TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 21c8fe5c6ec28e8aad5d5c1be1cc39e519c9f241 / . / tests / data_files / Makefile
blob: e86706c8a92364fe5ac3484b2a6315eab62a5f91 [file] [log] [blame]
Gilles Peskinefd14bca2017-05-11 17:57:22 +0200[diff] [blame]1## This file contains a record of how some of the test data was
2## generated. The final build products are committed to the repository
3## as well to make sure that the test data is identical. You do not
4## need to use this makefile unless you're extending mbed TLS's tests.
Gilles Peskinef040a172017-05-05 18:56:12 +0200[diff] [blame]5
Gilles Peskinefd14bca2017-05-11 17:57:22 +0200[diff] [blame]6## Many data files were generated prior to the existence of this
7## makefile, so the method of their generation was not recorded.
Gilles Peskinef040a172017-05-05 18:56:12 +0200[diff] [blame]8
Gilles Peskinefd14bca2017-05-11 17:57:22 +0200[diff] [blame]9## Note that in addition to depending on the version of the data
10## generation tool, many of the build outputs are randomized, so
11## running this makefile twice would not produce the same results.
12
13## Tools
14OPENSSL ?= openssl
Manuel Pégourié-Gonnard29d60fb2017-06-05 10:20:32 +0200[diff] [blame]15FAKETIME ?= faketime
Gilles Peskined1ff7572020-08-21 19:47:22 +0200[diff] [blame]16
Gilles Peskine18035632020-09-24 16:36:04 +0200[diff] [blame]17TOP_DIR = ../..
Gilles Peskined1ff7572020-08-21 19:47:22 +0200[diff] [blame]18MBEDTLS_CERT_WRITE ?= $(TOP_DIR)/programs/x509/cert_write
19MBEDTLS_CERT_REQ ?= $(TOP_DIR)/programs/x509/cert_req
Hanno Becker50cb93a2018-10-08 17:15:28 +0100[diff] [blame]20
Gilles Peskinefd14bca2017-05-11 17:57:22 +0200[diff] [blame]21
22## Build the generated test data. Note that since the final outputs
23## are committed to the repository, this target should do nothing on a
24## fresh checkout. Furthermore, since the generation is randomized,
25## re-running the same targets may result in differing files. The goal
26## of this makefile is primarily to serve as a record of how the
27## targets were generated in the first place.
Gilles Peskinef040a172017-05-05 18:56:12 +0200[diff] [blame]28default: all_final
29
30all_intermediate := # temporary files
31all_final := # files used by tests
32
Gilles Peskinefd14bca2017-05-11 17:57:22 +0200[diff] [blame]33
34
35################################################################
36#### Generate certificates from existing keys
37################################################################
38
Hanno Becker418a6222017-09-14 07:51:28 +0100[diff] [blame]39test_ca_crt = test-ca.crt
Gilles Peskinefd14bca2017-05-11 17:57:22 +0200[diff] [blame]40test_ca_key_file_rsa = test-ca.key
41test_ca_pwd_rsa = PolarSSLTest
42test_ca_config_file = test-ca.opensslconf
43
Hanno Beckerb8377752018-10-31 15:29:19 +0000[diff] [blame]44test-ca.req.sha256: $(test_ca_key_file_rsa)
45 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$(test_ca_key_file_rsa) password=$(test_ca_pwd_rsa) subject_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" md=SHA256
46all_intermediate += test-ca.req.sha256
47
48test-ca.crt: $(test_ca_key_file_rsa) test-ca.req.sha256
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]49 $(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 request_file=test-ca.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144400 not_after=20290210144400 md=SHA1 version=3 output_file=$@
Hanno Beckere21387e2019-03-12 16:49:26 +0000[diff] [blame]50all_final += test-ca.crt
51
52test-ca.crt.der: test-ca.crt
Hanno Becker462c3e52019-01-31 10:55:42 +0000[diff] [blame]53 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
Hanno Beckere21387e2019-03-12 16:49:26 +0000[diff] [blame]54all_final += test-ca.crt.der
55
56test-ca.key.der: $(test_ca_key_file_rsa)
57 $(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER -passin "pass:$(test_ca_pwd_rsa)"
58all_final += test-ca.key.der
Hanno Beckerb8377752018-10-31 15:29:19 +0000[diff] [blame]59
60test-ca-sha1.crt: $(test_ca_key_file_rsa) test-ca.req.sha256
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]61 $(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 request_file=test-ca.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144400 not_after=20290210144400 md=SHA1 version=3 output_file=$@
Gilles Peskinef040a172017-05-05 18:56:12 +0200[diff] [blame]62all_final += test-ca-sha1.crt
Hanno Beckerb8377752018-10-31 15:29:19 +0000[diff] [blame]63
Hanno Beckere21387e2019-03-12 16:49:26 +0000[diff] [blame]64test-ca-sha1.crt.der: test-ca-sha1.crt
65 $(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER
66all_final += test-ca-sha1.crt.der
67
Hanno Beckerb8377752018-10-31 15:29:19 +0000[diff] [blame]68test-ca-sha256.crt: $(test_ca_key_file_rsa) test-ca.req.sha256
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]69 $(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 request_file=test-ca.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144400 not_after=20290210144400 md=SHA256 version=3 output_file=$@
Gilles Peskinef040a172017-05-05 18:56:12 +0200[diff] [blame]70all_final += test-ca-sha256.crt
71
Hanno Beckere21387e2019-03-12 16:49:26 +0000[diff] [blame]72test-ca-sha256.crt.der: test-ca-sha256.crt
73 $(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER
74all_final += test-ca-sha256.crt.der
75
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]76test-ca_utf8.crt: $(test_ca_key_file_rsa)
77 $(OPENSSL) req -x509 -new -nodes -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 3 -config $(test_ca_config_file) -sha1 -days 3653 -utf8 -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test CA" -out $@
78all_final += test-ca_utf8.crt
79
80test-ca_printable.crt: $(test_ca_key_file_rsa)
81 $(OPENSSL) req -x509 -new -nodes -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 3 -config $(test_ca_config_file) -sha1 -days 3653 -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test CA" -out $@
82all_final += test-ca_printable.crt
83
84test-ca_uppercase.crt: $(test_ca_key_file_rsa)
85 $(OPENSSL) req -x509 -new -nodes -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 3 -config $(test_ca_config_file) -sha1 -days 3653 -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test CA" -out $@
86all_final += test-ca_uppercase.crt
87
Manuel Pégourié-Gonnard2d825d42017-07-03 18:06:38 +0200[diff] [blame]88test_ca_key_file_rsa_alt = test-ca-alt.key
89
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]90cert_example_multi.csr: rsa_pkcs1_1024_clear.pem
91 $(OPENSSL) req -new -subj "/C=NL/O=PolarSSL/CN=www.example.com" -set_serial 17 -config $(test_ca_config_file) -extensions dns_alt_names -days 3650 -key rsa_pkcs1_1024_clear.pem -out $@
92
93cert_example_multi.crt: cert_example_multi.csr
94 $(OPENSSL) x509 -req -CA $(test_ca_crt) -CAkey $(test_ca_key_file_rsa) -extfile $(test_ca_config_file) -extensions dns_alt_names -passin "pass:$(test_ca_pwd_rsa)" -set_serial 17 -days 3653 -sha256 -in $< > $@
95
96$(test_ca_key_file_rsa_alt):test-ca.opensslconf
Manuel Pégourié-Gonnard2d825d42017-07-03 18:06:38 +0200[diff] [blame]97 $(OPENSSL) genrsa -out $@ 2048
98test-ca-alt.csr: $(test_ca_key_file_rsa_alt) $(test_ca_config_file)
99 $(OPENSSL) req -new -config $(test_ca_config_file) -key $(test_ca_key_file_rsa_alt) -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test CA" -out $@
100all_intermediate += test-ca-alt.csr
101test-ca-alt.crt: $(test_ca_key_file_rsa_alt) $(test_ca_config_file) test-ca-alt.csr
102 $(OPENSSL) req -x509 -config $(test_ca_config_file) -key $(test_ca_key_file_rsa_alt) -set_serial 0 -days 3653 -sha256 -in test-ca-alt.csr -out $@
103all_final += test-ca-alt.crt
104test-ca-alt-good.crt: test-ca-alt.crt test-ca-sha256.crt
105 cat test-ca-alt.crt test-ca-sha256.crt > $@
106all_final += test-ca-alt-good.crt
107test-ca-good-alt.crt: test-ca-alt.crt test-ca-sha256.crt
108 cat test-ca-sha256.crt test-ca-alt.crt > $@
