TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 2c824b4fe5dab7e1526560be203bf705857e372a / . / framework / data_files / Makefile
blob: 6dae31d19e94a615d32ef2ff77e81475b915dc98 [file] [log] [blame]
Minos Galanakis2c824b42025-03-20 09:28:45 +0000[diff] [blame^]1## This file contains a record of how some of the test data was
2## generated. The final build products are committed to the repository
3## as well to make sure that the test data is identical. You do not
4## need to use this makefile unless you're extending Mbed TLS's tests.
5
6## Many data files were generated prior to the existence of this
7## makefile, so the method of their generation was not recorded.
8
9## Note that in addition to depending on the version of the data
10## generation tool, many of the build outputs are randomized, so
11## running this makefile twice would not produce the same results.
12
13## Tools
14OPENSSL ?= openssl
15FAKETIME ?= faketime
16
17TOP_DIR = ../..
18MBEDTLS_CERT_WRITE ?= $(TOP_DIR)/programs/x509/cert_write
19MBEDTLS_CERT_REQ ?= $(TOP_DIR)/programs/x509/cert_req
20
21
22## Build the generated test data. Note that since the final outputs
23## are committed to the repository, this target should do nothing on a
24## fresh checkout. Furthermore, since the generation is randomized,
25## re-running the same targets may result in differing files. The goal
26## of this makefile is primarily to serve as a record of how the
27## targets were generated in the first place.
28default: all_final
29
30all_intermediate := # temporary files
31all_final := # files used by tests
32
33
34
35################################################################
36#### Generate certificates from existing keys
37################################################################
38
39test_ca_crt = test-ca.crt
40test_ca_key_file_rsa = test-ca.key
41test_ca_key_file_rsa_unenc = test-ca_unenc.key
42test_ca_pwd_rsa = PolarSSLTest
43test_ca_config_file = test-ca.opensslconf
44
45$(test_ca_key_file_rsa):
46 $(OPENSSL) genrsa -aes-128-cbc -passout pass:$(test_ca_pwd_rsa) -out $@ 2048
47$(test_ca_key_file_rsa_unenc): $(test_ca_key_file_rsa)
48 $(OPENSSL) rsa -passin pass:$(test_ca_pwd_rsa) -in $< -out $@
49all_final += $(test_ca_key_file_rsa) $(test_ca_key_file_rsa_unenc)
50
51test-ca.req.sha256: $(test_ca_key_file_rsa)
52 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$(test_ca_key_file_rsa) password=$(test_ca_pwd_rsa) subject_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" md=SHA256
53all_intermediate += test-ca.req.sha256
54
55parse_input/test-ca.crt test-ca.crt: $(test_ca_key_file_rsa) test-ca.req.sha256
56 $(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 request_file=test-ca.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144400 not_after=20290210144400 md=SHA1 version=3 output_file=$@
57all_final += test-ca.crt
58
59parse_input/test-ca.crt.der: parse_input/test-ca.crt
60 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
61
62test-ca.key.der: $(test_ca_key_file_rsa)
63 $(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER -passin "pass:$(test_ca_pwd_rsa)"
64all_final += test-ca.key.der
65
66# This is only used for generating cert_example_multi_nocn.crt
67test-ca_nocn.crt: $(test_ca_key_file_rsa)
68 $(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 selfsign=1 \
69 subject_key=$(test_ca_key_file_rsa) subject_pwd=$(test_ca_pwd_rsa) subject_name="C=NL" \
70 issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) issuer_name="C=NL" \
71 not_before=20190210144400 not_after=20290210144400 md=SHA1 version=3 output_file=$@
72all_intermediate += test-ca_nocn.crt
73
74test-ca-sha1.crt: $(test_ca_key_file_rsa) test-ca.req.sha256
75 $(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 request_file=test-ca.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144400 not_after=20290210144400 md=SHA1 version=3 output_file=$@
76all_final += test-ca-sha1.crt
77
78test-ca-sha1.crt.der: test-ca-sha1.crt
79 $(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER
80all_final += test-ca-sha1.crt.der
81
82test-ca-sha256.crt: $(test_ca_key_file_rsa) test-ca.req.sha256
83 $(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 request_file=test-ca.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144400 not_after=20290210144400 md=SHA256 version=3 output_file=$@
84all_final += test-ca-sha256.crt
85
86test-ca-sha256.crt.der: test-ca-sha256.crt
87 $(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER
88all_final += test-ca-sha256.crt.der
89
90test-ca_utf8.crt: $(test_ca_key_file_rsa)
91 $(OPENSSL) req -x509 -new -nodes -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 3 -config $(test_ca_config_file) -sha1 -days 3653 -utf8 -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test CA" -out $@
92all_final += test-ca_utf8.crt
93
94test-ca_printable.crt: $(test_ca_key_file_rsa)
95 $(OPENSSL) req -x509 -new -nodes -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 3 -config $(test_ca_config_file) -sha1 -days 3653 -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test CA" -out $@
96all_final += test-ca_printable.crt
97
98test-ca_uppercase.crt: $(test_ca_key_file_rsa)
99 $(OPENSSL) req -x509 -new -nodes -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 3 -config $(test_ca_config_file) -sha1 -days 3653 -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test CA" -out $@
100all_final += test-ca_uppercase.crt
101
102test_ca_key_file_rsa_alt = test-ca-alt.key
103
104cert_example_multi.csr: rsa_pkcs1_1024_clear.pem
105 $(OPENSSL) req -new -subj "/C=NL/O=PolarSSL/CN=www.example.com" -set_serial 17 -config $(test_ca_config_file) -extensions dns_alt_names -days 3650 -key rsa_pkcs1_1024_clear.pem -out $@
106
107parse_input/cert_example_multi.crt cert_example_multi.crt: cert_example_multi.csr
108 $(OPENSSL) x509 -req -CA $(test_ca_crt) -CAkey $(test_ca_key_file_rsa) \
109 -extfile $(test_ca_config_file) -extensions dns_alt_names \
110 -passin "pass:$(test_ca_pwd_rsa)" -set_serial 17 -days 3653 -sha256 \
111 -in $< > $@
112
113cert_example_multi_nocn.csr: rsa_pkcs1_1024_clear.pem
114 $(MBEDTLS_CERT_REQ) filename=$< output_file=$@ subject_name='C=NL'
115all_intermediate += cert_example_multi_nocn.csr
116
117parse_input/cert_example_multi_nocn.crt cert_example_multi_nocn.crt: cert_example_multi_nocn.csr test-ca_nocn.crt
118 $(OPENSSL) x509 -req -CA test-ca_nocn.crt -CAkey $(test_ca_key_file_rsa) \
119 -extfile $(test_ca_config_file) -extensions ext_multi_nocn -passin "pass:$(test_ca_pwd_rsa)" \
120 -set_serial 0xf7c67ff8e9a963f9 -days 3653 -sha1 -in $< > $@
121all_final += cert_example_multi_nocn.crt
122
123parse_input/test_csr_v3_keyUsage.csr.der: rsa_pkcs1_1024_clear.pem
124 $(OPENSSL) req -new -subj '/CN=etcd' -config $(test_ca_config_file) -key rsa_pkcs1_1024_clear.pem -outform DER -out $@ -reqexts csr_ext_v3_keyUsage
125parse_input/test_csr_v3_subjectAltName.csr.der: rsa_pkcs1_1024_clear.pem
126 $(OPENSSL) req -new -subj '/CN=etcd' -config $(test_ca_config_file) -key rsa_pkcs1_1024_clear.pem -outform DER -out $@ -reqexts csr_ext_v3_subjectAltName
127parse_input/test_csr_v3_nsCertType.csr.der: rsa_pkcs1_1024_clear.pem
128 $(OPENSSL) req -new -subj '/CN=etcd' -config $(test_ca_config_file) -key rsa_pkcs1_1024_clear.pem -outform DER -out $@ -reqexts csr_ext_v3_nsCertType
129parse_input/test_csr_v3_all.csr.der: rsa_pkcs1_1024_clear.pem
130 $(OPENSSL) req -new -subj '/CN=etcd' -config $(test_ca_config_file) -key rsa_pkcs1_1024_clear.pem -outform DER -out $@ -reqexts csr_ext_v3_all
131parse_input/test_csr_v3_all_malformed_extensions_sequence_tag.csr.der: parse_input/test_csr_v3_all.csr.der
132 (hexdump -ve '1/1 "%.2X"' $< | sed "s/300B0603551D0F040403/200B0603551D0F040403/" | xxd -r -p ) > $@
133parse_input/test_csr_v3_all_malformed_extension_id_tag.csr.der: parse_input/test_csr_v3_all.csr.der
134 (hexdump -ve '1/1 "%.2X"' $< | sed "s/0603551D0F0404030201/0703551D0F0404030201/" | xxd -r -p ) > $@
135parse_input/test_csr_v3_all_malformed_extension_data_tag.csr.der: parse_input/test_csr_v3_all.csr.der
136 (hexdump -ve '1/1 "%.2X"' $< | sed "s/040403020102302F0603/050403020102302F0603/" | xxd -r -p ) > $@
137parse_input/test_csr_v3_all_malformed_extension_data_len1.csr.der: parse_input/test_csr_v3_all.csr.der
138 (hexdump -ve '1/1 "%.2X"' $< | sed "s/040403020102302F0603/040503020102302F0603/" | xxd -r -p ) > $@
139parse_input/test_csr_v3_all_malformed_extension_data_len2.csr.der: parse_input/test_csr_v3_all.csr.der
140 (hexdump -ve '1/1 "%.2X"' $< | sed "s/040403020102302F0603/040303020102302F0603/" | xxd -r -p ) > $@
141parse_input/test_csr_v3_all_malformed_extension_key_usage_bitstream_tag.csr.der: parse_input/test_csr_v3_all.csr.der
142 (hexdump -ve '1/1 "%.2X"' $< | sed "s/03020102302F0603551D/04020102302F0603551D/" | xxd -r -p ) > $@
143parse_input/test_csr_v3_all_malformed_extension_subject_alt_name_sequence_tag.csr.der: parse_input/test_csr_v3_all.csr.der
144 (hexdump -ve '1/1 "%.2X"' $< | sed "s/3026A02406082B060105/4026A02406082B060105/" | xxd -r -p ) > $@
145parse_input/test_csr_v3_all_malformed_extension_ns_cert_bitstream_tag.csr.der: parse_input/test_csr_v3_all.csr.der
146 (hexdump -ve '1/1 "%.2X"' $< | sed "s/03020780300D06092A86/04020780300D06092A86/" | xxd -r -p ) > $@
147parse_input/test_csr_v3_all_malformed_duplicated_extension.csr.der: parse_input/test_csr_v3_all.csr.der
148 (hexdump -ve '1/1 "%.2X"' $< | sed "s/551D11/551D0F/" | xxd -r -p ) > $@
149parse_input/test_csr_v3_all_malformed_extension_type_oid.csr.der: parse_input/test_csr_v3_all.csr.der
150 (hexdump -ve '1/1 "%.2X"' $< | sed "s/551D11/551DFF/" | xxd -r -p ) > $@
151parse_input/test_csr_v3_all_malformed_attributes_sequence_tag.csr.der: parse_input/test_csr_v3_all.csr.der
152 (hexdump -ve '1/1 "%.2X"' $< | sed "s/306006092A864886F70D/406006092A864886F70D/" | xxd -r -p ) > $@
153parse_input/test_csr_v3_all_malformed_attributes_id_tag.csr.der: parse_input/test_csr_v3_all.csr.der
154 (hexdump -ve '1/1 "%.2X"' $< | sed "s/06092A864886F70D0109/07092A864886F70D0109/" | xxd -r -p ) > $@
155parse_input/test_csr_v3_all_malformed_attributes_extension_request.csr.der: parse_input/test_csr_v3_all.csr.der
156 (hexdump -ve '1/1 "%.2X"' $< | sed "s/2A864886F70D01090E/2A864886F70D01090F/" | xxd -r -p ) > $@
157parse_input/test_csr_v3_all_malformed_attributes_extension_request_set_tag.csr.der: parse_input/test_csr_v3_all.csr.der
158 (hexdump -ve '1/1 "%.2X"' $< | sed "s/31533051300B0603551D/32533051300B0603551D/" | xxd -r -p ) > $@
159parse_input/test_csr_v3_all_malformed_attributes_extension_request_sequence_tag.csr.der: parse_input/test_csr_v3_all.csr.der
160 (hexdump -ve '1/1 "%.2X"' $< | sed "s/3051300B0603551D0F04/3151300B0603551D0F04/" | xxd -r -p ) > $@
161parse_input/test_csr_v3_all_malformed_attributes_len1.csr.der: parse_input/test_csr_v3_all.csr.der
162 (hexdump -ve '1/1 "%.2X"' $< | sed "s/306006092A864886F70D/306106092A864886F70D/" | xxd -r -p ) > $@
163parse_input/test_csr_v3_all_malformed_attributes_len2.csr.der: parse_input/test_csr_v3_all.csr.der
164 (hexdump -ve '1/1 "%.2X"' $< | sed "s/306006092A864886F70D/305906092A864886F70D/" | xxd -r -p ) > $@
165parse_input/test_csr_v3_all_malformed_attributes_extension_request_sequence_len1.csr.der: parse_input/test_csr_v3_all.csr.der
166 (hexdump -ve '1/1 "%.2X"' $< | sed "s/3051300B0603551D0F04/3052300B0603551D0F04/" | xxd -r -p ) > $@
167parse_input/test_csr_v3_all_malformed_attributes_extension_request_sequence_len2.csr.der: parse_input/test_csr_v3_all.csr.der
168 (hexdump -ve '1/1 "%.2X"' $< | sed "s/3051300B0603551D0F04/3050300B0603551D0F04/" | xxd -r -p ) > $@
169
170parse_input/test_cert_rfc822name.crt.der: cert_example_multi.csr
171 $(OPENSSL) x509 -req -CA $(test_ca_crt) -CAkey $(test_ca_key_file_rsa) -extfile $(test_ca_config_file) -outform DER -extensions rfc822name_names -passin "pass:$(test_ca_pwd_rsa)" -set_serial 17 -days 3653 -sha256 -in $< > $@
172
173$(test_ca_key_file_rsa_alt):test-ca.opensslconf
174 $(OPENSSL) genrsa -out $@ 2048
175test-ca-alt.csr: $(test_ca_key_file_rsa_alt) $(test_ca_config_file)
176 $(OPENSSL) req -new -config $(test_ca_config_file) -key $(test_ca_key_file_rsa_alt) -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test CA" -out $@
177all_intermediate += test-ca-alt.csr
178test-ca-alt.crt: $(test_ca_key_file_rsa_alt) $(test_ca_config_file) test-ca-alt.csr
179 $(OPENSSL) req -x509 -config $(test_ca_config_file) -key $(test_ca_key_file_rsa_alt) -set_serial 0 -days 3653 -sha256 -in test-ca-alt.csr -out $@
180all_final += test-ca-alt.crt
181test-ca-alt-good.crt: test-ca-alt.crt test-ca-sha256.crt
182 cat test-ca-alt.crt test-ca-sha256.crt > $@
183all_final += test-ca-alt-good.crt
184test-ca-good-alt.crt: test-ca-alt.crt test-ca-sha256.crt
185 cat test-ca-sha256.crt test-ca-alt.crt > $@
186all_final += test-ca-good-alt.crt
187
188test_ca_crt_file_ec = test-ca2.crt
189test_ca_key_file_ec = test-ca2.key
190
191test-ca2.req.sha256: $(test_ca_key_file_ec)
192 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$(test_ca_key_file_ec) \
193 subject_name="C=NL,O=PolarSSL,CN=Polarssl Test EC CA" md=SHA256
194all_intermediate += test-ca2.req.sha256
195
196test-ca2.crt: $(test_ca_key_file_ec) test-ca2.req.sha256
197 $(MBEDTLS_CERT_WRITE) is_ca=1 serial=13926223505202072808 selfsign=1 \
198 request_file=test-ca2.req.sha256 \
199 issuer_name="C=NL,O=PolarSSL,CN=Polarssl Test EC CA" \
200 issuer_key=$(test_ca_key_file_ec) \
201 not_before=20190210144400 not_after=20290210144400 \
202 md=SHA256 version=3 output_file=$@
203all_final += test-ca2.crt
204
205test-ca2.ku-%.crt: test-ca2.ku-%.crt.openssl.v3_ext $(test_ca_key_file_ec) test-ca2.req.sha256
