## This file contains a record of how some of the test data was ## generated. The final build products are committed to the repository ## as well to make sure that the test data is identical. You do not ## need to use this makefile unless you're extending mbed TLS's tests. ## Many data files were generated prior to the existence of this ## makefile, so the method of their generation was not recorded. ## Note that in addition to depending on the version of the data ## generation tool, many of the build outputs are randomized, so ## running this makefile twice would not produce the same results. ## Tools OPENSSL ?= openssl FAKETIME ?= faketime MBEDTLS_CERT_WRITE ?= $(PWD)/../../programs/x509/cert_write ## Build the generated test data. Note that since the final outputs ## are committed to the repository, this target should do nothing on a ## fresh checkout. Furthermore, since the generation is randomized, ## re-running the same targets may result in differing files. The goal ## of this makefile is primarily to serve as a record of how the ## targets were generated in the first place. default: all_final all_intermediate := # temporary files all_final := # files used by tests ################################################################ #### Generate certificates from existing keys ################################################################ test_ca_crt = test-ca.crt test_ca_key_file_rsa = test-ca.key test_ca_pwd_rsa = PolarSSLTest test_ca_config_file = test-ca.opensslconf test-ca.csr: $(test_ca_key_file_rsa) $(test_ca_config_file) $(OPENSSL) req -new -config $(test_ca_config_file) -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test CA" -out $@ all_intermediate += test-ca.csr test-ca-sha1.crt: $(test_ca_key_file_rsa) $(test_ca_config_file) test-ca.csr $(OPENSSL) req -x509 -config $(test_ca_config_file) -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha1 -in test-ca.csr -out $@ all_final += test-ca-sha1.crt test-ca-sha256.crt: $(test_ca_key_file_rsa) $(test_ca_config_file) test-ca.csr $(OPENSSL) req -x509 -config $(test_ca_config_file) -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha256 -in test-ca.csr -out $@ all_final += test-ca-sha256.crt test_ca_key_file_rsa_alt = test-ca-alt.key $(test_ca_key_file_rsa_alt): $(OPENSSL) genrsa -out $@ 2048 test-ca-alt.csr: $(test_ca_key_file_rsa_alt) $(test_ca_config_file) $(OPENSSL) req -new -config $(test_ca_config_file) -key $(test_ca_key_file_rsa_alt) -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test CA" -out $@ all_intermediate += test-ca-alt.csr test-ca-alt.crt: $(test_ca_key_file_rsa_alt) $(test_ca_config_file) test-ca-alt.csr $(OPENSSL) req -x509 -config $(test_ca_config_file) -key $(test_ca_key_file_rsa_alt) -set_serial 0 -days 3653 -sha256 -in test-ca-alt.csr -out $@ all_final += test-ca-alt.crt test-ca-alt-good.crt: test-ca-alt.crt test-ca-sha256.crt cat test-ca-alt.crt test-ca-sha256.crt > $@ all_final += test-ca-alt-good.crt test-ca-good-alt.crt: test-ca-alt.crt test-ca-sha256.crt cat test-ca-sha256.crt test-ca-alt.crt > $@ all_final += test-ca-good-alt.crt test_ca_crt_file_ec = test-ca2.crt test_ca_key_file_ec = test-ca2.key test-int-ca.csr: test-int-ca.key $(test_ca_config_file) $(OPENSSL) req -new -config $(test_ca_config_file) -key test-int-ca.key -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test Intermediate CA" -out $@ all_intermediate += test-int-ca.csr test-int-ca-exp.crt: $(test_ca_crt_file_ec) $(test_ca_key_file_ec) $(test_ca_config_file) test-int-ca.csr $(FAKETIME) -f -3653d $(OPENSSL) x509 -req -extfile $(test_ca_config_file) -extensions v3_ca -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) -set_serial 14 -days 3653 -sha256 -in test-int-ca.csr -out $@ all_final += test-int-ca-exp.crt cli_crt_key_file_rsa = cli-rsa.key cli_crt_extensions_file = cli.opensslconf cli-rsa.csr: $(cli_crt_key_file_rsa) $(OPENSSL) req -new -key $(cli_crt_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -subj "/C=NL/O=PolarSSL/CN=PolarSSL Client 2" -out $@ all_intermediate += cli-rsa.csr cli-rsa-sha1.crt: $(cli_crt_key_file_rsa) test-ca-sha1.crt cli-rsa.csr $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA test-ca-sha1.crt -CAkey $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 4 -days 3653 -sha1 -in cli-rsa.csr -out $@ all_final += cli-rsa-sha1.crt cli-rsa-sha256.crt: $(cli_crt_key_file_rsa) test-ca-sha256.crt cli-rsa.csr $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA test-ca-sha256.crt -CAkey $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 4 -days 3653 -sha256 -in cli-rsa.csr -out $@ all_final += cli-rsa-sha256.crt server2-rsa.csr: server2.key $(OPENSSL) req -new -key server2.key -passin "pass:$(test_ca_pwd_rsa)" -subj "/C=NL/O=PolarSSL/CN=localhost" -out $@ all_intermediate += server2-rsa.csr server2-sha256.crt: server2-rsa.csr $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA test-ca-sha256.crt -CAkey $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 4 -days 3653 -sha256 -in server2-rsa.csr -out $@ all_final += server2-sha256.crt test_ca_int_rsa1 = test-int-ca.crt server7.csr: server7.key $(OPENSSL) req -new -key server7.key -subj "/C=NL/O=PolarSSL/CN=localhost" -out $@ all_intermediate += server7.csr server7-expired.crt: server7.csr $(test_ca_int_rsa1) $(FAKETIME) -f -3653d $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA $(test_ca_int_rsa1) -CAkey test-int-ca.key -set_serial 16 -days 3653 -sha256 -in server7.csr | cat - $(test_ca_int_rsa1) > $@ all_final += server7-expired.crt server7-future.crt: server7.csr $(test_ca_int_rsa1) $(FAKETIME) -f +3653d $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA $(test_ca_int_rsa1) -CAkey test-int-ca.key -set_serial 16 -days 3653 -sha256 -in server7.csr | cat - $(test_ca_int_rsa1) > $@ all_final += server7-future.crt server7-badsign.crt: server7.crt $(test_ca_int_rsa1) { head -n-2 server7.crt; tail -n-2 server7.crt | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; cat test-int-ca.crt; } > server7-badsign.crt all_final += server7-badsign.crt server7_int-ca-exp.crt: server7.crt test-int-ca-exp.crt cat server7.crt test-int-ca-exp.crt > $@ all_final += server7_int-ca-exp.crt server5-ss-expired.crt: server5.key $(FAKETIME) -f -3653d $(OPENSSL) req -x509 -new -subj "/C=UK/O=mbed TLS/OU=testsuite/CN=localhost" -days 3653 -sha256 -key $< -out $@ all_final += server5-ss-expired.crt # try to forge a copy of test-int-ca3 with different key server5-ss-forgeca.crt: server5.key $(FAKETIME) '2015-09-01 14:08:43' $(OPENSSL) req -x509 -new -subj "/C=UK/O=mbed TLS/CN=mbed TLS Test intermediate CA 3" -set_serial 77 -config $(test_ca_config_file) -extensions noext_ca -days 3650 -sha256 -key $< -out $@ all_final += server5-ss-forgeca.crt ################################################################ #### Generate various RSA keys ################################################################ ### Password used for PKCS1-encoded encrypted RSA keys keys_rsa_basic_pwd = testkey ### Password used for PKCS8-encoded encrypted RSA keys keys_rsa_pkcs8_pwd = PolarSSLTest ### Basic 1024-, 2048- and 4096-bit unencrypted RSA keys from which ### all other encrypted RSA keys are derived. rsa_pkcs1_1024_clear.pem: $(OPENSSL) genrsa -out $@ 1024 all_final += rsa_pkcs1_1024_clear.pem rsa_pkcs1_2048_clear.pem: $(OPENSSL) genrsa -out $@ 2048 all_final += rsa_pkcs1_2048_clear.pem rsa_pkcs1_4096_clear.pem: $(OPENSSL) genrsa -out $@ 4096 all_final += rsa_pkcs1_4096_clear.pem ### ### PKCS1-encoded, encrypted RSA keys ### ### 1024-bit rsa_pkcs1_1024_des.pem: rsa_pkcs1_1024_clear.pem $(OPENSSL) rsa -des -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" all_final += rsa_pkcs1_1024_des.pem rsa_pkcs1_1024_3des.pem: rsa_pkcs1_1024_clear.pem $(OPENSSL) rsa -des3 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" all_final += rsa_pkcs1_1024_3des.pem rsa_pkcs1_1024_aes128.pem: rsa_pkcs1_1024_clear.pem $(OPENSSL) rsa -aes128 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" all_final += rsa_pkcs1_1024_aes128.pem rsa_pkcs1_1024_aes192.pem: rsa_pkcs1_1024_clear.pem $(OPENSSL) rsa -aes192 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" all_final += rsa_pkcs1_1024_aes192.pem rsa_pkcs1_1024_aes256.pem: rsa_pkcs1_1024_clear.pem $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" all_final += rsa_pkcs1_1024_aes256.pem keys_rsa_enc_basic_1024: rsa_pkcs1_1024_des.pem rsa_pkcs1_1024_3des.pem rsa_pkcs1_1024_aes128.pem rsa_pkcs1_1024_aes192.pem rsa_pkcs1_1024_aes256.pem # 2048-bit rsa_pkcs1_2048_des.pem: rsa_pkcs1_2048_clear.pem $(OPENSSL) rsa -des -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" all_final += rsa_pkcs1_2048_des.pem rsa_pkcs1_2048_3des.pem: rsa_pkcs1_2048_clear.pem $(OPENSSL) rsa -des3 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" all_final += rsa_pkcs1_2048_3des.pem rsa_pkcs1_2048_aes128.pem: rsa_pkcs1_2048_clear.pem $(OPENSSL) rsa -aes128 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" all_final += rsa_pkcs1_2048_aes128.pem rsa_pkcs1_2048_aes192.pem: rsa_pkcs1_2048_clear.pem $(OPENSSL) rsa -aes192 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" all_final += rsa_pkcs1_2048_aes192.pem rsa_pkcs1_2048_aes256.pem: rsa_pkcs1_2048_clear.pem $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" all_final += rsa_pkcs1_2048_aes256.pem keys_rsa_enc_basic_2048: rsa_pkcs1_2048_des.pem rsa_pkcs1_2048_3des.pem rsa_pkcs1_2048_aes128.pem rsa_pkcs1_2048_aes192.pem rsa_pkcs1_2048_aes256.pem # 4096-bit rsa_pkcs1_4096_des.pem: rsa_pkcs1_4096_clear.pem $(OPENSSL) rsa -des -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" all_final += rsa_pkcs1_4096_des.pem rsa_pkcs1_4096_3des.pem: rsa_pkcs1_4096_clear.pem $(OPENSSL) rsa -des3 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" all_final += rsa_pkcs1_4096_3des.pem rsa_pkcs1_4096_aes128.pem: rsa_pkcs1_4096_clear.pem $(OPENSSL) rsa -aes128 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" all_final += rsa_pkcs1_4096_aes128.pem rsa_pkcs1_4096_aes192.pem: rsa_pkcs1_4096_clear.pem $(OPENSSL) rsa -aes192 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" all_final += rsa_pkcs1_4096_aes192.pem rsa_pkcs1_4096_aes256.pem: rsa_pkcs1_4096_clear.pem $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" all_final += rsa_pkcs1_4096_aes256.pem keys_rsa_enc_basic_4096: rsa_pkcs1_4096_des.pem rsa_pkcs1_4096_3des.pem rsa_pkcs1_4096_aes128.pem rsa_pkcs1_4096_aes192.pem rsa_pkcs1_4096_aes256.pem ### ### PKCS8-v1 encoded, encrypted RSA keys ### ### 1024-bit rsa_pkcs8_pbe_sha1_1024_3des.der: rsa_pkcs1_1024_clear.pem $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES all_final += rsa_pkcs8_pbe_sha1_1024_3des.der rsa_pkcs8_pbe_sha1_1024_3des.pem: rsa_pkcs1_1024_clear.pem $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES all_final += rsa_pkcs8_pbe_sha1_1024_3des.pem keys_rsa_enc_pkcs8_v1_1024_3des: rsa_pkcs8_pbe_sha1_1024_3des.pem rsa_pkcs8_pbe_sha1_1024_3des.der rsa_pkcs8_pbe_sha1_1024_2des.der: rsa_pkcs1_1024_clear.pem $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES all_final += rsa_pkcs8_pbe_sha1_1024_2des.der rsa_pkcs8_pbe_sha1_1024_2des.pem: rsa_pkcs1_1024_clear.pem $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES all_final += rsa_pkcs8_pbe_sha1_1024_2des.pem keys_rsa_enc_pkcs8_v1_1024_2des: rsa_pkcs8_pbe_sha1_1024_2des.pem rsa_pkcs8_pbe_sha1_1024_2des.der rsa_pkcs8_pbe_sha1_1024_rc4_128.der: rsa_pkcs1_1024_clear.pem $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128 all_final += rsa_pkcs8_pbe_sha1_1024_rc4_128.der rsa_pkcs8_pbe_sha1_1024_rc4_128.pem: rsa_pkcs1_1024_clear.pem $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128 all_final += rsa_pkcs8_pbe_sha1_1024_rc4_128.pem keys_rsa_enc_pkcs8_v1_1024_rc4_128: rsa_pkcs8_pbe_sha1_1024_rc4_128.pem rsa_pkcs8_pbe_sha1_1024_rc4_128.der keys_rsa_enc_pkcs8_v1_1024: keys_rsa_enc_pkcs8_v1_1024_3des keys_rsa_enc_pkcs8_v1_1024_2des keys_rsa_enc_pkcs8_v1_1024_rc4_128 ### 2048-bit rsa_pkcs8_pbe_sha1_2048_3des.der: rsa_pkcs1_2048_clear.pem $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES all_final += rsa_pkcs8_pbe_sha1_2048_3des.der rsa_pkcs8_pbe_sha1_2048_3des.pem: rsa_pkcs1_2048_clear.pem $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES all_final += rsa_pkcs8_pbe_sha1_2048_3des.pem keys_rsa_enc_pkcs8_v1_2048_3des: rsa_pkcs8_pbe_sha1_2048_3des.pem rsa_pkcs8_pbe_sha1_2048_3des.der rsa_pkcs8_pbe_sha1_2048_2des.der: rsa_pkcs1_2048_clear.pem $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES all_final += rsa_pkcs8_pbe_sha1_2048_2des.der rsa_pkcs8_pbe_sha1_2048_2des.pem: rsa_pkcs1_2048_clear.pem $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES all_final += rsa_pkcs8_pbe_sha1_2048_2des.pem keys_rsa_enc_pkcs8_v1_2048_2des: rsa_pkcs8_pbe_sha1_2048_2des.pem rsa_pkcs8_pbe_sha1_2048_2des.der rsa_pkcs8_pbe_sha1_2048_rc4_128.der: rsa_pkcs1_2048_clear.pem $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128 all_final += rsa_pkcs8_pbe_sha1_2048_rc4_128.der rsa_pkcs8_pbe_sha1_2048_rc4_128.pem: rsa_pkcs1_2048_clear.pem $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128 all_final += rsa_pkcs8_pbe_sha1_2048_rc4_128.pem keys_rsa_enc_pkcs8_v1_2048_rc4_128: rsa_pkcs8_pbe_sha1_2048_rc4_128.pem rsa_pkcs8_pbe_sha1_2048_rc4_128.der keys_rsa_enc_pkcs8_v1_2048: keys_rsa_enc_pkcs8_v1_2048_3des keys_rsa_enc_pkcs8_v1_2048_2des keys_rsa_enc_pkcs8_v1_2048_rc4_128 ### 4096-bit rsa_pkcs8_pbe_sha1_4096_3des.der: rsa_pkcs1_4096_clear.pem $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES all_final += rsa_pkcs8_pbe_sha1_4096_3des.der rsa_pkcs8_pbe_sha1_4096_3des.pem: rsa_pkcs1_4096_clear.pem $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES all_final += rsa_pkcs8_pbe_sha1_4096_3des.pem