tests/qtest/npcm7xx_rng-test.c

   1 /*
   2  * QTest testcase for the Nuvoton NPCM7xx Random Number Generator
   3  *
   4  * Copyright 2020 Google LLC
   5  *
   6  * This program is free software; you can redistribute it and/or modify it
   7  * under the terms of the GNU General Public License as published by the
   8  * Free Software Foundation; either version 2 of the License, or
   9  * (at your option) any later version.
  10  *
  11  * This program is distributed in the hope that it will be useful, but WITHOUT
  12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  13  * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
  14  * for more details.
  15  */
  16
  17 #include "qemu/osdep.h"
  18
  19 #include <math.h>
  20
  21 #include "libqtest-single.h"
  22 #include "qemu/bitops.h"
  23
  24 #define RNG_BASE_ADDR   0xf000b000
  25
  26 /* Control and Status Register */
  27 #define RNGCS   0x00
  28 # define DVALID     BIT(1)  /* Data Valid */
  29 # define RNGE       BIT(0)  /* RNG Enable */
  30 /* Data Register */
  31 #define RNGD    0x04
  32 /* Mode Register */
  33 #define RNGMODE 0x08
  34 # define ROSEL_NORMAL   (2) /* RNG only works in this mode */
  35
  36 /* Number of bits to collect for randomness tests. */
  37 #define TEST_INPUT_BITS  (128)
  38
  39 static void rng_writeb(unsigned int offset, uint8_t value)
  40 {
  41     writeb(RNG_BASE_ADDR + offset, value);
  42 }
  43
  44 static uint8_t rng_readb(unsigned int offset)
  45 {
  46     return readb(RNG_BASE_ADDR + offset);
  47 }
  48
  49 /* Disable RNG and set normal ring oscillator mode. */
  50 static void rng_reset(void)
  51 {
  52     rng_writeb(RNGCS, 0);
  53     rng_writeb(RNGMODE, ROSEL_NORMAL);
  54 }
  55
  56 /* Reset RNG and then enable it. */
  57 static void rng_reset_enable(void)
  58 {
  59     rng_reset();
  60     rng_writeb(RNGCS, RNGE);
  61 }
  62
  63 /* Wait until Data Valid bit is set. */
  64 static bool rng_wait_ready(void)
  65 {
  66     /* qemu_guest_getrandom may fail. Assume it won't fail 10 times in a row. */
  67     int retries = 10;
  68
  69     while (retries-- > 0) {
  70         if (rng_readb(RNGCS) & DVALID) {
  71             return true;
  72         }
  73     }
  74
  75     return false;
  76 }
  77
  78 /*
  79  * Perform a frequency (monobit) test, as defined by NIST SP 800-22, on the
  80  * sequence in buf and return the P-value. This represents the probability of a
  81  * truly random sequence having the same proportion of zeros and ones as the
  82  * sequence in buf.
  83  *
  84  * An RNG which always returns 0x00 or 0xff, or has some bits stuck at 0 or 1,
  85  * will fail this test. However, an RNG which always returns 0x55, 0xf0 or some
  86  * other value with an equal number of zeroes and ones will pass.
  87  */
  88 static double calc_monobit_p(const uint8_t *buf, unsigned int len)
  89 {
  90     unsigned int i;
  91     double s_obs;
  92     int sn = 0;
  93
  94     for (i = 0; i < len; i++) {
  95         /*
  96          * Each 1 counts as 1, each 0 counts as -1.
  97          * s = cp - (8 - cp) = 2 * cp - 8
  98          */
  99         sn += 2 * ctpop8(buf[i]) - 8;
 100     }
 101
 102     s_obs = abs(sn) / sqrt(len * BITS_PER_BYTE);
 103
 104     return erfc(s_obs / sqrt(2));
 105 }
 106
 107 /*
 108  * Perform a runs test, as defined by NIST SP 800-22, and return the P-value.
 109  * This represents the probability of a truly random sequence having the same
 110  * number of runs (i.e. uninterrupted sequences of identical bits) as the
 111  * sequence in buf.
 112  */
 113 static double calc_runs_p(const unsigned long *buf, unsigned int nr_bits)
 114 {
 115     unsigned int j;
 116     unsigned int k;
 117     int nr_ones = 0;
 118     int vn_obs = 0;
 119     double pi;
 120
 121     g_assert(nr_bits % BITS_PER_LONG == 0);
 122
 123     for (j = 0; j < nr_bits / BITS_PER_LONG; j++) {
 124         nr_ones += __builtin_popcountl(buf[j]);
 125     }
 126     pi = (double)nr_ones / nr_bits;
 127
 128     for (k = 0; k < nr_bits - 1; k++) {
 129         vn_obs += (test_bit(k, buf) ^ test_bit(k + 1, buf));
 130     }
 131     vn_obs += 1;
 132
 133     return erfc(fabs(vn_obs - 2 * nr_bits * pi * (1.0 - pi))
 134                 / (2 * sqrt(2 * nr_bits) * pi * (1.0 - pi)));
 135 }
 136
 137 /*
 138  * Verifies that DVALID is clear, and RNGD reads zero, when RNGE is cleared,
 139  * and DVALID eventually becomes set when RNGE is set.
