1## This file contains a record of how some of the test data was 2## generated. The final build products are committed to the repository 3## as well to make sure that the test data is identical. You do not 4## need to use this makefile unless you're extending Mbed TLS's tests. 5 6## Many data files were generated prior to the existence of this 7## makefile, so the method of their generation was not recorded. 8 9## Note that in addition to depending on the version of the data 10## generation tool, many of the build outputs are randomized, so 11## running this makefile twice would not produce the same results. 12 13## Tools 14OPENSSL ?= openssl 15FAKETIME ?= faketime 16 17TOP_DIR = ../.. 18MBEDTLS_CERT_WRITE ?= $(TOP_DIR)/programs/x509/cert_write 19MBEDTLS_CERT_REQ ?= $(TOP_DIR)/programs/x509/cert_req 20 21 22## Build the generated test data. Note that since the final outputs 23## are committed to the repository, this target should do nothing on a 24## fresh checkout. Furthermore, since the generation is randomized, 25## re-running the same targets may result in differing files. The goal 26## of this makefile is primarily to serve as a record of how the 27## targets were generated in the first place. 28default: all_final 29 30all_intermediate := # temporary files 31all_final := # files used by tests 32 33 34 35################################################################ 36#### Generate certificates from existing keys 37################################################################ 38 39test_ca_crt = test-ca.crt 40test_ca_key_file_rsa = test-ca.key 41test_ca_pwd_rsa = PolarSSLTest 42test_ca_config_file = test-ca.opensslconf 43 44$(test_ca_key_file_rsa): 45 $(OPENSSL) genrsa -aes-128-cbc -passout pass:$(test_ca_pwd_rsa) -out $@ 2048 46all_final += $(test_ca_key_file_rsa) 47 48test-ca.req.sha256: $(test_ca_key_file_rsa) 49 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$(test_ca_key_file_rsa) password=$(test_ca_pwd_rsa) subject_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" md=SHA256 50all_intermediate += test-ca.req.sha256 51 52parse_input/test-ca.crt test-ca.crt: $(test_ca_key_file_rsa) test-ca.req.sha256 53 $(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 request_file=test-ca.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144400 not_after=20290210144400 md=SHA1 version=3 output_file=$@ 54all_final += test-ca.crt 55 56parse_input/test-ca.crt.der: parse_input/test-ca.crt 57 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 58 59test-ca.key.der: $(test_ca_key_file_rsa) 60 $(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER -passin "pass:$(test_ca_pwd_rsa)" 61all_final += test-ca.key.der 62 63# This is only used for generating cert_example_multi_nocn.crt 64test-ca_nocn.crt: $(test_ca_key_file_rsa) 65 $(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 selfsign=1 \ 66 subject_key=$(test_ca_key_file_rsa) subject_pwd=$(test_ca_pwd_rsa) subject_name="C=NL" \ 67 issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) issuer_name="C=NL" \ 68 not_before=20190210144400 not_after=20290210144400 md=SHA1 version=3 output_file=$@ 69all_intermediate += test-ca_nocn.crt 70 71test-ca-sha1.crt: $(test_ca_key_file_rsa) test-ca.req.sha256 72 $(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 request_file=test-ca.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144400 not_after=20290210144400 md=SHA1 version=3 output_file=$@ 73all_final += test-ca-sha1.crt 74 75test-ca-sha1.crt.der: test-ca-sha1.crt 76 $(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER 77all_final += test-ca-sha1.crt.der 78 79test-ca-sha256.crt: $(test_ca_key_file_rsa) test-ca.req.sha256 80 $(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 request_file=test-ca.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144400 not_after=20290210144400 md=SHA256 version=3 output_file=$@ 81all_final += test-ca-sha256.crt 82 83test-ca-sha256.crt.der: test-ca-sha256.crt 84 $(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER 85all_final += test-ca-sha256.crt.der 86 87test-ca_utf8.crt: $(test_ca_key_file_rsa) 88 $(OPENSSL) req -x509 -new -nodes -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 3 -config $(test_ca_config_file) -sha1 -days 3653 -utf8 -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test CA" -out $@ 89all_final += test-ca_utf8.crt 90 91test-ca_printable.crt: $(test_ca_key_file_rsa) 92 $(OPENSSL) req -x509 -new -nodes -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 3 -config $(test_ca_config_file) -sha1 -days 3653 -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test CA" -out $@ 93all_final += test-ca_printable.crt 94 95test-ca_uppercase.crt: $(test_ca_key_file_rsa) 96 $(OPENSSL) req -x509 -new -nodes -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 3 -config $(test_ca_config_file) -sha1 -days 3653 -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test CA" -out $@ 97all_final += test-ca_uppercase.crt 98 99test_ca_key_file_rsa_alt = test-ca-alt.key 100 101cert_example_multi.csr: rsa_pkcs1_1024_clear.pem 102 $(OPENSSL) req -new -subj "/C=NL/O=PolarSSL/CN=www.example.com" -set_serial 17 -config $(test_ca_config_file) -extensions dns_alt_names -days 3650 -key rsa_pkcs1_1024_clear.pem -out $@ 103 104parse_input/cert_example_multi.crt cert_example_multi.crt: cert_example_multi.csr 105 $(OPENSSL) x509 -req -CA $(test_ca_crt) -CAkey $(test_ca_key_file_rsa) \ 106 -extfile $(test_ca_config_file) -extensions dns_alt_names \ 107 -passin "pass:$(test_ca_pwd_rsa)" -set_serial 17 -days 3653 -sha256 \ 108 -in $< > $@ 109 110cert_example_multi_nocn.csr: rsa_pkcs1_1024_clear.pem 111 $(MBEDTLS_CERT_REQ) filename=$< output_file=$@ subject_name='C=NL' 112all_intermediate += cert_example_multi_nocn.csr 113 114parse_input/cert_example_multi_nocn.crt cert_example_multi_nocn.crt: cert_example_multi_nocn.csr test-ca_nocn.crt 115 $(OPENSSL) x509 -req -CA test-ca_nocn.crt -CAkey $(test_ca_key_file_rsa) \ 116 -extfile $(test_ca_config_file) -extensions ext_multi_nocn -passin "pass:$(test_ca_pwd_rsa)" \ 117 -set_serial 0xf7c67ff8e9a963f9 -days 3653 -sha1 -in $< > $@ 118all_final += cert_example_multi_nocn.crt 119 120parse_input/test_csr_v3_keyUsage.csr.der: rsa_pkcs1_1024_clear.pem 121 $(OPENSSL) req -new -subj '/CN=etcd' -config $(test_ca_config_file) -key rsa_pkcs1_1024_clear.pem -outform DER -out $@ -reqexts csr_ext_v3_keyUsage 122parse_input/test_csr_v3_subjectAltName.csr.der: rsa_pkcs1_1024_clear.pem 123 $(OPENSSL) req -new -subj '/CN=etcd' -config $(test_ca_config_file) -key rsa_pkcs1_1024_clear.pem -outform DER -out $@ -reqexts csr_ext_v3_subjectAltName 124parse_input/test_csr_v3_nsCertType.csr.der: rsa_pkcs1_1024_clear.pem 125 $(OPENSSL) req -new -subj '/CN=etcd' -config $(test_ca_config_file) -key rsa_pkcs1_1024_clear.pem -outform DER -out $@ -reqexts csr_ext_v3_nsCertType 126parse_input/test_csr_v3_all.csr.der: rsa_pkcs1_1024_clear.pem 127 $(OPENSSL) req -new -subj '/CN=etcd' -config $(test_ca_config_file) -key rsa_pkcs1_1024_clear.pem -outform DER -out $@ -reqexts csr_ext_v3_all 128parse_input/test_csr_v3_all_malformed_extensions_sequence_tag.csr.der: parse_input/test_csr_v3_all.csr.der 129 (hexdump -ve '1/1 "%.2X"' $< | sed "s/300B0603551D0F040403/200B0603551D0F040403/" | xxd -r -p ) > $@ 130parse_input/test_csr_v3_all_malformed_extension_id_tag.csr.der: parse_input/test_csr_v3_all.csr.der 131 (hexdump -ve '1/1 "%.2X"' $< | sed "s/0603551D0F0404030201/0703551D0F0404030201/" | xxd -r -p ) > $@ 132parse_input/test_csr_v3_all_malformed_extension_data_tag.csr.der: parse_input/test_csr_v3_all.csr.der 133 (hexdump -ve '1/1 "%.2X"' $< | sed "s/040403020102302F0603/050403020102302F0603/" | xxd -r -p ) > $@ 134parse_input/test_csr_v3_all_malformed_extension_data_len1.csr.der: parse_input/test_csr_v3_all.csr.der 135 (hexdump -ve '1/1 "%.2X"' $< | sed "s/040403020102302F0603/040503020102302F0603/" | xxd -r -p ) > $@ 136parse_input/test_csr_v3_all_malformed_extension_data_len2.csr.der: parse_input/test_csr_v3_all.csr.der 137 (hexdump -ve '1/1 "%.2X"' $< | sed "s/040403020102302F0603/040303020102302F0603/" | xxd -r -p ) > $@ 138parse_input/test_csr_v3_all_malformed_extension_key_usage_bitstream_tag.csr.der: parse_input/test_csr_v3_all.csr.der 139 (hexdump -ve '1/1 "%.2X"' $< | sed "s/03020102302F0603551D/04020102302F0603551D/" | xxd -r -p ) > $@ 140parse_input/test_csr_v3_all_malformed_extension_subject_alt_name_sequence_tag.csr.der: parse_input/test_csr_v3_all.csr.der 141 (hexdump -ve '1/1 "%.2X"' $< | sed "s/3026A02406082B060105/4026A02406082B060105/" | xxd -r -p ) > $@ 142parse_input/test_csr_v3_all_malformed_extension_ns_cert_bitstream_tag.csr.der: parse_input/test_csr_v3_all.csr.der 143 (hexdump -ve '1/1 "%.2X"' $< | sed "s/03020780300D06092A86/04020780300D06092A86/" | xxd -r -p ) > $@ 144parse_input/test_csr_v3_all_malformed_duplicated_extension.csr.der: parse_input/test_csr_v3_all.csr.der 145 (hexdump -ve '1/1 "%.2X"' $< | sed "s/551D11/551D0F/" | xxd -r -p ) > $@ 146parse_input/test_csr_v3_all_malformed_extension_type_oid.csr.der: parse_input/test_csr_v3_all.csr.der 147 (hexdump -ve '1/1 "%.2X"' $< | sed "s/551D11/551DFF/" | xxd -r -p ) > $@ 148parse_input/test_csr_v3_all_malformed_attributes_sequence_tag.csr.der: parse_input/test_csr_v3_all.csr.der 149 (hexdump -ve '1/1 "%.2X"' $< | sed "s/306006092A864886F70D/406006092A864886F70D/" | xxd -r -p ) > $@ 150parse_input/test_csr_v3_all_malformed_attributes_id_tag.csr.der: parse_input/test_csr_v3_all.csr.der 151 (hexdump -ve '1/1 "%.2X"' $< | sed "s/06092A864886F70D0109/07092A864886F70D0109/" | xxd -r -p ) > $@ 152parse_input/test_csr_v3_all_malformed_attributes_extension_request.csr.der: parse_input/test_csr_v3_all.csr.der 153 (hexdump -ve '1/1 "%.2X"' $< | sed "s/2A864886F70D01090E/2A864886F70D01090F/" | xxd -r -p ) > $@ 154parse_input/test_csr_v3_all_malformed_attributes_extension_request_set_tag.csr.der: parse_input/test_csr_v3_all.csr.der 155 (hexdump -ve '1/1 "%.2X"' $< | sed "s/31533051300B0603551D/32533051300B0603551D/" | xxd -r -p ) > $@ 156parse_input/test_csr_v3_all_malformed_attributes_extension_request_sequence_tag.csr.der: parse_input/test_csr_v3_all.csr.der 157 (hexdump -ve '1/1 "%.2X"' $< | sed "s/3051300B0603551D0F04/3151300B0603551D0F04/" | xxd -r -p ) > $@ 158parse_input/test_csr_v3_all_malformed_attributes_len1.csr.der: parse_input/test_csr_v3_all.csr.der 159 (hexdump -ve '1/1 "%.2X"' $< | sed "s/306006092A864886F70D/306106092A864886F70D/" | xxd -r -p ) > $@ 160parse_input/test_csr_v3_all_malformed_attributes_len2.csr.der: parse_input/test_csr_v3_all.csr.der 161 (hexdump -ve '1/1 "%.2X"' $< | sed "s/306006092A864886F70D/305906092A864886F70D/" | xxd -r -p ) > $@ 162parse_input/test_csr_v3_all_malformed_attributes_extension_request_sequence_len1.csr.der: parse_input/test_csr_v3_all.csr.der 163 (hexdump -ve '1/1 "%.2X"' $< | sed "s/3051300B0603551D0F04/3052300B0603551D0F04/" | xxd -r -p ) > $@ 164parse_input/test_csr_v3_all_malformed_attributes_extension_request_sequence_len2.csr.der: parse_input/test_csr_v3_all.csr.der 165 (hexdump -ve '1/1 "%.2X"' $< | sed "s/3051300B0603551D0F04/3050300B0603551D0F04/" | xxd -r -p ) > $@ 166 167parse_input/test_cert_rfc822name.crt.der: cert_example_multi.csr 168 $(OPENSSL) x509 -req -CA $(test_ca_crt) -CAkey $(test_ca_key_file_rsa) -extfile $(test_ca_config_file) -outform DER -extensions rfc822name_names -passin "pass:$(test_ca_pwd_rsa)" -set_serial 17 -days 3653 -sha256 -in $< > $@ 169 170$(test_ca_key_file_rsa_alt):test-ca.opensslconf 171 $(OPENSSL) genrsa -out $@ 2048 172test-ca-alt.csr: $(test_ca_key_file_rsa_alt) $(test_ca_config_file) 173 $(OPENSSL) req -new -config $(test_ca_config_file) -key $(test_ca_key_file_rsa_alt) -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test CA" -out $@ 174all_intermediate += test-ca-alt.csr 175test-ca-alt.crt: $(test_ca_key_file_rsa_alt) $(test_ca_config_file) test-ca-alt.csr 176 $(OPENSSL) req -x509 -config $(test_ca_config_file) -key $(test_ca_key_file_rsa_alt) -set_serial 0 -days 3653 -sha256 -in test-ca-alt.csr -out $@ 177all_final += test-ca-alt.crt 178test-ca-alt-good.crt: test-ca-alt.crt test-ca-sha256.crt 179 cat test-ca-alt.crt test-ca-sha256.crt > $@ 180all_final += test-ca-alt-good.crt 181test-ca-good-alt.crt: test-ca-alt.crt test-ca-sha256.crt 182 cat test-ca-sha256.crt test-ca-alt.crt > $@ 183all_final += test-ca-good-alt.crt 184 185test_ca_crt_file_ec = test-ca2.crt 186test_ca_key_file_ec = test-ca2.key 187 188test-ca2.req.sha256: $(test_ca_key_file_ec) 189 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$(test_ca_key_file_ec) \ 190 subject_name="C=NL,O=PolarSSL,CN=Polarssl Test EC CA" md=SHA256 191all_intermediate += test-ca2.req.sha256 192 193test-ca2.crt: $(test_ca_key_file_ec) test-ca2.req.sha256 194 $(MBEDTLS_CERT_WRITE) is_ca=1 serial=13926223505202072808 selfsign=1 \ 195 request_file=test-ca2.req.sha256 \ 196 issuer_name="C=NL,O=PolarSSL,CN=Polarssl Test EC CA" \ 197 issuer_key=$(test_ca_key_file_ec) \ 198 not_before=20190210144400 not_after=20290210144400 \ 199 md=SHA256 version=3 output_file=$@ 200all_final += test-ca2.crt 201 202test-ca2.ku-%.crt: test-ca2.ku-%.crt.openssl.v3_ext $(test_ca_key_file_ec) test-ca2.req.sha256 203 $(OPENSSL) x509 -req -in test-ca2.req.sha256 -extfile $< \ 204 -signkey $(test_ca_key_file_ec) -days 3653 -out $@ 205 206all_final += test-ca2.ku-crl.crt \ 207 test-ca2.ku-crt.crt \ 208 test-ca2.ku-crt_crl.crt \ 209 test-ca2.ku-ds.crt 210 211test-ca2-future.crt: $(test_ca_key_file_ec) test-ca2.req.sha256 212 $(MBEDTLS_CERT_WRITE) is_ca=1 serial=13926223505202072808 request_file=test-ca2.req.sha256 selfsign=1 \ 213 issuer_name="C=NL,O=PolarSSL,CN=Polarssl Test EC CA" issuer_key=$(test_ca_key_file_ec) \ 214 not_before=20290210144400 not_after=20390210144400 md=SHA256 version=3 output_file=$@ 215all_intermediate += test-ca2-future.crt 216 217test_ca_ec_cat := # files that concatenate different crt 218test-ca2_cat-future-invalid.crt: test-ca2-future.crt server6.crt 219test_ca_ec_cat += test-ca2_cat-future-invalid.crt 220test-ca2_cat-future-present.crt: test-ca2-future.crt test-ca2.crt 221test_ca_ec_cat += test-ca2_cat-future-present.crt 222test-ca2_cat-present-future.crt: test-ca2.crt test-ca2-future.crt 223test_ca_ec_cat += test-ca2_cat-present-future.crt 