JCE: add Mac AESGMAC / AES-GMAC support

cconlon · cconlon · commit 42fe75dbabbf · 2025-07-17T10:47:35.000-06:00
diff --git a/README_JCE.md b/README_JCE.md
@@ -116,6 +116,7 @@ The JCE provider currently supports the following algorithms:
 
     Mac Class
         AESCMAC (aliased also as: AES-CMAC)
+        AESGMAC (aliased also as: AES-GMAC)
         HmacMD5
         HmacSHA1
         HmacSHA224
diff --git a/jni/jni_aesgcm.c b/jni/jni_aesgcm.c
@@ -275,10 +275,10 @@ JNIEXPORT jbyteArray JNICALL Java_com_wolfssl_wolfcrypt_AesGcm_wc_1AesGcmEncrypt
 
 #else
     (void)this;
-    (void)input;
-    (void)iv;
-    (void)authTag;
-    (void)authIn;
+    (void)inputArr;
+    (void)ivArr;
+    (void)authTagArr;
+    (void)authInArr;
     throwNotCompiledInException(env);
     return NULL;
 #endif
@@ -398,10 +398,10 @@ JNIEXPORT jbyteArray JNICALL Java_com_wolfssl_wolfcrypt_AesGcm_wc_1AesGcmDecrypt
 
 #else
     (void)this;
-    (void)input;
-    (void)iv;
-    (void)authTag;
-    (void)authIn;
+    (void)inputArr;
+    (void)ivArr;
+    (void)authTagArr;
+    (void)authInArr;
     throwNotCompiledInException(env);
     return NULL;
 #endif
diff --git a/src/main/java/com/wolfssl/provider/jce/WolfCryptMac.java b/src/main/java/com/wolfssl/provider/jce/WolfCryptMac.java
@@ -28,6 +28,8 @@
 import java.security.InvalidAlgorithmParameterException;
 import java.security.NoSuchAlgorithmException;
 import javax.crypto.SecretKey;
+import javax.crypto.spec.GCMParameterSpec;
+import java.io.ByteArrayOutputStream;
 
 import com.wolfssl.wolfcrypt.Md5;
 import com.wolfssl.wolfcrypt.Sha;
@@ -38,6 +40,7 @@
 import com.wolfssl.wolfcrypt.Sha3;
 import com.wolfssl.wolfcrypt.Hmac;
 import com.wolfssl.wolfcrypt.AesCmac;
+import com.wolfssl.wolfcrypt.AesGmac;
 import com.wolfssl.wolfcrypt.Aes;
 
 /**
@@ -56,15 +59,22 @@ enum MacType {
         WC_HMAC_SHA3_256,
         WC_HMAC_SHA3_384,
         WC_HMAC_SHA3_512,
-        WC_AES_CMAC
+        WC_AES_CMAC,
+        WC_AES_GMAC
     }
 
     private Hmac hmac = null;
     private AesCmac aesCmac = null;
+    private AesGmac aesGmac = null;
     private int nativeHmacType = 0;
     private int digestSize = 0;
     private MacType macType;
 
+    /* GMAC-specific fields */
+    private byte[] gmacIv = null;
+    private int gmacTagLen = 16; /* default tag length */
+    private ByteArrayOutputStream gmacAuthData = null;
+
     /* for debug logging */
     private String algString;
 
@@ -139,6 +149,12 @@ private WolfCryptMac(MacType type)
                 this.digestSize = Aes.BLOCK_SIZE;
                 break;
 
+            case WC_AES_GMAC:
+                aesGmac = new AesGmac();
+                this.digestSize = Aes.BLOCK_SIZE;
+                gmacAuthData = new ByteArrayOutputStream();
+                break;
+
             default:
                 throw new NoSuchAlgorithmException(
                     "Unsupported MAC type");
@@ -156,6 +172,12 @@ protected byte[] engineDoFinal() {
 
