Makefile (118184B)
1 ## This file contains a record of how some of the test data was 2 ## generated. The final build products are committed to the repository 3 ## as well to make sure that the test data is identical. You do not 4 ## need to use this makefile unless you're extending Mbed TLS's tests. 5 6 ## Many data files were generated prior to the existence of this 7 ## makefile, so the method of their generation was not recorded. 8 9 ## Note that in addition to depending on the version of the data 10 ## generation tool, many of the build outputs are randomized, so 11 ## running this makefile twice would not produce the same results. 12 13 ## Tools 14 OPENSSL ?= openssl 15 FAKETIME ?= faketime 16 17 TOP_DIR = ../.. 18 MBEDTLS_CERT_WRITE ?= $(TOP_DIR)/programs/x509/cert_write 19 MBEDTLS_CERT_REQ ?= $(TOP_DIR)/programs/x509/cert_req 20 21 22 ## Build the generated test data. Note that since the final outputs 23 ## are committed to the repository, this target should do nothing on a 24 ## fresh checkout. Furthermore, since the generation is randomized, 25 ## re-running the same targets may result in differing files. The goal 26 ## of this makefile is primarily to serve as a record of how the 27 ## targets were generated in the first place. 28 default: all_final 29 30 all_intermediate := # temporary files 31 all_final := # files used by tests 32 33 34 35 ################################################################ 36 #### Generate certificates from existing keys 37 ################################################################ 38 39 test_ca_crt = test-ca.crt 40 test_ca_key_file_rsa = test-ca.key 41 test_ca_key_file_rsa_unenc = test-ca_unenc.key 42 test_ca_pwd_rsa = PolarSSLTest 43 test_ca_config_file = test-ca.opensslconf 44 45 $(test_ca_key_file_rsa): 46 $(OPENSSL) genrsa -aes-128-cbc -passout pass:$(test_ca_pwd_rsa) -out $@ 2048 47 $(test_ca_key_file_rsa_unenc): $(test_ca_key_file_rsa) 48 $(OPENSSL) rsa -passin pass:$(test_ca_pwd_rsa) -in $< -out $@ 49 all_final += $(test_ca_key_file_rsa) $(test_ca_key_file_rsa_unenc) 50 51 test-ca.req.sha256: $(test_ca_key_file_rsa) 52 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$(test_ca_key_file_rsa) password=$(test_ca_pwd_rsa) subject_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" md=SHA256 53 all_intermediate += test-ca.req.sha256 54 55 parse_input/test-ca.crt test-ca.crt: $(test_ca_key_file_rsa) test-ca.req.sha256 56 $(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 request_file=test-ca.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144400 not_after=20290210144400 md=SHA1 version=3 output_file=$@ 57 all_final += test-ca.crt 58 59 parse_input/test-ca.crt.der: parse_input/test-ca.crt 60 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 61 62 test-ca.key.der: $(test_ca_key_file_rsa) 63 $(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER -passin "pass:$(test_ca_pwd_rsa)" 64 all_final += test-ca.key.der 65 66 # This is only used for generating cert_example_multi_nocn.crt 67 test-ca_nocn.crt: $(test_ca_key_file_rsa) 68 $(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 selfsign=1 \ 69 subject_key=$(test_ca_key_file_rsa) subject_pwd=$(test_ca_pwd_rsa) subject_name="C=NL" \ 70 issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) issuer_name="C=NL" \ 71 not_before=20190210144400 not_after=20290210144400 md=SHA1 version=3 output_file=$@ 72 all_intermediate += test-ca_nocn.crt 73 74 test-ca-sha1.crt: $(test_ca_key_file_rsa) test-ca.req.sha256 75 $(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 request_file=test-ca.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144400 not_after=20290210144400 md=SHA1 version=3 output_file=$@ 76 all_final += test-ca-sha1.crt 77 78 test-ca-sha1.crt.der: test-ca-sha1.crt 79 $(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER 80 all_final += test-ca-sha1.crt.der 81 82 test-ca-sha256.crt: $(test_ca_key_file_rsa) test-ca.req.sha256 83 $(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 request_file=test-ca.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144400 not_after=20290210144400 md=SHA256 version=3 output_file=$@ 84 all_final += test-ca-sha256.crt 85 86 test-ca-sha256.crt.der: test-ca-sha256.crt 87 $(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER 88 all_final += test-ca-sha256.crt.der 89 90 test-ca_utf8.crt: $(test_ca_key_file_rsa) 91 $(OPENSSL) req -x509 -new -nodes -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 3 -config $(test_ca_config_file) -sha1 -days 3653 -utf8 -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test CA" -out $@ 92 all_final += test-ca_utf8.crt 93 94 test-ca_printable.crt: $(test_ca_key_file_rsa) 95 $(OPENSSL) req -x509 -new -nodes -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 3 -config $(test_ca_config_file) -sha1 -days 3653 -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test CA" -out $@ 96 all_final += test-ca_printable.crt 97 98 test-ca_uppercase.crt: $(test_ca_key_file_rsa) 99 $(OPENSSL) req -x509 -new -nodes -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 3 -config $(test_ca_config_file) -sha1 -days 3653 -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test CA" -out $@ 100 all_final += test-ca_uppercase.crt 101 102 test_ca_key_file_rsa_alt = test-ca-alt.key 103 104 cert_example_multi.csr: rsa_pkcs1_1024_clear.pem 105 $(OPENSSL) req -new -subj "/C=NL/O=PolarSSL/CN=www.example.com" -set_serial 17 -config $(test_ca_config_file) -extensions dns_alt_names -days 3650 -key rsa_pkcs1_1024_clear.pem -out $@ 106 107 parse_input/cert_example_multi.crt cert_example_multi.crt: cert_example_multi.csr 108 $(OPENSSL) x509 -req -CA $(test_ca_crt) -CAkey $(test_ca_key_file_rsa) \ 109 -extfile $(test_ca_config_file) -extensions dns_alt_names \ 110 -passin "pass:$(test_ca_pwd_rsa)" -set_serial 17 -days 3653 -sha256 \ 111 -in $< > $@ 112 113 cert_example_multi_nocn.csr: rsa_pkcs1_1024_clear.pem 114 $(MBEDTLS_CERT_REQ) filename=$< output_file=$@ subject_name='C=NL' 115 all_intermediate += cert_example_multi_nocn.csr 116 117 parse_input/cert_example_multi_nocn.crt cert_example_multi_nocn.crt: cert_example_multi_nocn.csr test-ca_nocn.crt 118 $(OPENSSL) x509 -req -CA test-ca_nocn.crt -CAkey $(test_ca_key_file_rsa) \ 119 -extfile $(test_ca_config_file) -extensions ext_multi_nocn -passin "pass:$(test_ca_pwd_rsa)" \ 120 -set_serial 0xf7c67ff8e9a963f9 -days 3653 -sha1 -in $< > $@ 121 all_final += cert_example_multi_nocn.crt 122 123 parse_input/test_csr_v3_keyUsage.csr.der: rsa_pkcs1_1024_clear.pem 124 $(OPENSSL) req -new -subj '/CN=etcd' -config $(test_ca_config_file) -key rsa_pkcs1_1024_clear.pem -outform DER -out $@ -reqexts csr_ext_v3_keyUsage 125 parse_input/test_csr_v3_subjectAltName.csr.der: rsa_pkcs1_1024_clear.pem 126 $(OPENSSL) req -new -subj '/CN=etcd' -config $(test_ca_config_file) -key rsa_pkcs1_1024_clear.pem -outform DER -out $@ -reqexts csr_ext_v3_subjectAltName 127 parse_input/test_csr_v3_nsCertType.csr.der: rsa_pkcs1_1024_clear.pem 128 $(OPENSSL) req -new -subj '/CN=etcd' -config $(test_ca_config_file) -key rsa_pkcs1_1024_clear.pem -outform DER -out $@ -reqexts csr_ext_v3_nsCertType 129 parse_input/test_csr_v3_all.csr.der: rsa_pkcs1_1024_clear.pem 130 $(OPENSSL) req -new -subj '/CN=etcd' -config $(test_ca_config_file) -key rsa_pkcs1_1024_clear.pem -outform DER -out $@ -reqexts csr_ext_v3_all 131 parse_input/test_csr_v3_all_malformed_extensions_sequence_tag.csr.der: parse_input/test_csr_v3_all.csr.der 132 (hexdump -ve '1/1 "%.2X"' $< | sed "s/300B0603551D0F040403/200B0603551D0F040403/" | xxd -r -p ) > $@ 133 parse_input/test_csr_v3_all_malformed_extension_id_tag.csr.der: parse_input/test_csr_v3_all.csr.der 134 (hexdump -ve '1/1 "%.2X"' $< | sed "s/0603551D0F0404030201/0703551D0F0404030201/" | xxd -r -p ) > $@ 135 parse_input/test_csr_v3_all_malformed_extension_data_tag.csr.der: parse_input/test_csr_v3_all.csr.der 136 (hexdump -ve '1/1 "%.2X"' $< | sed "s/040403020102302F0603/050403020102302F0603/" | xxd -r -p ) > $@ 137 parse_input/test_csr_v3_all_malformed_extension_data_len1.csr.der: parse_input/test_csr_v3_all.csr.der 138 (hexdump -ve '1/1 "%.2X"' $< | sed "s/040403020102302F0603/040503020102302F0603/" | xxd -r -p ) > $@ 139 parse_input/test_csr_v3_all_malformed_extension_data_len2.csr.der: parse_input/test_csr_v3_all.csr.der 140 (hexdump -ve '1/1 "%.2X"' $< | sed "s/040403020102302F0603/040303020102302F0603/" | xxd -r -p ) > $@ 141 parse_input/test_csr_v3_all_malformed_extension_key_usage_bitstream_tag.csr.der: parse_input/test_csr_v3_all.csr.der 142 (hexdump -ve '1/1 "%.2X"' $< | sed "s/03020102302F0603551D/04020102302F0603551D/" | xxd -r -p ) > $@ 143 parse_input/test_csr_v3_all_malformed_extension_subject_alt_name_sequence_tag.csr.der: parse_input/test_csr_v3_all.csr.der 144 (hexdump -ve '1/1 "%.2X"' $< | sed "s/3026A02406082B060105/4026A02406082B060105/" | xxd -r -p ) > $@ 145 parse_input/test_csr_v3_all_malformed_extension_ns_cert_bitstream_tag.csr.der: parse_input/test_csr_v3_all.csr.der 146 (hexdump -ve '1/1 "%.2X"' $< | sed "s/03020780300D06092A86/04020780300D06092A86/" | xxd -r -p ) > $@ 147 parse_input/test_csr_v3_all_malformed_duplicated_extension.csr.der: parse_input/test_csr_v3_all.csr.der 148 (hexdump -ve '1/1 "%.2X"' $< | sed "s/551D11/551D0F/" | xxd -r -p ) > $@ 149 parse_input/test_csr_v3_all_malformed_extension_type_oid.csr.der: parse_input/test_csr_v3_all.csr.der 150 (hexdump -ve '1/1 "%.2X"' $< | sed "s/551D11/551DFF/" | xxd -r -p ) > $@ 151 parse_input/test_csr_v3_all_malformed_attributes_sequence_tag.csr.der: parse_input/test_csr_v3_all.csr.der 152 (hexdump -ve '1/1 "%.2X"' $< | sed "s/306006092A864886F70D/406006092A864886F70D/" | xxd -r -p ) > $@ 153 parse_input/test_csr_v3_all_malformed_attributes_id_tag.csr.der: parse_input/test_csr_v3_all.csr.der 154 (hexdump -ve '1/1 "%.2X"' $< | sed "s/06092A864886F70D0109/07092A864886F70D0109/" | xxd -r -p ) > $@ 155 parse_input/test_csr_v3_all_malformed_attributes_extension_request.csr.der: parse_input/test_csr_v3_all.csr.der 156 (hexdump -ve '1/1 "%.2X"' $< | sed "s/2A864886F70D01090E/2A864886F70D01090F/" | xxd -r -p ) > $@ 157 parse_input/test_csr_v3_all_malformed_attributes_extension_request_set_tag.csr.der: parse_input/test_csr_v3_all.csr.der 158 (hexdump -ve '1/1 "%.2X"' $< | sed "s/31533051300B0603551D/32533051300B0603551D/" | xxd -r -p ) > $@ 159 parse_input/test_csr_v3_all_malformed_attributes_extension_request_sequence_tag.csr.der: parse_input/test_csr_v3_all.csr.der 160 (hexdump -ve '1/1 "%.2X"' $< | sed "s/3051300B0603551D0F04/3151300B0603551D0F04/" | xxd -r -p ) > $@ 161 parse_input/test_csr_v3_all_malformed_attributes_len1.csr.der: parse_input/test_csr_v3_all.csr.der 162 (hexdump -ve '1/1 "%.2X"' $< | sed "s/306006092A864886F70D/306106092A864886F70D/" | xxd -r -p ) > $@ 163 parse_input/test_csr_v3_all_malformed_attributes_len2.csr.der: parse_input/test_csr_v3_all.csr.der 164 (hexdump -ve '1/1 "%.2X"' $< | sed "s/306006092A864886F70D/305906092A864886F70D/" | xxd -r -p ) > $@ 165 parse_input/test_csr_v3_all_malformed_attributes_extension_request_sequence_len1.csr.der: parse_input/test_csr_v3_all.csr.der 166 (hexdump -ve '1/1 "%.2X"' $< | sed "s/3051300B0603551D0F04/3052300B0603551D0F04/" | xxd -r -p ) > $@ 167 parse_input/test_csr_v3_all_malformed_attributes_extension_request_sequence_len2.csr.der: parse_input/test_csr_v3_all.csr.der 168 (hexdump -ve '1/1 "%.2X"' $< | sed "s/3051300B0603551D0F04/3050300B0603551D0F04/" | xxd -r -p ) > $@ 169 170 parse_input/test_cert_rfc822name.crt.der: cert_example_multi.csr 171 $(OPENSSL) x509 -req -CA $(test_ca_crt) -CAkey $(test_ca_key_file_rsa) -extfile $(test_ca_config_file) -outform DER -extensions rfc822name_names -passin "pass:$(test_ca_pwd_rsa)" -set_serial 17 -days 3653 -sha256 -in $< > $@ 172 173 $(test_ca_key_file_rsa_alt):test-ca.opensslconf 174 $(OPENSSL) genrsa -out $@ 2048 175 test-ca-alt.csr: $(test_ca_key_file_rsa_alt) $(test_ca_config_file) 176 $(OPENSSL) req -new -config $(test_ca_config_file) -key $(test_ca_key_file_rsa_alt) -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test CA" -out $@ 177 all_intermediate += test-ca-alt.csr 178 test-ca-alt.crt: $(test_ca_key_file_rsa_alt) $(test_ca_config_file) test-ca-alt.csr 179 $(OPENSSL) req -x509 -config $(test_ca_config_file) -key $(test_ca_key_file_rsa_alt) -set_serial 0 -days 3653 -sha256 -in test-ca-alt.csr -out $@ 180 all_final += test-ca-alt.crt 181 test-ca-alt-good.crt: test-ca-alt.crt test-ca-sha256.crt 182 cat test-ca-alt.crt test-ca-sha256.crt > $@ 183 all_final += test-ca-alt-good.crt 184 test-ca-good-alt.crt: test-ca-alt.crt test-ca-sha256.crt 185 cat test-ca-sha256.crt test-ca-alt.crt > $@ 186 all_final += test-ca-good-alt.crt 187 188 test_ca_crt_file_ec = test-ca2.crt 189 test_ca_key_file_ec = test-ca2.key 190 191 test-ca2.req.sha256: $(test_ca_key_file_ec) 192 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$(test_ca_key_file_ec) \ 193 subject_name="C=NL,O=PolarSSL,CN=Polarssl Test EC CA" md=SHA256 194 all_intermediate += test-ca2.req.sha256 195 196 test-ca2.crt: $(test_ca_key_file_ec) test-ca2.req.sha256 197 $(MBEDTLS_CERT_WRITE) is_ca=1 serial=13926223505202072808 selfsign=1 \ 198 request_file=test-ca2.req.sha256 \ 199 issuer_name="C=NL,O=PolarSSL,CN=Polarssl Test EC CA" \ 200 issuer_key=$(test_ca_key_file_ec) \ 201 not_before=20190210144400 not_after=20290210144400 \ 202 md=SHA256 version=3 output_file=$@ 203 all_final += test-ca2.crt 204 205 test-ca2.ku-%.crt: test-ca2.ku-%.crt.openssl.v3_ext $(test_ca_key_file_ec) test-ca2.req.sha256 206 $(OPENSSL) x509 -req -in test-ca2.req.sha256 -extfile $< \ 207 -signkey $(test_ca_key_file_ec) -days 3653 -out $@ 208 209 all_final += test-ca2.ku-crl.crt test-ca2.ku-crt.crt test-ca2.ku-crt_crl.crt \ 210 test-ca2.ku-ds.crt 211 212 test-ca2-future.crt: $(test_ca_key_file_ec) test-ca2.req.sha256 213 $(MBEDTLS_CERT_WRITE) is_ca=1 serial=13926223505202072808 request_file=test-ca2.req.sha256 selfsign=1 \ 214 issuer_name="C=NL,O=PolarSSL,CN=Polarssl Test EC CA" issuer_key=$(test_ca_key_file_ec) \ 215 not_before=20290210144400 not_after=20390210144400 md=SHA256 version=3 output_file=$@ 216 all_intermediate += test-ca2-future.crt 217 218 test_ca_ec_cat := # files that concatenate different crt 219 test-ca2_cat-future-invalid.crt: test-ca2-future.crt server6.crt 220 test_ca_ec_cat += test-ca2_cat-future-invalid.crt 221 test-ca2_cat-future-present.crt: test-ca2-future.crt test-ca2.crt 222 test_ca_ec_cat += test-ca2_cat-future-present.crt 223 test-ca2_cat-present-future.crt: test-ca2.crt test-ca2-future.crt 224 test_ca_ec_cat += test-ca2_cat-present-future.crt 225 test-ca2_cat-present-past.crt: test-ca2.crt test-ca2-expired.crt 226 