imgtool: fix --vector-to-sign usage

`--vector-to-sign` only exports the image payload, or digest, to be
signed externally; it doesn't require any keys to be provided. This
commit moves the code outside a key required block, after the payload
and digest were already calculated from "image + headers + protected
TLVs".

Signed-off-by: Fabio Utzig <[email protected]>

Author: utzig

scripts/imgtool/image.py

@@ -434,22 +434,22 @@ def create(self, key, public_key_format, enckey, dependencies=None,
 
         tlv.add('SHA256', digest)
 
+        if vector_to_sign == 'payload':
+            # Stop amending data to the image
+            # Just keep data vector which is expected to be signed
+            print(os.path.basename(__file__) + ': export payload')
+            return
+        elif vector_to_sign == 'digest':
+            self.payload = digest
+            print(os.path.basename(__file__) + ': export digest')
+            return
+
         if key is not None or fixed_sig is not None:
             if public_key_format == 'hash':
                 tlv.add('KEYHASH', pubbytes)
             else:
                 tlv.add('PUBKEY', pub)
 
-            if vector_to_sign == 'payload':
-                # Stop amending data to the image
-                # Just keep data vector which is expected to be sigend
-                print(os.path.basename(__file__) + ': export payload')
-                return
-            elif vector_to_sign == 'digest':
-                self.payload = digest
-                print(os.path.basename(__file__) + ': export digest')
-                return
-
             if key is not None and fixed_sig is None:
                 # `sign` expects the full image payload (sha256 done internally),
                 # while `sign_digest` expects only the digest of the payload