1## This file contains a record of how some of the test data was 2## generated. The final build products are committed to the repository 3## as well to make sure that the test data is identical. You do not 4## need to use this makefile unless you're extending mbed TLS's tests. 5 6## Many data files were generated prior to the existence of this 7## makefile, so the method of their generation was not recorded. 8 9## Note that in addition to depending on the version of the data 10## generation tool, many of the build outputs are randomized, so 11## running this makefile twice would not produce the same results. 12 13## Tools 14OPENSSL ?= openssl 15FAKETIME ?= faketime 16 17TOP_DIR = ../.. 18MBEDTLS_CERT_WRITE ?= $(TOP_DIR)/programs/x509/cert_write 19MBEDTLS_CERT_REQ ?= $(TOP_DIR)/programs/x509/cert_req 20 21 22## Build the generated test data. Note that since the final outputs 23## are committed to the repository, this target should do nothing on a 24## fresh checkout. Furthermore, since the generation is randomized, 25## re-running the same targets may result in differing files. The goal 26## of this makefile is primarily to serve as a record of how the 27## targets were generated in the first place. 28default: all_final 29 30all_intermediate := # temporary files 31all_final := # files used by tests 32 33 34 35################################################################ 36#### Generate certificates from existing keys 37################################################################ 38 39test_ca_crt = test-ca.crt 40test_ca_key_file_rsa = test-ca.key 41test_ca_pwd_rsa = PolarSSLTest 42test_ca_config_file = test-ca.opensslconf 43 44test-ca.req.sha256: $(test_ca_key_file_rsa) 45 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$(test_ca_key_file_rsa) password=$(test_ca_pwd_rsa) subject_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" md=SHA256 46all_intermediate += test-ca.req.sha256 47 48test-ca.crt: $(test_ca_key_file_rsa) test-ca.req.sha256 49 $(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 request_file=test-ca.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144400 not_after=20290210144400 md=SHA1 version=3 output_file=$@ 50all_final += test-ca.crt 51 52test-ca.crt.der: test-ca.crt 53 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 54all_final += test-ca.crt.der 55 56test-ca.key.der: $(test_ca_key_file_rsa) 57 $(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER -passin "pass:$(test_ca_pwd_rsa)" 58all_final += test-ca.key.der 59 60test-ca-sha1.crt: $(test_ca_key_file_rsa) test-ca.req.sha256 61 $(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 request_file=test-ca.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144400 not_after=20290210144400 md=SHA1 version=3 output_file=$@ 62all_final += test-ca-sha1.crt 63 64test-ca-sha1.crt.der: test-ca-sha1.crt 65 $(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER 66all_final += test-ca-sha1.crt.der 67 68test-ca-sha256.crt: $(test_ca_key_file_rsa) test-ca.req.sha256 69 $(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 request_file=test-ca.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144400 not_after=20290210144400 md=SHA256 version=3 output_file=$@ 70all_final += test-ca-sha256.crt 71 72test-ca-sha256.crt.der: test-ca-sha256.crt 73 $(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER 74all_final += test-ca-sha256.crt.der 75 76test-ca_utf8.crt: $(test_ca_key_file_rsa) 77 $(OPENSSL) req -x509 -new -nodes -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 3 -config $(test_ca_config_file) -sha1 -days 3653 -utf8 -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test CA" -out $@ 78all_final += test-ca_utf8.crt 79 80test-ca_printable.crt: $(test_ca_key_file_rsa) 81 $(OPENSSL) req -x509 -new -nodes -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 3 -config $(test_ca_config_file) -sha1 -days 3653 -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test CA" -out $@ 82all_final += test-ca_printable.crt 83 84test-ca_uppercase.crt: $(test_ca_key_file_rsa) 85 $(OPENSSL) req -x509 -new -nodes -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 3 -config $(test_ca_config_file) -sha1 -days 3653 -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test CA" -out $@ 86all_final += test-ca_uppercase.crt 87 88test_ca_key_file_rsa_alt = test-ca-alt.key 89 90cert_example_multi.csr: rsa_pkcs1_1024_clear.pem 91 $(OPENSSL) req -new -subj "/C=NL/O=PolarSSL/CN=www.example.com" -set_serial 17 -config $(test_ca_config_file) -extensions dns_alt_names -days 3650 -key rsa_pkcs1_1024_clear.pem -out $@ 92 93cert_example_multi.crt: cert_example_multi.csr 94 $(OPENSSL) x509 -req -CA $(test_ca_crt) -CAkey $(test_ca_key_file_rsa) -extfile $(test_ca_config_file) -extensions dns_alt_names -passin "pass:$(test_ca_pwd_rsa)" -set_serial 17 -days 3653 -sha256 -in $< > $@ 95 96test_csr_v3_keyUsage.csr.der: rsa_pkcs1_1024_clear.pem 97 $(OPENSSL) req -new -subj '/CN=etcd' -config $(test_ca_config_file) -key rsa_pkcs1_1024_clear.pem -outform DER -out $@ -reqexts csr_ext_v3_keyUsage 98test_csr_v3_subjectAltName.csr.der: rsa_pkcs1_1024_clear.pem 99 $(OPENSSL) req -new -subj '/CN=etcd' -config $(test_ca_config_file) -key rsa_pkcs1_1024_clear.pem -outform DER -out $@ -reqexts csr_ext_v3_subjectAltName 100test_csr_v3_nsCertType.csr.der: rsa_pkcs1_1024_clear.pem 101 $(OPENSSL) req -new -subj '/CN=etcd' -config $(test_ca_config_file) -key rsa_pkcs1_1024_clear.pem -outform DER -out $@ -reqexts csr_ext_v3_nsCertType 102test_csr_v3_all.csr.der: rsa_pkcs1_1024_clear.pem 103 $(OPENSSL) req -new -subj '/CN=etcd' -config $(test_ca_config_file) -key rsa_pkcs1_1024_clear.pem -outform DER -out $@ -reqexts csr_ext_v3_all 104test_csr_v3_all_malformed_extensions_sequence_tag.csr.der: test_csr_v3_all.csr.der 105 (hexdump -ve '1/1 "%.2X"' $< | sed "s/300B0603551D0F040403/200B0603551D0F040403/" | xxd -r -p ) > $@ 106test_csr_v3_all_malformed_extension_id_tag.csr.der: test_csr_v3_all.csr.der 107 (hexdump -ve '1/1 "%.2X"' $< | sed "s/0603551D0F0404030201/0703551D0F0404030201/" | xxd -r -p ) > $@ 108test_csr_v3_all_malformed_extension_data_tag.csr.der: test_csr_v3_all.csr.der 109 (hexdump -ve '1/1 "%.2X"' $< | sed "s/040403020102302F0603/050403020102302F0603/" | xxd -r -p ) > $@ 110test_csr_v3_all_malformed_extension_data_len1.csr.der: test_csr_v3_all.csr.der 111 (hexdump -ve '1/1 "%.2X"' $< | sed "s/040403020102302F0603/040503020102302F0603/" | xxd -r -p ) > $@ 112test_csr_v3_all_malformed_extension_data_len2.csr.der: test_csr_v3_all.csr.der 113 (hexdump -ve '1/1 "%.2X"' $< | sed "s/040403020102302F0603/040303020102302F0603/" | xxd -r -p ) > $@ 114test_csr_v3_all_malformed_extension_key_usage_bitstream_tag.csr.der: test_csr_v3_all.csr.der 115 (hexdump -ve '1/1 "%.2X"' $< | sed "s/03020102302F0603551D/04020102302F0603551D/" | xxd -r -p ) > $@ 116test_csr_v3_all_malformed_extension_subject_alt_name_sequence_tag.csr.der: test_csr_v3_all.csr.der 117 (hexdump -ve '1/1 "%.2X"' $< | sed "s/3026A02406082B060105/4026A02406082B060105/" | xxd -r -p ) > $@ 118test_csr_v3_all_malformed_extension_ns_cert_bitstream_tag.csr.der: test_csr_v3_all.csr.der 119 (hexdump -ve '1/1 "%.2X"' $< | sed "s/03020780300D06092A86/04020780300D06092A86/" | xxd -r -p ) > $@ 120test_csr_v3_all_malformed_duplicated_extension.csr.der: test_csr_v3_all.csr.der 121 (hexdump -ve '1/1 "%.2X"' $< | sed "s/551D11/551D0F/" | xxd -r -p ) > $@ 122test_csr_v3_all_malformed_extension_type_oid.csr.der: test_csr_v3_all.csr.der 123 (hexdump -ve '1/1 "%.2X"' $< | sed "s/551D11/551DFF/" | xxd -r -p ) > $@ 124test_csr_v3_all_malformed_attributes_sequence_tag.csr.der: test_csr_v3_all.csr.der 125 (hexdump -ve '1/1 "%.2X"' $< | sed "s/306006092A864886F70D/406006092A864886F70D/" | xxd -r -p ) > $@ 126test_csr_v3_all_malformed_attributes_id_tag.csr.der: test_csr_v3_all.csr.der 127 (hexdump -ve '1/1 "%.2X"' $< | sed "s/06092A864886F70D0109/07092A864886F70D0109/" | xxd -r -p ) > $@ 128test_csr_v3_all_malformed_attributes_extension_request.csr.der: test_csr_v3_all.csr.der 129 (hexdump -ve '1/1 "%.2X"' $< | sed "s/2A864886F70D01090E/2A864886F70D01090F/" | xxd -r -p ) > $@ 130test_csr_v3_all_malformed_attributes_extension_request_set_tag.csr.der: test_csr_v3_all.csr.der 131 (hexdump -ve '1/1 "%.2X"' $< | sed "s/31533051300B0603551D/32533051300B0603551D/" | xxd -r -p ) > $@ 132test_csr_v3_all_malformed_attributes_extension_request_sequence_tag.csr.der: test_csr_v3_all.csr.der 133 (hexdump -ve '1/1 "%.2X"' $< | sed "s/3051300B0603551D0F04/3151300B0603551D0F04/" | xxd -r -p ) > $@ 134test_csr_v3_all_malformed_attributes_len1.csr.der: test_csr_v3_all.csr.der 135 (hexdump -ve '1/1 "%.2X"' $< | sed "s/306006092A864886F70D/306106092A864886F70D/" | xxd -r -p ) > $@ 136test_csr_v3_all_malformed_attributes_len2.csr.der: test_csr_v3_all.csr.der 137 (hexdump -ve '1/1 "%.2X"' $< | sed "s/306006092A864886F70D/305906092A864886F70D/" | xxd -r -p ) > $@ 138test_csr_v3_all_malformed_attributes_extension_request_sequence_len1.csr.der: test_csr_v3_all.csr.der 139 (hexdump -ve '1/1 "%.2X"' $< | sed "s/3051300B0603551D0F04/3052300B0603551D0F04/" | xxd -r -p ) > $@ 140test_csr_v3_all_malformed_attributes_extension_request_sequence_len2.csr.der: test_csr_v3_all.csr.der 141 (hexdump -ve '1/1 "%.2X"' $< | sed "s/3051300B0603551D0F04/3050300B0603551D0F04/" | xxd -r -p ) > $@ 142 143test_cert_rfc822name.crt.der: cert_example_multi.csr 144 $(OPENSSL) x509 -req -CA $(test_ca_crt) -CAkey $(test_ca_key_file_rsa) -extfile $(test_ca_config_file) -outform DER -extensions rfc822name_names -passin "pass:$(test_ca_pwd_rsa)" -set_serial 17 -days 3653 -sha256 -in $< > $@ 145 146$(test_ca_key_file_rsa_alt):test-ca.opensslconf 147 $(OPENSSL) genrsa -out $@ 2048 148test-ca-alt.csr: $(test_ca_key_file_rsa_alt) $(test_ca_config_file) 149 $(OPENSSL) req -new -config $(test_ca_config_file) -key $(test_ca_key_file_rsa_alt) -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test CA" -out $@ 150all_intermediate += test-ca-alt.csr 151test-ca-alt.crt: $(test_ca_key_file_rsa_alt) $(test_ca_config_file) test-ca-alt.csr 152 $(OPENSSL) req -x509 -config $(test_ca_config_file) -key $(test_ca_key_file_rsa_alt) -set_serial 0 -days 3653 -sha256 -in test-ca-alt.csr -out $@ 153all_final += test-ca-alt.crt 154test-ca-alt-good.crt: test-ca-alt.crt test-ca-sha256.crt 155 cat test-ca-alt.crt test-ca-sha256.crt > $@ 156all_final += test-ca-alt-good.crt 157test-ca-good-alt.crt: test-ca-alt.crt test-ca-sha256.crt 158 cat test-ca-sha256.crt test-ca-alt.crt > $@ 159all_final += test-ca-good-alt.crt 160 161test_ca_crt_file_ec = test-ca2.crt 162test_ca_key_file_ec = test-ca2.key 163 164test-ca2.req.sha256: $(test_ca_key_file_ec) 165 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$(test_ca_key_file_ec) subject_name="C=NL,O=PolarSSL,CN=Polarssl Test EC CA" md=SHA256 166all_intermediate += test-ca2.req.sha256 167 168test-ca2.crt: $(test_ca_key_file_ec) test-ca2.req.sha256 169 $(MBEDTLS_CERT_WRITE) is_ca=1 serial=13926223505202072808 request_file=test-ca2.