1## This file contains a record of how some of the test data was 2## generated. The final build products are committed to the repository 3## as well to make sure that the test data is identical. You do not 4## need to use this makefile unless you're extending mbed TLS's tests. 5 6## Many data files were generated prior to the existence of this 7## makefile, so the method of their generation was not recorded. 8 9## Note that in addition to depending on the version of the data 10## generation tool, many of the build outputs are randomized, so 11## running this makefile twice would not produce the same results. 12 13## Tools 14OPENSSL ?= openssl 15FAKETIME ?= faketime 16 17TOP_DIR = ../.. 18MBEDTLS_CERT_WRITE ?= $(TOP_DIR)/programs/x509/cert_write 19MBEDTLS_CERT_REQ ?= $(TOP_DIR)/programs/x509/cert_req 20 21 22## Build the generated test data. Note that since the final outputs 23## are committed to the repository, this target should do nothing on a 24## fresh checkout. Furthermore, since the generation is randomized, 25## re-running the same targets may result in differing files. The goal 26## of this makefile is primarily to serve as a record of how the 27## targets were generated in the first place. 28default: all_final 29 30all_intermediate := # temporary files 31all_final := # files used by tests 32 33 34 35################################################################ 36#### Generate certificates from existing keys 37################################################################ 38 39test_ca_crt = test-ca.crt 40test_ca_key_file_rsa = test-ca.key 41test_ca_pwd_rsa = PolarSSLTest 42test_ca_config_file = test-ca.opensslconf 43 44test-ca.req.sha256: $(test_ca_key_file_rsa) 45 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$(test_ca_key_file_rsa) password=$(test_ca_pwd_rsa) subject_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" md=SHA256 46all_intermediate += test-ca.req.sha256 47 48test-ca.crt: $(test_ca_key_file_rsa) test-ca.req.sha256 49 $(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 request_file=test-ca.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144400 not_after=20290210144400 md=SHA1 version=3 output_file=$@ 50all_final += test-ca.crt 51 52test-ca.crt.der: test-ca.crt 53 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 54all_final += test-ca.crt.der 55 56test-ca.key.der: $(test_ca_key_file_rsa) 57 $(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER -passin "pass:$(test_ca_pwd_rsa)" 58all_final += test-ca.key.der 59 60test-ca-sha1.crt: $(test_ca_key_file_rsa) test-ca.req.sha256 61 $(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 request_file=test-ca.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144400 not_after=20290210144400 md=SHA1 version=3 output_file=$@ 62all_final += test-ca-sha1.crt 63 64test-ca-sha1.crt.der: test-ca-sha1.crt 65 $(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER 66all_final += test-ca-sha1.crt.der 67 68test-ca-sha256.crt: $(test_ca_key_file_rsa) test-ca.req.sha256 69 $(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 request_file=test-ca.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144400 not_after=20290210144400 md=SHA256 version=3 output_file=$@ 70all_final += test-ca-sha256.crt 71 72test-ca-sha256.crt.der: test-ca-sha256.crt 73 $(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER 74all_final += test-ca-sha256.crt.der 75 76test-ca_utf8.crt: $(test_ca_key_file_rsa) 77 $(OPENSSL) req -x509 -new -nodes -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 3 -config $(test_ca_config_file) -sha1 -days 3653 -utf8 -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test CA" -out $@ 78all_final += test-ca_utf8.crt 79 80test-ca_printable.crt: $(test_ca_key_file_rsa) 81 $(OPENSSL) req -x509 -new -nodes -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 3 -config $(test_ca_config_file) -sha1 -days 3653 -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test CA" -out $@ 82all_final += test-ca_printable.crt 83 84test-ca_uppercase.crt: $(test_ca_key_file_rsa) 85 $(OPENSSL) req -x509 -new -nodes -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 3 -config $(test_ca_config_file) -sha1 -days 3653 -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test CA" -out $@ 86all_final += test-ca_uppercase.crt 87 88test_ca_key_file_rsa_alt = test-ca-alt.key 89 90cert_example_multi.csr: rsa_pkcs1_1024_clear.pem 91 $(OPENSSL) req -new -subj "/C=NL/O=PolarSSL/CN=www.example.com" -set_serial 17 -config $(test_ca_config_file) -extensions dns_alt_names -days 3650 -key rsa_pkcs1_1024_clear.pem -out $@ 92 93cert_example_multi.crt: cert_example_multi.csr 94 $(OPENSSL) x509 -req -CA $(test_ca_crt) -CAkey $(test_ca_key_file_rsa) -extfile $(test_ca_config_file) -extensions dns_alt_names -passin "pass:$(test_ca_pwd_rsa)" -set_serial 17 -days 3653 -sha256 -in $< > $@ 95 96$(test_ca_key_file_rsa_alt):test-ca.opensslconf 97 $(OPENSSL) genrsa -out $@ 2048 98test-ca-alt.csr: $(test_ca_key_file_rsa_alt) $(test_ca_config_file) 99 $(OPENSSL) req -new -config $(test_ca_config_file) -key $(test_ca_key_file_rsa_alt) -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test CA" -out $@ 100all_intermediate += test-ca-alt.csr 101test-ca-alt.crt: $(test_ca_key_file_rsa_alt) $(test_ca_config_file) test-ca-alt.csr 102 $(OPENSSL) req -x509 -config $(test_ca_config_file) -key $(test_ca_key_file_rsa_alt) -set_serial 0 -days 3653 -sha256 -in test-ca-alt.csr -out $@ 103all_final += test-ca-alt.crt 104test-ca-alt-good.crt: test-ca-alt.crt test-ca-sha256.crt 105 cat test-ca-alt.crt test-ca-sha256.crt > $@ 106all_final += test-ca-alt-good.crt 107test-ca-good-alt.crt: test-ca-alt.crt test-ca-sha256.crt 108 cat test-ca-sha256.crt test-ca-alt.crt > $@ 109all_final += test-ca-good-alt.crt 110 111test_ca_crt_file_ec = test-ca2.crt 112test_ca_key_file_ec = test-ca2.key 113 114test-ca2.req.sha256: $(test_ca_key_file_ec) 115 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$(test_ca_key_file_ec) subject_name="C=NL,O=PolarSSL,CN=Polarssl Test EC CA" md=SHA256 116all_intermediate += test-ca2.req.sha256 117 118test-ca2.crt: $(test_ca_key_file_ec) test-ca2.req.sha256 119 $(MBEDTLS_CERT_WRITE) is_ca=1 serial=13926223505202072808 request_file=test-ca2.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=Polarssl Test EC CA" issuer_key=$(test_ca_key_file_ec) not_before=20190210144400 not_after=20290210144400 md=SHA256 version=3 output_file=$@ 120all_final += test-ca.crt 121 122test-ca-any_policy.crt: $(test_ca_key_file_rsa) test-ca.req.sha256 123 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_any_policy_ca -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha256 -in test-ca.req.sha256 -out $@ 124all_final += test-ca-any_policy.crt 125 126test-ca-any_policy_ec.crt: $(test_ca_key_file_ec) test-ca.req_ec.sha256 127 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_any_policy_ca -key $(test_ca_key_file_ec) -set_serial 0 -days 3653 -sha256 -in test-ca.req_ec.sha256 -out $@ 128all_final += test-ca-any_policy_ec.crt 129 130test-ca-any_policy_with_qualifier.crt: $(test_ca_key_file_rsa) test-ca.req.sha256 131 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_any_policy_qualifier_ca -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha256 -in test-ca.req.sha256 -out $@ 132all_final += test-ca-any_policy_with_qualifier.crt 133 134test-ca-any_policy_with_qualifier_ec.crt: $(test_ca_key_file_ec) test-ca.req_ec.sha256 135 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_any_policy_qualifier_ca -key $(test_ca_key_file_ec) -set_serial 0 -days 3653 -sha256 -in test-ca.req_ec.sha256 -out $@ 136all_final += test-ca-any_policy_with_qualifier_ec.crt 137 138test-ca-multi_policy.crt: $(test_ca_key_file_rsa) test-ca.req.sha256 139 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_multi_policy_ca -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha256 -in test-ca.req.sha256 -out $@ 140all_final += test-ca-multi_policy.crt 141 142test-ca-multi_policy_ec.crt: $(test_ca_key_file_ec) test-ca.req_ec.sha256 143 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_multi_policy_ca -key $(test_ca_key_file_ec) -set_serial 0 -days 3653 -sha256 -in test-ca.req_ec.sha256 -out $@ 144all_final += test-ca-multi_policy_ec.crt 145 146test-ca-unsupported_policy.crt: $(test_ca_key_file_rsa) test-ca.req.sha256 147 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_unsupported_policy_ca -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha256 -in test-ca.req.sha256 -out $@ 148all_final += test-ca-unsupported_policy.crt 149 150test-ca-unsupported_policy_ec.crt: $(test_ca_key_file_ec) test-ca.req_ec.sha256 151 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_unsupported_policy_ca -key $(test_ca_key_file_ec) -set_serial 0 -days 3653 -sha256 -in test-ca.req_ec.sha256 -out $@ 152all_final += test-ca-unsupported_policy_ec.crt 153 154test-ca.req_ec.sha256: $(test_ca_key_file_ec) 155 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$(test_ca_key_file_ec) subject_name="C=NL, O=PolarSSL, CN=Polarssl Test EC CA" md=SHA256 156all_intermediate += test-ca.req_ec.sha256 157 158test-ca2.crt.der: $(test_ca_crt_file_ec) 159 $(OPENSSL) x509 -in $(test_ca_crt_file_ec) -out $@ -inform PEM -outform DER 160all_final += test-ca2.crt.der 161 162test-ca2.key.der: $(test_ca_key_file_ec) 163 $(OPENSSL) pkey -in $(test_ca_key_file_ec) -out $@ -inform PEM -outform DER 164all_final += test-ca2.key.der 165 166test_ca_crt_cat12 = test-ca_cat12.crt 167$(test_ca_crt_cat12): $(test_ca_crt) $(test_ca_crt_file_ec) 168 cat $(test_ca_crt) $(test_ca_crt_file_ec) > $@ 169all_final += $(test_ca_crt_cat12) 170 171test_ca_crt_cat21 = test-ca_cat21.crt 172$(test_ca_crt_cat21): $(test_ca_crt) $(test_ca_crt_file_ec) 173 cat $(test_ca_crt_file_ec) $(test_ca_crt) > $@ 174all_final += $(test_ca_crt_cat21) 175 176test-int-ca.csr: test-int-ca.key $(test_ca_config_file) 177 $(OPENSSL) req -new -config $(test_ca_config_file) -key test-int-ca.key -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test Intermediate CA" -out $@ 178all_intermediate += test-int-ca.csr 179test-int-ca-exp.crt: $(test_ca_crt_file_ec) $(test_ca_key_file_ec) $(test_ca_config_file) test-int-ca.csr 180 $(FAKETIME) -f -3653d $(OPENSSL) x509 -req -extfile $(test_ca_config_file) -extensions v3_ca -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) -set_serial 14 -days 3653 -sha256 -in test-int-ca.csr -out $@ 181all_final += test-int-ca-exp.crt 182 183enco-cert-utf8str.pem: rsa_pkcs1_1024_clear.pem 184 $(MBEDTLS_CERT_WRITE) subject_key=rsa_pkcs1_1024_clear.pem subject_name="CN=dw.yonan.net" issuer_crt=enco-ca-prstr.pem issuer_key=rsa_pkcs1_1024_clear.pem not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ 185 186crl-idp.pem: $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_config_file) 187 $(OPENSSL) ca -gencrl -batch -cert $(test_ca_crt) -keyfile $(test_ca_key_file_rsa) -key $(test_ca_pwd_rsa) -config $(test_ca_config_file) -name test_ca -md sha256 -crldays 3653 -crlexts crl_ext_idp -out $@ 188all_final += crl-idp.pem 189crl-idpnc.pem: $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_config_file) 190 $(OPENSSL) ca -gencrl -batch -cert $(test_ca_crt) -keyfile $(test_ca_key_file_rsa) -key $(test_ca_pwd_rsa) -config $(test_ca_config_file) -name test_ca -md sha256 -crldays 3653 -crlexts crl_ext_idp_nc -out $@ 191all_final += crl-idpnc.pem 192 193cli_crt_key_file_rsa = cli-rsa.key 194cli_crt_extensions_file = cli.opensslconf 195 196cli-rsa.csr: $(cli_crt_key_file_rsa) 197 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Client 2" md=SHA1 198all_intermediate += cli-rsa.csr 199 200cli-rsa-sha1.crt: cli-rsa.csr 201 $(MBEDTLS_CERT_WRITE) request_file=$< serial=4 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ 202 203cli-rsa-sha256.crt: cli-rsa.csr 204 $(MBEDTLS_CERT_WRITE) request_file=$< serial=4 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA256 version=3 output_file=$@ 205all_final += cli-rsa-sha256.crt 206 207cli-rsa-sha256.crt.der: cli-rsa-sha256.crt 208 $(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER 209all_final += cli-rsa-sha256.crt.der 210 211cli-rsa-sha256-badalg.crt.der: cli-rsa-sha256.crt.der 212 hexdump -ve '1/1 "%.2X"' $< | sed "s/06092A864886F70D01010B0500/06092A864886F70D01010B0900/2" | xxd -r -p > $@ 213all_final += cli-rsa-sha256-badalg.crt.der 214 215cli-rsa.key.der: $(cli_crt_key_file_rsa) 216 $(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER 217all_final += cli-rsa.key.der 218 219test_ca_int_rsa1 = test-int-ca.crt 220 221server7.csr: server7.key 222 $(OPENSSL) req -new -key server7.key -subj "/C=NL/O=PolarSSL/CN=localhost" -out $@ 223all_intermediate += server7.csr 224server7-expired.crt: server7.csr $(test_ca_int_rsa1) 225 $(FAKETIME) -f -3653d $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA $(test_ca_int_rsa1) -CAkey test-int-ca.key -set_serial 16 -days 3653 -sha256 -in server7.csr | cat - $(test_ca_int_rsa1) > $@ 226all_final += server7-expired.crt 227server7-future.crt: server7.csr $(test_ca_int_rsa1) 228 $(FAKETIME) -f +3653d $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA $(test_ca_int_rsa1) -CAkey test-int-ca.key -set_serial 16 -days 3653 -sha256 -in server7.csr | cat - $(test_ca_int_rsa1) > $@ 229all_final += server7-future.crt 230server7-badsign.crt: server7.crt $(test_ca_int_rsa1) 231 { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; cat $(test_ca_int_rsa1); } > $@ 232all_final += server7-badsign.crt 233server7_int-ca-exp.crt: server7.crt test-int-ca-exp.crt 234 cat server7.crt test-int-ca-exp.crt > $@ 235all_final += server7_int-ca-exp.crt 236 237cli2.req.sha256: cli2.key 238 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Test Client 2" md=SHA256 239 240all_final += server1.req.sha1 241cli2.crt: cli2.req.sha256 242 $(MBEDTLS_CERT_WRITE) request_file=cli2.req.sha256 serial=13 selfsign=0 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test EC CA" issuer_key=$(test_ca_key_file_ec) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144400 not_after=20290210144400 md=SHA256 version=3 output_file=$@ 243all_final += cli2.crt 244 245cli2.crt.der: cli2.crt 246 $(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER 247all_final += cli2.crt.der 248 249cli2.key.der: cli2.key 250 $(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER 251all_final += cli2.key.der 252 253server5_pwd_ec = PolarSSLTest 254 255server5.crt.der: server5.crt 256 $(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER 257all_final += server5.crt.der 258 259server5.key.der: server5.key 260 $(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER 261all_final += server5.key.der 262 263server5.key.enc: server5.key 264 $(OPENSSL) ec -aes256 -in $< -out $@ -passout "pass:$(server5_pwd_ec)" 265all_final += server5.key.enc 266 267server5-ss-expired.crt: server5.key 268 $(FAKETIME) -f -3653d $(OPENSSL) req -x509 -new -subj "/C=UK/O=mbed TLS/OU=testsuite/CN=localhost" -days 3653 -sha256 -key $< -out $@ 269all_final += server5-ss-expired.crt 270 271# try to forge a copy of test-int-ca3 with different key 272server5-ss-forgeca.crt: server5.key 273 $(FAKETIME) '2015-09-01 14:08:43' $(OPENSSL) req -x509 -new -subj "/C=UK/O=mbed TLS/CN=mbed TLS Test intermediate CA 3" -set_serial 77 -config $(test_ca_config_file) -extensions noext_ca -days 3650 -sha256 -key $< -out $@ 274all_final += server5-ss-forgeca.crt 275 276server5-othername.crt: server5.key 277 $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions othername_san -days 3650 -sha256 -key $< -out $@ 278 279server5-nonprintable_othername.crt: server5.key 280 $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS non-printable othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions nonprintable_othername_san -days 3650 -sha256 -key $< -out $@ 281 282server5-unsupported_othername.crt: server5.key 283 $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS unsupported othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions unsupported_othername_san -days 3650 -sha256 -key $< -out $@ 284 285server5-fan.crt: server5.key 286 $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS FAN" -set_serial 77 -config $(test_ca_config_file) -extensions fan_cert -days 3650 -sha256 -key server5.key -out $@ 287 288server5-tricky-ip-san.crt: server5.key 289 $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS Tricky IP SAN" -set_serial 77 -config $(test_ca_config_file) -extensions tricky_ip_san -days 3650 -sha256 -key server5.key -out $@ 290all_final += server5-tricky-ip-san.crt 291 292server10-badsign.crt: server10.crt 293 { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; } > $@ 294all_final += server10-badsign.crt 295server10-bs_int3.pem: server10-badsign.crt test-int-ca3.crt 296 cat server10-badsign.crt test-int-ca3.crt > $@ 297all_final += server10-bs_int3.pem 298test-int-ca3-badsign.crt: test-int-ca3.crt 299 { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; } > $@ 300all_final += test-int-ca3-badsign.crt 301server10_int3-bs.pem: server10.crt test-int-ca3-badsign.crt 302 cat server10.crt test-int-ca3-badsign.crt > $@ 303all_final += server10_int3-bs.pem 304 305rsa_pkcs1_2048_public.pem: server8.key 306 $(OPENSSL) rsa -in $< -outform PEM -RSAPublicKey_out -out $@ 307all_final += rsa_pkcs1_2048_public.pem 308 309rsa_pkcs1_2048_public.der: rsa_pkcs1_2048_public.pem 310 $(OPENSSL) rsa -RSAPublicKey_in -in $< -outform DER -RSAPublicKey_out -out $@ 311all_final += rsa_pkcs1_2048_public.der 312 313rsa_pkcs8_2048_public.pem: server8.key 314 $(OPENSSL) rsa -in $< -outform PEM -pubout -out $@ 315all_final += rsa_pkcs8_2048_public.pem 316 317rsa_pkcs8_2048_public.der: rsa_pkcs8_2048_public.pem 318 $(OPENSSL) rsa -pubin -in $< -outform DER -pubout -out $@ 319all_final += rsa_pkcs8_2048_public.der 320 321################################################################ 322#### Generate various RSA keys 323################################################################ 324 325### Password used for PKCS1-encoded encrypted RSA keys 326keys_rsa_basic_pwd = testkey 327 328### Password used for PKCS8-encoded encrypted RSA keys 329keys_rsa_pkcs8_pwd = PolarSSLTest 330 331### Basic 1024-, 2048- and 4096-bit unencrypted RSA keys from which 332### all other encrypted RSA keys are derived. 