Add details for ciphers

v1
Aeris 2016-04-26 19:18:59 +02:00
parent 18c204509f
commit 1602a62674
5 changed files with 251 additions and 43 deletions

View File

@ -37,6 +37,18 @@ body {
background-color: #000;
}
table.center td {
text-align: center;
}
td.error {
background-color: #ddd;
}
td.primary {
background-color: $state-info-bg;
}
.progress-bar-default {
background-color: $label-default-bg;
}

View File

@ -3,6 +3,10 @@ module CheckHelper
"<span class=\"label label-#{color} %>\">#{value}</span>".html_safe
end
def cell(value, color)
"<td class=\"#{color}\">#{value}</td>".html_safe
end
def rank_color(rank)
case rank
when 'A+' then
@ -59,7 +63,7 @@ module CheckHelper
def key_label(key)
return label('Aucune', :error) unless key
label "#{key.type.upcase} #{key[:size]} bits", color_key(key)
label "#{key.type.upcase} #{key[:size]} bits", key_color(key)
end
def key_labels(keys)
@ -68,12 +72,13 @@ module CheckHelper
end
def cipher_size_label(cipher)
size = cipher.size
size = cipher.size if cipher.is_a? CryptCheck::Tls::Cipher
label "#{size} bits", cipher_color(size)
end
def color_key(key)
case key.rsa_size
def key_color(key)
case key&.rsa_size
when nil then :default
when 0...1024 then :error
when 1024...2048 then :danger
when 2048...4096 then :warning
@ -83,6 +88,7 @@ module CheckHelper
def cipher_color(key)
case key
when nil then :default
when 0...112 then :error
when 112...128 then :danger
when 128...256 then :success
@ -107,4 +113,87 @@ module CheckHelper
cipher.state.collect { |c, ls| ls.collect { |l| label l.upcase, c } }
.flatten(1).join("\n").html_safe
end
def cipher_kex_type_cell(kex)
color = case kex
when :ecdh then :primary
when :dh then :success
when :rsa then :warning
else :error
end
kex ||= 'None'
cell kex.to_s.upcase, color
end
def cipher_kex_size_cell(kex)
color = key_color kex
cell kex&.[](:size), color
end
def cipher_auth_type_cell(auth)
color = case auth
when :ecdsa then :primary
when :rsa then :default
else :error
end
auth ||= 'None'
cell auth.to_s.upcase, color
end
def cipher_auth_size_cell(auth)
color = key_color auth
cell auth&.[](:size), color
end
def cipher_enc_type_cell(enc)
color = case enc
when :chacha20 then :primary
when :aes then :success
when :camellia, :seed, :idea then :default
when :'3des' then :danger
else :error
end
enc ||= 'NONE'
cell enc.to_s.upcase, color
end
def cipher_enc_key_size_cell(enc)
enc ||= 0
color = cipher_color enc
cell enc, color
end
def cipher_enc_block_size_cell(enc)
return cell '', :default unless enc
color = cipher_color enc
cell enc, color
end
def cipher_enc_mode_cell(enc)
color = case enc
when :gcm, :ccm then :primary
when :cbc then :warning
end
enc ||= ''
cell enc.to_s.upcase, color
end
def cipher_mac_type_cell(mac)
color = case mac
when :poly1305 then :primary
when :sha384, :sha256 then :success
when :sha1 then :default
when :md5 then :error
end
cell mac.to_s.upcase, color
end
def cipher_mac_size_cell(mac)
cell mac, nil
end
def cipher_pfs_cell(pfs)
return cell 'PFS', :success if pfs
cell 'No PFS', :warning
end
end

