From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 54A5F20D2C3B9 for ; Wed, 29 Mar 2017 00:29:40 -0700 (PDT) Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by fmsmga105.fm.intel.com with ESMTP; 29 Mar 2017 00:29:39 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.36,240,1486454400"; d="scan'208";a="82187986" Received: from fmsmsx104.amr.corp.intel.com ([10.18.124.202]) by fmsmga006.fm.intel.com with ESMTP; 29 Mar 2017 00:29:39 -0700 Received: from FMSMSX109.amr.corp.intel.com (10.18.116.9) by fmsmsx104.amr.corp.intel.com (10.18.124.202) with Microsoft SMTP Server (TLS) id 14.3.319.2; Wed, 29 Mar 2017 00:29:38 -0700 Received: from shsmsx103.ccr.corp.intel.com (10.239.4.69) by fmsmsx109.amr.corp.intel.com (10.18.116.9) with Microsoft SMTP Server (TLS) id 14.3.319.2; Wed, 29 Mar 2017 00:29:37 -0700 Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.212]) by SHSMSX103.ccr.corp.intel.com ([169.254.4.253]) with mapi id 14.03.0248.002; Wed, 29 Mar 2017 15:29:36 +0800 From: "Gao, Liming" To: "Zhu, Yonghong" , "edk2-devel@lists.01.org" Thread-Topic: [edk2] [Patch] BaseTools: Update Pkcs7 and RSA2048 tool with shell=True Thread-Index: AQHSp6cC9SnIs5qab0qqpWtsh5Vn26GrbRyg Date: Wed, 29 Mar 2017 07:29:35 +0000 Message-ID: <4A89E2EF3DFEDB4C8BFDE51014F606A14D706036@shsmsx102.ccr.corp.intel.com> References: <1490693858-47496-1-git-send-email-yonghong.zhu@intel.com> In-Reply-To: <1490693858-47496-1-git-send-email-yonghong.zhu@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: [Patch] BaseTools: Update Pkcs7 and RSA2048 tool with shell=True X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Mar 2017 07:29:40 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Liming Gao > -----Original Message----- > From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Yo= nghong Zhu > Sent: Tuesday, March 28, 2017 5:38 PM > To: edk2-devel@lists.01.org > Cc: Gao, Liming > Subject: [edk2] [Patch] BaseTools: Update Pkcs7 and RSA2048 tool with she= ll=3DTrue >=20 > Pkcs7Sign, Rsa2048Sha256Sign and Rsa2048Sha256GenerateKeys doesn't work > on Linux. It needs to be changed with shell=3DTrue. >=20 > Cc: Liming Gao > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Yonghong Zhu > --- > BaseTools/Source/Python/Pkcs7Sign/Pkcs7Sign.py | 4 = ++-- > .../Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256GenerateKeys.py | 6 = +++--- > BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py | 6 = +++--- > 3 files changed, 8 insertions(+), 8 deletions(-) >=20 > diff --git a/BaseTools/Source/Python/Pkcs7Sign/Pkcs7Sign.py b/BaseTools/S= ource/Python/Pkcs7Sign/Pkcs7Sign.py > index 6412587..ef79f80 100644 > --- a/BaseTools/Source/Python/Pkcs7Sign/Pkcs7Sign.py > +++ b/BaseTools/Source/Python/Pkcs7Sign/Pkcs7Sign.py > @@ -201,11 +201,11 @@ if __name__ =3D=3D '__main__': > FullInputFileBuffer =3D struct.pack(format, args.InputFileBuffer, ar= gs.MonotonicCountValue) >=20 > # > # Sign the input file using the specified private key and capture si= gnature from STDOUT > # > - Process =3D subprocess.Popen('%s smime -sign -binary -signer "%s" -o= utform DER -md sha256 -certfile "%s"' % (OpenSslCommand, > args.SignerPrivateCertFileName, args.OtherPublicCertFileName), stdin=3Dsu= bprocess.PIPE, stdout=3Dsubprocess.PIPE, > stderr=3Dsubprocess.PIPE) > + Process =3D subprocess.Popen('%s smime -sign -binary -signer "%s" -o= utform DER -md sha256 -certfile "%s"' % (OpenSslCommand, > args.SignerPrivateCertFileName, args.OtherPublicCertFileName), stdin=3Dsu= bprocess.PIPE, stdout=3Dsubprocess.PIPE, > stderr=3Dsubprocess.PIPE, shell=3DTrue) > Signature =3D Process.communicate(input=3DFullInputFileBuffer)[0] > if Process.returncode <> 0: > sys.exit(Process.returncode) >=20 > # > @@ -270,11 +270,11 @@ if __name__ =3D=3D '__main__': > open(args.OutputFileName, 'wb').write(FullInputFileBuffer) >=20 > # > # Verify signature > # > - Process =3D subprocess.Popen('%s smime -verify -inform DER -content = %s -CAfile %s' % (OpenSslCommand, args.OutputFileName, > args.TrustedPublicCertFileName), stdin=3Dsubprocess.PIPE, stdout=3Dsubpro= cess.PIPE, stderr=3Dsubprocess.PIPE) > + Process =3D subprocess.Popen('%s smime -verify -inform DER -content = %s -CAfile %s' % (OpenSslCommand, args.OutputFileName, > args.TrustedPublicCertFileName), stdin=3Dsubprocess.PIPE, stdout=3Dsubpro= cess.PIPE, stderr=3Dsubprocess.PIPE, shell=3DTrue) > Process.communicate(input=3Dargs.SignatureBuffer)[0] > if Process.returncode <> 0: > print 'ERROR: Verification failed' > os.remove (args.OutputFileName) > sys.exit(Process.returncode) > diff --git a/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Gener= ateKeys.py > b/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256GenerateKeys.py > index 2dd6c20..df2d989 100644 > --- a/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256GenerateKeys= .py > +++ b/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256GenerateKeys= .py > @@ -96,11 +96,11 @@ if __name__ =3D=3D '__main__': > Item.close() >=20 > # > # Generate private key and save it to output file in a PEM file fo= rmat > # > - Process =3D subprocess.Popen('%s genrsa -out %s 2048' % (OpenSslCo= mmand, Item.name), stdout=3Dsubprocess.PIPE, > stderr=3Dsubprocess.PIPE) > + Process =3D subprocess.Popen('%s genrsa -out %s 2048' % (OpenSslCo= mmand, Item.name), stdout=3Dsubprocess.PIPE, > stderr=3Dsubprocess.PIPE, shell=3DTrue) > Process.communicate() > if Process.returncode <> 0: > print 'ERROR: RSA 2048 key generation failed' > sys.exit(Process.returncode) >=20 > @@ -118,11 +118,11 @@ if __name__ =3D=3D '__main__': > PublicKeyHash =3D '' > for Item in args.PemFileName: > # > # Extract public key from private key into STDOUT > # > - Process =3D subprocess.Popen('%s rsa -in %s -modulus -noout' % (Open= SslCommand, Item), stdout=3Dsubprocess.PIPE, > stderr=3Dsubprocess.PIPE) > + Process =3D subprocess.Popen('%s rsa -in %s -modulus -noout' % (Open= SslCommand, Item), stdout=3Dsubprocess.PIPE, > stderr=3Dsubprocess.PIPE, shell=3DTrue) > PublicKeyHexString =3D Process.communicate()[0].split('=3D')[1].stri= p() > if Process.returncode <> 0: > print 'ERROR: Unable to extract public key from private key' > sys.exit(Process.returncode) > PublicKey =3D '' > @@ -130,11 +130,11 @@ if __name__ =3D=3D '__main__': > PublicKey =3D PublicKey + chr(int(PublicKeyHexString[Index:Index += 2], 16)) >=20 > # > # Generate SHA 256 hash of RSA 2048 bit public key into STDOUT > # > - Process =3D subprocess.Popen('%s dgst -sha256 -binary' % (OpenSslCom= mand), stdin=3Dsubprocess.PIPE, stdout=3Dsubprocess.PIPE, > stderr=3Dsubprocess.PIPE) > + Process =3D subprocess.Popen('%s dgst -sha256 -binary' % (OpenSslCom= mand), stdin=3Dsubprocess.PIPE, stdout=3Dsubprocess.PIPE, > stderr=3Dsubprocess.PIPE, shell=3DTrue) > Process.stdin.write (PublicKey) > PublicKeyHash =3D PublicKeyHash + Process.communicate()[0] > if Process.returncode <> 0: > print 'ERROR: Unable to extract SHA 256 hash of public key' > sys.exit(Process.returncode) > diff --git a/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.= py > b/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py > index 952583c..4367194 100644 > --- a/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py > +++ b/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py > @@ -146,11 +146,11 @@ if __name__ =3D=3D '__main__': > sys.exit(1) >=20 > # > # Extract public key from private key into STDOUT > # > - Process =3D subprocess.Popen('%s rsa -in "%s" -modulus -noout' % (Open= SslCommand, args.PrivateKeyFileName), > stdout=3Dsubprocess.PIPE, stderr=3Dsubprocess.PIPE) > + Process =3D subprocess.Popen('%s rsa -in "%s" -modulus -noout' % (Open= SslCommand, args.PrivateKeyFileName), > stdout=3Dsubprocess.PIPE, stderr=3Dsubprocess.PIPE, shell=3DTrue) > PublicKeyHexString =3D Process.communicate()[0].split('=3D')[1].strip(= ) > PublicKey =3D '' > while len(PublicKeyHexString) > 0: > PublicKey =3D PublicKey + chr(int(PublicKeyHexString[0:2],16)) > PublicKeyHexString=3DPublicKeyHexString[2:] > @@ -172,11 +172,11 @@ if __name__ =3D=3D '__main__': > format =3D "%dsQ" % len(args.InputFileBuffer) > FullInputFileBuffer =3D struct.pack(format, args.InputFileBuffer, = args.MonotonicCountValue) > # > # Sign the input file using the specified private key and capture si= gnature from STDOUT > # > - Process =3D subprocess.Popen('%s sha256 -sign "%s"' % (OpenSslComman= d, args.PrivateKeyFileName), stdin=3Dsubprocess.PIPE, > stdout=3Dsubprocess.PIPE, stderr=3Dsubprocess.PIPE) > + Process =3D subprocess.Popen('%s sha256 -sign "%s"' % (OpenSslComman= d, args.PrivateKeyFileName), stdin=3Dsubprocess.PIPE, > stdout=3Dsubprocess.PIPE, stderr=3Dsubprocess.PIPE, shell=3DTrue) > Signature =3D Process.communicate(input=3DFullInputFileBuffer)[0] > if Process.returncode <> 0: > sys.exit(Process.returncode) >=20 > # > @@ -221,11 +221,11 @@ if __name__ =3D=3D '__main__': > open(args.OutputFileName, 'wb').write(Header.Signature) >=20 > # > # Verify signature > # > - Process =3D subprocess.Popen('%s sha256 -prverify "%s" -signature %s= ' % (OpenSslCommand, args.PrivateKeyFileName, > args.OutputFileName), stdin=3Dsubprocess.PIPE, stdout=3Dsubprocess.PIPE, = stderr=3Dsubprocess.PIPE) > + Process =3D subprocess.Popen('%s sha256 -prverify "%s" -signature %s= ' % (OpenSslCommand, args.PrivateKeyFileName, > args.OutputFileName), stdin=3Dsubprocess.PIPE, stdout=3Dsubprocess.PIPE, = stderr=3Dsubprocess.PIPE, shell=3DTrue) > Process.communicate(input=3DFullInputFileBuffer) > if Process.returncode <> 0: > print 'ERROR: Verification failed' > os.remove (args.OutputFileName) > sys.exit(Process.returncode) > -- > 2.6.1.windows.1 >=20 > _______________________________________________ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel