From 46e0bd3c6872b80a2201efedba81c71d96069c89 Mon Sep 17 00:00:00 2001 From: Viktor Dukhovni Date: Tue, 4 Mar 2014 23:42:19 +0000 Subject: [PATCH] Use P-256 for EC tests Fedora/RedHat OpenSSL supports only P-256, P-384 and P-521. The new mkcert.sh script can create updated certs when these expire on Jan 17th 2038. --- lib/hx509/Makefile.am | 18 ++--- lib/hx509/data/mkcert.sh | 84 +++++++++++++++++++++ lib/hx509/data/secp160r1TestCA.cert.pem | 12 --- lib/hx509/data/secp160r1TestCA.key.pem | 4 - lib/hx509/data/secp160r1TestCA.pem | 18 ----- lib/hx509/data/secp160r2TestClient.cert.pem | 9 --- lib/hx509/data/secp160r2TestClient.key.pem | 4 - lib/hx509/data/secp160r2TestClient.pem | 15 ---- lib/hx509/data/secp160r2TestServer.cert.pem | 9 --- lib/hx509/data/secp160r2TestServer.key.pem | 4 - lib/hx509/data/secp160r2TestServer.pem | 15 ---- lib/hx509/data/secp256r1TestCA.cert.pem | 12 +++ lib/hx509/data/secp256r1TestCA.key.pem | 5 ++ lib/hx509/data/secp256r1TestCA.pem | 17 +++++ lib/hx509/data/secp256r2TestClient.cert.pem | 12 +++ lib/hx509/data/secp256r2TestClient.key.pem | 5 ++ lib/hx509/data/secp256r2TestClient.pem | 17 +++++ lib/hx509/data/secp256r2TestServer.cert.pem | 12 +++ lib/hx509/data/secp256r2TestServer.key.pem | 5 ++ lib/hx509/data/secp256r2TestServer.pem | 17 +++++ lib/hx509/test_chain.in | 8 +- lib/hx509/test_cms.in | 12 +-- 22 files changed, 205 insertions(+), 109 deletions(-) create mode 100755 lib/hx509/data/mkcert.sh delete mode 100644 lib/hx509/data/secp160r1TestCA.cert.pem delete mode 100644 lib/hx509/data/secp160r1TestCA.key.pem delete mode 100644 lib/hx509/data/secp160r1TestCA.pem delete mode 100644 lib/hx509/data/secp160r2TestClient.cert.pem delete mode 100644 lib/hx509/data/secp160r2TestClient.key.pem delete mode 100644 lib/hx509/data/secp160r2TestClient.pem delete mode 100644 lib/hx509/data/secp160r2TestServer.cert.pem delete mode 100644 lib/hx509/data/secp160r2TestServer.key.pem delete mode 100644 lib/hx509/data/secp160r2TestServer.pem create mode 100644 lib/hx509/data/secp256r1TestCA.cert.pem create mode 100644 lib/hx509/data/secp256r1TestCA.key.pem create mode 100644 lib/hx509/data/secp256r1TestCA.pem create mode 100644 lib/hx509/data/secp256r2TestClient.cert.pem create mode 100644 lib/hx509/data/secp256r2TestClient.key.pem create mode 100644 lib/hx509/data/secp256r2TestClient.pem create mode 100644 lib/hx509/data/secp256r2TestServer.cert.pem create mode 100644 lib/hx509/data/secp256r2TestServer.key.pem create mode 100644 lib/hx509/data/secp256r2TestServer.pem diff --git a/lib/hx509/Makefile.am b/lib/hx509/Makefile.am index e4b33f341..47ace3e4e 100644 --- a/lib/hx509/Makefile.am +++ b/lib/hx509/Makefile.am @@ -349,15 +349,15 @@ EXTRA_DIST = \ tst-crypto-select6 \ tst-crypto-select7 \ data/n0ll.pem \ - data/secp160r1TestCA.cert.pem \ - data/secp160r1TestCA.key.pem \ - data/secp160r1TestCA.pem \ - data/secp160r2TestClient.cert.pem \ - data/secp160r2TestClient.key.pem \ - data/secp160r2TestClient.pem \ - data/secp160r2TestServer.cert.pem \ - data/secp160r2TestServer.key.pem \ - data/secp160r2TestServer.pem \ + data/secp256r1TestCA.cert.pem \ + data/secp256r1TestCA.key.pem \ + data/secp256r1TestCA.pem \ + data/secp256r2TestClient.cert.pem \ + data/secp256r2TestClient.key.pem \ + data/secp256r2TestClient.pem \ + data/secp256r2TestServer.cert.pem \ + data/secp256r2TestServer.key.pem \ + data/secp256r2TestServer.pem \ data/bleichenbacher-bad.pem \ data/bleichenbacher-good.pem \ data/bleichenbacher-sf-pad-correct.pem \ diff --git a/lib/hx509/data/mkcert.sh b/lib/hx509/data/mkcert.sh new file mode 100755 index 000000000..5faa57120 --- /dev/null +++ b/lib/hx509/data/mkcert.sh @@ -0,0 +1,84 @@ +#! /bin/bash + +set -e + +# For now, avoid going past the 2038 32-bit clock rollover +DAYS=$(( ( 0x7fffffff - $(date +%s) ) / 86400 - 1 )) + +key() { + local key=$1; shift + + if [ ! -f "${key}.pem" ]; then + openssl genpkey \ + -paramfile <(openssl ecparam -name prime256v1) \ + -out "${key}.pem" + fi +} + +req() { + local key=$1; shift + local dn=$1; shift + + openssl req -new -sha256 -key "${key}.pem" \ + -config <(printf "[req]\n%s\n%s\n[dn]\nCN_default=foo\n" \ + "prompt = yes" "distinguished_name = dn") \ + -subj "${dn}" +} + +cert() { + local cert=$1; shift + local exts=$1; shift + + openssl x509 -req -sha256 -out "${cert}.pem" \ + -extfile <(printf "%s\n" "$exts") "$@" +} + +genroot() { + local dn=$1; shift + local key=$1; shift + local cert=$1; shift + + exts=$(printf "%s\n%s\n%s\n%s\n" \ + "subjectKeyIdentifier = hash" \ + "authorityKeyIdentifier = keyid" \ + "basicConstraints = CA:true" \ + "keyUsage = keyCertSign, cRLSign" ) + key "$key"; req "$key" "$dn" | + cert "$cert" "$exts" -signkey "${key}.pem" \ + -set_serial 1 -days "${DAYS}" +} + +genee() { + local dn=$1; shift + local key=$1; shift + local cert=$1; shift + local cakey=$1; shift + local cacert=$1; shift + + exts=$(printf "%s\n%s\n%s\n%s\n" \ + "subjectKeyIdentifier = hash" \ + "authorityKeyIdentifier = keyid, issuer" \ + "basicConstraints = CA:false" \ + "keyUsage = digitalSignature, keyEncipherment, dataEncipherment" \ + ) + key "$key"; req "$key" "$dn" | + cert "$cert" "$exts" -CA "${cacert}.pem" -CAkey "${cakey}.pem" \ + -set_serial 2 -days "${DAYS}" "$@" +} + + +genroot "/C=SE/O=Heimdal/CN=CA secp256r1" \ + secp256r1TestCA.key secp256r1TestCA.cert +genee "/C=SE/O=Heimdal/CN=Server" \ + secp256r2TestServer.key secp256r2TestServer.cert \ + secp256r1TestCA.key secp256r1TestCA.cert +genee "/C=SE/O=Heimdal/CN=Client" \ + secp256r2TestClient.key secp256r2TestClient.cert \ + secp256r1TestCA.key secp256r1TestCA.cert + +cat secp256r1TestCA.key.pem secp256r1TestCA.cert.pem > \ + secp256r1TestCA.pem +cat secp256r2TestClient.cert.pem secp256r2TestClient.key.pem > \ + secp256r2TestClient.pem +cat secp256r2TestServer.cert.pem secp256r2TestServer.key.pem > \ + secp256r2TestServer.pem diff --git a/lib/hx509/data/secp160r1TestCA.cert.pem b/lib/hx509/data/secp160r1TestCA.cert.pem deleted file mode 100644 index 2d30fab2c..000000000 --- a/lib/hx509/data/secp160r1TestCA.cert.pem +++ /dev/null @@ -1,12 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIBxjCCAYagAwIBAgIJAKjMYS/6EOLdMAkGByqGSM49BAEwNjELMAkGA1UEBhMC -U0UxEDAOBgNVBAoTB0hlaW1kYWwxFTATBgNVBAMTDENBIHNlY3AxNjByMTAeFw0w -OTAyMTQxNzUwMDRaFw0yMDAxMjgxNzUwMDRaMDYxCzAJBgNVBAYTAlNFMRAwDgYD -VQQKEwdIZWltZGFsMRUwEwYDVQQDEwxDQSBzZWNwMTYwcjEwPjAQBgcqhkjOPQIB -BgUrgQQACAMqAASMHokF13aCVrlhMSr9Vgofj7loM2a7ZrU3h8/j1n/cO24ceyN/ -DpsOo4GYMIGVMB0GA1UdDgQWBBS58EWwgNdBwkYVhUSNzwIehHhEDzBmBgNVHSME -XzBdgBS58EWwgNdBwkYVhUSNzwIehHhED6E6pDgwNjELMAkGA1UEBhMCU0UxEDAO -BgNVBAoTB0hlaW1kYWwxFTATBgNVBAMTDENBIHNlY3AxNjByMYIJAKjMYS/6EOLd -MAwGA1UdEwQFMAMBAf8wCQYHKoZIzj0EAQMvADAsAhRZPKbqMYDATJasRcXQfEh5 -8oHCywIUGZ0h6FqSvPgpkZ7hoU+ZEFJ/D88= ------END CERTIFICATE----- diff --git a/lib/hx509/data/secp160r1TestCA.key.pem b/lib/hx509/data/secp160r1TestCA.key.pem deleted file mode 100644 index f0ce773cf..000000000 --- a/lib/hx509/data/secp160r1TestCA.key.pem +++ /dev/null @@ -1,4 +0,0 @@ ------BEGIN EC PRIVATE KEY----- -MFACAQEEFHegiSlX0311KSBjNrbzq6HrKjkYoAcGBSuBBAAIoSwDKgAEjB6JBdd2 -gla5YTEq/VYKH4+5aDNmu2a1N4fP49Z/3DtuHHsjfw6bDg== ------END EC PRIVATE KEY----- diff --git a/lib/hx509/data/secp160r1TestCA.pem b/lib/hx509/data/secp160r1TestCA.pem deleted file mode 100644 index a6f068d54..000000000 --- a/lib/hx509/data/secp160r1TestCA.pem +++ /dev/null @@ -1,18 +0,0 @@ -issuer= /C=SE/O=Heimdal/CN=CA secp160r1 -subject= /C=SE/O=Heimdal/CN=CA secp160r1 ------BEGIN CERTIFICATE----- -MIIBxjCCAYagAwIBAgIJAKjMYS/6EOLdMAkGByqGSM49BAEwNjELMAkGA1UEBhMC -U0UxEDAOBgNVBAoTB0hlaW1kYWwxFTATBgNVBAMTDENBIHNlY3AxNjByMTAeFw0w -OTAyMTQxNzUwMDRaFw0yMDAxMjgxNzUwMDRaMDYxCzAJBgNVBAYTAlNFMRAwDgYD -VQQKEwdIZWltZGFsMRUwEwYDVQQDEwxDQSBzZWNwMTYwcjEwPjAQBgcqhkjOPQIB -BgUrgQQACAMqAASMHokF13aCVrlhMSr9Vgofj7loM2a7ZrU3h8/j1n/cO24ceyN/ -DpsOo4GYMIGVMB0GA1UdDgQWBBS58EWwgNdBwkYVhUSNzwIehHhEDzBmBgNVHSME -XzBdgBS58EWwgNdBwkYVhUSNzwIehHhED6E6pDgwNjELMAkGA1UEBhMCU0UxEDAO -BgNVBAoTB0hlaW1kYWwxFTATBgNVBAMTDENBIHNlY3AxNjByMYIJAKjMYS/6EOLd -MAwGA1UdEwQFMAMBAf8wCQYHKoZIzj0EAQMvADAsAhRZPKbqMYDATJasRcXQfEh5 -8oHCywIUGZ0h6FqSvPgpkZ7hoU+ZEFJ/D88= ------END