run FIPS tests on ant test, wrap AES-GCM SetExtIV, fix Fips.RsaSSL_Sign()

2022-01-05 14:02:45 -07:00 · 2022-01-05 14:02:45 -07:00 · 9c64fd108e
parent ae3ed2b5c8
commit 9c64fd108e
7 changed files with 401 additions and 112 deletions
--- a/build.xml
+++ b/build.xml
@ -306,6 +306,7 @@
                <fileset dir="${test.dir}">
                    <!--<include name="**/*TestSuite.java" />-->
                    <include name="com/wolfssl/wolfcrypt/test/*TestSuite.java" />
+                    <include name="com/wolfssl/wolfcrypt/test/fips/*TestSuite.java" />
                    <include if="jar.includes.jce" name="com/wolfssl/provider/jce/test/*TestSuite.java" />
                </fileset>
            </batchtest>
--- a/jni/include/com_wolfssl_wolfcrypt_Fips.h
+++ b/jni/include/com_wolfssl_wolfcrypt_Fips.h
@ -137,6 +137,22 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_AesGcmSetKey_1fips__Lcom_
 JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_AesGcmSetKey_1fips__Lcom_wolfssl_wolfcrypt_Aes_2_3BJ
  (JNIEnv *, jclass, jobject, jbyteArray, jlong);

+/*
+ * Class:     com_wolfssl_wolfcrypt_Fips
+ * Method:    AesGcmSetExtIV_fips
+ * Signature: (Lcom/wolfssl/wolfcrypt/Aes;Ljava/nio/ByteBuffer;J)I
+ */
+JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_AesGcmSetExtIV_1fips__Lcom_wolfssl_wolfcrypt_Aes_2Ljava_nio_ByteBuffer_2J
+  (JNIEnv *, jclass, jobject, jobject, jlong);
+
+/*
+ * Class:     com_wolfssl_wolfcrypt_Fips
+ * Method:    AesGcmSetExtIV_fips
+ * Signature: (Lcom/wolfssl/wolfcrypt/Aes;[BJ)I
+ */
+JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_AesGcmSetExtIV_1fips__Lcom_wolfssl_wolfcrypt_Aes_2_3BJ
+  (JNIEnv *, jclass, jobject, jbyteArray, jlong);
+
 /*
 * Class:     com_wolfssl_wolfcrypt_Fips
 * Method:    AesGcmEncrypt_fips
--- a/jni/jni_fips.c
+++ b/jni/jni_fips.c
@ -269,6 +269,76 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_AesSetKey_1fips__Lcom_wol
    return ret;
 }

+JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_AesGcmSetExtIV_1fips__Lcom_wolfssl_wolfcrypt_Aes_2Ljava_nio_ByteBuffer_2J
+  (JNIEnv* env, jclass class, jobject aes_object, jobject iv_buffer, jlong size)
+{
+    jint ret = NOT_COMPILED_IN;
+
+#if defined(HAVE_FIPS) && (defined(HAVE_FIPS_VERSION) && \
+    (HAVE_FIPS_VERSION >= 2)) && !defined(NO_AES) && defined(HAVE_AESGCM)
+
+    Aes* aes = NULL;
+    byte* iv = NULL;
+
+    aes = (Aes*) getNativeStruct(env, aes_object);
+    if ((*env)->ExceptionOccurred(env)) {
+        /* prevent additional JNI calls with pending exception */
+        return BAD_FUNC_ARG;
+    }
+
+    iv = getDirectBufferAddress(env, iv_buffer);
+
+    if (aes == NULL || iv == NULL || size < 0) {
+        return BAD_FUNC_ARG;
+    }
+
+    ret = AesGcmSetExtIV_fips(aes, iv, (word32)size);
+
+    LogStr("AesGcmSetExtIV_fips(aes=%p, iv) = %d\n", aes, ret);
+    LogStr("iv[%u]: [%p]\n", (word32)size, iv);
+    LogHex(iv, 0, size);
+
+#endif
+
+    return ret;
+}
+
+JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_AesGcmSetExtIV_1fips__Lcom_wolfssl_wolfcrypt_Aes_2_3BJ
+  (JNIEnv* env, jclass class, jobject aes_object, jbyteArray iv_buffer, jlong size)
+{
+    jint ret = NOT_COMPILED_IN;
+
+#if defined(HAVE_FIPS) && (defined(HAVE_FIPS_VERSION) && \
+    (HAVE_FIPS_VERSION >= 1)) && !defined(NO_AES) && defined(HAVE_AESGCM)
+
+    Aes* aes = NULL;
+    byte* iv = NULL;
+
+    aes = (Aes*) getNativeStruct(env, aes_object);
+    if ((*env)->ExceptionOccurred(env)) {
+        /* prevent additional JNI calls with pending exception */
+        return BAD_FUNC_ARG;
+    }
+
+    iv = getByteArray(env, iv_buffer);
+
+    if (aes == NULL || iv == NULL || size < 0) {
+        return BAD_FUNC_ARG;
+    }
+
+    ret = AesGcmSetExtIV_fips(aes, iv, (word32)size);
+
+    LogStr("AesGcmSetExtIV_fips(aes=%p, iv) = %d\n", aes, ret);
+    LogStr("iv[%u]: [%p]\n", (word32)size, iv);
+    LogHex(iv, 0, size);
+
+    releaseByteArray(env, iv_buffer, iv, 1);
+
+#endif
+
+    return ret;
+}
+
 JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_AesSetIV_1fips__Lcom_wolfssl_wolfcrypt_Aes_2Ljava_nio_ByteBuffer_2(
    JNIEnv* env, jclass class, jobject aes_object, jobject iv_buffer)
 {
@ -581,8 +651,9 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_AesGcmEncrypt_1fips__Lcom
    authIn  = getDirectBufferAddress(env, authIn_buffer);

    if (!aes || !out || !in || (!iv && ivSz) || (!authTag && authTagSz)
-        || (!authIn && authInSz))
+        || (!authIn && authInSz)) {
        return BAD_FUNC_ARG;
+    }

    ret = AesGcmEncrypt_fips(aes, out, in, (word32) size, iv, (word32) ivSz,
        authTag, (word32) authTagSz, authIn, (word32) authInSz);
@ -636,11 +707,14 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_AesGcmEncrypt_1fips__Lcom
    authIn  = getByteArray(env, authIn_buffer);

    if (!aes || !out || !in || (!iv && ivSz) || (!authTag && authTagSz)
-        || (!authIn && authInSz))
+        || (!authIn && authInSz)) {
        ret = BAD_FUNC_ARG;
-    else
+
+    }
+    else {
        ret = AesGcmEncrypt_fips(aes, out, in, (word32) size, iv, (word32) ivSz,
            authTag, (word32) authTagSz, authIn, (word32) authInSz);
+    }

