这段时间在做mms协议解析相关的工作,而mms协议的报文是用asn.1格式编码的,所以了解了一些相关知识。现在把asn.1相关的总结分享一下,如有不当的地方欢迎指正。
参考资料
- LDAPv3 Wire Protocol Reference: The ASN.1 Basic Encoding Rules – LDAP.com (一个非常详细的网站,关于LDAP的asn.1表示)
- 《asn1 complete》( 一本书)
- 《ISO8825》 (官方文档)
结构
asn.1有很多种格式,如BER,CER,PER等,常用的就是BER:Basic Encoding Rulse
对于BER,简单得说就是通过tlv(tag, length, value)三元组进行编码,且tlv三者都支持嵌套结构,也就是说length的表示也可以通过tlv形式编码。
tag
tag 表示的是后续数据的类型。对于tag网上有各种说法,也有称之为type的,类型有几十种。一般来说tag占一字节,但是也有多字节类型。如果是多字节类型可能也要用tlv格式表示,本文仅列出单字节类型。常用类型如下(这一部分很重要,因为通常在报文中见到的都是这些完整字节,如果要仔细了解最好是看二进制编码),且这里列举的tag Number都为0
/*BER encoding macros*/
#define B_UNIVERSAL_PRIMITIVE 0x00 //00 0 0000
#define B_UNIVERSAL_CONSTRUCTED 0x20 //00 1 0000
#define B_APP_PRIMITIVE 0x40 //01 0 0000
#define B_APP_CONSTRUCTED 0x60 //01 1 0000
#define B_CTX_SPECIFIC_PRIMITIVE 0x80 //10 0 0000
#define B_CTX_SPECIFIC_CONSTRUCTED 0xa0 //10 1 0000
#define B_PRIVATE_PRIMITIVE 0xc0 //11 0 0000
#define B_PRIVATE_CONSTRUCTED 0xe0 //11 0 0000
但是tag的一个字节其实是由三部分构成的,分别是class(类),Primitive or Constructed(结构标志)和Tag Number(tag 号)。
布局
| Bits | 8 | 7 | 6 | 5 | 4 | 3 | 2 | 1 |
|---|---|---|---|---|---|---|---|---|
| Purpose | class | — | Primitive or Constructed? | Tag Number | — | — | — | — |
- class 高两位
- 结构标志 第6位
- Tag Number 低5位
类
| Class | Bit 8 | Bit 7 | 说明 |
|---|---|---|---|
| Universal | 0 | 0 | 通用类型,常见7个,后面跟tag Number表示数据类型 |
| Application | 0 | 1 | 协议类型 |
| Context-specific | 1 | 0 | 上下文相关 |
| Private | 1 | 1 | 自定义,少用 |
Universal类型常见的7个是:
- BOOLEAN
- INTEGER
- OCTET STRING
- NULL
- ENUMERATED
- SEQUENCE
- SET
结构标志
- 0: 表示Primitive 原生类型,就是上文的1~5类;其他还有UTC-time,REAL,data等也属于原生类型
- 1: 表示构造类型,就是上文的6-7类;SEQUENCE OF也是,区别于SEQUENCE的是,前者后续数据均为同一类型,而后者可以跟不同类型。在C语言中SEQUENCE OF类似于列表,SEQUENCE类似于结构体
tag number
常用的universal编码如下,Tag Number均指的是后5位,完整tag是包含了全8位的一个字节
| 数据类型 | Tag Number | Typical Use | 完整tag |
|---|---|---|---|
BOOLEAN | 0x01 | Model logical, two-state variable values | 0x01 |
INTEGER | 0x02 | Model integer variable values | 0x02 |
BIT STRING | 0x03 | Model binary data of arbitrary length | 0x03 |
OCTET STRING | 0x04 | Model binary data whose length is a multiple of eight | 0x04 |
NULL | 0x05 | Indicate effective absence of a sequence element | 0x05 |
OBJECT IDENTIFIER | 0x06 | Name information objects | 0x06 |
REAL | 0x09 | Model real variable values | 0x09 |
ENUMERATED | 0x0A | Model values of variables with at least three states | 0x0A |
CHARACTER STRING | * | Models values that are strings of characters from a specified characterset | ?? |
| ---------- | ---- | ---- | ---- |
SEQUENCE | 0x10 | 表示序列,包含的元素是有序号的 | 0x30 |
SET | 0x11 | 表示序列,但是无顺序 | 0x31 |
如果是协议自定义或者上下文相关的话tag Number就完全不确定了,可以为任意值,表示的含义也各不相同。下面简单举几个例子
| tag | 二进制表示 | 含义 |
|---|---|---|
| 0x63 | 01 1 00011 | 应用,构造,编号3(编号含义每个应用不同) |
| 0xA3 | 10 1 00011 | 上下文,构造,编号3 |
| 0x88 | 10 0 1000 | 上下文,原生数据,INSTANCE OF/EXTERNAL(tag number为0x08,可表示一种外部定义的数据结构) |
length
不定长表示
此种表示一般为头部两个0x00,尾部两个0x00,中间可以有任意数据。不常用。
定长表示
定长表示有两种,单字节和多字节。单字节表示最多表示127,多字节可以表示任意大小。
单字节第8位固定为0,后续的7位表示长度,如
- 0x02 表示长度2
- 0x0A 表示长度10
- 0x7F 表示长度为127
多字节第一个字节表示的是长度的长度,首字节的第8位固定为1,后7位表示长度的长度的值,后续字节表示真正的长度,如
- 0x81 0x0A 0x81表示后面跟1个字节,0x0A表示实际长度为10
- 0x82 0x0A 0x0B 0x81表示后面跟2个字节,0x0A 0X0B表示实际长度为2571
另外,同一个长度可以有多重不同的表示方式,如长度10,可以用如下的表示方法
- 0a
- 81 0a
- 82 00 0a
- 84 00 00 00 0a
- 8a 00 00 00 00 00 00 00 00 00 0a
value
可以为任意数据
实际例子
例1(简单)
asn.1定义
simpleExample ::= SEQENCE
{
string1 IMPLICIT OCTET STRING {"Hello!"},
bool2 IMPLICIT BOOLEAN {TRUE},
int3 IMPLICIT INTEGER {5}
}
asn.1编码
30 0e 04 06 48 65 6c 6c 6f 21 01 01 ff 02 01 05
asn.1编码解析
