*
* @remarks The wrapping key must be either symmetric (#CKMC_KEY_AES) or private RSA
* (#CKMC_KEY_RSA_PRIVATE).
- * @remarks key_type in @a wrapped_key must not be set to #CKMC_KEY_NONE.
+ * @remarks key_type in @a wrapped_key can only be #CKMC_KEY_AES.
* @remarks password in @a wrapped_key must be set to NULL. There's no need to additionally encrypt
* a wrapped key.
* @remarks If password in @a policy is provided, the stored key is additionally encrypted with it.
* @remarks The wrapping key must be either symmetric (#CKMC_KEY_AES) or public RSA
* (#CKMC_KEY_RSA_PUBLIC).
* @remarks The @a ppwrapped_key should be released using ckmc_key_free().
+ * @remarks The key denoted by @a wrapping_key_alias can only be #CKMC_KEY_AES.
*
* @param[in] params Algorithm parameter list handle. See #ckmc_param_list_h and #ckmc_algo_type_e
* for details. Supported algorithms:
return SerializeMessage(msgId, tryRet([&] {
Crypto::GObjUPtr wrappingKey;
+ if (!keyType.isSymmetricKey()) {
+ LogError("Only symmetric key can be imported");
+ return CKM_API_ERROR_INPUT_PARAM;
+ }
+
auto [dbOp, digest, retCode] = beginSaveAndGetHash(cred, keyName, keyOwner);
if (retCode != CKM_API_SUCCESS)
return retCode;
if (retCode2 != CKM_API_SUCCESS)
return retCode2;
+ if (!wrappedKeyType.isSymmetricKey()) {
+ LogError("Only symmetric key can be exported");
+ return CKM_API_ERROR_INPUT_PARAM;
+ }
+
wrappedKey = wrappingKey->wrap(params, wrappedKeyRow, keyPassword);
return retCode2;
projects / platform / core / security / key-manager.git / commitdiff