Skip to content

Latest commit

 

History

History
62 lines (43 loc) · 2.88 KB

README.md

File metadata and controls

62 lines (43 loc) · 2.88 KB

Certification Path Validation Test Tool (CPT) - Test Tool for Native Library Tests

This project provides a supplementary tool for the application of the Certification Path Validation Test Tool (CPT). The CPT is a tool for the creation of X.509 certificates and CRLs for testing purposes. It comes with a test suite that verifies the correctness of implementations of the certification path validation based on the requirements laid down in RFC 5280.

With this program, the certification path validation of C/C++ cryptographic libraries can be tested using the X.509 certificates and CRLs generated by the CPT. The tool implements tests for Botan, mbedTLS, and OpenSSL but can be easily extended to other libraries. The usage of the native library test tool requires the CPT basis tool as a prerequisite for the test data generation.

The CPT is maintained by the German Federal Office for Information Security (BSI). The technical maintenance of the native library test tool is handled by cryptosource GmbH.

Other CPT resources on the web

The following other resources for the CPT exist on web:

  • The CPT main project page is maintained by the German Federal Office for Information Security (BSI).
  • The CPT Basis Tool, which generates X.509 certificates and CRLs based on a test specification is also available on github and is technically maintained by MTG AG.
  • A github project with additional tools especially for the test execution on TLS clients and servers.

Compilation

The native library test tool is provided with a build system for Unix. It requires the cmake build tool to be installed.

The compiled libraries and header files for the libraries to be tested must be installed on the system and the respective paths configured in the CMakeLists.txt. The preconfigured paths are

  ../third_party_libs/openssl-1.1.0/
  ../third_party_libs/Botan-2.2.0/
  ../third_party_libs/mbedtls-2.4.2/

In order to build the native library test tool, execute

$ cmake .
$ make

Execution

To run the tool, call the executable as

$ ./build/cert_test --test_cases_dir=<path-to-certification_path_tool/output/> --target=<lib-to-test>

where the first argument is the path to the output directory of the CPT containing the generated test cases and may be one of "botan", "mbedtls", or "openssl".

An example call would thus be

$ ./build/cert_test --test_cases_dir=../certification_path_tool/output/ --target=botan

The tool then outputs the test results for all the test cases found in the CPT output directory.