Browse Source

Separate ECC from RSA for key status

master
aeris 2 years ago
parent
commit
5c3a32396d
3 changed files with 36 additions and 36 deletions
  1. 6
    7
      lib/cryptcheck/tls.rb
  2. 28
    23
      lib/cryptcheck/tls/fixture.rb
  3. 2
    6
      lib/cryptcheck/tls/server.rb

+ 6
- 7
lib/cryptcheck/tls.rb View File

@@ -16,16 +16,15 @@ module CryptCheck
end

def self.key_to_s(key)
size = key.rsa_equivalent_size
type_color = case key.type
when :ecc then { color: :green }
when :dsa then { color: :yellow }
end
size_color = case size
when 0...1024 then { color: :white, background: :red }
when 1024...2048 then { color: :yellow }
when 4096...::Float::INFINITY then { color: :green }
when :dsa then { color: :red }
end
size_color = case key.status
when :error then { color: :white, background: :red }
when :warning then { color: :yellow }
when :success then { color: :green }
end
"#{key.type.to_s.upcase.colorize type_color} #{key.size.to_s.colorize size_color} bits"
end
end

+ 28
- 23
lib/cryptcheck/tls/fixture.rb View File

@@ -22,20 +22,17 @@ class ::OpenSSL::PKey::EC
self.group.degree
end

def rsa_equivalent_size
case self.size
when 160 then 1024
when 224 then 2048
when 256 then 3072
when 384 then 7680
when 521 then 15360
when 571 then 21000
end
end

def to_s
"ECC #{self.size} bits"
end

def status
case self.size
when 0...160 then :error
when 160...256 then :warning
when 384...::Float::INFINITY then :success
end
end
end

class ::OpenSSL::PKey::RSA
@@ -47,13 +44,17 @@ class ::OpenSSL::PKey::RSA
self.n.num_bits
end

def rsa_equivalent_size
self.size
end

def to_s
"RSA #{self.size} bits"
end

def status
case self.size
when 0...1024 then :error
when 1024...2048 then :warning
when 4096...::Float::INFINITY then :success
end
end
end

class ::OpenSSL::PKey::DSA
@@ -65,13 +66,13 @@ class ::OpenSSL::PKey::DSA
self.p.num_bits
end

def rsa_equivalent_size
self.size
end

def to_s
"DSA #{self.size} bits"
end

def status
return :error
end
end

class ::OpenSSL::PKey::DH
@@ -83,11 +84,15 @@ class ::OpenSSL::PKey::DH
self.p.num_bits
end

def rsa_equivalent_size
self.size
end

def to_s
"DH #{self.size} bits"
end

def status
case self.size
when 0...1024 then :error
when 1024...2048 then :warning
when 4096...::Float::INFINITY then :success
end
end
end

+ 2
- 6
lib/cryptcheck/tls/server.rb View File

@@ -91,7 +91,7 @@ module CryptCheck
end

def key_size
@cert.public_key.rsa_equivalent_size
@cert.public_key.size
end

def ssl?
@@ -180,11 +180,7 @@ module CryptCheck
end

# secp192r1 secp256r1
SUPPORTED_CURVES = %w(sect163k1 sect163r1 sect163r2 sect193r1 sect193r2
sect233k1 sect233r1 sect239k1 sect283k1 sect283r1
sect409k1 sect409r1 sect571k1 sect571r1 secp160k1
secp160r1 secp160r2 secp192k1 secp224k1
secp224r1 secp256k1 secp384r1 secp521r1)
SUPPORTED_CURVES = %w(secp160k1 secp160r1 secp160r2 sect163k1 sect163r1 sect163r2 secp192k1 sect193r1 sect193r2 secp224k1 secp224r1 sect233k1 sect233r1 sect239k1 secp256k1 sect283k1 sect283r1 secp384r1 sect409k1 sect409r1 secp521r1 sect571k1 sect571r1)

def ssl_client(method, ciphers = nil, curves = nil, &block)
ssl_context = ::OpenSSL::SSL::SSLContext.new method

Loading…
Cancel
Save