aws · nhatnghiho · Feb 20, 2026 · Feb 20, 2026 · Feb 20, 2026 · Feb 20, 2026
@@ -158,7 +158,11 @@ func (e *ecdsa) Process(vectorSet []byte, m Transactable) (interface{}, error) {
 				testResp.R = result[0]
 				testResp.S = result[1]
 				// Ask the subprocess to verify the generated signature for this test case.
-				ver_result, ver_err := m.Transact(e.algo+"/"+"sigVer", 1, []byte(group.Curve), []byte(group.HashAlgo), test.Msg, response.Qx, response.Qy, testResp.R, testResp.S)
+				op = e.algo+"/"+"sigVer"
+				if group.ComponentTest {
+					op += "/componentTest"
+				}
+				ver_result, ver_err := m.Transact(op, 1, []byte(group.Curve), []byte(group.HashAlgo), test.Msg, response.Qx, response.Qy, testResp.R, testResp.S)
 				if ver_err != nil {
 					return nil, fmt.Errorf("after signature generation, signature verification failed for test case %d/%d: %s", group.ID, test.ID, ver_err)
 				}

@@ -107,12 +107,16 @@ func (k *kas) Process(vectorSet []byte, m Transactable) (interface{}, error) {
 		}
 
 		var useStaticNamedFields bool
+		var useOnePassNameFields bool
 		switch group.Scheme {
 		case "ephemeralUnified":
 			break
 		case "staticUnified":
 			useStaticNamedFields = true
 			break
+		case "onePassDh":
+			useOnePassNameFields = true
+			break
 		default:
 			return nil, fmt.Errorf("unknown scheme %q", group.Scheme)
 		}
@@ -125,6 +129,8 @@ func (k *kas) Process(vectorSet []byte, m Transactable) (interface{}, error) {
 			var xHex, yHex, privateKeyHex string
 			if useStaticNamedFields {
 				xHex, yHex, privateKeyHex = test.StaticXHex, test.StaticYHex, test.StaticPrivateKeyHex
+			} else if useOnePassNameFields {
+				xHex, yHex, privateKeyHex = test.EphemeralXHex, test.EphemeralYHex, test.StaticPrivateKeyHex
 			} else {
 				xHex, yHex, privateKeyHex = test.EphemeralXHex, test.EphemeralYHex, test.EphemeralPrivateKeyHex
 			}
@@ -179,7 +185,7 @@ func (k *kas) Process(vectorSet []byte, m Transactable) (interface{}, error) {
 					ResultHex: hex.EncodeToString(result[2]),
 				}
 
-				if useStaticNamedFields {
+				if useStaticNamedFields || useOnePassNameFields {
 					testResponse.StaticXHex = hex.EncodeToString(result[0])
 					testResponse.StaticYHex = hex.EncodeToString(result[1])
 				} else {

@@ -117,6 +117,73 @@ type rsaSigVerTestResponse struct {
 	Passed bool   `json:"testPassed"`
 }
 
