Common Data Security Architecture (CDSA) White Paper
Chapter 1 69
Common Data Security Architecture (CDSA) White Paper
Validating the CSP Credentials
Figure 1-11 Verifying the validity of the CSP library
5. If the values match, the shared library is loaded. If the hashes do not match, CDSA
execution will terminate.
The Self Check
Once an HP-UX shared library is loaded, it is initialized. Then control is returned to the
function that initiated loading of the shared library.
In the self check, the CSP add-in module that has just been loaded checks itself, to make sure
it has not been tampered with.
1. The signer’s public key is extracted from the CSP shared library and used to directly verify
the signature on .SF file. No chaining validation is necessary.
2. After the signature is validated, the SHA-1 hash of the section in the .MF file referring to
the shared library just loaded is calculated and compared with the hash in the .SF file.
3. If these hashes match, a hash of the CSP shared library is calculated and compared to the
hash in the .MF file.
4. If the hash matches (indicating the .MF file has not been tampered with), control is
returned back to the function which initiated loading of the shared library.
CSP file
.MF file, containing hash of
shared library and library name
SHA-1
HASH
function
Are
SHA-1
hashes
equal?
CSP shared library is valid
.CSP shared
library has been
tampered with.
STOP!
No
Yes