TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls.git / dc66d3a34c8395f73e493d8d637daa1a9b766756 / . / tests / data_files / Makefile
blob: 966fb4e53fa366f323fe2e3fb7ff830e1aa27fb9 [file] [log] [blame]
Gilles Peskinefd14bca2017-05-11 17:57:22 +0200[diff] [blame]1## This file contains a record of how some of the test data was
2## generated. The final build products are committed to the repository
3## as well to make sure that the test data is identical. You do not
4## need to use this makefile unless you're extending mbed TLS's tests.
Gilles Peskinef040a172017-05-05 18:56:12 +0200[diff] [blame]5
Gilles Peskinefd14bca2017-05-11 17:57:22 +0200[diff] [blame]6## Many data files were generated prior to the existence of this
7## makefile, so the method of their generation was not recorded.
Gilles Peskinef040a172017-05-05 18:56:12 +0200[diff] [blame]8
Gilles Peskinefd14bca2017-05-11 17:57:22 +0200[diff] [blame]9## Note that in addition to depending on the version of the data
10## generation tool, many of the build outputs are randomized, so
11## running this makefile twice would not produce the same results.
12
13## Tools
14OPENSSL ?= openssl
Manuel Pégourié-Gonnard29d60fb2017-06-05 10:20:32 +0200[diff] [blame]15FAKETIME ?= faketime
Gilles Peskined1ff7572020-08-21 19:47:22 +0200[diff] [blame]16
Gilles Peskine18035632020-09-24 16:36:04 +0200[diff] [blame]17TOP_DIR = ../..
Gilles Peskined1ff7572020-08-21 19:47:22 +0200[diff] [blame]18MBEDTLS_CERT_WRITE ?= $(TOP_DIR)/programs/x509/cert_write
19MBEDTLS_CERT_REQ ?= $(TOP_DIR)/programs/x509/cert_req
Hanno Becker50cb93a2018-10-08 17:15:28 +0100[diff] [blame]20
Gilles Peskinefd14bca2017-05-11 17:57:22 +0200[diff] [blame]21
22## Build the generated test data. Note that since the final outputs
23## are committed to the repository, this target should do nothing on a
24## fresh checkout. Furthermore, since the generation is randomized,
25## re-running the same targets may result in differing files. The goal
26## of this makefile is primarily to serve as a record of how the
27## targets were generated in the first place.
Gilles Peskinef040a172017-05-05 18:56:12 +0200[diff] [blame]28default: all_final
29
30all_intermediate := # temporary files
31all_final := # files used by tests
32
Gilles Peskinefd14bca2017-05-11 17:57:22 +0200[diff] [blame]33
34
35################################################################
36#### Generate certificates from existing keys
37################################################################
38
Hanno Becker418a6222017-09-14 07:51:28 +0100[diff] [blame]39test_ca_crt = test-ca.crt
Gilles Peskinefd14bca2017-05-11 17:57:22 +0200[diff] [blame]40test_ca_key_file_rsa = test-ca.key
41test_ca_pwd_rsa = PolarSSLTest
42test_ca_config_file = test-ca.opensslconf
43
Andrzej Kurek89851462023-05-22 09:37:55 -0400[diff] [blame]44$(test_ca_key_file_rsa):
45 $(OPENSSL) genrsa -aes-128-cbc -passout pass:$(test_ca_pwd_rsa) -out $@ 2048
Mukesh Bharsakle2599a712023-05-10 12:12:40 +0100[diff] [blame]46all_final += $(test_ca_key_file_rsa)
47
Hanno Beckerb8377752018-10-31 15:29:19 +0000[diff] [blame]48test-ca.req.sha256: $(test_ca_key_file_rsa)
49 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$(test_ca_key_file_rsa) password=$(test_ca_pwd_rsa) subject_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" md=SHA256
50all_intermediate += test-ca.req.sha256
51
52test-ca.crt: $(test_ca_key_file_rsa) test-ca.req.sha256
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]53 $(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 request_file=test-ca.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144400 not_after=20290210144400 md=SHA1 version=3 output_file=$@
Hanno Beckere21387e2019-03-12 16:49:26 +0000[diff] [blame]54all_final += test-ca.crt
55
56test-ca.crt.der: test-ca.crt
Hanno Becker462c3e52019-01-31 10:55:42 +0000[diff] [blame]57 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
Hanno Beckere21387e2019-03-12 16:49:26 +0000[diff] [blame]58all_final += test-ca.crt.der
59
60test-ca.key.der: $(test_ca_key_file_rsa)
61 $(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER -passin "pass:$(test_ca_pwd_rsa)"
62all_final += test-ca.key.der
Hanno Beckerb8377752018-10-31 15:29:19 +0000[diff] [blame]63
64test-ca-sha1.crt: $(test_ca_key_file_rsa) test-ca.req.sha256
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]65 $(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 request_file=test-ca.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144400 not_after=20290210144400 md=SHA1 version=3 output_file=$@
Gilles Peskinef040a172017-05-05 18:56:12 +0200[diff] [blame]66all_final += test-ca-sha1.crt
Hanno Beckerb8377752018-10-31 15:29:19 +0000[diff] [blame]67
Hanno Beckere21387e2019-03-12 16:49:26 +0000[diff] [blame]68test-ca-sha1.crt.der: test-ca-sha1.crt
69 $(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER
70all_final += test-ca-sha1.crt.der
71
Hanno Beckerb8377752018-10-31 15:29:19 +0000[diff] [blame]72test-ca-sha256.crt: $(test_ca_key_file_rsa) test-ca.req.sha256
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]73 $(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 request_file=test-ca.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144400 not_after=20290210144400 md=SHA256 version=3 output_file=$@
Gilles Peskinef040a172017-05-05 18:56:12 +0200[diff] [blame]74all_final += test-ca-sha256.crt
75
Hanno Beckere21387e2019-03-12 16:49:26 +0000[diff] [blame]76test-ca-sha256.crt.der: test-ca-sha256.crt
77 $(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER
78all_final += test-ca-sha256.crt.der
79
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]80test-ca_utf8.crt: $(test_ca_key_file_rsa)
81 $(OPENSSL) req -x509 -new -nodes -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 3 -config $(test_ca_config_file) -sha1 -days 3653 -utf8 -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test CA" -out $@
82all_final += test-ca_utf8.crt
83
84test-ca_printable.crt: $(test_ca_key_file_rsa)
85 $(OPENSSL) req -x509 -new -nodes -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 3 -config $(test_ca_config_file) -sha1 -days 3653 -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test CA" -out $@
86all_final += test-ca_printable.crt
87
88test-ca_uppercase.crt: $(test_ca_key_file_rsa)
89 $(OPENSSL) req -x509 -new -nodes -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 3 -config $(test_ca_config_file) -sha1 -days 3653 -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test CA" -out $@
90all_final += test-ca_uppercase.crt
91
Manuel Pégourié-Gonnard2d825d42017-07-03 18:06:38 +0200[diff] [blame]92test_ca_key_file_rsa_alt = test-ca-alt.key
93
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]94cert_example_multi.csr: rsa_pkcs1_1024_clear.pem
95 $(OPENSSL) req -new -subj "/C=NL/O=PolarSSL/CN=www.example.com" -set_serial 17 -config $(test_ca_config_file) -extensions dns_alt_names -days 3650 -key rsa_pkcs1_1024_clear.pem -out $@
96
97cert_example_multi.crt: cert_example_multi.csr
98 $(OPENSSL) x509 -req -CA $(test_ca_crt) -CAkey $(test_ca_key_file_rsa) -extfile $(test_ca_config_file) -extensions dns_alt_names -passin "pass:$(test_ca_pwd_rsa)" -set_serial 17 -days 3653 -sha256 -in $< > $@
99
100$(test_ca_key_file_rsa_alt):test-ca.opensslconf
Manuel Pégourié-Gonnard2d825d42017-07-03 18:06:38 +0200[diff] [blame]101 $(OPENSSL) genrsa -out $@ 2048
102test-ca-alt.csr: $(test_ca_key_file_rsa_alt) $(test_ca_config_file)
103 $(OPENSSL) req -new -config $(test_ca_config_file) -key $(test_ca_key_file_rsa_alt) -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test CA" -out $@
104all_intermediate += test-ca-alt.csr
105test-ca-alt.crt: $(test_ca_key_file_rsa_alt) $(test_ca_config_file) test-ca-alt.csr
106 $(OPENSSL) req -x509 -config $(test_ca_config_file) -key $(test_ca_key_file_rsa_alt) -set_serial 0 -days 3653 -sha256 -in test-ca-alt.csr -out $@
107all_final += test-ca-alt.crt
108test-ca-alt-good.crt: test-ca-alt.crt test-ca-sha256.crt
109 cat test-ca-alt.crt test-ca-sha256.crt > $@
110all_final += test-ca-alt-good.crt
111test-ca-good-alt.crt: test-ca-alt.crt test-ca-sha256.crt
112 cat test-ca-sha256.crt test-ca-alt.crt > $@
113all_final += test-ca-good-alt.crt
114
Manuel Pégourié-Gonnardbc313012017-06-27 12:51:52 +0200[diff] [blame]115test_ca_crt_file_ec = test-ca2.crt
116test_ca_key_file_ec = test-ca2.key
117
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]118test-ca2.req.sha256: $(test_ca_key_file_ec)
119 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$(test_ca_key_file_ec) subject_name="C=NL,O=PolarSSL,CN=Polarssl Test EC CA" md=SHA256
120all_intermediate += test-ca2.req.sha256
121
122test-ca2.crt: $(test_ca_key_file_ec) test-ca2.req.sha256
123 $(MBEDTLS_CERT_WRITE) is_ca=1 serial=13926223505202072808 request_file=test-ca2.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=Polarssl Test EC CA" issuer_key=$(test_ca_key_file_ec) not_before=20190210144400 not_after=20290210144400 md=SHA256 version=3 output_file=$@
Pengyu Lv381186b2023-05-12 12:04:50 +0800[diff] [blame]124all_final += test-ca2.crt
125
126test-ca2-future.crt: $(test_ca_key_file_ec) test-ca2.req.sha256
127 $(MBEDTLS_CERT_WRITE) is_ca=1 serial=13926223505202072808 request_file=test-ca2.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=Polarssl Test EC CA" issuer_key=$(test_ca_key_file_ec) not_before=20290210144400 not_after=20390210144400 md=SHA256 version=3 output_file=$@
128all_intermediate += test-ca2-future.crt
129
130test_ca_ec_cat := # files that concatenate different crt
131test-ca2_cat-future-invalid.crt: test-ca2-future.crt server6.crt
132test_ca_ec_cat += test-ca2_cat-future-invalid.crt
133test-ca2_cat-future-present.crt: test-ca2-future.crt test-ca2.crt
134test_ca_ec_cat += test-ca2_cat-future-present.crt
135test-ca2_cat-present-future.crt: test-ca2.crt test-ca2-future.crt
136test_ca_ec_cat += test-ca2_cat-present-future.crt
137test-ca2_cat-present-past.crt: test-ca2.crt test-ca2-expired.crt
138test_ca_ec_cat += test-ca2_cat-present-past.crt
139test-ca2_cat-past-invalid.crt: test-ca2-expired.crt server6.crt
140test_ca_ec_cat += test-ca2_cat-past-invalid.crt
141test-ca2_cat-past-present.crt: test-ca2-expired.crt test-ca2.crt
142test_ca_ec_cat += test-ca2_cat-past-present.crt
143$(test_ca_ec_cat):
144 cat $^ > $@
145all_final += $(test_ca_ec_cat)
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]146
Ron Eldor74d9acc2019-03-21 14:00:03 +0200[diff] [blame]147test-ca-any_policy.crt: $(test_ca_key_file_rsa) test-ca.req.sha256
148 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_any_policy_ca -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha256 -in test-ca.req.sha256 -out $@
149all_final += test-ca-any_policy.crt
150
151test-ca-any_policy_ec.crt: $(test_ca_key_file_ec) test-ca.req_ec.sha256
