2 * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
18 * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
20 * @brief Sample service implementation.
22 #include <dpl/serialization.h>
23 #include <dpl/log/log.h>
24 #include <ckm/ckm-error.h>
25 #include <ckm/ckm-type.h>
26 #include <key-provider.h>
27 #include <file-system.h>
28 #include <CryptoService.h>
29 #include <ckm-logic.h>
30 #include <generic-key.h>
33 const char * const CERT_SYSTEM_DIR = "/etc/ssl/certs";
34 } // anonymous namespace
40 int retCode = FileSystem::init();
41 // TODO what can I do when init went wrong? exit(-1) ??
43 LogError("Fatal error in FileSystem::init()");
46 if (CKM_API_SUCCESS != m_certStore.setSystemCertificateDir(CERT_SYSTEM_DIR)) {
47 LogError("Fatal error in CertificateStore::setSystemCertificateDir. Chain creation will not work");
51 CKMLogic::~CKMLogic(){}
53 SafeBuffer CKMLogic::unlockUserKey(uid_t user, const std::string &password) {
54 // TODO try catch for all errors that should be supported by error code
55 int retCode = CKM_API_SUCCESS;
58 if (0 == m_userDataMap.count(user) || !(m_userDataMap[user].keyProvider.isInitialized())) {
59 auto &handle = m_userDataMap[user];
61 auto wrappedDomainKEK = fs.getDomainKEK();
63 if (wrappedDomainKEK.empty()) {
64 wrappedDomainKEK = KeyProvider::generateDomainKEK(std::to_string(user), password);
65 fs.saveDomainKEK(wrappedDomainKEK);
68 handle.keyProvider = KeyProvider(wrappedDomainKEK, password);
70 SafeBuffer key = handle.keyProvider.getPureDomainKEK();
71 handle.database = DBCrypto(fs.getDBPath(), key);
72 handle.crypto = CryptoLogic();
75 } catch (const KeyProvider::Exception::PassWordError &e) {
76 LogError("Incorrect Password " << e.GetMessage());
77 retCode = CKM_API_ERROR_AUTHENTICATION_FAILED;
78 } catch (const KeyProvider::Exception::Base &e) {
79 LogError("Error in KeyProvider " << e.GetMessage());
80 retCode = CKM_API_ERROR_SERVER_ERROR;
81 } catch (const CryptoLogic::Exception::Base &e) {
82 LogError("CryptoLogic error: " << e.GetMessage());
83 retCode = CKM_API_ERROR_SERVER_ERROR;
84 } catch (const CKM::Exception &e) {
85 LogError("CKM::Exception: " << e.GetMessage());
86 retCode = CKM_API_ERROR_SERVER_ERROR;
89 MessageBuffer response;
90 Serialization::Serialize(response, retCode);
91 return response.Pop();
94 SafeBuffer CKMLogic::lockUserKey(uid_t user) {
95 int retCode = CKM_API_SUCCESS;
96 // TODO try catch for all errors that should be supported by error code
97 m_userDataMap.erase(user);
99 MessageBuffer response;
100 Serialization::Serialize(response, retCode);
101 return response.Pop();
104 SafeBuffer CKMLogic::removeUserData(uid_t user) {
105 int retCode = CKM_API_SUCCESS;
106 // TODO try catch for all errors that should be supported by error code
107 m_userDataMap.erase(user);
112 MessageBuffer response;
113 Serialization::Serialize(response, retCode);
114 return response.Pop();
117 SafeBuffer CKMLogic::changeUserPassword(
119 const std::string &oldPassword,
120 const std::string &newPassword)
122 int retCode = CKM_API_SUCCESS;
125 auto wrappedDomainKEK = fs.getDomainKEK();
126 if (wrappedDomainKEK.empty()) {
127 retCode = CKM_API_ERROR_BAD_REQUEST;
129 wrappedDomainKEK = KeyProvider::reencrypt(wrappedDomainKEK, oldPassword, newPassword);
130 fs.saveDomainKEK(wrappedDomainKEK);
132 } catch (const KeyProvider::Exception::PassWordError &e) {
133 LogError("Incorrect Password " << e.GetMessage());
134 retCode = CKM_API_ERROR_AUTHENTICATION_FAILED;
135 } catch (const KeyProvider::Exception::Base &e) {
136 LogError("Error in KeyProvider " << e.GetMessage());