test_ca_ec_cat += test-ca2_cat-present-past.crt 227 test-ca2_cat-past-invalid.crt: test-ca2-expired.crt server6.crt 228 test_ca_ec_cat += test-ca2_cat-past-invalid.crt 229 test-ca2_cat-past-present.crt: test-ca2-expired.crt test-ca2.crt 230 test_ca_ec_cat += test-ca2_cat-past-present.crt 231 $(test_ca_ec_cat): 232 cat $^ > $@ 233 all_final += $(test_ca_ec_cat) 234 235 parse_input/test-ca-any_policy.crt: $(test_ca_key_file_rsa) test-ca.req.sha256 236 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_any_policy_ca \ 237 -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" \ 238 -set_serial 0 -days 3653 -sha256 -in test-ca.req.sha256 -out $@ 239 240 parse_input/test-ca-any_policy_ec.crt: $(test_ca_key_file_ec) test-ca.req_ec.sha256 241 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_any_policy_ca \ 242 -key $(test_ca_key_file_ec) -set_serial 0 -days 3653 -sha256 \ 243 -in test-ca.req_ec.sha256 -out $@ 244 245 parse_input/test-ca-any_policy_with_qualifier.crt: $(test_ca_key_file_rsa) test-ca.req.sha256 246 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_any_policy_qualifier_ca -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha256 -in test-ca.req.sha256 -out $@ 247 248 parse_input/test-ca-any_policy_with_qualifier_ec.crt: $(test_ca_key_file_ec) test-ca.req_ec.sha256 249 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_any_policy_qualifier_ca -key $(test_ca_key_file_ec) -set_serial 0 -days 3653 -sha256 -in test-ca.req_ec.sha256 -out $@ 250 251 parse_input/test-ca-multi_policy.crt: $(test_ca_key_file_rsa) test-ca.req.sha256 252 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_multi_policy_ca -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha256 -in test-ca.req.sha256 -out $@ 253 254 parse_input/test-ca-multi_policy_ec.crt: $(test_ca_key_file_ec) test-ca.req_ec.sha256 255 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_multi_policy_ca -key $(test_ca_key_file_ec) -set_serial 0 -days 3653 -sha256 -in test-ca.req_ec.sha256 -out $@ 256 257 parse_input/test-ca-unsupported_policy.crt: $(test_ca_key_file_rsa) test-ca.req.sha256 258 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_unsupported_policy_ca -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha256 -in test-ca.req.sha256 -out $@ 259 260 parse_input/test-ca-unsupported_policy_ec.crt: $(test_ca_key_file_ec) test-ca.req_ec.sha256 261 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_unsupported_policy_ca -key $(test_ca_key_file_ec) -set_serial 0 -days 3653 -sha256 -in test-ca.req_ec.sha256 -out $@ 262 263 test-ca.req_ec.sha256: $(test_ca_key_file_ec) 264 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$(test_ca_key_file_ec) subject_name="C=NL, O=PolarSSL, CN=Polarssl Test EC CA" md=SHA256 265 all_intermediate += test-ca.req_ec.sha256 266 267 test-ca2.crt.der: $(test_ca_crt_file_ec) 268 $(OPENSSL) x509 -in $(test_ca_crt_file_ec) -out $@ -inform PEM -outform DER 269 all_final += test-ca2.crt.der 270 271 test-ca2.key.der: $(test_ca_key_file_ec) 272 $(OPENSSL) pkey -in $(test_ca_key_file_ec) -out $@ -inform PEM -outform DER 273 all_final += test-ca2.key.der 274 275 test_ca_crt_cat12 = test-ca_cat12.crt 276 $(test_ca_crt_cat12): $(test_ca_crt) $(test_ca_crt_file_ec) 277 cat $(test_ca_crt) $(test_ca_crt_file_ec) > $@ 278 all_final += $(test_ca_crt_cat12) 279 280 test_ca_crt_cat21 = test-ca_cat21.crt 281 $(test_ca_crt_cat21): $(test_ca_crt) $(test_ca_crt_file_ec) 282 cat $(test_ca_crt_file_ec) $(test_ca_crt) > $@ 283 all_final += $(test_ca_crt_cat21) 284 285 test-int-ca.csr: test-int-ca.key $(test_ca_config_file) 286 $(OPENSSL) req -new -config $(test_ca_config_file) -key test-int-ca.key -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test Intermediate CA" -out $@ 287 288 test-int-ca2.csr: test-int-ca2.key $(test_ca_config_file) 289 $(OPENSSL) req -new -config $(test_ca_config_file) -key test-int-ca2.key \ 290 -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test Intermediate EC CA" -out $@ 291 292 test-int-ca3.csr: test-int-ca3.key $(test_ca_config_file) 293 $(OPENSSL) req -new -config $(test_ca_config_file) -key test-int-ca3.key \ 294 -subj "/C=UK/O=mbed TLS/CN=mbed TLS Test intermediate CA 3" -out $@ 295 296 all_intermediate += test-int-ca.csr test-int-ca2.csr test-int-ca3.csr 297 298 test-int-ca.crt: $(test_ca_crt_file_ec) $(test_ca_key_file_ec) $(test_ca_config_file) test-int-ca.csr 299 $(OPENSSL) x509 -req -extfile $(test_ca_config_file) -extensions v3_ca \ 300 -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) \ 301 -set_serial 14 -days 3653 -sha256 -in test-int-ca.csr -out $@ 302 303 test-int-ca2.crt: $(test_ca_key_file_rsa) $(test_ca_crt) $(test_ca_config_file) test-int-ca2.csr 304 $(OPENSSL) x509 -req -extfile $(test_ca_config_file) -extensions v3_ca -CA $(test_ca_crt) \ 305 -CAkey $(test_ca_key_file_rsa) -set_serial 15 -days 3653 -sha256 -in test-int-ca2.csr \ 306 -passin "pass:$(test_ca_pwd_rsa)" -out $@ 307 308 # Note: This requests openssl version >= 3.x.xx 309 test-int-ca3.crt: test-int-ca2.crt test-int-ca2.key $(test_ca_config_file) test-int-ca3.csr 310 $(OPENSSL) x509 -req -extfile $(test_ca_config_file) -extensions no_subj_auth_id \ 311 -CA test-int-ca2.crt -CAkey test-int-ca2.key -set_serial 77 -days 3653 \ 312 -sha256 -in test-int-ca3.csr -out $@ 313 314 test-int-ca-exp.crt: $(test_ca_crt_file_ec) $(test_ca_key_file_ec) $(test_ca_config_file) test-int-ca.csr 315 $(FAKETIME) -f -3653d $(OPENSSL) x509 -req -extfile $(test_ca_config_file) -extensions v3_ca -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) -set_serial 14 -days 3653 -sha256 -in test-int-ca.csr -out $@ 316 317 all_final += test-int-ca-exp.crt test-int-ca.crt test-int-ca2.crt test-int-ca3.crt 318 319 enco-cert-utf8str.pem: rsa_pkcs1_1024_clear.pem 320 $(MBEDTLS_CERT_WRITE) subject_key=rsa_pkcs1_1024_clear.pem subject_name="CN=dw.yonan.net" issuer_crt=enco-ca-prstr.pem issuer_key=rsa_pkcs1_1024_clear.pem not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ 321 322 parse_input/crl-idp.pem: $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_config_file) 323 $(OPENSSL) ca -gencrl -batch -cert $(test_ca_crt) -keyfile $(test_ca_key_file_rsa) -key $(test_ca_pwd_rsa) -config $(test_ca_config_file) -name test_ca -md sha256 -crldays 3653 -crlexts crl_ext_idp -out $@ 324 parse_input/crl-idpnc.pem: $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_config_file) 325 $(OPENSSL) ca -gencrl -batch -cert $(test_ca_crt) -keyfile $(test_ca_key_file_rsa) -key $(test_ca_pwd_rsa) -config $(test_ca_config_file) -name test_ca -md sha256 -crldays 3653 -crlexts crl_ext_idp_nc -out $@ 326 327 cli_crt_key_file_rsa = cli-rsa.key 328 cli_crt_extensions_file = cli.opensslconf 329 330 cli-rsa.csr: $(cli_crt_key_file_rsa) 331 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Client 2" md=SHA1 332 all_intermediate += cli-rsa.csr 333 334 cli-rsa-sha1.crt: cli-rsa.csr 335 $(MBEDTLS_CERT_WRITE) request_file=$< serial=4 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ 336 337 cli-rsa-sha256.crt: cli-rsa.csr 338 $(MBEDTLS_CERT_WRITE) request_file=$< serial=4 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA256 version=3 output_file=$@ 339 all_final += cli-rsa-sha256.crt 340 341 cli-rsa-sha256.crt.der: cli-rsa-sha256.crt 342 $(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER 343 all_final += cli-rsa-sha256.crt.der 344 345 parse_input/cli-rsa-sha256-badalg.crt.der: cli-rsa-sha256.crt.der 346 hexdump -ve '1/1 "%.2X"' $< | sed "s/06092A864886F70D01010B0500/06092A864886F70D01010B0900/2" | xxd -r -p > $@ 347 348 cli-rsa.key.der: $(cli_crt_key_file_rsa) 349 $(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER 350 all_final += cli-rsa.key.der 351 352 test_ca_int_rsa1 = test-int-ca.crt 353 test_ca_int_ec = test-int-ca2.crt 354 test_ca_int_key_file_ec = test-int-ca2.key 355 356 # server7* 357 358 server7.csr: server7.key 359 $(OPENSSL) req -new -key server7.key -subj "/C=NL/O=PolarSSL/CN=localhost" -out $@ 360 all_intermediate += server7.csr 361 362 server7.crt: server7.csr $(test_ca_int_rsa1) 363 $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa \ 364 -CA $(test_ca_int_rsa1) -CAkey test-int-ca.key \ 365 -set_serial 16 -days 3653 -sha256 -in server7.csr > $@ 366 all_final += server7.crt 367 368 server7-expired.crt: server7.csr $(test_ca_int_rsa1) 369 $(FAKETIME) -f -3653d $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA $(test_ca_int_rsa1) -CAkey test-int-ca.key -set_serial 16 -days 3653 -sha256 -in server7.csr | cat - $(test_ca_int_rsa1) > $@ 370 all_final += server7-expired.crt 371 372 server7-future.crt: server7.csr $(test_ca_int_rsa1) 373 $(FAKETIME) -f +3653d $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA $(test_ca_int_rsa1) -CAkey test-int-ca.key -set_serial 16 -days 3653 -sha256 -in server7.csr | cat - $(test_ca_int_rsa1) > $@ 374 all_final += server7-future.crt 375 376 server7-badsign.crt: server7.crt $(test_ca_int_rsa1) 377 { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; cat $(test_ca_int_rsa1); } > $@ 378 all_final += server7-badsign.crt 379 380 parse_input/server7_int-ca.crt server7_int-ca.crt: server7.crt $(test_ca_int_rsa1) 381 cat server7.crt $(test_ca_int_rsa1) > $@ 382 all_final += server7_int-ca.crt 383 384 parse_input/server7_pem_space.crt: server7.crt $(test_ca_int_rsa1) 385 cat server7.crt $(test_ca_int_rsa1) | sed '4s/\(.\)$$/ \1/' > $@ 386 387 parse_input/server7_all_space.crt: server7.crt $(test_ca_int_rsa1) 388 { cat server7.crt | sed '4s/\(.\)$$/ \1/'; cat test-int-ca.crt | sed '4s/\(.\)$$/ \1/'; } > $@ 389 390 parse_input/server7_trailing_space.crt: server7.crt $(test_ca_int_rsa1) 391 cat server7.crt $(test_ca_int_rsa1) | sed 's/\(.\)$$/\1 /' > $@ 392 393 server7_int-ca_ca2.crt: server7.crt $(test_ca_int_rsa1) $(test_ca_crt_file_ec) 394 cat server7.crt $(test_ca_int_rsa1) $(test_ca_crt_file_ec) > $@ 395 all_final += server7_int-ca_ca2.crt 396 397 server7_int-ca-exp.crt: server7.crt test-int-ca-exp.crt 398 cat server7.crt test-int-ca-exp.crt > $@ 399 all_final += server7_int-ca-exp.crt 400 401 server7_spurious_int-ca.crt: server7.crt $(test_ca_int_ec) $(test_ca_int_rsa1) 402 cat server7.crt $(test_ca_int_ec) $(test_ca_int_rsa1) > $@ 403 all_final += server7_spurious_int-ca.crt 404 405 # server8* 406 407 server8.crt: server8.key 408 $(MBEDTLS_CERT_WRITE) subject_key=$< subject_name="C=NL, O=PolarSSL, CN=localhost" serial=17 \ 409 issuer_crt=$(test_ca_int_ec) issuer_key=$(test_ca_int_key_file_ec) \ 410 not_before=20190210144406 not_after=20290210144406 \ 411 md=SHA256 version=3 output_file=$@ 412 all_final += server8.crt 413 414 server8_int-ca2.crt: server8.crt $(test_ca_int_ec) 415 cat $^ > $@ 416 all_final += server8_int-ca2.crt 417 418 cli2.req.sha256: cli2.key 419 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Test Client 2" md=SHA256 420 all_intermediate += cli2.req.sha256 421 422 all_final += server1.req.sha1 423 cli2.crt: cli2.req.sha256 424 $(MBEDTLS_CERT_WRITE) request_file=cli2.req.sha256 serial=13 selfsign=0 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test EC CA" issuer_key=$(test_ca_key_file_ec) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144400 not_after=20290210144400 md=SHA256 version=3 output_file=$@ 425 all_final += cli2.crt 426 427 cli2.crt.der: cli2.crt 428 $(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER 429 all_final += cli2.crt.der 430 431 cli2.key.der: cli2.key 432 $(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER 433 all_final += cli2.key.der 434 435 server5_pwd_ec = PolarSSLTest 436 437 server5.crt.der: server5.crt 438 $(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER 439 all_final += server5.crt.der 440 441 server5.key.der: server5.key 442 $(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER 443 all_final += server5.key.der 444 445 server5.key.enc: server5.key 446 $(OPENSSL) ec -aes256 -in $< -out $@ -passout "pass:$(server5_pwd_ec)" 447 all_final += server5.key.enc 448 449 server5-ss-expired.crt: server5.key 450 $(FAKETIME) -f -3653d $(OPENSSL) req -x509 -new -subj "/C=UK/O=mbed TLS/OU=testsuite/CN=localhost" -days 3653 -sha256 -key $< -out $@ 451 all_final += server5-ss-expired.crt 452 453 # try to forge a copy of test-int-ca3 with different key 454 server5-ss-forgeca.crt: server5.key 455 $(OPENSSL) req -x509 -new -subj "/C=UK/O=mbed TLS/CN=mbed TLS Test intermediate CA 3" \ 456 -set_serial 77 -config $(test_ca_config_file) -extensions noext_ca \ 457 -days 3650 -sha256 -key $< -out $@ 458 all_final += server5-ss-forgeca.crt 459 460 server5-selfsigned.crt: server5.key 461 openssl req -x509 -key server5.key \ 462 -sha256 -days 3650 -nodes \ 463 -addext basicConstraints=critical,CA:FALSE \ 464 -addext keyUsage=critical,digitalSignature \ 465 -addext subjectKeyIdentifier=hash \ 466 -addext authorityKeyIdentifier=none \ 467 -set_serial 0x53a2cb4b124ead837da894b2 \ 468 -subj "/CN=selfsigned/OU=testing/O=PolarSSL/C=NL" \ 469 -out $@ 470 all_final += server5-selfsigned.crt 471 472 parse_input/server5-othername.crt.der: server5.key 473 $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions othername_san -days 3650 -sha256 -key $< -outform der -out $@ 474 475 parse_input/server5-nonprintable_othername.crt.der: server5.key 476 $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS non-printable othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions nonprintable_othername_san -days 3650 -sha256 -key $< -outform der -out $@ 477 478 parse_input/server5-unsupported_othername.crt.der: server5.key 479 $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS unsupported othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions unsupported_othername_san -days 3650 -sha256 -key $< -outform der -out $@ 480 481 parse_input/server5-fan.crt.der: server5.key 482 $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS FAN" -set_serial 77 -config $(test_ca_config_file) -extensions fan_cert -days 3650 -sha256 -key server5.key -outform der -out $@ 483 484 server5-tricky-ip-san.crt.der: server5.key 485 $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS Tricky IP SAN" -set_serial 77 -config $(test_ca_config_file) -extensions tricky_ip_san -days 3650 -sha256 -key server5.key -outform der -out $@ 486 487 all_final += server5-tricky-ip-san.crt.der 488 489 # malformed IP length 490 server5-tricky-ip-san-malformed-len.crt.der: server5-tricky-ip-san.crt.der 491 hexdump -ve '1/1 "%.2X"' $< | sed "s/87046162636487106162/87056162636487106162/" | xxd -r -p > $@ 492 493 parse_input/server5-directoryname.crt.der: server5.key 494 $(OPENSSL) req -x509 -outform der -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS directoryName SAN" -set_serial 77 -config $(test_ca_config_file) -extensions directory_name_san -days 3650 -sha256 -key server5.key -out $@ 495 496 parse_input/server5-two-directorynames.crt.der: server5.key 497 $(OPENSSL) req -x509 -outform der -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS directoryName SAN" -set_serial 77 -config $(test_ca_config_file) -extensions two_directorynames -days 3650 -sha256 -key server5.key -out $@ 498 499 server5-der0.crt: server5.crt.der 500 cp $< $@ 501 server5-der1a.crt: server5.crt.der 502 cp $< $@ 503 echo '00' | xxd -r -p | dd of=$@ bs=1 seek=$$(wc -c <$<) conv=notrunc 504 server5-der1b.crt: server5.crt.der 505 cp $< $@ 506 echo 'c1' | xxd -r -p | dd of=$@ bs=1 seek=$$(wc -c <$<) conv=notrunc 507 server5-der2.crt: server5.crt.der 508 cp $< $@ 509 echo 'b90a' | xxd -r -p | dd of=$@ bs=1 seek=$$(wc -c <$<) conv=notrunc 510 server5-der4.crt: server5.crt.der 511 cp $< $@ 512 echo 'a710945f' | xxd -r -p | dd of=$@ bs=1 seek=$$(wc -c <$<) conv=notrunc 513 server5-der8.crt: server5.crt.der 514 cp $< $@ 515 echo 'a4a7ff27267aaa0f' | xxd -r -p | dd of=$@ bs=1 seek=$$(wc -c <$<) conv=notrunc 516 server5-der9.crt: server5.crt.der 517 cp $< $@ 518 echo 'cff8303376ffa47a29' | xxd -r -p | dd of=$@ bs=1 seek=$$(wc -c <$<) conv=notrunc 519 all_final += server5-der0.crt server5-der1b.crt server5-der4.crt \ 520 server5-der9.crt server5-der1a.crt server5-der2.crt \ 521 server5-der8.crt 522 523 # directoryname sequence tag malformed 524 parse_input/server5-directoryname-seq-malformed.crt.der: parse_input/server5-two-directorynames.crt.der 525 hexdump -ve '1/1 "%.2X"' $< | sed "s/62A4473045310B/62A4473145310B/" | xxd -r -p > $@ 526 527 # Second directoryname OID length malformed 03 -> 15 528 parse_input/server5-second-directoryname-oid-malformed.crt.der: parse_input/server5-two-directorynames.crt.der 529 hexdump -ve '1/1 "%.2X"' $< | sed "s/0355040A0C0A4D414C464F524D5F4D45/1555040A0C0A4D414C464F524D5F4D45/" | xxd -r -p > $@ 530 531 parse_input/rsa_single_san_uri.crt.der rsa_single_san_uri.crt.der: rsa_single_san_uri.key 532 $(OPENSSL) req -x509 -outform der -nodes -days 7300 -newkey rsa:2048 -key $< -out $@ -addext "subjectAltName = URI:urn:example.com:5ff40f78-9210-494f-8206-c2c082f0609c" -extensions 'v3_req' -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS URI SAN" 533 534 parse_input/rsa_multiple_san_uri.crt.der: rsa_multiple_san_uri.key 535 $(OPENSSL) req -x509 -outform der -nodes -days 7300 -newkey rsa:2048 -key $< -out $@ -addext "subjectAltName = URI:urn:example.com:5ff40f78-9210-494f-8206-c2c082f0609c, URI:urn:example.com:5ff40f78-9210-494f-8206-abcde1234567" -extensions 'v3_req' -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS URI SAN" 536 537 test-int-ca3-badsign.crt: test-int-ca3.crt 538 { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; } > $@ 539 all_final += test-int-ca3-badsign.crt 540 541 # server9* 542 543 server9.csr: server9.key 544 $(OPENSSL) req -new -subj "/C=NL/O=PolarSSL/CN=localhost" \ 545 -key $< -out $@ 546 parse_input/server9.crt server9.crt: server9-sha1.crt 547 cp $< $@ 548 all_final += server9.crt 549 all_intermediate += server9.csr server9-sha1.crt 550 551 server9-%.crt: server9.csr $(test_ca_crt) $(test_ca_key_file_rsa) 552 $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa \ 553 -passin "pass:$(test_ca_pwd_rsa)" -CA $(test_ca_crt) -CAkey $(test_ca_key_file_rsa) \ 554 -set_serial $(SERVER9_CRT_SERIAL) -days 3653 \ 555 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:max \ 556 -sigopt rsa_mgf1_md:$(@F:server9-%.crt=%) -$(@F:server9-%.crt=%) \ 557 -in $< -out $@ 558 server9-sha1.crt: SERVER9_CRT_SERIAL=22 559 parse_input/server9-sha224.crt server9-sha224.crt: SERVER9_CRT_SERIAL=23 560 parse_input/server9-sha256.crt server9-sha256.crt: SERVER9_CRT_SERIAL=24 561 parse_input/server9-sha384.crt server9-sha384.crt: SERVER9_CRT_SERIAL=25 562 parse_input/server9-sha512.crt server9-sha512.crt: SERVER9_CRT_SERIAL=26 563 all_final += server9-sha224.crt server9-sha256.crt server9-sha384.crt server9-sha512.crt 564 565 server9-defaults.crt: server9.csr $(test_ca_crt) $(test_ca_key_file_rsa) 566 $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa \ 567 -passin "pass:$(test_ca_pwd_rsa)" -CA $(test_ca_crt) -CAkey $(test_ca_key_file_rsa) \ 568 -set_serial 72 -days 3653 \ 569 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:max -sha1 \ 570 -in $< -out $@ 571 all_final += server9-defaults.crt 572 573 server9-badsign.crt: server9.crt 574 { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; } > $@ 575 all_final += server9-badsign.crt 576 577 server9-with-ca.crt: server9.crt $(test_ca_crt) 578 cat $^ > $@ 579 all_final += server9-with-ca.crt 580 581 server9-bad-mgfhash.crt: server9.csr $(test_ca_crt) $(test_ca_key_file_rsa) 582 $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa \ 583 -passin "pass:$(test_ca_pwd_rsa)" -CA $(test_ca_crt) -CAkey $(test_ca_key_file_rsa) \ 584 -set_serial 24 -days 3653 \ 585 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:max \ 586 -sigopt rsa_mgf1_md:sha224 -sha256 \ 587 -in $< -out $@ 588 all_final += server9-bad-mgfhash.crt 589 590 server9-bad-saltlen.crt: server9.csr $(test_ca_crt) $(test_ca_key_file_rsa) \ 591 opensslcnf/server9.crt.v3_ext \ 592 ../scripts/generate_server9_bad_saltlen.py 593 ../scripts/generate_server9_bad_saltlen.py --ca-name test-ca \ 594 --ca-password $(test_ca_pwd_rsa) --csr server9.csr \ 595 --openssl-extfile opensslcnf/server9.crt.v3_ext \ 596 --anounce_saltlen 0xde --actual_saltlen 0x20 \ 597 --output $@ 598 all_final += server9-bad-saltlen.crt 599 600 # server10* 601 602 server10.crt: server10.key test-int-ca3.crt test-int-ca3.key 603 $(MBEDTLS_CERT_WRITE) subject_key=$< subject_name="CN=localhost" serial=75 \ 604 issuer_crt=test-int-ca3.crt issuer_key=test-int-ca3.key \ 605 subject_identifier=0 authority_identifier=0 \ 606 not_before=20190210144406 not_after=20290210144406 \ 607 md=SHA256 version=3 output_file=$@ 608 all_final += server10.crt 609 server10-badsign.crt: server10.crt 610 { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; } > $@ 611 all_final += server10-badsign.crt 612 server10-bs_int3.pem: server10-badsign.crt test-int-ca3.crt 613 cat server10-badsign.crt test-int-ca3.crt > $@ 614 all_final += server10-bs_int3.pem 615 server10_int3-bs.pem: server10.crt test-int-ca3-badsign.crt 616 cat server10.crt test-int-ca3-badsign.crt > $@ 617 all_final += server10_int3-bs.pem 618 server10_int3_int-ca2.crt: server10.crt test-int-ca3.crt $(test_ca_int_ec) 619 cat $^ > $@ 620 all_final += server10_int3_int-ca2.crt 621 server10_int3_int-ca2_ca.crt: server10.crt test-int-ca3.crt $(test_ca_int_ec) $(test_ca_crt) 622 cat $^ > $@ 623 all_final += server10_int3_int-ca2_ca.crt 624 server10_int3_spurious_int-ca2.crt: server10.crt test-int-ca3.crt $(test_ca_int_rsa1) $(test_ca_int_ec) 625 cat $^ > $@ 626 all_final += server10_int3_spurious_int-ca2.crt 627 628 rsa_pkcs1_2048_public.pem: server8.key 629 $(OPENSSL) rsa -in $< -outform PEM -RSAPublicKey_out -out $@ 630 all_final += rsa_pkcs1_2048_public.pem 631 632 rsa_pkcs1_2048_public.der: rsa_pkcs1_2048_public.pem 633 $(OPENSSL) rsa -RSAPublicKey_in -in $< -outform DER -RSAPublicKey_out -out $@ 634 all_final += rsa_pkcs1_2048_public.der 635 636 rsa_pkcs8_2048_public.pem: server8.key 637 $(OPENSSL) rsa -in $< -outform PEM -pubout -out $@ 638 all_final += rsa_pkcs8_2048_public.pem 639 640 rsa_pkcs8_2048_public.der: rsa_pkcs8_2048_public.pem 641 $(OPENSSL) rsa -pubin -in $< -outform DER -pubout -out $@ 642 all_final += rsa_pkcs8_2048_public.der 643 644 # Generate crl_cat_*.pem 645 # - crt_cat_*.pem: (1+2) concatenations in various orders: 646 # ec = crl-ec-sha256.pem, ecfut = crl-future.pem 647 # rsa = crl.pem, rsabadpem = same with pem error, rsaexp = crl_expired.pem 648 649 crl_cat_ec-rsa.pem:crl-ec-sha256.pem crl.pem 650 cat $^ > $@ 651 652 crl_cat_rsa-ec.pem:crl.pem crl-ec-sha256.pem 653 cat $^ > $@ 654 655 all_final += crl_cat_ec-rsa.pem crl_cat_rsa-ec.pem 656 657 authorityKeyId_subjectKeyId.crt.der: 658 $(OPENSSL) req -x509 -nodes -days 7300 -key server2.key -outform DER -out $@ -config authorityKeyId_subjectKeyId.conf -extensions 'v3_req' -set_serial 593828494303792449134898749208168108403991951034 659 660 authorityKeyId_no_keyid.crt.der: 661 $(OPENSSL) req -x509 -nodes -days 7300 -key server2.key -outform DER -out $@ -config authorityKeyId_subjectKeyId.conf -extensions 'v3_req_authorityKeyId_no_keyid' -set_serial 593828494303792449134898749208168108403991951034 662 663 authorityKeyId_no_issuer.crt.der: 664 $(OPENSSL) req -x509 -nodes -days 7300 -key server2.key -outform DER -out $@ -config authorityKeyId_subjectKeyId.conf -extensions 'v3_req_authorityKeyId_no_issuer' 665 666 authorityKeyId_no_authorityKeyId.crt.der: 667 $(OPENSSL) req -x509 -nodes -days 7300 -key server2.key -outform DER -out $@ -config authorityKeyId_subjectKeyId.conf -extensions 'v3_req_no_authorityKeyId' 668 669 authorityKeyId_subjectKeyId_tag_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der 670 hexdump -ve '1/1 "%.2X"' $< | sed "s/0414A505E864B8DCDF600F50124D60A864AF4D8B4393/0114A505E864B8DCDF600F50124D60A864AF4D8B4393/" | xxd -r -p > $@ 671 672 authorityKeyId_subjectKeyId_tag_len_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der 673 hexdump -ve '1/1 "%.2X"' $< | sed "s/0414A505E864B8DCDF600F50124D60A864AF4D8B4393/0413A505E864B8DCDF600F50124D60A864AF4D8B4393/" | xxd -r -p > $@ 674 675 authorityKeyId_subjectKeyId_length_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der 676 hexdump -ve '1/1 "%.2X"' $< | sed "s/306D8014A505E864B8DC/306C8014A505E864B8DC/" | xxd -r -p > $@ 677 678 authorityKeyId_subjectKeyId_sequence_tag_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der 679 hexdump -ve '1/1 "%.2X"' $< | sed "s/6F306D8014A505E864B8/6F006D8014A505E864B8/" | xxd -r -p > $@ 680 681 authorityKeyId_subjectKeyId_keyid_tag_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der 682 hexdump -ve '1/1 "%.2X"' $< | sed "s/306D8014A505E864B8DC/306D0014A505E864B8DC/" | xxd -r -p > $@ 683 684 authorityKeyId_subjectKeyId_keyid_tag_len_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der 685 hexdump -ve '1/1 "%.2X"' $< | sed "s/306D8014A505E864B8DC/306D80FFA505E864B8DC/" | xxd -r -p > $@ 686 687 authorityKeyId_subjectKeyId_issuer_tag1_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der 688 hexdump -ve '1/1 "%.2X"' $< | sed "s/A13FA43D303B310B3009/003FA43D303B310B3009/" | xxd -r -p > $@ 689 690 authorityKeyId_subjectKeyId_issuer_tag2_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der 691 hexdump -ve '1/1 "%.2X"' $< | sed "s/A43D303B310B30090603/003D303B310B30090603/" | xxd -r -p > $@ 692 693 authorityKeyId_subjectKeyId_sn_tag_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der 694 hexdump -ve '1/1 "%.2X"' $< | sed "s/8214680430CD074DE63F/8114680430CD074DE63F/" | xxd -r -p > $@ 695 696 authorityKeyId_subjectKeyId_sn_len_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der 697 hexdump -ve '1/1 "%.2X"' $< | sed "s/8214680430CD074DE63F/8213680430CD074DE63F/" | xxd -r -p > $@ 698 699 ################################################################ 700 #### Generate various RSA keys 701 ################################################################ 702 703 ### Password used for PKCS1-encoded encrypted RSA keys 704 keys_rsa_basic_pwd = testkey 705 706 ### Password used for PKCS8-encoded encrypted RSA keys 707 keys_rsa_pkcs8_pwd = PolarSSLTest 708 709 ### Basic unencrypted RSA keys from which 710 ### all other encrypted RSA keys are derived. 711 keys_rsa_base = 712 ### TODO: the commands require OpenSSL 1.x to work as desired. With 713 ### OpenSSL 3.x, they produce pkcs8 files. 714 rsa_pkcs1_768_clear.pem: 715 $(OPENSSL) genrsa -out $@ 768 716 keys_rsa_base += rsa_pkcs1_768_clear.pem 717 rsa_pkcs1_769_clear.pem: 718 $(OPENSSL) genrsa -out $@ 769 719 keys_rsa_base += rsa_pkcs1_769_clear.pem 720 rsa_pkcs1_770_clear.pem: 721 $(OPENSSL) genrsa -out $@ 770 722 keys_rsa_base += rsa_pkcs1_770_clear.pem 723 rsa_pkcs1_776_clear.pem: 724 $(OPENSSL) genrsa -out $@ 776 725 keys_rsa_base += rsa_pkcs1_776_clear.pem 726 rsa_pkcs1_784_clear.pem: 727 $(OPENSSL) genrsa -out $@ 784 728 keys_rsa_base += rsa_pkcs1_784_clear.pem 729 rsa_pkcs1_1024_clear.pem: 730 $(OPENSSL) genrsa -out $@ 1024 731 keys_rsa_base += rsa_pkcs1_1024_clear.pem 732 rsa_pkcs1_2048_clear.pem: 733 $(OPENSSL) genrsa -out $@ 2048 734 keys_rsa_base += rsa_pkcs1_2048_clear.pem 735 rsa_pkcs1_4096_clear.pem: 736 $(OPENSSL) genrsa -out $@ 4096 737 keys_rsa_base += rsa_pkcs1_4096_clear.pem 738 739 all_final += $(keys_rsa_base) 740 741 ### PKCS1-encoded, plaintext RSA keys in derived forms 742 743 rsa_pkcs1_%.der: rsa_pkcs1_%.pem 744 $(OPENSSL) pkey -inform PEM -in $< -outform DER -out $@ 745 all_final += $(keys_rsa_base:.pem=.der) 746 747 ### 748 ### PKCS1-encoded, encrypted RSA keys 749 ### 750 751 ### 1024-bit 752 rsa_pkcs1_1024_des.pem: rsa_pkcs1_1024_clear.pem 753 $(OPENSSL) rsa -des -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 754 all_final += rsa_pkcs1_1024_des.pem 755 rsa_pkcs1_1024_3des.pem: rsa_pkcs1_1024_clear.pem 756 $(OPENSSL) rsa -des3 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 757 all_final += rsa_pkcs1_1024_3des.pem 758 rsa_pkcs1_1024_aes128.pem: rsa_pkcs1_1024_clear.pem 759 $(OPENSSL) rsa -aes128 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 760 all_final += rsa_pkcs1_1024_aes128.pem 761 rsa_pkcs1_1024_aes192.pem: rsa_pkcs1_1024_clear.pem 762 $(OPENSSL) rsa -aes192 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 763 all_final += rsa_pkcs1_1024_aes192.pem 764 rsa_pkcs1_1024_aes256.pem: rsa_pkcs1_1024_clear.pem 765 $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 766 all_final += rsa_pkcs1_1024_aes256.pem 767 keys_rsa_enc_basic_1024: rsa_pkcs1_1024_des.pem rsa_pkcs1_1024_3des.pem rsa_pkcs1_1024_aes128.pem rsa_pkcs1_1024_aes192.pem rsa_pkcs1_1024_aes256.pem 768 769 # 2048-bit 770 rsa_pkcs1_2048_des.pem: rsa_pkcs1_2048_clear.pem 771 $(OPENSSL) rsa -des -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 772 all_final += rsa_pkcs1_2048_des.pem 773 rsa_pkcs1_2048_3des.pem: rsa_pkcs1_2048_clear.pem 774 $(OPENSSL) rsa -des3 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 775 all_final += rsa_pkcs1_2048_3des.pem 776 rsa_pkcs1_2048_aes128.pem: rsa_pkcs1_2048_clear.pem 777 $(OPENSSL) rsa -aes128 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 778 all_final += rsa_pkcs1_2048_aes128.pem 779 rsa_pkcs1_2048_aes192.pem: rsa_pkcs1_2048_clear.pem 780 $(OPENSSL) rsa -aes192 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 781 all_final += rsa_pkcs1_2048_aes192.pem 782 rsa_pkcs1_2048_aes256.pem: rsa_pkcs1_2048_clear.pem 783 $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 784 all_final += rsa_pkcs1_2048_aes256.pem 785 keys_rsa_enc_basic_2048: rsa_pkcs1_2048_des.pem rsa_pkcs1_2048_3des.pem rsa_pkcs1_2048_aes128.pem rsa_pkcs1_2048_aes192.pem rsa_pkcs1_2048_aes256.pem 786 787 # 4096-bit 788 rsa_pkcs1_4096_des.pem: rsa_pkcs1_4096_clear.pem 789 $(OPENSSL) rsa -des -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 790 all_final += rsa_pkcs1_4096_des.pem 791 rsa_pkcs1_4096_3des.pem: rsa_pkcs1_4096_clear.pem 792 $(OPENSSL) rsa -des3 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 793 all_final += rsa_pkcs1_4096_3des.pem 794 rsa_pkcs1_4096_aes128.pem: rsa_pkcs1_4096_clear.pem 795 $(OPENSSL) rsa -aes128 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 796 all_final += rsa_pkcs1_4096_aes128.pem 797 rsa_pkcs1_4096_aes192.pem: rsa_pkcs1_4096_clear.pem 798 $(OPENSSL) rsa -aes192 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 799 all_final += rsa_pkcs1_4096_aes192.pem 800 rsa_pkcs1_4096_aes256.pem: rsa_pkcs1_4096_clear.pem 801 $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 802 all_final += rsa_pkcs1_4096_aes256.pem 803 keys_rsa_enc_basic_4096: rsa_pkcs1_4096_des.pem rsa_pkcs1_4096_3des.pem rsa_pkcs1_4096_aes128.pem rsa_pkcs1_4096_aes192.pem rsa_pkcs1_4096_aes256.pem 804 805 ### 806 ### PKCS8-v1 encoded, encrypted RSA keys 807 ### 808 809 ### 1024-bit 810 rsa_pkcs8_pbe_sha1_1024_3des.der: rsa_pkcs1_1024_clear.pem 811 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES 812 all_final += rsa_pkcs8_pbe_sha1_1024_3des.der 813 rsa_pkcs8_pbe_sha1_1024_3des.pem: rsa_pkcs1_1024_clear.pem 814 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES 815 all_final += rsa_pkcs8_pbe_sha1_1024_3des.pem 816 keys_rsa_enc_pkcs8_v1_1024_3des: rsa_pkcs8_pbe_sha1_1024_3des.pem rsa_pkcs8_pbe_sha1_1024_3des.der 817 818 rsa_pkcs8_pbe_sha1_1024_2des.der: rsa_pkcs1_1024_clear.pem 819 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES 820 all_final += rsa_pkcs8_pbe_sha1_1024_2des.der 821 rsa_pkcs8_pbe_sha1_1024_2des.pem: rsa_pkcs1_1024_clear.pem 822 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES 823 all_final += rsa_pkcs8_pbe_sha1_1024_2des.pem 824 keys_rsa_enc_pkcs8_v1_1024_2des: rsa_pkcs8_pbe_sha1_1024_2des.pem rsa_pkcs8_pbe_sha1_1024_2des.der 825 826 keys_rsa_enc_pkcs8_v1_1024: keys_rsa_enc_pkcs8_v1_1024_3des keys_rsa_enc_pkcs8_v1_1024_2des 827 828 ### 2048-bit 829 rsa_pkcs8_pbe_sha1_2048_3des.der: rsa_pkcs1_2048_clear.pem 830 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES 831 all_final += rsa_pkcs8_pbe_sha1_2048_3des.der 832 rsa_pkcs8_pbe_sha1_2048_3des.pem: rsa_pkcs1_2048_clear.pem 833 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES 834 all_final += rsa_pkcs8_pbe_sha1_2048_3des.pem 835 keys_rsa_enc_pkcs8_v1_2048_3des: rsa_pkcs8_pbe_sha1_2048_3des.pem rsa_pkcs8_pbe_sha1_2048_3des.der 836 837 rsa_pkcs8_pbe_sha1_2048_2des.der: rsa_pkcs1_2048_clear.pem 838 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES 839 all_final += rsa_pkcs8_pbe_sha1_2048_2des.der 840 rsa_pkcs8_pbe_sha1_2048_2des.pem: rsa_pkcs1_2048_clear.pem 841 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES 842 all_final += rsa_pkcs8_pbe_sha1_2048_2des.pem 843 keys_rsa_enc_pkcs8_v1_2048_2des: rsa_pkcs8_pbe_sha1_2048_2des.pem rsa_pkcs8_pbe_sha1_2048_2des.der 844 845 keys_rsa_enc_pkcs8_v1_2048: keys_rsa_enc_pkcs8_v1_2048_3des keys_rsa_enc_pkcs8_v1_2048_2des 846 847 ### 4096-bit 848 rsa_pkcs8_pbe_sha1_4096_3des.der: rsa_pkcs1_4096_clear.pem 849 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES 850 all_final += rsa_pkcs8_pbe_sha1_4096_3des.der 851 rsa_pkcs8_pbe_sha1_4096_3des.pem: rsa_pkcs1_4096_clear.pem 852 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES 853 all_final += rsa_pkcs8_pbe_sha1_4096_3des.pem 854 keys_rsa_enc_pkcs8_v1_4096_3des: rsa_pkcs8_pbe_sha1_4096_3des.pem rsa_pkcs8_pbe_sha1_4096_3des.der 855 856 rsa_pkcs8_pbe_sha1_4096_2des.der: rsa_pkcs1_4096_clear.pem 857 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES 858 all_final += rsa_pkcs8_pbe_sha1_4096_2des.der 859 rsa_pkcs8_pbe_sha1_4096_2des.pem: rsa_pkcs1_4096_clear.pem 860 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES 861 all_final += rsa_pkcs8_pbe_sha1_4096_2des.pem 862 keys_rsa_enc_pkcs8_v1_4096_2des: rsa_pkcs8_pbe_sha1_4096_2des.pem rsa_pkcs8_pbe_sha1_4096_2des.der 863 864 keys_rsa_enc_pkcs8_v1_4096: keys_rsa_enc_pkcs8_v1_4096_3des keys_rsa_enc_pkcs8_v1_4096_2des 865 866 ### 867 ### PKCS8-v2 encoded, encrypted RSA keys, no PRF specified (default for OpenSSL1.0: hmacWithSHA1) 868 ### 869 870 ### 1024-bit 871 rsa_pkcs8_pbes2_pbkdf2_1024_3des.der: rsa_pkcs1_1024_clear.pem 872 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 873 all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des.der 874 rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem: rsa_pkcs1_1024_clear.pem 875 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 876 all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem 877 keys_rsa_enc_pkcs8_v2_1024_3des: rsa_pkcs8_pbes2_pbkdf2_1024_3des.der rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem 878 879 rsa_pkcs8_pbes2_pbkdf2_1024_des.der: rsa_pkcs1_1024_clear.pem 880 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 881 all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des.der 882 rsa_pkcs8_pbes2_pbkdf2_1024_des.pem: rsa_pkcs1_1024_clear.pem 883 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 884 all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des.pem 885 keys_rsa_enc_pkcs8_v2_1024_des: rsa_pkcs8_pbes2_pbkdf2_1024_des.der rsa_pkcs8_pbes2_pbkdf2_1024_des.pem 886 887 keys_rsa_enc_pkcs8_v2_1024: keys_rsa_enc_pkcs8_v2_1024_3des keys_rsa_enc_pkcs8_v2_1024_des 888 889 ### 2048-bit 890 rsa_pkcs8_pbes2_pbkdf2_2048_3des.der: rsa_pkcs1_2048_clear.pem 891 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 892 all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des.der 893 rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem: rsa_pkcs1_2048_clear.pem 894 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 895 all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem 896 keys_rsa_enc_pkcs8_v2_2048_3des: rsa_pkcs8_pbes2_pbkdf2_2048_3des.der rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem 897 898 rsa_pkcs8_pbes2_pbkdf2_2048_des.der: rsa_pkcs1_2048_clear.pem 899 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 900 all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des.der 901 rsa_pkcs8_pbes2_pbkdf2_2048_des.pem: rsa_pkcs1_2048_clear.pem 902 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 903 all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des.pem 904 keys_rsa_enc_pkcs8_v2_2048_des: rsa_pkcs8_pbes2_pbkdf2_2048_des.der rsa_pkcs8_pbes2_pbkdf2_2048_des.pem 905 906 keys_rsa_enc_pkcs8_v2_2048: keys_rsa_enc_pkcs8_v2_2048_3des keys_rsa_enc_pkcs8_v2_2048_des 907 908 ### 4096-bit 909 rsa_pkcs8_pbes2_pbkdf2_4096_3des.der: rsa_pkcs1_4096_clear.pem 910 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 911 all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des.der 912 rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem: rsa_pkcs1_4096_clear.pem 913 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 914 all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem 915 keys_rsa_enc_pkcs8_v2_4096_3des: rsa_pkcs8_pbes2_pbkdf2_4096_3des.der rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem 916 917 rsa_pkcs8_pbes2_pbkdf2_4096_des.der: rsa_pkcs1_4096_clear.pem 918 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 919 all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des.der 920 rsa_pkcs8_pbes2_pbkdf2_4096_des.pem: rsa_pkcs1_4096_clear.pem 921 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 922 all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des.pem 923 keys_rsa_enc_pkcs8_v2_4096_des: rsa_pkcs8_pbes2_pbkdf2_4096_des.der rsa_pkcs8_pbes2_pbkdf2_4096_des.pem 924 925 keys_rsa_enc_pkcs8_v2_4096: keys_rsa_enc_pkcs8_v2_4096_3des keys_rsa_enc_pkcs8_v2_4096_des 926 927 ### 928 ### PKCS8-v2 encoded, encrypted RSA keys, PRF hmacWithSHA224 929 ### 930 931 ### 1024-bit 932 rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der: rsa_pkcs1_1024_clear.pem 933 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 934 all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der 935 rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem: rsa_pkcs1_1024_clear.pem 936 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 937 all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem 938 keys_rsa_enc_pkcs8_v2_1024_3des_sha224: rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem 939 940 rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der: rsa_pkcs1_1024_clear.pem 941 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 942 all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der 943 rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem: rsa_pkcs1_1024_clear.pem 944 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 945 all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem 946 keys_rsa_enc_pkcs8_v2_1024_des_sha224: rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem 947 948 keys_rsa_enc_pkcs8_v2_1024_sha224: keys_rsa_enc_pkcs8_v2_1024_3des_sha224 keys_rsa_enc_pkcs8_v2_1024_des_sha224 949 950 ### 2048-bit 951 rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der: rsa_pkcs1_2048_clear.pem 952 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 953 all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der 954 rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem: rsa_pkcs1_2048_clear.pem 955 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 956 all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem 957 keys_rsa_enc_pkcs8_v2_2048_3des_sha224: rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem 958 959 rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der: rsa_pkcs1_2048_clear.pem 960 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 961 all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der 962 rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem: rsa_pkcs1_2048_clear.pem 963 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 964 all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem 965 keys_rsa_enc_pkcs8_v2_2048_des_sha224: rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem 966 967 keys_rsa_enc_pkcs8_v2_2048_sha224: keys_rsa_enc_pkcs8_v2_2048_3des_sha224 keys_rsa_enc_pkcs8_v2_2048_des_sha224 968 969 ### 4096-bit 970 rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der: rsa_pkcs1_4096_clear.pem 971 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 972 all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der 973 rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem: rsa_pkcs1_4096_clear.pem 974 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 975 all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem 976 keys_rsa_enc_pkcs8_v2_4096_3des_sha224: rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem 977 978 rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der: rsa_pkcs1_4096_clear.pem 979 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 980 all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der 981 rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem: rsa_pkcs1_4096_clear.pem 982 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 983 all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem 984 keys_rsa_enc_pkcs8_v2_4096_des_sha224: rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem 985 986 keys_rsa_enc_pkcs8_v2_4096_sha224: keys_rsa_enc_pkcs8_v2_4096_3des_sha224 keys_rsa_enc_pkcs8_v2_4096_des_sha224 987 988 ### 989 ### PKCS8-v2 encoded, encrypted RSA keys, PRF hmacWithSHA256 990 ### 991 992 ### 1024-bit 993 rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.der: rsa_pkcs1_1024_clear.pem 994 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 995 all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.der 996 rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.pem: rsa_pkcs1_1024_clear.pem 997 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 998 all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.pem 999 keys_rsa_enc_pkcs8_v2_1024_3des_sha256: rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.der rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.pem 1000 1001 rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.der: rsa_pkcs1_1024_clear.pem 1002 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1003 all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.der 1004 rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.pem: rsa_pkcs1_1024_clear.pem 1005 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1006 all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.pem 1007 keys_rsa_enc_pkcs8_v2_1024_des_sha256: rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.der rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.pem 1008 1009 keys_rsa_enc_pkcs8_v2_1024_sha256: keys_rsa_enc_pkcs8_v2_1024_3des_sha256 keys_rsa_enc_pkcs8_v2_1024_des_sha256 1010 1011 ### 2048-bit 1012 rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.der: rsa_pkcs1_2048_clear.pem 1013 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1014 all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.der 1015 rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem: rsa_pkcs1_2048_clear.pem 1016 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1017 all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem 1018 keys_rsa_enc_pkcs8_v2_2048_3des_sha256: rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.der rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem 1019 1020 rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.der: rsa_pkcs1_2048_clear.pem 1021 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1022 all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.der 1023 rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem: rsa_pkcs1_2048_clear.pem 1024 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1025 all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem 1026 keys_rsa_enc_pkcs8_v2_2048_des_sha256: rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.der rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem 1027 1028 keys_rsa_enc_pkcs8_v2_2048_sha256: keys_rsa_enc_pkcs8_v2_2048_3des_sha256 keys_rsa_enc_pkcs8_v2_2048_des_sha256 1029 1030 ### 4096-bit 1031 rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der: rsa_pkcs1_4096_clear.pem 1032 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1033 all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der 1034 rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem: rsa_pkcs1_4096_clear.pem 1035 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1036 all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem 1037 keys_rsa_enc_pkcs8_v2_4096_3des_sha256: rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem 1038 1039 rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der: rsa_pkcs1_4096_clear.pem 1040 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1041 all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der 1042 rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem: rsa_pkcs1_4096_clear.pem 1043 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1044 all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem 1045 keys_rsa_enc_pkcs8_v2_4096_des_sha256: rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem 1046 1047 keys_rsa_enc_pkcs8_v2_4096_sha256: keys_rsa_enc_pkcs8_v2_4096_3des_sha256 keys_rsa_enc_pkcs8_v2_4096_des_sha256 1048 1049 ### 1050 ### PKCS8-v2 encoded, encrypted RSA keys, PRF hmacWithSHA384 1051 ### 1052 1053 ### 1024-bit 1054 rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.der: rsa_pkcs1_1024_clear.pem 1055 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1056 all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.der 1057 rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem: rsa_pkcs1_1024_clear.pem 1058 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1059 all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem 1060 keys_rsa_enc_pkcs8_v2_1024_3des_sha384: rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.der rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem 1061 1062 rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.der: rsa_pkcs1_1024_clear.pem 1063 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1064 all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.der 1065 rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.pem: rsa_pkcs1_1024_clear.pem 1066 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1067 all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.pem 1068 keys_rsa_enc_pkcs8_v2_1024_des_sha384: rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.der rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.pem 1069 1070 keys_rsa_enc_pkcs8_v2_1024_sha384: keys_rsa_enc_pkcs8_v2_1024_3des_sha384 keys_rsa_enc_pkcs8_v2_1024_des_sha384 1071 1072 ### 2048-bit 1073 rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der: rsa_pkcs1_2048_clear.pem 1074 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1075 all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der 1076 rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem: rsa_pkcs1_2048_clear.pem 1077 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1078 all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem 1079 keys_rsa_enc_pkcs8_v2_2048_3des_sha384: rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem 1080 1081 rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.der: rsa_pkcs1_2048_clear.pem 1082 $(OPENSSL) pkcs8 -topk8 -v2 aes-128-cbc -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1083 all_final += rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.der 1084 rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.pem: rsa_pkcs1_2048_clear.pem 1085 $(OPENSSL) pkcs8 -topk8 -v2 aes-128-cbc -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1086 all_final += rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.pem 1087 keys_rsa_enc_pkcs8_v2_2048_aes128cbc_sha384: rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.der rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.pem 1088 1089 rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.der: rsa_pkcs1_2048_clear.pem 1090 $(OPENSSL) pkcs8 -topk8 -v2 aes-192-cbc -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1091 all_final += rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.der 1092 rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.pem: rsa_pkcs1_2048_clear.pem 1093 $(OPENSSL) pkcs8 -topk8 -v2 aes-192-cbc -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1094 all_final += rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.pem 1095 keys_rsa_enc_pkcs8_v2_2048_aes192cbc_sha384: rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.der rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.pem 1096 1097 rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.der: rsa_pkcs1_2048_clear.pem 1098 $(OPENSSL) pkcs8 -topk8 -v2 aes-256-cbc -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1099 all_final += rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.der 1100 rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.pem: rsa_pkcs1_2048_clear.pem 1101 $(OPENSSL) pkcs8 -topk8 -v2 aes-256-cbc -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1102 all_final += rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.pem 1103 keys_rsa_enc_pkcs8_v2_2048_aes256cbc_sha384: rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.der rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.pem 1104 1105 rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der: rsa_pkcs1_2048_clear.pem 1106 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1107 all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der 1108 rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem: rsa_pkcs1_2048_clear.pem 1109 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1110 all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem 1111 keys_rsa_enc_pkcs8_v2_2048_des_sha384: rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem 1112 1113 keys_rsa_enc_pkcs8_v2_2048_sha384: keys_rsa_enc_pkcs8_v2_2048_3des_sha384 keys_rsa_enc_pkcs8_v2_2048_des_sha384 1114 1115 ### 4096-bit 1116 rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der: rsa_pkcs1_4096_clear.pem 1117 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1118 all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der 1119 rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem: rsa_pkcs1_4096_clear.pem 1120 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1121 all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem 1122 keys_rsa_enc_pkcs8_v2_4096_3des_sha384: rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem 1123 1124 rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der: rsa_pkcs1_4096_clear.pem 1125 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1126 all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der 1127 rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem: rsa_pkcs1_4096_clear.pem 1128 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1129 all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem 1130 keys_rsa_enc_pkcs8_v2_4096_des_sha384: rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem 1131 1132 keys_rsa_enc_pkcs8_v2_4096_sha384: keys_rsa_enc_pkcs8_v2_4096_3des_sha384 keys_rsa_enc_pkcs8_v2_4096_des_sha384 1133 1134 ### 1135 ### PKCS8-v2 encoded, encrypted RSA keys, PRF hmacWithSHA512 1136 ### 1137 1138 ### 1024-bit 1139 rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.der: rsa_pkcs1_1024_clear.pem 1140 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1141 all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.der 1142 rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.pem: rsa_pkcs1_1024_clear.pem 1143 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1144 all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.pem 1145 keys_rsa_enc_pkcs8_v2_1024_3des_sha512: rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.der rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.pem 1146 1147 rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.der: rsa_pkcs1_1024_clear.pem 1148 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1149 all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.der 1150 rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.pem: rsa_pkcs1_1024_clear.pem 1151 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1152 all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.pem 1153 keys_rsa_enc_pkcs8_v2_1024_des_sha512: rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.der rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.pem 1154 1155 keys_rsa_enc_pkcs8_v2_1024_sha512: keys_rsa_enc_pkcs8_v2_1024_3des_sha512 keys_rsa_enc_pkcs8_v2_1024_des_sha512 1156 1157 ### 2048-bit 1158 rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.der: rsa_pkcs1_2048_clear.pem 1159 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1160 all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.der 1161 rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem: rsa_pkcs1_2048_clear.pem 1162 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1163 all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem 1164 keys_rsa_enc_pkcs8_v2_2048_3des_sha512: rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.der rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem 1165 1166 rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.der: rsa_pkcs1_2048_clear.pem 1167 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1168 all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.der 1169 rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem: rsa_pkcs1_2048_clear.pem 1170 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1171 all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem 1172 keys_rsa_enc_pkcs8_v2_2048_des_sha512: rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.der rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem 1173 1174 keys_rsa_enc_pkcs8_v2_2048_sha512: keys_rsa_enc_pkcs8_v2_2048_3des_sha512 keys_rsa_enc_pkcs8_v2_2048_des_sha512 1175 1176 ### 4096-bit 1177 rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der: rsa_pkcs1_4096_clear.pem 1178 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1179 all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der 1180 rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem: rsa_pkcs1_4096_clear.pem 1181 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1182 all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem 1183 keys_rsa_enc_pkcs8_v2_4096_3des_sha512: rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem 1184 1185 rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der: rsa_pkcs1_4096_clear.pem 1186 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1187 all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der 1188 rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem: rsa_pkcs1_4096_clear.pem 1189 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1190 all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem 1191 keys_rsa_enc_pkcs8_v2_4096_des_sha512: rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem 1192 1193 keys_rsa_enc_pkcs8_v2_4096_sha512: keys_rsa_enc_pkcs8_v2_4096_3des_sha512 keys_rsa_enc_pkcs8_v2_4096_des_sha512 1194 1195 ### 1196 ### Rules to generate all RSA keys from a particular class 1197 ### 1198 1199 ### Generate cleartext RSA keys in derived formats 1200 keys_rsa_cleartext: $(keys_rsa_base) $(keys_rsa_base:.pem=.der) 1201 1202 ### Generate PKCS1-encoded encrypted RSA keys 1203 keys_rsa_enc_basic: keys_rsa_enc_basic_1024 keys_rsa_enc_basic_2048 keys_rsa_enc_basic_4096 1204 1205 ### Generate PKCS8-v1 encrypted RSA keys 1206 keys_rsa_enc_pkcs8_v1: keys_rsa_enc_pkcs8_v1_1024 keys_rsa_enc_pkcs8_v1_2048 keys_rsa_enc_pkcs8_v1_4096 1207 1208 ### Generate PKCS8-v2 encrypted RSA keys 1209 keys_rsa_enc_pkcs8_v2: keys_rsa_enc_pkcs8_v2_1024 keys_rsa_enc_pkcs8_v2_2048 keys_rsa_enc_pkcs8_v2_4096 keys_rsa_enc_pkcs8_v2_1024_sha224 keys_rsa_enc_pkcs8_v2_2048_sha224 keys_rsa_enc_pkcs8_v2_4096_sha224 keys_rsa_enc_pkcs8_v2_1024_sha256 keys_rsa_enc_pkcs8_v2_2048_sha256 keys_rsa_enc_pkcs8_v2_4096_sha256 keys_rsa_enc_pkcs8_v2_1024_sha384 keys_rsa_enc_pkcs8_v2_2048_sha384 keys_rsa_enc_pkcs8_v2_4096_sha384 keys_rsa_enc_pkcs8_v2_1024_sha512 keys_rsa_enc_pkcs8_v2_2048_sha512 keys_rsa_enc_pkcs8_v2_4096_sha512 1210 1211 ### Generate all RSA keys 1212 keys_rsa_all: keys_rsa_base keys_rsa_cleartext 1213 keys_rsa_all: keys_rsa_enc_basic keys_rsa_enc_pkcs8_v1 keys_rsa_enc_pkcs8_v2 1214 1215 ################################################################ 1216 #### Generate various EC keys 1217 ################################################################ 1218 1219 ### 1220 ### PKCS8 encoded 1221 ### 1222 1223 ec_prv.pk8.der: 1224 $(OPENSSL) genpkey -algorithm EC -pkeyopt ec_paramgen_curve:prime192v1 -pkeyopt ec_param_enc:named_curve -out $@ -outform DER 1225 all_final += ec_prv.pk8.der 1226 1227 # ### Instructions for creating `ec_prv.pk8nopub.der`, 1228 # ### `ec_prv.pk8nopubparam.der`, and `ec_prv.pk8param.der` by hand from 1229 # ### `ec_prv.pk8.der`. 1230 # 1231 # These instructions assume you are familiar with ASN.1 DER encoding and can 1232 # use a hex editor to manipulate DER. 1233 # 1234 # The relevant ASN.1 definitions for a PKCS#8 encoded Elliptic Curve key are: 1235 # 1236 # PrivateKeyInfo ::= SEQUENCE { 1237 # version Version, 1238 # privateKeyAlgorithm PrivateKeyAlgorithmIdentifier, 1239 # privateKey PrivateKey, 1240 # attributes [0] IMPLICIT Attributes OPTIONAL 1241 # } 1242 # 1243 # AlgorithmIdentifier ::= SEQUENCE { 1244 # algorithm OBJECT IDENTIFIER, 1245 # parameters ANY DEFINED BY algorithm OPTIONAL 1246 # } 1247 # 1248 # ECParameters ::= CHOICE { 1249 # namedCurve OBJECT IDENTIFIER 1250 # -- implicitCurve NULL 1251 # -- specifiedCurve SpecifiedECDomain 1252 # } 1253 # 1254 # ECPrivateKey ::= SEQUENCE { 1255 # version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1), 1256 # privateKey OCTET STRING, 1257 # parameters [0] ECParameters {{ NamedCurve }} OPTIONAL, 1258 # publicKey [1] BIT STRING OPTIONAL 1259 # } 1260 # 1261 # `ec_prv.pk8.der` as generatde above by OpenSSL should have the following 1262 # fields: 1263 # 1264 # * privateKeyAlgorithm namedCurve 1265 # * privateKey.parameters NOT PRESENT 1266 # * privateKey.publicKey PRESENT 1267 # * attributes NOT PRESENT 1268 # 1269 # # ec_prv.pk8nopub.der 1270 # 1271 # Take `ec_prv.pk8.der` and remove `privateKey.publicKey`. 