xref: /netbsd-src/crypto/external/bsd/openssl/dist/test/rdrand_sanitytest.c (revision 82d56013d7b633d116a93943de88e08335357a7c) 
1 /*
2  * Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.
3  *
4  * Licensed under the OpenSSL license (the "License").  You may not use
5  * this file except in compliance with the License.  You can obtain a copy
6  * in the file LICENSE in the source distribution or at
7  * https://www.openssl.org/source/license.html
8  */
9 
10 #include <stdio.h>
11 #include <stdlib.h>
12 #include <string.h>
13 #include "testutil.h"
14 #include <openssl/opensslconf.h>
15 
16 #if (defined(__i386)   || defined(__i386__)   || defined(_M_IX86) || \
17      defined(__x86_64) || defined(__x86_64__) || \
18      defined(_M_AMD64) || defined (_M_X64)) && defined(OPENSSL_CPUID_OBJ)
19 
20 size_t OPENSSL_ia32_rdrand_bytes(unsigned char *buf, size_t len);
21 size_t OPENSSL_ia32_rdseed_bytes(unsigned char *buf, size_t len);
22 
23 void OPENSSL_cpuid_setup(void);
24 
25 extern unsigned int OPENSSL_ia32cap_P[4];
26 
27 static int sanity_check_bytes(size_t (*rng)(unsigned char *, size_t),
28     int rounds, int min_failures, int max_retries, int max_zero_words)
29 {
30     int testresult = 0;
31     unsigned char prior[31] = {0}, buf[31] = {0}, check[7];
32     int failures = 0, zero_words = 0;
33 
34     int i;
35     for (i = 0; i < rounds; i++) {
36         size_t generated = 0;
37 
38         int retry;
39         for (retry = 0; retry < max_retries; retry++) {
40             generated = rng(buf, sizeof(buf));
41             if (generated == sizeof(buf))
42                 break;
43             failures++;
44         }
45 
46         /*-
47          * Verify that we don't have too many unexpected runs of zeroes,
48          * implying that we might be accidentally using the 32-bit RDRAND
49          * instead of the 64-bit one on 64-bit systems.
50          */
51         size_t j;
52         for (j = 0; j < sizeof(buf) - 1; j++) {
53             if (buf[j] == 0 && buf[j+1] == 0) {
54                 zero_words++;
55             }
56         }
57 
58         if (!TEST_int_eq(generated, sizeof(buf)))
59             goto end;
60         if (!TEST_false(!memcmp(prior, buf, sizeof(buf))))
61             goto end;
62 
63         /* Verify that the last 7 bytes of buf aren't all the same value */
64         unsigned char *tail = &buf[sizeof(buf) - sizeof(check)];
65         memset(check, tail[0], 7);
66         if (!TEST_false(!memcmp(check, tail, sizeof(check))))
67             goto end;
68 
69         /* Save the result and make sure it's different next time */
70         memcpy(prior, buf, sizeof(buf));
71     }
72 
73     if (!TEST_int_le(zero_words, max_zero_words))
74         goto end;
75 
76     if (!TEST_int_ge(failures, min_failures))
77         goto end;
78 
79     testresult = 1;
80 end:
81     return testresult;
82 }
83 
84 static int sanity_check_rdrand_bytes(void)
85 {
86     return sanity_check_bytes(OPENSSL_ia32_rdrand_bytes, 1000, 0, 10, 10);
87 }
88 
89 static int sanity_check_rdseed_bytes(void)
90 {
91     /*-
92      * RDSEED may take many retries to succeed; note that this is effectively
93      * multiplied by the 8x retry loop in asm, and failure probabilities are
94      * increased by the fact that we need either 4 or 8 samples depending on
95      * the platform.
96      */
97     return sanity_check_bytes(OPENSSL_ia32_rdseed_bytes, 1000, 1, 10000, 10);
98 }
99 
100 int setup_tests(void)
101 {
102     OPENSSL_cpuid_setup();
103 
104     int have_rdseed = (OPENSSL_ia32cap_P[2] & (1 << 18)) != 0;
105     int have_rdrand = (OPENSSL_ia32cap_P[1] & (1 << (62 - 32))) != 0;
106 
107     if (have_rdrand) {
108         ADD_TEST(sanity_check_rdrand_bytes);
109     }
110 
111     if (have_rdseed) {
112         ADD_TEST(sanity_check_rdseed_bytes);
113     }
114 
115     return 1;
116 }
117 
118 
119 #else
120 
121 int setup_tests(void)
122 {
123     return 1;
124 }
125 
126 #endif
127