--- a/cryptoservices/filebasedcertificateandkeystores/test/tkeystore/scripts/authobjects_v2.txt Tue Jul 21 01:04:32 2009 +0100
+++ b/cryptoservices/filebasedcertificateandkeystores/test/tkeystore/scripts/authobjects_v2.txt Thu Sep 10 14:01:51 2009 +0300
@@ -1,2485 +1,2485 @@
-// Script 2: Test authentication, paspphrase caching, etc
-
-////////////////////////////////////////////////////////////////////////////////
-// 0. Initialisation
-////////////////////////////////////////////////////////////////////////////////
-
-// First we delete the keystore data file, so that we know we are setting the
-// passphrase with our first key add operation.
-// Then we set up some keys for the rest of the test script to use:
-//
-// Key: Type:
-// banana RSA
-// mango DSA
-// tomato DH
-
-
-// test passphrase timeout affects all keys, and all processes
-
-<action>
- <actionname>0.1, Delete keystore data file</actionname>
- <actiontype>deletekeystoredata</actiontype>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
-</action>
-
-<action>
- <actionname>0.2, Opening key store in manager mode</actionname>
- <actiontype>init</actiontype>
- <actionbody>
- <mode>manager</mode>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
-</action>
-
-<action>
- <actionname>0.3 Delete everything</actionname>
- <actiontype>deletekeys</actiontype>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
-</action>
-
-////////////////////////////////////////////////////////////////////////////////
-// 1. Test passphrase caching
-////////////////////////////////////////////////////////////////////////////////
-
-// 1.1 Test adding a key leaves it open and with default timeout of 30 seconds
-
-<action>
- <actionname>1.1.1, Add key banana</actionname>
- <actiontype>addkey</actiontype>
- <actionbody>
- <keyusage>allusagesbutNR</keyusage>
- <keysize>512</keysize>
- <keylabel>banana</keylabel>
- <keyalgorithm>RSA</keyalgorithm>
- <keyaccesstype>Extractable</keyaccesstype>
- <passphrase>create flyingelephant</passphrase>
- </actionbody>
- <actionresult> <return>KErrNone</return> </actionresult>
-</action>
-
-<action>
- <actionname>1.1.2, Get timeout, expect default of 30 seconds</actionname>
- <actiontype>gettimeout</actiontype>
- <actionbody>
- <keylabel>banana</keylabel>
- <timeout>30</timeout>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
-</action>
-
-<action>
- <actionname>1.1.3, Get time remaining, expect 30 seconds</actionname>
- <actiontype>timeremaining</actiontype>
- <actionbody>
- <keylabel>banana</keylabel>
- <timeout>30</timeout>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
-</action>
-
-<action>
- <actionname>1.1.4, Sign, don't expect passphrase prompt</actionname>
- <actiontype>sign</actiontype>
- <actionbody>
- <keylabel>banana</keylabel>
- <open>RSA</open>
- <text>This is text of 20 .</text>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
-</action>
-
-<action>
- <actionname>1.1.5, Add key mango</actionname>
- <actiontype>addkey</actiontype>
- <actionbody>
- <keyusage>DSAUsage</keyusage>
- <keysize>512</keysize>
- <keylabel>mango</keylabel>
- <keyalgorithm>DSA</keyalgorithm>
- <keyaccesstype>Extractable</keyaccesstype>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
-</action>
-
-<action>
- <actionname>1.1.6, Add key tomato</actionname>
- <actiontype>addkey</actiontype>
- <actionbody>
- <keyusage>Derive</keyusage>
- <keysize>512</keysize>
- <keylabel>tomato</keylabel>
- <keyalgorithm>DH</keyalgorithm>
- <keyaccesstype>Extractable</keyaccesstype>
- </actionbody>
- <actionresult> <return>KErrNone</return> </actionresult>
-</action>
-
-<action>
- <actionname>1.1.7, Check everything added ok</actionname>
- <actiontype>listkeys</actiontype>
- <actionbody>
- <listcount>3</listcount>
- <foundkey>banana</foundkey>
- <foundkey>mango</foundkey>
- <foundkey>tomato</foundkey>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
-</action>
-
-<action>
- <actionname>1.1.8, Set passphrase timeout to "don't cache"</actionname>
- <actiontype>settimeout</actiontype>
- <actionbody>
- <keylabel>banana</keylabel>
- <timeout>0</timeout>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
-</action>
-
-// 1.2 Test getting and setting the timeout works
-
-// 1.2.1 Test setting timeout via keystore
-
-<action>
- <actionname>1.2.1.1, Set passphrase timeout to 5 seconds via keystore</actionname>
- <actiontype>settimeout</actiontype>
- <actionbody>
- <timeout>5</timeout>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
-</action>
-
-<action>
- <actionname>1.2.1.2, Get timeout on banana, expect 5 seconds</actionname>
- <actiontype>gettimeout</actiontype>
- <actionbody>
- <keylabel>banana</keylabel>
- <timeout>5</timeout>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
-</action>
-
-<action>
- <actionname>1.2.1.3, Get timeout on mango, expect 5 seconds</actionname>
- <actiontype>gettimeout</actiontype>
- <actionbody>
- <keylabel>mango</keylabel>
- <timeout>5</timeout>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
-</action>
-
-<action>
- <actionname>1.2.1.4, Get timeout on tomato, expect 5 seconds</actionname>
- <actiontype>gettimeout</actiontype>
- <actionbody>
- <keylabel>tomato</keylabel>
- <timeout>5</timeout>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
-</action>
-
-// 1.2.2 Test setting timeout via auth object
-
-<action>
- <actionname>1.2.2.1, Set passphrase timeout to 10 seconds via auth object</actionname>
- <actiontype>authsettimeout</actiontype>
- <actionbody>
- <keylabel>banana</keylabel>
- <timeout>10</timeout>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
-</action>
-
-<action>
- <actionname>1.2.2.3, Get timeout on banana, expect 10 seconds</actionname>
- <actiontype>gettimeout</actiontype>
- <actionbody>
- <keylabel>banana</keylabel>
- <timeout>10</timeout>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
-</action>
-
-<action>
- <actionname>1.2.2.4, Get timeout on mango, expect 10 seconds</actionname>
- <actiontype>gettimeout</actiontype>
- <actionbody>
- <keylabel>mango</keylabel>
- <timeout>10</timeout>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
-</action>
-
-<action>
- <actionname>1.2.1.5, Get timeout on tomato, expect 10 seconds</actionname>
- <actiontype>gettimeout</actiontype>
- <actionbody>
- <keylabel>tomato</keylabel>
- <timeout>10</timeout>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
-</action>
-
-// 1.3 Test cached passphrases expire and that we can get the time remaining
-
-<action>
- <actionname>1.3.1, Get time remaining, expect 0 cos no passphrase cached</actionname>
- <actiontype>timeremaining</actiontype>
- <actionbody>
- <keylabel>banana</keylabel>
- <timeout>0</timeout>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
-</action>
-
-<action>
- <actionname>1.3.2, Sign, expect passphrase prompt</actionname>
- <actiontype>sign</actiontype>
- <actionbody>
- <keylabel>banana</keylabel>
- <open>RSA</open>
- <text>This is text of 20 .</text>
- <passphrase>flyingelephant</passphrase>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
-</action>
-
-<action>
- <actionname>1.3.3, Get time remaining</actionname>
- <actiontype>timeremaining</actiontype>
- <actionbody>
- <keylabel>banana</keylabel>
- <timeout>10</timeout>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
-</action>
-
-<action>
- <actionname>1.3.4, Wait 5 seconds</actionname>
- <actiontype>sleep</actiontype>
- <actionbody>
- <seconds>5</seconds>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
-</action>
-
-<action>
- <actionname>1.3.5, Get time remaining, expect 5 seconds</actionname>
- <actiontype>timeremaining</actiontype>
- <actionbody>
- <keylabel>banana</keylabel>
- <timeout>5</timeout>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
-</action>
-
-<action>
- <actionname>1.3.6, Sign, don't expect passphrase prompt</actionname>
- <actiontype>sign</actiontype>
- <actionbody>
- <keylabel>banana</keylabel>
- <open>RSA</open>
- <text>This is text of 20 .</text>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
-</action>
-
-<action>
- <actionname>1.3.7, Wait another 5 seconds</actionname>
- <actiontype>sleep</actiontype>
- <actionbody>
- <seconds>5</seconds>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
-</action>
-
-<action>
- <actionname>1.3.8, Get time remaining, expect 0 again</actionname>
- <actiontype>timeremaining</actiontype>
- <actionbody>
- <keylabel>banana</keylabel>
- <timeout>0</timeout>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
-</action>
-
-<action>
- <actionname>1.3.9, Sign, expect passphrase prompt</actionname>
- <actiontype>sign</actiontype>
- <actionbody>
- <keylabel>banana</keylabel>
- <open>RSA</open>
- <text>This is text of 20 .</text>
- <passphrase>flyingelephant</passphrase>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
-</action>
-
-// 1.4 Test auth object open and close
-
-<action>
- <actionname>1.4.1.1, Close object</actionname>
- <actiontype>authclose</actiontype>
- <actionbody>
- <keylabel>banana</keylabel>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
-</action>
-
-<action>
- <actionname>1.4.1.2, Sign, expect passphrase prompt</actionname>
- <actiontype>sign</actiontype>
- <actionbody>
- <keylabel>banana</keylabel>
- <open>RSA</open>
- <text>This is text of 20 .</text>
- <passphrase>flyingelephant</passphrase>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
-</action>
-
-<action>
- <actionname>1.4.1.3, Sign again, don't expect passphrase prompt</actionname>
- <actiontype>sign</actiontype>
- <actionbody>
- <keylabel>banana</keylabel>
- <open>RSA</open>
- <text>This is text of 20 .</text>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
-</action>
-
-<action>
- <actionname>1.4.1.4, Close object</actionname>
- <actiontype>authclose</actiontype>
- <actionbody>
- <keylabel>banana</keylabel>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
-</action>
-
-<action>
- <actionname>1.4.1.5, Open banana</actionname>
- <actiontype>authopen</actiontype>
- <actionbody>
- <keylabel>banana</keylabel>
- <passphrase>flyingelephant</passphrase>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
-</action>
-
-<action>
- <actionname>1.4.1.6, Sign again, don't expect passphrase prompt</actionname>
- <actiontype>sign</actiontype>
- <actionbody>
- <keylabel>banana</keylabel>
- <open>RSA</open>
- <text>This is text of 20 .</text>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
-</action>
-
-// 1.4.2 Test that opening/closing a key opens/closes keys all keys we can use
-
-<action>
- <actionname>1.4.2.1, Open mango, don't expect passphrase prompt</actionname>
- <actiontype>authopen</actiontype>
- <actionbody>
- <keylabel>mango</keylabel>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
-</action>
-
-<action>
- <actionname>1.4.2.2, Close object</actionname>
- <actiontype>authclose</actiontype>
- <actionbody>
- <keylabel>banana</keylabel>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
-</action>
-
-<action>
- <actionname>1.4.2.3, Open mango, expect passphrase prompt</actionname>
- <actiontype>authopen</actiontype>
- <actionbody>
- <keylabel>mango</keylabel>
- <passphrase>flyingelephant</passphrase>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
-</action>
-
-<action>
- <actionname>1.4.2.4, Close object again</actionname>
- <actiontype>authclose</actiontype>
- <actionbody>
- <keylabel>banana</keylabel>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
-</action>
-
-// 1.4.3 Test that the user gets three attempts to enter the passphrase
-
-<action>
- <actionname>1.4.3.1, Open banana with wrong passphrase, test that we get only three attempts</actionname>
- <actiontype>authopen</actiontype>
- <actionbody>
- <keylabel>banana</keylabel>
- <passphrase>wrong</passphrase>
- <passphrase>wrong</passphrase>
- <passphrase>wrong</passphrase>
- </actionbody>
- <actionresult>
- <return>KErrBadPassphrase</return>
- </actionresult>
-</action>
-
-<action>
- <actionname>1.4.3.2, Open banana, get passphrase right on second attempt</actionname>
- <actiontype>authopen</actiontype>
- <actionbody>
- <keylabel>banana</keylabel>
- <passphrase>wrong</passphrase>
- <passphrase>flyingelephant</passphrase>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
-</action>
-
-<action>
- <actionname>1.4.3.3, Close banana</actionname>
- <actiontype>authclose</actiontype>
- <actionbody>
- <keylabel>banana</keylabel>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
-</action>
-
-<action>
- <actionname>1.4.3.4, Open banana, get passphrase right on last attempt</actionname>
- <actiontype>authopen</actiontype>
- <actionbody>
- <keylabel>banana</keylabel>
- <passphrase>wrong</passphrase>
- <passphrase>wrong</passphrase>
- <passphrase>flyingelephant</passphrase>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
-</action>
-
-////////////////////////////////////////////////////////////////////////////////
-// 2. Test list protected objects
-////////////////////////////////////////////////////////////////////////////////
-
-<action>
- <actionname>2.1, List protected objects for banana</actionname>
- <actiontype>listprotectedobjects</actiontype>
- <actionbody>
- <keylabel>banana</keylabel>
- <foundkey>banana</foundkey>
- <foundkey>mango</foundkey>
- <foundkey>tomato</foundkey>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
-</action>
-
-<action>
- <actionname>2.2, List protected objects for mango</actionname>
- <actiontype>listprotectedobjects</actiontype>
- <actionbody>
- <keylabel>mango</keylabel>
- <foundkey>banana</foundkey>
- <foundkey>mango</foundkey>
- <foundkey>tomato</foundkey>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
-</action>
-
-<action>
- <actionname>2.3, List protected objects for tomato</actionname>
- <actiontype>listprotectedobjects</actiontype>
- <actionbody>
- <keylabel>tomato</keylabel>
- <foundkey>banana</foundkey>
- <foundkey>mango</foundkey>
- <foundkey>tomato</foundkey>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
-</action>
-
-////////////////////////////////////////////////////////////////////////////////
-// 3. Test changing the passphrase
-////////////////////////////////////////////////////////////////////////////////
-
-<action>
- <actionname>3.1, Set passphrase timeout to 30 seconds</actionname>
- <actiontype>settimeout</actiontype>
- <actionbody>
- <keylabel>banana</keylabel>
- <timeout>30</timeout>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
-</action>
-
-<action>
- <actionname>3.2, Sign with banana, cache passphrase</actionname>
- <actiontype>sign</actiontype>
- <actionbody>
- <keylabel>banana</keylabel>
- <open>RSA</open>
- <text>This is text of 20 .</text>
