TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 418a62242b57248846d9136de89e34ac84a38cad / . / tests / data_files / Makefile
blob: f906545744caeb452dc5f2ff5ab989bf9e5dcdb0 [file] [log] [blame]
Gilles Peskinefd14bca2017-05-11 17:57:22 +0200[diff] [blame]1## This file contains a record of how some of the test data was
2## generated. The final build products are committed to the repository
3## as well to make sure that the test data is identical. You do not
4## need to use this makefile unless you're extending mbed TLS's tests.
Gilles Peskinef040a172017-05-05 18:56:12 +0200[diff] [blame]5
Gilles Peskinefd14bca2017-05-11 17:57:22 +0200[diff] [blame]6## Many data files were generated prior to the existence of this
7## makefile, so the method of their generation was not recorded.
Gilles Peskinef040a172017-05-05 18:56:12 +0200[diff] [blame]8
Gilles Peskinefd14bca2017-05-11 17:57:22 +0200[diff] [blame]9## Note that in addition to depending on the version of the data
10## generation tool, many of the build outputs are randomized, so
11## running this makefile twice would not produce the same results.
12
13## Tools
14OPENSSL ?= openssl
Hanno Becker418a6222017-09-14 07:51:28 +0100[diff] [blame^]15MBEDTLS_CERT_WRITE ?= $(PWD)/../../programs/x509/cert_write
Gilles Peskinefd14bca2017-05-11 17:57:22 +0200[diff] [blame]16
17## Build the generated test data. Note that since the final outputs
18## are committed to the repository, this target should do nothing on a
19## fresh checkout. Furthermore, since the generation is randomized,
20## re-running the same targets may result in differing files. The goal
21## of this makefile is primarily to serve as a record of how the
22## targets were generated in the first place.
Gilles Peskinef040a172017-05-05 18:56:12 +0200[diff] [blame]23default: all_final
24
25all_intermediate := # temporary files
26all_final := # files used by tests
27
Gilles Peskinefd14bca2017-05-11 17:57:22 +0200[diff] [blame]28
29
30################################################################
31#### Generate certificates from existing keys
32################################################################
33
Hanno Becker418a6222017-09-14 07:51:28 +0100[diff] [blame^]34test_ca_crt = test-ca.crt
Gilles Peskinefd14bca2017-05-11 17:57:22 +0200[diff] [blame]35test_ca_key_file_rsa = test-ca.key
36test_ca_pwd_rsa = PolarSSLTest
37test_ca_config_file = test-ca.opensslconf
38
Gilles Peskinef040a172017-05-05 18:56:12 +0200[diff] [blame]39test-ca.csr: $(test_ca_key_file_rsa) $(test_ca_config_file)
40 $(OPENSSL) req -new -config $(test_ca_config_file) -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test CA" -out $@
41all_intermediate += test-ca.csr
42test-ca-sha1.crt: $(test_ca_key_file_rsa) $(test_ca_config_file) test-ca.csr
43 $(OPENSSL) req -x509 -config $(test_ca_config_file) -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha1 -in test-ca.csr -out $@
44all_final += test-ca-sha1.crt
45test-ca-sha256.crt: $(test_ca_key_file_rsa) $(test_ca_config_file) test-ca.csr
46 $(OPENSSL) req -x509 -config $(test_ca_config_file) -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha256 -in test-ca.csr -out $@
47all_final += test-ca-sha256.crt
48
Gilles Peskinefd14bca2017-05-11 17:57:22 +0200[diff] [blame]49cli_crt_key_file_rsa = cli-rsa.key
50cli_crt_extensions_file = cli.opensslconf
51
Gilles Peskinef040a172017-05-05 18:56:12 +0200[diff] [blame]52cli-rsa.csr: $(cli_crt_key_file_rsa)
53 $(OPENSSL) req -new -key $(cli_crt_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -subj "/C=NL/O=PolarSSL/CN=PolarSSL Client 2" -out $@
54all_intermediate += cli-rsa.csr
55cli-rsa-sha1.crt: $(cli_crt_key_file_rsa) test-ca-sha1.crt cli-rsa.csr
56 $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA test-ca-sha1.crt -CAkey $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 4 -days 3653 -sha1 -in cli-rsa.csr -out $@
57all_final += cli-rsa-sha1.crt
58cli-rsa-sha256.crt: $(cli_crt_key_file_rsa) test-ca-sha256.crt cli-rsa.csr
59 $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA test-ca-sha256.crt -CAkey $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 4 -days 3653 -sha256 -in cli-rsa.csr -out $@
60all_final += cli-rsa-sha256.crt
61
Gilles Peskinebc70a182017-05-09 15:59:24 +0200[diff] [blame]62server2-rsa.csr: server2.key
63 $(OPENSSL) req -new -key server2.key -passin "pass:$(test_ca_pwd_rsa)" -subj "/C=NL/O=PolarSSL/CN=localhost" -out $@
64all_intermediate += server2-rsa.csr
65server2-sha256.crt: server2-rsa.csr
66 $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA test-ca-sha256.crt -CAkey $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 4 -days 3653 -sha256 -in server2-rsa.csr -out $@
67all_final += server2-sha256.crt
68
Hanno Becker418a6222017-09-14 07:51:28 +0100[diff] [blame^]69### Generate certificates for CRT write check tests
70### The test files use the Mbed TLS generated certificates server1*.crt,
71### but for comparison with OpenSSL also rules for OpenSSL-generated
72### certificates server1*.crt.openssl are offered.
73###
74### Known differences:
75### * OpenSSL encodes trailing zero-bits in bit-strings occurring in X.509 extension
76### as unused bits, while Mbed TLS doesn't.
