Use P-256 for EC tests
Fedora/RedHat OpenSSL supports only P-256, P-384 and P-521. The new mkcert.sh script can create updated certs when these expire on Jan 17th 2038.
This commit is contained in:

committed by
Viktor Dukhovni

parent
6bfcd13506
commit
46e0bd3c68
@@ -349,15 +349,15 @@ EXTRA_DIST = \
|
||||
tst-crypto-select6 \
|
||||
tst-crypto-select7 \
|
||||
data/n0ll.pem \
|
||||
data/secp160r1TestCA.cert.pem \
|
||||
data/secp160r1TestCA.key.pem \
|
||||
data/secp160r1TestCA.pem \
|
||||
data/secp160r2TestClient.cert.pem \
|
||||
data/secp160r2TestClient.key.pem \
|
||||
data/secp160r2TestClient.pem \
|
||||
data/secp160r2TestServer.cert.pem \
|
||||
data/secp160r2TestServer.key.pem \
|
||||
data/secp160r2TestServer.pem \
|
||||
data/secp256r1TestCA.cert.pem \
|
||||
data/secp256r1TestCA.key.pem \
|
||||
data/secp256r1TestCA.pem \
|
||||
data/secp256r2TestClient.cert.pem \
|
||||
data/secp256r2TestClient.key.pem \
|
||||
data/secp256r2TestClient.pem \
|
||||
data/secp256r2TestServer.cert.pem \
|
||||
data/secp256r2TestServer.key.pem \
|
||||
data/secp256r2TestServer.pem \
|
||||
data/bleichenbacher-bad.pem \
|
||||
data/bleichenbacher-good.pem \
|
||||
data/bleichenbacher-sf-pad-correct.pem \
|
||||
|
84
lib/hx509/data/mkcert.sh
Executable file
84
lib/hx509/data/mkcert.sh
Executable file
@@ -0,0 +1,84 @@
|
||||
#! /bin/bash
|
||||
|
||||
set -e
|
||||
|
||||
# For now, avoid going past the 2038 32-bit clock rollover
|
||||
DAYS=$(( ( 0x7fffffff - $(date +%s) ) / 86400 - 1 ))
|
||||
|
||||
key() {
|
||||
local key=$1; shift
|
||||
|
||||
if [ ! -f "${key}.pem" ]; then
|
||||
openssl genpkey \
|
||||
-paramfile <(openssl ecparam -name prime256v1) \
|
||||
-out "${key}.pem"
|
||||
fi
|
||||
}
|
||||
|
||||
req() {
|
||||
local key=$1; shift
|
||||
local dn=$1; shift
|
||||
|
||||
openssl req -new -sha256 -key "${key}.pem" \
|
||||
-config <(printf "[req]\n%s\n%s\n[dn]\nCN_default=foo\n" \
|
||||
"prompt = yes" "distinguished_name = dn") \
|
||||
-subj "${dn}"
|
||||
}
|
||||
|
||||
cert() {
|
||||
local cert=$1; shift
|
||||
local exts=$1; shift
|
||||
|
||||
openssl x509 -req -sha256 -out "${cert}.pem" \
|
||||
-extfile <(printf "%s\n" "$exts") "$@"
|
||||
}
|
||||
|
||||
genroot() {
|
||||
local dn=$1; shift
|
||||
local key=$1; shift
|
||||
local cert=$1; shift
