feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Certs with RSA-PSS sig

Browse Source 
Add support for parsing and verifying certificates with RSA-PSS
signatures. Including check PSS parameters in key with those in
signature algorithm.
Add support for parsing private RSA PSS key.
Add support for parsing public RSA PSS key.
This commit is contained in:
Sean Parkinson
2022-07-25 17:36:17 +10:00
parent b46693f8c8
commit fb531dacc2
65 changed files with 3150 additions and 77 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
certs/include.am
View File

@ -128,4 +128,5 @@ include certs/test/include.am
include certs/test-pathlen/include.am
include certs/intermediate/include.am
include certs/falcon/include.am
include certs/rsapss/include.am

12
certs/renewcerts.sh
View File

@ -619,10 +619,20 @@ run_renewcerts(){
echo "End of section"
echo "---------------------------------------------------------------------"
############################################################
########## generate RSA-PSS certificates ###################
############################################################
echo "Renewing RSA-PSS certificates"
cd rsapss
./renew-rsapss-certs.sh
cd ..
echo "End of section"
echo "---------------------------------------------------------------------"
############################################################
########## generate Ed25519 certificates ###################
############################################################
echo "Renewing Ed448 certificates"
echo "Renewing Ed25519 certificates"
cd ed25519
./gen-ed25519-certs.sh
cd ..

BIN
certs/rsapss/ca-3072-rsapss-key.der Normal file
View File

Binary file not shown.

11
certs/rsapss/ca-3072-rsapss-key.pem Normal file
View File

@ -0,0 +1,11 @@
-----BEGIN PUBLIC KEY-----
MIIBoDALBgkqhkiG9w0BAQoDggGPADCCAYoCggGBAMgqQMjrrnwYM8s4Uea3exFP
zeo1h2TZssrPSyHEhirHo28VPh7EmwOBSzpdU2IR4gjfl003PXhiUEAxKnBEGm1p
Sfx3uPJCCYaaXTnNhHsyijuwT7891AV+wKoopc6xKDpZ2RkQOtQfkQcHc1CkK9gY
HyL49GQ/E6DYYH5TTDuXcLw25b4xl0VV7aJbh7UbjmU9txUI0RIaquxOVjVwpz5Q
Zfc+MJwy27Ike4cCKScSNa2OwwIiE8JuU0XwFiGB5dW1kWCL11y7wnAG9lBBRTZ/
QUSJtpcjvnbXfHJ/6vQZEBfD34/NlyAEyx0DawmP13uEfSLF4hDLzBGqofVmhQ41
WozDiWEp0FxTLwlLkX7O4BLTzuvJUDw28Ka0+7XC3mGgrG+8fu9TCJ+xGK1b4wEj
3hGlH33VtvRyHVN1ZozbYR7p6zzzSWmCtiBrKQOhvlXkTPglp6ij4z8yH66nKptr
Vt3JWrEaAaAT0o6aLNt+/VsOLu+Sac7y3u/QLwkOZwIDAQAB
-----END PUBLIC KEY-----

BIN
certs/rsapss/ca-3072-rsapss-priv.der Normal file
View File

Binary file not shown.

40
certs/rsapss/ca-3072-rsapss-priv.pem Normal file
View File

@ -0,0 +1,40 @@
-----BEGIN PRIVATE KEY-----
MIIG/AIBADALBgkqhkiG9w0BAQoEggboMIIG5AIBAAKCAYEAyCpAyOuufBgzyzhR
5rd7EU/N6jWHZNmyys9LIcSGKsejbxU+HsSbA4FLOl1TYhHiCN+XTTc9eGJQQDEq
cEQabWlJ/He48kIJhppdOc2EezKKO7BPvz3UBX7AqiilzrEoOlnZGRA61B+RBwdz
UKQr2BgfIvj0ZD8ToNhgflNMO5dwvDblvjGXRVXtoluHtRuOZT23FQjREhqq7E5W
NXCnPlBl9z4wnDLbsiR7hwIpJxI1rY7DAiITwm5TRfAWIYHl1bWRYIvXXLvCcAb2
UEFFNn9BRIm2lyO+dtd8cn/q9BkQF8Pfj82XIATLHQNrCY/Xe4R9IsXiEMvMEaqh
9WaFDjVajMOJYSnQXFMvCUuRfs7gEtPO68lQPDbwprT7tcLeYaCsb7x+71MIn7EY
rVvjASPeEaUffdW29HIdU3VmjNthHunrPPNJaYK2IGspA6G+VeRM+CWnqKPjPzIf
rqcqm2tW3clasRoBoBPSjpos2379Ww4u75JpzvLe79AvCQ5nAgMBAAECggGAEW40
hAqaAC5vXDQEVc4GhoRnjwyoRKz8d9LDXSZq9JC797Fm3nEKeqyoq2VzHGgoQdOO
rmewD6qoCF7/rhUQJBT2H2khjt8XS0Rn99+guMW26em5mBK/Qtc92dN+VNhyg1pN
oHQcW1qAW5dXgF87fi7jjz0UsyIXCHuvM3D3g3z1kT5KlVxmKuCHuAq2b5v9s21D
Yy6IXkY6Oie8NB0iQzfnGTeuLfvzy7iHlUMn6EIasIltC+OByv2mfMGie7p+7IWq
bzRf3cBTiR6ozEIfDobVT+RQbc3Zj6nLI63Lt1ANGLL3j4bcCTKmteNwaCYiDVBU
9cYhuoSUcnegZHkhnFjnY+PoqE8TIWp+nAY97Ptz8s8aMXP6vZ6j2KV8HJgqj18w
05x6cyvCPMXOh2ZJvn7daDRFL+o5Fj+rWch202gsTxqbPzqtph8OxMMyCZMbXHrw
GkDNhRlg22MjfLpiKYZKfPC6dX8GVywuc8O7qwBUBB4QH+w8myitVCj7h2QRAoHB
AP28yltlAlpIPovARsscof3ntn4koamcdLjtFxVeLRz/4DsBLH2Oa0vOu67Y/dH9
FunmPO6B7TqnE41pf1qBNhmWDwIb/eRD9bLQStW9Vd6jg42Z76+LVgjjAk1bXoUz
nNvNQhzfW9H6NgsqJhH+b07YhyI9qJCIWwGRcl9+C4XZXTxSY1qDDIL4KzsyK2SW
LsOcSK67VJisUsiVeq05yjTSzy6upjXgYVAoMqGRlKxw1RH/o2F5ovvkBYB90sws
DwKBwQDJ8ywW1YC3nuyRgX9B5+MGFnNIOnP5lSHuNf06o7hRY7ikpC9ZMSaIgZqZ
Fly6ZcBeja+rZuwmYQ4lmjpUfcY1mORsljSW+M8cobUIf9YDmc2MfZs0961sR4eR
fxSkDez819jn0iT4MiMqKzOBiRdvVw07UScpneC0coQ4j6nNaUoHg1/KIRIGrA5K
SZjK6LWsdulGMJp6u1K0ms+gOj6Jp2CO4xvpdl7EWKT/SDo4S8pVnQAvNSXE9cwT
IFBKACkCgcAkyeCVC7ohmOPoo0IgZNBf3d6pv2npC5Qo08dLA9KKp9a891iaA7Iu
1ZSEr1VtwsI1u3oOIqxgmqTNFgSu/Jj5cLZQWfqfw/K1sFmJT+BJXW/Pcgg8bXlV
5IQK7zpvGaKeg84YHZJUiXCYgc3vQfKlfeNp5YKxIfP/8DSi/8Vv7KoF+vQIxYNk
4dJyzL1Z4iR5nAk1vFdxo1qFVpbo0r4slnwPiqbynMu/MXTV1CO4NMvPxj7L/TTS
TKc3kAamL6UCgcEAi2Y1ytU5coZbGd1fsGiWhv88OGFQ6LkOoNXXpICanGPPcqZ6
oICS7qs3wfBztZ7C+QGofxIedCeOkloxZV0kUp7lHidYydWZcVQWGHXVjsq93fpe
BmPo69M8OyyTXOLX8Xg1G2AtcL17FIKZnRK6gHqAga907v8xup1Js5lHRqklFqaS
mn3VaZGek5zVwUp9DT1PrMmj+JAReOVb6GgL/wzwU/FktPSmWbYuvqBmv7FhS1OC
axOurJRWd+VYRpxxAoHBAOWBLmlWOGpOfr1r35I3+qrAQRtApEXplHCnCNc1ngIJ
bquSIAfEQCVlJBkE2OPxApqQ6WmU60TbOnuLzBZWh391wiFMEt3j1z9/ExUJjEhq
ub0VwhSI+Zm8wI3nIKf55JbO/H4diO2boOFs6hGFf7AM6yzmH3Pw3l9y+nXga+rp
aT/gIcqdz2mVpm3DiI4tNaSljyhvtJXrv7KDK6G0IPz5489619agwzU3sTLATeSD
M18AEXr2oS6sXtflRhcdDw==
-----END PRIVATE KEY-----

BIN
certs/rsapss/ca-3072-rsapss.der Normal file
View File

Binary file not shown.

116
certs/rsapss/ca-3072-rsapss.pem Normal file
View File

@ -0,0 +1,116 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: rsassaPss
Hash Algorithm: sha384
Mask Algorithm: mgf1 with sha384
Salt Length: 0x014E
Trailer Field: 0xBC (default)
Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSA-PSS, OU = Root-RSA-PSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
Validity
Not Before: Jul 25 02:27:55 2022 GMT
Not After : Apr 20 02:27:55 2025 GMT
Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSAPSS, OU = CA-RSAPSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
Subject Public Key Info:
Public Key Algorithm: rsassaPss
RSA-PSS Public-Key: (3072 bit)
Modulus:
00:c8:2a:40:c8:eb:ae:7c:18:33:cb:38:51:e6:b7:
7b:11:4f:cd:ea:35:87:64:d9:b2:ca:cf:4b:21:c4:
86:2a:c7:a3:6f:15:3e:1e:c4:9b:03:81:4b:3a:5d:
53:62:11:e2:08:df:97:4d:37:3d:78:62:50:40:31:
2a:70:44:1a:6d:69:49:fc:77:b8:f2:42:09:86:9a:
5d:39:cd:84:7b:32:8a:3b:b0:4f:bf:3d:d4:05:7e:
c0:aa:28:a5:ce:b1:28:3a:59:d9:19:10:3a:d4:1f:
91:07:07:73:50:a4:2b:d8:18:1f:22:f8:f4:64:3f:
13:a0:d8:60:7e:53:4c:3b:97:70:bc:36:e5:be:31:
97:45:55:ed:a2:5b:87:b5:1b:8e:65:3d:b7:15:08:
d1:12:1a:aa:ec:4e:56:35:70:a7:3e:50:65:f7:3e:
30:9c:32:db:b2:24:7b:87:02:29:27:12:35:ad:8e:
c3:02:22:13:c2:6e:53:45:f0:16:21:81:e5:d5:b5:
91:60:8b:d7:5c:bb:c2:70:06:f6:50:41:45:36:7f:
41:44:89:b6:97:23:be:76:d7:7c:72:7f:ea:f4:19:
10:17:c3:df:8f:cd:97:20:04:cb:1d:03:6b:09:8f:
d7:7b:84:7d:22:c5:e2:10:cb:cc:11:aa:a1:f5:66:
85:0e:35:5a:8c:c3:89:61:29:d0:5c:53:2f:09:4b:
91:7e:ce:e0:12:d3:ce:eb:c9:50:3c:36:f0:a6:b4:
fb:b5:c2:de:61:a0:ac:6f:bc:7e:ef:53:08:9f:b1:
18:ad:5b:e3:01:23:de:11:a5:1f:7d:d5:b6:f4:72:
1d:53:75:66:8c:db:61:1e:e9:eb:3c:f3:49:69:82:
b6:20:6b:29:03:a1:be:55:e4:4c:f8:25:a7:a8:a3:
e3:3f:32:1f:ae:a7:2a:9b:6b:56:dd:c9:5a:b1:1a:
01:a0:13:d2:8e:9a:2c:db:7e:fd:5b:0e:2e:ef:92:
69:ce:f2:de:ef:d0:2f:09:0e:67
Exponent: 65537 (0x10001)
No PSS parameter restrictions
X509v3 extensions:
X509v3 Subject Key Identifier:
F8:42:CC:88:C9:C8:18:F9:D3:B0:24:65:06:4C:FF:55:AB:BF:0E:7F
X509v3 Authority Key Identifier:
keyid:AA:71:D3:B1:8A:4B:BB:47:15:47:5F:9B:D0:2B:69:D1:6F:85:5E:F6
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage: critical
Digital Signature, Certificate Sign, CRL Sign
Signature Algorithm: rsassaPss
Hash Algorithm: sha384
Mask Algorithm: mgf1 with sha384
Salt Length: 0x014E
Trailer Field: 0xBC (default)
39:a8:ef:b1:66:08:50:0b:5e:cb:b2:29:8c:9b:b1:be:21:44:
d6:d8:97:1d:45:dc:52:70:f1:de:ac:74:65:03:6b:af:a0:f0:
21:61:ce:23:39:33:c8:cb:1e:8f:77:12:1e:5b:99:0c:e1:1b:
75:cf:1d:d7:12:86:cc:fc:86:90:0f:45:ea:8b:08:47:08:ac:
56:44:31:f2:c9:23:6b:d5:30:ca:5f:49:b0:4b:8b:36:bd:5c:
92:fa:86:34:57:80:30:93:29:59:19:a4:dd:f9:91:26:8a:49:
b4:ee:93:aa:e1:b2:06:f6:2f:2a:d9:5b:6d:f9:7c:04:4f:1c:
7a:cc:8e:39:c2:98:3a:bd:b9:a2:24:82:8f:e4:d8:80:47:73:
84:6e:bc:20:5c:ac:79:72:a7:6f:e3:c8:3a:9c:cc:83:b1:1f:
e2:65:3b:a1:f5:86:1a:33:53:bc:05:ba:6a:b1:bc:a7:b4:c1:
44:8c:0a:cc:c2:15:da:c1:dd:dc:31:91:46:5b:48:d8:ea:03:
78:e1:1f:ce:79:19:c8:6e:d6:3f:4c:f5:3b:b3:e7:2e:b7:46:
0c:58:cd:ca:56:a6:88:fb:fd:12:d1:27:80:5a:a2:51:96:f8:
4c:65:8d:71:0b:84:ca:94:f9:9f:c9:38:62:a3:64:cd:91:44:
50:ed:bb:c0:1d:9b:b8:a4:57:b1:7a:2e:44:57:a5:15:ba:cc:
b3:62:f5:46:aa:cd:fb:53:d3:ed:ef:e3:f4:b2:9b:3f:29:d0:
00:8c:19:61:48:b6:da:74:27:05:69:7b:df:04:0e:e2:f1:0f:
1a:fa:92:70:79:78:86:52:60:e1:4d:4e:66:14:ba:86:e2:4e:
dd:e0:d0:f3:c0:2d:6d:3a:16:00:1d:c6:9c:27:6f:a6:5f:21:
4c:e4:82:14:95:d1:a7:4a:15:13:ba:d8:65:ad:34:a2:93:3a:
d1:49:12:4d:f2:97:f3:e2:8a:83:d2:bf:84:84:c6:87:70:c9:
38:e0:5f:fe:7f:38
-----BEGIN CERTIFICATE-----
MIIFjzCCA8agAwIBAgIBATA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCAqEa
MBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiBAICAU4wgZ0xCzAJBgNVBAYTAlVT
MRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRgwFgYDVQQKDA93
b2xmU1NMX1JTQS1QU1MxFTATBgNVBAsMDFJvb3QtUlNBLVBTUzEYMBYGA1UEAwwP
d3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29t
MB4XDTIyMDcyNTAyMjc1NVoXDTI1MDQyMDAyMjc1NVowgbIxCzAJBgNVBAYTAlVT
MRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRcwFQYDVQQKDA53
b2xmU1NMX1JTQVBTUzESMBAGA1UECwwJQ0EtUlNBUFNTMRgwFgYDVQQDDA93d3cu
d29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20xFzAV
BgoJkiaJk/IsZAEBDAd3b2xmU1NMMIIBoDALBgkqhkiG9w0BAQoDggGPADCCAYoC
ggGBAMgqQMjrrnwYM8s4Uea3exFPzeo1h2TZssrPSyHEhirHo28VPh7EmwOBSzpd
U2IR4gjfl003PXhiUEAxKnBEGm1pSfx3uPJCCYaaXTnNhHsyijuwT7891AV+wKoo
pc6xKDpZ2RkQOtQfkQcHc1CkK9gYHyL49GQ/E6DYYH5TTDuXcLw25b4xl0VV7aJb
h7UbjmU9txUI0RIaquxOVjVwpz5QZfc+MJwy27Ike4cCKScSNa2OwwIiE8JuU0Xw
FiGB5dW1kWCL11y7wnAG9lBBRTZ/QUSJtpcjvnbXfHJ/6vQZEBfD34/NlyAEyx0D
awmP13uEfSLF4hDLzBGqofVmhQ41WozDiWEp0FxTLwlLkX7O4BLTzuvJUDw28Ka0
+7XC3mGgrG+8fu9TCJ+xGK1b4wEj3hGlH33VtvRyHVN1ZozbYR7p6zzzSWmCtiBr
KQOhvlXkTPglp6ij4z8yH66nKptrVt3JWrEaAaAT0o6aLNt+/VsOLu+Sac7y3u/Q
LwkOZwIDAQABo2MwYTAdBgNVHQ4EFgQU+ELMiMnIGPnTsCRlBkz/Vau/Dn8wHwYD
VR0jBBgwFoAUqnHTsYpLu0cVR1+b0Ctp0W+FXvYwDwYDVR0TAQH/BAUwAwEB/zAO
BgNVHQ8BAf8EBAMCAYYwPgYJKoZIhvcNAQEKMDGgDTALBglghkgBZQMEAgKhGjAY
BgkqhkiG9w0BAQgwCwYJYIZIAWUDBAICogQCAgFOA4IBgQA5qO+xZghQC17LsimM
m7G+IUTW2JcdRdxScPHerHRlA2uvoPAhYc4jOTPIyx6PdxIeW5kM4Rt1zx3XEobM
/IaQD0XqiwhHCKxWRDHyySNr1TDKX0mwS4s2vVyS+oY0V4AwkylZGaTd+ZEmikm0
7pOq4bIG9i8q2Vtt+XwETxx6zI45wpg6vbmiJIKP5NiAR3OEbrwgXKx5cqdv48g6
nMyDsR/iZTuh9YYaM1O8BbpqsbyntMFEjArMwhXawd3cMZFGW0jY6gN44R/OeRnI
btY/TPU7s+cut0YMWM3KVqaI+/0S0SeAWqJRlvhMZY1xC4TKlPmfyThio2TNkURQ
7bvAHZu4pFexei5EV6UVusyzYvVGqs37U9Pt7+P0sps/KdAAjBlhSLbadCcFaXvf
BA7i8Q8a+pJweXiGUmDhTU5mFLqG4k7d4NDzwC1tOhYAHcacJ2+mXyFM5IIUldGn
ShUTuthlrTSikzrRSRJN8pfz4oqD0r+EhMaHcMk44F/+fzg=
-----END CERTIFICATE-----

BIN
certs/rsapss/ca-rsapss-key.der Normal file
View File

Binary file not shown.

10
certs/rsapss/ca-rsapss-key.pem Normal file
View File

@ -0,0 +1,10 @@
-----BEGIN PUBLIC KEY-----
MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAaEaMBgGCSqGSIb3DQEB
CDALBglghkgBZQMEAgGiAwIBIAOCAQ8AMIIBCgKCAQEA1g7HUE0p9aii1ClbWPK8
LSfeiEkahBkrhI2U0XgS1nsU2NKCJJWr/k9V++BV/Dk3e0GAtJhvf8W3Pjf4Xx0v
EjGI+Ys7AIXmNqUXP5qkvkj/ejYiLCPUn1tS0RfRwfJpGdgyxfd57IMZh+MToENe
sekD7bQIzXsUaA8lT5DwBKe7CIkI3HZOcEkEQU2/t393eWrvaEtil44zkTIq42MV
R/ZhpCbbAgS2V8Cn8KrsIHKRwzKrmH+Exuhf1uAa0iSxx1C7c4feKsPixGAyuORa
W7XkKYyLKGu7Gtw8/rnvnokoYLqkQGbVu+Bif6cr4Q845jPqshAOFMg/h5//iyjM
HQIDAQAB
-----END PUBLIC KEY-----

BIN
certs/rsapss/ca-rsapss-priv.der Normal file
View File

Binary file not shown.

29
certs/rsapss/ca-rsapss-priv.pem Normal file
View File

@ -0,0 +1,29 @@
-----BEGIN PRIVATE KEY-----
MIIE7AIBADA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAaEaMBgGCSqGSIb3
DQEBCDALBglghkgBZQMEAgGiAwIBIASCBKYwggSiAgEAAoIBAQDWDsdQTSn1qKLU
KVtY8rwtJ96ISRqEGSuEjZTReBLWexTY0oIklav+T1X74FX8OTd7QYC0mG9/xbc+
N/hfHS8SMYj5izsAheY2pRc/mqS+SP96NiIsI9SfW1LRF9HB8mkZ2DLF93nsgxmH
4xOgQ16x6QPttAjNexRoDyVPkPAEp7sIiQjcdk5wSQRBTb+3f3d5au9oS2KXjjOR
MirjYxVH9mGkJtsCBLZXwKfwquwgcpHDMquYf4TG6F/W4BrSJLHHULtzh94qw+LE
YDK45FpbteQpjIsoa7sa3Dz+ue+eiShguqRAZtW74GJ/pyvhDzjmM+qyEA4UyD+H
n/+LKMwdAgMBAAECggEAQG0QRjYDVAHeiDauXLYqNvkR/DjsdyfQNkQar3URTmab
Hqs1Kme17YPZYEbj+lcKQNm1MCXVIULT5TEZWx9AhJxOGrVyG7UxVe8YcTdNMExu
QE08ucZK/2+QHIirxFD+mx28ImNa2fmXXJPW21yLisaUPR37rETIHo24cBsycmOw
dO25ggGtIX2M5nI75P9p7+jG7vnfDKkn7ER5exGVrF1dED14wra0PUI9yBkjX0Pu
j053crZUcpZMivERWzoGmRA4/leLcTBM/6k7JNoSP+NPIvOm0tDtdDCwos6/wqMw
UlBWBHXWKYlnpYByLGWs+NTZuI/3AAq4Tz3eNX7egQKBgQDta9NSRgEvyXgry9Xv
PV77LBCXyha4FbCS+J3B8sXaGTLZ66zZia2abSRh6/f4HJ9T975tmsKycvcgbdMx
znO4VX+hrOzPYLEug0K3j6SWd8ogvUYfcHe3jqlEac8djfq9lL0/+b2oJGDkUKnM
mOz6WKmfJTora22P8zJ8dgt/vQKBgQDmzuvNQGhwINFBewVkUxjAUWs6sTVucva7
qd/19OwUIZPDjnIGI9GMY2G21ez8mfgM8NToqyHyl+nwa5y7yy2b18PPXO2agYA6
E2BIoor8q+y14g6rEsRDOzzWP0sdAp49CpA5wuEouFN+Wn4IJX8JFosHGK6yNn+h
hk4PNMST4QKBgExBGnFNTKpFghRG9qJNSslPQNEPtjZPuROrSDf3unYvK7b0S+Le
pmR383yD5nPI9Z9pbb8UOr5H0HmY7IENtvsYctLBkJmWi7HNtMryFsHBHalgQTpt
y/Wnm1P+y+fJJyRmtlXq53AupvQNuEufPlW1zlzv/vvdGCZozOlOnKjdAoGACjox
CK9J8W4C17vzyTZFaoAxGDCyBWris/4bBnML4vh567hsJQmBR48/zTI9hhPsgeZK
COVMY8uHejfKgifGpZkx/AZKIQaMAAbLxWwubHPR0V1q+Pmj6La/Q18anPZ4vIuz
SFvyTjOcv4STARloP6bYEkBtvUfc7/NbkiDsdQECgYB5e44XdK+5zu+dOUEoN2IR
Jn3YKDJD11Mu7iokFIAnaFC+JUWGUvCPxH8x/UIZ0dFGaak1cbRlfn+xN5SsVxj6
TZRDmarSQMe7awXUyNw8VHXfHgDFwLMJYC/farwtqH/C0b3DQb8Qq+qlqbj7tzRT
nHPf/IrgYLxWJSKZ/3nvvQ==
-----END PRIVATE KEY-----

BIN
certs/rsapss/ca-rsapss.der Normal file
View File

Binary file not shown.

