Allow only symmetric key wraping/unwrapping

[platform/core/security/key-manager.git] / src / manager / service / ckm-logic.cpp

diff --git a/src/manager/service/ckm-logic.cpp b/src/manager/service/ckm-logic.cpp
index ea59099..ae9a7ed 100644 (file)
--- a/src/manager/service/ckm-logic.cpp
+++ b/src/manager/service/ckm-logic.cpp
@@ -1585,6 +1585,11 @@ RawBuffer CKMLogic::importWrappedKey(
        return SerializeMessage(msgId, tryRet([&] {
                Crypto::GObjUPtr wrappingKey;
 
+               if (!keyType.isSymmetricKey()) {
+                       LogError("Only symmetric key can be imported");
+                       return CKM_API_ERROR_INPUT_PARAM;
+               }
+
                auto [dbOp, digest, retCode] = beginSaveAndGetHash(cred, keyName, keyOwner);
                if (retCode != CKM_API_SUCCESS)
                        return retCode;
@@ -1638,6 +1643,11 @@ RawBuffer CKMLogic::exportWrappedKey(
                if (retCode2 != CKM_API_SUCCESS)
                        return retCode2;
 
+               if (!wrappedKeyType.isSymmetricKey()) {
+                       LogError("Only symmetric key can be exported");
+                       return CKM_API_ERROR_INPUT_PARAM;
+               }
+
                wrappedKey = wrappingKey->wrap(params, wrappedKeyRow, keyPassword);
 
                return retCode2;