qemu

FORK: QEMU emulator
git clone https://git.neptards.moe/neptards/qemu.git
Log | Files | Refs | Submodules | LICENSE

npcm7xx_rng-test.c (8239B)

      1 /*
      2  * QTest testcase for the Nuvoton NPCM7xx Random Number Generator
      3  *
      4  * Copyright 2020 Google LLC
      5  *
      6  * This program is free software; you can redistribute it and/or modify it
      7  * under the terms of the GNU General Public License as published by the
      8  * Free Software Foundation; either version 2 of the License, or
      9  * (at your option) any later version.
     10  *
     11  * This program is distributed in the hope that it will be useful, but WITHOUT
     12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
     13  * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
     14  * for more details.
     15  */
     16 
     17 #include "qemu/osdep.h"
     18 
     19 #include <math.h>
     20 
     21 #include "libqtest-single.h"
     22 #include "qemu/bitops.h"
     23 #include "qemu/cutils.h"
     24 
     25 #define RNG_BASE_ADDR   0xf000b000
     26 
     27 /* Control and Status Register */
     28 #define RNGCS   0x00
     29 # define DVALID     BIT(1)  /* Data Valid */
     30 # define RNGE       BIT(0)  /* RNG Enable */
     31 /* Data Register */
     32 #define RNGD    0x04
     33 /* Mode Register */
     34 #define RNGMODE 0x08
     35 # define ROSEL_NORMAL   (2) /* RNG only works in this mode */
     36 
     37 /* Number of bits to collect for randomness tests. */
     38 #define TEST_INPUT_BITS  (128)
     39 
     40 static void dump_buf_if_failed(const uint8_t *buf, size_t size)
     41 {
     42     if (g_test_failed()) {
     43         qemu_hexdump(stderr, "", buf, size);
     44     }
     45 }
     46 
     47 static void rng_writeb(unsigned int offset, uint8_t value)
     48 {
     49     writeb(RNG_BASE_ADDR + offset, value);
     50 }
     51 
     52 static uint8_t rng_readb(unsigned int offset)
     53 {
     54     return readb(RNG_BASE_ADDR + offset);
     55 }
     56 
     57 /* Disable RNG and set normal ring oscillator mode. */
     58 static void rng_reset(void)
     59 {
     60     rng_writeb(RNGCS, 0);
     61     rng_writeb(RNGMODE, ROSEL_NORMAL);
     62 }
     63 
     64 /* Reset RNG and then enable it. */
     65 static void rng_reset_enable(void)
     66 {
     67     rng_reset();
     68     rng_writeb(RNGCS, RNGE);
     69 }
     70 
     71 /* Wait until Data Valid bit is set. */
     72 static bool rng_wait_ready(void)
     73 {
     74     /* qemu_guest_getrandom may fail. Assume it won't fail 10 times in a row. */
     75     int retries = 10;
     76 
     77     while (retries-- > 0) {
     78         if (rng_readb(RNGCS) & DVALID) {
     79             return true;
     80         }
     81     }
     82 
     83     return false;
     84 }
     85 
     86 /*
     87  * Perform a frequency (monobit) test, as defined by NIST SP 800-22, on the
     88  * sequence in buf and return the P-value. This represents the probability of a
     89  * truly random sequence having the same proportion of zeros and ones as the
     90  * sequence in buf.
     91  *
     92  * An RNG which always returns 0x00 or 0xff, or has some bits stuck at 0 or 1,
     93  * will fail this test. However, an RNG which always returns 0x55, 0xf0 or some
     94  * other value with an equal number of zeroes and ones will pass.
     95  */
     96 static double calc_monobit_p(const uint8_t *buf, unsigned int len)
     97 {
     98     unsigned int i;
     99     double s_obs;
    100     int sn = 0;
    101 
    102     for (i = 0; i < len; i++) {
    103         /*
    104          * Each 1 counts as 1, each 0 counts as -1.
