| 1 | /*
|
|---|
| 2 | * Copyright 2018-2022 The OpenSSL Project Authors. All Rights Reserved.
|
|---|
| 3 | *
|
|---|
| 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use
|
|---|
| 5 | * this file except in compliance with the License. You can obtain a copy
|
|---|
| 6 | * in the file LICENSE in the source distribution or at
|
|---|
| 7 | * https://www.openssl.org/source/license.html
|
|---|
| 8 | */
|
|---|
| 9 |
|
|---|
| 10 | #include <stdio.h>
|
|---|
| 11 | #include <stdlib.h>
|
|---|
| 12 | #include <string.h>
|
|---|
| 13 | #include "testutil.h"
|
|---|
| 14 | #include "internal/cryptlib.h"
|
|---|
| 15 |
|
|---|
| 16 | #if (defined(__i386) || defined(__i386__) || defined(_M_IX86) || \
|
|---|
| 17 | defined(__x86_64) || defined(__x86_64__) || \
|
|---|
| 18 | defined(_M_AMD64) || defined (_M_X64)) && defined(OPENSSL_CPUID_OBJ)
|
|---|
| 19 | # define IS_X_86 1
|
|---|
| 20 | size_t OPENSSL_ia32_rdrand_bytes(unsigned char *buf, size_t len);
|
|---|
| 21 | size_t OPENSSL_ia32_rdseed_bytes(unsigned char *buf, size_t len);
|
|---|
| 22 | #else
|
|---|
| 23 | # define IS_X_86 0
|
|---|
| 24 | #endif
|
|---|
| 25 |
|
|---|
| 26 | #if defined(__aarch64__) && defined(OPENSSL_CPUID_OBJ)
|
|---|
| 27 | # define IS_AARCH_64 1
|
|---|
| 28 | # include "arm_arch.h"
|
|---|
| 29 |
|
|---|
| 30 | size_t OPENSSL_rndr_bytes(unsigned char *buf, size_t len);
|
|---|
| 31 | size_t OPENSSL_rndrrs_bytes(unsigned char *buf, size_t len);
|
|---|
| 32 | #else
|
|---|
| 33 | # define IS_AARCH_64 0
|
|---|
| 34 | #endif
|
|---|
| 35 |
|
|---|
| 36 | #if (IS_X_86 || IS_AARCH_64)
|
|---|
| 37 | static int sanity_check_bytes(size_t (*rng)(unsigned char *, size_t),
|
|---|
| 38 | int rounds, int min_failures, int max_retries, int max_zero_words)
|
|---|
| 39 | {
|
|---|
| 40 | int testresult = 0;
|
|---|
| 41 | unsigned char prior[31] = {0}, buf[31] = {0}, check[7];
|
|---|
| 42 | int failures = 0, zero_words = 0;
|
|---|
| 43 |
|
|---|
| 44 | int i;
|
|---|
| 45 | for (i = 0; i < rounds; i++) {
|
|---|
| 46 | size_t generated = 0;
|
|---|
| 47 |
|
|---|
| 48 | int retry;
|
|---|
| 49 | for (retry = 0; retry < max_retries; retry++) {
|
|---|
| 50 | generated = rng(buf, sizeof(buf));
|
|---|
| 51 | if (generated == sizeof(buf))
|
|---|
| 52 | break;
|
|---|
| 53 | failures++;
|
|---|
| 54 | }
|
|---|
| 55 |
|
|---|
| 56 | /*-
|
|---|
| 57 | * Verify that we don't have too many unexpected runs of zeroes,
|
|---|
| 58 | * implying that we might be accidentally using the 32-bit RDRAND
|
|---|
| 59 | * instead of the 64-bit one on 64-bit systems.