CERTIFICATE----- ------BEGIN EC PRIVATE KEY----- -MFACAQEEFHegiSlX0311KSBjNrbzq6HrKjkYoAcGBSuBBAAIoSwDKgAEjB6JBdd2 -gla5YTEq/VYKH4+5aDNmu2a1N4fP49Z/3DtuHHsjfw6bDg== ------END EC PRIVATE KEY----- diff --git a/lib/hx509/data/secp160r2TestClient.cert.pem b/lib/hx509/data/secp160r2TestClient.cert.pem deleted file mode 100644 index 716395bf8..000000000 --- a/lib/hx509/data/secp160r2TestClient.cert.pem +++ /dev/null @@ -1,9 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIBIDCB4AIJAN1XzNknE3lDMAkGByqGSM49BAEwNjELMAkGA1UEBhMCU0UxEDAO -BgNVBAoTB0hlaW1kYWwxFTATBgNVBAMTDENBIHNlY3AxNjByMTAeFw0wOTAyMTQx -NzUwMDRaFw0yMDAxMjgxNzUwMDRaMDAxCzAJBgNVBAYTAlNFMRAwDgYDVQQKEwdI -ZWltZGFsMQ8wDQYDVQQDEwZDbGllbnQwPjAQBgcqhkjOPQIBBgUrgQQAHgMqAASA -oVzj3A0W1FaSmc0NwTRdX4A8eCbDb6pf07vMpUcOqvdXVGwWN3HhMAkGByqGSM49 -BAEDMAAwLQIURJ9Jdesm0rqwpOAn8K23GdWlCkYCFQDmJtqiOLs4jjUUP6T7O17M -Iwyrvg== ------END CERTIFICATE----- diff --git a/lib/hx509/data/secp160r2TestClient.key.pem b/lib/hx509/data/secp160r2TestClient.key.pem deleted file mode 100644 index e5a2fef79..000000000 --- a/lib/hx509/data/secp160r2TestClient.key.pem +++ /dev/null @@ -1,4 +0,0 @@ ------BEGIN EC PRIVATE KEY----- -MFACAQEEFNz0QJPbDlTBMSOfUoxNSzOOpRKyoAcGBSuBBAAeoSwDKgAEgKFc49wN -FtRWkpnNDcE0XV+APHgmw2+qX9O7zKVHDqr3V1RsFjdx4Q== ------END EC PRIVATE KEY----- diff --git a/lib/hx509/data/secp160r2TestClient.pem b/lib/hx509/data/secp160r2TestClient.pem deleted file mode 100644 index ca4bb331d..000000000 --- a/lib/hx509/data/secp160r2TestClient.pem +++ /dev/null @@ -1,15 +0,0 @@ -issuer= /C=SE/O=Heimdal/CN=CA secp160r1 -subject= /C=SE/O=Heimdal/CN=Client ------BEGIN CERTIFICATE----- -MIIBIDCB4AIJAN1XzNknE3lDMAkGByqGSM49BAEwNjELMAkGA1UEBhMCU0UxEDAO -BgNVBAoTB0hlaW1kYWwxFTATBgNVBAMTDENBIHNlY3AxNjByMTAeFw0wOTAyMTQx -NzUwMDRaFw0yMDAxMjgxNzUwMDRaMDAxCzAJBgNVBAYTAlNFMRAwDgYDVQQKEwdI -ZWltZGFsMQ8wDQYDVQQDEwZDbGllbnQwPjAQBgcqhkjOPQIBBgUrgQQAHgMqAASA -oVzj3A0W1FaSmc0NwTRdX4A8eCbDb6pf07vMpUcOqvdXVGwWN3HhMAkGByqGSM49 -BAEDMAAwLQIURJ9Jdesm0rqwpOAn8K23GdWlCkYCFQDmJtqiOLs4jjUUP6T7O17M -Iwyrvg== ------END CERTIFICATE----- ------BEGIN EC PRIVATE KEY----- -MFACAQEEFNz0QJPbDlTBMSOfUoxNSzOOpRKyoAcGBSuBBAAeoSwDKgAEgKFc49wN -FtRWkpnNDcE0XV+APHgmw2+qX9O7zKVHDqr3V1RsFjdx4Q== ------END EC PRIVATE KEY----- diff --git a/lib/hx509/data/secp160r2TestServer.cert.pem b/lib/hx509/data/secp160r2TestServer.cert.pem deleted file mode 100644 index 6b5603658..000000000 --- a/lib/hx509/data/secp160r2TestServer.cert.pem +++ /dev/null @@ -1,9 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIBIDCB4AIJAN1XzNknE3lCMAkGByqGSM49BAEwNjELMAkGA1UEBhMCU0UxEDAO -BgNVBAoTB0hlaW1kYWwxFTATBgNVBAMTDENBIHNlY3AxNjByMTAeFw0wOTAyMTQx -NzUwMDRaFw0yMDAxMjgxNzUwMDRaMDAxCzAJBgNVBAYTAlNFMRAwDgYDVQQKEwdI -ZWltZGFsMQ8wDQYDVQQDEwZTZXJ2ZXIwPjAQBgcqhkjOPQIBBgUrgQQAHgMqAARA -IUAwnwABnZAs378hcEgnk8efxE35RF6B+MmxSq1Twhp2C1ophD6yMAkGByqGSM49 -BAEDMAAwLQIVAO0hl59KWXRMBaJ2iKsiu/j73/bPAhRfsTT6SIBL5+3gjLhl7SqK -1kTMQw== ------END CERTIFICATE----- diff --git a/lib/hx509/data/secp160r2TestServer.key.pem b/lib/hx509/data/secp160r2TestServer.key.pem deleted file mode 100644 index a903d0f76..000000000 --- a/lib/hx509/data/secp160r2TestServer.key.pem +++ /dev/null @@ -1,4 +0,0 @@ ------BEGIN EC PRIVATE KEY----- -MFACAQEEFBR1r2nPL1Ln1U5Nk1kW9XtNEkk1oAcGBSuBBAAeoSwDKgAEQCFAMJ8A -AZ2QLN+/IXBIJ5PHn8RN+URegfjJsUqtU8IadgtaKYQ+sg== ------END EC PRIVATE KEY----- diff --git a/lib/hx509/data/secp160r2TestServer.pem b/lib/hx509/data/secp160r2TestServer.pem deleted file mode 100644 index 329d87153..000000000 --- a/lib/hx509/data/secp160r2TestServer.pem +++ /dev/null @@ -1,15 +0,0 @@ -issuer= /C=SE/O=Heimdal/CN=CA secp160r1 -subject= /C=SE/O=Heimdal/CN=Server ------BEGIN CERTIFICATE----- -MIIBIDCB4AIJAN1XzNknE3lCMAkGByqGSM49BAEwNjELMAkGA1UEBhMCU0UxEDAO -BgNVBAoTB0hlaW1kYWwxFTATBgNVBAMTDENBIHNlY3AxNjByMTAeFw0wOTAyMTQx -NzUwMDRaFw0yMDAxMjgxNzUwMDRaMDAxCzAJBgNVBAYTAlNFMRAwDgYDVQQKEwdI -ZWltZGFsMQ8wDQYDVQQDEwZTZXJ2ZXIwPjAQBgcqhkjOPQIBBgUrgQQAHgMqAARA -IUAwnwABnZAs378hcEgnk8efxE35RF6B+MmxSq1Twhp2C1ophD6yMAkGByqGSM49 -BAEDMAAwLQIVAO0hl59KWXRMBaJ2iKsiu/j73/bPAhRfsTT6SIBL5+3gjLhl7SqK -1kTMQw== ------END CERTIFICATE----- ------BEGIN EC PRIVATE KEY----- -MFACAQEEFBR1r2nPL1Ln1U5Nk1kW9XtNEkk1oAcGBSuBBAAeoSwDKgAEQCFAMJ8A -AZ2QLN+/IXBIJ5PHn8RN+URegfjJsUqtU8IadgtaKYQ+sg== ------END EC PRIVATE KEY----- diff --git a/lib/hx509/data/secp256r1TestCA.cert.pem b/lib/hx509/data/secp256r1TestCA.cert.pem new file mode 100644 index 000000000..6cac58ee1 --- /dev/null +++ b/lib/hx509/data/secp256r1TestCA.cert.pem @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIBuDCCAV6gAwIBAgIBATAKBggqhkjOPQQDAjA2MQswCQYDVQQGEwJTRTEQMA4G +A1UEChMHSGVpbWRhbDEVMBMGA1UEAxMMQ0Egc2VjcDI1NnIxMB4XDTE0MDMxMDE5 +NDAyM1oXDTM4MDExNzE5NDAyM1owNjELMAkGA1UEBhMCU0UxEDAOBgNVBAoTB0hl +aW1kYWwxFTATBgNVBAMTDENBIHNlY3AyNTZyMTBZMBMGByqGSM49AgEGCCqGSM49 +AwEHA0IABOUrhSvioYJaKUK9WjI5eGRAWsOB2DNslTkcgTkFsd3vD4/dGxaHBOIM +kuD9ldGK2sQArEIDKfrOHvP+oFz3jLajXTBbMB0GA1UdDgQWBBTrUd8AqGhfZvHV +spcznXeb328JgzAfBgNVHSMEGDAWgBTrUd8AqGhfZvHVspcznXeb328JgzAMBgNV +HRMEBTADAQH/MAsGA1UdDwQEAwIBBjAKBggqhkjOPQQDAgNIADBFAiBd6J2N4B6L +mtn0ZP/6vOyPkA7YMq2EwbVyTGlnBTwYsQIhALjsLWHQVSkt08rly48ns93DeSbM +XejBzmT8QXEdib+1 +-----END CERTIFICATE----- diff --git a/lib/hx509/data/secp256r1TestCA.key.pem b/lib/hx509/data/secp256r1TestCA.key.pem new file mode 100644 index 000000000..388826621 --- /dev/null +++ b/lib/hx509/data/secp256r1TestCA.key.pem @@ -0,0 +1,5 @@ +-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgL2N0gdHhAjBGcJ40 +gHePPMwGKygIVDXTfjysn9zPiSOhRANCAATlK4Ur4qGCWilCvVoyOXhkQFrDgdgz +bJU5HIE5BbHd7w+P3RsWhwTiDJLg/ZXRitrEAKxCAyn6zh7z/qBc94y2 +-----END PRIVATE KEY----- diff --git a/lib/hx509/data/secp256r1TestCA.pem b/lib/hx509/data/secp256r1TestCA.pem new file mode 100644 index 000000000..d0c743188 --- /dev/null +++ b/lib/hx509/data/secp256r1TestCA.pem @@ -0,0 +1,17 @@ +-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgL2N0gdHhAjBGcJ40 +gHePPMwGKygIVDXTfjysn9zPiSOhRANCAATlK4Ur4qGCWilCvVoyOXhkQFrDgdgz +bJU5HIE5BbHd7w+P3RsWhwTiDJLg/ZXRitrEAKxCAyn6zh7z/qBc94y2 +-----END PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIIBuDCCAV6gAwIBAgIBATAKBggqhkjOPQQDAjA2MQswCQYDVQQGEwJTRTEQMA4G +A1UEChMHSGVpbWRhbDEVMBMGA1UEAxMMQ0Egc2VjcDI1NnIxMB4XDTE0MDMxMDE5 +NDAyM1oXDTM4MDExNzE5NDAyM1owNjELMAkGA1UEBhMCU0UxEDAOBgNVBAoTB0hl +aW1kYWwxFTATBgNVBAMTDENBIHNlY3AyNTZyMTBZMBMGByqGSM49AgEGCCqGSM49 +AwEHA0IABOUrhSvioYJaKUK9WjI5eGRAWsOB2DNslTkcgTkFsd3vD4/dGxaHBOIM +kuD9ldGK2sQArEIDKfrOHvP+oFz3jLajXTBbMB0GA1UdDgQWBBTrUd8AqGhfZvHV +spcznXeb328JgzAfBgNVHSMEGDAWgBTrUd8AqGhfZvHVspcznXeb328JgzAMBgNV +HRMEBTADAQH/MAsGA1UdDwQEAwIBBjAKBggqhkjOPQQDAgNIADBFAiBd6J2N4B6L +mtn0ZP/6vOyPkA7YMq2EwbVyTGlnBTwYsQIhALjsLWHQVSkt08rly48ns93DeSbM +XejBzmT8QXEdib+1 +-----END CERTIFICATE----- diff --git a/lib/hx509/data/secp256r2TestClient.cert.pem b/lib/hx509/data/secp256r2TestClient.cert.pem new file mode 100644 index 000000000..f0f3a2445 --- /dev/null +++ b/lib/hx509/data/secp256r2TestClient.cert.pem @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIBrzCCAVWgAwIBAgIBAjAKBggqhkjOPQQDAjA2MQswCQYDVQQGEwJTRTEQMA4G +A1UEChMHSGVpbWRhbDEVMBMGA1UEAxMMQ0Egc2VjcDI1NnIxMB4XDTE0MDMxMDE5 +NDAyM1oXDTM4MDExNzE5NDAyM1owMDELMAkGA1UEBhMCU0UxEDAOBgNVBAoTB0hl +aW1kYWwxDzANBgNVBAMTBkNsaWVudDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA +BO7/MCIBHf8gQLQ5ltp1uyCOCAw8uylZZ7+v/rB3oKHuAIyL6q/QjZXZH3FR5VcI +zANavN5SAfx9CFJpPk+pUISjWjBYMB0GA1UdDgQWBBSjXg4X3fs5xOQgTumjZQwF +I13RejAfBgNVHSMEGDAWgBTrUd8AqGhfZvHVspcznXeb328JgzAJBgNVHRMEAjAA +MAsGA1UdDwQEAwIEsDAKBggqhkjOPQQDAgNIADBFAiAa9d6aCxlioep3ViYqujWv +A28/16yXOrmLY1a2wcj3awIhAMeVjMiUTP/U4yXfb3uJjJmq8hfyNZ/CAiTQKORx +JjIt +-----END CERTIFICATE----- diff --git a/lib/hx509/data/secp256r2TestClient.key.pem b/lib/hx509/data/secp256r2TestClient.key.pem new file mode 100644 index 000000000..36c67f9db --- /dev/null +++ b/lib/hx509/data/secp256r2TestClient.key.pem @@ -0,0 +1,5 @@ +-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg6oD5CbNzN7oAWqcq +dKJKw2WU5EwnUV05+7S9gXgeW/qhRANCAATu/zAiAR3/IEC0OZbadbsgjggMPLsp +WWe/r/6wd6Ch7gCMi+qv0I2V2R9xUeVXCMwDWrzeUgH8fQhSaT5PqVCE +-----END PRIVATE KEY----- diff --git a/lib/hx509/data/secp256r2TestClient.pem b/lib/hx509/data/secp256r2TestClient.pem new file mode 100644 index 000000000..acf11b041 --- /dev/null +++ b/lib/hx509/data/secp256r2TestClient.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIIBrzCCAVWgAwIBAgIBAjAKBggqhkjOPQQDAjA2MQswCQYDVQQGEwJTRTEQMA4G +A1UEChMHSGVpbWRhbDEVMBMGA1UEAxMMQ0Egc2VjcDI1NnIxMB4XDTE0MDMxMDE5 +NDAyM1oXDTM4MDExNzE5NDAyM1owMDELMAkGA1UEBhMCU0UxEDAOBgNVBAoTB0hl +aW1kYWwxDzANBgNVBAMTBkNsaWVudDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA +BO7/MCIBHf8gQLQ5ltp1uyCOCAw8uylZZ7+v/rB3oKHuAIyL6q/QjZXZH3FR5VcI +zANavN5SAfx9CFJpPk+pUISjWjBYMB0GA1UdDgQWBBSjXg4X3fs5xOQgTumjZQwF +I13RejAfBgNVHSMEGDAWgBTrUd8AqGhfZvHVspcznXeb328JgzAJBgNVHRMEAjAA +MAsGA1UdDwQEAwIEsDAKBggqhkjOPQQDAgNIADBFAiAa9d6aCxlioep3ViYqujWv +A28/16yXOrmLY1a2wcj3awIhAMeVjMiUTP/U4yXfb3uJjJmq8hfyNZ/CAiTQKORx +JjIt +-----END CERTIFICATE----- +-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg6oD5CbNzN7oAWqcq +dKJKw2WU5EwnUV05+7S9gXgeW/qhRANCAATu/zAiAR3/IEC0OZbadbsgjggMPLsp +WWe/r/6wd6Ch7gCMi+qv0I2V2R9xUeVXCMwDWrzeUgH8fQhSaT5PqVCE +-----END PRIVATE KEY----- diff --git a/lib/hx509/data/secp256r2TestServer.cert.pem b/lib/hx509/data/secp256r2TestServer.cert.pem new file mode 100644 index 000000000..91acde8f6 --- /dev/null +++ b/lib/hx509/data/secp256r2TestServer.cert.pem @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIBsDCCAVWgAwIBAgIBAjAKBggqhkjOPQQDAjA2MQswCQYDVQQGEwJTRTEQMA4G +A1UEChMHSGVpbWRhbDEVMBMGA1UEAxMMQ0Egc2VjcDI1NnIxMB4XDTE0MDMxMDE5 +NDAyM1oXDTM4MDExNzE5NDAyM1owMDELMAkGA1UEBhMCU0UxEDAOBgNVBAoTB0hl +aW1kYWwxDzANBgNVBAMTBlNlcnZlcjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA +BItZgn1C8ZBvKkkNoEofWL0JLCTaHT2lJj7d9jRtSKiR2PlOtd5HhteDqP78K4eg +lRMk5nqsmEooalfbNsFBy8SjWjBYMB0GA1UdDgQWBBTqMDTOezcRsax6lf6E/Xk+ +QzPorjAfBgNVHSMEGDAWgBTrUd8AqGhfZvHVspcznXeb328JgzAJBgNVHRMEAjAA +MAsGA1UdDwQEAwIEsDAKBggqhkjOPQQDAgNJADBGAiEAsvf//YdUWCD6OLZesENa +1mH8+b+kZDR6jx1JchRXAEQCIQDkTvTZrlmmxUaWEsf08/4xbxkYbrPAg4+VX2uI +QcEwUA== +-----END CERTIFICATE----- diff --git a/lib/hx509/data/secp256r2TestServer.key.pem b/lib/hx509/data/secp256r2TestServer.key.pem new file mode 100644 index 000000000..fb57e798c --- /dev/null +++ b/lib/hx509/data/secp256r2TestServer.key.pem @@ -0,0 +1,5 @@ +-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgKo/47DaveCl90GxH +LCE7IGBua2XsE+jI4RUWZrqjhBGhRANCAASLWYJ9QvGQbypJDaBKH1i9CSwk2h09 +pSY+3fY0bUiokdj5TrXeR4bXg6j+/CuHoJUTJOZ6rJhKKGpX2zbBQcvE +-----END PRIVATE KEY----- diff --git a/lib/hx509/data/secp256r2TestServer.pem b/lib/hx509/data/secp256r2TestServer.pem new file mode 100644 index 000000000..0e9edd782 --- /dev/null +++ b/lib/hx509/data/secp256r2TestServer.