1## This file contains a record of how some of the test data was 2## generated. The final build products are committed to the repository 3## as well to make sure that the test data is identical. You do not 4## need to use this makefile unless you're extending mbed TLS's tests. 5 6## Many data files were generated prior to the existence of this 7## makefile, so the method of their generation was not recorded. 8 9## Note that in addition to depending on the version of the data 10## generation tool, many of the build outputs are randomized, so 11## running this makefile twice would not produce the same results. 12 13## Tools 14OPENSSL ?= openssl 15FAKETIME ?= faketime 16MBEDTLS_CERT_WRITE ?= $(PWD)/../../programs/x509/cert_write 17 18## Build the generated test data. Note that since the final outputs 19## are committed to the repository, this target should do nothing on a 20## fresh checkout. Furthermore, since the generation is randomized, 21## re-running the same targets may result in differing files. The goal 22## of this makefile is primarily to serve as a record of how the 23## targets were generated in the first place. 24default: all_final 25 26all_intermediate := # temporary files 27all_final := # files used by tests 28 29 30 31################################################################ 32#### Generate certificates from existing keys 33################################################################ 34 35test_ca_crt = test-ca.crt 36test_ca_key_file_rsa = test-ca.key 37test_ca_pwd_rsa = PolarSSLTest 38test_ca_config_file = test-ca.opensslconf 39 40test-ca.csr: $(test_ca_key_file_rsa) $(test_ca_config_file) 41 $(OPENSSL) req -new -config $(test_ca_config_file) -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test CA" -out $@ 42all_intermediate += test-ca.csr 43test-ca-sha1.crt: $(test_ca_key_file_rsa) $(test_ca_config_file) test-ca.csr 44 $(OPENSSL) req -x509 -config $(test_ca_config_file) -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha1 -in test-ca.csr -out $@ 45all_final += test-ca-sha1.crt 46test-ca-sha256.crt: $(test_ca_key_file_rsa) $(test_ca_config_file) test-ca.csr 47 $(OPENSSL) req -x509 -config $(test_ca_config_file) -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha256 -in test-ca.csr -out $@ 48all_final += test-ca-sha256.crt 49 50test_ca_key_file_rsa_alt = test-ca-alt.key 51 52$(test_ca_key_file_rsa_alt): 53 $(OPENSSL) genrsa -out $@ 2048 54test-ca-alt.csr: $(test_ca_key_file_rsa_alt) $(test_ca_config_file) 55 $(OPENSSL) req -new -config $(test_ca_config_file) -key $(test_ca_key_file_rsa_alt) -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test CA" -out $@ 56all_intermediate += test-ca-alt.csr 57test-ca-alt.crt: $(test_ca_key_file_rsa_alt) $(test_ca_config_file) test-ca-alt.csr 58 $(OPENSSL) req -x509 -config $(test_ca_config_file) -key $(test_ca_key_file_rsa_alt) -set_serial 0 -days 3653 -sha256 -in test-ca-alt.csr -out $@ 59all_final += test-ca-alt.crt 60test-ca-alt-good.crt: test-ca-alt.crt test-ca-sha256.crt 61 cat test-ca-alt.crt test-ca-sha256.crt > $@ 62all_final += test-ca-alt-good.crt 63test-ca-good-alt.crt: test-ca-alt.crt test-ca-sha256.crt 64 cat test-ca-sha256.crt test-ca-alt.crt > $@ 65all_final += test-ca-good-alt.crt 66 67test_ca_crt_file_ec = test-ca2.crt 68test_ca_key_file_ec = test-ca2.key 69 70test-int-ca.csr: test-int-ca.key $(test_ca_config_file) 71 $(OPENSSL) req -new -config $(test_ca_config_file) -key test-int-ca.key -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test Intermediate CA" -out $@ 72all_intermediate += test-int-ca.csr 73test-int-ca-exp.crt: $(test_ca_crt_file_ec) $(test_ca_key_file_ec) $(test_ca_config_file) test-int-ca.csr 74 $(FAKETIME) -f -3653d $(OPENSSL) x509 -req -extfile $(test_ca_config_file) -extensions v3_ca -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) -set_serial 14 -days 3653 -sha256 -in test-int-ca.csr -out $@ 75all_final += test-int-ca-exp.crt 76 77crl-idp.pem: $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_config_file) 78 $(OPENSSL) ca -gencrl -batch -cert $(test_ca_crt) -keyfile $(test_ca_key_file_rsa) -key $(test_ca_pwd_rsa) -config $(test_ca_config_file) -name test_ca -md sha256 -crldays 3653 -crlexts crl_ext_idp -out $@ 79all_final += crl-idp.pem 80crl-idpnc.pem: $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_config_file) 81 $(OPENSSL) ca -gencrl -batch -cert $(test_ca_crt) -keyfile $(test_ca_key_file_rsa) -key $(test_ca_pwd_rsa) -config $(test_ca_config_file) -name test_ca -md sha256 -crldays 3653 -crlexts crl_ext_idp_nc -out $@ 82all_final += crl-idpnc.pem 83 84cli_crt_key_file_rsa = cli-rsa.key 85cli_crt_extensions_file = cli.opensslconf 86 87cli-rsa.csr: $(cli_crt_key_file_rsa) 88 $(OPENSSL) req -new -key $(cli_crt_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -subj "/C=NL/O=PolarSSL/CN=PolarSSL Client 2" -out $@ 89all_intermediate += cli-rsa.csr 90cli-rsa-sha1.crt: $(cli_crt_key_file_rsa) test-ca-sha1.crt cli-rsa.csr 91 $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA test-ca-sha1.crt -CAkey $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 4 -days 3653 -sha1 -in cli-rsa.csr -out $@ 92all_final += cli-rsa-sha1.crt 93cli-rsa-sha256.crt: $(cli_crt_key_file_rsa) test-ca-sha256.crt cli-rsa.csr 94 $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA test-ca-sha256.crt -CAkey $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 4 -days 3653 -sha256 -in cli-rsa.csr -out $@ 95all_final += cli-rsa-sha256.crt 96 97server2-rsa.csr: server2.key 98 $(OPENSSL) req -new -key server2.key -passin "pass:$(test_ca_pwd_rsa)" -subj "/C=NL/O=PolarSSL/CN=localhost" -out $@ 99all_intermediate += server2-rsa.csr 100server2-sha256.crt: server2-rsa.csr 