public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
* [Patch] BaseTools: Update Pkcs7 and RSA2048 tool with shell=True
@ 2017-03-28  9:37 Yonghong Zhu
  2017-03-29  7:29 ` Gao, Liming
  0 siblings, 1 reply; 2+ messages in thread
From: Yonghong Zhu @ 2017-03-28  9:37 UTC (permalink / raw)
  To: edk2-devel; +Cc: Liming Gao

Pkcs7Sign, Rsa2048Sha256Sign and Rsa2048Sha256GenerateKeys doesn't work
on Linux. It needs to be changed with shell=True.

Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Yonghong Zhu <yonghong.zhu@intel.com>
---
 BaseTools/Source/Python/Pkcs7Sign/Pkcs7Sign.py                      | 4 ++--
 .../Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256GenerateKeys.py    | 6 +++---
 BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py      | 6 +++---
 3 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/BaseTools/Source/Python/Pkcs7Sign/Pkcs7Sign.py b/BaseTools/Source/Python/Pkcs7Sign/Pkcs7Sign.py
index 6412587..ef79f80 100644
--- a/BaseTools/Source/Python/Pkcs7Sign/Pkcs7Sign.py
+++ b/BaseTools/Source/Python/Pkcs7Sign/Pkcs7Sign.py
@@ -201,11 +201,11 @@ if __name__ == '__main__':
     FullInputFileBuffer = struct.pack(format, args.InputFileBuffer, args.MonotonicCountValue)
 
     #
     # Sign the input file using the specified private key and capture signature from STDOUT
     #
-    Process = subprocess.Popen('%s smime -sign -binary -signer "%s" -outform DER -md sha256 -certfile "%s"' % (OpenSslCommand, args.SignerPrivateCertFileName, args.OtherPublicCertFileName), stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+    Process = subprocess.Popen('%s smime -sign -binary -signer "%s" -outform DER -md sha256 -certfile "%s"' % (OpenSslCommand, args.SignerPrivateCertFileName, args.OtherPublicCertFileName), stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
     Signature = Process.communicate(input=FullInputFileBuffer)[0]
     if Process.returncode <> 0:
       sys.exit(Process.returncode)
 
     #
@@ -270,11 +270,11 @@ if __name__ == '__main__':
     open(args.OutputFileName, 'wb').write(FullInputFileBuffer)
 
     #
     # Verify signature
     #
-    Process = subprocess.Popen('%s smime -verify -inform DER -content %s -CAfile %s' % (OpenSslCommand, args.OutputFileName, args.TrustedPublicCertFileName), stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+    Process = subprocess.Popen('%s smime -verify -inform DER -content %s -CAfile %s' % (OpenSslCommand, args.OutputFileName, args.TrustedPublicCertFileName), stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
     Process.communicate(input=args.SignatureBuffer)[0]
     if Process.returncode <> 0:
       print 'ERROR: Verification failed'
       os.remove (args.OutputFileName)
       sys.exit(Process.returncode)
diff --git a/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256GenerateKeys.py b/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256GenerateKeys.py
index 2dd6c20..df2d989 100644
--- a/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256GenerateKeys.py
+++ b/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256GenerateKeys.py
@@ -96,11 +96,11 @@ if __name__ == '__main__':
       Item.close()
 
       #
       # Generate private key and save it to output file in a PEM file format
       #
-      Process = subprocess.Popen('%s genrsa -out %s 2048' % (OpenSslCommand, Item.name), stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+      Process = subprocess.Popen('%s genrsa -out %s 2048' % (OpenSslCommand, Item.name), stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
       Process.communicate()
       if Process.returncode <> 0:
         print 'ERROR: RSA 2048 key generation failed'
         sys.exit(Process.returncode)
       
@@ -118,11 +118,11 @@ if __name__ == '__main__':
   PublicKeyHash = ''
   for Item in args.PemFileName:
     #
     # Extract public key from private key into STDOUT
     #
-    Process = subprocess.Popen('%s rsa -in %s -modulus -noout' % (OpenSslCommand, Item), stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+    Process = subprocess.Popen('%s rsa -in %s -modulus -noout' % (OpenSslCommand, Item), stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
     PublicKeyHexString = Process.communicate()[0].split('=')[1].strip()
     if Process.returncode <> 0:
       print 'ERROR: Unable to extract public key from private key'
       sys.exit(Process.returncode)
     PublicKey = ''
@@ -130,11 +130,11 @@ if __name__ == '__main__':
       PublicKey = PublicKey + chr(int(PublicKeyHexString[Index:Index + 2], 16))
 
