ASN.1
Abstract Syntax Notation One is a standard interface description language for defining data structures that can be serialized and deserialized in a cross-platform way. It is broadly used in telecommunications and computer networking, and especially in cryptography.
Protocol developers define data structures in ASN.1 modules, which are generally a section of a broader standards document written in the ASN.1 language. The advantage is that the ASN.1 description of the data encoding is independent of a particular computer or programming language Because ASN.1 is both human-readable and machine-readable, an ASN.1 compiler can compile modules into libraries of code, CODECs, that decode or encode the data structures. Some ASN.1 compilers can produce code to encode or decode several encodings, e.g. packed, BER or XML.
ASN.1 is a joint standard of the International Telecommunication Union Telecommunication Standardization Sector in ITU-T Study Group 17 and ISO/IEC, originally defined in 1984 as part of CCITT X.409:1984. In 1988, ASN.1 moved to its own standard, X.208, due to wide applicability. The substantially revised 1995 version is covered by the X.680 series. The latest revision of the X.680 series of recommendations is the 5.0 Edition, published in 2015.
Language support
ASN.1 is a data type declaration notation. It does not define how to manipulate a variable of such a type. Manipulation of variables is defined in other languages such as SDL for executable modeling or TTCN-3 for conformance testing. Both these languages natively support ASN.1 declarations. It is possible to import an ASN.1 module and declare variable of any of the ASN.1 types declared in the module.Applications
ASN.1 is used to define a large number of protocols. Its most extensive uses continue to be telecommunications, cryptography, and biometrics.| Protocol | Specification | Specified or Customary Encoding Rules | Uses |
| Interledger Protocol | https://interledger.org/rfcs/asn1/index.html | Octet Encoding Rules | |
| NTCIP 1103 - Transport Management Protocols | Octet Encoding Rules | Traffic, Transportation, and Infrastructure Management | |
| X.500 Directory Services | The ITU X.500 Recommendation Series | Basic Encoding Rules, Distinguished Encoding Rules | LDAP, TLS Certificates, Authentication |
| Lightweight Directory Access Protocol | IETF RFC | Basic Encoding Rules | |
| PKCS Cryptography Standards | PKCS Cryptography Standards | Basic Encoding Rules and Distinguished Encoding Rules | Asymmetric Keys, certificate bundles |
| X.400 Message Handling | The ITU X.400 Recommendation Series | An early competitor to email | |
| EMV | EMVCo Publications | Payment cards | |
| T.120 Multimedia conferencing | The ITU T.120 Recommendation Series | Basic Encoding Rules, Packed Encoding Rules | Microsoft's |
| Simple Network Management Protocol | IETF RFC | Basic Encoding Rules | Managing and monitoring networks and computers, particularly characteristics pertaining to performance and reliability |
| Common Management Information Protocol | ITU Recommendation | A competitor to SNMP but more capable and not nearly as popular | |
| Signalling System No. 7 | The ITU Q.700 Recommendation Series | Managing telephone connections over the Public Switched Telephone Network | |
| ITU H-Series Multimedia Protocols | The ITU H.200, H.300, and H.400 Recommendation Series | Voice Over Internet Protocol | |
| BioAPI Interworking Protocol | |||
| Common Biometric Exchange Formats Framework | Basic Encoding Rules | ||
| Authentication Contexts for Biometrics | |||
| Computer-supported telecommunications applications | https://www.ecma-international.org/activities/Communications/TG11/cstaIII.htm | Basic Encoding Rules | |
| Dedicated short-range communications | Packed Encoding Rules | ||
| Global System for Mobile Communications | http://www.ttfn.net/techno/smartcards/gsm11-11.pdf | Mobile Phone Communications | |
| General Packet Radio Service / Enhanced Data Rates for Global Evolution | http://www.3gpp.org/technologies/keywords-acronyms/102-gprs-edge | Mobile Phone Communications | |
| Universal Mobile Telecommunications System | http://www.3gpp.org/DynaReport/25-series.htm | Mobile Phone Communications | |
| Long-Term Evolution | http://www.3gpp.org/technologies/keywords-acronyms/98-lte | Mobile Phone Communications | |
| Common Alerting Protocol | http://docs.oasis-open.org/emergency/cap/v1.2/CAP-v1.2-os.html | XML Encoding Rules | Exchanging Alert Information, such as Amber Alerts |
| Controller–pilot data link communications | Aeronautics communications | ||
| Space Link Extension Services | Space systems communications | ||
| Manufacturing Message Specification | Manufacturing | ||
| File Transfer, Access and Management | An early and more capable competitor to File Transfer Protocol, but its rarely used anymore. | ||
