1## This file contains a record of how some of the test data was 2## generated. The final build products are committed to the repository 3## as well to make sure that the test data is identical. You do not 4## need to use this makefile unless you're extending mbed TLS's tests. 5 6## Many data files were generated prior to the existence of this 7## makefile, so the method of their generation was not recorded. 8 9## Note that in addition to depending on the version of the data 10## generation tool, many of the build outputs are randomized, so 11## running this makefile twice would not produce the same results. 12 13## Tools 14OPENSSL ?= openssl 15FAKETIME ?= faketime 16 17TOP_DIR = ../.. 18MBEDTLS_CERT_WRITE ?= $(TOP_DIR)/programs/x509/cert_write 19MBEDTLS_CERT_REQ ?= $(TOP_DIR)/programs/x509/cert_req 20 21 22## Build the generated test data. Note that since the final outputs 23## are committed to the repository, this target should do nothing on a 24## fresh checkout. Furthermore, since the generation is randomized, 25## re-running the same targets may result in differing files. The goal 26## of this makefile is primarily to serve as a record of how the 27## targets were generated in the first place. 28default: all_final 29 30all_intermediate := # temporary files 31all_final := # files used by tests 32 33 34 35################################################################ 36#### Generate certificates from existing keys 37################################################################ 38 39test_ca_crt = test-ca.crt 40test_ca_key_file_rsa = test-ca.key 41test_ca_pwd_rsa = PolarSSLTest 42test_ca_config_file = test-ca.opensslconf 43 44test-ca.req.sha256: $(test_ca_key_file_rsa) 45 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$(test_ca_key_file_rsa) password=$(test_ca_pwd_rsa) subject_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" md=SHA256 46all_intermediate += test-ca.req.sha256 47 48test-ca.crt: $(test_ca_key_file_rsa) test-ca.req.sha256 49 $(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 request_file=test-ca.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144400 not_after=20290210144400 md=SHA1 version=3 output_file=$@ 50all_final += test-ca.crt 51 52test-ca.crt.der: test-ca.crt 53 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 54all_final += test-ca.crt.der 55 56test-ca.key.der: $(test_ca_key_file_rsa) 57 $(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER -passin "pass:$(test_ca_pwd_rsa)" 58all_final += test-ca.key.der 59 60test-ca-sha1.crt: $(test_ca_key_file_rsa) test-ca.req.sha256 61 $(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 request_file=test-ca.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144400 not_after=20290210144400 md=SHA1 version=3 output_file=$@ 62all_final += test-ca-sha1.crt 63 64test-ca-sha1.crt.der: test-ca-sha1.crt 65 $(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER 66all_final += test-ca-sha1.crt.der 67 68test-ca-sha256.crt: $(test_ca_key_file_rsa) test-ca.req.sha256 69 $(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 request_file=test-ca.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144400 not_after=20290210144400 md=SHA256 version=3 output_file=$@ 70all_final += test-ca-sha256.crt 71 72test-ca-sha256.crt.der: test-ca-sha256.crt 73 $(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER 74all_final += test-ca-sha256.crt.der 75 76test-ca_utf8.crt: $(test_ca_key_file_rsa) 77 $(OPENSSL) req -x509 -new -nodes -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 3 -config $(test_ca_config_file) -sha1 -days 3653 -utf8 -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test CA" -out $@ 78all_final += test-ca_utf8.crt 79 80test-ca_printable.crt: $(test_ca_key_file_rsa) 81 $(OPENSSL) req -x509 -new -nodes -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 3 -config $(test_ca_config_file) -sha1 -days 3653 -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test CA" -out $@ 82all_final += test-ca_printable.crt 83 84test-ca_uppercase.crt: $(test_ca_key_file_rsa) 85 $(OPENSSL) req -x509 -new -nodes -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 3 -config $(test_ca_config_file) -sha1 -days 3653 -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test CA" -out $@ 86all_final += test-ca_uppercase.crt 87 88test_ca_key_file_rsa_alt = test-ca-alt.key 89 90cert_example_multi.csr: rsa_pkcs1_1024_clear.pem 91 $(OPENSSL) req -new -subj "/C=NL/O=PolarSSL/CN=www.example.com" -set_serial 17 -config $(test_ca_config_file) -extensions dns_alt_names -days 3650 -key rsa_pkcs1_1024_clear.pem -out $@ 92 93cert_example_multi.crt: cert_example_multi.csr 94 $(OPENSSL) x509 -req -CA $(test_ca_crt) -CAkey $(test_ca_key_file_rsa) -extfile $(test_ca_config_file) -extensions dns_alt_names -passin "pass:$(test_ca_pwd_rsa)" -set_serial 17 -days 3653 -sha256 -in $< > $@ 95 96$(test_ca_key_file_rsa_alt):test-ca.opensslconf 97 $(OPENSSL) genrsa -out $@ 2048 98test-ca-alt.csr: $(test_ca_key_file_rsa_alt) $(test_ca_config_file) 99 $(OPENSSL) req -new -config $(test_ca_config_file) -key $(test_ca_key_file_rsa_alt) -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test CA" -out $@ 100all_intermediate += test-ca-alt.csr 101test-ca-alt.crt: $(test_ca_key_file_rsa_alt) $(test_ca_config_file) test-ca-alt.csr 102 $(OPENSSL) req -x509 -config $(test_ca_config_file) -key $(test_ca_key_file_rsa_alt) -set_serial 0 -days 3653 -sha256 -in test-ca-alt.csr -out $@ 103all_final += test-ca-alt.crt 104test-ca-alt-good.crt: test-ca-alt.crt test-ca-sha256.crt 105 cat test-ca-alt.crt test-ca-sha256.crt > $@ 106all_final += test-ca-alt-good.crt 107test-ca-good-alt.crt: test-ca-alt.crt test-ca-sha256.crt 108 cat test-ca-sha256.crt test-ca-alt.crt > $@ 109all_final += test-ca-good-alt.crt 110 111test_ca_crt_file_ec = test-ca2.crt 112test_ca_key_file_ec = test-ca2.key 113 114test-ca2.req.sha256: $(test_ca_key_file_ec) 115 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$(test_ca_key_file_ec) subject_name="C=NL,O=PolarSSL,CN=Polarssl Test EC CA" md=SHA256 116all_intermediate += test-ca2.req.sha256 117 118test-ca2.crt: $(test_ca_key_file_ec) test-ca2.req.sha256 119 $(MBEDTLS_CERT_WRITE) is_ca=1 serial=13926223505202072808 request_file=test-ca2.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=Polarssl Test EC CA" issuer_key=$(test_ca_key_file_ec) not_before=20190210144400 not_after=20290210144400 md=SHA256 version=3 output_file=$@ 120all_final += test-ca.crt 121 122test-ca-any_policy.crt: $(test_ca_key_file_rsa) test-ca.req.sha256 123 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_any_policy_ca -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha256 -in test-ca.req.sha256 -out $@ 124all_final += test-ca-any_policy.crt 125 126test-ca-any_policy_ec.crt: $(test_ca_key_file_ec) test-ca.req_ec.sha256 127 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_any_policy_ca -key $(test_ca_key_file_ec) -set_serial 0 -days 3653 -sha256 -in test-ca.req_ec.sha256 -out $@ 128all_final += test-ca-any_policy_ec.crt 129 130test-ca-any_policy_with_qualifier.crt: $(test_ca_key_file_rsa) test-ca.req.sha256 131 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_any_policy_qualifier_ca -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha256 -in test-ca.req.sha256 -out $@ 132all_final += test-ca-any_policy_with_qualifier.crt 133 134test-ca-any_policy_with_qualifier_ec.crt: $(test_ca_key_file_ec) test-ca.req_ec.sha256 135 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_any_policy_qualifier_ca -key $(test_ca_key_file_ec) -set_serial 0 -days 3653 -sha256 -in test-ca.req_ec.sha256 -out $@ 136all_final += test-ca-any_policy_with_qualifier_ec.crt 137 138test-ca-multi_policy.crt: $(test_ca_key_file_rsa) test-ca.req.sha256 139 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_multi_policy_ca -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha256 -in test-ca.req.sha256 -out $@ 140all_final += test-ca-multi_policy.crt 141 142test-ca-multi_policy_ec.crt: $(test_ca_key_file_ec) test-ca.req_ec.sha256 143 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_multi_policy_ca -key $(test_ca_key_file_ec) -set_serial 0 -days 3653 -sha256 -in test-ca.req_ec.sha256 -out $@ 144all_final += test-ca-multi_policy_ec.crt 145 146test-ca-unsupported_policy.crt: $(test_ca_key_file_rsa) test-ca.req.sha256 147 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_unsupported_policy_ca -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha256 -in test-ca.req.sha256 -out $@ 148all_final += test-ca-unsupported_policy.crt 149 150test-ca-unsupported_policy_ec.crt: $(test_ca_key_file_ec) test-ca.req_ec.sha256 151 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_unsupported_policy_ca -key $(test_ca_key_file_ec) -set_serial 0 -days 3653 -sha256 -in test-ca.req_ec.sha256 -out $@ 152all_final += test-ca-unsupported_policy_ec.crt 153 154test-ca.req_ec.sha256: $(test_ca_key_file_ec) 155 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$(test_ca_key_file_ec) subject_name="C=NL, O=PolarSSL, CN=Polarssl Test EC CA" md=SHA256 156all_intermediate += test-ca.req_ec.sha256 157 158test-ca2.crt.der: $(test_ca_crt_file_ec) 159 $(OPENSSL) x509 -in $(test_ca_crt_file_ec) -out $@ -inform PEM -outform DER 160all_final += test-ca2.crt.der 161 162test-ca2.key.der: $(test_ca_key_file_ec) 163 $(OPENSSL) pkey -in $(test_ca_key_file_ec) -out $@ -inform PEM -outform DER 164all_final += test-ca2.key.der 165 166test_ca_crt_cat12 = test-ca_cat12.crt 167$(test_ca_crt_cat12): $(test_ca_crt) $(test_ca_crt_file_ec) 168 cat $(test_ca_crt) $(test_ca_crt_file_ec) > $@ 169all_final += $(test_ca_crt_cat12) 170 171test_ca_crt_cat21 = test-ca_cat21.crt 172$(test_ca_crt_cat21): $(test_ca_crt) $(test_ca_crt_file_ec) 173 cat $(test_ca_crt_file_ec) $(test_ca_crt) > $@ 174all_final += $(test_ca_crt_cat21) 175 176test-int-ca.csr: test-int-ca.key $(test_ca_config_file) 177 $(OPENSSL) req -new -config $(test_ca_config_file) -key test-int-ca.key -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test Intermediate CA" -out $@ 178all_intermediate += test-int-ca.csr 179test-int-ca-exp.crt: $(test_ca_crt_file_ec) $(test_ca_key_file_ec) $(test_ca_config_file) test-int-ca.csr 180 $(FAKETIME) -f -3653d $(OPENSSL) x509 -req -extfile $(test_ca_config_file) -extensions v3_ca -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) -set_serial 14 -days 3653 -sha256 -in test-int-ca.csr -out $@ 181all_final += test-int-ca-exp.crt 182 183enco-cert-utf8str.pem: rsa_pkcs1_1024_clear.pem 184 $(MBEDTLS_CERT_WRITE) subject_key=rsa_pkcs1_1024_clear.pem subject_name="CN=dw.yonan.net" issuer_crt=enco-ca-prstr.pem issuer_key=rsa_pkcs1_1024_clear.pem not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ 185 186crl-idp.pem: $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_config_file) 187 $(OPENSSL) ca -gencrl -batch -cert $(test_ca_crt) -keyfile $(test_ca_key_file_rsa) -key $(test_ca_pwd_rsa) -config $(test_ca_config_file) -name test_ca -md sha256 -crldays 3653 -crlexts crl_ext_idp -out $@ 188all_final += crl-idp.pem 189crl-idpnc.pem: $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_config_file) 190 $(OPENSSL) ca -gencrl -batch -cert $(test_ca_crt) -keyfile $(test_ca_key_file_rsa) -key $(test_ca_pwd_rsa) -config $(test_ca_config_file) -name test_ca -md sha256 -crldays 3653 -crlexts crl_ext_idp_nc -out $@ 191all_final += crl-idpnc.pem 192 193cli_crt_key_file_rsa = cli-rsa.key 194cli_crt_extensions_file = cli.opensslconf 195 196cli-rsa.csr: $(cli_crt_key_file_rsa) 197 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Client 2" md=SHA1 198all_intermediate += cli-rsa.csr 199 200cli-rsa-sha1.crt: cli-rsa.csr 201 $(MBEDTLS_CERT_WRITE) request_file=$< serial=4 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ 202 203cli-rsa-sha256.crt: cli-rsa.csr 204 $(MBEDTLS_CERT_WRITE) request_file=$< serial=4 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA256 version=3 output_file=$@ 205all_final += cli-rsa-sha256.crt 206 207cli-rsa-sha256.crt.der: cli-rsa-sha256.crt 208 $(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER 209all_final += cli-rsa-sha256.crt.der 210 211cli-rsa-sha256-badalg.crt.der: cli-rsa-sha256.crt.der 212 hexdump -ve '1/1 "%.2X"' $< | sed "s/06092A864886F70D01010B0500/06092A864886F70D01010B0900/2" | xxd -r -p > $@ 213all_final += cli-rsa-sha256-badalg.crt.der 214 215cli-rsa.key.der: $(cli_crt_key_file_rsa) 216 $(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER 217all_final += cli-rsa.key.der 218 219test_ca_int_rsa1 = test-int-ca.crt 220 221server7.csr: server7.key 222 $(OPENSSL) req -new -key server7.key -subj "/C=NL/O=PolarSSL/CN=localhost" -out $@ 223all_intermediate += server7.csr 224server7-expired.crt: server7.csr $(test_ca_int_rsa1) 225 $(FAKETIME) -f -3653d $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA $(test_ca_int_rsa1) -CAkey test-int-ca.key -set_serial 16 -days 3653 -sha256 -in server7.csr | cat - $(test_ca_int_rsa1) > $@ 226all_final += server7-expired.crt 227server7-future.crt: server7.csr $(test_ca_int_rsa1) 228 $(FAKETIME) -f +3653d $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA $(test_ca_int_rsa1) -CAkey test-int-ca.key -set_serial 16 -days 3653 -sha256 -in server7.csr | cat - $(test_ca_int_rsa1) > $@ 229all_final += server7-future.crt 230server7-badsign.crt: server7.crt $(test_ca_int_rsa1) 231 { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; cat $(test_ca_int_rsa1); } > $@ 232all_final += server7-badsign.crt 233server7_int-ca-exp.crt: server7.crt test-int-ca-exp.crt 234 cat server7.crt test-int-ca-exp.crt > $@ 235all_final += server7_int-ca-exp.crt 236 237cli2.req.sha256: cli2.key 238 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Test Client 2" md=SHA256 239 240all_final += server1.req.sha1 241cli2.crt: cli2.req.sha256 242 $(MBEDTLS_CERT_WRITE) request_file=cli2.req.sha256 serial=13 selfsign=0 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test EC CA" issuer_key=$(test_ca_key_file_ec) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144400 not_after=20290210144400 md=SHA256 version=3 output_file=$@ 243all_final += cli2.crt 244 245cli2.crt.der: cli2.crt 246 $(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER 247all_final += cli2.crt.der 248 249cli2.key.der: cli2.key 250 $(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER 251all_final += cli2.key.der 252 253server5_pwd_ec = PolarSSLTest 254 255server5.crt.der: server5.crt 256 $(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER 257all_final += server5.crt.der 258 259server5.key.der: server5.key 260 $(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER 261all_final += server5.key.der 262 263server5.key.enc: server5.key 264 $(OPENSSL) ec -aes256 -in $< -out $@ -passout "pass:$(server5_pwd_ec)" 265all_final += server5.key.enc 266 267server5-ss-expired.crt: server5.key 268 $(FAKETIME) -f -3653d $(OPENSSL) req -x509 -new -subj "/C=UK/O=mbed TLS/OU=testsuite/CN=localhost" -days 3653 -sha256 -key $< -out $@ 269all_final += server5-ss-expired.crt 270 271# try to forge a copy of test-int-ca3 with different key 272server5-ss-forgeca.crt: server5.key 273 $(FAKETIME) '2015-09-01 14:08:43' $(OPENSSL) req -x509 -new -subj "/C=UK/O=mbed TLS/CN=mbed TLS Test intermediate CA 3" -set_serial 77 -config $(test_ca_config_file) -extensions noext_ca -days 3650 -sha256 -key $< -out $@ 274all_final += server5-ss-forgeca.crt 275 276server5-othername.crt: server5.key 277 $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions othername_san -days 3650 -sha256 -key $< -out $@ 278 279server5-unsupported_othername.crt: server5.key 280 $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS unsupported othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions unsupoported_othername_san -days 3650 -sha256 -key $< -out $@ 281 282server5-fan.crt: server5.key 283 $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS FAN" -set_serial 77 -config $(test_ca_config_file) -extensions fan_cert -days 3650 -sha256 -key server5.key -out $@ 284 285server5-tricky-ip-san.crt: server5.key 286 $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS Tricky IP SAN" -set_serial 77 -config $(test_ca_config_file) -extensions tricky_ip_san -days 3650 -sha256 -key server5.key -out $@ 287all_final += server5-tricky-ip-san.crt 288 289server10-badsign.crt: server10.crt 290 { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; } > $@ 291all_final += server10-badsign.crt 292server10-bs_int3.pem: server10-badsign.crt test-int-ca3.crt 293 cat server10-badsign.crt test-int-ca3.crt > $@ 294all_final += server10-bs_int3.pem 295test-int-ca3-badsign.crt: test-int-ca3.crt 296 { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; } > $@ 297all_final += test-int-ca3-badsign.crt 298server10_int3-bs.pem: server10.crt test-int-ca3-badsign.crt 299 cat server10.crt test-int-ca3-badsign.crt > $@ 300all_final += server10_int3-bs.pem 301 302rsa_pkcs1_2048_public.pem: server8.key 303 $(OPENSSL) rsa -in $< -outform PEM -RSAPublicKey_out -out $@ 304all_final += rsa_pkcs1_2048_public.pem 305 306rsa_pkcs1_2048_public.der: rsa_pkcs1_2048_public.pem 307 $(OPENSSL) rsa -RSAPublicKey_in -in $< -outform DER -RSAPublicKey_out -out $@ 308all_final += rsa_pkcs1_2048_public.der 309 310rsa_pkcs8_2048_public.pem: server8.key 311 $(OPENSSL) rsa -in $< -outform PEM -pubout -out $@ 312all_final += rsa_pkcs8_2048_public.pem 313 314rsa_pkcs8_2048_public.der: rsa_pkcs8_2048_public.pem 315 $(OPENSSL) rsa -pubin -in $< -outform DER -pubout -out $@ 316all_final += rsa_pkcs8_2048_public.der 317 318################################################################ 319#### Generate various RSA keys 320################################################################ 321 322### Password used for PKCS1-encoded encrypted RSA keys 323keys_rsa_basic_pwd = testkey 324 325### Password used for PKCS8-encoded encrypted RSA keys 326keys_rsa_pkcs8_pwd = PolarSSLTest 327 328### Basic 1024-, 2048- and 4096-bit unencrypted RSA keys from which 329### all other encrypted RSA keys are derived. 330rsa_pkcs1_1024_clear.pem: 331 $(OPENSSL) genrsa -out $@ 1024 332all_final += rsa_pkcs1_1024_clear.pem 333rsa_pkcs1_2048_clear.pem: 334 $(OPENSSL) genrsa -out $@ 2048 335all_final += rsa_pkcs1_2048_clear.pem 336rsa_pkcs1_4096_clear.pem: 337 $(OPENSSL) genrsa -out $@ 4096 338all_final += rsa_pkcs1_4096_clear.pem 339 340### 341### PKCS1-encoded, encrypted RSA keys 342### 343 344### 1024-bit 345rsa_pkcs1_1024_des.pem: rsa_pkcs1_1024_clear.pem 346 $(OPENSSL) rsa -des -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 347all_final += rsa_pkcs1_1024_des.pem 348rsa_pkcs1_1024_3des.pem: rsa_pkcs1_1024_clear.pem 349 $(OPENSSL) rsa -des3 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 350all_final += rsa_pkcs1_1024_3des.pem 351rsa_pkcs1_1024_aes128.pem: rsa_pkcs1_1024_clear.pem 352 $(OPENSSL) rsa -aes128 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 353all_final += rsa_pkcs1_1024_aes128.pem 354rsa_pkcs1_1024_aes192.pem: rsa_pkcs1_1024_clear.pem 355 $(OPENSSL) rsa -aes192 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 356all_final += rsa_pkcs1_1024_aes192.pem 357rsa_pkcs1_1024_aes256.pem: rsa_pkcs1_1024_clear.pem 358 $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 359all_final += rsa_pkcs1_1024_aes256.pem 360keys_rsa_enc_basic_1024: rsa_pkcs1_1024_des.pem rsa_pkcs1_1024_3des.pem rsa_pkcs1_1024_aes128.pem rsa_pkcs1_1024_aes192.pem rsa_pkcs1_1024_aes256.pem 361 362# 2048-bit 363rsa_pkcs1_2048_des.pem: rsa_pkcs1_2048_clear.pem 364 $(OPENSSL) rsa -des -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 365all_final += rsa_pkcs1_2048_des.pem 366rsa_pkcs1_2048_3des.pem: rsa_pkcs1_2048_clear.pem 367 $(OPENSSL) rsa -des3 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 368all_final += rsa_pkcs1_2048_3des.pem 369rsa_pkcs1_2048_aes128.pem: rsa_pkcs1_2048_clear.pem 370 $(OPENSSL) rsa -aes128 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 371all_final += rsa_pkcs1_2048_aes128.pem 372rsa_pkcs1_2048_aes192.pem: rsa_pkcs1_2048_clear.pem 373 $(OPENSSL) rsa -aes192 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 374all_final += rsa_pkcs1_2048_aes192.pem 375rsa_pkcs1_2048_aes256.pem: rsa_pkcs1_2048_clear.pem 376 $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 377all_final += rsa_pkcs1_2048_aes256.pem 378keys_rsa_enc_basic_2048: rsa_pkcs1_2048_des.pem rsa_pkcs1_2048_3des.pem rsa_pkcs1_2048_aes128.pem rsa_pkcs1_2048_aes192.pem rsa_pkcs1_2048_aes256.pem 379 380# 4096-bit 381rsa_pkcs1_4096_des.pem: rsa_pkcs1_4096_clear.pem 382 $(OPENSSL) rsa -des -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 383all_final += rsa_pkcs1_4096_des.pem 384rsa_pkcs1_4096_3des.pem: rsa_pkcs1_4096_clear.pem 385 $(OPENSSL) rsa -des3 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 386all_final += rsa_pkcs1_4096_3des.pem 387rsa_pkcs1_4096_aes128.pem: rsa_pkcs1_4096_clear.pem 388 $(OPENSSL) rsa -aes128 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 389all_final += rsa_pkcs1_4096_aes128.pem 390rsa_pkcs1_4096_aes192.pem: rsa_pkcs1_4096_clear.pem 391 $(OPENSSL) rsa -aes192 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 392all_final += rsa_pkcs1_4096_aes192.pem 393rsa_pkcs1_4096_aes256.pem: rsa_pkcs1_4096_clear.pem 394 $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 395all_final += rsa_pkcs1_4096_aes256.pem 396keys_rsa_enc_basic_4096: rsa_pkcs1_4096_des.pem rsa_pkcs1_4096_3des.pem rsa_pkcs1_4096_aes128.pem rsa_pkcs1_4096_aes192.pem rsa_pkcs1_4096_aes256.pem 397 398### 399### PKCS8-v1 encoded, encrypted RSA keys 400### 401 402### 1024-bit 403rsa_pkcs8_pbe_sha1_1024_3des.der: rsa_pkcs1_1024_clear.pem 404 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES 405all_final += rsa_pkcs8_pbe_sha1_1024_3des.der 406rsa_pkcs8_pbe_sha1_1024_3des.pem: rsa_pkcs1_1024_clear.pem 407 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES 408all_final += rsa_pkcs8_pbe_sha1_1024_3des.pem 409keys_rsa_enc_pkcs8_v1_1024_3des: rsa_pkcs8_pbe_sha1_1024_3des.pem rsa_pkcs8_pbe_sha1_1024_3des.der 410 411rsa_pkcs8_pbe_sha1_1024_2des.der: rsa_pkcs1_1024_clear.pem 412 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES 413all_final += rsa_pkcs8_pbe_sha1_1024_2des.der 414rsa_pkcs8_pbe_sha1_1024_2des.pem: rsa_pkcs1_1024_clear.pem 415 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES 416all_final += rsa_pkcs8_pbe_sha1_1024_2des.pem 417keys_rsa_enc_pkcs8_v1_1024_2des: rsa_pkcs8_pbe_sha1_1024_2des.pem rsa_pkcs8_pbe_sha1_1024_2des.der 418 419keys_rsa_enc_pkcs8_v1_1024: keys_rsa_enc_pkcs8_v1_1024_3des keys_rsa_enc_pkcs8_v1_1024_2des 420 421### 2048-bit 422rsa_pkcs8_pbe_sha1_2048_3des.der: rsa_pkcs1_2048_clear.pem 423 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES 424all_final += rsa_pkcs8_pbe_sha1_2048_3des.der 425rsa_pkcs8_pbe_sha1_2048_3des.pem: rsa_pkcs1_2048_clear.pem 426 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES 427all_final += rsa_pkcs8_pbe_sha1_2048_3des.pem 428keys_rsa_enc_pkcs8_v1_2048_3des: rsa_pkcs8_pbe_sha1_2048_3des.pem rsa_pkcs8_pbe_sha1_2048_3des.der 429 430rsa_pkcs8_pbe_sha1_2048_2des.der: rsa_pkcs1_2048_clear.pem 431 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES 432all_final += rsa_pkcs8_pbe_sha1_2048_2des.der 433rsa_pkcs8_pbe_sha1_2048_2des.pem: rsa_pkcs1_2048_clear.pem 434 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES 435all_final += rsa_pkcs8_pbe_sha1_2048_2des.pem 436keys_rsa_enc_pkcs8_v1_2048_2des: rsa_pkcs8_pbe_sha1_2048_2des.pem rsa_pkcs8_pbe_sha1_2048_2des.der 437 438keys_rsa_enc_pkcs8_v1_2048: keys_rsa_enc_pkcs8_v1_2048_3des keys_rsa_enc_pkcs8_v1_2048_2des 439 440### 4096-bit 441rsa_pkcs8_pbe_sha1_4096_3des.der: rsa_pkcs1_4096_clear.pem 442 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES 443all_final += rsa_pkcs8_pbe_sha1_4096_3des.der 444rsa_pkcs8_pbe_sha1_4096_3des.pem: rsa_pkcs1_4096_clear.pem 445 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES 446all_final += rsa_pkcs8_pbe_sha1_4096_3des.pem 447keys_rsa_enc_pkcs8_v1_4096_3des: rsa_pkcs8_pbe_sha1_4096_3des.pem rsa_pkcs8_pbe_sha1_4096_3des.der 448 449rsa_pkcs8_pbe_sha1_4096_2des.der: rsa_pkcs1_4096_clear.pem 450 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES 451all_final += rsa_pkcs8_pbe_sha1_4096_2des.der 452rsa_pkcs8_pbe_sha1_4096_2des.pem: rsa_pkcs1_4096_clear.pem 453 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES 454all_final += rsa_pkcs8_pbe_sha1_4096_2des.pem 455keys_rsa_enc_pkcs8_v1_4096_2des: rsa_pkcs8_pbe_sha1_4096_2des.pem rsa_pkcs8_pbe_sha1_4096_2des.der 456 457keys_rsa_enc_pkcs8_v1_4096: keys_rsa_enc_pkcs8_v1_4096_3des keys_rsa_enc_pkcs8_v1_4096_2des 458 459### 460### PKCS8-v2 encoded, encrypted RSA keys, no PRF specified (default for OpenSSL1.0: hmacWithSHA1) 461### 462 463### 1024-bit 464rsa_pkcs8_pbes2_pbkdf2_1024_3des.der: rsa_pkcs1_1024_clear.pem 465 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 466all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des.der 467rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem: rsa_pkcs1_1024_clear.pem 468 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 469all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem 470keys_rsa_enc_pkcs8_v2_1024_3des: rsa_pkcs8_pbes2_pbkdf2_1024_3des.der rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem 471 472rsa_pkcs8_pbes2_pbkdf2_1024_des.der: rsa_pkcs1_1024_clear.pem 473 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 474all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des.der 475rsa_pkcs8_pbes2_pbkdf2_1024_des.pem: rsa_pkcs1_1024_clear.pem 476 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 477all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des.pem 478keys_rsa_enc_pkcs8_v2_1024_des: rsa_pkcs8_pbes2_pbkdf2_1024_des.der rsa_pkcs8_pbes2_pbkdf2_1024_des.pem 479 480keys_rsa_enc_pkcs8_v2_1024: keys_rsa_enc_pkcs8_v2_1024_3des keys_rsa_enc_pkcs8_v2_1024_des 481 482### 2048-bit 483rsa_pkcs8_pbes2_pbkdf2_2048_3des.der: rsa_pkcs1_2048_clear.pem 484 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 485all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des.der 486rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem: rsa_pkcs1_2048_clear.pem 487 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 488all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem 489keys_rsa_enc_pkcs8_v2_2048_3des: rsa_pkcs8_pbes2_pbkdf2_2048_3des.der rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem 490 491rsa_pkcs8_pbes2_pbkdf2_2048_des.der: rsa_pkcs1_2048_clear.pem 492 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 493all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des.der 494rsa_pkcs8_pbes2_pbkdf2_2048_des.pem: rsa_pkcs1_2048_clear.pem 495 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 496all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des.pem 497keys_rsa_enc_pkcs8_v2_2048_des: rsa_pkcs8_pbes2_pbkdf2_2048_des.der rsa_pkcs8_pbes2_pbkdf2_2048_des.pem 498 499keys_rsa_enc_pkcs8_v2_2048: keys_rsa_enc_pkcs8_v2_2048_3des keys_rsa_enc_pkcs8_v2_2048_des 500 501### 4096-bit 502rsa_pkcs8_pbes2_pbkdf2_4096_3des.der: rsa_pkcs1_4096_clear.pem 503 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 504all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des.der 505rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem: rsa_pkcs1_4096_clear.pem 506 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 507all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem 508keys_rsa_enc_pkcs8_v2_4096_3des: rsa_pkcs8_pbes2_pbkdf2_4096_3des.der rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem 509 510rsa_pkcs8_pbes2_pbkdf2_4096_des.der: rsa_pkcs1_4096_clear.pem 511 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 512all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des.der 513rsa_pkcs8_pbes2_pbkdf2_4096_des.pem: rsa_pkcs1_4096_clear.pem 514 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 515all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des.pem 516keys_rsa_enc_pkcs8_v2_4096_des: rsa_pkcs8_pbes2_pbkdf2_4096_des.der rsa_pkcs8_pbes2_pbkdf2_4096_des.pem 517 518keys_rsa_enc_pkcs8_v2_4096: keys_rsa_enc_pkcs8_v2_4096_3des keys_rsa_enc_pkcs8_v2_4096_des 519 520### 521### PKCS8-v2 encoded, encrypted RSA keys, PRF hmacWithSHA224 522### 523 524### 1024-bit 525rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der: rsa_pkcs1_1024_clear.pem 526 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 527all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der 528rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem: rsa_pkcs1_1024_clear.pem 529 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 530all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem 531keys_rsa_enc_pkcs8_v2_1024_3des_sha224: rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem 532 533rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der: rsa_pkcs1_1024_clear.pem 534 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 535all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der 536rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem: rsa_pkcs1_1024_clear.pem 537 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 538all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem 539keys_rsa_enc_pkcs8_v2_1024_des_sha224: rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem 540 541keys_rsa_enc_pkcs8_v2_1024_sha224: keys_rsa_enc_pkcs8_v2_1024_3des_sha224 keys_rsa_enc_pkcs8_v2_1024_des_sha224 542 543### 2048-bit 544rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der: rsa_pkcs1_2048_clear.pem 545 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 546all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der 547rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem: rsa_pkcs1_2048_clear.pem 548 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 549all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem 550keys_rsa_enc_pkcs8_v2_2048_3des_sha224: rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem 551 552rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der: rsa_pkcs1_2048_clear.pem 553 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 554all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der 555rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem: rsa_pkcs1_2048_clear.pem 556 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 557all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem 558keys_rsa_enc_pkcs8_v2_2048_des_sha224: rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem 559 560keys_rsa_enc_pkcs8_v2_2048_sha224: keys_rsa_enc_pkcs8_v2_2048_3des_sha224 keys_rsa_enc_pkcs8_v2_2048_des_sha224 561 562### 4096-bit 563rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der: rsa_pkcs1_4096_clear.pem 564 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 565all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der 566rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem: rsa_pkcs1_4096_clear.pem 567 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 568all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem 569keys_rsa_enc_pkcs8_v2_4096_3des_sha224: rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem 570 571rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der: rsa_pkcs1_4096_clear.pem 572 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 