101 $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA test-ca-sha256.crt -CAkey $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 4 -days 3653 -sha256 -in server2-rsa.csr -out $@ 102all_final += server2-sha256.crt 103 104test_ca_int_rsa1 = test-int-ca.crt 105 106server7.csr: server7.key 107 $(OPENSSL) req -new -key server7.key -subj "/C=NL/O=PolarSSL/CN=localhost" -out $@ 108all_intermediate += server7.csr 109server7-expired.crt: server7.csr $(test_ca_int_rsa1) 110 $(FAKETIME) -f -3653d $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA $(test_ca_int_rsa1) -CAkey test-int-ca.key -set_serial 16 -days 3653 -sha256 -in server7.csr | cat - $(test_ca_int_rsa1) > $@ 111all_final += server7-expired.crt 112server7-future.crt: server7.csr $(test_ca_int_rsa1) 113 $(FAKETIME) -f +3653d $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA $(test_ca_int_rsa1) -CAkey test-int-ca.key -set_serial 16 -days 3653 -sha256 -in server7.csr | cat - $(test_ca_int_rsa1) > $@ 114all_final += server7-future.crt 115server7-badsign.crt: server7.crt $(test_ca_int_rsa1) 116 { head -n-2 server7.crt; tail -n-2 server7.crt | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; cat test-int-ca.crt; } > server7-badsign.crt 117all_final += server7-badsign.crt 118server7_int-ca-exp.crt: server7.crt test-int-ca-exp.crt 119 cat server7.crt test-int-ca-exp.crt > $@ 120all_final += server7_int-ca-exp.crt 121 122server5-ss-expired.crt: server5.key 123 $(FAKETIME) -f -3653d $(OPENSSL) req -x509 -new -subj "/C=UK/O=mbed TLS/OU=testsuite/CN=localhost" -days 3653 -sha256 -key $< -out $@ 124all_final += server5-ss-expired.crt 125 126# try to forge a copy of test-int-ca3 with different key 127server5-ss-forgeca.crt: server5.key 128 $(FAKETIME) '2015-09-01 14:08:43' $(OPENSSL) req -x509 -new -subj "/C=UK/O=mbed TLS/CN=mbed TLS Test intermediate CA 3" -set_serial 77 -config $(test_ca_config_file) -extensions noext_ca -days 3650 -sha256 -key $< -out $@ 129all_final += server5-ss-forgeca.crt 130 131rsa_pkcs1_2048_public.pem: server8.key 132 $(OPENSSL) rsa -in $< -outform PEM -RSAPublicKey_out -out $@ 133all_final += rsa_pkcs1_2048_public.pem 134 135rsa_pkcs1_2048_public.der: rsa_pkcs1_2048_public.pem 136 $(OPENSSL) rsa -RSAPublicKey_in -in $< -outform DER -RSAPublicKey_out -out $@ 137all_final += rsa_pkcs1_2048_public.der 138 139rsa_pkcs8_2048_public.pem: server8.key 140 $(OPENSSL) rsa -in $< -outform PEM -pubout -out $@ 141all_final += rsa_pkcs8_2048_public.pem 142 143rsa_pkcs8_2048_public.der: rsa_pkcs8_2048_public.pem 144 $(OPENSSL) rsa -pubin -in $< -outform DER -pubout -out $@ 145all_final += rsa_pkcs8_2048_public.der 146 147################################################################ 148#### Generate various RSA keys 149################################################################ 150 151### Password used for PKCS1-encoded encrypted RSA keys 152keys_rsa_basic_pwd = testkey 153 154### Password used for PKCS8-encoded encrypted RSA keys 155keys_rsa_pkcs8_pwd = PolarSSLTest 156 157### Basic 1024-, 2048- and 4096-bit unencrypted RSA keys from which 158### all other encrypted RSA keys are derived. 159rsa_pkcs1_1024_clear.pem: 160 $(OPENSSL) genrsa -out $@ 1024 161all_final += rsa_pkcs1_1024_clear.pem 162rsa_pkcs1_2048_clear.pem: 163 $(OPENSSL) genrsa -out $@ 2048 164all_final += rsa_pkcs1_2048_clear.pem 165rsa_pkcs1_4096_clear.pem: 166 $(OPENSSL) genrsa -out $@ 4096 167all_final += rsa_pkcs1_4096_clear.pem 168 169### 170### PKCS1-encoded, encrypted RSA keys 171### 172 173### 1024-bit 174rsa_pkcs1_1024_des.pem: rsa_pkcs1_1024_clear.pem 175 $(OPENSSL) rsa -des -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 176all_final += rsa_pkcs1_1024_des.pem 177rsa_pkcs1_1024_3des.pem: rsa_pkcs1_1024_clear.pem 178 $(OPENSSL) rsa -des3 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 179all_final += rsa_pkcs1_1024_3des.pem 180rsa_pkcs1_1024_aes128.pem: rsa_pkcs1_1024_clear.pem 181 $(OPENSSL) rsa -aes128 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 182all_final += rsa_pkcs1_1024_aes128.pem 183rsa_pkcs1_1024_aes192.pem: rsa_pkcs1_1024_clear.pem 184 $(OPENSSL) rsa -aes192 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 185all_final += rsa_pkcs1_1024_aes192.pem 186rsa_pkcs1_1024_aes256.pem: rsa_pkcs1_1024_clear.pem 187 $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 188all_final += rsa_pkcs1_1024_aes256.pem 189keys_rsa_enc_basic_1024: rsa_pkcs1_1024_des.pem rsa_pkcs1_1024_3des.pem rsa_pkcs1_1024_aes128.pem rsa_pkcs1_1024_aes192.pem rsa_pkcs1_1024_aes256.pem 190 191# 2048-bit 192rsa_pkcs1_2048_des.pem: rsa_pkcs1_2048_clear.pem 193 $(OPENSSL) rsa -des -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 194all_final += rsa_pkcs1_2048_des.pem 195rsa_pkcs1_2048_3des.pem: rsa_pkcs1_2048_clear.pem 196 $(OPENSSL) rsa -des3 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 197all_final += rsa_pkcs1_2048_3des.pem 198rsa_pkcs1_2048_aes128.pem: rsa_pkcs1_2048_clear.pem 199 $(OPENSSL) rsa -aes128 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 200all_final += rsa_pkcs1_2048_aes128.pem 201rsa_pkcs1_2048_aes192.pem: rsa_pkcs1_2048_clear.pem 202 $(OPENSSL) rsa -aes192 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 203all_final += rsa_pkcs1_2048_aes192.pem 204rsa_pkcs1_2048_aes256.pem: rsa_pkcs1_2048_clear.pem 205 $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 206all_final += rsa_pkcs1_2048_aes256.pem 207keys_rsa_enc_basic_2048: rsa_pkcs1_2048_des.pem rsa_pkcs1_2048_3des.pem rsa_pkcs1_2048_aes128.pem rsa_pkcs1_2048_aes192.pem rsa_pkcs1_2048_aes256.pem 208 209# 4096-bit 210rsa_pkcs1_4096_des.pem: rsa_pkcs1_4096_clear.pem 211 $(OPENSSL) rsa -des -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 