… | |
… | |
4 | |
4 | |
5 | =head1 SYNOPSIS |
5 | =head1 SYNOPSIS |
6 | |
6 | |
7 | use Convert::BER::XS ':all'; |
7 | use Convert::BER::XS ':all'; |
8 | |
8 | |
9 | my $ber = ber_decode $buf |
9 | my $ber = ber_decode $buf, $Convert::BER::XS::SNMP_PROFILE |
10 | or die "unable to decode SNMP message"; |
10 | or die "unable to decode SNMP message"; |
11 | |
11 | |
12 | # The above results in a data structure consisting of (class, tag, |
12 | # The above results in a data structure consisting of |
|
|
13 | # (class, tag, # constructed, data) |
13 | # constructed, data) tuples. Below is such a message, SNMPv1 trap |
14 | # tuples. Below is such a message, SNMPv1 trap |
14 | # with a Cisco mac change notification. |
15 | # with a Cisco mac change notification. |
15 | # Did you know that Cisco is in the news almost every week because |
16 | # Did you know that Cisco is in the news almost |
|
|
17 | # every week because of some backdoor password |
16 | # of some backdoor password or other extremely stupid security bug? |
18 | # or other extremely stupid security bug? |
17 | |
19 | |
18 | [ ASN_UNIVERSAL, ASN_SEQUENCE, 1, |
20 | [ ASN_UNIVERSAL, ASN_SEQUENCE, 1, |
19 | [ |
21 | [ |
20 | [ ASN_UNIVERSAL, ASN_INTEGER32, 0, 0 ], # snmp version 1 |
22 | [ ASN_UNIVERSAL, ASN_INTEGER32, 0, 0 ], # snmp version 1 |
21 | [ ASN_UNIVERSAL, 4, 0, "public" ], # community |
23 | [ ASN_UNIVERSAL, 4, 0, "public" ], # community |
22 | [ ASN_CONTEXT, 4, 1, # CHOICE, constructed - trap PDU |
24 | [ ASN_CONTEXT, 4, 1, # CHOICE, constructed - trap PDU |
23 | [ |
25 | [ |
24 | [ ASN_UNIVERSAL, ASN_OBJECT_IDENTIFIER, 0, "1.3.6.1.4.1.9.9.215.2" ], # enterprise oid |
26 | [ ASN_UNIVERSAL, ASN_OBJECT_IDENTIFIER, 0, "1.3.6.1.4.1.9.9.215.2" ], # enterprise oid |
25 | [ ASN_APPLICATION, 0, 0, "\x0a\x00\x00\x01" ], # SNMP IpAddress, 10.0.0.1 |
27 | [ ASN_APPLICATION, SNMP_IPADDRESS, 0, "10.0.0.1" ], # SNMP IpAddress |
26 | [ ASN_UNIVERSAL, ASN_INTEGER32, 0, 6 ], # generic trap |
28 | [ ASN_UNIVERSAL, ASN_INTEGER32, 0, 6 ], # generic trap |
27 | [ ASN_UNIVERSAL, ASN_INTEGER32, 0, 1 ], # specific trap |
29 | [ ASN_UNIVERSAL, ASN_INTEGER32, 0, 1 ], # specific trap |
28 | [ ASN_APPLICATION, ASN_TIMETICKS, 0, 1817903850 ], # SNMP TimeTicks |
30 | [ ASN_APPLICATION, SNMP_TIMETICKS, 0, 1817903850 ], # SNMP TimeTicks |
29 | [ ASN_UNIVERSAL, ASN_SEQUENCE, 1, # the varbindlist |
31 | [ ASN_UNIVERSAL, ASN_SEQUENCE, 1, # the varbindlist |
30 | [ |
32 | [ |
31 | [ ASN_UNIVERSAL, ASN_SEQUENCE, 1, # a single varbind, "key value" pair |
33 | [ ASN_UNIVERSAL, ASN_SEQUENCE, 1, # a single varbind, "key value" pair |
32 | [ |
34 | [ |
33 | [ ASN_UNIVERSAL, ASN_OBJECT_IDENTIFIER, 0, "1.3.6.1.4.1.9.9.215.1.1.8.1.2.1" ], # the oid |
35 | [ ASN_UNIVERSAL, ASN_OBJECT_IDENTIFIER, 0, "1.3.6.1.4.1.9.9.215.1.1.8.1.2.1" ], |
34 | [ ASN_UNIVERSAL, ASN_OCTET_STRING, 0, "...data..." # the value |
36 | [ ASN_UNIVERSAL, ASN_OCTET_STRING, 0, "...data..." # the value |
35 | ] |
37 | ] |
36 | ] |
38 | ] |
37 | ], |
39 | ], |
38 | ... |
40 | ... |
… | |
… | |
60 | ) { |
62 | ) { |
61 | ... and so on |
63 | ... and so on |
62 | |
64 | |
63 | # finally, let's encode it again and hope it results in the same bit pattern |
65 | # finally, let's encode it again and hope it results in the same bit pattern |
64 | |
66 | |
65 | my $buf = ber_encode $ber; |
67 | my $buf = ber_encode $ber, $Convert::BER::XS::SNMP_PROFILE; |
66 | |
68 | |
67 | =head1 DESCRIPTION |
69 | =head1 DESCRIPTION |
68 | |
70 | |
|
|
71 | WARNING: Before release 1.0, the API is not considered stable in any way. |
|
|
72 | |
69 | This module implements a I<very> low level BER/DER en-/decoder. |
73 | This module implements a I<very> low level BER/DER en-/decoder. |
70 | |
74 | |
71 | If is tuned for low memory and high speed, while still maintaining some |
75 | It is tuned for low memory and high speed, while still maintaining some |
72 | level of user-friendlyness. |
76 | level of user-friendlyness. |
73 | |
77 | |
74 | Currently, not much is documented, as this is an initial release to |
