Merge pull request #1871 from Gibheer/config_minimum_key_sizes

move minimum key sizes to config
This commit is contained in:
无闻 2015-11-01 12:39:12 -05:00
commit 50058b3c6d
3 changed files with 18 additions and 12 deletions

View file

@ -116,6 +116,16 @@ DISABLE_MINIMUM_KEY_SIZE_CHECK = false
; Enable captcha validation for registration ; Enable captcha validation for registration
ENABLE_CAPTCHA = true ENABLE_CAPTCHA = true
; used to filter keys which are too short
[service.minimum_key_sizes]
ED25519 = 256
ECDSA = 256
NTRU = 1087
MCE = 1702
McE = 1702
RSA = 1024
DSA = 1024
[webhook] [webhook]
; Hook task queue length ; Hook task queue length
QUEUE_LENGTH = 1000 QUEUE_LENGTH = 1000

View file

@ -117,16 +117,6 @@ func (key *PublicKey) GetAuthorizedString() string {
return fmt.Sprintf(_TPL_PUBLICK_KEY, appPath, key.ID, setting.CustomConf, key.Content) return fmt.Sprintf(_TPL_PUBLICK_KEY, appPath, key.ID, setting.CustomConf, key.Content)
} }
var minimumKeySizes = map[string]int{
"(ED25519)": 256,
"(ECDSA)": 256,
"(NTRU)": 1087,
"(MCE)": 1702,
"(McE)": 1702,
"(RSA)": 1024,
"(DSA)": 1024,
}
func extractTypeFromBase64Key(key string) (string, error) { func extractTypeFromBase64Key(key string) (string, error) {
b, err := base64.StdEncoding.DecodeString(key) b, err := base64.StdEncoding.DecodeString(key)
if err != nil || len(b) < 4 { if err != nil || len(b) < 4 {
@ -251,8 +241,8 @@ func CheckPublicKeyString(content string) (_ string, err error) {
if keySize == 0 { if keySize == 0 {
return "", errors.New("cannot get key size of the given key") return "", errors.New("cannot get key size of the given key")
} }
keyType := strings.TrimSpace(sshKeygenOutput[len(sshKeygenOutput)-1]) keyType := strings.Trim(sshKeygenOutput[len(sshKeygenOutput)-1], " ()")
if minimumKeySize := minimumKeySizes[keyType]; minimumKeySize == 0 { if minimumKeySize := setting.Service.MinimumKeySizes[keyType]; minimumKeySize == 0 {
return "", errors.New("sorry, unrecognized public key type") return "", errors.New("sorry, unrecognized public key type")
} else if keySize < minimumKeySize { } else if keySize < minimumKeySize {
return "", fmt.Errorf("the minimum accepted size of a public key %s is %d", keyType, minimumKeySize) return "", fmt.Errorf("the minimum accepted size of a public key %s is %d", keyType, minimumKeySize)

View file

@ -435,6 +435,7 @@ var Service struct {
EnableReverseProxyAuth bool EnableReverseProxyAuth bool
EnableReverseProxyAutoRegister bool EnableReverseProxyAutoRegister bool
DisableMinimumKeySizeCheck bool DisableMinimumKeySizeCheck bool
MinimumKeySizes map[string]int
EnableCaptcha bool EnableCaptcha bool
} }
@ -450,6 +451,11 @@ func newService() {
Service.EnableReverseProxyAutoRegister = sec.Key("ENABLE_REVERSE_PROXY_AUTO_REGISTRATION").MustBool() Service.EnableReverseProxyAutoRegister = sec.Key("ENABLE_REVERSE_PROXY_AUTO_REGISTRATION").MustBool()
Service.DisableMinimumKeySizeCheck = sec.Key("DISABLE_MINIMUM_KEY_SIZE_CHECK").MustBool() Service.DisableMinimumKeySizeCheck = sec.Key("DISABLE_MINIMUM_KEY_SIZE_CHECK").MustBool()
Service.EnableCaptcha = sec.Key("ENABLE_CAPTCHA").MustBool() Service.EnableCaptcha = sec.Key("ENABLE_CAPTCHA").MustBool()
minimumKeySizes := Cfg.Section("service.minimum_key_sizes").Keys()
for _, key := range minimumKeySizes {
Service.MinimumKeySizes[key.Name()] = key.MustInt()
}
} }
var logLevels = map[string]string{ var logLevels = map[string]string{