109all_final += test-ca-good-alt.crt
110
Manuel Pégourié-Gonnardbc313012017-06-27 12:51:52 +0200[diff] [blame]111test_ca_crt_file_ec = test-ca2.crt
112test_ca_key_file_ec = test-ca2.key
113
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]114test-ca2.req.sha256: $(test_ca_key_file_ec)
115 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$(test_ca_key_file_ec) subject_name="C=NL,O=PolarSSL,CN=Polarssl Test EC CA" md=SHA256
116all_intermediate += test-ca2.req.sha256
117
118test-ca2.crt: $(test_ca_key_file_ec) test-ca2.req.sha256
119 $(MBEDTLS_CERT_WRITE) is_ca=1 serial=13926223505202072808 request_file=test-ca2.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=Polarssl Test EC CA" issuer_key=$(test_ca_key_file_ec) not_before=20190210144400 not_after=20290210144400 md=SHA256 version=3 output_file=$@
120all_final += test-ca.crt
121
Ron Eldor74d9acc2019-03-21 14:00:03 +0200[diff] [blame]122test-ca-any_policy.crt: $(test_ca_key_file_rsa) test-ca.req.sha256
123 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_any_policy_ca -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha256 -in test-ca.req.sha256 -out $@
124all_final += test-ca-any_policy.crt
125
126test-ca-any_policy_ec.crt: $(test_ca_key_file_ec) test-ca.req_ec.sha256
127 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_any_policy_ca -key $(test_ca_key_file_ec) -set_serial 0 -days 3653 -sha256 -in test-ca.req_ec.sha256 -out $@
128all_final += test-ca-any_policy_ec.crt
129
130test-ca-any_policy_with_qualifier.crt: $(test_ca_key_file_rsa) test-ca.req.sha256
131 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_any_policy_qualifier_ca -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha256 -in test-ca.req.sha256 -out $@
132all_final += test-ca-any_policy_with_qualifier.crt
133
134test-ca-any_policy_with_qualifier_ec.crt: $(test_ca_key_file_ec) test-ca.req_ec.sha256
135 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_any_policy_qualifier_ca -key $(test_ca_key_file_ec) -set_serial 0 -days 3653 -sha256 -in test-ca.req_ec.sha256 -out $@
136all_final += test-ca-any_policy_with_qualifier_ec.crt
137
138test-ca-multi_policy.crt: $(test_ca_key_file_rsa) test-ca.req.sha256
139 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_multi_policy_ca -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha256 -in test-ca.req.sha256 -out $@
140all_final += test-ca-multi_policy.crt
141
142test-ca-multi_policy_ec.crt: $(test_ca_key_file_ec) test-ca.req_ec.sha256
143 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_multi_policy_ca -key $(test_ca_key_file_ec) -set_serial 0 -days 3653 -sha256 -in test-ca.req_ec.sha256 -out $@
144all_final += test-ca-multi_policy_ec.crt
145
146test-ca-unsupported_policy.crt: $(test_ca_key_file_rsa) test-ca.req.sha256
147 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_unsupported_policy_ca -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha256 -in test-ca.req.sha256 -out $@
148all_final += test-ca-unsupported_policy.crt
149
150test-ca-unsupported_policy_ec.crt: $(test_ca_key_file_ec) test-ca.req_ec.sha256
151 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_unsupported_policy_ca -key $(test_ca_key_file_ec) -set_serial 0 -days 3653 -sha256 -in test-ca.req_ec.sha256 -out $@
152all_final += test-ca-unsupported_policy_ec.crt
153
154test-ca.req_ec.sha256: $(test_ca_key_file_ec)
155 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$(test_ca_key_file_ec) subject_name="C=NL, O=PolarSSL, CN=Polarssl Test EC CA" md=SHA256
156all_intermediate += test-ca.req_ec.sha256
157
Hanno Beckere21387e2019-03-12 16:49:26 +0000[diff] [blame]158test-ca2.crt.der: $(test_ca_crt_file_ec)
159 $(OPENSSL) x509 -in $(test_ca_crt_file_ec) -out $@ -inform PEM -outform DER
160all_final += test-ca2.crt.der
161
162test-ca2.key.der: $(test_ca_key_file_ec)
163 $(OPENSSL) pkey -in $(test_ca_key_file_ec) -out $@ -inform PEM -outform DER
164all_final += test-ca2.key.der
165
Hanno Beckerb9630812018-10-31 16:28:05 +0000[diff] [blame]166test_ca_crt_cat12 = test-ca_cat12.crt
167$(test_ca_crt_cat12): $(test_ca_crt) $(test_ca_crt_file_ec)
168 cat $(test_ca_crt) $(test_ca_crt_file_ec) > $@
169all_final += $(test_ca_crt_cat12)
170
171test_ca_crt_cat21 = test-ca_cat21.crt
172$(test_ca_crt_cat21): $(test_ca_crt) $(test_ca_crt_file_ec)
173 cat $(test_ca_crt_file_ec) $(test_ca_crt) > $@
174all_final += $(test_ca_crt_cat21)
175
Manuel Pégourié-Gonnardbc313012017-06-27 12:51:52 +0200[diff] [blame]176test-int-ca.csr: test-int-ca.key $(test_ca_config_file)
177 $(OPENSSL) req -new -config $(test_ca_config_file) -key test-int-ca.key -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test Intermediate CA" -out $@
178all_intermediate += test-int-ca.csr
Manuel Pégourié-Gonnard7ff243a2017-08-08 18:54:13 +0200[diff] [blame]179test-int-ca-exp.crt: $(test_ca_crt_file_ec) $(test_ca_key_file_ec) $(test_ca_config_file) test-int-ca.csr
Manuel Pégourié-Gonnardbc313012017-06-27 12:51:52 +0200[diff] [blame]180 $(FAKETIME) -f -3653d $(OPENSSL) x509 -req -extfile $(test_ca_config_file) -extensions v3_ca -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) -set_serial 14 -days 3653 -sha256 -in test-int-ca.csr -out $@
181all_final += test-int-ca-exp.crt
182
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]183enco-cert-utf8str.pem: rsa_pkcs1_1024_clear.pem
184 $(MBEDTLS_CERT_WRITE) subject_key=rsa_pkcs1_1024_clear.pem subject_name="CN=dw.yonan.net" issuer_crt=enco-ca-prstr.pem issuer_key=rsa_pkcs1_1024_clear.pem not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@
185
Manuel Pégourié-Gonnardfd3e4fb2018-03-13 11:53:30 +0100[diff] [blame]186crl-idp.pem: $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_config_file)
187 $(OPENSSL) ca -gencrl -batch -cert $(test_ca_crt) -keyfile $(test_ca_key_file_rsa) -key $(test_ca_pwd_rsa) -config $(test_ca_config_file) -name test_ca -md sha256 -crldays 3653 -crlexts crl_ext_idp -out $@
Manuel Pégourié-Gonnarda63305d2018-03-14 12:23:56 +0100[diff] [blame]188all_final += crl-idp.pem
189crl-idpnc.pem: $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_config_file)
190 $(OPENSSL) ca -gencrl -batch -cert $(test_ca_crt) -keyfile $(test_ca_key_file_rsa) -key $(test_ca_pwd_rsa) -config $(test_ca_config_file) -name test_ca -md sha256 -crldays 3653 -crlexts crl_ext_idp_nc -out $@
191all_final += crl-idpnc.pem
Manuel Pégourié-Gonnardfd3e4fb2018-03-13 11:53:30 +0100[diff] [blame]192
Gilles Peskinefd14bca2017-05-11 17:57:22 +0200[diff] [blame]193cli_crt_key_file_rsa = cli-rsa.key
194cli_crt_extensions_file = cli.opensslconf
195
Gilles Peskinef040a172017-05-05 18:56:12 +0200[diff] [blame]196cli-rsa.csr: $(cli_crt_key_file_rsa)
Hanno Becker386f99c2018-11-01 17:20:22 +0000[diff] [blame]197 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Client 2" md=SHA1
Gilles Peskinef040a172017-05-05 18:56:12 +0200[diff] [blame]198all_intermediate += cli-rsa.csr
Hanno Becker386f99c2018-11-01 17:20:22 +0000[diff] [blame]199
200cli-rsa-sha1.crt: cli-rsa.csr
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]201 $(MBEDTLS_CERT_WRITE) request_file=$< serial=4 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@
Hanno Becker386f99c2018-11-01 17:20:22 +0000[diff] [blame]202
203cli-rsa-sha256.crt: cli-rsa.csr
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]204 $(MBEDTLS_CERT_WRITE) request_file=$< serial=4 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA256 version=3 output_file=$@
Gilles Peskinef040a172017-05-05 18:56:12 +0200[diff] [blame]205all_final += cli-rsa-sha256.crt
206
Hanno Beckere21387e2019-03-12 16:49:26 +0000[diff] [blame]207cli-rsa-sha256.crt.der: cli-rsa-sha256.crt
208 $(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER
209all_final += cli-rsa-sha256.crt.der
210
Paul Elliottca17ebf2020-11-24 17:30:18 +0000[diff] [blame]211cli-rsa-sha256-badalg.crt.der: cli-rsa-sha256.crt.der
