TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls.git / ecff9e989171d59463ed4d508f8752d0f0fd2f9a / . / tests / data_files / Makefile
blob: 07998bda067259caaeefd25adaf3147022bb277e [file] [log] [blame]
Gilles Peskine9bb4f282017-05-11 17:57:22 +0200[diff] [blame]1## This file contains a record of how some of the test data was
2## generated. The final build products are committed to the repository
3## as well to make sure that the test data is identical. You do not
4## need to use this makefile unless you're extending mbed TLS's tests.
Gilles Peskine83ed5962017-05-05 18:56:12 +0200[diff] [blame]5
Gilles Peskine9bb4f282017-05-11 17:57:22 +0200[diff] [blame]6## Many data files were generated prior to the existence of this
7## makefile, so the method of their generation was not recorded.
Gilles Peskine83ed5962017-05-05 18:56:12 +0200[diff] [blame]8
Gilles Peskine9bb4f282017-05-11 17:57:22 +0200[diff] [blame]9## Note that in addition to depending on the version of the data
10## generation tool, many of the build outputs are randomized, so
11## running this makefile twice would not produce the same results.
12
13## Tools
14OPENSSL ?= openssl
Manuel Pégourié-Gonnard3c873462017-06-05 10:20:32 +0200[diff] [blame]15FAKETIME ?= faketime
Hanno Becker2b6c3f62017-09-14 07:51:28 +0100[diff] [blame]16MBEDTLS_CERT_WRITE ?= $(PWD)/../../programs/x509/cert_write
Gilles Peskine9bb4f282017-05-11 17:57:22 +0200[diff] [blame]17
18## Build the generated test data. Note that since the final outputs
19## are committed to the repository, this target should do nothing on a
20## fresh checkout. Furthermore, since the generation is randomized,
21## re-running the same targets may result in differing files. The goal
22## of this makefile is primarily to serve as a record of how the
23## targets were generated in the first place.
Gilles Peskine83ed5962017-05-05 18:56:12 +0200[diff] [blame]24default: all_final
25
26all_intermediate := # temporary files
Hanno Becker82027c12017-09-26 16:21:19 +0100[diff] [blame]27all_final := # files used by tests
Gilles Peskine83ed5962017-05-05 18:56:12 +0200[diff] [blame]28
Gilles Peskine9bb4f282017-05-11 17:57:22 +0200[diff] [blame]29
30
31################################################################
32#### Generate certificates from existing keys
33################################################################
34
Hanno Becker2b6c3f62017-09-14 07:51:28 +0100[diff] [blame]35test_ca_crt = test-ca.crt
Gilles Peskine9bb4f282017-05-11 17:57:22 +0200[diff] [blame]36test_ca_key_file_rsa = test-ca.key
37test_ca_pwd_rsa = PolarSSLTest
38test_ca_config_file = test-ca.opensslconf
39
Gilles Peskine83ed5962017-05-05 18:56:12 +0200[diff] [blame]40test-ca.csr: $(test_ca_key_file_rsa) $(test_ca_config_file)
41 $(OPENSSL) req -new -config $(test_ca_config_file) -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test CA" -out $@
42all_intermediate += test-ca.csr
43test-ca-sha1.crt: $(test_ca_key_file_rsa) $(test_ca_config_file) test-ca.csr
44 $(OPENSSL) req -x509 -config $(test_ca_config_file) -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha1 -in test-ca.csr -out $@
45all_final += test-ca-sha1.crt
46test-ca-sha256.crt: $(test_ca_key_file_rsa) $(test_ca_config_file) test-ca.csr
47 $(OPENSSL) req -x509 -config $(test_ca_config_file) -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha256 -in test-ca.csr -out $@
48all_final += test-ca-sha256.crt
49
Manuel Pégourié-Gonnard94ff1c62017-06-27 12:51:52 +0200[diff] [blame]50test_ca_crt_file_ec = test-ca2.crt
51test_ca_key_file_ec = test-ca2.key
52
53test-int-ca.csr: test-int-ca.key $(test_ca_config_file)
54 $(OPENSSL) req -new -config $(test_ca_config_file) -key test-int-ca.key -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test Intermediate CA" -out $@
55all_intermediate += test-int-ca.csr
56test-int-ca-exp.crt: $(test_ca_key_file_ec) $(test_ca_config_file) test-int-ca.csr
57 $(FAKETIME) -f -3653d $(OPENSSL) x509 -req -extfile $(test_ca_config_file) -extensions v3_ca -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) -set_serial 14 -days 3653 -sha256 -in test-int-ca.csr -out $@
