├── bin └── .gitkeep ├── label-2.ber ├── label-3.ber ├── test-data ├── stupid-label.ber ├── nato-4774-extra-1.xml ├── nato-4774-17-2.xml ├── tlpx-amber-eu.xml ├── nato-4774-17-3.xml ├── food-label-water.xml ├── tlpx-green-sh-na.xml ├── nato-4774-17-5.xml ├── nato-4774-17-2.nato ├── nato-4774-17-6.xml ├── nato-4774-17-3.nato ├── nato-4774-17-4.xml ├── nato-4774-17-1.xml ├── food-label-bacon.xml ├── uk-demo-secret-uk.xml ├── nato-4774-17-5.nato ├── nato-4774-17-6.nato ├── food-clearance-lactose-intolerant.xml ├── nato-4774-17-4.nato ├── nato-4774-17-1.nato ├── food-label-milk-chocolate.xml ├── food-label-cheap-milk-chocolate.xml ├── food-label-gimmick-milk-chocolate.xml ├── food-clearance-all-okay.xml ├── food-label-meaty-milk-chocolate.xml ├── bsi-commercial.xml ├── tlp.xml ├── Makefile ├── food-policy-borked.xml ├── tests.xml ├── food-policy.xml ├── food-policy-missi.xml ├── uk-demo.xml └── tlp-plus.xml ├── label-1.ber ├── .idea ├── dictionaries │ └── dwd.xml ├── inspectionProfiles │ ├── profiles_settings.xml │ └── Project_Default.xml └── codeStyleSettings.xml ├── circle.yml ├── seclabel-simple.xml ├── .gitignore ├── .gitmodules ├── seclabel.xml ├── .travis.yml ├── PLAYING-NICELY.md ├── CONTRIBUTORS.md ├── include └── spiffing │ ├── markings.h │ ├── spiffing.h │ ├── exceptions.h │ ├── categorygroup.h │ ├── categorydata.h │ ├── equivclass.h │ ├── equivcat.h │ ├── categoryref.h │ ├── tag.h │ ├── marking.h │ ├── lacv.h │ ├── clearance.h │ ├── label.h │ ├── category.h │ ├── tagset.h │ ├── constants.h │ ├── classification.h │ ├── spif.h │ └── catutils.h ├── Clearance.asn ├── src ├── exceptions.cc ├── markings.cc ├── spiffing.cc ├── tag.cc ├── constants.cc ├── equivclass.cc ├── equivcat.cc ├── categorygroup.cc ├── tagset.cc ├── categorydata.cc ├── classification.cc ├── lacv.cc ├── marking.cc ├── category.cc └── label.cc ├── SSLPrivileges.asn ├── SECURITY.md ├── LICENSE ├── MissiSecurityCategories.asn ├── ESSSecurityLabel.asn ├── clearance-reader.cc ├── acp145.asn ├── spifflicator.cc ├── README.md ├── label-reader.cc ├── FAQ.md ├── CMakeLists.txt ├── test.cc ├── Makefile ├── transpifferizer.cc └── X841.asn /bin/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /label-2.ber: -------------------------------------------------------------------------------- 1 | 1) -------------------------------------------------------------------------------- /label-3.ber: -------------------------------------------------------------------------------- 1 | 1) -------------------------------------------------------------------------------- /test-data/stupid-label.ber: -------------------------------------------------------------------------------- 1 | 13) VAGUELY SECRET -------------------------------------------------------------------------------- /label-1.ber: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/surevine/spiffing/HEAD/label-1.ber -------------------------------------------------------------------------------- /.idea/dictionaries/dwd.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | -------------------------------------------------------------------------------- /circle.yml: -------------------------------------------------------------------------------- 1 | checkout: 2 | post: 3 | - make submodules 4 | 5 | build: 6 | pre: 7 | - make pre-build 8 | -------------------------------------------------------------------------------- /test-data/nato-4774-extra-1.xml: -------------------------------------------------------------------------------- 1 | 5 | -------------------------------------------------------------------------------- /seclabel-simple.xml: -------------------------------------------------------------------------------- 1 | 2 | 1.1 3 | 4 4 | 5 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | *~ 2 | build/ 3 | report/ 4 | gen-ber/ 5 | clearance-parser 6 | label-reader 7 | label-parser 8 | converter-sample.c 9 | spifflicator 10 | transpifferizer 11 | test 12 | bin/* 13 | -------------------------------------------------------------------------------- /.gitmodules: -------------------------------------------------------------------------------- 1 | [submodule "deps/rapidxml"] 2 | path = deps/rapidxml 3 | url = https://github.com/dwd/rapidxml.git 4 | [submodule "deps/asn1c"] 5 | path = deps/asn1c 6 | url = https://github.com/dwd/asn1c.git 7 | -------------------------------------------------------------------------------- /test-data/nato-4774-17-2.xml: -------------------------------------------------------------------------------- 1 | 6 | -------------------------------------------------------------------------------- /test-data/tlpx-amber-eu.xml: -------------------------------------------------------------------------------- 1 | 6 | -------------------------------------------------------------------------------- /seclabel.xml: -------------------------------------------------------------------------------- 1 | 2 | 1.1 3 | 51 4 | VAGUELY SECRET 5 | 6 | -------------------------------------------------------------------------------- /test-data/nato-4774-17-3.xml: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /.idea/inspectionProfiles/profiles_settings.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 7 | -------------------------------------------------------------------------------- /test-data/food-label-water.xml: -------------------------------------------------------------------------------- 1 | 6 | -------------------------------------------------------------------------------- /test-data/tlpx-green-sh-na.xml: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- 1 | before_install: 2 | - sudo make travis 3 | - make pre-build 4 | - make asn1c 5 | - make gen-ber/.marker 6 | language: cpp 7 | script: make "DEBUG=-g --coverage" && make "DEBUG=-g --coverage" test-spiffing && make "DEBUG=-g --coverage" quick-tests 8 | after_success: 9 | - gcov-4.8 -p -r `find build -name '*.gcda'` 10 | - coveralls --exclude gen-ber --exclude deps --no-gcov --verbose 11 | -------------------------------------------------------------------------------- /test-data/nato-4774-17-5.xml: -------------------------------------------------------------------------------- 1 | 9 | -------------------------------------------------------------------------------- /PLAYING-NICELY.md: -------------------------------------------------------------------------------- 1 | Playing Nicely 2 | ============== 3 | 4 | This software is licensed under extremely liberal terms, with the hope that 5 | this reduces any barriers to use to the absolute minimum. 6 | 7 | However, the intent of the author is to actively maintain a useful library, and 8 | therefore licensors are requested -- though not mandated -- to pass back any 9 | changes and improvements for inclusion in the upstream copy. 10 | -------------------------------------------------------------------------------- /test-data/nato-4774-17-2.nato: -------------------------------------------------------------------------------- 1 | 2 | 3 | NATO 4 | UNCLASSIFIED 5 | 6 | NATO 7 | 8 | 9 | 10 | -------------------------------------------------------------------------------- /CONTRIBUTORS.md: -------------------------------------------------------------------------------- 1 | # Contributors 2 | 3 | ## Special thanks for all the people who had helped this project so far: 4 | 5 | * [Dave Cridland](https://github.com/dwd) 6 | * [Lloyd Watkin](https://github.com/lloydwatkin) 7 | * [Simon Waters](https://github.com/SimonWaters) 8 | 9 | The project originated at [Surevine](https://surevine.com) with the 10 | vision to develop a fully policy-driven secure message exchange 11 | mechanism. 