Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-03 23:39:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

correct signature keysizes, FIX #249

Browse Source
This commit is contained in:
Dirk 2016-02-01 10:19:23 +01:00
parent c62abaf215
commit 0bfe12742e
1 changed files with 41 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
testssl.sh
View File

@ -2875,26 +2875,50 @@ certificate_info() {
outln "(couldn't determine)" outln "(couldn't determine)"
fileout "$heading key_size" "WARN" "Server keys size cannot be determined" fileout "$heading key_size" "WARN" "Server keys size cannot be determined"
else else
if [[ "$keysize" -le 768 ]]; then # https://tools.ietf.org/html/rfc4492, http://www.keylength.com/en/compare/
if [[ $sig_algo =~ ecdsa ]] || [[ $key_algo =~ ecPublicKey ]]; then # http://infoscience.epfl.ch/record/164526/files/NPDF-22.pdf
pr_litegreen "EC $keysize" # see http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57_part1_rev3_general.pdf
fileout "$heading key_size" "OK" "Server keys $keysize bits EC (OK)" # Table 2 @ chapter 5.6.1 (~ p64)
if [[ $sig_algo =~ ecdsa ]] || [[ $key_algo =~ ecPublicKey ]]; then
if [[ "$keysize" -le 110 ]]; then # a guess
pr_red "$keysize"
fileout "$heading key_size" "NOT OK" "Server keys $keysize EC bits (NOT ok)"
elif [[ "$keysize" -le 123 ]]; then # a guess
pr_litered "$keysize"
fileout "$heading key_size" "NOT OK" "Server keys $keysize EC bits (NOT ok)"
elif [[ "$keysize" -le 163 ]]; then
pr_brown "$keysize"
fileout "$heading key_size" "NOT OK" "Server keys $keysize EC bits (NOT ok)"
elif [[ "$keysize" -le 224 ]]; then
out "$keysize"
fileout "$heading key_size" "INFO" "Server keys $keysize EC bits"
elif [[ "$keysize" -le 533 ]]; then
pr_litegreen "$keysize"
fileout "$heading key_size" "OK" "Server keys $keysize EC bits (OK)"
else else
out "keysize: $keysize (not expected, FIXME)"
fileout "$heading key_size" "WARN" "Server keys $keysize bits (not expected)"
fi
else
if [[ "$keysize" -le 512 ]]; then
pr_red "$keysize" pr_red "$keysize"
fileout "$heading key_size" "NOT OK" "Server keys $keysize bits (NOT ok)" fileout "$heading key_size" "NOT OK" "Server keys $keysize bits (NOT ok)"
elif [[ "$keysize" -le 768 ]]; then
pr_litered "$keysize"
fileout "$heading key_size" "NOT OK" "Server keys $keysize bits (NOT ok)"
elif [[ "$keysize" -le 1024 ]]; then
pr_brown "$keysize"
fileout "$heading key_size" "NOT OK" "Server keys $keysize bits (NOT ok)"
elif [[ "$keysize" -le 2048 ]]; then
out "$keysize"
fileout "$heading key_size" "INFO" "Server keys $keysize bits"
elif [[ "$keysize" -le 4096 ]]; then
pr_litegreen "$keysize"
fileout "$heading key_size" "OK" "Server keys $keysize bits (OK)"
else
out "weird keysize: $keysize (compatibility problems)"
fileout "$heading key_size" "WARN" "Server keys $keysize bits (Odd)"
fi fi
elif [[ "$keysize" -le 1024 ]]; then
pr_brown "$keysize"
fileout "$heading key_size" "NOT OK" "Server keys $keysize bits (NOT ok)"
elif [[ "$keysize" -le 2048 ]]; then
out "$keysize"
fileout "$heading key_size" "INFO" "Server keys $keysize bits"
elif [[ "$keysize" -le 4096 ]]; then
pr_litegreen "$keysize"
fileout "$heading key_size" "OK" "Server keys $keysize bits (OK)"
else
out "weird keysize: $keysize"
fileout "$heading key_size" "WARN" "Server keys $keysize bits (Odd)"
fi fi
fi fi
outln " bit" outln " bit"
@ -6684,4 +6708,4 @@ fi
exit $? exit $?
# $Id: testssl.sh,v 1.452 2016/01/31 22:53:12 dirkw Exp $ # $Id: testssl.sh,v 1.453 2016/02/01 09:18:25 dirkw Exp $