Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: research
Branches Tags
krackattacks
/
tests
/
hwsim
/
auth_serv
/
ica-generate.sh

ica-generate.sh 4.4 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687 
  1. #!/bin/sh
    2. 

  2. 

  3. OPENSSL=openssl
    4. 

  4. 

  5. echo
    6. 

  6. echo "---[ Intermediate CA - Server ]-----------------------------------------"
    7. 

  7. echo
    8. 

  8. 

  9. cat ec-ca-openssl.cnf |
    10. 

  10. 	sed "s/ec-ca/rootCA/" |
    11. 

  11. 	sed "s/#@CN@/commonName_default = Server Intermediate CA/" \
    12. 

  12. 	> openssl.cnf.tmp
    13. 

  13. mkdir -p iCA-server/certs iCA-server/crl iCA-server/newcerts iCA-server/private
    14. 

  14. touch iCA-server/index.txt
    15. 

  15. $OPENSSL req -config openssl.cnf.tmp -batch -new -newkey rsa:2048 -nodes -keyout iCA-server/private/cakey.pem -out iCA-server/careq.pem -outform PEM -days 3652 -sha256
    16. 

  16. $OPENSSL ca -config openssl.cnf.tmp -md sha256 -create_serial -out iCA-server/cacert.pem -days 3652 -batch -keyfile ca-key.pem -cert ca.pem -extensions v3_ca -outdir rootCA/newcerts -infiles iCA-server/careq.pem
    17. 

  17. cat iCA-server/cacert.pem ca.pem  > iCA-server/ca-and-root.pem
    18. 

  18. rm openssl.cnf.tmp
    19. 

  19. 

  20. echo
    21. 

  21. echo "---[ Intermediate CA - User ]-------------------------------------------"
    22. 

  22. echo
    23. 

  23. 

  24. cat ec-ca-openssl.cnf |
    25. 

  25. 	sed "s/ec-ca/rootCA/" |
    26. 

  26. 	sed "s/#@CN@/commonName_default = User Intermediate CA/" \
    27. 

  27. 	> openssl.cnf.tmp
    28. 

  28. mkdir -p iCA-user/certs iCA-user/crl iCA-user/newcerts iCA-user/private
    29. 

  29. touch iCA-user/index.txt
    30. 

  30. $OPENSSL req -config openssl.cnf.tmp -batch -new -newkey rsa:2048 -nodes -keyout iCA-user/private/cakey.pem -out iCA-user/careq.pem -outform PEM -days 3652 -sha256
    31. 

  31. $OPENSSL ca -config openssl.cnf.tmp -md sha256 -create_serial -out iCA-user/cacert.pem -days 3652 -batch -keyfile ca-key.pem -cert ca.pem -extensions v3_ca -outdir rootCA/newcerts -infiles iCA-user/careq.pem
    32. 

  32. cat iCA-user/cacert.pem ca.pem  > iCA-user/ca-and-root.pem
    33. 

  33. rm openssl.cnf.tmp
    34. 

  34. 

  35. echo
    36. 

  36. echo "---[ Server ]-----------------------------------------------------------"
    37. 

  37. echo
    38. 

  38. 

  39. cat ec-ca-openssl.cnf |
    40. 

  40. 	sed "s/ec-ca/iCA-server/" |
    41. 

  41. 	sed "s/#@CN@/commonName_default = server.w1.fi/" |
    42. 

  42. 	sed "s/#@ALTNAME@/subjectAltName=critical,DNS:server.w1.fi/" \
    43. 

  43. 	> openssl.cnf.tmp
    44. 

  44. $OPENSSL req -config openssl.cnf.tmp -batch -new -newkey rsa:2048 -nodes -keyout iCA-server/server.key -out iCA-server/server.req -outform PEM -sha256
    45. 

  45. $OPENSSL ca -config openssl.cnf.tmp -batch -keyfile iCA-server/private/cakey.pem -cert iCA-server/cacert.pem -create_serial -in iCA-server/server.req -out iCA-server/server.pem -extensions ext_server -md sha256
    46. 

