xref: /openbmc/qemu/tests/qtest/npcm7xx_rng-test.c (revision 415b7327)
1326ccfe2SHavard Skinnemoen /*
2326ccfe2SHavard Skinnemoen  * QTest testcase for the Nuvoton NPCM7xx Random Number Generator
3326ccfe2SHavard Skinnemoen  *
4326ccfe2SHavard Skinnemoen  * Copyright 2020 Google LLC
5326ccfe2SHavard Skinnemoen  *
6326ccfe2SHavard Skinnemoen  * This program is free software; you can redistribute it and/or modify it
7326ccfe2SHavard Skinnemoen  * under the terms of the GNU General Public License as published by the
8326ccfe2SHavard Skinnemoen  * Free Software Foundation; either version 2 of the License, or
9326ccfe2SHavard Skinnemoen  * (at your option) any later version.
10326ccfe2SHavard Skinnemoen  *
11326ccfe2SHavard Skinnemoen  * This program is distributed in the hope that it will be useful, but WITHOUT
12326ccfe2SHavard Skinnemoen  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13326ccfe2SHavard Skinnemoen  * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14326ccfe2SHavard Skinnemoen  * for more details.
15326ccfe2SHavard Skinnemoen  */
16326ccfe2SHavard Skinnemoen 
17326ccfe2SHavard Skinnemoen #include "qemu/osdep.h"
18326ccfe2SHavard Skinnemoen 
19326ccfe2SHavard Skinnemoen #include <math.h>
20326ccfe2SHavard Skinnemoen 
21326ccfe2SHavard Skinnemoen #include "libqtest-single.h"
22326ccfe2SHavard Skinnemoen #include "qemu/bitops.h"
23*415b7327SMarc-André Lureau #include "qemu/cutils.h"
24326ccfe2SHavard Skinnemoen 
25326ccfe2SHavard Skinnemoen #define RNG_BASE_ADDR   0xf000b000
26326ccfe2SHavard Skinnemoen 
27326ccfe2SHavard Skinnemoen /* Control and Status Register */
28326ccfe2SHavard Skinnemoen #define RNGCS   0x00
29326ccfe2SHavard Skinnemoen # define DVALID     BIT(1)  /* Data Valid */
30326ccfe2SHavard Skinnemoen # define RNGE       BIT(0)  /* RNG Enable */
31326ccfe2SHavard Skinnemoen /* Data Register */
32326ccfe2SHavard Skinnemoen #define RNGD    0x04
33326ccfe2SHavard Skinnemoen /* Mode Register */
34326ccfe2SHavard Skinnemoen #define RNGMODE 0x08
35326ccfe2SHavard Skinnemoen # define ROSEL_NORMAL   (2) /* RNG only works in this mode */
36326ccfe2SHavard Skinnemoen 
37326ccfe2SHavard Skinnemoen /* Number of bits to collect for randomness tests. */
38326ccfe2SHavard Skinnemoen #define TEST_INPUT_BITS  (128)
39326ccfe2SHavard Skinnemoen 
dump_buf_if_failed(const uint8_t * buf,size_t size)401af979b4SHavard Skinnemoen static void dump_buf_if_failed(const uint8_t *buf, size_t size)
411af979b4SHavard Skinnemoen {
421af979b4SHavard Skinnemoen     if (g_test_failed()) {
431af979b4SHavard Skinnemoen         qemu_hexdump(stderr, "", buf, size);
441af979b4SHavard Skinnemoen     }
451af979b4SHavard Skinnemoen }
461af979b4SHavard Skinnemoen 
rng_writeb(unsigned int offset,uint8_t value)47326ccfe2SHavard Skinnemoen static void rng_writeb(unsigned int offset, uint8_t value)
48326ccfe2SHavard Skinnemoen {
49326ccfe2SHavard Skinnemoen     writeb(RNG_BASE_ADDR + offset, value);
50326ccfe2SHavard Skinnemoen }
51326ccfe2SHavard Skinnemoen 
