Merge branch 'topic/fixup-tests'

* topic/fixup-tests: test: refactor PKey::PKey#{sign,verify} tests test: rework PEM/DER encoding and decoding tests test/test_pkey_ec: stop iterating all curves test/test_pkey_dh: refine OpenSSL::PKey::DH::DEFAULT_* tests
author: Kazuki Yamaguchi <k@rhe.jp> 2016-08-18 22:51:29 +0900
committer: Kazuki Yamaguchi <k@rhe.jp> 2016-08-18 22:51:29 +0900
commit: c6536e05a8642cc22cf1bed648a1f2da5b2ca998 (patch)
tree: 40b382e9ee29263db465ae3de8f0f1dc0fa4c74e /test
parent: b8ae1f937c0145f157a978584e68d71941926d7a (diff)
parent: 20a88ace0778282d5ee564842023c78e4a2e9399 (diff)
download: ruby-openssl-c6536e05a8642cc22cf1bed648a1f2da5b2ca998.tar.gz
6 files changed, 559 insertions, 594 deletions
diff --git a/test/test_pkey.rb b/test/test_pkey.rb
new file mode 100644
index 00000000..7e960926
--- /dev/null
+++ b/test/test_pkey.rb
@@ -0,0 +1,49 @@
+# frozen_string_literal: false
+require_relative "utils"
+
+if defined?(OpenSSL::TestUtils)
+
+class OpenSSL::TestPKey < OpenSSL::PKeyTestCase
+  PKEYS = {
+    OpenSSL::PKey::RSA => {
+      key: OpenSSL::TestUtils::TEST_KEY_RSA1024,
+      digest: OpenSSL::Digest::SHA1,
+    },
+    OpenSSL::PKey::DSA => {
+      key: OpenSSL::TestUtils::TEST_KEY_DSA512,
+      digest: OpenSSL::Digest::SHA1,
+    },
+  }
+  if defined?(OpenSSL::PKey::EC)
+    PKEYS[OpenSSL::PKey::EC] = {
+      key: OpenSSL::TestUtils::TEST_KEY_EC_P256V1,
+      digest: OpenSSL::TestUtils::DSA_SIGNATURE_DIGEST,
+    }
+  end
+
+  def test_sign_verify
+    data = "Sign me!"
+    invalid_data = "Sign me?"
+    PKEYS.each do |klass, prop|
+      key = prop[:key]
+      pub_key = dup_public(prop[:key])
+      digest = prop[:digest].new
+      signature = key.sign(digest, data)
+      assert_equal(true, pub_key.verify(digest, signature, data))
+      assert_equal(false, pub_key.verify(digest, signature, invalid_data))
+      # digest state is irrelevant
+      digest << "unya"
+      assert_equal(true, pub_key.verify(digest, signature, data))
+      assert_equal(false, pub_key.verify(digest, signature, invalid_data))
+
+      if OpenSSL::OPENSSL_VERSION_NUMBER > 0x10000000
+        digest = OpenSSL::Digest::SHA256.new
+        signature = key.sign(digest, data)
+        assert_equal(true, pub_key.verify(digest, signature, data))
+        assert_equal(false, pub_key.verify(digest, signature, invalid_data))
+      end
+    end
+  end
+end
+
+end
diff --git a/test/test_pkey_dh.rb b/test/test_pkey_dh.rb
index 4d84f7ad..470c952e 100644
--- a/test/test_pkey_dh.rb
+++ b/test/test_pkey_dh.rb
@@ -3,33 +3,25 @@ require_relative 'utils'
 
 if defined?(OpenSSL::TestUtils)
 
-class OpenSSL::TestPKeyDH < OpenSSL::TestCase
+class OpenSSL::TestPKeyDH < OpenSSL::PKeyTestCase
+  DH1024 = OpenSSL::TestUtils::TEST_KEY_DH1024
 
   NEW_KEYLEN = 256
 
-  def test_DEFAULT_1024
-    params = <<-eop
------BEGIN DH PARAMETERS-----
-MIGHAoGBAJ0lOVy0VIr/JebWn0zDwY2h+rqITFOpdNr6ugsgvkDXuucdcChhYExJ
-AV/ZD2AWPbrTqV76mGRgJg4EddgT1zG0jq3rnFdMj2XzkBYx3BVvfR0Arnby0RHR
-T4h7KZ/2zmjvV+eF8kBUHBJAojUlzxKj4QeO2x20FP9X5xmNUXeDAgEC
------END DH PARAMETERS-----
-    eop
-    assert_equal params, OpenSSL::PKey::DH::DEFAULT_1024.to_s
-  end
-
-  def test_DEFAULT_2048
-    params = <<-eop
------BEGIN DH PARAMETERS-----
-MIIBCAKCAQEA7E6kBrYiyvmKAMzQ7i8WvwVk9Y/+f8S7sCTN712KkK3cqd1jhJDY
-JbrYeNV3kUIKhPxWHhObHKpD1R84UpL+s2b55+iMd6GmL7OYmNIT/FccKhTcveab
-VBmZT86BZKYyf45hUF9FOuUM9xPzuK3Vd8oJQvfYMCd7LPC0taAEljQLR4Edf8E6
-YoaOffgTf5qxiwkjnlVZQc3whgnEt9FpVMvQ9eknyeGB5KHfayAc3+hUAvI3/Cr3
-1bNveX5wInh5GDx1FGhKBZ+s1H+aedudCm7sCgRwv8lKWYGiHzObSma8A86KG+MD
-7Lo5JquQ3DlBodj3IDyPrxIv96lvRPFtAwIBAg==
------END DH PARAMETERS-----
-    eop
-    assert_equal params, OpenSSL::PKey::DH::DEFAULT_2048.to_s
+  def test_DEFAULT_parameters
+    list = {
+      1024 => OpenSSL::PKey::DH::DEFAULT_1024,
+      2048 => OpenSSL::PKey::DH::DEFAULT_2048,
+    }
+
+    list.each do |expected_size, dh|
+      assert_equal expected_size, dh.p.num_bits
+      assert_predicate dh.p, :prime?
+      result, remainder = (dh.p - 1) / 2
+      assert_predicate result, :prime?
+      assert_equal 0, remainder
+      assert_no_key dh
+    end
   end
 
   def test_new
@@ -44,20 +36,26 @@ YoaOffgTf5qxiwkjnlVZQc3whgnEt9FpVMvQ9eknyeGB5KHfayAc3+hUAvI3/Cr3
     end
   end
 
-  def test_to_der
-    dh = OpenSSL::TestUtils::TEST_KEY_DH1024
-    der = dh.to_der
-    dh2 = OpenSSL::PKey::DH.new(der)
-    assert_equal_params(dh, dh2)
-    assert_no_key(dh2)
-  end
-
-  def test_to_pem
-    dh = OpenSSL::TestUtils::TEST_KEY_DH1024
-    pem = dh.to_pem
-    dh2 = OpenSSL::PKey::DH.new(pem)
-    assert_equal_params(dh, dh2)
-    assert_no_key(dh2)
+  def test_DHparams
+    asn1 = OpenSSL::ASN1::Sequence([
+      OpenSSL::ASN1::Integer(DH1024.p),
+      OpenSSL::ASN1::Integer(DH1024.g)
+    ])
+    key = OpenSSL::PKey::DH.new(asn1.to_der)
+    assert_same_dh dup_public(DH1024), key
+
+    pem = <<~EOF
+    -----BEGIN DH PARAMETERS-----
+    MIGHAoGBAKnKQ8MNK6nYZzLrrcuTsLxuiJGXoOO5gT+tljOTbHBuiktdMTITzIY0
+    pFxIvjG05D7HoBZQfrR0c92NGWPkAiCkhQKB8JCbPVzwNLDy6DZ0pmofDKrEsYHG
+    AQjjxMXhwULlmuR/K+WwlaZPiLIBYalLAZQ7ZbOPeVkJ8ePao0eLAgEC
+    -----END DH PARAMETERS-----
+    EOF
+    key = OpenSSL::PKey::DH.new(pem)
+    assert_same_dh dup_public(DH1024), key
+
+    assert_equal asn1.to_der, DH1024.to_der
+    assert_equal pem, DH1024.export
   end
 
   def test_public_key
@@ -113,6 +111,10 @@ YoaOffgTf5qxiwkjnlVZQc3whgnEt9FpVMvQ9eknyeGB5KHfayAc3+hUAvI3/Cr3
     assert(dh.pub_key)
     assert(dh.priv_key)
   end
+
+  def assert_same_dh(expected, key)
+    check_component(expected, key, [:p, :q, :g, :pub_key, :priv_key])
+  end
 end
 
 end
diff --git a/test/test_pkey_dsa.rb b/test/test_pkey_dsa.rb
index ed79e0de..d0ba8ec0 100644
--- a/test/test_pkey_dsa.rb
+++ b/test/test_pkey_dsa.rb
@@ -4,7 +4,9 @@ require 'base64'
 
 if defined?(OpenSSL::TestUtils)
 
