TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls.git / 34cfc35ce90d0bd46e2b91d06a93d1038a05e310 / . / tests / data_files / Makefile
blob: 363ac371f036841a3a75f5d8987ec17d2755e6d1 [file] [log] [blame]
Gilles Peskinefd14bca2017-05-11 17:57:22 +0200[diff] [blame]1## This file contains a record of how some of the test data was
2## generated. The final build products are committed to the repository
3## as well to make sure that the test data is identical. You do not
4## need to use this makefile unless you're extending mbed TLS's tests.
Gilles Peskinef040a172017-05-05 18:56:12 +0200[diff] [blame]5
Gilles Peskinefd14bca2017-05-11 17:57:22 +0200[diff] [blame]6## Many data files were generated prior to the existence of this
7## makefile, so the method of their generation was not recorded.
Gilles Peskinef040a172017-05-05 18:56:12 +0200[diff] [blame]8
Gilles Peskinefd14bca2017-05-11 17:57:22 +0200[diff] [blame]9## Note that in addition to depending on the version of the data
10## generation tool, many of the build outputs are randomized, so
11## running this makefile twice would not produce the same results.
12
13## Tools
14OPENSSL ?= openssl
Manuel Pégourié-Gonnard29d60fb2017-06-05 10:20:32 +0200[diff] [blame]15FAKETIME ?= faketime
Gilles Peskined1ff7572020-08-21 19:47:22 +0200[diff] [blame]16
Gilles Peskine18035632020-09-24 16:36:04 +0200[diff] [blame]17TOP_DIR = ../..
Gilles Peskined1ff7572020-08-21 19:47:22 +0200[diff] [blame]18MBEDTLS_CERT_WRITE ?= $(TOP_DIR)/programs/x509/cert_write
19MBEDTLS_CERT_REQ ?= $(TOP_DIR)/programs/x509/cert_req
Hanno Becker50cb93a2018-10-08 17:15:28 +0100[diff] [blame]20
Gilles Peskinefd14bca2017-05-11 17:57:22 +0200[diff] [blame]21
22## Build the generated test data. Note that since the final outputs
23## are committed to the repository, this target should do nothing on a
24## fresh checkout. Furthermore, since the generation is randomized,
25## re-running the same targets may result in differing files. The goal
26## of this makefile is primarily to serve as a record of how the
27## targets were generated in the first place.
Gilles Peskinef040a172017-05-05 18:56:12 +0200[diff] [blame]28default: all_final
29
30all_intermediate := # temporary files
31all_final := # files used by tests
32
Gilles Peskinefd14bca2017-05-11 17:57:22 +0200[diff] [blame]33
34
35################################################################
36#### Generate certificates from existing keys
37################################################################
38
Hanno Becker418a6222017-09-14 07:51:28 +0100[diff] [blame]39test_ca_crt = test-ca.crt
Gilles Peskinefd14bca2017-05-11 17:57:22 +0200[diff] [blame]40test_ca_key_file_rsa = test-ca.key
41test_ca_pwd_rsa = PolarSSLTest
42test_ca_config_file = test-ca.opensslconf
43
Andrzej Kurek89851462023-05-22 09:37:55 -0400[diff] [blame]44$(test_ca_key_file_rsa):
45 $(OPENSSL) genrsa -aes-128-cbc -passout pass:$(test_ca_pwd_rsa) -out $@ 2048
Mukesh Bharsakle2599a712023-05-10 12:12:40 +0100[diff] [blame]46all_final += $(test_ca_key_file_rsa)
47
Hanno Beckerb8377752018-10-31 15:29:19 +0000[diff] [blame]48test-ca.req.sha256: $(test_ca_key_file_rsa)
49 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$(test_ca_key_file_rsa) password=$(test_ca_pwd_rsa) subject_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" md=SHA256
50all_intermediate += test-ca.req.sha256
51
52test-ca.crt: $(test_ca_key_file_rsa) test-ca.req.sha256
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]53 $(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 request_file=test-ca.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144400 not_after=20290210144400 md=SHA1 version=3 output_file=$@
Hanno Beckere21387e2019-03-12 16:49:26 +0000[diff] [blame]54all_final += test-ca.crt
55
56test-ca.crt.der: test-ca.crt
Hanno Becker462c3e52019-01-31 10:55:42 +0000[diff] [blame]57 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
Hanno Beckere21387e2019-03-12 16:49:26 +0000[diff] [blame]58all_final += test-ca.crt.der
59
60test-ca.key.der: $(test_ca_key_file_rsa)
61 $(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER -passin "pass:$(test_ca_pwd_rsa)"
62all_final += test-ca.key.der
Hanno Beckerb8377752018-10-31 15:29:19 +0000[diff] [blame]63
64test-ca-sha1.crt: $(test_ca_key_file_rsa) test-ca.req.sha256
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]65 $(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 request_file=test-ca.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144400 not_after=20290210144400 md=SHA1 version=3 output_file=$@
Gilles Peskinef040a172017-05-05 18:56:12 +0200[diff] [blame]66all_final += test-ca-sha1.crt
Hanno Beckerb8377752018-10-31 15:29:19 +0000[diff] [blame]67
Hanno Beckere21387e2019-03-12 16:49:26 +0000[diff] [blame]68test-ca-sha1.crt.der: test-ca-sha1.crt
69 $(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER
70all_final += test-ca-sha1.crt.der
71
Hanno Beckerb8377752018-10-31 15:29:19 +0000[diff] [blame]72test-ca-sha256.crt: $(test_ca_key_file_rsa) test-ca.req.sha256
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]73 $(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 request_file=test-ca.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144400 not_after=20290210144400 md=SHA256 version=3 output_file=$@
Gilles Peskinef040a172017-05-05 18:56:12 +0200[diff] [blame]74all_final += test-ca-sha256.crt
75
Hanno Beckere21387e2019-03-12 16:49:26 +0000[diff] [blame]76test-ca-sha256.crt.der: test-ca-sha256.crt
77 $(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER
78all_final += test-ca-sha256.crt.der
79
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]80test-ca_utf8.crt: $(test_ca_key_file_rsa)
81 $(OPENSSL) req -x509 -new -nodes -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 3 -config $(test_ca_config_file) -sha1 -days 3653 -utf8 -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test CA" -out $@
82all_final += test-ca_utf8.crt
83
84test-ca_printable.crt: $(test_ca_key_file_rsa)
85 $(OPENSSL) req -x509 -new -nodes -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 3 -config $(test_ca_config_file) -sha1 -days 3653 -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test CA" -out $@
86all_final += test-ca_printable.crt
87
88test-ca_uppercase.crt: $(test_ca_key_file_rsa)
89 $(OPENSSL) req -x509 -new -nodes -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 3 -config $(test_ca_config_file) -sha1 -days 3653 -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test CA" -out $@
90all_final += test-ca_uppercase.crt
91
Manuel Pégourié-Gonnard2d825d42017-07-03 18:06:38 +0200[diff] [blame]92test_ca_key_file_rsa_alt = test-ca-alt.key
93
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]94cert_example_multi.csr: rsa_pkcs1_1024_clear.pem
95 $(OPENSSL) req -new -subj "/C=NL/O=PolarSSL/CN=www.example.com" -set_serial 17 -config $(test_ca_config_file) -extensions dns_alt_names -days 3650 -key rsa_pkcs1_1024_clear.pem -out $@
96
97cert_example_multi.crt: cert_example_multi.csr
98 $(OPENSSL) x509 -req -CA $(test_ca_crt) -CAkey $(test_ca_key_file_rsa) -extfile $(test_ca_config_file) -extensions dns_alt_names -passin "pass:$(test_ca_pwd_rsa)" -set_serial 17 -days 3653 -sha256 -in $< > $@
99
100$(test_ca_key_file_rsa_alt):test-ca.opensslconf
Manuel Pégourié-Gonnard2d825d42017-07-03 18:06:38 +0200[diff] [blame]101 $(OPENSSL) genrsa -out $@ 2048
102test-ca-alt.csr: $(test_ca_key_file_rsa_alt) $(test_ca_config_file)
103 $(OPENSSL) req -new -config $(test_ca_config_file) -key $(test_ca_key_file_rsa_alt) -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test CA" -out $@
104all_intermediate += test-ca-alt.csr
105test-ca-alt.crt: $(test_ca_key_file_rsa_alt) $(test_ca_config_file) test-ca-alt.csr
106 $(OPENSSL) req -x509 -config $(test_ca_config_file) -key $(test_ca_key_file_rsa_alt) -set_serial 0 -days 3653 -sha256 -in test-ca-alt.csr -out $@
107all_final += test-ca-alt.crt
108test-ca-alt-good.crt: test-ca-alt.crt test-ca-sha256.crt
109 cat test-ca-alt.crt test-ca-sha256.crt > $@
110all_final += test-ca-alt-good.crt
111test-ca-good-alt.crt: test-ca-alt.crt test-ca-sha256.crt
112 cat test-ca-sha256.crt test-ca-alt.crt > $@
113all_final += test-ca-good-alt.crt
114
Manuel Pégourié-Gonnardbc313012017-06-27 12:51:52 +0200[diff] [blame]115test_ca_crt_file_ec = test-ca2.crt
116test_ca_key_file_ec = test-ca2.key
117
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]118test-ca2.req.sha256: $(test_ca_key_file_ec)
119 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$(test_ca_key_file_ec) subject_name="C=NL,O=PolarSSL,CN=Polarssl Test EC CA" md=SHA256
120all_intermediate += test-ca2.req.sha256
121
122test-ca2.crt: $(test_ca_key_file_ec) test-ca2.req.sha256
123 $(MBEDTLS_CERT_WRITE) is_ca=1 serial=13926223505202072808 request_file=test-ca2.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=Polarssl Test EC CA" issuer_key=$(test_ca_key_file_ec) not_before=20190210144400 not_after=20290210144400 md=SHA256 version=3 output_file=$@
Pengyu Lv381186b2023-05-12 12:04:50 +0800[diff] [blame]124all_final += test-ca2.crt
125
126test-ca2-future.crt: $(test_ca_key_file_ec) test-ca2.req.sha256
Pengyu Lva6403392023-06-02 13:23:39 +0800[diff] [blame]127 $(MBEDTLS_CERT_WRITE) is_ca=1 serial=13926223505202072808 request_file=test-ca2.req.sha256 selfsign=1 \
128 issuer_name="C=NL,O=PolarSSL,CN=Polarssl Test EC CA" issuer_key=$(test_ca_key_file_ec) \
129 not_before=20290210144400 not_after=20390210144400 md=SHA256 version=3 output_file=$@
Pengyu Lv381186b2023-05-12 12:04:50 +0800[diff] [blame]130all_intermediate += test-ca2-future.crt
131
132test_ca_ec_cat := # files that concatenate different crt
133test-ca2_cat-future-invalid.crt: test-ca2-future.crt server6.crt
134test_ca_ec_cat += test-ca2_cat-future-invalid.crt
135test-ca2_cat-future-present.crt: test-ca2-future.crt test-ca2.crt
136test_ca_ec_cat += test-ca2_cat-future-present.crt
137test-ca2_cat-present-future.crt: test-ca2.crt test-ca2-future.crt
138test_ca_ec_cat += test-ca2_cat-present-future.crt
139test-ca2_cat-present-past.crt: test-ca2.crt test-ca2-expired.crt
140test_ca_ec_cat += test-ca2_cat-present-past.crt
141test-ca2_cat-past-invalid.crt: test-ca2-expired.crt server6.crt
142test_ca_ec_cat += test-ca2_cat-past-invalid.crt
143test-ca2_cat-past-present.crt: test-ca2-expired.crt test-ca2.crt
144test_ca_ec_cat += test-ca2_cat-past-present.crt
145$(test_ca_ec_cat):
146 cat $^ > $@
147all_final += $(test_ca_ec_cat)
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]148
Ron Eldor74d9acc2019-03-21 14:00:03 +0200[diff] [blame]149test-ca-any_policy.crt: $(test_ca_key_file_rsa) test-ca.req.sha256
150 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_any_policy_ca -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha256 -in test-ca.req.sha256 -out $@
151all_final += test-ca-any_policy.crt
152
153test-ca-any_policy_ec.crt: $(test_ca_key_file_ec) test-ca.req_ec.sha256
154 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_any_policy_ca -key $(test_ca_key_file_ec) -set_serial 0 -days 3653 -sha256 -in test-ca.req_ec.sha256 -out $@
155all_final += test-ca-any_policy_ec.crt
156
157test-ca-any_policy_with_qualifier.crt: $(test_ca_key_file_rsa) test-ca.req.sha256
158 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_any_policy_qualifier_ca -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha256 -in test-ca.req.sha256 -out $@
159all_final += test-ca-any_policy_with_qualifier.crt
160
161test-ca-any_policy_with_qualifier_ec.crt: $(test_ca_key_file_ec) test-ca.req_ec.sha256
162 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_any_policy_qualifier_ca -key $(test_ca_key_file_ec) -set_serial 0 -days 3653 -sha256 -in test-ca.req_ec.sha256 -out $@
163all_final += test-ca-any_policy_with_qualifier_ec.crt
164
165test-ca-multi_policy.crt: $(test_ca_key_file_rsa) test-ca.req.sha256
