canmove, Confirmed users
937
edits
FIPSFSM: Difference between revisions
Jump to navigation
Jump to search
→Finite State Model
| Line 2: | Line 2: | ||
==Finite State Model== | ==Finite State Model== | ||
The NSS cryptographic module is a shared library/DLL loaded by an application program on a host computer. When a program calls the <code>FC_Initialize</code> function of the NSS cryptographic module library, the state changes and power-up self-tests are performed. See [http://wiki.mozilla.org/Section_9:_Self_Tests Self Tests] for a description of the power-up self-tests. If the self-tests succeed, the library is considered initialized and the module enters the normal operational state. Refer to the tables below when studying this state transition diagram.<br> | We use an extended finite state model called '''Statecharts''' to specify the NSS cryptographic module. [http://www.wisdom.weizmann.ac.il/~harel/SCANNED.PAPERS/Statecharts.pdf Statecharts] was invented by David Harel to solve the state explosion problem of complex reactive systems. Statecharts extends the finite state model with two concepts: | ||
* '''Hierarchical substates''' represent a refinement of a state, exposing more details. | |||
* '''Concurrent substates''' represent concurrent subsystems that operate in parallel. | |||
Statecharts has been adopted in the [http://www.uml.org/ Unified Modeling Language (UML)]. | |||
The NSS cryptographic module is a shared library/DLL loaded by an application program on a host computer. The module has two modes of operation: non-FIPS Approved mode and FIPS Approved mode. The two modes of operation are independent of each other. They have their own copies of data structures and they are even allowed to be active at the same time. | |||
<div class=note>Only one of the two modes of operation may have the certificate and key databases open at any time.</div> | |||
In the Statecharts model of the module, the two modes are represented by the two concurrent substates inside the Power On state. '''The module is FIPS 140-2 compliant only if the non-FIPS Approved mode is inactive.''' | |||
When a program calls the <code>FC_Initialize</code> function of the NSS cryptographic module library, the state changes and power-up self-tests are performed. See [http://wiki.mozilla.org/Section_9:_Self_Tests Self Tests] for a description of the power-up self-tests. If the self-tests succeed, the library is considered initialized and the module enters the normal operational state. Refer to the tables below when studying this state transition diagram.<br> | |||
[[ Image:Fsm5.png ]] | [[ Image:Fsm5.png ]] | ||