152 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_any_policy_ca -key $(test_ca_key_file_ec) -set_serial 0 -days 3653 -sha256 -in test-ca.req_ec.sha256 -out $@
153all_final += test-ca-any_policy_ec.crt
154
155test-ca-any_policy_with_qualifier.crt: $(test_ca_key_file_rsa) test-ca.req.sha256
156 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_any_policy_qualifier_ca -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha256 -in test-ca.req.sha256 -out $@
157all_final += test-ca-any_policy_with_qualifier.crt
158
159test-ca-any_policy_with_qualifier_ec.crt: $(test_ca_key_file_ec) test-ca.req_ec.sha256
160 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_any_policy_qualifier_ca -key $(test_ca_key_file_ec) -set_serial 0 -days 3653 -sha256 -in test-ca.req_ec.sha256 -out $@
161all_final += test-ca-any_policy_with_qualifier_ec.crt
162
163test-ca-multi_policy.crt: $(test_ca_key_file_rsa) test-ca.req.sha256
164 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_multi_policy_ca -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha256 -in test-ca.req.sha256 -out $@
165all_final += test-ca-multi_policy.crt
166
167test-ca-multi_policy_ec.crt: $(test_ca_key_file_ec) test-ca.req_ec.sha256
168 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_multi_policy_ca -key $(test_ca_key_file_ec) -set_serial 0 -days 3653 -sha256 -in test-ca.req_ec.sha256 -out $@
169all_final += test-ca-multi_policy_ec.crt
170
171test-ca-unsupported_policy.crt: $(test_ca_key_file_rsa) test-ca.req.sha256
172 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_unsupported_policy_ca -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha256 -in test-ca.req.sha256 -out $@
173all_final += test-ca-unsupported_policy.crt
174
175test-ca-unsupported_policy_ec.crt: $(test_ca_key_file_ec) test-ca.req_ec.sha256
176 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_unsupported_policy_ca -key $(test_ca_key_file_ec) -set_serial 0 -days 3653 -sha256 -in test-ca.req_ec.sha256 -out $@
177all_final += test-ca-unsupported_policy_ec.crt
178
179test-ca.req_ec.sha256: $(test_ca_key_file_ec)
180 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$(test_ca_key_file_ec) subject_name="C=NL, O=PolarSSL, CN=Polarssl Test EC CA" md=SHA256
181all_intermediate += test-ca.req_ec.sha256
182
Hanno Beckere21387e2019-03-12 16:49:26 +0000[diff] [blame]183test-ca2.crt.der: $(test_ca_crt_file_ec)
184 $(OPENSSL) x509 -in $(test_ca_crt_file_ec) -out $@ -inform PEM -outform DER
185all_final += test-ca2.crt.der
186
187test-ca2.key.der: $(test_ca_key_file_ec)
188 $(OPENSSL) pkey -in $(test_ca_key_file_ec) -out $@ -inform PEM -outform DER
189all_final += test-ca2.key.der
190
Hanno Beckerb9630812018-10-31 16:28:05 +0000[diff] [blame]191test_ca_crt_cat12 = test-ca_cat12.crt
192$(test_ca_crt_cat12): $(test_ca_crt) $(test_ca_crt_file_ec)
193 cat $(test_ca_crt) $(test_ca_crt_file_ec) > $@
194all_final += $(test_ca_crt_cat12)
195
196test_ca_crt_cat21 = test-ca_cat21.crt
197$(test_ca_crt_cat21): $(test_ca_crt) $(test_ca_crt_file_ec)
198 cat $(test_ca_crt_file_ec) $(test_ca_crt) > $@
199all_final += $(test_ca_crt_cat21)
200
Manuel Pégourié-Gonnardbc313012017-06-27 12:51:52 +0200[diff] [blame]201test-int-ca.csr: test-int-ca.key $(test_ca_config_file)
202 $(OPENSSL) req -new -config $(test_ca_config_file) -key test-int-ca.key -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test Intermediate CA" -out $@
Pengyu Lvfe500302023-05-25 09:24:17 +0800[diff] [blame]203
204test-int-ca2.csr: test-int-ca2.key $(test_ca_config_file)
205 $(OPENSSL) req -new -config $(test_ca_config_file) -key test-int-ca2.key \
206 -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test Intermediate EC CA" -out $@
207
208test-int-ca3.csr: test-int-ca3.key $(test_ca_config_file)
209 $(OPENSSL) req -new -config $(test_ca_config_file) -key test-int-ca3.key \
210 -subj "/C=UK/O=mbed TLS/CN=mbed TLS Test intermediate CA 3" -out $@
211
212all_intermediate += test-int-ca.csr test-int-ca2.csr test-int-ca3.csr
213
214test-int-ca.crt: $(test_ca_crt_file_ec) $(test_ca_key_file_ec) $(test_ca_config_file) test-int-ca.csr
215 $(OPENSSL) x509 -req -extfile $(test_ca_config_file) -extensions v3_ca -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) -set_serial 14 -days 3653 -sha256 -in test-int-ca.csr -out $@
216
217test-int-ca2.crt: $(test_ca_key_file_rsa) $(test_ca_crt) $(test_ca_config_file) test-int-ca2.csr
218 $(OPENSSL) x509 -req -extfile $(test_ca_config_file) -extensions v3_ca -CA $(test_ca_crt) \
219 -CAkey $(test_ca_key_file_rsa) -set_serial 15 -days 3653 -sha256 -in test-int-ca2.csr \
220 -passin "pass:$(test_ca_pwd_rsa)" -out $@
221
222# Note: This requests openssl version >= 3.x.xx
223test-int-ca3.crt: test-int-ca2.crt test-int-ca2.key $(test_ca_config_file) test-int-ca3.csr
224 $(OPENSSL) x509 -req -extfile $(test_ca_config_file) -extensions no_subj_auth_id \
225 -CA test-int-ca2.crt -CAkey test-int-ca2.key -set_serial 77 -days 3653 \
226 -sha256 -in test-int-ca3.csr -out $@
227
Manuel Pégourié-Gonnard7ff243a2017-08-08 18:54:13 +0200[diff] [blame]228test-int-ca-exp.crt: $(test_ca_crt_file_ec) $(test_ca_key_file_ec) $(test_ca_config_file) test-int-ca.csr
Manuel Pégourié-Gonnardbc313012017-06-27 12:51:52 +0200[diff] [blame]229 $(FAKETIME) -f -3653d $(OPENSSL) x509 -req -extfile $(test_ca_config_file) -extensions v3_ca -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) -set_serial 14 -days 3653 -sha256 -in test-int-ca.csr -out $@
Pengyu Lvfe500302023-05-25 09:24:17 +0800[diff] [blame]230
231all_final += test-int-ca-exp.crt test-int-ca.crt test-int-ca2.crt test-int-ca3.crt
Manuel Pégourié-Gonnardbc313012017-06-27 12:51:52 +0200[diff] [blame]232
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]233enco-cert-utf8str.pem: rsa_pkcs1_1024_clear.pem
234 $(MBEDTLS_CERT_WRITE) subject_key=rsa_pkcs1_1024_clear.pem subject_name="CN=dw.yonan.net" issuer_crt=enco-ca-prstr.pem issuer_key=rsa_pkcs1_1024_clear.pem not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@
235
Manuel Pégourié-Gonnardfd3e4fb2018-03-13 11:53:30 +0100[diff] [blame]236crl-idp.pem: $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_config_file)
237 $(OPENSSL) ca -gencrl -batch -cert $(test_ca_crt) -keyfile $(test_ca_key_file_rsa) -key $(test_ca_pwd_rsa) -config $(test_ca_config_file) -name test_ca -md sha256 -crldays 3653 -crlexts crl_ext_idp -out $@
Manuel Pégourié-Gonnarda63305d2018-03-14 12:23:56 +0100[diff] [blame]238all_final += crl-idp.pem
239crl-idpnc.pem: $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_config_file)
240 $(OPENSSL) ca -gencrl -batch -cert $(test_ca_crt) -keyfile $(test_ca_key_file_rsa) -key $(test_ca_pwd_rsa) -config $(test_ca_config_file) -name test_ca -md sha256 -crldays 3653 -crlexts crl_ext_idp_nc -out $@
241all_final += crl-idpnc.pem
Manuel Pégourié-Gonnardfd3e4fb2018-03-13 11:53:30 +0100[diff] [blame]242
Gilles Peskinefd14bca2017-05-11 17:57:22 +0200[diff] [blame]243cli_crt_key_file_rsa = cli-rsa.key
244cli_crt_extensions_file = cli.opensslconf
245
Gilles Peskinef040a172017-05-05 18:56:12 +0200[diff] [blame]246cli-rsa.csr: $(cli_crt_key_file_rsa)
Hanno Becker386f99c2018-11-01 17:20:22 +0000[diff] [blame]247 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Client 2" md=SHA1
Gilles Peskinef040a172017-05-05 18:56:12 +0200[diff] [blame]248all_intermediate += cli-rsa.csr
Hanno Becker386f99c2018-11-01 17:20:22 +0000[diff] [blame]249
250cli-rsa-sha1.crt: cli-rsa.csr
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]251 $(MBEDTLS_CERT_WRITE) request_file=$< serial=4 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@
Hanno Becker386f99c2018-11-01 17:20:22 +0000[diff] [blame]252
253cli-rsa-sha256.crt: cli-rsa.csr
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]254 $(MBEDTLS_CERT_WRITE) request_file=$< serial=4 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA256 version=3 output_file=$@
Gilles Peskinef040a172017-05-05 18:56:12 +0200[diff] [blame]255all_final += cli-rsa-sha256.crt
256
Hanno Beckere21387e2019-03-12 16:49:26 +0000[diff] [blame]257cli-rsa-sha256.crt.der: cli-rsa-sha256.crt
258 $(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER
259all_final += cli-rsa-sha256.crt.der
260
Paul Elliottca17ebf2020-11-24 17:30:18 +0000[diff] [blame]261cli-rsa-sha256-badalg.crt.der: cli-rsa-sha256.crt.der
262 hexdump -ve '1/1 "%.2X"' $< | sed "s/06092A864886F70D01010B0500/06092A864886F70D01010B0900/2" | xxd -r -p > $@
263all_final += cli-rsa-sha256-badalg.crt.der
264
265cli-rsa.key.der: $(cli_crt_key_file_rsa)
Hanno Beckere21387e2019-03-12 16:49:26 +0000[diff] [blame]266 $(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER
267all_final += cli-rsa.key.der
268
Manuel Pégourié-Gonnard29d60fb2017-06-05 10:20:32 +0200[diff] [blame]269test_ca_int_rsa1 = test-int-ca.crt
Pengyu Lv30cd6b02023-05-12 16:27:26 +0800[diff] [blame]270test_ca_int_ec = test-int-ca2.crt
Pengyu Lv42174292023-05-12 17:52:09 +0800[diff] [blame]271test_ca_int_key_file_ec = test-int-ca2.key
Pengyu Lv30cd6b02023-05-12 16:27:26 +0800[diff] [blame]272
273# server7*
Manuel Pégourié-Gonnard29d60fb2017-06-05 10:20:32 +0200[diff] [blame]274
275server7.csr: server7.key
276 $(OPENSSL) req -new -key server7.key -subj "/C=NL/O=PolarSSL/CN=localhost" -out $@
277all_intermediate += server7.csr
Pengyu Lv30cd6b02023-05-12 16:27:26 +0800[diff] [blame]278
279server7.crt: server7.csr $(test_ca_int_rsa1)
280 $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA $(test_ca_int_rsa1) -CAkey test-int-ca.key -set_serial 16 -days 3653 -sha256 -in server7.csr > $@
281all_final += server7.crt
282
Manuel Pégourié-Gonnard29d60fb2017-06-05 10:20:32 +0200[diff] [blame]283server7-expired.crt: server7.csr $(test_ca_int_rsa1)
284 $(FAKETIME) -f -3653d $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA $(test_ca_int_rsa1) -CAkey test-int-ca.key -set_serial 16 -days 3653 -sha256 -in server7.csr | cat - $(test_ca_int_rsa1) > $@
285all_final += server7-expired.crt
Pengyu Lv30cd6b02023-05-12 16:27:26 +0800[diff] [blame]286
Manuel Pégourié-Gonnard29d60fb2017-06-05 10:20:32 +0200[diff] [blame]287server7-future.crt: server7.csr $(test_ca_int_rsa1)
288 $(FAKETIME) -f +3653d $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA $(test_ca_int_rsa1) -CAkey test-int-ca.key -set_serial 16 -days 3653 -sha256 -in server7.csr | cat - $(test_ca_int_rsa1) > $@
289all_final += server7-future.crt
Pengyu Lv30cd6b02023-05-12 16:27:26 +0800[diff] [blame]290
Manuel Pégourié-Gonnard4dfc04a2017-06-05 11:12:13 +0200[diff] [blame]291server7-badsign.crt: server7.crt $(test_ca_int_rsa1)
Manuel Pégourié-Gonnardd19a41d2017-07-14 11:05:59 +0200[diff] [blame]292 { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; cat $(test_ca_int_rsa1); } > $@
Manuel Pégourié-Gonnard4dfc04a2017-06-05 11:12:13 +0200[diff] [blame]293all_final += server7-badsign.crt
