From nobody Mon Apr 29 17:38:34 2024 Delivered-To: importer@patchew.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Authentication-Results: mx.zoho.com; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org; Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1490693865476797.5596821836759; Tue, 28 Mar 2017 02:37:45 -0700 (PDT) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 5EE77200840CE; Tue, 28 Mar 2017 02:37:44 -0700 (PDT) Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 74ADA200840CD for ; Tue, 28 Mar 2017 02:37:42 -0700 (PDT) Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 28 Mar 2017 02:37:42 -0700 Received: from shwdeopenpsi168.ccr.corp.intel.com ([10.239.158.121]) by FMSMGA003.fm.intel.com with ESMTP; 28 Mar 2017 02:37:41 -0700 X-Original-To: edk2-devel@lists.01.org DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=intel.com; i=@intel.com; q=dns/txt; s=intel; t=1490693862; x=1522229862; h=from:to:cc:subject:date:message-id; bh=Rj/cEiVnpf9DsDzClIKuserPOoTpgexIsIpNWbRFWWI=; b=mI9RPS+hOghaZksAazdGTq/rqqGHcvxNwwYUbrqMDkLbawd8aNcFY+Sj jfr8/hAsrJwyspik54qM4WfQnLMRNQ==; X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.36,236,1486454400"; d="scan'208";a="839231662" From: Yonghong Zhu To: edk2-devel@lists.01.org Date: Tue, 28 Mar 2017 17:37:38 +0800 Message-Id: <1490693858-47496-1-git-send-email-yonghong.zhu@intel.com> X-Mailer: git-send-email 2.6.1.windows.1 Subject: [edk2] [Patch] BaseTools: Update Pkcs7 and RSA2048 tool with shell=True X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Liming Gao MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Pkcs7Sign, Rsa2048Sha256Sign and Rsa2048Sha256GenerateKeys doesn't work on Linux. It needs to be changed with shell=3DTrue. Cc: Liming Gao Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Yonghong Zhu Reviewed-by: Liming Gao --- BaseTools/Source/Python/Pkcs7Sign/Pkcs7Sign.py | 4 ++= -- .../Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256GenerateKeys.py | 6 ++= +--- BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py | 6 ++= +--- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/BaseTools/Source/Python/Pkcs7Sign/Pkcs7Sign.py b/BaseTools/Sou= rce/Python/Pkcs7Sign/Pkcs7Sign.py index 6412587..ef79f80 100644 --- a/BaseTools/Source/Python/Pkcs7Sign/Pkcs7Sign.py +++ b/BaseTools/Source/Python/Pkcs7Sign/Pkcs7Sign.py @@ -201,11 +201,11 @@ if __name__ =3D=3D '__main__': FullInputFileBuffer =3D struct.pack(format, args.InputFileBuffer, args= .MonotonicCountValue) =20 # # Sign the input file using the specified private key and capture sign= ature from STDOUT # - Process =3D subprocess.Popen('%s smime -sign -binary -signer "%s" -out= form DER -md sha256 -certfile "%s"' % (OpenSslCommand, args.SignerPrivateCe= rtFileName, args.OtherPublicCertFileName), stdin=3Dsubprocess.PIPE, stdout= =3Dsubprocess.PIPE, stderr=3Dsubprocess.PIPE) + Process =3D subprocess.Popen('%s smime -sign -binary -signer "%s" -out= form DER -md sha256 -certfile "%s"' % (OpenSslCommand, args.SignerPrivateCe= rtFileName, args.OtherPublicCertFileName), stdin=3Dsubprocess.PIPE, stdout= =3Dsubprocess.PIPE, stderr=3Dsubprocess.PIPE, shell=3DTrue) Signature =3D Process.communicate(input=3DFullInputFileBuffer)[0] if Process.returncode <> 0: sys.exit(Process.returncode) =20 # @@ -270,11 +270,11 @@ if __name__ =3D=3D '__main__': open(args.OutputFileName, 'wb').write(FullInputFileBuffer) =20 # # Verify signature # - Process =3D subprocess.Popen('%s smime -verify -inform DER -content %s= -CAfile %s' % (OpenSslCommand, args.OutputFileName, args.TrustedPublicCert= FileName), stdin=3Dsubprocess.PIPE, stdout=3Dsubprocess.PIPE, stderr=3Dsubp= rocess.PIPE) + Process =3D subprocess.Popen('%s smime -verify -inform DER -content %s= -CAfile %s' % (OpenSslCommand, args.OutputFileName, args.TrustedPublicCert= FileName), stdin=3Dsubprocess.PIPE, stdout=3Dsubprocess.PIPE, stderr=3Dsubp= rocess.PIPE, shell=3DTrue) Process.communicate(input=3Dargs.SignatureBuffer)[0] if Process.returncode <> 0: print 'ERROR: Verification failed' os.remove (args.OutputFileName) sys.exit(Process.returncode) diff --git a/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Generat= eKeys.py b/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256GenerateK= eys.py index 2dd6c20..df2d989 100644 --- a/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256GenerateKeys.py +++ b/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256GenerateKeys.py @@ -96,11 +96,11 @@ if __name__ =3D=3D '__main__': Item.close() =20 # # Generate