137 retCode = CKM_API_ERROR_SERVER_ERROR;
138 } catch (const CKM::Exception &e) {
139 LogError("CKM::Exception: " << e.GetMessage());
140 retCode = CKM_API_ERROR_SERVER_ERROR;
143 MessageBuffer response;
144 Serialization::Serialize(response, retCode);
145 return response.Pop();
148 SafeBuffer CKMLogic::resetUserPassword(
150 const std::string &newPassword)
152 int retCode = CKM_API_SUCCESS;
154 if (0 == m_userDataMap.count(user)) {
155 retCode = CKM_API_ERROR_BAD_REQUEST;
157 auto &handler = m_userDataMap[user];
159 fs.saveDomainKEK(handler.keyProvider.getWrappedDomainKEK(newPassword));
162 MessageBuffer response;
163 Serialization::Serialize(response, retCode);
164 return response.Pop();
167 int CKMLogic::saveDataHelper(
171 const SafeBuffer &key,
172 const PolicySerializable &policy)
174 if (0 == m_userDataMap.count(cred.uid))
175 return CKM_API_ERROR_DB_LOCKED;
177 DBRow row = { alias, cred.smackLabel, policy.restricted,
178 policy.extractable, dataType, DBCMAlgType::NONE,
179 0, SafeBuffer(), static_cast<int>(key.size()), key };
181 auto &handler = m_userDataMap[cred.uid];
182 DBCrypto::Transaction transaction(&handler.database);
183 if (!handler.crypto.haveKey(cred.smackLabel)) {
185 auto key_optional = handler.database.getKey(cred.smackLabel);
187 LogDebug("No Key in database found. Generating new one for label: "
189 key = handler.keyProvider.generateDEK(cred.smackLabel);
190 handler.database.saveKey(cred.smackLabel, key);
192 LogDebug("Key from DB");
196 key = handler.keyProvider.getPureDEK(key);
197 handler.crypto.pushKey(cred.smackLabel, key);
199 handler.crypto.encryptRow(policy.password, row);
200 handler.database.saveDBRow(row);
201 transaction.commit();
202 return CKM_API_SUCCESS;
205 SafeBuffer CKMLogic::saveData(
210 const SafeBuffer &key,
211 const PolicySerializable &policy)
213 int retCode = CKM_API_SUCCESS;
215 retCode = saveDataHelper(cred, dataType, alias, key, policy);
216 LogDebug("SaveDataHelper returned: " << retCode);
217 } catch (const KeyProvider::Exception::Base &e) {
218 LogError("KeyProvider failed with message: " << e.GetMessage());
219 retCode = CKM_API_ERROR_SERVER_ERROR;
220 } catch (const CryptoLogic::Exception::Base &e) {
221 LogError("CryptoLogic failed with message: " << e.GetMessage());
222 retCode = CKM_API_ERROR_SERVER_ERROR;
223 } catch (const DBCrypto::Exception::InternalError &e) {
224 LogError("DBCrypto failed with message: " << e.GetMessage());
225 retCode = CKM_API_ERROR_DB_ERROR;
226 } catch (const DBCrypto::Exception::AliasExists &e) {
227 LogError("DBCrypto couldn't save duplicate alias");
228 retCode = CKM_API_ERROR_DB_ALIAS_EXISTS;
229 } catch (const DBCrypto::Exception::TransactionError &e) {
230 LogError("DBCrypto transaction failed with message " << e.GetMessage());
231 retCode = CKM_API_ERROR_DB_ERROR;
234 MessageBuffer response;
235 Serialization::Serialize(response, static_cast<int>(LogicCommand::SAVE));
236 Serialization::Serialize(response, commandId);
237 Serialization::Serialize(response, retCode);
238 Serialization::Serialize(response, static_cast<int>(dataType));
240 return response.Pop();
243 SafeBuffer CKMLogic::removeData(
249 int retCode = CKM_API_SUCCESS;
251 if (0 < m_userDataMap.count(cred.uid)) {
252 // check if the data exists or not
253 DBCrypto::DBRowOptional row_optional;
254 if (dataType == DBDataType::CERTIFICATE || dataType == DBDataType::BINARY_DATA) {
255 row_optional = m_userDataMap[cred.uid].database.getDBRow(alias, cred.smackLabel, dataType);
256 } else if ((static_cast<int>(dataType) >= static_cast<int>(DBDataType::DB_KEY_FIRST))
