8006c9842b
The number of runs is equal to the number of 0-1 and 1-0 transitions, plus one. Currently, it's counting the number of times these transitions do _not_ happen, plus one. Source: https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-22r1a.pdf section 2.3.4 point (3). Signed-off-by: Havard Skinnemoen <hskinnemoen@google.com> Message-id: 20201103011457.2959989-2-hskinnemoen@google.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
285 lines
7.7 KiB
C
285 lines
7.7 KiB
C
/*
|
|
* QTest testcase for the Nuvoton NPCM7xx Random Number Generator
|
|
*
|
|
* Copyright 2020 Google LLC
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify it
|
|
* under the terms of the GNU General Public License as published by the
|
|
* Free Software Foundation; either version 2 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* This program is distributed in the hope that it will be useful, but WITHOUT
|
|
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
|
* for more details.
|
|
*/
|
|
|
|
#include "qemu/osdep.h"
|
|
|
|
#include <math.h>
|
|
|
|
#include "libqtest-single.h"
|
|
#include "qemu/bitops.h"
|
|
|
|
#define RNG_BASE_ADDR 0xf000b000
|
|
|
|
/* Control and Status Register */
|
|
#define RNGCS 0x00
|
|
# define DVALID BIT(1) /* Data Valid */
|
|
# define RNGE BIT(0) /* RNG Enable */
|
|
/* Data Register */
|
|
#define RNGD 0x04
|
|
/* Mode Register */
|
|
#define RNGMODE 0x08
|
|
# define ROSEL_NORMAL (2) /* RNG only works in this mode */
|
|
|
|
/* Number of bits to collect for randomness tests. */
|
|
#define TEST_INPUT_BITS (128)
|
|
|
|
static void rng_writeb(unsigned int offset, uint8_t value)
|
|
{
|
|
writeb(RNG_BASE_ADDR + offset, value);
|
|
}
|
|
|
|
static uint8_t rng_readb(unsigned int offset)
|
|
{
|
|
return readb(RNG_BASE_ADDR + offset);
|
|
}
|
|
|
|
/* Disable RNG and set normal ring oscillator mode. */
|
|
static void rng_reset(void)
|
|
{
|
|
rng_writeb(RNGCS, 0);
|
|
rng_writeb(RNGMODE, ROSEL_NORMAL);
|
|
}
|
|
|
|
/* Reset RNG and then enable it. */
|
|
static void rng_reset_enable(void)
|
|
{
|
|
rng_reset();
|
|
rng_writeb(RNGCS, RNGE);
|
|
}
|
|
|
|
/* Wait until Data Valid bit is set. */
|
|
static bool rng_wait_ready(void)
|
|
{
|
|
/* qemu_guest_getrandom may fail. Assume it won't fail 10 times in a row. */
|
|
int retries = 10;
|
|
|
|
while (retries-- > 0) {
|
|
if (rng_readb(RNGCS) & DVALID) {
|
|
return true;
|
|
}
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
/*
|
|
* Perform a frequency (monobit) test, as defined by NIST SP 800-22, on the
|
|
* sequence in buf and return the P-value. This represents the probability of a
|
|
* truly random sequence having the same proportion of zeros and ones as the
|
|
* sequence in buf.
|
|
*
|
|
* An RNG which always returns 0x00 or 0xff, or has some bits stuck at 0 or 1,
|
|
* will fail this test. However, an RNG which always returns 0x55, 0xf0 or some
|
|
* other value with an equal number of zeroes and ones will pass.
|
|
*/
|
|
static double calc_monobit_p(const uint8_t *buf, unsigned int len)
|
|
{
|
|
unsigned int i;
|
|
double s_obs;
|
|
int sn = 0;
|
|
|
|
for (i = 0; i < len; i++) {
|
|
/*
|
|
* Each 1 counts as 1, each 0 counts as -1.
