Renesas/renesas_sce_aes.c

@@ -26,7 +26,8 @@
 
 #ifndef NO_AES
 
-#if defined(WOLFSSL_RENESAS_SCEPROTECT) && \
+#if (defined(WOLFSSL_RENESAS_SCEPROTECT) || \
+     defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)) && \
     !defined(NO_WOLFSSL_RENESAS_SCEPROTECT_AES)
 
 #include <wolfssl/wolfcrypt/wc_port.h>
@@ -151,9 +152,10 @@ WOLFSSL_LOCAL int  wc_sce_AesGcmEncrypt(struct Aes* aes, byte* out,
             XMEMSET((void*)cipherBuf, 0, sz + delta);
             XMEMSET((void*)authTag,   0, authTagSz);
         }
-
+        
+      #if defined(WOLFSSL_RENESAS_SCEPROTECT)
        if (ret == 0 &&
-           info->session_key_set == 1) {
+           info->keyflgs_tls.bits.session_key_set == 1) {
             /* generate AES-GCM session key. The key stored in
              * Aes.ctx.tsip_keyIdx is not used here.
              */
@@ -174,21 +176,29 @@ WOLFSSL_LOCAL int  wc_sce_AesGcmEncrypt(struct Aes* aes, byte* out,
             }
 
         }
-        else if (info->aes256_installedkey_set == 1 || info->aes128_installedkey_set == 1) {
-            if (aes->ctx.keySize == 32) {
-                XMEMCPY(&key_client_aes, &info->sce_wrapped_key_aes256,
-                    sizeof(sce_aes_wrapped_key_t));
+        else {
+       #else
+        if (ret == 0) {
+       #endif
+            if (info->keyflgs_crypt.bits.aes256_installedkey_set == 1 ||
+                info->keyflgs_crypt.bits.aes128_installedkey_set == 1) {
+                if (aes->ctx.keySize == 32) {
+                    XMEMCPY(&key_client_aes, 
+                        (sce_aes_wrapped_key_t*)info->sce_wrapped_key_aes256,
+                        sizeof(sce_aes_wrapped_key_t));
+                }
+                else {
+                    XMEMCPY(&key_client_aes, 
+                        (sce_aes_wrapped_key_t*)info->sce_wrapped_key_aes128,
+                        sizeof(sce_aes_wrapped_key_t));
+                }
+                iv_l = iv;
+                ivSz_l = ivSz;
             }
             else {
-                XMEMCPY(&key_client_aes, &info->sce_wrapped_key_aes128,
-                    sizeof(sce_aes_wrapped_key_t));
+                WOLFSSL_MSG("AES key for SCE is not set.");
+                ret = -1;
             }
-            iv_l = iv;
-            ivSz_l = ivSz;
-        }
-        else {
-            WOLFSSL_MSG("AES key for SCE is not set.");
-            ret = -1;
         }
 
         if (ret == 0) {
@@ -339,9 +349,9 @@ WOLFSSL_LOCAL int  wc_sce_AesGcmDecrypt(struct Aes* aes, byte* out,
             XMEMCPY(cipherBuf, in, sz);
             XMEMCPY(aTagBuf, authTag, authTagSz);
         }
-
+       #if defined(WOLFSSL_RENESAS_SCEPROTECT)
         if (ret == 0 &&
-            info->session_key_set == 1) {
+            info->keyflgs_tls.bits.session_key_set == 1) {
             /* generate AES-GCM session key. The key stored in
              * Aes.ctx.tsip_keyIdx is not used here.
              */
@@ -361,23 +371,31 @@ WOLFSSL_LOCAL int  wc_sce_AesGcmDecrypt(struct Aes* aes, byte* out,
                 ret = -1;
             }
         }
-        else if (info->aes256_installedkey_set == 1 || info->aes128_installedkey_set == 1) {
-            if (aes->ctx.keySize == 32) {
-                XMEMCPY(&key_server_aes, &info->sce_wrapped_key_aes256,
-                    sizeof(sce_aes_wrapped_key_t));
+        else {
+       #else
+        if (ret == 0) {
+       #endif
+            if (info->keyflgs_crypt.bits.aes256_installedkey_set == 1 ||
+                info->keyflgs_crypt.bits.aes128_installedkey_set == 1) {
+                if (aes->ctx.keySize == 32) {
+                    XMEMCPY(&key_server_aes, 
+                        (sce_aes_wrapped_key_t*)info->sce_wrapped_key_aes256,
+                        sizeof(sce_aes_wrapped_key_t));
+                }
+                else {
+                    XMEMCPY(&key_server_aes, 
+                        (sce_aes_wrapped_key_t*)info->sce_wrapped_key_aes128,
+                        sizeof(sce_aes_wrapped_key_t));
+                }
+                iv_l = iv;
+                ivSz_l = ivSz;
             }
             else {
-                XMEMCPY(&key_server_aes, &info->sce_wrapped_key_aes128,
-                    sizeof(sce_aes_wrapped_key_t));
+                WOLFSSL_MSG("AES key for SCE is not set.");
+                ret = -1;
             }
-            iv_l = iv;
-            ivSz_l = ivSz;
         }
-        else {
-            WOLFSSL_MSG("AES key for SCE is not set.");
-            ret = -1;
-        }
-
+        
         if (ret == 0) {
             /* since key_index has iv and ivSz in it, no need to pass them init
              * func. Pass NULL and 0 as 3rd and 4th parameter respectively.

