cryptoservices/filebasedcertificateandkeystores/test/tkeystore/scripts/authobjects_v2_useauth.txt
// Script 2: Test authentication, paspphrase caching, etc
////////////////////////////////////////////////////////////////////////////////
// 0. Initialisation
////////////////////////////////////////////////////////////////////////////////
// First we delete the keystore data file, so that we know we are setting the
// passphrase with our first key add operation.
// Then we set up some keys for the rest of the test script to use:
//
// Key: Type:
// banana RSA
// mango DSA
// tomato DH
// todo
// test passphrase timeout affects all keys, and all processes
<action>
<actionname>0.1, Delete keystore data file</actionname>
<actiontype>deletekeystoredata</actiontype>
<actionresult>
<return>KErrNone</return>
</actionresult>
</action>
<action>
<actionname>0.2, Opening key store in manager mode</actionname>
<actiontype>init</actiontype>
<actionbody>
<mode>manager</mode>
</actionbody>
<actionresult>
<return>KErrNone</return>
</actionresult>
</action>
<action>
<actionname>0.3 Delete everything</actionname>
<actiontype>deletekeys</actiontype>
<actionresult>
<return>KErrNone</return>
</actionresult>
</action>
////////////////////////////////////////////////////////////////////////////////
// 1. Initial set up of adding keys
////////////////////////////////////////////////////////////////////////////////
// 1.1 Test adding a key leaves it open and with default timeout of 30 seconds
<action>
<actionname>1.1.1, Add key banana</actionname>
<actiontype>addkey</actiontype>
<actionbody>
<keyusage>allusagesbutNR</keyusage>
<keysize>512</keysize>
<keylabel>banana</keylabel>
<keyalgorithm>RSA</keyalgorithm>
<keyaccesstype>Extractable</keyaccesstype>
</actionbody>
<actionresult> <return>KErrNone</return> </actionresult>
</action>
<action>
<actionname>1.1.5, Add key mango</actionname>
<actiontype>addkey</actiontype>
<actionbody>
<keyusage>DSAUsage</keyusage>
<keysize>512</keysize>
<keylabel>mango</keylabel>
<keyalgorithm>DSA</keyalgorithm>
<keyaccesstype>Extractable</keyaccesstype>
</actionbody>
<actionresult>
<return>KErrNone</return>
</actionresult>
</action>
<action>
<actionname>1.1.6, Add key tomato</actionname>
<actiontype>addkey</actiontype>
<actionbody>
<keyusage>Derive</keyusage>
<keysize>512</keysize>
<keylabel>tomato</keylabel>
<keyalgorithm>DH</keyalgorithm>
<keyaccesstype>Extractable</keyaccesstype>
</actionbody>
<actionresult> <return>KErrNone</return> </actionresult>
</action>
<action>
<actionname>1.1.7, Check everything added ok</actionname>
<actiontype>listkeys</actiontype>
<actionbody>
<foundkey>banana</foundkey>
<foundkey>mango</foundkey>
<foundkey>tomato</foundkey>
</actionbody>
<actionresult>
<return>KErrNone</return>
</actionresult>
</action>
////////////////////////////////////////////////////////////////////////////////
// 6. Test security policies
////////////////////////////////////////////////////////////////////////////////
// 6.1 Test default policy is to police based on SID of the creator
<action>
<actionname>6.1.1, Get default use policy</actionname>
<actiontype>getusepolicy</actiontype>
<actionbody>
<keylabel>banana</keylabel>
</actionbody>
<actionresult>
<policy>
<secureid>0x101F7E95</secureid>
</policy>
<return>KErrNone</return>
</actionresult>
</action>
<action>
<actionname>6.1.2, Get default management policy</actionname>
<actiontype>getmanagementpolicy</actiontype>
<actionbody>
<keylabel>banana</keylabel>
</actionbody>
<actionresult>
<policy>
<secureid>0x101F7E95</secureid>
</policy>
<return>KErrNone</return>
</actionresult>
</action>
// 6.2 Test setting policies for the keys
<action>
<actionname>6.2.1, Set banana's use policy based on SID and capabilities</actionname>
<actiontype>setusepolicy</actiontype>
<actionbody>
<keylabel>banana</keylabel>
<policy>
<secureid>0x101FFFFF</secureid>
<capability>DRM</capability>
<capability>ReadUserData</capability>
</policy>
</actionbody>
<actionresult>
<return>KErrNone</return>
</actionresult>
</action>
<action>
<actionname>6.2.2, Check banana's use policy set correctly</actionname>
<actiontype>getusepolicy</actiontype>
<actionbody>
<keylabel>banana</keylabel>
</actionbody>
<actionresult>
<policy>
<secureid>0x101FFFFF</secureid>
<capability>DRM</capability>
<capability>ReadUserData</capability>
</policy>
<return>KErrNone</return>
</actionresult>
</action>
<action>
<actionname>6.2.3, Set mango's use policy based on VID and capabilities</actionname>
<actiontype>setusepolicy</actiontype>
<actionbody>
<keylabel>mango</keylabel>
<policy>
<vendorid>0x70000007</vendorid>
<capability>DRM</capability>
<capability>ReadUserData</capability>
</policy>
</actionbody>
<actionresult>
