TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls.git / 94ff1c62dca4adf1912e5cf25fae73f1024bcc06 / . / tests / data_files / Makefile
blob: d7a57a9e4dc0f498fc31b64e0eb52d089ede0b77 [file] [log] [blame]
Gilles Peskine9bb4f282017-05-11 17:57:22 +0200[diff] [blame]1## This file contains a record of how some of the test data was
2## generated. The final build products are committed to the repository
3## as well to make sure that the test data is identical. You do not
4## need to use this makefile unless you're extending mbed TLS's tests.
Gilles Peskine83ed5962017-05-05 18:56:12 +0200[diff] [blame]5
Gilles Peskine9bb4f282017-05-11 17:57:22 +0200[diff] [blame]6## Many data files were generated prior to the existence of this
7## makefile, so the method of their generation was not recorded.
Gilles Peskine83ed5962017-05-05 18:56:12 +0200[diff] [blame]8
Gilles Peskine9bb4f282017-05-11 17:57:22 +0200[diff] [blame]9## Note that in addition to depending on the version of the data
10## generation tool, many of the build outputs are randomized, so
11## running this makefile twice would not produce the same results.
12
13## Tools
14OPENSSL ?= openssl
Manuel Pégourié-Gonnard3c873462017-06-05 10:20:32 +0200[diff] [blame]15FAKETIME ?= faketime
Hanno Becker2b6c3f62017-09-14 07:51:28 +0100[diff] [blame]16MBEDTLS_CERT_WRITE ?= $(PWD)/../../programs/x509/cert_write
Gilles Peskine9bb4f282017-05-11 17:57:22 +0200[diff] [blame]17
18## Build the generated test data. Note that since the final outputs
19## are committed to the repository, this target should do nothing on a
20## fresh checkout. Furthermore, since the generation is randomized,
21## re-running the same targets may result in differing files. The goal
22## of this makefile is primarily to serve as a record of how the
23## targets were generated in the first place.
Gilles Peskine83ed5962017-05-05 18:56:12 +0200[diff] [blame]24default: all_final
25
26all_intermediate := # temporary files
Hanno Becker82027c12017-09-26 16:21:19 +0100[diff] [blame]27all_final := # files used by tests
Gilles Peskine83ed5962017-05-05 18:56:12 +0200[diff] [blame]28
Gilles Peskine9bb4f282017-05-11 17:57:22 +0200[diff] [blame]29
30
31################################################################
32#### Generate certificates from existing keys
33################################################################
34
Hanno Becker2b6c3f62017-09-14 07:51:28 +0100[diff] [blame]35test_ca_crt = test-ca.crt
Gilles Peskine9bb4f282017-05-11 17:57:22 +0200[diff] [blame]36test_ca_key_file_rsa = test-ca.key
37test_ca_pwd_rsa = PolarSSLTest
38test_ca_config_file = test-ca.opensslconf
39
Gilles Peskine83ed5962017-05-05 18:56:12 +0200[diff] [blame]40test-ca.csr: $(test_ca_key_file_rsa) $(test_ca_config_file)
41 $(OPENSSL) req -new -config $(test_ca_config_file) -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test CA" -out $@
42all_intermediate += test-ca.csr
43test-ca-sha1.crt: $(test_ca_key_file_rsa) $(test_ca_config_file) test-ca.csr
44 $(OPENSSL) req -x509 -config $(test_ca_config_file) -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha1 -in test-ca.csr -out $@
45all_final += test-ca-sha1.crt
46test-ca-sha256.crt: $(test_ca_key_file_rsa) $(test_ca_config_file) test-ca.csr
47 $(OPENSSL) req -x509 -config $(test_ca_config_file) -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha256 -in test-ca.csr -out $@
48all_final += test-ca-sha256.crt
49
Manuel Pégourié-Gonnard94ff1c62017-06-27 12:51:52 +0200[diff] [blame^]50test_ca_crt_file_ec = test-ca2.crt
51test_ca_key_file_ec = test-ca2.key
52
53test-int-ca.csr: test-int-ca.key $(test_ca_config_file)
54 $(OPENSSL) req -new -config $(test_ca_config_file) -key test-int-ca.key -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test Intermediate CA" -out $@
55all_intermediate += test-int-ca.csr
56test-int-ca-exp.crt: $(test_ca_key_file_ec) $(test_ca_config_file) test-int-ca.csr