257 && (static_cast<int>(dataType) <= static_cast<int>(DBDataType::DB_KEY_LAST)))
259 row_optional = m_userDataMap[cred.uid].database.getKeyDBRow(alias, cred.smackLabel);
261 LogError("Unknown type of requested data" << (int)dataType);
262 retCode = CKM_API_ERROR_BAD_REQUEST;
265 LogError("No row for given alias, label and type");
266 retCode = CKM_API_ERROR_DB_ALIAS_UNKNOWN;
269 // remove if the data exists
270 if(retCode == CKM_API_SUCCESS) {
272 m_userDataMap[cred.uid].database.deleteDBRow(alias, cred.smackLabel);
273 } Catch (CKM::Exception) {
274 LogError("Error in deleting row!");
275 retCode = CKM_API_ERROR_DB_ERROR;
279 retCode = CKM_API_ERROR_DB_LOCKED;
282 MessageBuffer response;
283 Serialization::Serialize(response, static_cast<int>(LogicCommand::REMOVE));
284 Serialization::Serialize(response, commandId);
285 Serialization::Serialize(response, retCode);
286 Serialization::Serialize(response, static_cast<int>(dataType));
288 return response.Pop();
291 int CKMLogic::getDataHelper(
295 const std::string &password,
299 if (0 == m_userDataMap.count(cred.uid))
300 return CKM_API_ERROR_DB_LOCKED;
302 auto &handler = m_userDataMap[cred.uid];
304 DBCrypto::DBRowOptional row_optional;
305 if (dataType == DBDataType::CERTIFICATE || dataType == DBDataType::BINARY_DATA) {
306 row_optional = handler.database.getDBRow(alias, cred.smackLabel, dataType);
307 } else if ((static_cast<int>(dataType) >= static_cast<int>(DBDataType::DB_KEY_FIRST))
308 && (static_cast<int>(dataType) <= static_cast<int>(DBDataType::DB_KEY_LAST)))
310 row_optional = handler.database.getKeyDBRow(alias, cred.smackLabel);
312 LogError("Unknown type of requested data" << (int)dataType);
313 return CKM_API_ERROR_BAD_REQUEST;
316 LogError("No row for given alias, label and type");
317 return CKM_API_ERROR_DB_ALIAS_UNKNOWN;
322 if (!handler.crypto.haveKey(row.smackLabel)) {
324 auto key_optional = handler.database.getKey(row.smackLabel);
326 LogError("No key for given label in database");
327 return CKM_API_ERROR_DB_ERROR;
330 key = handler.keyProvider.getPureDEK(key);
331 handler.crypto.pushKey(cred.smackLabel, key);
333 handler.crypto.decryptRow(password, row);
335 return CKM_API_SUCCESS;
338 SafeBuffer CKMLogic::getData(
343 const std::string &password)
345 int retCode = CKM_API_SUCCESS;
349 retCode = getDataHelper(cred, dataType, alias, password, row);
350 } catch (const KeyProvider::Exception::Base &e) {
351 LogError("KeyProvider failed with error: " << e.GetMessage());
352 retCode = CKM_API_ERROR_SERVER_ERROR;
353 } catch (const CryptoLogic::Exception::Base &e) {
354 LogError("CryptoLogic failed with message: " << e.GetMessage());
355 retCode = CKM_API_ERROR_SERVER_ERROR;
356 } catch (const DBCrypto::Exception::Base &e) {
357 LogError("DBCrypto failed with message: " << e.GetMessage());
358 retCode = CKM_API_ERROR_DB_ERROR;
361 if (CKM_API_SUCCESS != retCode) {
363 row.dataType = dataType;
366 MessageBuffer response;
367 Serialization::Serialize(response, static_cast<int>(LogicCommand::GET));
368 Serialization::Serialize(response, commandId);
369 Serialization::Serialize(response, retCode);
370 Serialization::Serialize(response, static_cast<int>(row.dataType));
371 Serialization::Serialize(response, row.data);
372 return response.Pop();
375 SafeBuffer CKMLogic::getDataList(
380 int retCode = CKM_API_SUCCESS;
381 AliasVector aliasVector;
383 if (0 < m_userDataMap.count(cred.uid)) {
384 auto &handler = m_userDataMap[cred.uid];
386 if (dataType == DBDataType::CERTIFICATE || dataType == DBDataType::BINARY_DATA) {
387 handler.database.getAliases(dataType, cred.smackLabel, aliasVector);