-class OpenSSL::TestPKeyDSA < OpenSSL::TestCase
+class OpenSSL::TestPKeyDSA < OpenSSL::PKeyTestCase
+  DSA512 = OpenSSL::TestUtils::TEST_KEY_DSA512
+
   def test_private
     key = OpenSSL::PKey::DSA.new(256)
     assert(key.private?)
@@ -42,55 +44,102 @@ class OpenSSL::TestPKeyDSA < OpenSSL::TestCase
     assert(key.sysverify(digest, sig))
   end
 
-  def test_sign_verify
-    check_sign_verify(OpenSSL::Digest::DSS1.new)
-  end if defined?(OpenSSL::Digest::DSS1)
-
-if (OpenSSL::OPENSSL_VERSION_NUMBER > 0x10000000)
-  def test_sign_verify_sha1
-    check_sign_verify(OpenSSL::Digest::SHA1.new)
-  end
-
-  def test_sign_verify_sha256
-    check_sign_verify(OpenSSL::Digest::SHA256.new)
-  end
-end
-
-  def test_digest_state_irrelevant_verify
-    key = OpenSSL::TestUtils::TEST_KEY_DSA256
-    digest1 = OpenSSL::TestUtils::DSA_SIGNATURE_DIGEST.new
-    digest2 = OpenSSL::TestUtils::DSA_SIGNATURE_DIGEST.new
-    data = 'Sign me!'
-    sig = key.sign(digest1, data)
-    digest1.reset
-    digest1 << 'Change state of digest1'
-    assert(key.verify(digest1, sig, data))
-    assert(key.verify(digest2, sig, data))
-  end
+  def test_DSAPrivateKey
+    # OpenSSL DSAPrivateKey format; similar to RSAPrivateKey
+    asn1 = OpenSSL::ASN1::Sequence([
+      OpenSSL::ASN1::Integer(0),
+      OpenSSL::ASN1::Integer(DSA512.p),
+      OpenSSL::ASN1::Integer(DSA512.q),
+      OpenSSL::ASN1::Integer(DSA512.g),
+      OpenSSL::ASN1::Integer(DSA512.pub_key),
+      OpenSSL::ASN1::Integer(DSA512.priv_key)
+    ])
+    key = OpenSSL::PKey::DSA.new(asn1.to_der)
+    assert_predicate key, :private?
+    assert_same_dsa DSA512, key
+
+    pem = <<~EOF
+    -----BEGIN DSA PRIVATE KEY-----
+    MIH4AgEAAkEA5lB4GvEwjrsMlGDqGsxrbqeFRh6o9OWt6FgTYiEEHaOYhkIxv0Ok
+    RZPDNwOG997mDjBnvDJ1i56OmS3MbTnovwIVAJgub/aDrSDB4DZGH7UyarcaGy6D
+    AkB9HdFw/3td8K4l1FZHv7TCZeJ3ZLb7dF3TWoGUP003RCqoji3/lHdKoVdTQNuR
+    S/m6DlCwhjRjiQ/lBRgCLCcaAkEAjN891JBjzpMj4bWgsACmMggFf57DS0Ti+5++
+    Q1VB8qkJN7rA7/2HrCR3gTsWNb1YhAsnFsoeRscC+LxXoXi9OAIUBG98h4tilg6S
+    55jreJD3Se3slps=
+    -----END DSA PRIVATE KEY-----
+    EOF
+    key = OpenSSL::PKey::DSA.new(pem)
+    assert_same_dsa DSA512, key
+
+    assert_equal asn1.to_der, DSA512.to_der
+    assert_equal pem, DSA512.export
+  end
+
+  def test_DSAPrivateKey_encrypted
+    # key = abcdef
+    pem = <<~EOF
+    -----BEGIN DSA PRIVATE KEY-----
+    Proc-Type: 4,ENCRYPTED
+    DEK-Info: AES-128-CBC,F8BB7BFC7EAB9118AC2E3DA16C8DB1D9
+
+    D2sIzsM9MLXBtlF4RW42u2GB9gX3HQ3prtVIjWPLaKBYoToRUiv8WKsjptfZuLSB
+    74ZPdMS7VITM+W1HIxo/tjS80348Cwc9ou8H/E6WGat8ZUk/igLOUEII+coQS6qw
+    QpuLMcCIavevX0gjdjEIkojBB81TYDofA1Bp1z1zDI/2Zhw822xapI79ZF7Rmywt
+    OSyWzFaGipgDpdFsGzvT6//z0jMr0AuJVcZ0VJ5lyPGQZAeVBlbYEI4T72cC5Cz7
+    XvLiaUtum6/sASD2PQqdDNpgx/WA6Vs1Po2kIUQIM5TIwyJI0GdykZcYm6xIK/ta
+    Wgx6c8K+qBAIVrilw3EWxw==
+    -----END DSA PRIVATE KEY-----
+    EOF
+    key = OpenSSL::PKey::DSA.new(pem, "abcdef")
+    assert_same_dsa DSA512, key
+    key = OpenSSL::PKey::DSA.new(pem) { "abcdef" }
+    assert_same_dsa DSA512, key
+
+    cipher = OpenSSL::Cipher.new("aes-128-cbc")
+    exported = DSA512.to_pem(cipher, "abcdef\0\1")
+    assert_same_dsa DSA512, OpenSSL::PKey::DSA.new(exported, "abcdef\0\1")
+    assert_raise(OpenSSL::PKey::DSAError) {
+      OpenSSL::PKey::DSA.new(exported, "abcdef")
+    }
+  end
+
+  def test_PUBKEY
+    asn1 = OpenSSL::ASN1::Sequence([
+      OpenSSL::ASN1::Sequence([
+        OpenSSL::ASN1::ObjectId("DSA"),
+        OpenSSL::ASN1::Sequence([
+          OpenSSL::ASN1::Integer(DSA512.p),
+          OpenSSL::ASN1::Integer(DSA512.q),
+          OpenSSL::ASN1::Integer(DSA512.g)
+        ])
+      ]),
+      OpenSSL::ASN1::BitString(
+        OpenSSL::ASN1::Integer(DSA512.pub_key).to_der
+      )
+    ])
+    key = OpenSSL::PKey::DSA.new(asn1.to_der)
+    assert_not_predicate key, :private?
+    assert_same_dsa dup_public(DSA512), key
+
+    pem = <<~EOF
+    -----BEGIN PUBLIC KEY-----
+    MIHxMIGoBgcqhkjOOAQBMIGcAkEA5lB4GvEwjrsMlGDqGsxrbqeFRh6o9OWt6FgT
+    YiEEHaOYhkIxv0OkRZPDNwOG997mDjBnvDJ1i56OmS3MbTnovwIVAJgub/aDrSDB
+    4DZGH7UyarcaGy6DAkB9HdFw/3td8K4l1FZHv7TCZeJ3ZLb7dF3TWoGUP003RCqo
+    ji3/lHdKoVdTQNuRS/m6DlCwhjRjiQ/lBRgCLCcaA0QAAkEAjN891JBjzpMj4bWg
+    sACmMggFf57DS0Ti+5++Q1VB8qkJN7rA7/2HrCR3gTsWNb1YhAsnFsoeRscC+LxX
+    oXi9OA==
+    -----END PUBLIC KEY-----
+    EOF
+    key = OpenSSL::PKey::DSA.new(pem)
+    assert_same_dsa dup_public(DSA512), key
 
