Inicio Explorar Ayuda
Iniciar sesión
RISCI_ATOM
/
wolfssl
espejo de https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Archivos Incidencias 14 Wiki
Árbol: ae54bae2fa
Ramas Etiquetas
wolfssl
/
certs
/
ecc
/
genecc.sh

genecc.sh 2.9 KB
Histórico Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051 
  1. #!/bin/bash
    2. 

  2. 

  3. # run from wolfssl root
    4. 

  4. 

  5. rm ./certs/ecc/*.old
    6. 

  6. rm ./certs/ecc/index.txt*
    7. 

  7. rm ./certs/ecc/serial
    8. 

  8. rm ./certs/ecc/crlnumber
    9. 

  9. 

  10. touch ./certs/ecc/index.txt
    11. 

  11. echo 1000 > ./certs/ecc/serial
    12. 

  12. echo 2000 > ./certs/ecc/crlnumber
    13. 

  13. 

  14. # generate ECC 256-bit CA
    15. 

  15. openssl ecparam -out ./certs/ca-ecc-key.par -name prime256v1
    16. 

  16. openssl req -config ./certs/ecc/wolfssl.cnf -extensions v3_ca -x509 -nodes -newkey ec:./certs/ca-ecc-key.par -keyout ./certs/ca-ecc-key.pem -out ./certs/ca-ecc-cert.pem -sha256 -days 7300 -batch -subj "/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Development/CN=www.wolfssl.com/emailAddress=info@wolfssl.com"
    17. 

  17. 

  18. openssl x509 -in ./certs/ca-ecc-cert.pem -inform PEM -out ./certs/ca-ecc-cert.der -outform DER
    19. 

  19. openssl ec -in ./certs/ca-ecc-key.pem -inform PEM -out ./certs/ca-ecc-key.der -outform DER
    20. 

  20. 

  21. rm ./certs/ca-ecc-key.par
    22. 

  22. 

  23. # generate ECC 384-bit CA
    24. 

  24. openssl ecparam -out ./certs/ca-ecc384-key.par -name secp384r1
    25. 

  25. openssl req -config ./certs/ecc/wolfssl.cnf -extensions v3_ca -x509 -nodes -newkey ec:./certs/ca-ecc384-key.par -keyout ./certs/ca-ecc384-key.pem -out ./certs/ca-ecc384-cert.pem -sha384 -days 7300 -batch -subj "/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Development/CN=www.wolfssl.com/emailAddress=info@wolfssl.com"
    26. 

  26. 

  27. openssl x509 -in ./certs/ca-ecc384-cert.pem -inform PEM -out ./certs/ca-ecc384-cert.der -outform DER
    28. 

  28. openssl ec -in ./certs/ca-ecc384-key.pem -inform PEM -out ./certs/ca-ecc384-key.der -outform DER
    29. 

  29. 

  30. rm ./certs/ca-ecc384-key.par
    31. 

  31. 

  32. 

  33. # Generate ECC 256-bit server cert
    34. 

  34. openssl req -config ./certs/ecc/wolfssl.cnf -sha256 -new -key ./certs/ecc-key.pem -out ./certs/server-ecc-req.pem -subj "/C=US/ST=Washington/L=Seattle/O=Eliptic/OU=ECC/CN=www.wolfssl.com/emailAddress=info@wolfssl.com/"
    35. 

  35. openssl x509 -req -in ./certs/server-ecc-req.pem -CA ./certs/ca-ecc-cert.pem -CAkey ./certs/ca-ecc-key.pem -CAcreateserial -out ./certs/server-ecc.pem -sha256
    36. 

  36. 

  37. # Sign server certificate
    38. 

  38. openssl ca -config ./certs/ecc/wolfssl.cnf -extensions server_cert -days 3650 -notext -md sha256 -in ./certs/server-ecc-req.pem -out ./certs/server-ecc.pem
    39. 

  39. openssl x509 -in ./certs/server-ecc.pem -outform der -out ./certs/server-ecc.der
    40. 

  40. 

  41. rm ./certs/server-ecc-req.pem 
    42. 

  42. 

  43. # Gen CRL
    44. 

  44. openssl ca -config ./certs/ecc/wolfssl.cnf -gencrl -crldays 1000 -out ./certs/crl/caEccCrl.pem -keyfile ./certs/ca-ecc-key.pem -cert ./certs/ca-ecc-cert.pem
    45. 

  45. openssl ca -config ./certs/ecc/wolfssl.cnf -gencrl -crldays 1000 -out ./certs/crl/caEcc384Crl.pem -keyfile ./certs/ca-ecc384-key.pem -cert ./certs/ca-ecc384-cert.pem
    46. 

  46. 

  47. # Also manually need to:
    48. 

  48. # 1. Copy ./certs/server-ecc.der into ./certs/test/server-cert-ecc-badsig.der `cp ./certs/server-ecc.der ./certs/test/server-cert-ecc-badsig.der`
    49. 

  49. # 2. Modify last byte so its invalidates signature in ./certs/test/server-cert-ecc-badsig.der
    50. 

  50. # 3. Covert bad cert to pem `openssl x509 -inform der -in ./certs/test/server-cert-ecc-badsig.der -outform pem -out ./certs/test/server-cert-ecc-badsig.pem`
    51. 

  51. # 4. Update AKID's for CA's in test.c certext_test() function akid_ecc.
    52.