206 $(OPENSSL) x509 -req -in test-ca2.req.sha256 -extfile $< \
207 -signkey $(test_ca_key_file_ec) -days 3653 -out $@
208
209all_final += test-ca2.ku-crl.crt test-ca2.ku-crt.crt test-ca2.ku-crt_crl.crt \
210 test-ca2.ku-ds.crt
211
212test-ca2-future.crt: $(test_ca_key_file_ec) test-ca2.req.sha256
213 $(MBEDTLS_CERT_WRITE) is_ca=1 serial=13926223505202072808 request_file=test-ca2.req.sha256 selfsign=1 \
214 issuer_name="C=NL,O=PolarSSL,CN=Polarssl Test EC CA" issuer_key=$(test_ca_key_file_ec) \
215 not_before=20290210144400 not_after=20390210144400 md=SHA256 version=3 output_file=$@
216all_intermediate += test-ca2-future.crt
217
218test_ca_ec_cat := # files that concatenate different crt
219test-ca2_cat-future-invalid.crt: test-ca2-future.crt server6.crt
220test_ca_ec_cat += test-ca2_cat-future-invalid.crt
221test-ca2_cat-future-present.crt: test-ca2-future.crt test-ca2.crt
222test_ca_ec_cat += test-ca2_cat-future-present.crt
223test-ca2_cat-present-future.crt: test-ca2.crt test-ca2-future.crt
224test_ca_ec_cat += test-ca2_cat-present-future.crt
225test-ca2_cat-present-past.crt: test-ca2.crt test-ca2-expired.crt
226test_ca_ec_cat += test-ca2_cat-present-past.crt
227test-ca2_cat-past-invalid.crt: test-ca2-expired.crt server6.crt
228test_ca_ec_cat += test-ca2_cat-past-invalid.crt
229test-ca2_cat-past-present.crt: test-ca2-expired.crt test-ca2.crt
230test_ca_ec_cat += test-ca2_cat-past-present.crt
231$(test_ca_ec_cat):
232 cat $^ > $@
233all_final += $(test_ca_ec_cat)
234
235parse_input/test-ca-any_policy.crt: $(test_ca_key_file_rsa) test-ca.req.sha256
236 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_any_policy_ca \
237 -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" \
238 -set_serial 0 -days 3653 -sha256 -in test-ca.req.sha256 -out $@
239
240parse_input/test-ca-any_policy_ec.crt: $(test_ca_key_file_ec) test-ca.req_ec.sha256
241 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_any_policy_ca \
242 -key $(test_ca_key_file_ec) -set_serial 0 -days 3653 -sha256 \
243 -in test-ca.req_ec.sha256 -out $@
244
245parse_input/test-ca-any_policy_with_qualifier.crt: $(test_ca_key_file_rsa) test-ca.req.sha256
246 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_any_policy_qualifier_ca -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha256 -in test-ca.req.sha256 -out $@
247
248parse_input/test-ca-any_policy_with_qualifier_ec.crt: $(test_ca_key_file_ec) test-ca.req_ec.sha256
249 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_any_policy_qualifier_ca -key $(test_ca_key_file_ec) -set_serial 0 -days 3653 -sha256 -in test-ca.req_ec.sha256 -out $@
250
251parse_input/test-ca-multi_policy.crt: $(test_ca_key_file_rsa) test-ca.req.sha256
252 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_multi_policy_ca -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha256 -in test-ca.req.sha256 -out $@
253
254parse_input/test-ca-multi_policy_ec.crt: $(test_ca_key_file_ec) test-ca.req_ec.sha256
255 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_multi_policy_ca -key $(test_ca_key_file_ec) -set_serial 0 -days 3653 -sha256 -in test-ca.req_ec.sha256 -out $@
256
257parse_input/test-ca-unsupported_policy.crt: $(test_ca_key_file_rsa) test-ca.req.sha256
258 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_unsupported_policy_ca -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha256 -in test-ca.req.sha256 -out $@
259
260parse_input/test-ca-unsupported_policy_ec.crt: $(test_ca_key_file_ec) test-ca.req_ec.sha256
261 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_unsupported_policy_ca -key $(test_ca_key_file_ec) -set_serial 0 -days 3653 -sha256 -in test-ca.req_ec.sha256 -out $@
262
263test-ca.req_ec.sha256: $(test_ca_key_file_ec)
264 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$(test_ca_key_file_ec) subject_name="C=NL, O=PolarSSL, CN=Polarssl Test EC CA" md=SHA256
265all_intermediate += test-ca.req_ec.sha256
266
267test-ca2.crt.der: $(test_ca_crt_file_ec)
268 $(OPENSSL) x509 -in $(test_ca_crt_file_ec) -out $@ -inform PEM -outform DER
269all_final += test-ca2.crt.der
270
271test-ca2.key.der: $(test_ca_key_file_ec)
272 $(OPENSSL) pkey -in $(test_ca_key_file_ec) -out $@ -inform PEM -outform DER
273all_final += test-ca2.key.der
274
275test_ca_crt_cat12 = test-ca_cat12.crt
276$(test_ca_crt_cat12): $(test_ca_crt) $(test_ca_crt_file_ec)
277 cat $(test_ca_crt) $(test_ca_crt_file_ec) > $@
278all_final += $(test_ca_crt_cat12)
279
280test_ca_crt_cat21 = test-ca_cat21.crt
281$(test_ca_crt_cat21): $(test_ca_crt) $(test_ca_crt_file_ec)
282 cat $(test_ca_crt_file_ec) $(test_ca_crt) > $@
283all_final += $(test_ca_crt_cat21)
284
285test-int-ca.csr: test-int-ca.key $(test_ca_config_file)
286 $(OPENSSL) req -new -config $(test_ca_config_file) -key test-int-ca.key -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test Intermediate CA" -out $@
287
288test-int-ca2.csr: test-int-ca2.key $(test_ca_config_file)
289 $(OPENSSL) req -new -config $(test_ca_config_file) -key test-int-ca2.key \
290 -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test Intermediate EC CA" -out $@
291
292test-int-ca3.csr: test-int-ca3.key $(test_ca_config_file)
293 $(OPENSSL) req -new -config $(test_ca_config_file) -key test-int-ca3.key \
294 -subj "/C=UK/O=mbed TLS/CN=mbed TLS Test intermediate CA 3" -out $@
295
296all_intermediate += test-int-ca.csr test-int-ca2.csr test-int-ca3.csr
297
298test-int-ca.crt: $(test_ca_crt_file_ec) $(test_ca_key_file_ec) $(test_ca_config_file) test-int-ca.csr
299 $(OPENSSL) x509 -req -extfile $(test_ca_config_file) -extensions v3_ca \
300 -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) \
301 -set_serial 14 -days 3653 -sha256 -in test-int-ca.csr -out $@
302
303test-int-ca2.crt: $(test_ca_key_file_rsa) $(test_ca_crt) $(test_ca_config_file) test-int-ca2.csr
304 $(OPENSSL) x509 -req -extfile $(test_ca_config_file) -extensions v3_ca -CA $(test_ca_crt) \
305 -CAkey $(test_ca_key_file_rsa) -set_serial 15 -days 3653 -sha256 -in test-int-ca2.csr \
306 -passin "pass:$(test_ca_pwd_rsa)" -out $@
307
308# Note: This requests openssl version >= 3.x.xx
309test-int-ca3.crt: test-int-ca2.crt test-int-ca2.key $(test_ca_config_file) test-int-ca3.csr
310 $(OPENSSL) x509 -req -extfile $(test_ca_config_file) -extensions no_subj_auth_id \
311 -CA test-int-ca2.crt -CAkey test-int-ca2.key -set_serial 77 -days 3653 \
312 -sha256 -in test-int-ca3.csr -out $@
313
314test-int-ca-exp.crt: $(test_ca_crt_file_ec) $(test_ca_key_file_ec) $(test_ca_config_file) test-int-ca.csr
315 $(FAKETIME) -f -3653d $(OPENSSL) x509 -req -extfile $(test_ca_config_file) -extensions v3_ca -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) -set_serial 14 -days 3653 -sha256 -in test-int-ca.csr -out $@
316
317all_final += test-int-ca-exp.crt test-int-ca.crt test-int-ca2.crt test-int-ca3.crt
318
319enco-cert-utf8str.pem: rsa_pkcs1_1024_clear.pem
320 $(MBEDTLS_CERT_WRITE) subject_key=rsa_pkcs1_1024_clear.pem subject_name="CN=dw.yonan.net" issuer_crt=enco-ca-prstr.pem issuer_key=rsa_pkcs1_1024_clear.pem not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@
321
322parse_input/crl-idp.pem: $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_config_file)
323 $(OPENSSL) ca -gencrl -batch -cert $(test_ca_crt) -keyfile $(test_ca_key_file_rsa) -key $(test_ca_pwd_rsa) -config $(test_ca_config_file) -name test_ca -md sha256 -crldays 3653 -crlexts crl_ext_idp -out $@
324parse_input/crl-idpnc.pem: $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_config_file)
325 $(OPENSSL) ca -gencrl -batch -cert $(test_ca_crt) -keyfile $(test_ca_key_file_rsa) -key $(test_ca_pwd_rsa) -config $(test_ca_config_file) -name test_ca -md sha256 -crldays 3653 -crlexts crl_ext_idp_nc -out $@
326
327cli_crt_key_file_rsa = cli-rsa.key
328cli_crt_extensions_file = cli.opensslconf
329
330cli-rsa.csr: $(cli_crt_key_file_rsa)
331 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Client 2" md=SHA1
332all_intermediate += cli-rsa.csr
333
334cli-rsa-sha1.crt: cli-rsa.csr
335 $(MBEDTLS_CERT_WRITE) request_file=$< serial=4 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@
336
337cli-rsa-sha256.crt: cli-rsa.csr
338 $(MBEDTLS_CERT_WRITE) request_file=$< serial=4 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA256 version=3 output_file=$@
339all_final += cli-rsa-sha256.crt
340
341cli-rsa-sha256.crt.der: cli-rsa-sha256.crt
342 $(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER
343all_final += cli-rsa-sha256.crt.der
344
345parse_input/cli-rsa-sha256-badalg.crt.der: cli-rsa-sha256.crt.der
346 hexdump -ve '1/1 "%.2X"' $< | sed "s/06092A864886F70D01010B0500/06092A864886F70D01010B0900/2" | xxd -r -p > $@
347
348cli-rsa.key.der: $(cli_crt_key_file_rsa)
349 $(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER
350all_final += cli-rsa.key.der
351
352test_ca_int_rsa1 = test-int-ca.crt
353test_ca_int_ec = test-int-ca2.crt
354test_ca_int_key_file_ec = test-int-ca2.key
355
356# server7*
357
358server7.csr: server7.key
359 $(OPENSSL) req -new -key server7.key -subj "/C=NL/O=PolarSSL/CN=localhost" -out $@
360all_intermediate += server7.csr
361
362server7.crt: server7.csr $(test_ca_int_rsa1)
363 $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa \
364 -CA $(test_ca_int_rsa1) -CAkey test-int-ca.key \
365 -set_serial 16 -days 3653 -sha256 -in server7.csr > $@
366all_final += server7.crt
367
368server7-expired.crt: server7.csr $(test_ca_int_rsa1)
369 $(FAKETIME) -f -3653d $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA $(test_ca_int_rsa1) -CAkey test-int-ca.key -set_serial 16 -days 3653 -sha256 -in server7.csr | cat - $(test_ca_int_rsa1) > $@
370all_final += server7-expired.crt
371
372server7-future.crt: server7.csr $(test_ca_int_rsa1)
373 $(FAKETIME) -f +3653d $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA $(test_ca_int_rsa1) -CAkey test-int-ca.key -set_serial 16 -days 3653 -sha256 -in server7.csr | cat - $(test_ca_int_rsa1) > $@
374all_final += server7-future.crt
375
376server7-badsign.crt: server7.crt $(test_ca_int_rsa1)
377 { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; cat $(test_ca_int_rsa1); } > $@
378all_final += server7-badsign.crt
379
380parse_input/server7_int-ca.crt server7_int-ca.crt: server7.crt $(test_ca_int_rsa1)
381 cat server7.crt $(test_ca_int_rsa1) > $@
382all_final += server7_int-ca.crt
383
384parse_input/server7_pem_space.crt: server7.crt $(test_ca_int_rsa1)
385 cat server7.crt $(test_ca_int_rsa1) | sed '4s/\(.\)$$/ \1/' > $@
386
387parse_input/server7_all_space.crt: server7.crt $(test_ca_int_rsa1)
388 { cat server7.crt | sed '4s/\(.\)$$/ \1/'; cat test-int-ca.crt | sed '4s/\(.\)$$/ \1/'; } > $@
389
390parse_input/server7_trailing_space.crt: server7.crt $(test_ca_int_rsa1)
391 cat server7.crt $(test_ca_int_rsa1) | sed 's/\(.\)$$/\1 /' > $@
392
393server7_int-ca_ca2.crt: server7.crt $(test_ca_int_rsa1) $(test_ca_crt_file_ec)
394 cat server7.crt $(test_ca_int_rsa1) $(test_ca_crt_file_ec) > $@
395all_final += server7_int-ca_ca2.crt
396
397server7_int-ca-exp.crt: server7.crt test-int-ca-exp.crt
398 cat server7.crt test-int-ca-exp.crt > $@
399all_final += server7_int-ca-exp.crt
400
401server7_spurious_int-ca.crt: server7.crt $(test_ca_int_ec) $(test_ca_int_rsa1)
402 cat server7.crt $(test_ca_int_ec) $(test_ca_int_rsa1) > $@
403all_final += server7_spurious_int-ca.crt
404
405# server8*
406
407server8.crt: server8.key
408 $(MBEDTLS_CERT_WRITE) subject_key=$< subject_name="C=NL, O=PolarSSL, CN=localhost" serial=17 \
409 issuer_crt=$(test_ca_int_ec) issuer_key=$(test_ca_int_key_file_ec) \
410 not_before=20190210144406 not_after=20290210144406 \
411 md=SHA256 version=3 output_file=$@
412all_final += server8.crt
413
414server8_int-ca2.crt: server8.crt $(test_ca_int_ec)
415 cat $^ > $@
416all_final += server8_int-ca2.crt
417
418cli2.req.sha256: cli2.key
419 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Test Client 2" md=SHA256
420all_intermediate += cli2.req.sha256
421
422all_final += server1.req.sha1
423cli2.crt: cli2.req.sha256
424 $(MBEDTLS_CERT_WRITE) request_file=cli2.req.sha256 serial=13 selfsign=0 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test EC CA" issuer_key=$(test_ca_key_file_ec) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144400 not_after=20290210144400 md=SHA256 version=3 output_file=$@
425all_final += cli2.crt
426
427cli2.crt.der: cli2.crt
428 $(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER
429all_final += cli2.crt.der
430
431cli2.key.der: cli2.key
432 $(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER
433all_final += cli2.key.der
434
435server5_pwd_ec = PolarSSLTest
436
437server5.crt.der: server5.crt
438 $(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER
439all_final += server5.crt.der
440
441server5.key.der: server5.key
442 $(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER
443all_final += server5.key.der
444
445server5.key.enc: server5.key
446 $(OPENSSL) ec -aes256 -in $< -out $@ -passout "pass:$(server5_pwd_ec)"
447all_final += server5.key.enc
448
449server5-ss-expired.crt: server5.key
450 $(FAKETIME) -f -3653d $(OPENSSL) req -x509 -new -subj "/C=UK/O=mbed TLS/OU=testsuite/CN=localhost" -days 3653 -sha256 -key $< -out $@
451all_final += server5-ss-expired.crt
452
453# try to forge a copy of test-int-ca3 with different key
454server5-ss-forgeca.crt: server5.key
455 $(OPENSSL) req -x509 -new -subj "/C=UK/O=mbed TLS/CN=mbed TLS Test intermediate CA 3" \
456 -set_serial 77 -config $(test_ca_config_file) -extensions noext_ca \
457 -days 3650 -sha256 -key $< -out $@
458all_final += server5-ss-forgeca.crt
459
460server5-selfsigned.crt: server5.key
461 openssl req -x509 -key server5.key \
