FIPSFSM: Difference between revisions

The state transition diagram of the NSS cryptographic module is shown below as a UML Statechart.

The NSS cryptographic module has two modes of operation: FIPS Approved mode and non-FIPS Approved mode. The two modes of operation are independent of each other -- they have their own copies of data structures and they are even allowed to be active at the same time. The two modes are represented by the two concurrent substates inside the Power On composite state. '''The module is FIPS 140-2 compliant only when the non-FIPS Approved mode is inactive (in state 5.A).''' The FIPS Approved mode on the left hand side is of more interest to the FIPS 140-2 validation and it is therefore shown with more details. When a program calls the <code>FC_Initialize</code> function of the NSS cryptographic module library, the state changes and power-up self-tests are performed. See [http://wiki.mozilla.org/Section_9:_Self_Tests Self Tests] for a description of the power-up self-tests. If the self-tests succeed, the library is considered initialized for the FIPS Approved mode and the module enters the normal operational state. Please refer to the tables below when studying this state transition diagram.