+type rsaSignaturePrimitiveVectorSet struct {
+	Groups []rsaSignaturePrimitiveGroup `json:"testGroups"`
+}
+
+type rsaSignaturePrimitiveGroup struct {
+	ID          uint64                      `json:"tgId"`
+	ModulusBits uint32                      `json:"modulo"`
+	Type        string                      `json:"testType"`
+	Tests       []rsaSignaturePrimitiveTest `json:"tests"`
+}
+
+type rsaSignaturePrimitiveTest struct {
+	ID      uint64               `json:"tcId"`
+	Message hexEncodedByteString `json:"message"`
+	D       hexEncodedByteString `json:"d"`
+	N       hexEncodedByteString `json:"n"`
+	E       hexEncodedByteString `json:"e"`
+}
+
+type rsaSignaturePrimitiveTestGroupResponse struct {
+	ID    uint64                              `json:"tgId"`
+	Tests []rsaSignaturePrimitiveTestResponse `json:"tests"`
+}
+
+type rsaSignaturePrimitiveTestResponse struct {
+	ID     uint64               `json:"tcId"`
+	Passed bool                 `json:"testPassed"`
+	Sig    hexEncodedByteString `json:"signature,omitempty"`
+}
+
+type rsaDecryptionPrimitiveVectorSet struct {
+	Groups []rsaDecryptionPrimitiveGroup `json:"testGroups"`
+}
+
+type rsaDecryptionPrimitiveGroup struct {
+	ID          uint64                       `json:"tgId"`
+	ModulusBits uint32                       `json:"modulo"`
+	Type        string                       `json:"testType"`
+	KeyMode     string                       `json:"keyMode"`
+	Tests       []rsaDecryptionPrimitiveTest `json:"tests"`
+}
+
+type rsaDecryptionPrimitiveTest struct {
+	ID   uint64               `json:"tcId"`
+	Ct   hexEncodedByteString `json:"ct"`
+	D    hexEncodedByteString `json:"d"`
+	N    hexEncodedByteString `json:"n"`
+	E    hexEncodedByteString `json:"e"`
+	Dmp1 hexEncodedByteString `json:"dmp1"`
+	Dmq1 hexEncodedByteString `json:"dmq1"`
+	Iqmp hexEncodedByteString `json:"iqmp"`
+	P    hexEncodedByteString `json:"p"`
+	Q    hexEncodedByteString `json:"q"`
+}
+
+type rsaDecryptionPrimitiveTestGroupResponse struct {
+	ID         uint64                               `json:"tgId"`
+	ModuloBits uint32                               `json:"modulo"`
+	Tests      []rsaDecryptionPrimitiveTestResponse `json:"tests"`
+}
+
+type rsaDecryptionPrimitiveTestResponse struct {
+	ID     uint64               `json:"tcId"`
+	Passed bool                 `json:"testPassed"`
+	Pt     hexEncodedByteString `json:"pt,omitempty"`
+}
+
 func processKeyGen(vectorSet []byte, m Transactable) (interface{}, error) {
 	var parsed rsaKeyGenTestVectorSet
 	if err := json.Unmarshal(vectorSet, &parsed); err != nil {
@@ -265,6 +332,103 @@ func processSigVer(vectorSet []byte, m Transactable) (interface{}, error) {
 	return ret, nil
 }
 
+func processSignaturePrimitive(vectorSet []byte, m Transactable) (interface{}, error) {
+	var parsed rsaSignaturePrimitiveVectorSet
+	if err := json.Unmarshal(vectorSet, &parsed); err != nil {
+		return nil, err
+	}
+
+	var ret []rsaSignaturePrimitiveTestGroupResponse
+
+	for _, group := range parsed.Groups {
+		group := group
+
+		if !(group.Type == "AFT") {
+			return nil, fmt.Errorf("RSA Signature Primitive test group has type %q, but only AFT tests are supported", group.Type)
+		}
+
+		response := rsaSignaturePrimitiveTestGroupResponse{
+			ID: group.ID,
+		}
+
+		for _, test := range group.Tests {
+			test := test
+			results, err := m.Transact("RSA/signaturePrimitive", 2, test.D, test.N, test.E, test.Message)
+			if err != nil {
+				return nil, err
+			}
+
+			testResp := rsaSignaturePrimitiveTestResponse{ID: test.ID}
+
+			passed := results[0][0] == 1
+			testResp.Passed = passed
+
+			if passed {
+				testResp.Sig = results[1]
+			}
+
+			response.Tests = append(response.Tests, testResp)
+		}
+
+		ret = append(ret, response)
+	}
+
+	return ret, nil
+}
+
+func processDecryptionPrimitive(vectorSet []byte, m Transactable) (interface{}, error) {
+	var parsed rsaDecryptionPrimitiveVectorSet
+	if err := json.Unmarshal(vectorSet, &parsed); err != nil {
+		return nil, err
+	}
+
+	var ret []rsaDecryptionPrimitiveTestGroupResponse
+
+	for _, group := range parsed.Groups {
+		group := group
+
+		if !(group.Type == "AFT") {
+			return nil, fmt.Errorf("RSA Decryption Primitive test group has type %q, but only AFT tests are supported", group.Type)
+		}
+
+		response := rsaDecryptionPrimitiveTestGroupResponse{
+			ID:         group.ID,
+			ModuloBits: group.ModulusBits,
+		}
+
+		for _, test := range group.Tests {
+			test := test
+			var results [][]byte
+			var err error
+
+			if group.KeyMode == "crt" {
+				results, err = m.Transact("RSA/decryptionPrimitive/crt", 2, test.Ct, test.D, test.Dmp1, test.Dmq1, test.Iqmp, test.P, test.Q, test.N, test.E)
+			} else {
+				results, err = m.Transact("RSA/decryptionPrimitive", 2, test.Ct, test.D, test.N, test.E)
+			}
+
+			if err != nil {
+				return nil, err
+			}
+
+			testResp := rsaDecryptionPrimitiveTestResponse{ID: test.ID}
+
+			passed := results[0][0] == 1
+			testResp.Passed = passed
+
+			if passed {
+				testResp.Pt = results[1]
+			}
+
+			response.Tests = append(response.Tests, testResp)
+		}
+
+		ret = append(ret, response)
+	}
+
+	return ret, nil
+}
+
 type rsa struct{}
 
