1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
|
<?xml version="1.0" encoding="koi8-r"?>
<!DOCTYPE article PUBLIC "-//FreeBSD//DTD DocBook XML V5.0-Based Extension//EN"
"../../../share/xml/freebsd50.dtd">
<!--
The FreeBSD Russian Documentation Project
$FreeBSD$
$FreeBSDru: frdp/doc/ru_RU.KOI8-R/articles/ipsec-must/article.xml,v 1.7 2004/07/16 12:06:05 den Exp $
Original revision: r25543
-->
<article xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" xml:lang="ru">
<info><title>îÅÚÁ×ÉÓÉÍÏÅ ÉÓÓÌÅÄÏ×ÁÎÉÅ ÒÁÂÏÔÙ IPsec ×Ï FreeBSD</title>
<author><personname><firstname>David</firstname><surname>Honig</surname></personname><affiliation>
<address><email>honig@sprynet.com</email></address>
</affiliation></author>
<pubdate>1999-05-03</pubdate>
<legalnotice xml:id="trademarks" role="trademarks">
&tm-attrib.freebsd;
&tm-attrib.opengroup;
&tm-attrib.general;
</legalnotice>
<releaseinfo>$FreeBSD$</releaseinfo>
<abstract>
<para>÷Ù ÔÏÌØËÏ ÞÔÏ ÕÓÔÁÎÏ×ÉÌÉ É ÎÁÓÔÒÏÉÌÉ IPsec, É ÏÎÏ,
ËÁÖÅÔÓÑ, ÚÁÒÁÂÏÔÁÌÏ. ëÁË ÜÔÏ ÍÏÖÎÏ ÐÒÏ×ÅÒÉÔØ? ñ ÏÐÉÛÕ ÍÅÔÏÄ
ÜËÓÐÅÒÉÍÅÎÔÁÌØÎÏÊ ÐÒÏ×ÅÒËÉ ÐÒÁ×ÉÌØÎÏÇÏ ÆÕÎËÃÉÏÎÉÒÏ×ÁÎÉÑ
IPsec.</para>
</abstract>
</info>
<sect1 xml:id="problem">
<title>ðÏÓÔÁÎÏ×ËÁ ÚÁÄÁÞÉ</title>
<para>äÌÑ ÎÁÞÁÌÁ ÐÒÅÄÐÏÌÏÖÉÍ, ÞÔÏ ÷Ù <link linkend="ipsec-install">
ÎÁÓÔÒÏÉÌÉ <emphasis>IPsec</emphasis></link>. ëÁË ÷Ù
ÕÚÎÁÅÔÅ, ÞÔÏ IPsec <link linkend="caveat">ÒÁÂÏÔÁÅÔ</link>?
îÅÓÏÍÎÅÎÎÏ, ÓÏÅÄÉÎÅÎÉÑ ÎÅ ÂÕÄÅÔ, ÅÓÌÉ ÷Ù ÎÅ×ÅÒÎÏ ÅÇÏ
ÓËÏÎÆÉÇÕÒÉÒÏ×ÁÌÉ. é ÏÎÏ, ËÏÎÅÞÎÏ, ÐÏÑ×ÉÔÓÑ × ×Ù×ÏÄÅ ËÏÍÁÎÄÙ
&man.netstat.1;, ËÏÇÄÁ ÷Ù ×Ó£ ÓÄÅÌÁÅÔÅ ×ÅÒÎÏ. îÏ ÍÏÖÎÏ ÌÉ
ËÁË-ÔÏ ÐÏÄÔ×ÅÒÄÉÔØ ÓÁÍ ÆÁËÔ ÆÕÎËÃÉÏÎÉÒÏ×ÁÎÉÑ IPsec?</para>
