coolaj86
/
gitroast
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

move minimum key sizes to config 

This moves the minimum key sizes into the config file, so that anyone
can modify the restrictions.
This commit is contained in:
Gibheer 2015-10-30 13:53:06 +01:00
parent 31b375782b
commit b90b0c1191
3 changed files with 18 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
conf/app.ini
View File

@ -116,6 +116,16 @@ DISABLE_MINIMUM_KEY_SIZE_CHECK = false
; Enable captcha validation for registration ; Enable captcha validation for registration
ENABLE_CAPTCHA = true ENABLE_CAPTCHA = true
; used to filter keys which are too short
[service.minimum_key_sizes]
ED25519 = 256
ECDSA = 256
NTRU = 1087
MCE = 1702
McE = 1702
RSA = 1024
DSA = 1024
[webhook] [webhook]
; Hook task queue length ; Hook task queue length
QUEUE_LENGTH = 1000 QUEUE_LENGTH = 1000

14
models/publickey.go
View File

@ -117,16 +117,6 @@ func (key *PublicKey) GetAuthorizedString() string {
return fmt.Sprintf(_TPL_PUBLICK_KEY, appPath, key.ID, setting.CustomConf, key.Content) return fmt.Sprintf(_TPL_PUBLICK_KEY, appPath, key.ID, setting.CustomConf, key.Content)
} }
var minimumKeySizes = map[string]int{
"(ED25519)": 256,
"(ECDSA)": 256,
"(NTRU)": 1087,
"(MCE)": 1702,
"(McE)": 1702,
"(RSA)": 1024,
"(DSA)": 1024,
}
func extractTypeFromBase64Key(key string) (string, error) { func extractTypeFromBase64Key(key string) (string, error) {
b, err := base64.StdEncoding.DecodeString(key) b, err := base64.StdEncoding.DecodeString(key)
if err != nil || len(b) < 4 { if err != nil || len(b) < 4 {
@ -251,8 +241,8 @@ func CheckPublicKeyString(content string) (_ string, err error) {
if keySize == 0 { if keySize == 0 {
return "", errors.New("cannot get key size of the given key") return "", errors.New("cannot get key size of the given key")
} }
keyType := strings.TrimSpace(sshKeygenOutput[len(sshKeygenOutput)-1]) keyType := strings.Trim(sshKeygenOutput[len(sshKeygenOutput)-1], " ()")
if minimumKeySize := minimumKeySizes[keyType]; minimumKeySize == 0 { if minimumKeySize := setting.Service.MinimumKeySizes[keyType]; minimumKeySize == 0 {
return "", errors.New("sorry, unrecognized public key type") return "", errors.New("sorry, unrecognized public key type")
} else if keySize < minimumKeySize { } else if keySize < minimumKeySize {
return "", fmt.Errorf("the minimum accepted size of a public key %s is %d", keyType, minimumKeySize) return "", fmt.Errorf("the minimum accepted size of a public key %s is %d", keyType, minimumKeySize)

6
modules/setting/setting.go
View File

@ -434,6 +434,7 @@ var Service struct {
EnableReverseProxyAuth bool EnableReverseProxyAuth bool
EnableReverseProxyAutoRegister bool EnableReverseProxyAutoRegister bool
DisableMinimumKeySizeCheck bool DisableMinimumKeySizeCheck bool
MinimumKeySizes map[string]int
EnableCaptcha bool EnableCaptcha bool
} }
@ -449,6 +450,11 @@ func newService() {
Service.EnableReverseProxyAutoRegister = sec.Key("ENABLE_REVERSE_PROXY_AUTO_REGISTRATION").MustBool() Service.EnableReverseProxyAutoRegister = sec.Key("ENABLE_REVERSE_PROXY_AUTO_REGISTRATION").MustBool()
Service.DisableMinimumKeySizeCheck = sec.Key("DISABLE_MINIMUM_KEY_SIZE_CHECK").MustBool() Service.DisableMinimumKeySizeCheck = sec.Key("DISABLE_MINIMUM_KEY_SIZE_CHECK").MustBool()
Service.EnableCaptcha = sec.Key("ENABLE_CAPTCHA").MustBool() Service.EnableCaptcha = sec.Key("ENABLE_CAPTCHA").MustBool()
minimumKeySizes := Cfg.Section("service.minimum_key_sizes").Keys()
for _, key := range minimumKeySizes {
Service.MinimumKeySizes[key.Name()] = key.MustInt()
}
} }
var logLevels = map[string]string{ var logLevels = map[string]string{