     #
     # Generate SHA 256 hash of RSA 2048 bit public key into STDOUT
     #
-    Process = subprocess.Popen('%s dgst -sha256 -binary' % (OpenSslCommand), stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+    Process = subprocess.Popen('%s dgst -sha256 -binary' % (OpenSslCommand), stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
     Process.stdin.write (PublicKey)
     PublicKeyHash = PublicKeyHash + Process.communicate()[0]
     if Process.returncode <> 0:
       print 'ERROR: Unable to extract SHA 256 hash of public key'
       sys.exit(Process.returncode)
diff --git a/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py b/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py
index 952583c..4367194 100644
--- a/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py
+++ b/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py
@@ -146,11 +146,11 @@ if __name__ == '__main__':
       sys.exit(1)
 
   #
   # Extract public key from private key into STDOUT
   #
-  Process = subprocess.Popen('%s rsa -in "%s" -modulus -noout' % (OpenSslCommand, args.PrivateKeyFileName), stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+  Process = subprocess.Popen('%s rsa -in "%s" -modulus -noout' % (OpenSslCommand, args.PrivateKeyFileName), stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
   PublicKeyHexString = Process.communicate()[0].split('=')[1].strip()
   PublicKey = ''
   while len(PublicKeyHexString) > 0:
     PublicKey = PublicKey + chr(int(PublicKeyHexString[0:2],16))
     PublicKeyHexString=PublicKeyHexString[2:]
@@ -172,11 +172,11 @@ if __name__ == '__main__':
       format = "%dsQ" % len(args.InputFileBuffer)
       FullInputFileBuffer = struct.pack(format, args.InputFileBuffer, args.MonotonicCountValue)
     # 
     # Sign the input file using the specified private key and capture signature from STDOUT
     #
-    Process = subprocess.Popen('%s sha256 -sign "%s"' % (OpenSslCommand, args.PrivateKeyFileName), stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+    Process = subprocess.Popen('%s sha256 -sign "%s"' % (OpenSslCommand, args.PrivateKeyFileName), stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
     Signature = Process.communicate(input=FullInputFileBuffer)[0]
     if Process.returncode <> 0:
       sys.exit(Process.returncode)
       
     #
@@ -221,11 +221,11 @@ if __name__ == '__main__':
     open(args.OutputFileName, 'wb').write(Header.Signature)
       
     #
     # Verify signature
     #    
-    Process = subprocess.Popen('%s sha256 -prverify "%s" -signature %s' % (OpenSslCommand, args.PrivateKeyFileName, args.OutputFileName), stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+    Process = subprocess.Popen('%s sha256 -prverify "%s" -signature %s' % (OpenSslCommand, args.PrivateKeyFileName, args.OutputFileName), stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
     Process.communicate(input=FullInputFileBuffer)
     if Process.returncode <> 0:
       print 'ERROR: Verification failed'
       os.remove (args.OutputFileName)
       sys.exit(Process.returncode)
-- 
2.6.1.windows.1



^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [Patch] BaseTools: Update Pkcs7 and RSA2048 tool with shell=True
  2017-03-28  9:37 [Patch] BaseTools: Update Pkcs7 and RSA2048 tool with shell=True Yonghong Zhu
@ 2017-03-29  7:29 ` Gao, Liming
  0 siblings, 0 replies; 2+ messages in thread
From: Gao, Liming @ 2017-03-29  7:29 UTC (permalink / raw)
  To: Zhu, Yonghong, edk2-devel@lists.01.org

