diff --git a/FreeRTOS-Plus/Demo/corePKCS11_Windows_Simulator/aws_mbedtls_config.h b/FreeRTOS-Plus/Demo/corePKCS11_Windows_Simulator/aws_mbedtls_config.h
index 24df60316a..002ccce7a4 100644
--- a/FreeRTOS-Plus/Demo/corePKCS11_Windows_Simulator/aws_mbedtls_config.h
+++ b/FreeRTOS-Plus/Demo/corePKCS11_Windows_Simulator/aws_mbedtls_config.h
@@ -2137,7 +2137,7 @@ extern void vPortFree( void *pv );
  * Requires: MBEDTLS_AES_C or MBEDTLS_DES_C
  *
  */
-//#define MBEDTLS_CMAC_C
+#define MBEDTLS_CMAC_C
 
 /**
  * \def MBEDTLS_CTR_DRBG_C
diff --git a/FreeRTOS-Plus/Demo/corePKCS11_Windows_Simulator/core_pkcs11_config.h b/FreeRTOS-Plus/Demo/corePKCS11_Windows_Simulator/core_pkcs11_config.h
index 19b0351665..fdcaf50f02 100644
--- a/FreeRTOS-Plus/Demo/corePKCS11_Windows_Simulator/core_pkcs11_config.h
+++ b/FreeRTOS-Plus/Demo/corePKCS11_Windows_Simulator/core_pkcs11_config.h
@@ -139,6 +139,16 @@ extern void vLoggingPrintf( const char * pcFormatString,
  */
 #define pkcs11configJITP_CODEVERIFY_ROOT_CERT_SUPPORTED    0
 
+/**
+ * @brief The PKCS #11 label for the object to be used for HMAC operations.
+ */
+#define pkcs11configLABEL_HMAC_KEY                         "HMAC Key"
+
+/**
+ * @brief The PKCS #11 label for the object to be used for CMAC operations.
+ */
+#define pkcs11configLABEL_CMAC_KEY                         "CMAC Key"
+
 /**
  * @brief The PKCS #11 label for device private key.
  *
diff --git a/FreeRTOS-Plus/Demo/corePKCS11_Windows_Simulator/examples/objects.c b/FreeRTOS-Plus/Demo/corePKCS11_Windows_Simulator/examples/objects.c
index 5b47699437..9ac8258c9a 100644
--- a/FreeRTOS-Plus/Demo/corePKCS11_Windows_Simulator/examples/objects.c
+++ b/FreeRTOS-Plus/Demo/corePKCS11_Windows_Simulator/examples/objects.c
@@ -316,8 +316,8 @@ static void prvObjectGeneration( void )
 
     /* Labels are application defined strings that are used to identify an
      * object. It should not be NULL terminated. */
-    CK_BYTE pucPublicKeyLabel[] = { pkcs11configLABEL_DEVICE_PRIVATE_KEY_FOR_TLS };
-    CK_BYTE pucPrivateKeyLabel[] = { pkcs11configLABEL_DEVICE_PUBLIC_KEY_FOR_TLS };
+    CK_BYTE pucPublicKeyLabel[] = { pkcs11configLABEL_DEVICE_PUBLIC_KEY_FOR_TLS };
+    CK_BYTE pucPrivateKeyLabel[] = { pkcs11configLABEL_DEVICE_PRIVATE_KEY_FOR_TLS };
 
     /* CK_ATTRIBUTE's contain an attribute type, a value, and the length of
      * the value. An array of CK_ATTRIBUTEs is called a template. They are used
diff --git a/FreeRTOS-Plus/Demo/corePKCS11_Windows_Simulator/examples/sign_and_verify.c b/FreeRTOS-Plus/Demo/corePKCS11_Windows_Simulator/examples/sign_and_verify.c
index 728d9f9442..27ce70750e 100644
--- a/FreeRTOS-Plus/Demo/corePKCS11_Windows_Simulator/examples/sign_and_verify.c
+++ b/FreeRTOS-Plus/Demo/corePKCS11_Windows_Simulator/examples/sign_and_verify.c
@@ -164,7 +164,7 @@ void vPKCS11SignVerifyDemo( void )
     xResult = xFindObjectWithLabelAndClass( hSession, 
             pkcs11configLABEL_DEVICE_PUBLIC_KEY_FOR_TLS, 
             sizeof( pkcs11configLABEL_DEVICE_PUBLIC_KEY_FOR_TLS ) - 1UL, 
-            CKO_PRIVATE_KEY,
+            CKO_PUBLIC_KEY,
             &xPublicKeyHandle );
     configASSERT( xResult == CKR_OK );
     configASSERT( xPublicKeyHandle != CK_INVALID_HANDLE );