    LogStr(
        "AesGcmEncrypt_fips(aes=%p, out, in, iv, authTag, authIn) = %d\n",
@ -1577,9 +1651,11 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_RsaSSL_1Sign_1fips___3BJ_
    byte* out   = NULL;
    RsaKey* key = NULL;
    RNG* rng    = NULL;
+    word32 inSz = 0;
+    word32 outSz = 0;

    key = (RsaKey*) getNativeStruct(env, rsa_object);
-    if ((!key) || ((*env)->ExceptionOccurred(env))) {
+    if (key == NULL || (*env)->ExceptionOccurred(env)) {
        /* prevent additional JNI calls with pending exception */
        return BAD_FUNC_ARG;
    }
@ -1590,16 +1666,23 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_RsaSSL_1Sign_1fips___3BJ_
        return BAD_FUNC_ARG;
    }

-    in  = getByteArray(env, in_object);
-    out = getByteArray(env, out_object);
+    in    = getByteArray(env, in_object);
+    inSz  = getByteArrayLength(env, in_object);
+    out   = getByteArray(env, out_object);
+    outSz = getByteArrayLength(env, out_object);

-    /**
-     * Providing an rng is optional. RNG_GenerateBlock will return BAD_FUNC_ARG
-     * on a NULL rng if an RNG is needed by RsaPad.
-     */
-    ret = (!in || !out)
-        ? BAD_FUNC_ARG
-        : RsaSSL_Sign_fips(in, inLen, out, outLen, key, rng);
+    /* sanity check on array pointers and sizes */
+    if (in == NULL || out == NULL ||
+        (inSz < (word32)inLen) || (outSz < outLen)) {
+        ret = BAD_FUNC_ARG;
+    }
+    else {
+        /**
+         * Providing an rng is optional. RNG_GenerateBlock will return
+         * BAD_FUNC_ARG on a NULL rng if an RNG is needed by RsaPad.
+         */
+        ret = RsaSSL_Sign_fips(in, inLen, out, outLen, key, rng);
+    }

    LogStr("RsaSSL_Sign_fips(in, inLen, out, outLen, key=%p, rng=%p) = %d\n",
        key, rng, ret);
@ -1609,8 +1692,14 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_RsaSSL_1Sign_1fips___3BJ_
    LogHex((byte*) out, 0, outLen);

    releaseByteArray(env, in_object, in, 1);
-    releaseByteArray(env, out_object, out, ret);
-
+    if (ret < 0) {
+        /* JNI_ABORT, free local array, don't copy back */
+        releaseByteArray(env, out_object, out, 1);
+    }
+    else {
+        /* free local array, copy data back to src */
+        releaseByteArray(env, out_object, out, 0);
+    }
 #endif

    return ret;
@ -1665,26 +1754,35 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_RsaSSL_1Verify_1fips___3B
    byte* in    = NULL;
    byte* out   = NULL;
    RsaKey* key = NULL;
+    word32 inSz = 0;
+    word32 outSz = 0;

    key = (RsaKey*) getNativeStruct(env, rsa_object);
-    if ((!key) || ((*env)->ExceptionOccurred(env))) {
+    if (key == NULL || (*env)->ExceptionOccurred(env)) {
        /* prevent additional JNI calls with pending exception */
        return BAD_FUNC_ARG;
    }

-    in  = getByteArray(env, in_object);
-    out = getByteArray(env, out_object);
+    in    = getByteArray(env, in_object);
+    inSz  = getByteArrayLength(env, in_object);
+    out   = getByteArray(env, out_object);
+    outSz = getByteArrayLength(env, out_object);

-    ret = (!in || !out)
-        ? BAD_FUNC_ARG
-        : RsaSSL_Verify_fips(in, inLen, out, outLen, key);
+    /* sanity check on array pointers and sizes */
+    if (in == NULL || out == NULL ||
+        (inSz < (word32)inLen) || (outSz < outLen)) {
+        ret = BAD_FUNC_ARG;
+    }
+    else {
+        ret = RsaSSL_Verify_fips(in, inLen, out, outLen, key);

-    LogStr("RsaSSL_Verify_fips(in, inLen, out, outLen, key=%p) = %d\n", key,
-        ret);
-    LogStr("in[%u]: [%p]\n", (word32)inLen, in);
-    LogHex((byte*) in, 0, inLen);
-    LogStr("out[%u]: [%p]\n", (word32)outLen, out);
-    LogHex((byte*) out, 0, outLen);
+        LogStr("RsaSSL_Verify_fips(in, inLen, out, outLen, key=%p) = %d\n",
+               key, ret);
+        LogStr("in[%u]: [%p]\n", (word32)inLen, in);
+        LogHex((byte*) in, 0, inLen);
+        LogStr("out[%u]: [%p]\n", (word32)outLen, out);
+        LogHex((byte*) out, 0, outLen);
+    }

    releaseByteArray(env, in_object, in, 1);
    releaseByteArray(env, out_object, out, ret < 0);
--- a/src/main/java/com/wolfssl/wolfcrypt/Fips.java
+++ b/src/main/java/com/wolfssl/wolfcrypt/Fips.java
@ -261,6 +261,32 @@ public class Fips extends WolfObject {
 	public static native int AesGcmSetKey_fips(Aes aes, byte[] userKey,
 			long keylen);