keys_rsa_enc_pkcs8_v1_4096_3des: rsa_pkcs8_pbe_sha1_4096_3des.pem rsa_pkcs8_pbe_sha1_4096_3des.der rsa_pkcs8_pbe_sha1_4096_2des.der: rsa_pkcs1_4096_clear.pem $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES all_final += rsa_pkcs8_pbe_sha1_4096_2des.der rsa_pkcs8_pbe_sha1_4096_2des.pem: rsa_pkcs1_4096_clear.pem $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES all_final += rsa_pkcs8_pbe_sha1_4096_2des.pem keys_rsa_enc_pkcs8_v1_4096_2des: rsa_pkcs8_pbe_sha1_4096_2des.pem rsa_pkcs8_pbe_sha1_4096_2des.der rsa_pkcs8_pbe_sha1_4096_rc4_128.der: rsa_pkcs1_4096_clear.pem $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128 all_final += rsa_pkcs8_pbe_sha1_4096_rc4_128.der rsa_pkcs8_pbe_sha1_4096_rc4_128.pem: rsa_pkcs1_4096_clear.pem $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128 all_final += rsa_pkcs8_pbe_sha1_4096_rc4_128.pem keys_rsa_enc_pkcs8_v1_4096_rc4_128: rsa_pkcs8_pbe_sha1_4096_rc4_128.pem rsa_pkcs8_pbe_sha1_4096_rc4_128.der keys_rsa_enc_pkcs8_v1_4096: keys_rsa_enc_pkcs8_v1_4096_3des keys_rsa_enc_pkcs8_v1_4096_2des keys_rsa_enc_pkcs8_v1_4096_rc4_128 ### ### PKCS8-v2 encoded, encrypted RSA keys ### ### 1024-bit rsa_pkcs8_pbes2_pbkdf2_1024_3des.der: rsa_pkcs1_1024_clear.pem $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des.der rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem: rsa_pkcs1_1024_clear.pem $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem keys_rsa_enc_pkcs8_v2_1024_3des: rsa_pkcs8_pbes2_pbkdf2_1024_3des.der rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem rsa_pkcs8_pbes2_pbkdf2_1024_des.der: rsa_pkcs1_1024_clear.pem $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des.der rsa_pkcs8_pbes2_pbkdf2_1024_des.pem: rsa_pkcs1_1024_clear.pem $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des.pem keys_rsa_enc_pkcs8_v2_1024_des: rsa_pkcs8_pbes2_pbkdf2_1024_des.der rsa_pkcs8_pbes2_pbkdf2_1024_des.pem keys_rsa_enc_pkcs8_v2_1024: keys_rsa_enc_pkcs8_v2_1024_3des keys_rsa_enc_pkcs8_v2_1024_des ### 2048-bit rsa_pkcs8_pbes2_pbkdf2_2048_3des.der: rsa_pkcs1_2048_clear.pem $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des.der rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem: rsa_pkcs1_2048_clear.pem $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem keys_rsa_enc_pkcs8_v2_2048_3des: rsa_pkcs8_pbes2_pbkdf2_2048_3des.der rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem rsa_pkcs8_pbes2_pbkdf2_2048_des.der: rsa_pkcs1_2048_clear.pem $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des.der rsa_pkcs8_pbes2_pbkdf2_2048_des.pem: rsa_pkcs1_2048_clear.pem $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des.pem keys_rsa_enc_pkcs8_v2_2048_des: rsa_pkcs8_pbes2_pbkdf2_2048_des.der rsa_pkcs8_pbes2_pbkdf2_2048_des.pem keys_rsa_enc_pkcs8_v2_2048: keys_rsa_enc_pkcs8_v2_2048_3des keys_rsa_enc_pkcs8_v2_2048_des ### 4096-bit rsa_pkcs8_pbes2_pbkdf2_4096_3des.der: rsa_pkcs1_4096_clear.pem $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des.der rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem: rsa_pkcs1_4096_clear.pem $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem keys_rsa_enc_pkcs8_v2_4096_3des: rsa_pkcs8_pbes2_pbkdf2_4096_3des.der rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem rsa_pkcs8_pbes2_pbkdf2_4096_des.der: rsa_pkcs1_4096_clear.pem $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des.der rsa_pkcs8_pbes2_pbkdf2_4096_des.pem: rsa_pkcs1_4096_clear.pem $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des.pem keys_rsa_enc_pkcs8_v2_4096_des: rsa_pkcs8_pbes2_pbkdf2_4096_des.der rsa_pkcs8_pbes2_pbkdf2_4096_des.pem keys_rsa_enc_pkcs8_v2_4096: keys_rsa_enc_pkcs8_v2_4096_3des keys_rsa_enc_pkcs8_v2_4096_des ### ### Rules to generate all RSA keys from a particular class ### ### Generate basic unencrypted RSA keys keys_rsa_unenc: rsa_pkcs1_1024_clear.pem rsa_pkcs1_2048_clear.pem rsa_pkcs1_4096_clear.pem ### Generate PKCS1-encoded encrypted RSA keys keys_rsa_enc_basic: keys_rsa_enc_basic_1024 keys_rsa_enc_basic_2048 keys_rsa_enc_basic_4096 ### Generate PKCS8-v1 encrypted RSA keys keys_rsa_enc_pkcs8_v1: keys_rsa_enc_pkcs8_v1_1024 keys_rsa_enc_pkcs8_v1_2048 keys_rsa_enc_pkcs8_v1_4096 ### Generate PKCS8-v2 encrypted RSA keys keys_rsa_enc_pkcs8_v2: keys_rsa_enc_pkcs8_v2_1024 keys_rsa_enc_pkcs8_v2_2048 keys_rsa_enc_pkcs8_v2_4096 ### Generate all RSA keys keys_rsa_all: keys_rsa_unenc keys_rsa_enc_basic keys_rsa_enc_pkcs8_v1 keys_rsa_enc_pkcs8_v2 ################################################################ ### Generate certificates for CRT write check tests ################################################################ ### The test files use the Mbed TLS generated certificates server1*.crt, ### but for comparison with OpenSSL also rules for OpenSSL-generated ### certificates server1*.crt.openssl are offered. ### ### Known differences: ### * OpenSSL encodes trailing zero-bits in bit-strings occurring in X.509 extension ### as unused bits, while Mbed TLS doesn't. test_ca_server1_db = test-ca.server1.db test_ca_server1_serial = test-ca.server1.serial test_ca_server1_config_file = test-ca.server1.opensslconf server1.csr: server1.key server1_csr.opensslconf $(OPENSSL) req -keyform PEM -key server1.key -config server1_csr.opensslconf -out $@ -new all_final += server1.csr server1.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa) $(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 version=3 output_file=$@ server1.noauthid.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa) $(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20110212144406 not_after=20210212144406 md=SHA1 authority_identifier=0 version=3 output_file=$@ server1.der: server1.crt $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ all_final += server1.crt server1.noauthid.crt server1.der server1.key_usage.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa) $(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 key_usage=digital_signature,non_repudiation,key_encipherment version=3 output_file=$@ server1.key_usage_noauthid.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa) $(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 key_usage=digital_signature,non_repudiation,key_encipherment authority_identifier=0 version=3 output_file=$@ server1.key_usage.der: server1.key_usage.crt $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ all_final += server1.key_usage.crt server1.key_usage_noauthid.crt server1.key_usage.der server1.cert_type.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa) $(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 ns_cert_type=ssl_server version=3 output_file=$@ server1.cert_type_noauthid.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa) $(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 ns_cert_type=ssl_server authority_identifier=0 version=3 output_file=$@ server1.cert_type.der: server1.cert_type.crt $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ all_final += server1.cert_type.crt server1.cert_type_noauthid.crt server1.cert_type.der server1.v1.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa) $(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 version=1 output_file=$@ server1.v1.der: server1.v1.crt $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ all_final += server1.v1.crt server1.v1.der # OpenSSL-generated certificates for comparison # Also provide certificates in DER format to allow # direct binary comparison using e.g. dumpasn1 server1.crt.openssl server1.key_usage.crt.openssl server1.cert_type.crt.openssl: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_server1_config_file) echo "01" > $(test_ca_server1_serial) rm -f $(test_ca_server1_db) touch $(test_ca_server1_db) $(OPENSSL) ca -batch -passin "pass:$(test_ca_pwd_rsa)" -config $(test_ca_server1_config_file) -in server1.csr -extensions v3_ext -extfile $@.v3_ext -out $@ server1.der.openssl: server1.crt.openssl $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ server1.key_usage.der.openssl: server1.key_usage.crt.openssl $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ server1.cert_type.der.openssl: server1.cert_type.crt.openssl $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ server1.v1.crt.openssl: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_server1_config_file) echo "01" > $(test_ca_server1_serial) rm -f $(test_ca_server1_db) touch $(test_ca_server1_db) $(OPENSSL) ca -batch -passin "pass:$(test_ca_pwd_rsa)" -config $(test_ca_server1_config_file) -in server1.csr -out $@ server1.v1.der.openssl: server1.v1.crt.openssl $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ server1_all: server1.csr server1.crt server1.noauthid.crt server1.crt.openssl server1.v1.crt server1.v1.crt.openssl server1.key_usage.crt server1.key_usage_noauthid.crt server1.key_usage.crt.openssl server1.cert_type.crt server1.cert_type_noauthid.crt server1.cert_type.crt.openssl server1.der server1.der.openssl server1.v1.der server1.v1.der.openssl server1.key_usage.der server1.key_usage.der.openssl server1.cert_type.der server1.cert_type.der.openssl ################################################################ #### Meta targets ################################################################ all_final: $(all_final) all: $(all_intermediate) $(all_final) .PHONY: default all_final all .PHONY: keys_rsa_all .PHONY: keys_rsa_unenc keys_rsa_enc_basic .PHONY: keys_rsa_enc_pkcs8_v1 keys_rsa_enc_pkcs8_v2 .PHONY: keys_rsa_enc_basic_1024 keys_rsa_enc_basic_2048 keys_rsa_enc_basic_4096 .PHONY: keys_rsa_enc_pkcs8_v1_1024 keys_rsa_enc_pkcs8_v2_1024 .PHONY: keys_rsa_enc_pkcs8_v1_2048 keys_rsa_enc_pkcs8_v2_2048 .PHONY: keys_rsa_enc_pkcs8_v1_4096 keys_rsa_enc_pkcs8_v2_4096 .PHONY: server1_all # These files should not be committed to the repository. list_intermediate: @printf '%s\n' $(all_intermediate) | sort # These files should be committed to the repository so that the test data is # available upon checkout without running a randomized process depending on # third-party tools. list_final: @printf '%s\n' $(all_final) | sort .PHONY: list_intermediate list_final ## Remove intermediate files clean: rm -f $(all_intermediate) ## Remove all build products, even the ones that are committed neat: clean rm -f $(all_final) .PHONY: clean neat