<return>KErrNone</return>
</actionresult>
</action>
<action>
<actionname>6.2.4, Check mango's use policy set correctly</actionname>
<actiontype>getusepolicy</actiontype>
<actionbody>
<keylabel>mango</keylabel>
</actionbody>
<actionresult>
<policy>
<vendorid>0x70000007</vendorid>
<capability>DRM</capability>
<capability>ReadUserData</capability>
</policy>
<return>KErrNone</return>
</actionresult>
</action>
<action>
<actionname>6.2.5, Set tomato's use policy based on just capabilities</actionname>
<actiontype>setusepolicy</actiontype>
<actionbody>
<keylabel>tomato</keylabel>
<policy>
<capability>DRM</capability>
<capability>ReadUserData</capability>
<capability>WriteUserData</capability>
<capability>ReadDeviceData</capability>
<capability>WriteDeviceData</capability>
</policy>
</actionbody>
<actionresult>
<return>KErrNone</return>
</actionresult>
</action>
<action>
<actionname>6.2.6, Check tomato's use policy set correctly</actionname>
<actiontype>getusepolicy</actiontype>
<actionbody>
<keylabel>tomato</keylabel>
</actionbody>
<actionresult>
<policy>
<capability>DRM</capability>
<capability>ReadUserData</capability>
<capability>WriteUserData</capability>
<capability>ReadDeviceData</capability>
<capability>WriteDeviceData</capability>
</policy>
<return>KErrNone</return>
</actionresult>
</action>
<action>
<actionname>6.2.7.1, Test we can't set management policy that doesn't include the calling process</actionname>
<actiontype>setmanagementpolicy</actiontype>
<actionbody>
<keylabel>banana</keylabel>
<policy>
<capability>DRM</capability>
<capability>ReadUserData</capability>
<capability>WriteUserData</capability>
<capability>NetworkControl</capability>
</policy>
</actionbody>
<actionresult>
<return>KErrArgument</return>
</actionresult>
</action>
<action>
<actionname>6.2.7.2, Test we can't set management policy that doesn't include the calling process</actionname>
<actiontype>setmanagementpolicy</actiontype>
<actionbody>
<keylabel>banana</keylabel>
<policy>
<secureid>0x101F7E96</secureid>
<capability>DRM</capability>
<capability>ReadUserData</capability>
<capability>WriteUserData</capability>
</policy>
</actionbody>
<actionresult>
<return>KErrArgument</return>
</actionresult>
</action>
<action>
<actionname>6.2.7.3, Test we can't set management policy that doesn't include the calling process</actionname>
<actiontype>setmanagementpolicy</actiontype>
<actionbody>
<keylabel>banana</keylabel>
<policy>
<vendorid>0x70000002</vendorid>
<capability>DRM</capability>
<capability>ReadUserData</capability>
<capability>WriteUserData</capability>
</policy>
</actionbody>
<actionresult>
<return>KErrArgument</return>
</actionresult>
</action>
<action>
<actionname>6.2.7.4, Set banana's management policy based on just capabilities</actionname>
<actiontype>setmanagementpolicy</actiontype>
<actionbody>
<keylabel>banana</keylabel>
<policy>
<capability>DRM</capability>
<capability>ReadUserData</capability>
<capability>WriteUserData</capability>
</policy>
</actionbody>
<actionresult>
<return>KErrNone</return>
</actionresult>
</action>
<action>
<actionname>6.2.8, Check banana's management policy set correctly</actionname>
<actiontype>getmanagementpolicy</actiontype>
<actionbody>
<keylabel>banana</keylabel>
</actionbody>
<actionresult>
<policy>
<capability>DRM</capability>
<capability>ReadUserData</capability>
<capability>WriteUserData</capability>
</policy>
<return>KErrNone</return>
</actionresult>
</action>
<action>
<actionname>6.2.9, Set mango's management policy based on SID and capabilities</actionname>
<actiontype>setmanagementpolicy</actiontype>
<actionbody>
<keylabel>mango</keylabel>
<policy>
<secureid>0x101F7E95</secureid>
<capability>ReadUserData</capability>
<capability>DRM</capability>
<capability>ReadDeviceData</capability>
</policy>
</actionbody>
<actionresult>
<return>KErrNone</return>
</actionresult>
</action>
<action>
<actionname>6.2.10, Check mango's management policy set correctly</actionname>
<actiontype>getmanagementpolicy</actiontype>
<actionbody>
<keylabel>mango</keylabel>
</actionbody>
<actionresult>
<policy>
<secureid>0x101F7E95</secureid>
<capability>ReadUserData</capability>
<capability>DRM</capability>
<capability>ReadDeviceData</capability>
</policy>
<return>KErrNone</return>
</actionresult>
</action>
<action>
<actionname>6.2.11, Set tomato's management policy based on VID and capabilities</actionname>
<actiontype>setmanagementpolicy</actiontype>
<actionbody>
<keylabel>tomato</keylabel>
<policy>
<vendorid>0x70000001</vendorid>
<capability>ReadUserData</capability>
<capability>DRM</capability>
<capability>WriteDeviceData</capability>
</policy>
</actionbody>
<actionresult>
<return>KErrNone</return>
</actionresult>
</action>
<action>
