1## This file contains a record of how some of the test data was 2## generated. The final build products are committed to the repository 3## as well to make sure that the test data is identical. You do not 4## need to use this makefile unless you're extending Mbed TLS's tests. 5 6## Many data files were generated prior to the existence of this 7## makefile, so the method of their generation was not recorded. 8 9## Note that in addition to depending on the version of the data 10## generation tool, many of the build outputs are randomized, so 11## running this makefile twice would not produce the same results. 12 13## Tools 14OPENSSL ?= openssl 15FAKETIME ?= faketime 16 17TOP_DIR = ../.. 18MBEDTLS_CERT_WRITE ?= $(TOP_DIR)/programs/x509/cert_write 19MBEDTLS_CERT_REQ ?= $(TOP_DIR)/programs/x509/cert_req 20 21 22## Build the generated test data. Note that since the final outputs 23## are committed to the repository, this target should do nothing on a 24## fresh checkout. Furthermore, since the generation is randomized, 25## re-running the same targets may result in differing files. The goal 26## of this makefile is primarily to serve as a record of how the 27## targets were generated in the first place. 28default: all_final 29 30all_intermediate := # temporary files 31all_final := # files used by tests 32 33 34 35################################################################ 36#### Generate certificates from existing keys 37################################################################ 38 39test_ca_crt = test-ca.crt 40test_ca_key_file_rsa = test-ca.key 41test_ca_key_file_rsa_unenc = test-ca_unenc.key 42test_ca_pwd_rsa = PolarSSLTest 43test_ca_config_file = test-ca.opensslconf 44 45$(test_ca_key_file_rsa): 46 $(OPENSSL) genrsa -aes-128-cbc -passout pass:$(test_ca_pwd_rsa) -out $@ 2048 47$(test_ca_key_file_rsa_unenc): $(test_ca_key_file_rsa) 48 $(OPENSSL) rsa -passin pass:$(test_ca_pwd_rsa) -in $< -out $@ 49all_final += $(test_ca_key_file_rsa) $(test_ca_key_file_rsa_unenc) 50 51test-ca.req.sha256: $(test_ca_key_file_rsa) 52 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$(test_ca_key_file_rsa) password=$(test_ca_pwd_rsa) subject_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" md=SHA256 53all_intermediate += test-ca.req.sha256 54 55parse_input/test-ca.crt test-ca.crt: $(test_ca_key_file_rsa) test-ca.req.sha256 56 $(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 request_file=test-ca.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144400 not_after=20290210144400 md=SHA1 version=3 output_file=$@ 57all_final += test-ca.crt 58 59parse_input/test-ca.crt.der: parse_input/test-ca.crt 60 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 61 62test-ca.key.der: $(test_ca_key_file_rsa) 63 $(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER -passin "pass:$(test_ca_pwd_rsa)" 64all_final += test-ca.key.der 65 66# This is only used for generating cert_example_multi_nocn.crt 67test-ca_nocn.crt: $(test_ca_key_file_rsa) 68 $(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 selfsign=1 \ 69 subject_key=$(test_ca_key_file_rsa) subject_pwd=$(test_ca_pwd_rsa) subject_name="C=NL" \ 70 issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) issuer_name="C=NL" \ 71 not_before=20190210144400 not_after=20290210144400 md=SHA1 version=3 output_file=$@ 72all_intermediate += test-ca_nocn.crt 73 74test-ca-sha1.crt: $(test_ca_key_file_rsa) test-ca.req.sha256 75 $(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 request_file=test-ca.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144400 not_after=20290210144400 md=SHA1 version=3 output_file=$@ 76all_final += test-ca-sha1.crt 77 78test-ca-sha1.crt.der: test-ca-sha1.crt 79 $(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER 80all_final += test-ca-sha1.crt.der 81 82test-ca-sha256.crt: $(test_ca_key_file_rsa) test-ca.req.sha256 83 $(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 request_file=test-ca.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144400 not_after=20290210144400 md=SHA256 version=3 output_file=$@ 84all_final += test-ca-sha256.crt 85 86test-ca-sha256.crt.der: test-ca-sha256.crt 87 $(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER 88all_final += test-ca-sha256.crt.der 89 90test-ca_utf8.crt: $(test_ca_key_file_rsa) 91 $(OPENSSL) req -x509 -new -nodes -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 3 -config $(test_ca_config_file) -sha1 -days 3653 -utf8 -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test CA" -out $@ 92all_final += test-ca_utf8.crt 93 94test-ca_printable.crt: $(test_ca_key_file_rsa) 95 $(OPENSSL) req -x509 -new -nodes -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 3 -config $(test_ca_config_file) -sha1 -days 3653 -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test CA" -out $@ 96all_final += test-ca_printable.crt 97 98test-ca_uppercase.crt: $(test_ca_key_file_rsa) 99 $(OPENSSL) req -x509 -new -nodes -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 3 -config $(test_ca_config_file) -sha1 -days 3653 -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test CA" -out $@ 100all_final += test-ca_uppercase.crt 101 102test_ca_key_file_rsa_alt = test-ca-alt.key 103 104cert_example_multi.csr: rsa_pkcs1_1024_clear.pem 105 $(OPENSSL) req -new -subj "/C=NL/O=PolarSSL/CN=www.example.com" -set_serial 17 -config $(test_ca_config_file) -extensions dns_alt_names -days 3650 -key rsa_pkcs1_1024_clear.pem -out $@ 106 107parse_input/cert_example_multi.crt cert_example_multi.crt: cert_example_multi.csr 108 $(OPENSSL) x509 -req -CA $(test_ca_crt) -CAkey $(test_ca_key_file_rsa) \ 109 -extfile $(test_ca_config_file) -extensions dns_alt_names \ 110 -passin "pass:$(test_ca_pwd_rsa)" -set_serial 17 -days 3653 -sha256 \ 111 -in $< > $@ 112 113cert_example_multi_nocn.csr: rsa_pkcs1_1024_clear.pem 114 $(MBEDTLS_CERT_REQ) filename=$< output_file=$@ subject_name='C=NL' 115all_intermediate += cert_example_multi_nocn.csr 116 117parse_input/cert_example_multi_nocn.crt cert_example_multi_nocn.crt: cert_example_multi_nocn.csr test-ca_nocn.crt 118 $(OPENSSL) x509 -req -CA test-ca_nocn.crt -CAkey $(test_ca_key_file_rsa) \ 119 -extfile $(test_ca_config_file) -extensions ext_multi_nocn -passin "pass:$(test_ca_pwd_rsa)" \ 120 -set_serial 0xf7c67ff8e9a963f9 -days 3653 -sha1 -in $< > $@ 121all_final += cert_example_multi_nocn.crt 122 123parse_input/test_csr_v3_keyUsage.csr.der: rsa_pkcs1_1024_clear.pem 124 $(OPENSSL) req -new -subj '/CN=etcd' -config $(test_ca_config_file) -key rsa_pkcs1_1024_clear.pem -outform DER -out $@ -reqexts csr_ext_v3_keyUsage 125parse_input/test_csr_v3_subjectAltName.csr.der: rsa_pkcs1_1024_clear.pem 126 $(OPENSSL) req -new -subj '/CN=etcd' -config $(test_ca_config_file) -key rsa_pkcs1_1024_clear.pem -outform DER -out $@ -reqexts csr_ext_v3_subjectAltName 127parse_input/test_csr_v3_nsCertType.csr.der: rsa_pkcs1_1024_clear.pem 128 $(OPENSSL) req -new -subj '/CN=etcd' -config $(test_ca_config_file) -key rsa_pkcs1_1024_clear.pem -outform DER -out $@ -reqexts csr_ext_v3_nsCertType 129parse_input/test_csr_v3_all.csr.der: rsa_pkcs1_1024_clear.pem 130 $(OPENSSL) req -new -subj '/CN=etcd' -config $(test_ca_config_file) -key rsa_pkcs1_1024_clear.pem -outform DER -out $@ -reqexts csr_ext_v3_all 131parse_input/test_csr_v3_all_malformed_extensions_sequence_tag.csr.der: parse_input/test_csr_v3_all.csr.der 132 (hexdump -ve '1/1 "%.2X"' $< | sed "s/300B0603551D0F040403/200B0603551D0F040403/" | xxd -r -p ) > $@ 133parse_input/test_csr_v3_all_malformed_extension_id_tag.csr.der: parse_input/test_csr_v3_all.csr.der 134 (hexdump -ve '1/1 "%.2X"' $< | sed "s/0603551D0F0404030201/0703551D0F0404030201/" | xxd -r -p ) > $@ 135parse_input/test_csr_v3_all_malformed_extension_data_tag.csr.der: parse_input/test_csr_v3_all.csr.der 136 (hexdump -ve '1/1 "%.2X"' $< | sed "s/040403020102302F0603/050403020102302F0603/" | xxd -r -p ) > $@ 137parse_input/test_csr_v3_all_malformed_extension_data_len1.csr.der: parse_input/test_csr_v3_all.csr.der 138 (hexdump -ve '1/1 "%.2X"' $< | sed "s/040403020102302F0603/040503020102302F0603/" | xxd -r -p ) > $@ 139parse_input/test_csr_v3_all_malformed_extension_data_len2.csr.der: parse_input/test_csr_v3_all.csr.der 140 (hexdump -ve '1/1 "%.2X"' $< | sed "s/040403020102302F0603/040303020102302F0603/" | xxd -r -p ) > $@ 141parse_input/test_csr_v3_all_malformed_extension_key_usage_bitstream_tag.csr.der: parse_input/test_csr_v3_all.csr.der 142 (hexdump -ve '1/1 "%.2X"' $< | sed "s/03020102302F0603551D/04020102302F0603551D/" | xxd -r -p ) > $@ 143parse_input/test_csr_v3_all_malformed_extension_subject_alt_name_sequence_tag.csr.der: parse_input/test_csr_v3_all.csr.der 144 (hexdump -ve '1/1 "%.2X"' $< | sed "s/3026A02406082B060105/4026A02406082B060105/" | xxd -r -p ) > $@ 145parse_input/test_csr_v3_all_malformed_extension_ns_cert_bitstream_tag.csr.der: parse_input/test_csr_v3_all.csr.der 146 (hexdump -ve '1/1 "%.2X"' $< | sed "s/03020780300D06092A86/04020780300D06092A86/" | xxd -r -p ) > $@ 147parse_input/test_csr_v3_all_malformed_duplicated_extension.csr.der: parse_input/test_csr_v3_all.csr.der 148 (hexdump -ve '1/1 "%.2X"' $< | sed "s/551D11/551D0F/" | xxd -r -p ) > $@ 149parse_input/test_csr_v3_all_malformed_extension_type_oid.csr.der: parse_input/test_csr_v3_all.csr.der 150 (hexdump -ve '1/1 "%.2X"' $< | sed "s/551D11/551DFF/" | xxd -r -p ) > $@ 151parse_input/test_csr_v3_all_malformed_attributes_sequence_tag.csr.der: parse_input/test_csr_v3_all.csr.der 152 (hexdump -ve '1/1 "%.2X"' $< | sed "s/306006092A864886F70D/406006092A864886F70D/" | xxd -r -p ) > $@ 153parse_input/test_csr_v3_all_malformed_attributes_id_tag.csr.der: parse_input/test_csr_v3_all.csr.der 154 (hexdump -ve '1/1 "%.2X"' $< | sed "s/06092A864886F70D0109/07092A864886F70D0109/" | xxd -r -p ) > $@ 155parse_input/test_csr_v3_all_malformed_attributes_extension_request.csr.der: parse_input/test_csr_v3_all.csr.der 156 (hexdump -ve '1/1 "%.2X"' $< | sed "s/2A864886F70D01090E/2A864886F70D01090F/" | xxd -r -p ) > $@ 157parse_input/test_csr_v3_all_malformed_attributes_extension_request_set_tag.csr.der: parse_input/test_csr_v3_all.csr.der 158 (hexdump -ve '1/1 "%.2X"' $< | sed "s/31533051300B0603551D/32533051300B0603551D/" | xxd -r -p ) > $@ 159parse_input/test_csr_v3_all_malformed_attributes_extension_request_sequence_tag.csr.der: parse_input/test_csr_v3_all.csr.der 160 (hexdump -ve '1/1 "%.2X"' $< | sed "s/3051300B0603551D0F04/3151300B0603551D0F04/" | xxd -r -p ) > $@ 161parse_input/test_csr_v3_all_malformed_attributes_len1.csr.der: parse_input/test_csr_v3_all.csr.der 162 (hexdump -ve '1/1 "%.2X"' $< | sed "s/306006092A864886F70D/306106092A864886F70D/" | xxd -r -p ) > $@ 163parse_input/test_csr_v3_all_malformed_attributes_len2.csr.der: parse_input/test_csr_v3_all.csr.der 164 (hexdump -ve '1/1 "%.2X"' $< | sed "s/306006092A864886F70D/305906092A864886F70D/" | xxd -r -p ) > $@ 165parse_input/test_csr_v3_all_malformed_attributes_extension_request_sequence_len1.csr.der: parse_input/test_csr_v3_all.csr.der 166 (hexdump -ve '1/1 "%.2X"' $< | sed "s/3051300B0603551D0F04/3052300B0603551D0F04/" | xxd -r -p ) > $@ 167parse_input/test_csr_v3_all_malformed_attributes_extension_request_sequence_len2.csr.der: parse_input/test_csr_v3_all.csr.der 168 (hexdump -ve '1/1 "%.2X"' $< | sed "s/3051300B0603551D0F04/3050300B0603551D0F04/" | xxd -r -p ) > $@ 169 170parse_input/test_cert_rfc822name.crt.der: cert_example_multi.csr 171 $(OPENSSL) x509 -req -CA $(test_ca_crt) -CAkey $(test_ca_key_file_rsa) -extfile $(test_ca_config_file) -outform DER -extensions rfc822name_names -passin "pass:$(test_ca_pwd_rsa)" -set_serial 17 -days 3653 -sha256 -in $< > $@ 172 173$(test_ca_key_file_rsa_alt):test-ca.opensslconf 174 $(OPENSSL) genrsa -out $@ 2048 175test-ca-alt.csr: $(test_ca_key_file_rsa_alt) $(test_ca_config_file) 176 $(OPENSSL) req -new -config $(test_ca_config_file) -key $(test_ca_key_file_rsa_alt) -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test CA" -out $@ 177all_intermediate += test-ca-alt.csr 178test-ca-alt.crt: $(test_ca_key_file_rsa_alt) $(test_ca_config_file) test-ca-alt.csr 179 $(OPENSSL) req -x509 -config $(test_ca_config_file) -key $(test_ca_key_file_rsa_alt) -set_serial 0 -days 3653 -sha256 -in test-ca-alt.csr -out $@ 180all_final += test-ca-alt.crt 181test-ca-alt-good.crt: test-ca-alt.crt test-ca-sha256.crt 182 cat test-ca-alt.crt test-ca-sha256.crt > $@ 183all_final += test-ca-alt-good.crt 184test-ca-good-alt.crt: test-ca-alt.crt test-ca-sha256.crt 185 cat test-ca-sha256.crt test-ca-alt.crt > $@ 186all_final += test-ca-good-alt.crt 187 188test_ca_crt_file_ec = test-ca2.crt 189test_ca_key_file_ec = test-ca2.key 190 191test-ca2.req.sha256: $(test_ca_key_file_ec) 192 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$(test_ca_key_file_ec) \ 193 subject_name="C=NL,O=PolarSSL,CN=Polarssl Test EC CA" md=SHA256 194all_intermediate += test-ca2.req.sha256 195 196test-ca2.crt: $(test_ca_key_file_ec) test-ca2.req.sha256 197 $(MBEDTLS_CERT_WRITE) is_ca=1 serial=13926223505202072808 selfsign=1 \ 198 request_file=test-ca2.req.sha256 \ 199 issuer_name="C=NL,O=PolarSSL,CN=Polarssl Test EC CA" \ 200 issuer_key=$(test_ca_key_file_ec) \ 201 not_before=20190210144400 not_after=20290210144400 \ 202 md=SHA256 version=3 output_file=$@ 203all_final += test-ca2.crt 204 205test-ca2.ku-%.crt: test-ca2.ku-%.crt.openssl.v3_ext $(test_ca_key_file_ec) test-ca2.req.sha256 206 $(OPENSSL) x509 -req -in test-ca2.req.sha256 -extfile $< \ 207 -signkey $(test_ca_key_file_ec) -days 3653 -out $@ 208 209all_final += test-ca2.ku-crl.crt test-ca2.ku-crt.crt test-ca2.ku-crt_crl.crt \ 210 test-ca2.ku-ds.crt 211 212test-ca2-future.crt: $(test_ca_key_file_ec) test-ca2.req.sha256 213 $(MBEDTLS_CERT_WRITE) is_ca=1 serial=13926223505202072808 request_file=test-ca2.req.sha256 selfsign=1 \ 214 issuer_name="C=NL,O=PolarSSL,CN=Polarssl Test EC CA" issuer_key=$(test_ca_key_file_ec) \ 215 not_before=20290210144400 not_after=20390210144400 md=SHA256 version=3 output_file=$@ 216all_intermediate += test-ca2-future.crt 217 218test_ca_ec_cat := # files that concatenate different crt 219test-ca2_cat-future-invalid.crt: test-ca2-future.crt server6.crt 220test_ca_ec_cat += test-ca2_cat-future-invalid.crt 221test-ca2_cat-future-present.crt: test-ca2-future.crt test-ca2.crt 222test_ca_ec_cat += test-ca2_cat-future-present.crt 223test-ca2_cat-present-future.crt: test-ca2.crt test-ca2-future.crt 224test_ca_ec_cat += test-ca2_cat-present-future.crt 225test-ca2_cat-present-past.crt: test-ca2.crt test-ca2-expired.crt 226test_ca_ec_cat += test-ca2_cat-present-past.crt 227test-ca2_cat-past-invalid.crt: test-ca2-expired.crt server6.crt 228test_ca_ec_cat += test-ca2_cat-past-invalid.crt 229test-ca2_cat-past-present.crt: test-ca2-expired.crt test-ca2.crt 230test_ca_ec_cat += test-ca2_cat-past-present.crt 231$(test_ca_ec_cat): 232 cat $^ > $@ 233all_final += $(test_ca_ec_cat) 234 235parse_input/test-ca-any_policy.crt: $(test_ca_key_file_rsa) test-ca.req.sha256 236 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_any_policy_ca \ 237 -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" \ 238 -set_serial 0 -days 3653 -sha256 -in test-ca.req.sha256 -out $@ 239 240parse_input/test-ca-any_policy_ec.crt: $(test_ca_key_file_ec) test-ca.req_ec.sha256 241 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_any_policy_ca \ 242 -key $(test_ca_key_file_ec) -set_serial 0 -days 3653 -sha256 \ 243 -in test-ca.req_ec.sha256 -out $@ 244 245parse_input/test-ca-any_policy_with_qualifier.crt: $(test_ca_key_file_rsa) test-ca.req.sha256 246 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_any_policy_qualifier_ca -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha256 -in test-ca.req.sha256 -out $@ 247 248parse_input/test-ca-any_policy_with_qualifier_ec.crt: $(test_ca_key_file_ec) test-ca.req_ec.sha256 249 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_any_policy_qualifier_ca -key $(test_ca_key_file_ec) -set_serial 0 -days 3653 -sha256 -in test-ca.req_ec.sha256 -out $@ 250 251parse_input/test-ca-multi_policy.crt: $(test_ca_key_file_rsa) test-ca.req.sha256 252 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_multi_policy_ca -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha256 -in test-ca.req.sha256 -out $@ 253 254parse_input/test-ca-multi_policy_ec.crt: $(test_ca_key_file_ec) test-ca.req_ec.sha256 255 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_multi_policy_ca -key $(test_ca_key_file_ec) -set_serial 0 -days 3653 -sha256 -in test-ca.req_ec.sha256 -out $@ 256 257parse_input/test-ca-unsupported_policy.crt: $(test_ca_key_file_rsa) test-ca.req.sha256 258 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_unsupported_policy_ca -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha256 -in test-ca.req.sha256 -out $@ 259 260parse_input/test-ca-unsupported_policy_ec.crt: $(test_ca_key_file_ec) test-ca.req_ec.sha256 261 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_unsupported_policy_ca -key $(test_ca_key_file_ec) -set_serial 0 -days 3653 -sha256 -in test-ca.req_ec.sha256 -out $@ 262 263test-ca.req_ec.sha256: $(test_ca_key_file_ec) 264 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$(test_ca_key_file_ec) subject_name="C=NL, O=PolarSSL, CN=Polarssl Test EC CA" md=SHA256 265all_intermediate += test-ca.req_ec.sha256 266 267test-ca2.crt.der: $(test_ca_crt_file_ec) 268 $(OPENSSL) x509 -in $(test_ca_crt_file_ec) -out $@ -inform PEM -outform DER 269all_final += test-ca2.crt.der 270 271test-ca2.key.der: $(test_ca_key_file_ec) 272 $(OPENSSL) pkey -in $(test_ca_key_file_ec) -out $@ -inform PEM -outform DER 273all_final += test-ca2.key.der 274 275test_ca_crt_cat12 = test-ca_cat12.crt 276$(test_ca_crt_cat12): $(test_ca_crt) $(test_ca_crt_file_ec) 277 cat $(test_ca_crt) $(test_ca_crt_file_ec) > $@ 278all_final += $(test_ca_crt_cat12) 279 280test_ca_crt_cat21 = test-ca_cat21.crt 281$(test_ca_crt_cat21): $(test_ca_crt) $(test_ca_crt_file_ec) 282 cat $(test_ca_crt_file_ec) $(test_ca_crt) > $@ 283all_final += $(test_ca_crt_cat21) 284 285test-int-ca.csr: test-int-ca.key $(test_ca_config_file) 286 $(OPENSSL) req -new -config $(test_ca_config_file) -key test-int-ca.key -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test Intermediate CA" -out $@ 287 288test-int-ca2.csr: test-int-ca2.key $(test_ca_config_file) 289 $(OPENSSL) req -new -config $(test_ca_config_file) -key test-int-ca2.key \ 290 -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test Intermediate EC CA" -out $@ 291 292test-int-ca3.csr: test-int-ca3.key $(test_ca_config_file) 293 $(OPENSSL) req -new -config $(test_ca_config_file) -key test-int-ca3.key \ 294 -subj "/C=UK/O=mbed TLS/CN=mbed TLS Test intermediate CA 3" -out $@ 295 296all_intermediate += test-int-ca.csr test-int-ca2.csr test-int-ca3.csr 297 298test-int-ca.crt: $(test_ca_crt_file_ec) $(test_ca_key_file_ec) $(test_ca_config_file) test-int-ca.csr 299 $(OPENSSL) x509 -req -extfile $(test_ca_config_file) -extensions v3_ca \ 300 -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) \ 301 -set_serial 14 -days 3653 -sha256 -in test-int-ca.csr -out $@ 302 303test-int-ca2.crt: $(test_ca_key_file_rsa) $(test_ca_crt) $(test_ca_config_file) test-int-ca2.csr 304 $(OPENSSL) x509 -req -extfile $(test_ca_config_file) -extensions v3_ca -CA $(test_ca_crt) \ 305 -CAkey $(test_ca_key_file_rsa) -set_serial 15 -days 3653 -sha256 -in test-int-ca2.csr \ 306 -passin "pass:$(test_ca_pwd_rsa)" -out $@ 307 308# Note: This requests openssl version >= 3.x.xx 309test-int-ca3.crt: test-int-ca2.crt test-int-ca2.key $(test_ca_config_file) test-int-ca3.csr 310 $(OPENSSL) x509 -req -extfile $(test_ca_config_file) -extensions no_subj_auth_id \ 311 -CA test-int-ca2.crt -CAkey test-int-ca2.key -set_serial 77 -days 3653 \ 312 -sha256 -in test-int-ca3.csr -out $@ 313 314test-int-ca-exp.crt: $(test_ca_crt_file_ec) $(test_ca_key_file_ec) $(test_ca_config_file) test-int-ca.csr 315 $(FAKETIME) -f -3653d $(OPENSSL) x509 -req -extfile $(test_ca_config_file) -extensions v3_ca -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) -set_serial 14 -days 3653 -sha256 -in test-int-ca.csr -out $@ 316 317all_final += test-int-ca-exp.crt test-int-ca.crt test-int-ca2.crt test-int-ca3.crt 318 319enco-cert-utf8str.pem: rsa_pkcs1_1024_clear.pem 320 $(MBEDTLS_CERT_WRITE) subject_key=rsa_pkcs1_1024_clear.pem subject_name="CN=dw.yonan.net" issuer_crt=enco-ca-prstr.pem issuer_key=rsa_pkcs1_1024_clear.pem not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ 321 322parse_input/crl-idp.pem: $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_config_file) 323 $(OPENSSL) ca -gencrl -batch -cert $(test_ca_crt) -keyfile $(test_ca_key_file_rsa) -key $(test_ca_pwd_rsa) -config $(test_ca_config_file) -name test_ca -md sha256 -crldays 3653 -crlexts crl_ext_idp -out $@ 324parse_input/crl-idpnc.pem: $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_config_file) 325 $(OPENSSL) ca -gencrl -batch -cert $(test_ca_crt) -keyfile $(test_ca_key_file_rsa) -key $(test_ca_pwd_rsa) -config $(test_ca_config_file) -name test_ca -md sha256 -crldays 3653 -crlexts crl_ext_idp_nc -out $@ 326 327cli_crt_key_file_rsa = cli-rsa.key 328cli_crt_extensions_file = cli.opensslconf 329 330cli-rsa.csr: $(cli_crt_key_file_rsa) 331 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Client 2" md=SHA1 332all_intermediate += cli-rsa.csr 333 334cli-rsa-sha1.crt: cli-rsa.csr 335 $(MBEDTLS_CERT_WRITE) request_file=$< serial=4 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ 336 337cli-rsa-sha256.crt: cli-rsa.csr 338 $(MBEDTLS_CERT_WRITE) request_file=$< serial=4 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA256 version=3 output_file=$@ 339all_final += cli-rsa-sha256.crt 340 341cli-rsa-sha256.crt.der: cli-rsa-sha256.crt 342 $(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER 343all_final += cli-rsa-sha256.crt.der 344 345parse_input/cli-rsa-sha256-badalg.crt.der: cli-rsa-sha256.crt.der 346 hexdump -ve '1/1 "%.2X"' $< | sed "s/06092A864886F70D01010B0500/06092A864886F70D01010B0900/2" | xxd -r -p > $@ 347 348cli-rsa.key.der: $(cli_crt_key_file_rsa) 349 $(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER 350all_final += cli-rsa.key.der 351 352test_ca_int_rsa1 = test-int-ca.crt 353test_ca_int_ec = test-int-ca2.crt 354test_ca_int_key_file_ec = test-int-ca2.key 355 356# server7* 357 358server7.csr: server7.key 359 $(OPENSSL) req -new -key server7.key -subj "/C=NL/O=PolarSSL/CN=localhost" -out $@ 360all_intermediate += server7.csr 361 362server7.crt: server7.csr $(test_ca_int_rsa1) 363 $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa \ 364 -CA $(test_ca_int_rsa1) -CAkey test-int-ca.key \ 365 -set_serial 16 -days 3653 -sha256 -in server7.csr > $@ 366all_final += server7.crt 367 368server7-expired.crt: server7.csr $(test_ca_int_rsa1) 369 $(FAKETIME) -f -3653d $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA $(test_ca_int_rsa1) -CAkey test-int-ca.key -set_serial 16 -days 3653 -sha256 -in server7.csr | cat - $(test_ca_int_rsa1) > $@ 370all_final += server7-expired.crt 371 372server7-future.crt: server7.csr $(test_ca_int_rsa1) 373 $(FAKETIME) -f +3653d $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA $(test_ca_int_rsa1) -CAkey test-int-ca.key -set_serial 16 -days 3653 -sha256 -in server7.csr | cat - $(test_ca_int_rsa1) > $@ 374all_final += server7-future.crt 375 376server7-badsign.crt: server7.crt $(test_ca_int_rsa1) 377 { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; cat $(test_ca_int_rsa1); } > $@ 378all_final += server7-badsign.crt 379 380parse_input/server7_int-ca.crt server7_int-ca.crt: server7.crt $(test_ca_int_rsa1) 381 cat server7.crt $(test_ca_int_rsa1) > $@ 382all_final += server7_int-ca.crt 383 384parse_input/server7_pem_space.crt: server7.crt $(test_ca_int_rsa1) 385 cat server7.crt $(test_ca_int_rsa1) | sed '4s/\(.\)$$/ \1/' > $@ 386 387parse_input/server7_all_space.crt: server7.crt $(test_ca_int_rsa1) 388 { cat server7.crt | sed '4s/\(.\)$$/ \1/'; cat test-int-ca.crt | sed '4s/\(.\)$$/ \1/'; } > $@ 389 390parse_input/server7_trailing_space.crt: server7.crt $(test_ca_int_rsa1) 391 cat server7.crt $(test_ca_int_rsa1) | sed 's/\(.\)$$/\1 /' > $@ 392 393server7_int-ca_ca2.crt: server7.crt $(test_ca_int_rsa1) $(test_ca_crt_file_ec) 394 cat server7.crt $(test_ca_int_rsa1) $(test_ca_crt_file_ec) > $@ 395all_final += server7_int-ca_ca2.crt 396 397server7_int-ca-exp.crt: server7.crt test-int-ca-exp.crt 398 cat server7.crt test-int-ca-exp.crt > $@ 399all_final += server7_int-ca-exp.crt 400 401server7_spurious_int-ca.crt: server7.crt $(test_ca_int_ec) $(test_ca_int_rsa1) 402 cat server7.crt $(test_ca_int_ec) $(test_ca_int_rsa1) > $@ 403all_final += server7_spurious_int-ca.crt 404 405# server8* 406 407server8.crt: server8.key 408 $(MBEDTLS_CERT_WRITE) subject_key=$< subject_name="C=NL, O=PolarSSL, CN=localhost" serial=17 \ 409 issuer_crt=$(test_ca_int_ec) issuer_key=$(test_ca_int_key_file_ec) \ 410 not_before=20190210144406 not_after=20290210144406 \ 411 md=SHA256 version=3 output_file=$@ 412all_final += server8.crt 413 414server8_int-ca2.crt: server8.crt $(test_ca_int_ec) 415 cat $^ > $@ 416all_final += server8_int-ca2.crt 417 418cli2.req.sha256: cli2.key 419 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Test Client 2" md=SHA256 420all_intermediate += cli2.req.sha256 421 422all_final += server1.req.sha1 423cli2.crt: cli2.req.sha256 424 $(MBEDTLS_CERT_WRITE) request_file=cli2.req.sha256 serial=13 selfsign=0 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test EC CA" issuer_key=$(test_ca_key_file_ec) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144400 not_after=20290210144400 md=SHA256 version=3 output_file=$@ 425all_final += cli2.crt 426 427cli2.crt.der: cli2.crt 428 $(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER 429all_final += cli2.crt.der 430 431cli2.key.der: cli2.key 432 $(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER 433all_final += cli2.key.der 434 435server5_pwd_ec = PolarSSLTest 436 437server5.crt.der: server5.crt 438 $(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER 439all_final += server5.crt.der 440 441server5.key.der: server5.key 442 $(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER 443all_final += server5.key.der 444 445server5.key.enc: server5.key 446 $(OPENSSL) ec -aes256 -in $< -out $@ -passout "pass:$(server5_pwd_ec)" 447all_final += server5.key.enc 448 449server5-ss-expired.crt: server5.key 450 $(FAKETIME) -f -3653d $(OPENSSL) req -x509 -new -subj "/C=UK/O=mbed TLS/OU=testsuite/CN=localhost" -days 3653 -sha256 -key $< -out $@ 451all_final += server5-ss-expired.crt 452 453# try to forge a copy of test-int-ca3 with different key 454server5-ss-forgeca.crt: server5.key 455 $(OPENSSL) req -x509 -new -subj "/C=UK/O=mbed TLS/CN=mbed TLS Test intermediate CA 3" \ 456 -set_serial 77 -config $(test_ca_config_file) -extensions noext_ca \ 457 -days 3650 -sha256 -key $< -out $@ 458all_final += server5-ss-forgeca.crt 459 460server5-selfsigned.crt: server5.key 461 openssl req -x509 -key server5.key \ 462 -sha256 -days 3650 -nodes \ 463 -addext basicConstraints=critical,CA:FALSE \ 464 -addext keyUsage=critical,digitalSignature \ 465 -addext subjectKeyIdentifier=hash \ 466 -addext authorityKeyIdentifier=none \ 467 -set_serial 0x53a2cb4b124ead837da894b2 \ 468 -subj "/CN=selfsigned/OU=testing/O=PolarSSL/C=NL" \ 469 -out $@ 470all_final += server5-selfsigned.crt 471 472parse_input/server5-othername.crt.der: server5.key 473 $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions othername_san -days 3650 -sha256 -key $< -outform der -out $@ 474 475parse_input/server5-nonprintable_othername.crt.der: server5.key 476 $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS non-printable othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions nonprintable_othername_san -days 3650 -sha256 -key $< -outform der -out $@ 477 478parse_input/server5-unsupported_othername.crt.der: server5.key 479 $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS unsupported othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions unsupported_othername_san -days 3650 -sha256 -key $< -outform der -out $@ 480 481parse_input/server5-fan.crt.der: server5.key 482 $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS FAN" -set_serial 77 -config $(test_ca_config_file) -extensions fan_cert -days 3650 -sha256 -key server5.key -outform der -out $@ 483 484server5-tricky-ip-san.crt.der: server5.key 485 $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS Tricky IP SAN" -set_serial 77 -config $(test_ca_config_file) -extensions tricky_ip_san -days 3650 -sha256 -key server5.key -outform der -out $@ 486 487all_final += server5-tricky-ip-san.crt.der 488 489# malformed IP length 490server5-tricky-ip-san-malformed-len.crt.der: server5-tricky-ip-san.crt.der 491 hexdump -ve '1/1 "%.2X"' $< | sed "s/87046162636487106162/87056162636487106162/" | xxd -r -p > $@ 492 493parse_input/server5-directoryname.crt.der: server5.key 494 $(OPENSSL) req -x509 -outform der -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS directoryName SAN" -set_serial 77 -config $(test_ca_config_file) -extensions directory_name_san -days 3650 -sha256 -key server5.key -out $@ 495 496parse_input/server5-two-directorynames.crt.der: server5.key 497 $(OPENSSL) req -x509 -outform der -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS directoryName SAN" -set_serial 77 -config $(test_ca_config_file) -extensions two_directorynames -days 3650 -sha256 -key server5.key -out $@ 498 499server5-der0.crt: server5.crt.der 500 cp $< $@ 501server5-der1a.crt: server5.crt.der 502 cp $< $@ 503 echo '00' | xxd -r -p | dd of=$@ bs=1 seek=$$(wc -c <$<) conv=notrunc 504server5-der1b.crt: server5.crt.der 505 cp $< $@ 506 echo 'c1' | xxd -r -p | dd of=$@ bs=1 seek=$$(wc -c <$<) conv=notrunc 507server5-der2.crt: server5.crt.der 508 cp $< $@ 509 echo 'b90a' | xxd -r -p | dd of=$@ bs=1 seek=$$(wc -c <$<) conv=notrunc 510server5-der4.crt: server5.crt.der 511 cp $< $@ 512 echo 'a710945f' | xxd -r -p | dd of=$@ bs=1 seek=$$(wc -c <$<) conv=notrunc 513server5-der8.crt: server5.crt.der 514 cp $< $@ 515 echo 'a4a7ff27267aaa0f' | xxd -r -p | dd of=$@ bs=1 seek=$$(wc -c <$<) conv=notrunc 516server5-der9.crt: server5.crt.der 517 cp $< $@ 518 echo 'cff8303376ffa47a29' | xxd -r -p | dd of=$@ bs=1 seek=$$(wc -c <$<) conv=notrunc 519all_final += server5-der0.crt server5-der1b.crt server5-der4.crt \ 520 server5-der9.crt server5-der1a.crt server5-der2.crt \ 521 server5-der8.crt 522 523# directoryname sequence tag malformed 524parse_input/server5-directoryname-seq-malformed.crt.der: parse_input/server5-two-directorynames.crt.der 525 hexdump -ve '1/1 "%.2X"' $< | sed "s/62A4473045310B/62A4473145310B/" | xxd -r -p > $@ 526 527# Second directoryname OID length malformed 03 -> 15 528parse_input/server5-second-directoryname-oid-malformed.crt.der: parse_input/server5-two-directorynames.crt.der 529 hexdump -ve '1/1 "%.2X"' $< | sed "s/0355040A0C0A4D414C464F524D5F4D45/1555040A0C0A4D414C464F524D5F4D45/" | xxd -r -p > $@ 530 531parse_input/rsa_single_san_uri.crt.der rsa_single_san_uri.crt.der: rsa_single_san_uri.key 532 $(OPENSSL) req -x509 -outform der -nodes -days 7300 -newkey rsa:2048 -key $< -out $@ -addext "subjectAltName = URI:urn:example.com:5ff40f78-9210-494f-8206-c2c082f0609c" -extensions 'v3_req' -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS URI SAN" 533 534parse_input/rsa_multiple_san_uri.crt.der: rsa_multiple_san_uri.key 535 $(OPENSSL) req -x509 -outform der -nodes -days 7300 -newkey rsa:2048 -key $< -out $@ -addext "subjectAltName = URI:urn:example.com:5ff40f78-9210-494f-8206-c2c082f0609c, URI:urn:example.com:5ff40f78-9210-494f-8206-abcde1234567" -extensions 'v3_req' -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS URI SAN" 536 537test-int-ca3-badsign.crt: test-int-ca3.crt 538 { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; } > $@ 539all_final += test-int-ca3-badsign.crt 540 541# server9* 542 543server9.csr: server9.key 544 $(OPENSSL) req -new -subj "/C=NL/O=PolarSSL/CN=localhost" \ 545 -key $< -out $@ 546parse_input/server9.crt server9.crt: server9-sha1.crt 547 cp $< $@ 548all_final += server9.crt 549all_intermediate += server9.csr server9-sha1.crt 550 551server9-%.crt: server9.csr $(test_ca_crt) $(test_ca_key_file_rsa) 552 $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa \ 553 -passin "pass:$(test_ca_pwd_rsa)" -CA $(test_ca_crt) -CAkey $(test_ca_key_file_rsa) \ 554 -set_serial $(SERVER9_CRT_SERIAL) -days 3653 \ 555 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:max \ 556 -sigopt rsa_mgf1_md:$(@F:server9-%.crt=%) -$(@F:server9-%.crt=%) \ 557 -in $< -out $@ 558server9-sha1.crt: SERVER9_CRT_SERIAL=22 559parse_input/server9-sha224.crt server9-sha224.crt: SERVER9_CRT_SERIAL=23 560parse_input/server9-sha256.crt server9-sha256.crt: SERVER9_CRT_SERIAL=24 561parse_input/server9-sha384.crt server9-sha384.crt: SERVER9_CRT_SERIAL=25 562parse_input/server9-sha512.crt server9-sha512.crt: SERVER9_CRT_SERIAL=26 563all_final += server9-sha224.crt server9-sha256.crt server9-sha384.crt server9-sha512.crt 564 565server9-defaults.crt: server9.csr $(test_ca_crt) $(test_ca_key_file_rsa) 566 $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa \ 567 -passin "pass:$(test_ca_pwd_rsa)" -CA $(test_ca_crt) -CAkey $(test_ca_key_file_rsa) \ 568 -set_serial 72 -days 3653 \ 569 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:max -sha1 \ 570 -in $< -out $@ 571all_final += server9-defaults.crt 572 573server9-badsign.crt: server9.crt 574 { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; } > $@ 575all_final += server9-badsign.crt 576 577server9-with-ca.crt: server9.crt $(test_ca_crt) 578 cat $^ > $@ 579all_final += server9-with-ca.crt 580 581server9-bad-mgfhash.crt: server9.csr $(test_ca_crt) $(test_ca_key_file_rsa) 582 $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa \ 583 -passin "pass:$(test_ca_pwd_rsa)" -CA $(test_ca_crt) -CAkey $(test_ca_key_file_rsa) \ 584 -set_serial 24 -days 3653 \ 585 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:max \ 586 -sigopt rsa_mgf1_md:sha224 -sha256 \ 587 -in $< -out $@ 588all_final += server9-bad-mgfhash.crt 589 590server9-bad-saltlen.crt: server9.csr $(test_ca_crt) $(test_ca_key_file_rsa) \ 591 opensslcnf/server9.crt.v3_ext \ 592 ../scripts/generate_server9_bad_saltlen.py 593 ../scripts/generate_server9_bad_saltlen.py --ca-name test-ca \ 594 --ca-password $(test_ca_pwd_rsa) --csr server9.csr \ 595 --openssl-extfile opensslcnf/server9.crt.v3_ext \ 596 --anounce_saltlen 0xde --actual_saltlen 0x20 \ 597 --output $@ 598all_final += server9-bad-saltlen.crt 599 600# server10* 601 602server10.crt: server10.key test-int-ca3.crt test-int-ca3.key 603 $(MBEDTLS_CERT_WRITE) subject_key=$< subject_name="CN=localhost" serial=75 \ 604 issuer_crt=test-int-ca3.crt issuer_key=test-int-ca3.key \ 605 subject_identifier=0 authority_identifier=0 \ 606 not_before=20190210144406 not_after=20290210144406 \ 607 md=SHA256 version=3 output_file=$@ 608all_final += server10.crt 609server10-badsign.crt: server10.crt 610 { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; } > $@ 611all_final += server10-badsign.crt 612server10-bs_int3.pem: server10-badsign.crt test-int-ca3.crt 613 cat server10-badsign.crt test-int-ca3.crt > $@ 614all_final += server10-bs_int3.pem 615server10_int3-bs.pem: server10.crt test-int-ca3-badsign.crt 616 cat server10.crt test-int-ca3-badsign.crt > $@ 617all_final += server10_int3-bs.pem 618server10_int3_int-ca2.crt: server10.crt test-int-ca3.crt $(test_ca_int_ec) 619 cat $^ > $@ 620all_final += server10_int3_int-ca2.crt 621server10_int3_int-ca2_ca.crt: server10.crt test-int-ca3.crt $(test_ca_int_ec) $(test_ca_crt) 622 cat $^ > $@ 623all_final += server10_int3_int-ca2_ca.crt 624server10_int3_spurious_int-ca2.crt: server10.crt test-int-ca3.crt $(test_ca_int_rsa1) $(test_ca_int_ec) 625 cat $^ > $@ 626all_final += server10_int3_spurious_int-ca2.crt 627 628rsa_pkcs1_2048_public.pem: server8.key 629 $(OPENSSL) rsa -in $< -outform PEM -RSAPublicKey_out -out $@ 630all_final += rsa_pkcs1_2048_public.pem 631 632rsa_pkcs1_2048_public.der: rsa_pkcs1_2048_public.pem 633 $(OPENSSL) rsa -RSAPublicKey_in -in $< -outform DER -RSAPublicKey_out -out $@ 634all_final += rsa_pkcs1_2048_public.der 635 636rsa_pkcs8_2048_public.pem: server8.key 637 $(OPENSSL) rsa -in $< -outform PEM -pubout -out $@ 638all_final += rsa_pkcs8_2048_public.pem 639 640rsa_pkcs8_2048_public.der: rsa_pkcs8_2048_public.pem 641 $(OPENSSL) rsa -pubin -in $< -outform DER -pubout -out $@ 642all_final += rsa_pkcs8_2048_public.der 643 644# Generate crl_cat_*.pem 645# - crt_cat_*.pem: (1+2) concatenations in various orders: 646# ec = crl-ec-sha256.pem, ecfut = crl-future.pem 647# rsa = crl.pem, rsabadpem = same with pem error, rsaexp = crl_expired.pem 648 649crl_cat_ec-rsa.pem:crl-ec-sha256.pem crl.pem 650 cat $^ > $@ 651 652crl_cat_rsa-ec.pem:crl.pem crl-ec-sha256.pem 653 cat $^ > $@ 654 655all_final += crl_cat_ec-rsa.pem crl_cat_rsa-ec.pem 656 657authorityKeyId_subjectKeyId.crt.der: 658 $(OPENSSL) req -x509 -nodes -days 7300 -key server2.key -outform DER -out $@ -config authorityKeyId_subjectKeyId.conf -extensions 'v3_req' -set_serial 593828494303792449134898749208168108403991951034 659 660authorityKeyId_no_keyid.crt.der: 661 $(OPENSSL) req -x509 -nodes -days 7300 -key server2.key -outform DER -out $@ -config authorityKeyId_subjectKeyId.conf -extensions 'v3_req_authorityKeyId_no_keyid' -set_serial 593828494303792449134898749208168108403991951034 662 663authorityKeyId_no_issuer.crt.der: 664 $(OPENSSL) req -x509 -nodes -days 7300 -key server2.key -outform DER -out $@ -config authorityKeyId_subjectKeyId.conf -extensions 'v3_req_authorityKeyId_no_issuer' 665 666authorityKeyId_no_authorityKeyId.crt.der: 667 $(OPENSSL) req -x509 -nodes -days 7300 -key server2.key -outform DER -out $@ -config authorityKeyId_subjectKeyId.conf -extensions 'v3_req_no_authorityKeyId' 668 669authorityKeyId_subjectKeyId_tag_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der 670 hexdump -ve '1/1 "%.2X"' $< | sed "s/0414A505E864B8DCDF600F50124D60A864AF4D8B4393/0114A505E864B8DCDF600F50124D60A864AF4D8B4393/" | xxd -r -p > $@ 671 672authorityKeyId_subjectKeyId_tag_len_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der 673 hexdump -ve '1/1 "%.2X"' $< | sed "s/0414A505E864B8DCDF600F50124D60A864AF4D8B4393/0413A505E864B8DCDF600F50124D60A864AF4D8B4393/" | xxd -r -p > $@ 674 675authorityKeyId_subjectKeyId_length_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der 676 hexdump -ve '1/1 "%.2X"' $< | sed "s/306D8014A505E864B8DC/306C8014A505E864B8DC/" | xxd -r -p > $@ 677 678authorityKeyId_subjectKeyId_sequence_tag_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der 679 hexdump -ve '1/1 "%.2X"' $< | sed "s/6F306D8014A505E864B8/6F006D8014A505E864B8/" | xxd -r -p > $@ 680 681authorityKeyId_subjectKeyId_keyid_tag_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der 682 hexdump -ve '1/1 "%.2X"' $< | sed "s/306D8014A505E864B8DC/306D0014A505E864B8DC/" | xxd -r -p > $@ 683 684authorityKeyId_subjectKeyId_keyid_tag_len_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der 685 hexdump -ve '1/1 "%.2X"' $< | sed "s/306D8014A505E864B8DC/306D80FFA505E864B8DC/" | xxd -r -p > $@ 686 687authorityKeyId_subjectKeyId_issuer_tag1_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der 688 hexdump -ve '1/1 "%.2X"' $< | sed "s/A13FA43D303B310B3009/003FA43D303B310B3009/" | xxd -r -p > $@ 689 690authorityKeyId_subjectKeyId_issuer_tag2_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der 691 hexdump -ve '1/1 "%.2X"' $< | sed "s/A43D303B310B30090603/003D303B310B30090603/" | xxd -r -p > $@ 692 693authorityKeyId_subjectKeyId_sn_tag_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der 694 hexdump -ve '1/1 "%.2X"' $< | sed "s/8214680430CD074DE63F/8114680430CD074DE63F/" | xxd -r -p > $@ 695 696authorityKeyId_subjectKeyId_sn_len_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der 697 hexdump -ve '1/1 "%.2X"' $< | sed "s/8214680430CD074DE63F/8213680430CD074DE63F/" | xxd -r -p > $@ 698 699################################################################ 700#### Generate various RSA keys 701################################################################ 702 703### Password used for PKCS1-encoded encrypted RSA keys 704keys_rsa_basic_pwd = testkey 705 706### Password used for PKCS8-encoded encrypted RSA keys 707keys_rsa_pkcs8_pwd = PolarSSLTest 708 709### Basic 1024-, 2048- and 4096-bit unencrypted RSA keys from which 710### all other encrypted RSA keys are derived. 711rsa_pkcs1_1024_clear.pem: 712 $(OPENSSL) genrsa -out $@ 1024 713all_final += rsa_pkcs1_1024_clear.pem 714rsa_pkcs1_2048_clear.pem: 715 $(OPENSSL) genrsa -out $@ 2048 716all_final += rsa_pkcs1_2048_clear.pem 717rsa_pkcs1_4096_clear.pem: 718 $(OPENSSL) genrsa -out $@ 4096 719all_final += rsa_pkcs1_4096_clear.pem 720 721### 722### PKCS1-encoded, encrypted RSA keys 723### 724 725### 1024-bit 726rsa_pkcs1_1024_des.pem: rsa_pkcs1_1024_clear.pem 727 $(OPENSSL) rsa -des -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 728all_final += rsa_pkcs1_1024_des.pem 729rsa_pkcs1_1024_3des.pem: rsa_pkcs1_1024_clear.pem 730 $(OPENSSL) rsa -des3 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 731all_final += rsa_pkcs1_1024_3des.pem 732rsa_pkcs1_1024_aes128.pem: rsa_pkcs1_1024_clear.pem 733 $(OPENSSL) rsa -aes128 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 734all_final += rsa_pkcs1_1024_aes128.pem 735rsa_pkcs1_1024_aes192.pem: rsa_pkcs1_1024_clear.pem 736 $(OPENSSL) rsa -aes192 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 737all_final += rsa_pkcs1_1024_aes192.pem 738rsa_pkcs1_1024_aes256.pem: rsa_pkcs1_1024_clear.pem 739 $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 740all_final += rsa_pkcs1_1024_aes256.pem 741keys_rsa_enc_basic_1024: rsa_pkcs1_1024_des.pem rsa_pkcs1_1024_3des.pem rsa_pkcs1_1024_aes128.pem rsa_pkcs1_1024_aes192.pem rsa_pkcs1_1024_aes256.pem 742 743# 2048-bit 744rsa_pkcs1_2048_des.pem: rsa_pkcs1_2048_clear.pem 745 $(OPENSSL) rsa -des -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 746all_final += rsa_pkcs1_2048_des.pem 747rsa_pkcs1_2048_3des.pem: rsa_pkcs1_2048_clear.pem 748 $(OPENSSL) rsa -des3 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 749all_final += rsa_pkcs1_2048_3des.pem 750rsa_pkcs1_2048_aes128.pem: rsa_pkcs1_2048_clear.pem 751 $(OPENSSL) rsa -aes128 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 752all_final += rsa_pkcs1_2048_aes128.pem 753rsa_pkcs1_2048_aes192.pem: rsa_pkcs1_2048_clear.pem 754 $(OPENSSL) rsa -aes192 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 755all_final += rsa_pkcs1_2048_aes192.pem 756rsa_pkcs1_2048_aes256.pem: rsa_pkcs1_2048_clear.pem 757 $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 758all_final += rsa_pkcs1_2048_aes256.pem 759keys_rsa_enc_basic_2048: rsa_pkcs1_2048_des.pem rsa_pkcs1_2048_3des.pem rsa_pkcs1_2048_aes128.pem rsa_pkcs1_2048_aes192.pem rsa_pkcs1_2048_aes256.pem 760 761# 4096-bit 762rsa_pkcs1_4096_des.pem: rsa_pkcs1_4096_clear.pem 763 $(OPENSSL) rsa -des -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 764all_final += rsa_pkcs1_4096_des.pem 765rsa_pkcs1_4096_3des.pem: rsa_pkcs1_4096_clear.pem 766 $(OPENSSL) rsa -des3 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 767all_final += rsa_pkcs1_4096_3des.pem 768rsa_pkcs1_4096_aes128.pem: rsa_pkcs1_4096_clear.pem 769 $(OPENSSL) rsa -aes128 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 770all_final += rsa_pkcs1_4096_aes128.pem 771rsa_pkcs1_4096_aes192.pem: rsa_pkcs1_4096_clear.pem 772 $(OPENSSL) rsa -aes192 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 773all_final += rsa_pkcs1_4096_aes192.pem 774rsa_pkcs1_4096_aes256.pem: rsa_pkcs1_4096_clear.pem 775 $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 776all_final += rsa_pkcs1_4096_aes256.pem 777keys_rsa_enc_basic_4096: rsa_pkcs1_4096_des.pem rsa_pkcs1_4096_3des.pem rsa_pkcs1_4096_aes128.pem rsa_pkcs1_4096_aes192.pem rsa_pkcs1_4096_aes256.pem 778 779### 780### PKCS8-v1 encoded, encrypted RSA keys 781### 782 783### 1024-bit 784rsa_pkcs8_pbe_sha1_1024_3des.der: rsa_pkcs1_1024_clear.pem 785 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES 786all_final += rsa_pkcs8_pbe_sha1_1024_3des.der 787rsa_pkcs8_pbe_sha1_1024_3des.pem: rsa_pkcs1_1024_clear.pem 788 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES 789all_final += rsa_pkcs8_pbe_sha1_1024_3des.pem 790keys_rsa_enc_pkcs8_v1_1024_3des: rsa_pkcs8_pbe_sha1_1024_3des.pem rsa_pkcs8_pbe_sha1_1024_3des.der 791 792rsa_pkcs8_pbe_sha1_1024_2des.der: rsa_pkcs1_1024_clear.pem 793 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES 794all_final += rsa_pkcs8_pbe_sha1_1024_2des.der 795rsa_pkcs8_pbe_sha1_1024_2des.pem: rsa_pkcs1_1024_clear.pem 796 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES 797all_final += rsa_pkcs8_pbe_sha1_1024_2des.pem 798keys_rsa_enc_pkcs8_v1_1024_2des: rsa_pkcs8_pbe_sha1_1024_2des.pem rsa_pkcs8_pbe_sha1_1024_2des.der 799 800keys_rsa_enc_pkcs8_v1_1024: keys_rsa_enc_pkcs8_v1_1024_3des keys_rsa_enc_pkcs8_v1_1024_2des 801 802### 2048-bit 803rsa_pkcs8_pbe_sha1_2048_3des.der: rsa_pkcs1_2048_clear.pem 804 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES 805all_final += rsa_pkcs8_pbe_sha1_2048_3des.der 806rsa_pkcs8_pbe_sha1_2048_3des.pem: rsa_pkcs1_2048_clear.pem 807 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES 808all_final += rsa_pkcs8_pbe_sha1_2048_3des.pem 809keys_rsa_enc_pkcs8_v1_2048_3des: rsa_pkcs8_pbe_sha1_2048_3des.pem rsa_pkcs8_pbe_sha1_2048_3des.der 810 811rsa_pkcs8_pbe_sha1_2048_2des.der: rsa_pkcs1_2048_clear.pem 812 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES 813all_final += rsa_pkcs8_pbe_sha1_2048_2des.der 814rsa_pkcs8_pbe_sha1_2048_2des.pem: rsa_pkcs1_2048_clear.pem 815 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES 816all_final += rsa_pkcs8_pbe_sha1_2048_2des.pem 817keys_rsa_enc_pkcs8_v1_2048_2des: rsa_pkcs8_pbe_sha1_2048_2des.pem rsa_pkcs8_pbe_sha1_2048_2des.der 818 819keys_rsa_enc_pkcs8_v1_2048: keys_rsa_enc_pkcs8_v1_2048_3des keys_rsa_enc_pkcs8_v1_2048_2des 820 821### 4096-bit 822rsa_pkcs8_pbe_sha1_4096_3des.der: rsa_pkcs1_4096_clear.pem 823 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES 824all_final += rsa_pkcs8_pbe_sha1_4096_3des.der 825rsa_pkcs8_pbe_sha1_4096_3des.pem: rsa_pkcs1_4096_clear.pem 826 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES 827all_final += rsa_pkcs8_pbe_sha1_4096_3des.pem 828keys_rsa_enc_pkcs8_v1_4096_3des: rsa_pkcs8_pbe_sha1_4096_3des.pem rsa_pkcs8_pbe_sha1_4096_3des.der 829 830rsa_pkcs8_pbe_sha1_4096_2des.der: rsa_pkcs1_4096_clear.pem 831 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES 832all_final += rsa_pkcs8_pbe_sha1_4096_2des.der 833rsa_pkcs8_pbe_sha1_4096_2des.pem: rsa_pkcs1_4096_clear.pem 834 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES 835all_final += rsa_pkcs8_pbe_sha1_4096_2des.pem 836keys_rsa_enc_pkcs8_v1_4096_2des: rsa_pkcs8_pbe_sha1_4096_2des.pem rsa_pkcs8_pbe_sha1_4096_2des.der 837 838keys_rsa_enc_pkcs8_v1_4096: keys_rsa_enc_pkcs8_v1_4096_3des keys_rsa_enc_pkcs8_v1_4096_2des 839 840### 841### PKCS8-v2 encoded, encrypted RSA keys, no PRF specified (default for OpenSSL1.0: hmacWithSHA1) 842### 843 844### 1024-bit 845rsa_pkcs8_pbes2_pbkdf2_1024_3des.der: rsa_pkcs1_1024_clear.pem 846 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 847all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des.der 848rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem: rsa_pkcs1_1024_clear.pem 849 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 850all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem 851keys_rsa_enc_pkcs8_v2_1024_3des: rsa_pkcs8_pbes2_pbkdf2_1024_3des.der rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem 852 853rsa_pkcs8_pbes2_pbkdf2_1024_des.der: rsa_pkcs1_1024_clear.pem 854 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 855all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des.der 856rsa_pkcs8_pbes2_pbkdf2_1024_des.pem: rsa_pkcs1_1024_clear.pem 857 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 858all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des.pem 859keys_rsa_enc_pkcs8_v2_1024_des: rsa_pkcs8_pbes2_pbkdf2_1024_des.der rsa_pkcs8_pbes2_pbkdf2_1024_des.pem 860 861keys_rsa_enc_pkcs8_v2_1024: keys_rsa_enc_pkcs8_v2_1024_3des keys_rsa_enc_pkcs8_v2_1024_des 862 863### 2048-bit 864rsa_pkcs8_pbes2_pbkdf2_2048_3des.der: rsa_pkcs1_2048_clear.pem 865 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 866all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des.der 867rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem: rsa_pkcs1_2048_clear.pem 868 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 869all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem 870keys_rsa_enc_pkcs8_v2_2048_3des: rsa_pkcs8_pbes2_pbkdf2_2048_3des.der rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem 871 872rsa_pkcs8_pbes2_pbkdf2_2048_des.der: rsa_pkcs1_2048_clear.pem 873 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 874all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des.der 875rsa_pkcs8_pbes2_pbkdf2_2048_des.pem: rsa_pkcs1_2048_clear.pem 876 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 877all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des.pem 878keys_rsa_enc_pkcs8_v2_2048_des: rsa_pkcs8_pbes2_pbkdf2_2048_des.der rsa_pkcs8_pbes2_pbkdf2_2048_des.pem 879 880keys_rsa_enc_pkcs8_v2_2048: keys_rsa_enc_pkcs8_v2_2048_3des keys_rsa_enc_pkcs8_v2_2048_des 881 882### 4096-bit 883rsa_pkcs8_pbes2_pbkdf2_4096_3des.der: rsa_pkcs1_4096_clear.pem 884 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 885all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des.der 886rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem: rsa_pkcs1_4096_clear.pem 887 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 888all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem 889keys_rsa_enc_pkcs8_v2_4096_3des: rsa_pkcs8_pbes2_pbkdf2_4096_3des.der rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem 890 891rsa_pkcs8_pbes2_pbkdf2_4096_des.der: rsa_pkcs1_4096_clear.pem 892 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 893all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des.der 894rsa_pkcs8_pbes2_pbkdf2_4096_des.pem: rsa_pkcs1_4096_clear.pem 895 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 896all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des.pem 897keys_rsa_enc_pkcs8_v2_4096_des: rsa_pkcs8_pbes2_pbkdf2_4096_des.der rsa_pkcs8_pbes2_pbkdf2_4096_des.pem 898 899keys_rsa_enc_pkcs8_v2_4096: keys_rsa_enc_pkcs8_v2_4096_3des keys_rsa_enc_pkcs8_v2_4096_des 900 901### 902### PKCS8-v2 encoded, encrypted RSA keys, PRF hmacWithSHA224 903### 904 905### 1024-bit 906rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der: rsa_pkcs1_1024_clear.pem 907 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 908all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der 909rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem: rsa_pkcs1_1024_clear.pem 910 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 911all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem 912keys_rsa_enc_pkcs8_v2_1024_3des_sha224: rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem 913 914rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der: rsa_pkcs1_1024_clear.pem 915 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 916all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der 917rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem: rsa_pkcs1_1024_clear.pem 918 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 919all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem 920keys_rsa_enc_pkcs8_v2_1024_des_sha224: rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem 921 922keys_rsa_enc_pkcs8_v2_1024_sha224: keys_rsa_enc_pkcs8_v2_1024_3des_sha224 keys_rsa_enc_pkcs8_v2_1024_des_sha224 923 924### 2048-bit 925rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der: rsa_pkcs1_2048_clear.pem 926 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 927all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der 928rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem: rsa_pkcs1_2048_clear.pem 929 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 930all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem 931keys_rsa_enc_pkcs8_v2_2048_3des_sha224: rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem 932 933rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der: rsa_pkcs1_2048_clear.pem 934 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 935all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der 936rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem: rsa_pkcs1_2048_clear.pem 937 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 938all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem 939keys_rsa_enc_pkcs8_v2_2048_des_sha224: rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem 940 941keys_rsa_enc_pkcs8_v2_2048_sha224: keys_rsa_enc_pkcs8_v2_2048_3des_sha224 keys_rsa_enc_pkcs8_v2_2048_des_sha224 942 943### 4096-bit 944rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der: rsa_pkcs1_4096_clear.pem 945 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 946all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der 947rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem: rsa_pkcs1_4096_clear.pem 948 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 949all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem 950keys_rsa_enc_pkcs8_v2_4096_3des_sha224: rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem 951 952rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der: rsa_pkcs1_4096_clear.pem 953 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 954all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der 955rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem: rsa_pkcs1_4096_clear.pem 956 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 957all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem 958keys_rsa_enc_pkcs8_v2_4096_des_sha224: rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem 959 960keys_rsa_enc_pkcs8_v2_4096_sha224: keys_rsa_enc_pkcs8_v2_4096_3des_sha224 keys_rsa_enc_pkcs8_v2_4096_des_sha224 961 962### 963### PKCS8-v2 encoded, encrypted RSA keys, PRF hmacWithSHA256 964### 965 966### 1024-bit 967rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.der: rsa_pkcs1_1024_clear.pem 968 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 969all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.der 970rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.pem: rsa_pkcs1_1024_clear.pem 971 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 972all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.pem 973keys_rsa_enc_pkcs8_v2_1024_3des_sha256: rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.der rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.pem 974 975rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.der: rsa_pkcs1_1024_clear.pem 976 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 977all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.der 978rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.pem: rsa_pkcs1_1024_clear.pem 979 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 980all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.pem 981keys_rsa_enc_pkcs8_v2_1024_des_sha256: rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.der rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.pem 982 983keys_rsa_enc_pkcs8_v2_1024_sha256: keys_rsa_enc_pkcs8_v2_1024_3des_sha256 keys_rsa_enc_pkcs8_v2_1024_des_sha256 984 985### 2048-bit 986rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.der: rsa_pkcs1_2048_clear.pem 987 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 988all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.der 989rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem: rsa_pkcs1_2048_clear.pem 990 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 991all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem 992keys_rsa_enc_pkcs8_v2_2048_3des_sha256: rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.der rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem 993 994rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.der: rsa_pkcs1_2048_clear.pem 995 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 996all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.der 997rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem: rsa_pkcs1_2048_clear.pem 998 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 999all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem 1000keys_rsa_enc_pkcs8_v2_2048_des_sha256: rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.der rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem 1001 1002keys_rsa_enc_pkcs8_v2_2048_sha256: keys_rsa_enc_pkcs8_v2_2048_3des_sha256 keys_rsa_enc_pkcs8_v2_2048_des_sha256 1003 1004### 4096-bit 1005rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der: rsa_pkcs1_4096_clear.pem 1006 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1007all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der 1008rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem: rsa_pkcs1_4096_clear.pem 1009 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1010all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem 1011keys_rsa_enc_pkcs8_v2_4096_3des_sha256: rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem 1012 1013rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der: rsa_pkcs1_4096_clear.pem 1014 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1015all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der 1016rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem: rsa_pkcs1_4096_clear.pem 1017 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1018all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem 1019keys_rsa_enc_pkcs8_v2_4096_des_sha256: rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem 1020 1021keys_rsa_enc_pkcs8_v2_4096_sha256: keys_rsa_enc_pkcs8_v2_4096_3des_sha256 keys_rsa_enc_pkcs8_v2_4096_des_sha256 1022 1023### 1024### PKCS8-v2 encoded, encrypted RSA keys, PRF hmacWithSHA384 1025### 1026 1027### 1024-bit 1028rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.der: rsa_pkcs1_1024_clear.pem 1029 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1030all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.der 