futility: Create signatures using vboot 2.0 APIsstabilize-8688.B

Refactor futility to use only vboot 2.0 APIs to create signatures.

BUG=chromium:611535
BRANCH=none
TEST=make runtests

Change-Id: I176e7f424fa556d34d8fe691df5681f1e43210ce
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/356128
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>

12 files changed, 399 insertions, 154 deletions

diff --git a/host/lib/host_common.c b/host/lib/host_common.c
index 959b65a6..a666e809 100644
--- a/host/lib/host_common.c
+++ b/host/lib/host_common.c
@@ -14,62 +14,6 @@
 #include "utility.h"
 #include "vboot_common.h"
 
-VbFirmwarePreambleHeader *CreateFirmwarePreamble(
-	uint64_t firmware_version,
-	const VbPublicKey *kernel_subkey,
-	const VbSignature *body_signature,
-	const VbPrivateKey *signing_key,
-	uint32_t flags)
-{
-	VbFirmwarePreambleHeader *h;
-	uint64_t signed_size = (sizeof(VbFirmwarePreambleHeader) +
-				kernel_subkey->key_size +
-				body_signature->sig_size);
-	uint64_t block_size = signed_size + siglen_map[signing_key->algorithm];
-	uint8_t *kernel_subkey_dest;
-	uint8_t *body_sig_dest;
-	uint8_t *block_sig_dest;
-	VbSignature *sigtmp;
-
-	/* Allocate key block */
-	h = (VbFirmwarePreambleHeader *)malloc(block_size);
-	if (!h)
-		return NULL;
-
-	Memset(h, 0, block_size);
-	kernel_subkey_dest = (uint8_t *)(h + 1);
-	body_sig_dest = kernel_subkey_dest + kernel_subkey->key_size;
-	block_sig_dest = body_sig_dest + body_signature->sig_size;
-
-	h->header_version_major = FIRMWARE_PREAMBLE_HEADER_VERSION_MAJOR;
-	h->header_version_minor = FIRMWARE_PREAMBLE_HEADER_VERSION_MINOR;
-	h->preamble_size = block_size;
-	h->firmware_version = firmware_version;
-	h->flags = flags;
-
-	/* Copy data key */
-	PublicKeyInit(&h->kernel_subkey, kernel_subkey_dest,
-		      kernel_subkey->key_size);
-	PublicKeyCopy(&h->kernel_subkey, kernel_subkey);
-
-	/* Copy body signature */
-	SignatureInit(&h->body_signature, body_sig_dest,
-		      body_signature->sig_size, 0);
-	SignatureCopy(&h->body_signature, body_signature);
-
-	/* Set up signature struct so we can calculate the signature */
-	SignatureInit(&h->preamble_signature, block_sig_dest,
-		      siglen_map[signing_key->algorithm], signed_size);
-
-	/* Calculate signature */
-	sigtmp = CalculateSignature((uint8_t *)h, signed_size, signing_key);
-	SignatureCopy(&h->preamble_signature, sigtmp);
-	free(sigtmp);
-
-	/* Return the header */
-	return h;
-}
-
 VbKernelPreambleHeader *CreateKernelPreamble(
 	uint64_t kernel_version,
 	uint64_t body_load_address,
diff --git a/host/lib/host_common2.c b/host/lib/host_common2.c
new file mode 100644
index 00000000..ae02b8ba
--- /dev/null
+++ b/host/lib/host_common2.c
@@ -0,0 +1,74 @@
+/* Copyright (c) 2013 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ *
+ * Host functions for verified boot.
+ *
+ * TODO: change all 'return 0', 'return 1' into meaningful return codes.
+ */
+
+#include <string.h>
+
+#include "2sysincludes.h"
+#include "2common.h"
+#include "2rsa.h"
+#include "host_common.h"
+#include "host_key2.h"
+#include "cryptolib.h"
+#include "utility.h"
+#include "vb2_common.h"
+#include "vboot_common.h"
+
+struct vb2_fw_preamble *vb2_create_fw_preamble(
+	uint32_t firmware_version,
+	const struct vb2_packed_key *kernel_subkey,
+	const struct vb2_signature *body_signature,
+	const struct vb2_private_key *signing_key,
+	uint32_t flags)
+{
+	uint32_t signed_size = (sizeof(struct vb2_fw_preamble) +
+				kernel_subkey->key_size +
+				body_signature->sig_size);
+	uint32_t block_size = signed_size +
+		vb2_rsa_sig_size(signing_key->sig_alg);
+
+	/* Allocate preamble */
+	struct vb2_fw_preamble *h =
+		(struct vb2_fw_preamble *)calloc(block_size, 1);
+	if (!h)
+		return NULL;
+
+	uint8_t *kernel_subkey_dest = (uint8_t *)(h + 1);
+	uint8_t *body_sig_dest = kernel_subkey_dest + kernel_subkey->key_size;
+	uint8_t *block_sig_dest = body_sig_dest + body_signature->sig_size;