wolfcrypt/src/port/Renesas/renesas_sce_rsa.c

@@ -0,0 +1,437 @@
+/* renesas_sce_rsa.c
+ *
+ * Copyright (C) 2006-2023 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+ 
+#if !defined(NO_RSA) && \
+    defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)
+
+#include <string.h>
+#include <stdio.h>
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/logging.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+#include <wolfssl/wolfcrypt/rsa.h>
+#include <wolfssl/wolfcrypt/port/Renesas/renesas-sce-crypt.h>
+
+/* Make Rsa key for SCE and set it to callback ctx
+ * Assumes to be called by Crypt Callback
+ *
+ * size   desired keylenth, in bits. supports 1024 or 2048 bits
+ * ctx    Callback context including pointer to hold generated key
+ * return FSP_SUCCESS(0) on Success, otherwise negative value
+ */
+WOLFSSL_LOCAL int wc_sce_MakeRsaKey(int size, void* ctx)
+{
+    fsp_err_t        ret;
+    User_SCEPKCbInfo *info = (User_SCEPKCbInfo*)ctx;
+
+    sce_rsa1024_wrapped_pair_key_t *wrapped_pair1024_key = NULL;
+    sce_rsa2048_wrapped_pair_key_t *wrapped_pair2048_key = NULL;
+
+    /* sanity check */
+    if (ctx == NULL)
+        return BAD_FUNC_ARG;
+    
+
+    if ((ret = wc_sce_hw_lock()) == 0) {
+        if (size == 1024) {
+            wrapped_pair1024_key = 
+            (sce_rsa1024_wrapped_pair_key_t*)XMALLOC(
+                sizeof(sce_rsa1024_wrapped_pair_key_t), NULL, 
+                                                DYNAMIC_TYPE_RSA_BUFFER);
+            if (wrapped_pair1024_key == NULL)
+                return MEMORY_E;
+                
+            ret = R_SCE_RSA1024_WrappedKeyPairGenerate(wrapped_pair1024_key);
+        }
+        else if (size == 2048) {
+            wrapped_pair2048_key = 
+            (sce_rsa1024_wrapped_pair_key_t*)XMALLOC(
+                sizeof(sce_rsa2048_wrapped_pair_key_t), NULL, 
+                                                DYNAMIC_TYPE_RSA_BUFFER);
+            if (wrapped_pair2048_key == NULL)
+                return MEMORY_E;
+                
+            ret = R_SCE_RSA2048_WrappedKeyPairGenerate(wrapped_pair2048_key);
+        }
+        else
+            return CRYPTOCB_UNAVAILABLE;
+            
+        if (ret == FSP_SUCCESS) {
+            if (size == 1024) {
+                if (info->sce_wrapped_key_rsapri1024 != NULL) {
+                    XFREE(info->sce_wrapped_key_rsapri1024, NULL, 
+                                                DYNAMIC_TYPE_RSA_BUFFER);
+                }
+                if (info->sce_wrapped_key_rsapub1024 != NULL) {
+                    XFREE(info->sce_wrapped_key_rsapub1024, NULL, 
+                                                DYNAMIC_TYPE_RSA_BUFFER);
+                }
+                info->sce_wrapped_key_rsapri1024 = 
+                (sce_rsa1024_private_wrapped_key_t*)XMALLOC(
+                    sizeof(sce_rsa1024_private_wrapped_key_t), NULL, 
+                                                DYNAMIC_TYPE_RSA_BUFFER);
+                    
+                if (info->sce_wrapped_key_rsapri1024 == NULL) {
+                    XFREE(wrapped_pair1024_key, 0, DYNAMIC_TYPE_RSA_BUFFER);
+                    return MEMORY_E;
+                }
+                
+                info->sce_wrapped_key_rsapub1024 =
+                (sce_rsa1024_public_wrapped_key_t*)XMALLOC(
+                    sizeof(sce_rsa1024_public_wrapped_key_t), NULL, 
+                                                DYNAMIC_TYPE_RSA_BUFFER);
+                    
+                if (info->sce_wrapped_key_rsapub1024 == NULL) {
+                    XFREE(wrapped_pair1024_key, 0, DYNAMIC_TYPE_RSA_BUFFER);
+                    XFREE(info->sce_wrapped_key_rsapub1024, 0, 
+                                                DYNAMIC_TYPE_RSA_BUFFER);
+                    return MEMORY_E;
+                }
+                /* copy generated key pair and free malloced key */
+                XMEMCPY(info->sce_wrapped_key_rsapri1024, 
+                                    &wrapped_pair1024_key->priv_key,
+                                    sizeof(sce_rsa1024_private_wrapped_key_t));
+                XMEMCPY(info->sce_wrapped_key_rsapub1024, 
+                                    &wrapped_pair1024_key->pub_key,
+                                    sizeof(sce_rsa1024_public_wrapped_key_t));
+                XFREE(wrapped_pair1024_key, 0, DYNAMIC_TYPE_RSA_BUFFER);
+                
+                info->keyflgs_crypt.bits.rsapri1024_installedkey_set = 1;
+                info->keyflgs_crypt.bits.rsapub1024_installedkey_set = 1;
+            }
+            else if (size == 2048) {
+                if (info->sce_wrapped_key_rsapri2048 != NULL) {
+                    XFREE(info->sce_wrapped_key_rsapri2048, NULL, 
+                                    DYNAMIC_TYPE_RSA_BUFFER);
+                }
+                if (info->sce_wrapped_key_rsapub2048 != NULL) {
+                    XFREE(info->sce_wrapped_key_rsapub2048, NULL, 
+                                    DYNAMIC_TYPE_RSA_BUFFER);
+                }
+                info->sce_wrapped_key_rsapri2048 = 
+                (sce_rsa2048_private_wrapped_key_t*)XMALLOC(
+                    sizeof(sce_rsa2048_private_wrapped_key_t), NULL, 
+                                    DYNAMIC_TYPE_RSA_BUFFER);
+                    
+                if (info->sce_wrapped_key_rsapri2048 == NULL) {
