Add support for using external signing application and .pem private key files to vbutil_keyblock.

This allows signing using a .pem file using an external program.

It is assumed that the external program reads input from stdin, and outputs signed data on stdout. It takes one argument - the file name for the .pem private key reference. See external_rsa_signer.sh for an example external program.

Example usage:
vbutil_keyblock --pack 4096.keyblock \
                --datapubkey 4096.vbpubk \
                --signprivate_pem 4096.pem \
                --pem_algorithm 8 \
                --externalsigner "external_rsa_signer.sh"

I have tried to make the change such that it doesn't impact existing tools/interfaces (since these are used at various places). That said, I am aware of the places where we could just extend an old interface an avoid code duplication but thought I'd put that re-factoring in as a TODO for now. Let me know if you disagree and I can merge them (and changing the existing interface).

BUG=7576
TEST=Extended run_vbutil_tests.sh to test vbutil_keyblock packing using an external signer.

To test, make && make runtests (or just run tests/gen_test_keys.sh; tests/run_vbutils_tests.sh)

Review URL: http://codereview.chromium.org/4194003

Change-Id: I7cc52c8293c04ef9ba074794d046c9a4f19f6bdd

1 files changed, 9 insertions, 0 deletions

diff --git a/tests/external_rsa_signer.sh b/tests/external_rsa_signer.sh
new file mode 100755
index 00000000..0724b878
--- /dev/null
+++ b/tests/external_rsa_signer.sh
@@ -0,0 +1,9 @@
+#!/bin/bash
+
+if [ $# -ne 1 ]; then
+  echo "Usage: $0 <private_key_pem_file>"
+  echo "Reads data to sign from stdin, encrypted data is output to stdout"
+  exit 1
+fi
+
+openssl rsautl -sign -inkey $1