78 | =head2 EXPORT TAGS AND CONSTANTS |
75 | reserve CPAN namespace, stay tuned for a few days. |
79 | |
|
|
80 | By default this module doesn't export any symbols, but if you don't want |
|
|
81 | to break your keyboard, editor or eyesight with extremely long names, I |
|
|
82 | recommend importing the C<:all> tag. Still, you can selectively import |
|
|
83 | things. |
|
|
84 | |
|
|
85 | =over |
|
|
86 | |
|
|
87 | =item C<:all> |
|
|
88 | |
|
|
89 | All of the below. Really. Recommended for at least first steps, or if you |
|
|
90 | don't care about a few kilobytes of wasted memory (and namespace). |
|
|
91 | |
|
|
92 | =item C<:const> |
|
|
93 | |
|
|
94 | All of the strictly ASN.1-related constants defined by this module, the |
|
|
95 | same as C<:const_asn :const_index>. Notably, this does not contain |
|
|
96 | C<:const_ber_type> and C<:const_snmp>. |
|
|
97 | |
|
|
98 | A good set to get everything you need to decode and match BER data would be |
|
|
99 | C<:decode :const>. |
|
|
100 | |
|
|
101 | =item C<:const_index> |
|
|
102 | |
|
|
103 | The BER tuple array index constants: |
|
|
104 | |
|
|
105 | BER_CLASS BER_TAG BER_CONSTRUCTED BER_DATA |
|
|
106 | |
|
|
107 | =item C<:const_asn> |
|
|
108 | |
|
|
109 | ASN class values (these are C<0>, C<1>, C<2> and C<3>, respectively - |
|
|
110 | exactly thw two topmost bits from the identifier octet shifted 6 bits to |
|
|
111 | the right): |
|
|
112 | |
|
|
113 | ASN_UNIVERSAL ASN_APPLICATION ASN_CONTEXT ASN_PRIVATE |
|
|
114 | |
|
|
115 | ASN tag values (some of which are aliases, such as C<ASN_OID>). Their |
|
|
116 | numerical value corresponds exactly to the numbers used in BER/X.690. |
|
|
117 | |
|
|
118 | ASN_BOOLEAN ASN_INTEGER32 ASN_BIT_STRING ASN_OCTET_STRING ASN_NULL ASN_OBJECT_IDENTIFIER |
|
|
119 | ASN_OBJECT_DESCRIPTOR ASN_OID ASN_EXTERNAL ASN_REAL ASN_SEQUENCE ASN_ENUMERATED |
|
|
120 | ASN_EMBEDDED_PDV ASN_UTF8_STRING ASN_RELATIVE_OID ASN_SET ASN_NUMERIC_STRING |
|
|
121 | ASN_PRINTABLE_STRING ASN_TELETEX_STRING ASN_T61_STRING ASN_VIDEOTEX_STRING ASN_IA5_STRING |
|
|
122 | ASN_ASCII_STRING ASN_UTC_TIME ASN_GENERALIZED_TIME ASN_GRAPHIC_STRING ASN_VISIBLE_STRING |
|
|
123 | ASN_ISO646_STRING ASN_GENERAL_STRING ASN_UNIVERSAL_STRING ASN_CHARACTER_STRING ASN_BMP_STRING |
|
|
124 | |
|
|
125 | =item C<:const_ber_type> |
|
|
126 | |
|
|
127 | The BER type constants, explained in the PROFILES section. |
|
|
128 | |
|
|
129 | BER_TYPE_BYTES BER_TYPE_UTF8 BER_TYPE_UCS2 BER_TYPE_UCS4 BER_TYPE_INT |
|
|
130 | BER_TYPE_OID BER_TYPE_RELOID BER_TYPE_NULL BER_TYPE_BOOL BER_TYPE_REAL |
|
|
131 | BER_TYPE_IPADDRESS BER_TYPE_CROAK |
|
|
132 | |
|
|
133 | =item C<:const_snmp> |
|
|
134 | |
|
|
135 | Constants only relevant to SNMP. These are the tag values used by SNMP in |
|
|
136 | the C<ASN_APPLICATION> namespace and have the exact numerical value as in |
|
|
137 | BER/RFC 2578. |
|
|
138 | |
|
|
139 | SNMP_IPADDRESS SNMP_COUNTER32 SNMP_UNSIGNED32 SNMP_TIMETICKS SNMP_OPAQUE SNMP_COUNTER64 |
|
|
140 | |
|
|
141 | =item C<:decode> |
|
|
142 | |
|
|
143 | C<ber_decode> and the match helper functions: |
|
|
144 | |
|
|
145 | ber_decode ber_is ber_is_seq ber_is_i32 ber_is_oid |
|
|
146 | |
|
|
147 | =item C<:encode> |
|
|
148 | |
|
|
149 | C<ber_encode> and the construction helper functions: |
|
|
150 | |
|
|
151 | ber_encode ber_i32 |
|
|
152 | |
|
|
153 | =back |
76 | |
154 | |
77 | =head2 ASN.1/BER/DER/... BASICS |
155 | =head2 ASN.1/BER/DER/... BASICS |
78 | |
156 | |
79 | ASN.1 is a strange language that can be sed to describe protocols and |
157 | ASN.1 is a strange language that can be used to describe protocols and |
80 | data structures. It supports various mappings to JSON, XML, but most |
158 | data structures. It supports various mappings to JSON, XML, but most |
81 | importantly, to a various binary encodings such as BER, that is the topic |
159 | importantly, to a various binary encodings such as BER, that is the topic |
82 | of this module, and is used in SNMP or LDAP for example. |
