From 655222fc440e9e96fc0dbe97514815bbac95b018 Mon Sep 17 00:00:00 2001
From: Krzysztof Jackiewicz <k.jackiewicz@samsung.com>
Date: Wed, 20 Sep 2023 12:57:56 +0200
Subject: [PATCH] Prevent using public key for decryption

We could leave it for backends but since we have all the info, let's
fail early.

Change-Id: I7d3257370124ad19d423b859f380ce60f6da4d95
---
 src/manager/service/ckm-logic.cpp | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/src/manager/service/ckm-logic.cpp b/src/manager/service/ckm-logic.cpp
index ae9a7ed..4bcb3c7 100644
--- a/src/manager/service/ckm-logic.cpp
+++ b/src/manager/service/ckm-logic.cpp
@@ -1594,11 +1594,23 @@ RawBuffer CKMLogic::importWrappedKey(
 		if (retCode != CKM_API_SUCCESS)
 			return retCode;
 
-		retCode = readDataHelper(false, cred, DataType::DB_KEY_FIRST, wrappingKeyName,
-								wrappingKeyOwner, wrappingKeyPassword, wrappingKey);
+		DataType wrappingKeyType;
+		retCode = readDataHelper(false,
+								 cred,
+								 DataType::DB_KEY_FIRST,
+								 wrappingKeyName,
+								 wrappingKeyOwner,
+								 wrappingKeyPassword,
+								 wrappingKey,
+								 wrappingKeyType);
 		if (retCode != CKM_API_SUCCESS)
 			return retCode;
 
+		if (wrappingKeyType.isKeyPublic()) {
+			LogError("Public key can not be used for decryption");
+			return CKM_API_ERROR_INPUT_PARAM;
+		}
+
 		if (!m_decider.checkStore(wrappingKey->backendId(), keyType, policy, true)) {
 			LogDebug("Can't import the wrapped key to backend " <<
 			         static_cast<int>(wrappingKey->backendId()) << " with given policy");
-- 
2.7.4