1 files changed, 70 insertions, 2 deletions

diff --git a/firmware/bdb/host.c b/firmware/bdb/host.c
index 62b2c410..730d17d9 100644
--- a/firmware/bdb/host.c
+++ b/firmware/bdb/host.c
@@ -5,10 +5,10 @@
  * Host functions for signing
  */
 
-#include <stdio.h>
-#include <string.h>
 #include <unistd.h>
 
+#include "2sysincludes.h"
+#include "2common.h"
 #include "2sha.h"
 #include "bdb.h"
 #include "host.h"
@@ -224,6 +224,74 @@ struct bdb_sig *bdb_create_sig(const void *data,
 	return sig;
 }
 
+int bdb_sign_datakey(uint8_t **bdb, struct rsa_st *key)
+{
+	const struct bdb_header *header = bdb_get_header(*bdb);
+	const struct bdb_key *bdbkey = bdb_get_bdbkey(*bdb);
+	const void *oem = bdb_get_oem_area_0(*bdb);
+	const struct bdb_sig *sig = bdb_get_header_sig(*bdb);
+	struct bdb_sig *new_sig;
+	uint8_t *new_bdb, *src, *dst;
+	size_t len;
+
+	new_sig = bdb_create_sig(oem, header->signed_size,
+				 key, bdbkey->sig_alg, NULL);
+	new_bdb = calloc(1, header->bdb_size
+			 + (new_sig->struct_size - sig->struct_size));
+	if (!new_bdb)
+		return BDB_ERROR_UNKNOWN;
+
+	/* copy up to sig */
+	src = *bdb;
+	dst = new_bdb;
+	len = bdb_offset_of_header_sig(*bdb);
+	memcpy(dst, src, len);
+
+	/* copy new sig */
+	src += len;
+	dst += len;
+	memcpy(dst, new_sig, new_sig->struct_size);
+
+	/* copy the rest */
+	src += sig->struct_size;
+	dst += new_sig->struct_size;
+	len = bdb_size_of(*bdb) - vb2_offset_of(*bdb, src);
+	memcpy(dst, src, len);
+
+	free(*bdb);
+	free(new_sig);
+	*bdb = new_bdb;
+
+	return BDB_SUCCESS;
+}
+
+int bdb_sign_data(uint8_t **bdb, struct rsa_st *key)
+{
+	const struct bdb_key *datakey = bdb_get_datakey(*bdb);
+	const struct bdb_data *data = bdb_get_data(*bdb);
+	const uint64_t sig_offset = vb2_offset_of(*bdb, bdb_get_data_sig(*bdb));
+	struct bdb_sig *new_sig;
+	uint8_t *new_bdb;
+
+	new_sig = bdb_create_sig(data, data->signed_size,
+				 key, datakey->sig_alg, NULL);
+	new_bdb = calloc(1, sig_offset + new_sig->struct_size);
+	if (!new_bdb)
+		return BDB_ERROR_UNKNOWN;
+
+	/* copy all data up to the data sig */
+	memcpy(new_bdb, *bdb, sig_offset);
+
+	/* copy the new signature */
+	memcpy(new_bdb + sig_offset, new_sig, new_sig->struct_size);
+
+	free(*bdb);
+	free(new_sig);
+	*bdb = new_bdb;
+
+	return BDB_SUCCESS;
+}
+
 struct bdb_header *bdb_create(struct bdb_create_params *p)
 {
 	size_t bdb_size = 0;