aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGibheer <gibheer@gmail.com>2015-10-30 13:53:06 +0100
committerGibheer <gibheer@gmail.com>2015-10-30 13:53:06 +0100
commitb90b0c1191c559a60d4f30633266fc4c0a76ae4b (patch)
tree400ff3ae257ec9541c1ba4e40cf55e2fd785f066
parent31b375782b55972b4ac7719d9bd1f3fadf1874f9 (diff)
downloadgitea-b90b0c1191c559a60d4f30633266fc4c0a76ae4b.tar.gz
gitea-b90b0c1191c559a60d4f30633266fc4c0a76ae4b.zip
move minimum key sizes to config
This moves the minimum key sizes into the config file, so that anyone can modify the restrictions.
-rw-r--r--conf/app.ini10
-rw-r--r--models/publickey.go14
-rw-r--r--modules/setting/setting.go6
3 files changed, 18 insertions, 12 deletions
diff --git a/conf/app.ini b/conf/app.ini
index 2a1a568d8e..3a8233f541 100644
--- a/conf/app.ini
+++ b/conf/app.ini
@@ -116,6 +116,16 @@ DISABLE_MINIMUM_KEY_SIZE_CHECK = false
; Enable captcha validation for registration
ENABLE_CAPTCHA = true
+; used to filter keys which are too short
+[service.minimum_key_sizes]
+ED25519 = 256
+ECDSA = 256
+NTRU = 1087
+MCE = 1702
+McE = 1702
+RSA = 1024
+DSA = 1024
+
[webhook]
; Hook task queue length
QUEUE_LENGTH = 1000
diff --git a/models/publickey.go b/models/publickey.go
index 6c0ffc0c78..04ae4c42fc 100644
--- a/models/publickey.go
+++ b/models/publickey.go
@@ -117,16 +117,6 @@ func (key *PublicKey) GetAuthorizedString() string {
return fmt.Sprintf(_TPL_PUBLICK_KEY, appPath, key.ID, setting.CustomConf, key.Content)
}
-var minimumKeySizes = map[string]int{
- "(ED25519)": 256,
- "(ECDSA)": 256,
- "(NTRU)": 1087,
- "(MCE)": 1702,
- "(McE)": 1702,
- "(RSA)": 1024,
- "(DSA)": 1024,
-}
-
func extractTypeFromBase64Key(key string) (string, error) {
b, err := base64.StdEncoding.DecodeString(key)
if err != nil || len(b) < 4 {
@@ -251,8 +241,8 @@ func CheckPublicKeyString(content string) (_ string, err error) {
if keySize == 0 {
return "", errors.New("cannot get key size of the given key")
}
- keyType := strings.TrimSpace(sshKeygenOutput[len(sshKeygenOutput)-1])
- if minimumKeySize := minimumKeySizes[keyType]; minimumKeySize == 0 {
+ keyType := strings.Trim(sshKeygenOutput[len(sshKeygenOutput)-1], " ()")
+ if minimumKeySize := setting.Service.MinimumKeySizes[keyType]; minimumKeySize == 0 {
return "", errors.New("sorry, unrecognized public key type")
} else if keySize < minimumKeySize {
return "", fmt.Errorf("the minimum accepted size of a public key %s is %d", keyType, minimumKeySize)
diff --git a/modules/setting/setting.go b/modules/setting/setting.go
index 88209b25b6..722287a07c 100644
--- a/modules/setting/setting.go
+++ b/modules/setting/setting.go
@@ -434,6 +434,7 @@ var Service struct {
EnableReverseProxyAuth bool
EnableReverseProxyAutoRegister bool
DisableMinimumKeySizeCheck bool
+ MinimumKeySizes map[string]int
EnableCaptcha bool
}
@@ -449,6 +450,11 @@ func newService() {
Service.EnableReverseProxyAutoRegister = sec.Key("ENABLE_REVERSE_PROXY_AUTO_REGISTRATION").MustBool()
Service.DisableMinimumKeySizeCheck = sec.Key("DISABLE_MINIMUM_KEY_SIZE_CHECK").MustBool()
Service.EnableCaptcha = sec.Key("ENABLE_CAPTCHA").MustBool()
+
+ minimumKeySizes := Cfg.Section("service.minimum_key_sizes").Keys()
+ for _, key := range minimumKeySizes {
+ Service.MinimumKeySizes[key.Name()] = key.MustInt()
+ }
}
var logLevels = map[string]string{