Add details for ciphers

app/assets/stylesheets/application.scss

@@ -37,6 +37,18 @@ body {
 	background-color: #000;
 }
 
+table.center td {
+	text-align: center;
+}
+
+td.error {
+	background-color: #ddd;
+}
+
+td.primary {
+	background-color: $state-info-bg;
+}
+
 .progress-bar-default {
 	background-color: $label-default-bg;
 }

app/helpers/check_helper.rb

@@ -3,6 +3,10 @@ module CheckHelper
 		"<span class=\"label label-#{color} %>\">#{value}</span>".html_safe
 	end
 
+	def cell(value, color)
+		"<td class=\"#{color}\">#{value}</td>".html_safe
+	end
+
 	def rank_color(rank)
 		case rank
 			when 'A+' then
@@ -59,7 +63,7 @@ module CheckHelper
 
 	def key_label(key)
 		return label('Aucune', :error) unless key
-		label "#{key.type.upcase} #{key[:size]} bits", color_key(key)
+		label "#{key.type.upcase} #{key[:size]} bits", key_color(key)
 	end
 
 	def key_labels(keys)
@@ -68,12 +72,13 @@ module CheckHelper
 	end
 
 	def cipher_size_label(cipher)
-		size = cipher.size
+		size = cipher.size if cipher.is_a? CryptCheck::Tls::Cipher
 		label "#{size} bits", cipher_color(size)
 	end
 
-	def color_key(key)
-		case key.rsa_size
+	def key_color(key)
+		case key&.rsa_size
+			when nil then :default
 			when 0...1024 then :error
 			when 1024...2048 then :danger
 			when 2048...4096 then :warning
@@ -83,6 +88,7 @@ module CheckHelper
 
 	def cipher_color(key)
 		case key
+			when nil then :default
 			when 0...112 then :error
 			when 112...128 then :danger
 			when 128...256 then :success
@@ -107,4 +113,87 @@ module CheckHelper
 		cipher.state.collect { |c, ls| ls.collect { |l| label l.upcase, c } }
 		.flatten(1).join("\n").html_safe
 	end
+
+	def cipher_kex_type_cell(kex)
+		color = case kex
+					when :ecdh then :primary
+					when :dh then :success
+					when :rsa then :warning
+					else :error
+				end
+		kex ||= 'None'
+		cell kex.to_s.upcase, color
+	end
+
+	def cipher_kex_size_cell(kex)
+		color = key_color kex
+		cell kex&.[](:size), color
+	end
+
+	def cipher_auth_type_cell(auth)
+		color = case auth
+					when :ecdsa then :primary
+					when :rsa then :default
+					else :error
+				end
+		auth ||= 'None'
+		cell auth.to_s.upcase, color
+	end
+
+	def cipher_auth_size_cell(auth)
+		color = key_color auth
+		cell auth&.[](:size), color
+	end
+
+	def cipher_enc_type_cell(enc)
+		color = case enc
+					when :chacha20 then :primary
+					when :aes then :success
+					when :camellia, :seed, :idea then :default
+					when :'3des' then :danger
+					else :error
+				end
+		enc ||= 'NONE'
+		cell enc.to_s.upcase, color
+	end
+
+	def cipher_enc_key_size_cell(enc)
+		enc ||= 0
+		color = cipher_color enc
+		cell enc, color
+	end
+
+	def cipher_enc_block_size_cell(enc)
+		return cell '', :default unless enc
+		color = cipher_color enc
+		cell enc, color
+	end
+
+	def cipher_enc_mode_cell(enc)
+		color = case enc
+					when :gcm, :ccm then :primary
+					when :cbc then :warning
+				end
+		enc ||= ''
+		cell enc.to_s.upcase, color
+	end
+
+	def cipher_mac_type_cell(mac)
+		color = case mac
+					when :poly1305 then :primary
+					when :sha384, :sha256 then :success
+					when :sha1 then :default
+					when :md5 then :error
+				end
+		cell mac.to_s.upcase, color
+	end
+
+	def cipher_mac_size_cell(mac)
+		cell mac, nil
+	end
+
+	def cipher_pfs_cell(pfs)
+		return cell 'PFS', :success if pfs
+		cell 'No PFS', :warning
+	end
 end