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=Polarssl Test EC CA" issuer_key=$(test_ca_key_file_ec) not_before=20190210144400 not_after=20290210144400 md=SHA256 version=3 output_file=$@ 170all_final += test-ca.crt 171 172test-ca-any_policy.crt: $(test_ca_key_file_rsa) test-ca.req.sha256 173 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_any_policy_ca -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha256 -in test-ca.req.sha256 -out $@ 174all_final += test-ca-any_policy.crt 175 176test-ca-any_policy_ec.crt: $(test_ca_key_file_ec) test-ca.req_ec.sha256 177 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_any_policy_ca -key $(test_ca_key_file_ec) -set_serial 0 -days 3653 -sha256 -in test-ca.req_ec.sha256 -out $@ 178all_final += test-ca-any_policy_ec.crt 179 180test-ca-any_policy_with_qualifier.crt: $(test_ca_key_file_rsa) test-ca.req.sha256 181 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_any_policy_qualifier_ca -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha256 -in test-ca.req.sha256 -out $@ 182all_final += test-ca-any_policy_with_qualifier.crt 183 184test-ca-any_policy_with_qualifier_ec.crt: $(test_ca_key_file_ec) test-ca.req_ec.sha256 185 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_any_policy_qualifier_ca -key $(test_ca_key_file_ec) -set_serial 0 -days 3653 -sha256 -in test-ca.req_ec.sha256 -out $@ 186all_final += test-ca-any_policy_with_qualifier_ec.crt 187 188test-ca-multi_policy.crt: $(test_ca_key_file_rsa) test-ca.req.sha256 189 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_multi_policy_ca -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha256 -in test-ca.req.sha256 -out $@ 190all_final += test-ca-multi_policy.crt 191 192test-ca-multi_policy_ec.crt: $(test_ca_key_file_ec) test-ca.req_ec.sha256 193 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_multi_policy_ca -key $(test_ca_key_file_ec) -set_serial 0 -days 3653 -sha256 -in test-ca.req_ec.sha256 -out $@ 194all_final += test-ca-multi_policy_ec.crt 195 196test-ca-unsupported_policy.crt: $(test_ca_key_file_rsa) test-ca.req.sha256 197 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_unsupported_policy_ca -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha256 -in test-ca.req.sha256 -out $@ 198all_final += test-ca-unsupported_policy.crt 199 200test-ca-unsupported_policy_ec.crt: $(test_ca_key_file_ec) test-ca.req_ec.sha256 201 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_unsupported_policy_ca -key $(test_ca_key_file_ec) -set_serial 0 -days 3653 -sha256 -in test-ca.req_ec.sha256 -out $@ 202all_final += test-ca-unsupported_policy_ec.crt 203 204test-ca.req_ec.sha256: $(test_ca_key_file_ec) 205 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$(test_ca_key_file_ec) subject_name="C=NL, O=PolarSSL, CN=Polarssl Test EC CA" md=SHA256 206all_intermediate += test-ca.req_ec.sha256 207 208test-ca2.crt.der: $(test_ca_crt_file_ec) 209 $(OPENSSL) x509 -in $(test_ca_crt_file_ec) -out $@ -inform PEM -outform DER 210all_final += test-ca2.crt.der 211 212test-ca2.key.der: $(test_ca_key_file_ec) 213 $(OPENSSL) pkey -in $(test_ca_key_file_ec) -out $@ -inform PEM -outform DER 214all_final += test-ca2.key.der 215 216test_ca_crt_cat12 = test-ca_cat12.crt 217$(test_ca_crt_cat12): $(test_ca_crt) $(test_ca_crt_file_ec) 218 cat $(test_ca_crt) $(test_ca_crt_file_ec) > $@ 219all_final += $(test_ca_crt_cat12) 220 221test_ca_crt_cat21 = test-ca_cat21.crt 222$(test_ca_crt_cat21): $(test_ca_crt) $(test_ca_crt_file_ec) 223 cat $(test_ca_crt_file_ec) $(test_ca_crt) > $@ 224all_final += $(test_ca_crt_cat21) 225 226test-int-ca.csr: test-int-ca.key $(test_ca_config_file) 227 $(OPENSSL) req -new -config $(test_ca_config_file) -key test-int-ca.key -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test Intermediate CA" -out $@ 228all_intermediate += test-int-ca.csr 229test-int-ca-exp.crt: $(test_ca_crt_file_ec) $(test_ca_key_file_ec) $(test_ca_config_file) test-int-ca.csr 230 $(FAKETIME) -f -3653d $(OPENSSL) x509 -req -extfile $(test_ca_config_file) -extensions v3_ca -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) -set_serial 14 -days 3653 -sha256 -in test-int-ca.csr -out $@ 231all_final += test-int-ca-exp.crt 232 233enco-cert-utf8str.pem: rsa_pkcs1_1024_clear.pem 234 $(MBEDTLS_CERT_WRITE) subject_key=rsa_pkcs1_1024_clear.pem subject_name="CN=dw.yonan.net" issuer_crt=enco-ca-prstr.pem issuer_key=rsa_pkcs1_1024_clear.pem not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ 235 236crl-idp.pem: $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_config_file) 237 $(OPENSSL) ca -gencrl -batch -cert $(test_ca_crt) -keyfile $(test_ca_key_file_rsa) -key $(test_ca_pwd_rsa) -config $(test_ca_config_file) -name test_ca -md sha256 -crldays 3653 -crlexts crl_ext_idp -out $@ 238all_final += crl-idp.pem 239crl-idpnc.pem: $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_config_file) 240 $(OPENSSL) ca -gencrl -batch -cert $(test_ca_crt) -keyfile $(test_ca_key_file_rsa) -key $(test_ca_pwd_rsa) -config $(test_ca_config_file) -name test_ca -md sha256 -crldays 3653 -crlexts crl_ext_idp_nc -out $@ 241all_final += crl-idpnc.pem 242 243cli_crt_key_file_rsa = cli-rsa.key 244cli_crt_extensions_file = cli.opensslconf 245 246cli-rsa.csr: $(cli_crt_key_file_rsa) 247 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Client 2" md=SHA1 248all_intermediate += cli-rsa.csr 249 250cli-rsa-sha1.crt: cli-rsa.csr 251 $(MBEDTLS_CERT_WRITE) request_file=$< serial=4 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ 252 253cli-rsa-sha256.crt: cli-rsa.csr 254 $(MBEDTLS_CERT_WRITE) request_file=$< serial=4 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA256 version=3 output_file=$@ 255all_final += cli-rsa-sha256.crt 256 257cli-rsa-sha256.crt.der: cli-rsa-sha256.crt 258 $(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER 259all_final += cli-rsa-sha256.crt.der 260 261cli-rsa-sha256-badalg.crt.der: cli-rsa-sha256.crt.der 262 hexdump -ve '1/1 "%.2X"' $< | sed "s/06092A864886F70D01010B0500/06092A864886F70D01010B0900/2" | xxd -r -p > $@ 263all_final += cli-rsa-sha256-badalg.crt.der 264 265cli-rsa.key.der: $(cli_crt_key_file_rsa) 266 $(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER 267all_final += cli-rsa.key.der 268 269test_ca_int_rsa1 = test-int-ca.crt 270 271server7.csr: server7.key 272 $(OPENSSL) req -new -key server7.key -subj "/C=NL/O=PolarSSL/CN=localhost" -out $@ 273all_intermediate += server7.csr 274server7-expired.crt: server7.csr $(test_ca_int_rsa1) 275 $(FAKETIME) -f -3653d $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA $(test_ca_int_rsa1) -CAkey test-int-ca.key -set_serial 16 -days 3653 -sha256 -in server7.csr | cat - $(test_ca_int_rsa1) > $@ 276all_final += server7-expired.crt 277server7-future.crt: server7.csr $(test_ca_int_rsa1) 278 $(FAKETIME) -f +3653d $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA $(test_ca_int_rsa1) -CAkey test-int-ca.key -set_serial 16 -days 3653 -sha256 -in server7.csr | cat - $(test_ca_int_rsa1) > $@ 279all_final += server7-future.crt 280server7-badsign.crt: server7.crt $(test_ca_int_rsa1) 281 { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; cat $(test_ca_int_rsa1); } > $@ 282all_final += server7-badsign.crt 283server7_int-ca-exp.crt: server7.crt test-int-ca-exp.crt 284 cat server7.crt test-int-ca-exp.crt > $@ 285all_final += server7_int-ca-exp.crt 286 287cli2.req.sha256: cli2.key 288 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Test Client 2" md=SHA256 289 290all_final += server1.req.sha1 291cli2.crt: cli2.req.sha256 292 $(MBEDTLS_CERT_WRITE) request_file=cli2.req.sha256 serial=13 selfsign=0 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test EC CA" issuer_key=$(test_ca_key_file_ec) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144400 not_after=20290210144400 md=SHA256 version=3 output_file=$@ 293all_final += cli2.crt 294 295cli2.crt.der: cli2.crt 296 $(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER 297all_final += cli2.crt.der 298 299cli2.key.der: cli2.key 300 $(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER 301all_final += cli2.key.der 302 303server5_pwd_ec = PolarSSLTest 304 305server5.crt.der: server5.crt 306 $(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER 307all_final += server5.crt.der 308 309server5.key.der: server5.key 310 $(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER 311all_final += server5.key.der 312 313server5.key.enc: server5.key 314 $(OPENSSL) ec -aes256 -in $< -out $@ -passout "pass:$(server5_pwd_ec)" 315all_final += server5.key.enc 316 317server5-ss-expired.crt: server5.key 318 $(FAKETIME) -f -3653d $(OPENSSL) req -x509 -new -subj "/C=UK/O=mbed TLS/OU=testsuite/CN=localhost" -days 3653 -sha256 -key $< -out $@ 319all_final += server5-ss-expired.crt 320 321# try to forge a copy of test-int-ca3 with different key 322server5-ss-forgeca.crt: server5.key 323 $(FAKETIME) '2015-09-01 14:08:43' $(OPENSSL) req -x509 -new -subj "/C=UK/O=mbed TLS/CN=mbed TLS Test intermediate CA 3" -set_serial 77 -config $(test_ca_config_file) -extensions noext_ca -days 3650 -sha256 -key $< -out $@ 324all_final += server5-ss-forgeca.crt 325 326server5-othername.crt: server5.key 327 $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions othername_san -days 3650 -sha256 -key $< -out $@ 328 329server5-nonprintable_othername.crt: server5.key 330 $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS non-printable othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions nonprintable_othername_san -days 3650 -sha256 -key $< -out $@ 331 332server5-unsupported_othername.crt: server5.key 333 $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS unsupported othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions unsupported_othername_san -days 3650 -sha256 -key $< -out $@ 334 335server5-fan.crt: server5.key 336 $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS FAN" -set_serial 77 -config $(test_ca_config_file) -extensions fan_cert -days 3650 -sha256 -key server5.key -out $@ 337 338server5-tricky-ip-san.crt: server5.key 339 $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS Tricky IP SAN" -set_serial 77 -config $(test_ca_config_file) -extensions tricky_ip_san -days 3650 -sha256 -key server5.key -out $@ 340all_final += server5-tricky-ip-san.crt 341 342rsa_single_san_uri.crt.der: rsa_single_san_uri.key 343 $(OPENSSL) req -x509 -outform der -nodes -days 7300 -newkey rsa:2048 -key $< -out $@ -addext "subjectAltName = URI:urn:example.com:5ff40f78-9210-494f-8206-c2c082f0609c" -extensions 'v3_req' -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS URI SAN" 344 345rsa_multiple_san_uri.crt.der: rsa_multiple_san_uri.key 346 $(OPENSSL) req -x509 -outform der -nodes -days 7300 -newkey rsa:2048 -key $< -out $@ -addext "subjectAltName = URI:urn:example.com:5ff40f78-9210-494f-8206-c2c082f0609c, URI:urn:example.com:5ff40f78-9210-494f-8206-abcde1234567" -extensions 'v3_req' -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS URI SAN" 347 348server10-badsign.crt: server10.crt 349 { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; } > $@ 350all_final += server10-badsign.crt 351server10-bs_int3.pem: server10-badsign.crt test-int-ca3.crt 352 cat server10-badsign.crt test-int-ca3.crt > $@ 353all_final += server10-bs_int3.pem 354test-int-ca3-badsign.crt: test-int-ca3.crt 355 { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; } > $@ 356all_final += test-int-ca3-badsign.crt 357server10_int3-bs.pem: server10.crt test-int-ca3-badsign.crt 358 cat server10.crt test-int-ca3-badsign.crt > $@ 359all_final += server10_int3-bs.pem 360 361rsa_pkcs1_2048_public.pem: server8.key 362 $(OPENSSL) rsa -in $< -outform PEM -RSAPublicKey_out -out $@ 363all_final += rsa_pkcs1_2048_public.pem 364 365rsa_pkcs1_2048_public.der: rsa_pkcs1_2048_public.pem 366 $(OPENSSL) rsa -RSAPublicKey_in -in $< -outform DER -RSAPublicKey_out -out $@ 367all_final += rsa_pkcs1_2048_public.der 368 369rsa_pkcs8_2048_public.pem: server8.key 370 $(OPENSSL) rsa -in $< -outform PEM -pubout -out $@ 371all_final += rsa_pkcs8_2048_public.pem 372 373rsa_pkcs8_2048_public.der: rsa_pkcs8_2048_public.pem 374 $(OPENSSL) rsa -pubin -in $< -outform DER -pubout -out $@ 375all_final += rsa_pkcs8_2048_public.der 376 377################################################################ 378#### Generate various RSA keys 379################################################################ 380 381### Password used for PKCS1-encoded encrypted RSA keys 382keys_rsa_basic_pwd = testkey 383 384### Password used for PKCS8-encoded encrypted RSA keys 385keys_rsa_pkcs8_pwd = PolarSSLTest 386 387### Basic 1024-, 2048- and 4096-bit unencrypted RSA keys from which 388### all other encrypted RSA keys are derived. 389rsa_pkcs1_1024_clear.pem: 390 $(OPENSSL) genrsa -out $@ 1024 391all_final += rsa_pkcs1_1024_clear.pem 392rsa_pkcs1_2048_clear.pem: 393 $(OPENSSL) genrsa -out $@ 2048 394all_final += rsa_pkcs1_2048_clear.pem 395rsa_pkcs1_4096_clear.pem: 396 $(OPENSSL) genrsa -out $@ 4096 397all_final += rsa_pkcs1_4096_clear.pem 398 399### 400### PKCS1-encoded, encrypted RSA keys 401### 402 403### 1024-bit 404rsa_pkcs1_1024_des.pem: rsa_pkcs1_1024_clear.pem 405 $(OPENSSL) rsa -des -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 406all_final += rsa_pkcs1_1024_des.pem 407rsa_pkcs1_1024_3des.pem: rsa_pkcs1_1024_clear.pem 408 $(OPENSSL) rsa -des3 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 409all_final += rsa_pkcs1_1024_3des.pem 410rsa_pkcs1_1024_aes128.pem: rsa_pkcs1_1024_clear.pem 411 $(OPENSSL) rsa -aes128 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 412all_final += rsa_pkcs1_1024_aes128.pem 413rsa_pkcs1_1024_aes192.pem: rsa_pkcs1_1024_clear.pem 414 $(OPENSSL) rsa -aes192 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 415all_final += rsa_pkcs1_1024_aes192.pem 416rsa_pkcs1_1024_aes256.pem: rsa_pkcs1_1024_clear.pem 417 $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 418all_final += rsa_pkcs1_1024_aes256.pem 419keys_rsa_enc_basic_1024: rsa_pkcs1_1024_des.pem rsa_pkcs1_1024_3des.pem rsa_pkcs1_1024_aes128.pem rsa_pkcs1_1024_aes192.pem rsa_pkcs1_1024_aes256.pem 420 421# 2048-bit 422rsa_pkcs1_2048_des.pem: rsa_pkcs1_2048_clear.pem 423 $(OPENSSL) rsa -des -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 424all_final += rsa_pkcs1_2048_des.pem 425rsa_pkcs1_2048_3des.pem: rsa_pkcs1_2048_clear.pem 426 $(OPENSSL) rsa -des3 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 427all_final += rsa_pkcs1_2048_3des.pem 428rsa_pkcs1_2048_aes128.pem: rsa_pkcs1_2048_clear.pem 429 $(OPENSSL) rsa -aes128 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 430all_final += rsa_pkcs1_2048_aes128.pem 431rsa_pkcs1_2048_aes192.pem: rsa_pkcs1_2048_clear.pem 432 $(OPENSSL) rsa -aes192 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 433all_final += rsa_pkcs1_2048_aes192.pem 434rsa_pkcs1_2048_aes256.pem: rsa_pkcs1_2048_clear.pem 435 $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 436all_final += rsa_pkcs1_2048_aes256.pem 437keys_rsa_enc_basic_2048: rsa_pkcs1_2048_des.pem rsa_pkcs1_2048_3des.pem rsa_pkcs1_2048_aes128.pem rsa_pkcs1_2048_aes192.pem rsa_pkcs1_2048_aes256.pem 438 439# 4096-bit 440rsa_pkcs1_4096_des.pem: rsa_pkcs1_4096_clear.pem 441 $(OPENSSL) rsa -des -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 442all_final += rsa_pkcs1_4096_des.pem 443rsa_pkcs1_4096_3des.pem: rsa_pkcs1_4096_clear.pem 444 $(OPENSSL) rsa -des3 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 445all_final += rsa_pkcs1_4096_3des.pem 446rsa_pkcs1_4096_aes128.pem: rsa_pkcs1_4096_clear.pem 447 $(OPENSSL) rsa -aes128 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 448all_final += rsa_pkcs1_4096_aes128.pem 449rsa_pkcs1_4096_aes192.pem: rsa_pkcs1_4096_clear.pem 450 $(OPENSSL) rsa -aes192 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 451all_final += rsa_pkcs1_4096_aes192.pem 452rsa_pkcs1_4096_aes256.pem: rsa_pkcs1_4096_clear.pem 453 $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 454all_final += rsa_pkcs1_4096_aes256.pem 455keys_rsa_enc_basic_4096: rsa_pkcs1_4096_des.pem rsa_pkcs1_4096_3des.pem rsa_pkcs1_4096_aes128.pem rsa_pkcs1_4096_aes192.pem rsa_pkcs1_4096_aes256.pem 456 457### 458### PKCS8-v1 encoded, encrypted RSA keys 459### 460 461### 1024-bit 462rsa_pkcs8_pbe_sha1_1024_3des.der: rsa_pkcs1_1024_clear.pem 463 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES 464all_final += rsa_pkcs8_pbe_sha1_1024_3des.der 465rsa_pkcs8_pbe_sha1_1024_3des.pem: rsa_pkcs1_1024_clear.pem 466 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES 467all_final += rsa_pkcs8_pbe_sha1_1024_3des.pem 468keys_rsa_enc_pkcs8_v1_1024_3des: rsa_pkcs8_pbe_sha1_1024_3des.pem rsa_pkcs8_pbe_sha1_1024_3des.der 469 470rsa_pkcs8_pbe_sha1_1024_2des.der: rsa_pkcs1_1024_clear.pem 471 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES 472all_final += rsa_pkcs8_pbe_sha1_1024_2des.der 473rsa_pkcs8_pbe_sha1_1024_2des.pem: rsa_pkcs1_1024_clear.pem 474 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES 475all_final += rsa_pkcs8_pbe_sha1_1024_2des.pem 476keys_rsa_enc_pkcs8_v1_1024_2des: rsa_pkcs8_pbe_sha1_1024_2des.pem rsa_pkcs8_pbe_sha1_1024_2des.der 477 478keys_rsa_enc_pkcs8_v1_1024: keys_rsa_enc_pkcs8_v1_1024_3des keys_rsa_enc_pkcs8_v1_1024_2des 479 480### 2048-bit 481rsa_pkcs8_pbe_sha1_2048_3des.der: rsa_pkcs1_2048_clear.pem 482 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES 483all_final += rsa_pkcs8_pbe_sha1_2048_3des.der 484rsa_pkcs8_pbe_sha1_2048_3des.pem: rsa_pkcs1_2048_clear.pem 485 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES 486all_final += rsa_pkcs8_pbe_sha1_2048_3des.pem 487keys_rsa_enc_pkcs8_v1_2048_3des: rsa_pkcs8_pbe_sha1_2048_3des.pem rsa_pkcs8_pbe_sha1_2048_3des.der 488 489rsa_pkcs8_pbe_sha1_2048_2des.der: rsa_pkcs1_2048_clear.pem 490 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES 491all_final += rsa_pkcs8_pbe_sha1_2048_2des.der 492rsa_pkcs8_pbe_sha1_2048_2des.pem: rsa_pkcs1_2048_clear.pem 493 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES 494all_final += rsa_pkcs8_pbe_sha1_2048_2des.pem 495keys_rsa_enc_pkcs8_v1_2048_2des: rsa_pkcs8_pbe_sha1_2048_2des.pem rsa_pkcs8_pbe_sha1_2048_2des.der 496 497keys_rsa_enc_pkcs8_v1_2048: keys_rsa_enc_pkcs8_v1_2048_3des keys_rsa_enc_pkcs8_v1_2048_2des 498 499### 4096-bit 500rsa_pkcs8_pbe_sha1_4096_3des.der: rsa_pkcs1_4096_clear.pem 501 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES 502all_final += rsa_pkcs8_pbe_sha1_4096_3des.der 503rsa_pkcs8_pbe_sha1_4096_3des.pem: rsa_pkcs1_4096_clear.pem 504 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES 505all_final += rsa_pkcs8_pbe_sha1_4096_3des.pem 506keys_rsa_enc_pkcs8_v1_4096_3des: rsa_pkcs8_pbe_sha1_4096_3des.pem rsa_pkcs8_pbe_sha1_4096_3des.der 507 508rsa_pkcs8_pbe_sha1_4096_2des.der: rsa_pkcs1_4096_clear.pem 509 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES 510all_final += rsa_pkcs8_pbe_sha1_4096_2des.der 511rsa_pkcs8_pbe_sha1_4096_2des.pem: rsa_pkcs1_4096_clear.pem 512 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES 513all_final += rsa_pkcs8_pbe_sha1_4096_2des.pem 514keys_rsa_enc_pkcs8_v1_4096_2des: rsa_pkcs8_pbe_sha1_4096_2des.pem rsa_pkcs8_pbe_sha1_4096_2des.der 515 516keys_rsa_enc_pkcs8_v1_4096: keys_rsa_enc_pkcs8_v1_4096_3des keys_rsa_enc_pkcs8_v1_4096_2des 517 518### 519### PKCS8-v2 encoded, encrypted RSA keys, no PRF specified (default for OpenSSL1.0: hmacWithSHA1) 520### 521 522### 1024-bit 523rsa_pkcs8_pbes2_pbkdf2_1024_3des.der: rsa_pkcs1_1024_clear.pem 524 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 525all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des.der 526rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem: rsa_pkcs1_1024_clear.pem 527 