Pengyu Lv30cd6b02023-05-12 16:27:26 +0800[diff] [blame]294
295server7_int-ca.crt: server7.crt $(test_ca_int_rsa1)
296 cat server7.crt $(test_ca_int_rsa1) > $@
297all_final += server7_int-ca.crt
298
299server7_pem_space.crt: server7.crt $(test_ca_int_rsa1)
300 cat server7.crt $(test_ca_int_rsa1) | sed '4s/\(.\)$$/ \1/' > $@
301all_final += server7_pem_space.crt
302
303server7_all_space.crt: server7.crt $(test_ca_int_rsa1)
304 { cat server7.crt | sed '4s/\(.\)$$/ \1/'; cat test-int-ca.crt | sed '4s/\(.\)$$/ \1/'; } > $@
305all_final += server7_all_space.crt
306
307server7_trailing_space.crt: server7.crt $(test_ca_int_rsa1)
308 cat server7.crt $(test_ca_int_rsa1) | sed 's/\(.\)$$/\1 /' > $@
309all_final += server7_trailing_space.crt
310
311server7_int-ca_ca2.crt: server7.crt $(test_ca_int_rsa1) $(test_ca_crt_file_ec)
312 cat server7.crt $(test_ca_int_rsa1) $(test_ca_crt_file_ec) > $@
313all_final += server7_int-ca_ca2.crt
314
Manuel Pégourié-Gonnardbc313012017-06-27 12:51:52 +0200[diff] [blame]315server7_int-ca-exp.crt: server7.crt test-int-ca-exp.crt
316 cat server7.crt test-int-ca-exp.crt > $@
317all_final += server7_int-ca-exp.crt
318
Pengyu Lv30cd6b02023-05-12 16:27:26 +0800[diff] [blame]319server7_spurious_int-ca.crt: server7.crt $(test_ca_int_ec) $(test_ca_int_rsa1)
320 cat server7.crt $(test_ca_int_ec) $(test_ca_int_rsa1) > $@
321all_final += server7_spurious_int-ca.crt
322
323server7_all: server7.crt server7-badsign.crt server7-expired.crt server7-future.crt server7_int-ca-exp.crt server7_int-ca.crt server7_int-ca_ca2.crt server7_all_space.crt server7_pem_space.crt server7_trailing_space.crt server7_spurious_int-ca.crt
324
Pengyu Lv42174292023-05-12 17:52:09 +0800[diff] [blame]325# server8*
326
327server8.crt: server8.key
328 $(MBEDTLS_CERT_WRITE) subject_key=$< subject_name="C=NL, O=PolarSSL, CN=localhost" serial=17 issuer_crt=$(test_ca_int_ec) issuer_key=$(test_ca_int_key_file_ec) not_before=20190210144406 not_after=20290210144406 md=SHA256 version=3 output_file=$@
329all_final += server8.crt
330
331server8_int-ca2.crt: server8.crt $(test_ca_int_ec)
332 cat $^ > $@
333all_final += server8_int-ca2.crt
334
335server8_all: server8.crt server8_int-ca2.crt
336
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]337cli2.req.sha256: cli2.key
338 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Test Client 2" md=SHA256
339
340all_final += server1.req.sha1
341cli2.crt: cli2.req.sha256
342 $(MBEDTLS_CERT_WRITE) request_file=cli2.req.sha256 serial=13 selfsign=0 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test EC CA" issuer_key=$(test_ca_key_file_ec) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144400 not_after=20290210144400 md=SHA256 version=3 output_file=$@
343all_final += cli2.crt
344
Hanno Beckere21387e2019-03-12 16:49:26 +0000[diff] [blame]345cli2.crt.der: cli2.crt
346 $(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER
347all_final += cli2.crt.der
348
Hanno Becker4cbea4b2019-05-30 16:08:12 +0100[diff] [blame]349cli2.key.der: cli2.key
Hanno Beckere21387e2019-03-12 16:49:26 +0000[diff] [blame]350 $(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER
351all_final += cli2.key.der
352
Hanno Becker226eedb2020-08-17 12:14:00 +0100[diff] [blame]353server5_pwd_ec = PolarSSLTest
354
Hanno Becker4cbea4b2019-05-30 16:08:12 +0100[diff] [blame]355server5.crt.der: server5.crt
Hanno Beckere21387e2019-03-12 16:49:26 +0000[diff] [blame]356 $(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER
357all_final += server5.crt.der
358
Hanno Becker4cbea4b2019-05-30 16:08:12 +0100[diff] [blame]359server5.key.der: server5.key
Hanno Beckere21387e2019-03-12 16:49:26 +0000[diff] [blame]360 $(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER
361all_final += server5.key.der
362
Hanno Becker226eedb2020-08-17 12:14:00 +0100[diff] [blame]363server5.key.enc: server5.key
364 $(OPENSSL) ec -aes256 -in $< -out $@ -passout "pass:$(server5_pwd_ec)"
365all_final += server5.key.enc
366
Manuel Pégourié-Gonnardbc313012017-06-27 12:51:52 +0200[diff] [blame]367server5-ss-expired.crt: server5.key
368 $(FAKETIME) -f -3653d $(OPENSSL) req -x509 -new -subj "/C=UK/O=mbed TLS/OU=testsuite/CN=localhost" -days 3653 -sha256 -key $< -out $@
369all_final += server5-ss-expired.crt
370
Manuel Pégourié-Gonnardc10afdb2017-06-29 09:48:08 +0200[diff] [blame]371# try to forge a copy of test-int-ca3 with different key
372server5-ss-forgeca.crt: server5.key
373 $(FAKETIME) '2015-09-01 14:08:43' $(OPENSSL) req -x509 -new -subj "/C=UK/O=mbed TLS/CN=mbed TLS Test intermediate CA 3" -set_serial 77 -config $(test_ca_config_file) -extensions noext_ca -days 3650 -sha256 -key $< -out $@
374all_final += server5-ss-forgeca.crt
375
Ron Eldorb2dc3fa2019-03-21 13:40:13 +0200[diff] [blame]376server5-othername.crt: server5.key
377 $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions othername_san -days 3650 -sha256 -key $< -out $@
378
Victor Barpp Gomes7e5426d2022-09-29 10:03:16 -0300[diff] [blame]379server5-nonprintable_othername.crt: server5.key
380 $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS non-printable othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions nonprintable_othername_san -days 3650 -sha256 -key $< -out $@
381
Ron Eldorb2dc3fa2019-03-21 13:40:13 +0200[diff] [blame]382server5-unsupported_othername.crt: server5.key
David Horstmannf3fee122022-11-25 15:50:30 +0000[diff] [blame]383 $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS unsupported othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions unsupported_othername_san -days 3650 -sha256 -key $< -out $@
Ron Eldorb2dc3fa2019-03-21 13:40:13 +0200[diff] [blame]384
Ron Eldor3c4734a2019-03-25 14:05:23 +0200[diff] [blame]385server5-fan.crt: server5.key
386 $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS FAN" -set_serial 77 -config $(test_ca_config_file) -extensions fan_cert -days 3650 -sha256 -key server5.key -out $@
387
Manuel Pégourié-Gonnard7d2a4d82020-07-23 12:39:53 +0200[diff] [blame]388server5-tricky-ip-san.crt: server5.key
389 $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS Tricky IP SAN" -set_serial 77 -config $(test_ca_config_file) -extensions tricky_ip_san -days 3650 -sha256 -key server5.key -out $@
390all_final += server5-tricky-ip-san.crt
391
Jerry Yuc2d694e2023-04-24 17:03:15 +0800[diff] [blame]392server5-der0.crt: server5.crt.der
393 cp $< $@
394server5-der1a.crt: server5.crt.der
395 cp $< $@
396 echo '00' | xxd -r -p | dd of=$@ bs=1 seek=$$(wc -c <$<) conv=notrunc
397server5-der1b.crt: server5.crt.der
398 cp $< $@
399 echo 'c1' | xxd -r -p | dd of=$@ bs=1 seek=$$(wc -c <$<) conv=notrunc
400server5-der2.crt: server5.crt.der
401 cp $< $@
402 echo 'b90a' | xxd -r -p | dd of=$@ bs=1 seek=$$(wc -c <$<) conv=notrunc
403server5-der4.crt: server5.crt.der
404 cp $< $@
405 echo 'a710945f' | xxd -r -p | dd of=$@ bs=1 seek=$$(wc -c <$<) conv=notrunc
406server5-der8.crt: server5.crt.der
407 cp $< $@
408 echo 'a4a7ff27267aaa0f' | xxd -r -p | dd of=$@ bs=1 seek=$$(wc -c <$<) conv=notrunc
409server5-der9.crt: server5.crt.der
410 cp $< $@
411 echo 'cff8303376ffa47a29' | xxd -r -p | dd of=$@ bs=1 seek=$$(wc -c <$<) conv=notrunc
412all_final += server5-der0.crt server5-der1b.crt server5-der4.crt \
413 server5-der9.crt server5-der1a.crt server5-der2.crt \
414 server5-der8.crt
415
Pengyu Lv43ad9842023-05-15 11:07:55 +0800[diff] [blame]416test-int-ca3-badsign.crt: test-int-ca3.crt
417 { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; } > $@
418all_final += test-int-ca3-badsign.crt
419
420# server10*
421
422server10.crt: server10.key test-int-ca3.crt test-int-ca3.key
423 $(MBEDTLS_CERT_WRITE) subject_key=$< subject_name="CN=localhost" serial=75 issuer_crt=test-int-ca3.crt issuer_key=test-int-ca3.key subject_identifier=0 authority_identifier=0 not_before=20190210144406 not_after=20290210144406 md=SHA256 version=3 output_file=$@
424all_final += server10.crt
Manuel Pégourié-Gonnardd19a41d2017-07-14 11:05:59 +0200[diff] [blame]425server10-badsign.crt: server10.crt
426 { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; } > $@
427all_final += server10-badsign.crt
428server10-bs_int3.pem: server10-badsign.crt test-int-ca3.crt
429 cat server10-badsign.crt test-int-ca3.crt > $@
430all_final += server10-bs_int3.pem
Manuel Pégourié-Gonnardd19a41d2017-07-14 11:05:59 +0200[diff] [blame]431server10_int3-bs.pem: server10.crt test-int-ca3-badsign.crt
432 cat server10.crt test-int-ca3-badsign.crt > $@
Jaeden Amero001626e2019-02-27 11:16:41 +0000[diff] [blame]433all_final += server10_int3-bs.pem
Pengyu Lv43ad9842023-05-15 11:07:55 +0800[diff] [blame]434server10_int3_int-ca2.crt: server10.crt test-int-ca3.crt $(test_ca_int_ec)
435 cat $^ > $@
436all_final += server10_int3_int-ca2.crt
437server10_int3_int-ca2_ca.crt: server10.crt test-int-ca3.crt $(test_ca_int_ec) $(test_ca_crt)
438 cat $^ > $@
439all_final += server10_int3_int-ca2_ca.crt
440server10_int3_spurious_int-ca2.crt: server10.crt test-int-ca3.crt $(test_ca_int_rsa1) $(test_ca_int_ec)
441 cat $^ > $@
442all_final += server10_int3_spurious_int-ca2.crt
Manuel Pégourié-Gonnardc10afdb2017-06-29 09:48:08 +0200[diff] [blame]443
Ron Eldorb0065182017-10-16 12:40:27 +0300[diff] [blame]444rsa_pkcs1_2048_public.pem: server8.key
Ron Eldor3f2da842017-10-17 15:50:30 +0300[diff] [blame]445 $(OPENSSL) rsa -in $< -outform PEM -RSAPublicKey_out -out $@
446all_final += rsa_pkcs1_2048_public.pem
Gilles Peskineea8d6972017-11-28 17:30:52 +0100[diff] [blame]447
Ron Eldorb0065182017-10-16 12:40:27 +0300[diff] [blame]448rsa_pkcs1_2048_public.der: rsa_pkcs1_2048_public.pem
Ron Eldor3f2da842017-10-17 15:50:30 +0300[diff] [blame]449 $(OPENSSL) rsa -RSAPublicKey_in -in $< -outform DER -RSAPublicKey_out -out $@
450all_final += rsa_pkcs1_2048_public.der
451
452rsa_pkcs8_2048_public.pem: server8.key
453 $(OPENSSL) rsa -in $< -outform PEM -pubout -out $@
454all_final += rsa_pkcs8_2048_public.pem
455
456rsa_pkcs8_2048_public.der: rsa_pkcs8_2048_public.pem
457 $(OPENSSL) rsa -pubin -in $< -outform DER -pubout -out $@
Ron Eldorb0065182017-10-16 12:40:27 +0300[diff] [blame]458all_final += rsa_pkcs8_2048_public.der
Gilles Peskineea8d6972017-11-28 17:30:52 +0100[diff] [blame]459
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]460################################################################
461#### Generate various RSA keys
462################################################################
Gilles Peskinebc70a182017-05-09 15:59:24 +0200[diff] [blame]463
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]464### Password used for PKCS1-encoded encrypted RSA keys
465keys_rsa_basic_pwd = testkey
466
467### Password used for PKCS8-encoded encrypted RSA keys
468keys_rsa_pkcs8_pwd = PolarSSLTest
469
470### Basic 1024-, 2048- and 4096-bit unencrypted RSA keys from which
471### all other encrypted RSA keys are derived.
