2 * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
18 * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
20 * @brief Sample service implementation.
22 #include <dpl/serialization.h>
23 #include <dpl/log/log.h>
24 #include <ckm/ckm-error.h>
25 #include <ckm/ckm-type.h>
26 #include <key-provider.h>
27 #include <file-system.h>
28 #include <CryptoService.h>
29 #include <ckm-logic.h>
33 const char * const CERT_SYSTEM_DIR = "/etc/ssl/certs";
34 } // anonymous namespace
40 int retCode = FileSystem::init();
41 // TODO what can I do when init went wrong? exit(-1) ??
43 LogError("Fatal error in FileSystem::init()");
46 if (CKM_API_SUCCESS != m_certStore.setSystemCertificateDir(CERT_SYSTEM_DIR)) {
47 LogError("Fatal error in CertificateStore::setSystemCertificateDir. Chain creation will not work");
51 CKMLogic::~CKMLogic(){}
53 RawBuffer CKMLogic::unlockUserKey(uid_t user, const Password &password) {
54 // TODO try catch for all errors that should be supported by error code
55 int retCode = CKM_API_SUCCESS;
58 if (0 == m_userDataMap.count(user) || !(m_userDataMap[user].keyProvider.isInitialized())) {
59 auto &handle = m_userDataMap[user];
61 auto wrappedDomainKEK = fs.getDKEK();
63 if (wrappedDomainKEK.empty()) {
64 wrappedDomainKEK = KeyProvider::generateDomainKEK(std::to_string(user), password);
65 fs.saveDKEK(wrappedDomainKEK);
68 handle.keyProvider = KeyProvider(wrappedDomainKEK, password);
70 auto wrappedDatabaseDEK = fs.getDBDEK();
72 if (wrappedDatabaseDEK.empty()) {
73 wrappedDatabaseDEK = handle.keyProvider.generateDEK(std::to_string(user));
74 fs.saveDBDEK(wrappedDatabaseDEK);
77 RawBuffer key = handle.keyProvider.getPureDEK(wrappedDatabaseDEK);
78 handle.database = DBCrypto(fs.getDBPath(), key);
79 handle.crypto = CryptoLogic();
81 // remove data of removed apps during locked state
82 AppLabelVector removedApps = fs.clearRemovedsApps();
83 for(auto& appSmackLabel : removedApps) {
84 handle.database.deleteKey(appSmackLabel);
89 } catch (const KeyProvider::Exception::PassWordError &e) {
90 LogError("Incorrect Password " << e.GetMessage());
91 retCode = CKM_API_ERROR_AUTHENTICATION_FAILED;
92 } catch (const KeyProvider::Exception::Base &e) {
93 LogError("Error in KeyProvider " << e.GetMessage());
94 retCode = CKM_API_ERROR_SERVER_ERROR;
95 } catch (const CryptoLogic::Exception::Base &e) {
96 LogError("CryptoLogic error: " << e.GetMessage());
97 retCode = CKM_API_ERROR_SERVER_ERROR;
98 } catch (const CKM::Exception &e) {
99 LogError("CKM::Exception: " << e.GetMessage());
100 retCode = CKM_API_ERROR_SERVER_ERROR;
103 if(retCode != CKM_API_SUCCESS) {
104 // When not successful, UserData in m_userDataMap should be erased.
105 // Because other operations make decision based on the existence of UserData in m_userDataMap.