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 528all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem 529keys_rsa_enc_pkcs8_v2_1024_3des: rsa_pkcs8_pbes2_pbkdf2_1024_3des.der rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem 530 531rsa_pkcs8_pbes2_pbkdf2_1024_des.der: rsa_pkcs1_1024_clear.pem 532 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 533all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des.der 534rsa_pkcs8_pbes2_pbkdf2_1024_des.pem: rsa_pkcs1_1024_clear.pem 535 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 536all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des.pem 537keys_rsa_enc_pkcs8_v2_1024_des: rsa_pkcs8_pbes2_pbkdf2_1024_des.der rsa_pkcs8_pbes2_pbkdf2_1024_des.pem 538 539keys_rsa_enc_pkcs8_v2_1024: keys_rsa_enc_pkcs8_v2_1024_3des keys_rsa_enc_pkcs8_v2_1024_des 540 541### 2048-bit 542rsa_pkcs8_pbes2_pbkdf2_2048_3des.der: rsa_pkcs1_2048_clear.pem 543 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 544all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des.der 545rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem: rsa_pkcs1_2048_clear.pem 546 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 547all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem 548keys_rsa_enc_pkcs8_v2_2048_3des: rsa_pkcs8_pbes2_pbkdf2_2048_3des.der rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem 549 550rsa_pkcs8_pbes2_pbkdf2_2048_des.der: rsa_pkcs1_2048_clear.pem 551 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 552all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des.der 553rsa_pkcs8_pbes2_pbkdf2_2048_des.pem: rsa_pkcs1_2048_clear.pem 554 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 555all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des.pem 556keys_rsa_enc_pkcs8_v2_2048_des: rsa_pkcs8_pbes2_pbkdf2_2048_des.der rsa_pkcs8_pbes2_pbkdf2_2048_des.pem 557 558keys_rsa_enc_pkcs8_v2_2048: keys_rsa_enc_pkcs8_v2_2048_3des keys_rsa_enc_pkcs8_v2_2048_des 559 560### 4096-bit 561rsa_pkcs8_pbes2_pbkdf2_4096_3des.der: rsa_pkcs1_4096_clear.pem 562 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 563all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des.der 564rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem: rsa_pkcs1_4096_clear.pem 565 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 566all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem 567keys_rsa_enc_pkcs8_v2_4096_3des: rsa_pkcs8_pbes2_pbkdf2_4096_3des.der rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem 568 569rsa_pkcs8_pbes2_pbkdf2_4096_des.der: rsa_pkcs1_4096_clear.pem 570 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 571all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des.der 572rsa_pkcs8_pbes2_pbkdf2_4096_des.pem: rsa_pkcs1_4096_clear.pem 573 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 574all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des.pem 575keys_rsa_enc_pkcs8_v2_4096_des: rsa_pkcs8_pbes2_pbkdf2_4096_des.der rsa_pkcs8_pbes2_pbkdf2_4096_des.pem 576 577keys_rsa_enc_pkcs8_v2_4096: keys_rsa_enc_pkcs8_v2_4096_3des keys_rsa_enc_pkcs8_v2_4096_des 578 579### 580### PKCS8-v2 encoded, encrypted RSA keys, PRF hmacWithSHA224 581### 582 583### 1024-bit 584rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der: rsa_pkcs1_1024_clear.pem 585 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 586all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der 587rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem: rsa_pkcs1_1024_clear.pem 588 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 589all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem 590keys_rsa_enc_pkcs8_v2_1024_3des_sha224: rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem 591 592rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der: rsa_pkcs1_1024_clear.pem 593 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 594all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der 595rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem: rsa_pkcs1_1024_clear.pem 596 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 597all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem 598keys_rsa_enc_pkcs8_v2_1024_des_sha224: rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem 599 600keys_rsa_enc_pkcs8_v2_1024_sha224: keys_rsa_enc_pkcs8_v2_1024_3des_sha224 keys_rsa_enc_pkcs8_v2_1024_des_sha224 601 602### 2048-bit 603rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der: rsa_pkcs1_2048_clear.pem 604 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 605all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der 606rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem: rsa_pkcs1_2048_clear.pem 607 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 608all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem 609keys_rsa_enc_pkcs8_v2_2048_3des_sha224: rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem 610 611rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der: rsa_pkcs1_2048_clear.pem 612 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 613all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der 614rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem: rsa_pkcs1_2048_clear.pem 615 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 616all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem 617keys_rsa_enc_pkcs8_v2_2048_des_sha224: rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem 618 619keys_rsa_enc_pkcs8_v2_2048_sha224: keys_rsa_enc_pkcs8_v2_2048_3des_sha224 keys_rsa_enc_pkcs8_v2_2048_des_sha224 620 621### 4096-bit 622rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der: rsa_pkcs1_4096_clear.pem 623 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 624all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der 625rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem: rsa_pkcs1_4096_clear.pem 626 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 627all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem 628keys_rsa_enc_pkcs8_v2_4096_3des_sha224: rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem 629 630rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der: rsa_pkcs1_4096_clear.pem 631 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 632all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der 633rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem: rsa_pkcs1_4096_clear.pem 634 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 635all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem 636keys_rsa_enc_pkcs8_v2_4096_des_sha224: rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem 637 638keys_rsa_enc_pkcs8_v2_4096_sha224: keys_rsa_enc_pkcs8_v2_4096_3des_sha224 keys_rsa_enc_pkcs8_v2_4096_des_sha224 639 640### 641### PKCS8-v2 encoded, encrypted RSA keys, PRF hmacWithSHA256 642### 643 644### 1024-bit 645rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.der: rsa_pkcs1_1024_clear.pem 646 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 647all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.der 648rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.pem: rsa_pkcs1_1024_clear.pem 649 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 650all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.pem 651keys_rsa_enc_pkcs8_v2_1024_3des_sha256: rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.der rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.pem 652 653rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.der: rsa_pkcs1_1024_clear.pem 654 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 655all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.der 656rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.pem: rsa_pkcs1_1024_clear.pem 657 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 658all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.pem 659keys_rsa_enc_pkcs8_v2_1024_des_sha256: rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.der rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.pem 660 661keys_rsa_enc_pkcs8_v2_1024_sha256: keys_rsa_enc_pkcs8_v2_1024_3des_sha256 keys_rsa_enc_pkcs8_v2_1024_des_sha256 662 663### 2048-bit 664rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.der: rsa_pkcs1_2048_clear.pem 665 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 666all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.der 667rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem: rsa_pkcs1_2048_clear.pem 668 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 669all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem 670keys_rsa_enc_pkcs8_v2_2048_3des_sha256: rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.der rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem 671 672rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.der: rsa_pkcs1_2048_clear.pem 673 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 674all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.der 675rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem: rsa_pkcs1_2048_clear.pem 676 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 677all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem 678keys_rsa_enc_pkcs8_v2_2048_des_sha256: rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.der rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem 679 680keys_rsa_enc_pkcs8_v2_2048_sha256: keys_rsa_enc_pkcs8_v2_2048_3des_sha256 keys_rsa_enc_pkcs8_v2_2048_des_sha256 681 682### 4096-bit 683rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der: rsa_pkcs1_4096_clear.pem 684 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 685all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der 686rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem: rsa_pkcs1_4096_clear.pem 687 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 688all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem 689keys_rsa_enc_pkcs8_v2_4096_3des_sha256: rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem 690 691rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der: rsa_pkcs1_4096_clear.pem 692 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 693all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der 694rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem: rsa_pkcs1_4096_clear.pem 695 