rng_readb(unsigned int offset)52326ccfe2SHavard Skinnemoen static uint8_t rng_readb(unsigned int offset)
53326ccfe2SHavard Skinnemoen {
54326ccfe2SHavard Skinnemoen     return readb(RNG_BASE_ADDR + offset);
55326ccfe2SHavard Skinnemoen }
56326ccfe2SHavard Skinnemoen 
57326ccfe2SHavard Skinnemoen /* Disable RNG and set normal ring oscillator mode. */
rng_reset(void)58326ccfe2SHavard Skinnemoen static void rng_reset(void)
59326ccfe2SHavard Skinnemoen {
60326ccfe2SHavard Skinnemoen     rng_writeb(RNGCS, 0);
61326ccfe2SHavard Skinnemoen     rng_writeb(RNGMODE, ROSEL_NORMAL);
62326ccfe2SHavard Skinnemoen }
63326ccfe2SHavard Skinnemoen 
64326ccfe2SHavard Skinnemoen /* Reset RNG and then enable it. */
rng_reset_enable(void)65326ccfe2SHavard Skinnemoen static void rng_reset_enable(void)
66326ccfe2SHavard Skinnemoen {
67326ccfe2SHavard Skinnemoen     rng_reset();
68326ccfe2SHavard Skinnemoen     rng_writeb(RNGCS, RNGE);
69326ccfe2SHavard Skinnemoen }
70326ccfe2SHavard Skinnemoen 
71326ccfe2SHavard Skinnemoen /* Wait until Data Valid bit is set. */
rng_wait_ready(void)72326ccfe2SHavard Skinnemoen static bool rng_wait_ready(void)
73326ccfe2SHavard Skinnemoen {
74326ccfe2SHavard Skinnemoen     /* qemu_guest_getrandom may fail. Assume it won't fail 10 times in a row. */
75326ccfe2SHavard Skinnemoen     int retries = 10;
76326ccfe2SHavard Skinnemoen 
77326ccfe2SHavard Skinnemoen     while (retries-- > 0) {
78326ccfe2SHavard Skinnemoen         if (rng_readb(RNGCS) & DVALID) {
79326ccfe2SHavard Skinnemoen             return true;
80326ccfe2SHavard Skinnemoen         }
81326ccfe2SHavard Skinnemoen     }
82326ccfe2SHavard Skinnemoen 
83326ccfe2SHavard Skinnemoen     return false;
84326ccfe2SHavard Skinnemoen }
85326ccfe2SHavard Skinnemoen 
86326ccfe2SHavard Skinnemoen /*
87326ccfe2SHavard Skinnemoen  * Perform a frequency (monobit) test, as defined by NIST SP 800-22, on the
88326ccfe2SHavard Skinnemoen  * sequence in buf and return the P-value. This represents the probability of a
89326ccfe2SHavard Skinnemoen  * truly random sequence having the same proportion of zeros and ones as the
90326ccfe2SHavard Skinnemoen  * sequence in buf.
91326ccfe2SHavard Skinnemoen  *
92326ccfe2SHavard Skinnemoen  * An RNG which always returns 0x00 or 0xff, or has some bits stuck at 0 or 1,
93326ccfe2SHavard Skinnemoen  * will fail this test. However, an RNG which always returns 0x55, 0xf0 or some
94326ccfe2SHavard Skinnemoen  * other value with an equal number of zeroes and ones will pass.
95326ccfe2SHavard Skinnemoen  */
calc_monobit_p(const uint8_t * buf,unsigned int len)96326ccfe2SHavard Skinnemoen static double calc_monobit_p(const uint8_t *buf, unsigned int len)
97326ccfe2SHavard Skinnemoen {
98326ccfe2SHavard Skinnemoen     unsigned int i;
99326ccfe2SHavard Skinnemoen     double s_obs;
100326ccfe2SHavard Skinnemoen     int sn = 0;
101326ccfe2SHavard Skinnemoen 
102326ccfe2SHavard Skinnemoen     for (i = 0; i < len; i++) {
103326ccfe2SHavard Skinnemoen         /*
104326ccfe2SHavard Skinnemoen          * Each 1 counts as 1, each 0 counts as -1.
