diff --git a/nearby/Cargo.lock b/nearby/Cargo.lock
index 31aaf06..25a6104 100644
--- a/nearby/Cargo.lock
+++ b/nearby/Cargo.lock
@@ -74,9 +74,9 @@
 
 [[package]]
 name = "anstream"
-version = "0.3.1"
+version = "0.3.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6342bd4f5a1205d7f41e94a41a901f5647c938cdfa96036338e8533c9d6c2450"
+checksum = "0ca84f3628370c59db74ee214b3263d58f9aadd9b4fe7e711fd87dc452b7f163"
 dependencies = [
  "anstyle",
  "anstyle-parse",
@@ -123,9 +123,9 @@
 
 [[package]]
 name = "anyhow"
-version = "1.0.70"
+version = "1.0.71"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7de8ce5e0f9f8d88245311066a578d72b7af3e7088f32783804676302df237e4"
+checksum = "9c7d0618f0e0b7e8ff11427422b64564d5fb0be1940354bfe2e0529b18a9d9b8"
 
 [[package]]
 name = "array_ref"
@@ -221,9 +221,9 @@
 
 [[package]]
 name = "bumpalo"
-version = "3.12.1"
+version = "3.12.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9b1ce199063694f33ffb7dd4e0ee620741495c32833cde5aa08f02a0bf96f0c8"
+checksum = "3c6ed94e98ecff0c12dd1b04c15ec0d7d9458ca8fe806cea6f12954efe74c63b"
 
 [[package]]
 name = "byteorder"
@@ -272,9 +272,9 @@
 
 [[package]]
 name = "ciborium"
-version = "0.2.0"
+version = "0.2.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b0c137568cc60b904a7724001b35ce2630fd00d5d84805fbb608ab89509d788f"
+checksum = "effd91f6c78e5a4ace8a5d3c0b6bfaec9e2baaef55f3efc00e45fb2e477ee926"
 dependencies = [
  "ciborium-io",
  "ciborium-ll",
@@ -283,15 +283,15 @@
 
 [[package]]
 name = "ciborium-io"
-version = "0.2.0"
+version = "0.2.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "346de753af073cc87b52b2083a506b38ac176a44cfb05497b622e27be899b369"
+checksum = "cdf919175532b369853f5d5e20b26b43112613fd6fe7aee757e35f7a44642656"
 
 [[package]]
 name = "ciborium-ll"
-version = "0.2.0"
+version = "0.2.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "213030a2b5a4e0c0892b6652260cf6ccac84827b83a85a534e178e3906c4cf1b"
+checksum = "defaa24ecc093c77630e6c15e17c51f5e187bf35ee514f4e2d67baaa96dae22b"
 dependencies = [
  "ciborium-io",
  "half",
@@ -309,9 +309,9 @@
 
 [[package]]
 name = "clap"
-version = "3.2.23"
+version = "3.2.25"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "71655c45cb9845d3270c9d6df84ebe72b4dad3c2ba3f7023ad47c144e4e473a5"
+checksum = "4ea181bf566f71cb9a5d17a59e1871af638180a18fb0035c92ae62b705207123"
 dependencies = [
  "bitflags",
  "clap_lex 0.2.4",
@@ -321,9 +321,9 @@
 
 [[package]]
 name = "clap"
-version = "4.2.4"
+version = "4.2.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "956ac1f6381d8d82ab4684768f89c0ea3afe66925ceadb4eeb3fc452ffc55d62"
+checksum = "34d21f9bf1b425d2968943631ec91202fe5e837264063503708b83013f8fc938"
 dependencies = [
  "clap_builder",
  "clap_derive",
@@ -332,9 +332,9 @@
 
 [[package]]
 name = "clap_builder"
-version = "4.2.4"
+version = "4.2.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "84080e799e54cff944f4b4a4b0e71630b0e0443b25b985175c7dddc1a859b749"
+checksum = "914c8c79fb560f238ef6429439a30023c862f7a28e688c58f7203f12b29970bd"
 dependencies = [
  "anstream",
  "anstyle",
@@ -420,7 +420,7 @@
  "atty",
  "cast",
  "ciborium",
- "clap 3.2.23",
+ "clap 3.2.25",
  "criterion-plot",
  "itertools",
  "lazy_static",
@@ -491,9 +491,9 @@
 
 [[package]]
 name = "crypto-bigint"
-version = "0.5.1"
+version = "0.5.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7c2538c4e68e52548bacb3e83ac549f903d44f011ac9d5abb5e132e67d0808f7"
+checksum = "cf4c2f4e1afd912bc40bfd6fed5d9dc1f288e0ba01bfcc835cc5bc3eb13efe15"
 dependencies = [
  "generic-array",
  "rand_core 0.6.4",
@@ -519,15 +519,9 @@
  "criterion",
  "crypto_provider_openssl",
  "crypto_provider_rustcrypto",
- "hex",
  "hex-literal",
  "rand",
  "rand_ext",
- "rstest",
- "rstest_reuse",
- "sha2",
- "test_helper",
- "wycheproof",
 ]
 
 [[package]]
@@ -556,6 +550,7 @@
 dependencies = [
  "cfg-if",
  "crypto_provider",
+ "crypto_provider_test",
  "hex-literal",
  "openssl",
  "ouroboros",
@@ -573,6 +568,7 @@
  "cfg-if",
  "crypto_provider",
  "crypto_provider_rustcrypto",
+ "crypto_provider_test",
  "ctr",
  "ed25519-dalek",
  "hex",
@@ -596,6 +592,21 @@
 ]
 
 [[package]]
+name = "crypto_provider_test"
+version = "0.1.0"
+dependencies = [
+ "crypto_provider",
+ "hex",
+ "hex-literal",
+ "rand",
+ "rand_ext",
+ "rstest",
+ "rstest_reuse",
+ "test_helper",
+ "wycheproof",
+]
+
+[[package]]
 name = "ctr"
 version = "0.9.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -621,9 +632,9 @@
 
 [[package]]
 name = "der"
-version = "0.7.4"
+version = "0.7.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "86b14af2045fa69ed2b7a48934bebb842d0f33e73e96e78766ecb14bb5347a11"
+checksum = "05e58dffcdcc8ee7b22f0c1f71a69243d7c2d9ad87b5a14361f2424a1565c219"
 dependencies = [
  "const-oid",
  "zeroize",
@@ -754,9 +765,9 @@
 
 [[package]]
 name = "flate2"
-version = "1.0.25"
+version = "1.0.26"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a8a2db397cb1c8772f31494cb8917e48cd1e64f0fa7efac59fbd741a0a8ce841"
+checksum = "3b9429470923de8e8cbd4d2dc513535400b4b3fef0319fb5c4e1f520a7bef743"
 dependencies = [
  "crc32fast",
  "miniz_oxide",
@@ -1082,9 +1093,9 @@
 
 [[package]]
 name = "js-sys"
-version = "0.3.61"
+version = "0.3.62"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "445dde2150c55e483f3d8416706b97ec8e8237c307e5b7b4b8dd15e6af2a0730"
+checksum = "68c16e1bfd491478ab155fd8b4896b86f9ede344949b641e61501e07c2b8b4d5"
 dependencies = [
  "wasm-bindgen",
 ]
@@ -1106,7 +1117,7 @@
  "anyhow",
  "base64 0.21.0",
  "blake2",
- "clap 4.2.4",
+ "clap 4.2.7",
  "criterion",
  "crypto_provider",
  "crypto_provider_default",
@@ -1158,9 +1169,9 @@
 
 [[package]]
 name = "libc"
-version = "0.2.142"
+version = "0.2.144"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6a987beff54b60ffa6d51982e1aa1146bc42f19bd26be28b0586f252fccf5317"
+checksum = "2b00cc1c228a6782d0f076e7b232802e0c5689d41bb5df366f2a6b6621cfdfe1"
 
 [[package]]
 name = "libm"
@@ -1170,9 +1181,9 @@
 
 [[package]]
 name = "linux-raw-sys"
-version = "0.3.4"
+version = "0.3.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "36eb31c1778188ae1e64398743890d0877fef36d11521ac60406b42016e8c2cf"
+checksum = "ece97ea872ece730aed82664c424eb4c8291e1ff2480247ccf7409044bc6479f"
 
 [[package]]
 name = "lock_api"
@@ -1216,9 +1227,9 @@
 
 [[package]]
 name = "miniz_oxide"
-version = "0.6.2"
+version = "0.7.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b275950c28b37e794e8c55d88aeb5e139d0ce23fdbbeda68f8d7174abdf9e8fa"
+checksum = "e7810e0be55b428ada41041c41f32c9f1a42817901b4ccf45fa3d4b6561e74c7"
 dependencies = [
  "adler",
 ]
@@ -1310,9 +1321,9 @@
 
 [[package]]
 name = "openssl"
-version = "0.10.51"
+version = "0.10.52"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "97ea2d98598bf9ada7ea6ee8a30fb74f9156b63bbe495d64ec2b87c269d2dda3"
+checksum = "01b8574602df80f7b85fdfc5392fa884a4e3b3f4f35402c070ab34c3d3f78d56"
 dependencies = [
  "bitflags",
  "cfg-if",
@@ -1336,9 +1347,9 @@
 
 [[package]]
 name = "openssl-sys"
-version = "0.9.86"
+version = "0.9.87"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "992bac49bdbab4423199c654a5515bd2a6c6a23bf03f2dd3bdb7e5ae6259bc69"
+checksum = "8e17f59264b2809d77ae94f0e1ebabc434773f370d6ca667bd223ea10e06cc7e"
 dependencies = [
  "bssl-sys",
  "cc",
@@ -1420,9 +1431,9 @@
 
 [[package]]
 name = "pkg-config"
-version = "0.3.26"
+version = "0.3.27"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6ac9a59f73473f1b8d852421e59e64809f025994837ef743615c6d0c5b305160"
+checksum = "26072860ba924cbfa98ea39c8c19b4dd6a4a25423dbdf219c1eca91aa0cf6964"
 
 [[package]]
 name = "platforms"
@@ -1571,9 +1582,9 @@
 
 [[package]]
 name = "quote"
-version = "1.0.26"
+version = "1.0.27"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4424af4bf778aae2051a77b60283332f386554255d722233d09fbfc7e30da2fc"
+checksum = "8f4f29d145265ec1c483c7c654450edde0bfe043d3938d6972630663356d9500"
 dependencies = [
  "proc-macro2",
 ]
@@ -1642,6 +1653,12 @@
 ]
 
 [[package]]
+name = "raw-parts"
+version = "1.1.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b1e22ce49f28be0887a992cf42172c8c75facdb74e3e1a7eb0f459cf2fcc95d7"
+
+[[package]]
 name = "rayon"
 version = "1.7.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -1738,9 +1755,9 @@
 
 [[package]]
 name = "rustix"
-version = "0.37.14"
+version = "0.37.19"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d9b864d3c18a5785a05953adeed93e2dca37ed30f18e69bba9f30079d51f363f"
+checksum = "acf8729d8542766f1b2cf77eb034d52f40d375bb8b615d0b147089946e16613d"
 dependencies = [
  "bitflags",
  "errno",
@@ -1792,18 +1809,18 @@
 
 [[package]]
 name = "serde"
-version = "1.0.160"
+version = "1.0.162"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bb2f3770c8bce3bcda7e149193a069a0f4365bda1fa5cd88e03bca26afc1216c"
+checksum = "71b2f6e1ab5c2b98c05f0f35b236b22e8df7ead6ffbf51d7808da7f8817e7ab6"
 dependencies = [
  "serde_derive",
 ]
 
 [[package]]
 name = "serde_derive"
-version = "1.0.160"
+version = "1.0.162"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "291a097c63d8497e00160b166a967a4a79c64f3facdd01cbd7502231688d77df"
+checksum = "a2a0814352fd64b58489904a44ea8d90cb1a91dcb6b4f5ebabc32c8318e93cb6"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -1864,9 +1881,9 @@
 
 [[package]]
 name = "spki"
-version = "0.7.1"
+version = "0.7.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "37a5be806ab6f127c3da44b7378837ebf01dadca8510a0e572460216b228bd0e"
+checksum = "9d1e996ef02c474957d681f1b05213dfb0abab947b446a62d37770b23500184a"
 dependencies = [
  "base64ct",
  "der",
@@ -1980,6 +1997,7 @@
  "log",
  "rand",
  "rand_chacha",
+ "raw-parts",
  "spin 0.9.8",
  "ukey2_connections",
  "ukey2_rs",
@@ -2047,7 +2065,7 @@
 name = "ukey2_shell"
 version = "0.1.0"
 dependencies = [
- "clap 4.2.4",
+ "clap 4.2.7",
  "crypto_provider_rustcrypto",
  "ukey2_connections",
  "ukey2_rs",
@@ -2105,9 +2123,9 @@
 
 [[package]]
 name = "wasm-bindgen"
-version = "0.2.84"
+version = "0.2.85"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "31f8dcbc21f30d9b8f2ea926ecb58f6b91192c17e9d33594b3df58b2007ca53b"
+checksum = "5b6cb788c4e39112fbe1822277ef6fb3c55cd86b95cb3d3c4c1c9597e4ac74b4"
 dependencies = [
  "cfg-if",
  "wasm-bindgen-macro",
@@ -2115,24 +2133,24 @@
 
 [[package]]
 name = "wasm-bindgen-backend"
-version = "0.2.84"
+version = "0.2.85"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "95ce90fd5bcc06af55a641a86428ee4229e44e07033963a2290a8e241607ccb9"
+checksum = "35e522ed4105a9d626d885b35d62501b30d9666283a5c8be12c14a8bdafe7822"
 dependencies = [
  "bumpalo",
  "log",
  "once_cell",
  "proc-macro2",
  "quote",
- "syn 1.0.109",
+ "syn 2.0.15",
  "wasm-bindgen-shared",
 ]
 
 [[package]]
 name = "wasm-bindgen-macro"
-version = "0.2.84"
+version = "0.2.85"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4c21f77c0bedc37fd5dc21f897894a5ca01e7bb159884559461862ae90c0b4c5"
+checksum = "358a79a0cb89d21db8120cbfb91392335913e4890665b1a7981d9e956903b434"
 dependencies = [
  "quote",
  "wasm-bindgen-macro-support",
@@ -2140,28 +2158,28 @@
 
 [[package]]
 name = "wasm-bindgen-macro-support"
-version = "0.2.84"
+version = "0.2.85"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2aff81306fcac3c7515ad4e177f521b5c9a15f2b08f4e32d823066102f35a5f6"
+checksum = "4783ce29f09b9d93134d41297aded3a712b7b979e9c6f28c32cb88c973a94869"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 1.0.109",
+ "syn 2.0.15",
  "wasm-bindgen-backend",
  "wasm-bindgen-shared",
 ]
 
 [[package]]
 name = "wasm-bindgen-shared"
-version = "0.2.84"
+version = "0.2.85"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0046fef7e28c3804e5e38bfa31ea2a0f73905319b677e57ebe37e49358989b5d"
+checksum = "a901d592cafaa4d711bc324edfaff879ac700b19c3dfd60058d2b445be2691eb"
 
 [[package]]
 name = "web-sys"
-version = "0.3.61"
+version = "0.3.62"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e33b99f4b23ba3eec1a53ac264e35a755f00e966e0065077d6027c0f575b0b97"
+checksum = "16b5f940c7edfdc6d12126d98c9ef4d1b3d470011c47c76a6581df47ad9ba721"
 dependencies = [
  "js-sys",
  "wasm-bindgen",
diff --git a/nearby/Cargo.toml b/nearby/Cargo.toml
index 8ede0df..3cd9715 100644
--- a/nearby/Cargo.toml
+++ b/nearby/Cargo.toml
@@ -6,7 +6,6 @@
     "connections/ukey2/ukey2_jni",
     "connections/ukey2/ukey2_proto",
     "connections/ukey2/ukey2_shell",
-    # placeholder bssl-crypto crate
     "crypto/bssl-crypto",
     "crypto/crypto_provider",
     "crypto/crypto_provider_openssl",
@@ -36,6 +35,7 @@
 crypto_provider_rustcrypto = { path = "crypto/crypto_provider_rustcrypto" }
 crypto_provider_stubs = { path = "crypto/crypto_provider_stubs" }
 crypto_provider_default = {path = "crypto/crypto_provider_default" }
+crypto_provider_test = { path = "crypto/crypto_provider_test" }
 rand_core_05_adapter = { path = "crypto/rand_core_05_adapter" }
 rand_ext = { path = "presence/rand_ext" }
 test_helper = { path = "presence/test_helper" }
@@ -84,6 +84,9 @@
 hdrhistogram = "7.5.0"
 regex = "1.7.0"
 xts-mode = "0.5.1"
+rstest = "0.16.0"
+rstest_reuse = "0.5.0"
+wycheproof = "0.4.0"
 
 [workspace.package]
 version = "0.1.0"
diff --git a/nearby/Dockerfile b/nearby/Dockerfile
index 7a32b21..b4fdab0 100644
--- a/nearby/Dockerfile
+++ b/nearby/Dockerfile
@@ -31,7 +31,9 @@
     --rev f6affa68e950275f9fd773f2646ab7ee4db82897 \
     --color never 2>&1
 # needed for generating boringssl bindings
-RUN cargo install bindgen-cli
+# Must use 0.64.0, as version >= 0.65.0 removes the option "--size_t-is-usize", an option
+# used by boringssl when generating rust bindings
+RUN cargo install bindgen-cli --version 0.64.0
 RUN rustup toolchain add nightly
 RUN curl -L https://go.dev/dl/go1.20.2.linux-amd64.tar.gz | tar -C /usr/local -xz
 ENV PATH="$PATH:/usr/local/go/bin"
diff --git a/nearby/connections/ukey2/ukey2_c_ffi/Cargo.toml b/nearby/connections/ukey2/ukey2_c_ffi/Cargo.toml
index ec58e9a..9a9e43a 100644
--- a/nearby/connections/ukey2/ukey2_c_ffi/Cargo.toml
+++ b/nearby/connections/ukey2/ukey2_c_ffi/Cargo.toml
@@ -16,6 +16,7 @@
 rand.workspace = true
 rand_chacha.workspace = true
 spin.workspace = true
+raw-parts = "1.1.2"
 
 [features]
 default = ["rustcrypto"]
diff --git a/nearby/connections/ukey2/ukey2_c_ffi/cpp/CMakeLists.txt b/nearby/connections/ukey2/ukey2_c_ffi/cpp/CMakeLists.txt
new file mode 100644
index 0000000..79cdcac
--- /dev/null
+++ b/nearby/connections/ukey2/ukey2_c_ffi/cpp/CMakeLists.txt
@@ -0,0 +1,62 @@
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+cmake_minimum_required(VERSION 3.14)
+
+enable_testing()
+
+include_directories(
+    ${CMAKE_SOURCE_DIR}/ukey2_c_ffi/cpp/)
+
+include(ExternalProject)
+set_directory_properties(PROPERTIES EP_PREFIX ${CMAKE_BINARY_DIR}/target/tmp)
+ExternalProject_Add(
+    ukey2_c_ffi
+    DOWNLOAD_COMMAND ""
+    CONFIGURE_COMMAND ""
+    BUILD_COMMAND cargo build COMMAND cargo build --release --lib
+    BINARY_DIR "${CMAKE_SOURCE_DIR}/ukey2_c_ffi"
+    INSTALL_COMMAND "")
+
+# GoogleTest requires at least C++14
+set(CMAKE_CXX_STANDARD 14)
+add_compile_options(-Wall -Werror -Wextra -Wimplicit-fallthrough -Wextra-semi
+        -Wunreachable-code-aggressive -Wthread-safety
+        -Wno-missing-field-initializers -Wno-unused-parameter -Wno-psabi
+        -Wloop-analysis -Wno-unneeded-internal-declaration
+        -Wenum-compare-conditional -Wno-ignored-pragma-optimize
+        -Wno-bitfield-constant-conversion -Wno-deprecated-this-capture -Wshadow
+        -Wsign-compare)
+
+include(FetchContent)
+FetchContent_Declare(
+  googletest
+  GIT_REPOSITORY https://github.com/google/googletest.git
+  GIT_TAG release-1.12.1
+)
+FetchContent_MakeAvailable(googletest)
+
+add_executable(ffi_test
+  ukey2_test.cc
+  ukey2_glue.cc
+  ukey2_ffi.h
+  ukey2_bindings.h)
+
+target_link_libraries(ffi_test
+    "${CMAKE_SOURCE_DIR}/../../../../target/release/libukey2_c_ffi${CMAKE_SHARED_LIBRARY_SUFFIX}"
+    GTest::gtest_main
+    dl pthread)
+
+include(GoogleTest)
+gtest_discover_tests(ffi_test)
diff --git a/nearby/connections/ukey2/ukey2_c_ffi/cpp/Makefile b/nearby/connections/ukey2/ukey2_c_ffi/cpp/Makefile
deleted file mode 100644
index b5fd106..0000000
--- a/nearby/connections/ukey2/ukey2_c_ffi/cpp/Makefile
+++ /dev/null
@@ -1,27 +0,0 @@
-# Copyright 2023 Google LLC
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-C_SRCS := ukey2_glue.cc
-CC = clang++
-UNAME := $(shell uname -s)
-ifeq ($(UNAME),Darwin)
-    FFI_LIB = ../../../../target/release/libukey2_c_ffi.dylib
-else
-    FFI_LIB = ../../../../target/release/libukey2_c_ffi.so
-endif
-ukey2:
-	cargo build --release
-	rm -rf build
-	mkdir build
-	$(CC) $(C_SRCS) $(FFI_LIB) -o build/ukey2
diff --git a/nearby/connections/ukey2/ukey2_c_ffi/cpp/ukey2_bindings.h b/nearby/connections/ukey2/ukey2_c_ffi/cpp/ukey2_bindings.h
index a0cb87f..b14450c 100644
--- a/nearby/connections/ukey2/ukey2_c_ffi/cpp/ukey2_bindings.h
+++ b/nearby/connections/ukey2/ukey2_c_ffi/cpp/ukey2_bindings.h
@@ -29,6 +29,7 @@
 typedef struct {
   uint8_t* handle;
   size_t len;
+  size_t cap;
 } RustFFIByteArray;
 
 typedef struct {
@@ -59,7 +60,6 @@
 // Common handshake methods
 bool is_handshake_complete(Ukey2HandshakeContextHandle handle);
 RustFFIByteArray get_next_handshake_message(Ukey2HandshakeContextHandle handle);
-bool can_send_payload_in_handshake_message(Ukey2HandshakeContextHandle handle);
 RustFFIByteArray parse_handshake_message(Ukey2HandshakeContextHandle handle, CFFIByteArray message);
 Ukey2ConnectionContextHandle to_connection_context(Ukey2HandshakeContextHandle handle);
 RustFFIByteArray get_verification_string(Ukey2HandshakeContextHandle handle, size_t output_length);
diff --git a/nearby/connections/ukey2/ukey2_c_ffi/cpp/ukey2_ffi.h b/nearby/connections/ukey2/ukey2_c_ffi/cpp/ukey2_ffi.h
index e96ae1c..2beae24 100644
--- a/nearby/connections/ukey2/ukey2_c_ffi/cpp/ukey2_ffi.h
+++ b/nearby/connections/ukey2/ukey2_c_ffi/cpp/ukey2_ffi.h
@@ -50,7 +50,7 @@
 
     private:
         friend class Ukey2Handshake;
-        D2DConnectionContextV1(Ukey2ConnectionContextHandle handle) : handle_(handle) {};
+        D2DConnectionContextV1(Ukey2ConnectionContextHandle handle) : handle_(handle) {}
         const Ukey2ConnectionContextHandle handle_;
 };
 
@@ -68,12 +68,10 @@
         static Ukey2Handshake ForInitiator();
         // Returns true if the handshake is complete, false otherwise.
         bool IsHandshakeComplete();
-        // Return if the handshake message can carry a payload.
-        bool CanSendPayloadInHandshakeMessage();
         // Returns raw byte data with the message to send over the wire.
         std::string GetNextHandshakeMessage();
         // Parses the raw handshake message received over the wire.
-        std::string ParseHandshakeMessage(std::string message);
+        void ParseHandshakeMessage(std::string message);
         // Returns the authentication string of length output_length to be confirmed on both devices.
         std::string GetVerificationString(size_t output_length);
         // Turns this Ukey2Handshake instance into a D2DConnectionContextV1. This method once called,
@@ -81,6 +79,6 @@
         D2DConnectionContextV1 ToConnectionContext();
 
     private:
-        Ukey2Handshake(Ukey2HandshakeContextHandle handle) : handle_(handle) {};
+        Ukey2Handshake(Ukey2HandshakeContextHandle handle) : handle_(handle) {}
         const Ukey2HandshakeContextHandle handle_;
 };
diff --git a/nearby/connections/ukey2/ukey2_c_ffi/cpp/ukey2_glue.cc b/nearby/connections/ukey2/ukey2_c_ffi/cpp/ukey2_glue.cc
index e013b2a..6f4a396 100644
--- a/nearby/connections/ukey2/ukey2_c_ffi/cpp/ukey2_glue.cc
+++ b/nearby/connections/ukey2/ukey2_c_ffi/cpp/ukey2_glue.cc
@@ -15,17 +15,10 @@
 #include "ukey2_bindings.h"
 #include "ukey2_ffi.h"
 
+#include <cassert>
 #include <cstring>
-#include <iostream>
 #include <string>
 
-CFFIByteArray messageToByteArray(const std::string message) {
-    return {
-        .handle = (uint8_t*) (new std::string(message))->c_str(),
-        .len = message.length(),
-    };
-}
-
 CFFIByteArray nullByteArray() {
     return {
         .handle = nullptr,
@@ -46,10 +39,6 @@
     return is_handshake_complete(handle_);
 }
 
-bool Ukey2Handshake::CanSendPayloadInHandshakeMessage() {
-    return can_send_payload_in_handshake_message(handle_);
-}
-
 std::string Ukey2Handshake::GetNextHandshakeMessage() {
     RustFFIByteArray array = get_next_handshake_message(handle_);
     std::string ret = std::string((const char*) array.handle, array.len);
@@ -57,11 +46,12 @@
     return ret;
 }
 
-std::string Ukey2Handshake::ParseHandshakeMessage(std::string message) {
-    RustFFIByteArray array = parse_handshake_message(handle_, messageToByteArray(message));
-    std::string ret = std::string((const char*) array.handle, array.len);
-    rust_dealloc_ffi_byte_array(array);
-    return ret;
+void Ukey2Handshake::ParseHandshakeMessage(std::string message) {
+    CFFIByteArray messageRaw{
+        .handle = (uint8_t*)message.c_str(),
+        .len = message.length(),
+    };
+    parse_handshake_message(handle_, messageRaw);
 }
 
 std::string Ukey2Handshake::GetVerificationString(size_t output_length) {
@@ -77,14 +67,35 @@
 }
 
 std::string D2DConnectionContextV1::DecodeMessageFromPeer(std::string message, std::string associated_data) {
-    RustFFIByteArray array = decode_message_from_peer(handle_, messageToByteArray(message), messageToByteArray(associated_data));
+    CFFIByteArray messageRaw{
+        .handle = (uint8_t*)message.c_str(),
+        .len = message.length(),
+    };
+    CFFIByteArray associatedDataRaw{
+        .handle = (uint8_t*)associated_data.c_str(),
+        .len = associated_data.length(),
+    };
+    RustFFIByteArray array =
+        decode_message_from_peer(handle_, messageRaw, associatedDataRaw);
+    if (array.handle == nullptr) {
+        return "";
+    }
     std::string ret = std::string((const char*) array.handle, array.len);
     rust_dealloc_ffi_byte_array(array);
     return ret;
 }
 
 std::string D2DConnectionContextV1::EncodeMessageToPeer(std::string message, std::string associated_data) {
-    RustFFIByteArray array = encode_message_to_peer(handle_, messageToByteArray(message), messageToByteArray(associated_data));
+    CFFIByteArray messageRaw{
+        .handle = (uint8_t*)message.c_str(),
+        .len = message.length(),
+    };
+    CFFIByteArray associatedDataRaw{
+        .handle = (uint8_t*)associated_data.c_str(),
+        .len = associated_data.length(),
+    };
+    RustFFIByteArray array =
+        encode_message_to_peer(handle_, messageRaw, associatedDataRaw);
     std::string ret = std::string((const char*) array.handle, array.len);
     rust_dealloc_ffi_byte_array(array);
     return ret;
@@ -113,7 +124,11 @@
 }
 
 D2DRestoreConnectionContextV1Result D2DConnectionContextV1::FromSavedSession(std::string data) {
-    auto result = from_saved_session(messageToByteArray(data));
+    CFFIByteArray arr{
+        .handle = (uint8_t*)data.c_str(),
+        .len = data.length(),
+    };
+    auto result = from_saved_session(arr);
     return {
         D2DConnectionContextV1(result.handle),
         result.status,
diff --git a/nearby/connections/ukey2/ukey2_c_ffi/cpp/ukey2_test.cc b/nearby/connections/ukey2/ukey2_c_ffi/cpp/ukey2_test.cc
new file mode 100644
index 0000000..98ea07e
--- /dev/null
+++ b/nearby/connections/ukey2/ukey2_c_ffi/cpp/ukey2_test.cc
@@ -0,0 +1,90 @@
+// Copyright 2023 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#include <string>
+
+#include <gtest/gtest.h>
+#include "ukey2_ffi.h"
+
+namespace {
+TEST(Ukey2RustTest, HandshakeStartsIncomplete) {
+  Ukey2Handshake responder_handle = Ukey2Handshake::ForResponder();
+  Ukey2Handshake initiator_handle = Ukey2Handshake::ForInitiator();
+  ASSERT_FALSE(responder_handle.IsHandshakeComplete());
+  ASSERT_FALSE(initiator_handle.IsHandshakeComplete());
+}
+
+TEST(Ukey2RustTest, HandshakeComplete) {
+  Ukey2Handshake responder_handle = Ukey2Handshake::ForResponder();
+  Ukey2Handshake initiator_handle = Ukey2Handshake::ForInitiator();
+  responder_handle.ParseHandshakeMessage(
+      initiator_handle.GetNextHandshakeMessage());
+  initiator_handle.ParseHandshakeMessage(
+      responder_handle.GetNextHandshakeMessage());
+  responder_handle.ParseHandshakeMessage(
+      initiator_handle.GetNextHandshakeMessage());
+  ASSERT_TRUE(responder_handle.IsHandshakeComplete());
+  ASSERT_TRUE(initiator_handle.IsHandshakeComplete());
+}
+
+TEST(Ukey2RustTest, CanSendReceiveMessage) {
+  Ukey2Handshake responder_handle = Ukey2Handshake::ForResponder();
+  Ukey2Handshake initiator_handle = Ukey2Handshake::ForInitiator();
+  responder_handle.ParseHandshakeMessage(
+      initiator_handle.GetNextHandshakeMessage());
+  initiator_handle.ParseHandshakeMessage(
+      responder_handle.GetNextHandshakeMessage());
+  responder_handle.ParseHandshakeMessage(
+      initiator_handle.GetNextHandshakeMessage());
+  ASSERT_TRUE(responder_handle.IsHandshakeComplete());
+  ASSERT_TRUE(initiator_handle.IsHandshakeComplete());
+  D2DConnectionContextV1 responder_connection =
+      responder_handle.ToConnectionContext();
+  D2DConnectionContextV1 initiator_connection =
+      initiator_handle.ToConnectionContext();
+  std::string message = "hello world";
+  auto encoded = responder_connection.EncodeMessageToPeer(message, "assocdata");
+  ASSERT_NE(encoded, "");
+  auto decoded =
+      initiator_connection.DecodeMessageFromPeer(encoded, "assocdata");
+  EXPECT_EQ(message, decoded);
+}
+
+TEST(Ukey2RustTest, TestSaveRestoreSession) {
+  Ukey2Handshake responder_handle = Ukey2Handshake::ForResponder();
+  Ukey2Handshake initiator_handle = Ukey2Handshake::ForInitiator();
+  responder_handle.ParseHandshakeMessage(
+      initiator_handle.GetNextHandshakeMessage());
+  initiator_handle.ParseHandshakeMessage(
+      responder_handle.GetNextHandshakeMessage());
+  responder_handle.ParseHandshakeMessage(
+      initiator_handle.GetNextHandshakeMessage());
+  ASSERT_TRUE(responder_handle.IsHandshakeComplete());
+  ASSERT_TRUE(initiator_handle.IsHandshakeComplete());
+  D2DConnectionContextV1 responder_connection =
+      responder_handle.ToConnectionContext();
+  D2DConnectionContextV1 initiator_connection =
+      initiator_handle.ToConnectionContext();
+  auto saved_responder = responder_connection.SaveSession();
+  D2DRestoreConnectionContextV1Result restore_result =
+      D2DConnectionContextV1::FromSavedSession(saved_responder);
+  ASSERT_EQ(restore_result.status,
+            CD2DRestoreConnectionContextV1Status::STATUS_GOOD);
+  auto new_responder = restore_result.handle;
+  std::string encoded = new_responder.EncodeMessageToPeer("hello world", "");
+  std::string decoded = initiator_connection.DecodeMessageFromPeer(encoded, "");
+  EXPECT_EQ("hello world", decoded);
+}
+
+}  // namespace
diff --git a/nearby/connections/ukey2/ukey2_c_ffi/src/lib.rs b/nearby/connections/ukey2/ukey2_c_ffi/src/lib.rs
index 68d42c9..a044471 100644
--- a/nearby/connections/ukey2/ukey2_c_ffi/src/lib.rs
+++ b/nearby/connections/ukey2/ukey2_c_ffi/src/lib.rs
@@ -13,13 +13,13 @@
 // limitations under the License.
 
 use std::collections::HashMap;
-use std::ffi::CString;
 use std::ptr::null_mut;
 
 use lazy_static::lazy_static;
 use rand::Rng;
 use rand_chacha::rand_core::SeedableRng;
 use rand_chacha::ChaCha20Rng;
+use raw_parts::RawParts;
 use spin::Mutex;
 
 use ukey2_connections::{
@@ -38,6 +38,7 @@
 pub struct RustFFIByteArray {
     ptr: *mut u8,
     len: usize,
+    cap: usize,
 }
 
 #[repr(C)]
@@ -83,7 +84,12 @@
 #[no_mangle]
 pub unsafe extern "C" fn rust_dealloc_ffi_byte_array(arr: RustFFIByteArray) {
     if !arr.ptr.is_null() {
-        let _ = Vec::from_raw_parts(arr.ptr, arr.len, arr.len);
+        let raw_parts = RawParts {
+            ptr: arr.ptr,
+            length: arr.len,
+            capacity: arr.cap,
+        };
+        let _ = RawParts::into_vec(raw_parts);
     }
 }
 
@@ -104,16 +110,21 @@
         .get(&handle)
         .and_then(|c| c.get_next_handshake_message());
     if let Some(msg) = opt_msg {
-        let ret_len = msg.len();
-        let data: CString = unsafe { CString::from_vec_unchecked(msg) };
+        let RawParts {
+            ptr,
+            length,
+            capacity,
+        } = RawParts::from_vec(msg);
         RustFFIByteArray {
-            ptr: data.into_raw() as *mut u8,
-            len: ret_len,
+            ptr,
+            len: length,
+            cap: capacity,
         }
     } else {
         RustFFIByteArray {
             ptr: null_mut(),
             len: usize::MAX,
+            cap: usize::MAX,
         }
     }
 }
@@ -125,19 +136,20 @@
     handle: u64,
     arr: CFFIByteArray,
 ) -> RustFFIByteArray {
-    let msg = Vec::<u8>::from_raw_parts(arr.ptr, arr.len, arr.len);
+    let msg = std::slice::from_raw_parts(arr.ptr, arr.len);
     // TODO error handling
     let result = HANDLE_MAPPING
         .lock()
         .get_mut(&handle)
         .unwrap()
-        .handle_handshake_message(msg.as_slice());
+        .handle_handshake_message(msg);
     if let Err(error) = result {
         log::error!("{:?}", error);
     }
     RustFFIByteArray {
         ptr: null_mut(),
         len: usize::MAX,
+        cap: usize::MAX,
     }
 }
 
