From cce7566dc8eac7ba459f3609feb5cad96cb27ce2 Mon Sep 17 00:00:00 2001 From: Magnus Larsen Date: Tue, 2 Jun 2020 16:26:55 +0200 Subject: [PATCH] Moved grade_caps to run_rating() function; added KEY_EXCH_SCORE=20 back again --- testssl.sh | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/testssl.sh b/testssl.sh index 02bb7e5..37c329b 100755 --- a/testssl.sh +++ b/testssl.sh @@ -1039,25 +1039,23 @@ set_key_str_score() { "$do_rating" || return 0 - [[ $type == DHE ]] && type_output="ephemeral DH key (DH parameters)" || type_output="key" - if [[ $type == EC || $type == EdDSA ]]; then - if [[ $size -lt 123 ]] && [[ $KEY_EXCH_SCORE -ge 40 ]]; then + if [[ $size -lt 110 ]] && [[ $KEY_EXCH_SCORE -gt 20 ]]; then + let KEY_EXCH_SCORE=20 + elif [[ $size -lt 123 ]] && [[ $KEY_EXCH_SCORE -ge 40 ]]; then let KEY_EXCH_SCORE=40 - set_grade_cap "F" "Using an insecure $type_output" elif [[ $size -lt 163 ]] && [[ $KEY_EXCH_SCORE -ge 80 ]]; then let KEY_EXCH_SCORE=80 - set_grade_cap "B" "Using a weak $type_output" elif [[ $size -lt 225 ]] && [[ $KEY_EXCH_SCORE -ge 90 ]]; then let KEY_EXCH_SCORE=90 fi else - if [[ $size -lt 1024 ]] && [[ $KEY_EXCH_SCORE -ge 40 ]]; then + if [[ $size -lt 512 ]] && [[ $KEY_EXCH_SCORE -ge 20 ]]; then + let KEY_EXCH_SCORE=20 + elif [[ $size -lt 1024 ]] && [[ $KEY_EXCH_SCORE -ge 40 ]]; then let KEY_EXCH_SCORE=40 - set_grade_cap "F" "Using an insecure $type_output" elif [[ $size -lt 2048 ]] && [[ $KEY_EXCH_SCORE -ge 80 ]]; then let KEY_EXCH_SCORE=80 - set_grade_cap "B" "Using a weak $type_output" elif [[ $size -lt 4096 ]] && [[ $KEY_EXCH_SCORE -ge 90 ]]; then let KEY_EXCH_SCORE=90 fi @@ -20880,6 +20878,12 @@ run_rating() { pr_bold " Protocol Support "; out "(weighted) "; outln "$c1_score ($c1_wscore)" ## Category 2 + if [[ $KEY_EXCH_SCORE -le 40 ]]; then + set_grade_cap "F" "Using an insecure public key and/or ephemeral key" + elif [[ $KEY_EXCH_SCORE -le 80 ]]; then + set_grade_cap "B" "Using a weak public key and/or ephemeral key" + fi + let c2_score=$KEY_EXCH_SCORE let c2_wscore=$c2_score*30/100