Reviewed-by: Liming Gao <liming.gao@intel.com>

> -----Original Message-----
> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Yonghong Zhu
> Sent: Tuesday, March 28, 2017 5:38 PM
> To: edk2-devel@lists.01.org
> Cc: Gao, Liming <liming.gao@intel.com>
> Subject: [edk2] [Patch] BaseTools: Update Pkcs7 and RSA2048 tool with shell=True
> 
> Pkcs7Sign, Rsa2048Sha256Sign and Rsa2048Sha256GenerateKeys doesn't work
> on Linux. It needs to be changed with shell=True.
> 
> Cc: Liming Gao <liming.gao@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Yonghong Zhu <yonghong.zhu@intel.com>
> ---
>  BaseTools/Source/Python/Pkcs7Sign/Pkcs7Sign.py                      | 4 ++--
>  .../Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256GenerateKeys.py    | 6 +++---
>  BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py      | 6 +++---
>  3 files changed, 8 insertions(+), 8 deletions(-)
> 
> diff --git a/BaseTools/Source/Python/Pkcs7Sign/Pkcs7Sign.py b/BaseTools/Source/Python/Pkcs7Sign/Pkcs7Sign.py
> index 6412587..ef79f80 100644
> --- a/BaseTools/Source/Python/Pkcs7Sign/Pkcs7Sign.py
> +++ b/BaseTools/Source/Python/Pkcs7Sign/Pkcs7Sign.py
> @@ -201,11 +201,11 @@ if __name__ == '__main__':
>      FullInputFileBuffer = struct.pack(format, args.InputFileBuffer, args.MonotonicCountValue)
> 
>      #
>      # Sign the input file using the specified private key and capture signature from STDOUT
>      #
> -    Process = subprocess.Popen('%s smime -sign -binary -signer "%s" -outform DER -md sha256 -certfile "%s"' % (OpenSslCommand,
> args.SignerPrivateCertFileName, args.OtherPublicCertFileName), stdin=subprocess.PIPE, stdout=subprocess.PIPE,
> stderr=subprocess.PIPE)
> +    Process = subprocess.Popen('%s smime -sign -binary -signer "%s" -outform DER -md sha256 -certfile "%s"' % (OpenSslCommand,
> args.SignerPrivateCertFileName, args.OtherPublicCertFileName), stdin=subprocess.PIPE, stdout=subprocess.PIPE,
> stderr=subprocess.PIPE, shell=True)
>      Signature = Process.communicate(input=FullInputFileBuffer)[0]
>      if Process.returncode <> 0:
>        sys.exit(Process.returncode)
> 
>      #
> @@ -270,11 +270,11 @@ if __name__ == '__main__':
>      open(args.OutputFileName, 'wb').write(FullInputFileBuffer)
> 
>      #
>      # Verify signature
>      #
> -    Process = subprocess.Popen('%s smime -verify -inform DER -content %s -CAfile %s' % (OpenSslCommand, args.OutputFileName,
> args.TrustedPublicCertFileName), stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
> +    Process = subprocess.Popen('%s smime -verify -inform DER -content %s -CAfile %s' % (OpenSslCommand, args.OutputFileName,
> args.TrustedPublicCertFileName), stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
>      Process.communicate(input=args.SignatureBuffer)[0]
>      if Process.returncode <> 0:
>        print 'ERROR: Verification failed'
>        os.remove (args.OutputFileName)
>        sys.exit(Process.returncode)
> diff --git a/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256GenerateKeys.py
> b/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256GenerateKeys.py
> index 2dd6c20..df2d989 100644
> --- a/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256GenerateKeys.py
> +++ b/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256GenerateKeys.py
> @@ -96,11 +96,11 @@ if __name__ == '__main__':
>        Item.close()
> 
>        #
>        # Generate private key and save it to output file in a PEM file format
>        #
> -      Process = subprocess.Popen('%s genrsa -out %s 2048' % (OpenSslCommand, Item.name), stdout=subprocess.PIPE,
> stderr=subprocess.PIPE)
> +      Process = subprocess.Popen('%s genrsa -out %s 2048' % (OpenSslCommand, Item.name), stdout=subprocess.PIPE,
> stderr=subprocess.PIPE, shell=True)
>        Process.communicate()
>        if Process.returncode <> 0:
>          print 'ERROR: RSA 2048 key generation failed'
>          sys.exit(Process.returncode)
> 
> @@ -118,11 +118,11 @@ if __name__ == '__main__':
>    PublicKeyHash = ''
>    for Item in args.PemFileName:
>      #
>      # Extract public key from private key into STDOUT
>      #
> -    Process = subprocess.Popen('%s rsa -in %s -modulus -noout' % (OpenSslCommand, Item), stdout=subprocess.PIPE,
> stderr=subprocess.PIPE)