58all_final += test-int-ca-exp.crt
59
Gilles Peskine9bb4f282017-05-11 17:57:22 +0200[diff] [blame]60cli_crt_key_file_rsa = cli-rsa.key
61cli_crt_extensions_file = cli.opensslconf
62
Gilles Peskine83ed5962017-05-05 18:56:12 +0200[diff] [blame]63cli-rsa.csr: $(cli_crt_key_file_rsa)
64 $(OPENSSL) req -new -key $(cli_crt_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -subj "/C=NL/O=PolarSSL/CN=PolarSSL Client 2" -out $@
65all_intermediate += cli-rsa.csr
66cli-rsa-sha1.crt: $(cli_crt_key_file_rsa) test-ca-sha1.crt cli-rsa.csr
67 $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA test-ca-sha1.crt -CAkey $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 4 -days 3653 -sha1 -in cli-rsa.csr -out $@
68all_final += cli-rsa-sha1.crt
69cli-rsa-sha256.crt: $(cli_crt_key_file_rsa) test-ca-sha256.crt cli-rsa.csr
70 $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA test-ca-sha256.crt -CAkey $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 4 -days 3653 -sha256 -in cli-rsa.csr -out $@
71all_final += cli-rsa-sha256.crt
72
Gilles Peskineae765992017-05-09 15:59:24 +0200[diff] [blame]73server2-rsa.csr: server2.key
74 $(OPENSSL) req -new -key server2.key -passin "pass:$(test_ca_pwd_rsa)" -subj "/C=NL/O=PolarSSL/CN=localhost" -out $@
75all_intermediate += server2-rsa.csr
76server2-sha256.crt: server2-rsa.csr
77 $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA test-ca-sha256.crt -CAkey $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 4 -days 3653 -sha256 -in server2-rsa.csr -out $@
78all_final += server2-sha256.crt
79
Manuel Pégourié-Gonnard3c873462017-06-05 10:20:32 +0200[diff] [blame]80test_ca_int_rsa1 = test-int-ca.crt
81
82server7.csr: server7.key
83 $(OPENSSL) req -new -key server7.key -subj "/C=NL/O=PolarSSL/CN=localhost" -out $@
84all_intermediate += server7.csr
85server7-expired.crt: server7.csr $(test_ca_int_rsa1)
86 $(FAKETIME) -f -3653d $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA $(test_ca_int_rsa1) -CAkey test-int-ca.key -set_serial 16 -days 3653 -sha256 -in server7.csr | cat - $(test_ca_int_rsa1) > $@
87all_final += server7-expired.crt
88server7-future.crt: server7.csr $(test_ca_int_rsa1)
89 $(FAKETIME) -f +3653d $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA $(test_ca_int_rsa1) -CAkey test-int-ca.key -set_serial 16 -days 3653 -sha256 -in server7.csr | cat - $(test_ca_int_rsa1) > $@
90all_final += server7-future.crt
Manuel Pégourié-Gonnard92cd3fe2017-06-05 11:12:13 +0200[diff] [blame]91server7-badsign.crt: server7.crt $(test_ca_int_rsa1)
92 { head -n-2 server7.crt; tail -n-2 server7.crt | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; cat test-int-ca.crt; } > server7-badsign.crt
93all_final += server7-badsign.crt
Manuel Pégourié-Gonnard94ff1c62017-06-27 12:51:52 +0200[diff] [blame]94server7_int-ca-exp.crt: server7.crt test-int-ca-exp.crt
95 cat server7.crt test-int-ca-exp.crt > $@
96all_final += server7_int-ca-exp.crt
97
98server5-ss-expired.crt: server5.key
99 $(FAKETIME) -f -3653d $(OPENSSL) req -x509 -new -subj "/C=UK/O=mbed TLS/OU=testsuite/CN=localhost" -days 3653 -sha256 -key $< -out $@
100all_final += server5-ss-expired.crt
101
Manuel Pégourié-Gonnardecff9e92017-06-29 09:48:08 +0200[diff] [blame^]102# try to forge a copy of test-int-ca3 with different key
103server5-ss-forgeca.crt: server5.key
104 $(FAKETIME) '2015-09-01 14:08:43' $(OPENSSL) req -x509 -new -subj "/C=UK/O=mbed TLS/CN=mbed TLS Test intermediate CA 3" -set_serial 77 -config $(test_ca_config_file) -extensions noext_ca -days 3650 -sha256 -key $< -out $@
105all_final += server5-ss-forgeca.crt
106
107
108
Gilles Peskine283a80d2017-11-28 18:31:28 +0100[diff] [blame]109
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]110################################################################
111#### Generate various RSA keys
112################################################################
Gilles Peskineae765992017-05-09 15:59:24 +0200[diff] [blame]113
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]114### Password used for PKCS1-encoded encrypted RSA keys
