1## This file contains a record of how some of the test data was 2## generated. The final build products are committed to the repository 3## as well to make sure that the test data is identical. You do not 4## need to use this makefile unless you're extending mbed TLS's tests. 5 6## Many data files were generated prior to the existence of this 7## makefile, so the method of their generation was not recorded. 8 9## Note that in addition to depending on the version of the data 10## generation tool, many of the build outputs are randomized, so 11## running this makefile twice would not produce the same results. 12 13## Tools 14OPENSSL ?= openssl 15FAKETIME ?= faketime 16 17TOP_DIR = ../.. 18MBEDTLS_CERT_WRITE ?= $(TOP_DIR)/programs/x509/cert_write 19MBEDTLS_CERT_REQ ?= $(TOP_DIR)/programs/x509/cert_req 20 21 22## Build the generated test data. Note that since the final outputs 23## are committed to the repository, this target should do nothing on a 24## fresh checkout. Furthermore, since the generation is randomized, 25## re-running the same targets may result in differing files. The goal 26## of this makefile is primarily to serve as a record of how the 27## targets were generated in the first place. 28default: all_final 29 30all_intermediate := # temporary files 31all_final := # files used by tests 32 33 34 35################################################################ 36#### Generate certificates from existing keys 37################################################################ 38 39test_ca_crt = test-ca.crt 40test_ca_key_file_rsa = test-ca.key 41test_ca_pwd_rsa = PolarSSLTest 42test_ca_config_file = test-ca.opensslconf 43 44$(test_ca_key_file_rsa): 45 $(OPENSSL) genrsa -aes-128-cbc -passout pass:$(test_ca_pwd_rsa) -out $@ 2048 46all_final += $(test_ca_key_file_rsa) 47 48test-ca.req.sha256: $(test_ca_key_file_rsa) 49 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$(test_ca_key_file_rsa) password=$(test_ca_pwd_rsa) subject_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" md=SHA256 50all_intermediate += test-ca.req.sha256 51 52parse_input/test-ca.crt test-ca.crt: $(test_ca_key_file_rsa) test-ca.req.sha256 53 $(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 request_file=test-ca.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144400 not_after=20290210144400 md=SHA1 version=3 output_file=$@ 54all_final += test-ca.crt 55 56parse_input/test-ca.crt.der: parse_input/test-ca.crt 57 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 58 59test-ca.key.der: $(test_ca_key_file_rsa) 60 $(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER -passin "pass:$(test_ca_pwd_rsa)" 61all_final += test-ca.key.der 62 63test-ca-sha1.crt: $(test_ca_key_file_rsa) test-ca.req.sha256 64 $(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 request_file=test-ca.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144400 not_after=20290210144400 md=SHA1 version=3 output_file=$@ 65all_final += test-ca-sha1.crt 66 67test-ca-sha1.crt.der: test-ca-sha1.crt 68 $(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER 69all_final += test-ca-sha1.crt.der 70 71test-ca-sha256.crt: $(test_ca_key_file_rsa) test-ca.req.sha256 72 $(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 request_file=test-ca.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144400 not_after=20290210144400 md=SHA256 version=3 output_file=$@ 73all_final += test-ca-sha256.crt 74 75test-ca-sha256.crt.der: test-ca-sha256.crt 76 $(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER 77all_final += test-ca-sha256.crt.der 78 79test-ca_utf8.crt: $(test_ca_key_file_rsa) 80 $(OPENSSL) req -x509 -new -nodes -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 3 -config $(test_ca_config_file) -sha1 -days 3653 -utf8 -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test CA" -out $@ 81all_final += test-ca_utf8.crt 82 83test-ca_printable.crt: $(test_ca_key_file_rsa) 84 $(OPENSSL) req -x509 -new -nodes -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 3 -config $(test_ca_config_file) -sha1 -days 3653 -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test CA" -out $@ 85all_final += test-ca_printable.crt 86 87test-ca_uppercase.crt: $(test_ca_key_file_rsa) 88 $(OPENSSL) req -x509 -new -nodes -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 3 -config $(test_ca_config_file) -sha1 -days 3653 -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test CA" -out $@ 89all_final += test-ca_uppercase.crt 90 91test_ca_key_file_rsa_alt = test-ca-alt.key 92 93cert_example_multi.csr: rsa_pkcs1_1024_clear.pem 94 $(OPENSSL) req -new -subj "/C=NL/O=PolarSSL/CN=www.example.com" -set_serial 17 -config $(test_ca_config_file) -extensions dns_alt_names -days 3650 -key rsa_pkcs1_1024_clear.pem -out $@ 95 96parse_input/cert_example_multi.crt cert_example_multi.crt: cert_example_multi.csr 97 $(OPENSSL) x509 -req -CA $(test_ca_crt) -CAkey $(test_ca_key_file_rsa) \ 98 -extfile $(test_ca_config_file) -extensions dns_alt_names \ 99 -passin "pass:$(test_ca_pwd_rsa)" -set_serial 17 -days 3653 -sha256 \ 100 -in $< > $@ 101 102parse_input/test_csr_v3_keyUsage.csr.der: rsa_pkcs1_1024_clear.pem 103 $(OPENSSL) req -new -subj '/CN=etcd' -config $(test_ca_config_file) -key rsa_pkcs1_1024_clear.pem -outform DER -out $@ -reqexts csr_ext_v3_keyUsage 104parse_input/test_csr_v3_subjectAltName.csr.der: rsa_pkcs1_1024_clear.pem 105 $(OPENSSL) req -new -subj '/CN=etcd' -config $(test_ca_config_file) -key rsa_pkcs1_1024_clear.pem -outform DER -out $@ -reqexts csr_ext_v3_subjectAltName 106parse_input/test_csr_v3_nsCertType.csr.der: rsa_pkcs1_1024_clear.pem 107 $(OPENSSL) req -new -subj '/CN=etcd' -config $(test_ca_config_file) -key rsa_pkcs1_1024_clear.pem -outform DER -out $@ -reqexts csr_ext_v3_nsCertType 108parse_input/test_csr_v3_all.csr.der: rsa_pkcs1_1024_clear.pem 109 $(OPENSSL) req -new -subj '/CN=etcd' -config $(test_ca_config_file) -key rsa_pkcs1_1024_clear.pem -outform DER -out $@ -reqexts csr_ext_v3_all 110parse_input/test_csr_v3_all_malformed_extensions_sequence_tag.csr.der: parse_input/test_csr_v3_all.csr.der 111 (hexdump -ve '1/1 "%.2X"' $< | sed "s/300B0603551D0F040403/200B0603551D0F040403/" | xxd -r -p ) > $@ 112parse_input/test_csr_v3_all_malformed_extension_id_tag.csr.der: parse_input/test_csr_v3_all.csr.der 113 (hexdump -ve '1/1 "%.2X"' $< | sed "s/0603551D0F0404030201/0703551D0F0404030201/" | xxd -r -p ) > $@ 114parse_input/test_csr_v3_all_malformed_extension_data_tag.csr.der: parse_input/test_csr_v3_all.csr.der 115 (hexdump -ve '1/1 "%.2X"' $< | sed "s/040403020102302F0603/050403020102302F0603/" | xxd -r -p ) > $@ 116parse_input/test_csr_v3_all_malformed_extension_data_len1.csr.der: parse_input/test_csr_v3_all.csr.der 117 (hexdump -ve '1/1 "%.2X"' $< | sed "s/040403020102302F0603/040503020102302F0603/" | xxd -r -p ) > $@ 118parse_input/test_csr_v3_all_malformed_extension_data_len2.csr.der: parse_input/test_csr_v3_all.csr.der 119 (hexdump -ve '1/1 "%.2X"' $< | sed "s/040403020102302F0603/040303020102302F0603/" | xxd -r -p ) > $@ 120parse_input/test_csr_v3_all_malformed_extension_key_usage_bitstream_tag.csr.der: parse_input/test_csr_v3_all.csr.der 121 (hexdump -ve '1/1 "%.2X"' $< | sed "s/03020102302F0603551D/04020102302F0603551D/" | xxd -r -p ) > $@ 122parse_input/test_csr_v3_all_malformed_extension_subject_alt_name_sequence_tag.csr.der: parse_input/test_csr_v3_all.csr.der 123 (hexdump -ve '1/1 "%.2X"' $< | sed "s/3026A02406082B060105/4026A02406082B060105/" | xxd -r -p ) > $@ 124parse_input/test_csr_v3_all_malformed_extension_ns_cert_bitstream_tag.csr.der: parse_input/test_csr_v3_all.csr.der 125 (hexdump -ve '1/1 "%.2X"' $< | sed "s/03020780300D06092A86/04020780300D06092A86/" | xxd -r -p ) > $@ 126parse_input/test_csr_v3_all_malformed_duplicated_extension.csr.der: parse_input/test_csr_v3_all.csr.der 127 (hexdump -ve '1/1 "%.2X"' $< | sed "s/551D11/551D0F/" | xxd -r -p ) > $@ 128parse_input/test_csr_v3_all_malformed_extension_type_oid.csr.der: parse_input/test_csr_v3_all.csr.der 129 (hexdump -ve '1/1 "%.2X"' $< | sed "s/551D11/551DFF/" | xxd -r -p ) > $@ 130parse_input/test_csr_v3_all_malformed_attributes_sequence_tag.csr.der: parse_input/test_csr_v3_all.csr.der 131 (hexdump -ve '1/1 "%.2X"' $< | sed "s/306006092A864886F70D/406006092A864886F70D/" | xxd -r -p ) > $@ 132parse_input/test_csr_v3_all_malformed_attributes_id_tag.csr.der: parse_input/test_csr_v3_all.csr.der 133 (hexdump -ve '1/1 "%.2X"' $< | sed "s/06092A864886F70D0109/07092A864886F70D0109/" | xxd -r -p ) > $@ 134parse_input/test_csr_v3_all_malformed_attributes_extension_request.csr.der: parse_input/test_csr_v3_all.csr.der 135 (hexdump -ve '1/1 "%.2X"' $< | sed "s/2A864886F70D01090E/2A864886F70D01090F/" | xxd -r -p ) > $@ 136parse_input/test_csr_v3_all_malformed_attributes_extension_request_set_tag.csr.der: parse_input/test_csr_v3_all.csr.der 137 (hexdump -ve '1/1 "%.2X"' $< | sed "s/31533051300B0603551D/32533051300B0603551D/" | xxd -r -p ) > $@ 138parse_input/test_csr_v3_all_malformed_attributes_extension_request_sequence_tag.csr.der: parse_input/test_csr_v3_all.csr.der 139 (hexdump -ve '1/1 "%.2X"' $< | sed "s/3051300B0603551D0F04/3151300B0603551D0F04/" | xxd -r -p ) > $@ 140parse_input/test_csr_v3_all_malformed_attributes_len1.csr.der: parse_input/test_csr_v3_all.csr.der 141 (hexdump -ve '1/1 "%.2X"' $< | sed "s/306006092A864886F70D/306106092A864886F70D/" | xxd -r -p ) > $@ 142parse_input/test_csr_v3_all_malformed_attributes_len2.csr.der: parse_input/test_csr_v3_all.csr.der 143 (hexdump -ve '1/1 "%.2X"' $< | sed "s/306006092A864886F70D/305906092A864886F70D/" | xxd -r -p ) > $@ 144parse_input/test_csr_v3_all_malformed_attributes_extension_request_sequence_len1.csr.der: parse_input/test_csr_v3_all.csr.der 145 (hexdump -ve '1/1 "%.2X"' $< | sed "s/3051300B0603551D0F04/3052300B0603551D0F04/" | xxd -r -p ) > $@ 146parse_input/test_csr_v3_all_malformed_attributes_extension_request_sequence_len2.csr.der: parse_input/test_csr_v3_all.csr.der 147 (hexdump -ve '1/1 "%.2X"' $< | sed "s/3051300B0603551D0F04/3050300B0603551D0F04/" | xxd -r -p ) > $@ 148 149parse_input/test_cert_rfc822name.crt.der: cert_example_multi.csr 150 $(OPENSSL) x509 -req -CA $(test_ca_crt) -CAkey $(test_ca_key_file_rsa) -extfile $(test_ca_config_file) -outform DER -extensions rfc822name_names -passin "pass:$(test_ca_pwd_rsa)" -set_serial 17 -days 3653 -sha256 -in $< > $@ 151 152$(test_ca_key_file_rsa_alt):test-ca.opensslconf 153 $(OPENSSL) genrsa -out $@ 2048 154test-ca-alt.csr: $(test_ca_key_file_rsa_alt) $(test_ca_config_file) 155 $(OPENSSL) req -new -config $(test_ca_config_file) -key $(test_ca_key_file_rsa_alt) -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test CA" -out $@ 156all_intermediate += test-ca-alt.csr 157test-ca-alt.crt: $(test_ca_key_file_rsa_alt) $(test_ca_config_file) test-ca-alt.csr 158 $(OPENSSL) req -x509 -config $(test_ca_config_file) -key $(test_ca_key_file_rsa_alt) -set_serial 0 -days 3653 -sha256 -in test-ca-alt.csr -out $@ 159all_final += test-ca-alt.crt 160test-ca-alt-good.crt: test-ca-alt.crt test-ca-sha256.crt 161 cat test-ca-alt.crt test-ca-sha256.crt > $@ 162all_final += test-ca-alt-good.crt 163test-ca-good-alt.crt: test-ca-alt.crt test-ca-sha256.crt 164 cat test-ca-sha256.crt test-ca-alt.crt > $@ 165all_final += test-ca-good-alt.crt 166 167test_ca_crt_file_ec = test-ca2.crt 168test_ca_key_file_ec = test-ca2.key 169 170test-ca2.req.sha256: $(test_ca_key_file_ec) 171 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$(test_ca_key_file_ec) subject_name="C=NL,O=PolarSSL,CN=Polarssl Test EC CA" md=SHA256 172all_intermediate += test-ca2.req.sha256 173 174test-ca2.crt: $(test_ca_key_file_ec) test-ca2.req.sha256 175 $(MBEDTLS_CERT_WRITE) is_ca=1 serial=13926223505202072808 request_file=test-ca2.