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 696all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem 697keys_rsa_enc_pkcs8_v2_4096_des_sha256: rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem 698 699keys_rsa_enc_pkcs8_v2_4096_sha256: keys_rsa_enc_pkcs8_v2_4096_3des_sha256 keys_rsa_enc_pkcs8_v2_4096_des_sha256 700 701### 702### PKCS8-v2 encoded, encrypted RSA keys, PRF hmacWithSHA384 703### 704 705### 1024-bit 706rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.der: rsa_pkcs1_1024_clear.pem 707 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 708all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.der 709rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem: rsa_pkcs1_1024_clear.pem 710 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 711all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem 712keys_rsa_enc_pkcs8_v2_1024_3des_sha384: rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.der rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem 713 714rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.der: rsa_pkcs1_1024_clear.pem 715 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 716all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.der 717rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.pem: rsa_pkcs1_1024_clear.pem 718 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 719all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.pem 720keys_rsa_enc_pkcs8_v2_1024_des_sha384: rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.der rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.pem 721 722keys_rsa_enc_pkcs8_v2_1024_sha384: keys_rsa_enc_pkcs8_v2_1024_3des_sha384 keys_rsa_enc_pkcs8_v2_1024_des_sha384 723 724### 2048-bit 725rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der: rsa_pkcs1_2048_clear.pem 726 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 727all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der 728rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem: rsa_pkcs1_2048_clear.pem 729 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 730all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem 731keys_rsa_enc_pkcs8_v2_2048_3des_sha384: rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem 732 733rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der: rsa_pkcs1_2048_clear.pem 734 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 735all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der 736rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem: rsa_pkcs1_2048_clear.pem 737 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 738all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem 739keys_rsa_enc_pkcs8_v2_2048_des_sha384: rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem 740 741keys_rsa_enc_pkcs8_v2_2048_sha384: keys_rsa_enc_pkcs8_v2_2048_3des_sha384 keys_rsa_enc_pkcs8_v2_2048_des_sha384 742 743### 4096-bit 744rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der: rsa_pkcs1_4096_clear.pem 745 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 746all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der 747rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem: rsa_pkcs1_4096_clear.pem 748 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 749all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem 750keys_rsa_enc_pkcs8_v2_4096_3des_sha384: rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem 751 752rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der: rsa_pkcs1_4096_clear.pem 753 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 754all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der 755rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem: rsa_pkcs1_4096_clear.pem 756 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 757all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem 758keys_rsa_enc_pkcs8_v2_4096_des_sha384: rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem 759 760keys_rsa_enc_pkcs8_v2_4096_sha384: keys_rsa_enc_pkcs8_v2_4096_3des_sha384 keys_rsa_enc_pkcs8_v2_4096_des_sha384 761 762### 763### PKCS8-v2 encoded, encrypted RSA keys, PRF hmacWithSHA512 764### 765 766### 1024-bit 767rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.der: rsa_pkcs1_1024_clear.pem 768 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 769all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.der 770rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.pem: rsa_pkcs1_1024_clear.pem 771 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 772all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.pem 773keys_rsa_enc_pkcs8_v2_1024_3des_sha512: rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.der rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.pem 774 775rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.der: rsa_pkcs1_1024_clear.pem 776 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 777all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.der 778rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.pem: rsa_pkcs1_1024_clear.pem 779 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 780all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.pem 781keys_rsa_enc_pkcs8_v2_1024_des_sha512: rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.der rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.pem 782 783keys_rsa_enc_pkcs8_v2_1024_sha512: keys_rsa_enc_pkcs8_v2_1024_3des_sha512 keys_rsa_enc_pkcs8_v2_1024_des_sha512 784 785### 2048-bit 786rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.der: rsa_pkcs1_2048_clear.pem 787 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 788all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.der 789rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem: rsa_pkcs1_2048_clear.pem 790 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 791all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem 792keys_rsa_enc_pkcs8_v2_2048_3des_sha512: rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.der rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem 793 794rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.der: rsa_pkcs1_2048_clear.pem 795 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 796all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.der 797rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem: rsa_pkcs1_2048_clear.pem 798 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 799all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem 800keys_rsa_enc_pkcs8_v2_2048_des_sha512: rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.der rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem 801 802keys_rsa_enc_pkcs8_v2_2048_sha512: keys_rsa_enc_pkcs8_v2_2048_3des_sha512 keys_rsa_enc_pkcs8_v2_2048_des_sha512 803 804### 4096-bit 805rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der: rsa_pkcs1_4096_clear.pem 806 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 807all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der 808rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem: rsa_pkcs1_4096_clear.pem 809 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 810all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem 811keys_rsa_enc_pkcs8_v2_4096_3des_sha512: rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem 812 813rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der: rsa_pkcs1_4096_clear.pem 814 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 815all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der 816rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem: rsa_pkcs1_4096_clear.pem 817 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 818all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem 819keys_rsa_enc_pkcs8_v2_4096_des_sha512: rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem 820 821keys_rsa_enc_pkcs8_v2_4096_sha512: keys_rsa_enc_pkcs8_v2_4096_3des_sha512 keys_rsa_enc_pkcs8_v2_4096_des_sha512 822 823### 824### Rules to generate all RSA keys from a particular class 825### 826 827### Generate basic unencrypted RSA keys 828keys_rsa_unenc: rsa_pkcs1_1024_clear.pem rsa_pkcs1_2048_clear.pem rsa_pkcs1_4096_clear.pem 829 830### Generate PKCS1-encoded encrypted RSA keys 831keys_rsa_enc_basic: keys_rsa_enc_basic_1024 keys_rsa_enc_basic_2048 keys_rsa_enc_basic_4096 832 833### Generate PKCS8-v1 encrypted RSA keys 834keys_rsa_enc_pkcs8_v1: keys_rsa_enc_pkcs8_v1_1024 keys_rsa_enc_pkcs8_v1_2048 keys_rsa_enc_pkcs8_v1_4096 835 836### Generate PKCS8-v2 encrypted RSA keys 837keys_rsa_enc_pkcs8_v2: keys_rsa_enc_pkcs8_v2_1024 keys_rsa_enc_pkcs8_v2_2048 keys_rsa_enc_pkcs8_v2_4096 keys_rsa_enc_pkcs8_v2_1024_sha224 keys_rsa_enc_pkcs8_v2_2048_sha224 keys_rsa_enc_pkcs8_v2_4096_sha224 keys_rsa_enc_pkcs8_v2_1024_sha256 keys_rsa_enc_pkcs8_v2_2048_sha256 keys_rsa_enc_pkcs8_v2_4096_sha256 keys_rsa_enc_pkcs8_v2_1024_sha384 keys_rsa_enc_pkcs8_v2_2048_sha384 keys_rsa_enc_pkcs8_v2_4096_sha384 keys_rsa_enc_pkcs8_v2_1024_sha512 keys_rsa_enc_pkcs8_v2_2048_sha512 keys_rsa_enc_pkcs8_v2_4096_sha512 838 839### Generate all RSA keys 840keys_rsa_all: keys_rsa_unenc keys_rsa_enc_basic keys_rsa_enc_pkcs8_v1 keys_rsa_enc_pkcs8_v2 841 842################################################################ 843#### Generate various EC keys 844################################################################ 845 846### 847### PKCS8 encoded 848### 849 850ec_prv.pk8.der: 851 $(OPENSSL) genpkey -algorithm EC -pkeyopt ec_paramgen_curve:prime192v1 -pkeyopt ec_param_enc:named_curve -out $@ -outform DER 852all_final += ec_prv.pk8.der 853 854# ### Instructions for creating `ec_prv.pk8nopub.der`, 855# ### `ec_prv.pk8nopubparam.der`, and `ec_prv.pk8param.der` by hand from 856# ### `ec_prv.pk8.der`. 