212 hexdump -ve '1/1 "%.2X"' $< | sed "s/06092A864886F70D01010B0500/06092A864886F70D01010B0900/2" | xxd -r -p > $@
213all_final += cli-rsa-sha256-badalg.crt.der
214
215cli-rsa.key.der: $(cli_crt_key_file_rsa)
Hanno Beckere21387e2019-03-12 16:49:26 +0000[diff] [blame]216 $(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER
217all_final += cli-rsa.key.der
218
Manuel Pégourié-Gonnard29d60fb2017-06-05 10:20:32 +0200[diff] [blame]219test_ca_int_rsa1 = test-int-ca.crt
220
221server7.csr: server7.key
222 $(OPENSSL) req -new -key server7.key -subj "/C=NL/O=PolarSSL/CN=localhost" -out $@
223all_intermediate += server7.csr
224server7-expired.crt: server7.csr $(test_ca_int_rsa1)
225 $(FAKETIME) -f -3653d $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA $(test_ca_int_rsa1) -CAkey test-int-ca.key -set_serial 16 -days 3653 -sha256 -in server7.csr | cat - $(test_ca_int_rsa1) > $@
226all_final += server7-expired.crt
227server7-future.crt: server7.csr $(test_ca_int_rsa1)
228 $(FAKETIME) -f +3653d $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA $(test_ca_int_rsa1) -CAkey test-int-ca.key -set_serial 16 -days 3653 -sha256 -in server7.csr | cat - $(test_ca_int_rsa1) > $@
229all_final += server7-future.crt
Manuel Pégourié-Gonnard4dfc04a2017-06-05 11:12:13 +0200[diff] [blame]230server7-badsign.crt: server7.crt $(test_ca_int_rsa1)
Manuel Pégourié-Gonnardd19a41d2017-07-14 11:05:59 +0200[diff] [blame]231 { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; cat $(test_ca_int_rsa1); } > $@
Manuel Pégourié-Gonnard4dfc04a2017-06-05 11:12:13 +0200[diff] [blame]232all_final += server7-badsign.crt
Manuel Pégourié-Gonnardbc313012017-06-27 12:51:52 +0200[diff] [blame]233server7_int-ca-exp.crt: server7.crt test-int-ca-exp.crt
234 cat server7.crt test-int-ca-exp.crt > $@
235all_final += server7_int-ca-exp.crt
236
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]237cli2.req.sha256: cli2.key
238 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Test Client 2" md=SHA256
239
240all_final += server1.req.sha1
241cli2.crt: cli2.req.sha256
242 $(MBEDTLS_CERT_WRITE) request_file=cli2.req.sha256 serial=13 selfsign=0 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test EC CA" issuer_key=$(test_ca_key_file_ec) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144400 not_after=20290210144400 md=SHA256 version=3 output_file=$@
243all_final += cli2.crt
244
Hanno Beckere21387e2019-03-12 16:49:26 +0000[diff] [blame]245cli2.crt.der: cli2.crt
246 $(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER
247all_final += cli2.crt.der
248
Hanno Becker4cbea4b2019-05-30 16:08:12 +0100[diff] [blame]249cli2.key.der: cli2.key
Hanno Beckere21387e2019-03-12 16:49:26 +0000[diff] [blame]250 $(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER
251all_final += cli2.key.der
252
Hanno Becker226eedb2020-08-17 12:14:00 +0100[diff] [blame]253server5_pwd_ec = PolarSSLTest
254
Hanno Becker4cbea4b2019-05-30 16:08:12 +0100[diff] [blame]255server5.crt.der: server5.crt
Hanno Beckere21387e2019-03-12 16:49:26 +0000[diff] [blame]256 $(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER
257all_final += server5.crt.der
258
Hanno Becker4cbea4b2019-05-30 16:08:12 +0100[diff] [blame]259server5.key.der: server5.key
Hanno Beckere21387e2019-03-12 16:49:26 +0000[diff] [blame]260 $(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER
261all_final += server5.key.der
262
Hanno Becker226eedb2020-08-17 12:14:00 +0100[diff] [blame]263server5.key.enc: server5.key
264 $(OPENSSL) ec -aes256 -in $< -out $@ -passout "pass:$(server5_pwd_ec)"
265all_final += server5.key.enc
266
Manuel Pégourié-Gonnardbc313012017-06-27 12:51:52 +0200[diff] [blame]267server5-ss-expired.crt: server5.key
268 $(FAKETIME) -f -3653d $(OPENSSL) req -x509 -new -subj "/C=UK/O=mbed TLS/OU=testsuite/CN=localhost" -days 3653 -sha256 -key $< -out $@
269all_final += server5-ss-expired.crt
270
Manuel Pégourié-Gonnardc10afdb2017-06-29 09:48:08 +0200[diff] [blame]271# try to forge a copy of test-int-ca3 with different key
272server5-ss-forgeca.crt: server5.key
273 $(FAKETIME) '2015-09-01 14:08:43' $(OPENSSL) req -x509 -new -subj "/C=UK/O=mbed TLS/CN=mbed TLS Test intermediate CA 3" -set_serial 77 -config $(test_ca_config_file) -extensions noext_ca -days 3650 -sha256 -key $< -out $@
274all_final += server5-ss-forgeca.crt
275
Ron Eldorb2dc3fa2019-03-21 13:40:13 +0200[diff] [blame]276server5-othername.crt: server5.key
277 $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions othername_san -days 3650 -sha256 -key $< -out $@
278
279server5-unsupported_othername.crt: server5.key
280 $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS unsupported othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions unsupoported_othername_san -days 3650 -sha256 -key $< -out $@
281
Ron Eldor3c4734a2019-03-25 14:05:23 +0200[diff] [blame]282server5-fan.crt: server5.key
283 $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS FAN" -set_serial 77 -config $(test_ca_config_file) -extensions fan_cert -days 3650 -sha256 -key server5.key -out $@
284
Manuel Pégourié-Gonnard7d2a4d82020-07-23 12:39:53 +0200[diff] [blame]285server5-tricky-ip-san.crt: server5.key
286 $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS Tricky IP SAN" -set_serial 77 -config $(test_ca_config_file) -extensions tricky_ip_san -days 3650 -sha256 -key server5.key -out $@
287all_final += server5-tricky-ip-san.crt
288
Manuel Pégourié-Gonnardd19a41d2017-07-14 11:05:59 +0200[diff] [blame]289server10-badsign.crt: server10.crt
290 { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; } > $@
291all_final += server10-badsign.crt
292server10-bs_int3.pem: server10-badsign.crt test-int-ca3.crt
293 cat server10-badsign.crt test-int-ca3.crt > $@
294all_final += server10-bs_int3.pem
295test-int-ca3-badsign.crt: test-int-ca3.crt
296 { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; } > $@
297all_final += test-int-ca3-badsign.crt
298server10_int3-bs.pem: server10.crt test-int-ca3-badsign.crt
299 cat server10.crt test-int-ca3-badsign.crt > $@
Jaeden Amero001626e2019-02-27 11:16:41 +0000[diff] [blame]300all_final += server10_int3-bs.pem
Manuel Pégourié-Gonnardc10afdb2017-06-29 09:48:08 +0200[diff] [blame]301
Ron Eldorb0065182017-10-16 12:40:27 +0300[diff] [blame]302rsa_pkcs1_2048_public.pem: server8.key
Ron Eldor3f2da842017-10-17 15:50:30 +0300[diff] [blame]303 $(OPENSSL) rsa -in $< -outform PEM -RSAPublicKey_out -out $@
304all_final += rsa_pkcs1_2048_public.pem
Gilles Peskineea8d6972017-11-28 17:30:52 +0100[diff] [blame]305
Ron Eldorb0065182017-10-16 12:40:27 +0300[diff] [blame]306rsa_pkcs1_2048_public.der: rsa_pkcs1_2048_public.pem
Ron Eldor3f2da842017-10-17 15:50:30 +0300[diff] [blame]307 $(OPENSSL) rsa -RSAPublicKey_in -in $< -outform DER -RSAPublicKey_out -out $@
308all_final += rsa_pkcs1_2048_public.der
309
310rsa_pkcs8_2048_public.pem: server8.key
311 $(OPENSSL) rsa -in $< -outform PEM -pubout -out $@
312all_final += rsa_pkcs8_2048_public.pem
313
314rsa_pkcs8_2048_public.der: rsa_pkcs8_2048_public.pem
315 $(OPENSSL) rsa -pubin -in $< -outform DER -pubout -out $@
Ron Eldorb0065182017-10-16 12:40:27 +0300[diff] [blame]316all_final += rsa_pkcs8_2048_public.der
Gilles Peskineea8d6972017-11-28 17:30:52 +0100[diff] [blame]317
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]318################################################################
319#### Generate various RSA keys
320################################################################
Gilles Peskinebc70a182017-05-09 15:59:24 +0200[diff] [blame]321
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]322### Password used for PKCS1-encoded encrypted RSA keys
323keys_rsa_basic_pwd = testkey
324
325### Password used for PKCS8-encoded encrypted RSA keys
326keys_rsa_pkcs8_pwd = PolarSSLTest
327
328### Basic 1024-, 2048- and 4096-bit unencrypted RSA keys from which
329### all other encrypted RSA keys are derived.
