wolfSSL
diff --git a/‎README_JCE.md‎
Lines changed: 1 addition & 0 deletions b/‎README_JCE.md‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎jni/jni_aescmac.c‎
Lines changed: 1 addition & 1 deletion b/‎jni/jni_aescmac.c‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/main/java/com/wolfssl/provider/jce/WolfCryptMac.java‎
Lines changed: 88 additions & 21 deletions b/‎src/main/java/com/wolfssl/provider/jce/WolfCryptMac.java‎
Lines changed: 88 additions & 21 deletions
diff --git a/‎src/main/java/com/wolfssl/provider/jce/WolfCryptProvider.java‎
Lines changed: 5 additions & 0 deletions b/‎src/main/java/com/wolfssl/provider/jce/WolfCryptProvider.java‎
Lines changed: 5 additions & 0 deletions
@@ -115,6 +115,7 @@ The JCE provider currently supports the following algorithms:
         RSA/ECB/PKCS1Padding
 
     Mac Class
+        AESCMAC (aliased also as: AES-CMAC)
         HmacMD5
         HmacSHA1
         HmacSHA224
 
@@ -242,9 +242,9 @@ JNIEXPORT void JNICALL Java_com_wolfssl_wolfcrypt_AesCmac_wc_1CmacUpdate__Ljava_
 JNIEXPORT jbyteArray JNICALL Java_com_wolfssl_wolfcrypt_AesCmac_wc_1CmacFinal(
     JNIEnv* env, jobject this)
 {
+    jbyteArray result = NULL;
 #ifdef WOLFSSL_CMAC
     int ret = 0;
-    jbyteArray result = NULL;
     word32 macSz = AES_BLOCK_SIZE;
     Cmac* cmac = NULL;
     byte tmp[AES_BLOCK_SIZE];
 
@@ -37,13 +37,15 @@
 import com.wolfssl.wolfcrypt.Sha512;
 import com.wolfssl.wolfcrypt.Sha3;
 import com.wolfssl.wolfcrypt.Hmac;
+import com.wolfssl.wolfcrypt.AesCmac;
+import com.wolfssl.wolfcrypt.Aes;
 
 /**
  * wolfCrypt JCE Mac wrapper
  */
 public class WolfCryptMac extends MacSpi {
 
-    enum HmacType {
+    enum MacType {
         WC_HMAC_MD5,
         WC_HMAC_SHA,
         WC_HMAC_SHA224,
@@ -53,75 +55,93 @@ enum HmacType {
         WC_HMAC_SHA3_224,
         WC_HMAC_SHA3_256,
         WC_HMAC_SHA3_384,
-        WC_HMAC_SHA3_512
+        WC_HMAC_SHA3_512,
+        WC_AES_CMAC
     }
 
     private Hmac hmac = null;
+    private AesCmac aesCmac = null;
     private int nativeHmacType = 0;
     private int digestSize = 0;
+    private MacType macType;
 
     /* for debug logging */
     private String algString;
 
-    private WolfCryptMac(HmacType type)
+    private WolfCryptMac(MacType type)
         throws NoSuchAlgorithmException {
 
-        hmac = new Hmac();
+        this.macType = type;
 
         switch (type) {
             case WC_HMAC_MD5:
+                hmac = new Hmac();
                 this.digestSize = Md5.DIGEST_SIZE;
                 this.nativeHmacType = Hmac.MD5;
                 break;
 
             case WC_HMAC_SHA:
+                hmac = new Hmac();
                 this.digestSize = Sha.DIGEST_SIZE;
                 this.nativeHmacType = Hmac.SHA;
                 break;
 
             case WC_HMAC_SHA224:
+                hmac = new Hmac();
                 this.digestSize = Sha224.DIGEST_SIZE;
                 this.nativeHmacType = Hmac.SHA224;
                 break;
 
             case WC_HMAC_SHA256:
+                hmac = new Hmac();
                 this.digestSize = Sha256.DIGEST_SIZE;
                 this.nativeHmacType = Hmac.SHA256;
                 break;
 
             case WC_HMAC_SHA384:
+                hmac = new Hmac();
                 this.digestSize = Sha384.DIGEST_SIZE;
                 this.nativeHmacType = Hmac.SHA384;
                 break;
 
             case WC_HMAC_SHA512:
+                hmac = new Hmac();
                 this.digestSize = Sha512.DIGEST_SIZE;
                 this.nativeHmacType = Hmac.SHA512;
                 break;
 