+                    XFREE(wrapped_pair2048_key, 0, DYNAMIC_TYPE_RSA_BUFFER);
+                    return MEMORY_E;
+                }
+                
+                info->sce_wrapped_key_rsapub2048 =
+                (sce_rsa2048_public_wrapped_key_t*)XMALLOC(
+                    sizeof(sce_rsa2048_public_wrapped_key_t), NULL, 
+                                    DYNAMIC_TYPE_RSA_BUFFER);
+                    
+                if (info->sce_wrapped_key_rsapub2048 == NULL) {
+                    XFREE(wrapped_pair2048_key, 0, DYNAMIC_TYPE_RSA_BUFFER);
+                    XFREE(info->sce_wrapped_key_rsapub1024, 0, 
+                                    DYNAMIC_TYPE_RSA_BUFFER);
+                    return MEMORY_E;
+                }
+                /* copy generated key pair and free malloced key */
+                XMEMCPY(info->sce_wrapped_key_rsapri2048, 
+                            &wrapped_pair2048_key->priv_key,
+                            sizeof(sce_rsa2048_private_wrapped_key_t));
+                XMEMCPY(info->sce_wrapped_key_rsapub2048, 
+                            &wrapped_pair2048_key->pub_key,
+                            sizeof(sce_rsa2048_public_wrapped_key_t));
+                XFREE(wrapped_pair2048_key, 0, DYNAMIC_TYPE_RSA_BUFFER);
+                
+                info->keyflgs_crypt.bits.rsapri2048_installedkey_set = 1;
+                info->keyflgs_crypt.bits.rsapub2048_installedkey_set = 1;
+                
+            }
+        }
+        else {
+            WOLFSSL_MSG("Failed to generate key pair by SCE");
+            return CRYPTOCB_UNAVAILABLE;
+        }
+        
+        wc_sce_hw_unlock();
+    }
+}
+
+/* Perform rsa encryption/decryption by SCE
+ * Assumes to be called by Crypt Callback
+ *
+ * in     Buffer to hold plain text
+ * inLen  Length of plain text in bytes
+ * out    Buffer to hold cipher text
+ * outLen Length of cipher in bytes
+ * key    Rsa key object
+ * rng    rng object
+ * ctx    Callback context
+ * return FSP_SUCCESS(0) on Success, otherwise negative value
+ */
+WOLFSSL_LOCAL int wc_sce_RsaFunction(const byte* in, word32 inLen, byte* out,
+                    word32 outLen, int type, struct RsaKey* key, 
+                    struct WC_RNG* rng, void* ctx)
+{
+    int ret;
+    
+    sce_rsa_byte_data_t plain;
+    sce_rsa_byte_data_t cipher;
+    User_SCEPKCbInfo    *info = (User_SCEPKCbInfo*)ctx;
+    
+    int keySize;
+    
+    (void) key;
+    (void) rng;
+    
+    /* sanity check */
+    if (in == NULL || out == NULL || outLen == NULL ||
+                                            ctx == NULL){
+        return BAD_FUNC_ARG;
+    }
+    
+    keySize = 0;
+    if (info->keyflgs_crypt.bits.rsapri2048_installedkey_set == 1 ||
+        info->keyflgs_crypt.bits.rsapub2048_installedkey_set == 1 )
+        keySize = 2048;
+    else if (info->keyflgs_crypt.bits.rsapri1024_installedkey_set == 1 ||
+             info->keyflgs_crypt.bits.rsapub1024_installedkey_set == 1 )
+        keySize = 1024;
+    
+    if (keySize == 0) {
+        WOLFSSL_MSG("keySize is invalid, neither 128 or 256 bytes, "
+                                                        "1024 or 2048 bits.");
+        return BAD_FUNC_ARG;
+    }
+    
+    if ((ret = wc_sce_hw_lock()) == 0) {
+        if (type == RSA_PUBLIC_ENCRYPT) {
+            
+            plain.pdata = (byte*)in;
+            plain.data_length = inLen;
+            cipher.pdata = out;
+            cipher.data_length = outLen;
+
+            if (keySize == 1024) {
+                if(info->keyflgs_crypt.bits.rsapub1024_installedkey_set == 1)
+                    ret = R_SCE_RSAES_PKCS1024_Encrypt(&plain, &cipher,
+                        (sce_rsa1024_public_wrapped_key_t*)
+                            info->sce_wrapped_key_rsapub1024);
+                else {
+                    WOLFSSL_MSG("wrapped public 1024 bits key is not set.");
+                    return BAD_FUNC_ARG;
+                }
+            }
+            else {
+                if(info->keyflgs_crypt.bits.rsapub2048_installedkey_set == 1)
+                    ret = R_SCE_RSAES_PKCS2048_Encrypt(&plain, &cipher,
+                            (sce_rsa2048_public_wrapped_key_t*)
+                                info->sce_wrapped_key_rsapub2048);
+                else {
+                    WOLFSSL_MSG("wrapped public 2048 bits key is not set.");
+                    return BAD_FUNC_ARG;
+                }
+            }
+        }
+        else if (type == RSA_PRIVATE_DECRYPT) {
+            plain.pdata = out;
+            plain.data_length = outLen;
+            cipher.pdata = (byte*)in;
+            cipher.data_length = inLen;
+            
+            if (keySize == 1024) {
+                if(info->keyflgs_crypt.bits.rsapri1024_installedkey_set == 1)
+                    ret = R_SCE_RSAES_PKCS1024_Decrypt(&cipher, &plain,
+                            (sce_rsa1024_private_wrapped_key_t*)
+                                info->sce_wrapped_key_rsapri1024);
+                else {
+                    WOLFSSL_MSG("wrapped private 2048 bits key is not set.");
+                    return BAD_FUNC_ARG;
+                }
+            }
+            else {
+                if(info->keyflgs_crypt.bits.rsapri2048_installedkey_set == 1)
+                    ret = R_SCE_RSAES_PKCS2048_Decrypt(&cipher, &plain,
