test/rdcpu_sanitytest.c

   1 /*
   2  * Copyright 2018-2022 The OpenSSL Project Authors. All Rights Reserved.
   3  *
   4  * Licensed under the Apache License 2.0 (the "License").  You may not use
   5  * this file except in compliance with the License.  You can obtain a copy
   6  * in the file LICENSE in the source distribution or at
   7  * https://www.openssl.org/source/license.html
   8  */
   9
  10 #include <stdio.h>
  11 #include <stdlib.h>
  12 #include <string.h>
  13 #include "testutil.h"
  14 #include "internal/cryptlib.h"
  15
  16 #if (defined(__i386)   || defined(__i386__)   || defined(_M_IX86) || \
  17      defined(__x86_64) || defined(__x86_64__) || \
  18      defined(_M_AMD64) || defined (_M_X64)) && defined(OPENSSL_CPUID_OBJ)
  19 # define IS_X_86 1
  20 size_t OPENSSL_ia32_rdrand_bytes(unsigned char *buf, size_t len);
  21 size_t OPENSSL_ia32_rdseed_bytes(unsigned char *buf, size_t len);
  22 #else
  23 # define IS_X_86 0
  24 #endif
  25
  26 #if defined(__aarch64__) && defined(OPENSSL_CPUID_OBJ)
  27 # define IS_AARCH_64 1
  28 # include "arm_arch.h"
  29
  30 size_t OPENSSL_rndr_bytes(unsigned char *buf, size_t len);
  31 size_t OPENSSL_rndrrs_bytes(unsigned char *buf, size_t len);
  32 #else
  33 # define IS_AARCH_64 0
  34 #endif
  35
  36 #if (IS_X_86 || IS_AARCH_64)
  37 static int sanity_check_bytes(size_t (*rng)(unsigned char *, size_t),
  38     int rounds, int min_failures, int max_retries, int max_zero_words)
  39 {
  40     int testresult = 0;
  41     unsigned char prior[31] = {0}, buf[31] = {0}, check[7];
  42     int failures = 0, zero_words = 0;
  43
  44     int i;
  45     for (i = 0; i < rounds; i++) {
  46         size_t generated = 0;
  47
  48         int retry;
  49         for (retry = 0; retry < max_retries; retry++) {
  50             generated = rng(buf, sizeof(buf));
  51             if (generated == sizeof(buf))
  52                 break;
  53             failures++;
  54         }
  55
  56         /*-
  57          * Verify that we don't have too many unexpected runs of zeroes,
  58          * implying that we might be accidentally using the 32-bit RDRAND
  59          * instead of the 64-bit one on 64-bit systems.
  60          */
  61         size_t j;
  62         for (j = 0; j < sizeof(buf) - 1; j++) {
  63             if (buf[j] == 0 && buf[j+1] == 0) {
  64                 zero_words++;
  65             }
  66         }
  67
  68         if (!TEST_int_eq(generated, sizeof(buf)))
  69             goto end;
  70         if (!TEST_false(!memcmp(prior, buf, sizeof(buf))))
  71             goto end;
  72
  73         /* Verify that the last 7 bytes of buf aren't all the same value */
  74         unsigned char *tail = &buf[sizeof(buf) - sizeof(check)];
  75         memset(check, tail[0], 7);
  76         if (!TEST_false(!memcmp(check, tail, sizeof(check))))
  77             goto end;
  78
  79         /* Save the result and make sure it's different next time */
  80         memcpy(prior, buf, sizeof(buf));
  81     }
  82
  83     if (!TEST_int_le(zero_words, max_zero_words))
  84         goto end;
  85
  86     if (!TEST_int_ge(failures, min_failures))
  87         goto end;
  88
  89     testresult = 1;
  90 end:
  91     return testresult;
  92 }
  93 #endif
  94
  95 #if IS_X_86
  96 static int sanity_check_rdrand_bytes(void)
  97 {
  98     return sanity_check_bytes(OPENSSL_ia32_rdrand_bytes, 1000, 0, 10, 10);
  99 }
 100
 101 static int sanity_check_rdseed_bytes(void)
 102 {
 103     /*-
 104      * RDSEED may take many retries to succeed; note that this is effectively
 105      * multiplied by the 8x retry loop in asm, and failure probabilities are
 106      * increased by the fact that we need either 4 or 8 samples depending on
 107      * the platform.
 108      */
 109     return sanity_check_bytes(OPENSSL_ia32_rdseed_bytes, 1000, 1, 10000, 10);
 110 }
 111 #elif IS_AARCH_64
 112 static int sanity_check_rndr_bytes(void)
 113 {
 114     return sanity_check_bytes(OPENSSL_rndr_bytes, 1000, 0, 10, 10);
 115 }
 116
 117 static int sanity_check_rndrrs_bytes(void)
 118 {
 119     return sanity_check_bytes(OPENSSL_rndrrs_bytes, 1000, 0, 10000, 10);
 120 }
 121 #endif
 122
 123 int setup_tests(void)
 124 {
 125 #if (IS_X_86 || IS_AARCH_64)
 126     OPENSSL_cpuid_setup();
 127
 128 # if IS_X_86
 129     int have_rdseed = (OPENSSL_ia32cap_P[2] & (1 << 18)) != 0;
 130     int have_rdrand = (OPENSSL_ia32cap_P[1] & (1 << (62 - 32))) != 0;
 131
 132     if (have_rdrand) {
 133         ADD_TEST(sanity_check_rdrand_bytes);
 134     }
 135
 136     if (have_rdseed) {
 137         ADD_TEST(sanity_check_rdseed_bytes);
 138     }
 139 # elif IS_AARCH_64
 140     int have_rndr_rndrrs = (OPENSSL_armcap_P & (1 << 8)) != 0;
 141
 142     if (have_rndr_rndrrs) {
 143         ADD_TEST(sanity_check_rndr_bytes);
 144         ADD_TEST(sanity_check_rndrrs_bytes);
 145     }
 146 # endif
 147 #endif
 148
 149     return 1;
 150 }