Common Data Security Architecture (CDSA) White Paper
Chapter 1 63
Common Data Security Architecture (CDSA) White Paper
How to Create a CDSA Add-In Module for HP-UX
VerifiedCSSMModulePtr = NULL;
return CSSM_FAIL;
}
.
.
.
Completing the Development of a CSP that Performs Integrity
Checking
1. Test your add-in module, using a CSSM manager running in non-authentication mode.
(Such a CSSM manager can be obtained from Hewlett-Packard with a special license
agreement.)
2. Once you are confident the add-in module is functioning properly in non-authentication
mode, re-compile the add-in module with both self-checking and bilateral authentication
enabled. In your link directive to generate the add-in, specify either the following for CSP
add-ins:
+e AddInAuthenticate +e ISL_RetrieveSelfCheckCredentials \
+e ISL_RetrieveSelfCheckSectionName +e ISL_RetrieveSelfCheckKey \
+e ISL_RetrieveRootIssuerKey +e ISL_RetrieveRootIssuerName
or specify the following for CL/TP/DL add-ins:
+e AddInAuthenticate
That is, you want all symbols hidden belonging to the add-in, except for the
AddInAuthenticate function for all types of add-ins, and the
ISL_RetrieveSelfCheckCredentials, ISL_RetrieveSelfCheckSectionName,
ISL_RetrieveSelfCheckKey, ISL_RetrieveRootIssuerKey, and
ISL_RetrieveRootIssuerName functions for CSP add-ins.
3. Produce a credential file for this shared library. To do this, you must use the HP signing
tool, signdll.
Currently HP is unable to release this code to add-in module developers. Instead, HP will
generate the credential file for the add-in developer upon request, using the private key
described in “ISL_RetrieveSelfCheckKey” on page 59.
HP requires that the shared library add-in module be compiled with self-check and
bilateral authentication enabled, and be named as follows:
lib<some_csp_name>.1
4. Once you have the credential for the new add-in module, you are ready to test the module