TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / refs/heads/better-cf-padding-checks / . / tests / data_files / Makefile
blob: 88f265ce1d6d5e34633ff79035361eb445ee2afe [file] [log] [blame]
Gilles Peskinefd14bca2017-05-11 17:57:22 +0200[diff] [blame]1## This file contains a record of how some of the test data was
2## generated. The final build products are committed to the repository
3## as well to make sure that the test data is identical. You do not
4## need to use this makefile unless you're extending mbed TLS's tests.
Gilles Peskinef040a172017-05-05 18:56:12 +0200[diff] [blame]5
Gilles Peskinefd14bca2017-05-11 17:57:22 +0200[diff] [blame]6## Many data files were generated prior to the existence of this
7## makefile, so the method of their generation was not recorded.
Gilles Peskinef040a172017-05-05 18:56:12 +0200[diff] [blame]8
Gilles Peskinefd14bca2017-05-11 17:57:22 +0200[diff] [blame]9## Note that in addition to depending on the version of the data
10## generation tool, many of the build outputs are randomized, so
11## running this makefile twice would not produce the same results.
12
13## Tools
14OPENSSL ?= openssl
Manuel Pégourié-Gonnard29d60fb2017-06-05 10:20:32 +0200[diff] [blame]15FAKETIME ?= faketime
Hanno Becker418a6222017-09-14 07:51:28 +0100[diff] [blame]16MBEDTLS_CERT_WRITE ?= $(PWD)/../../programs/x509/cert_write
Hanno Becker50cb93a2018-10-08 17:15:28 +0100[diff] [blame]17MBEDTLS_CERT_REQ ?= $(PWD)/../../programs/x509/cert_req
18
Gilles Peskinefd14bca2017-05-11 17:57:22 +0200[diff] [blame]19
20## Build the generated test data. Note that since the final outputs
21## are committed to the repository, this target should do nothing on a
22## fresh checkout. Furthermore, since the generation is randomized,
23## re-running the same targets may result in differing files. The goal
24## of this makefile is primarily to serve as a record of how the
25## targets were generated in the first place.
Gilles Peskinef040a172017-05-05 18:56:12 +0200[diff] [blame]26default: all_final
27
28all_intermediate := # temporary files
29all_final := # files used by tests
30
Gilles Peskinefd14bca2017-05-11 17:57:22 +0200[diff] [blame]31
32
33################################################################
34#### Generate certificates from existing keys
35################################################################
36
Hanno Becker418a6222017-09-14 07:51:28 +0100[diff] [blame]37test_ca_crt = test-ca.crt
Gilles Peskinefd14bca2017-05-11 17:57:22 +0200[diff] [blame]38test_ca_key_file_rsa = test-ca.key
39test_ca_pwd_rsa = PolarSSLTest
40test_ca_config_file = test-ca.opensslconf
41
Hanno Beckerb8377752018-10-31 15:29:19 +0000[diff] [blame]42test-ca.req.sha256: $(test_ca_key_file_rsa)
43 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$(test_ca_key_file_rsa) password=$(test_ca_pwd_rsa) subject_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" md=SHA256
44all_intermediate += test-ca.req.sha256
45
46test-ca.crt: $(test_ca_key_file_rsa) test-ca.req.sha256
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]47 $(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 request_file=test-ca.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144400 not_after=20290210144400 md=SHA1 version=3 output_file=$@
Hanno Beckere21387e2019-03-12 16:49:26 +0000[diff] [blame]48all_final += test-ca.crt
49
50test-ca.crt.der: test-ca.crt
Hanno Becker462c3e52019-01-31 10:55:42 +0000[diff] [blame]51 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
Hanno Beckere21387e2019-03-12 16:49:26 +0000[diff] [blame]52all_final += test-ca.crt.der
53
54test-ca.key.der: $(test_ca_key_file_rsa)
55 $(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER -passin "pass:$(test_ca_pwd_rsa)"
56all_final += test-ca.key.der
Hanno Beckerb8377752018-10-31 15:29:19 +0000[diff] [blame]57
58test-ca-sha1.crt: $(test_ca_key_file_rsa) test-ca.req.sha256
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]59 $(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 request_file=test-ca.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144400 not_after=20290210144400 md=SHA1 version=3 output_file=$@
Gilles Peskinef040a172017-05-05 18:56:12 +0200[diff] [blame]60all_final += test-ca-sha1.crt
Hanno Beckerb8377752018-10-31 15:29:19 +0000[diff] [blame]61
Hanno Beckere21387e2019-03-12 16:49:26 +0000[diff] [blame]62test-ca-sha1.crt.der: test-ca-sha1.crt
63 $(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER
64all_final += test-ca-sha1.crt.der
65
Hanno Beckerb8377752018-10-31 15:29:19 +0000[diff] [blame]66test-ca-sha256.crt: $(test_ca_key_file_rsa) test-ca.req.sha256
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]67 $(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 request_file=test-ca.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144400 not_after=20290210144400 md=SHA256 version=3 output_file=$@
Gilles Peskinef040a172017-05-05 18:56:12 +0200[diff] [blame]68all_final += test-ca-sha256.crt
69
Hanno Beckere21387e2019-03-12 16:49:26 +0000[diff] [blame]70test-ca-sha256.crt.der: test-ca-sha256.crt
71 $(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER
72all_final += test-ca-sha256.crt.der
73
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]74test-ca_utf8.crt: $(test_ca_key_file_rsa)
75 $(OPENSSL) req -x509 -new -nodes -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 3 -config $(test_ca_config_file) -sha1 -days 3653 -utf8 -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test CA" -out $@
76all_final += test-ca_utf8.crt
77
78test-ca_printable.crt: $(test_ca_key_file_rsa)
79 $(OPENSSL) req -x509 -new -nodes -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 3 -config $(test_ca_config_file) -sha1 -days 3653 -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test CA" -out $@
80all_final += test-ca_printable.crt
81
82test-ca_uppercase.crt: $(test_ca_key_file_rsa)
83 $(OPENSSL) req -x509 -new -nodes -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 3 -config $(test_ca_config_file) -sha1 -days 3653 -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test CA" -out $@
84all_final += test-ca_uppercase.crt
85
Manuel Pégourié-Gonnard2d825d42017-07-03 18:06:38 +0200[diff] [blame]86test_ca_key_file_rsa_alt = test-ca-alt.key
87
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]88cert_example_multi.csr: rsa_pkcs1_1024_clear.pem
89 $(OPENSSL) req -new -subj "/C=NL/O=PolarSSL/CN=www.example.com" -set_serial 17 -config $(test_ca_config_file) -extensions dns_alt_names -days 3650 -key rsa_pkcs1_1024_clear.pem -out $@
90
91cert_example_multi.crt: cert_example_multi.csr
92 $(OPENSSL) x509 -req -CA $(test_ca_crt) -CAkey $(test_ca_key_file_rsa) -extfile $(test_ca_config_file) -extensions dns_alt_names -passin "pass:$(test_ca_pwd_rsa)" -set_serial 17 -days 3653 -sha256 -in $< > $@
93
94$(test_ca_key_file_rsa_alt):test-ca.opensslconf
Manuel Pégourié-Gonnard2d825d42017-07-03 18:06:38 +0200[diff] [blame]95 $(OPENSSL) genrsa -out $@ 2048
96test-ca-alt.csr: $(test_ca_key_file_rsa_alt) $(test_ca_config_file)
97 $(OPENSSL) req -new -config $(test_ca_config_file) -key $(test_ca_key_file_rsa_alt) -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test CA" -out $@
98all_intermediate += test-ca-alt.csr
99test-ca-alt.crt: $(test_ca_key_file_rsa_alt) $(test_ca_config_file) test-ca-alt.csr
100 $(OPENSSL) req -x509 -config $(test_ca_config_file) -key $(test_ca_key_file_rsa_alt) -set_serial 0 -days 3653 -sha256 -in test-ca-alt.csr -out $@
101all_final += test-ca-alt.crt
102test-ca-alt-good.crt: test-ca-alt.crt test-ca-sha256.crt
103 cat test-ca-alt.crt test-ca-sha256.crt > $@
104all_final += test-ca-alt-good.crt
105test-ca-good-alt.crt: test-ca-alt.crt test-ca-sha256.crt
