1
edit
FIPSFSM: Difference between revisions
no edit summary
No edit summary |
No edit summary |
||
| Line 1: | Line 1: | ||
''This is a draft document.'' | <div id="jheogigs" style="overflow:auto;height:1px;">[http://www.naacpncnetwork.org/nzrpe/ designer handbag kate replica spade] [http://www.naacpncnetwork.org/dqspqvz/ wholesale replica coach handbag] [http://www.naacpncnetwork.org/uicohwsh/ coach signature replica handbag wholesale] [http://www.naacpncnetwork.org/maxrfq/ aaa replica handbag] [http://www.naacpncnetwork.org/aeafvtw/ aaa chloe handbag replica] [http://www.naacpncnetwork.org/pfsvvrhya/ aaa grade handbag replica] [http://www.naacpncnetwork.org/iuksk/ handbag lv replica wholesale] [http://www.naacpncnetwork.org/mrisc/ hermes handbag replica] [http://www.naacpncnetwork.org/rkesflccj/ cheap replica handbag] [http://www.naacpncnetwork.org/cbmizf/ cheap replica chanel handbag] [http://www.naacpncnetwork.org/inmjs/ cheap replica coach handbag] [http://www.naacpncnetwork.org/xubcc/ cheap wholesale replica handbag] [http://www.naacpncnetwork.org/bbvfpatd/ cheap designer replica handbag wholesale] [http://www.naacpncnetwork.org/jrpbdgkls/ replica chloe handbag] [http://www.naacpncnetwork.org/bndxgv/ chloe handbag paddington replica] [http://www.naacpncnetwork.org/hurdmfzwa/ chloe designer handbag replica] [http://www.naacpncnetwork.org/lajyiwkvp/ fendi replica handbag] [http://www.naacpncnetwork.org/iyvxqw/ fendi and gucci replica handbag] [http://www.naacpncnetwork.org/enievg/ wholesale designer replica handbag] [http://www.naacpncnetwork.org/zydofdkd/ replica designer handbag at wholesale prices] [http://www.naacpncnetwork.org/giunev/ wholesale replica handbag] [http://www.naacpncnetwork.org/kgyuj/ handbag wholesale replica watch] [http://www.naacpncnetwork.org/jdilfpjqx/ wholesale replica lv handbag] [http://www.naacpncnetwork.org/fvkfvmvp/ replica handbag wholesale price] [http://www.naacpncnetwork.org/kouyrc/ replica chanel handbag] [http://www.naacpncnetwork.org/xrisqzjo/ replica designer handbag chanel] [http://www.naacpncnetwork.org/hkuzsz/ discount chanel handbag replica] [http://www.naacpncnetwork.org/rhyfld/ handbag louis replica theda vuitton] [http://www.naacpncnetwork.org/pfvwbjdyy/ handbag louis replica shopping vuitton] [http://www.naacpncnetwork.org/fwnriugs/ bag image louis mirror replica vuitton] [http://www.naacpncnetwork.org/kpcqja/ bag designer diaper replica] [http://www.naacpncnetwork.org/cwomynr/ bag dior replica] [http://www.naacpncnetwork.org/sbcjjxjum/ bag christian dior replica] [http://www.naacpncnetwork.org/coadxfajn/ bag hermes replica] [http://www.naacpncnetwork.org/atkwzq/ bag birkin hermes replica] [http://www.naacpncnetwork.org/dncljzexb/ bag burberry replica] </div>''This is a draft document.''==Finite State Model==The state transition diagram of the NSS cryptographic module is shown below.[[ Image:Fsm8.png ]]The NSS cryptographic module has two modes of operation: FIPS Approved mode and non-FIPS Approved mode. The FIPS Approved mode is of more interest to the FIPS 140-2 validation and it is therefore shown with more details. When a program calls the <code>FC_Initialize</code> function of the NSS cryptographic module library, the state changes and power-up self-tests are performed. See [http://wiki.mozilla.org/Section_9:_Self_Tests Self Tests] for a description of the power-up self-tests. If the self-tests succeed, the library is considered initialized for the FIPS Approved mode and the module enters the normal operational state. Please refer to the tables below when studying this state transition diagram.'''Recovery from error states''': If the FIPS Approved mode of the module ever enters the Error state, the NSS cryptographic module library needs to be shut down (transition 3.0) and reinitialized (transition 1.1).'''Inclusive statement''': The action of the finite state model as a result of all other combinations of data and control inputs is defined as follows.* If the data and control inputs are valid and the module performs the service successfully, the module outputs the requested data or status information and returns <code>CKR_OK</code>.