1 files changed, 32 insertions, 0 deletions

diff --git a/ext/crypto/export_key.rs b/ext/crypto/export_key.rs
index 2e74d61f2..25faf1791 100644
--- a/ext/crypto/export_key.rs
+++ b/ext/crypto/export_key.rs
@@ -26,6 +26,7 @@ pub enum ExportKeyFormat {
   Spki,
   JwkPublic,
   JwkPrivate,
+  JwkSecret,
 }
 
 #[derive(Deserialize)]
@@ -37,6 +38,10 @@ pub enum ExportKeyAlgorithm {
   RsaPss {},
   #[serde(rename = "RSA-OAEP")]
   RsaOaep {},
+  #[serde(rename = "AES")]
+  Aes {},
+  #[serde(rename = "HMAC")]
+  Hmac {},
 }
 
 #[derive(Serialize)]
@@ -44,6 +49,9 @@ pub enum ExportKeyAlgorithm {
 pub enum ExportKeyResult {
   Pkcs8(ZeroCopyBuf),
   Spki(ZeroCopyBuf),
+  JwkSecret {
+    k: String,
+  },
   JwkPublicRsa {
     n: String,
     e: String,
@@ -69,6 +77,9 @@ pub fn op_crypto_export_key(
     ExportKeyAlgorithm::RsassaPkcs1v15 {}
     | ExportKeyAlgorithm::RsaPss {}
     | ExportKeyAlgorithm::RsaOaep {} => export_key_rsa(opts.format, key_data),
+    ExportKeyAlgorithm::Aes {} | ExportKeyAlgorithm::Hmac {} => {
+      export_key_symmetric(opts.format, key_data)
+    }
   }
 }
 
@@ -76,6 +87,10 @@ fn uint_to_b64(bytes: UIntBytes) -> String {
   base64::encode_config(bytes.as_bytes(), base64::URL_SAFE_NO_PAD)
 }
 
+fn bytes_to_b64(bytes: &[u8]) -> String {
+  base64::encode_config(bytes, base64::URL_SAFE_NO_PAD)
+}
+
 fn export_key_rsa(
   format: ExportKeyFormat,
   key_data: RawKeyData,
@@ -166,5 +181,22 @@ fn export_key_rsa(
         qi: uint_to_b64(private_key.coefficient),
       })
     }
+    _ => Err(unsupported_format()),
+  }
+}
+
+fn export_key_symmetric(
+  format: ExportKeyFormat,
+  key_data: RawKeyData,
+) -> Result<ExportKeyResult, deno_core::anyhow::Error> {
+  match format {
+    ExportKeyFormat::JwkSecret => {
+      let bytes = key_data.as_secret_key()?;
+
+      Ok(ExportKeyResult::JwkSecret {
+        k: bytes_to_b64(bytes),
+      })
+    }
+    _ => Err(unsupported_format()),
   }
 }