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=Polarssl Test EC CA" issuer_key=$(test_ca_key_file_ec) not_before=20190210144400 not_after=20290210144400 md=SHA256 version=3 output_file=$@ 176all_final += test-ca2.crt 177 178test-ca2-future.crt: $(test_ca_key_file_ec) test-ca2.req.sha256 179 $(MBEDTLS_CERT_WRITE) is_ca=1 serial=13926223505202072808 request_file=test-ca2.req.sha256 selfsign=1 \ 180 issuer_name="C=NL,O=PolarSSL,CN=Polarssl Test EC CA" issuer_key=$(test_ca_key_file_ec) \ 181 not_before=20290210144400 not_after=20390210144400 md=SHA256 version=3 output_file=$@ 182all_intermediate += test-ca2-future.crt 183 184test_ca_ec_cat := # files that concatenate different crt 185test-ca2_cat-future-invalid.crt: test-ca2-future.crt server6.crt 186test_ca_ec_cat += test-ca2_cat-future-invalid.crt 187test-ca2_cat-future-present.crt: test-ca2-future.crt test-ca2.crt 188test_ca_ec_cat += test-ca2_cat-future-present.crt 189test-ca2_cat-present-future.crt: test-ca2.crt test-ca2-future.crt 190test_ca_ec_cat += test-ca2_cat-present-future.crt 191test-ca2_cat-present-past.crt: test-ca2.crt test-ca2-expired.crt 192test_ca_ec_cat += test-ca2_cat-present-past.crt 193test-ca2_cat-past-invalid.crt: test-ca2-expired.crt server6.crt 194test_ca_ec_cat += test-ca2_cat-past-invalid.crt 195test-ca2_cat-past-present.crt: test-ca2-expired.crt test-ca2.crt 196test_ca_ec_cat += test-ca2_cat-past-present.crt 197$(test_ca_ec_cat): 198 cat $^ > $@ 199all_final += $(test_ca_ec_cat) 200 201parse_input/test-ca-any_policy.crt: $(test_ca_key_file_rsa) test-ca.req.sha256 202 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_any_policy_ca -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha256 -in test-ca.req.sha256 -out $@ 203 204parse_input/test-ca-any_policy_ec.crt: $(test_ca_key_file_ec) test-ca.req_ec.sha256 205 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_any_policy_ca -key $(test_ca_key_file_ec) -set_serial 0 -days 3653 -sha256 -in test-ca.req_ec.sha256 -out $@ 206 207parse_input/test-ca-any_policy_with_qualifier.crt: $(test_ca_key_file_rsa) test-ca.req.sha256 208 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_any_policy_qualifier_ca -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha256 -in test-ca.req.sha256 -out $@ 209 210parse_input/test-ca-any_policy_with_qualifier_ec.crt: $(test_ca_key_file_ec) test-ca.req_ec.sha256 211 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_any_policy_qualifier_ca -key $(test_ca_key_file_ec) -set_serial 0 -days 3653 -sha256 -in test-ca.req_ec.sha256 -out $@ 212 213parse_input/test-ca-multi_policy.crt: $(test_ca_key_file_rsa) test-ca.req.sha256 214 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_multi_policy_ca -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha256 -in test-ca.req.sha256 -out $@ 215 216parse_input/test-ca-multi_policy_ec.crt: $(test_ca_key_file_ec) test-ca.req_ec.sha256 217 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_multi_policy_ca -key $(test_ca_key_file_ec) -set_serial 0 -days 3653 -sha256 -in test-ca.req_ec.sha256 -out $@ 218 219parse_input/test-ca-unsupported_policy.crt: $(test_ca_key_file_rsa) test-ca.req.sha256 220 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_unsupported_policy_ca -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha256 -in test-ca.req.sha256 -out $@ 221 222parse_input/test-ca-unsupported_policy_ec.crt: $(test_ca_key_file_ec) test-ca.req_ec.sha256 223 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_unsupported_policy_ca -key $(test_ca_key_file_ec) -set_serial 0 -days 3653 -sha256 -in test-ca.req_ec.sha256 -out $@ 224 225test-ca.req_ec.sha256: $(test_ca_key_file_ec) 226 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$(test_ca_key_file_ec) subject_name="C=NL, O=PolarSSL, CN=Polarssl Test EC CA" md=SHA256 227all_intermediate += test-ca.req_ec.sha256 228 229test-ca2.crt.der: $(test_ca_crt_file_ec) 230 $(OPENSSL) x509 -in $(test_ca_crt_file_ec) -out $@ -inform PEM -outform DER 231all_final += test-ca2.crt.der 232 233test-ca2.key.der: $(test_ca_key_file_ec) 234 $(OPENSSL) pkey -in $(test_ca_key_file_ec) -out $@ -inform PEM -outform DER 235all_final += test-ca2.key.der 236 237test_ca_crt_cat12 = test-ca_cat12.crt 238$(test_ca_crt_cat12): $(test_ca_crt) $(test_ca_crt_file_ec) 239 cat $(test_ca_crt) $(test_ca_crt_file_ec) > $@ 240all_final += $(test_ca_crt_cat12) 241 242test_ca_crt_cat21 = test-ca_cat21.crt 243$(test_ca_crt_cat21): $(test_ca_crt) $(test_ca_crt_file_ec) 244 cat $(test_ca_crt_file_ec) $(test_ca_crt) > $@ 245all_final += $(test_ca_crt_cat21) 246 247test-int-ca.csr: test-int-ca.key $(test_ca_config_file) 248 $(OPENSSL) req -new -config $(test_ca_config_file) -key test-int-ca.key -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test Intermediate CA" -out $@ 249 250test-int-ca2.csr: test-int-ca2.key $(test_ca_config_file) 251 $(OPENSSL) req -new -config $(test_ca_config_file) -key test-int-ca2.key \ 252 -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test Intermediate EC CA" -out $@ 253 254test-int-ca3.csr: test-int-ca3.key $(test_ca_config_file) 255 $(OPENSSL) req -new -config $(test_ca_config_file) -key test-int-ca3.key \ 256 -subj "/C=UK/O=mbed TLS/CN=mbed TLS Test intermediate CA 3" -out $@ 257 258all_intermediate += test-int-ca.csr test-int-ca2.csr test-int-ca3.csr 259 260test-int-ca.crt: $(test_ca_crt_file_ec) $(test_ca_key_file_ec) $(test_ca_config_file) test-int-ca.csr 261 $(OPENSSL) x509 -req -extfile $(test_ca_config_file) -extensions v3_ca \ 262 -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) \ 263 -set_serial 14 -days 3653 -sha256 -in test-int-ca.csr -out $@ 264 265test-int-ca2.crt: $(test_ca_key_file_rsa) $(test_ca_crt) $(test_ca_config_file) test-int-ca2.csr 266 $(OPENSSL) x509 -req -extfile $(test_ca_config_file) -extensions v3_ca -CA $(test_ca_crt) \ 267 -CAkey $(test_ca_key_file_rsa) -set_serial 15 -days 3653 -sha256 -in test-int-ca2.csr \ 268 -passin "pass:$(test_ca_pwd_rsa)" -out $@ 269 270# Note: This requests openssl version >= 3.x.xx 271test-int-ca3.crt: test-int-ca2.crt test-int-ca2.key $(test_ca_config_file) test-int-ca3.csr 272 $(OPENSSL) x509 -req -extfile $(test_ca_config_file) -extensions no_subj_auth_id \ 273 -CA test-int-ca2.crt -CAkey test-int-ca2.key -set_serial 77 -days 3653 \ 274 -sha256 -in test-int-ca3.csr -out $@ 275 276test-int-ca-exp.crt: $(test_ca_crt_file_ec) $(test_ca_key_file_ec) $(test_ca_config_file) test-int-ca.csr 277 $(FAKETIME) -f -3653d $(OPENSSL) x509 -req -extfile $(test_ca_config_file) -extensions v3_ca -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) -set_serial 14 -days 3653 -sha256 -in test-int-ca.csr -out $@ 278 279all_final += test-int-ca-exp.crt test-int-ca.crt test-int-ca2.crt test-int-ca3.crt 280 281enco-cert-utf8str.pem: rsa_pkcs1_1024_clear.pem 282 $(MBEDTLS_CERT_WRITE) subject_key=rsa_pkcs1_1024_clear.pem subject_name="CN=dw.yonan.net" issuer_crt=enco-ca-prstr.pem issuer_key=rsa_pkcs1_1024_clear.pem not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ 283 284parse_input/crl-idp.pem: $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_config_file) 285 $(OPENSSL) ca -gencrl -batch -cert $(test_ca_crt) -keyfile $(test_ca_key_file_rsa) -key $(test_ca_pwd_rsa) -config $(test_ca_config_file) -name test_ca -md sha256 -crldays 3653 -crlexts crl_ext_idp -out $@ 286parse_input/crl-idpnc.pem: $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_config_file) 287 $(OPENSSL) ca -gencrl -batch -cert $(test_ca_crt) -keyfile $(test_ca_key_file_rsa) -key $(test_ca_pwd_rsa) -config $(test_ca_config_file) -name test_ca -md sha256 -crldays 3653 -crlexts crl_ext_idp_nc -out $@ 288 289cli_crt_key_file_rsa = cli-rsa.key 290cli_crt_extensions_file = cli.opensslconf 291 292cli-rsa.csr: $(cli_crt_key_file_rsa) 293 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Client 2" md=SHA1 294all_intermediate += cli-rsa.csr 295 296cli-rsa-sha1.crt: cli-rsa.csr 297 $(MBEDTLS_CERT_WRITE) request_file=$< serial=4 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ 298 299cli-rsa-sha256.crt: cli-rsa.csr 300 $(MBEDTLS_CERT_WRITE) request_file=$< serial=4 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA256 version=3 output_file=$@ 301all_final += cli-rsa-sha256.crt 302 303cli-rsa-sha256.crt.der: cli-rsa-sha256.crt 304 $(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER 305all_final += cli-rsa-sha256.crt.der 306 307parse_input/cli-rsa-sha256-badalg.crt.der: cli-rsa-sha256.crt.der 308 hexdump -ve '1/1 "%.2X"' $< | sed "s/06092A864886F70D01010B0500/06092A864886F70D01010B0900/2" | xxd -r -p > $@ 309 310cli-rsa.key.der: $(cli_crt_key_file_rsa) 311 $(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER 312all_final += cli-rsa.key.der 313 314test_ca_int_rsa1 = test-int-ca.crt 315test_ca_int_ec = test-int-ca2.crt 316test_ca_int_key_file_ec = test-int-ca2.key 317 318# server7* 319 320server7.csr: server7.key 321 $(OPENSSL) req -new -key server7.key -subj "/C=NL/O=PolarSSL/CN=localhost" -out $@ 322all_intermediate += server7.csr 323 324server7.crt: server7.csr $(test_ca_int_rsa1) 325 $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa \ 326 -CA $(test_ca_int_rsa1) -CAkey test-int-ca.key \ 327 -set_serial 16 -days 3653 -sha256 -in server7.csr > $@ 328all_final += server7.crt 329 330server7-expired.crt: server7.csr $(test_ca_int_rsa1) 331 $(FAKETIME) -f -3653d $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA $(test_ca_int_rsa1) -CAkey test-int-ca.key -set_serial 16 -days 3653 -sha256 -in server7.csr | cat - $(test_ca_int_rsa1) > $@ 332all_final += server7-expired.crt 333 334server7-future.crt: server7.csr $(test_ca_int_rsa1) 335 $(FAKETIME) -f +3653d $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA $(test_ca_int_rsa1) -CAkey test-int-ca.key -set_serial 16 -days 3653 -sha256 -in server7.csr | cat - $(test_ca_int_rsa1) > $@ 336all_final += server7-future.crt 337 338server7-badsign.crt: server7.crt $(test_ca_int_rsa1) 339 { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; cat $(test_ca_int_rsa1); } > $@ 340all_final += server7-badsign.crt 341 342parse_input/server7_int-ca.crt server7_int-ca.crt: server7.crt $(test_ca_int_rsa1) 343 cat server7.crt $(test_ca_int_rsa1) > $@ 344all_final += server7_int-ca.crt 345 346parse_input/server7_pem_space.crt: server7.crt $(test_ca_int_rsa1) 347 cat server7.crt $(test_ca_int_rsa1) | sed '4s/\(.\)$$/ \1/' > $@ 348 349parse_input/server7_all_space.crt: server7.crt $(test_ca_int_rsa1) 350 { cat server7.crt | sed '4s/\(.\)$$/ \1/'; cat test-int-ca.crt | sed '4s/\(.\)$$/ \1/'; } > $@ 351 352parse_input/server7_trailing_space.crt: server7.crt $(test_ca_int_rsa1) 353 cat server7.crt $(test_ca_int_rsa1) | sed 's/\(.\)$$/\1 /' > $@ 354 355server7_int-ca_ca2.crt: server7.crt $(test_ca_int_rsa1) $(test_ca_crt_file_ec) 356 cat server7.crt $(test_ca_int_rsa1) $(test_ca_crt_file_ec) > $@ 357all_final += server7_int-ca_ca2.crt 358 359server7_int-ca-exp.crt: server7.crt test-int-ca-exp.crt 360 cat server7.crt test-int-ca-exp.crt > $@ 361all_final += server7_int-ca-exp.crt 362 363server7_spurious_int-ca.crt: server7.crt $(test_ca_int_ec) $(test_ca_int_rsa1) 364 cat server7.crt $(test_ca_int_ec) $(test_ca_int_rsa1) > $@ 365all_final += server7_spurious_int-ca.crt 366 367# server8* 368 369server8.crt: server8.key 370 $(MBEDTLS_CERT_WRITE) subject_key=$< subject_name="C=NL, O=PolarSSL, CN=localhost" serial=17 \ 371 issuer_crt=$(test_ca_int_ec) issuer_key=$(test_ca_int_key_file_ec) \ 372 not_before=20190210144406 not_after=20290210144406 \ 373 md=SHA256 version=3 output_file=$@ 374all_final += server8.crt 375 376server8_int-ca2.crt: server8.crt $(test_ca_int_ec) 377 cat $^ > $@ 378all_final += server8_int-ca2.crt 379 380cli2.req.sha256: cli2.key 381 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Test Client 2" md=SHA256 382all_intermediate += cli2.req.sha256 383 384all_final += server1.req.sha1 385cli2.crt: cli2.req.sha256 386 $(MBEDTLS_CERT_WRITE) request_file=cli2.req.sha256 serial=13 selfsign=0 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test EC CA" issuer_key=$(test_ca_key_file_ec) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144400 not_after=20290210144400 md=SHA256 version=3 output_file=$@ 387all_final += cli2.crt 388 389cli2.crt.der: cli2.crt 390 $(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER 391all_final += cli2.crt.der 392 393cli2.key.der: cli2.key 394 $(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER 395all_final += cli2.key.der 396 397server5_pwd_ec = PolarSSLTest 398 399server5.crt.der: server5.crt 400 $(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER 401all_final += server5.crt.der 402 403server5.key.der: server5.key 404 $(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER 405all_final += server5.key.der 406 407server5.key.enc: server5.key 408 $(OPENSSL) ec -aes256 -in $< -out $@ -passout "pass:$(server5_pwd_ec)" 409all_final += server5.key.enc 410 411server5-ss-expired.crt: server5.key 412 $(FAKETIME) -f -3653d $(OPENSSL) req -x509 -new -subj "/C=UK/O=mbed TLS/OU=testsuite/CN=localhost" -days 3653 -sha256 -key $< -out $@ 413all_final += server5-ss-expired.crt 414 415# try to forge a copy of test-int-ca3 with different key 416server5-ss-forgeca.crt: server5.key 417 $(FAKETIME) '2015-09-01 14:08:43' $(OPENSSL) req -x509 -new -subj "/C=UK/O=mbed TLS/CN=mbed TLS Test intermediate CA 3" -set_serial 77 -config $(test_ca_config_file) -extensions noext_ca -days 3650 -sha256 -key $< -out $@ 418all_final += server5-ss-forgeca.crt 419 420parse_input/server5-othername.crt.der: server5.key 421 $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions othername_san -days 3650 -sha256 -key $< -outform der -out $@ 422 423parse_input/server5-nonprintable_othername.crt.der: server5.key 424 $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS non-printable othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions nonprintable_othername_san -days 3650 -sha256 -key $< -outform der -out $@ 425 426parse_input/server5-unsupported_othername.crt.der: server5.key 427 $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS unsupported othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions unsupported_othername_san -days 3650 -sha256 -key $< -outform der -out $@ 428 429parse_input/server5-fan.crt.der: server5.key 430 $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS FAN" -set_serial 77 -config $(test_ca_config_file) -extensions fan_cert -days 3650 -sha256 -key server5.key -outform der -out $@ 431 432server5-tricky-ip-san.crt.der: server5.key 433 $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS Tricky IP SAN" -set_serial 77 -config $(test_ca_config_file) -extensions tricky_ip_san -days 3650 -sha256 -key server5.key -outform der -out $@ 434 435all_final += server5-tricky-ip-san.crt.der 436 437# malformed IP length 438server5-tricky-ip-san-malformed-len.crt.der: server5-tricky-ip-san.crt.der 439 hexdump -ve '1/1 "%.2X"' $< | sed "s/87046162636487106162/87056162636487106162/" | xxd -r -p > $@ 440 441parse_input/server5-directoryname.crt.der: server5.key 442 $(OPENSSL) req -x509 -outform der -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS directoryName SAN" -set_serial 77 -config $(test_ca_config_file) -extensions directory_name_san -days 3650 -sha256 -key server5.key -out $@ 443 444parse_input/server5-two-directorynames.crt.der: server5.key 445 $(OPENSSL) req -x509 -outform der -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS directoryName SAN" -set_serial 77 -config $(test_ca_config_file) -extensions two_directorynames -days 3650 -sha256 -key server5.key -out $@ 446 447server5-der0.crt: server5.crt.der 448 cp $< $@ 449server5-der1a.crt: server5.crt.der 450 cp $< $@ 451 echo '00' | xxd -r -p | dd of=$@ bs=1 seek=$$(wc -c <$<) conv=notrunc 452server5-der1b.crt: server5.crt.der 453 cp $< $@ 454 echo 'c1' | xxd -r -p | dd of=$@ bs=1 seek=$$(wc -c <$<) conv=notrunc 455server5-der2.crt: server5.crt.der 456 cp $< $@ 457 echo 'b90a' | xxd -r -p | dd of=$@ bs=1 seek=$$(wc -c <$<) conv=notrunc 458server5-der4.crt: server5.crt.der 459 cp $< $@ 460 echo 'a710945f' | xxd -r -p | dd of=$@ bs=1 seek=$$(wc -c <$<) conv=notrunc 461server5-der8.crt: server5.crt.der 462 cp $< $@ 463 echo 'a4a7ff27267aaa0f' | xxd -r -p | dd of=$@ bs=1 seek=$$(wc -c <$<) conv=notrunc 464server5-der9.crt: server5.crt.der 465 cp $< $@ 466 echo 'cff8303376ffa47a29' | xxd -r -p | dd of=$@ bs=1 seek=$$(wc -c <$<) conv=notrunc 467all_final += server5-der0.crt server5-der1b.crt server5-der4.crt \ 468 server5-der9.crt server5-der1a.crt server5-der2.crt \ 469 server5-der8.crt 470 471# directoryname sequence tag malformed 472parse_input/server5-directoryname-seq-malformed.crt.der: parse_input/server5-two-directorynames.crt.der 473 hexdump -ve '1/1 "%.2X"' $< | sed "s/62A4473045310B/62A4473145310B/" | xxd -r -p > $@ 474 475# Second directoryname OID length malformed 03 -> 15 476parse_input/server5-second-directoryname-oid-malformed.crt.der: parse_input/server5-two-directorynames.crt.der 477 hexdump -ve '1/1 "%.2X"' $< | sed "s/0355040A0C0A4D414C464F524D5F4D45/1555040A0C0A4D414C464F524D5F4D45/" | xxd -r -p > $@ 478 479parse_input/rsa_single_san_uri.crt.der rsa_single_san_uri.crt.der: rsa_single_san_uri.key 480 $(OPENSSL) req -x509 -outform der -nodes -days 7300 -newkey rsa:2048 -key $< -out $@ -addext "subjectAltName = URI:urn:example.com:5ff40f78-9210-494f-8206-c2c082f0609c" -extensions 'v3_req' -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS URI SAN" 481 482parse_input/rsa_multiple_san_uri.crt.der: rsa_multiple_san_uri.key 483 $(OPENSSL) req -x509 -outform der -nodes -days 7300 -newkey rsa:2048 -key $< -out $@ -addext "subjectAltName = URI:urn:example.com:5ff40f78-9210-494f-8206-c2c082f0609c, URI:urn:example.com:5ff40f78-9210-494f-8206-abcde1234567" -extensions 'v3_req' -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS URI SAN" 484 485test-int-ca3-badsign.crt: test-int-ca3.crt 486 { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; } > $@ 487all_final += test-int-ca3-badsign.crt 488 489# server10* 490 491server10.crt: server10.key test-int-ca3.crt test-int-ca3.key 492 $(MBEDTLS_CERT_WRITE) subject_key=$< subject_name="CN=localhost" serial=75 \ 493 issuer_crt=test-int-ca3.crt issuer_key=test-int-ca3.key \ 494 subject_identifier=0 authority_identifier=0 \ 495 not_before=20190210144406 not_after=20290210144406 \ 496 md=SHA256 version=3 output_file=$@ 497all_final += server10.crt 498server10-badsign.crt: server10.crt 499 { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; } > $@ 500all_final += server10-badsign.crt 501server10-bs_int3.pem: server10-badsign.crt test-int-ca3.crt 502 cat server10-badsign.crt test-int-ca3.crt > $@ 503all_final += server10-bs_int3.pem 504server10_int3-bs.pem: server10.crt test-int-ca3-badsign.crt 505 cat server10.crt test-int-ca3-badsign.crt > $@ 506all_final += server10_int3-bs.pem 507server10_int3_int-ca2.crt: server10.crt test-int-ca3.crt $(test_ca_int_ec) 508 cat $^ > $@ 509all_final += server10_int3_int-ca2.crt 510server10_int3_int-ca2_ca.crt: server10.crt test-int-ca3.crt $(test_ca_int_ec) $(test_ca_crt) 511 cat $^ > $@ 512all_final += server10_int3_int-ca2_ca.crt 513server10_int3_spurious_int-ca2.crt: server10.crt test-int-ca3.crt $(test_ca_int_rsa1) $(test_ca_int_ec) 514 cat $^ > $@ 515all_final += server10_int3_spurious_int-ca2.crt 516 517rsa_pkcs1_2048_public.pem: server8.key 518 $(OPENSSL) rsa -in $< -outform PEM -RSAPublicKey_out -out $@ 519all_final += rsa_pkcs1_2048_public.pem 520 521rsa_pkcs1_2048_public.der: rsa_pkcs1_2048_public.pem 522 $(OPENSSL) rsa -RSAPublicKey_in -in $< -outform DER -RSAPublicKey_out -out $@ 523all_final += rsa_pkcs1_2048_public.der 524 525rsa_pkcs8_2048_public.pem: server8.key 526 $(OPENSSL) rsa -in $< -outform PEM -pubout -out $@ 527all_final += rsa_pkcs8_2048_public.pem 528 529rsa_pkcs8_2048_public.der: rsa_pkcs8_2048_public.pem 530 $(OPENSSL) rsa -pubin -in $< -outform DER -pubout -out $@ 531all_final += rsa_pkcs8_2048_public.der 532 533# Generate crl_cat_*.pem 534# - crt_cat_*.pem: (1+2) concatenations in various orders: 535# ec = crl-ec-sha256.pem, ecfut = crl-future.pem 536# rsa = crl.pem, rsabadpem = same with pem error, rsaexp = crl_expired.pem 537 538crl_cat_ec-rsa.pem:crl-ec-sha256.pem crl.pem 539 cat $^ > $@ 540 541crl_cat_rsa-ec.pem:crl.pem crl-ec-sha256.pem 542 cat $^ > $@ 543 544all_final += crl_cat_ec-rsa.pem crl_cat_rsa-ec.pem 545 546authorityKeyId_subjectKeyId.crt.der: 547 $(OPENSSL) req -x509 -nodes -days 7300 -key server2.key -outform DER -out $@ -config authorityKeyId_subjectKeyId.conf -extensions 'v3_req' -set_serial 593828494303792449134898749208168108403991951034 548 549authorityKeyId_no_keyid.crt.der: 550 $(OPENSSL) req -x509 -nodes -days 7300 -key server2.key -outform DER -out $@ -config authorityKeyId_subjectKeyId.conf -extensions 'v3_req_authorityKeyId_no_keyid' -set_serial 593828494303792449134898749208168108403991951034 551 552authorityKeyId_no_issuer.crt.der: 553 $(OPENSSL) req -x509 -nodes -days 7300 -key server2.key -outform DER -out $@ -config authorityKeyId_subjectKeyId.conf -extensions 'v3_req_authorityKeyId_no_issuer' 554 555authorityKeyId_no_authorityKeyId.crt.der: 556 $(OPENSSL) req -x509 -nodes -days 7300 -key server2.key -outform DER -out $@ -config authorityKeyId_subjectKeyId.conf -extensions 'v3_req_no_authorityKeyId' 557 558authorityKeyId_subjectKeyId_tag_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der 559 hexdump -ve '1/1 "%.2X"' $< | sed "s/0414A505E864B8DCDF600F50124D60A864AF4D8B4393/0114A505E864B8DCDF600F50124D60A864AF4D8B4393/" | xxd -r -p > $@ 560 561authorityKeyId_subjectKeyId_tag_len_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der 562 hexdump -ve '1/1 "%.2X"' $< | sed "s/0414A505E864B8DCDF600F50124D60A864AF4D8B4393/0413A505E864B8DCDF600F50124D60A864AF4D8B4393/" | xxd -r -p > $@ 563 564authorityKeyId_subjectKeyId_length_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der 565 hexdump -ve '1/1 "%.2X"' $< | sed "s/306D8014A505E864B8DC/306C8014A505E864B8DC/" | xxd -r -p > $@ 566 567authorityKeyId_subjectKeyId_sequence_tag_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der 568 hexdump -ve '1/1 "%.2X"' $< | sed "s/6F306D8014A505E864B8/6F006D8014A505E864B8/" | xxd -r -p > $@ 569 570authorityKeyId_subjectKeyId_keyid_tag_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der 571 hexdump -ve '1/1 "%.2X"' $< | sed "s/306D8014A505E864B8DC/306D0014A505E864B8DC/" | xxd -r -p > $@ 572 573authorityKeyId_subjectKeyId_keyid_tag_len_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der 574 hexdump -ve '1/1 "%.2X"' $< | sed "s/306D8014A505E864B8DC/306D80FFA505E864B8DC/" | xxd -r -p > $@ 575 576authorityKeyId_subjectKeyId_issuer_tag1_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der 577 hexdump -ve '1/1 "%.2X"' $< | sed "s/A13FA43D303B310B3009/003FA43D303B310B3009/" | xxd -r -p > $@ 578 579authorityKeyId_subjectKeyId_issuer_tag2_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der 580 hexdump -ve '1/1 "%.2X"' $< | sed "s/A43D303B310B30090603/003D303B310B30090603/" | xxd -r -p > $@ 581 582authorityKeyId_subjectKeyId_sn_tag_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der 583 hexdump -ve '1/1 "%.2X"' $< | sed "s/8214680430CD074DE63F/8114680430CD074DE63F/" | xxd -r -p > $@ 584 585authorityKeyId_subjectKeyId_sn_len_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der 586 hexdump -ve '1/1 "%.2X"' $< | sed "s/8214680430CD074DE63F/8213680430CD074DE63F/" | xxd -r -p > $@ 587 588################################################################ 589#### Generate various RSA keys 590################################################################ 591 592### Password used for PKCS1-encoded encrypted RSA keys 593keys_rsa_basic_pwd = testkey 594 595### Password used for PKCS8-encoded encrypted RSA keys 596keys_rsa_pkcs8_pwd = PolarSSLTest 597 598### Basic 1024-, 2048- and 4096-bit unencrypted RSA keys from which 599### all other encrypted RSA keys are derived. 600rsa_pkcs1_1024_clear.pem: 601 $(OPENSSL) genrsa -out $@ 1024 602all_final += rsa_pkcs1_1024_clear.pem 603rsa_pkcs1_2048_clear.pem: 604 $(OPENSSL) genrsa -out $@ 2048 605all_final += rsa_pkcs1_2048_clear.pem 606rsa_pkcs1_4096_clear.pem: 607 $(OPENSSL) genrsa -out $@ 4096 608all_final += rsa_pkcs1_4096_clear.pem 609 610### 611### PKCS1-encoded, encrypted RSA keys 612### 613 614### 1024-bit 615rsa_pkcs1_1024_des.pem: rsa_pkcs1_1024_clear.pem 616 $(OPENSSL) rsa -des -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 617all_final += rsa_pkcs1_1024_des.pem 618rsa_pkcs1_1024_3des.pem: rsa_pkcs1_1024_clear.pem 619 $(OPENSSL) rsa -des3 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 620all_final += rsa_pkcs1_1024_3des.pem 621rsa_pkcs1_1024_aes128.pem: rsa_pkcs1_1024_clear.pem 622 $(OPENSSL) rsa -aes128 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 623all_final += rsa_pkcs1_1024_aes128.pem 624rsa_pkcs1_1024_aes192.pem: rsa_pkcs1_1024_clear.pem 625 $(OPENSSL) rsa -aes192 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 626all_final += rsa_pkcs1_1024_aes192.pem 627rsa_pkcs1_1024_aes256.pem: rsa_pkcs1_1024_clear.pem 628 $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 629all_final += rsa_pkcs1_1024_aes256.pem 630keys_rsa_enc_basic_1024: rsa_pkcs1_1024_des.pem rsa_pkcs1_1024_3des.pem rsa_pkcs1_1024_aes128.pem rsa_pkcs1_1024_aes192.pem rsa_pkcs1_1024_aes256.pem 631 632# 2048-bit 633rsa_pkcs1_2048_des.pem: rsa_pkcs1_2048_clear.pem 634 $(OPENSSL) rsa -des -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 635all_final += rsa_pkcs1_2048_des.pem 636rsa_pkcs1_2048_3des.pem: rsa_pkcs1_2048_clear.pem 637 $(OPENSSL) rsa -des3 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 638all_final += rsa_pkcs1_2048_3des.pem 639rsa_pkcs1_2048_aes128.pem: rsa_pkcs1_2048_clear.pem 640 $(OPENSSL) rsa -aes128 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 641all_final += rsa_pkcs1_2048_aes128.pem 642rsa_pkcs1_2048_aes192.pem: rsa_pkcs1_2048_clear.pem 643 $(OPENSSL) rsa -aes192 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 644all_final += rsa_pkcs1_2048_aes192.pem 645rsa_pkcs1_2048_aes256.pem: rsa_pkcs1_2048_clear.pem 646 $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 647all_final += rsa_pkcs1_2048_aes256.pem 648keys_rsa_enc_basic_2048: rsa_pkcs1_2048_des.pem rsa_pkcs1_2048_3des.pem rsa_pkcs1_2048_aes128.pem rsa_pkcs1_2048_aes192.pem rsa_pkcs1_2048_aes256.pem 649 650# 4096-bit 651rsa_pkcs1_4096_des.pem: rsa_pkcs1_4096_clear.pem 652 $(OPENSSL) rsa -des -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 653all_final += rsa_pkcs1_4096_des.pem 654rsa_pkcs1_4096_3des.pem: rsa_pkcs1_4096_clear.pem 655 $(OPENSSL) rsa -des3 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 656all_final += rsa_pkcs1_4096_3des.pem 657rsa_pkcs1_4096_aes128.pem: rsa_pkcs1_4096_clear.pem 658 $(OPENSSL) rsa -aes128 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 659all_final += rsa_pkcs1_4096_aes128.pem 660rsa_pkcs1_4096_aes192.pem: rsa_pkcs1_4096_clear.pem 661 $(OPENSSL) rsa -aes192 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 662all_final += rsa_pkcs1_4096_aes192.pem 663rsa_pkcs1_4096_aes256.pem: rsa_pkcs1_4096_clear.pem 664 $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 665all_final += rsa_pkcs1_4096_aes256.pem 666keys_rsa_enc_basic_4096: rsa_pkcs1_4096_des.pem rsa_pkcs1_4096_3des.pem rsa_pkcs1_4096_aes128.pem rsa_pkcs1_4096_aes192.pem rsa_pkcs1_4096_aes256.pem 667 668### 669### PKCS8-v1 encoded, encrypted RSA keys 670### 671 672### 1024-bit 673rsa_pkcs8_pbe_sha1_1024_3des.der: rsa_pkcs1_1024_clear.pem 674 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES 675all_final += rsa_pkcs8_pbe_sha1_1024_3des.der 676rsa_pkcs8_pbe_sha1_1024_3des.pem: rsa_pkcs1_1024_clear.pem 677 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES 678all_final += rsa_pkcs8_pbe_sha1_1024_3des.pem 679keys_rsa_enc_pkcs8_v1_1024_3des: rsa_pkcs8_pbe_sha1_1024_3des.pem rsa_pkcs8_pbe_sha1_1024_3des.der 680 681rsa_pkcs8_pbe_sha1_1024_2des.der: rsa_pkcs1_1024_clear.pem 682 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES 683all_final += rsa_pkcs8_pbe_sha1_1024_2des.der 684rsa_pkcs8_pbe_sha1_1024_2des.pem: rsa_pkcs1_1024_clear.pem 685 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES 686all_final += rsa_pkcs8_pbe_sha1_1024_2des.pem 687keys_rsa_enc_pkcs8_v1_1024_2des: rsa_pkcs8_pbe_sha1_1024_2des.pem rsa_pkcs8_pbe_sha1_1024_2des.der 688 689keys_rsa_enc_pkcs8_v1_1024: keys_rsa_enc_pkcs8_v1_1024_3des keys_rsa_enc_pkcs8_v1_1024_2des 690 691### 2048-bit 692rsa_pkcs8_pbe_sha1_2048_3des.der: rsa_pkcs1_2048_clear.pem 693 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES 694all_final += rsa_pkcs8_pbe_sha1_2048_3des.der 695rsa_pkcs8_pbe_sha1_2048_3des.pem: rsa_pkcs1_2048_clear.pem 696 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES 697all_final += rsa_pkcs8_pbe_sha1_2048_3des.pem 698keys_rsa_enc_pkcs8_v1_2048_3des: rsa_pkcs8_pbe_sha1_2048_3des.pem rsa_pkcs8_pbe_sha1_2048_3des.der 699 700rsa_pkcs8_pbe_sha1_2048_2des.der: rsa_pkcs1_2048_clear.pem 701 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES 702all_final += rsa_pkcs8_pbe_sha1_2048_2des.der 703rsa_pkcs8_pbe_sha1_2048_2des.pem: rsa_pkcs1_2048_clear.pem 704 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES 705all_final += rsa_pkcs8_pbe_sha1_2048_2des.pem 706keys_rsa_enc_pkcs8_v1_2048_2des: rsa_pkcs8_pbe_sha1_2048_2des.pem rsa_pkcs8_pbe_sha1_2048_2des.der 707 708keys_rsa_enc_pkcs8_v1_2048: keys_rsa_enc_pkcs8_v1_2048_3des keys_rsa_enc_pkcs8_v1_2048_2des 709 710### 4096-bit 711rsa_pkcs8_pbe_sha1_4096_3des.der: rsa_pkcs1_4096_clear.pem 712 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES 713all_final += rsa_pkcs8_pbe_sha1_4096_3des.der 714rsa_pkcs8_pbe_sha1_4096_3des.pem: rsa_pkcs1_4096_clear.pem 715 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES 716all_final += rsa_pkcs8_pbe_sha1_4096_3des.pem 717keys_rsa_enc_pkcs8_v1_4096_3des: rsa_pkcs8_pbe_sha1_4096_3des.pem rsa_pkcs8_pbe_sha1_4096_3des.der 718 719rsa_pkcs8_pbe_sha1_4096_2des.der: rsa_pkcs1_4096_clear.pem 720 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES 721all_final += rsa_pkcs8_pbe_sha1_4096_2des.der 722rsa_pkcs8_pbe_sha1_4096_2des.pem: rsa_pkcs1_4096_clear.pem 723 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES 724all_final += rsa_pkcs8_pbe_sha1_4096_2des.pem 725keys_rsa_enc_pkcs8_v1_4096_2des: rsa_pkcs8_pbe_sha1_4096_2des.pem rsa_pkcs8_pbe_sha1_4096_2des.der 726 727keys_rsa_enc_pkcs8_v1_4096: keys_rsa_enc_pkcs8_v1_4096_3des keys_rsa_enc_pkcs8_v1_4096_2des 728 729### 730### PKCS8-v2 encoded, encrypted RSA keys, no PRF specified (default for OpenSSL1.0: hmacWithSHA1) 731### 732 733### 1024-bit 734rsa_pkcs8_pbes2_pbkdf2_1024_3des.der: rsa_pkcs1_1024_clear.pem 735 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 736all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des.der 737rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem: rsa_pkcs1_1024_clear.pem 738 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 739all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem 740keys_rsa_enc_pkcs8_v2_1024_3des: rsa_pkcs8_pbes2_pbkdf2_1024_3des.der rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem 741 742rsa_pkcs8_pbes2_pbkdf2_1024_des.der: rsa_pkcs1_1024_clear.pem 743 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 744all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des.der 745rsa_pkcs8_pbes2_pbkdf2_1024_des.pem: rsa_pkcs1_1024_clear.pem 746 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 747all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des.pem 748keys_rsa_enc_pkcs8_v2_1024_des: rsa_pkcs8_pbes2_pbkdf2_1024_des.der rsa_pkcs8_pbes2_pbkdf2_1024_des.pem 749 750keys_rsa_enc_pkcs8_v2_1024: keys_rsa_enc_pkcs8_v2_1024_3des keys_rsa_enc_pkcs8_v2_1024_des 751 752### 2048-bit 753rsa_pkcs8_pbes2_pbkdf2_2048_3des.der: rsa_pkcs1_2048_clear.pem 754 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 755all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des.der 756rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem: rsa_pkcs1_2048_clear.pem 757 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 758all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem 759keys_rsa_enc_pkcs8_v2_2048_3des: rsa_pkcs8_pbes2_pbkdf2_2048_3des.der rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem 760 761rsa_pkcs8_pbes2_pbkdf2_2048_des.der: rsa_pkcs1_2048_clear.pem 762 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 763all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des.der 764rsa_pkcs8_pbes2_pbkdf2_2048_des.pem: rsa_pkcs1_2048_clear.pem 765 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 766all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des.pem 767keys_rsa_enc_pkcs8_v2_2048_des: rsa_pkcs8_pbes2_pbkdf2_2048_des.der rsa_pkcs8_pbes2_pbkdf2_2048_des.pem 768 769keys_rsa_enc_pkcs8_v2_2048: keys_rsa_enc_pkcs8_v2_2048_3des keys_rsa_enc_pkcs8_v2_2048_des 770 771### 4096-bit 772rsa_pkcs8_pbes2_pbkdf2_4096_3des.der: rsa_pkcs1_4096_clear.pem 773 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 774all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des.der 775rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem: rsa_pkcs1_4096_clear.pem 776 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 777all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem 778keys_rsa_enc_pkcs8_v2_4096_3des: rsa_pkcs8_pbes2_pbkdf2_4096_3des.der rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem 779 780rsa_pkcs8_pbes2_pbkdf2_4096_des.der: rsa_pkcs1_4096_clear.pem 781 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 782all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des.der 783rsa_pkcs8_pbes2_pbkdf2_4096_des.pem: rsa_pkcs1_4096_clear.pem 784 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 785all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des.pem 786keys_rsa_enc_pkcs8_v2_4096_des: rsa_pkcs8_pbes2_pbkdf2_4096_des.der rsa_pkcs8_pbes2_pbkdf2_4096_des.pem 787 788keys_rsa_enc_pkcs8_v2_4096: keys_rsa_enc_pkcs8_v2_4096_3des keys_rsa_enc_pkcs8_v2_4096_des 789 790### 791### PKCS8-v2 encoded, encrypted RSA keys, PRF hmacWithSHA224 792### 793 794### 1024-bit 795rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der: rsa_pkcs1_1024_clear.pem 796 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 797all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der 798rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem: rsa_pkcs1_1024_clear.pem 799 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 800all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem 801keys_rsa_enc_pkcs8_v2_1024_3des_sha224: rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem 802 803rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der: rsa_pkcs1_1024_clear.pem 804 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 805all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der 806rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem: rsa_pkcs1_1024_clear.pem 807 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 808all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem 809keys_rsa_enc_pkcs8_v2_1024_des_sha224: rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem 810 811keys_rsa_enc_pkcs8_v2_1024_sha224: keys_rsa_enc_pkcs8_v2_1024_3des_sha224 keys_rsa_enc_pkcs8_v2_1024_des_sha224 812 813### 2048-bit 814rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der: rsa_pkcs1_2048_clear.pem 815 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 816all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der 817rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem: rsa_pkcs1_2048_clear.pem 818 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 819all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem 820keys_rsa_enc_pkcs8_v2_2048_3des_sha224: rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem 821 822rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der: rsa_pkcs1_2048_clear.pem 823 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 824all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der 825rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem: rsa_pkcs1_2048_clear.pem 826 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 827all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem 828keys_rsa_enc_pkcs8_v2_2048_des_sha224: rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem 829 830keys_rsa_enc_pkcs8_v2_2048_sha224: keys_rsa_enc_pkcs8_v2_2048_3des_sha224 keys_rsa_enc_pkcs8_v2_2048_des_sha224 831 832### 4096-bit 833rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der: rsa_pkcs1_4096_clear.pem 834 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 835all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der 836rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem: rsa_pkcs1_4096_clear.pem 837 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 838all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem 839keys_rsa_enc_pkcs8_v2_4096_3des_sha224: rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem 840 841rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der: rsa_pkcs1_4096_clear.pem 842 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 843all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der 844rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem: rsa_pkcs1_4096_clear.pem 845 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 846all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem 847keys_rsa_enc_pkcs8_v2_4096_des_sha224: rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem 848 849keys_rsa_enc_pkcs8_v2_4096_sha224: keys_rsa_enc_pkcs8_v2_4096_3des_sha224 keys_rsa_enc_pkcs8_v2_4096_des_sha224 850 851### 852### PKCS8-v2 encoded, encrypted RSA keys, PRF hmacWithSHA256 853### 854 855### 1024-bit 856rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.der: rsa_pkcs1_1024_clear.pem 857 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 858all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.der 859rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.pem: rsa_pkcs1_1024_clear.pem 860 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 861all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.pem 862keys_rsa_enc_pkcs8_v2_1024_3des_sha256: rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.der rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.pem 863 864rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.der: rsa_pkcs1_1024_clear.pem 865 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 866all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.der 867rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.pem: rsa_pkcs1_1024_clear.pem 868 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 869all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.pem 870keys_rsa_enc_pkcs8_v2_1024_des_sha256: rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.der rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.pem 871 872keys_rsa_enc_pkcs8_v2_1024_sha256: keys_rsa_enc_pkcs8_v2_1024_3des_sha256 keys_rsa_enc_pkcs8_v2_1024_des_sha256 873 874### 2048-bit 875rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.der: rsa_pkcs1_2048_clear.pem 876 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 877all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.der 878rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem: rsa_pkcs1_2048_clear.pem 879 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 880all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem 881keys_rsa_enc_pkcs8_v2_2048_3des_sha256: rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.der rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem 882 883rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.der: rsa_pkcs1_2048_clear.pem 884 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 885all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.der 886rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem: rsa_pkcs1_2048_clear.pem 887 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 888all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem 889keys_rsa_enc_pkcs8_v2_2048_des_sha256: rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.der rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem 890 891keys_rsa_enc_pkcs8_v2_2048_sha256: keys_rsa_enc_pkcs8_v2_2048_3des_sha256 keys_rsa_enc_pkcs8_v2_2048_des_sha256 892 893### 4096-bit 894rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der: rsa_pkcs1_4096_clear.pem 895 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 896all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der 897rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem: rsa_pkcs1_4096_clear.pem 898 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 899all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem 900keys_rsa_enc_pkcs8_v2_4096_3des_sha256: rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem 901 902rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der: rsa_pkcs1_4096_clear.pem 903 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 904all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der 905rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem: rsa_pkcs1_4096_clear.pem 906 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 907all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem 908keys_rsa_enc_pkcs8_v2_4096_des_sha256: rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem 909 910keys_rsa_enc_pkcs8_v2_4096_sha256: keys_rsa_enc_pkcs8_v2_4096_3des_sha256 keys_rsa_enc_pkcs8_v2_4096_des_sha256 911 912### 913### PKCS8-v2 encoded, encrypted RSA keys, PRF hmacWithSHA384 914### 915 916### 1024-bit 917rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.der: rsa_pkcs1_1024_clear.pem 918 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 919all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.der 920rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem: rsa_pkcs1_1024_clear.pem 921 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 922all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem 923keys_rsa_enc_pkcs8_v2_1024_3des_sha384: rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.der rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem 924 925rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.der: rsa_pkcs1_1024_clear.pem 926 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 927all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.der 928rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.pem: rsa_pkcs1_1024_clear.pem 929 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 930all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.pem 931keys_rsa_enc_pkcs8_v2_1024_des_sha384: rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.der rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.pem 932 933keys_rsa_enc_pkcs8_v2_1024_sha384: keys_rsa_enc_pkcs8_v2_1024_3des_sha384 keys_rsa_enc_pkcs8_v2_1024_des_sha384 934 935### 2048-bit 936rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der: rsa_pkcs1_2048_clear.pem 937 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 938all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der 939rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem: rsa_pkcs1_2048_clear.pem 940 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 941all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem 942keys_rsa_enc_pkcs8_v2_2048_3des_sha384: rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem 943 944rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der: rsa_pkcs1_2048_clear.pem 945 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 946all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der 947rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem: rsa_pkcs1_2048_clear.pem 948 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 949all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem 950keys_rsa_enc_pkcs8_v2_2048_des_sha384: rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem 951 952keys_rsa_enc_pkcs8_v2_2048_sha384: keys_rsa_enc_pkcs8_v2_2048_3des_sha384 keys_rsa_enc_pkcs8_v2_2048_des_sha384 953 954### 4096-bit 955rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der: rsa_pkcs1_4096_clear.pem 956 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 957all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der 958rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem: rsa_pkcs1_4096_clear.pem 959 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 960all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem 961keys_rsa_enc_pkcs8_v2_4096_3des_sha384: rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem 962 963rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der: rsa_pkcs1_4096_clear.pem 964 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 965all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der 966rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem: rsa_pkcs1_4096_clear.pem 967 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 968all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem 969keys_rsa_enc_pkcs8_v2_4096_des_sha384: rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem 970 971keys_rsa_enc_pkcs8_v2_4096_sha384: keys_rsa_enc_pkcs8_v2_4096_3des_sha384 keys_rsa_enc_pkcs8_v2_4096_des_sha384 972 973### 974### PKCS8-v2 encoded, encrypted RSA keys, PRF hmacWithSHA512 975### 976 977### 1024-bit 978rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.der: rsa_pkcs1_1024_clear.pem 979 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 980all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.der 981rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.pem: rsa_pkcs1_1024_clear.pem 982 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 983all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.pem 984keys_rsa_enc_pkcs8_v2_1024_3des_sha512: rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.der rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.pem 985 986rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.der: rsa_pkcs1_1024_clear.pem 987 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 988all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.der 989rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.pem: rsa_pkcs1_1024_clear.pem 990 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 991all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.pem 992keys_rsa_enc_pkcs8_v2_1024_des_sha512: rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.der rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.pem 993 994keys_rsa_enc_pkcs8_v2_1024_sha512: keys_rsa_enc_pkcs8_v2_1024_3des_sha512 keys_rsa_enc_pkcs8_v2_1024_des_sha512 995 996### 2048-bit 997rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.der: rsa_pkcs1_2048_clear.pem 998 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 999all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.der 1000rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem: rsa_pkcs1_2048_clear.pem 1001 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1002all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem 1003keys_rsa_enc_pkcs8_v2_2048_3des_sha512: rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.der rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem 1004 1005rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.der: rsa_pkcs1_2048_clear.pem 1006 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1007all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.der 1008rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem: rsa_pkcs1_2048_clear.pem 1009 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1010all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem 1011keys_rsa_enc_pkcs8_v2_2048_des_sha512: rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.der rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem 1012 1013keys_rsa_enc_pkcs8_v2_2048_sha512: keys_rsa_enc_pkcs8_v2_2048_3des_sha512 keys_rsa_enc_pkcs8_v2_2048_des_sha512 1014 1015### 4096-bit 1016rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der: rsa_pkcs1_4096_clear.pem 1017 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1018all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der 1019rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem: rsa_pkcs1_4096_clear.pem 1020 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1021all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem 1022keys_rsa_enc_pkcs8_v2_4096_3des_sha512: rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem 1023 1024rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der: rsa_pkcs1_4096_clear.pem 1025 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1026all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der 1027rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem: rsa_pkcs1_4096_clear.pem 1028 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 1029all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem 1030keys_rsa_enc_pkcs8_v2_4096_des_sha512: rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem 1031 1032keys_rsa_enc_pkcs8_v2_4096_sha512: keys_rsa_enc_pkcs8_v2_4096_3des_sha512 keys_rsa_enc_pkcs8_v2_4096_des_sha512 1033 1034### 1035### Rules to generate all RSA keys from a particular class 1036### 1037 1038### Generate basic unencrypted RSA keys 1039keys_rsa_unenc: rsa_pkcs1_1024_clear.pem rsa_pkcs1_2048_clear.pem rsa_pkcs1_4096_clear.pem 1040 1041### Generate PKCS1-encoded encrypted RSA keys 1042keys_rsa_enc_basic: keys_rsa_enc_basic_1024 keys_rsa_enc_basic_2048 keys_rsa_enc_basic_4096 1043 1044### Generate PKCS8-v1 encrypted RSA keys 1045keys_rsa_enc_pkcs8_v1: keys_rsa_enc_pkcs8_v1_1024 keys_rsa_enc_pkcs8_v1_2048 keys_rsa_enc_pkcs8_v1_4096 1046 1047### Generate PKCS8-v2 encrypted RSA keys 1048keys_rsa_enc_pkcs8_v2: keys_rsa_enc_pkcs8_v2_1024 keys_rsa_enc_pkcs8_v2_2048 keys_rsa_enc_pkcs8_v2_4096 keys_rsa_enc_pkcs8_v2_1024_sha224 keys_rsa_enc_pkcs8_v2_2048_sha224 keys_rsa_enc_pkcs8_v2_4096_sha224 keys_rsa_enc_pkcs8_v2_1024_sha256 keys_rsa_enc_pkcs8_v2_2048_sha256 keys_rsa_enc_pkcs8_v2_4096_sha256 keys_rsa_enc_pkcs8_v2_1024_sha384 keys_rsa_enc_pkcs8_v2_2048_sha384 keys_rsa_enc_pkcs8_v2_4096_sha384 keys_rsa_enc_pkcs8_v2_1024_sha512 keys_rsa_enc_pkcs8_v2_2048_sha512 keys_rsa_enc_pkcs8_v2_4096_sha512 1049 1050### Generate all RSA keys 1051keys_rsa_all: keys_rsa_unenc keys_rsa_enc_basic keys_rsa_enc_pkcs8_v1 keys_rsa_enc_pkcs8_v2 1052 1053################################################################ 1054#### Generate various EC keys 1055################################################################ 1056 1057### 1058### PKCS8 encoded 1059### 1060 1061ec_prv.pk8.der: 1062 $(OPENSSL) genpkey -algorithm EC -pkeyopt ec_paramgen_curve:prime192v1 -pkeyopt ec_param_enc:named_curve -out $@ -outform DER 1063all_final += ec_prv.pk8.der 1064 1065# ### Instructions for creating `ec_prv.pk8nopub.der`, 1066# ### `ec_prv.pk8nopubparam.der`, and `ec_prv.pk8param.der` by hand from 1067# ### `ec_prv.pk8.der`. 1068# 1069# These instructions assume you are familiar with ASN.1 DER encoding and can 1070# use a hex editor to manipulate DER. 1071# 1072# The relevant ASN.1 definitions for a PKCS#8 encoded Elliptic Curve key are: 1073# 1074# PrivateKeyInfo ::= SEQUENCE { 1075# version Version, 1076# privateKeyAlgorithm PrivateKeyAlgorithmIdentifier, 1077# privateKey PrivateKey, 1078# attributes [0] IMPLICIT Attributes OPTIONAL 1079# } 1080# 1081# AlgorithmIdentifier ::= SEQUENCE { 1082# algorithm OBJECT IDENTIFIER, 1083# parameters ANY DEFINED BY algorithm OPTIONAL 1084# } 1085# 1086# ECParameters ::= CHOICE { 1087# namedCurve OBJECT IDENTIFIER 1088# -- implicitCurve NULL 1089# -- specifiedCurve SpecifiedECDomain 1090# } 1091# 1092# ECPrivateKey ::= SEQUENCE { 1093# version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1), 1094# privateKey OCTET STRING, 1095# parameters [0] ECParameters {{ NamedCurve }} OPTIONAL, 1096# publicKey [1] BIT STRING OPTIONAL 1097# } 1098# 1099# `ec_prv.pk8.der` as generatde above by OpenSSL should have the following 1100# fields: 1101# 1102# * privateKeyAlgorithm namedCurve 1103# * privateKey.parameters NOT PRESENT 1104# * privateKey.publicKey PRESENT 1105# * attributes NOT PRESENT 1106# 1107# # ec_prv.pk8nopub.der 1108# 1109# Take `ec_prv.pk8.der` and remove `privateKey.publicKey`. 