rngtest(1) [centos man page]

RNGTEST(1)						      General Commands Manual							RNGTEST(1)

NAME

       rngtest - Check the randomness of data using FIPS 140-2 tests

SYNOPSIS

       rngtest [-c n | --blockcount=n] [-b n | --blockstats=n] [-t n | --timedstats=n] [-p | --pipe] [-?] [--help] [-V] [--version]

DESCRIPTION

       rngtest works on blocks of 20000 bits at a time, using the FIPS 140-2 (errata of 2001-10-10) tests to verify the randomness of the block of
       data.

       It takes input from stdin, and outputs statistics to stderr, optionally echoing blocks that passed the FIPS tests to stdout (when operating
       in pipe mode).  Errors are sent to stderr.

       At  startup,  rngtest  will trow away the first 32 bits of data when operating in pipe mode.  It will use the next 32 bits of data to boot-
       strap the FIPS tests (even when not operating in pipe mode).  These bits are not tested for randomness.

       Statistics are dumped to stderr when the program exits.

OPTIONS

       -p, --pipe
	      Enable pipe mode.  All data blocks that pass the FIPS tests are echoed to stdout, and rngtest operates in silent mode.

       -c n, --blockcount=n (default: 0)
	      Exit after processing n input blocks, if n is not zero.

       -b n, --blockstats=n (default: 0)
	      Dump statistics every n blocks, if n is not zero.

       -t n, --timedstats=n (default: 0)
	      Dump statistics every n seconds, if n is not zero.

       -?, --help
	      Give a short summary of all program options.

       -V, --version
	      Print program version

STATISTICS

       rngtest will dump statistics to stderr when it exits, and when told to by blockstats or timedstats.

       FIPS 140-2 successes and FIPS 140-2 failures counts the number of 20000-bit blocks either accepted or rejected by  the  FIPS  140-2  tests.
       The  other  statistics  show  a	breakdown of the FIPS 140-2 failures by FIPS 140-2 test.  See the FIPS 140-2 document for more information
       (note that these tests are defined on FIPS 140-1 and FIPS  140-2  errata  of  2001-10-10.  They	were  removed  in  FIPS  140-2	errata	of
       2002-12-03).

       The speed statistics are taken for every 20000-bit block transferred or processed.

EXIT STATUS

       0 if no errors happen, and no blocks fail the FIPS tests.

       1 if no errors happen, but at least one block fails the FIPS tests.

       10 if there are problems with the parameters.

       11 if an input/output error happens.

       12 if an operating system or resource starvation error happens.

SEE ALSO

       random(4), rngd(8)

       FIPS PUB 140-2 Security Requirements for Cryptographic Modules, NIST,
	      http://csrc.nist.gov/cryptval/140-2.htm

AUTHORS

       Henrique de Moraes Holschuh <hmh@debian.org>

rng-tools 4							    March 2004								RNGTEST(1)

FIPSCHECK(8)							     fipscheck							      FIPSCHECK(8)

NAME

       fipscheck - perform a FIPS-140-2 validation check of one or more files

SYNTAX

       fipscheck [-s <hmac-suffix>] file1 [file2 ...]

DESCRIPTION

       fipscheck will perform a FIPS-140-2 validation of a file using a stored checksum of a file. The file containing the checksum value is first
       looked up in the /usr/lib{64,}/fipscheck directory and if not found there, it will be searched for in the same directory as the file which
       is being checksummed.

       The checksum file must have '.' prepended and '.hmac' appended to the original file name. The '.' must not be prepended to the file names
       in the /usr/lib{64,}/fipscheck directory.

       If invoked correctly the fipscheck command will not print anything to the standard output or error and set the return code based on the
       test result. A return code of 0 means the file passed the checksum test. A value of non-zero means the checksum failed.

       The -s option allows to specify the suffix of the hmac file names. The default value .hmac is used when this option is not specified.

RETURN CODES

       fipscheck can return the following return codes:

       0 Checksum OK

       1 Checksum mismatch

       2 Missing filename

       3 Cannot open the checksum file

       4 Cannot read the file to be checksummed, or the checksum computation failed

       5 Memory allocation error

       10 and higher - Failure during self-checking the libfipscheck.so shared library

       20 and higher - Failure during self-checking the fipscheck binary

ENVIRONMENT VARIABLES

       If you set the environment variable FIPSCHECK_DEBUG to "error", all error messages are sent to stderr. Setting this variable to "syslog"
       will send all error messages to the syslog daemon.

FIPS MODE

       A kernel compiled with CONFIG_CRYPTO_FIPS=y can be booted in fips mode by specifying fips=1 as kernel parameter. If the /boot director
       resides on a different partition, this needs to be specfied, for example boot=/dev/sda2.

SEE ALSO

       fipshmac(8), fipscheck.h(3), https://fedorahosted.org/fipscheck/

AUTHOR

       Tomas Mraz <tmraz@redhat.com>.

       Man page by Paul Wouters <pwouters@redhat.com>

COPYRIGHT

       Copyright 2008, 2012 Red Hat, Inc. All rights reserved.

       Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are
       met:

       1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.

       2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the
       documentation and/or other materials provided with the distribution.

fipscheck							  April 11, 2012						      FIPSCHECK(8)