HP UX Security Products and Features Software manual Or specify the following for CL/TP/DL add-ins

Common Data Security Architecture (CDSA) White Paper

How to Create a CDSA Add-In Module for HP-UX

VerifiedCSSMModulePtr = NULL;

return CSSM_FAIL;

}

.

.

.

Completing the Development of a CSP that Performs Integrity Checking

1.Test your add-in module, using a CSSM manager running in non-authentication mode. (Such a CSSM manager can be obtained from Hewlett-Packard with a special license agreement.)

2.Once you are confident the add-in module is functioning properly in non-authentication mode, re-compile the add-in module with both self-checking and bilateral authentication enabled. In your link directive to generate the add-in, specify either the following for CSP add-ins:

+e AddInAuthenticate +e ISL_RetrieveSelfCheckCredentials \

+e ISL_RetrieveSelfCheckSectionName +e ISL_RetrieveSelfCheckKey \ +e ISL_RetrieveRootIssuerKey +e ISL_RetrieveRootIssuerName

or specify the following for CL/TP/DL add-ins:

+e AddInAuthenticate

That is, you want all symbols hidden belonging to the add-in, except for the AddInAuthenticate function for all types of add-ins, and the

ISL_RetrieveSelfCheckCredentials, ISL_RetrieveSelfCheckSectionName, ISL_RetrieveSelfCheckKey, ISL_RetrieveRootIssuerKey, and ISL_RetrieveRootIssuerName functions for CSP add-ins.

3.Produce a credential file for this shared library. To do this, you must use the HP signing tool, signdll.

Currently HP is unable to release this code to add-in module developers. Instead, HP will generate the credential file for the add-in developer upon request, using the private key described in “ISL_RetrieveSelfCheckKey” on page 59.

HP requires that the shared library add-in module be compiled with self-check and bilateral authentication enabled, and be named as follows:

lib<some_csp_name>.1

4. Once you have the credential for the new add-in module, you are ready to test the module