From patchwork Thu Oct 20 19:41:10 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Sean Anderson <sean.anderson@seco.com>
X-Patchwork-Id: 1692694
X-Patchwork-Delegate: trini@ti.com
Return-Path: <u-boot-bounces@lists.denx.de>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de
 (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de;
 envelope-from=u-boot-bounces@lists.denx.de; receiver=<UNKNOWN>)
Authentication-Results: legolas.ozlabs.org;
	dkim=pass (2048-bit key;
 unprotected) header.d=seco.com header.i=@seco.com header.a=rsa-sha256
 header.s=selector1 header.b=yf2zk23c;
	dkim-atps=neutral
Received: from phobos.denx.de (phobos.denx.de
 [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384))
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4MtdJd6dJxz23jk
	for <incoming@patchwork.ozlabs.org>; Fri, 21 Oct 2022 06:41:35 +1100 (AEDT)
Received: from h2850616.stratoserver.net (localhost [IPv6:::1])
	by phobos.denx.de (Postfix) with ESMTP id 8145184C7D;
	Thu, 20 Oct 2022 21:41:26 +0200 (CEST)
Authentication-Results: phobos.denx.de;
 dmarc=pass (p=reject dis=none) header.from=seco.com
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de
Authentication-Results: phobos.denx.de;
	dkim=pass (2048-bit key;
 unprotected) header.d=seco.com header.i=@seco.com header.b="yf2zk23c";
	dkim-atps=neutral
Received: by phobos.denx.de (Postfix, from userid 109)
 id 34A7584D6F; Thu, 20 Oct 2022 21:41:24 +0200 (CEST)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de
X-Spam-Level: 
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
 DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,
 SPF_PASS autolearn=ham autolearn_force=no version=3.4.2
Received: from EUR05-VI1-obe.outbound.protection.outlook.com
 (mail-vi1eur05on2063.outbound.protection.outlook.com [40.107.21.63])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by phobos.denx.de (Postfix) with ESMTPS id BA8F884BDB
 for <u-boot@lists.denx.de>; Thu, 20 Oct 2022 21:41:21 +0200 (CEST)
Authentication-Results: phobos.denx.de;
 dmarc=pass (p=reject dis=none) header.from=seco.com
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=sean.anderson@seco.com
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=GiCOrTju7H11ji6euwUVMhrxz/yIS1Is0m1pAmwkKC/uEjzLSyVo5MTFgv2bR6+DXKLYfgfxC48j/jNenEBLtgSQ3HHmM6+BLa0dWw1NI7MyovFAQx+q/tUdFA1CGppQMflKo1nP5qSugWkBaRwvFxPLOfVkTENRjHnD7X571RGIZ/cdVz4GxOajuy6W0UvB7LHdedyB33Ve4ImwZvzccB0YaHBq5FEzLN2QES2WLZAO70JOg9jrG9bvXEu/GwgvDN26FNaxAQdEF7Lt6mSuVRemHUEjL41kSVRtT+78aMwwmMzgI0sPXQsn79u1JrqsdIkBkS8cCb6xZGRSvvX6QA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=3Y0TYq+5UF493gMebaRNRfFjQiGEzcr8M8tYlJWZfrM=;