|
|
* s = cp - (8 - cp) = 2 * cp - 8
|
|
*/
|
|
sn += 2 * ctpop8(buf[i]) - 8;
|
|
}
|
|
|
|
s_obs = abs(sn) / sqrt(len * BITS_PER_BYTE);
|
|
|
|
return erfc(s_obs / sqrt(2));
|
|
}
|
|
|
|
/*
|
|
* Perform a runs test, as defined by NIST SP 800-22, and return the P-value.
|
|
* This represents the probability of a truly random sequence having the same
|
|
* number of runs (i.e. uninterrupted sequences of identical bits) as the
|
|
* sequence in buf.
|
|
*/
|
|
static double calc_runs_p(const unsigned long *buf, unsigned int nr_bits)
|
|
{
|
|
unsigned int j;
|
|
unsigned int k;
|
|
int nr_ones = 0;
|
|
int vn_obs = 0;
|
|
double pi;
|
|
|
|
g_assert(nr_bits % BITS_PER_LONG == 0);
|
|
|
|
for (j = 0; j < nr_bits / BITS_PER_LONG; j++) {
|
|
nr_ones += __builtin_popcountl(buf[j]);
|
|
}
|
|
pi = (double)nr_ones / nr_bits;
|
|
|
|
for (k = 0; k < nr_bits - 1; k++) {
|
|
vn_obs += (test_bit(k, buf) ^ test_bit(k + 1, buf));
|
|
}
|
|
vn_obs += 1;
|
|
|
|
return erfc(fabs(vn_obs - 2 * nr_bits * pi * (1.0 - pi))
|
|
/ (2 * sqrt(2 * nr_bits) * pi * (1.0 - pi)));
|
|
}
|
|
|
|
/*
|
|
* Verifies that DVALID is clear, and RNGD reads zero, when RNGE is cleared,
|
|
* and DVALID eventually becomes set when RNGE is set.
|
|
*/
|
|
static void test_enable_disable(void)
|
|
{
|
|
/* Disable: DVALID should not be set, and RNGD should read zero */
|
|
rng_reset();
|
|
g_assert_cmphex(rng_readb(RNGCS), ==, 0);
|
|
g_assert_cmphex(rng_readb(RNGD), ==, 0);
|
|
|
|
/* Enable: DVALID should be set, but we can't make assumptions about RNGD */
|
|
rng_writeb(RNGCS, RNGE);
|
|
g_assert_true(rng_wait_ready());
|
|
g_assert_cmphex(rng_readb(RNGCS), ==, DVALID | RNGE);
|
|
|
|
/* Disable: DVALID should not be set, and RNGD should read zero */
|
|
rng_writeb(RNGCS, 0);
|
|
g_assert_cmphex(rng_readb(RNGCS), ==, 0);
|
|
g_assert_cmphex(rng_readb(RNGD), ==, 0);
|
|
}
|
|
|
|
/*
|
|
* Verifies that the RNG only produces data when RNGMODE is set to 'normal'
|
|
* ring oscillator mode.
|
|
*/
|
|
static void test_rosel(void)
|
|
{
|
|
rng_reset_enable();
|
|
g_assert_true(rng_wait_ready());
|
|
rng_writeb(RNGMODE, 0);
|
|
g_assert_false(rng_wait_ready());
|
|
rng_writeb(RNGMODE, ROSEL_NORMAL);
|
|
g_assert_true(rng_wait_ready());
|
|
rng_writeb(RNGMODE, 0);
|
|
g_assert_false(rng_wait_ready());
|
|
}
|
|
|
|
/*
|
|
* Verifies that a continuous sequence of bits collected after enabling the RNG
|
|
* satisfies a monobit test.
|
|
*/
|
|
static void test_continuous_monobit(void)
|
|
{
|
|
uint8_t buf[TEST_INPUT_BITS / BITS_PER_BYTE];
|
|
unsigned int i;
|
|
|
|
rng_reset_enable();
|
|
for (i = 0; i < sizeof(buf); i++) {
|
|
g_assert_true(rng_wait_ready());
|
|
buf[i] = rng_readb(RNGD);
|
|
}
|
|
|
|
g_assert_cmpfloat(calc_monobit_p(buf, sizeof(buf)), >, 0.01);
|
|
}
|
|
|
|
/*
|
|
* Verifies that a continuous sequence of bits collected after enabling the RNG
|
|
* satisfies a runs test.
