Common Data Security Architecture (CDSA) White Paper
Chapter 1 55
Common Data Security Architecture (CDSA) White Paper
How to Create a CDSA Add-In Module for HP-UX
simpler.
For detailed information on coding the initialization program to perform self-checks, see
“Programming Self-Check Functions into the Initializer” on page 56.
For more conceptual information about initialization, see “Initializer” on page 50.
3. Register services to CSSM by calling AddInAuthenticate().
Every add-in module must implement AddInAuthenticate() to do the following tasks:
• If the add-in is a CSP, perform integrity verification on CSSM. This is not needed if
your add-in is a CL, DL or TP.
• Build the function table, which contains function pointers that CSSM can invoke. Set
unsupported functions to NULL.
• Register the function table to CSSM by invoking a CSSM API
CSSM_RegisterServices().
For detailed information about CSP code requirements, see “Validating the CSP
Credentials” on page 65 and “HP Signing Policy for CSP Add-In Vendors for CDSA
Version 1.2” on page 297.
4. Create an install (or uninstall) program to install (uninstall) the add-in module, to make it
visible to applications.
The install program performs two tasks:
• Move the add-in library to the add-in module directory /usr/lib/cdsa and set the mode to
555.
• Invoke CSSM_ModuleInstall() to create add-in information files for your add-in. The
information files will be in /var/cdsa/cssm and may be queried by applications using the
CSSM_GetModuleInfo function.
An add-in module becomes unavailable after being uninstalled from the system. The
uninstall program performs two tasks:
• Remove the add-in library from /usr/lib/cdsa.
• Invoke CSSM_ModuleUninstall() to remove information files from /var/cdsa/cssm.
Implementing Integrity Checking in Add-In Modules
If you are developing a CSP add-in module, its initialization program must implement
integrity checking, both self-check and bilateral. The following reference will guide you in
this task.