101
certs/rsapss/ca-rsapss.pem Normal file
View File

@ -0,0 +1,101 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: rsassaPss
Hash Algorithm: sha256
Mask Algorithm: mgf1 with sha256
Salt Length: 0x20
Trailer Field: 0xBC (default)
Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSA-PSS, OU = Root-RSA-PSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
Validity
Not Before: Jul 25 02:27:55 2022 GMT
Not After : Apr 20 02:27:55 2025 GMT
Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSAPSS, OU = CA-RSAPSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
Subject Public Key Info:
Public Key Algorithm: rsassaPss
RSA-PSS Public-Key: (2048 bit)
Modulus:
00:d6:0e:c7:50:4d:29:f5:a8:a2:d4:29:5b:58:f2:
bc:2d:27:de:88:49:1a:84:19:2b:84:8d:94:d1:78:
12:d6:7b:14:d8:d2:82:24:95:ab:fe:4f:55:fb:e0:
55:fc:39:37:7b:41:80:b4:98:6f:7f:c5:b7:3e:37:
f8:5f:1d:2f:12:31:88:f9:8b:3b:00:85:e6:36:a5:
17:3f:9a:a4:be:48:ff:7a:36:22:2c:23:d4:9f:5b:
52:d1:17:d1:c1:f2:69:19:d8:32:c5:f7:79:ec:83:
19:87:e3:13:a0:43:5e:b1:e9:03:ed:b4:08:cd:7b:
14:68:0f:25:4f:90:f0:04:a7:bb:08:89:08:dc:76:
4e:70:49:04:41:4d:bf:b7:7f:77:79:6a:ef:68:4b:
62:97:8e:33:91:32:2a:e3:63:15:47:f6:61:a4:26:
db:02:04:b6:57:c0:a7:f0:aa:ec:20:72:91:c3:32:
ab:98:7f:84:c6:e8:5f:d6:e0:1a:d2:24:b1:c7:50:
bb:73:87:de:2a:c3:e2:c4:60:32:b8:e4:5a:5b:b5:
e4:29:8c:8b:28:6b:bb:1a:dc:3c:fe:b9:ef:9e:89:
28:60:ba:a4:40:66:d5:bb:e0:62:7f:a7:2b:e1:0f:
38:e6:33:ea:b2:10:0e:14:c8:3f:87:9f:ff:8b:28:
cc:1d
Exponent: 65537 (0x10001)
PSS parameter restrictions:
Hash Algorithm: sha256
Mask Algorithm: mgf1 with sha256
Minimum Salt Length: 0x20
Trailer Field: 0xBC (default)
X509v3 extensions:
X509v3 Subject Key Identifier:
9E:0C:E0:D3:DF:B6:4B:F3:19:63:5C:CA:6C:93:86:A2:14:53:91:31
X509v3 Authority Key Identifier:
keyid:64:D5:EC:82:87:80:DE:5A:ED:49:98:D8:0C:54:7D:46:9E:A5:3C:D6
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage: critical
Digital Signature, Certificate Sign, CRL Sign
Signature Algorithm: rsassaPss
Hash Algorithm: sha256
Mask Algorithm: mgf1 with sha256
Salt Length: 0x20
Trailer Field: 0xBC (default)
32:66:7b:22:4b:80:fc:7a:81:5a:11:1d:1b:d8:a6:26:a9:38:
6f:f8:c5:cb:80:47:0c:08:cc:12:a4:7a:17:8e:d6:a5:a8:cb:
df:ea:b7:77:b4:df:e5:92:ba:7f:9b:a2:71:0d:7d:7a:36:29:
bd:03:7b:52:65:0d:79:ae:c3:ac:e8:a4:75:c6:28:c0:05:33:
51:f4:85:37:0e:9c:03:dc:51:3d:5d:55:88:17:da:b5:c5:b1:
91:a5:a9:40:91:07:a3:0c:17:75:f9:fa:52:43:94:21:40:24:
8c:31:f3:4a:5e:96:86:20:9b:37:87:a4:56:ac:4f:ac:e6:a6:
0c:05:cc:62:b2:0a:62:63:04:5f:dc:52:46:db:12:5e:16:2b:
62:00:fa:30:5f:04:33:28:0c:a6:6c:49:cb:35:ad:f4:d5:57:
cb:16:7c:f4:8c:99:22:e4:e1:f4:97:e4:df:b2:1f:62:8f:50:
2e:43:aa:cf:c7:86:ae:da:7f:b7:eb:16:cb:28:c2:bc:80:7b:
f2:7f:16:60:88:0e:49:aa:d3:2a:92:54:38:a4:09:be:79:e1:
1d:6f:b1:95:0c:02:f9:e7:f4:4b:b8:44:4a:e2:db:02:08:b3:
e6:79:d5:d0:bd:34:8f:cc:8e:19:28:48:07:7b:d0:b2:31:ba:
db:e2:e0:3f
-----BEGIN CERTIFICATE-----
MIIEvzCCA3egAwIBAgIBATA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAaEa
MBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiAwIBIDCBnTELMAkGA1UEBhMCVVMx
EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xGDAWBgNVBAoMD3dv
bGZTU0xfUlNBLVBTUzEVMBMGA1UECwwMUm9vdC1SU0EtUFNTMRgwFgYDVQQDDA93
d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20w
HhcNMjIwNzI1MDIyNzU1WhcNMjUwNDIwMDIyNzU1WjCBsjELMAkGA1UEBhMCVVMx
EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFzAVBgNVBAoMDndv
bGZTU0xfUlNBUFNTMRIwEAYDVQQLDAlDQS1SU0FQU1MxGDAWBgNVBAMMD3d3dy53
b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTEXMBUG
CgmSJomT8ixkAQEMB3dvbGZTU0wwggFSMD0GCSqGSIb3DQEBCjAwoA0wCwYJYIZI
AWUDBAIBoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAaIDAgEgA4IBDwAwggEK
AoIBAQDWDsdQTSn1qKLUKVtY8rwtJ96ISRqEGSuEjZTReBLWexTY0oIklav+T1X7
4FX8OTd7QYC0mG9/xbc+N/hfHS8SMYj5izsAheY2pRc/mqS+SP96NiIsI9SfW1LR
F9HB8mkZ2DLF93nsgxmH4xOgQ16x6QPttAjNexRoDyVPkPAEp7sIiQjcdk5wSQRB
Tb+3f3d5au9oS2KXjjORMirjYxVH9mGkJtsCBLZXwKfwquwgcpHDMquYf4TG6F/W
4BrSJLHHULtzh94qw+LEYDK45FpbteQpjIsoa7sa3Dz+ue+eiShguqRAZtW74GJ/
pyvhDzjmM+qyEA4UyD+Hn/+LKMwdAgMBAAGjYzBhMB0GA1UdDgQWBBSeDODT37ZL
8xljXMpsk4aiFFORMTAfBgNVHSMEGDAWgBRk1eyCh4DeWu1JmNgMVH1GnqU81jAP
BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjA9BgkqhkiG9w0BAQowMKAN
MAsGCWCGSAFlAwQCAaEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiAwIBIAOC
AQEAMmZ7IkuA/HqBWhEdG9imJqk4b/jFy4BHDAjMEqR6F47WpajL3+q3d7Tf5ZK6
f5uicQ19ejYpvQN7UmUNea7DrOikdcYowAUzUfSFNw6cA9xRPV1ViBfatcWxkaWp
QJEHowwXdfn6UkOUIUAkjDHzSl6WhiCbN4ekVqxPrOamDAXMYrIKYmMEX9xSRtsS
XhYrYgD6MF8EMygMpmxJyzWt9NVXyxZ89IyZIuTh9Jfk37IfYo9QLkOqz8eGrtp/
t+sWyyjCvIB78n8WYIgOSarTKpJUOKQJvnnhHW+xlQwC+ef0S7hESuLbAgiz5nnV
0L00j8yOGShIB3vQsjG62+LgPw==
-----END CERTIFICATE-----

BIN
certs/rsapss/client-3072-rsapss-key.der Normal file
View File

Binary file not shown.

11
certs/rsapss/client-3072-rsapss-key.pem Normal file
View File

@ -0,0 +1,11 @@
-----BEGIN PUBLIC KEY-----
MIIBoDALBgkqhkiG9w0BAQoDggGPADCCAYoCggGBALsGKOR/yUF2vibGqboI5jWc
M6A8W6uVI9drYdMui43tHNlXrhpp4s5liC5lD8vxecssRpY+P1tZ5be1sTx8JuRW
IVFdBHnZf1xxVOkemcH3vmwPe+9GjUAOo2vOmJtsDW3TJJ2e6GglnEZgkjdicyF3
Gr1c8BFt7rlvso42VD7hcms2yYhIhhhs+Nex4OTXDCoVzJIzhL1xGgdwqgMk4c7C
KLjjg/+6GVC3riL9++twcLAtF6A+qoVQQ2IkXQBRuBH62MYGQAe9SrBCcFLPF5Wx
U/xojRO+oA7ES8sXcs3NCy7/ZkJQzHZ9cE59Yxbl2uH7mWwdBmyr7tM2Tsc0X/fQ
HlD9/kE5KVzhx7/EUDZ1ijZNCWrKKswatw2LFm1IBzlh9cgHWpy/0qXxOTt+v2Ix
k7opWskJ1wAwPtgYjJ6nKHVJqok03loUKV38RwWraoQPVyxkqzuYs9ZIutvxA9Ag
95/vfVJQKONI7Sk+/v+Go2Q9fymio5NS5WrDqRNEzwIDAQAB
-----END PUBLIC KEY-----

BIN
certs/rsapss/client-3072-rsapss-priv.der Normal file
View File

Binary file not shown.

40
certs/rsapss/client-3072-rsapss-priv.pem Normal file
View File

@ -0,0 +1,40 @@
-----BEGIN PRIVATE KEY-----
MIIG+wIBADALBgkqhkiG9w0BAQoEggbnMIIG4wIBAAKCAYEAuwYo5H/JQXa+Jsap
ugjmNZwzoDxbq5Uj12th0y6Lje0c2VeuGmnizmWILmUPy/F5yyxGlj4/W1nlt7Wx
PHwm5FYhUV0Eedl/XHFU6R6Zwfe+bA9770aNQA6ja86Ym2wNbdMknZ7oaCWcRmCS
N2JzIXcavVzwEW3uuW+yjjZUPuFyazbJiEiGGGz417Hg5NcMKhXMkjOEvXEaB3Cq
AyThzsIouOOD/7oZULeuIv3763BwsC0XoD6qhVBDYiRdAFG4EfrYxgZAB71KsEJw
Us8XlbFT/GiNE76gDsRLyxdyzc0LLv9mQlDMdn1wTn1jFuXa4fuZbB0GbKvu0zZO
xzRf99AeUP3+QTkpXOHHv8RQNnWKNk0JasoqzBq3DYsWbUgHOWH1yAdanL/SpfE5
O36/YjGTuilayQnXADA+2BiMnqcodUmqiTTeWhQpXfxHBatqhA9XLGSrO5iz1ki6
2/ED0CD3n+99UlAo40jtKT7+/4ajZD1/KaKjk1LlasOpE0TPAgMBAAECggGAdKPV
0xRjRyGwW+ygo/ay5JKDnBaosW01Sj+dZiDsRlqwGFjXq3+IRWMLOKws2uvCItV9
PGycBPQfEaEOZYOkmdmhs+XISdo81UGVTEKacF97cleB2uvsYhv/DdhuUthj06/Q
cUFO/s0eFsJZzpLm7OMkWR9iVexy61HfUVRO3FysiHNF42ofv5IO7C7y7KW133Vy
/WeGDMRCEIvSbF2POuzaitzSUSYWbcHwp8AxYlfg3+9vgbAzlytEqyu0mONdUJFm
2Byjv141pDDtrEdTJPg1TYfaRkxVEtBJB6tFfwJm+Pcn2Y9vDW2/AdWXouhgV3tz
EGEN8U9LGQQ7AsSw6xYcJiH0fBXS0nq1DYNClSDp7dtvQGklp50tKuixLv55ahRL
J7Hcvt7yCMGbU5IGg1fu6wtuLEuvKKHg0maYQK0YDn7DXQkeTgVoK85vdxNJrZOD
vDKX6dT/1q6XkJnhUp74qVqL84MxAFjejK1Q+3JtWFfFjDR1/XDQ0AFbBjFBAoHB
AOxpeAZg5EA4KcSG6BIL5XxQ3g44Egsg6PPpNCuJZJEhU0kHZyD/VtTYRfw0awRI
IsZWo0lPRvzyzP/95IPP3YVHn7qgBu7wfR7sdH7nBXyXgu8Wkp62UfS1u6+3loFj
B9tUdbMjMUv+Em0Ns9tzWLFc/ILNniWmgz1VnweoE9EThYT1QWXuXhW7t3YFMbt3
vWZSA3Ev8cs+Kj7cUF7RPBBVVAtTjkvo40P0htTAk50+k41VXiftvT1ASBuQy41p
YQKBwQDKhR/ThcrXGN4J7KMr3jztMXi+iYVcY+V4ok9l9KdcSEUNVTIaSfvJNjOw
DJgXOc4uRdMhpO2Gmf6kZNP4Em5Ri0++G2iK+89lY4S4Na9wAd95790It2GokjEZ
TndvyHWYp26baHooV3gu/rc63p/PTHGRUn9EDh5NR28Neph2W6ggm8AntosLlT3b
UnAhLcPli0M14hq8lB/U04PA8/M9Cnh+QqX8/rpavbYooGGYibV3vDFKmVI6fyGC
kbqobC8CgcEAtmSAh1tFfg5WmxsB/LpU6N5zE0FLGm7fix7Gczhi8F1nphYiCKE2
2qupAvVmAz2sJp09CRgyyoCAjJfTL6a1X1hs8Uz5TGsZ/TusfSO7Ze52xAMER5Ke
FFAJZ34ajeRbcWnuDLEAHYL9sEk8E/kf2mbFIh2E/8NByZY/RWb1Mv7+qh+VvxBy
Yg4bcuB7CAlPhJuNsEuvHoDtkuXi0+RVlLxgRQTH6eTZQdpsE8Qnns9ig03zgJa4
w4LOnwXNJWLBAoHAasr+eG1CBGFBnRwjA1wC5tVCpb8hCxJGjHGSyuHTay9U8m3t
qL1Av98MLJbHkN/ToMUDS+eLtYH5LLlaqaMWd3uuBkKvwzJ8MCvlbboplDf4n3Vk
KleBcQH+UCj3hIPBt0j7Y4oZeLJ/VtDM0Ida4FagQJCvObT0N64mmoX+ZdN5ehCH
qKly8x2067WyGVznw2DHhV+A19aIXpNXE+XQa2zdEz+UBjBRFs6ZgxznuidMASLF
H2BwYxZtFkxAkNXTAoHAVTyVGyoWbFc3SGfmvTqXCo3MNRTPJHWuxVQz2/SLKVbb
ZltLjMnslRssPA/BMumWdYa6oc8TB0+vNLdOgJA5xn5Cqj2U60GdvNwp++dXXflF
vI8Cy/vNKT1PoMb3KWCUHCrYkHPLypSrZ0rVztNxKCjUYQ+u/BtNo2Sc8/HhB3tk
CybdGAZLD6LYhYfTcyTL1XwyXhFDcVwfu3HKtt0oNLLBB/+K1yTkOvEKx43tz2WT
QRuebAulzRxxwUIyE598
-----END PRIVATE KEY-----

BIN
certs/rsapss/client-3072-rsapss.der Normal file
View File

Binary file not shown.

128
certs/rsapss/client-3072-rsapss.pem Normal file
View File

@ -0,0 +1,128 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
34:fb:25:ba:76:1a:4b:f9:38:2a:2b:4d:50:17:1e:7b:32:31:e3:30
Signature Algorithm: rsassaPss
Hash Algorithm: sha384
Mask Algorithm: mgf1 with sha384
Salt Length: 0x014E
Trailer Field: 0xBC (default)
Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSAPSS, OU = Client-RSAPSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
Validity
Not Before: Jul 25 02:27:55 2022 GMT
Not After : Apr 20 02:27:55 2025 GMT
Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSAPSS, OU = Client-RSAPSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
Subject Public Key Info:
Public Key Algorithm: rsassaPss
RSA-PSS Public-Key: (3072 bit)
Modulus:
00:bb:06:28:e4:7f:c9:41:76:be:26:c6:a9:ba:08:
e6:35:9c:33:a0:3c:5b:ab:95:23:d7:6b:61:d3:2e:
8b:8d:ed:1c:d9:57:ae:1a:69:e2:ce:65:88:2e:65:
0f:cb:f1:79:cb:2c:46:96:3e:3f:5b:59:e5:b7:b5:
b1:3c:7c:26:e4:56:21:51:5d:04:79:d9:7f:5c:71:
54:e9:1e:99:c1:f7:be:6c:0f:7b:ef:46:8d:40:0e:
a3:6b:ce:98:9b:6c:0d:6d:d3:24:9d:9e:e8:68:25:
9c:46:60:92:37:62:73:21:77:1a:bd:5c:f0:11:6d:
ee:b9:6f:b2:8e:36:54:3e:e1:72:6b:36:c9:88:48:
86:18:6c:f8:d7:b1:e0:e4:d7:0c:2a:15:cc:92:33:
84:bd:71:1a:07:70:aa:03:24:e1:ce:c2:28:b8:e3:
83:ff:ba:19:50:b7:ae:22:fd:fb:eb:70:70:b0:2d:
17:a0:3e:aa:85:50:43:62:24:5d:00:51:b8:11:fa:
d8:c6:06:40:07:bd:4a:b0:42:70:52:cf:17:95:b1:
53:fc:68:8d:13:be:a0:0e:c4:4b:cb:17:72:cd:cd:
0b:2e:ff:66:42:50:cc:76:7d:70:4e:7d:63:16:e5:
da:e1:fb:99:6c:1d:06:6c:ab:ee:d3:36:4e:c7:34:
5f:f7:d0:1e:50:fd:fe:41:39:29:5c:e1:c7:bf:c4:
50:36:75:8a:36:4d:09:6a:ca:2a:cc:1a:b7:0d:8b:
16:6d:48:07:39:61:f5:c8:07:5a:9c:bf:d2:a5:f1:
39:3b:7e:bf:62:31:93:ba:29:5a:c9:09:d7:00:30:
3e:d8:18:8c:9e:a7:28:75:49:aa:89:34:de:5a:14:
29:5d:fc:47:05:ab:6a:84:0f:57:2c:64:ab:3b:98:
b3:d6:48:ba:db:f1:03:d0:20:f7:9f:ef:7d:52:50:
28:e3:48:ed:29:3e:fe:ff:86:a3:64:3d:7f:29:a2:
a3:93:52:e5:6a:c3:a9:13:44:cf
Exponent: 65537 (0x10001)
No PSS parameter restrictions
X509v3 extensions:
X509v3 Subject Key Identifier:
8C:01:9F:4E:11:24:28:BF:3E:EA:82:EA:54:2A:C9:0F:F5:E4:C5:47
X509v3 Authority Key Identifier:
keyid:8C:01:9F:4E:11:24:28:BF:3E:EA:82:EA:54:2A:C9:0F:F5:E4:C5:47
DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL_RSAPSS/OU=Client-RSAPSS/CN=www.wolfssl.com/emailAddress=info@wolfssl.com/UID=wolfSSL
serial:34:FB:25:BA:76:1A:4B:F9:38:2A:2B:4D:50:17:1E:7B:32:31:E3:30
X509v3 Basic Constraints:
CA:TRUE
X509v3 Subject Alternative Name:
DNS:example.com, IP Address:127.0.0.1
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
Signature Algorithm: rsassaPss
Hash Algorithm: sha384
Mask Algorithm: mgf1 with sha384
Salt Length: 0x014E
Trailer Field: 0xBC (default)
6a:0b:ea:2c:f1:b8:04:d9:8f:a4:a4:be:11:1b:40:2f:dd:bc:
be:47:bb:1e:3d:ef:05:4f:a2:c4:78:59:79:ca:86:d9:d3:cf:
f6:61:9d:a7:5c:22:48:de:e0:53:27:8a:59:e2:d7:8d:03:e2:
0a:64:55:22:81:e9:69:b4:c4:d1:58:84:a7:85:0d:16:d2:c0:
ee:d7:10:72:46:73:ea:98:61:85:77:a8:b6:40:d4:49:36:a1:
e0:6f:c8:6c:ec:13:6e:e5:4b:d8:d4:e7:be:03:56:03:d4:6c:
67:9d:30:c4:c5:78:68:cc:60:e9:88:f7:5a:6f:31:ff:26:63:
a5:8d:d2:30:cf:a1:bc:fb:3f:d0:2f:a3:ba:d9:03:ec:fb:b8:
b7:02:46:98:cd:77:40:ba:67:46:55:e9:e3:16:bf:a9:7a:2d:
49:ee:19:c6:32:c4:04:b1:03:7a:7e:c5:bd:f8:b6:ac:7f:cf:
4a:ce:af:44:ae:14:cb:c7:69:fe:7c:a3:e7:63:49:b4:3c:e6:
8b:33:60:92:f7:cf:be:c8:94:c7:f2:3b:d2:03:6b:71:2b:d3:
f6:e0:e9:b2:ba:e2:2b:56:5e:5b:b1:d7:23:92:53:d4:90:e9:
64:9e:87:d6:e7:4a:74:7b:a8:78:46:1c:24:19:5b:e0:32:21:
92:cf:69:b4:c2:4d:62:2f:b5:b9:e5:0c:d6:cc:87:45:a2:4c:
29:a0:6d:50:60:4e:7b:c8:21:37:a0:12:1b:13:10:6e:ac:5c:
cc:07:21:ed:0b:e2:81:eb:7c:c8:e0:dc:cb:1f:8c:7e:38:6f:
1e:1c:ab:91:93:d0:ec:b4:ce:5e:7e:eb:7f:cf:e0:6c:f9:80:
29:04:4c:e4:e5:ab:69:ff:b3:18:ba:54:09:cd:ef:bd:6f:b7:
64:1f:33:ef:08:84:93:3a:2b:81:ab:60:98:9c:08:ac:5c:55:
06:44:bb:e5:4c:92:cb:a6:2f:8f:40:92:2d:80:43:a4:97:28:
18:17:0e:8e:54:94
-----BEGIN CERTIFICATE-----
MIIGxTCCBPygAwIBAgIUNPslunYaS/k4KitNUBceezIx4zAwPgYJKoZIhvcNAQEK
MDGgDTALBglghkgBZQMEAgKhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAICogQC
AgFOMIG2MQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwH
Qm96ZW1hbjEXMBUGA1UECgwOd29sZlNTTF9SU0FQU1MxFjAUBgNVBAsMDUNsaWVu
dC1SU0FQU1MxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJ
ARYQaW5mb0B3b2xmc3NsLmNvbTEXMBUGCgmSJomT8ixkAQEMB3dvbGZTU0wwHhcN
MjIwNzI1MDIyNzU1WhcNMjUwNDIwMDIyNzU1WjCBtjELMAkGA1UEBhMCVVMxEDAO
BgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFzAVBgNVBAoMDndvbGZT
U0xfUlNBUFNTMRYwFAYDVQQLDA1DbGllbnQtUlNBUFNTMRgwFgYDVQQDDA93d3cu
d29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20xFzAV
BgoJkiaJk/IsZAEBDAd3b2xmU1NMMIIBoDALBgkqhkiG9w0BAQoDggGPADCCAYoC
ggGBALsGKOR/yUF2vibGqboI5jWcM6A8W6uVI9drYdMui43tHNlXrhpp4s5liC5l
D8vxecssRpY+P1tZ5be1sTx8JuRWIVFdBHnZf1xxVOkemcH3vmwPe+9GjUAOo2vO
mJtsDW3TJJ2e6GglnEZgkjdicyF3Gr1c8BFt7rlvso42VD7hcms2yYhIhhhs+Nex
4OTXDCoVzJIzhL1xGgdwqgMk4c7CKLjjg/+6GVC3riL9++twcLAtF6A+qoVQQ2Ik
XQBRuBH62MYGQAe9SrBCcFLPF5WxU/xojRO+oA7ES8sXcs3NCy7/ZkJQzHZ9cE59
Yxbl2uH7mWwdBmyr7tM2Tsc0X/fQHlD9/kE5KVzhx7/EUDZ1ijZNCWrKKswatw2L
Fm1IBzlh9cgHWpy/0qXxOTt+v2Ixk7opWskJ1wAwPtgYjJ6nKHVJqok03loUKV38
RwWraoQPVyxkqzuYs9ZIutvxA9Ag95/vfVJQKONI7Sk+/v+Go2Q9fymio5NS5WrD
qRNEzwIDAQABo4IBZzCCAWMwHQYDVR0OBBYEFIwBn04RJCi/PuqC6lQqyQ/15MVH
MIH2BgNVHSMEge4wgeuAFIwBn04RJCi/PuqC6lQqyQ/15MVHoYG8pIG5MIG2MQsw
CQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEX
MBUGA1UECgwOd29sZlNTTF9SU0FQU1MxFjAUBgNVBAsMDUNsaWVudC1SU0FQU1Mx
GDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3
b2xmc3NsLmNvbTEXMBUGCgmSJomT8ixkAQEMB3dvbGZTU0yCFDT7Jbp2Gkv5OCor
TVAXHnsyMeMwMAwGA1UdEwQFMAMBAf8wHAYDVR0RBBUwE4ILZXhhbXBsZS5jb22H
BH8AAAEwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMD4GCSqGSIb3DQEB
CjAxoA0wCwYJYIZIAWUDBAICoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAqIE
AgIBTgOCAYEAagvqLPG4BNmPpKS+ERtAL928vke7Hj3vBU+ixHhZecqG2dPP9mGd
p1wiSN7gUyeKWeLXjQPiCmRVIoHpabTE0ViEp4UNFtLA7tcQckZz6phhhXeotkDU
STah4G/IbOwTbuVL2NTnvgNWA9RsZ50wxMV4aMxg6Yj3Wm8x/yZjpY3SMM+hvPs/
0C+jutkD7Pu4twJGmM13QLpnRlXp4xa/qXotSe4ZxjLEBLEDen7Fvfi2rH/PSs6v
RK4Uy8dp/nyj52NJtDzmizNgkvfPvsiUx/I70gNrcSvT9uDpsrriK1ZeW7HXI5JT
1JDpZJ6H1udKdHuoeEYcJBlb4DIhks9ptMJNYi+1ueUM1syHRaJMKaBtUGBOe8gh
N6ASGxMQbqxczAch7Qviget8yODcyx+MfjhvHhyrkZPQ7LTOXn7rf8/gbPmAKQRM
5OWraf+zGLpUCc3vvW+3ZB8z7wiEkzorgatgmJwIrFxVBkS75UySy6Yvj0CSLYBD
pJcoGBcOjlSU
-----END CERTIFICATE-----

BIN
certs/rsapss/client-rsapss-key.der Normal file
View File

Binary file not shown.

10
certs/rsapss/client-rsapss-key.pem Normal file
View File

@ -0,0 +1,10 @@
-----BEGIN PUBLIC KEY-----
MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAaEaMBgGCSqGSIb3DQEB
CDALBglghkgBZQMEAgGiAwIBIAOCAQ8AMIIBCgKCAQEAxoe+YIdDfcSs5Po8Eh3H
z+pcxJNy4g03RzM94KXsVxa9gCpa+aG37m1GfDpOJOMXYlo4lwsDE6V6XhGhUPsb
bRYTVrt3CnuYzIUR0pMx7XQBOD03ATbWUsAn+1P7rv1WvAKAkYHM7VFGFnsdjvMG
SIMoEUu4p3voko6T9I0d+sx8KFE9IZiQP4Aqudwih/CNuae7zKTdJa1liCjxHE/c
BPJaD1K2NYRSGNe/3uPc9vA8ydvNsUgRS658HlmstYzuLoMP9Sk0OXTLmvqm02PV
aXrc8g1DRgMQp7CczRWzNl5DXgVMA2KZKdBXBedU37DlcTk38RNmcBLzh5gJjx/h
5wIDAQAB
-----END PUBLIC KEY-----

BIN
certs/rsapss/client-rsapss-priv.der Normal file
View File

Binary file not shown.

29
certs/rsapss/client-rsapss-priv.pem Normal file
View File

@ -0,0 +1,29 @@
-----BEGIN PRIVATE KEY-----
MIIE7AIBADA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAaEaMBgGCSqGSIb3
DQEBCDALBglghkgBZQMEAgGiAwIBIASCBKYwggSiAgEAAoIBAQDGh75gh0N9xKzk
+jwSHcfP6lzEk3LiDTdHMz3gpexXFr2AKlr5obfubUZ8Ok4k4xdiWjiXCwMTpXpe
EaFQ+xttFhNWu3cKe5jMhRHSkzHtdAE4PTcBNtZSwCf7U/uu/Va8AoCRgcztUUYW
ex2O8wZIgygRS7ine+iSjpP0jR36zHwoUT0hmJA/gCq53CKH8I25p7vMpN0lrWWI
KPEcT9wE8loPUrY1hFIY17/e49z28DzJ282xSBFLrnweWay1jO4ugw/1KTQ5dMua
+qbTY9VpetzyDUNGAxCnsJzNFbM2XkNeBUwDYpkp0FcF51TfsOVxOTfxE2ZwEvOH
mAmPH+HnAgMBAAECggEAdyBq5wcjQ2tph3hz5TcDd8ocYkRL0kK14b5oqc1GNLfL
fAVuU45rjOD7Q33E+DNgC78xZ8jOztIjzCBuGOakfV+auReCBcNGW6qZmC6E7gQG
21U4FT1ve3YcR54MTuNrUSN7PFSTv+9dzA2SHf3LzmUM/Nvf8HfUhWSSeVLYI23T
mwhU6VdQCRTk1zFuRNFI1ouekPZ2pLql3a/fWe4v4sxq7yWimUsw6DT5676Dy35g
gzgoXA25POglVNPeN79eHhJW0VlEcsRVwp6nBiPftXDWSZ9FEyu4WySB9hHKeWUR
A0WR05K4txv8VqtDjsUUd+9tSjaFQYdk7Z6v96e1+QKBgQDkY+Q2izXhbS844rny
cQVBBafr7ZuM1NGpZQDYpjgMQAfGiINfe/ecEFpd/fDmyo2lOdvZvOGaqul7Y+YN
Iu2YBREh+MRV2b0V285WV5B75LrjiVBAYmwUXvP/QAzO8r0cVpxxdJXroIDAxM90
WKixwflIZD65Trf082yUiX6EIwKBgQDeh8LOctcYnfvjL6Vxag80JijbHCaT/bTB
rM8msxs6/+ZuZbDKKHJF8062XYt6O3Kjh72vdOXQUrvB3o3TQB6FPQERqx/b6Axi
/mnktuPhEjmZgMM3lwWwSfsl/mLLs4fGPqepAP3nTKXC7wNbRUJDAI1Pdk7S+m9w
XUtQATZVbQKBgBRIOrANVM+cHqFyoQjCuLC5i9wL0dCD5cqhSZ3zxO5xkT80SFZm
b+rQGPZX4tjcDBAsPzXq7C4MF4f5qyhnfaoOaSMXMHhfScdzKbPJOu+FtIMYYqQV
GXwFoq18RqbqL5kgp+v7aoTuUADOeY3fgbunejfPjzJtpzB9nZrjSvT5AoGASZSO
X4EtimBCt547kELHgDDV9Y1bXDfZmuivHla+vEV9Riety0qQbnzDHB3WTrZ1c4kg
uXFnw/h3SOVz89QRw3Cmd9cjk60o21rQXOX0d6l1DkK7ShhPszjjKG7y7/QPAwgY
nBNN4TtA3DH35CgEfu8hypKOAcj5LChNDMk51AkCgYB1A9rfqXpqlFlwKxpD9kFr
Ym+UoSypwHrGR6MUjO5L6uvOkeBlVbUNMvDgenaPE0h+CFGi+7xqzUvLRZZ3aHVz
5CVbWm4VeCRHxK557adbT8lGiCzvC1PZYAANcmWLvRl53wKpUcYMpiIb3vCMjOCe
n/r41ciXkbYBfmdP7xNOeg==
-----END PRIVATE KEY-----

BIN
certs/rsapss/client-rsapss.der Normal file
View File

Binary file not shown.

112
certs/rsapss/client-rsapss.pem Normal file
View File

@ -0,0 +1,112 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
37:58:ff:58:a9:ca:95:0e:04:64:0e:37:3b:f7:89:09:51:31:03:ac
Signature Algorithm: rsassaPss
Hash Algorithm: sha256
Mask Algorithm: mgf1 with sha256
Salt Length: 0x20
Trailer Field: 0xBC (default)
Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSAPSS, OU = Client-RSAPSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
Validity
Not Before: Jul 25 02:27:55 2022 GMT
Not After : Apr 20 02:27:55 2025 GMT
Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSAPSS, OU = Client-RSAPSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
Subject Public Key Info:
Public Key Algorithm: rsassaPss
RSA-PSS Public-Key: (2048 bit)
Modulus:
00:c6:87:be:60:87:43:7d:c4:ac:e4:fa:3c:12:1d:
c7:cf:ea:5c:c4:93:72:e2:0d:37:47:33:3d:e0:a5:
ec:57:16:bd:80:2a:5a:f9:a1:b7:ee:6d:46:7c:3a:
4e:24:e3:17:62:5a:38:97:0b:03:13:a5:7a:5e:11:
a1:50:fb:1b:6d:16:13:56:bb:77:0a:7b:98:cc:85:
11:d2:93:31:ed:74:01:38:3d:37:01:36:d6:52:c0:
27:fb:53:fb:ae:fd:56:bc:02:80:91:81:cc:ed:51:
46:16:7b:1d:8e:f3:06:48:83:28:11:4b:b8:a7:7b:
e8:92:8e:93:f4:8d:1d:fa:cc:7c:28:51:3d:21:98:
90:3f:80:2a:b9:dc:22:87:f0:8d:b9:a7:bb:cc:a4:
dd:25:ad:65:88:28:f1:1c:4f:dc:04:f2:5a:0f:52:
b6:35:84:52:18:d7:bf:de:e3:dc:f6:f0:3c:c9:db:
cd:b1:48:11:4b:ae:7c:1e:59:ac:b5:8c:ee:2e:83:
0f:f5:29:34:39:74:cb:9a:fa:a6:d3:63:d5:69:7a:
dc:f2:0d:43:46:03:10:a7:b0:9c:cd:15:b3:36:5e:
43:5e:05:4c:03:62:99:29:d0:57:05:e7:54:df:b0:
e5:71:39:37:f1:13:66:70:12:f3:87:98:09:8f:1f:
e1:e7
Exponent: 65537 (0x10001)
PSS parameter restrictions:
Hash Algorithm: sha256
Mask Algorithm: mgf1 with sha256
Minimum Salt Length: 0x20
Trailer Field: 0xBC (default)
X509v3 extensions:
X509v3 Subject Key Identifier:
59:71:87:88:D0:3E:C7:EE:08:4D:80:F2:C9:FC:CF:3D:76:E6:A5:62
X509v3 Authority Key Identifier:
keyid:59:71:87:88:D0:3E:C7:EE:08:4D:80:F2:C9:FC:CF:3D:76:E6:A5:62
DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL_RSAPSS/OU=Client-RSAPSS/CN=www.wolfssl.com/emailAddress=info@wolfssl.com/UID=wolfSSL
serial:37:58:FF:58:A9:CA:95:0E:04:64:0E:37:3B:F7:89:09:51:31:03:AC
X509v3 Basic Constraints:
CA:TRUE
X509v3 Subject Alternative Name:
DNS:example.com, IP Address:127.0.0.1
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
Signature Algorithm: rsassaPss
Hash Algorithm: sha256
Mask Algorithm: mgf1 with sha256
Salt Length: 0x20
Trailer Field: 0xBC (default)
ae:d5:d0:0a:ba:a4:12:f1:95:99:15:c5:c6:a4:51:46:64:cb:
ed:15:94:0a:89:5e:d0:7f:e2:cb:64:a6:d2:48:e4:52:b2:5a:
c4:ab:d8:e5:2b:e3:72:f5:1d:de:f9:28:a6:e7:7c:29:0b:e3:
e6:0f:f8:2a:d2:e0:25:c6:c7:54:cb:a5:26:2d:20:c4:01:e5:
fe:9d:c6:4e:f8:ba:7a:84:e3:7c:b3:38:b0:d4:2e:47:57:a4:
2b:5e:29:a9:73:11:93:46:2a:bf:24:11:2f:6d:ff:06:28:1f:
05:c0:f2:4a:f0:81:29:22:d4:a4:0c:30:b4:cb:f6:51:72:76:
4a:cf:67:b0:fb:91:1b:d1:92:fc:ad:2e:6f:f0:49:21:31:05:
2d:ad:30:ba:fd:0b:6e:05:42:b9:a2:b8:34:3e:de:a7:a9:14:
f3:78:14:69:c6:67:ae:4d:b9:6e:72:4c:2e:95:19:03:22:8e:
14:bc:51:2a:18:ed:cf:f6:0b:50:25:a5:e2:e0:2e:a6:93:76:
68:8c:9e:1a:ee:bb:24:0a:93:4f:bf:73:2d:48:e8:43:bd:08:
a1:e2:6d:1d:00:a6:b1:78:43:36:57:8b:28:11:37:71:bb:a3:
f7:a6:93:29:85:28:93:ef:d8:a0:4f:2a:b7:15:09:a4:21:49:
b6:b8:c9:a0
-----BEGIN CERTIFICATE-----
MIIF9TCCBK2gAwIBAgIUN1j/WKnKlQ4EZA43O/eJCVExA6wwPQYJKoZIhvcNAQEK
MDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMC
ASAwgbYxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
b3plbWFuMRcwFQYDVQQKDA53b2xmU1NMX1JTQVBTUzEWMBQGA1UECwwNQ2xpZW50
LVJTQVBTUzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkB
FhBpbmZvQHdvbGZzc2wuY29tMRcwFQYKCZImiZPyLGQBAQwHd29sZlNTTDAeFw0y
MjA3MjUwMjI3NTVaFw0yNTA0MjAwMjI3NTVaMIG2MQswCQYDVQQGEwJVUzEQMA4G
A1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEXMBUGA1UECgwOd29sZlNT
TF9SU0FQU1MxFjAUBgNVBAsMDUNsaWVudC1SU0FQU1MxGDAWBgNVBAMMD3d3dy53
b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTEXMBUG
CgmSJomT8ixkAQEMB3dvbGZTU0wwggFSMD0GCSqGSIb3DQEBCjAwoA0wCwYJYIZI
AWUDBAIBoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAaIDAgEgA4IBDwAwggEK
AoIBAQDGh75gh0N9xKzk+jwSHcfP6lzEk3LiDTdHMz3gpexXFr2AKlr5obfubUZ8
Ok4k4xdiWjiXCwMTpXpeEaFQ+xttFhNWu3cKe5jMhRHSkzHtdAE4PTcBNtZSwCf7
U/uu/Va8AoCRgcztUUYWex2O8wZIgygRS7ine+iSjpP0jR36zHwoUT0hmJA/gCq5
3CKH8I25p7vMpN0lrWWIKPEcT9wE8loPUrY1hFIY17/e49z28DzJ282xSBFLrnwe
Way1jO4ugw/1KTQ5dMua+qbTY9VpetzyDUNGAxCnsJzNFbM2XkNeBUwDYpkp0FcF
51TfsOVxOTfxE2ZwEvOHmAmPH+HnAgMBAAGjggFnMIIBYzAdBgNVHQ4EFgQUWXGH
iNA+x+4ITYDyyfzPPXbmpWIwgfYGA1UdIwSB7jCB64AUWXGHiNA+x+4ITYDyyfzP
PXbmpWKhgbykgbkwgbYxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAw
DgYDVQQHDAdCb3plbWFuMRcwFQYDVQQKDA53b2xmU1NMX1JTQVBTUzEWMBQGA1UE
CwwNQ2xpZW50LVJTQVBTUzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJ
KoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMRcwFQYKCZImiZPyLGQBAQwHd29s
ZlNTTIIUN1j/WKnKlQ4EZA43O/eJCVExA6wwDAYDVR0TBAUwAwEB/zAcBgNVHREE
FTATggtleGFtcGxlLmNvbYcEfwAAATAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB
BQUHAwIwPQYJKoZIhvcNAQEKMDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0B
AQgwCwYJYIZIAWUDBAIBogMCASADggEBAK7V0Aq6pBLxlZkVxcakUUZky+0VlAqJ
XtB/4stkptJI5FKyWsSr2OUr43L1Hd75KKbnfCkL4+YP+CrS4CXGx1TLpSYtIMQB
5f6dxk74unqE43yzOLDULkdXpCteKalzEZNGKr8kES9t/wYoHwXA8krwgSki1KQM
MLTL9lFydkrPZ7D7kRvRkvytLm/wSSExBS2tMLr9C24FQrmiuDQ+3qepFPN4FGnG
Z65NuW5yTC6VGQMijhS8USoY7c/2C1AlpeLgLqaTdmiMnhruuyQKk0+/cy1I6EO9
CKHibR0AprF4QzZXiygRN3G7o/emkymFKJPv2KBPKrcVCaQhSba4yaA=
-----END CERTIFICATE-----

29
certs/rsapss/gen-rsapss-keys.sh Executable file
View File

@ -0,0 +1,29 @@
#!/bin/sh
for key in root ca server client
do
openssl genpkey -algorithm RSA-PSS -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_pss_keygen_md:sha256 -pkeyopt rsa_pss_keygen_mgf1_md:sha256 -pkeyopt rsa_pss_keygen_saltlen:32 > ${key}-rsapss-priv.pem
openssl pkey -in ${key}-rsapss-priv.pem -outform DER -out ${key}-rsapss-priv.der
openssl pkey -in ${key}-rsapss-priv.pem -outform PEM -pubout -out ${key}-rsapss-key.pem
openssl pkey -in ${key}-rsapss-priv.pem -outform DER -pubout -out ${key}-rsapss-key.der
done
for key in root-3072 ca-3072 server-3072 client-3072
do
openssl genpkey -algorithm RSA-PSS -pkeyopt rsa_keygen_bits:3072 > ${key}-rsapss-priv.pem
openssl pkey -in ${key}-rsapss-priv.pem -outform DER -out ${key}-rsapss-priv.der
openssl pkey -in ${key}-rsapss-priv.pem -outform PEM -pubout -out ${key}-rsapss-key.pem
openssl pkey -in ${key}-rsapss-priv.pem -outform DER -pubout -out ${key}-rsapss-key.der
done

59
certs/rsapss/include.am Normal file
View File

@ -0,0 +1,59 @@
# vim:ft=automake
# All paths should be given relative to the root
#
EXTRA_DIST += \
certs/rsapss/ca-rsapss.der \
certs/rsapss/ca-rsapss.pem \
certs/rsapss/ca-rsapss-key.der \
certs/rsapss/ca-rsapss-key.pem \
certs/rsapss/ca-rsapss-priv.der \
certs/rsapss/ca-rsapss-priv.pem \
certs/rsapss/client-rsapss.der \
certs/rsapss/client-rsapss.pem \
certs/rsapss/client-rsapss-key.der \
certs/rsapss/client-rsapss-key.pem \
certs/rsapss/client-rsapss-priv.der \
certs/rsapss/client-rsapss-priv.pem \
certs/rsapss/root-rsapss.der \
certs/rsapss/root-rsapss.pem \
certs/rsapss/root-rsapss-key.der \
certs/rsapss/root-rsapss-key.pem \
certs/rsapss/root-rsapss-priv.der \
certs/rsapss/root-rsapss-priv.pem \
certs/rsapss/server-rsapss.der \
certs/rsapss/server-rsapss.pem \
certs/rsapss/server-rsapss-cert.pem \
certs/rsapss/server-rsapss-key.der \
certs/rsapss/server-rsapss-key.pem \
certs/rsapss/server-rsapss-priv.der \
certs/rsapss/server-rsapss-priv.pem \
certs/rsapss/ca-3072-rsapss.der \
certs/rsapss/ca-3072-rsapss.pem \
certs/rsapss/ca-3072-rsapss-key.der \
certs/rsapss/ca-3072-rsapss-key.pem \
certs/rsapss/ca-3072-rsapss-priv.der \
certs/rsapss/ca-3072-rsapss-priv.pem \
certs/rsapss/client-3072-rsapss.der \
certs/rsapss/client-3072-rsapss.pem \
certs/rsapss/client-3072-rsapss-key.der \
certs/rsapss/client-3072-rsapss-key.pem \
certs/rsapss/client-3072-rsapss-priv.der \
certs/rsapss/client-3072-rsapss-priv.pem \
certs/rsapss/root-3072-rsapss.der \
certs/rsapss/root-3072-rsapss.pem \
certs/rsapss/root-3072-rsapss-key.der \
certs/rsapss/root-3072-rsapss-key.pem \
certs/rsapss/root-3072-rsapss-priv.der \
certs/rsapss/root-3072-rsapss-priv.pem \
certs/rsapss/server-3072-rsapss.der \
certs/rsapss/server-3072-rsapss.pem \
certs/rsapss/server-3072-rsapss-cert.pem \
certs/rsapss/server-3072-rsapss-key.der \
certs/rsapss/server-3072-rsapss-key.pem \
certs/rsapss/server-3072-rsapss-priv.der \
certs/rsapss/server-3072-rsapss-priv.pem
EXTRA_DIST += \
certs/rsapss/renew-rsapss-certs.sh \
certs/rsapss/gen-rsapss-keys.sh