224test-ca2_cat-present-past.crt: test-ca2.crt test-ca2-expired.crt 225test_ca_ec_cat += test-ca2_cat-present-past.crt 226test-ca2_cat-past-invalid.crt: test-ca2-expired.crt server6.crt 227test_ca_ec_cat += test-ca2_cat-past-invalid.crt 228test-ca2_cat-past-present.crt: test-ca2-expired.crt test-ca2.crt 229test_ca_ec_cat += test-ca2_cat-past-present.crt 230$(test_ca_ec_cat): 231 cat $^ > $@ 232all_final += $(test_ca_ec_cat) 233 234parse_input/test-ca-any_policy.crt: $(test_ca_key_file_rsa) test-ca.req.sha256 235 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_any_policy_ca \ 236 -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" \ 237 -set_serial 0 -days 3653 -sha256 -in test-ca.req.sha256 -out $@ 238 239parse_input/test-ca-any_policy_ec.crt: $(test_ca_key_file_ec) test-ca.req_ec.sha256 240 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_any_policy_ca \ 241 -key $(test_ca_key_file_ec) -set_serial 0 -days 3653 -sha256 \ 242 -in test-ca.req_ec.sha256 -out $@ 243 244parse_input/test-ca-any_policy_with_qualifier.crt: $(test_ca_key_file_rsa) test-ca.req.sha256 245 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_any_policy_qualifier_ca -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha256 -in test-ca.req.sha256 -out $@ 246 247parse_input/test-ca-any_policy_with_qualifier_ec.crt: $(test_ca_key_file_ec) test-ca.req_ec.sha256 248 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_any_policy_qualifier_ca -key $(test_ca_key_file_ec) -set_serial 0 -days 3653 -sha256 -in test-ca.req_ec.sha256 -out $@ 249 250parse_input/test-ca-multi_policy.crt: $(test_ca_key_file_rsa) test-ca.req.sha256 251 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_multi_policy_ca -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha256 -in test-ca.req.sha256 -out $@ 252 253parse_input/test-ca-multi_policy_ec.crt: $(test_ca_key_file_ec) test-ca.req_ec.sha256 254 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_multi_policy_ca -key $(test_ca_key_file_ec) -set_serial 0 -days 3653 -sha256 -in test-ca.req_ec.sha256 -out $@ 255 256parse_input/test-ca-unsupported_policy.crt: $(test_ca_key_file_rsa) test-ca.req.sha256 257 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_unsupported_policy_ca -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha256 -in test-ca.req.sha256 -out $@ 258 259parse_input/test-ca-unsupported_policy_ec.crt: $(test_ca_key_file_ec) test-ca.req_ec.sha256 260 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_unsupported_policy_ca -key $(test_ca_key_file_ec) -set_serial 0 -days 3653 -sha256 -in test-ca.req_ec.sha256 -out $@ 261 262test-ca.req_ec.sha256: $(test_ca_key_file_ec) 263 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$(test_ca_key_file_ec) subject_name="C=NL, O=PolarSSL, CN=Polarssl Test EC CA" md=SHA256 264all_intermediate += test-ca.req_ec.sha256 265 266test-ca2.crt.der: $(test_ca_crt_file_ec) 267 $(OPENSSL) x509 -in $(test_ca_crt_file_ec) -out $@ -inform PEM -outform DER 268all_final += test-ca2.crt.der 269 270test-ca2.key.der: $(test_ca_key_file_ec) 271 $(OPENSSL) pkey -in $(test_ca_key_file_ec) -out $@ -inform PEM -outform DER 272all_final += test-ca2.key.der 273 274test_ca_crt_cat12 = test-ca_cat12.crt 275$(test_ca_crt_cat12): $(test_ca_crt) $(test_ca_crt_file_ec) 276 cat $(test_ca_crt) $(test_ca_crt_file_ec) > $@ 277all_final += $(test_ca_crt_cat12) 278 279test_ca_crt_cat21 = test-ca_cat21.crt 280$(test_ca_crt_cat21): $(test_ca_crt) $(test_ca_crt_file_ec) 281 cat $(test_ca_crt_file_ec) $(test_ca_crt) > $@ 282all_final += $(test_ca_crt_cat21) 283 284test-int-ca.csr: test-int-ca.key $(test_ca_config_file) 285 $(OPENSSL) req -new -config $(test_ca_config_file) -key test-int-ca.key -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test Intermediate CA" -out $@ 286 287test-int-ca2.csr: test-int-ca2.key $(test_ca_config_file) 288 $(OPENSSL) req -new -config $(test_ca_config_file) -key test-int-ca2.key \ 289 -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test Intermediate EC CA" -out $@ 290 291test-int-ca3.csr: test-int-ca3.key $(test_ca_config_file) 292 $(OPENSSL) req -new -config $(test_ca_config_file) -key test-int-ca3.key \ 293 -subj "/C=UK/O=mbed TLS/CN=mbed TLS Test intermediate CA 3" -out $@ 294 295all_intermediate += test-int-ca.csr test-int-ca2.csr test-int-ca3.csr 296 297test-int-ca.crt: $(test_ca_crt_file_ec) $(test_ca_key_file_ec) $(test_ca_config_file) test-int-ca.csr 298 $(OPENSSL) x509 -req -extfile $(test_ca_config_file) -extensions v3_ca \ 299 -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) \ 300 -set_serial 14 -days 3653 -sha256 -in test-int-ca.csr -out $@ 301 302test-int-ca2.crt: $(test_ca_key_file_rsa) $(test_ca_crt) $(test_ca_config_file) test-int-ca2.csr 303 $(OPENSSL) x509 -req -extfile $(test_ca_config_file) -extensions v3_ca -CA $(test_ca_crt) \ 304 -CAkey $(test_ca_key_file_rsa) -set_serial 15 -days 3653 -sha256 -in test-int-ca2.csr \ 305 -passin "pass:$(test_ca_pwd_rsa)" -out $@ 306 307# Note: This requests openssl version >= 3.x.xx 308test-int-ca3.crt: test-int-ca2.crt test-int-ca2.key $(test_ca_config_file) test-int-ca3.csr 309 $(OPENSSL) x509 -req -extfile $(test_ca_config_file) -extensions no_subj_auth_id \ 310 -CA test-int-ca2.crt -CAkey test-int-ca2.key -set_serial 77 -days 3653 \ 311 -sha256 -in test-int-ca3.csr -out $@ 312 313test-int-ca-exp.crt: $(test_ca_crt_file_ec) $(test_ca_key_file_ec) $(test_ca_config_file) test-int-ca.csr 314 $(FAKETIME) -f -3653d $(OPENSSL) x509 -req -extfile $(test_ca_config_file) -extensions v3_ca -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) -set_serial 14 -days 3653 -sha256 -in test-int-ca.csr -out $@ 315 316all_final += test-int-ca-exp.crt test-int-ca.crt test-int-ca2.crt test-int-ca3.crt 317 318enco-cert-utf8str.pem: rsa_pkcs1_1024_clear.pem 319 $(MBEDTLS_CERT_WRITE) subject_key=rsa_pkcs1_1024_clear.pem subject_name="CN=dw.yonan.net" issuer_crt=enco-ca-prstr.pem issuer_key=rsa_pkcs1_1024_clear.pem not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ 320 321parse_input/crl-idp.pem: $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_config_file) 322 $(OPENSSL) ca -gencrl -batch -cert $(test_ca_crt) -keyfile $(test_ca_key_file_rsa) -key $(test_ca_pwd_rsa) -config $(test_ca_config_file) -name test_ca -md sha256 -crldays 3653 -crlexts crl_ext_idp -out $@ 323parse_input/crl-idpnc.pem: $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_config_file) 324 $(OPENSSL) ca -gencrl -batch -cert $(test_ca_crt) -keyfile $(test_ca_key_file_rsa) -key $(test_ca_pwd_rsa) -config $(test_ca_config_file) -name test_ca -md sha256 -crldays 3653 -crlexts crl_ext_idp_nc -out $@ 325 326cli_crt_key_file_rsa = cli-rsa.key 327cli_crt_extensions_file = cli.opensslconf 328 329cli-rsa.csr: $(cli_crt_key_file_rsa) 330 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Client 2" md=SHA1 331all_intermediate += cli-rsa.csr 332 333cli-rsa-sha1.crt: cli-rsa.csr 334 $(MBEDTLS_CERT_WRITE) request_file=$< serial=4 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ 335 336cli-rsa-sha256.crt: cli-rsa.csr 337 $(MBEDTLS_CERT_WRITE) request_file=$< serial=4 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA256 version=3 output_file=$@ 338all_final += cli-rsa-sha256.crt 339 340cli-rsa-sha256.crt.der: cli-rsa-sha256.crt 341 $(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER 342all_final += cli-rsa-sha256.crt.der 343 344parse_input/cli-rsa-sha256-badalg.crt.der: cli-rsa-sha256.crt.der 345 hexdump -ve '1/1 "%.2X"' $< | sed "s/06092A864886F70D01010B0500/06092A864886F70D01010B0900/2" | xxd -r -p > $@ 346 347cli-rsa.key.der: $(cli_crt_key_file_rsa) 348 $(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER 349all_final += cli-rsa.key.der 350 351test_ca_int_rsa1 = test-int-ca.crt 352test_ca_int_ec = test-int-ca2.crt 353test_ca_int_key_file_ec = test-int-ca2.key 354 355# server7* 356 357server7.csr: server7.key 358 $(OPENSSL) req -new -key server7.key -subj "/C=NL/O=PolarSSL/CN=localhost" -out $@ 359all_intermediate += server7.csr 360 361server7.crt: server7.csr $(test_ca_int_rsa1) 362 $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa \ 363 -CA $(test_ca_int_rsa1) -CAkey test-int-ca.key \ 364 -set_serial 16 -days 3653 -sha256 -in server7.csr > $@ 365all_final += server7.crt 366 367server7-expired.crt: server7.csr $(test_ca_int_rsa1) 368 $(FAKETIME) -f -3653d $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA $(test_ca_int_rsa1) -CAkey test-int-ca.key -set_serial 16 -days 3653 -sha256 -in server7.csr | cat - $(test_ca_int_rsa1) > $@ 369all_final += server7-expired.crt 370 371server7-future.crt: server7.csr $(test_ca_int_rsa1) 372 $(FAKETIME) -f +3653d $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA $(test_ca_int_rsa1) -CAkey test-int-ca.key -set_serial 16 -days 3653 -sha256 -in server7.csr | cat - $(test_ca_int_rsa1) > $@ 373all_final += server7-future.crt 374 375server7-badsign.crt: server7.crt $(test_ca_int_rsa1) 376 { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; cat $(test_ca_int_rsa1); } > $@ 377all_final += server7-badsign.crt 378 379parse_input/server7_int-ca.crt server7_int-ca.crt: server7.crt $(test_ca_int_rsa1) 380 cat server7.crt $(test_ca_int_rsa1) > $@ 381all_final += server7_int-ca.crt 382 383parse_input/server7_pem_space.crt: server7.crt $(test_ca_int_rsa1) 384 cat server7.crt $(test_ca_int_rsa1) | sed '4s/\(.\)$$/ \1/' > $@ 385 386parse_input/server7_all_space.crt: server7.crt $(test_ca_int_rsa1) 387 { cat server7.crt | sed '4s/\(.\)$$/ \1/'; cat test-int-ca.crt | sed '4s/\(.\)$$/ \1/'; } > $@ 388 389parse_input/server7_trailing_space.crt: server7.crt $(test_ca_int_rsa1) 390 cat server7.crt $(test_ca_int_rsa1) | sed 's/\(.\)$$/\1 /' > $@ 391 392server7_int-ca_ca2.crt: server7.crt $(test_ca_int_rsa1) $(test_ca_crt_file_ec) 393 cat server7.crt $(test_ca_int_rsa1) $(test_ca_crt_file_ec) > $@ 394all_final += server7_int-ca_ca2.crt 395 396server7_int-ca-exp.crt: server7.crt test-int-ca-exp.crt 397 cat server7.crt test-int-ca-exp.crt > $@ 398all_final += server7_int-ca-exp.crt 399 400server7_spurious_int-ca.crt: server7.crt $(test_ca_int_ec) $(test_ca_int_rsa1) 401 cat server7.crt $(test_ca_int_ec) $(test_ca_int_rsa1) > $@ 402all_final += server7_spurious_int-ca.crt 403 404# server8* 405 406server8.crt: server8.key 407 $(MBEDTLS_CERT_WRITE) subject_key=$< subject_name="C=NL, O=PolarSSL, CN=localhost" serial=17 \ 408 issuer_crt=$(test_ca_int_ec) issuer_key=$(test_ca_int_key_file_ec) \ 409 not_before=20190210144406 not_after=20290210144406 \ 410 md=SHA256 version=3 output_file=$@ 411all_final += server8.crt 412 413server8_int-ca2.crt: server8.crt $(test_ca_int_ec) 414 cat $^ > $@ 415all_final += server8_int-ca2.crt 416 417cli2.req.sha256: cli2.key 418 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Test Client 2" md=SHA256 419all_intermediate += cli2.req.sha256 420 421all_final += server1.req.sha1 422cli2.crt: cli2.req.sha256 423 $(MBEDTLS_CERT_WRITE) request_file=cli2.req.sha256 serial=13 selfsign=0 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test EC CA" issuer_key=$(test_ca_key_file_ec) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144400 not_after=20290210144400 md=SHA256 version=3 output_file=$@ 424all_final += cli2.crt 425 426cli2.crt.der: cli2.crt 427 $(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER 428all_final += cli2.crt.der 429 430cli2.key.der: cli2.key 431 $(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER 432all_final += cli2.key.der 433 434server5_pwd_ec = PolarSSLTest 435 436server5.crt.der: server5.crt 437 $(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER 438all_final += server5.crt.der 439 440server5.key.der: server5.key 441 $(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER 442all_final += server5.key.der 443 444server5.key.enc: server5.key 445 $(OPENSSL) ec -aes256 -in $< -out $@ -passout "pass:$(server5_pwd_ec)" 446all_final += server5.key.enc 447 448server5-ss-expired.crt: server5.key 449 $(FAKETIME) -f -3653d $(OPENSSL) req -x509 -new -subj "/C=UK/O=mbed TLS/OU=testsuite/CN=localhost" -days 3653 -sha256 -key $< -out $@ 450all_final += server5-ss-expired.crt 451 452# try to forge a copy of test-int-ca3 with different key 453server5-ss-forgeca.crt: server5.key 454 $(OPENSSL) req -x509 -new -subj "/C=UK/O=mbed TLS/CN=mbed TLS Test intermediate CA 3" \ 455 -set_serial 77 -config $(test_ca_config_file) -extensions noext_ca \ 456 -days 3650 -sha256 -key $< -out $@ 457all_final += server5-ss-forgeca.crt 458 459server5-selfsigned.crt: server5.key 460 openssl req -x509 -key server5.key \ 461 -sha256 -days 3650 -nodes \ 462 -addext basicConstraints=critical,CA:FALSE \ 463 -addext keyUsage=critical,digitalSignature \ 464 -addext subjectKeyIdentifier=hash \ 465 -addext authorityKeyIdentifier=none \ 466 -set_serial 0x53a2cb4b124ead837da894b2 \ 467 -subj "/CN=selfsigned/OU=testing/O=PolarSSL/C=NL" \ 468 -out $@ 469all_final += server5-selfsigned.crt 470 471parse_input/server5-othername.crt.der: server5.key 472 $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions othername_san -days 3650 -sha256 -key $< -outform der -out $@ 473 474parse_input/server5-nonprintable_othername.crt.der: server5.key 475 $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS non-printable othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions nonprintable_othername_san -days 3650 -sha256 -key $< -outform der -out $@ 476 477parse_input/server5-unsupported_othername.crt.der: server5.key 478 $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS unsupported othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions unsupported_othername_san -days 3650 -sha256 -key $< -outform der -out $@ 479 480parse_input/server5-fan.crt.der: server5.key 481 $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS FAN" -set_serial 77 -config $(test_ca_config_file) -extensions fan_cert -days 3650 -sha256 -key server5.key -outform der -out $@ 482 483server5-tricky-ip-san.crt.der: server5.key 484 $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS Tricky IP SAN" -set_serial 77 -config $(test_ca_config_file) -extensions tricky_ip_san -days 3650 -sha256 -key server5.key -outform der -out $@ 485 486all_final += server5-tricky-ip-san.crt.der 487 488# malformed IP length 489server5-tricky-ip-san-malformed-len.crt.der: server5-tricky-ip-san.crt.der 490 hexdump -ve '1/1 "%.2X"' $< | sed "s/87046162636487106162/87056162636487106162/" | xxd -r -p > $@ 491 492parse_input/server5-directoryname.crt.der: server5.key 493 $(OPENSSL) req -x509 -outform der -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS directoryName SAN" -set_serial 77 -config $(test_ca_config_file) -extensions directory_name_san -days 3650 -sha256 -key server5.key -out $@ 494 495parse_input/server5-two-directorynames.crt.der: server5.key 496 $(OPENSSL) req -x509 -outform der -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS directoryName SAN" -set_serial 77 -config $(test_ca_config_file) -extensions two_directorynames -days 3650 -sha256 -key server5.key -out $@ 497 498server5-der0.crt: server5.crt.der 499 cp $< $@ 500server5-der1a.crt: server5.crt.der 501 cp $< $@ 502 echo '00' | xxd -r -p | dd of=$@ bs=1 seek=$$(wc -c <$<) conv=notrunc 503server5-der1b.crt: server5.crt.der 504 cp $< $@ 505 echo 'c1' | xxd -r -p | dd of=$@ bs=1 seek=$$(wc -c <$<) conv=notrunc 506server5-der2.crt: server5.crt.der 507 cp $< $@ 508 echo 'b90a' | xxd -r -p | dd of=$@ bs=1 seek=$$(wc -c <$<) conv=notrunc 509server5-der4.crt: server5.crt.der 510 cp $< $@ 511 echo 'a710945f' | xxd -r -p | dd of=$@ bs=1 seek=$$(wc -c <$<) conv=notrunc 512server5-der8.crt: server5.crt.der 513 cp $< $@ 514 echo 'a4a7ff27267aaa0f' | xxd -r -p | dd of=$@ bs=1 seek=$$(wc -c <$<) conv=notrunc 515server5-der9.crt: server5.crt.der 516 cp $< $@ 517 echo 'cff8303376ffa47a29' | xxd -r -p | dd of=$@ bs=1 seek=$$(wc -c <$<) conv=notrunc 518all_final += server5-der0.crt server5-der1b.crt server5-der4.crt \ 519 server5-der9.crt server5-der1a.crt server5-der2.crt \ 520 server5-der8.crt 521 522# directoryname sequence tag malformed 523parse_input/server5-directoryname-seq-malformed.crt.der: parse_input/server5-two-directorynames.crt.der 524 hexdump -ve '1/1 "%.2X"' $< | sed "s/62A4473045310B/62A4473145310B/" | xxd -r -p > $@ 525 526# Second directoryname OID length malformed 03 -> 15 527parse_input/server5-second-directoryname-oid-malformed.crt.der: parse_input/server5-two-directorynames.crt.der 528 hexdump -ve '1/1 "%.2X"' $< | sed "s/0355040A0C0A4D414C464F524D5F4D45/1555040A0C0A4D414C464F524D5F4D45/" | xxd -r -p > $@ 529 530parse_input/rsa_single_san_uri.crt.der rsa_single_san_uri.crt.der: rsa_single_san_uri.key 531 $(OPENSSL) req -x509 -outform der -nodes -days 7300 -newkey rsa:2048 -key $< -out $@ -addext "subjectAltName = URI:urn:example.com:5ff40f78-9210-494f-8206-c2c082f0609c" -extensions 'v3_req' -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS URI SAN" 532 533parse_input/rsa_multiple_san_uri.crt.der: rsa_multiple_san_uri.key 534 $(OPENSSL) req -x509 -outform der -nodes -days 7300 -newkey rsa:2048 -key $< -out $@ -addext "subjectAltName = URI:urn:example.com:5ff40f78-9210-494f-8206-c2c082f0609c, URI:urn:example.com:5ff40f78-9210-494f-8206-abcde1234567" -extensions 'v3_req' -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS URI SAN" 535 536test-int-ca3-badsign.crt: test-int-ca3.crt 537 { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; } > $@ 538all_final += test-int-ca3-badsign.crt 539 540# server9* 541 542server9.csr: server9.key 543 $(OPENSSL) req -new -subj "/C=NL/O=PolarSSL/CN=localhost" \ 544 -key $< -out $@ 545parse_input/server9.crt server9.crt: server9-sha1.crt 546 cp $< $@ 547all_final += server9.crt 548all_intermediate += server9.csr server9-sha1.crt 549 550server9-%.crt: server9.csr $(test_ca_crt) $(test_ca_key_file_rsa) 551 $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa \ 552 -passin "pass:$(test_ca_pwd_rsa)" -CA $(test_ca_crt) -CAkey $(test_ca_key_file_rsa) \ 553 -set_serial $(SERVER9_CRT_SERIAL) -days 3653 \ 554 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:max \ 555 -sigopt rsa_mgf1_md:$(@F:server9-%.crt=%) -$(@F:server9-%.crt=%) \ 556 -in $< -out $@ 557server9-sha1.crt: SERVER9_CRT_SERIAL=22 558parse_input/server9-sha224.crt server9-sha224.crt: SERVER9_CRT_SERIAL=23 559parse_input/server9-sha256.crt server9-sha256.crt: SERVER9_CRT_SERIAL=24 560parse_input/server9-sha384.crt server9-sha384.crt: SERVER9_CRT_SERIAL=25 561parse_input/server9-sha512.crt server9-sha512.crt: SERVER9_CRT_SERIAL=26 562all_final += server9-sha224.crt server9-sha256.crt server9-sha384.crt server9-sha512.crt 563 564server9-defaults.crt: server9.csr $(test_ca_crt) $(test_ca_key_file_rsa) 565 $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa \ 566 -passin "pass:$(test_ca_pwd_rsa)" -CA $(test_ca_crt) -CAkey $(test_ca_key_file_rsa) \ 567 -set_serial 72 -days 3653 \ 568 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:max -sha1 \ 569 -in $< -out $@ 570all_final += server9-defaults.crt 571 572server9-badsign.crt: server9.crt 573 { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; } > $@ 574all_final += server9-badsign.crt 575 576server9-with-ca.crt: server9.crt $(test_ca_crt) 577 cat $^ > $@ 578all_final += server9-with-ca.crt 579 580# FIXME: This file needs special sequence. It should be update manually 581server9-bad-saltlen.crt: server9.csr $(test_ca_crt) $(test_ca_key_file_rsa) 582 false 583 584server9-bad-mgfhash.crt: server9.csr $(test_ca_crt) $(test_ca_key_file_rsa) 585 $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa \ 586 -passin "pass:$(test_ca_pwd_rsa)" -CA $(test_ca_crt) -CAkey $(test_ca_key_file_rsa) \ 587 -set_serial 24 -days 3653 \ 588 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:max \ 589 -sigopt rsa_mgf1_md:sha224 -sha256 \ 590 -in $< -out $@ 591all_final += server9-bad-mgfhash.crt 592 593# server10* 594 595server10.crt: server10.key test-int-ca3.crt test-int-ca3.key 596 $(MBEDTLS_CERT_WRITE) subject_key=$< subject_name="CN=localhost" serial=75 \ 597 issuer_crt=test-int-ca3.crt issuer_key=test-int-ca3.key \ 598 subject_identifier=0 authority_identifier=0 \ 599 not_before=20190210144406 not_after=20290210144406 \ 600 md=SHA256 version=3 output_file=$@ 601all_final += server10.crt 602server10-badsign.crt: server10.crt 603 { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; } > $@ 604all_final += server10-badsign.crt 605server10-bs_int3.pem: server10-badsign.crt test-int-ca3.crt 606 cat server10-badsign.crt test-int-ca3.crt > $@ 607all_final += server10-bs_int3.pem 608server10_int3-bs.pem: server10.crt test-int-ca3-badsign.crt 609 cat server10.crt test-int-ca3-badsign.crt > $@ 610all_final += server10_int3-bs.pem 611server10_int3_int-ca2.crt: server10.crt test-int-ca3.crt $(test_ca_int_ec) 612 cat $^ > $@ 613all_final += server10_int3_int-ca2.crt 614server10_int3_int-ca2_ca.crt: server10.crt test-int-ca3.crt $(test_ca_int_ec) $(test_ca_crt) 615 cat $^ > $@ 616all_final += server10_int3_int-ca2_ca.crt 617server10_int3_spurious_int-ca2.crt: server10.crt test-int-ca3.crt $(test_ca_int_rsa1) $(test_ca_int_ec) 618 cat $^ > $@ 619all_final += server10_int3_spurious_int-ca2.crt 620 621rsa_pkcs1_2048_public.pem: server8.key 622 $(OPENSSL) rsa -in $< -outform PEM -RSAPublicKey_out -out $@ 623all_final += rsa_pkcs1_2048_public.pem 624 625rsa_pkcs1_2048_public.der: rsa_pkcs1_2048_public.pem 626 $(OPENSSL) rsa -RSAPublicKey_in -in $< -outform DER -RSAPublicKey_out -out $@ 627all_final += rsa_pkcs1_2048_public.der 628 629rsa_pkcs8_2048_public.pem: server8.key 630 $(OPENSSL) rsa -in $< -outform PEM -pubout -out $@ 631all_final += rsa_pkcs8_2048_public.pem 632 633rsa_pkcs8_2048_public.der: rsa_pkcs8_2048_public.pem 634 $(OPENSSL) rsa -pubin -in $< -outform DER -pubout -out $@ 635all_final += rsa_pkcs8_2048_public.der 636 637# Generate crl_cat_*.pem 638# - crt_cat_*.pem: (1+2) concatenations in various orders: 639# ec = crl-ec-sha256.pem, ecfut = crl-future.pem 640# rsa = crl.pem, rsabadpem = same with pem error, rsaexp = crl_expired.pem 641 642crl_cat_ec-rsa.pem:crl-ec-sha256.pem crl.pem 643 cat $^ > $@ 644 645crl_cat_rsa-ec.pem:crl.pem crl-ec-sha256.pem 646 cat $^ > $@ 647 648all_final += crl_cat_ec-rsa.pem crl_cat_rsa-ec.pem 649 650authorityKeyId_subjectKeyId.crt.der: 651 $(OPENSSL) req -x509 -nodes -days 7300 -key server2.key -outform DER -out $@ -config authorityKeyId_subjectKeyId.conf -extensions 'v3_req' -set_serial 593828494303792449134898749208168108403991951034 652 653authorityKeyId_no_keyid.crt.der: 654 $(OPENSSL) req -x509 -nodes -days 7300 -key server2.key -outform DER -out $@ -config authorityKeyId_subjectKeyId.conf -extensions 'v3_req_authorityKeyId_no_keyid' -set_serial 593828494303792449134898749208168108403991951034 655 656authorityKeyId_no_issuer.crt.der: 657 $(OPENSSL) req -x509 -nodes -days 7300 -key server2.key -outform DER -out $@ -config authorityKeyId_subjectKeyId.conf -extensions 'v3_req_authorityKeyId_no_issuer' 658 659authorityKeyId_no_authorityKeyId.crt.der: 660 $(OPENSSL) req -x509 -nodes -days 7300 -key server2.key -outform DER -out $@ -config authorityKeyId_subjectKeyId.conf -extensions 'v3_req_no_authorityKeyId' 661 662authorityKeyId_subjectKeyId_tag_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der 663 hexdump -ve '1/1 "%.2X"' $< | sed "s/0414A505E864B8DCDF600F50124D60A864AF4D8B4393/0114A505E864B8DCDF600F50124D60A864AF4D8B4393/" | xxd -r -p > $@ 664 665authorityKeyId_subjectKeyId_tag_len_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der 666 hexdump -ve '1/1 "%.2X"' $< | sed "s/0414A505E864B8DCDF600F50124D60A864AF4D8B4393/0413A505E864B8DCDF600F50124D60A864AF4D8B4393/" | xxd -r -p > $@ 667 668authorityKeyId_subjectKeyId_length_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der 669 hexdump -ve '1/1 "%.2X"' $< | sed "s/306D8014A505E864B8DC/306C8014A505E864B8DC/" | xxd -r -p > $@ 670 671authorityKeyId_subjectKeyId_sequence_tag_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der 672 hexdump -ve '1/1 "%.2X"' $< | sed "s/6F306D8014A505E864B8/6F006D8014A505E864B8/" | xxd -r -p > $@ 673 674authorityKeyId_subjectKeyId_keyid_tag_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der 675 hexdump -ve '1/1 "%.2X"' $< | sed "s/306D8014A505E864B8DC/306D0014A505E864B8DC/" | xxd -r -p > $@ 676 677authorityKeyId_subjectKeyId_keyid_tag_len_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der 678 hexdump -ve '1/1 "%.2X"' $< | sed "s/306D8014A505E864B8DC/306D80FFA505E864B8DC/" | xxd -r -p > $@ 679 680authorityKeyId_subjectKeyId_issuer_tag1_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der 681 hexdump -ve '1/1 "%.2X"' $< | sed "s/A13FA43D303B310B3009/003FA43D303B310B3009/" | xxd -r -p > $@ 682 683authorityKeyId_subjectKeyId_issuer_tag2_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der 684 hexdump -ve '1/1 "%.2X"' $< | sed "s/A43D303B310B30090603/003D303B310B30090603/" | xxd -r -p > $@ 685 686authorityKeyId_subjectKeyId_sn_tag_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der 687 hexdump -ve '1/1 "%.2X"' $< | sed "s/8214680430CD074DE63F/8114680430CD074DE63F/" | xxd -r -p > $@ 688 689authorityKeyId_subjectKeyId_sn_len_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der 690 hexdump -ve '1/1 "%.2X"' $< | sed "s/8214680430CD074DE63F/8213680430CD074DE63F/" | xxd -r -p > $@ 691 692################################################################ 693#### Generate various RSA keys 694################################################################ 695 696### Password used for PKCS1-encoded encrypted RSA keys 697keys_rsa_basic_pwd = testkey 698 699### Password used for PKCS8-encoded encrypted RSA keys 700keys_rsa_pkcs8_pwd = PolarSSLTest 701 702### Basic 1024-, 2048- and 4096-bit unencrypted RSA keys from which 703### all other encrypted RSA keys are derived. 704rsa_pkcs1_1024_clear.pem: 705 $(OPENSSL) genrsa -out $@ 1024 706all_final += rsa_pkcs1_1024_clear.pem 707rsa_pkcs1_2048_clear.pem: 708 $(OPENSSL) genrsa -out $@ 2048 709all_final += rsa_pkcs1_2048_clear.pem 710rsa_pkcs1_4096_clear.pem: 711 $(OPENSSL) genrsa -out $@ 4096 712all_final += rsa_pkcs1_4096_clear.pem 713 714### 715### PKCS1-encoded, encrypted RSA keys 716### 717 718### 1024-bit 719rsa_pkcs1_1024_des.pem: rsa_pkcs1_1024_clear.pem 720 $(OPENSSL) rsa -des -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 721all_final += rsa_pkcs1_1024_des.pem 722rsa_pkcs1_1024_3des.pem: rsa_pkcs1_1024_clear.pem 723 $(OPENSSL) rsa -des3 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 724all_final += rsa_pkcs1_1024_3des.pem 725rsa_pkcs1_1024_aes128.pem: rsa_pkcs1_1024_clear.pem 726 $(OPENSSL) rsa -aes128 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 727all_final += rsa_pkcs1_1024_aes128.pem 728rsa_pkcs1_1024_aes192.pem: rsa_pkcs1_1024_clear.pem 729 $(OPENSSL) rsa -aes192 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 730all_final += rsa_pkcs1_1024_aes192.pem 731rsa_pkcs1_1024_aes256.pem: rsa_pkcs1_1024_clear.pem 732 $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 733all_final += rsa_pkcs1_1024_aes256.pem 734keys_rsa_enc_basic_1024: rsa_pkcs1_1024_des.pem rsa_pkcs1_1024_3des.pem rsa_pkcs1_1024_aes128.pem rsa_pkcs1_1024_aes192.pem rsa_pkcs1_1024_aes256.pem 735 736# 2048-bit 737rsa_pkcs1_2048_des.pem: rsa_pkcs1_2048_clear.pem 738 $(OPENSSL) rsa -des -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 739all_final += rsa_pkcs1_2048_des.pem 740rsa_pkcs1_2048_3des.pem: rsa_pkcs1_2048_clear.pem 741 $(OPENSSL) rsa -des3 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 742all_final += rsa_pkcs1_2048_3des.pem 743rsa_pkcs1_2048_aes128.pem: rsa_pkcs1_2048_clear.pem 744 $(OPENSSL) rsa -aes128 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 745all_final += rsa_pkcs1_2048_aes128.pem 746rsa_pkcs1_2048_aes192.pem: rsa_pkcs1_2048_clear.pem 747 $(OPENSSL) rsa -aes192 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 748all_final += rsa_pkcs1_2048_aes192.pem 749rsa_pkcs1_2048_aes256.pem: rsa_pkcs1_2048_clear.pem 750 $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 751all_final += rsa_pkcs1_2048_aes256.pem 752keys_rsa_enc_basic_2048: rsa_pkcs1_2048_des.pem rsa_pkcs1_2048_3des.pem rsa_pkcs1_2048_aes128.pem rsa_pkcs1_2048_aes192.pem rsa_pkcs1_2048_aes256.pem 753 754# 4096-bit 755rsa_pkcs1_4096_des.pem: rsa_pkcs1_4096_clear.pem 756 $(OPENSSL) rsa -des -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 757all_final += rsa_pkcs1_4096_des.pem 758rsa_pkcs1_4096_3des.pem: rsa_pkcs1_4096_clear.pem 759 $(OPENSSL) rsa -des3 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 760all_final += rsa_pkcs1_4096_3des.pem 