Havard Skinnemoen | 326ccfe | 2020-10-23 14:06:35 -0700 | [diff] [blame] | 1 | /* |
| 2 | * QTest testcase for the Nuvoton NPCM7xx Random Number Generator |
| 3 | * |
| 4 | * Copyright 2020 Google LLC |
| 5 | * |
| 6 | * This program is free software; you can redistribute it and/or modify it |
| 7 | * under the terms of the GNU General Public License as published by the |
| 8 | * Free Software Foundation; either version 2 of the License, or |
| 9 | * (at your option) any later version. |
| 10 | * |
| 11 | * This program is distributed in the hope that it will be useful, but WITHOUT |
| 12 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
| 13 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
| 14 | * for more details. |
| 15 | */ |
| 16 | |
| 17 | #include "qemu/osdep.h" |
| 18 | |
| 19 | #include <math.h> |
| 20 | |
| 21 | #include "libqtest-single.h" |
| 22 | #include "qemu/bitops.h" |
Marc-André Lureau | 415b732 | 2022-03-23 19:57:32 +0400 | [diff] [blame] | 23 | #include "qemu/cutils.h" |
Havard Skinnemoen | 326ccfe | 2020-10-23 14:06:35 -0700 | [diff] [blame] | 24 | |
| 25 | #define RNG_BASE_ADDR 0xf000b000 |
| 26 | |
| 27 | /* Control and Status Register */ |
| 28 | #define RNGCS 0x00 |
| 29 | # define DVALID BIT(1) /* Data Valid */ |
| 30 | # define RNGE BIT(0) /* RNG Enable */ |
| 31 | /* Data Register */ |
| 32 | #define RNGD 0x04 |
| 33 | /* Mode Register */ |
| 34 | #define RNGMODE 0x08 |
| 35 | # define ROSEL_NORMAL (2) /* RNG only works in this mode */ |
| 36 | |
| 37 | /* Number of bits to collect for randomness tests. */ |
| 38 | #define TEST_INPUT_BITS (128) |
| 39 | |
Havard Skinnemoen | 1af979b | 2020-11-02 17:14:57 -0800 | [diff] [blame] | 40 | static void dump_buf_if_failed(const uint8_t *buf, size_t size) |
| 41 | { |
| 42 | if (g_test_failed()) { |
| 43 | qemu_hexdump(stderr, "", buf, size); |
| 44 | } |
| 45 | } |
| 46 | |
Havard Skinnemoen | 326ccfe | 2020-10-23 14:06:35 -0700 | [diff] [blame] | 47 | static void rng_writeb(unsigned int offset, uint8_t value) |
| 48 | { |
| 49 | writeb(RNG_BASE_ADDR + offset, value); |
| 50 | } |
| 51 | |
| 52 | static uint8_t rng_readb(unsigned int offset) |
| 53 | { |
| 54 | return readb(RNG_BASE_ADDR + offset); |
| 55 | } |
| 56 | |
| 57 | /* Disable RNG and set normal ring oscillator mode. */ |
| 58 | static void rng_reset(void) |
| 59 | { |
| 60 | rng_writeb(RNGCS, 0); |
| 61 | rng_writeb(RNGMODE, ROSEL_NORMAL); |
| 62 | } |
| 63 | |
| 64 | /* Reset RNG and then enable it. */ |
| 65 | static void rng_reset_enable(void) |
| 66 | { |
| 67 | rng_reset(); |
| 68 | rng_writeb(RNGCS, RNGE); |
| 69 | } |
| 70 | |
| 71 | /* Wait until Data Valid bit is set. */ |
| 72 | static bool rng_wait_ready(void) |
| 73 | { |
| 74 | /* qemu_guest_getrandom may fail. Assume it won't fail 10 times in a row. */ |
| 75 | int retries = 10; |
| 76 | |
| 77 | while (retries-- > 0) { |
