Skip to main content

Security module dependencies

TAP relies on the existence of a statically known dispatcher function for every SMP. Refer to the SMP guidelines for the expected signature of the dispatcher.

TAP does not perform any key or object management. Each SMP is expected to provide its own internal key and object management for the life of a TAP context. A TAP client sends a serialized BLOB via the TAP_LoadKey or TAP_LoadObject command and expects a unique handle in return. All subsequent commands within the same context that use a key or object use the returned handle. This is required to prevent sending the entire key and object BLOB for every command that uses a key or object.

When an UnloadKey or UnloadObject command is received, the SMP should free any allocated resources and the key or object handle should be invalidated. When a context is uninitialized, all keys and objects still loaded must be freed. The format for storing the keys and objects, serialized or deserialized, is the responsibility of the SMP provider.

As such, TAP requires that each SMP provide functions to operate on its internal key and object structures, including functions to perform the following tasks:

  • Free a key

  • Copy a key

  • Serialize a key

  • Deserialize a key

  • Free an object

  • Copy an object

  • Serialize an object

  • Deserialize an object