1110# 1111# # ec_prv.pk8nopubparam.der 1112# 1113# Take `ec_prv.pk8nopub.der` and add `privateKey.parameters`, the same value as 1114# `privateKeyAlgorithm.namedCurve`. Don't forget to add the explicit tag. 1115# 1116# # ec_prv.pk8param.der 1117# 1118# Take `ec_prv.pk8.der` and add `privateKey.parameters`, the same value as 1119# `privateKeyAlgorithm.namedCurve`. Don't forget to add the explicit tag. 1120 1121ec_prv.pk8.pem: ec_prv.pk8.der 1122 $(OPENSSL) pkey -in $< -inform DER -out $@ 1123all_final += ec_prv.pk8.pem 1124ec_prv.pk8nopub.pem: ec_prv.pk8nopub.der 1125 $(OPENSSL) pkey -in $< -inform DER -out $@ 1126all_final += ec_prv.pk8nopub.pem 1127ec_prv.pk8nopubparam.pem: ec_prv.pk8nopubparam.der 1128 $(OPENSSL) pkey -in $< -inform DER -out $@ 1129all_final += ec_prv.pk8nopubparam.pem 1130ec_prv.pk8param.pem: ec_prv.pk8param.der 1131 $(OPENSSL) pkey -in $< -inform DER -out $@ 1132all_final += ec_prv.pk8param.pem 1133 1134ec_pub.pem: ec_prv.sec1.der 1135 $(OPENSSL) pkey -in $< -inform DER -outform PEM -pubout -out $@ 1136all_final += ec_pub.pem 1137 1138ec_prv.sec1.comp.pem: ec_prv.sec1.pem 1139 $(OPENSSL) ec -in $< -out $@ -conv_form compressed 1140all_final += ec_prv.sec1.comp.pem 1141 1142ec_224_prv.comp.pem: ec_224_prv.pem 1143 $(OPENSSL) ec -in $< -out $@ -conv_form compressed 1144all_final += ec_224_prv.comp.pem 1145 1146ec_256_prv.comp.pem: ec_256_prv.pem 1147 $(OPENSSL) ec -in $< -out $@ -conv_form compressed 1148all_final += ec_256_prv.comp.pem 1149 1150ec_384_prv.comp.pem: ec_384_prv.pem 1151 $(OPENSSL) ec -in $< -out $@ -conv_form compressed 1152all_final += ec_384_prv.comp.pem 1153 1154ec_521_prv.comp.pem: ec_521_prv.pem 1155 $(OPENSSL) ec -in $< -out $@ -conv_form compressed 1156all_final += ec_521_prv.comp.pem 1157 1158ec_bp256_prv.comp.pem: ec_bp256_prv.pem 1159 $(OPENSSL) ec -in $< -out $@ -conv_form compressed 1160all_final += ec_bp256_prv.comp.pem 1161 1162ec_bp384_prv.comp.pem: ec_bp384_prv.pem 1163 $(OPENSSL) ec -in $< -out $@ -conv_form compressed 1164all_final += ec_bp384_prv.comp.pem 1165 1166ec_bp512_prv.comp.pem: ec_bp512_prv.pem 1167 $(OPENSSL) ec -in $< -out $@ -conv_form compressed 1168all_final += ec_bp512_prv.comp.pem 1169 1170ec_pub.comp.pem: ec_pub.pem 1171 $(OPENSSL) ec -pubin -in $< -out $@ -conv_form compressed 1172all_final += ec_pub.comp.pem 1173 1174ec_224_pub.comp.pem: ec_224_pub.pem 1175 $(OPENSSL) ec -pubin -in $< -out $@ -conv_form compressed 1176all_final += ec_224_pub.comp.pem 1177 1178ec_256_pub.comp.pem: ec_256_pub.pem 1179 $(OPENSSL) ec -pubin -in $< -out $@ -conv_form compressed 1180all_final += ec_256_pub.comp.pem 1181 1182ec_384_pub.comp.pem: ec_384_pub.pem 1183 $(OPENSSL) ec -pubin -in $< -out $@ -conv_form compressed 1184all_final += ec_384_pub.comp.pem 1185 1186ec_521_pub.comp.pem: ec_521_pub.pem 1187 $(OPENSSL) ec -pubin -in $< -out $@ -conv_form compressed 1188all_final += ec_521_pub.comp.pem 1189 1190ec_bp256_pub.comp.pem: ec_bp256_pub.pem 1191 $(OPENSSL) ec -pubin -in $< -out $@ -conv_form compressed 1192all_final += ec_bp256_pub.comp.pem 1193 1194ec_bp384_pub.comp.pem: ec_bp384_pub.pem 1195 $(OPENSSL) ec -pubin -in $< -out $@ -conv_form compressed 1196all_final += ec_bp384_pub.comp.pem 1197 1198ec_bp512_pub.comp.pem: ec_bp512_pub.pem 1199 $(OPENSSL) ec -pubin -in $< -out $@ -conv_form compressed 1200all_final += ec_bp512_pub.comp.pem 1201 1202ec_x25519_prv.der: 1203 $(OPENSSL) genpkey -algorithm X25519 -out $@ -outform DER 1204all_final += ec_x25519_prv.der 1205 1206ec_x25519_pub.der: ec_x25519_prv.der 1207 $(OPENSSL) pkey -in $< -inform DER -out $@ -outform DER -pubout 1208all_final += ec_x25519_pub.der 1209 1210ec_x25519_prv.pem: ec_x25519_prv.der 1211 $(OPENSSL) pkey -in $< -inform DER -out $@ 1212all_final += ec_x25519_prv.pem 1213 1214ec_x25519_pub.pem: ec_x25519_prv.der 1215 $(OPENSSL) pkey -in $< -inform DER -out $@ -pubout 1216all_final += ec_x25519_pub.pem 1217 1218ec_x448_prv.der: 1219 $(OPENSSL) genpkey -algorithm X448 -out $@ -outform DER 1220all_final += ec_x448_prv.der 1221 1222ec_x448_pub.der: ec_x448_prv.der 1223 $(OPENSSL) pkey -in $< -inform DER -out $@ -outform DER -pubout 1224all_final += ec_x448_pub.der 1225 1226ec_x448_prv.pem: ec_x448_prv.der 1227 $(OPENSSL) pkey -in $< -inform DER -out $@ 1228all_final += ec_x448_prv.pem 1229 1230ec_x448_pub.pem: ec_x448_prv.der 1231 $(OPENSSL) pkey -in $< -inform DER -out $@ -pubout 1232all_final += ec_x448_pub.pem 1233 1234################################################################ 1235#### Convert PEM keys to DER format 1236################################################################ 1237server1.pubkey.der: server1.pubkey 1238 $(OPENSSL) pkey -pubin -in $< -out $@ -outform DER 1239all_final += server1.pubkey.der 1240 1241rsa4096_pub.der: rsa4096_pub.pem 1242 $(OPENSSL) pkey -pubin -in $< -out $@ -outform DER 1243all_final += rsa4096_pub.der 1244 1245ec_pub.der: ec_pub.pem 1246 $(OPENSSL) pkey -pubin -in $< -out $@ -outform DER 1247all_final += ec_pub.der 1248 1249ec_521_pub.der: ec_521_pub.pem 1250 $(OPENSSL) pkey -pubin -in $< -out $@ -outform DER 1251all_final += ec_521_pub.der 1252 1253ec_bp512_pub.der: ec_bp512_pub.pem 1254 $(OPENSSL) pkey -pubin -in $< -out $@ -outform DER 1255all_final += ec_bp512_pub.der 1256 1257server1.key.der: server1.key 1258 $(OPENSSL) pkey -in $< -out $@ -outform DER 1259all_final += server1.key.der 1260 1261rsa4096_prv.der: rsa4096_prv.pem 1262 $(OPENSSL) pkey -in $< -out $@ -outform DER 1263all_final += rsa4096_prv.der 1264 1265ec_prv.sec1.der: ec_prv.sec1.pem 1266 $(OPENSSL) pkey -in $< -out $@ -outform DER 1267all_final += ec_prv.sec1.der 1268 1269ec_256_long_prv.der: ec_256_long_prv.pem 1270 $(OPENSSL) pkey -in $< -out $@ -outform DER 1271all_final += ec_256_long_prv.der 1272 1273ec_521_prv.der: ec_521_prv.pem 1274 $(OPENSSL) pkey -in $< -out $@ -outform DER 1275all_final += ec_521_prv.der 1276 1277ec_521_short_prv.der: ec_521_short_prv.pem 1278 $(OPENSSL) pkey -in $< -out $@ -outform DER 1279all_final += ec_521_short_prv.der 1280 1281ec_bp512_prv.der: ec_bp512_prv.pem 1282 $(OPENSSL) pkey -in $< -out $@ -outform DER 1283all_final += ec_bp512_prv.der 1284 1285################################################################ 1286### Generate CSRs for X.509 write test suite 1287################################################################ 1288 1289parse_input/server1.req.sha1 server1.req.sha1: server1.key 1290 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 1291all_final += server1.req.sha1 1292 1293parse_input/server1.req.md5 server1.req.md5: server1.key 1294 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=MD5 1295all_final += server1.req.md5 1296 1297parse_input/server1.req.sha224 server1.req.sha224: server1.key 1298 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA224 1299all_final += server1.req.sha224 1300 1301parse_input/server1.req.sha256 server1.req.sha256: server1.key 1302 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA256 1303all_final += server1.req.sha256 1304 1305server1.req.sha256.ext: server1.key 1306 # Generating this with OpenSSL as a comparison point to test we're getting the same result 1307 openssl req -new -out $@ -key $< -subj '/C=NL/O=PolarSSL/CN=PolarSSL Server 1' -sha256 -addext "extendedKeyUsage=serverAuth" -addext "subjectAltName=URI:http://pki.example.com/,IP:127.1.1.0,DNS:example.com" 1308all_final += server1.req.sha256.ext 1309 1310parse_input/server1.req.sha384 server1.req.sha384: server1.key 1311 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA384 1312all_final += server1.req.sha384 1313 1314parse_input/server1.req.sha512 server1.req.sha512: server1.key 1315 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA512 1316all_final += server1.req.sha512 1317 1318server1.req.cert_type: server1.key 1319 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< ns_cert_type=ssl_server subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 1320all_final += server1.req.cert_type 1321 1322server1.req.key_usage: server1.key 1323 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< key_usage=digital_signature,non_repudiation,key_encipherment subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 1324all_final += server1.req.key_usage 1325 1326server1.req.ku-ct: server1.key 1327 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< key_usage=digital_signature,non_repudiation,key_encipherment ns_cert_type=ssl_server subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 1328all_final += server1.req.ku-ct 1329 1330server1.req.key_usage_empty: server1.key 1331 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 force_key_usage=1 1332all_final += server1.req.key_usage_empty 1333 1334server1.req.cert_type_empty: server1.key 1335 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 force_ns_cert_type=1 1336all_final += server1.req.cert_type_empty 1337 1338parse_input/server1.req.commas.sha256: server1.key 1339 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL\, Commas,CN=PolarSSL Server 1" md=SHA256 1340 1341# server2* 1342 1343server2_pwd_ec = PolarSSLTest 1344 1345server2.req.sha256: server2.key 1346 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=localhost" md=SHA256 1347all_intermediate += server2.req.sha256 1348 1349parse_input/server2.crt.der: parse_input/server2.crt 1350server2.crt.der: server2.crt 1351parse_input/server2.crt.der server2.crt.der: 1352 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 1353all_final += server2.crt.der 1354 1355server2-sha256.crt.der: server2-sha256.crt 1356 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 1357all_final += server2-sha256.crt.der 1358 1359server2.key.der: server2.key 1360 $(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER 1361all_final += server2.key.der 1362 1363server2.key.enc: server2.key 1364 $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(server2_pwd_ec)" 1365all_final += server2.key.enc 1366 1367# server5* 1368 1369server5.csr: server5.key 1370 $(OPENSSL) req -new -subj "/C=NL/O=PolarSSL/CN=localhost" \ 1371 -key $< -out $@ 1372all_intermediate += server5.csr 1373parse_input/server5.crt server5.crt: server5-sha256.crt 1374 cp $< $@ 1375all_intermediate += server5-sha256.crt 1376server5-sha%.crt: server5.csr $(test_ca_crt_file_ec) $(test_ca_key_file_ec) server5.crt.openssl.v3_ext 1377 $(OPENSSL) x509 -req -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) \ 1378 -extfile server5.crt.openssl.v3_ext -set_serial 9 -days 3650 \ 1379 -sha$(@F:server5-sha%.crt=%) -in $< -out $@ 1380all_final += server5.crt server5-sha1.crt server5-sha224.crt server5-sha384.crt server5-sha512.crt 1381 1382server5-badsign.crt: server5.crt 1383 { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; } > $@ 1384all_final += server5-badsign.crt 1385 1386# The use of 'Server 1' in the DN is intentional here, as the DN is hardcoded in the x509_write test suite.' 1387server5.req.ku.sha1: server5.key 1388 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< key_usage=digital_signature,non_repudiation subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 1389all_final += server5.req.ku.sha1 1390 1391# server6* 1392 1393server6.csr: server6.key 1394 $(OPENSSL) req -new -subj "/C=NL/O=PolarSSL/CN=localhost" \ 1395 -key $< -out $@ 1396all_intermediate += server6.csr 1397server6.crt: server6.csr $(test_ca_crt_file_ec) $(test_ca_key_file_ec) 1398 $(OPENSSL) x509 -req -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) \ 1399 -extfile server5.crt.openssl.v3_ext -set_serial 10 -days 3650 -sha256 -in $< -out $@ 1400all_final += server6.crt 1401 1402################################################################ 1403### Generate certificates for CRT write check tests 1404################################################################ 1405 1406### The test files use the Mbed TLS generated certificates server1*.crt, 1407### but for comparison with OpenSSL also rules for OpenSSL-generated 1408### certificates server1*.crt.openssl are offered. 1409### 1410### Known differences: 1411### * OpenSSL encodes trailing zero-bits in bit-strings occurring in X.509 extension 1412### as unused bits, while Mbed TLS doesn't. 1413 1414test_ca_server1_db = test-ca.server1.db 1415test_ca_server1_serial = test-ca.server1.serial 1416test_ca_server1_config_file = test-ca.server1.opensslconf 1417 1418# server1* 1419 1420parse_input/server1.crt: parse_input/server1.req.sha256 1421server1.crt: server1.req.sha256 1422parse_input/server1.crt server1.crt: $(test_ca_crt) $(test_ca_key_file_rsa) 1423parse_input/server1.crt server1.crt: 1424 $(MBEDTLS_CERT_WRITE) request_file=$(@D)/server1.req.sha256 \ 1425 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) \ 1426 issuer_pwd=$(test_ca_pwd_rsa) version=1 \ 1427 not_before=20190210144406 not_after=20290210144406 \ 1428 md=SHA1 version=3 output_file=$@ 1429server1.allSubjectAltNames.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 1430 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ san=URI:http://pki.example.com\;IP:1.2.3.4\;DN:C=UK,O="Mbed TLS",CN="SubjectAltName test"\;DNS:example.com\;RFC822:mail@example.com 1431server1.long_serial.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 1432 echo "112233445566778899aabbccddeeff0011223344" > test-ca.server1.tmp.serial 1433 $(OPENSSL) ca -in server1.req.sha256 -key PolarSSLTest -config test-ca.server1.test_serial.opensslconf -notext -batch -out $@ 1434server1.80serial.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 1435 echo "8011223344" > test-ca.server1.tmp.serial 1436 $(OPENSSL) ca -in server1.req.sha256 -key PolarSSLTest -config test-ca.server1.test_serial.opensslconf -notext -batch -out $@ 1437server1.long_serial_FF.