@@ -153,10 +165,15 @@
                 .auth_string::<CryptoProvider>()
                 .derive_vec(length)
                 .unwrap();
-            let vec_len = auth_vec.len();
+            let RawParts {
+                ptr,
+                length,
+                capacity,
+            } = RawParts::from_vec(auth_vec);
             RustFFIByteArray {
-                ptr: auth_vec.leak().as_mut_ptr(),
-                len: vec_len,
+                ptr,
+                len: length,
+                cap: capacity,
             }
         })
         .unwrap()
@@ -213,6 +230,7 @@
         return RustFFIByteArray {
             ptr: null_mut(),
             len: usize::MAX,
+            cap: usize::MAX,
         };
     }
     let msg = std::slice::from_raw_parts(msg.ptr, msg.len);
@@ -229,16 +247,22 @@
         .get_mut(&handle)
         .map(|c| c.encode_message_to_peer::<CryptoProvider, _>(msg, associated_data));
     if let Some(msg) = ret {
-        let len = msg.len();
+        let RawParts {
+            ptr,
+            length,
+            capacity,
+        } = RawParts::from_vec(msg);
         RustFFIByteArray {
-            ptr: msg.leak().as_mut_ptr(),
-            len,
+            ptr,
+            len: length,
+            cap: capacity,
         }
     } else {
         log::error!("Was unable to find handle!");
         RustFFIByteArray {
             ptr: null_mut(),
             len: usize::MAX,
+            cap: usize::MAX,
         }
     }
 }
@@ -248,13 +272,14 @@
 #[no_mangle]
 pub unsafe extern "C" fn decode_message_from_peer(
     handle: u64,
-    msg: RustFFIByteArray,
+    msg: CFFIByteArray,
     associated_data: CFFIByteArray,
 ) -> RustFFIByteArray {
     if msg.len == 0 {
         return RustFFIByteArray {
             ptr: null_mut(),
             len: usize::MAX,
+            cap: usize::MAX,
         };
     }
     let msg = std::slice::from_raw_parts(msg.ptr, msg.len);
@@ -272,15 +297,21 @@
         .unwrap()
         .decode_message_from_peer::<CryptoProvider, _>(msg, associated_data);
     if let Ok(decoded) = ret {
-        let len = decoded.len();
+        let RawParts {
+            ptr,
+            length,
+            capacity,
+        } = RawParts::from_vec(decoded);
         RustFFIByteArray {
-            ptr: decoded.leak().as_mut_ptr(),
-            len,
+            ptr,
+            len: length,
+            cap: capacity,
         }
     } else {
         RustFFIByteArray {
             ptr: null_mut(),
             len: usize::MAX,
+            cap: usize::MAX,
         }
     }
 }
@@ -292,10 +323,15 @@
         .get(&handle)
         .unwrap()
         .get_session_unique::<CryptoProvider>();
-    let handle_size = session_unique_bytes.len();
+    let RawParts {
+        ptr,
+        length,
+        capacity,
+    } = RawParts::from_vec(session_unique_bytes);
     RustFFIByteArray {
-        ptr: session_unique_bytes.leak().as_mut_ptr(),
-        len: handle_size,
+        ptr,
+        len: length,
+        cap: capacity,
     }
 }
 
@@ -324,10 +360,15 @@
         .get(&handle)
         .unwrap()
         .save_session();
-    let handle_size = key.len();
+    let RawParts {
+        ptr,
+        length,
+        capacity,
+    } = RawParts::from_vec(key);
     RustFFIByteArray {
-        ptr: key.leak().as_mut_ptr(),
-        len: handle_size,
+        ptr,
+        len: length,
+        cap: capacity,
     }
 }
 
diff --git a/nearby/connections/ukey2/ukey2_connections/fuzz/Cargo.lock b/nearby/connections/ukey2/ukey2_connections/fuzz/Cargo.lock
index 5c10cb6..2e61f80 100644
--- a/nearby/connections/ukey2/ukey2_connections/fuzz/Cargo.lock
+++ b/nearby/connections/ukey2/ukey2_connections/fuzz/Cargo.lock
@@ -197,9 +197,9 @@
 
 [[package]]
 name = "clap"
-version = "3.2.23"
+version = "3.2.24"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "71655c45cb9845d3270c9d6df84ebe72b4dad3c2ba3f7023ad47c144e4e473a5"
+checksum = "eef2b3ded6a26dfaec672a742c93c8cf6b689220324da509ec5caa20de55dc83"
 dependencies = [
  "bitflags",
  "clap_lex",
@@ -386,9 +386,9 @@
 
 [[package]]
 name = "der"
-version = "0.7.4"
+version = "0.7.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "86b14af2045fa69ed2b7a48934bebb842d0f33e73e96e78766ecb14bb5347a11"
+checksum = "bc906908ea6458456e5eaa160a9c08543ec3d1e6f71e2235cedd660cb65f9df0"
 dependencies = [
  "const-oid",
  "zeroize",
@@ -456,9 +456,9 @@
 
 [[package]]
 name = "elliptic-curve"
-version = "0.13.4"
+version = "0.13.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "75c71eaa367f2e5d556414a8eea812bc62985c879748d6403edabd9cb03f16e7"
+checksum = "6ea5a92946e8614bb585254898bb7dd1ddad241ace60c52149e3765e34cc039d"
 dependencies = [
  "base16ct",
  "crypto-bigint",
@@ -521,9 +521,9 @@
 
 [[package]]
 name = "generic-array"
-version = "0.14.7"
+version = "0.14.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "85649ca51fd72272d7821adaf274ad91c288277713d9c18820d8499a7ff69e9a"
+checksum = "bff49e947297f3312447abdca79f45f4738097cc82b06e72054d2223f601f1b9"
 dependencies = [
  "typenum",
  "version_check",
@@ -820,9 +820,9 @@
 
 [[package]]
 name = "p256"
-version = "0.13.2"
+version = "0.13.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c9863ad85fa8f4460f9c48cb909d38a0d689dba1f6f6988a5e3e0d31071bcd4b"
+checksum = "7270da3e5caa82afd3deb054cc237905853813aea3859544bc082c3fe55b8d47"
 dependencies = [
  "elliptic-curve",
  "primeorder",
@@ -892,9 +892,9 @@
 
 [[package]]
 name = "primeorder"
-version = "0.13.1"
+version = "0.13.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cf8d3875361e28f7753baefef104386e7aa47642c93023356d97fdef4003bfb5"
+checksum = "7613fdcc0831c10060fa69833ea8fa2caa94b6456f51e25356a885b530a2e3d0"
 dependencies = [
  "elliptic-curve",
 ]
@@ -1083,9 +1083,9 @@
 
 [[package]]
 name = "sec1"
-version = "0.7.2"
+version = "0.7.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f0aec48e813d6b90b15f0b8948af3c63483992dee44c03e9930b3eebdabe046e"
+checksum = "48518a2b5775ba8ca5b46596aae011caa431e6ce7e4a67ead66d92f08884220e"
 dependencies = [
  "base16ct",
  "der",
diff --git a/nearby/crypto/crypto_provider/Cargo.toml b/nearby/crypto/crypto_provider/Cargo.toml
index 69f7572..53eb974 100644
--- a/nearby/crypto/crypto_provider/Cargo.toml
+++ b/nearby/crypto/crypto_provider/Cargo.toml
@@ -4,42 +4,19 @@
 edition.workspace = true
 publish.workspace = true
 
-[dependencies]
-hex-literal = { workspace = true, optional = true }
-rand = { workspace = true, optional = true }
-rstest = { version = "0.16.0", optional = true }
-rstest_reuse = { version = "0.5.0", optional = true }
-wycheproof = { version = "0.4.0", optional = true }
-hex = { workspace = true, optional = true }
-test_helper = { workspace = true, optional = true }
-
 [dev-dependencies]
+criterion.workspace = true
+hex-literal.workspace = true
 crypto_provider_openssl.workspace = true
 crypto_provider_rustcrypto.workspace = true
-wycheproof = "0.4.0"
-hex-literal.workspace = true
-sha2.workspace = true
-criterion.workspace = true
 rand_ext.workspace = true
-hex.workspace = true
+rand.workspace = true
 
 [features]
 default = ["alloc", "gcm_siv"]
 std = []
 alloc = []
 gcm_siv = []
-testing = [
-    "dep:hex-literal",
-    "dep:rstest",
-    "dep:rstest_reuse",
-    "dep:wycheproof",
-    "dep:test_helper",
-    "std",
-    "rand",
-    "rand/std",
-    "rand/std_rng",
-    "dep:hex",
-]
 
 [[bench]]
 name = "hmac_bench"
diff --git a/nearby/crypto/crypto_provider/src/aes/cbc.rs b/nearby/crypto/crypto_provider/src/aes/cbc.rs
index d4211a6..e32c588 100644
--- a/nearby/crypto/crypto_provider/src/aes/cbc.rs
+++ b/nearby/crypto/crypto_provider/src/aes/cbc.rs
@@ -43,56 +43,3 @@
     /// correctly. Exposing padding errors can cause a padding oracle vulnerability.
     BadPadding,
 }
-
-/// Module for testing implementations of this crate.
-#[cfg(feature = "testing")]
-pub mod testing {
-    use super::{Aes256Key, AesCbcIv, AesCbcPkcs7Padded};
-    pub use crate::testing::prelude::*;
-    use core::marker::PhantomData;
-    use hex_literal::hex;
-    use rstest_reuse::template;
-
-    /// Tests for AES-256-CBC encryption
-    pub fn aes_256_cbc_test_encrypt<A: AesCbcPkcs7Padded>(_marker: PhantomData<A>) {
-        // http://google3/third_party/wycheproof/testvectors/aes_cbc_pkcs5_test.json;l=1492;rcl=264817632
-        let key: Aes256Key =
-            hex!("665a02bc265a66d01775091da56726b6668bfd903cb7af66fb1b78a8a062e43c").into();
-        let iv: AesCbcIv = hex!("3fb0d5ecd06c71150748b599595833cb");
-        let msg = hex!("3f56935def3f");
-        let expected_ciphertext = hex!("3f3f39697bd7e88d85a14132be1cbc48");
-        assert_eq!(A::encrypt(&key, &iv, &msg), expected_ciphertext);
-    }
-
-    /// Tests for AES-256-CBC decryption
-    pub fn aes_256_cbc_test_decrypt<A: AesCbcPkcs7Padded>(_marker: PhantomData<A>) {
-        // http://google3/third_party/wycheproof/testvectors/aes_cbc_pkcs5_test.json;l=1492;rcl=264817632
-        let key: Aes256Key =
-            hex!("665a02bc265a66d01775091da56726b6668bfd903cb7af66fb1b78a8a062e43c").into();
-        let iv: AesCbcIv = hex!("3fb0d5ecd06c71150748b599595833cb");
-        let ciphertext = hex!("3f3f39697bd7e88d85a14132be1cbc48");
-        let expected_msg = hex!("3f56935def3f");
-        assert_eq!(A::decrypt(&key, &iv, &ciphertext).unwrap(), expected_msg);
-    }
-
-    /// Generates the test cases to validate the AES-256-CBC implementation.
-    /// For example, to test `MyAesCbc256Impl`:
-    ///
-    /// ```
-    /// use crypto_provider::aes::cbc::testing::*;
-    ///
-    /// mod tests {
-    ///     #[apply(aes_256_cbc_test_cases)]
-    ///     fn aes_256_cbc_tests(
-    ///             testcase: CryptoProviderTestCases<PhantomData<MyAesCbc256Impl>>) {
-    ///         testcase(PhantomData);
-    ///     }
-    /// }
-    /// ```
-    #[template]
-    #[export]
-    #[rstest]
-    #[case::encrypt(aes_256_cbc_test_encrypt)]
-    #[case::decrypt(aes_256_cbc_test_decrypt)]
-    fn aes_256_cbc_test_cases<A: AesCbcPkcs7Padded>(#[case] testcase: CryptoProviderTestCases<F>) {}
-}
diff --git a/nearby/crypto/crypto_provider/src/aes/ctr.rs b/nearby/crypto/crypto_provider/src/aes/ctr.rs
index c7f5d5f..acfe4ef 100644
--- a/nearby/crypto/crypto_provider/src/aes/ctr.rs
+++ b/nearby/crypto/crypto_provider/src/aes/ctr.rs
@@ -33,178 +33,3 @@
     /// Decrypt the data in place, advancing the counter state appropriately.
     fn decrypt(&mut self, data: &mut [u8]);
 }
-
-/// Module for testing implementations of this crate.
-#[cfg(feature = "testing")]
-pub mod testing {
-    use super::AesCtr;
-    use crate::aes::{Aes128Key, Aes256Key};
-    pub use crate::testing::prelude;
-    use core::marker;
-    use hex_literal::hex;
-    use rstest_reuse::template;
-
-    /// Test AES-128-CTR encryption
-    pub fn aes_128_ctr_test_encrypt<A: AesCtr<Key = Aes128Key>>(_marker: marker::PhantomData<A>) {
-        // https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38a.pdf F.5.1
-        let key: Aes128Key = hex!("2b7e151628aed2a6abf7158809cf4f3c").into();
-        let iv = hex!("f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff");
-        let mut block: [u8; 16];
-        let mut cipher = A::new(&key, iv);
-
-        block = hex!("6bc1bee22e409f96e93d7e117393172a");
-        cipher.encrypt(&mut block);
-        let expected_ciphertext_1 = hex!("874d6191b620e3261bef6864990db6ce");
-        assert_eq!(expected_ciphertext_1, block);
-
-        block = hex!("ae2d8a571e03ac9c9eb76fac45af8e51");
-        cipher.encrypt(&mut block);
-        let expected_ciphertext_2 = hex!("9806f66b7970fdff8617187bb9fffdff");
-        assert_eq!(expected_ciphertext_2, block);
-
-        block = hex!("30c81c46a35ce411e5fbc1191a0a52ef");
-        cipher.encrypt(&mut block);
-        let expected_ciphertext_3 = hex!("5ae4df3edbd5d35e5b4f09020db03eab");
-        assert_eq!(expected_ciphertext_3, block);
-
-        block = hex!("f69f2445df4f9b17ad2b417be66c3710");
-        cipher.encrypt(&mut block);
-        let expected_ciphertext_3 = hex!("1e031dda2fbe03d1792170a0f3009cee");
-        assert_eq!(expected_ciphertext_3, block);
-    }
-
-    /// Test AES-128-CTR decryption
-    pub fn aes_128_ctr_test_decrypt<A: AesCtr<Key = Aes128Key>>(_marker: marker::PhantomData<A>) {
-        // https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38a.pdf F.5.2
-        let key: Aes128Key = hex!("2b7e151628aed2a6abf7158809cf4f3c").into();
-        let iv = hex!("f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff");
-        let mut block: [u8; 16];
-        let mut cipher = A::new(&key, iv);
-
-        block = hex!("874d6191b620e3261bef6864990db6ce");
-        cipher.encrypt(&mut block);
-        let expected_plaintext_1 = hex!("6bc1bee22e409f96e93d7e117393172a");
-        assert_eq!(expected_plaintext_1, block);
-
-        block = hex!("9806f66b7970fdff8617187bb9fffdff");
-        cipher.encrypt(&mut block);
-        let expected_plaintext_2 = hex!("ae2d8a571e03ac9c9eb76fac45af8e51");
-        assert_eq!(expected_plaintext_2, block);
-
-        block = hex!("5ae4df3edbd5d35e5b4f09020db03eab");
-        cipher.encrypt(&mut block);
-        let expected_plaintext_3 = hex!("30c81c46a35ce411e5fbc1191a0a52ef");
-        assert_eq!(expected_plaintext_3, block);
-
-        block = hex!("1e031dda2fbe03d1792170a0f3009cee");
-        cipher.encrypt(&mut block);
-        let expected_plaintext_3 = hex!("f69f2445df4f9b17ad2b417be66c3710");
-        assert_eq!(expected_plaintext_3, block);
-    }
-
-    /// Test AES-256-CTR encryption
-    pub fn aes_256_ctr_test_encrypt<A: AesCtr<Key = Aes256Key>>(_marker: marker::PhantomData<A>) {
-        // https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38a.pdf F.5.5
-        let key: Aes256Key =
-            hex!("603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4").into();
-        let iv = hex!("f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff");
-        let mut block: [u8; 16];
-        let mut cipher = A::new(&key, iv);
-
-        block = hex!("6bc1bee22e409f96e93d7e117393172a");
-        cipher.encrypt(&mut block);
-        let expected_ciphertext_1 = hex!("601ec313775789a5b7a7f504bbf3d228");
-        assert_eq!(expected_ciphertext_1, block);
-
-        block = hex!("ae2d8a571e03ac9c9eb76fac45af8e51");
-        cipher.encrypt(&mut block);
-        let expected_ciphertext_2 = hex!("f443e3ca4d62b59aca84e990cacaf5c5");
-        assert_eq!(expected_ciphertext_2, block);
-
-        block = hex!("30c81c46a35ce411e5fbc1191a0a52ef");
-        cipher.encrypt(&mut block);
-        let expected_ciphertext_3 = hex!("2b0930daa23de94ce87017ba2d84988d");
-        assert_eq!(expected_ciphertext_3, block);
-
-        block = hex!("f69f2445df4f9b17ad2b417be66c3710");
-        cipher.encrypt(&mut block);
-        let expected_ciphertext_3 = hex!("dfc9c58db67aada613c2dd08457941a6");
-        assert_eq!(expected_ciphertext_3, block);
-    }
-
-    /// Test AES-256-CTR decryption
-    pub fn aes_256_ctr_test_decrypt<A: AesCtr<Key = Aes256Key>>(_marker: marker::PhantomData<A>) {
-        // https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38a.pdf F.5.6
-        let key: Aes256Key =
-            hex!("603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4").into();
-        let iv = hex!("f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff");
-        let mut block: [u8; 16];
-        let mut cipher = A::new(&key, iv);
-
-        block = hex!("601ec313775789a5b7a7f504bbf3d228");
-        cipher.encrypt(&mut block);
-        let expected_plaintext_1 = hex!("6bc1bee22e409f96e93d7e117393172a");
-        assert_eq!(expected_plaintext_1, block);
-
-        block = hex!("f443e3ca4d62b59aca84e990cacaf5c5");
-        cipher.encrypt(&mut block);
-        let expected_plaintext_2 = hex!("ae2d8a571e03ac9c9eb76fac45af8e51");
-        assert_eq!(expected_plaintext_2, block);
-
-        block = hex!("2b0930daa23de94ce87017ba2d84988d");
-        cipher.encrypt(&mut block);
-        let expected_plaintext_3 = hex!("30c81c46a35ce411e5fbc1191a0a52ef");
-        assert_eq!(expected_plaintext_3, block);
-
-        block = hex!("dfc9c58db67aada613c2dd08457941a6");
-        cipher.encrypt(&mut block);
-        let expected_plaintext_3 = hex!("f69f2445df4f9b17ad2b417be66c3710");
-        assert_eq!(expected_plaintext_3, block);
-    }
-
-    /// Generates the test cases to validate the AES-128-CTR implementation.
-    /// For example, to test `MyAesCtr128Impl`:
-    ///
-    /// ```
-    /// use crypto_provider::aes::ctr::testing::*;
-    ///
-    /// mod tests {
-    ///     #[apply(aes_128_ctr_test_cases)]
-    ///     fn aes_128_ctr_tests(testcase: CryptoProviderTestCase<MyAesCtr128Impl>) {
-    ///         testcase(MyAesCtr128Impl);
-    ///     }
-    /// }
-    /// ```
-    #[template]
-    #[export]
-    #[rstest]
-    #[case::encrypt(aes_128_ctr_test_encrypt)]
-    #[case::decrypt(aes_128_ctr_test_decrypt)]
-    fn aes_128_ctr_test_cases<F: AesCtrFactory<Key = Aes128Key>>(
-        #[case] testcase: CryptoProviderTestCase<F>,
-    ) {
-    }
-
-    /// Generates the test cases to validate the AES-256-CTR implementation.
-    /// For example, to test `MyAesCtr256Impl`:
-    ///
-    /// ```
-    /// use crypto_provider::aes::ctr::testing::*;
-    ///
-    /// mod tests {
-    ///     #[apply(aes_256_ctr_test_cases_impl)]
-    ///     fn aes_256_ctr_tests(testcase: CryptoProviderTestCase<MyAesCtr256Impl>) {
-    ///         testcase(MyAesCtr256Impl);
-    ///     }
-    /// }
-    /// ```
-    #[template]
-    #[export]
-    #[rstest]
-    #[case::encrypt(aes_256_ctr_test_encrypt)]
-    #[case::decrypt(aes_256_ctr_test_decrypt)]
-    fn aes_256_ctr_test_cases<F: AesCtrFactory<Key = Aes256Key>>(
-        #[case] testcase: CryptoProviderTestCase<F>,
-    ) {
-    }
-}
diff --git a/nearby/crypto/crypto_provider/src/aes/gcm_siv.rs b/nearby/crypto/crypto_provider/src/aes/gcm_siv.rs
index 2d683b2..dabb10d 100644
--- a/nearby/crypto/crypto_provider/src/aes/gcm_siv.rs
+++ b/nearby/crypto/crypto_provider/src/aes/gcm_siv.rs
@@ -46,119 +46,3 @@
     /// in order to properly decrypt the message.
     fn decrypt(&self, data: &mut Vec<u8>, aad: &[u8], nonce: &[u8]) -> Result<(), GcmSivError>;
 }
-
-/// Module for testing implementations of this crate.
-#[cfg(feature = "testing")]
-pub mod testing {
-    extern crate alloc;
-
-    use alloc::vec::Vec;
-    use core::marker;
-
-    use hex_literal::hex;
-    use rstest_reuse::template;
-
-    use crate::aes::{Aes128Key, Aes256Key};
-    pub use crate::testing::prelude;
-
-    use super::AesGcmSiv;
-
-    /// Test AES-GCM-SIV-128 encryption/decryption
-    pub fn aes_128_gcm_siv_test<A: AesGcmSiv<Key = Aes128Key>>(_marker: marker::PhantomData<A>) {
-        // https://github.com/google/wycheproof/blob/master/testvectors/aes_gcm_siv_test.json
-        // TC1
-        let test_key = hex!("01000000000000000000000000000000");
-        let nonce = hex!("030000000000000000000000");
-        let aes = A::new(&test_key.into());
-        let msg = hex!("");
-        let mut buf = Vec::from(msg.as_slice());
-        let tag = hex!("dc20e2d83f25705bb49e439eca56de25");
-        assert!(aes.encrypt(&mut buf, b"", &nonce).is_ok());
-        assert_eq!(&buf[..], &tag);
-        // TC2
-        let msg = hex!("0100000000000000");
-        let ct = hex!("b5d839330ac7b786");
-        let tag = hex!("578782fff6013b815b287c22493a364c");
-        let mut buf = Vec::from(msg.as_slice());
-        assert!(aes.encrypt(&mut buf, b"", &nonce).is_ok());
-        assert_eq!(&buf[..8], &ct);
-        assert_eq!(&buf[8..], &tag);
-        assert!(aes.decrypt(&mut buf, b"", &nonce).is_ok());
-        assert_eq!(&buf[..], &msg);
-    }
-
-    /// Test AES-256-GCM-SIV encryption/decryption
-    pub fn aes_256_gcm_siv_test<A: AesGcmSiv<Key = Aes256Key>>(_marker: marker::PhantomData<A>) {
-        // https://github.com/google/wycheproof/blob/master/testvectors/aes_gcm_siv_test.json
-        // TC77
-        let test_key = hex!("0100000000000000000000000000000000000000000000000000000000000000");
-        let nonce = hex!("030000000000000000000000");
-        let aes = A::new(&test_key.into());
-        let msg = hex!("0100000000000000");
-        let mut buf = Vec::new();
-        buf.extend_from_slice(&msg);
-        let ct = hex!("c2ef328e5c71c83b");
-        let tag = hex!("843122130f7364b761e0b97427e3df28");
-        assert!(aes.encrypt(&mut buf, b"", &nonce).is_ok());
-        assert_eq!(&buf[..8], &ct);
-        assert_eq!(&buf[8..], &tag);
-        assert!(aes.decrypt(&mut buf, b"", &nonce).is_ok());
-        assert_eq!(&buf[..], &msg);
-        // TC78
-        let msg = hex!("010000000000000000000000");
-        let ct = hex!("9aab2aeb3faa0a34aea8e2b1");
-        let tag = hex!("8ca50da9ae6559e48fd10f6e5c9ca17e");
-        let mut buf = Vec::from(msg.as_slice());
-        assert!(aes.encrypt(&mut buf, b"", &nonce).is_ok());
-        assert_eq!(&buf[..12], &ct);
-        assert_eq!(&buf[12..], &tag);
-        assert!(aes.decrypt(&mut buf, b"", &nonce).is_ok());
-        assert_eq!(&buf[..], &msg);
-    }
-
-    /// Generates the test cases to validate the AES-128-GCM-SIV implementation.
-    /// For example, to test `MyAesGcmSiv128Impl`:
-    ///
-    /// ```
-    /// use crypto_provider::aes::gcm_siv::testing::*;
-    ///
-    /// mod tests {
-    ///     #[apply(aes_128_gcm_siv_test_cases)]
-    ///     fn aes_128_gcm_siv_tests(testcase: CryptoProviderTestCase<MyAesGcmSivImpl>) {
-    ///         testcase(MyAesGcmSiv128Impl);
-    ///     }
-    /// }
-    /// ```
-    #[template]
-    #[export]
-    #[rstest]
-    #[case::encrypt(aes_128_gcm_siv_test)]
-    #[case::decrypt(aes_128_gcm_siv_test)]
-    fn aes_128_gcm_siv_test_cases<F: AesGcmSivFactory<Key = Aes128Key>>(
-        #[case] testcase: CryptoProviderTestCase<F>,
-    ) {
-    }
-
-    /// Generates the test cases to validate the AES-256-GCM-SIV implementation.
-    /// For example, to test `MyAesGcmSiv256Impl`:
-    ///
-    /// ```
-    /// use crypto_provider::aes::gcm_siv::testing::*;
-    ///
-    /// mod tests {
-    ///     #[apply(aes_256_gcm_siv_test_cases)]
-    ///     fn aes_256_gcm_siv_tests(testcase: CryptoProviderTestCase<MyAesGcmSiv256Impl>) {
-    ///         testcase(MyAesGcmSiv256Impl);
-    ///     }
-    /// }
-    /// ```
-    #[template]
-    #[export]
-    #[rstest]
-    #[case::encrypt(aes_256_gcm_siv_test)]
-    #[case::decrypt(aes_256_gcm_siv_test)]
-    fn aes_256_gcm_siv_test_cases<F: AesGcmSivFactory<Key = Aes256Key>>(
-        #[case] testcase: CryptoProviderTestCase<F>,
-    ) {
-    }
-}
diff --git a/nearby/crypto/crypto_provider/src/aes/mod.rs b/nearby/crypto/crypto_provider/src/aes/mod.rs
index 240f11d..9526488 100644
--- a/nearby/crypto/crypto_provider/src/aes/mod.rs
+++ b/nearby/crypto/crypto_provider/src/aes/mod.rs
@@ -161,207 +161,3 @@
         Self { key: arr }
     }
 }
-
-/// Module for testing implementations of this crate.
-#[cfg(feature = "testing")]
-pub mod testing {
-    use super::*;
-    pub use crate::testing::prelude::*;
-    use core::marker;
-    use hex_literal::hex;
-    use rstest_reuse::template;
-
-    /// Test encryption with AES-128
-    pub fn aes_128_test_encrypt<A: AesEncryptCipher<Key = Aes128Key>>(
-        _marker: marker::PhantomData<A>,
-    ) {
-        // https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38a.pdf F.1.1
-        let key: Aes128Key = hex!("2b7e151628aed2a6abf7158809cf4f3c").into();
-        let mut block = [0_u8; 16];
-        let enc_cipher = A::new(&key);
-
-        block.copy_from_slice(&hex!("6bc1bee22e409f96e93d7e117393172a"));
-        enc_cipher.encrypt(&mut block);
-        assert_eq!(hex!("3ad77bb40d7a3660a89ecaf32466ef97"), block);
-
-        block.copy_from_slice(&hex!("ae2d8a571e03ac9c9eb76fac45af8e51"));
-        enc_cipher.encrypt(&mut block);
-        assert_eq!(hex!("f5d3d58503b9699de785895a96fdbaaf"), block);
-
-        block.copy_from_slice(&hex!("30c81c46a35ce411e5fbc1191a0a52ef"));
-        enc_cipher.encrypt(&mut block);
-        assert_eq!(hex!("43b1cd7f598ece23881b00e3ed030688"), block);
-
-        block.copy_from_slice(&hex!("f69f2445df4f9b17ad2b417be66c3710"));
-        enc_cipher.encrypt(&mut block);
-        assert_eq!(hex!("7b0c785e27e8ad3f8223207104725dd4"), block);
-    }
-
-    /// Test decryption with AES-128
-    pub fn aes_128_test_decrypt<A: AesDecryptCipher<Key = Aes128Key>>(
-        _marker: marker::PhantomData<A>,
-    ) {
-        // https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38a.pdf F.1.2
-        let key: Aes128Key = hex!("2b7e151628aed2a6abf7158809cf4f3c").into();
-        let mut block = [0_u8; 16];
-        let dec_cipher = A::new(&key);
-
-        block.copy_from_slice(&hex!("3ad77bb40d7a3660a89ecaf32466ef97"));
-        dec_cipher.decrypt(&mut block);
-        assert_eq!(hex!("6bc1bee22e409f96e93d7e117393172a"), block);
-
-        block.copy_from_slice(&hex!("f5d3d58503b9699de785895a96fdbaaf"));
-        dec_cipher.decrypt(&mut block);
-        assert_eq!(hex!("ae2d8a571e03ac9c9eb76fac45af8e51"), block);
-
-        block.copy_from_slice(&hex!("43b1cd7f598ece23881b00e3ed030688"));
-        dec_cipher.decrypt(&mut block);
-        assert_eq!(hex!("30c81c46a35ce411e5fbc1191a0a52ef"), block);
-
-        block.copy_from_slice(&hex!("7b0c785e27e8ad3f8223207104725dd4"));
-        dec_cipher.decrypt(&mut block);
-        assert_eq!(hex!("f69f2445df4f9b17ad2b417be66c3710"), block);
-    }
-
-    /// Test encryption with AES-256
-    pub fn aes_256_test_encrypt<A: AesEncryptCipher<Key = Aes256Key>>(
-        _marker: marker::PhantomData<A>,
-    ) {
-        // https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38a.pdf F.1.5
-        let key: Aes256Key =
-            hex!("603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4").into();
-        let mut block: [u8; 16];
-        let enc_cipher = A::new(&key);
-
-        block = hex!("6bc1bee22e409f96e93d7e117393172a");
-        enc_cipher.encrypt(&mut block);
-        assert_eq!(hex!("f3eed1bdb5d2a03c064b5a7e3db181f8"), block);
-
-        block = hex!("ae2d8a571e03ac9c9eb76fac45af8e51");
-        enc_cipher.encrypt(&mut block);
-        assert_eq!(hex!("591ccb10d410ed26dc5ba74a31362870"), block);
-
-        block = hex!("30c81c46a35ce411e5fbc1191a0a52ef");
-        enc_cipher.encrypt(&mut block);
-        assert_eq!(hex!("b6ed21b99ca6f4f9f153e7b1beafed1d"), block);
-
-        block = hex!("f69f2445df4f9b17ad2b417be66c3710");
-        enc_cipher.encrypt(&mut block);
-        assert_eq!(hex!("23304b7a39f9f3ff067d8d8f9e24ecc7"), block);
-    }
-
-    /// Test decryption with AES-256
-    pub fn aes_256_test_decrypt<A: AesDecryptCipher<Key = Aes256Key>>(
-        _marker: marker::PhantomData<A>,
-    ) {
-        // https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38a.pdf F.1.6
-        let key: Aes256Key =
-            hex!("603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4").into();
-        let mut block: [u8; 16];
-        let dec_cipher = A::new(&key);
-
-        block = hex!("f3eed1bdb5d2a03c064b5a7e3db181f8");
-        dec_cipher.decrypt(&mut block);
-        assert_eq!(hex!("6bc1bee22e409f96e93d7e117393172a"), block);
-
-        block = hex!("591ccb10d410ed26dc5ba74a31362870");
-        dec_cipher.decrypt(&mut block);
-        assert_eq!(hex!("ae2d8a571e03ac9c9eb76fac45af8e51"), block);
-
-        block = hex!("b6ed21b99ca6f4f9f153e7b1beafed1d");
-        dec_cipher.decrypt(&mut block);
-        assert_eq!(hex!("30c81c46a35ce411e5fbc1191a0a52ef"), block);
-
-        block = hex!("23304b7a39f9f3ff067d8d8f9e24ecc7");
-        dec_cipher.decrypt(&mut block);
-        assert_eq!(hex!("f69f2445df4f9b17ad2b417be66c3710"), block);
-    }
-
-    /// Generates the test cases to validate the AES-128 implementation.
-    /// For example, to test `MyAes128Impl`:
-    ///
-    /// ```
-    /// use crypto_provider::aes::testing::*;
-    ///
-    /// mod tests {
-    ///     #[apply(aes_128_encrypt_test_cases)]
-    ///     fn aes_128_tests(f: CryptoProviderTestCase<MyAes128Impl>) {
-    ///         f(MyAes128Impl);
-    ///     }
-    /// }
-    /// ```
-    #[template]
-    #[export]
-    #[rstest]
-    #[case::encrypt(aes_128_test_encrypt)]
-    fn aes_128_encrypt_test_cases<A: AesFactory<Key = Aes128Key>>(
-        #[case] testcase: CryptoProviderTestCase<F>,
-    ) {
-    }
-
-    /// Generates the test cases to validate the AES-128 implementation.
-    /// For example, to test `MyAes128Impl`:
-    ///
-    /// ```
-    /// use crypto_provider::aes::testing::*;
-    ///
-    /// mod tests {
-    ///     #[apply(aes_128_decrypt_test_cases)]
-    ///     fn aes_128_tests(f: CryptoProviderTestCase<MyAes128Impl>) {
-    ///         f(MyAes128Impl);
-    ///     }
-    /// }
-    /// ```
-    #[template]
-    #[export]
-    #[rstest]
-    #[case::decrypt(aes_128_test_decrypt)]
-    fn aes_128_decrypt_test_cases<F: AesFactory<Key = Aes128Key>>(
-        #[case] testcase: CryptoProviderTestCase<F>,
-    ) {
-    }
-
-    /// Generates the test cases to validate the AES-256 implementation.
-    /// For example, to test `MyAes256Impl`:
-    ///
-    /// ```
-    /// use crypto_provider::aes::testing::*;
-    ///
-    /// mod tests {
-    ///     #[apply(aes_256_encrypt_test_cases)]
-    ///     fn aes_256_tests(f: CryptoProviderTestCase<MyAes256Impl>) {
-    ///         f(MyAes256Impl);
-    ///     }
-    /// }
-    /// ```
-    #[template]
-    #[export]
-    #[rstest]
-    #[case::encrypt(aes_256_test_encrypt)]
-    fn aes_256_encrypt_test_cases<F: AesFactory<Key = Aes256Key>>(
-        #[case] testcase: CryptoProviderTestCase<F>,
-    ) {
-    }
-
-    /// Generates the test cases to validate the AES-256 implementation.
-    /// For example, to test `MyAes256Impl`:
-    ///
-    /// ```
-    /// use crypto_provider::aes::testing::*;
-    ///
-    /// mod tests {
-    ///     #[apply(aes_256_decrypt_test_cases)]
-    ///     fn aes_256_tests(f: CryptoProviderTestCase<MyAes256Impl>) {
-    ///         f(MyAes256Impl);
-    ///     }
-    /// }
-    /// ```
-    #[template]
-    #[export]
-    #[rstest]
-    #[case::decrypt(aes_256_test_decrypt)]
-    fn aes_256_decrypt_test_cases<F: AesFactory<Key = Aes256Key>>(
-        #[case] testcase: CryptoProviderTestCase<F>,
-    ) {
-    }
-}
diff --git a/nearby/crypto/crypto_provider/src/ed25519.rs b/nearby/crypto/crypto_provider/src/ed25519.rs
index 4cee2da..e8fc176 100644
--- a/nearby/crypto/crypto_provider/src/ed25519.rs
+++ b/nearby/crypto/crypto_provider/src/ed25519.rs
@@ -112,146 +112,3 @@
 /// Error returned if invalid signature bytes are provided
 #[derive(Debug)]
 pub struct InvalidSignature;
-
-#[cfg(feature = "testing")]
-/// Utilities for testing. Implementations can use the test cases and functions provided to test
-/// their implementation.
-pub mod testing {
-    extern crate alloc;
-    extern crate std;
-
-    use crate::ed25519::{Ed25519Provider, KeyPair, PublicKey, Signature};
-    use alloc::borrow::ToOwned;
-    use alloc::string::String;
-    use alloc::vec::Vec;
-    use wycheproof::TestResult;
-
-    // These are test vectors from the creators of Ed25519: https://ed25519.cr.yp.to/ which are referenced
-    // as the SOT for the test vectors in the RFC: https://www.rfc-editor.org/rfc/rfc8032#section-7.1
-    // The vectors have been formatted into a easily parsable/readable format by libgcrypt which is
-    // also used for test cases in the above RFC:
-    // https://dev.gnupg.org/source/libgcrypt/browse/master/tests/t-ed25519.inp
-    const PATH_TO_RFC_VECTORS_FILE: &str =
-        "crypto/crypto_provider/src/testdata/ecdsa/rfc_test_vectors.txt";
-
-    /// Runs set of Ed25519 wycheproof test vectors against a provided ed25519 implementation
-    /// Tests vectors from Project Wycheproof: <https://github.com/google/wycheproof>
-    pub fn run_wycheproof_test_vectors<E>()
-    where
-        E: Ed25519Provider,
-    {
-        let test_set = wycheproof::eddsa::TestSet::load(wycheproof::eddsa::TestName::Ed25519)
-            .expect("should be able to load test set");
-
-        for test_group in test_set.test_groups {
-            let key_pair = test_group.key;
-            let public_key = key_pair.pk;
-            let secret_key = key_pair.sk;
-
-            for test in test_group.tests {
-                let tc_id = test.tc_id;
-                let comment = test.comment;
-                let sig = test.sig;
-                let msg = test.msg;
-
-                let valid = match test.result {
-                    TestResult::Invalid => false,
-                    TestResult::Valid | TestResult::Acceptable => true,
-                };
-                let result = run_test::<E>(
-                    public_key.clone(),
-                    secret_key.clone(),
-                    sig.clone(),
-                    msg.clone(),
-                );
-                if valid {
-                    if let Err(desc) = result {
-                        panic!(
-                            "\n\
-                         Failed test {}: {}\n\
-                         msg:\t{:?}\n\
-                         sig:\t{:?}\n\
-                         comment:\t{:?}\n",
-                            tc_id, desc, msg, sig, comment,
-                        );
-                    }
-                } else {
-                    assert!(result.is_err())
-                }
-            }
-        }
-    }
-
-    /// Runs the RFC specified test vectors against an Ed25519 implementation
-    pub fn run_rfc_test_vectors<E>()
-    where
-        E: Ed25519Provider,
-    {
-        let file_contents =
-            std::fs::read_to_string(test_helper::get_data_file(PATH_TO_RFC_VECTORS_FILE))
-                .expect("should be able to read file");
-
-        let mut split_cases: Vec<&str> = file_contents.as_str().split("\n\n").collect();
-        // remove the comments
-        split_cases.remove(0);
-        for case in split_cases {
-            let test_case: Vec<&str> = case.split('\n').collect();
-
-            let tc_id = extract_string(test_case[0]);
-            let sk = extract_hex(test_case[1]);
-            let pk = extract_hex(test_case[2]);
-            let msg = extract_hex(test_case[3]);
-            let sig = extract_hex(test_case[4]);
-
-            let result = run_test::<E>(pk.clone(), sk.clone(), sig.clone(), msg.clone());
-            if let Err(desc) = result {
-                panic!(
-                    "\n\
-                         Failed test {}: {}\n\
-                         msg:\t{:?}\n\
-                         sig:\t{:?}\n\"",
-                    tc_id, desc, msg, sig,
-                );
-            }
-        }
-    }
-
-    fn extract_hex(line: &str) -> Vec<u8> {
-        test_helper::string_to_hex(extract_string(line).as_str())
-    }
-
-    fn extract_string(line: &str) -> String {
-        line.split(':').collect::<Vec<&str>>()[1].trim().to_owned()
-    }
-
-    fn run_test<E>(
-        pub_key: Vec<u8>,
-        secret_key: Vec<u8>,
-        sig: Vec<u8>,
-        msg: Vec<u8>,
-    ) -> Result<(), &'static str>
-    where
-        E: Ed25519Provider,
-    {
-        let kp_bytes: [u8; 64] = [secret_key.as_slice(), pub_key.as_slice()]
-            .concat()
-            .try_into()
-            .map_err(|_| "invalid length keypair")?;
-        let kp = E::KeyPair::from_bytes(kp_bytes)
-            .map_err(|_| "Should be able to create Keypair from bytes")?;
-
-        let sig_result = kp.sign(msg.as_slice());
-        (sig.as_slice() == sig_result.to_bytes())
-            .then_some(())
-            .ok_or("sig not matching expected")?;
-        let signature = E::Signature::from_bytes(sig.as_slice())
-            .map_err(|_| "unable to parse sign from test case")?;
-
-        let pub_key = kp.public();
-        pub_key
-            .verify_strict(msg.as_slice(), &signature)
-            .map_err(|_| "verify failed")?;
-
-        Ok(())
-    }
-}
diff --git a/nearby/crypto/crypto_provider/src/elliptic_curve.rs b/nearby/crypto/crypto_provider/src/elliptic_curve.rs
index 75b12b1..d06a21d 100644
--- a/nearby/crypto/crypto_provider/src/elliptic_curve.rs
+++ b/nearby/crypto/crypto_provider/src/elliptic_curve.rs
@@ -57,18 +57,6 @@
     ) -> Result<<Self::Impl as EcdhProvider<C>>::SharedSecret, Self::Error>;
 }
 
