blob: 35b1c1f5f6d25804b9a5a71ecdab138b30ce2de0 [file] [log] [blame]
Havard Skinnemoen326ccfe2020-10-23 14:06:35 -07001/*
2 * QTest testcase for the Nuvoton NPCM7xx Random Number Generator
3 *
4 * Copyright 2020 Google LLC
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17#include "qemu/osdep.h"
18
19#include <math.h>
20
21#include "libqtest-single.h"
22#include "qemu/bitops.h"
Marc-André Lureau415b7322022-03-23 19:57:32 +040023#include "qemu/cutils.h"
Havard Skinnemoen326ccfe2020-10-23 14:06:35 -070024
25#define RNG_BASE_ADDR 0xf000b000
26
27/* Control and Status Register */
28#define RNGCS 0x00
29# define DVALID BIT(1) /* Data Valid */
30# define RNGE BIT(0) /* RNG Enable */
31/* Data Register */
32#define RNGD 0x04
33/* Mode Register */
34#define RNGMODE 0x08
35# define ROSEL_NORMAL (2) /* RNG only works in this mode */
36
37/* Number of bits to collect for randomness tests. */
38#define TEST_INPUT_BITS (128)
39
Havard Skinnemoen1af979b2020-11-02 17:14:57 -080040static void dump_buf_if_failed(const uint8_t *buf, size_t size)
41{
42 if (g_test_failed()) {
43 qemu_hexdump(stderr, "", buf, size);
44 }
45}
46
Havard Skinnemoen326ccfe2020-10-23 14:06:35 -070047static void rng_writeb(unsigned int offset, uint8_t value)
48{
49 writeb(RNG_BASE_ADDR + offset, value);
50}
51
52static uint8_t rng_readb(unsigned int offset)
53{
54 return readb(RNG_BASE_ADDR + offset);
55}
56
57/* Disable RNG and set normal ring oscillator mode. */
58static void rng_reset(void)
59{
60 rng_writeb(RNGCS, 0);
61 rng_writeb(RNGMODE, ROSEL_NORMAL);
62}
63
64/* Reset RNG and then enable it. */
65static void rng_reset_enable(void)
66{
67 rng_reset();
68 rng_writeb(RNGCS, RNGE);
69}
70
71/* Wait until Data Valid bit is set. */
72static bool rng_wait_ready(void)
73{
74 /* qemu_guest_getrandom may fail. Assume it won't fail 10 times in a row. */
75 int retries = 10;
76
77 while (retries-- > 0) {
78 if (rng_readb(RNGCS) & DVALID) {
79 return true;
80 }
81 }
82
83 return false;
84}
85
86/*
87 * Perform a frequency (monobit) test, as defined by NIST SP 800-22, on the
88 * sequence in buf and return the P-value. This represents the probability of a
89 * truly random sequence having the same proportion of zeros and ones as the
90 * sequence in buf.
91 *
92 * An RNG which always returns 0x00 or 0xff, or has some bits stuck at 0 or 1,
93 * will fail this test. However, an RNG which always returns 0x55, 0xf0 or some
94 * other value with an equal number of zeroes and ones will pass.
95 */
96static double calc_monobit_p(const uint8_t *buf, unsigned int len)
97{
98 unsigned int i;
99 double s_obs;
100 int sn = 0;
101
102 for (i = 0; i < len; i++) {
103 /*
104 * Each 1 counts as 1, each 0 counts as -1.
105 * s = cp - (8 - cp) = 2 * cp - 8
106 */
107 sn += 2 * ctpop8(buf[i]) - 8;
108 }
109
110 s_obs = abs(sn) / sqrt(len * BITS_PER_BYTE);
111
112 return erfc(s_obs / sqrt(2));
113}
114
115/*
116 * Perform a runs test, as defined by NIST SP 800-22, and return the P-value.
117 * This represents the probability of a truly random sequence having the same
118 * number of runs (i.e. uninterrupted sequences of identical bits) as the
119 * sequence in buf.
120 */
121static double calc_runs_p(const unsigned long *buf, unsigned int nr_bits)
122{
123 unsigned int j;
124 unsigned int k;
125 int nr_ones = 0;
126 int vn_obs = 0;
127 double pi;
128
129 g_assert(nr_bits % BITS_PER_LONG == 0);
130
131 for (j = 0; j < nr_bits / BITS_PER_LONG; j++) {
132 nr_ones += __builtin_popcountl(buf[j]);
133 }
134 pi = (double)nr_ones / nr_bits;
135
136 for (k = 0; k < nr_bits - 1; k++) {
Havard Skinnemoen8006c982020-11-02 17:14:55 -0800137 vn_obs += (test_bit(k, buf) ^ test_bit(k + 1, buf));
Havard Skinnemoen326ccfe2020-10-23 14:06:35 -0700138 }
139 vn_obs += 1;
140
141 return erfc(fabs(vn_obs - 2 * nr_bits * pi * (1.0 - pi))
142 / (2 * sqrt(2 * nr_bits) * pi * (1.0 - pi)));
143}
144
145/*
146 * Verifies that DVALID is clear, and RNGD reads zero, when RNGE is cleared,
147 * and DVALID eventually becomes set when RNGE is set.
148 */
149static void test_enable_disable(void)
150{
151 /* Disable: DVALID should not be set, and RNGD should read zero */
152 rng_reset();
153 g_assert_cmphex(rng_readb(RNGCS), ==, 0);
154 g_assert_cmphex(rng_readb(RNGD), ==, 0);
155
156 /* Enable: DVALID should be set, but we can't make assumptions about RNGD */
157 rng_writeb(RNGCS, RNGE);
158 g_assert_true(rng_wait_ready());
159 g_assert_cmphex(rng_readb(RNGCS), ==, DVALID | RNGE);
160
161 /* Disable: DVALID should not be set, and RNGD should read zero */
162 rng_writeb(RNGCS, 0);
163 g_assert_cmphex(rng_readb(RNGCS), ==, 0);
164 g_assert_cmphex(rng_readb(RNGD), ==, 0);
165}
166
167/*
168 * Verifies that the RNG only produces data when RNGMODE is set to 'normal'
169 * ring oscillator mode.
170 */
171static void test_rosel(void)
172{
173 rng_reset_enable();
174 g_assert_true(rng_wait_ready());
175 rng_writeb(RNGMODE, 0);
176 g_assert_false(rng_wait_ready());
177 rng_writeb(RNGMODE, ROSEL_NORMAL);
178 g_assert_true(rng_wait_ready());
179 rng_writeb(RNGMODE, 0);
180 g_assert_false(rng_wait_ready());
181}
182
183/*
184 * Verifies that a continuous sequence of bits collected after enabling the RNG
185 * satisfies a monobit test.
186 */
187static void test_continuous_monobit(void)
188{
189 uint8_t buf[TEST_INPUT_BITS / BITS_PER_BYTE];
190 unsigned int i;
191
192 rng_reset_enable();
193 for (i = 0; i < sizeof(buf); i++) {
194 g_assert_true(rng_wait_ready());
195 buf[i] = rng_readb(RNGD);
196 }
197
198 g_assert_cmpfloat(calc_monobit_p(buf, sizeof(buf)), >, 0.01);
Havard Skinnemoen1af979b2020-11-02 17:14:57 -0800199 dump_buf_if_failed(buf, sizeof(buf));
Havard Skinnemoen326ccfe2020-10-23 14:06:35 -0700200}
201
202/*
203 * Verifies that a continuous sequence of bits collected after enabling the RNG
204 * satisfies a runs test.
205 */
206static void test_continuous_runs(void)
207{
208 union {
209 unsigned long l[TEST_INPUT_BITS / BITS_PER_LONG];
210 uint8_t c[TEST_INPUT_BITS / BITS_PER_BYTE];
211 } buf;
212 unsigned int i;
213
214 rng_reset_enable();
215 for (i = 0; i < sizeof(buf); i++) {
216 g_assert_true(rng_wait_ready());
217 buf.c[i] = rng_readb(RNGD);
218 }
219
220 g_assert_cmpfloat(calc_runs_p(buf.l, sizeof(buf) * BITS_PER_BYTE), >, 0.01);
Havard Skinnemoen1af979b2020-11-02 17:14:57 -0800221 dump_buf_if_failed(buf.c, sizeof(buf));
Havard Skinnemoen326ccfe2020-10-23 14:06:35 -0700222}
223
224/*
225 * Verifies that the first data byte collected after enabling the RNG satisfies
226 * a monobit test.
227 */
228static void test_first_byte_monobit(void)
229{
230 /* Enable, collect one byte, disable. Repeat until we have 100 bits. */
231 uint8_t buf[TEST_INPUT_BITS / BITS_PER_BYTE];
232 unsigned int i;
233
234 rng_reset();
235 for (i = 0; i < sizeof(buf); i++) {
236 rng_writeb(RNGCS, RNGE);
237 g_assert_true(rng_wait_ready());
238 buf[i] = rng_readb(RNGD);
239 rng_writeb(RNGCS, 0);
240 }
241
242 g_assert_cmpfloat(calc_monobit_p(buf, sizeof(buf)), >, 0.01);
Havard Skinnemoen1af979b2020-11-02 17:14:57 -0800243 dump_buf_if_failed(buf, sizeof(buf));
Havard Skinnemoen326ccfe2020-10-23 14:06:35 -0700244}
245
246/*
247 * Verifies that the first data byte collected after enabling the RNG satisfies
248 * a runs test.
249 */
250static void test_first_byte_runs(void)
251{
252 /* Enable, collect one byte, disable. Repeat until we have 100 bits. */
253 union {
254 unsigned long l[TEST_INPUT_BITS / BITS_PER_LONG];
255 uint8_t c[TEST_INPUT_BITS / BITS_PER_BYTE];
256 } buf;
257 unsigned int i;
258
259 rng_reset();
260 for (i = 0; i < sizeof(buf); i++) {
261 rng_writeb(RNGCS, RNGE);
262 g_assert_true(rng_wait_ready());
263 buf.c[i] = rng_readb(RNGD);
264 rng_writeb(RNGCS, 0);
265 }
266
267 g_assert_cmpfloat(calc_runs_p(buf.l, sizeof(buf) * BITS_PER_BYTE), >, 0.01);
Havard Skinnemoen1af979b2020-11-02 17:14:57 -0800268 dump_buf_if_failed(buf.c, sizeof(buf));
Havard Skinnemoen326ccfe2020-10-23 14:06:35 -0700269}
270
271int main(int argc, char **argv)
272{
273 int ret;
274
275 g_test_init(&argc, &argv, NULL);
276 g_test_set_nonfatal_assertions();
277
278 qtest_add_func("npcm7xx_rng/enable_disable", test_enable_disable);
279 qtest_add_func("npcm7xx_rng/rosel", test_rosel);
Peter Maydellffb4fbf2020-11-02 16:52:18 +0000280 /*
281 * These tests fail intermittently; only run them on explicit
282 * request until we figure out why.
283 */
284 if (getenv("QEMU_TEST_FLAKY_RNG_TESTS")) {
285 qtest_add_func("npcm7xx_rng/continuous/monobit", test_continuous_monobit);
286 qtest_add_func("npcm7xx_rng/continuous/runs", test_continuous_runs);
287 qtest_add_func("npcm7xx_rng/first_byte/monobit", test_first_byte_monobit);
288 qtest_add_func("npcm7xx_rng/first_byte/runs", test_first_byte_runs);
289 }
Havard Skinnemoen326ccfe2020-10-23 14:06:35 -0700290
291 qtest_start("-machine npcm750-evb");
292 ret = g_test_run();
293 qtest_end();
294
295 return ret;
296}