- <passphrase>flyingelephant</passphrase>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
-</action>
-
-<action>
- <actionname>3.3.1, Attempt to change the passphrase, but supply wrong current passphrase</actionname>
- <actiontype>changepassphrase</actiontype>
- <actionbody>
- <keylabel>banana</keylabel>
- <passphrase>change wrong1 redfox</passphrase>
- <passphrase>change wrong2 redfox</passphrase>
- <passphrase>change wrong3 redfox</passphrase>
- </actionbody>
- <actionresult>
- <return>KErrBadPassphrase</return>
- </actionresult>
-</action>
-
-<action>
- <actionname>3.3.2, Sign with the key, expect passphrase still cached</actionname>
- <actiontype>sign</actiontype>
- <actionbody>
- <keylabel>banana</keylabel>
- <open>RSA</open>
- <text>This is text of 20 .</text>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
-</action>
-
-<action>
- <actionname>3.4, Change the passphrase</actionname>
- <actiontype>changepassphrase</actiontype>
- <actionbody>
- <keylabel>banana</keylabel>
- <passphrase>change flyingelephant redfox</passphrase>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
-</action>
-
-<action>
- <actionname>3.5, Sign but supply the old passphrase, expect failure</actionname>
- <actiontype>sign</actiontype>
- <actionbody>
- <keylabel>banana</keylabel>
- <open>RSA</open>
- <text>This is text of 20 .</text>
- <passphrase>flyingelephant</passphrase>
- <passphrase>flyingelephant</passphrase>
- <passphrase>flyingelephant</passphrase>
- </actionbody>
- <actionresult>
- <return>KErrBadPassphrase</return>
- </actionresult>
-</action>
-
-<action>
- <actionname>3.6, Sign with correct passphrase</actionname>
- <actiontype>sign</actiontype>
- <actionbody>
- <keylabel>banana</keylabel>
- <open>RSA</open>
- <text>This is text of 20 .</text>
- <passphrase>redfox</passphrase>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
-</action>
-
-<action>
- <actionname>3.7, Set passphrase timeout back to "don't cache"</actionname>
- <actiontype>settimeout</actiontype>
- <actionbody>
- <keylabel>banana</keylabel>
- <timeout>0</timeout>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
-</action>
-
-////////////////////////////////////////////////////////////////////////////////
-// 4. Test unblocking the passphrase
-////////////////////////////////////////////////////////////////////////////////
-
-
-
-////////////////////////////////////////////////////////////////////////////////
-// 5. Test relocking the store
-////////////////////////////////////////////////////////////////////////////////
-
-<action>
- <actionname>5.1.1, Opening second unified key store</actionname>
- <actiontype>init</actiontype>
- <actionbody>
- <mode>manager</mode>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
-</action>
-
-<action>
- <actionname>5.1.2, Set passphrase timeout to 30 seconds</actionname>
- <actiontype>settimeout</actiontype>
- <actionbody>
- <keylabel>banana</keylabel>
- <timeout>30</timeout>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
-</action>
-
-<action>
- <actionname>5.2, Sign, expect passphrase prompt</actionname>
- <actiontype>sign</actiontype>
- <actionbody>
- <keylabel>banana</keylabel>
- <open>RSA</open>
- <text>This is text of 20 .</text>
- <passphrase>redfox</passphrase>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
-</action>
-
-<action>
- <actionname>5.3, Close object via 2nd key store</actionname>
- <actiontype>authclose</actiontype>
- <actionbody>
- <keylabel>banana</keylabel>
- <keystore>1</keystore>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
-</action>
-
-<action>
- <actionname>5.4, Sign, don't expect passphrase prompt</actionname>
- <actiontype>sign</actiontype>
- <actionbody>
- <keylabel>banana</keylabel>
- <open>RSA</open>
- <text>This is text of 20 .</text>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
-</action>
-
-<action>
- <actionname>5.5, Relock store via 2nd key store</actionname>
- <actiontype>relockstore</actiontype>
- <actionbody>
- <keystore>1</keystore>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
-</action>
-
-<action>
- <actionname>5.6, Sign, expect passphrase prompt</actionname>
- <actiontype>sign</actiontype>
- <actionbody>
- <keylabel>banana</keylabel>
- <open>RSA</open>
- <text>This is text of 20 .</text>
- <passphrase>redfox</passphrase>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
-</action>
-
-<action>
- <actionname>5.7.1, Close key store 2</actionname>
- <actiontype>delete</actiontype>
- <actionbody></actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
-</action>
-
-<action>
- <actionname>5.7.2, Set passphrase timeout back to "don't cache"</actionname>
- <actiontype>settimeout</actiontype>
- <actionbody>
- <keylabel>banana</keylabel>
- <timeout>0</timeout>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
-</action>
-
-
-////////////////////////////////////////////////////////////////////////////////
-// 6. Test security policies
-////////////////////////////////////////////////////////////////////////////////
-
-// 6.1 Test default policy is to police based on SID of the creator
-
-<action>
- <actionname>6.1.1, Get default use policy</actionname>
- <actiontype>getusepolicy</actiontype>
- <actionbody>
- <keylabel>banana</keylabel>
- </actionbody>
- <actionresult>
- <policy>
- <secureid>0x101F7E95</secureid>
- </policy>
- <return>KErrNone</return>
- </actionresult>
-</action>
-
-<action>
- <actionname>6.1.2, Get default management policy</actionname>
- <actiontype>getmanagementpolicy</actiontype>
- <actionbody>
- <keylabel>banana</keylabel>
- </actionbody>
- <actionresult>
- <policy>
- <secureid>0x101F7E95</secureid>
- </policy>
- <return>KErrNone</return>
- </actionresult>
-</action>
-
-// 6.2 Test setting policies for the keys
-
-<action>
- <actionname>6.2.1, Set banana's use policy based on SID and capabilities</actionname>
- <actiontype>setusepolicy</actiontype>
- <actionbody>
- <keylabel>banana</keylabel>
- <policy>
- <secureid>0x101FFFFF</secureid>
- <capability>DRM</capability>
- <capability>ReadUserData</capability>
- </policy>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
-</action>
-
-<action>
- <actionname>6.2.2, Check banana's use policy set correctly</actionname>
- <actiontype>getusepolicy</actiontype>
- <actionbody>
- <keylabel>banana</keylabel>
- </actionbody>
- <actionresult>
- <policy>
- <secureid>0x101FFFFF</secureid>
- <capability>DRM</capability>
- <capability>ReadUserData</capability>
- </policy>
- <return>KErrNone</return>
- </actionresult>
-</action>
-
-<action>
- <actionname>6.2.3, Set mango's use policy based on VID and capabilities</actionname>
- <actiontype>setusepolicy</actiontype>
- <actionbody>
- <keylabel>mango</keylabel>
- <policy>
- <vendorid>0x70000007</vendorid>
- <capability>DRM</capability>
- <capability>ReadUserData</capability>
- </policy>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
-</action>
-
-<action>
- <actionname>6.2.4, Check mango's use policy set correctly</actionname>
- <actiontype>getusepolicy</actiontype>
- <actionbody>
- <keylabel>mango</keylabel>
- </actionbody>
- <actionresult>
- <policy>
- <vendorid>0x70000007</vendorid>
- <capability>DRM</capability>
- <capability>ReadUserData</capability>
- </policy>
- <return>KErrNone</return>
- </actionresult>
-</action>
-
-<action>
- <actionname>6.2.5, Set tomato's use policy based on just capabilities</actionname>
- <actiontype>setusepolicy</actiontype>
- <actionbody>
- <keylabel>tomato</keylabel>
- <policy>
- <capability>DRM</capability>
- <capability>ReadUserData</capability>
- <capability>WriteUserData</capability>
- <capability>ReadDeviceData</capability>
- <capability>WriteDeviceData</capability>
- </policy>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
-</action>
-
-<action>
- <actionname>6.2.6, Check tomato's use policy set correctly</actionname>
- <actiontype>getusepolicy</actiontype>
- <actionbody>
- <keylabel>tomato</keylabel>
- </actionbody>
- <actionresult>
- <policy>
- <capability>DRM</capability>
- <capability>ReadUserData</capability>
- <capability>WriteUserData</capability>
- <capability>ReadDeviceData</capability>
- <capability>WriteDeviceData</capability>
- </policy>
- <return>KErrNone</return>
- </actionresult>
-</action>
-
-<action>
- <actionname>6.2.7.1, Test we can't set management policy that doesn't include the calling process</actionname>
- <actiontype>setmanagementpolicy</actiontype>
- <actionbody>
- <keylabel>banana</keylabel>
- <policy>
- <capability>DRM</capability>
- <capability>ReadUserData</capability>
- <capability>WriteUserData</capability>
- <capability>NetworkControl</capability>
- </policy>
- </actionbody>
- <actionresult>
- <return>KErrArgument</return>
- </actionresult>
-</action>
-
-<action>
- <actionname>6.2.7.2, Test we can't set management policy that doesn't include the calling process</actionname>
- <actiontype>setmanagementpolicy</actiontype>
- <actionbody>
- <keylabel>banana</keylabel>
- <policy>
- <secureid>0x101F7E96</secureid>
- <capability>DRM</capability>
- <capability>ReadUserData</capability>
- <capability>WriteUserData</capability>
- </policy>
- </actionbody>
- <actionresult>
- <return>KErrArgument</return>
- </actionresult>
-</action>
-
-<action>
- <actionname>6.2.7.3, Test we can't set management policy that doesn't include the calling process</actionname>
- <actiontype>setmanagementpolicy</actiontype>
- <actionbody>
- <keylabel>banana</keylabel>
- <policy>
- <vendorid>0x70000002</vendorid>
- <capability>DRM</capability>
- <capability>ReadUserData</capability>
- <capability>WriteUserData</capability>
- </policy>
- </actionbody>
- <actionresult>
- <return>KErrArgument</return>
- </actionresult>
-</action>
-
-<action>
- <actionname>6.2.7.4, Set banana's management policy based on just capabilities</actionname>
- <actiontype>setmanagementpolicy</actiontype>
- <actionbody>
- <keylabel>banana</keylabel>
- <policy>
- <capability>DRM</capability>
- <capability>ReadUserData</capability>
- <capability>WriteUserData</capability>
- </policy>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
-</action>
-
-<action>
- <actionname>6.2.8, Check banana's management policy set correctly</actionname>
- <actiontype>getmanagementpolicy</actiontype>
- <actionbody>
- <keylabel>banana</keylabel>
- </actionbody>
- <actionresult>
- <policy>
- <capability>DRM</capability>
- <capability>ReadUserData</capability>
- <capability>WriteUserData</capability>
- </policy>
- <return>KErrNone</return>
- </actionresult>
-</action>
-
-<action>
- <actionname>6.2.9, Set mango's management policy based on SID and capabilities</actionname>
- <actiontype>setmanagementpolicy</actiontype>
- <actionbody>
- <keylabel>mango</keylabel>
- <policy>
- <secureid>0x101F7E95</secureid>
- <capability>ReadUserData</capability>
- <capability>DRM</capability>
- <capability>ReadDeviceData</capability>
- </policy>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
-</action>
-
-<action>
- <actionname>6.2.10, Check mango's management policy set correctly</actionname>
- <actiontype>getmanagementpolicy</actiontype>
- <actionbody>
- <keylabel>mango</keylabel>
- </actionbody>
- <actionresult>
- <policy>
- <secureid>0x101F7E95</secureid>
- <capability>ReadUserData</capability>
- <capability>DRM</capability>
- <capability>ReadDeviceData</capability>
- </policy>
- <return>KErrNone</return>
- </actionresult>
-</action>
-
-<action>
- <actionname>6.2.11, Set tomato's management policy based on VID and capabilities</actionname>
- <actiontype>setmanagementpolicy</actiontype>
- <actionbody>
- <keylabel>tomato</keylabel>
- <policy>
- <vendorid>0x70000001</vendorid>
- <capability>ReadUserData</capability>
- <capability>DRM</capability>
- <capability>WriteDeviceData</capability>
- </policy>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
-</action>
-
-<action>
- <actionname>6.2.12, Check tomato's management policy set correctly</actionname>
- <actiontype>getmanagementpolicy</actiontype>
- <actionbody>
- <keylabel>tomato</keylabel>
- </actionbody>
- <actionresult>
- <policy>
- <vendorid>0x70000001</vendorid>
- <capability>ReadUserData</capability>
- <capability>DRM</capability>
- <capability>WriteDeviceData</capability>
- </policy>
- <return>KErrNone</return>
- </actionresult>
-</action>
-
-// 6.3 Test enforcement of security policies
-
-<action>
- <actionname>6.3.1, Test use policy enforcement for SID and capabilities</actionname>
- <actiontype>policytest</actiontype>
- <actionbody>
- <testexe>t_keystore.exe</testexe>
- <excludedcapabilities>
- <capability>TCB</capability>
- </excludedcapabilities>
- <policy>
- <secureid>0x101FFFFF</secureid>
- <capability>DRM</capability>
- <capability>ReadUserData</capability>
- </policy>
-
- <preactions>
- <action>
- <actionname>1, Open key store in manager mode</actionname>
- <actiontype>init</actiontype>
- <actionbody>
- <mode>manager</mode>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
- </action>
- </preactions>
-
- <passactions>
- <action>
- <actionname>2, Get key info</actionname>
- <actiontype>getkeyinfo</actiontype>
- <actionbody>
- <keylabel>banana</keylabel>
- <keyusage>allusagesbutNR</keyusage>
- <keysize>512</keysize>
- <keyalgorithm>RSA</keyalgorithm>
- <keyaccesstype>Extractable</keyaccesstype>
- <keyaccesstype>Local</keyaccesstype>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
- </action>
-
- <action>
- <actionname>3, Sign</actionname>
- <actiontype>sign</actiontype>
- <actionbody>
- <keylabel>banana</keylabel>
- <open>RSA</open>
- <text>This is text of 20 .</text>
- <passphrase>redfox</passphrase>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
- </action>
-
- <action>
- <actionname>4, Decrypt</actionname>
- <actiontype>decrypt</actiontype>
- <actionbody>
- <keylabel>banana</keylabel>
- <text>Ook!</text>
- <passphrase>redfox</passphrase>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
- </action>
- </passactions>
-
- <failactions>
- <action>
- <actionname>2, Get key info</actionname>
- <actiontype>getkeyinfo</actiontype>
- <actionbody>
- <keylabel>banana</keylabel>
- <keyusage>allusagesbutNR</keyusage>
- <keysize>512</keysize>
- <keyalgorithm>RSA</keyalgorithm>
- <keyaccesstype>Extractable</keyaccesstype>
- <keyaccesstype>Local</keyaccesstype>
- </actionbody>
- <actionresult>
- <return>KErrPermissionDenied</return>
- </actionresult>
- </action>
-
- <action>
- <actionname>3, Sign</actionname>
- <actiontype>sign</actiontype>
- <actionbody>
- <keylabel>banana</keylabel>
- <open>RSA</open>
- <text>This is text of 20 .</text>
- </actionbody>
- <actionresult>
- <return>KErrPermissionDenied</return>