191
certs/rsapss/renew-rsapss-certs.sh Executable file
View File

@ -0,0 +1,191 @@
#!/bin/bash
check_result(){
if [ $1 -ne 0 ]; then
echo "Failed at \"$2\", Abort"
exit 1
else
echo "Step Succeeded!"
fi
}
############################################################
####### update the self-signed root-rsapss.pem #############
############################################################
echo "Updating root-rsapss.pem"
echo ""
#pipe the following arguments to openssl req...
echo -e "US\\nMontana\\nBozeman\\nwolfSSL_RSA-PSS\\nRoot-RSA-PSS\\nwww.wolfssl.com\\ninfo@wolfssl.com\\n.\\n.\\n" | \
openssl req -new -key root-rsapss-priv.pem -config ../renewcerts/wolfssl.cnf -nodes -out root-rsapss.csr
check_result $? "Generate request"
openssl x509 -req -in root-rsapss.csr -days 1000 -extfile ../renewcerts/wolfssl.cnf -extensions ca_ecc_cert -signkey root-rsapss-priv.pem -out root-rsapss.pem
check_result $? "Generate certificate"
rm root-rsapss.csr
openssl x509 -in root-rsapss.pem -outform DER > root-rsapss.der
check_result $? "Convert to DER"
openssl x509 -in root-rsapss.pem -text > tmp.pem
check_result $? "Add text"
mv tmp.pem root-rsapss.pem
echo "End of section"
echo "---------------------------------------------------------------------"
############################################################
####### update ca-rsapss.pem signed by root ################
############################################################
echo "Updating ca-rsapss.pem"
echo ""
#pipe the following arguments to openssl req...
echo -e "US\\nMontana\\nBozeman\\nwolfSSL_RSAPSS\\nCA-RSAPSS\\nwww.wolfssl.com\\ninfo@wolfssl.com\\n\\n\\n\\n" | openssl req -new -key ca-rsapss-priv.pem -config ../renewcerts/wolfssl.cnf -nodes -out ca-rsapss.csr
check_result $? "Generate request"
openssl x509 -req -in ca-rsapss.csr -days 1000 -extfile ../renewcerts/wolfssl.cnf -extensions ca_ecc_cert -CA root-rsapss.pem -CAkey root-rsapss-priv.pem -set_serial 01 -out ca-rsapss.pem
check_result $? "Generate certificate"
rm ca-rsapss.csr
openssl x509 -in ca-rsapss.pem -outform DER > ca-rsapss.der
check_result $? "Convert to DER"
openssl x509 -in ca-rsapss.pem -text > tmp.pem
check_result $? "Add text"
mv tmp.pem ca-rsapss.pem
echo "End of section"
echo "---------------------------------------------------------------------"
############################################################
####### update server-rsapss.pem signed by ca ##############
############################################################
echo "Updating server-rsapss.pem"
echo ""
#pipe the following arguments to openssl req...
echo -e "US\\nMontana\\nBozeman\\nwolfSSL_RSAPSS\\nServer-RSAPSS\\nwww.wolfssl.com\\ninfo@wolfssl.com\\n\\n\\n\\n" | openssl req -new -key server-rsapss-priv.pem -config ../renewcerts/wolfssl.cnf -nodes -out server-rsapss.csr
check_result $? "Generate request"
openssl x509 -req -in server-rsapss.csr -days 1000 -extfile ../renewcerts/wolfssl.cnf -extensions server_ecc -CA ca-rsapss.pem -CAkey ca-rsapss-priv.pem -set_serial 01 -out server-rsapss-cert.pem
check_result $? "Generate certificate"
rm server-rsapss.csr
openssl x509 -in server-rsapss-cert.pem -outform DER > server-rsapss.der
check_result $? "Convert to DER"
openssl x509 -in server-rsapss-cert.pem -text > tmp.pem
check_result $? "Add text"
mv tmp.pem server-rsapss-cert.pem
cat server-rsapss-cert.pem ca-rsapss.pem > server-rsapss.pem
check_result $? "Add CA into server cert"
echo "End of section"
echo "---------------------------------------------------------------------"
############################################################
####### update the self-signed client-rsapss.pem ###########
############################################################
echo "Updating client-rsapss.pem"
echo ""
#pipe the following arguments to openssl req...
echo -e "US\\nMontana\\nBozeman\\nwolfSSL_RSAPSS\\nClient-RSAPSS\\nwww.wolfssl.com\\ninfo@wolfssl.com\\n\\n\\n\\n" | openssl req -new -key client-rsapss-priv.pem -config ../renewcerts/wolfssl.cnf -nodes -out client-rsapss.csr
check_result $? "Generate request"
openssl x509 -req -in client-rsapss.csr -days 1000 -extfile ../renewcerts/wolfssl.cnf -extensions wolfssl_opts -signkey client-rsapss-priv.pem -out client-rsapss.pem
check_result $? "Generate certificate"
rm client-rsapss.csr
openssl x509 -in client-rsapss.pem -outform DER > client-rsapss.der
check_result $? "Convert to DER"
openssl x509 -in client-rsapss.pem -text > tmp.pem
check_result $? "Add text"
mv tmp.pem client-rsapss.pem
echo "End of section"
echo "---------------------------------------------------------------------"
################################################################################
# 3072-bit keys. RSA-PSS with SHA-384
################################################################################
############################################################
###### update the self-signed root-3072-rsapss.pem #########
############################################################
echo "Updating root-3072-rsapss.pem"
echo ""
#pipe the following arguments to openssl req...
echo -e "US\\nMontana\\nBozeman\\nwolfSSL_RSA-PSS\\nRoot-RSA-PSS\\nwww.wolfssl.com\\ninfo@wolfssl.com\\n.\\n.\\n" | \
openssl req -new -key root-3072-rsapss-priv.pem -config ../renewcerts/wolfssl.cnf -nodes -out root-3072-rsapss.csr
check_result $? "Generate request"
openssl x509 -req -in root-3072-rsapss.csr -days 1000 -extfile ../renewcerts/wolfssl.cnf -extensions ca_ecc_cert -signkey root-3072-rsapss-priv.pem -sha384 -out root-3072-rsapss.pem
check_result $? "Generate certificate"
rm root-3072-rsapss.csr
openssl x509 -in root-3072-rsapss.pem -outform DER > root-3072-rsapss.der
check_result $? "Convert to DER"
openssl x509 -in root-3072-rsapss.pem -text > tmp.pem
check_result $? "Add text"
mv tmp.pem root-3072-rsapss.pem
echo "End of section"
echo "---------------------------------------------------------------------"
############################################################
###### update ca-3072-rsapss.pem signed by root ############
############################################################
echo "Updating ca-3072-rsapss.pem"
echo ""
#pipe the following arguments to openssl req...
echo -e "US\\nMontana\\nBozeman\\nwolfSSL_RSAPSS\\nCA-RSAPSS\\nwww.wolfssl.com\\ninfo@wolfssl.com\\n\\n\\n\\n" | openssl req -new -key ca-3072-rsapss-priv.pem -config ../renewcerts/wolfssl.cnf -nodes -out ca-3072-rsapss.csr
check_result $? "Generate request"
openssl x509 -req -in ca-3072-rsapss.csr -days 1000 -extfile ../renewcerts/wolfssl.cnf -extensions ca_ecc_cert -CA root-3072-rsapss.pem -CAkey root-3072-rsapss-priv.pem -sha384 -set_serial 01 -out ca-3072-rsapss.pem
check_result $? "Generate certificate"
rm ca-3072-rsapss.csr
openssl x509 -in ca-3072-rsapss.pem -outform DER > ca-3072-rsapss.der
check_result $? "Convert to DER"
openssl x509 -in ca-3072-rsapss.pem -text > tmp.pem
check_result $? "Add text"
mv tmp.pem ca-3072-rsapss.pem
echo "End of section"
echo "---------------------------------------------------------------------"
############################################################
###### update server-3072-rsapss.pem signed by ca ##########
############################################################
echo "Updating server-3072-rsapss.pem"
echo ""
#pipe the following arguments to openssl req...
echo -e "US\\nMontana\\nBozeman\\nwolfSSL_RSAPSS\\nServer-RSAPSS\\nwww.wolfssl.com\\ninfo@wolfssl.com\\n\\n\\n\\n" | openssl req -new -key server-3072-rsapss-priv.pem -config ../renewcerts/wolfssl.cnf -nodes -out server-3072-rsapss.csr
check_result $? "Generate request"
openssl x509 -req -in server-3072-rsapss.csr -days 1000 -extfile ../renewcerts/wolfssl.cnf -extensions server_ecc -CA ca-3072-rsapss.pem -CAkey ca-3072-rsapss-priv.pem -sha384 -set_serial 01 -out server-3072-rsapss-cert.pem
check_result $? "Generate certificate"
rm server-3072-rsapss.csr
openssl x509 -in server-3072-rsapss-cert.pem -outform DER > server-3072-rsapss.der
check_result $? "Convert to DER"
openssl x509 -in server-3072-rsapss-cert.pem -text > tmp.pem
check_result $? "Add text"
mv tmp.pem server-3072-rsapss-cert.pem
cat server-3072-rsapss-cert.pem ca-3072-rsapss.pem > server-3072-rsapss.pem
check_result $? "Add CA into server cert"
echo "End of section"
echo "---------------------------------------------------------------------"
############################################################
###### update the self-signed client-3072-rsapss.pem #######
############################################################
echo "Updating client-3072-rsapss.pem"
echo ""
#pipe the following arguments to openssl req...
echo -e "US\\nMontana\\nBozeman\\nwolfSSL_RSAPSS\\nClient-RSAPSS\\nwww.wolfssl.com\\ninfo@wolfssl.com\\n\\n\\n\\n" | openssl req -new -key client-3072-rsapss-priv.pem -config ../renewcerts/wolfssl.cnf -nodes -out client-3072-rsapss.csr
check_result $? "Generate request"
openssl x509 -req -in client-3072-rsapss.csr -days 1000 -extfile ../renewcerts/wolfssl.cnf -extensions wolfssl_opts -signkey client-3072-rsapss-priv.pem -sha384 -out client-3072-rsapss.pem
check_result $? "Generate certificate"
rm client-3072-rsapss.csr
openssl x509 -in client-3072-rsapss.pem -outform DER > client-3072-rsapss.der
check_result $? "Convert to DER"
openssl x509 -in client-3072-rsapss.pem -text > tmp.pem
check_result $? "Add text"
mv tmp.pem client-3072-rsapss.pem
echo "End of section"
echo "---------------------------------------------------------------------"

BIN
certs/rsapss/root-3072-rsapss-key.der Normal file
View File

Binary file not shown.

11
certs/rsapss/root-3072-rsapss-key.pem Normal file
View File

@ -0,0 +1,11 @@
-----BEGIN PUBLIC KEY-----
MIIBoDALBgkqhkiG9w0BAQoDggGPADCCAYoCggGBAK3N7U+UJ/pXKJC85TW2ljYY
JUXh3qqHmIhhK5cq5E72BjYcOLVdrplZmXABEvkCSXuuwap4QSab9jEJrwpr6/KM
OS/5/uA4pi8A7kBulIy+P8E+azqukebWbDQaVIi2OLj4yVi0jpkMqzduoVAl8eTi
dniclRJ+NX90ZR15t4FEeKNT8/QcF4AVt8H3obMLaVrnEmtJHwqEiHAZcxa+HM20
4Oe/BGG62kTrUkF6RriOAoPBdQVg0GwOdX1Snvk4F96ozFzd5gKL9TBDHFqYj8PB
2V/mb27xdNbei1+LzjWK9FiKDmval82KarF/g058rrZ4jlHoSTTRaOPQv1uzF1rg
15QgEiZ7nRn6HhZlZeFUu/lPnmPa3BDcsJsJJNULl4PrLLMeFVA4kwZajBESYyEx
kcN8v1TtLC+892OkODZc87txPQ0V9lq8TO54UDFhQL9FKNK1L8EIr77WAwDPGWnj
oLCS7CZCXgKl0S3PuGPfzrMibBrTXYkVmsR3mM2VfwIDAQAB
-----END PUBLIC KEY-----

BIN
certs/rsapss/root-3072-rsapss-priv.der Normal file
View File

Binary file not shown.

40
certs/rsapss/root-3072-rsapss-priv.pem Normal file
View File

@ -0,0 +1,40 @@
-----BEGIN PRIVATE KEY-----
MIIG/AIBADALBgkqhkiG9w0BAQoEggboMIIG5AIBAAKCAYEArc3tT5Qn+lcokLzl
NbaWNhglReHeqoeYiGErlyrkTvYGNhw4tV2umVmZcAES+QJJe67BqnhBJpv2MQmv
Cmvr8ow5L/n+4DimLwDuQG6UjL4/wT5rOq6R5tZsNBpUiLY4uPjJWLSOmQyrN26h
UCXx5OJ2eJyVEn41f3RlHXm3gUR4o1Pz9BwXgBW3wfehswtpWucSa0kfCoSIcBlz
Fr4czbTg578EYbraROtSQXpGuI4Cg8F1BWDQbA51fVKe+TgX3qjMXN3mAov1MEMc
WpiPw8HZX+ZvbvF01t6LX4vONYr0WIoOa9qXzYpqsX+DTnyutniOUehJNNFo49C/
W7MXWuDXlCASJnudGfoeFmVl4VS7+U+eY9rcENywmwkk1QuXg+sssx4VUDiTBlqM
ERJjITGRw3y/VO0sL7z3Y6Q4Nlzzu3E9DRX2WrxM7nhQMWFAv0Uo0rUvwQivvtYD
AM8ZaeOgsJLsJkJeAqXRLc+4Y9/OsyJsGtNdiRWaxHeYzZV/AgMBAAECggGAKjTm
2ztkVfPSgwuMMfYMFkjYzFakhw70qLHILyaYWOB/86X403pTiyPqEfwAyn2WsLVo
jGg1khWvvIrYehRpMPaCcLcqAPNgz+tO8FCqPF97BgeNbKu1/LO3hROb0bNGpQyt
gKAgPOSJs6VnARql2mpwUKvdu6bwgOoYIAdN29Nv5GHfzTkBL/aWMEFdgChWRl/0
5h7Ure4vX+GeRDiYsA+ryjtl6gHBPZlT2VjDUdASpkJVk5/GHWeJeoyU1HqdUty2
V4vekiql4+XzasHQkISkn4RkaD0mzK1KXng3cbwolQfT6C2batYIMTpGjsHNmGgG
NgNEGiHy0ZbgoQ3Ao4LpJ4G8fFK9n9dfQ9itroBRAgJeLIrQGcXEcBriM8jPU8HZ
jFqU9XTvoeefllj1cvXtoDL9CWmSyuuAexKZa55ip+cFfY4B5ZBdtjFdafSdn4UK
FYQr+E7SJ5HjsWTrQPTxBUQF15M0IOt3a0w1ULD44UC5hRqnuc3a17DrVeUhAoHB
ANXFtXSBdv4Qiow8o/HY4H6hP7sGj82HzyEKM7ZmbMagnX5QCYy+uwr5BVfQ1XHx
aznUo5/xsv5H0uYmXqnXVh2Xk4dvQAKzJYrMVXLbRgGCC7IijI2ufi1fITf4b1NJ
NKgyPdzQDogIAWQalwvIl9ZC0NcY+VhQ3geG6sQnYs5137jBepqYxw1gvW63716h
SrC2EjZMsBWoF++g5wJ26OLTFrXITvLdALEjF4/N7eYhs3siYSfddHM8nIhuqvxN
TwKBwQDQIxL6iMNmtmKKe+/2AetcJG0d7vJkYB/E+wLYkpYMsBrVptqt5SmHXcLZ
099GhnbooMlI+1y/15Gnve8h74t+YAxWxBdi/snX1j63+A9iQo4CwjHplrKFWCyT
ejFGEOXAqe+38w7njtxBu6V2ZHNzitZhHKwAlwamOEdbmxD7nlXX+AJUUh3jdn/O
hU17vj8t3d17ip/M6znhUagkO2LcaS+wTIz1/z4kju2wix5k/6EYKEaxdTKKTAaf
UXEYCNECgcEAh9wONYwuRsvWccf8XbD7BB+Q9Fj4PaRpZFMqiGrSCO59CZDucM+q
6g9XcPcdIDxRbECS+QzQOEEHbRPHp+NeLJJvxWxT3yNh4bN5PvTSqhSvQDgq4cSb
FlTWNM8kWWc2GwtLO7HS+ms0Dx3DD08eCKMQPRP3LETAx0HcpGtvpU1OsQnt1KDy
KLNp0Rr++0JAyMv+CRp18l2RUM8O4gcWfUmwrjkuy7TfQrTNvawf3NlgSwqPepmI
78/+n8rNymmLAoHAa8heAaNlHQGB0hkQUKL50MOERiYBG/2zNfyOorx2O6fOnalE
QR0U/maNiuPvEcR8O0dYNRUGGMp3QRhYh4hXAmCWwy/UtI0g1Ua7P+WTgdzZUZBi
7IX/eJIKs2xpq9EASV83JlkV9M/EO74Cl2a5arIRBkUkxUFwTg+C1Gtexg5egfKK
skO7+pjY4oehcl04tnXYRiupSSLe3FG+8tRWA7Hs4i0iKhm9go0JhYzldoPyVmI1
CZyZSYjJPSOdn0ahAoHBAKbA137srUs34GZvoLkLHsUAEsi9CICVcp5q3MQHvbDH
UfuKAnnpUk1Ly2PAM+zfYfMrC21AMpE2esg6VsqTuhFS/Y8cDYPic4WqtjCtszBn
yiGEFddY3j6dNAEM8Mm6WxsoY2PI6aAAbn8sVyFom4+cbpPeTifw5bFBtyeLsTlz
M5QFpZUvnbW9i8Pif7gea/nF/J/z3iX8XUskZwXpDsucktpGG2bchKN7XKHx1YzH
J4ULnO3PUfR4GVbrSVWl4g==
-----END PRIVATE KEY-----

BIN
certs/rsapss/root-3072-rsapss.der Normal file
View File

Binary file not shown.

117
certs/rsapss/root-3072-rsapss.pem Normal file
View File

@ -0,0 +1,117 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
34:c6:f6:76:c9:a4:72:95:4c:7e:9a:0c:80:5c:6d:8f:64:f2:19:a5
Signature Algorithm: rsassaPss
Hash Algorithm: sha384
Mask Algorithm: mgf1 with sha384
Salt Length: 0x014E
Trailer Field: 0xBC (default)
Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSA-PSS, OU = Root-RSA-PSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
Validity
Not Before: Jul 25 02:27:55 2022 GMT
Not After : Apr 20 02:27:55 2025 GMT
Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSA-PSS, OU = Root-RSA-PSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsassaPss
RSA-PSS Public-Key: (3072 bit)
Modulus:
00:ad:cd:ed:4f:94:27:fa:57:28:90:bc:e5:35:b6:
96:36:18:25:45:e1:de:aa:87:98:88:61:2b:97:2a:
e4:4e:f6:06:36:1c:38:b5:5d:ae:99:59:99:70:01:
12:f9:02:49:7b:ae:c1:aa:78:41:26:9b:f6:31:09:
af:0a:6b:eb:f2:8c:39:2f:f9:fe:e0:38:a6:2f:00:
ee:40:6e:94:8c:be:3f:c1:3e:6b:3a:ae:91:e6:d6:
6c:34:1a:54:88:b6:38:b8:f8:c9:58:b4:8e:99:0c:
ab:37:6e:a1:50:25:f1:e4:e2:76:78:9c:95:12:7e:
35:7f:74:65:1d:79:b7:81:44:78:a3:53:f3:f4:1c:
17:80:15:b7:c1:f7:a1:b3:0b:69:5a:e7:12:6b:49:
1f:0a:84:88:70:19:73:16:be:1c:cd:b4:e0:e7:bf:
04:61:ba:da:44:eb:52:41:7a:46:b8:8e:02:83:c1:
75:05:60:d0:6c:0e:75:7d:52:9e:f9:38:17:de:a8:
cc:5c:dd:e6:02:8b:f5:30:43:1c:5a:98:8f:c3:c1:
d9:5f:e6:6f:6e:f1:74:d6:de:8b:5f:8b:ce:35:8a:
f4:58:8a:0e:6b:da:97:cd:8a:6a:b1:7f:83:4e:7c:
ae:b6:78:8e:51:e8:49:34:d1:68:e3:d0:bf:5b:b3:
17:5a:e0:d7:94:20:12:26:7b:9d:19:fa:1e:16:65:
65:e1:54:bb:f9:4f:9e:63:da:dc:10:dc:b0:9b:09:
24:d5:0b:97:83:eb:2c:b3:1e:15:50:38:93:06:5a:
8c:11:12:63:21:31:91:c3:7c:bf:54:ed:2c:2f:bc:
f7:63:a4:38:36:5c:f3:bb:71:3d:0d:15:f6:5a:bc:
4c:ee:78:50:31:61:40:bf:45:28:d2:b5:2f:c1:08:
af:be:d6:03:00:cf:19:69:e3:a0:b0:92:ec:26:42:
5e:02:a5:d1:2d:cf:b8:63:df:ce:b3:22:6c:1a:d3:
5d:89:15:9a:c4:77:98:cd:95:7f
Exponent: 65537 (0x10001)
No PSS parameter restrictions
X509v3 extensions:
X509v3 Subject Key Identifier:
AA:71:D3:B1:8A:4B:BB:47:15:47:5F:9B:D0:2B:69:D1:6F:85:5E:F6
X509v3 Authority Key Identifier:
keyid:AA:71:D3:B1:8A:4B:BB:47:15:47:5F:9B:D0:2B:69:D1:6F:85:5E:F6
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage: critical
Digital Signature, Certificate Sign, CRL Sign
Signature Algorithm: rsassaPss
Hash Algorithm: sha384
Mask Algorithm: mgf1 with sha384
Salt Length: 0x014E
Trailer Field: 0xBC (default)
66:1c:f4:d8:ae:83:99:36:d5:9b:57:84:24:3f:ff:bc:de:1a:
4c:ba:f2:8b:51:45:37:6f:42:81:18:1c:da:4c:c1:7f:a5:6c:
6e:45:02:2a:2e:e0:39:5b:47:9b:d9:e8:75:32:44:02:4b:ac:
65:74:25:e8:b5:9c:f2:33:90:73:e9:59:4f:20:82:dd:20:1e:
0f:30:bb:77:b2:4c:c1:67:d1:2d:3e:4f:96:e9:31:3d:f3:0c:
3a:9b:ee:b1:40:34:e3:a1:af:01:ea:91:d8:ba:58:71:32:23:
6f:a4:38:6a:f9:00:9a:a9:5a:06:b4:f8:6e:25:55:9d:e2:c0:
54:e8:88:32:68:1b:64:f6:d1:23:f1:46:01:2d:5e:68:bc:5f:
86:fb:84:d5:35:67:0a:65:4e:4f:e5:fb:d3:1b:ad:46:6a:6a:
43:d2:e8:3d:13:74:64:f7:54:37:41:14:2d:a3:f0:c6:57:ac:
25:f4:cd:00:ee:54:77:13:ce:59:13:55:1e:82:f2:68:ac:b7:
c4:90:ab:82:85:86:32:0c:03:9c:ed:ab:cd:81:ae:3e:d2:f9:
6c:41:cd:03:56:68:bd:48:e2:d0:c8:8b:b3:e5:f0:aa:28:f8:
36:2e:14:fb:5e:57:6a:26:60:a8:20:ca:f4:05:8e:41:cf:92:
43:5f:57:2f:c8:ea:de:cb:b0:00:dc:41:53:e1:10:27:b2:7f:
f8:f4:a5:7b:3f:df:f4:cf:53:e6:11:b4:ea:36:53:68:b6:0b:
96:5c:7d:d0:a1:77:1c:99:fa:68:c2:19:aa:89:40:cc:42:24:
33:e3:02:28:d0:04:b9:2f:6f:01:6b:55:95:6d:eb:93:3a:e4:
ed:e5:c8:36:68:df:61:07:d0:0d:77:19:8e:3d:9c:5f:6e:8a:
05:64:2e:27:78:7a:12:30:14:29:17:96:ae:6d:53:8c:98:35:
e9:a1:06:b5:e0:c8:2e:89:6e:7c:bf:b5:c8:3a:8f:07:d1:7e:
58:b8:c8:23:db:71
-----BEGIN CERTIFICATE-----
MIIFjTCCA8SgAwIBAgIUNMb2dsmkcpVMfpoMgFxtj2TyGaUwPgYJKoZIhvcNAQEK
MDGgDTALBglghkgBZQMEAgKhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAICogQC
AgFOMIGdMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwH
Qm96ZW1hbjEYMBYGA1UECgwPd29sZlNTTF9SU0EtUFNTMRUwEwYDVQQLDAxSb290
LVJTQS1QU1MxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJ
ARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0yMjA3MjUwMjI3NTVaFw0yNTA0MjAwMjI3
NTVaMIGdMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwH
Qm96ZW1hbjEYMBYGA1UECgwPd29sZlNTTF9SU0EtUFNTMRUwEwYDVQQLDAxSb290
LVJTQS1QU1MxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJ
ARYQaW5mb0B3b2xmc3NsLmNvbTCCAaAwCwYJKoZIhvcNAQEKA4IBjwAwggGKAoIB
gQCtze1PlCf6VyiQvOU1tpY2GCVF4d6qh5iIYSuXKuRO9gY2HDi1Xa6ZWZlwARL5
Akl7rsGqeEEmm/YxCa8Ka+vyjDkv+f7gOKYvAO5AbpSMvj/BPms6rpHm1mw0GlSI
tji4+MlYtI6ZDKs3bqFQJfHk4nZ4nJUSfjV/dGUdebeBRHijU/P0HBeAFbfB96Gz
C2la5xJrSR8KhIhwGXMWvhzNtODnvwRhutpE61JBeka4jgKDwXUFYNBsDnV9Up75
OBfeqMxc3eYCi/UwQxxamI/Dwdlf5m9u8XTW3otfi841ivRYig5r2pfNimqxf4NO
fK62eI5R6Ek00Wjj0L9bsxda4NeUIBIme50Z+h4WZWXhVLv5T55j2twQ3LCbCSTV
C5eD6yyzHhVQOJMGWowREmMhMZHDfL9U7SwvvPdjpDg2XPO7cT0NFfZavEzueFAx
YUC/RSjStS/BCK++1gMAzxlp46CwkuwmQl4CpdEtz7hj386zImwa012JFZrEd5jN
lX8CAwEAAaNjMGEwHQYDVR0OBBYEFKpx07GKS7tHFUdfm9AradFvhV72MB8GA1Ud
IwQYMBaAFKpx07GKS7tHFUdfm9AradFvhV72MA8GA1UdEwEB/wQFMAMBAf8wDgYD
VR0PAQH/BAQDAgGGMD4GCSqGSIb3DQEBCjAxoA0wCwYJYIZIAWUDBAICoRowGAYJ
KoZIhvcNAQEIMAsGCWCGSAFlAwQCAqIEAgIBTgOCAYEAZhz02K6DmTbVm1eEJD//
vN4aTLryi1FFN29CgRgc2kzBf6VsbkUCKi7gOVtHm9nodTJEAkusZXQl6LWc8jOQ
c+lZTyCC3SAeDzC7d7JMwWfRLT5PlukxPfMMOpvusUA046GvAeqR2LpYcTIjb6Q4
avkAmqlaBrT4biVVneLAVOiIMmgbZPbRI/FGAS1eaLxfhvuE1TVnCmVOT+X70xut
RmpqQ9LoPRN0ZPdUN0EULaPwxlesJfTNAO5UdxPOWRNVHoLyaKy3xJCrgoWGMgwD
nO2rzYGuPtL5bEHNA1ZovUji0MiLs+Xwqij4Ni4U+15XaiZgqCDK9AWOQc+SQ19X
L8jq3suwANxBU+EQJ7J/+PSlez/f9M9T5hG06jZTaLYLllx90KF3HJn6aMIZqolA
zEIkM+MCKNAEuS9vAWtVlW3rkzrk7eXINmjfYQfQDXcZjj2cX26KBWQuJ3h6EjAU
KReWrm1TjJg16aEGteDILolufL+1yDqPB9F+WLjII9tx
-----END CERTIFICATE-----

BIN
certs/rsapss/root-rsapss-key.der Normal file
View File

Binary file not shown.