462 -sha256 -days 3650 -nodes \
463 -addext basicConstraints=critical,CA:FALSE \
464 -addext keyUsage=critical,digitalSignature \
465 -addext subjectKeyIdentifier=hash \
466 -addext authorityKeyIdentifier=none \
467 -set_serial 0x53a2cb4b124ead837da894b2 \
468 -subj "/CN=selfsigned/OU=testing/O=PolarSSL/C=NL" \
469 -out $@
470all_final += server5-selfsigned.crt
471
472parse_input/server5-othername.crt.der: server5.key
473 $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions othername_san -days 3650 -sha256 -key $< -outform der -out $@
474
475parse_input/server5-nonprintable_othername.crt.der: server5.key
476 $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS non-printable othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions nonprintable_othername_san -days 3650 -sha256 -key $< -outform der -out $@
477
478parse_input/server5-unsupported_othername.crt.der: server5.key
479 $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS unsupported othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions unsupported_othername_san -days 3650 -sha256 -key $< -outform der -out $@
480
481parse_input/server5-fan.crt.der: server5.key
482 $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS FAN" -set_serial 77 -config $(test_ca_config_file) -extensions fan_cert -days 3650 -sha256 -key server5.key -outform der -out $@
483
484server5-tricky-ip-san.crt.der: server5.key
485 $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS Tricky IP SAN" -set_serial 77 -config $(test_ca_config_file) -extensions tricky_ip_san -days 3650 -sha256 -key server5.key -outform der -out $@
486
487all_final += server5-tricky-ip-san.crt.der
488
489# malformed IP length
490server5-tricky-ip-san-malformed-len.crt.der: server5-tricky-ip-san.crt.der
491 hexdump -ve '1/1 "%.2X"' $< | sed "s/87046162636487106162/87056162636487106162/" | xxd -r -p > $@
492
493parse_input/server5-directoryname.crt.der: server5.key
494 $(OPENSSL) req -x509 -outform der -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS directoryName SAN" -set_serial 77 -config $(test_ca_config_file) -extensions directory_name_san -days 3650 -sha256 -key server5.key -out $@
495
496parse_input/server5-two-directorynames.crt.der: server5.key
497 $(OPENSSL) req -x509 -outform der -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS directoryName SAN" -set_serial 77 -config $(test_ca_config_file) -extensions two_directorynames -days 3650 -sha256 -key server5.key -out $@
498
499server5-der0.crt: server5.crt.der
500 cp $< $@
501server5-der1a.crt: server5.crt.der
502 cp $< $@
503 echo '00' | xxd -r -p | dd of=$@ bs=1 seek=$$(wc -c <$<) conv=notrunc
504server5-der1b.crt: server5.crt.der
505 cp $< $@
506 echo 'c1' | xxd -r -p | dd of=$@ bs=1 seek=$$(wc -c <$<) conv=notrunc
507server5-der2.crt: server5.crt.der
508 cp $< $@
509 echo 'b90a' | xxd -r -p | dd of=$@ bs=1 seek=$$(wc -c <$<) conv=notrunc
510server5-der4.crt: server5.crt.der
511 cp $< $@
512 echo 'a710945f' | xxd -r -p | dd of=$@ bs=1 seek=$$(wc -c <$<) conv=notrunc
513server5-der8.crt: server5.crt.der
514 cp $< $@
515 echo 'a4a7ff27267aaa0f' | xxd -r -p | dd of=$@ bs=1 seek=$$(wc -c <$<) conv=notrunc
516server5-der9.crt: server5.crt.der
517 cp $< $@
518 echo 'cff8303376ffa47a29' | xxd -r -p | dd of=$@ bs=1 seek=$$(wc -c <$<) conv=notrunc
519all_final += server5-der0.crt server5-der1b.crt server5-der4.crt \
520 server5-der9.crt server5-der1a.crt server5-der2.crt \
521 server5-der8.crt
522
523# directoryname sequence tag malformed
524parse_input/server5-directoryname-seq-malformed.crt.der: parse_input/server5-two-directorynames.crt.der
525 hexdump -ve '1/1 "%.2X"' $< | sed "s/62A4473045310B/62A4473145310B/" | xxd -r -p > $@
526
527# Second directoryname OID length malformed 03 -> 15
528parse_input/server5-second-directoryname-oid-malformed.crt.der: parse_input/server5-two-directorynames.crt.der
529 hexdump -ve '1/1 "%.2X"' $< | sed "s/0355040A0C0A4D414C464F524D5F4D45/1555040A0C0A4D414C464F524D5F4D45/" | xxd -r -p > $@
530
531parse_input/rsa_single_san_uri.crt.der rsa_single_san_uri.crt.der: rsa_single_san_uri.key
532 $(OPENSSL) req -x509 -outform der -nodes -days 7300 -newkey rsa:2048 -key $< -out $@ -addext "subjectAltName = URI:urn:example.com:5ff40f78-9210-494f-8206-c2c082f0609c" -extensions 'v3_req' -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS URI SAN"
533
534parse_input/rsa_multiple_san_uri.crt.der: rsa_multiple_san_uri.key
535 $(OPENSSL) req -x509 -outform der -nodes -days 7300 -newkey rsa:2048 -key $< -out $@ -addext "subjectAltName = URI:urn:example.com:5ff40f78-9210-494f-8206-c2c082f0609c, URI:urn:example.com:5ff40f78-9210-494f-8206-abcde1234567" -extensions 'v3_req' -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS URI SAN"
536
537test-int-ca3-badsign.crt: test-int-ca3.crt
538 { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; } > $@
539all_final += test-int-ca3-badsign.crt
540
541# server9*
542
543server9.csr: server9.key
544 $(OPENSSL) req -new -subj "/C=NL/O=PolarSSL/CN=localhost" \
545 -key $< -out $@
546parse_input/server9.crt server9.crt: server9-sha1.crt
547 cp $< $@
548all_final += server9.crt
549all_intermediate += server9.csr server9-sha1.crt
550
551server9-%.crt: server9.csr $(test_ca_crt) $(test_ca_key_file_rsa)
552 $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa \
553 -passin "pass:$(test_ca_pwd_rsa)" -CA $(test_ca_crt) -CAkey $(test_ca_key_file_rsa) \
554 -set_serial $(SERVER9_CRT_SERIAL) -days 3653 \
555 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:max \
556 -sigopt rsa_mgf1_md:$(@F:server9-%.crt=%) -$(@F:server9-%.crt=%) \
557 -in $< -out $@
558server9-sha1.crt: SERVER9_CRT_SERIAL=22
559parse_input/server9-sha224.crt server9-sha224.crt: SERVER9_CRT_SERIAL=23
560parse_input/server9-sha256.crt server9-sha256.crt: SERVER9_CRT_SERIAL=24
561parse_input/server9-sha384.crt server9-sha384.crt: SERVER9_CRT_SERIAL=25
562parse_input/server9-sha512.crt server9-sha512.crt: SERVER9_CRT_SERIAL=26
563all_final += server9-sha224.crt server9-sha256.crt server9-sha384.crt server9-sha512.crt
564
565server9-defaults.crt: server9.csr $(test_ca_crt) $(test_ca_key_file_rsa)
566 $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa \
567 -passin "pass:$(test_ca_pwd_rsa)" -CA $(test_ca_crt) -CAkey $(test_ca_key_file_rsa) \
568 -set_serial 72 -days 3653 \
569 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:max -sha1 \
570 -in $< -out $@
571all_final += server9-defaults.crt
572
573server9-badsign.crt: server9.crt
574 { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; } > $@
575all_final += server9-badsign.crt
576
577server9-with-ca.crt: server9.crt $(test_ca_crt)
578 cat $^ > $@
579all_final += server9-with-ca.crt
580
581server9-bad-mgfhash.crt: server9.csr $(test_ca_crt) $(test_ca_key_file_rsa)
582 $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa \
583 -passin "pass:$(test_ca_pwd_rsa)" -CA $(test_ca_crt) -CAkey $(test_ca_key_file_rsa) \
584 -set_serial 24 -days 3653 \
585 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:max \
586 -sigopt rsa_mgf1_md:sha224 -sha256 \
587 -in $< -out $@
588all_final += server9-bad-mgfhash.crt
589
590server9-bad-saltlen.crt: server9.csr $(test_ca_crt) $(test_ca_key_file_rsa) \
591 opensslcnf/server9.crt.v3_ext \
592 ../scripts/generate_server9_bad_saltlen.py
593 ../scripts/generate_server9_bad_saltlen.py --ca-name test-ca \
594 --ca-password $(test_ca_pwd_rsa) --csr server9.csr \
595 --openssl-extfile opensslcnf/server9.crt.v3_ext \
596 --anounce_saltlen 0xde --actual_saltlen 0x20 \
597 --output $@
598all_final += server9-bad-saltlen.crt
599
600# server10*
601
602server10.crt: server10.key test-int-ca3.crt test-int-ca3.key
603 $(MBEDTLS_CERT_WRITE) subject_key=$< subject_name="CN=localhost" serial=75 \
604 issuer_crt=test-int-ca3.crt issuer_key=test-int-ca3.key \
605 subject_identifier=0 authority_identifier=0 \
606 not_before=20190210144406 not_after=20290210144406 \
607 md=SHA256 version=3 output_file=$@
608all_final += server10.crt
609server10-badsign.crt: server10.crt
610 { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; } > $@
611all_final += server10-badsign.crt
612server10-bs_int3.pem: server10-badsign.crt test-int-ca3.crt
613 cat server10-badsign.crt test-int-ca3.crt > $@
614all_final += server10-bs_int3.pem
615server10_int3-bs.pem: server10.crt test-int-ca3-badsign.crt
616 cat server10.crt test-int-ca3-badsign.crt > $@
617all_final += server10_int3-bs.pem
618server10_int3_int-ca2.crt: server10.crt test-int-ca3.crt $(test_ca_int_ec)
619 cat $^ > $@
620all_final += server10_int3_int-ca2.crt
621server10_int3_int-ca2_ca.crt: server10.crt test-int-ca3.crt $(test_ca_int_ec) $(test_ca_crt)
622 cat $^ > $@
623all_final += server10_int3_int-ca2_ca.crt
624server10_int3_spurious_int-ca2.crt: server10.crt test-int-ca3.crt $(test_ca_int_rsa1) $(test_ca_int_ec)
625 cat $^ > $@
626all_final += server10_int3_spurious_int-ca2.crt
627
628rsa_pkcs1_2048_public.pem: server8.key
629 $(OPENSSL) rsa -in $< -outform PEM -RSAPublicKey_out -out $@
630all_final += rsa_pkcs1_2048_public.pem
631
632rsa_pkcs1_2048_public.der: rsa_pkcs1_2048_public.pem
633 $(OPENSSL) rsa -RSAPublicKey_in -in $< -outform DER -RSAPublicKey_out -out $@
634all_final += rsa_pkcs1_2048_public.der
635
636rsa_pkcs8_2048_public.pem: server8.key
637 $(OPENSSL) rsa -in $< -outform PEM -pubout -out $@
638all_final += rsa_pkcs8_2048_public.pem
639
640rsa_pkcs8_2048_public.der: rsa_pkcs8_2048_public.pem
641 $(OPENSSL) rsa -pubin -in $< -outform DER -pubout -out $@
642all_final += rsa_pkcs8_2048_public.der
643
644# Generate crl_cat_*.pem
645# - crt_cat_*.pem: (1+2) concatenations in various orders:
646# ec = crl-ec-sha256.pem, ecfut = crl-future.pem
647# rsa = crl.pem, rsabadpem = same with pem error, rsaexp = crl_expired.pem
648
649crl_cat_ec-rsa.pem:crl-ec-sha256.pem crl.pem
650 cat $^ > $@
651
652crl_cat_rsa-ec.pem:crl.pem crl-ec-sha256.pem
653 cat $^ > $@
654
655all_final += crl_cat_ec-rsa.pem crl_cat_rsa-ec.pem
656
657authorityKeyId_subjectKeyId.crt.der:
658 $(OPENSSL) req -x509 -nodes -days 7300 -key server2.key -outform DER -out $@ -config authorityKeyId_subjectKeyId.conf -extensions 'v3_req' -set_serial 593828494303792449134898749208168108403991951034
659
660authorityKeyId_no_keyid.crt.der:
661 $(OPENSSL) req -x509 -nodes -days 7300 -key server2.key -outform DER -out $@ -config authorityKeyId_subjectKeyId.conf -extensions 'v3_req_authorityKeyId_no_keyid' -set_serial 593828494303792449134898749208168108403991951034
662
663authorityKeyId_no_issuer.crt.der:
664 $(OPENSSL) req -x509 -nodes -days 7300 -key server2.key -outform DER -out $@ -config authorityKeyId_subjectKeyId.conf -extensions 'v3_req_authorityKeyId_no_issuer'
665
666authorityKeyId_no_authorityKeyId.crt.der:
667 $(OPENSSL) req -x509 -nodes -days 7300 -key server2.key -outform DER -out $@ -config authorityKeyId_subjectKeyId.conf -extensions 'v3_req_no_authorityKeyId'
668
669authorityKeyId_subjectKeyId_tag_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der
670 hexdump -ve '1/1 "%.2X"' $< | sed "s/0414A505E864B8DCDF600F50124D60A864AF4D8B4393/0114A505E864B8DCDF600F50124D60A864AF4D8B4393/" | xxd -r -p > $@
671
672authorityKeyId_subjectKeyId_tag_len_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der
673 hexdump -ve '1/1 "%.2X"' $< | sed "s/0414A505E864B8DCDF600F50124D60A864AF4D8B4393/0413A505E864B8DCDF600F50124D60A864AF4D8B4393/" | xxd -r -p > $@
674
675authorityKeyId_subjectKeyId_length_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der
676 hexdump -ve '1/1 "%.2X"' $< | sed "s/306D8014A505E864B8DC/306C8014A505E864B8DC/" | xxd -r -p > $@
677
678authorityKeyId_subjectKeyId_sequence_tag_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der
679 hexdump -ve '1/1 "%.2X"' $< | sed "s/6F306D8014A505E864B8/6F006D8014A505E864B8/" | xxd -r -p > $@
680
681authorityKeyId_subjectKeyId_keyid_tag_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der
682 hexdump -ve '1/1 "%.2X"' $< | sed "s/306D8014A505E864B8DC/306D0014A505E864B8DC/" | xxd -r -p > $@
683
684authorityKeyId_subjectKeyId_keyid_tag_len_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der
685 hexdump -ve '1/1 "%.2X"' $< | sed "s/306D8014A505E864B8DC/306D80FFA505E864B8DC/" | xxd -r -p > $@
686
687authorityKeyId_subjectKeyId_issuer_tag1_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der
688 hexdump -ve '1/1 "%.2X"' $< | sed "s/A13FA43D303B310B3009/003FA43D303B310B3009/" | xxd -r -p > $@
689
690authorityKeyId_subjectKeyId_issuer_tag2_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der
691 hexdump -ve '1/1 "%.2X"' $< | sed "s/A43D303B310B30090603/003D303B310B30090603/" | xxd -r -p > $@
692
693authorityKeyId_subjectKeyId_sn_tag_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der
694 hexdump -ve '1/1 "%.2X"' $< | sed "s/8214680430CD074DE63F/8114680430CD074DE63F/" | xxd -r -p > $@
695
696authorityKeyId_subjectKeyId_sn_len_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der
697 hexdump -ve '1/1 "%.2X"' $< | sed "s/8214680430CD074DE63F/8213680430CD074DE63F/" | xxd -r -p > $@
698
699################################################################
700#### Generate various RSA keys
701################################################################
702
703### Password used for PKCS1-encoded encrypted RSA keys
704keys_rsa_basic_pwd = testkey
705
706### Password used for PKCS8-encoded encrypted RSA keys
707keys_rsa_pkcs8_pwd = PolarSSLTest
708
709### Basic unencrypted RSA keys from which
710### all other encrypted RSA keys are derived.
711keys_rsa_base =
712### TODO: the commands require OpenSSL 1.x to work as desired. With
713### OpenSSL 3.x, they produce pkcs8 files.