1031rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem: rsa_pkcs1_1024_clear.pem 1032 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1033all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem 1034keys_rsa_enc_pkcs8_v2_1024_3des_sha384: rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.der rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem 1035 1036rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.der: rsa_pkcs1_1024_clear.pem 1037 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1038all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.der 1039rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.pem: rsa_pkcs1_1024_clear.pem 1040 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1041all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.pem 1042keys_rsa_enc_pkcs8_v2_1024_des_sha384: rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.der rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.pem 1043 1044keys_rsa_enc_pkcs8_v2_1024_sha384: keys_rsa_enc_pkcs8_v2_1024_3des_sha384 keys_rsa_enc_pkcs8_v2_1024_des_sha384 1045 1046### 2048-bit 1047rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der: rsa_pkcs1_2048_clear.pem 1048 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1049all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der 1050rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem: rsa_pkcs1_2048_clear.pem 1051 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1052all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem 1053keys_rsa_enc_pkcs8_v2_2048_3des_sha384: rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem 1054 1055rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.der: rsa_pkcs1_2048_clear.pem 1056 $(OPENSSL) pkcs8 -topk8 -v2 aes-128-cbc -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1057all_final += rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.der 1058rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.pem: rsa_pkcs1_2048_clear.pem 1059 $(OPENSSL) pkcs8 -topk8 -v2 aes-128-cbc -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1060all_final += rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.pem 1061keys_rsa_enc_pkcs8_v2_2048_aes128cbc_sha384: rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.der rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.pem 1062 1063rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.der: rsa_pkcs1_2048_clear.pem 1064 $(OPENSSL) pkcs8 -topk8 -v2 aes-192-cbc -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1065all_final += rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.der 1066rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.pem: rsa_pkcs1_2048_clear.pem 1067 $(OPENSSL) pkcs8 -topk8 -v2 aes-192-cbc -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1068all_final += rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.pem 1069keys_rsa_enc_pkcs8_v2_2048_aes192cbc_sha384: rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.der rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.pem 1070 1071rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.der: rsa_pkcs1_2048_clear.pem 1072 $(OPENSSL) pkcs8 -topk8 -v2 aes-256-cbc -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1073all_final += rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.der 1074rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.pem: rsa_pkcs1_2048_clear.pem 1075 $(OPENSSL) pkcs8 -topk8 -v2 aes-256-cbc -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1076all_final += rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.pem 1077keys_rsa_enc_pkcs8_v2_2048_aes256cbc_sha384: rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.der rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.pem 1078 1079rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der: rsa_pkcs1_2048_clear.pem 1080 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1081all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der 1082rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem: rsa_pkcs1_2048_clear.pem 1083 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1084all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem 1085keys_rsa_enc_pkcs8_v2_2048_des_sha384: rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem 1086 1087keys_rsa_enc_pkcs8_v2_2048_sha384: keys_rsa_enc_pkcs8_v2_2048_3des_sha384 keys_rsa_enc_pkcs8_v2_2048_des_sha384 1088 1089### 4096-bit 1090rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der: rsa_pkcs1_4096_clear.pem 1091 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1092all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der 1093rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem: rsa_pkcs1_4096_clear.pem 1094 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1095all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem 1096keys_rsa_enc_pkcs8_v2_4096_3des_sha384: rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem 1097 1098rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der: rsa_pkcs1_4096_clear.pem 1099 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1100all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der 1101rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem: rsa_pkcs1_4096_clear.pem 1102 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1103all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem 1104keys_rsa_enc_pkcs8_v2_4096_des_sha384: rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem 1105 1106keys_rsa_enc_pkcs8_v2_4096_sha384: keys_rsa_enc_pkcs8_v2_4096_3des_sha384 keys_rsa_enc_pkcs8_v2_4096_des_sha384 1107 1108### 1109### PKCS8-v2 encoded, encrypted RSA keys, PRF hmacWithSHA512 1110### 1111 1112### 1024-bit 1113rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.der: rsa_pkcs1_1024_clear.pem 1114 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1115all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.der 1116rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.pem: rsa_pkcs1_1024_clear.pem 1117 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1118all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.pem 1119keys_rsa_enc_pkcs8_v2_1024_3des_sha512: rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.der rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.pem 1120 1121rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.der: rsa_pkcs1_1024_clear.pem 1122 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1123all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.der 1124rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.pem: rsa_pkcs1_1024_clear.pem 1125 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1126all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.pem 1127keys_rsa_enc_pkcs8_v2_1024_des_sha512: rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.der rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.pem 1128 1129keys_rsa_enc_pkcs8_v2_1024_sha512: keys_rsa_enc_pkcs8_v2_1024_3des_sha512 keys_rsa_enc_pkcs8_v2_1024_des_sha512 1130 1131### 2048-bit 1132rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.der: rsa_pkcs1_2048_clear.pem 1133 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1134all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.der 1135rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem: rsa_pkcs1_2048_clear.pem 1136 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1137all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem 1138keys_rsa_enc_pkcs8_v2_2048_3des_sha512: rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.der rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem 1139 1140rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.der: rsa_pkcs1_2048_clear.pem 1141 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1142all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.der 1143rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem: rsa_pkcs1_2048_clear.pem 1144 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1145all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem 1146keys_rsa_enc_pkcs8_v2_2048_des_sha512: rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.der rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem 1147 1148keys_rsa_enc_pkcs8_v2_2048_sha512: keys_rsa_enc_pkcs8_v2_2048_3des_sha512 keys_rsa_enc_pkcs8_v2_2048_des_sha512 1149 1150### 4096-bit 1151rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der: rsa_pkcs1_4096_clear.pem 1152 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1153all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der 1154rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem: rsa_pkcs1_4096_clear.pem 1155 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1156all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem 1157keys_rsa_enc_pkcs8_v2_4096_3des_sha512: rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem 1158 1159rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der: rsa_pkcs1_4096_clear.pem 1160 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1161all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der 1162rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem: rsa_pkcs1_4096_clear.pem 1163 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1164all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem 1165keys_rsa_enc_pkcs8_v2_4096_des_sha512: rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem 1166 1167keys_rsa_enc_pkcs8_v2_4096_sha512: keys_rsa_enc_pkcs8_v2_4096_3des_sha512 keys_rsa_enc_pkcs8_v2_4096_des_sha512 1168 1169### 1170### Rules to generate all RSA keys from a particular class 1171### 1172 1173### Generate basic unencrypted RSA keys 1174keys_rsa_unenc: rsa_pkcs1_1024_clear.pem rsa_pkcs1_2048_clear.pem rsa_pkcs1_4096_clear.pem 1175 1176### Generate PKCS1-encoded encrypted RSA keys 1177keys_rsa_enc_basic: keys_rsa_enc_basic_1024 keys_rsa_enc_basic_2048 keys_rsa_enc_basic_4096 1178 1179### Generate PKCS8-v1 encrypted RSA keys 1180keys_rsa_enc_pkcs8_v1: keys_rsa_enc_pkcs8_v1_1024 keys_rsa_enc_pkcs8_v1_2048 keys_rsa_enc_pkcs8_v1_4096 1181 1182### Generate PKCS8-v2 encrypted RSA keys 1183keys_rsa_enc_pkcs8_v2: keys_rsa_enc_pkcs8_v2_1024 keys_rsa_enc_pkcs8_v2_2048 keys_rsa_enc_pkcs8_v2_4096 keys_rsa_enc_pkcs8_v2_1024_sha224 keys_rsa_enc_pkcs8_v2_2048_sha224 keys_rsa_enc_pkcs8_v2_4096_sha224 keys_rsa_enc_pkcs8_v2_1024_sha256 keys_rsa_enc_pkcs8_v2_2048_sha256 keys_rsa_enc_pkcs8_v2_4096_sha256 keys_rsa_enc_pkcs8_v2_1024_sha384 keys_rsa_enc_pkcs8_v2_2048_sha384 keys_rsa_enc_pkcs8_v2_4096_sha384 keys_rsa_enc_pkcs8_v2_1024_sha512 keys_rsa_enc_pkcs8_v2_2048_sha512 keys_rsa_enc_pkcs8_v2_4096_sha512 1184 1185### Generate all RSA keys 1186keys_rsa_all: keys_rsa_unenc keys_rsa_enc_basic keys_rsa_enc_pkcs8_v1 keys_rsa_enc_pkcs8_v2 1187 1188################################################################ 1189#### Generate various EC keys 1190################################################################ 1191 1192### 1193### PKCS8 encoded 1194### 1195 1196ec_prv.pk8.der: 1197 $(OPENSSL) genpkey -algorithm EC -pkeyopt ec_paramgen_curve:prime192v1 -pkeyopt ec_param_enc:named_curve -out $@ -outform DER 1198all_final += ec_prv.pk8.der 1199 1200# ### Instructions for creating `ec_prv.pk8nopub.der`, 1201# ### `ec_prv.pk8nopubparam.der`, and `ec_prv.pk8param.der` by hand from 1202# ### `ec_prv.pk8.der`. 1203# 1204# These instructions assume you are familiar with ASN.1 DER encoding and can 1205# use a hex editor to manipulate DER. 1206# 1207# The relevant ASN.1 definitions for a PKCS#8 encoded Elliptic Curve key are: 1208# 1209# PrivateKeyInfo ::= SEQUENCE { 1210# version Version, 1211# privateKeyAlgorithm PrivateKeyAlgorithmIdentifier, 1212# privateKey PrivateKey, 1213# attributes [0] IMPLICIT Attributes OPTIONAL 1214# } 1215# 1216# AlgorithmIdentifier ::= SEQUENCE { 1217# algorithm OBJECT IDENTIFIER, 1218# parameters ANY DEFINED BY algorithm OPTIONAL 1219# } 1220# 1221# ECParameters ::= CHOICE { 1222# namedCurve OBJECT IDENTIFIER 1223# -- implicitCurve NULL 1224# -- specifiedCurve SpecifiedECDomain 1225# } 1226# 1227# ECPrivateKey ::= SEQUENCE { 1228# version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1), 1229# privateKey OCTET STRING, 1230# parameters [0] ECParameters {{ NamedCurve }} OPTIONAL, 1231# publicKey [1] BIT STRING OPTIONAL 1232# } 1233# 1234# `ec_prv.pk8.der` as generatde above by OpenSSL should have the following 1235# fields: 1236# 1237# * privateKeyAlgorithm namedCurve 1238# * privateKey.parameters NOT PRESENT 1239# * privateKey.publicKey PRESENT 1240# * attributes NOT PRESENT 1241# 1242# # ec_prv.pk8nopub.der 1243# 1244# Take `ec_prv.pk8.der` and remove `privateKey.publicKey`. 