-/// Trait for an ephemeral secret for functions used in testing.
-#[cfg(feature = "testing")]
-pub trait EphemeralSecretForTesting<C: Curve>: EphemeralSecret<C> {
-    /// Creates an ephemeral secret from the given private and public components.
-    fn from_private_components(
-        _private_bytes: &[u8; 32],
-        _public_key: &<Self::Impl as EcdhProvider<C>>::PublicKey,
-    ) -> Result<Self, Self::Error>
-    where
-        Self: Sized;
-}
-
 /// Trait for a public key used for elliptic curve diffie hellman.
 pub trait PublicKey<E: Curve>: Sized + PartialEq + Debug {
     /// The error type associated with Public Key.
diff --git a/nearby/crypto/crypto_provider/src/hkdf.rs b/nearby/crypto/crypto_provider/src/hkdf.rs
index c905302..dab4e13 100644
--- a/nearby/crypto/crypto_provider/src/hkdf.rs
+++ b/nearby/crypto/crypto_provider/src/hkdf.rs
@@ -33,292 +33,3 @@
 /// an invalid length
 #[derive(Debug)]
 pub struct InvalidLength;
-
-/// Test cases exported for testing specific hkdf implementations
-#[cfg(feature = "testing")]
-pub mod testing {
-    extern crate alloc;
-    use crate::hkdf::Hkdf;
-    pub use crate::testing::prelude::*;
-    use crate::CryptoProvider;
-    use alloc::vec;
-    use alloc::vec::Vec;
-    use core::iter;
-    use core::marker::PhantomData;
-    use hex_literal::hex;
-    use rstest_reuse::template;
-
-    /// Generates the test cases to validate the hkdf implementation.
-    /// For example, to test `MyCryptoProvider`:
-    ///
-    /// ```
-    /// mod tests {
-    ///     use std::marker::PhantomData;
-    ///     use crypto_provider::testing::CryptoProviderTestCase;
-    ///     #[apply(hkdf_test_cases)]
-    ///     fn hkdf_tests(testcase: CryptoProviderTestCase<MyCryptoProvider>){
-    ///         testcase(PhantomData::<MyCryptoProvider>);
-    ///     }
-    /// }
-    /// ```
-    #[template]
-    #[export]
-    #[rstest]
-    #[case::basic_test_hkdf(basic_test_hkdf)]
-    #[case::test_rfc5869_sha256(test_rfc5869_sha256)]
-    #[case::test_lengths(test_lengths)]
-    #[case::test_max_length(test_max_length)]
-    #[case::test_max_length_exceeded(test_max_length_exceeded)]
-    #[case::test_unsupported_length(test_unsupported_length)]
-    #[case::test_expand_multi_info(test_expand_multi_info)]
-    #[case::run_hkdf_sha256_vectors(run_hkdf_sha256_vectors)]
-    #[case::run_hkdf_sha512_vectors(run_hkdf_sha512_vectors)]
-    fn hkdf_test_cases<C: CryptoProvider>(#[case] testcase: CryptoProviderTestCase<C>) {}
-
-    const MAX_SHA256_LENGTH: usize = 255 * (256 / 8); // =8160
-
-    ///
-    pub struct Test<'a> {
-        ikm: &'a [u8],
-        salt: &'a [u8],
-        info: &'a [u8],
-        okm: &'a [u8],
-    }
-
-    /// data taken from sample code in Readme of crates.io page
-    pub fn basic_test_hkdf<C: CryptoProvider>(_: PhantomData<C>) {
-        let ikm = hex!("0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b");
-        let salt = hex!("000102030405060708090a0b0c");
-        let info = hex!("f0f1f2f3f4f5f6f7f8f9");
-
-        let hk = C::HkdfSha256::new(Some(&salt[..]), &ikm);
-        let mut okm = [0u8; 42];
-        hk.expand(&info, &mut okm)
-            .expect("42 is a valid length for Sha256 to output");
-
-        let expected = hex!(
-            "
-        3cb25f25faacd57a90434f64d0362f2a
-        2d2d0a90cf1a5a4c5db02d56ecc4c5bf
-        34007208d5b887185865
-        "
-        );
-        assert_eq!(okm, expected);
-    }
-
-    // Test Vectors from https://tools.ietf.org/html/rfc5869.
-    #[rustfmt::skip]
-    ///
-    pub fn test_rfc5869_sha256<C: CryptoProvider>(_: PhantomData<C>) {
-        let tests = [
-            Test {
-                // Test Case 1
-                ikm: &hex!("0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b"),
-                salt: &hex!("000102030405060708090a0b0c"),
-                info: &hex!("f0f1f2f3f4f5f6f7f8f9"),
-                okm: &hex!("
-                    3cb25f25faacd57a90434f64d0362f2a
-                    2d2d0a90cf1a5a4c5db02d56ecc4c5bf
-                    34007208d5b887185865
-                "),
-            },
-            Test {
-                // Test Case 2
-                ikm: &hex!("
-                    000102030405060708090a0b0c0d0e0f
-                    101112131415161718191a1b1c1d1e1f
-                    202122232425262728292a2b2c2d2e2f
-                    303132333435363738393a3b3c3d3e3f
-                    404142434445464748494a4b4c4d4e4f
-                "),
-                salt: &hex!("
-                    606162636465666768696a6b6c6d6e6f
-                    707172737475767778797a7b7c7d7e7f
-                    808182838485868788898a8b8c8d8e8f
-                    909192939495969798999a9b9c9d9e9f
-                    a0a1a2a3a4a5a6a7a8a9aaabacadaeaf
-                "),
-                info: &hex!("
-                    b0b1b2b3b4b5b6b7b8b9babbbcbdbebf
-                    c0c1c2c3c4c5c6c7c8c9cacbcccdcecf
-                    d0d1d2d3d4d5d6d7d8d9dadbdcdddedf
-                    e0e1e2e3e4e5e6e7e8e9eaebecedeeef
-                    f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff
-                "),
-                okm: &hex!("
-                    b11e398dc80327a1c8e7f78c596a4934
-                    4f012eda2d4efad8a050cc4c19afa97c
-                    59045a99cac7827271cb41c65e590e09
-                    da3275600c2f09b8367793a9aca3db71
-                    cc30c58179ec3e87c14c01d5c1f3434f
-                    1d87
-                "),
-            },
-            Test {
-                // Test Case 3
-                ikm: &hex!("0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b"),
-                salt: &hex!(""),
-                info: &hex!(""),
-                okm: &hex!("
-                    8da4e775a563c18f715f802a063c5a31
-                    b8a11f5c5ee1879ec3454e5f3c738d2d
-                    9d201395faa4b61a96c8
-                "),
-            },
-        ];
-        for Test { ikm, salt, info, okm } in tests.iter() {
-            let salt = if salt.is_empty() {
-                None
-            } else {
-                Some(&salt[..])
-            };
-            let hkdf = C::HkdfSha256::new(salt, ikm);
-            let mut okm2 = vec![0u8; okm.len()];
-            assert!(hkdf.expand(&info[..], &mut okm2).is_ok());
-            assert_eq!(okm2[..], okm[..]);
-        }
-    }
-
-    ///
-    pub fn test_lengths<C: CryptoProvider>(_: PhantomData<C>) {
-        let hkdf = C::HkdfSha256::new(None, &[]);
-        let mut longest = vec![0u8; MAX_SHA256_LENGTH];
-        assert!(hkdf.expand(&[], &mut longest).is_ok());
-        // Runtime is O(length), so exhaustively testing all legal lengths
-        // would take too long (at least without --release). Only test a
-        // subset: the first 500, the last 10, and every 100th in between.
-        // 0 is an invalid key length for openssl, so start at 1
-        let lengths = (1..MAX_SHA256_LENGTH + 1)
-            .filter(|&len| !(500..=MAX_SHA256_LENGTH - 10).contains(&len) || len % 100 == 0);
-
-        for length in lengths {
-            let mut okm = vec![0u8; length];
-
-            assert!(hkdf.expand(&[], &mut okm).is_ok());
-            assert_eq!(okm.len(), length);
-            assert_eq!(okm[..], longest[..length]);
-        }
-    }
-
-    ///
-    pub fn test_max_length<C: CryptoProvider>(_: PhantomData<C>) {
-        let hkdf = C::HkdfSha256::new(Some(&[]), &[]);
-        let mut okm = vec![0u8; MAX_SHA256_LENGTH];
-        assert!(hkdf.expand(&[], &mut okm).is_ok());
-    }
-
-    ///
-    pub fn test_max_length_exceeded<C: CryptoProvider>(_: PhantomData<C>) {
-        let hkdf = C::HkdfSha256::new(Some(&[]), &[]);
-        let mut okm = vec![0u8; MAX_SHA256_LENGTH + 1];
-        assert!(hkdf.expand(&[], &mut okm).is_err());
-    }
-
-    ///
-    pub fn test_unsupported_length<C: CryptoProvider>(_: PhantomData<C>) {
-        let hkdf = C::HkdfSha256::new(Some(&[]), &[]);
-        let mut okm = vec![0u8; 90000];
-        assert!(hkdf.expand(&[], &mut okm).is_err());
-    }
-
-    ///
-    pub fn test_expand_multi_info<C: CryptoProvider>(_: PhantomData<C>) {
-        let info_components = &[
-            &b"09090909090909090909090909090909090909090909"[..],
-            &b"8a8a8a8a8a8a8a8a8a8a8a8a8a8a8a8a8a8a8a8a8a"[..],
-            &b"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0"[..],
-            &b"4c4c4c4c4c4c4c4c4c4c4c4c4c4c4c4c4c4c4"[..],
-            &b"1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d"[..],
-        ];
-
-        let hkdf = C::HkdfSha256::new(None, b"some ikm here");
-
-        // Compute HKDF-Expand on the concatenation of all the info components
-        let mut oneshot_res = [0u8; 16];
-        hkdf.expand(&info_components.concat(), &mut oneshot_res)
-            .unwrap();
-
-        // Now iteratively join the components of info_components until it's all 1 component. The value
-        // of HKDF-Expand should be the same throughout
-        let mut num_concatted = 0;
-        let mut info_head = Vec::new();
-
-        while num_concatted < info_components.len() {
-            info_head.extend(info_components[num_concatted]);
-
-            // Build the new input to be the info head followed by the remaining components
-            let input: Vec<&[u8]> = iter::once(info_head.as_slice())
-                .chain(info_components.iter().cloned().skip(num_concatted + 1))
-                .collect();
-
-            // Compute and compare to the one-shot answer
-            let mut multipart_res = [0u8; 16];
-            hkdf.expand_multi_info(&input, &mut multipart_res).unwrap();
-            assert_eq!(multipart_res, oneshot_res);
-            num_concatted += 1;
-        }
-    }
-
-    ///
-    pub fn run_hkdf_sha256_vectors<C: CryptoProvider>(_: PhantomData<C>) {
-        run_hkdf_test_vectors::<C::HkdfSha256>(HashAlg::Sha256)
-    }
-
-    ///
-    pub fn run_hkdf_sha512_vectors<C: CryptoProvider>(_: PhantomData<C>) {
-        run_hkdf_test_vectors::<C::HkdfSha512>(HashAlg::Sha512)
-    }
-
-    enum HashAlg {
-        Sha256,
-        Sha512,
-    }
-
-    ///
-    fn run_hkdf_test_vectors<K: Hkdf>(hash: HashAlg) {
-        let test_name = match hash {
-            HashAlg::Sha256 => wycheproof::hkdf::TestName::HkdfSha256,
-            HashAlg::Sha512 => wycheproof::hkdf::TestName::HkdfSha512,
-        };
-
-        let test_set =
-            wycheproof::hkdf::TestSet::load(test_name).expect("should be able to load test set");
-        for test_group in test_set.test_groups {
-            for test in test_group.tests {
-                let ikm = test.ikm;
-                let salt = test.salt;
-                let info = test.info;
-                let okm = test.okm;
-                let tc_id = test.tc_id;
-                if let Some(desc) = run_test::<K>(
-                    ikm.as_slice(),
-                    salt.as_slice(),
-                    info.as_slice(),
-                    okm.as_slice(),
-                ) {
-                    panic!(
-                        "\n\
-                         Failed test {tc_id}: {desc}\n\
-                         ikm:\t{ikm:?}\n\
-                         salt:\t{salt:?}\n\
-                         info:\t{info:?}\n\
-                         okm:\t{okm:?}\n"
-                    );
-                }
-            }
-        }
-    }
-
-    fn run_test<K: Hkdf>(ikm: &[u8], salt: &[u8], info: &[u8], okm: &[u8]) -> Option<&'static str> {
-        let prk = K::new(Some(salt), ikm);
-        let mut got_okm = vec![0; okm.len()];
-
-        if prk.expand(info, &mut got_okm).is_err() {
-            return Some("prk expand");
-        }
-        if got_okm != okm {
-            return Some("mismatch in okm");
-        }
-        None
-    }
-}
diff --git a/nearby/crypto/crypto_provider/src/hmac.rs b/nearby/crypto/crypto_provider/src/hmac.rs
index 40be189..c5a9ae1 100644
--- a/nearby/crypto/crypto_provider/src/hmac.rs
+++ b/nearby/crypto/crypto_provider/src/hmac.rs
@@ -44,125 +44,3 @@
 /// Error output when the provided key material length is invalid
 #[derive(Debug)]
 pub struct InvalidLength;
-
-/// Test cases exported for testing specific hmac implementations
-#[cfg(feature = "testing")]
-pub mod testing {
-    use crate::hmac::Hmac;
-    use crate::rstest_reuse::template;
-    pub use crate::testing::prelude::*;
-    use crate::CryptoProvider;
-    use core::cmp::min;
-    use core::marker::PhantomData;
-    use wycheproof::TestResult;
-
-    /// Generates the test cases to validate the hmac implementation.
-    /// For example, to test `MyCryptoProvider`:
-    ///
-    /// ```
-    /// mod tests {
-    ///     use std::marker::PhantomData;
-    ///     use crypto_provider::testing::CryptoProviderTestCase;
-    ///     #[apply(hmac_test_cases)]
-    ///     fn hmac_tests(testcase: CryptoProviderTestCase<MyCryptoProvider>){
-    ///         testcase(PhantomData::<MyCryptoProvider>);
-    ///     }
-    /// }
-    /// ```
-    #[template]
-    #[export]
-    #[rstest]
-    #[case::hmac_sha256_test_vectors(hmac_sha256_test_vectors)]
-    #[case::hmac_sha512_test_vectors(hmac_sha512_test_vectors)]
-    fn hmac_test_cases<C: CryptoProvider>(#[case] testcase: CryptoProviderTestCase<C>) {}
-
-    /// Run wycheproof hmac sha256 test vectors on provided CryptoProvider
-    pub fn hmac_sha256_test_vectors<C: CryptoProvider>(_: PhantomData<C>) {
-        run_hmac_test_vectors::<32, C::HmacSha256>(HashAlg::Sha256)
-    }
-
-    /// Run wycheproof hmac sha512 test vectors on provided CryptoProvider
-    pub fn hmac_sha512_test_vectors<C: CryptoProvider>(_: PhantomData<C>) {
-        run_hmac_test_vectors::<64, C::HmacSha512>(HashAlg::Sha512)
-    }
-
-    enum HashAlg {
-        Sha256,
-        Sha512,
-    }
-
-    // Tests vectors from Project Wycheproof:
-    // https://github.com/google/wycheproof
-    fn run_hmac_test_vectors<const N: usize, H: Hmac<N>>(hash: HashAlg) {
-        let test_name = match hash {
-            HashAlg::Sha256 => wycheproof::mac::TestName::HmacSha256,
-            HashAlg::Sha512 => wycheproof::mac::TestName::HmacSha512,
-        };
-        let test_set =
-            wycheproof::mac::TestSet::load(test_name).expect("should be able to load test set");
-
-        for test_group in test_set.test_groups {
-            for test in test_group.tests {
-                let key = test.key;
-                let msg = test.msg;
-                let tag = test.tag;
-                let tc_id = test.tc_id;
-                let valid = match test.result {
-                    TestResult::Valid | TestResult::Acceptable => true,
-                    TestResult::Invalid => false,
-                };
-
-                if let Some(desc) =
-                    run_test::<N, H>(key.as_slice(), msg.as_slice(), tag.as_slice(), valid)
-                {
-                    panic!(
-                        "\n\
-                         Failed test {tc_id}: {desc}\n\
-                         key:\t{key:?}\n\
-                         msg:\t{msg:?}\n\
-                         tag:\t{tag:?}\n",
-                    );
-                }
-            }
-        }
-    }
-
-    fn run_test<const N: usize, H: Hmac<N>>(
-        key: &[u8],
-        input: &[u8],
-        tag: &[u8],
-        valid_data: bool,
-    ) -> Option<&'static str> {
-        let mut mac = H::new_from_slice(key).unwrap();
-        mac.update(input);
-        let result = mac.finalize();
-        let n = tag.len();
-        let result_bytes = &result[..n];
-
-        if valid_data {
-            if result_bytes != tag {
-                return Some("whole message");
-            }
-        } else {
-            return if result_bytes == tag {
-                Some("invalid should not match")
-            } else {
-                None
-            };
-        }
-
-        // test reading different chunk sizes
-        for chunk_size in 1..min(64, input.len()) {
-            let mut mac = H::new_from_slice(key).unwrap();
-            for chunk in input.chunks(chunk_size) {
-                mac.update(chunk);
-            }
-            let res = mac.verify_truncated_left(tag);
-            if res.is_err() {
-                return Some("chunked message");
-            }
-        }
-
-        None
-    }
-}
diff --git a/nearby/crypto/crypto_provider/src/lib.rs b/nearby/crypto/crypto_provider/src/lib.rs
index 4eb5563..3ebaf9b 100644
--- a/nearby/crypto/crypto_provider/src/lib.rs
+++ b/nearby/crypto/crypto_provider/src/lib.rs
@@ -19,9 +19,6 @@
 
 use core::fmt::Debug;
 
-#[cfg(feature = "testing")]
-pub use rstest_reuse;
-
 use crate::aes::{Aes128Key, Aes256Key};
 