714rsa_pkcs1_768_clear.pem:
715 $(OPENSSL) genrsa -out $@ 768
716keys_rsa_base += rsa_pkcs1_768_clear.pem
717rsa_pkcs1_769_clear.pem:
718 $(OPENSSL) genrsa -out $@ 769
719keys_rsa_base += rsa_pkcs1_769_clear.pem
720rsa_pkcs1_770_clear.pem:
721 $(OPENSSL) genrsa -out $@ 770
722keys_rsa_base += rsa_pkcs1_770_clear.pem
723rsa_pkcs1_776_clear.pem:
724 $(OPENSSL) genrsa -out $@ 776
725keys_rsa_base += rsa_pkcs1_776_clear.pem
726rsa_pkcs1_784_clear.pem:
727 $(OPENSSL) genrsa -out $@ 784
728keys_rsa_base += rsa_pkcs1_784_clear.pem
729rsa_pkcs1_1024_clear.pem:
730 $(OPENSSL) genrsa -out $@ 1024
731keys_rsa_base += rsa_pkcs1_1024_clear.pem
732rsa_pkcs1_2048_clear.pem:
733 $(OPENSSL) genrsa -out $@ 2048
734keys_rsa_base += rsa_pkcs1_2048_clear.pem
735rsa_pkcs1_4096_clear.pem:
736 $(OPENSSL) genrsa -out $@ 4096
737keys_rsa_base += rsa_pkcs1_4096_clear.pem
738
739all_final += $(keys_rsa_base)
740
741### PKCS1-encoded, plaintext RSA keys in derived forms
742
743rsa_pkcs1_%.der: rsa_pkcs1_%.pem
744 $(OPENSSL) pkey -inform PEM -in $< -outform DER -out $@
745all_final += $(keys_rsa_base:.pem=.der)
746
747###
748### PKCS1-encoded, encrypted RSA keys
749###
750
751### 1024-bit
752rsa_pkcs1_1024_des.pem: rsa_pkcs1_1024_clear.pem
753 $(OPENSSL) rsa -des -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
754all_final += rsa_pkcs1_1024_des.pem
755rsa_pkcs1_1024_3des.pem: rsa_pkcs1_1024_clear.pem
756 $(OPENSSL) rsa -des3 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
757all_final += rsa_pkcs1_1024_3des.pem
758rsa_pkcs1_1024_aes128.pem: rsa_pkcs1_1024_clear.pem
759 $(OPENSSL) rsa -aes128 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
760all_final += rsa_pkcs1_1024_aes128.pem
761rsa_pkcs1_1024_aes192.pem: rsa_pkcs1_1024_clear.pem
762 $(OPENSSL) rsa -aes192 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
763all_final += rsa_pkcs1_1024_aes192.pem
764rsa_pkcs1_1024_aes256.pem: rsa_pkcs1_1024_clear.pem
765 $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
766all_final += rsa_pkcs1_1024_aes256.pem
767keys_rsa_enc_basic_1024: rsa_pkcs1_1024_des.pem rsa_pkcs1_1024_3des.pem rsa_pkcs1_1024_aes128.pem rsa_pkcs1_1024_aes192.pem rsa_pkcs1_1024_aes256.pem
768
769# 2048-bit
770rsa_pkcs1_2048_des.pem: rsa_pkcs1_2048_clear.pem
771 $(OPENSSL) rsa -des -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
772all_final += rsa_pkcs1_2048_des.pem
773rsa_pkcs1_2048_3des.pem: rsa_pkcs1_2048_clear.pem
774 $(OPENSSL) rsa -des3 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
775all_final += rsa_pkcs1_2048_3des.pem
776rsa_pkcs1_2048_aes128.pem: rsa_pkcs1_2048_clear.pem
777 $(OPENSSL) rsa -aes128 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
778all_final += rsa_pkcs1_2048_aes128.pem
779rsa_pkcs1_2048_aes192.pem: rsa_pkcs1_2048_clear.pem
780 $(OPENSSL) rsa -aes192 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
781all_final += rsa_pkcs1_2048_aes192.pem
782rsa_pkcs1_2048_aes256.pem: rsa_pkcs1_2048_clear.pem
783 $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
784all_final += rsa_pkcs1_2048_aes256.pem
785keys_rsa_enc_basic_2048: rsa_pkcs1_2048_des.pem rsa_pkcs1_2048_3des.pem rsa_pkcs1_2048_aes128.pem rsa_pkcs1_2048_aes192.pem rsa_pkcs1_2048_aes256.pem
786
787# 4096-bit
788rsa_pkcs1_4096_des.pem: rsa_pkcs1_4096_clear.pem
789 $(OPENSSL) rsa -des -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
790all_final += rsa_pkcs1_4096_des.pem
791rsa_pkcs1_4096_3des.pem: rsa_pkcs1_4096_clear.pem
792 $(OPENSSL) rsa -des3 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
793all_final += rsa_pkcs1_4096_3des.pem
794rsa_pkcs1_4096_aes128.pem: rsa_pkcs1_4096_clear.pem
795 $(OPENSSL) rsa -aes128 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
796all_final += rsa_pkcs1_4096_aes128.pem
797rsa_pkcs1_4096_aes192.pem: rsa_pkcs1_4096_clear.pem
798 $(OPENSSL) rsa -aes192 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
799all_final += rsa_pkcs1_4096_aes192.pem
800rsa_pkcs1_4096_aes256.pem: rsa_pkcs1_4096_clear.pem
801 $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
802all_final += rsa_pkcs1_4096_aes256.pem
803keys_rsa_enc_basic_4096: rsa_pkcs1_4096_des.pem rsa_pkcs1_4096_3des.pem rsa_pkcs1_4096_aes128.pem rsa_pkcs1_4096_aes192.pem rsa_pkcs1_4096_aes256.pem
804
805###
806### PKCS8-v1 encoded, encrypted RSA keys
807###
808
809### 1024-bit
810rsa_pkcs8_pbe_sha1_1024_3des.der: rsa_pkcs1_1024_clear.pem
811 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES
812all_final += rsa_pkcs8_pbe_sha1_1024_3des.der
813rsa_pkcs8_pbe_sha1_1024_3des.pem: rsa_pkcs1_1024_clear.pem
814 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES
815all_final += rsa_pkcs8_pbe_sha1_1024_3des.pem
816keys_rsa_enc_pkcs8_v1_1024_3des: rsa_pkcs8_pbe_sha1_1024_3des.pem rsa_pkcs8_pbe_sha1_1024_3des.der
817
818rsa_pkcs8_pbe_sha1_1024_2des.der: rsa_pkcs1_1024_clear.pem
819 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES
820all_final += rsa_pkcs8_pbe_sha1_1024_2des.der
821rsa_pkcs8_pbe_sha1_1024_2des.pem: rsa_pkcs1_1024_clear.pem
822 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES
823all_final += rsa_pkcs8_pbe_sha1_1024_2des.pem
824keys_rsa_enc_pkcs8_v1_1024_2des: rsa_pkcs8_pbe_sha1_1024_2des.pem rsa_pkcs8_pbe_sha1_1024_2des.der
825
826keys_rsa_enc_pkcs8_v1_1024: keys_rsa_enc_pkcs8_v1_1024_3des keys_rsa_enc_pkcs8_v1_1024_2des
827
828### 2048-bit
829rsa_pkcs8_pbe_sha1_2048_3des.der: rsa_pkcs1_2048_clear.pem
830 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES
831all_final += rsa_pkcs8_pbe_sha1_2048_3des.der
832rsa_pkcs8_pbe_sha1_2048_3des.pem: rsa_pkcs1_2048_clear.pem
833 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES
834all_final += rsa_pkcs8_pbe_sha1_2048_3des.pem
835keys_rsa_enc_pkcs8_v1_2048_3des: rsa_pkcs8_pbe_sha1_2048_3des.pem rsa_pkcs8_pbe_sha1_2048_3des.der
836
837rsa_pkcs8_pbe_sha1_2048_2des.der: rsa_pkcs1_2048_clear.pem
838 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES
839all_final += rsa_pkcs8_pbe_sha1_2048_2des.der
840rsa_pkcs8_pbe_sha1_2048_2des.pem: rsa_pkcs1_2048_clear.pem
841 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES
842all_final += rsa_pkcs8_pbe_sha1_2048_2des.pem
843keys_rsa_enc_pkcs8_v1_2048_2des: rsa_pkcs8_pbe_sha1_2048_2des.pem rsa_pkcs8_pbe_sha1_2048_2des.der
844
845keys_rsa_enc_pkcs8_v1_2048: keys_rsa_enc_pkcs8_v1_2048_3des keys_rsa_enc_pkcs8_v1_2048_2des
846
847### 4096-bit
848rsa_pkcs8_pbe_sha1_4096_3des.der: rsa_pkcs1_4096_clear.pem
849 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES
850all_final += rsa_pkcs8_pbe_sha1_4096_3des.der
851rsa_pkcs8_pbe_sha1_4096_3des.pem: rsa_pkcs1_4096_clear.pem
852 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES
853all_final += rsa_pkcs8_pbe_sha1_4096_3des.pem
854keys_rsa_enc_pkcs8_v1_4096_3des: rsa_pkcs8_pbe_sha1_4096_3des.pem rsa_pkcs8_pbe_sha1_4096_3des.der
855
856rsa_pkcs8_pbe_sha1_4096_2des.der: rsa_pkcs1_4096_clear.pem
857 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES
858all_final += rsa_pkcs8_pbe_sha1_4096_2des.der
859rsa_pkcs8_pbe_sha1_4096_2des.pem: rsa_pkcs1_4096_clear.pem
860 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES
861all_final += rsa_pkcs8_pbe_sha1_4096_2des.pem
862keys_rsa_enc_pkcs8_v1_4096_2des: rsa_pkcs8_pbe_sha1_4096_2des.pem rsa_pkcs8_pbe_sha1_4096_2des.der
863
864keys_rsa_enc_pkcs8_v1_4096: keys_rsa_enc_pkcs8_v1_4096_3des keys_rsa_enc_pkcs8_v1_4096_2des
865
866###
867### PKCS8-v2 encoded, encrypted RSA keys, no PRF specified (default for OpenSSL1.0: hmacWithSHA1)
868###
869
870### 1024-bit
871rsa_pkcs8_pbes2_pbkdf2_1024_3des.der: rsa_pkcs1_1024_clear.pem
872 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
873all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des.der
874rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem: rsa_pkcs1_1024_clear.pem
875 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
876all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem
877keys_rsa_enc_pkcs8_v2_1024_3des: rsa_pkcs8_pbes2_pbkdf2_1024_3des.der rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem
878
879rsa_pkcs8_pbes2_pbkdf2_1024_des.der: rsa_pkcs1_1024_clear.pem
880 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
881all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des.der
882rsa_pkcs8_pbes2_pbkdf2_1024_des.pem: rsa_pkcs1_1024_clear.pem
883 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
884all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des.pem
885keys_rsa_enc_pkcs8_v2_1024_des: rsa_pkcs8_pbes2_pbkdf2_1024_des.der rsa_pkcs8_pbes2_pbkdf2_1024_des.pem
886
887keys_rsa_enc_pkcs8_v2_1024: keys_rsa_enc_pkcs8_v2_1024_3des keys_rsa_enc_pkcs8_v2_1024_des
888
889### 2048-bit
890rsa_pkcs8_pbes2_pbkdf2_2048_3des.der: rsa_pkcs1_2048_clear.pem
891 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
892all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des.der
893rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem: rsa_pkcs1_2048_clear.pem
894 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
895all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem
896keys_rsa_enc_pkcs8_v2_2048_3des: rsa_pkcs8_pbes2_pbkdf2_2048_3des.der rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem
897
898rsa_pkcs8_pbes2_pbkdf2_2048_des.der: rsa_pkcs1_2048_clear.pem
899 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
900all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des.der
901rsa_pkcs8_pbes2_pbkdf2_2048_des.pem: rsa_pkcs1_2048_clear.pem
902 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
903all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des.pem
904keys_rsa_enc_pkcs8_v2_2048_des: rsa_pkcs8_pbes2_pbkdf2_2048_des.der rsa_pkcs8_pbes2_pbkdf2_2048_des.pem
905
906keys_rsa_enc_pkcs8_v2_2048: keys_rsa_enc_pkcs8_v2_2048_3des keys_rsa_enc_pkcs8_v2_2048_des
907
908### 4096-bit
909rsa_pkcs8_pbes2_pbkdf2_4096_3des.der: rsa_pkcs1_4096_clear.pem
910 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
911all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des.der
912rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem: rsa_pkcs1_4096_clear.pem
913 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
914all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem
915keys_rsa_enc_pkcs8_v2_4096_3des: rsa_pkcs8_pbes2_pbkdf2_4096_3des.der rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem
916
917rsa_pkcs8_pbes2_pbkdf2_4096_des.der: rsa_pkcs1_4096_clear.pem
918 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
919all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des.der
920rsa_pkcs8_pbes2_pbkdf2_4096_des.pem: rsa_pkcs1_4096_clear.pem
921 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
922all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des.pem
923keys_rsa_enc_pkcs8_v2_4096_des: rsa_pkcs8_pbes2_pbkdf2_4096_des.der rsa_pkcs8_pbes2_pbkdf2_4096_des.pem
924
925keys_rsa_enc_pkcs8_v2_4096: keys_rsa_enc_pkcs8_v2_4096_3des keys_rsa_enc_pkcs8_v2_4096_des
926
927###
928### PKCS8-v2 encoded, encrypted RSA keys, PRF hmacWithSHA224
929###
930
931### 1024-bit
932rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der: rsa_pkcs1_1024_clear.pem
933 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
934all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der
935rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem: rsa_pkcs1_1024_clear.pem
936 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
937all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem
938keys_rsa_enc_pkcs8_v2_1024_3des_sha224: rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem
939
940rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der: rsa_pkcs1_1024_clear.pem
941 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
942all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der
943rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem: rsa_pkcs1_1024_clear.pem
944 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
945all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem
946keys_rsa_enc_pkcs8_v2_1024_des_sha224: rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem
947
948keys_rsa_enc_pkcs8_v2_1024_sha224: keys_rsa_enc_pkcs8_v2_1024_3des_sha224 keys_rsa_enc_pkcs8_v2_1024_des_sha224
949
950### 2048-bit
951rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der: rsa_pkcs1_2048_clear.pem
952 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
953all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der
954rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem: rsa_pkcs1_2048_clear.pem
955 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
956all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem
957keys_rsa_enc_pkcs8_v2_2048_3des_sha224: rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem
958
959rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der: rsa_pkcs1_2048_clear.pem
960 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
961all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der
962rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem: rsa_pkcs1_2048_clear.pem
963 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
964all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem
965keys_rsa_enc_pkcs8_v2_2048_des_sha224: rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem
966
967keys_rsa_enc_pkcs8_v2_2048_sha224: keys_rsa_enc_pkcs8_v2_2048_3des_sha224 keys_rsa_enc_pkcs8_v2_2048_des_sha224
968
969### 4096-bit
970rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der: rsa_pkcs1_4096_clear.pem
971 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
972all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der
973rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem: rsa_pkcs1_4096_clear.pem
974 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
975all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem
976keys_rsa_enc_pkcs8_v2_4096_3des_sha224: rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem
977
978rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der: rsa_pkcs1_4096_clear.pem
979 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
980all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der
981rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem: rsa_pkcs1_4096_clear.pem
982 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
983all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem
984keys_rsa_enc_pkcs8_v2_4096_des_sha224: rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem
985
986keys_rsa_enc_pkcs8_v2_4096_sha224: keys_rsa_enc_pkcs8_v2_4096_3des_sha224 keys_rsa_enc_pkcs8_v2_4096_des_sha224
987
988###
989### PKCS8-v2 encoded, encrypted RSA keys, PRF hmacWithSHA256
990###
991
992### 1024-bit
993rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.der: rsa_pkcs1_1024_clear.pem
994 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
995all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.der
996rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.pem: rsa_pkcs1_1024_clear.pem
997 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
998all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.pem
999keys_rsa_enc_pkcs8_v2_1024_3des_sha256: rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.der rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.pem
1000
1001rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.der: rsa_pkcs1_1024_clear.pem
1002 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
1003all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.der
1004rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.pem: rsa_pkcs1_1024_clear.pem
1005 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
1006all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.pem
1007keys_rsa_enc_pkcs8_v2_1024_des_sha256: rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.der rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.pem
1008
1009keys_rsa_enc_pkcs8_v2_1024_sha256: keys_rsa_enc_pkcs8_v2_1024_3des_sha256 keys_rsa_enc_pkcs8_v2_1024_des_sha256
1010
