asn.1 format learning

Others 2020-04-17 21:03:42 views: null

basic concept

Abstract syntax notation one (ASN.1) is a series of rules that support the definition, transmission, and exchange of complex data structures and objects. ASN.1 is designed to support network communication on different platforms, regardless of machine architecture and language implementation. ASN.1 was first defined in X.208 in 1988, and the most recent update was in the X.680 series of documents launched in 2008.

ASN.1 defines data in an abstract way, and how to encode data is in another standard. Basic encoding rules (BER) are the first data encoding standards. The unique encoding rules (DER) that X.509 relies on are a subset of BER and only allow one way to encode the value of ASN.1. This uniqueness is very critical to the use of cryptography, especially digital signatures. PEM (short for privacy-enhancedmail, meaningless in this context) is the ASCII encoding format of DER using Base64 encoding.

Basic grammar

Types of

The value of a given ASN.1 type is an element of this type collection. ASN.1 has four types: simple types, which are "atomic" and do not have any components; structured types with components; tag types, derived from other types; and other types, including CHOICE types and ANY types. You can use the ASN.1 assignment operator ::=to name types and values. These names can be used to define other types and values.

In addition to CHOICE and ANY, each ASN.1 type has a label, which consists of a class and a non-negative label number. The ASN.1 types are abstractly the same if and only if their tag numbers are the same. In other words, the name of the ASN.1 type will not affect its abstract meaning, only the label will affect its abstract meaning. The labels are divided into four categories:

  • Universal, For types that have the same meaning in all applications; these types are only defined in X.208.
  • Application, A type used for application-specific meanings, such as the X.500 directory service; types in two different applications may have the same application-specific labels and different meanings.
  • Private, For meaning specific to the type of a given enterprise.
  • Context-specific, For types whose meaning is specific to a given structured type; context-specific tags are used to distinguish between component types with the same basic tag in the context of a given structural type, and component types of two different structural types may have The same mark and different meanings.
Type Tag number(decimal) Tag number(hexadecimal)
INTEGER 2 02
BIT STRING 3 03
OCTET STRING 4 04
NULL 5 05
OBJECT IDENTIFIER 6 06
SEQUENCE and SEQUENCE OF 16 10
SET and SET OF 17 11
PrintableString 19 13
T61String 20 14
IA5String 22 16
UTCTime 23 17

ASN.1 types and values ​​are expressed in flexible notation similar to programming languages, and have the following special rules:

  • The layout is not important; multiple spaces and line breaks can be considered as one space.
  • Comments are separated by a pair of hyphens --or a pair of hyphens and a newline.
  • Identifiers (names of values ​​and fields) and type references (type names) are composed of uppercase and lowercase letters, numbers, hyphens, and spaces; identifiers start with lowercase letters; type references start with uppercase letters.

Basic coding rules (BER)

ASN.1's basic encoding rules (abbreviated as BER) provide one or more methods to represent any ASN.1 value as an octet string. (Of course, there are other ways to represent ASN.1 values, but BER is the standard for exchanging such values ​​in OSI.)
There are three ways to encode ASN.1 values ​​under BER, the choice depends on the type of value and the value Is the length known. The three methods are

  • Original fixed-length encoding
  • Structured fixed-length coding
  • Structured variable length coding

The simple non-string type uses the original fixed-length method. Structured types use one of two structured methods; simple string types can use any method, depending on whether the length of the value is known. Types derived by implicit marking use the method of basic types, and types derived by explicit marking use the method of construction.

In each method, BER encoding has three or four parts:

  • Identifier. These identify the class and tag number of the ASN.1 value and indicate whether the method is original or constructed.
  • length. For fixed-length methods, these methods give the number of content octets. For methods of constructing uncertain lengths, these indicate that the length is uncertain.
  • content. For the original fixed-length method, these give a specific representation of the value. For the constructed methods, these methods give a concatenation of the BER codes of the value components.
  • End of content. For the uncertain length method of construction, these indicate the end of the content. For other methods, it does not exist.

Original fixed-length encoding

This method is suitable for simple types and types derived from simple types through implicit tagging. It requires knowing the length of the value in advance. The part of BER encoding is as follows:

Identifier

There are two forms: low tag number (for tag numbers between 0 and 30) and high tag number (for tag numbers above 31).