 /// mod containing hmac trait
@@ -124,108 +121,3 @@
         unimplemented!()
     }
 }
-
-/// Utilities for testing implementations of this crate.
-#[cfg(feature = "testing")]
-pub mod testing {
-    extern crate alloc;
-
-    use alloc::{format, string::String};
-    use core::marker::PhantomData;
-
-    use hex_literal::hex;
-    use rand::{Rng, RngCore};
-    use rstest_reuse::template;
-
-    use crate::CryptoProvider;
-
-    /// Common items that needs to be imported to use these test cases
-    pub mod prelude {
-        pub use rstest::rstest;
-        pub use rstest_reuse;
-        pub use rstest_reuse::apply;
-
-        pub use super::CryptoProviderTestCase;
-    }
-
-    /// A test case for Crypto Provider. A test case is a function that panics if the test fails.
-    pub type CryptoProviderTestCase<T> = fn(PhantomData<T>);
-
-    #[derive(Debug)]
-    pub(crate) struct TestError(String);
-
-    impl TestError {
-        pub(crate) fn new<D: core::fmt::Debug>(value: D) -> Self {
-            Self(format!("{value:?}"))
-        }
-    }
-
-    /// Test for `constant_time_eq` when the two inputs are equal.
-    pub fn constant_time_eq_test_equal<C: CryptoProvider>(_marker: PhantomData<C>) {
-        assert!(C::constant_time_eq(
-            &hex!("00010203040506070809"),
-            &hex!("00010203040506070809")
-        ));
-    }
-
-    /// Test for `constant_time_eq` when the two inputs are not equal.
-    pub fn constant_time_eq_test_not_equal<C: CryptoProvider>(_marker: PhantomData<C>) {
-        assert!(!C::constant_time_eq(
-            &hex!("00010203040506070809"),
-            &hex!("00000000000000000000")
-        ));
-    }
-
-    /// Random tests for `constant_time_eq`.
-    pub fn constant_time_eq_random_test<C: CryptoProvider>(_marker: PhantomData<C>) {
-        let mut rng = rand::thread_rng();
-        for _ in 1..100 {
-            // Test using "oracle" of ==, with possibly different lengths for a and b
-            let mut a = alloc::vec![0; rng.gen_range(1..1000)];
-            rng.fill_bytes(&mut a);
-            let mut b = alloc::vec![0; rng.gen_range(1..1000)];
-            rng.fill_bytes(&mut b);
-            assert_eq!(C::constant_time_eq(&a, &b), a == b);
-        }
-
-        for _ in 1..10000 {
-            // Test using "oracle" of ==, with same lengths for a and b
-            let len = rng.gen_range(1..1000);
-            let mut a = alloc::vec![0; len];
-            rng.fill_bytes(&mut a);
-            let mut b = alloc::vec![0; len];
-            rng.fill_bytes(&mut b);
-            assert_eq!(C::constant_time_eq(&a, &b), a == b);
-        }
-
-        for _ in 1..10000 {
-            // Clones and the original should always be equal
-            let mut a = alloc::vec![0; rng.gen_range(1..1000)];
-            rng.fill_bytes(&mut a);
-            assert!(C::constant_time_eq(&a, &a.clone()));
-        }
-    }
-
-    /// Generates the test cases to validate the P256 implementation.
-    /// For example, to test `MyCryptoProvider`:
-    ///
-    /// ```
-    /// use crypto_provider::p256::testing::*;
-    ///
-    /// mod tests {
-    ///     #[apply(constant_time_eq_test_cases)]
-    ///     fn constant_time_eq_tests(
-    ///             testcase: CryptoProviderTestCase<MyCryptoProvider>) {
-    ///         testcase(PhantomData);
-    ///     }
-    /// }
-    /// ```
-    #[template]
-    #[export]
-    #[rstest]
-    #[case::constant_time_eq_test_not_equal(constant_time_eq_test_not_equal)]
-    #[case::constant_time_eq_test_equal(constant_time_eq_test_equal)]
-    #[case::constant_time_eq_random_test(constant_time_eq_random_test)]
-    fn constant_time_eq_test_cases<C: CryptoProvider>(#[case] testcase: CryptoProviderTestCase<C>) {
-    }
-}
diff --git a/nearby/crypto/crypto_provider/src/p256.rs b/nearby/crypto/crypto_provider/src/p256.rs
index be14a39..90d3542 100644
--- a/nearby/crypto/crypto_provider/src/p256.rs
+++ b/nearby/crypto/crypto_provider/src/p256.rs
@@ -74,236 +74,3 @@
 {
     type PublicKey = E::PublicKey;
 }
-
-/// Utilities for testing. Implementations can use the test cases and functions provided to test
-/// their implementation.
-#[cfg(feature = "testing")]
-pub mod testing {
-    extern crate std;
-    use super::{P256PublicKey, P256};
-    pub use crate::testing::prelude::*;
-    use crate::{
-        elliptic_curve::{EcdhProvider, EphemeralSecret, EphemeralSecretForTesting, PublicKey},
-        testing::TestError,
-        CryptoRng,
-    };
-    use core::marker::PhantomData;
-    use hex_literal::hex;
-    use rstest_reuse::template;
-
-    /// An ECDH provider that provides associated types for testing purposes. This can be mostly
-    /// considered "aliases" for the otherwise long fully-qualified associated types.
-    pub trait EcdhProviderForP256Test {
-        /// The ECDH Provider that is "wrapped" by this type.
-        type EcdhProvider: EcdhProvider<
-            P256,
-            PublicKey = <Self as EcdhProviderForP256Test>::PublicKey,
-            EphemeralSecret = <Self as EcdhProviderForP256Test>::EphemeralSecret,
-            SharedSecret = <Self as EcdhProviderForP256Test>::SharedSecret,
-        >;
-        /// The public key type.
-        type PublicKey: P256PublicKey;
-        /// The ephemeral secret type.
-        type EphemeralSecret: EphemeralSecretForTesting<P256, Impl = Self::EcdhProvider>;
-        /// The shared secret type.
-        type SharedSecret: Into<[u8; 32]>;
-    }
-
-    impl<E> EcdhProviderForP256Test for E
-    where
-        E: EcdhProvider<P256>,
-        E::PublicKey: P256PublicKey,
-        E::EphemeralSecret: EphemeralSecretForTesting<P256>,
-    {
-        type EcdhProvider = E;
-        type PublicKey = E::PublicKey;
-        type EphemeralSecret = E::EphemeralSecret;
-        type SharedSecret = E::SharedSecret;
-    }
-
-    /// Test for P256PublicKey::to_bytes
-    pub fn to_bytes_test<E: EcdhProviderForP256Test>(_: PhantomData<E>) {
-        let sec1_bytes = hex!(
-            "04756c07ba5b596fa96c9099e6619dc62deac4297a8fc1d803d74dc5caa9197c09f0b6da270d2a58a06022
-             8bbe76c6dc1643088107636deff8aa79e8002a157b92"
-        );
-        let key = E::PublicKey::from_sec1_bytes(&sec1_bytes).unwrap();
-        let sec1_bytes_compressed =
-            hex!("02756c07ba5b596fa96c9099e6619dc62deac4297a8fc1d803d74dc5caa9197c09");
-        assert_eq!(sec1_bytes_compressed.to_vec(), key.to_bytes());
-    }
-
-    /// Random test for P256PublicKey::to_bytes
-    pub fn to_bytes_random_test<E: EcdhProviderForP256Test>(_: PhantomData<E>) {
-        for _ in 1..100 {
-            let public_key_bytes =
-                E::EphemeralSecret::generate_random(&mut <E::EphemeralSecret as EphemeralSecret<
-                    P256,
-                >>::Rng::new())
-                .public_key_bytes();
-            let public_key = E::PublicKey::from_bytes(&public_key_bytes).unwrap();
-            assert_eq!(
-                E::PublicKey::from_bytes(&public_key.to_bytes()).unwrap(),
-                public_key,
-                "from_bytes should return the same key for `{public_key_bytes:?}`",
-            );
-        }
-    }
-
-    /// Test for P256PublicKey::from_affine_coordinates
-    pub fn from_affine_coordinates_test<E: EcdhProviderForP256Test>(_: PhantomData<E>) {
-        // https://www.secg.org/sec1-v2.pdf, section 2.3.3
-        let x = hex!("756c07ba5b596fa96c9099e6619dc62deac4297a8fc1d803d74dc5caa9197c09");
-        let y = hex!("f0b6da270d2a58a060228bbe76c6dc1643088107636deff8aa79e8002a157b92");
-        let sec1 = hex!(
-            "04756c07ba5b596fa96c9099e6619dc62deac4297a8fc1d803d74dc5caa9197c09f0b6da270d2a58a06022
-             8bbe76c6dc1643088107636deff8aa79e8002a157b92"
-        );
-        let expected_key = E::PublicKey::from_sec1_bytes(&sec1).unwrap();
-        assert!(
-            E::PublicKey::from_affine_coordinates(&x, &y).unwrap() == expected_key,
-            "Public key does not match"
-        );
-    }
-
-    /// Test for P256PublicKey::from_affine_coordinates
-    pub fn from_affine_coordinates_not_on_curve_test<E: EcdhProviderForP256Test>(
-        _: PhantomData<E>,
-    ) {
-        // (Invalid) coordinate from wycheproof ecdh_secp256r1_ecpoint_test.json, tcId 193
-        let x = hex!("0000000000000000000000000000000000000000000000000000000000000000");
-        let y = hex!("0000000000000000000000000000000000000000000000000000000000000000");
-        let result = E::PublicKey::from_affine_coordinates(&x, &y);
-        assert!(
-            result.is_err(),
-            "Creating public key from invalid affine coordinate should fail"
-        );
-    }
-
-    /// Test for P256PublicKey::from_sec1_bytes
-    pub fn from_sec1_bytes_not_on_curve_test<E: EcdhProviderForP256Test>(_: PhantomData<E>) {
-        // (Invalid) sec1 encoding from wycheproof ecdh_secp256r1_ecpoint_test.json, tcId 193
-        let sec1 = hex!(
-            "04000000000000000000000000000000000000000000000000000000000000000000000000000000000000
-             00000000000000000000000000000000000000000000"
-        );
-        let result = E::PublicKey::from_sec1_bytes(&sec1);
-        assert!(
-            result.is_err(),
-            "Creating public key from point not on curve should fail"
-        );
-    }
-
-    /// Test for P256PublicKey::to_affine_coordinates
-    pub fn public_key_to_affine_coordinates_test<E: EcdhProviderForP256Test>(_: PhantomData<E>) {
-        // https://www.secg.org/sec1-v2.pdf, section 2.3.3
-        let expected_x = hex!("756c07ba5b596fa96c9099e6619dc62deac4297a8fc1d803d74dc5caa9197c09");
-        let expected_y = hex!("f0b6da270d2a58a060228bbe76c6dc1643088107636deff8aa79e8002a157b92");
-        let sec1 = hex!(
-            "04756c07ba5b596fa96c9099e6619dc62deac4297a8fc1d803d74dc5caa9197c09f0b6da270d2a58a06022
-             8bbe76c6dc1643088107636deff8aa79e8002a157b92"
-        );
-        let public_key = E::PublicKey::from_sec1_bytes(&sec1).unwrap();
-        let (actual_x, actual_y) = public_key.to_affine_coordinates().unwrap();
-        assert_eq!(actual_x, expected_x);
-        assert_eq!(actual_y, expected_y);
-    }
-
-    /// Test for P256 Diffie-Hellman key exchange.
-    pub fn p256_ecdh_test<E: EcdhProviderForP256Test>(_: PhantomData<E>) {
-        // From wycheproof ecdh_secp256r1_ecpoint_test.json, tcId 1
-        // http://google3/third_party/wycheproof/testvectors/ecdh_secp256r1_ecpoint_test.json;l=22;rcl=375894991
-        // sec1 public key manually extracted from the ASN encoded test data
-        let public_key_sec1 = hex!(
-            "0462d5bd3372af75fe85a040715d0f502428e07046868b0bfdfa61d731afe44f
-            26ac333a93a9e70a81cd5a95b5bf8d13990eb741c8c38872b4a07d275a014e30cf"
-        );
-        let private = hex!("0612465c89a023ab17855b0a6bcebfd3febb53aef84138647b5352e02c10c346");
-        let expected_shared_secret =
-            hex!("53020d908b0219328b658b525f26780e3ae12bcd952bb25a93bc0895e1714285");
-        let actual_shared_secret = p256_ecdh_test_impl::<E>(&public_key_sec1, &private).unwrap();
-        assert_eq!(actual_shared_secret.into(), expected_shared_secret);
-    }
-
-    fn p256_ecdh_test_impl<E: EcdhProviderForP256Test>(
-        public_key_sec1: &[u8],
-        private: &[u8; 32],
-    ) -> Result<E::SharedSecret, TestError> {
-        let public_key = E::PublicKey::from_sec1_bytes(public_key_sec1).map_err(TestError::new)?;
-        let ephemeral_secret = E::EphemeralSecret::from_private_components(private, &public_key)
-            .map_err(TestError::new)?;
-        ephemeral_secret
-            .diffie_hellman(&public_key)
-            .map_err(TestError::new)
-    }
-
-    /// Wycheproof test for P256 Diffie-Hellman.
-    pub fn wycheproof_p256_test<E: EcdhProviderForP256Test>(_: PhantomData<E>) {
-        // Test cases from https://github.com/randombit/wycheproof-rs/blob/master/src/data/ecdh_secp256r1_ecpoint_test.json
-        let test_set =
-            wycheproof::ecdh::TestSet::load(wycheproof::ecdh::TestName::EcdhSecp256r1Ecpoint)
-                .unwrap();
-        for test_group in test_set.test_groups {
-            for test in test_group.tests {
-                if test.private_key.len() != 32 {
-                    // Some Wycheproof test cases have private key length that are not 32 bytes, but
-                    // the RustCrypto implementation doesn't support that (it always take 32 bytes
-                    // from the given RNG when generating a new key).
-                    continue;
-                };
-                std::println!("Testing {}", test.tc_id);
-                let result = p256_ecdh_test_impl::<E>(
-                    &test.public_key,
-                    &test
-                        .private_key
-                        .try_into()
-                        .expect("Private key should be 32 bytes long"),
-                );
-                match test.result {
-                    wycheproof::TestResult::Valid => {
-                        let shared_secret =
-                            result.unwrap_or_else(|_| panic!("Test {} should succeed", test.tc_id));
-                        assert_eq!(test.shared_secret, shared_secret.into());
-                    }
-                    wycheproof::TestResult::Invalid => {
-                        result
-                            .err()
-                            .unwrap_or_else(|| panic!("Test {} should fail", test.tc_id));
-                    }
-                    wycheproof::TestResult::Acceptable => {
-                        if let Ok(shared_secret) = result {
-                            assert_eq!(test.shared_secret, shared_secret.into());
-                        }
-                        // Test passes if `result` is an error because this test is "acceptable"
-                    }
-                }
-            }
-        }
-    }
-
-    /// Generates the test cases to validate the P256 implementation.
-    /// For example, to test `MyCryptoProvider`:
-    ///
-    /// ```
-    /// use crypto_provider::p256::testing::*;
-    ///
-    /// mod tests {
-    ///     #[apply(p256_test_cases)]
-    ///     fn p256_tests(testcase: CryptoProviderTestCase<MyCryptoProvider> {
-    ///         testcase(PhantomData::<MyCryptoProvider>);
-    ///     }
-    /// }
-    /// ```
-    #[template]
-    #[export]
-    #[rstest]
-    #[case::to_bytes(to_bytes_test)]
-    #[case::to_bytes_random(to_bytes_random_test)]
-    #[case::from_sec1_bytes_not_on_curve(from_sec1_bytes_not_on_curve_test)]
-    #[case::from_affine_coordinates(from_affine_coordinates_test)]
-    #[case::from_affine_coordinates_not_on_curve(from_affine_coordinates_not_on_curve_test)]
-    #[case::public_key_to_affine_coordinates(public_key_to_affine_coordinates_test)]
-    #[case::p256_ecdh(p256_ecdh_test)]
-    #[case::wycheproof_p256(wycheproof_p256_test)]
-    fn p256_test_cases<C: CryptoProvider>(#[case] testcase: CryptoProviderTestCase<C>) {}
-}
diff --git a/nearby/crypto/crypto_provider/src/sha2.rs b/nearby/crypto/crypto_provider/src/sha2.rs
index b742303..7af7c96 100644
--- a/nearby/crypto/crypto_provider/src/sha2.rs
+++ b/nearby/crypto/crypto_provider/src/sha2.rs
@@ -23,115 +23,3 @@
     /// Computes the SHA2 512-bit hash.
     fn sha512(input: &[u8]) -> [u8; 64];
 }
-
-/// Utilities for testing. Implementations can use the test cases and functions provided to test
-/// their implementation.
-#[cfg(feature = "testing")]
-pub mod testing {
-
-    extern crate alloc;
-    extern crate std;
-    use super::{Sha256, Sha512};
-    pub use crate::testing::prelude::*;
-    use crate::CryptoProvider;
-    use alloc::vec::Vec;
-    use core::{marker::PhantomData, str::FromStr};
-    use hex::FromHex;
-    pub use hex_literal::hex;
-    use rstest_reuse::template;
-
-    /// Test vectors from SHA256ShortMsg.rsp in
-    /// <https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/secure-hashing#shavs>
-    pub fn sha256_cavp_short_vector_test<C: CryptoProvider>(_marker: PhantomData<C>) {
-        sha256_cavp_vector_test::<C>(include_str!("testdata/SHA256ShortMsg.rsp"));
-    }
-
-    /// Test vectors from SHA256LongMsg.rsp in
-    /// <https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/secure-hashing#shavs>
-    pub fn sha256_cavp_long_vector_test<C: CryptoProvider>(_marker: PhantomData<C>) {
-        sha256_cavp_vector_test::<C>(include_str!("testdata/SHA256LongMsg.rsp"));
-    }
-
-    /// Test vectors from SHA512ShortMsg.rsp in
-    /// <https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/secure-hashing#shavs>
-    pub fn sha512_cavp_short_vector_test<C: CryptoProvider>(_marker: PhantomData<C>) {
-        sha512_cavp_vector_test::<C>(include_str!("testdata/SHA512ShortMsg.rsp"));
-    }
-
-    /// Test vectors from SHA512LongMsg.rsp in
-    /// <https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/secure-hashing#shavs>
-    pub fn sha512_cavp_long_vector_test<C: CryptoProvider>(_marker: PhantomData<C>) {
-        sha512_cavp_vector_test::<C>(include_str!("testdata/SHA512LongMsg.rsp"));
-    }
-
-    /// Test vectors an rsp file in
-    /// <https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/secure-hashing#shavs>
-    fn sha256_cavp_vector_test<C: CryptoProvider>(cavp_file_contents: &str) {
-        sha_cavp_vector_test(<C::Sha256 as Sha256>::sha256, cavp_file_contents)
-    }
-
-    /// Test vectors an rsp file in
-    /// <https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/secure-hashing#shavs>
-    fn sha512_cavp_vector_test<C: CryptoProvider>(cavp_file_contents: &str) {
-        sha_cavp_vector_test(<C::Sha512 as Sha512>::sha512, cavp_file_contents)
-    }
-
-    fn sha_cavp_vector_test<const N: usize>(
-        hash_func: impl Fn(&[u8]) -> [u8; N],
-        cavp_file_contents: &str,
-    ) {
-        let test_cases = cavp_file_contents.split("\n\n").filter_map(|chunk| {
-            let mut len: Option<usize> = None;
-            let mut msg: Option<Vec<u8>> = None;
-            let mut md: Option<Vec<u8>> = None;
-            for line in chunk.split('\n') {
-                if line.starts_with('#') || line.is_empty() || line == std::format!("[L = {N}]") {
-                    continue;
-                } else if let Some(len_str) = line.strip_prefix("Len = ") {
-                    len = Some(FromStr::from_str(len_str).unwrap());
-                } else if let Some(hex_str) = line.strip_prefix("Msg = ") {
-                    msg = Some(Vec::<u8>::from_hex(hex_str).unwrap());
-                } else if let Some(hex_str) = line.strip_prefix("MD = ") {
-                    md = Some(Vec::<u8>::from_hex(hex_str).unwrap());
-                } else {
-                    panic!("Unexpected line in test file: `{}`", line);
-                }
-            }
-            if let (Some(len), Some(msg), Some(md)) = (len, msg, md) {
-                Some((len, msg, md))
-            } else {
-                None
-            }
-        });
-        for (len, mut msg, md) in test_cases {
-            if len == 0 {
-                // Truncate len = 0, since the test file has "Msg = 00" in there that should be
-                // ignored.
-                msg.truncate(0);
-            }
-            assert_eq!(msg.len(), len / 8);
-            let md_arr: [u8; N] = md.try_into().unwrap();
-            assert_eq!(hash_func(&msg), md_arr);
-        }
-    }
-
-    /// Generates the test cases to validate the SHA2 implementation.
-    /// For example, to test `MyCryptoProvider`:
-    ///
-    /// ```
-    /// use crypto_provider::sha2::testing::*;
-    ///
-    /// mod tests {
-    ///     #[apply(sha2_test_cases)]
-    ///     fn sha2_tests(testcase: CryptoProviderTestCase<MyCryptoProvider>) {
-    ///         testcase(PhantomData::<MyCryptoProvider>);
-    ///     }
-    /// }
-    /// ```
-    #[template]
-    #[export]
-    #[rstest]
-    #[case::sha256_cavp_short_vector(sha256_cavp_short_vector_test)]
-    #[case::sha256_cavp_long_vector(sha256_cavp_long_vector_test)]
-    fn sha2_test_cases<C: CryptoProvider>(#[case] testcase: CryptoProviderTestCase<C>) {}
-}
diff --git a/nearby/crypto/crypto_provider/src/x25519.rs b/nearby/crypto/crypto_provider/src/x25519.rs
index 0579159..f77a772 100644
--- a/nearby/crypto/crypto_provider/src/x25519.rs
+++ b/nearby/crypto/crypto_provider/src/x25519.rs
@@ -17,156 +17,3 @@
 /// Marker type for X25519 implementation. This is used by EcdhProvider as its type parameter.
 pub enum X25519 {}
 impl Curve for X25519 {}
-
-/// Utilities for testing. Implementations can use the test cases and functions provided to test
-/// their implementation.
-#[cfg(feature = "testing")]
-pub mod testing {
-    use super::X25519;
-    pub use crate::testing::prelude::*;
-    use crate::{
-        elliptic_curve::{EcdhProvider, EphemeralSecret, EphemeralSecretForTesting, PublicKey},
-        testing::TestError,
-        CryptoRng,
-    };
-    use core::marker::PhantomData;
-    use hex_literal::hex;
-    use rstest_reuse::template;
-
-    /// An ECDH provider that provides associated types for testing purposes. This can be mostly
-    /// considered "aliases" for the otherwise long fully-qualified associated types.
-    pub trait EcdhProviderForX25519Test {
-        /// The ECDH Provider that is "wrapped" by this type.
-        type EcdhProvider: EcdhProvider<
-            X25519,
-            PublicKey = <Self as EcdhProviderForX25519Test>::PublicKey,
-            EphemeralSecret = <Self as EcdhProviderForX25519Test>::EphemeralSecret,
-            SharedSecret = <Self as EcdhProviderForX25519Test>::SharedSecret,
-        >;
-        /// The public key type.
-        type PublicKey: PublicKey<X25519>;
-        /// The ephemeral secret type.
-        type EphemeralSecret: EphemeralSecretForTesting<X25519, Impl = Self::EcdhProvider>;
-        /// The shared secret type.
-        type SharedSecret: Into<[u8; 32]>;
-    }
-
-    impl<E> EcdhProviderForX25519Test for E
-    where
-        E: EcdhProvider<X25519>,
-        E::PublicKey: PublicKey<X25519>,
-        E::EphemeralSecret: EphemeralSecretForTesting<X25519>,
-    {
-        type EcdhProvider = E;
-        type PublicKey = E::PublicKey;
-        type EphemeralSecret = E::EphemeralSecret;
-        type SharedSecret = E::SharedSecret;
-    }
-
-    /// Test for `PublicKey<X25519>::to_bytes`
-    pub fn x25519_to_bytes_test<E: EcdhProviderForX25519Test>(_: PhantomData<E>) {
-        let public_key_bytes =
-            hex!("504a36999f489cd2fdbc08baff3d88fa00569ba986cba22548ffde80f9806829");
-        let public_key = E::PublicKey::from_bytes(&public_key_bytes).unwrap();
-        assert_eq!(public_key_bytes.to_vec(), public_key.to_bytes());
-    }
-
-    /// Random test for `PublicKey<X25519>::to_bytes`
-    pub fn x25519_to_bytes_random_test<E: EcdhProviderForX25519Test>(_: PhantomData<E>) {
-        for _ in 1..100 {
-            let public_key_bytes =
-                E::EphemeralSecret::generate_random(&mut <E::EphemeralSecret as EphemeralSecret<
-                    X25519,
-                >>::Rng::new())
-                .public_key_bytes();
-            let public_key = E::PublicKey::from_bytes(&public_key_bytes).unwrap();
-            assert_eq!(
-                E::PublicKey::from_bytes(&public_key.to_bytes()).unwrap(),
-                public_key,
-                "from_bytes should return the same key for `{public_key_bytes:?}`",
-            );
-        }
-    }
-
-    /// Test for X25519 Diffie-Hellman key exchange.
-    pub fn x25519_ecdh_test<E: EcdhProviderForX25519Test>(_: PhantomData<E>) {
-        // From wycheproof ecdh_secx25519r1_ecpoint_test.json, tcId 1
-        // http://google3/third_party/wycheproof/testvectors/ecdh_secx25519r1_ecpoint_test.json;l=22;rcl=375894991
-        // sec1 public key manually extracted from the ASN encoded test data
-        let public_key = hex!("504a36999f489cd2fdbc08baff3d88fa00569ba986cba22548ffde80f9806829");
-        let private = hex!("c8a9d5a91091ad851c668b0736c1c9a02936c0d3ad62670858088047ba057475");
-        let expected_shared_secret =
-            hex!("436a2c040cf45fea9b29a0cb81b1f41458f863d0d61b453d0a982720d6d61320");
-        let result = x25519_ecdh_test_impl::<E>(&public_key, &private).unwrap();
-        assert_eq!(expected_shared_secret, result.into());
-    }
-
-    fn x25519_ecdh_test_impl<E: EcdhProviderForX25519Test>(
-        public_key: &[u8],
-        private: &[u8; 32],
-    ) -> Result<E::SharedSecret, TestError> {
-        let public_key = E::PublicKey::from_bytes(public_key).map_err(TestError::new)?;
-        let ephemeral_secret = E::EphemeralSecret::from_private_components(private, &public_key)
-            .map_err(TestError::new)?;
-        ephemeral_secret
-            .diffie_hellman(&public_key)
-            .map_err(TestError::new)
-    }
-
-    /// Wycheproof test for X25519 Diffie-Hellman.
-    pub fn wycheproof_x25519_test<E: EcdhProviderForX25519Test>(_: PhantomData<E>) {
-        // Test cases from https://github.com/randombit/wycheproof-rs/blob/master/src/data/x25519_test.json
-        let test_set = wycheproof::xdh::TestSet::load(wycheproof::xdh::TestName::X25519).unwrap();
-        for test_group in test_set.test_groups {
-            for test in test_group.tests {
-                let result = x25519_ecdh_test_impl::<E>(
-                    &test.public_key,
-                    &test
-                        .private_key
-                        .try_into()
-                        .expect("Private keys should be 32 bytes long"),
-                );
-                match test.result {
-                    wycheproof::TestResult::Valid => {
-                        let shared_secret =
-                            result.unwrap_or_else(|_| panic!("Test {} should succeed", test.tc_id));
-                        assert_eq!(&test.shared_secret, &shared_secret.into());
-                    }
-                    wycheproof::TestResult::Invalid => {
-                        result
-                            .err()
-                            .unwrap_or_else(|| panic!("Test {} should fail", test.tc_id));
-                    }
-                    wycheproof::TestResult::Acceptable => {
-                        if let Ok(shared_secret) = result {
-                            assert_eq!(test.shared_secret, shared_secret.into());
-                        }
-                        // Test passes if `result` is an error because this test is "acceptable"
-                    }
-                }
-            }
-        }
-    }
-
-    /// Generates the test cases to validate the x25519 implementation.
-    /// For example, to test `MyCryptoProvider`:
-    ///
-    /// ```
-    /// use crypto_provider::x25519::testing::*;
-    ///
-    /// mod tests {
-    ///     #[apply(x25519_test_cases)]
-    ///     fn x25519_tests(testcase: CryptoProviderTestCase<MyCryptoProvider>) {
-    ///         testcase(PhantomData::<MyCryptoProvider>);
-    ///     }
-    /// }
-    /// ```
-    #[template]
-    #[export]
-    #[rstest]
-    #[case::x25519_to_bytes(x25519_to_bytes_test)]
-    #[case::x25519_to_bytes_random(x25519_to_bytes_random_test)]
-    #[case::x25519_ecdh(x25519_ecdh_test)]
-    #[case::wycheproof_x25519(wycheproof_x25519_test)]
-    fn x25519_test_cases<C: CryptoProvider>(#[case] testcase: CryptoProviderTestCase<C>) {}
-}
diff --git a/nearby/crypto/crypto_provider_boringssl/Cargo.lock b/nearby/crypto/crypto_provider_boringssl/Cargo.lock
index b1c65bd..7d097a6 100644
--- a/nearby/crypto/crypto_provider_boringssl/Cargo.lock
+++ b/nearby/crypto/crypto_provider_boringssl/Cargo.lock
@@ -27,15 +27,6 @@
 [[package]]
 name = "crypto_provider"
 version = "0.1.0"
-dependencies = [
- "hex",
- "hex-literal",
- "rand",
- "rstest",
- "rstest_reuse",
- "test_helper",
- "wycheproof",
-]
 
 [[package]]
 name = "crypto_provider_boringssl"
@@ -44,6 +35,7 @@
  "bssl-crypto",
  "crypto_provider",
  "crypto_provider_stubs",
+ "crypto_provider_test",
 ]
 
 [[package]]
@@ -54,10 +46,25 @@
 ]
 
 [[package]]
+name = "crypto_provider_test"
+version = "0.1.0"
+dependencies = [
+ "crypto_provider",
+ "hex",
+ "hex-literal",
+ "rand",
+ "rand_ext",
+ "rstest",
+ "rstest_reuse",
+ "test_helper",
+ "wycheproof",
+]
+
+[[package]]
 name = "futures"
-version = "0.3.27"
+version = "0.3.28"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "531ac96c6ff5fd7c62263c5e3c67a603af4fcaee2e1a0ae5565ba3a11e69e549"
+checksum = "23342abe12aba583913b2e62f22225ff9c950774065e4bfb61a19cd9770fec40"
 dependencies = [
  "futures-channel",
  "futures-core",
@@ -70,9 +77,9 @@
 
 [[package]]
 name = "futures-channel"
-version = "0.3.27"
+version = "0.3.28"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "164713a5a0dcc3e7b4b1ed7d3b433cabc18025386f9339346e8daf15963cf7ac"
+checksum = "955518d47e09b25bbebc7a18df10b81f0c766eaf4c4f1cccef2fca5f2a4fb5f2"
 dependencies = [
  "futures-core",
  "futures-sink",
@@ -80,15 +87,15 @@
 
 [[package]]
 name = "futures-core"
-version = "0.3.27"
+version = "0.3.28"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "86d7a0c1aa76363dac491de0ee99faf6941128376f1cf96f07db7603b7de69dd"
+checksum = "4bca583b7e26f571124fe5b7561d49cb2868d79116cfa0eefce955557c6fee8c"
 
 [[package]]
 name = "futures-executor"
-version = "0.3.27"
+version = "0.3.28"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1997dd9df74cdac935c76252744c1ed5794fac083242ea4fe77ef3ed60ba0f83"
+checksum = "ccecee823288125bd88b4d7f565c9e58e41858e47ab72e8ea2d64e93624386e0"
 dependencies = [
  "futures-core",
  "futures-task",
@@ -97,32 +104,32 @@
 
 [[package]]
 name = "futures-io"
-version = "0.3.27"
+version = "0.3.28"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "89d422fa3cbe3b40dca574ab087abb5bc98258ea57eea3fd6f1fa7162c778b91"
+checksum = "4fff74096e71ed47f8e023204cfd0aa1289cd54ae5430a9523be060cdb849964"
 
 [[package]]
 name = "futures-macro"
-version = "0.3.27"
+version = "0.3.28"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3eb14ed937631bd8b8b8977f2c198443447a8355b6e3ca599f38c975e5a963b6"
+checksum = "89ca545a94061b6365f2c7355b4b32bd20df3ff95f02da9329b34ccc3bd6ee72"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 1.0.109",
+ "syn 2.0.15",
 ]
 
 [[package]]
 name = "futures-sink"
-version = "0.3.27"
+version = "0.3.28"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ec93083a4aecafb2a80a885c9de1f0ccae9dbd32c2bb54b0c3a65690e0b8d2f2"
+checksum = "f43be4fe21a13b9781a69afa4985b0f6ee0e1afab2c6f454a8cf30e2b2237b6e"
 
 [[package]]
 name = "futures-task"
-version = "0.3.27"
+version = "0.3.28"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fd65540d33b37b16542a0438c12e6aeead10d4ac5d05bd3f805b8f35ab592879"
+checksum = "76d3d132be6c0e6aa1534069c705a74a5997a356c0dc2f86a47765e5617c5b65"
 
 [[package]]
 name = "futures-timer"
@@ -132,9 +139,9 @@
 
 [[package]]
 name = "futures-util"
-version = "0.3.27"
+version = "0.3.28"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3ef6b17e481503ec85211fed8f39d1970f128935ca1f814cd32ac4a6842e84ab"
+checksum = "26b01e40b772d54cf6c6d721c1d1abd0647a0106a12ecaa1c186273392a69533"
 dependencies = [
  "futures-channel",
  "futures-core",
@@ -150,9 +157,9 @@
 
 [[package]]
 name = "getrandom"
-version = "0.2.8"
+version = "0.2.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c05aeb6a22b8f62540c194aac980f2115af067bfe15a0734d7277a768d396b31"
+checksum = "c85e1d9ab2eadba7e5040d4e09cbd6d072b76a557ad64e797c2cb9d4da21d7e4"
 dependencies = [
  "cfg-if",
  "libc",
@@ -179,9 +186,18 @@
 
 [[package]]
 name = "libc"
-version = "0.2.140"
+version = "0.2.144"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "99227334921fae1a979cf0bfdfcc6b3e5ce376ef57e16fb6fb3ea2ed6095f80c"
+checksum = "2b00cc1c228a6782d0f076e7b232802e0c5689d41bb5df366f2a6b6621cfdfe1"
+
+[[package]]
+name = "log"
+version = "0.4.17"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "abb12e687cfb44aa40f41fc3978ef76448f9b6038cad6aef4259d3c095a2382e"
+dependencies = [
+ "cfg-if",
+]
 
 [[package]]
 name = "memchr"
@@ -209,18 +225,18 @@
 
 [[package]]
 name = "proc-macro2"
-version = "1.0.53"
+version = "1.0.56"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ba466839c78239c09faf015484e5cc04860f88242cff4d03eb038f04b4699b73"
+checksum = "2b63bdb0cd06f1f4dedf69b254734f9b45af66e4a031e42a7480257d9898b435"
 dependencies = [
  "unicode-ident",
 ]
 
 [[package]]
 name = "quote"
-version = "1.0.26"
+version = "1.0.27"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4424af4bf778aae2051a77b60283332f386554255d722233d09fbfc7e30da2fc"
+checksum = "8f4f29d145265ec1c483c7c654450edde0bfe043d3938d6972630663356d9500"
 dependencies = [
  "proc-macro2",
 ]
@@ -256,6 +272,25 @@
 ]
 
 [[package]]
+name = "rand_ext"
+version = "0.1.0"
+dependencies = [
+ "crypto_provider",
+ "log",
+ "rand",
+ "rand_pcg",
+]
+
+[[package]]
+name = "rand_pcg"
+version = "0.3.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "59cad018caf63deb318e5a4586d99a24424a364f40f1e5778c29aca23f4fc73e"
+dependencies = [
+ "rand_core",
+]
+
+[[package]]
 name = "rstest"
 version = "0.16.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -316,29 +351,29 @@
 
 [[package]]
 name = "serde"
-version = "1.0.158"
+version = "1.0.162"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "771d4d9c4163ee138805e12c710dd365e4f44be8be0503cb1bb9eb989425d9c9"
+checksum = "71b2f6e1ab5c2b98c05f0f35b236b22e8df7ead6ffbf51d7808da7f8817e7ab6"
 dependencies = [
  "serde_derive",
 ]
 
 [[package]]
 name = "serde_derive"
-version = "1.0.158"
+version = "1.0.162"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e801c1712f48475582b7696ac71e0ca34ebb30e09338425384269d9717c62cad"
+checksum = "a2a0814352fd64b58489904a44ea8d90cb1a91dcb6b4f5ebabc32c8318e93cb6"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.6",
+ "syn 2.0.15",
 ]
 
 [[package]]
 name = "serde_json"
-version = "1.0.94"
+version = "1.0.96"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1c533a59c9d8a93a09c6ab31f0fd5e5f4dd1b8fc9434804029839884765d04ea"
+checksum = "057d394a50403bcac12672b2b18fb387ab6d289d957dab67dd201875391e52f1"
 dependencies = [
  "itoa",
  "ryu",
@@ -367,9 +402,9 @@
 
 [[package]]
 name = "syn"
-version = "2.0.6"
+version = "2.0.15"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ece519cfaf36269ea69d16c363fa1d59ceba8296bbfbfc003c3176d01f2816ee"
+checksum = "a34fcf3e8b60f57e6a14301a2e916d323af98b0ea63c599441eec8558660c822"
 dependencies = [
  "proc-macro2",
  "quote",
diff --git a/nearby/crypto/crypto_provider_boringssl/Cargo.toml b/nearby/crypto/crypto_provider_boringssl/Cargo.toml
index 6a62172..24ce66c 100644
--- a/nearby/crypto/crypto_provider_boringssl/Cargo.toml
+++ b/nearby/crypto/crypto_provider_boringssl/Cargo.toml
@@ -12,4 +12,4 @@
 bssl-crypto = {path = "../bssl-crypto"}
 
 [dev-dependencies]
-crypto_provider = {path = "../crypto_provider", features = ["std", "alloc", "testing"]}
+crypto_provider_test = {path = "../crypto_provider_test"}
diff --git a/nearby/crypto/crypto_provider_boringssl/src/aes.rs b/nearby/crypto/crypto_provider_boringssl/src/aes.rs
index a4f275e..fc97db2 100644
--- a/nearby/crypto/crypto_provider_boringssl/src/aes.rs
+++ b/nearby/crypto/crypto_provider_boringssl/src/aes.rs
@@ -113,7 +113,7 @@
 mod tests {
     use super::*;
     use core::marker::PhantomData;
-    use crypto_provider::aes::testing::*;
+    use crypto_provider_test::aes::*;
 
     #[apply(aes_128_encrypt_test_cases)]
     fn aes_128_encrypt_test(testcase: CryptoProviderTestCase<Aes128EncryptCipher>) {
diff --git a/nearby/crypto/crypto_provider_boringssl/src/hkdf.rs b/nearby/crypto/crypto_provider_boringssl/src/hkdf.rs
index 4ab0ad4..3672bb1 100644
--- a/nearby/crypto/crypto_provider_boringssl/src/hkdf.rs
+++ b/nearby/crypto/crypto_provider_boringssl/src/hkdf.rs
@@ -54,7 +54,7 @@
 mod tests {
     use crate::Boringssl;
     use core::marker::PhantomData;
-    use crypto_provider::hkdf::testing::*;
+    use crypto_provider_test::hkdf::*;
 
     #[apply(hkdf_test_cases)]
     fn hkdf_tests(testcase: CryptoProviderTestCase<Boringssl>) {
diff --git a/nearby/crypto/crypto_provider_boringssl/src/hmac.rs b/nearby/crypto/crypto_provider_boringssl/src/hmac.rs
index 3459c3b..7a5e867 100644
--- a/nearby/crypto/crypto_provider_boringssl/src/hmac.rs
+++ b/nearby/crypto/crypto_provider_boringssl/src/hmac.rs
@@ -84,7 +84,7 @@
 mod tests {
     use crate::Boringssl;
     use core::marker::PhantomData;
-    use crypto_provider::hmac::testing::*;
+    use crypto_provider_test::hmac::*;
 
     #[apply(hmac_test_cases)]
     fn hmac_tests(testcase: CryptoProviderTestCase<Boringssl>) {
diff --git a/nearby/crypto/crypto_provider_default/Cargo.toml b/nearby/crypto/crypto_provider_default/Cargo.toml
index 9eff7ea..f78ad8e 100644
--- a/nearby/crypto/crypto_provider_default/Cargo.toml
+++ b/nearby/crypto/crypto_provider_default/Cargo.toml
@@ -12,6 +12,7 @@
 cfg-if.workspace = true
 
 [features]
+std = ["crypto_provider_rustcrypto/std"]
 default = ["rustcrypto"]
 rustcrypto = ["crypto_provider_rustcrypto"]
 boringssl = ["crypto_provider_boringssl"]
diff --git a/nearby/crypto/crypto_provider_openssl/Cargo.toml b/nearby/crypto/crypto_provider_openssl/Cargo.toml
index 78c6cf3..8fa6faa 100644
--- a/nearby/crypto/crypto_provider_openssl/Cargo.toml
+++ b/nearby/crypto/crypto_provider_openssl/Cargo.toml
@@ -16,6 +16,6 @@
 boringssl = ["openssl/unstable_boringssl", "crypto_provider/gcm_siv"]
 
 [dev-dependencies]
-crypto_provider = { path = "../crypto_provider", default-features = false, features = ["testing"] }
-rstest = "0.16.0"
+crypto_provider_test.workspace = true
+rstest.workspace = true
 hex-literal.workspace = true
diff --git a/nearby/crypto/crypto_provider_openssl/src/aes.rs b/nearby/crypto/crypto_provider_openssl/src/aes.rs
index ded187f..55a3dd2 100644
--- a/nearby/crypto/crypto_provider_openssl/src/aes.rs
+++ b/nearby/crypto/crypto_provider_openssl/src/aes.rs
@@ -290,9 +290,9 @@
 mod tests {
     use core::marker::PhantomData;
 
-    use crypto_provider::aes::cbc::testing::*;
-    use crypto_provider::aes::ctr::testing::*;
-    use crypto_provider::aes::testing::*;
+    use crypto_provider_test::aes::cbc::*;
+    use crypto_provider_test::aes::ctr::*;
+    use crypto_provider_test::aes::*;
 
     use super::*;
 
diff --git a/nearby/crypto/crypto_provider_openssl/src/ed25519.rs b/nearby/crypto/crypto_provider_openssl/src/ed25519.rs
index cb37b6f..1384a06 100644
--- a/nearby/crypto/crypto_provider_openssl/src/ed25519.rs
+++ b/nearby/crypto/crypto_provider_openssl/src/ed25519.rs
@@ -126,7 +126,7 @@
 #[cfg(test)]
 mod tests {
     use crate::ed25519::Ed25519;
-    use crypto_provider::ed25519::testing::{run_rfc_test_vectors, run_wycheproof_test_vectors};
+    use crypto_provider_test::ed25519::{run_rfc_test_vectors, run_wycheproof_test_vectors};
 
     #[test]
     fn wycheproof_test_ed25519_openssl() {
diff --git a/nearby/crypto/crypto_provider_openssl/src/hkdf_boringssl.rs b/nearby/crypto/crypto_provider_openssl/src/hkdf_boringssl.rs
index f6c106d..eb23b3b 100644
--- a/nearby/crypto/crypto_provider_openssl/src/hkdf_boringssl.rs
+++ b/nearby/crypto/crypto_provider_openssl/src/hkdf_boringssl.rs
@@ -67,7 +67,7 @@
 mod tests {
     use crate::Openssl;
     use core::marker::PhantomData;
-    use crypto_provider::hkdf::testing::*;
+    use crypto_provider_test::hkdf::*;
 
     #[apply(hkdf_test_cases)]
     fn hkdf_tests(testcase: CryptoProviderTestCase<Openssl>) {
diff --git a/nearby/crypto/crypto_provider_openssl/src/hkdf_openssl.rs b/nearby/crypto/crypto_provider_openssl/src/hkdf_openssl.rs
index 605cff1..c578ed7 100644
--- a/nearby/crypto/crypto_provider_openssl/src/hkdf_openssl.rs
+++ b/nearby/crypto/crypto_provider_openssl/src/hkdf_openssl.rs
@@ -65,7 +65,7 @@
 mod tests {
     use crate::Openssl;
     use core::marker::PhantomData;
-    use crypto_provider::hkdf::testing::*;
+    use crypto_provider_test::hkdf::*;
 
     #[apply(hkdf_test_cases)]
     fn hkdf_tests(testcase: CryptoProviderTestCase<Openssl>) {
diff --git a/nearby/crypto/crypto_provider_openssl/src/hmac_boringssl.rs b/nearby/crypto/crypto_provider_openssl/src/hmac_boringssl.rs
index af728b3..2202d7e 100644
--- a/nearby/crypto/crypto_provider_openssl/src/hmac_boringssl.rs
+++ b/nearby/crypto/crypto_provider_openssl/src/hmac_boringssl.rs
@@ -102,7 +102,7 @@
 mod tests {
     use crate::Openssl;
     use core::marker::PhantomData;
-    use crypto_provider::hmac::testing::*;
+    use crypto_provider_test::hmac::*;
 
     #[apply(hmac_test_cases)]
     fn hmac_tests(testcase: CryptoProviderTestCase<Openssl>) {
diff --git a/nearby/crypto/crypto_provider_openssl/src/hmac_openssl.rs b/nearby/crypto/crypto_provider_openssl/src/hmac_openssl.rs
index d99ee3e..3cff10f 100644
--- a/nearby/crypto/crypto_provider_openssl/src/hmac_openssl.rs
+++ b/nearby/crypto/crypto_provider_openssl/src/hmac_openssl.rs
@@ -180,7 +180,7 @@
 mod tests {
     use crate::Openssl;
     use core::marker::PhantomData;
-    use crypto_provider::hmac::testing::*;
+    use crypto_provider_test::hmac::*;
 
     #[apply(hmac_test_cases)]
     fn hmac_tests(testcase: CryptoProviderTestCase<Openssl>) {
diff --git a/nearby/crypto/crypto_provider_openssl/src/lib.rs b/nearby/crypto/crypto_provider_openssl/src/lib.rs
index db926f0..41c4642 100644
--- a/nearby/crypto/crypto_provider_openssl/src/lib.rs
+++ b/nearby/crypto/crypto_provider_openssl/src/lib.rs
@@ -112,8 +112,8 @@
 mod tests {
     use core::marker::PhantomData;
 
-    use crypto_provider::sha2::testing::*;
-    use crypto_provider::testing::*;
+    use crypto_provider_test::sha2::*;
+    use crypto_provider_test::*;
 
     use crate::Openssl;
 
diff --git a/nearby/crypto/crypto_provider_openssl/src/p256.rs b/nearby/crypto/crypto_provider_openssl/src/p256.rs
index a0c5072..5efd123 100644
--- a/nearby/crypto/crypto_provider_openssl/src/p256.rs
+++ b/nearby/crypto/crypto_provider_openssl/src/p256.rs
@@ -132,7 +132,7 @@
 }
 
 #[cfg(test)]
-impl crypto_provider::elliptic_curve::EphemeralSecretForTesting<P256> for P256EphemeralSecret {
+impl crypto_provider_test::elliptic_curve::EphemeralSecretForTesting<P256> for P256EphemeralSecret {
     fn from_private_components(
         private_bytes: &[u8; 32],
         public_key: &P256PublicKey,
@@ -160,7 +160,7 @@
 mod tests {
     use super::P256Ecdh;
     use core::marker::PhantomData;
-    use crypto_provider::p256::testing::*;
+    use crypto_provider_test::p256::*;
 