- </actionresult>
- </action>
-
- <action>
- <actionname>4, Decrypt</actionname>
- <actiontype>decrypt</actiontype>
- <actionbody>
- <keylabel>banana</keylabel>
- <text>Ook!</text>
- </actionbody>
- <actionresult>
- <return>KErrPermissionDenied</return>
- </actionresult>
- </action>
- </failactions>
-
- <postactions>
- <action>
- <actionname>5, Close key store</actionname>
- <actiontype>delete</actiontype>
- <actionbody></actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
- </action>
- </postactions>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
-</action>
-
-<action>
- <actionname>6.3.2, Test use policy enforcement for VID and capabilities</actionname>
- <actiontype>policytest</actiontype>
- <actionbody>
- <testexe>t_keystore.exe</testexe>
- <excludedcapabilities>
- <capability>TCB</capability>
- </excludedcapabilities>
- <policy>
- <vendorid>0x70000007</vendorid>
- <capability>DRM</capability>
- <capability>ReadUserData</capability>
- </policy>
-
- <preactions>
- <action>
- <actionname>1, Open key store in manager mode</actionname>
- <actiontype>init</actiontype>
- <actionbody>
- <mode>manager</mode>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
- </action>
- </preactions>
-
- <passactions>
- <action>
- <actionname>2, Get key info</actionname>
- <actiontype>getkeyinfo</actiontype>
- <actionbody>
- <keylabel>mango</keylabel>
- <keyusage>allusagesbutNR</keyusage>
- <keysize>512</keysize>
- <keyalgorithm>DSA</keyalgorithm>
- <keyaccesstype>Extractable</keyaccesstype>
- <keyaccesstype>Local</keyaccesstype>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
- </action>
-
- <action>
- <actionname>3, Sign</actionname>
- <actiontype>sign</actiontype>
- <actionbody>
- <keylabel>mango</keylabel>
- <open>DSA</open>
- <text>This is text of 20 .</text>
- <passphrase>redfox</passphrase>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
- </action>
- </passactions>
-
- <failactions>
- <action>
- <actionname>2, Get key info</actionname>
- <actiontype>getkeyinfo</actiontype>
- <actionbody>
- <keylabel>mango</keylabel>
- <keyusage>allusagesbutNR</keyusage>
- <keysize>512</keysize>
- <keyalgorithm>DSA</keyalgorithm>
- <keyaccesstype>Extractable</keyaccesstype>
- <keyaccesstype>Local</keyaccesstype>
- </actionbody>
- <actionresult>
- <return>KErrPermissionDenied</return>
- </actionresult>
- </action>
-
- <action>
- <actionname>3, Sign</actionname>
- <actiontype>sign</actiontype>
- <actionbody>
- <keylabel>mango</keylabel>
- <open>DSA</open>
- <text>This is text of 20 .</text>
- </actionbody>
- <actionresult>
- <return>KErrPermissionDenied</return>
- </actionresult>
- </action>
- </failactions>
-
- <postactions>
- <action>
- <actionname>4, Close key store</actionname>
- <actiontype>delete</actiontype>
- <actionbody></actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
- </action>
- </postactions>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
-</action>
-
-<action>
- <actionname>6.3.3, Test use policy enforcement for just capabilities</actionname>
- <actiontype>policytest</actiontype>
- <actionbody>
- <testexe>t_keystore.exe</testexe>
- <excludedcapabilities>
- <capability>TCB</capability>
- </excludedcapabilities>
- <policy>
- <capability>DRM</capability>
- <capability>ReadUserData</capability>
- <capability>WriteUserData</capability>
- <capability>ReadDeviceData</capability>
- <capability>WriteDeviceData</capability>
- </policy>
-
- <preactions>
- <action>
- <actionname>1, Open key store in manager mode</actionname>
- <actiontype>init</actiontype>
- <actionbody>
- <mode>manager</mode>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
- </action>
- </preactions>
-
- <passactions>
- <action>
- <actionname>2, Get key info</actionname>
- <actiontype>getkeyinfo</actiontype>
- <actionbody>
- <keylabel>tomato</keylabel>
- <keyusage>allusagesbutNR</keyusage>
- <keysize>512</keysize>
- <keyalgorithm>DH</keyalgorithm>
- <keyaccesstype>Extractable</keyaccesstype>
- <keyaccesstype>Local</keyaccesstype>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
- </action>
-
- <action>
- <actionname>2, Test derive</actionname>
- <actiontype>derive</actiontype>
- <actionbody>
- <keylabel>tomato</keylabel>
- <n>DA9A18547FF03B385CC16508C173A7EF4EB61CB40EF8FEF3B31F145051676166BCDC3FE6B799FC394D08C26385F9413F896E09117E46209D6923602683CEA100924A6EE695281775C619DAA94EA8CB3691B4275B0183F1D39639EBC92995FE645D6C1BC28D409E585549BBD2C5DCDD6C208B04EADD8B7A6D997F72CBAD88390F</n>
- <g>02</g>
- <passphrase>redfox</passphrase>
- <passphrase>redfox</passphrase>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
- </action>
- </passactions>
-
- <failactions>
- <action>
- <actionname>2, Get key info</actionname>
- <actiontype>getkeyinfo</actiontype>
- <actionbody>
- <keylabel>tomato</keylabel>
- <keyusage>allusagesbutNR</keyusage>
- <keysize>512</keysize>
- <keyalgorithm>DH</keyalgorithm>
- <keyaccesstype>Extractable</keyaccesstype>
- <keyaccesstype>Local</keyaccesstype>
- </actionbody>
- <actionresult>
- <return>KErrPermissionDenied</return>
- </actionresult>
- </action>
-
- <action>
- <actionname>2, Test derive</actionname>
- <actiontype>derive</actiontype>
- <actionbody>
- <keylabel>tomato</keylabel>
- <n>DA9A18547FF03B385CC16508C173A7EF4EB61CB40EF8FEF3B31F145051676166BCDC3FE6B799FC394D08C26385F9413F896E09117E46209D6923602683CEA100924A6EE695281775C619DAA94EA8CB3691B4275B0183F1D39639EBC92995FE645D6C1BC28D409E585549BBD2C5DCDD6C208B04EADD8B7A6D997F72CBAD88390F</n>
- <g>02</g>
- </actionbody>
- <actionresult>
- <return>KErrPermissionDenied</return>
- </actionresult>
- </action>
- </failactions>
-
- <postactions>
- <action>
- <actionname>3, Close key store</actionname>
- <actiontype>delete</actiontype>
- <actionbody></actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
- </action>
- </postactions>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
-</action>
-
-<action>
- <actionname>6.3.4, Test banana's management policy enforcement (just capabilities)</actionname>
- <actiontype>policytest</actiontype>
- <actionbody>
- <testexe>t_keystore.exe</testexe>
- <excludedcapabilities>
- <capability>TCB</capability>
- </excludedcapabilities>
- <policy>
- <capability>DRM</capability>
- <capability>ReadUserData</capability>
- <capability>WriteUserData</capability>
- </policy>
-
- <preactions>
- <action>
- <actionname>1, Open key store in manager mode</actionname>
- <actiontype>init</actiontype>
- <actionbody>
- <mode>manager</mode>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
- </action>
- </preactions>
-
- <passactions>
-
- <action>
- <actionname>1, Export</actionname>
- <actiontype>exportkey</actiontype>
- <actionbody>
- <ExportFile>exported_banana.der</ExportFile>
- <keyusage>allusagesbutNR</keyusage>
- <keylabel>banana</keylabel>
- <keyalgorithm>RSA</keyalgorithm>
- <encrypted>0</encrypted>
- <passphrase>redfox</passphrase>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
- </action>
-
- <action>
- <actionname>2, Export encrypted</actionname>
- <actiontype>exportkey</actiontype>
- <actionbody>
- <ExportFile>exported_encrypted_banana.der</ExportFile>
- <keyusage>allusagesbutNR</keyusage>
- <keylabel>banana</keylabel>
- <keyalgorithm>RSA</keyalgorithm>
- <encrypted>1</encrypted>
- <passphrase>redfox</passphrase>
- <passphrase>export clanger</passphrase>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
- </action>
-
- <action>
- <actionname>3, Check use policy</actionname>
- <actiontype>getusepolicy</actiontype>
- <actionbody>
- <keylabel>banana</keylabel>
- </actionbody>
- <actionresult>
- <policy>
- <secureid>0x101FFFFF</secureid>
- <capability>DRM</capability>
- <capability>ReadUserData</capability>
- </policy>
- <return>KErrNone</return>
- </actionresult>
- </action>
-
- <action>
- <actionname>4, Set use policy</actionname>
- <actiontype>setusepolicy</actiontype>
- <actionbody>
- <keylabel>banana</keylabel>
- <policy>
- <capability>ReadUserData</capability>
- <capability>WriteUserData</capability>
- </policy>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
- </action>
-
- <action>
- <actionname>5, Check use policy</actionname>
- <actiontype>getusepolicy</actiontype>
- <actionbody>
- <keylabel>banana</keylabel>
- </actionbody>
- <actionresult>
- <policy>
- <capability>ReadUserData</capability>
- <capability>WriteUserData</capability>
- </policy>
- <return>KErrNone</return>
- </actionresult>
- </action>
-
- <action>
- <actionname>6, Check management policy</actionname>
- <actiontype>getmanagementpolicy</actiontype>
- <actionbody>
- <keylabel>banana</keylabel>
- </actionbody>
- <actionresult>
- <policy>
- <capability>DRM</capability>
- <capability>ReadUserData</capability>
- <capability>WriteUserData</capability>
- </policy>
- <return>KErrNone</return>
- </actionresult>
- </action>
-
- <action>
- <actionname>7, Set management policy</actionname>
- <actiontype>setmanagementpolicy</actiontype>
- <actionbody>
- <keylabel>banana</keylabel>
- <policy>
- <capability>ReadUserData</capability>
- <capability>WriteUserData</capability>
- </policy>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
- </action>
-
- <action>
- <actionname>8, Check management policy</actionname>
- <actiontype>getmanagementpolicy</actiontype>
- <actionbody>
- <keylabel>banana</keylabel>
- </actionbody>
- <actionresult>
- <policy>
- <capability>ReadUserData</capability>
- <capability>WriteUserData</capability>
- </policy>
- <return>KErrNone</return>
- </actionresult>
- </action>
-
- <action>
- <actionname>9, Delete key</actionname>
- <actiontype>deletekeys</actiontype>
- <actionbody>
- <keylabel>banana</keylabel>
- <deletecount>1</deletecount>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
- </action>
-
- </passactions>
-
- <failactions>
-
- <action>
- <actionname>1, Export</actionname>
- <actiontype>exportkey</actiontype>
- <actionbody>
- <ExportFile>exported_banana.der</ExportFile>
- <keyusage>allusagesbutNR</keyusage>
- <keylabel>banana</keylabel>
- <keyalgorithm>RSA</keyalgorithm>
- <encrypted>0</encrypted>
- </actionbody>
- <actionresult>
- <return>KErrPermissionDenied</return>
- </actionresult>
- </action>
-
- <action>
- <actionname>2, Export encrypted</actionname>
- <actiontype>exportkey</actiontype>
- <actionbody>
- <ExportFile>exported_encrypted_banana.der</ExportFile>
- <keyusage>allusagesbutNR</keyusage>
- <keylabel>banana</keylabel>
- <keyalgorithm>RSA</keyalgorithm>
- <encrypted>1</encrypted>
- </actionbody>
- <actionresult>
- <return>KErrPermissionDenied</return>
- </actionresult>
- </action>
-
- <action>
- <actionname>3, Set use policy</actionname>
- <actiontype>setusepolicy</actiontype>
- <actionbody>
- <keylabel>banana</keylabel>
- <policy>
- <capability>ReadUserData</capability>
- <capability>WriteUserData</capability>
- </policy>
- </actionbody>
- <actionresult>
- <return>KErrPermissionDenied</return>
- </actionresult>
- </action>
-
- <action>
- <actionname>5, Set management policy</actionname>
- <actiontype>setmanagementpolicy</actiontype>
- <actionbody>
- <keylabel>banana</keylabel>
- <policy>
- <capability>ReadUserData</capability>
- <capability>WriteUserData</capability>
- </policy>
- </actionbody>
- <actionresult>
- <return>KErrPermissionDenied</return>
- </actionresult>
- </action>
-
- <action>
- <actionname>7, Delete key</actionname>
- <actiontype>deletekeys</actiontype>
- <actionbody>
- <keylabel>banana</keylabel>
- </actionbody>
- <actionresult>
- <return>KErrPermissionDenied</return>
- </actionresult>
- </action>
-
- </failactions>
-
- <postactions>
- <action>
- <actionname>4, Close key store</actionname>
- <actiontype>delete</actiontype>
- <actionbody></actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
- </action>
- </postactions>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
-</action>
-
-<action>
- <actionname>6.3.5, Test mango's management policy enforcement (SID and capabilities)</actionname>
- <actiontype>policytest</actiontype>
- <actionbody>
- <testexe>t_keystore.exe</testexe>
- <excludedcapabilities>
- <capability>TCB</capability>
- </excludedcapabilities>
- <policy>
- <secureid>0x101F7E95</secureid>
- <capability>ReadUserData</capability>
- <capability>DRM</capability>
- <capability>ReadDeviceData</capability>
- </policy>
-
- <preactions>
- <action>
- <actionname>1, Open key store in manager mode</actionname>
- <actiontype>init</actiontype>
- <actionbody>
- <mode>manager</mode>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
- </action>
- </preactions>
-
- <passactions>
-
- <action>
- <actionname>2, Export</actionname>
- <actiontype>exportkey</actiontype>
- <actionbody>
- <ExportFile>exported_mango.der</ExportFile>
- <keyusage>DSAUsage</keyusage>
- <keylabel>mango</keylabel>
- <keyalgorithm>DSA</keyalgorithm>
- <encrypted>0</encrypted>
- <passphrase>redfox</passphrase>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
- </action>
-
- <action>
- <actionname>3, Export encrypted</actionname>
- <actiontype>exportkey</actiontype>
- <actionbody>
- <ExportFile>exported_encrypted_mango.der</ExportFile>
- <keyusage>DSAUsage</keyusage>
- <keylabel>mango</keylabel>
- <keyalgorithm>DSA</keyalgorithm>
- <encrypted>1</encrypted>
- <passphrase>redfox</passphrase>
- <passphrase>export clanger</passphrase>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
- </action>
-
- <action>
- <actionname>4, Check use policy</actionname>
- <actiontype>getusepolicy</actiontype>
- <actionbody>
- <keylabel>mango</keylabel>
- </actionbody>
- <actionresult>
- <policy>
- <vendorid>0x70000007</vendorid>
- <capability>DRM</capability>
- <capability>ReadUserData</capability>
- </policy>
- <return>KErrNone</return>
- </actionresult>
- </action>
-
- <action>
- <actionname>5, Set use policy</actionname>
- <actiontype>setusepolicy</actiontype>
- <actionbody>
- <keylabel>mango</keylabel>
- <policy>
- <capability>ReadUserData</capability>
- <capability>WriteUserData</capability>
- </policy>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
- </action>
-
- <action>
- <actionname>6, Check use policy</actionname>
- <actiontype>getusepolicy</actiontype>
- <actionbody>
- <keylabel>mango</keylabel>
- </actionbody>
- <actionresult>
- <policy>
- <capability>ReadUserData</capability>
- <capability>WriteUserData</capability>
- </policy>
- <return>KErrNone</return>
- </actionresult>
- </action>
-
- <action>
- <actionname>7, Check management policy</actionname>
- <actiontype>getmanagementpolicy</actiontype>
- <actionbody>
- <keylabel>mango</keylabel>
- </actionbody>
- <actionresult>
- <policy>
- <secureid>0x101F7E95</secureid>
- <capability>ReadUserData</capability>