761rsa_pkcs1_4096_aes128.pem: rsa_pkcs1_4096_clear.pem 762 $(OPENSSL) rsa -aes128 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 763all_final += rsa_pkcs1_4096_aes128.pem 764rsa_pkcs1_4096_aes192.pem: rsa_pkcs1_4096_clear.pem 765 $(OPENSSL) rsa -aes192 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 766all_final += rsa_pkcs1_4096_aes192.pem 767rsa_pkcs1_4096_aes256.pem: rsa_pkcs1_4096_clear.pem 768 $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 769all_final += rsa_pkcs1_4096_aes256.pem 770keys_rsa_enc_basic_4096: rsa_pkcs1_4096_des.pem rsa_pkcs1_4096_3des.pem rsa_pkcs1_4096_aes128.pem rsa_pkcs1_4096_aes192.pem rsa_pkcs1_4096_aes256.pem 771 772### 773### PKCS8-v1 encoded, encrypted RSA keys 774### 775 776### 1024-bit 777rsa_pkcs8_pbe_sha1_1024_3des.der: rsa_pkcs1_1024_clear.pem 778 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES 779all_final += rsa_pkcs8_pbe_sha1_1024_3des.der 780rsa_pkcs8_pbe_sha1_1024_3des.pem: rsa_pkcs1_1024_clear.pem 781 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES 782all_final += rsa_pkcs8_pbe_sha1_1024_3des.pem 783keys_rsa_enc_pkcs8_v1_1024_3des: rsa_pkcs8_pbe_sha1_1024_3des.pem rsa_pkcs8_pbe_sha1_1024_3des.der 784 785rsa_pkcs8_pbe_sha1_1024_2des.der: rsa_pkcs1_1024_clear.pem 786 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES 787all_final += rsa_pkcs8_pbe_sha1_1024_2des.der 788rsa_pkcs8_pbe_sha1_1024_2des.pem: rsa_pkcs1_1024_clear.pem 789 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES 790all_final += rsa_pkcs8_pbe_sha1_1024_2des.pem 791keys_rsa_enc_pkcs8_v1_1024_2des: rsa_pkcs8_pbe_sha1_1024_2des.pem rsa_pkcs8_pbe_sha1_1024_2des.der 792 793keys_rsa_enc_pkcs8_v1_1024: keys_rsa_enc_pkcs8_v1_1024_3des keys_rsa_enc_pkcs8_v1_1024_2des 794 795### 2048-bit 796rsa_pkcs8_pbe_sha1_2048_3des.der: rsa_pkcs1_2048_clear.pem 797 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES 798all_final += rsa_pkcs8_pbe_sha1_2048_3des.der 799rsa_pkcs8_pbe_sha1_2048_3des.pem: rsa_pkcs1_2048_clear.pem 800 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES 801all_final += rsa_pkcs8_pbe_sha1_2048_3des.pem 802keys_rsa_enc_pkcs8_v1_2048_3des: rsa_pkcs8_pbe_sha1_2048_3des.pem rsa_pkcs8_pbe_sha1_2048_3des.der 803 804rsa_pkcs8_pbe_sha1_2048_2des.der: rsa_pkcs1_2048_clear.pem 805 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES 806all_final += rsa_pkcs8_pbe_sha1_2048_2des.der 807rsa_pkcs8_pbe_sha1_2048_2des.pem: rsa_pkcs1_2048_clear.pem 808 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES 809all_final += rsa_pkcs8_pbe_sha1_2048_2des.pem 810keys_rsa_enc_pkcs8_v1_2048_2des: rsa_pkcs8_pbe_sha1_2048_2des.pem rsa_pkcs8_pbe_sha1_2048_2des.der 811 812keys_rsa_enc_pkcs8_v1_2048: keys_rsa_enc_pkcs8_v1_2048_3des keys_rsa_enc_pkcs8_v1_2048_2des 813 814### 4096-bit 815rsa_pkcs8_pbe_sha1_4096_3des.der: rsa_pkcs1_4096_clear.pem 816 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES 817all_final += rsa_pkcs8_pbe_sha1_4096_3des.der 818rsa_pkcs8_pbe_sha1_4096_3des.pem: rsa_pkcs1_4096_clear.pem 819 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES 820all_final += rsa_pkcs8_pbe_sha1_4096_3des.pem 821keys_rsa_enc_pkcs8_v1_4096_3des: rsa_pkcs8_pbe_sha1_4096_3des.pem rsa_pkcs8_pbe_sha1_4096_3des.der 822 823rsa_pkcs8_pbe_sha1_4096_2des.der: rsa_pkcs1_4096_clear.pem 824 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES 825all_final += rsa_pkcs8_pbe_sha1_4096_2des.der 826rsa_pkcs8_pbe_sha1_4096_2des.pem: rsa_pkcs1_4096_clear.pem 827 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES 828all_final += rsa_pkcs8_pbe_sha1_4096_2des.pem 829keys_rsa_enc_pkcs8_v1_4096_2des: rsa_pkcs8_pbe_sha1_4096_2des.pem rsa_pkcs8_pbe_sha1_4096_2des.der 830 831keys_rsa_enc_pkcs8_v1_4096: keys_rsa_enc_pkcs8_v1_4096_3des keys_rsa_enc_pkcs8_v1_4096_2des 832 833### 834### PKCS8-v2 encoded, encrypted RSA keys, no PRF specified (default for OpenSSL1.0: hmacWithSHA1) 835### 836 837### 1024-bit 838rsa_pkcs8_pbes2_pbkdf2_1024_3des.der: rsa_pkcs1_1024_clear.pem 839 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 840all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des.der 841rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem: rsa_pkcs1_1024_clear.pem 842 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 843all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem 844keys_rsa_enc_pkcs8_v2_1024_3des: rsa_pkcs8_pbes2_pbkdf2_1024_3des.der rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem 845 846rsa_pkcs8_pbes2_pbkdf2_1024_des.der: rsa_pkcs1_1024_clear.pem 847 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 848all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des.der 849rsa_pkcs8_pbes2_pbkdf2_1024_des.pem: rsa_pkcs1_1024_clear.pem 850 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 851all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des.pem 852keys_rsa_enc_pkcs8_v2_1024_des: rsa_pkcs8_pbes2_pbkdf2_1024_des.der rsa_pkcs8_pbes2_pbkdf2_1024_des.pem 853 854keys_rsa_enc_pkcs8_v2_1024: keys_rsa_enc_pkcs8_v2_1024_3des keys_rsa_enc_pkcs8_v2_1024_des 855 856### 2048-bit 857rsa_pkcs8_pbes2_pbkdf2_2048_3des.der: rsa_pkcs1_2048_clear.pem 858 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 859all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des.der 860rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem: rsa_pkcs1_2048_clear.pem 861 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 862all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem 863keys_rsa_enc_pkcs8_v2_2048_3des: rsa_pkcs8_pbes2_pbkdf2_2048_3des.der rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem 864 865rsa_pkcs8_pbes2_pbkdf2_2048_des.der: rsa_pkcs1_2048_clear.pem 866 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 867all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des.der 868rsa_pkcs8_pbes2_pbkdf2_2048_des.pem: rsa_pkcs1_2048_clear.pem 869 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 870all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des.pem 871keys_rsa_enc_pkcs8_v2_2048_des: rsa_pkcs8_pbes2_pbkdf2_2048_des.der rsa_pkcs8_pbes2_pbkdf2_2048_des.pem 872 873keys_rsa_enc_pkcs8_v2_2048: keys_rsa_enc_pkcs8_v2_2048_3des keys_rsa_enc_pkcs8_v2_2048_des 874 875### 4096-bit 876rsa_pkcs8_pbes2_pbkdf2_4096_3des.der: rsa_pkcs1_4096_clear.pem 877 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 878all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des.der 879rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem: rsa_pkcs1_4096_clear.pem 880 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 881all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem 882keys_rsa_enc_pkcs8_v2_4096_3des: rsa_pkcs8_pbes2_pbkdf2_4096_3des.der rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem 883 884rsa_pkcs8_pbes2_pbkdf2_4096_des.der: rsa_pkcs1_4096_clear.pem 885 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 886all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des.der 887rsa_pkcs8_pbes2_pbkdf2_4096_des.pem: rsa_pkcs1_4096_clear.pem 888 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 889all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des.pem 890keys_rsa_enc_pkcs8_v2_4096_des: rsa_pkcs8_pbes2_pbkdf2_4096_des.der rsa_pkcs8_pbes2_pbkdf2_4096_des.pem 891 892keys_rsa_enc_pkcs8_v2_4096: keys_rsa_enc_pkcs8_v2_4096_3des keys_rsa_enc_pkcs8_v2_4096_des 893 894### 895### PKCS8-v2 encoded, encrypted RSA keys, PRF hmacWithSHA224 896### 897 898### 1024-bit 899rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der: rsa_pkcs1_1024_clear.pem 900 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 901all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der 902rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem: rsa_pkcs1_1024_clear.pem 903 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 904all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem 905keys_rsa_enc_pkcs8_v2_1024_3des_sha224: rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem 906 907rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der: rsa_pkcs1_1024_clear.pem 908 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 909all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der 910rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem: rsa_pkcs1_1024_clear.pem 911 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 912all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem 913keys_rsa_enc_pkcs8_v2_1024_des_sha224: rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem 914 915keys_rsa_enc_pkcs8_v2_1024_sha224: keys_rsa_enc_pkcs8_v2_1024_3des_sha224 keys_rsa_enc_pkcs8_v2_1024_des_sha224 916 917### 2048-bit 918rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der: rsa_pkcs1_2048_clear.pem 919 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 920all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der 921rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem: rsa_pkcs1_2048_clear.pem 922 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 923all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem 924keys_rsa_enc_pkcs8_v2_2048_3des_sha224: rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem 925 926rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der: rsa_pkcs1_2048_clear.pem 927 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 928all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der 929rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem: rsa_pkcs1_2048_clear.pem 930 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 931all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem 932keys_rsa_enc_pkcs8_v2_2048_des_sha224: rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem 933 934keys_rsa_enc_pkcs8_v2_2048_sha224: keys_rsa_enc_pkcs8_v2_2048_3des_sha224 keys_rsa_enc_pkcs8_v2_2048_des_sha224 935 936### 4096-bit 937rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der: rsa_pkcs1_4096_clear.pem 938 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 939all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der 940rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem: rsa_pkcs1_4096_clear.pem 941 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 942all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem 943keys_rsa_enc_pkcs8_v2_4096_3des_sha224: rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem 944 945rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der: rsa_pkcs1_4096_clear.pem 946 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 947all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der 948rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem: rsa_pkcs1_4096_clear.pem 949 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 950all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem 951keys_rsa_enc_pkcs8_v2_4096_des_sha224: rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem 952 953keys_rsa_enc_pkcs8_v2_4096_sha224: keys_rsa_enc_pkcs8_v2_4096_3des_sha224 keys_rsa_enc_pkcs8_v2_4096_des_sha224 954 955### 956### PKCS8-v2 encoded, encrypted RSA keys, PRF hmacWithSHA256 957### 958 959### 1024-bit 960rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.der: rsa_pkcs1_1024_clear.pem 961 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 962all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.der 963rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.pem: rsa_pkcs1_1024_clear.pem 964 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 965all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.pem 966keys_rsa_enc_pkcs8_v2_1024_3des_sha256: rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.der rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.pem 967 968rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.der: rsa_pkcs1_1024_clear.pem 969 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 970all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.der 971rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.pem: rsa_pkcs1_1024_clear.pem 972 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 973all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.pem 974keys_rsa_enc_pkcs8_v2_1024_des_sha256: rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.der rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.pem 975 976keys_rsa_enc_pkcs8_v2_1024_sha256: keys_rsa_enc_pkcs8_v2_1024_3des_sha256 keys_rsa_enc_pkcs8_v2_1024_des_sha256 977 978### 2048-bit 979rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.der: rsa_pkcs1_2048_clear.pem 980 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 981all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.der 982rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem: rsa_pkcs1_2048_clear.pem 983 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 984all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem 985keys_rsa_enc_pkcs8_v2_2048_3des_sha256: rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.der rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem 986 987rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.der: rsa_pkcs1_2048_clear.pem 988 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 989all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.der 990rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem: rsa_pkcs1_2048_clear.pem 991 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 992all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem 993keys_rsa_enc_pkcs8_v2_2048_des_sha256: rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.der rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem 994 995keys_rsa_enc_pkcs8_v2_2048_sha256: keys_rsa_enc_pkcs8_v2_2048_3des_sha256 keys_rsa_enc_pkcs8_v2_2048_des_sha256 996 997### 4096-bit 998rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der: rsa_pkcs1_4096_clear.pem 999 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1000all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der 1001rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem: rsa_pkcs1_4096_clear.pem 1002 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1003all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem 1004keys_rsa_enc_pkcs8_v2_4096_3des_sha256: rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem 1005 1006rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der: rsa_pkcs1_4096_clear.pem 1007 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1008all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der 