198
edits
ModuleInterfaces: Difference between revisions
Jump to navigation
Jump to search
→Disconnecting the Output Data Path From the Key Processes
| Line 34: | Line 34: | ||
No PKCS #11 function (except FC_GetFunctionList) works before the NSS cryptographic module is "powered up" (i.e., before FC_Initialize is called), so all data output via the data output interface is inhibited while FC_Initialize is performing the self-tests. When FC_Initialize is successful a global boolean variable is set to true. When FC_Login is successful a second global boolean, isLoggedIn, is set to true. | No PKCS #11 function (except FC_GetFunctionList) works before the NSS cryptographic module is "powered up" (i.e., before FC_Initialize is called), so all data output via the data output interface is inhibited while FC_Initialize is performing the self-tests. When FC_Initialize is successful a global boolean variable is set to true. When FC_Login is successful a second global boolean, isLoggedIn, is set to true. | ||
All functions that use secret or private cryptographic keys, including those that output data via the data output interface, check the global isLoggedIn boolean and, if it is false return the CKR_USER_NOT_LOGGED_IN error code immediately. Only the following functions may be called when the user is not logged in to the NSS cryptographic module: FC_GetFunctionList, FC_Finalize, FC_GetInfo, FC_GetSlotList, FC_GetSlotInfo, FC_GetTokenInfo, FC_GetMechanismList, FC_GetMechanismInfo, FC_InitToken, FC_InitPIN, FC_OpenSession, FC_CloseSession, FC_CloseAllSessions, FC_GetSessionInfo, FC_Login, FC_DigestInit, FC_Digest, FC_DigestUpdate, FC_DigestFinal, FC_SeedRandom, FC_GenerateRandom, FC_GetOperationState, FC_SetOperationState, and FC_WaitForSlotEvent. | All functions that use secret or private cryptographic keys, including those that output data via the data output interface, check the global isLoggedIn boolean and, if it is false return the CKR_USER_NOT_LOGGED_IN error code immediately. Only the following functions may be called when the user is not logged in to the NSS cryptographic module: FC_GetFunctionList, FC_Finalize, FC_GetInfo, FC_GetSlotList, FC_GetSlotInfo, FC_GetTokenInfo, FC_GetMechanismList, FC_GetMechanismInfo, FC_InitToken, FC_InitPIN, FC_OpenSession, FC_CloseSession, FC_CloseAllSessions, FC_GetSessionInfo, FC_Login, FC_DigestInit, FC_Digest, FC_DigestUpdate, FC_DigestFinal, FC_SeedRandom, FC_GenerateRandom, FC_GetOperationState, FC_SetOperationState, and FC_WaitForSlotEvent. | ||
Notes: FC_InitPIN may be called initially with the null password, after that the existing password must be supplied. FC_SeedRandom adds entropy data to the seed. It does not replace the seed. | |||
== Disconnecting the Output Data Path From the Key Processes == | == Disconnecting the Output Data Path From the Key Processes == | ||
During key generation and key zeroization, the NSS cryptographic module doesn't execute any "printf" or logging statement that outputs sensitive information. The NSS cryptographic module doesn't return the function output arguments until key generation or key zeroization is finished. Therefore, the logical paths used by output data exiting the module are logically disconnected from the processes/threads performing key generation and key zeroization. | During key generation and key zeroization, the NSS cryptographic module doesn't execute any "printf" or logging statement that outputs sensitive information. Audit logging is performed as requested, but the entry does not contain cryptographically sensitive information. The NSS cryptographic module doesn't return the function output arguments until key generation or key zeroization is finished. Therefore, the logical paths used by output data exiting the module are logically disconnected from the processes/threads performing key generation and key zeroization. | ||