Increase default minimum RSA key length to 2048 bits

Signed-off-by: Rémy Coutable <remy@rymai.me>
author: Rémy Coutable <remy@rymai.me> 2017-02-22 18:58:54 +0100
committer: Rémy Coutable <remy@rymai.me> 2017-02-23 10:36:13 +0100
commit: 3e3198b87d7dbd2adf71bdb5135ce878840f6c30 (patch)
tree: 3c1ae6e5e62149d5c6bf846eb096e28f3adb4b46
parent: b58e2b519ab691c07e8f8f0e480609e4fda87014 (diff)
download: gitlab-ce-3e3198b87d7dbd2adf71bdb5135ce878840f6c30.tar.gz
6 files changed, 8 insertions, 8 deletions
diff --git a/app/models/application_setting.rb b/app/models/application_setting.rb
index b10283464d3..1818e724944 100644
--- a/app/models/application_setting.rb
+++ b/app/models/application_setting.rb
@@ -207,7 +207,7 @@ class ApplicationSetting < ActiveRecord::Base
       max_artifacts_size: Settings.artifacts['max_size'],
       max_attachment_size: Settings.gitlab['max_attachment_size'],
       minimum_ecdsa_bits: 256,
-      minimum_rsa_bits: 1024,
+      minimum_rsa_bits: 2048,
       plantuml_enabled: false,
       plantuml_url: nil,
       recaptcha_enabled: false,
diff --git a/db/migrate/20161020180657_add_minimum_key_length_to_application_settings.rb b/db/migrate/20161020180657_add_minimum_key_length_to_application_settings.rb
index 327e260484e..a7b12501e28 100644
--- a/db/migrate/20161020180657_add_minimum_key_length_to_application_settings.rb
+++ b/db/migrate/20161020180657_add_minimum_key_length_to_application_settings.rb
@@ -7,7 +7,7 @@ class AddMinimumKeyLengthToApplicationSettings < ActiveRecord::Migration
   disable_ddl_transaction!
 
   def up
-    add_column_with_default :application_settings, :minimum_rsa_bits, :integer, default: 1024
+    add_column_with_default :application_settings, :minimum_rsa_bits, :integer, default: 2048
     add_column_with_default :application_settings, :minimum_ecdsa_bits, :integer, default: 256
     add_column_with_default :application_settings, :allowed_key_types, :string, default: %w[rsa dsa ecdsa].to_yaml
   end
diff --git a/db/schema.rb b/db/schema.rb
index d39ca120dd2..60d5ce5e31b 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -98,9 +98,9 @@ ActiveRecord::Schema.define(version: 20170215200045) do
     t.text "help_page_text_html"
     t.text "shared_runners_text_html"
     t.text "after_sign_up_text_html"
-    t.integer "minimum_rsa_bits", default: 1024, null: false
     t.integer "minimum_ecdsa_bits", default: 256, null: false
     t.string "allowed_key_types", default: "---\n- rsa\n- dsa\n- ecdsa\n", null: false
+    t.integer "minimum_rsa_bits", default: 2048, null: false
     t.boolean "housekeeping_enabled", default: true, null: false
     t.boolean "housekeeping_bitmaps_enabled", default: true, null: false
     t.integer "housekeeping_incremental_repack_period", default: 10, null: false
diff --git a/spec/factories/keys.rb b/spec/factories/keys.rb
index 958eb04df7d..b8d3c26127d 100644
--- a/spec/factories/keys.rb
+++ b/spec/factories/keys.rb
@@ -1,8 +1,8 @@
 FactoryGirl.define do
-  factory :key do
+  factory :key, aliases: [:rsa_key_2048] do
     title
     key do
-      'ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAiPWx6WM4lhHNedGfBpPJNPpZ7yKu+dnn1SJejgt4596k6YjzGGphH2TUxwKzxcKDKKezwkpfnxPkSMkuEspGRt/aZZ9wa++Oi7Qkr8prgHc4soW6NUlfDzpvZK2H5E7eQaSeP3SAwGmQKUFHCddNaP0L+hM7zhFNzjFvpaMgJw0= dummy@gitlab.com'
+      'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDFf6RYK3qu/RKF/3ndJmL5xgMLp3O96x8lTay+QGZ0+9FnnAXMdUqBq/ZU6d/gyMB4IaW3nHzM1w049++yAB6UPCzMB8Uo27K5/jyZCtj7Vm9PFNjF/8am1kp46c/SeYicQgQaSBdzIW3UDEa1Ef68qroOlvpi9PYZ/tA7M0YP0K5PXX+E36zaIRnJVMPT3f2k+GnrxtjafZrwFdpOP/Fol5BQLBgcsyiU+LM1SuaCrzd8c9vyaTA1CxrkxaZh+buAi0PmdDtaDrHd42gqZkXCKavyvgM5o2CkQ5LJHCgzpXy05qNFzmThBSkb+XtoxbyagBiGbVZtSVow6Xa7qewz= dummy@gitlab.com'
     end
 
     factory :deploy_key, class: 'DeployKey' do
diff --git a/spec/lib/gitlab/ssh_public_key_spec.rb b/spec/lib/gitlab/ssh_public_key_spec.rb
index 092ca1962a3..61e6ef85a87 100644
--- a/spec/lib/gitlab/ssh_public_key_spec.rb
+++ b/spec/lib/gitlab/ssh_public_key_spec.rb
@@ -1,7 +1,7 @@
 require 'spec_helper'
 
 describe Gitlab::SSHPublicKey, lib: true do
-  let(:key) { attributes_for(:key)[:key] }
+  let(:key) { attributes_for(:rsa_key_2048)[:key] }
   let(:public_key) { described_class.new(key) }
 
   describe '.technology_names' do
diff --git a/spec/models/key_spec.rb b/spec/models/key_spec.rb
index f461b3ba49d..f0d4480d944 100644
--- a/spec/models/key_spec.rb
+++ b/spec/models/key_spec.rb
@@ -21,7 +21,7 @@ describe Key, models: true do
     it { is_expected.to validate_length_of(:key).is_at_most(5000) }
     it { is_expected.to allow_value(attributes_for(:dsa_key)[:key]).for(:key) }
     it { is_expected.to allow_value(attributes_for(:ecdsa_key)[:key]).for(:key) }
-    it { is_expected.to allow_value(attributes_for(:key)[:key]).for(:key) }
+    it { is_expected.to allow_value(attributes_for(:rsa_key_2048)[:key]).for(:key) }
     it { is_expected.not_to allow_value('foo-bar').for(:key) }
   end
 
@@ -120,7 +120,7 @@ describe Key, models: true do
     end
 
     it 'rejects a RSA key below minimum bit length' do
-      stub_application_setting(minimum_rsa_bits: 2048)
+      stub_application_setting(minimum_rsa_bits: 4096)
 
       expect(build(:key)).not_to be_valid
     end
author	Rémy Coutable <remy@rymai.me>	2017-02-22 18:58:54 +0100
committer	Rémy Coutable <remy@rymai.me>	2017-02-23 10:36:13 +0100
commit	3e3198b87d7dbd2adf71bdb5135ce878840f6c30 (patch)
tree	3c1ae6e5e62149d5c6bf846eb096e28f3adb4b46
parent	b58e2b519ab691c07e8f8f0e480609e4fda87014 (diff)
download	gitlab-ce-3e3198b87d7dbd2adf71bdb5135ce878840f6c30.tar.gz