115keys_rsa_basic_pwd = testkey
116
117### Password used for PKCS8-encoded encrypted RSA keys
118keys_rsa_pkcs8_pwd = PolarSSLTest
119
120### Basic 1024-, 2048- and 4096-bit unencrypted RSA keys from which
121### all other encrypted RSA keys are derived.
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]122rsa_pkcs1_1024_clear.pem:
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]123 $(OPENSSL) genrsa -out $@ 1024
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]124all_final += rsa_pkcs1_1024_clear.pem
125rsa_pkcs1_2048_clear.pem:
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]126 $(OPENSSL) genrsa -out $@ 2048
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]127all_final += rsa_pkcs1_2048_clear.pem
128rsa_pkcs1_4096_clear.pem:
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]129 $(OPENSSL) genrsa -out $@ 4096
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]130all_final += rsa_pkcs1_4096_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]131
132###
133### PKCS1-encoded, encrypted RSA keys
134###
135
136### 1024-bit
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]137rsa_pkcs1_1024_des.pem: rsa_pkcs1_1024_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]138 $(OPENSSL) rsa -des -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]139all_final += rsa_pkcs1_1024_des.pem
140rsa_pkcs1_1024_3des.pem: rsa_pkcs1_1024_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]141 $(OPENSSL) rsa -des3 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]142all_final += rsa_pkcs1_1024_3des.pem
143rsa_pkcs1_1024_aes128.pem: rsa_pkcs1_1024_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]144 $(OPENSSL) rsa -aes128 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]145all_final += rsa_pkcs1_1024_aes128.pem
146rsa_pkcs1_1024_aes192.pem: rsa_pkcs1_1024_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]147 $(OPENSSL) rsa -aes192 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]148all_final += rsa_pkcs1_1024_aes192.pem
149rsa_pkcs1_1024_aes256.pem: rsa_pkcs1_1024_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]150 $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]151all_final += rsa_pkcs1_1024_aes256.pem
152keys_rsa_enc_basic_1024: rsa_pkcs1_1024_des.pem rsa_pkcs1_1024_3des.pem rsa_pkcs1_1024_aes128.pem rsa_pkcs1_1024_aes192.pem rsa_pkcs1_1024_aes256.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]153
154# 2048-bit
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]155rsa_pkcs1_2048_des.pem: rsa_pkcs1_2048_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]156 $(OPENSSL) rsa -des -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]157all_final += rsa_pkcs1_2048_des.pem
158rsa_pkcs1_2048_3des.pem: rsa_pkcs1_2048_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]159 $(OPENSSL) rsa -des3 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]160all_final += rsa_pkcs1_2048_3des.pem
161rsa_pkcs1_2048_aes128.pem: rsa_pkcs1_2048_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]162 $(OPENSSL) rsa -aes128 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]163all_final += rsa_pkcs1_2048_aes128.pem
164rsa_pkcs1_2048_aes192.pem: rsa_pkcs1_2048_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]165 $(OPENSSL) rsa -aes192 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]166all_final += rsa_pkcs1_2048_aes192.pem
167rsa_pkcs1_2048_aes256.pem: rsa_pkcs1_2048_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]168 $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]169all_final += rsa_pkcs1_2048_aes256.pem
170keys_rsa_enc_basic_2048: rsa_pkcs1_2048_des.pem rsa_pkcs1_2048_3des.pem rsa_pkcs1_2048_aes128.pem rsa_pkcs1_2048_aes192.pem rsa_pkcs1_2048_aes256.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]171
172# 4096-bit
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]173rsa_pkcs1_4096_des.pem: rsa_pkcs1_4096_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]174 $(OPENSSL) rsa -des -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]175all_final += rsa_pkcs1_4096_des.pem