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]330rsa_pkcs1_1024_clear.pem:
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]331 $(OPENSSL) genrsa -out $@ 1024
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]332all_final += rsa_pkcs1_1024_clear.pem
333rsa_pkcs1_2048_clear.pem:
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]334 $(OPENSSL) genrsa -out $@ 2048
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]335all_final += rsa_pkcs1_2048_clear.pem
336rsa_pkcs1_4096_clear.pem:
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]337 $(OPENSSL) genrsa -out $@ 4096
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]338all_final += rsa_pkcs1_4096_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]339
340###
341### PKCS1-encoded, encrypted RSA keys
342###
343
344### 1024-bit
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]345rsa_pkcs1_1024_des.pem: rsa_pkcs1_1024_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]346 $(OPENSSL) rsa -des -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]347all_final += rsa_pkcs1_1024_des.pem
348rsa_pkcs1_1024_3des.pem: rsa_pkcs1_1024_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]349 $(OPENSSL) rsa -des3 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]350all_final += rsa_pkcs1_1024_3des.pem
351rsa_pkcs1_1024_aes128.pem: rsa_pkcs1_1024_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]352 $(OPENSSL) rsa -aes128 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]353all_final += rsa_pkcs1_1024_aes128.pem
354rsa_pkcs1_1024_aes192.pem: rsa_pkcs1_1024_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]355 $(OPENSSL) rsa -aes192 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]356all_final += rsa_pkcs1_1024_aes192.pem
357rsa_pkcs1_1024_aes256.pem: rsa_pkcs1_1024_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]358 $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]359all_final += rsa_pkcs1_1024_aes256.pem
360keys_rsa_enc_basic_1024: rsa_pkcs1_1024_des.pem rsa_pkcs1_1024_3des.pem rsa_pkcs1_1024_aes128.pem rsa_pkcs1_1024_aes192.pem rsa_pkcs1_1024_aes256.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]361
362# 2048-bit
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]363rsa_pkcs1_2048_des.pem: rsa_pkcs1_2048_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]364 $(OPENSSL) rsa -des -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]365all_final += rsa_pkcs1_2048_des.pem
366rsa_pkcs1_2048_3des.pem: rsa_pkcs1_2048_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]367 $(OPENSSL) rsa -des3 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]368all_final += rsa_pkcs1_2048_3des.pem
369rsa_pkcs1_2048_aes128.pem: rsa_pkcs1_2048_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]370 $(OPENSSL) rsa -aes128 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]371all_final += rsa_pkcs1_2048_aes128.pem
372rsa_pkcs1_2048_aes192.pem: rsa_pkcs1_2048_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]373 $(OPENSSL) rsa -aes192 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]374all_final += rsa_pkcs1_2048_aes192.pem
375rsa_pkcs1_2048_aes256.pem: rsa_pkcs1_2048_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]376 $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]377all_final += rsa_pkcs1_2048_aes256.pem
378keys_rsa_enc_basic_2048: rsa_pkcs1_2048_des.pem rsa_pkcs1_2048_3des.pem rsa_pkcs1_2048_aes128.pem rsa_pkcs1_2048_aes192.pem rsa_pkcs1_2048_aes256.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]379
380# 4096-bit
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]381rsa_pkcs1_4096_des.pem: rsa_pkcs1_4096_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]382 $(OPENSSL) rsa -des -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]383all_final += rsa_pkcs1_4096_des.pem
384rsa_pkcs1_4096_3des.pem: rsa_pkcs1_4096_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]385 $(OPENSSL) rsa -des3 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]386all_final += rsa_pkcs1_4096_3des.pem
387rsa_pkcs1_4096_aes128.pem: rsa_pkcs1_4096_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]388 $(OPENSSL) rsa -aes128 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]389all_final += rsa_pkcs1_4096_aes128.pem
390rsa_pkcs1_4096_aes192.pem: rsa_pkcs1_4096_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]391 $(OPENSSL) rsa -aes192 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]392all_final += rsa_pkcs1_4096_aes192.pem
393rsa_pkcs1_4096_aes256.pem: rsa_pkcs1_4096_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]394 $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]395all_final += rsa_pkcs1_4096_aes256.pem
396keys_rsa_enc_basic_4096: rsa_pkcs1_4096_des.pem rsa_pkcs1_4096_3des.pem rsa_pkcs1_4096_aes128.pem rsa_pkcs1_4096_aes192.pem rsa_pkcs1_4096_aes256.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]397
398###
399### PKCS8-v1 encoded, encrypted RSA keys
400###
401
402### 1024-bit
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]403rsa_pkcs8_pbe_sha1_1024_3des.der: rsa_pkcs1_1024_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]404 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]405all_final += rsa_pkcs8_pbe_sha1_1024_3des.der
406rsa_pkcs8_pbe_sha1_1024_3des.pem: rsa_pkcs1_1024_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]407 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]408all_final += rsa_pkcs8_pbe_sha1_1024_3des.pem
409keys_rsa_enc_pkcs8_v1_1024_3des: rsa_pkcs8_pbe_sha1_1024_3des.pem rsa_pkcs8_pbe_sha1_1024_3des.der
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]410
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]411rsa_pkcs8_pbe_sha1_1024_2des.der: rsa_pkcs1_1024_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]412 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]413all_final += rsa_pkcs8_pbe_sha1_1024_2des.der
414rsa_pkcs8_pbe_sha1_1024_2des.pem: rsa_pkcs1_1024_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]415 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]416all_final += rsa_pkcs8_pbe_sha1_1024_2des.pem
417keys_rsa_enc_pkcs8_v1_1024_2des: rsa_pkcs8_pbe_sha1_1024_2des.pem rsa_pkcs8_pbe_sha1_1024_2des.der
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]418
TRodziewicz75628d52021-06-18 12:56:27 +0200[diff] [blame]419keys_rsa_enc_pkcs8_v1_1024: keys_rsa_enc_pkcs8_v1_1024_3des keys_rsa_enc_pkcs8_v1_1024_2des
420
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]421### 2048-bit
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]422rsa_pkcs8_pbe_sha1_2048_3des.der: rsa_pkcs1_2048_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]423 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]424all_final += rsa_pkcs8_pbe_sha1_2048_3des.der
425rsa_pkcs8_pbe_sha1_2048_3des.pem: rsa_pkcs1_2048_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]426 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]427all_final += rsa_pkcs8_pbe_sha1_2048_3des.pem
428keys_rsa_enc_pkcs8_v1_2048_3des: rsa_pkcs8_pbe_sha1_2048_3des.pem rsa_pkcs8_pbe_sha1_2048_3des.der
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]429
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]430rsa_pkcs8_pbe_sha1_2048_2des.der: rsa_pkcs1_2048_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]431 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]432all_final += rsa_pkcs8_pbe_sha1_2048_2des.der
433rsa_pkcs8_pbe_sha1_2048_2des.pem: rsa_pkcs1_2048_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]434 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]435all_final += rsa_pkcs8_pbe_sha1_2048_2des.pem
436keys_rsa_enc_pkcs8_v1_2048_2des: rsa_pkcs8_pbe_sha1_2048_2des.pem rsa_pkcs8_pbe_sha1_2048_2des.der
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]437
TRodziewicz75628d52021-06-18 12:56:27 +0200[diff] [blame]438keys_rsa_enc_pkcs8_v1_2048: keys_rsa_enc_pkcs8_v1_2048_3des keys_rsa_enc_pkcs8_v1_2048_2des
439
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]440### 4096-bit
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]441rsa_pkcs8_pbe_sha1_4096_3des.der: rsa_pkcs1_4096_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]442 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]443all_final += rsa_pkcs8_pbe_sha1_4096_3des.der
444rsa_pkcs8_pbe_sha1_4096_3des.pem: rsa_pkcs1_4096_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]445 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]446all_final += rsa_pkcs8_pbe_sha1_4096_3des.pem
447keys_rsa_enc_pkcs8_v1_4096_3des: rsa_pkcs8_pbe_sha1_4096_3des.pem rsa_pkcs8_pbe_sha1_4096_3des.der
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]448
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]449rsa_pkcs8_pbe_sha1_4096_2des.der: rsa_pkcs1_4096_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]450 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]451all_final += rsa_pkcs8_pbe_sha1_4096_2des.der
452rsa_pkcs8_pbe_sha1_4096_2des.pem: rsa_pkcs1_4096_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]453 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]454all_final += rsa_pkcs8_pbe_sha1_4096_2des.pem
455keys_rsa_enc_pkcs8_v1_4096_2des: rsa_pkcs8_pbe_sha1_4096_2des.pem rsa_pkcs8_pbe_sha1_4096_2des.der
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]456
TRodziewicz75628d52021-06-18 12:56:27 +0200[diff] [blame]457keys_rsa_enc_pkcs8_v1_4096: keys_rsa_enc_pkcs8_v1_4096_3des keys_rsa_enc_pkcs8_v1_4096_2des
458
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]459###
Antonio Quartullif476b9d2018-02-01 13:54:13 +0800[diff] [blame]460### PKCS8-v2 encoded, encrypted RSA keys, no PRF specified (default for OpenSSL1.0: hmacWithSHA1)
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]461###
462
463### 1024-bit
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]464rsa_pkcs8_pbes2_pbkdf2_1024_3des.der: rsa_pkcs1_1024_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]465 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]466all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des.der
467rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem: rsa_pkcs1_1024_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]468 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]469all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem
470keys_rsa_enc_pkcs8_v2_1024_3des: rsa_pkcs8_pbes2_pbkdf2_1024_3des.der rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]471
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]472rsa_pkcs8_pbes2_pbkdf2_1024_des.der: rsa_pkcs1_1024_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]473 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]474all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des.der
475rsa_pkcs8_pbes2_pbkdf2_1024_des.pem: rsa_pkcs1_1024_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]476 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]477all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des.pem
478keys_rsa_enc_pkcs8_v2_1024_des: rsa_pkcs8_pbes2_pbkdf2_1024_des.der rsa_pkcs8_pbes2_pbkdf2_1024_des.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]479