106 m_userDataMap.erase(user);
109 MessageBuffer response;
110 Serialization::Serialize(response, retCode);
111 return response.Pop();
114 RawBuffer CKMLogic::lockUserKey(uid_t user) {
115 int retCode = CKM_API_SUCCESS;
116 // TODO try catch for all errors that should be supported by error code
117 m_userDataMap.erase(user);
119 MessageBuffer response;
120 Serialization::Serialize(response, retCode);
121 return response.Pop();
124 RawBuffer CKMLogic::removeUserData(uid_t user) {
125 int retCode = CKM_API_SUCCESS;
126 // TODO try catch for all errors that should be supported by error code
127 m_userDataMap.erase(user);
132 MessageBuffer response;
133 Serialization::Serialize(response, retCode);
134 return response.Pop();
137 RawBuffer CKMLogic::changeUserPassword(
139 const Password &oldPassword,
140 const Password &newPassword)
142 int retCode = CKM_API_SUCCESS;
145 auto wrappedDomainKEK = fs.getDKEK();
146 if (wrappedDomainKEK.empty()) {
147 retCode = CKM_API_ERROR_BAD_REQUEST;
149 wrappedDomainKEK = KeyProvider::reencrypt(wrappedDomainKEK, oldPassword, newPassword);
150 fs.saveDKEK(wrappedDomainKEK);
152 } catch (const KeyProvider::Exception::PassWordError &e) {
153 LogError("Incorrect Password " << e.GetMessage());
154 retCode = CKM_API_ERROR_AUTHENTICATION_FAILED;
155 } catch (const KeyProvider::Exception::Base &e) {
156 LogError("Error in KeyProvider " << e.GetMessage());
157 retCode = CKM_API_ERROR_SERVER_ERROR;
158 } catch (const CKM::Exception &e) {
159 LogError("CKM::Exception: " << e.GetMessage());
160 retCode = CKM_API_ERROR_SERVER_ERROR;
163 MessageBuffer response;
164 Serialization::Serialize(response, retCode);
165 return response.Pop();
168 RawBuffer CKMLogic::resetUserPassword(
170 const Password &newPassword)
172 int retCode = CKM_API_SUCCESS;
174 if (0 == m_userDataMap.count(user)) {
175 retCode = CKM_API_ERROR_BAD_REQUEST;
177 auto &handler = m_userDataMap[user];
179 fs.saveDKEK(handler.keyProvider.getWrappedDomainKEK(newPassword));
182 MessageBuffer response;
183 Serialization::Serialize(response, retCode);
184 return response.Pop();
187 RawBuffer CKMLogic::removeApplicationData(const std::string &smackLabel) {
188 int retCode = CKM_API_SUCCESS;
192 if (smackLabel.empty()) {
193 retCode = CKM_API_ERROR_INPUT_PARAM;
195 UidVector uids = FileSystem::getUIDsFromDBFile();
196 for (auto userId : uids) {
197 if (0 == m_userDataMap.count(userId)) {
198 FileSystem fs(userId);
199 fs.addRemovedApp(smackLabel);
201 auto &handle = m_userDataMap[userId];
202 handle.database.deleteKey(smackLabel);
207 } catch (const DBCrypto::Exception::InternalError &e) {
208 LogError("DBCrypto couldn't remove data: " << e.GetMessage());
209 retCode = CKM_API_ERROR_DB_ERROR;
210 } catch (const DBCrypto::Exception::TransactionError &e) {
211 LogError("DBCrypto transaction failed with message " << e.GetMessage());
212 retCode = CKM_API_ERROR_DB_ERROR;
215 MessageBuffer response;
216 Serialization::Serialize(response, retCode);
217 return response.Pop();
220 int CKMLogic::saveDataHelper(
224 const RawBuffer &key,
225 const PolicySerializable &policy)
227 if (0 == m_userDataMap.count(cred.uid))
228 return CKM_API_ERROR_DB_LOCKED;
230 DBRow row = { alias, cred.smackLabel,
231 policy.extractable, dataType, DBCMAlgType::NONE,