1245# 1246# # ec_prv.pk8nopubparam.der 1247# 1248# Take `ec_prv.pk8nopub.der` and add `privateKey.parameters`, the same value as 1249# `privateKeyAlgorithm.namedCurve`. Don't forget to add the explicit tag. 1250# 1251# # ec_prv.pk8param.der 1252# 1253# Take `ec_prv.pk8.der` and add `privateKey.parameters`, the same value as 1254# `privateKeyAlgorithm.namedCurve`. Don't forget to add the explicit tag. 1255 1256ec_prv.pk8.pem: ec_prv.pk8.der 1257 $(OPENSSL) pkey -in $< -inform DER -out $@ 1258all_final += ec_prv.pk8.pem 1259ec_prv.pk8nopub.pem: ec_prv.pk8nopub.der 1260 $(OPENSSL) pkey -in $< -inform DER -out $@ 1261all_final += ec_prv.pk8nopub.pem 1262ec_prv.pk8nopubparam.pem: ec_prv.pk8nopubparam.der 1263 $(OPENSSL) pkey -in $< -inform DER -out $@ 1264all_final += ec_prv.pk8nopubparam.pem 1265ec_prv.pk8param.pem: ec_prv.pk8param.der 1266 $(OPENSSL) pkey -in $< -inform DER -out $@ 1267all_final += ec_prv.pk8param.pem 1268 1269ec_pub.pem: ec_prv.sec1.der 1270 $(OPENSSL) pkey -in $< -inform DER -outform PEM -pubout -out $@ 1271all_final += ec_pub.pem 1272 1273ec_prv.sec1.comp.pem: ec_prv.sec1.pem 1274 $(OPENSSL) ec -in $< -out $@ -conv_form compressed 1275all_final += ec_prv.sec1.comp.pem 1276 1277ec_224_prv.comp.pem: ec_224_prv.pem 1278 $(OPENSSL) ec -in $< -out $@ -conv_form compressed 1279all_final += ec_224_prv.comp.pem 1280 1281ec_256_prv.comp.pem: ec_256_prv.pem 1282 $(OPENSSL) ec -in $< -out $@ -conv_form compressed 1283all_final += ec_256_prv.comp.pem 1284 1285ec_384_prv.comp.pem: ec_384_prv.pem 1286 $(OPENSSL) ec -in $< -out $@ -conv_form compressed 1287all_final += ec_384_prv.comp.pem 1288 1289ec_521_prv.comp.pem: ec_521_prv.pem 1290 $(OPENSSL) ec -in $< -out $@ -conv_form compressed 1291all_final += ec_521_prv.comp.pem 1292 1293ec_bp256_prv.comp.pem: ec_bp256_prv.pem 1294 $(OPENSSL) ec -in $< -out $@ -conv_form compressed 1295all_final += ec_bp256_prv.comp.pem 1296 1297ec_bp384_prv.comp.pem: ec_bp384_prv.pem 1298 $(OPENSSL) ec -in $< -out $@ -conv_form compressed 1299all_final += ec_bp384_prv.comp.pem 1300 1301ec_bp512_prv.comp.pem: ec_bp512_prv.pem 1302 $(OPENSSL) ec -in $< -out $@ -conv_form compressed 1303all_final += ec_bp512_prv.comp.pem 1304 1305ec_pub.comp.pem: ec_pub.pem 1306 $(OPENSSL) ec -pubin -in $< -out $@ -conv_form compressed 1307all_final += ec_pub.comp.pem 1308 1309ec_224_pub.comp.pem: ec_224_pub.pem 1310 $(OPENSSL) ec -pubin -in $< -out $@ -conv_form compressed 1311all_final += ec_224_pub.comp.pem 1312 1313ec_256_pub.comp.pem: ec_256_pub.pem 1314 $(OPENSSL) ec -pubin -in $< -out $@ -conv_form compressed 1315all_final += ec_256_pub.comp.pem 1316 1317ec_384_pub.comp.pem: ec_384_pub.pem 1318 $(OPENSSL) ec -pubin -in $< -out $@ -conv_form compressed 1319all_final += ec_384_pub.comp.pem 1320 1321ec_521_pub.comp.pem: ec_521_pub.pem 1322 $(OPENSSL) ec -pubin -in $< -out $@ -conv_form compressed 1323all_final += ec_521_pub.comp.pem 1324 1325ec_bp256_pub.comp.pem: ec_bp256_pub.pem 1326 $(OPENSSL) ec -pubin -in $< -out $@ -conv_form compressed 1327all_final += ec_bp256_pub.comp.pem 1328 1329ec_bp384_pub.comp.pem: ec_bp384_pub.pem 1330 $(OPENSSL) ec -pubin -in $< -out $@ -conv_form compressed 1331all_final += ec_bp384_pub.comp.pem 1332 1333ec_bp512_pub.comp.pem: ec_bp512_pub.pem 1334 $(OPENSSL) ec -pubin -in $< -out $@ -conv_form compressed 1335all_final += ec_bp512_pub.comp.pem 1336 1337ec_x25519_prv.der: 1338 $(OPENSSL) genpkey -algorithm X25519 -out $@ -outform DER 1339all_final += ec_x25519_prv.der 1340 1341ec_x25519_pub.der: ec_x25519_prv.der 1342 $(OPENSSL) pkey -in $< -inform DER -out $@ -outform DER -pubout 1343all_final += ec_x25519_pub.der 1344 1345ec_x25519_prv.pem: ec_x25519_prv.der 1346 $(OPENSSL) pkey -in $< -inform DER -out $@ 1347all_final += ec_x25519_prv.pem 1348 1349ec_x25519_pub.pem: ec_x25519_prv.der 1350 $(OPENSSL) pkey -in $< -inform DER -out $@ -pubout 1351all_final += ec_x25519_pub.pem 1352 1353ec_x448_prv.der: 1354 $(OPENSSL) genpkey -algorithm X448 -out $@ -outform DER 1355all_final += ec_x448_prv.der 1356 1357ec_x448_pub.der: ec_x448_prv.der 1358 $(OPENSSL) pkey -in $< -inform DER -out $@ -outform DER -pubout 1359all_final += ec_x448_pub.der 1360 1361ec_x448_prv.pem: ec_x448_prv.der 1362 $(OPENSSL) pkey -in $< -inform DER -out $@ 1363all_final += ec_x448_prv.pem 1364 1365ec_x448_pub.pem: ec_x448_prv.der 1366 $(OPENSSL) pkey -in $< -inform DER -out $@ -pubout 1367all_final += ec_x448_pub.pem 1368 1369################################################################ 1370#### Convert PEM keys to DER format 1371################################################################ 1372server1.pubkey.der: server1.pubkey 1373 $(OPENSSL) pkey -pubin -in $< -out $@ -outform DER 1374all_final += server1.pubkey.der 1375 1376rsa4096_pub.der: rsa4096_pub.pem 1377 $(OPENSSL) pkey -pubin -in $< -out $@ -outform DER 1378all_final += rsa4096_pub.der 1379 1380ec_pub.der: ec_pub.pem 1381 $(OPENSSL) pkey -pubin -in $< -out $@ -outform DER 1382all_final += ec_pub.der 1383 1384ec_521_pub.der: ec_521_pub.pem 1385 $(OPENSSL) pkey -pubin -in $< -out $@ -outform DER 1386all_final += ec_521_pub.der 1387 1388ec_bp512_pub.der: ec_bp512_pub.pem 1389 $(OPENSSL) pkey -pubin -in $< -out $@ -outform DER 1390all_final += ec_bp512_pub.der 1391 1392server1.key.der: server1.key 1393 $(OPENSSL) pkey -in $< -out $@ -outform DER 1394all_final += server1.key.der 1395 1396rsa4096_prv.der: rsa4096_prv.pem 1397 $(OPENSSL) pkey -in $< -out $@ -outform DER 1398all_final += rsa4096_prv.der 1399 1400ec_prv.sec1.der: ec_prv.sec1.pem 1401 $(OPENSSL) pkey -in $< -out $@ -outform DER 1402all_final += ec_prv.sec1.der 1403 1404ec_256_long_prv.der: ec_256_long_prv.pem 1405 $(OPENSSL) pkey -in $< -out $@ -outform DER 1406all_final += ec_256_long_prv.der 1407 1408ec_521_prv.der: ec_521_prv.pem 1409 $(OPENSSL) pkey -in $< -out $@ -outform DER 1410all_final += ec_521_prv.der 1411 1412ec_521_short_prv.der: ec_521_short_prv.pem 1413 $(OPENSSL) pkey -in $< -out $@ -outform DER 1414all_final += ec_521_short_prv.der 1415 1416ec_bp512_prv.der: ec_bp512_prv.pem 1417 $(OPENSSL) pkey -in $< -out $@ -outform DER 1418all_final += ec_bp512_prv.der 1419 1420################################################################ 1421### Generate CSRs for X.509 write test suite 1422################################################################ 1423 1424parse_input/server1.req.sha1 server1.req.sha1: server1.key 1425 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 1426all_final += server1.req.sha1 1427 1428parse_input/server1.req.md5 server1.req.md5: server1.key 1429 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=MD5 1430all_final += server1.req.md5 1431 1432parse_input/server1.req.sha224 server1.req.sha224: server1.key 1433 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA224 1434all_final += server1.req.sha224 1435 1436parse_input/server1.req.sha256 server1.req.sha256: server1.key 1437 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA256 1438all_final += server1.req.sha256 1439 1440server1.req.sha256.ext: server1.key 1441 # Generating this with OpenSSL as a comparison point to test we're getting the same result 1442 openssl req -new -out $@ -key $< -subj '/C=NL/O=PolarSSL/CN=PolarSSL Server 1' -sha256 -config server1.req.sha256.conf 1443 1444parse_input/server1.req.sha384 server1.req.sha384: server1.key 1445 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA384 1446all_final += server1.req.sha384 1447 1448parse_input/server1.req.sha512 server1.req.sha512: server1.key 1449 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA512 1450all_final += server1.req.sha512 1451 1452server1.req.cert_type: server1.key 1453 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< ns_cert_type=ssl_server subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 1454all_final += server1.req.cert_type 1455 1456server1.req.key_usage: server1.key 1457 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< key_usage=digital_signature,non_repudiation,key_encipherment subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 1458all_final += server1.req.key_usage 1459 1460server1.req.ku-ct: server1.key 1461 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< key_usage=digital_signature,non_repudiation,key_encipherment ns_cert_type=ssl_server subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 1462all_final += server1.req.ku-ct 1463 1464server1.req.key_usage_empty: server1.key 1465 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 force_key_usage=1 1466all_final += server1.req.key_usage_empty 1467 1468server1.req.cert_type_empty: server1.key 1469 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 force_ns_cert_type=1 1470all_final += server1.req.cert_type_empty 1471 1472parse_input/server1.req.commas.sha256: server1.key 1473 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL\, Commas,CN=PolarSSL Server 1" md=SHA256 1474 1475parse_input/server1.req.hashsymbol.sha256: server1.key 1476 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=\#PolarSSL,CN=PolarSSL Server 1" md=SHA256 1477 1478parse_input/server1.req.spaces.sha256: server1.key 1479 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O= PolarSSL ,CN=PolarSSL Server 1" md=SHA256 1480 1481parse_input/server1.req.asciichars.sha256: server1.key 1482 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=极地SSL,CN=PolarSSL Server 1" md=SHA256 1483# server2* 1484 1485server2_pwd_ec = PolarSSLTest 1486 1487server2.req.sha256: server2.key 1488 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=localhost" md=SHA256 1489all_intermediate += server2.req.sha256 1490 1491parse_input/server2.crt.der: parse_input/server2.crt 1492server2.crt.der: server2.crt 1493parse_input/server2.crt.der server2.crt.der: 1494 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 1495all_final += server2.crt.der 1496 1497server2-sha256.crt.der: server2-sha256.crt 1498 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 1499all_final += server2-sha256.crt.der 1500 1501server2.key.der: server2.key 1502 $(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER 1503all_final += server2.key.der 1504 1505server2.key.enc: server2.key 1506 $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(server2_pwd_ec)" 1507all_final += server2.key.enc 1508 1509# server5* 1510 1511server5.csr: server5.key 1512 $(OPENSSL) req -new -subj "/C=NL/O=PolarSSL/CN=localhost" \ 1513 -key $< -out $@ 1514all_intermediate += server5.csr 1515parse_input/server5.crt server5.crt: server5-sha256.crt 1516 cp $< $@ 1517all_intermediate += server5-sha256.crt 1518server5-sha%.crt: server5.csr $(test_ca_crt_file_ec) $(test_ca_key_file_ec) server5.crt.openssl.v3_ext 1519 $(OPENSSL) x509 -req -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) \ 1520 -extfile server5.crt.openssl.v3_ext -set_serial 9 -days 3650 \ 1521 -sha$(@F:server5-sha%.crt=%) -in $< -out $@ 1522all_final += server5.crt server5-sha1.crt server5-sha224.crt server5-sha384.crt server5-sha512.crt 1523 1524server5-badsign.crt: server5.crt 1525 { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; } > $@ 1526all_final += server5-badsign.crt 1527 1528# The use of 'Server 1' in the DN is intentional here, as the DN is hardcoded in the x509_write test suite.' 1529server5.req.ku.sha1: server5.key 1530 $(OPENSSL) req -key $< -out $@ -new -nodes -subj "/C=NL/O=PolarSSL/CN=PolarSSL Server 1" -sha1 -addext keyUsage=digitalSignature,nonRepudiation 1531all_final += server5.req.ku.sha1 1532 1533server5.ku-ds.crt: SERVER5_CRT_SERIAL=45 1534server5.ku-ds.crt: SERVER5_KEY_USAGE=digital_signature 1535server5.ku-ka.crt: SERVER5_CRT_SERIAL=46 1536server5.ku-ka.crt: SERVER5_KEY_USAGE=key_agreement 1537server5.ku-ke.crt: SERVER5_CRT_SERIAL=47 1538server5.ku-ke.crt: SERVER5_KEY_USAGE=key_encipherment 1539server5.eku-cs.crt: SERVER5_CRT_SERIAL=58 1540server5.eku-cs.crt: SERVER5_EXT_KEY_USAGE=codeSigning 1541server5.eku-cs_any.crt: SERVER5_CRT_SERIAL=59 1542server5.eku-cs_any.crt: SERVER5_EXT_KEY_USAGE=codeSigning,any 1543server5.eku-cli.crt: SERVER5_CRT_SERIAL=60 1544server5.eku-cli.crt: SERVER5_EXT_KEY_USAGE=clientAuth 1545server5.eku-srv_cli.crt: SERVER5_CRT_SERIAL=61 1546server5.eku-srv_cli.crt: SERVER5_EXT_KEY_USAGE=serverAuth,clientAuth 1547server5.eku-srv.crt: SERVER5_CRT_SERIAL=62 1548server5.eku-srv.crt: SERVER5_EXT_KEY_USAGE=serverAuth 1549server5.ku-%.crt: SERVER5_EXT_OPTS=key_usage=$(SERVER5_KEY_USAGE) 1550server5.eku-%.crt: SERVER5_EXT_OPTS=ext_key_usage=$(SERVER5_EXT_KEY_USAGE) 1551server5.%.crt: server5.key 1552 $(MBEDTLS_CERT_WRITE) \ 1553 subject_key=$< subject_name="C=NL,O=PolarSSL,CN=localhost" serial=$(SERVER5_CRT_SERIAL) \ 1554 issuer_crt=$(test_ca_crt_file_ec) issuer_key=$(test_ca_key_file_ec) $(SERVER5_EXT_OPTS) \ 1555 not_before=20190210144406 not_after=20290210144406 md=SHA256 version=3 output_file=$@ 1556all_final += server5.ku-ka.crt server5.ku-ke.crt server5.ku-ds.crt 1557all_final += server5.eku-cs.crt server5.eku-cs_any.crt server5.eku-cli.crt server5.eku-srv_cli.crt server5.eku-srv.crt 1558 1559# server6* 1560 1561server6.csr: server6.key 1562 $(OPENSSL) req -new -subj "/C=NL/O=PolarSSL/CN=localhost" \ 1563 -key $< -out $@ 1564all_intermediate += server6.csr 1565server6.crt: server6.csr $(test_ca_crt_file_ec) $(test_ca_key_file_ec) 1566 $(OPENSSL) x509 -req -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) \ 1567 -extfile server5.crt.openssl.v3_ext -set_serial 10 -days 3650 -sha256 -in $< -out $@ 1568all_final += server6.crt 1569 1570server6-ss-child.csr : server6.key 1571 $(OPENSSL) req -new -subj "/CN=selfsigned-child/OU=testing/O=PolarSSL/C=NL" \ 1572 -key $< -out $@ 1573all_intermediate += server6-ss-child.csr 1574server6-ss-child.crt: server6-ss-child.csr server5-selfsigned.crt server5.key server6-ss-child.crt.openssl.v3_ext 1575 $(OPENSSL) x509 -req -CA server5-selfsigned.crt -CAkey server5.key \ 1576 -extfile server6-ss-child.crt.openssl.v3_ext \ 1577 -set_serial 0x53a2cb5822399474a7ec79ec \ 1578 -days 3650 -sha256 -in $< -out $@ 1579all_final += server6-ss-child.crt 1580 1581 1582################################################################ 1583### Generate certificates for CRT write check tests 1584################################################################ 1585 1586### The test files use the Mbed TLS generated certificates server1*.crt, 1587### but for comparison with OpenSSL also rules for OpenSSL-generated 1588### certificates server1*.crt.openssl are offered. 1589### 1590### Known differences: 1591### * OpenSSL encodes trailing zero-bits in bit-strings occurring in X.509 extension 1592### as unused bits, while Mbed TLS doesn't. 1593 1594test_ca_server1_db = test-ca.server1.db 1595test_ca_server1_serial = test-ca.server1.serial 1596test_ca_server1_config_file = test-ca.server1.opensslconf 1597 1598# server1* 1599 1600parse_input/server1.crt: parse_input/server1.req.sha256 1601server1.crt: server1.req.sha256 1602parse_input/server1.crt server1.crt: $(test_ca_crt) $(test_ca_key_file_rsa) 1603parse_input/server1.crt server1.crt: 1604 $(MBEDTLS_CERT_WRITE) request_file=$(@D)/server1.req.sha256 \ 1605 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) \ 1606 issuer_pwd=$(test_ca_pwd_rsa) version=1 \ 1607 not_before=20190210144406 not_after=20290210144406 \ 1608 md=SHA1 version=3 output_file=$@ 1609server1.allSubjectAltNames.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 1610 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ san=URI:http://pki.example.com\;IP:1.2.3.4\;DN:C=UK,O="Mbed TLS",CN="SubjectAltName test"\;DNS:example.com\;RFC822:mail@example.com 1611server1.long_serial.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 1612 echo "112233445566778899aabbccddeeff0011223344" > test-ca.server1.tmp.serial 1613 $(OPENSSL) ca -in server1.req.sha256 -key PolarSSLTest -config test-ca.server1.test_serial.opensslconf -notext -batch -out $@ 1614server1.80serial.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 1615 echo "8011223344" > test-ca.server1.tmp.serial 1616 $(OPENSSL) ca -in server1.req.sha256 -key PolarSSLTest -config test-ca.server1.test_serial.opensslconf -notext -batch -out $@ 1617server1.long_serial_FF.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 1618 echo "ffffffffffffffffffffffffffffffff" > test-ca.server1.tmp.serial 1619 $(OPENSSL) ca -in server1.req.sha256 -key PolarSSLTest -config test-ca.server1.test_serial.opensslconf -notext -batch -out $@ 1620server1.noauthid.