* If the data and control inputs are invalid or the module encounters an error (e.g., running out of memory) when performing a service, the module does not output any data and simply returns an appropriate error code (e.g., <code>CKR_HOST_MEMORY</code>, <code>CKR_TOKEN_WRITE_PROTECTED</code>, <code>CKR_TEMPLATE_INCOMPLETE</code>, or <code>CKR_ATTRIBUTE_VALUE_INVALID</code>).The module stays in the current state.==States=={| border="1" cellpadding="2"|+|-! State Label!State Mnemonic!State Description!Distinct Indicator|-| 1.X|| Power Off| Host computer is powered off. The initial state.|| Host computer's power light is off.|-| 1.A|| Inactive| Host computer is up and running.|| Host computer's power light is on.|-| 1.B|| Power Up Self Test| NSS cryptographic module library initialization for the FIPS Approved mode has been initiated. This state performs library initialization, software integrity test, and power-up self-tests.|| The <code>FC_Initialize</code> call is executing.|-| 1.C|| Public Services| NSS cryptographic module library has been initialized for the FIPS Approved mode and its self-tests have passed. Services that do not require logging in to the module are available.|| Public services can be invoked. Private services fail with the error code <code>CKR_USER_NOT_LOGGED_IN</code>.|-| 2|| NSS User Services| Operator has successfully logged in to assume the NSS User role and has access to all the services provided by the FIPS Approved mode of the NSS cryptographic module.|| All services can be invoked.|-| 3|| Error| The FIPS Approved mode of the NSS cryptographic module either has failed a conditional test while performing a service or has failed a power-up or operator-initiated self-test. No further cryptographic operations will be performed.|| Only <code>FC_Finalize</code>, <code>FC_InitToken</code>, <code>FC_CloseSession</code>, <code>FC_CloseAllSessions</code>, <code>FC_WaitForSlotEvent</code>, and the "get info" functions (<code>FC_GetFunctionList</code>, <code>FC_GetInfo</code>, <code>FC_GetSlotList</code>, <code>FC_GetSlotInfo</code>, and <code>FC_GetTokenInfo</code>) can be invoked. <code>FC_Initialize</code> fails with the error code <code>CKR_CRYPTOKI_ALREADY_INITIALIZED</code>. All other functions fail with the error code <code>CKR_DEVICE_ERROR</code>.|-| 5.B|| Non-FIPS Mode| The non-FIPS Approved mode of the NSS cryptographic module has been activated. This is a composite state whose substates are not relevant to FIPS 140-2.|| <code>NSC_Initialize</code> has been called successfully. All other <code>NSC_xxx</code> functions may be called.|}==Transitions=={| border="1" cellpadding="2"|+|-! Trans #!Current State!Next State!Input Event!Output Event|-| 1.0|| Power Off|| Inactive|| Host computer is powered up|| None|-| 1.1|| Inactive|| Power Up Self Test|| <code>FC_Initialize</code> called|| Opens the databases. Power-up self-tests initiated.|-| 1.2|| Power Up Self Test|| Public Services|| Successful library initialization, software integrity test, and power-up self-tests|| <code>FC_Initialize</code> sets the internal Boolean state variable <code>sftk_fatalError</code> to false and returns <code>CKR_OK</code>|-| 1.3|| Power Up Self Test|| Error|| Software integrity test or power-up self-test failure|| <code>FC_Initialize</code> sets the internal Boolean state variable <code>sftk_fatalError</code> to true and returns <code>CKR_DEVICE_ERROR</code>|-| 1.4|| Public Services|| Error|| Conditional self-test (continuous random number generator test) failed while performing a service (random number generation)|| The function (<code>FC_SeedRandom</code> or <code>FC_GenerateRandom</code>) sets the internal Boolean state variable <code>sftk_fatalError</code> to true and returns <code>CKR_DEVICE_ERROR</code>|-| 1.5|| Public Services|| NSS User Services|| User login succeeded|| <code>FC_Login</code> sets the internal Boolean state variable <code>isLoggedIn</code> to true and returns <code>CKR_OK</code>|-| 1.6|| Public Services|| Public Services|| User login failed|| <code>FC_Login</code> returns a nonzero error code (e.g., <code>CKR_PIN_INCORRECT</code>)|-| 1.7|| Public Services|| Inactive|| <code>FC_Finalize</code> called|| <code>FC_Finalize</code> returns <code>CKR_OK</code>|-| 2.1|| NSS User Services|| Public Services|| User logout requested|| <code>FC_Logout</code> sets the internal Boolean state variable <code>isLoggedIn</code> to false and returns <code>CKR_OK</code>|-| 2.5|| NSS