389 handler.database.getKeyAliases(cred.smackLabel, aliasVector);
391 } Catch (CKM::Exception) {
392 LogError("Failed to get aliases");
393 retCode = CKM_API_ERROR_DB_ERROR;
396 retCode = CKM_API_ERROR_DB_LOCKED;
399 MessageBuffer response;
400 Serialization::Serialize(response, static_cast<int>(LogicCommand::GET_LIST));
401 Serialization::Serialize(response, commandId);
402 Serialization::Serialize(response, retCode);
403 Serialization::Serialize(response, static_cast<int>(dataType));
404 Serialization::Serialize(response, aliasVector);
405 return response.Pop();
408 int CKMLogic::createKeyPairRSAHelper(
411 const Alias &aliasPrivate,
412 const Alias &aliasPublic,
413 const PolicySerializable &policyPrivate,
414 const PolicySerializable &policyPublic)
416 if (0 >= m_userDataMap.count(cred.uid))
417 return CKM_API_ERROR_DB_LOCKED;
419 auto &handler = m_userDataMap[cred.uid];
423 if (CKM_CRYPTO_CREATEKEY_SUCCESS !=
424 (retCode = CryptoService::createKeyPairRSA(size, prv, pub)))
426 LogDebug("CryptoService error with code: " << retCode);
427 return CKM_API_ERROR_SERVER_ERROR; // TODO error code
430 DBCrypto::Transaction transaction(&handler.database);
431 retCode = saveDataHelper(cred,
432 toDBDataType(prv.getType()),
437 if (CKM_API_SUCCESS != retCode)
440 retCode = saveDataHelper(cred,
441 toDBDataType(pub.getType()),
446 if (CKM_API_SUCCESS != retCode)
449 transaction.commit();
454 SafeBuffer CKMLogic::createKeyPairRSA(
458 const Alias &aliasPrivate,
459 const Alias &aliasPublic,
460 const PolicySerializable &policyPrivate,
461 const PolicySerializable &policyPublic)
463 int retCode = CKM_API_SUCCESS;
466 retCode = createKeyPairRSAHelper(
474 } catch (DBCrypto::Exception::AliasExists &e) {
475 LogDebug("DBCrypto error: alias exists: " << e.GetMessage());
476 retCode = CKM_API_ERROR_DB_ALIAS_EXISTS;
477 } catch (DBCrypto::Exception::TransactionError &e) {
478 LogDebug("DBCrypto error: transaction error: " << e.GetMessage());
479 retCode = CKM_API_ERROR_DB_ERROR;
480 } catch (CKM::CryptoLogic::Exception::Base &e) {
481 LogDebug("CryptoLogic error: " << e.GetMessage());
482 retCode = CKM_API_ERROR_SERVER_ERROR;
483 } catch (DBCrypto::Exception::InternalError &e) {
484 LogDebug("DBCrypto internal error: " << e.GetMessage());
485 retCode = CKM_API_ERROR_DB_ERROR;
488 MessageBuffer response;
489 Serialization::Serialize(response, static_cast<int>(LogicCommand::CREATE_KEY_PAIR_RSA));
490 Serialization::Serialize(response, commandId);
491 Serialization::Serialize(response, retCode);
493 return response.Pop();
496 int CKMLogic::createKeyPairECDSAHelper(
499 const Alias &aliasPrivate,
500 const Alias &aliasPublic,
501 const PolicySerializable &policyPrivate,
502 const PolicySerializable &policyPublic)
504 if (0 >= m_userDataMap.count(cred.uid))
505 return CKM_API_ERROR_DB_LOCKED;
507 auto &handler = m_userDataMap[cred.uid];
511 if (CKM_CRYPTO_CREATEKEY_SUCCESS !=
512 (retCode = CryptoService::createKeyPairECDSA(static_cast<ElipticCurve>(type), prv, pub)))
514 LogError("CryptoService failed with code: " << retCode);
515 return CKM_API_ERROR_SERVER_ERROR; // TODO error code
518 DBCrypto::Transaction transaction(&handler.database);
520 retCode = saveDataHelper(cred,
521 toDBDataType(prv.getType()),
526 if (CKM_API_SUCCESS != retCode)
529 retCode = saveDataHelper(cred,
530 toDBDataType(pub.getType()),
535 if (CKM_API_SUCCESS != retCode)
538 transaction.commit();
543 SafeBuffer CKMLogic::createKeyPairECDSA(
547 const Alias &aliasPrivate,
548 const Alias &aliasPublic,
549 const PolicySerializable &policyPrivate,