+                            (sce_rsa2048_private_wrapped_key_t*)
+                                info->sce_wrapped_key_rsapri2048);
+                else {
+                    WOLFSSL_MSG("wrapped private 2048 bits key is not set.");
+                    return BAD_FUNC_ARG;
+                }
+            }
+        }
+        
+        wc_sce_hw_unlock();
+    }
+    return ret;
+}
+
+/* Perform Rsa sign by SCE
+ * Assumes to be called by Crypt Callback
+ * 
+ * in     Buffer to hold plaintext
+ * inLen  Length of plaintext in bytes
+ * out    Buffer to hold generated signature
+ * outLen Length of signature in bytes
+ * key    rsa key object
+ * ctx    The callback context
+ * return FSP_SUCCESS(0) on Success, otherwise negative value
+ */
+ 
+WOLFSSL_LOCAL int wc_sce_RsaSign(const byte* in, word32 inLen, byte* out,
+                    word32* outLen, struct RsaKey* key, void* ctx)
+{
+    int ret;
+    
+    sce_rsa_byte_data_t message_hash;
+    sce_rsa_byte_data_t signature;
+    User_SCEPKCbInfo    *info = (User_SCEPKCbInfo*)ctx;
+    int keySize;
+    
+    (void) key;
+    
+    /* sanity check */
+    if (in == NULL || out == NULL || outLen == NULL ||
+                                key == NULL || ctx == NULL){
+        return BAD_FUNC_ARG;
+    }
+    
+    keySize = 0;
+    if (info->keyflgs_crypt.bits.rsapri2048_installedkey_set == 1 ||
+        info->keyflgs_crypt.bits.rsapub2048_installedkey_set == 1 )
+        keySize = 2048;
+    else if (info->keyflgs_crypt.bits.rsapri1024_installedkey_set == 1 ||
+             info->keyflgs_crypt.bits.rsapub1024_installedkey_set == 1 )
+        keySize = 1024;
+        
+    if (keySize == 0) {
+        WOLFSSL_MSG("keySize is invalid, neither 1024 or 2048 bits.");
+        return BAD_FUNC_ARG;
+    }
+    
+    message_hash.pdata = in;
+    message_hash.data_length = inLen;
+    message_hash.data_type = 
+            info->keyflgs_crypt.bits.message_type;/* message 0, hash 1 */
+    signature.pdata = out;
+    signature.data_length = outLen;
+    
+    if ((ret = wc_sce_hw_lock()) == 0) {
+        if (keySize == 1024) {
+            
+            ret = R_SCE_RSASSA_PKCS1024_SignatureGenerate(&message_hash, 
+                        &signature,
+                        (sce_rsa1024_private_wrapped_key_t *)
+                                    info->sce_wrapped_key_rsapri1024,
+                        HW_SCE_RSA_HASH_SHA256);
+        }
+        else {
+            
+            ret = R_SCE_RSASSA_PKCS2048_SignatureGenerate(&message_hash, 
+                        &signature,
+                        (sce_rsa2048_private_wrapped_key_t *)
+                                    info->sce_wrapped_key_rsapri2048,
+                        HW_SCE_RSA_HASH_SHA256);
+        }
+        
+        wc_sce_hw_unlock();
+    }
+    
+    return ret;
+}
+
+/* Perform Rsa verify by SCE
+ * Assumes to be called by Crypt Callback
+ * 
+ * in     Buffer to hold plaintext
+ * inLen  Length of plaintext in bytes
+ * out    Buffer to hold generated signature
+ * outLen Length of signature in bytes
+ * key    rsa key object
+ * ctx    The callback context
+ * return FSP_SUCCESS(0) on Success, otherwise negative value
+ */
+ 
+WOLFSSL_LOCAL int wc_sce_RsaVerify(const byte* in, word32 inLen, byte* out,
+                    word32* outLen,struct RsaKey* key, void* ctx)
+{
+    int ret;
+    
+    sce_rsa_byte_data_t message_hash;
+    sce_rsa_byte_data_t signature;
+    User_SCEPKCbInfo    *info = (User_SCEPKCbInfo*)ctx;
+    int keySize;
+    
+    (void) key;
+    
+    /* sanity check */
+    if (in == NULL || out == NULL || outLen == NULL ||
+                                key == NULL || ctx == NULL){
+        return BAD_FUNC_ARG;
+    }
+    
+    keySize = 0;
+    if (info->keyflgs_crypt.bits.rsapri2048_installedkey_set == 1 ||
+        info->keyflgs_crypt.bits.rsapub2048_installedkey_set == 1 )
+        keySize = 2048;
+    else if (info->keyflgs_crypt.bits.rsapri1024_installedkey_set == 1 ||
+             info->keyflgs_crypt.bits.rsapub1024_installedkey_set == 1 )
+        keySize = 1024;
+        
+    if (keySize == 0) {
+        WOLFSSL_MSG("keySize is invalid, neither 1024 or 2048 bits.");
+        return BAD_FUNC_ARG;
+    }
+    
+    
+    message_hash.pdata = in;
+    message_hash.data_length = inLen;
+    message_hash.data_type = 
+            info->keyflgs_crypt.bits.message_type;/* message 0, hash 1 */
+    
+    signature.pdata = out;
+    signature.data_length = outLen;
+    
+    if ((ret = wc_sce_hw_lock()) == 0) {
+        if (keySize == 1024) {
+            
+            ret = R_SCE_RSASSA_PKCS1024_SignatureVerify(&signature,
+                  &message_hash,
+                  (sce_rsa1024_public_wrapped_key_t *)
+                        info->sce_wrapped_key_rsapub1024,
+                  HW_SCE_RSA_HASH_SHA256);
+        }
+        else {
+            
+                ret = R_SCE_RSASSA_PKCS2048_SignatureVerify(&signature, 
+                    &message_hash,
+                    (sce_rsa2048_public_wrapped_key_t *)
+                         info->sce_wrapped_key_rsapub2048,
+                    HW_SCE_RSA_HASH_SHA256 );
+        }
+        
+        wc_sce_hw_unlock();
+    }
+    
+    return ret;
+}
+
+#endif /* !NO_RSA && WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY */

wolfcrypt/src/port/Renesas/renesas_sce_sha.c

@@ -30,7 +30,8 @@
 
 #include <wolfssl/wolfcrypt/logging.h>
 
-#if defined(WOLFSSL_RENESAS_SCEPROTECT)
+#if defined(WOLFSSL_RENESAS_SCEPROTECT) || \
+    defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)
 
 #include <wolfssl/wolfcrypt/error-crypt.h>
 #include <wolfssl/wolfcrypt/port/Renesas/renesas-sce-crypt.h>

wolfcrypt/src/port/Renesas/renesas_sce_util.c

@@ -20,7 +20,8 @@
  */
 #include <wolfssl/wolfcrypt/settings.h>
 
-#if defined(WOLFSSL_RENESAS_SCEPROTECT)
+#if defined(WOLFSSL_RENESAS_SCEPROTECT) || \
+    defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)
 
 #include <wolfssl/wolfcrypt/wc_port.h>
 #include <wolfssl/wolfcrypt/error-crypt.h>
@@ -168,6 +169,8 @@ WOLFSSL_LOCAL void wc_sce_Close()
     }
 }
 
+#ifndef WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY
+
 #if defined(WOLFSSL_RENESAS_SCEPROTECT_ECC)
 /* Verify Server Key Exchange while doing ECDH key exchange */
 static int SCE_ServerKeyExVerify(uint32_t type, WOLFSSL* ssl, const uint8_t* sig,
@@ -220,11 +223,11 @@ static int SCE_ServerKeyExVerify(uint32_t type, WOLFSSL* ssl, const uint8_t* sig
 
         if (ret != FSP_SUCCESS) {
             WOLFSSL_MSG("failed R_SCE_TLS_ServerKeyExchangeVerify");
-            cbInfo->pk_key_set = 0;
+            cbInfo->keyflgs_tls.bits.pk_key_set = 0;
         }
         else {
             ret = WOLFSSL_SUCCESS;
-            cbInfo->pk_key_set = 1;
+            cbInfo->keyflgs_tls.bits.pk_key_set = 1;
         }
     }
     else {
@@ -358,7 +361,7 @@ WOLFSSL_LOCAL int SCE_EccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey,
     WOLFSSL_PKMSG("PK ECC PMS: Side %s, Peer Curve %d\n",
         side == WOLFSSL_CLIENT_END ? "client" : "server", otherKey->dp->id);
 