12 | 13 | -------------------------------------------------------------------------------- /test-data/nato-4774-17-6.xml: -------------------------------------------------------------------------------- 1 | 10 | -------------------------------------------------------------------------------- /test-data/nato-4774-17-3.nato: -------------------------------------------------------------------------------- 1 | 2 | 3 | NATO 4 | UNCLASSIFIED 5 | 6 | NATO 7 | 8 | 9 | STAFF 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /test-data/nato-4774-17-4.xml: -------------------------------------------------------------------------------- 1 | 11 | -------------------------------------------------------------------------------- /test-data/nato-4774-17-1.xml: -------------------------------------------------------------------------------- 1 | 11 | -------------------------------------------------------------------------------- /test-data/food-label-bacon.xml: -------------------------------------------------------------------------------- 1 | 9 | -------------------------------------------------------------------------------- /.idea/inspectionProfiles/Project_Default.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 11 | -------------------------------------------------------------------------------- /test-data/uk-demo-secret-uk.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | -------------------------------------------------------------------------------- /test-data/nato-4774-17-5.nato: -------------------------------------------------------------------------------- 1 | 2 | 3 | NATO 4 | CONFIDENTIAL 5 | 6 | EAPC 7 | Releasable 8 | 9 | 10 | EAPC 11 | ISAF 12 | 13 | 14 | 15 | -------------------------------------------------------------------------------- /include/spiffing/markings.h: -------------------------------------------------------------------------------- 1 | // 2 | // Created by dwd on 04/04/16. 3 | // 4 | 5 | #ifndef SPIFFING_MARKINGS_H 6 | #define SPIFFING_MARKINGS_H 7 | 8 | #include 9 | #include 10 | #include 11 | #include 12 | 13 | namespace Spiffing { 14 | class Markings { 15 | public: 16 | Markings(); 17 | Marking const * marking(std::string const & langTag) const; 18 | void marking(std::unique_ptr && m); 19 | private: 20 | std::map> m_marking; 21 | }; 22 | } 23 | 24 | #endif //SPIFFING_MARKINGS_H 25 | -------------------------------------------------------------------------------- /test-data/nato-4774-17-6.nato: -------------------------------------------------------------------------------- 1 | 2 | 3 | NATO 4 | CONFIDENTIAL 5 | 6 | KFOR 7 | 8 | 9 | NATO 10 | IRL 11 | SWE 12 | UKR 13 | 14 | 15 | 16 | -------------------------------------------------------------------------------- /test-data/food-clearance-lactose-intolerant.xml: -------------------------------------------------------------------------------- 1 | 2 | Food labelling policy 3 | Luxury 4 | 5 | Sweet 6 | 7 | 8 | 9 | 10 | 11 | -------------------------------------------------------------------------------- /Clearance.asn: -------------------------------------------------------------------------------- 1 | RFC5912 DEFINITIONS IMPLICIT TAGS ::= 2 | 3 | BEGIN 4 | 5 | -- We want the ACP 145(A) version, not the one given in RFC 2634 6 | IMPORTS SecurityCategory, SecurityCategories FROM ACP145; 7 | 8 | Clearance ::= SEQUENCE { 9 | policyId OBJECT IDENTIFIER, 10 | classList ClassList DEFAULT {unclassified}, 11 | securityCategories SecurityCategories OPTIONAL 12 | } 13 | 14 | ClassList ::= BIT STRING { 15 | unmarked (0), 16 | unclassified (1), 17 | restricted (2), 18 | confidential (3), 19 | secret (4), 20 | topSecret (5) 21 | } 22 | 23 | END 24 | -------------------------------------------------------------------------------- /test-data/nato-4774-17-4.nato: -------------------------------------------------------------------------------- 1 | 2 | 3 | NATO 4 | RESTRICTED 5 | 6 | NATO 7 | Releasable 8 | 9 | 10 | NATO 11 | JPN 12 | CHE 13 | UKR 14 | 15 | 16 | 17 | -------------------------------------------------------------------------------- /src/exceptions.cc: -------------------------------------------------------------------------------- 1 | // 2 | // Created by dwd on 22/05/18. 