1 files changed, 35 insertions, 0 deletions

diff --git a/hashsig.c b/hashsig.c
index f55558d..cd00224 100644
--- a/hashsig.c
+++ b/hashsig.c
@@ -2100,6 +2100,41 @@ err_out:
     return err;
 }
 
+hal_error_t hal_hashsig_export_raw(const hal_uuid_t * const name, uint8_t *der, size_t *der_len, const size_t der_max)
+{
+    hal_error_t err;
+    hal_hashsig_key_t keybuf, *tmp_key = &keybuf, *hss_key;
+
+    if ((err = hal_hashsig_private_key_from_der(&hss_key, &keybuf, sizeof(keybuf), der, *der_len)) != HAL_OK)
+        goto err_out;
+    if (hss_key == tmp_key) {
+        err = HAL_ERROR_KEY_NOT_FOUND;         /* or IMPOSSIBLE? */
+        goto err_out;
+    }
+
+    /* adjust exported q */
+    hss_key->q_start = hss_key->lms_keys[0].q;
+
+    /* store updated hss_key
+     * toggle HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE to disable further use
+     */
+    hal_pkey_slot_t slot = {
+        .type = HAL_KEY_TYPE_HASHSIG_PRIVATE,
+        .name = *name,
+        .flags = HAL_KEY_FLAG_TOKEN | HAL_KEY_FLAG_EXPORTABLE
+    };
+    if ((err = hal_hashsig_private_key_to_der(hss_key, der, der_len, der_max)) != HAL_OK ||
+        (err = hal_ks_rewrite_der(hal_ks_token, &slot, der, *der_len)) != HAL_OK)
+        goto err_out;
+
+    /* return with updated der */
+
+err_out:
+    memset(&keybuf, 0, sizeof(keybuf));
+    hss_key = NULL;
+    return err;
+}
+
 hal_error_t hal_hashsig_import(const uint8_t *der, const size_t der_len,
                                const hal_key_flags_t flags)
 {