FIPSFSM: Difference between revisions
Jump to navigation
Jump to search
| Line 73: | Line 73: | ||
| 1.0|| Power Off|| Power On|| Host computer is powered up|| None | | 1.0|| Power Off|| Power On|| Host computer is powered up|| None | ||
|- | |- | ||
| 1.1|| Inactive|| Power Up Self Test|| <code>FC_Initialize</code> called|| Power-up self-tests initiated | | 1.1|| (FIPS Approved mode) Inactive|| Power Up Self Test|| <code>FC_Initialize</code> called|| Power-up self-tests initiated | ||
|- | |- | ||
| 1.2|| Power Up Self Test|| Public Services|| Successful library initialization, software integrity test, and power-up self-tests|| <code>FC_Initialize</code> sets the internal Boolean state variable <code>fatalError</code> to false and returns <code>CKR_OK</code> | | 1.2|| Power Up Self Test|| Public Services|| Successful library initialization, software integrity test, and power-up self-tests|| <code>FC_Initialize</code> sets the internal Boolean state variable <code>fatalError</code> to false and returns <code>CKR_OK</code> | ||
| Line 85: | Line 85: | ||
| 1.6|| Public Services|| Public Services|| User login failed|| <code>FC_Login</code> returns a nonzero error code (e.g., <code>CKR_PIN_INCORRECT</code>) | | 1.6|| Public Services|| Public Services|| User login failed|| <code>FC_Login</code> returns a nonzero error code (e.g., <code>CKR_PIN_INCORRECT</code>) | ||
|- | |- | ||
| 1.7|| Public Services|| Inactive|| <code>FC_Finalize</code> called|| <code>FC_Finalize</code> returns <code>CKR_OK</code> | | 1.7|| Public Services|| (FIPS Approved mode) Inactive|| <code>FC_Finalize</code> called|| <code>FC_Finalize</code> returns <code>CKR_OK</code> | ||
|- | |- | ||
| 2.1|| NSS User Services|| Public Services|| User logout requested|| <code>FC_Logout</code> sets the internal Boolean state variable <code>isLoggedIn</code> to false and returns <code>CKR_OK</code> | | 2.1|| NSS User Services|| Public Services|| User logout requested|| <code>FC_Logout</code> sets the internal Boolean state variable <code>isLoggedIn</code> to false and returns <code>CKR_OK</code> | ||
| Line 95: | Line 95: | ||
| 2.4|| On Demand Self Test|| Error|| On-demand self-test failed|| <code>FC_Login</code> sets the internal Boolean state variable <code>fatalError</code> to true and returns <code>CKR_DEVICE_ERROR</code> | | 2.4|| On Demand Self Test|| Error|| On-demand self-test failed|| <code>FC_Login</code> sets the internal Boolean state variable <code>fatalError</code> to true and returns <code>CKR_DEVICE_ERROR</code> | ||
|- | |- | ||
| 2.5|| NSS User Services|| Inactive|| <code>FC_Finalize</code> called|| <code>FC_Finalize</code> returns <code>CKR_OK</code> | | 2.5|| NSS User Services|| (FIPS Approved mode) Inactive|| <code>FC_Finalize</code> called|| <code>FC_Finalize</code> returns <code>CKR_OK</code> | ||
|- | |- | ||
| 2.6|| NSS User Services|| Error|| Conditional self-test (continuous random number generator test or pair-wise consistency test) failed while performing a service (random number generation or key pair generation)|| The function (<code>FC_SeedRandom</code>, <code>FC_GenerateRandom</code>, or <code>FC_GenerateKeyPair</code>) sets the internal Boolean state variable <code>fatalError</code> to true and returns <code>CKR_DEVICE_ERROR</code> or <code>CKR_GENERAL_ERROR</code> | | 2.6|| NSS User Services|| Error|| Conditional self-test (continuous random number generator test or pair-wise consistency test) failed while performing a service (random number generation or key pair generation)|| The function (<code>FC_SeedRandom</code>, <code>FC_GenerateRandom</code>, or <code>FC_GenerateKeyPair</code>) sets the internal Boolean state variable <code>fatalError</code> to true and returns <code>CKR_DEVICE_ERROR</code> or <code>CKR_GENERAL_ERROR</code> | ||
|- | |- | ||