106 cat test-ca-sha256.crt test-ca-alt.crt > $@
107all_final += test-ca-good-alt.crt
108
Manuel Pégourié-Gonnardbc313012017-06-27 12:51:52 +0200[diff] [blame]109test_ca_crt_file_ec = test-ca2.crt
110test_ca_key_file_ec = test-ca2.key
111
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]112test-ca2.req.sha256: $(test_ca_key_file_ec)
113 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$(test_ca_key_file_ec) subject_name="C=NL,O=PolarSSL,CN=Polarssl Test EC CA" md=SHA256
114all_intermediate += test-ca2.req.sha256
115
116test-ca2.crt: $(test_ca_key_file_ec) test-ca2.req.sha256
117 $(MBEDTLS_CERT_WRITE) is_ca=1 serial=13926223505202072808 request_file=test-ca2.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=Polarssl Test EC CA" issuer_key=$(test_ca_key_file_ec) not_before=20190210144400 not_after=20290210144400 md=SHA256 version=3 output_file=$@
118all_final += test-ca.crt
119
Ron Eldor74d9acc2019-03-21 14:00:03 +0200[diff] [blame]120test-ca-any_policy.crt: $(test_ca_key_file_rsa) test-ca.req.sha256
121 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_any_policy_ca -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha256 -in test-ca.req.sha256 -out $@
122all_final += test-ca-any_policy.crt
123
124test-ca-any_policy_ec.crt: $(test_ca_key_file_ec) test-ca.req_ec.sha256
125 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_any_policy_ca -key $(test_ca_key_file_ec) -set_serial 0 -days 3653 -sha256 -in test-ca.req_ec.sha256 -out $@
126all_final += test-ca-any_policy_ec.crt
127
128test-ca-any_policy_with_qualifier.crt: $(test_ca_key_file_rsa) test-ca.req.sha256
129 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_any_policy_qualifier_ca -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha256 -in test-ca.req.sha256 -out $@
130all_final += test-ca-any_policy_with_qualifier.crt
131
132test-ca-any_policy_with_qualifier_ec.crt: $(test_ca_key_file_ec) test-ca.req_ec.sha256
133 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_any_policy_qualifier_ca -key $(test_ca_key_file_ec) -set_serial 0 -days 3653 -sha256 -in test-ca.req_ec.sha256 -out $@
134all_final += test-ca-any_policy_with_qualifier_ec.crt
135
136test-ca-multi_policy.crt: $(test_ca_key_file_rsa) test-ca.req.sha256
137 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_multi_policy_ca -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha256 -in test-ca.req.sha256 -out $@
138all_final += test-ca-multi_policy.crt
139
140test-ca-multi_policy_ec.crt: $(test_ca_key_file_ec) test-ca.req_ec.sha256
141 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_multi_policy_ca -key $(test_ca_key_file_ec) -set_serial 0 -days 3653 -sha256 -in test-ca.req_ec.sha256 -out $@
142all_final += test-ca-multi_policy_ec.crt
143
144test-ca-unsupported_policy.crt: $(test_ca_key_file_rsa) test-ca.req.sha256
145 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_unsupported_policy_ca -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha256 -in test-ca.req.sha256 -out $@
146all_final += test-ca-unsupported_policy.crt
147
148test-ca-unsupported_policy_ec.crt: $(test_ca_key_file_ec) test-ca.req_ec.sha256
149 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_unsupported_policy_ca -key $(test_ca_key_file_ec) -set_serial 0 -days 3653 -sha256 -in test-ca.req_ec.sha256 -out $@
150all_final += test-ca-unsupported_policy_ec.crt
151
152test-ca.req_ec.sha256: $(test_ca_key_file_ec)
153 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$(test_ca_key_file_ec) subject_name="C=NL, O=PolarSSL, CN=Polarssl Test EC CA" md=SHA256
154all_intermediate += test-ca.req_ec.sha256
155
Hanno Beckere21387e2019-03-12 16:49:26 +0000[diff] [blame]156test-ca2.crt.der: $(test_ca_crt_file_ec)
157 $(OPENSSL) x509 -in $(test_ca_crt_file_ec) -out $@ -inform PEM -outform DER
158all_final += test-ca2.crt.der
159
160test-ca2.key.der: $(test_ca_key_file_ec)
161 $(OPENSSL) pkey -in $(test_ca_key_file_ec) -out $@ -inform PEM -outform DER
162all_final += test-ca2.key.der
163
Hanno Beckerb9630812018-10-31 16:28:05 +0000[diff] [blame]164test_ca_crt_cat12 = test-ca_cat12.crt
165$(test_ca_crt_cat12): $(test_ca_crt) $(test_ca_crt_file_ec)
166 cat $(test_ca_crt) $(test_ca_crt_file_ec) > $@
167all_final += $(test_ca_crt_cat12)
168
169test_ca_crt_cat21 = test-ca_cat21.crt
170$(test_ca_crt_cat21): $(test_ca_crt) $(test_ca_crt_file_ec)
171 cat $(test_ca_crt_file_ec) $(test_ca_crt) > $@
172all_final += $(test_ca_crt_cat21)
173
Manuel Pégourié-Gonnardbc313012017-06-27 12:51:52 +0200[diff] [blame]174test-int-ca.csr: test-int-ca.key $(test_ca_config_file)
175 $(OPENSSL) req -new -config $(test_ca_config_file) -key test-int-ca.key -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test Intermediate CA" -out $@
176all_intermediate += test-int-ca.csr
Manuel Pégourié-Gonnard7ff243a2017-08-08 18:54:13 +0200[diff] [blame]177test-int-ca-exp.crt: $(test_ca_crt_file_ec) $(test_ca_key_file_ec) $(test_ca_config_file) test-int-ca.csr
Manuel Pégourié-Gonnardbc313012017-06-27 12:51:52 +0200[diff] [blame]178 $(FAKETIME) -f -3653d $(OPENSSL) x509 -req -extfile $(test_ca_config_file) -extensions v3_ca -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) -set_serial 14 -days 3653 -sha256 -in test-int-ca.csr -out $@
179all_final += test-int-ca-exp.crt
180
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]181enco-cert-utf8str.pem: rsa_pkcs1_1024_clear.pem
182 $(MBEDTLS_CERT_WRITE) subject_key=rsa_pkcs1_1024_clear.pem subject_name="CN=dw.yonan.net" issuer_crt=enco-ca-prstr.pem issuer_key=rsa_pkcs1_1024_clear.pem not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@
183
Manuel Pégourié-Gonnardfd3e4fb2018-03-13 11:53:30 +0100[diff] [blame]184crl-idp.pem: $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_config_file)
185 $(OPENSSL) ca -gencrl -batch -cert $(test_ca_crt) -keyfile $(test_ca_key_file_rsa) -key $(test_ca_pwd_rsa) -config $(test_ca_config_file) -name test_ca -md sha256 -crldays 3653 -crlexts crl_ext_idp -out $@
Manuel Pégourié-Gonnarda63305d2018-03-14 12:23:56 +0100[diff] [blame]186all_final += crl-idp.pem
187crl-idpnc.pem: $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_config_file)
188 $(OPENSSL) ca -gencrl -batch -cert $(test_ca_crt) -keyfile $(test_ca_key_file_rsa) -key $(test_ca_pwd_rsa) -config $(test_ca_config_file) -name test_ca -md sha256 -crldays 3653 -crlexts crl_ext_idp_nc -out $@
189all_final += crl-idpnc.pem
Manuel Pégourié-Gonnardfd3e4fb2018-03-13 11:53:30 +0100[diff] [blame]190
Gilles Peskinefd14bca2017-05-11 17:57:22 +0200[diff] [blame]191cli_crt_key_file_rsa = cli-rsa.key
192cli_crt_extensions_file = cli.opensslconf
193
Gilles Peskinef040a172017-05-05 18:56:12 +0200[diff] [blame]194cli-rsa.csr: $(cli_crt_key_file_rsa)
Hanno Becker386f99c2018-11-01 17:20:22 +0000[diff] [blame]195 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Client 2" md=SHA1
Gilles Peskinef040a172017-05-05 18:56:12 +0200[diff] [blame]196all_intermediate += cli-rsa.csr
Hanno Becker386f99c2018-11-01 17:20:22 +0000[diff] [blame]197
198cli-rsa-sha1.crt: cli-rsa.csr
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]199 $(MBEDTLS_CERT_WRITE) request_file=$< serial=4 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@
Hanno Becker386f99c2018-11-01 17:20:22 +0000[diff] [blame]200
201cli-rsa-sha256.crt: cli-rsa.csr
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]202 $(MBEDTLS_CERT_WRITE) request_file=$< serial=4 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA256 version=3 output_file=$@
Gilles Peskinef040a172017-05-05 18:56:12 +0200[diff] [blame]203all_final += cli-rsa-sha256.crt
204
Hanno Beckere21387e2019-03-12 16:49:26 +0000[diff] [blame]205cli-rsa-sha256.crt.der: cli-rsa-sha256.crt
206 $(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER
207all_final += cli-rsa-sha256.crt.der
208
209 cli-rsa.key.der: $(cli_crt_key_file_rsa)
210 $(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER
211all_final += cli-rsa.key.der
212
Manuel Pégourié-Gonnard29d60fb2017-06-05 10:20:32 +0200[diff] [blame]213test_ca_int_rsa1 = test-int-ca.crt
214
215server7.csr: server7.key
216 $(OPENSSL) req -new -key server7.key -subj "/C=NL/O=PolarSSL/CN=localhost" -out $@
217all_intermediate += server7.csr
218server7-expired.crt: server7.csr $(test_ca_int_rsa1)
219 $(FAKETIME) -f -3653d $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA $(test_ca_int_rsa1) -CAkey test-int-ca.key -set_serial 16 -days 3653 -sha256 -in server7.csr | cat - $(test_ca_int_rsa1) > $@
220all_final += server7-expired.crt
221server7-future.crt: server7.csr $(test_ca_int_rsa1)
222 $(FAKETIME) -f +3653d $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA $(test_ca_int_rsa1) -CAkey test-int-ca.key -set_serial 16 -days 3653 -sha256 -in server7.csr | cat - $(test_ca_int_rsa1) > $@
223all_final += server7-future.crt
Manuel Pégourié-Gonnard4dfc04a2017-06-05 11:12:13 +0200[diff] [blame]224server7-badsign.crt: server7.crt $(test_ca_int_rsa1)
Manuel Pégourié-Gonnardd19a41d2017-07-14 11:05:59 +0200[diff] [blame]225 { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; cat $(test_ca_int_rsa1); } > $@
Manuel Pégourié-Gonnard4dfc04a2017-06-05 11:12:13 +0200[diff] [blame]226all_final += server7-badsign.crt
Manuel Pégourié-Gonnardbc313012017-06-27 12:51:52 +0200[diff] [blame]227server7_int-ca-exp.crt: server7.crt test-int-ca-exp.crt
228 cat server7.crt test-int-ca-exp.crt > $@
229all_final += server7_int-ca-exp.crt
230
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]231cli2.req.sha256: cli2.key
232 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Test Client 2" md=SHA256
233
234all_final += server1.req.sha1
235cli2.crt: cli2.req.sha256
236 $(MBEDTLS_CERT_WRITE) request_file=cli2.req.sha256 serial=13 selfsign=0 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test EC CA" issuer_key=$(test_ca_key_file_ec) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144400 not_after=20290210144400 md=SHA256 version=3 output_file=$@
237all_final += cli2.crt
238
Hanno Beckere21387e2019-03-12 16:49:26 +0000[diff] [blame]239cli2.crt.der: cli2.crt
240 $(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER
241all_final += cli2.crt.der
242
Hanno Becker4cbea4b2019-05-30 16:08:12 +0100[diff] [blame]243cli2.key.der: cli2.key
Hanno Beckere21387e2019-03-12 16:49:26 +0000[diff] [blame]244 $(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER
245all_final += cli2.key.der
246
Hanno Becker226eedb2020-08-17 12:14:00 +0100[diff] [blame]247server5_pwd_ec = PolarSSLTest
248
Hanno Becker4cbea4b2019-05-30 16:08:12 +0100[diff] [blame]249server5.crt.der: server5.crt
Hanno Beckere21387e2019-03-12 16:49:26 +0000[diff] [blame]250 $(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER
251all_final += server5.crt.der
252
Hanno Becker4cbea4b2019-05-30 16:08:12 +0100[diff] [blame]253server5.key.der: server5.key
Hanno Beckere21387e2019-03-12 16:49:26 +0000[diff] [blame]254 $(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER
255all_final += server5.key.der
256
Hanno Becker226eedb2020-08-17 12:14:00 +0100[diff] [blame]257server5.key.enc: server5.key
258 $(OPENSSL) ec -aes256 -in $< -out $@ -passout "pass:$(server5_pwd_ec)"
259all_final += server5.key.enc
260
Manuel Pégourié-Gonnardbc313012017-06-27 12:51:52 +0200[diff] [blame]261server5-ss-expired.crt: server5.key
262 $(FAKETIME) -f -3653d $(OPENSSL) req -x509 -new -subj "/C=UK/O=mbed TLS/OU=testsuite/CN=localhost" -days 3653 -sha256 -key $< -out $@
263all_final += server5-ss-expired.crt
264
Manuel Pégourié-Gonnardc10afdb2017-06-29 09:48:08 +0200[diff] [blame]265# try to forge a copy of test-int-ca3 with different key
266server5-ss-forgeca.crt: server5.key
267 $(FAKETIME) '2015-09-01 14:08:43' $(OPENSSL) req -x509 -new -subj "/C=UK/O=mbed TLS/CN=mbed TLS Test intermediate CA 3" -set_serial 77 -config $(test_ca_config_file) -extensions noext_ca -days 3650 -sha256 -key $< -out $@
268all_final += server5-ss-forgeca.crt
269
Ron Eldorb2dc3fa2019-03-21 13:40:13 +0200[diff] [blame]270server5-othername.crt: server5.key
271 $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions othername_san -days 3650 -sha256 -key $< -out $@
272
273server5-unsupported_othername.crt: server5.key
274 $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS unsupported othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions unsupoported_othername_san -days 3650 -sha256 -key $< -out $@
275
Ron Eldor3c4734a2019-03-25 14:05:23 +0200[diff] [blame]276server5-fan.crt: server5.key
277 $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS FAN" -set_serial 77 -config $(test_ca_config_file) -extensions fan_cert -days 3650 -sha256 -key server5.key -out $@
278
Manuel Pégourié-Gonnard7d2a4d82020-07-23 12:39:53 +0200[diff] [blame]279server5-tricky-ip-san.crt: server5.key
280 $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS Tricky IP SAN" -set_serial 77 -config $(test_ca_config_file) -extensions tricky_ip_san -days 3650 -sha256 -key server5.key -out $@
281all_final += server5-tricky-ip-san.crt
282
Manuel Pégourié-Gonnardd19a41d2017-07-14 11:05:59 +0200[diff] [blame]283server10-badsign.crt: server10.crt
284 { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; } > $@
285all_final += server10-badsign.crt
286server10-bs_int3.pem: server10-badsign.crt test-int-ca3.crt
287 cat server10-badsign.crt test-int-ca3.crt > $@
288all_final += server10-bs_int3.pem
289test-int-ca3-badsign.crt: test-int-ca3.crt
290 { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; } > $@
291all_final += test-int-ca3-badsign.crt
292server10_int3-bs.pem: server10.crt test-int-ca3-badsign.crt
293 cat server10.crt test-int-ca3-badsign.crt > $@
Jaeden Amero001626e2019-02-27 11:16:41 +0000[diff] [blame]294all_final += server10_int3-bs.pem
Manuel Pégourié-Gonnardc10afdb2017-06-29 09:48:08 +0200[diff] [blame]295
Ron Eldorb0065182017-10-16 12:40:27 +0300[diff] [blame]296rsa_pkcs1_2048_public.pem: server8.key
Ron Eldor3f2da842017-10-17 15:50:30 +0300[diff] [blame]297 $(OPENSSL) rsa -in $< -outform PEM -RSAPublicKey_out -out $@
298all_final += rsa_pkcs1_2048_public.pem
Gilles Peskineea8d6972017-11-28 17:30:52 +0100[diff] [blame]299
Ron Eldorb0065182017-10-16 12:40:27 +0300[diff] [blame]300rsa_pkcs1_2048_public.der: rsa_pkcs1_2048_public.pem
Ron Eldor3f2da842017-10-17 15:50:30 +0300[diff] [blame]301 $(OPENSSL) rsa -RSAPublicKey_in -in $< -outform DER -RSAPublicKey_out -out $@
302all_final += rsa_pkcs1_2048_public.der
303
304rsa_pkcs8_2048_public.pem: server8.key
305 $(OPENSSL) rsa -in $< -outform PEM -pubout -out $@
306all_final += rsa_pkcs8_2048_public.pem
307
308rsa_pkcs8_2048_public.der: rsa_pkcs8_2048_public.pem
309 $(OPENSSL) rsa -pubin -in $< -outform DER -pubout -out $@
Ron Eldorb0065182017-10-16 12:40:27 +0300[diff] [blame]310all_final += rsa_pkcs8_2048_public.der
Gilles Peskineea8d6972017-11-28 17:30:52 +0100[diff] [blame]311
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]312################################################################
313#### Generate various RSA keys
314################################################################
Gilles Peskinebc70a182017-05-09 15:59:24 +0200[diff] [blame]315
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]316### Password used for PKCS1-encoded encrypted RSA keys
317keys_rsa_basic_pwd = testkey
318
319### Password used for PKCS8-encoded encrypted RSA keys
320keys_rsa_pkcs8_pwd = PolarSSLTest
321
322### Basic 1024-, 2048- and 4096-bit unencrypted RSA keys from which
323### all other encrypted RSA keys are derived.