     #[apply(p256_test_cases)]
     fn p256_tests(testcase: CryptoProviderTestCase<P256Ecdh>) {
diff --git a/nearby/crypto/crypto_provider_openssl/src/x25519.rs b/nearby/crypto/crypto_provider_openssl/src/x25519.rs
index 0745c0b..ff6f3b0 100644
--- a/nearby/crypto/crypto_provider_openssl/src/x25519.rs
+++ b/nearby/crypto/crypto_provider_openssl/src/x25519.rs
@@ -72,7 +72,7 @@
 }
 
 #[cfg(test)]
-impl crypto_provider::elliptic_curve::EphemeralSecretForTesting<X25519> for X25519PrivateKey {
+impl crypto_provider_test::elliptic_curve::EphemeralSecretForTesting<X25519> for X25519PrivateKey {
     fn from_private_components(
         private_bytes: &[u8; 32],
         _public_key: &<Self::Impl as EcdhProvider<X25519>>::PublicKey,
@@ -93,7 +93,7 @@
 #[cfg(test)]
 mod tests {
     use core::marker::PhantomData;
-    use crypto_provider::x25519::testing::*;
+    use crypto_provider_test::x25519::*;
 
     use super::X25519Ecdh;
 
diff --git a/nearby/crypto/crypto_provider_rustcrypto/Cargo.toml b/nearby/crypto/crypto_provider_rustcrypto/Cargo.toml
index 2ab5354..cd4cf4a 100644
--- a/nearby/crypto/crypto_provider_rustcrypto/Cargo.toml
+++ b/nearby/crypto/crypto_provider_rustcrypto/Cargo.toml
@@ -26,7 +26,7 @@
 
 [dev-dependencies]
 hex.workspace = true
-crypto_provider = { workspace = true, features = ["testing"] }
+crypto_provider_test.workspace = true
 crypto_provider_rustcrypto = { path = ".", features = ["std"] }
 
 [features]
diff --git a/nearby/crypto/crypto_provider_rustcrypto/src/aes/cbc.rs b/nearby/crypto/crypto_provider_rustcrypto/src/aes/cbc.rs
index b43876c..06d7224 100644
--- a/nearby/crypto/crypto_provider_rustcrypto/src/aes/cbc.rs
+++ b/nearby/crypto/crypto_provider_rustcrypto/src/aes/cbc.rs
@@ -44,7 +44,7 @@
 mod tests {
     use super::AesCbcPkcs7Padded;
     use core::marker::PhantomData;
-    use crypto_provider::aes::cbc::testing::*;
+    use crypto_provider_test::aes::cbc::*;
 
     #[apply(aes_256_cbc_test_cases)]
     fn aes_256_cbc_test(testcase: CryptoProviderTestCase<AesCbcPkcs7Padded>) {
diff --git a/nearby/crypto/crypto_provider_rustcrypto/src/aes/gcm_siv.rs b/nearby/crypto/crypto_provider_rustcrypto/src/aes/gcm_siv.rs
index 98eca08..c31e09a 100644
--- a/nearby/crypto/crypto_provider_rustcrypto/src/aes/gcm_siv.rs
+++ b/nearby/crypto/crypto_provider_rustcrypto/src/aes/gcm_siv.rs
@@ -67,8 +67,8 @@
 mod tests {
     use core::marker::PhantomData;
 
-    use crypto_provider::aes::gcm_siv::testing::*;
-    use crypto_provider::aes::testing::*;
+    use crypto_provider_test::aes::gcm_siv::*;
+    use crypto_provider_test::aes::*;
 
     use super::*;
 
diff --git a/nearby/crypto/crypto_provider_rustcrypto/src/aes/mod.rs b/nearby/crypto/crypto_provider_rustcrypto/src/aes/mod.rs
index a351b81..bd37458 100644
--- a/nearby/crypto/crypto_provider_rustcrypto/src/aes/mod.rs
+++ b/nearby/crypto/crypto_provider_rustcrypto/src/aes/mod.rs
@@ -154,8 +154,8 @@
 mod tests {
     use core::marker::PhantomData;
 
-    use crypto_provider::aes::ctr::testing::*;
-    use crypto_provider::aes::testing::*;
+    use crypto_provider_test::aes::ctr::*;
+    use crypto_provider_test::aes::*;
 
     use super::*;
 
diff --git a/nearby/crypto/crypto_provider_rustcrypto/src/ed25519.rs b/nearby/crypto/crypto_provider_rustcrypto/src/ed25519.rs
index df5c5de..b971268 100644
--- a/nearby/crypto/crypto_provider_rustcrypto/src/ed25519.rs
+++ b/nearby/crypto/crypto_provider_rustcrypto/src/ed25519.rs
@@ -110,7 +110,7 @@
 
 #[cfg(test)]
 mod tests {
-    use crypto_provider::ed25519::testing::{run_rfc_test_vectors, run_wycheproof_test_vectors};
+    use crypto_provider_test::ed25519::{run_rfc_test_vectors, run_wycheproof_test_vectors};
 
     use crate::ed25519::Ed25519;
 
diff --git a/nearby/crypto/crypto_provider_rustcrypto/src/hkdf_rc.rs b/nearby/crypto/crypto_provider_rustcrypto/src/hkdf_rc.rs
index 8ff5d7b..79379e2 100644
--- a/nearby/crypto/crypto_provider_rustcrypto/src/hkdf_rc.rs
+++ b/nearby/crypto/crypto_provider_rustcrypto/src/hkdf_rc.rs
@@ -76,7 +76,7 @@
 mod tests {
     use crate::RustCrypto;
     use core::marker::PhantomData;
-    use crypto_provider::hkdf::testing::*;
+    use crypto_provider_test::hkdf::*;
 
     #[apply(hkdf_test_cases)]
     fn hkdf_tests(testcase: CryptoProviderTestCase<RustCrypto>) {
diff --git a/nearby/crypto/crypto_provider_rustcrypto/src/hmac_rc.rs b/nearby/crypto/crypto_provider_rustcrypto/src/hmac_rc.rs
index 95254a5..6eb678c 100644
--- a/nearby/crypto/crypto_provider_rustcrypto/src/hmac_rc.rs
+++ b/nearby/crypto/crypto_provider_rustcrypto/src/hmac_rc.rs
@@ -117,7 +117,7 @@
 mod tests {
     use crate::RustCrypto;
     use core::marker::PhantomData;
-    use crypto_provider::hmac::testing::*;
+    use crypto_provider_test::hmac::*;
 
     #[apply(hmac_test_cases)]
     fn hmac_tests(testcase: CryptoProviderTestCase<RustCrypto>) {
diff --git a/nearby/crypto/crypto_provider_rustcrypto/src/lib.rs b/nearby/crypto/crypto_provider_rustcrypto/src/lib.rs
index e73ea11..7d4a3b4 100644
--- a/nearby/crypto/crypto_provider_rustcrypto/src/lib.rs
+++ b/nearby/crypto/crypto_provider_rustcrypto/src/lib.rs
@@ -126,7 +126,7 @@
 mod tests {
     use core::marker::PhantomData;
 
-    use crypto_provider::sha2::testing::*;
+    use crypto_provider_test::sha2::*;
 
     use crate::RustCrypto;
 
diff --git a/nearby/crypto/crypto_provider_rustcrypto/src/p256.rs b/nearby/crypto/crypto_provider_rustcrypto/src/p256.rs
index a50bec8..3ad08f2 100644
--- a/nearby/crypto/crypto_provider_rustcrypto/src/p256.rs
+++ b/nearby/crypto/crypto_provider_rustcrypto/src/p256.rs
@@ -120,7 +120,8 @@
 
 #[cfg(test)]
 impl<R: CryptoRng + SeedableRng + RngCore + Send>
-    crypto_provider::elliptic_curve::EphemeralSecretForTesting<P256> for P256EphemeralSecret<R>
+    crypto_provider_test::elliptic_curve::EphemeralSecretForTesting<P256>
+    for P256EphemeralSecret<R>
 {
     fn from_private_components(
         private_bytes: &[u8; 32],
@@ -139,7 +140,7 @@
 mod tests {
     use super::P256Ecdh;
     use core::marker::PhantomData;
-    use crypto_provider::p256::testing::*;
+    use crypto_provider_test::p256::*;
     use rand::rngs::StdRng;
 
     #[apply(p256_test_cases)]
diff --git a/nearby/crypto/crypto_provider_rustcrypto/src/x25519.rs b/nearby/crypto/crypto_provider_rustcrypto/src/x25519.rs
index 794d780..60d9bdb 100644
--- a/nearby/crypto/crypto_provider_rustcrypto/src/x25519.rs
+++ b/nearby/crypto/crypto_provider_rustcrypto/src/x25519.rs
@@ -68,7 +68,7 @@
 
 #[cfg(test)]
 impl<R: CryptoRng + RngCore + SeedableRng + Send>
-    crypto_provider::elliptic_curve::EphemeralSecretForTesting<X25519>
+    crypto_provider_test::elliptic_curve::EphemeralSecretForTesting<X25519>
     for X25519EphemeralSecret<R>
 {
     fn from_private_components(
@@ -114,7 +114,7 @@
 mod tests {
     use super::X25519Ecdh;
     use core::marker::PhantomData;
-    use crypto_provider::x25519::testing::*;
+    use crypto_provider_test::x25519::*;
     use rand::rngs::StdRng;
 