166 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_multi_policy_ca -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha256 -in test-ca.req.sha256 -out $@
167all_final += test-ca-multi_policy.crt
168
169test-ca-multi_policy_ec.crt: $(test_ca_key_file_ec) test-ca.req_ec.sha256
170 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_multi_policy_ca -key $(test_ca_key_file_ec) -set_serial 0 -days 3653 -sha256 -in test-ca.req_ec.sha256 -out $@
171all_final += test-ca-multi_policy_ec.crt
172
173test-ca-unsupported_policy.crt: $(test_ca_key_file_rsa) test-ca.req.sha256
174 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_unsupported_policy_ca -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha256 -in test-ca.req.sha256 -out $@
175all_final += test-ca-unsupported_policy.crt
176
177test-ca-unsupported_policy_ec.crt: $(test_ca_key_file_ec) test-ca.req_ec.sha256
178 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_unsupported_policy_ca -key $(test_ca_key_file_ec) -set_serial 0 -days 3653 -sha256 -in test-ca.req_ec.sha256 -out $@
179all_final += test-ca-unsupported_policy_ec.crt
180
181test-ca.req_ec.sha256: $(test_ca_key_file_ec)
182 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$(test_ca_key_file_ec) subject_name="C=NL, O=PolarSSL, CN=Polarssl Test EC CA" md=SHA256
183all_intermediate += test-ca.req_ec.sha256
184
Hanno Beckere21387e2019-03-12 16:49:26 +0000[diff] [blame]185test-ca2.crt.der: $(test_ca_crt_file_ec)
186 $(OPENSSL) x509 -in $(test_ca_crt_file_ec) -out $@ -inform PEM -outform DER
187all_final += test-ca2.crt.der
188
189test-ca2.key.der: $(test_ca_key_file_ec)
190 $(OPENSSL) pkey -in $(test_ca_key_file_ec) -out $@ -inform PEM -outform DER
191all_final += test-ca2.key.der
192
Hanno Beckerb9630812018-10-31 16:28:05 +0000[diff] [blame]193test_ca_crt_cat12 = test-ca_cat12.crt
194$(test_ca_crt_cat12): $(test_ca_crt) $(test_ca_crt_file_ec)
195 cat $(test_ca_crt) $(test_ca_crt_file_ec) > $@
196all_final += $(test_ca_crt_cat12)
197
198test_ca_crt_cat21 = test-ca_cat21.crt
199$(test_ca_crt_cat21): $(test_ca_crt) $(test_ca_crt_file_ec)
200 cat $(test_ca_crt_file_ec) $(test_ca_crt) > $@
201all_final += $(test_ca_crt_cat21)
202
Manuel Pégourié-Gonnardbc313012017-06-27 12:51:52 +0200[diff] [blame]203test-int-ca.csr: test-int-ca.key $(test_ca_config_file)
204 $(OPENSSL) req -new -config $(test_ca_config_file) -key test-int-ca.key -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test Intermediate CA" -out $@
Pengyu Lvfe500302023-05-25 09:24:17 +0800[diff] [blame]205
206test-int-ca2.csr: test-int-ca2.key $(test_ca_config_file)
207 $(OPENSSL) req -new -config $(test_ca_config_file) -key test-int-ca2.key \
208 -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test Intermediate EC CA" -out $@
209
210test-int-ca3.csr: test-int-ca3.key $(test_ca_config_file)
211 $(OPENSSL) req -new -config $(test_ca_config_file) -key test-int-ca3.key \
212 -subj "/C=UK/O=mbed TLS/CN=mbed TLS Test intermediate CA 3" -out $@
213
214all_intermediate += test-int-ca.csr test-int-ca2.csr test-int-ca3.csr
215
216test-int-ca.crt: $(test_ca_crt_file_ec) $(test_ca_key_file_ec) $(test_ca_config_file) test-int-ca.csr
Pengyu Lva6403392023-06-02 13:23:39 +0800[diff] [blame]217 $(OPENSSL) x509 -req -extfile $(test_ca_config_file) -extensions v3_ca \
218 -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) \
219 -set_serial 14 -days 3653 -sha256 -in test-int-ca.csr -out $@
Pengyu Lvfe500302023-05-25 09:24:17 +0800[diff] [blame]220
221test-int-ca2.crt: $(test_ca_key_file_rsa) $(test_ca_crt) $(test_ca_config_file) test-int-ca2.csr
222 $(OPENSSL) x509 -req -extfile $(test_ca_config_file) -extensions v3_ca -CA $(test_ca_crt) \
223 -CAkey $(test_ca_key_file_rsa) -set_serial 15 -days 3653 -sha256 -in test-int-ca2.csr \
224 -passin "pass:$(test_ca_pwd_rsa)" -out $@
225
226# Note: This requests openssl version >= 3.x.xx
227test-int-ca3.crt: test-int-ca2.crt test-int-ca2.key $(test_ca_config_file) test-int-ca3.csr
228 $(OPENSSL) x509 -req -extfile $(test_ca_config_file) -extensions no_subj_auth_id \
229 -CA test-int-ca2.crt -CAkey test-int-ca2.key -set_serial 77 -days 3653 \
230 -sha256 -in test-int-ca3.csr -out $@
231
Manuel Pégourié-Gonnard7ff243a2017-08-08 18:54:13 +0200[diff] [blame]232test-int-ca-exp.crt: $(test_ca_crt_file_ec) $(test_ca_key_file_ec) $(test_ca_config_file) test-int-ca.csr
Manuel Pégourié-Gonnardbc313012017-06-27 12:51:52 +0200[diff] [blame]233 $(FAKETIME) -f -3653d $(OPENSSL) x509 -req -extfile $(test_ca_config_file) -extensions v3_ca -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) -set_serial 14 -days 3653 -sha256 -in test-int-ca.csr -out $@
Pengyu Lvfe500302023-05-25 09:24:17 +0800[diff] [blame]234
235all_final += test-int-ca-exp.crt test-int-ca.crt test-int-ca2.crt test-int-ca3.crt
Manuel Pégourié-Gonnardbc313012017-06-27 12:51:52 +0200[diff] [blame]236
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]237enco-cert-utf8str.pem: rsa_pkcs1_1024_clear.pem
238 $(MBEDTLS_CERT_WRITE) subject_key=rsa_pkcs1_1024_clear.pem subject_name="CN=dw.yonan.net" issuer_crt=enco-ca-prstr.pem issuer_key=rsa_pkcs1_1024_clear.pem not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@
239
Manuel Pégourié-Gonnardfd3e4fb2018-03-13 11:53:30 +0100[diff] [blame]240crl-idp.pem: $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_config_file)
241 $(OPENSSL) ca -gencrl -batch -cert $(test_ca_crt) -keyfile $(test_ca_key_file_rsa) -key $(test_ca_pwd_rsa) -config $(test_ca_config_file) -name test_ca -md sha256 -crldays 3653 -crlexts crl_ext_idp -out $@
Manuel Pégourié-Gonnarda63305d2018-03-14 12:23:56 +0100[diff] [blame]242all_final += crl-idp.pem
243crl-idpnc.pem: $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_config_file)
244 $(OPENSSL) ca -gencrl -batch -cert $(test_ca_crt) -keyfile $(test_ca_key_file_rsa) -key $(test_ca_pwd_rsa) -config $(test_ca_config_file) -name test_ca -md sha256 -crldays 3653 -crlexts crl_ext_idp_nc -out $@
245all_final += crl-idpnc.pem
Manuel Pégourié-Gonnardfd3e4fb2018-03-13 11:53:30 +0100[diff] [blame]246
Gilles Peskinefd14bca2017-05-11 17:57:22 +0200[diff] [blame]247cli_crt_key_file_rsa = cli-rsa.key
248cli_crt_extensions_file = cli.opensslconf
249
Gilles Peskinef040a172017-05-05 18:56:12 +0200[diff] [blame]250cli-rsa.csr: $(cli_crt_key_file_rsa)
Hanno Becker386f99c2018-11-01 17:20:22 +0000[diff] [blame]251 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Client 2" md=SHA1
Gilles Peskinef040a172017-05-05 18:56:12 +0200[diff] [blame]252all_intermediate += cli-rsa.csr
Hanno Becker386f99c2018-11-01 17:20:22 +0000[diff] [blame]253
254cli-rsa-sha1.crt: cli-rsa.csr
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]255 $(MBEDTLS_CERT_WRITE) request_file=$< serial=4 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@
Hanno Becker386f99c2018-11-01 17:20:22 +0000[diff] [blame]256
257cli-rsa-sha256.crt: cli-rsa.csr
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]258 $(MBEDTLS_CERT_WRITE) request_file=$< serial=4 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA256 version=3 output_file=$@
Gilles Peskinef040a172017-05-05 18:56:12 +0200[diff] [blame]259all_final += cli-rsa-sha256.crt
260
Hanno Beckere21387e2019-03-12 16:49:26 +0000[diff] [blame]261cli-rsa-sha256.crt.der: cli-rsa-sha256.crt
262 $(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER
263all_final += cli-rsa-sha256.crt.der
264
Paul Elliottca17ebf2020-11-24 17:30:18 +0000[diff] [blame]265cli-rsa-sha256-badalg.crt.der: cli-rsa-sha256.crt.der
266 hexdump -ve '1/1 "%.2X"' $< | sed "s/06092A864886F70D01010B0500/06092A864886F70D01010B0900/2" | xxd -r -p > $@
267all_final += cli-rsa-sha256-badalg.crt.der
268
269cli-rsa.key.der: $(cli_crt_key_file_rsa)
Hanno Beckere21387e2019-03-12 16:49:26 +0000[diff] [blame]270 $(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER
271all_final += cli-rsa.key.der
272
Manuel Pégourié-Gonnard29d60fb2017-06-05 10:20:32 +0200[diff] [blame]273test_ca_int_rsa1 = test-int-ca.crt
Pengyu Lv30cd6b02023-05-12 16:27:26 +0800[diff] [blame]274test_ca_int_ec = test-int-ca2.crt
Pengyu Lv42174292023-05-12 17:52:09 +0800[diff] [blame]275test_ca_int_key_file_ec = test-int-ca2.key
Pengyu Lv30cd6b02023-05-12 16:27:26 +0800[diff] [blame]276
277# server7*
Manuel Pégourié-Gonnard29d60fb2017-06-05 10:20:32 +0200[diff] [blame]278
279server7.csr: server7.key
280 $(OPENSSL) req -new -key server7.key -subj "/C=NL/O=PolarSSL/CN=localhost" -out $@
281all_intermediate += server7.csr
Pengyu Lv30cd6b02023-05-12 16:27:26 +0800[diff] [blame]282
283server7.crt: server7.csr $(test_ca_int_rsa1)
Pengyu Lva6403392023-06-02 13:23:39 +0800[diff] [blame]284 $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa \
285 -CA $(test_ca_int_rsa1) -CAkey test-int-ca.key \
286 -set_serial 16 -days 3653 -sha256 -in server7.csr > $@
Pengyu Lv30cd6b02023-05-12 16:27:26 +0800[diff] [blame]287all_final += server7.crt
288
Manuel Pégourié-Gonnard29d60fb2017-06-05 10:20:32 +0200[diff] [blame]289server7-expired.crt: server7.csr $(test_ca_int_rsa1)
290 $(FAKETIME) -f -3653d $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA $(test_ca_int_rsa1) -CAkey test-int-ca.key -set_serial 16 -days 3653 -sha256 -in server7.csr | cat - $(test_ca_int_rsa1) > $@
291all_final += server7-expired.crt
Pengyu Lv30cd6b02023-05-12 16:27:26 +0800[diff] [blame]292
Manuel Pégourié-Gonnard29d60fb2017-06-05 10:20:32 +0200[diff] [blame]293server7-future.crt: server7.csr $(test_ca_int_rsa1)
294 $(FAKETIME) -f +3653d $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA $(test_ca_int_rsa1) -CAkey test-int-ca.key -set_serial 16 -days 3653 -sha256 -in server7.csr | cat - $(test_ca_int_rsa1) > $@
295all_final += server7-future.crt
Pengyu Lv30cd6b02023-05-12 16:27:26 +0800[diff] [blame]296
Manuel Pégourié-Gonnard4dfc04a2017-06-05 11:12:13 +0200[diff] [blame]297server7-badsign.crt: server7.crt $(test_ca_int_rsa1)
Manuel Pégourié-Gonnardd19a41d2017-07-14 11:05:59 +0200[diff] [blame]298 { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; cat $(test_ca_int_rsa1); } > $@
Manuel Pégourié-Gonnard4dfc04a2017-06-05 11:12:13 +0200[diff] [blame]299all_final += server7-badsign.crt
Pengyu Lv30cd6b02023-05-12 16:27:26 +0800[diff] [blame]300
301server7_int-ca.crt: server7.crt $(test_ca_int_rsa1)
302 cat server7.crt $(test_ca_int_rsa1) > $@
303all_final += server7_int-ca.crt
304
305server7_pem_space.crt: server7.crt $(test_ca_int_rsa1)
306 cat server7.crt $(test_ca_int_rsa1) | sed '4s/\(.\)$$/ \1/' > $@
307all_final += server7_pem_space.crt
308
309server7_all_space.crt: server7.crt $(test_ca_int_rsa1)
310 { cat server7.crt | sed '4s/\(.\)$$/ \1/'; cat test-int-ca.crt | sed '4s/\(.\)$$/ \1/'; } > $@
311all_final += server7_all_space.crt
312
313server7_trailing_space.crt: server7.crt $(test_ca_int_rsa1)
314 cat server7.crt $(test_ca_int_rsa1) | sed 's/\(.\)$$/\1 /' > $@
315all_final += server7_trailing_space.crt
316
317server7_int-ca_ca2.crt: server7.crt $(test_ca_int_rsa1) $(test_ca_crt_file_ec)
318 cat server7.crt $(test_ca_int_rsa1) $(test_ca_crt_file_ec) > $@
319all_final += server7_int-ca_ca2.crt
320
Manuel Pégourié-Gonnardbc313012017-06-27 12:51:52 +0200[diff] [blame]321server7_int-ca-exp.crt: server7.crt test-int-ca-exp.crt
322 cat server7.crt test-int-ca-exp.crt > $@
323all_final += server7_int-ca-exp.crt
324
Pengyu Lv30cd6b02023-05-12 16:27:26 +0800[diff] [blame]325server7_spurious_int-ca.crt: server7.crt $(test_ca_int_ec) $(test_ca_int_rsa1)
326 cat server7.crt $(test_ca_int_ec) $(test_ca_int_rsa1) > $@
327all_final += server7_spurious_int-ca.crt
328
Pengyu Lv42174292023-05-12 17:52:09 +0800[diff] [blame]329# server8*
330
331server8.crt: server8.key
Pengyu Lva6403392023-06-02 13:23:39 +0800[diff] [blame]332 $(MBEDTLS_CERT_WRITE) subject_key=$< subject_name="C=NL, O=PolarSSL, CN=localhost" serial=17 \
333 issuer_crt=$(test_ca_int_ec) issuer_key=$(test_ca_int_key_file_ec) \
