vbutil_keyblock: Force checking the signature if signpubkey is provided

Previously, futility vbutil_keyblock --unpack would just ignore the error
if the keyblock was not signed (but a signing public key was provided).

This fix would have caught the regression introduced by
939cc3a "futility: Use only vboot 2.0 APIs for keyblocks"

BUG=chromium:611535
BRANCH=none
TEST=make runtests on m/master => fails
TEST=make runtests with CL:448399 => succeeds

Change-Id: Id7f0a248863aae2f41c2fa46fbb8a37848e707a9
Reviewed-on: https://chromium-review.googlesource.com/449058
Commit-Ready: Nicolas Boichat <drinkcat@chromium.org>
Tested-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>

1 files changed, 10 insertions, 3 deletions

diff --git a/futility/cmd_vbutil_keyblock.c b/futility/cmd_vbutil_keyblock.c
index f79b8ea8..61053497 100644
--- a/futility/cmd_vbutil_keyblock.c
+++ b/futility/cmd_vbutil_keyblock.c
@@ -175,11 +175,18 @@ static int Unpack(const char *infile, const char *datapubkey,
 		return 1;
 	}
 
-	/* If the block is signed, then verify it with the signing public key,
-	 * since vb2_read_keyblock() only verified the hash. */
-	if (block->keyblock_signature.sig_size && signpubkey) {
+	/* If the signing public key is provided, then verify the block
+	 * signature, since vb2_read_keyblock() only verified the hash. */
+	if (signpubkey) {
 		static uint8_t workbuf[VB2_WORKBUF_RECOMMENDED_SIZE];
 		static struct vb2_workbuf wb;
+
+		if (block->keyblock_signature.sig_size == 0) {
+			fprintf(stderr,
+				"vbutil_keyblock: signpubkey provided but keyblock is not signed.\n");
+			return 1;
+		}
+
 		vb2_workbuf_init(&wb, workbuf, sizeof(workbuf));
 
 		sign_key = vb2_read_packed_key(signpubkey);