ModuleInterfaces: Difference between revisions

Jump to navigation Jump to search
no edit summary
No edit summary
Line 46: Line 46:
=== JAR===
=== JAR===
Signed object interface. Not part of cryptographic boundary.
Signed object interface. Not part of cryptographic boundary.
== Inhibition of Data Output ==
All data output via the data output interface is inhibited when the NSS module is in the fatal error state or performing self-tests.
=== In Error State ===
When the NSS module is in the fatal error state, most PKCS #11 functions, including all the functions that output data via the data output interface, do nothing and return the CKR_DEVICE_ERROR error code immediately. Only the functions that shut down and restart the module, reinitialize the module, or output status information can be invoked in the fatal error state: FC_GetFunctionList, FC_Initialize, FC_Finalize, FC_GetInfo, FC_GetSlotList, FC_GetSlotInfo, FC_GetTokenInfo, FC_InitToken, FC_CloseSession, FC_CloseAllSessions, and FC_WaitForSlotEvent.
=== During Self-Tests ===
The NSS module performs power-up self-tests in FC_Initialize and FC_Login.
FC_GetFunctionList is the only function that may be called before the NSS module is "powered up" (i.e., before FC_Initialize is called).
The following functions are the only functions that may be called when the user is not logged in to the NSS module: FC_GetFunctionList, FC_Finalize, FC_GetInfo, FC_GetSlotList, FC_GetSlotInfo, FC_GetTokenInfo, FC_GetMechanismList, FC_GetMechanismInfo, FC_InitToken, FC_InitPIN, FC_OpenSession, FC_CloseSession, FC_CloseAllSessions, FC_GetSessionInfo, FC_Login, FC_DigestInit, FC_Digest, FC_DigestUpdate, FC_DigestFinal, FC_SeedRandom, FC_GenerateRandom, FC_GetOperationState, FC_SetOperationState, and FC_WaitForSlotEvent. None of these functions output data via the data output interface. All other functions do nothing and return the CKR_USER_NOT_LOGGED_IN error code immediately.
canmove, Confirmed users
937

edits

Navigation menu