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 1621 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 authority_identifier=0 version=3 output_file=$@ 1622parse_input/server1.crt.der: parse_input/server1.crt 1623 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 \ 1624 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) \ 1625 issuer_pwd=$(test_ca_pwd_rsa) \ 1626 not_before=20190210144406 not_after=20290210144406 \ 1627 md=SHA1 authority_identifier=0 version=3 output_file=$@ 1628server1.der: server1.crt 1629 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 1630server1.commas.crt: server1.key parse_input/server1.req.commas.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 1631 $(MBEDTLS_CERT_WRITE) request_file=parse_input/server1.req.commas.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ 1632server1.hashsymbol.crt: server1.key parse_input/server1.req.hashsymbol.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 1633 $(MBEDTLS_CERT_WRITE) request_file=parse_input/server1.req.hashsymbol.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ 1634server1.spaces.crt: server1.key parse_input/server1.req.spaces.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 1635 $(MBEDTLS_CERT_WRITE) request_file=parse_input/server1.req.spaces.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ 1636server1.asciichars.crt: server1.key parse_input/server1.req.asciichars.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 1637 $(MBEDTLS_CERT_WRITE) request_file=parse_input/server1.req.asciichars.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ 1638all_final += server1.crt server1.noauthid.crt parse_input/server1.crt.der server1.commas.crt server1.hashsymbol.crt server1.spaces.crt server1.asciichars.crt 1639 1640parse_input/server1.key_usage.crt: parse_input/server1.req.sha256 1641server1.key_usage.crt: server1.req.sha256 1642parse_input/server1.key_usage.crt server1.key_usage.crt: $(test_ca_crt) $(test_ca_key_file_rsa) 1643parse_input/server1.key_usage.crt server1.key_usage.crt: 1644 $(MBEDTLS_CERT_WRITE) request_file=$(@D)/server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 key_usage=digital_signature,non_repudiation,key_encipherment version=3 output_file=$@ 1645server1.key_usage_noauthid.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 1646 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 key_usage=digital_signature,non_repudiation,key_encipherment authority_identifier=0 version=3 output_file=$@ 1647server1.key_usage.der: server1.key_usage.crt 1648 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 1649all_final += server1.key_usage.crt server1.key_usage_noauthid.crt server1.key_usage.der 1650 1651parse_input/server1.cert_type.crt: parse_input/server1.req.sha256 1652server1.cert_type.crt: server1.req.sha256 1653parse_input/server1.cert_type.crt server1.cert_type.crt: $(test_ca_crt) $(test_ca_key_file_rsa) 1654parse_input/server1.cert_type.crt server1.cert_type.crt: 1655 $(MBEDTLS_CERT_WRITE) request_file=$(@D)/server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 ns_cert_type=ssl_server version=3 output_file=$@ 1656server1.cert_type_noauthid.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 1657 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 ns_cert_type=ssl_server authority_identifier=0 version=3 output_file=$@ 1658server1.cert_type.der: server1.cert_type.crt 1659 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 1660all_final += server1.cert_type.crt server1.cert_type_noauthid.crt server1.cert_type.der 1661 1662server1.v1.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 1663 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 version=1 output_file=$@ 1664server1.v1.der: server1.v1.crt 1665 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 1666all_final += server1.v1.crt server1.v1.der 1667 1668server1.ca.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 1669 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 is_ca=1 version=3 output_file=$@ 1670server1.ca_noauthid.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 1671 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 authority_identifier=0 is_ca=1 version=3 output_file=$@ 1672server1.ca.der: server1.ca.crt 1673 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 1674all_final += server1.ca.crt server1.ca_noauthid.crt server1.ca.der 1675 1676server1-nospace.crt: server1.key test-ca.crt 1677 $(MBEDTLS_CERT_WRITE) subject_key=$< serial=31\ 1678 subject_name="C=NL,O=PolarSSL,CN=polarssl.example" \ 1679 issuer_crt=test-ca.crt issuer_key=$(test_ca_key_file_rsa) \ 1680 issuer_pwd=$(test_ca_pwd_rsa) \ 1681 not_before=20190210144406 not_after=20290210144406 \ 1682 md=SHA256 version=3 authority_identifier=1 \ 1683 output_file=$@ 1684all_final += server1-nospace.crt 1685 1686server1_ca.crt: server1.crt $(test_ca_crt) 1687 cat server1.crt $(test_ca_crt) > $@ 1688all_final += server1_ca.crt 1689 1690parse_input/cert_sha1.crt cert_sha1.crt: server1.key 1691 $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=PolarSSL Cert SHA1" serial=7 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ 1692all_final += cert_sha1.crt 1693 1694parse_input/cert_sha224.crt cert_sha224.crt: server1.key 1695 $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=PolarSSL Cert SHA224" serial=8 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA224 version=3 output_file=$@ 1696all_final += cert_sha224.crt 1697 1698parse_input/cert_sha256.crt cert_sha256.crt: server1.key 1699 $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=PolarSSL Cert SHA256" serial=9 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA256 version=3 output_file=$@ 1700all_final += cert_sha256.crt 1701 1702parse_input/cert_sha384.crt cert_sha384.crt: server1.key 1703 $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=PolarSSL Cert SHA384" serial=10 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA384 version=3 output_file=$@ 1704all_final += cert_sha384.crt 1705 1706parse_input/cert_sha512.crt cert_sha512.crt: server1.key 1707 $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=PolarSSL Cert SHA512" serial=11 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA512 version=3 output_file=$@ 1708all_final += cert_sha512.crt 1709 1710cert_example_wildcard.crt: server1.key 1711 $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=*.example.com" serial=12 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ 1712all_final += cert_example_wildcard.crt 1713 1714# OpenSSL-generated certificates for comparison 1715# Also provide certificates in DER format to allow 1716# direct binary comparison using e.g. dumpasn1 1717server1.crt.openssl server1.key_usage.crt.openssl server1.cert_type.crt.openssl: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_server1_config_file) 1718 echo "01" > $(test_ca_server1_serial) 1719 rm -f $(test_ca_server1_db) 1720 touch $(test_ca_server1_db) 1721 $(OPENSSL) ca -batch -passin "pass:$(test_ca_pwd_rsa)" -config $(test_ca_server1_config_file) -in server1.req.sha256 -extensions v3_ext -extfile $@.v3_ext -out $@ 1722server1.der.openssl: server1.crt.openssl 1723 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 1724server1.key_usage.der.openssl: server1.key_usage.crt.openssl 1725 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 1726server1.cert_type.der.openssl: server1.cert_type.crt.openssl 1727 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 1728 1729server1.v1.crt.openssl: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_server1_config_file) 1730 echo "01" > $(test_ca_server1_serial) 1731 rm -f $(test_ca_server1_db) 1732 touch $(test_ca_server1_db) 1733 $(OPENSSL) ca -batch -passin "pass:$(test_ca_pwd_rsa)" -config $(test_ca_server1_config_file) -in server1.req.sha256 -out $@ 1734server1.v1.der.openssl: server1.v1.crt.openssl 1735 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 1736 1737# To revoke certificate in the openssl database: 1738# 1739# $(OPENSSL) ca -gencrl -batch -cert $(test_ca_crt) -keyfile $(test_ca_key_file_rsa) -key $(test_ca_pwd_rsa) -config $(test_ca_server1_config_file) -md sha256 -crldays 365 -revoke server1.crt 1740 1741crl.pem: $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_config_file) 1742 $(OPENSSL) ca -gencrl -batch -cert $(test_ca_crt) -keyfile $(test_ca_key_file_rsa) -key $(test_ca_pwd_rsa) -config $(test_ca_server1_config_file) -md sha1 -crldays 3653 -out $@ 1743 1744crl-futureRevocationDate.pem: $(test_ca_crt) $(test_ca_key_file_rsa) \ 1745 $(test_ca_config_file) \ 1746 test-ca.server1.future-crl.db \ 1747 test-ca.server1.future-crl.opensslconf 1748 $(FAKETIME) -f '+10y' $(OPENSSL) ca -gencrl \ 1749 -config test-ca.server1.future-crl.opensslconf -crldays 365 \ 1750 -passin "pass:$(test_ca_pwd_rsa)" -out $@ 1751 1752server1_all: crl.pem crl-futureRevocationDate.pem server1.crt server1.noauthid.crt server1.crt.openssl server1.v1.crt server1.v1.crt.openssl server1.key_usage.crt server1.key_usage_noauthid.crt server1.key_usage.crt.openssl server1.cert_type.crt server1.cert_type_noauthid.crt server1.cert_type.crt.openssl server1.der server1.der.openssl server1.v1.der server1.v1.der.openssl server1.key_usage.der server1.key_usage.der.openssl server1.cert_type.der server1.cert_type.der.openssl 1753 1754# server2* 1755 1756parse_input/server2.crt server2.crt: server2.req.sha256 1757 $(MBEDTLS_CERT_WRITE) request_file=server2.req.sha256 serial=2 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ 1758all_final += server2.crt 1759 1760server2.der: server2.crt 1761 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 1762all_final += server2.crt server2.der 1763 1764server2-sha256.crt: server2.req.sha256 1765 $(MBEDTLS_CERT_WRITE) request_file=server2.req.sha256 serial=2 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA256 version=3 output_file=$@ 1766all_final += server2-sha256.crt 1767 1768server2.ku-ka.crt: SERVER2_CRT_SERIAL=42 1769server2.ku-ka.crt: SERVER2_KEY_USAGE=key_agreement 1770server2.ku-ke.crt: SERVER2_CRT_SERIAL=43 1771server2.ku-ke.crt: SERVER2_KEY_USAGE=key_encipherment 1772server2.ku-ds.crt: SERVER2_CRT_SERIAL=44 1773server2.ku-ds.crt: SERVER2_KEY_USAGE=digital_signature 1774server2.ku-ds_ke.crt: SERVER2_CRT_SERIAL=48 1775server2.ku-ds_ke.crt: SERVER2_KEY_USAGE=digital_signature,key_encipherment 1776server2.ku-%.crt: server2.req.sha256 1777 $(MBEDTLS_CERT_WRITE) request_file=server2.req.sha256 serial=$(SERVER2_CRT_SERIAL) \ 1778 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) \ 1779 key_usage="$(SERVER2_KEY_USAGE)" \ 1780 not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ 1781all_final += server2.ku-ka.crt server2.ku-ke.crt server2.ku-ds.crt server2.ku-ds_ke.crt 1782 1783server2-badsign.crt: server2.crt 1784 { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; } > $@ 1785all_final += server2-badsign.crt 1786 1787# server3* 1788 1789parse_input/server3.crt server3.crt: server3.key 1790 $(MBEDTLS_CERT_WRITE) subject_key=$< subject_name="C=NL,O=PolarSSL,CN=localhost" serial=13 \ 1791 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) \ 1792 not_before=20190210144406 not_after=20290210144406 \ 1793 md=SHA1 version=3 output_file=$@ 1794all_final += server3.crt 1795 1796# server4* 1797 1798parse_input/server4.crt server4.crt: server4.key 1799 $(MBEDTLS_CERT_WRITE) subject_key=$< subject_name="C=NL,O=PolarSSL,CN=localhost" serial=8 \ 1800 issuer_crt=$(test_ca_crt_file_ec) issuer_key=$(test_ca_key_file_ec) \ 1801 not_before=20190210144400 not_after=20290210144400 \ 1802 md=SHA256 version=3 output_file=$@ 1803all_final += server4.crt 1804 1805# MD5 test certificate 1806 1807cert_md_test_key = $(cli_crt_key_file_rsa) 1808 1809cert_md5.csr: $(cert_md_test_key) 1810 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Cert MD5" md=MD5 1811all_intermediate += cert_md5.csr 1812 1813parse_input/cert_md5.crt cert_md5.crt: cert_md5.csr 1814 $(MBEDTLS_CERT_WRITE) request_file=$< serial=6 \ 1815 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) \ 1816 issuer_pwd=$(test_ca_pwd_rsa) \ 1817 not_before=20000101121212 not_after=20300101121212 \ 1818 md=MD5 version=3 output_file=$@ 1819all_final += cert_md5.crt 1820 1821# TLSv1.3 test certificates 1822ecdsa_secp256r1.key: ec_256_prv.pem 1823 cp $< $@ 1824 1825ecdsa_secp256r1.csr: ecdsa_secp256r1.key 1826 $(OPENSSL) req -new -subj "/C=NL/O=PolarSSL/CN=localhost" \ 1827 -key $< -out $@ 1828all_intermediate += ecdsa_secp256r1.csr 1829ecdsa_secp256r1.crt: ecdsa_secp256r1.csr 1830 $(OPENSSL) x509 -req -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) \ 1831 -set_serial 77 -days 3653 -sha384 -in $< -out $@ 1832all_final += ecdsa_secp256r1.crt ecdsa_secp256r1.key 1833tls13_certs: ecdsa_secp256r1.crt ecdsa_secp256r1.key 1834 1835ecdsa_secp384r1.key: ec_384_prv.pem 1836 cp $< $@ 1837ecdsa_secp384r1.csr: ecdsa_secp384r1.key 1838 $(OPENSSL) req -new -subj "/C=NL/O=PolarSSL/CN=localhost" \ 1839 -key $< -out $@ 1840all_intermediate += ecdsa_secp384r1.csr 1841ecdsa_secp384r1.crt: ecdsa_secp384r1.csr 1842 $(OPENSSL) x509 -req -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) \ 1843 -set_serial 77 -days 3653 -sha384 -in $< -out $@ 1844all_final += ecdsa_secp384r1.crt ecdsa_secp384r1.key 1845tls13_certs: ecdsa_secp384r1.crt ecdsa_secp384r1.key 1846 1847ecdsa_secp521r1.key: ec_521_prv.pem 1848 cp $< $@ 1849ecdsa_secp521r1.csr: ecdsa_secp521r1.key 1850 $(OPENSSL) req -new -subj "/C=NL/O=PolarSSL/CN=localhost" \ 1851 -key $< -out $@ 1852all_intermediate += ecdsa_secp521r1.csr 1853ecdsa_secp521r1.crt: ecdsa_secp521r1.csr 1854 $(OPENSSL) x509 -req -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) \ 1855 -set_serial 77 -days 3653 -sha384 -in $< -out $@ 1856all_final += ecdsa_secp521r1.crt ecdsa_secp521r1.key 1857tls13_certs: ecdsa_secp521r1.crt ecdsa_secp521r1.key 1858 1859# PKCS7 test data 1860pkcs7_test_cert_1 = pkcs7-rsa-sha256-1.crt 1861pkcs7_test_cert_2 = pkcs7-rsa-sha256-2.crt 1862pkcs7_test_cert_3 = pkcs7-rsa-sha256-3.crt 1863pkcs7_test_file = pkcs7_data.bin 1864 1865$(pkcs7_test_file): 1866 printf "Hello\15\n" > $@ 1867all_final += $(pkcs7_test_file) 1868 1869pkcs7_zerolendata.bin: 1870 printf '' > $@ 1871all_final += pkcs7_zerolendata.bin 1872 1873pkcs7_data_1.bin: 1874 printf "2\15\n" > $@ 1875all_final += pkcs7_data_1.bin 1876 1877# Generate signing cert 1878pkcs7-rsa-sha256-1.crt: 1879 $(OPENSSL) req -x509 -subj="/C=NL/O=PKCS7/CN=PKCS7 Cert 1" -sha256 -nodes -days 3653 -newkey rsa:2048 -keyout pkcs7-rsa-sha256-1.key -out pkcs7-rsa-sha256-1.crt 1880 cat pkcs7-rsa-sha256-1.crt pkcs7-rsa-sha256-1.key > pkcs7-rsa-sha256-1.pem 1881all_final += pkcs7-rsa-sha256-1.crt 1882 1883pkcs7-rsa-sha256-2.crt: 1884 $(OPENSSL) req -x509 -subj="/C=NL/O=PKCS7/CN=PKCS7 Cert 2" -sha256 -nodes -days 3653 -newkey rsa:2048 -keyout pkcs7-rsa-sha256-2.key -out