+
+	h->header_version_major = FIRMWARE_PREAMBLE_HEADER_VERSION_MAJOR;
+	h->header_version_minor = FIRMWARE_PREAMBLE_HEADER_VERSION_MINOR;
+	h->preamble_size = block_size;
+	h->firmware_version = firmware_version;
+	h->flags = flags;
+
+	/* Copy data key */
+	PublicKeyInit((VbPublicKey *)&h->kernel_subkey, kernel_subkey_dest,
+		      kernel_subkey->key_size);
+	PublicKeyCopy((VbPublicKey *)&h->kernel_subkey,
+		      (VbPublicKey *)kernel_subkey);
+
+	/* Copy body signature */
+	vb2_init_signature(&h->body_signature,
+			   body_sig_dest, body_signature->sig_size, 0);
+	vb2_copy_signature(&h->body_signature, body_signature);
+
+	/* Set up signature struct so we can calculate the signature */
+	vb2_init_signature(&h->preamble_signature, block_sig_dest,
+			   vb2_rsa_sig_size(signing_key->sig_alg), signed_size);
+
+	/* Calculate signature */
+	struct vb2_signature *sig =
+		vb2_calculate_signature((uint8_t *)h, signed_size, signing_key);
+	vb2_copy_signature(&h->preamble_signature, sig);
+	free(sig);
+
+	/* Return the header */
+	return h;
+}
diff --git a/host/lib/host_key2.c b/host/lib/host_key2.c
new file mode 100644
index 00000000..28f02af5
--- /dev/null
+++ b/host/lib/host_key2.c
@@ -0,0 +1,105 @@
+/* Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ *
+ * Host functions for keys.
+ */
+
+/* TODO: change all 'return 0', 'return 1' into meaningful return codes */
+
+#include <openssl/pem.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+#include "2sysincludes.h"
+#include "2common.h"
+#include "2rsa.h"
+#include "2sha.h"
+#include "cryptolib.h"
+#include "host_common.h"
+#include "host_key.h"
+#include "host_key2.h"
+#include "host_misc.h"
+#include "vb2_common.h"
+#include "vboot_common.h"
+
+struct vb2_private_key *vb2_read_private_key(const char *filename)
+{
+	uint8_t *buf = NULL;
+	uint32_t bufsize = 0;
+	if (VB2_SUCCESS != vb2_read_file(filename, &buf, &bufsize)) {
+		VbExError("unable to read from file %s\n", filename);
+		return NULL;
+	}
+
+	struct vb2_private_key *key =
+		(struct vb2_private_key *)calloc(sizeof(*key), 1);
+	if (!key) {
+		VbExError("Unable to allocate private key\n");
+		free(buf);
+		return NULL;
+	}
+
+	uint64_t alg = *(uint64_t *)buf;
+	key->hash_alg = vb2_crypto_to_hash(alg);
+	key->sig_alg = vb2_crypto_to_signature(alg);
+	const unsigned char *start = buf + sizeof(alg);
+
+	key->rsa_private_key =
+		d2i_RSAPrivateKey(0, &start, bufsize - sizeof(alg));
+
+	if (!key->rsa_private_key) {
+		VbExError("Unable to parse RSA private key\n");
+		free(buf);
+		free(key);
+		return NULL;
+	}
+
+	free(buf);
+	return key;
+}
+
+struct vb2_private_key *vb2_read_private_key_pem(
+		const char* filename,
+		enum vb2_crypto_algorithm algorithm)
+{
+	RSA *rsa_key;
+	FILE *f;
+
+	if (algorithm >= VB2_ALG_COUNT) {
+		VB2_DEBUG("%s() called with invalid algorithm!\n",
+			  __FUNCTION__);
+		return NULL;
+	}
+
+	/* Read private key */
+	f = fopen(filename, "r");
+	if (!f) {
+		VB2_DEBUG("%s(): Couldn't open key file: %s\n",
+			  __FUNCTION__, filename);
+		return NULL;
+	}
+	rsa_key = PEM_read_RSAPrivateKey(f, NULL, NULL, NULL);
+	fclose(f);
+	if (!rsa_key) {
+		VB2_DEBUG("%s(): Couldn't read private key from file: %s\n",
+			 __FUNCTION__, filename);
+		return NULL;
+	}
+
+	/* Store key and algorithm in our struct */
+	struct vb2_private_key *key =
+		(struct vb2_private_key *)calloc(sizeof(*key), 1);
+	if (!key) {
+		RSA_free(rsa_key);
+		return NULL;
+	}
+	key->rsa_private_key = rsa_key;
+	key->hash_alg = vb2_crypto_to_hash(algorithm);
+	key->sig_alg = vb2_crypto_to_signature(algorithm);
+
+	/* Return the key */
+	return key;
+}
diff --git a/host/lib/host_keyblock.c b/host/lib/host_keyblock.c
index 333b7d4f..982013fb 100644
--- a/host/lib/host_keyblock.c
+++ b/host/lib/host_keyblock.c
@@ -57,9 +57,9 @@ VbKeyBlockHeader* KeyBlockCreate(const VbPublicKey* data_key,
     Memset(&h->key_block_signature, 0, sizeof(VbSignature));
 
