From: Krzysztof Jackiewicz <k.jackiewicz@samsung.com>
Date: Wed, 20 Sep 2023 10:57:56 +0000 (+0200)
Subject: Prevent using public key for decryption
X-Git-Tag: accepted/tizen/unified/20231004.100255~6
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;ds=sidebyside;h=655222fc440e9e96fc0dbe97514815bbac95b018;p=platform%2Fcore%2Fsecurity%2Fkey-manager.git

Prevent using public key for decryption

We could leave it for backends but since we have all the info, let's
fail early.

Change-Id: I7d3257370124ad19d423b859f380ce60f6da4d95
---

diff --git a/src/manager/service/ckm-logic.cpp b/src/manager/service/ckm-logic.cpp
index ae9a7ed..4bcb3c7 100644
--- a/src/manager/service/ckm-logic.cpp
+++ b/src/manager/service/ckm-logic.cpp
@@ -1594,11 +1594,23 @@ RawBuffer CKMLogic::importWrappedKey(
 		if (retCode != CKM_API_SUCCESS)
 			return retCode;
 
-		retCode = readDataHelper(false, cred, DataType::DB_KEY_FIRST, wrappingKeyName,
-								wrappingKeyOwner, wrappingKeyPassword, wrappingKey);
+		DataType wrappingKeyType;
+		retCode = readDataHelper(false,
+								 cred,
+								 DataType::DB_KEY_FIRST,
+								 wrappingKeyName,
+								 wrappingKeyOwner,
+								 wrappingKeyPassword,
+								 wrappingKey,
+								 wrappingKeyType);
 		if (retCode != CKM_API_SUCCESS)
 			return retCode;
 
+		if (wrappingKeyType.isKeyPublic()) {
+			LogError("Public key can not be used for decryption");
+			return CKM_API_ERROR_INPUT_PARAM;
+		}
+
 		if (!m_decider.checkStore(wrappingKey->backendId(), keyType, policy, true)) {
 			LogDebug("Can't import the wrapped key to backend " <<
 			         static_cast<int>(wrappingKey->backendId()) << " with given policy");