 b=ZrFvn/iUxoXK8yChSIKAAgWjatGtDo0Xr3JfI996x8WCckHuSTEJYsj4WVKBEOAX90ecUjlPDYmuxfCvezodjE3L+4LOWjHMbkPUdygrtIkDJCUFvOf/W3TwnOsB0JzpDkWAUoz+ABGzWV3Kz9+EVkkpnCJKLSCOl9lGmZDKO69o/Jesgp5QTpqC3tkTk7x0Ws1Nh6USa6RpsseFis1lUWx080xwv+YpWzVwfym0weSQjpGPzZ5K/jO6iWuwg/RfHn1zOxQQyTyxUblsrBER36oP2lqYSORLC3+sVtoGeWDXr9odXo4Km0ODHtrRPOXeixu/5E7ufumwpfMu3m8f4A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=seco.com; dmarc=pass action=none header.from=seco.com;
 dkim=pass header.d=seco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seco.com; s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=3Y0TYq+5UF493gMebaRNRfFjQiGEzcr8M8tYlJWZfrM=;
 b=yf2zk23coUITDuKlxngsIqW10vCvHh5QfGMYizTTAwyZ8Qa+NDJyvzpFxBY/Pw11awBQT5/Byz9lyapQz8Jj+ByBFNT7QE7uUIqCjIx/Ew0nNykeAKn0ow8UHy/wC8z9q0Dw+zxnFUWjKMR4tqIR62aT/vL2zEIr6nHVf2bU5wY6tCrKEviHSJbbkntBMSCsHpPBlRHyjurv/uEkjURYiMNVsMRSHOAMp3rXm+qb9iSiDPtTAtztgElhzGvHkKuMlHlgYlgugItuK9jr6oR5pqhH+xN/JvszdhlN3+9MtZPkWRKJ0m9GcDMvo/OZSI+MQYpoLEsOcTvqJtR0Bpv1Gg==
Authentication-Results: dkim=none (message not signed)
 header.d=none;dmarc=none action=none header.from=seco.com;
Received: from DB7PR03MB4972.eurprd03.prod.outlook.com (2603:10a6:10:7d::22)
 by AM9PR03MB7169.eurprd03.prod.outlook.com (2603:10a6:20b:266::20) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5723.30; Thu, 20 Oct
 2022 19:41:20 +0000
Received: from DB7PR03MB4972.eurprd03.prod.outlook.com
 ([fe80::204a:de22:b651:f86d]) by DB7PR03MB4972.eurprd03.prod.outlook.com
 ([fe80::204a:de22:b651:f86d%6]) with mapi id 15.20.5723.034; Thu, 20 Oct 2022
 19:41:20 +0000
From: Sean Anderson <sean.anderson@seco.com>
To: u-boot@lists.denx.de,
	Simon Glass <sjg@chromium.org>
Cc: John Keeping <john@metanate.com>,
 Philippe Reynes <philippe.reynes@softathome.com>,
 Sean Anderson <sean.anderson@seco.com>
Subject: [PATCH v2] mkimage: fit: Fix signing of configs with external data
Date: Thu, 20 Oct 2022 15:41:10 -0400
Message-Id: <20221020194110.2505089-1-sean.anderson@seco.com>
X-Mailer: git-send-email 2.35.1.1320.gc452695387.dirty
X-ClientProxiedBy: BLAPR03CA0025.namprd03.prod.outlook.com
 (2603:10b6:208:32b::30) To DB7PR03MB4972.eurprd03.prod.outlook.com
 (2603:10a6:10:7d::22)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: DB7PR03MB4972:EE_|AM9PR03MB7169:EE_
X-MS-Office365-Filtering-Correlation-Id: 6127792a-7e83-4cc6-8ee1-08dab2d30fe6
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 