550 const PolicySerializable &policyPublic)
552 int retCode = CKM_API_SUCCESS;
555 retCode = createKeyPairECDSAHelper(
562 } catch (const DBCrypto::Exception::AliasExists &e) {
563 LogDebug("DBCrypto error: alias exists: " << e.GetMessage());
564 retCode = CKM_API_ERROR_DB_ALIAS_EXISTS;
565 } catch (const DBCrypto::Exception::TransactionError &e) {
566 LogDebug("DBCrypto error: transaction error: " << e.GetMessage());
567 retCode = CKM_API_ERROR_DB_ERROR;
568 } catch (const CKM::CryptoLogic::Exception::Base &e) {
569 LogDebug("CryptoLogic error: " << e.GetMessage());
570 retCode = CKM_API_ERROR_SERVER_ERROR;
571 } catch (const DBCrypto::Exception::InternalError &e) {
572 LogDebug("DBCrypto internal error: " << e.GetMessage());
573 retCode = CKM_API_ERROR_DB_ERROR;
576 MessageBuffer response;
577 Serialization::Serialize(response, static_cast<int>(LogicCommand::CREATE_KEY_PAIR_RSA));
578 Serialization::Serialize(response, commandId);
579 Serialization::Serialize(response, retCode);
581 return response.Pop();
584 SafeBuffer CKMLogic::getCertificateChain(
587 const SafeBuffer &certificate,
588 const SafeBufferVector &untrustedRawCertVector)
592 CertificateImpl cert(certificate, DataFormat::FORM_DER);
593 CertificateImplVector untrustedCertVector;
594 CertificateImplVector chainVector;
595 SafeBufferVector chainRawVector;
597 for (auto &e: untrustedRawCertVector)
598 untrustedCertVector.push_back(CertificateImpl(e, DataFormat::FORM_DER));
600 LogDebug("Cert is empty: " << cert.empty());
602 int retCode = m_certStore.verifyCertificate(cert, untrustedCertVector, chainVector);
604 if (retCode == CKM_API_SUCCESS) {
605 for (auto &e : chainVector)
606 chainRawVector.push_back(e.getDERSB());
609 MessageBuffer response;
610 Serialization::Serialize(response, static_cast<int>(LogicCommand::GET_CHAIN_CERT));
611 Serialization::Serialize(response, commandId);
612 Serialization::Serialize(response, retCode);
613 Serialization::Serialize(response, chainRawVector);
614 return response.Pop();
617 SafeBuffer CKMLogic::getCertificateChain(
620 const SafeBuffer &certificate,
621 const AliasVector &aliasVector)
623 int retCode = CKM_API_SUCCESS;
624 SafeBufferVector chainRawVector;
626 CertificateImpl cert(certificate, DataFormat::FORM_DER);
627 CertificateImplVector untrustedCertVector;
628 CertificateImplVector chainVector;
632 retCode = CKM_API_ERROR_SERVER_ERROR;
636 for (auto &i: aliasVector) {
637 retCode = getDataHelper(cred, DBDataType::CERTIFICATE, i, std::string(), row);
639 if (retCode != CKM_API_SUCCESS)
642 untrustedCertVector.push_back(CertificateImpl(row.data, DataFormat::FORM_DER));
645 retCode = m_certStore.verifyCertificate(cert, untrustedCertVector, chainVector);
647 if (retCode != CKM_API_SUCCESS)
650 for (auto &i: chainVector)
651 chainRawVector.push_back(i.getDERSB());
653 } catch (const CryptoLogic::Exception::Base &e) {
654 LogError("DBCyptorModule failed with message: " << e.GetMessage());
655 retCode = CKM_API_ERROR_SERVER_ERROR;
656 } catch (const DBCrypto::Exception::Base &e) {
657 LogError("DBCrypto failed with message: " << e.GetMessage());
658 retCode = CKM_API_ERROR_DB_ERROR;
660 LogError("Unknown error.");
664 MessageBuffer response;
665 Serialization::Serialize(response, static_cast<int>(LogicCommand::GET_CHAIN_ALIAS));
666 Serialization::Serialize(response, commandId);
667 Serialization::Serialize(response, retCode);
668 Serialization::Serialize(response, chainRawVector);
669 return response.Pop();
672 SafeBuffer CKMLogic::createSignature(
675 const Alias &privateKeyAlias,
676 const std::string &password, // password for private_key