     #[apply(x25519_test_cases)]
diff --git a/nearby/crypto/crypto_provider_test/Cargo.toml b/nearby/crypto/crypto_provider_test/Cargo.toml
new file mode 100644
index 0000000..1f58c84
--- /dev/null
+++ b/nearby/crypto/crypto_provider_test/Cargo.toml
@@ -0,0 +1,17 @@
+[package]
+name = "crypto_provider_test"
+version.workspace = true
+edition.workspace = true
+publish.workspace = true
+
+[dependencies]
+crypto_provider.workspace = true
+rand_ext.workspace = true
+test_helper.workspace = true
+
+hex-literal.workspace = true
+rand.workspace = true
+rstest.workspace = true
+rstest_reuse.workspace = true
+wycheproof.workspace = true
+hex.workspace = true
\ No newline at end of file
diff --git a/nearby/crypto/crypto_provider_test/src/aes/cbc.rs b/nearby/crypto/crypto_provider_test/src/aes/cbc.rs
new file mode 100644
index 0000000..b22c828
--- /dev/null
+++ b/nearby/crypto/crypto_provider_test/src/aes/cbc.rs
@@ -0,0 +1,63 @@
+// Copyright 2022 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+use crate::aes::Aes256Key;
+pub use crate::prelude::*;
+use core::marker::PhantomData;
+use crypto_provider::aes::cbc::{AesCbcIv, AesCbcPkcs7Padded};
+use hex_literal::hex;
+use rstest_reuse::template;
+
+/// Tests for AES-256-CBC encryption
+pub fn aes_256_cbc_test_encrypt<A: AesCbcPkcs7Padded>(_marker: PhantomData<A>) {
+    // http://google3/third_party/wycheproof/testvectors/aes_cbc_pkcs5_test.json;l=1492;rcl=264817632
+    let key: Aes256Key =
+        hex!("665a02bc265a66d01775091da56726b6668bfd903cb7af66fb1b78a8a062e43c").into();
+    let iv: AesCbcIv = hex!("3fb0d5ecd06c71150748b599595833cb");
+    let msg = hex!("3f56935def3f");
+    let expected_ciphertext = hex!("3f3f39697bd7e88d85a14132be1cbc48");
+    assert_eq!(A::encrypt(&key, &iv, &msg), expected_ciphertext);
+}
+
+/// Tests for AES-256-CBC decryption
+pub fn aes_256_cbc_test_decrypt<A: AesCbcPkcs7Padded>(_marker: PhantomData<A>) {
+    // http://google3/third_party/wycheproof/testvectors/aes_cbc_pkcs5_test.json;l=1492;rcl=264817632
+    let key: Aes256Key =
+        hex!("665a02bc265a66d01775091da56726b6668bfd903cb7af66fb1b78a8a062e43c").into();
+    let iv: AesCbcIv = hex!("3fb0d5ecd06c71150748b599595833cb");
+    let ciphertext = hex!("3f3f39697bd7e88d85a14132be1cbc48");
+    let expected_msg = hex!("3f56935def3f");
+    assert_eq!(A::decrypt(&key, &iv, &ciphertext).unwrap(), expected_msg);
+}
+
+/// Generates the test cases to validate the AES-256-CBC implementation.
+/// For example, to test `MyAesCbc256Impl`:
+///
+/// ```
+/// use crypto_provider::aes::cbc::testing::*;
+///
+/// mod tests {
+///     #[apply(aes_256_cbc_test_cases)]
+///     fn aes_256_cbc_tests(
+///             testcase: CryptoProviderTestCases<PhantomData<MyAesCbc256Impl>>) {
+///         testcase(PhantomData);
+///     }
+/// }
+/// ```
+#[template]
+#[export]
+#[rstest]
+#[case::encrypt(aes_256_cbc_test_encrypt)]
+#[case::decrypt(aes_256_cbc_test_decrypt)]
+fn aes_256_cbc_test_cases<A: AesCbcPkcs7Padded>(#[case] testcase: CryptoProviderTestCases<F>) {}
diff --git a/nearby/crypto/crypto_provider_test/src/aes/ctr.rs b/nearby/crypto/crypto_provider_test/src/aes/ctr.rs
new file mode 100644
index 0000000..401f65b
--- /dev/null
+++ b/nearby/crypto/crypto_provider_test/src/aes/ctr.rs
@@ -0,0 +1,183 @@
+// Copyright 2022 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+use crate::aes::{Aes128Key, Aes256Key};
+pub use crate::prelude;
+use core::marker;
+use crypto_provider::aes::ctr::AesCtr;
+use hex_literal::hex;
+use rstest_reuse::template;
+
+/// Test AES-128-CTR encryption
+pub fn aes_128_ctr_test_encrypt<A: AesCtr<Key = Aes128Key>>(_marker: marker::PhantomData<A>) {
+    // https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38a.pdf F.5.1
+    let key: Aes128Key = hex!("2b7e151628aed2a6abf7158809cf4f3c").into();
+    let iv = hex!("f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff");
+    let mut block: [u8; 16];
+    let mut cipher = A::new(&key, iv);
+
+    block = hex!("6bc1bee22e409f96e93d7e117393172a");
+    cipher.encrypt(&mut block);
+    let expected_ciphertext_1 = hex!("874d6191b620e3261bef6864990db6ce");
+    assert_eq!(expected_ciphertext_1, block);
+
+    block = hex!("ae2d8a571e03ac9c9eb76fac45af8e51");
+    cipher.encrypt(&mut block);
+    let expected_ciphertext_2 = hex!("9806f66b7970fdff8617187bb9fffdff");
+    assert_eq!(expected_ciphertext_2, block);
+
+    block = hex!("30c81c46a35ce411e5fbc1191a0a52ef");
+    cipher.encrypt(&mut block);
+    let expected_ciphertext_3 = hex!("5ae4df3edbd5d35e5b4f09020db03eab");
+    assert_eq!(expected_ciphertext_3, block);
+
+    block = hex!("f69f2445df4f9b17ad2b417be66c3710");
+    cipher.encrypt(&mut block);
+    let expected_ciphertext_3 = hex!("1e031dda2fbe03d1792170a0f3009cee");
+    assert_eq!(expected_ciphertext_3, block);
+}
+
+/// Test AES-128-CTR decryption
+pub fn aes_128_ctr_test_decrypt<A: AesCtr<Key = Aes128Key>>(_marker: marker::PhantomData<A>) {
+    // https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38a.pdf F.5.2
+    let key: Aes128Key = hex!("2b7e151628aed2a6abf7158809cf4f3c").into();
+    let iv = hex!("f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff");
+    let mut block: [u8; 16];
+    let mut cipher = A::new(&key, iv);
+
+    block = hex!("874d6191b620e3261bef6864990db6ce");
+    cipher.encrypt(&mut block);
+    let expected_plaintext_1 = hex!("6bc1bee22e409f96e93d7e117393172a");
+    assert_eq!(expected_plaintext_1, block);
+
+    block = hex!("9806f66b7970fdff8617187bb9fffdff");
+    cipher.encrypt(&mut block);
+    let expected_plaintext_2 = hex!("ae2d8a571e03ac9c9eb76fac45af8e51");
+    assert_eq!(expected_plaintext_2, block);
+
+    block = hex!("5ae4df3edbd5d35e5b4f09020db03eab");
+    cipher.encrypt(&mut block);
+    let expected_plaintext_3 = hex!("30c81c46a35ce411e5fbc1191a0a52ef");
+    assert_eq!(expected_plaintext_3, block);
+
+    block = hex!("1e031dda2fbe03d1792170a0f3009cee");
+    cipher.encrypt(&mut block);
+    let expected_plaintext_3 = hex!("f69f2445df4f9b17ad2b417be66c3710");
+    assert_eq!(expected_plaintext_3, block);
+}
+
+/// Test AES-256-CTR encryption
+pub fn aes_256_ctr_test_encrypt<A: AesCtr<Key = Aes256Key>>(_marker: marker::PhantomData<A>) {
+    // https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38a.pdf F.5.5
+    let key: Aes256Key =
+        hex!("603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4").into();
+    let iv = hex!("f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff");
+    let mut block: [u8; 16];
+    let mut cipher = A::new(&key, iv);
+
+    block = hex!("6bc1bee22e409f96e93d7e117393172a");
+    cipher.encrypt(&mut block);
+    let expected_ciphertext_1 = hex!("601ec313775789a5b7a7f504bbf3d228");
+    assert_eq!(expected_ciphertext_1, block);
+
+    block = hex!("ae2d8a571e03ac9c9eb76fac45af8e51");
+    cipher.encrypt(&mut block);
+    let expected_ciphertext_2 = hex!("f443e3ca4d62b59aca84e990cacaf5c5");
+    assert_eq!(expected_ciphertext_2, block);
+
+    block = hex!("30c81c46a35ce411e5fbc1191a0a52ef");
+    cipher.encrypt(&mut block);
+    let expected_ciphertext_3 = hex!("2b0930daa23de94ce87017ba2d84988d");
+    assert_eq!(expected_ciphertext_3, block);
+
+    block = hex!("f69f2445df4f9b17ad2b417be66c3710");
+    cipher.encrypt(&mut block);
+    let expected_ciphertext_3 = hex!("dfc9c58db67aada613c2dd08457941a6");
+    assert_eq!(expected_ciphertext_3, block);
+}
+
+/// Test AES-256-CTR decryption
+pub fn aes_256_ctr_test_decrypt<A: AesCtr<Key = Aes256Key>>(_marker: marker::PhantomData<A>) {
+    // https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38a.pdf F.5.6
+    let key: Aes256Key =
+        hex!("603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4").into();
+    let iv = hex!("f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff");
+    let mut block: [u8; 16];
+    let mut cipher = A::new(&key, iv);
+
+    block = hex!("601ec313775789a5b7a7f504bbf3d228");
+    cipher.encrypt(&mut block);
+    let expected_plaintext_1 = hex!("6bc1bee22e409f96e93d7e117393172a");
+    assert_eq!(expected_plaintext_1, block);
+
+    block = hex!("f443e3ca4d62b59aca84e990cacaf5c5");
+    cipher.encrypt(&mut block);
+    let expected_plaintext_2 = hex!("ae2d8a571e03ac9c9eb76fac45af8e51");
+    assert_eq!(expected_plaintext_2, block);
+
+    block = hex!("2b0930daa23de94ce87017ba2d84988d");
+    cipher.encrypt(&mut block);
+    let expected_plaintext_3 = hex!("30c81c46a35ce411e5fbc1191a0a52ef");
+    assert_eq!(expected_plaintext_3, block);
+
+    block = hex!("dfc9c58db67aada613c2dd08457941a6");
+    cipher.encrypt(&mut block);
+    let expected_plaintext_3 = hex!("f69f2445df4f9b17ad2b417be66c3710");
+    assert_eq!(expected_plaintext_3, block);
+}
+
+/// Generates the test cases to validate the AES-128-CTR implementation.
+/// For example, to test `MyAesCtr128Impl`:
+///
+/// ```
+/// use crypto_provider::aes::ctr::testing::*;
+///
+/// mod tests {
+///     #[apply(aes_128_ctr_test_cases)]
+///     fn aes_128_ctr_tests(testcase: CryptoProviderTestCase<MyAesCtr128Impl>) {
+///         testcase(MyAesCtr128Impl);
+///     }
+/// }
+/// ```
+#[template]
+#[export]
+#[rstest]
+#[case::encrypt(aes_128_ctr_test_encrypt)]
+#[case::decrypt(aes_128_ctr_test_decrypt)]
+fn aes_128_ctr_test_cases<F: AesCtrFactory<Key = Aes128Key>>(
+    #[case] testcase: CryptoProviderTestCase<F>,
+) {
+}
+
+/// Generates the test cases to validate the AES-256-CTR implementation.
+/// For example, to test `MyAesCtr256Impl`:
+///
+/// ```
+/// use crypto_provider::aes::ctr::testing::*;
+///
+/// mod tests {
+///     #[apply(aes_256_ctr_test_cases_impl)]
+///     fn aes_256_ctr_tests(testcase: CryptoProviderTestCase<MyAesCtr256Impl>) {
+///         testcase(MyAesCtr256Impl);
+///     }
+/// }
+/// ```
+#[template]
+#[export]
+#[rstest]
+#[case::encrypt(aes_256_ctr_test_encrypt)]
+#[case::decrypt(aes_256_ctr_test_decrypt)]
+fn aes_256_ctr_test_cases<F: AesCtrFactory<Key = Aes256Key>>(
+    #[case] testcase: CryptoProviderTestCase<F>,
+) {
+}
diff --git a/nearby/crypto/crypto_provider_test/src/aes/gcm_siv.rs b/nearby/crypto/crypto_provider_test/src/aes/gcm_siv.rs
new file mode 100644
index 0000000..b27e61c
--- /dev/null
+++ b/nearby/crypto/crypto_provider_test/src/aes/gcm_siv.rs
@@ -0,0 +1,122 @@
+// Copyright 2023 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+use alloc::vec::Vec;
+use core::marker;
+
+use hex_literal::hex;
+use rstest_reuse::template;
+
+use crate::aes::{Aes128Key, Aes256Key};
+pub use crate::prelude;
+
+use crypto_provider::aes::gcm_siv::AesGcmSiv;
+
+/// Test AES-GCM-SIV-128 encryption/decryption
+pub fn aes_128_gcm_siv_test<A: AesGcmSiv<Key = Aes128Key>>(_marker: marker::PhantomData<A>) {
+    // https://github.com/google/wycheproof/blob/master/testvectors/aes_gcm_siv_test.json
+    // TC1
+    let test_key = hex!("01000000000000000000000000000000");
+    let nonce = hex!("030000000000000000000000");
+    let aes = A::new(&test_key.into());
+    let msg = hex!("");
+    let mut buf = Vec::from(msg.as_slice());
+    let tag = hex!("dc20e2d83f25705bb49e439eca56de25");
+    assert!(aes.encrypt(&mut buf, b"", &nonce).is_ok());
+    assert_eq!(&buf[..], &tag);
+    // TC2
+    let msg = hex!("0100000000000000");
+    let ct = hex!("b5d839330ac7b786");
+    let tag = hex!("578782fff6013b815b287c22493a364c");
+    let mut buf = Vec::from(msg.as_slice());
+    assert!(aes.encrypt(&mut buf, b"", &nonce).is_ok());
+    assert_eq!(&buf[..8], &ct);
+    assert_eq!(&buf[8..], &tag);
+    assert!(aes.decrypt(&mut buf, b"", &nonce).is_ok());
+    assert_eq!(&buf[..], &msg);
+}
+
+/// Test AES-256-GCM-SIV encryption/decryption
+pub fn aes_256_gcm_siv_test<A: AesGcmSiv<Key = Aes256Key>>(_marker: marker::PhantomData<A>) {
+    // https://github.com/google/wycheproof/blob/master/testvectors/aes_gcm_siv_test.json
+    // TC77
+    let test_key = hex!("0100000000000000000000000000000000000000000000000000000000000000");
+    let nonce = hex!("030000000000000000000000");
+    let aes = A::new(&test_key.into());
+    let msg = hex!("0100000000000000");
+    let mut buf = Vec::new();
+    buf.extend_from_slice(&msg);
+    let ct = hex!("c2ef328e5c71c83b");
+    let tag = hex!("843122130f7364b761e0b97427e3df28");
+    assert!(aes.encrypt(&mut buf, b"", &nonce).is_ok());
+    assert_eq!(&buf[..8], &ct);
+    assert_eq!(&buf[8..], &tag);
+    assert!(aes.decrypt(&mut buf, b"", &nonce).is_ok());
+    assert_eq!(&buf[..], &msg);
+    // TC78
+    let msg = hex!("010000000000000000000000");
+    let ct = hex!("9aab2aeb3faa0a34aea8e2b1");
+    let tag = hex!("8ca50da9ae6559e48fd10f6e5c9ca17e");
+    let mut buf = Vec::from(msg.as_slice());
+    assert!(aes.encrypt(&mut buf, b"", &nonce).is_ok());
+    assert_eq!(&buf[..12], &ct);
+    assert_eq!(&buf[12..], &tag);
+    assert!(aes.decrypt(&mut buf, b"", &nonce).is_ok());
+    assert_eq!(&buf[..], &msg);
+}
+
+/// Generates the test cases to validate the AES-128-GCM-SIV implementation.
+/// For example, to test `MyAesGcmSiv128Impl`:
+///
+/// ```
+/// use crypto_provider::aes::gcm_siv::testing::*;
+///
+/// mod tests {
+///     #[apply(aes_128_gcm_siv_test_cases)]
+///     fn aes_128_gcm_siv_tests(testcase: CryptoProviderTestCase<MyAesGcmSivImpl>) {
+///         testcase(MyAesGcmSiv128Impl);
+///     }
+/// }
+/// ```
+#[template]
+#[export]
+#[rstest]
+#[case::encrypt(aes_128_gcm_siv_test)]
+#[case::decrypt(aes_128_gcm_siv_test)]
+fn aes_128_gcm_siv_test_cases<F: AesGcmSivFactory<Key = Aes128Key>>(
+    #[case] testcase: CryptoProviderTestCase<F>,
+) {
+}
+
+/// Generates the test cases to validate the AES-256-GCM-SIV implementation.
+/// For example, to test `MyAesGcmSiv256Impl`:
+///
+/// ```
+/// use crypto_provider::aes::gcm_siv::testing::*;
+///
+/// mod tests {
+///     #[apply(aes_256_gcm_siv_test_cases)]
+///     fn aes_256_gcm_siv_tests(testcase: CryptoProviderTestCase<MyAesGcmSiv256Impl>) {
+///         testcase(MyAesGcmSiv256Impl);
+///     }
+/// }
+/// ```
+#[template]
+#[export]
+#[rstest]
+#[case::encrypt(aes_256_gcm_siv_test)]
+#[case::decrypt(aes_256_gcm_siv_test)]
+fn aes_256_gcm_siv_test_cases<F: AesGcmSivFactory<Key = Aes256Key>>(
+    #[case] testcase: CryptoProviderTestCase<F>,
+) {
+}
diff --git a/nearby/crypto/crypto_provider_test/src/aes/mod.rs b/nearby/crypto/crypto_provider_test/src/aes/mod.rs
new file mode 100644
index 0000000..e1489da
--- /dev/null
+++ b/nearby/crypto/crypto_provider_test/src/aes/mod.rs
@@ -0,0 +1,210 @@
+// Copyright 2022 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+pub mod cbc;
+pub mod ctr;
+pub mod gcm_siv;
+
+pub use crate::prelude::*;
+
+use core::marker;
+use crypto_provider::aes::*;
+use hex_literal::hex;
+use rstest_reuse::template;
+
+/// Test encryption with AES-128
+pub fn aes_128_test_encrypt<A: AesEncryptCipher<Key = Aes128Key>>(_marker: marker::PhantomData<A>) {
+    // https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38a.pdf F.1.1
+    let key: Aes128Key = hex!("2b7e151628aed2a6abf7158809cf4f3c").into();
+    let mut block = [0_u8; 16];
+    let enc_cipher = A::new(&key);
+
+    block.copy_from_slice(&hex!("6bc1bee22e409f96e93d7e117393172a"));
+    enc_cipher.encrypt(&mut block);
+    assert_eq!(hex!("3ad77bb40d7a3660a89ecaf32466ef97"), block);
+
+    block.copy_from_slice(&hex!("ae2d8a571e03ac9c9eb76fac45af8e51"));
+    enc_cipher.encrypt(&mut block);
+    assert_eq!(hex!("f5d3d58503b9699de785895a96fdbaaf"), block);
+
+    block.copy_from_slice(&hex!("30c81c46a35ce411e5fbc1191a0a52ef"));
+    enc_cipher.encrypt(&mut block);
+    assert_eq!(hex!("43b1cd7f598ece23881b00e3ed030688"), block);
+
+    block.copy_from_slice(&hex!("f69f2445df4f9b17ad2b417be66c3710"));
+    enc_cipher.encrypt(&mut block);
+    assert_eq!(hex!("7b0c785e27e8ad3f8223207104725dd4"), block);
+}
+
+/// Test decryption with AES-128
+pub fn aes_128_test_decrypt<A: AesDecryptCipher<Key = Aes128Key>>(_marker: marker::PhantomData<A>) {
+    // https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38a.pdf F.1.2
+    let key: Aes128Key = hex!("2b7e151628aed2a6abf7158809cf4f3c").into();
+    let mut block = [0_u8; 16];
+    let dec_cipher = A::new(&key);
+
+    block.copy_from_slice(&hex!("3ad77bb40d7a3660a89ecaf32466ef97"));
+    dec_cipher.decrypt(&mut block);
+    assert_eq!(hex!("6bc1bee22e409f96e93d7e117393172a"), block);
+
+    block.copy_from_slice(&hex!("f5d3d58503b9699de785895a96fdbaaf"));
+    dec_cipher.decrypt(&mut block);
+    assert_eq!(hex!("ae2d8a571e03ac9c9eb76fac45af8e51"), block);
+
+    block.copy_from_slice(&hex!("43b1cd7f598ece23881b00e3ed030688"));
+    dec_cipher.decrypt(&mut block);
+    assert_eq!(hex!("30c81c46a35ce411e5fbc1191a0a52ef"), block);
+
+    block.copy_from_slice(&hex!("7b0c785e27e8ad3f8223207104725dd4"));
+    dec_cipher.decrypt(&mut block);
+    assert_eq!(hex!("f69f2445df4f9b17ad2b417be66c3710"), block);
+}
+
+/// Test encryption with AES-256
+pub fn aes_256_test_encrypt<A: AesEncryptCipher<Key = Aes256Key>>(_marker: marker::PhantomData<A>) {
+    // https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38a.pdf F.1.5
+    let key: Aes256Key =
+        hex!("603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4").into();
+    let mut block: [u8; 16];
+    let enc_cipher = A::new(&key);
+
+    block = hex!("6bc1bee22e409f96e93d7e117393172a");
+    enc_cipher.encrypt(&mut block);
+    assert_eq!(hex!("f3eed1bdb5d2a03c064b5a7e3db181f8"), block);
+
+    block = hex!("ae2d8a571e03ac9c9eb76fac45af8e51");
+    enc_cipher.encrypt(&mut block);
+    assert_eq!(hex!("591ccb10d410ed26dc5ba74a31362870"), block);
+
+    block = hex!("30c81c46a35ce411e5fbc1191a0a52ef");
+    enc_cipher.encrypt(&mut block);
+    assert_eq!(hex!("b6ed21b99ca6f4f9f153e7b1beafed1d"), block);
+
+    block = hex!("f69f2445df4f9b17ad2b417be66c3710");
+    enc_cipher.encrypt(&mut block);
+    assert_eq!(hex!("23304b7a39f9f3ff067d8d8f9e24ecc7"), block);
+}
+
+/// Test decryption with AES-256
+pub fn aes_256_test_decrypt<A: AesDecryptCipher<Key = Aes256Key>>(_marker: marker::PhantomData<A>) {
+    // https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38a.pdf F.1.6
+    let key: Aes256Key =
+        hex!("603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4").into();
+    let mut block: [u8; 16];
+    let dec_cipher = A::new(&key);
+
+    block = hex!("f3eed1bdb5d2a03c064b5a7e3db181f8");
+    dec_cipher.decrypt(&mut block);
+    assert_eq!(hex!("6bc1bee22e409f96e93d7e117393172a"), block);
+
+    block = hex!("591ccb10d410ed26dc5ba74a31362870");
+    dec_cipher.decrypt(&mut block);
+    assert_eq!(hex!("ae2d8a571e03ac9c9eb76fac45af8e51"), block);
+
+    block = hex!("b6ed21b99ca6f4f9f153e7b1beafed1d");
+    dec_cipher.decrypt(&mut block);
+    assert_eq!(hex!("30c81c46a35ce411e5fbc1191a0a52ef"), block);
+
+    block = hex!("23304b7a39f9f3ff067d8d8f9e24ecc7");
+    dec_cipher.decrypt(&mut block);
+    assert_eq!(hex!("f69f2445df4f9b17ad2b417be66c3710"), block);
+}
+
+/// Generates the test cases to validate the AES-128 implementation.
+/// For example, to test `MyAes128Impl`:
+///
+/// ```
+/// use crypto_provider::aes::testing::*;
+///
+/// mod tests {
+///     #[apply(aes_128_encrypt_test_cases)]
+///     fn aes_128_tests(f: CryptoProviderTestCase<MyAes128Impl>) {
+///         f(MyAes128Impl);
+///     }
+/// }
+/// ```
+#[template]
+#[export]
+#[rstest]
+#[case::encrypt(aes_128_test_encrypt)]
+fn aes_128_encrypt_test_cases<A: AesFactory<Key = Aes128Key>>(
+    #[case] testcase: CryptoProviderTestCase<F>,
+) {
+}
+
+/// Generates the test cases to validate the AES-128 implementation.
+/// For example, to test `MyAes128Impl`:
+///
+/// ```
+/// use crypto_provider::aes::testing::*;
+///
+/// mod tests {
+///     #[apply(aes_128_decrypt_test_cases)]
+///     fn aes_128_tests(f: CryptoProviderTestCase<MyAes128Impl>) {
+///         f(MyAes128Impl);
+///     }
+/// }
+/// ```
+#[template]
+#[export]
+#[rstest]
+#[case::decrypt(aes_128_test_decrypt)]
+fn aes_128_decrypt_test_cases<F: AesFactory<Key = Aes128Key>>(
+    #[case] testcase: CryptoProviderTestCase<F>,
+) {
+}
+
+/// Generates the test cases to validate the AES-256 implementation.
+/// For example, to test `MyAes256Impl`:
+///
+/// ```
+/// use crypto_provider::aes::testing::*;
+///
+/// mod tests {
+///     #[apply(aes_256_encrypt_test_cases)]
+///     fn aes_256_tests(f: CryptoProviderTestCase<MyAes256Impl>) {
+///         f(MyAes256Impl);
+///     }
+/// }
+/// ```
+#[template]
+#[export]
+#[rstest]
+#[case::encrypt(aes_256_test_encrypt)]
+fn aes_256_encrypt_test_cases<F: AesFactory<Key = Aes256Key>>(
+    #[case] testcase: CryptoProviderTestCase<F>,
+) {
+}
+
+/// Generates the test cases to validate the AES-256 implementation.
+/// For example, to test `MyAes256Impl`:
+///
+/// ```
+/// use crypto_provider::aes::testing::*;
+///
+/// mod tests {
+///     #[apply(aes_256_decrypt_test_cases)]
+///     fn aes_256_tests(f: CryptoProviderTestCase<MyAes256Impl>) {
+///         f(MyAes256Impl);
+///     }
+/// }
+/// ```
+#[template]
+#[export]
+#[rstest]
+#[case::decrypt(aes_256_test_decrypt)]
+fn aes_256_decrypt_test_cases<F: AesFactory<Key = Aes256Key>>(
+    #[case] testcase: CryptoProviderTestCase<F>,
+) {
+}
diff --git a/nearby/crypto/crypto_provider_test/src/ed25519.rs b/nearby/crypto/crypto_provider_test/src/ed25519.rs
new file mode 100644
index 0000000..c2da3b3
--- /dev/null
+++ b/nearby/crypto/crypto_provider_test/src/ed25519.rs
@@ -0,0 +1,151 @@
+// Copyright 2023 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+extern crate alloc;
+extern crate std;
+
+use alloc::borrow::ToOwned;
+use alloc::string::String;
+use alloc::vec::Vec;
+use crypto_provider::ed25519::{Ed25519Provider, KeyPair, PublicKey, Signature};
+use wycheproof::TestResult;
+
+// These are test vectors from the creators of Ed25519: https://ed25519.cr.yp.to/ which are referenced
+// as the SOT for the test vectors in the RFC: https://www.rfc-editor.org/rfc/rfc8032#section-7.1
+// The vectors have been formatted into a easily parsable/readable format by libgcrypt which is
+// also used for test cases in the above RFC:
+// https://dev.gnupg.org/source/libgcrypt/browse/master/tests/t-ed25519.inp
+const PATH_TO_RFC_VECTORS_FILE: &str =
+    "crypto/crypto_provider_test/src/testdata/ecdsa/rfc_test_vectors.txt";
+
+/// Runs set of Ed25519 wycheproof test vectors against a provided ed25519 implementation
+/// Tests vectors from Project Wycheproof: <https://github.com/google/wycheproof>
+pub fn run_wycheproof_test_vectors<E>()
+where
+    E: Ed25519Provider,
+{
+    let test_set = wycheproof::eddsa::TestSet::load(wycheproof::eddsa::TestName::Ed25519)
+        .expect("should be able to load test set");
+
+    for test_group in test_set.test_groups {
+        let key_pair = test_group.key;
+        let public_key = key_pair.pk;
+        let secret_key = key_pair.sk;
+
+        for test in test_group.tests {
+            let tc_id = test.tc_id;
+            let comment = test.comment;
+            let sig = test.sig;
+            let msg = test.msg;
+
+            let valid = match test.result {
+                TestResult::Invalid => false,
+                TestResult::Valid | TestResult::Acceptable => true,
+            };
+            let result = run_test::<E>(
+                public_key.clone(),
+                secret_key.clone(),
+                sig.clone(),
+                msg.clone(),
+            );
+            if valid {
+                if let Err(desc) = result {
+                    panic!(
+                        "\n\
+                         Failed test {}: {}\n\
+                         msg:\t{:?}\n\
+                         sig:\t{:?}\n\
+                         comment:\t{:?}\n",
+                        tc_id, desc, msg, sig, comment,
+                    );
+                }
+            } else {
+                assert!(result.is_err())
+            }
+        }
+    }
+}
+
+/// Runs the RFC specified test vectors against an Ed25519 implementation
+pub fn run_rfc_test_vectors<E>()
+where
+    E: Ed25519Provider,
+{
+    let file_contents =
+        std::fs::read_to_string(test_helper::get_data_file(PATH_TO_RFC_VECTORS_FILE))
+            .expect("should be able to read file");
+
+    let mut split_cases: Vec<&str> = file_contents.as_str().split("\n\n").collect();
+    // remove the comments
+    split_cases.remove(0);
+    for case in split_cases {
+        let test_case: Vec<&str> = case.split('\n').collect();
+
+        let tc_id = extract_string(test_case[0]);
+        let sk = extract_hex(test_case[1]);
+        let pk = extract_hex(test_case[2]);
+        let msg = extract_hex(test_case[3]);
+        let sig = extract_hex(test_case[4]);
+
+        let result = run_test::<E>(pk.clone(), sk.clone(), sig.clone(), msg.clone());
+        if let Err(desc) = result {
+            panic!(
+                "\n\
+                         Failed test {}: {}\n\
+                         msg:\t{:?}\n\
+                         sig:\t{:?}\n\"",
+                tc_id, desc, msg, sig,
+            );
+        }
+    }
+}
+
+fn extract_hex(line: &str) -> Vec<u8> {
+    test_helper::string_to_hex(extract_string(line).as_str())
+}
+
+fn extract_string(line: &str) -> String {
+    line.split(':').collect::<Vec<&str>>()[1].trim().to_owned()
+}
+
+fn run_test<E>(
+    pub_key: Vec<u8>,
+    secret_key: Vec<u8>,
+    sig: Vec<u8>,
+    msg: Vec<u8>,
+) -> Result<(), &'static str>
+where
+    E: Ed25519Provider,
+{
+    let kp_bytes: [u8; 64] = [secret_key.as_slice(), pub_key.as_slice()]
+        .concat()
+        .try_into()
+        .map_err(|_| "invalid length keypair")?;
+    let kp = E::KeyPair::from_bytes(kp_bytes)
+        .map_err(|_| "Should be able to create Keypair from bytes")?;
+
+    let sig_result = kp.sign(msg.as_slice());
+    (sig.as_slice() == sig_result.to_bytes())
+        .then_some(())
+        .ok_or("sig not matching expected")?;
+    let signature = E::Signature::from_bytes(sig.as_slice())
+        .map_err(|_| "unable to parse sign from test case")?;
+
+    let pub_key = kp.public();
+    pub_key
+        .verify_strict(msg.as_slice(), &signature)
+        .map_err(|_| "verify failed")?;
+
+    Ok(())
+}
diff --git a/nearby/crypto/crypto_provider_test/src/elliptic_curve.rs b/nearby/crypto/crypto_provider_test/src/elliptic_curve.rs
new file mode 100644
index 0000000..4807d25
--- /dev/null
+++ b/nearby/crypto/crypto_provider_test/src/elliptic_curve.rs
@@ -0,0 +1,26 @@
+// Copyright 2023 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+use crypto_provider::elliptic_curve::*;
+
+/// Trait for an ephemeral secret for functions used in testing.
+pub trait EphemeralSecretForTesting<C: Curve>: EphemeralSecret<C> {
+    /// Creates an ephemeral secret from the given private and public components.
+    fn from_private_components(
+        _private_bytes: &[u8; 32],
+        _public_key: &<Self::Impl as EcdhProvider<C>>::PublicKey,
+    ) -> Result<Self, Self::Error>
+    where
+        Self: Sized;
+}
diff --git a/nearby/crypto/crypto_provider_test/src/hkdf.rs b/nearby/crypto/crypto_provider_test/src/hkdf.rs
new file mode 100644
index 0000000..5780263
--- /dev/null
+++ b/nearby/crypto/crypto_provider_test/src/hkdf.rs
@@ -0,0 +1,297 @@
+// Copyright 2023 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+extern crate alloc;
+pub use crate::prelude::*;
+use crate::CryptoProvider;
+use alloc::vec;
+use alloc::vec::Vec;
+use core::iter;
+use core::marker::PhantomData;
+use crypto_provider::hkdf::Hkdf;
+use hex_literal::hex;
+use rstest_reuse::template;
+
+/// Generates the test cases to validate the hkdf implementation.
+/// For example, to test `MyCryptoProvider`:
+///
+/// ```
+/// mod tests {
+///     use std::marker::PhantomData;
+///     use crypto_provider::testing::CryptoProviderTestCase;
+///     #[apply(hkdf_test_cases)]
+///     fn hkdf_tests(testcase: CryptoProviderTestCase<MyCryptoProvider>){
+///         testcase(PhantomData::<MyCryptoProvider>);
+///     }
+/// }
+/// ```
+#[template]
+#[export]
+#[rstest]
+#[case::basic_test_hkdf(basic_test_hkdf)]
+#[case::test_rfc5869_sha256(test_rfc5869_sha256)]
+#[case::test_lengths(test_lengths)]
+#[case::test_max_length(test_max_length)]
+#[case::test_max_length_exceeded(test_max_length_exceeded)]
+#[case::test_unsupported_length(test_unsupported_length)]
+#[case::test_expand_multi_info(test_expand_multi_info)]
+#[case::run_hkdf_sha256_vectors(run_hkdf_sha256_vectors)]
+#[case::run_hkdf_sha512_vectors(run_hkdf_sha512_vectors)]
+fn hkdf_test_cases<C: CryptoProvider>(#[case] testcase: CryptoProviderTestCase<C>) {}
+
+const MAX_SHA256_LENGTH: usize = 255 * (256 / 8); // =8160
+
+///
+pub struct Test<'a> {
+    ikm: &'a [u8],
+    salt: &'a [u8],
+    info: &'a [u8],
+    okm: &'a [u8],
+}
+
+/// data taken from sample code in Readme of crates.io page
+pub fn basic_test_hkdf<C: CryptoProvider>(_: PhantomData<C>) {
+    let ikm = hex!("0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b");
+    let salt = hex!("000102030405060708090a0b0c");
+    let info = hex!("f0f1f2f3f4f5f6f7f8f9");
+
+    let hk = C::HkdfSha256::new(Some(&salt[..]), &ikm);
+    let mut okm = [0u8; 42];
+    hk.expand(&info, &mut okm)
+        .expect("42 is a valid length for Sha256 to output");
+
+    let expected = hex!(
+        "
+        3cb25f25faacd57a90434f64d0362f2a
+        2d2d0a90cf1a5a4c5db02d56ecc4c5bf
+        34007208d5b887185865
+        "
+    );
+    assert_eq!(okm, expected);
+}
+
+// Test Vectors from https://tools.ietf.org/html/rfc5869.
+#[rustfmt::skip]
+    ///
+    pub fn test_rfc5869_sha256<C: CryptoProvider>(_: PhantomData<C>) {
+        let tests = [
+            Test {
+                // Test Case 1
+                ikm: &hex!("0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b"),
+                salt: &hex!("000102030405060708090a0b0c"),
+                info: &hex!("f0f1f2f3f4f5f6f7f8f9"),
+                okm: &hex!("
+                    3cb25f25faacd57a90434f64d0362f2a
+                    2d2d0a90cf1a5a4c5db02d56ecc4c5bf
+                    34007208d5b887185865
+                "),
+            },
+            Test {
+                // Test Case 2
+                ikm: &hex!("
+                    000102030405060708090a0b0c0d0e0f
+                    101112131415161718191a1b1c1d1e1f
+                    202122232425262728292a2b2c2d2e2f
+                    303132333435363738393a3b3c3d3e3f
+                    404142434445464748494a4b4c4d4e4f
+                "),
+                salt: &hex!("
+                    606162636465666768696a6b6c6d6e6f
+                    707172737475767778797a7b7c7d7e7f
+                    808182838485868788898a8b8c8d8e8f
+                    909192939495969798999a9b9c9d9e9f
+                    a0a1a2a3a4a5a6a7a8a9aaabacadaeaf
+                "),
+                info: &hex!("
+                    b0b1b2b3b4b5b6b7b8b9babbbcbdbebf
+                    c0c1c2c3c4c5c6c7c8c9cacbcccdcecf
+                    d0d1d2d3d4d5d6d7d8d9dadbdcdddedf
+                    e0e1e2e3e4e5e6e7e8e9eaebecedeeef
+                    f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff
+                "),
+                okm: &hex!("
+                    b11e398dc80327a1c8e7f78c596a4934
+                    4f012eda2d4efad8a050cc4c19afa97c
+                    59045a99cac7827271cb41c65e590e09
+                    da3275600c2f09b8367793a9aca3db71
+                    cc30c58179ec3e87c14c01d5c1f3434f
+                    1d87
+                "),
+            },
+            Test {
+                // Test Case 3
+                ikm: &hex!("0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b"),
+                salt: &hex!(""),
+                info: &hex!(""),
+                okm: &hex!("
+                    8da4e775a563c18f715f802a063c5a31
+                    b8a11f5c5ee1879ec3454e5f3c738d2d
+                    9d201395faa4b61a96c8
+                "),
+            },
+        ];
+        for Test { ikm, salt, info, okm } in tests.iter() {
+            let salt = if salt.is_empty() {
+                None
+            } else {
+                Some(&salt[..])
+            };
+            let hkdf = C::HkdfSha256::new(salt, ikm);
+            let mut okm2 = vec![0u8; okm.len()];
+            assert!(hkdf.expand(&info[..], &mut okm2).is_ok());
+            assert_eq!(okm2[..], okm[..]);
+        }
+    }
+
+///
+pub fn test_lengths<C: CryptoProvider>(_: PhantomData<C>) {
+    let hkdf = C::HkdfSha256::new(None, &[]);
+    let mut longest = vec![0u8; MAX_SHA256_LENGTH];
+    assert!(hkdf.expand(&[], &mut longest).is_ok());
+    // Runtime is O(length), so exhaustively testing all legal lengths
+    // would take too long (at least without --release). Only test a
+    // subset: the first 500, the last 10, and every 100th in between.
+    // 0 is an invalid key length for openssl, so start at 1
+    let lengths = (1..MAX_SHA256_LENGTH + 1)
+        .filter(|&len| !(500..=MAX_SHA256_LENGTH - 10).contains(&len) || len % 100 == 0);
+
+    for length in lengths {
+        let mut okm = vec![0u8; length];
+
+        assert!(hkdf.expand(&[], &mut okm).is_ok());
+        assert_eq!(okm.len(), length);
+        assert_eq!(okm[..], longest[..length]);
+    }
+}
+
+///
+pub fn test_max_length<C: CryptoProvider>(_: PhantomData<C>) {
+    let hkdf = C::HkdfSha256::new(Some(&[]), &[]);
+    let mut okm = vec![0u8; MAX_SHA256_LENGTH];
+    assert!(hkdf.expand(&[], &mut okm).is_ok());
+}
+
+///
+pub fn test_max_length_exceeded<C: CryptoProvider>(_: PhantomData<C>) {
+    let hkdf = C::HkdfSha256::new(Some(&[]), &[]);
+    let mut okm = vec![0u8; MAX_SHA256_LENGTH + 1];
+    assert!(hkdf.expand(&[], &mut okm).is_err());
+}
+
+///
+pub fn test_unsupported_length<C: CryptoProvider>(_: PhantomData<C>) {
+    let hkdf = C::HkdfSha256::new(Some(&[]), &[]);
+    let mut okm = vec![0u8; 90000];
+    assert!(hkdf.expand(&[], &mut okm).is_err());
+}
+
+///
+pub fn test_expand_multi_info<C: CryptoProvider>(_: PhantomData<C>) {
+    let info_components = &[
+        &b"09090909090909090909090909090909090909090909"[..],
+        &b"8a8a8a8a8a8a8a8a8a8a8a8a8a8a8a8a8a8a8a8a8a"[..],
+        &b"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0"[..],
+        &b"4c4c4c4c4c4c4c4c4c4c4c4c4c4c4c4c4c4c4"[..],
+        &b"1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d"[..],
+    ];
+
+    let hkdf = C::HkdfSha256::new(None, b"some ikm here");
+
+    // Compute HKDF-Expand on the concatenation of all the info components
+    let mut oneshot_res = [0u8; 16];
+    hkdf.expand(&info_components.concat(), &mut oneshot_res)
+        .unwrap();
+
+    // Now iteratively join the components of info_components until it's all 1 component. The value
+    // of HKDF-Expand should be the same throughout
+    let mut num_concatted = 0;
+    let mut info_head = Vec::new();
+
+    while num_concatted < info_components.len() {
+        info_head.extend(info_components[num_concatted]);
+
+        // Build the new input to be the info head followed by the remaining components
+        let input: Vec<&[u8]> = iter::once(info_head.as_slice())
+            .chain(info_components.iter().cloned().skip(num_concatted + 1))
+            .collect();
+
+        // Compute and compare to the one-shot answer
+        let mut multipart_res = [0u8; 16];
+        hkdf.expand_multi_info(&input, &mut multipart_res).unwrap();
+        assert_eq!(multipart_res, oneshot_res);
+        num_concatted += 1;
+    }
+}
+
+///
+pub fn run_hkdf_sha256_vectors<C: CryptoProvider>(_: PhantomData<C>) {
+    run_hkdf_test_vectors::<C::HkdfSha256>(HashAlg::Sha256)
+}
+
+///
+pub fn run_hkdf_sha512_vectors<C: CryptoProvider>(_: PhantomData<C>) {
+    run_hkdf_test_vectors::<C::HkdfSha512>(HashAlg::Sha512)
+}
+
+enum HashAlg {
+    Sha256,
+    Sha512,
+}
+
+///
+fn run_hkdf_test_vectors<K: Hkdf>(hash: HashAlg) {
+    let test_name = match hash {
+        HashAlg::Sha256 => wycheproof::hkdf::TestName::HkdfSha256,
+        HashAlg::Sha512 => wycheproof::hkdf::TestName::HkdfSha512,
+    };
+
+    let test_set =
+        wycheproof::hkdf::TestSet::load(test_name).expect("should be able to load test set");
+    for test_group in test_set.test_groups {
+        for test in test_group.tests {
+            let ikm = test.ikm;
+            let salt = test.salt;
+            let info = test.info;
+            let okm = test.okm;
+            let tc_id = test.tc_id;
+            if let Some(desc) = run_test::<K>(
+                ikm.as_slice(),
+                salt.as_slice(),
+                info.as_slice(),
+                okm.as_slice(),
+            ) {
+                panic!(
+                    "\n\
+                         Failed test {tc_id}: {desc}\n\
+                         ikm:\t{ikm:?}\n\
+                         salt:\t{salt:?}\n\
+                         info:\t{info:?}\n\
+                         okm:\t{okm:?}\n"
+                );
+            }
+        }
+    }
+}
+
+fn run_test<K: Hkdf>(ikm: &[u8], salt: &[u8], info: &[u8], okm: &[u8]) -> Option<&'static str> {
+    let prk = K::new(Some(salt), ikm);
+    let mut got_okm = vec![0; okm.len()];
+
+    if prk.expand(info, &mut got_okm).is_err() {
+        return Some("prk expand");
+    }
+    if got_okm != okm {
+        return Some("mismatch in okm");
+    }
+    None
+}
diff --git a/nearby/crypto/crypto_provider_test/src/hmac.rs b/nearby/crypto/crypto_provider_test/src/hmac.rs
new file mode 100644
index 0000000..e3d1c0e
--- /dev/null
+++ b/nearby/crypto/crypto_provider_test/src/hmac.rs
@@ -0,0 +1,130 @@
+// Copyright 2023 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+pub use crate::prelude::*;
+use crate::rstest_reuse::template;
+use crate::CryptoProvider;
+use core::cmp::min;
+use core::marker::PhantomData;
+use crypto_provider::hmac::Hmac;
+use wycheproof::TestResult;
+
+/// Generates the test cases to validate the hmac implementation.
+/// For example, to test `MyCryptoProvider`:
+///
+/// ```
+/// mod tests {
+///     use std::marker::PhantomData;
+///     use crypto_provider::testing::CryptoProviderTestCase;
+///     #[apply(hmac_test_cases)]
+///     fn hmac_tests(testcase: CryptoProviderTestCase<MyCryptoProvider>){
+///         testcase(PhantomData::<MyCryptoProvider>);
+///     }
+/// }
+/// ```
+#[template]
+#[export]
+#[rstest]
+#[case::hmac_sha256_test_vectors(hmac_sha256_test_vectors)]
+#[case::hmac_sha512_test_vectors(hmac_sha512_test_vectors)]
+fn hmac_test_cases<C: CryptoProvider>(#[case] testcase: CryptoProviderTestCase<C>) {}
+
+/// Run wycheproof hmac sha256 test vectors on provided CryptoProvider
+pub fn hmac_sha256_test_vectors<C: CryptoProvider>(_: PhantomData<C>) {
+    run_hmac_test_vectors::<32, C::HmacSha256>(HashAlg::Sha256)
+}
+
+/// Run wycheproof hmac sha512 test vectors on provided CryptoProvider
+pub fn hmac_sha512_test_vectors<C: CryptoProvider>(_: PhantomData<C>) {
+    run_hmac_test_vectors::<64, C::HmacSha512>(HashAlg::Sha512)
+}
+
+enum HashAlg {
+    Sha256,
+    Sha512,
+}
+
+// Tests vectors from Project Wycheproof:
+// https://github.com/google/wycheproof
+fn run_hmac_test_vectors<const N: usize, H: Hmac<N>>(hash: HashAlg) {
+    let test_name = match hash {
+        HashAlg::Sha256 => wycheproof::mac::TestName::HmacSha256,
+        HashAlg::Sha512 => wycheproof::mac::TestName::HmacSha512,
+    };
+    let test_set =
+        wycheproof::mac::TestSet::load(test_name).expect("should be able to load test set");
+
+    for test_group in test_set.test_groups {
+        for test in test_group.tests {
+            let key = test.key;
+            let msg = test.msg;
+            let tag = test.tag;
+            let tc_id = test.tc_id;
+            let valid = match test.result {
+                TestResult::Valid | TestResult::Acceptable => true,
+                TestResult::Invalid => false,
+            };
+
+            if let Some(desc) =
+                run_test::<N, H>(key.as_slice(), msg.as_slice(), tag.as_slice(), valid)
+            {
+                panic!(
+                    "\n\
+                         Failed test {tc_id}: {desc}\n\
+                         key:\t{key:?}\n\
+                         msg:\t{msg:?}\n\
+                         tag:\t{tag:?}\n",
+                );
+            }
+        }
+    }
+}
+
+fn run_test<const N: usize, H: Hmac<N>>(
+    key: &[u8],
+    input: &[u8],
+    tag: &[u8],
+    valid_data: bool,
+) -> Option<&'static str> {
+    let mut mac = H::new_from_slice(key).unwrap();
+    mac.update(input);
+    let result = mac.finalize();
+    let n = tag.len();
+    let result_bytes = &result[..n];
+
+    if valid_data {
+        if result_bytes != tag {
+            return Some("whole message");
+        }
+    } else {
+        return if result_bytes == tag {
+            Some("invalid should not match")
+        } else {
+            None
+        };
+    }
+
+    // test reading different chunk sizes
+    for chunk_size in 1..min(64, input.len()) {
+        let mut mac = H::new_from_slice(key).unwrap();
+        for chunk in input.chunks(chunk_size) {
+            mac.update(chunk);
+        }
+        let res = mac.verify_truncated_left(tag);
+        if res.is_err() {
+            return Some("chunked message");
+        }
+    }
+
+    None
+}
diff --git a/nearby/crypto/crypto_provider_test/src/lib.rs b/nearby/crypto/crypto_provider_test/src/lib.rs
new file mode 100644
index 0000000..f7d6253
--- /dev/null
+++ b/nearby/crypto/crypto_provider_test/src/lib.rs
@@ -0,0 +1,121 @@
+// Copyright 2023 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+extern crate alloc;
+
+use alloc::{format, string::String};
+use core::marker::PhantomData;
+
+use crypto_provider::CryptoProvider;
+use hex_literal::hex;
+use rand::{Rng, RngCore};
+use rstest_reuse::template;
+
+pub use rstest_reuse;
+
+pub mod aes;
+pub mod ed25519;
+pub mod elliptic_curve;
+pub mod hkdf;
+pub mod hmac;
+pub mod p256;
+pub mod sha2;
+pub mod x25519;
+
+/// Common items that needs to be imported to use these test cases
+pub mod prelude {
+    pub use super::CryptoProviderTestCase;
+    pub use rstest::rstest;
+    pub use rstest_reuse;
+    pub use rstest_reuse::apply;
+}
+
+/// A test case for Crypto Provider. A test case is a function that panics if the test fails.
+pub type CryptoProviderTestCase<T> = fn(PhantomData<T>);
+
+#[derive(Debug)]
+pub(crate) struct TestError(String);
+
+impl TestError {
+    pub(crate) fn new<D: core::fmt::Debug>(value: D) -> Self {
+        Self(format!("{value:?}"))
+    }
+}
+
+/// Test for `constant_time_eq` when the two inputs are equal.
+pub fn constant_time_eq_test_equal<C: CryptoProvider>(_marker: PhantomData<C>) {
+    assert!(C::constant_time_eq(
+        &hex!("00010203040506070809"),
+        &hex!("00010203040506070809")
+    ));
+}
+
+/// Test for `constant_time_eq` when the two inputs are not equal.
+pub fn constant_time_eq_test_not_equal<C: CryptoProvider>(_marker: PhantomData<C>) {
+    assert!(!C::constant_time_eq(
+        &hex!("00010203040506070809"),
+        &hex!("00000000000000000000")
+    ));
+}
+
+/// Random tests for `constant_time_eq`.
+pub fn constant_time_eq_random_test<C: CryptoProvider>(_marker: PhantomData<C>) {
+    let mut rng = rand::thread_rng();
+    for _ in 1..100 {
+        // Test using "oracle" of ==, with possibly different lengths for a and b
+        let mut a = alloc::vec![0; rng.gen_range(1..1000)];
+        rng.fill_bytes(&mut a);
+        let mut b = alloc::vec![0; rng.gen_range(1..1000)];
+        rng.fill_bytes(&mut b);
+        assert_eq!(C::constant_time_eq(&a, &b), a == b);
+    }
+
+    for _ in 1..10000 {
+        // Test using "oracle" of ==, with same lengths for a and b
+        let len = rng.gen_range(1..1000);
+        let mut a = alloc::vec![0; len];
+        rng.fill_bytes(&mut a);
+        let mut b = alloc::vec![0; len];
+        rng.fill_bytes(&mut b);
+        assert_eq!(C::constant_time_eq(&a, &b), a == b);
+    }
+
+    for _ in 1..10000 {
+        // Clones and the original should always be equal
+        let mut a = alloc::vec![0; rng.gen_range(1..1000)];
+        rng.fill_bytes(&mut a);
+        assert!(C::constant_time_eq(&a, &a.clone()));
+    }
+}
+
+/// Generates the test cases to validate the P256 implementation.
+/// For example, to test `MyCryptoProvider`:
+///
+/// ```
+/// use crypto_provider::p256::testing::*;
+///
+/// mod tests {
+///     #[apply(constant_time_eq_test_cases)]
+///     fn constant_time_eq_tests(
+///             testcase: CryptoProviderTestCase<MyCryptoProvider>) {
+///         testcase(PhantomData);
+///     }
+/// }
+/// ```
+#[template]
+#[export]
+#[rstest]
+#[case::constant_time_eq_test_not_equal(constant_time_eq_test_not_equal)]
+#[case::constant_time_eq_test_equal(constant_time_eq_test_equal)]
+#[case::constant_time_eq_random_test(constant_time_eq_random_test)]
+fn constant_time_eq_test_cases<C: CryptoProvider>(#[case] testcase: CryptoProviderTestCase<C>) {}
diff --git a/nearby/crypto/crypto_provider_test/src/p256.rs b/nearby/crypto/crypto_provider_test/src/p256.rs
new file mode 100644
index 0000000..6c5f395
--- /dev/null
+++ b/nearby/crypto/crypto_provider_test/src/p256.rs
@@ -0,0 +1,239 @@
+// Copyright 2023 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+extern crate std;
+use crate::elliptic_curve::EphemeralSecretForTesting;
+pub use crate::prelude::*;
+use crate::TestError;
+use core::marker::PhantomData;
+use crypto_provider::p256::{P256PublicKey, P256};
+use crypto_provider::{
+    elliptic_curve::{EcdhProvider, EphemeralSecret, PublicKey},
+    CryptoRng,
+};
+use hex_literal::hex;
+use rstest_reuse::template;
+
+/// An ECDH provider that provides associated types for testing purposes. This can be mostly
+/// considered "aliases" for the otherwise long fully-qualified associated types.
+pub trait EcdhProviderForP256Test {
+    /// The ECDH Provider that is "wrapped" by this type.
+    type EcdhProvider: EcdhProvider<
+        P256,
+        PublicKey = <Self as EcdhProviderForP256Test>::PublicKey,
+        EphemeralSecret = <Self as EcdhProviderForP256Test>::EphemeralSecret,
+        SharedSecret = <Self as EcdhProviderForP256Test>::SharedSecret,
+    >;
+    /// The public key type.
+    type PublicKey: P256PublicKey;
+    /// The ephemeral secret type.
+    type EphemeralSecret: EphemeralSecretForTesting<P256, Impl = Self::EcdhProvider>;
+    /// The shared secret type.
+    type SharedSecret: Into<[u8; 32]>;
+}
+
+impl<E> EcdhProviderForP256Test for E
+where
+    E: EcdhProvider<P256>,
+    E::PublicKey: P256PublicKey,
+    E::EphemeralSecret: EphemeralSecretForTesting<P256>,
+{
+    type EcdhProvider = E;
+    type PublicKey = E::PublicKey;
+    type EphemeralSecret = E::EphemeralSecret;
+    type SharedSecret = E::SharedSecret;
+}
+
+/// Test for P256PublicKey::to_bytes
+pub fn to_bytes_test<E: EcdhProviderForP256Test>(_: PhantomData<E>) {
+    let sec1_bytes = hex!(
+        "04756c07ba5b596fa96c9099e6619dc62deac4297a8fc1d803d74dc5caa9197c09f0b6da270d2a58a06022
+             8bbe76c6dc1643088107636deff8aa79e8002a157b92"
+    );
+    let key = E::PublicKey::from_sec1_bytes(&sec1_bytes).unwrap();
+    let sec1_bytes_compressed =
+        hex!("02756c07ba5b596fa96c9099e6619dc62deac4297a8fc1d803d74dc5caa9197c09");
+    assert_eq!(sec1_bytes_compressed.to_vec(), key.to_bytes());
+}
+
+/// Random test for P256PublicKey::to_bytes
+pub fn to_bytes_random_test<E: EcdhProviderForP256Test>(_: PhantomData<E>) {
+    for _ in 1..100 {
+        let public_key_bytes =
+            E::EphemeralSecret::generate_random(&mut <E::EphemeralSecret as EphemeralSecret<
+                P256,
+            >>::Rng::new())
+            .public_key_bytes();
+        let public_key = E::PublicKey::from_bytes(&public_key_bytes).unwrap();
+        assert_eq!(
+            E::PublicKey::from_bytes(&public_key.to_bytes()).unwrap(),
+            public_key,
+            "from_bytes should return the same key for `{public_key_bytes:?}`",
+        );
+    }
+}
+
+/// Test for P256PublicKey::from_affine_coordinates
+pub fn from_affine_coordinates_test<E: EcdhProviderForP256Test>(_: PhantomData<E>) {
+    // https://www.secg.org/sec1-v2.pdf, section 2.3.3
+    let x = hex!("756c07ba5b596fa96c9099e6619dc62deac4297a8fc1d803d74dc5caa9197c09");
+    let y = hex!("f0b6da270d2a58a060228bbe76c6dc1643088107636deff8aa79e8002a157b92");
+    let sec1 = hex!(
+        "04756c07ba5b596fa96c9099e6619dc62deac4297a8fc1d803d74dc5caa9197c09f0b6da270d2a58a06022
+             8bbe76c6dc1643088107636deff8aa79e8002a157b92"
+    );
+    let expected_key = E::PublicKey::from_sec1_bytes(&sec1).unwrap();
+    assert!(
+        E::PublicKey::from_affine_coordinates(&x, &y).unwrap() == expected_key,
+        "Public key does not match"
+    );
+}
+
+/// Test for P256PublicKey::from_affine_coordinates
+pub fn from_affine_coordinates_not_on_curve_test<E: EcdhProviderForP256Test>(_: PhantomData<E>) {
+    // (Invalid) coordinate from wycheproof ecdh_secp256r1_ecpoint_test.json, tcId 193
+    let x = hex!("0000000000000000000000000000000000000000000000000000000000000000");
+    let y = hex!("0000000000000000000000000000000000000000000000000000000000000000");
+    let result = E::PublicKey::from_affine_coordinates(&x, &y);
+    assert!(
+        result.is_err(),
+        "Creating public key from invalid affine coordinate should fail"
+    );
+}
+
+/// Test for P256PublicKey::from_sec1_bytes
+pub fn from_sec1_bytes_not_on_curve_test<E: EcdhProviderForP256Test>(_: PhantomData<E>) {
+    // (Invalid) sec1 encoding from wycheproof ecdh_secp256r1_ecpoint_test.json, tcId 193
+    let sec1 = hex!(
+        "04000000000000000000000000000000000000000000000000000000000000000000000000000000000000
+             00000000000000000000000000000000000000000000"
+    );
+    let result = E::PublicKey::from_sec1_bytes(&sec1);
+    assert!(
+        result.is_err(),
+        "Creating public key from point not on curve should fail"
+    );
+}
+
+/// Test for P256PublicKey::to_affine_coordinates
+pub fn public_key_to_affine_coordinates_test<E: EcdhProviderForP256Test>(_: PhantomData<E>) {
+    // https://www.secg.org/sec1-v2.pdf, section 2.3.3
+    let expected_x = hex!("756c07ba5b596fa96c9099e6619dc62deac4297a8fc1d803d74dc5caa9197c09");
+    let expected_y = hex!("f0b6da270d2a58a060228bbe76c6dc1643088107636deff8aa79e8002a157b92");
+    let sec1 = hex!(
+        "04756c07ba5b596fa96c9099e6619dc62deac4297a8fc1d803d74dc5caa9197c09f0b6da270d2a58a06022
+             8bbe76c6dc1643088107636deff8aa79e8002a157b92"
+    );
+    let public_key = E::PublicKey::from_sec1_bytes(&sec1).unwrap();
+    let (actual_x, actual_y) = public_key.to_affine_coordinates().unwrap();
+    assert_eq!(actual_x, expected_x);
+    assert_eq!(actual_y, expected_y);
+}
+
+/// Test for P256 Diffie-Hellman key exchange.
+pub fn p256_ecdh_test<E: EcdhProviderForP256Test>(_: PhantomData<E>) {
+    // From wycheproof ecdh_secp256r1_ecpoint_test.json, tcId 1
+    // http://google3/third_party/wycheproof/testvectors/ecdh_secp256r1_ecpoint_test.json;l=22;rcl=375894991
+    // sec1 public key manually extracted from the ASN encoded test data
+    let public_key_sec1 = hex!(
+        "0462d5bd3372af75fe85a040715d0f502428e07046868b0bfdfa61d731afe44f
+            26ac333a93a9e70a81cd5a95b5bf8d13990eb741c8c38872b4a07d275a014e30cf"
+    );
+    let private = hex!("0612465c89a023ab17855b0a6bcebfd3febb53aef84138647b5352e02c10c346");
+    let expected_shared_secret =
+        hex!("53020d908b0219328b658b525f26780e3ae12bcd952bb25a93bc0895e1714285");
+    let actual_shared_secret = p256_ecdh_test_impl::<E>(&public_key_sec1, &private).unwrap();
+    assert_eq!(actual_shared_secret.into(), expected_shared_secret);
+}
+
+fn p256_ecdh_test_impl<E: EcdhProviderForP256Test>(
+    public_key_sec1: &[u8],
+    private: &[u8; 32],
+) -> Result<E::SharedSecret, TestError> {
+    let public_key = E::PublicKey::from_sec1_bytes(public_key_sec1).map_err(TestError::new)?;
+    let ephemeral_secret = E::EphemeralSecret::from_private_components(private, &public_key)
+        .map_err(TestError::new)?;
+    ephemeral_secret
+        .diffie_hellman(&public_key)
+        .map_err(TestError::new)
+}
+
+/// Wycheproof test for P256 Diffie-Hellman.
+pub fn wycheproof_p256_test<E: EcdhProviderForP256Test>(_: PhantomData<E>) {
+    // Test cases from https://github.com/randombit/wycheproof-rs/blob/master/src/data/ecdh_secp256r1_ecpoint_test.json
+    let test_set =
+        wycheproof::ecdh::TestSet::load(wycheproof::ecdh::TestName::EcdhSecp256r1Ecpoint).unwrap();
+    for test_group in test_set.test_groups {
+        for test in test_group.tests {
+            if test.private_key.len() != 32 {
+                // Some Wycheproof test cases have private key length that are not 32 bytes, but
+                // the RustCrypto implementation doesn't support that (it always take 32 bytes
+                // from the given RNG when generating a new key).
+                continue;
+            };
+            std::println!("Testing {}", test.tc_id);
+            let result = p256_ecdh_test_impl::<E>(
+                &test.public_key,
+                &test
+                    .private_key
+                    .try_into()
+                    .expect("Private key should be 32 bytes long"),
+            );
+            match test.result {
+                wycheproof::TestResult::Valid => {
+                    let shared_secret =
+                        result.unwrap_or_else(|_| panic!("Test {} should succeed", test.tc_id));
+                    assert_eq!(test.shared_secret, shared_secret.into());
+                }
+                wycheproof::TestResult::Invalid => {
+                    result
+                        .err()
+                        .unwrap_or_else(|| panic!("Test {} should fail", test.tc_id));
+                }
+                wycheproof::TestResult::Acceptable => {
+                    if let Ok(shared_secret) = result {
+                        assert_eq!(test.shared_secret, shared_secret.into());
+                    }
+                    // Test passes if `result` is an error because this test is "acceptable"
+                }
+            }
+        }
+    }
+}
+
+/// Generates the test cases to validate the P256 implementation.
+/// For example, to test `MyCryptoProvider`:
+///
+/// ```
+/// use crypto_provider::p256::testing::*;
+///
+/// mod tests {
+///     #[apply(p256_test_cases)]
+///     fn p256_tests(testcase: CryptoProviderTestCase<MyCryptoProvider> {
+///         testcase(PhantomData::<MyCryptoProvider>);
+///     }
+/// }
+/// ```
+#[template]
+#[export]
+#[rstest]
+#[case::to_bytes(to_bytes_test)]
+#[case::to_bytes_random(to_bytes_random_test)]
+#[case::from_sec1_bytes_not_on_curve(from_sec1_bytes_not_on_curve_test)]
+#[case::from_affine_coordinates(from_affine_coordinates_test)]
+#[case::from_affine_coordinates_not_on_curve(from_affine_coordinates_not_on_curve_test)]
+#[case::public_key_to_affine_coordinates(public_key_to_affine_coordinates_test)]
+#[case::p256_ecdh(p256_ecdh_test)]
+#[case::wycheproof_p256(wycheproof_p256_test)]
+fn p256_test_cases<C: CryptoProvider>(#[case] testcase: CryptoProviderTestCase<C>) {}
diff --git a/nearby/crypto/crypto_provider_test/src/sha2.rs b/nearby/crypto/crypto_provider_test/src/sha2.rs
new file mode 100644
index 0000000..330f284
--- /dev/null
+++ b/nearby/crypto/crypto_provider_test/src/sha2.rs
@@ -0,0 +1,119 @@
+// Copyright 2023 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+extern crate alloc;
+extern crate std;
+pub use crate::prelude::*;
+use crate::CryptoProvider;
+use alloc::vec::Vec;
+use core::{marker::PhantomData, str::FromStr};
+use crypto_provider::sha2::{Sha256, Sha512};
+use hex::FromHex;
+pub use hex_literal::hex;
+use rstest_reuse::template;
+
+/// Test vectors from SHA256ShortMsg.rsp in
+/// <https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/secure-hashing#shavs>
+pub fn sha256_cavp_short_vector_test<C: CryptoProvider>(_marker: PhantomData<C>) {
+    sha256_cavp_vector_test::<C>(include_str!("testdata/SHA256ShortMsg.rsp"));
+}
+
+/// Test vectors from SHA256LongMsg.rsp in
+/// <https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/secure-hashing#shavs>
+pub fn sha256_cavp_long_vector_test<C: CryptoProvider>(_marker: PhantomData<C>) {
+    sha256_cavp_vector_test::<C>(include_str!("testdata/SHA256LongMsg.rsp"));
+}
+
+/// Test vectors from SHA512ShortMsg.rsp in
+/// <https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/secure-hashing#shavs>
+pub fn sha512_cavp_short_vector_test<C: CryptoProvider>(_marker: PhantomData<C>) {
+    sha512_cavp_vector_test::<C>(include_str!("testdata/SHA512ShortMsg.rsp"));
+}
+
+/// Test vectors from SHA512LongMsg.rsp in
+/// <https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/secure-hashing#shavs>
+pub fn sha512_cavp_long_vector_test<C: CryptoProvider>(_marker: PhantomData<C>) {
+    sha512_cavp_vector_test::<C>(include_str!("testdata/SHA512LongMsg.rsp"));
+}
+
+/// Test vectors an rsp file in
+/// <https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/secure-hashing#shavs>
+fn sha256_cavp_vector_test<C: CryptoProvider>(cavp_file_contents: &str) {
+    sha_cavp_vector_test(<C::Sha256 as Sha256>::sha256, cavp_file_contents)
+}
+
+/// Test vectors an rsp file in
+/// <https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/secure-hashing#shavs>
+fn sha512_cavp_vector_test<C: CryptoProvider>(cavp_file_contents: &str) {
+    sha_cavp_vector_test(<C::Sha512 as Sha512>::sha512, cavp_file_contents)
+}
+
+fn sha_cavp_vector_test<const N: usize>(
+    hash_func: impl Fn(&[u8]) -> [u8; N],
+    cavp_file_contents: &str,
+) {
+    let test_cases = cavp_file_contents.split("\n\n").filter_map(|chunk| {
+        let mut len: Option<usize> = None;
+        let mut msg: Option<Vec<u8>> = None;
+        let mut md: Option<Vec<u8>> = None;
+        for line in chunk.split('\n') {
+            if line.starts_with('#') || line.is_empty() || line == std::format!("[L = {N}]") {
+                continue;
+            } else if let Some(len_str) = line.strip_prefix("Len = ") {
+                len = Some(FromStr::from_str(len_str).unwrap());
+            } else if let Some(hex_str) = line.strip_prefix("Msg = ") {
+                msg = Some(Vec::<u8>::from_hex(hex_str).unwrap());
+            } else if let Some(hex_str) = line.strip_prefix("MD = ") {
+                md = Some(Vec::<u8>::from_hex(hex_str).unwrap());
+            } else {
+                panic!("Unexpected line in test file: `{}`", line);
+            }
+        }
+        if let (Some(len), Some(msg), Some(md)) = (len, msg, md) {
+            Some((len, msg, md))
+        } else {
+            None
+        }
+    });
+    for (len, mut msg, md) in test_cases {
+        if len == 0 {
+            // Truncate len = 0, since the test file has "Msg = 00" in there that should be
+            // ignored.
+            msg.truncate(0);
+        }
+        assert_eq!(msg.len(), len / 8);
+        let md_arr: [u8; N] = md.try_into().unwrap();
+        assert_eq!(hash_func(&msg), md_arr);
+    }
+}
+
+/// Generates the test cases to validate the SHA2 implementation.
+/// For example, to test `MyCryptoProvider`:
+///
+/// ```
+/// use crypto_provider::sha2::testing::*;
+///
+/// mod tests {
+///     #[apply(sha2_test_cases)]
+///     fn sha2_tests(testcase: CryptoProviderTestCase<MyCryptoProvider>) {
+///         testcase(PhantomData::<MyCryptoProvider>);
+///     }
+/// }
+/// ```
+#[template]
+#[export]
+#[rstest]
+#[case::sha256_cavp_short_vector(sha256_cavp_short_vector_test)]
+#[case::sha256_cavp_long_vector(sha256_cavp_long_vector_test)]
+fn sha2_test_cases<C: CryptoProvider>(#[case] testcase: CryptoProviderTestCase<C>) {}
diff --git a/nearby/crypto/crypto_provider/src/testdata/README.md b/nearby/crypto/crypto_provider_test/src/testdata/README.md
similarity index 100%
rename from nearby/crypto/crypto_provider/src/testdata/README.md
rename to nearby/crypto/crypto_provider_test/src/testdata/README.md
diff --git a/nearby/crypto/crypto_provider/src/testdata/SHA256LongMsg.rsp b/nearby/crypto/crypto_provider_test/src/testdata/SHA256LongMsg.rsp
similarity index 100%
rename from nearby/crypto/crypto_provider/src/testdata/SHA256LongMsg.rsp
rename to nearby/crypto/crypto_provider_test/src/testdata/SHA256LongMsg.rsp
diff --git a/nearby/crypto/crypto_provider/src/testdata/SHA256ShortMsg.rsp b/nearby/crypto/crypto_provider_test/src/testdata/SHA256ShortMsg.rsp
similarity index 100%
rename from nearby/crypto/crypto_provider/src/testdata/SHA256ShortMsg.rsp
rename to nearby/crypto/crypto_provider_test/src/testdata/SHA256ShortMsg.rsp
diff --git a/nearby/crypto/crypto_provider/src/testdata/SHA512LongMsg.rsp b/nearby/crypto/crypto_provider_test/src/testdata/SHA512LongMsg.rsp
similarity index 100%
rename from nearby/crypto/crypto_provider/src/testdata/SHA512LongMsg.rsp
rename to nearby/crypto/crypto_provider_test/src/testdata/SHA512LongMsg.rsp
diff --git a/nearby/crypto/crypto_provider/src/testdata/SHA512ShortMsg.rsp b/nearby/crypto/crypto_provider_test/src/testdata/SHA512ShortMsg.rsp
similarity index 100%
rename from nearby/crypto/crypto_provider/src/testdata/SHA512ShortMsg.rsp
rename to nearby/crypto/crypto_provider_test/src/testdata/SHA512ShortMsg.rsp
diff --git a/nearby/crypto/crypto_provider/src/testdata/ecdsa/rfc_test_vectors.txt b/nearby/crypto/crypto_provider_test/src/testdata/ecdsa/rfc_test_vectors.txt
similarity index 100%
rename from nearby/crypto/crypto_provider/src/testdata/ecdsa/rfc_test_vectors.txt
rename to nearby/crypto/crypto_provider_test/src/testdata/ecdsa/rfc_test_vectors.txt
diff --git a/nearby/crypto/crypto_provider_test/src/x25519.rs b/nearby/crypto/crypto_provider_test/src/x25519.rs
new file mode 100644
index 0000000..23f8f9b
--- /dev/null
+++ b/nearby/crypto/crypto_provider_test/src/x25519.rs
@@ -0,0 +1,161 @@
+// Copyright 2023 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+use crate::elliptic_curve::EphemeralSecretForTesting;
+pub use crate::prelude::*;
+use crate::TestError;
+use core::marker::PhantomData;
+use crypto_provider::x25519::X25519;
+use crypto_provider::{
+    elliptic_curve::{EcdhProvider, EphemeralSecret, PublicKey},
+    CryptoRng,
+};
+use hex_literal::hex;
+use rstest_reuse::template;
+
+/// An ECDH provider that provides associated types for testing purposes. This can be mostly
+/// considered "aliases" for the otherwise long fully-qualified associated types.
+pub trait EcdhProviderForX25519Test {
+    /// The ECDH Provider that is "wrapped" by this type.
+    type EcdhProvider: EcdhProvider<
+        X25519,
+        PublicKey = <Self as EcdhProviderForX25519Test>::PublicKey,
+        EphemeralSecret = <Self as EcdhProviderForX25519Test>::EphemeralSecret,
+        SharedSecret = <Self as EcdhProviderForX25519Test>::SharedSecret,
+    >;
+    /// The public key type.
+    type PublicKey: PublicKey<X25519>;
+    /// The ephemeral secret type.
+    type EphemeralSecret: EphemeralSecretForTesting<X25519, Impl = Self::EcdhProvider>;
+    /// The shared secret type.
+    type SharedSecret: Into<[u8; 32]>;
+}
+
+impl<E> EcdhProviderForX25519Test for E
+where
+    E: EcdhProvider<X25519>,
+    E::PublicKey: PublicKey<X25519>,
+    E::EphemeralSecret: EphemeralSecretForTesting<X25519>,
+{
+    type EcdhProvider = E;
+    type PublicKey = E::PublicKey;
+    type EphemeralSecret = E::EphemeralSecret;
+    type SharedSecret = E::SharedSecret;
+}
+
+/// Test for `PublicKey<X25519>::to_bytes`
+pub fn x25519_to_bytes_test<E: EcdhProviderForX25519Test>(_: PhantomData<E>) {
+    let public_key_bytes = hex!("504a36999f489cd2fdbc08baff3d88fa00569ba986cba22548ffde80f9806829");
+    let public_key = E::PublicKey::from_bytes(&public_key_bytes).unwrap();
+    assert_eq!(public_key_bytes.to_vec(), public_key.to_bytes());
+}
+
+/// Random test for `PublicKey<X25519>::to_bytes`
+pub fn x25519_to_bytes_random_test<E: EcdhProviderForX25519Test>(_: PhantomData<E>) {
+    for _ in 1..100 {
+        let public_key_bytes =
+            E::EphemeralSecret::generate_random(&mut <E::EphemeralSecret as EphemeralSecret<
+                X25519,
+            >>::Rng::new())
+            .public_key_bytes();
+        let public_key = E::PublicKey::from_bytes(&public_key_bytes).unwrap();
+        assert_eq!(
+            E::PublicKey::from_bytes(&public_key.to_bytes()).unwrap(),
+            public_key,
+            "from_bytes should return the same key for `{public_key_bytes:?}`",
+        );
+    }
+}
+
+/// Test for X25519 Diffie-Hellman key exchange.
+pub fn x25519_ecdh_test<E: EcdhProviderForX25519Test>(_: PhantomData<E>) {
+    // From wycheproof ecdh_secx25519r1_ecpoint_test.json, tcId 1
+    // http://google3/third_party/wycheproof/testvectors/ecdh_secx25519r1_ecpoint_test.json;l=22;rcl=375894991
+    // sec1 public key manually extracted from the ASN encoded test data
+    let public_key = hex!("504a36999f489cd2fdbc08baff3d88fa00569ba986cba22548ffde80f9806829");
+    let private = hex!("c8a9d5a91091ad851c668b0736c1c9a02936c0d3ad62670858088047ba057475");
+    let expected_shared_secret =
+        hex!("436a2c040cf45fea9b29a0cb81b1f41458f863d0d61b453d0a982720d6d61320");
+    let result = x25519_ecdh_test_impl::<E>(&public_key, &private).unwrap();
+    assert_eq!(expected_shared_secret, result.into());
+}
+
+fn x25519_ecdh_test_impl<E: EcdhProviderForX25519Test>(
+    public_key: &[u8],
+    private: &[u8; 32],
+) -> Result<E::SharedSecret, TestError> {
+    let public_key = E::PublicKey::from_bytes(public_key).map_err(TestError::new)?;
+    let ephemeral_secret = E::EphemeralSecret::from_private_components(private, &public_key)
+        .map_err(TestError::new)?;
+    ephemeral_secret
+        .diffie_hellman(&public_key)
+        .map_err(TestError::new)
+}
+
+/// Wycheproof test for X25519 Diffie-Hellman.
+pub fn wycheproof_x25519_test<E: EcdhProviderForX25519Test>(_: PhantomData<E>) {
+    // Test cases from https://github.com/randombit/wycheproof-rs/blob/master/src/data/x25519_test.json
+    let test_set = wycheproof::xdh::TestSet::load(wycheproof::xdh::TestName::X25519).unwrap();
+    for test_group in test_set.test_groups {
+        for test in test_group.tests {
+            let result = x25519_ecdh_test_impl::<E>(
+                &test.public_key,
+                &test
+                    .private_key
+                    .try_into()
+                    .expect("Private keys should be 32 bytes long"),
+            );
+            match test.result {
+                wycheproof::TestResult::Valid => {
+                    let shared_secret =
+                        result.unwrap_or_else(|_| panic!("Test {} should succeed", test.tc_id));
+                    assert_eq!(&test.shared_secret, &shared_secret.into());
+                }
+                wycheproof::TestResult::Invalid => {
+                    result
+                        .err()
+                        .unwrap_or_else(|| panic!("Test {} should fail", test.tc_id));
+                }
+                wycheproof::TestResult::Acceptable => {
+                    if let Ok(shared_secret) = result {
+                        assert_eq!(test.shared_secret, shared_secret.into());
+                    }
+                    // Test passes if `result` is an error because this test is "acceptable"
+                }
+            }
+        }
+    }
+}
+
+/// Generates the test cases to validate the x25519 implementation.
+/// For example, to test `MyCryptoProvider`:
+///
+/// ```
+/// use crypto_provider::x25519::testing::*;
+///
+/// mod tests {
+///     #[apply(x25519_test_cases)]
+///     fn x25519_tests(testcase: CryptoProviderTestCase<MyCryptoProvider>) {
+///         testcase(PhantomData::<MyCryptoProvider>);
+///     }
+/// }
+/// ```
+#[template]
+#[export]
+#[rstest]
+#[case::x25519_to_bytes(x25519_to_bytes_test)]
+#[case::x25519_to_bytes_random(x25519_to_bytes_random_test)]
+#[case::x25519_ecdh(x25519_ecdh_test)]
+#[case::wycheproof_x25519(wycheproof_x25519_test)]
+fn x25519_test_cases<C: CryptoProvider>(#[case] testcase: CryptoProviderTestCase<C>) {}
diff --git a/nearby/presence/array_view/src/lib.rs b/nearby/presence/array_view/src/lib.rs
index 7a579a6..24a5001 100644
--- a/nearby/presence/array_view/src/lib.rs
+++ b/nearby/presence/array_view/src/lib.rs
@@ -42,6 +42,16 @@
 }
 
