Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix test_pkey_rsa.rb in FIPS. #790

Merged
merged 1 commit into from
Sep 5, 2024
Merged

Fix test_pkey_rsa.rb in FIPS. #790

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions Rakefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@ Rake::TestTask.new(:test_fips_internal) do |t|
'test/openssl/test_pkey_dh.rb',
'test/openssl/test_pkey_dsa.rb',
'test/openssl/test_pkey_ec.rb',
'test/openssl/test_pkey_rsa.rb',
]
t.warning = true
end
Expand Down
247 changes: 152 additions & 95 deletions test/openssl/test_pkey_rsa.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,9 +14,7 @@ def test_no_private_exp
end if !openssl?(3, 0, 0) # Impossible state in OpenSSL 3.0

def test_private
# Generated by key size and public exponent
key = OpenSSL::PKey::RSA.new(512, 3)
assert(key.private?)
key = Fixtures.pkey("rsa2048")

# Generated by DER
key2 = OpenSSL::PKey::RSA.new(key.to_der)
Expand Down Expand Up @@ -46,63 +44,74 @@ def test_private
end

def test_new
key = OpenSSL::PKey::RSA.new(512)
assert_equal 512, key.n.num_bits
key = OpenSSL::PKey::RSA.new(2048)
assert_equal 2048, key.n.num_bits
assert_equal 65537, key.e
assert_not_nil key.d
assert(key.private?)
end

def test_new_public_exponent
# At least 2024-bits RSA key are required in FIPS.
omit_on_fips

# Specify public exponent
key2 = OpenSSL::PKey::RSA.new(512, 3)
assert_equal 512, key2.n.num_bits
assert_equal 3, key2.e
assert_not_nil key2.d
key = OpenSSL::PKey::RSA.new(512, 3)
assert_equal 512, key.n.num_bits
assert_equal 3, key.e
end

def test_s_generate
key1 = OpenSSL::PKey::RSA.generate(512)
assert_equal 512, key1.n.num_bits
key1 = OpenSSL::PKey::RSA.generate(2048)
assert_equal 2048, key1.n.num_bits
assert_equal 65537, key1.e
end

def test_s_generate_public_exponent
# At least 2024-bits RSA key are required in FIPS.
omit_on_fips

# Specify public exponent
key2 = OpenSSL::PKey::RSA.generate(512, 3)
assert_equal 512, key2.n.num_bits
assert_equal 3, key2.e
assert_not_nil key2.d
key = OpenSSL::PKey::RSA.generate(512, 3)
assert_equal 512, key.n.num_bits
assert_equal 3, key.e
end

def test_new_break
assert_nil(OpenSSL::PKey::RSA.new(1024) { break })
assert_nil(OpenSSL::PKey::RSA.new(2048) { break })
assert_raise(RuntimeError) do
OpenSSL::PKey::RSA.new(1024) { raise }
OpenSSL::PKey::RSA.new(2048) { raise }
end
end

def test_sign_verify
rsa1024 = Fixtures.pkey("rsa1024")
rsa = Fixtures.pkey("rsa2048")
data = "Sign me!"
signature = rsa1024.sign("SHA256", data)
assert_equal true, rsa1024.verify("SHA256", signature, data)
signature = rsa.sign("SHA256", data)
assert_equal true, rsa.verify("SHA256", signature, data)

