]>
Commit | Line | Data |
---|---|---|
61af3de3 JG |
1 | .\" Copyright (c) 2004 Henrique de Moraes Holschuh -- hmh@debian.org |
2 | .\" | |
3 | .TH RNGTEST 1 "March 2004" "@PACKAGE@ @VERSION@" | |
4 | ||
5 | .SH NAME | |
6 | rngtest \- Check the randomness of data using FIPS 140-2 tests | |
7 | ||
8 | .SH SYNOPSIS | |
9 | .B rngtest | |
10 | [\fB\-c\fR \fIn\fR | \fB\-\-blockcount=\fIn\fR] | |
11 | [\fB\-b\fR \fIn\fR | \fB\-\-blockstats=\fIn\fR] | |
12 | [\fB\-t\fR \fIn\fR | \fB\-\-timedstats=\fIn\fR] | |
13 | [\fB\-p\fR | \fB\-\-pipe\fR] | |
14 | [\fB\-?\fR] [\fB\-\-help\fR] | |
15 | [\fB\-V\fR] [\fB\-\-version\fR] | |
16 | .RI | |
17 | ||
18 | .SH DESCRIPTION | |
19 | \fIrngtest\fR works on blocks of 20000 bits at a time, using the FIPS 140-2 | |
20 | (errata of 2001-10-10) tests to verify the randomness of the block of data. | |
21 | .PP | |
22 | It takes input from \fIstdin\fR, and outputs statistics to \fIstderr\fR, | |
23 | optionally echoing blocks that passed the FIPS tests to \fIstdout\fR | |
24 | (when operating in \fIpipe mode\fR). Errors are sent to \fIstderr\fR. | |
25 | .PP | |
26 | At startup, \fIrngtest\fR will trow away the first 32 bits of data when | |
27 | operating in \fIpipe mode\fR. It will use the next 32 bits of data to | |
28 | bootstrap the FIPS tests (even when not operating in \fIpipe mode\fR). | |
29 | These bits are not tested for randomness. | |
30 | .PP | |
31 | Statistics are dumped to \fIstderr\fR when the program exits. | |
32 | ||
33 | .SH OPTIONS | |
34 | .TP | |
35 | \fB\-p\fR, \fB\-\-pipe\fR | |
36 | Enable \fIpipe mode\fR. All data blocks that pass the FIPS tests are | |
37 | echoed to \fIstdout\fR, and \fIrngtest\fR operates in silent mode. | |
38 | .TP | |
39 | \fB\-c\fR \fIn\fR, \fB\-\-blockcount=\fIn\fR (default: 0) | |
40 | Exit after processing n input blocks, if n is not zero. | |
41 | .TP | |
42 | \fB\-b\fR \fIn\fR, \fB\-\-blockstats=\fIn\fR (default: 0) | |
43 | Dump statistics every n blocks, if n is not zero. | |
44 | .TP | |
45 | \fB\-t\fR \fIn\fR, \fB\-\-timedstats=\fIn\fR (default: 0) | |
1696181f | 46 | Dump statistics every n seconds, if n is not zero. |
61af3de3 JG |
47 | .TP |
48 | \fB\-?\fR, \fB\-\-help\fR | |
49 | Give a short summary of all program options. | |
50 | .TP | |
51 | \fB\-V\fR, \fB\-\-version\fR | |
52 | Print program version | |
53 | ||
54 | .SH STATISTICS | |
55 | \fIrngtest\fR will dump statistics to \fIstderr\fR when it exits, and | |
56 | when told to by \fIblockstats\fR or \fItimedstats\fR. | |
57 | .PP | |
58 | \fBFIPS 140-2 successes\fR and \fBFIPS 140-2 failures\fR counts the number of | |
59 | 20000-bit blocks either accepted or rejected by the FIPS 140-2 tests. The | |
60 | other statistics show a breakdown of the FIPS 140-2 failures by FIPS | |
61 | 140-2 test. See the FIPS 140-2 document for more information (note that these | |
62 | tests are defined on FIPS 140-1 and FIPS 140-2 errata of 2001-10-10. They | |
63 | were removed in FIPS 140-2 errata of 2002-12-03). | |
64 | .PP | |
1696181f | 65 | The speed statistics are taken for every 20000-bit block transferred or |
61af3de3 JG |
66 | processed. |
67 | ||
68 | .SH EXIT STATUS | |
69 | .TP | |
70 | \fB0\fR if no errors happen, and no blocks fail the FIPS tests. | |
71 | .TP | |
72 | \fB1\fR if no errors happen, but at least one block fails the FIPS tests. | |
73 | .TP | |
74 | \fB10\fR if there are problems with the parameters. | |
75 | .TP | |
76 | \fB11\fR if an input/output error happens. | |
77 | .TP | |
78 | \fB12\fR if an operating system or resource starvation error happens. | |
79 | ||
80 | .SH SEE ALSO | |
81 | random(4), rngd(8) | |
82 | .TP | |
83 | FIPS PUB 140-2 Security Requirements for Cryptographic Modules, NIST, | |
84 | http://csrc.nist.gov/cryptval/140-2.htm | |
85 | ||
86 | .SH AUTHORS | |
87 | Henrique de Moraes Holschuh <hmh@debian.org> | |
88 |