canmove, Confirmed users
937
edits
FIPSFSM: Difference between revisions
→Finite State Model
No edit summary |
|||
| Line 12: | Line 12: | ||
[[ Image:Fsm5.png ]] | [[ Image:Fsm5.png ]] | ||
The NSS cryptographic module has two modes of operation: FIPS Approved mode and non-FIPS Approved mode. The two modes of operation are independent of each other -- they have their own copies of data structures and they are even allowed to be active at the same time. The two modes are represented by the two concurrent substates inside the Power On composite state. '''The module is FIPS 140-2 compliant only when the non-FIPS Approved mode is inactive.''' The FIPS Approved mode on the left hand side is of more interest to the FIPS 140-2 validation and it is therefore shown with more details. When a program calls the <code>FC_Initialize</code> function of the NSS cryptographic module library, the state changes and power-up self-tests are performed. See [http://wiki.mozilla.org/Section_9:_Self_Tests Self Tests] for a description of the power-up self-tests. If the self-tests succeed, the library is considered initialized for the FIPS Approved mode and the module enters the normal operational state. Please refer to the tables below when studying this state transition diagram. | The NSS cryptographic module has two modes of operation: FIPS Approved mode and non-FIPS Approved mode. The two modes of operation are independent of each other -- they have their own copies of data structures and they are even allowed to be active at the same time. The two modes are represented by the two concurrent substates inside the Power On composite state. '''The module is FIPS 140-2 compliant only when the non-FIPS Approved mode is inactive (in state 5.A).''' The FIPS Approved mode on the left hand side is of more interest to the FIPS 140-2 validation and it is therefore shown with more details. When a program calls the <code>FC_Initialize</code> function of the NSS cryptographic module library, the state changes and power-up self-tests are performed. See [http://wiki.mozilla.org/Section_9:_Self_Tests Self Tests] for a description of the power-up self-tests. If the self-tests succeed, the library is considered initialized for the FIPS Approved mode and the module enters the normal operational state. Please refer to the tables below when studying this state transition diagram. | ||
'''Access to certificate and key databases''': Only one of the two modes of operation may have the certificate and key databases open at any time. This is enforced by the <code>FC_Initialize</code> and <code>NSC_Initialize</code> functions. When a mode of operation opens the databases, it also causes the other mode (the ''peer'') to close the databases. In the diagram below this is represented by a toggle switch. | '''Access to certificate and key databases''': Only one of the two modes of operation may have the certificate and key databases open at any time. This is enforced by the <code>FC_Initialize</code> and <code>NSC_Initialize</code> functions. When a mode of operation opens the databases, it also causes the other mode (the ''peer'') to close the databases. In the diagram below this is represented by a toggle switch. | ||