   /* Calculate checksum */
-  sigtmp = CalculateChecksum((uint8_t*)h, signed_size);
-  SignatureCopy(&h->key_block_checksum, sigtmp);
-  free(sigtmp);
+  struct vb2_signature *chk = vb2_sha512_signature((uint8_t*)h, signed_size);
+  SignatureCopy(&h->key_block_checksum, (VbSignature *)chk);
+  free(chk);
 
   /* Calculate signature */
   if (signing_key) {
@@ -117,9 +117,9 @@ VbKeyBlockHeader* KeyBlockCreate_external(const VbPublicKey* data_key,
                 siglen_map[algorithm], signed_size);
 
   /* Calculate checksum */
-  sigtmp = CalculateChecksum((uint8_t*)h, signed_size);
-  SignatureCopy(&h->key_block_checksum, sigtmp);
-  free(sigtmp);
+  struct vb2_signature *chk = vb2_sha512_signature((uint8_t*)h, signed_size);
+  SignatureCopy(&h->key_block_checksum, (VbSignature *)chk);
+  free(chk);
 
   /* Calculate signature */
   sigtmp = CalculateSignature_external((uint8_t*)h, signed_size,
diff --git a/host/lib/host_signature.c b/host/lib/host_signature.c
index 57676842..33000f1f 100644
--- a/host/lib/host_signature.c
+++ b/host/lib/host_signature.c
@@ -54,54 +54,6 @@ int SignatureCopy(VbSignature* dest, const VbSignature* src) {
   return 0;
 }
 