3 | // 4 | 5 | #include "spiffing/exceptions.h" 6 | 7 | using namespace Spiffing; 8 | 9 | #define DEFINE_ERROR(err, parent) \ 10 | err::err(const char * what) : parent(what) {} \ 11 | err::err(std::string const & what) : parent(what) {} 12 | 13 | DEFINE_ERROR(error, std::runtime_error) 14 | DEFINE_ERROR(parse_error, error) 15 | DEFINE_ERROR(spif_error, parse_error) 16 | DEFINE_ERROR(spif_syntax_error, spif_error) 17 | DEFINE_ERROR(spif_ref_error, error) 18 | DEFINE_ERROR(spif_invariant_error, spif_error) 19 | DEFINE_ERROR(policy_mismatch, error) 20 | DEFINE_ERROR(clearance_error, parse_error) 21 | DEFINE_ERROR(label_error, parse_error) 22 | DEFINE_ERROR(equiv_error, label_error) 23 | -------------------------------------------------------------------------------- /test-data/nato-4774-17-1.nato: -------------------------------------------------------------------------------- 1 | 2 | 3 | NATO 4 | UNCLASSIFIED 5 | 6 | NATO 7 | Releasable 8 | 9 | 10 | NATO 11 | ISAF 12 | KFOR 13 | RESOLUTE SUPPORT 14 | 15 | 16 | 17 | -------------------------------------------------------------------------------- /SSLPrivileges.asn: -------------------------------------------------------------------------------- 1 | SSL DEFINITIONS IMPLICIT TAGS ::= BEGIN 2 | 3 | IMPORTS SecurityAttribute FROM ACP145; 4 | 5 | SSLPrivileges ::= SET OF NamedTagSetPrivilege 6 | 7 | NamedTagSetPrivilege ::= SEQUENCE { 8 | tagSetName TagSetName, 9 | securityTagPrivileges SEQUENCE OF SecurityTagPrivilege 10 | } 11 | 12 | TagSetName ::= OBJECT IDENTIFIER 13 | 14 | SecurityTagPrivilege ::= CHOICE { 15 | -- Type 1 - for restrictive security attributes 16 | restrictivebitMap [1] IMPLICIT BIT STRING, 17 | 18 | -- Type 2 - for permissive or restrictive integers 19 | enumeratedAttributes [2] IMPLICIT SET OF SecurityAttribute, 20 | 21 | -- Type 6 - for permissive security attributes 22 | permissivebitMap [6] IMPLICIT BIT STRING 23 | } 24 | 25 | END -------------------------------------------------------------------------------- /test-data/food-label-milk-chocolate.xml: -------------------------------------------------------------------------------- 1 | 11 | -------------------------------------------------------------------------------- /test-data/food-label-cheap-milk-chocolate.xml: -------------------------------------------------------------------------------- 1 | 11 | -------------------------------------------------------------------------------- /test-data/food-label-gimmick-milk-chocolate.xml: -------------------------------------------------------------------------------- 1 | 11 | -------------------------------------------------------------------------------- /include/spiffing/spiffing.h: -------------------------------------------------------------------------------- 1 | // 2 | // Created by dwd on 03/09/15. 3 | // 4 | 5 | #ifndef SPIFFING_SPIFFING_H 6 | #define SPIFFING_SPIFFING_H 7 | 8 | #include 9 | 10 | namespace Spiffing { 11 | class Site { 12 | public: 13 | Site(); 14 | 15 | static Site &site(); 16 | std::shared_ptr const & spif(std::string const & oid) const; 17 | std::shared_ptr const & spif_by_name(std::string const & name) const; 18 | std::shared_ptr load(std::istream & filename); 19 | private: 20 | std::map> m_spifs; 21 | std::map> m_spifnames; 22 | }; 23 | } 24 | 25 | #endif //SPIFFING_SPIFFING_H 26 | -------------------------------------------------------------------------------- /test-data/food-clearance-all-okay.xml: -------------------------------------------------------------------------------- 1 | 2 | Food labelling policy 3 | Luxury 4 | 5 | Sweet 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /test-data/food-label-meaty-milk-chocolate.xml: -------------------------------------------------------------------------------- 1 | 12 | -------------------------------------------------------------------------------- /src/markings.cc: -------------------------------------------------------------------------------- 1 | // 2 | // Created by dwd on 04/04/16. 3 | // 4 | 5 | #include 6 | #include 7 | 8 | using namespace Spiffing; 9 | 10 | Markings::Markings() {} 11 | 12 | Marking const * Markings::marking(std::string const & langTag) const { 13 | auto i = m_marking.find(langTag); 14 | if (i == m_marking.end()) { 15 | auto p = langTag.find_first_of("-_"); 16 | if (p != std::string::npos) { 17 | std::string lang{langTag, 0, p}; 18 | i = m_marking.find(lang); 19 | } 20 | } 21 | if (i == m_marking.end()) { 22 | i = m_marking.find(""); 23 | } 24 | if (i == m_marking.end()) { 25 | return nullptr; 26 | } 27 | return (*i).second.get(); 28 | } 29 | void Markings::marking(std::unique_ptr && m) { 30 | std::string langTag = m->langTag(); 31 | m_marking.emplace(std::move(std::make_pair(langTag, std::move(m)))); 32 | } 33 | -------------------------------------------------------------------------------- /include/spiffing/exceptions.h: -------------------------------------------------------------------------------- 1 | // 2 | // Created by dwd on 22/05/18. 3 | // 4 | 5 | #ifndef SPIFFING_EXCEPTIONS_H 6 | #define SPIFFING_EXCEPTIONS_H 7 | 8 | #include 9 | #include 10 | 11 | namespace Spiffing { 12 | #define DEFINE_ERROR(err, parent) \ 13 | class err : public parent { \ 14 | public: \ 15 | explicit err(const char *); \ 16 | explicit err(std::string const &); \ 17 | } 18 | DEFINE_ERROR(error, std::runtime_error); 19 | DEFINE_ERROR(parse_error, error); 20 | DEFINE_ERROR(spif_error, parse_error); 21 | DEFINE_ERROR(spif_syntax_error, spif_error); 22 | DEFINE_ERROR(spif_ref_error, error); 23 | DEFINE_ERROR(spif_invariant_error, spif_error); 24 | DEFINE_ERROR(policy_mismatch, error); 25 | DEFINE_ERROR(clearance_error, parse_error); 26 | DEFINE_ERROR(label_error, parse_error); 27 | DEFINE_ERROR(equiv_error, label_error); 28 | #undef DEFINE_ERROR 29 | } 30 | 31 | #endif //SPIFFING_EXCEPTIONS_H 32 | -------------------------------------------------------------------------------- /SECURITY.md: -------------------------------------------------------------------------------- 1 | Security Considerations 2 | ======================= 3 | 4 | This software is designed expressly for the purpose of security policy 5 | enforcement, in this case enforcing an information handling model. Therefore 6 | security issues in particular are treated with the upmost importance. 7 | 8 | In the first instance, a security issue may be sent directly to the author, 9 | Dave Cridland 10 | 11 | If this does not generate a timely response, please contact Surevine Ltd via 12 | any private method. 13 | 14 | Suitability Statement 15 | ===================== 16 | 17 | Note that at the current point in time, this software is not considered 18 | production-ready, and is therefore unsuited to high-assurance systems. It may 19 | be useful in support of experimental work. 20 | 21 | In particular, no claim is made that the software has, or is suited for, any 22 | accreditation. 23 | 24 | If use in a production environment is desired, please contact Surevine Ltd. 25 | -------------------------------------------------------------------------------- /src/spiffing.cc: -------------------------------------------------------------------------------- 1 | // 2 | // Created by dwd on 03/09/15. 