10
certs/rsapss/root-rsapss-key.pem Normal file
View File

@ -0,0 +1,10 @@
-----BEGIN PUBLIC KEY-----
MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAaEaMBgGCSqGSIb3DQEB
CDALBglghkgBZQMEAgGiAwIBIAOCAQ8AMIIBCgKCAQEAmQoBttFAewyuF37hXI37
a8yPBlF15vCXzi92+jG973myLuS1ER/LKa0X7jIpBJqaFUNM52e4DnjP6944a0I5
ZZAZ4FuUjujiGEvF0m7WePCJw9mw3BZ+aHK1ChvOsiSMoMf8xthyrLd4wwV613iq
fKusjK8K1+tLtSxA3b5aSk1tkwJp4gjll6lAbhg4be+OJ+NY+/Ob8Rn5kJpGjieW
aP92wzbjc+LrzQCXNelkzTsN4/IC+4Cq3VXhLRA/CGK+q9xIDIW1XvsSyZ7Au/EK
GGwV+edEShUJc0nYDJb33NACYsqRgfSyPLolqZiE0HUqsX+PnfjKluCClOOKs/bv
9QIDAQAB
-----END PUBLIC KEY-----

BIN
certs/rsapss/root-rsapss-priv.der Normal file
View File

Binary file not shown.

29
certs/rsapss/root-rsapss-priv.pem Normal file
View File

@ -0,0 +1,29 @@
-----BEGIN PRIVATE KEY-----
MIIE7gIBADA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAaEaMBgGCSqGSIb3
DQEBCDALBglghkgBZQMEAgGiAwIBIASCBKgwggSkAgEAAoIBAQCZCgG20UB7DK4X
fuFcjftrzI8GUXXm8JfOL3b6Mb3vebIu5LURH8sprRfuMikEmpoVQ0znZ7gOeM/r
3jhrQjllkBngW5SO6OIYS8XSbtZ48InD2bDcFn5ocrUKG86yJIygx/zG2HKst3jD
BXrXeKp8q6yMrwrX60u1LEDdvlpKTW2TAmniCOWXqUBuGDht744n41j785vxGfmQ
mkaOJ5Zo/3bDNuNz4uvNAJc16WTNOw3j8gL7gKrdVeEtED8IYr6r3EgMhbVe+xLJ
nsC78QoYbBX550RKFQlzSdgMlvfc0AJiypGB9LI8uiWpmITQdSqxf4+d+MqW4IKU
44qz9u/1AgMBAAECggEAXtcKtOb8lMUI5lqlApyioO2F/R5ieJnFGevkSaylzlCW
keT+KPyRBOTWHbFMJiRBNMgeUpG+SImqILv4LtA9jak9wAJBEEdWRkQ+9efmVdCL
L6oqplnyQHxFoVwWPePUmpcVGY1tk4en+QPeWsXWsagaKJ0ZlTGmG0KveDvM7JoV
57qoqXw85VCA9yw4+1hyCoMFPZmWoqpU8MtAH65fzuBH/M0dAjzDwJRRsk+mpOxE
/XtKpFsHRXDlXf274U7ktAfHMxS6KthyuP2KJAvycs6BvvKyXW898X1K5ehChjmQ
gGGhm5mmeucdR7oMbw1snnrxZ9Vf+njBMCMQksJVSQKBgQDGFtOYGhHh+eSuUrdY
qlrXF2gxKD9uIwPMBt5uo4FcIVgVtqTE3nyISAkfVw7HbXLDYnICckkxqwZL2U1C
OQ9Syf4ZNNakZ/dwhTtmOQ1zcaEzt3higcBMxxXFeVPl7opxcA/d7N8r6+gPtpOx
bTQH6sN3GLB6v0qgjK4Y3UX1wwKBgQDFx5djSMjylnW6XIvmKH/eKebURGnJWtty
XMPkp+hNLodNgJGakpCe3L7GbiF+uWIxDg+De1oEfssb9Xu/wz507Y0T4mmVgyGn
EuF5cAd2o48p1Hn+G8adh6/ty2dsqBdCC2MCxMD/ZcZy5ELJHnynNUVuffQDcqDK
KZBe7hVP5wKBgQCch28ekwMsiTYeVjiRdNQhgVqQ9Zfh5QNcFtVvof5XmfWr+s6K
zrCjVCD5RebkyeTU5hbnPf3+pIFuMEFvof0s03bZ3jn6YjlSDcXZSh4J6nGSl1km
phcZ1HustuoIGI4Hg6DWIhZb86dFu2VL39oso2Nf2f+ij0ReR6xO85MT1wKBgQCQ
+HoJNoLE/nCRB+Er9ae0ivY9xV/dThHoxAJ7CnCGkoJu1rzjlmcXaysTfAplPzGw
T2QjtjkHboEmn0v0BgMz5iQw3RcTlqkGNBq9ztZJqh34RVyeXHG7aogUP7IxvQw/
RuVuVBY7nrhV4ubpUMWCMtQP55cDJ/Sf+tNuIgnRJQKBgBfKPaKXffSp+VAezB09
xPyhpg5mDZqnQCbN7UJTBDAzXLs7NkSRpAb7NT7iTrFq/uFY2QUdgfqIgmGdNmbq
xF/UtQBQBr+y5gu3EjU6p464rM+ui3xU5FlZ60bsDIfP/p2leiJYuGG2ds56CBV/
bD8DmfVsG0X3d4C/XMtveEgq
-----END PRIVATE KEY-----

BIN
certs/rsapss/root-rsapss.der Normal file
View File

Binary file not shown.

102
certs/rsapss/root-rsapss.pem Normal file
View File

@ -0,0 +1,102 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
34:43:a2:a0:b6:01:0c:e3:6d:0d:e8:2d:8c:75:f8:1c:71:74:0d:72
Signature Algorithm: rsassaPss
Hash Algorithm: sha256
Mask Algorithm: mgf1 with sha256
Salt Length: 0x20
Trailer Field: 0xBC (default)
Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSA-PSS, OU = Root-RSA-PSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
Validity
Not Before: Jul 25 02:27:55 2022 GMT
Not After : Apr 20 02:27:55 2025 GMT
Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSA-PSS, OU = Root-RSA-PSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsassaPss
RSA-PSS Public-Key: (2048 bit)
Modulus:
00:99:0a:01:b6:d1:40:7b:0c:ae:17:7e:e1:5c:8d:
fb:6b:cc:8f:06:51:75:e6:f0:97:ce:2f:76:fa:31:
bd:ef:79:b2:2e:e4:b5:11:1f:cb:29:ad:17:ee:32:
29:04:9a:9a:15:43:4c:e7:67:b8:0e:78:cf:eb:de:
38:6b:42:39:65:90:19:e0:5b:94:8e:e8:e2:18:4b:
c5:d2:6e:d6:78:f0:89:c3:d9:b0:dc:16:7e:68:72:
b5:0a:1b:ce:b2:24:8c:a0:c7:fc:c6:d8:72:ac:b7:
78:c3:05:7a:d7:78:aa:7c:ab:ac:8c:af:0a:d7:eb:
4b:b5:2c:40:dd:be:5a:4a:4d:6d:93:02:69:e2:08:
e5:97:a9:40:6e:18:38:6d:ef:8e:27:e3:58:fb:f3:
9b:f1:19:f9:90:9a:46:8e:27:96:68:ff:76:c3:36:
e3:73:e2:eb:cd:00:97:35:e9:64:cd:3b:0d:e3:f2:
02:fb:80:aa:dd:55:e1:2d:10:3f:08:62:be:ab:dc:
48:0c:85:b5:5e:fb:12:c9:9e:c0:bb:f1:0a:18:6c:
15:f9:e7:44:4a:15:09:73:49:d8:0c:96:f7:dc:d0:
02:62:ca:91:81:f4:b2:3c:ba:25:a9:98:84:d0:75:
2a:b1:7f:8f:9d:f8:ca:96:e0:82:94:e3:8a:b3:f6:
ef:f5
Exponent: 65537 (0x10001)
PSS parameter restrictions:
Hash Algorithm: sha256
Mask Algorithm: mgf1 with sha256
Minimum Salt Length: 0x20
Trailer Field: 0xBC (default)
X509v3 extensions:
X509v3 Subject Key Identifier:
64:D5:EC:82:87:80:DE:5A:ED:49:98:D8:0C:54:7D:46:9E:A5:3C:D6
X509v3 Authority Key Identifier:
keyid:64:D5:EC:82:87:80:DE:5A:ED:49:98:D8:0C:54:7D:46:9E:A5:3C:D6
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage: critical
Digital Signature, Certificate Sign, CRL Sign
Signature Algorithm: rsassaPss
Hash Algorithm: sha256
Mask Algorithm: mgf1 with sha256
Salt Length: 0x20
Trailer Field: 0xBC (default)
8c:4f:b2:a8:12:6c:80:56:78:44:ac:27:38:26:96:a3:e0:58:
34:81:48:5f:cd:34:28:bd:b7:f6:6e:95:b4:8d:9a:5a:5a:9e:
a5:40:e4:67:b8:53:db:00:ab:81:db:c8:de:77:0e:1b:a7:30:
74:b8:8f:4b:05:5d:12:5c:f5:7a:40:ed:ba:3a:58:05:99:7b:
72:a7:f1:c4:0a:4a:c4:fa:44:ef:5b:7e:8f:70:95:bc:3e:bb:
ab:e5:4a:db:7a:d0:a9:82:2d:0c:c8:a0:64:0a:9a:d9:8c:23:
d9:a5:3a:ea:80:ae:47:c0:31:7a:21:3c:4b:5d:9e:22:e1:34:
c8:bb:0c:d5:77:65:6b:c0:76:77:67:41:56:23:33:e2:a6:e9:
5f:8d:9d:af:73:92:e0:4e:2d:3f:c6:3a:ab:99:67:c5:5a:3e:
a2:50:bb:ca:26:5f:6d:be:f9:71:1f:63:6e:d8:41:ca:96:bc:
3d:1c:67:00:a1:78:d4:fe:a6:43:64:cf:20:ca:7b:ee:fa:65:
72:39:ff:9a:8b:99:9c:9c:2d:4e:1d:b0:dc:07:8a:f2:12:81:
78:d9:d4:55:aa:c5:d1:fb:73:36:71:01:4e:d6:e9:ea:e0:01:
5c:95:ee:aa:16:cd:1a:d3:00:31:6f:48:7d:b7:52:7c:53:40:
fd:c5:58:a1
-----BEGIN CERTIFICATE-----
MIIEvTCCA3WgAwIBAgIUNEOioLYBDONtDegtjHX4HHF0DXIwPQYJKoZIhvcNAQEK
MDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMC
ASAwgZ0xCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
b3plbWFuMRgwFgYDVQQKDA93b2xmU1NMX1JTQS1QU1MxFTATBgNVBAsMDFJvb3Qt
UlNBLVBTUzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkB
FhBpbmZvQHdvbGZzc2wuY29tMB4XDTIyMDcyNTAyMjc1NVoXDTI1MDQyMDAyMjc1
NVowgZ0xCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
b3plbWFuMRgwFgYDVQQKDA93b2xmU1NMX1JTQS1QU1MxFTATBgNVBAsMDFJvb3Qt
UlNBLVBTUzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkB
FhBpbmZvQHdvbGZzc2wuY29tMIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFl
AwQCAaEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiAwIBIAOCAQ8AMIIBCgKC
AQEAmQoBttFAewyuF37hXI37a8yPBlF15vCXzi92+jG973myLuS1ER/LKa0X7jIp
BJqaFUNM52e4DnjP6944a0I5ZZAZ4FuUjujiGEvF0m7WePCJw9mw3BZ+aHK1ChvO
siSMoMf8xthyrLd4wwV613iqfKusjK8K1+tLtSxA3b5aSk1tkwJp4gjll6lAbhg4
be+OJ+NY+/Ob8Rn5kJpGjieWaP92wzbjc+LrzQCXNelkzTsN4/IC+4Cq3VXhLRA/
CGK+q9xIDIW1XvsSyZ7Au/EKGGwV+edEShUJc0nYDJb33NACYsqRgfSyPLolqZiE
0HUqsX+PnfjKluCClOOKs/bv9QIDAQABo2MwYTAdBgNVHQ4EFgQUZNXsgoeA3lrt
SZjYDFR9Rp6lPNYwHwYDVR0jBBgwFoAUZNXsgoeA3lrtSZjYDFR9Rp6lPNYwDwYD
VR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwPQYJKoZIhvcNAQEKMDCgDTAL
BglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMCASADggEB
AIxPsqgSbIBWeESsJzgmlqPgWDSBSF/NNCi9t/ZulbSNmlpanqVA5Ge4U9sAq4Hb
yN53DhunMHS4j0sFXRJc9XpA7bo6WAWZe3Kn8cQKSsT6RO9bfo9wlbw+u6vlStt6
0KmCLQzIoGQKmtmMI9mlOuqArkfAMXohPEtdniLhNMi7DNV3ZWvAdndnQVYjM+Km
6V+Nna9zkuBOLT/GOquZZ8VaPqJQu8omX22++XEfY27YQcqWvD0cZwCheNT+pkNk
zyDKe+76ZXI5/5qLmZycLU4dsNwHivISgXjZ1FWqxdH7czZxAU7W6ergAVyV7qoW
zRrTADFvSH23UnxTQP3FWKE=
-----END CERTIFICATE-----

122
certs/rsapss/server-3072-rsapss-cert.pem Normal file
View File

@ -0,0 +1,122 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: rsassaPss
Hash Algorithm: sha384
Mask Algorithm: mgf1 with sha384
Salt Length: 0x014E
Trailer Field: 0xBC (default)
Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSAPSS, OU = CA-RSAPSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
Validity
Not Before: Jul 25 02:27:55 2022 GMT
Not After : Apr 20 02:27:55 2025 GMT
Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSAPSS, OU = Server-RSAPSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
Subject Public Key Info:
Public Key Algorithm: rsassaPss
RSA-PSS Public-Key: (3072 bit)
Modulus:
00:be:84:78:d3:6b:7d:b2:ae:51:88:68:6a:33:f1:
f9:c5:1a:6f:97:71:94:22:f4:c2:f0:49:88:2b:a4:
4d:15:6f:db:cc:d4:c6:6f:75:a6:e2:22:06:af:91:
26:4e:a0:2d:97:17:95:0b:40:1a:75:23:9b:b1:e0:
d7:5d:cc:0d:5f:09:9e:c9:b7:3d:f8:e5:62:bb:34:
75:99:0c:e6:da:7d:95:40:ee:5f:27:76:f9:ca:d6:
0d:1e:a7:06:9f:c5:75:57:96:44:b9:73:f4:de:aa:
a9:af:be:4b:98:f3:6c:c8:da:d9:a2:26:35:21:40:
e7:67:4b:e2:d9:c4:4f:b8:96:54:17:59:d8:ca:af:
b1:56:47:be:15:5b:05:d3:29:cc:ec:2b:99:fa:13:
1a:2a:d0:61:d1:41:c2:27:5d:d9:a7:f2:29:28:eb:
fb:e5:89:c5:01:83:88:1d:dc:70:1a:8f:2f:3b:e5:
34:e8:5b:ef:ed:76:5f:8a:51:ea:2d:92:c2:e6:86:
6d:6a:92:93:c3:6d:04:c5:95:68:07:fe:9a:32:d9:
38:c8:06:eb:33:92:b9:0b:ce:2e:c3:6b:6a:a2:41:
6a:ce:09:e7:4a:90:a8:2f:59:0e:76:dc:4f:b8:86:
d0:4b:95:e6:1b:e4:c6:59:26:ef:1c:00:4e:ce:fb:
cf:63:05:7e:a6:d4:09:39:fe:d3:79:49:f2:6a:6a:
1a:17:cb:13:a5:3d:d9:fa:b0:a4:5f:18:e8:e5:5c:
4b:38:d5:d8:b8:76:35:a0:0b:e1:98:b9:58:c3:88:
e5:f8:4a:e6:d0:84:a3:5e:4d:85:c9:d6:7f:9d:9f:
35:28:66:56:04:25:cc:1b:4c:f7:e3:cb:39:be:e0:
5f:a8:93:bd:a1:0b:cd:63:e0:16:07:af:40:0b:cb:
6e:3f:81:0c:cd:80:bf:13:f1:92:57:a1:48:17:d2:
29:b0:5a:a2:d5:42:84:c8:6c:09:31:c6:05:92:dd:
a3:f7:56:ed:e7:5f:29:88:eb:4b
Exponent: 65537 (0x10001)
No PSS parameter restrictions
X509v3 extensions:
X509v3 Subject Key Identifier:
C8:F1:E9:1E:60:01:C8:23:CC:D7:98:B3:BB:65:7A:32:C4:4B:93:39
X509v3 Authority Key Identifier:
keyid:F8:42:CC:88:C9:C8:18:F9:D3:B0:24:65:06:4C:FF:55:AB:BF:0E:7F
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Key Usage: critical
Digital Signature, Key Encipherment, Key Agreement
X509v3 Extended Key Usage:
TLS Web Server Authentication
Netscape Cert Type:
SSL Server
Signature Algorithm: rsassaPss
Hash Algorithm: sha384
Mask Algorithm: mgf1 with sha384
Salt Length: 0x014E
Trailer Field: 0xBC (default)
68:61:62:4c:67:79:5d:4d:fd:95:14:51:37:f0:d5:d5:b6:f0:
c6:48:cb:23:3c:4c:b6:38:00:63:4d:0e:6a:f6:d0:ba:54:3d:
40:a4:aa:5b:01:f6:57:c1:13:12:e1:5b:4e:59:21:f7:09:90:
93:36:ab:44:54:59:f5:f0:da:3a:aa:41:f2:00:a4:fa:3d:8d:
92:bf:74:84:a2:93:c8:70:d9:5a:2a:ab:47:a9:18:fb:f9:51:
35:96:89:23:18:7b:a6:ae:1c:88:df:cd:68:ca:3c:8b:03:b2:
b0:c6:6f:9e:1f:fd:00:98:24:72:3b:6a:67:62:ef:28:4a:71:
6e:b2:53:1c:0b:7c:48:ef:78:6c:73:5d:03:71:44:ac:5c:5e:
a2:75:fd:0b:e4:cc:8c:af:1e:42:9c:b7:d4:02:f4:8e:ad:56:
77:fe:d0:1b:92:4d:35:ce:3e:bb:e0:43:98:e8:dc:71:e9:fb:
e1:26:17:5c:e1:f2:57:74:45:21:90:42:c1:b0:38:59:7f:0c:
6a:6e:94:7b:30:a1:fd:10:e0:9b:53:0f:05:19:2d:f6:9a:a3:
95:f4:52:54:c9:e2:fc:99:0e:64:56:29:31:d2:35:dd:01:b0:
34:c8:d6:16:40:1a:58:58:62:c1:e4:d8:ee:8e:1d:b2:b7:c9:
68:07:a5:91:a0:a8:18:c7:5f:80:c6:81:fb:7a:10:17:a8:a5:
9e:67:d2:ac:31:69:94:ab:36:6f:f6:35:05:c3:80:f3:3e:5f:
5c:29:d1:13:43:88:1e:79:ac:3d:d3:e0:3d:44:c4:da:c7:1e:
ab:f1:86:07:98:cf:b8:99:5d:6b:7c:3f:c2:c1:ff:1c:b1:8d:
90:02:45:62:c4:7c:ca:6a:fb:4c:48:bc:73:ad:04:ad:62:87:
1e:b3:c4:76:a6:a1:27:3d:f5:2a:ca:8e:c0:73:96:08:3c:db:
f7:36:a6:57:a4:98:47:58:cd:56:0e:cd:fc:63:84:b9:df:2f:
47:bb:8b:0d:7c:54
-----BEGIN CERTIFICATE-----
MIIFzzCCBAagAwIBAgIBATA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCAqEa
MBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiBAICAU4wgbIxCzAJBgNVBAYTAlVT
MRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRcwFQYDVQQKDA53
b2xmU1NMX1JTQVBTUzESMBAGA1UECwwJQ0EtUlNBUFNTMRgwFgYDVQQDDA93d3cu
d29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20xFzAV
BgoJkiaJk/IsZAEBDAd3b2xmU1NMMB4XDTIyMDcyNTAyMjc1NVoXDTI1MDQyMDAy
Mjc1NVowgbYxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQH
DAdCb3plbWFuMRcwFQYDVQQKDA53b2xmU1NMX1JTQVBTUzEWMBQGA1UECwwNU2Vy
dmVyLVJTQVBTUzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcN
AQkBFhBpbmZvQHdvbGZzc2wuY29tMRcwFQYKCZImiZPyLGQBAQwHd29sZlNTTDCC
AaAwCwYJKoZIhvcNAQEKA4IBjwAwggGKAoIBgQC+hHjTa32yrlGIaGoz8fnFGm+X
cZQi9MLwSYgrpE0Vb9vM1MZvdabiIgavkSZOoC2XF5ULQBp1I5ux4NddzA1fCZ7J
tz345WK7NHWZDObafZVA7l8ndvnK1g0epwafxXVXlkS5c/TeqqmvvkuY82zI2tmi
JjUhQOdnS+LZxE+4llQXWdjKr7FWR74VWwXTKczsK5n6Exoq0GHRQcInXdmn8iko
6/vlicUBg4gd3HAajy875TToW+/tdl+KUeotksLmhm1qkpPDbQTFlWgH/poy2TjI
BuszkrkLzi7Da2qiQWrOCedKkKgvWQ523E+4htBLleYb5MZZJu8cAE7O+89jBX6m
1Ak5/tN5SfJqahoXyxOlPdn6sKRfGOjlXEs41di4djWgC+GYuVjDiOX4SubQhKNe
TYXJ1n+dnzUoZlYEJcwbTPfjyzm+4F+ok72hC81j4BYHr0ALy24/gQzNgL8T8ZJX
oUgX0imwWqLVQoTIbAkxxgWS3aP3Vu3nXymI60sCAwEAAaOBiTCBhjAdBgNVHQ4E
FgQUyPHpHmAByCPM15izu2V6MsRLkzkwHwYDVR0jBBgwFoAU+ELMiMnIGPnTsCRl
Bkz/Vau/Dn8wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCA6gwEwYDVR0lBAww
CgYIKwYBBQUHAwEwEQYJYIZIAYb4QgEBBAQDAgZAMD4GCSqGSIb3DQEBCjAxoA0w
CwYJYIZIAWUDBAICoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAqIEAgIBTgOC
AYEAaGFiTGd5XU39lRRRN/DV1bbwxkjLIzxMtjgAY00OavbQulQ9QKSqWwH2V8ET
EuFbTlkh9wmQkzarRFRZ9fDaOqpB8gCk+j2Nkr90hKKTyHDZWiqrR6kY+/lRNZaJ
Ixh7pq4ciN/NaMo8iwOysMZvnh/9AJgkcjtqZ2LvKEpxbrJTHAt8SO94bHNdA3FE
rFxeonX9C+TMjK8eQpy31AL0jq1Wd/7QG5JNNc4+u+BDmOjccen74SYXXOHyV3RF
IZBCwbA4WX8Mam6UezCh/RDgm1MPBRkt9pqjlfRSVMni/JkOZFYpMdI13QGwNMjW
FkAaWFhiweTY7o4dsrfJaAelkaCoGMdfgMaB+3oQF6ilnmfSrDFplKs2b/Y1BcOA
8z5fXCnRE0OIHnmsPdPgPUTE2sceq/GGB5jPuJlda3w/wsH/HLGNkAJFYsR8ymr7
TEi8c60ErWKHHrPEdqahJz31KsqOwHOWCDzb9zamV6SYR1jNVg7N/GOEud8vR7uL
DXxU
-----END CERTIFICATE-----

BIN
certs/rsapss/server-3072-rsapss-key.der Normal file
View File

Binary file not shown.

