OpenSSL ASN.1 Series 2 --- ASN.1 Coding Method
--- is written according to OpenSSL source code, SSLEAY Documents and other related materials
Author: DragonKing (Eric Wang)
Mail: wzhah@263.net
Copyright Notice: This article cannot be reproduced on any commercial publication or website without authorization, this article cannot be reproduced on any commercial publication or website.
Release website: http://openssl.126.com
OpenSSL version: OpenSSL-0.9.7
Reference: "Computer Network", "a Layman's Guide to a Subset of Asn.1, Ber, And Der"
The encoding of the ASN.1 object is an important part of the ASN.1 standard. Currently, BER is usually used, while DER is a subset. This article will provide a brief introduction to the encoding method.
A standard ASN.1 encoding object has four domains: object identification domain, data length domain, data field, and end flag (optional, there is no such flag in OpenSS1 in the case of unknown length).
[Objectomoology]
There are two forms of object identification fields, and low TAG numbers (TAG values are between 0 and 30) and high TAG numbers (TAG values greater than 30).
The low tag digital form has only one byte, including three parts, starting number from low to 1, 8 and 7 are TAG type, have four kinds, named universal (0 0), Application (0 1), Context-Specific 1 0) and Private (1 1); the 6th bit is 0, indicating that the encoding type is the basic type, and the 5-1 bits are TAG values.
High TAG digital forms can have two or more bytes, the first byte is the same as the low TAG digital form, but the low 5-bit value is 1, and gives the subsequent second and subsequent bytes The TAG value, these bytes are only used for 7 bits of data bits, and the highest bit is set to 0, but the maximum bit of the last byte is set to 1, and the high-level priority is used.
[Data Length Domain]
There are also two forms, short forms and long forms in the data length domain.
There is only one byte of the short-form data length domain, the 8th bit is 0, and the other low 7 bits give the data length.
The long form of data length is 2 to 127 bytes. The first byte of the 8th bit is 1, and the other lower 7 bits give the number of bytes used in the subsequent domain, and the length of the data starts from the domain, based on 256, the high position is preferred.
[Data Domain]
The data field gives the specific data value. The domain encoding is different for different data types, which will not be detailed in one by one, interested in referring to the reference.
[A code example]
Below is an example of the DER encoding given to an object given by SSLDocument, and more examples can refer to the reference given herein.
Example The object used is an object of the Bit String type defined by ASN.1, and its encoding steps are as follows:
1. Use "0" to fill the integer multiple of the length of 8 (if it is already an integer multiple, it is not necessary to fill it);
2. Calculate the number of bits that fill and write it, be the first byte of the data content;
3. The bit string after writing is written, and the high byte is preferred. These data constitute all bytes of the previous byte of the data content;
4. Plus a header in front of these data, this byte is defined as follows (number starting from the low position):
8th, 7th: 00 (universal type)
The 6th digits: 0 (indicating that the basic type, limited length coding)
5-1 bits: 0x03 (indicating that Bit String)
This byte defines object identification fields; 5. Then add the defined byte below between object identity domain bytes and data bytes:
Calculate how many bytes of data content (except for object identity domain data), if less than 127 bytes, then define one byte as follows:
8th place: 0
Section 7-1: Number of bytes of data content
If the number of bytes of the data content is greater than 127, you need to define two or more bytes, where the definition of the first byte is as follows:
8th place: 1
7-1 bits: How many bytes behind this domain
The subsequent bytes are the number of bytes of the data content, based on 256 per word, high priority
Here is an actual data example:
Bill: '01000100111011'
1. Supply two 0 in the back, become an integer multiple of 8, get '0100010011101100';
2. '02 'is byte as the first data content;
3. '44 EC 'by the byte of the rest of the data content;
4. '03 'As the previous object identification bytes;
5. Because Bit String's Tag value 3 <= 127, there is only one byte length domain '03';
Then the DER encoding of this bit string is 03 03 02 44 EC, where the first byte is an object identification field, the second byte is the data length domain, and the other is a data domain.