</sect1>
<sect1 xml:id="solution">
<title>òÅÛÅÎÉÅ</title>
<para>äÌÑ ÎÁÞÁÌÁ ÎÅÍÎÏÖËÏ ËÒÉÐÔÏÇÒÁÆÉÞÅÓËÏÊ ÔÅÏÒÉÉ:</para>
<orderedlist>
<listitem>
<para>ûÉÆÒÏ×ÁÎÎÙÅ ÄÁÎÎÙÅ ÒÁ×ÎÏÍÅÒÎÏ ÒÁÓÐÒÅÄÅÌÅÎÙ ÐÏ ÏÂÌÁÓÔÉ
ÏÐÒÅÄÅÌÅÎÉÑ, ÔÏ ÅÓÔØ ËÁÖÄÙÊ ÓÉÍ×ÏÌ ÉÍÅÅÔ ÍÁËÓÉÍÁÌØÎÕÀ
ÜÎÔÒÏÐÉÀ;</para>
</listitem>
<listitem>
<para><quote>óÙÒÙÅ</quote> É ÎÅÓÖÁÔÙÅ ÄÁÎÎÙÅ ËÁË ÐÒÁ×ÉÌÏ
ÉÚÂÙÔÏÞÎÙ, ÔÏ ÅÓÔØ ÉÈ ÜÎÔÒÏÐÉÑ ÍÅÎØÛÅ ÍÁËÓÉÍÁÌØÎÏ
×ÏÚÍÏÖÎÏÊ.</para>
</listitem>
</orderedlist>
<para>ðÒÅÄÐÏÌÏÖÉÍ, ÞÔÏ Õ ÷ÁÓ ÉÍÅÅÔÓÑ ×ÏÚÍÏÖÎÏÓÔØ ÉÚÍÅÒÉÔØ ÜÎÔÒÏÐÉÀ
×ÈÏÄÑÝÅÇÏ É ÉÓÈÏÄÑÝÅÇÏ ÔÒÁÆÉËÁ ÎÁ ÓÅÔÅ×ÏÍ ÉÎÔÅÒÆÅÊÓÅ. ÷ ÜÔÏÍ
ÓÌÕÞÁÅ ÷Ù ÓÍÏÖÅÔÅ ÌÅÇËÏ ÏÔÌÉÞÉÔØ ÚÁÛÉÆÒÏ×ÁÎÎÙÅ ÄÁÎÎÙÅ ÏÔ
ÏÔËÒÙÔÙÈ, ÐÒÉÞ£Í ÄÁÖÅ × ÔÏÍ ÓÌÕÞÁÅ, ËÏÇÄÁ ÞÁÓÔØ ÄÁÎÎÙÈ ×
<quote>ÒÅÖÉÍÅ ÛÉÆÒÏ×ÁÎÉÑ</quote> ÐÅÒÅÄÁ£ÔÓÑ × ÏÔËÒÙÔÏÍ ×ÉÄÅ, Ë
ÐÒÉÍÅÒÕ ×ÎÅÛÎÉÅ ÚÁÇÏÌÏ×ËÉ IP, ËÏÔÏÒÙÅ ÉÓÐÏÌØÚÕÀÔÓÑ ÄÌÑ
ÍÁÒÛÒÕÔÉÚÁÃÉÉ.</para>
<sect2 xml:id="MUST">
<title>MUST</title>
<para><quote>õÎÉ×ÅÒÓÁÌØÎÙÊ óÔÁÔÉÓÔÉÞÅÓËÉÊ ôÅÓÔ ÄÌÑ çÅÎÅÒÁÔÏÒÏ×
óÌÕÞÁÊÎÙÈ þÉÓÅÌ</quote> õÜÌÉ íÁÕÒÅÒÁ (Ueli Maurer's Universal
Statistical Test for Random Bit Generators), ÓÏËÒÁÝ£ÎÎÏ <link xlink:href="http://www.geocities.com/SiliconValley/Code/4704/universal.pdf">
<acronym>MUST</acronym></link> ÐÏÚ×ÏÌÑÅÔ ÂÙÓÔÒÏ ÉÚÍÅÒÉÔØ
ÜÎÔÒÏÐÉÀ ÐÏÓÌÅÄÏ×ÁÔÅÌØÎÏÇÏ ÎÁÂÏÒÁ ÄÁÎÎÙÈ. éÓÐÏÌØÚÕÅÍÙÊ
ÁÌÇÏÒÉÔÍ ÐÏÈÏÖ ÎÁ ÁÌÇÏÒÉÔÍ ÓÖÁÔÉÑ. <link linkend="code">÷
ÐÒÉÌÏÖÅÎÉÉ</link> ÐÒÉ×ÅģΠÉÓÈÏÄÎÙÊ ËÏÄ, ÐÏÚ×ÏÌÑÀÝÉÊ ÉÚÍÅÒÑÔØ
ÜÎÔÒÏÐÉÀ ÐÏÓÌÅÄÏ×ÁÔÅÌØÎÙÈ ËÕÓËÏ× ÄÁÎÎÙÈ ÒÁÚÍÅÒÏÍ ÏËÏÌÏ
ÞÅÔ×ÅÒÔÉ ÍÅÇÁÂÁÊÔÁ.</para>
</sect2>
<sect2 xml:id="tcpdump">
<title>Tcpdump</title>
<para>åÝ£ ÎÁÍ ÎÕÖÅÎ ÓÐÏÓÏ ÓÏÈÒÁÎÅÎÉÑ ÉÎÆÏÒÍÁÃÉÉ,
ÐÒÏÈÏÄÑÝÅÊ ÞÅÒÅÚ ÉÎÔÅÒÆÅÊÓ. ðÒÏÇÒÁÍÍÁ &man.tcpdump.1;