573all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der 574rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem: rsa_pkcs1_4096_clear.pem 575 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 576all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem 577keys_rsa_enc_pkcs8_v2_4096_des_sha224: rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem 578 579keys_rsa_enc_pkcs8_v2_4096_sha224: keys_rsa_enc_pkcs8_v2_4096_3des_sha224 keys_rsa_enc_pkcs8_v2_4096_des_sha224 580 581### 582### PKCS8-v2 encoded, encrypted RSA keys, PRF hmacWithSHA256 583### 584 585### 1024-bit 586rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.der: rsa_pkcs1_1024_clear.pem 587 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 588all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.der 589rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.pem: rsa_pkcs1_1024_clear.pem 590 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 591all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.pem 592keys_rsa_enc_pkcs8_v2_1024_3des_sha256: rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.der rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.pem 593 594rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.der: rsa_pkcs1_1024_clear.pem 595 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 596all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.der 597rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.pem: rsa_pkcs1_1024_clear.pem 598 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 599all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.pem 600keys_rsa_enc_pkcs8_v2_1024_des_sha256: rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.der rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.pem 601 602keys_rsa_enc_pkcs8_v2_1024_sha256: keys_rsa_enc_pkcs8_v2_1024_3des_sha256 keys_rsa_enc_pkcs8_v2_1024_des_sha256 603 604### 2048-bit 605rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.der: rsa_pkcs1_2048_clear.pem 606 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 607all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.der 608rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem: rsa_pkcs1_2048_clear.pem 609 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 610all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem 611keys_rsa_enc_pkcs8_v2_2048_3des_sha256: rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.der rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem 612 613rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.der: rsa_pkcs1_2048_clear.pem 614 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 615all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.der 616rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem: rsa_pkcs1_2048_clear.pem 617 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 618all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem 619keys_rsa_enc_pkcs8_v2_2048_des_sha256: rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.der rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem 620 621keys_rsa_enc_pkcs8_v2_2048_sha256: keys_rsa_enc_pkcs8_v2_2048_3des_sha256 keys_rsa_enc_pkcs8_v2_2048_des_sha256 622 623### 4096-bit 624rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der: rsa_pkcs1_4096_clear.pem 625 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 626all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der 627rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem: rsa_pkcs1_4096_clear.pem 628 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 629all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem 630keys_rsa_enc_pkcs8_v2_4096_3des_sha256: rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem 631 632rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der: rsa_pkcs1_4096_clear.pem 633 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 634all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der 635rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem: rsa_pkcs1_4096_clear.pem 636 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 637all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem 638keys_rsa_enc_pkcs8_v2_4096_des_sha256: rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem 639 640keys_rsa_enc_pkcs8_v2_4096_sha256: keys_rsa_enc_pkcs8_v2_4096_3des_sha256 keys_rsa_enc_pkcs8_v2_4096_des_sha256 641 642### 643### PKCS8-v2 encoded, encrypted RSA keys, PRF hmacWithSHA384 644### 645 646### 1024-bit 647rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.der: rsa_pkcs1_1024_clear.pem 648 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 649all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.der 650rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem: rsa_pkcs1_1024_clear.pem 651 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 652all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem 653keys_rsa_enc_pkcs8_v2_1024_3des_sha384: rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.der rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem 654 655rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.der: rsa_pkcs1_1024_clear.pem 656 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 657all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.der 658rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.pem: rsa_pkcs1_1024_clear.pem 659 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 660all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.pem 661keys_rsa_enc_pkcs8_v2_1024_des_sha384: rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.der rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.pem 662 663keys_rsa_enc_pkcs8_v2_1024_sha384: keys_rsa_enc_pkcs8_v2_1024_3des_sha384 keys_rsa_enc_pkcs8_v2_1024_des_sha384 664 665### 2048-bit 666rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der: rsa_pkcs1_2048_clear.pem 667 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 668all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der 669rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem: rsa_pkcs1_2048_clear.pem 670 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 671all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem 672keys_rsa_enc_pkcs8_v2_2048_3des_sha384: rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem 673 674rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der: rsa_pkcs1_2048_clear.pem 675 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 676all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der 677rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem: rsa_pkcs1_2048_clear.pem 678 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 679all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem 680keys_rsa_enc_pkcs8_v2_2048_des_sha384: rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem 681 682keys_rsa_enc_pkcs8_v2_2048_sha384: keys_rsa_enc_pkcs8_v2_2048_3des_sha384 keys_rsa_enc_pkcs8_v2_2048_des_sha384 683 684### 4096-bit 685rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der: rsa_pkcs1_4096_clear.pem 686 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 687all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der 688rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem: rsa_pkcs1_4096_clear.pem 689 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 690all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem 691keys_rsa_enc_pkcs8_v2_4096_3des_sha384: rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem 692 693rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der: rsa_pkcs1_4096_clear.pem 694 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 695all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der 696rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem: rsa_pkcs1_4096_clear.pem 697 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 698all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem 699keys_rsa_enc_pkcs8_v2_4096_des_sha384: rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem 700 701keys_rsa_enc_pkcs8_v2_4096_sha384: keys_rsa_enc_pkcs8_v2_4096_3des_sha384 keys_rsa_enc_pkcs8_v2_4096_des_sha384 702 703### 704### PKCS8-v2 encoded, encrypted RSA keys, PRF hmacWithSHA512 705### 706 707### 1024-bit 708rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.der: rsa_pkcs1_1024_clear.pem 709 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 710all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.der 711rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.pem: rsa_pkcs1_1024_clear.pem 712 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 713all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.pem 714keys_rsa_enc_pkcs8_v2_1024_3des_sha512: rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.der rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.pem 715 716rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.der: rsa_pkcs1_1024_clear.pem 717 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 718all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.der 719rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.pem: rsa_pkcs1_1024_clear.pem 720 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 721all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.pem 722keys_rsa_enc_pkcs8_v2_1024_des_sha512: rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.der rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.pem 723 724keys_rsa_enc_pkcs8_v2_1024_sha512: keys_rsa_enc_pkcs8_v2_1024_3des_sha512 keys_rsa_enc_pkcs8_v2_1024_des_sha512 725 726### 2048-bit 727rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.der: rsa_pkcs1_2048_clear.pem 728 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 729all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.der 730rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem: rsa_pkcs1_2048_clear.pem 731 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 732all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem 733keys_rsa_enc_pkcs8_v2_2048_3des_sha512: rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.der rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem 734 735rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.der: rsa_pkcs1_2048_clear.pem 736 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 737all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.der 738rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem: rsa_pkcs1_2048_clear.pem 739 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 740all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem 741keys_rsa_enc_pkcs8_v2_2048_des_sha512: rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.der rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem 742 743keys_rsa_enc_pkcs8_v2_2048_sha512: keys_rsa_enc_pkcs8_v2_2048_3des_sha512 keys_rsa_enc_pkcs8_v2_2048_des_sha512 744 745### 4096-bit 746rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der: rsa_pkcs1_4096_clear.pem 747 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 748all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der 749rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem: rsa_pkcs1_4096_clear.pem 750 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 751all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem 752keys_rsa_enc_pkcs8_v2_4096_3des_sha512: rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem 753 754rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der: rsa_pkcs1_4096_clear.pem 755 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 756all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der 757rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem: rsa_pkcs1_4096_clear.pem 758 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 759all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem 760keys_rsa_enc_pkcs8_v2_4096_des_sha512: rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem 761 762keys_rsa_enc_pkcs8_v2_4096_sha512: keys_rsa_enc_pkcs8_v2_4096_3des_sha512 keys_rsa_enc_pkcs8_v2_4096_des_sha512 763 764### 765### Rules to generate all RSA keys from a particular class 766### 767 768### Generate basic unencrypted RSA keys 769keys_rsa_unenc: rsa_pkcs1_1024_clear.pem rsa_pkcs1_2048_clear.pem rsa_pkcs1_4096_clear.pem 770 771### Generate PKCS1-encoded encrypted RSA keys 772keys_rsa_enc_basic: keys_rsa_enc_basic_1024 keys_rsa_enc_basic_2048 keys_rsa_enc_basic_4096 773 774### Generate PKCS8-v1 encrypted RSA keys 775keys_rsa_enc_pkcs8_v1: keys_rsa_enc_pkcs8_v1_1024 keys_rsa_enc_pkcs8_v1_2048 keys_rsa_enc_pkcs8_v1_4096 776 777### Generate PKCS8-v2 encrypted RSA keys 778keys_rsa_enc_pkcs8_v2: keys_rsa_enc_pkcs8_v2_1024 keys_rsa_enc_pkcs8_v2_2048 keys_rsa_enc_pkcs8_v2_4096 keys_rsa_enc_pkcs8_v2_1024_sha224 keys_rsa_enc_pkcs8_v2_2048_sha224 keys_rsa_enc_pkcs8_v2_4096_sha224 keys_rsa_enc_pkcs8_v2_1024_sha256 keys_rsa_enc_pkcs8_v2_2048_sha256 keys_rsa_enc_pkcs8_v2_4096_sha256 keys_rsa_enc_pkcs8_v2_1024_sha384 keys_rsa_enc_pkcs8_v2_2048_sha384 keys_rsa_enc_pkcs8_v2_4096_sha384 keys_rsa_enc_pkcs8_v2_1024_sha512 keys_rsa_enc_pkcs8_v2_2048_sha512 keys_rsa_enc_pkcs8_v2_4096_sha512 779 780### Generate all RSA keys 781keys_rsa_all: keys_rsa_unenc keys_rsa_enc_basic keys_rsa_enc_pkcs8_v1 keys_rsa_enc_pkcs8_v2 782 783################################################################ 784#### Generate various EC keys 785################################################################ 786 787### 788### PKCS8 encoded 789### 790 791ec_prv.pk8.der: 792 $(OPENSSL) genpkey -algorithm EC -pkeyopt ec_paramgen_curve:prime192v1 -pkeyopt ec_param_enc:named_curve -out $@ -outform DER 793all_final += ec_prv.pk8.der 794 795# ### Instructions for creating `ec_prv.pk8nopub.der`, 796# ### `ec_prv.pk8nopubparam.der`, and `ec_prv.pk8param.der` by hand from 797# ### `ec_prv.pk8.der`. 798# 799# These instructions assume you are familiar with ASN.1 DER encoding and can 800# use a hex editor to manipulate DER. 801# 802# The relevant ASN.1 definitions for a PKCS#8 encoded Elliptic Curve key are: 803# 804# PrivateKeyInfo ::= SEQUENCE { 805# version Version, 806# privateKeyAlgorithm PrivateKeyAlgorithmIdentifier, 807# privateKey PrivateKey, 808# attributes [0] IMPLICIT Attributes OPTIONAL 809# } 810# 811# AlgorithmIdentifier ::= SEQUENCE { 812# algorithm OBJECT IDENTIFIER, 813# parameters ANY DEFINED BY algorithm OPTIONAL 814# } 815# 816# ECParameters ::= CHOICE { 817# namedCurve OBJECT IDENTIFIER 818# -- implicitCurve NULL 819# -- specifiedCurve SpecifiedECDomain 820# } 821# 822# ECPrivateKey ::= SEQUENCE { 823# version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1), 824# privateKey OCTET STRING, 825# parameters [0] ECParameters {{ NamedCurve }} OPTIONAL, 826# publicKey [1] BIT STRING OPTIONAL 827# } 828# 829# `ec_prv.pk8.der` as generatde above by OpenSSL should have the following 830# fields: 831# 832# * privateKeyAlgorithm namedCurve 833# * privateKey.parameters NOT PRESENT 834# * privateKey.publicKey PRESENT 835# * attributes NOT PRESENT 836# 837# # ec_prv.pk8nopub.der 838# 839# Take `ec_prv.pk8.der` and remove `privateKey.publicKey`. 