MastersThesis/appendixes/gen_test_cert_ubuntu.sh

74 lines
3.1 KiB
Bash
Raw Normal View History

2024-04-19 12:16:07 +00:00
#!/bin/bash
# List of supported quantum-safe algorithms
list="dilithium2 dilithium3 dilithium5 falcon512 falcon1024 sphincssha2128fsimple sphincssha2128ssimple sphincssha2192fsimple
sphincssha2192ssimple sphincssha2256fsimple sphincssha2256ssimple sphincsshake128fsimple sphincsshake128ssimple
sphincsshake192fsimple sphincsshake192ssimple sphincsshake256fsimple sphincsshake256ssimple"
if [ "$#" -eq 0 ] ; then
echo "BLA"
else
# Check if input algorithm is in list of supported algos
# input: $1 - list, $2 - algorithm name
# @return - bool value 0/1
function list_include_item {
local list="$1"
local item="$2"
if [[ $list =~ (^|[[:space:]])"$item"($|[[:space:]]) ]] ; then
# yes, list include item
result=0
else
result=1
fi
return $result
}
# Change input argument (algo name) to lowercase value
lowercase_string=$(echo "$1" | tr '[:upper:]' '[:lower:]')
if `!(list_include_item "$list" "$lowercase_string")` ; then
echo "Unknown signature - check again"
else
echo "Name of the signature: $lowercase_string"
# PRE SCOTTA
openssl req -new -x509 -days 365 -newkey $lowercase_string -keyout "$lowercase_string"_CA.key -out "$lowercase_string"_CA.crt -nodes -config ./root.cnf
openssl req -new -newkey $lowercase_string -keyout "$lowercase_string"_intCA.key -out "$lowercase_string"_intCA.csr -nodes -config ./intermediate.cnf
openssl x509 -req -CAcreateserial -days 365 -extfile certificate-authority-options.conf -extensions v3_intermediate_ca -in "$lowercase_string"_intCA.csr -CA "$lowercase_string"_CA.crt -CAkey "$lowercase_string"_CA.key -out "$lowercase_string"_intCA.crt
openssl verify -CAfile "$lowercase_string"_CA.crt "$lowercase_string"_intCA.crt
openssl req -new -newkey $lowercase_string -keyout "$lowercase_string"_server.key -out "$lowercase_string"_server.csr -nodes -subj "/CN=TiigerTLS server" -config openssl.cnf
openssl x509 -req -in "$lowercase_string"_server.csr -CA "$lowercase_string"_intCA.crt -CAkey "$lowercase_string"_intCA.key -set_serial 01 -days 365 -out "$lowercase_string"_server.crt
openssl verify -CAfile "$lowercase_string"_CA.crt -untrusted "$lowercase_string"_intCA.crt "$lowercase_string"_server.crt
cat "$lowercase_string"_server.crt "$lowercase_string"_intCA.crt > "$lowercase_string"_certchain.pem
# PRE BPS
#openssl genpkey -algorithm $lowercase_string -out myCA.key
#openssl req -x509 -config certificate-authority-options.conf -new -nodes -key myCA.key -sha256 -days 1825 -out myCA.pem
#openssl genpkey -algorithm $lowercase_string -out client.key
#openssl req -config options.conf -new -key client.key -out client.csr
#openssl x509 -req -in client.csr -CA myCA.pem -CAkey myCA.key -CAcreateserial -out client.pem -days 1825
#openssl genpkey -algorithm $lowercase_string -out server.key
#openssl req -config options.conf -new -key server.key -out server.csr
#openssl x509 -req -in server.csr -CA myCA.pem -CAkey myCA.key -CAcreateserial -out server.pem -days 1825
#openssl verify -CAfile ./myCA.pem ./client.pem
#openssl verify -CAfile ./myCA.pem ./server.pem
fi
fi
openssl s_server -cert "$lowercase_string"_CA.crt -key "$lowercase_string"_CA.key -cert_chain "$lowercase_string"_certchain.pem -www -tls1_3 -groups kyber768