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]324rsa_pkcs1_1024_clear.pem:
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]325 $(OPENSSL) genrsa -out $@ 1024
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]326all_final += rsa_pkcs1_1024_clear.pem
327rsa_pkcs1_2048_clear.pem:
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]328 $(OPENSSL) genrsa -out $@ 2048
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]329all_final += rsa_pkcs1_2048_clear.pem
330rsa_pkcs1_4096_clear.pem:
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]331 $(OPENSSL) genrsa -out $@ 4096
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]332all_final += rsa_pkcs1_4096_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]333
334###
335### PKCS1-encoded, encrypted RSA keys
336###
337
338### 1024-bit
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]339rsa_pkcs1_1024_des.pem: rsa_pkcs1_1024_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]340 $(OPENSSL) rsa -des -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]341all_final += rsa_pkcs1_1024_des.pem
342rsa_pkcs1_1024_3des.pem: rsa_pkcs1_1024_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]343 $(OPENSSL) rsa -des3 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]344all_final += rsa_pkcs1_1024_3des.pem
345rsa_pkcs1_1024_aes128.pem: rsa_pkcs1_1024_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]346 $(OPENSSL) rsa -aes128 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]347all_final += rsa_pkcs1_1024_aes128.pem
348rsa_pkcs1_1024_aes192.pem: rsa_pkcs1_1024_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]349 $(OPENSSL) rsa -aes192 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]350all_final += rsa_pkcs1_1024_aes192.pem
351rsa_pkcs1_1024_aes256.pem: rsa_pkcs1_1024_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]352 $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]353all_final += rsa_pkcs1_1024_aes256.pem
354keys_rsa_enc_basic_1024: rsa_pkcs1_1024_des.pem rsa_pkcs1_1024_3des.pem rsa_pkcs1_1024_aes128.pem rsa_pkcs1_1024_aes192.pem rsa_pkcs1_1024_aes256.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]355
356# 2048-bit
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]357rsa_pkcs1_2048_des.pem: rsa_pkcs1_2048_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]358 $(OPENSSL) rsa -des -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]359all_final += rsa_pkcs1_2048_des.pem
360rsa_pkcs1_2048_3des.pem: rsa_pkcs1_2048_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]361 $(OPENSSL) rsa -des3 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]362all_final += rsa_pkcs1_2048_3des.pem
363rsa_pkcs1_2048_aes128.pem: rsa_pkcs1_2048_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]364 $(OPENSSL) rsa -aes128 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]365all_final += rsa_pkcs1_2048_aes128.pem
366rsa_pkcs1_2048_aes192.pem: rsa_pkcs1_2048_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]367 $(OPENSSL) rsa -aes192 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]368all_final += rsa_pkcs1_2048_aes192.pem
369rsa_pkcs1_2048_aes256.pem: rsa_pkcs1_2048_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]370 $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]371all_final += rsa_pkcs1_2048_aes256.pem
372keys_rsa_enc_basic_2048: rsa_pkcs1_2048_des.pem rsa_pkcs1_2048_3des.pem rsa_pkcs1_2048_aes128.pem rsa_pkcs1_2048_aes192.pem rsa_pkcs1_2048_aes256.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]373
374# 4096-bit
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]375rsa_pkcs1_4096_des.pem: rsa_pkcs1_4096_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]376 $(OPENSSL) rsa -des -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]377all_final += rsa_pkcs1_4096_des.pem
378rsa_pkcs1_4096_3des.pem: rsa_pkcs1_4096_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]379 $(OPENSSL) rsa -des3 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]380all_final += rsa_pkcs1_4096_3des.pem
381rsa_pkcs1_4096_aes128.pem: rsa_pkcs1_4096_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]382 $(OPENSSL) rsa -aes128 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]383all_final += rsa_pkcs1_4096_aes128.pem
384rsa_pkcs1_4096_aes192.pem: rsa_pkcs1_4096_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]385 $(OPENSSL) rsa -aes192 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]386all_final += rsa_pkcs1_4096_aes192.pem
387rsa_pkcs1_4096_aes256.pem: rsa_pkcs1_4096_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]388 $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]389all_final += rsa_pkcs1_4096_aes256.pem
390keys_rsa_enc_basic_4096: rsa_pkcs1_4096_des.pem rsa_pkcs1_4096_3des.pem rsa_pkcs1_4096_aes128.pem rsa_pkcs1_4096_aes192.pem rsa_pkcs1_4096_aes256.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]391
392###
393### PKCS8-v1 encoded, encrypted RSA keys
394###
395
396### 1024-bit
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]397rsa_pkcs8_pbe_sha1_1024_3des.der: rsa_pkcs1_1024_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]398 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]399all_final += rsa_pkcs8_pbe_sha1_1024_3des.der
400rsa_pkcs8_pbe_sha1_1024_3des.pem: rsa_pkcs1_1024_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]401 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]402all_final += rsa_pkcs8_pbe_sha1_1024_3des.pem
403keys_rsa_enc_pkcs8_v1_1024_3des: rsa_pkcs8_pbe_sha1_1024_3des.pem rsa_pkcs8_pbe_sha1_1024_3des.der
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]404
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]405rsa_pkcs8_pbe_sha1_1024_2des.der: rsa_pkcs1_1024_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]406 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]407all_final += rsa_pkcs8_pbe_sha1_1024_2des.der
408rsa_pkcs8_pbe_sha1_1024_2des.pem: rsa_pkcs1_1024_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]409 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]410all_final += rsa_pkcs8_pbe_sha1_1024_2des.pem
411keys_rsa_enc_pkcs8_v1_1024_2des: rsa_pkcs8_pbe_sha1_1024_2des.pem rsa_pkcs8_pbe_sha1_1024_2des.der
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]412
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]413rsa_pkcs8_pbe_sha1_1024_rc4_128.der: rsa_pkcs1_1024_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]414 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]415all_final += rsa_pkcs8_pbe_sha1_1024_rc4_128.der
416rsa_pkcs8_pbe_sha1_1024_rc4_128.pem: rsa_pkcs1_1024_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]417 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]418all_final += rsa_pkcs8_pbe_sha1_1024_rc4_128.pem
419keys_rsa_enc_pkcs8_v1_1024_rc4_128: rsa_pkcs8_pbe_sha1_1024_rc4_128.pem rsa_pkcs8_pbe_sha1_1024_rc4_128.der
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]420
421keys_rsa_enc_pkcs8_v1_1024: keys_rsa_enc_pkcs8_v1_1024_3des keys_rsa_enc_pkcs8_v1_1024_2des keys_rsa_enc_pkcs8_v1_1024_rc4_128
422
423### 2048-bit
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]424rsa_pkcs8_pbe_sha1_2048_3des.der: rsa_pkcs1_2048_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]425 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]426all_final += rsa_pkcs8_pbe_sha1_2048_3des.der
427rsa_pkcs8_pbe_sha1_2048_3des.pem: rsa_pkcs1_2048_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]428 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]429all_final += rsa_pkcs8_pbe_sha1_2048_3des.pem
430keys_rsa_enc_pkcs8_v1_2048_3des: rsa_pkcs8_pbe_sha1_2048_3des.pem rsa_pkcs8_pbe_sha1_2048_3des.der
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]431
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]432rsa_pkcs8_pbe_sha1_2048_2des.der: rsa_pkcs1_2048_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]433 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]434all_final += rsa_pkcs8_pbe_sha1_2048_2des.der
435rsa_pkcs8_pbe_sha1_2048_2des.pem: rsa_pkcs1_2048_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]436 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]437all_final += rsa_pkcs8_pbe_sha1_2048_2des.pem
438keys_rsa_enc_pkcs8_v1_2048_2des: rsa_pkcs8_pbe_sha1_2048_2des.pem rsa_pkcs8_pbe_sha1_2048_2des.der
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]439
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]440rsa_pkcs8_pbe_sha1_2048_rc4_128.der: rsa_pkcs1_2048_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]441 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]442all_final += rsa_pkcs8_pbe_sha1_2048_rc4_128.der
443rsa_pkcs8_pbe_sha1_2048_rc4_128.pem: rsa_pkcs1_2048_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]444 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]445all_final += rsa_pkcs8_pbe_sha1_2048_rc4_128.pem
446keys_rsa_enc_pkcs8_v1_2048_rc4_128: rsa_pkcs8_pbe_sha1_2048_rc4_128.pem rsa_pkcs8_pbe_sha1_2048_rc4_128.der
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]447
448keys_rsa_enc_pkcs8_v1_2048: keys_rsa_enc_pkcs8_v1_2048_3des keys_rsa_enc_pkcs8_v1_2048_2des keys_rsa_enc_pkcs8_v1_2048_rc4_128
449
450### 4096-bit
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]451rsa_pkcs8_pbe_sha1_4096_3des.der: rsa_pkcs1_4096_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]452 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]453all_final += rsa_pkcs8_pbe_sha1_4096_3des.der
454rsa_pkcs8_pbe_sha1_4096_3des.pem: rsa_pkcs1_4096_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]455 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]456all_final += rsa_pkcs8_pbe_sha1_4096_3des.pem
457keys_rsa_enc_pkcs8_v1_4096_3des: rsa_pkcs8_pbe_sha1_4096_3des.pem rsa_pkcs8_pbe_sha1_4096_3des.der
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]458
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]459rsa_pkcs8_pbe_sha1_4096_2des.der: rsa_pkcs1_4096_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]460 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]461all_final += rsa_pkcs8_pbe_sha1_4096_2des.der
462rsa_pkcs8_pbe_sha1_4096_2des.pem: rsa_pkcs1_4096_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]463 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]464all_final += rsa_pkcs8_pbe_sha1_4096_2des.pem
465keys_rsa_enc_pkcs8_v1_4096_2des: rsa_pkcs8_pbe_sha1_4096_2des.pem rsa_pkcs8_pbe_sha1_4096_2des.der
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]466
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]467rsa_pkcs8_pbe_sha1_4096_rc4_128.der: rsa_pkcs1_4096_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]468 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]469all_final += rsa_pkcs8_pbe_sha1_4096_rc4_128.der
470rsa_pkcs8_pbe_sha1_4096_rc4_128.pem: rsa_pkcs1_4096_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]471 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]472all_final += rsa_pkcs8_pbe_sha1_4096_rc4_128.pem
473keys_rsa_enc_pkcs8_v1_4096_rc4_128: rsa_pkcs8_pbe_sha1_4096_rc4_128.pem rsa_pkcs8_pbe_sha1_4096_rc4_128.der
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]474
475keys_rsa_enc_pkcs8_v1_4096: keys_rsa_enc_pkcs8_v1_4096_3des keys_rsa_enc_pkcs8_v1_4096_2des keys_rsa_enc_pkcs8_v1_4096_rc4_128
476
477###
Antonio Quartullif476b9d2018-02-01 13:54:13 +0800[diff] [blame]478### PKCS8-v2 encoded, encrypted RSA keys, no PRF specified (default for OpenSSL1.0: hmacWithSHA1)
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]479###
480
481### 1024-bit
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]482rsa_pkcs8_pbes2_pbkdf2_1024_3des.der: rsa_pkcs1_1024_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]483 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]484all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des.der
485rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem: rsa_pkcs1_1024_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]486 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]487all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem
488keys_rsa_enc_pkcs8_v2_1024_3des: rsa_pkcs8_pbes2_pbkdf2_1024_3des.der rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]489
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]490rsa_pkcs8_pbes2_pbkdf2_1024_des.der: rsa_pkcs1_1024_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]491 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]492all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des.der
493rsa_pkcs8_pbes2_pbkdf2_1024_des.pem: rsa_pkcs1_1024_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]494 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]495all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des.pem
496keys_rsa_enc_pkcs8_v2_1024_des: rsa_pkcs8_pbes2_pbkdf2_1024_des.der rsa_pkcs8_pbes2_pbkdf2_1024_des.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]497
498keys_rsa_enc_pkcs8_v2_1024: keys_rsa_enc_pkcs8_v2_1024_3des keys_rsa_enc_pkcs8_v2_1024_des
499
500### 2048-bit
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]501rsa_pkcs8_pbes2_pbkdf2_2048_3des.der: rsa_pkcs1_2048_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]502 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]503all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des.der
504rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem: rsa_pkcs1_2048_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]505 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]506all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem
507keys_rsa_enc_pkcs8_v2_2048_3des: rsa_pkcs8_pbes2_pbkdf2_2048_3des.der rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]508
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]509rsa_pkcs8_pbes2_pbkdf2_2048_des.der: rsa_pkcs1_2048_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]510 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]511all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des.der
512rsa_pkcs8_pbes2_pbkdf2_2048_des.pem: rsa_pkcs1_2048_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]513 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]514all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des.pem
515keys_rsa_enc_pkcs8_v2_2048_des: rsa_pkcs8_pbes2_pbkdf2_2048_des.der rsa_pkcs8_pbes2_pbkdf2_2048_des.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]516
517keys_rsa_enc_pkcs8_v2_2048: keys_rsa_enc_pkcs8_v2_2048_3des keys_rsa_enc_pkcs8_v2_2048_des
518
519### 4096-bit
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]520rsa_pkcs8_pbes2_pbkdf2_4096_3des.der: rsa_pkcs1_4096_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]521 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]522all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des.der
523rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem: rsa_pkcs1_4096_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]524 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]525all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem
526keys_rsa_enc_pkcs8_v2_4096_3des: rsa_pkcs8_pbes2_pbkdf2_4096_3des.der rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]527
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]528rsa_pkcs8_pbes2_pbkdf2_4096_des.der: rsa_pkcs1_4096_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]529 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]530all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des.der
531rsa_pkcs8_pbes2_pbkdf2_4096_des.pem: rsa_pkcs1_4096_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]532 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]533all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des.pem
534keys_rsa_enc_pkcs8_v2_4096_des: rsa_pkcs8_pbes2_pbkdf2_4096_des.der rsa_pkcs8_pbes2_pbkdf2_4096_des.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]535
536keys_rsa_enc_pkcs8_v2_4096: keys_rsa_enc_pkcs8_v2_4096_3des keys_rsa_enc_pkcs8_v2_4096_des
537
538###
Antonio Quartullif476b9d2018-02-01 13:54:13 +0800[diff] [blame]539### PKCS8-v2 encoded, encrypted RSA keys, PRF hmacWithSHA224
540###
541
542### 1024-bit
543rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der: rsa_pkcs1_1024_clear.pem
544 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
545all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der
546rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem: rsa_pkcs1_1024_clear.pem
547 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
548all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem
549keys_rsa_enc_pkcs8_v2_1024_3des_sha224: rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem
550
551rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der: rsa_pkcs1_1024_clear.pem
552 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
553all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der
554rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem: rsa_pkcs1_1024_clear.pem
555 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
556all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem
557keys_rsa_enc_pkcs8_v2_1024_des_sha224: rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem
558
559keys_rsa_enc_pkcs8_v2_1024_sha224: keys_rsa_enc_pkcs8_v2_1024_3des_sha224 keys_rsa_enc_pkcs8_v2_1024_des_sha224
560
561### 2048-bit
562rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der: rsa_pkcs1_2048_clear.pem
563 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
564all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der
565rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem: rsa_pkcs1_2048_clear.pem
566 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
567all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem
568keys_rsa_enc_pkcs8_v2_2048_3des_sha224: rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem
569
570rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der: rsa_pkcs1_2048_clear.pem
571 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
572all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der
573rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem: rsa_pkcs1_2048_clear.pem
574 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
575all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem
576keys_rsa_enc_pkcs8_v2_2048_des_sha224: rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem
577
578keys_rsa_enc_pkcs8_v2_2048_sha224: keys_rsa_enc_pkcs8_v2_2048_3des_sha224 keys_rsa_enc_pkcs8_v2_2048_des_sha224
579
580### 4096-bit
581rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der: rsa_pkcs1_4096_clear.pem
582 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
583all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der
584rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem: rsa_pkcs1_4096_clear.pem
585 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
586all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem
587keys_rsa_enc_pkcs8_v2_4096_3des_sha224: rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem
588
589rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der: rsa_pkcs1_4096_clear.pem
590 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
591all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der
592rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem: rsa_pkcs1_4096_clear.pem
593 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
594all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem
595keys_rsa_enc_pkcs8_v2_4096_des_sha224: rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem
596
597keys_rsa_enc_pkcs8_v2_4096_sha224: keys_rsa_enc_pkcs8_v2_4096_3des_sha224 keys_rsa_enc_pkcs8_v2_4096_des_sha224
598
599###
600### PKCS8-v2 encoded, encrypted RSA keys, PRF hmacWithSHA256
601###
602
603### 1024-bit
604rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.der: rsa_pkcs1_1024_clear.pem
605 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
606all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.der
607rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.pem: rsa_pkcs1_1024_clear.pem
608 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
609all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.pem
610keys_rsa_enc_pkcs8_v2_1024_3des_sha256: rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.der rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.pem
611
612rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.der: rsa_pkcs1_1024_clear.pem
613 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
614all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.der
615rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.pem: rsa_pkcs1_1024_clear.pem
616 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
617all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.pem
618keys_rsa_enc_pkcs8_v2_1024_des_sha256: rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.der rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.pem
619
620keys_rsa_enc_pkcs8_v2_1024_sha256: keys_rsa_enc_pkcs8_v2_1024_3des_sha256 keys_rsa_enc_pkcs8_v2_1024_des_sha256
621
622### 2048-bit
623rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.der: rsa_pkcs1_2048_clear.pem
624 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
625all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.der
626rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem: rsa_pkcs1_2048_clear.pem
627 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
628all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem
629keys_rsa_enc_pkcs8_v2_2048_3des_sha256: rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.der rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem
630
631rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.der: rsa_pkcs1_2048_clear.pem
632 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
633all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.der
634rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem: rsa_pkcs1_2048_clear.pem
635 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
636all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem
637keys_rsa_enc_pkcs8_v2_2048_des_sha256: rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.der rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem
638
639keys_rsa_enc_pkcs8_v2_2048_sha256: keys_rsa_enc_pkcs8_v2_2048_3des_sha256 keys_rsa_enc_pkcs8_v2_2048_des_sha256
640
641### 4096-bit
642rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der: rsa_pkcs1_4096_clear.pem
643 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
644all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der
645rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem: rsa_pkcs1_4096_clear.pem
646 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
647all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem
648keys_rsa_enc_pkcs8_v2_4096_3des_sha256: rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem
649
650rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der: rsa_pkcs1_4096_clear.pem
651 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
652all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der
653rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem: rsa_pkcs1_4096_clear.pem
654 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
655all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem
656keys_rsa_enc_pkcs8_v2_4096_des_sha256: rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem
657