176rsa_pkcs1_4096_3des.pem: rsa_pkcs1_4096_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]177 $(OPENSSL) rsa -des3 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]178all_final += rsa_pkcs1_4096_3des.pem
179rsa_pkcs1_4096_aes128.pem: rsa_pkcs1_4096_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]180 $(OPENSSL) rsa -aes128 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]181all_final += rsa_pkcs1_4096_aes128.pem
182rsa_pkcs1_4096_aes192.pem: rsa_pkcs1_4096_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]183 $(OPENSSL) rsa -aes192 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]184all_final += rsa_pkcs1_4096_aes192.pem
185rsa_pkcs1_4096_aes256.pem: rsa_pkcs1_4096_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]186 $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]187all_final += rsa_pkcs1_4096_aes256.pem
188keys_rsa_enc_basic_4096: rsa_pkcs1_4096_des.pem rsa_pkcs1_4096_3des.pem rsa_pkcs1_4096_aes128.pem rsa_pkcs1_4096_aes192.pem rsa_pkcs1_4096_aes256.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]189
190###
191### PKCS8-v1 encoded, encrypted RSA keys
192###
193
194### 1024-bit
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]195rsa_pkcs8_pbe_sha1_1024_3des.der: rsa_pkcs1_1024_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]196 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]197all_final += rsa_pkcs8_pbe_sha1_1024_3des.der
198rsa_pkcs8_pbe_sha1_1024_3des.pem: rsa_pkcs1_1024_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]199 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]200all_final += rsa_pkcs8_pbe_sha1_1024_3des.pem
201keys_rsa_enc_pkcs8_v1_1024_3des: rsa_pkcs8_pbe_sha1_1024_3des.pem rsa_pkcs8_pbe_sha1_1024_3des.der
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]202
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]203rsa_pkcs8_pbe_sha1_1024_2des.der: rsa_pkcs1_1024_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]204 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]205all_final += rsa_pkcs8_pbe_sha1_1024_2des.der
206rsa_pkcs8_pbe_sha1_1024_2des.pem: rsa_pkcs1_1024_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]207 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]208all_final += rsa_pkcs8_pbe_sha1_1024_2des.pem
209keys_rsa_enc_pkcs8_v1_1024_2des: rsa_pkcs8_pbe_sha1_1024_2des.pem rsa_pkcs8_pbe_sha1_1024_2des.der
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]210
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]211rsa_pkcs8_pbe_sha1_1024_rc4_128.der: rsa_pkcs1_1024_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]212 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]213all_final += rsa_pkcs8_pbe_sha1_1024_rc4_128.der
214rsa_pkcs8_pbe_sha1_1024_rc4_128.pem: rsa_pkcs1_1024_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]215 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]216all_final += rsa_pkcs8_pbe_sha1_1024_rc4_128.pem
217keys_rsa_enc_pkcs8_v1_1024_rc4_128: rsa_pkcs8_pbe_sha1_1024_rc4_128.pem rsa_pkcs8_pbe_sha1_1024_rc4_128.der
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]218
219keys_rsa_enc_pkcs8_v1_1024: keys_rsa_enc_pkcs8_v1_1024_3des keys_rsa_enc_pkcs8_v1_1024_2des keys_rsa_enc_pkcs8_v1_1024_rc4_128
220
221### 2048-bit
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]222rsa_pkcs8_pbe_sha1_2048_3des.der: rsa_pkcs1_2048_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]223 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]224all_final += rsa_pkcs8_pbe_sha1_2048_3des.der
225rsa_pkcs8_pbe_sha1_2048_3des.pem: rsa_pkcs1_2048_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]226 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]227all_final += rsa_pkcs8_pbe_sha1_2048_3des.pem
228keys_rsa_enc_pkcs8_v1_2048_3des: rsa_pkcs8_pbe_sha1_2048_3des.pem rsa_pkcs8_pbe_sha1_2048_3des.der
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]229
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]230rsa_pkcs8_pbe_sha1_2048_2des.der: rsa_pkcs1_2048_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]231 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]232all_final += rsa_pkcs8_pbe_sha1_2048_2des.der