11
certs/rsapss/server-3072-rsapss-key.pem Normal file
View File

@ -0,0 +1,11 @@
-----BEGIN PUBLIC KEY-----
MIIBoDALBgkqhkiG9w0BAQoDggGPADCCAYoCggGBAL6EeNNrfbKuUYhoajPx+cUa
b5dxlCL0wvBJiCukTRVv28zUxm91puIiBq+RJk6gLZcXlQtAGnUjm7Hg113MDV8J
nsm3PfjlYrs0dZkM5tp9lUDuXyd2+crWDR6nBp/FdVeWRLlz9N6qqa++S5jzbMja
2aImNSFA52dL4tnET7iWVBdZ2MqvsVZHvhVbBdMpzOwrmfoTGirQYdFBwidd2afy
KSjr++WJxQGDiB3ccBqPLzvlNOhb7+12X4pR6i2SwuaGbWqSk8NtBMWVaAf+mjLZ
OMgG6zOSuQvOLsNraqJBas4J50qQqC9ZDnbcT7iG0EuV5hvkxlkm7xwATs77z2MF
fqbUCTn+03lJ8mpqGhfLE6U92fqwpF8Y6OVcSzjV2Lh2NaAL4Zi5WMOI5fhK5tCE
o15NhcnWf52fNShmVgQlzBtM9+PLOb7gX6iTvaELzWPgFgevQAvLbj+BDM2AvxPx
klehSBfSKbBaotVChMhsCTHGBZLdo/dW7edfKYjrSwIDAQAB
-----END PUBLIC KEY-----

BIN
certs/rsapss/server-3072-rsapss-priv.der Normal file
View File

Binary file not shown.

40
certs/rsapss/server-3072-rsapss-priv.pem Normal file
View File

@ -0,0 +1,40 @@
-----BEGIN PRIVATE KEY-----
MIIG/AIBADALBgkqhkiG9w0BAQoEggboMIIG5AIBAAKCAYEAvoR402t9sq5RiGhq
M/H5xRpvl3GUIvTC8EmIK6RNFW/bzNTGb3Wm4iIGr5EmTqAtlxeVC0AadSObseDX
XcwNXwmeybc9+OViuzR1mQzm2n2VQO5fJ3b5ytYNHqcGn8V1V5ZEuXP03qqpr75L
mPNsyNrZoiY1IUDnZ0vi2cRPuJZUF1nYyq+xVke+FVsF0ynM7CuZ+hMaKtBh0UHC
J13Zp/IpKOv75YnFAYOIHdxwGo8vO+U06Fvv7XZfilHqLZLC5oZtapKTw20ExZVo
B/6aMtk4yAbrM5K5C84uw2tqokFqzgnnSpCoL1kOdtxPuIbQS5XmG+TGWSbvHABO
zvvPYwV+ptQJOf7TeUnyamoaF8sTpT3Z+rCkXxjo5VxLONXYuHY1oAvhmLlYw4jl
+Erm0ISjXk2FydZ/nZ81KGZWBCXMG0z348s5vuBfqJO9oQvNY+AWB69AC8tuP4EM
zYC/E/GSV6FIF9IpsFqi1UKEyGwJMcYFkt2j91bt518piOtLAgMBAAECggGBALdl
MCZc0Ahj84p68NkGMuiA9TD0naQ0tz61mgZgx+892XlIzahXugjutj7lW9nOKXTL
t6a304A1gdfuV4MsPSbiTN9irJ5eufb5ncZx+/wRbc6uaBzGU9jkyoZaRG8ilj11
IrzfGbYK1QOfDIi0s2B6A4wqeXSEVP1DuKDmb9OBqns7+wvJqs0ijKFkGKxYDbK+
mh93qfXS2IamZW6d0jrwSpzg5X/laiZ15l7QZ325nb9rec2/SqvtCjVNez7ZiWeM
HQv6I8s8eBVDtSxzxytHHu90SRqC1fQEKnzKMEYAaT/i2sqqorBSIDVuwl6mnl0X
v22YKoBkaeqyanFY4bjgVkFtVyqxaPxNGW+AosD9usszSP7fHVDsxH+U3VauPDu3
E/rYkL4ftpetAk1jk7L/LipJkzdPOzcvuC/ZEXdxRkKIrM5Yb4usD+6zPLmm1yuY
HhdGZZuzcv+Uk7vmKZAv0p+IYpP7foCJlX9CsPPwCimWg581q8QTZl7/AQ7qOQKB
wQDx3siwpPspeznnxv0qxcQNK6GuADTSPxRc62ST5IHEXm+bEZJ5mmIOl5BVRn9N
RNQJSSYOHPnmyr0XTGnJ887Wpt6LutPc570pOFF8dBgLziCkHmQaDcKbVDkrNZrA
UKAP3ZppH59slXawVSlbrl3fMd6SEprxmVCuxBu7VJeee5puy4jc7Svl3aXaXOok
kmbxKUtDT456ZUxwqsXjeJbGQQgztGSB6aM/L3Jb9Z5e36o3UON9cfuvet+yCfmP
iW0CgcEAyaWyg74L9BK8taRmeQ2hMQbd8i1GvYnWrEGC0uUTpOxcsEwpFRBWGI47
Nt9+d9+v4fDULO4ysfOfUjoxpEP6OiPtcjPi+/uKGgqy5kRVEp7qqmv2iUgaJAug
95oxgmlEUjbvJfFFiq7c5UOtHfxM/TWYjoj6FzQUUM4wjcAhVaEMe+zBXpHOi1Db
pS0RuPZ+UaMTeH5NgQyrRNBQj9mK55mFHX9j97HrlbWrMGZQUQryxKWvVwLUe/uE
v/PoTMyXAoHAb8jINiO51N0X0RA9l5QZXQDqU3HS98yhi6RbMqLseqYurJt9d+gr
I5VW5qKTWVHTMYt2JBWuRcUziV4OkoC0+q3asvegzTrpSPC3cG5zYplcqp1FJGlx
pLpTRa4bnIBmyY5gu+8ajmOxnCNv3uiCiBITTK1+oOR7zpniOz0Iaf20TTqSQZD3
teAvs/E3YbmsDA9KsoxFTDofDv9OQChOfsg1kzfvL7+cbCpwjyHAlRaII9KloSeZ
6+s9EZrclUMtAoHADWADPj/N1Suk/rtf3Kmtxm25LQYZyhqpdZWG0uxE6EyRPVRf
6TjDLS/J97LNVbAtn2P0/uHx1OHe8HpRrp6fq1mUt11/sc0WdPG+ug1QQ0LtN86f
dK2mpjtrOuEsZYUL9hQUusSNI0zD9CUQB4wjoyv56YJmbEGVE2MJz20uCNr80/95
OAed1pnPZ95cbZNT/6A8e2KNS4EGnzLeFRyN3RzOuo0nmVdg0/ZP2479xtJeFfMT
dUcHxw2A2aaZAvcTAoHBAMsrLMCgT0skDJ/5/ar3f44Pkciibn455qzQ+Gx4vG9x
yCxpv70x4QT6NJz6Aht8JZWl81YlUY21S2JEiAPV3YIfTSrMKLlpvr7fCXz/ghje
4O2Cv3zGHQN6GUidXVR4cjJgx4cjcTcLaRk+e2N+0exAkV4UsDRS8OqBDZTqDwBQ
ntOJIUjNyx1Vqe1o/nxsN21EDF5Ya6K/tgEJsObEWfAStlJxm+ELaqk+29PPsmRD
O2FW8SWubrzhQCndGMYUig==
-----END PRIVATE KEY-----

BIN
certs/rsapss/server-3072-rsapss.der Normal file
View File

Binary file not shown.

238
certs/rsapss/server-3072-rsapss.pem Normal file
View File

@ -0,0 +1,238 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: rsassaPss
Hash Algorithm: sha384
Mask Algorithm: mgf1 with sha384
Salt Length: 0x014E
Trailer Field: 0xBC (default)
Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSAPSS, OU = CA-RSAPSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
Validity
Not Before: Jul 25 02:27:55 2022 GMT
Not After : Apr 20 02:27:55 2025 GMT
Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSAPSS, OU = Server-RSAPSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
Subject Public Key Info:
Public Key Algorithm: rsassaPss
RSA-PSS Public-Key: (3072 bit)
Modulus:
00:be:84:78:d3:6b:7d:b2:ae:51:88:68:6a:33:f1:
f9:c5:1a:6f:97:71:94:22:f4:c2:f0:49:88:2b:a4:
4d:15:6f:db:cc:d4:c6:6f:75:a6:e2:22:06:af:91:
26:4e:a0:2d:97:17:95:0b:40:1a:75:23:9b:b1:e0:
d7:5d:cc:0d:5f:09:9e:c9:b7:3d:f8:e5:62:bb:34:
75:99:0c:e6:da:7d:95:40:ee:5f:27:76:f9:ca:d6:
0d:1e:a7:06:9f:c5:75:57:96:44:b9:73:f4:de:aa:
a9:af:be:4b:98:f3:6c:c8:da:d9:a2:26:35:21:40:
e7:67:4b:e2:d9:c4:4f:b8:96:54:17:59:d8:ca:af:
b1:56:47:be:15:5b:05:d3:29:cc:ec:2b:99:fa:13:
1a:2a:d0:61:d1:41:c2:27:5d:d9:a7:f2:29:28:eb:
fb:e5:89:c5:01:83:88:1d:dc:70:1a:8f:2f:3b:e5:
34:e8:5b:ef:ed:76:5f:8a:51:ea:2d:92:c2:e6:86:
6d:6a:92:93:c3:6d:04:c5:95:68:07:fe:9a:32:d9:
38:c8:06:eb:33:92:b9:0b:ce:2e:c3:6b:6a:a2:41:
6a:ce:09:e7:4a:90:a8:2f:59:0e:76:dc:4f:b8:86:
d0:4b:95:e6:1b:e4:c6:59:26:ef:1c:00:4e:ce:fb:
cf:63:05:7e:a6:d4:09:39:fe:d3:79:49:f2:6a:6a:
1a:17:cb:13:a5:3d:d9:fa:b0:a4:5f:18:e8:e5:5c:
4b:38:d5:d8:b8:76:35:a0:0b:e1:98:b9:58:c3:88:
e5:f8:4a:e6:d0:84:a3:5e:4d:85:c9:d6:7f:9d:9f:
35:28:66:56:04:25:cc:1b:4c:f7:e3:cb:39:be:e0:
5f:a8:93:bd:a1:0b:cd:63:e0:16:07:af:40:0b:cb:
6e:3f:81:0c:cd:80:bf:13:f1:92:57:a1:48:17:d2:
29:b0:5a:a2:d5:42:84:c8:6c:09:31:c6:05:92:dd:
a3:f7:56:ed:e7:5f:29:88:eb:4b
Exponent: 65537 (0x10001)
No PSS parameter restrictions
X509v3 extensions:
X509v3 Subject Key Identifier:
C8:F1:E9:1E:60:01:C8:23:CC:D7:98:B3:BB:65:7A:32:C4:4B:93:39
X509v3 Authority Key Identifier:
keyid:F8:42:CC:88:C9:C8:18:F9:D3:B0:24:65:06:4C:FF:55:AB:BF:0E:7F
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Key Usage: critical
Digital Signature, Key Encipherment, Key Agreement
X509v3 Extended Key Usage:
TLS Web Server Authentication
Netscape Cert Type:
SSL Server
Signature Algorithm: rsassaPss
Hash Algorithm: sha384
Mask Algorithm: mgf1 with sha384
Salt Length: 0x014E
Trailer Field: 0xBC (default)
68:61:62:4c:67:79:5d:4d:fd:95:14:51:37:f0:d5:d5:b6:f0:
c6:48:cb:23:3c:4c:b6:38:00:63:4d:0e:6a:f6:d0:ba:54:3d:
40:a4:aa:5b:01:f6:57:c1:13:12:e1:5b:4e:59:21:f7:09:90:
93:36:ab:44:54:59:f5:f0:da:3a:aa:41:f2:00:a4:fa:3d:8d:
92:bf:74:84:a2:93:c8:70:d9:5a:2a:ab:47:a9:18:fb:f9:51:
35:96:89:23:18:7b:a6:ae:1c:88:df:cd:68:ca:3c:8b:03:b2:
b0:c6:6f:9e:1f:fd:00:98:24:72:3b:6a:67:62:ef:28:4a:71:
6e:b2:53:1c:0b:7c:48:ef:78:6c:73:5d:03:71:44:ac:5c:5e:
a2:75:fd:0b:e4:cc:8c:af:1e:42:9c:b7:d4:02:f4:8e:ad:56:
77:fe:d0:1b:92:4d:35:ce:3e:bb:e0:43:98:e8:dc:71:e9:fb:
e1:26:17:5c:e1:f2:57:74:45:21:90:42:c1:b0:38:59:7f:0c:
6a:6e:94:7b:30:a1:fd:10:e0:9b:53:0f:05:19:2d:f6:9a:a3:
95:f4:52:54:c9:e2:fc:99:0e:64:56:29:31:d2:35:dd:01:b0:
34:c8:d6:16:40:1a:58:58:62:c1:e4:d8:ee:8e:1d:b2:b7:c9:
68:07:a5:91:a0:a8:18:c7:5f:80:c6:81:fb:7a:10:17:a8:a5:
9e:67:d2:ac:31:69:94:ab:36:6f:f6:35:05:c3:80:f3:3e:5f:
5c:29:d1:13:43:88:1e:79:ac:3d:d3:e0:3d:44:c4:da:c7:1e:
ab:f1:86:07:98:cf:b8:99:5d:6b:7c:3f:c2:c1:ff:1c:b1:8d:
90:02:45:62:c4:7c:ca:6a:fb:4c:48:bc:73:ad:04:ad:62:87:
1e:b3:c4:76:a6:a1:27:3d:f5:2a:ca:8e:c0:73:96:08:3c:db:
f7:36:a6:57:a4:98:47:58:cd:56:0e:cd:fc:63:84:b9:df:2f:
47:bb:8b:0d:7c:54
-----BEGIN CERTIFICATE-----
MIIFzzCCBAagAwIBAgIBATA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCAqEa
MBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiBAICAU4wgbIxCzAJBgNVBAYTAlVT
MRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRcwFQYDVQQKDA53
b2xmU1NMX1JTQVBTUzESMBAGA1UECwwJQ0EtUlNBUFNTMRgwFgYDVQQDDA93d3cu
d29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20xFzAV
BgoJkiaJk/IsZAEBDAd3b2xmU1NMMB4XDTIyMDcyNTAyMjc1NVoXDTI1MDQyMDAy
Mjc1NVowgbYxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQH
DAdCb3plbWFuMRcwFQYDVQQKDA53b2xmU1NMX1JTQVBTUzEWMBQGA1UECwwNU2Vy
dmVyLVJTQVBTUzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcN
AQkBFhBpbmZvQHdvbGZzc2wuY29tMRcwFQYKCZImiZPyLGQBAQwHd29sZlNTTDCC
AaAwCwYJKoZIhvcNAQEKA4IBjwAwggGKAoIBgQC+hHjTa32yrlGIaGoz8fnFGm+X
cZQi9MLwSYgrpE0Vb9vM1MZvdabiIgavkSZOoC2XF5ULQBp1I5ux4NddzA1fCZ7J
tz345WK7NHWZDObafZVA7l8ndvnK1g0epwafxXVXlkS5c/TeqqmvvkuY82zI2tmi
JjUhQOdnS+LZxE+4llQXWdjKr7FWR74VWwXTKczsK5n6Exoq0GHRQcInXdmn8iko
6/vlicUBg4gd3HAajy875TToW+/tdl+KUeotksLmhm1qkpPDbQTFlWgH/poy2TjI
BuszkrkLzi7Da2qiQWrOCedKkKgvWQ523E+4htBLleYb5MZZJu8cAE7O+89jBX6m
1Ak5/tN5SfJqahoXyxOlPdn6sKRfGOjlXEs41di4djWgC+GYuVjDiOX4SubQhKNe
TYXJ1n+dnzUoZlYEJcwbTPfjyzm+4F+ok72hC81j4BYHr0ALy24/gQzNgL8T8ZJX
oUgX0imwWqLVQoTIbAkxxgWS3aP3Vu3nXymI60sCAwEAAaOBiTCBhjAdBgNVHQ4E
FgQUyPHpHmAByCPM15izu2V6MsRLkzkwHwYDVR0jBBgwFoAU+ELMiMnIGPnTsCRl
Bkz/Vau/Dn8wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCA6gwEwYDVR0lBAww
CgYIKwYBBQUHAwEwEQYJYIZIAYb4QgEBBAQDAgZAMD4GCSqGSIb3DQEBCjAxoA0w
CwYJYIZIAWUDBAICoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAqIEAgIBTgOC
AYEAaGFiTGd5XU39lRRRN/DV1bbwxkjLIzxMtjgAY00OavbQulQ9QKSqWwH2V8ET
EuFbTlkh9wmQkzarRFRZ9fDaOqpB8gCk+j2Nkr90hKKTyHDZWiqrR6kY+/lRNZaJ
Ixh7pq4ciN/NaMo8iwOysMZvnh/9AJgkcjtqZ2LvKEpxbrJTHAt8SO94bHNdA3FE
rFxeonX9C+TMjK8eQpy31AL0jq1Wd/7QG5JNNc4+u+BDmOjccen74SYXXOHyV3RF
IZBCwbA4WX8Mam6UezCh/RDgm1MPBRkt9pqjlfRSVMni/JkOZFYpMdI13QGwNMjW
FkAaWFhiweTY7o4dsrfJaAelkaCoGMdfgMaB+3oQF6ilnmfSrDFplKs2b/Y1BcOA
8z5fXCnRE0OIHnmsPdPgPUTE2sceq/GGB5jPuJlda3w/wsH/HLGNkAJFYsR8ymr7
TEi8c60ErWKHHrPEdqahJz31KsqOwHOWCDzb9zamV6SYR1jNVg7N/GOEud8vR7uL
DXxU
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: rsassaPss
Hash Algorithm: sha384
Mask Algorithm: mgf1 with sha384
Salt Length: 0x014E
Trailer Field: 0xBC (default)
Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSA-PSS, OU = Root-RSA-PSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
Validity
Not Before: Jul 25 02:27:55 2022 GMT
Not After : Apr 20 02:27:55 2025 GMT
Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSAPSS, OU = CA-RSAPSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
Subject Public Key Info:
Public Key Algorithm: rsassaPss
RSA-PSS Public-Key: (3072 bit)
Modulus:
00:c8:2a:40:c8:eb:ae:7c:18:33:cb:38:51:e6:b7:
7b:11:4f:cd:ea:35:87:64:d9:b2:ca:cf:4b:21:c4:
86:2a:c7:a3:6f:15:3e:1e:c4:9b:03:81:4b:3a:5d:
53:62:11:e2:08:df:97:4d:37:3d:78:62:50:40:31:
2a:70:44:1a:6d:69:49:fc:77:b8:f2:42:09:86:9a:
5d:39:cd:84:7b:32:8a:3b:b0:4f:bf:3d:d4:05:7e:
c0:aa:28:a5:ce:b1:28:3a:59:d9:19:10:3a:d4:1f:
91:07:07:73:50:a4:2b:d8:18:1f:22:f8:f4:64:3f:
13:a0:d8:60:7e:53:4c:3b:97:70:bc:36:e5:be:31:
97:45:55:ed:a2:5b:87:b5:1b:8e:65:3d:b7:15:08:
d1:12:1a:aa:ec:4e:56:35:70:a7:3e:50:65:f7:3e:
30:9c:32:db:b2:24:7b:87:02:29:27:12:35:ad:8e:
c3:02:22:13:c2:6e:53:45:f0:16:21:81:e5:d5:b5:
91:60:8b:d7:5c:bb:c2:70:06:f6:50:41:45:36:7f:
41:44:89:b6:97:23:be:76:d7:7c:72:7f:ea:f4:19:
10:17:c3:df:8f:cd:97:20:04:cb:1d:03:6b:09:8f:
d7:7b:84:7d:22:c5:e2:10:cb:cc:11:aa:a1:f5:66:
85:0e:35:5a:8c:c3:89:61:29:d0:5c:53:2f:09:4b:
91:7e:ce:e0:12:d3:ce:eb:c9:50:3c:36:f0:a6:b4:
fb:b5:c2:de:61:a0:ac:6f:bc:7e:ef:53:08:9f:b1:
18:ad:5b:e3:01:23:de:11:a5:1f:7d:d5:b6:f4:72:
1d:53:75:66:8c:db:61:1e:e9:eb:3c:f3:49:69:82:
b6:20:6b:29:03:a1:be:55:e4:4c:f8:25:a7:a8:a3:
e3:3f:32:1f:ae:a7:2a:9b:6b:56:dd:c9:5a:b1:1a:
01:a0:13:d2:8e:9a:2c:db:7e:fd:5b:0e:2e:ef:92:
69:ce:f2:de:ef:d0:2f:09:0e:67
Exponent: 65537 (0x10001)
No PSS parameter restrictions
X509v3 extensions:
X509v3 Subject Key Identifier:
F8:42:CC:88:C9:C8:18:F9:D3:B0:24:65:06:4C:FF:55:AB:BF:0E:7F
X509v3 Authority Key Identifier:
keyid:AA:71:D3:B1:8A:4B:BB:47:15:47:5F:9B:D0:2B:69:D1:6F:85:5E:F6
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage: critical
Digital Signature, Certificate Sign, CRL Sign
Signature Algorithm: rsassaPss
Hash Algorithm: sha384
Mask Algorithm: mgf1 with sha384
Salt Length: 0x014E
Trailer Field: 0xBC (default)
39:a8:ef:b1:66:08:50:0b:5e:cb:b2:29:8c:9b:b1:be:21:44:
d6:d8:97:1d:45:dc:52:70:f1:de:ac:74:65:03:6b:af:a0:f0:
21:61:ce:23:39:33:c8:cb:1e:8f:77:12:1e:5b:99:0c:e1:1b:
75:cf:1d:d7:12:86:cc:fc:86:90:0f:45:ea:8b:08:47:08:ac:
56:44:31:f2:c9:23:6b:d5:30:ca:5f:49:b0:4b:8b:36:bd:5c:
92:fa:86:34:57:80:30:93:29:59:19:a4:dd:f9:91:26:8a:49:
b4:ee:93:aa:e1:b2:06:f6:2f:2a:d9:5b:6d:f9:7c:04:4f:1c:
7a:cc:8e:39:c2:98:3a:bd:b9:a2:24:82:8f:e4:d8:80:47:73:
84:6e:bc:20:5c:ac:79:72:a7:6f:e3:c8:3a:9c:cc:83:b1:1f:
e2:65:3b:a1:f5:86:1a:33:53:bc:05:ba:6a:b1:bc:a7:b4:c1:
44:8c:0a:cc:c2:15:da:c1:dd:dc:31:91:46:5b:48:d8:ea:03:
78:e1:1f:ce:79:19:c8:6e:d6:3f:4c:f5:3b:b3:e7:2e:b7:46:
0c:58:cd:ca:56:a6:88:fb:fd:12:d1:27:80:5a:a2:51:96:f8:
4c:65:8d:71:0b:84:ca:94:f9:9f:c9:38:62:a3:64:cd:91:44:
50:ed:bb:c0:1d:9b:b8:a4:57:b1:7a:2e:44:57:a5:15:ba:cc:
b3:62:f5:46:aa:cd:fb:53:d3:ed:ef:e3:f4:b2:9b:3f:29:d0:
00:8c:19:61:48:b6:da:74:27:05:69:7b:df:04:0e:e2:f1:0f:
1a:fa:92:70:79:78:86:52:60:e1:4d:4e:66:14:ba:86:e2:4e:
dd:e0:d0:f3:c0:2d:6d:3a:16:00:1d:c6:9c:27:6f:a6:5f:21:
4c:e4:82:14:95:d1:a7:4a:15:13:ba:d8:65:ad:34:a2:93:3a:
d1:49:12:4d:f2:97:f3:e2:8a:83:d2:bf:84:84:c6:87:70:c9:
38:e0:5f:fe:7f:38
-----BEGIN CERTIFICATE-----
MIIFjzCCA8agAwIBAgIBATA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCAqEa
MBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiBAICAU4wgZ0xCzAJBgNVBAYTAlVT
MRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRgwFgYDVQQKDA93
b2xmU1NMX1JTQS1QU1MxFTATBgNVBAsMDFJvb3QtUlNBLVBTUzEYMBYGA1UEAwwP
d3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29t
MB4XDTIyMDcyNTAyMjc1NVoXDTI1MDQyMDAyMjc1NVowgbIxCzAJBgNVBAYTAlVT
MRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRcwFQYDVQQKDA53
b2xmU1NMX1JTQVBTUzESMBAGA1UECwwJQ0EtUlNBUFNTMRgwFgYDVQQDDA93d3cu
d29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20xFzAV
BgoJkiaJk/IsZAEBDAd3b2xmU1NMMIIBoDALBgkqhkiG9w0BAQoDggGPADCCAYoC
ggGBAMgqQMjrrnwYM8s4Uea3exFPzeo1h2TZssrPSyHEhirHo28VPh7EmwOBSzpd
U2IR4gjfl003PXhiUEAxKnBEGm1pSfx3uPJCCYaaXTnNhHsyijuwT7891AV+wKoo
pc6xKDpZ2RkQOtQfkQcHc1CkK9gYHyL49GQ/E6DYYH5TTDuXcLw25b4xl0VV7aJb
h7UbjmU9txUI0RIaquxOVjVwpz5QZfc+MJwy27Ike4cCKScSNa2OwwIiE8JuU0Xw
FiGB5dW1kWCL11y7wnAG9lBBRTZ/QUSJtpcjvnbXfHJ/6vQZEBfD34/NlyAEyx0D
awmP13uEfSLF4hDLzBGqofVmhQ41WozDiWEp0FxTLwlLkX7O4BLTzuvJUDw28Ka0
+7XC3mGgrG+8fu9TCJ+xGK1b4wEj3hGlH33VtvRyHVN1ZozbYR7p6zzzSWmCtiBr
KQOhvlXkTPglp6ij4z8yH66nKptrVt3JWrEaAaAT0o6aLNt+/VsOLu+Sac7y3u/Q
LwkOZwIDAQABo2MwYTAdBgNVHQ4EFgQU+ELMiMnIGPnTsCRlBkz/Vau/Dn8wHwYD
VR0jBBgwFoAUqnHTsYpLu0cVR1+b0Ctp0W+FXvYwDwYDVR0TAQH/BAUwAwEB/zAO
BgNVHQ8BAf8EBAMCAYYwPgYJKoZIhvcNAQEKMDGgDTALBglghkgBZQMEAgKhGjAY
BgkqhkiG9w0BAQgwCwYJYIZIAWUDBAICogQCAgFOA4IBgQA5qO+xZghQC17LsimM
m7G+IUTW2JcdRdxScPHerHRlA2uvoPAhYc4jOTPIyx6PdxIeW5kM4Rt1zx3XEobM
/IaQD0XqiwhHCKxWRDHyySNr1TDKX0mwS4s2vVyS+oY0V4AwkylZGaTd+ZEmikm0
7pOq4bIG9i8q2Vtt+XwETxx6zI45wpg6vbmiJIKP5NiAR3OEbrwgXKx5cqdv48g6
nMyDsR/iZTuh9YYaM1O8BbpqsbyntMFEjArMwhXawd3cMZFGW0jY6gN44R/OeRnI
btY/TPU7s+cut0YMWM3KVqaI+/0S0SeAWqJRlvhMZY1xC4TKlPmfyThio2TNkURQ
7bvAHZu4pFexei5EV6UVusyzYvVGqs37U9Pt7+P0sps/KdAAjBlhSLbadCcFaXvf
BA7i8Q8a+pJweXiGUmDhTU5mFLqG4k7d4NDzwC1tOhYAHcacJ2+mXyFM5IIUldGn
ShUTuthlrTSikzrRSRJN8pfz4oqD0r+EhMaHcMk44F/+fzg=
-----END CERTIFICATE-----