<actionname>6.2.12, Check tomato's management policy set correctly</actionname>
<actiontype>getmanagementpolicy</actiontype>
<actionbody>
<keylabel>tomato</keylabel>
</actionbody>
<actionresult>
<policy>
<vendorid>0x70000001</vendorid>
<capability>ReadUserData</capability>
<capability>DRM</capability>
<capability>WriteDeviceData</capability>
</policy>
<return>KErrNone</return>
</actionresult>
</action>
// 6.3 Test enforcement of security policies
<action>
<actionname>6.3.1, Test use policy enforcement for SID and capabilities</actionname>
<actiontype>policytest</actiontype>
<actionbody>
<testexe>t_keystore.exe</testexe>
<excludedcapabilities>
<capability>TCB</capability>
</excludedcapabilities>
<policy>
<secureid>0x101FFFFF</secureid>
<capability>DRM</capability>
<capability>ReadUserData</capability>
</policy>
<preactions>
<action>
<actionname>1, Open key store in manager mode</actionname>
<actiontype>init</actiontype>
<actionbody>
<mode>manager</mode>
</actionbody>
<actionresult>
<return>KErrNone</return>
</actionresult>
</action>
</preactions>
<passactions>
<action>
<actionname>2, Get key info</actionname>
<actiontype>getkeyinfo</actiontype>
<actionbody>
<keylabel>banana</keylabel>
<keyusage>allusagesbutNR</keyusage>
<keysize>512</keysize>
<keyalgorithm>RSA</keyalgorithm>
<keyaccesstype>Extractable</keyaccesstype>
<keyaccesstype>Local</keyaccesstype>
</actionbody>
<actionresult>
<return>KErrNone</return>
</actionresult>
</action>
<action>
<actionname>3, Sign</actionname>
<actiontype>sign</actiontype>
<actionbody>
<keylabel>banana</keylabel>
<open>RSA</open>
<text>This is text of 20 .</text>
</actionbody>
<actionresult>
<return>KErrNone</return>
</actionresult>
</action>
<action>
<actionname>4, Decrypt</actionname>
<actiontype>decrypt</actiontype>
<actionbody>
<keylabel>banana</keylabel>
<text>Ook!</text>
</actionbody>
<actionresult>
<return>KErrNone</return>
</actionresult>
</action>
</passactions>
<failactions>
<action>
<actionname>2, Get key info</actionname>
<actiontype>getkeyinfo</actiontype>
<actionbody>
<keylabel>banana</keylabel>
<keyusage>allusagesbutNR</keyusage>
<keysize>512</keysize>
<keyalgorithm>RSA</keyalgorithm>
<keyaccesstype>Extractable</keyaccesstype>
<keyaccesstype>Local</keyaccesstype>
</actionbody>
<actionresult>
<return>KErrPermissionDenied</return>
</actionresult>
</action>
<action>
<actionname>3, Sign</actionname>
<actiontype>sign</actiontype>
<actionbody>
<keylabel>banana</keylabel>
<open>RSA</open>
<text>This is text of 20 .</text>
</actionbody>
<actionresult>
<return>KErrPermissionDenied</return>
</actionresult>
</action>
<action>
<actionname>4, Decrypt</actionname>
<actiontype>decrypt</actiontype>
<actionbody>
<keylabel>banana</keylabel>
<text>Ook!</text>
</actionbody>
<actionresult>
<return>KErrPermissionDenied</return>
</actionresult>
</action>
</failactions>
<postactions>
<action>
<actionname>5, Close key store</actionname>
<actiontype>delete</actiontype>
<actionbody></actionbody>
<actionresult>
<return>KErrNone</return>
</actionresult>
</action>
</postactions>
</actionbody>
<actionresult>
<return>KErrNone</return>
</actionresult>
</action>
<action>
<actionname>6.3.2, Test use policy enforcement for VID and capabilities</actionname>
<actiontype>policytest</actiontype>
<actionbody>
<testexe>t_keystore.exe</testexe>
<excludedcapabilities>
<capability>TCB</capability>
</excludedcapabilities>
<policy>
<vendorid>0x70000007</vendorid>
<capability>DRM</capability>
<capability>ReadUserData</capability>
</policy>
<preactions>
<action>
<actionname>1, Open key store in manager mode</actionname>
<actiontype>init</actiontype>
<actionbody>
<mode>manager</mode>
</actionbody>
<actionresult>
<return>KErrNone</return>
</actionresult>
</action>
</preactions>
<passactions>
<action>
<actionname>2, Get key info</actionname>
<actiontype>getkeyinfo</actiontype>
<actionbody>
<keylabel>mango</keylabel>
<keyusage>allusagesbutNR</keyusage>
<keysize>512</keysize>
<keyalgorithm>DSA</keyalgorithm>
<keyaccesstype>Extractable</keyaccesstype>
<keyaccesstype>Local</keyaccesstype>
</actionbody>
<actionresult>
<return>KErrNone</return>
</actionresult>
</action>
<action>
<actionname>3, Sign</actionname>
<actiontype>sign</actiontype>
<actionbody>
<keylabel>mango</keylabel>
<open>DSA</open>
<text>This is text of 20 .</text>
</actionbody>
<actionresult>
<return>KErrNone</return>
</actionresult>
</action>
</passactions>
<failactions>
<action>
<actionname>2, Get key info</actionname>
<actiontype>getkeyinfo</actiontype>
<actionbody>
<keylabel>mango</keylabel>
<keyusage>allusagesbutNR</keyusage>
<keysize>512</keysize>
<keyalgorithm>DSA</keyalgorithm>
<keyaccesstype>Extractable</keyaccesstype>
<keyaccesstype>Local</keyaccesstype>
</actionbody>
