canmove, Confirmed users
937
edits
FIPSFSM: Difference between revisions
Jump to navigation
Jump to search
→States
(→States) |
|||
| Line 28: | Line 28: | ||
| Host computer is powered off. The initial state.|| Host computer's power light is off. | | Host computer is powered off. The initial state.|| Host computer's power light is off. | ||
|- | |- | ||
| 1. | | 1.Y|| Power On | ||
| Host computer is up and running.|| Host computer's power light is on. | | Host computer is up and running. This is a composite state with concurrent component state machines for the FIPS Approved mode and non-FIPS Approved mode.|| Host computer's power light is on. | ||
|- | |||
| 1.A|| Inactive | |||
| The FIPS Approved mode of the NSS cryptographic module is inactive.|| Only <code>FC_GetFunctionList</code> and <code>FC_Initialize</code> may be called. | |||
|- | |- | ||
| 1.B|| Power Up Self Test | | 1.B|| Power Up Self Test | ||
| NSS cryptographic module library initialization has been initiated. This state performs library initialization, software integrity test, and power-up self-tests.|| The <code>FC_Initialize</code> call is executing. | | NSS cryptographic module library initialization for the FIPS Approved mode has been initiated. This state performs library initialization, software integrity test, and power-up self-tests.|| The <code>FC_Initialize</code> call is executing. | ||
|- | |- | ||
| 1.C|| Public Services | | 1.C|| Public Services | ||
| NSS cryptographic module library has been initialized and its self-tests have passed. Services that do not require logging in to the module are available.|| Public services can be invoked. Private services fail with the error code <code>CKR_USER_NOT_LOGGED_IN</code>. | | NSS cryptographic module library has been initialized for the FIPS Approved mode and its self-tests have passed. Services that do not require logging in to the module are available.|| Public services can be invoked. Private services fail with the error code <code>CKR_USER_NOT_LOGGED_IN</code>. | ||
|- | |- | ||
| 2.A|| NSS User Services | | 2.A|| NSS User Services | ||
| Operator has successfully logged in to assume the NSS User role and has access to all the services provided by the NSS cryptographic module.|| All services can be invoked. | | Operator has successfully logged in to assume the NSS User role and has access to all the services provided by the FIPS Approved mode of the NSS cryptographic module.|| All services can be invoked. | ||
|- | |- | ||
| 2.B|| On Demand Self Test | | 2.B|| On Demand Self Test | ||
| Line 44: | Line 47: | ||
|- | |- | ||
| 3|| Error | | 3|| Error | ||
| The NSS cryptographic module either has failed a conditional test while performing a service or has failed a power-up or operator-initiated self-test. No further cryptographic operations will be performed.|| Only <code>FC_Finalize</code>, <code>FC_InitToken</code>, <code>FC_CloseSession</code>, <code>FC_CloseAllSessions</code>, <code>FC_WaitForSlotEvent</code>, and the "get info" functions (<code>FC_GetFunctionList</code>, <code>FC_GetInfo</code>, <code>FC_GetSlotList</code>, <code>FC_GetSlotInfo</code>, and <code>FC_GetTokenInfo</code>) can be invoked. <code>FC_Initialize</code> fails with the error code <code>CKR_CRYPTOKI_ALREADY_INITIALIZED</code>. All other functions fail with the error code <code>CKR_DEVICE_ERROR</code>. | | The FIPS Approved mode of the NSS cryptographic module either has failed a conditional test while performing a service or has failed a power-up or operator-initiated self-test. No further cryptographic operations will be performed.|| Only <code>FC_Finalize</code>, <code>FC_InitToken</code>, <code>FC_CloseSession</code>, <code>FC_CloseAllSessions</code>, <code>FC_WaitForSlotEvent</code>, and the "get info" functions (<code>FC_GetFunctionList</code>, <code>FC_GetInfo</code>, <code>FC_GetSlotList</code>, <code>FC_GetSlotInfo</code>, and <code>FC_GetTokenInfo</code>) can be invoked. <code>FC_Initialize</code> fails with the error code <code>CKR_CRYPTOKI_ALREADY_INITIALIZED</code>. All other functions fail with the error code <code>CKR_DEVICE_ERROR</code>. | ||
|- | |||
| 5.A|| Inactive | |||
| The non-FIPS Approved mode of the NSS cryptographic module is inactive.|| Only <code>NSC_GetFunctionList</code> and <code>NSC_Initialize</code> may be called. | |||
|- | |||
| 5.B|| Activated | |||
| The non-FIPS Approved mode of the NSS cryptographic module has been activated.|| All <code>NSC_xxx</code> functions may be called. | |||
|} | |} | ||