private key and save it to output file in a PEM file form= at # - Process =3D subprocess.Popen('%s genrsa -out %s 2048' % (OpenSslComm= and, Item.name), stdout=3Dsubprocess.PIPE, stderr=3Dsubprocess.PIPE) + Process =3D subprocess.Popen('%s genrsa -out %s 2048' % (OpenSslComm= and, Item.name), stdout=3Dsubprocess.PIPE, stderr=3Dsubprocess.PIPE, shell= =3DTrue) Process.communicate() if Process.returncode <> 0: print 'ERROR: RSA 2048 key generation failed' sys.exit(Process.returncode) =20 @@ -118,11 +118,11 @@ if __name__ =3D=3D '__main__': PublicKeyHash =3D '' for Item in args.PemFileName: # # Extract public key from private key into STDOUT # - Process =3D subprocess.Popen('%s rsa -in %s -modulus -noout' % (OpenSs= lCommand, Item), stdout=3Dsubprocess.PIPE, stderr=3Dsubprocess.PIPE) + Process =3D subprocess.Popen('%s rsa -in %s -modulus -noout' % (OpenSs= lCommand, Item), stdout=3Dsubprocess.PIPE, stderr=3Dsubprocess.PIPE, shell= =3DTrue) PublicKeyHexString =3D Process.communicate()[0].split('=3D')[1].strip() if Process.returncode <> 0: print 'ERROR: Unable to extract public key from private key' sys.exit(Process.returncode) PublicKey =3D '' @@ -130,11 +130,11 @@ if __name__ =3D=3D '__main__': PublicKey =3D PublicKey + chr(int(PublicKeyHexString[Index:Index + 2= ], 16)) =20 # # Generate SHA 256 hash of RSA 2048 bit public key into STDOUT # - Process =3D subprocess.Popen('%s dgst -sha256 -binary' % (OpenSslComma= nd), stdin=3Dsubprocess.PIPE, stdout=3Dsubprocess.PIPE, stderr=3Dsubprocess= .PIPE) + Process =3D subprocess.Popen('%s dgst -sha256 -binary' % (OpenSslComma= nd), stdin=3Dsubprocess.PIPE, stdout=3Dsubprocess.PIPE, stderr=3Dsubprocess= .PIPE, shell=3DTrue) Process.stdin.write (PublicKey) PublicKeyHash =3D PublicKeyHash + Process.communicate()[0] if Process.returncode <> 0: print 'ERROR: Unable to extract SHA 256 hash of public key' sys.exit(Process.returncode) diff --git a/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py= b/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py index 952583c..4367194 100644 --- a/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py +++ b/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py @@ -146,11 +146,11 @@ if __name__ =3D=3D '__main__': sys.exit(1) =20 # # Extract public key from private key into STDOUT # - Process =3D subprocess.Popen('%s rsa -in "%s" -modulus -noout' % (OpenSs= lCommand, args.PrivateKeyFileName), stdout=3Dsubprocess.PIPE, stderr=3Dsubp= rocess.PIPE) + Process =3D subprocess.Popen('%s rsa -in "%s" -modulus -noout' % (OpenSs= lCommand, args.PrivateKeyFileName), stdout=3Dsubprocess.PIPE, stderr=3Dsubp= rocess.PIPE, shell=3DTrue) PublicKeyHexString =3D Process.communicate()[0].split('=3D')[1].strip() PublicKey =3D '' while len(PublicKeyHexString) > 0: PublicKey =3D PublicKey + chr(int(PublicKeyHexString[0:2],16)) PublicKeyHexString=3DPublicKeyHexString[2:] @@ -172,11 +172,11 @@ if __name__ =3D=3D '__main__': format =3D "%dsQ" % len(args.InputFileBuffer) FullInputFileBuffer =3D struct.pack(format, args.InputFileBuffer, ar= gs.MonotonicCountValue) #=20 # Sign the input file using the specified private key and capture sign= ature from STDOUT # - Process =3D subprocess.Popen('%s sha256 -sign "%s"' % (OpenSslCommand,= args.PrivateKeyFileName), stdin=3Dsubprocess.PIPE, stdout=3Dsubprocess.PIP= E, stderr=3Dsubprocess.PIPE) + Process =3D subprocess.Popen('%s sha256 -sign "%s"' % (OpenSslCommand,= args.PrivateKeyFileName), stdin=3Dsubprocess.PIPE, stdout=3Dsubprocess.PIP= E, stderr=3Dsubprocess.PIPE, shell=3DTrue) Signature =3D Process.communicate(input=3DFullInputFileBuffer)[0] if Process.returncode <> 0: sys.exit(Process.returncode) =20 # @@ -221,11 +221,11 @@ if __name__ =3D=3D '__main__': open(args.OutputFileName, 'wb').write(Header.Signature) =20 # # Verify signature # =20 - Process =3D subprocess.Popen('%s sha256 -prverify "%s" -signature %s' = % (OpenSslCommand, args.PrivateKeyFileName, args.OutputFileName), stdin=3Ds= ubprocess.PIPE, stdout=3Dsubprocess.PIPE, stderr=3Dsubprocess.PIPE) + Process =3D subprocess.Popen('%s sha256 -prverify "%s" -signature %s' = % (OpenSslCommand, args.PrivateKeyFileName, args.OutputFileName), stdin=3Ds= ubprocess.PIPE, stdout=3Dsubprocess.PIPE, stderr=3Dsubprocess.PIPE, shell= =3DTrue) Process.communicate(input=3DFullInputFileBuffer) if Process.returncode <> 0: print 'ERROR: Verification failed' os.remove (args.OutputFileName) sys.exit(Process.returncode) --=20 2.6.1.windows.1 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel