HP UX Security Products and Features Software manual Introduction to Add-in Modules

The Role of Add-In Modules in the CDSA Framework

In HP-UX, a CDSA add-in module is a shared library that can be dynamically loaded into the system by CSSM and uses CSSM to provide services to applications.

By convention, the add-in module is named libxxx.1 for the first version of the library, where xxx is the library’s chosen name.

The CSSM acts as a “broker” between applications and add-in modules, by receiving and handling all requests from applications for access and use of add-in modules.

An application derives information about add-in modules from CSSM module information files, which contain data about a module and its services. Using that information, applications request that CSSM attach to an add-in module. Applications can query the CSSM module information files using the CSSM_GetModuleInfo function.

The first time the module is attached, CSSM calls the module’s Initialize function to allow the module to perform initialization operations.

When CSSM attaches to a module service, it returns a module handle to the application that uniquely identifies the pairing of the application thread to the module service instance. The application uses this handle to identify the module service in future function calls. The module service uses the handle to identify the calling application.

During the initialization process, if the module is a CSP, it undergoes a series of integrity checks, including a bilateral authentication protocol to ensure the integrity of the CSSM, as part of CSSM_ModuleAttach. This verification must succeed for a CSP module to attach to CSSM.

Once the integrity of a CSP module is verified, the add-in module uses

CSSM_RegisterServices to register a function table with CSSM for each sub-service that it