- <capability>DRM</capability>
- <capability>ReadDeviceData</capability>
- </policy>
- <return>KErrNone</return>
- </actionresult>
- </action>
-
- <action>
- <actionname>8, Set management policy</actionname>
- <actiontype>setmanagementpolicy</actiontype>
- <actionbody>
- <keylabel>mango</keylabel>
- <policy>
- <capability>DRM</capability>
- <capability>ReadDeviceData</capability>
- </policy>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
- </action>
-
- <action>
- <actionname>9, Check management policy</actionname>
- <actiontype>getmanagementpolicy</actiontype>
- <actionbody>
- <keylabel>mango</keylabel>
- </actionbody>
- <actionresult>
- <policy>
- <capability>DRM</capability>
- <capability>ReadDeviceData</capability>
- </policy>
- <return>KErrNone</return>
- </actionresult>
- </action>
-
- <action>
- <actionname>10, Delete key</actionname>
- <actiontype>deletekeys</actiontype>
- <actionbody>
- <keylabel>mango</keylabel>
- <deletecount>1</deletecount>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
- </action>
-
- </passactions>
-
- <failactions>
-
- <action>
- <actionname>2, Export</actionname>
- <actiontype>exportkey</actiontype>
- <actionbody>
- <ExportFile>exported_mango.der</ExportFile>
- <keyusage>DSAUsage</keyusage>
- <keylabel>mango</keylabel>
- <keyalgorithm>DSA</keyalgorithm>
- <encrypted>0</encrypted>
- </actionbody>
- <actionresult>
- <return>KErrPermissionDenied</return>
- </actionresult>
- </action>
-
- <action>
- <actionname>3, Export encrypted</actionname>
- <actiontype>exportkey</actiontype>
- <actionbody>
- <ExportFile>exported_encrypted_mango.der</ExportFile>
- <keyusage>DSAUsage</keyusage>
- <keylabel>mango</keylabel>
- <keyalgorithm>DSA</keyalgorithm>
- <encrypted>1</encrypted>
- </actionbody>
- <actionresult>
- <return>KErrPermissionDenied</return>
- </actionresult>
- </action>
-
- <action>
- <actionname>4, Set use policy</actionname>
- <actiontype>setusepolicy</actiontype>
- <actionbody>
- <keylabel>mango</keylabel>
- <policy>
- <capability>ReadUserData</capability>
- <capability>WriteUserData</capability>
- </policy>
- </actionbody>
- <actionresult>
- <return>KErrPermissionDenied</return>
- </actionresult>
- </action>
-
- <action>
- <actionname>5, Set management policy</actionname>
- <actiontype>setmanagementpolicy</actiontype>
- <actionbody>
- <keylabel>mango</keylabel>
- <policy>
- <capability>DRM</capability>
- <capability>ReadDeviceData</capability>
- </policy>
- </actionbody>
- <actionresult>
- <return>KErrPermissionDenied</return>
- </actionresult>
- </action>
-
- <action>
- <actionname>6, Delete key</actionname>
- <actiontype>deletekeys</actiontype>
- <actionbody>
- <keylabel>mango</keylabel>
- </actionbody>
- <actionresult>
- <return>KErrPermissionDenied</return>
- </actionresult>
- </action>
-
- </failactions>
-
- <postactions>
- <action>
- <actionname>11, Close key store</actionname>
- <actiontype>delete</actiontype>
- <actionbody></actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
- </action>
- </postactions>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
-</action>
-
-<action>
- <actionname>6.3.6, Test tomato's management policy enforcement (VID and capabilities)</actionname>
- <actiontype>policytest</actiontype>
- <actionbody>
- <testexe>t_keystore.exe</testexe>
- <excludedcapabilities>
- <capability>TCB</capability>
- </excludedcapabilities>
- <policy>
- <vendorid>0x70000001</vendorid>
- <capability>ReadUserData</capability>
- <capability>DRM</capability>
- <capability>WriteDeviceData</capability>
- </policy>
-
- <preactions>
- <action>
- <actionname>1, Open key store in manager mode</actionname>
- <actiontype>init</actiontype>
- <actionbody>
- <mode>manager</mode>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
- </action>
- </preactions>
-
- <passactions>
-
- <action>
- <actionname>2, Check use policy</actionname>
- <actiontype>getusepolicy</actiontype>
- <actionbody>
- <keylabel>tomato</keylabel>
- </actionbody>
- <actionresult>
- <policy>
- <capability>DRM</capability>
- <capability>ReadUserData</capability>
- <capability>WriteUserData</capability>
- <capability>ReadDeviceData</capability>
- <capability>WriteDeviceData</capability>
- </policy>
- <return>KErrNone</return>
- </actionresult>
- </action>
-
- <action>
- <actionname>3, Set use policy</actionname>
- <actiontype>setusepolicy</actiontype>
- <actionbody>
- <keylabel>tomato</keylabel>
- <policy>
- <capability>ReadUserData</capability>
- <capability>WriteUserData</capability>
- </policy>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
- </action>
-
- <action>
- <actionname>4, Check use policy</actionname>
- <actiontype>getusepolicy</actiontype>
- <actionbody>
- <keylabel>tomato</keylabel>
- </actionbody>
- <actionresult>
- <policy>
- <capability>ReadUserData</capability>
- <capability>WriteUserData</capability>
- </policy>
- <return>KErrNone</return>
- </actionresult>
- </action>
-
- <action>
- <actionname>5, Check management policy</actionname>
- <actiontype>getmanagementpolicy</actiontype>
- <actionbody>
- <keylabel>tomato</keylabel>
- </actionbody>
- <actionresult>
- <policy>
- <vendorid>0x70000001</vendorid>
- <capability>ReadUserData</capability>
- <capability>DRM</capability>
- <capability>WriteDeviceData</capability>
- </policy>
- <return>KErrNone</return>
- </actionresult>
- </action>
-
- <action>
- <actionname>6, Set management policy</actionname>
- <actiontype>setmanagementpolicy</actiontype>
- <actionbody>
- <keylabel>tomato</keylabel>
- <policy>
- <capability>DRM</capability>
- <capability>WriteDeviceData</capability>
- </policy>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
- </action>
-
- <action>
- <actionname>7, Check management policy</actionname>
- <actiontype>getmanagementpolicy</actiontype>
- <actionbody>
- <keylabel>tomato</keylabel>
- </actionbody>
- <actionresult>
- <policy>
- <capability>DRM</capability>
- <capability>WriteDeviceData</capability>
- </policy>
- <return>KErrNone</return>
- </actionresult>
- </action>
-
- <action>
- <actionname>8, Delete key</actionname>
- <actiontype>deletekeys</actiontype>
- <actionbody>
- <keylabel>tomato</keylabel>
- <deletecount>1</deletecount>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
- </action>
-
- </passactions>
-
- <failactions>
-
- <action>
- <actionname>2, Set use policy</actionname>
- <actiontype>setusepolicy</actiontype>
- <actionbody>
- <keylabel>tomato</keylabel>
- <policy>
- <capability>ReadUserData</capability>
- <capability>WriteUserData</capability>
- </policy>
- </actionbody>
- <actionresult>
- <return>KErrPermissionDenied</return>
- </actionresult>
- </action>
-
- <action>
- <actionname>3, Set management policy</actionname>
- <actiontype>setmanagementpolicy</actiontype>
- <actionbody>
- <keylabel>tomato</keylabel>
- <policy>
- <capability>DRM</capability>
- <capability>WriteDeviceData</capability>
- </policy>
- </actionbody>
- <actionresult>
- <return>KErrPermissionDenied</return>
- </actionresult>
- </action>
-
- <action>
- <actionname>4, Delete key</actionname>
- <actiontype>deletekeys</actiontype>
- <actionbody>
- <keylabel>tomato</keylabel>
- </actionbody>
- <actionresult>
- <return>KErrPermissionDenied</return>
- </actionresult>
- </action>
-
- </failactions>
-
- <postactions>
- <action>
- <actionname>9, Close key store</actionname>
- <actiontype>delete</actiontype>
- <actionbody></actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
- </action>
- </postactions>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
-</action>
-
-////////////////////////////////////////////////////////////////////////////////
-// 7. Test policing of other APIs
-////////////////////////////////////////////////////////////////////////////////
-
-// 7.1 Test set timeout is policed with WriteDeviceData capability
-
-<action>
- <actionname>7.1, Test policing of set timeout</actionname>
- <actiontype>policytest</actiontype>
- <actionbody>
- <testexe>t_keystore.exe</testexe>
- <excludedcapabilities>
- <capability>TCB</capability>
- </excludedcapabilities>
- <policy>
- <capability>WriteDeviceData</capability>
- </policy>
-
- <preactions>
- <action>
- <actionname>Open key store in manager mode</actionname>
- <actiontype>init</actiontype>
- <actionbody>
- <mode>manager</mode>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
- </action>
- </preactions>
-
- <passactions>
- <action>
- <actionname>0.7.2, Set passphrase timeout to "don't cache"</actionname>
- <actiontype>settimeout</actiontype>
- <actionbody>
- <timeout>0</timeout>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
- </action>
- </passactions>
-
- <failactions>
- <action>
- <actionname>0.7.2, Set passphrase timeout to "don't cache"</actionname>
- <actiontype>settimeout</actiontype>
- <actionbody>
- <timeout>0</timeout>
- </actionbody>
- <actionresult>
- <return>KErrPermissionDenied</return>
- </actionresult>
- </action>
- </failactions>
-
- <postactions>
- <action>
- <actionname>Close key store</actionname>
- <actiontype>delete</actiontype>
- <actionbody></actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
- </action>
- </postactions>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
-</action>
-
-<action>
- <actionname>7.2, Test policing of create and import by WriteUserData</actionname>
- <actiontype>policytest</actiontype>
- <actionbody>
- <testexe>t_keystore.exe</testexe>
- <excludedcapabilities>
- <capability>TCB</capability>
- </excludedcapabilities>
- <policy>
- <capability>WriteUserData</capability>
- </policy>
-
- <preactions>
- <action>
- <actionname>1, Open key store</actionname>
- <actiontype>init</actiontype>
- <actionbody>
- <mode>manager</mode>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
- </action>
- </preactions>
-
- <passactions>
- <action>
- <actionname>2, Create key</actionname>
- <actiontype>addkey</actiontype>
- <actionbody>
- <keyusage>allusagesbutNR</keyusage>
- <keysize>512</keysize>
- <keylabel>raspberry</keylabel>
- <keyalgorithm>RSA</keyalgorithm>
- <keyaccesstype>Extractable</keyaccesstype>
- <keystore>0</keystore>
- <passphrase>create pinkcloud</passphrase>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
- </action>
-
- <action>
- <actionname>3, Import key</actionname>
- <actiontype>importkey</actiontype>
- <actionbody>
- <ImportData>pkcs8rsa.001</ImportData>
- <keyusage>allusagesbutNR</keyusage>
- <keylabel>blueberry</keylabel>
- <keyaccesstype>Extractable</keyaccesstype>
- <passphrase>pinkcloud</passphrase>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
- </action>
- </passactions>
-
- <failactions>
- <action>
- <actionname>2, Create key</actionname>
- <actiontype>addkey</actiontype>
- <actionbody>
- <keyusage>allusagesbutNR</keyusage>
- <keysize>512</keysize>
- <keylabel>raspberry</keylabel>
- <keyalgorithm>RSA</keyalgorithm>
- <keyaccesstype>Extractable</keyaccesstype>
- <keystore>0</keystore>
- </actionbody>
- <actionresult>
- <return>KErrPermissionDenied</return>
- </actionresult>
- </action>
-
- <action>
- <actionname>3, Import key</actionname>
- <actiontype>importkey</actiontype>
- <actionbody>
- <ImportData>pkcs8rsa.001</ImportData>
- <keyusage>allusagesbutNR</keyusage>
- <keylabel>blueberry</keylabel>
- <keyaccesstype>Extractable</keyaccesstype>
- </actionbody>
- <actionresult>
- <return>KErrPermissionDenied</return>
- </actionresult>
- </action>
- </failactions>
-
- <postactions>
- <action>
- <actionname>5, Close key store</actionname>
- <actiontype>delete</actiontype>
- <actionbody></actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
- </action>
- </postactions>
-
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
-</action>
-
-<action>
- <actionname>7.3, Test policing of list by ReadUserData</actionname>
- <actiontype>policytest</actiontype>
- <actionbody>
- <testexe>t_keystore.exe</testexe>
- <excludedcapabilities>
- <capability>TCB</capability>
- </excludedcapabilities>
- <policy>
- <capability>ReadUserData</capability>
- </policy>
-
- <preactions>
- <action>
- <actionname>1, Open key store</actionname>
- <actiontype>init</actiontype>
- <actionbody>
- <mode>manager</mode>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
- </action>
- </preactions>
-
- <passactions>
- <action>
- <actionname>2, List keys</actionname>
- <actiontype>listkeys</actiontype>
- <actionbody>
- <listcount>2</listcount>
- <foundkey>raspberry</foundkey>
- <foundkey>blueberry</foundkey>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
- </action>
- </passactions>
-
- <failactions>
- <action>
- <actionname>2, List keys</actionname>
- <actiontype>listkeys</actiontype>
- <actionbody>
- </actionbody>
- <actionresult>
- <return>KErrPermissionDenied</return>
- </actionresult>
- </action>
- </failactions>
-
- <postactions>
- <action>
- <actionname>4, Close key store</actionname>
- <actiontype>delete</actiontype>
- <actionbody></actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
- </action>
- </postactions>
-
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
-</action>
-
-////////////////////////////////////////////////////////////////////////////////
-// Cleanup
-////////////////////////////////////////////////////////////////////////////////
-
-<action>
- <actionname>8.0, List keys</actionname>
- <actiontype>listkeys</actiontype>
- <actionbody>
- <listcount>2</listcount>
- <foundkey>raspberry</foundkey>
- <foundkey>blueberry</foundkey>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
-</action>
-
-<action>
- <actionname>8.1, Delete keys</actionname>
- <actiontype>deletekeys</actiontype>
- <actionbody>
- <deletecount>2</deletecount>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
-</action>
-
-<action>
- <actionname>8.2, Close key store</actionname>
- <actiontype>delete</actiontype>
- <actionbody></actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
-</action>
-
-<action>
- <actionname>8.3, Sleep 5 seconds</actionname>
- <actiontype>sleep</actiontype>
- <actionbody>
- <seconds>5</seconds>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
-</action>
-
-<action>
- <actionname>8.4, Check for server heap error</actionname>
- <actiontype>checkserverheaperror</actiontype>
- <actionbody>
- </actionbody>
- <actionresult>
- <return>KErrNone</return>
- </actionresult>
-</action>
+// Script 2: Test authentication, paspphrase caching, etc
+
+////////////////////////////////////////////////////////////////////////////////
+// 0. Initialisation
+////////////////////////////////////////////////////////////////////////////////
+
+// First we delete the keystore data file, so that we know we are setting the
+// passphrase with our first key add operation.