160 | of this module, and is used in SNMP or LDAP for example. |
83 | |
161 | |
84 | While ASN.1 defines a schema that is useful to interpret encoded data, |
162 | While ASN.1 defines a schema that is useful to interpret encoded data, |
85 | the BER encoding is actually somehat self-describing: you might not know |
163 | the BER encoding is actually somewhat self-describing: you might not know |
86 | whether something is a string or a number or a sequence or something else, |
164 | whether something is a string or a number or a sequence or something else, |
87 | but you can nevertheless decode the overall structure, even if you end up |
165 | but you can nevertheless decode the overall structure, even if you end up |
88 | with just a binary blob for the actual value. |
166 | with just a binary blob for the actual value. |
89 | |
167 | |
90 | This works because BER values are tagged with a type and a namespace, |
168 | This works because BER values are tagged with a type and a namespace, |
91 | and also have a flag that says whther a value consists of subvalues (is |
169 | and also have a flag that says whether a value consists of subvalues (is |
92 | "constructed") or not (is "primitive"). |
170 | "constructed") or not (is "primitive"). |
93 | |
171 | |
94 | Tags are simple integers, and ASN.1 defines a somewhat weird assortment of |
172 | Tags are simple integers, and ASN.1 defines a somewhat weird assortment of |
95 | those - for example, you have 32 bit signed integers and 16(!) different |
173 | those - for example, you have 32 bit signed integers and 16(!) different |
96 | string types, but there is no unsigned32 type for example. Different |
174 | string types, but there is no Unsigned32 type for example. Different |
97 | applications work around this in different ways, for example, SNMP defines |
175 | applications work around this in different ways, for example, SNMP defines |
98 | application-specific Gauge32, Counter32 and Unsigned32, which are mapped |
176 | application-specific Gauge32, Counter32 and Unsigned32, which are mapped |
99 | to two different tags: you can distinguish between Counter32 and the |
177 | to two different tags: you can distinguish between Counter32 and the |
100 | others, but not between Gause32 and Unsigned32, without the ASN.1 schema. |
178 | others, but not between Gause32 and Unsigned32, without the ASN.1 schema. |
101 | |
179 | |
… | |
… | |
106 | This module represents every BER value as a 4-element tuple (actually an |
184 | This module represents every BER value as a 4-element tuple (actually an |
107 | array-reference): |
185 | array-reference): |
108 | |
186 | |
109 | [CLASS, TAG, CONSTRUCTED, DATA] |
187 | [CLASS, TAG, CONSTRUCTED, DATA] |
110 | |
188 | |
|
|
189 | For example: |
|
|
190 | |
|
|
191 | [ASN_UNIVERSAL, ASN_INTEGER32, 0, 177] # the integer 177 |
|
|
192 | [ASN_UNIVERSAL, ASN_OCTET_STRING, 0, "john"] # the string "john" |
|
|
193 | [ASN_UNIVERSAL, ASN_OID, 0, "1.3.6.133"] # some OID |
|
|
194 | [ASN_UNIVERSAL, ASN_SEQUENCE, 1, [ [ASN_UNIVERSAL... # a sequence |
|
|
195 | |
111 | To avoid non-descriptive hardcoded array index numbers, this module |
196 | To avoid non-descriptive hardcoded array index numbers, this module |
112 | defines symbolic constants to access these members: C<BER_CLASS>, |
197 | defines symbolic constants to access these members: C<BER_CLASS>, |
113 | C<BER_TAG>, C<BER_CONSTRUCTED> and C<BER_DATA>. |
198 | C<BER_TAG>, C<BER_CONSTRUCTED> and C<BER_DATA>. |
114 | |
199 | |
115 | Also, the first three members are integers with a little caveat: for |
200 | Also, the first three members are integers with a little caveat: for |
… | |
… | |
118 | I<DATA> member, and you may re-assign the array itself, e.g.: |
203 | I<DATA> member, and you may re-assign the array itself, e.g.: |
119 | |
204 | |
120 | $ber = ber_decode $binbuf; |
205 | $ber = ber_decode $binbuf; |
121 | |
206 | |
122 | # the following is NOT legal: |
207 | # the following is NOT legal: |
123 | $ber->[BER_CLASS] = ASN_PRIVATE; # ERROR, readonly(!) |