3 | // 4 | 5 | #include 6 | #include 7 | 8 | using namespace Spiffing; 9 | 10 | namespace { 11 | Site * s_spiffing = nullptr; 12 | } 13 | 14 | Site::Site() : m_spifs() { 15 | s_spiffing = this; 16 | } 17 | 18 | std::shared_ptr const & Site::spif(std::string const & oid) const { 19 | auto i = m_spifs.find(oid); 20 | if (i == m_spifs.end()) throw spif_ref_error("Unknown policy id: " + oid); 21 | return (*i).second; 22 | } 23 | 24 | std::shared_ptr const & Site::spif_by_name(std::string const & name) const { 25 | auto i = m_spifnames.find(name); 26 | if (i == m_spifnames.end()) throw spif_ref_error("Unknown policy name: " + name); 27 | return (*i).second; 28 | } 29 | 30 | std::shared_ptr Site::load(std::istream & file) { 31 | std::shared_ptr spif = std::make_shared(file, Format::XML); 32 | m_spifs[spif->policy_id()] = spif; 33 | m_spifnames[spif->name()] = spif; 34 | return spif; 35 | } 36 | 37 | Site & Spiffing::Site::site() { 38 | return *s_spiffing; 39 | } -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Copyright 2014 Dave Cridland 2 | Copyright 2014 Surevine Ltd 3 | 4 | Permission is hereby granted, free of charge, to any person obtaining a copy of 5 | this software and associated documentation files (the "Software"), to deal in 6 | the Software without restriction, including without limitation the rights to 7 | use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies 8 | of the Software, and to permit persons to whom the Software is furnished to do 9 | so, subject to the following conditions: 10 | 11 | The above copyright notice and this permission notice shall be included in all 12 | copies or substantial portions of the Software. 13 | 14 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 15 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 17 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 18 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 19 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 20 | SOFTWARE. 21 | -------------------------------------------------------------------------------- /MissiSecurityCategories.asn: -------------------------------------------------------------------------------- 1 | MISSI DEFINITIONS IMPLICIT TAGS ::= BEGIN 2 | 3 | IMPORTS SecurityAttribute FROM ACP145 4 | TagSetName FROM SSL; 5 | 6 | MissiSecurityCategories ::= CHOICE { 7 | lrbacInfo LrbacInfo, 8 | prbacSecurityCategories StandardSecurityLabel 9 | } 10 | 11 | LrbacInfo ::= SEQUENCE { 12 | securityPolicyIdentifier OBJECT IDENTIFIER, 13 | lrbacSecurityCategories StandardSecurityLabel 14 | } 15 | 16 | StandardSecurityLabel ::= SET OF NamedTagSet 17 | 18 | NamedTagSet ::= SEQUENCE { 19 | tagSetName TagSetName, 20 | securityTags SEQUENCE OF SecurityTag 21 | } 22 | 23 | SecurityTag ::= CHOICE { 24 | --Type 1 - for restrictive security attributes 25 | restrictivebitMap [1] IMPLICIT SEQUENCE { 26 | securityLevel SecurityAttribute OPTIONAL, 27 | attributeFlags BIT STRING 28 | }, 29 | --Type 2 - for permissive or restrictive integers 30 | enumeratedAttributes [2] IMPLICIT SEQUENCE { 31 | securityLevel SecurityAttribute OPTIONAL, 32 | attributeFlags SET OF SecurityAttribute 33 | }, 34 | -- Type 6 - for permissive security attributes 35 | permissivebitMap [6] IMPLICIT SEQUENCE { 36 | securityLevel SecurityAttribute OPTIONAL, 37 | attributeFlags BIT STRING 38 | }, 39 | -- Type 7 - for markings with no formal access control 40 | freeFormField [7] ANY DEFINED BY tagSetName 41 | } 42 | 43 | -- For MISSI, the freeFormField takes the form of the following: 44 | TagType7Data ::= CHOICE { 45 | bitSetAttributes BIT STRING, 46 | securityAttributes SET OF SecurityAttribute 47 | } 48 | 49 | END -------------------------------------------------------------------------------- /src/tag.cc: -------------------------------------------------------------------------------- 1 | /*** 