333rsa_pkcs1_1024_clear.pem: 334 $(OPENSSL) genrsa -out $@ 1024 335all_final += rsa_pkcs1_1024_clear.pem 336rsa_pkcs1_2048_clear.pem: 337 $(OPENSSL) genrsa -out $@ 2048 338all_final += rsa_pkcs1_2048_clear.pem 339rsa_pkcs1_4096_clear.pem: 340 $(OPENSSL) genrsa -out $@ 4096 341all_final += rsa_pkcs1_4096_clear.pem 342 343### 344### PKCS1-encoded, encrypted RSA keys 345### 346 347### 1024-bit 348rsa_pkcs1_1024_des.pem: rsa_pkcs1_1024_clear.pem 349 $(OPENSSL) rsa -des -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 350all_final += rsa_pkcs1_1024_des.pem 351rsa_pkcs1_1024_3des.pem: rsa_pkcs1_1024_clear.pem 352 $(OPENSSL) rsa -des3 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 353all_final += rsa_pkcs1_1024_3des.pem 354rsa_pkcs1_1024_aes128.pem: rsa_pkcs1_1024_clear.pem 355 $(OPENSSL) rsa -aes128 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 356all_final += rsa_pkcs1_1024_aes128.pem 357rsa_pkcs1_1024_aes192.pem: rsa_pkcs1_1024_clear.pem 358 $(OPENSSL) rsa -aes192 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 359all_final += rsa_pkcs1_1024_aes192.pem 360rsa_pkcs1_1024_aes256.pem: rsa_pkcs1_1024_clear.pem 361 $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 362all_final += rsa_pkcs1_1024_aes256.pem 363keys_rsa_enc_basic_1024: rsa_pkcs1_1024_des.pem rsa_pkcs1_1024_3des.pem rsa_pkcs1_1024_aes128.pem rsa_pkcs1_1024_aes192.pem rsa_pkcs1_1024_aes256.pem 364 365# 2048-bit 366rsa_pkcs1_2048_des.pem: rsa_pkcs1_2048_clear.pem 367 $(OPENSSL) rsa -des -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 368all_final += rsa_pkcs1_2048_des.pem 369rsa_pkcs1_2048_3des.pem: rsa_pkcs1_2048_clear.pem 370 $(OPENSSL) rsa -des3 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 371all_final += rsa_pkcs1_2048_3des.pem 372rsa_pkcs1_2048_aes128.pem: rsa_pkcs1_2048_clear.pem 373 $(OPENSSL) rsa -aes128 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 374all_final += rsa_pkcs1_2048_aes128.pem 375rsa_pkcs1_2048_aes192.pem: rsa_pkcs1_2048_clear.pem 376 $(OPENSSL) rsa -aes192 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 377all_final += rsa_pkcs1_2048_aes192.pem 378rsa_pkcs1_2048_aes256.pem: rsa_pkcs1_2048_clear.pem 379 $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 380all_final += rsa_pkcs1_2048_aes256.pem 381keys_rsa_enc_basic_2048: rsa_pkcs1_2048_des.pem rsa_pkcs1_2048_3des.pem rsa_pkcs1_2048_aes128.pem rsa_pkcs1_2048_aes192.pem rsa_pkcs1_2048_aes256.pem 382 383# 4096-bit 384rsa_pkcs1_4096_des.pem: rsa_pkcs1_4096_clear.pem 385 $(OPENSSL) rsa -des -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 386all_final += rsa_pkcs1_4096_des.pem 387rsa_pkcs1_4096_3des.pem: rsa_pkcs1_4096_clear.pem 388 $(OPENSSL) rsa -des3 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 389all_final += rsa_pkcs1_4096_3des.pem 390rsa_pkcs1_4096_aes128.pem: rsa_pkcs1_4096_clear.pem 391 $(OPENSSL) rsa -aes128 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 392all_final += rsa_pkcs1_4096_aes128.pem 393rsa_pkcs1_4096_aes192.pem: rsa_pkcs1_4096_clear.pem 394 $(OPENSSL) rsa -aes192 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 395all_final += rsa_pkcs1_4096_aes192.pem 396rsa_pkcs1_4096_aes256.pem: rsa_pkcs1_4096_clear.pem 397 $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 398all_final += rsa_pkcs1_4096_aes256.pem 399keys_rsa_enc_basic_4096: rsa_pkcs1_4096_des.pem rsa_pkcs1_4096_3des.pem rsa_pkcs1_4096_aes128.pem rsa_pkcs1_4096_aes192.pem rsa_pkcs1_4096_aes256.pem 400 401### 402### PKCS8-v1 encoded, encrypted RSA keys 403### 404 405### 1024-bit 406rsa_pkcs8_pbe_sha1_1024_3des.der: rsa_pkcs1_1024_clear.pem 407 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES 408all_final += rsa_pkcs8_pbe_sha1_1024_3des.der 409rsa_pkcs8_pbe_sha1_1024_3des.pem: rsa_pkcs1_1024_clear.pem 410 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES 411all_final += rsa_pkcs8_pbe_sha1_1024_3des.pem 412keys_rsa_enc_pkcs8_v1_1024_3des: rsa_pkcs8_pbe_sha1_1024_3des.pem rsa_pkcs8_pbe_sha1_1024_3des.der 413 414rsa_pkcs8_pbe_sha1_1024_2des.der: rsa_pkcs1_1024_clear.pem 415 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES 416all_final += rsa_pkcs8_pbe_sha1_1024_2des.der 417rsa_pkcs8_pbe_sha1_1024_2des.pem: rsa_pkcs1_1024_clear.pem 418 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES 419all_final += rsa_pkcs8_pbe_sha1_1024_2des.pem 420keys_rsa_enc_pkcs8_v1_1024_2des: rsa_pkcs8_pbe_sha1_1024_2des.pem rsa_pkcs8_pbe_sha1_1024_2des.der 421 422keys_rsa_enc_pkcs8_v1_1024: keys_rsa_enc_pkcs8_v1_1024_3des keys_rsa_enc_pkcs8_v1_1024_2des 423 424### 2048-bit 425rsa_pkcs8_pbe_sha1_2048_3des.der: rsa_pkcs1_2048_clear.pem 426 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES 427all_final += rsa_pkcs8_pbe_sha1_2048_3des.der 428rsa_pkcs8_pbe_sha1_2048_3des.pem: rsa_pkcs1_2048_clear.pem 429 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES 430all_final += rsa_pkcs8_pbe_sha1_2048_3des.pem 431keys_rsa_enc_pkcs8_v1_2048_3des: rsa_pkcs8_pbe_sha1_2048_3des.pem rsa_pkcs8_pbe_sha1_2048_3des.der 432 433rsa_pkcs8_pbe_sha1_2048_2des.der: rsa_pkcs1_2048_clear.pem 434 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES 435all_final += rsa_pkcs8_pbe_sha1_2048_2des.der 436rsa_pkcs8_pbe_sha1_2048_2des.pem: rsa_pkcs1_2048_clear.pem 437 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES 438all_final += rsa_pkcs8_pbe_sha1_2048_2des.pem 439keys_rsa_enc_pkcs8_v1_2048_2des: rsa_pkcs8_pbe_sha1_2048_2des.pem rsa_pkcs8_pbe_sha1_2048_2des.der 440 441keys_rsa_enc_pkcs8_v1_2048: keys_rsa_enc_pkcs8_v1_2048_3des keys_rsa_enc_pkcs8_v1_2048_2des 442 443### 4096-bit 444rsa_pkcs8_pbe_sha1_4096_3des.der: rsa_pkcs1_4096_clear.pem 445 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES 446all_final += rsa_pkcs8_pbe_sha1_4096_3des.der 447rsa_pkcs8_pbe_sha1_4096_3des.pem: rsa_pkcs1_4096_clear.pem 448 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES 449all_final += rsa_pkcs8_pbe_sha1_4096_3des.pem 450keys_rsa_enc_pkcs8_v1_4096_3des: rsa_pkcs8_pbe_sha1_4096_3des.pem rsa_pkcs8_pbe_sha1_4096_3des.der 451 452rsa_pkcs8_pbe_sha1_4096_2des.der: rsa_pkcs1_4096_clear.pem 453 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES 454all_final += rsa_pkcs8_pbe_sha1_4096_2des.der 455rsa_pkcs8_pbe_sha1_4096_2des.pem: rsa_pkcs1_4096_clear.pem 456 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES 457all_final += rsa_pkcs8_pbe_sha1_4096_2des.pem 458keys_rsa_enc_pkcs8_v1_4096_2des: rsa_pkcs8_pbe_sha1_4096_2des.pem rsa_pkcs8_pbe_sha1_4096_2des.der 459 460keys_rsa_enc_pkcs8_v1_4096: keys_rsa_enc_pkcs8_v1_4096_3des keys_rsa_enc_pkcs8_v1_4096_2des 461 462### 463### PKCS8-v2 encoded, encrypted RSA keys, no PRF specified (default for OpenSSL1.0: hmacWithSHA1) 464### 465 466### 1024-bit 467rsa_pkcs8_pbes2_pbkdf2_1024_3des.der: rsa_pkcs1_1024_clear.pem 468 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 469all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des.der 470rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem: rsa_pkcs1_1024_clear.pem 471 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 472all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem 473keys_rsa_enc_pkcs8_v2_1024_3des: rsa_pkcs8_pbes2_pbkdf2_1024_3des.der rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem 474 475rsa_pkcs8_pbes2_pbkdf2_1024_des.der: rsa_pkcs1_1024_clear.pem 476 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 477all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des.der 478rsa_pkcs8_pbes2_pbkdf2_1024_des.pem: rsa_pkcs1_1024_clear.pem 