+// Then we set up some keys for the rest of the test script to use:
+//
+// Key: Type:
+// banana RSA
+// mango DSA
+// tomato DH
+
+
+// test passphrase timeout affects all keys, and all processes
+
+<action>
+ <actionname>0.1, Delete keystore data file</actionname>
+ <actiontype>deletekeystoredata</actiontype>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+</action>
+
+<action>
+ <actionname>0.2, Opening key store in manager mode</actionname>
+ <actiontype>init</actiontype>
+ <actionbody>
+ <mode>manager</mode>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+</action>
+
+<action>
+ <actionname>0.3 Delete everything</actionname>
+ <actiontype>deletekeys</actiontype>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+</action>
+
+////////////////////////////////////////////////////////////////////////////////
+// 1. Test passphrase caching
+////////////////////////////////////////////////////////////////////////////////
+
+// 1.1 Test adding a key leaves it open and with default timeout of 30 seconds
+
+<action>
+ <actionname>1.1.1, Add key banana</actionname>
+ <actiontype>addkey</actiontype>
+ <actionbody>
+ <keyusage>allusagesbutNR</keyusage>
+ <keysize>512</keysize>
+ <keylabel>banana</keylabel>
+ <keyalgorithm>RSA</keyalgorithm>
+ <keyaccesstype>Extractable</keyaccesstype>
+ <passphrase>create flyingelephant</passphrase>
+ </actionbody>
+ <actionresult> <return>KErrNone</return> </actionresult>
+</action>
+
+<action>
+ <actionname>1.1.2, Get timeout, expect default of 30 seconds</actionname>
+ <actiontype>gettimeout</actiontype>
+ <actionbody>
+ <keylabel>banana</keylabel>
+ <timeout>30</timeout>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+</action>
+
+<action>
+ <actionname>1.1.3, Get time remaining, expect 30 seconds</actionname>
+ <actiontype>timeremaining</actiontype>
+ <actionbody>
+ <keylabel>banana</keylabel>
+ <timeout>30</timeout>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+</action>
+
+<action>
+ <actionname>1.1.4, Sign, don't expect passphrase prompt</actionname>
+ <actiontype>sign</actiontype>
+ <actionbody>
+ <keylabel>banana</keylabel>
+ <open>RSA</open>
+ <text>This is text of 20 .</text>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+</action>
+
+<action>
+ <actionname>1.1.5, Add key mango</actionname>
+ <actiontype>addkey</actiontype>
+ <actionbody>
+ <keyusage>DSAUsage</keyusage>
+ <keysize>512</keysize>
+ <keylabel>mango</keylabel>
+ <keyalgorithm>DSA</keyalgorithm>
+ <keyaccesstype>Extractable</keyaccesstype>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+</action>
+
+<action>
+ <actionname>1.1.6, Add key tomato</actionname>
+ <actiontype>addkey</actiontype>
+ <actionbody>
+ <keyusage>Derive</keyusage>
+ <keysize>512</keysize>
+ <keylabel>tomato</keylabel>
+ <keyalgorithm>DH</keyalgorithm>
+ <keyaccesstype>Extractable</keyaccesstype>
+ </actionbody>
+ <actionresult> <return>KErrNone</return> </actionresult>
+</action>
+
+<action>
+ <actionname>1.1.7, Check everything added ok</actionname>
+ <actiontype>listkeys</actiontype>
+ <actionbody>
+ <listcount>3</listcount>
+ <foundkey>banana</foundkey>
+ <foundkey>mango</foundkey>
+ <foundkey>tomato</foundkey>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+</action>
+
+<action>
+ <actionname>1.1.8, Set passphrase timeout to "don't cache"</actionname>
+ <actiontype>settimeout</actiontype>
+ <actionbody>
+ <keylabel>banana</keylabel>
+ <timeout>0</timeout>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+</action>
+
+// 1.2 Test getting and setting the timeout works
+
+// 1.2.1 Test setting timeout via keystore
+
+<action>
+ <actionname>1.2.1.1, Set passphrase timeout to 5 seconds via keystore</actionname>
+ <actiontype>settimeout</actiontype>
+ <actionbody>
+ <timeout>5</timeout>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+</action>
+
+<action>
+ <actionname>1.2.1.2, Get timeout on banana, expect 5 seconds</actionname>
+ <actiontype>gettimeout</actiontype>
+ <actionbody>
+ <keylabel>banana</keylabel>
+ <timeout>5</timeout>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+</action>
+
+<action>
+ <actionname>1.2.1.3, Get timeout on mango, expect 5 seconds</actionname>
+ <actiontype>gettimeout</actiontype>
+ <actionbody>
+ <keylabel>mango</keylabel>
+ <timeout>5</timeout>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+</action>
+
+<action>
+ <actionname>1.2.1.4, Get timeout on tomato, expect 5 seconds</actionname>
+ <actiontype>gettimeout</actiontype>
+ <actionbody>
+ <keylabel>tomato</keylabel>
+ <timeout>5</timeout>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+</action>
+
+// 1.2.2 Test setting timeout via auth object
+
+<action>
+ <actionname>1.2.2.1, Set passphrase timeout to 10 seconds via auth object</actionname>
+ <actiontype>authsettimeout</actiontype>
+ <actionbody>
+ <keylabel>banana</keylabel>
+ <timeout>10</timeout>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+</action>
+
+<action>
+ <actionname>1.2.2.3, Get timeout on banana, expect 10 seconds</actionname>
+ <actiontype>gettimeout</actiontype>
+ <actionbody>
+ <keylabel>banana</keylabel>
+ <timeout>10</timeout>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+</action>
+
+<action>
+ <actionname>1.2.2.4, Get timeout on mango, expect 10 seconds</actionname>
+ <actiontype>gettimeout</actiontype>
+ <actionbody>
+ <keylabel>mango</keylabel>
+ <timeout>10</timeout>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+</action>
+
+<action>
+ <actionname>1.2.1.5, Get timeout on tomato, expect 10 seconds</actionname>
+ <actiontype>gettimeout</actiontype>
+ <actionbody>
+ <keylabel>tomato</keylabel>
+ <timeout>10</timeout>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+</action>
+
+// 1.3 Test cached passphrases expire and that we can get the time remaining
+
+<action>
+ <actionname>1.3.1, Get time remaining, expect 0 cos no passphrase cached</actionname>
+ <actiontype>timeremaining</actiontype>
+ <actionbody>
+ <keylabel>banana</keylabel>
+ <timeout>0</timeout>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+</action>
+
+<action>
+ <actionname>1.3.2, Sign, expect passphrase prompt</actionname>
+ <actiontype>sign</actiontype>
+ <actionbody>
+ <keylabel>banana</keylabel>
+ <open>RSA</open>
+ <text>This is text of 20 .</text>
+ <passphrase>flyingelephant</passphrase>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+</action>
+
+<action>
+ <actionname>1.3.3, Get time remaining</actionname>
+ <actiontype>timeremaining</actiontype>
+ <actionbody>
+ <keylabel>banana</keylabel>
+ <timeout>10</timeout>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+</action>
+
+<action>
+ <actionname>1.3.4, Wait 5 seconds</actionname>
+ <actiontype>sleep</actiontype>
+ <actionbody>
+ <seconds>5</seconds>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+</action>
+
+<action>
+ <actionname>1.3.5, Get time remaining, expect 5 seconds</actionname>
+ <actiontype>timeremaining</actiontype>
+ <actionbody>
+ <keylabel>banana</keylabel>
+ <timeout>5</timeout>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+</action>
+
+<action>
+ <actionname>1.3.6, Sign, don't expect passphrase prompt</actionname>
+ <actiontype>sign</actiontype>
+ <actionbody>
+ <keylabel>banana</keylabel>
+ <open>RSA</open>
+ <text>This is text of 20 .</text>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+</action>
+
+<action>
+ <actionname>1.3.7, Wait another 5 seconds</actionname>
+ <actiontype>sleep</actiontype>
+ <actionbody>
+ <seconds>5</seconds>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+</action>
+
+<action>
+ <actionname>1.3.8, Get time remaining, expect 0 again</actionname>
+ <actiontype>timeremaining</actiontype>
+ <actionbody>
+ <keylabel>banana</keylabel>
+ <timeout>0</timeout>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+</action>
+
+<action>
+ <actionname>1.3.9, Sign, expect passphrase prompt</actionname>
+ <actiontype>sign</actiontype>
+ <actionbody>
+ <keylabel>banana</keylabel>
+ <open>RSA</open>
+ <text>This is text of 20 .</text>
+ <passphrase>flyingelephant</passphrase>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+</action>
+
+// 1.4 Test auth object open and close
+
+<action>
+ <actionname>1.4.1.1, Close object</actionname>
+ <actiontype>authclose</actiontype>
+ <actionbody>
+ <keylabel>banana</keylabel>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+</action>
+
+<action>
+ <actionname>1.4.1.2, Sign, expect passphrase prompt</actionname>
+ <actiontype>sign</actiontype>
+ <actionbody>
+ <keylabel>banana</keylabel>
+ <open>RSA</open>
+ <text>This is text of 20 .</text>
+ <passphrase>flyingelephant</passphrase>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+</action>
+
+<action>
+ <actionname>1.4.1.3, Sign again, don't expect passphrase prompt</actionname>
+ <actiontype>sign</actiontype>
+ <actionbody>
+ <keylabel>banana</keylabel>
+ <open>RSA</open>
+ <text>This is text of 20 .</text>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+</action>
+
+<action>
+ <actionname>1.4.1.4, Close object</actionname>
+ <actiontype>authclose</actiontype>
+ <actionbody>
+ <keylabel>banana</keylabel>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+</action>
+
+<action>
+ <actionname>1.4.1.5, Open banana</actionname>
+ <actiontype>authopen</actiontype>
+ <actionbody>
+ <keylabel>banana</keylabel>
+ <passphrase>flyingelephant</passphrase>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+</action>
+
+<action>
+ <actionname>1.4.1.6, Sign again, don't expect passphrase prompt</actionname>
+ <actiontype>sign</actiontype>
+ <actionbody>
+ <keylabel>banana</keylabel>
+ <open>RSA</open>
+ <text>This is text of 20 .</text>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+</action>
+
+// 1.4.2 Test that opening/closing a key opens/closes keys all keys we can use
+
+<action>
+ <actionname>1.4.2.1, Open mango, don't expect passphrase prompt</actionname>
+ <actiontype>authopen</actiontype>
+ <actionbody>
+ <keylabel>mango</keylabel>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+</action>
+
+<action>
+ <actionname>1.4.2.2, Close object</actionname>
+ <actiontype>authclose</actiontype>
+ <actionbody>
+ <keylabel>banana</keylabel>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+</action>
+
+<action>
+ <actionname>1.4.2.3, Open mango, expect passphrase prompt</actionname>
+ <actiontype>authopen</actiontype>
+ <actionbody>
+ <keylabel>mango</keylabel>
+ <passphrase>flyingelephant</passphrase>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+</action>
+
+<action>
+ <actionname>1.4.2.4, Close object again</actionname>
+ <actiontype>authclose</actiontype>
+ <actionbody>
+ <keylabel>banana</keylabel>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+</action>
+
+// 1.4.3 Test that the user gets three attempts to enter the passphrase
+
+<action>
+ <actionname>1.4.3.1, Open banana with wrong passphrase, test that we get only three attempts</actionname>
+ <actiontype>authopen</actiontype>
+ <actionbody>
+ <keylabel>banana</keylabel>
+ <passphrase>wrong</passphrase>
+ <passphrase>wrong</passphrase>
+ <passphrase>wrong</passphrase>
+ </actionbody>
+ <actionresult>
+ <return>KErrBadPassphrase</return>
+ </actionresult>
+</action>
+
+<action>
+ <actionname>1.4.3.2, Open banana, get passphrase right on second attempt</actionname>
+ <actiontype>authopen</actiontype>
+ <actionbody>
+ <keylabel>banana</keylabel>
+ <passphrase>wrong</passphrase>
+ <passphrase>flyingelephant</passphrase>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+</action>
+
+<action>
+ <actionname>1.4.3.3, Close banana</actionname>
+ <actiontype>authclose</actiontype>
+ <actionbody>
+ <keylabel>banana</keylabel>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+</action>
+
+<action>
+ <actionname>1.4.3.4, Open banana, get passphrase right on last attempt</actionname>
+ <actiontype>authopen</actiontype>
+ <actionbody>
+ <keylabel>banana</keylabel>
+ <passphrase>wrong</passphrase>
+ <passphrase>wrong</passphrase>
+ <passphrase>flyingelephant</passphrase>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+</action>
+
+////////////////////////////////////////////////////////////////////////////////
+// 2. Test list protected objects
+////////////////////////////////////////////////////////////////////////////////
+
+<action>
+ <actionname>2.1, List protected objects for banana</actionname>
+ <actiontype>listprotectedobjects</actiontype>
+ <actionbody>
+ <keylabel>banana</keylabel>
+ <foundkey>banana</foundkey>
+ <foundkey>mango</foundkey>
+ <foundkey>tomato</foundkey>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+</action>
+
+<action>
+ <actionname>2.2, List protected objects for mango</actionname>
+ <actiontype>listprotectedobjects</actiontype>
+ <actionbody>
+ <keylabel>mango</keylabel>
+ <foundkey>banana</foundkey>
+ <foundkey>mango</foundkey>
+ <foundkey>tomato</foundkey>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+</action>
+
+<action>
+ <actionname>2.3, List protected objects for tomato</actionname>
+ <actiontype>listprotectedobjects</actiontype>
+ <actionbody>
+ <keylabel>tomato</keylabel>
+ <foundkey>banana</foundkey>
+ <foundkey>mango</foundkey>
+ <foundkey>tomato</foundkey>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+</action>
+
+////////////////////////////////////////////////////////////////////////////////
+// 3. Test changing the passphrase
+////////////////////////////////////////////////////////////////////////////////
+
+<action>
+ <actionname>3.1, Set passphrase timeout to 30 seconds</actionname>
+ <actiontype>settimeout</actiontype>
+ <actionbody>
+ <keylabel>banana</keylabel>
+ <timeout>30</timeout>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+</action>
+
+<action>
+ <actionname>3.2, Sign with banana, cache passphrase</actionname>
+ <actiontype>sign</actiontype>
+ <actionbody>
+ <keylabel>banana</keylabel>
+ <open>RSA</open>
+ <text>This is text of 20 .</text>
+ <passphrase>flyingelephant</passphrase>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+</action>
+
+<action>
+ <actionname>3.3.1, Attempt to change the passphrase, but supply wrong current passphrase</actionname>
+ <actiontype>changepassphrase</actiontype>
+ <actionbody>
+ <keylabel>banana</keylabel>
+ <passphrase>change wrong1 redfox</passphrase>
+ <passphrase>change wrong2 redfox</passphrase>
