if (retCode != CKM_API_SUCCESS)
return retCode;
- retCode = readDataHelper(false, cred, DataType::DB_KEY_FIRST, wrappingKeyName,
- wrappingKeyOwner, wrappingKeyPassword, wrappingKey);
+ DataType wrappingKeyType;
+ retCode = readDataHelper(false,
+ cred,
+ DataType::DB_KEY_FIRST,
+ wrappingKeyName,
+ wrappingKeyOwner,
+ wrappingKeyPassword,
+ wrappingKey,
+ wrappingKeyType);
if (retCode != CKM_API_SUCCESS)
return retCode;
+ if (wrappingKeyType.isKeyPublic()) {
+ LogError("Public key can not be used for decryption");
+ return CKM_API_ERROR_INPUT_PARAM;
+ }
+
if (!m_decider.checkStore(wrappingKey->backendId(), keyType, policy, true)) {
LogDebug("Can't import the wrapped key to backend " <<
static_cast<int>(wrappingKey->backendId()) << " with given policy");