1272 # 1273 # # ec_prv.pk8nopubparam.der 1274 # 1275 # Take `ec_prv.pk8nopub.der` and add `privateKey.parameters`, the same value as 1276 # `privateKeyAlgorithm.namedCurve`. Don't forget to add the explicit tag. 1277 # 1278 # # ec_prv.pk8param.der 1279 # 1280 # Take `ec_prv.pk8.der` and add `privateKey.parameters`, the same value as 1281 # `privateKeyAlgorithm.namedCurve`. Don't forget to add the explicit tag. 1282 1283 ec_prv.pk8.pem: ec_prv.pk8.der 1284 $(OPENSSL) pkey -in $< -inform DER -out $@ 1285 all_final += ec_prv.pk8.pem 1286 ec_prv.pk8nopub.pem: ec_prv.pk8nopub.der 1287 $(OPENSSL) pkey -in $< -inform DER -out $@ 1288 all_final += ec_prv.pk8nopub.pem 1289 ec_prv.pk8nopubparam.pem: ec_prv.pk8nopubparam.der 1290 $(OPENSSL) pkey -in $< -inform DER -out $@ 1291 all_final += ec_prv.pk8nopubparam.pem 1292 ec_prv.pk8param.pem: ec_prv.pk8param.der 1293 $(OPENSSL) pkey -in $< -inform DER -out $@ 1294 all_final += ec_prv.pk8param.pem 1295 1296 ec_pub.pem: ec_prv.sec1.der 1297 $(OPENSSL) pkey -in $< -inform DER -outform PEM -pubout -out $@ 1298 all_final += ec_pub.pem 1299 1300 ec_prv.sec1.comp.pem: ec_prv.sec1.pem 1301 $(OPENSSL) ec -in $< -out $@ -conv_form compressed 1302 all_final += ec_prv.sec1.comp.pem 1303 1304 ec_224_prv.comp.pem: ec_224_prv.pem 1305 $(OPENSSL) ec -in $< -out $@ -conv_form compressed 1306 all_final += ec_224_prv.comp.pem 1307 1308 ec_256_prv.comp.pem: ec_256_prv.pem 1309 $(OPENSSL) ec -in $< -out $@ -conv_form compressed 1310 all_final += ec_256_prv.comp.pem 1311 1312 ec_384_prv.comp.pem: ec_384_prv.pem 1313 $(OPENSSL) ec -in $< -out $@ -conv_form compressed 1314 all_final += ec_384_prv.comp.pem 1315 1316 ec_521_prv.comp.pem: ec_521_prv.pem 1317 $(OPENSSL) ec -in $< -out $@ -conv_form compressed 1318 all_final += ec_521_prv.comp.pem 1319 1320 ec_bp256_prv.comp.pem: ec_bp256_prv.pem 1321 $(OPENSSL) ec -in $< -out $@ -conv_form compressed 1322 all_final += ec_bp256_prv.comp.pem 1323 1324 ec_bp384_prv.comp.pem: ec_bp384_prv.pem 1325 $(OPENSSL) ec -in $< -out $@ -conv_form compressed 1326 all_final += ec_bp384_prv.comp.pem 1327 1328 ec_bp512_prv.comp.pem: ec_bp512_prv.pem 1329 $(OPENSSL) ec -in $< -out $@ -conv_form compressed 1330 all_final += ec_bp512_prv.comp.pem 1331 1332 ec_pub.comp.pem: ec_pub.pem 1333 $(OPENSSL) ec -pubin -in $< -out $@ -conv_form compressed 1334 all_final += ec_pub.comp.pem 1335 1336 ec_224_pub.comp.pem: ec_224_pub.pem 1337 $(OPENSSL) ec -pubin -in $< -out $@ -conv_form compressed 1338 all_final += ec_224_pub.comp.pem 1339 1340 ec_256_pub.comp.pem: ec_256_pub.pem 1341 $(OPENSSL) ec -pubin -in $< -out $@ -conv_form compressed 1342 all_final += ec_256_pub.comp.pem 1343 1344 ec_384_pub.comp.pem: ec_384_pub.pem 1345 $(OPENSSL) ec -pubin -in $< -out $@ -conv_form compressed 1346 all_final += ec_384_pub.comp.pem 1347 1348 ec_521_pub.comp.pem: ec_521_pub.pem 1349 $(OPENSSL) ec -pubin -in $< -out $@ -conv_form compressed 1350 all_final += ec_521_pub.comp.pem 1351 1352 ec_bp256_pub.comp.pem: ec_bp256_pub.pem 1353 $(OPENSSL) ec -pubin -in $< -out $@ -conv_form compressed 1354 all_final += ec_bp256_pub.comp.pem 1355 1356 ec_bp384_pub.comp.pem: ec_bp384_pub.pem 1357 $(OPENSSL) ec -pubin -in $< -out $@ -conv_form compressed 1358 all_final += ec_bp384_pub.comp.pem 1359 1360 ec_bp512_pub.comp.pem: ec_bp512_pub.pem 1361 $(OPENSSL) ec -pubin -in $< -out $@ -conv_form compressed 1362 all_final += ec_bp512_pub.comp.pem 1363 1364 ec_x25519_prv.der: 1365 $(OPENSSL) genpkey -algorithm X25519 -out $@ -outform DER 1366 all_final += ec_x25519_prv.der 1367 1368 ec_x25519_pub.der: ec_x25519_prv.der 1369 $(OPENSSL) pkey -in $< -inform DER -out $@ -outform DER -pubout 1370 all_final += ec_x25519_pub.der 1371 1372 ec_x25519_prv.pem: ec_x25519_prv.der 1373 $(OPENSSL) pkey -in $< -inform DER -out $@ 1374 all_final += ec_x25519_prv.pem 1375 1376 ec_x25519_pub.pem: ec_x25519_prv.der 1377 $(OPENSSL) pkey -in $< -inform DER -out $@ -pubout 1378 all_final += ec_x25519_pub.pem 1379 1380 ec_x448_prv.der: 1381 $(OPENSSL) genpkey -algorithm X448 -out $@ -outform DER 1382 all_final += ec_x448_prv.der 1383 1384 ec_x448_pub.der: ec_x448_prv.der 1385 $(OPENSSL) pkey -in $< -inform DER -out $@ -outform DER -pubout 1386 all_final += ec_x448_pub.der 1387 1388 ec_x448_prv.pem: ec_x448_prv.der 1389 $(OPENSSL) pkey -in $< -inform DER -out $@ 1390 all_final += ec_x448_prv.pem 1391 1392 ec_x448_pub.pem: ec_x448_prv.der 1393 $(OPENSSL) pkey -in $< -inform DER -out $@ -pubout 1394 all_final += ec_x448_pub.pem 1395 1396 ################################################################ 1397 #### Convert PEM keys to DER format 1398 ################################################################ 1399 server1.pubkey.der: server1.pubkey 1400 $(OPENSSL) pkey -pubin -in $< -out $@ -outform DER 1401 all_final += server1.pubkey.der 1402 1403 rsa4096_pub.der: rsa4096_pub.pem 1404 $(OPENSSL) pkey -pubin -in $< -out $@ -outform DER 1405 all_final += rsa4096_pub.der 1406 1407 ec_pub.der: ec_pub.pem 1408 $(OPENSSL) pkey -pubin -in $< -out $@ -outform DER 1409 all_final += ec_pub.der 1410 1411 ec_521_pub.der: ec_521_pub.pem 1412 $(OPENSSL) pkey -pubin -in $< -out $@ -outform DER 1413 all_final += ec_521_pub.der 1414 1415 ec_bp512_pub.der: ec_bp512_pub.pem 1416 $(OPENSSL) pkey -pubin -in $< -out $@ -outform DER 1417 all_final += ec_bp512_pub.der 1418 1419 server1.key.der: server1.key 1420 $(OPENSSL) pkey -in $< -out $@ -outform DER 1421 all_final += server1.key.der 1422 1423 rsa4096_prv.der: rsa4096_prv.pem 1424 $(OPENSSL) pkey -in $< -out $@ -outform DER 1425 all_final += rsa4096_prv.der 1426 1427 ec_prv.sec1.der: ec_prv.sec1.pem 1428 $(OPENSSL) pkey -in $< -out $@ -outform DER 1429 all_final += ec_prv.sec1.der 1430 1431 ec_256_long_prv.der: ec_256_long_prv.pem 1432 $(OPENSSL) pkey -in $< -out $@ -outform DER 1433 all_final += ec_256_long_prv.der 1434 1435 ec_521_prv.der: ec_521_prv.pem 1436 $(OPENSSL) pkey -in $< -out $@ -outform DER 1437 all_final += ec_521_prv.der 1438 1439 ec_521_short_prv.der: ec_521_short_prv.pem 1440 $(OPENSSL) pkey -in $< -out $@ -outform DER 1441 all_final += ec_521_short_prv.der 1442 1443 ec_bp512_prv.der: ec_bp512_prv.pem 1444 $(OPENSSL) pkey -in $< -out $@ -outform DER 1445 all_final += ec_bp512_prv.der 1446 1447 ################################################################ 1448 ### Generate CSRs for X.509 write test suite 1449 ################################################################ 1450 1451 parse_input/server1.req.sha1 server1.req.sha1: server1.key 1452 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 1453 all_final += server1.req.sha1 1454 1455 parse_input/server1.req.md5 server1.req.md5: server1.key 1456 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=MD5 1457 all_final += server1.req.md5 1458 1459 parse_input/server1.req.sha224 server1.req.sha224: server1.key 1460 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA224 1461 all_final += server1.req.sha224 1462 1463 parse_input/server1.req.sha256 server1.req.sha256: server1.key 1464 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA256 1465 all_final += server1.req.sha256 1466 1467 server1.req.sha256.ext: server1.key 1468 # Generating this with OpenSSL as a comparison point to test we're getting the same result 1469 openssl req -new -out $@ -key $< -subj '/C=NL/O=PolarSSL/CN=PolarSSL Server 1' -sha256 -config server1.req.sha256.conf 1470 1471 parse_input/server1.req.sha384 server1.req.sha384: server1.key 1472 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA384 1473 all_final += server1.req.sha384 1474 1475 parse_input/server1.req.sha512 server1.req.sha512: server1.key 1476 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA512 1477 all_final += server1.req.sha512 1478 1479 server1.req.cert_type: server1.key 1480 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< ns_cert_type=ssl_server subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 1481 all_final += server1.req.cert_type 1482 1483 server1.req.key_usage: server1.key 1484 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< key_usage=digital_signature,non_repudiation,key_encipherment subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 1485 all_final += server1.req.key_usage 1486 1487 server1.req.ku-ct: server1.key 1488 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< key_usage=digital_signature,non_repudiation,key_encipherment ns_cert_type=ssl_server subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 1489 all_final += server1.req.ku-ct 1490 1491 server1.req.key_usage_empty: server1.key 1492 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 force_key_usage=1 1493 all_final += server1.req.key_usage_empty 1494 1495 server1.req.cert_type_empty: server1.key 1496 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 force_ns_cert_type=1 1497 all_final += server1.req.cert_type_empty 1498 1499 parse_input/server1.req.commas.sha256: server1.key 1500 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL\, Commas,CN=PolarSSL Server 1" md=SHA256 1501 1502 parse_input/server1.req.hashsymbol.sha256: server1.key 1503 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=\#PolarSSL,CN=PolarSSL Server 1" md=SHA256 1504 1505 parse_input/server1.req.spaces.sha256: server1.key 1506 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O= PolarSSL ,CN=PolarSSL Server 1" md=SHA256 1507 1508 parse_input/server1.req.asciichars.sha256: server1.key 1509 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=极地SSL,CN=PolarSSL Server 1" md=SHA256 1510 # server2* 1511 1512 server2_pwd_ec = PolarSSLTest 1513 1514 server2.req.sha256: server2.key 1515 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=localhost" md=SHA256 1516 all_intermediate += server2.req.sha256 1517 1518 parse_input/server2.crt.der: parse_input/server2.crt 1519 server2.crt.der: server2.crt 1520 parse_input/server2.crt.der server2.crt.der: 1521 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 1522 all_final += server2.crt.der 1523 1524 server2-sha256.crt.der: server2-sha256.crt 1525 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 1526 all_final += server2-sha256.crt.der 1527 1528 server2.key.der: server2.key 1529 $(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER 1530 all_final += server2.key.der 1531 1532 server2.key.enc: server2.key 1533 $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(server2_pwd_ec)" 1534 all_final += server2.key.enc 1535 1536 # server5* 1537 1538 server5.csr: server5.key 1539 $(OPENSSL) req -new -subj "/C=NL/O=PolarSSL/CN=localhost" \ 1540 -key $< -out $@ 1541 all_intermediate += server5.csr 1542 parse_input/server5.crt server5.crt: server5-sha256.crt 1543 cp $< $@ 1544 all_intermediate += server5-sha256.crt 1545 server5-sha%.crt: server5.csr $(test_ca_crt_file_ec) $(test_ca_key_file_ec) server5.crt.openssl.v3_ext 1546 $(OPENSSL) x509 -req -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) \ 1547 -extfile server5.crt.openssl.v3_ext -set_serial 9 -days 3650 \ 1548 -sha$(@F:server5-sha%.crt=%) -in $< -out $@ 1549 all_final += server5.crt server5-sha1.crt server5-sha224.crt server5-sha384.crt server5-sha512.crt 1550 1551 server5-badsign.crt: server5.crt 1552 { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; } > $@ 1553 all_final += server5-badsign.crt 1554 1555 # The use of 'Server 1' in the DN is intentional here, as the DN is hardcoded in the x509_write test suite.' 1556 server5.req.ku.sha1: server5.key 1557 $(OPENSSL) req -key $< -out $@ -new -nodes -subj "/C=NL/O=PolarSSL/CN=PolarSSL Server 1" -sha1 -addext keyUsage=digitalSignature,nonRepudiation 1558 all_final += server5.req.ku.sha1 1559 1560 server5.ku-ds.crt: SERVER5_CRT_SERIAL=45 1561 server5.ku-ds.crt: SERVER5_KEY_USAGE=digital_signature 1562 server5.ku-ka.crt: SERVER5_CRT_SERIAL=46 1563 server5.ku-ka.crt: SERVER5_KEY_USAGE=key_agreement 1564 server5.ku-ke.crt: SERVER5_CRT_SERIAL=47 1565 server5.ku-ke.crt: SERVER5_KEY_USAGE=key_encipherment 1566 server5.eku-cs.crt: SERVER5_CRT_SERIAL=58 1567 server5.eku-cs.crt: SERVER5_EXT_KEY_USAGE=codeSigning 1568 server5.eku-cs_any.crt: SERVER5_CRT_SERIAL=59 1569 server5.eku-cs_any.crt: SERVER5_EXT_KEY_USAGE=codeSigning,any 1570 server5.eku-cli.crt: SERVER5_CRT_SERIAL=60 1571 server5.eku-cli.crt: SERVER5_EXT_KEY_USAGE=clientAuth 1572 server5.eku-srv_cli.crt: SERVER5_CRT_SERIAL=61 1573 server5.eku-srv_cli.crt: SERVER5_EXT_KEY_USAGE=serverAuth,clientAuth 1574 server5.eku-srv.crt: SERVER5_CRT_SERIAL=62 1575 server5.eku-srv.crt: SERVER5_EXT_KEY_USAGE=serverAuth 1576 server5.ku-%.crt: SERVER5_EXT_OPTS=key_usage=$(SERVER5_KEY_USAGE) 1577 server5.eku-%.crt: SERVER5_EXT_OPTS=ext_key_usage=$(SERVER5_EXT_KEY_USAGE) 1578 server5.%.crt: server5.key 1579 $(MBEDTLS_CERT_WRITE) \ 1580 subject_key=$< subject_name="C=NL,O=PolarSSL,CN=localhost" serial=$(SERVER5_CRT_SERIAL) \ 1581 issuer_crt=$(test_ca_crt_file_ec) issuer_key=$(test_ca_key_file_ec) $(SERVER5_EXT_OPTS) \ 1582 not_before=20190210144406 not_after=20290210144406 md=SHA256 version=3 output_file=$@ 1583 all_final += server5.ku-ka.crt server5.ku-ke.crt server5.ku-ds.crt 1584 all_final += server5.eku-cs.crt server5.eku-cs_any.crt server5.eku-cli.crt server5.eku-srv_cli.crt server5.eku-srv.crt 1585 1586 # server6* 1587 1588 server6.csr: server6.key 1589 $(OPENSSL) req -new -subj "/C=NL/O=PolarSSL/CN=localhost" \ 1590 -key $< -out $@ 1591 all_intermediate += server6.csr 1592 server6.crt: server6.csr $(test_ca_crt_file_ec) $(test_ca_key_file_ec) 1593 $(OPENSSL) x509 -req -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) \ 1594 -extfile server5.crt.openssl.v3_ext -set_serial 10 -days 3650 -sha256 -in $< -out $@ 1595 all_final += server6.crt 1596 1597 server6-ss-child.csr : server6.key 1598 $(OPENSSL) req -new -subj "/CN=selfsigned-child/OU=testing/O=PolarSSL/C=NL" \ 1599 -key $< -out $@ 1600 all_intermediate += server6-ss-child.csr 1601 server6-ss-child.crt: server6-ss-child.csr server5-selfsigned.crt server5.key server6-ss-child.crt.openssl.v3_ext 1602 $(OPENSSL) x509 -req -CA server5-selfsigned.crt -CAkey server5.key \ 1603 -extfile server6-ss-child.crt.openssl.v3_ext \ 1604 -set_serial 0x53a2cb5822399474a7ec79ec \ 1605 -days 3650 -sha256 -in $< -out $@ 1606 all_final += server6-ss-child.crt 1607 1608 1609 ################################################################ 1610 ### Generate certificates for CRT write check tests 1611 ################################################################ 1612 1613 ### The test files use the Mbed TLS generated certificates server1*.crt, 1614 ### but for comparison with OpenSSL also rules for OpenSSL-generated 1615 ### certificates server1*.crt.openssl are offered. 1616 ### 1617 ### Known differences: 1618 ### * OpenSSL encodes trailing zero-bits in bit-strings occurring in X.509 extension 1619 ### as unused bits, while Mbed TLS doesn't. 1620 1621 test_ca_server1_db = test-ca.server1.db 1622 test_ca_server1_serial = test-ca.server1.serial 1623 test_ca_server1_config_file = test-ca.server1.opensslconf 1624 1625 # server1* 1626 1627 parse_input/server1.crt: parse_input/server1.req.sha256 1628 server1.crt: server1.req.sha256 1629 parse_input/server1.crt server1.crt: $(test_ca_crt) $(test_ca_key_file_rsa) 1630 parse_input/server1.crt server1.crt: 1631 $(MBEDTLS_CERT_WRITE) request_file=$(@D)/server1.req.sha256 \ 1632 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) \ 1633 issuer_pwd=$(test_ca_pwd_rsa) version=1 \ 1634 not_before=20190210144406 not_after=20290210144406 \ 1635 md=SHA1 version=3 output_file=$@ 1636 server1.allSubjectAltNames.