                Nezavisimoe issledovanie raboty IPsec vo FreeBSD

  David Honig

   <honig@sprynet.com>

   Izdanie: b55bb8ba3f

   FreeBSD `eto zaregistrirovannaya torgovaya marka FreeBSD Foundation.

   Motif, OSF/1 i UNIX `eto zaregistrirovannye torgovye marki, a IT DialTone
   i The Open Group `eto torgovye marki Open Group v Soedinennyh SHtatah i
   drugih stranah.

   Mnogie iz oboznachenij, ispol'zuemye proizvoditelyami i prodavcami dlya
   oboznacheniya svoih produktov, zayavlyayutsya v kachestve torgovyh marok.
   Kogda takie oboznacheniya poyavlyayutsya v `etom dokumente, i Proektu
   FreeBSD izvestno o torgovoj marke, k oboznacheniyu dobavlyaetsya znak
   <<TM>> ili <<(R)>>.

   2015-05-12 08:03:23 +0000 Taras Korenko.
   Annotaciya

   Vy tol'ko chto ustanovili i nastroili IPsec, i ono, kazhetsya, zarabotalo.
   Kak `eto mozhno proverit'? YA opishu metod `eksperimental'noj proverki
   pravil'nogo funkcionirovaniya IPsec.

   [ Po razdelam / Odnim fajlom ]

     ----------------------------------------------------------------------

   Soderzhanie

   1. Postanovka zadachi

   2. Reshenie

   3. `Eksperiment

   4. Zamechanie

   5. Opredelenie IPsec

   6. Ustanovka IPsec

   7. src/sys/i386/conf/KERNELNAME

   8. Universal'nyj Statisticheskij Test Maurera (razmer bloka - 8 bit)

1. Postanovka zadachi

   Dlya nachala predpolozhim, chto Vy nastroili IPsec. Kak Vy uznaete, chto
   IPsec rabotaet? Nesomnenno, soedineniya ne budet, esli Vy neverno ego
   skonfigurirovali. I ono, konechno, poyavitsya v vyvode komandy netstat(1),
   kogda Vy vsio sdelaete verno. No mozhno li kak-to podtverdit' sam fakt
   funkcionirovaniya IPsec?

2. Reshenie

   Dlya nachala nemnozhko kriptograficheskoj teorii:

    1. SHifrovannye dannye ravnomerno raspredeleny po oblasti opredeleniya,
       to est' kazhdyj simvol imeet maksimal'nuyu `entropiyu;

    2. <<Syrye>> i neszhatye dannye kak pravilo izbytochny, to est' ih
       `entropiya men'she maksimal'no vozmozhnoj.

   Predpolozhim, chto u Vas imeetsya vozmozhnost' izmerit' `entropiyu
   vhodyaschego i ishodyaschego trafika na setevom interfejse. V `etom
   sluchae Vy smozhete legko otlichit' zashifrovannye dannye ot otkrytyh,
   prichiom dazhe v tom sluchae, kogda chast' dannyh v <<rezhime
   shifrovaniya>> peredaiotsya v otkrytom vide, k primeru vneshnie zagolovki
   IP, kotorye ispol'zuyutsya dlya marshrutizacii.

  2.1. MUST

   <<Universal'nyj Statisticheskij Test dlya Generatorov Sluchajnyh CHisel>>
   U`eli Maurera (Ueli Maurer's Universal Statistical Test for Random Bit
   Generators), sokraschionno MUST pozvolyaet bystro izmerit' `entropiyu
   posledovatel'nogo nabora dannyh. Ispol'zuemyj algoritm pohozh na algoritm
   szhatiya. V prilozhenii privedion ishodnyj kod, pozvolyayuschij izmeryat'
   `entropiyu posledovatel'nyh kuskov dannyh razmerom okolo chetverti
   megabajta.