677 const SafeBuffer &message,
678 const HashAlgorithm hash,
679 const RSAPaddingAlgorithm padding)
683 SafeBuffer signature;
685 int retCode = CKM_API_SUCCESS;
689 retCode = getDataHelper(cred, DBDataType::KEY_RSA_PUBLIC, privateKeyAlias, password, row);
690 if (CKM_API_SUCCESS != retCode) {
691 LogError("getDataHelper return error");
695 GenericKey keyParsed(row.data, std::string());
696 if (keyParsed.empty())
697 retCode = CKM_API_ERROR_SERVER_ERROR;
699 cs.createSignature(keyParsed, message, hash, padding, signature);
701 } catch (const KeyProvider::Exception::Base &e) {
702 LogError("KeyProvider failed with message: " << e.GetMessage());
703 retCode = CKM_API_ERROR_SERVER_ERROR;
704 } catch (const CryptoLogic::Exception::Base &e) {
705 LogError("CryptoLogic failed with message: " << e.GetMessage());
706 retCode = CKM_API_ERROR_SERVER_ERROR;
707 } catch (const DBCrypto::Exception::Base &e) {
708 LogError("DBCrypto failed with message: " << e.GetMessage());
709 retCode = CKM_API_ERROR_DB_ERROR;
710 } catch (const CKM::Exception &e) {
711 LogError("Unknown CKM::Exception: " << e.GetMessage());
712 retCode = CKM_API_ERROR_SERVER_ERROR;
715 MessageBuffer response;
716 Serialization::Serialize(response, static_cast<int>(LogicCommand::CREATE_SIGNATURE));
717 Serialization::Serialize(response, commandId);
718 Serialization::Serialize(response, retCode);
719 Serialization::Serialize(response, signature);
720 return response.Pop();
723 SafeBuffer CKMLogic::verifySignature(
726 const Alias &publicKeyOrCertAlias,
727 const std::string &password, // password for public_key (optional)
728 const SafeBuffer &message,
729 const SafeBuffer &signature,
730 const HashAlgorithm hash,
731 const RSAPaddingAlgorithm padding)
733 int retCode = CKM_API_ERROR_VERIFICATION_FAILED;
741 retCode = getDataHelper(cred, DBDataType::DB_KEY_FIRST, publicKeyOrCertAlias, password, row);
743 if (retCode == CKM_API_SUCCESS) {
744 key = GenericKey(row.data);
745 } else if (retCode == CKM_API_ERROR_DB_ALIAS_UNKNOWN) {
746 retCode = getDataHelper(cred, DBDataType::CERTIFICATE, publicKeyOrCertAlias, password, row);
747 if (retCode != CKM_API_SUCCESS)
749 CertificateImpl cert(row.data, DataFormat::FORM_DER);
750 key = cert.getGenericKey();
756 retCode = CKM_API_ERROR_SERVER_ERROR;
760 retCode = cs.verifySignature(key, message, signature, hash, padding);
762 } catch (const CryptoService::Exception::Crypto_internal &e) {
763 LogError("KeyProvider failed with message: " << e.GetMessage());
764 retCode = CKM_API_ERROR_SERVER_ERROR;
765 } catch (const CryptoService::Exception::opensslError &e) {
766 LogError("KeyProvider failed with message: " << e.GetMessage());
767 retCode = CKM_API_ERROR_SERVER_ERROR;
768 } catch (const KeyProvider::Exception::Base &e) {
769 LogError("KeyProvider failed with error: " << e.GetMessage());
770 retCode = CKM_API_ERROR_SERVER_ERROR;
771 } catch (const CryptoLogic::Exception::Base &e) {
772 LogError("CryptoLogic failed with message: " << e.GetMessage());
773 retCode = CKM_API_ERROR_SERVER_ERROR;
774 } catch (const DBCrypto::Exception::Base &e) {
775 LogError("DBCrypto failed with message: " << e.GetMessage());
776 retCode = CKM_API_ERROR_DB_ERROR;
777 } catch (const CKM::Exception &e) {
778 LogError("Unknown CKM::Exception: " << e.GetMessage());
779 retCode = CKM_API_ERROR_SERVER_ERROR;
782 MessageBuffer response;
783 Serialization::Serialize(response, static_cast<int>(LogicCommand::VERIFY_SIGNATURE));
784 Serialization::Serialize(response, commandId);
785 Serialization::Serialize(response, retCode);
787 return response.Pop();