signature0 = (<<~'end;').unpack1("m")
oLCgbprPvfhM4pjFQiDTFeWI9Sk+Og7Nh9TmIZ/xSxf2CGXQrptlwo7NQ28+
WA6YQo8jPH4hSuyWIM4Gz4qRYiYRkl5TDMUYob94zm8Si1HxEiS9354tzvqS
zS8MLW2BtNPuTubMxTItHGTnOzo9sUg0LAHVFt8kHG2NfKAw/gQ=
ooy49i8aeFtkDYUU0RPDsEugGiNw4lZxpbQPnIwtdftEkka945IqKZ/MY3YSw7wKsvBZeaTy8GqL
lSWLThsRFDV+UUS9zUBbQ9ygNIT8OjdV+tNL63ZpKGprczSnw4F05MQIpajNRud/8jiI9rf+Wysi
WwXecjMl2FlXlLJHY4PFQZU5TiametB4VCQRMcjLo1uf26u/yRpiGaYyqn5vxs0SqNtUDM1UL6x4
NHCAdqLjuFRQPjYp1vGLD3eSl4061pS8x1NVap3YGbYfGUyzZO4VfwFwf1jPdhp/OX/uZw4dGB2H
gSK+q1JiDFwEE6yym5tdKovL1g1NhFYHF6gkZg==
end;
assert_equal true, rsa1024.verify("SHA256", signature0, data)
assert_equal true, rsa.verify("SHA256", signature0, data)
signature1 = signature0.succ
assert_equal false, rsa1024.verify("SHA256", signature1, data)
assert_equal false, rsa.verify("SHA256", signature1, data)
end

def test_sign_verify_options
key = Fixtures.pkey("rsa1024")
key = Fixtures.pkey("rsa2048")
data = "Sign me!"
pssopts = {
"rsa_padding_mode" => "pss",
"rsa_pss_saltlen" => 20,
"rsa_mgf1_md" => "SHA1"
}
sig_pss = key.sign("SHA256", data, pssopts)
assert_equal 128, sig_pss.bytesize
assert_equal 256, sig_pss.bytesize
assert_equal true, key.verify("SHA256", sig_pss, data, pssopts)
assert_equal true, key.verify_pss("SHA256", sig_pss, data,
salt_length: 20, mgf1_hash: "SHA1")
Expand Down Expand Up @@ -175,12 +184,12 @@ def test_verify_empty_rsa
end

def test_sign_verify_pss
key = Fixtures.pkey("rsa1024")
key = Fixtures.pkey("rsa2048")
data = "Sign me!"
invalid_data = "Sign me?"

signature = key.sign_pss("SHA256", data, salt_length: 20, mgf1_hash: "SHA1")
assert_equal 128, signature.bytesize
assert_equal 256, signature.bytesize
assert_equal true,
key.verify_pss("SHA256", signature, data, salt_length: 20, mgf1_hash: "SHA1")
assert_equal true,
Expand All @@ -196,14 +205,26 @@ def test_sign_verify_pss
assert_equal false,
key.verify_pss("SHA256", signature, data, salt_length: 20, mgf1_hash: "SHA1")

signature = key.sign_pss("SHA256", data, salt_length: :max, mgf1_hash: "SHA1")
assert_equal true,
key.verify_pss("SHA256", signature, data, salt_length: 94, mgf1_hash: "SHA1")
assert_equal true,
key.verify_pss("SHA256", signature, data, salt_length: :auto, mgf1_hash: "SHA1")
# The sign_pss with `salt_length: :max` raises the "invalid salt length"
# error in FIPS. We need to skip the tests in FIPS.
# According to FIPS 186-5 section 5.4, the salt length shall be between zero
# and the output block length of the digest function (inclusive).
#
# FIPS 186-5 section 5.4 PKCS #1
# https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5.pdf
unless OpenSSL.fips_mode
signature = key.sign_pss("SHA256", data, salt_length: :max, mgf1_hash: "SHA1")
# Should verify on the following salt_length (sLen).
# sLen <= emLen (octat) - 2 - hLen (octet) = 2048 / 8 - 2 - 256 / 8 = 222
# https://datatracker.ietf.org/doc/html/rfc8017#section-9.1.1
assert_equal true,
key.verify_pss("SHA256", signature, data, salt_length: 222, mgf1_hash: "SHA1")
assert_equal true,
key.verify_pss("SHA256", signature, data, salt_length: :auto, mgf1_hash: "SHA1")
end

assert_raise(OpenSSL::PKey::RSAError) {
key.sign_pss("SHA256", data, salt_length: 95, mgf1_hash: "SHA1")
key.sign_pss("SHA256", data, salt_length: 223, mgf1_hash: "SHA1")
}
end