-  def test_read_DSA_PUBKEY
-    p = 7188211954100152441468596248707152960171255279130004340103875772401008316444412091945435731597638374542374929457672178957081124632837356913990200866056699
-    q = 957032439192465935099784319494405376402293318491
-    g = 122928973717064636255205666162891733518376475981809749897454444301389338825906076467196186192907631719698166056821519884939865041993585844526937010746285
-    y = 1235756183583465414789073313502727057075641172514181938731172021825149551960029708596057102104063395063907739571546165975727369183495540798749742124846271
-    algo = OpenSSL::ASN1::ObjectId.new('DSA')
-    params = OpenSSL::ASN1::Sequence.new([OpenSSL::ASN1::Integer.new(p),
-                                          OpenSSL::ASN1::Integer.new(q),
-                                          OpenSSL::ASN1::Integer.new(g)])
-    algo_id = OpenSSL::ASN1::Sequence.new ([algo, params])
-    pub_key = OpenSSL::ASN1::Integer.new(y)
-    seq = OpenSSL::ASN1::Sequence.new([algo_id, OpenSSL::ASN1::BitString.new(pub_key.to_der)])
-    key = OpenSSL::PKey::DSA.new(seq.to_der)
-    assert(key.public?)
-    assert(!key.private?)
-    assert_equal(p, key.p)
-    assert_equal(q, key.q)
-    assert_equal(g, key.g)
-    assert_equal(y, key.pub_key)
-    assert_equal(nil, key.priv_key)
+    assert_equal asn1.to_der, dup_public(DSA512).to_der
+    assert_equal pem, dup_public(DSA512).export
   end
 
   def test_read_DSAPublicKey_pem
+    # TODO: where is the standard? PKey::DSA.new can read only PEM
     p = 12260055936871293565827712385212529106400444521449663325576634579961635627321079536132296996623400607469624537382977152381984332395192110731059176842635699
     q = 979494906553787301107832405790107343409973851677
     g = 3731695366899846297271147240305742456317979984190506040697507048095553842519347835107669437969086119948785140453492839427038591924536131566350847469993845
@@ -114,127 +163,6 @@ fWLOqqkzFeRrYMDzUpl36XktY6Yq8EJYlW9pCMmBVNy/dQ==
     assert_equal(nil, key.priv_key)
   end
 
-  def test_read_DSA_PUBKEY_pem
-    p = 12260055936871293565827712385212529106400444521449663325576634579961635627321079536132296996623400607469624537382977152381984332395192110731059176842635699
-    q = 979494906553787301107832405790107343409973851677
-    g = 3731695366899846297271147240305742456317979984190506040697507048095553842519347835107669437969086119948785140453492839427038591924536131566350847469993845
-    y = 10505239074982761504240823422422813362721498896040719759460296306305851824586095328615844661273887569281276387605297130014564808567159023649684010036304695
-    pem = <<-EOF
------BEGIN PUBLIC KEY-----
-MIHxMIGoBgcqhkjOOAQBMIGcAkEA6hXntfQXEo78+s1r8yShbOQIpX+HOESnTNsV
-2yJzD6EiMntLpJ38WUOWjz0dBnYW69YnrAYszWPTSvf34XapswIVAKuSEhdIb6Kz
-fuHPUhoF4S52MHYdAkBHQCWhq8G+2yeDyhuyMtvsQqcH6lJ4ev8F0hDdUft9Ys6q
-qTMV5GtgwPNSmXfpeS1jpirwQliVb2kIyYFU3L91A0QAAkEAyJSJ+g+P/knVcgDw
-wTzC7Pwg/pWs2EMd/r+lYlXhNfzg0biuXRul8VR4VUC/phySExY0PdcqItkR/xYA
-YNMbNw==
------END PUBLIC KEY-----
-    EOF
-    key = OpenSSL::PKey::DSA.new(pem)
-    assert(key.public?)
-    assert(!key.private?)
-    assert_equal(p, key.p)
-    assert_equal(q, key.q)
-    assert_equal(g, key.g)
-    assert_equal(y, key.pub_key)
-    assert_equal(nil, key.priv_key)
-  end
-
-  def test_export_format_is_DSA_PUBKEY_pem
-    key = OpenSSL::TestUtils::TEST_KEY_DSA256
-    pem = key.public_key.to_pem
-    pem.gsub!(/^-+(\w|\s)+-+$/, "") # eliminate --------BEGIN...-------
-    asn1 = OpenSSL::ASN1.decode(Base64.decode64(pem))
-    assert_equal(OpenSSL::ASN1::SEQUENCE, asn1.tag)
-    assert_equal(2, asn1.value.size)
-    seq = asn1.value
-    assert_equal(OpenSSL::ASN1::SEQUENCE, seq[0].tag)
-    assert_equal(2, seq[0].value.size)
-    algo_id = seq[0].value
-    assert_equal(OpenSSL::ASN1::OBJECT, algo_id[0].tag)
-    assert_equal('DSA', algo_id[0].value)
-    assert_equal(OpenSSL::ASN1::SEQUENCE, algo_id[1].tag)
-    assert_equal(3, algo_id[1].value.size)
-    params = algo_id[1].value
-    assert_equal(OpenSSL::ASN1::INTEGER, params[0].tag)
-    assert_equal(key.p, params[0].value)
-    assert_equal(OpenSSL::ASN1::INTEGER, params[1].tag)
-    assert_equal(key.q, params[1].value)
-    assert_equal(OpenSSL::ASN1::INTEGER, params[2].tag)
-    assert_equal(key.g, params[2].value)
-    assert_equal(OpenSSL::ASN1::BIT_STRING, seq[1].tag)
-    assert_equal(0, seq[1].unused_bits)
-    pub_key = OpenSSL::ASN1.decode(seq[1].value)
-    assert_equal(OpenSSL::ASN1::INTEGER, pub_key.tag)
-    assert_equal(key.pub_key, pub_key.value)
-  end
-
-  def test_read_private_key_der
-    key = OpenSSL::TestUtils::TEST_KEY_DSA256
-    der = key.to_der
-    key2 = OpenSSL::PKey.read(der)
-    assert(key2.private?)
-    assert_equal(der, key2.to_der)
-  end
-
-  def test_read_private_key_pem
-    key = OpenSSL::TestUtils::TEST_KEY_DSA256
-    pem = key.to_pem
-    key2 = OpenSSL::PKey.read(pem)
-    assert(key2.private?)
-    assert_equal(pem, key2.to_pem)
-  end
-
-  def test_read_public_key_der
-    key = OpenSSL::TestUtils::TEST_KEY_DSA256.public_key
-    der = key.to_der
-    key2 = OpenSSL::PKey.read(der)
-    assert(!key2.private?)
-    assert_equal(der, key2.to_der)
-  end
-
-  def test_read_public_key_pem
-    key = OpenSSL::TestUtils::TEST_KEY_DSA256.public_key
-    pem = key.to_pem
-    key2 = OpenSSL::PKey.read(pem)
-    assert(!key2.private?)
-    assert_equal(pem, key2.to_pem)
-  end
-
-  def test_read_private_key_pem_pw
-    key = OpenSSL::TestUtils::TEST_KEY_DSA256
-    pem = key.to_pem(OpenSSL::Cipher.new('AES-128-CBC'), 'secret')
-    #callback form for password
-    key2 = OpenSSL::PKey.read(pem) do
-      'secret'
-    end
-    assert(key2.private?)
-    # pass password directly
-    key2 = OpenSSL::PKey.read(pem, 'secret')
-    assert(key2.private?)
-    #omit pem equality check, will be different due to cipher iv
-  end
-
-  def test_export_password_length
-    key = OpenSSL::TestUtils::TEST_KEY_DSA256
-    assert_raise(OpenSSL::OpenSSLError) do
-      key.export(OpenSSL::Cipher.new('AES-128-CBC'), 'sec')
-    end
-    pem = key.export(OpenSSL::Cipher.new('AES-128-CBC'), 'secr')
-    assert(pem)
-  end
-
-  def test_export_password_funny
-    key = OpenSSL::TestUtils::TEST_KEY_DSA256
-    pem = key.export(OpenSSL::Cipher.new('AES-128-CBC'), "pass\0wd")
-    assert_raise(OpenSSL::PKey::PKeyError) do
-      OpenSSL::PKey.read(pem, "pass")
-    end
-    key2 = OpenSSL::PKey.read(pem, "pass\0wd")
-    assert(key2.private?)
-    key3 = OpenSSL::PKey::DSA.new(pem, "pass\0wd")
-    assert(key3.private?)
-  end
-
   def test_dup
     key = OpenSSL::PKey::DSA.new(256)
     key2 = key.dup
@@ -244,12 +172,8 @@ YNMbNw==
   end
 
   private
-
-  def check_sign_verify(digest)
-    key = OpenSSL::TestUtils::TEST_KEY_DSA256
-    data = 'Sign me!'
-    sig = key.sign(digest, data)
-    assert(key.verify(digest, sig, data))
+  def assert_same_dsa(expected, key)
+    check_component(expected, key, [:p, :q, :g, :pub_key, :priv_key])
   end
 end
 
diff --git a/test/test_pkey_ec.rb b/test/test_pkey_ec.rb
index bf2985a0..b89fa38d 100644
--- a/test/test_pkey_ec.rb
+++ b/test/test_pkey_ec.rb
@@ -3,64 +3,46 @@ require_relative 'utils'
 
 if defined?(OpenSSL::TestUtils) && defined?(OpenSSL::PKey::EC)
 
