-
Notifications
You must be signed in to change notification settings - Fork 0
/
tls_score.go
107 lines (87 loc) · 2.86 KB
/
tls_score.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
package tlsmodel
func score2009p(s *ScanResult) (result SecurityScore) {
max := uint16(0)
min := uint16(1000)
for _, p := range s.SupportedProtocols {
if p > max {
max = p
}
if p < min {
min = p
}
}
highProtocol := scoreProtocol(max)
lowProtocol := scoreProtocol(min)
result.ProtocolScore = (highProtocol + lowProtocol) / 2
if s.SupportsTLS() {
cipherKeyExchangeScore := 1000
cipherStrengthMinScore := 1000
cipherStrengthMaxScore := 0
// for _, p := range s.SupportedProtocols {
p := s.SupportedProtocols[0] // use the strongest protocol
c := s.SelectedCipherByProtocol[p]
selectMinimalKeyExchangeScore(c, p, &cipherKeyExchangeScore, &cipherStrengthMinScore, &cipherStrengthMaxScore, *s)
var cipherSuite []uint16
if s.HasCipherPreferenceOrderByProtocol[p] {
cipherSuite = s.CipherPreferenceOrderByProtocol[p]
} else {
cipherSuite = s.CipherSuiteByProtocol[p]
}
for _, c := range cipherSuite {
selectMinimalKeyExchangeScore(c, p, &cipherKeyExchangeScore, &cipherStrengthMinScore, &cipherStrengthMaxScore, *s)
}
// }
result.KeyExchangeScore = cipherKeyExchangeScore
result.CipherEncryptionScore = (cipherStrengthMaxScore + cipherStrengthMinScore) / 2
result.Grade = toTLSGrade((30*result.ProtocolScore + 30*result.KeyExchangeScore + 40*result.CipherEncryptionScore) / 100)
scoreCertificate(&result, s)
result.adjustScore2009p(*s)
} else {
//No TLS
result.Grade = toTLSGrade(-1)
}
return
}
func score2009q(s *ScanResult) (result SecurityScore) {
max := uint16(0)
min := uint16(1000)
for _, p := range s.SupportedProtocols {
if p > max {
max = p
}
if p < min {
min = p
}
}
highProtocol := scoreProtocol(max)
lowProtocol := scoreProtocol(min)
result.ProtocolScore = (highProtocol + lowProtocol) / 2
if s.SupportsTLS() {
cipherKeyExchangeScore := 1000
cipherStrengthMinScore := 1000
cipherStrengthMaxScore := 0
// for _, p := range s.SupportedProtocols {
p := s.SupportedProtocols[0] // use the strongest protocol
c := s.SelectedCipherByProtocol[p]
selectMinimalKeyExchangeScore(c, p, &cipherKeyExchangeScore, &cipherStrengthMinScore, &cipherStrengthMaxScore, *s)
var cipherSuite []uint16
if s.HasCipherPreferenceOrderByProtocol[p] {
cipherSuite = s.CipherPreferenceOrderByProtocol[p]
} else {
cipherSuite = s.CipherSuiteByProtocol[p]
}
for _, c := range cipherSuite {
selectMinimalKeyExchangeScore(c, p, &cipherKeyExchangeScore, &cipherStrengthMinScore, &cipherStrengthMaxScore, *s)
}
// }
result.KeyExchangeScore = cipherKeyExchangeScore
result.CipherEncryptionScore = (cipherStrengthMaxScore + cipherStrengthMinScore) / 2
result.Grade = toTLSGrade((30*result.ProtocolScore + 30*result.KeyExchangeScore + 40*result.CipherEncryptionScore) / 100)
scoreCertificate(&result, s)
result.adjustScore2009q(*s)
} else {
//No TLS
result.Grade = toTLSGrade(-1)
}
return
}