|
||||
|
||||
exts=$(printf "%s\n%s\n%s\n%s\n" \
|
||||
"subjectKeyIdentifier = hash" \
|
||||
"authorityKeyIdentifier = keyid" \
|
||||
"basicConstraints = CA:true" \
|
||||
"keyUsage = keyCertSign, cRLSign" )
|
||||
key "$key"; req "$key" "$dn" |
|
||||
cert "$cert" "$exts" -signkey "${key}.pem" \
|
||||
-set_serial 1 -days "${DAYS}"
|
||||
}
|
||||
|
||||
genee() {
|
||||
local dn=$1; shift
|
||||
local key=$1; shift
|
||||
local cert=$1; shift
|
||||
local cakey=$1; shift
|
||||
local cacert=$1; shift
|
||||
|
||||
exts=$(printf "%s\n%s\n%s\n%s\n" \
|
||||
"subjectKeyIdentifier = hash" \
|
||||
"authorityKeyIdentifier = keyid, issuer" \
|
||||
"basicConstraints = CA:false" \
|
||||
"keyUsage = digitalSignature, keyEncipherment, dataEncipherment" \
|
||||
)
|
||||
key "$key"; req "$key" "$dn" |
|
||||
cert "$cert" "$exts" -CA "${cacert}.pem" -CAkey "${cakey}.pem" \
|
||||
-set_serial 2 -days "${DAYS}" "$@"
|
||||
}
|
||||
|
||||
|
||||
genroot "/C=SE/O=Heimdal/CN=CA secp256r1" \
|
||||
secp256r1TestCA.key secp256r1TestCA.cert
|
||||
genee "/C=SE/O=Heimdal/CN=Server" \
|
||||
secp256r2TestServer.key secp256r2TestServer.cert \
|
||||
secp256r1TestCA.key secp256r1TestCA.cert
|
||||
genee "/C=SE/O=Heimdal/CN=Client" \
|
||||
secp256r2TestClient.key secp256r2TestClient.cert \
|
||||
secp256r1TestCA.key secp256r1TestCA.cert
|
||||
|
||||
cat secp256r1TestCA.key.pem secp256r1TestCA.cert.pem > \
|
||||
secp256r1TestCA.pem
|
||||
cat secp256r2TestClient.cert.pem secp256r2TestClient.key.pem > \
|
||||
secp256r2TestClient.pem
|
||||
cat secp256r2TestServer.cert.pem secp256r2TestServer.key.pem > \
|
||||
secp256r2TestServer.pem
|
@@ -1,12 +0,0 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIBxjCCAYagAwIBAgIJAKjMYS/6EOLdMAkGByqGSM49BAEwNjELMAkGA1UEBhMC
|
||||
U0UxEDAOBgNVBAoTB0hlaW1kYWwxFTATBgNVBAMTDENBIHNlY3AxNjByMTAeFw0w
|
||||
OTAyMTQxNzUwMDRaFw0yMDAxMjgxNzUwMDRaMDYxCzAJBgNVBAYTAlNFMRAwDgYD
|
||||
VQQKEwdIZWltZGFsMRUwEwYDVQQDEwxDQSBzZWNwMTYwcjEwPjAQBgcqhkjOPQIB
|
||||
BgUrgQQACAMqAASMHokF13aCVrlhMSr9Vgofj7loM2a7ZrU3h8/j1n/cO24ceyN/
|
||||
DpsOo4GYMIGVMB0GA1UdDgQWBBS58EWwgNdBwkYVhUSNzwIehHhEDzBmBgNVHSME
|
||||
XzBdgBS58EWwgNdBwkYVhUSNzwIehHhED6E6pDgwNjELMAkGA1UEBhMCU0UxEDAO
|
||||
BgNVBAoTB0hlaW1kYWwxFTATBgNVBAMTDENBIHNlY3AxNjByMYIJAKjMYS/6EOLd
|
||||
MAwGA1UdEwQFMAMBAf8wCQYHKoZIzj0EAQMvADAsAhRZPKbqMYDATJasRcXQfEh5
|
||||
8oHCywIUGZ0h6FqSvPgpkZ7hoU+ZEFJ/D88=
|
||||
-----END CERTIFICATE-----
|
@@ -1,4 +0,0 @@
|
||||
-----BEGIN EC PRIVATE KEY-----
|
||||
MFACAQEEFHegiSlX0311KSBjNrbzq6HrKjkYoAcGBSuBBAAIoSwDKgAEjB6JBdd2
|
||||
gla5YTEq/VYKH4+5aDNmu2a1N4fP49Z/3DtuHHsjfw6bDg==
|
||||
-----END EC PRIVATE KEY-----
|
@@ -1,18 +0,0 @@
|
||||
issuer= /C=SE/O=Heimdal/CN=CA secp160r1
|
||||
subject= /C=SE/O=Heimdal/CN=CA secp160r1
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIBxjCCAYagAwIBAgIJAKjMYS/6EOLdMAkGByqGSM49BAEwNjELMAkGA1UEBhMC
|
||||
U0UxEDAOBgNVBAoTB0hlaW1kYWwxFTATBgNVBAMTDENBIHNlY3AxNjByMTAeFw0w
|
||||
OTAyMTQxNzUwMDRaFw0yMDAxMjgxNzUwMDRaMDYxCzAJBgNVBAYTAlNFMRAwDgYD
|
||||
VQQKEwdIZWltZGFsMRUwEwYDVQQDEwxDQSBzZWNwMTYwcjEwPjAQBgcqhkjOPQIB
|
||||
BgUrgQQACAMqAASMHokF13aCVrlhMSr9Vgofj7loM2a7ZrU3h8/j1n/cO24ceyN/
|
||||
DpsOo4GYMIGVMB0GA1UdDgQWBBS58EWwgNdBwkYVhUSNzwIehHhEDzBmBgNVHSME
|
||||
XzBdgBS58EWwgNdBwkYVhUSNzwIehHhED6E6pDgwNjELMAkGA1UEBhMCU0UxEDAO
|
||||
BgNVBAoTB0hlaW1kYWwxFTATBgNVBAMTDENBIHNlY3AxNjByMYIJAKjMYS/6EOLd
|
||||
MAwGA1UdEwQFMAMBAf8wCQYHKoZIzj0EAQMvADAsAhRZPKbqMYDATJasRcXQfEh5
|
||||
8oHCywIUGZ0h6FqSvPgpkZ7hoU+ZEFJ/D88=
|
||||
-----END CERTIFICATE-----
|
||||
-----BEGIN EC PRIVATE KEY-----
|
||||
MFACAQEEFHegiSlX0311KSBjNrbzq6HrKjkYoAcGBSuBBAAIoSwDKgAEjB6JBdd2
|
||||
gla5YTEq/VYKH4+5aDNmu2a1N4fP49Z/3DtuHHsjfw6bDg==
|
||||
-----END EC PRIVATE KEY-----
|
@@ -1,9 +0,0 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIBIDCB4AIJAN1XzNknE3lDMAkGByqGSM49BAEwNjELMAkGA1UEBhMCU0UxEDAO
|
||||
BgNVBAoTB0hlaW1kYWwxFTATBgNVBAMTDENBIHNlY3AxNjByMTAeFw0wOTAyMTQx
|
||||
NzUwMDRaFw0yMDAxMjgxNzUwMDRaMDAxCzAJBgNVBAYTAlNFMRAwDgYDVQQKEwdI
|
||||
ZWltZGFsMQ8wDQYDVQQDEwZDbGllbnQwPjAQBgcqhkjOPQIBBgUrgQQAHgMqAASA
|
||||
oVzj3A0W1FaSmc0NwTRdX4A8eCbDb6pf07vMpUcOqvdXVGwWN3HhMAkGByqGSM49
|
||||
BAEDMAAwLQIURJ9Jdesm0rqwpOAn8K23GdWlCkYCFQDmJtqiOLs4jjUUP6T7O17M
|
||||
Iwyrvg==
|
||||
-----END CERTIFICATE-----
|
@@ -1,4 +0,0 @@
|
||||
-----BEGIN EC PRIVATE KEY-----
|
||||
MFACAQEEFNz0QJPbDlTBMSOfUoxNSzOOpRKyoAcGBSuBBAAeoSwDKgAEgKFc49wN
|
||||
FtRWkpnNDcE0XV+APHgmw2+qX9O7zKVHDqr3V1RsFjdx4Q==
|
||||
-----END EC PRIVATE KEY-----
|
@@ -1,15 +0,0 @@
|
||||
issuer= /C=SE/O=Heimdal/CN=CA secp160r1
|
||||
subject= /C=SE/O=Heimdal/CN=Client
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIBIDCB4AIJAN1XzNknE3lDMAkGByqGSM49BAEwNjELMAkGA1UEBhMCU0UxEDAO
|
||||
BgNVBAoTB0hlaW1kYWwxFTATBgNVBAMTDENBIHNlY3AxNjByMTAeFw0wOTAyMTQx
|
||||
NzUwMDRaFw0yMDAxMjgxNzUwMDRaMDAxCzAJBgNVBAYTAlNFMRAwDgYDVQQKEwdI
|
||||
ZWltZGFsMQ8wDQYDVQQDEwZDbGllbnQwPjAQBgcqhkjOPQIBBgUrgQQAHgMqAASA
|
||||
oVzj3A0W1FaSmc0NwTRdX4A8eCbDb6pf07vMpUcOqvdXVGwWN3HhMAkGByqGSM49
|
||||
BAEDMAAwLQIURJ9Jdesm0rqwpOAn8K23GdWlCkYCFQDmJtqiOLs4jjUUP6T7O17M
|
||||
Iwyrvg==
|
||||
-----END CERTIFICATE-----
|
||||
-----BEGIN EC PRIVATE KEY-----
|
||||
MFACAQEEFNz0QJPbDlTBMSOfUoxNSzOOpRKyoAcGBSuBBAAeoSwDKgAEgKFc49wN
|
||||
FtRWkpnNDcE0XV+APHgmw2+qX9O7zKVHDqr3V1RsFjdx4Q==
|
||||
-----END EC PRIVATE KEY-----
|
@@ -1,9 +0,0 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIBIDCB4AIJAN1XzNknE3lCMAkGByqGSM49BAEwNjELMAkGA1UEBhMCU0UxEDAO
|
||||
BgNVBAoTB0hlaW1kYWwxFTATBgNVBAMTDENBIHNlY3AxNjByMTAeFw0wOTAyMTQx
|
||||
NzUwMDRaFw0yMDAxMjgxNzUwMDRaMDAxCzAJBgNVBAYTAlNFMRAwDgYDVQQKEwdI
|
||||
ZWltZGFsMQ8wDQYDVQQDEwZTZXJ2ZXIwPjAQBgcqhkjOPQIBBgUrgQQAHgMqAARA
|
||||
IUAwnwABnZAs378hcEgnk8efxE35RF6B+MmxSq1Twhp2C1ophD6yMAkGByqGSM49
|
||||
BAEDMAAwLQIVAO0hl59KWXRMBaJ2iKsiu/j73/bPAhRfsTT6SIBL5+3gjLhl7SqK
|
||||
1kTMQw==
|
||||
-----END CERTIFICATE-----
|
@@ -1,4 +0,0 @@
|
||||
-----BEGIN EC PRIVATE KEY-----
|
||||
MFACAQEEFBR1r2nPL1Ln1U5Nk1kW9XtNEkk1oAcGBSuBBAAeoSwDKgAEQCFAMJ8A
|
||||
AZ2QLN+/IXBIJ5PHn8RN+URegfjJsUqtU8IadgtaKYQ+sg==
|
||||
-----END EC PRIVATE KEY-----
|
@@ -1,15 +0,0 @@
|
||||
issuer= /C=SE/O=Heimdal/CN=CA secp160r1
|
||||
subject= /C=SE/O=Heimdal/CN=Server
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIBIDCB4AIJAN1XzNknE3lCMAkGByqGSM49BAEwNjELMAkGA1UEBhMCU0UxEDAO
|
||||
BgNVBAoTB0hlaW1kYWwxFTATBgNVBAMTDENBIHNlY3AxNjByMTAeFw0wOTAyMTQx
|
||||
NzUwMDRaFw0yMDAxMjgxNzUwMDRaMDAxCzAJBgNVBAYTAlNFMRAwDgYDVQQKEwdI
|
||||
ZWltZGFsMQ8wDQYDVQQDEwZTZXJ2ZXIwPjAQBgcqhkjOPQIBBgUrgQQAHgMqAARA
|
||||
IUAwnwABnZAs378hcEgnk8efxE35RF6B+MmxSq1Twhp2C1ophD6yMAkGByqGSM49
|
||||
BAEDMAAwLQIVAO0hl59KWXRMBaJ2iKsiu/j73/bPAhRfsTT6SIBL5+3gjLhl7SqK
|
||||
1kTMQw==
|
||||
-----END CERTIFICATE-----
|
||||
-----BEGIN EC PRIVATE KEY-----
|
||||
MFACAQEEFBR1r2nPL1Ln1U5Nk1kW9XtNEkk1oAcGBSuBBAAeoSwDKgAEQCFAMJ8A
|
||||
AZ2QLN+/IXBIJ5PHn8RN+URegfjJsUqtU8IadgtaKYQ+sg==
|
||||
-----END EC PRIVATE KEY-----
|
12
lib/hx509/data/secp256r1TestCA.cert.pem
Normal file
12
lib/hx509/data/secp256r1TestCA.cert.pem
Normal file
@@ -0,0 +1,12 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIBuDCCAV6gAwIBAgIBATAKBggqhkjOPQQDAjA2MQswCQYDVQQGEwJTRTEQMA4G
|
||||
A1UEChMHSGVpbWRhbDEVMBMGA1UEAxMMQ0Egc2VjcDI1NnIxMB4XDTE0MDMxMDE5
|
||||
NDAyM1oXDTM4MDExNzE5NDAyM1owNjELMAkGA1UEBhMCU0UxEDAOBgNVBAoTB0hl
|
||||
aW1kYWwxFTATBgNVBAMTDENBIHNlY3AyNTZyMTBZMBMGByqGSM49AgEGCCqGSM49
|
||||
AwEHA0IABOUrhSvioYJaKUK9WjI5eGRAWsOB2DNslTkcgTkFsd3vD4/dGxaHBOIM
|
||||
kuD9ldGK2sQArEIDKfrOHvP+oFz3jLajXTBbMB0GA1UdDgQWBBTrUd8AqGhfZvHV
|
||||
spcznXeb328JgzAfBgNVHSMEGDAWgBTrUd8AqGhfZvHVspcznXeb328JgzAMBgNV
|
||||
HRMEBTADAQH/MAsGA1UdDwQEAwIBBjAKBggqhkjOPQQDAgNIADBFAiBd6J2N4B6L
|
||||
mtn0ZP/6vOyPkA7YMq2EwbVyTGlnBTwYsQIhALjsLWHQVSkt08rly48ns93DeSbM
|
||||
XejBzmT8QXEdib+1
|
||||
-----END CERTIFICATE-----
|
5
lib/hx509/data/secp256r1TestCA.key.pem
Normal file
5
lib/hx509/data/secp256r1TestCA.key.pem
Normal file
@@ -0,0 +1,5 @@
|
||||
-----BEGIN PRIVATE KEY-----
|
||||
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgL2N0gdHhAjBGcJ40
|
||||
gHePPMwGKygIVDXTfjysn9zPiSOhRANCAATlK4Ur4qGCWilCvVoyOXhkQFrDgdgz
|
||||
bJU5HIE5BbHd7w+P3RsWhwTiDJLg/ZXRitrEAKxCAyn6zh7z/qBc94y2
|
||||
-----END PRIVATE KEY-----
|
17
lib/hx509/data/secp256r1TestCA.pem
Normal file
17
lib/hx509/data/secp256r1TestCA.pem
Normal file
@@ -0,0 +1,17 @@
|
||||
-----BEGIN PRIVATE KEY-----
|
||||
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgL2N0gdHhAjBGcJ40
|
||||
gHePPMwGKygIVDXTfjysn9zPiSOhRANCAATlK4Ur4qGCWilCvVoyOXhkQFrDgdgz
|
||||
bJU5HIE5BbHd7w+P3RsWhwTiDJLg/ZXRitrEAKxCAyn6zh7z/qBc94y2
|
||||
-----END PRIVATE KEY-----
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIBuDCCAV6gAwIBAgIBATAKBggqhkjOPQQDAjA2MQswCQYDVQQGEwJTRTEQMA4G
|
||||
A1UEChMHSGVpbWRhbDEVMBMGA1UEAxMMQ0Egc2VjcDI1NnIxMB4XDTE0MDMxMDE5
|
||||
NDAyM1oXDTM4MDExNzE5NDAyM1owNjELMAkGA1UEBhMCU0UxEDAOBgNVBAoTB0hl
|
||||
aW1kYWwxFTATBgNVBAMTDENBIHNlY3AyNTZyMTBZMBMGByqGSM49AgEGCCqGSM49
|
||||
AwEHA0IABOUrhSvioYJaKUK9WjI5eGRAWsOB2DNslTkcgTkFsd3vD4/dGxaHBOIM
|
||||
kuD9ldGK2sQArEIDKfrOHvP+oFz3jLajXTBbMB0GA1UdDgQWBBTrUd8AqGhfZvHV
|
||||
spcznXeb328JgzAfBgNVHSMEGDAWgBTrUd8AqGhfZvHVspcznXeb328JgzAMBgNV
|
||||