Gilles Peskinebc70a182017-05-09 15:59:24 +0200[diff] [blame]77
Hanno Becker418a6222017-09-14 07:51:28 +0100[diff] [blame^]78test_ca_server1_db = test-ca.server1.db
79test_ca_server1_serial = test-ca.server1.serial
80test_ca_server1_config_file = test-ca.server1.opensslconf
81
82server1.csr: server1.key server1_csr.opensslconf
83 $(OPENSSL) req -keyform PEM -key server1.key -config server1_csr.opensslconf -out $@ -new
84all_final += server1.csr
85
86server1.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa)
87 $(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 version=3 output_file=$@
88server1.noauthid.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa)
89 $(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20110212144406 not_after=20210212144406 md=SHA1 authority_identifier=0 version=3 output_file=$@
90server1.der: server1.crt
91 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
92all_final += server1.crt server1.noauthid.crt server1.der
93
94server1.key_usage.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa)
95 $(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 key_usage=digital_signature,non_repudiation,key_encipherment version=3 output_file=$@
96server1.key_usage_noauthid.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa)
97 $(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 key_usage=digital_signature,non_repudiation,key_encipherment authority_identifier=0 version=3 output_file=$@
98server1.key_usage.der: server1.key_usage.crt
99 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
100all_final += server1.key_usage.crt server1.key_usage_noauthid.crt server1.key_usage.der
101
102server1.cert_type.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa)
103 $(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 ns_cert_type=ssl_server version=3 output_file=$@
104server1.cert_type_noauthid.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa)
105 $(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 ns_cert_type=ssl_server authority_identifier=0 version=3 output_file=$@
106server1.cert_type.der: server1.cert_type.crt
107 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
108all_final += server1.cert_type.crt server1.cert_type_noauthid.crt server1.cert_type.der
109
110server1.v1.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa)
111 $(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 version=1 output_file=$@
112server1.v1.der: server1.v1.crt
113 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
114all_final += server1.v1.crt server1.v1.der
115
116# OpenSSL-generated certificates for comparison
117# Also provide certificates to DER format to allow
118# direct binary comparison using e.g. dumpasn1
119server1.crt.openssl server1.key_usage.crt.openssl server1.cert_type.crt.openssl: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_server1_config_file)
120 echo "01" > $(test_ca_server1_serial)
121 rm -f $(test_ca_server1_db)
122 touch $(test_ca_server1_db)
123 $(OPENSSL) ca -batch -passin "pass:$(test_ca_pwd_rsa)" -config $(test_ca_server1_config_file) -in server1.csr -extensions v3_ext -extfile $@.v3_ext -out $@
124server1.der.openssl: server1.crt.openssl
125 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
126server1.key_usage.der.openssl: server1.key_usage.crt.openssl
127 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
128server1.cert_type.der.openssl: server1.cert_type.crt.openssl
129 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
130
131server1.v1.crt.openssl: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_server1_config_file)
132 echo "01" > $(test_ca_server1_serial)
133 rm -f $(test_ca_server1_db)
134 touch $(test_ca_server1_db)
135 $(OPENSSL) ca -batch -passin "pass:$(test_ca_pwd_rsa)" -config $(test_ca_server1_config_file) -in server1.csr -out $@
136server1.v1.der.openssl: server1.v1.crt.openssl
137 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
138
139server1_all: server1.csr server1.crt server1.noauthid.crt server1.crt.openssl server1.v1.crt server1.v1.crt.openssl server1.key_usage.crt server1.key_usage_noauthid.crt server1.key_usage.crt.openssl server1.cert_type.crt server1.cert_type_noauthid.crt server1.cert_type.crt.openssl server1.der server1.der.openssl server1.v1.der server1.v1.der.openssl server1.key_usage.der server1.key_usage.der.openssl server1.cert_type.der server1.cert_type.der.openssl
Gilles Peskinefd14bca2017-05-11 17:57:22 +0200[diff] [blame]140
141################################################################
142#### Meta targets
143################################################################
144
Gilles Peskinef040a172017-05-05 18:56:12 +0200[diff] [blame]145all_final: $(all_final)
146all: $(all_intermediate) $(all_final)
147
Hanno Becker418a6222017-09-14 07:51:28 +0100[diff] [blame^]148.PHONY: default all_final all server1_all
Gilles Peskinefd14bca2017-05-11 17:57:22 +0200[diff] [blame]149
Gilles Peskinef040a172017-05-05 18:56:12 +0200[diff] [blame]150# These files should not be committed to the repository.
151list_intermediate:
152 @printf '%s\n' $(all_intermediate) | sort
153# These files should be committed to the repository so that the test data is
154# available upon checkout without running a randomized process depending on
155# third-party tools.
156list_final:
157 @printf '%s\n' $(all_final) | sort
Gilles Peskinefd14bca2017-05-11 17:57:22 +0200[diff] [blame]158.PHONY: list_intermediate list_final
Gilles Peskinef040a172017-05-05 18:56:12 +0200[diff] [blame]159
Gilles Peskinefd14bca2017-05-11 17:57:22 +0200[diff] [blame]160## Remove intermediate files
Gilles Peskinef040a172017-05-05 18:56:12 +0200[diff] [blame]161clean:
162 rm -f $(all_intermediate)
Gilles Peskinefd14bca2017-05-11 17:57:22 +0200[diff] [blame]163## Remove all build products, even the ones that are committed
Gilles Peskinef040a172017-05-05 18:56:12 +0200[diff] [blame]164neat: clean
165 rm -f $(all_final)
Gilles Peskinefd14bca2017-05-11 17:57:22 +0200[diff] [blame]166.PHONY: clean neat