106
certs/rsapss/server-rsapss-cert.pem Normal file
View File

@ -0,0 +1,106 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: rsassaPss
Hash Algorithm: sha256
Mask Algorithm: mgf1 with sha256
Salt Length: 0x20
Trailer Field: 0xBC (default)
Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSAPSS, OU = CA-RSAPSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
Validity
Not Before: Jul 25 02:27:55 2022 GMT
Not After : Apr 20 02:27:55 2025 GMT
Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSAPSS, OU = Server-RSAPSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
Subject Public Key Info:
Public Key Algorithm: rsassaPss
RSA-PSS Public-Key: (2048 bit)
Modulus:
00:d7:f7:6c:e1:02:89:cc:9b:74:10:f3:ec:01:cb:
89:ce:ef:f6:29:62:fc:75:3f:6a:99:ba:d6:88:ec:
ae:b3:20:33:44:d2:06:d7:99:21:bb:f3:40:ce:30:
b0:e1:90:4c:5b:58:75:54:1d:a2:dd:bc:63:01:48:
43:3b:22:7a:78:2a:65:5b:d8:11:5f:9b:7b:db:21:
1c:bc:f4:a5:ad:3e:d6:07:41:da:04:1f:ea:78:ec:
57:f3:53:fd:49:2b:5e:0e:34:02:3b:5e:3e:5f:dc:
63:da:d4:68:26:1a:61:c9:25:d7:53:16:e7:fb:c0:
a5:2d:59:36:7b:e9:c7:42:cb:9b:15:81:fd:d4:0f:
c5:b7:c6:49:c0:45:77:ea:5b:ac:ca:1e:a5:9c:c1:
86:1b:f2:9e:ed:66:a0:d1:3b:b6:6f:02:54:69:30:
0d:ba:55:01:18:c0:5f:7d:b2:ee:a6:bd:89:84:fc:
e8:36:e4:bb:d3:b4:9e:dd:b3:a6:80:32:12:37:30:
8e:0a:89:54:c5:eb:4b:1c:85:02:2b:f8:26:63:c4:
23:f8:59:35:18:0e:28:cf:5d:07:49:d8:cc:60:4d:
3b:fb:27:24:f0:d6:46:0f:c5:5b:16:a5:94:8a:69:
1a:34:62:cd:e0:32:32:55:b9:16:65:50:11:8b:5e:
36:83
Exponent: 65537 (0x10001)
PSS parameter restrictions:
Hash Algorithm: sha256
Mask Algorithm: mgf1 with sha256
Minimum Salt Length: 0x20
Trailer Field: 0xBC (default)
X509v3 extensions:
X509v3 Subject Key Identifier:
2D:07:69:B0:A1:6F:9F:0C:FA:25:05:B2:CA:97:08:44:DF:0E:97:A8
X509v3 Authority Key Identifier:
keyid:9E:0C:E0:D3:DF:B6:4B:F3:19:63:5C:CA:6C:93:86:A2:14:53:91:31
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Key Usage: critical
Digital Signature, Key Encipherment, Key Agreement
X509v3 Extended Key Usage:
TLS Web Server Authentication
Netscape Cert Type:
SSL Server
Signature Algorithm: rsassaPss
Hash Algorithm: sha256
Mask Algorithm: mgf1 with sha256
Salt Length: 0x20
Trailer Field: 0xBC (default)
be:97:50:2b:be:31:97:8f:92:ed:52:c6:86:b7:12:3c:08:c2:
97:40:2d:58:51:1d:4b:c4:66:1f:9b:ca:06:66:14:7d:ba:c6:
16:7d:18:fb:28:3c:5a:b0:b1:e7:dd:6e:6f:1e:18:74:8c:9b:
71:b3:4a:94:26:bf:14:00:ab:1c:0b:a0:ae:91:7c:71:9c:25:
c5:9a:2d:8a:a3:39:2a:3c:fa:e5:66:ea:9a:16:85:4c:5e:f4:
03:0b:59:1d:13:08:76:22:f0:de:8c:1c:d4:67:01:fc:a4:cd:
12:1a:73:1d:67:b0:df:7a:53:68:80:04:a9:37:aa:3f:30:ac:
ee:58:c9:d9:ba:78:00:ff:72:0f:d9:98:62:8e:e6:16:37:fb:
86:35:b6:20:9e:30:72:39:a6:c8:68:07:83:1c:ad:86:fb:1a:
67:39:18:2a:99:1f:1f:36:94:72:a2:af:a5:fc:ca:1d:16:cf:
55:b5:86:30:dc:fd:8b:d1:db:38:28:20:fc:64:4b:71:d4:91:
0a:dc:b9:00:f7:9c:af:99:e4:b6:2b:b7:f3:76:81:92:8b:0f:
f7:4a:7a:15:2f:48:5c:a4:59:57:55:ab:9e:9e:fc:81:b4:64:
4b:8e:37:b7:00:c9:54:a5:ea:f6:b9:9c:2b:60:12:7d:f5:29:
41:07:5a:a3
-----BEGIN CERTIFICATE-----
MIIE/zCCA7egAwIBAgIBATA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAaEa
MBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiAwIBIDCBsjELMAkGA1UEBhMCVVMx
EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFzAVBgNVBAoMDndv
bGZTU0xfUlNBUFNTMRIwEAYDVQQLDAlDQS1SU0FQU1MxGDAWBgNVBAMMD3d3dy53
b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTEXMBUG
CgmSJomT8ixkAQEMB3dvbGZTU0wwHhcNMjIwNzI1MDIyNzU1WhcNMjUwNDIwMDIy
NzU1WjCBtjELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcM
B0JvemVtYW4xFzAVBgNVBAoMDndvbGZTU0xfUlNBUFNTMRYwFAYDVQQLDA1TZXJ2
ZXItUlNBUFNTMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0B
CQEWEGluZm9Ad29sZnNzbC5jb20xFzAVBgoJkiaJk/IsZAEBDAd3b2xmU1NMMIIB
UjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAaEaMBgGCSqGSIb3DQEBCDAL
BglghkgBZQMEAgGiAwIBIAOCAQ8AMIIBCgKCAQEA1/ds4QKJzJt0EPPsAcuJzu/2
KWL8dT9qmbrWiOyusyAzRNIG15khu/NAzjCw4ZBMW1h1VB2i3bxjAUhDOyJ6eCpl
W9gRX5t72yEcvPSlrT7WB0HaBB/qeOxX81P9SSteDjQCO14+X9xj2tRoJhphySXX
Uxbn+8ClLVk2e+nHQsubFYH91A/Ft8ZJwEV36lusyh6lnMGGG/Ke7Wag0Tu2bwJU
aTANulUBGMBffbLupr2JhPzoNuS707Se3bOmgDISNzCOColUxetLHIUCK/gmY8Qj
+Fk1GA4oz10HSdjMYE07+yck8NZGD8VbFqWUimkaNGLN4DIyVbkWZVARi142gwID
AQABo4GJMIGGMB0GA1UdDgQWBBQtB2mwoW+fDPolBbLKlwhE3w6XqDAfBgNVHSME
GDAWgBSeDODT37ZL8xljXMpsk4aiFFORMTAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB
/wQEAwIDqDATBgNVHSUEDDAKBggrBgEFBQcDATARBglghkgBhvhCAQEEBAMCBkAw
PQYJKoZIhvcNAQEKMDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJ
YIZIAWUDBAIBogMCASADggEBAL6XUCu+MZePku1Sxoa3EjwIwpdALVhRHUvEZh+b
ygZmFH26xhZ9GPsoPFqwsefdbm8eGHSMm3GzSpQmvxQAqxwLoK6RfHGcJcWaLYqj
OSo8+uVm6poWhUxe9AMLWR0TCHYi8N6MHNRnAfykzRIacx1nsN96U2iABKk3qj8w
rO5Yydm6eAD/cg/ZmGKO5hY3+4Y1tiCeMHI5pshoB4McrYb7Gmc5GCqZHx82lHKi
r6X8yh0Wz1W1hjDc/YvR2zgoIPxkS3HUkQrcuQD3nK+Z5LYrt/N2gZKLD/dKehUv
SFykWVdVq56e/IG0ZEuON7cAyVSl6va5nCtgEn31KUEHWqM=
-----END CERTIFICATE-----

BIN
certs/rsapss/server-rsapss-key.der Normal file
View File

Binary file not shown.

10
certs/rsapss/server-rsapss-key.pem Normal file
View File

@ -0,0 +1,10 @@
-----BEGIN PUBLIC KEY-----
MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAaEaMBgGCSqGSIb3DQEB
CDALBglghkgBZQMEAgGiAwIBIAOCAQ8AMIIBCgKCAQEA1/ds4QKJzJt0EPPsAcuJ
zu/2KWL8dT9qmbrWiOyusyAzRNIG15khu/NAzjCw4ZBMW1h1VB2i3bxjAUhDOyJ6
eCplW9gRX5t72yEcvPSlrT7WB0HaBB/qeOxX81P9SSteDjQCO14+X9xj2tRoJhph
ySXXUxbn+8ClLVk2e+nHQsubFYH91A/Ft8ZJwEV36lusyh6lnMGGG/Ke7Wag0Tu2
bwJUaTANulUBGMBffbLupr2JhPzoNuS707Se3bOmgDISNzCOColUxetLHIUCK/gm
Y8Qj+Fk1GA4oz10HSdjMYE07+yck8NZGD8VbFqWUimkaNGLN4DIyVbkWZVARi142
gwIDAQAB
-----END PUBLIC KEY-----

BIN
certs/rsapss/server-rsapss-priv.der Normal file
View File

Binary file not shown.

29
certs/rsapss/server-rsapss-priv.pem Normal file
View File

@ -0,0 +1,29 @@
-----BEGIN PRIVATE KEY-----
MIIE7gIBADA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAaEaMBgGCSqGSIb3
DQEBCDALBglghkgBZQMEAgGiAwIBIASCBKgwggSkAgEAAoIBAQDX92zhAonMm3QQ
8+wBy4nO7/YpYvx1P2qZutaI7K6zIDNE0gbXmSG780DOMLDhkExbWHVUHaLdvGMB
SEM7Inp4KmVb2BFfm3vbIRy89KWtPtYHQdoEH+p47FfzU/1JK14ONAI7Xj5f3GPa
1GgmGmHJJddTFuf7wKUtWTZ76cdCy5sVgf3UD8W3xknARXfqW6zKHqWcwYYb8p7t
ZqDRO7ZvAlRpMA26VQEYwF99su6mvYmE/Og25LvTtJ7ds6aAMhI3MI4KiVTF60sc
hQIr+CZjxCP4WTUYDijPXQdJ2MxgTTv7JyTw1kYPxVsWpZSKaRo0Ys3gMjJVuRZl
UBGLXjaDAgMBAAECggEARZ4GxQnSbdh2s7hNjc6U39ZOnczA4PLOZDvsSDsznZ51
qGujtQAx9apWa6Eag7vGQXPkbncXNy8xIwquUXOt0uqnvdGK2C0A4gRshSS/+3bT
+4boxoebR9u4BkI+1cVbDm0JgyXAKZqbvcDWyeGbQAIoxSoPIgJZvKKTg6I6j3cH
KyVYARmQTWbfVcupY/BlFIw3kSpLU3EYPNjF4hBDiEMsp6CpgipIipY6W2HjWHp1
YS55S6meflkGnikjzXMcptQkaKA3uJmHgNviwZb1z8si5gvUsAA1TbnekVzSCt95
8aRGZfHFi39CAJ+SZPL+hOHLR1QnDvqFMm/UxKlMMQKBgQDvSlU0j9rt/xZXWF0F
ZfVzRrU6fCDhHhIUu7ujcIvsIl/rAdnDTHZN12vUPI08VtPI5oxNDly95q683rNm
d17YicbKQFRdxRjdG9RCM0JzIbBUzLlbprCEDixi8enyIGkjjxVwA8oEhquAo+if
GUimrwc+/BhAC8JnHvF2nCC+/QKBgQDnDCTrgYDaQSS0bXIjqNontoh2eifAbfYd
A3yqszsseJ0FNEf0KjTyKP0Kz5OYi5uLyi/RlvYj+d+m0qDupPauQEVZGIEb1NG/
9mwFxrcc9uMiyv0M5Zzh7QrIUX5oJwHGJzad8rFUl/KZCbTaDKdUFsRf+005Yd1t
2f//0jSDfwKBgQCq1HNd0fFnBTwq4S+Pggmn4WvSM/m5HSGlYZ0Egn2x95xohuqy
zWyMB+W4H/5ofEg33bd972nwPLa0qXyEA2ZXyox7qU9Rnjsw5wQyuquOzBc5guo1
bxwHOqMfhDsTG2ZT93tDe8EGWCop7VpN8tv1+3B927VoS7zep62UksOh9QKBgHPc
QydV6aeIwz83IuV+5ubDQesnloeInMIv3XQ8LJBAa30QmoR2JdbJdxrUvM7iMz4G
RbR0XznrM5wUQ19omcsHr77d6uBp+ESq7cB3xZtgssXfxMWS3vjsRVvugdT4uosD
XwAVk5c4Gw9jLq2par9gK1l2S2NbEA7mItnGL09BAoGBANvLVWSr7kXEsyH23OX1
XWbbpBK+OW1zzXsfglkpNkqaxI7OtOghhBOeQC4q/8xOInjNjp7fYpkquEawMobo
cyijj+IotP9pak1vk6tf31UkFtNyCJIM8UwUV/oiFTHFW2h6QOrSLgKnPbetWZH4
7UAAE0VzM7MI7XIdSObbjpr4
-----END PRIVATE KEY-----

BIN
certs/rsapss/server-rsapss.der Normal file
View File

Binary file not shown.