1011### 2048-bit
1012rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.der: rsa_pkcs1_2048_clear.pem
1013 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
1014all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.der
1015rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem: rsa_pkcs1_2048_clear.pem
1016 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
1017all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem
1018keys_rsa_enc_pkcs8_v2_2048_3des_sha256: rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.der rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem
1019
1020rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.der: rsa_pkcs1_2048_clear.pem
1021 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
1022all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.der
1023rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem: rsa_pkcs1_2048_clear.pem
1024 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
1025all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem
1026keys_rsa_enc_pkcs8_v2_2048_des_sha256: rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.der rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem
1027
1028keys_rsa_enc_pkcs8_v2_2048_sha256: keys_rsa_enc_pkcs8_v2_2048_3des_sha256 keys_rsa_enc_pkcs8_v2_2048_des_sha256
1029
1030### 4096-bit
1031rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der: rsa_pkcs1_4096_clear.pem
1032 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
1033all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der
1034rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem: rsa_pkcs1_4096_clear.pem
1035 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
1036all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem
1037keys_rsa_enc_pkcs8_v2_4096_3des_sha256: rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem
1038
1039rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der: rsa_pkcs1_4096_clear.pem
1040 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
1041all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der
1042rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem: rsa_pkcs1_4096_clear.pem
1043 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
1044all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem
1045keys_rsa_enc_pkcs8_v2_4096_des_sha256: rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem
1046
1047keys_rsa_enc_pkcs8_v2_4096_sha256: keys_rsa_enc_pkcs8_v2_4096_3des_sha256 keys_rsa_enc_pkcs8_v2_4096_des_sha256
1048
1049###
1050### PKCS8-v2 encoded, encrypted RSA keys, PRF hmacWithSHA384
1051###
1052
1053### 1024-bit
1054rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.der: rsa_pkcs1_1024_clear.pem
1055 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
1056all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.der
1057rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem: rsa_pkcs1_1024_clear.pem
1058 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
1059all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem
1060keys_rsa_enc_pkcs8_v2_1024_3des_sha384: rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.der rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem
1061
1062rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.der: rsa_pkcs1_1024_clear.pem
1063 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
1064all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.der
1065rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.pem: rsa_pkcs1_1024_clear.pem
1066 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
1067all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.pem
1068keys_rsa_enc_pkcs8_v2_1024_des_sha384: rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.der rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.pem
1069
1070keys_rsa_enc_pkcs8_v2_1024_sha384: keys_rsa_enc_pkcs8_v2_1024_3des_sha384 keys_rsa_enc_pkcs8_v2_1024_des_sha384
1071
1072### 2048-bit
1073rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der: rsa_pkcs1_2048_clear.pem
1074 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
1075all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der
1076rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem: rsa_pkcs1_2048_clear.pem
1077 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
1078all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem
1079keys_rsa_enc_pkcs8_v2_2048_3des_sha384: rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem
1080
1081rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.der: rsa_pkcs1_2048_clear.pem
1082 $(OPENSSL) pkcs8 -topk8 -v2 aes-128-cbc -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
1083all_final += rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.der
1084rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.pem: rsa_pkcs1_2048_clear.pem
1085 $(OPENSSL) pkcs8 -topk8 -v2 aes-128-cbc -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
1086all_final += rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.pem
1087keys_rsa_enc_pkcs8_v2_2048_aes128cbc_sha384: rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.der rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.pem
1088
1089rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.der: rsa_pkcs1_2048_clear.pem
1090 $(OPENSSL) pkcs8 -topk8 -v2 aes-192-cbc -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
1091all_final += rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.der
1092rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.pem: rsa_pkcs1_2048_clear.pem
1093 $(OPENSSL) pkcs8 -topk8 -v2 aes-192-cbc -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
1094all_final += rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.pem
1095keys_rsa_enc_pkcs8_v2_2048_aes192cbc_sha384: rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.der rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.pem
1096
1097rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.der: rsa_pkcs1_2048_clear.pem
1098 $(OPENSSL) pkcs8 -topk8 -v2 aes-256-cbc -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
1099all_final += rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.der
1100rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.pem: rsa_pkcs1_2048_clear.pem
1101 $(OPENSSL) pkcs8 -topk8 -v2 aes-256-cbc -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
1102all_final += rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.pem
1103keys_rsa_enc_pkcs8_v2_2048_aes256cbc_sha384: rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.der rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.pem
1104
1105rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der: rsa_pkcs1_2048_clear.pem
1106 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
1107all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der
1108rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem: rsa_pkcs1_2048_clear.pem
1109 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
1110all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem
1111keys_rsa_enc_pkcs8_v2_2048_des_sha384: rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem
1112
1113keys_rsa_enc_pkcs8_v2_2048_sha384: keys_rsa_enc_pkcs8_v2_2048_3des_sha384 keys_rsa_enc_pkcs8_v2_2048_des_sha384
1114
1115### 4096-bit
1116rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der: rsa_pkcs1_4096_clear.pem
1117 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
1118all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der
1119rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem: rsa_pkcs1_4096_clear.pem
1120 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
1121all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem
1122keys_rsa_enc_pkcs8_v2_4096_3des_sha384: rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem
1123
1124rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der: rsa_pkcs1_4096_clear.pem
1125 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
1126all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der
1127rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem: rsa_pkcs1_4096_clear.pem
1128 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
1129all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem
1130keys_rsa_enc_pkcs8_v2_4096_des_sha384: rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem
1131
1132keys_rsa_enc_pkcs8_v2_4096_sha384: keys_rsa_enc_pkcs8_v2_4096_3des_sha384 keys_rsa_enc_pkcs8_v2_4096_des_sha384
1133
1134###
1135### PKCS8-v2 encoded, encrypted RSA keys, PRF hmacWithSHA512
1136###
1137
1138### 1024-bit
1139rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.der: rsa_pkcs1_1024_clear.pem
1140 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
1141all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.der
1142rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.pem: rsa_pkcs1_1024_clear.pem
1143 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
1144all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.pem
1145keys_rsa_enc_pkcs8_v2_1024_3des_sha512: rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.der rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.pem
1146
1147rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.der: rsa_pkcs1_1024_clear.pem
1148 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
1149all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.der
1150rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.pem: rsa_pkcs1_1024_clear.pem
1151 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
1152all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.pem
1153keys_rsa_enc_pkcs8_v2_1024_des_sha512: rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.der rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.pem
1154
1155keys_rsa_enc_pkcs8_v2_1024_sha512: keys_rsa_enc_pkcs8_v2_1024_3des_sha512 keys_rsa_enc_pkcs8_v2_1024_des_sha512
1156
1157### 2048-bit
1158rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.der: rsa_pkcs1_2048_clear.pem
1159 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
1160all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.der
1161rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem: rsa_pkcs1_2048_clear.pem
1162 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
1163all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem
1164keys_rsa_enc_pkcs8_v2_2048_3des_sha512: rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.der rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem
1165
1166rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.der: rsa_pkcs1_2048_clear.pem
1167 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
1168all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.der
1169rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem: rsa_pkcs1_2048_clear.pem
1170 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
1171all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem
1172keys_rsa_enc_pkcs8_v2_2048_des_sha512: rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.der rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem
1173
1174keys_rsa_enc_pkcs8_v2_2048_sha512: keys_rsa_enc_pkcs8_v2_2048_3des_sha512 keys_rsa_enc_pkcs8_v2_2048_des_sha512
1175
1176### 4096-bit
1177rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der: rsa_pkcs1_4096_clear.pem
1178 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
1179all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der
1180rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem: rsa_pkcs1_4096_clear.pem
1181 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
1182all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem
1183keys_rsa_enc_pkcs8_v2_4096_3des_sha512: rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem
1184
1185rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der: rsa_pkcs1_4096_clear.pem
1186 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
1187all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der
1188rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem: rsa_pkcs1_4096_clear.pem
1189 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
1190all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem
1191keys_rsa_enc_pkcs8_v2_4096_des_sha512: rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem
1192
1193keys_rsa_enc_pkcs8_v2_4096_sha512: keys_rsa_enc_pkcs8_v2_4096_3des_sha512 keys_rsa_enc_pkcs8_v2_4096_des_sha512
1194
1195###
1196### Rules to generate all RSA keys from a particular class
1197###
1198
1199### Generate cleartext RSA keys in derived formats
1200keys_rsa_cleartext: $(keys_rsa_base) $(keys_rsa_base:.pem=.der)
1201
1202### Generate PKCS1-encoded encrypted RSA keys
1203keys_rsa_enc_basic: keys_rsa_enc_basic_1024 keys_rsa_enc_basic_2048 keys_rsa_enc_basic_4096
1204
1205### Generate PKCS8-v1 encrypted RSA keys
1206keys_rsa_enc_pkcs8_v1: keys_rsa_enc_pkcs8_v1_1024 keys_rsa_enc_pkcs8_v1_2048 keys_rsa_enc_pkcs8_v1_4096
1207
1208### Generate PKCS8-v2 encrypted RSA keys
1209keys_rsa_enc_pkcs8_v2: keys_rsa_enc_pkcs8_v2_1024 keys_rsa_enc_pkcs8_v2_2048 keys_rsa_enc_pkcs8_v2_4096 keys_rsa_enc_pkcs8_v2_1024_sha224 keys_rsa_enc_pkcs8_v2_2048_sha224 keys_rsa_enc_pkcs8_v2_4096_sha224 keys_rsa_enc_pkcs8_v2_1024_sha256 keys_rsa_enc_pkcs8_v2_2048_sha256 keys_rsa_enc_pkcs8_v2_4096_sha256 keys_rsa_enc_pkcs8_v2_1024_sha384 keys_rsa_enc_pkcs8_v2_2048_sha384 keys_rsa_enc_pkcs8_v2_4096_sha384 keys_rsa_enc_pkcs8_v2_1024_sha512 keys_rsa_enc_pkcs8_v2_2048_sha512 keys_rsa_enc_pkcs8_v2_4096_sha512
1210
1211### Generate all RSA keys
1212keys_rsa_all: keys_rsa_base keys_rsa_cleartext
1213keys_rsa_all: keys_rsa_enc_basic keys_rsa_enc_pkcs8_v1 keys_rsa_enc_pkcs8_v2
1214
1215################################################################
1216#### Generate various EC keys
1217################################################################
1218
1219###
1220### PKCS8 encoded
1221###
1222
1223ec_prv.pk8.der:
1224 $(OPENSSL) genpkey -algorithm EC -pkeyopt ec_paramgen_curve:prime192v1 -pkeyopt ec_param_enc:named_curve -out $@ -outform DER
1225all_final += ec_prv.pk8.der
1226
1227# ### Instructions for creating `ec_prv.pk8nopub.der`,
1228# ### `ec_prv.pk8nopubparam.der`, and `ec_prv.pk8param.der` by hand from
1229# ### `ec_prv.pk8.der`.
1230#
1231# These instructions assume you are familiar with ASN.1 DER encoding and can
1232# use a hex editor to manipulate DER.
1233#
1234# The relevant ASN.1 definitions for a PKCS#8 encoded Elliptic Curve key are:
1235#
1236# PrivateKeyInfo ::= SEQUENCE {
1237# version Version,
1238# privateKeyAlgorithm PrivateKeyAlgorithmIdentifier,
1239# privateKey PrivateKey,
1240# attributes [0] IMPLICIT Attributes OPTIONAL
1241# }
1242#
1243# AlgorithmIdentifier ::= SEQUENCE {
1244# algorithm OBJECT IDENTIFIER,
1245# parameters ANY DEFINED BY algorithm OPTIONAL
1246# }
1247#
1248# ECParameters ::= CHOICE {
1249# namedCurve OBJECT IDENTIFIER
1250# -- implicitCurve NULL
1251# -- specifiedCurve SpecifiedECDomain
1252# }
1253#
1254# ECPrivateKey ::= SEQUENCE {
1255# version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
1256# privateKey OCTET STRING,
1257# parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
1258# publicKey [1] BIT STRING OPTIONAL
1259# }
1260#
1261# `ec_prv.pk8.der` as generatde above by OpenSSL should have the following
1262# fields:
1263#
1264# * privateKeyAlgorithm namedCurve
1265# * privateKey.parameters NOT PRESENT
1266# * privateKey.publicKey PRESENT
1267# * attributes NOT PRESENT
1268#
1269# # ec_prv.pk8nopub.der
1270#
1271# Take `ec_prv.pk8.der` and remove `privateKey.publicKey`.
1272#
1273# # ec_prv.pk8nopubparam.der
1274#
1275# Take `ec_prv.pk8nopub.der` and add `privateKey.parameters`, the same value as
1276# `privateKeyAlgorithm.namedCurve`. Don't forget to add the explicit tag.
1277#
1278# # ec_prv.pk8param.der
1279#
1280# Take `ec_prv.pk8.der` and add `privateKey.parameters`, the same value as
1281# `privateKeyAlgorithm.namedCurve`. Don't forget to add the explicit tag.
1282
1283ec_prv.pk8.pem: ec_prv.pk8.der
1284 $(OPENSSL) pkey -in $< -inform DER -out $@
1285all_final += ec_prv.pk8.pem
1286ec_prv.pk8nopub.pem: ec_prv.pk8nopub.der
1287 $(OPENSSL) pkey -in $< -inform DER -out $@
1288all_final += ec_prv.pk8nopub.pem
1289ec_prv.pk8nopubparam.pem: ec_prv.pk8nopubparam.der
1290 $(OPENSSL) pkey -in $< -inform DER -out $@
1291all_final += ec_prv.pk8nopubparam.pem
1292ec_prv.pk8param.pem: ec_prv.pk8param.der
1293 $(OPENSSL) pkey -in $< -inform DER -out $@
1294all_final += ec_prv.pk8param.pem
1295
1296ec_pub.pem: ec_prv.sec1.der
1297 $(OPENSSL) pkey -in $< -inform DER -outform PEM -pubout -out $@
1298all_final += ec_pub.pem
1299
1300ec_prv.sec1.comp.pem: ec_prv.sec1.pem
1301 $(OPENSSL) ec -in $< -out $@ -conv_form compressed
1302all_final += ec_prv.sec1.comp.pem
1303
1304ec_224_prv.comp.pem: ec_224_prv.pem
1305 $(OPENSSL) ec -in $< -out $@ -conv_form compressed
1306all_final += ec_224_prv.comp.pem
1307
1308ec_256_prv.comp.pem: ec_256_prv.pem
1309 $(OPENSSL) ec -in $< -out $@ -conv_form compressed
1310all_final += ec_256_prv.comp.pem
1311
1312ec_384_prv.comp.pem: ec_384_prv.pem
1313 $(OPENSSL) ec -in $< -out $@ -conv_form compressed
1314all_final += ec_384_prv.comp.pem
1315
1316ec_521_prv.comp.pem: ec_521_prv.pem
1317 $(OPENSSL) ec -in $< -out $@ -conv_form compressed
1318all_final += ec_521_prv.comp.pem
1319
1320ec_bp256_prv.comp.pem: ec_bp256_prv.pem
1321 $(OPENSSL) ec -in $< -out $@ -conv_form compressed
1322all_final += ec_bp256_prv.comp.pem
1323
1324ec_bp384_prv.comp.pem: ec_bp384_prv.pem
1325 $(OPENSSL) ec -in $< -out $@ -conv_form compressed
1326all_final += ec_bp384_prv.comp.pem
1327
1328ec_bp512_prv.comp.pem: ec_bp512_prv.pem
1329 $(OPENSSL) ec -in $< -out $@ -conv_form compressed
1330all_final += ec_bp512_prv.comp.pem
1331
1332ec_pub.comp.pem: ec_pub.pem
1333 $(OPENSSL) ec -pubin -in $< -out $@ -conv_form compressed
1334all_final += ec_pub.comp.pem
1335
1336ec_224_pub.comp.pem: ec_224_pub.pem
1337 $(OPENSSL) ec -pubin -in $< -out $@ -conv_form compressed
1338all_final += ec_224_pub.comp.pem
1339
1340ec_256_pub.comp.pem: ec_256_pub.pem
1341 $(OPENSSL) ec -pubin -in $< -out $@ -conv_form compressed
1342all_final += ec_256_pub.comp.pem
1343
1344ec_384_pub.comp.pem: ec_384_pub.pem
1345 $(OPENSSL) ec -pubin -in $< -out $@ -conv_form compressed
1346all_final += ec_384_pub.comp.pem
1347
1348ec_521_pub.comp.pem: ec_521_pub.pem
1349 $(OPENSSL) ec -pubin -in $< -out $@ -conv_form compressed
1350all_final += ec_521_pub.comp.pem
1351
1352ec_bp256_pub.comp.pem: ec_bp256_pub.pem
1353 $(OPENSSL) ec -pubin -in $< -out $@ -conv_form compressed
1354all_final += ec_bp256_pub.comp.pem
1355
1356ec_bp384_pub.comp.pem: ec_bp384_pub.pem
1357 $(OPENSSL) ec -pubin -in $< -out $@ -conv_form compressed
1358all_final += ec_bp384_pub.comp.pem
1359
1360ec_bp512_pub.comp.pem: ec_bp512_pub.pem
1361 $(OPENSSL) ec -pubin -in $< -out $@ -conv_form compressed
1362all_final += ec_bp512_pub.comp.pem
1363
1364ec_x25519_prv.der:
1365 $(OPENSSL) genpkey -algorithm X25519 -out $@ -outform DER
1366all_final += ec_x25519_prv.der
1367
1368ec_x25519_pub.der: ec_x25519_prv.der
1369 $(OPENSSL) pkey -in $< -inform DER -out $@ -outform DER -pubout
1370all_final += ec_x25519_pub.der
1371
1372ec_x25519_prv.pem: ec_x25519_prv.der
1373 $(OPENSSL) pkey -in $< -inform DER -out $@
1374all_final += ec_x25519_prv.pem
1375
1376ec_x25519_pub.pem: ec_x25519_prv.der
1377 $(OPENSSL) pkey -in $< -inform DER -out $@ -pubout
1378all_final += ec_x25519_pub.pem
1379
1380ec_x448_prv.der:
1381 $(OPENSSL) genpkey -algorithm X448 -out $@ -outform DER
1382all_final += ec_x448_prv.der
1383
1384ec_x448_pub.der: ec_x448_prv.der
1385 $(OPENSSL) pkey -in $< -inform DER -out $@ -outform DER -pubout
1386all_final += ec_x448_pub.der
1387
1388ec_x448_prv.pem: ec_x448_prv.der
1389 $(OPENSSL) pkey -in $< -inform DER -out $@
1390all_final += ec_x448_prv.pem
1391
1392ec_x448_pub.pem: ec_x448_prv.der
1393 $(OPENSSL) pkey -in $< -inform DER -out $@ -pubout
1394all_final += ec_x448_pub.pem
1395
1396################################################################
1397#### Convert PEM keys to DER format
1398################################################################
1399server1.pubkey.der: server1.pubkey
1400 $(OPENSSL) pkey -pubin -in $< -out $@ -outform DER
1401all_final += server1.pubkey.der
1402
1403rsa4096_pub.der: rsa4096_pub.pem
1404 $(OPENSSL) pkey -pubin -in $< -out $@ -outform DER
1405all_final += rsa4096_pub.der
1406
1407ec_pub.der: ec_pub.pem
1408 $(OPENSSL) pkey -pubin -in $< -out $@ -outform DER
1409all_final += ec_pub.der
1410
1411ec_521_pub.der: ec_521_pub.pem
1412 $(OPENSSL) pkey -pubin -in $< -out $@ -outform DER
1413all_final += ec_521_pub.der
1414
1415ec_bp512_pub.der: ec_bp512_pub.pem
1416 $(OPENSSL) pkey -pubin -in $< -out $@ -outform DER
1417all_final += ec_bp512_pub.der
1418
1419server1.key.der: server1.key
1420 $(OPENSSL) pkey -in $< -out $@ -outform DER
1421all_final += server1.key.der
1422
1423rsa4096_prv.der: rsa4096_prv.pem
1424 $(OPENSSL) pkey -in $< -out $@ -outform DER
1425all_final += rsa4096_prv.der
1426
1427ec_prv.sec1.der: ec_prv.sec1.pem
1428 $(OPENSSL) pkey -in $< -out $@ -outform DER
1429all_final += ec_prv.sec1.der
1430
1431ec_256_long_prv.der: ec_256_long_prv.pem
1432 $(OPENSSL) pkey -in $< -out $@ -outform DER
1433all_final += ec_256_long_prv.der
1434
1435ec_521_prv.der: ec_521_prv.pem
1436 $(OPENSSL) pkey -in $< -out $@ -outform DER
1437all_final += ec_521_prv.der
1438
1439ec_521_short_prv.der: ec_521_short_prv.pem
1440 $(OPENSSL) pkey -in $< -out $@ -outform DER
1441all_final += ec_521_short_prv.der
1442
1443ec_bp512_prv.der: ec_bp512_prv.pem
1444 $(OPENSSL) pkey -in $< -out $@ -outform DER
1445all_final += ec_bp512_prv.der
1446
1447################################################################
1448### Generate CSRs for X.509 write test suite
1449################################################################
1450
1451parse_input/server1.req.sha1 server1.req.sha1: server1.key
1452 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1
1453all_final += server1.req.sha1
1454
1455parse_input/server1.req.md5 server1.req.md5: server1.key
1456 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=MD5
1457all_final += server1.req.md5
1458
1459parse_input/server1.req.sha224 server1.req.sha224: server1.key
1460 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA224
1461all_final += server1.req.sha224
1462
1463parse_input/server1.req.sha256 server1.req.sha256: server1.key
1464 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA256
1465all_final += server1.req.sha256
1466
1467server1.req.sha256.ext: server1.key
1468 # Generating this with OpenSSL as a comparison point to test we're getting the same result
1469 openssl req -new -out $@ -key $< -subj '/C=NL/O=PolarSSL/CN=PolarSSL Server 1' -sha256 -config server1.req.sha256.conf
1470
1471parse_input/server1.req.sha384 server1.req.sha384: server1.key
1472 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA384
1473all_final += server1.req.sha384
1474
1475parse_input/server1.req.sha512 server1.req.sha512: server1.key
1476 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA512
1477all_final += server1.req.sha512
1478
1479server1.req.cert_type: server1.key
1480 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< ns_cert_type=ssl_server subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1
1481all_final += server1.req.cert_type
1482
1483server1.req.key_usage: server1.key
1484 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< key_usage=digital_signature,non_repudiation,key_encipherment subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1
1485all_final += server1.req.key_usage
1486
1487server1.req.ku-ct: server1.key
1488 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< key_usage=digital_signature,non_repudiation,key_encipherment ns_cert_type=ssl_server subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1
1489all_final += server1.req.ku-ct
1490
1491server1.req.key_usage_empty: server1.key
1492 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 force_key_usage=1
1493all_final += server1.req.key_usage_empty
1494
1495server1.req.cert_type_empty: server1.key
1496 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 force_ns_cert_type=1
1497all_final += server1.req.cert_type_empty
1498
1499parse_input/server1.req.commas.sha256: server1.key
1500 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL\, Commas,CN=PolarSSL Server 1" md=SHA256
1501
1502parse_input/server1.req.hashsymbol.sha256: server1.key
1503 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=\#PolarSSL,CN=PolarSSL Server 1" md=SHA256
1504
1505parse_input/server1.req.spaces.sha256: server1.key
1506 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O= PolarSSL ,CN=PolarSSL Server 1" md=SHA256
1507
1508parse_input/server1.req.asciichars.sha256: server1.key
1509 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=极地SSL,CN=PolarSSL Server 1" md=SHA256
1510# server2*
1511
1512server2_pwd_ec = PolarSSLTest
1513
1514server2.req.sha256: server2.key
1515 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=localhost" md=SHA256
1516all_intermediate += server2.req.sha256
1517
1518parse_input/server2.crt.der: parse_input/server2.crt
1519server2.crt.der: server2.crt
1520parse_input/server2.crt.der server2.crt.der:
1521 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
1522all_final += server2.crt.der
1523
1524server2-sha256.crt.der: server2-sha256.crt
1525 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
1526all_final += server2-sha256.crt.der
1527
1528server2.key.der: server2.key
1529 $(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER
1530all_final += server2.key.der
1531
1532server2.key.enc: server2.key
1533 $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(server2_pwd_ec)"
1534all_final += server2.key.enc
1535
1536# server5*
1537
1538server5.csr: server5.key
1539 $(OPENSSL) req -new -subj "/C=NL/O=PolarSSL/CN=localhost" \
1540 -key $< -out $@
1541all_intermediate += server5.csr
1542parse_input/server5.crt server5.crt: server5-sha256.crt
1543 cp $< $@
1544all_intermediate += server5-sha256.crt
1545server5-sha%.crt: server5.csr $(test_ca_crt_file_ec) $(test_ca_key_file_ec) server5.crt.openssl.v3_ext
1546 $(OPENSSL) x509 -req -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) \
1547 -extfile server5.crt.openssl.v3_ext -set_serial 9 -days 3650 \
1548 -sha$(@F:server5-sha%.crt=%) -in $< -out $@
1549all_final += server5.crt server5-sha1.crt server5-sha224.crt server5-sha384.crt server5-sha512.crt
1550
1551server5-badsign.crt: server5.crt
1552 { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; } > $@
1553all_final += server5-badsign.crt
1554
1555# The use of 'Server 1' in the DN is intentional here, as the DN is hardcoded in the x509_write test suite.'
1556server5.req.ku.sha1: server5.key
1557 $(OPENSSL) req -key $< -out $@ -new -nodes -subj "/C=NL/O=PolarSSL/CN=PolarSSL Server 1" -sha1 -addext keyUsage=digitalSignature,nonRepudiation
1558all_final += server5.req.ku.sha1
1559
1560server5.ku-ds.crt: SERVER5_CRT_SERIAL=45
1561server5.ku-ds.crt: SERVER5_KEY_USAGE=digital_signature
1562server5.ku-ka.crt: SERVER5_CRT_SERIAL=46
1563server5.ku-ka.crt: SERVER5_KEY_USAGE=key_agreement
1564server5.ku-ke.crt: SERVER5_CRT_SERIAL=47
1565server5.ku-ke.crt: SERVER5_KEY_USAGE=key_encipherment
1566server5.eku-cs.crt: SERVER5_CRT_SERIAL=58
1567server5.eku-cs.crt: SERVER5_EXT_KEY_USAGE=codeSigning
1568server5.eku-cs_any.crt: SERVER5_CRT_SERIAL=59
1569server5.eku-cs_any.crt: SERVER5_EXT_KEY_USAGE=codeSigning,any
1570server5.eku-cli.crt: SERVER5_CRT_SERIAL=60
1571server5.eku-cli.crt: SERVER5_EXT_KEY_USAGE=clientAuth
1572server5.eku-srv_cli.crt: SERVER5_CRT_SERIAL=61
1573server5.eku-srv_cli.crt: SERVER5_EXT_KEY_USAGE=serverAuth,clientAuth
1574server5.eku-srv.crt: SERVER5_CRT_SERIAL=62
1575server5.eku-srv.crt: SERVER5_EXT_KEY_USAGE=serverAuth
1576server5.ku-%.crt: SERVER5_EXT_OPTS=key_usage=$(SERVER5_KEY_USAGE)
1577server5.eku-%.crt: SERVER5_EXT_OPTS=ext_key_usage=$(SERVER5_EXT_KEY_USAGE)
1578server5.%.crt: server5.key
1579 $(MBEDTLS_CERT_WRITE) \
1580 subject_key=$< subject_name="C=NL,O=PolarSSL,CN=localhost" serial=$(SERVER5_CRT_SERIAL) \
1581 issuer_crt=$(test_ca_crt_file_ec) issuer_key=$(test_ca_key_file_ec) $(SERVER5_EXT_OPTS) \
1582 not_before=20190210144406 not_after=20290210144406 md=SHA256 version=3 output_file=$@
1583all_final += server5.ku-ka.crt server5.ku-ke.crt server5.ku-ds.crt
1584all_final += server5.eku-cs.crt server5.eku-cs_any.crt server5.eku-cli.crt server5.eku-srv_cli.crt server5.eku-srv.crt
1585
1586# server6*
1587
1588server6.csr: server6.key
1589 $(OPENSSL) req -new -subj "/C=NL/O=PolarSSL/CN=localhost" \
1590 -key $< -out $@
1591all_intermediate += server6.csr
1592server6.crt: server6.csr $(test_ca_crt_file_ec) $(test_ca_key_file_ec)
1593 $(OPENSSL) x509 -req -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) \
1594 -extfile server5.crt.openssl.v3_ext -set_serial 10 -days 3650 -sha256 -in $< -out $@
1595all_final += server6.crt
1596
1597server6-ss-child.csr : server6.key
1598 $(OPENSSL) req -new -subj "/CN=selfsigned-child/OU=testing/O=PolarSSL/C=NL" \
1599 -key $< -out $@
1600all_intermediate += server6-ss-child.csr
1601server6-ss-child.crt: server6-ss-child.csr server5-selfsigned.crt server5.key server6-ss-child.crt.openssl.v3_ext
1602 $(OPENSSL) x509 -req -CA server5-selfsigned.crt -CAkey server5.key \
1603 -extfile server6-ss-child.crt.openssl.v3_ext \
1604 -set_serial 0x53a2cb5822399474a7ec79ec \
1605 -days 3650 -sha256 -in $< -out $@
1606all_final += server6-ss-child.crt
1607
1608
1609################################################################
1610### Generate certificates for CRT write check tests
1611################################################################
1612
1613### The test files use the Mbed TLS generated certificates server1*.crt,
1614### but for comparison with OpenSSL also rules for OpenSSL-generated
1615### certificates server1*.crt.openssl are offered.
1616###
1617### Known differences:
1618### * OpenSSL encodes trailing zero-bits in bit-strings occurring in X.509 extension
1619### as unused bits, while Mbed TLS doesn't.
1620
1621test_ca_server1_db = test-ca.server1.db
1622test_ca_server1_serial = test-ca.server1.serial
1623test_ca_server1_config_file = test-ca.server1.opensslconf
1624
1625# server1*
1626
1627parse_input/server1.crt: parse_input/server1.req.sha256
1628server1.crt: server1.req.sha256
1629parse_input/server1.crt server1.crt: $(test_ca_crt) $(test_ca_key_file_rsa)
1630parse_input/server1.crt server1.crt:
1631 $(MBEDTLS_CERT_WRITE) request_file=$(@D)/server1.req.sha256 \
1632 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) \
1633 issuer_pwd=$(test_ca_pwd_rsa) version=1 \
1634 not_before=20190210144406 not_after=20290210144406 \
1635 md=SHA1 version=3 output_file=$@
1636server1.allSubjectAltNames.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
1637 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ san=URI:http://pki.example.com\;IP:1.2.3.4\;DN:C=UK,O="Mbed TLS",CN="SubjectAltName test"\;DNS:example.com\;RFC822:mail@example.com
1638server1.long_serial.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
1639 echo "112233445566778899aabbccddeeff0011223344" > test-ca.server1.tmp.serial
1640 $(OPENSSL) ca -in server1.req.sha256 -key PolarSSLTest -config test-ca.server1.test_serial.opensslconf -notext -batch -out $@
1641server1.80serial.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
1642 echo "8011223344" > test-ca.server1.tmp.serial
1643 $(OPENSSL) ca -in server1.req.sha256 -key PolarSSLTest -config test-ca.server1.test_serial.opensslconf -notext -batch -out $@
1644server1.long_serial_FF.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
1645 echo "ffffffffffffffffffffffffffffffff" > test-ca.server1.tmp.serial
1646 $(OPENSSL) ca -in server1.req.sha256 -key PolarSSLTest -config test-ca.server1.test_serial.opensslconf -notext -batch -out $@
1647server1.noauthid.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
1648 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 authority_identifier=0 version=3 output_file=$@
1649parse_input/server1.crt.der: parse_input/server1.crt
1650 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 \
1651 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) \
1652 issuer_pwd=$(test_ca_pwd_rsa) \
1653 not_before=20190210144406 not_after=20290210144406 \
1654 md=SHA1 authority_identifier=0 version=3 output_file=$@
1655server1.der: server1.crt
1656 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
1657server1.commas.crt: server1.key parse_input/server1.req.commas.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
1658 $(MBEDTLS_CERT_WRITE) request_file=parse_input/server1.req.commas.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@
1659server1.hashsymbol.crt: server1.key parse_input/server1.req.hashsymbol.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
1660 $(MBEDTLS_CERT_WRITE) request_file=parse_input/server1.req.hashsymbol.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@
1661server1.spaces.crt: server1.key parse_input/server1.req.spaces.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
1662 $(MBEDTLS_CERT_WRITE) request_file=parse_input/server1.req.spaces.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@
1663server1.asciichars.crt: server1.key parse_input/server1.req.asciichars.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
1664 $(MBEDTLS_CERT_WRITE) request_file=parse_input/server1.req.asciichars.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@
1665all_final += server1.crt server1.noauthid.crt parse_input/server1.crt.der server1.commas.crt server1.hashsymbol.crt server1.spaces.crt server1.asciichars.crt
1666
1667parse_input/server1.key_usage.crt: parse_input/server1.req.sha256
1668server1.key_usage.crt: server1.req.sha256
1669parse_input/server1.key_usage.crt server1.key_usage.crt: $(test_ca_crt) $(test_ca_key_file_rsa)
1670parse_input/server1.key_usage.crt server1.key_usage.crt:
1671 $(MBEDTLS_CERT_WRITE) request_file=$(@D)/server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 key_usage=digital_signature,non_repudiation,key_encipherment version=3 output_file=$@
1672server1.key_usage_noauthid.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
1673 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 key_usage=digital_signature,non_repudiation,key_encipherment authority_identifier=0 version=3 output_file=$@
1674server1.key_usage.der: server1.key_usage.crt
1675 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
1676all_final += server1.key_usage.crt server1.key_usage_noauthid.crt server1.key_usage.der
1677
1678parse_input/server1.cert_type.crt: parse_input/server1.req.sha256
1679server1.cert_type.crt: server1.req.sha256
1680parse_input/server1.cert_type.crt server1.cert_type.crt: $(test_ca_crt) $(test_ca_key_file_rsa)
1681parse_input/server1.cert_type.crt server1.cert_type.crt:
1682 $(MBEDTLS_CERT_WRITE) request_file=$(@D)/server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 ns_cert_type=ssl_server version=3 output_file=$@
1683server1.cert_type_noauthid.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
1684 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 ns_cert_type=ssl_server authority_identifier=0 version=3 output_file=$@
1685server1.cert_type.der: server1.cert_type.crt
1686 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
1687all_final += server1.cert_type.crt server1.cert_type_noauthid.crt server1.cert_type.der
1688
1689server1.v1.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
1690 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 version=1 output_file=$@
1691server1.v1.der: server1.v1.crt
1692 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
1693all_final += server1.v1.crt server1.v1.der
1694
1695server1.ca.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
1696 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 is_ca=1 version=3 output_file=$@
1697server1.ca_noauthid.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
1698 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 authority_identifier=0 is_ca=1 version=3 output_file=$@
1699server1.ca.der: server1.ca.crt
1700 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
1701all_final += server1.ca.crt server1.ca_noauthid.crt server1.ca.der
1702
1703server1-nospace.crt: server1.key test-ca.crt
1704 $(MBEDTLS_CERT_WRITE) subject_key=$< serial=31\
1705 subject_name="C=NL,O=PolarSSL,CN=polarssl.example" \
1706 issuer_crt=test-ca.crt issuer_key=$(test_ca_key_file_rsa) \
1707 issuer_pwd=$(test_ca_pwd_rsa) \
1708 not_before=20190210144406 not_after=20290210144406 \
1709 md=SHA256 version=3 authority_identifier=1 \
1710 output_file=$@
1711all_final += server1-nospace.crt
1712
1713server1_ca.crt: server1.crt $(test_ca_crt)
1714 cat server1.crt $(test_ca_crt) > $@
1715all_final += server1_ca.crt
1716
1717parse_input/cert_sha1.crt cert_sha1.crt: server1.key
1718 $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=PolarSSL Cert SHA1" serial=7 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@
1719all_final += cert_sha1.crt
1720
1721parse_input/cert_sha224.crt cert_sha224.crt: server1.key
1722 $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=PolarSSL Cert SHA224" serial=8 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA224 version=3 output_file=$@
1723all_final += cert_sha224.crt
1724
1725parse_input/cert_sha256.crt cert_sha256.crt: server1.key
1726 $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=PolarSSL Cert SHA256" serial=9 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA256 version=3 output_file=$@
1727all_final += cert_sha256.crt
1728
1729parse_input/cert_sha384.crt cert_sha384.crt: server1.key
1730 $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=PolarSSL Cert SHA384" serial=10 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA384 version=3 output_file=$@
1731all_final += cert_sha384.crt
1732
1733parse_input/cert_sha512.crt cert_sha512.crt: server1.key
1734 $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=PolarSSL Cert SHA512" serial=11 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA512 version=3 output_file=$@
1735all_final += cert_sha512.crt
1736
1737cert_example_wildcard.crt: server1.key
1738 $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=*.example.com" serial=12 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@
1739all_final += cert_example_wildcard.crt
1740
1741# OpenSSL-generated certificates for comparison
1742# Also provide certificates in DER format to allow
1743# direct binary comparison using e.g. dumpasn1
1744server1.crt.openssl server1.key_usage.crt.openssl server1.cert_type.crt.openssl: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_server1_config_file)
1745 echo "01" > $(test_ca_server1_serial)
1746 rm -f $(test_ca_server1_db)
1747 touch $(test_ca_server1_db)
1748 $(OPENSSL) ca -batch -passin "pass:$(test_ca_pwd_rsa)" -config $(test_ca_server1_config_file) -in server1.req.sha256 -extensions v3_ext -extfile $@.v3_ext -out $@
1749server1.der.openssl: server1.crt.openssl
1750 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
1751server1.key_usage.der.openssl: server1.key_usage.crt.openssl
1752 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
1753server1.cert_type.der.openssl: server1.cert_type.crt.openssl
1754 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
1755
1756server1.v1.crt.openssl: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_server1_config_file)
1757 echo "01" > $(test_ca_server1_serial)
1758 rm -f $(test_ca_server1_db)
1759 touch $(test_ca_server1_db)
1760 $(OPENSSL) ca -batch -passin "pass:$(test_ca_pwd_rsa)" -config $(test_ca_server1_config_file) -in server1.req.sha256 -out $@
1761server1.v1.der.openssl: server1.v1.crt.openssl
1762 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
1763
1764# To revoke certificate in the openssl database:
1765#
1766# $(OPENSSL) ca -gencrl -batch -cert $(test_ca_crt) -keyfile $(test_ca_key_file_rsa) -key $(test_ca_pwd_rsa) -config $(test_ca_server1_config_file) -md sha256 -crldays 365 -revoke server1.crt
1767
1768crl.pem: $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_config_file)
1769 $(OPENSSL) ca -gencrl -batch -cert $(test_ca_crt) -keyfile $(test_ca_key_file_rsa) -key $(test_ca_pwd_rsa) -config $(test_ca_server1_config_file) -md sha1 -crldays 3653 -out $@
1770
1771crl-futureRevocationDate.pem: $(test_ca_crt) $(test_ca_key_file_rsa) \
1772 $(test_ca_config_file) \
1773 test-ca.server1.future-crl.db \
1774 test-ca.server1.future-crl.opensslconf
1775 $(FAKETIME) -f '+10y' $(OPENSSL) ca -gencrl \
1776 -config test-ca.server1.future-crl.opensslconf -crldays 365 \
1777 -passin "pass:$(test_ca_pwd_rsa)" -out $@
1778
1779server1_all: crl.pem crl-futureRevocationDate.pem server1.crt server1.noauthid.crt server1.crt.openssl server1.v1.crt server1.v1.crt.openssl server1.key_usage.crt server1.key_usage_noauthid.crt server1.key_usage.crt.openssl server1.cert_type.crt server1.cert_type_noauthid.crt server1.cert_type.crt.openssl server1.der server1.der.openssl server1.v1.der server1.v1.der.openssl server1.key_usage.der server1.key_usage.der.openssl server1.cert_type.der server1.cert_type.der.openssl
1780
1781# server2*
1782
1783parse_input/server2.crt server2.crt: server2.req.sha256
1784 $(MBEDTLS_CERT_WRITE) request_file=server2.req.sha256 serial=2 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@
1785all_final += server2.crt
1786
1787server2.der: server2.crt
1788 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
1789all_final += server2.crt server2.der
1790
1791server2-sha256.crt: server2.req.sha256
1792 $(MBEDTLS_CERT_WRITE) request_file=server2.req.sha256 serial=2 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA256 version=3 output_file=$@
1793all_final += server2-sha256.crt
1794
1795server2-sha256.ku-ka.crt: SERVER2_CRT_SERIAL=22
1796server2-sha256.ku-ka.crt: SERVER2_KEY_USAGE=key_agreement
1797server2-sha256.ku-ke.crt: SERVER2_CRT_SERIAL=23
1798server2-sha256.ku-ke.crt: SERVER2_KEY_USAGE=key_encipherment
1799server2-sha256.ku-ds.crt: SERVER2_CRT_SERIAL=24
1800server2-sha256.ku-ds.crt: SERVER2_KEY_USAGE=digital_signature
1801server2-sha256.ku-ds_ke.crt: SERVER2_CRT_SERIAL=28
1802server2-sha256.ku-ds_ke.crt: SERVER2_KEY_USAGE=digital_signature,key_encipherment
1803server2-sha256.ku-%.crt: server2.req.sha256
1804 $(MBEDTLS_CERT_WRITE) request_file=server2.req.sha256 serial=$(SERVER2_CRT_SERIAL) \
1805 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) \
1806 key_usage="$(SERVER2_KEY_USAGE)" \
1807 not_before=20190210144406 not_after=20290210144406 md=SHA256 version=3 output_file=$@
1808all_final += server2-sha256.ku-ka.crt server2-sha256.ku-ke.crt server2-sha256.ku-ds.crt server2-sha256.ku-ds_ke.crt
1809
1810all_final += server2.ku-ka.crt server2.ku-ke.crt server2.ku-ds.crt server2.ku-ds_ke.crt
1811server2.ku-ka.crt: SERVER2_CRT_SERIAL=42
1812server2.ku-ka.crt: SERVER2_KEY_USAGE=key_agreement
1813server2.ku-ke.crt: SERVER2_CRT_SERIAL=43
1814server2.ku-ke.crt: SERVER2_KEY_USAGE=key_encipherment
1815server2.ku-ds.crt: SERVER2_CRT_SERIAL=44
1816server2.ku-ds.crt: SERVER2_KEY_USAGE=digital_signature
1817server2.ku-ds_ke.crt: SERVER2_CRT_SERIAL=48
1818server2.ku-ds_ke.crt: SERVER2_KEY_USAGE=digital_signature,key_encipherment
1819server2.ku-%.crt: server2.req.sha256
1820 $(MBEDTLS_CERT_WRITE) request_file=server2.req.sha256 serial=$(SERVER2_CRT_SERIAL) \
1821 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) \
1822 key_usage="$(SERVER2_KEY_USAGE)" \
1823 not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@
1824all_final += server2.ku-ka.crt server2.ku-ke.crt server2.ku-ds.crt server2.ku-ds_ke.crt
1825
1826server2-badsign.crt: server2.crt
1827 { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; } > $@
1828all_final += server2-badsign.crt
1829
1830# server3*
1831
1832parse_input/server3.crt server3.crt: server3.key
1833 $(MBEDTLS_CERT_WRITE) subject_key=$< subject_name="C=NL,O=PolarSSL,CN=localhost" serial=13 \
1834 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) \
1835 not_before=20190210144406 not_after=20290210144406 \
1836 md=SHA1 version=3 output_file=$@
1837all_final += server3.crt
1838
1839# server4*
1840
1841parse_input/server4.crt server4.crt: server4.key
1842 $(MBEDTLS_CERT_WRITE) subject_key=$< subject_name="C=NL,O=PolarSSL,CN=localhost" serial=8 \
1843 issuer_crt=$(test_ca_crt_file_ec) issuer_key=$(test_ca_key_file_ec) \
1844 not_before=20190210144400 not_after=20290210144400 \
1845 md=SHA256 version=3 output_file=$@
1846all_final += server4.crt
1847
1848# MD5 test certificate
1849
1850cert_md_test_key = $(cli_crt_key_file_rsa)
1851
1852cert_md5.csr: $(cert_md_test_key)
1853 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Cert MD5" md=MD5
1854all_intermediate += cert_md5.csr
1855
1856parse_input/cert_md5.crt cert_md5.crt: cert_md5.csr
1857 $(MBEDTLS_CERT_WRITE) request_file=$< serial=6 \