334 not_before=20190210144406 not_after=20290210144406 \
335 md=SHA256 version=3 output_file=$@
Pengyu Lv42174292023-05-12 17:52:09 +0800[diff] [blame]336all_final += server8.crt
337
338server8_int-ca2.crt: server8.crt $(test_ca_int_ec)
339 cat $^ > $@
340all_final += server8_int-ca2.crt
341
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]342cli2.req.sha256: cli2.key
343 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Test Client 2" md=SHA256
344
345all_final += server1.req.sha1
346cli2.crt: cli2.req.sha256
347 $(MBEDTLS_CERT_WRITE) request_file=cli2.req.sha256 serial=13 selfsign=0 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test EC CA" issuer_key=$(test_ca_key_file_ec) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144400 not_after=20290210144400 md=SHA256 version=3 output_file=$@
348all_final += cli2.crt
349
Hanno Beckere21387e2019-03-12 16:49:26 +0000[diff] [blame]350cli2.crt.der: cli2.crt
351 $(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER
352all_final += cli2.crt.der
353
Hanno Becker4cbea4b2019-05-30 16:08:12 +0100[diff] [blame]354cli2.key.der: cli2.key
Hanno Beckere21387e2019-03-12 16:49:26 +0000[diff] [blame]355 $(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER
356all_final += cli2.key.der
357
Hanno Becker226eedb2020-08-17 12:14:00 +0100[diff] [blame]358server5_pwd_ec = PolarSSLTest
359
Hanno Becker4cbea4b2019-05-30 16:08:12 +0100[diff] [blame]360server5.crt.der: server5.crt
Hanno Beckere21387e2019-03-12 16:49:26 +0000[diff] [blame]361 $(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER
362all_final += server5.crt.der
363
Hanno Becker4cbea4b2019-05-30 16:08:12 +0100[diff] [blame]364server5.key.der: server5.key
Hanno Beckere21387e2019-03-12 16:49:26 +0000[diff] [blame]365 $(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER
366all_final += server5.key.der
367
Hanno Becker226eedb2020-08-17 12:14:00 +0100[diff] [blame]368server5.key.enc: server5.key
369 $(OPENSSL) ec -aes256 -in $< -out $@ -passout "pass:$(server5_pwd_ec)"
370all_final += server5.key.enc
371
Manuel Pégourié-Gonnardbc313012017-06-27 12:51:52 +0200[diff] [blame]372server5-ss-expired.crt: server5.key
373 $(FAKETIME) -f -3653d $(OPENSSL) req -x509 -new -subj "/C=UK/O=mbed TLS/OU=testsuite/CN=localhost" -days 3653 -sha256 -key $< -out $@
374all_final += server5-ss-expired.crt
375
Manuel Pégourié-Gonnardc10afdb2017-06-29 09:48:08 +0200[diff] [blame]376# try to forge a copy of test-int-ca3 with different key
377server5-ss-forgeca.crt: server5.key
Pengyu Lv34cfc352023-05-29 10:19:09 +0800[diff] [blame^]378 $(OPENSSL) req -x509 -new -subj "/C=UK/O=mbed TLS/CN=mbed TLS Test intermediate CA 3" -set_serial 77 -config $(test_ca_config_file) -extensions noext_ca -days 3650 -sha256 -key $< -out $@
Manuel Pégourié-Gonnardc10afdb2017-06-29 09:48:08 +0200[diff] [blame]379all_final += server5-ss-forgeca.crt
380
Jerry Yu2aa312b2023-05-09 10:50:44 +0800[diff] [blame]381server5-selfsigned.crt: server5.key
382 openssl req -x509 -key server5.key \
383 -sha256 -days 3650 -nodes \
384 -addext basicConstraints=critical,CA:FALSE \
385 -addext keyUsage=critical,digitalSignature \
386 -addext subjectKeyIdentifier=hash \
387 -addext authorityKeyIdentifier=none \
388 -set_serial 0x53a2cb4b124ead837da894b2 \
389 -subj "/CN=selfsigned/OU=testing/O=PolarSSL/C=NL" \
390 -out $@
391all_final += server5-selfsigned.crt
392
Ron Eldorb2dc3fa2019-03-21 13:40:13 +0200[diff] [blame]393server5-othername.crt: server5.key
394 $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions othername_san -days 3650 -sha256 -key $< -out $@
395
Victor Barpp Gomes7e5426d2022-09-29 10:03:16 -0300[diff] [blame]396server5-nonprintable_othername.crt: server5.key
397 $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS non-printable othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions nonprintable_othername_san -days 3650 -sha256 -key $< -out $@
398
Ron Eldorb2dc3fa2019-03-21 13:40:13 +0200[diff] [blame]399server5-unsupported_othername.crt: server5.key
David Horstmannf3fee122022-11-25 15:50:30 +0000[diff] [blame]400 $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS unsupported othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions unsupported_othername_san -days 3650 -sha256 -key $< -out $@
Ron Eldorb2dc3fa2019-03-21 13:40:13 +0200[diff] [blame]401
Ron Eldor3c4734a2019-03-25 14:05:23 +0200[diff] [blame]402server5-fan.crt: server5.key
403 $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS FAN" -set_serial 77 -config $(test_ca_config_file) -extensions fan_cert -days 3650 -sha256 -key server5.key -out $@
404
Manuel Pégourié-Gonnard7d2a4d82020-07-23 12:39:53 +0200[diff] [blame]405server5-tricky-ip-san.crt: server5.key
406 $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS Tricky IP SAN" -set_serial 77 -config $(test_ca_config_file) -extensions tricky_ip_san -days 3650 -sha256 -key server5.key -out $@
407all_final += server5-tricky-ip-san.crt
408
Jerry Yuc2d694e2023-04-24 17:03:15 +0800[diff] [blame]409server5-der0.crt: server5.crt.der
410 cp $< $@
411server5-der1a.crt: server5.crt.der
412 cp $< $@
413 echo '00' | xxd -r -p | dd of=$@ bs=1 seek=$$(wc -c <$<) conv=notrunc
414server5-der1b.crt: server5.crt.der
415 cp $< $@
416 echo 'c1' | xxd -r -p | dd of=$@ bs=1 seek=$$(wc -c <$<) conv=notrunc
417server5-der2.crt: server5.crt.der
418 cp $< $@
419 echo 'b90a' | xxd -r -p | dd of=$@ bs=1 seek=$$(wc -c <$<) conv=notrunc
420server5-der4.crt: server5.crt.der
421 cp $< $@
422 echo 'a710945f' | xxd -r -p | dd of=$@ bs=1 seek=$$(wc -c <$<) conv=notrunc
423server5-der8.crt: server5.crt.der
424 cp $< $@
425 echo 'a4a7ff27267aaa0f' | xxd -r -p | dd of=$@ bs=1 seek=$$(wc -c <$<) conv=notrunc
426server5-der9.crt: server5.crt.der
427 cp $< $@
428 echo 'cff8303376ffa47a29' | xxd -r -p | dd of=$@ bs=1 seek=$$(wc -c <$<) conv=notrunc
429all_final += server5-der0.crt server5-der1b.crt server5-der4.crt \
430 server5-der9.crt server5-der1a.crt server5-der2.crt \
431 server5-der8.crt
432
Pengyu Lv43ad9842023-05-15 11:07:55 +0800[diff] [blame]433test-int-ca3-badsign.crt: test-int-ca3.crt
434 { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; } > $@
435all_final += test-int-ca3-badsign.crt
436
437# server10*
438
439server10.crt: server10.key test-int-ca3.crt test-int-ca3.key
Pengyu Lva6403392023-06-02 13:23:39 +0800[diff] [blame]440 $(MBEDTLS_CERT_WRITE) subject_key=$< subject_name="CN=localhost" serial=75 \
441 issuer_crt=test-int-ca3.crt issuer_key=test-int-ca3.key \
442 subject_identifier=0 authority_identifier=0 \
443 not_before=20190210144406 not_after=20290210144406 \
444 md=SHA256 version=3 output_file=$@
Pengyu Lv43ad9842023-05-15 11:07:55 +0800[diff] [blame]445all_final += server10.crt
Manuel Pégourié-Gonnardd19a41d2017-07-14 11:05:59 +0200[diff] [blame]446server10-badsign.crt: server10.crt
447 { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; } > $@
448all_final += server10-badsign.crt
449server10-bs_int3.pem: server10-badsign.crt test-int-ca3.crt
450 cat server10-badsign.crt test-int-ca3.crt > $@
451all_final += server10-bs_int3.pem
Manuel Pégourié-Gonnardd19a41d2017-07-14 11:05:59 +0200[diff] [blame]452server10_int3-bs.pem: server10.crt test-int-ca3-badsign.crt
453 cat server10.crt test-int-ca3-badsign.crt > $@
Jaeden Amero001626e2019-02-27 11:16:41 +0000[diff] [blame]454all_final += server10_int3-bs.pem
Pengyu Lv43ad9842023-05-15 11:07:55 +0800[diff] [blame]455server10_int3_int-ca2.crt: server10.crt test-int-ca3.crt $(test_ca_int_ec)
456 cat $^ > $@
457all_final += server10_int3_int-ca2.crt
458server10_int3_int-ca2_ca.crt: server10.crt test-int-ca3.crt $(test_ca_int_ec) $(test_ca_crt)
459 cat $^ > $@
460all_final += server10_int3_int-ca2_ca.crt
461server10_int3_spurious_int-ca2.crt: server10.crt test-int-ca3.crt $(test_ca_int_rsa1) $(test_ca_int_ec)
462 cat $^ > $@
463all_final += server10_int3_spurious_int-ca2.crt
Manuel Pégourié-Gonnardc10afdb2017-06-29 09:48:08 +0200[diff] [blame]464
Ron Eldorb0065182017-10-16 12:40:27 +0300[diff] [blame]465rsa_pkcs1_2048_public.pem: server8.key
Ron Eldor3f2da842017-10-17 15:50:30 +0300[diff] [blame]466 $(OPENSSL) rsa -in $< -outform PEM -RSAPublicKey_out -out $@
467all_final += rsa_pkcs1_2048_public.pem
Gilles Peskineea8d6972017-11-28 17:30:52 +0100[diff] [blame]468
Ron Eldorb0065182017-10-16 12:40:27 +0300[diff] [blame]469rsa_pkcs1_2048_public.der: rsa_pkcs1_2048_public.pem
Ron Eldor3f2da842017-10-17 15:50:30 +0300[diff] [blame]470 $(OPENSSL) rsa -RSAPublicKey_in -in $< -outform DER -RSAPublicKey_out -out $@
471all_final += rsa_pkcs1_2048_public.der
472
473rsa_pkcs8_2048_public.pem: server8.key
474 $(OPENSSL) rsa -in $< -outform PEM -pubout -out $@
475all_final += rsa_pkcs8_2048_public.pem
476
477rsa_pkcs8_2048_public.der: rsa_pkcs8_2048_public.pem
478 $(OPENSSL) rsa -pubin -in $< -outform DER -pubout -out $@
Ron Eldorb0065182017-10-16 12:40:27 +0300[diff] [blame]479all_final += rsa_pkcs8_2048_public.der
Gilles Peskineea8d6972017-11-28 17:30:52 +0100[diff] [blame]480
Pengyu Lv8569c872023-05-25 12:26:11 +0800[diff] [blame]481# Generate crl_cat_*.pem
482# - crt_cat_*.pem: (1+2) concatenations in various orders:
483# ec = crl-ec-sha256.pem, ecfut = crl-future.pem
484# rsa = crl.pem, rsabadpem = same with pem error, rsaexp = crl_expired.pem
485
486crl_cat_ec-rsa.pem:crl-ec-sha256.pem crl.pem
487 cat $^ > $@
488
489crl_cat_rsa-ec.pem:crl.pem crl-ec-sha256.pem
490 cat $^ > $@
491
492all_final += crl_cat_ec-rsa.pem crl_cat_rsa-ec.pem
493
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]494################################################################
495#### Generate various RSA keys
496################################################################
Gilles Peskinebc70a182017-05-09 15:59:24 +0200[diff] [blame]497
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]498### Password used for PKCS1-encoded encrypted RSA keys
499keys_rsa_basic_pwd = testkey
500
501### Password used for PKCS8-encoded encrypted RSA keys
502keys_rsa_pkcs8_pwd = PolarSSLTest
503
504### Basic 1024-, 2048- and 4096-bit unencrypted RSA keys from which
505### all other encrypted RSA keys are derived.
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]506rsa_pkcs1_1024_clear.pem:
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]507 $(OPENSSL) genrsa -out $@ 1024
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]508all_final += rsa_pkcs1_1024_clear.pem
509rsa_pkcs1_2048_clear.pem:
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]510 $(OPENSSL) genrsa -out $@ 2048
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]511all_final += rsa_pkcs1_2048_clear.pem
512rsa_pkcs1_4096_clear.pem:
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]513 $(OPENSSL) genrsa -out $@ 4096
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]514all_final += rsa_pkcs1_4096_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]515
516###
517### PKCS1-encoded, encrypted RSA keys
518###
519
520### 1024-bit
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]521rsa_pkcs1_1024_des.pem: rsa_pkcs1_1024_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]522 $(OPENSSL) rsa -des -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]523all_final += rsa_pkcs1_1024_des.pem
524rsa_pkcs1_1024_3des.pem: rsa_pkcs1_1024_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]525 $(OPENSSL) rsa -des3 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]526all_final += rsa_pkcs1_1024_3des.pem
527rsa_pkcs1_1024_aes128.pem: rsa_pkcs1_1024_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]528 $(OPENSSL) rsa -aes128 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]529all_final += rsa_pkcs1_1024_aes128.pem
530rsa_pkcs1_1024_aes192.pem: rsa_pkcs1_1024_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]531 $(OPENSSL) rsa -aes192 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]532all_final += rsa_pkcs1_1024_aes192.pem