Expand All @@ -213,8 +234,13 @@ def test_encrypt_decrypt

# Defaults to PKCS #1 v1.5
raw = "data"
enc = rsapub.encrypt(raw)
assert_equal raw, rsapriv.decrypt(enc)
# According to the NIST SP 800-131A Rev. 2 section 6, PKCS#1 v1.5 padding is
# not permitted for key agreement and key transport using RSA in FIPS.
# https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf
unless OpenSSL.fips_mode
enc = rsapub.encrypt(raw)
assert_equal raw, rsapriv.decrypt(enc)
end

# Invalid options
assert_raise(OpenSSL::PKey::PKeyError) {
Expand All @@ -227,11 +253,13 @@ def test_encrypt_decrypt_legacy
rsapub = OpenSSL::PKey.read(rsapriv.public_to_der)

# Defaults to PKCS #1 v1.5
raw = "data"
enc_legacy = rsapub.public_encrypt(raw)
assert_equal raw, rsapriv.decrypt(enc_legacy)
enc_new = rsapub.encrypt(raw)
assert_equal raw, rsapriv.private_decrypt(enc_new)
unless OpenSSL.fips_mode
raw = "data"
enc_legacy = rsapub.public_encrypt(raw)
assert_equal raw, rsapriv.decrypt(enc_legacy)
enc_new = rsapub.encrypt(raw)
assert_equal raw, rsapriv.private_decrypt(enc_new)
end

# OAEP with default parameters
raw = "data"
Expand Down Expand Up @@ -292,53 +320,67 @@ def test_to_der
end

def test_RSAPrivateKey
rsa1024 = Fixtures.pkey("rsa1024")
rsa = Fixtures.pkey("rsa2048")
asn1 = OpenSSL::ASN1::Sequence([
OpenSSL::ASN1::Integer(0),
OpenSSL::ASN1::Integer(rsa1024.n),
OpenSSL::ASN1::Integer(rsa1024.e),
OpenSSL::ASN1::Integer(rsa1024.d),
OpenSSL::ASN1::Integer(rsa1024.p),
OpenSSL::ASN1::Integer(rsa1024.q),
OpenSSL::ASN1::Integer(rsa1024.dmp1),
OpenSSL::ASN1::Integer(rsa1024.dmq1),
OpenSSL::ASN1::Integer(rsa1024.iqmp)
OpenSSL::ASN1::Integer(rsa.n),
OpenSSL::ASN1::Integer(rsa.e),
OpenSSL::ASN1::Integer(rsa.d),
OpenSSL::ASN1::Integer(rsa.p),
OpenSSL::ASN1::Integer(rsa.q),
OpenSSL::ASN1::Integer(rsa.dmp1),
OpenSSL::ASN1::Integer(rsa.dmq1),
OpenSSL::ASN1::Integer(rsa.iqmp)
])
key = OpenSSL::PKey::RSA.new(asn1.to_der)
assert_predicate key, :private?
assert_same_rsa rsa1024, key
assert_same_rsa rsa, key