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 1637 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ san=URI:http://pki.example.com\;IP:1.2.3.4\;DN:C=UK,O="Mbed TLS",CN="SubjectAltName test"\;DNS:example.com\;RFC822:mail@example.com 1638 server1.long_serial.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 1639 echo "112233445566778899aabbccddeeff0011223344" > test-ca.server1.tmp.serial 1640 $(OPENSSL) ca -in server1.req.sha256 -key PolarSSLTest -config test-ca.server1.test_serial.opensslconf -notext -batch -out $@ 1641 server1.80serial.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 1642 echo "8011223344" > test-ca.server1.tmp.serial 1643 $(OPENSSL) ca -in server1.req.sha256 -key PolarSSLTest -config test-ca.server1.test_serial.opensslconf -notext -batch -out $@ 1644 server1.long_serial_FF.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 1645 echo "ffffffffffffffffffffffffffffffff" > test-ca.server1.tmp.serial 1646 $(OPENSSL) ca -in server1.req.sha256 -key PolarSSLTest -config test-ca.server1.test_serial.opensslconf -notext -batch -out $@ 1647 server1.noauthid.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 1648 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 authority_identifier=0 version=3 output_file=$@ 1649 parse_input/server1.crt.der: parse_input/server1.crt 1650 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 \ 1651 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) \ 1652 issuer_pwd=$(test_ca_pwd_rsa) \ 1653 not_before=20190210144406 not_after=20290210144406 \ 1654 md=SHA1 authority_identifier=0 version=3 output_file=$@ 1655 server1.der: server1.crt 1656 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 1657 server1.commas.crt: server1.key parse_input/server1.req.commas.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 1658 $(MBEDTLS_CERT_WRITE) request_file=parse_input/server1.req.commas.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ 1659 server1.hashsymbol.crt: server1.key parse_input/server1.req.hashsymbol.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 1660 $(MBEDTLS_CERT_WRITE) request_file=parse_input/server1.req.hashsymbol.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ 1661 server1.spaces.crt: server1.key parse_input/server1.req.spaces.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 1662 $(MBEDTLS_CERT_WRITE) request_file=parse_input/server1.req.spaces.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ 1663 server1.asciichars.crt: server1.key parse_input/server1.req.asciichars.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 1664 $(MBEDTLS_CERT_WRITE) request_file=parse_input/server1.req.asciichars.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ 1665 all_final += server1.crt server1.noauthid.crt parse_input/server1.crt.der server1.commas.crt server1.hashsymbol.crt server1.spaces.crt server1.asciichars.crt 1666 1667 parse_input/server1.key_usage.crt: parse_input/server1.req.sha256 1668 server1.key_usage.crt: server1.req.sha256 1669 parse_input/server1.key_usage.crt server1.key_usage.crt: $(test_ca_crt) $(test_ca_key_file_rsa) 1670 parse_input/server1.key_usage.crt server1.key_usage.crt: 1671 $(MBEDTLS_CERT_WRITE) request_file=$(@D)/server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 key_usage=digital_signature,non_repudiation,key_encipherment version=3 output_file=$@ 1672 server1.key_usage_noauthid.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 1673 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 key_usage=digital_signature,non_repudiation,key_encipherment authority_identifier=0 version=3 output_file=$@ 1674 server1.key_usage.der: server1.key_usage.crt 1675 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 1676 all_final += server1.key_usage.crt server1.key_usage_noauthid.crt server1.key_usage.der 1677 1678 parse_input/server1.cert_type.crt: parse_input/server1.req.sha256 1679 server1.cert_type.crt: server1.req.sha256 1680 parse_input/server1.cert_type.crt server1.cert_type.crt: $(test_ca_crt) $(test_ca_key_file_rsa) 1681 parse_input/server1.cert_type.crt server1.cert_type.crt: 1682 $(MBEDTLS_CERT_WRITE) request_file=$(@D)/server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 ns_cert_type=ssl_server version=3 output_file=$@ 1683 server1.cert_type_noauthid.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 1684 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 ns_cert_type=ssl_server authority_identifier=0 version=3 output_file=$@ 1685 server1.cert_type.der: server1.cert_type.crt 1686 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 1687 all_final += server1.cert_type.crt server1.cert_type_noauthid.crt server1.cert_type.der 1688 1689 server1.v1.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 1690 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 version=1 output_file=$@ 1691 server1.v1.der: server1.v1.crt 1692 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 1693 all_final += server1.v1.crt server1.v1.der 1694 1695 server1.ca.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 1696 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 is_ca=1 version=3 output_file=$@ 1697 server1.ca_noauthid.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 1698 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 authority_identifier=0 is_ca=1 version=3 output_file=$@ 1699 server1.ca.der: server1.ca.crt 1700 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 1701 all_final += server1.ca.crt server1.ca_noauthid.crt server1.ca.der 1702 1703 server1-nospace.crt: server1.key test-ca.crt 1704 $(MBEDTLS_CERT_WRITE) subject_key=$< serial=31\ 1705 subject_name="C=NL,O=PolarSSL,CN=polarssl.example" \ 1706 issuer_crt=test-ca.crt issuer_key=$(test_ca_key_file_rsa) \ 1707 issuer_pwd=$(test_ca_pwd_rsa) \ 1708 not_before=20190210144406 not_after=20290210144406 \ 1709 md=SHA256 version=3 authority_identifier=1 \ 1710 output_file=$@ 1711 all_final += server1-nospace.crt 1712 1713 server1_ca.crt: server1.crt $(test_ca_crt) 1714 cat server1.crt $(test_ca_crt) > $@ 1715 all_final += server1_ca.crt 1716 1717 parse_input/cert_sha1.crt cert_sha1.crt: server1.key 1718 $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=PolarSSL Cert SHA1" serial=7 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ 1719 all_final += cert_sha1.crt 1720 1721 parse_input/cert_sha224.crt cert_sha224.crt: server1.key 1722 $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=PolarSSL Cert SHA224" serial=8 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA224 version=3 output_file=$@ 1723 all_final += cert_sha224.crt 1724 1725 parse_input/cert_sha256.crt cert_sha256.crt: server1.key 1726 $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=PolarSSL Cert SHA256" serial=9 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA256 version=3 output_file=$@ 1727 all_final += cert_sha256.crt 1728 1729 parse_input/cert_sha384.crt cert_sha384.crt: server1.key 1730 $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=PolarSSL Cert SHA384" serial=10 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA384 version=3 output_file=$@ 1731 all_final += cert_sha384.crt 1732 1733 parse_input/cert_sha512.crt cert_sha512.crt: server1.key 1734 $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=PolarSSL Cert SHA512" serial=11 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA512 version=3 output_file=$@ 1735 all_final += cert_sha512.crt 1736 1737 cert_example_wildcard.crt: server1.key 1738 $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=*.example.com" serial=12 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ 1739 all_final += cert_example_wildcard.crt 1740 1741 # OpenSSL-generated certificates for comparison 1742 # Also provide certificates in DER format to allow 1743 # direct binary comparison using e.g. dumpasn1 1744 server1.crt.openssl server1.key_usage.crt.openssl server1.cert_type.crt.openssl: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_server1_config_file) 1745 echo "01" > $(test_ca_server1_serial) 1746 rm -f $(test_ca_server1_db) 1747 touch $(test_ca_server1_db) 1748 $(OPENSSL) ca -batch -passin "pass:$(test_ca_pwd_rsa)" -config $(test_ca_server1_config_file) -in server1.req.sha256 -extensions v3_ext -extfile $@.v3_ext -out $@ 1749 server1.der.openssl: server1.crt.openssl 1750 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 1751 server1.key_usage.der.openssl: server1.key_usage.crt.openssl 1752 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 1753 server1.cert_type.der.openssl: server1.cert_type.crt.openssl 1754 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 1755 1756 server1.v1.crt.openssl: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_server1_config_file) 1757 echo "01" > $(test_ca_server1_serial) 1758 rm -f $(test_ca_server1_db) 1759 touch $(test_ca_server1_db) 1760 $(OPENSSL) ca -batch -passin "pass:$(test_ca_pwd_rsa)" -config $(test_ca_server1_config_file) -in server1.req.sha256 -out $@ 1761 server1.v1.der.openssl: server1.v1.crt.openssl 1762 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 1763 1764 # To revoke certificate in the openssl database: 1765 # 1766 # $(OPENSSL) ca -gencrl -batch -cert $(test_ca_crt) -keyfile $(test_ca_key_file_rsa) -key $(test_ca_pwd_rsa) -config $(test_ca_server1_config_file) -md sha256 -crldays 365 -revoke server1.crt 1767 1768 crl.pem: $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_config_file) 1769 $(OPENSSL) ca -gencrl -batch -cert $(test_ca_crt) -keyfile $(test_ca_key_file_rsa) -key $(test_ca_pwd_rsa) -config $(test_ca_server1_config_file) -md sha1 -crldays 3653 -out $@ 1770 1771 crl-futureRevocationDate.pem: $(test_ca_crt) $(test_ca_key_file_rsa) \ 1772 $(test_ca_config_file) \ 1773 test-ca.server1.future-crl.db \ 1774 test-ca.server1.future-crl.opensslconf 1775 $(FAKETIME) -f '+10y' $(OPENSSL) ca -gencrl \ 1776 -config test-ca.server1.future-crl.opensslconf -crldays 365 \ 1777 -passin "pass:$(test_ca_pwd_rsa)" -out $@ 1778 1779 server1_all: crl.pem crl-futureRevocationDate.pem server1.crt server1.noauthid.crt server1.crt.openssl server1.v1.crt server1.v1.crt.openssl server1.key_usage.crt server1.key_usage_noauthid.crt server1.key_usage.crt.openssl server1.cert_type.crt server1.cert_type_noauthid.crt server1.cert_type.crt.openssl server1.der server1.der.openssl server1.v1.der server1.v1.der.openssl server1.key_usage.der server1.key_usage.der.openssl server1.cert_type.der server1.cert_type.der.openssl 1780 1781 # server2* 1782 1783 parse_input/server2.crt server2.crt: server2.req.sha256 1784 $(MBEDTLS_CERT_WRITE) request_file=server2.req.sha256 serial=2 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ 1785 all_final += server2.crt 1786 1787 server2.der: server2.crt 1788 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 1789 all_final += server2.crt server2.der 1790 1791 server2-sha256.crt: server2.req.sha256 1792 $(MBEDTLS_CERT_WRITE) request_file=server2.req.sha256 serial=2 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA256 version=3 output_file=$@ 1793 all_final += server2-sha256.crt 1794 1795 server2-sha256.ku-ka.crt: SERVER2_CRT_SERIAL=22 1796 server2-sha256.ku-ka.crt: SERVER2_KEY_USAGE=key_agreement 1797 server2-sha256.ku-ke.crt: SERVER2_CRT_SERIAL=23 1798 server2-sha256.ku-ke.crt: SERVER2_KEY_USAGE=key_encipherment 1799 server2-sha256.ku-ds.crt: SERVER2_CRT_SERIAL=24 1800 server2-sha256.ku-ds.crt: SERVER2_KEY_USAGE=digital_signature 1801 server2-sha256.ku-ds_ke.crt: SERVER2_CRT_SERIAL=28 1802 server2-sha256.ku-ds_ke.crt: SERVER2_KEY_USAGE=digital_signature,key_encipherment 1803 server2-sha256.ku-%.crt: server2.req.sha256 1804 $(MBEDTLS_CERT_WRITE) request_file=server2.req.sha256 serial=$(SERVER2_CRT_SERIAL) \ 1805 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) \ 1806 key_usage="$(SERVER2_KEY_USAGE)" \ 1807 not_before=20190210144406 not_after=20290210144406 md=SHA256 version=3 output_file=$@ 1808 all_final += server2-sha256.ku-ka.crt server2-sha256.ku-ke.crt server2-sha256.ku-ds.crt server2-sha256.ku-ds_ke.crt 1809 1810 all_final += server2.ku-ka.crt server2.ku-ke.crt server2.ku-ds.crt server2.ku-ds_ke.crt 1811 server2.ku-ka.crt: SERVER2_CRT_SERIAL=42 1812 server2.ku-ka.crt: SERVER2_KEY_USAGE=key_agreement 1813 server2.ku-ke.crt: SERVER2_CRT_SERIAL=43 1814 server2.ku-ke.crt: SERVER2_KEY_USAGE=key_encipherment 1815 server2.ku-ds.crt: SERVER2_CRT_SERIAL=44 1816 server2.ku-ds.crt: SERVER2_KEY_USAGE=digital_signature 1817 server2.ku-ds_ke.crt: SERVER2_CRT_SERIAL=48 1818 server2.ku-ds_ke.crt: SERVER2_KEY_USAGE=digital_signature,key_encipherment 1819 server2.ku-%.crt: server2.req.sha256 1820 $(MBEDTLS_CERT_WRITE) request_file=server2.req.sha256 serial=$(SERVER2_CRT_SERIAL) \ 1821 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) \ 1822 key_usage="$(SERVER2_KEY_USAGE)" \ 1823 not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ 1824 all_final += server2.ku-ka.crt server2.ku-ke.crt server2.ku-ds.crt server2.ku-ds_ke.crt 1825 1826 server2-badsign.crt: server2.crt 1827 { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; } > $@ 1828 all_final += server2-badsign.crt 1829 1830 # server3* 1831 1832 parse_input/server3.crt server3.crt: server3.key 1833 $(MBEDTLS_CERT_WRITE) subject_key=$< subject_name="C=NL,O=PolarSSL,CN=localhost" serial=13 \ 1834 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) \ 1835 not_before=20190210144406 not_after=20290210144406 \ 1836 md=SHA1 version=3 output_file=$@ 1837 all_final += server3.crt 1838 1839 # server4* 1840 1841 parse_input/server4.crt server4.crt: server4.key 1842 $(MBEDTLS_CERT_WRITE) subject_key=$< subject_name="C=NL,O=PolarSSL,CN=localhost" serial=8 \ 1843 issuer_crt=$(test_ca_crt_file_ec) issuer_key=$(test_ca_key_file_ec) \ 1844 not_before=20190210144400 not_after=20290210144400 \ 1845 md=SHA256 version=3 output_file=$@ 1846 all_final += server4.crt 1847 1848 # MD5 test certificate 1849 1850 cert_md_test_key = $(cli_crt_key_file_rsa) 1851 1852 cert_md5.csr: $(cert_md_test_key) 1853 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Cert MD5" md=MD5 1854 all_intermediate += cert_md5.csr 1855 1856 parse_input/cert_md5.crt cert_md5.crt: cert_md5.csr 1857 $(MBEDTLS_CERT_WRITE) request_file=$< serial=6 \ 1858 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) \ 1859 issuer_pwd=$(test_ca_pwd_rsa) \ 1860 not_before=20000101121212 not_after=20300101121212 \ 1861 md=MD5 version=3 output_file=$@ 1862 all_final += cert_md5.crt 1863 1864 # TLSv1.3 test certificates 1865 ecdsa_secp256r1.key: ec_256_prv.pem 1866 cp $< $@ 1867 1868 ecdsa_secp256r1.csr: ecdsa_secp256r1.key 1869 $(OPENSSL) req -new -subj "/C=NL/O=PolarSSL/CN=localhost" \ 1870 -key $< -out $@ 1871 all_intermediate += ecdsa_secp256r1.csr 1872 ecdsa_secp256r1.crt: ecdsa_secp256r1.csr 1873 $(OPENSSL) x509 -req -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) \ 1874 -set_serial 77 -days 3653 -sha384 -in $< -out $@ 1875 all_final += ecdsa_secp256r1.crt ecdsa_secp256r1.key 1876 tls13_certs: ecdsa_secp256r1.crt ecdsa_secp256r1.key 1877 1878 ecdsa_secp384r1.key: ec_384_prv.pem 1879 cp $< $@ 1880 ecdsa_secp384r1.csr: ecdsa_secp384r1.key 1881 $(OPENSSL) req -new -subj "/C=NL/O=PolarSSL/CN=localhost" \ 1882 -key $< -out $@ 1883 all_intermediate += ecdsa_secp384r1.csr 1884 ecdsa_secp384r1.crt: ecdsa_secp384r1.csr 1885 $(OPENSSL) x509 -req -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) \ 1886 -set_serial 77 -days 3653 -sha384 -in $< -out $@ 1887 all_final += ecdsa_secp384r1.crt ecdsa_secp384r1.key 1888 tls13_certs: ecdsa_secp384r1.crt ecdsa_secp384r1.key 1889 1890 ecdsa_secp521r1.key: ec_521_prv.pem 1891 cp $< $@ 1892 ecdsa_secp521r1.csr: ecdsa_secp521r1.key 1893 $(OPENSSL) req -new -subj "/C=NL/O=PolarSSL/CN=localhost" \ 1894 -key $< -out $@ 1895 all_intermediate += ecdsa_secp521r1.csr 1896 ecdsa_secp521r1.crt: ecdsa_secp521r1.csr 1897 $(OPENSSL) x509 -req -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) \ 1898 -set_serial 77 -days 3653 -sha384 -in $< -out $@ 1899 all_final += ecdsa_secp521r1.crt ecdsa_secp521r1.key 1900 tls13_certs: ecdsa_secp521r1.crt ecdsa_secp521r1.key 1901 1902 # PKCS7 test data 1903 pkcs7_test_cert_1 = pkcs7-rsa-sha256-1.crt 1904 pkcs7_test_cert_2 = pkcs7-rsa-sha256-2.crt 1905 pkcs7_test_cert_3 = pkcs7-rsa-sha256-3.crt 1906 pkcs7_test_file = pkcs7_data.bin 1907 1908 $(pkcs7_test_file): 1909 printf "Hello\15\n" > $@ 1910 all_final += $(pkcs7_test_file) 1911 1912 pkcs7_zerolendata.bin: 1913 printf '' > $@ 1914 all_final += pkcs7_zerolendata.bin 1915 1916 pkcs7_data_1.bin: 1917 printf "2\15\n" > $@ 1918 all_final += pkcs7_data_1.bin 1919 1920 # Generate signing cert 1921 pkcs7-rsa-sha256-1.crt: 1922 $(OPENSSL) req -x509 -subj="/C=NL/O=PKCS7/CN=PKCS7 Cert 1" -sha256 -nodes -days 3653 -newkey rsa:2048 -keyout pkcs7-rsa-sha256-1.key -out pkcs7-rsa-sha256-1.crt 1923 cat pkcs7-rsa-sha256-1.crt pkcs7-rsa-sha256-1.key > pkcs7-rsa-sha256-1.pem 1924 all_final += pkcs7-rsa-sha256-1.crt 1925 1926 pkcs7-rsa-sha256-2.crt: 1927 $(OPENSSL) req -x509 -subj="/C=NL/O=PKCS7/CN=PKCS7 Cert 2" -sha256 -nodes -days 3653 -newkey rsa:2048 -keyout pkcs7-rsa-sha256-2.key -out pkcs7-rsa-sha256-2.crt 1928 cat pkcs7-rsa-sha256-2.crt pkcs7-rsa-sha256-2.key > pkcs7-rsa-sha256-2.pem 1929 all_final += pkcs7-rsa-sha256-2.crt 1930 1931 pkcs7-rsa-sha256-3.crt: 1932 $(OPENSSL) req -x509 -subj="/C=NL/O=PKCS7/CN=PKCS7 Cert 3" -sha256 -nodes -days 3653 -newkey rsa:2048 -keyout pkcs7-rsa-sha256-3.key -out pkcs7-rsa-sha256-3.crt 1933 cat pkcs7-rsa-sha256-3.crt pkcs7-rsa-sha256-3.key > pkcs7-rsa-sha256-3.pem 1934 all_final += pkcs7-rsa-sha256-3.crt 1935 1936 pkcs7-rsa-expired.crt: 1937 $(FAKETIME) -f -3650d $(OPENSSL) req -x509 -subj="/C=NL/O=PKCS7/CN=PKCS7 Cert Expired" -sha256 -nodes -days 365 -newkey rsa:2048 -keyout pkcs7-rsa-expired.key -out pkcs7-rsa-expired.crt 1938 all_final += pkcs7-rsa-expired.crt 1939 1940 # File with an otherwise valid signature signed with an expired cert 1941 pkcs7_data_rsa_expired.der: pkcs7-rsa-expired.key pkcs7-rsa-expired.crt pkcs7_data.bin 1942 $(OPENSSL) smime -sign -binary -in pkcs7_data.bin -out $@ -md sha256 -inkey pkcs7-rsa-expired.key -signer pkcs7-rsa-expired.crt -noattr -outform DER -out $@ 1943 all_final += pkcs7_data_rsa_expired.der 1944 1945 # Convert signing certs to DER for testing PEM-free builds 1946 pkcs7-rsa-sha256-1.der: $(pkcs7_test_cert_1) 1947 $(OPENSSL) x509 -in pkcs7-rsa-sha256-1.crt -out $@ -outform DER 1948 all_final += pkcs7-rsa-sha256-1.der 1949 1950 pkcs7-rsa-sha256-2.der: $(pkcs7_test_cert_2) 1951 $(OPENSSL) x509 -in pkcs7-rsa-sha256-2.crt -out $@ -outform DER 1952 all_final += pkcs7-rsa-sha256-2.der 1953 1954 pkcs7-rsa-expired.der: pkcs7-rsa-expired.crt 1955 $(OPENSSL) x509 -in pkcs7-rsa-expired.crt -out $@ -outform DER 1956 all_final += pkcs7-rsa-expired.der 1957 1958 # pkcs7 signature file over zero-len data 1959 pkcs7_zerolendata_detached.der: pkcs7_zerolendata.bin pkcs7-rsa-sha256-1.key pkcs7-rsa-sha256-1.crt 1960 $(OPENSSL) smime -sign -md sha256 -nocerts -noattr -in pkcs7_zerolendata.bin -inkey pkcs7-rsa-sha256-1.key -outform DER -binary -signer pkcs7-rsa-sha256-1.crt -out pkcs7_zerolendata_detached.der 1961 all_final += pkcs7_zerolendata_detached.der 1962 1963 # pkcs7 signature file with CERT 1964 pkcs7_data_cert_signed_sha256.der: $(pkcs7_test_file) $(pkcs7_test_cert_1) 1965 $(OPENSSL) smime -sign -binary -in pkcs7_data.bin -out $@ -md sha256 -signer pkcs7-rsa-sha256-1.pem -noattr -outform DER -out $@ 1966 all_final += pkcs7_data_cert_signed_sha256.der 1967 1968 # pkcs7 signature file with CERT and sha1 1969 pkcs7_data_cert_signed_sha1.der: $(pkcs7_test_file) $(pkcs7_test_cert_1) 1970 $(OPENSSL) smime -sign -binary -in pkcs7_data.bin -out $@ -md sha1 -signer pkcs7-rsa-sha256-1.pem -noattr -outform DER -out $@ 1971 all_final += pkcs7_data_cert_signed_sha1.der 1972 1973 # pkcs7 signature file with CERT and sha512 1974 pkcs7_data_cert_signed_sha512.der: $(pkcs7_test_file) $(pkcs7_test_cert_1) 1975 $(OPENSSL) smime -sign -binary -in pkcs7_data.bin -out $@ -md sha512 -signer pkcs7-rsa-sha256-1.pem -noattr -outform DER -out $@ 1976 all_final += pkcs7_data_cert_signed_sha512.der 1977 1978 # pkcs7 signature file without CERT 1979 pkcs7_data_without_cert_signed.der: $(pkcs7_test_file) $(pkcs7_test_cert_1) 1980 $(OPENSSL) smime -sign -binary -in pkcs7_data.bin -out $@ -md sha256 -signer pkcs7-rsa-sha256-1.pem -nocerts -noattr -outform DER -out $@ 1981 all_final += pkcs7_data_without_cert_signed.der 1982 1983 # pkcs7 signature file with signature 1984 pkcs7_data_with_signature.der: $(pkcs7_test_file) $(pkcs7_test_cert_1) 1985 $(OPENSSL) smime -sign -binary -in pkcs7_data.bin -out $@ -md sha256 -signer pkcs7-rsa-sha256-1.pem -nocerts -noattr -nodetach -outform DER -out $@ 1986 all_final += pkcs7_data_with_signature.der 1987 1988 # pkcs7 signature file with two signers 1989 pkcs7_data_multiple_signed.der: $(pkcs7_test_file) $(pkcs7_test_cert_1) $(pkcs7_test_cert_2) 1990 $(OPENSSL) smime -sign -binary -in pkcs7_data.bin -out $@ -md sha256 -signer pkcs7-rsa-sha256-1.pem -signer pkcs7-rsa-sha256-2.pem -nocerts -noattr -outform DER -out $@ 1991 all_final += pkcs7_data_multiple_signed.der 1992 1993 # pkcs7 signature file with three signers 1994 pkcs7_data_3_signed.der: $(pkcs7_test_file) $(pkcs7_test_cert_1) $(pkcs7_test_cert_2) $(pkcs7_test_cert_3) 1995 $(OPENSSL) smime -sign -binary -in pkcs7_data.bin -out $@ -md sha256 -signer pkcs7-rsa-sha256-1.pem -signer pkcs7-rsa-sha256-2.pem -signer pkcs7-rsa-sha256-3.pem -nocerts -noattr -outform DER -out $@ 1996 all_final += pkcs7_data_3_signed.der 1997 1998 # pkcs7 signature file with multiple certificates 1999 pkcs7_data_multiple_certs_signed.der: $(pkcs7_test_file) $(pkcs7_test_cert_1) $(pkcs7_test_cert_2) 2000 $(OPENSSL) smime -sign -binary -in pkcs7_data.bin -out $@ -md sha256 -signer pkcs7-rsa-sha256-1.pem -signer pkcs7-rsa-sha256-2.pem -noattr -outform DER -out $@ 2001 all_final += pkcs7_data_multiple_certs_signed.der 2002 2003 # pkcs7 signature file with corrupted CERT 2004 pkcs7_data_signed_badcert.der: pkcs7_data_cert_signed_sha256.der 2005 cp pkcs7_data_cert_signed_sha256.der $@ 2006 echo 'a1' | xxd -r -p | dd of=$@ bs=1 seek=547 conv=notrunc 2007 all_final += pkcs7_data_signed_badcert.der 2008 2009 # pkcs7 signature file with corrupted signer info 2010 pkcs7_data_signed_badsigner.der: pkcs7_data_cert_signed_sha256.der 2011 cp pkcs7_data_cert_signed_sha256.der $@ 2012 echo 'a1' | xxd -r -p | dd of=$@ bs=1 seek=918 conv=notrunc 2013 all_final += pkcs7_data_signed_badsigner.der 2014 2015 # pkcs7 signature file with invalid tag in signerInfo[1].serial after long issuer name 2016 pkcs7_signerInfo_1_serial_invalid_tag_after_long_name.der: pkcs7_data_multiple_signed.der 2017 cp $< $@ 2018 echo 'a1' | xxd -r -p | dd of=$@ bs=1 seek=498 conv=notrunc 2019 all_final += pkcs7_signerInfo_1_serial_invalid_tag_after_long_name.der 2020 2021 # pkcs7 signature file with invalid tag in signerInfo[2] 2022 pkcs7_signerInfo_2_invalid_tag.der: pkcs7_data_3_signed.der 2023 cp $< $@ 2024 echo 'a1' | xxd -r -p | dd of=$@ bs=1 seek=810 conv=notrunc 2025 all_final += pkcs7_signerInfo_2_invalid_tag.der 2026 2027 # pkcs7 signature file with corrupted signer info[1] 2028 pkcs7_data_signed_badsigner1_badsize.der: pkcs7_data_3_signed.der 2029 cp pkcs7_data_3_signed.der $@ 2030 echo '72' | xxd -p -r | dd of=$@ bs=1 seek=438 conv=notrunc 2031 all_final += pkcs7_data_signed_badsigner1_badsize.der 2032 2033 pkcs7_data_signed_badsigner1_badtag.der: pkcs7_data_3_signed.der 2034 cp pkcs7_data_3_signed.der $@ 2035 echo 'a1' | xxd -p -r | dd of=$@ bs=1 seek=442 conv=notrunc 2036 all_final += pkcs7_data_signed_badsigner1_badtag.der 2037 2038 pkcs7_data_signed_badsigner1_fuzzbad.der: pkcs7_data_3_signed.der 2039 cp pkcs7_data_3_signed.der $@ 2040 echo 'a1' | xxd -p -r | dd of=$@ bs=1 seek=550 conv=notrunc 2041 all_final += pkcs7_data_signed_badsigner1_fuzzbad.der 2042 2043 # pkcs7 signature file with corrupted signer info[2] 2044 pkcs7_data_signed_badsigner2_badsize.der: pkcs7_data_3_signed.der 2045 cp pkcs7_data_3_signed.der $@ 2046 echo '72'| xxd -p -r | dd of=$@ bs=1 seek=813 conv=notrunc 2047 all_final += pkcs7_data_signed_badsigner2_badsize.der 2048 2049 pkcs7_data_signed_badsigner2_badtag.der: pkcs7_data_3_signed.der 2050 cp pkcs7_data_3_signed.der $@ 2051 echo 'a1'| xxd -p -r | dd of=$@ bs=1 seek=817 conv=notrunc 2052 all_final += pkcs7_data_signed_badsigner2_badtag.der 2053 2054 pkcs7_data_signed_badsigner2_fuzzbad.der: pkcs7_data_3_signed.der 2055 cp pkcs7_data_3_signed.der $@ 2056 echo 'a1'| xxd -p -r | dd of=$@ bs=1 seek=925 conv=notrunc 2057 all_final += pkcs7_data_signed_badsigner2_fuzzbad.der 2058 2059 # pkcs7 file with version 2 2060 pkcs7_data_cert_signed_v2.der: pkcs7_data_cert_signed_sha256.der 2061 cp pkcs7_data_cert_signed_sha256.der $@ 2062 echo '02' | xxd -r -p | dd of=$@ bs=1 seek=25 conv=notrunc 2063 all_final += pkcs7_data_cert_signed_v2.der 2064 2065 pkcs7_data_cert_encrypted.der: $(pkcs7_test_file) $(pkcs7_test_cert_1) 2066 $(OPENSSL) smime -encrypt -aes256 -in pkcs7_data.bin -binary -outform DER -out $@ pkcs7-rsa-sha256-1.crt 2067 all_final += pkcs7_data_cert_encrypted.der 2068 2069 ## Negative tests 2070 # For some interesting sizes, what happens if we make them off-by-one? 2071 pkcs7_signerInfo_issuer_invalid_size.der: pkcs7_data_cert_signed_sha256.der 2072 cp $< $@ 2073 echo '35' | xxd -r -p | dd of=$@ seek=919 bs=1 conv=notrunc 2074 all_final += pkcs7_signerInfo_issuer_invalid_size.der 2075 2076 pkcs7_signerInfo_serial_invalid_size.der: pkcs7_data_cert_signed_sha256.der 2077 cp $< $@ 2078 echo '15' | xxd -r -p | dd of=$@ seek=973 bs=1 conv=notrunc 2079 all_final += pkcs7_signerInfo_serial_invalid_size.der 2080 2081 # pkcs7 signature file just with signed data 2082 pkcs7_data_cert_signeddata_sha256.der: pkcs7_data_cert_signed_sha256.der 2083 dd if=pkcs7_data_cert_signed_sha256.der of=$@ skip=19 bs=1 2084 all_final += pkcs7_data_cert_signeddata_sha256.der 2085 2086 # - test-ca-v1.crt: v1 "CA", signs 2087 # server1-v1.crt: v1 "intermediate CA", signs 2088 # server2-v1*.crt: EE cert (without of with chain in same file) 2089 2090 test-ca-v1.crt: $(test_ca_key_file_rsa) test-ca.req.sha256 2091 $(MBEDTLS_CERT_WRITE) is_ca=1 serial_hex=53a2b68e05400e555c9395e5 \ 2092 request_file=test-ca.req.sha256 \ 2093 selfsign=1 issuer_name="CN=PolarSSL Test CA v1,OU=testing,O=PolarSSL,C=NL" \ 2094 issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) \ 2095 not_before=20190210144400 not_after=20290210144400 md=SHA256 version=1 \ 2096 output_file=$@ 2097 all_final += test-ca-v1.crt 2098 2099 server1-v1.crt: server1.key test-ca-v1.crt 2100 $(MBEDTLS_CERT_WRITE) subject_key=$< serial_hex=53a2b6c704cd4d8ebc800bc1\ 2101 subject_name="CN=server1/int-ca-v1,OU=testing,O=PolarSSL,C=NL" \ 2102 issuer_crt=test-ca-v1.crt issuer_key=$(test_ca_key_file_rsa) \ 2103 issuer_pwd=$(test_ca_pwd_rsa) \ 2104 not_before=20190210144406 not_after=20290210144406 \ 2105 md=SHA256 version=1 \ 2106 output_file=$@ 2107 all_final += server1-v1.crt 2108 2109 server2-v1.crt: server2.key server1-v1.crt 2110 $(MBEDTLS_CERT_WRITE) subject_key=$< serial_hex=53a2b6d9235dbc4573f9b76c\ 2111 subject_name="CN=server2,OU=testing,O=PolarSSL,C=NL" \ 2112 issuer_crt=server1-v1.crt issuer_key=server1.key \ 2113 not_before=20190210144406 not_after=20290210144406 \ 2114 md=SHA256 version=1 \ 2115 output_file=$@ 2116 all_final += server2-v1.crt 2117 2118 server2-v1-chain.crt: server2-v1.crt server1-v1.crt 2119 cat $^ > $@ 2120 2121 ################################################################ 2122 #### Diffie-Hellman parameters 2123 ################################################################ 2124 2125 dh.998.pem: 2126 $(OPENSSL) dhparam -out $@ -text 998 2127 2128 dh.999.pem: 2129 $(OPENSSL) dhparam -out $@ -text 999 2130 2131 2132 ################################################################ 2133 #### Meta targets 2134 ################################################################ 2135 2136 all_final: $(all_final) 2137 all: $(all_intermediate) $(all_final) 2138 2139 .PHONY: default all_final all 2140 .PHONY: keys_rsa_all 2141 .PHONY: keys_rsa_enc_basic 2142 .PHONY: keys_rsa_enc_pkcs8_v1 keys_rsa_enc_pkcs8_v2 2143 .PHONY: keys_rsa_enc_basic_1024 keys_rsa_enc_basic_2048 keys_rsa_enc_basic_4096 2144 .PHONY: keys_rsa_enc_pkcs8_v1_1024 keys_rsa_enc_pkcs8_v2_1024 2145 .PHONY: keys_rsa_enc_pkcs8_v1_2048 keys_rsa_enc_pkcs8_v2_2048 2146 .PHONY: keys_rsa_enc_pkcs8_v1_4096 keys_rsa_enc_pkcs8_v2_4096 2147 .PHONY: server1_all 2148 2149 # These files should not be committed to the repository. 2150 list_intermediate: 2151 @printf '%s\n' $(all_intermediate) | sort 2152 # These files should be committed to the repository so that the test data is 2153 # available upon checkout without running a randomized process depending on 2154 # third-party tools. 2155 list_final: 2156 @printf '%s\n' $(all_final) | sort 2157 .PHONY: list_intermediate list_final 2158 2159 ## Remove intermediate files 2160 clean: 2161 rm -f $(all_intermediate) 2162 ## Remove all build products, even the ones that are committed 2163 neat: clean 2164 rm -f $(all_final) 2165 .PHONY: clean neat 2166 2167 .SECONDARY: $(all_intermediate)