857# 858# These instructions assume you are familiar with ASN.1 DER encoding and can 859# use a hex editor to manipulate DER. 860# 861# The relevant ASN.1 definitions for a PKCS#8 encoded Elliptic Curve key are: 862# 863# PrivateKeyInfo ::= SEQUENCE { 864# version Version, 865# privateKeyAlgorithm PrivateKeyAlgorithmIdentifier, 866# privateKey PrivateKey, 867# attributes [0] IMPLICIT Attributes OPTIONAL 868# } 869# 870# AlgorithmIdentifier ::= SEQUENCE { 871# algorithm OBJECT IDENTIFIER, 872# parameters ANY DEFINED BY algorithm OPTIONAL 873# } 874# 875# ECParameters ::= CHOICE { 876# namedCurve OBJECT IDENTIFIER 877# -- implicitCurve NULL 878# -- specifiedCurve SpecifiedECDomain 879# } 880# 881# ECPrivateKey ::= SEQUENCE { 882# version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1), 883# privateKey OCTET STRING, 884# parameters [0] ECParameters {{ NamedCurve }} OPTIONAL, 885# publicKey [1] BIT STRING OPTIONAL 886# } 887# 888# `ec_prv.pk8.der` as generatde above by OpenSSL should have the following 889# fields: 890# 891# * privateKeyAlgorithm namedCurve 892# * privateKey.parameters NOT PRESENT 893# * privateKey.publicKey PRESENT 894# * attributes NOT PRESENT 895# 896# # ec_prv.pk8nopub.der 897# 898# Take `ec_prv.pk8.der` and remove `privateKey.publicKey`. 899# 900# # ec_prv.pk8nopubparam.der 901# 902# Take `ec_prv.pk8nopub.der` and add `privateKey.parameters`, the same value as 903# `privateKeyAlgorithm.namedCurve`. Don't forget to add the explicit tag. 904# 905# # ec_prv.pk8param.der 906# 907# Take `ec_prv.pk8.der` and add `privateKey.parameters`, the same value as 908# `privateKeyAlgorithm.namedCurve`. Don't forget to add the explicit tag. 909 910ec_prv.pk8.pem: ec_prv.pk8.der 911 $(OPENSSL) pkey -in $< -inform DER -out $@ 912all_final += ec_prv.pk8.pem 913ec_prv.pk8nopub.pem: ec_prv.pk8nopub.der 914 $(OPENSSL) pkey -in $< -inform DER -out $@ 915all_final += ec_prv.pk8nopub.pem 916ec_prv.pk8nopubparam.pem: ec_prv.pk8nopubparam.der 917 $(OPENSSL) pkey -in $< -inform DER -out $@ 918all_final += ec_prv.pk8nopubparam.pem 919ec_prv.pk8param.pem: ec_prv.pk8param.der 920 $(OPENSSL) pkey -in $< -inform DER -out $@ 921all_final += ec_prv.pk8param.pem 922 923ec_prv.sec1.comp.pem: ec_prv.sec1.pem 924 $(OPENSSL) ec -in $< -out $@ -conv_form compressed 925all_final += ec_prv.sec1.comp.pem 926 927ec_224_prv.comp.pem: ec_224_prv.pem 928 $(OPENSSL) ec -in $< -out $@ -conv_form compressed 929all_final += ec_224_prv.comp.pem 930 931ec_256_prv.comp.pem: ec_256_prv.pem 932 $(OPENSSL) ec -in $< -out $@ -conv_form compressed 933all_final += ec_256_prv.comp.pem 934 935ec_384_prv.comp.pem: ec_384_prv.pem 936 $(OPENSSL) ec -in $< -out $@ -conv_form compressed 937all_final += ec_384_prv.comp.pem 938 939ec_521_prv.comp.pem: ec_521_prv.pem 940 $(OPENSSL) ec -in $< -out $@ -conv_form compressed 941all_final += ec_521_prv.comp.pem 942 943ec_bp256_prv.comp.pem: ec_bp256_prv.pem 944 $(OPENSSL) ec -in $< -out $@ -conv_form compressed 945all_final += ec_bp256_prv.comp.pem 946 947ec_bp384_prv.comp.pem: ec_bp384_prv.pem 948 $(OPENSSL) ec -in $< -out $@ -conv_form compressed 949all_final += ec_bp384_prv.comp.pem 950 951ec_bp512_prv.comp.pem: ec_bp512_prv.pem 952 $(OPENSSL) ec -in $< -out $@ -conv_form compressed 953all_final += ec_bp512_prv.comp.pem 954 955ec_pub.comp.pem: ec_pub.pem 956 $(OPENSSL) ec -pubin -in $< -out $@ -conv_form compressed 957all_final += ec_pub.comp.pem 958 959ec_224_pub.comp.pem: ec_224_pub.pem 960 $(OPENSSL) ec -pubin -in $< -out $@ -conv_form compressed 961all_final += ec_224_pub.comp.pem 962 963ec_256_pub.comp.pem: ec_256_pub.pem 964 $(OPENSSL) ec -pubin -in $< -out $@ -conv_form compressed 965all_final += ec_256_pub.comp.pem 966 967ec_384_pub.comp.pem: ec_384_pub.pem 968 $(OPENSSL) ec -pubin -in $< -out $@ -conv_form compressed 969all_final += ec_384_pub.comp.pem 970 971ec_521_pub.comp.pem: ec_521_pub.pem 972 $(OPENSSL) ec -pubin -in $< -out $@ -conv_form compressed 973all_final += ec_521_pub.comp.pem 974 975ec_bp256_pub.comp.pem: ec_bp256_pub.pem 976 $(OPENSSL) ec -pubin -in $< -out $@ -conv_form compressed 977all_final += ec_bp256_pub.comp.pem 978 979ec_bp384_pub.comp.pem: ec_bp384_pub.pem 980 $(OPENSSL) ec -pubin -in $< -out $@ -conv_form compressed 981all_final += ec_bp384_pub.comp.pem 982 983ec_bp512_pub.comp.pem: ec_bp512_pub.pem 984 $(OPENSSL) ec -pubin -in $< -out $@ -conv_form compressed 985all_final += ec_bp512_pub.comp.pem 986 987################################################################ 988### Generate CSRs for X.509 write test suite 989################################################################ 990 991server1.req.sha1: server1.key 992 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 993all_final += server1.req.sha1 994 995server1.req.md5: server1.key 996 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=MD5 997all_final += server1.req.md5 998 999server1.req.sha224: server1.key 1000 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA224 1001all_final += server1.req.sha224 1002 1003server1.req.sha256: server1.key 1004 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA256 1005all_final += server1.req.sha256 1006 1007server1.req.sha256.ext: server1.key 1008 # Generating this with OpenSSL as a comparison point to test we're getting the same result 1009 openssl req -new -out $@ -key $< -subj '/C=NL/O=PolarSSL/CN=PolarSSL Server 1' -sha256 -addext "extendedKeyUsage=serverAuth" -addext "subjectAltName=URI:http://pki.example.com/,IP:127.1.1.0,DNS:example.com" 1010all_final += server1.req.sha256.ext 1011 1012server1.req.sha384: server1.key 1013 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA384 1014all_final += server1.req.sha384 1015 1016server1.req.sha512: server1.key 1017 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA512 1018all_final += server1.req.sha512 1019 1020server1.req.cert_type: server1.key 1021 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< ns_cert_type=ssl_server subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 1022all_final += server1.req.cert_type 1023 1024server1.req.key_usage: server1.key 1025 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< key_usage=digital_signature,non_repudiation,key_encipherment subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 1026all_final += server1.req.key_usage 1027 1028server1.req.ku-ct: server1.key 1029 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< key_usage=digital_signature,non_repudiation,key_encipherment ns_cert_type=ssl_server subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 1030all_final += server1.req.ku-ct 1031 1032server1.req.key_usage_empty: server1.key 1033 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 force_key_usage=1 1034all_final += server1.req.key_usage_empty 1035 1036server1.req.cert_type_empty: server1.key 1037 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 force_ns_cert_type=1 1038all_final += server1.req.cert_type_empty 1039 1040server1.req.commas.sha256: server1.key 1041 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL\, Commas,CN=PolarSSL Server 1" md=SHA256 1042all_final += server1.req.commas.sha256 1043 1044# server2* 1045 1046server2_pwd_ec = PolarSSLTest 1047 1048server2.req.sha256: server2.key 1049 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=localhost" md=SHA256 1050all_intermediate += server2.req.sha256 1051 1052server2.crt.der: server2.crt 1053 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 1054all_final += server2.crt.der 1055 1056server2-sha256.crt.der: server2-sha256.crt 1057 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 1058all_final += server2-sha256.crt.der 1059 1060server2.key.der: server2.key 1061 $(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER 1062all_final += server2.key.der 1063 1064server2.key.enc: server2.key 1065 $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(server2_pwd_ec)" 1066all_final += server2.key.enc 1067 1068# server5* 1069 1070# The use of 'Server 1' in the DN is intentional here, as the DN is hardcoded in the x509_write test suite.' 1071server5.req.ku.sha1: server5.key 1072 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< key_usage=digital_signature,non_repudiation subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 1073all_final += server5.req.ku.sha1 1074 1075################################################################ 1076### Generate certificates for CRT write check tests 1077################################################################ 1078 1079### The test files use the Mbed TLS generated certificates server1*.crt, 1080### but for comparison with OpenSSL also rules for OpenSSL-generated 1081### certificates server1*.crt.openssl are offered. 1082### 1083### Known differences: 1084### * OpenSSL encodes trailing zero-bits in bit-strings occurring in X.509 extension 1085### as unused bits, while Mbed TLS doesn't. 1086 1087test_ca_server1_db = test-ca.server1.db 1088test_ca_server1_serial = test-ca.server1.serial 1089test_ca_server1_config_file = test-ca.server1.opensslconf 1090 1091# server1* 1092 1093server1.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 1094 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ 1095server1.long_serial.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 1096 echo "112233445566778899aabbccddeeff0011223344" > test-ca.server1.tmp.serial 1097 $(OPENSSL) ca -in server1.req.sha256 -key PolarSSLTest -config test-ca.server1.test_serial.opensslconf -notext -batch -out $@ 1098server1.80serial.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 1099 echo "8011223344" > test-ca.server1.tmp.serial 1100 $(OPENSSL) ca -in server1.req.sha256 -key PolarSSLTest -config test-ca.server1.test_serial.opensslconf -notext -batch -out $@ 1101server1.long_serial_FF.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 1102 echo "ffffffffffffffffffffffffffffffff" > test-ca.server1.tmp.serial 1103 $(OPENSSL) ca -in server1.req.sha256 -key PolarSSLTest -config test-ca.server1.test_serial.opensslconf -notext -batch -out $@ 1104server1.noauthid.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 1105 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 authority_identifier=0 version=3 output_file=$@ 1106server1.crt.der: server1.crt 1107 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 authority_identifier=0 version=3 output_file=$@ 1108server1.der: server1.crt 1109 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 1110server1.commas.crt: server1.key server1.req.commas.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 1111 $(MBEDTLS_CERT_WRITE) request_file=server1.req.commas.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ 1112all_final += server1.crt server1.noauthid.crt server1.crt.der server1.commas.crt 1113 1114server1.key_usage.