Manualshelf

Common Data Security Architecture (CDSA) White Paper

ManualsBrandsHP ManualsSoftwareHP-UX Security Products and Features Software
41424344454647484950
48 Chapter1
Common Data Security Architecture (CDSA) White Paper
Introduction to Add-in Modules
Introduction to Add-in Modules
NOTE This section provides a conceptual overview of CDSA add-in modules.
For a summary of how to create an add-in module, see “How to Create a
CDSA Add-In Module for HP-UX” on page 53.
For information on credentials required for any CSP add-in module, see
“Validating the CSP Credentials” on page 65 and “HP Signing Policy for
CSP Add-In Vendors for CDSA Version 1.2” on page 84.
The Role of Add-In Modules in the CDSA Framework
In HP-UX, a CDSA add-in module is a shared library that can be dynamically loaded into the
system by CSSM and uses CSSM to provide services to applications.
By convention, the add-in module is named libxxx.1 for the first version of the library, where
xxx is the library’s chosen name.
The CSSM acts as a “broker” between applications and add-in modules, by receiving and
handling all requests from applications for access and use of add-in modules.
An application derives information about add-in modules from CSSM module information
files, which contain data about a module and its services. Using that information, applications
request that CSSM attach to an add-in module. Applications can query the CSSM module
information files using the CSSM_GetModuleInfo function.
The first time the module is attached, CSSM calls the module’s Initialize function to allow the
module to perform initialization operations.
When CSSM attaches to a module service, it returns a module handle to the application that
uniquely identifies the pairing of the application thread to the module service instance. The
application uses this handle to identify the module service in future function calls. The
module service uses the handle to identify the calling application.
During the initialization process, if the module is a CSP, it undergoes a series of integrity
checks, including a bilateral authentication protocol to ensure the integrity of the CSSM, as
part of CSSM_ModuleAttach. This verification must succeed for a CSP module to attach to
CSSM.
Once the integrity of a CSP module is verified, the add-in module uses
CSSM_RegisterServices to register a function table with CSSM for each sub-service that it