+RawBuffer CKMLogic::verifySignature(
+ Credentials &cred,
+ int commandId,
+ const Alias &publicKeyOrCertAlias,
+ const Password &password, // password for public_key (optional)
+ const RawBuffer &message,
+ const RawBuffer &signature,
+ const HashAlgorithm hash,
+ const RSAPaddingAlgorithm padding)
+{
+ int retCode = CKM_API_ERROR_VERIFICATION_FAILED;
+
+ try {
+ do {
+ CryptoService cs;
+ DBRow row;
+ KeyImpl key;
+
+ retCode = getDataHelper(cred, DBDataType::DB_KEY_FIRST, publicKeyOrCertAlias, password, row);
+
+ if (retCode == CKM_API_SUCCESS) {
+ key = KeyImpl(row.data);
+ } else if (retCode == CKM_API_ERROR_DB_ALIAS_UNKNOWN) {
+ retCode = getDataHelper(cred, DBDataType::CERTIFICATE, publicKeyOrCertAlias, password, row);
+ if (retCode != CKM_API_SUCCESS)
+ break;
+ CertificateImpl cert(row.data, DataFormat::FORM_DER);
+ key = cert.getKeyImpl();
+ } else {
+ break;
+ }
+
+ if (key.empty()) {
+ retCode = CKM_API_ERROR_SERVER_ERROR;
+ break;
+ }
+
+ retCode = cs.verifySignature(key, message, signature, hash, padding);
+ } while(0);
+ } catch (const CryptoService::Exception::Crypto_internal &e) {
+ LogError("KeyProvider failed with message: " << e.GetMessage());
+ retCode = CKM_API_ERROR_SERVER_ERROR;
+ } catch (const CryptoService::Exception::opensslError &e) {
+ LogError("KeyProvider failed with message: " << e.GetMessage());
+ retCode = CKM_API_ERROR_SERVER_ERROR;
+ } catch (const KeyProvider::Exception::Base &e) {
+ LogError("KeyProvider failed with error: " << e.GetMessage());
+ retCode = CKM_API_ERROR_SERVER_ERROR;
+ } catch (const CryptoLogic::Exception::Base &e) {
+ LogError("CryptoLogic failed with message: " << e.GetMessage());
+ retCode = CKM_API_ERROR_SERVER_ERROR;
+ } catch (const DBCrypto::Exception::PermissionDenied &e) {
+ LogError("DBCrypto failed with message: " << e.GetMessage());
+ retCode = CKM_API_ERROR_ACCESS_DENIED;
+ } catch (const DBCrypto::Exception::Base &e) {
+ LogError("DBCrypto failed with message: " << e.GetMessage());
+ retCode = CKM_API_ERROR_DB_ERROR;
+ } catch (const CKM::Exception &e) {
+ LogError("Unknown CKM::Exception: " << e.GetMessage());
+ retCode = CKM_API_ERROR_SERVER_ERROR;
+ }
+
+ auto response = MessageBuffer::Serialize(static_cast<int>(LogicCommand::VERIFY_SIGNATURE),
+ commandId,
+ retCode);
+ return response.Pop();
+}
+
+RawBuffer CKMLogic::allowAccess(
+ Credentials &cred,
+ int command,
+ int msgID,
+ const Alias &item_alias,
+ const std::string &accessor_label,
+ const AccessRight req_rights)
+{
+ int retCode = CKM_API_ERROR_VERIFICATION_FAILED;
+
+ if (0 < m_userDataMap.count(cred.uid))
+ {
+ Try {
+ retCode = m_userDataMap[cred.uid].database.setAccessRights(cred.smackLabel, item_alias, accessor_label, req_rights);
+ } Catch (DBCrypto::Exception::InvalidArgs) {
+ LogError("Error: invalid args!");
+ retCode = CKM_API_ERROR_INPUT_PARAM;
+ } Catch (DBCrypto::Exception::PermissionDenied) {
+ LogError("Error: not enough permissions!");
+ retCode = CKM_API_ERROR_ACCESS_DENIED;
+ } Catch (CKM::Exception) {
+ LogError("Error in set row!");
+ retCode = CKM_API_ERROR_DB_ERROR;
+ }
+ } else {
+ retCode = CKM_API_ERROR_DB_LOCKED;
+ }
+
+ return MessageBuffer::Serialize(command, msgID, retCode).Pop();
+}
+
+RawBuffer CKMLogic::denyAccess(
+ Credentials &cred,
+ int command,
+ int msgID,
+ const Alias &item_alias,
+ const std::string &accessor_label)
+{
+ int retCode = CKM_API_ERROR_VERIFICATION_FAILED;
+
+ if (0 < m_userDataMap.count(cred.uid))
+ {
+ Try {
+ retCode = m_userDataMap[cred.uid].database.clearAccessRights(cred.smackLabel, item_alias, accessor_label);
+ } Catch (DBCrypto::Exception::PermissionDenied) {
+ LogError("Error: not enough permissions!");
+ retCode = CKM_API_ERROR_ACCESS_DENIED;
+ } Catch (DBCrypto::Exception::InvalidArgs) {
+ LogError("Error: permission not found!");
+ retCode = CKM_API_ERROR_INPUT_PARAM;
+ } Catch (CKM::Exception) {
+ LogError("Error in deleting row!");
+ retCode = CKM_API_ERROR_DB_ERROR;
+ }
+ } else {
+ retCode = CKM_API_ERROR_DB_LOCKED;
+ }
+
+ return MessageBuffer::Serialize(command, msgID, retCode).Pop();
+}
+