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 1115 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 key_usage=digital_signature,non_repudiation,key_encipherment version=3 output_file=$@ 1116server1.key_usage_noauthid.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 1117 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 key_usage=digital_signature,non_repudiation,key_encipherment authority_identifier=0 version=3 output_file=$@ 1118server1.key_usage.der: server1.key_usage.crt 1119 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 1120all_final += server1.key_usage.crt server1.key_usage_noauthid.crt server1.key_usage.der 1121 1122server1.cert_type.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 1123 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 ns_cert_type=ssl_server version=3 output_file=$@ 1124server1.cert_type_noauthid.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 1125 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 ns_cert_type=ssl_server authority_identifier=0 version=3 output_file=$@ 1126server1.cert_type.der: server1.cert_type.crt 1127 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 1128all_final += server1.cert_type.crt server1.cert_type_noauthid.crt server1.cert_type.der 1129 1130server1.v1.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 1131 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 version=1 output_file=$@ 1132server1.v1.der: server1.v1.crt 1133 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 1134all_final += server1.v1.crt server1.v1.der 1135 1136server1.ca.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 1137 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 is_ca=1 version=3 output_file=$@ 1138server1.ca_noauthid.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 1139 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 authority_identifier=0 is_ca=1 version=3 output_file=$@ 1140server1.ca.der: server1.ca.crt 1141 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 1142all_final += server1.ca.crt server1.ca_noauthid.crt server1.ca.der 1143 1144server1_ca.crt: server1.crt $(test_ca_crt) 1145 cat server1.crt $(test_ca_crt) > $@ 1146all_final += server1_ca.crt 1147 1148cert_sha1.crt: server1.key 1149 $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=PolarSSL Cert SHA1" serial=7 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ 1150all_final += cert_sha1.crt 1151 1152cert_sha224.crt: server1.key 1153 $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=PolarSSL Cert SHA224" serial=8 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA224 version=3 output_file=$@ 1154all_final += cert_sha224.crt 1155 1156cert_sha256.crt: server1.key 1157 $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=PolarSSL Cert SHA256" serial=9 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA256 version=3 output_file=$@ 1158all_final += cert_sha256.crt 1159 1160cert_sha384.crt: server1.key 1161 $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=PolarSSL Cert SHA384" serial=10 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA384 version=3 output_file=$@ 1162all_final += cert_sha384.crt 1163 1164cert_sha512.crt: server1.key 1165 $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=PolarSSL Cert SHA512" serial=11 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA512 version=3 output_file=$@ 1166all_final += cert_sha512.crt 1167 1168cert_example_wildcard.crt: server1.key 1169 $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=*.example.com" serial=12 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ 1170all_final += cert_example_wildcard.crt 1171 1172# OpenSSL-generated certificates for comparison 1173# Also provide certificates in DER format to allow 1174# direct binary comparison using e.g. dumpasn1 1175server1.crt.openssl server1.key_usage.crt.openssl server1.cert_type.crt.openssl: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_server1_config_file) 1176 echo "01" > $(test_ca_server1_serial) 1177 rm -f $(test_ca_server1_db) 1178 touch $(test_ca_server1_db) 1179 $(OPENSSL) ca -batch -passin "pass:$(test_ca_pwd_rsa)" -config $(test_ca_server1_config_file) -in server1.req.sha256 -extensions v3_ext -extfile $@.v3_ext -out $@ 1180server1.der.openssl: server1.crt.openssl 1181 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 1182server1.key_usage.der.openssl: server1.key_usage.crt.openssl 1183 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 1184server1.cert_type.der.openssl: server1.cert_type.crt.openssl 1185 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 1186 1187server1.v1.crt.openssl: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_server1_config_file) 1188 echo "01" > $(test_ca_server1_serial) 1189 rm -f $(test_ca_server1_db) 1190 touch $(test_ca_server1_db) 1191 $(OPENSSL) ca -batch -passin "pass:$(test_ca_pwd_rsa)" -config $(test_ca_server1_config_file) -in server1.req.sha256 -out $@ 1192server1.v1.der.openssl: server1.v1.crt.openssl 1193 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 1194 1195# To revoke certificate in the openssl database: 1196# 1197# $(OPENSSL) ca -gencrl -batch -cert $(test_ca_crt) -keyfile $(test_ca_key_file_rsa) -key $(test_ca_pwd_rsa) -config $(test_ca_server1_config_file) -md sha256 -crldays 365 -revoke server1.crt 1198 1199crl.pem: $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_config_file) 1200 $(OPENSSL) ca -gencrl -batch -cert $(test_ca_crt) -keyfile $(test_ca_key_file_rsa) -key $(test_ca_pwd_rsa) -config $(test_ca_server1_config_file) -md sha1 -crldays 3653 -out $@ 1201 1202crl-futureRevocationDate.pem: $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_config_file) test-ca.server1.future-crl.db test-ca.server1.future-crl.opensslconf 1203 $(FAKETIME) '2028-12-31' $(OPENSSL) ca -gencrl -config test-ca.server1.future-crl.opensslconf -crldays 365 -passin "pass:$(test_ca_pwd_rsa)" -out $@ 1204 1205server1_all: crl.pem crl-futureRevocationDate.pem server1.crt server1.noauthid.crt server1.crt.openssl server1.v1.crt server1.v1.crt.openssl server1.key_usage.crt server1.key_usage_noauthid.crt server1.key_usage.crt.openssl server1.cert_type.crt server1.cert_type_noauthid.crt server1.cert_type.crt.openssl server1.der server1.der.openssl server1.v1.der server1.v1.der.openssl server1.key_usage.der server1.key_usage.der.openssl server1.cert_type.der server1.cert_type.der.openssl 1206 1207# server2* 1208 1209server2.crt: server2.req.sha256 1210 $(MBEDTLS_CERT_WRITE) request_file=server2.req.sha256 serial=2 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ 1211all_final += server2.crt 1212 1213server2.der: server2.crt 1214 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 1215all_final += server2.crt server2.der 1216 1217server2-sha256.crt: server2.req.sha256 1218 $(MBEDTLS_CERT_WRITE) request_file=server2.req.sha256 serial=2 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA256 version=3 output_file=$@ 1219all_final += server2-sha256.crt 1220 1221# MD5 test certificate 1222 1223cert_md_test_key = $(cli_crt_key_file_rsa) 1224 1225cert_md5.csr: $(cert_md_test_key) 1226 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Cert MD5" md=MD5 1227all_intermediate += cert_md5.csr 1228 1229cert_md5.crt: cert_md5.csr 1230 $(MBEDTLS_CERT_WRITE) request_file=$< serial=6 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20000101121212 not_after=20300101121212 md=MD5 version=3 output_file=$@ 1231all_final += cert_md5.crt 1232 1233# TLSv1.3 test certificates 1234ecdsa_secp256r1.key: ec_256_prv.pem 1235 cp $< $@ 1236 1237ecdsa_secp256r1.csr: ecdsa_secp256r1.key 1238 $(OPENSSL) req -new -subj "/C=NL/O=PolarSSL/CN=localhost" \ 1239 -key $< -out $@ 1240all_intermediate += ecdsa_secp256r1.csr 1241ecdsa_secp256r1.crt: ecdsa_secp256r1.csr 1242 $(OPENSSL) x509 -req -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) \ 1243 -set_serial 77 -days 3653 -sha384 -in $< -out $@ 1244all_final += ecdsa_secp256r1.crt ecdsa_secp256r1.key 1245tls13_certs: ecdsa_secp256r1.crt ecdsa_secp256r1.key 1246 1247ecdsa_secp384r1.key: ec_384_prv.pem 1248 cp $< $@ 1249ecdsa_secp384r1.csr: ecdsa_secp384r1.key 1250 $(OPENSSL) req -new -subj "/C=NL/O=PolarSSL/CN=localhost" \ 1251 -key $< -out $@ 1252all_intermediate += ecdsa_secp384r1.csr 1253ecdsa_secp384r1.crt: ecdsa_secp384r1.csr 1254 $(OPENSSL) x509 -req -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) \ 1255 -set_serial 77 -days 3653 -sha384 -in $< -out $@ 1256all_final += ecdsa_secp384r1.crt ecdsa_secp384r1.key 1257tls13_certs: ecdsa_secp384r1.crt ecdsa_secp384r1.key 1258 1259ecdsa_secp521r1.key: ec_521_prv.pem 1260 cp $< $@ 1261ecdsa_secp521r1.csr: ecdsa_secp521r1.key 1262 $(OPENSSL) req -new -subj "/C=NL/O=PolarSSL/CN=localhost" \ 1263 -key $< -out $@ 1264all_intermediate += ecdsa_secp521r1.csr 1265ecdsa_secp521r1.crt: ecdsa_secp521r1.csr 1266 $(OPENSSL) x509 -req -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) \ 1267 -set_serial 77 -days 3653 -sha384 -in $< -out $@ 1268all_final += ecdsa_secp521r1.crt ecdsa_secp521r1.key 1269tls13_certs: ecdsa_secp521r1.crt ecdsa_secp521r1.key 1270 1271# PKCS7 test data 1272pkcs7_test_cert_1 = pkcs7-rsa-sha256-1.crt 1273pkcs7_test_cert_2 = pkcs7-rsa-sha256-2.crt 1274pkcs7_test_cert_3 = pkcs7-rsa-sha256-3.crt 1275pkcs7_test_file = pkcs7_data.bin 1276 1277$(pkcs7_test_file): 1278 printf "Hello\15\n" > $@ 1279all_final += $(pkcs7_test_file) 1280 1281pkcs7_zerolendata.bin: 1282 printf '' > $@ 1283all_final += pkcs7_zerolendata.bin 1284 1285pkcs7_data_1.bin: 1286 printf "2\15\n" > $@ 1287all_final += pkcs7_data_1.bin 1288 1289# Generate signing cert 1290pkcs7-rsa-sha256-1.crt: 1291 $(OPENSSL) req -x509 -subj="/C=NL/O=PKCS7/CN=PKCS7 Cert 1" -sha256 -nodes -days 365 -newkey rsa:2048 -keyout pkcs7-rsa-sha256-1.key -out pkcs7-rsa-sha256-1.crt 1292 cat pkcs7-rsa-sha256-1.crt pkcs7-rsa-sha256-1.key > pkcs7-rsa-sha256-1.pem 1293all_final += pkcs7-rsa-sha256-1.crt 1294 1295pkcs7-rsa-sha256-2.crt: 1296 $(OPENSSL) req -x509 -subj="/C=NL/O=PKCS7/CN=PKCS7 Cert 2" -sha256 -nodes -days 365 -newkey rsa:2048 -keyout pkcs7-rsa-sha256-2.key -out pkcs7-rsa-sha256-2.crt 1297 cat pkcs7-rsa-sha256-2.crt pkcs7-rsa-sha256-2.key > pkcs7-rsa-sha256-2.pem 1298all_final += pkcs7-rsa-sha256-2.crt 1299 1300pkcs7-rsa-sha256-3.crt: 