208 | $ber->[BER_CLASS] = ASN_PRIVATE; # ERROR, CLASS/TAG/CONSTRUCTED are READ ONLY(!) |
124 | |
209 | |
125 | # but all of the following are fine: |
210 | # but all of the following are fine: |
126 | $ber->[BER_DATA] = "string"; |
211 | $ber->[BER_DATA] = "string"; |
127 | $ber->[BER_DATA] = [ASN_UNIVERSAL, ASN_INTEGER32, 0, 123]; |
212 | $ber->[BER_DATA] = [ASN_UNIVERSAL, ASN_INTEGER32, 0, 123]; |
128 | @$ber = (ASN_APPLICATION, SNMP_TIMETICKS, 1000); |
213 | @$ber = (ASN_APPLICATION, SNMP_TIMETICKS, 0, 1000); |
129 | |
214 | |
130 | I<CLASS> is something like a namespace for I<TAG>s - there is the |
215 | I<CLASS> is something like a namespace for I<TAG>s - there is the |
131 | C<ASN_UNIVERSAL> namespace which defines tags common to all ASN.1 |
216 | C<ASN_UNIVERSAL> namespace which defines tags common to all ASN.1 |
132 | implementations, the C<ASN_APPLICATION> namespace which defines tags for |
217 | implementations, the C<ASN_APPLICATION> namespace which defines tags for |
133 | specific applications (for example, the SNMP C<Unsigned32> type is in this |
218 | specific applications (for example, the SNMP C<Unsigned32> type is in this |
134 | namespace), a special-purpose context namespace (C<ASN_CONTEXT>, used e.g. |
219 | namespace), a special-purpose context namespace (C<ASN_CONTEXT>, used e.g. |
135 | for C<CHOICE>) and a private namespace (C<ASN_PRIVATE>). |
220 | for C<CHOICE>) and a private namespace (C<ASN_PRIVATE>). |
136 | |
221 | |
137 | The meaning of the I<TAG> depends on the namespace, and defines a |
222 | The meaning of the I<TAG> depends on the namespace, and defines a |
138 | (partial) interpretation of the data value. For example, right now, SNMP |
223 | (partial) interpretation of the data value. For example, SNMP defines |
139 | application namespace knowledge ix hardcoded into this module, so it |
224 | extra tags in the C<ASN_APPLICATION> namespace, and to take full advantage |
140 | knows that SNMP C<Unsigned32> values need to be decoded into actual perl |
225 | of these, you need to tell this module how to handle those via profiles. |
141 | integers. |
|
|
142 | |
226 | |
143 | The most common tags in the C<ASN_UNIVERSAL> namespace are |
227 | The most common tags in the C<ASN_UNIVERSAL> namespace are |
144 | C<ASN_INTEGER32>, C<ASN_BIT_STRING>, C<ASN_NULL>, C<ASN_OCTET_STRING>, |
228 | C<ASN_INTEGER32>, C<ASN_BIT_STRING>, C<ASN_NULL>, C<ASN_OCTET_STRING>, |
145 | C<ASN_OBJECT_IDENTIFIER>, C<ASN_SEQUENCE>, C<ASN_SET> and |
229 | C<ASN_OBJECT_IDENTIFIER>, C<ASN_SEQUENCE>, C<ASN_SET> and |
146 | C<ASN_IA5_STRING>. |
230 | C<ASN_IA5_STRING>. |
147 | |
231 | |
148 | The most common tags in SNMP's C<ASN_APPLICATION> namespace |
232 | The most common tags in SNMP's C<ASN_APPLICATION> namespace are |
149 | are C<SNMP_IPADDRESS>, C<SNMP_COUNTER32>, C<SNMP_UNSIGNED32>, |
233 | C<SNMP_COUNTER32>, C<SNMP_UNSIGNED32>, C<SNMP_TIMETICKS> and |
150 | C<SNMP_TIMETICKS>, C<SNMP_OPAQUE> and C<SNMP_COUNTER64>. |
234 | C<SNMP_COUNTER64>. |
151 | |
235 | |
152 | The I<CONSTRUCTED> flag is really just a boolean - if it is false, the |
236 | The I<CONSTRUCTED> flag is really just a boolean - if it is false, |
153 | the value is "primitive" and contains no subvalues, kind of like a |
237 | the value is "primitive" and contains no subvalues, kind of like a |
154 | non-reference perl scalar. IF it is true, then the value is "constructed" |
238 | non-reference perl scalar. If it is true, then the value is "constructed" |
155 | which just means it contains a list of subvalues which this module will |
239 | which just means it contains a list of subvalues which this module will |
156 | en-/decode as BER tuples themselves. |
240 | en-/decode as BER tuples themselves. |
157 | |
241 | |
158 | The I<DATA> value is either a reference to an array of further tuples (if |
242 | The I<DATA> value is either a reference to an array of further tuples (if |
159 | the value is I<CONSTRUCTED>), some decoded representation of the value, |
243 | the value is I<CONSTRUCTED>), some decoded representation of the value, |
