Prevent using public key for decryption

We could leave it for backends but since we have all the info, let's
fail early.

Change-Id: I7d3257370124ad19d423b859f380ce60f6da4d95

diff --git a/src/manager/service/ckm-logic.cpp b/src/manager/service/ckm-logic.cpp
index ae9a7ed..4bcb3c7 100644 (file)
--- a/src/manager/service/ckm-logic.cpp
+++ b/src/manager/service/ckm-logic.cpp
@@ -1594,11 +1594,23 @@ RawBuffer CKMLogic::importWrappedKey(
                if (retCode != CKM_API_SUCCESS)
                        return retCode;
 
-               retCode = readDataHelper(false, cred, DataType::DB_KEY_FIRST, wrappingKeyName,
-                                                               wrappingKeyOwner, wrappingKeyPassword, wrappingKey);
+               DataType wrappingKeyType;
+               retCode = readDataHelper(false,
+                                                                cred,
+                                                                DataType::DB_KEY_FIRST,
+                                                                wrappingKeyName,
+                                                                wrappingKeyOwner,
+                                                                wrappingKeyPassword,
+                                                                wrappingKey,
+                                                                wrappingKeyType);
                if (retCode != CKM_API_SUCCESS)
                        return retCode;
 
+               if (wrappingKeyType.isKeyPublic()) {
+                       LogError("Public key can not be used for decryption");
+                       return CKM_API_ERROR_INPUT_PARAM;
+               }
+
                if (!m_decider.checkStore(wrappingKey->backendId(), keyType, policy, true)) {
                        LogDebug("Can't import the wrapped key to backend " <<
                                 static_cast<int>(wrappingKey->backendId()) << " with given policy");