futility: add support for .pem with public keystabilize-smaug-7566.B

Add support for PEM file containing a RSA Public key in futility "show"
and "create" commands.

When "futility create" is given a PEM file with only a RSA public key,
generate the proper .vbpubk2 rather than failing.

BRANCH=smaug
BUG=none
TEST=make runtests
and run manually
futility show tests/testkeys/key_rsa4096.pub.pem
futility show tests/testkeys/key_rsa4096.pem

Change-Id: I707ceca54c80ba21f53869ad86c86fa23b31e665
Reviewed-on: https://chromium-review.googlesource.com/306683
Commit-Ready: Vincent Palatin <vpalatin@chromium.org>
Tested-by: Vincent Palatin <vpalatin@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>

1 files changed, 33 insertions, 19 deletions

diff --git a/futility/cmd_create.c b/futility/cmd_create.c
index 6da59a7f..143ea9ae 100644
--- a/futility/cmd_create.c
+++ b/futility/cmd_create.c
@@ -169,6 +169,7 @@ static int vb2_make_keypair()
 	uint32_t keyb_size;
 	enum vb2_signature_algorithm sig_alg;
 	uint8_t *pubkey_buf = 0;
+	int has_priv = 0;
 
 	FILE *fp;
 	int ret = 1;
@@ -180,12 +181,21 @@ static int vb2_make_keypair()
 	}
 
 	rsa_key = PEM_read_RSAPrivateKey(fp, NULL, NULL, NULL);
-	fclose(fp);
 
 	if (!rsa_key) {
+		/* Check if the PEM contains only a public key */
+		fseek(fp, 0, SEEK_SET);
+		rsa_key = PEM_read_RSA_PUBKEY(fp, NULL, NULL, NULL);
+	}
+	fclose(fp);
+	if (!rsa_key) {
 		fprintf(stderr, "Unable to read RSA key from %s\n", infile);
 		goto done;
 	}
+	/* Public keys doesn't have the private exponent */
+	has_priv = !!rsa_key->d;
+	if (!has_priv)
+		fprintf(stderr, "%s has a public key only.\n", infile);
 
 	sig_alg = vb2_rsa_sig_alg(rsa_key);
 	if (sig_alg == VB2_SIG_INVALID) {
@@ -193,19 +203,21 @@ static int vb2_make_keypair()
 		goto done;
 	}
 
-	/* Create the private key */
-	privkey = calloc(1, sizeof(*privkey));
-	if (!privkey) {
-		fprintf(stderr, "Unable to allocate the private key\n");
-		goto done;
-	}
+	if (has_priv) {
+		/* Create the private key */
+		privkey = calloc(1, sizeof(*privkey));
+		if (!privkey) {
+			fprintf(stderr, "Unable to allocate the private key\n");
+			goto done;
+		}
 
-	privkey->rsa_private_key = rsa_key;
-	privkey->sig_alg = sig_alg;
-	privkey->hash_alg = opt_hash_alg;
-	if (opt_desc && vb2_private_key_set_desc(privkey, opt_desc)) {
-		fprintf(stderr, "Unable to set the private key description\n");
-		goto done;
+		privkey->rsa_private_key = rsa_key;
+		privkey->sig_alg = sig_alg;
+		privkey->hash_alg = opt_hash_alg;
+		if (opt_desc && vb2_private_key_set_desc(privkey, opt_desc)) {
+			fprintf(stderr, "Unable to set the private key description\n");
+			goto done;
+		}
 	}
 
 	/* Create the public key */
@@ -248,16 +260,18 @@ static int vb2_make_keypair()
 		free(digest);
 	}
 
-	privkey->id = opt_id;
 	memcpy((struct vb2_id *)pubkey->id, &opt_id, sizeof(opt_id));
 
 	/* Write them out */
-	strcpy(outext, ".vbprik2");
-	if (vb2_private_key_write(privkey, outfile)) {
-		fprintf(stderr, "unable to write private key\n");
-		goto done;
+	if (has_priv) {
+		privkey->id = opt_id;
+		strcpy(outext, ".vbprik2");
+		if (vb2_private_key_write(privkey, outfile)) {
+			fprintf(stderr, "unable to write private key\n");
+			goto done;
+		}
+		fprintf(stderr, "wrote %s\n", outfile);
 	}
-	fprintf(stderr, "wrote %s\n", outfile);
 
 	strcpy(outext, ".vbpubk2");
 	if (vb2_public_key_write(pubkey, outfile)) {