-class OpenSSL::TestEC < OpenSSL::TestCase
-  def setup
-    @data1 = 'foo'
-    @data2 = 'bar' * 1000 # data too long for DSA sig
+class OpenSSL::TestEC < OpenSSL::PKeyTestCase
+  P256 = OpenSSL::TestUtils::TEST_KEY_EC_P256V1
 
-    @groups = []
-    @keys = []
+  def test_ec_key
+    builtin_curves = OpenSSL::PKey::EC.builtin_curves
+    assert_not_empty builtin_curves
 
-    OpenSSL::PKey::EC.builtin_curves.each do |curve, comment|
-      group = OpenSSL::PKey::EC::Group.new(curve)
+    builtin_curves.each do |curve_name, comment|
+      # Oakley curves and X25519 are not suitable for signing and causes
+      # FIPS-selftest failure on some environment, so skip for now.
+      next if ["Oakley", "X25519"].any? { |n| curve_name.start_with?(n) }
 
-      # Oakley curves and X25519 are not suitable for signing
-      next if ["Oakley", "X25519"].any? { |n| curve.start_with?(n) }
-
-      key = OpenSSL::PKey::EC.new(group)
+      key = OpenSSL::PKey::EC.new(curve_name)
       key.generate_key!
 
-      @groups << group
-      @keys << key
+      assert_predicate key, :private?
+      assert_predicate key, :public?
+      assert_nothing_raised { key.check_key }
     end
-  end
-
-  def test_dup
-    key = OpenSSL::PKey::EC.new("prime256v1")
-    key.generate_key!
-    key2 = key.dup
-    assert_equal key.to_der, key2.to_der
-    key_tmp = OpenSSL::PKey::EC.new("prime256v1").generate_key!
-    key2.private_key = key_tmp.private_key
-    key2.public_key = key_tmp.public_key
-    assert_not_equal key.to_der, key2.to_der
 
-    group = key.group
-    group2 = group.dup
-    assert_equal group.to_der, group2.to_der
-    group2.asn1_flag ^= OpenSSL::PKey::EC::NAMED_CURVE
-    assert_not_equal group.to_der, group2.to_der
+    key1 = OpenSSL::PKey::EC.new("prime256v1").generate_key!
 
-    point = key.public_key
-    point2 = point.dup
-    assert_equal point.to_bn, point2.to_bn
-    point2.invert!
-    assert_not_equal point.to_bn, point2.to_bn
-  end
+    key2 = OpenSSL::PKey::EC.new
+    key2.group = key1.group
+    key2.private_key = key1.private_key
+    key2.public_key = key1.public_key
+    assert_equal key1.to_der, key2.to_der
 
-  def compare_keys(k1, k2)
-    assert_equal(k1.to_pem, k2.to_pem)
-  end
+    key3 = OpenSSL::PKey::EC.new(key1)
+    assert_equal key1.to_der, key3.to_der
 
-  def test_builtin_curves
-    assert(!OpenSSL::PKey::EC.builtin_curves.empty?)
-  end
+    key4 = OpenSSL::PKey::EC.new(key1.to_der)
+    assert_equal key1.to_der, key4.to_der
 
-  def test_curve_names
-    @groups.each_with_index do |group, idx|
-      key = @keys[idx]
-      assert_equal(group.curve_name, key.group.curve_name)
-    end
+    key5 = key1.dup
+    assert_equal key1.to_der, key5.to_der
+    key_tmp = OpenSSL::PKey::EC.new("prime256v1").generate_key!
+    key5.private_key = key_tmp.private_key
+    key5.public_key = key_tmp.public_key
+    assert_not_equal key1.to_der, key5.to_der
   end
 
   def test_generate
@@ -73,173 +55,206 @@ class OpenSSL::TestEC < OpenSSL::TestCase
   end
 
   def test_check_key
-    for key in @keys
-      assert_equal(true, key.check_key)
-      assert_equal(true, key.private?)
-      assert_equal(true, key.public?)
-      key2 = OpenSSL::PKey::EC.new(key.group)
-      assert_equal(false, key2.private?)
-      assert_equal(false, key2.public?)
-      key2.public_key = key.public_key
-      assert_equal(false, key2.private?)
-      assert_equal(true, key2.public?)
-      key2.private_key = key.private_key
-      assert_equal(true, key2.private?)
-      assert_equal(true, key2.public?)
-      assert_equal(true, key2.check_key)
-      key2.private_key += 1
-      assert_raise(OpenSSL::PKey::ECError) { key2.check_key }
-    end
-  end
-
-  def test_group_encoding
-    for group in @groups
-      for meth in [:to_der, :to_pem]
-        txt = group.send(meth)
-        gr = OpenSSL::PKey::EC::Group.new(txt)
-
-        assert_equal(txt, gr.send(meth))
-
-        assert_equal(group.generator.to_bn, gr.generator.to_bn)
-        assert_equal(group.cofactor, gr.cofactor)
-        assert_equal(group.order, gr.order)
-        assert_equal(group.seed, gr.seed)
-        assert_equal(group.degree, gr.degree)
-      end
-    end
-  end
-
-  def test_key_encoding
-    for key in @keys
-      group = key.group
-
-      for meth in [:to_der, :to_pem]
-        txt = key.send(meth)
-        assert_equal(txt, OpenSSL::PKey::EC.new(txt).send(meth))
-      end
-
-      bn = key.public_key.to_bn
-      assert_equal(bn, OpenSSL::PKey::EC::Point.new(group, bn).to_bn)
-    end
-  end
-
-  def test_set_keys
-    for key in @keys
-      k = OpenSSL::PKey::EC.new
-      k.group = key.group
-      k.private_key = key.private_key
-      k.public_key = key.public_key
-
-      compare_keys(key, k)
-    end
+    key = OpenSSL::PKey::EC.new("prime256v1").generate_key!
+    assert_equal(true, key.check_key)
+    assert_equal(true, key.private?)
+    assert_equal(true, key.public?)
+    key2 = OpenSSL::PKey::EC.new(key.group)
+    assert_equal(false, key2.private?)
+    assert_equal(false, key2.public?)
+    key2.public_key = key.public_key
+    assert_equal(false, key2.private?)
+    assert_equal(true, key2.public?)
+    key2.private_key = key.private_key
+    assert_equal(true, key2.private?)
+    assert_equal(true, key2.public?)
+    assert_equal(true, key2.check_key)
+    key2.private_key += 1
+    assert_raise(OpenSSL::PKey::ECError) { key2.check_key }
   end
 
   def test_dsa_sign_verify
-    for key in @keys
-      sig = key.dsa_sign_asn1(@data1)
-      assert(key.dsa_verify_asn1(@data1, sig))
-    end
+    data1 = "foo"
+    data2 = "bar"
+    key = OpenSSL::PKey::EC.new("prime256v1").generate_key!
+    sig = key.dsa_sign_asn1(data1)
+    assert_equal true, key.dsa_verify_asn1(data1, sig)
+    assert_equal false, key.dsa_verify_asn1(data2, sig)
   end
 
   def test_dsa_sign_asn1_FIPS186_3
-    for key in @keys
-      size = key.group.order.num_bits / 8 + 1
-      dgst = (1..size).to_a.pack('C*')
-      begin
-        sig = key.dsa_sign_asn1(dgst)
-        # dgst is auto-truncated according to FIPS186-3 after openssl-0.9.8m
-        assert(key.dsa_verify_asn1(dgst + "garbage", sig))
-      rescue OpenSSL::PKey::ECError => e
-        # just an exception for longer dgst before openssl-0.9.8m
-        assert_equal('ECDSA_sign: data too large for key size', e.message)
-        # no need to do following tests
-        return
-      end
+    key = OpenSSL::PKey::EC.new("prime256v1").generate_key!
+    size = key.group.order.num_bits / 8 + 1
+    dgst = (1..size).to_a.pack('C*')
+    begin
+      sig = key.dsa_sign_asn1(dgst)
+      # dgst is auto-truncated according to FIPS186-3 after openssl-0.9.8m
+      assert(key.dsa_verify_asn1(dgst + "garbage", sig))
+    rescue OpenSSL::PKey::ECError => e
+      # just an exception for longer dgst before openssl-0.9.8m
+      assert_equal('ECDSA_sign: data too large for key size', e.message)
+      # no need to do following tests
+      return
     end
   end
 
   def test_dh_compute_key
-    for key in @keys
-      k = OpenSSL::PKey::EC.new(key.group)
-      k.generate_key!
-
-      puba = key.public_key
-      pubb = k.public_key
-      a = key.dh_compute_key(pubb)
-      b = k.dh_compute_key(puba)
-      assert_equal(a, b)
-    end
+    key_a = OpenSSL::PKey::EC.new("prime256v1").generate_key!
+    key_b = OpenSSL::PKey::EC.new(key_a.group).generate_key!
+
+    pub_a = key_a.public_key
+    pub_b = key_b.public_key
+    a = key_a.dh_compute_key(pub_b)
+    b = key_b.dh_compute_key(pub_a)
+    assert_equal a, b
   end
 