+ <passphrase>change wrong3 redfox</passphrase>
+ </actionbody>
+ <actionresult>
+ <return>KErrBadPassphrase</return>
+ </actionresult>
+</action>
+
+<action>
+ <actionname>3.3.2, Sign with the key, expect passphrase still cached</actionname>
+ <actiontype>sign</actiontype>
+ <actionbody>
+ <keylabel>banana</keylabel>
+ <open>RSA</open>
+ <text>This is text of 20 .</text>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+</action>
+
+<action>
+ <actionname>3.4, Change the passphrase</actionname>
+ <actiontype>changepassphrase</actiontype>
+ <actionbody>
+ <keylabel>banana</keylabel>
+ <passphrase>change flyingelephant redfox</passphrase>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+</action>
+
+<action>
+ <actionname>3.5, Sign but supply the old passphrase, expect failure</actionname>
+ <actiontype>sign</actiontype>
+ <actionbody>
+ <keylabel>banana</keylabel>
+ <open>RSA</open>
+ <text>This is text of 20 .</text>
+ <passphrase>flyingelephant</passphrase>
+ <passphrase>flyingelephant</passphrase>
+ <passphrase>flyingelephant</passphrase>
+ </actionbody>
+ <actionresult>
+ <return>KErrBadPassphrase</return>
+ </actionresult>
+</action>
+
+<action>
+ <actionname>3.6, Sign with correct passphrase</actionname>
+ <actiontype>sign</actiontype>
+ <actionbody>
+ <keylabel>banana</keylabel>
+ <open>RSA</open>
+ <text>This is text of 20 .</text>
+ <passphrase>redfox</passphrase>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+</action>
+
+<action>
+ <actionname>3.7, Set passphrase timeout back to "don't cache"</actionname>
+ <actiontype>settimeout</actiontype>
+ <actionbody>
+ <keylabel>banana</keylabel>
+ <timeout>0</timeout>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+</action>
+
+////////////////////////////////////////////////////////////////////////////////
+// 4. Test unblocking the passphrase
+////////////////////////////////////////////////////////////////////////////////
+
+
+
+////////////////////////////////////////////////////////////////////////////////
+// 5. Test relocking the store
+////////////////////////////////////////////////////////////////////////////////
+
+<action>
+ <actionname>5.1.1, Opening second unified key store</actionname>
+ <actiontype>init</actiontype>
+ <actionbody>
+ <mode>manager</mode>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+</action>
+
+<action>
+ <actionname>5.1.2, Set passphrase timeout to 30 seconds</actionname>
+ <actiontype>settimeout</actiontype>
+ <actionbody>
+ <keylabel>banana</keylabel>
+ <timeout>30</timeout>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+</action>
+
+<action>
+ <actionname>5.2, Sign, expect passphrase prompt</actionname>
+ <actiontype>sign</actiontype>
+ <actionbody>
+ <keylabel>banana</keylabel>
+ <open>RSA</open>
+ <text>This is text of 20 .</text>
+ <passphrase>redfox</passphrase>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+</action>
+
+<action>
+ <actionname>5.3, Close object via 2nd key store</actionname>
+ <actiontype>authclose</actiontype>
+ <actionbody>
+ <keylabel>banana</keylabel>
+ <keystore>1</keystore>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+</action>
+
+<action>
+ <actionname>5.4, Sign, don't expect passphrase prompt</actionname>
+ <actiontype>sign</actiontype>
+ <actionbody>
+ <keylabel>banana</keylabel>
+ <open>RSA</open>
+ <text>This is text of 20 .</text>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+</action>
+
+<action>
+ <actionname>5.5, Relock store via 2nd key store</actionname>
+ <actiontype>relockstore</actiontype>
+ <actionbody>
+ <keystore>1</keystore>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+</action>
+
+<action>
+ <actionname>5.6, Sign, expect passphrase prompt</actionname>
+ <actiontype>sign</actiontype>
+ <actionbody>
+ <keylabel>banana</keylabel>
+ <open>RSA</open>
+ <text>This is text of 20 .</text>
+ <passphrase>redfox</passphrase>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+</action>
+
+<action>
+ <actionname>5.7.1, Close key store 2</actionname>
+ <actiontype>delete</actiontype>
+ <actionbody></actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+</action>
+
+<action>
+ <actionname>5.7.2, Set passphrase timeout back to "don't cache"</actionname>
+ <actiontype>settimeout</actiontype>
+ <actionbody>
+ <keylabel>banana</keylabel>
+ <timeout>0</timeout>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+</action>
+
+
+////////////////////////////////////////////////////////////////////////////////
+// 6. Test security policies
+////////////////////////////////////////////////////////////////////////////////
+
+// 6.1 Test default policy is to police based on SID of the creator
+
+<action>
+ <actionname>6.1.1, Get default use policy</actionname>
+ <actiontype>getusepolicy</actiontype>
+ <actionbody>
+ <keylabel>banana</keylabel>
+ </actionbody>
+ <actionresult>
+ <policy>
+ <secureid>0x101F7E95</secureid>
+ </policy>
+ <return>KErrNone</return>
+ </actionresult>
+</action>
+
+<action>
+ <actionname>6.1.2, Get default management policy</actionname>
+ <actiontype>getmanagementpolicy</actiontype>
+ <actionbody>
+ <keylabel>banana</keylabel>
+ </actionbody>
+ <actionresult>
+ <policy>
+ <secureid>0x101F7E95</secureid>
+ </policy>
+ <return>KErrNone</return>
+ </actionresult>
+</action>
+
+// 6.2 Test setting policies for the keys
+
+<action>
+ <actionname>6.2.1, Set banana's use policy based on SID and capabilities</actionname>
+ <actiontype>setusepolicy</actiontype>
+ <actionbody>
+ <keylabel>banana</keylabel>
+ <policy>
+ <secureid>0x101FFFFF</secureid>
+ <capability>DRM</capability>
+ <capability>ReadUserData</capability>
+ </policy>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+</action>
+
+<action>
+ <actionname>6.2.2, Check banana's use policy set correctly</actionname>
+ <actiontype>getusepolicy</actiontype>
+ <actionbody>
+ <keylabel>banana</keylabel>
+ </actionbody>
+ <actionresult>
+ <policy>
+ <secureid>0x101FFFFF</secureid>
+ <capability>DRM</capability>
+ <capability>ReadUserData</capability>
+ </policy>
+ <return>KErrNone</return>
+ </actionresult>
+</action>
+
+<action>
+ <actionname>6.2.3, Set mango's use policy based on VID and capabilities</actionname>
+ <actiontype>setusepolicy</actiontype>
+ <actionbody>
+ <keylabel>mango</keylabel>
+ <policy>
+ <vendorid>0x70000007</vendorid>
+ <capability>DRM</capability>
+ <capability>ReadUserData</capability>
+ </policy>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+</action>
+
+<action>
+ <actionname>6.2.4, Check mango's use policy set correctly</actionname>
+ <actiontype>getusepolicy</actiontype>
+ <actionbody>
+ <keylabel>mango</keylabel>
+ </actionbody>
+ <actionresult>
+ <policy>
+ <vendorid>0x70000007</vendorid>
+ <capability>DRM</capability>
+ <capability>ReadUserData</capability>
+ </policy>
+ <return>KErrNone</return>
+ </actionresult>
+</action>
+
+<action>
+ <actionname>6.2.5, Set tomato's use policy based on just capabilities</actionname>
+ <actiontype>setusepolicy</actiontype>
+ <actionbody>
+ <keylabel>tomato</keylabel>
+ <policy>
+ <capability>DRM</capability>
+ <capability>ReadUserData</capability>
+ <capability>WriteUserData</capability>
+ <capability>ReadDeviceData</capability>
+ <capability>WriteDeviceData</capability>
+ </policy>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+</action>
+
+<action>
+ <actionname>6.2.6, Check tomato's use policy set correctly</actionname>
+ <actiontype>getusepolicy</actiontype>
+ <actionbody>
+ <keylabel>tomato</keylabel>
+ </actionbody>
+ <actionresult>
+ <policy>
+ <capability>DRM</capability>
+ <capability>ReadUserData</capability>
+ <capability>WriteUserData</capability>
+ <capability>ReadDeviceData</capability>
+ <capability>WriteDeviceData</capability>
+ </policy>
+ <return>KErrNone</return>
+ </actionresult>
+</action>
+
+<action>
+ <actionname>6.2.7.1, Test we can't set management policy that doesn't include the calling process</actionname>
+ <actiontype>setmanagementpolicy</actiontype>
+ <actionbody>
+ <keylabel>banana</keylabel>
+ <policy>
+ <capability>DRM</capability>
+ <capability>ReadUserData</capability>
+ <capability>WriteUserData</capability>
+ <capability>NetworkControl</capability>
+ </policy>
+ </actionbody>
+ <actionresult>
+ <return>KErrArgument</return>
+ </actionresult>
+</action>
+
+<action>
+ <actionname>6.2.7.2, Test we can't set management policy that doesn't include the calling process</actionname>
+ <actiontype>setmanagementpolicy</actiontype>
+ <actionbody>
+ <keylabel>banana</keylabel>
+ <policy>
+ <secureid>0x101F7E96</secureid>
+ <capability>DRM</capability>
+ <capability>ReadUserData</capability>
+ <capability>WriteUserData</capability>
+ </policy>
+ </actionbody>
+ <actionresult>
+ <return>KErrArgument</return>
+ </actionresult>
+</action>
+
+<action>
+ <actionname>6.2.7.3, Test we can't set management policy that doesn't include the calling process</actionname>
+ <actiontype>setmanagementpolicy</actiontype>
+ <actionbody>
+ <keylabel>banana</keylabel>
+ <policy>
+ <vendorid>0x70000002</vendorid>
+ <capability>DRM</capability>
+ <capability>ReadUserData</capability>
+ <capability>WriteUserData</capability>
+ </policy>
+ </actionbody>
+ <actionresult>
+ <return>KErrArgument</return>
+ </actionresult>
+</action>
+
+<action>
+ <actionname>6.2.7.4, Set banana's management policy based on just capabilities</actionname>
+ <actiontype>setmanagementpolicy</actiontype>
+ <actionbody>
+ <keylabel>banana</keylabel>
+ <policy>
+ <capability>DRM</capability>
+ <capability>ReadUserData</capability>
+ <capability>WriteUserData</capability>
+ </policy>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+</action>
+
+<action>
+ <actionname>6.2.8, Check banana's management policy set correctly</actionname>
+ <actiontype>getmanagementpolicy</actiontype>
+ <actionbody>
+ <keylabel>banana</keylabel>
+ </actionbody>
+ <actionresult>
+ <policy>
+ <capability>DRM</capability>
+ <capability>ReadUserData</capability>
+ <capability>WriteUserData</capability>
+ </policy>
+ <return>KErrNone</return>
+ </actionresult>
+</action>
+
+<action>
+ <actionname>6.2.9, Set mango's management policy based on SID and capabilities</actionname>
+ <actiontype>setmanagementpolicy</actiontype>
+ <actionbody>
+ <keylabel>mango</keylabel>
+ <policy>
+ <secureid>0x101F7E95</secureid>
+ <capability>ReadUserData</capability>
+ <capability>DRM</capability>
+ <capability>ReadDeviceData</capability>
+ </policy>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+</action>
+
+<action>
+ <actionname>6.2.10, Check mango's management policy set correctly</actionname>
+ <actiontype>getmanagementpolicy</actiontype>
+ <actionbody>
+ <keylabel>mango</keylabel>
+ </actionbody>
+ <actionresult>
+ <policy>
+ <secureid>0x101F7E95</secureid>
+ <capability>ReadUserData</capability>
+ <capability>DRM</capability>
+ <capability>ReadDeviceData</capability>
+ </policy>
+ <return>KErrNone</return>
+ </actionresult>
+</action>
+
+<action>
+ <actionname>6.2.11, Set tomato's management policy based on VID and capabilities</actionname>
+ <actiontype>setmanagementpolicy</actiontype>
+ <actionbody>
+ <keylabel>tomato</keylabel>
+ <policy>
+ <vendorid>0x70000001</vendorid>
+ <capability>ReadUserData</capability>
+ <capability>DRM</capability>
+ <capability>WriteDeviceData</capability>
+ </policy>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+</action>
+
+<action>
+ <actionname>6.2.12, Check tomato's management policy set correctly</actionname>
+ <actiontype>getmanagementpolicy</actiontype>
+ <actionbody>
+ <keylabel>tomato</keylabel>
+ </actionbody>
+ <actionresult>
+ <policy>
+ <vendorid>0x70000001</vendorid>
+ <capability>ReadUserData</capability>
+ <capability>DRM</capability>
+ <capability>WriteDeviceData</capability>
+ </policy>
+ <return>KErrNone</return>
+ </actionresult>
+</action>
+
+// 6.3 Test enforcement of security policies
+
+<action>
+ <actionname>6.3.1, Test use policy enforcement for SID and capabilities</actionname>
+ <actiontype>policytest</actiontype>
+ <actionbody>
+ <testexe>t_keystore.exe</testexe>
+ <excludedcapabilities>
+ <capability>TCB</capability>
+ </excludedcapabilities>
+ <policy>
+ <secureid>0x101FFFFF</secureid>
+ <capability>DRM</capability>
+ <capability>ReadUserData</capability>
+ </policy>
+
+ <preactions>
+ <action>
+ <actionname>1, Open key store in manager mode</actionname>
+ <actiontype>init</actiontype>
+ <actionbody>
+ <mode>manager</mode>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+ </action>
+ </preactions>
+
+ <passactions>
+ <action>
+ <actionname>2, Get key info</actionname>
+ <actiontype>getkeyinfo</actiontype>
+ <actionbody>
+ <keylabel>banana</keylabel>
+ <keyusage>allusagesbutNR</keyusage>
+ <keysize>512</keysize>
+ <keyalgorithm>RSA</keyalgorithm>
+ <keyaccesstype>Extractable</keyaccesstype>
+ <keyaccesstype>Local</keyaccesstype>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+ </action>
+
+ <action>
+ <actionname>3, Sign</actionname>
+ <actiontype>sign</actiontype>
+ <actionbody>
+ <keylabel>banana</keylabel>
+ <open>RSA</open>
+ <text>This is text of 20 .</text>
+ <passphrase>redfox</passphrase>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+ </action>
+
+ <action>
+ <actionname>4, Decrypt</actionname>
+ <actiontype>decrypt</actiontype>
+ <actionbody>
+ <keylabel>banana</keylabel>
+ <text>Ook!</text>
+ <passphrase>redfox</passphrase>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+ </action>
+ </passactions>
+
+ <failactions>
+ <action>
+ <actionname>2, Get key info</actionname>
+ <actiontype>getkeyinfo</actiontype>
+ <actionbody>
+ <keylabel>banana</keylabel>
+ <keyusage>allusagesbutNR</keyusage>
+ <keysize>512</keysize>
+ <keyalgorithm>RSA</keyalgorithm>
+ <keyaccesstype>Extractable</keyaccesstype>
+ <keyaccesstype>Local</keyaccesstype>
+ </actionbody>
+ <actionresult>
+ <return>KErrPermissionDenied</return>
+ </actionresult>
+ </action>
+
+ <action>
+ <actionname>3, Sign</actionname>
+ <actiontype>sign</actiontype>
+ <actionbody>
+ <keylabel>banana</keylabel>
+ <open>RSA</open>
+ <text>This is text of 20 .</text>
+ </actionbody>
+ <actionresult>
+ <return>KErrPermissionDenied</return>
+ </actionresult>
+ </action>
+
+ <action>
+ <actionname>4, Decrypt</actionname>
+ <actiontype>decrypt</actiontype>
+ <actionbody>