105326ccfe2SHavard Skinnemoen          * s = cp - (8 - cp) = 2 * cp - 8
106326ccfe2SHavard Skinnemoen          */
107326ccfe2SHavard Skinnemoen         sn += 2 * ctpop8(buf[i]) - 8;
108326ccfe2SHavard Skinnemoen     }
109326ccfe2SHavard Skinnemoen 
110326ccfe2SHavard Skinnemoen     s_obs = abs(sn) / sqrt(len * BITS_PER_BYTE);
111326ccfe2SHavard Skinnemoen 
112326ccfe2SHavard Skinnemoen     return erfc(s_obs / sqrt(2));
113326ccfe2SHavard Skinnemoen }
114326ccfe2SHavard Skinnemoen 
115326ccfe2SHavard Skinnemoen /*
116326ccfe2SHavard Skinnemoen  * Perform a runs test, as defined by NIST SP 800-22, and return the P-value.
117326ccfe2SHavard Skinnemoen  * This represents the probability of a truly random sequence having the same
118326ccfe2SHavard Skinnemoen  * number of runs (i.e. uninterrupted sequences of identical bits) as the
119326ccfe2SHavard Skinnemoen  * sequence in buf.
120326ccfe2SHavard Skinnemoen  */
calc_runs_p(const unsigned long * buf,unsigned int nr_bits)121326ccfe2SHavard Skinnemoen static double calc_runs_p(const unsigned long *buf, unsigned int nr_bits)
122326ccfe2SHavard Skinnemoen {
123326ccfe2SHavard Skinnemoen     unsigned int j;
124326ccfe2SHavard Skinnemoen     unsigned int k;
125326ccfe2SHavard Skinnemoen     int nr_ones = 0;
126326ccfe2SHavard Skinnemoen     int vn_obs = 0;
127326ccfe2SHavard Skinnemoen     double pi;
128326ccfe2SHavard Skinnemoen 
129326ccfe2SHavard Skinnemoen     g_assert(nr_bits % BITS_PER_LONG == 0);
130326ccfe2SHavard Skinnemoen 
131326ccfe2SHavard Skinnemoen     for (j = 0; j < nr_bits / BITS_PER_LONG; j++) {
132326ccfe2SHavard Skinnemoen         nr_ones += __builtin_popcountl(buf[j]);
133326ccfe2SHavard Skinnemoen     }
134326ccfe2SHavard Skinnemoen     pi = (double)nr_ones / nr_bits;
135326ccfe2SHavard Skinnemoen 
136326ccfe2SHavard Skinnemoen     for (k = 0; k < nr_bits - 1; k++) {
1378006c984SHavard Skinnemoen         vn_obs += (test_bit(k, buf) ^ test_bit(k + 1, buf));
138326ccfe2SHavard Skinnemoen     }
139326ccfe2SHavard Skinnemoen     vn_obs += 1;
140326ccfe2SHavard Skinnemoen 
141326ccfe2SHavard Skinnemoen     return erfc(fabs(vn_obs - 2 * nr_bits * pi * (1.0 - pi))
142326ccfe2SHavard Skinnemoen                 / (2 * sqrt(2 * nr_bits) * pi * (1.0 - pi)));
143326ccfe2SHavard Skinnemoen }
144326ccfe2SHavard Skinnemoen 
145326ccfe2SHavard Skinnemoen /*
146326ccfe2SHavard Skinnemoen  * Verifies that DVALID is clear, and RNGD reads zero, when RNGE is cleared,
147326ccfe2SHavard Skinnemoen  * and DVALID eventually becomes set when RNGE is set.