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]472rsa_pkcs1_1024_clear.pem:
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]473 $(OPENSSL) genrsa -out $@ 1024
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]474all_final += rsa_pkcs1_1024_clear.pem
475rsa_pkcs1_2048_clear.pem:
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]476 $(OPENSSL) genrsa -out $@ 2048
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]477all_final += rsa_pkcs1_2048_clear.pem
478rsa_pkcs1_4096_clear.pem:
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]479 $(OPENSSL) genrsa -out $@ 4096
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]480all_final += rsa_pkcs1_4096_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]481
482###
483### PKCS1-encoded, encrypted RSA keys
484###
485
486### 1024-bit
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]487rsa_pkcs1_1024_des.pem: rsa_pkcs1_1024_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]488 $(OPENSSL) rsa -des -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]489all_final += rsa_pkcs1_1024_des.pem
490rsa_pkcs1_1024_3des.pem: rsa_pkcs1_1024_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]491 $(OPENSSL) rsa -des3 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]492all_final += rsa_pkcs1_1024_3des.pem
493rsa_pkcs1_1024_aes128.pem: rsa_pkcs1_1024_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]494 $(OPENSSL) rsa -aes128 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]495all_final += rsa_pkcs1_1024_aes128.pem
496rsa_pkcs1_1024_aes192.pem: rsa_pkcs1_1024_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]497 $(OPENSSL) rsa -aes192 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]498all_final += rsa_pkcs1_1024_aes192.pem
499rsa_pkcs1_1024_aes256.pem: rsa_pkcs1_1024_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]500 $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]501all_final += rsa_pkcs1_1024_aes256.pem
502keys_rsa_enc_basic_1024: rsa_pkcs1_1024_des.pem rsa_pkcs1_1024_3des.pem rsa_pkcs1_1024_aes128.pem rsa_pkcs1_1024_aes192.pem rsa_pkcs1_1024_aes256.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]503
504# 2048-bit
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]505rsa_pkcs1_2048_des.pem: rsa_pkcs1_2048_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]506 $(OPENSSL) rsa -des -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]507all_final += rsa_pkcs1_2048_des.pem
508rsa_pkcs1_2048_3des.pem: rsa_pkcs1_2048_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]509 $(OPENSSL) rsa -des3 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]510all_final += rsa_pkcs1_2048_3des.pem
511rsa_pkcs1_2048_aes128.pem: rsa_pkcs1_2048_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]512 $(OPENSSL) rsa -aes128 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]513all_final += rsa_pkcs1_2048_aes128.pem
514rsa_pkcs1_2048_aes192.pem: rsa_pkcs1_2048_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]515 $(OPENSSL) rsa -aes192 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]516all_final += rsa_pkcs1_2048_aes192.pem
517rsa_pkcs1_2048_aes256.pem: rsa_pkcs1_2048_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]518 $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]519all_final += rsa_pkcs1_2048_aes256.pem
520keys_rsa_enc_basic_2048: rsa_pkcs1_2048_des.pem rsa_pkcs1_2048_3des.pem rsa_pkcs1_2048_aes128.pem rsa_pkcs1_2048_aes192.pem rsa_pkcs1_2048_aes256.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]521
522# 4096-bit
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]523rsa_pkcs1_4096_des.pem: rsa_pkcs1_4096_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]524 $(OPENSSL) rsa -des -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]525all_final += rsa_pkcs1_4096_des.pem
526rsa_pkcs1_4096_3des.pem: rsa_pkcs1_4096_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]527 $(OPENSSL) rsa -des3 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]528all_final += rsa_pkcs1_4096_3des.pem
529rsa_pkcs1_4096_aes128.pem: rsa_pkcs1_4096_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]530 $(OPENSSL) rsa -aes128 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]531all_final += rsa_pkcs1_4096_aes128.pem
532rsa_pkcs1_4096_aes192.pem: rsa_pkcs1_4096_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]533 $(OPENSSL) rsa -aes192 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]534all_final += rsa_pkcs1_4096_aes192.pem
535rsa_pkcs1_4096_aes256.pem: rsa_pkcs1_4096_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]536 $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]537all_final += rsa_pkcs1_4096_aes256.pem
538keys_rsa_enc_basic_4096: rsa_pkcs1_4096_des.pem rsa_pkcs1_4096_3des.pem rsa_pkcs1_4096_aes128.pem rsa_pkcs1_4096_aes192.pem rsa_pkcs1_4096_aes256.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]539
540###
541### PKCS8-v1 encoded, encrypted RSA keys
542###
543
544### 1024-bit
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]545rsa_pkcs8_pbe_sha1_1024_3des.der: rsa_pkcs1_1024_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]546 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]547all_final += rsa_pkcs8_pbe_sha1_1024_3des.der
548rsa_pkcs8_pbe_sha1_1024_3des.pem: rsa_pkcs1_1024_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]549 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]550all_final += rsa_pkcs8_pbe_sha1_1024_3des.pem
551keys_rsa_enc_pkcs8_v1_1024_3des: rsa_pkcs8_pbe_sha1_1024_3des.pem rsa_pkcs8_pbe_sha1_1024_3des.der
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]552
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]553rsa_pkcs8_pbe_sha1_1024_2des.der: rsa_pkcs1_1024_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]554 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]555all_final += rsa_pkcs8_pbe_sha1_1024_2des.der
556rsa_pkcs8_pbe_sha1_1024_2des.pem: rsa_pkcs1_1024_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]557 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]558all_final += rsa_pkcs8_pbe_sha1_1024_2des.pem
559keys_rsa_enc_pkcs8_v1_1024_2des: rsa_pkcs8_pbe_sha1_1024_2des.pem rsa_pkcs8_pbe_sha1_1024_2des.der
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]560
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]561rsa_pkcs8_pbe_sha1_1024_rc4_128.der: rsa_pkcs1_1024_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]562 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]563all_final += rsa_pkcs8_pbe_sha1_1024_rc4_128.der
564rsa_pkcs8_pbe_sha1_1024_rc4_128.pem: rsa_pkcs1_1024_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]565 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]566all_final += rsa_pkcs8_pbe_sha1_1024_rc4_128.pem
567keys_rsa_enc_pkcs8_v1_1024_rc4_128: rsa_pkcs8_pbe_sha1_1024_rc4_128.pem rsa_pkcs8_pbe_sha1_1024_rc4_128.der
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]568
569keys_rsa_enc_pkcs8_v1_1024: keys_rsa_enc_pkcs8_v1_1024_3des keys_rsa_enc_pkcs8_v1_1024_2des keys_rsa_enc_pkcs8_v1_1024_rc4_128
570
571### 2048-bit
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]572rsa_pkcs8_pbe_sha1_2048_3des.der: rsa_pkcs1_2048_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]573 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]574all_final += rsa_pkcs8_pbe_sha1_2048_3des.der
575rsa_pkcs8_pbe_sha1_2048_3des.pem: rsa_pkcs1_2048_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]576 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]577all_final += rsa_pkcs8_pbe_sha1_2048_3des.pem
578keys_rsa_enc_pkcs8_v1_2048_3des: rsa_pkcs8_pbe_sha1_2048_3des.pem rsa_pkcs8_pbe_sha1_2048_3des.der
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]579
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]580rsa_pkcs8_pbe_sha1_2048_2des.der: rsa_pkcs1_2048_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]581 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]582all_final += rsa_pkcs8_pbe_sha1_2048_2des.der
583rsa_pkcs8_pbe_sha1_2048_2des.pem: rsa_pkcs1_2048_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]584 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]585all_final += rsa_pkcs8_pbe_sha1_2048_2des.pem
586keys_rsa_enc_pkcs8_v1_2048_2des: rsa_pkcs8_pbe_sha1_2048_2des.pem rsa_pkcs8_pbe_sha1_2048_2des.der
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]587
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]588rsa_pkcs8_pbe_sha1_2048_rc4_128.der: rsa_pkcs1_2048_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]589 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]590all_final += rsa_pkcs8_pbe_sha1_2048_rc4_128.der
591rsa_pkcs8_pbe_sha1_2048_rc4_128.pem: rsa_pkcs1_2048_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]592 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]593all_final += rsa_pkcs8_pbe_sha1_2048_rc4_128.pem
594keys_rsa_enc_pkcs8_v1_2048_rc4_128: rsa_pkcs8_pbe_sha1_2048_rc4_128.pem rsa_pkcs8_pbe_sha1_2048_rc4_128.der
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]595
596keys_rsa_enc_pkcs8_v1_2048: keys_rsa_enc_pkcs8_v1_2048_3des keys_rsa_enc_pkcs8_v1_2048_2des keys_rsa_enc_pkcs8_v1_2048_rc4_128
597
598### 4096-bit
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]599rsa_pkcs8_pbe_sha1_4096_3des.der: rsa_pkcs1_4096_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]600 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]601all_final += rsa_pkcs8_pbe_sha1_4096_3des.der
602rsa_pkcs8_pbe_sha1_4096_3des.pem: rsa_pkcs1_4096_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]603 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]604all_final += rsa_pkcs8_pbe_sha1_4096_3des.pem
605keys_rsa_enc_pkcs8_v1_4096_3des: rsa_pkcs8_pbe_sha1_4096_3des.pem rsa_pkcs8_pbe_sha1_4096_3des.der
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]606
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]607rsa_pkcs8_pbe_sha1_4096_2des.der: rsa_pkcs1_4096_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]608 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]609all_final += rsa_pkcs8_pbe_sha1_4096_2des.der
610rsa_pkcs8_pbe_sha1_4096_2des.pem: rsa_pkcs1_4096_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]611 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]612all_final += rsa_pkcs8_pbe_sha1_4096_2des.pem
613keys_rsa_enc_pkcs8_v1_4096_2des: rsa_pkcs8_pbe_sha1_4096_2des.pem rsa_pkcs8_pbe_sha1_4096_2des.der
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]614
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]615rsa_pkcs8_pbe_sha1_4096_rc4_128.der: rsa_pkcs1_4096_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]616 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]617all_final += rsa_pkcs8_pbe_sha1_4096_rc4_128.der
618rsa_pkcs8_pbe_sha1_4096_rc4_128.pem: rsa_pkcs1_4096_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]619 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]620all_final += rsa_pkcs8_pbe_sha1_4096_rc4_128.pem
621keys_rsa_enc_pkcs8_v1_4096_rc4_128: rsa_pkcs8_pbe_sha1_4096_rc4_128.pem rsa_pkcs8_pbe_sha1_4096_rc4_128.der
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]622
623keys_rsa_enc_pkcs8_v1_4096: keys_rsa_enc_pkcs8_v1_4096_3des keys_rsa_enc_pkcs8_v1_4096_2des keys_rsa_enc_pkcs8_v1_4096_rc4_128
624
625###
Antonio Quartullif476b9d2018-02-01 13:54:13 +0800[diff] [blame]626### PKCS8-v2 encoded, encrypted RSA keys, no PRF specified (default for OpenSSL1.0: hmacWithSHA1)
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]627###
628
629### 1024-bit
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]630rsa_pkcs8_pbes2_pbkdf2_1024_3des.der: rsa_pkcs1_1024_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]631 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]632all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des.der
633rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem: rsa_pkcs1_1024_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]634 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]635all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem
636keys_rsa_enc_pkcs8_v2_1024_3des: rsa_pkcs8_pbes2_pbkdf2_1024_3des.der rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]637
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]638rsa_pkcs8_pbes2_pbkdf2_1024_des.der: rsa_pkcs1_1024_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]639 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]640all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des.der
641rsa_pkcs8_pbes2_pbkdf2_1024_des.pem: rsa_pkcs1_1024_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]642 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]643all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des.pem
644keys_rsa_enc_pkcs8_v2_1024_des: rsa_pkcs8_pbes2_pbkdf2_1024_des.der rsa_pkcs8_pbes2_pbkdf2_1024_des.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]645
646keys_rsa_enc_pkcs8_v2_1024: keys_rsa_enc_pkcs8_v2_1024_3des keys_rsa_enc_pkcs8_v2_1024_des
647
648### 2048-bit
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]649rsa_pkcs8_pbes2_pbkdf2_2048_3des.der: rsa_pkcs1_2048_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]650 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]651all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des.der
652rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem: rsa_pkcs1_2048_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]653 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]654all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem
655keys_rsa_enc_pkcs8_v2_2048_3des: rsa_pkcs8_pbes2_pbkdf2_2048_3des.der rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]656
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]657rsa_pkcs8_pbes2_pbkdf2_2048_des.der: rsa_pkcs1_2048_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]658 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]659all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des.der
660rsa_pkcs8_pbes2_pbkdf2_2048_des.pem: rsa_pkcs1_2048_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]661 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]662all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des.pem
663keys_rsa_enc_pkcs8_v2_2048_des: rsa_pkcs8_pbes2_pbkdf2_2048_des.der rsa_pkcs8_pbes2_pbkdf2_2048_des.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]664
665keys_rsa_enc_pkcs8_v2_2048: keys_rsa_enc_pkcs8_v2_2048_3des keys_rsa_enc_pkcs8_v2_2048_des
666
667### 4096-bit
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]668rsa_pkcs8_pbes2_pbkdf2_4096_3des.der: rsa_pkcs1_4096_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]669 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]670all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des.der
671rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem: rsa_pkcs1_4096_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]672 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]673all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem
674keys_rsa_enc_pkcs8_v2_4096_3des: rsa_pkcs8_pbes2_pbkdf2_4096_3des.der rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]675
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]676rsa_pkcs8_pbes2_pbkdf2_4096_des.der: rsa_pkcs1_4096_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]677 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]678all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des.der
679rsa_pkcs8_pbes2_pbkdf2_4096_des.pem: rsa_pkcs1_4096_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]680 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]681all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des.pem
682keys_rsa_enc_pkcs8_v2_4096_des: rsa_pkcs8_pbes2_pbkdf2_4096_des.der rsa_pkcs8_pbes2_pbkdf2_4096_des.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]683
684keys_rsa_enc_pkcs8_v2_4096: keys_rsa_enc_pkcs8_v2_4096_3des keys_rsa_enc_pkcs8_v2_4096_des
685
686###
Antonio Quartullif476b9d2018-02-01 13:54:13 +0800[diff] [blame]687### PKCS8-v2 encoded, encrypted RSA keys, PRF hmacWithSHA224
688###
689
690### 1024-bit
691rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der: rsa_pkcs1_1024_clear.pem
692 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
693all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der
694rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem: rsa_pkcs1_1024_clear.pem
695 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
696all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem
697keys_rsa_enc_pkcs8_v2_1024_3des_sha224: rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem
698
699rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der: rsa_pkcs1_1024_clear.pem
700 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
701all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der
702rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem: rsa_pkcs1_1024_clear.pem
703 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
704all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem
705keys_rsa_enc_pkcs8_v2_1024_des_sha224: rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem
706
707keys_rsa_enc_pkcs8_v2_1024_sha224: keys_rsa_enc_pkcs8_v2_1024_3des_sha224 keys_rsa_enc_pkcs8_v2_1024_des_sha224
708
709### 2048-bit
710rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der: rsa_pkcs1_2048_clear.pem
711 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
712all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der
713rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem: rsa_pkcs1_2048_clear.pem
714 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
715all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem
716keys_rsa_enc_pkcs8_v2_2048_3des_sha224: rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem
717
718rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der: rsa_pkcs1_2048_clear.pem
719 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
720all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der
721rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem: rsa_pkcs1_2048_clear.pem
722 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
723all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem
724keys_rsa_enc_pkcs8_v2_2048_des_sha224: rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem
725
726keys_rsa_enc_pkcs8_v2_2048_sha224: keys_rsa_enc_pkcs8_v2_2048_3des_sha224 keys_rsa_enc_pkcs8_v2_2048_des_sha224
727
728### 4096-bit
729rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der: rsa_pkcs1_4096_clear.pem
730 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
731all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der
732rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem: rsa_pkcs1_4096_clear.pem
733 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
734all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem
735keys_rsa_enc_pkcs8_v2_4096_3des_sha224: rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem
736
737rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der: rsa_pkcs1_4096_clear.pem
738 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
739all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der
740rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem: rsa_pkcs1_4096_clear.pem
741 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
742all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem
743keys_rsa_enc_pkcs8_v2_4096_des_sha224: rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem
744
745keys_rsa_enc_pkcs8_v2_4096_sha224: keys_rsa_enc_pkcs8_v2_4096_3des_sha224 keys_rsa_enc_pkcs8_v2_4096_des_sha224
746
747###
748### PKCS8-v2 encoded, encrypted RSA keys, PRF hmacWithSHA256
749###
750
751### 1024-bit
752rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.der: rsa_pkcs1_1024_clear.pem
753 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
754all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.der
755rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.pem: rsa_pkcs1_1024_clear.pem
756 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
757all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.pem
758keys_rsa_enc_pkcs8_v2_1024_3des_sha256: rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.der rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.pem
759
760rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.der: rsa_pkcs1_1024_clear.pem
761 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
762all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.der
763rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.pem: rsa_pkcs1_1024_clear.pem
764 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
765all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.pem
766keys_rsa_enc_pkcs8_v2_1024_des_sha256: rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.der rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.pem
767
768keys_rsa_enc_pkcs8_v2_1024_sha256: keys_rsa_enc_pkcs8_v2_1024_3des_sha256 keys_rsa_enc_pkcs8_v2_1024_des_sha256
769
770### 2048-bit
771rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.der: rsa_pkcs1_2048_clear.pem
772 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
773all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.der
774rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem: rsa_pkcs1_2048_clear.pem
775 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
776all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem
777keys_rsa_enc_pkcs8_v2_2048_3des_sha256: rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.der rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem
778
779rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.der: rsa_pkcs1_2048_clear.pem
780 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
781all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.der
782rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem: rsa_pkcs1_2048_clear.pem
783 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
784all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem
785keys_rsa_enc_pkcs8_v2_2048_des_sha256: rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.der rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem
786
787keys_rsa_enc_pkcs8_v2_2048_sha256: keys_rsa_enc_pkcs8_v2_2048_3des_sha256 keys_rsa_enc_pkcs8_v2_2048_des_sha256
788
789### 4096-bit
790rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der: rsa_pkcs1_4096_clear.pem
791 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
792all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der
793rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem: rsa_pkcs1_4096_clear.pem
794 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
795all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem
796keys_rsa_enc_pkcs8_v2_4096_3des_sha256: rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem
797
798rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der: rsa_pkcs1_4096_clear.pem
799 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
800all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der
801rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem: rsa_pkcs1_4096_clear.pem
802 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
803all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem
804keys_rsa_enc_pkcs8_v2_4096_des_sha256: rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem
805
806keys_rsa_enc_pkcs8_v2_4096_sha256: keys_rsa_enc_pkcs8_v2_4096_3des_sha256 keys_rsa_enc_pkcs8_v2_4096_des_sha256
807
808###
809### PKCS8-v2 encoded, encrypted RSA keys, PRF hmacWithSHA384
810###
811
812### 1024-bit
813rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.der: rsa_pkcs1_1024_clear.pem
814 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
815all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.der
816rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem: rsa_pkcs1_1024_clear.pem
817 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
818all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem
819keys_rsa_enc_pkcs8_v2_1024_3des_sha384: rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.der rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem
820
821rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.der: rsa_pkcs1_1024_clear.pem