212all_final += rsa_pkcs1_4096_des.pem 213rsa_pkcs1_4096_3des.pem: rsa_pkcs1_4096_clear.pem 214 $(OPENSSL) rsa -des3 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 215all_final += rsa_pkcs1_4096_3des.pem 216rsa_pkcs1_4096_aes128.pem: rsa_pkcs1_4096_clear.pem 217 $(OPENSSL) rsa -aes128 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 218all_final += rsa_pkcs1_4096_aes128.pem 219rsa_pkcs1_4096_aes192.pem: rsa_pkcs1_4096_clear.pem 220 $(OPENSSL) rsa -aes192 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 221all_final += rsa_pkcs1_4096_aes192.pem 222rsa_pkcs1_4096_aes256.pem: rsa_pkcs1_4096_clear.pem 223 $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 224all_final += rsa_pkcs1_4096_aes256.pem 225keys_rsa_enc_basic_4096: rsa_pkcs1_4096_des.pem rsa_pkcs1_4096_3des.pem rsa_pkcs1_4096_aes128.pem rsa_pkcs1_4096_aes192.pem rsa_pkcs1_4096_aes256.pem 226 227### 228### PKCS8-v1 encoded, encrypted RSA keys 229### 230 231### 1024-bit 232rsa_pkcs8_pbe_sha1_1024_3des.der: rsa_pkcs1_1024_clear.pem 233 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES 234all_final += rsa_pkcs8_pbe_sha1_1024_3des.der 235rsa_pkcs8_pbe_sha1_1024_3des.pem: rsa_pkcs1_1024_clear.pem 236 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES 237all_final += rsa_pkcs8_pbe_sha1_1024_3des.pem 238keys_rsa_enc_pkcs8_v1_1024_3des: rsa_pkcs8_pbe_sha1_1024_3des.pem rsa_pkcs8_pbe_sha1_1024_3des.der 239 240rsa_pkcs8_pbe_sha1_1024_2des.der: rsa_pkcs1_1024_clear.pem 241 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES 242all_final += rsa_pkcs8_pbe_sha1_1024_2des.der 243rsa_pkcs8_pbe_sha1_1024_2des.pem: rsa_pkcs1_1024_clear.pem 244 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES 245all_final += rsa_pkcs8_pbe_sha1_1024_2des.pem 246keys_rsa_enc_pkcs8_v1_1024_2des: rsa_pkcs8_pbe_sha1_1024_2des.pem rsa_pkcs8_pbe_sha1_1024_2des.der 247 248rsa_pkcs8_pbe_sha1_1024_rc4_128.der: rsa_pkcs1_1024_clear.pem 249 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128 250all_final += rsa_pkcs8_pbe_sha1_1024_rc4_128.der 251rsa_pkcs8_pbe_sha1_1024_rc4_128.pem: rsa_pkcs1_1024_clear.pem 252 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128 253all_final += rsa_pkcs8_pbe_sha1_1024_rc4_128.pem 254keys_rsa_enc_pkcs8_v1_1024_rc4_128: rsa_pkcs8_pbe_sha1_1024_rc4_128.pem rsa_pkcs8_pbe_sha1_1024_rc4_128.der 255 256keys_rsa_enc_pkcs8_v1_1024: keys_rsa_enc_pkcs8_v1_1024_3des keys_rsa_enc_pkcs8_v1_1024_2des keys_rsa_enc_pkcs8_v1_1024_rc4_128 257 258### 2048-bit 259rsa_pkcs8_pbe_sha1_2048_3des.der: rsa_pkcs1_2048_clear.pem 260 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES 261all_final += rsa_pkcs8_pbe_sha1_2048_3des.der 262rsa_pkcs8_pbe_sha1_2048_3des.pem: rsa_pkcs1_2048_clear.pem 263 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES 264all_final += rsa_pkcs8_pbe_sha1_2048_3des.pem 265keys_rsa_enc_pkcs8_v1_2048_3des: rsa_pkcs8_pbe_sha1_2048_3des.pem rsa_pkcs8_pbe_sha1_2048_3des.der 266 267rsa_pkcs8_pbe_sha1_2048_2des.der: rsa_pkcs1_2048_clear.pem 268 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES 269all_final += rsa_pkcs8_pbe_sha1_2048_2des.der 270rsa_pkcs8_pbe_sha1_2048_2des.pem: rsa_pkcs1_2048_clear.pem 271 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES 272all_final += rsa_pkcs8_pbe_sha1_2048_2des.pem 273keys_rsa_enc_pkcs8_v1_2048_2des: rsa_pkcs8_pbe_sha1_2048_2des.pem rsa_pkcs8_pbe_sha1_2048_2des.der 274 275rsa_pkcs8_pbe_sha1_2048_rc4_128.der: rsa_pkcs1_2048_clear.pem 276 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128 277all_final += rsa_pkcs8_pbe_sha1_2048_rc4_128.der 278rsa_pkcs8_pbe_sha1_2048_rc4_128.pem: rsa_pkcs1_2048_clear.pem 279 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128 280all_final += rsa_pkcs8_pbe_sha1_2048_rc4_128.pem 281keys_rsa_enc_pkcs8_v1_2048_rc4_128: rsa_pkcs8_pbe_sha1_2048_rc4_128.pem rsa_pkcs8_pbe_sha1_2048_rc4_128.der 282 283keys_rsa_enc_pkcs8_v1_2048: keys_rsa_enc_pkcs8_v1_2048_3des keys_rsa_enc_pkcs8_v1_2048_2des keys_rsa_enc_pkcs8_v1_2048_rc4_128 284 285### 4096-bit 286rsa_pkcs8_pbe_sha1_4096_3des.der: rsa_pkcs1_4096_clear.pem 287 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES 288all_final += rsa_pkcs8_pbe_sha1_4096_3des.der 289rsa_pkcs8_pbe_sha1_4096_3des.pem: rsa_pkcs1_4096_clear.pem 290 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES 291all_final += rsa_pkcs8_pbe_sha1_4096_3des.pem 292keys_rsa_enc_pkcs8_v1_4096_3des: rsa_pkcs8_pbe_sha1_4096_3des.pem rsa_pkcs8_pbe_sha1_4096_3des.der 293 294rsa_pkcs8_pbe_sha1_4096_2des.der: rsa_pkcs1_4096_clear.pem 295 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES 296all_final += rsa_pkcs8_pbe_sha1_4096_2des.der 297rsa_pkcs8_pbe_sha1_4096_2des.pem: rsa_pkcs1_4096_clear.pem 298 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES 299all_final += rsa_pkcs8_pbe_sha1_4096_2des.pem 300keys_rsa_enc_pkcs8_v1_4096_2des: rsa_pkcs8_pbe_sha1_4096_2des.pem rsa_pkcs8_pbe_sha1_4096_2des.der 301 302rsa_pkcs8_pbe_sha1_4096_rc4_128.der: rsa_pkcs1_4096_clear.pem 303 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128 304all_final += rsa_pkcs8_pbe_sha1_4096_rc4_128.der 305rsa_pkcs8_pbe_sha1_4096_rc4_128.pem: rsa_pkcs1_4096_clear.pem 306 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128 307all_final += rsa_pkcs8_pbe_sha1_4096_rc4_128.pem 308keys_rsa_enc_pkcs8_v1_4096_rc4_128: rsa_pkcs8_pbe_sha1_4096_rc4_128.pem rsa_pkcs8_pbe_sha1_4096_rc4_128.der 309 310keys_rsa_enc_pkcs8_v1_4096: keys_rsa_enc_pkcs8_v1_4096_3des keys_rsa_enc_pkcs8_v1_4096_2des keys_rsa_enc_pkcs8_v1_4096_rc4_128 311 312### 313### PKCS8-v2 encoded, encrypted RSA keys, no PRF specified (default for OpenSSL1.0: hmacWithSHA1) 314### 315 316### 1024-bit 317rsa_pkcs8_pbes2_pbkdf2_1024_3des.der: rsa_pkcs1_1024_clear.pem 