JCE: add HmacSHA224 support to KeyGenerator implementation

cconlon · cconlon · commit aa49b15cdb3a · 2025-03-05T09:17:14.000-07:00
diff --git a/README_JCE.md b/README_JCE.md
@@ -134,6 +134,7 @@ The JCE provider currently supports the following algorithms:
     KeyGenerator
         AES
         HmacSHA1
+        HmacSHA224
         HmacSHA256
         HmacSHA384
         HmacSHA512
diff --git a/src/main/java/com/wolfssl/provider/jce/WolfCryptKeyGenerator.java b/src/main/java/com/wolfssl/provider/jce/WolfCryptKeyGenerator.java
@@ -23,6 +23,7 @@
 
 import com.wolfssl.wolfcrypt.Fips;
 import com.wolfssl.wolfcrypt.Aes;
+import com.wolfssl.wolfcrypt.Sha224;
 import com.wolfssl.wolfcrypt.Sha256;
 import com.wolfssl.wolfcrypt.Sha384;
 import com.wolfssl.wolfcrypt.Sha512;
@@ -45,6 +46,7 @@ enum AlgoType {
         WC_INVALID,
         WC_AES,
         WC_HMAC_SHA1,
+        WC_HMAC_SHA224,
         WC_HMAC_SHA256,
         WC_HMAC_SHA384,
         WC_HMAC_SHA512
@@ -54,7 +56,6 @@ enum AlgoType {
     private String algString = null;
 
     private int keySizeBits = 0;
-    private AlgorithmParameterSpec algoParams = null;
     private SecureRandom random = null;
 
     /**
@@ -75,6 +76,10 @@ private WolfCryptKeyGenerator(AlgoType type) {
                 /* SunJCE default key size for HmacSHA1 is 64 bytes */
                 this.keySizeBits = (Sha512.DIGEST_SIZE * 8);
                 break;
+            case WC_HMAC_SHA224:
+                this.algString = "HmacSHA224";
+                this.keySizeBits = (Sha224.DIGEST_SIZE * 8);
+                break;
             case WC_HMAC_SHA256:
                 this.algString = "HmacSHA256";
                 this.keySizeBits = (Sha256.DIGEST_SIZE * 8);
@@ -222,6 +227,7 @@ protected SecretKey engineGenerateKey() {
         switch (this.algoType) {
             case WC_AES:
             case WC_HMAC_SHA1:
+            case WC_HMAC_SHA224:
             case WC_HMAC_SHA256:
             case WC_HMAC_SHA384:
             case WC_HMAC_SHA512:
@@ -259,6 +265,20 @@ public wcHMACSha1KeyGenerator() {
         }
     }
 
+    /**
+     * KeyGenerator(HmacSHA224) class, called by WolfCryptProvider.
+     */
+    public static final class wcHMACSha224KeyGenerator
+        extends WolfCryptKeyGenerator {
+
+        /**
+         * Constructor for wcHMACSha224KeyGenerator.
+         */
+        public wcHMACSha224KeyGenerator() {
+            super(AlgoType.WC_HMAC_SHA224);
+        }
+    }
+
     /**
      * KeyGenerator(HmacSHA256) class, called by WolfCryptProvider.
      */
diff --git a/src/main/java/com/wolfssl/provider/jce/WolfCryptProvider.java b/src/main/java/com/wolfssl/provider/jce/WolfCryptProvider.java
@@ -201,16 +201,30 @@ private void registerServices() {
         }
 
         /* KeyGenerator */
-        put("KeyGenerator.AES",
-            "com.wolfssl.provider.jce.WolfCryptKeyGenerator$wcAESKeyGenerator");
-        put("KeyGenerator.HmacSHA1",
-            "com.wolfssl.provider.jce.WolfCryptKeyGenerator$wcHMACSha1KeyGenerator");
-        put("KeyGenerator.HmacSHA256",
-            "com.wolfssl.provider.jce.WolfCryptKeyGenerator$wcHMACSha256KeyGenerator");
-        put("KeyGenerator.HmacSHA384",
-            "com.wolfssl.provider.jce.WolfCryptKeyGenerator$wcHMACSha384KeyGenerator");
-        put("KeyGenerator.HmacSHA512",
-            "com.wolfssl.provider.jce.WolfCryptKeyGenerator$wcHMACSha512KeyGenerator");
+        if (FeatureDetect.AesEnabled()) {
+            put("KeyGenerator.AES",
+                "com.wolfssl.provider.jce.WolfCryptKeyGenerator$wcAESKeyGenerator");
+        }
+        if (FeatureDetect.HmacShaEnabled()) {
+            put("KeyGenerator.HmacSHA1",
+                "com.wolfssl.provider.jce.WolfCryptKeyGenerator$wcHMACSha1KeyGenerator");
+        }
+        if (FeatureDetect.HmacSha224Enabled()) {
+            put("KeyGenerator.HmacSHA224",
+                "com.wolfssl.provider.jce.WolfCryptKeyGenerator$wcHMACSha224KeyGenerator");
+        }
+        if (FeatureDetect.HmacSha256Enabled()) {
+            put("KeyGenerator.HmacSHA256",
+                "com.wolfssl.provider.jce.WolfCryptKeyGenerator$wcHMACSha256KeyGenerator");
+        }
+        if (FeatureDetect.HmacSha384Enabled()) {
+            put("KeyGenerator.HmacSHA384",
+                "com.wolfssl.provider.jce.WolfCryptKeyGenerator$wcHMACSha384KeyGenerator");
+        }
+        if (FeatureDetect.HmacSha512Enabled()) {
+            put("KeyGenerator.HmacSHA512",
+                "com.wolfssl.provider.jce.WolfCryptKeyGenerator$wcHMACSha512KeyGenerator");
+        }
 
         /* KeyPairGenerator */
         if (FeatureDetect.RsaKeyGenEnabled()) {
diff --git a/src/test/java/com/wolfssl/provider/jce/test/WolfCryptKeyGeneratorTest.java b/src/test/java/com/wolfssl/provider/jce/test/WolfCryptKeyGeneratorTest.java
@@ -42,6 +42,7 @@
 
 import com.wolfssl.wolfcrypt.Fips;
 import com.wolfssl.wolfcrypt.Aes;
+import com.wolfssl.wolfcrypt.Sha224;
 import com.wolfssl.wolfcrypt.Sha256;
 import com.wolfssl.wolfcrypt.Sha384;
 import com.wolfssl.wolfcrypt.Sha512;
@@ -52,6 +53,7 @@ public class WolfCryptKeyGeneratorTest {
     private static String[] keyAlgorithms = {
         "AES",
         "HmacSHA1",
+        "HmacSHA224",
         "HmacSHA256",
         "HmacSHA384",
         "HmacSHA512"
@@ -121,6 +123,14 @@ public void testHmacSHA1KeyGeneration()
         testKeyGenerationDefaultKeySize("HmacSHA1", Sha512.DIGEST_SIZE * 8);
     }
 
+    @Test
+    public void testHmacSHA224KeyGeneration()
+        throws NoSuchProviderException, NoSuchAlgorithmException {
+
+        testKeyGeneration("HmacSHA224", new int[] { 224 });
+        testKeyGenerationDefaultKeySize("HmacSHA224", Sha224.DIGEST_SIZE * 8);
+    }
+
     @Test
     public void testHmacSHA256KeyGeneration()
         throws NoSuchProviderException, NoSuchAlgorithmException {