207
certs/rsapss/server-rsapss.pem Normal file
View File

@ -0,0 +1,207 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: rsassaPss
Hash Algorithm: sha256
Mask Algorithm: mgf1 with sha256
Salt Length: 0x20
Trailer Field: 0xBC (default)
Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSAPSS, OU = CA-RSAPSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
Validity
Not Before: Jul 25 02:27:55 2022 GMT
Not After : Apr 20 02:27:55 2025 GMT
Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSAPSS, OU = Server-RSAPSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
Subject Public Key Info:
Public Key Algorithm: rsassaPss
RSA-PSS Public-Key: (2048 bit)
Modulus:
00:d7:f7:6c:e1:02:89:cc:9b:74:10:f3:ec:01:cb:
89:ce:ef:f6:29:62:fc:75:3f:6a:99:ba:d6:88:ec:
ae:b3:20:33:44:d2:06:d7:99:21:bb:f3:40:ce:30:
b0:e1:90:4c:5b:58:75:54:1d:a2:dd:bc:63:01:48:
43:3b:22:7a:78:2a:65:5b:d8:11:5f:9b:7b:db:21:
1c:bc:f4:a5:ad:3e:d6:07:41:da:04:1f:ea:78:ec:
57:f3:53:fd:49:2b:5e:0e:34:02:3b:5e:3e:5f:dc:
63:da:d4:68:26:1a:61:c9:25:d7:53:16:e7:fb:c0:
a5:2d:59:36:7b:e9:c7:42:cb:9b:15:81:fd:d4:0f:
c5:b7:c6:49:c0:45:77:ea:5b:ac:ca:1e:a5:9c:c1:
86:1b:f2:9e:ed:66:a0:d1:3b:b6:6f:02:54:69:30:
0d:ba:55:01:18:c0:5f:7d:b2:ee:a6:bd:89:84:fc:
e8:36:e4:bb:d3:b4:9e:dd:b3:a6:80:32:12:37:30:
8e:0a:89:54:c5:eb:4b:1c:85:02:2b:f8:26:63:c4:
23:f8:59:35:18:0e:28:cf:5d:07:49:d8:cc:60:4d:
3b:fb:27:24:f0:d6:46:0f:c5:5b:16:a5:94:8a:69:
1a:34:62:cd:e0:32:32:55:b9:16:65:50:11:8b:5e:
36:83
Exponent: 65537 (0x10001)
PSS parameter restrictions:
Hash Algorithm: sha256
Mask Algorithm: mgf1 with sha256
Minimum Salt Length: 0x20
Trailer Field: 0xBC (default)
X509v3 extensions:
X509v3 Subject Key Identifier:
2D:07:69:B0:A1:6F:9F:0C:FA:25:05:B2:CA:97:08:44:DF:0E:97:A8
X509v3 Authority Key Identifier:
keyid:9E:0C:E0:D3:DF:B6:4B:F3:19:63:5C:CA:6C:93:86:A2:14:53:91:31
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Key Usage: critical
Digital Signature, Key Encipherment, Key Agreement
X509v3 Extended Key Usage:
TLS Web Server Authentication
Netscape Cert Type:
SSL Server
Signature Algorithm: rsassaPss
Hash Algorithm: sha256
Mask Algorithm: mgf1 with sha256
Salt Length: 0x20
Trailer Field: 0xBC (default)
be:97:50:2b:be:31:97:8f:92:ed:52:c6:86:b7:12:3c:08:c2:
97:40:2d:58:51:1d:4b:c4:66:1f:9b:ca:06:66:14:7d:ba:c6:
16:7d:18:fb:28:3c:5a:b0:b1:e7:dd:6e:6f:1e:18:74:8c:9b:
71:b3:4a:94:26:bf:14:00:ab:1c:0b:a0:ae:91:7c:71:9c:25:
c5:9a:2d:8a:a3:39:2a:3c:fa:e5:66:ea:9a:16:85:4c:5e:f4:
03:0b:59:1d:13:08:76:22:f0:de:8c:1c:d4:67:01:fc:a4:cd:
12:1a:73:1d:67:b0:df:7a:53:68:80:04:a9:37:aa:3f:30:ac:
ee:58:c9:d9:ba:78:00:ff:72:0f:d9:98:62:8e:e6:16:37:fb:
86:35:b6:20:9e:30:72:39:a6:c8:68:07:83:1c:ad:86:fb:1a:
67:39:18:2a:99:1f:1f:36:94:72:a2:af:a5:fc:ca:1d:16:cf:
55:b5:86:30:dc:fd:8b:d1:db:38:28:20:fc:64:4b:71:d4:91:
0a:dc:b9:00:f7:9c:af:99:e4:b6:2b:b7:f3:76:81:92:8b:0f:
f7:4a:7a:15:2f:48:5c:a4:59:57:55:ab:9e:9e:fc:81:b4:64:
4b:8e:37:b7:00:c9:54:a5:ea:f6:b9:9c:2b:60:12:7d:f5:29:
41:07:5a:a3
-----BEGIN CERTIFICATE-----
MIIE/zCCA7egAwIBAgIBATA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAaEa
MBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiAwIBIDCBsjELMAkGA1UEBhMCVVMx
EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFzAVBgNVBAoMDndv
bGZTU0xfUlNBUFNTMRIwEAYDVQQLDAlDQS1SU0FQU1MxGDAWBgNVBAMMD3d3dy53
b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTEXMBUG
CgmSJomT8ixkAQEMB3dvbGZTU0wwHhcNMjIwNzI1MDIyNzU1WhcNMjUwNDIwMDIy
NzU1WjCBtjELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcM
B0JvemVtYW4xFzAVBgNVBAoMDndvbGZTU0xfUlNBUFNTMRYwFAYDVQQLDA1TZXJ2
ZXItUlNBUFNTMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0B
CQEWEGluZm9Ad29sZnNzbC5jb20xFzAVBgoJkiaJk/IsZAEBDAd3b2xmU1NMMIIB
UjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAaEaMBgGCSqGSIb3DQEBCDAL
BglghkgBZQMEAgGiAwIBIAOCAQ8AMIIBCgKCAQEA1/ds4QKJzJt0EPPsAcuJzu/2
KWL8dT9qmbrWiOyusyAzRNIG15khu/NAzjCw4ZBMW1h1VB2i3bxjAUhDOyJ6eCpl
W9gRX5t72yEcvPSlrT7WB0HaBB/qeOxX81P9SSteDjQCO14+X9xj2tRoJhphySXX
Uxbn+8ClLVk2e+nHQsubFYH91A/Ft8ZJwEV36lusyh6lnMGGG/Ke7Wag0Tu2bwJU
aTANulUBGMBffbLupr2JhPzoNuS707Se3bOmgDISNzCOColUxetLHIUCK/gmY8Qj
+Fk1GA4oz10HSdjMYE07+yck8NZGD8VbFqWUimkaNGLN4DIyVbkWZVARi142gwID
AQABo4GJMIGGMB0GA1UdDgQWBBQtB2mwoW+fDPolBbLKlwhE3w6XqDAfBgNVHSME
GDAWgBSeDODT37ZL8xljXMpsk4aiFFORMTAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB
/wQEAwIDqDATBgNVHSUEDDAKBggrBgEFBQcDATARBglghkgBhvhCAQEEBAMCBkAw
PQYJKoZIhvcNAQEKMDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJ
YIZIAWUDBAIBogMCASADggEBAL6XUCu+MZePku1Sxoa3EjwIwpdALVhRHUvEZh+b
ygZmFH26xhZ9GPsoPFqwsefdbm8eGHSMm3GzSpQmvxQAqxwLoK6RfHGcJcWaLYqj
OSo8+uVm6poWhUxe9AMLWR0TCHYi8N6MHNRnAfykzRIacx1nsN96U2iABKk3qj8w
rO5Yydm6eAD/cg/ZmGKO5hY3+4Y1tiCeMHI5pshoB4McrYb7Gmc5GCqZHx82lHKi
r6X8yh0Wz1W1hjDc/YvR2zgoIPxkS3HUkQrcuQD3nK+Z5LYrt/N2gZKLD/dKehUv
SFykWVdVq56e/IG0ZEuON7cAyVSl6va5nCtgEn31KUEHWqM=
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: rsassaPss
Hash Algorithm: sha256
Mask Algorithm: mgf1 with sha256
Salt Length: 0x20
Trailer Field: 0xBC (default)
Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSA-PSS, OU = Root-RSA-PSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
Validity
Not Before: Jul 25 02:27:55 2022 GMT
Not After : Apr 20 02:27:55 2025 GMT
Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSAPSS, OU = CA-RSAPSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
Subject Public Key Info:
Public Key Algorithm: rsassaPss
RSA-PSS Public-Key: (2048 bit)
Modulus:
00:d6:0e:c7:50:4d:29:f5:a8:a2:d4:29:5b:58:f2:
bc:2d:27:de:88:49:1a:84:19:2b:84:8d:94:d1:78:
12:d6:7b:14:d8:d2:82:24:95:ab:fe:4f:55:fb:e0:
55:fc:39:37:7b:41:80:b4:98:6f:7f:c5:b7:3e:37:
f8:5f:1d:2f:12:31:88:f9:8b:3b:00:85:e6:36:a5:
17:3f:9a:a4:be:48:ff:7a:36:22:2c:23:d4:9f:5b:
52:d1:17:d1:c1:f2:69:19:d8:32:c5:f7:79:ec:83:
19:87:e3:13:a0:43:5e:b1:e9:03:ed:b4:08:cd:7b:
14:68:0f:25:4f:90:f0:04:a7:bb:08:89:08:dc:76:
4e:70:49:04:41:4d:bf:b7:7f:77:79:6a:ef:68:4b:
62:97:8e:33:91:32:2a:e3:63:15:47:f6:61:a4:26:
db:02:04:b6:57:c0:a7:f0:aa:ec:20:72:91:c3:32:
ab:98:7f:84:c6:e8:5f:d6:e0:1a:d2:24:b1:c7:50:
bb:73:87:de:2a:c3:e2:c4:60:32:b8:e4:5a:5b:b5:
e4:29:8c:8b:28:6b:bb:1a:dc:3c:fe:b9:ef:9e:89:
28:60:ba:a4:40:66:d5:bb:e0:62:7f:a7:2b:e1:0f:
38:e6:33:ea:b2:10:0e:14:c8:3f:87:9f:ff:8b:28:
cc:1d
Exponent: 65537 (0x10001)
PSS parameter restrictions:
Hash Algorithm: sha256
Mask Algorithm: mgf1 with sha256
Minimum Salt Length: 0x20
Trailer Field: 0xBC (default)
X509v3 extensions:
X509v3 Subject Key Identifier:
9E:0C:E0:D3:DF:B6:4B:F3:19:63:5C:CA:6C:93:86:A2:14:53:91:31
X509v3 Authority Key Identifier:
keyid:64:D5:EC:82:87:80:DE:5A:ED:49:98:D8:0C:54:7D:46:9E:A5:3C:D6
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage: critical
Digital Signature, Certificate Sign, CRL Sign
Signature Algorithm: rsassaPss
Hash Algorithm: sha256
Mask Algorithm: mgf1 with sha256
Salt Length: 0x20
Trailer Field: 0xBC (default)
32:66:7b:22:4b:80:fc:7a:81:5a:11:1d:1b:d8:a6:26:a9:38:
6f:f8:c5:cb:80:47:0c:08:cc:12:a4:7a:17:8e:d6:a5:a8:cb:
df:ea:b7:77:b4:df:e5:92:ba:7f:9b:a2:71:0d:7d:7a:36:29:
bd:03:7b:52:65:0d:79:ae:c3:ac:e8:a4:75:c6:28:c0:05:33:
51:f4:85:37:0e:9c:03:dc:51:3d:5d:55:88:17:da:b5:c5:b1:
91:a5:a9:40:91:07:a3:0c:17:75:f9:fa:52:43:94:21:40:24:
8c:31:f3:4a:5e:96:86:20:9b:37:87:a4:56:ac:4f:ac:e6:a6:
0c:05:cc:62:b2:0a:62:63:04:5f:dc:52:46:db:12:5e:16:2b:
62:00:fa:30:5f:04:33:28:0c:a6:6c:49:cb:35:ad:f4:d5:57:
cb:16:7c:f4:8c:99:22:e4:e1:f4:97:e4:df:b2:1f:62:8f:50:
2e:43:aa:cf:c7:86:ae:da:7f:b7:eb:16:cb:28:c2:bc:80:7b:
f2:7f:16:60:88:0e:49:aa:d3:2a:92:54:38:a4:09:be:79:e1:
1d:6f:b1:95:0c:02:f9:e7:f4:4b:b8:44:4a:e2:db:02:08:b3:
e6:79:d5:d0:bd:34:8f:cc:8e:19:28:48:07:7b:d0:b2:31:ba:
db:e2:e0:3f
-----BEGIN CERTIFICATE-----
MIIEvzCCA3egAwIBAgIBATA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAaEa
MBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiAwIBIDCBnTELMAkGA1UEBhMCVVMx
EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xGDAWBgNVBAoMD3dv
bGZTU0xfUlNBLVBTUzEVMBMGA1UECwwMUm9vdC1SU0EtUFNTMRgwFgYDVQQDDA93
d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20w
HhcNMjIwNzI1MDIyNzU1WhcNMjUwNDIwMDIyNzU1WjCBsjELMAkGA1UEBhMCVVMx
EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFzAVBgNVBAoMDndv
bGZTU0xfUlNBUFNTMRIwEAYDVQQLDAlDQS1SU0FQU1MxGDAWBgNVBAMMD3d3dy53
b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTEXMBUG
CgmSJomT8ixkAQEMB3dvbGZTU0wwggFSMD0GCSqGSIb3DQEBCjAwoA0wCwYJYIZI
AWUDBAIBoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAaIDAgEgA4IBDwAwggEK
AoIBAQDWDsdQTSn1qKLUKVtY8rwtJ96ISRqEGSuEjZTReBLWexTY0oIklav+T1X7
4FX8OTd7QYC0mG9/xbc+N/hfHS8SMYj5izsAheY2pRc/mqS+SP96NiIsI9SfW1LR
F9HB8mkZ2DLF93nsgxmH4xOgQ16x6QPttAjNexRoDyVPkPAEp7sIiQjcdk5wSQRB
Tb+3f3d5au9oS2KXjjORMirjYxVH9mGkJtsCBLZXwKfwquwgcpHDMquYf4TG6F/W
4BrSJLHHULtzh94qw+LEYDK45FpbteQpjIsoa7sa3Dz+ue+eiShguqRAZtW74GJ/
pyvhDzjmM+qyEA4UyD+Hn/+LKMwdAgMBAAGjYzBhMB0GA1UdDgQWBBSeDODT37ZL
8xljXMpsk4aiFFORMTAfBgNVHSMEGDAWgBRk1eyCh4DeWu1JmNgMVH1GnqU81jAP
BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjA9BgkqhkiG9w0BAQowMKAN
MAsGCWCGSAFlAwQCAaEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiAwIBIAOC
AQEAMmZ7IkuA/HqBWhEdG9imJqk4b/jFy4BHDAjMEqR6F47WpajL3+q3d7Tf5ZK6
f5uicQ19ejYpvQN7UmUNea7DrOikdcYowAUzUfSFNw6cA9xRPV1ViBfatcWxkaWp
QJEHowwXdfn6UkOUIUAkjDHzSl6WhiCbN4ekVqxPrOamDAXMYrIKYmMEX9xSRtsS
XhYrYgD6MF8EMygMpmxJyzWt9NVXyxZ89IyZIuTh9Jfk37IfYo9QLkOqz8eGrtp/
t+sWyyjCvIB78n8WYIgOSarTKpJUOKQJvnnhHW+xlQwC+ef0S7hESuLbAgiz5nnV
0L00j8yOGShIB3vQsjG62+LgPw==
-----END CERTIFICATE-----

2
configure.ac
View File

@ -3574,7 +3574,7 @@ else
fi
if test "$ENABLED_RSAPSS" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWC_RSA_PSS"
AM_CFLAGS="$AM_CFLAGS -DWC_RSA_PSS -DWOLFSSL_PSS_LONG_SALT"
fi

6
src/internal.c
View File

@ -12537,6 +12537,9 @@ static int ProcessPeerCertCheckKey(WOLFSSL* ssl, ProcPeerCertArgs* args)
switch (args->dCert->keyOID) {
#ifndef NO_RSA
#ifdef WC_RSA_PSS
case RSAPSSk:
#endif
case RSAk:
if (ssl->options.minRsaKeySz < 0 ||
args->dCert->pubKeySize <
@ -13612,6 +13615,9 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
/* decode peer key */
switch (args->dCert->keyOID) {
#ifndef NO_RSA
#ifdef WC_RSA_PSS
case RSAPSSk:
#endif
case RSAk:
{
word32 keyIdx = 0;

48
src/ssl.c
View File

@ -5113,7 +5113,10 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
/* check CA key size */
if (verify) {
switch (cert->keyOID) {
#ifndef NO_RSA
#ifndef NO_RSA
#ifdef WC_RSA_PSS
case RSAPSSk:
#endif
case RSAk:
if (cm->minRsaKeySz < 0 ||
cert->pubKeySize < (word16)cm->minRsaKeySz) {
@ -5121,7 +5124,7 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
WOLFSSL_MSG("\tCA RSA key size error");
}
break;
#endif /* !NO_RSA */
#endif /* !NO_RSA */
#ifdef HAVE_ECC
case ECDSAk:
if (cm->minEccKeySz < 0 ||
@ -6519,6 +6522,11 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
else if (cert->keyOID == RSAk) {
ssl->options.haveRSA = 1;
}
#ifdef WC_RSA_PSS
else if (cert->keyOID == RSAPSSk) {
ssl->options.haveRSA = 1;
}
#endif
#endif
#ifdef HAVE_ED25519
else if (cert->keyOID == ED25519k) {
@ -6552,6 +6560,11 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
else if (cert->keyOID == RSAk) {
ctx->haveRSA = 1;
}
#ifdef WC_RSA_PSS
else if (cert->keyOID == RSAPSSk) {
ctx->haveRSA = 1;
}
#endif
#endif
#ifdef HAVE_ED25519
else if (cert->keyOID == ED25519k) {
@ -6578,6 +6591,9 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
/* check key size of cert unless specified not to */
switch (cert->keyOID) {
#ifndef NO_RSA
#ifdef WC_RSA_PSS
case RSAPSSk:
#endif
case RSAk:
#ifdef WOLF_PRIVATE_KEY_ID
keyType = rsa_sa_algo;
@ -8405,6 +8421,11 @@ static int check_cert_key(DerBuffer* cert, DerBuffer* key, void* heap,
if (der->keyOID == RSAk) {
type = DYNAMIC_TYPE_RSA;
}
#ifdef WC_RSA_PSS
if (der->keyOID == RSAPSSk) {
type = DYNAMIC_TYPE_RSA;
}
#endif
#endif
#ifdef HAVE_ECC
if (der->keyOID == ECDSAk) {
@ -8417,7 +8438,11 @@ static int check_cert_key(DerBuffer* cert, DerBuffer* key, void* heap,
#ifdef WOLF_CRYPTO_CB
if (ret == 0) {
#ifndef NO_RSA
if (der->keyOID == RSAk) {
if (der->keyOID == RSAk
#ifdef WC_RSA_PSS
|| der->keyOID == RSAPSSk
#endif
) {
ret = wc_CryptoCb_RsaCheckPrivKey((RsaKey*)pkey,
der->publicKey, der->pubKeySize);
}
@ -8435,7 +8460,11 @@ static int check_cert_key(DerBuffer* cert, DerBuffer* key, void* heap,
#endif
if (pkey != NULL) {
#ifndef NO_RSA
if (der->keyOID == RSAk) {
if (der->keyOID == RSAk
#ifdef WC_RSA_PSS
|| der->keyOID == RSAPSSk
#endif
) {
wc_FreeRsaKey((RsaKey*)pkey);
}
#endif
@ -9195,7 +9224,11 @@ static WOLFSSL_EVP_PKEY* _d2i_PublicKey(int type, WOLFSSL_EVP_PKEY** out,
WOLFSSL_MSG("Found PKCS8 header");
pkcs8HeaderSz = (word16)idx;
if ((type == EVP_PKEY_RSA && algId != RSAk) ||
if ((type == EVP_PKEY_RSA && algId != RSAk
#ifdef WC_RSA_PSS
&& algId != RSAPSSk
#endif
) ||
(type == EVP_PKEY_EC && algId != ECDSAk) ||
(type == EVP_PKEY_DSA && algId != DSAk) ||
(type == EVP_PKEY_DH && algId != DHk)) {
@ -29465,9 +29498,14 @@ int wolfSSL_ASN1_STRING_canon(WOLFSSL_ASN1_STRING* asn_out,
/* Update the available options with public keys. */
switch (x->pubKeyOID) {
#ifndef NO_RSA
#ifdef WC_RSA_PSS
case RSAPSSk:
#endif
case RSAk:
ctx->haveRSA = 1;
break;
#endif
#ifdef HAVE_ED25519
case ED25519k:
#endif

80
tests/api.c
View File

@ -2378,6 +2378,62 @@ static int test_wolfSSL_FPKI(void)
return 0;
}
static int test_wolfSSL_CertRsaPss(void)
{
/* FIPS v2 and below don't support long salts. */
#if !defined(NO_RSA) && defined(WC_RSA_PSS) && !defined(NO_FILESYSTEM) && \
(!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \
(HAVE_FIPS_VERSION > 2))) && (!defined(HAVE_SELFTEST) || \
(defined(HAVE_SELFTEST_VERSION) && (HAVE_SELFTEST_VERSION > 2)))
XFILE f;
const char* rsaPssSha256Cert = "./certs/rsapss/ca-rsapss.der";
const char* rsaPssRootSha256Cert = "./certs/rsapss/root-rsapss.pem";
#ifdef WOLFSSL_SHA384
const char* rsaPssSha384Cert = "./certs/rsapss/ca-3072-rsapss.der";
const char* rsaPssRootSha384Cert = "./certs/rsapss/root-3072-rsapss.pem";
#endif
DecodedCert cert;
byte buf[4096];
int bytes;
WOLFSSL_CERT_MANAGER* cm;
printf(testingFmt, "test_CertRsaPss");
cm = wolfSSL_CertManagerNew();
AssertNotNull(cm);
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CertManagerLoadCA(cm, rsaPssRootSha256Cert, NULL));
#ifdef WOLFSSL_SHA384
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CertManagerLoadCA(cm, rsaPssRootSha384Cert, NULL));
#endif
f = XFOPEN(rsaPssSha256Cert, "rb");
AssertTrue((f != XBADFILE));
bytes = (int)XFREAD(buf, 1, sizeof(buf), f);
XFCLOSE(f);
wc_InitDecodedCert(&cert, buf, bytes, NULL);
AssertIntEQ(wc_ParseCert(&cert, CERT_TYPE, VERIFY, cm), 0);
wc_FreeDecodedCert(&cert);
#ifdef WOLFSSL_SHA384
f = XFOPEN(rsaPssSha384Cert, "rb");
AssertTrue((f != XBADFILE));
bytes = (int)XFREAD(buf, 1, sizeof(buf), f);
XFCLOSE(f);
wc_InitDecodedCert(&cert, buf, bytes, NULL);
AssertIntEQ(wc_ParseCert(&cert, CERT_TYPE, VERIFY, cm), 0);
wc_FreeDecodedCert(&cert);
#endif
wolfSSL_CertManagerFree(cm);
printf(resultFmt, passed);
#endif
return 0;
}
static int test_wolfSSL_CertManagerCRL(void)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && defined(HAVE_CRL) && \
@ -18523,6 +18579,12 @@ static int test_wc_RsaPublicKeyDecode(void)
int bytes = 0;
word32 keySz = 0;
word32 tstKeySz = 0;
#if defined(WC_RSA_PSS) && !defined(NO_FILESYSTEM)
XFILE f;
const char* rsaPssPubKey = "./certs/rsapss/ca-rsapss-key.der";
const char* rsaPssPubKeyNoParams = "./certs/rsapss/ca-3072-rsapss-key.der";
byte buf[4096];
#endif
tmp = (byte*)XMALLOC(GEN_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (tmp == NULL) {
@ -18592,6 +18654,23 @@ static int test_wc_RsaPublicKeyDecode(void)
ret = (ret == 0 && tstKeySz == keySz/8) ? 0 : WOLFSSL_FATAL_ERROR;
}
#if defined(WC_RSA_PSS) && !defined(NO_FILESYSTEM)
f = XFOPEN(rsaPssPubKey, "rb");
AssertTrue((f != XBADFILE));
bytes = (int)XFREAD(buf, 1, sizeof(buf), f);
XFCLOSE(f);
idx = 0;
AssertIntEQ(wc_RsaPublicKeyDecode_ex(buf, &idx, bytes, NULL, NULL, NULL,
NULL), 0);
f = XFOPEN(rsaPssPubKeyNoParams, "rb");
AssertTrue((f != XBADFILE));
bytes = (int)XFREAD(buf, 1, sizeof(buf), f);
XFCLOSE(f);
idx = 0;
AssertIntEQ(wc_RsaPublicKeyDecode_ex(buf, &idx, bytes, NULL, NULL, NULL,
NULL), 0);
#endif
if (tmp != NULL) {
XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
}
@ -57044,6 +57123,7 @@ TEST_CASE testCases[] = {
TEST_DECL(test_wolfSSL_CertManagerNameConstraint4),
TEST_DECL(test_wolfSSL_CertManagerNameConstraint5),
TEST_DECL(test_wolfSSL_FPKI),
TEST_DECL(test_wolfSSL_CertRsaPss),
TEST_DECL(test_wolfSSL_CertManagerCRL),
TEST_DECL(test_wolfSSL_CTX_load_verify_locations_ex),
TEST_DECL(test_wolfSSL_CTX_load_verify_buffer_ex),

1
tests/include.am
View File

@ -48,6 +48,7 @@ EXTRA_DIST += tests/unit.h \
tests/test-sctp.conf \
tests/test-sctp-sha2.conf \
tests/test-sig.conf \
tests/test-rsapss.conf \
tests/test-ed25519.conf \
tests/test-ed448.conf \
tests/test-enckeys.conf \

14
tests/suites.c
View File

@ -916,6 +916,20 @@ int SuiteTest(int argc, char** argv)
}
#endif
#endif
#if defined(WC_RSA_PSS) && (!defined(HAVE_FIPS) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))) && \
(!defined(HAVE_SELFTEST) || (defined(HAVE_SELFTEST_VERSION) && \
(HAVE_SELFTEST_VERSION > 2)))
/* add RSA-PSS certificate cipher suite tests */
XSTRLCPY(argv0[1], "tests/test-rsapss.conf", sizeof(argv0[1]));
printf("starting RSA-PSS extra cipher suite tests\n");
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
args.return_code = EXIT_FAILURE;
goto exit;
}
#endif
#if defined(HAVE_CURVE25519) && defined(HAVE_ED25519) && \
defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_VERIFY) && \
defined(HAVE_ED25519_KEY_IMPORT) && defined(HAVE_ED25519_KEY_EXPORT)

74
tests/test-rsapss.conf Normal file
View File

@ -0,0 +1,74 @@
# server TLSv1.2 - RSA PSS SHA256 MGF1 SHA256
-v 3
-l DHE-RSA-AES128-GCM-SHA256
-c ./certs/rsapss/server-rsapss.pem
-k ./certs/rsapss/server-rsapss-priv.pem
-d
# client TLSv1.2 - RSA PSS SHA256 MGF1 SHA256
-v 3
-l DHE-RSA-AES128-GCM-SHA256
-A ./certs/rsapss/root-rsapss.pem
-C
# server TLSv1.2 - RSA PSS SHA256 MGF1 SHA256
-v 3
-l DHE-RSA-AES128-GCM-SHA256
-c ./certs/rsapss/server-rsapss.pem
-k ./certs/rsapss/server-rsapss-priv.pem
-A ./certs/rsapss/client-rsapss.pem
-V
# client TLSv1.2 - RSA PSS SHA256 MGF1 SHA256
-v 3
-l DHE-RSA-AES128-GCM-SHA256
-c ./certs/rsapss/client-rsapss.pem
-k ./certs/rsapss/client-rsapss-priv.pem
-A ./certs/rsapss/root-rsapss.pem
-C
# server TLSv1.2 - RSA PSS SHA384 MGF1 SHA384
-v 3
-l DHE-RSA-AES256-GCM-SHA384
-c ./certs/rsapss/server-3072-rsapss.pem
-k ./certs/rsapss/server-3072-rsapss-priv.pem
-A ./certs/rsapss/client-3072-rsapss.pem
-V
# client TLSv1.2 - RSA PSS SHA384 MGF1 SHA384
-v 3
-l DHE-RSA-AES256-GCM-SHA384
-c ./certs/rsapss/client-3072-rsapss.pem
-k ./certs/rsapss/client-3072-rsapss-priv.pem
-A ./certs/rsapss/root-3072-rsapss.pem
-C
# server TLSv1.3 - RSA PSS SHA384 MGF1 SHA384
-v 4
-l TLS13-AES256-GCM-SHA384
-c ./certs/rsapss/server-rsapss.pem
-k ./certs/rsapss/server-rsapss-priv.pem
-d
# client TLSv1.3 - RSA PSS SHA384 MGF1 SHA384
-v 4
-l TLS13-AES256-GCM-SHA384
-A ./certs/rsapss/root-rsapss.pem
-C
# server TLSv1.3 - RSA PSS SHA384 MGF1 SHA384
-v 4
-l TLS13-AES256-GCM-SHA384
-c ./certs/rsapss/server-rsapss.pem
-k ./certs/rsapss/server-rsapss-priv.pem
-A ./certs/rsapss/client-rsapss.pem
-V
# client TLSv1.3 - RSA PSS SHA384 MGF1 SHA384
-v 4
-l TLS13-AES256-GCM-SHA384
-c ./certs/rsapss/client-rsapss.pem
-k ./certs/rsapss/client-rsapss-priv.pem
-A ./certs/rsapss/root-rsapss.pem
-C

990
wolfcrypt/src/asn.c
View File

File diff suppressed because it is too large Load Diff

9
wolfssl/wolfcrypt/asn.h
View File

@ -1052,7 +1052,6 @@ enum Hash_Sum {
SHAKE256h = 425
};
#if !defined(NO_DES3) || !defined(NO_AES)
enum Block_Sum {
#ifdef WOLFSSL_AES_128
@ -1081,6 +1080,7 @@ enum Block_Sum {
enum Key_Sum {
DSAk = 515,
RSAk = 645,
RSAPSSk = 654,
ECDSAk = 518,
ED25519k = 256, /* 1.3.101.112 */
X25519k = 254, /* 1.3.101.110 */
@ -1119,7 +1119,8 @@ enum Key_Agree {
enum KDF_Sum {
PBKDF2_OID = 660
PBKDF2_OID = 660,
MGF1_OID = 652,
};
@ -1549,6 +1550,10 @@ struct DecodedCert {
word32 sigLength; /* length of signature */
word32 signatureOID; /* sum of algorithm object id */
word32 keyOID; /* sum of key algo object id */
#ifdef WC_RSA_PSS
word32 sigParamsIndex; /* start of signature parameters */
word32 sigParamsLength; /* length of signature parameters */
#endif
int version; /* cert version, 1 or 3 */
DNS_entry* altNames; /* alt names list of dns entries */
#ifndef IGNORE_NAME_CONSTRAINTS

2
wolfssl/wolfcrypt/asn_public.h
View File

@ -167,6 +167,8 @@ enum Ctc_SigType {
CTC_SHA3_384wRSA = 429,
CTC_SHA3_512wRSA = 430,
CTC_RSASSAPSS = 654,
CTC_ED25519 = 256,
CTC_ED448 = 257,