diff options
| author | Gibheer <gibheer@gmail.com> | 2015-10-30 13:53:06 +0100 |
|---|---|---|
| committer | Gibheer <gibheer@gmail.com> | 2015-10-30 13:53:06 +0100 |
| commit | b90b0c1191c559a60d4f30633266fc4c0a76ae4b (patch) | |
| tree | 400ff3ae257ec9541c1ba4e40cf55e2fd785f066 | |
| parent | 31b375782b55972b4ac7719d9bd1f3fadf1874f9 (diff) | |
| download | gitea-b90b0c1191c559a60d4f30633266fc4c0a76ae4b.tar.gz gitea-b90b0c1191c559a60d4f30633266fc4c0a76ae4b.zip | |
move minimum key sizes to config
This moves the minimum key sizes into the config file, so that anyone
can modify the restrictions.
| -rw-r--r-- | conf/app.ini | 10 | ||||
| -rw-r--r-- | models/publickey.go | 14 | ||||
| -rw-r--r-- | modules/setting/setting.go | 6 |
3 files changed, 18 insertions, 12 deletions
diff --git a/conf/app.ini b/conf/app.ini index 2a1a568d8e..3a8233f541 100644 --- a/conf/app.ini +++ b/conf/app.ini @@ -116,6 +116,16 @@ DISABLE_MINIMUM_KEY_SIZE_CHECK = false ; Enable captcha validation for registration ENABLE_CAPTCHA = true +; used to filter keys which are too short +[service.minimum_key_sizes] +ED25519 = 256 +ECDSA = 256 +NTRU = 1087 +MCE = 1702 +McE = 1702 +RSA = 1024 +DSA = 1024 + [webhook] ; Hook task queue length QUEUE_LENGTH = 1000 diff --git a/models/publickey.go b/models/publickey.go index 6c0ffc0c78..04ae4c42fc 100644 --- a/models/publickey.go +++ b/models/publickey.go @@ -117,16 +117,6 @@ func (key *PublicKey) GetAuthorizedString() string { return fmt.Sprintf(_TPL_PUBLICK_KEY, appPath, key.ID, setting.CustomConf, key.Content) } -var minimumKeySizes = map[string]int{ - "(ED25519)": 256, - "(ECDSA)": 256, - "(NTRU)": 1087, - "(MCE)": 1702, - "(McE)": 1702, - "(RSA)": 1024, - "(DSA)": 1024, -} - func extractTypeFromBase64Key(key string) (string, error) { b, err := base64.StdEncoding.DecodeString(key) if err != nil || len(b) < 4 { @@ -251,8 +241,8 @@ func CheckPublicKeyString(content string) (_ string, err error) { if keySize == 0 { return "", errors.New("cannot get key size of the given key") } - keyType := strings.TrimSpace(sshKeygenOutput[len(sshKeygenOutput)-1]) - if minimumKeySize := minimumKeySizes[keyType]; minimumKeySize == 0 { + keyType := strings.Trim(sshKeygenOutput[len(sshKeygenOutput)-1], " ()") + if minimumKeySize := setting.Service.MinimumKeySizes[keyType]; minimumKeySize == 0 { return "", errors.New("sorry, unrecognized public key type") } else if keySize < minimumKeySize { return "", fmt.Errorf("the minimum accepted size of a public key %s is %d", keyType, minimumKeySize) diff --git a/modules/setting/setting.go b/modules/setting/setting.go index 88209b25b6..722287a07c 100644 --- a/modules/setting/setting.go +++ b/modules/setting/setting.go @@ -434,6 +434,7 @@ var Service struct { EnableReverseProxyAuth bool EnableReverseProxyAutoRegister bool DisableMinimumKeySizeCheck bool + MinimumKeySizes map[string]int EnableCaptcha bool } @@ -449,6 +450,11 @@ func newService() { Service.EnableReverseProxyAutoRegister = sec.Key("ENABLE_REVERSE_PROXY_AUTO_REGISTRATION").MustBool() Service.DisableMinimumKeySizeCheck = sec.Key("DISABLE_MINIMUM_KEY_SIZE_CHECK").MustBool() Service.EnableCaptcha = sec.Key("ENABLE_CAPTCHA").MustBool() + + minimumKeySizes := Cfg.Section("service.minimum_key_sizes").Keys() + for _, key := range minimumKeySizes { + Service.MinimumKeySizes[key.Name()] = key.MustInt() + } } var logLevels = map[string]string{ |