1009rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem: rsa_pkcs1_4096_clear.pem 1010 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1011all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem 1012keys_rsa_enc_pkcs8_v2_4096_des_sha256: rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem 1013 1014keys_rsa_enc_pkcs8_v2_4096_sha256: keys_rsa_enc_pkcs8_v2_4096_3des_sha256 keys_rsa_enc_pkcs8_v2_4096_des_sha256 1015 1016### 1017### PKCS8-v2 encoded, encrypted RSA keys, PRF hmacWithSHA384 1018### 1019 1020### 1024-bit 1021rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.der: rsa_pkcs1_1024_clear.pem 1022 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1023all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.der 1024rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem: rsa_pkcs1_1024_clear.pem 1025 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1026all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem 1027keys_rsa_enc_pkcs8_v2_1024_3des_sha384: rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.der rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem 1028 1029rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.der: rsa_pkcs1_1024_clear.pem 1030 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1031all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.der 1032rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.pem: rsa_pkcs1_1024_clear.pem 1033 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1034all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.pem 1035keys_rsa_enc_pkcs8_v2_1024_des_sha384: rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.der rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.pem 1036 1037keys_rsa_enc_pkcs8_v2_1024_sha384: keys_rsa_enc_pkcs8_v2_1024_3des_sha384 keys_rsa_enc_pkcs8_v2_1024_des_sha384 1038 1039### 2048-bit 1040rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der: rsa_pkcs1_2048_clear.pem 1041 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1042all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der 1043rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem: rsa_pkcs1_2048_clear.pem 1044 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1045all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem 1046keys_rsa_enc_pkcs8_v2_2048_3des_sha384: rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem 1047 1048rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der: rsa_pkcs1_2048_clear.pem 1049 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1050all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der 1051rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem: rsa_pkcs1_2048_clear.pem 1052 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1053all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem 1054keys_rsa_enc_pkcs8_v2_2048_des_sha384: rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem 1055 1056keys_rsa_enc_pkcs8_v2_2048_sha384: keys_rsa_enc_pkcs8_v2_2048_3des_sha384 keys_rsa_enc_pkcs8_v2_2048_des_sha384 1057 1058### 4096-bit 1059rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der: rsa_pkcs1_4096_clear.pem 1060 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1061all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der 1062rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem: rsa_pkcs1_4096_clear.pem 1063 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1064all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem 1065keys_rsa_enc_pkcs8_v2_4096_3des_sha384: rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem 1066 1067rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der: rsa_pkcs1_4096_clear.pem 1068 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1069all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der 1070rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem: rsa_pkcs1_4096_clear.pem 1071 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1072all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem 1073keys_rsa_enc_pkcs8_v2_4096_des_sha384: rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem 1074 1075keys_rsa_enc_pkcs8_v2_4096_sha384: keys_rsa_enc_pkcs8_v2_4096_3des_sha384 keys_rsa_enc_pkcs8_v2_4096_des_sha384 1076 1077### 1078### PKCS8-v2 encoded, encrypted RSA keys, PRF hmacWithSHA512 1079### 1080 1081### 1024-bit 1082rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.der: rsa_pkcs1_1024_clear.pem 1083 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1084all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.der 1085rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.pem: rsa_pkcs1_1024_clear.pem 1086 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1087all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.pem 1088keys_rsa_enc_pkcs8_v2_1024_3des_sha512: rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.der rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.pem 1089 1090rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.der: rsa_pkcs1_1024_clear.pem 1091 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1092all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.der 1093rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.pem: rsa_pkcs1_1024_clear.pem 1094 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1095all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.pem 1096keys_rsa_enc_pkcs8_v2_1024_des_sha512: rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.der rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.pem 1097 1098keys_rsa_enc_pkcs8_v2_1024_sha512: keys_rsa_enc_pkcs8_v2_1024_3des_sha512 keys_rsa_enc_pkcs8_v2_1024_des_sha512 1099 1100### 2048-bit 1101rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.der: rsa_pkcs1_2048_clear.pem 1102 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1103all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.der 1104rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem: rsa_pkcs1_2048_clear.pem 1105 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1106all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem 1107keys_rsa_enc_pkcs8_v2_2048_3des_sha512: rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.der rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem 1108 1109rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.der: rsa_pkcs1_2048_clear.pem 1110 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1111all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.der 1112rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem: rsa_pkcs1_2048_clear.pem 1113 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1114all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem 1115keys_rsa_enc_pkcs8_v2_2048_des_sha512: rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.der rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem 1116 1117keys_rsa_enc_pkcs8_v2_2048_sha512: keys_rsa_enc_pkcs8_v2_2048_3des_sha512 keys_rsa_enc_pkcs8_v2_2048_des_sha512 1118 1119### 4096-bit 1120rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der: rsa_pkcs1_4096_clear.pem 1121 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1122all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der 1123rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem: rsa_pkcs1_4096_clear.pem 1124 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1125all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem 1126keys_rsa_enc_pkcs8_v2_4096_3des_sha512: rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem 1127 1128rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der: rsa_pkcs1_4096_clear.pem 1129 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1130all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der 1131rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem: rsa_pkcs1_4096_clear.pem 1132 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1133all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem 1134keys_rsa_enc_pkcs8_v2_4096_des_sha512: rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem 1135 1136keys_rsa_enc_pkcs8_v2_4096_sha512: keys_rsa_enc_pkcs8_v2_4096_3des_sha512 keys_rsa_enc_pkcs8_v2_4096_des_sha512 1137 1138### 1139### Rules to generate all RSA keys from a particular class 1140### 1141 1142### Generate basic unencrypted RSA keys 1143keys_rsa_unenc: rsa_pkcs1_1024_clear.pem rsa_pkcs1_2048_clear.pem rsa_pkcs1_4096_clear.pem 1144 1145### Generate PKCS1-encoded encrypted RSA keys 1146keys_rsa_enc_basic: keys_rsa_enc_basic_1024 keys_rsa_enc_basic_2048 keys_rsa_enc_basic_4096 1147 1148### Generate PKCS8-v1 encrypted RSA keys 1149keys_rsa_enc_pkcs8_v1: keys_rsa_enc_pkcs8_v1_1024 keys_rsa_enc_pkcs8_v1_2048 keys_rsa_enc_pkcs8_v1_4096 1150 1151### Generate PKCS8-v2 encrypted RSA keys 1152keys_rsa_enc_pkcs8_v2: keys_rsa_enc_pkcs8_v2_1024 keys_rsa_enc_pkcs8_v2_2048 keys_rsa_enc_pkcs8_v2_4096 keys_rsa_enc_pkcs8_v2_1024_sha224 keys_rsa_enc_pkcs8_v2_2048_sha224 keys_rsa_enc_pkcs8_v2_4096_sha224 keys_rsa_enc_pkcs8_v2_1024_sha256 keys_rsa_enc_pkcs8_v2_2048_sha256 keys_rsa_enc_pkcs8_v2_4096_sha256 keys_rsa_enc_pkcs8_v2_1024_sha384 keys_rsa_enc_pkcs8_v2_2048_sha384 keys_rsa_enc_pkcs8_v2_4096_sha384 keys_rsa_enc_pkcs8_v2_1024_sha512 keys_rsa_enc_pkcs8_v2_2048_sha512 keys_rsa_enc_pkcs8_v2_4096_sha512 1153 1154### Generate all RSA keys 1155keys_rsa_all: keys_rsa_unenc keys_rsa_enc_basic keys_rsa_enc_pkcs8_v1 keys_rsa_enc_pkcs8_v2 1156 1157################################################################ 1158#### Generate various EC keys 1159################################################################ 1160 1161### 1162### PKCS8 encoded 1163### 1164 1165ec_prv.pk8.der: 1166 $(OPENSSL) genpkey -algorithm EC -pkeyopt ec_paramgen_curve:prime192v1 -pkeyopt ec_param_enc:named_curve -out $@ -outform DER 1167all_final += ec_prv.pk8.der 1168 1169# ### Instructions for creating `ec_prv.pk8nopub.der`, 1170# ### `ec_prv.pk8nopubparam.der`, and `ec_prv.pk8param.der` by hand from 1171# ### `ec_prv.pk8.der`. 1172# 1173# These instructions assume you are familiar with ASN.1 DER encoding and can 1174# use a hex editor to manipulate DER. 1175# 1176# The relevant ASN.1 definitions for a PKCS#8 encoded Elliptic Curve key are: 1177# 1178# PrivateKeyInfo ::= SEQUENCE { 1179# version Version, 1180# privateKeyAlgorithm PrivateKeyAlgorithmIdentifier, 1181# privateKey PrivateKey, 1182# attributes [0] IMPLICIT Attributes OPTIONAL 1183# } 1184# 1185# AlgorithmIdentifier ::= SEQUENCE { 1186# algorithm OBJECT IDENTIFIER, 1187# parameters ANY DEFINED BY algorithm OPTIONAL 1188# } 1189# 1190# ECParameters ::= CHOICE { 1191# namedCurve OBJECT IDENTIFIER 1192# -- implicitCurve NULL 1193# -- specifiedCurve SpecifiedECDomain 1194# } 1195# 1196# ECPrivateKey ::= SEQUENCE { 1197# version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1), 1198# privateKey OCTET STRING, 1199# parameters [0] ECParameters {{ NamedCurve }} OPTIONAL, 1200# publicKey [1] BIT STRING OPTIONAL 1201# } 1202# 1203# `ec_prv.pk8.der` as generatde above by OpenSSL should have the following 1204# fields: 1205# 1206# * privateKeyAlgorithm namedCurve 1207# * privateKey.parameters NOT PRESENT 1208# * privateKey.publicKey PRESENT 1209# * attributes NOT PRESENT 1210# 1211# # ec_prv.pk8nopub.der 1212# 1213# Take `ec_prv.pk8.der` and remove `privateKey.publicKey`. 1214# 1215# # ec_prv.pk8nopubparam.der 1216# 1217# Take `ec_prv.pk8nopub.der` and add `privateKey.parameters`, the same value as 1218# `privateKeyAlgorithm.namedCurve`. Don't forget to add the explicit tag. 1219# 1220# # ec_prv.pk8param.der 1221# 1222# Take `ec_prv.pk8.der` and add `privateKey.parameters`, the same value as 1223# `privateKeyAlgorithm.namedCurve`. Don't forget to add the explicit tag. 1224 1225ec_prv.pk8.pem: ec_prv.pk8.der 1226 $(OPENSSL) pkey -in $< -inform DER -out $@ 1227all_final += ec_prv.pk8.pem 1228ec_prv.pk8nopub.pem: ec_prv.pk8nopub.der 1229 $(OPENSSL) pkey -in $< -inform DER -out $@ 1230all_final += ec_prv.pk8nopub.pem 1231ec_prv.pk8nopubparam.pem: ec_prv.pk8nopubparam.der 1232 $(OPENSSL) pkey -in $< -inform DER -out $@ 1233all_final += ec_prv.pk8nopubparam.pem 1234ec_prv.pk8param.pem: ec_prv.pk8param.der 1235 $(OPENSSL) pkey -in $< -inform DER -out $@ 1236all_final += ec_prv.pk8param.pem 1237 1238ec_pub.pem: ec_prv.sec1.der 1239 $(OPENSSL) pkey -in $< -inform DER -outform PEM -pubout -out $@ 1240all_final += ec_pub.pem 1241 1242ec_prv.sec1.comp.pem: ec_prv.sec1.pem 1243 $(OPENSSL) ec -in $< -out $@ -conv_form compressed 1244all_final += ec_prv.sec1.comp.pem 1245 1246ec_224_prv.comp.pem: ec_224_prv.pem 1247 $(OPENSSL) ec -in $< -out $@ -conv_form compressed 1248all_final += ec_224_prv.comp.pem 1249 1250ec_256_prv.comp.pem: ec_256_prv.pem 1251 $(OPENSSL) ec -in $< -out $@ -conv_form compressed 1252all_final += ec_256_prv.comp.pem 1253 1254ec_384_prv.comp.pem: ec_384_prv.pem 1255 $(OPENSSL) ec -in $< -out $@ -conv_form compressed 1256all_final += ec_384_prv.comp.pem 1257 1258ec_521_prv.comp.pem: ec_521_prv.pem 1259 $(OPENSSL) ec -in $< -out $@ -conv_form compressed 1260all_final += ec_521_prv.comp.pem 1261 1262ec_bp256_prv.comp.pem: ec_bp256_prv.pem 1263 $(OPENSSL) ec -in $< -out $@ -conv_form compressed 1264all_final += ec_bp256_prv.comp.pem 1265 1266ec_bp384_prv.comp.pem: ec_bp384_prv.pem 1267 $(OPENSSL) ec -in $< -out $@ -conv_form compressed 1268all_final += ec_bp384_prv.comp.pem 1269 1270ec_bp512_prv.comp.pem: ec_bp512_prv.pem 1271 $(OPENSSL) ec -in $< -out $@ -conv_form compressed 1272all_final += ec_bp512_prv.comp.pem 1273 1274ec_pub.comp.pem: ec_pub.pem 1275 $(OPENSSL) ec -pubin -in $< -out $@ -conv_form compressed 1276all_final += ec_pub.comp.pem 1277 1278ec_224_pub.comp.pem: ec_224_pub.pem 1279 $(OPENSSL) ec -pubin -in $< -out $@ -conv_form compressed 1280all_final += ec_224_pub.comp.pem 1281 1282ec_256_pub.comp.pem: ec_256_pub.pem 1283 $(OPENSSL) ec -pubin -in $< -out $@ -conv_form compressed 1284all_final += ec_256_pub.comp.pem 1285 1286ec_384_pub.comp.pem: ec_384_pub.pem 1287 $(OPENSSL) ec -pubin -in $< -out $@ -conv_form compressed 1288all_final += ec_384_pub.comp.pem 1289 1290ec_521_pub.comp.pem: ec_521_pub.pem 1291 $(OPENSSL) ec -pubin -in $< -out $@ -conv_form compressed 1292all_final += ec_521_pub.comp.pem 1293 1294ec_bp256_pub.comp.pem: ec_bp256_pub.pem 1295 $(OPENSSL) ec -pubin -in $< -out $@ -conv_form compressed 1296all_final += ec_bp256_pub.comp.pem 1297 1298ec_bp384_pub.comp.pem: ec_bp384_pub.pem 1299 $(OPENSSL) ec -pubin -in $< -out $@ -conv_form compressed 1300all_final += ec_bp384_pub.comp.pem 1301 1302ec_bp512_pub.comp.pem: ec_bp512_pub.pem 1303 $(OPENSSL) ec -pubin -in $< -out $@ -conv_form compressed 1304all_final += ec_bp512_pub.comp.pem 1305 1306ec_x25519_prv.der: 1307 $(OPENSSL) genpkey -algorithm X25519 -out $@ -outform DER 1308all_final += ec_x25519_prv.der 1309 1310ec_x25519_pub.der: ec_x25519_prv.der 1311 $(OPENSSL) pkey -in $< -inform DER -out $@ -outform DER -pubout 1312all_final += ec_x25519_pub.der 1313 1314ec_x25519_prv.pem: ec_x25519_prv.der 1315 $(OPENSSL) pkey -in $< -inform DER -out $@ 1316all_final += ec_x25519_prv.pem 1317 1318ec_x25519_pub.pem: ec_x25519_prv.der 1319 $(OPENSSL) pkey -in $< -inform DER -out $@ -pubout 1320all_final += ec_x25519_pub.pem 1321 1322ec_x448_prv.der: 1323 $(OPENSSL) genpkey -algorithm X448 -out $@ -outform DER 1324all_final += ec_x448_prv.der 1325 1326ec_x448_pub.der: ec_x448_prv.der 1327 $(OPENSSL) pkey -in $< -inform DER -out $@ -outform DER -pubout 1328all_final += ec_x448_pub.der 1329 1330ec_x448_prv.pem: ec_x448_prv.der 1331 $(OPENSSL) pkey -in $< -inform DER -out $@ 1332all_final += ec_x448_prv.pem 1333 1334ec_x448_pub.pem: ec_x448_prv.der 1335 $(OPENSSL) pkey -in $< -inform DER -out $@ -pubout 1336all_final += ec_x448_pub.pem 1337 1338################################################################ 1339#### Convert PEM keys to DER format 1340################################################################ 1341server1.pubkey.der: server1.pubkey 1342 $(OPENSSL) pkey -pubin -in $< -out $@ -outform DER 1343all_final += server1.pubkey.der 1344 1345rsa4096_pub.der: rsa4096_pub.pem 1346 $(OPENSSL) pkey -pubin -in $< -out $@ -outform DER 1347all_final += rsa4096_pub.der 1348 1349ec_pub.der: ec_pub.pem 1350 $(OPENSSL) pkey -pubin -in $< -out $@ -outform DER 1351all_final += ec_pub.der 1352 1353ec_521_pub.der: ec_521_pub.pem 1354 $(OPENSSL) pkey -pubin -in $< -out $@ -outform DER 1355all_final += ec_521_pub.der 1356 1357ec_bp512_pub.der: ec_bp512_pub.pem 1358 $(OPENSSL) pkey -pubin -in $< -out $@ -outform DER 1359all_final += ec_bp512_pub.der 1360 1361server1.key.der: server1.key 1362 $(OPENSSL) pkey -in $< -out $@ -outform DER 1363all_final += server1.key.der 1364 1365rsa4096_prv.der: rsa4096_prv.pem 1366 $(OPENSSL) pkey -in $< -out $@ -outform DER 1367all_final += rsa4096_prv.der 1368 1369ec_prv.sec1.der: ec_prv.sec1.pem 1370 $(OPENSSL) pkey -in $< -out $@ -outform DER 1371all_final += ec_prv.sec1.der 1372 1373ec_256_long_prv.der: ec_256_long_prv.pem 1374 $(OPENSSL) pkey -in $< -out $@ -outform DER 1375all_final += ec_256_long_prv.der 1376 1377ec_521_prv.der: ec_521_prv.pem 1378 $(OPENSSL) pkey -in $< -out $@ -outform DER 1379all_final += ec_521_prv.der 1380 1381ec_521_short_prv.der: ec_521_short_prv.pem 1382 $(OPENSSL) pkey -in $< -out $@ -outform DER 1383all_final += ec_521_short_prv.der 1384 1385ec_bp512_prv.der: ec_bp512_prv.pem 1386 $(OPENSSL) pkey -in $< -out $@ -outform DER 1387all_final += ec_bp512_prv.der 1388 1389################################################################ 1390### Generate CSRs for X.509 write test suite 1391################################################################ 1392 1393parse_input/server1.req.sha1 server1.req.sha1: server1.key 1394 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 1395all_final += server1.req.sha1 1396 1397parse_input/server1.req.md5 server1.req.md5: server1.key 1398 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=MD5 1399all_final += server1.req.md5 1400 1401parse_input/server1.req.sha224 server1.req.sha224: server1.key 1402 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA224 1403all_final += server1.req.sha224 1404 1405parse_input/server1.req.sha256 server1.req.sha256: server1.key 1406 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA256 1407all_final += server1.req.sha256 1408 1409server1.req.sha256.ext: server1.key 1410 # Generating this with OpenSSL as a comparison point to test we're getting the same result 1411 openssl req -new -out $@ -key $< -subj '/C=NL/O=PolarSSL/CN=PolarSSL Server 1' -sha256 -config server1.req.sha256.conf 1412 1413parse_input/server1.req.sha384 server1.req.sha384: server1.key 1414 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA384 1415all_final += server1.req.sha384 1416 1417parse_input/server1.req.sha512 server1.req.sha512: server1.key 1418 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA512 1419all_final += server1.req.sha512 1420 1421server1.req.cert_type: server1.key 1422 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< ns_cert_type=ssl_server subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 1423all_final += server1.req.cert_type 1424 1425server1.req.key_usage: server1.key 1426 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< key_usage=digital_signature,non_repudiation,key_encipherment subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 1427all_final += server1.req.key_usage 1428 1429server1.req.ku-ct: server1.key 1430 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< key_usage=digital_signature,non_repudiation,key_encipherment ns_cert_type=ssl_server subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 1431all_final += server1.req.ku-ct 1432 1433server1.req.key_usage_empty: server1.key 1434 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 force_key_usage=1 1435all_final += server1.req.key_usage_empty 1436 1437server1.req.cert_type_empty: server1.key 1438 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 force_ns_cert_type=1 1439all_final += server1.req.cert_type_empty 1440 1441parse_input/server1.req.commas.sha256: server1.key 1442 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL\, Commas,CN=PolarSSL Server 1" md=SHA256 1443 1444parse_input/server1.req.hashsymbol.sha256: server1.key 1445 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=\#PolarSSL,CN=PolarSSL Server 1" md=SHA256 1446 1447parse_input/server1.req.spaces.sha256: server1.key 1448 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O= PolarSSL ,CN=PolarSSL Server 1" md=SHA256 1449 1450parse_input/server1.req.asciichars.sha256: server1.key 1451 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=极地SSL,CN=PolarSSL Server 1" md=SHA256 1452# server2* 1453 1454server2_pwd_ec = PolarSSLTest 1455 1456server2.req.sha256: server2.key 1457 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=localhost" md=SHA256 1458all_intermediate += server2.req.sha256 1459 1460parse_input/server2.crt.der: parse_input/server2.crt 1461server2.crt.der: server2.crt 1462parse_input/server2.crt.der server2.crt.der: 1463 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 1464all_final += server2.crt.der 1465 1466server2-sha256.crt.der: server2-sha256.crt 1467 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 1468all_final += server2-sha256.crt.der 1469 1470server2.key.der: server2.key 1471 $(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER 1472all_final += server2.key.der 1473 1474server2.key.enc: server2.key 1475 $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(server2_pwd_ec)" 1476all_final += server2.key.enc 1477 1478# server5* 1479 1480server5.csr: server5.key 1481 $(OPENSSL) req -new -subj "/C=NL/O=PolarSSL/CN=localhost" \ 1482 -key $< -out $@ 1483all_intermediate += server5.csr 1484parse_input/server5.crt server5.crt: server5-sha256.crt 1485 cp $< $@ 1486all_intermediate += server5-sha256.crt 1487server5-sha%.crt: server5.csr $(test_ca_crt_file_ec) $(test_ca_key_file_ec) server5.crt.openssl.v3_ext 1488 $(OPENSSL) x509 -req -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) \ 1489 -extfile server5.crt.openssl.v3_ext -set_serial 9 -days 3650 \ 1490 -sha$(@F:server5-sha%.crt=%) -in $< -out $@ 1491all_final += server5.crt server5-sha1.crt server5-sha224.crt server5-sha384.crt server5-sha512.crt 1492 1493server5-badsign.crt: server5.crt 1494 { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; } > $@ 1495all_final += server5-badsign.crt 1496 1497# The use of 'Server 1' in the DN is intentional here, as the DN is hardcoded in the x509_write test suite.' 1498server5.req.ku.sha1: server5.key 1499 $(OPENSSL) req -key $< -out $@ -new -nodes -subj "/C=NL/O=PolarSSL/CN=PolarSSL Server 1" -sha1 -addext keyUsage=digitalSignature,nonRepudiation 1500all_final += server5.req.ku.sha1 1501 1502server5.ku-ds.crt: SERVER5_CRT_SERIAL=45 1503server5.ku-ds.crt: SERVER5_KEY_USAGE=digital_signature 1504server5.ku-ka.crt: SERVER5_CRT_SERIAL=46 1505server5.ku-ka.crt: SERVER5_KEY_USAGE=key_agreement 1506server5.ku-ke.crt: SERVER5_CRT_SERIAL=47 1507server5.ku-ke.crt: SERVER5_KEY_USAGE=key_encipherment 1508server5.eku-cs.crt: SERVER5_CRT_SERIAL=58 1509server5.eku-cs.crt: SERVER5_EXT_KEY_USAGE=codeSigning 1510server5.eku-cs_any.crt: SERVER5_CRT_SERIAL=59 1511server5.eku-cs_any.crt: SERVER5_EXT_KEY_USAGE=codeSigning,any 1512server5.eku-cli.crt: SERVER5_CRT_SERIAL=60 1513server5.eku-cli.crt: SERVER5_EXT_KEY_USAGE=clientAuth 1514server5.eku-srv_cli.crt: SERVER5_CRT_SERIAL=61 1515server5.eku-srv_cli.crt: SERVER5_EXT_KEY_USAGE=serverAuth,clientAuth 1516server5.eku-srv.crt: SERVER5_CRT_SERIAL=62 1517server5.eku-srv.crt: SERVER5_EXT_KEY_USAGE=serverAuth 1518server5.ku-%.crt: SERVER5_EXT_OPTS=key_usage=$(SERVER5_KEY_USAGE) 1519server5.eku-%.crt: SERVER5_EXT_OPTS=ext_key_usage=$(SERVER5_EXT_KEY_USAGE) 1520server5.%.crt: server5.key 1521 $(MBEDTLS_CERT_WRITE) \ 1522 subject_key=$< subject_name="C=NL,O=PolarSSL,CN=localhost" serial=$(SERVER5_CRT_SERIAL) \ 1523 issuer_crt=$(test_ca_crt_file_ec) issuer_key=$(test_ca_key_file_ec) $(SERVER5_EXT_OPTS) \ 1524 not_before=20190210144406 not_after=20290210144406 md=SHA256 version=3 output_file=$@ 1525all_final += server5.ku-ka.crt server5.ku-ke.crt server5.ku-ds.crt 1526all_final += server5.eku-cs.crt server5.eku-cs_any.crt server5.eku-cli.crt server5.eku-srv_cli.crt server5.eku-srv.crt 1527 1528# server6* 1529 1530server6.csr: server6.key 1531 $(OPENSSL) req -new -subj "/C=NL/O=PolarSSL/CN=localhost" \ 1532 -key $< -out $@ 1533all_intermediate += server6.csr 1534server6.crt: server6.csr $(test_ca_crt_file_ec) $(test_ca_key_file_ec) 1535 $(OPENSSL) x509 -req -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) \ 1536 -extfile server5.crt.openssl.v3_ext -set_serial 10 -days 3650 -sha256 -in $< -out $@ 1537all_final += server6.crt 1538 1539server6-ss-child.csr : server6.key 1540 $(OPENSSL) req -new -subj "/CN=selfsigned-child/OU=testing/O=PolarSSL/C=NL" \ 1541 -key $< -out $@ 1542all_intermediate += server6-ss-child.csr 1543server6-ss-child.crt: server6-ss-child.csr server5-selfsigned.crt server5.key server6-ss-child.crt.openssl.v3_ext 1544 $(OPENSSL) x509 -req -CA server5-selfsigned.crt -CAkey server5.key \ 1545 -extfile server6-ss-child.crt.openssl.v3_ext \ 1546 -set_serial 0x53a2cb5822399474a7ec79ec \ 1547 -days 3650 -sha256 -in $< -out $@ 1548all_final += server6-ss-child.crt 1549 1550 1551################################################################ 1552### Generate certificates for CRT write check tests 1553################################################################ 1554 1555### The test files use the Mbed TLS generated certificates server1*.crt, 1556### but for comparison with OpenSSL also rules for OpenSSL-generated 1557### certificates server1*.crt.openssl are offered. 1558### 1559### Known differences: 1560### * OpenSSL encodes trailing zero-bits in bit-strings occurring in X.509 extension 1561### as unused bits, while Mbed TLS doesn't. 1562 1563test_ca_server1_db = test-ca.server1.db 1564test_ca_server1_serial = test-ca.server1.serial 1565test_ca_server1_config_file = test-ca.server1.opensslconf 1566 1567# server1* 1568 1569parse_input/server1.crt: parse_input/server1.req.sha256 1570server1.crt: server1.req.sha256 1571parse_input/server1.crt server1.crt: $(test_ca_crt) $(test_ca_key_file_rsa) 1572parse_input/server1.crt server1.crt: 1573 $(MBEDTLS_CERT_WRITE) request_file=$(@D)/server1.req.sha256 \ 1574 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) \ 1575 issuer_pwd=$(test_ca_pwd_rsa) version=1 \ 1576 not_before=20190210144406 not_after=20290210144406 \ 1577 md=SHA1 version=3 output_file=$@ 1578server1.allSubjectAltNames.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 1579 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ san=URI:http://pki.example.com\;IP:1.2.3.4\;DN:C=UK,O="Mbed TLS",CN="SubjectAltName test"\;DNS:example.com\;RFC822:mail@example.com 1580server1.long_serial.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 1581 echo "112233445566778899aabbccddeeff0011223344" > test-ca.server1.tmp.serial 1582 $(OPENSSL) ca -in server1.req.sha256 -key PolarSSLTest -config test-ca.server1.test_serial.opensslconf -notext -batch -out $@ 1583server1.80serial.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 1584 echo "8011223344" > test-ca.server1.tmp.serial 1585 $(OPENSSL) ca -in server1.req.sha256 -key PolarSSLTest -config test-ca.server1.test_serial.opensslconf -notext -batch -out $@ 1586server1.long_serial_FF.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 1587 echo "ffffffffffffffffffffffffffffffff" > test-ca.server1.tmp.serial 1588 $(OPENSSL) ca -in server1.req.sha256 -key PolarSSLTest -config test-ca.server1.test_serial.opensslconf -notext -batch -out $@ 1589server1.noauthid.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 1590 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 authority_identifier=0 version=3 output_file=$@ 1591parse_input/server1.crt.der: parse_input/server1.crt 1592 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 \ 1593 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) \ 1594 issuer_pwd=$(test_ca_pwd_rsa) \ 1595 not_before=20190210144406 not_after=20290210144406 \ 1596 md=SHA1 authority_identifier=0 version=3 output_file=$@ 1597server1.der: server1.crt 1598 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 1599server1.commas.crt: server1.key parse_input/server1.req.commas.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 1600 $(MBEDTLS_CERT_WRITE) request_file=parse_input/server1.req.commas.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ 1601server1.hashsymbol.crt: server1.key parse_input/server1.req.hashsymbol.