1 files changed, 20 insertions, 14 deletions

diff --git a/futility/cmd_sign.c b/futility/cmd_sign.c
index 6d448404..23e298b9 100644
--- a/futility/cmd_sign.c
+++ b/futility/cmd_sign.c
@@ -60,16 +60,22 @@ static int no_opt_if(int expr, const char *optname)
 /* This wraps/signs a public key, producing a keyblock. */
 int ft_sign_pubkey(const char *name, uint8_t *buf, uint32_t len, void *data)
 {
-	VbPublicKey *data_key = (VbPublicKey *)buf;
-	VbKeyBlockHeader *vblock;
+	struct vb2_packed_key *data_key = (struct vb2_packed_key *)buf;
+	struct vb2_keyblock *block;
+
+	if (!packed_key_looks_ok(data_key, len)) {
+		fprintf(stderr, "Public key looks bad.\n");
+		return 1;
+	}
 
 	if (sign_option.pem_signpriv) {
 		if (sign_option.pem_external) {
 			/* External signing uses the PEM file directly. */
-			vblock = KeyBlockCreate_external(
+			block = vb2_create_keyblock_external(
 				data_key,
 				sign_option.pem_signpriv,
-				sign_option.pem_algo, sign_option.flags,
+				sign_option.pem_algo,
+				sign_option.flags,
 				sign_option.pem_external);
 		} else {
 			sign_option.signprivate = PrivateKeyReadPem(
@@ -90,19 +96,19 @@ int ft_sign_pubkey(const char *name, uint8_t *buf, uint32_t len, void *data)
 					strerror(errno));
 				return 1;
 			}
-			vblock = KeyBlockCreate(data_key,
-						sign_option.signprivate,
-						sign_option.flags);
+			block = vb2_create_keyblock(data_key,
+						    sign_option.signprivate2,
+						    sign_option.flags);
 		}
 	} else {
 		/* Not PEM. Should already have a signing key. */
-		vblock = KeyBlockCreate(data_key, sign_option.signprivate,
-					sign_option.flags);
+		block = vb2_create_keyblock(data_key, sign_option.signprivate2,
+					    sign_option.flags);
 	}
 
 	/* Write it out */
 	return WriteSomeParts(sign_option.outfile,
-			      vblock, vblock->key_block_size,
+			      block, block->keyblock_size,
 			      NULL, 0);
 }
 
@@ -166,7 +172,7 @@ int ft_sign_kern_preamble(const char *name, uint8_t *buf, uint32_t len,
 {
 	uint8_t *kpart_data, *kblob_data, *vblock_data;
 	uint64_t kpart_size, kblob_size, vblock_size;
-	VbKeyBlockHeader *keyblock = NULL;
+	struct vb2_keyblock *keyblock = NULL;
 	VbKernelPreambleHeader *preamble = NULL;
 	int rv = 0;
 
@@ -278,7 +284,7 @@ int ft_sign_raw_firmware(const char *name, uint8_t *buf, uint32_t len,
 
 	rv = WriteSomeParts(sign_option.outfile,
 			    sign_option.keyblock,
-			    sign_option.keyblock->key_block_size,
+			    sign_option.keyblock->keyblock_size,
 			    preamble, preamble->preamble_size);
 
 	free(preamble);
@@ -669,7 +675,7 @@ static int do_sign(int argc, char *argv[])
 			}
 			break;
 		case 'b':
-			sign_option.keyblock = KeyBlockRead(optarg);
+			sign_option.keyblock = vb2_read_keyblock(optarg);
 			if (!sign_option.keyblock) {
 				fprintf(stderr, "Error reading %s\n", optarg);
 				errorcnt++;
@@ -691,7 +697,7 @@ static int do_sign(int argc, char *argv[])
 			}
 			break;
 		case 'B':
-			sign_option.devkeyblock = KeyBlockRead(optarg);
+			sign_option.devkeyblock = vb2_read_keyblock(optarg);
 			if (!sign_option.devkeyblock) {
 				fprintf(stderr, "Error reading %s\n", optarg);
 				errorcnt++;