/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved.
 * Use of this source code is governed by a BSD-style license that can be
 * found in the LICENSE file.
 *
 * Host-side functions for verified boot key structures
 */

#ifndef VBOOT_REFERENCE_HOST_SIGNATURE2_H_
#define VBOOT_REFERENCE_HOST_SIGNATURE2_H_

#include "2struct.h"

struct vb2_private_key;

/**
 * Sign data buffer
 *
 * @param sig_ptr	On success, points to a newly allocated signature.
 *			Caller is responsible for calling free() on this.
 * @param data		Pointer to data to sign
 * @param size		Size of data to sign in bytes
 * @param key		Private key to use to sign data
 * @param desc		Optional description for signature.  If NULL, the
 *			key description will be used.
 * @return VB2_SUCCESS, or non-zero error code on failure.
 */
int vb2_sign_data(struct vb2_signature **sig_ptr,
		  const uint8_t *data,
		  uint32_t size,
		  const struct vb2_private_key *key,
		  const char *desc);

/**
 * Calculate the signature size for a private key.
 *
 * @param size_ptr	On success, contains the signature size in bytes.
 * @param key		Key to calculate signature length from.
 * @param desc		Optional description for signature.  If NULL, the
 *			key description will be used.
 * @return VB2_SUCCESS, or non-zero error code on failure.
 */
int vb2_sig_size_for_key(uint32_t *size_ptr,
			 const struct vb2_private_key *key,
			 const char *desc);

/**
 * Calculate the total signature size for a list of keys.
 *
 * @param size_ptr	On success, contains the signature size in bytes.
 * @param key_list	List of keys to calculate signature length from.
 * @param key_count	Number of keys.
 * @return VB2_SUCCESS, or non-zero error code on failure.
 */
int vb2_sig_size_for_keys(uint32_t *size_ptr,
			  const struct vb2_private_key **key_list,
			  uint32_t key_count);

/**
 * Sign object with a key.
 *
 * @param buf		Buffer containing object to sign, starting with
 *			common header
 * @param sig_offset	Offset in buffer at which to store signature.  All
 *			data before this in the buffer will be signed.
 * @param key		Key to sign object with
 * @param desc		If non-null, description to use for signature
 */
int vb2_sign_object(uint8_t *buf,
		    uint32_t sig_offset,
		    const struct vb2_private_key *key,
		    const char *desc);

/**
 * Sign object with list of keys.
 *
 * @param buf		Buffer containing object to sign, starting with
 *			common header
 * @param sig_offset	Offset to start signatures.  All data before this
 *			in the buffer will be signed.
 * @param key_list	List of keys to sign object with
 * @param key_count	Number of keys in list
 */
int vb2_sign_object_multiple(uint8_t *buf,
			     uint32_t sig_offset,
			     const struct vb2_private_key **key_list,
			     uint32_t key_count);

#endif  /* VBOOT_REFERENCE_HOST_SIGNATURE2_H_ */