480keys_rsa_enc_pkcs8_v2_1024: keys_rsa_enc_pkcs8_v2_1024_3des keys_rsa_enc_pkcs8_v2_1024_des
481
482### 2048-bit
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]483rsa_pkcs8_pbes2_pbkdf2_2048_3des.der: rsa_pkcs1_2048_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]484 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]485all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des.der
486rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem: rsa_pkcs1_2048_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]487 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]488all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem
489keys_rsa_enc_pkcs8_v2_2048_3des: rsa_pkcs8_pbes2_pbkdf2_2048_3des.der rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]490
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]491rsa_pkcs8_pbes2_pbkdf2_2048_des.der: rsa_pkcs1_2048_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]492 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]493all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des.der
494rsa_pkcs8_pbes2_pbkdf2_2048_des.pem: rsa_pkcs1_2048_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]495 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]496all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des.pem
497keys_rsa_enc_pkcs8_v2_2048_des: rsa_pkcs8_pbes2_pbkdf2_2048_des.der rsa_pkcs8_pbes2_pbkdf2_2048_des.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]498
499keys_rsa_enc_pkcs8_v2_2048: keys_rsa_enc_pkcs8_v2_2048_3des keys_rsa_enc_pkcs8_v2_2048_des
500
501### 4096-bit
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]502rsa_pkcs8_pbes2_pbkdf2_4096_3des.der: rsa_pkcs1_4096_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]503 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]504all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des.der
505rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem: rsa_pkcs1_4096_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]506 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]507all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem
508keys_rsa_enc_pkcs8_v2_4096_3des: rsa_pkcs8_pbes2_pbkdf2_4096_3des.der rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]509
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]510rsa_pkcs8_pbes2_pbkdf2_4096_des.der: rsa_pkcs1_4096_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]511 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]512all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des.der
513rsa_pkcs8_pbes2_pbkdf2_4096_des.pem: rsa_pkcs1_4096_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]514 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]515all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des.pem
516keys_rsa_enc_pkcs8_v2_4096_des: rsa_pkcs8_pbes2_pbkdf2_4096_des.der rsa_pkcs8_pbes2_pbkdf2_4096_des.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]517
518keys_rsa_enc_pkcs8_v2_4096: keys_rsa_enc_pkcs8_v2_4096_3des keys_rsa_enc_pkcs8_v2_4096_des
519
520###
Antonio Quartullif476b9d2018-02-01 13:54:13 +0800[diff] [blame]521### PKCS8-v2 encoded, encrypted RSA keys, PRF hmacWithSHA224
522###
523
524### 1024-bit
525rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der: rsa_pkcs1_1024_clear.pem
526 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
527all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der
528rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem: rsa_pkcs1_1024_clear.pem
529 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
530all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem
531keys_rsa_enc_pkcs8_v2_1024_3des_sha224: rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem
532
533rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der: rsa_pkcs1_1024_clear.pem
534 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
535all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der
536rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem: rsa_pkcs1_1024_clear.pem
537 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
538all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem
539keys_rsa_enc_pkcs8_v2_1024_des_sha224: rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem
540
541keys_rsa_enc_pkcs8_v2_1024_sha224: keys_rsa_enc_pkcs8_v2_1024_3des_sha224 keys_rsa_enc_pkcs8_v2_1024_des_sha224
542
543### 2048-bit
544rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der: rsa_pkcs1_2048_clear.pem
545 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
546all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der
547rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem: rsa_pkcs1_2048_clear.pem
548 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
549all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem
550keys_rsa_enc_pkcs8_v2_2048_3des_sha224: rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem
551
552rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der: rsa_pkcs1_2048_clear.pem
553 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
554all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der
555rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem: rsa_pkcs1_2048_clear.pem
556 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
557all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem
558keys_rsa_enc_pkcs8_v2_2048_des_sha224: rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem
559
560keys_rsa_enc_pkcs8_v2_2048_sha224: keys_rsa_enc_pkcs8_v2_2048_3des_sha224 keys_rsa_enc_pkcs8_v2_2048_des_sha224
561
562### 4096-bit
563rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der: rsa_pkcs1_4096_clear.pem
564 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
565all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der
566rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem: rsa_pkcs1_4096_clear.pem
567 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
568all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem
569keys_rsa_enc_pkcs8_v2_4096_3des_sha224: rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem
570
571rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der: rsa_pkcs1_4096_clear.pem
572 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
573all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der
574rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem: rsa_pkcs1_4096_clear.pem
575 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
576all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem
577keys_rsa_enc_pkcs8_v2_4096_des_sha224: rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem
578
579keys_rsa_enc_pkcs8_v2_4096_sha224: keys_rsa_enc_pkcs8_v2_4096_3des_sha224 keys_rsa_enc_pkcs8_v2_4096_des_sha224
580
581###
582### PKCS8-v2 encoded, encrypted RSA keys, PRF hmacWithSHA256
583###
584
585### 1024-bit
586rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.der: rsa_pkcs1_1024_clear.pem
587 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
588all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.der
589rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.pem: rsa_pkcs1_1024_clear.pem
590 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
591all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.pem
592keys_rsa_enc_pkcs8_v2_1024_3des_sha256: rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.der rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.pem
593
594rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.der: rsa_pkcs1_1024_clear.pem
595 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
596all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.der
597rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.pem: rsa_pkcs1_1024_clear.pem
598 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
599all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.pem
600keys_rsa_enc_pkcs8_v2_1024_des_sha256: rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.der rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.pem
601
602keys_rsa_enc_pkcs8_v2_1024_sha256: keys_rsa_enc_pkcs8_v2_1024_3des_sha256 keys_rsa_enc_pkcs8_v2_1024_des_sha256
603
604### 2048-bit
605rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.der: rsa_pkcs1_2048_clear.pem
606 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
607all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.der
608rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem: rsa_pkcs1_2048_clear.pem
609 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
610all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem
611keys_rsa_enc_pkcs8_v2_2048_3des_sha256: rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.der rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem
612
613rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.der: rsa_pkcs1_2048_clear.pem
614 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
615all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.der
616rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem: rsa_pkcs1_2048_clear.pem
617 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
618all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem
619keys_rsa_enc_pkcs8_v2_2048_des_sha256: rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.der rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem
620
621keys_rsa_enc_pkcs8_v2_2048_sha256: keys_rsa_enc_pkcs8_v2_2048_3des_sha256 keys_rsa_enc_pkcs8_v2_2048_des_sha256
622
623### 4096-bit
624rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der: rsa_pkcs1_4096_clear.pem
625 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
626all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der
627rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem: rsa_pkcs1_4096_clear.pem
628 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
629all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem
630keys_rsa_enc_pkcs8_v2_4096_3des_sha256: rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem
631
632rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der: rsa_pkcs1_4096_clear.pem
633 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
634all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der
635rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem: rsa_pkcs1_4096_clear.pem
636 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
637all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem
638keys_rsa_enc_pkcs8_v2_4096_des_sha256: rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem
639
640keys_rsa_enc_pkcs8_v2_4096_sha256: keys_rsa_enc_pkcs8_v2_4096_3des_sha256 keys_rsa_enc_pkcs8_v2_4096_des_sha256
641
642###
643### PKCS8-v2 encoded, encrypted RSA keys, PRF hmacWithSHA384
644###
645
646### 1024-bit
647rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.der: rsa_pkcs1_1024_clear.pem
648 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
649all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.der
650rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem: rsa_pkcs1_1024_clear.pem
651 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
