Browse Source

Separate ECC from RSA for key status

master
aeris 2 years ago
parent
commit
5c3a32396d
3 changed files with 36 additions and 36 deletions
  1. 6
    7
      lib/cryptcheck/tls.rb
  2. 28
    23
      lib/cryptcheck/tls/fixture.rb
  3. 2
    6
      lib/cryptcheck/tls/server.rb

+ 6
- 7
lib/cryptcheck/tls.rb View File

@@ -16,16 +16,15 @@ module CryptCheck
16 16
 		end
17 17
 
18 18
 		def self.key_to_s(key)
19
-			size       = key.rsa_equivalent_size
20 19
 			type_color = case key.type
21 20
 							 when :ecc then { color: :green }
22
-							 when :dsa then { color: :yellow }
23
-						 end
24
-			size_color = case size
25
-							 when 0...1024 then { color: :white, background: :red }
26
-							 when 1024...2048 then { color: :yellow }
27
-							 when 4096...::Float::INFINITY then { color: :green }
21
+							 when :dsa then { color: :red }
28 22
 						 end
23
+			size_color = case key.status
24
+							when :error then { color: :white, background: :red }
25
+							when :warning then { color: :yellow }
26
+							when :success then { color: :green }
27
+						end
29 28
 			"#{key.type.to_s.upcase.colorize type_color} #{key.size.to_s.colorize size_color} bits"
30 29
 		end
31 30
 	end

+ 28
- 23
lib/cryptcheck/tls/fixture.rb View File

@@ -22,20 +22,17 @@ class ::OpenSSL::PKey::EC
22 22
 		self.group.degree
23 23
 	end
24 24
 
25
-	def rsa_equivalent_size
26
-		case self.size
27
-			when 160 then 1024
28
-			when 224 then 2048
29
-			when 256 then 3072
30
-			when 384 then 7680
31
-			when 521 then 15360
32
-			when 571 then 21000
33
-		end
34
-	end
35
-
36 25
 	def to_s
37 26
 		"ECC #{self.size} bits"
38 27
 	end
28
+
29
+	def status
30
+		case self.size
31
+			when 0...160 then :error
32
+			when 160...256 then :warning
33
+			when 384...::Float::INFINITY then :success
34
+		end
35
+	end
39 36
 end
40 37
 
41 38
 class ::OpenSSL::PKey::RSA
@@ -47,13 +44,17 @@ class ::OpenSSL::PKey::RSA
47 44
 		self.n.num_bits
48 45
 	end
49 46
 
50
-	def rsa_equivalent_size
51
-		self.size
52
-	end
53
-
54 47
 	def to_s
55 48
 		"RSA #{self.size} bits"
56 49
 	end
50
+
51
+	def status
52
+		case self.size
53
+			when 0...1024 then :error
54
+			when 1024...2048 then :warning
55
+			when 4096...::Float::INFINITY then :success
56
+		end
57
+	end
57 58
 end
58 59
 
59 60
 class ::OpenSSL::PKey::DSA
@@ -65,13 +66,13 @@ class ::OpenSSL::PKey::DSA
65 66
 		self.p.num_bits
66 67
 	end
67 68
 
68
-	def rsa_equivalent_size
69
-		self.size
70
-	end
71
-
72 69
 	def to_s
73 70
 		"DSA #{self.size} bits"
74 71
 	end
72
+
73
+	def status
74
+		return :error
75
+	end
75 76
 end
76 77
 
77 78
 class ::OpenSSL::PKey::DH
@@ -83,11 +84,15 @@ class ::OpenSSL::PKey::DH
83 84
 		self.p.num_bits
84 85
 	end
85 86
 
86
-	def rsa_equivalent_size
87
-		self.size
88
-	end
89
-
90 87
 	def to_s
91 88
 		"DH #{self.size} bits"
92 89
 	end
90
+
91
+	def status
92
+		case self.size
93
+			when 0...1024 then :error
94
+			when 1024...2048 then :warning
95
+			when 4096...::Float::INFINITY then :success
96
+		end
97
+	end
93 98
 end

+ 2
- 6
lib/cryptcheck/tls/server.rb View File

@@ -91,7 +91,7 @@ module CryptCheck
91 91
 			end
92 92
 
93 93
 			def key_size
94
-				@cert.public_key.rsa_equivalent_size
94
+				@cert.public_key.size
95 95
 			end
96 96
 
97 97
 			def ssl?
@@ -180,11 +180,7 @@ module CryptCheck
180 180
 			end
181 181
 
182 182
 			# secp192r1 secp256r1
183
-			SUPPORTED_CURVES = %w(sect163k1 sect163r1 sect163r2 sect193r1 sect193r2
184
-									sect233k1 sect233r1 sect239k1 sect283k1 sect283r1
185
-									sect409k1 sect409r1 sect571k1 sect571r1 secp160k1
186
-									secp160r1 secp160r2 secp192k1 secp224k1
187
-									secp224r1 secp256k1 secp384r1 secp521r1)
183
+			SUPPORTED_CURVES = %w(secp160k1 secp160r1 secp160r2 sect163k1 sect163r1 sect163r2 secp192k1 sect193r1 sect193r2 secp224k1 secp224r1 sect233k1 sect233r1 sect239k1 secp256k1 sect283k1 sect283r1 secp384r1 sect409k1 sect409r1 secp521r1 sect571k1 sect571r1)
188 184
 
189 185
 			def ssl_client(method, ciphers = nil, curves = nil, &block)
190 186
 				ssl_context         = ::OpenSSL::SSL::SSLContext.new method

Loading…
Cancel
Save