             case WC_HMAC_SHA3_224:
+                hmac = new Hmac();
                 this.digestSize = Sha3.DIGEST_SIZE_224;
                 this.nativeHmacType = Hmac.SHA3_224;
                 break;
 
             case WC_HMAC_SHA3_256:
+                hmac = new Hmac();
                 this.digestSize = Sha3.DIGEST_SIZE_256;
                 this.nativeHmacType = Hmac.SHA3_256;
                 break;
 
             case WC_HMAC_SHA3_384:
+                hmac = new Hmac();
                 this.digestSize = Sha3.DIGEST_SIZE_384;
                 this.nativeHmacType = Hmac.SHA3_384;
                 break;
 
             case WC_HMAC_SHA3_512:
+                hmac = new Hmac();
                 this.digestSize = Sha3.DIGEST_SIZE_512;
                 this.nativeHmacType = Hmac.SHA3_512;
                 break;
 
+            case WC_AES_CMAC:
+                aesCmac = new AesCmac();
+                this.digestSize = Aes.BLOCK_SIZE;
+                break;
+
             default:
                 throw new NoSuchAlgorithmException(
-                    "Unsupported HMAC type");
+                    "Unsupported MAC type");
         }
 
         if (WolfCryptDebug.DEBUG) {
@@ -132,7 +152,13 @@ private WolfCryptMac(HmacType type)
     @Override
     protected byte[] engineDoFinal() {
 
-        byte[] out = this.hmac.doFinal();
+        byte[] out = null;
+
+        if (macType == MacType.WC_AES_CMAC) {
+            out = this.aesCmac.doFinal();
+        } else {
+            out = this.hmac.doFinal();
+        }
 
         if (out != null) {
             log("final digest generated, len: " + out.length);
@@ -163,33 +189,53 @@ protected void engineInit(Key key, AlgorithmParameterSpec params)
         if (encodedKey == null)
             throw new InvalidKeyException("Key does not support encoding");
 
-        this.hmac.setKey(nativeHmacType, encodedKey);
+        try {
+            if (macType == MacType.WC_AES_CMAC) {
+                this.aesCmac.setKey(encodedKey);
+            } else {
+                this.hmac.setKey(nativeHmacType, encodedKey);
+            }
+        } catch (com.wolfssl.wolfcrypt.WolfCryptException e) {
+            throw new InvalidKeyException("Invalid key: " + e.getMessage());
+        }
 
         log("init with key and spec");
     }
 
     @Override
     protected void engineReset() {
-        this.hmac.reset();
+        if (macType == MacType.WC_AES_CMAC) {
+            this.aesCmac.reset();
+        } else {
+            this.hmac.reset();
+        }
 
         log("engine reset");
     }
 
     @Override
     protected void engineUpdate(byte input) {
-        this.hmac.update(input);
+        if (macType == MacType.WC_AES_CMAC) {
+            this.aesCmac.update(input);
+        } else {
+            this.hmac.update(input);
+        }
 
         log("update with single byte");
     }
 
     @Override
     protected void engineUpdate(byte[] input, int offset, int len) {
-        this.hmac.update(input, offset, len);
+        if (macType == MacType.WC_AES_CMAC) {
+            this.aesCmac.update(input, offset, len);
+        } else {
+            this.hmac.update(input, offset, len);
+        }
 
         log("update, offset: " + offset + ", len: " + len);
     }
 
-    private String typeToString(HmacType type) {
+    private String typeToString(MacType type) {
         switch (type) {
             case WC_HMAC_MD5:
                 return "MD5";
@@ -209,6 +255,10 @@ private String typeToString(HmacType type) {
                 return "SHA3-256";
             case WC_HMAC_SHA3_384:
                 return "SHA3-384";
+            case WC_HMAC_SHA3_512:
+                return "SHA3-512";
+            case WC_AES_CMAC:
+                return "AES-CMAC";
             default:
                 return "None";
         }
@@ -225,6 +275,8 @@ protected void finalize() throws Throwable {
         try {
             if (this.hmac != null)
                 this.hmac.releaseNativeStruct();
+            if (this.aesCmac != null)
+                this.aesCmac.releaseNativeStruct();
         } finally {
             super.finalize();
         }
@@ -241,7 +293,7 @@ public static final class wcHmacMD5 extends WolfCryptMac {
          *         native wolfCrypt level.
          */
         public wcHmacMD5() throws NoSuchAlgorithmException {
-            super(HmacType.WC_HMAC_MD5);
+            super(MacType.WC_HMAC_MD5);
         }
     }
 