 func (r *rsa) Process(vectorSet []byte, m Transactable) (interface{}, error) {
@@ -280,6 +444,10 @@ func (r *rsa) Process(vectorSet []byte, m Transactable) (interface{}, error) {
 		return processSigGen(vectorSet, m)
 	case "sigVer":
 		return processSigVer(vectorSet, m)
+	case "signaturePrimitive":
+		return processSignaturePrimitive(vectorSet, m)
+	case "decryptionPrimitive":
+		return processDecryptionPrimitive(vectorSet, m)
 	default:
 		return nil, fmt.Errorf("unknown RSA mode %q", parsed.Mode)
 	}

@@ -15,6 +15,7 @@
 {"Wrapper": "modulewrapper", "In": "vectors/ECDSA.bz2", "Out": "expected/ECDSA.bz2"},
 {"Wrapper": "modulewrapper", "In": "vectors/ECDSA-KeyGen.bz2"},
 {"Wrapper": "modulewrapper", "In": "vectors/ECDSA-SigGen.bz2"},
+{"Wrapper": "modulewrapper", "In": "vectors/ECDSA-SigGen-ComponentTest.bz2"},
 {"Wrapper": "modulewrapper", "In": "vectors/HMAC-SHA-1.bz2", "Out": "expected/HMAC-SHA-1.bz2"},
 {"Wrapper": "modulewrapper", "In": "vectors/HMAC-SHA2-224.bz2", "Out": "expected/HMAC-SHA2-224.bz2"},
 {"Wrapper": "modulewrapper", "In": "vectors/HMAC-SHA2-256.bz2", "Out": "expected/HMAC-SHA2-256.bz2"},
@@ -23,14 +24,17 @@
 {"Wrapper": "modulewrapper", "In": "vectors/HMAC-SHA2-512-224.bz2", "Out": "expected/HMAC-SHA2-512-224.bz2"},
 {"Wrapper": "modulewrapper", "In": "vectors/HMAC-SHA2-512-256.bz2", "Out": "expected/HMAC-SHA2-512-256.bz2"},
 {"Wrapper": "testmodulewrapper", "In": "vectors/hmacDRBG.bz2", "Out": "expected/hmacDRBG.bz2"},
-{"Wrapper": "modulewrapper", "In": "vectors/KAS-ECC-SSC.bz2"},
+{"Wrapper": "modulewrapper", "In": "vectors/KAS-ECC-SSC_528650.bz2"},
+{"Wrapper": "modulewrapper", "In": "vectors/KAS-ECC-SSC_3195883.bz2"},
 {"Wrapper": "modulewrapper", "In": "vectors/KAS-FFC-SSC.bz2"},
 {"Wrapper": "modulewrapper", "In": "vectors/KDF.bz2"},
 {"Wrapper": "modulewrapper", "In": "vectors/ACVP-AES-GCM-internal-IV.bz2"},
 {"Wrapper": "modulewrapper", "In": "vectors/kdf-components.bz2", "Out": "expected/kdf-components.bz2"},
 {"Wrapper": "modulewrapper", "In": "vectors/RSA.bz2", "Out": "expected/RSA.bz2"},
 {"Wrapper": "modulewrapper", "In": "vectors/RSA-SigGen.bz2"},
 {"Wrapper": "modulewrapper", "In": "vectors/RSA-KeyGen.bz2"},
+{"Wrapper": "modulewrapper", "In": "vectors/RSA-SignaturePrimitive.bz2", "Out": "expected/RSA-SignaturePrimitive.bz2"},
+{"Wrapper": "modulewrapper", "In": "vectors/RSA-DecryptionPrimitive.bz2", "Out": "expected/RSA-DecryptionPrimitive.bz2"},
 {"Wrapper": "modulewrapper", "In": "vectors/TLS-1.2-KDF.bz2", "Out": "expected/TLS-1.2-KDF.bz2"},
 {"Wrapper": "modulewrapper", "In": "vectors/PBKDF.bz2", "Out": "expected/PBKDF.bz2"},
 {"Wrapper": "modulewrapper", "In": "vectors/KDA-HKDF.bz2", "Out": "expected/KDA-HKDF.bz2"},