1/*
2 * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License").  You may not use
5 * this file except in compliance with the License.  You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10#include <stdio.h>
11#include <stdlib.h>
12#include <string.h>
13#include "testutil.h"
14#include "internal/cryptlib.h"
15
16#if (defined(__i386)   || defined(__i386__)   || defined(_M_IX86) || \
17     defined(__x86_64) || defined(__x86_64__) || \
18     defined(_M_AMD64) || defined (_M_X64)) && defined(OPENSSL_CPUID_OBJ)
19
20size_t OPENSSL_ia32_rdrand_bytes(unsigned char *buf, size_t len);
21size_t OPENSSL_ia32_rdseed_bytes(unsigned char *buf, size_t len);
22
23static int sanity_check_bytes(size_t (*rng)(unsigned char *, size_t),
24    int rounds, int min_failures, int max_retries, int max_zero_words)
25{
26    int testresult = 0;
27    unsigned char prior[31] = {0}, buf[31] = {0}, check[7];
28    int failures = 0, zero_words = 0;
29
30    int i;
31    for (i = 0; i < rounds; i++) {
32        size_t generated = 0;
33
34        int retry;
35        for (retry = 0; retry < max_retries; retry++) {
36            generated = rng(buf, sizeof(buf));
37            if (generated == sizeof(buf))
38                break;
39            failures++;
40        }
41
42        /*-
43         * Verify that we don't have too many unexpected runs of zeroes,
44         * implying that we might be accidentally using the 32-bit RDRAND
45         * instead of the 64-bit one on 64-bit systems.
46         */
47        size_t j;
48        for (j = 0; j < sizeof(buf) - 1; j++) {
49            if (buf[j] == 0 && buf[j+1] == 0) {
50                zero_words++;
51            }
52        }
53
54        if (!TEST_int_eq(generated, sizeof(buf)))
55            goto end;
56        if (!TEST_false(!memcmp(prior, buf, sizeof(buf))))
57            goto end;
58
59        /* Verify that the last 7 bytes of buf aren't all the same value */
60        unsigned char *tail = &buf[sizeof(buf) - sizeof(check)];
61        memset(check, tail[0], 7);
62        if (!TEST_false(!memcmp(check, tail, sizeof(check))))
63            goto end;
64
65        /* Save the result and make sure it's different next time */
66        memcpy(prior, buf, sizeof(buf));
67    }
68
69    if (!TEST_int_le(zero_words, max_zero_words))
70        goto end;
71
72    if (!TEST_int_ge(failures, min_failures))
73        goto end;
74
75    testresult = 1;
76end:
77    return testresult;
78}
79
80static int sanity_check_rdrand_bytes(void)
81{
82    return sanity_check_bytes(OPENSSL_ia32_rdrand_bytes, 1000, 0, 10, 10);
83}
84
85static int sanity_check_rdseed_bytes(void)
86{
87    /*-
88     * RDSEED may take many retries to succeed; note that this is effectively
89     * multiplied by the 8x retry loop in asm, and failure probabilities are
90     * increased by the fact that we need either 4 or 8 samples depending on
91     * the platform.
92     */
93    return sanity_check_bytes(OPENSSL_ia32_rdseed_bytes, 1000, 1, 10000, 10);
94}
95
96int setup_tests(void)
97{
98    OPENSSL_cpuid_setup();
99
100    int have_rdseed = (OPENSSL_ia32cap_P[2] & (1 << 18)) != 0;
101    int have_rdrand = (OPENSSL_ia32cap_P[1] & (1 << (62 - 32))) != 0;
102
103    if (have_rdrand) {
104        ADD_TEST(sanity_check_rdrand_bytes);
105    }
106
107    if (have_rdseed) {
108        ADD_TEST(sanity_check_rdseed_bytes);
109    }
110
111    return 1;
112}
113
114
115#else
116
117int setup_tests(void)
118{
119    return 1;
120}
121
122#endif
123