|
|---|
| 60 | */
|
|---|
| 61 | size_t j;
|
|---|
| 62 | for (j = 0; j < sizeof(buf) - 1; j++) {
|
|---|
| 63 | if (buf[j] == 0 && buf[j+1] == 0) {
|
|---|
| 64 | zero_words++;
|
|---|
| 65 | }
|
|---|
| 66 | }
|
|---|
| 67 |
|
|---|
| 68 | if (!TEST_int_eq(generated, sizeof(buf)))
|
|---|
| 69 | goto end;
|
|---|
| 70 | if (!TEST_false(!memcmp(prior, buf, sizeof(buf))))
|
|---|
| 71 | goto end;
|
|---|
| 72 |
|
|---|
| 73 | /* Verify that the last 7 bytes of buf aren't all the same value */
|
|---|
| 74 | unsigned char *tail = &buf[sizeof(buf) - sizeof(check)];
|
|---|
| 75 | memset(check, tail[0], 7);
|
|---|
| 76 | if (!TEST_false(!memcmp(check, tail, sizeof(check))))
|
|---|
| 77 | goto end;
|
|---|
| 78 |
|
|---|
| 79 | /* Save the result and make sure it's different next time */
|
|---|
| 80 | memcpy(prior, buf, sizeof(buf));
|
|---|
| 81 | }
|
|---|
| 82 |
|
|---|
| 83 | if (!TEST_int_le(zero_words, max_zero_words))
|
|---|
| 84 | goto end;
|
|---|
| 85 |
|
|---|
| 86 | if (!TEST_int_ge(failures, min_failures))
|
|---|
| 87 | goto end;
|
|---|
| 88 |
|
|---|
| 89 | testresult = 1;
|
|---|
| 90 | end:
|
|---|
| 91 | return testresult;
|
|---|
| 92 | }
|
|---|
| 93 | #endif
|
|---|
| 94 |
|
|---|
| 95 | #if IS_X_86
|
|---|
| 96 | static int sanity_check_rdrand_bytes(void)
|
|---|
| 97 | {
|
|---|
| 98 | return sanity_check_bytes(OPENSSL_ia32_rdrand_bytes, 1000, 0, 10, 10);
|
|---|
| 99 | }
|
|---|
| 100 |
|
|---|
| 101 | static int sanity_check_rdseed_bytes(void)
|
|---|
| 102 | {
|
|---|
| 103 | /*-
|
|---|
| 104 | * RDSEED may take many retries to succeed; note that this is effectively
|
|---|
| 105 | * multiplied by the 8x retry loop in asm, and failure probabilities are
|
|---|
| 106 | * increased by the fact that we need either 4 or 8 samples depending on
|
|---|
| 107 | * the platform.
|
|---|
| 108 | */
|
|---|
| 109 | return sanity_check_bytes(OPENSSL_ia32_rdseed_bytes, 1000, 1, 10000, 10);
|
|---|
| 110 | }
|
|---|
| 111 | #elif IS_AARCH_64
|
|---|
| 112 | static int sanity_check_rndr_bytes(void)
|
|---|
| 113 | {
|
|---|
| 114 | return sanity_check_bytes(OPENSSL_rndr_bytes, 1000, 0, 10, 10);
|
|---|
| 115 | }
|
|---|
| 116 |
|
|---|
| 117 | static int sanity_check_rndrrs_bytes(void)
|
|---|
| 118 | {
|
|---|
| 119 | return sanity_check_bytes(OPENSSL_rndrrs_bytes, 1000, 0, 10000, 10);
|
|---|
| 120 | }
|
|---|
| 121 | #endif
|
|---|
| 122 |
|
|---|
| 123 | int setup_tests(void)
|
|---|
| 124 | {
|
|---|
| 125 | #if (IS_X_86 || IS_AARCH_64)
|
|---|
| 126 | OPENSSL_cpuid_setup();
|
|---|
| 127 |
|
|---|
| 128 | # if IS_X_86
|
|---|
| 129 | int have_rdseed = (OPENSSL_ia32cap_P[2] & (1 << 18)) != 0;
|
|---|
| 130 | int have_rdrand = (OPENSSL_ia32cap_P[1] & (1 << (62 - 32))) != 0;
|
|---|
| 131 |
|
|---|
| 132 | if (have_rdrand) {
|
|---|
| 133 | ADD_TEST(sanity_check_rdrand_bytes);
|
|---|
| 134 | }
|
|---|
| 135 |
|
|---|
| 136 | if (have_rdseed) {
|
|---|
| 137 | ADD_TEST(sanity_check_rdseed_bytes);
|
|---|
| 138 | }
|
|---|
| 139 | # elif IS_AARCH_64
|
|---|
| 140 | int have_rndr_rndrrs = (OPENSSL_armcap_P & (1 << 8)) != 0;
|
|---|
| 141 |
|
|---|
| 142 | if (have_rndr_rndrrs) {
|
|---|
| 143 | ADD_TEST(sanity_check_rndr_bytes);
|
|---|
| 144 | ADD_TEST(sanity_check_rndrrs_bytes);
|
|---|
| 145 | }
|
|---|
| 146 | # endif
|
|---|
| 147 | #endif
|
|---|
| 148 |
|
|---|
| 149 | return 1;
|
|---|
| 150 | }
|
|---|
