diff options
Diffstat (limited to 'third_party/rust/cose/tools/certs')
11 files changed, 78 insertions, 0 deletions
diff --git a/third_party/rust/cose/tools/certs/certs.md b/third_party/rust/cose/tools/certs/certs.md new file mode 100644 index 0000000000..ef8a53909e --- /dev/null +++ b/third_party/rust/cose/tools/certs/certs.md @@ -0,0 +1,9 @@ +## This folder holds everything to generate certificates and keys for tests + +Scripts in this folder require a copy of [mozilla-central](https://hg.mozilla.org/mozilla-central/) and use scripts from `security/manager/ssl/tests/unit`. The default path for `MOZILLA_CENTRAL` is next to the root of this project. + +The helper script `certs.sh` sets all necessary paths and generates certificates. +The following command generates the end-entity certificate with P256, ECDSA, SHA256. + + MOZILLA_CENTRAL=<path to mc> ./certs.sh < ee-p256.certspec + diff --git a/third_party/rust/cose/tools/certs/certs.sh b/third_party/rust/cose/tools/certs/certs.sh new file mode 100755 index 0000000000..b6f4db679c --- /dev/null +++ b/third_party/rust/cose/tools/certs/certs.sh @@ -0,0 +1,21 @@ +#!/bin/bash + +cwd=$(cd $(dirname $0); pwd -P) +MOZILLA_CENTRAL=${MOZILLA_CENTRAL:-"$cwd/../../../mc"} +script_path="$MOZILLA_CENTRAL/security/manager/ssl/tests/unit" + +python_path="$MOZILLA_CENTRAL/third_party/python/pyasn1/" +python_path="$python_path:$MOZILLA_CENTRAL/third_party/python/pyasn1-modules/" +python_path="$python_path:$MOZILLA_CENTRAL/third_party/python/PyECC/" +python_path="$python_path:$MOZILLA_CENTRAL/third_party/python/mock-1.0.0/" +python_path="$python_path:$MOZILLA_CENTRAL/third_party/python/rsa/" + +gen_cert() { + PYTHONPATH=$python_path "$script_path"/pycert.py "$@" > /tmp/cert.pem + openssl x509 -in /tmp/cert.pem -out /tmp/cert.der -outform DER + xxd -ps /tmp/cert.der | sed 's/\([0-9A-Fa-f]\{2\}\)/0x\1, /g' \ + | tr -d '\n' + echo "" +} + +gen_cert "${@:1}" diff --git a/third_party/rust/cose/tools/certs/ee-p256.certspec b/third_party/rust/cose/tools/certs/ee-p256.certspec new file mode 100644 index 0000000000..59d1312987 --- /dev/null +++ b/third_party/rust/cose/tools/certs/ee-p256.certspec @@ -0,0 +1,6 @@ +issuer:int-p256 +subject:ee-p256 +issuerKey:secp256r1 +subjectKey:secp256r1 +signature:ecdsaWithSHA256 +validity:3650
\ No newline at end of file diff --git a/third_party/rust/cose/tools/certs/ee-p256.keyspec b/third_party/rust/cose/tools/certs/ee-p256.keyspec new file mode 100644 index 0000000000..562d46f945 --- /dev/null +++ b/third_party/rust/cose/tools/certs/ee-p256.keyspec @@ -0,0 +1 @@ +secp256r1
\ No newline at end of file diff --git a/third_party/rust/cose/tools/certs/ee-p384.certspec b/third_party/rust/cose/tools/certs/ee-p384.certspec new file mode 100644 index 0000000000..19be32edb2 --- /dev/null +++ b/third_party/rust/cose/tools/certs/ee-p384.certspec @@ -0,0 +1,6 @@ +issuer:int-p256 +subject:ee-p384 +issuerKey:secp256r1 +subjectKey:secp384r1 +signature:ecdsaWithSHA256 +validity:3650
\ No newline at end of file diff --git a/third_party/rust/cose/tools/certs/ee-p521.certspec b/third_party/rust/cose/tools/certs/ee-p521.certspec new file mode 100644 index 0000000000..b6cec39b08 --- /dev/null +++ b/third_party/rust/cose/tools/certs/ee-p521.certspec @@ -0,0 +1,6 @@ +issuer:int-p256 +subject:ee-p521 +issuerKey:secp256r1 +subjectKey:secp521r1 +signature:ecdsaWithSHA256 +validity:3650
\ No newline at end of file diff --git a/third_party/rust/cose/tools/certs/ee-rsa.certspec b/third_party/rust/cose/tools/certs/ee-rsa.certspec new file mode 100644 index 0000000000..27a0ff3bca --- /dev/null +++ b/third_party/rust/cose/tools/certs/ee-rsa.certspec @@ -0,0 +1,3 @@ +issuer:int-rsa +subject:ee-rsa +validity:3650 diff --git a/third_party/rust/cose/tools/certs/int-p256.certspec b/third_party/rust/cose/tools/certs/int-p256.certspec new file mode 100644 index 0000000000..8fec3584db --- /dev/null +++ b/third_party/rust/cose/tools/certs/int-p256.certspec @@ -0,0 +1,8 @@ +issuer:root-p256 +subject:int-p256 +issuerKey:secp256k1 +subjectKey:secp256r1 +signature:ecdsaWithSHA256 +extension:basicConstraints:cA, +extension:keyUsage:cRLSign,keyCertSign +validity:3650
\ No newline at end of file diff --git a/third_party/rust/cose/tools/certs/int-rsa.certspec b/third_party/rust/cose/tools/certs/int-rsa.certspec new file mode 100644 index 0000000000..e79c1ecc53 --- /dev/null +++ b/third_party/rust/cose/tools/certs/int-rsa.certspec @@ -0,0 +1,5 @@ +issuer:root-rsa +subject:int-rsa +extension:basicConstraints:cA, +extension:keyUsage:cRLSign,keyCertSign +validity:3650 diff --git a/third_party/rust/cose/tools/certs/root-p256.certspec b/third_party/rust/cose/tools/certs/root-p256.certspec new file mode 100644 index 0000000000..e44d96e226 --- /dev/null +++ b/third_party/rust/cose/tools/certs/root-p256.certspec @@ -0,0 +1,8 @@ +issuer:root-p256 +subject:root-p256 +issuerKey:secp256r1 +subjectKey:secp256r1 +signature:ecdsaWithSHA256 +extension:basicConstraints:cA, +extension:keyUsage:cRLSign,keyCertSign +validity:3650
\ No newline at end of file diff --git a/third_party/rust/cose/tools/certs/root-rsa.certspec b/third_party/rust/cose/tools/certs/root-rsa.certspec new file mode 100644 index 0000000000..39454648fa --- /dev/null +++ b/third_party/rust/cose/tools/certs/root-rsa.certspec @@ -0,0 +1,5 @@ +issuer:root-rsa +subject:root-rsa +extension:basicConstraints:cA, +extension:keyUsage:cRLSign,keyCertSign +validity:3650 |