> +    Process = subprocess.Popen('%s rsa -in %s -modulus -noout' % (OpenSslCommand, Item), stdout=subprocess.PIPE,
> stderr=subprocess.PIPE, shell=True)
>      PublicKeyHexString = Process.communicate()[0].split('=')[1].strip()
>      if Process.returncode <> 0:
>        print 'ERROR: Unable to extract public key from private key'
>        sys.exit(Process.returncode)
>      PublicKey = ''
> @@ -130,11 +130,11 @@ if __name__ == '__main__':
>        PublicKey = PublicKey + chr(int(PublicKeyHexString[Index:Index + 2], 16))
> 
>      #
>      # Generate SHA 256 hash of RSA 2048 bit public key into STDOUT
>      #
> -    Process = subprocess.Popen('%s dgst -sha256 -binary' % (OpenSslCommand), stdin=subprocess.PIPE, stdout=subprocess.PIPE,
> stderr=subprocess.PIPE)
> +    Process = subprocess.Popen('%s dgst -sha256 -binary' % (OpenSslCommand), stdin=subprocess.PIPE, stdout=subprocess.PIPE,
> stderr=subprocess.PIPE, shell=True)
>      Process.stdin.write (PublicKey)
>      PublicKeyHash = PublicKeyHash + Process.communicate()[0]
>      if Process.returncode <> 0:
>        print 'ERROR: Unable to extract SHA 256 hash of public key'
>        sys.exit(Process.returncode)
> diff --git a/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py
> b/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py
> index 952583c..4367194 100644
> --- a/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py
> +++ b/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py
> @@ -146,11 +146,11 @@ if __name__ == '__main__':
>        sys.exit(1)
> 
>    #
>    # Extract public key from private key into STDOUT
>    #
> -  Process = subprocess.Popen('%s rsa -in "%s" -modulus -noout' % (OpenSslCommand, args.PrivateKeyFileName),
> stdout=subprocess.PIPE, stderr=subprocess.PIPE)
> +  Process = subprocess.Popen('%s rsa -in "%s" -modulus -noout' % (OpenSslCommand, args.PrivateKeyFileName),
> stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
>    PublicKeyHexString = Process.communicate()[0].split('=')[1].strip()
>    PublicKey = ''
>    while len(PublicKeyHexString) > 0:
>      PublicKey = PublicKey + chr(int(PublicKeyHexString[0:2],16))
>      PublicKeyHexString=PublicKeyHexString[2:]
> @@ -172,11 +172,11 @@ if __name__ == '__main__':
>        format = "%dsQ" % len(args.InputFileBuffer)
>        FullInputFileBuffer = struct.pack(format, args.InputFileBuffer, args.MonotonicCountValue)
>      #
>      # Sign the input file using the specified private key and capture signature from STDOUT
>      #
> -    Process = subprocess.Popen('%s sha256 -sign "%s"' % (OpenSslCommand, args.PrivateKeyFileName), stdin=subprocess.PIPE,
> stdout=subprocess.PIPE, stderr=subprocess.PIPE)
> +    Process = subprocess.Popen('%s sha256 -sign "%s"' % (OpenSslCommand, args.PrivateKeyFileName), stdin=subprocess.PIPE,
> stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
>      Signature = Process.communicate(input=FullInputFileBuffer)[0]
>      if Process.returncode <> 0:
>        sys.exit(Process.returncode)
> 
>      #
> @@ -221,11 +221,11 @@ if __name__ == '__main__':
>      open(args.OutputFileName, 'wb').write(Header.Signature)
> 
>      #
>      # Verify signature
>      #
> -    Process = subprocess.Popen('%s sha256 -prverify "%s" -signature %s' % (OpenSslCommand, args.PrivateKeyFileName,
> args.OutputFileName), stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
> +    Process = subprocess.Popen('%s sha256 -prverify "%s" -signature %s' % (OpenSslCommand, args.PrivateKeyFileName,
> args.OutputFileName), stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
>      Process.communicate(input=FullInputFileBuffer)
>      if Process.returncode <> 0:
>        print 'ERROR: Verification failed'
>        os.remove (args.OutputFileName)
>        sys.exit(Process.returncode)
> --
> 2.6.1.windows.1
> 
> _______________________________________________
> edk2-devel mailing list
> edk2-devel@lists.01.org
> https://lists.01.org/mailman/listinfo/edk2-devel


^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2017-03-29  7:29 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-03-28  9:37 [Patch] BaseTools: Update Pkcs7 and RSA2048 tool with shell=True Yonghong Zhu
2017-03-29  7:29 ` Gao, Liming

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox