manpagez: man pages & more
info gcrypt
Home | html | info | man
[ << ] [ < ] [ Up ] [ > ] [ >> ]         [Top] [Contents] [Index] [ ? ]

B.2 FIPS Finite State Machine

The FIPS mode of libgcrypt implements a finite state machine (FSM) using 8 states (see Table B.1) and checks at runtime that only valid transitions (see Table B.2) may happen.

FIPS FSM Diagram

Figure B.1: FIPS mode state diagram

States used by the FIPS FSM:


Libgcrypt is not runtime linked to another application. This usually means that the library is not loaded into main memory. This state is documentation only.


Libgcrypt is loaded into memory and API calls may be made. Compiler introduced constructor functions may be run. Note that Libgcrypt does not implement any arbitrary constructor functions to be called by the operating system


The Libgcrypt initialization functions are performed and the library has not yet run any self-test.


Libgcrypt is performing self-tests.


Libgcrypt is in the operational state and all interfaces may be used.


Libgrypt is in the error state. When calling any FIPS relevant interfaces they either return an error (GPG_ERR_NOT_OPERATIONAL) or put Libgcrypt into the Fatal-Error state and won’t return.


Libgcrypt is in a non-recoverable error state and will automatically transit into the Shutdown state.


Libgcrypt is about to be terminated and removed from the memory. The application may at this point still running cleanup handlers.

Table B.1: FIPS mode states

The valid state transitions (see Figure B.1) are:


Power-Off to Power-On is implicitly done by the OS loading Libgcrypt as a shared library and having it linked to an application.


Power-On to Init is triggered by the application calling the Libgcrypt initialization function gcry_check_version.


Init to Self-Test is either triggered by a dedicated API call or implicit by invoking a libgrypt service controlled by the FSM.


Self-Test to Operational is triggered after all self-tests passed successfully.


Operational to Shutdown is an artificial state without any direct action in Libgcrypt. When reaching the Shutdown state the library is deinitialized and can’t return to any other state again.


Shutdown to Power-off is the process of removing Libgcrypt from the computer’s memory. For obvious reasons the Power-Off state can’t be represented within Libgcrypt and thus this transition is for documentation only.


Operational to Error is triggered if Libgcrypt detected an application error which can’t be returned to the caller but still allows Libgcrypt to properly run. In the Error state all FIPS relevant interfaces return an error code.


Error to Shutdown is similar to the Operational to Shutdown transition (5).


Error to Fatal-Error is triggered if Libgrypt detects an fatal error while already being in Error state.


Fatal-Error to Shutdown is automatically entered by Libgcrypt after having reported the error.


Power-On to Shutdown is an artificial state to document that Libgcrypt has not ye been initialized but the process is about to terminate.


Power-On to Fatal-Error will be triggered if certain Libgcrypt functions are used without having reached the Init state.


Self-Test to Fatal-Error is triggered by severe errors in Libgcrypt while running self-tests.


Self-Test to Error is triggered by a failed self-test.


Operational to Fatal-Error is triggered if Libcrypt encountered a non-recoverable error.


Operational to Self-Test is triggered if the application requested to run the self-tests again.


Error to Self-Test is triggered if the application has requested to run self-tests to get to get back into operational state after an error.


Init to Error is triggered by errors in the initialization code.


Init to Fatal-Error is triggered by non-recoverable errors in the initialization code.


Error to Error is triggered by errors while already in the Error state.

Table B.2: FIPS mode state transitions

[ << ] [ < ] [ Up ] [ > ] [ >> ]         [Top] [Contents] [Index] [ ? ]

This document was generated on February 9, 2014 using texi2html 5.0.

© 2000-2023
Individual documents may contain additional copyright information.