JCE: add HmacSHA224 support to KeyGenerator implementation

2025-03-03 14:06:07 -07:00 · 2025-03-03 14:06:07 -07:00 · aa49b15cdb
parent 9e025b75ce
commit aa49b15cdb
4 changed files with 56 additions and 11 deletions
--- a/README_JCE.md
+++ b/README_JCE.md
@ -134,6 +134,7 @@ The JCE provider currently supports the following algorithms:
    KeyGenerator
        AES
        HmacSHA1
+        HmacSHA224
        HmacSHA256
        HmacSHA384
        HmacSHA512
--- a/src/main/java/com/wolfssl/provider/jce/WolfCryptKeyGenerator.java
+++ b/src/main/java/com/wolfssl/provider/jce/WolfCryptKeyGenerator.java
@ -23,6 +23,7 @@ package com.wolfssl.provider.jce;

 import com.wolfssl.wolfcrypt.Fips;
 import com.wolfssl.wolfcrypt.Aes;
+import com.wolfssl.wolfcrypt.Sha224;
 import com.wolfssl.wolfcrypt.Sha256;
 import com.wolfssl.wolfcrypt.Sha384;
 import com.wolfssl.wolfcrypt.Sha512;
@ -45,6 +46,7 @@ public class WolfCryptKeyGenerator extends KeyGeneratorSpi {
        WC_INVALID,
        WC_AES,
        WC_HMAC_SHA1,
+        WC_HMAC_SHA224,
        WC_HMAC_SHA256,
        WC_HMAC_SHA384,
        WC_HMAC_SHA512
@ -54,7 +56,6 @@ public class WolfCryptKeyGenerator extends KeyGeneratorSpi {
    private String algString = null;

    private int keySizeBits = 0;
-    private AlgorithmParameterSpec algoParams = null;
    private SecureRandom random = null;

    /**
@ -75,6 +76,10 @@ public class WolfCryptKeyGenerator extends KeyGeneratorSpi {
                /* SunJCE default key size for HmacSHA1 is 64 bytes */
                this.keySizeBits = (Sha512.DIGEST_SIZE * 8);
                break;
+            case WC_HMAC_SHA224:
+                this.algString = "HmacSHA224";
+                this.keySizeBits = (Sha224.DIGEST_SIZE * 8);
+                break;
            case WC_HMAC_SHA256:
                this.algString = "HmacSHA256";
                this.keySizeBits = (Sha256.DIGEST_SIZE * 8);
@ -222,6 +227,7 @@ public class WolfCryptKeyGenerator extends KeyGeneratorSpi {
        switch (this.algoType) {
            case WC_AES:
            case WC_HMAC_SHA1:
+            case WC_HMAC_SHA224:
            case WC_HMAC_SHA256:
            case WC_HMAC_SHA384:
            case WC_HMAC_SHA512:
@ -259,6 +265,20 @@ public class WolfCryptKeyGenerator extends KeyGeneratorSpi {
        }
    }

+    /**
+     * KeyGenerator(HmacSHA224) class, called by WolfCryptProvider.
+     */
+    public static final class wcHMACSha224KeyGenerator
+        extends WolfCryptKeyGenerator {
+
+        /**
+         * Constructor for wcHMACSha224KeyGenerator.
+         */
+        public wcHMACSha224KeyGenerator() {
+            super(AlgoType.WC_HMAC_SHA224);
+        }
+    }
+
    /**
     * KeyGenerator(HmacSHA256) class, called by WolfCryptProvider.
     */
--- a/src/main/java/com/wolfssl/provider/jce/WolfCryptProvider.java
+++ b/src/main/java/com/wolfssl/provider/jce/WolfCryptProvider.java
@ -201,16 +201,30 @@ public final class WolfCryptProvider extends Provider {
        }