233rsa_pkcs8_pbe_sha1_2048_2des.pem: rsa_pkcs1_2048_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]234 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]235all_final += rsa_pkcs8_pbe_sha1_2048_2des.pem
236keys_rsa_enc_pkcs8_v1_2048_2des: rsa_pkcs8_pbe_sha1_2048_2des.pem rsa_pkcs8_pbe_sha1_2048_2des.der
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]237
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]238rsa_pkcs8_pbe_sha1_2048_rc4_128.der: rsa_pkcs1_2048_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]239 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]240all_final += rsa_pkcs8_pbe_sha1_2048_rc4_128.der
241rsa_pkcs8_pbe_sha1_2048_rc4_128.pem: rsa_pkcs1_2048_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]242 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]243all_final += rsa_pkcs8_pbe_sha1_2048_rc4_128.pem
244keys_rsa_enc_pkcs8_v1_2048_rc4_128: rsa_pkcs8_pbe_sha1_2048_rc4_128.pem rsa_pkcs8_pbe_sha1_2048_rc4_128.der
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]245
246keys_rsa_enc_pkcs8_v1_2048: keys_rsa_enc_pkcs8_v1_2048_3des keys_rsa_enc_pkcs8_v1_2048_2des keys_rsa_enc_pkcs8_v1_2048_rc4_128
247
248### 4096-bit
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]249rsa_pkcs8_pbe_sha1_4096_3des.der: rsa_pkcs1_4096_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]250 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]251all_final += rsa_pkcs8_pbe_sha1_4096_3des.der
252rsa_pkcs8_pbe_sha1_4096_3des.pem: rsa_pkcs1_4096_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]253 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]254all_final += rsa_pkcs8_pbe_sha1_4096_3des.pem
255keys_rsa_enc_pkcs8_v1_4096_3des: rsa_pkcs8_pbe_sha1_4096_3des.pem rsa_pkcs8_pbe_sha1_4096_3des.der
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]256
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]257rsa_pkcs8_pbe_sha1_4096_2des.der: rsa_pkcs1_4096_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]258 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]259all_final += rsa_pkcs8_pbe_sha1_4096_2des.der
260rsa_pkcs8_pbe_sha1_4096_2des.pem: rsa_pkcs1_4096_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]261 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]262all_final += rsa_pkcs8_pbe_sha1_4096_2des.pem
263keys_rsa_enc_pkcs8_v1_4096_2des: rsa_pkcs8_pbe_sha1_4096_2des.pem rsa_pkcs8_pbe_sha1_4096_2des.der
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]264
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]265rsa_pkcs8_pbe_sha1_4096_rc4_128.der: rsa_pkcs1_4096_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]266 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]267all_final += rsa_pkcs8_pbe_sha1_4096_rc4_128.der
268rsa_pkcs8_pbe_sha1_4096_rc4_128.pem: rsa_pkcs1_4096_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]269 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]270all_final += rsa_pkcs8_pbe_sha1_4096_rc4_128.pem
271keys_rsa_enc_pkcs8_v1_4096_rc4_128: rsa_pkcs8_pbe_sha1_4096_rc4_128.pem rsa_pkcs8_pbe_sha1_4096_rc4_128.der
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]272
273keys_rsa_enc_pkcs8_v1_4096: keys_rsa_enc_pkcs8_v1_4096_3des keys_rsa_enc_pkcs8_v1_4096_2des keys_rsa_enc_pkcs8_v1_4096_rc4_128
274
275###
276### PKCS8-v2 encoded, encrypted RSA keys
277###
278
279### 1024-bit
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]280rsa_pkcs8_pbes2_pbkdf2_1024_3des.der: rsa_pkcs1_1024_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]281 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]282all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des.der
283rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem: rsa_pkcs1_1024_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]284 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]285all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem
286keys_rsa_enc_pkcs8_v2_1024_3des: rsa_pkcs8_pbes2_pbkdf2_1024_3des.der rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]287