-
-VbSignature* CalculateChecksum(const uint8_t* data, uint64_t size) {
-
-  uint8_t header_checksum[VB2_SHA512_DIGEST_SIZE];
-  VbSignature* sig;
-
-  if (VB2_SUCCESS != vb2_digest_buffer(data, size, VB2_HASH_SHA512,
-				       header_checksum,
-				       sizeof(header_checksum)))
-    return NULL;
-
-  sig = SignatureAlloc(VB2_SHA512_DIGEST_SIZE, 0);
-  if (!sig)
-    return NULL;
-
-  sig->sig_offset = sizeof(VbSignature);
-  sig->sig_size = VB2_SHA512_DIGEST_SIZE;
-  sig->data_size = size;
-
-  /* Signature data immediately follows the header */
-  Memcpy(GetSignatureData(sig), header_checksum, VB2_SHA512_DIGEST_SIZE);
-  return sig;
-}
-
-VbSignature* CalculateHash(const uint8_t* data, uint64_t size,
-                           const VbPrivateKey* key) {
-  int vb2_alg = vb2_crypto_to_hash(key->algorithm);
-  uint8_t digest[VB2_MAX_DIGEST_SIZE];
-  int digest_size = vb2_digest_size(vb2_alg);
-  VbSignature* sig = NULL;
-
-  /* Calculate the digest */
-  if (VB2_SUCCESS != vb2_digest_buffer(data, size, vb2_alg,
-				       digest, sizeof(digest)))
-    return NULL;
-
-  /* Allocate output signature */
-  sig = SignatureAlloc(digest_size, size);
-  if (!sig)
-    return NULL;
-
-  /* The digest itself is the signature data */
-  Memcpy(GetSignatureData(sig), digest, digest_size);
-
-  /* Return the signature */
-  return sig;
-}
-
 VbSignature* CalculateSignature(const uint8_t* data, uint64_t size,
                                 const VbPrivateKey* key) {
   int vb2_alg = vb2_crypto_to_hash(key->algorithm);
diff --git a/host/lib/host_signature2.c b/host/lib/host_signature2.c
new file mode 100644
index 00000000..e07f3d06
--- /dev/null
+++ b/host/lib/host_signature2.c
@@ -0,0 +1,135 @@
+/* Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ *
+ * Host functions for signature generation.
+ */
+
+#include <openssl/rsa.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <sys/types.h>
+#include <sys/wait.h>
+#include <unistd.h>
+
+#include "2sysincludes.h"
+
+#include "2common.h"
+#include "2rsa.h"
+#include "2sha.h"
+#include "cryptolib.h"
+#include "file_keys.h"
+#include "host_common.h"
+#include "host_key2.h"
+#include "host_signature2.h"
+#include "vb2_common.h"
+#include "vboot_common.h"
+
+struct vb2_signature *vb2_alloc_signature(uint32_t sig_size,
+					  uint32_t data_size)
+{
+	struct vb2_signature *sig = (struct vb2_signature *)
+		calloc(sizeof(*sig) + sig_size, 1);
+	if (!sig)
+		return NULL;
+
+	sig->sig_offset = sizeof(*sig);
+	sig->sig_size = sig_size;
+	sig->data_size = data_size;
+
+	return sig;
+}
+
+void vb2_init_signature(struct vb2_signature *sig, uint8_t *sig_data,
+			uint32_t sig_size, uint32_t data_size)
+{
+	sig->sig_offset = OffsetOf(sig, sig_data);
+	sig->sig_size = sig_size;