479 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 480all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des.pem 481keys_rsa_enc_pkcs8_v2_1024_des: rsa_pkcs8_pbes2_pbkdf2_1024_des.der rsa_pkcs8_pbes2_pbkdf2_1024_des.pem 482 483keys_rsa_enc_pkcs8_v2_1024: keys_rsa_enc_pkcs8_v2_1024_3des keys_rsa_enc_pkcs8_v2_1024_des 484 485### 2048-bit 486rsa_pkcs8_pbes2_pbkdf2_2048_3des.der: rsa_pkcs1_2048_clear.pem 487 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 488all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des.der 489rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem: rsa_pkcs1_2048_clear.pem 490 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 491all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem 492keys_rsa_enc_pkcs8_v2_2048_3des: rsa_pkcs8_pbes2_pbkdf2_2048_3des.der rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem 493 494rsa_pkcs8_pbes2_pbkdf2_2048_des.der: rsa_pkcs1_2048_clear.pem 495 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 496all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des.der 497rsa_pkcs8_pbes2_pbkdf2_2048_des.pem: rsa_pkcs1_2048_clear.pem 498 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 499all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des.pem 500keys_rsa_enc_pkcs8_v2_2048_des: rsa_pkcs8_pbes2_pbkdf2_2048_des.der rsa_pkcs8_pbes2_pbkdf2_2048_des.pem 501 502keys_rsa_enc_pkcs8_v2_2048: keys_rsa_enc_pkcs8_v2_2048_3des keys_rsa_enc_pkcs8_v2_2048_des 503 504### 4096-bit 505rsa_pkcs8_pbes2_pbkdf2_4096_3des.der: rsa_pkcs1_4096_clear.pem 506 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 507all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des.der 508rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem: rsa_pkcs1_4096_clear.pem 509 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 510all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem 511keys_rsa_enc_pkcs8_v2_4096_3des: rsa_pkcs8_pbes2_pbkdf2_4096_3des.der rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem 512 513rsa_pkcs8_pbes2_pbkdf2_4096_des.der: rsa_pkcs1_4096_clear.pem 514 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 515all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des.der 516rsa_pkcs8_pbes2_pbkdf2_4096_des.pem: rsa_pkcs1_4096_clear.pem 517 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 518all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des.pem 519keys_rsa_enc_pkcs8_v2_4096_des: rsa_pkcs8_pbes2_pbkdf2_4096_des.der rsa_pkcs8_pbes2_pbkdf2_4096_des.pem 520 521keys_rsa_enc_pkcs8_v2_4096: keys_rsa_enc_pkcs8_v2_4096_3des keys_rsa_enc_pkcs8_v2_4096_des 522 523### 524### PKCS8-v2 encoded, encrypted RSA keys, PRF hmacWithSHA224 525### 526 527### 1024-bit 528rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der: rsa_pkcs1_1024_clear.pem 529 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 530all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der 531rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem: rsa_pkcs1_1024_clear.pem 532 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 533all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem 534keys_rsa_enc_pkcs8_v2_1024_3des_sha224: rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem 535 536rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der: rsa_pkcs1_1024_clear.pem 537 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 538all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der 539rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem: rsa_pkcs1_1024_clear.pem 540 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 541all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem 542keys_rsa_enc_pkcs8_v2_1024_des_sha224: rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem 543 544keys_rsa_enc_pkcs8_v2_1024_sha224: keys_rsa_enc_pkcs8_v2_1024_3des_sha224 keys_rsa_enc_pkcs8_v2_1024_des_sha224 545 546### 2048-bit 547rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der: rsa_pkcs1_2048_clear.pem 548 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 549all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der 550rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem: rsa_pkcs1_2048_clear.pem 551 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 552all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem 553keys_rsa_enc_pkcs8_v2_2048_3des_sha224: rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem 554 555rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der: rsa_pkcs1_2048_clear.pem 556 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 557all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der 558rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem: rsa_pkcs1_2048_clear.pem 559 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 560all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem 561keys_rsa_enc_pkcs8_v2_2048_des_sha224: rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem 562 563keys_rsa_enc_pkcs8_v2_2048_sha224: keys_rsa_enc_pkcs8_v2_2048_3des_sha224 keys_rsa_enc_pkcs8_v2_2048_des_sha224 564 565### 4096-bit 566rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der: rsa_pkcs1_4096_clear.pem 567 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 568all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der 569rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem: rsa_pkcs1_4096_clear.pem 570 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 571all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem 572keys_rsa_enc_pkcs8_v2_4096_3des_sha224: rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem 573 574rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der: rsa_pkcs1_4096_clear.pem 575 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 576all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der 577rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem: rsa_pkcs1_4096_clear.pem 578 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 579all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem 580keys_rsa_enc_pkcs8_v2_4096_des_sha224: rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem 581 582keys_rsa_enc_pkcs8_v2_4096_sha224: keys_rsa_enc_pkcs8_v2_4096_3des_sha224 keys_rsa_enc_pkcs8_v2_4096_des_sha224 583 584### 585### PKCS8-v2 encoded, encrypted RSA keys, PRF hmacWithSHA256 586### 587 588### 1024-bit 589rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.der: rsa_pkcs1_1024_clear.pem 590 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 591all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.der 592rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.pem: rsa_pkcs1_1024_clear.pem 593 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 594all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.pem 595keys_rsa_enc_pkcs8_v2_1024_3des_sha256: rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.der rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.pem 596 597rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.der: rsa_pkcs1_1024_clear.pem 598 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 599all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.der 600rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.pem: rsa_pkcs1_1024_clear.pem 601 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 602all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.pem 603keys_rsa_enc_pkcs8_v2_1024_des_sha256: rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.der rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.pem 604 605keys_rsa_enc_pkcs8_v2_1024_sha256: keys_rsa_enc_pkcs8_v2_1024_3des_sha256 keys_rsa_enc_pkcs8_v2_1024_des_sha256 606 607### 2048-bit 608rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.der: rsa_pkcs1_2048_clear.pem 609 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 610all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.der 611rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem: rsa_pkcs1_2048_clear.pem 612 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 613all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem 614keys_rsa_enc_pkcs8_v2_2048_3des_sha256: rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.der rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem 615 616rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.der: rsa_pkcs1_2048_clear.pem 617 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 618all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.der 619rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem: rsa_pkcs1_2048_clear.pem 620 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 