HRMEBTADAQH/MAsGA1UdDwQEAwIBBjAKBggqhkjOPQQDAgNIADBFAiBd6J2N4B6L
|
||||
mtn0ZP/6vOyPkA7YMq2EwbVyTGlnBTwYsQIhALjsLWHQVSkt08rly48ns93DeSbM
|
||||
XejBzmT8QXEdib+1
|
||||
-----END CERTIFICATE-----
|
12
lib/hx509/data/secp256r2TestClient.cert.pem
Normal file
12
lib/hx509/data/secp256r2TestClient.cert.pem
Normal file
@@ -0,0 +1,12 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIBrzCCAVWgAwIBAgIBAjAKBggqhkjOPQQDAjA2MQswCQYDVQQGEwJTRTEQMA4G
|
||||
A1UEChMHSGVpbWRhbDEVMBMGA1UEAxMMQ0Egc2VjcDI1NnIxMB4XDTE0MDMxMDE5
|
||||
NDAyM1oXDTM4MDExNzE5NDAyM1owMDELMAkGA1UEBhMCU0UxEDAOBgNVBAoTB0hl
|
||||
aW1kYWwxDzANBgNVBAMTBkNsaWVudDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA
|
||||
BO7/MCIBHf8gQLQ5ltp1uyCOCAw8uylZZ7+v/rB3oKHuAIyL6q/QjZXZH3FR5VcI
|
||||
zANavN5SAfx9CFJpPk+pUISjWjBYMB0GA1UdDgQWBBSjXg4X3fs5xOQgTumjZQwF
|
||||
I13RejAfBgNVHSMEGDAWgBTrUd8AqGhfZvHVspcznXeb328JgzAJBgNVHRMEAjAA
|
||||
MAsGA1UdDwQEAwIEsDAKBggqhkjOPQQDAgNIADBFAiAa9d6aCxlioep3ViYqujWv
|
||||
A28/16yXOrmLY1a2wcj3awIhAMeVjMiUTP/U4yXfb3uJjJmq8hfyNZ/CAiTQKORx
|
||||
JjIt
|
||||
-----END CERTIFICATE-----
|
5
lib/hx509/data/secp256r2TestClient.key.pem
Normal file
5
lib/hx509/data/secp256r2TestClient.key.pem
Normal file
@@ -0,0 +1,5 @@
|
||||
-----BEGIN PRIVATE KEY-----
|
||||
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg6oD5CbNzN7oAWqcq
|
||||
dKJKw2WU5EwnUV05+7S9gXgeW/qhRANCAATu/zAiAR3/IEC0OZbadbsgjggMPLsp
|
||||
WWe/r/6wd6Ch7gCMi+qv0I2V2R9xUeVXCMwDWrzeUgH8fQhSaT5PqVCE
|
||||
-----END PRIVATE KEY-----
|
17
lib/hx509/data/secp256r2TestClient.pem
Normal file
17
lib/hx509/data/secp256r2TestClient.pem
Normal file
@@ -0,0 +1,17 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIBrzCCAVWgAwIBAgIBAjAKBggqhkjOPQQDAjA2MQswCQYDVQQGEwJTRTEQMA4G
|
||||
A1UEChMHSGVpbWRhbDEVMBMGA1UEAxMMQ0Egc2VjcDI1NnIxMB4XDTE0MDMxMDE5
|
||||
NDAyM1oXDTM4MDExNzE5NDAyM1owMDELMAkGA1UEBhMCU0UxEDAOBgNVBAoTB0hl
|
||||
aW1kYWwxDzANBgNVBAMTBkNsaWVudDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA
|
||||
BO7/MCIBHf8gQLQ5ltp1uyCOCAw8uylZZ7+v/rB3oKHuAIyL6q/QjZXZH3FR5VcI
|
||||
zANavN5SAfx9CFJpPk+pUISjWjBYMB0GA1UdDgQWBBSjXg4X3fs5xOQgTumjZQwF
|
||||
I13RejAfBgNVHSMEGDAWgBTrUd8AqGhfZvHVspcznXeb328JgzAJBgNVHRMEAjAA
|
||||
MAsGA1UdDwQEAwIEsDAKBggqhkjOPQQDAgNIADBFAiAa9d6aCxlioep3ViYqujWv
|
||||
A28/16yXOrmLY1a2wcj3awIhAMeVjMiUTP/U4yXfb3uJjJmq8hfyNZ/CAiTQKORx