232 0, RawBuffer(), static_cast<int>(key.size()), key, RawBuffer() };
234 auto &handler = m_userDataMap[cred.uid];
235 DBCrypto::Transaction transaction(&handler.database);
236 if (!handler.crypto.haveKey(cred.smackLabel)) {
238 auto key_optional = handler.database.getKey(cred.smackLabel);
240 LogDebug("No Key in database found. Generating new one for label: "
242 key = handler.keyProvider.generateDEK(cred.smackLabel);
243 handler.database.saveKey(cred.smackLabel, key);
245 LogDebug("Key from DB");
249 key = handler.keyProvider.getPureDEK(key);
250 handler.crypto.pushKey(cred.smackLabel, key);
252 handler.crypto.encryptRow(policy.password, row);
253 handler.database.saveDBRow(row);
254 transaction.commit();
255 return CKM_API_SUCCESS;
258 RawBuffer CKMLogic::saveData(
263 const RawBuffer &key,
264 const PolicySerializable &policy)
266 int retCode = CKM_API_SUCCESS;
268 retCode = saveDataHelper(cred, dataType, alias, key, policy);
269 LogDebug("SaveDataHelper returned: " << retCode);
270 } catch (const KeyProvider::Exception::Base &e) {
271 LogError("KeyProvider failed with message: " << e.GetMessage());
272 retCode = CKM_API_ERROR_SERVER_ERROR;
273 } catch (const CryptoLogic::Exception::Base &e) {
274 LogError("CryptoLogic failed with message: " << e.GetMessage());
275 retCode = CKM_API_ERROR_SERVER_ERROR;
276 } catch (const DBCrypto::Exception::InternalError &e) {
277 LogError("DBCrypto failed with message: " << e.GetMessage());
278 retCode = CKM_API_ERROR_DB_ERROR;
279 } catch (const DBCrypto::Exception::AliasExists &e) {
280 LogError("DBCrypto couldn't save duplicate alias");
281 retCode = CKM_API_ERROR_DB_ALIAS_EXISTS;
282 } catch (const DBCrypto::Exception::TransactionError &e) {
283 LogError("DBCrypto transaction failed with message " << e.GetMessage());
284 retCode = CKM_API_ERROR_DB_ERROR;
287 MessageBuffer response;
288 Serialization::Serialize(response, static_cast<int>(LogicCommand::SAVE));
289 Serialization::Serialize(response, commandId);
290 Serialization::Serialize(response, retCode);
291 Serialization::Serialize(response, static_cast<int>(dataType));
293 return response.Pop();
296 RawBuffer CKMLogic::removeData(
302 int retCode = CKM_API_SUCCESS;
304 if (0 < m_userDataMap.count(cred.uid)) {
306 auto erased = m_userDataMap[cred.uid].database.deleteDBRow(alias, cred.smackLabel);
307 // check if the data existed or not
309 LogError("No row for given alias and label");
310 retCode = CKM_API_ERROR_DB_ALIAS_UNKNOWN;
312 } Catch (CKM::Exception) {
313 LogError("Error in deleting row!");
314 retCode = CKM_API_ERROR_DB_ERROR;
317 retCode = CKM_API_ERROR_DB_LOCKED;
320 MessageBuffer response;
321 Serialization::Serialize(response, static_cast<int>(LogicCommand::REMOVE));
322 Serialization::Serialize(response, commandId);
323 Serialization::Serialize(response, retCode);
324 Serialization::Serialize(response, static_cast<int>(dataType));
326 return response.Pop();
329 int CKMLogic::getDataHelper(
333 const Password &password,
337 if (0 == m_userDataMap.count(cred.uid))
338 return CKM_API_ERROR_DB_LOCKED;
340 auto &handler = m_userDataMap[cred.uid];
342 DBCrypto::DBRowOptional row_optional;
343 if (dataType == DBDataType::CERTIFICATE || dataType == DBDataType::BINARY_DATA) {