533rsa_pkcs1_1024_aes256.pem: rsa_pkcs1_1024_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]534 $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]535all_final += rsa_pkcs1_1024_aes256.pem
536keys_rsa_enc_basic_1024: rsa_pkcs1_1024_des.pem rsa_pkcs1_1024_3des.pem rsa_pkcs1_1024_aes128.pem rsa_pkcs1_1024_aes192.pem rsa_pkcs1_1024_aes256.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]537
538# 2048-bit
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]539rsa_pkcs1_2048_des.pem: rsa_pkcs1_2048_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]540 $(OPENSSL) rsa -des -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]541all_final += rsa_pkcs1_2048_des.pem
542rsa_pkcs1_2048_3des.pem: rsa_pkcs1_2048_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]543 $(OPENSSL) rsa -des3 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]544all_final += rsa_pkcs1_2048_3des.pem
545rsa_pkcs1_2048_aes128.pem: rsa_pkcs1_2048_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]546 $(OPENSSL) rsa -aes128 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]547all_final += rsa_pkcs1_2048_aes128.pem
548rsa_pkcs1_2048_aes192.pem: rsa_pkcs1_2048_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]549 $(OPENSSL) rsa -aes192 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]550all_final += rsa_pkcs1_2048_aes192.pem
551rsa_pkcs1_2048_aes256.pem: rsa_pkcs1_2048_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]552 $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]553all_final += rsa_pkcs1_2048_aes256.pem
554keys_rsa_enc_basic_2048: rsa_pkcs1_2048_des.pem rsa_pkcs1_2048_3des.pem rsa_pkcs1_2048_aes128.pem rsa_pkcs1_2048_aes192.pem rsa_pkcs1_2048_aes256.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]555
556# 4096-bit
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]557rsa_pkcs1_4096_des.pem: rsa_pkcs1_4096_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]558 $(OPENSSL) rsa -des -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]559all_final += rsa_pkcs1_4096_des.pem
560rsa_pkcs1_4096_3des.pem: rsa_pkcs1_4096_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]561 $(OPENSSL) rsa -des3 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]562all_final += rsa_pkcs1_4096_3des.pem
563rsa_pkcs1_4096_aes128.pem: rsa_pkcs1_4096_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]564 $(OPENSSL) rsa -aes128 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]565all_final += rsa_pkcs1_4096_aes128.pem
566rsa_pkcs1_4096_aes192.pem: rsa_pkcs1_4096_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]567 $(OPENSSL) rsa -aes192 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]568all_final += rsa_pkcs1_4096_aes192.pem
569rsa_pkcs1_4096_aes256.pem: rsa_pkcs1_4096_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]570 $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]571all_final += rsa_pkcs1_4096_aes256.pem
572keys_rsa_enc_basic_4096: rsa_pkcs1_4096_des.pem rsa_pkcs1_4096_3des.pem rsa_pkcs1_4096_aes128.pem rsa_pkcs1_4096_aes192.pem rsa_pkcs1_4096_aes256.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]573
574###
575### PKCS8-v1 encoded, encrypted RSA keys
576###
577
578### 1024-bit
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]579rsa_pkcs8_pbe_sha1_1024_3des.der: rsa_pkcs1_1024_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]580 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]581all_final += rsa_pkcs8_pbe_sha1_1024_3des.der
582rsa_pkcs8_pbe_sha1_1024_3des.pem: rsa_pkcs1_1024_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]583 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]584all_final += rsa_pkcs8_pbe_sha1_1024_3des.pem
585keys_rsa_enc_pkcs8_v1_1024_3des: rsa_pkcs8_pbe_sha1_1024_3des.pem rsa_pkcs8_pbe_sha1_1024_3des.der
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]586
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]587rsa_pkcs8_pbe_sha1_1024_2des.der: rsa_pkcs1_1024_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]588 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]589all_final += rsa_pkcs8_pbe_sha1_1024_2des.der
590rsa_pkcs8_pbe_sha1_1024_2des.pem: rsa_pkcs1_1024_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]591 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]592all_final += rsa_pkcs8_pbe_sha1_1024_2des.pem
593keys_rsa_enc_pkcs8_v1_1024_2des: rsa_pkcs8_pbe_sha1_1024_2des.pem rsa_pkcs8_pbe_sha1_1024_2des.der
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]594
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]595rsa_pkcs8_pbe_sha1_1024_rc4_128.der: rsa_pkcs1_1024_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]596 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]597all_final += rsa_pkcs8_pbe_sha1_1024_rc4_128.der
598rsa_pkcs8_pbe_sha1_1024_rc4_128.pem: rsa_pkcs1_1024_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]599 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]600all_final += rsa_pkcs8_pbe_sha1_1024_rc4_128.pem
601keys_rsa_enc_pkcs8_v1_1024_rc4_128: rsa_pkcs8_pbe_sha1_1024_rc4_128.pem rsa_pkcs8_pbe_sha1_1024_rc4_128.der
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]602
603keys_rsa_enc_pkcs8_v1_1024: keys_rsa_enc_pkcs8_v1_1024_3des keys_rsa_enc_pkcs8_v1_1024_2des keys_rsa_enc_pkcs8_v1_1024_rc4_128
604
605### 2048-bit
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]606rsa_pkcs8_pbe_sha1_2048_3des.der: rsa_pkcs1_2048_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]607 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]608all_final += rsa_pkcs8_pbe_sha1_2048_3des.der
609rsa_pkcs8_pbe_sha1_2048_3des.pem: rsa_pkcs1_2048_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]610 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]611all_final += rsa_pkcs8_pbe_sha1_2048_3des.pem
612keys_rsa_enc_pkcs8_v1_2048_3des: rsa_pkcs8_pbe_sha1_2048_3des.pem rsa_pkcs8_pbe_sha1_2048_3des.der
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]613
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]614rsa_pkcs8_pbe_sha1_2048_2des.der: rsa_pkcs1_2048_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]615 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]616all_final += rsa_pkcs8_pbe_sha1_2048_2des.der
617rsa_pkcs8_pbe_sha1_2048_2des.pem: rsa_pkcs1_2048_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]618 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]619all_final += rsa_pkcs8_pbe_sha1_2048_2des.pem
620keys_rsa_enc_pkcs8_v1_2048_2des: rsa_pkcs8_pbe_sha1_2048_2des.pem rsa_pkcs8_pbe_sha1_2048_2des.der
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]621
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]622rsa_pkcs8_pbe_sha1_2048_rc4_128.der: rsa_pkcs1_2048_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]623 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]624all_final += rsa_pkcs8_pbe_sha1_2048_rc4_128.der
625rsa_pkcs8_pbe_sha1_2048_rc4_128.pem: rsa_pkcs1_2048_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]626 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]627all_final += rsa_pkcs8_pbe_sha1_2048_rc4_128.pem
628keys_rsa_enc_pkcs8_v1_2048_rc4_128: rsa_pkcs8_pbe_sha1_2048_rc4_128.pem rsa_pkcs8_pbe_sha1_2048_rc4_128.der
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]629
630keys_rsa_enc_pkcs8_v1_2048: keys_rsa_enc_pkcs8_v1_2048_3des keys_rsa_enc_pkcs8_v1_2048_2des keys_rsa_enc_pkcs8_v1_2048_rc4_128
631
632### 4096-bit
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]633rsa_pkcs8_pbe_sha1_4096_3des.der: rsa_pkcs1_4096_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]634 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]635all_final += rsa_pkcs8_pbe_sha1_4096_3des.der
636rsa_pkcs8_pbe_sha1_4096_3des.pem: rsa_pkcs1_4096_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]637 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]638all_final += rsa_pkcs8_pbe_sha1_4096_3des.pem
639keys_rsa_enc_pkcs8_v1_4096_3des: rsa_pkcs8_pbe_sha1_4096_3des.pem rsa_pkcs8_pbe_sha1_4096_3des.der
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]640
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]641rsa_pkcs8_pbe_sha1_4096_2des.der: rsa_pkcs1_4096_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]642 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]643all_final += rsa_pkcs8_pbe_sha1_4096_2des.der
644rsa_pkcs8_pbe_sha1_4096_2des.pem: rsa_pkcs1_4096_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]645 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]646all_final += rsa_pkcs8_pbe_sha1_4096_2des.pem
647keys_rsa_enc_pkcs8_v1_4096_2des: rsa_pkcs8_pbe_sha1_4096_2des.pem rsa_pkcs8_pbe_sha1_4096_2des.der
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]648
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]649rsa_pkcs8_pbe_sha1_4096_rc4_128.der: rsa_pkcs1_4096_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]650 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]651all_final += rsa_pkcs8_pbe_sha1_4096_rc4_128.der
652rsa_pkcs8_pbe_sha1_4096_rc4_128.pem: rsa_pkcs1_4096_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]653 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]654all_final += rsa_pkcs8_pbe_sha1_4096_rc4_128.pem
655keys_rsa_enc_pkcs8_v1_4096_rc4_128: rsa_pkcs8_pbe_sha1_4096_rc4_128.pem rsa_pkcs8_pbe_sha1_4096_rc4_128.der
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]656
657keys_rsa_enc_pkcs8_v1_4096: keys_rsa_enc_pkcs8_v1_4096_3des keys_rsa_enc_pkcs8_v1_4096_2des keys_rsa_enc_pkcs8_v1_4096_rc4_128
658
659###
Antonio Quartullif476b9d2018-02-01 13:54:13 +0800[diff] [blame]660### PKCS8-v2 encoded, encrypted RSA keys, no PRF specified (default for OpenSSL1.0: hmacWithSHA1)
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]661###
662
663### 1024-bit
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]664rsa_pkcs8_pbes2_pbkdf2_1024_3des.der: rsa_pkcs1_1024_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]665 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]666all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des.der
667rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem: rsa_pkcs1_1024_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]668 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]669all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem
670keys_rsa_enc_pkcs8_v2_1024_3des: rsa_pkcs8_pbes2_pbkdf2_1024_3des.der rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]671
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]672rsa_pkcs8_pbes2_pbkdf2_1024_des.der: rsa_pkcs1_1024_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]673 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]674all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des.der
675rsa_pkcs8_pbes2_pbkdf2_1024_des.pem: rsa_pkcs1_1024_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]676 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]677all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des.pem
678keys_rsa_enc_pkcs8_v2_1024_des: rsa_pkcs8_pbes2_pbkdf2_1024_des.der rsa_pkcs8_pbes2_pbkdf2_1024_des.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]679
680keys_rsa_enc_pkcs8_v2_1024: keys_rsa_enc_pkcs8_v2_1024_3des keys_rsa_enc_pkcs8_v2_1024_des
681
682### 2048-bit
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]683rsa_pkcs8_pbes2_pbkdf2_2048_3des.der: rsa_pkcs1_2048_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]684 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]685all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des.der
686rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem: rsa_pkcs1_2048_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]687 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]688all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem
689keys_rsa_enc_pkcs8_v2_2048_3des: rsa_pkcs8_pbes2_pbkdf2_2048_3des.der rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]690