 impl<T, const N: usize> ArrayView<T, N> {
+    /// A version of [`ArrayView#try_from_array`] which panics if `len > buffer.len()`,
+    /// suitable for usage in `const` contexts.
+    pub const fn const_from_array(array: [T; N], len: usize) -> ArrayView<T, N> {
+        if N < len {
+            panic!("Invalid const ArrayView");
+        } else {
+            ArrayView { array, len }
+        }
+    }
+
     /// Create an [ArrayView] of the first `len` elements of `buffer`.
     ///
     /// Returns `None` if `len > buffer.len()`.
diff --git a/nearby/presence/ldt/fuzz/Cargo.lock b/nearby/presence/ldt/fuzz/Cargo.lock
index e0b529d..285bbca 100644
--- a/nearby/presence/ldt/fuzz/Cargo.lock
+++ b/nearby/presence/ldt/fuzz/Cargo.lock
@@ -207,9 +207,9 @@
 
 [[package]]
 name = "der"
-version = "0.7.4"
+version = "0.7.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "86b14af2045fa69ed2b7a48934bebb842d0f33e73e96e78766ecb14bb5347a11"
+checksum = "bc906908ea6458456e5eaa160a9c08543ec3d1e6f71e2235cedd660cb65f9df0"
 dependencies = [
  "const-oid",
  "zeroize",
@@ -260,9 +260,9 @@
 
 [[package]]
 name = "elliptic-curve"
-version = "0.13.4"
+version = "0.13.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "75c71eaa367f2e5d556414a8eea812bc62985c879748d6403edabd9cb03f16e7"
+checksum = "6ea5a92946e8614bb585254898bb7dd1ddad241ace60c52149e3765e34cc039d"
 dependencies = [
  "base16ct",
  "crypto-bigint",
@@ -295,9 +295,9 @@
 
 [[package]]
 name = "generic-array"
-version = "0.14.7"
+version = "0.14.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "85649ca51fd72272d7821adaf274ad91c288277713d9c18820d8499a7ff69e9a"
+checksum = "bff49e947297f3312447abdca79f45f4738097cc82b06e72054d2223f601f1b9"
 dependencies = [
  "typenum",
  "version_check",
@@ -426,9 +426,9 @@
 
 [[package]]
 name = "p256"
-version = "0.13.2"
+version = "0.13.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c9863ad85fa8f4460f9c48cb909d38a0d689dba1f6f6988a5e3e0d31071bcd4b"
+checksum = "7270da3e5caa82afd3deb054cc237905853813aea3859544bc082c3fe55b8d47"
 dependencies = [
  "elliptic-curve",
  "primeorder",
@@ -470,9 +470,9 @@
 
 [[package]]
 name = "primeorder"
-version = "0.13.1"
+version = "0.13.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cf8d3875361e28f7753baefef104386e7aa47642c93023356d97fdef4003bfb5"
+checksum = "7613fdcc0831c10060fa69833ea8fa2caa94b6456f51e25356a885b530a2e3d0"
 dependencies = [
  "elliptic-curve",
 ]
@@ -525,9 +525,9 @@
 
 [[package]]
 name = "sec1"
-version = "0.7.2"
+version = "0.7.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f0aec48e813d6b90b15f0b8948af3c63483992dee44c03e9930b3eebdabe046e"
+checksum = "48518a2b5775ba8ca5b46596aae011caa431e6ce7e4a67ead66d92f08884220e"
 dependencies = [
  "base16ct",
  "der",
diff --git a/nearby/presence/ldt_np_adv/fuzz/Cargo.lock b/nearby/presence/ldt_np_adv/fuzz/Cargo.lock
index 31409c8..92f2deb 100644
--- a/nearby/presence/ldt_np_adv/fuzz/Cargo.lock
+++ b/nearby/presence/ldt_np_adv/fuzz/Cargo.lock
@@ -211,9 +211,9 @@
 
 [[package]]
 name = "der"
-version = "0.7.4"
+version = "0.7.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "86b14af2045fa69ed2b7a48934bebb842d0f33e73e96e78766ecb14bb5347a11"
+checksum = "bc906908ea6458456e5eaa160a9c08543ec3d1e6f71e2235cedd660cb65f9df0"
 dependencies = [
  "const-oid",
  "zeroize",
@@ -264,9 +264,9 @@
 
 [[package]]
 name = "elliptic-curve"
-version = "0.13.4"
+version = "0.13.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "75c71eaa367f2e5d556414a8eea812bc62985c879748d6403edabd9cb03f16e7"
+checksum = "6ea5a92946e8614bb585254898bb7dd1ddad241ace60c52149e3765e34cc039d"
 dependencies = [
  "base16ct",
  "crypto-bigint",
@@ -299,9 +299,9 @@
 
 [[package]]
 name = "generic-array"
-version = "0.14.7"
+version = "0.14.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "85649ca51fd72272d7821adaf274ad91c288277713d9c18820d8499a7ff69e9a"
+checksum = "bff49e947297f3312447abdca79f45f4738097cc82b06e72054d2223f601f1b9"
 dependencies = [
  "typenum",
  "version_check",
@@ -453,9 +453,9 @@
 
 [[package]]
 name = "p256"
-version = "0.13.2"
+version = "0.13.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c9863ad85fa8f4460f9c48cb909d38a0d689dba1f6f6988a5e3e0d31071bcd4b"
+checksum = "7270da3e5caa82afd3deb054cc237905853813aea3859544bc082c3fe55b8d47"
 dependencies = [
  "elliptic-curve",
  "primeorder",
@@ -497,9 +497,9 @@
 
 [[package]]
 name = "primeorder"
-version = "0.13.1"
+version = "0.13.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cf8d3875361e28f7753baefef104386e7aa47642c93023356d97fdef4003bfb5"
+checksum = "7613fdcc0831c10060fa69833ea8fa2caa94b6456f51e25356a885b530a2e3d0"
 dependencies = [
  "elliptic-curve",
 ]
@@ -552,9 +552,9 @@
 
 [[package]]
 name = "sec1"
-version = "0.7.2"
+version = "0.7.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f0aec48e813d6b90b15f0b8948af3c63483992dee44c03e9930b3eebdabe046e"
+checksum = "48518a2b5775ba8ca5b46596aae011caa431e6ce7e4a67ead66d92f08884220e"
 dependencies = [
  "base16ct",
  "der",
diff --git a/nearby/presence/ldt_np_adv_ffi/Cargo.lock b/nearby/presence/ldt_np_adv_ffi/Cargo.lock
index 12f0615..0ad9a64 100644
--- a/nearby/presence/ldt_np_adv_ffi/Cargo.lock
+++ b/nearby/presence/ldt_np_adv_ffi/Cargo.lock
@@ -305,9 +305,9 @@
 
 [[package]]
 name = "elliptic-curve"
-version = "0.13.4"
+version = "0.13.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "75c71eaa367f2e5d556414a8eea812bc62985c879748d6403edabd9cb03f16e7"
+checksum = "6ea5a92946e8614bb585254898bb7dd1ddad241ace60c52149e3765e34cc039d"
 dependencies = [
  "base16ct",
  "crypto-bigint",
@@ -581,9 +581,9 @@
 
 [[package]]
 name = "p256"
-version = "0.13.2"
+version = "0.13.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c9863ad85fa8f4460f9c48cb909d38a0d689dba1f6f6988a5e3e0d31071bcd4b"
+checksum = "7270da3e5caa82afd3deb054cc237905853813aea3859544bc082c3fe55b8d47"
 dependencies = [
  "elliptic-curve",
  "primeorder",
@@ -647,9 +647,9 @@
 
 [[package]]
 name = "primeorder"
-version = "0.13.1"
+version = "0.13.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cf8d3875361e28f7753baefef104386e7aa47642c93023356d97fdef4003bfb5"
+checksum = "7613fdcc0831c10060fa69833ea8fa2caa94b6456f51e25356a885b530a2e3d0"
 dependencies = [
  "elliptic-curve",
 ]
@@ -734,9 +734,9 @@
 
 [[package]]
 name = "sec1"
-version = "0.7.2"
+version = "0.7.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f0aec48e813d6b90b15f0b8948af3c63483992dee44c03e9930b3eebdabe046e"
+checksum = "48518a2b5775ba8ca5b46596aae011caa431e6ce7e4a67ead66d92f08884220e"
 dependencies = [
  "base16ct",
  "der",
diff --git a/nearby/presence/ldt_np_adv_ffi/src/lib.rs b/nearby/presence/ldt_np_adv_ffi/src/lib.rs
index 7b440e4..b4dd932 100644
--- a/nearby/presence/ldt_np_adv_ffi/src/lib.rs
+++ b/nearby/presence/ldt_np_adv_ffi/src/lib.rs
@@ -22,15 +22,11 @@
 )]
 // These features are needed to support no_std + alloc
 #![feature(lang_items)]
-#![feature(alloc_error_handler)]
 
 //! Rust ffi wrapper of ldt_np_adv, can be called from C/C++ Clients
 
-mod handle_map;
-
 extern crate alloc;
 
-use crate::handle_map::get_dec_handle_map;
 use alloc::boxed::Box;
 use core::slice;
 use handle_map::get_enc_handle_map;
@@ -40,6 +36,10 @@
 };
 use np_hkdf::NpKeySeedHkdf;
 
+use crate::handle_map::get_dec_handle_map;
+
+mod handle_map;
+
 // Pull in the needed deps for std vs no_std
 cfg_if::cfg_if! {
     // Test pulls in std which causes duplicate errors
diff --git a/nearby/presence/ldt_np_adv_ffi/src/no_std.rs b/nearby/presence/ldt_np_adv_ffi/src/no_std.rs
index 34a16ef..524bc3d 100644
--- a/nearby/presence/ldt_np_adv_ffi/src/no_std.rs
+++ b/nearby/presence/ldt_np_adv_ffi/src/no_std.rs
@@ -14,18 +14,12 @@
 //
 // mod to handle all of the impls needed for no_std
 
-use libc_alloc::LibcAlloc;
-
 extern crate panic_abort;
 
+use libc_alloc::LibcAlloc;
+
 #[global_allocator]
 static ALLOCATOR: LibcAlloc = LibcAlloc;
 
 #[lang = "eh_personality"]
 extern "C" fn eh_personality() {}
-
-#[alloc_error_handler]
-#[allow(clippy::panic)]
-fn default_handler(layout: core::alloc::Layout) -> ! {
-    panic!("memory allocation of {} bytes failed", layout.size())
-}
diff --git a/nearby/presence/ldt_np_c_sample/tests/np_ffi_tests.cc b/nearby/presence/ldt_np_c_sample/tests/np_ffi_tests.cc
index 1cc2ae2..6359e7e 100644
--- a/nearby/presence/ldt_np_c_sample/tests/np_ffi_tests.cc
+++ b/nearby/presence/ldt_np_c_sample/tests/np_ffi_tests.cc
@@ -14,13 +14,13 @@
 
 #include <gtest/gtest.h>
 #include <json/json.h>
-#include <fstream>
 
 extern "C" {
 #include "np_ldt.h"
 }
 
 #include <algorithm>
+#include <fstream>
 
 // TODO: get multi threaded tests working on windows
 #ifndef _WIN32
diff --git a/nearby/presence/xts_aes/fuzz/Cargo.lock b/nearby/presence/xts_aes/fuzz/Cargo.lock
index 06b5f86..2bdaef3 100644
--- a/nearby/presence/xts_aes/fuzz/Cargo.lock
+++ b/nearby/presence/xts_aes/fuzz/Cargo.lock
@@ -207,9 +207,9 @@
 
 [[package]]
 name = "der"
-version = "0.7.4"
+version = "0.7.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "86b14af2045fa69ed2b7a48934bebb842d0f33e73e96e78766ecb14bb5347a11"
+checksum = "bc906908ea6458456e5eaa160a9c08543ec3d1e6f71e2235cedd660cb65f9df0"
 dependencies = [
  "const-oid",
  "zeroize",
@@ -260,9 +260,9 @@
 
 [[package]]
 name = "elliptic-curve"
-version = "0.13.4"
+version = "0.13.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "75c71eaa367f2e5d556414a8eea812bc62985c879748d6403edabd9cb03f16e7"
+checksum = "6ea5a92946e8614bb585254898bb7dd1ddad241ace60c52149e3765e34cc039d"
 dependencies = [
  "base16ct",
  "crypto-bigint",
@@ -295,9 +295,9 @@
 
 [[package]]
 name = "generic-array"
-version = "0.14.7"
+version = "0.14.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "85649ca51fd72272d7821adaf274ad91c288277713d9c18820d8499a7ff69e9a"
+checksum = "bff49e947297f3312447abdca79f45f4738097cc82b06e72054d2223f601f1b9"
 dependencies = [
  "typenum",
  "version_check",
@@ -407,9 +407,9 @@
 
 [[package]]
 name = "p256"
-version = "0.13.2"
+version = "0.13.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c9863ad85fa8f4460f9c48cb909d38a0d689dba1f6f6988a5e3e0d31071bcd4b"
+checksum = "7270da3e5caa82afd3deb054cc237905853813aea3859544bc082c3fe55b8d47"
 dependencies = [
  "elliptic-curve",
  "primeorder",
@@ -451,9 +451,9 @@
 
 [[package]]
 name = "primeorder"
-version = "0.13.1"
+version = "0.13.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cf8d3875361e28f7753baefef104386e7aa47642c93023356d97fdef4003bfb5"
+checksum = "7613fdcc0831c10060fa69833ea8fa2caa94b6456f51e25356a885b530a2e3d0"
 dependencies = [
  "elliptic-curve",
 ]
@@ -506,9 +506,9 @@
 
 [[package]]
 name = "sec1"
-version = "0.7.2"
+version = "0.7.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f0aec48e813d6b90b15f0b8948af3c63483992dee44c03e9930b3eebdabe046e"
+checksum = "48518a2b5775ba8ca5b46596aae011caa431e6ce7e4a67ead66d92f08884220e"
 dependencies = [
  "base16ct",
  "der",
diff --git a/nearby/scripts/build-script.sh b/nearby/scripts/build-script.sh
index 3643482..5fc999e 100755
--- a/nearby/scripts/build-script.sh
+++ b/nearby/scripts/build-script.sh
@@ -22,7 +22,9 @@
 # Use to generate headers for new source code files
 gen_headers() {
   set -e
-  $HOME/go/bin/addlicense -c "Google LLC" -l apache -ignore=**/android/build/** -ignore=target/** -ignore=**/target/** -ignore=".idea/*" -ignore=**/cmake-build/** -ignore="**/java/build/**" .
+  $HOME/go/bin/addlicense -c "Google LLC" -l apache -ignore=**/android/build/** -ignore=target/** \
+      -ignore=**/target/** -ignore=".idea/*" -ignore=**/cmake-build/** -ignore="**/java/build/**" \
+      -ignore="**/ukey2_c_ffi/cpp/build/**" .
 }
 
 # Checks the workspace 3rd party crates and makes sure they have a valid license
@@ -40,6 +42,7 @@
   check_workspace
   check_boringssl
   check_ldt_ffi
+  check_ukey2_ffi
   build_fuzzers
 }
 
@@ -88,6 +91,7 @@
       -ignore="**/cmake-build/**" \
       -ignore="**/java/build/**" \
       -ignore="**/java/*/build/**" \
+      -ignore="**/ukey2_c_ffi/cpp/build/**" \
       .; then
     echo "License header check succeeded!"
   else
@@ -169,6 +173,30 @@
   cd ../
 }
 
+# Builds and runs tests for the UKEY2 FFI
+check_ukey2_ffi() {
+  set -e
+  cd $SCRIPT_DIR/..
+  cd connections/ukey2/ukey2_c_ffi
+  # Default build, RustCrypto
+  cargo build --release --lib
+  # Try to build with OpenSSL
+  cargo build --no-default-features --features=openssl
+  cargo doc --no-deps
+  cargo clippy --release
+  cargo clippy --no-default-features --features=openssl
+  cargo deny check
+
+  # build C/C++ samples, tests, and benches
+  cd cpp
+  mkdir -p build && cd build
+  cmake ..
+  make all
+  ctest
+
+  cd $SCRIPT_DIR/..
+}
+
 # Clones boringssl and uses bindgen to generate the rust crate, applies AOSP
 # specific patches to the 3p `openssl` crate so that it can use a bssl backend
 prepare_boringssl() {
@@ -181,11 +209,12 @@
     git clone https://boringssl.googlesource.com/boringssl
   fi
   # Snap to the AOSP commit of boringssl
-  boringssl_rev=$(curl https://android.googlesource.com/platform/external/boringssl/+/master/BORINGSSL_REVISION?format=text | base64 -d)
+   boringssl_rev=$(curl https://android.googlesource.com/platform/external/boringssl/+/master/BORINGSSL_REVISION?format=text | base64 -d)
   cd boringssl && git checkout $boringssl_rev && mkdir -p build && cd build
   target=$(rustc -vV | awk '/host/ { print $2 }')
   cmake -G Ninja .. -DRUST_BINDINGS="$target" && ninja
-  # A valid Rust crate is built under `boringssl-build/boringssl/build/rust/bssl-sys`
+  # The Rust crate is in `boringssl-build/boringssl/build/rust/bssl-sys`, which depends on a
+  # cmake-generated file as part of its source.
 
   cd $projectroot/boringssl-build
   rm -Rf rust-openssl
diff --git a/nearby/scripts/openssl-patches/0001-Apply-Android-changes.patch b/nearby/scripts/openssl-patches/0001-Apply-Android-changes.patch
index aca9408..be6ca09 100644
--- a/nearby/scripts/openssl-patches/0001-Apply-Android-changes.patch
+++ b/nearby/scripts/openssl-patches/0001-Apply-Android-changes.patch
@@ -1,35 +1,72 @@
-From b89f5e640f0d4d9cb87412d897797ce89e12d15b Mon Sep 17 00:00:00 2001
+From 66e1daa9b4a345617bf9a090d56fa09ccd9b1d35 Mon Sep 17 00:00:00 2001
 From: Maurice Lam <yukl@google.com>
-Date: Thu, 2 Feb 2023 19:16:31 +0000
-Subject: [PATCH 1/3] Apply Android changes
+Date: Wed, 26 Apr 2023 02:21:36 +0000
+Subject: [PATCH] Apply Android patches
 
 ---
- .cargo/config.toml           |    2 +
+ openssl/src/bio.rs           |    6 +-
+ openssl/src/bn.rs            |    2 +-
  openssl/src/cipher.rs        |    4 +
+ openssl/src/dh.rs            |    2 +-
  openssl/src/ec.rs            |   20 +
  openssl/src/encrypt.rs       |    4 +-
  openssl/src/hkdf.rs          |   89 ++
- openssl/src/hmac.rs          |   68 ++
- openssl/src/lib.rs           |    7 +
+ openssl/src/hmac.rs          |  217 ++++
+ openssl/src/lib.rs           |   12 +
  openssl/src/pkey.rs          |   20 +-
  openssl/src/sign.rs          |   10 +-
  openssl/src/symm.rs          |    7 +-
- openssl/src/x509/mod.rs      |   36 +
- openssl/src/x509/mod.rs.orig | 1843 ++++++++++++++++++++++++++++++++++
- 12 files changed, 2091 insertions(+), 19 deletions(-)
- create mode 100644 .cargo/config.toml
+ openssl/src/x509/mod.rs      |   52 +-
+ openssl/src/x509/mod.rs.orig | 1879 ++++++++++++++++++++++++++++++++++
+ 14 files changed, 2292 insertions(+), 32 deletions(-)
  create mode 100644 openssl/src/hkdf.rs
  create mode 100644 openssl/src/hmac.rs
  create mode 100644 openssl/src/x509/mod.rs.orig
 