  46. cat iCA-server/cacert.pem iCA-server/server.pem > iCA-server/server_and_ica.pem
    47. 

  47. rm openssl.cnf.tmp
    48. 

  48. 

  49. echo
    50. 

  50. echo "---[ Server - revoked ]-------------------------------------------------"
    51. 

  51. echo
    52. 

  52. 

  53. cat ec-ca-openssl.cnf |
    54. 

  54. 	sed "s/ec-ca/iCA-server/" |
    55. 

  55. 	sed "s/#@CN@/commonName_default = server-revoked.w1.fi/" |
    56. 

  56. 	sed "s/#@ALTNAME@/subjectAltName=critical,DNS:server-revoked.w1.fi/" \
    57. 

  57. 	> openssl.cnf.tmp
    58. 

  58. $OPENSSL req -config openssl.cnf.tmp -batch -new -newkey rsa:2048 -nodes -keyout iCA-server/server-revoked.key -out iCA-server/server-revoked.req -outform PEM -sha256
    59. 

  59. $OPENSSL ca -config openssl.cnf.tmp -batch -keyfile iCA-server/private/cakey.pem -cert iCA-server/cacert.pem -create_serial -in iCA-server/server-revoked.req -out iCA-server/server-revoked.pem -extensions ext_server -md sha256
    60. 

  60. $OPENSSL ca -config openssl.cnf.tmp -revoke iCA-server/server-revoked.pem -keyfile iCA-server/private/cakey.pem -cert iCA-server/cacert.pem
    61. 

  61. cat iCA-server/cacert.pem iCA-server/server-revoked.pem > iCA-server/server-revoked_and_ica.pem
    62. 

  62. rm openssl.cnf.tmp
    63. 

  63. 

  64. echo
    65. 

  65. echo "---[ User ]-----------------------------------------------------------"
    66. 

  66. echo
    67. 

  67. 

  68. cat ec-ca-openssl.cnf |
    69. 

  69. 	sed "s/ec-ca/iCA-user/" |
    70. 

  70. 	sed "s/#@CN@/commonName_default = user.w1.fi/" |
    71. 

  71. 	sed "s/#@ALTNAME@/subjectAltName=critical,DNS:user.w1.fi/" \
    72. 

  72. 	> openssl.cnf.tmp
    73. 

  73. $OPENSSL req -config openssl.cnf.tmp -batch -new -newkey rsa:2048 -nodes -keyout iCA-user/user.key -out iCA-user/user.req -outform PEM -sha256
    74. 

  74. $OPENSSL ca -config openssl.cnf.tmp -batch -keyfile iCA-user/private/cakey.pem -cert iCA-user/cacert.pem -create_serial -in iCA-user/user.req -out iCA-user/user.pem -extensions ext_client -md sha256
    75. 

  75. cat iCA-user/user.pem iCA-user/cacert.pem > iCA-user/user_and_ica.pem
    76. 

  76. rm openssl.cnf.tmp
    77. 

  77. 

  78. echo
    79. 

  79. echo "---[ Verify ]-----------------------------------------------------------"
    80. 

  80. echo
    81. 

  81. 

  82. $OPENSSL verify -CAfile ca.pem iCA-server/cacert.pem
    83. 

  83. $OPENSSL verify -CAfile ca.pem iCA-user/cacert.pem
    84. 

  84. $OPENSSL verify -CAfile ca.pem -untrusted iCA-server/cacert.pem iCA-server/server.pem
    85. 

  85. $OPENSSL verify -CAfile ca.pem -untrusted iCA-server/cacert.pem iCA-server/server-revoked.pem
    86. 

  86. $OPENSSL verify -CAfile ca.pem iCA-user/cacert.pem
    87. 

  87. $OPENSSL verify -CAfile ca.pem -untrusted iCA-user/cacert.pem iCA-user/user.pem
    88.