30 0e -- The type and length of the sequence 表示序列,长度为14
04 06 48 65 6c 6c 6f 21 -- The encoded octet string "Hello!" 04表示字符串,06表示长度为10
01 01 ff -- The encoded Boolean true 01表示布尔值,01表示长度为1,FF表示TRUE
02 01 05 -- The encoded integer five 02表示整数,01表示长度为1,05表示实际的value为5
例2(实际报文数据)
下面附上一个mms包的手动解析数据,总共解析了4个包。第一个包是一个完整包,后三个包是分片数据,三个包合成一条mms信息。文末附有该mms包
030000c1 TPKT len = 193
02f080 COTP
0db80506130100160102140200023302000134020001c1a2 Session protocol
31819f SET OF 长len len = 159 (8823 pre protocol)
a003 800101 context 结构 0 len = 2,context primitive 0 len = 1 v = 1 (normal-mode)
a28197 context 结构 2 len = 151 (normal-mode-parameters)
8104 context primitive 1 len = 4 00000001
8204 context primitive 2 len = 4 00000001
a423 context struct 4 len = 34 300f0201010604520100013004060251013010020103060528ca220201300406025101
8802 context primitive 8 len = 2 0600
6160 app struct 1 len = 96 (8650-1 ACS)
305e seq len = 94
020101 INT len = 1
a059 context struct 0 len = 89
6057 app struct 0 len = 87
8002 context primitive len = 2 0780
a107 context struct 1 len = 7 060528ca220203
a205 context struct 2 len = 5 06032b0000
a303 context struct 3 len = 3 020117
a606 context struct 6 len = 6 06042bce0f21
a703 context struct 7 len = 3 020121
be2f context struct 14 len = 47
282d universal Instance len = 45
020103 INT len = 1
a028 context struct 0 len = 40 (mms)
a826 context struct 8 len = 38
80030186a0810101820101830105a416800101810305fb00820c03ee0000000402000058fd10
分片数据
03000404 TPKT len = 1028
02f000 COTP
01000100 Session protocol
61820a16 app struct 1 长2 len = 2582 (8823 pre protocol)
30820a12 seq 长2 len = 2578
020103 INT len = 1
a0820a0b context struct 0 长2 len = 2571 (mms)
a0820a07 context stuct 0 长2 len = 2567
020203d2a58209ffa0820916302aa028a1261a0a50525337373850524f541a18483250564f433324534524456e61626c652473657456616c302da02ba1291a0a50525337373850524f541a1b483250564f433324534524426c6b446972456e612473657456616c302da02ba1291a0a50525337373850524f541a1b483250564f433324534524426c6b566f6c456e612473657456616c302ba029a1271a0a50525337373850524f541a19483250564f4333245345244f55544d4154522473657456616c302ca02aa1281a0a50525337373850524f541a1a483350564f4331245345244f70446c546d6d732473657456616c302fa02da12b1a0a50525337373850524f541a1d483350564f433124534524426c6b56616c567070247365744d61672466302ea02ca12a1a0a50525337373850524f541a1c483350564f433124534524426c6b56616c5632247365744d61672466302ea02ca12a1a0a50525337373850524f541a1c483350564f43312453452453747256616c5347247365744d61672466302ca02aa1281a0a50525337373850524f541a1a483350564f433124534524446972546f4275732473657456616c302aa028a1261a0a50525337373850524f541a18483350564f433124534524456e61626c652473657456616c302da02ba1291a0a50525337373850524f541a1b483350564f433124534524426c6b446972456e612473657456616c302da02ba1291a0a50525337373850524f541a1b483350564f433124534524426c6b566f6c456e612473657456616c302ba029a1271a0a50525337373850524f541a19483350564f4331245345244f55544d4154522473657456616c302ca02aa1281a0a50525337373850524f541a1a483350564f4332245345244f70446c546d6d732473657456616c302fa02da12b1a0a50525337373850524f541a1d483350564f433224534524426c6b56616c567070247365744d61672466302ea02ca12a1a0a50525337373850524f541a1c483350564f433224534524426c6b56616c5632247365744d61672466302ea02ca12a1a0a50525337373850524f541a1c483350564f43322453452453747256616c5347247365744d61672466302ca02aa1281a0a50525337373850524f541a1a483350564f433224534524446972546f4275732473657456616c302aa028a1261a0a50525337373850524f541a18483350564f433224534524456e61626c652473657456616c302da02ba1291a0a50525337373850524f541a1b483350564f433224534524426c6b446972456e612473657456616c302da02ba1291a0a50525337373850524f541a1b483350564f433224534524426c6b566f6c456e612473657456616c302ba029a1271a0a (1013B)
