]>
Commit | Line | Data |
---|---|---|
326ccfe2 HS |
1 | /* |
2 | * QTest testcase for the Nuvoton NPCM7xx Random Number Generator | |
3 | * | |
4 | * Copyright 2020 Google LLC | |
5 | * | |
6 | * This program is free software; you can redistribute it and/or modify it | |
7 | * under the terms of the GNU General Public License as published by the | |
8 | * Free Software Foundation; either version 2 of the License, or | |
9 | * (at your option) any later version. | |
10 | * | |
11 | * This program is distributed in the hope that it will be useful, but WITHOUT | |
12 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or | |
13 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
14 | * for more details. | |
15 | */ | |
16 | ||
17 | #include "qemu/osdep.h" | |
18 | ||
19 | #include <math.h> | |
20 | ||
21 | #include "libqtest-single.h" | |
22 | #include "qemu/bitops.h" | |
23 | ||
24 | #define RNG_BASE_ADDR 0xf000b000 | |
25 | ||
26 | /* Control and Status Register */ | |
27 | #define RNGCS 0x00 | |
28 | # define DVALID BIT(1) /* Data Valid */ | |
29 | # define RNGE BIT(0) /* RNG Enable */ | |
30 | /* Data Register */ | |
31 | #define RNGD 0x04 | |
32 | /* Mode Register */ | |
33 | #define RNGMODE 0x08 | |
34 | # define ROSEL_NORMAL (2) /* RNG only works in this mode */ | |
35 | ||
36 | /* Number of bits to collect for randomness tests. */ | |
37 | #define TEST_INPUT_BITS (128) | |
38 | ||
39 | static void rng_writeb(unsigned int offset, uint8_t value) | |
40 | { | |
41 | writeb(RNG_BASE_ADDR + offset, value); | |
42 | } | |
43 | ||
44 | static uint8_t rng_readb(unsigned int offset) | |
45 | { | |
46 | return readb(RNG_BASE_ADDR + offset); | |
47 | } | |
48 | ||
49 | /* Disable RNG and set normal ring oscillator mode. */ | |
50 | static void rng_reset(void) | |
51 | { | |
52 | rng_writeb(RNGCS, 0); | |
53 | rng_writeb(RNGMODE, ROSEL_NORMAL); | |
54 | } | |
55 | ||
56 | /* Reset RNG and then enable it. */ | |
57 | static void rng_reset_enable(void) | |
58 | { | |
59 | rng_reset(); | |
60 | rng_writeb(RNGCS, RNGE); | |
61 | } | |
62 | ||
63 | /* Wait until Data Valid bit is set. */ | |
64 | static bool rng_wait_ready(void) | |
65 | { | |
66 | /* qemu_guest_getrandom may fail. Assume it won't fail 10 times in a row. */ | |
67 | int retries = 10; | |
68 | ||
69 | while (retries-- > 0) { | |
70 | if (rng_readb(RNGCS) & DVALID) { | |
71 | return true; | |
72 | } | |
73 | } | |
74 | ||
75 | return false; | |
76 | } | |
77 | ||
78 | /* | |
79 | * Perform a frequency (monobit) test, as defined by NIST SP 800-22, on the | |
80 | * sequence in buf and return the P-value. This represents the probability of a | |
81 | * truly random sequence having the same proportion of zeros and ones as the | |
82 | * sequence in buf. | |
83 | * | |
84 | * An RNG which always returns 0x00 or 0xff, or has some bits stuck at 0 or 1, | |
85 | * will fail this test. However, an RNG which always returns 0x55, 0xf0 or some | |
86 | * other value with an equal number of zeroes and ones will pass. | |
87 | */ | |
88 | static double calc_monobit_p(const uint8_t *buf, unsigned int len) | |
89 | { | |
90 | unsigned int i; | |
91 | double s_obs; | |
92 | int sn = 0; | |
93 | ||
94 | for (i = 0; i < len; i++) { | |
95 | /* | |
96 | * Each 1 counts as 1, each 0 counts as -1. | |