621all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem 622keys_rsa_enc_pkcs8_v2_2048_des_sha256: rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.der rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem 623 624keys_rsa_enc_pkcs8_v2_2048_sha256: keys_rsa_enc_pkcs8_v2_2048_3des_sha256 keys_rsa_enc_pkcs8_v2_2048_des_sha256 625 626### 4096-bit 627rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der: rsa_pkcs1_4096_clear.pem 628 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 629all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der 630rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem: rsa_pkcs1_4096_clear.pem 631 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 632all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem 633keys_rsa_enc_pkcs8_v2_4096_3des_sha256: rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem 634 635rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der: rsa_pkcs1_4096_clear.pem 636 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 637all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der 638rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem: rsa_pkcs1_4096_clear.pem 639 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 640all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem 641keys_rsa_enc_pkcs8_v2_4096_des_sha256: rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem 642 643keys_rsa_enc_pkcs8_v2_4096_sha256: keys_rsa_enc_pkcs8_v2_4096_3des_sha256 keys_rsa_enc_pkcs8_v2_4096_des_sha256 644 645### 646### PKCS8-v2 encoded, encrypted RSA keys, PRF hmacWithSHA384 647### 648 649### 1024-bit 650rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.der: rsa_pkcs1_1024_clear.pem 651 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 652all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.der 653rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem: rsa_pkcs1_1024_clear.pem 654 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 655all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem 656keys_rsa_enc_pkcs8_v2_1024_3des_sha384: rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.der rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem 657 658rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.der: rsa_pkcs1_1024_clear.pem 659 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 660all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.der 661rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.pem: rsa_pkcs1_1024_clear.pem 662 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 663all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.pem 664keys_rsa_enc_pkcs8_v2_1024_des_sha384: rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.der rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.pem 665 666keys_rsa_enc_pkcs8_v2_1024_sha384: keys_rsa_enc_pkcs8_v2_1024_3des_sha384 keys_rsa_enc_pkcs8_v2_1024_des_sha384 667 668### 2048-bit 669rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der: rsa_pkcs1_2048_clear.pem 670 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 671all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der 672rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem: rsa_pkcs1_2048_clear.pem 673 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 674all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem 675keys_rsa_enc_pkcs8_v2_2048_3des_sha384: rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem 676 677rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der: rsa_pkcs1_2048_clear.pem 678 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 679all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der 680rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem: rsa_pkcs1_2048_clear.pem 681 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 682all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem 683keys_rsa_enc_pkcs8_v2_2048_des_sha384: rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem 684 685keys_rsa_enc_pkcs8_v2_2048_sha384: keys_rsa_enc_pkcs8_v2_2048_3des_sha384 keys_rsa_enc_pkcs8_v2_2048_des_sha384 686 687### 4096-bit 688rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der: rsa_pkcs1_4096_clear.pem 689 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 690all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der 691rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem: rsa_pkcs1_4096_clear.pem 692 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 693all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem 694keys_rsa_enc_pkcs8_v2_4096_3des_sha384: rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem 695 696rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der: rsa_pkcs1_4096_clear.pem 697 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 698all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der 699rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem: rsa_pkcs1_4096_clear.pem 700 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 701all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem 702keys_rsa_enc_pkcs8_v2_4096_des_sha384: rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem 703 704keys_rsa_enc_pkcs8_v2_4096_sha384: keys_rsa_enc_pkcs8_v2_4096_3des_sha384 keys_rsa_enc_pkcs8_v2_4096_des_sha384 705 706### 707### PKCS8-v2 encoded, encrypted RSA keys, PRF hmacWithSHA512 708### 709 710### 1024-bit 711rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.der: rsa_pkcs1_1024_clear.pem 712 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 713all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.der 714rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.pem: rsa_pkcs1_1024_clear.pem 715 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 716all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.pem 717keys_rsa_enc_pkcs8_v2_1024_3des_sha512: rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.der rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.pem 718 719rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.der: rsa_pkcs1_1024_clear.pem 720 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 721all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.der 722rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.pem: rsa_pkcs1_1024_clear.pem 723 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 724all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.pem 725keys_rsa_enc_pkcs8_v2_1024_des_sha512: rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.der rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.pem 726 727keys_rsa_enc_pkcs8_v2_1024_sha512: keys_rsa_enc_pkcs8_v2_1024_3des_sha512 keys_rsa_enc_pkcs8_v2_1024_des_sha512 728 729### 2048-bit 730rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.der: rsa_pkcs1_2048_clear.pem 731 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 732all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.der 733rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem: rsa_pkcs1_2048_clear.pem 734 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 735all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem 736keys_rsa_enc_pkcs8_v2_2048_3des_sha512: rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.der rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem 737 738rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.der: rsa_pkcs1_2048_clear.pem 739 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 740all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.der 741rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem: rsa_pkcs1_2048_clear.pem 742 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 743all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem 744keys_rsa_enc_pkcs8_v2_2048_des_sha512: rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.der rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem 745 746keys_rsa_enc_pkcs8_v2_2048_sha512: keys_rsa_enc_pkcs8_v2_2048_3des_sha512 keys_rsa_enc_pkcs8_v2_2048_des_sha512 747 748### 4096-bit 749rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der: rsa_pkcs1_4096_clear.pem 750 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 751all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der 752rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem: rsa_pkcs1_4096_clear.pem 753 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 754all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem 755keys_rsa_enc_pkcs8_v2_4096_3des_sha512: rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem 756 757rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der: rsa_pkcs1_4096_clear.pem 758 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 