-  def test_read_private_key_der
-    ec = OpenSSL::TestUtils::TEST_KEY_EC_P256V1
-    der = ec.to_der
-    ec2 = OpenSSL::PKey.read(der)
-    assert(ec2.private_key?)
-    assert_equal(der, ec2.to_der)
+  def test_ECPrivateKey
+    asn1 = OpenSSL::ASN1::Sequence([
+      OpenSSL::ASN1::Integer(1),
+      OpenSSL::ASN1::OctetString(P256.private_key.to_s(2)),
+      OpenSSL::ASN1::ASN1Data.new(
+        [OpenSSL::ASN1::ObjectId("prime256v1")],
+        0, :CONTEXT_SPECIFIC
+      ),
+      OpenSSL::ASN1::ASN1Data.new(
+        [OpenSSL::ASN1::BitString(P256.public_key.to_bn.to_s(2))],
+        1, :CONTEXT_SPECIFIC
+      )
+    ])
+    key = OpenSSL::PKey::EC.new(asn1.to_der)
+    assert_predicate key, :private?
+    assert_same_ec P256, key
+
+    pem = <<~EOF
+    -----BEGIN EC PRIVATE KEY-----
+    MHcCAQEEIID49FDqcf1O1eO8saTgG70UbXQw9Fqwseliit2aWhH1oAoGCCqGSM49
+    AwEHoUQDQgAEFglk2c+oVUIKQ64eZG9bhLNPWB7lSZ/ArK41eGy5wAzU/0G51Xtt
+    CeBUl+MahZtn9fO1JKdF4qJmS39dXnpENg==
+    -----END EC PRIVATE KEY-----
+    EOF
+    key = OpenSSL::PKey::EC.new(pem)
+    assert_same_ec P256, key
+
+    assert_equal asn1.to_der, P256.to_der
+    assert_equal pem, P256.export
   end
 
-  def test_read_private_key_pem
-    ec = OpenSSL::TestUtils::TEST_KEY_EC_P256V1
-    pem = ec.to_pem
-    ec2 = OpenSSL::PKey.read(pem)
-    assert(ec2.private_key?)
-    assert_equal(pem, ec2.to_pem)
+  def test_ECPrivateKey_encrypted
+    # key = abcdef
+    pem = <<~EOF
+    -----BEGIN EC PRIVATE KEY-----
+    Proc-Type: 4,ENCRYPTED
+    DEK-Info: AES-128-CBC,85743EB6FAC9EA76BF99D9328AFD1A66
+
+    nhsP1NHxb53aeZdzUe9umKKyr+OIwQq67eP0ONM6E1vFTIcjkDcFLR6PhPFufF4m
+    y7E2HF+9uT1KPQhlE+D63i1m1Mvez6PWfNM34iOQp2vEhaoHHKlR3c43lLyzaZDI
+    0/dGSU5SzFG+iT9iFXCwCvv+bxyegkBOyALFje1NAsM=
+    -----END EC PRIVATE KEY-----
+    EOF
+    key = OpenSSL::PKey::EC.new(pem, "abcdef")
+    assert_same_ec P256, key
+    key = OpenSSL::PKey::EC.new(pem) { "abcdef" }
+    assert_same_ec P256, key
+
+    cipher = OpenSSL::Cipher.new("aes-128-cbc")
+    exported = P256.to_pem(cipher, "abcdef\0\1")
+    assert_same_ec P256, OpenSSL::PKey::EC.new(exported, "abcdef\0\1")
+    assert_raise(OpenSSL::PKey::ECError) {
+      OpenSSL::PKey::EC.new(exported, "abcdef")
+    }
   end
 
-  def test_read_public_key_der
-    ec = OpenSSL::TestUtils::TEST_KEY_EC_P256V1
-    ec2 = OpenSSL::PKey::EC.new(ec.group)
-    ec2.public_key = ec.public_key
-    der = ec2.to_der
-    ec3 = OpenSSL::PKey.read(der)
-    assert(!ec3.private_key?)
-    assert_equal(der, ec3.to_der)
+  def test_PUBKEY
+    asn1 = OpenSSL::ASN1::Sequence([
+      OpenSSL::ASN1::Sequence([
+        OpenSSL::ASN1::ObjectId("id-ecPublicKey"),
+        OpenSSL::ASN1::ObjectId("prime256v1")
+      ]),
+      OpenSSL::ASN1::BitString(
+        P256.public_key.to_bn.to_s(2)
+      )
+    ])
+    key = OpenSSL::PKey::EC.new(asn1.to_der)
+    assert_not_predicate key, :private?
+    assert_same_ec dup_public(P256), key
+
+    pem = <<~EOF
+    -----BEGIN PUBLIC KEY-----
+    MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFglk2c+oVUIKQ64eZG9bhLNPWB7l
+    SZ/ArK41eGy5wAzU/0G51XttCeBUl+MahZtn9fO1JKdF4qJmS39dXnpENg==
+    -----END PUBLIC KEY-----
+    EOF
+    key = OpenSSL::PKey::EC.new(pem)
+    assert_same_ec dup_public(P256), key
+
+    assert_equal asn1.to_der, dup_public(P256).to_der
+    assert_equal pem, dup_public(P256).export
   end
 
-  def test_read_public_key_pem
-    ec = OpenSSL::TestUtils::TEST_KEY_EC_P256V1
-    ec2 = OpenSSL::PKey::EC.new(ec.group)
-    ec2.public_key = ec.public_key
-    pem = ec2.to_pem
-    ec3 = OpenSSL::PKey.read(pem)
-    assert(!ec3.private_key?)
-    assert_equal(pem, ec3.to_pem)
+  def test_ec_group
+    group1 = OpenSSL::PKey::EC::Group.new("prime256v1")
+    key1 = OpenSSL::PKey::EC.new(group1)
+    assert_equal group1, key1.group
+
+    group2 = OpenSSL::PKey::EC::Group.new(group1)
+    assert_equal group1.to_der, group2.to_der
+    assert_equal group1, group2
+    group2.asn1_flag ^=OpenSSL::PKey::EC::NAMED_CURVE
+    assert_not_equal group1.to_der, group2.to_der
+    assert_equal group1, group2
+
+    group3 = group1.dup
+    assert_equal group1.to_der, group3.to_der
+
+    assert group1.asn1_flag & OpenSSL::PKey::EC::NAMED_CURVE # our default
+    der = group1.to_der
+    group4 = OpenSSL::PKey::EC::Group.new(der)
+    group1.point_conversion_form = group4.point_conversion_form = :uncompressed
+    assert_equal :uncompressed, group1.point_conversion_form
+    assert_equal :uncompressed, group4.point_conversion_form
+    assert_equal group1, group4
+    assert_equal group1.curve_name, group4.curve_name
+    assert_equal group1.generator.to_bn, group4.generator.to_bn
+    assert_equal group1.order, group4.order
+    assert_equal group1.cofactor, group4.cofactor
+    assert_equal group1.seed, group4.seed
+    assert_equal group1.degree, group4.degree
   end
 
-  def test_read_private_key_pem_pw
-    ec = OpenSSL::TestUtils::TEST_KEY_EC_P256V1
-    pem = ec.to_pem(OpenSSL::Cipher.new('AES-128-CBC'), 'secret')
-    #callback form for password
-    ec2 = OpenSSL::PKey.read(pem) do
-      'secret'
-    end
-    assert(ec2.private_key?)
-    # pass password directly
-    ec2 = OpenSSL::PKey.read(pem, 'secret')
-    assert(ec2.private_key?)
-    #omit pem equality check, will be different due to cipher iv
-  end
+  def test_ec_point
+    group = OpenSSL::PKey::EC::Group.new("prime256v1")
+    key = OpenSSL::PKey::EC.new(group).generate_key!
+    point = key.public_key
 
