@@ -11,6 +11,7 @@ use parsec_interface::operations::psa_algorithm::{AsymmetricEncryption, Asymmetr
1111use parsec_interface:: operations:: psa_asymmetric_decrypt:: Operation as PsaAsymDecrypt ;
1212use parsec_interface:: operations:: psa_asymmetric_encrypt:: Operation as PsaAsymEncrypt ;
1313use parsec_interface:: operations:: psa_destroy_key:: Operation as PsaDestroyKey ;
14+ use parsec_interface:: operations:: psa_export_key:: Operation as PsaExportKey ;
1415use parsec_interface:: operations:: psa_export_public_key:: Operation as PsaExportPublicKey ;
1516use parsec_interface:: operations:: psa_generate_key:: Operation as PsaGenerateKey ;
1617use parsec_interface:: operations:: psa_import_key:: Operation as PsaImportKey ;
@@ -19,7 +20,7 @@ use parsec_interface::operations::psa_sign_hash::Operation as PsaSignHash;
1920use parsec_interface:: operations:: psa_verify_hash:: Operation as PsaVerifyHash ;
2021use parsec_interface:: operations:: { NativeOperation , NativeResult } ;
2122use parsec_interface:: requests:: { Opcode , ProviderID } ;
22- use parsec_interface:: secrecy:: Secret ;
23+ use parsec_interface:: secrecy:: { ExposeSecret , Secret } ;
2324use std:: collections:: HashSet ;
2425use zeroize:: Zeroizing ;
2526
@@ -422,6 +423,43 @@ impl BasicClient {
422423 }
423424 }
424425
426+ /// **[Cryptographic Operation]** Export a key.
427+ ///
428+ /// The returned key material will follow the appropriate binary format expressed
429+ /// [here](https://parallaxsecond.github.io/parsec-book/parsec_client/operations/psa_export_key.html).
430+ /// Several crates (e.g. [`picky-asn1`](https://crates.io/crates/picky-asn1))
431+ /// can greatly help in dealing with binary encodings.
432+ ///
433+ /// # Errors
434+ ///
435+ /// If the implicit client provider is `ProviderID::Core`, a client error
436+ /// of `InvalidProvider` type is returned.
437+ ///
438+ /// If the implicit client provider has not been set, a client error of
439+ /// `NoProvider` type is returned.
440+ ///
441+ /// See the operation-specific response codes returned by the service
442+ /// [here](https://parallaxsecond.github.io/parsec-book/parsec_client/operations/psa_export_key.html#specific-response-status-codes).
443+ pub fn psa_export_key ( & self , key_name : String ) -> Result < Vec < u8 > > {
444+ let crypto_provider = self . can_provide_crypto ( ) ?;
445+
446+ let op = PsaExportKey { key_name } ;
447+
448+ let res = self . op_client . process_operation (
449+ NativeOperation :: PsaExportKey ( op) ,
450+ crypto_provider,
451+ & self . auth_data ,
452+ ) ?;
453+
454+ if let NativeResult :: PsaExportKey ( res) = res {
455+ Ok ( res. data . expose_secret ( ) . to_vec ( ) )
456+ } else {
457+ // Should really not be reached given the checks we do, but it's not impossible if some
458+ // changes happen in the interface
459+ Err ( Error :: Client ( ClientErrorKind :: InvalidServiceResponseType ) )
460+ }
461+ }
462+
425463 /// **[Cryptographic Operation]** Create an asymmetric signature on a pre-computed message digest.
426464///
427465/// The key intended for signing **must** have its `sign_hash` flag set
0 commit comments