+	/**
+	 * Initializes Aes object with external IV for AES-GCM.
+	 *
+	 * @param aes
+	 *            the Aes object.
+	 * @param iv
+	 *            the initialization vector.
+	 *
+	 * @return 0 on success, {@literal <} 0 on error.
+	 */
+    public static native int AesGcmSetExtIV_fips(Aes aes, ByteBuffer iv,
+            long ivlen);
+
+	/**
+	 * Initializes Aes object with external IV for AES-GCM.
+	 *
+	 * @param aes
+	 *            the Aes object.
+	 * @param iv
+	 *            the initialization vector.
+	 *
+	 * @return 0 on success, {@literal <} 0 on error.
+	 */
+    public static native int AesGcmSetExtIV_fips(Aes aes, byte[] iv,
+            long ivlen);
+
 	/**
 	 * Performs aes GCM Encryption.
 	 * 
--- a/src/test/java/com/wolfssl/wolfcrypt/test/fips/AesFipsTest.java
+++ b/src/test/java/com/wolfssl/wolfcrypt/test/fips/AesFipsTest.java
@ -475,6 +475,11 @@ public class AesFipsTest extends FipsTest {
 			assertEquals(WolfCrypt.SUCCESS,
 					Fips.AesGcmSetKey_fips(enc, key, keys[i].length() / 2));

+            if (Fips.fipsVersion >= 2) {
+            assertEquals(WolfCrypt.SUCCESS,
+                    Fips.AesGcmSetExtIV_fips(enc, iv, ivs[i].length() / 2));
+            }
+
 			assertEquals(WolfCrypt.SUCCESS, Fips.AesGcmEncrypt_fips(enc,
 					cipher, input, inputs[i].length() / 2, iv,
 					ivs[i].length() / 2, tag, tags[i].length() / 2, aad,
@ -608,15 +613,19 @@ public class AesFipsTest extends FipsTest {
 			byte[] expected = Util.h2b(tags[i]);

 			assertEquals(WolfCrypt.SUCCESS,
-					Fips.AesGcmSetKey_fips(enc, key, keys[i].length() / 2));
+					Fips.AesGcmSetKey_fips(enc, key, key.length));

-			assertEquals(WolfCrypt.SUCCESS, Fips.AesGcmEncrypt_fips(enc,
-					cipher, input, inputs[i].length() / 2, iv,
-					ivs[i].length() / 2, tag, tags[i].length() / 2, aad,
-					aads[i].length() / 2));
+            if (Fips.fipsVersion >= 2) {
+                assertEquals(WolfCrypt.SUCCESS,
+                        Fips.AesGcmSetExtIV_fips(enc, iv, iv.length));
+            }

-			assertArrayEquals(expected, tag);
-			assertArrayEquals(output, cipher);
+            assertEquals(WolfCrypt.SUCCESS, Fips.AesGcmEncrypt_fips(enc,
+                cipher, input, input.length, iv, iv.length, tag, tag.length,
+                aad, aad.length));
+
+            assertArrayEquals(expected, tag);
+            assertArrayEquals(output, cipher);
 		}
 	}
 }
--- a/src/test/java/com/wolfssl/wolfcrypt/test/fips/Des3FipsTest.java
+++ b/src/test/java/com/wolfssl/wolfcrypt/test/fips/Des3FipsTest.java
@ -25,6 +25,8 @@ import static org.junit.Assert.*;

 import java.nio.ByteBuffer;

+import org.junit.Assume;
+import org.junit.BeforeClass;
 import org.junit.Test;

 import com.wolfssl.wolfcrypt.Des3;
@ -32,6 +34,8 @@ import com.wolfssl.wolfcrypt.WolfCrypt;
 import com.wolfssl.wolfcrypt.Fips;

 import com.wolfssl.wolfcrypt.test.Util;
+import com.wolfssl.wolfcrypt.WolfCryptError;
+import com.wolfssl.wolfcrypt.WolfCryptException;

 public class Des3FipsTest extends FipsTest {
 	private ByteBuffer vector = ByteBuffer.allocateDirect(Des3.BLOCK_SIZE);
@ -41,6 +45,18 @@ public class Des3FipsTest extends FipsTest {
 	private ByteBuffer key = ByteBuffer.allocateDirect(Des3.KEY_SIZE);
 	private ByteBuffer iv = ByteBuffer.allocateDirect(Des3.BLOCK_SIZE);

+    @BeforeClass
+    public static void checkAvailability() {
+        try {
+            new Des3();
+        } catch (WolfCryptException e) {
+            if (e.getError() == WolfCryptError.NOT_COMPILED_IN) {
+                System.out.println("Des3 test skipped: " + e.getError());
+            }
+            Assume.assumeNoException(e);
+        }
+    }
+
 	@Test
 	public void setKeyWithNullIVShouldReturnZeroUsingByteBuffer() {
 		key.put(Util.h2b("000111222333444555666777888999aaabbbcccdddeeefff"))
--- a/src/test/java/com/wolfssl/wolfcrypt/test/fips/RsaFipsTest.java
+++ b/src/test/java/com/wolfssl/wolfcrypt/test/fips/RsaFipsTest.java
@ -66,109 +66,232 @@ public class RsaFipsTest extends FipsTest {