| Remote Operations Service Element protocol | ITU Recommendations X.880, X.881, and X.882 | An early form of Remote procedure call | |
| Association Control Service Element | ITU Recommendation | ||
| Building Automation and Control Networks Protocol | BACNet Encoding Rules | Building automation and control, such as with fire alarms, elevators, HVAC systems, etc. | |
| Kerberos | IETF RFC | Basic Encoding Rules | Secure authentication |
| WiMAX 2 | Wide Area Networks | ||
| Intelligent Network | The ITU Q.1200 Recommendation Series | Telecommunications and computer networking |
Encodings
ASN.1 is closely associated with a set of encoding rules that specify how to represent a data structure as a series of bytes. The standard ASN.1 encoding rules include:Encoding Control Notation
ASN.1 recommendations provide a number of predefined encoding rules. If none of the existing encoding rules are suitable, the Encoding Control Notation provides a way for a user to define his or her own customized encoding rules.Relation to Privacy-Enhanced Mail (PEM) Encoding
encoding is entirely unrelated to ASN.1 and its codecs, however, encoded ASN.1 data is often PEM-encoded. This can aid with transport over media that is sensitive to textual encoding, such as SMTP relays, as well copying and pasting.Example
This is an example ASN.1 module defining the messages of a fictitious Foo Protocol:FooProtocol DEFINITIONS ::= BEGIN
FooQuestion ::= SEQUENCE
FooAnswer ::= SEQUENCE
END
This could be a specification published by creators of Foo Protocol. Conversation flows, transaction interchanges, and states are not defined in ASN.1, but are left to other notations and textual description of the protocol.
Assuming a message that complies with the Foo Protocol and that will be sent to the receiving party, this particular message is:
myQuestion FooQuestion ::=
ASN.1 supports constraints on values and sizes, and extensibility. The above specification can be changed to
FooProtocol DEFINITIONS ::= BEGIN
FooQuestion ::= SEQUENCE
FooAnswer ::= SEQUENCE
FooHistory ::= SEQUENCE
END
This change constrains trackingNumbers to have a value between 0 and 199 inclusive, and questionNumbers to have a value between 10 and 20 inclusive. The size of the questions array can be between 0 and 10 elements, with the answers array between 1 and 10 elements. The anArray field is a fixed length 100 element array of integers that must be in the range 0 to 1000. The '...' extensibility marker means that the FooHistory message specification may have additional fields in future versions of the specification; systems compliant with one version should be able to receive and transmit transactions from a later version, though able to process only the fields specified in the earlier version. Good ASN.1 compilers will generate source code that will automatically check that transactions fall within these constraints. Transactions that violate the constraints should not be accepted from, or presented to, the application. Constraint management in this layer significantly simplifies protocol specification because the applications will be protected from constraint violations, reducing risk and cost.
To send the myQuestion message through the network, the message is serialized as a series of bytes using one of the encoding rules. The Foo protocol specification should explicitly name one set of encoding rules to use, so that users of the Foo protocol know which one they should use and expect.
Example encoded in DER
Below is the data structure shown above encoded in DER format :30 13 02 01 05 16 0e 41 6e 79 62 6f 64 79 20 74 68 65 72 65 3fDER is a type-length-value encoding, so the sequence above can be interpreted, with reference to the standard SEQUENCE, INTEGER, and IA5String types, as follows:
30 — type tag indicating SEQUENCE
13 — length in octets of value that follows
02 — type tag indicating INTEGER
01 — length in octets of value that follows
05 — value
16 — type tag indicating IA5String
0e — length in octets of value that follows
41 6e 79 62 6f 64 79 20 74 68 65 72 65 3f — value
Example encoded in XER
Alternatively, it is possible to encode the same ASN.1 data structure with XML Encoding Rules to achieve greater human readability "over the wire". It would then appear as the following 108 octets, :Example encoded in PER (unaligned)
Alternatively, if Packed Encoding Rules are employed, the following 122 bits will be produced:01 05 0e 83 bb ce 2d f9 3c a0 e9 a3 2f 2c af c0
In this format, type tags for the required elements are not encoded, so it cannot be parsed without knowing the expected schemas used to encode. Additionally, the bytes for the value of the IA5String are packed using 7-bit units instead of 8-bit units, because the encoder knows that encoding an IA5String byte value requires only 7 bits. However the length bytes are still encoded here, even for the first integer tag 01.