|
||||
JjIt
|
||||
-----END CERTIFICATE-----
|
||||
-----BEGIN PRIVATE KEY-----
|
||||
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg6oD5CbNzN7oAWqcq
|
||||
dKJKw2WU5EwnUV05+7S9gXgeW/qhRANCAATu/zAiAR3/IEC0OZbadbsgjggMPLsp
|
||||
WWe/r/6wd6Ch7gCMi+qv0I2V2R9xUeVXCMwDWrzeUgH8fQhSaT5PqVCE
|
||||
-----END PRIVATE KEY-----
|
12
lib/hx509/data/secp256r2TestServer.cert.pem
Normal file
12
lib/hx509/data/secp256r2TestServer.cert.pem
Normal file
@@ -0,0 +1,12 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIBsDCCAVWgAwIBAgIBAjAKBggqhkjOPQQDAjA2MQswCQYDVQQGEwJTRTEQMA4G
|
||||
A1UEChMHSGVpbWRhbDEVMBMGA1UEAxMMQ0Egc2VjcDI1NnIxMB4XDTE0MDMxMDE5
|
||||
NDAyM1oXDTM4MDExNzE5NDAyM1owMDELMAkGA1UEBhMCU0UxEDAOBgNVBAoTB0hl
|
||||
aW1kYWwxDzANBgNVBAMTBlNlcnZlcjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA
|
||||
BItZgn1C8ZBvKkkNoEofWL0JLCTaHT2lJj7d9jRtSKiR2PlOtd5HhteDqP78K4eg
|
||||
lRMk5nqsmEooalfbNsFBy8SjWjBYMB0GA1UdDgQWBBTqMDTOezcRsax6lf6E/Xk+
|
||||
QzPorjAfBgNVHSMEGDAWgBTrUd8AqGhfZvHVspcznXeb328JgzAJBgNVHRMEAjAA
|
||||
MAsGA1UdDwQEAwIEsDAKBggqhkjOPQQDAgNJADBGAiEAsvf//YdUWCD6OLZesENa
|
||||
1mH8+b+kZDR6jx1JchRXAEQCIQDkTvTZrlmmxUaWEsf08/4xbxkYbrPAg4+VX2uI
|
||||
QcEwUA==
|
||||
-----END CERTIFICATE-----
|
5
lib/hx509/data/secp256r2TestServer.key.pem
Normal file
5
lib/hx509/data/secp256r2TestServer.key.pem
Normal file
@@ -0,0 +1,5 @@
|
||||
-----BEGIN PRIVATE KEY-----
|
||||
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgKo/47DaveCl90GxH
|
||||
LCE7IGBua2XsE+jI4RUWZrqjhBGhRANCAASLWYJ9QvGQbypJDaBKH1i9CSwk2h09
|
||||
pSY+3fY0bUiokdj5TrXeR4bXg6j+/CuHoJUTJOZ6rJhKKGpX2zbBQcvE
|
||||
-----END PRIVATE KEY-----
|
17
lib/hx509/data/secp256r2TestServer.pem
Normal file
17
lib/hx509/data/secp256r2TestServer.pem
Normal file
@@ -0,0 +1,17 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIBsDCCAVWgAwIBAgIBAjAKBggqhkjOPQQDAjA2MQswCQYDVQQGEwJTRTEQMA4G
|
||||
A1UEChMHSGVpbWRhbDEVMBMGA1UEAxMMQ0Egc2VjcDI1NnIxMB4XDTE0MDMxMDE5
|
||||
NDAyM1oXDTM4MDExNzE5NDAyM1owMDELMAkGA1UEBhMCU0UxEDAOBgNVBAoTB0hl
|
||||
aW1kYWwxDzANBgNVBAMTBlNlcnZlcjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA
|
||||
BItZgn1C8ZBvKkkNoEofWL0JLCTaHT2lJj7d9jRtSKiR2PlOtd5HhteDqP78K4eg
|
||||
lRMk5nqsmEooalfbNsFBy8SjWjBYMB0GA1UdDgQWBBTqMDTOezcRsax6lf6E/Xk+
|
||||