97 | * s = cp - (8 - cp) = 2 * cp - 8 | |
98 | */ | |
99 | sn += 2 * ctpop8(buf[i]) - 8; | |
100 | } | |
101 | ||
102 | s_obs = abs(sn) / sqrt(len * BITS_PER_BYTE); | |
103 | ||
104 | return erfc(s_obs / sqrt(2)); | |
105 | } | |
106 | ||
107 | /* | |
108 | * Perform a runs test, as defined by NIST SP 800-22, and return the P-value. | |
109 | * This represents the probability of a truly random sequence having the same | |
110 | * number of runs (i.e. uninterrupted sequences of identical bits) as the | |
111 | * sequence in buf. | |
112 | */ | |
113 | static double calc_runs_p(const unsigned long *buf, unsigned int nr_bits) | |
114 | { | |
115 | unsigned int j; | |
116 | unsigned int k; | |
117 | int nr_ones = 0; | |
118 | int vn_obs = 0; | |
119 | double pi; | |
120 | ||
121 | g_assert(nr_bits % BITS_PER_LONG == 0); | |
122 | ||
123 | for (j = 0; j < nr_bits / BITS_PER_LONG; j++) { | |
124 | nr_ones += __builtin_popcountl(buf[j]); | |
125 | } | |
126 | pi = (double)nr_ones / nr_bits; | |
127 | ||
128 | for (k = 0; k < nr_bits - 1; k++) { | |
129 | vn_obs += !(test_bit(k, buf) ^ test_bit(k + 1, buf)); | |
130 | } | |
131 | vn_obs += 1; | |
132 | ||
133 | return erfc(fabs(vn_obs - 2 * nr_bits * pi * (1.0 - pi)) | |
134 | / (2 * sqrt(2 * nr_bits) * pi * (1.0 - pi))); | |
135 | } | |
136 | ||
137 | /* | |
138 | * Verifies that DVALID is clear, and RNGD reads zero, when RNGE is cleared, | |
139 | * and DVALID eventually becomes set when RNGE is set. | |
140 | */ | |
141 | static void test_enable_disable(void) | |
142 | { | |
143 | /* Disable: DVALID should not be set, and RNGD should read zero */ | |
144 | rng_reset(); | |
145 | g_assert_cmphex(rng_readb(RNGCS), ==, 0); | |
146 | g_assert_cmphex(rng_readb(RNGD), ==, 0); | |
147 | ||
148 | /* Enable: DVALID should be set, but we can't make assumptions about RNGD */ | |
149 | rng_writeb(RNGCS, RNGE); | |
150 | g_assert_true(rng_wait_ready()); | |
151 | g_assert_cmphex(rng_readb(RNGCS), ==, DVALID | RNGE); | |
152 | ||
153 | /* Disable: DVALID should not be set, and RNGD should read zero */ | |
154 | rng_writeb(RNGCS, 0); | |
155 | g_assert_cmphex(rng_readb(RNGCS), ==, 0); | |
156 | g_assert_cmphex(rng_readb(RNGD), ==, 0); | |
157 | } | |
158 | ||
159 | /* | |
160 | * Verifies that the RNG only produces data when RNGMODE is set to 'normal' | |
161 | * ring oscillator mode. | |
162 | */ | |
163 | static void test_rosel(void) | |
164 | { | |
165 | rng_reset_enable(); | |
166 | g_assert_true(rng_wait_ready()); | |
167 | rng_writeb(RNGMODE, 0); | |
168 | g_assert_false(rng_wait_ready()); | |
169 | rng_writeb(RNGMODE, ROSEL_NORMAL); | |
170 | g_assert_true(rng_wait_ready()); | |
171 | rng_writeb(RNGMODE, 0); | |
172 | g_assert_false(rng_wait_ready()); | |
173 | } | |
174 | ||
175 | /* | |
176 | * Verifies that a continuous sequence of bits collected after enabling the RNG | |
177 | * satisfies a monobit test. | |
178 | */ | |
179 | static void test_continuous_monobit(void) | |
180 | { | |
181 | uint8_t buf[TEST_INPUT_BITS / BITS_PER_BYTE]; | |
182 | unsigned int i; | |
183 | ||
184 | rng_reset_enable(); | |
185 | for (i = 0; i < sizeof(buf); i++) { | |
186 | g_assert_true(rng_wait_ready()); | |
187 | buf[i] = rng_readb(RNGD); | |
188 | } | |
189 | ||
190 | g_assert_cmpfloat(calc_monobit_p(buf, sizeof(buf)), >, 0.01); | |
191 | } | |
192 | ||
193 | /* | |
194 | * Verifies that a continuous sequence of bits collected after enabling the RNG | |
195 | * satisfies a runs test. | |
196 | */ | |
197 | static void test_continuous_runs(void) | |
198 | { | |
199 | union { | |
200 | unsigned long l[TEST_INPUT_BITS / BITS_PER_LONG]; | |
201 | uint8_t c[TEST_INPUT_BITS / BITS_PER_BYTE]; | |
202 | } buf; | |
203 | unsigned int i; | |
204 | ||
205 | rng_reset_enable(); | |
206 | for (i = 0; i < sizeof(buf); i++) { | |
207 | g_assert_true(rng_wait_ready()); | |
208 | buf.c[i] = rng_readb(RNGD); | |
209 | } | |
210 | ||
211 | g_assert_cmpfloat(calc_runs_p(buf.l, sizeof(buf) * BITS_PER_BYTE), >, 0.01); | |
212 | } | |
213 | ||
214 | /* | |
215 | * Verifies that the first data byte collected after enabling the RNG satisfies | |
216 | * a monobit test. | |
217 | */ | |
218 | static void test_first_byte_monobit(void) | |
219 | { | |
220 | /* Enable, collect one byte, disable. Repeat until we have 100 bits. */ | |
221 | uint8_t buf[TEST_INPUT_BITS / BITS_PER_BYTE]; | |
222 | unsigned int i; | |
223 | ||
224 | rng_reset(); | |
225 | for (i = 0; i < sizeof(buf); i++) { | |
226 | rng_writeb(RNGCS, RNGE); | |
227 | g_assert_true(rng_wait_ready()); | |
228 | buf[i] = rng_readb(RNGD); | |
229 | rng_writeb(RNGCS, 0); | |
230 | } | |
231 | ||
232 | g_assert_cmpfloat(calc_monobit_p(buf, sizeof(buf)), >, 0.01); | |
233 | } | |
234 | ||
235 | /* | |
236 | * Verifies that the first data byte collected after enabling the RNG satisfies | |
237 | * a runs test. | |
238 | */ | |
239 | static void test_first_byte_runs(void) | |
240 | { | |
241 | /* Enable, collect one byte, disable. Repeat until we have 100 bits. */ | |
242 | union { | |
243 | unsigned long l[TEST_INPUT_BITS / BITS_PER_LONG]; | |
244 | uint8_t c[TEST_INPUT_BITS / BITS_PER_BYTE]; | |
245 | } buf; | |
246 | unsigned int i; | |
247 | ||
248 | rng_reset(); | |
249 | for (i = 0; i < sizeof(buf); i++) { | |
250 | rng_writeb(RNGCS, RNGE); | |
251 | g_assert_true(rng_wait_ready()); | |
252 | buf.c[i] = rng_readb(RNGD); | |
253 | rng_writeb(RNGCS, 0); | |
254 | } | |
255 | ||
256 | g_assert_cmpfloat(calc_runs_p(buf.l, sizeof(buf) * BITS_PER_BYTE), >, 0.01); | |
257 | } | |
258 | ||
259 | int main(int argc, char **argv) | |
260 | { | |
261 | int ret; | |
262 | ||
263 | g_test_init(&argc, &argv, NULL); | |
264 | g_test_set_nonfatal_assertions(); | |
265 | ||
266 | qtest_add_func("npcm7xx_rng/enable_disable", test_enable_disable); | |
267 | qtest_add_func("npcm7xx_rng/rosel", test_rosel); | |
ffb4fbf9 PM |
268 | /* |
269 | * These tests fail intermittently; only run them on explicit | |
270 | * request until we figure out why. | |
271 | */ | |
272 | if (getenv("QEMU_TEST_FLAKY_RNG_TESTS")) { | |
273 | qtest_add_func("npcm7xx_rng/continuous/monobit", test_continuous_monobit); | |
274 | qtest_add_func("npcm7xx_rng/continuous/runs", test_continuous_runs); | |
275 | qtest_add_func("npcm7xx_rng/first_byte/monobit", test_first_byte_monobit); | |
276 | qtest_add_func("npcm7xx_rng/first_byte/runs", test_first_byte_runs); | |
277 | } | |
326ccfe2 HS |
278 | |
279 | qtest_start("-machine npcm750-evb"); | |
280 | ret = g_test_run(); | |
281 | qtest_end(); | |
282 | ||
283 | return ret; | |
284 | } |