<actionresult>
<return>KErrPermissionDenied</return>
</actionresult>
</action>
<action>
<actionname>3, Sign</actionname>
<actiontype>sign</actiontype>
<actionbody>
<keylabel>mango</keylabel>
<open>DSA</open>
<text>This is text of 20 .</text>
</actionbody>
<actionresult>
<return>KErrPermissionDenied</return>
</actionresult>
</action>
</failactions>
<postactions>
<action>
<actionname>4, Close key store</actionname>
<actiontype>delete</actiontype>
<actionbody></actionbody>
<actionresult>
<return>KErrNone</return>
</actionresult>
</action>
</postactions>
</actionbody>
<actionresult>
<return>KErrNone</return>
</actionresult>
</action>
<action>
<actionname>6.3.3, Test use policy enforcement for just capabilities</actionname>
<actiontype>policytest</actiontype>
<actionbody>
<testexe>t_keystore.exe</testexe>
<excludedcapabilities>
<capability>TCB</capability>
</excludedcapabilities>
<policy>
<capability>DRM</capability>
<capability>ReadUserData</capability>
<capability>WriteUserData</capability>
<capability>ReadDeviceData</capability>
<capability>WriteDeviceData</capability>
</policy>
<preactions>
<action>
<actionname>1, Open key store in manager mode</actionname>
<actiontype>init</actiontype>
<actionbody>
<mode>manager</mode>
</actionbody>
<actionresult>
<return>KErrNone</return>
</actionresult>
</action>
</preactions>
<passactions>
<action>
<actionname>2, Get key info</actionname>
<actiontype>getkeyinfo</actiontype>
<actionbody>
<keylabel>tomato</keylabel>
<keyusage>allusagesbutNR</keyusage>
<keysize>512</keysize>
<keyalgorithm>DH</keyalgorithm>
<keyaccesstype>Extractable</keyaccesstype>
<keyaccesstype>Local</keyaccesstype>
</actionbody>
<actionresult>
<return>KErrNone</return>
</actionresult>
</action>
<action>
<actionname>2, Test derive</actionname>
<actiontype>derive</actiontype>
<actionbody>
<keylabel>tomato</keylabel>
<n>DA9A18547FF03B385CC16508C173A7EF4EB61CB40EF8FEF3B31F145051676166BCDC3FE6B799FC394D08C26385F9413F896E09117E46209D6923602683CEA100924A6EE695281775C619DAA94EA8CB3691B4275B0183F1D39639EBC92995FE645D6C1BC28D409E585549BBD2C5DCDD6C208B04EADD8B7A6D997F72CBAD88390F</n>
<g>02</g>
</actionbody>
<actionresult>
<return>KErrNone</return>
</actionresult>
</action>
</passactions>
<failactions>
<action>
<actionname>2, Get key info</actionname>
<actiontype>getkeyinfo</actiontype>
<actionbody>
<keylabel>tomato</keylabel>
<keyusage>allusagesbutNR</keyusage>
<keysize>512</keysize>
<keyalgorithm>DH</keyalgorithm>
<keyaccesstype>Extractable</keyaccesstype>
<keyaccesstype>Local</keyaccesstype>
</actionbody>
<actionresult>
<return>KErrPermissionDenied</return>
</actionresult>
</action>
<action>
<actionname>2, Test derive</actionname>
<actiontype>derive</actiontype>
<actionbody>
<keylabel>tomato</keylabel>
<n>DA9A18547FF03B385CC16508C173A7EF4EB61CB40EF8FEF3B31F145051676166BCDC3FE6B799FC394D08C26385F9413F896E09117E46209D6923602683CEA100924A6EE695281775C619DAA94EA8CB3691B4275B0183F1D39639EBC92995FE645D6C1BC28D409E585549BBD2C5DCDD6C208B04EADD8B7A6D997F72CBAD88390F</n>
<g>02</g>
</actionbody>
<actionresult>
<return>KErrPermissionDenied</return>
</actionresult>
</action>
</failactions>
<postactions>
<action>
<actionname>3, Close key store</actionname>
<actiontype>delete</actiontype>
<actionbody></actionbody>
<actionresult>
<return>KErrNone</return>
</actionresult>
</action>
</postactions>
</actionbody>
<actionresult>
<return>KErrNone</return>
</actionresult>
</action>
<action>
<actionname>6.3.4, Test banana's management policy enforcement (just capabilities)</actionname>
<actiontype>policytest</actiontype>
<actionbody>
<testexe>t_keystore.exe</testexe>
<excludedcapabilities>
<capability>TCB</capability>
</excludedcapabilities>
<policy>
<capability>DRM</capability>
<capability>ReadUserData</capability>
<capability>WriteUserData</capability>
</policy>
<preactions>
<action>
<actionname>1, Open key store in manager mode</actionname>
<actiontype>init</actiontype>
<actionbody>
<mode>manager</mode>
</actionbody>
<actionresult>
<return>KErrNone</return>
</actionresult>
</action>
</preactions>
<passactions>
<action>
<actionname>1, Export</actionname>
<actiontype>exportkey</actiontype>
<actionbody>
<ExportFile>exported_banana.der</ExportFile>
<keyusage>allusagesbutNR</keyusage>
<keylabel>banana</keylabel>
<keyalgorithm>RSA</keyalgorithm>
<encrypted>0</encrypted>
</actionbody>
<actionresult>
<return>KErrNone</return>
</actionresult>
</action>
<action>
<actionname>2, Export encrypted</actionname>
<actiontype>exportkey</actiontype>
<actionbody>
<ExportFile>exported_encrypted_banana.der</ExportFile>
<keyusage>allusagesbutNR</keyusage>
<keylabel>banana</keylabel>
<keyalgorithm>RSA</keyalgorithm>
<encrypted>1</encrypted>
<passphrase>export clanger</passphrase>
