mirror of
https://github.com/mozilla/cipherscan.git
synced 2024-11-26 07:53:41 +01:00
Improve output of curves
This commit is contained in:
parent
cc014f085d
commit
c90e5c59d7
46
cipherscan
46
cipherscan
@ -62,6 +62,7 @@ TIMEOUT=30
|
|||||||
CAPATH=""
|
CAPATH=""
|
||||||
SAVECRT=""
|
SAVECRT=""
|
||||||
TEST_CURVES="False"
|
TEST_CURVES="False"
|
||||||
|
has_curves="False"
|
||||||
unset known_certs
|
unset known_certs
|
||||||
declare -A known_certs
|
declare -A known_certs
|
||||||
unset cert_checksums
|
unset cert_checksums
|
||||||
@ -446,23 +447,24 @@ test_cipher_on_target() {
|
|||||||
|
|
||||||
# if cipher contains NONE, the cipher wasn't accepted
|
# if cipher contains NONE, the cipher wasn't accepted
|
||||||
elif [ "$cipher" == '(NONE) ' ]; then
|
elif [ "$cipher" == '(NONE) ' ]; then
|
||||||
result="$cipher $protocols $pubkey $sigalg $trusted $tickethint $ocspstaple $pfs $curves_ordering"
|
result="$cipher $protocols $pubkey $sigalg $trusted $tickethint $ocspstaple $pfs $current_curves $curves_ordering"
|
||||||
verbose "handshake failed, server returned ciphersuite '$result'"
|
verbose "handshake failed, server returned ciphersuite '$result'"
|
||||||
return 1
|
return 1
|
||||||
|
|
||||||
# the connection succeeded
|
# the connection succeeded
|
||||||
else
|
else
|
||||||
|
current_curves="None"
|
||||||
# if pfs uses ECDH, test supported curves
|
# if pfs uses ECDH, test supported curves
|
||||||
if [[ $pfs =~ ECDH ]]; then
|
if [[ $pfs =~ ECDH ]]; then
|
||||||
|
has_curves="True"
|
||||||
if [ $TEST_CURVES == "True" ]; then
|
if [ $TEST_CURVES == "True" ]; then
|
||||||
test_ecc_curves
|
test_ecc_curves
|
||||||
pfs=$current_curves
|
|
||||||
else
|
else
|
||||||
# resolve the openssl curve to the proper IANA name
|
# resolve the openssl curve to the proper IANA name
|
||||||
pfs="$(get_curve_name $(echo $pfs|cut -d ',' -f2))"
|
current_curves="$(get_curve_name $(echo $pfs|cut -d ',' -f2))"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
result="$cipher $protocols $pubkey $sigalg $trusted $tickethint $ocspstaple $pfs $curves_ordering"
|
result="$cipher $protocols $pubkey $sigalg $trusted $tickethint $ocspstaple $pfs $current_curves $curves_ordering"
|
||||||
verbose "handshake succeeded, server returned ciphersuite '$result'"
|
verbose "handshake succeeded, server returned ciphersuite '$result'"
|
||||||
return 0
|
return 0
|
||||||
fi
|
fi
|
||||||
@ -523,6 +525,7 @@ display_results_in_terminal() {
|
|||||||
local trusted
|
local trusted
|
||||||
local tickethint
|
local tickethint
|
||||||
local ocspstaple
|
local ocspstaple
|
||||||
|
local curvesordering
|
||||||
local different=False
|
local different=False
|
||||||
echo "Target: $TARGET"; echo
|
echo "Target: $TARGET"; echo
|
||||||
for cipher in "${cipherspref[@]}"; do
|
for cipher in "${cipherspref[@]}"; do
|
||||||
@ -541,6 +544,9 @@ display_results_in_terminal() {
|
|||||||
trusted="${cipher_data[4]}"
|
trusted="${cipher_data[4]}"
|
||||||
tickethint="${cipher_data[5]}"
|
tickethint="${cipher_data[5]}"
|
||||||
ocspstaple="${cipher_data[6]}"
|
ocspstaple="${cipher_data[6]}"
|
||||||
|
if [[ $TEST_CURVES == "True" && "${cipher_data[9]}" != "" ]]; then
|
||||||
|
curvesordering="${cipher_data[9]}"
|
||||||
|
fi
|
||||||
else
|
else
|
||||||
if [ "$pubkey" != "${cipher_data[2]}" ]; then
|
if [ "$pubkey" != "${cipher_data[2]}" ]; then
|
||||||
different=True
|
different=True
|
||||||
@ -557,6 +563,12 @@ display_results_in_terminal() {
