Abstract Syntax Notation One

Abstract Syntax Notation One (ASN.1) is a standard interface description language (IDL) for defining data structures that can be serialized and deserialized in a cross-platform way. It is broadly used in telecommunications and computer networking, and especially in cryptography.

Protocol developers define data structures in ASN.1 modules, which are generally a section of a broader standards document written in the ASN.1 language. The advantage is that the ASN.1 description of the data encoding is independent of a particular computer or programming language. Because ASN.1 is both human-readable and machine-readable, an ASN.1 compiler can compile modules into libraries of code, codecs, that decode or encode the data structures. Some ASN.1 compilers can produce code to encode or decode several encodings, e.g. packed, BER or XML.

ASN.1 is a joint standard of the International Telecommunication Union Telecommunication Standardization Sector (ITU-T) in ITU-T Study Group 17 and International Organization for Standardization/International Electrotechnical Commission (ISO/IEC), originally defined in 1984 as part of CCITT X.409:1984. In 1988, ASN.1 moved to its own standard, X.208, due to wide applicability. The substantially revised 1995 version is covered by the X.680–X.683 series. The latest revision of the X.680 series of recommendations is the 6.0 Edition, published in 2021.

Structure

* X.680 defines the basic lexical items of the ASN.1 language (special tokens, format of basic literal values, etc.). It defines the syntax of a "module definition", the definition of a module within a protocol. A module definition can contain data types, predefined ''information objects'' written in those data types (detailed syntax in X.681), constraint elements (detailed syntax in X.682), among other things.
* X.681 defines the syntax of an ''information object'', which allows for objects in custom datatypes to be represented in the language (akin to object literals in other languages). It also defines a way to reference a specific value from an object using a dot notation as if it is a table.
* X.682 defines ''constraint elements'', which can be used to apply more advanced constraints in a module.
* X.683, ''Parameterization of ASN.1 specifications'', allows assignments and definitions to vary according to parameters.

Language support

ASN.1 is a data type declaration notation. It does not define how to manipulate a variable of such a type. Manipulation of variables is defined in other languages such as SDL (Specification and Description Language) for executable modeling or TTCN-3 (Testing and Test Control Notation) for conformance testing. Both these languages natively support ASN.1 declarations. It is possible to import an ASN.1 module and declare a variable of any of the ASN.1 types declared in the module.

Applications

ASN.1 is used to define a large number of protocols. Its most extensive uses continue to be telecommunications, cryptography, and biometrics.

Encodings

ASN.1 is closely associated with a set of encoding rules that specify how to represent a data structure as a series of bytes. The standard ASN.1 encoding rules include:

Encoding Control Notation

ASN.1 recommendations provide a number of predefined encoding rules. If none of the existing encoding rules are suitable, the Encoding Control Notation (ECN, X.692) provides a way for a user to define his or her own customized encoding rules.

Relation to Privacy-Enhanced Mail (PEM) Encoding

Privacy-Enhanced Mail (PEM) encoding is entirely unrelated to ASN.1 and its codecs, but encoded ASN.1 data, which is often binary, is often PEM-encoded so that it can be transmitted as textual data, e.g. over SMTP relays, or through copy/paste buffers.

As computer files

ASN.1 language and encoding specifications do not specify details such as what filename extension to use when a chunk of data is stored as a file on a computer. Nevertheless, some conventions have arisen:
* ASN.1-language text: extensions of .asn1 and .all have been used for general files. .asn has been used for files only containing module definitions and .prt for files only containing value definitions.
* BER-encoded data: .ber has been used. There is also a proposed MIME type application/ber-stream which includes a protocol parameter specifying an associated OID.
** DER-encoded data: .der. For DER-encoded X.509 certificates, .cer and .crt in addition to .der. The MIME type application/x-x509-ca-cert is specifically for DER-encoded certificates, not general DER data.
* Other encoded data: asn1c sample files use .xer for XER, .per for PER, and .coer for COER.

Example

Module and constraint

This is an example ASN.1 module defining the messages (data structures) of a fictitious Foo Protocol:

FooProtocol DEFINITIONS ::= BEGIN

FooQuestion ::= SEQUENCE

FooAnswer ::= SEQUENCE

END

This could be a specification published by creators of Foo Protocol. Conversation flows, transaction interchanges, and states are not defined in ASN.1, but are left to other notations and textual description of the protocol.

