FIPSFSM
This is a draft document.
Finite State Model
The NSS FIPS cryptographic module runs as part of an application program on a host computer. When a running program makes an NSS library initialization call, the state changes and power-up self-tests are performed. See Self Tests for a description of the power-up self-tests. If the self-tests succeed, the NSS library is considered initialized and the module enters the normal operational state. Refer to the tables below when studying this state transition diagram.
Recovery from error states: If the module ever enters the Error state, the NSS library needs to be shut down (transition 3.0) and reinitialized (transition 1.1).
Inclusive statement: The action of the finite state model as a result of all other combinations of data and control inputs is to return an appropriate error code (e.g., CKR_HOST_MEMORY, CKR_TOKEN_WRITE_PROTECTED, CKR_TEMPLATE_INCOMPLETE, or CKR_ATTRIBUTE_VALUE_INVALID) and go back to the current state.
States
|
State Label |
State Mnemonic |
State Description |
Distinct Indicator |
|---|---|---|---|
| 1.X | Power Off | Host computer is powered off. The initial state. | Host computer's power light is off. |
| 1.A | Power On | Host computer is up and running. | Host computer's power light is on. |
| 1.B | Power Up Self Test | NSS library initialization has been initiated. This state performs library initialization, software integrity test, and power-up self-tests. | None. |
| 1.C | Public Services | NSS library has been initialized and its self-tests have passed. Services that do not require logging in to the module are available. | Public services can be invoked. Private services fail with the error code CKR_USER_NOT_LOGGED_IN. |
| 2.A | NSS User Services | Operator has successfully logged in to assume the NSS User role and has access to all the services provided by the NSS cryptographic module. | All services can be invoked. |
| 2.B | On Demand Self Test | Operator requested self-tests are being run. | None. |
| 3 | Error | NSS either has failed a conditional test while performing a service or has failed a power-up or operator-initiated self-test. No further cryptographic operations will be performed. | Only FC_Finalize, FC_InitToken, FC_CloseSession, FC_CloseAllSessions, FC_WaitForSlotEvent, and the "get info" functions (FC_GetFunctionList, FC_GetInfo, FC_GetSlotList, FC_GetSlotInfo, and FC_GetTokenInfo) can be invoked. FC_Initialize fails with the error code CKR_CRYPTOKI_ALREADY_INITIALIZED. All other functions fail with the error code CKR_DEVICE_ERROR. |
Transitions
|
Trans # |
Current State |
Next State |
Input Event |
Output Event |
|---|---|---|---|---|
| 1.0 | Power Off | Power On | Host computer is powered up | None |
| 1.1 | Power On | Power Up Self Test | NSS_Initialize/FC_Initialize called | Power-up self-tests initiated |
| 1.2 | Power Up Self Test | Public Services | Successful library initialization, software integrity test, and power-up self-tests | FC_Initialize sets the internal Boolean state variable fatalError to false and returns CKR_OK |
| 1.3 | Power Up Self Test | Error | Software integrity test or power-up self-test failure | FC_Initialize sets the internal Boolean state variable fatalError to true and returns CKR_DEVICE_ERROR |
| 1.4 | Public Services | Error | Conditional self-test failed while performing a service | The function (e.g., FC_GenerateRandom) sets the internal Boolean state variable fatalError to true and returns CKR_DEVICE_ERROR |
| 1.5 | Public Services | NSS User Services | User login succeeded | FC_Login sets the internal Boolean state variable isLoggedIn to true and returns CKR_OK |
| 1.6 | Public Services | Public Services | User login failed | FC_Login returns a nonzero error code (e.g., CKR_PIN_INCORRECT) |
| 1.7 | Public Services | Power On | NSS_Shutdown/FC_Finalize called | FC_Finalize returns CKR_OK |
| 2.1 | NSS User Services | Public Services | User logout requested | FC_Logout sets the internal Boolean state variable isLoggedIn to false and returns CKR_OK |
| 2.2 | NSS User Services | On Demand Self Test | On-demand self-test requested with a FC_Login call | Self-tests initiated |
| 2.3 | On Demand Self Test | NSS User Services | On-demand self-test passed | FC_Login returns CKR_USER_ALREADY_LOGGED_IN |
| 2.4 | On Demand Self Test | Error | On-demand self-test failed | FC_Login sets the internal Boolean state variable fatalError to true and returns CKR_DEVICE_ERROR |
| 2.5 | NSS User Services | Power On | NSS_Shutdown/FC_Finalize called | FC_Finalize returns CKR_OK |
| 3.0 | Error | Power On | NSS_Shutdown/FC_Finalize called | FC_Finalize returns CKR_OK |