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 1438 echo "ffffffffffffffffffffffffffffffff" > test-ca.server1.tmp.serial 1439 $(OPENSSL) ca -in server1.req.sha256 -key PolarSSLTest -config test-ca.server1.test_serial.opensslconf -notext -batch -out $@ 1440server1.noauthid.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 1441 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 authority_identifier=0 version=3 output_file=$@ 1442parse_input/server1.crt.der: parse_input/server1.crt 1443 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 \ 1444 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) \ 1445 issuer_pwd=$(test_ca_pwd_rsa) \ 1446 not_before=20190210144406 not_after=20290210144406 \ 1447 md=SHA1 authority_identifier=0 version=3 output_file=$@ 1448server1.der: server1.crt 1449 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 1450server1.commas.crt: server1.key parse_input/server1.req.commas.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 1451 $(MBEDTLS_CERT_WRITE) request_file=parse_input/server1.req.commas.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ 1452all_final += server1.crt server1.noauthid.crt server1.crt.der server1.commas.crt 1453 1454parse_input/server1.key_usage.crt: parse_input/server1.req.sha256 1455server1.key_usage.crt: server1.req.sha256 1456parse_input/server1.key_usage.crt server1.key_usage.crt: $(test_ca_crt) $(test_ca_key_file_rsa) 1457parse_input/server1.key_usage.crt server1.key_usage.crt: 1458 $(MBEDTLS_CERT_WRITE) request_file=$(@D)/server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 key_usage=digital_signature,non_repudiation,key_encipherment version=3 output_file=$@ 1459server1.key_usage_noauthid.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 1460 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 key_usage=digital_signature,non_repudiation,key_encipherment authority_identifier=0 version=3 output_file=$@ 1461server1.key_usage.der: server1.key_usage.crt 1462 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 1463all_final += server1.key_usage.crt server1.key_usage_noauthid.crt server1.key_usage.der 1464 1465parse_input/server1.cert_type.crt: parse_input/server1.req.sha256 1466server1.cert_type.crt: server1.req.sha256 1467parse_input/server1.cert_type.crt server1.cert_type.crt: $(test_ca_crt) $(test_ca_key_file_rsa) 1468parse_input/server1.cert_type.crt server1.cert_type.crt: 1469 $(MBEDTLS_CERT_WRITE) request_file=$(@D)/server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 ns_cert_type=ssl_server version=3 output_file=$@ 1470server1.cert_type_noauthid.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 1471 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 ns_cert_type=ssl_server authority_identifier=0 version=3 output_file=$@ 1472server1.cert_type.der: server1.cert_type.crt 1473 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 1474all_final += server1.cert_type.crt server1.cert_type_noauthid.crt server1.cert_type.der 1475 1476server1.v1.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 1477 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 version=1 output_file=$@ 1478server1.v1.der: server1.v1.crt 1479 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 1480all_final += server1.v1.crt server1.v1.der 1481 1482server1.ca.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 1483 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 is_ca=1 version=3 output_file=$@ 1484server1.ca_noauthid.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 1485 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 authority_identifier=0 is_ca=1 version=3 output_file=$@ 1486server1.ca.der: server1.ca.crt 1487 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 1488all_final += server1.ca.crt server1.ca_noauthid.crt server1.ca.der 1489 1490server1_ca.crt: server1.crt $(test_ca_crt) 1491 cat server1.crt $(test_ca_crt) > $@ 1492all_final += server1_ca.crt 1493 1494parse_input/cert_sha1.crt cert_sha1.crt: server1.key 1495 $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=PolarSSL Cert SHA1" serial=7 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ 1496all_final += cert_sha1.crt 1497 1498parse_input/cert_sha224.crt cert_sha224.crt: server1.key 1499 $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=PolarSSL Cert SHA224" serial=8 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA224 version=3 output_file=$@ 1500all_final += cert_sha224.crt 1501 1502parse_input/cert_sha256.crt cert_sha256.crt: server1.key 1503 $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=PolarSSL Cert SHA256" serial=9 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA256 version=3 output_file=$@ 1504all_final += cert_sha256.crt 1505 1506parse_input/cert_sha384.crt cert_sha384.crt: server1.key 1507 $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=PolarSSL Cert SHA384" serial=10 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA384 version=3 output_file=$@ 1508all_final += cert_sha384.crt 1509 1510parse_input/cert_sha512.crt cert_sha512.crt: server1.key 1511 $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=PolarSSL Cert SHA512" serial=11 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA512 version=3 output_file=$@ 1512all_final += cert_sha512.crt 1513 1514cert_example_wildcard.crt: server1.key 1515 $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=*.example.com" serial=12 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ 1516all_final += cert_example_wildcard.crt 1517 1518# OpenSSL-generated certificates for comparison 1519# Also provide certificates in DER format to allow 1520# direct binary comparison using e.g. dumpasn1 1521server1.crt.openssl server1.key_usage.crt.openssl server1.cert_type.crt.openssl: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_server1_config_file) 1522 echo "01" > $(test_ca_server1_serial) 1523 rm -f $(test_ca_server1_db) 1524 touch $(test_ca_server1_db) 1525 $(OPENSSL) ca -batch -passin "pass:$(test_ca_pwd_rsa)" -config $(test_ca_server1_config_file) -in server1.req.sha256 -extensions v3_ext -extfile $@.v3_ext -out $@ 1526server1.der.openssl: server1.crt.openssl 1527 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 1528server1.key_usage.der.openssl: server1.key_usage.crt.openssl 1529 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 1530server1.cert_type.der.openssl: server1.cert_type.crt.openssl 1531 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 1532 1533server1.v1.crt.openssl: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_server1_config_file) 1534 echo "01" > $(test_ca_server1_serial) 1535 rm -f $(test_ca_server1_db) 1536 touch $(test_ca_server1_db) 1537 $(OPENSSL) ca -batch -passin "pass:$(test_ca_pwd_rsa)" -config $(test_ca_server1_config_file) -in server1.req.sha256 -out $@ 1538server1.v1.der.openssl: server1.v1.crt.openssl 1539 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 1540 1541# To revoke certificate in the openssl database: 1542# 1543# $(OPENSSL) ca -gencrl -batch -cert $(test_ca_crt) -keyfile $(test_ca_key_file_rsa) -key $(test_ca_pwd_rsa) -config $(test_ca_server1_config_file) -md sha256 -crldays 365 -revoke server1.crt 1544 1545crl.pem: $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_config_file) 1546 $(OPENSSL) ca -gencrl -batch -cert $(test_ca_crt) -keyfile $(test_ca_key_file_rsa) -key $(test_ca_pwd_rsa) -config $(test_ca_server1_config_file) -md sha1 -crldays 3653 -out $@ 1547 1548crl-futureRevocationDate.pem: $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_config_file) test-ca.server1.future-crl.db test-ca.server1.future-crl.opensslconf 1549 $(FAKETIME) '2028-12-31' $(OPENSSL) ca -gencrl -config test-ca.server1.future-crl.opensslconf -crldays 365 -passin "pass:$(test_ca_pwd_rsa)" -out $@ 1550 1551server1_all: crl.pem crl-futureRevocationDate.pem server1.crt server1.noauthid.crt server1.crt.openssl server1.v1.crt server1.v1.crt.openssl server1.key_usage.crt server1.key_usage_noauthid.crt server1.key_usage.crt.openssl server1.cert_type.crt server1.cert_type_noauthid.crt server1.cert_type.crt.openssl server1.der server1.der.openssl server1.v1.der server1.v1.der.openssl server1.key_usage.der server1.key_usage.der.openssl server1.cert_type.der server1.cert_type.der.openssl 1552 1553# server2* 1554 1555parse_input/server2.crt server2.crt: server2.req.sha256 1556 $(MBEDTLS_CERT_WRITE) request_file=server2.req.sha256 serial=2 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ 1557all_final += server2.crt 1558 1559server2.der: server2.crt 1560 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 1561all_final += server2.crt server2.der 1562 1563server2-sha256.crt: server2.req.sha256 1564 $(MBEDTLS_CERT_WRITE) request_file=server2.req.sha256 serial=2 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA256 version=3 output_file=$@ 1565all_final += server2-sha256.crt 1566 1567# server3* 1568 1569parse_input/server3.crt server3.crt: server3.key 1570 $(MBEDTLS_CERT_WRITE) subject_key=$< subject_name="C=NL,O=PolarSSL,CN=localhost" serial=13 \ 1571 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) \ 1572 not_before=20190210144406 not_after=20290210144406 \ 1573 md=SHA1 version=3 output_file=$@ 1574all_final += server3.crt 1575 1576# server4* 1577 1578parse_input/server4.crt server4.crt: server4.key 1579 $(MBEDTLS_CERT_WRITE) subject_key=$< subject_name="C=NL,O=PolarSSL,CN=localhost" serial=8 \ 1580 issuer_crt=$(test_ca_crt_file_ec) issuer_key=$(test_ca_key_file_ec) \ 1581 not_before=20190210144400 not_after=20290210144400 \ 1582 md=SHA256 version=3 output_file=$@ 1583all_final += server4.crt 1584 1585# MD5 test certificate 1586 1587cert_md_test_key = $(cli_crt_key_file_rsa) 1588 1589cert_md5.csr: $(cert_md_test_key) 1590 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Cert MD5" md=MD5 1591all_intermediate += cert_md5.csr 1592 1593parse_input/cert_md5.crt cert_md5.crt: cert_md5.csr 1594 $(MBEDTLS_CERT_WRITE) request_file=$< serial=6 \ 1595 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) \ 1596 issuer_pwd=$(test_ca_pwd_rsa) \ 1597 not_before=20000101121212 not_after=20300101121212 \ 1598 md=MD5 version=3 output_file=$@ 1599all_final += cert_md5.crt 1600 1601# TLSv1.3 test certificates 1602ecdsa_secp256r1.key: ec_256_prv.pem 1603 cp $< $@ 1604 1605ecdsa_secp256r1.csr: ecdsa_secp256r1.key 1606 $(OPENSSL) req -new -subj "/C=NL/O=PolarSSL/CN=localhost" \ 1607 -key $< -out $@ 1608all_intermediate += ecdsa_secp256r1.csr 1609ecdsa_secp256r1.crt: ecdsa_secp256r1.csr 1610 $(OPENSSL) x509 -req -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) \ 1611 -set_serial 77 -days 3653 -sha384 -in $< -out $@ 1612all_final += ecdsa_secp256r1.crt ecdsa_secp256r1.key 1613tls13_certs: ecdsa_secp256r1.crt ecdsa_secp256r1.key 1614 1615ecdsa_secp384r1.key: ec_384_prv.pem 1616 cp $< $@ 1617ecdsa_secp384r1.csr: ecdsa_secp384r1.key 1618 $(OPENSSL) req -new -subj "/C=NL/O=PolarSSL/CN=localhost" \ 1619 -key $< -out $@ 1620all_intermediate += ecdsa_secp384r1.csr 1621ecdsa_secp384r1.crt: ecdsa_secp384r1.csr 1622 $(OPENSSL) x509 -req -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) \ 1623 -set_serial 77 -days 3653 -sha384 -in $< -out $@ 1624all_final += ecdsa_secp384r1.crt ecdsa_secp384r1.key 1625tls13_certs: ecdsa_secp384r1.crt ecdsa_secp384r1.key 1626 1627ecdsa_secp521r1.key: ec_521_prv.pem 1628 cp $< $@ 1629ecdsa_secp521r1.csr: ecdsa_secp521r1.key 1630 $(OPENSSL) req -new -subj "/C=NL/O=PolarSSL/CN=localhost" \ 1631 -key $< -out $@ 1632all_intermediate += ecdsa_secp521r1.csr 1633ecdsa_secp521r1.crt: ecdsa_secp521r1.csr 1634 $(OPENSSL) x509 -req -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) \ 1635 -set_serial 77 -days 3653 -sha384 -in $< -out $@ 1636all_final += ecdsa_secp521r1.crt ecdsa_secp521r1.key 1637tls13_certs: ecdsa_secp521r1.crt ecdsa_secp521r1.key 1638 1639# PKCS7 test data 1640pkcs7_test_cert_1 = pkcs7-rsa-sha256-1.crt 1641pkcs7_test_cert_2 = pkcs7-rsa-sha256-2.crt 1642pkcs7_test_cert_3 = pkcs7-rsa-sha256-3.crt 1643pkcs7_test_file = pkcs7_data.bin 1644 1645$(pkcs7_test_file): 1646 printf "Hello\15\n" > $@ 1647all_final += $(pkcs7_test_file) 1648 1649pkcs7_zerolendata.bin: 1650 printf '' > $@ 1651all_final += pkcs7_zerolendata.bin 1652 1653pkcs7_data_1.bin: 1654 printf "2\15\n" > $@ 1655all_final += pkcs7_data_1.bin 1656 1657# Generate signing cert 1658pkcs7-rsa-sha256-1.crt: 1659 $(OPENSSL) req -x509 -subj="/C=NL/O=PKCS7/CN=PKCS7 Cert 1" -sha256 -nodes -days 3653 -newkey rsa:2048 -keyout pkcs7-rsa-sha256-1.key -out pkcs7-rsa-sha256-1.crt 1660 cat pkcs7-rsa-sha256-1.crt pkcs7-rsa-sha256-1.key > pkcs7-rsa-sha256-1.pem 1661all_final += pkcs7-rsa-sha256-1.crt 1662 1663pkcs7-rsa-sha256-2.crt: 1664 $(OPENSSL) req -x509 -subj="/C=NL/O=PKCS7/CN=PKCS7 Cert 2" -sha256 -nodes -days 3653 -newkey rsa:2048 -keyout pkcs7-rsa-sha256-2.key -out pkcs7-rsa-sha256-2.crt 1665 cat pkcs7-rsa-sha256-2.crt pkcs7-rsa-sha256-2.key > pkcs7-rsa-sha256-2.pem 1666all_final += pkcs7-rsa-sha256-2.crt 1667 1668pkcs7-rsa-sha256-3.crt: 1669 $(OPENSSL) req -x509 -subj="/C=NL/O=PKCS7/CN=PKCS7 Cert 3" -sha256 -nodes -days 3653 -newkey rsa:2048 -keyout pkcs7-rsa-sha256-3.key -out pkcs7-rsa-sha256-3.crt 1670 cat pkcs7-rsa-sha256-3.crt pkcs7-rsa-sha256-3.key > pkcs7-rsa-sha256-3.pem 1671all_final += pkcs7-rsa-sha256-3.crt 1672 1673pkcs7-rsa-expired.crt: 1674 $(FAKETIME) -f -3650d $(OPENSSL) req -x509 -subj="/C=NL/O=PKCS7/CN=PKCS7 Cert Expired" -sha256 -nodes -days 365 -newkey rsa:2048 -keyout pkcs7-rsa-expired.key -out pkcs7-rsa-expired.crt 1675all_final += pkcs7-rsa-expired.crt 1676 1677# File with an otherwise valid signature signed with an expired cert 1678pkcs7_data_rsa_expired.der: pkcs7-rsa-expired.key pkcs7-rsa-expired.crt pkcs7_data.bin 1679 $(OPENSSL) smime -sign -binary -in pkcs7_data.bin -out $@ -md sha256 -inkey pkcs7-rsa-expired.key -signer pkcs7-rsa-expired.crt -noattr -outform DER -out $@ 1680all_final += pkcs7_data_rsa_expired.der 1681 1682# Convert signing certs to DER for testing PEM-free builds 1683pkcs7-rsa-sha256-1.der: $(pkcs7_test_cert_1) 1684 $(OPENSSL) x509 -in pkcs7-rsa-sha256-1.crt -out $@ -outform DER 1685all_final += pkcs7-rsa-sha256-1.der 1686 1687pkcs7-rsa-sha256-2.der: $(pkcs7_test_cert_2) 1688 $(OPENSSL) x509 -in pkcs7-rsa-sha256-2.crt -out $@ -outform DER 1689all_final += pkcs7-rsa-sha256-2.der 1690 1691pkcs7-rsa-expired.der: pkcs7-rsa-expired.crt 1692 $(OPENSSL) x509 -in pkcs7-rsa-expired.crt -out $@ -outform DER 1693all_final += pkcs7-rsa-expired.der 1694 1695# pkcs7 signature file over zero-len data 1696pkcs7_zerolendata_detached.der: pkcs7_zerolendata.bin pkcs7-rsa-sha256-1.key pkcs7-rsa-sha256-1.crt 1697 $(OPENSSL) smime -sign -md sha256 -nocerts -noattr -in pkcs7_zerolendata.bin -inkey pkcs7-rsa-sha256-1.key -outform DER -binary -signer pkcs7-rsa-sha256-1.crt -out pkcs7_zerolendata_detached.der 1698all_final += pkcs7_zerolendata_detached.der 1699 1700# pkcs7 signature file with CERT 1701pkcs7_data_cert_signed_sha256.der: $(pkcs7_test_file) $(pkcs7_test_cert_1) 1702 $(OPENSSL) smime -sign -binary -in pkcs7_data.bin -out $@ -md sha256 -signer pkcs7-rsa-sha256-1.pem -noattr -outform DER -out $@ 1703all_final += pkcs7_data_cert_signed_sha256.der 1704 1705# pkcs7 signature file with CERT and sha1 1706pkcs7_data_cert_signed_sha1.der: $(pkcs7_test_file) $(pkcs7_test_cert_1) 1707 $(OPENSSL) smime -sign -binary -in pkcs7_data.bin -out $@ -md sha1 -signer pkcs7-rsa-sha256-1.pem -noattr -outform DER -out $@ 1708all_final += pkcs7_data_cert_signed_sha1.der 1709 1710# pkcs7 signature file with CERT and sha512 1711pkcs7_data_cert_signed_sha512.der: $(pkcs7_test_file) $(pkcs7_test_cert_1) 1712 $(OPENSSL) smime -sign -binary -in pkcs7_data.bin -out $@ -md sha512 -signer pkcs7-rsa-sha256-1.pem -noattr -outform DER -out $@ 1713all_final += pkcs7_data_cert_signed_sha512.der 1714 1715# pkcs7 signature file without CERT 1716pkcs7_data_without_cert_signed.der: $(pkcs7_test_file) $(pkcs7_test_cert_1) 1717 $(OPENSSL) smime -sign -binary -in pkcs7_data.bin -out $@ -md sha256 -signer pkcs7-rsa-sha256-1.pem -nocerts -noattr -outform DER -out $@ 1718all_final += pkcs7_data_without_cert_signed.der 1719 1720# pkcs7 signature file with signature 1721pkcs7_data_with_signature.der: $(pkcs7_test_file) $(pkcs7_test_cert_1) 1722 $(OPENSSL) smime -sign -binary -in pkcs7_data.bin -out $@ -md sha256 -signer pkcs7-rsa-sha256-1.pem -nocerts -noattr -nodetach -outform DER -out $@ 1723all_final += pkcs7_data_with_signature.der 1724 1725# pkcs7 signature file with two signers 1726pkcs7_data_multiple_signed.der: $(pkcs7_test_file) $(pkcs7_test_cert_1) $(pkcs7_test_cert_2) 1727 $(OPENSSL) smime -sign -binary -in pkcs7_data.bin -out $@ -md sha256 -signer pkcs7-rsa-sha256-1.pem -signer pkcs7-rsa-sha256-2.pem -nocerts -noattr -outform DER -out $@ 1728all_final += pkcs7_data_multiple_signed.der 1729 1730# pkcs7 signature file with three signers 1731pkcs7_data_3_signed.der: $(pkcs7_test_file) $(pkcs7_test_cert_1) $(pkcs7_test_cert_2) $(pkcs7_test_cert_3) 1732 $(OPENSSL) smime -sign -binary -in pkcs7_data.bin -out $@ -md sha256 -signer pkcs7-rsa-sha256-1.pem -signer pkcs7-rsa-sha256-2.pem -signer pkcs7-rsa-sha256-3.pem -nocerts -noattr -outform DER -out $@ 1733all_final += pkcs7_data_3_signed.der 1734 1735# pkcs7 signature file with multiple certificates 1736pkcs7_data_multiple_certs_signed.der: $(pkcs7_test_file) $(pkcs7_test_cert_1) $(pkcs7_test_cert_2) 1737 $(OPENSSL) smime -sign -binary -in pkcs7_data.bin -out $@ -md sha256 -signer pkcs7-rsa-sha256-1.pem -signer pkcs7-rsa-sha256-2.pem -noattr -outform DER -out $@ 1738all_final += pkcs7_data_multiple_certs_signed.der 1739 1740# pkcs7 signature file with corrupted CERT 1741pkcs7_data_signed_badcert.der: pkcs7_data_cert_signed_sha256.der 1742 cp pkcs7_data_cert_signed_sha256.der $@ 1743 echo 'a1' | xxd -r -p | dd of=$@ bs=1 seek=547 conv=notrunc 1744all_final += pkcs7_data_signed_badcert.der 1745 1746# pkcs7 signature file with corrupted signer info 1747pkcs7_data_signed_badsigner.der: pkcs7_data_cert_signed_sha256.der 1748 cp pkcs7_data_cert_signed_sha256.der $@ 1749 echo 'a1' | xxd -r -p | dd of=$@ bs=1 seek=918 conv=notrunc 1750all_final += pkcs7_data_signed_badsigner.der 1751 1752# pkcs7 signature file with invalid tag in signerInfo[1].serial after long issuer name 1753pkcs7_signerInfo_1_serial_invalid_tag_after_long_name.der: pkcs7_data_multiple_signed.der 1754 cp $< $@ 1755 echo 'a1' | xxd -r -p | dd of=$@ bs=1 seek=498 conv=notrunc 1756all_final += pkcs7_signerInfo_1_serial_invalid_tag_after_long_name.der 1757 1758# pkcs7 signature file with invalid tag in signerInfo[2] 1759pkcs7_signerInfo_2_invalid_tag.der: pkcs7_data_3_signed.der 1760 cp $< $@ 1761 echo 'a1' | xxd -r -p | dd of=$@ bs=1 seek=810 conv=notrunc 1762all_final += pkcs7_signerInfo_2_invalid_tag.der 1763 1764# pkcs7 signature file with corrupted signer info[1] 1765pkcs7_data_signed_badsigner1_badsize.der: pkcs7_data_3_signed.der 1766 cp pkcs7_data_3_signed.der $@ 1767 echo '72' | xxd -p -r | dd of=$@ bs=1 seek=438 conv=notrunc 1768all_final += pkcs7_data_signed_badsigner1_badsize.der 1769 1770pkcs7_data_signed_badsigner1_badtag.der: pkcs7_data_3_signed.der 1771 cp pkcs7_data_3_signed.der $@ 1772 echo 'a1' | xxd -p -r | dd of=$@ bs=1 seek=442 conv=notrunc 1773all_final += pkcs7_data_signed_badsigner1_badtag.der 1774 1775pkcs7_data_signed_badsigner1_fuzzbad.der: pkcs7_data_3_signed.der 1776 cp pkcs7_data_3_signed.der $@ 1777 echo 'a1' | xxd -p -r | dd of=$@ bs=1 seek=550 conv=notrunc 1778all_final += pkcs7_data_signed_badsigner1_fuzzbad.der 1779 1780# pkcs7 signature file with corrupted signer info[2] 1781pkcs7_data_signed_badsigner2_badsize.der: pkcs7_data_3_signed.der 1782 cp pkcs7_data_3_signed.der $@ 1783 echo '72'| xxd -p -r | dd of=$@ bs=1 seek=813 conv=notrunc 1784all_final += pkcs7_data_signed_badsigner2_badsize.der 1785 1786pkcs7_data_signed_badsigner2_badtag.der: pkcs7_data_3_signed.der 1787 cp pkcs7_data_3_signed.der $@ 1788 echo 'a1'| xxd -p -r | dd of=$@ bs=1 seek=817 conv=notrunc 1789all_final += pkcs7_data_signed_badsigner2_badtag.der 1790 1791pkcs7_data_signed_badsigner2_fuzzbad.der: pkcs7_data_3_signed.der 1792 cp pkcs7_data_3_signed.der $@ 1793 echo 'a1'| xxd -p -r | dd of=$@ bs=1 seek=925 conv=notrunc 1794all_final += pkcs7_data_signed_badsigner2_fuzzbad.der 1795 1796# pkcs7 file with version 2 1797pkcs7_data_cert_signed_v2.der: pkcs7_data_cert_signed_sha256.der 1798 cp pkcs7_data_cert_signed_sha256.der $@ 1799 echo '02' | xxd -r -p | dd of=$@ bs=1 seek=25 conv=notrunc 1800all_final += pkcs7_data_cert_signed_v2.der 1801 1802pkcs7_data_cert_encrypted.der: $(pkcs7_test_file) $(pkcs7_test_cert_1) 1803 $(OPENSSL) smime -encrypt -aes256 -in pkcs7_data.bin -binary -outform DER -out $@ pkcs7-rsa-sha256-1.crt 1804all_final += pkcs7_data_cert_encrypted.der 1805 1806## Negative tests 1807# For some interesting sizes, what happens if we make them off-by-one? 1808pkcs7_signerInfo_issuer_invalid_size.der: pkcs7_data_cert_signed_sha256.der 1809 cp $< $@ 1810 echo '35' | xxd -r -p | dd of=$@ seek=919 bs=1 conv=notrunc 1811all_final += pkcs7_signerInfo_issuer_invalid_size.der 1812 1813pkcs7_signerInfo_serial_invalid_size.der: pkcs7_data_cert_signed_sha256.der 1814 cp $< $@ 1815 echo '15' | xxd -r -p | dd of=$@ seek=973 bs=1 conv=notrunc 1816all_final += pkcs7_signerInfo_serial_invalid_size.der 1817 1818# pkcs7 signature file just with signed data 1819pkcs7_data_cert_signeddata_sha256.der: pkcs7_data_cert_signed_sha256.der 1820 dd if=pkcs7_data_cert_signed_sha256.der of=$@ skip=19 bs=1 1821all_final += pkcs7_data_cert_signeddata_sha256.der 1822 1823################################################################ 1824#### Generate C format test certs header 1825################################################################ 1826 1827TEST_CERTS_H_INPUT_FILES=test-ca2.crt \ 1828 test-ca2.crt.der \ 1829 test-ca2.key.enc \ 1830 test-ca2.key.der \ 1831 test-ca-sha256.crt \ 1832 test-ca-sha256.crt.der \ 1833 test-ca-sha1.crt \ 1834 test-ca-sha1.crt.der \ 1835 test-ca.key \ 1836 test-ca.key.der \ 1837 server5.crt \ 1838 server5.crt.der \ 1839 server5.key \ 1840 server5.key.der \ 1841 server2-sha256.crt \ 1842 server2-sha256.crt.der \ 1843 server2.crt \ 1844 server2.crt.der \ 1845 server2.key \ 1846 server2.key.der \ 1847 cli2.crt \ 1848 cli2.crt.der \ 1849 cli2.key \ 1850 cli2.key.der \ 1851 cli-rsa-sha256.crt \ 1852 cli-rsa-sha256.crt.der \ 1853 cli-rsa.key \ 1854 cli-rsa.key.der 1855../src/test_certs.h: ../scripts/generate_test_cert_macros.py \ 1856 $(TEST_CERTS_H_INPUT_FILES) 1857 ../scripts/generate_test_cert_macros.py --output $@ \ 1858 --string TEST_CA_CRT_EC_PEM=test-ca2.crt \ 1859 --binary TEST_CA_CRT_EC_DER=test-ca2.crt.der \ 1860 --string TEST_CA_KEY_EC_PEM=test-ca2.key.enc \ 1861 --password TEST_CA_PWD_EC_PEM=PolarSSLTest \ 1862 --binary TEST_CA_KEY_EC_DER=test-ca2.key.der \ 1863 --string TEST_CA_CRT_RSA_SHA256_PEM=test-ca-sha256.crt \ 1864 --binary TEST_CA_CRT_RSA_SHA256_DER=test-ca-sha256.crt.der \ 1865 --string TEST_CA_CRT_RSA_SHA1_PEM=test-ca-sha1.crt \ 1866 --binary TEST_CA_CRT_RSA_SHA1_DER=test-ca-sha1.crt.der \ 1867 --string TEST_CA_KEY_RSA_PEM=test-ca.key \ 1868 --password TEST_CA_PWD_RSA_PEM=PolarSSLTest \ 1869 --binary TEST_CA_KEY_RSA_DER=test-ca.key.der \ 1870 --string TEST_SRV_CRT_EC_PEM=server5.crt \ 1871 --binary TEST_SRV_CRT_EC_DER=server5.crt.der \ 1872 --string TEST_SRV_KEY_EC_PEM=server5.key \ 1873 --binary TEST_SRV_KEY_EC_DER=server5.key.der \ 1874 --string TEST_SRV_CRT_RSA_SHA256_PEM=server2-sha256.crt \ 1875 --binary TEST_SRV_CRT_RSA_SHA256_DER=server2-sha256.crt.der \ 1876 --string TEST_SRV_CRT_RSA_SHA1_PEM=server2.crt \ 1877 --binary TEST_SRV_CRT_RSA_SHA1_DER=server2.crt.der \ 1878 --string TEST_SRV_KEY_RSA_PEM=server2.key \ 1879 --binary TEST_SRV_KEY_RSA_DER=server2.key.der \ 1880 --string TEST_CLI_CRT_EC_PEM=cli2.crt \ 1881 --binary TEST_CLI_CRT_EC_DER=cli2.crt.der \ 1882 --string TEST_CLI_KEY_EC_PEM=cli2.key \ 1883 --binary TEST_CLI_KEY_EC_DER=cli2.key.der \ 1884 --string TEST_CLI_CRT_RSA_PEM=cli-rsa-sha256.crt \ 1885 --binary TEST_CLI_CRT_RSA_DER=cli-rsa-sha256.crt.der \ 1886 --string TEST_CLI_KEY_RSA_PEM=cli-rsa.key \ 1887 --binary TEST_CLI_KEY_RSA_DER=cli-rsa.key.der 1888 1889################################################################ 1890#### Diffie-Hellman parameters 1891################################################################ 1892 1893dh.998.pem: 1894 $(OPENSSL) dhparam -out $@ -text 998 1895 1896dh.999.pem: 1897 $(OPENSSL) dhparam -out $@ -text 999 1898 1899 1900################################################################ 1901#### Meta targets 1902################################################################ 1903 1904all_final: $(all_final) 1905all: $(all_intermediate) $(all_final) 1906 1907.PHONY: default all_final all 1908.PHONY: keys_rsa_all 1909.PHONY: keys_rsa_unenc keys_rsa_enc_basic 1910.PHONY: keys_rsa_enc_pkcs8_v1 keys_rsa_enc_pkcs8_v2 1911.PHONY: keys_rsa_enc_basic_1024 keys_rsa_enc_basic_2048 keys_rsa_enc_basic_4096 1912.PHONY: keys_rsa_enc_pkcs8_v1_1024 keys_rsa_enc_pkcs8_v2_1024 1913.PHONY: keys_rsa_enc_pkcs8_v1_2048 keys_rsa_enc_pkcs8_v2_2048 1914.PHONY: keys_rsa_enc_pkcs8_v1_4096 keys_rsa_enc_pkcs8_v2_4096 1915.PHONY: server1_all 1916 1917# These files should not be committed to the repository. 1918list_intermediate: 1919 @printf '%s\n' $(all_intermediate) | sort 1920# These files should be committed to the repository so that the test data is 1921# available upon checkout without running a randomized process depending on 1922# third-party tools. 1923list_final: 1924 @printf '%s\n' $(all_final) | sort 1925.PHONY: list_intermediate list_final 1926 1927## Remove intermediate files 1928clean: 1929 rm -f $(all_intermediate) 1930## Remove all build products, even the ones that are committed 1931neat: clean 1932 rm -f $(all_final) 1933.PHONY: clean neat 1934 1935.SECONDARY: $(all_intermediate) 1936