Skip to main content

Architecture

The diagram below illustrates the general architecture of TLS-Anvil, highlighting the different phases executed during a test run.
These phases are explained in detail in our USENIX Security Paper, Section 4.1.

TLS-Anvil Architecture


TLS-Anvil is implemented in Java and leverages several key libraries:

  • JUnit 5 – Testing engine. TLS-Anvil extensively uses JUnit's extension system.
  • TLS-Attacker – Core TLS stack.
  • TLS-Scanner – Scanner based on TLS-Attacker, used for feature extraction.
  • coffee4j – Library for combinatorial testing.

Key Concepts

Every test template ⓘ represents a JUnit test function augmented with Java annotations that define an IPM ⓘ.
Most importantly, these annotations enable the TLS-Anvil test lifecycle, which manages TLS message exchanges with the System Under Test (SUT).


TLS-Anvil Modules

TLS-Anvil is organized into two Java modules:

  • TLS-Testsuite:
    The main module containing all test templates.
    These templates reside in the de.rub.nds.tlstest.suite.tests package, further subdivided into:

    • server tests
    • client tests
    • Tests applicable to both peers
      Inside these, tests are organized by relevant RFCs.
  • TLS-Test-Framework:
    This module contains all JUnit extensions and the core test execution logic.


See the next chapter for an example test template and instructions on adding new templates.