-  def test_export_password_length
-    key = OpenSSL::TestUtils::TEST_KEY_EC_P256V1
-    assert_raise(OpenSSL::OpenSSLError) do
-      key.export(OpenSSL::Cipher.new('AES-128-CBC'), 'sec')
-    end
-    pem = key.export(OpenSSL::Cipher.new('AES-128-CBC'), 'secr')
-    assert(pem)
-  end
+    point2 = OpenSSL::PKey::EC::Point.new(group, point.to_bn)
+    assert_equal point, point2
+    assert_equal point.to_bn, point2.to_bn
+    point2.invert!
+    assert_not_equal point.to_bn, point2.to_bn
 
-  def test_export_password_funny
-    key = OpenSSL::TestUtils::TEST_KEY_EC_P256V1
-    pem = key.export(OpenSSL::Cipher.new('AES-128-CBC'), "pass\0wd")
-    assert_raise(OpenSSL::PKey::PKeyError) do
-      OpenSSL::PKey.read(pem, "pass")
+    begin
+      group = OpenSSL::PKey::EC::Group.new(:GFp, 17, 2, 2)
+      group.point_conversion_form = :uncompressed
+      generator = OpenSSL::PKey::EC::Point.new(group, 0x040501.to_bn)
+      group.set_generator(generator, 19, 1)
+      point = OpenSSL::PKey::EC::Point.new(group, 0x040603.to_bn)
+    rescue OpenSSL::PKey::EC::Group::Error
+      pend "Patched OpenSSL rejected curve" if /unsupported field/ =~ $!.message
+      raise
     end
-    key2 = OpenSSL::PKey.read(pem, "pass\0wd")
-    assert(key2.private_key?)
-    key3 = OpenSSL::PKey::EC.new(pem, "pass\0wd")
-    assert(key3.private_key?)
+
+    assert_equal 0x040603.to_bn, point.to_bn
+    assert_equal true, point.on_curve?
+    point.invert! # 8.5
+    assert_equal 0x04060E.to_bn, point.to_bn
+    assert_equal true, point.on_curve?
+
+    assert_equal false, point.infinity?
+    point.set_to_infinity!
+    assert_equal true, point.infinity?
+    assert_equal 0.to_bn, point.to_bn
+    assert_equal true, point.on_curve?
   end
 
   def test_ec_point_mul
@@ -271,7 +286,7 @@ class OpenSSL::TestEC < OpenSSL::TestCase
       raise if $!.message !~ /unsupported field/
     end
 
-    p256_key = OpenSSL::TestUtils::TEST_KEY_EC_P256V1
+    p256_key = P256
     p256_g = p256_key.group
     assert_equal(p256_key.public_key, p256_g.generator.mul(p256_key.private_key))
 
@@ -285,6 +300,11 @@ class OpenSSL::TestEC < OpenSSL::TestCase
 
 # test Group: asn1_flag, point_conversion
 
+  private
+
+  def assert_same_ec(expected, key)
+    check_component(expected, key, [:group, :public_key, :private_key])
+  end
 end
 
 end
diff --git a/test/test_pkey_rsa.rb b/test/test_pkey_rsa.rb
index c512c3e3..e211faa6 100644
--- a/test/test_pkey_rsa.rb
+++ b/test/test_pkey_rsa.rb
@@ -4,7 +4,9 @@ require 'base64'
 
 if defined?(OpenSSL::TestUtils)
 
-class OpenSSL::TestPKeyRSA < OpenSSL::TestCase
+class OpenSSL::TestPKeyRSA < OpenSSL::PKeyTestCase
+  RSA1024 = OpenSSL::TestUtils::TEST_KEY_RSA1024
+
   def test_padding
     key = OpenSSL::PKey::RSA.new(512, 3)
 
@@ -68,16 +70,8 @@ class OpenSSL::TestPKeyRSA < OpenSSL::TestCase
     end
   end
 
-  def test_sign_verify
-    key = OpenSSL::TestUtils::TEST_KEY_RSA1024
-    digest = OpenSSL::Digest::SHA1.new
-    data = 'Sign me!'
-    sig = key.sign(digest, data)
-    assert(key.verify(digest, sig, data))
-  end
-
   def test_digest_state_irrelevant_sign
-    key = OpenSSL::TestUtils::TEST_KEY_RSA1024
+    key = RSA1024
     digest1 = OpenSSL::Digest::SHA1.new
     digest2 = OpenSSL::Digest::SHA1.new
     data = 'Sign me!'
@@ -88,7 +82,7 @@ class OpenSSL::TestPKeyRSA < OpenSSL::TestCase
   end
 
   def test_digest_state_irrelevant_verify
-    key = OpenSSL::TestUtils::TEST_KEY_RSA1024
+    key = RSA1024
     digest1 = OpenSSL::Digest::SHA1.new
     digest2 = OpenSSL::Digest::SHA1.new
     data = 'Sign me!'
@@ -99,169 +93,131 @@ class OpenSSL::TestPKeyRSA < OpenSSL::TestCase
     assert(key.verify(digest2, sig, data))
   end
 