| 78 | if (rng_readb(RNGCS) & DVALID) { |
| 79 | return true; |
| 80 | } |
| 81 | } |
| 82 | |
| 83 | return false; |
| 84 | } |
| 85 | |
| 86 | /* |
| 87 | * Perform a frequency (monobit) test, as defined by NIST SP 800-22, on the |
| 88 | * sequence in buf and return the P-value. This represents the probability of a |
| 89 | * truly random sequence having the same proportion of zeros and ones as the |
| 90 | * sequence in buf. |
| 91 | * |
| 92 | * An RNG which always returns 0x00 or 0xff, or has some bits stuck at 0 or 1, |
| 93 | * will fail this test. However, an RNG which always returns 0x55, 0xf0 or some |
| 94 | * other value with an equal number of zeroes and ones will pass. |
| 95 | */ |
| 96 | static double calc_monobit_p(const uint8_t *buf, unsigned int len) |
| 97 | { |
| 98 | unsigned int i; |
| 99 | double s_obs; |
| 100 | int sn = 0; |
| 101 | |
| 102 | for (i = 0; i < len; i++) { |
| 103 | /* |
| 104 | * Each 1 counts as 1, each 0 counts as -1. |
| 105 | * s = cp - (8 - cp) = 2 * cp - 8 |
| 106 | */ |
| 107 | sn += 2 * ctpop8(buf[i]) - 8; |
| 108 | } |
| 109 | |
| 110 | s_obs = abs(sn) / sqrt(len * BITS_PER_BYTE); |
| 111 | |
| 112 | return erfc(s_obs / sqrt(2)); |
| 113 | } |
| 114 | |
| 115 | /* |
| 116 | * Perform a runs test, as defined by NIST SP 800-22, and return the P-value. |
| 117 | * This represents the probability of a truly random sequence having the same |
| 118 | * number of runs (i.e. uninterrupted sequences of identical bits) as the |
| 119 | * sequence in buf. |
| 120 | */ |
| 121 | static double calc_runs_p(const unsigned long *buf, unsigned int nr_bits) |
| 122 | { |
| 123 | unsigned int j; |
| 124 | unsigned int k; |
| 125 | int nr_ones = 0; |
| 126 | int vn_obs = 0; |
| 127 | double pi; |
| 128 | |
| 129 | g_assert(nr_bits % BITS_PER_LONG == 0); |
| 130 | |
| 131 | for (j = 0; j < nr_bits / BITS_PER_LONG; j++) { |
| 132 | nr_ones += __builtin_popcountl(buf[j]); |
| 133 | } |
| 134 | pi = (double)nr_ones / nr_bits; |
| 135 | |
| 136 | for (k = 0; k < nr_bits - 1; k++) { |
Havard Skinnemoen | 8006c98 | 2020-11-02 17:14:55 -0800 | [diff] [blame] | 137 | vn_obs += (test_bit(k, buf) ^ test_bit(k + 1, buf)); |
Havard Skinnemoen | 326ccfe | 2020-10-23 14:06:35 -0700 | [diff] [blame] | 138 | } |
| 139 | vn_obs += 1; |
| 140 | |
| 141 | return erfc(fabs(vn_obs - 2 * nr_bits * pi * (1.0 - pi)) |
| 142 | / (2 * sqrt(2 * nr_bits) * pi * (1.0 - pi))); |
| 143 | } |
| 144 | |
| 145 | /* |
| 146 | * Verifies that DVALID is clear, and RNGD reads zero, when RNGE is cleared, |
| 147 | * and DVALID eventually becomes set when RNGE is set. |
| 148 | */ |
| 149 | static void test_enable_disable(void) |
| 150 | { |
| 151 | /* Disable: DVALID should not be set, and RNGD should read zero */ |
| 152 | rng_reset(); |
| 153 | g_assert_cmphex(rng_readb(RNGCS), ==, 0); |
| 154 | g_assert_cmphex(rng_readb(RNGD), ==, 0); |
| 155 | |
| 156 | /* Enable: DVALID should be set, but we can't make assumptions about RNGD */ |
| 157 | rng_writeb(RNGCS, RNGE); |
| 158 | g_assert_true(rng_wait_ready()); |
| 159 | g_assert_cmphex(rng_readb(RNGCS), ==, DVALID | RNGE); |
| 160 | |
| 161 | /* Disable: DVALID should not be set, and RNGD should read zero */ |
| 162 | rng_writeb(RNGCS, 0); |
| 163 | g_assert_cmphex(rng_readb(RNGCS), ==, 0); |
| 164 | g_assert_cmphex(rng_readb(RNGD), ==, 0); |
| 165 | } |
| 166 | |
| 167 | /* |
| 168 | * Verifies that the RNG only produces data when RNGMODE is set to 'normal' |
| 169 | * ring oscillator mode. |
| 170 | */ |
| 171 | static void test_rosel(void) |
| 172 | { |
| 173 | rng_reset_enable(); |
| 174 | g_assert_true(rng_wait_ready()); |
| 175 | rng_writeb(RNGMODE, 0); |
| 176 | g_assert_false(rng_wait_ready()); |
| 177 | rng_writeb(RNGMODE, ROSEL_NORMAL); |
| 178 | g_assert_true(rng_wait_ready()); |
| 179 | rng_writeb(RNGMODE, 0); |
| 180 | g_assert_false(rng_wait_ready()); |
| 181 | } |
| 182 | |
| 183 | /* |
| 184 | * Verifies that a continuous sequence of bits collected after enabling the RNG |
| 185 | * satisfies a monobit test. |
| 186 | */ |
| 187 | static void test_continuous_monobit(void) |
| 188 | { |
| 189 | uint8_t buf[TEST_INPUT_BITS / BITS_PER_BYTE]; |
| 190 | unsigned int i; |
| 191 | |
| 192 | rng_reset_enable(); |
| 193 | for (i = 0; i < sizeof(buf); i++) { |
| 194 | g_assert_true(rng_wait_ready()); |
| 195 | buf[i] = rng_readb(RNGD); |
| 196 | } |
| 197 | |
| 198 | g_assert_cmpfloat(calc_monobit_p(buf, sizeof(buf)), >, 0.01); |
Havard Skinnemoen | 1af979b | 2020-11-02 17:14:57 -0800 | [diff] [blame] | 199 | dump_buf_if_failed(buf, sizeof(buf)); |
Havard Skinnemoen | 326ccfe | 2020-10-23 14:06:35 -0700 | [diff] [blame] | 200 | } |
| 201 | |
| 202 | /* |
| 203 | * Verifies that a continuous sequence of bits collected after enabling the RNG |
| 204 | * satisfies a runs test. |
| 205 | */ |
| 206 | static void test_continuous_runs(void) |
| 207 | { |
| 208 | union { |
| 209 | unsigned long l[TEST_INPUT_BITS / BITS_PER_LONG]; |
| 210 | uint8_t c[TEST_INPUT_BITS / BITS_PER_BYTE]; |
| 211 | } buf; |
| 212 | unsigned int i; |
| 213 | |
| 214 | rng_reset_enable(); |
| 215 | for (i = 0; i < sizeof(buf); i++) { |
| 216 | g_assert_true(rng_wait_ready()); |
| 217 | buf.c[i] = rng_readb(RNGD); |
| 218 | } |
| 219 | |
| 220 | g_assert_cmpfloat(calc_runs_p(buf.l, sizeof(buf) * BITS_PER_BYTE), >, 0.01); |
Havard Skinnemoen | 1af979b | 2020-11-02 17:14:57 -0800 | [diff] [blame] | 221 | dump_buf_if_failed(buf.c, sizeof(buf)); |
Havard Skinnemoen | 326ccfe | 2020-10-23 14:06:35 -0700 | [diff] [blame] | 222 | } |
| 223 | |
| 224 | /* |
| 225 | * Verifies that the first data byte collected after enabling the RNG satisfies |
| 226 | * a monobit test. |
| 227 | */ |
| 228 | static void test_first_byte_monobit(void) |
| 229 | { |
| 230 | /* Enable, collect one byte, disable. Repeat until we have 100 bits. */ |
| 231 | uint8_t buf[TEST_INPUT_BITS / BITS_PER_BYTE]; |
| 232 | unsigned int i; |
| 233 | |
| 234 | rng_reset(); |
| 235 | for (i = 0; i < sizeof(buf); i++) { |
| 236 | rng_writeb(RNGCS, RNGE); |
| 237 | g_assert_true(rng_wait_ready()); |
| 238 | buf[i] = rng_readb(RNGD); |
| 239 | rng_writeb(RNGCS, 0); |
| 240 | } |
| 241 | |
| 242 | g_assert_cmpfloat(calc_monobit_p(buf, sizeof(buf)), >, 0.01); |
Havard Skinnemoen | 1af979b | 2020-11-02 17:14:57 -0800 | [diff] [blame] | 243 | dump_buf_if_failed(buf, sizeof(buf)); |
Havard Skinnemoen | 326ccfe | 2020-10-23 14:06:35 -0700 | [diff] [blame] | 244 | } |
| 245 | |
| 246 | /* |
| 247 | * Verifies that the first data byte collected after enabling the RNG satisfies |
| 248 | * a runs test. |
| 249 | */ |
| 250 | static void test_first_byte_runs(void) |
| 251 | { |
| 252 | /* Enable, collect one byte, disable. Repeat until we have 100 bits. */ |
| 253 | union { |
| 254 | unsigned long l[TEST_INPUT_BITS / BITS_PER_LONG]; |
| 255 | uint8_t c[TEST_INPUT_BITS / BITS_PER_BYTE]; |
| 256 | } buf; |
| 257 | unsigned int i; |
| 258 | |
| 259 | rng_reset(); |
| 260 | for (i = 0; i < sizeof(buf); i++) { |
| 261 | rng_writeb(RNGCS, RNGE); |
| 262 | g_assert_true(rng_wait_ready()); |
| 263 | buf.c[i] = rng_readb(RNGD); |
| 264 | rng_writeb(RNGCS, 0); |
| 265 | } |
| 266 | |
| 267 | g_assert_cmpfloat(calc_runs_p(buf.l, sizeof(buf) * BITS_PER_BYTE), >, 0.01); |
Havard Skinnemoen | 1af979b | 2020-11-02 17:14:57 -0800 | [diff] [blame] | 268 | dump_buf_if_failed(buf.c, sizeof(buf)); |
Havard Skinnemoen | 326ccfe | 2020-10-23 14:06:35 -0700 | [diff] [blame] | 269 | } |
| 270 | |
| 271 | int main(int argc, char **argv) |
| 272 | { |
| 273 | int ret; |
| 274 | |
| 275 | g_test_init(&argc, &argv, NULL); |
| 276 | g_test_set_nonfatal_assertions(); |
| 277 | |
| 278 | qtest_add_func("npcm7xx_rng/enable_disable", test_enable_disable); |
| 279 | qtest_add_func("npcm7xx_rng/rosel", test_rosel); |
Peter Maydell | ffb4fbf | 2020-11-02 16:52:18 +0000 | [diff] [blame] | 280 | /* |
| 281 | * These tests fail intermittently; only run them on explicit |
| 282 | * request until we figure out why. |
| 283 | */ |
| 284 | if (getenv("QEMU_TEST_FLAKY_RNG_TESTS")) { |
| 285 | qtest_add_func("npcm7xx_rng/continuous/monobit", test_continuous_monobit); |
| 286 | qtest_add_func("npcm7xx_rng/continuous/runs", test_continuous_runs); |
| 287 | qtest_add_func("npcm7xx_rng/first_byte/monobit", test_first_byte_monobit); |
| 288 | qtest_add_func("npcm7xx_rng/first_byte/runs", test_first_byte_runs); |
| 289 | } |
Havard Skinnemoen | 326ccfe | 2020-10-23 14:06:35 -0700 | [diff] [blame] | 290 | |
| 291 | qtest_start("-machine npcm750-evb"); |
| 292 | ret = g_test_run(); |
| 293 | qtest_end(); |
| 294 | |
| 295 | return ret; |
| 296 | } |