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]288rsa_pkcs8_pbes2_pbkdf2_1024_des.der: rsa_pkcs1_1024_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]289 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]290all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des.der
291rsa_pkcs8_pbes2_pbkdf2_1024_des.pem: rsa_pkcs1_1024_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]292 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]293all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des.pem
294keys_rsa_enc_pkcs8_v2_1024_des: rsa_pkcs8_pbes2_pbkdf2_1024_des.der rsa_pkcs8_pbes2_pbkdf2_1024_des.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]295
296keys_rsa_enc_pkcs8_v2_1024: keys_rsa_enc_pkcs8_v2_1024_3des keys_rsa_enc_pkcs8_v2_1024_des
297
298### 2048-bit
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]299rsa_pkcs8_pbes2_pbkdf2_2048_3des.der: rsa_pkcs1_2048_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]300 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]301all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des.der
302rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem: rsa_pkcs1_2048_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]303 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]304all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem
305keys_rsa_enc_pkcs8_v2_2048_3des: rsa_pkcs8_pbes2_pbkdf2_2048_3des.der rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]306
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]307rsa_pkcs8_pbes2_pbkdf2_2048_des.der: rsa_pkcs1_2048_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]308 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]309all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des.der
310rsa_pkcs8_pbes2_pbkdf2_2048_des.pem: rsa_pkcs1_2048_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]311 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]312all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des.pem
313keys_rsa_enc_pkcs8_v2_2048_des: rsa_pkcs8_pbes2_pbkdf2_2048_des.der rsa_pkcs8_pbes2_pbkdf2_2048_des.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]314
315keys_rsa_enc_pkcs8_v2_2048: keys_rsa_enc_pkcs8_v2_2048_3des keys_rsa_enc_pkcs8_v2_2048_des
316
317### 4096-bit
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]318rsa_pkcs8_pbes2_pbkdf2_4096_3des.der: rsa_pkcs1_4096_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]319 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]320all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des.der
321rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem: rsa_pkcs1_4096_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]322 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]323all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem
324keys_rsa_enc_pkcs8_v2_4096_3des: rsa_pkcs8_pbes2_pbkdf2_4096_3des.der rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]325
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]326rsa_pkcs8_pbes2_pbkdf2_4096_des.der: rsa_pkcs1_4096_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]327 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]328all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des.der
329rsa_pkcs8_pbes2_pbkdf2_4096_des.pem: rsa_pkcs1_4096_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]330 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]331all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des.pem
332keys_rsa_enc_pkcs8_v2_4096_des: rsa_pkcs8_pbes2_pbkdf2_4096_des.der rsa_pkcs8_pbes2_pbkdf2_4096_des.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]333
334keys_rsa_enc_pkcs8_v2_4096: keys_rsa_enc_pkcs8_v2_4096_3des keys_rsa_enc_pkcs8_v2_4096_des
335
336###
337### Rules to generate all RSA keys from a particular class
338###
339
340### Generate basic unencrypted RSA keys
Hanno Becker0d0422c2017-09-29 20:05:23 +0100[diff] [blame]341keys_rsa_unenc: rsa_pkcs1_1024_clear.pem rsa_pkcs1_2048_clear.pem rsa_pkcs1_4096_clear.pem
