in src/vtok_p11/src/backend/session.rs [239:262]
fn private_key_for_mech(
&self,
mech: &Mechanism,
key_handle: ObjectHandle,
) -> Result<crypto::Pkey> {
let key_obj = self.db.object(key_handle).ok_or(Error::KeyHandleInvalid)?;
match mech {
Mechanism::RsaX509 | Mechanism::RsaPkcs(..) | Mechanism::RsaPkcsPss(..) => {
if let ObjectKind::RsaPrivateKey(pem) = key_obj.kind() {
crypto::Pkey::from_private_pem(pem.as_str()).map_err(Error::CryptoError)
} else {
Err(Error::KeyTypeInconsistent)
}
}
Mechanism::Ecdsa(..) => {
if let ObjectKind::EcPrivateKey(pem) = key_obj.kind() {
crypto::Pkey::from_private_pem(pem.as_str()).map_err(Error::CryptoError)
} else {
Err(Error::KeyTypeInconsistent)
}
}
_ => Err(Error::MechanismInvalid),
}
}