|
|
*/
|
|
static void test_continuous_runs(void)
|
|
{
|
|
union {
|
|
unsigned long l[TEST_INPUT_BITS / BITS_PER_LONG];
|
|
uint8_t c[TEST_INPUT_BITS / BITS_PER_BYTE];
|
|
} buf;
|
|
unsigned int i;
|
|
|
|
rng_reset_enable();
|
|
for (i = 0; i < sizeof(buf); i++) {
|
|
g_assert_true(rng_wait_ready());
|
|
buf.c[i] = rng_readb(RNGD);
|
|
}
|
|
|
|
g_assert_cmpfloat(calc_runs_p(buf.l, sizeof(buf) * BITS_PER_BYTE), >, 0.01);
|
|
}
|
|
|
|
/*
|
|
* Verifies that the first data byte collected after enabling the RNG satisfies
|
|
* a monobit test.
|
|
*/
|
|
static void test_first_byte_monobit(void)
|
|
{
|
|
/* Enable, collect one byte, disable. Repeat until we have 100 bits. */
|
|
uint8_t buf[TEST_INPUT_BITS / BITS_PER_BYTE];
|
|
unsigned int i;
|
|
|
|
rng_reset();
|
|
for (i = 0; i < sizeof(buf); i++) {
|
|
rng_writeb(RNGCS, RNGE);
|
|
g_assert_true(rng_wait_ready());
|
|
buf[i] = rng_readb(RNGD);
|
|
rng_writeb(RNGCS, 0);
|
|
}
|
|
|
|
g_assert_cmpfloat(calc_monobit_p(buf, sizeof(buf)), >, 0.01);
|
|
}
|
|
|
|
/*
|
|
* Verifies that the first data byte collected after enabling the RNG satisfies
|
|
* a runs test.
|
|
*/
|
|
static void test_first_byte_runs(void)
|
|
{
|
|
/* Enable, collect one byte, disable. Repeat until we have 100 bits. */
|
|
union {
|
|
unsigned long l[TEST_INPUT_BITS / BITS_PER_LONG];
|
|
uint8_t c[TEST_INPUT_BITS / BITS_PER_BYTE];
|
|
} buf;
|
|
unsigned int i;
|
|
|
|
rng_reset();
|
|
for (i = 0; i < sizeof(buf); i++) {
|
|
rng_writeb(RNGCS, RNGE);
|
|
g_assert_true(rng_wait_ready());
|
|
buf.c[i] = rng_readb(RNGD);
|
|
rng_writeb(RNGCS, 0);
|
|
}
|
|
|
|
g_assert_cmpfloat(calc_runs_p(buf.l, sizeof(buf) * BITS_PER_BYTE), >, 0.01);
|
|
}
|
|
|
|
int main(int argc, char **argv)
|
|
{
|
|
int ret;
|
|
|
|
g_test_init(&argc, &argv, NULL);
|
|
g_test_set_nonfatal_assertions();
|
|
|
|
qtest_add_func("npcm7xx_rng/enable_disable", test_enable_disable);
|
|
qtest_add_func("npcm7xx_rng/rosel", test_rosel);
|
|
/*
|
|
* These tests fail intermittently; only run them on explicit
|
|
* request until we figure out why.
|
|
*/
|
|
if (getenv("QEMU_TEST_FLAKY_RNG_TESTS")) {
|
|
qtest_add_func("npcm7xx_rng/continuous/monobit", test_continuous_monobit);
|
|
qtest_add_func("npcm7xx_rng/continuous/runs", test_continuous_runs);
|
|
qtest_add_func("npcm7xx_rng/first_byte/monobit", test_first_byte_monobit);
|
|
qtest_add_func("npcm7xx_rng/first_byte/runs", test_first_byte_runs);
|
|
}
|
|
|
|
qtest_start("-machine npcm750-evb");
|
|
ret = g_test_run();
|
|
qtest_end();
|
|
|
|
return ret;
|
|
}
|