759all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der 760rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem: rsa_pkcs1_4096_clear.pem 761 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 762all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem 763keys_rsa_enc_pkcs8_v2_4096_des_sha512: rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem 764 765keys_rsa_enc_pkcs8_v2_4096_sha512: keys_rsa_enc_pkcs8_v2_4096_3des_sha512 keys_rsa_enc_pkcs8_v2_4096_des_sha512 766 767### 768### Rules to generate all RSA keys from a particular class 769### 770 771### Generate basic unencrypted RSA keys 772keys_rsa_unenc: rsa_pkcs1_1024_clear.pem rsa_pkcs1_2048_clear.pem rsa_pkcs1_4096_clear.pem 773 774### Generate PKCS1-encoded encrypted RSA keys 775keys_rsa_enc_basic: keys_rsa_enc_basic_1024 keys_rsa_enc_basic_2048 keys_rsa_enc_basic_4096 776 777### Generate PKCS8-v1 encrypted RSA keys 778keys_rsa_enc_pkcs8_v1: keys_rsa_enc_pkcs8_v1_1024 keys_rsa_enc_pkcs8_v1_2048 keys_rsa_enc_pkcs8_v1_4096 779 780### Generate PKCS8-v2 encrypted RSA keys 781keys_rsa_enc_pkcs8_v2: keys_rsa_enc_pkcs8_v2_1024 keys_rsa_enc_pkcs8_v2_2048 keys_rsa_enc_pkcs8_v2_4096 keys_rsa_enc_pkcs8_v2_1024_sha224 keys_rsa_enc_pkcs8_v2_2048_sha224 keys_rsa_enc_pkcs8_v2_4096_sha224 keys_rsa_enc_pkcs8_v2_1024_sha256 keys_rsa_enc_pkcs8_v2_2048_sha256 keys_rsa_enc_pkcs8_v2_4096_sha256 keys_rsa_enc_pkcs8_v2_1024_sha384 keys_rsa_enc_pkcs8_v2_2048_sha384 keys_rsa_enc_pkcs8_v2_4096_sha384 keys_rsa_enc_pkcs8_v2_1024_sha512 keys_rsa_enc_pkcs8_v2_2048_sha512 keys_rsa_enc_pkcs8_v2_4096_sha512 782 783### Generate all RSA keys 784keys_rsa_all: keys_rsa_unenc keys_rsa_enc_basic keys_rsa_enc_pkcs8_v1 keys_rsa_enc_pkcs8_v2 785 786################################################################ 787#### Generate various EC keys 788################################################################ 789 790### 791### PKCS8 encoded 792### 793 794ec_prv.pk8.der: 795 $(OPENSSL) genpkey -algorithm EC -pkeyopt ec_paramgen_curve:prime192v1 -pkeyopt ec_param_enc:named_curve -out $@ -outform DER 796all_final += ec_prv.pk8.der 797 798# ### Instructions for creating `ec_prv.pk8nopub.der`, 799# ### `ec_prv.pk8nopubparam.der`, and `ec_prv.pk8param.der` by hand from 800# ### `ec_prv.pk8.der`. 801# 802# These instructions assume you are familiar with ASN.1 DER encoding and can 803# use a hex editor to manipulate DER. 804# 805# The relevant ASN.1 definitions for a PKCS#8 encoded Elliptic Curve key are: 806# 807# PrivateKeyInfo ::= SEQUENCE { 808# version Version, 809# privateKeyAlgorithm PrivateKeyAlgorithmIdentifier, 810# privateKey PrivateKey, 811# attributes [0] IMPLICIT Attributes OPTIONAL 812# } 813# 814# AlgorithmIdentifier ::= SEQUENCE { 815# algorithm OBJECT IDENTIFIER, 816# parameters ANY DEFINED BY algorithm OPTIONAL 817# } 818# 819# ECParameters ::= CHOICE { 820# namedCurve OBJECT IDENTIFIER 821# -- implicitCurve NULL 822# -- specifiedCurve SpecifiedECDomain 823# } 824# 825# ECPrivateKey ::= SEQUENCE { 826# version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1), 827# privateKey OCTET STRING, 828# parameters [0] ECParameters {{ NamedCurve }} OPTIONAL, 829# publicKey [1] BIT STRING OPTIONAL 830# } 831# 832# `ec_prv.pk8.der` as generatde above by OpenSSL should have the following 833# fields: 834# 835# * privateKeyAlgorithm namedCurve 836# * privateKey.parameters NOT PRESENT 837# * privateKey.publicKey PRESENT 838# * attributes NOT PRESENT 839# 840# # ec_prv.pk8nopub.der 841# 842# Take `ec_prv.pk8.der` and remove `privateKey.publicKey`. 843# 844# # ec_prv.pk8nopubparam.der 845# 846# Take `ec_prv.pk8nopub.der` and add `privateKey.parameters`, the same value as 847# `privateKeyAlgorithm.namedCurve`. Don't forget to add the explicit tag. 848# 849# # ec_prv.pk8param.der 850# 851# Take `ec_prv.pk8.der` and add `privateKey.parameters`, the same value as 852# `privateKeyAlgorithm.namedCurve`. Don't forget to add the explicit tag. 853 854ec_prv.pk8.pem: ec_prv.pk8.der 855 $(OPENSSL) pkey -in $< -inform DER -out $@ 856all_final += ec_prv.pk8.pem 857ec_prv.pk8nopub.pem: ec_prv.pk8nopub.der 858 $(OPENSSL) pkey -in $< -inform DER -out $@ 859all_final += ec_prv.pk8nopub.pem 860ec_prv.pk8nopubparam.pem: ec_prv.pk8nopubparam.der 861 $(OPENSSL) pkey -in $< -inform DER -out $@ 862all_final += ec_prv.pk8nopubparam.pem 863ec_prv.pk8param.pem: ec_prv.pk8param.der 864 $(OPENSSL) pkey -in $< -inform DER -out $@ 865all_final += ec_prv.pk8param.pem 866 867################################################################ 868### Generate CSRs for X.509 write test suite 869################################################################ 870 871server1.req.sha1: server1.key 872 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 873all_final += server1.req.sha1 874 875server1.req.md5: server1.key 876 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=MD5 877all_final += server1.req.md5 878 879server1.req.sha224: server1.key 880 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA224 881all_final += server1.req.sha224 882 883server1.req.sha256: server1.key 884 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA256 885all_final += server1.req.sha256 886 887server1.req.sha256.ext: server1.key 888 # Generating this with OpenSSL as a comparison point to test we're getting the same result 889 openssl req -new -out $@ -key $< -subj '/C=NL/O=PolarSSL/CN=PolarSSL Server 1' -sha256 -addext "extendedKeyUsage=serverAuth" 890all_final += server1.req.sha256.ext 891 892server1.req.sha384: server1.key 893 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA384 894all_final += server1.req.sha384 895 896server1.req.sha512: server1.key 897 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA512 898all_final += server1.req.sha512 899 900server1.req.cert_type: server1.key 901 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< ns_cert_type=ssl_server subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 902all_final += server1.req.cert_type 903 904server1.req.key_usage: server1.key 905 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< key_usage=digital_signature,non_repudiation,key_encipherment subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 906all_final += server1.req.key_usage 907 908server1.req.ku-ct: server1.key 909 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< key_usage=digital_signature,non_repudiation,key_encipherment ns_cert_type=ssl_server subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 910all_final += server1.req.ku-ct 911 912server1.req.key_usage_empty: server1.key 913 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 force_key_usage=1 914all_final += server1.req.key_usage_empty 915 916server1.req.cert_type_empty: server1.key 917 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 force_ns_cert_type=1 918all_final += server1.req.cert_type_empty 919 920server1.req.commas.sha256: server1.key 921 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL\, Commas,CN=PolarSSL Server 1" md=SHA256 922all_final += server1.req.commas.sha256 923 924# server2* 925 926server2_pwd_ec = PolarSSLTest 927 928server2.req.sha256: server2.key 929 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=localhost" md=SHA256 930all_intermediate += server2.req.sha256 931 932server2.crt.der: server2.crt 933 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 934all_final += server2.crt.der 935 936server2-sha256.crt.der: server2-sha256.crt 937 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 938all_final += server2-sha256.crt.der 939 940server2.key.der: server2.key 941 $(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER 942all_final += server2.key.der 943 944server2.key.enc: server2.key 945 $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(server2_pwd_ec)" 946all_final += server2.key.enc 947 948# server5* 949 950# The use of 'Server 1' in the DN is intentional here, as the DN is hardcoded in the x509_write test suite.' 951server5.req.ku.sha1: server5.key 952 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< key_usage=digital_signature,non_repudiation subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 953all_final += server5.req.ku.sha1 954 955################################################################ 956### Generate certificates for CRT write check tests 957################################################################ 958 959### The test files use the Mbed TLS generated certificates server1*.crt, 960### but for comparison with OpenSSL also rules for OpenSSL-generated 961### certificates server1*.crt.openssl are offered. 