Netscape PKCS #11 Test SuitesNewsgroup: mozilla.dev.tech.crypto
The Netscape PKCS #11 Test Suites are designed to help vendors of PKCS #11-compliant cryptographic hardware verify compatibility with Netscape software.
- Tools: The tools regress, reporter, and replacer have yet to be released.
- The tests suite: The test source code was written to use NSS 2.x, not NSS 3.x, and would take a lot of work to make it build and run with the current NSS 3.x. Volunteers for this work are welcome.
- Other tests : NSS has two other programs that are used for PKCS#11 testing. They are pk11mode and pk11util. The sources to both are in nss/cmd.
- PKCS #11 Test Suite. Uses the regress tool to exercise the PKCS #11 operations most commonly accessed from Netscape products through the PKCS #11 interface.
- SSL Test Suite. Uses the regress tool to run a series of test programs (up to 8000). Each test opens a client and server SSL socket and transfers data between the two. By default, the suite runs on the NSS libraries, but it can be configured to run over any PKCS #11 cryptographic provider.
- Trivial. A simple test that loads a cryptoki module and performs some basic excercises, such as querying information and opening sessions.
- Regress. Regress is a test suite automation and reporting tool that runs a parameterized test program over a number of variables. It is controlled by a specification file that lists the variable combinations to be executed. Test result tables are output to an HTML file, which can be organized with the reporter tool.
- Reporter. Reporter automates the web indexing of regression results generated by the regress tool. Reporter uses a specification file that defines the Component/Test Suite/Platform topology of the report directory structure. The tool then parses all the individual regress summary files found at the lowest level of the reporting hierarchy and updates all the intermediate index.htm files. The reporter tool is expected to automate the routine maintenance of updating web content to form an orderly and predictable testing results web that can be reindexed automatically.
A third tool, replacer, is designed to produce a larger number of programs that are nearly identical, differing by only a few variables. This program is ideal for creating regression test suites on APIs or programs that have large numbers of variables. It is not explicitly used by the Netscape PKCS #11 test suites.
Detailed design specifications for all three testing tools--regress, reporter, and replacer--are available at Test Tool Specifications.
General pointers for getting PKCS #11 drivers working with Netscape software can be found in these documents:
- Implementing PKCS #11 for the Netscape Security Library
- PKCS #11 FAQ.
- Common PKCS #11 Implementation Problems.