822 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
823all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.der
824rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.pem: rsa_pkcs1_1024_clear.pem
825 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
826all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.pem
827keys_rsa_enc_pkcs8_v2_1024_des_sha384: rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.der rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.pem
828
829keys_rsa_enc_pkcs8_v2_1024_sha384: keys_rsa_enc_pkcs8_v2_1024_3des_sha384 keys_rsa_enc_pkcs8_v2_1024_des_sha384
830
831### 2048-bit
832rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der: rsa_pkcs1_2048_clear.pem
833 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
834all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der
835rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem: rsa_pkcs1_2048_clear.pem
836 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
837all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem
838keys_rsa_enc_pkcs8_v2_2048_3des_sha384: rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem
839
840rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der: rsa_pkcs1_2048_clear.pem
841 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
842all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der
843rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem: rsa_pkcs1_2048_clear.pem
844 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
845all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem
846keys_rsa_enc_pkcs8_v2_2048_des_sha384: rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem
847
848keys_rsa_enc_pkcs8_v2_2048_sha384: keys_rsa_enc_pkcs8_v2_2048_3des_sha384 keys_rsa_enc_pkcs8_v2_2048_des_sha384
849
850### 4096-bit
851rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der: rsa_pkcs1_4096_clear.pem
852 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
853all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der
854rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem: rsa_pkcs1_4096_clear.pem
855 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
856all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem
857keys_rsa_enc_pkcs8_v2_4096_3des_sha384: rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem
858
859rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der: rsa_pkcs1_4096_clear.pem
860 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
861all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der
862rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem: rsa_pkcs1_4096_clear.pem
863 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
864all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem
865keys_rsa_enc_pkcs8_v2_4096_des_sha384: rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem
866
867keys_rsa_enc_pkcs8_v2_4096_sha384: keys_rsa_enc_pkcs8_v2_4096_3des_sha384 keys_rsa_enc_pkcs8_v2_4096_des_sha384
868
869###
870### PKCS8-v2 encoded, encrypted RSA keys, PRF hmacWithSHA512
871###
872
873### 1024-bit
874rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.der: rsa_pkcs1_1024_clear.pem
875 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
876all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.der
877rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.pem: rsa_pkcs1_1024_clear.pem
878 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
879all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.pem
880keys_rsa_enc_pkcs8_v2_1024_3des_sha512: rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.der rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.pem
881
882rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.der: rsa_pkcs1_1024_clear.pem
883 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
884all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.der
885rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.pem: rsa_pkcs1_1024_clear.pem
886 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
887all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.pem
888keys_rsa_enc_pkcs8_v2_1024_des_sha512: rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.der rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.pem
889
890keys_rsa_enc_pkcs8_v2_1024_sha512: keys_rsa_enc_pkcs8_v2_1024_3des_sha512 keys_rsa_enc_pkcs8_v2_1024_des_sha512
891
892### 2048-bit
893rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.der: rsa_pkcs1_2048_clear.pem
894 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
895all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.der
896rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem: rsa_pkcs1_2048_clear.pem
897 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
898all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem
899keys_rsa_enc_pkcs8_v2_2048_3des_sha512: rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.der rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem
900
901rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.der: rsa_pkcs1_2048_clear.pem
902 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
903all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.der
904rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem: rsa_pkcs1_2048_clear.pem
905 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
906all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem
907keys_rsa_enc_pkcs8_v2_2048_des_sha512: rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.der rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem
908
909keys_rsa_enc_pkcs8_v2_2048_sha512: keys_rsa_enc_pkcs8_v2_2048_3des_sha512 keys_rsa_enc_pkcs8_v2_2048_des_sha512
910
911### 4096-bit
912rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der: rsa_pkcs1_4096_clear.pem
913 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
914all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der
915rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem: rsa_pkcs1_4096_clear.pem
916 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
917all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem
918keys_rsa_enc_pkcs8_v2_4096_3des_sha512: rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem
919
920rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der: rsa_pkcs1_4096_clear.pem
921 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
922all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der
923rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem: rsa_pkcs1_4096_clear.pem
924 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
925all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem
926keys_rsa_enc_pkcs8_v2_4096_des_sha512: rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem
927
928keys_rsa_enc_pkcs8_v2_4096_sha512: keys_rsa_enc_pkcs8_v2_4096_3des_sha512 keys_rsa_enc_pkcs8_v2_4096_des_sha512
929
930###
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]931### Rules to generate all RSA keys from a particular class
932###
933
934### Generate basic unencrypted RSA keys
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]935keys_rsa_unenc: rsa_pkcs1_1024_clear.pem rsa_pkcs1_2048_clear.pem rsa_pkcs1_4096_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]936
937### Generate PKCS1-encoded encrypted RSA keys
938keys_rsa_enc_basic: keys_rsa_enc_basic_1024 keys_rsa_enc_basic_2048 keys_rsa_enc_basic_4096
939
940### Generate PKCS8-v1 encrypted RSA keys
941keys_rsa_enc_pkcs8_v1: keys_rsa_enc_pkcs8_v1_1024 keys_rsa_enc_pkcs8_v1_2048 keys_rsa_enc_pkcs8_v1_4096
942
943### Generate PKCS8-v2 encrypted RSA keys
Antonio Quartullif476b9d2018-02-01 13:54:13 +0800[diff] [blame]944keys_rsa_enc_pkcs8_v2: keys_rsa_enc_pkcs8_v2_1024 keys_rsa_enc_pkcs8_v2_2048 keys_rsa_enc_pkcs8_v2_4096 keys_rsa_enc_pkcs8_v2_1024_sha224 keys_rsa_enc_pkcs8_v2_2048_sha224 keys_rsa_enc_pkcs8_v2_4096_sha224 keys_rsa_enc_pkcs8_v2_1024_sha256 keys_rsa_enc_pkcs8_v2_2048_sha256 keys_rsa_enc_pkcs8_v2_4096_sha256 keys_rsa_enc_pkcs8_v2_1024_sha384 keys_rsa_enc_pkcs8_v2_2048_sha384 keys_rsa_enc_pkcs8_v2_4096_sha384 keys_rsa_enc_pkcs8_v2_1024_sha512 keys_rsa_enc_pkcs8_v2_2048_sha512 keys_rsa_enc_pkcs8_v2_4096_sha512
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]945
946### Generate all RSA keys
947keys_rsa_all: keys_rsa_unenc keys_rsa_enc_basic keys_rsa_enc_pkcs8_v1 keys_rsa_enc_pkcs8_v2
948
Jethro Beekmand2df9362018-02-16 13:11:04 -0800[diff] [blame]949################################################################
950#### Generate various EC keys
951################################################################
Gilles Peskineea8d6972017-11-28 17:30:52 +0100[diff] [blame]952
Jethro Beekmand2df9362018-02-16 13:11:04 -0800[diff] [blame]953###
954### PKCS8 encoded
955###
956
957ec_prv.pk8.der:
958 $(OPENSSL) genpkey -algorithm EC -pkeyopt ec_paramgen_curve:prime192v1 -pkeyopt ec_param_enc:named_curve -out $@ -outform DER
959all_final += ec_prv.pk8.der
960
961# ### Instructions for creating `ec_prv.pk8nopub.der`,
962# ### `ec_prv.pk8nopubparam.der`, and `ec_prv.pk8param.der` by hand from
963# ### `ec_prv.pk8.der`.
964#
965# These instructions assume you are familiar with ASN.1 DER encoding and can
966# use a hex editor to manipulate DER.
967#
968# The relevant ASN.1 definitions for a PKCS#8 encoded Elliptic Curve key are:
969#
970# PrivateKeyInfo ::= SEQUENCE {
971# version Version,
972# privateKeyAlgorithm PrivateKeyAlgorithmIdentifier,
973# privateKey PrivateKey,
974# attributes [0] IMPLICIT Attributes OPTIONAL
975# }
976#
977# AlgorithmIdentifier ::= SEQUENCE {
978# algorithm OBJECT IDENTIFIER,
979# parameters ANY DEFINED BY algorithm OPTIONAL
980# }
981#
982# ECParameters ::= CHOICE {
983# namedCurve OBJECT IDENTIFIER
984# -- implicitCurve NULL
985# -- specifiedCurve SpecifiedECDomain
986# }
987#
988# ECPrivateKey ::= SEQUENCE {
989# version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
990# privateKey OCTET STRING,
991# parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
992# publicKey [1] BIT STRING OPTIONAL
993# }
994#
995# `ec_prv.pk8.der` as generatde above by OpenSSL should have the following
996# fields:
997#
998# * privateKeyAlgorithm namedCurve
999# * privateKey.parameters NOT PRESENT
1000# * privateKey.publicKey PRESENT
1001# * attributes NOT PRESENT
1002#
1003# # ec_prv.pk8nopub.der
1004#
1005# Take `ec_prv.pk8.der` and remove `privateKey.publicKey`.
1006#
1007# # ec_prv.pk8nopubparam.der
1008#
1009# Take `ec_prv.pk8nopub.der` and add `privateKey.parameters`, the same value as
1010# `privateKeyAlgorithm.namedCurve`. Don't forget to add the explicit tag.
1011#
1012# # ec_prv.pk8param.der
1013#
1014# Take `ec_prv.pk8.der` and add `privateKey.parameters`, the same value as
1015# `privateKeyAlgorithm.namedCurve`. Don't forget to add the explicit tag.
1016
1017ec_prv.pk8.pem: ec_prv.pk8.der
1018 $(OPENSSL) pkey -in $< -inform DER -out $@
1019all_final += ec_prv.pk8.pem
1020ec_prv.pk8nopub.pem: ec_prv.pk8nopub.der
1021 $(OPENSSL) pkey -in $< -inform DER -out $@
1022all_final += ec_prv.pk8nopub.pem
1023ec_prv.pk8nopubparam.pem: ec_prv.pk8nopubparam.der
1024 $(OPENSSL) pkey -in $< -inform DER -out $@
1025all_final += ec_prv.pk8nopubparam.pem
1026ec_prv.pk8param.pem: ec_prv.pk8param.der
1027 $(OPENSSL) pkey -in $< -inform DER -out $@
1028all_final += ec_prv.pk8param.pem
Gilles Peskineea8d6972017-11-28 17:30:52 +0100[diff] [blame]1029
Valerio Settib4468c42023-04-27 10:03:08 +0200[diff] [blame]1030ec_pub.pem: ec_prv.sec1.der
1031 $(OPENSSL) pkey -in $< -inform DER -outform PEM -pubout -out $@
1032all_final += ec_pub.pem
1033
Gilles Peskineea8d6972017-11-28 17:30:52 +0100[diff] [blame]1034################################################################
Valerio Setti755582b2023-04-24 10:24:37 +0200[diff] [blame]1035#### Convert PEM keys to DER format
Valerio Settif1477da2023-04-18 16:37:30 +0200[diff] [blame]1036################################################################
1037server1.pubkey.der: server1.pubkey
1038 $(OPENSSL) pkey -pubin -in $< -out $@ -outform DER
1039all_final += server1.pubkey.der