652all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem
653keys_rsa_enc_pkcs8_v2_1024_3des_sha384: rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.der rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem
654
655rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.der: rsa_pkcs1_1024_clear.pem
656 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
657all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.der
658rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.pem: rsa_pkcs1_1024_clear.pem
659 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
660all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.pem
661keys_rsa_enc_pkcs8_v2_1024_des_sha384: rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.der rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.pem
662
663keys_rsa_enc_pkcs8_v2_1024_sha384: keys_rsa_enc_pkcs8_v2_1024_3des_sha384 keys_rsa_enc_pkcs8_v2_1024_des_sha384
664
665### 2048-bit
666rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der: rsa_pkcs1_2048_clear.pem
667 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
668all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der
669rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem: rsa_pkcs1_2048_clear.pem
670 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
671all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem
672keys_rsa_enc_pkcs8_v2_2048_3des_sha384: rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem
673
674rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der: rsa_pkcs1_2048_clear.pem
675 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
676all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der
677rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem: rsa_pkcs1_2048_clear.pem
678 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
679all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem
680keys_rsa_enc_pkcs8_v2_2048_des_sha384: rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem
681
682keys_rsa_enc_pkcs8_v2_2048_sha384: keys_rsa_enc_pkcs8_v2_2048_3des_sha384 keys_rsa_enc_pkcs8_v2_2048_des_sha384
683
684### 4096-bit
685rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der: rsa_pkcs1_4096_clear.pem
686 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
687all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der
688rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem: rsa_pkcs1_4096_clear.pem
689 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
690all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem
691keys_rsa_enc_pkcs8_v2_4096_3des_sha384: rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem
692
693rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der: rsa_pkcs1_4096_clear.pem
694 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
695all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der
696rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem: rsa_pkcs1_4096_clear.pem
697 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
698all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem
699keys_rsa_enc_pkcs8_v2_4096_des_sha384: rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem
700
701keys_rsa_enc_pkcs8_v2_4096_sha384: keys_rsa_enc_pkcs8_v2_4096_3des_sha384 keys_rsa_enc_pkcs8_v2_4096_des_sha384
702
703###
704### PKCS8-v2 encoded, encrypted RSA keys, PRF hmacWithSHA512
705###
706
707### 1024-bit
708rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.der: rsa_pkcs1_1024_clear.pem
709 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
710all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.der
711rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.pem: rsa_pkcs1_1024_clear.pem
712 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
713all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.pem
714keys_rsa_enc_pkcs8_v2_1024_3des_sha512: rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.der rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.pem
715
716rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.der: rsa_pkcs1_1024_clear.pem
717 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
718all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.der
719rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.pem: rsa_pkcs1_1024_clear.pem
720 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
721all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.pem
722keys_rsa_enc_pkcs8_v2_1024_des_sha512: rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.der rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.pem
723
724keys_rsa_enc_pkcs8_v2_1024_sha512: keys_rsa_enc_pkcs8_v2_1024_3des_sha512 keys_rsa_enc_pkcs8_v2_1024_des_sha512
725
726### 2048-bit
727rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.der: rsa_pkcs1_2048_clear.pem
728 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
729all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.der
730rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem: rsa_pkcs1_2048_clear.pem
731 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
732all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem
733keys_rsa_enc_pkcs8_v2_2048_3des_sha512: rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.der rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem
734
735rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.der: rsa_pkcs1_2048_clear.pem
736 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
737all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.der
738rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem: rsa_pkcs1_2048_clear.pem
739 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
740all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem
741keys_rsa_enc_pkcs8_v2_2048_des_sha512: rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.der rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem
742
743keys_rsa_enc_pkcs8_v2_2048_sha512: keys_rsa_enc_pkcs8_v2_2048_3des_sha512 keys_rsa_enc_pkcs8_v2_2048_des_sha512
744
745### 4096-bit
746rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der: rsa_pkcs1_4096_clear.pem
747 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
748all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der
749rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem: rsa_pkcs1_4096_clear.pem
750 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
751all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem
752keys_rsa_enc_pkcs8_v2_4096_3des_sha512: rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem
753
754rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der: rsa_pkcs1_4096_clear.pem
755 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
756all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der
757rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem: rsa_pkcs1_4096_clear.pem
758 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
759all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem
760keys_rsa_enc_pkcs8_v2_4096_des_sha512: rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem
761
762keys_rsa_enc_pkcs8_v2_4096_sha512: keys_rsa_enc_pkcs8_v2_4096_3des_sha512 keys_rsa_enc_pkcs8_v2_4096_des_sha512
763
764###
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]765### Rules to generate all RSA keys from a particular class
766###
767
768### Generate basic unencrypted RSA keys
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]769keys_rsa_unenc: rsa_pkcs1_1024_clear.pem rsa_pkcs1_2048_clear.pem rsa_pkcs1_4096_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]770
771### Generate PKCS1-encoded encrypted RSA keys
772keys_rsa_enc_basic: keys_rsa_enc_basic_1024 keys_rsa_enc_basic_2048 keys_rsa_enc_basic_4096
773
774### Generate PKCS8-v1 encrypted RSA keys
775keys_rsa_enc_pkcs8_v1: keys_rsa_enc_pkcs8_v1_1024 keys_rsa_enc_pkcs8_v1_2048 keys_rsa_enc_pkcs8_v1_4096
776
777### Generate PKCS8-v2 encrypted RSA keys
Antonio Quartullif476b9d2018-02-01 13:54:13 +0800[diff] [blame]778keys_rsa_enc_pkcs8_v2: keys_rsa_enc_pkcs8_v2_1024 keys_rsa_enc_pkcs8_v2_2048 keys_rsa_enc_pkcs8_v2_4096 keys_rsa_enc_pkcs8_v2_1024_sha224 keys_rsa_enc_pkcs8_v2_2048_sha224 keys_rsa_enc_pkcs8_v2_4096_sha224 keys_rsa_enc_pkcs8_v2_1024_sha256 keys_rsa_enc_pkcs8_v2_2048_sha256 keys_rsa_enc_pkcs8_v2_4096_sha256 keys_rsa_enc_pkcs8_v2_1024_sha384 keys_rsa_enc_pkcs8_v2_2048_sha384 keys_rsa_enc_pkcs8_v2_4096_sha384 keys_rsa_enc_pkcs8_v2_1024_sha512 keys_rsa_enc_pkcs8_v2_2048_sha512 keys_rsa_enc_pkcs8_v2_4096_sha512
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]779
780### Generate all RSA keys
781keys_rsa_all: keys_rsa_unenc keys_rsa_enc_basic keys_rsa_enc_pkcs8_v1 keys_rsa_enc_pkcs8_v2
782
Jethro Beekmand2df9362018-02-16 13:11:04 -0800[diff] [blame]783################################################################
784#### Generate various EC keys
785################################################################
Gilles Peskineea8d6972017-11-28 17:30:52 +0100[diff] [blame]786
Jethro Beekmand2df9362018-02-16 13:11:04 -0800[diff] [blame]787###
788### PKCS8 encoded
789###
790
791ec_prv.pk8.der:
792 $(OPENSSL) genpkey -algorithm EC -pkeyopt ec_paramgen_curve:prime192v1 -pkeyopt ec_param_enc:named_curve -out $@ -outform DER
793all_final += ec_prv.pk8.der
794
795# ### Instructions for creating `ec_prv.pk8nopub.der`,
796# ### `ec_prv.pk8nopubparam.der`, and `ec_prv.pk8param.der` by hand from
797# ### `ec_prv.pk8.der`.
798#
799# These instructions assume you are familiar with ASN.1 DER encoding and can
800# use a hex editor to manipulate DER.
801#
802# The relevant ASN.1 definitions for a PKCS#8 encoded Elliptic Curve key are:
803#
804# PrivateKeyInfo ::= SEQUENCE {
805# version Version,
806# privateKeyAlgorithm PrivateKeyAlgorithmIdentifier,
807# privateKey PrivateKey,
808# attributes [0] IMPLICIT Attributes OPTIONAL
809# }
810#
811# AlgorithmIdentifier ::= SEQUENCE {
812# algorithm OBJECT IDENTIFIER,
813# parameters ANY DEFINED BY algorithm OPTIONAL
814# }
815#
816# ECParameters ::= CHOICE {
817# namedCurve OBJECT IDENTIFIER
818# -- implicitCurve NULL
819# -- specifiedCurve SpecifiedECDomain
820# }
821#
822# ECPrivateKey ::= SEQUENCE {
823# version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
824# privateKey OCTET STRING,
825# parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
826# publicKey [1] BIT STRING OPTIONAL
827# }
828#
829# `ec_prv.pk8.der` as generatde above by OpenSSL should have the following
830# fields:
831#
832# * privateKeyAlgorithm namedCurve
833# * privateKey.parameters NOT PRESENT
834# * privateKey.publicKey PRESENT
835# * attributes NOT PRESENT
836#
837# # ec_prv.pk8nopub.der
838#
839# Take `ec_prv.pk8.der` and remove `privateKey.publicKey`.
840#
841# # ec_prv.pk8nopubparam.der
842#
843# Take `ec_prv.pk8nopub.der` and add `privateKey.parameters`, the same value as
844# `privateKeyAlgorithm.namedCurve`. Don't forget to add the explicit tag.
845#
846# # ec_prv.pk8param.der
847#
848# Take `ec_prv.pk8.der` and add `privateKey.parameters`, the same value as
849# `privateKeyAlgorithm.namedCurve`. Don't forget to add the explicit tag.