View File

@ -75,29 +75,58 @@
</div>
<div class="row">
<div class="col-sm-12">
<table class="table table-bordered table-condensed table-striped">
<table class="table table-bordered table-condensed table-striped center">
<thead>
<tr>
<th class="col-sm-5">Algorithme</th>
<th class="col-sm-1">Clef</th>
<th class="col-sm-1">DH</th>
<th></th>
<th rowspan="2">Name</th>
<th colspan="2">Key exchange</th>
<th colspan="2">Authentification</th>
<th colspan="4">Encryption</th>
<th colspan="2">MAC</th>
<th rowspan="2">PFS</th>
</tr>
<tr>
<th>Type</th>
<th>Key size</th>
<th>Type</th>
<th>Key size</th>
<th>Type</th>
<th>Key size</th>
<th>Block size</th>
<th>Mode</th>
<th>Type</th>
<th>Size</th>
</tr>
</thead>
<tbody>
<% %w(TLSv1_2 TLSv1_1 TLSv1 SSLv3 SSLv2).each do |protocol|
ciphers = CryptCheck::Tls::Cipher.sort(@result.ciphers.select { |c| c.protocol == protocol }
.collect { |c| CryptCheck::Tls::Cipher.new protocol, [c.name, nil, c[:size]], c.dh })
<% CryptCheck::Tls::Server::EXISTING_METHODS.each do |protocol|
ciphers = CryptCheck::Tls::Cipher.sort(@result.ciphers.select { |c| c.protocol == protocol.to_s }
.collect { |c| CryptCheck::Tls::Cipher.new protocol, [c.name, nil, c[:size]], c.dh, @result[:key] })
unless ciphers.empty? %>
<tr>
<th colspan="3"><%= protocol_label protocol %></th>
<th colspan="12"><%= protocol_label protocol %></th>
</tr>
<% ciphers.each do |cipher| %>
<% ciphers.each do |cipher|
params = cipher.params
kex = params[:kex]
auth = params[:auth]
enc = params[:enc]
mac = params[:mac]
pfs = params[:pfs]
%>
<tr>
<th><%= cipher_name_label cipher %></th>
<td><%= cipher_size_label cipher %></td>
<td><%= key_label cipher.dh if cipher.dh %></td>
<td><%= cipher_labels cipher %></td>
<%= cipher_kex_type_cell kex&.first %>
<%= cipher_kex_size_cell kex&.last %>
<%= cipher_auth_type_cell auth&.first %>
<%= cipher_auth_size_cell auth&.last %>
<%= cipher_enc_type_cell enc&.first %>
<%= cipher_enc_key_size_cell enc&.[] 1 %>
<%= cipher_enc_block_size_cell enc&.[] 2 %>
<%= cipher_enc_mode_cell enc&.last %>
<%= cipher_mac_type_cell mac&.first %>
<%= cipher_mac_size_cell mac&.last %>
<%= cipher_pfs_cell pfs %>
</tr>
<% end end end %>
</tbody>

View File

@ -1,19 +1,44 @@
<div class="container">
<div class="row">
<table class="table-bordered table-condensed table-striped col-sm-12">
<table class="table table-bordered table-condensed table-striped center col-sm-12">
<thead>
<tr>
<th class="col-sm-6">Algorithme</th>
<th class="col-sm-1">Taille</th>
<td class="col-sm-5"></td>
<th rowspan="2">Name</th>
<th rowspan="2">Key exchange</th>
<th rowspan="2">Authentification</th>
<th colspan="4">Encryption</th>
<th colspan="2">MAC</th>
<th rowspan="2">PFS</th>
</tr>
<tr>
<th>Type</th>
<th>Key size</th>
<th>Block size</th>
<th>Mode</th>
<th>Type</th>
<th>Size</th>
</tr>
</thead>
<tbody>
<% CryptCheck::Tls::Cipher.list.each do |cipher| %>
<% CryptCheck::Tls::Cipher.list.each do |cipher|
params = cipher.params
kex = params[:kex]
auth = params[:auth]
enc = params[:enc]
mac = params[:mac]
pfs = params[:pfs]
%>
<tr>
<th><%= cipher_name_label cipher %></th>
<th><%= cipher_size_label cipher %></th>
<th><%= cipher_labels cipher %></th>
<%= cipher_kex_type_cell kex&.first %>
<%= cipher_auth_type_cell auth&.first %>
<%= cipher_enc_type_cell enc&.first %>
<%= cipher_enc_key_size_cell enc&.[] 1 %>
<%= cipher_enc_block_size_cell enc&.[] 2 %>
<%= cipher_enc_mode_cell enc&.last %>
<%= cipher_mac_type_cell mac&.first %>
<%= cipher_mac_size_cell mac&.last %>
<%= cipher_pfs_cell pfs %>
</tr>
<% end %>
</tbody>

