data_files: add server11-rsa-signed.crt

valeriosetti · valeriosetti · commit f7d32571f8dc · 2025-11-28T16:38:51.000+01:00
This is almost identical to "server5-rsa-signed.crt" in the sense that it
includes an EC public key and it's signed with an RSA one.
The main difference compared to "server5-rsa-signed.crt" is that in this
case we're using a secp256k1 key, instead the companion one uses a
secp256r1. The important thing here is that the "k1" type does not belong
to "suite-b", while "r1" does.

Signed-off-by: Valerio Setti &lt;vsetti@baylibre.com&gt;
diff --git a/data_files/Makefile b/data_files/Makefile
@@ -636,6 +636,18 @@ server10_int3_spurious_int-ca2.crt: server10.crt test-int-ca3.crt $(test_ca_int_
 	cat $^ > $@
 all_final += server10_int3_spurious_int-ca2.crt
 
+# server11 *
+
+# This is basically identical to "server5-rsa-signed.crt" but using a secp256k1
+# key instead of secp256r1 one in order not to fall in the list of allowed curves
+# for suite-b profile.
+server11-rsa-signed.crt: server11.key
+	$(MBEDTLS_CERT_WRITE) subject_key=$< subject_name="C=NL,O=PolarSSL,CN=localhost" serial=13 \
+		issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) \
+		not_before=20190210144406 not_after=20290210144406 \
+		md=SHA1 version=3 output_file=$@
+all_final += server11-rsa-signed.crt
+
 rsa_pkcs1_2048_public.pem: server8.key
 	$(OPENSSL)  rsa -in $< -outform PEM -RSAPublicKey_out -out $@
 all_final += rsa_pkcs1_2048_public.pem
diff --git a/data_files/server11-rsa-signed.crt b/data_files/server11-rsa-signed.crt
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICaTCCAVGgAwIBAgIBDTANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDBWMBAGByqGSM49AgEG
+BSuBBAAKA0IABITn/L3s9+4MXRDenn1V/4T4B0igjlPW52BKcl5ZNS5jMqDOOUjl
+zXShWMqz2Izhsa29cxsTOZN8eT4p8BedD6ujTTBLMAkGA1UdEwQCMAAwHQYDVR0O
+BBYEFE8fs/ywDn6xlnYK1tDkG/lCZ0ZmMB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnV
+ppUP6z68x/3/MA0GCSqGSIb3DQEBBQUAA4IBAQAyVbsxPW8wUqo23j0KinXKJIFJ
+KakGvPiQsl7cV+go9W2kJSlUKBtaUcdZQpQsm3FLnDMhz9j1VBSic46/msH2I7Cv
+eUrPlmP9Y1spYCuUo3c/tOyAPhgwVFdNWuYTwPRD+D2yugQMhnggoemaYzu+Mw0z
+FTbY/kXSsW47n8qbHbE5kvo40lGFSPmcbvJDMGwfw1o2adQm43Zce4uxL4WbC6Y6
+8FvkMmyFBRVRKnt1ViIyaeEjlgCVxhfUZO8kvy9So86m2xZtQTuEFHN/Cn7xdRLG
+GILYv5GAbYXNcrzfpz9UyU9VUGLKJIHpmrmKBUl8GsV0z9bSIApiE+wDq+F7
+-----END CERTIFICATE-----