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 1602 $(MBEDTLS_CERT_WRITE) request_file=parse_input/server1.req.hashsymbol.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ 1603server1.spaces.crt: server1.key parse_input/server1.req.spaces.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 1604 $(MBEDTLS_CERT_WRITE) request_file=parse_input/server1.req.spaces.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ 1605server1.asciichars.crt: server1.key parse_input/server1.req.asciichars.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 1606 $(MBEDTLS_CERT_WRITE) request_file=parse_input/server1.req.asciichars.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ 1607all_final += server1.crt server1.noauthid.crt parse_input/server1.crt.der server1.commas.crt server1.hashsymbol.crt server1.spaces.crt server1.asciichars.crt 1608 1609parse_input/server1.key_usage.crt: parse_input/server1.req.sha256 1610server1.key_usage.crt: server1.req.sha256 1611parse_input/server1.key_usage.crt server1.key_usage.crt: $(test_ca_crt) $(test_ca_key_file_rsa) 1612parse_input/server1.key_usage.crt server1.key_usage.crt: 1613 $(MBEDTLS_CERT_WRITE) request_file=$(@D)/server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 key_usage=digital_signature,non_repudiation,key_encipherment version=3 output_file=$@ 1614server1.key_usage_noauthid.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 1615 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 key_usage=digital_signature,non_repudiation,key_encipherment authority_identifier=0 version=3 output_file=$@ 1616server1.key_usage.der: server1.key_usage.crt 1617 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 1618all_final += server1.key_usage.crt server1.key_usage_noauthid.crt server1.key_usage.der 1619 1620parse_input/server1.cert_type.crt: parse_input/server1.req.sha256 1621server1.cert_type.crt: server1.req.sha256 1622parse_input/server1.cert_type.crt server1.cert_type.crt: $(test_ca_crt) $(test_ca_key_file_rsa) 1623parse_input/server1.cert_type.crt server1.cert_type.crt: 1624 $(MBEDTLS_CERT_WRITE) request_file=$(@D)/server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 ns_cert_type=ssl_server version=3 output_file=$@ 1625server1.cert_type_noauthid.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 1626 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 ns_cert_type=ssl_server authority_identifier=0 version=3 output_file=$@ 1627server1.cert_type.der: server1.cert_type.crt 1628 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 1629all_final += server1.cert_type.crt server1.cert_type_noauthid.crt server1.cert_type.der 1630 1631server1.v1.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 1632 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 version=1 output_file=$@ 1633server1.v1.der: server1.v1.crt 1634 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 1635all_final += server1.v1.crt server1.v1.der 1636 1637server1.ca.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 1638 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 is_ca=1 version=3 output_file=$@ 1639server1.ca_noauthid.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 1640 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 authority_identifier=0 is_ca=1 version=3 output_file=$@ 1641server1.ca.der: server1.ca.crt 1642 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 1643all_final += server1.ca.crt server1.ca_noauthid.crt server1.ca.der 1644 1645server1-nospace.crt: server1.key test-ca.crt 1646 $(MBEDTLS_CERT_WRITE) subject_key=$< serial=31\ 1647 subject_name="C=NL,O=PolarSSL,CN=polarssl.example" \ 1648 issuer_crt=test-ca.crt issuer_key=$(test_ca_key_file_rsa) \ 1649 issuer_pwd=$(test_ca_pwd_rsa) \ 1650 not_before=20190210144406 not_after=20290210144406 \ 1651 md=SHA256 version=3 authority_identifier=1 \ 1652 output_file=$@ 1653all_final += server1-nospace.crt 1654 1655server1_ca.crt: server1.crt $(test_ca_crt) 1656 cat server1.crt $(test_ca_crt) > $@ 1657all_final += server1_ca.crt 1658 1659parse_input/cert_sha1.crt cert_sha1.crt: server1.key 1660 $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=PolarSSL Cert SHA1" serial=7 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ 1661all_final += cert_sha1.crt 1662 1663parse_input/cert_sha224.crt cert_sha224.crt: server1.key 1664 $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=PolarSSL Cert SHA224" serial=8 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA224 version=3 output_file=$@ 1665all_final += cert_sha224.crt 1666 1667parse_input/cert_sha256.crt cert_sha256.crt: server1.key 1668 $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=PolarSSL Cert SHA256" serial=9 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA256 version=3 output_file=$@ 1669all_final += cert_sha256.crt 1670 1671parse_input/cert_sha384.crt cert_sha384.crt: server1.key 1672 $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=PolarSSL Cert SHA384" serial=10 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA384 version=3 output_file=$@ 1673all_final += cert_sha384.crt 1674 1675parse_input/cert_sha512.crt cert_sha512.crt: server1.key 1676 $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=PolarSSL Cert SHA512" serial=11 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA512 version=3 output_file=$@ 1677all_final += cert_sha512.crt 1678 1679cert_example_wildcard.crt: server1.key 1680 $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=*.example.com" serial=12 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ 1681all_final += cert_example_wildcard.crt 1682 1683# OpenSSL-generated certificates for comparison 1684# Also provide certificates in DER format to allow 1685# direct binary comparison using e.g. dumpasn1 1686server1.crt.openssl server1.key_usage.crt.openssl server1.cert_type.crt.openssl: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_server1_config_file) 1687 echo "01" > $(test_ca_server1_serial) 1688 rm -f $(test_ca_server1_db) 1689 touch $(test_ca_server1_db) 1690 $(OPENSSL) ca -batch -passin "pass:$(test_ca_pwd_rsa)" -config $(test_ca_server1_config_file) -in server1.req.sha256 -extensions v3_ext -extfile $@.v3_ext -out $@ 1691server1.der.openssl: server1.crt.openssl 1692 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 1693server1.key_usage.der.openssl: server1.key_usage.crt.openssl 1694 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 1695server1.cert_type.der.openssl: server1.cert_type.crt.openssl 1696 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 1697 1698server1.v1.crt.openssl: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_server1_config_file) 1699 echo "01" > $(test_ca_server1_serial) 1700 rm -f $(test_ca_server1_db) 1701 touch $(test_ca_server1_db) 1702 $(OPENSSL) ca -batch -passin "pass:$(test_ca_pwd_rsa)" -config $(test_ca_server1_config_file) -in server1.req.sha256 -out $@ 1703server1.v1.der.openssl: server1.v1.crt.openssl 1704 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 1705 1706# To revoke certificate in the openssl database: 1707# 1708# $(OPENSSL) ca -gencrl -batch -cert $(test_ca_crt) -keyfile $(test_ca_key_file_rsa) -key $(test_ca_pwd_rsa) -config $(test_ca_server1_config_file) -md sha256 -crldays 365 -revoke server1.crt 1709 1710crl.pem: $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_config_file) 1711 $(OPENSSL) ca -gencrl -batch -cert $(test_ca_crt) -keyfile $(test_ca_key_file_rsa) -key $(test_ca_pwd_rsa) -config $(test_ca_server1_config_file) -md sha1 -crldays 3653 -out $@ 1712 1713crl-futureRevocationDate.pem: $(test_ca_crt) $(test_ca_key_file_rsa) \ 1714 $(test_ca_config_file) \ 1715 test-ca.server1.future-crl.db \ 1716 test-ca.server1.future-crl.opensslconf 1717 $(FAKETIME) -f '+10y' $(OPENSSL) ca -gencrl \ 1718 -config test-ca.server1.future-crl.opensslconf -crldays 365 \ 1719 -passin "pass:$(test_ca_pwd_rsa)" -out $@ 1720 1721server1_all: crl.pem crl-futureRevocationDate.pem server1.crt server1.noauthid.crt server1.crt.openssl server1.v1.crt server1.v1.crt.openssl server1.key_usage.crt server1.key_usage_noauthid.crt server1.key_usage.crt.openssl server1.cert_type.crt server1.cert_type_noauthid.crt server1.cert_type.crt.openssl server1.der server1.der.openssl server1.v1.der server1.v1.der.openssl server1.key_usage.der server1.key_usage.der.openssl server1.cert_type.der server1.cert_type.der.openssl 1722 1723# server2* 1724 1725parse_input/server2.crt server2.crt: server2.req.sha256 1726 $(MBEDTLS_CERT_WRITE) request_file=server2.req.sha256 serial=2 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ 1727all_final += server2.crt 1728 1729server2.der: server2.crt 1730 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 1731all_final += server2.crt server2.der 1732 1733server2-sha256.crt: server2.req.sha256 1734 $(MBEDTLS_CERT_WRITE) request_file=server2.req.sha256 serial=2 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA256 version=3 output_file=$@ 1735all_final += server2-sha256.crt 1736 1737server2.ku-ka.crt: SERVER2_CRT_SERIAL=42 1738server2.ku-ka.crt: SERVER2_KEY_USAGE=key_agreement 1739server2.ku-ke.crt: SERVER2_CRT_SERIAL=43 1740server2.ku-ke.crt: SERVER2_KEY_USAGE=key_encipherment 1741server2.ku-ds.crt: SERVER2_CRT_SERIAL=44 1742server2.ku-ds.crt: SERVER2_KEY_USAGE=digital_signature 1743server2.ku-ds_ke.crt: SERVER2_CRT_SERIAL=48 1744server2.ku-ds_ke.crt: SERVER2_KEY_USAGE=digital_signature,key_encipherment 1745server2.ku-%.crt: server2.req.sha256 1746 $(MBEDTLS_CERT_WRITE) request_file=server2.req.sha256 serial=$(SERVER2_CRT_SERIAL) \ 1747 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) \ 1748 key_usage="$(SERVER2_KEY_USAGE)" \ 1749 not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ 1750all_final += server2.ku-ka.crt server2.ku-ke.crt server2.ku-ds.crt server2.ku-ds_ke.crt 1751 1752server2-badsign.crt: server2.crt 1753 { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; } > $@ 1754all_final += server2-badsign.crt 1755 1756# server3* 1757 1758parse_input/server3.crt server3.crt: server3.key 1759 $(MBEDTLS_CERT_WRITE) subject_key=$< subject_name="C=NL,O=PolarSSL,CN=localhost" serial=13 \ 1760 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) \ 1761 not_before=20190210144406 not_after=20290210144406 \ 1762 md=SHA1 version=3 output_file=$@ 1763all_final += server3.crt 1764 1765# server4* 1766 1767parse_input/server4.crt server4.crt: server4.key 1768 $(MBEDTLS_CERT_WRITE) subject_key=$< subject_name="C=NL,O=PolarSSL,CN=localhost" serial=8 \ 1769 issuer_crt=$(test_ca_crt_file_ec) issuer_key=$(test_ca_key_file_ec) \ 1770 not_before=20190210144400 not_after=20290210144400 \ 1771 md=SHA256 version=3 output_file=$@ 1772all_final += server4.crt 1773 1774# MD5 test certificate 1775 1776cert_md_test_key = $(cli_crt_key_file_rsa) 1777 1778cert_md5.csr: $(cert_md_test_key) 1779 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Cert MD5" md=MD5 1780all_intermediate += cert_md5.csr 1781 1782parse_input/cert_md5.crt cert_md5.crt: cert_md5.csr 1783 $(MBEDTLS_CERT_WRITE) request_file=$< serial=6 \ 1784 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) \ 1785 issuer_pwd=$(test_ca_pwd_rsa) \ 1786 not_before=20000101121212 not_after=20300101121212 \ 1787 md=MD5 version=3 output_file=$@ 1788all_final += cert_md5.crt 1789 1790# TLSv1.3 test certificates 1791ecdsa_secp256r1.key: ec_256_prv.pem 1792 cp $< $@ 1793 1794ecdsa_secp256r1.csr: ecdsa_secp256r1.key 1795 $(OPENSSL) req -new -subj "/C=NL/O=PolarSSL/CN=localhost" \ 1796 -key $< -out $@ 1797all_intermediate += ecdsa_secp256r1.csr 1798ecdsa_secp256r1.crt: ecdsa_secp256r1.csr 1799 $(OPENSSL) x509 -req -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) \ 1800 -set_serial 77 -days 3653 -sha384 -in $< -out $@ 1801all_final += ecdsa_secp256r1.crt ecdsa_secp256r1.key 1802tls13_certs: ecdsa_secp256r1.crt ecdsa_secp256r1.key 1803 1804ecdsa_secp384r1.key: ec_384_prv.pem 1805 cp $< $@ 1806ecdsa_secp384r1.csr: ecdsa_secp384r1.key 1807 $(OPENSSL) req -new -subj "/C=NL/O=PolarSSL/CN=localhost" \ 1808 -key $< -out $@ 1809all_intermediate += ecdsa_secp384r1.csr 1810ecdsa_secp384r1.crt: ecdsa_secp384r1.csr 1811 $(OPENSSL) x509 -req -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) \ 1812 -set_serial 77 -days 3653 -sha384 -in $< -out $@ 1813all_final += ecdsa_secp384r1.crt ecdsa_secp384r1.key 1814tls13_certs: ecdsa_secp384r1.crt ecdsa_secp384r1.key 1815 1816ecdsa_secp521r1.key: ec_521_prv.pem 1817 cp $< $@ 1818ecdsa_secp521r1.csr: ecdsa_secp521r1.key 1819 $(OPENSSL) req -new -subj "/C=NL/O=PolarSSL/CN=localhost" \ 1820 -key $< -out $@ 1821all_intermediate += ecdsa_secp521r1.csr 1822ecdsa_secp521r1.crt: ecdsa_secp521r1.csr 1823 $(OPENSSL) x509 -req -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) \ 1824 -set_serial 77 -days 3653 -sha384 -in $< -out $@ 1825all_final += ecdsa_secp521r1.crt ecdsa_secp521r1.key 1826tls13_certs: ecdsa_secp521r1.crt ecdsa_secp521r1.key 1827 1828# PKCS7 test data 1829pkcs7_test_cert_1 = pkcs7-rsa-sha256-1.crt 1830pkcs7_test_cert_2 = pkcs7-rsa-sha256-2.crt 1831pkcs7_test_cert_3 = pkcs7-rsa-sha256-3.crt 1832pkcs7_test_file = pkcs7_data.bin 1833 1834$(pkcs7_test_file): 1835 printf "Hello\15\n" > $@ 1836all_final += $(pkcs7_test_file) 1837 1838pkcs7_zerolendata.bin: 1839 printf '' > $@ 1840all_final += pkcs7_zerolendata.bin 1841 1842pkcs7_data_1.bin: 1843 printf "2\15\n" > $@ 1844all_final += pkcs7_data_1.bin 1845 1846# Generate signing cert 1847pkcs7-rsa-sha256-1.crt: 1848 $(OPENSSL) req -x509 -subj="/C=NL/O=PKCS7/CN=PKCS7 Cert 1" -sha256 -nodes -days 3653 -newkey rsa:2048 -keyout pkcs7-rsa-sha256-1.key -out pkcs7-rsa-sha256-1.crt 1849 cat pkcs7-rsa-sha256-1.crt pkcs7-rsa-sha256-1.key > pkcs7-rsa-sha256-1.pem 1850all_final += pkcs7-rsa-sha256-1.crt 1851 1852pkcs7-rsa-sha256-2.crt: 1853 $(OPENSSL) req -x509 -subj="/C=NL/O=PKCS7/CN=PKCS7 Cert 2" -sha256 -nodes -days 3653 -newkey rsa:2048 -keyout pkcs7-rsa-sha256-2.key -out pkcs7-rsa-sha256-2.crt 1854 cat pkcs7-rsa-sha256-2.crt pkcs7-rsa-sha256-2.key > pkcs7-rsa-sha256-2.pem 1855all_final += pkcs7-rsa-sha256-2.crt 1856 1857pkcs7-rsa-sha256-3.crt: 1858 $(OPENSSL) req -x509 -subj="/C=NL/O=PKCS7/CN=PKCS7 Cert 3" -sha256 -nodes -days 3653 -newkey rsa:2048 -keyout pkcs7-rsa-sha256-3.key -out