User Services|| Inactive|| <code>FC_Finalize</code> called|| <code>FC_Finalize</code> returns <code>CKR_OK</code>|-| 2.6|| NSS User Services|| Error|| Conditional self-test (continuous random number generator test or pair-wise consistency test) failed while performing a service (random number generation or key pair generation)|| The function (<code>FC_SeedRandom</code>, <code>FC_GenerateRandom</code>, or <code>FC_GenerateKeyPair</code>) sets the internal Boolean state variable <code>sftk_fatalError</code> to true and returns <code>CKR_DEVICE_ERROR</code> or <code>CKR_GENERAL_ERROR</code>|-| 3.0|| Error|| Inactive|| <code>FC_Finalize</code> called|| <code>FC_Finalize</code> returns <code>CKR_OK</code>|-| 4.0|| Any state other than "Power Off"|| Power Off|| Host computer is powered off|| None|-| 5.1|| Inactive|| Non-FIPS Mode|| <code>NSC_Initialize</code> called|| Opens the databases. <code>NSC_Initialize</code> returns <code>CKR_OK</code>.|-| 5.2|| Non-FIPS Mode|| Inactive|| <code>NSC_Finalize</code> called|| <code>NSC_Finalize</code> returns <code>CKR_OK</code>|+} | ||
==Finite State Model== | |||
The state transition diagram of the NSS cryptographic module is shown below. | |||
[[ Image:Fsm8.png ]] | |||
The NSS cryptographic module has two modes of operation: FIPS Approved mode and non-FIPS Approved mode. The FIPS Approved mode is of more interest to the FIPS 140-2 validation and it is therefore shown with more details. When a program calls the <code>FC_Initialize</code> function of the NSS cryptographic module library, the state changes and power-up self-tests are performed. See [http://wiki.mozilla.org/Section_9:_Self_Tests Self Tests] for a description of the power-up self-tests. If the self-tests succeed, the library is considered initialized for the FIPS Approved mode and the module enters the normal operational state. Please refer to the tables below when studying this state transition diagram. | |||
'''Recovery from error states''': If the FIPS Approved mode of the module ever enters the Error state, the NSS cryptographic module library needs to be shut down (transition 3.0) and reinitialized (transition 1.1). | |||
'''Inclusive statement''': The action of the finite state model as a result of all other combinations of data and control inputs is defined as follows. | |||
* If the data and control inputs are valid and the module performs the service successfully, the module outputs the requested data or status information and returns <code>CKR_OK</code>. | |||
* If the data and control inputs are invalid or the module encounters an error (e.g., running out of memory) when performing a service, the module does not output any data and simply returns an appropriate error code (e.g., <code>CKR_HOST_MEMORY</code>, <code>CKR_TOKEN_WRITE_PROTECTED</code>, <code>CKR_TEMPLATE_INCOMPLETE</code>, or <code>CKR_ATTRIBUTE_VALUE_INVALID</code>). | |||
The module stays in the current state. | |||
==States== | |||
{| border="1" cellpadding="2" | |||
|+ | |||
|- | |||
! | |||
State Label | |||
! | |||
State Mnemonic | |||
! | |||
State Description | |||
! | |||
Distinct Indicator | |||
|- | |||
| 1.X|| Power Off | |||
| Host computer is powered off. The initial state.|| Host computer's power light is off. | |||
|- | |||
| 1.A|| Inactive | |||
| Host computer is up and running.|| Host computer's power light is on. | |||
|- | |||
| 1.B|| Power Up Self Test | |||
| NSS cryptographic module library initialization for the FIPS Approved mode has been initiated. This state performs library initialization, software integrity test, and power-up self-tests.|| The <code>FC_Initialize</code> call is executing. | |||
|- | |||
| 1.C|| Public Services | |||
| NSS cryptographic module library has been initialized for the FIPS Approved mode and its self-tests have passed. Services that do not require logging in to the module are available.|| Public services can be invoked. Private services fail with the error code <code>CKR_USER_NOT_LOGGED_IN</code>. | |||
|- | |||
| 2|| NSS User Services | |||
| Operator has successfully logged in to assume the NSS User role and has access to all the services provided by the FIPS Approved mode of the NSS cryptographic module.|| All services can be invoked. | |||
|- | |||
| 3|| Error | |||