+ <keylabel>banana</keylabel>
+ <text>Ook!</text>
+ </actionbody>
+ <actionresult>
+ <return>KErrPermissionDenied</return>
+ </actionresult>
+ </action>
+ </failactions>
+
+ <postactions>
+ <action>
+ <actionname>5, Close key store</actionname>
+ <actiontype>delete</actiontype>
+ <actionbody></actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+ </action>
+ </postactions>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+</action>
+
+<action>
+ <actionname>6.3.2, Test use policy enforcement for VID and capabilities</actionname>
+ <actiontype>policytest</actiontype>
+ <actionbody>
+ <testexe>t_keystore.exe</testexe>
+ <excludedcapabilities>
+ <capability>TCB</capability>
+ </excludedcapabilities>
+ <policy>
+ <vendorid>0x70000007</vendorid>
+ <capability>DRM</capability>
+ <capability>ReadUserData</capability>
+ </policy>
+
+ <preactions>
+ <action>
+ <actionname>1, Open key store in manager mode</actionname>
+ <actiontype>init</actiontype>
+ <actionbody>
+ <mode>manager</mode>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+ </action>
+ </preactions>
+
+ <passactions>
+ <action>
+ <actionname>2, Get key info</actionname>
+ <actiontype>getkeyinfo</actiontype>
+ <actionbody>
+ <keylabel>mango</keylabel>
+ <keyusage>allusagesbutNR</keyusage>
+ <keysize>512</keysize>
+ <keyalgorithm>DSA</keyalgorithm>
+ <keyaccesstype>Extractable</keyaccesstype>
+ <keyaccesstype>Local</keyaccesstype>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+ </action>
+
+ <action>
+ <actionname>3, Sign</actionname>
+ <actiontype>sign</actiontype>
+ <actionbody>
+ <keylabel>mango</keylabel>
+ <open>DSA</open>
+ <text>This is text of 20 .</text>
+ <passphrase>redfox</passphrase>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+ </action>
+ </passactions>
+
+ <failactions>
+ <action>
+ <actionname>2, Get key info</actionname>
+ <actiontype>getkeyinfo</actiontype>
+ <actionbody>
+ <keylabel>mango</keylabel>
+ <keyusage>allusagesbutNR</keyusage>
+ <keysize>512</keysize>
+ <keyalgorithm>DSA</keyalgorithm>
+ <keyaccesstype>Extractable</keyaccesstype>
+ <keyaccesstype>Local</keyaccesstype>
+ </actionbody>
+ <actionresult>
+ <return>KErrPermissionDenied</return>
+ </actionresult>
+ </action>
+
+ <action>
+ <actionname>3, Sign</actionname>
+ <actiontype>sign</actiontype>
+ <actionbody>
+ <keylabel>mango</keylabel>
+ <open>DSA</open>
+ <text>This is text of 20 .</text>
+ </actionbody>
+ <actionresult>
+ <return>KErrPermissionDenied</return>
+ </actionresult>
+ </action>
+ </failactions>
+
+ <postactions>
+ <action>
+ <actionname>4, Close key store</actionname>
+ <actiontype>delete</actiontype>
+ <actionbody></actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+ </action>
+ </postactions>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+</action>
+
+<action>
+ <actionname>6.3.3, Test use policy enforcement for just capabilities</actionname>
+ <actiontype>policytest</actiontype>
+ <actionbody>
+ <testexe>t_keystore.exe</testexe>
+ <excludedcapabilities>
+ <capability>TCB</capability>
+ </excludedcapabilities>
+ <policy>
+ <capability>DRM</capability>
+ <capability>ReadUserData</capability>
+ <capability>WriteUserData</capability>
+ <capability>ReadDeviceData</capability>
+ <capability>WriteDeviceData</capability>
+ </policy>
+
+ <preactions>
+ <action>
+ <actionname>1, Open key store in manager mode</actionname>
+ <actiontype>init</actiontype>
+ <actionbody>
+ <mode>manager</mode>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+ </action>
+ </preactions>
+
+ <passactions>
+ <action>
+ <actionname>2, Get key info</actionname>
+ <actiontype>getkeyinfo</actiontype>
+ <actionbody>
+ <keylabel>tomato</keylabel>
+ <keyusage>allusagesbutNR</keyusage>
+ <keysize>512</keysize>
+ <keyalgorithm>DH</keyalgorithm>
+ <keyaccesstype>Extractable</keyaccesstype>
+ <keyaccesstype>Local</keyaccesstype>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+ </action>
+
+ <action>
+ <actionname>2, Test derive</actionname>
+ <actiontype>derive</actiontype>
+ <actionbody>
+ <keylabel>tomato</keylabel>
+ <n>DA9A18547FF03B385CC16508C173A7EF4EB61CB40EF8FEF3B31F145051676166BCDC3FE6B799FC394D08C26385F9413F896E09117E46209D6923602683CEA100924A6EE695281775C619DAA94EA8CB3691B4275B0183F1D39639EBC92995FE645D6C1BC28D409E585549BBD2C5DCDD6C208B04EADD8B7A6D997F72CBAD88390F</n>
+ <g>02</g>
+ <passphrase>redfox</passphrase>
+ <passphrase>redfox</passphrase>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+ </action>
+ </passactions>
+
+ <failactions>
+ <action>
+ <actionname>2, Get key info</actionname>
+ <actiontype>getkeyinfo</actiontype>
+ <actionbody>
+ <keylabel>tomato</keylabel>
+ <keyusage>allusagesbutNR</keyusage>
+ <keysize>512</keysize>
+ <keyalgorithm>DH</keyalgorithm>
+ <keyaccesstype>Extractable</keyaccesstype>
+ <keyaccesstype>Local</keyaccesstype>
+ </actionbody>
+ <actionresult>
+ <return>KErrPermissionDenied</return>
+ </actionresult>
+ </action>
+
+ <action>
+ <actionname>2, Test derive</actionname>
+ <actiontype>derive</actiontype>
+ <actionbody>
+ <keylabel>tomato</keylabel>
+ <n>DA9A18547FF03B385CC16508C173A7EF4EB61CB40EF8FEF3B31F145051676166BCDC3FE6B799FC394D08C26385F9413F896E09117E46209D6923602683CEA100924A6EE695281775C619DAA94EA8CB3691B4275B0183F1D39639EBC92995FE645D6C1BC28D409E585549BBD2C5DCDD6C208B04EADD8B7A6D997F72CBAD88390F</n>
+ <g>02</g>
+ </actionbody>
+ <actionresult>
+ <return>KErrPermissionDenied</return>
+ </actionresult>
+ </action>
+ </failactions>
+
+ <postactions>
+ <action>
+ <actionname>3, Close key store</actionname>
+ <actiontype>delete</actiontype>
+ <actionbody></actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+ </action>
+ </postactions>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+</action>
+
+<action>
+ <actionname>6.3.4, Test banana's management policy enforcement (just capabilities)</actionname>
+ <actiontype>policytest</actiontype>
+ <actionbody>
+ <testexe>t_keystore.exe</testexe>
+ <excludedcapabilities>
+ <capability>TCB</capability>
+ </excludedcapabilities>
+ <policy>
+ <capability>DRM</capability>
+ <capability>ReadUserData</capability>
+ <capability>WriteUserData</capability>
+ </policy>
+
+ <preactions>
+ <action>
+ <actionname>1, Open key store in manager mode</actionname>
+ <actiontype>init</actiontype>
+ <actionbody>
+ <mode>manager</mode>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+ </action>
+ </preactions>
+
+ <passactions>
+
+ <action>
+ <actionname>1, Export</actionname>
+ <actiontype>exportkey</actiontype>
+ <actionbody>
+ <ExportFile>exported_banana.der</ExportFile>
+ <keyusage>allusagesbutNR</keyusage>
+ <keylabel>banana</keylabel>
+ <keyalgorithm>RSA</keyalgorithm>
+ <encrypted>0</encrypted>
+ <passphrase>redfox</passphrase>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+ </action>
+
+ <action>
+ <actionname>2, Export encrypted</actionname>
+ <actiontype>exportkey</actiontype>
+ <actionbody>
+ <ExportFile>exported_encrypted_banana.der</ExportFile>
+ <keyusage>allusagesbutNR</keyusage>
+ <keylabel>banana</keylabel>
+ <keyalgorithm>RSA</keyalgorithm>
+ <encrypted>1</encrypted>
+ <passphrase>redfox</passphrase>
+ <passphrase>export clanger</passphrase>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+ </action>
+
+ <action>
+ <actionname>3, Check use policy</actionname>
+ <actiontype>getusepolicy</actiontype>
+ <actionbody>
+ <keylabel>banana</keylabel>
+ </actionbody>
+ <actionresult>
+ <policy>
+ <secureid>0x101FFFFF</secureid>
+ <capability>DRM</capability>
+ <capability>ReadUserData</capability>
+ </policy>
+ <return>KErrNone</return>
+ </actionresult>
+ </action>
+
+ <action>
+ <actionname>4, Set use policy</actionname>
+ <actiontype>setusepolicy</actiontype>
+ <actionbody>
+ <keylabel>banana</keylabel>
+ <policy>
+ <capability>ReadUserData</capability>
+ <capability>WriteUserData</capability>
+ </policy>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+ </action>
+
+ <action>
+ <actionname>5, Check use policy</actionname>
+ <actiontype>getusepolicy</actiontype>
+ <actionbody>
+ <keylabel>banana</keylabel>
+ </actionbody>
+ <actionresult>
+ <policy>
+ <capability>ReadUserData</capability>
+ <capability>WriteUserData</capability>
+ </policy>
+ <return>KErrNone</return>
+ </actionresult>
+ </action>
+
+ <action>
+ <actionname>6, Check management policy</actionname>
+ <actiontype>getmanagementpolicy</actiontype>
+ <actionbody>
+ <keylabel>banana</keylabel>
+ </actionbody>
+ <actionresult>
+ <policy>
+ <capability>DRM</capability>
+ <capability>ReadUserData</capability>
+ <capability>WriteUserData</capability>
+ </policy>
+ <return>KErrNone</return>
+ </actionresult>
+ </action>
+
+ <action>
+ <actionname>7, Set management policy</actionname>
+ <actiontype>setmanagementpolicy</actiontype>
+ <actionbody>
+ <keylabel>banana</keylabel>
+ <policy>
+ <capability>ReadUserData</capability>
+ <capability>WriteUserData</capability>
+ </policy>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+ </action>
+
+ <action>
+ <actionname>8, Check management policy</actionname>
+ <actiontype>getmanagementpolicy</actiontype>
+ <actionbody>
+ <keylabel>banana</keylabel>
+ </actionbody>
+ <actionresult>
+ <policy>
+ <capability>ReadUserData</capability>
+ <capability>WriteUserData</capability>
+ </policy>
+ <return>KErrNone</return>
+ </actionresult>
+ </action>
+
+ <action>
+ <actionname>9, Delete key</actionname>
+ <actiontype>deletekeys</actiontype>
+ <actionbody>
+ <keylabel>banana</keylabel>
+ <deletecount>1</deletecount>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+ </action>
+
+ </passactions>
+
+ <failactions>
+
+ <action>
+ <actionname>1, Export</actionname>
+ <actiontype>exportkey</actiontype>
+ <actionbody>
+ <ExportFile>exported_banana.der</ExportFile>
+ <keyusage>allusagesbutNR</keyusage>
+ <keylabel>banana</keylabel>
+ <keyalgorithm>RSA</keyalgorithm>
+ <encrypted>0</encrypted>
+ </actionbody>
+ <actionresult>
+ <return>KErrPermissionDenied</return>
+ </actionresult>
+ </action>
+
+ <action>
+ <actionname>2, Export encrypted</actionname>
+ <actiontype>exportkey</actiontype>
+ <actionbody>
+ <ExportFile>exported_encrypted_banana.der</ExportFile>
+ <keyusage>allusagesbutNR</keyusage>
+ <keylabel>banana</keylabel>
+ <keyalgorithm>RSA</keyalgorithm>
+ <encrypted>1</encrypted>
+ </actionbody>
+ <actionresult>
+ <return>KErrPermissionDenied</return>
+ </actionresult>
+ </action>
+
+ <action>
+ <actionname>3, Set use policy</actionname>
+ <actiontype>setusepolicy</actiontype>
+ <actionbody>
+ <keylabel>banana</keylabel>
+ <policy>
+ <capability>ReadUserData</capability>
+ <capability>WriteUserData</capability>
+ </policy>
+ </actionbody>
+ <actionresult>
+ <return>KErrPermissionDenied</return>
+ </actionresult>
+ </action>
+
+ <action>
+ <actionname>5, Set management policy</actionname>
+ <actiontype>setmanagementpolicy</actiontype>
+ <actionbody>
+ <keylabel>banana</keylabel>
+ <policy>
+ <capability>ReadUserData</capability>
+ <capability>WriteUserData</capability>
+ </policy>
+ </actionbody>
+ <actionresult>
+ <return>KErrPermissionDenied</return>
+ </actionresult>
+ </action>
+
+ <action>
+ <actionname>7, Delete key</actionname>
+ <actiontype>deletekeys</actiontype>
+ <actionbody>
+ <keylabel>banana</keylabel>
+ </actionbody>
+ <actionresult>
+ <return>KErrPermissionDenied</return>
+ </actionresult>
+ </action>
+
+ </failactions>
+
+ <postactions>
+ <action>
+ <actionname>4, Close key store</actionname>
+ <actiontype>delete</actiontype>
+ <actionbody></actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+ </action>
+ </postactions>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+</action>
+
+<action>
+ <actionname>6.3.5, Test mango's management policy enforcement (SID and capabilities)</actionname>
+ <actiontype>policytest</actiontype>
+ <actionbody>
+ <testexe>t_keystore.exe</testexe>
+ <excludedcapabilities>
+ <capability>TCB</capability>
+ </excludedcapabilities>
+ <policy>
+ <secureid>0x101F7E95</secureid>
+ <capability>ReadUserData</capability>
+ <capability>DRM</capability>
+ <capability>ReadDeviceData</capability>
+ </policy>
+
+ <preactions>
+ <action>
+ <actionname>1, Open key store in manager mode</actionname>
+ <actiontype>init</actiontype>
+ <actionbody>
+ <mode>manager</mode>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+ </action>
+ </preactions>
+
+ <passactions>
+
+ <action>
+ <actionname>2, Export</actionname>
+ <actiontype>exportkey</actiontype>
+ <actionbody>
+ <ExportFile>exported_mango.der</ExportFile>
+ <keyusage>DSAUsage</keyusage>
+ <keylabel>mango</keylabel>
+ <keyalgorithm>DSA</keyalgorithm>
+ <encrypted>0</encrypted>
+ <passphrase>redfox</passphrase>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+ </action>
+
+ <action>
+ <actionname>3, Export encrypted</actionname>
+ <actiontype>exportkey</actiontype>
+ <actionbody>
+ <ExportFile>exported_encrypted_mango.der</ExportFile>
+ <keyusage>DSAUsage</keyusage>
+ <keylabel>mango</keylabel>
+ <keyalgorithm>DSA</keyalgorithm>
+ <encrypted>1</encrypted>
+ <passphrase>redfox</passphrase>
+ <passphrase>export clanger</passphrase>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+ </action>
+
+ <action>
+ <actionname>4, Check use policy</actionname>
+ <actiontype>getusepolicy</actiontype>
+ <actionbody>
+ <keylabel>mango</keylabel>
+ </actionbody>
+ <actionresult>
+ <policy>
+ <vendorid>0x70000007</vendorid>
+ <capability>DRM</capability>
+ <capability>ReadUserData</capability>
+ </policy>
+ <return>KErrNone</return>
+ </actionresult>
+ </action>
+
+ <action>
+ <actionname>5, Set use policy</actionname>
+ <actiontype>setusepolicy</actiontype>
+ <actionbody>
+ <keylabel>mango</keylabel>
+ <policy>
+ <capability>ReadUserData</capability>
+ <capability>WriteUserData</capability>
+ </policy>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+ </action>
+
+ <action>
+ <actionname>6, Check use policy</actionname>
+ <actiontype>getusepolicy</actiontype>
+ <actionbody>
+ <keylabel>mango</keylabel>
+ </actionbody>
+ <actionresult>
+ <policy>
+ <capability>ReadUserData</capability>
+ <capability>WriteUserData</capability>
+ </policy>
+ <return>KErrNone</return>
+ </actionresult>
+ </action>
+
+ <action>
+ <actionname>7, Check management policy</actionname>
+ <actiontype>getmanagementpolicy</actiontype>
+ <actionbody>
+ <keylabel>mango</keylabel>
+ </actionbody>
