Remove reload option to wae initializer service

Reload option is not needed anymore.
To be secure, remove all KEKs from dek store (also adek) after loading
preloaded adeks once. Loaded adeks are stored in key-manager so they're
useless.
Related test cases are added. (load preloaded app deks)

(TODO) To use key-manager initial value feature is highly considered
to store KEK private key more securely.

Change-Id: I2f6c645398277968cd7d480236d1802a07fa33df
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>

1 files changed, 67 insertions, 5 deletions

diff --git a/tests/test-helper.cpp b/tests/test-helper.cpp
index d0ca263..b7fdf6a 100644
--- a/tests/test-helper.cpp
+++ b/tests/test-helper.cpp
@@ -22,6 +22,9 @@
 
 #include <cstring>
 #include <vector>
+#include <fstream>
+#include <unistd.h>
+#include <sys/stat.h>
 
 #include "web_app_enc.h"
 #include "key_handler.h"
@@ -37,6 +40,25 @@ namespace {
 
 const uid_t UID_OWNER = 5001;
 
+void copy_file(const char *src_path, const char *dst_path)
+{
+	std::ifstream src;
+	std::ofstream dst;
+
+	src.exceptions(std::ifstream::failbit | std::ifstream::badbit);
+	dst.exceptions(std::ofstream::failbit | std::ofstream::badbit);
+
+	src.open(src_path, std::ifstream::binary);
+	dst.open(dst_path, std::ofstream::binary);
+
+	dst << src.rdbuf();
+
+	// std::ofstream destructor will call close automatically so no need to handle
+	// close in the exception cases
+	src.close();
+	dst.close();
+}
+
 } // namespace anonymous
 
 void add_get_remove_ce(wae_app_type_e app_type)
@@ -123,15 +145,29 @@ void encrypt_decrypt_web_app(wae_app_type_e app_type)
 	else
 		wae_remove_global_app_dek(pkg_id, app_type == WAE_PRELOADED_APP);
 
-	if (app_type == WAE_PRELOADED_APP)
-		clear_app_deks_loaded_from_key_manager();
-
 	std::vector<unsigned char> plaintext = {
 		'a', 'b', 'c', 'a', 'b', 'c', 'x', 'y',
 		'o', 'q', '2', 'e', 'v', '0', '1', 'x'
 	};
 
-	// test for downloaded web application
+	// precondition for preloaded app:
+	//   for preloaded app encryption, preloaded app dek kek(pub) is needed.
+	//   dek store is removed after preloaded app deks loaded so dek store
+	//   does not exists as default. To test encrypt/decrypt(write/read ce) app test,
+	//   dek store directory should be made.
+	std::unique_ptr<void, std::function<void(void *)>> scoped_store(
+		reinterpret_cast<void *>(1), [](void *ptr) {
+			if (ptr == reinterpret_cast<void *>(1))
+				return;
+			else
+				remove_dek_store(); // remove dek store automatically in case of error
+		});
+
+	if (app_type == WAE_PRELOADED_APP) {
+		restore_dummy_preloaded_app_dek_keks();
+		scoped_store.reset(reinterpret_cast<void *>(2));
+	}
+
 	unsigned char *_encrypted = nullptr;
 	size_t _enc_len = 0;
 	int tmp = 0;
@@ -171,7 +207,7 @@ void encrypt_decrypt_web_app(wae_app_type_e app_type)
 	}
 
 	if (app_type == WAE_PRELOADED_APP)
-		load_preloaded_app_deks(true);
+		load_preloaded_app_deks();
 
 	unsigned char *_decrypted = nullptr;
 	size_t _dec_len = 0;
@@ -201,5 +237,31 @@ void encrypt_decrypt_web_app(wae_app_type_e app_type)
 			"Failed to wae_remove_app_dek. ec: " << tmp);
 }
 
+void restore_dek_store()
+{
+	mkdir(
+		_get_dek_store_path(),
+		S_IRUSR | S_IWUSR | S_IXUSR | S_IRGRP | S_IWGRP | S_IXGRP);
+}
+
+void remove_dek_store()
+{
+	_remove_directory(_get_dek_store_path());
+}
+
+void restore_dummy_preloaded_app_dek_keks()
+{
+	// Generate pri/pub key pair. Private key is protected
+	// with assigned password: APP_DEK_KEK_PRIKEY_PASSWORD) which is same to password
+	// of real private key because it's built in source of srcs/key_handler.c
+	// It should be removed after private key goes into key-manager initial-value.
+	restore_dek_store();
+
+	copy_file("/opt/share/wae/test/app_dek/prikey.pem", _get_dek_kek_pri_key_path());
+	copy_file("/opt/share/wae/test/app_dek/pubkey.pem", _get_dek_kek_pub_key_path());
+
+	BOOST_MESSAGE("copying dummy pri/pub key pair to dek store done");
+}
+
 } // namespace Test
 } // namespace Wae