pem = <<~EOF
-----BEGIN RSA PRIVATE KEY-----
MIICXgIBAAKBgQDLwsSw1ECnPtT+PkOgHhcGA71nwC2/nL85VBGnRqDxOqjVh7Cx
aKPERYHsk4BPCkE3brtThPWc9kjHEQQ7uf9Y1rbCz0layNqHyywQEVLFmp1cpIt/
Q3geLv8ZD9pihowKJDyMDiN6ArYUmZczvW4976MU3+l54E6lF/JfFEU5hwIDAQAB
AoGBAKSl/MQarye1yOysqX6P8fDFQt68VvtXkNmlSiKOGuzyho0M+UVSFcs6k1L0
maDE25AMZUiGzuWHyaU55d7RXDgeskDMakD1v6ZejYtxJkSXbETOTLDwUWTn618T
gnb17tU1jktUtU67xK/08i/XodlgnQhs6VoHTuCh3Hu77O6RAkEA7+gxqBuZR572
74/akiW/SuXm0SXPEviyO1MuSRwtI87B02D0qgV8D1UHRm4AhMnJ8MCs1809kMQE
JiQUCrp9mQJBANlt2ngBO14us6NnhuAseFDTBzCHXwUUu1YKHpMMmxpnGqaldGgX
sOZB3lgJsT9VlGf3YGYdkLTNVbogQKlKpB8CQQDiSwkb4vyQfDe8/NpU5Not0fII
8jsDUCb+opWUTMmfbxWRR3FBNu8wnym/m19N4fFj8LqYzHX4KY0oVPu6qvJxAkEA
wa5snNekFcqONLIE4G5cosrIrb74sqL8GbGb+KuTAprzj5z1K8Bm0UW9lTjVDjDi
qRYgZfZSL+x1P/54+xTFSwJAY1FxA/N3QPCXCjPh5YqFxAMQs2VVYTfg+t0MEcJD
dPMQD5JX6g5HKnHFg2mZtoXQrWmJSn7p8GJK8yNTopEErA==
MIIEpAIBAAKCAQEAuV9ht9J7k4NBs38jOXvvTKY9gW8nLICSno5EETR1cuF7i4pN
s9I1QJGAFAX0BEO4KbzXmuOvfCpD3CU+Slp1enenfzq/t/e/1IRW0wkJUJUFQign
4CtrkJL+P07yx18UjyPlBXb81ApEmAB5mrJVSrWmqbjs07JbuS4QQGGXLc+Su96D
kYKmSNVjBiLxVVSpyZfAY3hD37d60uG+X8xdW5v68JkRFIhdGlb6JL8fllf/A/bl
NwdJOhVr9mESHhwGjwfSeTDPfd8ZLE027E5lyAVX9KZYcU00mOX+fdxOSnGqS/8J
DRh0EPHDL15RcJjV2J6vZjPb0rOYGDoMcH+94wIDAQABAoIBAAzsamqfYQAqwXTb
I0CJtGg6msUgU7HVkOM+9d3hM2L791oGHV6xBAdpXW2H8LgvZHJ8eOeSghR8+dgq
PIqAffo4x1Oma+FOg3A0fb0evyiACyrOk+EcBdbBeLo/LcvahBtqnDfiUMQTpy6V
seSoFCwuN91TSCeGIsDpRjbG1vxZgtx+uI+oH5+ytqJOmfCksRDCkMglGkzyfcl0
Xc5CUhIJ0my53xijEUQl19rtWdMnNnnkdbG8PT3LZlOta5Do86BElzUYka0C6dUc
VsBDQ0Nup0P6rEQgy7tephHoRlUGTYamsajGJaAo1F3IQVIrRSuagi7+YpSpCqsW
wORqorkCgYEA7RdX6MDVrbw7LePnhyuaqTiMK+055/R1TqhB1JvvxJ1CXk2rDL6G
0TLHQ7oGofd5LYiemg4ZVtWdJe43BPZlVgT6lvL/iGo8JnrncB9Da6L7nrq/+Rvj
XGjf1qODCK+LmreZWEsaLPURIoR/Ewwxb9J2zd0CaMjeTwafJo1CZvcCgYEAyCgb
aqoWvUecX8VvARfuA593Lsi50t4MEArnOXXcd1RnXoZWhbx5rgO8/ATKfXr0BK/n
h2GF9PfKzHFm/4V6e82OL7gu/kLy2u9bXN74vOvWFL5NOrOKPM7Kg+9I131kNYOw
Ivnr/VtHE5s0dY7JChYWE1F3vArrOw3T00a4CXUCgYEA0SqY+dS2LvIzW4cHCe9k
IQqsT0yYm5TFsUEr4sA3xcPfe4cV8sZb9k/QEGYb1+SWWZ+AHPV3UW5fl8kTbSNb
v4ng8i8rVVQ0ANbJO9e5CUrepein2MPL0AkOATR8M7t7dGGpvYV0cFk8ZrFx0oId
U0PgYDotF/iueBWlbsOM430CgYEAqYI95dFyPI5/AiSkY5queeb8+mQH62sdcCCr
vd/w/CZA/K5sbAo4SoTj8dLk4evU6HtIa0DOP63y071eaxvRpTNqLUOgmLh+D6gS
Cc7TfLuFrD+WDBatBd5jZ+SoHccVrLR/4L8jeodo5FPW05A+9gnKXEXsTxY4LOUC
9bS4e1kCgYAqVXZh63JsMwoaxCYmQ66eJojKa47VNrOeIZDZvd2BPVf30glBOT41
gBoDG3WMPZoQj9pb7uMcrnvs4APj2FIhMU8U15LcPAj59cD6S6rWnAxO8NFK7HQG
4Jxg3JNNf8ErQoCHb1B3oVdXJkmbJkARoDpBKmTCgKtP8ADYLmVPQw==
-----END RSA PRIVATE KEY-----
EOF
key = OpenSSL::PKey::RSA.new(pem)
assert_same_rsa rsa1024, key
assert_same_rsa rsa, key

