74 lines
3.1 KiB
Bash
74 lines
3.1 KiB
Bash
#!/bin/bash
|
|
|
|
# List of supported quantum-safe algorithms
|
|
list="dilithium2 dilithium3 dilithium5 falcon512 falcon1024 sphincssha2128fsimple sphincssha2128ssimple sphincssha2192fsimple
|
|
sphincssha2192ssimple sphincssha2256fsimple sphincssha2256ssimple sphincsshake128fsimple sphincsshake128ssimple
|
|
sphincsshake192fsimple sphincsshake192ssimple sphincsshake256fsimple sphincsshake256ssimple"
|
|
|
|
if [ "$#" -eq 0 ] ; then
|
|
echo "BLA"
|
|
else
|
|
|
|
# Check if input algorithm is in list of supported algos
|
|
# input: $1 - list, $2 - algorithm name
|
|
# @return - bool value 0/1
|
|
function list_include_item {
|
|
local list="$1"
|
|
local item="$2"
|
|
if [[ $list =~ (^|[[:space:]])"$item"($|[[:space:]]) ]] ; then
|
|
# yes, list include item
|
|
result=0
|
|
else
|
|
result=1
|
|
fi
|
|
return $result
|
|
}
|
|
|
|
# Change input argument (algo name) to lowercase value
|
|
lowercase_string=$(echo "$1" | tr '[:upper:]' '[:lower:]')
|
|
|
|
if `!(list_include_item "$list" "$lowercase_string")` ; then
|
|
echo "Unknown signature - check again"
|
|
else
|
|
echo "Name of the signature: $lowercase_string"
|
|
|
|
# PRE SCOTTA
|
|
openssl req -new -x509 -days 365 -newkey $lowercase_string -keyout "$lowercase_string"_CA.key -out "$lowercase_string"_CA.crt -nodes -config ./root.cnf
|
|
openssl req -new -newkey $lowercase_string -keyout "$lowercase_string"_intCA.key -out "$lowercase_string"_intCA.csr -nodes -config ./intermediate.cnf
|
|
openssl x509 -req -CAcreateserial -days 365 -extfile certificate-authority-options.conf -extensions v3_intermediate_ca -in "$lowercase_string"_intCA.csr -CA "$lowercase_string"_CA.crt -CAkey "$lowercase_string"_CA.key -out "$lowercase_string"_intCA.crt
|
|
openssl verify -CAfile "$lowercase_string"_CA.crt "$lowercase_string"_intCA.crt
|
|
openssl req -new -newkey $lowercase_string -keyout "$lowercase_string"_server.key -out "$lowercase_string"_server.csr -nodes -subj "/CN=TiigerTLS server" -config openssl.cnf
|
|
openssl x509 -req -in "$lowercase_string"_server.csr -CA "$lowercase_string"_intCA.crt -CAkey "$lowercase_string"_intCA.key -set_serial 01 -days 365 -out "$lowercase_string"_server.crt
|
|
|
|
openssl verify -CAfile "$lowercase_string"_CA.crt -untrusted "$lowercase_string"_intCA.crt "$lowercase_string"_server.crt
|
|
cat "$lowercase_string"_server.crt "$lowercase_string"_intCA.crt > "$lowercase_string"_certchain.pem
|
|
|
|
|
|
# PRE BPS
|
|
#openssl genpkey -algorithm $lowercase_string -out myCA.key
|
|
#openssl req -x509 -config certificate-authority-options.conf -new -nodes -key myCA.key -sha256 -days 1825 -out myCA.pem
|
|
|
|
#openssl genpkey -algorithm $lowercase_string -out client.key
|
|
#openssl req -config options.conf -new -key client.key -out client.csr
|
|
#openssl x509 -req -in client.csr -CA myCA.pem -CAkey myCA.key -CAcreateserial -out client.pem -days 1825
|
|
|
|
#openssl genpkey -algorithm $lowercase_string -out server.key
|
|
#openssl req -config options.conf -new -key server.key -out server.csr
|
|
#openssl x509 -req -in server.csr -CA myCA.pem -CAkey myCA.key -CAcreateserial -out server.pem -days 1825
|
|
|
|
#openssl verify -CAfile ./myCA.pem ./client.pem
|
|
#openssl verify -CAfile ./myCA.pem ./server.pem
|
|
|
|
fi
|
|
fi
|
|
|
|
openssl s_server -cert "$lowercase_string"_CA.crt -key "$lowercase_string"_CA.key -cert_chain "$lowercase_string"_certchain.pem -www -tls1_3 -groups kyber768
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|