pkcs7-rsa-sha256-3.crt 1859 cat pkcs7-rsa-sha256-3.crt pkcs7-rsa-sha256-3.key > pkcs7-rsa-sha256-3.pem 1860all_final += pkcs7-rsa-sha256-3.crt 1861 1862pkcs7-rsa-expired.crt: 1863 $(FAKETIME) -f -3650d $(OPENSSL) req -x509 -subj="/C=NL/O=PKCS7/CN=PKCS7 Cert Expired" -sha256 -nodes -days 365 -newkey rsa:2048 -keyout pkcs7-rsa-expired.key -out pkcs7-rsa-expired.crt 1864all_final += pkcs7-rsa-expired.crt 1865 1866# File with an otherwise valid signature signed with an expired cert 1867pkcs7_data_rsa_expired.der: pkcs7-rsa-expired.key pkcs7-rsa-expired.crt pkcs7_data.bin 1868 $(OPENSSL) smime -sign -binary -in pkcs7_data.bin -out $@ -md sha256 -inkey pkcs7-rsa-expired.key -signer pkcs7-rsa-expired.crt -noattr -outform DER -out $@ 1869all_final += pkcs7_data_rsa_expired.der 1870 1871# Convert signing certs to DER for testing PEM-free builds 1872pkcs7-rsa-sha256-1.der: $(pkcs7_test_cert_1) 1873 $(OPENSSL) x509 -in pkcs7-rsa-sha256-1.crt -out $@ -outform DER 1874all_final += pkcs7-rsa-sha256-1.der 1875 1876pkcs7-rsa-sha256-2.der: $(pkcs7_test_cert_2) 1877 $(OPENSSL) x509 -in pkcs7-rsa-sha256-2.crt -out $@ -outform DER 1878all_final += pkcs7-rsa-sha256-2.der 1879 1880pkcs7-rsa-expired.der: pkcs7-rsa-expired.crt 1881 $(OPENSSL) x509 -in pkcs7-rsa-expired.crt -out $@ -outform DER 1882all_final += pkcs7-rsa-expired.der 1883 1884# pkcs7 signature file over zero-len data 1885pkcs7_zerolendata_detached.der: pkcs7_zerolendata.bin pkcs7-rsa-sha256-1.key pkcs7-rsa-sha256-1.crt 1886 $(OPENSSL) smime -sign -md sha256 -nocerts -noattr -in pkcs7_zerolendata.bin -inkey pkcs7-rsa-sha256-1.key -outform DER -binary -signer pkcs7-rsa-sha256-1.crt -out pkcs7_zerolendata_detached.der 1887all_final += pkcs7_zerolendata_detached.der 1888 1889# pkcs7 signature file with CERT 1890pkcs7_data_cert_signed_sha256.der: $(pkcs7_test_file) $(pkcs7_test_cert_1) 1891 $(OPENSSL) smime -sign -binary -in pkcs7_data.bin -out $@ -md sha256 -signer pkcs7-rsa-sha256-1.pem -noattr -outform DER -out $@ 1892all_final += pkcs7_data_cert_signed_sha256.der 1893 1894# pkcs7 signature file with CERT and sha1 1895pkcs7_data_cert_signed_sha1.der: $(pkcs7_test_file) $(pkcs7_test_cert_1) 1896 $(OPENSSL) smime -sign -binary -in pkcs7_data.bin -out $@ -md sha1 -signer pkcs7-rsa-sha256-1.pem -noattr -outform DER -out $@ 1897all_final += pkcs7_data_cert_signed_sha1.der 1898 1899# pkcs7 signature file with CERT and sha512 1900pkcs7_data_cert_signed_sha512.der: $(pkcs7_test_file) $(pkcs7_test_cert_1) 1901 $(OPENSSL) smime -sign -binary -in pkcs7_data.bin -out $@ -md sha512 -signer pkcs7-rsa-sha256-1.pem -noattr -outform DER -out $@ 1902all_final += pkcs7_data_cert_signed_sha512.der 1903 1904# pkcs7 signature file without CERT 1905pkcs7_data_without_cert_signed.der: $(pkcs7_test_file) $(pkcs7_test_cert_1) 1906 $(OPENSSL) smime -sign -binary -in pkcs7_data.bin -out $@ -md sha256 -signer pkcs7-rsa-sha256-1.pem -nocerts -noattr -outform DER -out $@ 1907all_final += pkcs7_data_without_cert_signed.der 1908 1909# pkcs7 signature file with signature 1910pkcs7_data_with_signature.der: $(pkcs7_test_file) $(pkcs7_test_cert_1) 1911 $(OPENSSL) smime -sign -binary -in pkcs7_data.bin -out $@ -md sha256 -signer pkcs7-rsa-sha256-1.pem -nocerts -noattr -nodetach -outform DER -out $@ 1912all_final += pkcs7_data_with_signature.der 1913 1914# pkcs7 signature file with two signers 1915pkcs7_data_multiple_signed.der: $(pkcs7_test_file) $(pkcs7_test_cert_1) $(pkcs7_test_cert_2) 1916 $(OPENSSL) smime -sign -binary -in pkcs7_data.bin -out $@ -md sha256 -signer pkcs7-rsa-sha256-1.pem -signer pkcs7-rsa-sha256-2.pem -nocerts -noattr -outform DER -out $@ 1917all_final += pkcs7_data_multiple_signed.der 1918 1919# pkcs7 signature file with three signers 1920pkcs7_data_3_signed.der: $(pkcs7_test_file) $(pkcs7_test_cert_1) $(pkcs7_test_cert_2) $(pkcs7_test_cert_3) 1921 $(OPENSSL) smime -sign -binary -in pkcs7_data.bin -out $@ -md sha256 -signer pkcs7-rsa-sha256-1.pem -signer pkcs7-rsa-sha256-2.pem -signer pkcs7-rsa-sha256-3.pem -nocerts -noattr -outform DER -out $@ 1922all_final += pkcs7_data_3_signed.der 1923 1924# pkcs7 signature file with multiple certificates 1925pkcs7_data_multiple_certs_signed.der: $(pkcs7_test_file) $(pkcs7_test_cert_1) $(pkcs7_test_cert_2) 1926 $(OPENSSL) smime -sign -binary -in pkcs7_data.bin -out $@ -md sha256 -signer pkcs7-rsa-sha256-1.pem -signer pkcs7-rsa-sha256-2.pem -noattr -outform DER -out $@ 1927all_final += pkcs7_data_multiple_certs_signed.der 1928 1929# pkcs7 signature file with corrupted CERT 1930pkcs7_data_signed_badcert.der: pkcs7_data_cert_signed_sha256.der 1931 cp pkcs7_data_cert_signed_sha256.der $@ 1932 echo 'a1' | xxd -r -p | dd of=$@ bs=1 seek=547 conv=notrunc 1933all_final += pkcs7_data_signed_badcert.der 1934 1935# pkcs7 signature file with corrupted signer info 1936pkcs7_data_signed_badsigner.der: pkcs7_data_cert_signed_sha256.der 1937 cp pkcs7_data_cert_signed_sha256.der $@ 1938 echo 'a1' | xxd -r -p | dd of=$@ bs=1 seek=918 conv=notrunc 1939all_final += pkcs7_data_signed_badsigner.der 1940 1941# pkcs7 signature file with invalid tag in signerInfo[1].serial after long issuer name 1942pkcs7_signerInfo_1_serial_invalid_tag_after_long_name.der: pkcs7_data_multiple_signed.der 1943 cp $< $@ 1944 echo 'a1' | xxd -r -p | dd of=$@ bs=1 seek=498 conv=notrunc 1945all_final += pkcs7_signerInfo_1_serial_invalid_tag_after_long_name.der 1946 1947# pkcs7 signature file with invalid tag in signerInfo[2] 1948pkcs7_signerInfo_2_invalid_tag.der: pkcs7_data_3_signed.der 1949 cp $< $@ 1950 echo 'a1' | xxd -r -p | dd of=$@ bs=1 seek=810 conv=notrunc 1951all_final += pkcs7_signerInfo_2_invalid_tag.der 1952 1953# pkcs7 signature file with corrupted signer info[1] 1954pkcs7_data_signed_badsigner1_badsize.der: pkcs7_data_3_signed.der 1955 cp pkcs7_data_3_signed.der $@ 1956 echo '72' | xxd -p -r | dd of=$@ bs=1 seek=438 conv=notrunc 1957all_final += pkcs7_data_signed_badsigner1_badsize.der 1958 1959pkcs7_data_signed_badsigner1_badtag.der: pkcs7_data_3_signed.der 1960 cp pkcs7_data_3_signed.der $@ 1961 echo 'a1' | xxd -p -r | dd of=$@ bs=1 seek=442 conv=notrunc 1962all_final += pkcs7_data_signed_badsigner1_badtag.der 1963 1964pkcs7_data_signed_badsigner1_fuzzbad.der: pkcs7_data_3_signed.der 1965 cp pkcs7_data_3_signed.der $@ 1966 echo 'a1' | xxd -p -r | dd of=$@ bs=1 seek=550 conv=notrunc 1967all_final += pkcs7_data_signed_badsigner1_fuzzbad.der 1968 1969# pkcs7 signature file with corrupted signer info[2] 1970pkcs7_data_signed_badsigner2_badsize.der: pkcs7_data_3_signed.der 1971 cp pkcs7_data_3_signed.der $@ 1972 echo '72'| xxd -p -r | dd of=$@ bs=1 seek=813 conv=notrunc 1973all_final += pkcs7_data_signed_badsigner2_badsize.der 1974 1975pkcs7_data_signed_badsigner2_badtag.der: pkcs7_data_3_signed.der 1976 cp pkcs7_data_3_signed.der $@ 1977 echo 'a1'| xxd -p -r | dd of=$@ bs=1 seek=817 conv=notrunc 1978all_final += pkcs7_data_signed_badsigner2_badtag.der 1979 1980pkcs7_data_signed_badsigner2_fuzzbad.der: pkcs7_data_3_signed.der 1981 cp pkcs7_data_3_signed.der $@ 1982 echo 'a1'| xxd -p -r | dd of=$@ bs=1 seek=925 conv=notrunc 1983all_final += pkcs7_data_signed_badsigner2_fuzzbad.der 1984 1985# pkcs7 file with version 2 1986pkcs7_data_cert_signed_v2.der: pkcs7_data_cert_signed_sha256.der 1987 cp pkcs7_data_cert_signed_sha256.der $@ 1988 echo '02' | xxd -r -p | dd of=$@ bs=1 seek=25 conv=notrunc 1989all_final += pkcs7_data_cert_signed_v2.der 1990 1991pkcs7_data_cert_encrypted.der: $(pkcs7_test_file) $(pkcs7_test_cert_1) 1992 $(OPENSSL) smime -encrypt -aes256 -in pkcs7_data.bin -binary -outform DER -out $@ pkcs7-rsa-sha256-1.crt 1993all_final += pkcs7_data_cert_encrypted.der 1994 1995## Negative tests 1996# For some interesting sizes, what happens if we make them off-by-one? 1997pkcs7_signerInfo_issuer_invalid_size.der: pkcs7_data_cert_signed_sha256.der 1998 cp $< $@ 1999 echo '35' | xxd -r -p | dd of=$@ seek=919 bs=1 conv=notrunc 2000all_final += pkcs7_signerInfo_issuer_invalid_size.der 2001 2002pkcs7_signerInfo_serial_invalid_size.der: pkcs7_data_cert_signed_sha256.der 2003 cp $< $@ 2004 echo '15' | xxd -r -p | dd of=$@ seek=973 bs=1 conv=notrunc 2005all_final += pkcs7_signerInfo_serial_invalid_size.der 2006 2007# pkcs7 signature file just with signed data 2008pkcs7_data_cert_signeddata_sha256.der: pkcs7_data_cert_signed_sha256.der 2009 dd if=pkcs7_data_cert_signed_sha256.der of=$@ skip=19 bs=1 2010all_final += pkcs7_data_cert_signeddata_sha256.der 2011 2012# - test-ca-v1.crt: v1 "CA", signs 2013# server1-v1.crt: v1 "intermediate CA", signs 2014# server2-v1*.crt: EE cert (without of with chain in same file) 2015 2016test-ca-v1.crt: $(test_ca_key_file_rsa) test-ca.req.sha256 2017 $(MBEDTLS_CERT_WRITE) is_ca=1 serial_hex=53a2b68e05400e555c9395e5 \ 2018 request_file=test-ca.req.sha256 \ 2019 selfsign=1 issuer_name="CN=PolarSSL Test CA v1,OU=testing,O=PolarSSL,C=NL" \ 2020 issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) \ 2021 not_before=20190210144400 not_after=20290210144400 md=SHA256 version=1 \ 2022 output_file=$@ 2023all_final += test-ca-v1.crt 2024 2025server1-v1.crt: server1.key test-ca-v1.crt 2026 $(MBEDTLS_CERT_WRITE) subject_key=$< serial_hex=53a2b6c704cd4d8ebc800bc1\ 2027 subject_name="CN=server1/int-ca-v1,OU=testing,O=PolarSSL,C=NL" \ 2028 issuer_crt=test-ca-v1.crt issuer_key=$(test_ca_key_file_rsa) \ 2029 issuer_pwd=$(test_ca_pwd_rsa) \ 2030 not_before=20190210144406 not_after=20290210144406 \ 2031 md=SHA256 version=1 \ 2032 output_file=$@ 2033all_final += server1-v1.crt 2034 2035server2-v1.crt: server2.key server1-v1.crt 2036 $(MBEDTLS_CERT_WRITE) subject_key=$< serial_hex=53a2b6d9235dbc4573f9b76c\ 2037 subject_name="CN=server2,OU=testing,O=PolarSSL,C=NL" \ 2038 issuer_crt=server1-v1.crt issuer_key=server1.key \ 2039 not_before=20190210144406 not_after=20290210144406 \ 2040 md=SHA256 version=1 \ 2041 output_file=$@ 2042all_final += server2-v1.crt 2043 2044server2-v1-chain.crt: server2-v1.crt server1-v1.crt 2045 cat $^ > $@ 2046 2047################################################################ 2048#### Generate C format test certs header 2049################################################################ 2050 2051TEST_CERTS_H_INPUT_FILES=test-ca2.crt \ 2052 test-ca2.crt.der \ 2053 test-ca2.key.enc \ 2054 test-ca2.key.der \ 2055 test-ca-sha256.crt \ 2056 test-ca-sha256.crt.der \ 2057 test-ca-sha1.crt \ 2058 test-ca-sha1.crt.der \ 2059 test-ca.key \ 2060 test-ca.key.der \ 2061 server5.crt \ 2062 server5.crt.der \ 2063 server5.key \ 2064 server5.key.der \ 2065 server2-sha256.crt \ 2066 server2-sha256.crt.der \ 2067 server2.crt \ 2068 server2.crt.der \ 2069 server2.key \ 2070 server2.key.der \ 2071 cli2.crt \ 2072 cli2.crt.der \ 2073 cli2.key \ 2074 cli2.key.der \ 2075 cli-rsa-sha256.crt \ 2076 cli-rsa-sha256.crt.der \ 2077 cli-rsa.key \ 2078 cli-rsa.key.der 2079../src/test_certs.h: ../scripts/generate_test_cert_macros.py \ 2080 $(TEST_CERTS_H_INPUT_FILES) 2081 ../scripts/generate_test_cert_macros.py --output $@ \ 2082 --string TEST_CA_CRT_EC_PEM=test-ca2.crt \ 2083 --binary TEST_CA_CRT_EC_DER=test-ca2.crt.der \ 2084 --string TEST_CA_KEY_EC_PEM=test-ca2.key.enc \ 2085 --password TEST_CA_PWD_EC_PEM=PolarSSLTest \ 2086 --binary TEST_CA_KEY_EC_DER=test-ca2.key.der \ 2087 --string TEST_CA_CRT_RSA_SHA256_PEM=test-ca-sha256.crt \ 2088 --binary TEST_CA_CRT_RSA_SHA256_DER=test-ca-sha256.crt.der \ 2089 --string TEST_CA_CRT_RSA_SHA1_PEM=test-ca-sha1.crt \ 2090 --binary TEST_CA_CRT_RSA_SHA1_DER=test-ca-sha1.crt.der \ 2091 --string TEST_CA_KEY_RSA_PEM=test-ca.key \ 2092 --password TEST_CA_PWD_RSA_PEM=PolarSSLTest \ 2093 --binary TEST_CA_KEY_RSA_DER=test-ca.key.der \ 2094 --string TEST_SRV_CRT_EC_PEM=server5.crt \ 2095 --binary TEST_SRV_CRT_EC_DER=server5.crt.der \ 2096 --string TEST_SRV_KEY_EC_PEM=server5.key \ 2097 --binary TEST_SRV_KEY_EC_DER=server5.key.der \ 2098 --string TEST_SRV_CRT_RSA_SHA256_PEM=server2-sha256.crt \ 2099 --binary TEST_SRV_CRT_RSA_SHA256_DER=server2-sha256.crt.der \ 2100 --string TEST_SRV_CRT_RSA_SHA1_PEM=server2.crt \ 2101 --binary TEST_SRV_CRT_RSA_SHA1_DER=server2.crt.der \ 2102 --string TEST_SRV_KEY_RSA_PEM=server2.key \ 2103 --binary TEST_SRV_KEY_RSA_DER=server2.key.der \ 2104 --string TEST_CLI_CRT_EC_PEM=cli2.crt \ 2105 --binary TEST_CLI_CRT_EC_DER=cli2.crt.der \ 2106 --string TEST_CLI_KEY_EC_PEM=cli2.key \ 2107 --binary TEST_CLI_KEY_EC_DER=cli2.key.der \ 2108 --string TEST_CLI_CRT_RSA_PEM=cli-rsa-sha256.crt \ 2109 --binary TEST_CLI_CRT_RSA_DER=cli-rsa-sha256.crt.der \ 2110 --string TEST_CLI_KEY_RSA_PEM=cli-rsa.key \ 2111 --binary TEST_CLI_KEY_RSA_DER=cli-rsa.key.der 2112 2113################################################################ 2114#### Diffie-Hellman parameters 2115################################################################ 2116 2117dh.998.pem: 2118 $(OPENSSL) dhparam -out $@ -text 998 2119 2120dh.999.pem: 2121 $(OPENSSL) dhparam -out $@ -text 999 2122 2123 2124################################################################ 2125#### Meta targets 2126################################################################ 2127 2128all_final: $(all_final) 2129all: $(all_intermediate) $(all_final) 2130 2131.PHONY: default all_final all 2132.PHONY: keys_rsa_all 2133.PHONY: keys_rsa_unenc keys_rsa_enc_basic 2134.PHONY: keys_rsa_enc_pkcs8_v1 keys_rsa_enc_pkcs8_v2 2135.PHONY: keys_rsa_enc_basic_1024 keys_rsa_enc_basic_2048 keys_rsa_enc_basic_4096 2136.PHONY: keys_rsa_enc_pkcs8_v1_1024 keys_rsa_enc_pkcs8_v2_1024 2137.PHONY: keys_rsa_enc_pkcs8_v1_2048 keys_rsa_enc_pkcs8_v2_2048 2138.PHONY: keys_rsa_enc_pkcs8_v1_4096 keys_rsa_enc_pkcs8_v2_4096 2139.PHONY: server1_all 2140 2141# These files should not be committed to the repository. 2142list_intermediate: 2143 @printf '%s\n' $(all_intermediate) | sort 2144# These files should be committed to the repository so that the test data is 2145# available upon checkout without running a randomized process depending on 2146# third-party tools. 2147list_final: 2148 @printf '%s\n' $(all_final) | sort 2149.PHONY: list_intermediate list_final 2150 2151## Remove intermediate files 2152clean: 2153 rm -f $(all_intermediate) 2154## Remove all build products, even the ones that are committed 2155neat: clean 2156 rm -f $(all_final) 2157.PHONY: clean neat 2158 2159.SECONDARY: $(all_intermediate) 2160
