Introduction to the ASN.1 series of OpenSSL 2---asn.1 encoding method --- Based on OpenSSL source code, ssleay statements, and other relevant materials Author: dragonking (Eric Wang) Mail: wzhah@263.net Copyright Disclaimer: This article cannot be reproduced on any commercial publications or websites without the authorization of the author Website: http://openssl.126.com OpenSSL version: openssl-0.9.7 References: "Computer Network", "a layman's Guide to a subset of ASN.1, Ber, And der"
ASN.1 object encoding is an important part of the ASN.1 standard. Currently, BER is usually used, while der is a subset of it. This section briefly introduces the encoding method. A standard ASN.1 encoding object has four fields: the object identification domain, the Data Length domain, the data domain, and the end mark (optional, required when the length is unknown, OpenSSL does not contain this flag ). [Object identification domain] The object identification field can be in the form of a low tag number (TAG value ranges from 0 to 30) and a high tag number (TAG value greater than 30. There is only one byte in the form of a low tag number, which consists of three parts: numbered from low to 1, and 8 and 7 are tag types. There are four types: Universal (0 0) application (0 1), context-specific (1 0), and private (1 1); 6th bits are 0, indicating that the encoding type is basic, and the 5-1 bits are tag values. The high-tag numeric format can contain two or more bytes. The first byte is the same as the low-tag numeric format, but the low-5-bit value is 1, the tag value is given in the second and subsequent bytes. These bytes only use the low 7 bits as the data bit, and the highest bits is set to 0, however, the maximum bit of the last byte is set to 1, and the high priority is adopted. It may be less numeric. [Data Length domain] Data Length fields can also be in the short form or long form. The short-form data length field has only one byte, and the 8th-bit value is 0. The other 7-bit low-Bit Data Length is given. The long form of data has two to 127 bytes in length. The first byte's 8th bits is 1. The other low 7 bits indicate the number of bytes used by the domain. The data length is given starting from the second byte of the domain, based on 256, high priority. [Data domain] The data field provides specific data values. The encoding of this field is different for different data types. I will not detail them here. For more information, see references. [Encoding example] The following is an example of DER encoding for an object given by ssldocument. For more examples, refer to the references provided in this Article. The object used in this example is a bit string type object defined by ASN.1. The encoding steps are as follows: 1. Use "0" to fill the counterpoint string so that its length is an integer multiple of 8 (if it is already an integer multiple, you do not need to fill it ); 2. Calculate and write down the filled digits to become the first byte of the data content; 3. The bit string after the data is written. The high byte takes precedence. The preceding bytes constitute all the bytes of the data content; 4. Add a first byte before the data. The byte is defined as follows (the number starts from low to 1 ): 8th, 7 bits: 00 (universal type) 6th bits: 0 (indicating the encoding of the basic type with a limited length) 5-1: 0x03 (indicating Bit String) This byte defines the object identification field; 5. Then, add the defined bytes as follows between the byte of the object identification domain and the Data byte: Calculate the number of bytes of data (except for the object identification domain data). If the number is less than 127 bytes, define a byte as follows: 8th bits: 0 7-1: number of bytes of data content If the number of bytes in the data content is greater than 127, two or more bytes must be defined. The first byte is defined as follows: 8th bits: 1 7-1: the number of bytes after the domain The subsequent bytes are the number of bytes of the data content, each byte is based on 256, the high priority The following is an actual data example: Bit String: '20140901' 1. Add two zeros to the backend, and convert them to an integer multiple of 8. The result is 0100010011101100 '; 2. '02' is the byte of the first data content; 3. '44 EC' is the byte of the remaining data content; 4. '03' is the byte marked by the previous object; 5. Because the tag value of Bit String is 3 <= 127, there is only one byte length field '03 '; The DER encoding of this bit string is 03 02 44 EC. The first byte is the object identification domain, the second byte is the Data Length domain, and the other is the data domain. |