+ <actionresult>
+ <policy>
+ <secureid>0x101F7E95</secureid>
+ <capability>ReadUserData</capability>
+ <capability>DRM</capability>
+ <capability>ReadDeviceData</capability>
+ </policy>
+ <return>KErrNone</return>
+ </actionresult>
+ </action>
+
+ <action>
+ <actionname>8, Set management policy</actionname>
+ <actiontype>setmanagementpolicy</actiontype>
+ <actionbody>
+ <keylabel>mango</keylabel>
+ <policy>
+ <capability>DRM</capability>
+ <capability>ReadDeviceData</capability>
+ </policy>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+ </action>
+
+ <action>
+ <actionname>9, Check management policy</actionname>
+ <actiontype>getmanagementpolicy</actiontype>
+ <actionbody>
+ <keylabel>mango</keylabel>
+ </actionbody>
+ <actionresult>
+ <policy>
+ <capability>DRM</capability>
+ <capability>ReadDeviceData</capability>
+ </policy>
+ <return>KErrNone</return>
+ </actionresult>
+ </action>
+
+ <action>
+ <actionname>10, Delete key</actionname>
+ <actiontype>deletekeys</actiontype>
+ <actionbody>
+ <keylabel>mango</keylabel>
+ <deletecount>1</deletecount>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+ </action>
+
+ </passactions>
+
+ <failactions>
+
+ <action>
+ <actionname>2, Export</actionname>
+ <actiontype>exportkey</actiontype>
+ <actionbody>
+ <ExportFile>exported_mango.der</ExportFile>
+ <keyusage>DSAUsage</keyusage>
+ <keylabel>mango</keylabel>
+ <keyalgorithm>DSA</keyalgorithm>
+ <encrypted>0</encrypted>
+ </actionbody>
+ <actionresult>
+ <return>KErrPermissionDenied</return>
+ </actionresult>
+ </action>
+
+ <action>
+ <actionname>3, Export encrypted</actionname>
+ <actiontype>exportkey</actiontype>
+ <actionbody>
+ <ExportFile>exported_encrypted_mango.der</ExportFile>
+ <keyusage>DSAUsage</keyusage>
+ <keylabel>mango</keylabel>
+ <keyalgorithm>DSA</keyalgorithm>
+ <encrypted>1</encrypted>
+ </actionbody>
+ <actionresult>
+ <return>KErrPermissionDenied</return>
+ </actionresult>
+ </action>
+
+ <action>
+ <actionname>4, Set use policy</actionname>
+ <actiontype>setusepolicy</actiontype>
+ <actionbody>
+ <keylabel>mango</keylabel>
+ <policy>
+ <capability>ReadUserData</capability>
+ <capability>WriteUserData</capability>
+ </policy>
+ </actionbody>
+ <actionresult>
+ <return>KErrPermissionDenied</return>
+ </actionresult>
+ </action>
+
+ <action>
+ <actionname>5, Set management policy</actionname>
+ <actiontype>setmanagementpolicy</actiontype>
+ <actionbody>
+ <keylabel>mango</keylabel>
+ <policy>
+ <capability>DRM</capability>
+ <capability>ReadDeviceData</capability>
+ </policy>
+ </actionbody>
+ <actionresult>
+ <return>KErrPermissionDenied</return>
+ </actionresult>
+ </action>
+
+ <action>
+ <actionname>6, Delete key</actionname>
+ <actiontype>deletekeys</actiontype>
+ <actionbody>
+ <keylabel>mango</keylabel>
+ </actionbody>
+ <actionresult>
+ <return>KErrPermissionDenied</return>
+ </actionresult>
+ </action>
+
+ </failactions>
+
+ <postactions>
+ <action>
+ <actionname>11, Close key store</actionname>
+ <actiontype>delete</actiontype>
+ <actionbody></actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+ </action>
+ </postactions>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+</action>
+
+<action>
+ <actionname>6.3.6, Test tomato's management policy enforcement (VID and capabilities)</actionname>
+ <actiontype>policytest</actiontype>
+ <actionbody>
+ <testexe>t_keystore.exe</testexe>
+ <excludedcapabilities>
+ <capability>TCB</capability>
+ </excludedcapabilities>
+ <policy>
+ <vendorid>0x70000001</vendorid>
+ <capability>ReadUserData</capability>
+ <capability>DRM</capability>
+ <capability>WriteDeviceData</capability>
+ </policy>
+
+ <preactions>
+ <action>
+ <actionname>1, Open key store in manager mode</actionname>
+ <actiontype>init</actiontype>
+ <actionbody>
+ <mode>manager</mode>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+ </action>
+ </preactions>
+
+ <passactions>
+
+ <action>
+ <actionname>2, Check use policy</actionname>
+ <actiontype>getusepolicy</actiontype>
+ <actionbody>
+ <keylabel>tomato</keylabel>
+ </actionbody>
+ <actionresult>
+ <policy>
+ <capability>DRM</capability>
+ <capability>ReadUserData</capability>
+ <capability>WriteUserData</capability>
+ <capability>ReadDeviceData</capability>
+ <capability>WriteDeviceData</capability>
+ </policy>
+ <return>KErrNone</return>
+ </actionresult>
+ </action>
+
+ <action>
+ <actionname>3, Set use policy</actionname>
+ <actiontype>setusepolicy</actiontype>
+ <actionbody>
+ <keylabel>tomato</keylabel>
+ <policy>
+ <capability>ReadUserData</capability>
+ <capability>WriteUserData</capability>
+ </policy>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+ </action>
+
+ <action>
+ <actionname>4, Check use policy</actionname>
+ <actiontype>getusepolicy</actiontype>
+ <actionbody>
+ <keylabel>tomato</keylabel>
+ </actionbody>
+ <actionresult>
+ <policy>
+ <capability>ReadUserData</capability>
+ <capability>WriteUserData</capability>
+ </policy>
+ <return>KErrNone</return>
+ </actionresult>
+ </action>
+
+ <action>
+ <actionname>5, Check management policy</actionname>
+ <actiontype>getmanagementpolicy</actiontype>
+ <actionbody>
+ <keylabel>tomato</keylabel>
+ </actionbody>
+ <actionresult>
+ <policy>
+ <vendorid>0x70000001</vendorid>
+ <capability>ReadUserData</capability>
+ <capability>DRM</capability>
+ <capability>WriteDeviceData</capability>
+ </policy>
+ <return>KErrNone</return>
+ </actionresult>
+ </action>
+
+ <action>
+ <actionname>6, Set management policy</actionname>
+ <actiontype>setmanagementpolicy</actiontype>
+ <actionbody>
+ <keylabel>tomato</keylabel>
+ <policy>
+ <capability>DRM</capability>
+ <capability>WriteDeviceData</capability>
+ </policy>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+ </action>
+
+ <action>
+ <actionname>7, Check management policy</actionname>
+ <actiontype>getmanagementpolicy</actiontype>
+ <actionbody>
+ <keylabel>tomato</keylabel>
+ </actionbody>
+ <actionresult>
+ <policy>
+ <capability>DRM</capability>
+ <capability>WriteDeviceData</capability>
+ </policy>
+ <return>KErrNone</return>
+ </actionresult>
+ </action>
+
+ <action>
+ <actionname>8, Delete key</actionname>
+ <actiontype>deletekeys</actiontype>
+ <actionbody>
+ <keylabel>tomato</keylabel>
+ <deletecount>1</deletecount>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+ </action>
+
+ </passactions>
+
+ <failactions>
+
+ <action>
+ <actionname>2, Set use policy</actionname>
+ <actiontype>setusepolicy</actiontype>
+ <actionbody>
+ <keylabel>tomato</keylabel>
+ <policy>
+ <capability>ReadUserData</capability>
+ <capability>WriteUserData</capability>
+ </policy>
+ </actionbody>
+ <actionresult>
+ <return>KErrPermissionDenied</return>
+ </actionresult>
+ </action>
+
+ <action>
+ <actionname>3, Set management policy</actionname>
+ <actiontype>setmanagementpolicy</actiontype>
+ <actionbody>
+ <keylabel>tomato</keylabel>
+ <policy>
+ <capability>DRM</capability>
+ <capability>WriteDeviceData</capability>
+ </policy>
+ </actionbody>
+ <actionresult>
+ <return>KErrPermissionDenied</return>
+ </actionresult>
+ </action>
+
+ <action>
+ <actionname>4, Delete key</actionname>
+ <actiontype>deletekeys</actiontype>
+ <actionbody>
+ <keylabel>tomato</keylabel>
+ </actionbody>
+ <actionresult>
+ <return>KErrPermissionDenied</return>
+ </actionresult>
+ </action>
+
+ </failactions>
+
+ <postactions>
+ <action>
+ <actionname>9, Close key store</actionname>
+ <actiontype>delete</actiontype>
+ <actionbody></actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+ </action>
+ </postactions>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+</action>
+
+////////////////////////////////////////////////////////////////////////////////
+// 7. Test policing of other APIs
+////////////////////////////////////////////////////////////////////////////////
+
+// 7.1 Test set timeout is policed with WriteDeviceData capability
+
+<action>
+ <actionname>7.1, Test policing of set timeout</actionname>
+ <actiontype>policytest</actiontype>
+ <actionbody>
+ <testexe>t_keystore.exe</testexe>
+ <excludedcapabilities>
+ <capability>TCB</capability>
+ </excludedcapabilities>
+ <policy>
+ <capability>WriteDeviceData</capability>
+ </policy>
+
+ <preactions>
+ <action>
+ <actionname>Open key store in manager mode</actionname>
+ <actiontype>init</actiontype>
+ <actionbody>
+ <mode>manager</mode>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+ </action>
+ </preactions>
+
+ <passactions>
+ <action>
+ <actionname>0.7.2, Set passphrase timeout to "don't cache"</actionname>
+ <actiontype>settimeout</actiontype>
+ <actionbody>
+ <timeout>0</timeout>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+ </action>
+ </passactions>
+
+ <failactions>
+ <action>
+ <actionname>0.7.2, Set passphrase timeout to "don't cache"</actionname>
+ <actiontype>settimeout</actiontype>
+ <actionbody>
+ <timeout>0</timeout>
+ </actionbody>
+ <actionresult>
+ <return>KErrPermissionDenied</return>
+ </actionresult>
+ </action>
+ </failactions>
+
+ <postactions>
+ <action>
+ <actionname>Close key store</actionname>
+ <actiontype>delete</actiontype>
+ <actionbody></actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+ </action>
+ </postactions>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+</action>
+
+<action>
+ <actionname>7.2, Test policing of create and import by WriteUserData</actionname>
+ <actiontype>policytest</actiontype>
+ <actionbody>
+ <testexe>t_keystore.exe</testexe>
+ <excludedcapabilities>
+ <capability>TCB</capability>
+ </excludedcapabilities>
+ <policy>
+ <capability>WriteUserData</capability>
+ </policy>
+
+ <preactions>
+ <action>
+ <actionname>1, Open key store</actionname>
+ <actiontype>init</actiontype>
+ <actionbody>
+ <mode>manager</mode>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+ </action>
+ </preactions>
+
+ <passactions>
+ <action>
+ <actionname>2, Create key</actionname>
+ <actiontype>addkey</actiontype>
+ <actionbody>
+ <keyusage>allusagesbutNR</keyusage>
+ <keysize>512</keysize>
+ <keylabel>raspberry</keylabel>
+ <keyalgorithm>RSA</keyalgorithm>
+ <keyaccesstype>Extractable</keyaccesstype>
+ <keystore>0</keystore>
+ <passphrase>create pinkcloud</passphrase>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+ </action>
+
+ <action>
+ <actionname>3, Import key</actionname>
+ <actiontype>importkey</actiontype>
+ <actionbody>
+ <ImportData>pkcs8rsa.001</ImportData>
+ <keyusage>allusagesbutNR</keyusage>
+ <keylabel>blueberry</keylabel>
+ <keyaccesstype>Extractable</keyaccesstype>
+ <passphrase>pinkcloud</passphrase>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+ </action>
+ </passactions>
+
+ <failactions>
+ <action>
+ <actionname>2, Create key</actionname>
+ <actiontype>addkey</actiontype>
+ <actionbody>
+ <keyusage>allusagesbutNR</keyusage>
+ <keysize>512</keysize>
+ <keylabel>raspberry</keylabel>
+ <keyalgorithm>RSA</keyalgorithm>
+ <keyaccesstype>Extractable</keyaccesstype>
+ <keystore>0</keystore>
+ </actionbody>
+ <actionresult>
+ <return>KErrPermissionDenied</return>
+ </actionresult>
+ </action>
+
+ <action>
+ <actionname>3, Import key</actionname>
+ <actiontype>importkey</actiontype>
+ <actionbody>
+ <ImportData>pkcs8rsa.001</ImportData>
+ <keyusage>allusagesbutNR</keyusage>
+ <keylabel>blueberry</keylabel>
+ <keyaccesstype>Extractable</keyaccesstype>
+ </actionbody>
+ <actionresult>
+ <return>KErrPermissionDenied</return>
+ </actionresult>
+ </action>
+ </failactions>
+
+ <postactions>
+ <action>
+ <actionname>5, Close key store</actionname>
+ <actiontype>delete</actiontype>
+ <actionbody></actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+ </action>
+ </postactions>
+
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+</action>
+
+<action>
+ <actionname>7.3, Test policing of list by ReadUserData</actionname>
+ <actiontype>policytest</actiontype>
+ <actionbody>
+ <testexe>t_keystore.exe</testexe>
+ <excludedcapabilities>
+ <capability>TCB</capability>
+ </excludedcapabilities>
+ <policy>
+ <capability>ReadUserData</capability>
+ </policy>
+
+ <preactions>
+ <action>
+ <actionname>1, Open key store</actionname>
+ <actiontype>init</actiontype>
+ <actionbody>
+ <mode>manager</mode>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+ </action>
+ </preactions>
+
+ <passactions>
+ <action>
+ <actionname>2, List keys</actionname>
+ <actiontype>listkeys</actiontype>
+ <actionbody>
+ <listcount>2</listcount>
+ <foundkey>raspberry</foundkey>
+ <foundkey>blueberry</foundkey>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+ </action>
+ </passactions>
+
+ <failactions>
+ <action>
+ <actionname>2, List keys</actionname>
+ <actiontype>listkeys</actiontype>
+ <actionbody>
+ </actionbody>
+ <actionresult>
+ <return>KErrPermissionDenied</return>
+ </actionresult>
+ </action>
+ </failactions>
+
+ <postactions>
+ <action>
+ <actionname>4, Close key store</actionname>
+ <actiontype>delete</actiontype>
+ <actionbody></actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+ </action>
+ </postactions>
+
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+</action>
+
+////////////////////////////////////////////////////////////////////////////////
+// Cleanup
+////////////////////////////////////////////////////////////////////////////////
+
+<action>
+ <actionname>8.0, List keys</actionname>
+ <actiontype>listkeys</actiontype>
+ <actionbody>
+ <listcount>2</listcount>
+ <foundkey>raspberry</foundkey>
+ <foundkey>blueberry</foundkey>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+</action>
+
+<action>
+ <actionname>8.1, Delete keys</actionname>
+ <actiontype>deletekeys</actiontype>
+ <actionbody>
+ <deletecount>2</deletecount>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+</action>
+
+<action>
+ <actionname>8.2, Close key store</actionname>
+ <actiontype>delete</actiontype>
+ <actionbody></actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+</action>
+
+<action>
+ <actionname>8.3, Sleep 5 seconds</actionname>
+ <actiontype>sleep</actiontype>
+ <actionbody>
+ <seconds>5</seconds>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+</action>
+
+<action>
+ <actionname>8.4, Check for server heap error</actionname>
+ <actiontype>checkserverheaperror</actiontype>
+ <actionbody>
+ </actionbody>
+ <actionresult>
+ <return>KErrNone</return>
+ </actionresult>
+</action>