QzPorjAfBgNVHSMEGDAWgBTrUd8AqGhfZvHVspcznXeb328JgzAJBgNVHRMEAjAA
|
||||
MAsGA1UdDwQEAwIEsDAKBggqhkjOPQQDAgNJADBGAiEAsvf//YdUWCD6OLZesENa
|
||||
1mH8+b+kZDR6jx1JchRXAEQCIQDkTvTZrlmmxUaWEsf08/4xbxkYbrPAg4+VX2uI
|
||||
QcEwUA==
|
||||
-----END CERTIFICATE-----
|
||||
-----BEGIN PRIVATE KEY-----
|
||||
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgKo/47DaveCl90GxH
|
||||
LCE7IGBua2XsE+jI4RUWZrqjhBGhRANCAASLWYJ9QvGQbypJDaBKH1i9CSwk2h09
|
||||
pSY+3fY0bUiokdj5TrXeR4bXg6j+/CuHoJUTJOZ6rJhKKGpX2zbBQcvE
|
||||
-----END PRIVATE KEY-----
|
@@ -192,13 +192,13 @@ if ${hxtool} info | grep 'ecdsa: hcrypto null' > /dev/null ; then
|
||||
else
|
||||
echo "eccert -> root"
|
||||
${hxtool} verify --missing-revoke \
|
||||
cert:FILE:$srcdir/data/secp160r2TestServer.cert.pem \
|
||||
anchor:FILE:$srcdir/data/secp160r1TestCA.cert.pem > /dev/null || exit 1
|
||||
cert:FILE:$srcdir/data/secp256r2TestServer.cert.pem \
|
||||
anchor:FILE:$srcdir/data/secp256r1TestCA.cert.pem > /dev/null || exit 1
|
||||
|
||||
echo "eccert -> root"
|
||||
${hxtool} verify --missing-revoke \
|
||||
cert:FILE:$srcdir/data/secp160r2TestClient.cert.pem \
|
||||
anchor:FILE:$srcdir/data/secp160r1TestCA.cert.pem > /dev/null || exit 1
|
||||
cert:FILE:$srcdir/data/secp256r2TestClient.cert.pem \
|
||||
anchor:FILE:$srcdir/data/secp256r1TestCA.cert.pem > /dev/null || exit 1
|
||||
fi
|
||||
|
||||
echo "proxy cert"
|
||||
|
@@ -53,15 +53,15 @@ if ${hxtool} info | grep 'ecdsa: hcrypto null' > /dev/null ; then
|
||||
else
|
||||
echo "create signed data (ec)"
|
||||
${hxtool} cms-create-sd \
|
||||
--certificate=FILE:$srcdir/data/secp160r2TestClient.pem \
|
||||
"$srcdir/test_chain.in" \
|
||||
sd.data > /dev/null || exit 1
|
||||
--certificate=FILE:$srcdir/data/secp256r2TestClient.pem \
|
||||
"$srcdir/test_chain.in" \
|
||||
sd.data > /dev/null || exit 1
|
||||
|
||||
echo "verify signed data (ec)"
|
||||
${hxtool} cms-verify-sd \
|
||||
--missing-revoke \
|
||||
--anchors=FILE:$srcdir/data/secp160r1TestCA.cert.pem \
|
||||
sd.data sd.data.out > /dev/null || exit 1
|
||||
--missing-revoke \
|
||||
--anchors=FILE:$srcdir/data/secp256r1TestCA.cert.pem \
|
||||
sd.data sd.data.out > /dev/null || exit 1
|
||||
cmp "$srcdir/test_chain.in" sd.data.out || exit 1
|
||||
fi
|
||||
|
||||
|
Reference in New Issue
Block a user