|
|
The Intel Common Data Security Architecture ApplicationDeveloper's Guide and the Intel Common Data SecurityArchitecture Service Provider Developer's Guide havein-depth information about developing applications and add-in modulesfor CDSA.
The development process includes generating certificates andkey pairs to be used in the signing process and later in the integritychecking process. The public keys are extracted from the certificateinto a code module that is included in the application. The privatekeys remain on the signing system. After the code is built, the certificateis used to "sign" the application or service providermodule. The product of the signing is a manifest, which is typicallykept with the executable.
The following sections summarize the steps for building asigned CDSA application or add-in module on OpenVMS.
The SigningEnvironment
To create manifests used for authentication of CDSA modules,you must have a working version of CDSA and the signing tools installedon a machine. It is good practice to dedicate a specific machineor set of machines to be the signing center. Certificates for signingshould be generated on the signing machine, and the signing of generatedmodules must be done there. The tools, applications, CDSA stack,and private keys used to generate certificates should not be modifiedor reinstalled after the certificate generation process has completed.Doing so will invalidate the keys used to make the certificatesand will cause any modules signed to fail integrity checking.
Development and testing of modules should be conducted onother machines so as not to disrupt the signing environment.
The signing directory on an OpenVMS system is CDSA_SYSDIR:[SIGN].
On OpenVMS, the account that is used to create certificatesmust be the same account that is used for signing developed applicationsand service-provider modules. This is required because the privatekeys are stored in the namespace of that user account and must beaccessible by the code performing those functions. Note that thisaccount requires the SYSPRV privilege to access the signing directory.
The SigningTools
The following programs are used in developing CDSA applicationsor add-ins:
Program Name | Description |
---|---|
SYS$SYSTEM:CDSA$CERTGEN.EXE | Certificate creation tool |
SYS$SYSTEM:CDSA$ISSUER.EXE | Public key extraction tool |
SYS$SYSTEM:CDSA$SIGN.EXE | Signing tool |
The following files in CDSA_SYSDIR:[SIGN] are named accordingto Intel naming conventions. Their names can be changed to suitany other development conventions. If the names introot.cer or intmanf.cerare changed, intchain must be updated to reflect the new names.The new certificate names will also be used as parameters to cdsa_sign.
File Name | Description |
---|---|
introot.cer | The CDSA Integrity Root certificate containingthe public key of the root of the integrity chain. |
intmanf.cer | The CDSA Integrity Manufacturing certificatecontaining the public key of the manufacturer. |
ssintapps.run | The run file that is input to the certificatecreation tool (CDSA$CERTGEN.EXE) to create a self-signed applicationcertificate. |
ssintapps.xml | The X509 formatted identification ofthe signer of the application certificate. |
ssintmods.run | The run file that is input to the certificatecreation tool (CDSA$CERTGEN.EXE) to create a self-signed add-inmodule certificate. |
ssintmods.xml | The X509 formatted identification ofthe signer of the add-in module certificate |
intchain. | A list of certificates comprising theintegrity certificate chain; that is, introot.cer and intmanf.cer |
The file CDSA_SYSDIR:[SIGN]CDSA$GEN_CERTS.COM is used to generatethe digital certificates and keypairs that are used by CDSA applications.
The SigningProcess
The first five of the following nine steps need to be doneonly once for each application or add-in module being developed.However, each time the application is changed, a new manifest mustbe created and the application must be reinstalled in the CDSA MDSdatabase (steps 8 and 9).
If you are building the example programs provided with CDSAVersion 2.0 or later, some of the following steps have been donein example code or accompanying command procedures. Read SYS$COMMON:[SYSHLP.EXAMPLES.CDSA]README.TXTfor details.
$ @CDSA_SYSDIR:[SIGN]CDSA$UUIDGENxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxThe string form of the GUID is used as input to the signingtool, CDSA$SIGN.EXE, when the application or add-in module is signed.
"{FD52A3EA-D9EC-1159-916B-08002BC48051}"The numeric form of the same GUID (as defined by the datastructure CSSM_GUID) would be:
{0xfd52a3ea, 0xd9ec, 0x1159, {0x91, 0x6b, 0x08, 0x0, 0x2b, 0xc4, 0x80, 0x51}}Add a GUID variable pointer to the calls to
CSSM_Init()
and, if you are using them, to CSSM_Introduce()
and CSSM_Unintroduce()
. If you are developing on a system earlier than OpenVMSVersion 7.3-2, you must find another method to generate a GUID thatconforms to the preceding format. |
Attribute OID | Attribute Name | Example Value | OpenVMS Value |
---|---|---|---|
2.5.4.3 | Common Name | Senior Technician | Hewlett-Packard |
2.5.4.10 | Organization Name | XYZ Company | BCS (Business Critical Servers) |
2.5.4.11 | Organizational Unit Name | ABC Division | OpenVMS |
2.5.4.1 | Aliased Entry Name | XYZ Security Product | HP OpenVMS Integrity Root |
2.5.4.9 | Street Address | 110 Maple Street | 110 Spit Brook Road |
2.5.4.7 | Locality | Anytown | Nashua |
2.5.4.8 | State or Province | XX | NH |
2.5.4.6 | Country | USA | USA |
2.5.4.17 | Postal Code | 54321 | 03062 |
2.5.4.23 | Telephone Number | 777-666-4321 | (not used) |
1.2.840.113549.1.9.1 | Email Address | role@xyz.com | OpenVMSSecurity@hp.com |
Make the desired changes to the attributes in the .XML fileto identify the issuer of the certificates. Chapter 3 of the IntelCommon Data Security Architecture Manifest Signing Tools User'sGuide explains the XML syntax used here.
You can run CDSA$CERTGEN.EXE by itself or you can executethe command procedure CDSA_SYSDIR:[SIGN]CDSA$GEN_CERTS.COM to runboth CDSA$CERTGEN.EXE to generate a certificate and CDSA$ISSUER.EXEto generate the key code (see Step 3).
OpenVMSSecurity@hp.com
.The response will provide details on how to proceed with havingyour certificates signed by the OpenVMS integrity root. EISL_RetrieveSelfCheckSectionName()
EISL_RetrieveSelfCheckCredentials()
EISL_RetrieveSelfCheckCredentialsSize()
mdsutil_GetModuleCredentialInfo()
. In the DES2 and DES3 examples in this chapter (see DES2 Encryption/Decryption Example Program and DES3 Example Program), the application GUID isdefined by including a file called DESGUID.H.EISL_SelfCheck()
to validate the integrity of the application itself.After a successful return, call EISL_RecycleVerifiedModuleCredentials()
to release the structures that were created.AALProxyLoadCssm()
after EISL_SelfCheck()
, and before making any calls to CSSM.CSSM_Init()
CSSM_Introduce()
CSSM_ModuleLoad()
CSSM_Unintroduce()
(if you used it) before calling CSSM_Terminate()
and then AALProxyUnloadCssm()
.CDSA Add-in Modules
The integrity checking process for add-in modules is providedby the Multi-service Add-in Framework. In fact, the MAF*.* modulesprovide a framework for developing an add-in module.
Development of a CDSA service provider add-in module is beyondthe scope of this document. The OpenVMS CDSA example applicationADDIN illustrates the development of a Cryptographic Service Provideradd-in module. The Intel Common Data Security ArchitectureService Provider Developer's Guide provides completedetails for developing an add-in module for CDSA.
|
|