03000404 TPKT len = 1028
02f000 COTP
50525337373850524f541a19483350564f4332245345244f55544d4154522473657456616c302ca02aa1281a0a50525337373850524f541a1a484a50544f43312453452453747256616c247365744d61672466302ca02aa1281a0a50525337373850524f541a1a484a50544f4331245345244f70446c546d6d732473657456616c302aa028a1261a0a50525337373850524f541a18484a50544f433124534524446972456e612473657456616c302ca02aa1281a0a50525337373850524f541a1a484a50544f433124534524446972546f4275732473657456616c302aa028a1261a0a50525337373850524f541a18484a50544f433124534524456e61626c652473657456616c302ba029a1271a0a50525337373850524f541a19484a50544f4331245345244f55544d4154522473657456616c3029a027a1251a0a50525337373850524f541a17484a50544f4331245345245472456e612473657456616c302ca02aa1281a0a50525337373850524f541a1a484a50544f4331245345244578334930456e612473657456616c302ca02aa1281a0a50525337373850524f541a1a4850475044495331245345245068537472247365744d61672466302da02ba1291a0a50525337373850524f541a1b485047504449533124534524476e64537472247365744d61672466302da02ba1291a0a50525337373850524f541a1b4850475044495331245345245269734c6f64247365744d61672466302da02ba1291a0a50525337373850524f541a1b4850475044495331245345244f70446c546d6d732473657456616c302da02ba1291a0a50525337373850524f541a1b4850475044495331245345245068446c546d6d732473657456616c302ea02ca12a1a0a50525337373850524f541a1c485047504449533124534524476e64446c546d6d732473657456616c302da02ba1291a0a50525337373850524f541a1b4850475044495331245345244c696e416e67247365744d61672466302da02ba1291a0a50525337373850524f541a1b4850475044495331245345244b3046616374247365744d616724663030a02ea12c1a0a50525337373850524f541a1e4850475044495331245345245a56616c546f54666d247365744d616724663030a02ea12c1a0a50525337373850524f541a1e4850475044495331245345245a56616c546f427573247365744d61672466302ba029a1271a0a50525337373850524f541a19485047504449533124534524456e61626c652473657456616c302ca02aa1281a0a50525337373850524f541a1a4850475044495331245345244f55544d4154522473657456616c302ca02aa1281a0a50525337373850524f541a1a4850475044495332245345245068537472247365744d61672466302da02ba1291a0a505253 (1021B)
0300022b TPKT len = 555
02f080 COTP last data unit 10000000
37373850524f541a1b485047504449533224534524476e64537472247365744d61672466302da02ba1291a0a50525337373850524f541a1b4850475044495332245345245269734c6f64247365744d61672466302da02ba1291a0a50525337373850524f541a1b4850475044495332245345244f70446c546d6d732473657456616c302da02ba1291a0a50525337373850524f541a1b4850475044495332245345245068446c546d6d732473657456616c302ea02ca12a1a0a50525337373850524f541a1c485047504449533224534524476e64446c546d6d732473657456616c302da02ba1291a0a50525337373850524f541a1b4850475044495332245345244c696e416e67247365744d61672466302da02ba1291a0a50525337373850524f541a1b4850475044495332245345244b3046616374247365744d61672466a081e283010083010083010085010085010087050800000000870508000000008705080000000083010083010083010083010085010085010087050800000000870508000000008705080000000083010083010083010083010085010087050800000000850100830100830100830100850100830100830100870508000000008705080000000087050800000000850100850100850100870508000000008705080000000087050800000000870508000000008301008501008705080000000087050800000000870508000000008501008501008501008705080000000087050800000000 (548B)
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