-  def test_read_RSAPublicKey
-    modulus = 10664264882656732240315063514678024569492171560814833397008094754351396057398262071307709191731289492697968568138092052265293364132872019762410446076526351
-    exponent = 65537
-    seq = OpenSSL::ASN1::Sequence.new([OpenSSL::ASN1::Integer.new(modulus), OpenSSL::ASN1::Integer.new(exponent)])
-    key = OpenSSL::PKey::RSA.new(seq.to_der)
-    assert(key.public?)
-    assert(!key.private?)
-    assert_equal(modulus, key.n)
-    assert_equal(exponent, key.e)
-    assert_equal(nil, key.d)
-    assert_equal(nil, key.p)
-    assert_equal(nil, key.q)
-    assert_equal([], OpenSSL.errors)
-  end
-
-  def test_read_RSA_PUBKEY
-    modulus = 10664264882656732240315063514678024569492171560814833397008094754351396057398262071307709191731289492697968568138092052265293364132872019762410446076526351
-    exponent = 65537
-    algo = OpenSSL::ASN1::ObjectId.new('rsaEncryption')
-    null_params = OpenSSL::ASN1::Null.new(nil)
-    algo_id = OpenSSL::ASN1::Sequence.new ([algo, null_params])
-    pub_key = OpenSSL::ASN1::Sequence.new([OpenSSL::ASN1::Integer.new(modulus), OpenSSL::ASN1::Integer.new(exponent)])
-    seq = OpenSSL::ASN1::Sequence.new([algo_id, OpenSSL::ASN1::BitString.new(pub_key.to_der)])
-    key = OpenSSL::PKey::RSA.new(seq.to_der)
-    assert(key.public?)
-    assert(!key.private?)
-    assert_equal(modulus, key.n)
-    assert_equal(exponent, key.e)
-    assert_equal(nil, key.d)
-    assert_equal(nil, key.p)
-    assert_equal(nil, key.q)
-    assert_equal([], OpenSSL.errors)
-  end
-
-  def test_read_RSAPublicKey_pem
-    modulus = 9416340886363418692990906464787534854462163316648195510702927337693641649864839352187127240942127674615733815606532506566068276485089353644309497938966061
-    exponent = 65537
-    pem = <<-EOF
------BEGIN RSA PUBLIC KEY-----
-MEgCQQCzyh2RIZK62E2PbTWqUljD+K23XR9AGBKNtXjal6WD2yRGcLqzPJLNCa60
-AudJR1JobbIbDJrQu6AXnWh5k/YtAgMBAAE=
------END RSA PUBLIC KEY-----
+  def test_RSAPrivateKey
+    asn1 = OpenSSL::ASN1::Sequence([
+      OpenSSL::ASN1::Integer(0),
+      OpenSSL::ASN1::Integer(RSA1024.n),
+      OpenSSL::ASN1::Integer(RSA1024.e),
+      OpenSSL::ASN1::Integer(RSA1024.d),
+      OpenSSL::ASN1::Integer(RSA1024.p),
+      OpenSSL::ASN1::Integer(RSA1024.q),
+      OpenSSL::ASN1::Integer(RSA1024.dmp1),
+      OpenSSL::ASN1::Integer(RSA1024.dmq1),
+      OpenSSL::ASN1::Integer(RSA1024.iqmp)
+    ])
+    key = OpenSSL::PKey::RSA.new(asn1.to_der)
+    assert_predicate key, :private?
+    assert_same_rsa RSA1024, key
+
+    pem = <<~EOF
+    -----BEGIN RSA PRIVATE KEY-----
+    MIICXgIBAAKBgQDLwsSw1ECnPtT+PkOgHhcGA71nwC2/nL85VBGnRqDxOqjVh7Cx
+    aKPERYHsk4BPCkE3brtThPWc9kjHEQQ7uf9Y1rbCz0layNqHyywQEVLFmp1cpIt/
+    Q3geLv8ZD9pihowKJDyMDiN6ArYUmZczvW4976MU3+l54E6lF/JfFEU5hwIDAQAB
+    AoGBAKSl/MQarye1yOysqX6P8fDFQt68VvtXkNmlSiKOGuzyho0M+UVSFcs6k1L0
+    maDE25AMZUiGzuWHyaU55d7RXDgeskDMakD1v6ZejYtxJkSXbETOTLDwUWTn618T
+    gnb17tU1jktUtU67xK/08i/XodlgnQhs6VoHTuCh3Hu77O6RAkEA7+gxqBuZR572
+    74/akiW/SuXm0SXPEviyO1MuSRwtI87B02D0qgV8D1UHRm4AhMnJ8MCs1809kMQE
+    JiQUCrp9mQJBANlt2ngBO14us6NnhuAseFDTBzCHXwUUu1YKHpMMmxpnGqaldGgX
+    sOZB3lgJsT9VlGf3YGYdkLTNVbogQKlKpB8CQQDiSwkb4vyQfDe8/NpU5Not0fII
+    8jsDUCb+opWUTMmfbxWRR3FBNu8wnym/m19N4fFj8LqYzHX4KY0oVPu6qvJxAkEA
+    wa5snNekFcqONLIE4G5cosrIrb74sqL8GbGb+KuTAprzj5z1K8Bm0UW9lTjVDjDi
+    qRYgZfZSL+x1P/54+xTFSwJAY1FxA/N3QPCXCjPh5YqFxAMQs2VVYTfg+t0MEcJD
+    dPMQD5JX6g5HKnHFg2mZtoXQrWmJSn7p8GJK8yNTopEErA==
+    -----END RSA PRIVATE KEY-----
     EOF
     key = OpenSSL::PKey::RSA.new(pem)
-    assert(key.public?)
-    assert(!key.private?)
-    assert_equal(modulus, key.n)
-    assert_equal(exponent, key.e)
-    assert_equal(nil, key.d)
-    assert_equal(nil, key.p)
-    assert_equal(nil, key.q)
-  end
-
-  def test_read_RSA_PUBKEY_pem
-    modulus = 9416340886363418692990906464787534854462163316648195510702927337693641649864839352187127240942127674615733815606532506566068276485089353644309497938966061
-    exponent = 65537
-    pem = <<-EOF
------BEGIN PUBLIC KEY-----
-MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALPKHZEhkrrYTY9tNapSWMP4rbdd
-H0AYEo21eNqXpYPbJEZwurM8ks0JrrQC50lHUmhtshsMmtC7oBedaHmT9i0C
-AwEAAQ==
------END PUBLIC KEY-----
+    assert_same_rsa RSA1024, key
+
+    assert_equal asn1.to_der, RSA1024.to_der
+    assert_equal pem, RSA1024.export
+  end
+
+  def test_RSAPrivateKey_encrypted
+    # key = abcdef
+    pem = <<~EOF
+    -----BEGIN RSA PRIVATE KEY-----
+    Proc-Type: 4,ENCRYPTED
+    DEK-Info: AES-128-CBC,733F5302505B34701FC41F5C0746E4C0
+
+    zgJniZZQfvv8TFx3LzV6zhAQVayvQVZlAYqFq2yWbbxzF7C+IBhKQle9IhUQ9j/y
+    /jkvol550LS8vZ7TX5WxyDLe12cdqzEvpR6jf3NbxiNysOCxwG4ErhaZGP+krcoB
+    ObuL0nvls/+3myy5reKEyy22+0GvTDjaChfr+FwJjXMG+IBCLscYdgZC1LQL6oAn
+    9xY5DH3W7BW4wR5ttxvtN32TkfVQh8xi3jrLrduUh+hV8DTiAiLIhv0Vykwhep2p
+    WZA+7qbrYaYM8GLLgLrb6LfBoxeNxAEKiTpl1quFkm+Hk1dKq0EhVnxHf92x0zVF
+    jRGZxAMNcrlCoE4f5XK45epVZSZvihdo1k73GPbp84aZ5P/xlO4OwZ3i4uCQXynl
+    jE9c+I+4rRWKyPz9gkkqo0+teJL8ifeKt/3ab6FcdA0aArynqmsKJMktxmNu83We
+    YVGEHZPeOlyOQqPvZqWsLnXQUfg54OkbuV4/4mWSIzxFXdFy/AekSeJugpswMXqn
+    oNck4qySNyfnlyelppXyWWwDfVus9CVAGZmJQaJExHMT/rQFRVchlmY0Ddr5O264
+    gcjv90o1NBOc2fNcqjivuoX7ROqys4K/YdNQ1HhQ7usJghADNOtuLI8ZqMh9akXD
+    Eqp6Ne97wq1NiJj0nt3SJlzTnOyTjzrTe0Y+atPkVKp7SsjkATMI9JdhXwGhWd7a
+    qFVl0owZiDasgEhyG2K5L6r+yaJLYkPVXZYC/wtWC3NEchnDWZGQcXzB4xROCQkD
+    OlWNYDkPiZioeFkA3/fTMvG4moB2Pp9Q4GU5fJ6k43Ccu1up8dX/LumZb4ecg5/x
+    -----END RSA PRIVATE KEY-----
+    EOF
+    key = OpenSSL::PKey::RSA.new(pem, "abcdef")
+    assert_same_rsa RSA1024, key
+    key = OpenSSL::PKey::RSA.new(pem) { "abcdef" }
+    assert_same_rsa RSA1024, key
+
+    cipher = OpenSSL::Cipher.new("aes-128-cbc")
+    exported = RSA1024.to_pem(cipher, "abcdef\0\1")
+    assert_same_rsa RSA1024, OpenSSL::PKey::RSA.new(exported, "abcdef\0\1")
+    assert_raise(OpenSSL::PKey::RSAError) {
+      OpenSSL::PKey::RSA.new(exported, "abcdef")
+    }
+  end
+
+  def test_RSAPublicKey
+    asn1 = OpenSSL::ASN1::Sequence([
+      OpenSSL::ASN1::Integer(RSA1024.n),
+      OpenSSL::ASN1::Integer(RSA1024.e)
+    ])
+    key = OpenSSL::PKey::RSA.new(asn1.to_der)
+    assert_not_predicate key, :private?
+    assert_same_rsa dup_public(RSA1024), key
+
+    pem = <<~EOF
+    -----BEGIN RSA PUBLIC KEY-----
+    MIGJAoGBAMvCxLDUQKc+1P4+Q6AeFwYDvWfALb+cvzlUEadGoPE6qNWHsLFoo8RF
+    geyTgE8KQTduu1OE9Zz2SMcRBDu5/1jWtsLPSVrI2ofLLBARUsWanVyki39DeB4u
+    /xkP2mKGjAokPIwOI3oCthSZlzO9bj3voxTf6XngTqUX8l8URTmHAgMBAAE=
+    -----END RSA PUBLIC KEY-----
     EOF
     key = OpenSSL::PKey::RSA.new(pem)
-    assert(key.public?)
-    assert(!key.private?)
-    assert_equal(modulus, key.n)
-    assert_equal(exponent, key.e)
-    assert_equal(nil, key.d)
-    assert_equal(nil, key.p)
-    assert_equal(nil, key.q)
-  end
-
-  def test_export_format_is_RSA_PUBKEY
-    key = OpenSSL::PKey::RSA.new(512)
-    asn1 = OpenSSL::ASN1.decode(key.public_key.to_der)
-    check_PUBKEY(asn1, key)
-  end
-
-  def test_export_format_is_RSA_PUBKEY_pem
-    key = OpenSSL::PKey::RSA.new(512)
-    pem = key.public_key.to_pem
-    pem.gsub!(/^-+(\w|\s)+-+$/, "") # eliminate --------BEGIN...-------
-    asn1 = OpenSSL::ASN1.decode(Base64.decode64(pem))
-    check_PUBKEY(asn1, key)
-  end
-
-  def test_read_private_key_der
-    der = OpenSSL::TestUtils::TEST_KEY_RSA1024.to_der
-    key = OpenSSL::PKey.read(der)
-    assert(key.private?)
-    assert_equal(der, key.to_der)
-  end
-
-  def test_read_private_key_pem
-    pem = OpenSSL::TestUtils::TEST_KEY_RSA1024.to_pem
-    key = OpenSSL::PKey.read(pem)
-    assert(key.private?)
-    assert_equal(pem, key.to_pem)
-  end
-
-  def test_read_public_key_der
-    der = OpenSSL::TestUtils::TEST_KEY_RSA1024.public_key.to_der
-    key = OpenSSL::PKey.read(der)
-    assert(!key.private?)
-    assert_equal(der, key.to_der)
-  end
-
-  def test_read_public_key_pem
-    pem = OpenSSL::TestUtils::TEST_KEY_RSA1024.public_key.to_pem
-    key = OpenSSL::PKey.read(pem)
-    assert(!key.private?)
-    assert_equal(pem, key.to_pem)
-  end
-
-  def test_read_private_key_pem_pw
-    pem = OpenSSL::TestUtils::TEST_KEY_RSA1024.to_pem(OpenSSL::Cipher.new('AES-128-CBC'), 'secret')
-    #callback form for password
-    key = OpenSSL::PKey.read(pem) do
-      'secret'
-    end
-    assert(key.private?)
-    # pass password directly
-    key = OpenSSL::PKey.read(pem, 'secret')
-    assert(key.private?)
-    #omit pem equality check, will be different due to cipher iv
-  end
-
-  def test_read_private_key_pem_pw_exception
-    pem = OpenSSL::TestUtils::TEST_KEY_RSA1024.to_pem(OpenSSL::Cipher.new('AES-128-CBC'), 'secret')
-    # it raises an ArgumentError from PEM reading. The exception raised inside are ignored for now.
-    assert_raise(OpenSSL::PKey::PKeyError) do
-      OpenSSL::PKey.read(pem) do
-        raise RuntimeError
-      end
-    end
-  end
+    assert_same_rsa dup_public(RSA1024), key
+  end
+
+  def test_PUBKEY
+    asn1 = OpenSSL::ASN1::Sequence([
+      OpenSSL::ASN1::Sequence([
+        OpenSSL::ASN1::ObjectId("rsaEncryption"),
+        OpenSSL::ASN1::Null(nil)
+      ]),
+      OpenSSL::ASN1::BitString(
+        OpenSSL::ASN1::Sequence([
+          OpenSSL::ASN1::Integer(RSA1024.n),
+          OpenSSL::ASN1::Integer(RSA1024.e)
+        ]).to_der
+      )
+    ])
+    key = OpenSSL::PKey::RSA.new(asn1.to_der)
+    assert_not_predicate key, :private?
+    assert_same_rsa dup_public(RSA1024), key
+
+    pem = <<~EOF
+    -----BEGIN PUBLIC KEY-----
+    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDLwsSw1ECnPtT+PkOgHhcGA71n
+    wC2/nL85VBGnRqDxOqjVh7CxaKPERYHsk4BPCkE3brtThPWc9kjHEQQ7uf9Y1rbC
+    z0layNqHyywQEVLFmp1cpIt/Q3geLv8ZD9pihowKJDyMDiN6ArYUmZczvW4976MU
+    3+l54E6lF/JfFEU5hwIDAQAB
+    -----END PUBLIC KEY-----
+    EOF
+    key = OpenSSL::PKey::RSA.new(pem)
+    assert_same_rsa dup_public(RSA1024), key
 