318 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 319all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des.der 320rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem: rsa_pkcs1_1024_clear.pem 321 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 322all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem 323keys_rsa_enc_pkcs8_v2_1024_3des: rsa_pkcs8_pbes2_pbkdf2_1024_3des.der rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem 324 325rsa_pkcs8_pbes2_pbkdf2_1024_des.der: rsa_pkcs1_1024_clear.pem 326 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 327all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des.der 328rsa_pkcs8_pbes2_pbkdf2_1024_des.pem: rsa_pkcs1_1024_clear.pem 329 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 330all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des.pem 331keys_rsa_enc_pkcs8_v2_1024_des: rsa_pkcs8_pbes2_pbkdf2_1024_des.der rsa_pkcs8_pbes2_pbkdf2_1024_des.pem 332 333keys_rsa_enc_pkcs8_v2_1024: keys_rsa_enc_pkcs8_v2_1024_3des keys_rsa_enc_pkcs8_v2_1024_des 334 335### 2048-bit 336rsa_pkcs8_pbes2_pbkdf2_2048_3des.der: rsa_pkcs1_2048_clear.pem 337 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 338all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des.der 339rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem: rsa_pkcs1_2048_clear.pem 340 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 341all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem 342keys_rsa_enc_pkcs8_v2_2048_3des: rsa_pkcs8_pbes2_pbkdf2_2048_3des.der rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem 343 344rsa_pkcs8_pbes2_pbkdf2_2048_des.der: rsa_pkcs1_2048_clear.pem 345 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 346all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des.der 347rsa_pkcs8_pbes2_pbkdf2_2048_des.pem: rsa_pkcs1_2048_clear.pem 348 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 349all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des.pem 350keys_rsa_enc_pkcs8_v2_2048_des: rsa_pkcs8_pbes2_pbkdf2_2048_des.der rsa_pkcs8_pbes2_pbkdf2_2048_des.pem 351 352keys_rsa_enc_pkcs8_v2_2048: keys_rsa_enc_pkcs8_v2_2048_3des keys_rsa_enc_pkcs8_v2_2048_des 353 354### 4096-bit 355rsa_pkcs8_pbes2_pbkdf2_4096_3des.der: rsa_pkcs1_4096_clear.pem 356 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 357all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des.der 358rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem: rsa_pkcs1_4096_clear.pem 359 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 360all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem 361keys_rsa_enc_pkcs8_v2_4096_3des: rsa_pkcs8_pbes2_pbkdf2_4096_3des.der rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem 362 363rsa_pkcs8_pbes2_pbkdf2_4096_des.der: rsa_pkcs1_4096_clear.pem 364 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 365all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des.der 366rsa_pkcs8_pbes2_pbkdf2_4096_des.pem: rsa_pkcs1_4096_clear.pem 367 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 368all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des.pem 369keys_rsa_enc_pkcs8_v2_4096_des: rsa_pkcs8_pbes2_pbkdf2_4096_des.der rsa_pkcs8_pbes2_pbkdf2_4096_des.pem 370 371keys_rsa_enc_pkcs8_v2_4096: keys_rsa_enc_pkcs8_v2_4096_3des keys_rsa_enc_pkcs8_v2_4096_des 372 373### 374### PKCS8-v2 encoded, encrypted RSA keys, PRF hmacWithSHA224 375### 376 377### 1024-bit 378rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der: rsa_pkcs1_1024_clear.pem 379 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 380all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der 381rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem: rsa_pkcs1_1024_clear.pem 382 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 383all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem 384keys_rsa_enc_pkcs8_v2_1024_3des_sha224: rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem 385 386rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der: rsa_pkcs1_1024_clear.pem 387 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 388all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der 389rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem: rsa_pkcs1_1024_clear.pem 390 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 391all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem 392keys_rsa_enc_pkcs8_v2_1024_des_sha224: rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem 393 394keys_rsa_enc_pkcs8_v2_1024_sha224: keys_rsa_enc_pkcs8_v2_1024_3des_sha224 keys_rsa_enc_pkcs8_v2_1024_des_sha224 395 396### 2048-bit 397rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der: rsa_pkcs1_2048_clear.pem 398 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 399all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der 400rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem: rsa_pkcs1_2048_clear.pem 401 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 402all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem 403keys_rsa_enc_pkcs8_v2_2048_3des_sha224: rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem 404 405rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der: rsa_pkcs1_2048_clear.pem 406 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 407all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der 408rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem: rsa_pkcs1_2048_clear.pem 409 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 410all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem 411keys_rsa_enc_pkcs8_v2_2048_des_sha224: rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem 412 413keys_rsa_enc_pkcs8_v2_2048_sha224: keys_rsa_enc_pkcs8_v2_2048_3des_sha224 