</actionbody>
<actionresult>
<return>KErrNone</return>
</actionresult>
</action>
<action>
<actionname>3, Check use policy</actionname>
<actiontype>getusepolicy</actiontype>
<actionbody>
<keylabel>banana</keylabel>
</actionbody>
<actionresult>
<policy>
<secureid>0x101FFFFF</secureid>
<capability>DRM</capability>
<capability>ReadUserData</capability>
</policy>
<return>KErrNone</return>
</actionresult>
</action>
<action>
<actionname>4, Set use policy</actionname>
<actiontype>setusepolicy</actiontype>
<actionbody>
<keylabel>banana</keylabel>
<policy>
<capability>ReadUserData</capability>
<capability>WriteUserData</capability>
</policy>
</actionbody>
<actionresult>
<return>KErrNone</return>
</actionresult>
</action>
<action>
<actionname>5, Check use policy</actionname>
<actiontype>getusepolicy</actiontype>
<actionbody>
<keylabel>banana</keylabel>
</actionbody>
<actionresult>
<policy>
<capability>ReadUserData</capability>
<capability>WriteUserData</capability>
</policy>
<return>KErrNone</return>
</actionresult>
</action>
<action>
<actionname>6, Check management policy</actionname>
<actiontype>getmanagementpolicy</actiontype>
<actionbody>
<keylabel>banana</keylabel>
</actionbody>
<actionresult>
<policy>
<capability>DRM</capability>
<capability>ReadUserData</capability>
<capability>WriteUserData</capability>
</policy>
<return>KErrNone</return>
</actionresult>
</action>
<action>
<actionname>7, Set management policy</actionname>
<actiontype>setmanagementpolicy</actiontype>
<actionbody>
<keylabel>banana</keylabel>
<policy>
<capability>ReadUserData</capability>
<capability>WriteUserData</capability>
</policy>
</actionbody>
<actionresult>
<return>KErrNone</return>
</actionresult>
</action>
<action>
<actionname>8, Check management policy</actionname>
<actiontype>getmanagementpolicy</actiontype>
<actionbody>
<keylabel>banana</keylabel>
</actionbody>
<actionresult>
<policy>
<capability>ReadUserData</capability>
<capability>WriteUserData</capability>
</policy>
<return>KErrNone</return>
</actionresult>
</action>
<action>
<actionname>9, Delete key</actionname>
<actiontype>deletekeys</actiontype>
<actionbody>
<keylabel>banana</keylabel>
<deletecount>1</deletecount>
</actionbody>
<actionresult>
<return>KErrNone</return>
</actionresult>
</action>
</passactions>
<failactions>
<action>
<actionname>1, Export</actionname>
<actiontype>exportkey</actiontype>
<actionbody>
<ExportFile>exported_banana.der</ExportFile>
<keyusage>allusagesbutNR</keyusage>
<keylabel>banana</keylabel>
<keyalgorithm>RSA</keyalgorithm>
<encrypted>0</encrypted>
</actionbody>
<actionresult>
<return>KErrPermissionDenied</return>
</actionresult>
</action>
<action>
<actionname>2, Export encrypted</actionname>
<actiontype>exportkey</actiontype>
<actionbody>
<ExportFile>exported_encrypted_banana.der</ExportFile>
<keyusage>allusagesbutNR</keyusage>
<keylabel>banana</keylabel>
<keyalgorithm>RSA</keyalgorithm>
<encrypted>1</encrypted>
</actionbody>
<actionresult>
<return>KErrPermissionDenied</return>
</actionresult>
</action>
<action>
<actionname>3, Set use policy</actionname>
<actiontype>setusepolicy</actiontype>
<actionbody>
<keylabel>banana</keylabel>
<policy>
<capability>ReadUserData</capability>
<capability>WriteUserData</capability>
</policy>
</actionbody>
<actionresult>
<return>KErrPermissionDenied</return>
</actionresult>
</action>
<action>
<actionname>5, Set management policy</actionname>
<actiontype>setmanagementpolicy</actiontype>
<actionbody>
<keylabel>banana</keylabel>
<policy>
<capability>ReadUserData</capability>
<capability>WriteUserData</capability>
</policy>
</actionbody>
<actionresult>
<return>KErrPermissionDenied</return>
</actionresult>
</action>
<action>
<actionname>7, Delete key</actionname>
<actiontype>deletekeys</actiontype>
<actionbody>
<keylabel>banana</keylabel>
</actionbody>
<actionresult>
<return>KErrPermissionDenied</return>
</actionresult>
</action>
</failactions>
<postactions>
<action>
<actionname>4, Close key store</actionname>
<actiontype>delete</actiontype>
<actionbody></actionbody>
<actionresult>
<return>KErrNone</return>
</actionresult>
</action>
</postactions>
</actionbody>
<actionresult>
<return>KErrNone</return>
</actionresult>
</action>
<action>
<actionname>6.3.5, Test mango's management policy enforcement (SID and capabilities)</actionname>
<actiontype>policytest</actiontype>
<actionbody>
<testexe>t_keystore.exe</testexe>
<excludedcapabilities>
<capability>TCB</capability>
</excludedcapabilities>
<policy>
<secureid>0x101F7E95</secureid>
<capability>ReadUserData</capability>
<capability>DRM</capability>
<capability>ReadDeviceData</capability>
</policy>
<preactions>
<action>
<actionname>1, Open key store in manager mode</actionname>