850
851ec_prv.pk8.pem: ec_prv.pk8.der
852 $(OPENSSL) pkey -in $< -inform DER -out $@
853all_final += ec_prv.pk8.pem
854ec_prv.pk8nopub.pem: ec_prv.pk8nopub.der
855 $(OPENSSL) pkey -in $< -inform DER -out $@
856all_final += ec_prv.pk8nopub.pem
857ec_prv.pk8nopubparam.pem: ec_prv.pk8nopubparam.der
858 $(OPENSSL) pkey -in $< -inform DER -out $@
859all_final += ec_prv.pk8nopubparam.pem
860ec_prv.pk8param.pem: ec_prv.pk8param.der
861 $(OPENSSL) pkey -in $< -inform DER -out $@
862all_final += ec_prv.pk8param.pem
Gilles Peskineea8d6972017-11-28 17:30:52 +0100[diff] [blame]863
864################################################################
Hanno Becker50cb93a2018-10-08 17:15:28 +0100[diff] [blame]865### Generate CSRs for X.509 write test suite
866################################################################
867
868server1.req.sha1: server1.key
869 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1
870all_final += server1.req.sha1
871
Hanno Becker50cb93a2018-10-08 17:15:28 +0100[diff] [blame]872server1.req.md5: server1.key
873 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=MD5
874all_final += server1.req.md5
875
876server1.req.sha224: server1.key
877 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA224
878all_final += server1.req.sha224
879
880server1.req.sha256: server1.key
881 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA256
882all_final += server1.req.sha256
883
884server1.req.sha384: server1.key
885 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA384
886all_final += server1.req.sha384
887
888server1.req.sha512: server1.key
889 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA512
890all_final += server1.req.sha512
891
892server1.req.cert_type: server1.key
893 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< ns_cert_type=ssl_server subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1
894all_final += server1.req.cert_type
895
896server1.req.key_usage: server1.key
897 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< key_usage=digital_signature,non_repudiation,key_encipherment subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1
898all_final += server1.req.key_usage
899
900server1.req.ku-ct: server1.key
901 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< key_usage=digital_signature,non_repudiation,key_encipherment ns_cert_type=ssl_server subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1
902all_final += server1.req.ku-ct
903
Andres Amaya Garcia7067f812018-09-26 10:51:16 +0100[diff] [blame]904server1.req.key_usage_empty: server1.key
905 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 force_key_usage=1
906all_final += server1.req.key_usage_empty
907
908server1.req.cert_type_empty: server1.key
909 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 force_ns_cert_type=1
910all_final += server1.req.cert_type_empty
911
Hanno Beckerebc1f402018-10-31 16:35:59 +0000[diff] [blame]912# server2*
913
Hanno Becker226eedb2020-08-17 12:14:00 +0100[diff] [blame]914server2_pwd_ec = PolarSSLTest
915
Hanno Beckerebc1f402018-10-31 16:35:59 +0000[diff] [blame]916server2.req.sha256: server2.key
917 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=localhost" md=SHA256
918all_intermediate += server2.req.sha256
919
Hanno Beckere21387e2019-03-12 16:49:26 +0000[diff] [blame]920server2.crt.der: server2.crt
921 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
922all_final += server2.crt.der
923
924server2-sha256.crt.der: server2-sha256.crt
925 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
926all_final += server2-sha256.crt.der
927
928server2.key.der: server2.key
929 $(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER
930all_final += server2.key.der
931
Hanno Becker226eedb2020-08-17 12:14:00 +0100[diff] [blame]932server2.key.enc: server2.key
933 $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(server2_pwd_ec)"
934all_final += server2.key.enc
935
Hanno Becker0dd11392018-11-02 08:56:15 +0000[diff] [blame]936# server5*
937
938# The use of 'Server 1' in the DN is intentional here, as the DN is hardcoded in the x509_write test suite.'
939server5.req.ku.sha1: server5.key
940 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< key_usage=digital_signature,non_repudiation subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1
941all_final += server5.req.ku.sha1
942
Hanno Becker50cb93a2018-10-08 17:15:28 +0100[diff] [blame]943################################################################
Hanno Becker418a6222017-09-14 07:51:28 +0100[diff] [blame]944### Generate certificates for CRT write check tests
Gilles Peskineea8d6972017-11-28 17:30:52 +0100[diff] [blame]945################################################################
946
Hanno Becker418a6222017-09-14 07:51:28 +0100[diff] [blame]947### The test files use the Mbed TLS generated certificates server1*.crt,
948### but for comparison with OpenSSL also rules for OpenSSL-generated
949### certificates server1*.crt.openssl are offered.
950###
951### Known differences:
952### * OpenSSL encodes trailing zero-bits in bit-strings occurring in X.509 extension
953### as unused bits, while Mbed TLS doesn't.
Gilles Peskinef040a172017-05-05 18:56:12 +0200[diff] [blame]954
Hanno Becker418a6222017-09-14 07:51:28 +0100[diff] [blame]955test_ca_server1_db = test-ca.server1.db
956test_ca_server1_serial = test-ca.server1.serial
957test_ca_server1_config_file = test-ca.server1.opensslconf
958
Hanno Becker50cb93a2018-10-08 17:15:28 +0100[diff] [blame]959# server1*
Hanno Becker418a6222017-09-14 07:51:28 +0100[diff] [blame]960
Hanno Becker50cb93a2018-10-08 17:15:28 +0100[diff] [blame]961server1.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]962 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@
Hanno Becker50cb93a2018-10-08 17:15:28 +0100[diff] [blame]963server1.noauthid.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]964 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 authority_identifier=0 version=3 output_file=$@
Hanno Becker58fc28c2019-03-14 13:33:20 +0000[diff] [blame]965server1.crt.der: server1.crt
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]966 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 authority_identifier=0 version=3 output_file=$@
967server1.der: server1.crt
Hanno Becker418a6222017-09-14 07:51:28 +0100[diff] [blame]968 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
Hanno Becker58fc28c2019-03-14 13:33:20 +0000[diff] [blame]969all_final += server1.crt server1.noauthid.crt server1.crt.der
Hanno Becker418a6222017-09-14 07:51:28 +0100[diff] [blame]970
Hanno Becker50cb93a2018-10-08 17:15:28 +0100[diff] [blame]971server1.key_usage.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]972 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 key_usage=digital_signature,non_repudiation,key_encipherment version=3 output_file=$@
Hanno Becker50cb93a2018-10-08 17:15:28 +0100[diff] [blame]973server1.key_usage_noauthid.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]974 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 key_usage=digital_signature,non_repudiation,key_encipherment authority_identifier=0 version=3 output_file=$@
Hanno Becker418a6222017-09-14 07:51:28 +0100[diff] [blame]975server1.key_usage.der: server1.key_usage.crt
976 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
977all_final += server1.key_usage.crt server1.key_usage_noauthid.crt server1.key_usage.der
978
Hanno Becker50cb93a2018-10-08 17:15:28 +0100[diff] [blame]979server1.cert_type.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]980 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 ns_cert_type=ssl_server version=3 output_file=$@
Hanno Becker50cb93a2018-10-08 17:15:28 +0100[diff] [blame]981server1.cert_type_noauthid.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]982 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 ns_cert_type=ssl_server authority_identifier=0 version=3 output_file=$@
Hanno Becker418a6222017-09-14 07:51:28 +0100[diff] [blame]983server1.cert_type.der: server1.cert_type.crt
984 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
985all_final += server1.cert_type.crt server1.cert_type_noauthid.crt server1.cert_type.der
986
Hanno Becker50cb93a2018-10-08 17:15:28 +0100[diff] [blame]987server1.v1.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]988 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 version=1 output_file=$@
Hanno Becker418a6222017-09-14 07:51:28 +0100[diff] [blame]989server1.v1.der: server1.v1.crt
990 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
991all_final += server1.v1.crt server1.v1.der
992
Darren Krahn9c134ce2021-01-13 22:04:45 -0800[diff] [blame]993server1.ca.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
994 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 is_ca=1 version=3 output_file=$@
995server1.ca_noauthid.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
996 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 authority_identifier=0 is_ca=1 version=3 output_file=$@
997server1.ca.der: server1.ca.crt
998 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
999all_final += server1.ca.crt server1.ca_noauthid.crt server1.ca.der
1000
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]1001server1_ca.crt: server1.crt $(test_ca_crt)
1002 cat server1.crt $(test_ca_crt) > $@
1003all_final += server1_ca.crt
1004