ÐÏÚ×ÏÌÑÅÔ ÓÄÅÌÁÔØ ÜÔÏ × ÓÌÕÞÁÅ, ÅÓÌÉ ÷Ù <link linkend="kernel">ÓËÏÎÆÉÇÕÒÉÒÏ×ÁÌÉ Ó×Ï£ ÑÄÒÏ</link> Ó
ÐÏÄÄÅÒÖËÏÊ <emphasis>ðÁËÅÔÎÏÇÏ æÉÌØÔÒÁ âÅÒËÌÉ (Berkeley Packet
Filter)</emphasis>.</para>
<para>ëÏÍÁÎÄÁ</para>
<screen><userinput>tcpdump -c 4000 -s 10000 -w dumpfile.bin</userinput></screen>
<para>ÓÏÈÒÁÎÉÔ 4000 ÐÁËÅÔÏ× × ÆÁÊÌ
<replaceable>dumpfile.bin</replaceable>. ÷ ÄÁÎÎÏÍ ÐÒÉÍÅÒÅ ÏÂߣÍ
ÚÁÐÉÓÙ×ÁÅÍÏÊ ÉÎÆÏÒÍÁÃÉÉ × ËÁÖÄÏÍ ÐÁËÅÔÅ ÎÅ ÍÏÖÅÔ ÐÒÅ×ÙÛÁÔØ
10,000 ÂÁÊÔÏ×.</para>
</sect2>
</sect1>
<sect1 xml:id="experiment">
<title>üËÓÐÅÒÉÍÅÎÔ</title>
<para>ðÏ×ÔÏÒÉÔÅ ÓÌÅÄÕÀÝÉÅ ÛÁÇÉ ÜËÓÐÅÒÉÍÅÎÔÁ:</para>
<procedure>
<step>
<para>ïÔËÒÏÊÔÅ Ä×Á ÏËÎÁ ÔÅÒÍÉÎÁÌÁ É Ó×ÑÖÉÔÅÓØ × ÏÄÎÏÍ ÉÚ ÎÉÈ Ó
ËÁËÉÍ-ÎÉÂÕÄØ ËÏÍÐØÀÔÅÒÏÍ ÞÅÒÅÚ ËÁÎÁÌ IPsec, Á × ÄÒÕÇÏÍ — Ó
ÏÂÙÞÎÙÍ, <quote>ÎÅÚÁÝÉÝ£ÎÎÙÍ</quote> ËÏÍÐØÀÔÅÒÏÍ.</para>
</step>
<step>
<para>ôÅÐÅÒØ ÎÁÞÎÉÔÅ <link linkend="tcpdump">ÓÏÈÒÁÎÑÔØ
ÐÁËÅÔÙ</link>.</para>
</step>
<step>
<para>÷ <quote>ÛÉÆÒÏ×ÁÎÎÏÍ</quote> ÏËÎÅ ÚÁÐÕÓÔÉÔÅ ËÏÍÁÎÄÕ &unix;
&man.yes.1;, ËÏÔÏÒÁÑ ÂÕÄÅÔ ×ÙÄÁ×ÁÔØ ÂÅÓËÏÎÅÞÎÙÊ
ÐÏÔÏË ÓÉÍ×ÏÌÏ× <literal>y</literal>. îÅÍÎÏÖËÏ ÐÏÄÏÖÄÉÔÅ É
ÚÁ×ÅÒÛÉÔŠţ. úÁÔÅÍ ÐÅÒÅËÌÀÞÉÔÅÓØ × ÏÂÙÞÎÏÅ ÏËÎÏ (ÎÅ
ÉÓÐÏÌØÚÕÀÝÅÅ ËÁÎÁÌ IPsec) É ÓÄÅÌÁÊÔÅ ÔÏ ÖÅ ÓÁÍÏÅ.</para>
</step>
<step>
<para>úÁËÌÀÞÉÔÅÌØÎÙÊ ÜÔÁÐ: ÚÁÐÕÓÔÉÔÅ <link linkend="code">
MUST</link>, ÐÅÒÅÄÁ× ÅÍÕ ÄÌÑ ÏÂÒÁÂÏÔËÉ ÔÏÌØËÏ ÞÔÏ
ÓÏÈÒÁΣÎÎÙÅ ÐÁËÅÔÙ ÞÅÒÅÚ ËÏÍÁÎÄÎÕÀ ÓÔÒÏËÕ. ÷Ù ÄÏÌÖÎÙ
Õ×ÉÄÅÔØ ÞÔÏ-ÔÏ ×ÒÏÄÅ ÉÚÏÂÒÁÖ£ÎÎÏÇÏ ÞÕÔØ ÎÉÖÅ. úÁÍÅÔØÔÅ, ÞÔÏ
ÂÅÚÏÐÁÓÎÏÅ ÓÏÅÄÉÎÅÎÉÅ ÉÍÅÅÔ 93% (6,7) ÏÔ ÏÖÉÄÁÅÍÏÇÏ ÚÎÁÞÅÎÉÑ
(7,18), Á ÏÂÙÞÎÏÅ ÓÏÅÄÉÎÅÎÉÅ — ×ÓÅÇÏ ÌÉÛØ 29%
(2,1).</para>
<screen>&prompt.user; <userinput>tcpdump -c 4000 -s 10000 -w ipsecdemo.bin</userinput>
&prompt.user; <userinput>uliscan ipsecdemo.bin</userinput>
Uliscan 21 Dec 98
L=8 256 258560
Measuring file ipsecdemo.bin
Init done
Expected value for L=8 is 7.1836656
6.9396 --------------------------------------------------------
6.6177 -----------------------------------------------------
6.4100 ---------------------------------------------------
2.1101 -----------------
2.0838 -----------------
2.0983 -----------------</screen>
</step>
</procedure>
</sect1>
<sect1 xml:id="caveat">
<title>úÁÍÅÞÁÎÉÅ</title>
<para>üÔÏÔ ÜËÓÐÅÒÉÍÅÎÔ ÐÏËÁÚÙ×ÁÅÔ, ÞÔÏ IPsec
<emphasis>ÄÅÊÓÔ×ÉÔÅÌØÎÏ</emphasis> ÒÁÓÐÒÅÄÅÌÑÅÔ ÐÅÒÅÄÁ×ÁÅÍÙÅ
ÂÁÊÔÙ ÐÏ ÏÂÌÁÓÔÉ ÏÐÒÅÄÅÌÅÎÉÑ <emphasis>ÒÁ×ÎÏÍÅÒÎÏ</emphasis>,
ËÁË É ÌÀÂÏÅ ÄÒÕÇÏÅ ÛÉÆÒÏ×ÁÎÉÅ. ïÄÎÁËÏ ÜÔÏÔ ÍÅÔÏÄ <emphasis>ÎÅ
ÍÏÖÅÔ</emphasis> ÏÂÎÁÒÕÖÉÔØ ÍÎÏÖÅÓÔ×Ï ÄÒÕÇÉÈ ÉÚßÑÎÏ× × ÓÉÓÔÅÍÅ
(ÈÏÔÑ Ñ ÔÁËÏ×ÙÈ ÎÅ ÚÎÁÀ). äÌÑ ÐÒÉÍÅÒÁ ÍÏÖÎÏ ÐÒÉ×ÅÓÔÉ ÐÌÏÈÉÅ
ÁÌÇÏÒÉÔÍÙ ÇÅÎÅÒÁÃÉÉ ÉÌÉ ÏÂÍÅÎÁ ËÌÀÞÁÍÉ, ÎÁÒÕÛÅÎÉÅ
ËÏÎÆÉÄÅÎÃÉÁÌØÎÏÓÔÉ ÄÁÎÎÙÈ ÉÌÉ ËÌÀÞÅÊ, ÉÓÐÏÌØÚÏ×ÁÎÉÅ ÓÌÁÂÙÈ ×
ËÒÉÐÔÏÇÒÁÆÉÞÅÓËÏÍ ÓÍÙÓÌÅ ÁÌÇÏÒÉÔÍÏ×, ×ÚÌÏÍ ÑÄÒÁ É Ô. Ä. éÚÕÞÁÊÔÅ
ÉÓÈÏÄÎÙÊ ËÏÄ, ÕÚÎÁ×ÁÊÔÅ, ÞÔÏ ÔÁÍ ÐÒÏÉÓÈÏÄÉÔ.</para>
</sect1>
<sect1 xml:id="IPsec">
<title>ïÐÒÅÄÅÌÅÎÉÅ IPsec</title>
<para>IPsec ÐÒÅÄÓÔÁ×ÌÑÅÔ ÓÏÂÏÊ ÐÒÏÔÏËÏÌ ÂÅÚÏÐÁÓÎÏÇÏ ÏÂÍÅÎÁ
ÉÎÆÏÒÍÁÃÉÅÊ ÐÏ Internet. óÕÝÅÓÔ×ÕÅÔ × ×ÉÄÅ ÒÁÓÛÉÒÅÎÉÑ Ë IPv4;
Ñ×ÌÑÅÔÓÑ ÎÅÏÔßÅÍÌÅÍÏÊ ÞÁÓÔØÀ IPv6. óÏÄÅÒÖÉÔ × ÓÅÂÅ ÐÒÏÔÏËÏÌ
ÛÉÆÒÏ×ÁÎÉÑ É ÁÕÔÅÎÔÉÆÉËÁÃÉÉ ÎÁ ÕÒÏ×ÎÅ IP (ÍÅÖÍÁÛÉÎÎÏÅ
<quote>host-to-host</quote> ×ÚÁÉÍÏÄÅÊÓÔ×ÉÅ). SSL ÚÁÝÉÝÁÅÔ
ÔÏÌØËÏ ÌÉÛØ ËÏÎËÒÅÔÎÙÊ ÐÒÉËÌÁÄÎÏÊ ÓÏËÅÔ;
<application>SSH</application> ÚÁÝÉÝÁÅÔ ×ÈÏÄ ÎÁ ÍÁÛÉÎÕ;