1040
1041rsa4096_pub.der: rsa4096_pub.pem
1042 $(OPENSSL) pkey -pubin -in $< -out $@ -outform DER
1043all_final += rsa4096_pub.der
1044
1045ec_pub.der: ec_pub.pem
1046 $(OPENSSL) pkey -pubin -in $< -out $@ -outform DER
1047all_final += ec_pub.der
1048
1049ec_521_pub.der: ec_521_pub.pem
1050 $(OPENSSL) pkey -pubin -in $< -out $@ -outform DER
1051all_final += ec_521_pub.der
1052
1053ec_bp512_pub.der: ec_bp512_pub.pem
1054 $(OPENSSL) pkey -pubin -in $< -out $@ -outform DER
1055all_final += ec_bp512_pub.der
1056
1057server1.key.der: server1.key
1058 $(OPENSSL) pkey -in $< -out $@ -outform DER
1059all_final += server1.key.der
1060
1061rsa4096_prv.der: rsa4096_prv.pem
1062 $(OPENSSL) pkey -in $< -out $@ -outform DER
1063all_final += rsa4096_prv.der
1064
1065ec_prv.sec1.der: ec_prv.sec1.pem
1066 $(OPENSSL) pkey -in $< -out $@ -outform DER
1067all_final += ec_prv.sec1.der
1068
1069ec_256_long_prv.der: ec_256_long_prv.pem
1070 $(OPENSSL) pkey -in $< -out $@ -outform DER
1071all_final += ec_256_long_prv.der
1072
1073ec_521_prv.der: ec_521_prv.pem
1074 $(OPENSSL) pkey -in $< -out $@ -outform DER
1075all_final += ec_521_prv.der
1076
1077ec_521_short_prv.der: ec_521_short_prv.pem
1078 $(OPENSSL) pkey -in $< -out $@ -outform DER
1079all_final += ec_521_short_prv.der
1080
1081ec_bp512_prv.der: ec_bp512_prv.pem
1082 $(OPENSSL) pkey -in $< -out $@ -outform DER
1083all_final += ec_bp512_prv.der
1084
1085################################################################
Hanno Becker50cb93a2018-10-08 17:15:28 +0100[diff] [blame]1086### Generate CSRs for X.509 write test suite
1087################################################################
1088
1089server1.req.sha1: server1.key
1090 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1
1091all_final += server1.req.sha1
1092
1093server1.req.md4: server1.key
1094 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=MD4
1095all_final += server1.req.md4
1096
1097server1.req.md5: server1.key
1098 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=MD5
1099all_final += server1.req.md5
1100
1101server1.req.sha224: server1.key
1102 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA224
1103all_final += server1.req.sha224
1104
1105server1.req.sha256: server1.key
1106 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA256
1107all_final += server1.req.sha256
1108
Valerio Settid3f7df42022-10-19 15:14:29 +0200[diff] [blame]1109server1.req.sha256.ext: server1.key
1110 # Generating this with OpenSSL as a comparison point to test we're getting the same result
1111 openssl req -new -out $@ -key $< -subj '/C=NL/O=PolarSSL/CN=PolarSSL Server 1' -sha256 -addext "extendedKeyUsage=serverAuth"
1112all_final += server1.req.sha256.ext
1113
Hanno Becker50cb93a2018-10-08 17:15:28 +0100[diff] [blame]1114server1.req.sha384: server1.key
1115 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA384
1116all_final += server1.req.sha384
1117
1118server1.req.sha512: server1.key
1119 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA512
1120all_final += server1.req.sha512
1121
1122server1.req.cert_type: server1.key
1123 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< ns_cert_type=ssl_server subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1
1124all_final += server1.req.cert_type
1125
1126server1.req.key_usage: server1.key
1127 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< key_usage=digital_signature,non_repudiation,key_encipherment subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1
1128all_final += server1.req.key_usage
1129
1130server1.req.ku-ct: server1.key
1131 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< key_usage=digital_signature,non_repudiation,key_encipherment ns_cert_type=ssl_server subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1
1132all_final += server1.req.ku-ct
1133
Andres Amaya Garcia7067f812018-09-26 10:51:16 +0100[diff] [blame]1134server1.req.key_usage_empty: server1.key
1135 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 force_key_usage=1
1136all_final += server1.req.key_usage_empty
1137
1138server1.req.cert_type_empty: server1.key
1139 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 force_ns_cert_type=1
1140all_final += server1.req.cert_type_empty
1141
Werner Lewis02c9d3b2022-05-20 12:48:46 +0100[diff] [blame]1142server1.req.commas.sha256: server1.key
1143 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL\, Commas,CN=PolarSSL Server 1" md=SHA256
1144all_final += server1.req.commas.sha256
1145
Hanno Beckerebc1f402018-10-31 16:35:59 +0000[diff] [blame]1146# server2*
1147
Hanno Becker226eedb2020-08-17 12:14:00 +0100[diff] [blame]1148server2_pwd_ec = PolarSSLTest
1149
Hanno Beckerebc1f402018-10-31 16:35:59 +0000[diff] [blame]1150server2.req.sha256: server2.key
1151 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=localhost" md=SHA256
1152all_intermediate += server2.req.sha256
1153
Hanno Beckere21387e2019-03-12 16:49:26 +0000[diff] [blame]1154server2.crt.der: server2.crt
1155 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
1156all_final += server2.crt.der
1157
1158server2-sha256.crt.der: server2-sha256.crt
1159 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
1160all_final += server2-sha256.crt.der
1161
1162server2.key.der: server2.key
1163 $(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER
1164all_final += server2.key.der
1165
Hanno Becker226eedb2020-08-17 12:14:00 +0100[diff] [blame]1166server2.key.enc: server2.key
1167 $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(server2_pwd_ec)"
1168all_final += server2.key.enc
1169
Hanno Becker0dd11392018-11-02 08:56:15 +0000[diff] [blame]1170# server5*
1171
Jerry Yu111f4352023-04-23 17:49:39 +0800[diff] [blame]1172server5.csr: server5.key
1173 $(OPENSSL) req -new -subj "/C=NL/O=PolarSSL/CN=localhost" \
1174 -key $< -out $@
1175all_intermediate += server5.csr
Jerry Yufa4ef282023-05-12 16:31:26 +0800[diff] [blame]1176server5.crt: server5-sha256.crt
1177 cp $< $@
1178all_intermediate += server5-sha256.crt
1179server5-sha%.crt: server5.csr $(test_ca_crt_file_ec) $(test_ca_key_file_ec) server5.crt.openssl.v3_ext
1180 $(OPENSSL) x509 -req -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) \
1181 -extfile server5.crt.openssl.v3_ext -set_serial 9 -days 3650 \
1182 -sha$(@:server5-sha%.crt=%) -in $< -out $@
1183all_final += server5.crt server5-sha1.crt server5-sha224.crt server5-sha384.crt server5-sha512.crt
Jerry Yu111f4352023-04-23 17:49:39 +0800[diff] [blame]1184
1185server5-badsign.crt: server5.crt
1186 { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; } > $@
1187all_final += server5-badsign.crt
1188
Hanno Becker0dd11392018-11-02 08:56:15 +0000[diff] [blame]1189# The use of 'Server 1' in the DN is intentional here, as the DN is hardcoded in the x509_write test suite.'
1190server5.req.ku.sha1: server5.key
1191 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< key_usage=digital_signature,non_repudiation subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1
1192all_final += server5.req.ku.sha1
1193
Jerry Yu324a43b2023-05-09 13:46:38 +0800[diff] [blame]1194# server6*
1195
1196server6.csr: server6.key
1197 $(OPENSSL) req -new -subj "/C=NL/O=PolarSSL/CN=localhost" \
1198 -key $< -out $@
1199all_intermediate += server6.csr
1200server6.crt: server6.csr $(test_ca_crt_file_ec) $(test_ca_key_file_ec)
1201 $(OPENSSL) x509 -req -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) \
1202 -extfile server5.crt.openssl.v3_ext -set_serial 10 -days 3650 -sha256 -in $< -out $@
1203all_final += server6.crt
1204
Hanno Becker50cb93a2018-10-08 17:15:28 +0100[diff] [blame]1205################################################################
Hanno Becker418a6222017-09-14 07:51:28 +0100[diff] [blame]1206### Generate certificates for CRT write check tests
Gilles Peskineea8d6972017-11-28 17:30:52 +0100[diff] [blame]1207################################################################
1208
Hanno Becker418a6222017-09-14 07:51:28 +0100[diff] [blame]1209### The test files use the Mbed TLS generated certificates server1*.crt,
1210### but for comparison with OpenSSL also rules for OpenSSL-generated
1211### certificates server1*.crt.openssl are offered.
1212###
1213### Known differences:
1214### * OpenSSL encodes trailing zero-bits in bit-strings occurring in X.509 extension
1215### as unused bits, while Mbed TLS doesn't.
Gilles Peskinef040a172017-05-05 18:56:12 +0200[diff] [blame]1216
Hanno Becker418a6222017-09-14 07:51:28 +0100[diff] [blame]1217test_ca_server1_db = test-ca.server1.db
1218test_ca_server1_serial = test-ca.server1.serial
1219test_ca_server1_config_file = test-ca.server1.opensslconf
1220
Hanno Becker50cb93a2018-10-08 17:15:28 +0100[diff] [blame]1221# server1*
Hanno Becker418a6222017-09-14 07:51:28 +0100[diff] [blame]1222
Hanno Becker50cb93a2018-10-08 17:15:28 +0100[diff] [blame]1223server1.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]1224 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@
Hanno Becker50cb93a2018-10-08 17:15:28 +0100[diff] [blame]1225server1.noauthid.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]1226 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 authority_identifier=0 version=3 output_file=$@
Hanno Becker58fc28c2019-03-14 13:33:20 +0000[diff] [blame]1227server1.crt.der: server1.crt
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]1228 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 authority_identifier=0 version=3 output_file=$@
1229server1.der: server1.crt
Hanno Becker418a6222017-09-14 07:51:28 +0100[diff] [blame]1230 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
Werner Lewis02c9d3b2022-05-20 12:48:46 +0100[diff] [blame]1231server1.commas.crt: server1.key server1.req.commas.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
1232 $(MBEDTLS_CERT_WRITE) request_file=server1.req.commas.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@
1233all_final += server1.crt server1.noauthid.crt server1.crt.der server1.commas.crt
Hanno Becker418a6222017-09-14 07:51:28 +0100[diff] [blame]1234
Hanno Becker50cb93a2018-10-08 17:15:28 +0100[diff] [blame]1235server1.key_usage.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]1236 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 key_usage=digital_signature,non_repudiation,key_encipherment version=3 output_file=$@
Hanno Becker50cb93a2018-10-08 17:15:28 +0100[diff] [blame]1237server1.key_usage_noauthid.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]1238 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 key_usage=digital_signature,non_repudiation,key_encipherment authority_identifier=0 version=3 output_file=$@
Hanno Becker418a6222017-09-14 07:51:28 +0100[diff] [blame]1239server1.key_usage.der: server1.key_usage.crt
1240 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
1241all_final += server1.key_usage.crt server1.key_usage_noauthid.crt server1.key_usage.der
1242
Hanno Becker50cb93a2018-10-08 17:15:28 +0100[diff] [blame]1243server1.cert_type.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]1244 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 ns_cert_type=ssl_server version=3 output_file=$@
Hanno Becker50cb93a2018-10-08 17:15:28 +0100[diff] [blame]1245server1.cert_type_noauthid.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]1246 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 ns_cert_type=ssl_server authority_identifier=0 version=3 output_file=$@
Hanno Becker418a6222017-09-14 07:51:28 +0100[diff] [blame]1247server1.cert_type.der: server1.cert_type.crt
1248 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
1249all_final += server1.cert_type.crt server1.cert_type_noauthid.crt server1.cert_type.der
1250
Hanno Becker50cb93a2018-10-08 17:15:28 +0100[diff] [blame]1251server1.v1.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]1252 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 version=1 output_file=$@
Hanno Becker418a6222017-09-14 07:51:28 +0100[diff] [blame]1253server1.v1.der: server1.v1.crt
1254 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
1255all_final += server1.v1.crt server1.v1.der
