RPKI ASPA Test Data Generator

Overview

This is a simple tool to generate RPKI ASPA objects that fulfill the constraints of the ASN.1 CONTENT-TYPE definition, but exhibit corner cases that may need to be explicitly accommodated in decoder implementations.

For example, draft-ietf-sidrops-aspa-profile mandates:

The elements of providers MUST be ordered in ascending numerical order by the value of the providerASID field.

This constraint cannot be expressed in ASN.1 notation, thus implementors will need to hand-code such a check.

The data generated by this tool is intended to assist in creating automated and consistent testing for such checks.

Pre-generated Data

For those simply interested in the default generated data, an output tarball is provided for download for each release.

Operation

Test cases are defined in a YAML file. A default set of test cases are provided in rpki_aspa_test_data/test-cases.yml.

Each item in the YAML list defines an ASPA object to be generated, using the following metadata:

• name - A short name for the test case.
• valid - A boolean indicating whether a conforming implementation should consider the resulting object valid.
• desc - An optional long-form description of the test case.
• customer_asid - The AS number to place in the customerASID field.
• providers - A list of elements describing the contents of the providers field:
  • provider_asid - The AS number to place in the providerASID field.
  • afi_limit - An optional value to place in the afiLimit field. Must be either ipv4 or ipv6.

The tool will output a dummy repository tree, containing a single root CA, and a child CA per test case. The ASPA objects will themselves be output to the corresponding child CA's repository directory.

To assist with matching output files with test cases, the file name and subject commonName of each issuing CA is set to ca-case-{case.name}-{case.valid}.

Usage

Python 3.9 or greater is required.

There are currently no plans to publish a distribution via PyPI.

Users should install to a virtual environment directly from a git checkout.

With pipenv (Recommended)

The Pipfile.lock file used by pipenv will pin dependencies to known working versions:

git clone https://github.com/benmaddison/rpki-aspa-test-data
cd rpki-aspa-test-data
pipenv install
pipenv run generate

Manually with pip

For greater control over the packages installed into the local python environment, in particular on operating systems for which the cryptography package is not available for installation via pip:

git clone https://github.com/benmaddison/rpki-aspa-test-data
cd rpki-aspa-test-data
python3 -m venv .venv
# optionally hand-install dependencies...
.venv/bin/python3 -m pip install -e .
.venv/bin/python3 -m rpki_aspa_test_data

Options

• --test-cases/-c <PATH> - Generate objects based on the test cases specification file located at <PATH>, rather than the provided defaults.
• --extra-cases/-e <PATH> - Generate objects based on the additional test cases specification file at <PATH>. Multiple instances are supported.
• --output-path/-o <PATH> - Output files at <PATH>. Defaults to ./target.

Contributing

Pull requests are welcome.

If you wish to discuss a change before attempting an implementation, please open an issue in the issue tracker.