Common Data Security Architecture (CDSA) White Paper
60 Chapter1
Common Data Security Architecture (CDSA) White Paper
How to Create a CDSA Add-In Module for HP-UX
long len = <number of bytes in Key>;
if (!Name || (len > Name->length))
return;
Name->length = len;
memcpy(Name->value, Key, Name->length);
return;
}
Programming AddInAuthenticate() to Perform Bilateral
Authentication
If the Self check is successful, control is returned to the CSSM manager, which will call the
add-in’s AddInAutheticate function. Ironically, the name implies that authentication is going
on. This is not true unless specific code is added to perform bilateral authentication.
If the add-in module does not have to be authenticated, AddInAuthenticate() simply sets up
pointers to functions the add-in module will need to access.
When authentication is desired, AddInAuthenticate() function must do the following:
1. Get the public key of the root CA authority that signed the CSSM module credential.
2. Get the distinguished name of the root CA authority that signed the CSSM module
credential.
3. Call ISL_VerifyLoadedModuleAndCredentials using the public key and distinguished
name retrieved in steps 1 and 2. This step checks the integrity of the CSSM shared
library.
4. Verify that the functionthat called AddInAuthenticate() comes from the same code verified
in step 3 (that is, that AddInAuthenticate() is being called from the CSSM module).
The ISL_VerifyLoadedModuleCredentials function is included in the CSSM library. To access
it, include the header file cdsa/eislapi.h in your program.
The following functions must also be present in the add-in shared library for
AddInAuthenticate() to perform bilateral authentication:
• ISL_RetrieveRootIssuerKey
• ISL_RetrieveRootIssuerName
Source code for these functions may be obtained directly from HP. Place these functions in the