Accueil Explorer Aide
S'inscrire Connexion
wareck
/
krackattacks
1
0
Fork 0
Fichiers Tickets 0 Pull Requests 0 Wiki
Branche: research
Branches Tags
krackattacks
/
tests
/
hwsim
/
auth_serv
/
ec2-generate.sh

ec2-generate.sh 2.7 KB
Lien permanent Historique Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667 
  1. #!/bin/sh
    2. 

  2. 

  3. OPENSSL=openssl
    4. 

  4. 

  5. CURVE=secp384r1
    6. 

  6. DIGEST="-sha384"
    7. 

  7. DIGEST_CA="-md sha384"
    8. 

  8. 

  9. echo
    10. 

  10. echo "---[ Root CA ]----------------------------------------------------------"
    11. 

  11. echo
    12. 

  12. 

  13. cat ec-ca-openssl.cnf |
    14. 

  14. 	sed "s/#@CN@/commonName_default = Suite B 192-bit Root CA/" \
    15. 

  15. 	> ec-ca-openssl.cnf.tmp
    16. 

  16. $OPENSSL ecparam -out ec2-ca.key -name $CURVE -genkey
    17. 

  17. $OPENSSL req -config ec-ca-openssl.cnf.tmp -batch -x509 -new -key ec2-ca.key -out ec2-ca.pem -outform PEM -days 3650 $DIGEST
    18. 

  18. mkdir -p ec-ca/certs ec-ca/crl ec-ca/newcerts ec-ca/private
    19. 

  19. touch ec-ca/index.txt
    20. 

  20. rm ec-ca-openssl.cnf.tmp
    21. 

  21. 

  22. echo
    23. 

  23. echo "---[ Server ]-----------------------------------------------------------"
    24. 

  24. echo
    25. 

  25. 

  26. cat ec-ca-openssl.cnf |
    27. 

  27. 	sed "s/#@CN@/commonName_default = server.w1.fi/" |
    28. 

  28. 	sed "s/#@ALTNAME@/subjectAltName=critical,DNS:server.w1.fi/" \
    29. 

  29. 	> ec-ca-openssl.cnf.tmp
    30. 

  30. $OPENSSL ecparam -out ec2-server.key -name $CURVE -genkey
    31. 

  31. $OPENSSL req -config ec-ca-openssl.cnf.tmp -batch -new -nodes -key ec2-server.key -out ec2-server.req -outform PEM $DIGEST
    32. 

  32. $OPENSSL ca -config ec-ca-openssl.cnf.tmp -batch -keyfile ec2-ca.key -cert ec2-ca.pem -create_serial -in ec2-server.req -out ec2-server.pem -extensions ext_server $DIGEST_CA
    33. 

  33. rm ec-ca-openssl.cnf.tmp
    34. 

  34. 

  35. echo
    36. 

  36. echo "---[ User ]-------------------------------------------------------------"
    37. 

  37. echo
    38. 

  38. 

  39. cat ec-ca-openssl.cnf |
    40. 

  40. 	sed "s/#@CN@/commonName_default = user/" |
    41. 

  41. 	sed "s/#@ALTNAME@/subjectAltName=email:user@w1.fi/" \
    42. 

  42. 	> ec-ca-openssl.cnf.tmp
    43. 

  43. $OPENSSL ecparam -out ec2-user.key -name $CURVE -genkey
    44. 

  44. $OPENSSL req -config ec-ca-openssl.cnf.tmp -batch -new -nodes -key ec2-user.key -out ec2-user.req -outform PEM -extensions ext_client $DIGEST
    45. 

  45. $OPENSSL ca -config ec-ca-openssl.cnf.tmp -batch -keyfile ec2-ca.key -cert ec2-ca.pem -create_serial -in ec2-user.req -out ec2-user.pem -extensions ext_client $DIGEST_CA
    46. 

  46. rm ec-ca-openssl.cnf.tmp
    47. 

  47. 

  48. echo
    49. 

  49. echo "---[ User p256 ]--------------------------------------------------------"
    50. 

  50. echo
    51. 

  51. 

  52. cat ec-ca-openssl.cnf |
    53. 

  53. 	sed "s/#@CN@/commonName_default = user-p256/" |
    54. 

  54. 	sed "s/#@ALTNAME@/subjectAltName=email:user-p256@w1.fi/" \
    55. 

  55. 	> ec-ca-openssl.cnf.tmp
    56. 

  56. $OPENSSL ecparam -out ec2-user-p256.key -name prime256v1 -genkey
    57. 

  57. $OPENSSL req -config ec-ca-openssl.cnf.tmp -batch -new -nodes -key ec2-user-p256.key -out ec2-user-p256.req -outform PEM -extensions ext_client -sha256
    58. 

  58. $OPENSSL ca -config ec-ca-openssl.cnf.tmp -batch -keyfile ec2-ca.key -cert ec2-ca.pem -create_serial -in ec2-user-p256.req -out ec2-user-p256.pem -extensions ext_client -md sha256
    59. 

  59. rm ec-ca-openssl.cnf.tmp
    60. 

  60. 

  61. echo
    62. 

  62. echo "---[ Verify ]-----------------------------------------------------------"
    63. 

  63. echo
    64. 

  64. 

  65. $OPENSSL verify -CAfile ec2-ca.pem ec2-server.pem
    66. 

  66. $OPENSSL verify -CAfile ec2-ca.pem ec2-user.pem
    67. 

  67. $OPENSSL verify -CAfile ec2-ca.pem ec2-user-p256.pem
    68.