From 40053010ddc860767a85d5cee492cc8f778b7fc6 Mon Sep 17 00:00:00 2001
From: Taylor R Campbell <riastradh@NetBSD.org>
Date: Sat, 6 Aug 2022 13:39:44 +0000
Subject: [PATCH 4/4] cgdconfig(8): Verify shared keys are generated only once.

---
 distrib/sets/lists/tests/mi  |   1 +
 tests/dev/cgd/Makefile       |   3 +
 tests/dev/cgd/h_countkey.sh  |  11 ++++
 tests/dev/cgd/t_cgdconfig.sh | 104 +++++++++++++++++++++++++++++++++++
 4 files changed, 119 insertions(+)
 create mode 100644 tests/dev/cgd/h_countkey.sh

diff --git a/distrib/sets/lists/tests/mi b/distrib/sets/lists/tests/mi
index 6dc6afb2d236..fa69cae6c30d 100644
--- a/distrib/sets/lists/tests/mi
+++ b/distrib/sets/lists/tests/mi
@@ -1417,6 +1417,7 @@
 ./usr/tests/dev/cgd					tests-fs-tests		compattestfile,atf
 ./usr/tests/dev/cgd/Atffile				tests-fs-tests		compattestfile,atf
 ./usr/tests/dev/cgd/Kyuafile				tests-fs-tests		compattestfile,atf,kyua
+./usr/tests/dev/cgd/h_countkey				tests-fs-tests		compattestfile,atf
 ./usr/tests/dev/cgd/h_img2cgd				tests-obsolete		obsolete
 ./usr/tests/dev/cgd/h_img2cgd/cgd.conf			tests-obsolete		obsolete
 ./usr/tests/dev/cgd/h_img2cgd/h_img2cgd			tests-obsolete		obsolete
diff --git a/tests/dev/cgd/Makefile b/tests/dev/cgd/Makefile
index f1e4f60de63a..5a892b3ee901 100644
--- a/tests/dev/cgd/Makefile
+++ b/tests/dev/cgd/Makefile
@@ -10,6 +10,9 @@ FILESDIR=	${TESTSDIR}
 TESTS_SH+=	t_cgd
 TESTS_SH+=	t_cgdconfig
 
+SCRIPTSDIR=	${TESTSDIR}
+SCRIPTS+=	h_countkey.sh
+
 .if ${MKRUMP} != "no"
 TESTS_C+=	t_cgd_3des
 TESTS_C+=	t_cgd_adiantum
diff --git a/tests/dev/cgd/h_countkey.sh b/tests/dev/cgd/h_countkey.sh
new file mode 100644
index 000000000000..a229c140f7f7
--- /dev/null
+++ b/tests/dev/cgd/h_countkey.sh
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+set -Ceu
+
+n=$(cat "$1" 2>/dev/null || echo 0)
+n=$((n + 1))
+echo $n >"$1".tmp
+mv -f "$1".tmp "$1"
+shift
+
+echo ${1+"$@"} | base64 -d
diff --git a/tests/dev/cgd/t_cgdconfig.sh b/tests/dev/cgd/t_cgdconfig.sh
index 513dc9691072..e5876a09e264 100644
--- a/tests/dev/cgd/t_cgdconfig.sh
+++ b/tests/dev/cgd/t_cgdconfig.sh
@@ -25,6 +25,8 @@
 # POSSIBILITY OF SUCH DAMAGE.
 #
 
+COUNTKEY=$(atf_get_srcdir)/h_countkey
+
 atf_test_case storedkey
 storedkey_head()
 {
@@ -166,10 +168,112 @@ EOF
 	    cgdconfig -t params
 }
 