 140  */
 141 static void test_enable_disable(void)
 142 {
 143     /* Disable: DVALID should not be set, and RNGD should read zero */
 144     rng_reset();
 145     g_assert_cmphex(rng_readb(RNGCS), ==, 0);
 146     g_assert_cmphex(rng_readb(RNGD), ==, 0);
 147
 148     /* Enable: DVALID should be set, but we can't make assumptions about RNGD */
 149     rng_writeb(RNGCS, RNGE);
 150     g_assert_true(rng_wait_ready());
 151     g_assert_cmphex(rng_readb(RNGCS), ==, DVALID | RNGE);
 152
 153     /* Disable: DVALID should not be set, and RNGD should read zero */
 154     rng_writeb(RNGCS, 0);
 155     g_assert_cmphex(rng_readb(RNGCS), ==, 0);
 156     g_assert_cmphex(rng_readb(RNGD), ==, 0);
 157 }
 158
 159 /*
 160  * Verifies that the RNG only produces data when RNGMODE is set to 'normal'
 161  * ring oscillator mode.
 162  */
 163 static void test_rosel(void)
 164 {
 165     rng_reset_enable();
 166     g_assert_true(rng_wait_ready());
 167     rng_writeb(RNGMODE, 0);
 168     g_assert_false(rng_wait_ready());
 169     rng_writeb(RNGMODE, ROSEL_NORMAL);
 170     g_assert_true(rng_wait_ready());
 171     rng_writeb(RNGMODE, 0);
 172     g_assert_false(rng_wait_ready());
 173 }
 174
 175 /*
 176  * Verifies that a continuous sequence of bits collected after enabling the RNG
 177  * satisfies a monobit test.
 178  */
 179 static void test_continuous_monobit(void)
 180 {
 181     uint8_t buf[TEST_INPUT_BITS / BITS_PER_BYTE];
 182     unsigned int i;
 183
 184     rng_reset_enable();
 185     for (i = 0; i < sizeof(buf); i++) {
 186         g_assert_true(rng_wait_ready());
 187         buf[i] = rng_readb(RNGD);
 188     }
 189
 190     g_assert_cmpfloat(calc_monobit_p(buf, sizeof(buf)), >, 0.01);
 191 }
 192
 193 /*
 194  * Verifies that a continuous sequence of bits collected after enabling the RNG
 195  * satisfies a runs test.
 196  */
 197 static void test_continuous_runs(void)
 198 {
 199     union {
 200         unsigned long l[TEST_INPUT_BITS / BITS_PER_LONG];
 201         uint8_t c[TEST_INPUT_BITS / BITS_PER_BYTE];
 202     } buf;
 203     unsigned int i;
 204
 205     rng_reset_enable();
 206     for (i = 0; i < sizeof(buf); i++) {
 207         g_assert_true(rng_wait_ready());
 208         buf.c[i] = rng_readb(RNGD);
 209     }
 210
 211     g_assert_cmpfloat(calc_runs_p(buf.l, sizeof(buf) * BITS_PER_BYTE), >, 0.01);
 212 }
 213
 214 /*
 215  * Verifies that the first data byte collected after enabling the RNG satisfies
 216  * a monobit test.
 217  */
 218 static void test_first_byte_monobit(void)
 219 {
 220     /* Enable, collect one byte, disable. Repeat until we have 100 bits. */
 221     uint8_t buf[TEST_INPUT_BITS / BITS_PER_BYTE];
 222     unsigned int i;
 223
 224     rng_reset();
 225     for (i = 0; i < sizeof(buf); i++) {
 226         rng_writeb(RNGCS, RNGE);
 227         g_assert_true(rng_wait_ready());
 228         buf[i] = rng_readb(RNGD);
 229         rng_writeb(RNGCS, 0);
 230     }
 231
 232     g_assert_cmpfloat(calc_monobit_p(buf, sizeof(buf)), >, 0.01);
 233 }
 234
 235 /*
 236  * Verifies that the first data byte collected after enabling the RNG satisfies
 237  * a runs test.
 238  */
 239 static void test_first_byte_runs(void)
 240 {
 241     /* Enable, collect one byte, disable. Repeat until we have 100 bits. */
 242     union {
 243         unsigned long l[TEST_INPUT_BITS / BITS_PER_LONG];
 244         uint8_t c[TEST_INPUT_BITS / BITS_PER_BYTE];
 245     } buf;
 246     unsigned int i;
 247
 248     rng_reset();
 249     for (i = 0; i < sizeof(buf); i++) {
 250         rng_writeb(RNGCS, RNGE);
 251         g_assert_true(rng_wait_ready());
 252         buf.c[i] = rng_readb(RNGD);
 253         rng_writeb(RNGCS, 0);
 254     }
 255
 256     g_assert_cmpfloat(calc_runs_p(buf.l, sizeof(buf) * BITS_PER_BYTE), >, 0.01);
 257 }
 258
 259 int main(int argc, char **argv)
 260 {
 261     int ret;
 262
 263     g_test_init(&argc, &argv, NULL);
 264     g_test_set_nonfatal_assertions();
 265
 266     qtest_add_func("npcm7xx_rng/enable_disable", test_enable_disable);
 267     qtest_add_func("npcm7xx_rng/rosel", test_rosel);
 268     /*
 269      * These tests fail intermittently; only run them on explicit
 270      * request until we figure out why.
 271      */
 272     if (getenv("QEMU_TEST_FLAKY_RNG_TESTS")) {
 273         qtest_add_func("npcm7xx_rng/continuous/monobit", test_continuous_monobit);
 274         qtest_add_func("npcm7xx_rng/continuous/runs", test_continuous_runs);
 275         qtest_add_func("npcm7xx_rng/first_byte/monobit", test_first_byte_monobit);
 276         qtest_add_func("npcm7xx_rng/first_byte/runs", test_first_byte_runs);
 277     }
 278
 279     qtest_start("-machine npcm750-evb");
 280     ret = g_test_run();
 281     qtest_end();
 282
 283     return ret;
 284 }