    105          * s = cp - (8 - cp) = 2 * cp - 8
    106          */
    107         sn += 2 * ctpop8(buf[i]) - 8;
    108     }
    109 
    110     s_obs = abs(sn) / sqrt(len * BITS_PER_BYTE);
    111 
    112     return erfc(s_obs / sqrt(2));
    113 }
    114 
    115 /*
    116  * Perform a runs test, as defined by NIST SP 800-22, and return the P-value.
    117  * This represents the probability of a truly random sequence having the same
    118  * number of runs (i.e. uninterrupted sequences of identical bits) as the
    119  * sequence in buf.
    120  */
    121 static double calc_runs_p(const unsigned long *buf, unsigned int nr_bits)
    122 {
    123     unsigned int j;
    124     unsigned int k;
    125     int nr_ones = 0;
    126     int vn_obs = 0;
    127     double pi;
    128 
    129     g_assert(nr_bits % BITS_PER_LONG == 0);
    130 
    131     for (j = 0; j < nr_bits / BITS_PER_LONG; j++) {
    132         nr_ones += __builtin_popcountl(buf[j]);
    133     }
    134     pi = (double)nr_ones / nr_bits;
    135 
    136     for (k = 0; k < nr_bits - 1; k++) {
    137         vn_obs += (test_bit(k, buf) ^ test_bit(k + 1, buf));
    138     }
    139     vn_obs += 1;
    140 
    141     return erfc(fabs(vn_obs - 2 * nr_bits * pi * (1.0 - pi))
    142                 / (2 * sqrt(2 * nr_bits) * pi * (1.0 - pi)));
    143 }
    144 
    145 /*
    146  * Verifies that DVALID is clear, and RNGD reads zero, when RNGE is cleared,
    147  * and DVALID eventually becomes set when RNGE is set.
    148  */
    149 static void test_enable_disable(void)
    150 {
    151     /* Disable: DVALID should not be set, and RNGD should read zero */
    152     rng_reset();
    153     g_assert_cmphex(rng_readb(RNGCS), ==, 0);
    154     g_assert_cmphex(rng_readb(RNGD), ==, 0);
    155 
    156     /* Enable: DVALID should be set, but we can't make assumptions about RNGD */
    157     rng_writeb(RNGCS, RNGE);
    158     g_assert_true(rng_wait_ready());
    159     g_assert_cmphex(rng_readb(RNGCS), ==, DVALID | RNGE);
    160 
    161     /* Disable: DVALID should not be set, and RNGD should read zero */
    162     rng_writeb(RNGCS, 0);
    163     g_assert_cmphex(rng_readb(RNGCS), ==, 0);
    164     g_assert_cmphex(rng_readb(RNGD), ==, 0);
    165 }
    166 
    167 /*
    168  * Verifies that the RNG only produces data when RNGMODE is set to 'normal'
    169  * ring oscillator mode.
    170  */
    171 static void test_rosel(void)
    172 {
    173     rng_reset_enable();
    174     g_assert_true(rng_wait_ready());
    175     rng_writeb(RNGMODE, 0);
    176     g_assert_false(rng_wait_ready());
    177     rng_writeb(RNGMODE, ROSEL_NORMAL);
    178     g_assert_true(rng_wait_ready());
    179     rng_writeb(RNGMODE, 0);
    180     g_assert_false(rng_wait_ready());
    181 }
    182 
    183 /*
    184  * Verifies that a continuous sequence of bits collected after enabling the RNG
    185  * satisfies a monobit test.
    186  */
    187 static void test_continuous_monobit(void)
    188 {
    189     uint8_t buf[TEST_INPUT_BITS / BITS_PER_BYTE];
    190     unsigned int i;
    191 
    192     rng_reset_enable();
    193     for (i = 0; i < sizeof(buf); i++) {
    194         g_assert_true(rng_wait_ready());
    195         buf[i] = rng_readb(RNGD);
    196     }
    197 
    198     g_assert_cmpfloat(calc_monobit_p(buf, sizeof(buf)), >, 0.01);
    199     dump_buf_if_failed(buf, sizeof(buf));
    200 }
    201 
    202 /*
    203  * Verifies that a continuous sequence of bits collected after enabling the RNG
    204  * satisfies a runs test.
