From 5c3a32396d6fc7dd21cf06d6bfdf594649ac7812 Mon Sep 17 00:00:00 2001 From: aeris Date: Fri, 11 Nov 2016 16:59:33 +0100 Subject: [PATCH] Separate ECC from RSA for key status --- lib/cryptcheck/tls.rb | 13 +++++---- lib/cryptcheck/tls/fixture.rb | 51 +++++++++++++++++++---------------- lib/cryptcheck/tls/server.rb | 8 ++---- 3 files changed, 36 insertions(+), 36 deletions(-) diff --git a/lib/cryptcheck/tls.rb b/lib/cryptcheck/tls.rb index ab80d3d..0137972 100644 --- a/lib/cryptcheck/tls.rb +++ b/lib/cryptcheck/tls.rb @@ -16,16 +16,15 @@ module CryptCheck end def self.key_to_s(key) - size = key.rsa_equivalent_size type_color = case key.type when :ecc then { color: :green } - when :dsa then { color: :yellow } - end - size_color = case size - when 0...1024 then { color: :white, background: :red } - when 1024...2048 then { color: :yellow } - when 4096...::Float::INFINITY then { color: :green } + when :dsa then { color: :red } end + size_color = case key.status + when :error then { color: :white, background: :red } + when :warning then { color: :yellow } + when :success then { color: :green } + end "#{key.type.to_s.upcase.colorize type_color} #{key.size.to_s.colorize size_color} bits" end end diff --git a/lib/cryptcheck/tls/fixture.rb b/lib/cryptcheck/tls/fixture.rb index 298203f..257a0f5 100644 --- a/lib/cryptcheck/tls/fixture.rb +++ b/lib/cryptcheck/tls/fixture.rb @@ -22,20 +22,17 @@ class ::OpenSSL::PKey::EC self.group.degree end - def rsa_equivalent_size - case self.size - when 160 then 1024 - when 224 then 2048 - when 256 then 3072 - when 384 then 7680 - when 521 then 15360 - when 571 then 21000 - end - end - def to_s "ECC #{self.size} bits" end + + def status + case self.size + when 0...160 then :error + when 160...256 then :warning + when 384...::Float::INFINITY then :success + end + end end class ::OpenSSL::PKey::RSA @@ -47,13 +44,17 @@ class ::OpenSSL::PKey::RSA self.n.num_bits end - def rsa_equivalent_size - self.size - end - def to_s "RSA #{self.size} bits" end + + def status + case self.size + when 0...1024 then :error + when 1024...2048 then :warning + when 4096...::Float::INFINITY then :success + end + end end class ::OpenSSL::PKey::DSA @@ -65,13 +66,13 @@ class ::OpenSSL::PKey::DSA self.p.num_bits end - def rsa_equivalent_size - self.size - end - def to_s "DSA #{self.size} bits" end + + def status + return :error + end end class ::OpenSSL::PKey::DH @@ -83,11 +84,15 @@ class ::OpenSSL::PKey::DH self.p.num_bits end - def rsa_equivalent_size - self.size - end - def to_s "DH #{self.size} bits" end + + def status + case self.size + when 0...1024 then :error + when 1024...2048 then :warning + when 4096...::Float::INFINITY then :success + end + end end diff --git a/lib/cryptcheck/tls/server.rb b/lib/cryptcheck/tls/server.rb index b6bea12..fdf7150 100644 --- a/lib/cryptcheck/tls/server.rb +++ b/lib/cryptcheck/tls/server.rb @@ -91,7 +91,7 @@ module CryptCheck end def key_size - @cert.public_key.rsa_equivalent_size + @cert.public_key.size end def ssl? @@ -180,11 +180,7 @@ module CryptCheck end # secp192r1 secp256r1 - SUPPORTED_CURVES = %w(sect163k1 sect163r1 sect163r2 sect193r1 sect193r2 - sect233k1 sect233r1 sect239k1 sect283k1 sect283r1 - sect409k1 sect409r1 sect571k1 sect571r1 secp160k1 - secp160r1 secp160r2 secp192k1 secp224k1 - secp224r1 secp256k1 secp384r1 secp521r1) + SUPPORTED_CURVES = %w(secp160k1 secp160r1 secp160r2 sect163k1 sect163r1 sect163r2 secp192k1 sect193r1 sect193r2 secp224k1 secp224r1 sect233k1 sect233r1 sect239k1 secp256k1 sect283k1 sect283r1 secp384r1 sect409k1 sect409r1 secp521r1 sect571k1 sect571r1) def ssl_client(method, ciphers = nil, curves = nil, &block) ssl_context = ::OpenSSL::SSL::SSLContext.new method