ASN.1 supports constraints on values and sizes, and extensibility. The above specification can be changed to:

FooProtocol DEFINITIONS ::= BEGIN

FooQuestion ::= SEQUENCE

FooAnswer ::= SEQUENCE

FooHistory ::= SEQUENCE

END

This change constrains trackingNumbers to have a value between 0 and 199 inclusive, and questionNumbers to have a value between 10 and 20 inclusive. The size of the questions array can be between 0 and 10 elements, with the answers array between 1 and 10 elements. The anArray field is a fixed length 100 element array of integers that must be in the range 0 to 1000. The '...' extensibility marker means that the FooHistory message specification may have additional fields in future versions of the specification; systems compliant with one version should be able to receive and transmit transactions from a later version, though able to process only the fields specified in the earlier version. Good ASN.1 compilers will generate (in C, C++, Java, etc.) source code that will automatically check that transactions fall within these constraints. Transactions that violate the constraints should not be accepted from, or presented to, the application. Constraint management in this layer significantly simplifies protocol specification because the applications will be protected from constraint violations, reducing risk and cost.

The above examples only make use of syntax from X.680. More advanced constraints from X.682 are not used.

Example PDU

Assuming a message that complies with the Foo Protocol and that will be sent to the receiving party, this particular message (protocol data unit (PDU)) is:

myQuestion FooQuestion ::=

To send the myQuestion message through the network, the message is serialized (encoded) as a series of bytes using one of the encoding rules. The Foo protocol specification should explicitly name one set of encoding rules to use, so that users of the Foo protocol know which one they should use and expect.

The above is an example of X.681, specifically of the ''ObjectAssignment'' construct.

Example encoded in DER

Below is the data structure shown above as myQuestion encoded in DER format (all numbers are in hexadecimal):

30 13 02 01 05 16 0e 41 6e 79 62 6f 64 79 20 74 68 65 72 65 3f

DER is a type–length–value encoding, so the sequence above can be interpreted, with reference to the standard SEQUENCE, INTEGER, and IA5String types, as follows:

30 — type tag indicating SEQUENCE
13 — length in octets of value that follows
02 — type tag indicating INTEGER
01 — length in octets of value that follows
05 — value (5)
16 — type tag indicating IA5String
(IA5 means the full 7-bit ISO 646 set, including variants,
but is generally US-ASCII)
0e — length in octets of value that follows
41 6e 79 62 6f 64 79 20 74 68 65 72 65 3f — value ("Anybody there?")

Example encoded in XER

Alternatively, it is possible to encode the same ASN.1 data structure with XML Encoding Rules (XER) to achieve greater human readability "over the wire". It would then appear as the following 108 octets, (space count includes the spaces used for indentation):

5
Anybody there?

Example encoded in PER, either aligned or unaligned

Alternatively, if Packed Encoding Rules Unaligned are employed, the following 122 bits (16 octets amount to 128 bits, but here only 122 bits carry information and the last 6 bits are merely padding) will be produced:

01 05 0e 83 bb ce 2d f9 3c a0 e9 a3 2f 2c af c0

In this format, type tags for the required elements are not encoded, so it cannot be parsed without knowing the expected schemas used to encode. Additionally, the bytes for the value of the IA5String are packed using 7-bit units instead of 8-bit units, because the encoder knows that encoding an IA5String byte value requires only 7 bits. However the length bytes are still encoded here, even for the first integer tag 01 (but a PER packer could also omit it if it knows that the allowed value range fits on 8 bits, and it could even compact the single value byte 05 with less than 8 bits, if it knows that allowed values can only fit in a smaller range).

The last 6 bits in the encoded PER are padded with null bits in the 6 least significant bits of the last byte c0 : these extra bits may not be transmitted or used for encoding something else if this sequence is inserted as a part of a longer unaligned PER sequence.

This means that unaligned PER data is essentially an ordered stream of bits, and not an ordered stream of bytes like with aligned PER, and that it will be a bit more complex to decode by software on usual processors because it will require additional contextual bit-shifting and masking and not direct byte addressing (but the same remark would be true with modern processors and memory/storage units whose minimum addressable unit is larger than 1 octet). However modern processors and signal processors include hardware support for fast internal decoding of bit streams with automatic handling of computing units that are crossing the boundaries of addressable storage units (this is needed for efficient processing in data codecs for compression/decompression or with some encryption/decryption algorithms).

For comparison, Packed Encoding Rules Aligned produces instead:

01 05 0e 41 6e 79 62 6f 64 79 20 74 68 65 72 65 3f

This format is octet-aligned. In this case, each octet is padded individually with null bits on their unused most significant bits.

Tools

Most of the tools supporting ASN.1 do the following:
* parse the ASN.1 files,
* generates the equivalent declaration in a programming language (like C or C++),
* generates the encoding and decoding functions based on the previous declarations.

