1*597bd30bSMike Kupfer#!/bin/ksh 2*597bd30bSMike Kupfer# 3*597bd30bSMike Kupfer# CDDL HEADER START 4*597bd30bSMike Kupfer# 5*597bd30bSMike Kupfer# The contents of this file are subject to the terms of the 6*597bd30bSMike Kupfer# Common Development and Distribution License (the "License"). 7*597bd30bSMike Kupfer# You may not use this file except in compliance with the License. 8*597bd30bSMike Kupfer# 9*597bd30bSMike Kupfer# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10*597bd30bSMike Kupfer# or http://www.opensolaris.org/os/licensing. 11*597bd30bSMike Kupfer# See the License for the specific language governing permissions 12*597bd30bSMike Kupfer# and limitations under the License. 13*597bd30bSMike Kupfer# 14*597bd30bSMike Kupfer# When distributing Covered Code, include this CDDL HEADER in each 15*597bd30bSMike Kupfer# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16*597bd30bSMike Kupfer# If applicable, add the following below this CDDL HEADER, with the 17*597bd30bSMike Kupfer# fields enclosed by brackets "[]" replaced with your own identifying 18*597bd30bSMike Kupfer# information: Portions Copyright [yyyy] [name of copyright owner] 19*597bd30bSMike Kupfer# 20*597bd30bSMike Kupfer# CDDL HEADER END 21*597bd30bSMike Kupfer# 22*597bd30bSMike Kupfer 23*597bd30bSMike Kupfer# 24*597bd30bSMike Kupfer# Copyright 2010 Sun Microsystems, Inc. All rights reserved. 25*597bd30bSMike Kupfer# Use is subject to license terms. 26*597bd30bSMike Kupfer# 27*597bd30bSMike Kupfer 28*597bd30bSMike Kupfer# findcrypto cred_file 29*597bd30bSMike Kupfer# 30*597bd30bSMike Kupfer# Utility to find cryptographic modules in the proto area. Prints out 31*597bd30bSMike Kupfer# one line for each binary, using the form 32*597bd30bSMike Kupfer# 33*597bd30bSMike Kupfer# cred path 34*597bd30bSMike Kupfer# 35*597bd30bSMike Kupfer# where "path" identifies the binary (relative to $ROOT), and "cred" 36*597bd30bSMike Kupfer# says how the binary should get signed. 37*597bd30bSMike Kupfer# 38*597bd30bSMike Kupfer# The cred_file argument is the same as for signproto.sh. 39*597bd30bSMike Kupfer# 40*597bd30bSMike Kupfer 41*597bd30bSMike Kupfer# Directories in proto area that may contain crypto objects 42*597bd30bSMike KupferDIRS="platform kernel usr/lib/security" 43*597bd30bSMike Kupfer 44*597bd30bSMike Kupfer# Read list of credentials and regular expressions 45*597bd30bSMike Kupfern=0 46*597bd30bSMike Kupfergrep -v "^#" $1 | while read c r 47*597bd30bSMike Kupferdo 48*597bd30bSMike Kupfer cred[$n]=$c 49*597bd30bSMike Kupfer regex[$n]=$r 50*597bd30bSMike Kupfer (( n = n + 1 )) 51*597bd30bSMike Kupferdone 52*597bd30bSMike Kupfer 53*597bd30bSMike Kupfer# Search proto area for crypto modules 54*597bd30bSMike Kupfercd $ROOT 55*597bd30bSMike Kupferfind $DIRS -type f -print | while read f; do 56*597bd30bSMike Kupfer s=`elfsign list -f signer -e $f 2>/dev/null` 57*597bd30bSMike Kupfer if [[ $? != 0 ]]; then 58*597bd30bSMike Kupfer continue 59*597bd30bSMike Kupfer fi 60*597bd30bSMike Kupfer # Determine credential based on signature 61*597bd30bSMike Kupfer i=0 62*597bd30bSMike Kupfer while [[ i -lt n ]]; do 63*597bd30bSMike Kupfer if expr "$s" : ".*${regex[i]}" >/dev/null; then 64*597bd30bSMike Kupfer echo "${cred[i]} $f" 65*597bd30bSMike Kupfer break 66*597bd30bSMike Kupfer fi 67*597bd30bSMike Kupfer (( i = i + 1 )) 68*597bd30bSMike Kupfer done 69*597bd30bSMike Kupferdone 70*597bd30bSMike Kupfer 71*597bd30bSMike Kupferexit 0 72