148326ccfe2SHavard Skinnemoen  */
test_enable_disable(void)149326ccfe2SHavard Skinnemoen static void test_enable_disable(void)
150326ccfe2SHavard Skinnemoen {
151326ccfe2SHavard Skinnemoen     /* Disable: DVALID should not be set, and RNGD should read zero */
152326ccfe2SHavard Skinnemoen     rng_reset();
153326ccfe2SHavard Skinnemoen     g_assert_cmphex(rng_readb(RNGCS), ==, 0);
154326ccfe2SHavard Skinnemoen     g_assert_cmphex(rng_readb(RNGD), ==, 0);
155326ccfe2SHavard Skinnemoen 
156326ccfe2SHavard Skinnemoen     /* Enable: DVALID should be set, but we can't make assumptions about RNGD */
157326ccfe2SHavard Skinnemoen     rng_writeb(RNGCS, RNGE);
158326ccfe2SHavard Skinnemoen     g_assert_true(rng_wait_ready());
159326ccfe2SHavard Skinnemoen     g_assert_cmphex(rng_readb(RNGCS), ==, DVALID | RNGE);
160326ccfe2SHavard Skinnemoen 
161326ccfe2SHavard Skinnemoen     /* Disable: DVALID should not be set, and RNGD should read zero */
162326ccfe2SHavard Skinnemoen     rng_writeb(RNGCS, 0);
163326ccfe2SHavard Skinnemoen     g_assert_cmphex(rng_readb(RNGCS), ==, 0);
164326ccfe2SHavard Skinnemoen     g_assert_cmphex(rng_readb(RNGD), ==, 0);
165326ccfe2SHavard Skinnemoen }
166326ccfe2SHavard Skinnemoen 
167326ccfe2SHavard Skinnemoen /*
168326ccfe2SHavard Skinnemoen  * Verifies that the RNG only produces data when RNGMODE is set to 'normal'
169326ccfe2SHavard Skinnemoen  * ring oscillator mode.
170326ccfe2SHavard Skinnemoen  */
test_rosel(void)171326ccfe2SHavard Skinnemoen static void test_rosel(void)
172326ccfe2SHavard Skinnemoen {
173326ccfe2SHavard Skinnemoen     rng_reset_enable();
174326ccfe2SHavard Skinnemoen     g_assert_true(rng_wait_ready());
175326ccfe2SHavard Skinnemoen     rng_writeb(RNGMODE, 0);
176326ccfe2SHavard Skinnemoen     g_assert_false(rng_wait_ready());
177326ccfe2SHavard Skinnemoen     rng_writeb(RNGMODE, ROSEL_NORMAL);
178326ccfe2SHavard Skinnemoen     g_assert_true(rng_wait_ready());
179326ccfe2SHavard Skinnemoen     rng_writeb(RNGMODE, 0);
180326ccfe2SHavard Skinnemoen     g_assert_false(rng_wait_ready());
181326ccfe2SHavard Skinnemoen }
182326ccfe2SHavard Skinnemoen 
183326ccfe2SHavard Skinnemoen /*
184326ccfe2SHavard Skinnemoen  * Verifies that a continuous sequence of bits collected after enabling the RNG
185326ccfe2SHavard Skinnemoen  * satisfies a monobit test.
186326ccfe2SHavard Skinnemoen  */
test_continuous_monobit(void)187326ccfe2SHavard Skinnemoen static void test_continuous_monobit(void)
188326ccfe2SHavard Skinnemoen {
189326ccfe2SHavard Skinnemoen     uint8_t buf[TEST_INPUT_BITS / BITS_PER_BYTE];
190326ccfe2SHavard Skinnemoen     unsigned int i;
191326ccfe2SHavard Skinnemoen 
192326ccfe2SHavard Skinnemoen     rng_reset_enable();
193326ccfe2SHavard Skinnemoen     for (i = 0; i < sizeof(buf); i++) {
194326ccfe2SHavard Skinnemoen         g_assert_true(rng_wait_ready());
195326ccfe2SHavard Skinnemoen         buf[i] = rng_readb(RNGD);
196326ccfe2SHavard Skinnemoen     }
197326ccfe2SHavard Skinnemoen 
198326ccfe2SHavard Skinnemoen     g_assert_cmpfloat(calc_monobit_p(buf, sizeof(buf)), >, 0.01);
1991af979b4SHavard Skinnemoen     dump_buf_if_failed(buf, sizeof(buf));
200326ccfe2SHavard Skinnemoen }
201326ccfe2SHavard Skinnemoen 
202326ccfe2SHavard Skinnemoen /*
203326ccfe2SHavard Skinnemoen  * Verifies that a continuous sequence of bits collected after enabling the RNG
204326ccfe2SHavard Skinnemoen  * satisfies a runs test.