  2.2. Tcpdump

   Eschio nam nuzhen sposob sohraneniya informacii, prohodyaschej cherez
   interfejs. Programma tcpdump(1) pozvolyaet sdelat' `eto v sluchae, esli Vy
   skonfigurirovali svoio yadro s podderzhkoj Paketnogo Fil'tra Berkli
   (Berkeley Packet Filter).

   Komanda

 tcpdump -c 4000 -s 10000 -w dumpfile.bin

   sohranit 4000 paketov v fajl dumpfile.bin. V dannom primere ob"iom
   zapisyvaemoj informacii v kazhdom pakete ne mozhet prevyshat' 10,000
   bajtov.

3. `Eksperiment

   Povtorite sleduyuschie shagi `eksperimenta:

    1. Otkrojte dva okna terminala i svyazhites' v odnom iz nih s
       kakim-nibud' komp'yuterom cherez kanal IPsec, a v drugom - s obychnym,
       <<nezaschischionnym>> komp'yuterom.

    2. Teper' nachnite sohranyat' pakety.

    3. V <<shifrovannom>> okne zapustite komandu UNIX(R) yes(1), kotoraya
       budet vydavat' beskonechnyj potok simvolov y. Nemnozhko podozhdite i
       zavershite eio. Zatem pereklyuchites' v obychnoe okno (ne
       ispol'zuyuschee kanal IPsec) i sdelajte to zhe samoe.

    4. Zaklyuchitel'nyj `etap: zapustite MUST, peredav emu dlya obrabotki
       tol'ko chto sohranionnye pakety cherez komandnuyu stroku. Vy dolzhny
       uvidet' chto-to vrode izobrazhionnogo chut' nizhe. Zamet'te, chto
       bezopasnoe soedinenie imeet 93% (6,7) ot ozhidaemogo znacheniya
       (7,18), a obychnoe soedinenie - vsego lish' 29% (2,1).

 % tcpdump -c 4000 -s 10000 -w ipsecdemo.bin
 % uliscan ipsecdemo.bin

 Uliscan 21 Dec 98
 L=8 256 258560
 Measuring file ipsecdemo.bin
 Init done
 Expected value for L=8 is 7.1836656
 6.9396 --------------------------------------------------------
 6.6177 -----------------------------------------------------
 6.4100 ---------------------------------------------------
 2.1101 -----------------
 2.0838 -----------------
 2.0983 -----------------

4. Zamechanie

   `Etot `eksperiment pokazyvaet, chto IPsec dejstvitel'no raspredelyaet
   peredavaemye bajty po oblasti opredeleniya ravnomerno, kak i lyuboe drugoe
   shifrovanie. Odnako `etot metod ne mozhet obnaruzhit' mnozhestvo drugih
   iz"yanov v sisteme (hotya ya takovyh ne znayu). Dlya primera mozhno
   privesti plohie algoritmy generacii ili obmena klyuchami, narushenie
   konfidencial'nosti dannyh ili klyuchej, ispol'zovanie slabyh v
   kriptograficheskom smysle algoritmov, vzlom yadra i t. d. Izuchajte
   ishodnyj kod, uznavajte, chto tam proishodit.

5. Opredelenie IPsec

   IPsec predstavlyaet soboj protokol bezopasnogo obmena informaciej po
   Internet. Suschestvuet v vide rasshireniya k IPv4; yavlyaetsya
   neot"emlemoj chast'yu IPv6. Soderzhit v sebe protokol shifrovaniya i
   autentifikacii na urovne IP (mezhmashinnoe <<host-to-host>>
   vzaimodejstvie). SSL zaschischaet tol'ko lish' konkretnyj prikladnoj
   soket; SSH zaschischaet vhod na mashinu; PGP zaschischaet opredelionnyj
   fajl ili pis'mo. IPsec shifruet vsyu informaciyu, peredavaemuyu mezhdu
   dvumya mashinami.