         if (macType == MacType.WC_AES_CMAC) {
             out = this.aesCmac.doFinal();
+        } else if (macType == MacType.WC_AES_GMAC) {
+            /* Compute GMAC using accumulated auth data */
+            byte[] authData = gmacAuthData.toByteArray();
+            out = this.aesGmac.update(gmacIv, authData, gmacTagLen);
+            /* Reset for next operation */
+            gmacAuthData.reset();
         } else {
             out = this.hmac.doFinal();
         }
@@ -192,6 +214,19 @@ protected void engineInit(Key key, AlgorithmParameterSpec params)
         try {
             if (macType == MacType.WC_AES_CMAC) {
                 this.aesCmac.setKey(encodedKey);
+            } else if (macType == MacType.WC_AES_GMAC) {
+                /* GMAC requires GCMParameterSpec with IV */
+                if (params == null || !(params instanceof GCMParameterSpec)) {
+                    throw new InvalidAlgorithmParameterException(
+                        "AES-GMAC requires GCMParameterSpec with IV");
+                }
+                GCMParameterSpec gcmSpec = (GCMParameterSpec) params;
+                this.gmacIv = gcmSpec.getIV();
+                /* Convert bits to bytes */
+                this.gmacTagLen = gcmSpec.getTLen() / 8;
+                this.aesGmac.setKey(encodedKey);
+                /* Reset auth data accumulator */
+                gmacAuthData.reset();
             } else {
                 this.hmac.setKey(nativeHmacType, encodedKey);
             }
@@ -206,6 +241,11 @@ protected void engineInit(Key key, AlgorithmParameterSpec params)
     protected void engineReset() {
         if (macType == MacType.WC_AES_CMAC) {
             this.aesCmac.reset();
+        } else if (macType == MacType.WC_AES_GMAC) {
+            /* Reset GMAC auth data accumulator */
+            if (gmacAuthData != null) {
+                gmacAuthData.reset();
+            }
         } else {
             this.hmac.reset();
         }
@@ -217,6 +257,9 @@ protected void engineReset() {
     protected void engineUpdate(byte input) {
         if (macType == MacType.WC_AES_CMAC) {
             this.aesCmac.update(input);
+        } else if (macType == MacType.WC_AES_GMAC) {
+            /* Accumulate auth data for GMAC */
+            gmacAuthData.write(input);
         } else {
             this.hmac.update(input);
         }
@@ -228,6 +271,9 @@ protected void engineUpdate(byte input) {
     protected void engineUpdate(byte[] input, int offset, int len) {
         if (macType == MacType.WC_AES_CMAC) {
             this.aesCmac.update(input, offset, len);
+        } else if (macType == MacType.WC_AES_GMAC) {
+            /* Accumulate auth data for GMAC */
+            gmacAuthData.write(input, offset, len);
         } else {
             this.hmac.update(input, offset, len);
         }
@@ -259,6 +305,8 @@ private String typeToString(MacType type) {
                 return "SHA3-512";
             case WC_AES_CMAC:
                 return "AES-CMAC";
+            case WC_AES_GMAC:
+                return "AES-GMAC";
             default:
                 return "None";
         }
@@ -277,6 +325,8 @@ protected void finalize() throws Throwable {
                 this.hmac.releaseNativeStruct();
             if (this.aesCmac != null)
                 this.aesCmac.releaseNativeStruct();
+            if (this.aesGmac != null)
+                this.aesGmac.releaseNativeStruct();
         } finally {
             super.finalize();
         }
@@ -446,4 +496,19 @@ public wcAesCmac() throws NoSuchAlgorithmException {
             super(MacType.WC_AES_CMAC);
         }
     }
+
+    /**
+     * wolfJCE AES-GMAC class
+     */
+    public static final class wcAesGmac extends WolfCryptMac {
+        /**
+         * Create new wcAesGmac object
+         *
+         * @throws NoSuchAlgorithmException if AES-GMAC is not available at
+         *         native wolfCrypt level.
+         */
+        public wcAesGmac() throws NoSuchAlgorithmException {
+            super(MacType.WC_AES_GMAC);
+        }
+    }
 }
diff --git a/src/main/java/com/wolfssl/provider/jce/WolfCryptProvider.java b/src/main/java/com/wolfssl/provider/jce/WolfCryptProvider.java
@@ -215,6 +215,12 @@ private void registerServices() {
             put("Alg.Alias.Mac.AES-CMAC", "AESCMAC");
         }
 
+        if (FeatureDetect.AesGmacEnabled()) {
+            put("Mac.AESGMAC",
+                    "com.wolfssl.provider.jce.WolfCryptMac$wcAesGmac");
+            put("Alg.Alias.Mac.AES-GMAC", "AESGMAC");
+        }
+
         /* Cipher */
         if (FeatureDetect.AesCbcEnabled()) {
             put("Cipher.AES/CBC/NoPadding",
diff --git a/src/test/java/com/wolfssl/provider/jce/test/WolfCryptCipherTest.java b/src/test/java/com/wolfssl/provider/jce/test/WolfCryptCipherTest.java
@@ -2269,6 +2269,11 @@ public void testAesGcmNoPaddingInterop() throws NoSuchAlgorithmException,
     @Test
     public void testAesGcmGetOutputSize() throws Exception {
 
+        if (!enabledJCEAlgos.contains("AES/GCM/NoPadding")) {
+            /* skip if AES-GCM is not enabled */
+            return;
+        }
+
         final int TAG_LENGTH_BYTES = 16;  /* Default tag length */
         final int KEY_LENGTH_BYTES = 16;  /* 128-bit AES key */
         final int IV_LENGTH_BYTES  = 12;
@@ -2444,7 +2449,8 @@ public void testAesEcbNoPaddingWithUpdate()
         /* Combine outputs */
         byte[] fullOutput = new byte[output1.length + output2.length];
         System.arraycopy(output1, 0, fullOutput, 0, output1.length);
-        System.arraycopy(output2, 0, fullOutput, output1.length, output2.length);
+        System.arraycopy(output2, 0, fullOutput, output1.length,
+            output2.length);
 
         assertArrayEquals(expected, fullOutput);
 
@@ -3293,7 +3299,8 @@ public void testDESedeCbcNoPaddingThreaded() throws InterruptedException {
         int numThreads = 50;
         ExecutorService service = Executors.newFixedThreadPool(numThreads);
         final CountDownLatch latch = new CountDownLatch(numThreads);
-        final LinkedBlockingQueue<Integer> results = new LinkedBlockingQueue<>();
+        final LinkedBlockingQueue<Integer> results =
+            new LinkedBlockingQueue<>();
         final byte[] rand2kBuf = new byte[2048];
 
         final byte key[] = new byte[] {
diff --git a/src/test/java/com/wolfssl/provider/jce/test/WolfCryptMacTest.java b/src/test/java/com/wolfssl/provider/jce/test/WolfCryptMacTest.java