| 3.0|| Error|| Inactive|| <code>FC_Finalize</code> called|| <code>FC_Finalize</code> returns <code>CKR_OK</code> | | 3.0|| Error|| (FIPS Approved mode) Inactive|| <code>FC_Finalize</code> called|| <code>FC_Finalize</code> returns <code>CKR_OK</code> | ||
|- | |- | ||
| 4.0|| Power On|| Power Off|| Host computer is powered off|| None | | 4.0|| Power On|| Power Off|| Host computer is powered off|| None | ||
|- | |- | ||
| 5.1|| Inactive|| Activated|| <code>NSC_Initialize</code> called|| <code>NSC_Initialize</code> returns <code>CKR_OK</code>. | | 5.1|| (non-FIPS Approved mode) Inactive|| (non-FIPS Approved mode) Activated|| <code>NSC_Initialize</code> called|| <code>NSC_Initialize</code> returns <code>CKR_OK</code>. | ||
|- | |- | ||
| 5.2|| Activated|| Inactive|| <code>NSC_Finalize</code> called|| <code>NSC_Finalize</code> returns <code>CKR_OK</code> | | 5.2|| (non-FIPS Approved mode) Activated|| (non-FIPS Approved mode) Inactive|| <code>NSC_Finalize</code> called|| <code>NSC_Finalize</code> returns <code>CKR_OK</code> | ||
|+ | |+ | ||
} | } | ||
Revision as of 01:39, 22 July 2006
This is a draft document.
Finite State Model
The NSS cryptographic module is a shared library/DLL loaded by an application program on a host computer. When a program calls the FC_Initialize function of the NSS cryptographic module library, the state changes and power-up self-tests are performed. See Self Tests for a description of the power-up self-tests. If the self-tests succeed, the library is considered initialized and the module enters the normal operational state. Refer to the tables below when studying this state transition diagram.
Recovery from error states: If the module ever enters the Error state, the NSS cryptographic module library needs to be shut down (transition 3.0) and reinitialized (transition 1.1).
Inclusive statement: The action of the finite state model as a result of all other combinations of data and control inputs is defined as follows.
- If the data and control inputs are valid and the module performs the service successfully, the module outputs the requested data or status information and returns
CKR_OK. - If the data and control inputs are invalid or the module encounters an error (e.g., running out of memory) when performing a service, the module does not output any data and simply returns an appropriate error code (e.g.,
CKR_HOST_MEMORY,CKR_TOKEN_WRITE_PROTECTED,CKR_TEMPLATE_INCOMPLETE, orCKR_ATTRIBUTE_VALUE_INVALID).
The module stays in the current state.
States
|
State Label |
State Mnemonic |
State Description |
Distinct Indicator |
|---|---|---|---|
| 1.X | Power Off | Host computer is powered off. The initial state. | Host computer's power light is off. |
| 1.Y | Power On | Host computer is up and running. This is a composite state with concurrent component state machines (separated by the dotted line) for the FIPS Approved mode and non-FIPS Approved mode. | Host computer's power light is on. |
| 1.A | Inactive | The FIPS Approved mode of the NSS cryptographic module is inactive. | Only FC_GetFunctionList and FC_Initialize may be called.
|
| 1.B | Power Up Self Test | NSS cryptographic module library initialization for the FIPS Approved mode has been initiated. This state performs library initialization, software integrity test, and power-up self-tests. | The FC_Initialize call is executing.
|
| 1.C | Public Services | NSS cryptographic module library has been initialized for the FIPS Approved mode and its self-tests have passed. Services that do not require logging in to the module are available. | Public services can be invoked. Private services fail with the error code CKR_USER_NOT_LOGGED_IN.
|
| 2.A | NSS User Services | Operator has successfully logged in to assume the NSS User role and has access to all the services provided by the FIPS Approved mode of the NSS cryptographic module. | All services can be invoked. |
| 2.B | On Demand Self Test | Operator requested self-tests are being run. | The FC_Login call is executing.
