Common Data Security Architecture (CDSA) White Paper
56 Chapter1
Common Data Security Architecture (CDSA) White Paper
How to Create a CDSA Add-In Module for HP-UX
Programming Self-Check Functions into the Initializer
As soon as a CSP shared library is loaded into computer memory, it should cause one of its
own functions to execute to perform self-checks. The initialization function should call the
ISL_SelfCheck function. (When self checking is not desired, these initialization functions
become null functions.)
Here is the previous example of an initialization function with ISL_SelfCheck invoked:
void _MyAddIn_init( shl_t hInstance, int loading)
{
ISL_VERIFIED_MODULE_PTR VerifiedCLModulePtr = NULL;
if (loading)
{
VerifiedCLModulePtr = ISL_SelfCheck(hInstance);
ISL_RecycleVerifiedModuleCredentials(VerifiedCLModulePtr);
} else { /* perform termination */
/* un-register services by invoking CSSM_DeregisterServices. */
}
}
Observe, the initialization function cannot return a status, since nothing really calls it. It is
simply run by the HP-UX shl_load function after the function loads the shared library.
ISL_SelfCheck ISL_SelfCheck does the following:
• Retrieves self-check credentials from /usr/lib/cdsa/meta-inf.
• Retrieves self-check public key (public key of the entity that signed the credential for the
add-in).
• Verifies the add-in module.
The ISL_SelfCheck function is included in the CSSM shared library. To access it, include the
header file cdsa/eislapi.h in your program.
In addition, other functions must be present in the add-in module. ISL_SelfCheck assumes
the existence of the following functions (whose use will be detailed shortly):
• ISL_RetrieveSelfCheckCredentials
• ISL_RetrieveSelfCheckSectionName
• ISL_RetrieveSelfCheckKey