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]691rsa_pkcs8_pbes2_pbkdf2_2048_des.der: rsa_pkcs1_2048_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]692 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]693all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des.der
694rsa_pkcs8_pbes2_pbkdf2_2048_des.pem: rsa_pkcs1_2048_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]695 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]696all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des.pem
697keys_rsa_enc_pkcs8_v2_2048_des: rsa_pkcs8_pbes2_pbkdf2_2048_des.der rsa_pkcs8_pbes2_pbkdf2_2048_des.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]698
699keys_rsa_enc_pkcs8_v2_2048: keys_rsa_enc_pkcs8_v2_2048_3des keys_rsa_enc_pkcs8_v2_2048_des
700
701### 4096-bit
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]702rsa_pkcs8_pbes2_pbkdf2_4096_3des.der: rsa_pkcs1_4096_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]703 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]704all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des.der
705rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem: rsa_pkcs1_4096_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]706 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]707all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem
708keys_rsa_enc_pkcs8_v2_4096_3des: rsa_pkcs8_pbes2_pbkdf2_4096_3des.der rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]709
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]710rsa_pkcs8_pbes2_pbkdf2_4096_des.der: rsa_pkcs1_4096_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]711 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]712all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des.der
713rsa_pkcs8_pbes2_pbkdf2_4096_des.pem: rsa_pkcs1_4096_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]714 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]715all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des.pem
716keys_rsa_enc_pkcs8_v2_4096_des: rsa_pkcs8_pbes2_pbkdf2_4096_des.der rsa_pkcs8_pbes2_pbkdf2_4096_des.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]717
718keys_rsa_enc_pkcs8_v2_4096: keys_rsa_enc_pkcs8_v2_4096_3des keys_rsa_enc_pkcs8_v2_4096_des
719
720###
Antonio Quartullif476b9d2018-02-01 13:54:13 +0800[diff] [blame]721### PKCS8-v2 encoded, encrypted RSA keys, PRF hmacWithSHA224
722###
723
724### 1024-bit
725rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der: rsa_pkcs1_1024_clear.pem
726 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
727all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der
728rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem: rsa_pkcs1_1024_clear.pem
729 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
730all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem
731keys_rsa_enc_pkcs8_v2_1024_3des_sha224: rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem
732
733rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der: rsa_pkcs1_1024_clear.pem
734 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
735all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der
736rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem: rsa_pkcs1_1024_clear.pem
737 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
738all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem
739keys_rsa_enc_pkcs8_v2_1024_des_sha224: rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem
740
741keys_rsa_enc_pkcs8_v2_1024_sha224: keys_rsa_enc_pkcs8_v2_1024_3des_sha224 keys_rsa_enc_pkcs8_v2_1024_des_sha224
742
743### 2048-bit
744rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der: rsa_pkcs1_2048_clear.pem
745 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
746all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der
747rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem: rsa_pkcs1_2048_clear.pem
748 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
749all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem
750keys_rsa_enc_pkcs8_v2_2048_3des_sha224: rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem
751
752rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der: rsa_pkcs1_2048_clear.pem
753 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
754all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der
755rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem: rsa_pkcs1_2048_clear.pem
756 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
757all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem
758keys_rsa_enc_pkcs8_v2_2048_des_sha224: rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem
759
760keys_rsa_enc_pkcs8_v2_2048_sha224: keys_rsa_enc_pkcs8_v2_2048_3des_sha224 keys_rsa_enc_pkcs8_v2_2048_des_sha224
761
762### 4096-bit
763rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der: rsa_pkcs1_4096_clear.pem
764 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
765all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der
766rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem: rsa_pkcs1_4096_clear.pem
767 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
768all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem
769keys_rsa_enc_pkcs8_v2_4096_3des_sha224: rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem
770
771rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der: rsa_pkcs1_4096_clear.pem
772 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
773all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der
774rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem: rsa_pkcs1_4096_clear.pem
775 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
776all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem
777keys_rsa_enc_pkcs8_v2_4096_des_sha224: rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem
778
779keys_rsa_enc_pkcs8_v2_4096_sha224: keys_rsa_enc_pkcs8_v2_4096_3des_sha224 keys_rsa_enc_pkcs8_v2_4096_des_sha224
780
781###
782### PKCS8-v2 encoded, encrypted RSA keys, PRF hmacWithSHA256
783###
784
785### 1024-bit
786rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.der: rsa_pkcs1_1024_clear.pem
787 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
788all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.der
789rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.pem: rsa_pkcs1_1024_clear.pem
790 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
791all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.pem
792keys_rsa_enc_pkcs8_v2_1024_3des_sha256: rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.der rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.pem
793
794rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.der: rsa_pkcs1_1024_clear.pem
795 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
796all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.der
797rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.pem: rsa_pkcs1_1024_clear.pem
798 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
799all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.pem
800keys_rsa_enc_pkcs8_v2_1024_des_sha256: rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.der rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.pem
801
802keys_rsa_enc_pkcs8_v2_1024_sha256: keys_rsa_enc_pkcs8_v2_1024_3des_sha256 keys_rsa_enc_pkcs8_v2_1024_des_sha256
803
804### 2048-bit
805rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.der: rsa_pkcs1_2048_clear.pem
806 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
807all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.der
808rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem: rsa_pkcs1_2048_clear.pem
809 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
810all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem
811keys_rsa_enc_pkcs8_v2_2048_3des_sha256: rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.der rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem
812
813rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.der: rsa_pkcs1_2048_clear.pem
814 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
815all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.der
816rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem: rsa_pkcs1_2048_clear.pem
817 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
818all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem
819keys_rsa_enc_pkcs8_v2_2048_des_sha256: rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.der rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem
820
821keys_rsa_enc_pkcs8_v2_2048_sha256: keys_rsa_enc_pkcs8_v2_2048_3des_sha256 keys_rsa_enc_pkcs8_v2_2048_des_sha256
822
823### 4096-bit
824rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der: rsa_pkcs1_4096_clear.pem
825 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
826all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der
827rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem: rsa_pkcs1_4096_clear.pem
828 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
829all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem
830keys_rsa_enc_pkcs8_v2_4096_3des_sha256: rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem
831
832rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der: rsa_pkcs1_4096_clear.pem
833 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
834all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der
835rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem: rsa_pkcs1_4096_clear.pem
836 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
837all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem
838keys_rsa_enc_pkcs8_v2_4096_des_sha256: rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem
839
840keys_rsa_enc_pkcs8_v2_4096_sha256: keys_rsa_enc_pkcs8_v2_4096_3des_sha256 keys_rsa_enc_pkcs8_v2_4096_des_sha256
841
842###
843### PKCS8-v2 encoded, encrypted RSA keys, PRF hmacWithSHA384
844###
845
846### 1024-bit
847rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.der: rsa_pkcs1_1024_clear.pem
848 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
849all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.der
850rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem: rsa_pkcs1_1024_clear.pem
851 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
852all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem
853keys_rsa_enc_pkcs8_v2_1024_3des_sha384: rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.der rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem
854
855rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.der: rsa_pkcs1_1024_clear.pem
856 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
857all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.der
858rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.pem: rsa_pkcs1_1024_clear.pem
859 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
860all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.pem
861keys_rsa_enc_pkcs8_v2_1024_des_sha384: rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.der rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.pem
862
863keys_rsa_enc_pkcs8_v2_1024_sha384: keys_rsa_enc_pkcs8_v2_1024_3des_sha384 keys_rsa_enc_pkcs8_v2_1024_des_sha384
864
865### 2048-bit
866rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der: rsa_pkcs1_2048_clear.pem
867 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
868all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der
869rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem: rsa_pkcs1_2048_clear.pem
870 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
871all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem
872keys_rsa_enc_pkcs8_v2_2048_3des_sha384: rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem
873
874rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der: rsa_pkcs1_2048_clear.pem
875 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
876all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der
877rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem: rsa_pkcs1_2048_clear.pem
878 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
879all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem
880keys_rsa_enc_pkcs8_v2_2048_des_sha384: rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem
881
882keys_rsa_enc_pkcs8_v2_2048_sha384: keys_rsa_enc_pkcs8_v2_2048_3des_sha384 keys_rsa_enc_pkcs8_v2_2048_des_sha384
883
884### 4096-bit
885rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der: rsa_pkcs1_4096_clear.pem
886 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
887all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der
888rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem: rsa_pkcs1_4096_clear.pem
889 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
890all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem
891keys_rsa_enc_pkcs8_v2_4096_3des_sha384: rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem
892
893rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der: rsa_pkcs1_4096_clear.pem
894 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
895all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der
896rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem: rsa_pkcs1_4096_clear.pem
897 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
898all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem
899keys_rsa_enc_pkcs8_v2_4096_des_sha384: rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem
900
901keys_rsa_enc_pkcs8_v2_4096_sha384: keys_rsa_enc_pkcs8_v2_4096_3des_sha384 keys_rsa_enc_pkcs8_v2_4096_des_sha384
902
903###
904### PKCS8-v2 encoded, encrypted RSA keys, PRF hmacWithSHA512
905###
906
907### 1024-bit
908rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.der: rsa_pkcs1_1024_clear.pem
909 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
910all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.der
911rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.pem: rsa_pkcs1_1024_clear.pem
912 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
913all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.pem
914keys_rsa_enc_pkcs8_v2_1024_3des_sha512: rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.der rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.pem
915
916rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.der: rsa_pkcs1_1024_clear.pem
917 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
918all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.der
919rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.pem: rsa_pkcs1_1024_clear.pem
920 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
921all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.pem
922keys_rsa_enc_pkcs8_v2_1024_des_sha512: rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.der rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.pem
923
924keys_rsa_enc_pkcs8_v2_1024_sha512: keys_rsa_enc_pkcs8_v2_1024_3des_sha512 keys_rsa_enc_pkcs8_v2_1024_des_sha512
925
926### 2048-bit
927rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.der: rsa_pkcs1_2048_clear.pem
928 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
929all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.der
930rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem: rsa_pkcs1_2048_clear.pem
931 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
932all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem
933keys_rsa_enc_pkcs8_v2_2048_3des_sha512: rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.der rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem
934
935rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.der: rsa_pkcs1_2048_clear.pem
936 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
937all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.der
938rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem: rsa_pkcs1_2048_clear.pem
939 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
940all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem
941keys_rsa_enc_pkcs8_v2_2048_des_sha512: rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.der rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem
942
943keys_rsa_enc_pkcs8_v2_2048_sha512: keys_rsa_enc_pkcs8_v2_2048_3des_sha512 keys_rsa_enc_pkcs8_v2_2048_des_sha512
944
945### 4096-bit
946rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der: rsa_pkcs1_4096_clear.pem
947 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
948all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der
949rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem: rsa_pkcs1_4096_clear.pem
950 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
951all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem
952keys_rsa_enc_pkcs8_v2_4096_3des_sha512: rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem
953
954rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der: rsa_pkcs1_4096_clear.pem
955 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
956all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der
957rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem: rsa_pkcs1_4096_clear.pem
958 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
959all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem
960keys_rsa_enc_pkcs8_v2_4096_des_sha512: rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem
961
962keys_rsa_enc_pkcs8_v2_4096_sha512: keys_rsa_enc_pkcs8_v2_4096_3des_sha512 keys_rsa_enc_pkcs8_v2_4096_des_sha512
963
964###
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]965### Rules to generate all RSA keys from a particular class
966###
967
968### Generate basic unencrypted RSA keys
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]969keys_rsa_unenc: rsa_pkcs1_1024_clear.pem rsa_pkcs1_2048_clear.pem rsa_pkcs1_4096_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]970
971### Generate PKCS1-encoded encrypted RSA keys
972keys_rsa_enc_basic: keys_rsa_enc_basic_1024 keys_rsa_enc_basic_2048 keys_rsa_enc_basic_4096
973
974### Generate PKCS8-v1 encrypted RSA keys
975keys_rsa_enc_pkcs8_v1: keys_rsa_enc_pkcs8_v1_1024 keys_rsa_enc_pkcs8_v1_2048 keys_rsa_enc_pkcs8_v1_4096
976
977### Generate PKCS8-v2 encrypted RSA keys
Antonio Quartullif476b9d2018-02-01 13:54:13 +0800[diff] [blame]978keys_rsa_enc_pkcs8_v2: keys_rsa_enc_pkcs8_v2_1024 keys_rsa_enc_pkcs8_v2_2048 keys_rsa_enc_pkcs8_v2_4096 keys_rsa_enc_pkcs8_v2_1024_sha224 keys_rsa_enc_pkcs8_v2_2048_sha224 keys_rsa_enc_pkcs8_v2_4096_sha224 keys_rsa_enc_pkcs8_v2_1024_sha256 keys_rsa_enc_pkcs8_v2_2048_sha256 keys_rsa_enc_pkcs8_v2_4096_sha256 keys_rsa_enc_pkcs8_v2_1024_sha384 keys_rsa_enc_pkcs8_v2_2048_sha384 keys_rsa_enc_pkcs8_v2_4096_sha384 keys_rsa_enc_pkcs8_v2_1024_sha512 keys_rsa_enc_pkcs8_v2_2048_sha512 keys_rsa_enc_pkcs8_v2_4096_sha512
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]979
980### Generate all RSA keys
981keys_rsa_all: keys_rsa_unenc keys_rsa_enc_basic keys_rsa_enc_pkcs8_v1 keys_rsa_enc_pkcs8_v2
982
Jethro Beekmand2df9362018-02-16 13:11:04 -0800[diff] [blame]983################################################################
984#### Generate various EC keys
985################################################################
Gilles Peskineea8d6972017-11-28 17:30:52 +0100[diff] [blame]986
Jethro Beekmand2df9362018-02-16 13:11:04 -0800[diff] [blame]987###
988### PKCS8 encoded
989###
990
991ec_prv.pk8.der:
992 $(OPENSSL) genpkey -algorithm EC -pkeyopt ec_paramgen_curve:prime192v1 -pkeyopt ec_param_enc:named_curve -out $@ -outform DER
993all_final += ec_prv.pk8.der
994
995# ### Instructions for creating `ec_prv.pk8nopub.der`,
996# ### `ec_prv.pk8nopubparam.der`, and `ec_prv.pk8param.der` by hand from
997# ### `ec_prv.pk8.der`.
998#
999# These instructions assume you are familiar with ASN.1 DER encoding and can
1000# use a hex editor to manipulate DER.
1001#
1002# The relevant ASN.1 definitions for a PKCS#8 encoded Elliptic Curve key are:
1003#
1004# PrivateKeyInfo ::= SEQUENCE {
1005# version Version,
1006# privateKeyAlgorithm PrivateKeyAlgorithmIdentifier,
1007# privateKey PrivateKey,
1008# attributes [0] IMPLICIT Attributes OPTIONAL
1009# }
1010#
1011# AlgorithmIdentifier ::= SEQUENCE {
1012# algorithm OBJECT IDENTIFIER,
1013# parameters ANY DEFINED BY algorithm OPTIONAL
1014# }
1015#
1016# ECParameters ::= CHOICE {
1017# namedCurve OBJECT IDENTIFIER
1018# -- implicitCurve NULL
1019# -- specifiedCurve SpecifiedECDomain
1020# }
1021#
1022# ECPrivateKey ::= SEQUENCE {
1023# version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
1024# privateKey OCTET STRING,
1025# parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
1026# publicKey [1] BIT STRING OPTIONAL
1027# }
1028#
1029# `ec_prv.pk8.der` as generatde above by OpenSSL should have the following
1030# fields:
1031#
1032# * privateKeyAlgorithm namedCurve
1033# * privateKey.parameters NOT PRESENT
1034# * privateKey.publicKey PRESENT
1035# * attributes NOT PRESENT
1036#
1037# # ec_prv.pk8nopub.der
1038#
1039# Take `ec_prv.pk8.der` and remove `privateKey.publicKey`.
1040#
1041# # ec_prv.pk8nopubparam.der
1042#
1043# Take `ec_prv.pk8nopub.der` and add `privateKey.parameters`, the same value as
1044# `privateKeyAlgorithm.namedCurve`. Don't forget to add the explicit tag.
1045#
1046# # ec_prv.pk8param.der
1047#
1048# Take `ec_prv.pk8.der` and add `privateKey.parameters`, the same value as
1049# `privateKeyAlgorithm.namedCurve`. Don't forget to add the explicit tag.
1050
1051ec_prv.pk8.pem: ec_prv.pk8.der
1052 $(OPENSSL) pkey -in $< -inform DER -out $@
1053all_final += ec_prv.pk8.pem
1054ec_prv.pk8nopub.pem: ec_prv.pk8nopub.der
1055 $(OPENSSL) pkey -in $< -inform DER -out $@
1056all_final += ec_prv.pk8nopub.pem
1057ec_prv.pk8nopubparam.pem: ec_prv.pk8nopubparam.der
1058 $(OPENSSL) pkey -in $< -inform DER -out $@
1059all_final += ec_prv.pk8nopubparam.pem
1060ec_prv.pk8param.pem: ec_prv.pk8param.der
1061 $(OPENSSL) pkey -in $< -inform DER -out $@
1062all_final += ec_prv.pk8param.pem
Gilles Peskineea8d6972017-11-28 17:30:52 +0100[diff] [blame]1063
Valerio Settib4468c42023-04-27 10:03:08 +0200[diff] [blame]1064ec_pub.pem: ec_prv.sec1.der
1065 $(OPENSSL) pkey -in $< -inform DER -outform PEM -pubout -out $@
1066all_final += ec_pub.pem
1067
Gilles Peskineea8d6972017-11-28 17:30:52 +0100[diff] [blame]1068################################################################
Valerio Setti755582b2023-04-24 10:24:37 +0200[diff] [blame]1069#### Convert PEM keys to DER format
Valerio Settif1477da2023-04-18 16:37:30 +0200[diff] [blame]1070################################################################
1071server1.pubkey.der: server1.pubkey
1072 $(OPENSSL) pkey -pubin -in $< -out $@ -outform DER
1073all_final += server1.pubkey.der
1074
1075rsa4096_pub.der: rsa4096_pub.pem
1076 $(OPENSSL) pkey -pubin -in $< -out $@ -outform DER
1077all_final += rsa4096_pub.der
1078
1079ec_pub.der: ec_pub.pem
1080 $(OPENSSL) pkey -pubin -in $< -out $@ -outform DER
1081all_final += ec_pub.der
1082
1083ec_521_pub.der: ec_521_pub.pem
1084 $(OPENSSL) pkey -pubin -in $< -out $@ -outform DER
1085all_final += ec_521_pub.der
1086
1087ec_bp512_pub.der: ec_bp512_pub.pem
1088 $(OPENSSL) pkey -pubin -in $< -out $@ -outform DER
1089all_final += ec_bp512_pub.der
1090
1091server1.key.der: server1.key
1092 $(OPENSSL) pkey -in $< -out $@ -outform DER
1093all_final += server1.key.der
1094
1095rsa4096_prv.der: rsa4096_prv.pem
1096 $(OPENSSL) pkey -in $< -out $@ -outform DER
1097all_final += rsa4096_prv.der
1098
1099ec_prv.sec1.der: ec_prv.sec1.pem
1100 $(OPENSSL) pkey -in $< -out $@ -outform DER
1101all_final += ec_prv.sec1.der
1102
1103ec_256_long_prv.der: ec_256_long_prv.pem
1104 $(OPENSSL) pkey -in $< -out $@ -outform DER
1105all_final += ec_256_long_prv.der
1106
1107ec_521_prv.der: ec_521_prv.pem
1108 $(OPENSSL) pkey -in $< -out $@ -outform DER
1109all_final += ec_521_prv.der
1110
1111ec_521_short_prv.der: ec_521_short_prv.pem
