qemu-e2k/tests/qtest/npcm7xx_rng-test.c
Havard Skinnemoen 8006c9842b tests/qtest/npcm7xx_rng-test: count runs properly
The number of runs is equal to the number of 0-1 and 1-0 transitions,
plus one. Currently, it's counting the number of times these transitions
do _not_ happen, plus one.

Source:
https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-22r1a.pdf
section 2.3.4 point (3).

Signed-off-by: Havard Skinnemoen <hskinnemoen@google.com>
Message-id: 20201103011457.2959989-2-hskinnemoen@google.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-11-10 11:03:48 +00:00

285 lines
7.7 KiB
C

/*
* QTest testcase for the Nuvoton NPCM7xx Random Number Generator
*
* Copyright 2020 Google LLC
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
#include "qemu/osdep.h"
#include <math.h>
#include "libqtest-single.h"
#include "qemu/bitops.h"
#define RNG_BASE_ADDR 0xf000b000
/* Control and Status Register */
#define RNGCS 0x00
# define DVALID BIT(1) /* Data Valid */
# define RNGE BIT(0) /* RNG Enable */
/* Data Register */
#define RNGD 0x04
/* Mode Register */
#define RNGMODE 0x08
# define ROSEL_NORMAL (2) /* RNG only works in this mode */
/* Number of bits to collect for randomness tests. */
#define TEST_INPUT_BITS (128)
static void rng_writeb(unsigned int offset, uint8_t value)
{
writeb(RNG_BASE_ADDR + offset, value);
}
static uint8_t rng_readb(unsigned int offset)
{
return readb(RNG_BASE_ADDR + offset);
}
/* Disable RNG and set normal ring oscillator mode. */
static void rng_reset(void)
{
rng_writeb(RNGCS, 0);
rng_writeb(RNGMODE, ROSEL_NORMAL);
}
/* Reset RNG and then enable it. */
static void rng_reset_enable(void)
{
rng_reset();
rng_writeb(RNGCS, RNGE);
}
/* Wait until Data Valid bit is set. */
static bool rng_wait_ready(void)
{
/* qemu_guest_getrandom may fail. Assume it won't fail 10 times in a row. */
int retries = 10;
while (retries-- > 0) {
if (rng_readb(RNGCS) & DVALID) {
return true;
}
}
return false;
}
/*
* Perform a frequency (monobit) test, as defined by NIST SP 800-22, on the
* sequence in buf and return the P-value. This represents the probability of a
* truly random sequence having the same proportion of zeros and ones as the
* sequence in buf.
*
* An RNG which always returns 0x00 or 0xff, or has some bits stuck at 0 or 1,
* will fail this test. However, an RNG which always returns 0x55, 0xf0 or some
* other value with an equal number of zeroes and ones will pass.
*/
static double calc_monobit_p(const uint8_t *buf, unsigned int len)
{
unsigned int i;
double s_obs;
int sn = 0;
for (i = 0; i < len; i++) {
/*
* Each 1 counts as 1, each 0 counts as -1.
* s = cp - (8 - cp) = 2 * cp - 8
*/
sn += 2 * ctpop8(buf[i]) - 8;
}
s_obs = abs(sn) / sqrt(len * BITS_PER_BYTE);
return erfc(s_obs / sqrt(2));
}
/*
* Perform a runs test, as defined by NIST SP 800-22, and return the P-value.
* This represents the probability of a truly random sequence having the same
* number of runs (i.e. uninterrupted sequences of identical bits) as the
* sequence in buf.
*/
static double calc_runs_p(const unsigned long *buf, unsigned int nr_bits)
{
unsigned int j;
unsigned int k;
int nr_ones = 0;
int vn_obs = 0;
double pi;
g_assert(nr_bits % BITS_PER_LONG == 0);
for (j = 0; j < nr_bits / BITS_PER_LONG; j++) {
nr_ones += __builtin_popcountl(buf[j]);
}
pi = (double)nr_ones / nr_bits;
for (k = 0; k < nr_bits - 1; k++) {
vn_obs += (test_bit(k, buf) ^ test_bit(k + 1, buf));
}
vn_obs += 1;
return erfc(fabs(vn_obs - 2 * nr_bits * pi * (1.0 - pi))
/ (2 * sqrt(2 * nr_bits) * pi * (1.0 - pi)));
}
/*
* Verifies that DVALID is clear, and RNGD reads zero, when RNGE is cleared,
* and DVALID eventually becomes set when RNGE is set.
