ModuleInterfaces: Difference between revisions

ModuleInterfaces (view source)

492 bytes added , 21 May 2006

no edit summary

canmove, Confirmed users

937

edits

@@ Line 62: / Line 62: @@
 When the user is not logged in to the NSS module, all functions that use secret or private cryptographic keys, including those that output data via the data output interface, do nothing and return the CKR_USER_NOT_LOGGED_IN error code immediately.  Only the following functions may be called when the user is not logged in to the NSS module: FC_GetFunctionList, FC_Finalize, FC_GetInfo, FC_GetSlotList, FC_GetSlotInfo, FC_GetTokenInfo, FC_GetMechanismList, FC_GetMechanismInfo, FC_InitToken, FC_InitPIN, FC_OpenSession, FC_CloseSession, FC_CloseAllSessions, FC_GetSessionInfo, FC_Login, FC_DigestInit, FC_Digest, FC_DigestUpdate, FC_DigestFinal, FC_SeedRandom, FC_GenerateRandom, FC_GetOperationState, FC_SetOperationState, and FC_WaitForSlotEvent.
+== Disconnecting the Output Data Path From the Key Processes ==
+During key generation and key zeroization, the NSS module doesn't execute any "printf" or logging statement that outputs sensitive information. The NSS module doesn't return the function output arguments until key generation or key zeroization is finished. Therefore, the logical paths used by output data exiting the module are logically disconnected from the processes/threads performing key generation and key zeroization.