962### 963### Known differences: 964### * OpenSSL encodes trailing zero-bits in bit-strings occurring in X.509 extension 965### as unused bits, while Mbed TLS doesn't. 966 967test_ca_server1_db = test-ca.server1.db 968test_ca_server1_serial = test-ca.server1.serial 969test_ca_server1_config_file = test-ca.server1.opensslconf 970 971# server1* 972 973server1.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 974 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ 975server1.noauthid.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 976 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 authority_identifier=0 version=3 output_file=$@ 977server1.crt.der: server1.crt 978 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 authority_identifier=0 version=3 output_file=$@ 979server1.der: server1.crt 980 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 981server1.commas.crt: server1.key server1.req.commas.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 982 $(MBEDTLS_CERT_WRITE) request_file=server1.req.commas.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ 983all_final += server1.crt server1.noauthid.crt server1.crt.der server1.commas.crt 984 985server1.key_usage.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 986 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 key_usage=digital_signature,non_repudiation,key_encipherment version=3 output_file=$@ 987server1.key_usage_noauthid.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 988 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 key_usage=digital_signature,non_repudiation,key_encipherment authority_identifier=0 version=3 output_file=$@ 989server1.key_usage.der: server1.key_usage.crt 990 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 991all_final += server1.key_usage.crt server1.key_usage_noauthid.crt server1.key_usage.der 992 993server1.cert_type.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 994 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 ns_cert_type=ssl_server version=3 output_file=$@ 995server1.cert_type_noauthid.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 996 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 ns_cert_type=ssl_server authority_identifier=0 version=3 output_file=$@ 997server1.cert_type.der: server1.cert_type.crt 998 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 999all_final += server1.cert_type.crt server1.cert_type_noauthid.crt server1.cert_type.der 1000 1001server1.v1.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 1002 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 version=1 output_file=$@ 1003server1.v1.der: server1.v1.crt 1004 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 1005all_final += server1.v1.crt server1.v1.der 1006 1007server1.ca.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 1008 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 is_ca=1 version=3 output_file=$@ 1009server1.ca_noauthid.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 1010 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 authority_identifier=0 is_ca=1 version=3 output_file=$@ 1011server1.ca.der: server1.ca.crt 1012 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 1013all_final += server1.ca.crt server1.ca_noauthid.crt server1.ca.der 1014 1015server1_ca.crt: server1.crt $(test_ca_crt) 1016 cat server1.crt $(test_ca_crt) > $@ 1017all_final += server1_ca.crt 1018 1019cert_sha1.crt: server1.key 1020 $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=PolarSSL Cert SHA1" serial=7 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ 1021all_final += cert_sha1.crt 1022 1023cert_sha224.crt: server1.key 1024 $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=PolarSSL Cert SHA224" serial=8 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA224 version=3 output_file=$@ 1025all_final += cert_sha224.crt 1026 1027cert_sha256.crt: server1.key 1028 $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=PolarSSL Cert SHA256" serial=9 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA256 version=3 output_file=$@ 1029all_final += cert_sha256.crt 1030 1031cert_sha384.crt: server1.key 1032 $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=PolarSSL Cert SHA384" serial=10 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA384 version=3 output_file=$@ 1033all_final += cert_sha384.crt 1034 1035cert_sha512.crt: server1.key 1036 $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=PolarSSL Cert SHA512" serial=11 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA512 version=3 output_file=$@ 1037all_final += cert_sha512.crt 1038 1039cert_example_wildcard.crt: server1.key 1040 $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=*.example.com" serial=12 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ 1041all_final += cert_example_wildcard.crt 1042 1043# OpenSSL-generated certificates for comparison 1044# Also provide certificates in DER format to allow 1045# direct binary comparison using e.g. dumpasn1 1046server1.crt.openssl server1.key_usage.crt.openssl server1.cert_type.crt.openssl: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_server1_config_file) 1047 echo "01" > $(test_ca_server1_serial) 1048 rm -f $(test_ca_server1_db) 1049 touch $(test_ca_server1_db) 1050 $(OPENSSL) ca -batch -passin "pass:$(test_ca_pwd_rsa)" -config $(test_ca_server1_config_file) -in server1.req.sha256 -extensions v3_ext -extfile $@.v3_ext -out $@ 1051server1.der.openssl: server1.crt.openssl 1052 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 1053server1.key_usage.der.openssl: server1.key_usage.crt.openssl 1054 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 1055server1.cert_type.der.openssl: server1.cert_type.crt.openssl 1056 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 1057 1058server1.v1.crt.openssl: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_server1_config_file) 1059 echo "01" > $(test_ca_server1_serial) 1060 rm -f $(test_ca_server1_db) 1061 touch $(test_ca_server1_db) 1062 $(OPENSSL) ca -batch -passin "pass:$(test_ca_pwd_rsa)" -config $(test_ca_server1_config_file) -in server1.req.sha256 -out $@ 1063server1.v1.der.openssl: server1.v1.crt.openssl 1064 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 1065 1066# To revoke certificate in the openssl database: 1067# 1068# $(OPENSSL) ca -gencrl -batch -cert $(test_ca_crt) -keyfile $(test_ca_key_file_rsa) -key $(test_ca_pwd_rsa) -config $(test_ca_server1_config_file) -md sha256 -crldays 365 -revoke server1.crt 1069 1070crl.pem: $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_config_file) 1071 $(OPENSSL) ca -gencrl -batch -cert $(test_ca_crt) -keyfile $(test_ca_key_file_rsa) -key $(test_ca_pwd_rsa) -config $(test_ca_server1_config_file) -md sha1 -crldays 3653 -out $@ 1072 1073crl-futureRevocationDate.pem: $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_config_file) test-ca.server1.future-crl.db test-ca.server1.future-crl.opensslconf 1074 $(FAKETIME) '2028-12-31' $(OPENSSL) ca -gencrl -config test-ca.server1.future-crl.opensslconf -crldays 365 -passin "pass:$(test_ca_pwd_rsa)" -out $@ 1075 1076server1_all: crl.pem crl-futureRevocationDate.pem server1.crt server1.noauthid.crt server1.crt.openssl server1.v1.crt server1.v1.crt.openssl server1.key_usage.crt server1.key_usage_noauthid.crt server1.key_usage.crt.openssl server1.cert_type.crt server1.cert_type_noauthid.crt server1.cert_type.crt.openssl server1.der server1.der.openssl server1.v1.der server1.v1.der.openssl server1.key_usage.der server1.key_usage.der.openssl server1.cert_type.der server1.cert_type.der.openssl 1077 1078# server2* 1079 1080server2.crt: server2.req.sha256 1081 $(MBEDTLS_CERT_WRITE) request_file=server2.req.sha256 serial=2 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ 1082all_final += server2.crt 1083 1084server2.der: server2.crt 1085 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 1086all_final += server2.crt server2.der 1087 1088server2-sha256.crt: server2.req.sha256 1089 $(MBEDTLS_CERT_WRITE) request_file=server2.req.sha256 serial=2 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA256 version=3 output_file=$@ 1090all_final += server2-sha256.crt 1091 1092# MD5 test certificate 1093 1094cert_md_test_key = $(cli_crt_key_file_rsa) 1095 1096cert_md5.csr: $(cert_md_test_key) 1097 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Cert MD5" md=MD5 1098all_intermediate += cert_md5.csr 1099 1100cert_md5.crt: cert_md5.csr 1101 $(MBEDTLS_CERT_WRITE) request_file=$< serial=6 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20000101121212 not_after=20300101121212 