344 row_optional = handler.database.getDBRow(alias, cred.smackLabel, dataType);
345 } else if ((static_cast<int>(dataType) >= static_cast<int>(DBDataType::DB_KEY_FIRST))
346 && (static_cast<int>(dataType) <= static_cast<int>(DBDataType::DB_KEY_LAST)))
348 row_optional = handler.database.getKeyDBRow(alias, cred.smackLabel);
350 LogError("Unknown type of requested data" << (int)dataType);
351 return CKM_API_ERROR_BAD_REQUEST;
354 LogError("No row for given alias, label and type");
355 return CKM_API_ERROR_DB_ALIAS_UNKNOWN;
360 if (!handler.crypto.haveKey(row.smackLabel)) {
362 auto key_optional = handler.database.getKey(row.smackLabel);
364 LogError("No key for given label in database");
365 return CKM_API_ERROR_DB_ERROR;
368 key = handler.keyProvider.getPureDEK(key);
369 handler.crypto.pushKey(cred.smackLabel, key);
371 handler.crypto.decryptRow(password, row);
373 return CKM_API_SUCCESS;
376 RawBuffer CKMLogic::getData(
381 const Password &password)
383 int retCode = CKM_API_SUCCESS;
387 retCode = getDataHelper(cred, dataType, alias, password, row);
388 } catch (const KeyProvider::Exception::Base &e) {
389 LogError("KeyProvider failed with error: " << e.GetMessage());
390 retCode = CKM_API_ERROR_SERVER_ERROR;
391 } catch (const CryptoLogic::Exception::Base &e) {
392 LogError("CryptoLogic failed with message: " << e.GetMessage());
393 retCode = CKM_API_ERROR_SERVER_ERROR;
394 } catch (const DBCrypto::Exception::Base &e) {
395 LogError("DBCrypto failed with message: " << e.GetMessage());
396 retCode = CKM_API_ERROR_DB_ERROR;
399 if (CKM_API_SUCCESS != retCode) {
401 row.dataType = dataType;
404 if ((CKM_API_SUCCESS == retCode) && (row.exportable == 0)) {
406 retCode = CKM_API_ERROR_NOT_EXPORTABLE;
409 MessageBuffer response;
410 Serialization::Serialize(response, static_cast<int>(LogicCommand::GET));
411 Serialization::Serialize(response, commandId);
412 Serialization::Serialize(response, retCode);
413 Serialization::Serialize(response, static_cast<int>(row.dataType));
414 Serialization::Serialize(response, row.data);
415 return response.Pop();
418 RawBuffer CKMLogic::getDataList(
423 int retCode = CKM_API_SUCCESS;
424 AliasVector aliasVector;
426 if (0 < m_userDataMap.count(cred.uid)) {
427 auto &handler = m_userDataMap[cred.uid];
429 if (dataType == DBDataType::CERTIFICATE || dataType == DBDataType::BINARY_DATA) {
430 handler.database.getAliases(dataType, cred.smackLabel, aliasVector);
432 handler.database.getKeyAliases(cred.smackLabel, aliasVector);
434 } Catch (CKM::Exception) {
435 LogError("Failed to get aliases");
436 retCode = CKM_API_ERROR_DB_ERROR;
439 retCode = CKM_API_ERROR_DB_LOCKED;
442 MessageBuffer response;
443 Serialization::Serialize(response, static_cast<int>(LogicCommand::GET_LIST));
444 Serialization::Serialize(response, commandId);
445 Serialization::Serialize(response, retCode);
446 Serialization::Serialize(response, static_cast<int>(dataType));
447 Serialization::Serialize(response, aliasVector);
448 return response.Pop();
451 int CKMLogic::createKeyPairRSAHelper(
454 const Alias &aliasPrivate,
455 const Alias &aliasPublic,
456 const PolicySerializable &policyPrivate,
457 const PolicySerializable &policyPublic)
459 if (0 >= m_userDataMap.count(cred.uid))
460 return CKM_API_ERROR_DB_LOCKED;
462 auto &handler = m_userDataMap[cred.uid];