 	@Test
 	public void VerifyShouldMatchUsingByteBuffer() {
-		String[] modulus = new String[] {
-				"aff5f9e2e2622320d44dbf54f2274a0f96fa7d70a63ddaa563f4881143112bb3c36fe65ba0c9ad99d6fb6e53cb08e3938ee415b3a8cb7f9602f2154fab83dd160fa6f509ba2c41295af9eea8787d333e961461447fc60b3c61616ef5b94e822114e6fad44d1f2c476bc23bc03609e2e70a483d826409fdb7c50a91269a773976ef137e7fa477c3951e8fbcb48f2378aa5e430e8c60b481beeb63df9abe10c7ccf266e394fbd925e8725e4675fb6ad895caed4b31d751c8712533e1c42ebefe9166e1aa20631521858c7548c61626ede105f2812632bac96eb769c9be560beef4200b86409727a5a61d1cc5831785ba4d42f02dd298a56bbbd6c479ce724d5bb5",
-				"aa9100d03c11b45942ada8e3b23912bc1350522e970f0d0e3bbf63f11c69c6de8d815f02a2c16c7cbe9bf85f6df59ede3f495274b23331a71e8e8ac8b2b877b64ffeda0ffa0f28b71f4fcf35454eeb8afa3f2033e0c5c0a88c647cc9f95f072837d243f46cf37dbf5c8a871daf2b28c66615a53733b1a04cf9f5356cdf7b549971bc978bfdd0e5b383ade039978f9ecf2d2949391ce386acddd0a5d009b6e7cd79af069d8ec123217adf541ca7f6d6dd67180b94f34b985501a169ace495e6eb2ae1955556de5e589307f9f6d53bcc82ff67eb0cab511490903cf1ec8fd00242400a02335542073f7c074b5ef8907ef460b065b8c2a404fed15ba84cd9f8103b",
-				"a40bf41a33f394ef10efc0e1f26a7c20f8929b43c4cfa4c8718152af3418d2494e1f88173608bc6c6d8946e79a0e3732f5aee128ea29e86f71d56b25971068d8b87b567cd71f426788936560977e9492b66b522854b44206107152b1b498b21fd8e1f02b8c9f6a063e8fb9967bd22c3706f2d68613c0ed6cd5524460210ffc4a4d18b88b7c03ce5315e66833ad1f6868d8851613ff635811a119917bc5c84e6b94659f3ef3b972d3d18c26be6d57ce9a2f5260fa6860dbca9f7f61ab9b2f998abea8c495e314f5fa1d13d0a31e175d21f7d84ab879a31a4b66f77f589e267890af0b5e625e68c6525461e60d2a70febdcfcb2d7870370f5bac926581a262069f", };
-		String[] exponent = new String[] {
-				"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d0ee61",
-				"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e92e95",
-				"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004fa87f", };
 		String[] messages = new String[] {
-				"e6fd961dc2977a9c08be5c31d8de89450945a53d79299ea2a1edde7f6da0c50b4ac75688805c306bc216c0bd03ebb6c18cd4b5d74cd04fa06f2b3063320099b0f5fd11439166572aed5c9a2bcc60ec60e913f524463fe433c11bab0ce8cb6c9a0e272e149fbdd522b0195141da441568498acbec108046a1bf46b842380a2512",
-				"e9ebe4ea39974ea1730cc4072d5c9d649facf7adfa3baca8fba18251bf55a27dd9724cbda2bbc885d0dca08d4af30c783b4eaeb465767fa1b96d0af52435d85fab912b6aba10efa5b946ed01e15d427a4ecd0ff9556773791798b66956ecc75288d1e9ba2a9ea94857d3132999a225b1ffaf844670156e7a3ea9f077fe8259a0",
-				"b486fb4b03d8912cb4019db651ba040612a6f26b9932296cdfc1990c6f06314cd2b0f6f24a4d5289c368aea906f5437830f02c716240c064bbe120be83420c0ba9ecfbb970656a1f655474be94e5a3c6fb6f06dc3f55831a9e2a6f5725185ca923823229dde882f6830b167d6352cdf75d6da63297381a9572e2af5fbc4eca2f", };
-		String[] signatures = new String[] {
-				"22616f85fe79f912d6038613dca4a1500fda73272782843c5d95de1b02325f57f65bb3b2f07e38986afab6864de1f2ae5ae57a609513a4d642c3d656b6830c226be3967dcb65d7f9c4ca9d113ceede7a418eaf0a1e8b68454c38561a448a07cbebefd77c14117bfca6fa67d7b2872b92a35d628ccdba7d8069af8ea1602e9ad1ae4939a9e8292f587fda580d023747c2a11d023d9dde963a99bedef8bbe26b1de43a58ca5bcfc6045bb7d427b132b8540280c5941c8dba59a61afbfdffd8872ecbc57fe281a577648f0764b3a579e38c7ba33bb88e25c60096d5fd7d33fa82bcc87c69a56c34440a0c0917da75c2d4e7b7abea67b74d35cd101ff41d83e3ad3e",
-				"479501e1d5e5320ce739266ee5b8789773fae310abac6acb312184af13884fce6f3771ce5c5d649320d62d35ac0de49f85b278a164948a8c9b733ab10779f9ae929e227d5d80915b1c49018e72498b551ae7321f3f959f458bac36c8e06ce0273ec74552f2dc9b26b7a7094ea7fe880f6af8a0b205a44dd7cc67d08d8bb4f500e22f1634d4330c1e7c0b27b1dcde1853c743c90de1b3b196d420b45368d06071cb2dba1e8316b9ca21bd9ba18d4f3ee753fb66b5c8517226aee9d0d12fa7d59600078db95b16ac9f74ad41660d93d0f18391a35fe81e4a2b6be37b382c3be622db2a1f4c3bf165ae5f6783699410a9be019546f98b5239de00863d43ec54896d",
-				"03ff375c15fd574a7a708974ab7b26a8ee97527fb3b558313d036313d57f13bfe591367ca0b623a01dc72295e34b737e5a4034024d440dda66fc8288f3ef0e92a8bf95949ef2b95e4ed937c79bfbd865c7f0d69d3eee64281945f10a1f1fceed9372dc85b4ae33252aad7935cb73ab486211bb55366d68a8808ec92c2b06e35fe0e7e85f93d853a997ea9eca825e88ef6849c2e03c16c72f0f41e5d2820e8e2c686dd9c11fb59d6b0d93d350691a7ae0eb12115148279a7903d8d8c0ca4396c66c8dda41abb458b61064ad05672164a68c9d7c8e0323155a58cd6566430645dea7737e1ee8b5edc378df6b62e308bd531205f4c03715015e4043419a687c702e", };
+                "e6fd961dc2977a9c08be5c31d8de89450945a53d79299ea2a1ed" +
+                "de7f6da0c50b4ac75688805c306bc216c0bd03ebb6c18cd4b5d7" +
+                "4cd04fa06f2b3063320099b0f5fd11439166572aed5c9a2bcc60" +
+                "ec60e913f524463fe433c11bab0ce8cb6c9a0e272e149fbdd522" +
+                "b0195141da441568498acbec108046a1bf46b842380a2512",

-		for (int i = 0; i < messages.length; i++) {
-			Rsa key = new Rsa();
+                "e9ebe4ea39974ea1730cc4072d5c9d649facf7adfa3baca8fba1" +
+                "8251bf55a27dd9724cbda2bbc885d0dca08d4af30c783b4eaeb4" +
+                "65767fa1b96d0af52435d85fab912b6aba10efa5b946ed01e15d" +
+                "427a4ecd0ff9556773791798b66956ecc75288d1e9ba2a9ea948" +
+                "57d3132999a225b1ffaf844670156e7a3ea9f077fe8259a0",

