vbutil_kernel: support exporting a keyblock file during verify

utility/vbutil_kernel.c

 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
  * Use of this source code is governed by a BSD-style license that can be
  * found in the LICENSE file.
  *
  * Verified boot kernel utility
  */
 
 #include <errno.h>
 #include <getopt.h>
 #include <inttypes.h>  /* For PRIu64 */
@@ skipping 94 matching lines @@
           "    --vblockonly              Emit just the verification blob\n",
           progname);
   fprintf(stderr,
           "\nOR\n\n"
           "Usage:  %s --verify <file> [PARAMETERS]\n"
           "\n"
           "  Optional:\n"
           "    --signpubkey <file>"
           "       Public key to verify kernel keyblock, in .vbpubk format\n"
           "    --verbose                 Print a more detailed report\n"
+          "    --keyblock <file>"
+          "       Outputs the verified key block, in .keyblock format\n"
           "\n",
           progname);
   return 1;
 }
 
 static void Debug(const char *format, ...) {
   if (!opt_debug)
     return;
 
   va_list ap;
@@ skipping 499 matching lines @@
     return 1;
   }
 
   /* fill the config buffer with zeros */
   Memset(BpCmdLineLocation(bp), 0, CROS_CONFIG_SIZE);
   Memcpy(BpCmdLineLocation(bp), new_conf, config_size);
   Free(new_conf);
   return 0;
 }
 
-static int Verify(const char* infile, const char* signpubkey, int verbose) {
+static int Verify(const char* infile, const char* signpubkey, int verbose,
+                  const char* key_block_file) {
 
   VbKeyBlockHeader* key_block;
   VbKernelPreambleHeader* preamble;
   VbPublicKey* data_key;
   VbPublicKey* sign_key = NULL;
   RSAPublicKey* rsa;
   blob_t* bp;
   uint64_t now;
   int rv = 1;
 
@@ skipping 20 matching lines @@
 
   /* Verify key block */
   key_block = bp->key_block;
   if (0 != KeyBlockVerify(key_block, bp->blob_size, sign_key,
                           (sign_key ? 0 : 1))) {
     error("Error verifying key block.\n");
     goto verify_exit;
   }
   now = key_block->key_block_size;
 
+  if (key_block_file) {
+    FILE* f = NULL;
+    f = fopen(key_block_file, "wb");
+    if (!f) {
+      error("Can't open key block file %s\n", key_block_file);
+      return 1;
+    }
+    if (1 != fwrite(key_block, key_block->key_block_size, 1, f)) {
+      error("Can't write key block file %s\n", key_block_file);
+      return 1;
+    }
+    fclose(f);
+  }
+
   printf("Key block:\n");
   data_key = &key_block->data_key;
   if (verbose)
     printf("  Signature:           %s\n", sign_key ? "valid" : "ignored");
   printf("  Size:                0x%" PRIx64 "\n", key_block->key_block_size);
   printf("  Flags:               %" PRIu64 " ", key_block->key_block_flags);
   if (key_block->key_block_flags & KEY_BLOCK_FLAG_DEVELOPER_0)
     printf(" !DEV");
   if (key_block->key_block_flags & KEY_BLOCK_FLAG_DEVELOPER_1)
     printf(" DEV");
@@ skipping 191 matching lines @@
       if (!r) {
         if (version >= 0) {
                 bp->kernel_version = (uint64_t) version;
         }
         r = Pack(filename, key_block_file, signprivate, bp, pad, vblockonly);
       }
       FreeBlob(bp);
       return r;
 
     case OPT_MODE_VERIFY:
-      return Verify(filename, signpubkey, verbose);
+      return Verify(filename, signpubkey, verbose, key_block_file);
 
     default:
       fprintf(stderr,
               "You must specify a mode: --pack, --repack or --verify\n");
       return PrintHelp(progname);
   }
 }