6. Ustanovka IPsec

   Bol'shinstvo sovremennyh versij FreeBSD uzhe imeyut podderzhku IPsec.
   Veroyatno, Vy dolzhny budete lish' dobavit' opciyu IPsec v
   konfiguracionnyj fajl yadra, i posle sborki i installyacii novogo yadra,
   skonfigurirovat' soedinenie IPsec s pomosch'yu komandy setkey(8).

   Bolee podrobno o tom, kak zapustit' IPsec vo FreeBSD mozhno prochest' v
   Rukovodstve pol'zovatelya.

7. src/sys/i386/conf/KERNELNAME

   Dlya togo, chtoby zahvatyvat' setevoj trafik pri pomoschi tcpdump(1),
   sleduyuschie stroki dolzhny prisutstvovat' v konfiguracionnom fajle yadra.
   Ne zabud'te posle modifikacii zapustit' config(8), i, kak obychno,
   peresobrat' i ustanovit' novoe yadro.

 device  bpf

8. Universal'nyj Statisticheskij Test Maurera (razmer bloka - 8 bit)

   Original nizheprivedionnogo koda nahoditsya po `etomu adresu.

 /*
   ULISCAN.c   ---blocksize of 8

   1 Oct 98
   1 Dec 98
   21 Dec 98       uliscan.c derived from ueli8.c

   This version has // comments removed for Sun cc

   This implements Ueli M Maurer's "Universal Statistical Test for Random
   Bit Generators" using L=8

   Accepts a filename on the command line; writes its results, with other
   info, to stdout.

   Handles input file exhaustion gracefully.

   Ref: J. Cryptology v 5 no 2, 1992 pp 89-105
   also on the web somewhere, which is where I found it.

   -David Honig
   honig@sprynet.com

   Usage:
   ULISCAN filename
   outputs to stdout
 */

 #define L 8
 #define V (1<<L)
 #define Q (10*V)
 #define K (100   *Q)
 #define MAXSAMP (Q + K)

 #include <stdio.h>
 #include <math.h>

 int main(argc, argv)
 int argc;
 char **argv;
 {
   FILE *fptr;
   int i,j;
   int b, c;
   int table[V];
   double sum = 0.0;
   int iproduct = 1;
   int run;

   extern double   log(/* double x */);

   printf("Uliscan 21 Dec 98 \nL=%d %d %d \n", L, V, MAXSAMP);

   if (argc < 2) {
     printf("Usage: Uliscan filename\n");
     exit(-1);
   } else {
     printf("Measuring file %s\n", argv[1]);
   }

   fptr = fopen(argv[1],"rb");

   if (fptr == NULL) {
     printf("Can't find %s\n", argv[1]);
     exit(-1);
   }

   for (i = 0; i < V; i++) {
     table[i] = 0;
   }

   for (i = 0; i < Q; i++) {
     b = fgetc(fptr);
     table[b] = i;
   }

   printf("Init done\n");

   printf("Expected value for L=8 is 7.1836656\n");

   run = 1;

   while (run) {
     sum = 0.0;
     iproduct = 1;

     if (run)
       for (i = Q; run && i < Q + K; i++) {
         j = i;
         b = fgetc(fptr);

         if (b < 0)
           run = 0;

         if (run) {
           if (table[b] > j)
             j += K;

           sum += log((double)(j-table[b]));

           table[b] = i;
         }
       }

     if (!run)
       printf("Premature end of file; read %d blocks.\n", i - Q);

     sum = (sum/((double)(i - Q))) /  log(2.0);
     printf("%4.4f ", sum);

     for (i = 0; i < (int)(sum*8.0 + 0.50); i++)
       printf("-");

     printf("\n");

     /* refill initial table */
     if (0) {
       for (i = 0; i < Q; i++) {
         b = fgetc(fptr);
         if (b < 0) {
           run = 0;
         } else {
           table[b] = i;
         }
       }
     }
   }
 }