466 if (CKM_CRYPTO_CREATEKEY_SUCCESS !=
467 (retCode = CryptoService::createKeyPairRSA(size, prv, pub)))
469 LogDebug("CryptoService error with code: " << retCode);
470 return CKM_API_ERROR_SERVER_ERROR; // TODO error code
473 DBCrypto::Transaction transaction(&handler.database);
474 retCode = saveDataHelper(cred,
475 toDBDataType(prv.getType()),
480 if (CKM_API_SUCCESS != retCode)
483 retCode = saveDataHelper(cred,
484 toDBDataType(pub.getType()),
489 if (CKM_API_SUCCESS != retCode)
492 transaction.commit();
497 RawBuffer CKMLogic::createKeyPairRSA(
501 const Alias &aliasPrivate,
502 const Alias &aliasPublic,
503 const PolicySerializable &policyPrivate,
504 const PolicySerializable &policyPublic)
506 int retCode = CKM_API_SUCCESS;
509 retCode = createKeyPairRSAHelper(
517 } catch (DBCrypto::Exception::AliasExists &e) {
518 LogDebug("DBCrypto error: alias exists: " << e.GetMessage());
519 retCode = CKM_API_ERROR_DB_ALIAS_EXISTS;
520 } catch (DBCrypto::Exception::TransactionError &e) {
521 LogDebug("DBCrypto error: transaction error: " << e.GetMessage());
522 retCode = CKM_API_ERROR_DB_ERROR;
523 } catch (CKM::CryptoLogic::Exception::Base &e) {
524 LogDebug("CryptoLogic error: " << e.GetMessage());
525 retCode = CKM_API_ERROR_SERVER_ERROR;
526 } catch (DBCrypto::Exception::InternalError &e) {
527 LogDebug("DBCrypto internal error: " << e.GetMessage());
528 retCode = CKM_API_ERROR_DB_ERROR;
531 MessageBuffer response;
532 Serialization::Serialize(response, static_cast<int>(LogicCommand::CREATE_KEY_PAIR_RSA));
533 Serialization::Serialize(response, commandId);
534 Serialization::Serialize(response, retCode);
536 return response.Pop();
539 int CKMLogic::createKeyPairECDSAHelper(
542 const Alias &aliasPrivate,
543 const Alias &aliasPublic,
544 const PolicySerializable &policyPrivate,
545 const PolicySerializable &policyPublic)
547 if (0 >= m_userDataMap.count(cred.uid))
548 return CKM_API_ERROR_DB_LOCKED;
550 auto &handler = m_userDataMap[cred.uid];
554 if (CKM_CRYPTO_CREATEKEY_SUCCESS !=
555 (retCode = CryptoService::createKeyPairECDSA(static_cast<ElipticCurve>(type), prv, pub)))
557 LogError("CryptoService failed with code: " << retCode);
558 return CKM_API_ERROR_SERVER_ERROR; // TODO error code
561 DBCrypto::Transaction transaction(&handler.database);
563 retCode = saveDataHelper(cred,
564 toDBDataType(prv.getType()),
569 if (CKM_API_SUCCESS != retCode)
572 retCode = saveDataHelper(cred,
573 toDBDataType(pub.getType()),
578 if (CKM_API_SUCCESS != retCode)
581 transaction.commit();
586 RawBuffer CKMLogic::createKeyPairECDSA(
590 const Alias &aliasPrivate,
591 const Alias &aliasPublic,
592 const PolicySerializable &policyPrivate,
593 const PolicySerializable &policyPublic)
595 int retCode = CKM_API_SUCCESS;
598 retCode = createKeyPairECDSAHelper(
605 } catch (const DBCrypto::Exception::AliasExists &e) {
606 LogDebug("DBCrypto error: alias exists: " << e.GetMessage());
607 retCode = CKM_API_ERROR_DB_ALIAS_EXISTS;
608 } catch (const DBCrypto::Exception::TransactionError &e) {
609 LogDebug("DBCrypto error: transaction error: " << e.GetMessage());
610 retCode = CKM_API_ERROR_DB_ERROR;
611 } catch (const CKM::CryptoLogic::Exception::Base &e) {
612 LogDebug("CryptoLogic error: " << e.GetMessage());