840# 841# # ec_prv.pk8nopubparam.der 842# 843# Take `ec_prv.pk8nopub.der` and add `privateKey.parameters`, the same value as 844# `privateKeyAlgorithm.namedCurve`. Don't forget to add the explicit tag. 845# 846# # ec_prv.pk8param.der 847# 848# Take `ec_prv.pk8.der` and add `privateKey.parameters`, the same value as 849# `privateKeyAlgorithm.namedCurve`. Don't forget to add the explicit tag. 850 851ec_prv.pk8.pem: ec_prv.pk8.der 852 $(OPENSSL) pkey -in $< -inform DER -out $@ 853all_final += ec_prv.pk8.pem 854ec_prv.pk8nopub.pem: ec_prv.pk8nopub.der 855 $(OPENSSL) pkey -in $< -inform DER -out $@ 856all_final += ec_prv.pk8nopub.pem 857ec_prv.pk8nopubparam.pem: ec_prv.pk8nopubparam.der 858 $(OPENSSL) pkey -in $< -inform DER -out $@ 859all_final += ec_prv.pk8nopubparam.pem 860ec_prv.pk8param.pem: ec_prv.pk8param.der 861 $(OPENSSL) pkey -in $< -inform DER -out $@ 862all_final += ec_prv.pk8param.pem 863 864################################################################ 865### Generate CSRs for X.509 write test suite 866################################################################ 867 868server1.req.sha1: server1.key 869 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 870all_final += server1.req.sha1 871 872server1.req.md5: server1.key 873 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=MD5 874all_final += server1.req.md5 875 876server1.req.sha224: server1.key 877 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA224 878all_final += server1.req.sha224 879 880server1.req.sha256: server1.key 881 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA256 882all_final += server1.req.sha256 883 884server1.req.sha384: server1.key 885 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA384 886all_final += server1.req.sha384 887 888server1.req.sha512: server1.key 889 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA512 890all_final += server1.req.sha512 891 892server1.req.cert_type: server1.key 893 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< ns_cert_type=ssl_server subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 894all_final += server1.req.cert_type 895 896server1.req.key_usage: server1.key 897 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< key_usage=digital_signature,non_repudiation,key_encipherment subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 898all_final += server1.req.key_usage 899 900server1.req.ku-ct: server1.key 901 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< key_usage=digital_signature,non_repudiation,key_encipherment ns_cert_type=ssl_server subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 902all_final += server1.req.ku-ct 903 904server1.req.key_usage_empty: server1.key 905 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 force_key_usage=1 906all_final += server1.req.key_usage_empty 907 908server1.req.cert_type_empty: server1.key 909 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 force_ns_cert_type=1 910all_final += server1.req.cert_type_empty 911 912# server2* 913 914server2_pwd_ec = PolarSSLTest 915 916server2.req.sha256: server2.key 917 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=localhost" md=SHA256 918all_intermediate += server2.req.sha256 919 920server2.crt.der: server2.crt 921 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 922all_final += server2.crt.der 923 924server2-sha256.crt.der: server2-sha256.crt 925 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 926all_final += server2-sha256.crt.der 927 928server2.key.der: server2.key 929 $(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER 930all_final += server2.key.der 931 932server2.key.enc: server2.key 933 $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(server2_pwd_ec)" 934all_final += server2.key.enc 935 936# server5* 937 938# The use of 'Server 1' in the DN is intentional here, as the DN is hardcoded in the x509_write test suite.' 939server5.req.ku.sha1: server5.key 940 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< key_usage=digital_signature,non_repudiation subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 941all_final += server5.req.ku.sha1 942 943################################################################ 944### Generate certificates for CRT write check tests 945################################################################ 946 947### The test files use the Mbed TLS generated certificates server1*.crt, 948### but for comparison with OpenSSL also rules for OpenSSL-generated 949### certificates server1*.crt.openssl are offered. 950### 951### Known differences: 952### * OpenSSL encodes trailing zero-bits in bit-strings occurring in X.509 extension 953### as unused bits, while Mbed TLS doesn't. 954 955test_ca_server1_db = test-ca.server1.db 956test_ca_server1_serial = test-ca.server1.serial 957test_ca_server1_config_file = test-ca.server1.opensslconf 958 959# server1* 960 961server1.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 962 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ 963server1.noauthid.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 964 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 authority_identifier=0 version=3 output_file=$@ 965server1.crt.der: server1.crt 966 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 authority_identifier=0 version=3 output_file=$@ 967server1.der: server1.crt 968 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 969all_final += server1.crt server1.noauthid.crt server1.crt.der 970 971server1.key_usage.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 972 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 key_usage=digital_signature,non_repudiation,key_encipherment version=3 output_file=$@ 973server1.key_usage_noauthid.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 974 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 key_usage=digital_signature,non_repudiation,key_encipherment authority_identifier=0 version=3 output_file=$@ 975server1.key_usage.der: server1.key_usage.crt 976 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 977all_final += server1.key_usage.crt server1.key_usage_noauthid.crt server1.key_usage.der 978 979server1.cert_type.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 980 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 ns_cert_type=ssl_server version=3 output_file=$@ 981server1.cert_type_noauthid.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 982 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 ns_cert_type=ssl_server authority_identifier=0 version=3 output_file=$@ 983server1.cert_type.der: server1.cert_type.crt 984 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 985all_final += server1.cert_type.crt server1.cert_type_noauthid.crt server1.cert_type.der 986 987server1.v1.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 988 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 version=1 output_file=$@ 989server1.v1.der: server1.v1.crt 990 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 991all_final += server1.v1.crt server1.v1.der 992 993server1.ca.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 994 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 is_ca=1 version=3 output_file=$@ 995server1.ca_noauthid.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 996 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 authority_identifier=0 is_ca=1 version=3 output_file=$@ 997server1.ca.der: server1.ca.crt 998 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 999all_final += server1.ca.crt server1.ca_noauthid.crt server1.ca.der 1000 1001server1_ca.crt: server1.crt $(test_ca_crt) 1002 cat server1.crt $(test_ca_crt) > $@ 1003all_final += server1_ca.crt 1004 1005cert_sha1.crt: server1.key 1006 $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=PolarSSL Cert SHA1" serial=7 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ 1007all_final += cert_sha1.crt 1008 1009cert_sha224.crt: server1.key 1010 $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=PolarSSL Cert SHA224" serial=8 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA224 version=3 output_file=$@ 1011all_final += cert_sha224.crt 1012 1013cert_sha256.crt: server1.key 1014 $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=PolarSSL Cert SHA256" serial=9 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA256 version=3 output_file=$@ 1015all_final += cert_sha256.crt 1016 1017cert_sha384.crt: server1.key 