Add missing rsa.PrivateKey into validating config

validates private keys of certs to be one of RSA, ECDSA or ED25519
pion · Apr 2, 2021 · b3e235f · b3e235f
1 parent 7afa896
commit b3e235f
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 7 deletions.
diff --git a/README.md b/README.md
@@ -150,6 +150,7 @@ Check out the **[contributing wiki](https://github.com/pion/webrtc/wiki/Contribu
 * [Jim Wert](https://github.com/bocajim)
 * [Alvaro Viebrantz](https://github.com/alvarowolfx)
 * [Kegan Dougal](https://github.com/Kegsay)
+* [Michael Zabka](https://github.com/misak113)
 
 ### License
 MIT License - see [LICENSE](LICENSE) for full text
diff --git a/config.go b/config.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"crypto/ecdsa"
 	"crypto/ed25519"
+	"crypto/rsa"
 	"crypto/tls"
 	"crypto/x509"
 	"io"
@@ -182,6 +183,7 @@ func validateConfig(config *Config) error {
 			switch cert.PrivateKey.(type) {
 			case ed25519.PrivateKey:
 			case *ecdsa.PrivateKey:
+			case *rsa.PrivateKey:
 			default:
 				return errInvalidPrivateKey
 			}

diff --git a/config_test.go b/config_test.go
@@ -1,9 +1,10 @@
 package dtls
 
 import (
+	"crypto/dsa" //nolint
+	"crypto/rand"
+	"crypto/rsa"
 	"crypto/tls"
-	"crypto/x509"
-	"encoding/pem"
 	"errors"
 	"testing"
 
@@ -68,14 +69,20 @@ func TestValidateConfig(t *testing.T) {
 	}
 
 	// Invalid private key
-	block, _ := pem.Decode([]byte(rawPrivateKey))
-	rsaKey, err := x509.ParsePKCS1PrivateKey(block.Bytes)
+	dsaPrivateKey := &dsa.PrivateKey{}
+	err = dsa.GenerateParameters(&dsaPrivateKey.Parameters, rand.Reader, dsa.L1024N160)
 	if err != nil {
-		t.Fatalf("TestValidateConfig: Config validation error(%v), parsing RSA private key", err)
+		t.Fatalf("TestValidateConfig: Config validation error(%v), DSA parameters not generated", err)
+		return
+	}
+	err = dsa.GenerateKey(dsaPrivateKey, rand.Reader)
+	if err != nil {
+		t.Fatalf("TestValidateConfig: Config validation error(%v), DSA private key not generated", err)
+		return
 	}
 	config = &Config{
 		CipherSuites: []CipherSuiteID{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
-		Certificates: []tls.Certificate{{Certificate: cert.Certificate, PrivateKey: rsaKey}},
+		Certificates: []tls.Certificate{{Certificate: cert.Certificate, PrivateKey: dsaPrivateKey}},
 	}
 	if err = validateConfig(config); !errors.Is(err, errInvalidPrivateKey) {
 		t.Fatalf("TestValidateConfig: Client error exp(%v) failed(%v)", errInvalidPrivateKey, err)
@@ -97,9 +104,14 @@ func TestValidateConfig(t *testing.T) {
 	}
 
 	// Valid config
+	rsaPrivateKey, err := rsa.GenerateKey(rand.Reader, 2048)
+	if err != nil {
+		t.Fatalf("TestValidateConfig: Config validation error(%v), RSA private key not generated", err)
+		return
+	}
 	config = &Config{
 		CipherSuites: []CipherSuiteID{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
-		Certificates: []tls.Certificate{cert},
+		Certificates: []tls.Certificate{cert, {Certificate: cert.Certificate, PrivateKey: rsaPrivateKey}},
 	}
 	if err = validateConfig(config); err != nil {
 		t.Fatalf("TestValidateConfig: Client error exp(%v) failed(%v)", nil, err)