-			n.put(Util.h2b(modulus[i])).rewind();
-			e.put(Util.h2b(exponent[i])).rewind();
-			message.put(Util.h2b(messages[i])).rewind();
-			signature.put(Util.h2b(signatures[i])).rewind();
+                "b486fb4b03d8912cb4019db651ba040612a6f26b9932296cdfc1" +
+                "990c6f06314cd2b0f6f24a4d5289c368aea906f5437830f02c71" +
+                "6240c064bbe120be83420c0ba9ecfbb970656a1f655474be94e5" +
+                "a3c6fb6f06dc3f55831a9e2a6f5725185ca923823229dde882f6" +
+                "830b167d6352cdf75d6da63297381a9572e2af5fbc4eca2f", };

-			assertEquals(WolfCrypt.SUCCESS, Fips.InitRsaKey_fips(key, null));
-			key.decodeRawPublicKey(n, n.limit(), e, e.limit());
+		Rng rng  = new Rng();
+        Rsa priv = new Rsa(Util
+            .h2b("308204a40201000282010100c303d12bfe39a432453b53c8842b2a7c"
+               + "749abdaa2a520747d6a636b207328ed0ba697bc6c3449ed48148"
+               + "fd2d68a28b67bba175c8362c4ad21bf78bbacf0df9efecf1811e"
+               + "7b9b03479abf65cc7f652469a6e814895be434f7c5b01493f567"
+               + "7b3a7a78e101565691a613428dd23c409c4cefd186df37511b0c"
+               + "a13bf5f1a34a35e4e1ce96df1b7ebf4e97d010e8a8083081af20"
+               + "0b4314c57467b432826f8d86c28840993683ba1e40722217d752"
+               + "652473b0ceef19cdaeff786c7bc01203d44e720d506d3ba33ba3"
+               + "995e9dc8d90c85b3d98ad95426db6dfaacbbff254cc4d179f471"
+               + "d386401813b063b5724e30c49784862d562fd715f77fc0aef5fc"
+               + "5be5fba1bad302030100010282010100a2e6d85f107164089e2e"
+               + "6dd16d1e85d20ab18c47ce2c516aa0129e53de914c1d6dea597b"
+               + "f277aad9c6d98aabd8e116e46326ffb56c1359b8e3a5c872172e"
+               + "0c9f6fe5593f766f49b111c25a2e16290ddeb78edc40d5a2eee0"
+               + "1ea1f4be97db86639614cd9809602d30769c3ccde688ee479279"
+               + "0b5a00e25e5f117c7df908b72006892a5dfd00ab22e1f0b3bc24"
+               + "a95e260e1f002dfe219a535b6dd32bab9482684336d8f62fc622"
+               + "fcb5415d0d3360eaa47d7ee84b559156d35c578f1f94172faade"
+               + "e99ea8f4cf8a4c8ea0e45673b2cf4f86c5693cf324208b5c960c"
+               + "fa6b123b9a67c1dfc696b2a5d5920d9b094268241045d450e417"
+               + "3948d0358b946d11de8fca5902818100ea24a7f96933e971dc52"
+               + "7d8821282f49deba7216e9cc477a880d94578458163a81b03fa2"
+               + "cfa66c1eb00629008fe77776acdbcac7d95e9b3f269052aefc38"
+               + "900014bbb40f5894e72f6a7e1c4f4121d431591f4e8a1a8da757"
+               + "6c22d8e5f47e32a610cb64a5550387a627058cc3d7b627b24dba"
+               + "30da478f54d33d8b848d949858a502818100d5381bc38fc5930c"
+               + "470b6f3592c5b08d46c892188ff5800af7efa1fe80b9b52abaca"
+               + "18b05da507d0938dd89c041cd4628ea6268101ffce8a2a633435"
+               + "40aa6d80de89236a574d9e6ead934e56900b6d9d738b0cae273d"
+               + "de4ef0aac56c78676c94529c37676c2defbbafdfa6903cc447cf"
+               + "8d969e98a9b49fc5a650dcb3f0fb74170281805e830962bdba7c"
+               + "a2bf4274f57c1cd269c9040d857e3e3d2412c3187bf329f35f0e"
+               + "766c5975e44184699d32f3cd22abb035ba4ab23ce5d958b6624f"
+               + "5ddee59e0aca53b22cf79eb36b0a5b7965ec6e914e9220f6fcfc"
+               + "16edd3760ce2ec7fb269136b780e5a4664b45eb725a05a753a4b"
+               + "efc73c3ef7fd26b820c4990a9a73bec31902818100ba449314ac"
+               + "34193b5f9160acf7b4d681053651533de865dcaf2edc613ec97d"
+               + "b87f87f03b9b03822937ce724e11d5b1c10c07a099914a8d7fec"
+               + "79cff139b5e985ec62f7da7dbc644d223c0ef2d651f587d899c0"
+               + "11205d0f29fd5be2aed91cd921566dfc84d05fed10151c1821e7"
+               + "c43d4bd7d09e6a95cf22c9037b9ee36001fc2f02818011d04bcf"
+               + "1b67b99f1075478665ae31c2c630ac590650d90fb57006f7f0d3"
+               + "c8627ca8da6ef6213fd37f5fea8aab3fd92a5ef351d2c23037e3"
+               + "2da3750d1e4d2134d557705c89bf72ec4a6e68d5cd1874334e8c"
+               + "3a458fe69640eb63f919863a51dd894bb0f3f99f5d289538be35"
+               + "abca5ce7935334a1455d1339654246a19fcdf5bf"));

-			Sha256 sha = new Sha256();
+        byte[] n_out = new byte[256];
+        byte[] e_out = new byte[3];
+        long[] n_len = new long[1];
+        long[] e_len = new long[1];
+        n_len[0] = n_out.length;
+        e_len[0] = e_out.length;

-			assertEquals(WolfCrypt.SUCCESS, Fips.InitSha256_fips(sha));
-			assertEquals(WolfCrypt.SUCCESS,
-					Fips.Sha256Update_fips(sha, message, message.limit()));
-			assertEquals(WolfCrypt.SUCCESS, Fips.Sha256Final_fips(sha, hash));
+        priv.exportRawPublicKey(n_out, n_len, e_out, e_len);
+        priv.setRng(rng);

