From: Stephan Mueller <smueller@chronox.de>
To: Eric Biggers <ebiggers@kernel.org>, David Howells <dhowells@redhat.com>
Cc: dhowells@redhat.com, linux-crypto@vger.kernel.org,
linux-kernel@vger.kernel.org, Ard Biesheuvel <ardb@kernel.org>,
"Jason A . Donenfeld" <Jason@zx2c4.com>,
Herbert Xu <herbert@gondor.apana.org.au>
Subject: Re: Python script to generate X509/CMS from NIST testcases
Date: Tue, 20 Jan 2026 16:42:47 +0100 [thread overview]
Message-ID: <10662580.0AQdONaE2F@tauon> (raw)
In-Reply-To: <1176796.1768921455@warthog.procyon.org.uk>
Am Dienstag, 20. Januar 2026, 16:04:15 Mitteleuropäische Normalzeit schrieb
David Howells:
Hi David,
> Hi Eric, Stephan,
>
> In case it turns out to be useful to you as a template, here's a script that
> I wrote to package NIST ML-DSA testcases from JSON files into rudimentary
> X.509, message and CMS signature files and also to produce a C file that
> contains those blobs packaged into u8 arrays with a table listing them all.
>
> It also tries to verify each testcase with "openssl smime" - except that
> that doesn't work too will for ML-DSA (it did work for RSASSA-PSS, but
> that's another script).
>
Thank you very much for this reference.
Also, in case it is useful for you as well: I just completed the work on
adopting the sbsigntools to PQC [1]. This would support the adoption of the
shim bootloader to use PQC algorithms that is started at [2]. The coding in
[2] is completed to the extend that it compiles as PE/COFF executable. Now I
am working through the testing and adopt it to use the updated sbsigntools.
[1] https://github.com/smuellerDD/leancrypto/tree/master/apps/src#secure-boot-signing-tools-supporting-pqc
[2] https://github.com/smuellerDD/shim/tree/leancrypto2
Ciao
Stephan
prev parent reply other threads:[~2026-01-20 15:43 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-01-19 16:48 NIST FIPS test vector failures David Howells
2026-01-19 17:09 ` David Howells
2026-01-19 18:51 ` Eric Biggers
2026-01-20 15:00 ` David Howells
2026-01-20 15:04 ` Python script to generate X509/CMS from NIST testcases David Howells
2026-01-20 15:42 ` Stephan Mueller [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=10662580.0AQdONaE2F@tauon \
--to=smueller@chronox.de \
--cc=Jason@zx2c4.com \
--cc=ardb@kernel.org \
--cc=dhowells@redhat.com \
--cc=ebiggers@kernel.org \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.