-    if (cbInfo->pk_key_set == 1) {
+    if (cbInfo->keyflgs_tls.bits.pk_key_set == 1) {
         if ((ret = wc_sce_hw_lock()) == 0) {
             /* Generate ECC PUblic key pair */
             ret = R_SCE_TLS_ECC_secp256r1_EphemeralWrappedKeyPairGenerate(
@@ -404,6 +407,7 @@ WOLFSSL_LOCAL int SCE_EccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey,
     return ret;
 }
 #endif
+
 /* Return tls cipher suite enumeration that is supported by SCE library */
 static uint32_t GetSceCipherSuite(
                     uint8_t cipherSuiteFirst,
@@ -780,7 +784,7 @@ WOLFSSL_LOCAL int wc_sce_generateSessionKey(WOLFSSL *ssl,
              dec->aes->devId = devId;
 
             /* marked as session key is set */
-            cbInfo->session_key_set = 1;
+            cbInfo->keyflgs_tls.bits.session_key_set = 1;
         }
         /* unlock hw */
         wc_sce_hw_unlock();
@@ -1134,8 +1138,8 @@ WOLFSSL_API int wc_sce_set_callback_ctx(WOLFSSL* ssl, void* user_ctx)
         return -1;
     }
     gSCE_PKCbInfo.user_PKCbInfo[sce_sess_idx] = (User_SCEPKCbInfo*)user_ctx;
-    gSCE_PKCbInfo.user_PKCbInfo[sce_sess_idx]->pk_key_set = 0;
-    gSCE_PKCbInfo.user_PKCbInfo[sce_sess_idx]->session_key_set = 0;
+    gSCE_PKCbInfo.user_PKCbInfo[sce_sess_idx]->keyflgs_tls.bits.pk_key_set = 0;
+    gSCE_PKCbInfo.user_PKCbInfo[sce_sess_idx]->keyflgs_tls.bits.session_key_set = 0;
 
     wolfSSL_SetEccVerifyCtx(ssl, user_ctx);
     wolfSSL_SetRsaEncCtx(ssl, user_ctx);
@@ -1151,5 +1155,6 @@ WOLFSSL_API int wc_sce_set_callback_ctx(WOLFSSL* ssl, void* user_ctx)
 
     return 0;
 }
+#endif /*  !WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY */
 
-#endif /* WOLFSSL_RENESAS_SCEPROTECT */
+#endif /* WOLFSSL_RENESAS_SCEPROTECT || WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY */

wolfcrypt/src/random.c

@@ -3488,7 +3488,8 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
         }
         return ret;
     }
-#elif defined(WOLFSSL_RENESAS_SCEPROTECT)
+#elif defined(WOLFSSL_RENESAS_SCEPROTECT) || \
+          defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)
     #include "r_sce.h"
 
     int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)

wolfcrypt/src/rsa.c

@@ -3385,7 +3385,22 @@ static int RsaPublicEncryptEx(const byte* in, word32 inLen, byte* out,
                                   pad_value, pad_type, hash, mgf, label,
                                   labelSz, sz);
         }
-    #endif /* WOLFSSL_CRYPTOCELL */
+    #elif defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)
+           /* SCE needs warpped key which is passed via
+            * user ctx object of crypt-call back.
+            */
+       #ifdef WOLF_CRYPTO_CB
+            if (key->devId != INVALID_DEVID) {
+                /* SCE supports 1024 and 2048 bits */
+                ret = wc_CryptoCb_Rsa(in, inLen, out,
+                                    outLen, rsa_type, key, rng);
+                if (ret != CRYPTOCB_UNAVAILABLE)
+                    return ret;
+                /* fall-through when unavailable */
+                ret = 0; /* reset error code and try using software */
+            }
+       #endif
+    #endif /* WOLFSSL_SE050 */
 
         key->state = RSA_STATE_ENCRYPT_PAD;
         ret = wc_RsaPad_ex(in, inLen, out, (word32)sz, pad_value, rng, pad_type,
@@ -3529,6 +3544,18 @@ static int RsaPrivateDecryptEx(const byte* in, word32 inLen, byte* out,
             }
             return ret;
         }
+    #elif defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)
+           #ifdef WOLF_CRYPTO_CB
+                if (key->devId != INVALID_DEVID) {
+                    ret = wc_CryptoCb_Rsa(in, inLen, out,
+                                        outLen, rsa_type, key, rng);
+                    if (ret != CRYPTOCB_UNAVAILABLE)
+                      return ret;
+                    /* fall-through when unavailable */
+                    ret = 0; /* reset error code and try using software */
+                }
+           #endif
+
     #endif /* WOLFSSL_CRYPTOCELL */
 
 

wolfcrypt/src/sha256.c

@@ -222,7 +222,9 @@ on the specific device platform.
     (!defined(WOLFSSL_RENESAS_TSIP_CRYPT) || defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH)) && \
     !defined(WOLFSSL_PSOC6_CRYPTO) && !defined(WOLFSSL_IMXRT_DCP) && !defined(WOLFSSL_SILABS_SE_ACCEL) && \
     !defined(WOLFSSL_KCAPI_HASH) && !defined(WOLFSSL_SE050_HASH) && \
-    (!defined(WOLFSSL_RENESAS_SCEPROTECT) || defined(NO_WOLFSSL_RENESAS_SCEPROTECT_HASH)) && \
+    ((!defined(WOLFSSL_RENESAS_SCEPROTECT) && \
+        !defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)) \
+      || defined(NO_WOLFSSL_RENESAS_SCEPROTECT_HASH)) && \
     (!defined(WOLFSSL_HAVE_PSA) || defined(WOLFSSL_PSA_NO_HASH)) && \
     !defined(WOLFSSL_RENESAS_RX64_HASH)
 