+atf_test_case sharedstoredkeys
+sharedstoredkeys_head()
+{
+	atf_set descr "Test multiple shared key generations from stored keys"
+}
+sharedstoredkeys_body()
+{
+	cat <<EOF >wd0e
+algorithm adiantum;
+iv-method encblkno1;
+keylength 256;
+verify_method none;
+keygen storedkey {
+        key AAABAAd3CTYsLjLfDdw/DcR7umOQtsc7tQ+cMSLshErXwrPl;
+        shared "helloworld" algorithm hkdf-hmac-sha256 \
+            subkey AAAAUPDx8vP09fb3+Pk=;
+};
+EOF
+	cat <<EOF >ld1e
+algorithm adiantum;
+iv-method encblkno1;
+keylength 256;
+verify_method none;
+keygen storedkey {
+        key AAABAAd3CTYsLjLfDdw/DcR7umOQtsc7tQ+cMSLshErXwrPl;
+        shared "helloworld" algorithm hkdf-hmac-sha256 \
+            subkey AAAAQMxUtCBh7ha6mUU=;
+};
+EOF
+	cat <<EOF >cgd.conf0
+cgd0	/dev/wd0e	wd0e
+cgd1	/dev/ld1e	ld1e
+EOF
+	cat <<EOF >expected0
+/dev/wd0e: PLJfJfqs1XqQQ09k0DYvKi0tCpDPGlpMXbAtVuzExb8=
+/dev/ld1e: ADxn574yb7sVdxHphNRRdObZxntMJA/ssMuUX6SXgEY=
+EOF
+	cat <<EOF >cgd.conf1
+cgd0	/dev/ld1e	ld1e
+cgd1	/dev/wd0e	wd0e
+EOF
+	cat <<EOF >expected1
+/dev/ld1e: ADxn574yb7sVdxHphNRRdObZxntMJA/ssMuUX6SXgEY=
+/dev/wd0e: PLJfJfqs1XqQQ09k0DYvKi0tCpDPGlpMXbAtVuzExb8=
+EOF
+	atf_check -o file:expected0 cgdconfig -T -f cgd.conf0
+	atf_check -o file:expected1 cgdconfig -T -f cgd.conf1
+}
+
+atf_test_case sharedshellkeys
+sharedshellkeys_head()
+{
+	atf_set descr "Test multiple shared key generations from shell_cmd"
+}
+sharedshellkeys_body()
+{
+	cat <<EOF >wd0e
+algorithm adiantum;
+iv-method encblkno1;
+keylength 256;
+verify_method none;
+keygen shell_cmd {
+        cmd "${COUNTKEY} n B3cJNiwuMt8N3D8NxHu6Y5C2xzu1D5wxIuyEStfCs+U=";
+        shared "helloworld" algorithm hkdf-hmac-sha256 \
+            subkey AAAAUPDx8vP09fb3+Pk=;
+};
+EOF
+	cat <<EOF >ld1e
+algorithm adiantum;
+iv-method encblkno1;
+keylength 256;
+verify_method none;
+keygen shell_cmd {
+        cmd "${COUNTKEY} n B3cJNiwuMt8N3D8NxHu6Y5C2xzu1D5wxIuyEStfCs+U=";
+        shared "helloworld" algorithm hkdf-hmac-sha256 \
+            subkey AAAAQMxUtCBh7ha6mUU=;
+};
+EOF
+	cat <<EOF >cgd.conf0
+cgd0	/dev/wd0e	wd0e
+cgd1	/dev/ld1e	ld1e
+EOF
+	cat <<EOF >expected0
+/dev/wd0e: PLJfJfqs1XqQQ09k0DYvKi0tCpDPGlpMXbAtVuzExb8=
+/dev/ld1e: ADxn574yb7sVdxHphNRRdObZxntMJA/ssMuUX6SXgEY=
+EOF
+	cat <<EOF >cgd.conf1
+cgd0	/dev/ld1e	ld1e
+cgd1	/dev/wd0e	wd0e
+EOF
+	cat <<EOF >expected1
+/dev/ld1e: ADxn574yb7sVdxHphNRRdObZxntMJA/ssMuUX6SXgEY=
+/dev/wd0e: PLJfJfqs1XqQQ09k0DYvKi0tCpDPGlpMXbAtVuzExb8=
+EOF
+	atf_check -o file:expected0 cgdconfig -T -f cgd.conf0
+	atf_check -o inline:'1\n' cat n
+	atf_check -o file:expected1 cgdconfig -T -f cgd.conf1
+	atf_check -o inline:'2\n' cat n
+}
+
 atf_init_test_cases()
 {
+	atf_add_test_case sharedshellkeys
 	atf_add_test_case sharedstoredkey10
 	atf_add_test_case sharedstoredkey80
+	atf_add_test_case sharedstoredkeys
 	atf_add_test_case storedkey
 	atf_add_test_case storedkey2a
 	atf_add_test_case storedkey2b