… | |
… | |
164 | Thus, you can always decode a BER data structure and at worst you get a |
248 | Thus, you can always decode a BER data structure and at worst you get a |
165 | string in place of some nice decoded value. |
249 | string in place of some nice decoded value. |
166 | |
250 | |
167 | See the SYNOPSIS for an example of such an encoded tuple representation. |
251 | See the SYNOPSIS for an example of such an encoded tuple representation. |
168 | |
252 | |
|
|
253 | =head2 DECODING AND ENCODING |
|
|
254 | |
|
|
255 | =over |
|
|
256 | |
|
|
257 | =item $tuple = ber_decoded $bindata[, $profile] |
|
|
258 | |
|
|
259 | Decodes binary BER data in C<$bindata> and returns the resulting BER |
|
|
260 | tuple. Croaks on any decoding error, so the returned C<$tuple> is always |
|
|
261 | valid. |
|
|
262 | |
|
|
263 | How tags are interpreted is defined by the second argument, which must |
|
|
264 | be a C<Convert::BER::XS::Profile> object. If it is missing, the default |
|
|
265 | profile will be used (C<$Convert::BER::XS::DEFAULT_PROFILE>). |
|
|
266 | |
|
|
267 | In addition to rolling your own, this module provides a |
|
|
268 | C<$Convert::BER::XS::SNMP_PROFILE> that knows about the additional SNMP |
|
|
269 | types. |
|
|
270 | |
|
|
271 | =item $bindata = ber_encode $tuple[, $profile] |
|
|
272 | |
|
|
273 | Encodes the BER tuple into a BER/DER data structure. AS with |
|
|
274 | Cyber_decode>, an optional profile can be given. |
|
|
275 | |
|
|
276 | =back |
|
|
277 | |
169 | =head2 HELPER FUNCTIONS |
278 | =head2 HELPER FUNCTIONS |
170 | |
279 | |
171 | Working with a 4-tuple for every value can be annoying. Or, rather, I<is> |
280 | Working with a 4-tuple for every value can be annoying. Or, rather, I<is> |
172 | annoying. To reduce this a bit, this module defines a number of helper |
281 | annoying. To reduce this a bit, this module defines a number of helper |
173 | functions, both to match BER tuples and to conmstruct BER tuples: |
282 | functions, both to match BER tuples and to construct BER tuples: |
174 | |
283 | |
175 | =head3 MATCH HELPERS |
284 | =head3 MATCH HELPERS |
176 | |
285 | |
177 | Thse functions accept a BER tuple as first argument and either paertially |
286 | These functions accept a BER tuple as first argument and either partially |
178 | or fully match it. They often come in two forms, one which exactly matches |
287 | or fully match it. They often come in two forms, one which exactly matches |
179 | a value, and one which only matches the type and returns the value. |
288 | a value, and one which only matches the type and returns the value. |
180 | |
289 | |
181 | They do check whether valid tuples are passed in and croak otherwise. As |
290 | They do check whether valid tuples are passed in and croak otherwise. As |
182 | a ease-of-use exception, they usually also accept C<undef> instead of a |
291 | a ease-of-use exception, they usually also accept C<undef> instead of a |
183 | tuple reference. in which case they silently fail to match. |
292 | tuple reference, in which case they silently fail to match. |
184 | |
293 | |
185 | =over |
294 | =over |
186 | |
295 | |
187 | =item $bool = ber_is $tuple, $class, $tag, $constructed, $data |
296 | =item $bool = ber_is $tuple, $class, $tag, $constructed, $data |
188 | |
297 | |
189 | This takes a BER C<$tuple> and matches its elements agains the privded |
298 | This takes a BER C<$tuple> and matches its elements against the provided |
190 | values, all of which are optional - values that are either missing or |
299 | values, all of which are optional - values that are either missing or |
191 | C<undef> will be ignored, the others will be matched exactly (e.g. as if |
300 | C<undef> will be ignored, the others will be matched exactly (e.g. as if |
192 | you used C<==> or C<eq> (for C<$data>)). |
301 | you used C<==> or C<eq> (for C<$data>)). |
193 | |
302 | |
194 | Some examples: |
303 | Some examples: |
… | |
… | |
231 | true. |
340 | true. |
232 | |
341 | |