@@ -256,7 +308,7 @@ public static final class wcHmacSHA1 extends WolfCryptMac {
          *         native wolfCrypt level.
          */
         public wcHmacSHA1() throws NoSuchAlgorithmException {
-            super(HmacType.WC_HMAC_SHA);
+            super(MacType.WC_HMAC_SHA);
         }
     }
 
@@ -271,7 +323,7 @@ public static final class wcHmacSHA224 extends WolfCryptMac {
          *         native wolfCrypt level.
          */
         public wcHmacSHA224() throws NoSuchAlgorithmException {
-            super(HmacType.WC_HMAC_SHA224);
+            super(MacType.WC_HMAC_SHA224);
         }
     }
 
@@ -286,7 +338,7 @@ public static final class wcHmacSHA256 extends WolfCryptMac {
          *         native wolfCrypt level.
          */
         public wcHmacSHA256() throws NoSuchAlgorithmException {
-            super(HmacType.WC_HMAC_SHA256);
+            super(MacType.WC_HMAC_SHA256);
         }
     }
 
@@ -301,7 +353,7 @@ public static final class wcHmacSHA384 extends WolfCryptMac {
          *         native wolfCrypt level.
          */
         public wcHmacSHA384() throws NoSuchAlgorithmException {
-            super(HmacType.WC_HMAC_SHA384);
+            super(MacType.WC_HMAC_SHA384);
         }
     }
 
@@ -316,7 +368,7 @@ public static final class wcHmacSHA512 extends WolfCryptMac {
          *         native wolfCrypt level.
          */
         public wcHmacSHA512() throws NoSuchAlgorithmException {
-            super(HmacType.WC_HMAC_SHA512);
+            super(MacType.WC_HMAC_SHA512);
         }
     }
 
@@ -331,7 +383,7 @@ public static final class wcHmacSHA3_224 extends WolfCryptMac {
          *         native wolfCrypt level.
          */
         public wcHmacSHA3_224() throws NoSuchAlgorithmException {
-            super(HmacType.WC_HMAC_SHA3_224);
+            super(MacType.WC_HMAC_SHA3_224);
         }
     }
 
@@ -346,7 +398,7 @@ public static final class wcHmacSHA3_256 extends WolfCryptMac {
          *         native wolfCrypt level.
          */
         public wcHmacSHA3_256() throws NoSuchAlgorithmException {
-            super(HmacType.WC_HMAC_SHA3_256);
+            super(MacType.WC_HMAC_SHA3_256);
         }
     }
 
@@ -361,7 +413,7 @@ public static final class wcHmacSHA3_384 extends WolfCryptMac {
          *         native wolfCrypt level.
          */
         public wcHmacSHA3_384() throws NoSuchAlgorithmException {
-            super(HmacType.WC_HMAC_SHA3_384);
+            super(MacType.WC_HMAC_SHA3_384);
         }
     }
 
@@ -376,7 +428,22 @@ public static final class wcHmacSHA3_512 extends WolfCryptMac {
          *         native wolfCrypt level.
          */
         public wcHmacSHA3_512() throws NoSuchAlgorithmException {
-            super(HmacType.WC_HMAC_SHA3_512);
+            super(MacType.WC_HMAC_SHA3_512);
+        }
+    }
+
+    /**
+     * wolfJCE AES-CMAC class
+     */
+    public static final class wcAesCmac extends WolfCryptMac {
+        /**
+         * Create new wcAesCmac object
+         *
+         * @throws NoSuchAlgorithmException if AES-CMAC is not available at
+         *         native wolfCrypt level.
+         */
+        public wcAesCmac() throws NoSuchAlgorithmException {
+            super(MacType.WC_AES_CMAC);
         }
     }
 }
@@ -209,6 +209,11 @@ private void registerServices() {
             put("Mac.HmacSHA3-512",
                     "com.wolfssl.provider.jce.WolfCryptMac$wcHmacSHA3_512");
         }
+        if (FeatureDetect.AesCmacEnabled()) {
+            put("Mac.AESCMAC",
+                    "com.wolfssl.provider.jce.WolfCryptMac$wcAesCmac");
+            put("Alg.Alias.Mac.AES-CMAC", "AESCMAC");
+        }
 
         /* Cipher */
         if (FeatureDetect.AesCbcEnabled()) {