<actiontype>init</actiontype>
<actionbody>
<mode>manager</mode>
</actionbody>
<actionresult>
<return>KErrNone</return>
</actionresult>
</action>
</preactions>
<passactions>
<action>
<actionname>2, Export</actionname>
<actiontype>exportkey</actiontype>
<actionbody>
<ExportFile>exported_mango.der</ExportFile>
<keyusage>DSAUsage</keyusage>
<keylabel>mango</keylabel>
<keyalgorithm>DSA</keyalgorithm>
<encrypted>0</encrypted>
</actionbody>
<actionresult>
<return>KErrNone</return>
</actionresult>
</action>
<action>
<actionname>3, Export encrypted</actionname>
<actiontype>exportkey</actiontype>
<actionbody>
<ExportFile>exported_encrypted_mango.der</ExportFile>
<keyusage>DSAUsage</keyusage>
<keylabel>mango</keylabel>
<keyalgorithm>DSA</keyalgorithm>
<encrypted>1</encrypted>
<passphrase>export clanger</passphrase>
</actionbody>
<actionresult>
<return>KErrNone</return>
</actionresult>
</action>
<action>
<actionname>4, Check use policy</actionname>
<actiontype>getusepolicy</actiontype>
<actionbody>
<keylabel>mango</keylabel>
</actionbody>
<actionresult>
<policy>
<vendorid>0x70000007</vendorid>
<capability>DRM</capability>
<capability>ReadUserData</capability>
</policy>
<return>KErrNone</return>
</actionresult>
</action>
<action>
<actionname>5, Set use policy</actionname>
<actiontype>setusepolicy</actiontype>
<actionbody>
<keylabel>mango</keylabel>
<policy>
<capability>ReadUserData</capability>
<capability>WriteUserData</capability>
</policy>
</actionbody>
<actionresult>
<return>KErrNone</return>
</actionresult>
</action>
<action>
<actionname>6, Check use policy</actionname>
<actiontype>getusepolicy</actiontype>
<actionbody>
<keylabel>mango</keylabel>
</actionbody>
<actionresult>
<policy>
<capability>ReadUserData</capability>
<capability>WriteUserData</capability>
</policy>
<return>KErrNone</return>
</actionresult>
</action>
<action>
<actionname>7, Check management policy</actionname>
<actiontype>getmanagementpolicy</actiontype>
<actionbody>
<keylabel>mango</keylabel>
</actionbody>
<actionresult>
<policy>
<secureid>0x101F7E95</secureid>
<capability>ReadUserData</capability>
<capability>DRM</capability>
<capability>ReadDeviceData</capability>
</policy>
<return>KErrNone</return>
</actionresult>
</action>
<action>
<actionname>8, Set management policy</actionname>
<actiontype>setmanagementpolicy</actiontype>
<actionbody>
<keylabel>mango</keylabel>
<policy>
<capability>DRM</capability>
<capability>ReadDeviceData</capability>
</policy>
</actionbody>
<actionresult>
<return>KErrNone</return>
</actionresult>
</action>
<action>
<actionname>9, Check management policy</actionname>
<actiontype>getmanagementpolicy</actiontype>
<actionbody>
<keylabel>mango</keylabel>
</actionbody>
<actionresult>
<policy>
<capability>DRM</capability>
<capability>ReadDeviceData</capability>
</policy>
<return>KErrNone</return>
</actionresult>
</action>
<action>
<actionname>10, Delete key</actionname>
<actiontype>deletekeys</actiontype>
<actionbody>
<keylabel>mango</keylabel>
<deletecount>1</deletecount>
</actionbody>
<actionresult>
<return>KErrNone</return>
</actionresult>
</action>
</passactions>
<failactions>
<action>
<actionname>2, Export</actionname>
<actiontype>exportkey</actiontype>
<actionbody>
<ExportFile>exported_mango.der</ExportFile>
<keyusage>DSAUsage</keyusage>
<keylabel>mango</keylabel>
<keyalgorithm>DSA</keyalgorithm>
<encrypted>0</encrypted>
</actionbody>
<actionresult>
<return>KErrPermissionDenied</return>
</actionresult>
</action>
<action>
<actionname>3, Export encrypted</actionname>
<actiontype>exportkey</actiontype>
<actionbody>
<ExportFile>exported_encrypted_mango.der</ExportFile>
<keyusage>DSAUsage</keyusage>
<keylabel>mango</keylabel>
<keyalgorithm>DSA</keyalgorithm>
<encrypted>1</encrypted>
</actionbody>
<actionresult>
<return>KErrPermissionDenied</return>
</actionresult>
</action>
<action>
<actionname>4, Set use policy</actionname>
<actiontype>setusepolicy</actiontype>
<actionbody>
<keylabel>mango</keylabel>
<policy>
<capability>ReadUserData</capability>
<capability>WriteUserData</capability>
</policy>
</actionbody>
<actionresult>
<return>KErrPermissionDenied</return>
</actionresult>
</action>
<action>
<actionname>5, Set management policy</actionname>
<actiontype>setmanagementpolicy</actiontype>
<actionbody>
<keylabel>mango</keylabel>
<policy>
<capability>DRM</capability>
<capability>ReadDeviceData</capability>
</policy>
</actionbody>
<actionresult>
<return>KErrPermissionDenied</return>
</actionresult>
</action>
<action>
<actionname>6, Delete key</actionname>
<actiontype>deletekeys</actiontype>
<actionbody>
<keylabel>mango</keylabel>
</actionbody>
<actionresult>
<return>KErrPermissionDenied</return>
</actionresult>
</action>
</failactions>