assert_equal asn1.to_der, rsa1024.to_der
assert_equal pem, rsa1024.export
assert_equal asn1.to_der, rsa.to_der
assert_equal pem, rsa.export

# Unknown PEM prepended
cert = issue_cert(OpenSSL::X509::Name.new([["CN", "nobody"]]), rsa1024, 1, [], nil, nil)
str = cert.to_text + cert.to_pem + rsa1024.to_pem
cert = issue_cert(OpenSSL::X509::Name.new([["CN", "nobody"]]), rsa, 1, [], nil, nil)
str = cert.to_text + cert.to_pem + rsa.to_pem
key = OpenSSL::PKey::RSA.new(str)
assert_same_rsa rsa1024, key
assert_same_rsa rsa, key
end

def test_RSAPrivateKey_encrypted
omit_on_fips

rsa1024 = Fixtures.pkey("rsa1024")
# key = abcdef
pem = <<~EOF
Expand Down Expand Up @@ -438,6 +480,8 @@ def test_PUBKEY
end

def test_pem_passwd
omit_on_fips

key = Fixtures.pkey("rsa1024")
pem3c = key.to_pem("aes-128-cbc", "key")
assert_match (/ENCRYPTED/), pem3c
Expand Down Expand Up @@ -484,41 +528,54 @@ def test_private_encoding
end

def test_private_encoding_encrypted
rsa1024 = Fixtures.pkey("rsa1024")
encoded = rsa1024.private_to_der("aes-128-cbc", "abcdef")
rsa = Fixtures.pkey("rsa2048")
encoded = rsa.private_to_der("aes-128-cbc", "abcdef")
asn1 = OpenSSL::ASN1.decode(encoded) # PKCS #8 EncryptedPrivateKeyInfo
assert_kind_of OpenSSL::ASN1::Sequence, asn1
assert_equal 2, asn1.value.size
assert_not_equal rsa1024.private_to_der, encoded
assert_same_rsa rsa1024, OpenSSL::PKey.read(encoded, "abcdef")
assert_same_rsa rsa1024, OpenSSL::PKey.read(encoded) { "abcdef" }
assert_not_equal rsa.private_to_der, encoded
assert_same_rsa rsa, OpenSSL::PKey.read(encoded, "abcdef")
assert_same_rsa rsa, OpenSSL::PKey.read(encoded) { "abcdef" }
assert_raise(OpenSSL::PKey::PKeyError) { OpenSSL::PKey.read(encoded, "abcxyz") }

