FIPS Operational Environment: Difference between revisions

Jump to navigation Jump to search

FIPS Operational Environment (view source)

Revision as of 22:28, 17 October 2006

211 bytes removed ,  17 October 2006
→‎Auditable Events
Line 196: Line 196:
* initialize or re-initialize the module, and
* initialize or re-initialize the module, and
* initialize the NSS User's password.
* initialize the NSS User's password.
Moreover, the operator assumes the crypto officer role implicitly when he performs a crypto officer function. No explicit request or authentication (beyond logging into the OS user account of the operator) is required.</div>
</div>


Every audit record contains the following information about the event:
Every audit record contains the following information about the event:
Line 262: Line 262:
** <code>FC_InitToken(slotID, pPin, ulPinLen, pLabel)</code>
** <code>FC_InitToken(slotID, pPin, ulPinLen, pLabel)</code>
*** If <code>slotID</code> is invalid, the return code is 0x00000003 (<code>CKR_SLOT_ID_INVALID</code>).
*** If <code>slotID</code> is invalid, the return code is 0x00000003 (<code>CKR_SLOT_ID_INVALID</code>).
*** The other input arguments are ignored. (The password of the Crypto Officer is not used because the module depends on the OS to authenticate the Crypto Officer and doesn't perform further authentication.)
*** The other input arguments are ignored. (<code>pPin</code> and <code>ulPinLen</code> specify the password of the PKCS #11 Security Officer, which is the empty string. Although the function doesn't verify the password, the empty string should be passed as the password.)
** <code>FC_InitPIN(hSession, pPin, ulPinLen)</code>
** <code>FC_InitPIN(hSession, pPin, ulPinLen)</code>
*** If <code>hSession</code> is invalid, the return code is 0x000000B3 (<code>CKR_SESSION_HANDLE_INVALID</code>).
*** If <code>hSession</code> is invalid, the return code is 0x000000B3 (<code>CKR_SESSION_HANDLE_INVALID</code>).
Line 293: Line 293:
*** "C_Logout(hSession=''<session handle>'')=''<return code>''"
*** "C_Logout(hSession=''<session handle>'')=''<return code>''"
* explicit requests to assume a crypto officer role
* explicit requests to assume a crypto officer role
** N/A. The crypto officer role is assumed implicitly when the operator performs crypto officer functions.
** <code>FC_Login</code> calls, described above.
* the allocation of a function to a crypto officer role
* the allocation of a function to a crypto officer role
** N/A. The functions allocated to the crypto officer role are fixed.
** N/A. The functions allocated to the crypto officer role are fixed.
Wtchang
canmove, Confirmed users
937

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/38066"

Navigation menu