1858 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) \
1859 issuer_pwd=$(test_ca_pwd_rsa) \
1860 not_before=20000101121212 not_after=20300101121212 \
1861 md=MD5 version=3 output_file=$@
1862all_final += cert_md5.crt
1863
1864# TLSv1.3 test certificates
1865ecdsa_secp256r1.key: ec_256_prv.pem
1866 cp $< $@
1867
1868ecdsa_secp256r1.csr: ecdsa_secp256r1.key
1869 $(OPENSSL) req -new -subj "/C=NL/O=PolarSSL/CN=localhost" \
1870 -key $< -out $@
1871all_intermediate += ecdsa_secp256r1.csr
1872ecdsa_secp256r1.crt: ecdsa_secp256r1.csr
1873 $(OPENSSL) x509 -req -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) \
1874 -set_serial 77 -days 3653 -sha384 -in $< -out $@
1875all_final += ecdsa_secp256r1.crt ecdsa_secp256r1.key
1876tls13_certs: ecdsa_secp256r1.crt ecdsa_secp256r1.key
1877
1878ecdsa_secp384r1.key: ec_384_prv.pem
1879 cp $< $@
1880ecdsa_secp384r1.csr: ecdsa_secp384r1.key
1881 $(OPENSSL) req -new -subj "/C=NL/O=PolarSSL/CN=localhost" \
1882 -key $< -out $@
1883all_intermediate += ecdsa_secp384r1.csr
1884ecdsa_secp384r1.crt: ecdsa_secp384r1.csr
1885 $(OPENSSL) x509 -req -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) \
1886 -set_serial 77 -days 3653 -sha384 -in $< -out $@
1887all_final += ecdsa_secp384r1.crt ecdsa_secp384r1.key
1888tls13_certs: ecdsa_secp384r1.crt ecdsa_secp384r1.key
1889
1890ecdsa_secp521r1.key: ec_521_prv.pem
1891 cp $< $@
1892ecdsa_secp521r1.csr: ecdsa_secp521r1.key
1893 $(OPENSSL) req -new -subj "/C=NL/O=PolarSSL/CN=localhost" \
1894 -key $< -out $@
1895all_intermediate += ecdsa_secp521r1.csr
1896ecdsa_secp521r1.crt: ecdsa_secp521r1.csr
1897 $(OPENSSL) x509 -req -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) \
1898 -set_serial 77 -days 3653 -sha384 -in $< -out $@
1899all_final += ecdsa_secp521r1.crt ecdsa_secp521r1.key
1900tls13_certs: ecdsa_secp521r1.crt ecdsa_secp521r1.key
1901
1902# PKCS7 test data
1903pkcs7_test_cert_1 = pkcs7-rsa-sha256-1.crt
1904pkcs7_test_cert_2 = pkcs7-rsa-sha256-2.crt
1905pkcs7_test_cert_3 = pkcs7-rsa-sha256-3.crt
1906pkcs7_test_file = pkcs7_data.bin
1907
1908$(pkcs7_test_file):
1909 printf "Hello\15\n" > $@
1910all_final += $(pkcs7_test_file)
1911
1912pkcs7_zerolendata.bin:
1913 printf '' > $@
1914all_final += pkcs7_zerolendata.bin
1915
1916pkcs7_data_1.bin:
1917 printf "2\15\n" > $@
1918all_final += pkcs7_data_1.bin
1919
1920# Generate signing cert
1921pkcs7-rsa-sha256-1.crt:
1922 $(OPENSSL) req -x509 -subj="/C=NL/O=PKCS7/CN=PKCS7 Cert 1" -sha256 -nodes -days 3653 -newkey rsa:2048 -keyout pkcs7-rsa-sha256-1.key -out pkcs7-rsa-sha256-1.crt
1923 cat pkcs7-rsa-sha256-1.crt pkcs7-rsa-sha256-1.key > pkcs7-rsa-sha256-1.pem
1924all_final += pkcs7-rsa-sha256-1.crt
1925
1926pkcs7-rsa-sha256-2.crt:
1927 $(OPENSSL) req -x509 -subj="/C=NL/O=PKCS7/CN=PKCS7 Cert 2" -sha256 -nodes -days 3653 -newkey rsa:2048 -keyout pkcs7-rsa-sha256-2.key -out pkcs7-rsa-sha256-2.crt
1928 cat pkcs7-rsa-sha256-2.crt pkcs7-rsa-sha256-2.key > pkcs7-rsa-sha256-2.pem
1929all_final += pkcs7-rsa-sha256-2.crt
1930
1931pkcs7-rsa-sha256-3.crt:
1932 $(OPENSSL) req -x509 -subj="/C=NL/O=PKCS7/CN=PKCS7 Cert 3" -sha256 -nodes -days 3653 -newkey rsa:2048 -keyout pkcs7-rsa-sha256-3.key -out pkcs7-rsa-sha256-3.crt
1933 cat pkcs7-rsa-sha256-3.crt pkcs7-rsa-sha256-3.key > pkcs7-rsa-sha256-3.pem
1934all_final += pkcs7-rsa-sha256-3.crt
1935
1936pkcs7-rsa-expired.crt:
1937 $(FAKETIME) -f -3650d $(OPENSSL) req -x509 -subj="/C=NL/O=PKCS7/CN=PKCS7 Cert Expired" -sha256 -nodes -days 365 -newkey rsa:2048 -keyout pkcs7-rsa-expired.key -out pkcs7-rsa-expired.crt
1938all_final += pkcs7-rsa-expired.crt
1939
1940# File with an otherwise valid signature signed with an expired cert
1941pkcs7_data_rsa_expired.der: pkcs7-rsa-expired.key pkcs7-rsa-expired.crt pkcs7_data.bin
1942 $(OPENSSL) smime -sign -binary -in pkcs7_data.bin -out $@ -md sha256 -inkey pkcs7-rsa-expired.key -signer pkcs7-rsa-expired.crt -noattr -outform DER -out $@
1943all_final += pkcs7_data_rsa_expired.der
1944
1945# Convert signing certs to DER for testing PEM-free builds
1946pkcs7-rsa-sha256-1.der: $(pkcs7_test_cert_1)
1947 $(OPENSSL) x509 -in pkcs7-rsa-sha256-1.crt -out $@ -outform DER
1948all_final += pkcs7-rsa-sha256-1.der
1949
1950pkcs7-rsa-sha256-2.der: $(pkcs7_test_cert_2)
1951 $(OPENSSL) x509 -in pkcs7-rsa-sha256-2.crt -out $@ -outform DER
1952all_final += pkcs7-rsa-sha256-2.der
1953
1954pkcs7-rsa-expired.der: pkcs7-rsa-expired.crt
1955 $(OPENSSL) x509 -in pkcs7-rsa-expired.crt -out $@ -outform DER
1956all_final += pkcs7-rsa-expired.der
1957
1958# pkcs7 signature file over zero-len data
1959pkcs7_zerolendata_detached.der: pkcs7_zerolendata.bin pkcs7-rsa-sha256-1.key pkcs7-rsa-sha256-1.crt
1960 $(OPENSSL) smime -sign -md sha256 -nocerts -noattr -in pkcs7_zerolendata.bin -inkey pkcs7-rsa-sha256-1.key -outform DER -binary -signer pkcs7-rsa-sha256-1.crt -out pkcs7_zerolendata_detached.der
1961all_final += pkcs7_zerolendata_detached.der
1962
1963# pkcs7 signature file with CERT
1964pkcs7_data_cert_signed_sha256.der: $(pkcs7_test_file) $(pkcs7_test_cert_1)
1965 $(OPENSSL) smime -sign -binary -in pkcs7_data.bin -out $@ -md sha256 -signer pkcs7-rsa-sha256-1.pem -noattr -outform DER -out $@
1966all_final += pkcs7_data_cert_signed_sha256.der
1967
1968# pkcs7 signature file with CERT and sha1
1969pkcs7_data_cert_signed_sha1.der: $(pkcs7_test_file) $(pkcs7_test_cert_1)
1970 $(OPENSSL) smime -sign -binary -in pkcs7_data.bin -out $@ -md sha1 -signer pkcs7-rsa-sha256-1.pem -noattr -outform DER -out $@
1971all_final += pkcs7_data_cert_signed_sha1.der
1972
1973# pkcs7 signature file with CERT and sha512
1974pkcs7_data_cert_signed_sha512.der: $(pkcs7_test_file) $(pkcs7_test_cert_1)
1975 $(OPENSSL) smime -sign -binary -in pkcs7_data.bin -out $@ -md sha512 -signer pkcs7-rsa-sha256-1.pem -noattr -outform DER -out $@
1976all_final += pkcs7_data_cert_signed_sha512.der
1977
1978# pkcs7 signature file without CERT
1979pkcs7_data_without_cert_signed.der: $(pkcs7_test_file) $(pkcs7_test_cert_1)
1980 $(OPENSSL) smime -sign -binary -in pkcs7_data.bin -out $@ -md sha256 -signer pkcs7-rsa-sha256-1.pem -nocerts -noattr -outform DER -out $@
1981all_final += pkcs7_data_without_cert_signed.der
1982
1983# pkcs7 signature file with signature
1984pkcs7_data_with_signature.der: $(pkcs7_test_file) $(pkcs7_test_cert_1)
1985 $(OPENSSL) smime -sign -binary -in pkcs7_data.bin -out $@ -md sha256 -signer pkcs7-rsa-sha256-1.pem -nocerts -noattr -nodetach -outform DER -out $@
1986all_final += pkcs7_data_with_signature.der
1987
1988# pkcs7 signature file with two signers
1989pkcs7_data_multiple_signed.der: $(pkcs7_test_file) $(pkcs7_test_cert_1) $(pkcs7_test_cert_2)
1990 $(OPENSSL) smime -sign -binary -in pkcs7_data.bin -out $@ -md sha256 -signer pkcs7-rsa-sha256-1.pem -signer pkcs7-rsa-sha256-2.pem -nocerts -noattr -outform DER -out $@
1991all_final += pkcs7_data_multiple_signed.der
1992
1993# pkcs7 signature file with three signers
1994pkcs7_data_3_signed.der: $(pkcs7_test_file) $(pkcs7_test_cert_1) $(pkcs7_test_cert_2) $(pkcs7_test_cert_3)
1995 $(OPENSSL) smime -sign -binary -in pkcs7_data.bin -out $@ -md sha256 -signer pkcs7-rsa-sha256-1.pem -signer pkcs7-rsa-sha256-2.pem -signer pkcs7-rsa-sha256-3.pem -nocerts -noattr -outform DER -out $@
1996all_final += pkcs7_data_3_signed.der
1997
1998# pkcs7 signature file with multiple certificates
1999pkcs7_data_multiple_certs_signed.der: $(pkcs7_test_file) $(pkcs7_test_cert_1) $(pkcs7_test_cert_2)
2000 $(OPENSSL) smime -sign -binary -in pkcs7_data.bin -out $@ -md sha256 -signer pkcs7-rsa-sha256-1.pem -signer pkcs7-rsa-sha256-2.pem -noattr -outform DER -out $@
2001all_final += pkcs7_data_multiple_certs_signed.der
2002
2003# pkcs7 signature file with corrupted CERT
2004pkcs7_data_signed_badcert.der: pkcs7_data_cert_signed_sha256.der
2005 cp pkcs7_data_cert_signed_sha256.der $@
2006 echo 'a1' | xxd -r -p | dd of=$@ bs=1 seek=547 conv=notrunc
2007all_final += pkcs7_data_signed_badcert.der
2008
2009# pkcs7 signature file with corrupted signer info
2010pkcs7_data_signed_badsigner.der: pkcs7_data_cert_signed_sha256.der
2011 cp pkcs7_data_cert_signed_sha256.der $@
2012 echo 'a1' | xxd -r -p | dd of=$@ bs=1 seek=918 conv=notrunc
2013all_final += pkcs7_data_signed_badsigner.der
2014
2015# pkcs7 signature file with invalid tag in signerInfo[1].serial after long issuer name
2016pkcs7_signerInfo_1_serial_invalid_tag_after_long_name.der: pkcs7_data_multiple_signed.der
2017 cp $< $@
2018 echo 'a1' | xxd -r -p | dd of=$@ bs=1 seek=498 conv=notrunc
2019all_final += pkcs7_signerInfo_1_serial_invalid_tag_after_long_name.der
2020
2021# pkcs7 signature file with invalid tag in signerInfo[2]
2022pkcs7_signerInfo_2_invalid_tag.der: pkcs7_data_3_signed.der
2023 cp $< $@
2024 echo 'a1' | xxd -r -p | dd of=$@ bs=1 seek=810 conv=notrunc
2025all_final += pkcs7_signerInfo_2_invalid_tag.der
2026
2027# pkcs7 signature file with corrupted signer info[1]
2028pkcs7_data_signed_badsigner1_badsize.der: pkcs7_data_3_signed.der
2029 cp pkcs7_data_3_signed.der $@
2030 echo '72' | xxd -p -r | dd of=$@ bs=1 seek=438 conv=notrunc
2031all_final += pkcs7_data_signed_badsigner1_badsize.der
2032
2033pkcs7_data_signed_badsigner1_badtag.der: pkcs7_data_3_signed.der
2034 cp pkcs7_data_3_signed.der $@
2035 echo 'a1' | xxd -p -r | dd of=$@ bs=1 seek=442 conv=notrunc
2036all_final += pkcs7_data_signed_badsigner1_badtag.der
2037
2038pkcs7_data_signed_badsigner1_fuzzbad.der: pkcs7_data_3_signed.der
2039 cp pkcs7_data_3_signed.der $@
2040 echo 'a1' | xxd -p -r | dd of=$@ bs=1 seek=550 conv=notrunc
2041all_final += pkcs7_data_signed_badsigner1_fuzzbad.der
2042
2043# pkcs7 signature file with corrupted signer info[2]
2044pkcs7_data_signed_badsigner2_badsize.der: pkcs7_data_3_signed.der
2045 cp pkcs7_data_3_signed.der $@
2046 echo '72'| xxd -p -r | dd of=$@ bs=1 seek=813 conv=notrunc
2047all_final += pkcs7_data_signed_badsigner2_badsize.der
2048
2049pkcs7_data_signed_badsigner2_badtag.der: pkcs7_data_3_signed.der
2050 cp pkcs7_data_3_signed.der $@
2051 echo 'a1'| xxd -p -r | dd of=$@ bs=1 seek=817 conv=notrunc
2052all_final += pkcs7_data_signed_badsigner2_badtag.der
2053
2054pkcs7_data_signed_badsigner2_fuzzbad.der: pkcs7_data_3_signed.der
2055 cp pkcs7_data_3_signed.der $@
2056 echo 'a1'| xxd -p -r | dd of=$@ bs=1 seek=925 conv=notrunc
2057all_final += pkcs7_data_signed_badsigner2_fuzzbad.der
2058
2059# pkcs7 file with version 2
2060pkcs7_data_cert_signed_v2.der: pkcs7_data_cert_signed_sha256.der
2061 cp pkcs7_data_cert_signed_sha256.der $@
2062 echo '02' | xxd -r -p | dd of=$@ bs=1 seek=25 conv=notrunc
2063all_final += pkcs7_data_cert_signed_v2.der
2064
2065pkcs7_data_cert_encrypted.der: $(pkcs7_test_file) $(pkcs7_test_cert_1)
2066 $(OPENSSL) smime -encrypt -aes256 -in pkcs7_data.bin -binary -outform DER -out $@ pkcs7-rsa-sha256-1.crt
2067all_final += pkcs7_data_cert_encrypted.der
2068
2069## Negative tests
2070# For some interesting sizes, what happens if we make them off-by-one?
2071pkcs7_signerInfo_issuer_invalid_size.der: pkcs7_data_cert_signed_sha256.der
2072 cp $< $@
2073 echo '35' | xxd -r -p | dd of=$@ seek=919 bs=1 conv=notrunc
2074all_final += pkcs7_signerInfo_issuer_invalid_size.der
2075
2076pkcs7_signerInfo_serial_invalid_size.der: pkcs7_data_cert_signed_sha256.der
2077 cp $< $@
2078 echo '15' | xxd -r -p | dd of=$@ seek=973 bs=1 conv=notrunc
2079all_final += pkcs7_signerInfo_serial_invalid_size.der
2080
2081# pkcs7 signature file just with signed data
2082pkcs7_data_cert_signeddata_sha256.der: pkcs7_data_cert_signed_sha256.der
2083 dd if=pkcs7_data_cert_signed_sha256.der of=$@ skip=19 bs=1
2084all_final += pkcs7_data_cert_signeddata_sha256.der
2085
2086# - test-ca-v1.crt: v1 "CA", signs
2087# server1-v1.crt: v1 "intermediate CA", signs
2088# server2-v1*.crt: EE cert (without of with chain in same file)
2089
2090test-ca-v1.crt: $(test_ca_key_file_rsa) test-ca.req.sha256
2091 $(MBEDTLS_CERT_WRITE) is_ca=1 serial_hex=53a2b68e05400e555c9395e5 \
2092 request_file=test-ca.req.sha256 \
2093 selfsign=1 issuer_name="CN=PolarSSL Test CA v1,OU=testing,O=PolarSSL,C=NL" \
2094 issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) \
2095 not_before=20190210144400 not_after=20290210144400 md=SHA256 version=1 \
2096 output_file=$@
2097all_final += test-ca-v1.crt
2098
2099server1-v1.crt: server1.key test-ca-v1.crt
2100 $(MBEDTLS_CERT_WRITE) subject_key=$< serial_hex=53a2b6c704cd4d8ebc800bc1\
2101 subject_name="CN=server1/int-ca-v1,OU=testing,O=PolarSSL,C=NL" \
2102 issuer_crt=test-ca-v1.crt issuer_key=$(test_ca_key_file_rsa) \
2103 issuer_pwd=$(test_ca_pwd_rsa) \
2104 not_before=20190210144406 not_after=20290210144406 \
2105 md=SHA256 version=1 \
2106 output_file=$@
2107all_final += server1-v1.crt
2108
2109server2-v1.crt: server2.key server1-v1.crt
2110 $(MBEDTLS_CERT_WRITE) subject_key=$< serial_hex=53a2b6d9235dbc4573f9b76c\
2111 subject_name="CN=server2,OU=testing,O=PolarSSL,C=NL" \
2112 issuer_crt=server1-v1.crt issuer_key=server1.key \
2113 not_before=20190210144406 not_after=20290210144406 \
2114 md=SHA256 version=1 \
2115 output_file=$@
2116all_final += server2-v1.crt
2117
2118server2-v1-chain.crt: server2-v1.crt server1-v1.crt
2119 cat $^ > $@
2120
2121################################################################
2122#### Diffie-Hellman parameters
2123################################################################
2124
2125dh.998.pem:
2126 $(OPENSSL) dhparam -out $@ -text 998
2127
2128dh.999.pem:
2129 $(OPENSSL) dhparam -out $@ -text 999
2130
2131
2132################################################################
2133#### Meta targets
2134################################################################
2135
2136all_final: $(all_final)
2137all: $(all_intermediate) $(all_final)
2138
2139.PHONY: default all_final all
2140.PHONY: keys_rsa_all
2141.PHONY: keys_rsa_enc_basic
2142.PHONY: keys_rsa_enc_pkcs8_v1 keys_rsa_enc_pkcs8_v2
2143.PHONY: keys_rsa_enc_basic_1024 keys_rsa_enc_basic_2048 keys_rsa_enc_basic_4096
2144.PHONY: keys_rsa_enc_pkcs8_v1_1024 keys_rsa_enc_pkcs8_v2_1024
2145.PHONY: keys_rsa_enc_pkcs8_v1_2048 keys_rsa_enc_pkcs8_v2_2048
2146.PHONY: keys_rsa_enc_pkcs8_v1_4096 keys_rsa_enc_pkcs8_v2_4096
2147.PHONY: server1_all
2148
2149# These files should not be committed to the repository.
2150list_intermediate:
2151 @printf '%s\n' $(all_intermediate) | sort
2152# These files should be committed to the repository so that the test data is
2153# available upon checkout without running a randomized process depending on
2154# third-party tools.
2155list_final:
2156 @printf '%s\n' $(all_final) | sort
2157.PHONY: list_intermediate list_final
2158
2159## Remove intermediate files
2160clean:
2161 rm -f $(all_intermediate)
2162## Remove all build products, even the ones that are committed
2163neat: clean
2164 rm -f $(all_final)
2165.PHONY: clean neat
2166
2167.SECONDARY: $(all_intermediate)