1112 $(OPENSSL) pkey -in $< -out $@ -outform DER
1113all_final += ec_521_short_prv.der
1114
1115ec_bp512_prv.der: ec_bp512_prv.pem
1116 $(OPENSSL) pkey -in $< -out $@ -outform DER
1117all_final += ec_bp512_prv.der
1118
1119################################################################
Hanno Becker50cb93a2018-10-08 17:15:28 +0100[diff] [blame]1120### Generate CSRs for X.509 write test suite
1121################################################################
1122
1123server1.req.sha1: server1.key
1124 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1
1125all_final += server1.req.sha1
1126
1127server1.req.md4: server1.key
1128 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=MD4
1129all_final += server1.req.md4
1130
1131server1.req.md5: server1.key
1132 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=MD5
1133all_final += server1.req.md5
1134
1135server1.req.sha224: server1.key
1136 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA224
1137all_final += server1.req.sha224
1138
1139server1.req.sha256: server1.key
1140 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA256
1141all_final += server1.req.sha256
1142
Valerio Settid3f7df42022-10-19 15:14:29 +0200[diff] [blame]1143server1.req.sha256.ext: server1.key
1144 # Generating this with OpenSSL as a comparison point to test we're getting the same result
1145 openssl req -new -out $@ -key $< -subj '/C=NL/O=PolarSSL/CN=PolarSSL Server 1' -sha256 -addext "extendedKeyUsage=serverAuth"
1146all_final += server1.req.sha256.ext
1147
Hanno Becker50cb93a2018-10-08 17:15:28 +0100[diff] [blame]1148server1.req.sha384: server1.key
1149 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA384
1150all_final += server1.req.sha384
1151
1152server1.req.sha512: server1.key
1153 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA512
1154all_final += server1.req.sha512
1155
1156server1.req.cert_type: server1.key
1157 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< ns_cert_type=ssl_server subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1
1158all_final += server1.req.cert_type
1159
1160server1.req.key_usage: server1.key
1161 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< key_usage=digital_signature,non_repudiation,key_encipherment subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1
1162all_final += server1.req.key_usage
1163
1164server1.req.ku-ct: server1.key
1165 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< key_usage=digital_signature,non_repudiation,key_encipherment ns_cert_type=ssl_server subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1
1166all_final += server1.req.ku-ct
1167
Andres Amaya Garcia7067f812018-09-26 10:51:16 +0100[diff] [blame]1168server1.req.key_usage_empty: server1.key
1169 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 force_key_usage=1
1170all_final += server1.req.key_usage_empty
1171
1172server1.req.cert_type_empty: server1.key
1173 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 force_ns_cert_type=1
1174all_final += server1.req.cert_type_empty
1175
Werner Lewis02c9d3b2022-05-20 12:48:46 +0100[diff] [blame]1176server1.req.commas.sha256: server1.key
1177 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL\, Commas,CN=PolarSSL Server 1" md=SHA256
1178all_final += server1.req.commas.sha256
1179
Hanno Beckerebc1f402018-10-31 16:35:59 +0000[diff] [blame]1180# server2*
1181
Hanno Becker226eedb2020-08-17 12:14:00 +0100[diff] [blame]1182server2_pwd_ec = PolarSSLTest
1183
Hanno Beckerebc1f402018-10-31 16:35:59 +0000[diff] [blame]1184server2.req.sha256: server2.key
1185 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=localhost" md=SHA256
1186all_intermediate += server2.req.sha256
1187
Hanno Beckere21387e2019-03-12 16:49:26 +0000[diff] [blame]1188server2.crt.der: server2.crt
1189 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
1190all_final += server2.crt.der
1191
1192server2-sha256.crt.der: server2-sha256.crt
1193 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
1194all_final += server2-sha256.crt.der
1195
1196server2.key.der: server2.key
1197 $(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER
1198all_final += server2.key.der
1199
Hanno Becker226eedb2020-08-17 12:14:00 +0100[diff] [blame]1200server2.key.enc: server2.key
1201 $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(server2_pwd_ec)"
1202all_final += server2.key.enc
1203
Hanno Becker0dd11392018-11-02 08:56:15 +0000[diff] [blame]1204# server5*
1205
Jerry Yu111f4352023-04-23 17:49:39 +0800[diff] [blame]1206server5.csr: server5.key
1207 $(OPENSSL) req -new -subj "/C=NL/O=PolarSSL/CN=localhost" \
1208 -key $< -out $@
1209all_intermediate += server5.csr
Jerry Yufa4ef282023-05-12 16:31:26 +0800[diff] [blame]1210server5.crt: server5-sha256.crt
1211 cp $< $@
1212all_intermediate += server5-sha256.crt
1213server5-sha%.crt: server5.csr $(test_ca_crt_file_ec) $(test_ca_key_file_ec) server5.crt.openssl.v3_ext
1214 $(OPENSSL) x509 -req -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) \
1215 -extfile server5.crt.openssl.v3_ext -set_serial 9 -days 3650 \
1216 -sha$(@:server5-sha%.crt=%) -in $< -out $@
1217all_final += server5.crt server5-sha1.crt server5-sha224.crt server5-sha384.crt server5-sha512.crt
Jerry Yu111f4352023-04-23 17:49:39 +0800[diff] [blame]1218
1219server5-badsign.crt: server5.crt
1220 { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; } > $@
1221all_final += server5-badsign.crt
1222
Hanno Becker0dd11392018-11-02 08:56:15 +0000[diff] [blame]1223# The use of 'Server 1' in the DN is intentional here, as the DN is hardcoded in the x509_write test suite.'
1224server5.req.ku.sha1: server5.key
1225 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< key_usage=digital_signature,non_repudiation subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1
1226all_final += server5.req.ku.sha1
1227
Jerry Yu324a43b2023-05-09 13:46:38 +0800[diff] [blame]1228# server6*
1229
1230server6.csr: server6.key
1231 $(OPENSSL) req -new -subj "/C=NL/O=PolarSSL/CN=localhost" \
1232 -key $< -out $@
1233all_intermediate += server6.csr
1234server6.crt: server6.csr $(test_ca_crt_file_ec) $(test_ca_key_file_ec)
1235 $(OPENSSL) x509 -req -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) \
1236 -extfile server5.crt.openssl.v3_ext -set_serial 10 -days 3650 -sha256 -in $< -out $@
1237all_final += server6.crt
1238
Jerry Yu8e0cc702023-05-09 14:07:56 +0800[diff] [blame]1239server6-ss-child.csr : server6.key
1240 $(OPENSSL) req -new -subj "/CN=selfsigned-child/OU=testing/O=PolarSSL/C=NL" \
1241 -key $< -out $@
1242all_intermediate += server6-ss-child.csr
1243server6-ss-child.crt: server6-ss-child.csr server5-selfsigned.crt server5.key server6-ss-child.crt.openssl.v3_ext
1244 $(OPENSSL) x509 -req -CA server5-selfsigned.crt -CAkey server5.key \
1245 -extfile server6-ss-child.crt.openssl.v3_ext \
1246 -set_serial 0x53a2cb5822399474a7ec79ec \
1247 -days 3650 -sha256 -in $< -out $@
1248all_final += server6-ss-child.crt
1249
Hanno Becker50cb93a2018-10-08 17:15:28 +0100[diff] [blame]1250################################################################
Hanno Becker418a6222017-09-14 07:51:28 +0100[diff] [blame]1251### Generate certificates for CRT write check tests
Gilles Peskineea8d6972017-11-28 17:30:52 +0100[diff] [blame]1252################################################################
1253
Hanno Becker418a6222017-09-14 07:51:28 +0100[diff] [blame]1254### The test files use the Mbed TLS generated certificates server1*.crt,
1255### but for comparison with OpenSSL also rules for OpenSSL-generated
1256### certificates server1*.crt.openssl are offered.
1257###
1258### Known differences:
1259### * OpenSSL encodes trailing zero-bits in bit-strings occurring in X.509 extension
1260### as unused bits, while Mbed TLS doesn't.
Gilles Peskinef040a172017-05-05 18:56:12 +0200[diff] [blame]1261
Hanno Becker418a6222017-09-14 07:51:28 +0100[diff] [blame]1262test_ca_server1_db = test-ca.server1.db
1263test_ca_server1_serial = test-ca.server1.serial
1264test_ca_server1_config_file = test-ca.server1.opensslconf
1265
Hanno Becker50cb93a2018-10-08 17:15:28 +0100[diff] [blame]1266# server1*
Hanno Becker418a6222017-09-14 07:51:28 +0100[diff] [blame]1267
Hanno Becker50cb93a2018-10-08 17:15:28 +0100[diff] [blame]1268server1.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]1269 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@
Hanno Becker50cb93a2018-10-08 17:15:28 +0100[diff] [blame]1270server1.noauthid.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]1271 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 authority_identifier=0 version=3 output_file=$@
Hanno Becker58fc28c2019-03-14 13:33:20 +0000[diff] [blame]1272server1.crt.der: server1.crt
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]1273 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 authority_identifier=0 version=3 output_file=$@
1274server1.der: server1.crt
Hanno Becker418a6222017-09-14 07:51:28 +0100[diff] [blame]1275 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
Werner Lewis02c9d3b2022-05-20 12:48:46 +0100[diff] [blame]1276server1.commas.crt: server1.key server1.req.commas.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
1277 $(MBEDTLS_CERT_WRITE) request_file=server1.req.commas.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@
1278all_final += server1.crt server1.noauthid.crt server1.crt.der server1.commas.crt
Hanno Becker418a6222017-09-14 07:51:28 +0100[diff] [blame]1279
Hanno Becker50cb93a2018-10-08 17:15:28 +0100[diff] [blame]1280server1.key_usage.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]1281 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 key_usage=digital_signature,non_repudiation,key_encipherment version=3 output_file=$@
Hanno Becker50cb93a2018-10-08 17:15:28 +0100[diff] [blame]1282server1.key_usage_noauthid.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]1283 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 key_usage=digital_signature,non_repudiation,key_encipherment authority_identifier=0 version=3 output_file=$@
Hanno Becker418a6222017-09-14 07:51:28 +0100[diff] [blame]1284server1.key_usage.der: server1.key_usage.crt
1285 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
1286all_final += server1.key_usage.crt server1.key_usage_noauthid.crt server1.key_usage.der
1287
Hanno Becker50cb93a2018-10-08 17:15:28 +0100[diff] [blame]1288server1.cert_type.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]1289 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 ns_cert_type=ssl_server version=3 output_file=$@
Hanno Becker50cb93a2018-10-08 17:15:28 +0100[diff] [blame]1290server1.cert_type_noauthid.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]1291 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 ns_cert_type=ssl_server authority_identifier=0 version=3 output_file=$@
Hanno Becker418a6222017-09-14 07:51:28 +0100[diff] [blame]1292server1.cert_type.der: server1.cert_type.crt
1293 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
1294all_final += server1.cert_type.crt server1.cert_type_noauthid.crt server1.cert_type.der
1295
Hanno Becker50cb93a2018-10-08 17:15:28 +0100[diff] [blame]1296server1.v1.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]1297 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 version=1 output_file=$@
Hanno Becker418a6222017-09-14 07:51:28 +0100[diff] [blame]1298server1.v1.der: server1.v1.crt
1299 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
1300all_final += server1.v1.crt server1.v1.der
1301
Darren Krahn9c134ce2021-01-13 22:04:45 -0800[diff] [blame]1302server1.ca.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
1303 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 is_ca=1 version=3 output_file=$@
1304server1.ca_noauthid.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