encoded = rsa1024.private_to_pem("aes-128-cbc", "abcdef")
encoded = rsa.private_to_pem("aes-128-cbc", "abcdef")
assert_match (/BEGIN ENCRYPTED PRIVATE KEY/), encoded.lines[0]
assert_same_rsa rsa1024, OpenSSL::PKey.read(encoded, "abcdef")
assert_same_rsa rsa, OpenSSL::PKey.read(encoded, "abcdef")

# certtool --load-privkey=test/fixtures/pkey/rsa1024.pem --to-p8 --password=abcdef
# certtool --load-privkey=test/openssl/fixtures/pkey/rsa2048.pem --to-p8 --password=abcdef
pem = <<~EOF
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIICojAcBgoqhkiG9w0BDAEDMA4ECLqajUdSNfzwAgIEkQSCAoCDWhxr1HUrKLXA
FsFGGQfPT0aKH4gZipaSXXQRl0KwifHwHoDtfo/mAkJVZMnUVOm1AQ4LTFS3EdTy
JUwICGEQHb7QAiokIRoi0K2yHhOxVO8qgbnWuisWpiT6Ru1jCqTs/wcqlqF7z2jM
oXDk/vuekKst1DDXDcHrzhDkwhCQWj6jt1r2Vwaryy0FyeqsWAgBDiK2LsnCgkGD
21uhNZ/iWMG6tvY9hB8MDdiBJ41YdSG/AKLulAxQ1ibJz0Tasu66TmwFvWhBlME+
QbqfgmkgWg5buu53SvDfCA47zXihclbtdfW+U3CJ9OJkx0535TVdZbuC1QgKXvG7
4iKGFRMWYJqZvZM3GL4xbC75AxjXZsdCfV81VjZxjeU6ung/NRzCuCUcmBOQzo1D
Vv6COwAa6ttQWM0Ti8oIQHdu5Qi+nuOEHDLxCxD962M37H99sEO5cESjmrGVxhEo
373L4+11geGSCajdp0yiAGnXQfwaKta8cL693bRObN+b1Y+vqtDKH26N9a4R3qgg
2XwgQ5GH5CODoXZpi0wxncXO+3YuuhGeArtzKSXLNxHzIMlY7wZX+0e9UU03zfV/
aOe4/q5DpkNxgHePt0oEpamSKY5W3jzVi1dlFWsRjud1p/Grt2zjSWTYClBlJqG1
A/3IeDZCu+acaePJjFyv5dFffIj2l4bAYB+LFrZlSu3F/EimO/dCDWJ9JGlMK0aF
l9brh7786Mo+YfyklaqMMEHBbbR2Es7PR6Gt7lrcIXmzy9XSsxT6IiD1rG9KKR3i
CQxTup6JAx9w1q+adL+Ypikoy3gGD/ccUY6TtPoCmkQwSCS+JqQnFlCiThDJbu+V
eqqUNkZq
MIIFOTBjBgkqhkiG9w0BBQ0wVjA1BgkqhkiG9w0BBQwwKAQSsTIsinrhNMr4owUz
cwYGgB0lAgMJJ8ACARAwCgYIKoZIhvcNAgkwHQYJYIZIAWUDBAECBBDtDYqmQOLV
Nh0T0DslWgovBIIE0ESbJey2Pjf9brTp9/41CPnI9Ev78CGSv8Ihyuynu6G7oj7N
G7jUB1pVMQ7ivebF5DmM0qHAix6fDqJetB3WCnRQpMLyIdq5VrnKwFNhwGYduWA5