app/views/check/show.html.erb

@@ -75,29 +75,58 @@
 	</div>
 	<div class="row">
 		<div class="col-sm-12">
-			<table class="table table-bordered table-condensed table-striped">
+			<table class="table table-bordered table-condensed table-striped center">
 				<thead>
 					<tr>
-						<th class="col-sm-5">Algorithme</th>
-						<th class="col-sm-1">Clef</th>
-						<th class="col-sm-1">DH</th>
-						<th></th>
+						<th rowspan="2">Name</th>
+						<th colspan="2">Key exchange</th>
+						<th colspan="2">Authentification</th>
+						<th colspan="4">Encryption</th>
+						<th colspan="2">MAC</th>
+						<th rowspan="2">PFS</th>
+					</tr>
+					<tr>
+						<th>Type</th>
+						<th>Key size</th>
+						<th>Type</th>
+						<th>Key size</th>
+						<th>Type</th>
+						<th>Key size</th>
+						<th>Block size</th>
+						<th>Mode</th>
+						<th>Type</th>
+						<th>Size</th>
 					</tr>
 				</thead>
 				<tbody>
-					<% %w(TLSv1_2 TLSv1_1 TLSv1 SSLv3 SSLv2).each do |protocol|
-						ciphers = CryptCheck::Tls::Cipher.sort(@result.ciphers.select { |c| c.protocol == protocol }
-								.collect { |c| CryptCheck::Tls::Cipher.new protocol, [c.name, nil, c[:size]], c.dh })
+					<% CryptCheck::Tls::Server::EXISTING_METHODS.each do |protocol|
+						ciphers = CryptCheck::Tls::Cipher.sort(@result.ciphers.select { |c| c.protocol == protocol.to_s }
+								.collect { |c| CryptCheck::Tls::Cipher.new protocol, [c.name, nil, c[:size]], c.dh, @result[:key] })
 						unless ciphers.empty? %>
 					<tr>
-						<th colspan="3"><%= protocol_label protocol %></th>
+						<th colspan="12"><%= protocol_label protocol %></th>
 					</tr>
-						<% ciphers.each do |cipher| %>
+						<% ciphers.each do |cipher|
+							params = cipher.params
+							kex = params[:kex]
+							auth = params[:auth]
+							enc = params[:enc]
+							mac = params[:mac]
+							pfs = params[:pfs]
+						%>
 					<tr>
 						<th><%= cipher_name_label cipher %></th>
-						<td><%= cipher_size_label cipher %></td>
-						<td><%= key_label cipher.dh if cipher.dh %></td>
-						<td><%= cipher_labels cipher %></td>
+						<%= cipher_kex_type_cell kex&.first %>
+						<%= cipher_kex_size_cell kex&.last %>
+						<%= cipher_auth_type_cell auth&.first %>
+						<%= cipher_auth_size_cell auth&.last %>
+						<%= cipher_enc_type_cell enc&.first %>
+						<%= cipher_enc_key_size_cell enc&.[] 1 %>
+						<%= cipher_enc_block_size_cell enc&.[] 2 %>
+						<%= cipher_enc_mode_cell enc&.last %>
+						<%= cipher_mac_type_cell mac&.first %>
+						<%= cipher_mac_size_cell mac&.last %>
+						<%= cipher_pfs_cell pfs %>
 					</tr>
 					<% 	end end end %>
 				</tbody>

app/views/site/ciphers.html.erb

@@ -1,19 +1,44 @@
 <div class="container">
 	<div class="row">
-		<table class="table-bordered table-condensed table-striped col-sm-12">
+		<table class="table table-bordered table-condensed table-striped center col-sm-12">
 			<thead>
 				<tr>
-					<th class="col-sm-6">Algorithme</th>
-					<th class="col-sm-1">Taille</th>
-					<td class="col-sm-5"></td>
+					<th rowspan="2">Name</th>
+					<th rowspan="2">Key exchange</th>
+					<th rowspan="2">Authentification</th>
+					<th colspan="4">Encryption</th>
+					<th colspan="2">MAC</th>
+					<th rowspan="2">PFS</th>
+				</tr>
+				<tr>
+					<th>Type</th>
+					<th>Key size</th>
+					<th>Block size</th>
+					<th>Mode</th>
+					<th>Type</th>
+					<th>Size</th>
 				</tr>
 			</thead>
 			<tbody>
-				<% CryptCheck::Tls::Cipher.list.each do |cipher| %>
+				<% CryptCheck::Tls::Cipher.list.each do |cipher|
+					params = cipher.params
+					kex = params[:kex]
+					auth = params[:auth]
+					enc = params[:enc]
+					mac = params[:mac]
+					pfs = params[:pfs]
+				%>
 				<tr>
 					<th><%= cipher_name_label cipher %></th>
-					<th><%= cipher_size_label cipher %></th>
-					<th><%= cipher_labels cipher %></th>
+					<%= cipher_kex_type_cell kex&.first %>
+					<%= cipher_auth_type_cell auth&.first %>
+					<%= cipher_enc_type_cell enc&.first %>
+					<%= cipher_enc_key_size_cell enc&.[] 1 %>
+					<%= cipher_enc_block_size_cell enc&.[] 2 %>
+					<%= cipher_enc_mode_cell enc&.last %>
+					<%= cipher_mac_type_cell mac&.first %>
+					<%= cipher_mac_size_cell mac&.last %>
+					<%= cipher_pfs_cell pfs %>
 				</tr>
 				<% end %>
 			</tbody>