<application>PGP</application> ÚÁÝÉÝÁÅÔ ÏÐÒÅÄÅÌ£ÎÎÙÊ ÆÁÊÌ ÉÌÉ
ÐÉÓØÍÏ. IPsec ÛÉÆÒÕÅÔ ×ÓÀ ÉÎÆÏÒÍÁÃÉÀ, ÐÅÒÅÄÁ×ÁÅÍÕÀ ÍÅÖÄÕ Ä×ÕÍÑ
ÍÁÛÉÎÁÍÉ.</para>
</sect1>
<sect1 xml:id="ipsec-install">
<title>õÓÔÁÎÏ×ËÁ IPsec</title>
<para>âÏÌØÛÉÎÓÔ×Ï ÓÏ×ÒÅÍÅÎÎÙÈ ×ÅÒÓÉÊ FreeBSD ÕÖÅ ÉÍÅÀÔ ÐÏÄÄÅÒÖËÕ
IPsec. ÷ÅÒÏÑÔÎÏ, ÷Ù ÄÏÌÖÎÙ ÂÕÄÅÔÅ ÌÉÛØ ÄÏÂÁ×ÉÔØ ÏÐÃÉÀ
<option>IPsec</option> × ËÏÎÆÉÇÕÒÁÃÉÏÎÎÙÊ ÆÁÊÌ ÑÄÒÁ, É ÐÏÓÌÅ
ÓÂÏÒËÉ É ÉÎÓÔÁÌÌÑÃÉÉ ÎÏ×ÏÇÏ ÑÄÒÁ, ÓËÏÎÆÉÇÕÒÉÒÏ×ÁÔØ ÓÏÅÄÉÎÅÎÉÅ
IPsec Ó ÐÏÍÏÝØÀ ËÏÍÁÎÄÙ &man.setkey.8;.</para>
<para>âÏÌÅÅ ÐÏÄÒÏÂÎÏ Ï ÔÏÍ, ËÁË ÚÁÐÕÓÔÉÔØ IPsec ×Ï FreeBSD ÍÏÖÎÏ
ÐÒÏÞÅÓÔØ × <link xlink:href="&url.books.handbook;/ipsec.html">òÕËÏ×ÏÄÓÔ×Å
ÐÏÌØÚÏ×ÁÔÅÌÑ</link>.</para>
</sect1>
<sect1 xml:id="kernel">
<title>src/sys/i386/conf/KERNELNAME</title>
<para>äÌÑ ÔÏÇÏ, ÞÔÏÂÙ ÚÁÈ×ÁÔÙ×ÁÔØ ÓÅÔÅ×ÏÊ ÔÒÁÆÉË ÐÒÉ ÐÏÍÏÝÉ
&man.tcpdump.1;, ÓÌÅÄÕÀÝÉÅ ÓÔÒÏËÉ ÄÏÌÖÎÙ ÐÒÉÓÕÔÓÔ×Ï×ÁÔØ
× ËÏÎÆÉÇÕÒÁÃÉÏÎÎÏÍ ÆÁÊÌÅ ÑÄÒÁ. îÅ
ÚÁÂÕÄØÔÅ ÐÏÓÌÅ ÍÏÄÉÆÉËÁÃÉÉ ÚÁÐÕÓÔÉÔØ &man.config.8;, É, ËÁË
ÏÂÙÞÎÏ, ÐÅÒÅÓÏÂÒÁÔØ É ÕÓÔÁÎÏ×ÉÔØ ÎÏ×ÏÅ ÑÄÒÏ.</para>
<programlisting>device bpf</programlisting>
</sect1>
<sect1 xml:id="code">
<title>õÎÉ×ÅÒÓÁÌØÎÙÊ óÔÁÔÉÓÔÉÞÅÓËÉÊ ôÅÓÔ íÁÕÒÅÒÁ (ÒÁÚÍÅÒ ÂÌÏËÁ
— 8 ÂÉÔ)</title>
<para>ïÒÉÇÉÎÁÌ ÎÉÖÅÐÒÉ×ÅÄ£ÎÎÏÇÏ ËÏÄÁ ÎÁÈÏÄÉÔÓÑ ÐÏ <link xlink:href="http://www.geocities.com/SiliconValley/Code/4704/uliscanc.txt">
ÜÔÏÍÕ ÁÄÒÅÓÕ</link>.</para>
<programlisting>/*
ULISCAN.c ---blocksize of 8
1 Oct 98
1 Dec 98
21 Dec 98 uliscan.c derived from ueli8.c
This version has // comments removed for Sun cc
This implements Ueli M Maurer's "Universal Statistical Test for Random
Bit Generators" using L=8
Accepts a filename on the command line; writes its results, with other
