HP UX Security Products and Features Software manual

Common Data Security Architecture (CDSA) White Paper

How to Create a CDSA Add-In Module for HP-UX

Programming Self-Check Functions into the Initializer

As soon as a CSP shared library is loaded into computer memory, it should cause one of its own functions to execute to perform self-checks. The initialization function should call the ISL_SelfCheck function. (When self checking is not desired, these initialization functions become null functions.)

Here is the previous example of an initialization function with ISL_SelfCheck invoked:

void _MyAddIn_init( shl_t hInstance, int loading)

{

ISL_VERIFIED_MODULE_PTR VerifiedCLModulePtr = NULL; if (loading)

{

VerifiedCLModulePtr = ISL_SelfCheck(hInstance);

ISL_RecycleVerifiedModuleCredentials(VerifiedCLModulePtr); } else { /* perform termination */

/* un-register services by invoking CSSM_DeregisterServices. */

}

}

Observe, the initialization function cannot return a status, since nothing really calls it. It is simply run by the HP-UX shl_load function after the function loads the shared library.

ISL_SelfCheck ISL_SelfCheck does the following:

•Retrieves self-check credentials from /usr/lib/cdsa/meta-inf.

•Retrieves self-check public key (public key of the entity that signed the credential for the add-in).

•Verifies the add-in module.

The ISL_SelfCheck function is included in the CSSM shared library. To access it, include the header file cdsa/eislapi.h in your program.

In addition, other functions must be present in the add-in module. ISL_SelfCheck assumes the existence of the following functions (whose use will be detailed shortly):

•ISL_RetrieveSelfCheckCredentials

•ISL_RetrieveSelfCheckSectionName

•ISL_RetrieveSelfCheckKey