1005cert_sha1.crt: server1.key
1006 $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=PolarSSL Cert SHA1" serial=7 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@
1007all_final += cert_sha1.crt
1008
1009cert_sha224.crt: server1.key
1010 $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=PolarSSL Cert SHA224" serial=8 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA224 version=3 output_file=$@
1011all_final += cert_sha224.crt
1012
1013cert_sha256.crt: server1.key
1014 $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=PolarSSL Cert SHA256" serial=9 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA256 version=3 output_file=$@
1015all_final += cert_sha256.crt
1016
1017cert_sha384.crt: server1.key
1018 $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=PolarSSL Cert SHA384" serial=10 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA384 version=3 output_file=$@
1019all_final += cert_sha384.crt
1020
1021cert_sha512.crt: server1.key
1022 $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=PolarSSL Cert SHA512" serial=11 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA512 version=3 output_file=$@
1023all_final += cert_sha512.crt
1024
1025cert_example_wildcard.crt: server1.key
1026 $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=*.example.com" serial=12 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@
1027all_final += cert_example_wildcard.crt
1028
Hanno Becker418a6222017-09-14 07:51:28 +0100[diff] [blame]1029# OpenSSL-generated certificates for comparison
Hanno Becker81535d02017-09-13 15:39:59 +0100[diff] [blame]1030# Also provide certificates in DER format to allow
Hanno Becker418a6222017-09-14 07:51:28 +0100[diff] [blame]1031# direct binary comparison using e.g. dumpasn1
Hanno Becker50cb93a2018-10-08 17:15:28 +0100[diff] [blame]1032server1.crt.openssl server1.key_usage.crt.openssl server1.cert_type.crt.openssl: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_server1_config_file)
Hanno Becker418a6222017-09-14 07:51:28 +0100[diff] [blame]1033 echo "01" > $(test_ca_server1_serial)
1034 rm -f $(test_ca_server1_db)
1035 touch $(test_ca_server1_db)
Hanno Becker50cb93a2018-10-08 17:15:28 +0100[diff] [blame]1036 $(OPENSSL) ca -batch -passin "pass:$(test_ca_pwd_rsa)" -config $(test_ca_server1_config_file) -in server1.req.sha256 -extensions v3_ext -extfile $@.v3_ext -out $@
Hanno Becker418a6222017-09-14 07:51:28 +0100[diff] [blame]1037server1.der.openssl: server1.crt.openssl
1038 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
1039server1.key_usage.der.openssl: server1.key_usage.crt.openssl
1040 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
1041server1.cert_type.der.openssl: server1.cert_type.crt.openssl
1042 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
1043
Hanno Becker50cb93a2018-10-08 17:15:28 +0100[diff] [blame]1044server1.v1.crt.openssl: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_server1_config_file)
Hanno Becker418a6222017-09-14 07:51:28 +0100[diff] [blame]1045 echo "01" > $(test_ca_server1_serial)
1046 rm -f $(test_ca_server1_db)
1047 touch $(test_ca_server1_db)
Hanno Becker50cb93a2018-10-08 17:15:28 +0100[diff] [blame]1048 $(OPENSSL) ca -batch -passin "pass:$(test_ca_pwd_rsa)" -config $(test_ca_server1_config_file) -in server1.req.sha256 -out $@
Hanno Becker418a6222017-09-14 07:51:28 +0100[diff] [blame]1049server1.v1.der.openssl: server1.v1.crt.openssl
1050 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
1051
Ron Eldorb7c96262019-02-06 18:48:37 +0200[diff] [blame]1052# To revoke certificate in the openssl database:
1053#
1054# $(OPENSSL) ca -gencrl -batch -cert $(test_ca_crt) -keyfile $(test_ca_key_file_rsa) -key $(test_ca_pwd_rsa) -config $(test_ca_server1_config_file) -md sha256 -crldays 365 -revoke server1.crt
1055
1056crl.pem: $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_config_file)
1057 $(OPENSSL) ca -gencrl -batch -cert $(test_ca_crt) -keyfile $(test_ca_key_file_rsa) -key $(test_ca_pwd_rsa) -config $(test_ca_server1_config_file) -md sha1 -crldays 3653 -out $@
1058
Raoul Strackxa4e86142020-06-15 17:03:13 +0200[diff] [blame]1059crl-futureRevocationDate.pem: $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_config_file) test-ca.server1.future-crl.db test-ca.server1.future-crl.opensslconf
1060 $(FAKETIME) '2028-12-31' $(OPENSSL) ca -gencrl -config test-ca.server1.future-crl.opensslconf -crldays 365 -passin "pass:$(test_ca_pwd_rsa)" -out $@
1061
1062server1_all: crl.pem crl-futureRevocationDate.pem server1.crt server1.noauthid.crt server1.crt.openssl server1.v1.crt server1.v1.crt.openssl server1.key_usage.crt server1.key_usage_noauthid.crt server1.key_usage.crt.openssl server1.cert_type.crt server1.cert_type_noauthid.crt server1.cert_type.crt.openssl server1.der server1.der.openssl server1.v1.der server1.v1.der.openssl server1.key_usage.der server1.key_usage.der.openssl server1.cert_type.der server1.cert_type.der.openssl
Gilles Peskinef040a172017-05-05 18:56:12 +0200[diff] [blame]1063
Hanno Beckerebc1f402018-10-31 16:35:59 +0000[diff] [blame]1064# server2*
1065
1066server2.crt: server2.req.sha256
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]1067 $(MBEDTLS_CERT_WRITE) request_file=server2.req.sha256 serial=2 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@
Hanno Beckere21387e2019-03-12 16:49:26 +0000[diff] [blame]1068all_final += server2.crt
Hanno Beckerebc1f402018-10-31 16:35:59 +0000[diff] [blame]1069
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]1070server2.der: server2.crt
1071 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
1072all_final += server2.crt server2.der
1073
Hanno Beckerebc1f402018-10-31 16:35:59 +0000[diff] [blame]1074server2-sha256.crt: server2.req.sha256
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]1075 $(MBEDTLS_CERT_WRITE) request_file=server2.req.sha256 serial=2 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA256 version=3 output_file=$@
Hanno Beckerebc1f402018-10-31 16:35:59 +0000[diff] [blame]1076all_final += server2-sha256.crt
1077
TRodziewicz10e8cf52021-05-31 17:58:57 +0200[diff] [blame]1078# MD5 test certificate
Gilles Peskinef040a172017-05-05 18:56:12 +0200[diff] [blame]1079
Hanno Becker2e0f71f2019-06-03 14:14:04 +0100[diff] [blame]1080cert_md_test_key = $(cli_crt_key_file_rsa)
1081
Hanno Becker2e0f71f2019-06-03 14:14:04 +0100[diff] [blame]1082cert_md5.csr: $(cert_md_test_key)
1083 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Cert MD5" md=MD5
1084all_intermediate += cert_md5.csr
1085
1086cert_md5.crt: cert_md5.csr
Hanno Becker53756b32019-06-03 14:14:38 +0100[diff] [blame]1087 $(MBEDTLS_CERT_WRITE) request_file=$< serial=6 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20000101121212 not_after=20300101121212 md=MD5 version=3 output_file=$@
Hanno Becker2e0f71f2019-06-03 14:14:04 +0100[diff] [blame]1088all_final += cert_md5.crt
Gilles Peskinef040a172017-05-05 18:56:12 +0200[diff] [blame]1089
1090################################################################
Gilles Peskinec6b0d962020-12-08 22:31:52 +0100[diff] [blame]1091#### Diffie-Hellman parameters
1092################################################################
1093
1094dh.998.pem:
1095 $(OPENSSL) dhparam -out $@ -text 998
1096
1097dh.999.pem:
1098 $(OPENSSL) dhparam -out $@ -text 999
1099
1100################################################################
Gilles Peskinef040a172017-05-05 18:56:12 +0200[diff] [blame]1101#### Meta targets
1102################################################################
1103
1104all_final: $(all_final)
1105all: $(all_intermediate) $(all_final)
1106
Gilles Peskinefd14bca2017-05-11 17:57:22 +0200[diff] [blame]1107.PHONY: default all_final all
Gilles Peskineea8d6972017-11-28 17:30:52 +0100[diff] [blame]1108.PHONY: keys_rsa_all
1109.PHONY: keys_rsa_unenc keys_rsa_enc_basic
1110.PHONY: keys_rsa_enc_pkcs8_v1 keys_rsa_enc_pkcs8_v2
1111.PHONY: keys_rsa_enc_basic_1024 keys_rsa_enc_basic_2048 keys_rsa_enc_basic_4096
1112.PHONY: keys_rsa_enc_pkcs8_v1_1024 keys_rsa_enc_pkcs8_v2_1024
1113.PHONY: keys_rsa_enc_pkcs8_v1_2048 keys_rsa_enc_pkcs8_v2_2048
1114.PHONY: keys_rsa_enc_pkcs8_v1_4096 keys_rsa_enc_pkcs8_v2_4096
1115.PHONY: server1_all
Gilles Peskinefd14bca2017-05-11 17:57:22 +0200[diff] [blame]1116
Gilles Peskinef040a172017-05-05 18:56:12 +0200[diff] [blame]1117# These files should not be committed to the repository.
1118list_intermediate:
1119 @printf '%s\n' $(all_intermediate) | sort
1120# These files should be committed to the repository so that the test data is
1121# available upon checkout without running a randomized process depending on
1122# third-party tools.
1123list_final:
1124 @printf '%s\n' $(all_final) | sort
Gilles Peskinefd14bca2017-05-11 17:57:22 +0200[diff] [blame]1125.PHONY: list_intermediate list_final
Gilles Peskinef040a172017-05-05 18:56:12 +0200[diff] [blame]1126
Gilles Peskinefd14bca2017-05-11 17:57:22 +0200[diff] [blame]1127## Remove intermediate files
Gilles Peskinef040a172017-05-05 18:56:12 +0200[diff] [blame]1128clean:
1129 rm -f $(all_intermediate)
Gilles Peskinefd14bca2017-05-11 17:57:22 +0200[diff] [blame]1130## Remove all build products, even the ones that are committed
Gilles Peskinef040a172017-05-05 18:56:12 +0200[diff] [blame]1131neat: clean
1132 rm -f $(all_final)
Gilles Peskinefd14bca2017-05-11 17:57:22 +0200[diff] [blame]1133.PHONY: clean neat