app/views/site/suite.html.erb

@@ -5,11 +5,24 @@
 		</div>
 	</div>
 	<div class="row">
-		<table class="table-bordered table-condensed table-striped col-sm-12">
+		<table class="table table-bordered table-condensed table-striped col-sm-12">
 			<thead>
 				<tr>
-					<th class="col-sm-4">Navigateur</th>
-					<th class="col-sm-8" colspan="3">Cipher</th>
+					<th rowspan="2">Navigateur</th>
+					<th rowspan="2">Name</th>
+					<th rowspan="2">Key exchange</th>
+					<th rowspan="2">Authentification</th>
+					<th colspan="4">Encryption</th>
+					<th colspan="2">MAC</th>
+					<th rowspan="2">PFS</th>
+				</tr>
+				<tr>
+					<th>Type</th>
+					<th>Key size</th>
+					<th>Block size</th>
+					<th>Mode</th>
+					<th>Type</th>
+					<th>Size</th>
 				</tr>
 			</thead>
 			<tbody>
@@ -17,16 +30,31 @@
 			   iana_ciphers = Hash[@ciphers.collect { |c| [Rails.application.config.openssl_ciphers[c.name], c] }]
 			   Rails.application.config.user_agents_ciphers.each do |ua, support|
 				   cipher = (support['ciphers'].collect(&:first) & iana_ciphers.keys).first
-				   cipher = iana_ciphers[cipher] if cipher
+				   if cipher
+					   cipher = iana_ciphers[cipher]
+					   params = cipher.params
+					   kex = params[:kex]
+					   auth = params[:auth]
+					   enc = params[:enc]
+					   mac = params[:mac]
+					   pfs = params[:pfs]
+				   end
 			%>
 				<tr>
 					<th><%= ua %></th>
 					<% if cipher %>
-					<td><%= cipher_name_label cipher %></td>
-					<td><%= cipher_size_label cipher %></td>
-					<td><%= cipher_labels cipher %></td>
+					<th><%= cipher_name_label cipher %></th>
+					<%= cipher_kex_type_cell kex&.first %>
+					<%= cipher_auth_type_cell auth&.first %>
+					<%= cipher_enc_type_cell enc&.first %>
+					<%= cipher_enc_key_size_cell enc&.[] 1 %>
+					<%= cipher_enc_block_size_cell enc&.[] 2 %>
+					<%= cipher_enc_mode_cell enc&.last %>
+					<%= cipher_mac_type_cell mac&.first %>
+					<%= cipher_mac_size_cell mac&.last %>
+					<%= cipher_pfs_cell pfs %>
 					<% else %>
-					<td colspan="3"><%= label('Non supporté', :error) %></td>
+					<td colspan="10"><%= label('Non supporté', :error) %></td>
 					<% end %>
 				</tr>
 			<% end %>
@@ -35,23 +63,48 @@
 	</div>
 	<br/>
 	<div class="row">
-		<table class="table-bordered table-condensed table-striped col-sm-12">
+		<table class="table table-bordered table-condensed table-striped center col-sm-12">
 			<thead>
-			<tr>
-				<th class="col-sm-4">Algorithme</th>
-				<th class="col-sm-1">Taille</th>
-				<td class="col-sm-7"></td>
-			</tr>
+				<tr>
+					<th rowspan="2">Name</th>
+					<th rowspan="2">Key exchange</th>
+					<th rowspan="2">Authentification</th>
+					<th colspan="4">Encryption</th>
+					<th colspan="2">MAC</th>
+					<th rowspan="2">PFS</th>
+				</tr>
+				<tr>
+					<th>Type</th>
+					<th>Key size</th>
+					<th>Block size</th>
+					<th>Mode</th>
+					<th>Type</th>
+					<th>Size</th>
+				</tr>
 			</thead>
 			<tbody>
-			<% @ciphers.each do |cipher| %>
+				<% @ciphers.each do |cipher|
+					params = cipher.params
+					kex = params[:kex]
+					auth = params[:auth]
+					enc = params[:enc]
+					mac = params[:mac]
+					pfs = params[:pfs]
+				%>
 				<tr>
 					<th><%= cipher_name_label cipher %></th>
-					<th><%= cipher_size_label cipher %></th>
-					<th><%= cipher_labels cipher %></th>
+					<%= cipher_kex_type_cell kex&.first %>
+					<%= cipher_auth_type_cell auth&.first %>
+					<%= cipher_enc_type_cell enc&.first %>
+					<%= cipher_enc_key_size_cell enc&.[] 1 %>
+					<%= cipher_enc_block_size_cell enc&.[] 2 %>
+					<%= cipher_enc_mode_cell enc&.last %>
+					<%= cipher_mac_type_cell mac&.first %>
+					<%= cipher_mac_size_cell mac&.last %>
+					<%= cipher_pfs_cell pfs %>
 				</tr>
-			<% end %>
-			</tbody>
+				<% end %>
+				</tbody>
 		</table>
 	</div>
 </div>