FIPSFSM
This is a draft document.
Finite State Model
The NSS cryptographic module is a shared library/DLL loaded by an application program on a host computer. When a program calls the FC_Initialize function of the NSS cryptographic module library, the state changes and power-up self-tests are performed. See Self Tests for a description of the power-up self-tests. If the self-tests succeed, the library is considered initialized and the module enters the normal operational state. Refer to the tables below when studying this state transition diagram.
Recovery from error states: If the module ever enters the Error state, the NSS cryptographic module library needs to be shut down (transition 3.0) and reinitialized (transition 1.1).
Inclusive statement: The action of the finite state model as a result of all other combinations of data and control inputs is defined as follows.
- If the data and control inputs are valid and the module performs the service successfully, the module outputs the requested data or status information and returns
CKR_OK. - If the data and control inputs are invalid or the module encounters an error (e.g., running out of memory) when performing a service, the module does not output any data and simply returns an appropriate error code (e.g.,
CKR_HOST_MEMORY,CKR_TOKEN_WRITE_PROTECTED,CKR_TEMPLATE_INCOMPLETE, orCKR_ATTRIBUTE_VALUE_INVALID).
The module stays in the current state.
States
|
State Label |
State Mnemonic |
State Description |
Distinct Indicator |
|---|---|---|---|
| 1.X | Power Off | Host computer is powered off. The initial state. | Host computer's power light is off. |
| 1.Y | Power On | Host computer is up and running. This is a composite state with concurrent component state machines (separated by the dotted line) for the FIPS Approved mode and non-FIPS Approved mode. | Host computer's power light is on. |
| 1.A | Inactive | The FIPS Approved mode of the NSS cryptographic module is inactive. | Only FC_GetFunctionList and FC_Initialize may be called.
|
| 1.B | Power Up Self Test | NSS cryptographic module library initialization for the FIPS Approved mode has been initiated. This state performs library initialization, software integrity test, and power-up self-tests. | The FC_Initialize call is executing.
|
| 1.C | Public Services | NSS cryptographic module library has been initialized for the FIPS Approved mode and its self-tests have passed. Services that do not require logging in to the module are available. | Public services can be invoked. Private services fail with the error code CKR_USER_NOT_LOGGED_IN.
|
| 2.A | NSS User Services | Operator has successfully logged in to assume the NSS User role and has access to all the services provided by the FIPS Approved mode of the NSS cryptographic module. | All services can be invoked. |
| 2.B | On Demand Self Test | Operator requested self-tests are being run. | The FC_Login call is executing.
|
| 3 | Error | The FIPS Approved mode of the NSS cryptographic module either has failed a conditional test while performing a service or has failed a power-up or operator-initiated self-test. No further cryptographic operations will be performed. | Only FC_Finalize, FC_InitToken, FC_CloseSession, FC_CloseAllSessions, FC_WaitForSlotEvent, and the "get info" functions (FC_GetFunctionList, FC_GetInfo, FC_GetSlotList, FC_GetSlotInfo, and FC_GetTokenInfo) can be invoked. FC_Initialize fails with the error code CKR_CRYPTOKI_ALREADY_INITIALIZED. All other functions fail with the error code CKR_DEVICE_ERROR.
|
| 5.A | Inactive | The non-FIPS Approved mode of the NSS cryptographic module is inactive. | Only NSC_GetFunctionList and NSC_Initialize may be called.
|
| 5.B | Activated | The non-FIPS Approved mode of the NSS cryptographic module has been activated. This is a composite state whose substates are not relevant to FIPS 140-2. | All NSC_xxx functions may be called.
|
Transitions
|
Trans # |
Current State |
Next State |
Input Event |
Output Event |
|---|---|---|---|---|
| 1.0 | Power Off | Power On | Host computer is powered up | None |
| 1.1 | Power On | Power Up Self Test | FC_Initialize called |
Power-up self-tests initiated |
| 1.2 | Power Up Self Test | Public Services | Successful library initialization, software integrity test, and power-up self-tests | FC_Initialize sets the internal Boolean state variable fatalError to false and returns CKR_OK
|
| 1.3 | Power Up Self Test | Error | Software integrity test or power-up self-test failure | FC_Initialize sets the internal Boolean state variable fatalError to true and returns CKR_DEVICE_ERROR
|
| 1.4 | Public Services | Error | Conditional self-test (continuous random number generator test) failed while performing a service (random number generation) | The function (FC_SeedRandom or FC_GenerateRandom) sets the internal Boolean state variable fatalError to true and returns CKR_DEVICE_ERROR
|
| 1.5 | Public Services | NSS User Services | User login succeeded | FC_Login sets the internal Boolean state variable isLoggedIn to true and returns CKR_OK
|
| 1.6 | Public Services | Public Services | User login failed | FC_Login returns a nonzero error code (e.g., CKR_PIN_INCORRECT)
|
| 1.7 | Public Services | Power On | FC_Finalize called |
FC_Finalize returns CKR_OK
|
| 2.1 | NSS User Services | Public Services | User logout requested | FC_Logout sets the internal Boolean state variable isLoggedIn to false and returns CKR_OK
|
| 2.2 | NSS User Services | On Demand Self Test | On-demand self-test requested with a FC_Login call |
Self-tests initiated |
| 2.3 | On Demand Self Test | NSS User Services | On-demand self-test passed | FC_Login returns CKR_USER_ALREADY_LOGGED_IN
|
| 2.4 | On Demand Self Test | Error | On-demand self-test failed | FC_Login sets the internal Boolean state variable fatalError to true and returns CKR_DEVICE_ERROR
|
| 2.5 | NSS User Services | Power On | FC_Finalize called |
FC_Finalize returns CKR_OK
|
| 2.6 | NSS User Services | Error | Conditional self-test (continuous random number generator test or pair-wise consistency test) failed while performing a service (random number generation or key pair generation) | The function (FC_SeedRandom, FC_GenerateRandom, or FC_GenerateKeyPair) sets the internal Boolean state variable fatalError to true and returns CKR_DEVICE_ERROR or CKR_GENERAL_ERROR
|
| 3.0 | Error | Power On | FC_Finalize called |
FC_Finalize returns CKR_OK
|
| 4.0 | Power On | Power Off | Host computer is powered off | None |