A list of tools supporting ASN.1 can be found on th
ITU-T Tool web page

Online tools

ASN1 Play

ASN1 Web Tool (very limited)

ASN1 Playground (sandbox)

ASN.1 JavaScript decoder

Comparison to similar schemes

ASN.1 is similar in purpose and use to Google Protocol Buffers and Apache Thrift, which are also interface description languages for cross-platform data serialization. Like those languages, it has a schema (in ASN.1, called a "module"), and a set of encodings, typically type–length–value encodings. Unlike them, ASN.1 does not provide a single and readily usable open-source implementation, and is published as a specification to be implemented by third-party vendors. However, ASN.1, defined in 1984, predates them by many years. It also includes a wider variety of basic data types, some of which are obsolete, and has more options for extensibility. A single ASN.1 message can include data from multiple modules defined in multiple standards, even standards defined years apart.

ASN.1 also includes built-in support for constraints on values and sizes. For instance, a module can specify an integer field that must be in the range 0 to 100. The length of a sequence of values (an array) can also be specified, either as a fixed length or a range of permitted lengths. Constraints can also be specified as logical combinations of sets of basic constraints.

Values used as constraints can either be literals used in the PDU specification, or ASN.1 values specified elsewhere in the schema file. Some ASN.1 tools will make these ASN.1 values available to programmers in the generated source code. Used as constants for the protocol being defined, developers can use these in the protocol's logic implementation. Thus all the PDUs and protocol constants can be defined in the schema, and all implementations of the protocol in any supported language draw upon those values. This avoids the need for developers to hand code protocol constants in their implementation's source code. This significantly aids protocol development; the protocol's constants can be altered in the ASN.1 schema and all implementations are updated simply by recompiling, promoting a rapid and low risk development cycle.

If the ASN.1 tools properly implement constraints checking in the generated source code, this acts to automatically validate protocol data during program operation. Generally ASN.1 tools will include constraints checking into the generated serialization / deserialization routines, raising errors or exceptions if out-of-bounds data is encountered. It is complex to implement all aspects of ASN.1 constraints in an ASN.1 compiler. Not all tools support the full range of possible constraints expressions. XML schema and JSON schema both support similar constraints concepts. Tool support for constraints varies. Microsoft's xsd.exe compiler ignores them.

Schema translation

Some ASN.1 tools are able to translate between ASN.1 and XML schema (XSD). The translation is standardised by the ITU. This makes it possible for a protocol to be defined in ASN.1, and also automatically in XSD. Thus it is possible (though perhaps ill-advised) to have in a project an XSD schema being compiled by ASN.1 tools producing source code that serializes objects to/from JSON wireformat. A more practical use is to permit other sub-projects to consume an XSD schema instead of an ASN.1 schema, perhaps suiting tools availability for the sub-projects language of choice, with XER used as the protocol wireformat.

OSS Nokalva offers a tool for converting a JSON data object or a JSON schema into an ASN.1 definition. There is not yet a tool for generating a JSON schema describing the JER-encoded structure of a ASN.1 data structure.

OSS Nokalva also offers a tool for converting a Protocol Buffers schema into an ASN.1 definition.

Schema-optional formats

Many programming languages define language-specific serialization formats. For instance, Python's "pickle" module and Ruby's "Marshal" module. These formats do not require a schema. They are generally language-specific, which makes them easier to use in ad hoc storage scenarios, but inappropriate for communications protocols.

JSON and XML similarly do not require a schema, making them easy to use. They are also both cross-platform standards that are broadly popular for communications protocols, particularly when combined with a JSON schema or XML schema.

Protocol definitions on different levels

ASN.1 is visually similar to Augmented Backus-Naur form (ABNF), which is used to define many Internet protocols like HTTP and SMTP. However, in practice they are quite different: ASN.1 defines a data structure, which can be encoded in various ways (e.g. JSON, XML, binary). ABNF, on the other hand, defines the encoding ("syntax") at the same time it defines the data structure ("semantics"). ABNF tends to be used more frequently for defining textual, human-readable protocols, and generally is not used to define type–length–value encodings.

ASN.1 is also visually similar to CSN.1. However, CSN.1 also defines the encoding of an object, specifically on the bit level.

See also

* X.690
* Information Object Class (ASN.1)
* Presentation layer

References

External links

A Layman's Guide to a Subset of ASN.1, BER, and DER
A good introduction for beginners

ITU-T website - Introduction to ASN.1




Tutorial on basic ASN.1 concepts


Tutorial on ASN.1


ttp://lionet.info/asn1c/asn1c.cgi An on-line ASN.1->C++ Compiler

ASN.1 decoder
Allows decoding ASN.1 encoded messages into XML output.

ASN.1 syntax checker and encoder/decoder
Checks the syntax of an ASN.1 schema and encodes/decodes messages.

ASN.1 encoder/decoder of 3GPP messages
Encodes/decodes ASN.1 3GPP messages and allows easy editing of these messages.





Overview of the Octet Encoding Rules (OER)

Overview of the JSON Encoding Rules (JER)

A Typescript node utility to parse and validate ASN.1 messages

{{Authority control

Data modeling languages
Data serialization formats
ITU-T X Series Recommendations