|
| 3 | Error | The FIPS Approved mode of the NSS cryptographic module either has failed a conditional test while performing a service or has failed a power-up or operator-initiated self-test. No further cryptographic operations will be performed. | Only FC_Finalize, FC_InitToken, FC_CloseSession, FC_CloseAllSessions, FC_WaitForSlotEvent, and the "get info" functions (FC_GetFunctionList, FC_GetInfo, FC_GetSlotList, FC_GetSlotInfo, and FC_GetTokenInfo) can be invoked. FC_Initialize fails with the error code CKR_CRYPTOKI_ALREADY_INITIALIZED. All other functions fail with the error code CKR_DEVICE_ERROR.
|
| 5.A | Inactive | The non-FIPS Approved mode of the NSS cryptographic module is inactive. | Only NSC_GetFunctionList and NSC_Initialize may be called.
|
| 5.B | Activated | The non-FIPS Approved mode of the NSS cryptographic module has been activated. This is a composite state whose substates are not relevant to FIPS 140-2. | All NSC_xxx functions may be called.
|
Transitions
|
Trans # |
Current State |
Next State |
Input Event |
Output Event |
|---|---|---|---|---|
| 1.0 | Power Off | Power On | Host computer is powered up | None |
| 1.1 | (FIPS Approved mode) Inactive | Power Up Self Test | FC_Initialize called |
Power-up self-tests initiated |
| 1.2 | Power Up Self Test | Public Services | Successful library initialization, software integrity test, and power-up self-tests | FC_Initialize sets the internal Boolean state variable fatalError to false and returns CKR_OK
|
| 1.3 | Power Up Self Test | Error | Software integrity test or power-up self-test failure | FC_Initialize sets the internal Boolean state variable fatalError to true and returns CKR_DEVICE_ERROR
|
| 1.4 | Public Services | Error | Conditional self-test (continuous random number generator test) failed while performing a service (random number generation) | The function (FC_SeedRandom or FC_GenerateRandom) sets the internal Boolean state variable fatalError to true and returns CKR_DEVICE_ERROR
|
| 1.5 | Public Services | NSS User Services | User login succeeded | FC_Login sets the internal Boolean state variable isLoggedIn to true and returns CKR_OK
|
| 1.6 | Public Services | Public Services | User login failed | FC_Login returns a nonzero error code (e.g., CKR_PIN_INCORRECT)
|
| 1.7 | Public Services | (FIPS Approved mode) Inactive | FC_Finalize called |
FC_Finalize returns CKR_OK
|
| 2.1 | NSS User Services | Public Services | User logout requested | FC_Logout sets the internal Boolean state variable isLoggedIn to false and returns CKR_OK
|
| 2.2 | NSS User Services | On Demand Self Test | On-demand self-test requested with a FC_Login call |
Self-tests initiated |
| 2.3 | On Demand Self Test | NSS User Services | On-demand self-test passed | FC_Login returns CKR_USER_ALREADY_LOGGED_IN
|
| 2.4 | On Demand Self Test | Error | On-demand self-test failed | FC_Login sets the internal Boolean state variable fatalError to true and returns CKR_DEVICE_ERROR
|
| 2.5 | NSS User Services | (FIPS Approved mode) Inactive | FC_Finalize called |
FC_Finalize returns CKR_OK
|
| 2.6 | NSS User Services | Error | Conditional self-test (continuous random number generator test or pair-wise consistency test) failed while performing a service (random number generation or key pair generation) | The function (FC_SeedRandom, FC_GenerateRandom, or FC_GenerateKeyPair) sets the internal Boolean state variable fatalError to true and returns CKR_DEVICE_ERROR or CKR_GENERAL_ERROR
|
| 3.0 | Error | (FIPS Approved mode) Inactive | FC_Finalize called |
FC_Finalize returns CKR_OK
|
| 4.0 | Power On | Power Off | Host computer is powered off | None |
| 5.1 | (non-FIPS Approved mode) Inactive | (non-FIPS Approved mode) Activated | NSC_Initialize called |
NSC_Initialize returns CKR_OK.
|
| 5.2 | (non-FIPS Approved mode) Activated | (non-FIPS Approved mode) Inactive | NSC_Finalize called |
NSC_Finalize returns CKR_OK
|