info, to stdout.
Handles input file exhaustion gracefully.
Ref: J. Cryptology v 5 no 2, 1992 pp 89-105
also on the web somewhere, which is where I found it.
-David Honig
honig@sprynet.com
Usage:
ULISCAN filename
outputs to stdout
*/
#define L 8
#define V (1<<L)
#define Q (10*V)
#define K (100 *Q)
#define MAXSAMP (Q + K)
#include <stdio.h>
#include <math.h>
int main(argc, argv)
int argc;
char **argv;
{
FILE *fptr;
int i,j;
int b, c;
int table[V];
double sum = 0.0;
int iproduct = 1;
int run;
extern double log(/* double x */);
printf("Uliscan 21 Dec 98 \nL=%d %d %d \n", L, V, MAXSAMP);
if (argc < 2) {
printf("Usage: Uliscan filename\n");
exit(-1);
} else {
printf("Measuring file %s\n", argv[1]);
}
fptr = fopen(argv[1],"rb");
if (fptr == NULL) {
printf("Can't find %s\n", argv[1]);
exit(-1);
}
for (i = 0; i < V; i++) {
table[i] = 0;
}
for (i = 0; i < Q; i++) {
b = fgetc(fptr);
table[b] = i;
}
printf("Init done\n");
printf("Expected value for L=8 is 7.1836656\n");
run = 1;
while (run) {
sum = 0.0;
iproduct = 1;
if (run)
for (i = Q; run && i < Q + K; i++) {
j = i;
b = fgetc(fptr);
if (b < 0)
run = 0;
if (run) {
if (table[b] > j)
j += K;
sum += log((double)(j-table[b]));
table[b] = i;
}
}
if (!run)
printf("Premature end of file; read %d blocks.\n", i - Q);
sum = (sum/((double)(i - Q))) / log(2.0);
printf("%4.4f ", sum);
for (i = 0; i < (int)(sum*8.0 + 0.50); i++)
printf("-");
printf("\n");
/* refill initial table */
if (0) {
for (i = 0; i < Q; i++) {
b = fgetc(fptr);
if (b < 0) {
run = 0;
} else {
table[b] = i;
}
}
}
}
}</programlisting>
</sect1>
</article>
|
