ASN.1 BER DER
基础
Parsing BER and DER encoded ASN.1 Objects
Introduction to ASN.1 Syntax and Encoding
A Layman’s Guide to a Subset of ASN.1, BER, and DER
结构
tag - length - value
其中,value中可以再嵌套 tag - length - value
tag
ASN.1 Listing of Universal Tags
第8、7位标识tag class:{ universal 00, application 01, context-specific 10, private 11 }
第6位标识是否constructed: { 0 primitive, 1 constructed }
后5位标识tag number
implicit vs explicit
默认explicit
Type1 ::= VisibleString
Type2 ::= [APPLICATION 3] IMPLICIT Type1
Type3 ::= [2] Type2
Type4 ::= [APPLICATION 7] IMPLICIT Type3
Type5 ::= [2] IMPLICIT Type2
value: Jones
Type1:
0x1A=0b00011010 0x05 0x4A6F6E657
Type2:
Application 01, tag number 替换为3
0b01000011 = 0x43 0x05 0x4A6F6E657
Type3: 默认explicit, explicit为context-specific 10 且structured 1, tag number替换为2
0b10100010 = 0xa2 0x07 0x43 0x05 0x4A6F6E657
Type4: Application 01, tag number替换为07,structured 1不变
0b01100111 = 0x67 0x07 0x43 0x05 0x4A6F6E657
Type5: implicit为context-specific 10,tag number替换为2, 保持原来Type2的primitive不变
0b10000010 = 0x82 0x05 0x4A6F6E657
length
Encoded Length and Value Bytes
第8位为0,标识short form length。后7位标识length值。
第8位为1,标识long form length。后7位标识length取值的字节数,随后的字节数取值即为实际length值。
第8位为1,如果后7位的字节数为0,则标识长度不定,遇0x00 0x00停止。
value
oid
OBJECT IDENTIFIER (oid) 的 value 进行了压缩
前两位合并成1个字节: x_1 * 40 + x_2
后续位数,如果<128,则映射为单字节;如果>=128,则第8bit 置1,后7bits做为128的倍数处理,<128的余数单独编列为1字节。
bit string
bit string 的 value 部分的首个字节,标识了将该bit string长度填充为8的倍数所需的bit数
示例
Reading encode asn file manually
30 82 02 10 04 01 56 …
tag: 0x30 = 0b00110000
class = 00 universal
constructed = 1 yes
tag number = 0b10000 = 16 = SEQUENCE and SEQUENCE OF
length: 0x82 = 0b10000010,
long form length : 1
length's bytes number = 2
length = 0x0210 = 528
value: 04 01 56 …
30 80 04 03 56 78 90 00 00
tag: 同前
length: 0x80 = 0b10000000,
long form length : 1
标识后面字节数不定
value:
04 03 56 78 90 : tag 04, length 03, value 56 78 90
00 00 : tag 00, length 00
df 82 02 05 12 34 56 78 90
tag: df 82 02
0xdf = 1101 1111 : 11 class private, 0 primitive, 11111 全1标识long tag encoding
0x82 = 1000 0010 : 1 后面的字节还是tag number取值, 0b0000010 = 2
0x02 = 0000 0010 : 0 是tag number取值的最后一个字节,0b0000010 = 2
tag number = 0b00000100000010 = 258
length: 05
value: 12 34 56 78 90
oid 1.3.6.1.4.1.311.21.20
06 09 ; OBJECT_ID (9 Bytes)
| 2b 06 01 04 01 82 37 15 14
0x06 : tag object
0x09 : length
0x2b : 1*40 + 3 = 0x2b
311 = 128*2 + 55 = 0b10000010 + 0b00110111 = 0x82 + 0x37
bit string 011011100101110111
0110 1110 0101 1101 11xx xxxx
应填充6个bit: 0110 1110 0101 1101 1100 0000
tag: 0x03
length: 0x04
value: 0x06 填充6个bit,后面3个字节以填充后的padding直接转换 0x6e 0x5d 0xc0
=> 03 04 06 6e 5d c0 (short form length)
=> 03 81 04 06 6e 5d c0 (long form of length octets)
=> 23 09 03 03 00 6e 5d 03 02 06 c0 (constructed)
DER vs BER
DER是BER的子集, 对每个ASN.1值只有唯一一种编码方法
DER对短型长度、长型长度、隐式标签简单定长、显式标签结构化定长等场景做了限制。
