Security module dependencies
TAP relies on the existence of a statically known dispatcher function for every SMP. Refer to the SMP guidelines for the expected signature of the dispatcher.
TAP does not perform any key or object management. Each SMP is expected to provide its own internal key and object management for the life of a TAP context. A TAP client sends a serialized BLOB via the TAP_LoadKey
or TAP_LoadObject
command and expects a unique handle in return. All subsequent commands within the same context that use a key or object use the returned handle. This is required to prevent sending the entire key and object BLOB for every command that uses a key or object.
When an UnloadKey
or UnloadObject
command is received, the SMP should free any allocated resources and the key or object handle should be invalidated. When a context is uninitialized, all keys and objects still loaded must be freed. The format for storing the keys and objects, serialized or deserialized, is the responsibility of the SMP provider.
As such, TAP requires that each SMP provide functions to operate on its internal key and object structures, including functions to perform the following tasks:
Free a key
Copy a key
Serialize a key
Deserialize a key
Free an object
Copy an object
Serialize an object
Deserialize an object