Separate ECC from RSA for key status

7 years ago · 5c3a32396d
parent 04ae17945d
commit 5c3a32396d
3 changed files with 36 additions and 36 deletions
--- a/lib/cryptcheck/tls.rb
+++ b/lib/cryptcheck/tls.rb
@ -16,16 +16,15 @@ module CryptCheck
 		end

 		def self.key_to_s(key)
-			size       = key.rsa_equivalent_size
 			type_color = case key.type
 							 when :ecc then { color: :green }
-							 when :dsa then { color: :yellow }
-						 end
-			size_color = case size
-							 when 0...1024 then { color: :white, background: :red }
-							 when 1024...2048 then { color: :yellow }
-							 when 4096...::Float::INFINITY then { color: :green }
+							 when :dsa then { color: :red }
 						 end
+			size_color = case key.status
+							when :error then { color: :white, background: :red }
+							when :warning then { color: :yellow }
+							when :success then { color: :green }
+						end
 			"#{key.type.to_s.upcase.colorize type_color} #{key.size.to_s.colorize size_color} bits"
 		end
 	end
--- a/lib/cryptcheck/tls/fixture.rb
+++ b/lib/cryptcheck/tls/fixture.rb
@ -22,20 +22,17 @@ class ::OpenSSL::PKey::EC
 		self.group.degree
 	end

-	def rsa_equivalent_size
-		case self.size
-			when 160 then 1024
-			when 224 then 2048
-			when 256 then 3072
-			when 384 then 7680
-			when 521 then 15360
-			when 571 then 21000
-		end
-	end
-
 	def to_s
 		"ECC #{self.size} bits"
 	end
+
+	def status
+		case self.size
+			when 0...160 then :error
+			when 160...256 then :warning
+			when 384...::Float::INFINITY then :success
+		end
+	end
 end

 class ::OpenSSL::PKey::RSA
@ -47,13 +44,17 @@ class ::OpenSSL::PKey::RSA
 		self.n.num_bits
 	end

-	def rsa_equivalent_size
-		self.size
-	end
-
 	def to_s
 		"RSA #{self.size} bits"
 	end
+
+	def status
+		case self.size
+			when 0...1024 then :error
+			when 1024...2048 then :warning
+			when 4096...::Float::INFINITY then :success
+		end
+	end
 end

 class ::OpenSSL::PKey::DSA
@ -65,13 +66,13 @@ class ::OpenSSL::PKey::DSA
 		self.p.num_bits
 	end

-	def rsa_equivalent_size
-		self.size
-	end
-
 	def to_s
 		"DSA #{self.size} bits"
 	end
+
+	def status
+		return :error
+	end
 end

 class ::OpenSSL::PKey::DH
@ -83,11 +84,15 @@ class ::OpenSSL::PKey::DH
 		self.p.num_bits
 	end

-	def rsa_equivalent_size
-		self.size
-	end
-
 	def to_s
 		"DH #{self.size} bits"
 	end
+
+	def status
+		case self.size
+			when 0...1024 then :error
+			when 1024...2048 then :warning
+			when 4096...::Float::INFINITY then :success
+		end
+	end
 end
--- a/lib/cryptcheck/tls/server.rb
+++ b/lib/cryptcheck/tls/server.rb
@ -91,7 +91,7 @@ module CryptCheck
 			end

 			def key_size
-				@cert.public_key.rsa_equivalent_size
+				@cert.public_key.size
 			end

 			def ssl?
@ -180,11 +180,7 @@ module CryptCheck
 			end

 			# secp192r1 secp256r1
-			SUPPORTED_CURVES = %w(sect163k1 sect163r1 sect163r2 sect193r1 sect193r2
-									sect233k1 sect233r1 sect239k1 sect283k1 sect283r1
-									sect409k1 sect409r1 sect571k1 sect571r1 secp160k1
-									secp160r1 secp160r2 secp192k1 secp224k1
-									secp224r1 secp256k1 secp384r1 secp521r1)
+			SUPPORTED_CURVES = %w(secp160k1 secp160r1 secp160r2 sect163k1 sect163r1 sect163r2 secp192k1 sect193r1 sect193r2 secp224k1 secp224r1 sect233k1 sect233r1 sect239k1 secp256k1 sect283k1 sect283r1 secp384r1 sect409k1 sect409r1 secp521r1 sect571k1 sect571r1)

 			def ssl_client(method, ciphers = nil, curves = nil, &block)
 				ssl_context         = ::OpenSSL::SSL::SSLContext.new method