|
|||||||
if [ "$ocspstaple" != "${cipher_data[6]}" ]; then
|
if [ "$ocspstaple" != "${cipher_data[6]}" ]; then
|
||||||
different=True
|
different=True
|
||||||
fi
|
fi
|
||||||
|
if [[ "$curvesordering" == "" && "${cipher_data[9]}" != "" ]]; then
|
||||||
|
curvesordering="${cipher_data[9]}"
|
||||||
|
fi
|
||||||
|
if [[ "$curvesordering" != "" && "$curvesordering" != "${cipher_data[9]}" ]]; then
|
||||||
|
different=True
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
results=("${results[@]}" "$r")
|
results=("${results[@]}" "$r")
|
||||||
ctr=$((ctr+1))
|
ctr=$((ctr+1))
|
||||||
@ -564,14 +576,17 @@ display_results_in_terminal() {
|
|||||||
|
|
||||||
header="prio ciphersuite protocols"
|
header="prio ciphersuite protocols"
|
||||||
if [ $different == "True" ]; then
|
if [ $different == "True" ]; then
|
||||||
header="$header pubkey_size signature_algoritm trusted ticket_hint ocsp_staple"
|
header+=" pubkey_size signature_algoritm trusted ticket_hint ocsp_staple"
|
||||||
|
fi
|
||||||
|
header+=" pfs"
|
||||||
|
if [ $has_curves == "True" ]; then
|
||||||
|
header+=" curves"
|
||||||
|
if [[ $TEST_CURVES == "True" && $different == "True" ]]; then
|
||||||
|
header+=" curves_ordering"
|
||||||
fi
|
fi
|
||||||
header="$header pfs"
|
|
||||||
if [ $TEST_CURVES == "True" ]; then
|
|
||||||
header="$header curves_ordering"
|
|
||||||
fi
|
fi
|
||||||
if [ $DOBENCHMARK -eq 1 ]; then
|
if [ $DOBENCHMARK -eq 1 ]; then
|
||||||
header="$header avg_handshake_microsec"
|
header+=" avg_handshake_microsec"
|
||||||
fi
|
fi
|
||||||
ctr=0
|
ctr=0
|
||||||
for result in "${results[@]}"; do
|
for result in "${results[@]}"; do
|
||||||
@ -583,7 +598,7 @@ display_results_in_terminal() {
|
|||||||
echo $result|grep -v '(NONE)'
|
echo $result|grep -v '(NONE)'
|
||||||
else
|
else
|
||||||
# prints priority, ciphersuite, protocols and pfs
|
# prints priority, ciphersuite, protocols and pfs
|
||||||
awk '!/(NONE)/{print $1 " " $2 " " $3 " " $9}' <<<"$result"
|
awk '!/(NONE)/{print $1 " " $2 " " $3 " " $9 " " $10}' <<<"$result"
|
||||||
fi
|
fi
|
||||||
done|column -t
|
done|column -t
|
||||||
echo
|
echo
|
||||||
@ -601,9 +616,12 @@ display_results_in_terminal() {
|
|||||||
echo "OCSP stapling: not supported"
|
echo "OCSP stapling: not supported"
|
||||||
fi
|
fi
|
||||||
if [[ $serverside == "True" ]]; then
|
if [[ $serverside == "True" ]]; then
|
||||||
echo "Server side cipher ordering"
|
echo "Cipher ordering: server"
|
||||||
else
|
else
|
||||||
echo "Client side cipher ordering"
|
echo "Cipher ordering: client"
|
||||||
|
fi
|
||||||
|
if [ $TEST_CURVES == "True" ]; then
|
||||||
|
echo "Curves ordering: $curvesordering"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -629,10 +647,10 @@ display_results_in_json() {
|
|||||||
echo -n "\"pfs\":\"$pfs\""
|
echo -n "\"pfs\":\"$pfs\""
|
||||||
if [[ "${cipher_arr[0]}" =~ ECDH ]]; then
|
if [[ "${cipher_arr[0]}" =~ ECDH ]]; then
|
||||||
echo -n ","
|
echo -n ","
|
||||||
echo -n "\"elliptic_curves\":[\"${pfs//,/\",\"}\"]"
|
echo -n "\"curves\":[\"${cipher_arr[8]//,/\",\"}\"]"
|
||||||
if [ $TEST_CURVES == "True" ]; then
|
if [ $TEST_CURVES == "True" ]; then
|
||||||
echo -n ","
|
echo -n ","
|
||||||
echo -n "\"curves_ordering\":\"${cipher_arr[8]}\""
|
echo -n "\"curves_ordering\":\"${cipher_arr[9]}\""
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
echo -n "}"
|
echo -n "}"
|
||||||
|
Loading…
Reference in New Issue
Block a user