1301 $(OPENSSL) req -x509 -subj="/C=NL/O=PKCS7/CN=PKCS7 Cert 3" -sha256 -nodes -days 365 -newkey rsa:2048 -keyout pkcs7-rsa-sha256-3.key -out pkcs7-rsa-sha256-3.crt 1302 cat pkcs7-rsa-sha256-3.crt pkcs7-rsa-sha256-3.key > pkcs7-rsa-sha256-3.pem 1303all_final += pkcs7-rsa-sha256-3.crt 1304 1305pkcs7-rsa-expired.crt: 1306 $(FAKETIME) -f -3650d $(OPENSSL) req -x509 -subj="/C=NL/O=PKCS7/CN=PKCS7 Cert Expired" -sha256 -nodes -days 365 -newkey rsa:2048 -keyout pkcs7-rsa-expired.key -out pkcs7-rsa-expired.crt 1307all_final += pkcs7-rsa-expired.crt 1308 1309# File with an otherwise valid signature signed with an expired cert 1310pkcs7_data_rsa_expired.der: pkcs7-rsa-expired.key pkcs7-rsa-expired.crt pkcs7_data.bin 1311 $(OPENSSL) smime -sign -binary -in pkcs7_data.bin -out $@ -md sha256 -inkey pkcs7-rsa-expired.key -signer pkcs7-rsa-expired.crt -noattr -outform DER -out $@ 1312all_final += pkcs7_data_rsa_expired.der 1313 1314# Convert signing certs to DER for testing PEM-free builds 1315pkcs7-rsa-sha256-1.der: $(pkcs7_test_cert_1) 1316 $(OPENSSL) x509 -in pkcs7-rsa-sha256-1.crt -out $@ -outform DER 1317all_final += pkcs7-rsa-sha256-1.der 1318 1319pkcs7-rsa-sha256-2.der: $(pkcs7_test_cert_2) 1320 $(OPENSSL) x509 -in pkcs7-rsa-sha256-2.crt -out $@ -outform DER 1321all_final += pkcs7-rsa-sha256-2.der 1322 1323pkcs7-rsa-expired.der: pkcs7-rsa-expired.crt 1324 $(OPENSSL) x509 -in pkcs7-rsa-expired.crt -out $@ -outform DER 1325all_final += pkcs7-rsa-expired.der 1326 1327# pkcs7 signature file over zero-len data 1328pkcs7_zerolendata_detached.der: pkcs7_zerolendata.bin pkcs7-rsa-sha256-1.key pkcs7-rsa-sha256-1.crt 1329 $(OPENSSL) smime -sign -md sha256 -nocerts -noattr -in pkcs7_zerolendata.bin -inkey pkcs7-rsa-sha256-1.key -outform DER -binary -signer pkcs7-rsa-sha256-1.crt -out pkcs7_zerolendata_detached.der 1330all_final += pkcs7_zerolendata_detached.der 1331 1332# pkcs7 signature file with CERT 1333pkcs7_data_cert_signed_sha256.der: $(pkcs7_test_file) $(pkcs7_test_cert_1) 1334 $(OPENSSL) smime -sign -binary -in pkcs7_data.bin -out $@ -md sha256 -signer pkcs7-rsa-sha256-1.pem -noattr -outform DER -out $@ 1335all_final += pkcs7_data_cert_signed_sha256.der 1336 1337# pkcs7 signature file with CERT and sha1 1338pkcs7_data_cert_signed_sha1.der: $(pkcs7_test_file) $(pkcs7_test_cert_1) 1339 $(OPENSSL) smime -sign -binary -in pkcs7_data.bin -out $@ -md sha1 -signer pkcs7-rsa-sha256-1.pem -noattr -outform DER -out $@ 1340all_final += pkcs7_data_cert_signed_sha1.der 1341 1342# pkcs7 signature file with CERT and sha512 1343pkcs7_data_cert_signed_sha512.der: $(pkcs7_test_file) $(pkcs7_test_cert_1) 1344 $(OPENSSL) smime -sign -binary -in pkcs7_data.bin -out $@ -md sha512 -signer pkcs7-rsa-sha256-1.pem -noattr -outform DER -out $@ 1345all_final += pkcs7_data_cert_signed_sha512.der 1346 1347# pkcs7 signature file without CERT 1348pkcs7_data_without_cert_signed.der: $(pkcs7_test_file) $(pkcs7_test_cert_1) 1349 $(OPENSSL) smime -sign -binary -in pkcs7_data.bin -out $@ -md sha256 -signer pkcs7-rsa-sha256-1.pem -nocerts -noattr -outform DER -out $@ 1350all_final += pkcs7_data_without_cert_signed.der 1351 1352# pkcs7 signature file with signature 1353pkcs7_data_with_signature.der: $(pkcs7_test_file) $(pkcs7_test_cert_1) 1354 $(OPENSSL) smime -sign -binary -in pkcs7_data.bin -out $@ -md sha256 -signer pkcs7-rsa-sha256-1.pem -nocerts -noattr -nodetach -outform DER -out $@ 1355all_final += pkcs7_data_with_signature.der 1356 1357# pkcs7 signature file with two signers 1358pkcs7_data_multiple_signed.der: $(pkcs7_test_file) $(pkcs7_test_cert_1) $(pkcs7_test_cert_2) 1359 $(OPENSSL) smime -sign -binary -in pkcs7_data.bin -out $@ -md sha256 -signer pkcs7-rsa-sha256-1.pem -signer pkcs7-rsa-sha256-2.pem -nocerts -noattr -outform DER -out $@ 1360all_final += pkcs7_data_multiple_signed.der 1361 1362# pkcs7 signature file with three signers 1363pkcs7_data_3_signed.der: $(pkcs7_test_file) $(pkcs7_test_cert_1) $(pkcs7_test_cert_2) $(pkcs7_test_cert_3) 1364 $(OPENSSL) smime -sign -binary -in pkcs7_data.bin -out $@ -md sha256 -signer pkcs7-rsa-sha256-1.pem -signer pkcs7-rsa-sha256-2.pem -signer pkcs7-rsa-sha256-3.pem -nocerts -noattr -outform DER -out $@ 1365all_final += pkcs7_data_3_signed.der 1366 1367# pkcs7 signature file with multiple certificates 1368pkcs7_data_multiple_certs_signed.der: $(pkcs7_test_file) $(pkcs7_test_cert_1) $(pkcs7_test_cert_2) 1369 $(OPENSSL) smime -sign -binary -in pkcs7_data.bin -out $@ -md sha256 -signer pkcs7-rsa-sha256-1.pem -signer pkcs7-rsa-sha256-2.pem -noattr -outform DER -out $@ 1370all_final += pkcs7_data_multiple_certs_signed.der 1371 1372# pkcs7 signature file with corrupted CERT 1373pkcs7_data_signed_badcert.der: pkcs7_data_cert_signed_sha256.der 1374 cp pkcs7_data_cert_signed_sha256.der $@ 1375 echo 'a1' | xxd -r -p | dd of=$@ bs=1 seek=547 conv=notrunc 1376all_final += pkcs7_data_signed_badcert.der 1377 1378# pkcs7 signature file with corrupted signer info 1379pkcs7_data_signed_badsigner.der: pkcs7_data_cert_signed_sha256.der 1380 cp pkcs7_data_cert_signed_sha256.der $@ 1381 echo 'a1' | xxd -r -p | dd of=$@ bs=1 seek=918 conv=notrunc 1382all_final += pkcs7_data_signed_badsigner.der 1383 1384# pkcs7 signature file with invalid tag in signerInfo[1].serial after long issuer name 1385pkcs7_signerInfo_1_serial_invalid_tag_after_long_name.der: pkcs7_data_multiple_signed.der 1386 cp $< $@ 1387 echo 'a1' | xxd -r -p | dd of=$@ bs=1 seek=498 conv=notrunc 1388all_final += pkcs7_signerInfo_1_serial_invalid_tag_after_long_name.der 1389 1390# pkcs7 signature file with invalid tag in signerInfo[2] 1391pkcs7_signerInfo_2_invalid_tag.der: pkcs7_data_3_signed.der 1392 cp $< $@ 1393 echo 'a1' | xxd -r -p | dd of=$@ bs=1 seek=810 conv=notrunc 1394all_final += pkcs7_signerInfo_2_invalid_tag.der 1395 1396# pkcs7 signature file with corrupted signer info[1] 1397pkcs7_data_signed_badsigner1_badsize.der: pkcs7_data_3_signed.der 1398 cp pkcs7_data_3_signed.der $@ 1399 echo '72' | xxd -p -r | dd of=$@ bs=1 seek=438 conv=notrunc 1400all_final += pkcs7_data_signed_badsigner1_badsize.der 1401 1402pkcs7_data_signed_badsigner1_badtag.der: pkcs7_data_3_signed.der 1403 cp pkcs7_data_3_signed.der $@ 1404 echo 'a1' | xxd -p -r | dd of=$@ bs=1 seek=442 conv=notrunc 1405all_final += pkcs7_data_signed_badsigner1_badtag.der 1406 1407pkcs7_data_signed_badsigner1_fuzzbad.der: pkcs7_data_3_signed.der 1408 cp pkcs7_data_3_signed.der $@ 1409 echo 'a1' | xxd -p -r | dd of=$@ bs=1 seek=550 conv=notrunc 1410all_final += pkcs7_data_signed_badsigner1_fuzzbad.der 1411 1412# pkcs7 signature file with corrupted signer info[2] 1413pkcs7_data_signed_badsigner2_badsize.der: pkcs7_data_3_signed.der 1414 cp pkcs7_data_3_signed.der $@ 1415 echo '72'| xxd -p -r | dd of=$@ bs=1 seek=813 conv=notrunc 1416all_final += pkcs7_data_signed_badsigner2_badsize 1417 1418pkcs7_data_signed_badsigner2_badtag.der: pkcs7_data_3_signed.der 1419 cp pkcs7_data_3_signed.der $@ 1420 echo 'a1'| xxd -p -r | dd of=$@ bs=1 seek=817 conv=notrunc 1421all_final += pkcs7_data_signed_badsigner2_badtag 1422 1423pkcs7_data_signed_badsigner2_fuzzbad.der: pkcs7_data_3_signed.der 1424 cp pkcs7_data_3_signed.der $@ 1425 echo 'a1'| xxd -p -r | dd of=$@ bs=1 seek=925 conv=notrunc 1426all_final += pkcs7_data_signed_badsigner2_fuzzbad 1427 1428# pkcs7 file with version 2 1429pkcs7_data_cert_signed_v2.der: pkcs7_data_cert_signed_sha256.der 1430 cp pkcs7_data_cert_signed_sha256.der $@ 1431 echo '02' | xxd -r -p | dd of=$@ bs=1 seek=25 conv=notrunc 1432all_final += pkcs7_data_cert_signed_v2.der 1433 1434pkcs7_data_cert_encrypted.der: $(pkcs7_test_file) $(pkcs7_test_cert_1) 1435 $(OPENSSL) smime -encrypt -aes256 -in pkcs7_data.bin -binary -outform DER -out $@ pkcs7-rsa-sha256-1.crt 1436all_final += pkcs7_data_cert_encrypted.der 1437 1438## Negative tests 1439# For some interesting sizes, what happens if we make them off-by-one? 1440pkcs7_signerInfo_issuer_invalid_size.der: pkcs7_data_cert_signed_sha256.der 1441 cp $< $@ 1442 echo '35' | xxd -r -p | dd of=$@ seek=919 bs=1 conv=notrunc 1443all_final += pkcs7_signerInfo_issuer_invalid_size.der 1444 1445pkcs7_signerInfo_serial_invalid_size.der: pkcs7_data_cert_signed_sha256.der 1446 cp $< $@ 1447 echo '15' | xxd -r -p | dd of=$@ seek=973 bs=1 conv=notrunc 1448all_final += pkcs7_signerInfo_serial_invalid_size.der 1449 1450# pkcs7 signature file just with signed data 1451pkcs7_data_cert_signeddata_sha256.der: pkcs7_data_cert_signed_sha256.der 1452 dd if=pkcs7_data_cert_signed_sha256.der of=$@ skip=19 bs=1 1453all_final += pkcs7_data_cert_signeddata_sha256.der 1454 1455################################################################ 1456#### Diffie-Hellman parameters 1457################################################################ 1458 1459dh.998.pem: 1460 $(OPENSSL) dhparam -out $@ -text 998 1461 1462dh.999.pem: 1463 $(OPENSSL) dhparam -out $@ -text 999 1464 1465################################################################ 1466#### Meta targets 1467################################################################ 1468 1469all_final: $(all_final) 1470all: $(all_intermediate) $(all_final) 1471 1472.PHONY: default all_final all 1473.PHONY: keys_rsa_all 1474.PHONY: keys_rsa_unenc keys_rsa_enc_basic 1475.PHONY: keys_rsa_enc_pkcs8_v1 keys_rsa_enc_pkcs8_v2 1476.PHONY: keys_rsa_enc_basic_1024 keys_rsa_enc_basic_2048 keys_rsa_enc_basic_4096 1477.PHONY: keys_rsa_enc_pkcs8_v1_1024 keys_rsa_enc_pkcs8_v2_1024 1478.PHONY: keys_rsa_enc_pkcs8_v1_2048 keys_rsa_enc_pkcs8_v2_2048 1479.PHONY: keys_rsa_enc_pkcs8_v1_4096 keys_rsa_enc_pkcs8_v2_4096 1480.PHONY: server1_all 1481 1482# These files should not be committed to the repository. 1483list_intermediate: 1484 @printf '%s\n' $(all_intermediate) | sort 1485# These files should be committed to the repository so that the test data is 1486# available upon checkout without running a randomized process depending on 1487# third-party tools. 1488list_final: 1489 @printf '%s\n' $(all_final) | sort 1490.PHONY: list_intermediate list_final 1491 1492## Remove intermediate files 1493clean: 1494 rm -f $(all_intermediate) 1495## Remove all build products, even the ones that are committed 1496neat: clean 1497 rm -f $(all_final) 1498.PHONY: clean neat 1499