1256
Darren Krahn9c134ce2021-01-13 22:04:45 -0800[diff] [blame]1257server1.ca.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
1258 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 is_ca=1 version=3 output_file=$@
1259server1.ca_noauthid.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
1260 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 authority_identifier=0 is_ca=1 version=3 output_file=$@
1261server1.ca.der: server1.ca.crt
1262 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
1263all_final += server1.ca.crt server1.ca_noauthid.crt server1.ca.der
1264
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]1265server1_ca.crt: server1.crt $(test_ca_crt)
1266 cat server1.crt $(test_ca_crt) > $@
1267all_final += server1_ca.crt
1268
1269cert_sha1.crt: server1.key
1270 $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=PolarSSL Cert SHA1" serial=7 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@
1271all_final += cert_sha1.crt
1272
1273cert_sha224.crt: server1.key
1274 $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=PolarSSL Cert SHA224" serial=8 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA224 version=3 output_file=$@
1275all_final += cert_sha224.crt
1276
1277cert_sha256.crt: server1.key
1278 $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=PolarSSL Cert SHA256" serial=9 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA256 version=3 output_file=$@
1279all_final += cert_sha256.crt
1280
1281cert_sha384.crt: server1.key
1282 $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=PolarSSL Cert SHA384" serial=10 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA384 version=3 output_file=$@
1283all_final += cert_sha384.crt
1284
1285cert_sha512.crt: server1.key
1286 $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=PolarSSL Cert SHA512" serial=11 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA512 version=3 output_file=$@
1287all_final += cert_sha512.crt
1288
1289cert_example_wildcard.crt: server1.key
1290 $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=*.example.com" serial=12 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@
1291all_final += cert_example_wildcard.crt
1292
Hanno Becker418a6222017-09-14 07:51:28 +0100[diff] [blame]1293# OpenSSL-generated certificates for comparison
Hanno Becker81535d02017-09-13 15:39:59 +0100[diff] [blame]1294# Also provide certificates in DER format to allow
Hanno Becker418a6222017-09-14 07:51:28 +0100[diff] [blame]1295# direct binary comparison using e.g. dumpasn1
Hanno Becker50cb93a2018-10-08 17:15:28 +0100[diff] [blame]1296server1.crt.openssl server1.key_usage.crt.openssl server1.cert_type.crt.openssl: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_server1_config_file)
Hanno Becker418a6222017-09-14 07:51:28 +0100[diff] [blame]1297 echo "01" > $(test_ca_server1_serial)
1298 rm -f $(test_ca_server1_db)
1299 touch $(test_ca_server1_db)
Hanno Becker50cb93a2018-10-08 17:15:28 +0100[diff] [blame]1300 $(OPENSSL) ca -batch -passin "pass:$(test_ca_pwd_rsa)" -config $(test_ca_server1_config_file) -in server1.req.sha256 -extensions v3_ext -extfile $@.v3_ext -out $@
Hanno Becker418a6222017-09-14 07:51:28 +0100[diff] [blame]1301server1.der.openssl: server1.crt.openssl
1302 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
1303server1.key_usage.der.openssl: server1.key_usage.crt.openssl
1304 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
1305server1.cert_type.der.openssl: server1.cert_type.crt.openssl
1306 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
1307
Hanno Becker50cb93a2018-10-08 17:15:28 +0100[diff] [blame]1308server1.v1.crt.openssl: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_server1_config_file)
Hanno Becker418a6222017-09-14 07:51:28 +0100[diff] [blame]1309 echo "01" > $(test_ca_server1_serial)
1310 rm -f $(test_ca_server1_db)
1311 touch $(test_ca_server1_db)
Hanno Becker50cb93a2018-10-08 17:15:28 +0100[diff] [blame]1312 $(OPENSSL) ca -batch -passin "pass:$(test_ca_pwd_rsa)" -config $(test_ca_server1_config_file) -in server1.req.sha256 -out $@
Hanno Becker418a6222017-09-14 07:51:28 +0100[diff] [blame]1313server1.v1.der.openssl: server1.v1.crt.openssl
1314 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
1315
Ron Eldorb7c96262019-02-06 18:48:37 +0200[diff] [blame]1316# To revoke certificate in the openssl database:
1317#
1318# $(OPENSSL) ca -gencrl -batch -cert $(test_ca_crt) -keyfile $(test_ca_key_file_rsa) -key $(test_ca_pwd_rsa) -config $(test_ca_server1_config_file) -md sha256 -crldays 365 -revoke server1.crt
1319
1320crl.pem: $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_config_file)
1321 $(OPENSSL) ca -gencrl -batch -cert $(test_ca_crt) -keyfile $(test_ca_key_file_rsa) -key $(test_ca_pwd_rsa) -config $(test_ca_server1_config_file) -md sha1 -crldays 3653 -out $@
1322
Raoul Strackxa4e86142020-06-15 17:03:13 +0200[diff] [blame]1323crl-futureRevocationDate.pem: $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_config_file) test-ca.server1.future-crl.db test-ca.server1.future-crl.opensslconf
1324 $(FAKETIME) '2028-12-31' $(OPENSSL) ca -gencrl -config test-ca.server1.future-crl.opensslconf -crldays 365 -passin "pass:$(test_ca_pwd_rsa)" -out $@
1325
1326server1_all: crl.pem crl-futureRevocationDate.pem server1.crt server1.noauthid.crt server1.crt.openssl server1.v1.crt server1.v1.crt.openssl server1.key_usage.crt server1.key_usage_noauthid.crt server1.key_usage.crt.openssl server1.cert_type.crt server1.cert_type_noauthid.crt server1.cert_type.crt.openssl server1.der server1.der.openssl server1.v1.der server1.v1.der.openssl server1.key_usage.der server1.key_usage.der.openssl server1.cert_type.der server1.cert_type.der.openssl
Gilles Peskinef040a172017-05-05 18:56:12 +0200[diff] [blame]1327
Hanno Beckerebc1f402018-10-31 16:35:59 +0000[diff] [blame]1328# server2*
1329
1330server2.crt: server2.req.sha256
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]1331 $(MBEDTLS_CERT_WRITE) request_file=server2.req.sha256 serial=2 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@
Hanno Beckere21387e2019-03-12 16:49:26 +0000[diff] [blame]1332all_final += server2.crt
Hanno Beckerebc1f402018-10-31 16:35:59 +0000[diff] [blame]1333
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]1334server2.der: server2.crt
1335 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
1336all_final += server2.crt server2.der
1337
Hanno Beckerebc1f402018-10-31 16:35:59 +0000[diff] [blame]1338server2-sha256.crt: server2.req.sha256
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]1339 $(MBEDTLS_CERT_WRITE) request_file=server2.req.sha256 serial=2 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA256 version=3 output_file=$@
Hanno Beckerebc1f402018-10-31 16:35:59 +0000[diff] [blame]1340all_final += server2-sha256.crt
1341
Pengyu Lva3d7bb82023-05-09 12:04:56 +0800[diff] [blame]1342# server3*
1343
1344server3.crt: server3.key
1345 $(MBEDTLS_CERT_WRITE) subject_key=$< subject_name="C=NL,O=PolarSSL,CN=localhost" serial=13 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@
1346all_final += server3.crt
1347
Pengyu Lv746e2d12023-05-10 09:26:41 +0800[diff] [blame]1348# server4*
1349
1350server4.crt: server4.key
1351 $(MBEDTLS_CERT_WRITE) subject_key=$< subject_name="C=NL,O=PolarSSL,CN=localhost" serial=8 issuer_crt=$(test_ca_crt_file_ec) issuer_key=$(test_ca_key_file_ec) not_before=20190210144400 not_after=20290210144400 md=SHA256 version=3 output_file=$@
1352all_final += server4.crt
1353
Hanno Becker2e0f71f2019-06-03 14:14:04 +0100[diff] [blame]1354# MD2, MD4, MD5 test certificates
Gilles Peskinef040a172017-05-05 18:56:12 +0200[diff] [blame]1355
Hanno Becker2e0f71f2019-06-03 14:14:04 +0100[diff] [blame]1356cert_md_test_key = $(cli_crt_key_file_rsa)
1357
1358cert_md2.csr: $(cert_md_test_key)
1359 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Cert MD2" md=MD2
1360all_intermediate += cert_md2.csr
1361
1362cert_md2.crt: cert_md2.csr
Hanno Becker53756b32019-06-03 14:14:38 +0100[diff] [blame]1363 $(MBEDTLS_CERT_WRITE) request_file=$< serial=9 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20000101121212 not_after=20300101121212 md=MD2 version=3 output_file=$@
Hanno Becker2e0f71f2019-06-03 14:14:04 +0100[diff] [blame]1364all_final += cert_md2.crt
1365
1366cert_md4.csr: $(cert_md_test_key)
1367 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Cert MD4" md=MD4
1368all_intermediate += cert_md4.csr
1369
1370cert_md4.crt: cert_md4.csr
Hanno Becker53756b32019-06-03 14:14:38 +0100[diff] [blame]1371 $(MBEDTLS_CERT_WRITE) request_file=$< serial=5 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20000101121212 not_after=20300101121212 md=MD4 version=3 output_file=$@
Hanno Becker2e0f71f2019-06-03 14:14:04 +0100[diff] [blame]1372all_final += cert_md4.crt
1373
1374cert_md5.csr: $(cert_md_test_key)
1375 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Cert MD5" md=MD5
1376all_intermediate += cert_md5.csr
1377
1378cert_md5.crt: cert_md5.csr
Hanno Becker53756b32019-06-03 14:14:38 +0100[diff] [blame]1379 $(MBEDTLS_CERT_WRITE) request_file=$< serial=6 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20000101121212 not_after=20300101121212 md=MD5 version=3 output_file=$@
Hanno Becker2e0f71f2019-06-03 14:14:04 +0100[diff] [blame]1380all_final += cert_md5.crt
Gilles Peskinef040a172017-05-05 18:56:12 +0200[diff] [blame]1381
1382################################################################
Gilles Peskinec6b0d962020-12-08 22:31:52 +0100[diff] [blame]1383#### Diffie-Hellman parameters
1384################################################################
1385
1386dh.998.pem:
1387 $(OPENSSL) dhparam -out $@ -text 998
1388
1389dh.999.pem:
1390 $(OPENSSL) dhparam -out $@ -text 999
1391
1392################################################################
Gilles Peskinef040a172017-05-05 18:56:12 +0200[diff] [blame]1393#### Meta targets
1394################################################################
1395
1396all_final: $(all_final)
1397all: $(all_intermediate) $(all_final)
1398
Gilles Peskinefd14bca2017-05-11 17:57:22 +0200[diff] [blame]1399.PHONY: default all_final all
Gilles Peskineea8d6972017-11-28 17:30:52 +0100[diff] [blame]1400.PHONY: keys_rsa_all
1401.PHONY: keys_rsa_unenc keys_rsa_enc_basic
1402.PHONY: keys_rsa_enc_pkcs8_v1 keys_rsa_enc_pkcs8_v2
1403.PHONY: keys_rsa_enc_basic_1024 keys_rsa_enc_basic_2048 keys_rsa_enc_basic_4096
1404.PHONY: keys_rsa_enc_pkcs8_v1_1024 keys_rsa_enc_pkcs8_v2_1024
1405.PHONY: keys_rsa_enc_pkcs8_v1_2048 keys_rsa_enc_pkcs8_v2_2048
1406.PHONY: keys_rsa_enc_pkcs8_v1_4096 keys_rsa_enc_pkcs8_v2_4096
1407.PHONY: server1_all
Pengyu Lv30cd6b02023-05-12 16:27:26 +0800[diff] [blame]1408.PHONY: server7_all
Pengyu Lv42174292023-05-12 17:52:09 +0800[diff] [blame]1409.PHONY: server8_all
Gilles Peskinefd14bca2017-05-11 17:57:22 +0200[diff] [blame]1410
Gilles Peskinef040a172017-05-05 18:56:12 +0200[diff] [blame]1411# These files should not be committed to the repository.
1412list_intermediate:
1413 @printf '%s\n' $(all_intermediate) | sort
1414# These files should be committed to the repository so that the test data is
1415# available upon checkout without running a randomized process depending on
1416# third-party tools.
1417list_final:
1418 @printf '%s\n' $(all_final) | sort
Gilles Peskinefd14bca2017-05-11 17:57:22 +0200[diff] [blame]1419.PHONY: list_intermediate list_final
Gilles Peskinef040a172017-05-05 18:56:12 +0200[diff] [blame]1420
Gilles Peskinefd14bca2017-05-11 17:57:22 +0200[diff] [blame]1421## Remove intermediate files
Gilles Peskinef040a172017-05-05 18:56:12 +0200[diff] [blame]1422clean:
1423 rm -f $(all_intermediate)
Gilles Peskinefd14bca2017-05-11 17:57:22 +0200[diff] [blame]1424## Remove all build products, even the ones that are committed
Gilles Peskinef040a172017-05-05 18:56:12 +0200[diff] [blame]1425neat: clean
1426 rm -f $(all_final)
Gilles Peskinefd14bca2017-05-11 17:57:22 +0200[diff] [blame]1427.PHONY: clean neat
Pengyu Lvf287e2a2023-05-24 10:33:42 +0800[diff] [blame]1428
1429.SECONDARY: $(all_intermediate)