diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 25a269ed..3cf62f4b 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -24,3 +24,9 @@ jobs:
       - name: Build Rust bindings
         run: |
           cd src/rustapi/pqc-sys && cargo build
+      - name: Run KAT tests
+        run: |
+          cd test/katrunner &&
+          curl http://amongbytes.com/~flowher/permalinks/kat.zip --output kat.zip
+          unzip kat.zip
+          cargo run -- --katdir KAT
diff --git a/test/katrunner/src/main.rs b/test/katrunner/src/main.rs
index 8b50f6f9..2a864af6 100644
--- a/test/katrunner/src/main.rs
+++ b/test/katrunner/src/main.rs
@@ -17,9 +17,14 @@ fn signature_scheme(el: &TestVector) {
 	unsafe {
 		let p = pqc_sig_alg_by_id(el.scheme_id as u8);
 		assert_ne!(p.is_null(), true);
+		// pqc doesn't use "envelope" API. From the other
+		// hand in KATs for signature scheme, the signature
+		// is concatenaed with a message. Use only part with
+		// the signature.
+		let sm_len = el.sig.sm.len() - el.sig.msg.len();
 		assert_eq!(
 			pqc_sig_verify(p,
-				el.sig.sm.as_ptr(), el.sig.sm.len() as u64,
+				el.sig.sm.as_ptr(), sm_len as u64,
 				el.sig.msg.as_ptr(), el.sig.msg.len() as u64,
 				el.sig.pk.as_ptr()),
 			true);