Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(636)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/data/ssl/scripts/generate-weak-test-chains.sh

Issue 8568040: Refuse to accept certificate chains containing any RSA public key smaller (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: '' Created 9 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« net/data/ssl/scripts/ee.cnf ('K') | « net/data/ssl/scripts/ee.cnf ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Property Changes:
Added: svn:executable
+ *
Added: svn:eol-style
+ LF
OLDNEW
(Empty)
1 #!/bin/sh
2
3 # This script generates a set of test (end-entity, intermediate, root)
4 # certificates with (weak, strong), (RSA, DSA, ECDSA) key pairs.
5
6 key_types="768-rsa 1024-rsa 2048-rsa prime256v1-ecdsa"
7
8 try () {
9 echo "$@"
10 $@ || exit 1
11 }
12
13 generate_key_command () {
14 case "$1" in
15 dsa)
16 echo "dsaparam -genkey"
17 ;;
18 ecdsa)
19 echo "ecparam -genkey"
20 ;;
21 rsa)
22 echo genrsa
23 ;;
24 *)
25 exit 1
26 esac
27 }
28
29 try rm -rf out
30 try mkdir out
31
32 # Create the serial number files.
33 try echo 1 > out/2048-rsa-root-serial
34 for key_type in $key_types
35 do
36 try echo 1 > out/$key_type-intermediate-serial
37 done
38
39 # Generate one root CA certificate.
40 try openssl genrsa -out out/2048-rsa-root.key 2048
41
42 CA_COMMON_NAME="2048 RSA Test Root CA" \
43 CA_DIR=out \
44 CA_NAME=req_env_dn \
45 KEY_SIZE=2048 \
46 ALGO=rsa \
47 CERT_TYPE=root \
48 try openssl req \
49 -new \
50 -key out/2048-rsa-root.key \
51 -extensions ca_cert \
52 -out out/2048-rsa-root.csr \
53 -config ca.cnf
54
55 CA_COMMON_NAME="2048 RSA Test Root CA" \
56 CA_DIR=out \
57 CA_NAME=req_env_dn \
58 try openssl x509 \
59 -req -days 3650 \
60 -in out/2048-rsa-root.csr \
61 -extensions ca_cert \
62 -signkey out/2048-rsa-root.key \
63 -out out/2048-rsa-root.pem
64
65 # Generate private keys of all types and strengths for intermediate CAs and
66 # end-entities.
67 for key_type in $key_types
68 do
69 key_size=$(echo "$key_type" | sed -E 's/-.+//')
70 algo=$(echo "$key_type" | sed -E 's/.+-//')
71
72 if [ ecdsa = $algo ]
73 then
74 key_size="-name $key_size"
75 fi
76
77 try openssl $(generate_key_command $algo) \
78 -out out/$key_type-intermediate.key $key_size
79 done
80
81 for key_type in $key_types
82 do
83 key_size=$(echo "$key_type" | sed -E 's/-.+//')
84 algo=$(echo "$key_type" | sed -E 's/.+-//')
85
86 if [ ecdsa = $algo ]
87 then
88 key_size="-name $key_size"
89 fi
90
91 for signer_key_type in $key_types
92 do
93 try openssl $(generate_key_command $algo) \
94 -out out/$key_type-ee-by-$signer_key_type-intermediate.key $key_size
95 done
96 done
97
98 # The root signs the intermediates.
99 for key_type in $key_types
100 do
101 key_size=$(echo "$key_type" | sed -E 's/-.+//')
102 algo=$(echo "$key_type" | sed -E 's/.+-//')
103
104 CA_COMMON_NAME="$key_size $algo Test intermediate CA" \
105 CA_DIR=out \
106 CA_NAME=req_env_dn \
107 KEY_SIZE=$key_size \
108 ALGO=$algo \
109 CERT_TYPE=intermediate \
110 try openssl req \
111 -new \
112 -key out/$key_type-intermediate.key \
113 -out out/$key_type-intermediate.csr \
114 -config ca.cnf
115
116 # Make sure the signer's DB file exists.
117 touch out/2048-rsa-root-index.txt
118
119 CA_COMMON_NAME="2048 RSA Test Root CA" \
120 CA_DIR=out \
121 CA_NAME=req_env_dn \
122 KEY_SIZE=2048 \
123 ALGO=rsa \
124 CERT_TYPE=root \
125 try openssl ca \
126 -batch \
127 -extensions ca_cert \
128 -in out/$key_type-intermediate.csr \
129 -out out/$key_type-intermediate.pem \
130 -config ca.cnf
131 done
132
133 # The intermediates sign the end-entities.
134 for key_type in $key_types
135 do
136 for signer_key_type in $key_types
137 do
138 key_size=$(echo "$key_type" | sed -E 's/-.+//')
139 algo=$(echo "$key_type" | sed -E 's/.+-//')
140 signer_key_size=$(echo "$signer_key_type" | sed -E 's/-.+//')
141 signer_algo=$(echo "$signer_key_type" | sed -E 's/.+-//')
142 touch out/$signer_key_type-intermediate-index.txt
143
144 KEY_SIZE=$key_size \
145 try openssl req \
146 -new \
147 -key out/$key_type-ee-by-$signer_key_type-intermediate.key \
148 -out out/$key_type-ee-by-$signer_key_type-intermediate.csr \
149 -config ee.cnf
150
151 CA_COMMON_NAME="$signer_key_size $algo Test intermediate CA" \
152 CA_DIR=out \
153 CA_NAME=req_env_dn \
154 KEY_SIZE=$signer_key_size \
155 ALGO=$signer_algo \
156 CERT_TYPE=intermediate \
157 try openssl ca \
158 -batch \
159 -in out/$key_type-ee-by-$signer_key_type-intermediate.csr \
160 -out out/$key_type-ee-by-$signer_key_type-intermediate.pem \
161 -config ca.cnf
162 done
163 done
164
OLDNEW
« net/data/ssl/scripts/ee.cnf ('K') | « net/data/ssl/scripts/ee.cnf ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698