IyaAc4DHj02e6YLyBTIKpu79OSFxLrnLCRaTbvZIUQaGhyd6pB7iAhqz5YBC0rpa
iMK5TRlNGPYG9n2eGFOhvUsbJ4T8VDzjpVWw0VNRaukXtg4xiR6o1f0qSXqAb5d9
REq5DfaQfoOKTV9j7KJHDRrBQG81vkU4K+xILrCBfbcYb82aCoinwSep9LC30HaH
LZ0hYQOuD/k/UbgjToS2wyMnkz75MN5ZNhDMZl/mACQdsMMtIxG37Mpo1Ca33uZi
71TCOEKIblZS11L1YhIni9Af8pOuHJBWwezP2zN2nPwV6OhgL7Jlax7ICQOPC6L/
yRGgC5eT4lDDAuTy0IdUhr0r5XrFzZR0/5Vgsq9cGfk9QkXOoETRhQVkEfUDdCs6
6CK+SwUR9qh5824ShODFG0SQpsqBPIVtkGrypBSUJtICmGMOAsclB7RDN7/opJwp
qv/iRJ5dhWrhRgQ/DfYifvO5On7RgC2hm48gF3Pt6XCA857ryyYxLYeMY42tAUqp
Hmc9HL7bMYF/jl3cJ32+gLvI3PBVvrvyeAhRo6z7MFVe9I04OywV6BHUx1Us6ybF
qkYnSpcJZdu7HyvzXm7XWLFmt7K5BlAgnFsa/8+cI1BGPgQRc1j0SWepXsSwFZX6
JkNQ0dewq4uRJXbGyQgfh5I5ETpqDhSt2JfBwAoze6cx3DPC711PUamxyWMiejs+
mYdia4p62NxaUvyXWmCGIEOzajRwywEhf9OLAmfqTN41TIrEL4BUxqtzDyw8Nl8T
KB7nJEC366jFASfumNQkXXyH5yBIF+XwwSKUOObRZVn2rUzFToo51hHu9efxHoXa
jZlpfglWijkmOuwoIGlGHOq8gUn76oq9WbV+YO+fWm/mf4S3ECzmYzxb6a1uCTy/
Itkm2qOe3yTM1t+oCqZ0/MeTZ84ALQaWv5reQfjronPZ1jeNtxrYz28tJ4KwBn0U
bJReXbOLsHAymipncxlmaevbx4GPTduu/lbpxefoN95w+SpEdyTmVWrfaCTgAbad
EzcRl60my3xOMQ7CaUbRgGiwohqHDvuXzeqoZ96u6CwfAoEfy4jETmKLRH6uTtj7
4jdTyoqyizjpvaM8LPspBS+oqFwLxBjpseQuScrZO1BjPxrImLy2/VRqwJ+CF4FB
iijEgDgDc1EMIGe5YmOAV+i22n9RqX+2IvkYp7CWXrB9/lmirLFukd7hT8DLPUGq
AvSZwTPbDPoZKG3DAebC3DbiC7A3x0KZp24doNRLamZ/MyKHo2Rzl0UhkzDU0ly2
eAnyNYsOAQck+C6L+ieD95Gksm9YJWurwttm5JragbIJwMCrsBQd4bXDkKdRhxS2
JpS0dT/aoDmgTzoG07x4cZk0rjBkfX1ta0j0b1lz7/PZXl9AbRvFdq5sJpmv4Ryz
S+OERqo4IEfJJq2WJ92WR+HLGV3Gvsdb7znZTEF1tp4pWOLAt83Pry282UJxO7Pe
ySf/868TEmXams06GYvH+7cMiIT2m9Dc+EFgNaPmm0uMmJ+ZjqHKSOLzrL7C
-----END ENCRYPTED PRIVATE KEY-----
EOF
assert_same_rsa rsa1024, OpenSSL::PKey.read(pem, "abcdef")
assert_same_rsa rsa, OpenSSL::PKey.read(pem, "abcdef")
end

def test_dup
Expand Down