Low label count form. One octet. Bits 8 and 7 specify the category, the value of bit 6 0indicates that the encoding is original, and bit 5-1 gives the tag number.

Class Bit 8 Bit 7
universal 0 0
application 0 1
context-specific 1 0
private 1 1

High label count form. Two or more bytes. The first byte has the same format as the low tag number, except that the values ​​of bits 5-1 are 1. The second and subsequent bytes are given number labels to the base 128 as the base, most significant bit first, the number of bits as little as possible, the eighth bit of each byte (except the last one) is set 1.

length

There are two forms: short (for a length between 0 and 127) and long (for a length between 0 and 2 ^ 1008 -1).

  • short, One byte. The value of bit 8 0and bit 7-1 give the length.
  • long, 2 to 127 bytes. The value of bit 8 of the first byte 1, and bits 7-1 give the number of additional bytes. The second and subsequent octets are based on 256, with the most significant digit first.

content

Gives a specific representation of the value (if the type is derived from an implicit token, you can give the value of the underlying type)

Structured fixed-length coding

Identifier

Same as above, but the 6th is1

length

Same as above

content

The concatenation of the BER codes of the components of the value:

  • For a simple string type and a type derived from it by implicit tagging, the BER encoding of consecutive substrings of that value (the underlying value of the implicit tag) is concatenated.
  • For structured types and types derived from them by implicit labeling, concatenation of the BER encoding of the components of the value (the underlying value of the implicit labeling).
  • For types derived from any content by explicit markup, the BER encoding of the base value.

Structured variable length coding

This method is applicable to simple string types, structured types, simple string types and structured types derived from implicit tags, and types derived from any content through explicit tags. There is no need to know the length of the value in advance. The part of BER encoding is as follows:

  • Identifier. Ibid.
  • length. One byte,80
  • content. Ibid.
  • End of content. Two bytes00 00

Distinguishable coding rules (DER)

ASN.1's distinguishable encoding rule (abbreviated as DER) is a subset of BER, and gives a precise method of expressing any ASN.1 value as an octet string.
DER added the following restrictions to the rules given in BER:

  • When the length is between 0 and 127, you must use a short length form
  • When the length is 128 or more, the long form length must be used, and the length must be encoded with the minimum number of octets.
  • For simple string types and implicit tag types derived from simple string types, the original fixed-length method must be used.
  • For structured types, implicit markup types derived from structured types and explicit markup types derived from anything must use the constructed fixed-length method.

Variable examples

  • BIT STRING value "011011100101110111"

    • 03 04 06 6e 5d c0 DER encoding
    • 03 81 04 06 6e 5d c0long form of length octets
    • 23 09 03 03 00 6e 5d 03 02 06 c0constructed encoding: "0110111001011101" + "11"

  • IA5String value "[email protected]"

    • 16 0d 74 65 73 74 31 40 72 73 61 2e 63 6f 6dDER encoding
    • 16 81 0d 74 65 73 74 31 40 72 73 61 2e 63 6f 6dlong form of length octets
    • 36 13 16 05 74 65 73 74 31 16 01 40 16 07 72 73 61 2e 63 6f 6dconstructed encoding: "test1" + "@" + "rsa.com"

example

ASN.1 notation for X.501 type Name is given

Name ::= CHOICE {
  RDNSequence }

RDNSequence ::= SEQUENCE OF RelativeDistinguishedName

RelativeDistinguishedName ::=
  SET OF AttributeValueAssertion

AttributeValueAssertion ::= SEQUENCE {
   AttributeType,
   AttributeValue }

AttributeType ::= OBJECT IDENTIFIER

AttributeValue ::= ANY

Tree-like representation is like this

|-Name CHOICE
   |-RDNSequence SEQUENCE OF
        |-RelativeDistinguishedName SET OF
            |-AttributeValueAssertion SEQUENCE
                |-AttributeType OBJECT IDENTIFIER
                |-AttributeValue ANY

This section gives an example of the DER encoding of values ​​of type Name from bottom to top.
This name is the name of test user 1 in the PKCS example [Kal93]. The name is represented by the following path:

            (root)
               |
        countryName = "US"
               |
organizationName = "Example Organization"
               |
    commonName = "Test User 1"

Each level corresponds to a RelativeDistinguishedNamevalue, and for the name, each level consists of a AttributeValueAssertionvalue. AttributeTypeThe value is before the equal sign, and the AttributeValuevalue (print string for the given attribute type) is after the equal sign.
countryName, organizationNameAnd commonUnitNameis the attribute type defined by X.520:

attributeType OBJECT IDENTIFIER ::=
  { joint-iso-ccitt(2) ds(5) 4 }

countryName OBJECT IDENTIFIER ::= { attributeType 6 }

organizationName OBJECT IDENTIFIER ::=
  { attributeType 10 }

commonUnitName OBJECT IDENTIFIER ::=
  { attributeType 3 }

  • AttributeType The
    above countryName, organizationName, commonName values ​​are all OCTET STRING. Therefore their DER encoding method should be primitive, definite-length. For OBJECT IDENTIFIER type, the Identifier field should be 06. bit8 and bit7 are 0, representing Universal class

    06 03 55 04 06  countryName
06 03 55 04 0a  organizationName
06 03 55 04 03  commonName

  • AttributeValue
    assumes that the above countryName, organizationName, commonName attribute values ​​are all PrintableString, and the values ​​are "US", "Example Organization", and "Test User 1". The
    encoding results are:

    13 02 55 53  // "US"
13 14 45 78 61 6d 70 6c 65 20 4f 72 67 61 6e 69 7a 61 74 69 6f 6e // "Example Organization"
13 0b 54 65 73 74 20 55 73 65 72 20 31 // "Test User 1"

  • AttributeValueAssertion

    30 09           // countryName = "US"
    06 03 55 04 06
    13 02 55 53 
30 1b           // organizationName = "Example Organization"
    06 03 55 04 0a
    13 14 45 78 61 6d 70 6c 65 20 4f 72 67 61 6e 69 7a 61 74 69 6f 6e
30 12          // commonName = "Test User 1"
    06 03 55 04 0b
    13 0b 54 65 73 74 20 55 73 65 72 20 31

  • RelativeDistinguishedName

    31 0b
    30 09 ... 55 53
31 1d
    30 1b ... 6f 6e
31 14
    30 12 ... 20 31

  • RDNSequence

    30 42
    31 0b ... 55 53
    31 1d ... 6f 6e
    31 14 ... 20 31

  • Name
    CHOICE is equivalent to a consortium, so it is the same as RDNSequence

    30 42
    31 0b
        30 09                                   
            06 03 55 04 06 // attributeType = countryName           
            13 02 55 53 // attributeValue = "US"
    31 1d
        30 1b
            06 03 55 04 0a // attributeType = organizationName                 
            13 14 45 78 61 6d 70 6c 65 20 4f 72 67 67 61 6e 69 7a 61 74 69 6f 6e  // attributeValue = "Example Organization"
    31 14
        30 12
            06 03 55 04 03 // attributeType = commonName                   
            13 0b 54 65 73 74 20 55 73 65 72 20 31 // attributeValue = "Test User 1"

Put the data in the file, go to online asn.1 to parse, and parse successfully

Reference link

A Layman's Guide to a Subset of ASN.1, BER, and DER
ASN.1 学习
ASN.1 JavaScript decoder

Guess you like

Origin www.cnblogs.com/20175211lyz/p/12722360.html
Recommended
Arc Browser for Windows 1.0 officially GA
A programmer born in the 1990s developed a video porting software and made over 7 million in less than a year. The ending was very punishing!
Ranking
1. Select Sort
Create a thread thread
3 press to play ball that reach 6
Programmation CUDA (4) : gestion de la mémoire
SpringBoot database connection pool Druid error
E Diudiu App redesign summary
4EVERLAND Hosting now supports SNS+IPFS
About HTTPS
[vue3+vite+ts+element-plu+sass] uses bug records in sass
Interpretation of HUAWEI CLOUD GaussDB (for Influx): Best Practice Data Modeling
Daily
More
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)

Code World

© 2018 codetd.com