The last 6 bits in the encoded PER are padded with null bits in the 6 least significant bits of the last byte c0 : these extra bits may not be transmitted or used for encoding something else if this sequence is inserted as a part of a longer unaligned PER sequence.
This means that unaligned PER data is essentially an ordered stream of bits, and not an ordered stream of bytes like with aligned PER, and that it will be a bit more complex to decode by software on usual processors because it will require additional contextual bit-shifting and masking and not direct byte addressing. However modern processors and signal processors include hardware support for fast internal decoding of bit streams with automatic handling of computing units that are crossing the boundaries of addressable storage units.
If alignment on octet boundaries was required, an aligned PER encoder would produce:
01 05 0e 41 6e 79 62 6f 64 79 20 74 68 65 72 65 3f
.
Tools
Most of the tools supporting ASN.1 do the following:- parse the ASN.1 files,
- generates the equivalent declaration in a programming language,
- generates the encoding and decoding functions based on the previous declarations.
Comparison to similar schemes
ASN.1 is similar in purpose and use to protocol buffers and Apache Thrift, which are also interface description languages for cross-platform data serialization. Like those languages, it has a schema, and a set of encodings, typically type-length-value encodings. However, ASN.1, defined in 1984, predates them by many years. It also includes a wider variety of basic data types, some of which are obsolete, and has more options for extensibility. A single ASN.1 message can include data from multiple modules defined in multiple standards, even standards defined years apart.ASN.1 also includes built-in support for constraints on values and sizes. For instance, a module can specify an integer field that must be in the range 0 to 100. The length of a sequence of values can also be specified, either as a fixed length or a range of permitted lengths. Constraints can also be specified as logical combinations of sets of basic constraints.
Values used as constraints can either be literals used in the PDU specification, or ASN.1 values specified elsewhere in the schema file. Some ASN.1 tools will make these ASN.1 values available to programmers in the generated source code. Used as constants for the protocol being defined, developers can use these in the protocol's logic implementation. Thus all the PDUs and protocol constants can be defined in the schema, and all implementations of the protocol in any supported language draw upon those values. This avoids the need for developers to hand code protocol constants in their implementation's source code. This significantly aids protocol development; the protocol's constants can be altered in the ASN.1 schema and all implementations are updated simply by recompiling, promoting a rapid and low risk development cycle.
If the ASN.1 tools properly implement constraints checking in the generated source code, this acts to automatically validate protocol data during program operation. Generally ASN.1 tools will include constraints checking into the generated serialization / deserialization routines, raising errors or exceptions if out-of-bounds data is encountered. It is complex to implement all aspects of ASN.1 constraints in an ASN.1 compiler. Not all tools support the full range of possible constraints expressions. XML schema and JSON schema both support similar constraints concepts. Tool support for constraints in these varies. Microsoft's xsd.exe compiler ignores them.
ASN.1 is visually similar to Augmented Backus-Naur form, which is used to define many Internet protocols like HTTP and SMTP. However, in practice they are quite different: ASN.1 defines a data structure, which can be encoded in various ways. ABNF, on the other hand, defines the encoding at the same time it defines the data structure. ABNF tends to be used more frequently for defining textual, human-readable protocols, and generally is not used to define type-length-value encodings.
Many programming languages define language-specific serialization formats. For instance, Python's "pickle" module and Ruby's "Marshal" module. These formats are generally language specific. They also don't require a schema, which makes them easier to use in ad-hoc storage scenarios, but inappropriate for communications protocols.
JSON and XML similarly do not require a schema, making them easy to use. However, they are both cross-platform standards, and are broadly popular for communications protocols, particularly when combined with an XML schema or JSON schema.
Some ASN.1 tools are able to translate between ASN.1 and XML schema. The translation is standardised by the ITU. This makes it possible for a protocol to be defined in ASN.1, and also automatically in XSD. Thus it is possible to have in a project an XSD schema being compiled by ASN.1 tools producing source code that serializes objects to/from JSON wireformat. A more practical use is to permit other sub-projects to consume an XSD schema instead of an ASN.1 schema, perhaps suiting tools availability for the sub-projects language of choice, with XER used as the protocol wireformat.
For more detail, see Comparison of data serialization formats.