-			encoded.limit(Asn.MAX_ENCODED_SIG_SIZE);
-			result.limit(Asn.MAX_ENCODED_SIG_SIZE);
+        Rsa pub = new Rsa(n_out, e_out);

-			Asn.encodeSignature(encoded, hash, Sha256.DIGEST_SIZE,
-					Asn.getCTC_HashOID(Sha256.TYPE));
+        for (int i = 0; i < messages.length; i++) {

-			assertEquals(encoded.limit(), Fips.RsaSSL_Verify_fips(signature,
-					signature.limit(), result, result.limit(), key));
+            /* build encoded hash */
+            message.put(Util.h2b(messages[i])).rewind();
+            Sha256 sha = new Sha256();

-			result.limit(encoded.limit());
+            assertEquals(WolfCrypt.SUCCESS, Fips.InitSha256_fips(sha));
+            assertEquals(WolfCrypt.SUCCESS,
+                Fips.Sha256Update_fips(sha, message, message.limit()));
+            assertEquals(WolfCrypt.SUCCESS, Fips.Sha256Final_fips(sha, hash));

-			assertEquals(encoded, result);
+            encoded.limit(Asn.MAX_ENCODED_SIG_SIZE);

-			assertEquals(WolfCrypt.SUCCESS, Fips.FreeRsaKey_fips(key));
-		}
-	}
+            Asn.encodeSignature(encoded, hash, Sha256.DIGEST_SIZE,
+                Asn.getCTC_HashOID(Sha256.TYPE));
+
+            /* sign encoded message */
+            assertEquals(signature.limit(), Fips.RsaSSL_Sign_fips(encoded,
+                encoded.limit(), signature, signature.limit(),
+                priv, rng));
+
+            /* verify message */
+            result.limit(Asn.MAX_ENCODED_SIG_SIZE);
+
+            assertEquals(encoded.limit(), Fips.RsaSSL_Verify_fips(signature,
+                signature.limit(), result, result.limit(), pub));
+
+            result.limit(encoded.limit());
+
+            assertEquals(encoded, result);
+        }
+    }

 	@Test
 	public void VerifyShouldMatchUsingByteArray() {
-		String[] modulus = new String[] {
-				"aff5f9e2e2622320d44dbf54f2274a0f96fa7d70a63ddaa563f4881143112bb3c36fe65ba0c9ad99d6fb6e53cb08e3938ee415b3a8cb7f9602f2154fab83dd160fa6f509ba2c41295af9eea8787d333e961461447fc60b3c61616ef5b94e822114e6fad44d1f2c476bc23bc03609e2e70a483d826409fdb7c50a91269a773976ef137e7fa477c3951e8fbcb48f2378aa5e430e8c60b481beeb63df9abe10c7ccf266e394fbd925e8725e4675fb6ad895caed4b31d751c8712533e1c42ebefe9166e1aa20631521858c7548c61626ede105f2812632bac96eb769c9be560beef4200b86409727a5a61d1cc5831785ba4d42f02dd298a56bbbd6c479ce724d5bb5",
-				"aa9100d03c11b45942ada8e3b23912bc1350522e970f0d0e3bbf63f11c69c6de8d815f02a2c16c7cbe9bf85f6df59ede3f495274b23331a71e8e8ac8b2b877b64ffeda0ffa0f28b71f4fcf35454eeb8afa3f2033e0c5c0a88c647cc9f95f072837d243f46cf37dbf5c8a871daf2b28c66615a53733b1a04cf9f5356cdf7b549971bc978bfdd0e5b383ade039978f9ecf2d2949391ce386acddd0a5d009b6e7cd79af069d8ec123217adf541ca7f6d6dd67180b94f34b985501a169ace495e6eb2ae1955556de5e589307f9f6d53bcc82ff67eb0cab511490903cf1ec8fd00242400a02335542073f7c074b5ef8907ef460b065b8c2a404fed15ba84cd9f8103b",
-				"a40bf41a33f394ef10efc0e1f26a7c20f8929b43c4cfa4c8718152af3418d2494e1f88173608bc6c6d8946e79a0e3732f5aee128ea29e86f71d56b25971068d8b87b567cd71f426788936560977e9492b66b522854b44206107152b1b498b21fd8e1f02b8c9f6a063e8fb9967bd22c3706f2d68613c0ed6cd5524460210ffc4a4d18b88b7c03ce5315e66833ad1f6868d8851613ff635811a119917bc5c84e6b94659f3ef3b972d3d18c26be6d57ce9a2f5260fa6860dbca9f7f61ab9b2f998abea8c495e314f5fa1d13d0a31e175d21f7d84ab879a31a4b66f77f589e267890af0b5e625e68c6525461e60d2a70febdcfcb2d7870370f5bac926581a262069f", };
-		String[] exponent = new String[] {
-				"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d0ee61",
-				"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e92e95",
-				"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004fa87f", };
 		String[] messages = new String[] {
-				"e6fd961dc2977a9c08be5c31d8de89450945a53d79299ea2a1edde7f6da0c50b4ac75688805c306bc216c0bd03ebb6c18cd4b5d74cd04fa06f2b3063320099b0f5fd11439166572aed5c9a2bcc60ec60e913f524463fe433c11bab0ce8cb6c9a0e272e149fbdd522b0195141da441568498acbec108046a1bf46b842380a2512",
-				"e9ebe4ea39974ea1730cc4072d5c9d649facf7adfa3baca8fba18251bf55a27dd9724cbda2bbc885d0dca08d4af30c783b4eaeb465767fa1b96d0af52435d85fab912b6aba10efa5b946ed01e15d427a4ecd0ff9556773791798b66956ecc75288d1e9ba2a9ea94857d3132999a225b1ffaf844670156e7a3ea9f077fe8259a0",
-				"b486fb4b03d8912cb4019db651ba040612a6f26b9932296cdfc1990c6f06314cd2b0f6f24a4d5289c368aea906f5437830f02c716240c064bbe120be83420c0ba9ecfbb970656a1f655474be94e5a3c6fb6f06dc3f55831a9e2a6f5725185ca923823229dde882f6830b167d6352cdf75d6da63297381a9572e2af5fbc4eca2f", };
-		String[] signatures = new String[] {
-				"22616f85fe79f912d6038613dca4a1500fda73272782843c5d95de1b02325f57f65bb3b2f07e38986afab6864de1f2ae5ae57a609513a4d642c3d656b6830c226be3967dcb65d7f9c4ca9d113ceede7a418eaf0a1e8b68454c38561a448a07cbebefd77c14117bfca6fa67d7b2872b92a35d628ccdba7d8069af8ea1602e9ad1ae4939a9e8292f587fda580d023747c2a11d023d9dde963a99bedef8bbe26b1de43a58ca5bcfc6045bb7d427b132b8540280c5941c8dba59a61afbfdffd8872ecbc57fe281a577648f0764b3a579e38c7ba33bb88e25c60096d5fd7d33fa82bcc87c69a56c34440a0c0917da75c2d4e7b7abea67b74d35cd101ff41d83e3ad3e",
-				"479501e1d5e5320ce739266ee5b8789773fae310abac6acb312184af13884fce6f3771ce5c5d649320d62d35ac0de49f85b278a164948a8c9b733ab10779f9ae929e227d5d80915b1c49018e72498b551ae7321f3f959f458bac36c8e06ce0273ec74552f2dc9b26b7a7094ea7fe880f6af8a0b205a44dd7cc67d08d8bb4f500e22f1634d4330c1e7c0b27b1dcde1853c743c90de1b3b196d420b45368d06071cb2dba1e8316b9ca21bd9ba18d4f3ee753fb66b5c8517226aee9d0d12fa7d59600078db95b16ac9f74ad41660d93d0f18391a35fe81e4a2b6be37b382c3be622db2a1f4c3bf165ae5f6783699410a9be019546f98b5239de00863d43ec54896d",
-				"03ff375c15fd574a7a708974ab7b26a8ee97527fb3b558313d036313d57f13bfe591367ca0b623a01dc72295e34b737e5a4034024d440dda66fc8288f3ef0e92a8bf95949ef2b95e4ed937c79bfbd865c7f0d69d3eee64281945f10a1f1fceed9372dc85b4ae33252aad7935cb73ab486211bb55366d68a8808ec92c2b06e35fe0e7e85f93d853a997ea9eca825e88ef6849c2e03c16c72f0f41e5d2820e8e2c686dd9c11fb59d6b0d93d350691a7ae0eb12115148279a7903d8d8c0ca4396c66c8dda41abb458b61064ad05672164a68c9d7c8e0323155a58cd6566430645dea7737e1ee8b5edc378df6b62e308bd531205f4c03715015e4043419a687c702e", };
+                "e6fd961dc2977a9c08be5c31d8de89450945a53d79299ea2a1ed" +
+                "de7f6da0c50b4ac75688805c306bc216c0bd03ebb6c18cd4b5d7" +
+                "4cd04fa06f2b3063320099b0f5fd11439166572aed5c9a2bcc60" +
+                "ec60e913f524463fe433c11bab0ce8cb6c9a0e272e149fbdd522" +
+                "b0195141da441568498acbec108046a1bf46b842380a2512",