@@ -796,7 +798,8 @@ static int InitSha256(wc_Sha256* sha256)
 
     /* implemented in wolfcrypt/src/port/Renesas/renesas_tsip_sha.c */
 
-#elif defined(WOLFSSL_RENESAS_SCEPROTECT) && \
+#elif (defined(WOLFSSL_RENESAS_SCEPROTECT) || \
+        defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)) && \
     !defined(NO_WOLFSSL_RENESAS_SCEPROTECT_HASH)
 
     /* implemented in wolfcrypt/src/port/Renesas/renesas_sce_sha.c */
@@ -1804,7 +1807,8 @@ void wc_Sha256Free(wc_Sha256* sha256)
     (defined(WOLFSSL_DEVCRYPTO_HASH) && defined(WOLFSSL_DEVCRYPTO_HASH_KEEP)) || \
     (defined(WOLFSSL_RENESAS_TSIP_CRYPT) && \
     !defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH)) || \
-    (defined(WOLFSSL_RENESAS_SCEPROTECT) && \
+    ((defined(WOLFSSL_RENESAS_SCEPROTECT) || \
+      defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)) && \
     !defined(NO_WOLFSSL_RENESAS_SCEPROTECT_HASH)) || \
     defined(WOLFSSL_RENESAS_RX64_HASH) || \
     defined(WOLFSSL_HASH_KEEP)
@@ -1992,7 +1996,8 @@ int wc_Sha224_Grow(wc_Sha224* sha224, const byte* in, int inSz)
 
     /* implemented in wolfcrypt/src/port/Renesas/renesas_tsip_sha.c */
 
-#elif defined(WOLFSSL_RENESAS_SCEPROTECT) && \
+#elif (defined(WOLFSSL_RENESAS_SCEPROTECT) || \
+       defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)) && \
     !defined(NO_WOLFSSL_RENESAS_SCEPROTECT_HASH)
 
     /* implemented in wolfcrypt/src/port/Renesas/renesas_sce_sha.c */

wolfcrypt/src/wc_port.c

@@ -61,7 +61,8 @@
 #if defined(WOLFSSL_RENESAS_TSIP)
     #include <wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h>
 #endif
-#if defined(WOLFSSL_RENESAS_SCE)
+#if defined(WOLFSSL_RENESAS_SCEPROTECT) || \
+            defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)
     #include <wolfssl/wolfcrypt/port/Renesas/renesas-sce-crypt.h>
 #endif
 #if defined(WOLFSSL_RENESAS_RX64_HASH)
@@ -187,7 +188,8 @@ int wolfCrypt_Init(void)
     }
     #endif
 
-    #if defined(WOLFSSL_RENESAS_SCEPROTECT)
+    #if defined(WOLFSSL_RENESAS_SCEPROTECT) || \
+            defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)
         ret = wc_sce_Open( );
         if( ret != FSP_SUCCESS ) {
             WOLFSSL_MSG("RENESAS SCE Open failed");
@@ -436,7 +438,8 @@ int wolfCrypt_Cleanup(void)
         rx64_hw_Close();
     #endif
 
-    #ifdef WOLFSSL_RENESAS_SCEPROTECT
+    #if defined(WOLFSSL_RENESAS_SCEPROTECT) || \
+        defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)
         wc_sce_Close();
     #endif
 

wolfcrypt/test/test.c

@@ -375,6 +375,7 @@
 #endif
 
 #if defined(WOLFSSL_RENESAS_TSIP) || defined(WOLFSSL_RENESAS_SCEPROTECT) || \
+    defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY) || \
     defined(WOLFSSL_SECO_CAAM)
     #define HASH_SIZE_LIMIT
 #endif
@@ -3006,7 +3007,7 @@ WOLFSSL_TEST_SUBROUTINE int sha256_test(void)
             (word32)sizeof(large_input));
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
-    }
+        }
     ret = wc_Sha256Final(&sha, hash);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);

wolfssl/wolfcrypt/aes.h

@@ -296,7 +296,8 @@ struct Aes {
     defined(WOLFSSL_RENESAS_TSIP_TLS_AES_CRYPT)
     TSIP_AES_CTX ctx;
 #endif
-#if defined(WOLFSSL_RENESAS_SCEPROTECT)
+#if defined(WOLFSSL_RENESAS_SCEPROTECT) ||\
+    defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)
     SCE_AES_CTX ctx;
 #endif
 #if defined(WOLFSSL_IMXRT_DCP)

