HP UX Security Products and Features Software manual How to Create a Cdsa Add-In Module for HP-UX

Common Data Security Architecture (CDSA) White Paper

How to Create a CDSA Add-In Module for HP-UX

long len = <number of bytes in Key>;

if (!Name (len > Name->length)) return;

Name->length = len; memcpy(Name->value, Key, Name->length); return;

}

Programming AddInAuthenticate() to Perform Bilateral Authentication

If the Self check is successful, control is returned to the CSSM manager, which will call the add-in’s AddInAutheticate function. Ironically, the name implies that authentication is going on. This is not true unless specific code is added to perform bilateral authentication.

If the add-in module does not have to be authenticated, AddInAuthenticate() simply sets up pointers to functions the add-in module will need to access.

When authentication is desired, AddInAuthenticate() function must do the following:

1.Get the public key of the root CA authority that signed the CSSM module credential.

2.Get the distinguished name of the root CA authority that signed the CSSM module credential.

3.Call ISL_VerifyLoadedModuleAndCredentials using the public key and distinguished name retrieved in steps 1 and 2. This step checks the integrity of the CSSM shared library.

4.Verify that the function that called AddInAuthenticate() comes from the same code verified in step 3 (that is, that AddInAuthenticate() is being called from the CSSM module).

The ISL_VerifyLoadedModuleCredentials function is included in the CSSM library. To access it, include the header file cdsa/eislapi.h in your program.

The following functions must also be present in the add-in shared library for AddInAuthenticate() to perform bilateral authentication:

•ISL_RetrieveRootIssuerKey

•ISL_RetrieveRootIssuerName

Source code for these functions may be obtained directly from HP. Place these functions in the