Home

ASN.1 BER DER

基础

ASN.1: Introduction

ASN.1/BER/DER

Parsing BER and DER encoded ASN.1 Objects

Introduction to ASN.1 Syntax and Encoding

ASN.1 Complete

ASN.1 JavaScript decoder

A Layman’s Guide to a Subset of ASN.1, BER, and DER

结构

tag - length - value

其中,value中可以再嵌套 tag - length - value

tag

Encoded Tag Bytes

ASN.1 Listing of Universal Tags

第8、7位标识tag class:{ universal 00, application 01, context-specific 10, private 11 }

第6位标识是否constructed: { 0 primitive, 1 constructed }

后5位标识tag number

implicit vs explicit

ASN.1 tagging principles

IV. ASN.1

X.690

默认explicit

Type1 ::= VisibleString 
Type2 ::= [APPLICATION 3] IMPLICIT Type1 
Type3 ::= [2] Type2 
Type4 ::= [APPLICATION 7] IMPLICIT Type3 
Type5 ::= [2] IMPLICIT Type2

value: Jones

Type1: 
0x1A=0b00011010 0x05 0x4A6F6E657

Type2: 
Application 01, tag number 替换为3
0b01000011 = 0x43  0x05 0x4A6F6E657

Type3: 默认explicit, explicit为context-specific 10 且structured 1, tag number替换为2
0b10100010 = 0xa2 0x07 0x43 0x05 0x4A6F6E657

Type4: Application 01, tag number替换为07,structured 1不变
0b01100111 = 0x67 0x07 0x43 0x05 0x4A6F6E657

Type5: implicit为context-specific 10,tag number替换为2, 保持原来Type2的primitive不变
0b10000010 = 0x82 0x05 0x4A6F6E657

length

Encoded Length and Value Bytes

第8位为0,标识short form length。后7位标识length值。

第8位为1,标识long form length。后7位标识length取值的字节数,随后的字节数取值即为实际length值。

第8位为1,如果后7位的字节数为0,则标识长度不定,遇0x00 0x00停止。

value

oid

OBJECT IDENTIFIER

OBJECT IDENTIFIER (oid) 的 value 进行了压缩

前两位合并成1个字节: x_1 * 40 + x_2

后续位数,如果<128,则映射为单字节;如果>=128,则第8bit 置1,后7bits做为128的倍数处理,<128的余数单独编列为1字节。

bit string

BIT STRING

bit string 的 value 部分的首个字节,标识了将该bit string长度填充为8的倍数所需的bit数

示例

Reading encode asn file manually

30 82 02 10 04 01 56 …

tag: 0x30 = 0b00110000

class = 00 universal

constructed = 1 yes

tag number = 0b10000 = 16 = SEQUENCE and SEQUENCE OF

length: 0x82 = 0b10000010,

long form length : 1

length's bytes number = 2 

length = 0x0210 = 528

value: 04 01 56 …

30 80 04 03 56 78 90 00 00

tag: 同前

length: 0x80 = 0b10000000,

long form length : 1

标识后面字节数不定

value:

04 03 56 78 90  :  tag 04, length 03, value 56 78 90

00 00 : tag 00, length 00

df 82 02 05 12 34 56 78 90

tag: df 82 02

0xdf = 1101 1111 : 11 class private, 0 primitive, 11111 全1标识long tag encoding

0x82 = 1000 0010 : 1 后面的字节还是tag number取值, 0b0000010 = 2 
0x02 = 0000 0010 : 0 是tag number取值的最后一个字节,0b0000010 = 2
tag number = 0b00000100000010 = 258

length: 05

value: 12 34 56 78 90

oid 1.3.6.1.4.1.311.21.20

06 09                                ; OBJECT_ID (9 Bytes)
|  2b 06 01 04 01 82 37 15 14

0x06 : tag object

0x09 : length

0x2b : 1*40 + 3 = 0x2b

311 = 128*2 + 55 = 0b10000010 + 0b00110111 = 0x82 + 0x37

bit string 011011100101110111

0110 1110 0101 1101 11xx xxxx

应填充6个bit: 0110 1110 0101 1101 1100 0000

tag: 0x03

length: 0x04

value: 0x06 填充6个bit,后面3个字节以填充后的padding直接转换 0x6e 0x5d 0xc0

=> 03 04 06 6e 5d c0  (short form length)

=> 03 81 04 06 6e 5d c0 (long form of length octets)

=> 23 09   03 03 00 6e 5d   03 02 06 c0 (constructed)

DER vs BER

DER是BER的子集, 对每个ASN.1值只有唯一一种编码方法

DER对短型长度、长型长度、隐式标签简单定长、显式标签结构化定长等场景做了限制。

Published

21 April 2019

Categories

Tags


Share On