 waqStQt8uRYwVlMcQRvC8PcFJnEDZUT6tuAo1UTHukcPer6fez98r7X0QYPn4tz51MT87jrVhIhnoUoQBESrLsl8Av8b2N08cCccrz+M8SOQgCUWWS6AiJkvhuSbSfu5TDBLDwQNxUhi86tUSXdRWRwhnkm6fhAKHe+MGaN2uAvLgmiPk6PpKl3GTy/rT7GE95xGSglnyKVyT0Y0FcxpPv9PnbWmR9YhWLqCKFO/aY7t2GrQ2JHUTtXW2puwM/mdrpuijVZc3XTOPAAJMHgko4itvXFB/fKfno5Wf5tWeLW0H27/r+tCX/9Sncf2go3+TczJisdlt0Y2fyTzX0upylzZsQzQbIw1S9sKS9U2WBLGFawZ5VjZknPgBF9UVIkFibTWYHMPTtHhlfuTf3vFvhiA9C4fquwaYvQjArO8XKWMEGUfUGLiK/QOoWDBvTYQs0wNHp3Q3MFKP0ePRMzla1AbVVlVeNuwyRfKot52bt8vsPwAr8JirPs/uK5Rk+1HulOx4WkYfIaVOgR/fAzbaKBuClJ/oLH21Vhmu8woZXmUngsIHeeyTXlVIJ6XkmNSC6tYmU/ku/Vzvor3OXwOg+mGHb5+7ZmjbtHOL8u3UBDI7moJVfKRWYoMX8yI+420LHhwTeJXTwrK8htWEDm4G/hCLFUdPbxVcV+KG9Yj7x5/w02eH0x+WojgLOuhJSGJ5qbMW8obkinFXL0hkPLVrr+bnLivrnRsXrdlm58SrYjCrxvqrFsgQlr5fDLe52+uXDg7UzCSH0gpePzcovvC0Q==
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;
 IPV:NLI; SFV:NSPM; H:DB7PR03MB4972.eurprd03.prod.outlook.com; PTR:; CAT:NONE;
 SFS:(13230022)(136003)(376002)(396003)(39850400004)(366004)(346002)(451199015)(6916009)(54906003)(316002)(66556008)(6506007)(66946007)(478600001)(6666004)(66476007)(107886003)(4326008)(8676002)(41300700001)(6512007)(26005)(8936002)(52116002)(186003)(1076003)(2906002)(2616005)(5660300002)(6486002)(44832011)(38100700002)(38350700002)(36756003)(83380400001)(86362001);
 DIR:OUT; SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
 ZTAIG2Gr/kX3nh69DVa3Jj5tHdXbCXuq5pmz7a2odGjPM54sbfimZFEiJadSKD/hk91LVT4akrE26DdnBe8Nqq3k8tmZe9mtckqePvbF1XmrSb9XuQ8RdW2epcBIqetIzUv4TdpDEiXd/DrrU0SXfkDwjKaE/hQsjt21aMMp0/g03Q8LqKXt5psvdXBWlKIaOJNAbok004lkwTSfvKgVV6eqgERffNc08mbTPmTerk0V46qRy/OSyqmClpnUcSKZuwb/CVQ74ug/gynb6togzdjmrOuT3mDKobl07+2HGigTgW9zCYqU+Zq7bKTuBwy6dhZOvp/swsiOfAFYuVUXxVia6IN+NL5dmDzTgjOiXuiIPSK2Yf1G83zP3uCygYmR6zGs91Llwuz8S4Qc8TGCk3oyi99UDWhv1gqyK56wDchAvl/3Llm1bWqPXLn7ZAulm9LPh3mVkIlLWUl0bvglT+mos/lEZJtzPHEAs1zSok6jU2GDtSdUBR5WAvfUA7yBsviIBlSEmpeK0VcCmrvVIpBf0NxPCXgrg9Smurxk0vm4HXc2Z/24wRM1DzfAn3ERnKB+EGeZ04ThybYuwQWNxNYMkELQEUt86RznxW4Q+2QJjOzVUON77QJROF8llL/Wrq/4x4uzwjeEQk9sZWdn8fa9exhD1O1qNS+848utVQ6U09WOCp/n7W+ubpEdT6RxQvgA6uMSQK+S1FRC55kXxSG/YmRgteO7YQRvFZV++jNxQ2M7h459bcKRgLbe5hVEK4Pl+0fMfpOqnhpb05lTH/JxbiVz+OxIWRqlmWn7sgUw6Ja1NFXBwRemZ4O0/OtMyXjmEo7h9V4XwV8PFnchSLE6stut6l/piMXAJ3iwpBR6hFHW8x/cyrt3ihD6Py7b/bOmAiSoGJnifxf6AGUj344KrXMEYvJEzpsYxmGu15r52kdAPsFsyF17LcPnsZyM6KPDExZ40Ht+4BdI4rsoOZX6n0s0b84UPoTcYzqEinIFM07U4mEes1xD+Dym173wcDdZyRuUs4EQzNh+sT1cmUtg274a/Iwv6A9QIyTVAz+aqAjJyfr+Sqmu/RuI1bK1ZBLgeL7W+lVuI8RZkCSRDOzCJwh9xPlx7qzYPPYkyoIStAoW1mu4ZQjO3HvUtyJGwf4r+8xA9jeonuYJKJZmwIXhMMbCnR3wkaNbj21ynwSiyuG3bkSfkRHauJfKLlKrJCud1+RXULpSmqQrOFD6HEE28btT7arARe9nZggcEyWSGZaZe6TbTuuWnn8ML24hPJfNj9gKCycmr2Xt4a0GQSNG9mmq48vblkqOSfxzj6NMbeMzohyup9Irtg6FQNkDxN1xzGiGbI/OA/QVvSXYnS8K2lm6+XHCwSsrt5YjLcRVJ17rVZiQ6m+dXIsKfxUgMMgwsnJcGR/qN736WY1pKfVgQLlA+Iz2U/Gf99kpxDFF+QKQxm7PW5kDCvxasVYqSQtP3MZA5gdhWxdzyr4VlBFGuqrifeRLaBSWJ+Q0u70N1iv1BuYttwP01+XHqZviYRSFdZ9X7Hvnq/6WzjMFCRBLrPr0ePsxCaEf3rGheSoJKvF8iE3aWnI4ZtQPkBYshWpDkVUphOw2wpxyj2Af6w==