View File

@ -5,11 +5,24 @@
</div>
</div>
<div class="row">
<table class="table-bordered table-condensed table-striped col-sm-12">
<table class="table table-bordered table-condensed table-striped col-sm-12">
<thead>
<tr>
<th class="col-sm-4">Navigateur</th>
<th class="col-sm-8" colspan="3">Cipher</th>
<th rowspan="2">Navigateur</th>
<th rowspan="2">Name</th>
<th rowspan="2">Key exchange</th>
<th rowspan="2">Authentification</th>
<th colspan="4">Encryption</th>
<th colspan="2">MAC</th>
<th rowspan="2">PFS</th>
</tr>
<tr>
<th>Type</th>
<th>Key size</th>
<th>Block size</th>
<th>Mode</th>
<th>Type</th>
<th>Size</th>
</tr>
</thead>
<tbody>
@ -17,16 +30,31 @@
iana_ciphers = Hash[@ciphers.collect { |c| [Rails.application.config.openssl_ciphers[c.name], c] }]
Rails.application.config.user_agents_ciphers.each do |ua, support|
cipher = (support['ciphers'].collect(&:first) & iana_ciphers.keys).first
cipher = iana_ciphers[cipher] if cipher
if cipher
cipher = iana_ciphers[cipher]
params = cipher.params
kex = params[:kex]
auth = params[:auth]
enc = params[:enc]
mac = params[:mac]
pfs = params[:pfs]
end
%>
<tr>
<th><%= ua %></th>
<% if cipher %>
<td><%= cipher_name_label cipher %></td>
<td><%= cipher_size_label cipher %></td>
<td><%= cipher_labels cipher %></td>
<th><%= cipher_name_label cipher %></th>
<%= cipher_kex_type_cell kex&.first %>
<%= cipher_auth_type_cell auth&.first %>
<%= cipher_enc_type_cell enc&.first %>
<%= cipher_enc_key_size_cell enc&.[] 1 %>
<%= cipher_enc_block_size_cell enc&.[] 2 %>
<%= cipher_enc_mode_cell enc&.last %>
<%= cipher_mac_type_cell mac&.first %>
<%= cipher_mac_size_cell mac&.last %>
<%= cipher_pfs_cell pfs %>
<% else %>
<td colspan="3"><%= label('Non supporté', :error) %></td>
<td colspan="10"><%= label('Non supporté', :error) %></td>
<% end %>
</tr>
<% end %>
@ -35,23 +63,48 @@
</div>
<br/>
<div class="row">
<table class="table-bordered table-condensed table-striped col-sm-12">
<table class="table table-bordered table-condensed table-striped center col-sm-12">
<thead>
<tr>
<th class="col-sm-4">Algorithme</th>
<th class="col-sm-1">Taille</th>
<td class="col-sm-7"></td>
</tr>
<tr>
<th rowspan="2">Name</th>
<th rowspan="2">Key exchange</th>
<th rowspan="2">Authentification</th>
<th colspan="4">Encryption</th>
<th colspan="2">MAC</th>
<th rowspan="2">PFS</th>
</tr>
<tr>
<th>Type</th>
<th>Key size</th>
<th>Block size</th>
<th>Mode</th>
<th>Type</th>
<th>Size</th>
</tr>
</thead>
<tbody>
<% @ciphers.each do |cipher| %>
<% @ciphers.each do |cipher|
params = cipher.params
kex = params[:kex]
auth = params[:auth]
enc = params[:enc]
mac = params[:mac]
pfs = params[:pfs]
%>
<tr>
<th><%= cipher_name_label cipher %></th>
<th><%= cipher_size_label cipher %></th>
<th><%= cipher_labels cipher %></th>
<%= cipher_kex_type_cell kex&.first %>
<%= cipher_auth_type_cell auth&.first %>
<%= cipher_enc_type_cell enc&.first %>
<%= cipher_enc_key_size_cell enc&.[] 1 %>
<%= cipher_enc_block_size_cell enc&.[] 2 %>
<%= cipher_enc_mode_cell enc&.last %>
<%= cipher_mac_type_cell mac&.first %>
<%= cipher_mac_size_cell mac&.last %>
<%= cipher_pfs_cell pfs %>
</tr>
<% end %>
</tbody>
<% end %>
</tbody>
</table>
</div>
</div>