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIIBsDCCAVWgAwIBAgIBAjAKBggqhkjOPQQDAjA2MQswCQYDVQQGEwJTRTEQMA4G +A1UEChMHSGVpbWRhbDEVMBMGA1UEAxMMQ0Egc2VjcDI1NnIxMB4XDTE0MDMxMDE5 +NDAyM1oXDTM4MDExNzE5NDAyM1owMDELMAkGA1UEBhMCU0UxEDAOBgNVBAoTB0hl +aW1kYWwxDzANBgNVBAMTBlNlcnZlcjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA +BItZgn1C8ZBvKkkNoEofWL0JLCTaHT2lJj7d9jRtSKiR2PlOtd5HhteDqP78K4eg +lRMk5nqsmEooalfbNsFBy8SjWjBYMB0GA1UdDgQWBBTqMDTOezcRsax6lf6E/Xk+ +QzPorjAfBgNVHSMEGDAWgBTrUd8AqGhfZvHVspcznXeb328JgzAJBgNVHRMEAjAA +MAsGA1UdDwQEAwIEsDAKBggqhkjOPQQDAgNJADBGAiEAsvf//YdUWCD6OLZesENa +1mH8+b+kZDR6jx1JchRXAEQCIQDkTvTZrlmmxUaWEsf08/4xbxkYbrPAg4+VX2uI +QcEwUA== +-----END CERTIFICATE----- +-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgKo/47DaveCl90GxH +LCE7IGBua2XsE+jI4RUWZrqjhBGhRANCAASLWYJ9QvGQbypJDaBKH1i9CSwk2h09 +pSY+3fY0bUiokdj5TrXeR4bXg6j+/CuHoJUTJOZ6rJhKKGpX2zbBQcvE +-----END PRIVATE KEY----- diff --git a/lib/hx509/test_chain.in b/lib/hx509/test_chain.in index df551d9c0..b8c8cf527 100644 --- a/lib/hx509/test_chain.in +++ b/lib/hx509/test_chain.in @@ -192,13 +192,13 @@ if ${hxtool} info | grep 'ecdsa: hcrypto null' > /dev/null ; then else echo "eccert -> root" ${hxtool} verify --missing-revoke \ - cert:FILE:$srcdir/data/secp160r2TestServer.cert.pem \ - anchor:FILE:$srcdir/data/secp160r1TestCA.cert.pem > /dev/null || exit 1 + cert:FILE:$srcdir/data/secp256r2TestServer.cert.pem \ + anchor:FILE:$srcdir/data/secp256r1TestCA.cert.pem > /dev/null || exit 1 echo "eccert -> root" ${hxtool} verify --missing-revoke \ - cert:FILE:$srcdir/data/secp160r2TestClient.cert.pem \ - anchor:FILE:$srcdir/data/secp160r1TestCA.cert.pem > /dev/null || exit 1 + cert:FILE:$srcdir/data/secp256r2TestClient.cert.pem \ + anchor:FILE:$srcdir/data/secp256r1TestCA.cert.pem > /dev/null || exit 1 fi echo "proxy cert" diff --git a/lib/hx509/test_cms.in b/lib/hx509/test_cms.in index d519d25a2..8b3de76ef 100644 --- a/lib/hx509/test_cms.in +++ b/lib/hx509/test_cms.in @@ -53,15 +53,15 @@ if ${hxtool} info | grep 'ecdsa: hcrypto null' > /dev/null ; then else echo "create signed data (ec)" ${hxtool} cms-create-sd \ - --certificate=FILE:$srcdir/data/secp160r2TestClient.pem \ - "$srcdir/test_chain.in" \ - sd.data > /dev/null || exit 1 + --certificate=FILE:$srcdir/data/secp256r2TestClient.pem \ + "$srcdir/test_chain.in" \ + sd.data > /dev/null || exit 1 echo "verify signed data (ec)" ${hxtool} cms-verify-sd \ - --missing-revoke \ - --anchors=FILE:$srcdir/data/secp160r1TestCA.cert.pem \ - sd.data sd.data.out > /dev/null || exit 1 + --missing-revoke \ + --anchors=FILE:$srcdir/data/secp256r1TestCA.cert.pem \ + sd.data sd.data.out > /dev/null || exit 1 cmp "$srcdir/test_chain.in" sd.data.out || exit 1 fi