    205  */
    206 static void test_continuous_runs(void)
    207 {
    208     union {
    209         unsigned long l[TEST_INPUT_BITS / BITS_PER_LONG];
    210         uint8_t c[TEST_INPUT_BITS / BITS_PER_BYTE];
    211     } buf;
    212     unsigned int i;
    213 
    214     rng_reset_enable();
    215     for (i = 0; i < sizeof(buf); i++) {
    216         g_assert_true(rng_wait_ready());
    217         buf.c[i] = rng_readb(RNGD);
    218     }
    219 
    220     g_assert_cmpfloat(calc_runs_p(buf.l, sizeof(buf) * BITS_PER_BYTE), >, 0.01);
    221     dump_buf_if_failed(buf.c, sizeof(buf));
    222 }
    223 
    224 /*
    225  * Verifies that the first data byte collected after enabling the RNG satisfies
    226  * a monobit test.
    227  */
    228 static void test_first_byte_monobit(void)
    229 {
    230     /* Enable, collect one byte, disable. Repeat until we have 100 bits. */
    231     uint8_t buf[TEST_INPUT_BITS / BITS_PER_BYTE];
    232     unsigned int i;
    233 
    234     rng_reset();
    235     for (i = 0; i < sizeof(buf); i++) {
    236         rng_writeb(RNGCS, RNGE);
    237         g_assert_true(rng_wait_ready());
    238         buf[i] = rng_readb(RNGD);
    239         rng_writeb(RNGCS, 0);
    240     }
    241 
    242     g_assert_cmpfloat(calc_monobit_p(buf, sizeof(buf)), >, 0.01);
    243     dump_buf_if_failed(buf, sizeof(buf));
    244 }
    245 
    246 /*
    247  * Verifies that the first data byte collected after enabling the RNG satisfies
    248  * a runs test.
    249  */
    250 static void test_first_byte_runs(void)
    251 {
    252     /* Enable, collect one byte, disable. Repeat until we have 100 bits. */
    253     union {
    254         unsigned long l[TEST_INPUT_BITS / BITS_PER_LONG];
    255         uint8_t c[TEST_INPUT_BITS / BITS_PER_BYTE];
    256     } buf;
    257     unsigned int i;
    258 
    259     rng_reset();
    260     for (i = 0; i < sizeof(buf); i++) {
    261         rng_writeb(RNGCS, RNGE);
    262         g_assert_true(rng_wait_ready());
    263         buf.c[i] = rng_readb(RNGD);
    264         rng_writeb(RNGCS, 0);
    265     }
    266 
    267     g_assert_cmpfloat(calc_runs_p(buf.l, sizeof(buf) * BITS_PER_BYTE), >, 0.01);
    268     dump_buf_if_failed(buf.c, sizeof(buf));
    269 }
    270 
    271 int main(int argc, char **argv)
    272 {
    273     int ret;
    274 
    275     g_test_init(&argc, &argv, NULL);
    276     g_test_set_nonfatal_assertions();
    277 
    278     qtest_add_func("npcm7xx_rng/enable_disable", test_enable_disable);
    279     qtest_add_func("npcm7xx_rng/rosel", test_rosel);
    280     /*
    281      * These tests fail intermittently; only run them on explicit
    282      * request until we figure out why.
    283      */
    284     if (getenv("QEMU_TEST_FLAKY_RNG_TESTS")) {
    285         qtest_add_func("npcm7xx_rng/continuous/monobit", test_continuous_monobit);
    286         qtest_add_func("npcm7xx_rng/continuous/runs", test_continuous_runs);
    287         qtest_add_func("npcm7xx_rng/first_byte/monobit", test_first_byte_monobit);
    288         qtest_add_func("npcm7xx_rng/first_byte/runs", test_first_byte_runs);
    289     }
    290 
    291     qtest_start("-machine npcm750-evb");
    292     ret = g_test_run();
    293     qtest_end();
    294 
    295     return ret;
    296 }