About the FM SDK Programming Guide

A Functionality Module (FM) is a custom-developed, customer-specific code that operates within the secure confines of a Hardware Security Module (HSM).

This document is intended for software developers, as a technical reference which describes the programming methodologies and functions used for the development of Functionality Modules and host-side applications. It also describes the tools and requirements for the management of FMs on compliant HSMs.

FMs allow application developers to design security sensitive program code that can be loaded into the HSM to operate as part of the HSM firmware.

The FM concept allows developers to place their most sensitive algorithms within the logical and physical security perimeter of the HSM. A HSM is the pinnacle of a systems trust pyramid and ultimate solution to the threats of malicious tampering and secret exposure.

FMs can make extensive use of the HSM functionality, which is provided using a PKCS#11 compliant Application Programming Interface (API) and a rich set of commands available just to FMs.

The FM has access to tamper protected persistent storage so it can manage its own keys and critical parameters independently of the PKCS#11 objects.

The FM also has direct access to a RS232 interface (using a USB dongle) of the HSM and can use this port to implement a physically trusted path to an external device.

The Luna FM SDK package allows developers an extensive opportunity to create a large range of customized high security applications.

NOTE   This feature has software and/or firmware dependencies. See Version Dependencies by Feature for more information.

This document describes how to use the FM SDK to write, test, install, and use functionality modules to provide custom functions on the HSM. It contains the following chapters:

>Setup

>FM Architecture

>FM Development

>FM Samples

>Utilities Reference

>Cryptographic Engine

>Cipher Objects

>Hash Objects

>Setting Privilege Level

>SMFS Reference

>FMDebug Reference

>Message Dispatch API Reference

>Cryptoki Extension

>HSM Functions Reference

The preface includes the following information about this document:

>Customer Release Notes

>Audience

>Document Conventions

>Support Contacts

For information regarding the document status and revision history, see Document Information.