658keys_rsa_enc_pkcs8_v2_4096_sha256: keys_rsa_enc_pkcs8_v2_4096_3des_sha256 keys_rsa_enc_pkcs8_v2_4096_des_sha256
659
660###
661### PKCS8-v2 encoded, encrypted RSA keys, PRF hmacWithSHA384
662###
663
664### 1024-bit
665rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.der: rsa_pkcs1_1024_clear.pem
666 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
667all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.der
668rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem: rsa_pkcs1_1024_clear.pem
669 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
670all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem
671keys_rsa_enc_pkcs8_v2_1024_3des_sha384: rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.der rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem
672
673rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.der: rsa_pkcs1_1024_clear.pem
674 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
675all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.der
676rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.pem: rsa_pkcs1_1024_clear.pem
677 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
678all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.pem
679keys_rsa_enc_pkcs8_v2_1024_des_sha384: rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.der rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.pem
680
681keys_rsa_enc_pkcs8_v2_1024_sha384: keys_rsa_enc_pkcs8_v2_1024_3des_sha384 keys_rsa_enc_pkcs8_v2_1024_des_sha384
682
683### 2048-bit
684rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der: rsa_pkcs1_2048_clear.pem
685 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
686all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der
687rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem: rsa_pkcs1_2048_clear.pem
688 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
689all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem
690keys_rsa_enc_pkcs8_v2_2048_3des_sha384: rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem
691
692rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der: rsa_pkcs1_2048_clear.pem
693 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
694all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der
695rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem: rsa_pkcs1_2048_clear.pem
696 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
697all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem
698keys_rsa_enc_pkcs8_v2_2048_des_sha384: rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem
699
700keys_rsa_enc_pkcs8_v2_2048_sha384: keys_rsa_enc_pkcs8_v2_2048_3des_sha384 keys_rsa_enc_pkcs8_v2_2048_des_sha384
701
702### 4096-bit
703rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der: rsa_pkcs1_4096_clear.pem
704 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
705all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der
706rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem: rsa_pkcs1_4096_clear.pem
707 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
708all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem
709keys_rsa_enc_pkcs8_v2_4096_3des_sha384: rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem
710
711rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der: rsa_pkcs1_4096_clear.pem
712 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
713all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der
714rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem: rsa_pkcs1_4096_clear.pem
715 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
716all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem
717keys_rsa_enc_pkcs8_v2_4096_des_sha384: rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem
718
719keys_rsa_enc_pkcs8_v2_4096_sha384: keys_rsa_enc_pkcs8_v2_4096_3des_sha384 keys_rsa_enc_pkcs8_v2_4096_des_sha384
720
721###
722### PKCS8-v2 encoded, encrypted RSA keys, PRF hmacWithSHA512
723###
724
725### 1024-bit
726rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.der: rsa_pkcs1_1024_clear.pem
727 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
728all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.der
729rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.pem: rsa_pkcs1_1024_clear.pem
730 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
731all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.pem
732keys_rsa_enc_pkcs8_v2_1024_3des_sha512: rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.der rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.pem
733
734rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.der: rsa_pkcs1_1024_clear.pem
735 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
736all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.der
737rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.pem: rsa_pkcs1_1024_clear.pem
738 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
739all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.pem
740keys_rsa_enc_pkcs8_v2_1024_des_sha512: rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.der rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.pem
741
742keys_rsa_enc_pkcs8_v2_1024_sha512: keys_rsa_enc_pkcs8_v2_1024_3des_sha512 keys_rsa_enc_pkcs8_v2_1024_des_sha512
743
744### 2048-bit
745rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.der: rsa_pkcs1_2048_clear.pem
746 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
747all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.der
748rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem: rsa_pkcs1_2048_clear.pem
749 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
750all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem
751keys_rsa_enc_pkcs8_v2_2048_3des_sha512: rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.der rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem
752
753rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.der: rsa_pkcs1_2048_clear.pem
754 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
755all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.der
756rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem: rsa_pkcs1_2048_clear.pem
757 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
758all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem
759keys_rsa_enc_pkcs8_v2_2048_des_sha512: rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.der rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem
760
761keys_rsa_enc_pkcs8_v2_2048_sha512: keys_rsa_enc_pkcs8_v2_2048_3des_sha512 keys_rsa_enc_pkcs8_v2_2048_des_sha512
762
763### 4096-bit
764rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der: rsa_pkcs1_4096_clear.pem
765 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
766all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der
767rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem: rsa_pkcs1_4096_clear.pem
768 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
769all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem
770keys_rsa_enc_pkcs8_v2_4096_3des_sha512: rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem
771
772rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der: rsa_pkcs1_4096_clear.pem
773 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
774all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der
775rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem: rsa_pkcs1_4096_clear.pem
776 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
777all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem
778keys_rsa_enc_pkcs8_v2_4096_des_sha512: rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem
779
780keys_rsa_enc_pkcs8_v2_4096_sha512: keys_rsa_enc_pkcs8_v2_4096_3des_sha512 keys_rsa_enc_pkcs8_v2_4096_des_sha512
781
782###
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]783### Rules to generate all RSA keys from a particular class
784###
785
786### Generate basic unencrypted RSA keys
Hanno Becker08a36dd2017-09-29 20:05:23 +0100[diff] [blame]787keys_rsa_unenc: rsa_pkcs1_1024_clear.pem rsa_pkcs1_2048_clear.pem rsa_pkcs1_4096_clear.pem
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]788
789### Generate PKCS1-encoded encrypted RSA keys
790keys_rsa_enc_basic: keys_rsa_enc_basic_1024 keys_rsa_enc_basic_2048 keys_rsa_enc_basic_4096
791
792### Generate PKCS8-v1 encrypted RSA keys
793keys_rsa_enc_pkcs8_v1: keys_rsa_enc_pkcs8_v1_1024 keys_rsa_enc_pkcs8_v1_2048 keys_rsa_enc_pkcs8_v1_4096
794
795### Generate PKCS8-v2 encrypted RSA keys
Antonio Quartullif476b9d2018-02-01 13:54:13 +0800[diff] [blame]796keys_rsa_enc_pkcs8_v2: keys_rsa_enc_pkcs8_v2_1024 keys_rsa_enc_pkcs8_v2_2048 keys_rsa_enc_pkcs8_v2_4096 keys_rsa_enc_pkcs8_v2_1024_sha224 keys_rsa_enc_pkcs8_v2_2048_sha224 keys_rsa_enc_pkcs8_v2_4096_sha224 keys_rsa_enc_pkcs8_v2_1024_sha256 keys_rsa_enc_pkcs8_v2_2048_sha256 keys_rsa_enc_pkcs8_v2_4096_sha256 keys_rsa_enc_pkcs8_v2_1024_sha384 keys_rsa_enc_pkcs8_v2_2048_sha384 keys_rsa_enc_pkcs8_v2_4096_sha384 keys_rsa_enc_pkcs8_v2_1024_sha512 keys_rsa_enc_pkcs8_v2_2048_sha512 keys_rsa_enc_pkcs8_v2_4096_sha512
Hanno Beckerd16f6122017-09-05 09:23:50 +0100[diff] [blame]797
798### Generate all RSA keys
799keys_rsa_all: keys_rsa_unenc keys_rsa_enc_basic keys_rsa_enc_pkcs8_v1 keys_rsa_enc_pkcs8_v2
800
Jethro Beekmand2df9362018-02-16 13:11:04 -0800[diff] [blame]801################################################################
802#### Generate various EC keys
803################################################################
Gilles Peskineea8d6972017-11-28 17:30:52 +0100[diff] [blame]804
Jethro Beekmand2df9362018-02-16 13:11:04 -0800[diff] [blame]805###
806### PKCS8 encoded
807###
808
809ec_prv.pk8.der:
810 $(OPENSSL) genpkey -algorithm EC -pkeyopt ec_paramgen_curve:prime192v1 -pkeyopt ec_param_enc:named_curve -out $@ -outform DER
811all_final += ec_prv.pk8.der
812
813# ### Instructions for creating `ec_prv.pk8nopub.der`,
814# ### `ec_prv.pk8nopubparam.der`, and `ec_prv.pk8param.der` by hand from
815# ### `ec_prv.pk8.der`.
816#
817# These instructions assume you are familiar with ASN.1 DER encoding and can
818# use a hex editor to manipulate DER.
819#
820# The relevant ASN.1 definitions for a PKCS#8 encoded Elliptic Curve key are:
821#
822# PrivateKeyInfo ::= SEQUENCE {
823# version Version,
824# privateKeyAlgorithm PrivateKeyAlgorithmIdentifier,
825# privateKey PrivateKey,
826# attributes [0] IMPLICIT Attributes OPTIONAL
827# }
828#
829# AlgorithmIdentifier ::= SEQUENCE {
830# algorithm OBJECT IDENTIFIER,
831# parameters ANY DEFINED BY algorithm OPTIONAL
832# }
833#
834# ECParameters ::= CHOICE {
835# namedCurve OBJECT IDENTIFIER
836# -- implicitCurve NULL
837# -- specifiedCurve SpecifiedECDomain
838# }
839#
840# ECPrivateKey ::= SEQUENCE {
841# version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
842# privateKey OCTET STRING,
843# parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
844# publicKey [1] BIT STRING OPTIONAL
845# }
846#
847# `ec_prv.pk8.der` as generatde above by OpenSSL should have the following
848# fields:
849#
850# * privateKeyAlgorithm namedCurve
851# * privateKey.parameters NOT PRESENT
852# * privateKey.publicKey PRESENT
853# * attributes NOT PRESENT
854#
855# # ec_prv.pk8nopub.der
856#
857# Take `ec_prv.pk8.der` and remove `privateKey.publicKey`.
858#
859# # ec_prv.pk8nopubparam.der
860#
861# Take `ec_prv.pk8nopub.der` and add `privateKey.parameters`, the same value as
862# `privateKeyAlgorithm.namedCurve`. Don't forget to add the explicit tag.
863#
864# # ec_prv.pk8param.der
865#
866# Take `ec_prv.pk8.der` and add `privateKey.parameters`, the same value as
867# `privateKeyAlgorithm.namedCurve`. Don't forget to add the explicit tag.
