Add certificates with PSS signatures
authorDr. Stephen Henson <steve@openssl.org>
Mon, 24 Apr 2017 21:17:45 +0000 (22:17 +0100)
committerDr. Stephen Henson <steve@openssl.org>
Tue, 25 Apr 2017 21:12:34 +0000 (22:12 +0100)
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3301)

test/certs/ee-pss-sha1-cert.pem [new file with mode: 0644]
test/certs/ee-pss-sha256-cert.pem [new file with mode: 0644]
test/certs/setup.sh

diff --git a/test/certs/ee-pss-sha1-cert.pem b/test/certs/ee-pss-sha1-cert.pem
new file mode 100644 (file)
index 0000000..b504aea
--- /dev/null
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDFDCCAfygAwIBAgIBAjANBgkqhkiG9w0BAQowADANMQswCQYDVQQDDAJDQTAg
+Fw0xNzA0MjQyMTE5NDlaGA8yMTE3MDQyNTIxMTk0OVowEzERMA8GA1UEAwwIUFNT
+LVNIQTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo/4lYYYWu3tss
+D9Vz++K3qBt6dWAr1H08c3a1rt6TL38kkG3JHPSKOM2fooAWVsu0LLuT5Rcf/w3G
+Q/4xNPgo2HXpo7uIgu+jcuJTYgVFTeAxl++qnRDSWA2eBp4yuxsIVl1lDz9mjsI2
+oBH/wFk1/Ukc3RxCMwZ4rgQ4I+XndWfTlK1aqUAfrFkQ9QzBZK1KxMY1U7OWaoIb
+FYvRmavknm+UqtKW5Vf7jJFkijwkFsbSGb6CYBM7YrDtPh2zyvlr3zG5ep5LR2in
+Kcc/SuIiJ7TvkGPX79ByST5brbkb1Ctvhmjd1XMSuEPJ3EEPoqNGT4tniIQPYf55
+NB9KiR+3AgMBAAGjdzB1MB0GA1UdDgQWBBTnm+IqrYpsOst2UeWOB5gil+FzojAf
+BgNVHSMEGDAWgBS0ETPx1+Je91OeICIQT4YGvx/JXjAJBgNVHRMEAjAAMBMGA1Ud
+JQQMMAoGCCsGAQUFBwMBMBMGA1UdEQQMMAqCCFBTUy1TSEExMA0GCSqGSIb3DQEB
+CjAAA4IBAQCC4qIOu7FVYMvRx13IrvzviF+RFRRfAD5NZSPFw5+riLMeRlA4Pdw/
+vCctNIpqjDaSFu8BRTUuyHPXSIvPo0Rl64TsfQNHP1Ut1/8XCecYCEBx/ROJHbM5
+YjoHMCAy+mR3f4BK1827Mp5U/wRJ6ljvE5EbALQ06ZEuIO6zqEAO6AROUCjWSyFd
+z9fkEHS0XmploIywH4QXR7X+ueWOE3n76x+vziM4qoGsYxy0sxePfTWM1DscT1Kt
+l5skZdZEKo6J8m8ImxfmtLutky2/tw5cdeWbovX3xfipabjPqpzO9Tf9aa4iblJa
+AEQwRss+D6ixFO1rNKs1fjFva7A+9lrO
+-----END CERTIFICATE-----
diff --git a/test/certs/ee-pss-sha256-cert.pem b/test/certs/ee-pss-sha256-cert.pem
new file mode 100644 (file)
index 0000000..cde5089
--- /dev/null
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDeDCCAjCgAwIBAgIBAjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAaEa
+MBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiAwIBIDANMQswCQYDVQQDDAJDQTAg
+Fw0xNzA0MjQyMTE5NDlaGA8yMTE3MDQyNTIxMTk0OVowFTETMBEGA1UEAwwKUFNT
+LVNIQTI1NjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKj/iVhhha7e
+2ywP1XP74reoG3p1YCvUfTxzdrWu3pMvfySQbckc9Io4zZ+igBZWy7Qsu5PlFx//
+DcZD/jE0+CjYdemju4iC76Ny4lNiBUVN4DGX76qdENJYDZ4GnjK7GwhWXWUPP2aO
+wjagEf/AWTX9SRzdHEIzBniuBDgj5ed1Z9OUrVqpQB+sWRD1DMFkrUrExjVTs5Zq
+ghsVi9GZq+Seb5Sq0pblV/uMkWSKPCQWxtIZvoJgEztisO0+HbPK+WvfMbl6nktH
+aKcpxz9K4iIntO+QY9fv0HJJPlutuRvUK2+GaN3VcxK4Q8ncQQ+io0ZPi2eIhA9h
+/nk0H0qJH7cCAwEAAaN5MHcwHQYDVR0OBBYEFOeb4iqtimw6y3ZR5Y4HmCKX4XOi
+MB8GA1UdIwQYMBaAFLQRM/HX4l73U54gIhBPhga/H8leMAkGA1UdEwQCMAAwEwYD
+VR0lBAwwCgYIKwYBBQUHAwEwFQYDVR0RBA4wDIIKUFNTLVNIQTI1NjA9BgkqhkiG
+9w0BAQowMKANMAsGCWCGSAFlAwQCAaEaMBgGCSqGSIb3DQEBCDALBglghkgBZQME
+AgGiAwIBIAOCAQEAfKQyXj7HSdUQJA599+SBjalw3dsaxYg6wgLH1IW3GHXPR+c0
+4cugrsPFNRTZL2u/xwHfdxcR3N2vzsdqa+Ep3iyC6egiwxmhIkw0OI+uk/WO9P8Z
+42bznkeDjOQ3Y04IIt7a5VbMY7AuWdQfnuVRFiJFAZi7s4+b6QL7+iwydZESVNRL
+K+Y6rjMEOrGK7codcRKxrwIt7kxkcT7MI/O7Jt5aa1XDvdSzrieo/CpNVCLCm/zq
+Hn1MZ7SAxjTlvwZIj1FhDrFJJppPc5fS7rQDcEaEV6qkBMowtccQR61Iim4834gV
+ZTesKQBRtAgW/h4OD5Za98hSEesP6YNhE3GK7A==
+-----END CERTIFICATE-----
index 7e1086a..98bac02 100755 (executable)
@@ -344,3 +344,11 @@ REQMASK=MASK:0x800 ./mkcert.sh req badalt7-key "O = Bad NC Test Certificate 7" \
     "DNS.1 = www.ok.good.com" "DNS.2 = bad.ok.good.com" \
     "email.1 = good@good.org" "email.2 = any@good.com" \
     "IP = 127.0.0.1" "IP = 192.168.0.1"
     "DNS.1 = www.ok.good.com" "DNS.2 = bad.ok.good.com" \
     "email.1 = good@good.org" "email.2 = any@good.com" \
     "IP = 127.0.0.1" "IP = 192.168.0.1"
+
+# RSA-PSS signatures
+# SHA1
+./mkcert.sh genee PSS-SHA1 ee-key ee-pss-sha1-cert ca-key ca-cert \
+    -sha1 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:digest
+# SHA256
+./mkcert.sh genee PSS-SHA256 ee-key ee-pss-sha256-cert ca-key ca-cert \
+    -sha256 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:digest