205326ccfe2SHavard Skinnemoen  */
test_continuous_runs(void)206326ccfe2SHavard Skinnemoen static void test_continuous_runs(void)
207326ccfe2SHavard Skinnemoen {
208326ccfe2SHavard Skinnemoen     union {
209326ccfe2SHavard Skinnemoen         unsigned long l[TEST_INPUT_BITS / BITS_PER_LONG];
210326ccfe2SHavard Skinnemoen         uint8_t c[TEST_INPUT_BITS / BITS_PER_BYTE];
211326ccfe2SHavard Skinnemoen     } buf;
212326ccfe2SHavard Skinnemoen     unsigned int i;
213326ccfe2SHavard Skinnemoen 
214326ccfe2SHavard Skinnemoen     rng_reset_enable();
215326ccfe2SHavard Skinnemoen     for (i = 0; i < sizeof(buf); i++) {
216326ccfe2SHavard Skinnemoen         g_assert_true(rng_wait_ready());
217326ccfe2SHavard Skinnemoen         buf.c[i] = rng_readb(RNGD);
218326ccfe2SHavard Skinnemoen     }
219326ccfe2SHavard Skinnemoen 
220326ccfe2SHavard Skinnemoen     g_assert_cmpfloat(calc_runs_p(buf.l, sizeof(buf) * BITS_PER_BYTE), >, 0.01);
2211af979b4SHavard Skinnemoen     dump_buf_if_failed(buf.c, sizeof(buf));
222326ccfe2SHavard Skinnemoen }
223326ccfe2SHavard Skinnemoen 
224326ccfe2SHavard Skinnemoen /*
225326ccfe2SHavard Skinnemoen  * Verifies that the first data byte collected after enabling the RNG satisfies
226326ccfe2SHavard Skinnemoen  * a monobit test.
227326ccfe2SHavard Skinnemoen  */
test_first_byte_monobit(void)228326ccfe2SHavard Skinnemoen static void test_first_byte_monobit(void)
229326ccfe2SHavard Skinnemoen {
230326ccfe2SHavard Skinnemoen     /* Enable, collect one byte, disable. Repeat until we have 100 bits. */
231326ccfe2SHavard Skinnemoen     uint8_t buf[TEST_INPUT_BITS / BITS_PER_BYTE];
232326ccfe2SHavard Skinnemoen     unsigned int i;
233326ccfe2SHavard Skinnemoen 
234326ccfe2SHavard Skinnemoen     rng_reset();
235326ccfe2SHavard Skinnemoen     for (i = 0; i < sizeof(buf); i++) {
236326ccfe2SHavard Skinnemoen         rng_writeb(RNGCS, RNGE);
237326ccfe2SHavard Skinnemoen         g_assert_true(rng_wait_ready());
238326ccfe2SHavard Skinnemoen         buf[i] = rng_readb(RNGD);
239326ccfe2SHavard Skinnemoen         rng_writeb(RNGCS, 0);
240326ccfe2SHavard Skinnemoen     }
241326ccfe2SHavard Skinnemoen 
242326ccfe2SHavard Skinnemoen     g_assert_cmpfloat(calc_monobit_p(buf, sizeof(buf)), >, 0.01);
2431af979b4SHavard Skinnemoen     dump_buf_if_failed(buf, sizeof(buf));
244326ccfe2SHavard Skinnemoen }
245326ccfe2SHavard Skinnemoen 
246326ccfe2SHavard Skinnemoen /*
247326ccfe2SHavard Skinnemoen  * Verifies that the first data byte collected after enabling the RNG satisfies
248326ccfe2SHavard Skinnemoen  * a runs test.