        /* KeyGenerator */
-        put("KeyGenerator.AES",
-            "com.wolfssl.provider.jce.WolfCryptKeyGenerator$wcAESKeyGenerator");
-        put("KeyGenerator.HmacSHA1",
-            "com.wolfssl.provider.jce.WolfCryptKeyGenerator$wcHMACSha1KeyGenerator");
-        put("KeyGenerator.HmacSHA256",
-            "com.wolfssl.provider.jce.WolfCryptKeyGenerator$wcHMACSha256KeyGenerator");
-        put("KeyGenerator.HmacSHA384",
-            "com.wolfssl.provider.jce.WolfCryptKeyGenerator$wcHMACSha384KeyGenerator");
-        put("KeyGenerator.HmacSHA512",
-            "com.wolfssl.provider.jce.WolfCryptKeyGenerator$wcHMACSha512KeyGenerator");
+        if (FeatureDetect.AesEnabled()) {
+            put("KeyGenerator.AES",
+                "com.wolfssl.provider.jce.WolfCryptKeyGenerator$wcAESKeyGenerator");
+        }
+        if (FeatureDetect.HmacShaEnabled()) {
+            put("KeyGenerator.HmacSHA1",
+                "com.wolfssl.provider.jce.WolfCryptKeyGenerator$wcHMACSha1KeyGenerator");
+        }
+        if (FeatureDetect.HmacSha224Enabled()) {
+            put("KeyGenerator.HmacSHA224",
+                "com.wolfssl.provider.jce.WolfCryptKeyGenerator$wcHMACSha224KeyGenerator");
+        }
+        if (FeatureDetect.HmacSha256Enabled()) {
+            put("KeyGenerator.HmacSHA256",
+                "com.wolfssl.provider.jce.WolfCryptKeyGenerator$wcHMACSha256KeyGenerator");
+        }
+        if (FeatureDetect.HmacSha384Enabled()) {
+            put("KeyGenerator.HmacSHA384",
+                "com.wolfssl.provider.jce.WolfCryptKeyGenerator$wcHMACSha384KeyGenerator");
+        }
+        if (FeatureDetect.HmacSha512Enabled()) {
+            put("KeyGenerator.HmacSHA512",
+                "com.wolfssl.provider.jce.WolfCryptKeyGenerator$wcHMACSha512KeyGenerator");
+        }

        /* KeyPairGenerator */
        if (FeatureDetect.RsaKeyGenEnabled()) {
--- a/src/test/java/com/wolfssl/provider/jce/test/WolfCryptKeyGeneratorTest.java
+++ b/src/test/java/com/wolfssl/provider/jce/test/WolfCryptKeyGeneratorTest.java
@ -42,6 +42,7 @@ import javax.crypto.SecretKey;

 import com.wolfssl.wolfcrypt.Fips;
 import com.wolfssl.wolfcrypt.Aes;
+import com.wolfssl.wolfcrypt.Sha224;
 import com.wolfssl.wolfcrypt.Sha256;
 import com.wolfssl.wolfcrypt.Sha384;
 import com.wolfssl.wolfcrypt.Sha512;
@ -52,6 +53,7 @@ public class WolfCryptKeyGeneratorTest {
    private static String[] keyAlgorithms = {
        "AES",
        "HmacSHA1",
+        "HmacSHA224",
        "HmacSHA256",
        "HmacSHA384",
        "HmacSHA512"
@ -121,6 +123,14 @@ public class WolfCryptKeyGeneratorTest {
        testKeyGenerationDefaultKeySize("HmacSHA1", Sha512.DIGEST_SIZE * 8);
    }

+    @Test
+    public void testHmacSHA224KeyGeneration()
+        throws NoSuchProviderException, NoSuchAlgorithmException {
+
+        testKeyGeneration("HmacSHA224", new int[] { 224 });
+        testKeyGenerationDefaultKeySize("HmacSHA224", Sha224.DIGEST_SIZE * 8);
+    }
+
    @Test
    public void testHmacSHA256KeyGeneration()
        throws NoSuchProviderException, NoSuchAlgorithmException {