233 | =item $bool = ber_is_oid $tuple, $oid_string |
342 | =item $bool = ber_is_oid $tuple, $oid_string |
234 | |
343 | |
235 | Returns true if the C<$tuple> represents an ASN_OBJECT_IDENTIFIER |
344 | Returns true if the C<$tuple> represents an ASN_OBJECT_IDENTIFIER |
236 | that exactly matches C$oid_string>. Exmaple: |
345 | that exactly matches C<$oid_string>. Example: |
237 | |
346 | |
238 | ber_is_oid $tuple, "1.3.6.1.4" |
347 | ber_is_oid $tuple, "1.3.6.1.4" |
239 | or die "oid must be 1.3.6.1.4"; |
348 | or die "oid must be 1.3.6.1.4"; |
240 | |
349 | |
241 | =item $oid = ber_is_oid $tuple |
350 | =item $oid = ber_is_oid $tuple |
… | |
… | |
269 | use common::sense; |
378 | use common::sense; |
270 | |
379 | |
271 | use XSLoader (); |
380 | use XSLoader (); |
272 | use Exporter qw(import); |
381 | use Exporter qw(import); |
273 | |
382 | |
274 | our $VERSION = 0.1; |
383 | our $VERSION; |
275 | |
384 | |
|
|
385 | BEGIN { |
|
|
386 | $VERSION = 0.8; |
276 | XSLoader::load __PACKAGE__, $VERSION; |
387 | XSLoader::load __PACKAGE__, $VERSION; |
|
|
388 | } |
277 | |
389 | |
278 | our %EXPORT_TAGS = ( |
390 | our %EXPORT_TAGS = ( |
279 | const => [qw( |
391 | const_index => [qw( |
280 | BER_CLASS BER_TAG BER_CONSTRUCTED BER_DATA |
392 | BER_CLASS BER_TAG BER_CONSTRUCTED BER_DATA |
281 | |
393 | )], |
|
|
394 | const_asn => [qw( |
282 | ASN_BOOLEAN ASN_INTEGER32 ASN_BIT_STRING ASN_OCTET_STRING ASN_NULL ASN_OBJECT_IDENTIFIER ASN_TAG_BER ASN_TAG_MASK |
395 | ASN_BOOLEAN ASN_INTEGER32 ASN_BIT_STRING ASN_OCTET_STRING ASN_NULL ASN_OBJECT_IDENTIFIER |
283 | ASN_CONSTRUCTED ASN_UNIVERSAL ASN_APPLICATION ASN_CONTEXT ASN_PRIVATE ASN_CLASS_MASK ASN_CLASS_SHIFT |
396 | ASN_OBJECT_DESCRIPTOR ASN_OID ASN_EXTERNAL ASN_REAL ASN_SEQUENCE ASN_ENUMERATED |
284 | ASN_SEQUENCE |
397 | ASN_EMBEDDED_PDV ASN_UTF8_STRING ASN_RELATIVE_OID ASN_SET ASN_NUMERIC_STRING |
285 | |
398 | ASN_PRINTABLE_STRING ASN_TELETEX_STRING ASN_T61_STRING ASN_VIDEOTEX_STRING ASN_IA5_STRING |
|
|
399 | ASN_ASCII_STRING ASN_UTC_TIME ASN_GENERALIZED_TIME ASN_GRAPHIC_STRING ASN_VISIBLE_STRING |
|
|
400 | ASN_ISO646_STRING ASN_GENERAL_STRING ASN_UNIVERSAL_STRING ASN_CHARACTER_STRING ASN_BMP_STRING |
|
|
401 | |
|
|
402 | ASN_UNIVERSAL ASN_APPLICATION ASN_CONTEXT ASN_PRIVATE |
|
|
403 | )], |
|
|
404 | const_ber_type => [qw( |
|
|
405 | BER_TYPE_BYTES BER_TYPE_UTF8 BER_TYPE_UCS2 BER_TYPE_UCS4 BER_TYPE_INT |
|
|
406 | BER_TYPE_OID BER_TYPE_RELOID BER_TYPE_NULL BER_TYPE_BOOL BER_TYPE_REAL |
|
|
407 | BER_TYPE_IPADDRESS BER_TYPE_CROAK |
|
|
408 | )], |
|
|
409 | const_snmp => [qw( |
286 | SNMP_IPADDRESS SNMP_COUNTER32 SNMP_UNSIGNED32 SNMP_TIMETICKS SNMP_OPAQUE SNMP_COUNTER64 |
410 | SNMP_IPADDRESS SNMP_COUNTER32 SNMP_UNSIGNED32 SNMP_TIMETICKS SNMP_OPAQUE SNMP_COUNTER64 |
287 | )], |
411 | )], |
288 | encode => [qw( |
412 | decode => [qw( |
289 | ber_decode |
413 | ber_decode |
290 | ber_is ber_is_seq ber_is_i32 ber_is_oid |
414 | ber_is ber_is_seq ber_is_i32 ber_is_oid |
291 | )], |
415 | )], |
292 | decode => [qw( |
416 | encode => [qw( |
293 | ber_encode |
417 | ber_encode |
|
|
418 | ber_i32 |
294 | )], |
419 | )], |
295 | ); |
420 | ); |
296 | |
421 | |
297 | our @EXPORT_OK = map @$_, values %EXPORT_TAGS; |
422 | our @EXPORT_OK = map @$_, values %EXPORT_TAGS; |
298 | |
423 | |
299 | $EXPORT_TAGS{all} = \@EXPORT_OK; |
424 | $EXPORT_TAGS{all} = \@EXPORT_OK; |
|
|
425 | $EXPORT_TAGS{const} = [map @{ $EXPORT_TAGS{$_} }, qw(const_index const_asn)]; |
|
|
426 | use Data::Dump; ddx \%EXPORT_TAGS; |
|
|
427 | |
|
|
428 | =head1 PROFILES |
|
|
429 | |
|
|
430 | While any BER data can be correctly encoded and decoded out of the box, it |
|
|
431 | can be inconvenient to have to manually decode some values into a "better" |
|
|
432 | format: for instance, SNMP TimeTicks values are decoded into the raw octet |
|
|
433 | strings of their BER representation, which is quite hard to decode. With |
|
|
434 | profiles, you can change which class/tag combinations map to which decoder |
|
|
435 | function inside C<ber_decode> (and of course also which encoder functions |