pkcs7-rsa-sha256-2.crt 1885 cat pkcs7-rsa-sha256-2.crt pkcs7-rsa-sha256-2.key > pkcs7-rsa-sha256-2.pem 1886all_final += pkcs7-rsa-sha256-2.crt 1887 1888pkcs7-rsa-sha256-3.crt: 1889 $(OPENSSL) req -x509 -subj="/C=NL/O=PKCS7/CN=PKCS7 Cert 3" -sha256 -nodes -days 3653 -newkey rsa:2048 -keyout pkcs7-rsa-sha256-3.key -out pkcs7-rsa-sha256-3.crt 1890 cat pkcs7-rsa-sha256-3.crt pkcs7-rsa-sha256-3.key > pkcs7-rsa-sha256-3.pem 1891all_final += pkcs7-rsa-sha256-3.crt 1892 1893pkcs7-rsa-expired.crt: 1894 $(FAKETIME) -f -3650d $(OPENSSL) req -x509 -subj="/C=NL/O=PKCS7/CN=PKCS7 Cert Expired" -sha256 -nodes -days 365 -newkey rsa:2048 -keyout pkcs7-rsa-expired.key -out pkcs7-rsa-expired.crt 1895all_final += pkcs7-rsa-expired.crt 1896 1897# File with an otherwise valid signature signed with an expired cert 1898pkcs7_data_rsa_expired.der: pkcs7-rsa-expired.key pkcs7-rsa-expired.crt pkcs7_data.bin 1899 $(OPENSSL) smime -sign -binary -in pkcs7_data.bin -out $@ -md sha256 -inkey pkcs7-rsa-expired.key -signer pkcs7-rsa-expired.crt -noattr -outform DER -out $@ 1900all_final += pkcs7_data_rsa_expired.der 1901 1902# Convert signing certs to DER for testing PEM-free builds 1903pkcs7-rsa-sha256-1.der: $(pkcs7_test_cert_1) 1904 $(OPENSSL) x509 -in pkcs7-rsa-sha256-1.crt -out $@ -outform DER 1905all_final += pkcs7-rsa-sha256-1.der 1906 1907pkcs7-rsa-sha256-2.der: $(pkcs7_test_cert_2) 1908 $(OPENSSL) x509 -in pkcs7-rsa-sha256-2.crt -out $@ -outform DER 1909all_final += pkcs7-rsa-sha256-2.der 1910 1911pkcs7-rsa-expired.der: pkcs7-rsa-expired.crt 1912 $(OPENSSL) x509 -in pkcs7-rsa-expired.crt -out $@ -outform DER 1913all_final += pkcs7-rsa-expired.der 1914 1915# pkcs7 signature file over zero-len data 1916pkcs7_zerolendata_detached.der: pkcs7_zerolendata.bin pkcs7-rsa-sha256-1.key pkcs7-rsa-sha256-1.crt 1917 $(OPENSSL) smime -sign -md sha256 -nocerts -noattr -in pkcs7_zerolendata.bin -inkey pkcs7-rsa-sha256-1.key -outform DER -binary -signer pkcs7-rsa-sha256-1.crt -out pkcs7_zerolendata_detached.der 1918all_final += pkcs7_zerolendata_detached.der 1919 1920# pkcs7 signature file with CERT 1921pkcs7_data_cert_signed_sha256.der: $(pkcs7_test_file) $(pkcs7_test_cert_1) 1922 $(OPENSSL) smime -sign -binary -in pkcs7_data.bin -out $@ -md sha256 -signer pkcs7-rsa-sha256-1.pem -noattr -outform DER -out $@ 1923all_final += pkcs7_data_cert_signed_sha256.der 1924 1925# pkcs7 signature file with CERT and sha1 1926pkcs7_data_cert_signed_sha1.der: $(pkcs7_test_file) $(pkcs7_test_cert_1) 1927 $(OPENSSL) smime -sign -binary -in pkcs7_data.bin -out $@ -md sha1 -signer pkcs7-rsa-sha256-1.pem -noattr -outform DER -out $@ 1928all_final += pkcs7_data_cert_signed_sha1.der 1929 1930# pkcs7 signature file with CERT and sha512 1931pkcs7_data_cert_signed_sha512.der: $(pkcs7_test_file) $(pkcs7_test_cert_1) 1932 $(OPENSSL) smime -sign -binary -in pkcs7_data.bin -out $@ -md sha512 -signer pkcs7-rsa-sha256-1.pem -noattr -outform DER -out $@ 1933all_final += pkcs7_data_cert_signed_sha512.der 1934 1935# pkcs7 signature file without CERT 1936pkcs7_data_without_cert_signed.der: $(pkcs7_test_file) $(pkcs7_test_cert_1) 1937 $(OPENSSL) smime -sign -binary -in pkcs7_data.bin -out $@ -md sha256 -signer pkcs7-rsa-sha256-1.pem -nocerts -noattr -outform DER -out $@ 1938all_final += pkcs7_data_without_cert_signed.der 1939 1940# pkcs7 signature file with signature 1941pkcs7_data_with_signature.der: $(pkcs7_test_file) $(pkcs7_test_cert_1) 1942 $(OPENSSL) smime -sign -binary -in pkcs7_data.bin -out $@ -md sha256 -signer pkcs7-rsa-sha256-1.pem -nocerts -noattr -nodetach -outform DER -out $@ 1943all_final += pkcs7_data_with_signature.der 1944 1945# pkcs7 signature file with two signers 1946pkcs7_data_multiple_signed.der: $(pkcs7_test_file) $(pkcs7_test_cert_1) $(pkcs7_test_cert_2) 1947 $(OPENSSL) smime -sign -binary -in pkcs7_data.bin -out $@ -md sha256 -signer pkcs7-rsa-sha256-1.pem -signer pkcs7-rsa-sha256-2.pem -nocerts -noattr -outform DER -out $@ 1948all_final += pkcs7_data_multiple_signed.der 1949 1950# pkcs7 signature file with three signers 1951pkcs7_data_3_signed.der: $(pkcs7_test_file) $(pkcs7_test_cert_1) $(pkcs7_test_cert_2) $(pkcs7_test_cert_3) 1952 $(OPENSSL) smime -sign -binary -in pkcs7_data.bin -out $@ -md sha256 -signer pkcs7-rsa-sha256-1.pem -signer pkcs7-rsa-sha256-2.pem -signer pkcs7-rsa-sha256-3.pem -nocerts -noattr -outform DER -out $@ 1953all_final += pkcs7_data_3_signed.der 1954 1955# pkcs7 signature file with multiple certificates 1956pkcs7_data_multiple_certs_signed.der: $(pkcs7_test_file) $(pkcs7_test_cert_1) $(pkcs7_test_cert_2) 1957 $(OPENSSL) smime -sign -binary -in pkcs7_data.bin -out $@ -md sha256 -signer pkcs7-rsa-sha256-1.pem -signer pkcs7-rsa-sha256-2.pem -noattr -outform DER -out $@ 1958all_final += pkcs7_data_multiple_certs_signed.der 1959 1960# pkcs7 signature file with corrupted CERT 1961pkcs7_data_signed_badcert.der: pkcs7_data_cert_signed_sha256.der 1962 cp pkcs7_data_cert_signed_sha256.der $@ 1963 echo 'a1' | xxd -r -p | dd of=$@ bs=1 seek=547 conv=notrunc 1964all_final += pkcs7_data_signed_badcert.der 1965 1966# pkcs7 signature file with corrupted signer info 1967pkcs7_data_signed_badsigner.der: pkcs7_data_cert_signed_sha256.der 1968 cp pkcs7_data_cert_signed_sha256.der $@ 1969 echo 'a1' | xxd -r -p | dd of=$@ bs=1 seek=918 conv=notrunc 1970all_final += pkcs7_data_signed_badsigner.der 1971 1972# pkcs7 signature file with invalid tag in signerInfo[1].serial after long issuer name 1973pkcs7_signerInfo_1_serial_invalid_tag_after_long_name.der: pkcs7_data_multiple_signed.der 1974 cp $< $@ 1975 echo 'a1' | xxd -r -p | dd of=$@ bs=1 seek=498 conv=notrunc 1976all_final += pkcs7_signerInfo_1_serial_invalid_tag_after_long_name.der 1977 1978# pkcs7 signature file with invalid tag in signerInfo[2] 1979pkcs7_signerInfo_2_invalid_tag.der: pkcs7_data_3_signed.der 1980 cp $< $@ 1981 echo 'a1' | xxd -r -p | dd of=$@ bs=1 seek=810 conv=notrunc 1982all_final += pkcs7_signerInfo_2_invalid_tag.der 1983 1984# pkcs7 signature file with corrupted signer info[1] 1985pkcs7_data_signed_badsigner1_badsize.der: pkcs7_data_3_signed.der 1986 cp pkcs7_data_3_signed.der $@ 1987 echo '72' | xxd -p -r | dd of=$@ bs=1 seek=438 conv=notrunc 1988all_final += pkcs7_data_signed_badsigner1_badsize.der 1989 1990pkcs7_data_signed_badsigner1_badtag.der: pkcs7_data_3_signed.der 1991 cp pkcs7_data_3_signed.der $@ 1992 echo 'a1' | xxd -p -r | dd of=$@ bs=1 seek=442 conv=notrunc 1993all_final += pkcs7_data_signed_badsigner1_badtag.der 1994 1995pkcs7_data_signed_badsigner1_fuzzbad.der: pkcs7_data_3_signed.der 1996 cp pkcs7_data_3_signed.der $@ 1997 echo 'a1' | xxd -p -r | dd of=$@ bs=1 seek=550 conv=notrunc 1998all_final += pkcs7_data_signed_badsigner1_fuzzbad.der 1999 2000# pkcs7 signature file with corrupted signer info[2] 2001pkcs7_data_signed_badsigner2_badsize.der: pkcs7_data_3_signed.der 2002 cp pkcs7_data_3_signed.der $@ 2003 echo '72'| xxd -p -r | dd of=$@ bs=1 seek=813 conv=notrunc 2004all_final += pkcs7_data_signed_badsigner2_badsize.der 2005 2006pkcs7_data_signed_badsigner2_badtag.der: pkcs7_data_3_signed.der 2007 cp pkcs7_data_3_signed.der $@ 2008 echo 'a1'| xxd -p -r | dd of=$@ bs=1 seek=817 conv=notrunc 2009all_final += pkcs7_data_signed_badsigner2_badtag.der 2010 2011pkcs7_data_signed_badsigner2_fuzzbad.der: pkcs7_data_3_signed.der 2012 cp pkcs7_data_3_signed.der $@ 2013 echo 'a1'| xxd -p -r | dd of=$@ bs=1 seek=925 conv=notrunc 2014all_final += pkcs7_data_signed_badsigner2_fuzzbad.der 2015 2016# pkcs7 file with version 2 2017pkcs7_data_cert_signed_v2.der: pkcs7_data_cert_signed_sha256.der 2018 cp pkcs7_data_cert_signed_sha256.der $@ 2019 echo '02' | xxd -r -p | dd of=$@ bs=1 seek=25 conv=notrunc 2020all_final += pkcs7_data_cert_signed_v2.der 2021 2022pkcs7_data_cert_encrypted.der: $(pkcs7_test_file) $(pkcs7_test_cert_1) 2023 $(OPENSSL) smime -encrypt -aes256 -in pkcs7_data.bin -binary -outform DER -out $@ pkcs7-rsa-sha256-1.crt 2024all_final += pkcs7_data_cert_encrypted.der 2025 2026## Negative tests 2027# For some interesting sizes, what happens if we make them off-by-one? 2028pkcs7_signerInfo_issuer_invalid_size.der: pkcs7_data_cert_signed_sha256.der 2029 cp $< $@ 2030 echo '35' | xxd -r -p | dd of=$@ seek=919 bs=1 conv=notrunc 2031all_final += pkcs7_signerInfo_issuer_invalid_size.der 2032 2033pkcs7_signerInfo_serial_invalid_size.der: pkcs7_data_cert_signed_sha256.der 2034 cp $< $@ 2035 echo '15' | xxd -r -p | dd of=$@ seek=973 bs=1 conv=notrunc 2036all_final += pkcs7_signerInfo_serial_invalid_size.der 2037 2038# pkcs7 signature file just with signed data 2039pkcs7_data_cert_signeddata_sha256.der: pkcs7_data_cert_signed_sha256.der 2040 dd if=pkcs7_data_cert_signed_sha256.der of=$@ skip=19 bs=1 2041all_final += pkcs7_data_cert_signeddata_sha256.der 2042 2043# - test-ca-v1.crt: v1 "CA", signs 2044# server1-v1.crt: v1 "intermediate CA", signs 2045# server2-v1*.crt: EE cert (without of with chain in same file) 2046 2047test-ca-v1.crt: $(test_ca_key_file_rsa) test-ca.req.sha256 2048 $(MBEDTLS_CERT_WRITE) is_ca=1 serial_hex=53a2b68e05400e555c9395e5 \ 2049 request_file=test-ca.req.sha256 \ 2050 selfsign=1 issuer_name="CN=PolarSSL Test CA v1,OU=testing,O=PolarSSL,C=NL" \ 2051 issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) \ 2052 not_before=20190210144400 not_after=20290210144400 md=SHA256 version=1 \ 2053 output_file=$@ 2054all_final += test-ca-v1.crt 2055 2056server1-v1.crt: server1.key test-ca-v1.crt 2057 $(MBEDTLS_CERT_WRITE) subject_key=$< serial_hex=53a2b6c704cd4d8ebc800bc1\ 2058 subject_name="CN=server1/int-ca-v1,OU=testing,O=PolarSSL,C=NL" \ 2059 issuer_crt=test-ca-v1.crt issuer_key=$(test_ca_key_file_rsa) \ 2060 issuer_pwd=$(test_ca_pwd_rsa) \ 2061 not_before=20190210144406 not_after=20290210144406 \ 2062 md=SHA256 version=1 \ 2063 output_file=$@ 2064all_final += server1-v1.crt 2065 2066server2-v1.crt: server2.key server1-v1.crt 2067 $(MBEDTLS_CERT_WRITE) subject_key=$< serial_hex=53a2b6d9235dbc4573f9b76c\ 2068 subject_name="CN=server2,OU=testing,O=PolarSSL,C=NL" \ 2069 issuer_crt=server1-v1.crt issuer_key=server1.key \ 2070 not_before=20190210144406 not_after=20290210144406 \ 2071 md=SHA256 version=1 \ 2072 output_file=$@ 2073all_final += server2-v1.crt 2074 2075server2-v1-chain.crt: server2-v1.crt server1-v1.crt 2076 cat $^ > $@ 2077 2078################################################################ 2079#### Generate C format test certs header 2080################################################################ 2081 2082TEST_CERTS_H_INPUT_FILES=test-ca2.crt \ 2083 test-ca2.crt.der \ 2084 test-ca2.key.enc \ 2085 test-ca2.key.der \ 2086 test-ca-sha256.crt \ 2087 test-ca-sha256.crt.der \ 2088 test-ca-sha1.crt \ 2089 test-ca-sha1.crt.der \ 2090 test-ca.key \ 2091 test-ca.key.der \ 2092 server5.crt \ 2093 server5.crt.der \ 2094 server5.key \ 2095 server5.key.der \ 2096 server2-sha256.crt \ 2097 server2-sha256.crt.der \ 2098 server2.crt \ 2099 server2.crt.der \ 2100 server2.key \ 2101 server2.key.der \ 2102 cli2.crt \ 2103 cli2.crt.der \ 2104 cli2.key \ 2105 cli2.key.der \ 2106 cli-rsa-sha256.crt \ 2107 cli-rsa-sha256.crt.der \ 2108 cli-rsa.key \ 2109 cli-rsa.key.der 2110../src/test_certs.h: ../scripts/generate_test_cert_macros.py \ 2111 $(TEST_CERTS_H_INPUT_FILES) 2112 ../scripts/generate_test_cert_macros.py --output $@ \ 2113 --string TEST_CA_CRT_EC_PEM=test-ca2.crt \ 2114 --binary TEST_CA_CRT_EC_DER=test-ca2.crt.der \ 2115 --string TEST_CA_KEY_EC_PEM=test-ca2.key.enc \ 2116 --password TEST_CA_PWD_EC_PEM=PolarSSLTest \ 2117 --binary TEST_CA_KEY_EC_DER=test-ca2.key.der \ 2118 --string TEST_CA_CRT_RSA_SHA256_PEM=test-ca-sha256.crt \ 2119 --binary TEST_CA_CRT_RSA_SHA256_DER=test-ca-sha256.crt.der \ 2120 --string TEST_CA_CRT_RSA_SHA1_PEM=test-ca-sha1.crt \ 2121 --binary TEST_CA_CRT_RSA_SHA1_DER=test-ca-sha1.crt.der \ 2122 --string TEST_CA_KEY_RSA_PEM=test-ca.key \ 2123 --password TEST_CA_PWD_RSA_PEM=PolarSSLTest \ 2124 --binary TEST_CA_KEY_RSA_DER=test-ca.key.der \ 2125 --string TEST_SRV_CRT_EC_PEM=server5.crt \ 2126 --binary TEST_SRV_CRT_EC_DER=server5.crt.der \ 2127 --string TEST_SRV_KEY_EC_PEM=server5.key \ 2128 --binary TEST_SRV_KEY_EC_DER=server5.key.der \ 2129 --string TEST_SRV_CRT_RSA_SHA256_PEM=server2-sha256.crt \ 2130 --binary TEST_SRV_CRT_RSA_SHA256_DER=server2-sha256.crt.der \ 2131 --string TEST_SRV_CRT_RSA_SHA1_PEM=server2.crt \ 2132 --binary TEST_SRV_CRT_RSA_SHA1_DER=server2.crt.der \ 2133 --string TEST_SRV_KEY_RSA_PEM=server2.key \ 2134 --binary TEST_SRV_KEY_RSA_DER=server2.key.der \ 2135 --string TEST_CLI_CRT_EC_PEM=cli2.crt \ 2136 --binary TEST_CLI_CRT_EC_DER=cli2.crt.der \ 2137 --string TEST_CLI_KEY_EC_PEM=cli2.key \ 2138 --binary TEST_CLI_KEY_EC_DER=cli2.key.der \ 2139 --string TEST_CLI_CRT_RSA_PEM=cli-rsa-sha256.crt \ 2140 --binary TEST_CLI_CRT_RSA_DER=cli-rsa-sha256.crt.der \ 2141 --string TEST_CLI_KEY_RSA_PEM=cli-rsa.key \ 2142 --binary TEST_CLI_KEY_RSA_DER=cli-rsa.key.der 2143 2144################################################################ 2145#### Diffie-Hellman parameters 2146################################################################ 2147 2148dh.998.pem: 2149 $(OPENSSL) dhparam -out $@ -text 998 2150 2151dh.999.pem: 2152 $(OPENSSL) dhparam -out $@ -text 999 2153 2154 2155################################################################ 2156#### Meta targets 2157################################################################ 2158 2159all_final: $(all_final) 2160all: $(all_intermediate) $(all_final) 2161 2162.PHONY: default all_final all 2163.PHONY: keys_rsa_all 2164.PHONY: keys_rsa_unenc keys_rsa_enc_basic 2165.PHONY: keys_rsa_enc_pkcs8_v1 keys_rsa_enc_pkcs8_v2 2166.PHONY: keys_rsa_enc_basic_1024 keys_rsa_enc_basic_2048 keys_rsa_enc_basic_4096 2167.PHONY: keys_rsa_enc_pkcs8_v1_1024 keys_rsa_enc_pkcs8_v2_1024 2168.PHONY: keys_rsa_enc_pkcs8_v1_2048 keys_rsa_enc_pkcs8_v2_2048 2169.PHONY: keys_rsa_enc_pkcs8_v1_4096 keys_rsa_enc_pkcs8_v2_4096 2170.PHONY: server1_all 2171 2172# These files should not be committed to the repository. 2173list_intermediate: 2174 @printf '%s\n' $(all_intermediate) | sort 2175# These files should be committed to the repository so that the test data is 2176# available upon checkout without running a randomized process depending on 2177# third-party tools. 2178list_final: 2179 @printf '%s\n' $(all_final) | sort 2180.PHONY: list_intermediate list_final 2181 2182## Remove intermediate files 2183clean: 2184 rm -f $(all_intermediate) 2185## Remove all build products, even the ones that are committed 2186neat: clean 2187 rm -f $(all_final) 2188.PHONY: clean neat 2189 2190.SECONDARY: $(all_intermediate) 2191