613 retCode = CKM_API_ERROR_SERVER_ERROR;
614 } catch (const DBCrypto::Exception::InternalError &e) {
615 LogDebug("DBCrypto internal error: " << e.GetMessage());
616 retCode = CKM_API_ERROR_DB_ERROR;
619 MessageBuffer response;
620 Serialization::Serialize(response, static_cast<int>(LogicCommand::CREATE_KEY_PAIR_RSA));
621 Serialization::Serialize(response, commandId);
622 Serialization::Serialize(response, retCode);
624 return response.Pop();
627 RawBuffer CKMLogic::getCertificateChain(
630 const RawBuffer &certificate,
631 const RawBufferVector &untrustedRawCertVector)
635 CertificateImpl cert(certificate, DataFormat::FORM_DER);
636 CertificateImplVector untrustedCertVector;
637 CertificateImplVector chainVector;
638 RawBufferVector chainRawVector;
640 for (auto &e: untrustedRawCertVector)
641 untrustedCertVector.push_back(CertificateImpl(e, DataFormat::FORM_DER));
643 LogDebug("Cert is empty: " << cert.empty());
645 int retCode = m_certStore.verifyCertificate(cert, untrustedCertVector, chainVector);
647 if (retCode == CKM_API_SUCCESS) {
648 for (auto &e : chainVector)
649 chainRawVector.push_back(e.getDER());
652 MessageBuffer response;
653 Serialization::Serialize(response, static_cast<int>(LogicCommand::GET_CHAIN_CERT));
654 Serialization::Serialize(response, commandId);
655 Serialization::Serialize(response, retCode);
656 Serialization::Serialize(response, chainRawVector);
657 return response.Pop();
660 RawBuffer CKMLogic::getCertificateChain(
663 const RawBuffer &certificate,
664 const AliasVector &aliasVector)
666 int retCode = CKM_API_SUCCESS;
667 RawBufferVector chainRawVector;
669 CertificateImpl cert(certificate, DataFormat::FORM_DER);
670 CertificateImplVector untrustedCertVector;
671 CertificateImplVector chainVector;
675 retCode = CKM_API_ERROR_SERVER_ERROR;
679 for (auto &i: aliasVector) {
680 retCode = getDataHelper(cred, DBDataType::CERTIFICATE, i, Password(), row);
682 if (retCode != CKM_API_SUCCESS)
685 untrustedCertVector.push_back(CertificateImpl(row.data, DataFormat::FORM_DER));
688 retCode = m_certStore.verifyCertificate(cert, untrustedCertVector, chainVector);
690 if (retCode != CKM_API_SUCCESS)
693 for (auto &i: chainVector)
694 chainRawVector.push_back(i.getDER());
696 } catch (const CryptoLogic::Exception::Base &e) {
697 LogError("DBCyptorModule failed with message: " << e.GetMessage());
698 retCode = CKM_API_ERROR_SERVER_ERROR;
699 } catch (const DBCrypto::Exception::Base &e) {
700 LogError("DBCrypto failed with message: " << e.GetMessage());
701 retCode = CKM_API_ERROR_DB_ERROR;
703 LogError("Unknown error.");
707 MessageBuffer response;
708 Serialization::Serialize(response, static_cast<int>(LogicCommand::GET_CHAIN_ALIAS));
709 Serialization::Serialize(response, commandId);
710 Serialization::Serialize(response, retCode);
711 Serialization::Serialize(response, chainRawVector);
712 return response.Pop();
715 RawBuffer CKMLogic::createSignature(
718 const Alias &privateKeyAlias,
719 const Password &password, // password for private_key
720 const RawBuffer &message,
721 const HashAlgorithm hash,
722 const RSAPaddingAlgorithm padding)
728 int retCode = CKM_API_SUCCESS;
732 retCode = getDataHelper(cred, DBDataType::KEY_RSA_PUBLIC, privateKeyAlias, password, row);
733 if (CKM_API_SUCCESS != retCode) {