1018 $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=PolarSSL Cert SHA384" serial=10 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA384 version=3 output_file=$@ 1019all_final += cert_sha384.crt 1020 1021cert_sha512.crt: server1.key 1022 $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=PolarSSL Cert SHA512" serial=11 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA512 version=3 output_file=$@ 1023all_final += cert_sha512.crt 1024 1025cert_example_wildcard.crt: server1.key 1026 $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=*.example.com" serial=12 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ 1027all_final += cert_example_wildcard.crt 1028 1029# OpenSSL-generated certificates for comparison 1030# Also provide certificates in DER format to allow 1031# direct binary comparison using e.g. dumpasn1 1032server1.crt.openssl server1.key_usage.crt.openssl server1.cert_type.crt.openssl: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_server1_config_file) 1033 echo "01" > $(test_ca_server1_serial) 1034 rm -f $(test_ca_server1_db) 1035 touch $(test_ca_server1_db) 1036 $(OPENSSL) ca -batch -passin "pass:$(test_ca_pwd_rsa)" -config $(test_ca_server1_config_file) -in server1.req.sha256 -extensions v3_ext -extfile $@.v3_ext -out $@ 1037server1.der.openssl: server1.crt.openssl 1038 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 1039server1.key_usage.der.openssl: server1.key_usage.crt.openssl 1040 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 1041server1.cert_type.der.openssl: server1.cert_type.crt.openssl 1042 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 1043 1044server1.v1.crt.openssl: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_server1_config_file) 1045 echo "01" > $(test_ca_server1_serial) 1046 rm -f $(test_ca_server1_db) 1047 touch $(test_ca_server1_db) 1048 $(OPENSSL) ca -batch -passin "pass:$(test_ca_pwd_rsa)" -config $(test_ca_server1_config_file) -in server1.req.sha256 -out $@ 1049server1.v1.der.openssl: server1.v1.crt.openssl 1050 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 1051 1052# To revoke certificate in the openssl database: 1053# 1054# $(OPENSSL) ca -gencrl -batch -cert $(test_ca_crt) -keyfile $(test_ca_key_file_rsa) -key $(test_ca_pwd_rsa) -config $(test_ca_server1_config_file) -md sha256 -crldays 365 -revoke server1.crt 1055 1056crl.pem: $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_config_file) 1057 $(OPENSSL) ca -gencrl -batch -cert $(test_ca_crt) -keyfile $(test_ca_key_file_rsa) -key $(test_ca_pwd_rsa) -config $(test_ca_server1_config_file) -md sha1 -crldays 3653 -out $@ 1058 1059crl-futureRevocationDate.pem: $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_config_file) test-ca.server1.future-crl.db test-ca.server1.future-crl.opensslconf 1060 $(FAKETIME) '2028-12-31' $(OPENSSL) ca -gencrl -config test-ca.server1.future-crl.opensslconf -crldays 365 -passin "pass:$(test_ca_pwd_rsa)" -out $@ 1061 1062server1_all: crl.pem crl-futureRevocationDate.pem server1.crt server1.noauthid.crt server1.crt.openssl server1.v1.crt server1.v1.crt.openssl server1.key_usage.crt server1.key_usage_noauthid.crt server1.key_usage.crt.openssl server1.cert_type.crt server1.cert_type_noauthid.crt server1.cert_type.crt.openssl server1.der server1.der.openssl server1.v1.der server1.v1.der.openssl server1.key_usage.der server1.key_usage.der.openssl server1.cert_type.der server1.cert_type.der.openssl 1063 1064# server2* 1065 1066server2.crt: server2.req.sha256 1067 $(MBEDTLS_CERT_WRITE) request_file=server2.req.sha256 serial=2 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ 1068all_final += server2.crt 1069 1070server2.der: server2.crt 1071 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 1072all_final += server2.crt server2.der 1073 1074server2-sha256.crt: server2.req.sha256 1075 $(MBEDTLS_CERT_WRITE) request_file=server2.req.sha256 serial=2 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA256 version=3 output_file=$@ 1076all_final += server2-sha256.crt 1077 1078# MD5 test certificate 1079 1080cert_md_test_key = $(cli_crt_key_file_rsa) 1081 1082cert_md5.csr: $(cert_md_test_key) 1083 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Cert MD5" md=MD5 1084all_intermediate += cert_md5.csr 1085 1086cert_md5.crt: cert_md5.csr 1087 $(MBEDTLS_CERT_WRITE) request_file=$< serial=6 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20000101121212 not_after=20300101121212 md=MD5 version=3 output_file=$@ 1088all_final += cert_md5.crt 1089 1090# TLSv1.3 test certificates 1091ecdsa_secp256r1.key: ec_256_prv.pem 1092 cp $< $@ 1093 1094ecdsa_secp256r1.csr: ecdsa_secp256r1.key 1095 $(OPENSSL) req -new -subj "/C=NL/O=PolarSSL/CN=localhost" \ 1096 -key $< -out $@ 1097all_intermediate += ecdsa_secp256r1.csr 1098ecdsa_secp256r1.crt: ecdsa_secp256r1.csr 1099 $(OPENSSL) x509 -req -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) \ 1100 -set_serial 77 -days 3653 -sha384 -in $< -out $@ 1101all_final += ecdsa_secp256r1.crt ecdsa_secp256r1.key 1102tls13_certs: ecdsa_secp256r1.crt ecdsa_secp256r1.key 1103 1104ecdsa_secp384r1.key: ec_384_prv.pem 1105 cp $< $@ 1106ecdsa_secp384r1.csr: ecdsa_secp384r1.key 1107 $(OPENSSL) req -new -subj "/C=NL/O=PolarSSL/CN=localhost" \ 1108 -key $< -out $@ 1109all_intermediate += ecdsa_secp384r1.csr 1110ecdsa_secp384r1.crt: ecdsa_secp384r1.csr 1111 $(OPENSSL) x509 -req -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) \ 1112 -set_serial 77 -days 3653 -sha384 -in $< -out $@ 1113all_final += ecdsa_secp384r1.crt ecdsa_secp384r1.key 1114tls13_certs: ecdsa_secp384r1.crt ecdsa_secp384r1.key 1115 1116ecdsa_secp521r1.key: ec_521_prv.pem 1117 cp $< $@ 1118ecdsa_secp521r1.csr: ecdsa_secp521r1.key 1119 $(OPENSSL) req -new -subj "/C=NL/O=PolarSSL/CN=localhost" \ 1120 -key $< -out $@ 1121all_intermediate += ecdsa_secp521r1.csr 1122ecdsa_secp521r1.crt: ecdsa_secp521r1.csr 1123 $(OPENSSL) x509 -req -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) \ 1124 -set_serial 77 -days 3653 -sha384 -in $< -out $@ 1125all_final += ecdsa_secp521r1.crt ecdsa_secp521r1.key 1126tls13_certs: ecdsa_secp521r1.crt ecdsa_secp521r1.key 1127 1128################################################################ 1129#### Diffie-Hellman parameters 1130################################################################ 1131 1132dh.998.pem: 1133 $(OPENSSL) dhparam -out $@ -text 998 1134 1135dh.999.pem: 1136 $(OPENSSL) dhparam -out $@ -text 999 1137 1138################################################################ 1139#### Meta targets 1140################################################################ 1141 1142all_final: $(all_final) 1143all: $(all_intermediate) $(all_final) 1144 1145.PHONY: default all_final all 1146.PHONY: keys_rsa_all 1147.PHONY: keys_rsa_unenc keys_rsa_enc_basic 1148.PHONY: keys_rsa_enc_pkcs8_v1 keys_rsa_enc_pkcs8_v2 1149.PHONY: keys_rsa_enc_basic_1024 keys_rsa_enc_basic_2048 keys_rsa_enc_basic_4096 1150.PHONY: keys_rsa_enc_pkcs8_v1_1024 keys_rsa_enc_pkcs8_v2_1024 1151.PHONY: keys_rsa_enc_pkcs8_v1_2048 keys_rsa_enc_pkcs8_v2_2048 1152.PHONY: keys_rsa_enc_pkcs8_v1_4096 keys_rsa_enc_pkcs8_v2_4096 1153.PHONY: server1_all 1154 1155# These files should not be committed to the repository. 1156list_intermediate: 1157 @printf '%s\n' $(all_intermediate) | sort 1158# These files should be committed to the repository so that the test data is 1159# available upon checkout without running a randomized process depending on 1160# third-party tools. 1161list_final: 1162 @printf '%s\n' $(all_final) | sort 1163.PHONY: list_intermediate list_final 1164 1165## Remove intermediate files 1166clean: 1167 rm -f $(all_intermediate) 1168## Remove all build products, even the ones that are committed 1169neat: clean 1170 rm -f $(all_final) 1171.PHONY: clean neat 1172