From d47601f41351c2cec3ae932ef4a81df184c83246 Mon Sep 17 00:00:00 2001 From: David Cooper Date: Wed, 25 Jan 2017 10:41:36 -0500 Subject: [PATCH 1/2] Print unsupported ciphers in light grey This PR changes testssl.sh so that when ciphers are being listed in wide mode (i.e., using `neat_list()`) and the `--show-each` option is set, ciphers that are not available are printed in light grey, whereas ciphers that are available continue to be printed in black. This makes it easier to distinguish between ciphers that are available and those that are not (the "available/"not a/v" column remains). This PR does not change the way that ciphers that are available are printed, but it includes a hook that would allow that to change. For example, for ciphers that are available, the name of the cipher suite could be printed in a different color depending on its quality (as is done for the "Negotiated cipher" in `run_server_preference()`). The same could be done for the "Encryption" and "Bits" columns. --- testssl.sh | 68 ++++++++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 56 insertions(+), 12 deletions(-) diff --git a/testssl.sh b/testssl.sh index f70c699..469f414 100755 --- a/testssl.sh +++ b/testssl.sh @@ -2187,10 +2187,14 @@ neat_header(){ # arg2: cipher in openssl notation # arg3: keyexchange # arg4: encryption (maybe included "export") +# arg5: "true" if the cipher's "quality" should be highlighted +# "false" if the line should be printed in light grey +# empty if line should be printed in black neat_list(){ local hexcode="$1" local ossl_cipher="$2" tls_cipher="" local kx enc strength + local -i i str_len kx="${3//Kx=/}" enc="${4//Enc=/}" @@ -2217,6 +2221,46 @@ neat_list(){ kx="$kx " done fi + if [[ -n "$5" ]]; then + # FIXME: When $5 is true, highlight ciphers based on quality. + if [[ "$5" == "false" ]]; then + str_len=${#hexcode} + hexcode="$(pr_litegrey "$hexcode")" + for (( i=str_len; i < 7; i++ )); do + hexcode+=" " + done + + str_len=${#kx} + kx="$(pr_litegrey "$kx")" + for (( i=str_len; i < 10; i++ )); do + kx+=" " + done + + str_len=${#enc} + enc="$(pr_litegrey "$enc")" + for (( i=str_len; i < 10; i++ )); do + enc+=" " + done + + str_len=${#strength} + strength="$(pr_litegrey "$strength")" + for (( i=str_len; i < 8; i++ )); do + strength+=" " + done + + str_len=${#tls_cipher} + tls_cipher="$(pr_litegrey "$tls_cipher")" + for (( i=str_len; i < 49; i++ )); do + tls_cipher+=" " + done + + str_len=${#ossl_cipher} + ossl_cipher="$(pr_litegrey "$ossl_cipher")" + for (( i=str_len; i < 33; i++ )); do + ossl_cipher+=" " + done + fi + fi #echo "${#kx}" # should be always 20 / 13 printf -- " %-7s %-33s %-10s %-10s%-8s${ADD_RFC_STR:+ %-49s}${SHOW_EACH_C:+ %-0s}" "$hexcode" "$ossl_cipher" "$kx" "$enc" "$strength" "$tls_cipher" } @@ -2469,12 +2513,12 @@ test_just_one(){ for (( i=0; i < nr_ciphers; i++ )); do export="${export2[i]}" - neat_list "${normalized_hexcode[i]}" "${ciph[i]}" "${kx[i]}" "${enc[i]}" + neat_list "${normalized_hexcode[i]}" "${ciph[i]}" "${kx[i]}" "${enc[i]}" "${ciphers_found[i]}" if "${ciphers_found[i]}"; then pr_cyan " available" fileout "cipher_${normalized_hexcode[i]}" "INFO" "$(neat_list "${normalized_hexcode[i]}" "${ciph[i]}" "${kx[i]}" "${enc[i]}") available" else - out " not a/v" + pr_litegrey " not a/v" fileout "cipher_${normalized_hexcode[i]}" "INFO" "$(neat_list "${normalized_hexcode[i]}" "${ciph[i]}" "${kx[i]}" "${enc[i]}") not a/v" fi outln @@ -2720,7 +2764,7 @@ run_allciphers() { for (( i=0 ; i Date: Mon, 30 Jan 2017 09:32:47 -0500 Subject: [PATCH 2/2] Just print entire line in light grey --- testssl.sh | 49 +++++++------------------------------------------ 1 file changed, 7 insertions(+), 42 deletions(-) diff --git a/testssl.sh b/testssl.sh index 137ba4f..0cc0573 100755 --- a/testssl.sh +++ b/testssl.sh @@ -2203,8 +2203,7 @@ neat_header(){ neat_list(){ local hexcode="$1" local ossl_cipher="$2" tls_cipher="" - local kx enc strength - local -i i str_len + local kx enc strength line kx="${3//Kx=/}" enc="${4//Enc=/}" @@ -2220,6 +2219,12 @@ neat_list(){ [[ -n "$ADD_RFC_STR" ]] && tls_cipher="$(show_rfc_style "$hexcode")" + if [[ "$5" == "false" ]]; then + line="$(printf -- " %-7s %-33s %-10s %-10s%-8s${ADD_RFC_STR:+ %-49s}${SHOW_EACH_C:+ %-0s}" "$hexcode" "$ossl_cipher" "$kx" "$enc" "$strength" "$tls_cipher")" + pr_litegrey "$line" + return 0 + fi + #printf -- "%q" "$kx" | xxd | head -1 # length correction for color escape codes (printf counts the escape color codes!!) if printf -- "%q" "$kx" | egrep -aq '.;3.m|E\[1m' ; then # here's a color code which screws up the formatting with printf below @@ -2231,46 +2236,6 @@ neat_list(){ kx="$kx " done fi - if [[ -n "$5" ]]; then - # FIXME: When $5 is true, highlight ciphers based on quality. - if [[ "$5" == "false" ]]; then - str_len=${#hexcode} - hexcode="$(pr_litegrey "$hexcode")" - for (( i=str_len; i < 7; i++ )); do - hexcode+=" " - done - - str_len=${#kx} - kx="$(pr_litegrey "$kx")" - for (( i=str_len; i < 10; i++ )); do - kx+=" " - done - - str_len=${#enc} - enc="$(pr_litegrey "$enc")" - for (( i=str_len; i < 10; i++ )); do - enc+=" " - done - - str_len=${#strength} - strength="$(pr_litegrey "$strength")" - for (( i=str_len; i < 8; i++ )); do - strength+=" " - done - - str_len=${#tls_cipher} - tls_cipher="$(pr_litegrey "$tls_cipher")" - for (( i=str_len; i < 49; i++ )); do - tls_cipher+=" " - done - - str_len=${#ossl_cipher} - ossl_cipher="$(pr_litegrey "$ossl_cipher")" - for (( i=str_len; i < 33; i++ )); do - ossl_cipher+=" " - done - fi - fi #echo "${#kx}" # should be always 20 / 13 printf -- " %-7s %-33s %-10s %-10s%-8s${ADD_RFC_STR:+ %-49s}${SHOW_EACH_C:+ %-0s}" "$hexcode" "$ossl_cipher" "$kx" "$enc" "$strength" "$tls_cipher" }