734 LogError("getDataHelper return error");
738 KeyImpl keyParsed(row.data, Password());
739 if (keyParsed.empty())
740 retCode = CKM_API_ERROR_SERVER_ERROR;
742 cs.createSignature(keyParsed, message, hash, padding, signature);
744 } catch (const KeyProvider::Exception::Base &e) {
745 LogError("KeyProvider failed with message: " << e.GetMessage());
746 retCode = CKM_API_ERROR_SERVER_ERROR;
747 } catch (const CryptoLogic::Exception::Base &e) {
748 LogError("CryptoLogic failed with message: " << e.GetMessage());
749 retCode = CKM_API_ERROR_SERVER_ERROR;
750 } catch (const DBCrypto::Exception::Base &e) {
751 LogError("DBCrypto failed with message: " << e.GetMessage());
752 retCode = CKM_API_ERROR_DB_ERROR;
753 } catch (const CKM::Exception &e) {
754 LogError("Unknown CKM::Exception: " << e.GetMessage());
755 retCode = CKM_API_ERROR_SERVER_ERROR;
758 MessageBuffer response;
759 Serialization::Serialize(response, static_cast<int>(LogicCommand::CREATE_SIGNATURE));
760 Serialization::Serialize(response, commandId);
761 Serialization::Serialize(response, retCode);
762 Serialization::Serialize(response, signature);
763 return response.Pop();
766 RawBuffer CKMLogic::verifySignature(
769 const Alias &publicKeyOrCertAlias,
770 const Password &password, // password for public_key (optional)
771 const RawBuffer &message,
772 const RawBuffer &signature,
773 const HashAlgorithm hash,
774 const RSAPaddingAlgorithm padding)
776 int retCode = CKM_API_ERROR_VERIFICATION_FAILED;
784 retCode = getDataHelper(cred, DBDataType::DB_KEY_FIRST, publicKeyOrCertAlias, password, row);
786 if (retCode == CKM_API_SUCCESS) {
787 key = KeyImpl(row.data);
788 } else if (retCode == CKM_API_ERROR_DB_ALIAS_UNKNOWN) {
789 retCode = getDataHelper(cred, DBDataType::CERTIFICATE, publicKeyOrCertAlias, password, row);
790 if (retCode != CKM_API_SUCCESS)
792 CertificateImpl cert(row.data, DataFormat::FORM_DER);
793 key = cert.getKeyImpl();
799 retCode = CKM_API_ERROR_SERVER_ERROR;
803 retCode = cs.verifySignature(key, message, signature, hash, padding);
805 } catch (const CryptoService::Exception::Crypto_internal &e) {
806 LogError("KeyProvider failed with message: " << e.GetMessage());
807 retCode = CKM_API_ERROR_SERVER_ERROR;
808 } catch (const CryptoService::Exception::opensslError &e) {
809 LogError("KeyProvider failed with message: " << e.GetMessage());
810 retCode = CKM_API_ERROR_SERVER_ERROR;
811 } catch (const KeyProvider::Exception::Base &e) {
812 LogError("KeyProvider failed with error: " << e.GetMessage());
813 retCode = CKM_API_ERROR_SERVER_ERROR;
814 } catch (const CryptoLogic::Exception::Base &e) {
815 LogError("CryptoLogic failed with message: " << e.GetMessage());
816 retCode = CKM_API_ERROR_SERVER_ERROR;
817 } catch (const DBCrypto::Exception::Base &e) {
818 LogError("DBCrypto failed with message: " << e.GetMessage());
819 retCode = CKM_API_ERROR_DB_ERROR;
820 } catch (const CKM::Exception &e) {
821 LogError("Unknown CKM::Exception: " << e.GetMessage());
822 retCode = CKM_API_ERROR_SERVER_ERROR;
825 MessageBuffer response;
826 Serialization::Serialize(response, static_cast<int>(LogicCommand::VERIFY_SIGNATURE));
827 Serialization::Serialize(response, commandId);
828 Serialization::Serialize(response, retCode);
830 return response.Pop();