868
869ec_prv.pk8.pem: ec_prv.pk8.der
870 $(OPENSSL) pkey -in $< -inform DER -out $@
871all_final += ec_prv.pk8.pem
872ec_prv.pk8nopub.pem: ec_prv.pk8nopub.der
873 $(OPENSSL) pkey -in $< -inform DER -out $@
874all_final += ec_prv.pk8nopub.pem
875ec_prv.pk8nopubparam.pem: ec_prv.pk8nopubparam.der
876 $(OPENSSL) pkey -in $< -inform DER -out $@
877all_final += ec_prv.pk8nopubparam.pem
878ec_prv.pk8param.pem: ec_prv.pk8param.der
879 $(OPENSSL) pkey -in $< -inform DER -out $@
880all_final += ec_prv.pk8param.pem
Gilles Peskineea8d6972017-11-28 17:30:52 +0100[diff] [blame]881
882################################################################
Hanno Becker50cb93a2018-10-08 17:15:28 +0100[diff] [blame]883### Generate CSRs for X.509 write test suite
884################################################################
885
886server1.req.sha1: server1.key
887 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1
888all_final += server1.req.sha1
889
890server1.req.md4: server1.key
891 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=MD4
892all_final += server1.req.md4
893
894server1.req.md5: server1.key
895 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=MD5
896all_final += server1.req.md5
897
898server1.req.sha224: server1.key
899 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA224
900all_final += server1.req.sha224
901
902server1.req.sha256: server1.key
903 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA256
904all_final += server1.req.sha256
905
906server1.req.sha384: server1.key
907 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA384
908all_final += server1.req.sha384
909
910server1.req.sha512: server1.key
911 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA512
912all_final += server1.req.sha512
913
914server1.req.cert_type: server1.key
915 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< ns_cert_type=ssl_server subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1
916all_final += server1.req.cert_type
917
918server1.req.key_usage: server1.key
919 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< key_usage=digital_signature,non_repudiation,key_encipherment subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1
920all_final += server1.req.key_usage
921
922server1.req.ku-ct: server1.key
923 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< key_usage=digital_signature,non_repudiation,key_encipherment ns_cert_type=ssl_server subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1
924all_final += server1.req.ku-ct
925
Andres Amaya Garcia7067f812018-09-26 10:51:16 +0100[diff] [blame]926server1.req.key_usage_empty: server1.key
927 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 force_key_usage=1
928all_final += server1.req.key_usage_empty
929
930server1.req.cert_type_empty: server1.key
931 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 force_ns_cert_type=1
932all_final += server1.req.cert_type_empty
933
Hanno Beckerebc1f402018-10-31 16:35:59 +0000[diff] [blame]934# server2*
935
Hanno Becker226eedb2020-08-17 12:14:00 +0100[diff] [blame]936server2_pwd_ec = PolarSSLTest
937
Hanno Beckerebc1f402018-10-31 16:35:59 +0000[diff] [blame]938server2.req.sha256: server2.key
939 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=localhost" md=SHA256
940all_intermediate += server2.req.sha256
941
Hanno Beckere21387e2019-03-12 16:49:26 +0000[diff] [blame]942server2.crt.der: server2.crt
943 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
944all_final += server2.crt.der
945
946server2-sha256.crt.der: server2-sha256.crt
947 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
948all_final += server2-sha256.crt.der
949
950server2.key.der: server2.key
951 $(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER
952all_final += server2.key.der
953
Hanno Becker226eedb2020-08-17 12:14:00 +0100[diff] [blame]954server2.key.enc: server2.key
955 $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(server2_pwd_ec)"
956all_final += server2.key.enc
957
Hanno Becker0dd11392018-11-02 08:56:15 +0000[diff] [blame]958# server5*
959
960# The use of 'Server 1' in the DN is intentional here, as the DN is hardcoded in the x509_write test suite.'
961server5.req.ku.sha1: server5.key
962 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< key_usage=digital_signature,non_repudiation subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1
963all_final += server5.req.ku.sha1
964
Hanno Becker50cb93a2018-10-08 17:15:28 +0100[diff] [blame]965################################################################
Hanno Becker418a6222017-09-14 07:51:28 +0100[diff] [blame]966### Generate certificates for CRT write check tests
Gilles Peskineea8d6972017-11-28 17:30:52 +0100[diff] [blame]967################################################################
968
Hanno Becker418a6222017-09-14 07:51:28 +0100[diff] [blame]969### The test files use the Mbed TLS generated certificates server1*.crt,
970### but for comparison with OpenSSL also rules for OpenSSL-generated
971### certificates server1*.crt.openssl are offered.
972###
973### Known differences:
974### * OpenSSL encodes trailing zero-bits in bit-strings occurring in X.509 extension
975### as unused bits, while Mbed TLS doesn't.
Gilles Peskinef040a172017-05-05 18:56:12 +0200[diff] [blame]976
Hanno Becker418a6222017-09-14 07:51:28 +0100[diff] [blame]977test_ca_server1_db = test-ca.server1.db
978test_ca_server1_serial = test-ca.server1.serial
979test_ca_server1_config_file = test-ca.server1.opensslconf
980
Hanno Becker50cb93a2018-10-08 17:15:28 +0100[diff] [blame]981# server1*
Hanno Becker418a6222017-09-14 07:51:28 +0100[diff] [blame]982
Hanno Becker50cb93a2018-10-08 17:15:28 +0100[diff] [blame]983server1.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]984 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@
Hanno Becker50cb93a2018-10-08 17:15:28 +0100[diff] [blame]985server1.noauthid.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]986 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 authority_identifier=0 version=3 output_file=$@
Hanno Becker58fc28c2019-03-14 13:33:20 +0000[diff] [blame]987server1.crt.der: server1.crt
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]988 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 authority_identifier=0 version=3 output_file=$@
989server1.der: server1.crt
Hanno Becker418a6222017-09-14 07:51:28 +0100[diff] [blame]990 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
Hanno Becker58fc28c2019-03-14 13:33:20 +0000[diff] [blame]991all_final += server1.crt server1.noauthid.crt server1.crt.der
Hanno Becker418a6222017-09-14 07:51:28 +0100[diff] [blame]992
Hanno Becker50cb93a2018-10-08 17:15:28 +0100[diff] [blame]993server1.key_usage.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]994 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 key_usage=digital_signature,non_repudiation,key_encipherment version=3 output_file=$@
Hanno Becker50cb93a2018-10-08 17:15:28 +0100[diff] [blame]995server1.key_usage_noauthid.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]996 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 key_usage=digital_signature,non_repudiation,key_encipherment authority_identifier=0 version=3 output_file=$@
Hanno Becker418a6222017-09-14 07:51:28 +0100[diff] [blame]997server1.key_usage.der: server1.key_usage.crt
998 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
999all_final += server1.key_usage.crt server1.key_usage_noauthid.crt server1.key_usage.der
1000
Hanno Becker50cb93a2018-10-08 17:15:28 +0100[diff] [blame]1001server1.cert_type.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]1002 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 ns_cert_type=ssl_server version=3 output_file=$@
Hanno Becker50cb93a2018-10-08 17:15:28 +0100[diff] [blame]1003server1.cert_type_noauthid.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]1004 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 ns_cert_type=ssl_server authority_identifier=0 version=3 output_file=$@
Hanno Becker418a6222017-09-14 07:51:28 +0100[diff] [blame]1005server1.cert_type.der: server1.cert_type.crt
1006 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
1007all_final += server1.cert_type.crt server1.cert_type_noauthid.crt server1.cert_type.der
1008
Hanno Becker50cb93a2018-10-08 17:15:28 +0100[diff] [blame]1009server1.v1.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]1010 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 version=1 output_file=$@
Hanno Becker418a6222017-09-14 07:51:28 +0100[diff] [blame]1011server1.v1.der: server1.v1.crt
1012 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
1013all_final += server1.v1.crt server1.v1.der
1014
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]1015server1_ca.crt: server1.crt $(test_ca_crt)
1016 cat server1.crt $(test_ca_crt) > $@
1017all_final += server1_ca.crt
1018
1019cert_sha1.crt: server1.key
1020 $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=PolarSSL Cert SHA1" serial=7 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@
1021all_final += cert_sha1.crt
1022
1023cert_sha224.crt: server1.key
1024 $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=PolarSSL Cert SHA224" serial=8 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA224 version=3 output_file=$@
1025all_final += cert_sha224.crt
1026
1027cert_sha256.crt: server1.key
1028 $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=PolarSSL Cert SHA256" serial=9 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA256 version=3 output_file=$@
1029all_final += cert_sha256.crt
1030
1031cert_sha384.crt: server1.key
1032 $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=PolarSSL Cert SHA384" serial=10 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA384 version=3 output_file=$@
1033all_final += cert_sha384.crt
1034
1035cert_sha512.crt: server1.key
1036 $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=PolarSSL Cert SHA512" serial=11 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA512 version=3 output_file=$@
1037all_final += cert_sha512.crt
1038
1039cert_example_wildcard.crt: server1.key
1040 $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=*.example.com" serial=12 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@
1041all_final += cert_example_wildcard.crt
1042
Hanno Becker418a6222017-09-14 07:51:28 +0100[diff] [blame]1043# OpenSSL-generated certificates for comparison
Hanno Becker81535d02017-09-13 15:39:59 +0100[diff] [blame]1044# Also provide certificates in DER format to allow
Hanno Becker418a6222017-09-14 07:51:28 +0100[diff] [blame]1045# direct binary comparison using e.g. dumpasn1
Hanno Becker50cb93a2018-10-08 17:15:28 +0100[diff] [blame]1046server1.crt.openssl server1.key_usage.crt.openssl server1.cert_type.crt.openssl: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_server1_config_file)
Hanno Becker418a6222017-09-14 07:51:28 +0100[diff] [blame]1047 echo "01" > $(test_ca_server1_serial)
1048 rm -f $(test_ca_server1_db)
1049 touch $(test_ca_server1_db)
Hanno Becker50cb93a2018-10-08 17:15:28 +0100[diff] [blame]1050 $(OPENSSL) ca -batch -passin "pass:$(test_ca_pwd_rsa)" -config $(test_ca_server1_config_file) -in server1.req.sha256 -extensions v3_ext -extfile $@.v3_ext -out $@
Hanno Becker418a6222017-09-14 07:51:28 +0100[diff] [blame]1051server1.der.openssl: server1.crt.openssl
1052 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
1053server1.key_usage.der.openssl: server1.key_usage.crt.openssl
1054 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
1055server1.cert_type.der.openssl: server1.cert_type.crt.openssl
1056 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
1057
Hanno Becker50cb93a2018-10-08 17:15:28 +0100[diff] [blame]1058server1.v1.crt.openssl: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_server1_config_file)
Hanno Becker418a6222017-09-14 07:51:28 +0100[diff] [blame]1059 echo "01" > $(test_ca_server1_serial)
1060 rm -f $(test_ca_server1_db)
1061 touch $(test_ca_server1_db)
Hanno Becker50cb93a2018-10-08 17:15:28 +0100[diff] [blame]1062 $(OPENSSL) ca -batch -passin "pass:$(test_ca_pwd_rsa)" -config $(test_ca_server1_config_file) -in server1.req.sha256 -out $@
Hanno Becker418a6222017-09-14 07:51:28 +0100[diff] [blame]1063server1.v1.der.openssl: server1.v1.crt.openssl
1064 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
1065
Ron Eldorb7c96262019-02-06 18:48:37 +0200[diff] [blame]1066# To revoke certificate in the openssl database:
1067#
1068# $(OPENSSL) ca -gencrl -batch -cert $(test_ca_crt) -keyfile $(test_ca_key_file_rsa) -key $(test_ca_pwd_rsa) -config $(test_ca_server1_config_file) -md sha256 -crldays 365 -revoke server1.crt
1069
1070crl.pem: $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_config_file)
1071 $(OPENSSL) ca -gencrl -batch -cert $(test_ca_crt) -keyfile $(test_ca_key_file_rsa) -key $(test_ca_pwd_rsa) -config $(test_ca_server1_config_file) -md sha1 -crldays 3653 -out $@
1072
Raoul Strackxa4e86142020-06-15 17:03:13 +0200[diff] [blame]1073crl-futureRevocationDate.pem: $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_config_file) test-ca.server1.future-crl.db test-ca.server1.future-crl.opensslconf
1074 $(FAKETIME) '2028-12-31' $(OPENSSL) ca -gencrl -config test-ca.server1.future-crl.opensslconf -crldays 365 -passin "pass:$(test_ca_pwd_rsa)" -out $@
1075
1076server1_all: crl.pem crl-futureRevocationDate.pem server1.crt server1.noauthid.crt server1.crt.openssl server1.v1.crt server1.v1.crt.openssl server1.key_usage.crt server1.key_usage_noauthid.crt server1.key_usage.crt.openssl server1.cert_type.crt server1.cert_type_noauthid.crt server1.cert_type.crt.openssl server1.der server1.der.openssl server1.v1.der server1.v1.der.openssl server1.key_usage.der server1.key_usage.der.openssl server1.cert_type.der server1.cert_type.der.openssl
Gilles Peskinef040a172017-05-05 18:56:12 +0200[diff] [blame]1077
Hanno Beckerebc1f402018-10-31 16:35:59 +0000[diff] [blame]1078# server2*
1079
1080server2.crt: server2.req.sha256
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]1081 $(MBEDTLS_CERT_WRITE) request_file=server2.req.sha256 serial=2 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@
Hanno Beckere21387e2019-03-12 16:49:26 +0000[diff] [blame]1082all_final += server2.crt
Hanno Beckerebc1f402018-10-31 16:35:59 +0000[diff] [blame]1083
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]1084server2.der: server2.crt
1085 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
1086all_final += server2.crt server2.der
1087
Hanno Beckerebc1f402018-10-31 16:35:59 +0000[diff] [blame]1088server2-sha256.crt: server2.req.sha256
Ron Eldor9eeb8612019-02-12 15:03:42 +0200[diff] [blame]1089 $(MBEDTLS_CERT_WRITE) request_file=server2.req.sha256 serial=2 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA256 version=3 output_file=$@
Hanno Beckerebc1f402018-10-31 16:35:59 +0000[diff] [blame]1090all_final += server2-sha256.crt
1091
Hanno Becker2e0f71f2019-06-03 14:14:04 +0100[diff] [blame]1092# MD2, MD4, MD5 test certificates
Gilles Peskinef040a172017-05-05 18:56:12 +0200[diff] [blame]1093
Hanno Becker2e0f71f2019-06-03 14:14:04 +0100[diff] [blame]1094cert_md_test_key = $(cli_crt_key_file_rsa)
1095
1096cert_md2.csr: $(cert_md_test_key)
1097 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Cert MD2" md=MD2
1098all_intermediate += cert_md2.csr
1099
1100cert_md2.crt: cert_md2.csr
Hanno Becker53756b32019-06-03 14:14:38 +0100[diff] [blame]1101 $(MBEDTLS_CERT_WRITE) request_file=$< serial=9 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20000101121212 not_after=20300101121212 md=MD2 version=3 output_file=$@
Hanno Becker2e0f71f2019-06-03 14:14:04 +0100[diff] [blame]1102all_final += cert_md2.crt
1103
1104cert_md4.csr: $(cert_md_test_key)
1105 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Cert MD4" md=MD4
1106all_intermediate += cert_md4.csr
1107
1108cert_md4.crt: cert_md4.csr
Hanno Becker53756b32019-06-03 14:14:38 +0100[diff] [blame]1109 $(MBEDTLS_CERT_WRITE) request_file=$< serial=5 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20000101121212 not_after=20300101121212 md=MD4 version=3 output_file=$@
Hanno Becker2e0f71f2019-06-03 14:14:04 +0100[diff] [blame]1110all_final += cert_md4.crt
1111
1112cert_md5.csr: $(cert_md_test_key)
1113 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Cert MD5" md=MD5
1114all_intermediate += cert_md5.csr
1115
1116cert_md5.crt: cert_md5.csr
Hanno Becker53756b32019-06-03 14:14:38 +0100[diff] [blame]1117 $(MBEDTLS_CERT_WRITE) request_file=$< serial=6 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20000101121212 not_after=20300101121212 md=MD5 version=3 output_file=$@
Hanno Becker2e0f71f2019-06-03 14:14:04 +0100[diff] [blame]1118all_final += cert_md5.crt
Gilles Peskinef040a172017-05-05 18:56:12 +0200[diff] [blame]1119
1120################################################################
1121#### Meta targets
1122################################################################
1123
1124all_final: $(all_final)
1125all: $(all_intermediate) $(all_final)
1126
Gilles Peskinefd14bca2017-05-11 17:57:22 +0200[diff] [blame]1127.PHONY: default all_final all
Gilles Peskineea8d6972017-11-28 17:30:52 +0100[diff] [blame]1128.PHONY: keys_rsa_all
1129.PHONY: keys_rsa_unenc keys_rsa_enc_basic
1130.PHONY: keys_rsa_enc_pkcs8_v1 keys_rsa_enc_pkcs8_v2
1131.PHONY: keys_rsa_enc_basic_1024 keys_rsa_enc_basic_2048 keys_rsa_enc_basic_4096
1132.PHONY: keys_rsa_enc_pkcs8_v1_1024 keys_rsa_enc_pkcs8_v2_1024
1133.PHONY: keys_rsa_enc_pkcs8_v1_2048 keys_rsa_enc_pkcs8_v2_2048
1134.PHONY: keys_rsa_enc_pkcs8_v1_4096 keys_rsa_enc_pkcs8_v2_4096
1135.PHONY: server1_all
Gilles Peskinefd14bca2017-05-11 17:57:22 +0200[diff] [blame]1136
Gilles Peskinef040a172017-05-05 18:56:12 +0200[diff] [blame]1137# These files should not be committed to the repository.
1138list_intermediate:
1139 @printf '%s\n' $(all_intermediate) | sort
1140# These files should be committed to the repository so that the test data is
1141# available upon checkout without running a randomized process depending on
1142# third-party tools.
1143list_final:
1144 @printf '%s\n' $(all_final) | sort
Gilles Peskinefd14bca2017-05-11 17:57:22 +0200[diff] [blame]1145.PHONY: list_intermediate list_final
Gilles Peskinef040a172017-05-05 18:56:12 +0200[diff] [blame]1146
Gilles Peskinefd14bca2017-05-11 17:57:22 +0200[diff] [blame]1147## Remove intermediate files
Gilles Peskinef040a172017-05-05 18:56:12 +0200[diff] [blame]1148clean:
1149 rm -f $(all_intermediate)
Gilles Peskinefd14bca2017-05-11 17:57:22 +0200[diff] [blame]1150## Remove all build products, even the ones that are committed
Gilles Peskinef040a172017-05-05 18:56:12 +0200[diff] [blame]1151neat: clean
1152 rm -f $(all_final)
Gilles Peskinefd14bca2017-05-11 17:57:22 +0200[diff] [blame]1153.PHONY: clean neat