-		for (int i = 0; i < messages.length; i++) {
-			Rsa key = new Rsa();
+                "e9ebe4ea39974ea1730cc4072d5c9d649facf7adfa3baca8fba1" +
+                "8251bf55a27dd9724cbda2bbc885d0dca08d4af30c783b4eaeb4" +
+                "65767fa1b96d0af52435d85fab912b6aba10efa5b946ed01e15d" +
+                "427a4ecd0ff9556773791798b66956ecc75288d1e9ba2a9ea948" +
+                "57d3132999a225b1ffaf844670156e7a3ea9f077fe8259a0",

-			byte[] n = Util.h2b(modulus[i]);
-			byte[] e = Util.h2b(exponent[i]);
-			byte[] message = Util.h2b(messages[i]);
-			byte[] signature = Util.h2b(signatures[i]);
-			byte[] encoded = new byte[Asn.MAX_ENCODED_SIG_SIZE];
-			byte[] hash = new byte[Sha256.DIGEST_SIZE];
-			byte[] result = new byte[Asn.MAX_ENCODED_SIG_SIZE];
+                "b486fb4b03d8912cb4019db651ba040612a6f26b9932296cdfc1" +
+                "990c6f06314cd2b0f6f24a4d5289c368aea906f5437830f02c71" +
+                "6240c064bbe120be83420c0ba9ecfbb970656a1f655474be94e5" +
+                "a3c6fb6f06dc3f55831a9e2a6f5725185ca923823229dde882f6" +
+                "830b167d6352cdf75d6da63297381a9572e2af5fbc4eca2f", };