|
|
436 | are used in C<ber_encode>). |
|
|
437 | |
|
|
438 | This works by mapping specific class/tag combinations to an internal "ber |
|
|
439 | type". |
|
|
440 | |
|
|
441 | The default profile supports the standard ASN.1 types, but no |
|
|
442 | application-specific ones. This means that class/tag combinations not in |
|
|
443 | the base set of ASN.1 are decoded into their raw octet strings. |
|
|
444 | |
|
|
445 | C<Convert::BER::XS> defines two profile variables you can use out of the box: |
|
|
446 | |
|
|
447 | =over |
|
|
448 | |
|
|
449 | =item C<$Convert::BER::XS::DEFAULT_PROFILE> |
|
|
450 | |
|
|
451 | This is the default profile, i.e. the profile that is used when no |
|
|
452 | profile is specified for de-/encoding. |
|
|
453 | |
|
|
454 | You can modify it, but remember that this modifies the defaults for all |
|
|
455 | callers that rely on the default profile. |
|
|
456 | |
|
|
457 | =item C<$Convert::BER::XS::SNMP_PROFILE> |
|
|
458 | |
|
|
459 | A profile with mappings for SNMP-specific application tags added. This is |
|
|
460 | useful when de-/encoding SNMP data. |
|
|
461 | |
|
|
462 | Example: |
|
|
463 | |
|
|
464 | $ber = ber_decode $data, $Convert::BER::XS::SNMP_PROFILE; |
|
|
465 | |
|
|
466 | =back |
|
|
467 | |
|
|
468 | =head2 The Convert::BER::XS::Profile class |
|
|
469 | |
|
|
470 | =over |
|
|
471 | |
|
|
472 | =item $profile = new Convert::BER::XS::Profile |
|
|
473 | |
|
|
474 | Create a new profile. The profile will be identical to the default |
|
|
475 | profile. |
|
|
476 | |
|
|
477 | =item $profile->set ($class, $tag, $type) |
|
|
478 | |
|
|
479 | Sets the mapping for the given C<$class>/C<$tag> combination to C<$type>, |
|
|
480 | which must be one of the C<BER_TYPE_*> constants. |
|
|
481 | |
|
|
482 | Note that currently, the mapping is stored in a flat array, so large |
|
|
483 | values of C<$tag> will consume large amounts of memory. |
|
|
484 | |
|
|
485 | Example: |
|
|
486 | |
|
|
487 | $profile = new Convert::BER::XS::Profile; |
|
|
488 | $profile->set (ASN_APPLICATION, SNMP_COUNTER32, BER_TYPE_INT); |
|
|
489 | $ber = ber_decode $data, $profile; |
|
|
490 | |
|
|
491 | =item $type = $profile->get ($class, $tag) |
|
|
492 | |
|
|
493 | Returns the BER type mapped to the given C<$class>/C<$tag> combination. |
|
|
494 | |
|
|
495 | =back |
|
|
496 | |
|
|
497 | =head2 BER TYPES |
|
|
498 | |
|
|
499 | This lists the predefined BER types - you can map any C<CLASS>/C<TAG> |
|
|
500 | combination to any C<BER_TYPE_*>. |
|
|
501 | |
|
|
502 | =over |
|
|
503 | |
|
|
504 | =item C<BER_TYPE_BYTES> |
|
|
505 | |
|
|
506 | The raw octets of the value. This is the default type for unknown tags and |
|
|
507 | de-/encodes the value as if it were an octet string, i.e. by copying the |
|
|
508 | raw bytes. |
|
|
509 | |
|
|
510 | =item C<BER_TYPE_UTF8> |
|
|
511 | |
|
|
512 | Like C<BER_TYPE_BYTES>, but decodes the value as if it were a UTF-8 string |
|
|
513 | (without validation!) and encodes a perl unicode string into a UTF-8 BER |
|
|
514 | string. |
|
|
515 | |
|
|
516 | =item C<BER_TYPE_UCS2> |
|
|
517 | |
|
|
518 | Similar to C<BER_TYPE_UTF8>, but treats the BER value as UCS-2 encoded |
|
|
519 | string. |
|
|
520 | |
|
|
521 | =item C<BER_TYPE_UCS4> |
|
|
522 | |
|
|
523 | Similar to C<BER_TYPE_UTF8>, but treats the BER value as UCS-4 encoded |
|
|
524 | string. |
|
|
525 | |
|
|
526 | =item C<BER_TYPE_INT> |
|
|
527 | |
|
|
528 | Encodes and decodes a BER integer value to a perl integer scalar. This |
|
|
529 | should correctly handle 64 bit signed and unsigned values. |
|
|
530 | |
|
|
531 | =item C<BER_TYPE_OID> |
|
|
532 | |
|
|
533 | Encodes and decodes an OBJECT IDENTIFIER into dotted form without leading |
|
|
534 | dot, e.g. C<1.3.6.1.213>. |
|
|
535 | |
|
|
536 | =item C<BER_TYPE_RELOID> |
|
|
537 | |
|
|
538 | Same as C<BER_TYPE_OID> but uses relative object identifier |
|
|
539 | encoding: ASN.1 has this hack of encoding the first two OID components |
|
|