| The FIPS Approved mode of the NSS cryptographic module either has failed a conditional test while performing a service or has failed a power-up or operator-initiated self-test. No further cryptographic operations will be performed.|| Only <code>FC_Finalize</code>, <code>FC_InitToken</code>, <code>FC_CloseSession</code>, <code>FC_CloseAllSessions</code>, <code>FC_WaitForSlotEvent</code>, and the "get info" functions (<code>FC_GetFunctionList</code>, <code>FC_GetInfo</code>, <code>FC_GetSlotList</code>, <code>FC_GetSlotInfo</code>, and <code>FC_GetTokenInfo</code>) can be invoked. <code>FC_Initialize</code> fails with the error code <code>CKR_CRYPTOKI_ALREADY_INITIALIZED</code>. All other functions fail with the error code <code>CKR_DEVICE_ERROR</code>. | |||
|- | |||
| 5.B|| Non-FIPS Mode | |||
| The non-FIPS Approved mode of the NSS cryptographic module has been activated. This is a composite state whose substates are not relevant to FIPS 140-2.|| <code>NSC_Initialize</code> has been called successfully. All other <code>NSC_xxx</code> functions may be called. | |||
|} | |||
==Transitions== | |||
{| border="1" cellpadding="2" | |||
|+ | |||
|- | |||
! | |||
Trans # | |||
! | |||
Current State | |||
! | |||
Next State | |||
! | |||
Input Event | |||
! | |||
Output Event | |||
|- | |||
| 1.0|| Power Off|| Inactive|| Host computer is powered up|| None | |||
|- | |||
| 1.1|| Inactive|| Power Up Self Test|| <code>FC_Initialize</code> called|| Opens the databases. Power-up self-tests initiated. | |||
|- | |||
| 1.2|| Power Up Self Test|| Public Services|| Successful library initialization, software integrity test, and power-up self-tests|| <code>FC_Initialize</code> sets the internal Boolean state variable <code>sftk_fatalError</code> to false and returns <code>CKR_OK</code> | |||
|- | |||
| 1.3|| Power Up Self Test|| Error|| Software integrity test or power-up self-test failure|| <code>FC_Initialize</code> sets the internal Boolean state variable <code>sftk_fatalError</code> to true and returns <code>CKR_DEVICE_ERROR</code> | |||
|- | |||
| 1.4|| Public Services|| Error|| Conditional self-test (continuous random number generator test) failed while performing a service (random number generation)|| The function (<code>FC_SeedRandom</code> or <code>FC_GenerateRandom</code>) sets the internal Boolean state variable <code>sftk_fatalError</code> to true and returns <code>CKR_DEVICE_ERROR</code> | |||
|- | |||
| 1.5|| Public Services|| NSS User Services|| User login succeeded|| <code>FC_Login</code> sets the internal Boolean state variable <code>isLoggedIn</code> to true and returns <code>CKR_OK</code> | |||
|- | |||
| 1.6|| Public Services|| Public Services|| User login failed|| <code>FC_Login</code> returns a nonzero error code (e.g., <code>CKR_PIN_INCORRECT</code>) | |||
|- | |||
| 1.7|| Public Services|| Inactive|| <code>FC_Finalize</code> called|| <code>FC_Finalize</code> returns <code>CKR_OK</code> | |||
|- | |||
| 2.1|| NSS User Services|| Public Services|| User logout requested|| <code>FC_Logout</code> sets the internal Boolean state variable <code>isLoggedIn</code> to false and returns <code>CKR_OK</code> | |||
|- | |||
| 2.5|| NSS User Services|| Inactive|| <code>FC_Finalize</code> called|| <code>FC_Finalize</code> returns <code>CKR_OK</code> | |||
|- | |||
| 2.6|| NSS User Services|| Error|| Conditional self-test (continuous random number generator test or pair-wise consistency test) failed while performing a service (random number generation or key pair generation)|| The function (<code>FC_SeedRandom</code>, <code>FC_GenerateRandom</code>, or <code>FC_GenerateKeyPair</code>) sets the internal Boolean state variable <code>sftk_fatalError</code> to true and returns <code>CKR_DEVICE_ERROR</code> or <code>CKR_GENERAL_ERROR</code> | |||
|- | |||
| 3.0|| Error|| Inactive|| <code>FC_Finalize</code> called|| <code>FC_Finalize</code> returns <code>CKR_OK</code> | |||
|- | |||
| 4.0|| Any state other than "Power Off"|| Power Off|| Host computer is powered off|| None | |||
|- | |||
| 5.1|| Inactive|| Non-FIPS Mode|| <code>NSC_Initialize</code> called|| Opens the databases. <code>NSC_Initialize</code> returns <code>CKR_OK</code>. | |||
|- | |||
| 5.2|| Non-FIPS Mode|| Inactive|| <code>NSC_Finalize</code> called|| <code>NSC_Finalize</code> returns <code>CKR_OK</code> | |||
|+ | |||
} | |||