-			assertEquals(WolfCrypt.SUCCESS, Fips.InitRsaKey_fips(key, null));
-			key.decodeRawPublicKey(n, n.length, e, e.length);
+		Rng rng  = new Rng();
+        Rsa priv = new Rsa(Util
+            .h2b("308204a40201000282010100c303d12bfe39a432453b53c8842b2a7c"
+               + "749abdaa2a520747d6a636b207328ed0ba697bc6c3449ed48148"
+               + "fd2d68a28b67bba175c8362c4ad21bf78bbacf0df9efecf1811e"
+               + "7b9b03479abf65cc7f652469a6e814895be434f7c5b01493f567"
+               + "7b3a7a78e101565691a613428dd23c409c4cefd186df37511b0c"
+               + "a13bf5f1a34a35e4e1ce96df1b7ebf4e97d010e8a8083081af20"
+               + "0b4314c57467b432826f8d86c28840993683ba1e40722217d752"
+               + "652473b0ceef19cdaeff786c7bc01203d44e720d506d3ba33ba3"
+               + "995e9dc8d90c85b3d98ad95426db6dfaacbbff254cc4d179f471"
+               + "d386401813b063b5724e30c49784862d562fd715f77fc0aef5fc"
+               + "5be5fba1bad302030100010282010100a2e6d85f107164089e2e"
+               + "6dd16d1e85d20ab18c47ce2c516aa0129e53de914c1d6dea597b"
+               + "f277aad9c6d98aabd8e116e46326ffb56c1359b8e3a5c872172e"
+               + "0c9f6fe5593f766f49b111c25a2e16290ddeb78edc40d5a2eee0"
+               + "1ea1f4be97db86639614cd9809602d30769c3ccde688ee479279"
+               + "0b5a00e25e5f117c7df908b72006892a5dfd00ab22e1f0b3bc24"
+               + "a95e260e1f002dfe219a535b6dd32bab9482684336d8f62fc622"
+               + "fcb5415d0d3360eaa47d7ee84b559156d35c578f1f94172faade"
+               + "e99ea8f4cf8a4c8ea0e45673b2cf4f86c5693cf324208b5c960c"
+               + "fa6b123b9a67c1dfc696b2a5d5920d9b094268241045d450e417"
+               + "3948d0358b946d11de8fca5902818100ea24a7f96933e971dc52"
+               + "7d8821282f49deba7216e9cc477a880d94578458163a81b03fa2"
+               + "cfa66c1eb00629008fe77776acdbcac7d95e9b3f269052aefc38"
+               + "900014bbb40f5894e72f6a7e1c4f4121d431591f4e8a1a8da757"
+               + "6c22d8e5f47e32a610cb64a5550387a627058cc3d7b627b24dba"
+               + "30da478f54d33d8b848d949858a502818100d5381bc38fc5930c"
+               + "470b6f3592c5b08d46c892188ff5800af7efa1fe80b9b52abaca"
+               + "18b05da507d0938dd89c041cd4628ea6268101ffce8a2a633435"
+               + "40aa6d80de89236a574d9e6ead934e56900b6d9d738b0cae273d"
+               + "de4ef0aac56c78676c94529c37676c2defbbafdfa6903cc447cf"
+               + "8d969e98a9b49fc5a650dcb3f0fb74170281805e830962bdba7c"
+               + "a2bf4274f57c1cd269c9040d857e3e3d2412c3187bf329f35f0e"
+               + "766c5975e44184699d32f3cd22abb035ba4ab23ce5d958b6624f"
+               + "5ddee59e0aca53b22cf79eb36b0a5b7965ec6e914e9220f6fcfc"
+               + "16edd3760ce2ec7fb269136b780e5a4664b45eb725a05a753a4b"
+               + "efc73c3ef7fd26b820c4990a9a73bec31902818100ba449314ac"
+               + "34193b5f9160acf7b4d681053651533de865dcaf2edc613ec97d"
+               + "b87f87f03b9b03822937ce724e11d5b1c10c07a099914a8d7fec"
+               + "79cff139b5e985ec62f7da7dbc644d223c0ef2d651f587d899c0"
+               + "11205d0f29fd5be2aed91cd921566dfc84d05fed10151c1821e7"
+               + "c43d4bd7d09e6a95cf22c9037b9ee36001fc2f02818011d04bcf"
+               + "1b67b99f1075478665ae31c2c630ac590650d90fb57006f7f0d3"
+               + "c8627ca8da6ef6213fd37f5fea8aab3fd92a5ef351d2c23037e3"
+               + "2da3750d1e4d2134d557705c89bf72ec4a6e68d5cd1874334e8c"
+               + "3a458fe69640eb63f919863a51dd894bb0f3f99f5d289538be35"
+               + "abca5ce7935334a1455d1339654246a19fcdf5bf"));

-			Sha256 sha = new Sha256();
+        byte[] n_out = new byte[WolfCrypt.SIZE_OF_2048_BITS];
+        byte[] e_out = new byte[3];
+        long[] n_len = new long[1];
+        long[] e_len = new long[1];
+        n_len[0] = n_out.length;
+        e_len[0] = e_out.length;

-			assertEquals(WolfCrypt.SUCCESS, Fips.InitSha256_fips(sha));
-			assertEquals(WolfCrypt.SUCCESS,
-					Fips.Sha256Update_fips(sha, message, message.length));
-			assertEquals(WolfCrypt.SUCCESS, Fips.Sha256Final_fips(sha, hash));
+        priv.exportRawPublicKey(n_out, n_len, e_out, e_len);
+        priv.setRng(rng);

-			long encodedSz = Asn.encodeSignature(encoded, hash,
-					Sha256.DIGEST_SIZE, Asn.getCTC_HashOID(Sha256.TYPE));
+        Rsa pub = new Rsa(n_out, e_out);

-			assertEquals(encodedSz, Fips.RsaSSL_Verify_fips(signature,
-					signature.length, result, result.length, key));
+        for (int i = 0; i < messages.length; i++) {

-			assertArrayEquals(encoded, result);
+            byte[] message = Util.h2b(messages[i]);
+            byte[] encoded = new byte[Asn.MAX_ENCODED_SIG_SIZE];
+            byte[] hash = new byte[Sha256.DIGEST_SIZE];
+            byte[] result = new byte[Asn.MAX_ENCODED_SIG_SIZE];
+            byte[] sig = new byte[WolfCrypt.SIZE_OF_2048_BITS];

-			assertEquals(WolfCrypt.SUCCESS, Fips.FreeRsaKey_fips(key));
-		}
-	}
+            /* build encoded hash */
+            Sha256 sha = new Sha256();
+
+            assertEquals(WolfCrypt.SUCCESS, Fips.InitSha256_fips(sha));
+            assertEquals(WolfCrypt.SUCCESS,
+                Fips.Sha256Update_fips(sha, message, message.length));
+            assertEquals(WolfCrypt.SUCCESS, Fips.Sha256Final_fips(sha, hash));
+
+            long encodedSz = Asn.encodeSignature(encoded, hash,
+                Sha256.DIGEST_SIZE, Asn.getCTC_HashOID(Sha256.TYPE));
+
+            /* sign encoded message digest */
+            assertEquals(WolfCrypt.SIZE_OF_2048_BITS,
+                Fips.RsaSSL_Sign_fips(encoded, encodedSz,
+                    sig, sig.length, priv, rng));
+
+            /* verify signature */
+            assertEquals(encodedSz, Fips.RsaSSL_Verify_fips(sig,
+                sig.length, result, result.length, pub));
+
+            assertArrayEquals(encoded, result);
+        }
+    }

 	@Test
 	public void PrivateKeyDecodeUsingByteBuffer() {