*/
static void test_enable_disable(void)
{
/* Disable: DVALID should not be set, and RNGD should read zero */
rng_reset();
g_assert_cmphex(rng_readb(RNGCS), ==, 0);
g_assert_cmphex(rng_readb(RNGD), ==, 0);
/* Enable: DVALID should be set, but we can't make assumptions about RNGD */
rng_writeb(RNGCS, RNGE);
g_assert_true(rng_wait_ready());
g_assert_cmphex(rng_readb(RNGCS), ==, DVALID | RNGE);
/* Disable: DVALID should not be set, and RNGD should read zero */
rng_writeb(RNGCS, 0);
g_assert_cmphex(rng_readb(RNGCS), ==, 0);
g_assert_cmphex(rng_readb(RNGD), ==, 0);
}
/*
* Verifies that the RNG only produces data when RNGMODE is set to 'normal'
* ring oscillator mode.
*/
static void test_rosel(void)
{
rng_reset_enable();
g_assert_true(rng_wait_ready());
rng_writeb(RNGMODE, 0);
g_assert_false(rng_wait_ready());
rng_writeb(RNGMODE, ROSEL_NORMAL);
g_assert_true(rng_wait_ready());
rng_writeb(RNGMODE, 0);
g_assert_false(rng_wait_ready());
}
/*
* Verifies that a continuous sequence of bits collected after enabling the RNG
* satisfies a monobit test.
*/
static void test_continuous_monobit(void)
{
uint8_t buf[TEST_INPUT_BITS / BITS_PER_BYTE];
unsigned int i;
rng_reset_enable();
for (i = 0; i < sizeof(buf); i++) {
g_assert_true(rng_wait_ready());
buf[i] = rng_readb(RNGD);
}
g_assert_cmpfloat(calc_monobit_p(buf, sizeof(buf)), >, 0.01);
}
/*
* Verifies that a continuous sequence of bits collected after enabling the RNG
* satisfies a runs test.
*/
static void test_continuous_runs(void)
{
union {
unsigned long l[TEST_INPUT_BITS / BITS_PER_LONG];
uint8_t c[TEST_INPUT_BITS / BITS_PER_BYTE];
} buf;
unsigned int i;
rng_reset_enable();
for (i = 0; i < sizeof(buf); i++) {
g_assert_true(rng_wait_ready());
buf.c[i] = rng_readb(RNGD);
}
g_assert_cmpfloat(calc_runs_p(buf.l, sizeof(buf) * BITS_PER_BYTE), >, 0.01);
}
/*
* Verifies that the first data byte collected after enabling the RNG satisfies
* a monobit test.
*/
static void test_first_byte_monobit(void)
{
/* Enable, collect one byte, disable. Repeat until we have 100 bits. */
uint8_t buf[TEST_INPUT_BITS / BITS_PER_BYTE];
unsigned int i;
rng_reset();
for (i = 0; i < sizeof(buf); i++) {
rng_writeb(RNGCS, RNGE);
g_assert_true(rng_wait_ready());
buf[i] = rng_readb(RNGD);
rng_writeb(RNGCS, 0);
}
g_assert_cmpfloat(calc_monobit_p(buf, sizeof(buf)), >, 0.01);
}
/*
* Verifies that the first data byte collected after enabling the RNG satisfies
* a runs test.
*/
static void test_first_byte_runs(void)
{
/* Enable, collect one byte, disable. Repeat until we have 100 bits. */
union {
unsigned long l[TEST_INPUT_BITS / BITS_PER_LONG];
uint8_t c[TEST_INPUT_BITS / BITS_PER_BYTE];
} buf;
unsigned int i;
rng_reset();
for (i = 0; i < sizeof(buf); i++) {
rng_writeb(RNGCS, RNGE);
g_assert_true(rng_wait_ready());
buf.c[i] = rng_readb(RNGD);
rng_writeb(RNGCS, 0);
}
g_assert_cmpfloat(calc_runs_p(buf.l, sizeof(buf) * BITS_PER_BYTE), >, 0.01);
}
int main(int argc, char **argv)
{
int ret;
g_test_init(&argc, &argv, NULL);
g_test_set_nonfatal_assertions();
qtest_add_func("npcm7xx_rng/enable_disable", test_enable_disable);
qtest_add_func("npcm7xx_rng/rosel", test_rosel);
/*
* These tests fail intermittently; only run them on explicit
* request until we figure out why.
*/
if (getenv("QEMU_TEST_FLAKY_RNG_TESTS")) {
qtest_add_func("npcm7xx_rng/continuous/monobit", test_continuous_monobit);
qtest_add_func("npcm7xx_rng/continuous/runs", test_continuous_runs);
qtest_add_func("npcm7xx_rng/first_byte/monobit", test_first_byte_monobit);
qtest_add_func("npcm7xx_rng/first_byte/runs", test_first_byte_runs);
}
qtest_start("-machine npcm750-evb");
ret = g_test_run();
qtest_end();
return ret;
}