1305 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 authority_identifier=0 is_ca=1 version=3 output_file=$@
1306server1.ca.der: server1.ca.crt
1307 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
1308all_final += server1.ca.crt server1.ca_noauthid.crt server1.ca.der
1309
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]1310server1_ca.crt: server1.crt $(test_ca_crt)
1311 cat server1.crt $(test_ca_crt) > $@
1312all_final += server1_ca.crt
1313
1314cert_sha1.crt: server1.key
1315 $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=PolarSSL Cert SHA1" serial=7 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@
1316all_final += cert_sha1.crt
1317
1318cert_sha224.crt: server1.key
1319 $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=PolarSSL Cert SHA224" serial=8 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA224 version=3 output_file=$@
1320all_final += cert_sha224.crt
1321
1322cert_sha256.crt: server1.key
1323 $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=PolarSSL Cert SHA256" serial=9 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA256 version=3 output_file=$@
1324all_final += cert_sha256.crt
1325
1326cert_sha384.crt: server1.key
1327 $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=PolarSSL Cert SHA384" serial=10 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA384 version=3 output_file=$@
1328all_final += cert_sha384.crt
1329
1330cert_sha512.crt: server1.key
1331 $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=PolarSSL Cert SHA512" serial=11 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA512 version=3 output_file=$@
1332all_final += cert_sha512.crt
1333
1334cert_example_wildcard.crt: server1.key
1335 $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=*.example.com" serial=12 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@
1336all_final += cert_example_wildcard.crt
1337
Hanno Becker418a6222017-09-14 07:51:28 +0100[diff] [blame]1338# OpenSSL-generated certificates for comparison
Hanno Becker81535d02017-09-13 15:39:59 +0100[diff] [blame]1339# Also provide certificates in DER format to allow
Hanno Becker418a6222017-09-14 07:51:28 +0100[diff] [blame]1340# direct binary comparison using e.g. dumpasn1
Hanno Becker50cb93a2018-10-08 17:15:28 +0100[diff] [blame]1341server1.crt.openssl server1.key_usage.crt.openssl server1.cert_type.crt.openssl: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_server1_config_file)
Hanno Becker418a6222017-09-14 07:51:28 +0100[diff] [blame]1342 echo "01" > $(test_ca_server1_serial)
1343 rm -f $(test_ca_server1_db)
1344 touch $(test_ca_server1_db)
Hanno Becker50cb93a2018-10-08 17:15:28 +0100[diff] [blame]1345 $(OPENSSL) ca -batch -passin "pass:$(test_ca_pwd_rsa)" -config $(test_ca_server1_config_file) -in server1.req.sha256 -extensions v3_ext -extfile $@.v3_ext -out $@
Hanno Becker418a6222017-09-14 07:51:28 +0100[diff] [blame]1346server1.der.openssl: server1.crt.openssl
1347 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
1348server1.key_usage.der.openssl: server1.key_usage.crt.openssl
1349 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
1350server1.cert_type.der.openssl: server1.cert_type.crt.openssl
1351 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
1352
Hanno Becker50cb93a2018-10-08 17:15:28 +0100[diff] [blame]1353server1.v1.crt.openssl: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_server1_config_file)
Hanno Becker418a6222017-09-14 07:51:28 +0100[diff] [blame]1354 echo "01" > $(test_ca_server1_serial)
1355 rm -f $(test_ca_server1_db)
1356 touch $(test_ca_server1_db)
Hanno Becker50cb93a2018-10-08 17:15:28 +0100[diff] [blame]1357 $(OPENSSL) ca -batch -passin "pass:$(test_ca_pwd_rsa)" -config $(test_ca_server1_config_file) -in server1.req.sha256 -out $@
Hanno Becker418a6222017-09-14 07:51:28 +0100[diff] [blame]1358server1.v1.der.openssl: server1.v1.crt.openssl
1359 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
1360
Ron Eldorb7c96262019-02-06 18:48:37 +0200[diff] [blame]1361# To revoke certificate in the openssl database:
1362#
1363# $(OPENSSL) ca -gencrl -batch -cert $(test_ca_crt) -keyfile $(test_ca_key_file_rsa) -key $(test_ca_pwd_rsa) -config $(test_ca_server1_config_file) -md sha256 -crldays 365 -revoke server1.crt
1364
1365crl.pem: $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_config_file)
1366 $(OPENSSL) ca -gencrl -batch -cert $(test_ca_crt) -keyfile $(test_ca_key_file_rsa) -key $(test_ca_pwd_rsa) -config $(test_ca_server1_config_file) -md sha1 -crldays 3653 -out $@
1367
Raoul Strackxa4e86142020-06-15 17:03:13 +0200[diff] [blame]1368crl-futureRevocationDate.pem: $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_config_file) test-ca.server1.future-crl.db test-ca.server1.future-crl.opensslconf
1369 $(FAKETIME) '2028-12-31' $(OPENSSL) ca -gencrl -config test-ca.server1.future-crl.opensslconf -crldays 365 -passin "pass:$(test_ca_pwd_rsa)" -out $@
1370
1371server1_all: crl.pem crl-futureRevocationDate.pem server1.crt server1.noauthid.crt server1.crt.openssl server1.v1.crt server1.v1.crt.openssl server1.key_usage.crt server1.key_usage_noauthid.crt server1.key_usage.crt.openssl server1.cert_type.crt server1.cert_type_noauthid.crt server1.cert_type.crt.openssl server1.der server1.der.openssl server1.v1.der server1.v1.der.openssl server1.key_usage.der server1.key_usage.der.openssl server1.cert_type.der server1.cert_type.der.openssl
Gilles Peskinef040a172017-05-05 18:56:12 +0200[diff] [blame]1372
Hanno Beckerebc1f402018-10-31 16:35:59 +0000[diff] [blame]1373# server2*
1374
1375server2.crt: server2.req.sha256
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]1376 $(MBEDTLS_CERT_WRITE) request_file=server2.req.sha256 serial=2 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@
Hanno Beckere21387e2019-03-12 16:49:26 +0000[diff] [blame]1377all_final += server2.crt
Hanno Beckerebc1f402018-10-31 16:35:59 +0000[diff] [blame]1378
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]1379server2.der: server2.crt
1380 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
1381all_final += server2.crt server2.der
1382
Hanno Beckerebc1f402018-10-31 16:35:59 +0000[diff] [blame]1383server2-sha256.crt: server2.req.sha256
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]1384 $(MBEDTLS_CERT_WRITE) request_file=server2.req.sha256 serial=2 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA256 version=3 output_file=$@
Hanno Beckerebc1f402018-10-31 16:35:59 +0000[diff] [blame]1385all_final += server2-sha256.crt
1386
Pengyu Lva3d7bb82023-05-09 12:04:56 +0800[diff] [blame]1387# server3*
1388
1389server3.crt: server3.key
Pengyu Lva6403392023-06-02 13:23:39 +0800[diff] [blame]1390 $(MBEDTLS_CERT_WRITE) subject_key=$< subject_name="C=NL,O=PolarSSL,CN=localhost" serial=13 \
1391 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) \
1392 not_before=20190210144406 not_after=20290210144406 \
1393 md=SHA1 version=3 output_file=$@
Pengyu Lva3d7bb82023-05-09 12:04:56 +0800[diff] [blame]1394all_final += server3.crt
1395
Pengyu Lv746e2d12023-05-10 09:26:41 +0800[diff] [blame]1396# server4*
1397
1398server4.crt: server4.key
Pengyu Lva6403392023-06-02 13:23:39 +0800[diff] [blame]1399 $(MBEDTLS_CERT_WRITE) subject_key=$< subject_name="C=NL,O=PolarSSL,CN=localhost" serial=8 \
1400 issuer_crt=$(test_ca_crt_file_ec) issuer_key=$(test_ca_key_file_ec) \
1401 not_before=20190210144400 not_after=20290210144400 \
1402 md=SHA256 version=3 output_file=$@
Pengyu Lv746e2d12023-05-10 09:26:41 +0800[diff] [blame]1403all_final += server4.crt
1404
Hanno Becker2e0f71f2019-06-03 14:14:04 +0100[diff] [blame]1405# MD2, MD4, MD5 test certificates
Gilles Peskinef040a172017-05-05 18:56:12 +0200[diff] [blame]1406
Hanno Becker2e0f71f2019-06-03 14:14:04 +0100[diff] [blame]1407cert_md_test_key = $(cli_crt_key_file_rsa)
1408
1409cert_md2.csr: $(cert_md_test_key)
1410 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Cert MD2" md=MD2
1411all_intermediate += cert_md2.csr
1412
1413cert_md2.crt: cert_md2.csr
Hanno Becker53756b32019-06-03 14:14:38 +0100[diff] [blame]1414 $(MBEDTLS_CERT_WRITE) request_file=$< serial=9 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20000101121212 not_after=20300101121212 md=MD2 version=3 output_file=$@
Hanno Becker2e0f71f2019-06-03 14:14:04 +0100[diff] [blame]1415all_final += cert_md2.crt
1416
1417cert_md4.csr: $(cert_md_test_key)
1418 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Cert MD4" md=MD4
1419all_intermediate += cert_md4.csr
1420
1421cert_md4.crt: cert_md4.csr
Hanno Becker53756b32019-06-03 14:14:38 +0100[diff] [blame]1422 $(MBEDTLS_CERT_WRITE) request_file=$< serial=5 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20000101121212 not_after=20300101121212 md=MD4 version=3 output_file=$@
Hanno Becker2e0f71f2019-06-03 14:14:04 +0100[diff] [blame]1423all_final += cert_md4.crt
1424
1425cert_md5.csr: $(cert_md_test_key)
1426 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Cert MD5" md=MD5
1427all_intermediate += cert_md5.csr
1428
1429cert_md5.crt: cert_md5.csr
Hanno Becker53756b32019-06-03 14:14:38 +0100[diff] [blame]1430 $(MBEDTLS_CERT_WRITE) request_file=$< serial=6 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20000101121212 not_after=20300101121212 md=MD5 version=3 output_file=$@
Hanno Becker2e0f71f2019-06-03 14:14:04 +0100[diff] [blame]1431all_final += cert_md5.crt
Gilles Peskinef040a172017-05-05 18:56:12 +0200[diff] [blame]1432
1433################################################################
Gilles Peskinec6b0d962020-12-08 22:31:52 +0100[diff] [blame]1434#### Diffie-Hellman parameters
1435################################################################
1436
1437dh.998.pem:
1438 $(OPENSSL) dhparam -out $@ -text 998
1439
1440dh.999.pem:
1441 $(OPENSSL) dhparam -out $@ -text 999
1442
1443################################################################
Gilles Peskinef040a172017-05-05 18:56:12 +0200[diff] [blame]1444#### Meta targets
1445################################################################
1446
1447all_final: $(all_final)
1448all: $(all_intermediate) $(all_final)
1449
Gilles Peskinefd14bca2017-05-11 17:57:22 +0200[diff] [blame]1450.PHONY: default all_final all
Gilles Peskineea8d6972017-11-28 17:30:52 +0100[diff] [blame]1451.PHONY: keys_rsa_all
1452.PHONY: keys_rsa_unenc keys_rsa_enc_basic
1453.PHONY: keys_rsa_enc_pkcs8_v1 keys_rsa_enc_pkcs8_v2
1454.PHONY: keys_rsa_enc_basic_1024 keys_rsa_enc_basic_2048 keys_rsa_enc_basic_4096
1455.PHONY: keys_rsa_enc_pkcs8_v1_1024 keys_rsa_enc_pkcs8_v2_1024
1456.PHONY: keys_rsa_enc_pkcs8_v1_2048 keys_rsa_enc_pkcs8_v2_2048
1457.PHONY: keys_rsa_enc_pkcs8_v1_4096 keys_rsa_enc_pkcs8_v2_4096
1458.PHONY: server1_all
Gilles Peskinefd14bca2017-05-11 17:57:22 +0200[diff] [blame]1459
Gilles Peskinef040a172017-05-05 18:56:12 +0200[diff] [blame]1460# These files should not be committed to the repository.
1461list_intermediate:
1462 @printf '%s\n' $(all_intermediate) | sort
1463# These files should be committed to the repository so that the test data is
1464# available upon checkout without running a randomized process depending on
1465# third-party tools.
1466list_final:
1467 @printf '%s\n' $(all_final) | sort
Gilles Peskinefd14bca2017-05-11 17:57:22 +0200[diff] [blame]1468.PHONY: list_intermediate list_final
Gilles Peskinef040a172017-05-05 18:56:12 +0200[diff] [blame]1469
Gilles Peskinefd14bca2017-05-11 17:57:22 +0200[diff] [blame]1470## Remove intermediate files
Gilles Peskinef040a172017-05-05 18:56:12 +0200[diff] [blame]1471clean:
1472 rm -f $(all_intermediate)
Gilles Peskinefd14bca2017-05-11 17:57:22 +0200[diff] [blame]1473## Remove all build products, even the ones that are committed
Gilles Peskinef040a172017-05-05 18:56:12 +0200[diff] [blame]1474neat: clean
1475 rm -f $(all_final)
Gilles Peskinefd14bca2017-05-11 17:57:22 +0200[diff] [blame]1476.PHONY: clean neat
Pengyu Lvf287e2a2023-05-24 10:33:42 +0800[diff] [blame]1477
1478.SECONDARY: $(all_intermediate)