2 | 3 | Copyright 2014-2015 Dave Cridland 4 | Copyright 2014-2015 Surevine Ltd 5 | 6 | Permission is hereby granted, free of charge, to any person obtaining a copy of 7 | this software and associated documentation files (the "Software"), to deal in 8 | the Software without restriction, including without limitation the rights to 9 | use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies 10 | of the Software, and to permit persons to whom the Software is furnished to do 11 | so, subject to the following conditions: 12 | 13 | The above copyright notice and this permission notice shall be included in all 14 | copies or substantial portions of the Software. 15 | 16 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 22 | SOFTWARE. 23 | 24 | ***/ 25 | 26 | #include 27 | #include 28 | #include 29 | #include 30 | 31 | using namespace Spiffing; 32 | 33 | Tag::Tag(TagSet & tagSet, TagType tagType, InformativeEncoding t7enc, std::string const & name) 34 | : m_name{name}, m_tagType(tagType), m_t7enc(t7enc), m_tagSet(tagSet) { 35 | } 36 | 37 | void Tag::addCategory(std::shared_ptr const & c) { 38 | m_categories[c->lacv()] = c; 39 | m_tagSet.addCategory(*this, c); 40 | } 41 | -------------------------------------------------------------------------------- /ESSSecurityLabel.asn: -------------------------------------------------------------------------------- 1 | RFC2634 DEFINITIONS ::= BEGIN 2 | 3 | -- We want the ACP 145(A) version, not the one given in RFC 2634 4 | IMPORTS SecurityCategory, SecurityCategories FROM ACP145; 5 | 6 | ESSSecurityLabel ::= SET { 7 | security-policy-identifier SecurityPolicyIdentifier OPTIONAL, -- Optional in X.841, actually. 8 | security-classification SecurityClassification OPTIONAL, 9 | privacy-mark ESSPrivacyMark OPTIONAL, 10 | security-categories SecurityCategories OPTIONAL } 11 | 12 | id-aa-securityLabel OBJECT IDENTIFIER ::= { iso(1) member-body(2) 13 | us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 2} 14 | 15 | SecurityPolicyIdentifier ::= OBJECT IDENTIFIER 16 | 17 | SecurityClassification ::= INTEGER { 18 | unmarked (0), 19 | unclassified (1), 20 | restricted (2), 21 | confidential (3), 22 | secret (4), 23 | top-secret (5) } (0..ub-integer-options) 24 | 25 | ub-integer-options INTEGER ::= 256 26 | 27 | ESSPrivacyMark ::= CHOICE { 28 | pString PrintableString (SIZE (1..ub-privacy-mark-length)), 29 | utf8String UTF8String (SIZE (1..MAX)) 30 | } 31 | 32 | ub-privacy-mark-length INTEGER ::= 128 33 | 34 | -- SecurityCategory ::= SEQUENCE { 35 | -- type [0] OBJECT IDENTIFIER, 36 | -- value [1] OCTET STRING -- -- defined by type 37 | -- } 38 | 39 | --Note: The aforementioned SecurityCategory syntax produces identical 40 | --hex encodings as the following SecurityCategory syntax that is 41 | --documented in the X.411 specification: 42 | -- 43 | --SecurityCategory ::= SEQUENCE { 44 | -- type [0] SECURITY-CATEGORY, 45 | -- value [1] ANY DEFINED BY type } 46 | -- 47 | --SECURITY-CATEGORY MACRO ::= 48 | --BEGIN 49 | --TYPE NOTATION ::= type | empty 50 | --VALUE NOTATION ::= value (VALUE OBJECT IDENTIFIER) 51 | --END 52 | 53 | END 54 | -------------------------------------------------------------------------------- /include/spiffing/categorygroup.h: -------------------------------------------------------------------------------- 1 | /*** 2 | 3 | Copyright 2015 Dave Cridland 4 | Copyright 2015 Surevine Ltd 5 | 6 | Permission is hereby granted, free of charge, to any person obtaining a copy of 7 | this software and associated documentation files (the "Software"), to deal in 8 | the Software without restriction, including without limitation the rights to 9 | use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies 10 | of the Software, and to permit persons to whom the Software is furnished to do 11 | so, subject to the following conditions: 12 | 13 | The above copyright notice and this permission notice shall be included in all 14 | copies or substantial portions of the Software. 15 | 16 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 22 | SOFTWARE. 23 | 24 | ***/ 25 | 26 | #ifndef SPIFFING_CATEGORYGROUP_H 27 | #define SPIFFING_CATEGORYGROUP_H 28 | 29 | #include 30 | #include 31 | 32 | #include 33 | #include 34 | 35 | namespace Spiffing { 36 | class CategoryData; 37 | class CategoryGroup { 38 | public: 39 | CategoryGroup(OperationType opType); 40 | 41 | bool matches(Label const &) const; 42 | void compile(Spif const & spif); 43 | 44 | void addCategoryData(std::unique_ptr &&); 45 | void fixup(Label & l) const; 46 | private: 47 | std::set> m_categoryData; 48 | OperationType m_opType; 49 | }; 50 | } 51 | 52 | #endif 53 | -------------------------------------------------------------------------------- /src/constants.cc: -------------------------------------------------------------------------------- 1 | /*** 2 | 3 | Copyright 2014-2015 Dave Cridland 4 | Copyright 2014-2015 Surevine Ltd 5 | 6 | Permission is hereby granted, free of charge, to any person obtaining a copy of 7 | this software and associated documentation files (the "Software"), to deal in 8 | the Software without restriction, including without limitation the rights to 9 | use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies 10 | of the Software, and to permit persons to whom the Software is furnished to do 11 | so, subject to the following conditions: 12 | 13 | The above copyright notice and this permission notice shall be included in all 14 | copies or substantial portions of the Software. 15 | 16 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 22 | SOFTWARE. 23 | 24 | ***/ 25 | 26 | #include 27 | 28 | std::string const Spiffing::OID::NATO = "2.16.840.1.101.2.1.8.3"; 29 | std::string const Spiffing::OID::MISSI{"2.16.840.1.101.2.1.8.1"}; 30 | std::string const Spiffing::OID::SSLPrivilege{"2.16.840.1.101.2.1.8.2"}; 31 | 32 | // ACP-145(A) types 33 | std::string const Spiffing::OID::NATO_RestrictiveBitmap{"2.16.840.1.101.2.1.8.3.0"}; 34 | std::string const Spiffing::OID::NATO_PermissiveBitmap{"2.16.840.1.101.2.1.8.3.2"}; 35 | std::string const Spiffing::OID::NATO_EnumeratedPermissive{"2.16.840.1.101.2.1.8.3.1"}; 36 | std::string const Spiffing::OID::NATO_EnumeratedRestrictive{"2.16.840.1.101.2.1.8.3.4"}; 37 | std::string const Spiffing::OID::NATO_Informative{"2.16.840.1.101.2.1.8.3.3"}; 38 | -------------------------------------------------------------------------------- /src/equivclass.cc: -------------------------------------------------------------------------------- 1 | /*** 2 | 3 | Copyright 2014-2015 Dave Cridland 4 | Copyright 2014-2015 Surevine Ltd 5 | 6 | Permission is hereby granted, free of charge, to any person obtaining a copy of 7 | this software and associated documentation files (the "Software"), to deal in 8 | the Software without restriction, including without limitation the rights to 9 | use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies 10 | of the Software, and to permit persons to whom the Software is furnished to do 11 | so, subject to the following conditions: 12 | 13 | The above copyright notice and this permission notice shall be included in all 14 | copies or substantial portions of the Software. 15 | 16 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 22 | SOFTWARE. 23 | 24 | ***/ 25 | 26 | #include 27 | #include 28 | #include 29 | 30 | using namespace Spiffing; 31 | 32 | EquivClassification::EquivClassification(std::string const &policy_id, lacv_t lacv) 33 | : m_policy_id(policy_id), m_class(lacv) { 34 | } 35 | 36 | void EquivClassification::addRequiredCategory(std::unique_ptr &&reqCat) { 37 | m_reqs.insert(std::move(reqCat)); 38 | } 39 | 40 | std::unique_ptr