diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 44496911e..2732c3021 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -15,6 +15,7 @@ OPENSSL ?= openssl FAKETIME ?= faketime MBEDTLS_CERT_WRITE ?= $(PWD)/../../programs/x509/cert_write MBEDTLS_CERT_REQ ?= $(PWD)/../../programs/x509/cert_req +MBEDTLS_GEN_KEY ?= $(PWD)/../../programs/pkey/gen_key ## Build the generated test data. Note that since the final outputs ## are committed to the repository, this target should do nothing on a @@ -146,6 +147,42 @@ all_final += cli-rsa-sha256.crt.der $(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER all_final += cli-rsa.key.der +test-ca3.key.pem: + $(MBEDTLS_GEN_KEY) type=ec ec_curve=secp256r1 format=pem filename=$@ +test-ca3.key.der: test-ca3.key.pem + $(OPENSSL) ec -inform PEM -outform DER -in $< -out $@ +test-ca3.csr: test-ca3.key.der + $(MBEDTLS_CERT_REQ) filename=$< output_file=$@ subject_name="CN=Test CA Secp256r1, O=MbedTLS, C=UK" md=SHA256 +test-ca3.crt.pem: test-ca3.csr test-ca3.key.der + $(MBEDTLS_CERT_WRITE) request_file=test-ca3.csr selfsign=1 issuer_name="CN=Test CA Secp256r1, O=MbedTLS, C=UK" is_ca=1 md=SHA256 issuer_key=test-ca3.key.der output_file=$@ +test-ca3.crt.der: test-ca3.crt.pem + $(OPENSSL) x509 -inform PEM -outform DER -in $< -out $@ +all_final += test-ca3.key.pem test-ca3.key.der test-ca3.csr test-ca3.crt.pem test-ca3.crt.der + +cli3.key.pem: + $(MBEDTLS_GEN_KEY) type=ec ec_curve=secp256r1 format=pem filename=$@ +cli3.key.der: cli3.key.pem + $(OPENSSL) ec -inform PEM -outform DER -in $< -out $@ +cli3.csr: cli3.key.der + $(MBEDTLS_CERT_REQ) filename=$< output_file=$@ subject_name="CN=Test CRT2 Secp256r1, O=MbedTLS, C=UK" md=SHA256 +cli3.crt.pem: cli3.csr test-ca3.key.der + $(MBEDTLS_CERT_WRITE) request_file=cli3.csr issuer_name="CN=Test CA Secp256r1, O=MbedTLS, C=UK" md=SHA256 issuer_key=test-ca3.key.der output_file=$@ +cli3.crt.der: cli3.crt.pem + $(OPENSSL) x509 -inform PEM -outform DER -in $< -out $@ +all_final += cli3.key.pem cli3.key.der cli3.csr cli3.crt.pem cli3.crt.der + +server11.key.pem: + $(MBEDTLS_GEN_KEY) type=ec ec_curve=secp256r1 format=pem filename=$@ +server11.key.der: server11.key.pem + $(OPENSSL) ec -inform PEM -outform DER -in $< -out $@ +server11.csr: server11.key.der + $(MBEDTLS_CERT_REQ) filename=$< output_file=$@ subject_name="CN=localhost, O=MbedTLS, C=UK" md=SHA256 +server11.crt.pem: server11.csr test-ca3.key.der + $(MBEDTLS_CERT_WRITE) request_file=server11.csr issuer_name="CN=Test CA Secp256r1, O=MbedTLS, C=UK" md=SHA256 issuer_key=test-ca3.key.der output_file=$@ +server11.crt.der: server11.crt.pem + $(OPENSSL) x509 -inform PEM -outform DER -in $< -out $@ +all_final += server11.key.pem server11.key.der server11.csr server11.crt.pem server11.crt.der + test_ca_int_rsa1 = test-int-ca.crt server7.csr: server7.key diff --git a/tests/data_files/Readme-x509.txt b/tests/data_files/Readme-x509.txt index 6f54ed0c1..388865be5 100644 --- a/tests/data_files/Readme-x509.txt +++ b/tests/data_files/Readme-x509.txt @@ -11,6 +11,8 @@ There are two main CAs for use as trusted roots: - test-ca2*.crt aka "C=NL, O=PolarSSL, CN=Polarssl Test EC CA" uses an EC key with NIST P-384 (aka secp384r1) variants used to test the keyUsage extension +- test-ca3.crt aka "CN=TestCASecp256r1, O=MbedTLS, C=UK" + uses an EC key with NIST P-256 (aka secp256r1) The files test-ca_cat12 and test-ca_cat21 contain them concatenated both ways. Two intermediate CAs are signed by them: @@ -40,6 +42,7 @@ Short information fields: - name or pattern - issuing CA: 1 -> test-ca.crt 2 -> test-ca2.crt + 3 -> test-ca3.crt I1 -> test-int-ca.crt I2 -> test-int-ca2.crt I3 -> test-int-ca3.crt @@ -57,6 +60,7 @@ List of certificates: - cert_md*.crt, cert_sha*.crt: 1 R: signature hash - cert_v1_with_ext.crt: 1 R: v1 with extensions (illegal) - cli2.crt: 2 E: basic +- cli3.crt: 3 E, secp256r1 curve - cli-rsa.key, cli-rsa-*.crt: RSA key used for test clients, signed by the RSA test CA. - enco-cert-utf8str.pem: see enco-ca-prstr.pem above @@ -102,6 +106,7 @@ List of certificates: _int3_int-ca2.crt: S10 + I3 + I2 _int3_int-ca2_ca.crt: S10 + I3 + I2 + 1 _int3_spurious_int-ca2.crt: S10 + I3 + I1(spurious) + I2 + - server11.crt: 3 E, secp256r1 curve Certificate revocation lists ----------------------------