Hanno Becker9c22f592017-09-05 09:23:50 +0100[diff] [blame]342
343### Generate PKCS1-encoded encrypted RSA keys
344keys_rsa_enc_basic: keys_rsa_enc_basic_1024 keys_rsa_enc_basic_2048 keys_rsa_enc_basic_4096
345
346### Generate PKCS8-v1 encrypted RSA keys
347keys_rsa_enc_pkcs8_v1: keys_rsa_enc_pkcs8_v1_1024 keys_rsa_enc_pkcs8_v1_2048 keys_rsa_enc_pkcs8_v1_4096
348
349### Generate PKCS8-v2 encrypted RSA keys
350keys_rsa_enc_pkcs8_v2: keys_rsa_enc_pkcs8_v2_1024 keys_rsa_enc_pkcs8_v2_2048 keys_rsa_enc_pkcs8_v2_4096
351
352### Generate all RSA keys
353keys_rsa_all: keys_rsa_unenc keys_rsa_enc_basic keys_rsa_enc_pkcs8_v1 keys_rsa_enc_pkcs8_v2
354
Gilles Peskine283a80d2017-11-28 18:31:28 +0100[diff] [blame]355
356
357################################################################
Hanno Becker2b6c3f62017-09-14 07:51:28 +0100[diff] [blame]358### Generate certificates for CRT write check tests
Gilles Peskine283a80d2017-11-28 18:31:28 +0100[diff] [blame]359################################################################
360
Hanno Becker2b6c3f62017-09-14 07:51:28 +0100[diff] [blame]361### The test files use the Mbed TLS generated certificates server1*.crt,
362### but for comparison with OpenSSL also rules for OpenSSL-generated
363### certificates server1*.crt.openssl are offered.
364###
365### Known differences:
366### * OpenSSL encodes trailing zero-bits in bit-strings occurring in X.509 extension
367### as unused bits, while Mbed TLS doesn't.
Gilles Peskine83ed5962017-05-05 18:56:12 +0200[diff] [blame]368
Hanno Becker2b6c3f62017-09-14 07:51:28 +0100[diff] [blame]369test_ca_server1_db = test-ca.server1.db
370test_ca_server1_serial = test-ca.server1.serial
371test_ca_server1_config_file = test-ca.server1.opensslconf
372
373server1.csr: server1.key server1_csr.opensslconf
374 $(OPENSSL) req -keyform PEM -key server1.key -config server1_csr.opensslconf -out $@ -new
375all_final += server1.csr
376
377server1.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa)
378 $(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 version=3 output_file=$@
379server1.noauthid.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa)
380 $(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20110212144406 not_after=20210212144406 md=SHA1 authority_identifier=0 version=3 output_file=$@
381server1.der: server1.crt
382 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
383all_final += server1.crt server1.noauthid.crt server1.der
384
385server1.key_usage.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa)
386 $(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 key_usage=digital_signature,non_repudiation,key_encipherment version=3 output_file=$@
387server1.key_usage_noauthid.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa)
388 $(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 key_usage=digital_signature,non_repudiation,key_encipherment authority_identifier=0 version=3 output_file=$@
389server1.key_usage.der: server1.key_usage.crt
390 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
391all_final += server1.key_usage.crt server1.key_usage_noauthid.crt server1.key_usage.der
392
393server1.cert_type.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa)
394 $(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 ns_cert_type=ssl_server version=3 output_file=$@
395server1.cert_type_noauthid.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa)
396 $(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 ns_cert_type=ssl_server authority_identifier=0 version=3 output_file=$@
397server1.cert_type.der: server1.cert_type.crt
398 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
399all_final += server1.cert_type.crt server1.cert_type_noauthid.crt server1.cert_type.der
400
401server1.v1.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa)
402 $(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 version=1 output_file=$@
403server1.v1.der: server1.v1.crt
404 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
405all_final += server1.v1.crt server1.v1.der
406
407# OpenSSL-generated certificates for comparison
Hanno Becker7de3ff32017-09-13 15:39:59 +0100[diff] [blame]408# Also provide certificates in DER format to allow
Hanno Becker2b6c3f62017-09-14 07:51:28 +0100[diff] [blame]409# direct binary comparison using e.g. dumpasn1
410server1.crt.openssl server1.key_usage.crt.openssl server1.cert_type.crt.openssl: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_server1_config_file)
411 echo "01" > $(test_ca_server1_serial)
412 rm -f $(test_ca_server1_db)
413 touch $(test_ca_server1_db)
414 $(OPENSSL) ca -batch -passin "pass:$(test_ca_pwd_rsa)" -config $(test_ca_server1_config_file) -in server1.csr -extensions v3_ext -extfile $@.v3_ext -out $@
415server1.der.openssl: server1.crt.openssl
416 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
417server1.key_usage.der.openssl: server1.key_usage.crt.openssl
418 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
419server1.cert_type.der.openssl: server1.cert_type.crt.openssl
420 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
421
422server1.v1.crt.openssl: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_server1_config_file)
423 echo "01" > $(test_ca_server1_serial)
424 rm -f $(test_ca_server1_db)
425 touch $(test_ca_server1_db)
426 $(OPENSSL) ca -batch -passin "pass:$(test_ca_pwd_rsa)" -config $(test_ca_server1_config_file) -in server1.csr -out $@
427server1.v1.der.openssl: server1.v1.crt.openssl
428 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
429
430server1_all: server1.csr server1.crt server1.noauthid.crt server1.crt.openssl server1.v1.crt server1.v1.crt.openssl server1.key_usage.crt server1.key_usage_noauthid.crt server1.key_usage.crt.openssl server1.cert_type.crt server1.cert_type_noauthid.crt server1.cert_type.crt.openssl server1.der server1.der.openssl server1.v1.der server1.v1.der.openssl server1.key_usage.der server1.key_usage.der.openssl server1.cert_type.der server1.cert_type.der.openssl
Gilles Peskine9bb4f282017-05-11 17:57:22 +0200[diff] [blame]431
Gilles Peskine283a80d2017-11-28 18:31:28 +0100[diff] [blame]432
433
Gilles Peskine9bb4f282017-05-11 17:57:22 +0200[diff] [blame]434################################################################
435#### Meta targets
436################################################################
437
Gilles Peskine83ed5962017-05-05 18:56:12 +0200[diff] [blame]438all_final: $(all_final)
439all: $(all_intermediate) $(all_final)
440
Gilles Peskine283a80d2017-11-28 18:31:28 +0100[diff] [blame]441.PHONY: default all_final all
442.PHONY: keys_rsa_all
443.PHONY: keys_rsa_unenc keys_rsa_enc_basic
444.PHONY: keys_rsa_enc_pkcs8_v1 keys_rsa_enc_pkcs8_v2
445.PHONY: keys_rsa_enc_basic_1024 keys_rsa_enc_basic_2048 keys_rsa_enc_basic_4096
446.PHONY: keys_rsa_enc_pkcs8_v1_1024 keys_rsa_enc_pkcs8_v2_1024
447.PHONY: keys_rsa_enc_pkcs8_v1_2048 keys_rsa_enc_pkcs8_v2_2048
448.PHONY: keys_rsa_enc_pkcs8_v1_4096 keys_rsa_enc_pkcs8_v2_4096
449.PHONY: server1_all
Gilles Peskine9bb4f282017-05-11 17:57:22 +0200[diff] [blame]450
Gilles Peskine83ed5962017-05-05 18:56:12 +0200[diff] [blame]451# These files should not be committed to the repository.
452list_intermediate:
453 @printf '%s\n' $(all_intermediate) | sort
454# These files should be committed to the repository so that the test data is
455# available upon checkout without running a randomized process depending on
456# third-party tools.
457list_final:
458 @printf '%s\n' $(all_final) | sort
Gilles Peskine9bb4f282017-05-11 17:57:22 +0200[diff] [blame]459.PHONY: list_intermediate list_final
Gilles Peskine83ed5962017-05-05 18:56:12 +0200[diff] [blame]460
Gilles Peskine9bb4f282017-05-11 17:57:22 +0200[diff] [blame]461## Remove intermediate files
Gilles Peskine83ed5962017-05-05 18:56:12 +0200[diff] [blame]462clean:
463 rm -f $(all_intermediate)
Gilles Peskine9bb4f282017-05-11 17:57:22 +0200[diff] [blame]464## Remove all build products, even the ones that are committed
Gilles Peskine83ed5962017-05-05 18:56:12 +0200[diff] [blame]465neat: clean
466 rm -f $(all_final)
Gilles Peskine9bb4f282017-05-11 17:57:22 +0200[diff] [blame]467.PHONY: clean neat