Common Data Security Architecture (CDSA) White Paper

Common Security Services Manager (CSSM) APICommon Security Services Manager (CSSM)API

The Common Security Services Manager (CSSM) provides the general-purpose core services of the CDSA and operates on behalf of its libraries and add-in modules, such as the cryptographic service provider (CSP) or certificate library (CL). The CSSM APIs support modules with functions to install and uninstall modules, dynamically select and load modules, and query modules about features and status.

System administration utilities use CSSM install and uninstall functions to maintain add-in modules on a local system. A module might implement a range of services across the CSSM APIs or restrict its purpose to a single CSSM category of service (for example, certificate library services only).

The CSSM is designed for add-in modules to be attached by means of an assigned, Globally Unique ID (GUID) with a set of descriptive attributes. Applications attach the module by specifying the module’s GUID. The attach function returns a handle representing a unique pairing between the caller and the attached module. This handle is then used as an input parameter when requesting services from the attached module; that is, CSSM uses the handle to match the caller with the appropriate service module. The calling application uses the handle to obtain services implemented by the attached module. Each call to attach is an independent request with its own handle and an independent execution state.

Before attaching a service module, an application can query the CSSM module information files about the system’s installed modules, their capabilities and functions, and the module’s GUID. Applications use this information to select a module. Applications can also query about CSSM itself.

The CSSM memory management functions are a class of routines for reclaiming memory allocated by CSSM on behalf of an application from the CSSM memory heap. When CSSM allocates objects from its own heap and returns them to an application, the application must inform CSSM when it no longer requires the use of that object. Applications use specific APIs to free CSSM-allocated memory. When an application invokes a free function, CSSM can choose to retain or free the indicated object, depending on other conditions known only to CSSM. In this way CSSM and applications work together to manage these objects in the CSSM memory heap.

As a security framework in which applications run, CSSM safeguards the environmental integrity against threat of viruses and other forms of impersonation. CSSM reduces the risk of these threats by requiring digitally signed modules and by checking dynamically the identity and integrity of CSP modules at attach time. This verification ensures that any modification, whether accidental or malicious, may be detected prior to performing trusted

18

Chapter 1