keys_rsa_enc_pkcs8_v2_2048_des_sha224 414 415### 4096-bit 416rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der: rsa_pkcs1_4096_clear.pem 417 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 418all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der 419rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem: rsa_pkcs1_4096_clear.pem 420 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 421all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem 422keys_rsa_enc_pkcs8_v2_4096_3des_sha224: rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem 423 424rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der: rsa_pkcs1_4096_clear.pem 425 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 426all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der 427rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem: rsa_pkcs1_4096_clear.pem 428 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 429all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem 430keys_rsa_enc_pkcs8_v2_4096_des_sha224: rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem 431 432keys_rsa_enc_pkcs8_v2_4096_sha224: keys_rsa_enc_pkcs8_v2_4096_3des_sha224 keys_rsa_enc_pkcs8_v2_4096_des_sha224 433 434### 435### PKCS8-v2 encoded, encrypted RSA keys, PRF hmacWithSHA256 436### 437 438### 1024-bit 439rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.der: rsa_pkcs1_1024_clear.pem 440 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 441all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.der 442rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.pem: rsa_pkcs1_1024_clear.pem 443 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 444all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.pem 445keys_rsa_enc_pkcs8_v2_1024_3des_sha256: rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.der rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.pem 446 447rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.der: rsa_pkcs1_1024_clear.pem 448 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 449all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.der 450rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.pem: rsa_pkcs1_1024_clear.pem 451 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 452all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.pem 453keys_rsa_enc_pkcs8_v2_1024_des_sha256: rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.der rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.pem 454 455keys_rsa_enc_pkcs8_v2_1024_sha256: keys_rsa_enc_pkcs8_v2_1024_3des_sha256 keys_rsa_enc_pkcs8_v2_1024_des_sha256 456 457### 2048-bit 458rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.der: rsa_pkcs1_2048_clear.pem 459 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 460all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.der 461rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem: rsa_pkcs1_2048_clear.pem 462 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 463all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem 464keys_rsa_enc_pkcs8_v2_2048_3des_sha256: rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.der rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem 465 466rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.der: rsa_pkcs1_2048_clear.pem 467 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 468all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.der 469rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem: rsa_pkcs1_2048_clear.pem 470 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 471all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem 472keys_rsa_enc_pkcs8_v2_2048_des_sha256: rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.der rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem 473 474keys_rsa_enc_pkcs8_v2_2048_sha256: keys_rsa_enc_pkcs8_v2_2048_3des_sha256 keys_rsa_enc_pkcs8_v2_2048_des_sha256 475 476### 4096-bit 477rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der: rsa_pkcs1_4096_clear.pem 478 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 479all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der 480rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem: rsa_pkcs1_4096_clear.pem 481 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 482all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem 483keys_rsa_enc_pkcs8_v2_4096_3des_sha256: rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem 484 485rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der: rsa_pkcs1_4096_clear.pem 486 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 487all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der 488rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem: rsa_pkcs1_4096_clear.pem 489 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 490all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem 491keys_rsa_enc_pkcs8_v2_4096_des_sha256: rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem 492 493keys_rsa_enc_pkcs8_v2_4096_sha256: keys_rsa_enc_pkcs8_v2_4096_3des_sha256 keys_rsa_enc_pkcs8_v2_4096_des_sha256 494 495### 496### PKCS8-v2 encoded, encrypted RSA keys, PRF hmacWithSHA384 497### 498 499### 1024-bit 500rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.der: rsa_pkcs1_1024_clear.pem 501 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 502all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.der 503rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem: rsa_pkcs1_1024_clear.pem 504 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 505all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem 506keys_rsa_enc_pkcs8_v2_1024_3des_sha384: rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.der rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem 507 508rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.der: rsa_pkcs1_1024_clear.pem 509 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 510all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.der 511rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.pem: rsa_pkcs1_1024_clear.pem 512 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 513all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.pem 514keys_rsa_enc_pkcs8_v2_1024_des_sha384: rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.der rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.pem 515 516keys_rsa_enc_pkcs8_v2_1024_sha384: keys_rsa_enc_pkcs8_v2_1024_3des_sha384 keys_rsa_enc_pkcs8_v2_1024_des_sha384 517 518### 2048-bit 519rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der: rsa_pkcs1_2048_clear.pem 520 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 521all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der 522rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem: rsa_pkcs1_2048_clear.pem 523 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 524all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem 525keys_rsa_enc_pkcs8_v2_2048_3des_sha384: rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem 526 527rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der: rsa_pkcs1_2048_clear.pem 528 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 529all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der 530rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem: rsa_pkcs1_2048_clear.pem 531 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 532all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem 533keys_rsa_enc_pkcs8_v2_2048_des_sha384: rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem 534 535keys_rsa_enc_pkcs8_v2_2048_sha384: keys_rsa_enc_pkcs8_v2_2048_3des_sha384 keys_rsa_enc_pkcs8_v2_2048_des_sha384 536 537### 4096-bit 538rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der: rsa_pkcs1_4096_clear.pem 539 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 540all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der 541rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem: rsa_pkcs1_4096_clear.pem 542 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 543all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem 544keys_rsa_enc_pkcs8_v2_4096_3des_sha384: rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem 545 546rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der: rsa_pkcs1_4096_clear.pem 547 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 548all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der 549rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem: rsa_pkcs1_4096_clear.pem 550 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 551all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem 552keys_rsa_enc_pkcs8_v2_4096_des_sha384: rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem 553 554keys_rsa_enc_pkcs8_v2_4096_sha384: keys_rsa_enc_pkcs8_v2_4096_3des_sha384 keys_rsa_enc_pkcs8_v2_4096_des_sha384 555 556### 557### PKCS8-v2 encoded, encrypted RSA keys, PRF hmacWithSHA512 558### 559 560### 1024-bit 561rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.der: rsa_pkcs1_1024_clear.pem 562 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 563all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.der 564rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.pem: rsa_pkcs1_1024_clear.pem 565 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 566all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.pem 567keys_rsa_enc_pkcs8_v2_1024_3des_sha512: rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.der rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.pem 568 569rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.der: rsa_pkcs1_1024_clear.pem 570 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 571all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.der 572rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.pem: rsa_pkcs1_1024_clear.pem 573 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 574all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.pem 575keys_rsa_enc_pkcs8_v2_1024_des_sha512: rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.der rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.pem 576 577keys_rsa_enc_pkcs8_v2_1024_sha512: keys_rsa_enc_pkcs8_v2_1024_3des_sha512 keys_rsa_enc_pkcs8_v2_1024_des_sha512 578 579### 2048-bit 580rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.der: rsa_pkcs1_2048_clear.pem 581 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 582all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.der 583rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem: rsa_pkcs1_2048_clear.pem 584 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 585all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem 586keys_rsa_enc_pkcs8_v2_2048_3des_sha512: rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.der rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem 587 588rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.der: rsa_pkcs1_2048_clear.pem 589 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 590all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.der 591rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem: rsa_pkcs1_2048_clear.pem 592 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 593all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem 594keys_rsa_enc_pkcs8_v2_2048_des_sha512: rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.der rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem 595 596keys_rsa_enc_pkcs8_v2_2048_sha512: keys_rsa_enc_pkcs8_v2_2048_3des_sha512 keys_rsa_enc_pkcs8_v2_2048_des_sha512 597 598### 4096-bit 599rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der: rsa_pkcs1_4096_clear.pem 600 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 601all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der 602rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem: rsa_pkcs1_4096_clear.pem 603 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 604all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem 605keys_rsa_enc_pkcs8_v2_4096_3des_sha512: rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem 606 607rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der: rsa_pkcs1_4096_clear.pem 608 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 609all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der 610rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem: rsa_pkcs1_4096_clear.pem 611 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 612all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem 613keys_rsa_enc_pkcs8_v2_4096_des_sha512: rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem 614 615keys_rsa_enc_pkcs8_v2_4096_sha512: keys_rsa_enc_pkcs8_v2_4096_3des_sha512 keys_rsa_enc_pkcs8_v2_4096_des_sha512 616 617### 618### Rules to generate all RSA keys from a particular class 619### 620 621### Generate basic unencrypted RSA keys 622keys_rsa_unenc: rsa_pkcs1_1024_clear.pem rsa_pkcs1_2048_clear.pem rsa_pkcs1_4096_clear.pem 623 624### Generate PKCS1-encoded encrypted RSA keys 625keys_rsa_enc_basic: keys_rsa_enc_basic_1024 keys_rsa_enc_basic_2048 keys_rsa_enc_basic_4096 626 627### Generate PKCS8-v1 encrypted RSA keys 628keys_rsa_enc_pkcs8_v1: keys_rsa_enc_pkcs8_v1_1024 keys_rsa_enc_pkcs8_v1_2048 keys_rsa_enc_pkcs8_v1_4096 629 630### Generate PKCS8-v2 encrypted RSA keys 631keys_rsa_enc_pkcs8_v2: keys_rsa_enc_pkcs8_v2_1024 keys_rsa_enc_pkcs8_v2_2048 keys_rsa_enc_pkcs8_v2_4096 keys_rsa_enc_pkcs8_v2_1024_sha224 keys_rsa_enc_pkcs8_v2_2048_sha224 keys_rsa_enc_pkcs8_v2_4096_sha224 keys_rsa_enc_pkcs8_v2_1024_sha256 keys_rsa_enc_pkcs8_v2_2048_sha256 keys_rsa_enc_pkcs8_v2_4096_sha256 keys_rsa_enc_pkcs8_v2_1024_sha384 keys_rsa_enc_pkcs8_v2_2048_sha384 keys_rsa_enc_pkcs8_v2_4096_sha384 keys_rsa_enc_pkcs8_v2_1024_sha512 keys_rsa_enc_pkcs8_v2_2048_sha512 keys_rsa_enc_pkcs8_v2_4096_sha512 632 633### Generate all RSA keys 634keys_rsa_all: keys_rsa_unenc keys_rsa_enc_basic keys_rsa_enc_pkcs8_v1 keys_rsa_enc_pkcs8_v2 635 636################################################################ 637#### Generate various EC keys 638################################################################ 639 640### 641### PKCS8 encoded 642### 643 644ec_prv.pk8.der: 645 $(OPENSSL) genpkey -algorithm EC -pkeyopt ec_paramgen_curve:prime192v1 -pkeyopt ec_param_enc:named_curve -out $@ -outform DER 646all_final += ec_prv.pk8.der 647 648# ### Instructions for creating `ec_prv.pk8nopub.der`, 649# ### `ec_prv.pk8nopubparam.der`, and `ec_prv.pk8param.der` by hand from 650# ### `ec_prv.pk8.der`. 651# 652# These instructions assume you are familiar with ASN.1 DER encoding and can 653# use a hex editor to manipulate DER. 654# 655# The relevant ASN.1 definitions for a PKCS#8 encoded Elliptic Curve key are: 656# 657# PrivateKeyInfo ::= SEQUENCE { 658# version Version, 659# privateKeyAlgorithm PrivateKeyAlgorithmIdentifier, 660# privateKey PrivateKey, 661# attributes [0] IMPLICIT Attributes OPTIONAL 662# } 663# 664# AlgorithmIdentifier ::= SEQUENCE { 665# algorithm OBJECT IDENTIFIER, 666# parameters ANY DEFINED BY algorithm OPTIONAL 667# } 668# 669# ECParameters ::= CHOICE { 670# namedCurve OBJECT IDENTIFIER 671# -- implicitCurve NULL 672# -- specifiedCurve SpecifiedECDomain 673# } 674# 675# ECPrivateKey ::= SEQUENCE { 676# version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1), 677# privateKey OCTET STRING, 678# parameters [0] ECParameters {{ NamedCurve }} OPTIONAL, 679# publicKey [1] BIT STRING OPTIONAL 680# } 681# 682# `ec_prv.pk8.der` as generatde above by OpenSSL should have the following 683# fields: 684# 685# * privateKeyAlgorithm namedCurve 686# * privateKey.parameters NOT PRESENT 687# * privateKey.publicKey PRESENT 688# * attributes NOT PRESENT 689# 690# # ec_prv.pk8nopub.der 691# 692# Take `ec_prv.pk8.der` and remove `privateKey.publicKey`. 693# 694# # ec_prv.pk8nopubparam.der 695# 696# Take `ec_prv.pk8nopub.der` and add `privateKey.parameters`, the same value as 697# `privateKeyAlgorithm.namedCurve`. Don't forget to add the explicit tag. 698# 699# # ec_prv.pk8param.der 700# 701# Take `ec_prv.pk8.der` and add `privateKey.parameters`, the same value as 702# `privateKeyAlgorithm.namedCurve`. Don't forget to add the explicit tag. 703 704ec_prv.pk8.pem: ec_prv.pk8.der 705 $(OPENSSL) pkey -in $< -inform DER -out $@ 706all_final += ec_prv.pk8.pem 707ec_prv.pk8nopub.pem: ec_prv.pk8nopub.der 708 $(OPENSSL) pkey -in $< -inform DER -out $@ 709all_final += ec_prv.pk8nopub.pem 710ec_prv.pk8nopubparam.pem: ec_prv.pk8nopubparam.der 711 $(OPENSSL) pkey -in $< -inform DER -out $@ 712all_final += ec_prv.pk8nopubparam.pem 713ec_prv.pk8param.pem: ec_prv.pk8param.der 714 $(OPENSSL) pkey -in $< -inform DER -out $@ 715all_final += ec_prv.pk8param.pem 716 717################################################################ 718### Generate certificates for CRT write check tests 719################################################################ 720 721### The test files use the Mbed TLS generated certificates server1*.crt, 722### but for comparison with OpenSSL also rules for OpenSSL-generated 723### certificates server1*.crt.openssl are offered. 724### 725### Known differences: 726### * OpenSSL encodes trailing zero-bits in bit-strings occurring in X.509 extension 727### as unused bits, while Mbed TLS doesn't. 728 729test_ca_server1_db = test-ca.server1.db 730test_ca_server1_serial = test-ca.server1.serial 731test_ca_server1_config_file = test-ca.server1.opensslconf 732 733server1.csr: server1.key server1_csr.opensslconf 734 $(OPENSSL) req -keyform PEM -key server1.key -config server1_csr.opensslconf -out $@ -new 735all_final += server1.csr 736 737server1.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa) 738 $(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 version=3 output_file=$@ 739server1.noauthid.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa) 740 $(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20110212144406 not_after=20210212144406 md=SHA1 authority_identifier=0 version=3 output_file=$@ 741server1.der: server1.crt 742 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 743all_final += server1.crt server1.noauthid.crt server1.der 744 745server1.key_usage.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa) 746 $(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 key_usage=digital_signature,non_repudiation,key_encipherment version=3 output_file=$@ 747server1.key_usage_noauthid.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa) 748 $(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 key_usage=digital_signature,non_repudiation,key_encipherment authority_identifier=0 version=3 output_file=$@ 749server1.key_usage.der: server1.key_usage.crt 750 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 751all_final += server1.key_usage.crt server1.key_usage_noauthid.crt server1.key_usage.der 752 753server1.cert_type.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa) 754 $(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 ns_cert_type=ssl_server version=3 output_file=$@ 755server1.cert_type_noauthid.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa) 756 $(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 ns_cert_type=ssl_server authority_identifier=0 version=3 output_file=$@ 757server1.cert_type.der: server1.cert_type.crt 758 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 759all_final += server1.cert_type.crt server1.cert_type_noauthid.crt server1.cert_type.der 760 761server1.v1.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa) 762 $(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 version=1 output_file=$@ 763server1.v1.der: server1.v1.crt 764 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 765all_final += server1.v1.crt server1.v1.der 766 767# OpenSSL-generated certificates for comparison 768# Also provide certificates in DER format to allow 769# direct binary comparison using e.g. dumpasn1 770server1.crt.openssl server1.key_usage.crt.openssl server1.cert_type.crt.openssl: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_server1_config_file) 771 echo "01" > $(test_ca_server1_serial) 772 rm -f $(test_ca_server1_db) 773 touch $(test_ca_server1_db) 774 $(OPENSSL) ca -batch -passin "pass:$(test_ca_pwd_rsa)" -config $(test_ca_server1_config_file) -in server1.csr -extensions v3_ext -extfile $@.v3_ext -out $@ 775server1.der.openssl: server1.crt.openssl 776 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 777server1.key_usage.der.openssl: server1.key_usage.crt.openssl 778 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 779server1.cert_type.der.openssl: server1.cert_type.crt.openssl 780 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 781 782server1.v1.crt.openssl: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_server1_config_file) 783 echo "01" > $(test_ca_server1_serial) 784 rm -f $(test_ca_server1_db) 785 touch $(test_ca_server1_db) 786 $(OPENSSL) ca -batch -passin "pass:$(test_ca_pwd_rsa)" -config $(test_ca_server1_config_file) -in server1.csr -out $@ 787server1.v1.der.openssl: server1.v1.crt.openssl 788 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 789 790server1_all: server1.csr server1.crt server1.noauthid.crt server1.crt.openssl server1.v1.crt server1.v1.crt.openssl server1.key_usage.crt server1.key_usage_noauthid.crt server1.key_usage.crt.openssl server1.cert_type.crt server1.cert_type_noauthid.crt server1.cert_type.crt.openssl server1.der server1.der.openssl server1.v1.der server1.v1.der.openssl server1.key_usage.der server1.key_usage.der.openssl server1.cert_type.der server1.cert_type.der.openssl 791 792 793 794################################################################ 795#### Meta targets 796################################################################ 797 798all_final: $(all_final) 799all: $(all_intermediate) $(all_final) 800 801.PHONY: default all_final all 802.PHONY: keys_rsa_all 803.PHONY: keys_rsa_unenc keys_rsa_enc_basic 804.PHONY: keys_rsa_enc_pkcs8_v1 keys_rsa_enc_pkcs8_v2 805.PHONY: keys_rsa_enc_basic_1024 keys_rsa_enc_basic_2048 keys_rsa_enc_basic_4096 806.PHONY: keys_rsa_enc_pkcs8_v1_1024 keys_rsa_enc_pkcs8_v2_1024 807.PHONY: keys_rsa_enc_pkcs8_v1_2048 keys_rsa_enc_pkcs8_v2_2048 808.PHONY: keys_rsa_enc_pkcs8_v1_4096 keys_rsa_enc_pkcs8_v2_4096 809.PHONY: server1_all 810 811# These files should not be committed to the repository. 812list_intermediate: 813 @printf '%s\n' $(all_intermediate) | sort 814# These files should be committed to the repository so that the test data is 815# available upon checkout without running a randomized process depending on 816# third-party tools. 817list_final: 818 @printf '%s\n' $(all_final) | sort 819.PHONY: list_intermediate list_final 820 821## Remove intermediate files 822clean: 823 rm -f $(all_intermediate) 824## Remove all build products, even the ones that are committed 825neat: clean 826 rm -f $(all_final) 827.PHONY: clean neat 828