wolfssl/wolfcrypt/port/Renesas/renesas-sce-crypt.h

@@ -34,10 +34,30 @@ extern "C" {
 
 #define MAX_SCE_CBINDEX 5
 
+typedef void* renesas_sce_wrappedkey;
+
+/* flsgas related to TLS */
+struct sce_keyflgs_tls {
+    uint8_t pk_key_set:1;
+    uint8_t session_key_set:1;
+};
+
+/* flags Crypt Only */
+struct sce_keyflgs_cryt {
+    uint8_t aes256_installedkey_set:1;
+    uint8_t aes128_installedkey_set:1;
+    uint8_t rsapri2048_installedkey_set:1;
+    uint8_t rsapub2048_installedkey_set:1;
+    uint8_t rsapri1024_installedkey_set:1;
+    uint8_t rsapub1024_installedkey_set:1;
+    uint8_t message_type:1;/*message 0, hashed 1*/
+};
+
 typedef struct tagUser_SCEPKCbInfo {
     /* unique number for each session */
     int devId;
-    
+   #if defined(WOLFSSL_RENESAS_SCEPROTECT) && \
+        !defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)
     /* out from R_SCE_TLS_ServerKeyExchangeVerify */
     uint32_t encrypted_ephemeral_ecdh_public_key[SCE_TLS_ENCRYPTED_ECCPUBKEY_SZ];
     /* out from R_SCE_TLS_ECC_secp256r1_EphemeralWrappedKeyPairGenerate */
@@ -48,17 +68,35 @@ typedef struct tagUser_SCEPKCbInfo {
     uint8_t     sce_clientRandom[SCE_TLS_CLIENTRANDOM_SZ];
     uint8_t     sce_serverRandom[SCE_TLS_SERVERRANDOM_SZ];
     uint8_t     sce_cipher;
+
+   #endif
     
     /* installed key handling */
-    sce_aes_wrapped_key_t   sce_wrapped_key_aes256;
-    uint8_t aes256_installedkey_set:1;
-    sce_aes_wrapped_key_t   sce_wrapped_key_aes128;
-    uint8_t aes128_installedkey_set:1;
+    /* aes */
+    renesas_sce_wrappedkey   sce_wrapped_key_aes256;
+    renesas_sce_wrappedkey   sce_wrapped_key_aes128;
     
+   #if defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)
+    /* rsa */
+    renesas_sce_wrappedkey   sce_wrapped_key_rsapri2048;
+    renesas_sce_wrappedkey   sce_wrapped_key_rsapub2048;
+    renesas_sce_wrappedkey   sce_wrapped_key_rsapri1024;
+    renesas_sce_wrappedkey   sce_wrapped_key_rsapub1024;
+   #endif
+    
+    /* key status flags */
     /* flag whether encrypted ec key is set */
-    uint8_t pk_key_set:1;
-    uint8_t session_key_set:1;
-
+    union {
+        uint8_t chr;
+        struct sce_keyflgs_tls bits;
+    } keyflgs_tls;
+    /* key status flags */
+    /* flags shows status if wrapped keys are installed */
+    union {
+        uint8_t chr;
+        struct sce_keyflgs_cryt bits;
+    } keyflgs_crypt;
+    
 } User_SCEPKCbInfo;
 
 typedef struct tagSCE_PKCbInfo {
@@ -138,7 +176,9 @@ typedef wolfssl_SCE_Hash wc_Sha256;
 
 #endif /* NO_SHA */
 
-
+#if defined(WOLFSSL_RENESAS_SCEPROTECT) && \
+        !defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPT_ONLY)
+        
 WOLFSSL_LOCAL int     wc_sce_tls_RootCertVerify(
             const   uint8_t* cert,         uint32_t cert_len,
             uint32_t  key_n_start,        uint32_t key_n_len,
@@ -220,5 +260,19 @@ WOLFSSL_API void wc_sce_inform_user_keys(
 WOLFSSL_API void wc_sce_set_callbacks(struct WOLFSSL_CTX* ctx);
 WOLFSSL_API int  wc_sce_set_callback_ctx(struct WOLFSSL* ssl, void* user_ctx);
 WOLFSSL_API void wc_sce_inform_cert_sign(const uint8_t *sign);
-    
+
+/* rsa */
+struct RsaKey;
+struct WC_RNG;
+WOLFSSL_API int  wc_sce_RsaFunction(const byte* in, word32 inLen, byte* out,
+    word32 outLen, int type, struct RsaKey* key, struct WC_RNG* rng, void* ctx);
+WOLFSSL_API int  wc_sce_MakeRsaKey(int size, void* ctx);
+WOLFSSL_API int  wc_sce_RsaSign(const byte* in, word32 inLen, byte* out,
+                    word32* outLen, struct RsaKey* key, void* ctx);
+WOLFSSL_API int  wc_sce_RsaVerify(const byte* in, word32 inLen, byte* out,
+                    word32* outLen,struct RsaKey* key, void* ctx);
+
+#endif  /* WOLFSSL_RENESAS_SCEPROTECT && 
+         * !WOLFSSL_RENESAS_SCEPROTECT_CRYPT_ONLY */
+
 #endif  /* __RENESAS_SCE_CRYPT_H__ */

wolfssl/wolfcrypt/sha256.h

@@ -153,7 +153,8 @@ enum {
 #elif defined(WOLFSSL_RENESAS_TSIP_CRYPT) && \
    !defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH)
     #include "wolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h"
-#elif defined(WOLFSSL_RENESAS_SCEPROTECT) && \
+#elif (defined(WOLFSSL_RENESAS_SCEPROTECT) || \
+        defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)) && \
    !defined(NO_WOLFSSL_RENESAS_SCEPROTECT_HASH)
     #include "wolfssl/wolfcrypt/port/Renesas/renesas-sce-crypt.h"
 #elif defined(WOLFSSL_RENESAS_RX64_HASH)