Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: research
Branches Tags
krackattacks
/
tests
/
hwsim
/
auth_serv
/
ec-generate.sh

ec-generate.sh 2.0 KB
Permalink History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253 
  1. #!/bin/sh
    2. 

  2. 

  3. OPENSSL=openssl
    4. 

  4. 

  5. CURVE=prime256v1
    6. 

  6. DIGEST="-sha256"
    7. 

  7. DIGEST_CA="-md sha256"
    8. 

  8. 

  9. echo
    10. 

  10. echo "---[ Root CA ]----------------------------------------------------------"
    11. 

  11. echo
    12. 

  12. 

  13. cat ec-ca-openssl.cnf |
    14. 

  14. 	sed "s/#@CN@/commonName_default = Suite B 128-bit Root CA/" \
    15. 

  15. 	> ec-ca-openssl.cnf.tmp
    16. 

  16. $OPENSSL ecparam -out ec-ca.key -name $CURVE -genkey
    17. 

  17. $OPENSSL req -config ec-ca-openssl.cnf.tmp -batch -x509 -new -key ec-ca.key -out ec-ca.pem -outform PEM -days 3650 $DIGEST
    18. 

  18. mkdir -p ec-ca/certs ec-ca/crl ec-ca/newcerts ec-ca/private
    19. 

  19. touch ec-ca/index.txt
    20. 

  20. rm ec-ca-openssl.cnf.tmp
    21. 

  21. 

  22. echo
    23. 

  23. echo "---[ Server ]-----------------------------------------------------------"
    24. 

  24. echo
    25. 

  25. 

  26. cat ec-ca-openssl.cnf |
    27. 

  27. 	sed "s/#@CN@/commonName_default = server.w1.fi/" |
    28. 

  28. 	sed "s/#@ALTNAME@/subjectAltName=critical,DNS:server.w1.fi/" \
    29. 

  29. 	> ec-ca-openssl.cnf.tmp
    30. 

  30. $OPENSSL ecparam -out ec-server.key -name $CURVE -genkey
    31. 

  31. $OPENSSL req -config ec-ca-openssl.cnf.tmp -batch -new -nodes -key ec-server.key -out ec-server.req -outform PEM $DIGEST
    32. 

  32. $OPENSSL ca -config ec-ca-openssl.cnf.tmp -batch -keyfile ec-ca.key -cert ec-ca.pem -create_serial -in ec-server.req -out ec-server.pem -extensions ext_server $DIGEST_CA
    33. 

  33. rm ec-ca-openssl.cnf.tmp
    34. 

  34. 

  35. echo
    36. 

  36. echo "---[ User ]-------------------------------------------------------------"
    37. 

  37. echo
    38. 

  38. 

  39. cat ec-ca-openssl.cnf |
    40. 

  40. 	sed "s/#@CN@/commonName_default = user/" |
    41. 

  41. 	sed "s/#@ALTNAME@/subjectAltName=email:user@w1.fi/" \
    42. 

  42. 	> ec-ca-openssl.cnf.tmp
    43. 

  43. $OPENSSL ecparam -out ec-user.key -name $CURVE -genkey
    44. 

  44. $OPENSSL req -config ec-ca-openssl.cnf.tmp -batch -new -nodes -key ec-user.key -out ec-user.req -outform PEM -extensions ext_client $DIGEST
    45. 

  45. $OPENSSL ca -config ec-ca-openssl.cnf.tmp -batch -keyfile ec-ca.key -cert ec-ca.pem -create_serial -in ec-user.req -out ec-user.pem -extensions ext_client $DIGEST_CA
    46. 

  46. rm ec-ca-openssl.cnf.tmp
    47. 

  47. 

  48. echo
    49. 

  49. echo "---[ Verify ]-----------------------------------------------------------"
    50. 

  50. echo
    51. 

  51. 

  52. $OPENSSL verify -CAfile ec-ca.pem ec-server.pem
    53. 

  53. $OPENSSL verify -CAfile ec-ca.pem ec-user.pem
    54.