<postactions>
<action>
<actionname>11, Close key store</actionname>
<actiontype>delete</actiontype>
<actionbody></actionbody>
<actionresult>
<return>KErrNone</return>
</actionresult>
</action>
</postactions>
</actionbody>
<actionresult>
<return>KErrNone</return>
</actionresult>
</action>
<action>
<actionname>6.3.6, Test tomato's management policy enforcement (VID and capabilities)</actionname>
<actiontype>policytest</actiontype>
<actionbody>
<testexe>t_keystore.exe</testexe>
<excludedcapabilities>
<capability>TCB</capability>
</excludedcapabilities>
<policy>
<vendorid>0x70000001</vendorid>
<capability>ReadUserData</capability>
<capability>DRM</capability>
<capability>WriteDeviceData</capability>
</policy>
<preactions>
<action>
<actionname>1, Open key store in manager mode</actionname>
<actiontype>init</actiontype>
<actionbody>
<mode>manager</mode>
</actionbody>
<actionresult>
<return>KErrNone</return>
</actionresult>
</action>
</preactions>
<passactions>
<action>
<actionname>2, Check use policy</actionname>
<actiontype>getusepolicy</actiontype>
<actionbody>
<keylabel>tomato</keylabel>
</actionbody>
<actionresult>
<policy>
<capability>DRM</capability>
<capability>ReadUserData</capability>
<capability>WriteUserData</capability>
<capability>ReadDeviceData</capability>
<capability>WriteDeviceData</capability>
</policy>
<return>KErrNone</return>
</actionresult>
</action>
<action>
<actionname>3, Set use policy</actionname>
<actiontype>setusepolicy</actiontype>
<actionbody>
<keylabel>tomato</keylabel>
<policy>
<capability>ReadUserData</capability>
<capability>WriteUserData</capability>
</policy>
</actionbody>
<actionresult>
<return>KErrNone</return>
</actionresult>
</action>
<action>
<actionname>4, Check use policy</actionname>
<actiontype>getusepolicy</actiontype>
<actionbody>
<keylabel>tomato</keylabel>
</actionbody>
<actionresult>
<policy>
<capability>ReadUserData</capability>
<capability>WriteUserData</capability>
</policy>
<return>KErrNone</return>
</actionresult>
</action>
<action>
<actionname>5, Check management policy</actionname>
<actiontype>getmanagementpolicy</actiontype>
<actionbody>
<keylabel>tomato</keylabel>
</actionbody>
<actionresult>
<policy>
<vendorid>0x70000001</vendorid>
<capability>ReadUserData</capability>
<capability>DRM</capability>
<capability>WriteDeviceData</capability>
</policy>
<return>KErrNone</return>
</actionresult>
</action>
<action>
<actionname>6, Set management policy</actionname>
<actiontype>setmanagementpolicy</actiontype>
<actionbody>
<keylabel>tomato</keylabel>
<policy>
<capability>DRM</capability>
<capability>WriteDeviceData</capability>
</policy>
</actionbody>
<actionresult>
<return>KErrNone</return>
</actionresult>
</action>
<action>
<actionname>7, Check management policy</actionname>
<actiontype>getmanagementpolicy</actiontype>
<actionbody>
<keylabel>tomato</keylabel>
</actionbody>
<actionresult>
<policy>
<capability>DRM</capability>
<capability>WriteDeviceData</capability>
</policy>
<return>KErrNone</return>
</actionresult>
</action>
<action>
<actionname>8, Delete key</actionname>
<actiontype>deletekeys</actiontype>
<actionbody>
<keylabel>tomato</keylabel>
<deletecount>1</deletecount>
</actionbody>
<actionresult>
<return>KErrNone</return>
</actionresult>
</action>
</passactions>
<failactions>
<action>
<actionname>2, Set use policy</actionname>
<actiontype>setusepolicy</actiontype>
<actionbody>
<keylabel>tomato</keylabel>
<policy>
<capability>ReadUserData</capability>
<capability>WriteUserData</capability>
</policy>
</actionbody>
<actionresult>
<return>KErrPermissionDenied</return>
</actionresult>
</action>
<action>
<actionname>3, Set management policy</actionname>
<actiontype>setmanagementpolicy</actiontype>
<actionbody>
<keylabel>tomato</keylabel>
<policy>
<capability>DRM</capability>
<capability>WriteDeviceData</capability>
</policy>
</actionbody>
<actionresult>
<return>KErrPermissionDenied</return>
</actionresult>
</action>
<action>
<actionname>4, Delete key</actionname>
<actiontype>deletekeys</actiontype>
<actionbody>
<keylabel>tomato</keylabel>
</actionbody>
<actionresult>
<return>KErrPermissionDenied</return>
</actionresult>
</action>
</failactions>
<postactions>
<action>
<actionname>9, Close key store</actionname>
<actiontype>delete</actiontype>
<actionbody></actionbody>
<actionresult>
<return>KErrNone</return>
</actionresult>
</action>
</postactions>
</actionbody>
<actionresult>
<return>KErrNone</return>
</actionresult>
</action>
////////////////////////////////////////////////////////////////////////////////
// 7. Test policing of other APIs
////////////////////////////////////////////////////////////////////////////////
<action>
<actionname>7.2, Test policing of create and import by WriteUserData</actionname>
