FIPSFSM-FREEBL

From MozillaWiki
Jump to: navigation, search

This is a draft document.

Finite State Model

The state transition diagram of the NSS Freebl cryptographic module is shown below.

Fsm8-freebl.png

The NSS Freebl cryptographic module has two modes of operation: FIPS Approved mode and non-FIPS Approved mode. The FIPS Approved mode is of more interest to the FIPS 140-2 validation and it is therefore shown with more details. When a program calls the NSSLOW_Init function of the NSS Freebl cryptographic module library while the OS kernel is in FIPS mode, the state changes and power-up self-tests are performed. If the self-tests succeed, the library is considered initialized for the FIPS Approved mode and the module enters the normal operational state. Please refer to the tables below when studying this state transition diagram.

Recovery from error states: The NSS Freebl cryptographic module may only enter the Error state from the Power Self Test mode. The module can recover from the Error state by calling NSSLOW_Reset() on the init context.

Inclusive statement: The action of the finite state model as a result of all other combinations of data and control inputs is defined as follows.

  • If the data and control inputs are valid and the module performs the service successfully, the module outputs the requested data or status information.
  • If the data and control inputs are invalid or the module encounters an error (e.g., running out of memory) when performing a service, the module does not output any data and simply returns NULL.
  • Some control inputs cannot fail once the appropriate context has been acquired.

The module stays in the current state.

States

State Label

State Mnemonic

State Description

Distinct Indicator

1.X Power Off Host computer is powered off. The initial state. Host computer's power light is off.
1.A Inactive Host computer is up and running. Host computer's power light is on.
1.B Power Up Self Test NSS Freebl cryptographic module library initialization for the FIPS Approved mode has been initiated. This state performs library initialization, software integrity test, and power-up self-tests. The NSSLOW_Init call is executing while the OS kernel is in FIPS mode.
1.C FIPS active NSS Freebl cryptographic module library has been initialized for the FIPS Approved mode and its self-tests have passed. NSSLOWHASH_CreateContext is available. NSSLOWHASH_CreateContext can be executed.
2 Hash Services The operator has acquired a hash context from NSSLOWHASH_CreateContext. All services can be invoked.
3 Error The FIPS Approved mode of the NSS Freebl cryptographic module has failed a power-up or operator-initiated self-test. No cryptographic operations will be performed. Only NSSLOW_Init, NSSLOW_Reset and NSSLOW_Shutdown, can be invoked NSSLOWHASH_CreateContext fails with the error code SEC_ERROR_PKCS11_DEVICE_ERROR. All other functions require a context from NSSLOWHASH_CreateContext.
5.B Non-FIPS Mode The non-FIPS Approved mode of the NSS cryptographic module has been activated. This is a composite state whose substates are not relevant to FIPS 140-2. NSSLOW_Init has been called successfully while the OS kernel was in non-FIPS mode.

Transitions

Trans #

Current State

Next State

Input Event

Output Event

1.0 Power Off Inactive Host computer is powered up None
1.1 Inactive Power Up Self Test NSSLOW_Init called while the OS kernel is in FIPS mode Power-up self-tests initiated.
1.2 Power Up Self Test FIPS Active Successful library initialization, software integrity test, and power-up self-tests NSSLOW_Init sets the internal Boolean state variable post to true and returns an Init context.
1.3 Power Up Self Test Error Software integrity test or power-up self-test failure NSSLOW_Init sets the internal Boolean state variable post_failed to true and returns NULL.
1.4 FIPS Active Hash Services Hash context acquired NSSLOWHASH_CreateContext returns a valid hash context.
1.5 FIPS Active FIPS Active Hash context create failed NSSLOWHASH_CreateContext returns NULL.
1.6 FIPS Active Inactive NSSLOW_Reset called NSSLOW_Reset clears post and post_failed flags.
2.0 Hash Services FIPS Active NSSLOWHASH_Destroy<code> is called with hash context. Hash context is destroyed and no longer usable.
3.0 Error Inactive <code>NSSLOW_Reset called NSSLOW_Reset clears post and post_failed flags.
4.0 Any state other than "Power Off" Power Off Host computer is powered off None
5.1 Inactive Non-FIPS Mode NSSLOW_Init called while the OS kernel is in non-FIPS mode NSSLOW_Init sets the internal Boolean state variable post to true and returns an Init context.
5.2 Non-FIPS Mode Inactive NSSLOW_Reset called NSSLOW_Reset clears post and post_failed flags.