+	sig->data_size = data_size;
+}
+
+int vb2_copy_signature(struct vb2_signature *dest,
+		       const struct vb2_signature *src)
+{
+	if (dest->sig_size < src->sig_size)
+		return VB2_ERROR_SIG_SIZE;
+
+	dest->sig_size = src->sig_size;
+	dest->data_size = src->data_size;
+
+	memcpy(vb2_signature_data(dest),
+	       vb2_signature_data((struct vb2_signature *)src),
+	       src->sig_size);
+
+	return VB2_SUCCESS;
+}
+
+struct vb2_signature *vb2_sha512_signature(const uint8_t *data, uint32_t size)
+{
+	uint8_t digest[VB2_SHA512_DIGEST_SIZE];
+	if (VB2_SUCCESS != vb2_digest_buffer(data, size, VB2_HASH_SHA512,
+					     digest, sizeof(digest)))
+		return NULL;
+
+	struct vb2_signature *sig =
+		vb2_alloc_signature(VB2_SHA512_DIGEST_SIZE, size);
+	if (!sig)
+		return NULL;
+
+	memcpy(vb2_signature_data(sig), digest, VB2_SHA512_DIGEST_SIZE);
+	return sig;
+}
+
+struct vb2_signature *vb2_calculate_signature(
+		const uint8_t *data, uint32_t size,
+		const struct vb2_private_key *key)
+{
+	uint8_t digest[VB2_MAX_DIGEST_SIZE];
+	uint32_t digest_size = vb2_digest_size(key->hash_alg);
+
+	uint32_t digest_info_size = 0;
+	const uint8_t *digest_info = NULL;
+	if (VB2_SUCCESS != vb2_digest_info(key->hash_alg,
+					   &digest_info, &digest_info_size))
+		return NULL;
+
+	/* Calculate the digest */
+	if (VB2_SUCCESS != vb2_digest_buffer(data, size, key->hash_alg,
+					     digest, digest_size))
+		return NULL;
+
+	/* Prepend the digest info to the digest */
+	int signature_digest_len = digest_size + digest_info_size;
+	uint8_t *signature_digest = malloc(signature_digest_len);
+	if (!signature_digest)
+		return NULL;
+
+	memcpy(signature_digest, digest_info, digest_info_size);
+	memcpy(signature_digest + digest_info_size, digest, digest_size);
+
+	/* Allocate output signature */
+	struct vb2_signature *sig = (struct vb2_signature *)
+		vb2_alloc_signature(vb2_rsa_sig_size(key->sig_alg), size);
+	if (!sig) {
+		free(signature_digest);
+		return NULL;
+	}
+
+	/* Sign the signature_digest into our output buffer */
+	int rv = RSA_private_encrypt(signature_digest_len,    /* Input length */
+				     signature_digest,        /* Input data */
+				     vb2_signature_data(sig), /* Output sig */
+				     key->rsa_private_key,    /* Key to use */
+				     RSA_PKCS1_PADDING);      /* Padding */
+	free(signature_digest);
+
+	if (-1 == rv) {
+		VB2_DEBUG("%s: RSA_private_encrypt() failed.\n", __func__);
+		free(sig);
+		return NULL;
+	}
+
+	/* Return the signature */
+	return sig;
+}
diff --git a/host/lib/include/host_common.h b/host/lib/include/host_common.h
index 895a675f..c9f9713f 100644
--- a/host/lib/include/host_common.h
+++ b/host/lib/include/host_common.h
@@ -24,17 +24,21 @@
 #include "vboot_struct.h"
 
