Switch to using .vbprivk for signing everything now.

This makes it much simpler to keep track of what we're doing.

vbutil_key can now wrap both .keyb and .pem keys. It figures out which is
which by trying both and just using the one that works.

vbutil_keyblock and vbutil_kernel now use .vbprivk files for signing.

replace debug() with VBDEBUG(()) in host-side sources, too.

rename PrivateKeyRead to PrivateKeyReadPem

Add real PrivateKeyRead and PrivateKeyWrite for .vbprivk files.

Review URL: http://codereview.chromium.org/2871033

1 files changed, 31 insertions, 45 deletions

diff --git a/utility/vbutil_keyblock.c b/utility/vbutil_keyblock.c
index dbdcbd3f..7c3f0279 100644
--- a/utility/vbutil_keyblock.c
+++ b/utility/vbutil_keyblock.c
@@ -9,6 +9,7 @@
 #include <inttypes.h>  /* For PRIu64 */
 #include <stdio.h>
 #include <stdlib.h>
+#include <string.h>
 
 #include "cryptolib.h"
 #include "host_common.h"
@@ -22,7 +23,6 @@ enum {
   OPT_DATAPUBKEY,
   OPT_SIGNPUBKEY,
   OPT_SIGNPRIVATE,
-  OPT_ALGORITHM,
   OPT_FLAGS,
 };
 
@@ -32,45 +32,38 @@ static struct option long_opts[] = {
   {"datapubkey", 1, 0,                OPT_DATAPUBKEY              },
   {"signpubkey", 1, 0,                OPT_SIGNPUBKEY              },
   {"signprivate", 1, 0,               OPT_SIGNPRIVATE             },
-  {"algorithm", 1, 0,                 OPT_ALGORITHM               },
   {"flags", 1, 0,                     OPT_FLAGS                   },
   {NULL, 0, 0, 0}
 };
 
 
 /* Print help and return error */
-static int PrintHelp(void) {
-  int i;
-
-  puts("vbutil_keyblock - Verified boot key block utility\n"
-       "\n"
-       "Usage:  vbutil_keyblock <--pack|--unpack> <file> [OPTIONS]\n"
-       "\n"
-       "For '--pack <file>', required OPTIONS are:\n"
-       "  --datapubkey <file>         Data public key in .vbpubk format\n"
-       "  --signprivate <file>        Signing private key in .pem format\n"
-       "  --algorithm <algoid>        Signing algorithm for key, one of:");
-
-  for (i = 0; i < kNumAlgorithms; i++)
-    printf("                                %d (%s)\n", i, algo_strings[i]);
-
-  puts("\n"
-       "Optional OPTIONS are:\n"
-       "  --flags <number>            Flags\n"
-       "\n"
-       "For '--unpack <file>', required OPTIONS are:\n"
-       "  --signpubkey <file>         Signing public key in .vbpubk format\n"
-       "Optional OPTIONS are:\n"
-       "  --datapubkey <file>         Data public key output file\n"
-       "");
+static int PrintHelp(char *progname) {
+  fprintf(stderr,
+          "Verified boot key block utility\n"
+          "\n"
+          "Usage:  %s <--pack|--unpack> <file> [OPTIONS]\n"
+          "\n"
+          "For '--pack <file>', required OPTIONS are:\n"
+          "  --datapubkey <file>         Data public key in .vbpubk format\n"
+          "  --signprivate <file>"
+          "        Signing private key in .vbprivk format\n"
+          "\n"
+          "Optional OPTIONS are:\n"
+          "  --flags <number>            Flags\n"
+          "\n"
+          "For '--unpack <file>', required OPTIONS are:\n"
+          "  --signpubkey <file>         Signing public key in .vbpubk format\n"
+          "Optional OPTIONS are:\n"
+          "  --datapubkey <file>         Data public key output file\n",
+          progname);
   return 1;
 }
 
 
 /* Pack a .keyblock */
 static int Pack(const char* outfile, const char* datapubkey,
-                const char* signprivate, uint64_t algorithm,
-                uint64_t flags) {
+                const char* signprivate, uint64_t flags) {
   VbPublicKey* data_key;
   VbPrivateKey* signing_key;
   VbKeyBlockHeader* block;
@@ -83,17 +76,13 @@ static int Pack(const char* outfile, const char* datapubkey,
     fprintf(stderr, "vbutil_keyblock: Must specify all keys\n");
     return 1;
   }
-  if (algorithm >= kNumAlgorithms) {
-    fprintf(stderr, "Invalid algorithm\n");
-    return 1;
-  }
 
   data_key = PublicKeyRead(datapubkey);
   if (!data_key) {
     fprintf(stderr, "vbutil_keyblock: Error reading data key.\n");
     return 1;
   }
-  signing_key = PrivateKeyReadPem(signprivate, algorithm);
+  signing_key = PrivateKeyRead(signprivate);
   if (!signing_key) {
     fprintf(stderr, "vbutil_keyblock: Error reading signing key.\n");
     return 1;
@@ -168,12 +157,17 @@ int main(int argc, char* argv[]) {
   char* signpubkey = NULL;
   char* signprivate = NULL;
   uint64_t flags = 0;
-  uint64_t algorithm = kNumAlgorithms;
   int mode = 0;
   int parse_error = 0;
   char* e;
   int i;
 
+  char *progname = strrchr(argv[0], '/');
+  if (progname)
+    progname++;
+  else
+    progname = argv[0];
+
   while ((i = getopt_long(argc, argv, "", long_opts, NULL)) != -1) {
     switch (i) {
       case '?':
@@ -200,14 +194,6 @@ int main(int argc, char* argv[]) {
         signprivate = optarg;
         break;
 
-      case OPT_ALGORITHM:
-        algorithm = strtoul(optarg, &e, 0);
-        if (!*optarg || (e && *e)) {
-          printf("Invalid --algorithm\n");
-          parse_error = 1;
-        }
-        break;
-
       case OPT_FLAGS:
         flags = strtoul(optarg, &e, 0);
         if (!*optarg || (e && *e)) {
@@ -219,15 +205,15 @@ int main(int argc, char* argv[]) {
   }
 
   if (parse_error)
-    return PrintHelp();
+    return PrintHelp(progname);
 
   switch(mode) {
     case OPT_MODE_PACK:
-      return Pack(filename, datapubkey, signprivate, algorithm, flags);
+      return Pack(filename, datapubkey, signprivate, flags);
     case OPT_MODE_UNPACK:
       return Unpack(filename, datapubkey, signpubkey);
     default:
       printf("Must specify a mode.\n");
-      return PrintHelp();
+      return PrintHelp(progname);
   }
 }