Overview

A Functionality Module (FM) is custom-developed, customer-specific code that operates within the secure confines of a Hardware Security Module (HSM). You can use the SafeNet ProtectToolkit FM SDK to develop FMs for the SafeNet ProtectServer Network HSM and SafeNet ProtectServer PCIe HSM, introduced in release 5.0.

FMs allow application developers to design security-sensitive program code, which can be downloaded into the HSM to operate as part of the HSM firmware. This functionality may be required to implement custom algorithms, or to isolate security-sensitive code from the host environment. FMs can make full use of the HSM functionality, which is provided using a PKCS#11-compliant Application Programming Interface (API). The SafeNet ProtectToolkit FM SDK allows developers an extensive opportunity to create a wide range of customized high-security applications.

To assist in the development of FMs, the SafeNet ProtectToolkit FM SDK contains support for FM emulation on the Host System.

This document is intended for software developers, as a technical reference describing the programming methodologies and functions used for developing Functionality Modules and host-side applications.

Features

Host apps are supported on all platforms supporting the SafeNet ProtectToolkit SDK. FMs have to be cross-compiled on Linux. The FM SDK provides the following components:

>Sample FM code

>Sample host-side code

>Build scripts

>Host–side libraries

>Java classes to access HSMs

>Java docs

>FM binary image generation tools

>FM libraries

>FM emulation libraries

Constraints

The SafeNet ProtectToolkit FM SDK has the following limitations on FM development:

>The SafeNet ProtectToolkit FM SDK requires SafeNet ProtectToolkit-C.

>FM's compiled using the SafeNet ProtectToolkit FM SDK 5.4 or newer do not load correctly into HSMs using firmware 5.00.xx.

>Downgrading HSMs from firmware 5.01.00 or newer to 5.00.08 or older will delete any FMs on the device that were compiled using the SafeNet ProtectToolkit FM SDK 5.4 or newer.