-  def test_export_password_length
-    key = OpenSSL::TestUtils::TEST_KEY_RSA1024
-    assert_raise(OpenSSL::OpenSSLError) do
-      key.export(OpenSSL::Cipher.new('AES-128-CBC'), 'sec')
-    end
-    pem = key.export(OpenSSL::Cipher.new('AES-128-CBC'), 'secr')
-    assert(pem)
-  end
-
-  def test_export_password_funny
-    key = OpenSSL::TestUtils::TEST_KEY_RSA1024
-    # this assertion may fail in the future because of OpenSSL change.
-    # the current upper limit is 1024
-    assert_raise(OpenSSL::OpenSSLError) do
-      key.export(OpenSSL::Cipher.new('AES-128-CBC'), 'secr' * 1024)
-    end
-    # password containing NUL byte
-    pem = key.export(OpenSSL::Cipher.new('AES-128-CBC'), "pass\0wd")
-    assert_raise(OpenSSL::PKey::PKeyError) do
-      OpenSSL::PKey.read(pem, "pass")
-    end
-    key2 = OpenSSL::PKey.read(pem, "pass\0wd")
-    assert(key2.private?)
-    key3 = OpenSSL::PKey::RSA.new(pem, "pass\0wd")
-    assert(key3.private?)
+    assert_equal asn1.to_der, dup_public(RSA1024).to_der
+    assert_equal pem, dup_public(RSA1024).export
   end
 
   def test_dup
@@ -273,29 +229,9 @@ AwEAAQ==
   end
 
   private
-
-  def check_PUBKEY(asn1, key)
-    assert_equal(OpenSSL::ASN1::SEQUENCE, asn1.tag)
-    assert_equal(2, asn1.value.size)
-    seq = asn1.value
-    assert_equal(OpenSSL::ASN1::SEQUENCE, seq[0].tag)
-    assert_equal(2, seq[0].value.size)
-    algo_id = seq[0].value
-    assert_equal(OpenSSL::ASN1::OBJECT, algo_id[0].tag)
-    assert_equal('rsaEncryption', algo_id[0].value)
-    assert_equal(OpenSSL::ASN1::NULL, algo_id[1].tag)
-    assert_equal(nil, algo_id[1].value)
-    assert_equal(OpenSSL::ASN1::BIT_STRING, seq[1].tag)
-    assert_equal(0, seq[1].unused_bits)
-    pub_key = OpenSSL::ASN1.decode(seq[1].value)
-    assert_equal(OpenSSL::ASN1::SEQUENCE, pub_key.tag)
-    assert_equal(2, pub_key.value.size)
-    assert_equal(OpenSSL::ASN1::INTEGER, pub_key.value[0].tag)
-    assert_equal(key.n, pub_key.value[0].value)
-    assert_equal(OpenSSL::ASN1::INTEGER, pub_key.value[1].tag)
-    assert_equal(key.e, pub_key.value[1].value)
+  def assert_same_rsa(expected, key)
+    check_component(expected, key, [:n, :e, :d, :p, :q, :dmp1, :dmq1, :iqmp])
   end
-
 end
 
 end
diff --git a/test/utils.rb b/test/utils.rb
index 6b1487d3..f30504a5 100644
--- a/test/utils.rb
+++ b/test/utils.rb
@@ -372,5 +372,39 @@ AQjjxMXhwULlmuR/K+WwlaZPiLIBYalLAZQ7ZbOPeVkJ8ePao0eLAgEC
     end
   end
 
+  class OpenSSL::PKeyTestCase < OpenSSL::TestCase
+    def check_component(base, test, keys)
+      keys.each { |comp|
+        assert_equal base.send(comp), test.send(comp)
+      }
+    end
+
+    def dup_public(key)
+      case key
+      when OpenSSL::PKey::RSA
+        rsa = OpenSSL::PKey::RSA.new
+        rsa.set_key(key.n, key.e, nil)
+        rsa
+      when OpenSSL::PKey::DSA
+        dsa = OpenSSL::PKey::DSA.new
+        dsa.set_pqg(key.p, key.q, key.g)
+        dsa.set_key(key.pub_key, nil)
+        dsa
+      when OpenSSL::PKey::DH
+        dh = OpenSSL::PKey::DH.new
+        dh.set_pqg(key.p, nil, key.g)
+        dh
+      else
+        if defined?(OpenSSL::PKey::EC) && OpenSSL::PKey::EC === key
+          ec = OpenSSL::PKey::EC.new(key.group)
+          ec.public_key = key.public_key
+          ec
+        else
+          raise "unknown key type"
+        end
+      end
+    end
+  end
+
 end if defined?(OpenSSL::OPENSSL_LIBRARY_VERSION) and
   /\AOpenSSL +0\./ !~ OpenSSL::OPENSSL_LIBRARY_VERSION
author	Kazuki Yamaguchi <k@rhe.jp>	2016-08-18 22:51:29 +0900
committer	Kazuki Yamaguchi <k@rhe.jp>	2016-08-18 22:51:29 +0900
commit	c6536e05a8642cc22cf1bed648a1f2da5b2ca998 (patch)
tree	40b382e9ee29263db465ae3de8f0f1dc0fa4c74e /test
parent	b8ae1f937c0145f157a978584e68d71941926d7a (diff)
parent	20a88ace0778282d5ee564842023c78e4a2e9399 (diff)
download	ruby-openssl-c6536e05a8642cc22cf1bed648a1f2da5b2ca998.tar.gz