 /**
- * Create a firmware preamble, signed with [signing_key].
+ * Create a firmware preamble.
  *
- * Caller owns the returned pointer, and must free it with Free().
+ * @param firmware_version	Firmware version
+ * @param kernel_subkey		Kernel subkey to store in preamble
+ * @param body_signature	Signature of firmware body
+ * @param signing_key		Private key to sign header with
+ * @param flags			Firmware preamble flags
  *
- * Returns NULL if error.
+ * @return The preamble, or NULL if error.  Caller must free() it.
  */
-VbFirmwarePreambleHeader *CreateFirmwarePreamble(
-	uint64_t firmware_version,
-	const VbPublicKey *kernel_subkey,
-	const VbSignature *body_signature,
-	const VbPrivateKey *signing_key,
+struct vb2_fw_preamble *vb2_create_fw_preamble(
+	uint32_t firmware_version,
+	const struct vb2_packed_key *kernel_subkey,
+	const struct vb2_signature *body_signature,
+	const struct vb2_private_key *signing_key,
 	uint32_t flags);
 
 /**
diff --git a/host/lib/include/host_key.h b/host/lib/include/host_key.h
index cdfc81bd..25b7f767 100644
--- a/host/lib/include/host_key.h
+++ b/host/lib/include/host_key.h
@@ -8,10 +8,12 @@
 #ifndef VBOOT_REFERENCE_HOST_KEY_H_
 #define VBOOT_REFERENCE_HOST_KEY_H_
 
+#include "2crypto.h"
 #include "cryptolib.h"
 #include "vboot_struct.h"
 
 struct vb2_packed_key;
+struct vb2_private_key;
 
 typedef struct rsa_st RSA;
 
@@ -23,9 +25,11 @@ typedef struct VbPrivateKey {
 
 
 /* Read a private key from a .pem file.  Caller owns the returned pointer,
- * and must free it with PrivateKeyFree(). */
+ * and must free() it. */
 VbPrivateKey* PrivateKeyReadPem(const char* filename, uint64_t algorithm);
-
+struct vb2_private_key *vb2_read_private_key_pem(
+		const char *filename,
+		enum vb2_crypto_algorithm algorithm);
 
 /* Free a private key. */
 void PrivateKeyFree(VbPrivateKey* key);
@@ -33,13 +37,12 @@ void PrivateKeyFree(VbPrivateKey* key);
 /* Write a private key to a file in .vbprivk format. */
 int PrivateKeyWrite(const char* filename, const VbPrivateKey* key);
 
-/* Read a privake key from a .vbprivk file.  Caller owns the returned
- * pointer, and must free it with PrivateKeyFree().
+/* Read a private key from a .vbprivk file.  Caller owns the returned
+ * pointer, and must free() it.
  *
  * Returns NULL if error. */
 VbPrivateKey* PrivateKeyRead(const char* filename);
-
-
+struct vb2_private_key *vb2_read_private_key(const char *filename);
 
 /* Allocate a new public key with space for a [key_size] byte key. */
 VbPublicKey* PublicKeyAlloc(uint64_t key_size, uint64_t algorithm,
diff --git a/host/lib/include/host_signature.h b/host/lib/include/host_signature.h
index fb03c6c5..2c7f24ae 100644
--- a/host/lib/include/host_signature.h
+++ b/host/lib/include/host_signature.h
@@ -13,35 +13,57 @@
 #include "utility.h"
 #include "vboot_struct.h"
 
+struct vb2_private_key;
+struct vb2_signature;
 
-/* Initialize a signature struct. */
+/**
+ * Initialize a signature struct.
+ *
+ * @param sig		Structure to initialize
+ * @param sig_data	Pointer to signature data buffer (after sig)
+ * @param sig_size	Size of signature data buffer in bytes
+ * @param data_size	Amount of data signed in bytes
+ */
 void SignatureInit(VbSignature* sig, uint8_t* sig_data,
                    uint64_t sig_size, uint64_t data_size);
+void vb2_init_signature(struct vb2_signature *sig, uint8_t *sig_data,
+			uint32_t sig_size, uint32_t data_size);
 
 
-/* Allocate a new signature with space for a [sig_size] byte signature. */
+/**
+ * Allocate a new signature.
+ *
+ * @param sig_size	Size of signature in bytes
+ * @param data_size	Amount of data signed in bytes
+ *
+ * @return The signature or NULL if error.  Caller must free() it.
+ */
 VbSignature* SignatureAlloc(uint64_t sig_size, uint64_t data_size);
+struct vb2_signature *vb2_alloc_signature(uint32_t sig_size,
+					  uint32_t data_size);
 
-
-/* Copy a signature key from [src] to [dest].
+/**
+ * Copy a signature.
  *
- * Returns 0 if success, non-zero if error. */
+ * @param dest		Destination signature
+ * @param src		Source signature
+ *
+ * @return VB2_SUCCESS, or non-zero if error. */
 int SignatureCopy(VbSignature* dest, const VbSignature* src);
+int vb2_copy_signature(struct vb2_signature *dest,
+		       const struct vb2_signature *src);
 