<actiontype>policytest</actiontype>
<actionbody>
<testexe>t_keystore.exe</testexe>
<excludedcapabilities>
<capability>TCB</capability>
</excludedcapabilities>
<policy>
<capability>WriteUserData</capability>
</policy>
<preactions>
<action>
<actionname>1, Open key store</actionname>
<actiontype>init</actiontype>
<actionbody>
<mode>manager</mode>
</actionbody>
<actionresult>
<return>KErrNone</return>
</actionresult>
</action>
</preactions>
<passactions>
<action>
<actionname>2, Create key</actionname>
<actiontype>addkey</actiontype>
<actionbody>
<keyusage>allusagesbutNR</keyusage>
<keysize>512</keysize>
<keylabel>raspberry</keylabel>
<keyalgorithm>RSA</keyalgorithm>
<keyaccesstype>Extractable</keyaccesstype>
<keystore>0</keystore>
</actionbody>
<actionresult>
<return>KErrNone</return>
</actionresult>
</action>
<action>
<actionname>3, Import key</actionname>
<actiontype>importkey</actiontype>
<actionbody>
<ImportData>pkcs8rsa.001</ImportData>
<keyusage>allusagesbutNR</keyusage>
<keylabel>blueberry</keylabel>
<keyaccesstype>Extractable</keyaccesstype>
</actionbody>
<actionresult>
<return>KErrNone</return>
</actionresult>
</action>
</passactions>
<failactions>
<action>
<actionname>2, Create key</actionname>
<actiontype>addkey</actiontype>
<actionbody>
<keyusage>allusagesbutNR</keyusage>
<keysize>512</keysize>
<keylabel>raspberry</keylabel>
<keyalgorithm>RSA</keyalgorithm>
<keyaccesstype>Extractable</keyaccesstype>
<keystore>0</keystore>
</actionbody>
<actionresult>
<return>KErrPermissionDenied</return>
</actionresult>
</action>
<action>
<actionname>3, Import key</actionname>
<actiontype>importkey</actiontype>
<actionbody>
<ImportData>pkcs8rsa.001</ImportData>
<keyusage>allusagesbutNR</keyusage>
<keylabel>blueberry</keylabel>
<keyaccesstype>Extractable</keyaccesstype>
</actionbody>
<actionresult>
<return>KErrPermissionDenied</return>
</actionresult>
</action>
</failactions>
<postactions>
<action>
<actionname>5, Close key store</actionname>
<actiontype>delete</actiontype>
<actionbody></actionbody>
<actionresult>
<return>KErrNone</return>
</actionresult>
</action>
</postactions>
</actionbody>
<actionresult>
<return>KErrNone</return>
</actionresult>
</action>
<action>
<actionname>7.3, Test policing of list by ReadUserData</actionname>
<actiontype>policytest</actiontype>
<actionbody>
<testexe>t_keystore.exe</testexe>
<excludedcapabilities>
<capability>TCB</capability>
</excludedcapabilities>
<policy>
<capability>ReadUserData</capability>
</policy>
<preactions>
<action>
<actionname>1, Open key store</actionname>
<actiontype>init</actiontype>
<actionbody>
<mode>manager</mode>
</actionbody>
<actionresult>
<return>KErrNone</return>
</actionresult>
</action>
</preactions>
<passactions>
<action>
<actionname>2, List keys</actionname>
<actiontype>listkeys</actiontype>
<actionbody>
<foundkey>raspberry</foundkey>
<foundkey>blueberry</foundkey>
</actionbody>
<actionresult>
<return>KErrNone</return>
</actionresult>
</action>
</passactions>
<failactions>
<action>
<actionname>2, List keys</actionname>
<actiontype>listkeys</actiontype>
<actionbody>
</actionbody>
<actionresult>
<return>KErrPermissionDenied</return>
</actionresult>
</action>
</failactions>
<postactions>
<action>
<actionname>4, Close key store</actionname>
<actiontype>delete</actiontype>
<actionbody></actionbody>
<actionresult>
<return>KErrNone</return>
</actionresult>
</action>
</postactions>
</actionbody>
<actionresult>
<return>KErrNone</return>
</actionresult>
</action>
////////////////////////////////////////////////////////////////////////////////
// Cleanup
////////////////////////////////////////////////////////////////////////////////
<action>
<actionname>8.0, List keys</actionname>
<actiontype>listkeys</actiontype>
<actionbody>
<foundkey>raspberry</foundkey>
<foundkey>blueberry</foundkey>
</actionbody>
<actionresult>
<return>KErrNone</return>
</actionresult>
</action>
<action>
<actionname>8.1, Delete keys</actionname>
<actiontype>deletekeys</actiontype>
<actionbody>
<deletecount>2</deletecount>
</actionbody>
<actionresult>
<return>KErrNone</return>
</actionresult>
</action>
<action>
<actionname>8.2, Close key store</actionname>
<actiontype>delete</actiontype>
<actionbody></actionbody>
<actionresult>
<return>KErrNone</return>
</actionresult>
</action>
<action>
<actionname>8.3, Sleep 5 seconds</actionname>
<actiontype>sleep</actiontype>
<actionbody>
<seconds>5</seconds>
</actionbody>
<actionresult>
<return>KErrNone</return>
</actionresult>
</action>
<action>
<actionname>8.4, Check for server heap error</actionname>
<actiontype>checkserverheaperror</actiontype>
<actionbody>
</actionbody>
<actionresult>
<return>KErrNone</return>
</actionresult>
</action>