249326ccfe2SHavard Skinnemoen  */
test_first_byte_runs(void)250326ccfe2SHavard Skinnemoen static void test_first_byte_runs(void)
251326ccfe2SHavard Skinnemoen {
252326ccfe2SHavard Skinnemoen     /* Enable, collect one byte, disable. Repeat until we have 100 bits. */
253326ccfe2SHavard Skinnemoen     union {
254326ccfe2SHavard Skinnemoen         unsigned long l[TEST_INPUT_BITS / BITS_PER_LONG];
255326ccfe2SHavard Skinnemoen         uint8_t c[TEST_INPUT_BITS / BITS_PER_BYTE];
256326ccfe2SHavard Skinnemoen     } buf;
257326ccfe2SHavard Skinnemoen     unsigned int i;
258326ccfe2SHavard Skinnemoen 
259326ccfe2SHavard Skinnemoen     rng_reset();
260326ccfe2SHavard Skinnemoen     for (i = 0; i < sizeof(buf); i++) {
261326ccfe2SHavard Skinnemoen         rng_writeb(RNGCS, RNGE);
262326ccfe2SHavard Skinnemoen         g_assert_true(rng_wait_ready());
263326ccfe2SHavard Skinnemoen         buf.c[i] = rng_readb(RNGD);
264326ccfe2SHavard Skinnemoen         rng_writeb(RNGCS, 0);
265326ccfe2SHavard Skinnemoen     }
266326ccfe2SHavard Skinnemoen 
267326ccfe2SHavard Skinnemoen     g_assert_cmpfloat(calc_runs_p(buf.l, sizeof(buf) * BITS_PER_BYTE), >, 0.01);
2681af979b4SHavard Skinnemoen     dump_buf_if_failed(buf.c, sizeof(buf));
269326ccfe2SHavard Skinnemoen }
270326ccfe2SHavard Skinnemoen 
main(int argc,char ** argv)271326ccfe2SHavard Skinnemoen int main(int argc, char **argv)
272326ccfe2SHavard Skinnemoen {
273326ccfe2SHavard Skinnemoen     int ret;
274326ccfe2SHavard Skinnemoen 
275326ccfe2SHavard Skinnemoen     g_test_init(&argc, &argv, NULL);
276326ccfe2SHavard Skinnemoen     g_test_set_nonfatal_assertions();
277326ccfe2SHavard Skinnemoen 
278326ccfe2SHavard Skinnemoen     qtest_add_func("npcm7xx_rng/enable_disable", test_enable_disable);
279326ccfe2SHavard Skinnemoen     qtest_add_func("npcm7xx_rng/rosel", test_rosel);
280ffb4fbf9SPeter Maydell     /*
281ffb4fbf9SPeter Maydell      * These tests fail intermittently; only run them on explicit
282ffb4fbf9SPeter Maydell      * request until we figure out why.
283ffb4fbf9SPeter Maydell      */
284ffb4fbf9SPeter Maydell     if (getenv("QEMU_TEST_FLAKY_RNG_TESTS")) {
285326ccfe2SHavard Skinnemoen         qtest_add_func("npcm7xx_rng/continuous/monobit", test_continuous_monobit);
286326ccfe2SHavard Skinnemoen         qtest_add_func("npcm7xx_rng/continuous/runs", test_continuous_runs);
287326ccfe2SHavard Skinnemoen         qtest_add_func("npcm7xx_rng/first_byte/monobit", test_first_byte_monobit);
288326ccfe2SHavard Skinnemoen         qtest_add_func("npcm7xx_rng/first_byte/runs", test_first_byte_runs);
289ffb4fbf9SPeter Maydell     }
290326ccfe2SHavard Skinnemoen 
291326ccfe2SHavard Skinnemoen     qtest_start("-machine npcm750-evb");
292326ccfe2SHavard Skinnemoen     ret = g_test_run();
293326ccfe2SHavard Skinnemoen     qtest_end();
294326ccfe2SHavard Skinnemoen 
295326ccfe2SHavard Skinnemoen     return ret;
296326ccfe2SHavard Skinnemoen }
297