-
-/* Calculates a SHA-512 checksum.
- * Caller owns the returned pointer, and must free it with Free().
+/**
+ * Calculate a SHA-512 digest-only signature.
  *
- * Returns NULL on error. */
-VbSignature* CalculateChecksum(const uint8_t* data, uint64_t size);
-
-
-/* Calculates a hash of the data using the algorithm from the specified key.
- * Caller owns the returned pointer, and must free it with Free().
+ * Caller owns the returned pointer, and must free() it.
  *
- * Returns NULL on error. */
-VbSignature* CalculateHash(const uint8_t* data, uint64_t size,
-                           const VbPrivateKey* key);
+ * @param data		Pointer to data to hash
+ * @param size		Length of data in bytes
+ *
+ * @return The signature, or NULL if error.
+ */
+struct vb2_signature *vb2_sha512_signature(const uint8_t *data, uint32_t size);
 
 /* Calculates a signature for the data using the specified key.
  * Caller owns the returned pointer, and must free it with Free().
@@ -49,6 +71,9 @@ VbSignature* CalculateHash(const uint8_t* data, uint64_t size,
  * Returns NULL on error. */
 VbSignature* CalculateSignature(const uint8_t* data, uint64_t size,
                                 const VbPrivateKey* key);
+struct vb2_signature *vb2_calculate_signature(
+		const uint8_t *data, uint32_t size,
+		const struct vb2_private_key *key);
 
 /* Calculates a signature for the data using the specified key and
  * an external program.
diff --git a/host/lib21/host_signature.c b/host/lib21/host_signature.c
index 01f4f326..5339b075 100644
--- a/host/lib21/host_signature.c
+++ b/host/lib21/host_signature.c
@@ -17,17 +17,9 @@
 #include "host_signature2.h"
 #include "host_misc.h"
 
-/**
- * Get the digest info for a hash algorithm
- *
- * @param hash_alg	Hash algorithm
- * @param buf_ptr	On success, points to the digest info
- * @param size_ptr	On success, contains the info size in bytes
- * @return VB2_SUCCESS, or non-zero error code on failure.
- */
-static int vb2_digest_info(enum vb2_hash_algorithm hash_alg,
-			   const uint8_t **buf_ptr,
-			   uint32_t *size_ptr)
+int vb2_digest_info(enum vb2_hash_algorithm hash_alg,
+		    const uint8_t **buf_ptr,
+		    uint32_t *size_ptr)
 {
 	*buf_ptr = NULL;
 	*size_ptr = 0;
diff --git a/host/lib21/include/host_signature2.h b/host/lib21/include/host_signature2.h
index 8eb95ba8..5faf6da7 100644
--- a/host/lib21/include/host_signature2.h
+++ b/host/lib21/include/host_signature2.h
@@ -11,6 +11,19 @@
 #include "2struct.h"
 
 struct vb2_private_key;
+struct vb21_signature;
+
+/**
+ * Get the digest info for a hash algorithm
+ *
+ * @param hash_alg	Hash algorithm
+ * @param buf_ptr	On success, points to the digest info
+ * @param size_ptr	On success, contains the info size in bytes
+ * @return VB2_SUCCESS, or non-zero error code on failure.
+ */
+int vb2_digest_info(enum vb2_hash_algorithm hash_alg,
+		    const uint8_t **buf_ptr,
+		    uint32_t *size_ptr);
 
 /**
  * Sign data buffer
diff --git a/host/linktest/main.c b/host/linktest/main.c
index 5e7aa275..1631ec37 100644
--- a/host/linktest/main.c
+++ b/host/linktest/main.c
@@ -36,11 +36,9 @@ int main(void)
   SignatureInit(0, 0, 0, 0);
   SignatureAlloc(0, 0);
   SignatureCopy(0, 0);
-  CalculateChecksum(0, 0);
   CalculateSignature(0, 0, 0);
 
   /* host_common.h */
-  CreateFirmwarePreamble(0, 0, 0, 0, 0);
   CreateKernelPreamble(0, 0, 0, 0, 0, 0, 0, 0, 0, 0);
 
   /* file_keys.h */