-diff --git a/.cargo/config.toml b/.cargo/config.toml
-new file mode 100644
-index 00000000..f92f06a0
---- /dev/null
-+++ b/.cargo/config.toml
-@@ -0,0 +1,2 @@
-+[patch.crates-io]
-+bssl-sys = { path = "../boringssl/build/rust" }
+diff --git a/openssl/src/bio.rs b/openssl/src/bio.rs
+index 6a72552a..03242188 100644
+--- a/openssl/src/bio.rs
++++ b/openssl/src/bio.rs
+@@ -4,7 +4,7 @@ use std::marker::PhantomData;
+ use std::ptr;
+ use std::slice;
+ 
+-use crate::cvt_p;
++use crate::{cvt_p, SignedLenType};
+ use crate::error::ErrorStack;
+ 
+ pub struct MemBioSlice<'a>(*mut ffi::BIO, PhantomData<&'a [u8]>);
+@@ -25,7 +25,7 @@ impl<'a> MemBioSlice<'a> {
+         let bio = unsafe {
+             cvt_p(BIO_new_mem_buf(
+                 buf.as_ptr() as *const _,
+-                buf.len() as c_int,
++                buf.len() as SignedLenType,
+             ))?
+         };
+ 
+@@ -78,7 +78,7 @@ cfg_if! {
+         use ffi::BIO_new_mem_buf;
+     } else {
+         #[allow(bad_style)]
+-        unsafe fn BIO_new_mem_buf(buf: *const ::libc::c_void, len: ::libc::c_int) -> *mut ffi::BIO {
++        unsafe fn BIO_new_mem_buf(buf: *const ::libc::c_void, len: SignedLenType) -> *mut ffi::BIO {
+             ffi::BIO_new_mem_buf(buf as *mut _, len)
+         }
+     }
+diff --git a/openssl/src/bn.rs b/openssl/src/bn.rs
+index 0328730a..fe820a2c 100644
+--- a/openssl/src/bn.rs
++++ b/openssl/src/bn.rs
+@@ -814,7 +814,7 @@ impl BigNumRef {
+     /// assert_eq!(&bn_vec, &[0, 0, 0x45, 0x43]);
+     /// ```
+     #[corresponds(BN_bn2binpad)]
+-    #[cfg(ossl110)]
++    #[cfg(any(boringssl, ossl110))]
+     pub fn to_vec_padded(&self, pad_to: i32) -> Result<Vec<u8>, ErrorStack> {
+         let mut v = Vec::with_capacity(pad_to as usize);
+         unsafe {
 diff --git a/openssl/src/cipher.rs b/openssl/src/cipher.rs
 index aeedf459..570794ca 100644
 --- a/openssl/src/cipher.rs
@@ -64,6 +101,19 @@
      pub fn bf_ecb() -> &'static CipherRef {
          unsafe { CipherRef::from_ptr(ffi::EVP_bf_ecb() as *mut _) }
      }
+diff --git a/openssl/src/dh.rs b/openssl/src/dh.rs
+index 12170b99..e781543e 100644
+--- a/openssl/src/dh.rs
++++ b/openssl/src/dh.rs
+@@ -239,7 +239,7 @@ where
+ }
+ 
+ cfg_if! {
+-    if #[cfg(any(ossl110, libressl270))] {
++    if #[cfg(any(ossl110, libressl270, boringssl))] {
+         use ffi::{DH_set0_pqg, DH_get0_pqg, DH_get0_key, DH_set0_key};
+     } else {
+         #[allow(bad_style)]
 diff --git a/openssl/src/ec.rs b/openssl/src/ec.rs
 index 248ced3e..c56f5da7 100644
 --- a/openssl/src/ec.rs
@@ -214,17 +264,19 @@
 +}
 diff --git a/openssl/src/hmac.rs b/openssl/src/hmac.rs
 new file mode 100644
-index 00000000..601ae01b
+index 00000000..465781e2
 --- /dev/null
 +++ b/openssl/src/hmac.rs
-@@ -0,0 +1,68 @@
-+use crate::cvt_p;
+@@ -0,0 +1,217 @@
 +use crate::error::ErrorStack;
 +use crate::md::MdRef;
++use crate::{cvt, cvt_p};
++use ffi::HMAC_CTX;
 +use foreign_types::ForeignTypeRef;
++use libc::{c_uint, c_void};
 +use openssl_macros::corresponds;
-+use libc::{c_void, c_uint};
 +use std::convert::TryFrom;
++use std::ptr;
 +
 +/// Computes the HMAC as a one-shot operation.
 +///
@@ -240,8 +292,9 @@
 +    md: &MdRef,
 +    key: &[u8],
 +    data: &[u8],
-+    out: &'a mut [u8]
++    out: &'a mut [u8],
 +) -> Result<&'a [u8], ErrorStack> {
++    assert!(out.len() >= md.size());
 +    let mut out_len = c_uint::try_from(out.len()).unwrap();
 +    unsafe {
 +        cvt_p(ffi::HMAC(
@@ -251,43 +304,189 @@
 +            data.as_ptr(),
 +            data.len(),
 +            out.as_mut_ptr(),
-+            &mut out_len
-+            ))?;
++            &mut out_len,
++        ))?;
 +    }
 +    Ok(&out[..out_len as usize])
 +}
 +
++/// A context object used to perform HMAC operations.
++///
++/// HMAC is a MAC (message authentication code), i.e. a keyed hash function used for message
++/// authentication, which is based on a hash function.
++///
++/// Note: Only available in boringssl. For openssl, use `PKey::hmac` instead.
++#[cfg(boringssl)]
++pub struct HmacCtx {
++    ctx: *mut HMAC_CTX,
++    output_size: usize,
++}
++
++#[cfg(boringssl)]
++impl HmacCtx {
++    /// Creates a new [HmacCtx] to use the hash function `md` and key `key`.
++    #[corresponds(HMAC_Init_ex)]
++    pub fn new(key: &[u8], md: &MdRef) -> Result<Self, ErrorStack> {
++        unsafe {
++            // Safety: If an error occurred, the resulting null from HMAC_CTX_new is converted into
++            // ErrorStack in the returned result by `cvt_p`.
++            let ctx = cvt_p(ffi::HMAC_CTX_new())?;
++            // Safety:
++            // - HMAC_Init_ex must be called with a context previously created with HMAC_CTX_new,
++            //   which is the line above.
++            // - HMAC_Init_ex may return an error if key is null but the md is different from
++            //   before. This is avoided here since key is guaranteed to be non-null.
++            cvt(ffi::HMAC_Init_ex(
++                ctx,
++                key.as_ptr() as *const c_void,
++                key.len(),
++                md.as_ptr(),
++                ptr::null_mut(),
++            ))?;
++            Ok(Self {
++                ctx,
++                output_size: md.size(),
++            })
++        }
++    }
++
++    /// `update` can be called repeatedly with chunks of the message `data` to be authenticated.
++    #[corresponds(HMAC_Update)]
++    pub fn update(&mut self, data: &[u8]) -> Result<(), ErrorStack> {
++        unsafe {
++            // Safety: HMAC_Update returns 0 on error, and that is converted into ErrorStack in the
++            // returned result by `cvt`.
++            cvt(ffi::HMAC_Update(self.ctx, data.as_ptr(), data.len())).map(|_| ())
++        }
++    }
++
++    /// Finishes the HMAC process, and places the message authentication code in `output`.
++    /// The number of bytes written to `output` is returned.
++    ///
++    /// # Panics
++    ///
++    /// Panics if the `output` is smaller than the required size. The output size is indicated by
++    /// `md.size()` for the `Md` instance passed in [new]. An output size of |EVP_MAX_MD_SIZE| will
++    /// always be large enough.
++    #[corresponds(HMAC_Final)]
++    pub fn finalize(&mut self, output: &mut [u8]) -> Result<usize, ErrorStack> {
++        assert!(output.len() >= self.output_size);
++        unsafe {
++            // Safety: The length assertion above makes sure that `HMAC_Final` will not write longer
++            // than the length of `output`.
++            let mut size: c_uint = 0;
++            cvt(ffi::HMAC_Final(
++                self.ctx,
++                output.as_mut_ptr(),
++                &mut size as *mut c_uint,
++            ))
++            .map(|_| size as usize)
++        }
++    }
++}
++
++impl Drop for HmacCtx {
++    #[corresponds(HMAC_CTX_free)]
++    fn drop(&mut self) {
++        unsafe {
++            ffi::HMAC_CTX_free(self.ctx);
++        }
++    }
++}
++
 +#[cfg(test)]
 +mod tests {
 +    use super::*;
 +    use crate::md::Md;
-+    use crate::memcmp;
 +
-+    const SHA_256_DIGEST_SIZE:usize = 32;
++    const SHA_256_DIGEST_SIZE: usize = 32;
 +
 +    #[test]
 +    fn hmac_sha256_test() {
-+        let expected_hmac = [0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53, 0x5c, 0xa8, 0xaf, 0xce, 0xaf, 0xb, 0xf1, 0x2b, 0x88, 0x1d, 0xc2, 0x0, 0xc9, 0x83, 0x3d, 0xa7, 0x26, 0xe9, 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7];
++        let expected_hmac = [
++            0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53, 0x5c, 0xa8, 0xaf, 0xce, 0xaf, 0xb,
++            0xf1, 0x2b, 0x88, 0x1d, 0xc2, 0x0, 0xc9, 0x83, 0x3d, 0xa7, 0x26, 0xe9, 0x37, 0x6c,
++            0x2e, 0x32, 0xcf, 0xf7,
++        ];
 +        let mut out: [u8; SHA_256_DIGEST_SIZE] = [0; SHA_256_DIGEST_SIZE];
-+        let key:[u8; 20] = [0x0b; 20];
++        let key: [u8; 20] = [0x0b; 20];
 +        let data = b"Hi There";
-+        let hmac_result = hmac(Md::sha256(), &key, data, &mut out).expect("Couldn't calculate sha256 hmac");
-+        expect!(memcmp::eq(&hmac_result, &expected_hmac));
++        let hmac_result =
++            hmac(Md::sha256(), &key, data, &mut out).expect("Couldn't calculate sha256 hmac");
++        assert_eq!(&hmac_result, &expected_hmac);
++    }
++
++    #[test]
++    #[should_panic]
++    fn hmac_sha256_output_too_short() {
++        let mut out = vec![0_u8; 1];
++        let key: [u8; 20] = [0x0b; 20];
++        let data = b"Hi There";
++        hmac(Md::sha256(), &key, data, &mut out).expect("Couldn't calculate sha256 hmac");
 +    }
 +
 +    #[test]
 +    fn hmac_sha256_test_big_buffer() {
-+        let expected_hmac = [0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53, 0x5c, 0xa8, 0xaf, 0xce, 0xaf, 0xb, 0xf1, 0x2b, 0x88, 0x1d, 0xc2, 0x0, 0xc9, 0x83, 0x3d, 0xa7, 0x26, 0xe9, 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7];
++        let expected_hmac = [
++            0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53, 0x5c, 0xa8, 0xaf, 0xce, 0xaf, 0xb,
++            0xf1, 0x2b, 0x88, 0x1d, 0xc2, 0x0, 0xc9, 0x83, 0x3d, 0xa7, 0x26, 0xe9, 0x37, 0x6c,
++            0x2e, 0x32, 0xcf, 0xf7,
++        ];
 +        let mut out: [u8; 100] = [0; 100];
-+        let key:[u8;20] = [0x0b; 20];
++        let key: [u8; 20] = [0x0b; 20];
 +        let data = b"Hi There";
-+        let hmac_result = hmac(Md::sha256(), &key, data, &mut out).expect("Couldn't calculate sha256 hmac");
-+        expect_eq!(hmac_result.len(), SHA_256_DIGEST_SIZE);
-+        expect!(memcmp::eq(&hmac_result, &expected_hmac));
++        let hmac_result =
++            hmac(Md::sha256(), &key, data, &mut out).expect("Couldn't calculate sha256 hmac");
++        assert_eq!(hmac_result.len(), SHA_256_DIGEST_SIZE);
++        assert_eq!(&hmac_result, &expected_hmac);
++    }
++
++    #[test]
++    fn hmac_sha256_update_test() {
++        let expected_hmac = [
++            0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53, 0x5c, 0xa8, 0xaf, 0xce, 0xaf, 0xb,
++            0xf1, 0x2b, 0x88, 0x1d, 0xc2, 0x0, 0xc9, 0x83, 0x3d, 0xa7, 0x26, 0xe9, 0x37, 0x6c,
++            0x2e, 0x32, 0xcf, 0xf7,
++        ];
++        let mut out: [u8; SHA_256_DIGEST_SIZE] = [0; SHA_256_DIGEST_SIZE];
++        let key: [u8; 20] = [0x0b; 20];
++        let data = b"Hi There";
++        let mut hmac_ctx = HmacCtx::new(&key, Md::sha256()).unwrap();
++        hmac_ctx.update(data).unwrap();
++        let size = hmac_ctx.finalize(&mut out).unwrap();
++        assert_eq!(&out, &expected_hmac);
++        assert_eq!(size, SHA_256_DIGEST_SIZE);
++    }
++
++    #[test]
++    fn hmac_sha256_update_chunks_test() {
++        let expected_hmac = [
++            0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53, 0x5c, 0xa8, 0xaf, 0xce, 0xaf, 0xb,
++            0xf1, 0x2b, 0x88, 0x1d, 0xc2, 0x0, 0xc9, 0x83, 0x3d, 0xa7, 0x26, 0xe9, 0x37, 0x6c,
++            0x2e, 0x32, 0xcf, 0xf7,
++        ];
++        let mut out: [u8; SHA_256_DIGEST_SIZE] = [0; SHA_256_DIGEST_SIZE];
++        let key: [u8; 20] = [0x0b; 20];
++        let mut hmac_ctx = HmacCtx::new(&key, Md::sha256()).unwrap();
++        hmac_ctx.update(b"Hi").unwrap();
++        hmac_ctx.update(b" There").unwrap();
++        let size = hmac_ctx.finalize(&mut out).unwrap();
++        assert_eq!(&out, &expected_hmac);
++        assert_eq!(size, SHA_256_DIGEST_SIZE);
++    }
++
++    #[test]
++    #[should_panic]
++    fn hmac_sha256_update_output_too_short() {
++        let mut out = vec![0_u8; 1];
++        let key: [u8; 20] = [0x0b; 20];
++        let mut hmac_ctx = HmacCtx::new(&key, Md::sha256()).unwrap();
++        hmac_ctx.update(b"Hi There").unwrap();
++        hmac_ctx.finalize(&mut out).unwrap();
 +    }
 +}
 diff --git a/openssl/src/lib.rs b/openssl/src/lib.rs
-index 035c90c6..fec22cd9 100644
+index 035c90c6..02a51dbb 100644
 --- a/openssl/src/lib.rs
 +++ b/openssl/src/lib.rs
 @@ -120,6 +120,9 @@
@@ -311,6 +510,18 @@
  #[cfg(ossl300)]
  pub mod lib_ctx;
  pub mod md;
+@@ -189,6 +196,11 @@ type LenType = libc::size_t;
+ #[cfg(not(boringssl))]
+ type LenType = libc::c_int;
+ 
++#[cfg(boringssl)]
++type SignedLenType = libc::ssize_t;
++#[cfg(not(boringssl))]
++type SignedLenType = libc::c_int;
++
+ #[inline]
+ fn cvt_p<T>(r: *mut T) -> Result<*mut T, ErrorStack> {
+     if r.is_null() {
 diff --git a/openssl/src/pkey.rs b/openssl/src/pkey.rs
 index 780bd637..92daa882 100644
 --- a/openssl/src/pkey.rs
@@ -494,7 +705,7 @@
          unsafe { Cipher(ffi::EVP_bf_ecb()) }
      }
 diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs
-index 940c8c9c..34b86c10 100644
+index 940c8c9c..f9477e4a 100644
 --- a/openssl/src/x509/mod.rs
 +++ b/openssl/src/x509/mod.rs
 @@ -356,6 +356,19 @@ impl X509Builder {
@@ -517,6 +728,70 @@
      /// Consumes the builder, returning the certificate.
      pub fn build(self) -> X509 {
          self.0
+@@ -898,13 +911,13 @@ impl X509NameBuilder {
+     pub fn append_entry_by_text(&mut self, field: &str, value: &str) -> Result<(), ErrorStack> {
+         unsafe {
+             let field = CString::new(field).unwrap();
+-            assert!(value.len() <= c_int::max_value() as usize);
++            assert!(value.len() <= isize::max_value() as usize);
+             cvt(ffi::X509_NAME_add_entry_by_txt(
+                 self.0.as_ptr(),
+                 field.as_ptr() as *mut _,
+                 ffi::MBSTRING_UTF8,
+                 value.as_ptr(),
+-                value.len() as c_int,
++                value.len() as isize,
+                 -1,
+                 0,
+             ))
+@@ -925,13 +938,13 @@ impl X509NameBuilder {
+     ) -> Result<(), ErrorStack> {
+         unsafe {
+             let field = CString::new(field).unwrap();
+-            assert!(value.len() <= c_int::max_value() as usize);
++            assert!(value.len() <= isize::max_value() as usize);
+             cvt(ffi::X509_NAME_add_entry_by_txt(
+                 self.0.as_ptr(),
+                 field.as_ptr() as *mut _,
+                 ty.as_raw(),
+                 value.as_ptr(),
+-                value.len() as c_int,
++                value.len() as isize,
+                 -1,
+                 0,
+             ))
+@@ -946,13 +959,13 @@ impl X509NameBuilder {
+     /// [`X509_NAME_add_entry_by_NID`]: https://www.openssl.org/docs/manmaster/crypto/X509_NAME_add_entry_by_NID.html
+     pub fn append_entry_by_nid(&mut self, field: Nid, value: &str) -> Result<(), ErrorStack> {
+         unsafe {
+-            assert!(value.len() <= c_int::max_value() as usize);
++            assert!(value.len() <= isize::max_value() as usize);
+             cvt(ffi::X509_NAME_add_entry_by_NID(
+                 self.0.as_ptr(),
+                 field.as_raw(),
+                 ffi::MBSTRING_UTF8,
+                 value.as_ptr() as *mut _,
+-                value.len() as c_int,
++                value.len() as isize,
+                 -1,
+                 0,
+             ))
+@@ -972,13 +985,13 @@ impl X509NameBuilder {
+         ty: Asn1Type,
+     ) -> Result<(), ErrorStack> {
+         unsafe {
+-            assert!(value.len() <= c_int::max_value() as usize);
++            assert!(value.len() <= isize::max_value() as usize);
+             cvt(ffi::X509_NAME_add_entry_by_NID(
+                 self.0.as_ptr(),
+                 field.as_raw(),
+                 ty.as_raw(),
+                 value.as_ptr() as *mut _,
+-                value.len() as c_int,
++                value.len() as isize,
+                 -1,
+                 0,
+             ))
 @@ -1286,6 +1299,29 @@ impl X509ReqBuilder {
          }
      }
@@ -549,10 +824,10 @@
          self.0
 diff --git a/openssl/src/x509/mod.rs.orig b/openssl/src/x509/mod.rs.orig
 new file mode 100644
-index 00000000..940c8c9c
+index 00000000..34b86c10
 --- /dev/null
 +++ b/openssl/src/x509/mod.rs.orig
-@@ -0,0 +1,1843 @@
+@@ -0,0 +1,1879 @@
 +//! The standard defining the format of public key certificates.
 +//!
 +//! An `X509` certificate binds an identity to a public key, and is either
@@ -911,6 +1186,19 @@
 +        unsafe { cvt(ffi::X509_sign(self.0.as_ptr(), key.as_ptr(), hash.as_ptr())).map(|_| ()) }
 +    }
 +
++    /// Signs the certificate with a private key but without a digest.
++    ///
++    /// This is the only way to sign with Ed25519 keys as BoringSSL doesn't support the null
++    /// message digest.
++    #[cfg(boringssl)]
++    #[corresponds(X509_sign)]
++    pub fn sign_without_digest<T>(&mut self, key: &PKeyRef<T>) -> Result<(), ErrorStack>
++    where
++        T: HasPrivate,
++    {
++        unsafe { cvt(ffi::X509_sign(self.0.as_ptr(), key.as_ptr(), ptr::null())).map(|_| ()) }
++    }
++
 +    /// Consumes the builder, returning the certificate.
 +    pub fn build(self) -> X509 {
 +        self.0
@@ -1841,6 +2129,29 @@
 +        }
 +    }
 +
++    /// Sign the request using a private key without a digest.
++    ///
++    /// This is the only way to sign with Ed25519 keys as BoringSSL doesn't support the null
++    /// message digest.
++    ///
++    /// This corresponds to [`X509_REQ_sign`].
++    ///
++    /// [`X509_REQ_sign`]: https://www.openssl.org/docs/man1.1.0/crypto/X509_REQ_sign.html
++    #[cfg(boringssl)]
++    pub fn sign_without_digest<T>(&mut self, key: &PKeyRef<T>) -> Result<(), ErrorStack>
++    where
++        T: HasPrivate,
++    {
++        unsafe {
++            cvt(ffi::X509_REQ_sign(
++                self.0.as_ptr(),
++                key.as_ptr(),
++                ptr::null(),
++            ))
++            .map(|_| ())
++        }
++    }
++
 +    /// Returns the `X509Req`.
 +    pub fn build(self) -> X509Req {
 +        self.0
@@ -2397,5 +2708,5 @@
 +    }
 +}
 -- 
-2.39.1.519.gcb327c4b5f-goog
+2.40.1.495.gc816e09b53d-goog
 
diff --git a/nearby/scripts/openssl-patches/0002-Make-openssl-buildable.patch b/nearby/scripts/openssl-patches/0002-Make-openssl-buildable.patch
deleted file mode 100644
index 46f8a4b..0000000
--- a/nearby/scripts/openssl-patches/0002-Make-openssl-buildable.patch
+++ /dev/null
@@ -1,60 +0,0 @@
-From 4a7246ed78e8845dd2ac5477fb4abd490a83f6eb Mon Sep 17 00:00:00 2001
-From: Maurice Lam <yukl@google.com>
-Date: Thu, 2 Feb 2023 19:21:46 +0000
-Subject: [PATCH 2/3] Make openssl buildable
-
----
- openssl/src/bio.rs | 9 +++++++--
- openssl/src/dh.rs  | 2 +-
- 2 files changed, 8 insertions(+), 3 deletions(-)
-
-diff --git a/openssl/src/bio.rs b/openssl/src/bio.rs
-index 6a72552a..5007d677 100644
---- a/openssl/src/bio.rs
-+++ b/openssl/src/bio.rs
-@@ -7,6 +7,11 @@ use std::slice;
- use crate::cvt_p;
- use crate::error::ErrorStack;
- 
-+#[cfg(boringssl)]
-+type SignedLenType = libc::ssize_t;
-+#[cfg(not(boringssl))]
-+type SignedLenType = libc::c_int;
-+
- pub struct MemBioSlice<'a>(*mut ffi::BIO, PhantomData<&'a [u8]>);
- 
- impl<'a> Drop for MemBioSlice<'a> {
-@@ -25,7 +30,7 @@ impl<'a> MemBioSlice<'a> {
-         let bio = unsafe {
-             cvt_p(BIO_new_mem_buf(
-                 buf.as_ptr() as *const _,
--                buf.len() as c_int,
-+                buf.len() as SignedLenType,
-             ))?
-         };
- 
-@@ -78,7 +83,7 @@ cfg_if! {
-         use ffi::BIO_new_mem_buf;
-     } else {
-         #[allow(bad_style)]
--        unsafe fn BIO_new_mem_buf(buf: *const ::libc::c_void, len: ::libc::c_int) -> *mut ffi::BIO {
-+        unsafe fn BIO_new_mem_buf(buf: *const ::libc::c_void, len: SignedLenType) -> *mut ffi::BIO {
-             ffi::BIO_new_mem_buf(buf as *mut _, len)
-         }
-     }
-diff --git a/openssl/src/dh.rs b/openssl/src/dh.rs
-index 12170b99..e781543e 100644
---- a/openssl/src/dh.rs
-+++ b/openssl/src/dh.rs
-@@ -239,7 +239,7 @@ where
- }
- 
- cfg_if! {
--    if #[cfg(any(ossl110, libressl270))] {
-+    if #[cfg(any(ossl110, libressl270, boringssl))] {
-         use ffi::{DH_set0_pqg, DH_get0_pqg, DH_get0_key, DH_set0_key};
-     } else {
-         #[allow(bad_style)]
--- 
-2.39.1.519.gcb327c4b5f-goog
-
diff --git a/nearby/scripts/openssl-patches/0003-Add-HmacCtx-wrapper-for-BoringSSL.patch b/nearby/scripts/openssl-patches/0003-Add-HmacCtx-wrapper-for-BoringSSL.patch
deleted file mode 100644
index 9c3f3a6..0000000
--- a/nearby/scripts/openssl-patches/0003-Add-HmacCtx-wrapper-for-BoringSSL.patch
+++ /dev/null
@@ -1,183 +0,0 @@
-From 1ff6b4d427e85f290b68e3b9f547ca536360f32b Mon Sep 17 00:00:00 2001
-From: Maurice Lam <yukl@google.com>
-Date: Thu, 2 Feb 2023 19:45:12 +0000
-Subject: [PATCH 3/3] Add HmacCtx wrapper for BoringSSL
-
----
- openssl-sys/src/handwritten/hmac.rs |   2 +-
- openssl/src/hmac.rs                 | 111 ++++++++++++++++++++++++----
- 2 files changed, 96 insertions(+), 17 deletions(-)
-
-diff --git a/openssl-sys/src/handwritten/hmac.rs b/openssl-sys/src/handwritten/hmac.rs
-index 7cbb7cc9..7c0e0b5a 100644
---- a/openssl-sys/src/handwritten/hmac.rs
-+++ b/openssl-sys/src/handwritten/hmac.rs
-@@ -3,7 +3,7 @@ use libc::*;
- use *;
- 
- cfg_if! {
--    if #[cfg(any(ossl110, libressl350))] {
-+    if #[cfg(any(ossl110, libressl350, boringssl))] {
-         extern "C" {
-             pub fn HMAC_CTX_new() -> *mut HMAC_CTX;
-             pub fn HMAC_CTX_free(ctx: *mut HMAC_CTX);
-diff --git a/openssl/src/hmac.rs b/openssl/src/hmac.rs
-index 601ae01b..90fd2175 100644
---- a/openssl/src/hmac.rs
-+++ b/openssl/src/hmac.rs
-@@ -1,10 +1,12 @@
--use crate::cvt_p;
-+use crate::{cvt, cvt_p};
- use crate::error::ErrorStack;
- use crate::md::MdRef;
-+use ffi::HMAC_CTX;
- use foreign_types::ForeignTypeRef;
-+use libc::{c_uint, c_void};
- use openssl_macros::corresponds;
--use libc::{c_void, c_uint};
- use std::convert::TryFrom;
-+use std::ptr;
- 
- /// Computes the HMAC as a one-shot operation.
- ///
-@@ -20,7 +22,7 @@ pub fn hmac<'a>(
-     md: &MdRef,
-     key: &[u8],
-     data: &[u8],
--    out: &'a mut [u8]
-+    out: &'a mut [u8],
- ) -> Result<&'a [u8], ErrorStack> {
-     let mut out_len = c_uint::try_from(out.len()).unwrap();
-     unsafe {
-@@ -31,38 +33,115 @@ pub fn hmac<'a>(
-             data.as_ptr(),
-             data.len(),
-             out.as_mut_ptr(),
--            &mut out_len
--            ))?;
-+            &mut out_len,
-+        ))?;
-     }
-     Ok(&out[..out_len as usize])
- }
- 
-+/// Only available in boringssl. For openssl, use `PKey::hmac` instead.
-+#[cfg(boringssl)]
-+pub struct HmacCtx {
-+    ctx: *mut HMAC_CTX,
-+}
-+
-+#[cfg(boringssl)]
-+impl HmacCtx {
-+    #[corresponds(HMAC_CTX_new)]
-+    pub fn new(key: &[u8], md: &MdRef) -> Result<Self, ErrorStack> {
-+        unsafe {
-+            let ctx = cvt_p(ffi::HMAC_CTX_new())?;
-+            cvt(ffi::HMAC_Init_ex(
-+                ctx,
-+                key.as_ptr() as *const c_void,
-+                key.len(),
-+                md.as_ptr(),
-+                ptr::null_mut(),
-+            ))?;
-+            Ok(Self { ctx })
-+        }
-+    }
-+
-+    pub fn update(&mut self, data: &[u8]) -> Result<(), ErrorStack> {
-+        unsafe { cvt(ffi::HMAC_Update(self.ctx, data.as_ptr(), data.len())).map(|_| ()) }
-+    }
-+
-+    /// Finishes the HMAC process, writing any remaining data to `output`.
-+    /// The number of bytes written to `output` is returned.
-+    /// `update` should not be called after this method.
-+    pub fn finalize(&mut self, md: &mut [u8]) -> Result<usize, ErrorStack> {
-+        unsafe {
-+            let mut size: c_uint = 0;
-+            cvt(ffi::HMAC_Final(
-+                self.ctx,
-+                md.as_mut_ptr(),
-+                &mut size as *mut c_uint,
-+            ))
-+            .map(|_| size as usize)
-+        }
-+    }
-+}
-+
-+impl Drop for HmacCtx {
-+    #[corresponds(HMAC_CTX_free)]
-+    fn drop(&mut self) {
-+        unsafe {
-+            ffi::HMAC_CTX_free(self.ctx);
-+        }
-+    }
-+}
-+
- #[cfg(test)]
- mod tests {
-     use super::*;
-     use crate::md::Md;
--    use crate::memcmp;
- 
--    const SHA_256_DIGEST_SIZE:usize = 32;
-+    const SHA_256_DIGEST_SIZE: usize = 32;
- 
-     #[test]
-     fn hmac_sha256_test() {
--        let expected_hmac = [0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53, 0x5c, 0xa8, 0xaf, 0xce, 0xaf, 0xb, 0xf1, 0x2b, 0x88, 0x1d, 0xc2, 0x0, 0xc9, 0x83, 0x3d, 0xa7, 0x26, 0xe9, 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7];
-+        let expected_hmac = [
-+            0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53, 0x5c, 0xa8, 0xaf, 0xce, 0xaf, 0xb,
-+            0xf1, 0x2b, 0x88, 0x1d, 0xc2, 0x0, 0xc9, 0x83, 0x3d, 0xa7, 0x26, 0xe9, 0x37, 0x6c,
-+            0x2e, 0x32, 0xcf, 0xf7,
-+        ];
-         let mut out: [u8; SHA_256_DIGEST_SIZE] = [0; SHA_256_DIGEST_SIZE];
--        let key:[u8; 20] = [0x0b; 20];
-+        let key: [u8; 20] = [0x0b; 20];
-         let data = b"Hi There";
--        let hmac_result = hmac(Md::sha256(), &key, data, &mut out).expect("Couldn't calculate sha256 hmac");
--        expect!(memcmp::eq(&hmac_result, &expected_hmac));
-+        let hmac_result =
-+            hmac(Md::sha256(), &key, data, &mut out).expect("Couldn't calculate sha256 hmac");
-+        assert_eq!(&hmac_result, &expected_hmac);
-     }
- 
-     #[test]
-     fn hmac_sha256_test_big_buffer() {
--        let expected_hmac = [0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53, 0x5c, 0xa8, 0xaf, 0xce, 0xaf, 0xb, 0xf1, 0x2b, 0x88, 0x1d, 0xc2, 0x0, 0xc9, 0x83, 0x3d, 0xa7, 0x26, 0xe9, 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7];
-+        let expected_hmac = [
-+            0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53, 0x5c, 0xa8, 0xaf, 0xce, 0xaf, 0xb,
-+            0xf1, 0x2b, 0x88, 0x1d, 0xc2, 0x0, 0xc9, 0x83, 0x3d, 0xa7, 0x26, 0xe9, 0x37, 0x6c,
-+            0x2e, 0x32, 0xcf, 0xf7,
-+        ];
-         let mut out: [u8; 100] = [0; 100];
--        let key:[u8;20] = [0x0b; 20];
-+        let key: [u8; 20] = [0x0b; 20];
-+        let data = b"Hi There";
-+        let hmac_result =
-+            hmac(Md::sha256(), &key, data, &mut out).expect("Couldn't calculate sha256 hmac");
-+        assert_eq!(hmac_result.len(), SHA_256_DIGEST_SIZE);
-+        assert_eq!(&hmac_result, &expected_hmac);
-+    }
-+
-+    #[test]
-+    fn hmac_sha256_update_test() {
-+        let expected_hmac = [
-+            0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53, 0x5c, 0xa8, 0xaf, 0xce, 0xaf, 0xb,
-+            0xf1, 0x2b, 0x88, 0x1d, 0xc2, 0x0, 0xc9, 0x83, 0x3d, 0xa7, 0x26, 0xe9, 0x37, 0x6c,
-+            0x2e, 0x32, 0xcf, 0xf7,
-+        ];
-+        let mut out: [u8; SHA_256_DIGEST_SIZE] = [0; SHA_256_DIGEST_SIZE];
-+        let key: [u8; 20] = [0x0b; 20];
-         let data = b"Hi There";
--        let hmac_result = hmac(Md::sha256(), &key, data, &mut out).expect("Couldn't calculate sha256 hmac");
--        expect_eq!(hmac_result.len(), SHA_256_DIGEST_SIZE);
--        expect!(memcmp::eq(&hmac_result, &expected_hmac));
-+        let mut hmac_ctx = HmacCtx::new(&key, Md::sha256()).unwrap();
-+        hmac_ctx.update(data).unwrap();
-+        hmac_ctx.finalize(&mut out).unwrap();
-+        assert_eq!(&out, &expected_hmac);
-     }
- }
--- 
-2.39.1.519.gcb327c4b5f-goog
-
diff --git a/nearby/scripts/openssl-patches/README.md b/nearby/scripts/openssl-patches/README.md
index da6f7d0..8483cad 100644
--- a/nearby/scripts/openssl-patches/README.md
+++ b/nearby/scripts/openssl-patches/README.md
@@ -1,10 +1,38 @@
 This directory contains patch files for `rust-openssl` for it to build successfully with
 `--features=unstable_boringssl`.
 
-After running `prepare-boringssl.sh`, the `rust-openssl` git repo is cloned to
+After running `prepare_boringssl`, the `rust-openssl` git repo is cloned to
 `beto-rust/boringssl-build/rust-openssl/openssl`, and the patches in this directory will be applied.
 
-If you make further changes, or update the "base commit" in `prepare-boringssl.sh`, you can
-regenerate the patch files by checking out to the desired state of the tree, with all changes
-committed, and run `git format-patch BASE_COMMIT`. (Note: `BASE_COMMIT` is set by
-`prepare-boringssl.sh`)
+If you make further changes, or update the "base commit" in `prepare_boringssl`, you can
+regenerate the patch files by following these steps:
+
+1. Run `(source nearby/scripts/build-script.sh && prepare_boringssl)`
+2. `cd boringssl-build/rust-openssl/` and make the necessary changes
+3. Commit the changes
+4. `git format-patch BASE_COMMIT`. (Note: `BASE_COMMIT` is set by `prepare_boringssl`)
+5. The patch files will be generated in the current working directory. Move them here in
+   `nearby/scripts/openssl-patches`.
+
+### Regenerate patches based on AOSP changes
+
+In the "make the necessary changes" part in Step 2 above, follow these steps:
+
+1. Download the patch files in https://googleplex-android.googlesource.com/platform/external/rust/crates/openssl/+/master/patches
+2. `cd` into the openssl directory since the AOSP project starts at that root:
+   ```sh
+   $ cd openssl
+   ```
+3. Reset your branch to `BASE_COMMIT` to ensure the AOSP patches apply cleanly.
+   ```sh
+   $ git co BASE_COMMIT
+   $ git co -b create-patch
+   ```
+4. Apply the patches from AOSP
+   ```sh
+   for i in /path/to/android/external/rust/crates/openssl/patches/*; do patch -p1 < $i; done
+   ```
+5. Remove unneeded files (like `.orig`). Commit the changes.
+6. Patches locally in `scripts/openssl-patches` but not in AOSP are lost in this process. Reapply
+   the appropriate ones at this point, using `git apply` or `git am`.
+7. Continue with `git format-patch` described in step 4 in the previous section.