HP UX Security Products and Features Software Implementing Integrity Checking in Add-In Modules

Common Data Security Architecture (CDSA) White Paper

How to Create a CDSA Add-In Module for HP-UX

simpler.

For detailed information on coding the initialization program to perform self-checks, see “Programming Self-Check Functions into the Initializer” on page 56.

For more conceptual information about initialization, see “Initializer” on page 50.

3.Register services to CSSM by calling AddInAuthenticate().

Every add-in module must implement AddInAuthenticate() to do the following tasks:

•If the add-in is a CSP, perform integrity verification on CSSM. This is not needed if your add-in is a CL, DL or TP.

•Build the function table, which contains function pointers that CSSM can invoke. Set unsupported functions to NULL.

•Register the function table to CSSM by invoking a CSSM API CSSM_RegisterServices().

For detailed information about CSP code requirements, see “Validating the CSP Credentials” on page 65 and “HP Signing Policy for CSP Add-In Vendors for CDSA Version 1.2” on page 297.

4.Create an install (or uninstall) program to install (uninstall) the add-in module, to make it visible to applications.

The install program performs two tasks:

•Move the add-in library to the add-in module directory /usr/lib/cdsa and set the mode to 555.

•Invoke CSSM_ModuleInstall() to create add-in information files for your add-in. The information files will be in /var/cdsa/cssm and may be queried by applications using the CSSM_GetModuleInfo function.

An add-in module becomes unavailable after being uninstalled from the system. The uninstall program performs two tasks:

•Remove the add-in library from /usr/lib/cdsa.

•Invoke CSSM_ModuleUninstall() to remove information files from /var/cdsa/cssm.

Implementing Integrity Checking in Add-In Modules

If you are developing a CSP add-in module, its initialization program must implement integrity checking, both self-check and bilateral. The following reference will guide you in this task.