57 $(FAKETIME) -f -3653d $(OPENSSL) x509 -req -extfile $(test_ca_config_file) -extensions v3_ca -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) -set_serial 14 -days 3653 -sha256 -in test-int-ca.csr -out $@
58all_final += test-int-ca-exp.crt
59
Gilles Peskine9bb4f282017-05-11 17:57:22 +0200[diff] [blame]60cli_crt_key_file_rsa = cli-rsa.key
61cli_crt_extensions_file = cli.opensslconf
62
Gilles Peskine83ed5962017-05-05 18:56:12 +0200[diff] [blame]63cli-rsa.csr: $(cli_crt_key_file_rsa)
64 $(OPENSSL) req -new -key $(cli_crt_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -subj "/C=NL/O=PolarSSL/CN=PolarSSL Client 2" -out $@
65all_intermediate += cli-rsa.csr
66cli-rsa-sha1.crt: $(cli_crt_key_file_rsa) test-ca-sha1.crt cli-rsa.csr
67 $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA test-ca-sha1.crt -CAkey $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 4 -days 3653 -sha1 -in cli-rsa.csr -out $@
68all_final += cli-rsa-sha1.crt
69cli-rsa-sha256.crt: $(cli_crt_key_file_rsa) test-ca-sha256.crt cli-rsa.csr
70 $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA test-ca-sha256.crt -CAkey $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 4 -days 3653 -sha256 -in cli-rsa.csr -out $@
71all_final += cli-rsa-sha256.crt
72
Gilles Peskineae765992017-05-09 15:59:24 +0200[diff] [blame]73server2-rsa.csr: server2.key
74 $(OPENSSL) req -new -key server2.key -passin "pass:$(test_ca_pwd_rsa)" -subj "/C=NL/O=PolarSSL/CN=localhost" -out $@
75all_intermediate += server2-rsa.csr
76server2-sha256.crt: server2-rsa.csr
77 $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA test-ca-sha256.crt -CAkey $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 4 -days 3653 -sha256 -in server2-rsa.csr -out $@
78all_final += server2-sha256.crt
79
Manuel Pégourié-Gonnard3c873462017-06-05 10:20:32 +0200[diff] [blame]80test_ca_int_rsa1 = test-int-ca.crt
81
82server7.csr: server7.key
83 $(OPENSSL) req -new -key server7.key -subj "/C=NL/O=PolarSSL/CN=localhost" -out $@
84all_intermediate += server7.csr
85server7-expired.crt: server7.csr $(test_ca_int_rsa1)
86 $(FAKETIME) -f -3653d $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA $(test_ca_int_rsa1) -CAkey test-int-ca.key -set_serial 16 -days 3653 -sha256 -in server7.csr | cat - $(test_ca_int_rsa1) > $@
87all_final += server7-expired.crt
88server7-future.crt: server7.csr $(test_ca_int_rsa1)
89 $(FAKETIME) -f +3653d $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA $(test_ca_int_rsa1) -CAkey test-int-ca.key -set_serial 16 -days 3653 -sha256 -in server7.csr | cat - $(test_ca_int_rsa1) > $@
90all_final += server7-future.crt
Manuel Pégourié-Gonnard92cd3fe2017-06-05 11:12:13 +0200[diff] [blame]91server7-badsign.crt: server7.crt $(test_ca_int_rsa1)
92 { head -n-2 server7.crt; tail -n-2 server7.crt | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; cat test-int-ca.crt; } > server7-badsign.crt
93all_final += server7-badsign.crt
Manuel Pégourié-Gonnard94ff1c62017-06-27 12:51:52 +0200[diff] [blame^]94server7_int-ca-exp.crt: server7.crt test-int-ca-exp.crt
95 cat server7.crt test-int-ca-exp.crt > $@
96all_final += server7_int-ca-exp.crt
97
98server5-ss-expired.crt: server5.key
99 $(FAKETIME) -f -3653d $(OPENSSL) req -x509 -new -subj "/C=UK/O=mbed TLS/OU=testsuite/CN=localhost" -days 3653 -sha256 -key $< -out $@
100all_final += server5-ss-expired.crt
101
Gilles Peskine283a80d2017-11-28 18:31:28 +0100[diff] [blame]102
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]103################################################################
104#### Generate various RSA keys
105################################################################
Gilles Peskineae765992017-05-09 15:59:24 +0200[diff] [blame]106
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]107### Password used for PKCS1-encoded encrypted RSA keys
108keys_rsa_basic_pwd = testkey
109
110### Password used for PKCS8-encoded encrypted RSA keys
111keys_rsa_pkcs8_pwd = PolarSSLTest
112
113### Basic 1024-, 2048- and 4096-bit unencrypted RSA keys from which
114### all other encrypted RSA keys are derived.
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]115rsa_pkcs1_1024_clear.pem:
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]116 $(OPENSSL) genrsa -out $@ 1024
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]117all_final += rsa_pkcs1_1024_clear.pem
118rsa_pkcs1_2048_clear.pem:
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]119 $(OPENSSL) genrsa -out $@ 2048
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]120all_final += rsa_pkcs1_2048_clear.pem
121rsa_pkcs1_4096_clear.pem:
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]122 $(OPENSSL) genrsa -out $@ 4096
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]123all_final += rsa_pkcs1_4096_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]124
125###
126### PKCS1-encoded, encrypted RSA keys
127###
128
129### 1024-bit
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]130rsa_pkcs1_1024_des.pem: rsa_pkcs1_1024_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]131 $(OPENSSL) rsa -des -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]132all_final += rsa_pkcs1_1024_des.pem
133rsa_pkcs1_1024_3des.pem: rsa_pkcs1_1024_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]134 $(OPENSSL) rsa -des3 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]135all_final += rsa_pkcs1_1024_3des.pem
136rsa_pkcs1_1024_aes128.pem: rsa_pkcs1_1024_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]137 $(OPENSSL) rsa -aes128 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]138all_final += rsa_pkcs1_1024_aes128.pem
139rsa_pkcs1_1024_aes192.pem: rsa_pkcs1_1024_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]140 $(OPENSSL) rsa -aes192 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]141all_final += rsa_pkcs1_1024_aes192.pem
142rsa_pkcs1_1024_aes256.pem: rsa_pkcs1_1024_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]143 $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]144all_final += rsa_pkcs1_1024_aes256.pem
145keys_rsa_enc_basic_1024: rsa_pkcs1_1024_des.pem rsa_pkcs1_1024_3des.pem rsa_pkcs1_1024_aes128.pem rsa_pkcs1_1024_aes192.pem rsa_pkcs1_1024_aes256.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]146
147# 2048-bit
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]148rsa_pkcs1_2048_des.pem: rsa_pkcs1_2048_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]149 $(OPENSSL) rsa -des -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]150all_final += rsa_pkcs1_2048_des.pem
151rsa_pkcs1_2048_3des.pem: rsa_pkcs1_2048_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]152 $(OPENSSL) rsa -des3 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]153all_final += rsa_pkcs1_2048_3des.pem
154rsa_pkcs1_2048_aes128.pem: rsa_pkcs1_2048_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]155 $(OPENSSL) rsa -aes128 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]156all_final += rsa_pkcs1_2048_aes128.pem
157rsa_pkcs1_2048_aes192.pem: rsa_pkcs1_2048_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]158 $(OPENSSL) rsa -aes192 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]159all_final += rsa_pkcs1_2048_aes192.pem
160rsa_pkcs1_2048_aes256.pem: rsa_pkcs1_2048_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]161 $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]162all_final += rsa_pkcs1_2048_aes256.pem
163keys_rsa_enc_basic_2048: rsa_pkcs1_2048_des.pem rsa_pkcs1_2048_3des.pem rsa_pkcs1_2048_aes128.pem rsa_pkcs1_2048_aes192.pem rsa_pkcs1_2048_aes256.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]164
165# 4096-bit
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]166rsa_pkcs1_4096_des.pem: rsa_pkcs1_4096_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]167 $(OPENSSL) rsa -des -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]168all_final += rsa_pkcs1_4096_des.pem
169rsa_pkcs1_4096_3des.pem: rsa_pkcs1_4096_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]170 $(OPENSSL) rsa -des3 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]171all_final += rsa_pkcs1_4096_3des.pem
172rsa_pkcs1_4096_aes128.pem: rsa_pkcs1_4096_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]173 $(OPENSSL) rsa -aes128 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]174all_final += rsa_pkcs1_4096_aes128.pem
175rsa_pkcs1_4096_aes192.pem: rsa_pkcs1_4096_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]176 $(OPENSSL) rsa -aes192 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]177all_final += rsa_pkcs1_4096_aes192.pem
178rsa_pkcs1_4096_aes256.pem: rsa_pkcs1_4096_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]179 $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]180all_final += rsa_pkcs1_4096_aes256.pem
181keys_rsa_enc_basic_4096: rsa_pkcs1_4096_des.pem rsa_pkcs1_4096_3des.pem rsa_pkcs1_4096_aes128.pem rsa_pkcs1_4096_aes192.pem rsa_pkcs1_4096_aes256.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]182
183###
184### PKCS8-v1 encoded, encrypted RSA keys
185###
186
187### 1024-bit
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]188rsa_pkcs8_pbe_sha1_1024_3des.der: rsa_pkcs1_1024_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]189 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]190all_final += rsa_pkcs8_pbe_sha1_1024_3des.der
191rsa_pkcs8_pbe_sha1_1024_3des.pem: rsa_pkcs1_1024_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]192 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]193all_final += rsa_pkcs8_pbe_sha1_1024_3des.pem
194keys_rsa_enc_pkcs8_v1_1024_3des: rsa_pkcs8_pbe_sha1_1024_3des.pem rsa_pkcs8_pbe_sha1_1024_3des.der
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]195
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]196rsa_pkcs8_pbe_sha1_1024_2des.der: rsa_pkcs1_1024_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]197 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]198all_final += rsa_pkcs8_pbe_sha1_1024_2des.der
199rsa_pkcs8_pbe_sha1_1024_2des.pem: rsa_pkcs1_1024_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]200 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]201all_final += rsa_pkcs8_pbe_sha1_1024_2des.pem
202keys_rsa_enc_pkcs8_v1_1024_2des: rsa_pkcs8_pbe_sha1_1024_2des.pem rsa_pkcs8_pbe_sha1_1024_2des.der
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]203
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]204rsa_pkcs8_pbe_sha1_1024_rc4_128.der: rsa_pkcs1_1024_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]205 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]206all_final += rsa_pkcs8_pbe_sha1_1024_rc4_128.der
207rsa_pkcs8_pbe_sha1_1024_rc4_128.pem: rsa_pkcs1_1024_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]208 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]209all_final += rsa_pkcs8_pbe_sha1_1024_rc4_128.pem
210keys_rsa_enc_pkcs8_v1_1024_rc4_128: rsa_pkcs8_pbe_sha1_1024_rc4_128.pem rsa_pkcs8_pbe_sha1_1024_rc4_128.der
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]211
212keys_rsa_enc_pkcs8_v1_1024: keys_rsa_enc_pkcs8_v1_1024_3des keys_rsa_enc_pkcs8_v1_1024_2des keys_rsa_enc_pkcs8_v1_1024_rc4_128
213
214### 2048-bit
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]215rsa_pkcs8_pbe_sha1_2048_3des.der: rsa_pkcs1_2048_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]216 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]217all_final += rsa_pkcs8_pbe_sha1_2048_3des.der
218rsa_pkcs8_pbe_sha1_2048_3des.pem: rsa_pkcs1_2048_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]219 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]220all_final += rsa_pkcs8_pbe_sha1_2048_3des.pem
221keys_rsa_enc_pkcs8_v1_2048_3des: rsa_pkcs8_pbe_sha1_2048_3des.pem rsa_pkcs8_pbe_sha1_2048_3des.der
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]222
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]223rsa_pkcs8_pbe_sha1_2048_2des.der: rsa_pkcs1_2048_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]224 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]225all_final += rsa_pkcs8_pbe_sha1_2048_2des.der
226rsa_pkcs8_pbe_sha1_2048_2des.pem: rsa_pkcs1_2048_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]227 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]228all_final += rsa_pkcs8_pbe_sha1_2048_2des.pem
229keys_rsa_enc_pkcs8_v1_2048_2des: rsa_pkcs8_pbe_sha1_2048_2des.pem rsa_pkcs8_pbe_sha1_2048_2des.der
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]230
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]231rsa_pkcs8_pbe_sha1_2048_rc4_128.der: rsa_pkcs1_2048_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]232 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]233all_final += rsa_pkcs8_pbe_sha1_2048_rc4_128.der
234rsa_pkcs8_pbe_sha1_2048_rc4_128.pem: rsa_pkcs1_2048_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]235 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]236all_final += rsa_pkcs8_pbe_sha1_2048_rc4_128.pem
237keys_rsa_enc_pkcs8_v1_2048_rc4_128: rsa_pkcs8_pbe_sha1_2048_rc4_128.pem rsa_pkcs8_pbe_sha1_2048_rc4_128.der
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]238
239keys_rsa_enc_pkcs8_v1_2048: keys_rsa_enc_pkcs8_v1_2048_3des keys_rsa_enc_pkcs8_v1_2048_2des keys_rsa_enc_pkcs8_v1_2048_rc4_128
240
241### 4096-bit
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]242rsa_pkcs8_pbe_sha1_4096_3des.der: rsa_pkcs1_4096_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]243 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]244all_final += rsa_pkcs8_pbe_sha1_4096_3des.der
245rsa_pkcs8_pbe_sha1_4096_3des.pem: rsa_pkcs1_4096_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]246 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]247all_final += rsa_pkcs8_pbe_sha1_4096_3des.pem
248keys_rsa_enc_pkcs8_v1_4096_3des: rsa_pkcs8_pbe_sha1_4096_3des.pem rsa_pkcs8_pbe_sha1_4096_3des.der
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]249
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]250rsa_pkcs8_pbe_sha1_4096_2des.der: rsa_pkcs1_4096_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]251 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]252all_final += rsa_pkcs8_pbe_sha1_4096_2des.der
253rsa_pkcs8_pbe_sha1_4096_2des.pem: rsa_pkcs1_4096_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]254 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]255all_final += rsa_pkcs8_pbe_sha1_4096_2des.pem
256keys_rsa_enc_pkcs8_v1_4096_2des: rsa_pkcs8_pbe_sha1_4096_2des.pem rsa_pkcs8_pbe_sha1_4096_2des.der
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]257
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]258rsa_pkcs8_pbe_sha1_4096_rc4_128.der: rsa_pkcs1_4096_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]259 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]260all_final += rsa_pkcs8_pbe_sha1_4096_rc4_128.der
261rsa_pkcs8_pbe_sha1_4096_rc4_128.pem: rsa_pkcs1_4096_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]262 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]263all_final += rsa_pkcs8_pbe_sha1_4096_rc4_128.pem
264keys_rsa_enc_pkcs8_v1_4096_rc4_128: rsa_pkcs8_pbe_sha1_4096_rc4_128.pem rsa_pkcs8_pbe_sha1_4096_rc4_128.der
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]265
266keys_rsa_enc_pkcs8_v1_4096: keys_rsa_enc_pkcs8_v1_4096_3des keys_rsa_enc_pkcs8_v1_4096_2des keys_rsa_enc_pkcs8_v1_4096_rc4_128
267
268###
269### PKCS8-v2 encoded, encrypted RSA keys
270###
271
272### 1024-bit
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]273rsa_pkcs8_pbes2_pbkdf2_1024_3des.der: rsa_pkcs1_1024_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]274 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]275all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des.der
276rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem: rsa_pkcs1_1024_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]277 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]278all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem
279keys_rsa_enc_pkcs8_v2_1024_3des: rsa_pkcs8_pbes2_pbkdf2_1024_3des.der rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]280
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]281rsa_pkcs8_pbes2_pbkdf2_1024_des.der: rsa_pkcs1_1024_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]282 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]283all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des.der
284rsa_pkcs8_pbes2_pbkdf2_1024_des.pem: rsa_pkcs1_1024_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]285 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]286all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des.pem
287keys_rsa_enc_pkcs8_v2_1024_des: rsa_pkcs8_pbes2_pbkdf2_1024_des.der rsa_pkcs8_pbes2_pbkdf2_1024_des.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]288
289keys_rsa_enc_pkcs8_v2_1024: keys_rsa_enc_pkcs8_v2_1024_3des keys_rsa_enc_pkcs8_v2_1024_des
290
291### 2048-bit
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]292rsa_pkcs8_pbes2_pbkdf2_2048_3des.der: rsa_pkcs1_2048_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]293 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]294all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des.der
295rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem: rsa_pkcs1_2048_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]296 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]297all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem
298keys_rsa_enc_pkcs8_v2_2048_3des: rsa_pkcs8_pbes2_pbkdf2_2048_3des.der rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]299
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]300rsa_pkcs8_pbes2_pbkdf2_2048_des.der: rsa_pkcs1_2048_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]301 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]302all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des.der
303rsa_pkcs8_pbes2_pbkdf2_2048_des.pem: rsa_pkcs1_2048_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]304 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]305all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des.pem
306keys_rsa_enc_pkcs8_v2_2048_des: rsa_pkcs8_pbes2_pbkdf2_2048_des.der rsa_pkcs8_pbes2_pbkdf2_2048_des.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]307
308keys_rsa_enc_pkcs8_v2_2048: keys_rsa_enc_pkcs8_v2_2048_3des keys_rsa_enc_pkcs8_v2_2048_des
309
310### 4096-bit
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]311rsa_pkcs8_pbes2_pbkdf2_4096_3des.der: rsa_pkcs1_4096_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]312 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]313all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des.der
314rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem: rsa_pkcs1_4096_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]315 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]316all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem
317keys_rsa_enc_pkcs8_v2_4096_3des: rsa_pkcs8_pbes2_pbkdf2_4096_3des.der rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]318
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]319rsa_pkcs8_pbes2_pbkdf2_4096_des.der: rsa_pkcs1_4096_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]320 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]321all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des.der
322rsa_pkcs8_pbes2_pbkdf2_4096_des.pem: rsa_pkcs1_4096_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]323 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]324all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des.pem
325keys_rsa_enc_pkcs8_v2_4096_des: rsa_pkcs8_pbes2_pbkdf2_4096_des.der rsa_pkcs8_pbes2_pbkdf2_4096_des.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]326
327keys_rsa_enc_pkcs8_v2_4096: keys_rsa_enc_pkcs8_v2_4096_3des keys_rsa_enc_pkcs8_v2_4096_des
328
329###
330### Rules to generate all RSA keys from a particular class
331###
332
333### Generate basic unencrypted RSA keys
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]334keys_rsa_unenc: rsa_pkcs1_1024_clear.pem rsa_pkcs1_2048_clear.pem rsa_pkcs1_4096_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]335
336### Generate PKCS1-encoded encrypted RSA keys
337keys_rsa_enc_basic: keys_rsa_enc_basic_1024 keys_rsa_enc_basic_2048 keys_rsa_enc_basic_4096
338
339### Generate PKCS8-v1 encrypted RSA keys
340keys_rsa_enc_pkcs8_v1: keys_rsa_enc_pkcs8_v1_1024 keys_rsa_enc_pkcs8_v1_2048 keys_rsa_enc_pkcs8_v1_4096
341
342### Generate PKCS8-v2 encrypted RSA keys
343keys_rsa_enc_pkcs8_v2: keys_rsa_enc_pkcs8_v2_1024 keys_rsa_enc_pkcs8_v2_2048 keys_rsa_enc_pkcs8_v2_4096
344
345### Generate all RSA keys
346keys_rsa_all: keys_rsa_unenc keys_rsa_enc_basic keys_rsa_enc_pkcs8_v1 keys_rsa_enc_pkcs8_v2
347
Gilles Peskine283a80d2017-11-28 18:31:28 +0100[diff] [blame]348
349
350################################################################
Hanno Becker2b6c3f62017-09-14 07:51:28 +0100[diff] [blame]351### Generate certificates for CRT write check tests
Gilles Peskine283a80d2017-11-28 18:31:28 +0100[diff] [blame]352################################################################
353
Hanno Becker2b6c3f62017-09-14 07:51:28 +0100[diff] [blame]354### The test files use the Mbed TLS generated certificates server1*.crt,
355### but for comparison with OpenSSL also rules for OpenSSL-generated
356### certificates server1*.crt.openssl are offered.
357###
358### Known differences:
359### * OpenSSL encodes trailing zero-bits in bit-strings occurring in X.509 extension
360### as unused bits, while Mbed TLS doesn't.
Gilles Peskine83ed5962017-05-05 18:56:12 +0200[diff] [blame]361
Hanno Becker2b6c3f62017-09-14 07:51:28 +0100[diff] [blame]362test_ca_server1_db = test-ca.server1.db
363test_ca_server1_serial = test-ca.server1.serial
364test_ca_server1_config_file = test-ca.server1.opensslconf
365
366server1.csr: server1.key server1_csr.opensslconf
367 $(OPENSSL) req -keyform PEM -key server1.key -config server1_csr.opensslconf -out $@ -new
368all_final += server1.csr
369
370server1.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa)
371 $(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 version=3 output_file=$@
372server1.noauthid.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa)
373 $(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20110212144406 not_after=20210212144406 md=SHA1 authority_identifier=0 version=3 output_file=$@
374server1.der: server1.crt
375 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
376all_final += server1.crt server1.noauthid.crt server1.der
377
378server1.key_usage.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa)
379 $(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 key_usage=digital_signature,non_repudiation,key_encipherment version=3 output_file=$@
380server1.key_usage_noauthid.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa)
381 $(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 key_usage=digital_signature,non_repudiation,key_encipherment authority_identifier=0 version=3 output_file=$@
382server1.key_usage.der: server1.key_usage.crt
383 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
384all_final += server1.key_usage.crt server1.key_usage_noauthid.crt server1.key_usage.der
385
386server1.cert_type.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa)
387 $(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 ns_cert_type=ssl_server version=3 output_file=$@
388server1.cert_type_noauthid.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa)
389 $(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 ns_cert_type=ssl_server authority_identifier=0 version=3 output_file=$@
390server1.cert_type.der: server1.cert_type.crt
391 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
392all_final += server1.cert_type.crt server1.cert_type_noauthid.crt server1.cert_type.der
393
394server1.v1.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa)
395 $(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 version=1 output_file=$@
396server1.v1.der: server1.v1.crt
397 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
398all_final += server1.v1.crt server1.v1.der
399
400# OpenSSL-generated certificates for comparison
Hanno Becker7de3ff32017-09-13 15:39:59 +0100[diff] [blame]401# Also provide certificates in DER format to allow
Hanno Becker2b6c3f62017-09-14 07:51:28 +0100[diff] [blame]402# direct binary comparison using e.g. dumpasn1
403server1.crt.openssl server1.key_usage.crt.openssl server1.cert_type.crt.openssl: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_server1_config_file)
404 echo "01" > $(test_ca_server1_serial)
405 rm -f $(test_ca_server1_db)
406 touch $(test_ca_server1_db)
407 $(OPENSSL) ca -batch -passin "pass:$(test_ca_pwd_rsa)" -config $(test_ca_server1_config_file) -in server1.csr -extensions v3_ext -extfile $@.v3_ext -out $@
408server1.der.openssl: server1.crt.openssl
409 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
410server1.key_usage.der.openssl: server1.key_usage.crt.openssl
411 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
412server1.cert_type.der.openssl: server1.cert_type.crt.openssl
413 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
414
415server1.v1.crt.openssl: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_server1_config_file)
416 echo "01" > $(test_ca_server1_serial)
417 rm -f $(test_ca_server1_db)
418 touch $(test_ca_server1_db)
419 $(OPENSSL) ca -batch -passin "pass:$(test_ca_pwd_rsa)" -config $(test_ca_server1_config_file) -in server1.csr -out $@
420server1.v1.der.openssl: server1.v1.crt.openssl
421 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
422
423server1_all: server1.csr server1.crt server1.noauthid.crt server1.crt.openssl server1.v1.crt server1.v1.crt.openssl server1.key_usage.crt server1.key_usage_noauthid.crt server1.key_usage.crt.openssl server1.cert_type.crt server1.cert_type_noauthid.crt server1.cert_type.crt.openssl server1.der server1.der.openssl server1.v1.der server1.v1.der.openssl server1.key_usage.der server1.key_usage.der.openssl server1.cert_type.der server1.cert_type.der.openssl
Gilles Peskine9bb4f282017-05-11 17:57:22 +0200[diff] [blame]424
Gilles Peskine283a80d2017-11-28 18:31:28 +0100[diff] [blame]425
426
Gilles Peskine9bb4f282017-05-11 17:57:22 +0200[diff] [blame]427################################################################
428#### Meta targets
429################################################################
430
Gilles Peskine83ed5962017-05-05 18:56:12 +0200[diff] [blame]431all_final: $(all_final)
432all: $(all_intermediate) $(all_final)
433
Gilles Peskine283a80d2017-11-28 18:31:28 +0100[diff] [blame]434.PHONY: default all_final all
435.PHONY: keys_rsa_all
436.PHONY: keys_rsa_unenc keys_rsa_enc_basic
437.PHONY: keys_rsa_enc_pkcs8_v1 keys_rsa_enc_pkcs8_v2
438.PHONY: keys_rsa_enc_basic_1024 keys_rsa_enc_basic_2048 keys_rsa_enc_basic_4096
439.PHONY: keys_rsa_enc_pkcs8_v1_1024 keys_rsa_enc_pkcs8_v2_1024
440.PHONY: keys_rsa_enc_pkcs8_v1_2048 keys_rsa_enc_pkcs8_v2_2048
441.PHONY: keys_rsa_enc_pkcs8_v1_4096 keys_rsa_enc_pkcs8_v2_4096
442.PHONY: server1_all
Gilles Peskine9bb4f282017-05-11 17:57:22 +0200[diff] [blame]443
Gilles Peskine83ed5962017-05-05 18:56:12 +0200[diff] [blame]444# These files should not be committed to the repository.
445list_intermediate:
446 @printf '%s\n' $(all_intermediate) | sort
447# These files should be committed to the repository so that the test data is
448# available upon checkout without running a randomized process depending on
449# third-party tools.
450list_final:
451 @printf '%s\n' $(all_final) | sort
Gilles Peskine9bb4f282017-05-11 17:57:22 +0200[diff] [blame]452.PHONY: list_intermediate list_final
Gilles Peskine83ed5962017-05-05 18:56:12 +0200[diff] [blame]453
Gilles Peskine9bb4f282017-05-11 17:57:22 +0200[diff] [blame]454## Remove intermediate files
Gilles Peskine83ed5962017-05-05 18:56:12 +0200[diff] [blame]455clean:
456 rm -f $(all_intermediate)
Gilles Peskine9bb4f282017-05-11 17:57:22 +0200[diff] [blame]457## Remove all build products, even the ones that are committed
Gilles Peskine83ed5962017-05-05 18:56:12 +0200[diff] [blame]458neat: clean
459 rm -f $(all_final)
Gilles Peskine9bb4f282017-05-11 17:57:22 +0200[diff] [blame]460.PHONY: clean neat