X-OriginatorOrg: seco.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 6127792a-7e83-4cc6-8ee1-08dab2d30fe6
X-MS-Exchange-CrossTenant-AuthSource: DB7PR03MB4972.eurprd03.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Oct 2022 19:41:20.2208 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: bebe97c3-6438-442e-ade3-ff17aa50e733
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 
 drrXHma8U5kq45oYqj+/YID4zYCBQxzZ8h6wa81sNQDnJaqvH1XzKQPN700/rEShpK2fyEJexbG8W5yN880CIQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM9PR03MB7169
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <https://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
X-Virus-Scanned: clamav-milter 0.103.6 at phobos.denx.de
X-Virus-Status: Clean

Just like we exclude data-size, data-position, and data-offset from
fit_config_check_sig, we must exclude them while signing as well.

While we're at it, use the FIT_DATA_* defines for fit_config_check_sig
as welll.

Fixes: 8edecd3110e ("fit: Fix verification of images with external data")
Fixes: c522949a29d ("rsa: sig: fix config signature check for fit with padding")
Signed-off-by: Sean Anderson <sean.anderson@seco.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
---

Changes in v2:
- Use FIT_DATA_* defines

 boot/image-fit-sig.c | 8 ++++----
 tools/image-host.c   | 7 ++++++-
 2 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/boot/image-fit-sig.c b/boot/image-fit-sig.c
index a461d591a0e..12369896fe3 100644
--- a/boot/image-fit-sig.c
+++ b/boot/image-fit-sig.c
@@ -260,10 +260,10 @@ static int fit_config_check_sig(const void *fit, int noffset, int conf_noffset,
 				char **err_msgp)
 {
 	static char * const exc_prop[] = {
-		"data",
-		"data-size",
-		"data-position",
-		"data-offset"
+		FIT_DATA_PROP,
+		FIT_DATA_SIZE_PROP,
+		FIT_DATA_POSITION_PROP,
+		FIT_DATA_OFFSET_PROP,
 	};
 
 	const char *prop, *end, *name;
diff --git a/tools/image-host.c b/tools/image-host.c
index 698adfb3e1d..4a4e1c10d1e 100644
--- a/tools/image-host.c
+++ b/tools/image-host.c
@@ -917,7 +917,12 @@ static int fit_config_get_regions(const void *fit, int conf_noffset,
 				  int *region_countp, char **region_propp,
 				  int *region_proplen)
 {
-	char * const exc_prop[] = {"data"};
+	char * const exc_prop[] = {
+		FIT_DATA_PROP,
+		FIT_DATA_SIZE_PROP,
+		FIT_DATA_POSITION_PROP,
+		FIT_DATA_OFFSET_PROP,
+	};
 	struct strlist node_inc;
 	struct image_region *region;
 	struct fdt_region fdt_regions[100];