540 | into a single integer in a weird attempt to save an insignificant amount |
|
|
541 | of space in an otherwise wasteful encoding, and relative OIDs are |
|
|
542 | basically OIDs without this hack. The practical difference is that the |
|
|
543 | second component of an OID can only have the values 1..40, while relative |
|
|
544 | OIDs do not have this restriction. |
|
|
545 | |
|
|
546 | =item C<BER_TYPE_NULL> |
|
|
547 | |
|
|
548 | Decodes an C<ASN_NULL> value into C<undef>, and always encodes a |
|
|
549 | C<ASN_NULL> type, regardless of the perl value. |
|
|
550 | |
|
|
551 | =item C<BER_TYPE_BOOL> |
|
|
552 | |
|
|
553 | Decodes an C<ASN_BOOLEAN> value into C<0> or C<1>, and encodes a perl |
|
|
554 | boolean value into an C<ASN_BOOLEAN>. |
|
|
555 | |
|
|
556 | =item C<BER_TYPE_REAL> |
|
|
557 | |
|
|
558 | Decodes/encodes a BER real value. NOT IMPLEMENTED. |
|
|
559 | |
|
|
560 | =item C<BER_TYPE_IPADDRESS> |
|
|
561 | |
|
|
562 | Decodes/encodes a four byte string into an IPv4 dotted-quad address string |
|
|
563 | in Perl. Given the obsolete nature of this type, this is a low-effort |
|
|
564 | implementation that simply uses C<sprintf> and C<sscanf>-style conversion, |
|
|
565 | so it won't handle all string forms supported by C<inet_aton> for example. |
|
|
566 | |
|
|
567 | =item C<BER_TYPE_CROAK> |
|
|
568 | |
|
|
569 | Always croaks when encountered during encoding or decoding - the |
|
|
570 | default behaviour when encountering an unknown type is to treat it as |
|
|
571 | C<BER_TYPE_BYTES>. When you don't want that but instead prefer a hard |
|
|
572 | error for some types, then C<BER_TYPE_CROAK> is for you. |
|
|
573 | |
|
|
574 | =back |
|
|
575 | |
|
|
576 | =cut |
|
|
577 | |
|
|
578 | our $DEFAULT_PROFILE = new Convert::BER::XS::Profile; |
|
|
579 | our $SNMP_PROFILE = new Convert::BER::XS::Profile; |
|
|
580 | |
|
|
581 | # additional SNMP application types |
|
|
582 | $SNMP_PROFILE->set (ASN_APPLICATION, SNMP_IPADDRESS , BER_TYPE_IPADDRESS); |
|
|
583 | $SNMP_PROFILE->set (ASN_APPLICATION, SNMP_COUNTER32 , BER_TYPE_INT); |
|
|
584 | $SNMP_PROFILE->set (ASN_APPLICATION, SNMP_UNSIGNED32, BER_TYPE_INT); |
|
|
585 | $SNMP_PROFILE->set (ASN_APPLICATION, SNMP_TIMETICKS , BER_TYPE_INT); |
|
|
586 | $SNMP_PROFILE->set (ASN_APPLICATION, SNMP_OPAQUE , BER_TYPE_IPADDRESS); |
|
|
587 | $SNMP_PROFILE->set (ASN_APPLICATION, SNMP_COUNTER64 , BER_TYPE_INT); |
|
|
588 | |
|
|
589 | $DEFAULT_PROFILE->_set_default; |
300 | |
590 | |
301 | 1; |
591 | 1; |
302 | |
592 | |
303 | =head2 BUGS / SHORTCOMINGs |
593 | =head2 LIMITATIONS/NOTES |
304 | |
594 | |
305 | This module does have a number of SNMPisms hardcoded, such as the SNMP |
595 | This module can only en-/decode 64 bit signed and unsigned integers, and |
306 | tags for Unsigned32 and so on. More configurability is needed, and, if |
596 | only when your perl supports those. |
307 | ever implemented, will come in a form similar to how L<JSON::XS> and |
597 | |
308 | L<CBOR::XS> respresent things, namely with an object-oriented interface. |
598 | This module does not generally care about ranges, i.e. it will happily |
|
|
599 | de-/encode 64 bit integers into an C<ASN_INTEGER32> value, or a negative |
|
|
600 | number into an C<SNMP_COUNTER64>. |
|
|
601 | |
|
|
602 | OBJECT IDENTIFIEERs cannot have unlimited length, although the limit is |
|
|
603 | much larger than e.g. the one imposed by SNMP or other protocols,a nd is |
|
|
604 | about 4kB. |
|
|
605 | |
|
|
606 | REAL values are not supported and will currently croak. |
|
|
607 | |
|
|
608 | This module has undergone little to no testing so far. |
|
|
609 | |
|
|
610 | =head2 ITHREADS SUPPORT |
|
|
611 | |
|
|
612 | This module is unlikely to work when the (officially discouraged) ithreads |
|
|
613 | are in use. |
309 | |
614 | |
310 | =head1 AUTHOR |
615 | =head1 AUTHOR |
311 | |
616 | |
312 | Marc Lehmann <schmorp@schmorp.de> |
617 | Marc Lehmann <schmorp@schmorp.de> |
313 | http://software.schmorp.de/pkg/Convert-BER-XS |
618 | http://software.schmorp.de/pkg/Convert-BER-XS |