The beginning of a rippingly good fully policy-driven SPIF/Label/Clearance handling library.
It's absolutely Top Hole!
Currently, this is experimental C++11 code, which will:
- Generate Display Markings for Labels (and Clearances),
- Perform an Access Control Decision.
- Validate a label according to rules in the policy.
- Translate a label from a local policy to an equivalent one.
It handles ACP-145(A) and SDN.801c (MISSI) categories, BER/DER labels and clearances (X.841/ESS syntaxes), and the Open XML SPIF. There's also support for an XML format (primarily for testing).
On the list:
- Moar test always (though the spifflicator has high code coverage as-is, and is valgrind checked)
- Equivalent Policy handling
- Enterprise Data Header format labelling
- NATO XML Labelling format (if this can be released)
- Likely some parts of Display Marking handling missing
It's amazingly difficult to find valid examples of policies, labels, and display markings. Any test vectors would be gratefully received, and can be handled outside the source tree and under suitable handling rules as required.
Just do make pre-build
You may, however, wish to run things manually:
Note: This library uses a fork of asn1c from a dependency. In order to build this firstly download submodules:
git submodule update --init
This will also pull down rapidxml for you. This is just headers (it's entirely template-based), and so needs no build step.
Then you'll need to build asn1c:
cd deps/asn1c
autoreconf -iv
./configure
make
make to build pretty much everything.
make spifflicator will give you a spifflicator to run the thing through
its paces:
$
./spifflicator stupid-spif.xml stupid-label.ber stupid-clearance-all.ber
Loaded SPIF 1.1
Label marking is 'Stupid Confidential'
Clearance marking is '{Stupid Unclassified|Stupid Confidential}'
ACDF decision is PASS
Or a less favourable result:
$
./spifflicator stupid-spif.xml stupid-label.ber stupid-clearance-none.ber
Loaded SPIF 1.1
Label marking is 'Stupid Confidential'
Clearance marking is '{unclassified (auto)}'
ACDF decision is FAIL
make transpifferizer will give you a transpifferizer, which will transpifferize both labels and
clearances between formats (but generally from BER to XML, or XML to XML):
$
./transpifferizer stupid-spif.xml stupid-label.ber stupid-label.xml
Loaded SPIF 1.1
Label marking is 'Stupid Confidential'
Writing stupid-label.xml as XML.
There is also a CMakeLists.txt file; this is really there to drive JetBrains's CLion IDE, and will not perform the ASN.1 build step.
make tests will run the tests and static analysis tools. This takes a while; you may need to
adjust paths in the Makefile for it to work. It'll output a number of reports (for coverage
and any bugs) in ./reports/
make quick-tests just runs the tests themselves.
The tests themselves are defined in test-data/tests.xml
The spifflicator and transpifferizer source files are both well-commented with explanations of what they do. Exploring the test engine is also well worth considering.