md=MD5 version=3 output_file=$@ 1102all_final += cert_md5.crt 1103 1104# TLSv1.3 test certificates 1105ecdsa_secp256r1.key: ec_256_prv.pem 1106 cp $< $@ 1107 1108ecdsa_secp256r1.csr: ecdsa_secp256r1.key 1109 $(OPENSSL) req -new -subj "/C=NL/O=PolarSSL/CN=localhost" \ 1110 -key $< -out $@ 1111all_intermediate += ecdsa_secp256r1.csr 1112ecdsa_secp256r1.crt: ecdsa_secp256r1.csr 1113 $(OPENSSL) x509 -req -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) \ 1114 -set_serial 77 -days 3653 -sha384 -in $< -out $@ 1115all_final += ecdsa_secp256r1.crt ecdsa_secp256r1.key 1116tls13_certs: ecdsa_secp256r1.crt ecdsa_secp256r1.key 1117 1118ecdsa_secp384r1.key: ec_384_prv.pem 1119 cp $< $@ 1120ecdsa_secp384r1.csr: ecdsa_secp384r1.key 1121 $(OPENSSL) req -new -subj "/C=NL/O=PolarSSL/CN=localhost" \ 1122 -key $< -out $@ 1123all_intermediate += ecdsa_secp384r1.csr 1124ecdsa_secp384r1.crt: ecdsa_secp384r1.csr 1125 $(OPENSSL) x509 -req -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) \ 1126 -set_serial 77 -days 3653 -sha384 -in $< -out $@ 1127all_final += ecdsa_secp384r1.crt ecdsa_secp384r1.key 1128tls13_certs: ecdsa_secp384r1.crt ecdsa_secp384r1.key 1129 1130ecdsa_secp521r1.key: ec_521_prv.pem 1131 cp $< $@ 1132ecdsa_secp521r1.csr: ecdsa_secp521r1.key 1133 $(OPENSSL) req -new -subj "/C=NL/O=PolarSSL/CN=localhost" \ 1134 -key $< -out $@ 1135all_intermediate += ecdsa_secp521r1.csr 1136ecdsa_secp521r1.crt: ecdsa_secp521r1.csr 1137 $(OPENSSL) x509 -req -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) \ 1138 -set_serial 77 -days 3653 -sha384 -in $< -out $@ 1139all_final += ecdsa_secp521r1.crt ecdsa_secp521r1.key 1140tls13_certs: ecdsa_secp521r1.crt ecdsa_secp521r1.key 1141 1142# PKCS7 test data 1143pkcs7_test_cert_1 = pkcs7-rsa-sha256-1.crt 1144pkcs7_test_cert_2 = pkcs7-rsa-sha256-2.crt 1145pkcs7_test_file = pkcs7_data.bin 1146 1147$(pkcs7_test_file): 1148 echo -e "Hello\xd" > $@ 1149all_final += $(pkcs7_test_file) 1150 1151pkcs7_data_1.bin: 1152 echo -e "2\xd" > $@ 1153all_final += pkcs7_data_1.bin 1154 1155# Generate signing cert 1156pkcs7-rsa-sha256-1.crt: 1157 $(OPENSSL) req -x509 -subj="/C=NL/O=PKCS7/CN=PKCS7 Cert 1" -sha256 -nodes -days 365 -newkey rsa:2048 -keyout pkcs7-rsa-sha256-1.key -out pkcs7-rsa-sha256-1.crt 1158 cat pkcs7-rsa-sha256-1.crt pkcs7-rsa-sha256-1.key > pkcs7-rsa-sha256-1.pem 1159all_final += pkcs7-rsa-sha256-1.crt 1160 1161pkcs7-rsa-sha256-2.crt: 1162 $(OPENSSL) req -x509 -subj="/C=NL/O=PKCS7/CN=PKCS7 Cert 2" -sha256 -nodes -days 365 -newkey rsa:2048 -keyout pkcs7-rsa-sha256-2.key -out pkcs7-rsa-sha256-2.crt 1163 cat pkcs7-rsa-sha256-2.crt pkcs7-rsa-sha256-2.key > pkcs7-rsa-sha256-2.pem 1164all_final += pkcs7-rsa-sha256-2.crt 1165 1166# Convert signing certs to DER for testing PEM-free builds 1167pkcs7-rsa-sha256-1.der: $(pkcs7_test_cert_1) 1168 $(OPENSSL) x509 -in pkcs7-rsa-sha256-1.crt -out $@ -outform DER 1169all_final += pkcs7-rsa-sha256-1.der 1170 1171pkcs7-rsa-sha256-2.der: $(pkcs7_test_cert_2) 1172 $(OPENSSL) x509 -in pkcs7-rsa-sha256-2.crt -out $@ -outform DER 1173all_final += pkcs7-rsa-sha256-2.der 1174 1175# pkcs7 signature file with CERT 1176pkcs7_data_cert_signed_sha256.der: $(pkcs7_test_file) $(pkcs7_test_cert_1) 1177 $(OPENSSL) smime -sign -binary -in pkcs7_data.bin -out $@ -md sha256 -signer pkcs7-rsa-sha256-1.pem -noattr -outform DER -out $@ 1178all_final += pkcs7_data_cert_signed_sha256.der 1179 1180# pkcs7 signature file with CERT and sha1 1181pkcs7_data_cert_signed_sha1.der: $(pkcs7_test_file) $(pkcs7_test_cert_1) 1182 $(OPENSSL) smime -sign -binary -in pkcs7_data.bin -out $@ -md sha1 -signer pkcs7-rsa-sha256-1.pem -noattr -outform DER -out $@ 1183all_final += pkcs7_data_cert_signed_sha1.der 1184 1185# pkcs7 signature file with CERT and sha512 1186pkcs7_data_cert_signed_sha512.der: $(pkcs7_test_file) $(pkcs7_test_cert_1) 1187 $(OPENSSL) smime -sign -binary -in pkcs7_data.bin -out $@ -md sha512 -signer pkcs7-rsa-sha256-1.pem -noattr -outform DER -out $@ 1188all_final += pkcs7_data_cert_signed_sha512.der 1189 1190# pkcs7 signature file without CERT 1191pkcs7_data_without_cert_signed.der: $(pkcs7_test_file) $(pkcs7_test_cert_1) 1192 $(OPENSSL) smime -sign -binary -in pkcs7_data.bin -out $@ -md sha256 -signer pkcs7-rsa-sha256-1.pem -nocerts -noattr -outform DER -out $@ 1193all_final += pkcs7_data_without_cert_signed.der 1194 1195# pkcs7 signature file with multiple signers 1196pkcs7_data_multiple_signed.der: $(pkcs7_test_file) $(pkcs7_test_cert_1) $(pkcs7_test_cert_2) 1197 $(OPENSSL) smime -sign -binary -in pkcs7_data.bin -out $@ -md sha256 -signer pkcs7-rsa-sha256-1.pem -signer pkcs7-rsa-sha256-2.pem -nocerts -noattr -outform DER -out $@ 1198all_final += pkcs7_data_multiple_signed.der 1199 1200# pkcs7 signature file with multiple certificates 1201pkcs7_data_multiple_certs_signed.der: $(pkcs7_test_file) $(pkcs7_test_cert_1) $(pkcs7_test_cert_2) 1202 $(OPENSSL) smime -sign -binary -in pkcs7_data.bin -out $@ -md sha256 -signer pkcs7-rsa-sha256-1.pem -signer pkcs7-rsa-sha256-2.pem -noattr -outform DER -out $@ 1203all_final += pkcs7_data_multiple_certs_signed.der 1204 1205# pkcs7 signature file with corrupted CERT 1206pkcs7_data_signed_badcert.der: pkcs7_data_cert_signed_sha256.der 1207 cp pkcs7_data_cert_signed_sha256.der $@ 1208 echo -en '\xa1' | dd of=$@ bs=1 seek=547 conv=notrunc 1209all_final += pkcs7_data_signed_badcert.der 1210 1211# pkcs7 signature file with corrupted signer info 1212pkcs7_data_signed_badsigner.der: pkcs7_data_cert_signed_sha256.der 1213 cp pkcs7_data_cert_signed_sha256.der $@ 1214 echo -en '\xa1' | dd of=$@ bs=1 seek=918 conv=notrunc 1215all_final += pkcs7_data_signed_badsigner.der 1216 1217# pkcs7 file with version 2 1218pkcs7_data_cert_signed_v2.der: pkcs7_data_cert_signed_sha256.der 1219 cp pkcs7_data_cert_signed_sha256.der $@ 1220 echo -en '\x02' | dd of=$@ bs=1 seek=25 conv=notrunc 1221all_final += pkcs7_data_cert_signed_v2.der 1222 1223pkcs7_data_cert_encrypted.der: $(pkcs7_test_file) $(pkcs7_test_cert_1) 1224 $(OPENSSL) smime -encrypt -aes256 -in pkcs7_data.bin -binary -outform DER -out $@ pkcs7-rsa-sha256-1.crt 1225all_final += pkcs7_data_cert_encrypted.der 1226 1227## Negative tests 1228# For some interesting sizes, what happens if we make them off-by-one? 1229pkcs7_signerInfo_issuer_invalid_size.der: pkcs7_data_cert_signed_sha256.der 1230 cp $< $@ 1231 echo -en '\x35' | dd of=$@ seek=919 bs=1 conv=notrunc 1232all_final += pkcs7_signerInfo_issuer_invalid_size.der 1233 1234pkcs7_signerInfo_serial_invalid_size.der: pkcs7_data_cert_signed_sha256.der 1235 cp $< $@ 1236 echo -en '\x15' | dd of=$@ seek=973 bs=1 conv=notrunc 1237all_final += pkcs7_signerInfo_serial_invalid_size.der 1238 1239# pkcs7 signature file just with signed data 1240pkcs7_data_cert_signeddata_sha256.der: pkcs7_data_cert_signed_sha256.der 1241 dd if=pkcs7_data_cert_signed_sha256.der of=$@ skip=19 bs=1 1242all_final += pkcs7_data_cert_signeddata_sha256.der 1243 1244################################################################ 1245#### Diffie-Hellman parameters 1246################################################################ 1247 1248dh.998.pem: 1249 $(OPENSSL) dhparam -out $@ -text 998 1250 1251dh.999.pem: 1252 $(OPENSSL) dhparam -out $@ -text 999 1253 1254################################################################ 1255#### Meta targets 1256################################################################ 1257 1258all_final: $(all_final) 1259all: $(all_intermediate) $(all_final) 1260 1261.PHONY: default all_final all 1262.PHONY: keys_rsa_all 1263.PHONY: keys_rsa_unenc keys_rsa_enc_basic 1264.PHONY: keys_rsa_enc_pkcs8_v1 keys_rsa_enc_pkcs8_v2 1265.PHONY: keys_rsa_enc_basic_1024 keys_rsa_enc_basic_2048 keys_rsa_enc_basic_4096 1266.PHONY: keys_rsa_enc_pkcs8_v1_1024 keys_rsa_enc_pkcs8_v2_1024 1267.PHONY: keys_rsa_enc_pkcs8_v1_2048 keys_rsa_enc_pkcs8_v2_2048 1268.PHONY: keys_rsa_enc_pkcs8_v1_4096 keys_rsa_enc_pkcs8_v2_4096 1269.PHONY: server1_all 1270 1271# These files should not be committed to the repository. 1272list_intermediate: 1273 @printf '%s\n' $(all_intermediate) | sort 1274# These files should be committed to the repository so that the test data is 1275# available upon checkout without running a randomized process depending on 1276# third-party tools. 1277list_final: 1278 @printf '%s\n' $(all_final) | sort 1279.PHONY: list_intermediate list_final 1280 1281## Remove intermediate files 1282clean: 1283 rm -f $(all_intermediate) 1284## Remove all build products, even the ones that are committed 1285neat: clean 1286 rm -f $(all_final) 1287.PHONY: clean neat 1288
