I am new to ASN.1 and DER. I have a naive question about parsing a certificate stored in DER format.
How do I tell the difference between a SET (0x31) and a SEQUENCE OF booleans (0x31)?
As I understand it the tag for a SET is 0x31.
But wouldn't the tag for a SEQUENCE OF (0x30) + BOOLEAN (0x01) also be 0x31 ?
What am I missing? How do I treat a tag byte with a value of 0x31?
Please be gentle.
On
Tags do not get mathematically added to each other to create new tags. In DER, one Tag-length-value (TLV) can contain one or more additional TLVs inside the Value part. The Tag for SEQUENCE and SEQUENCE OF (0x30) are the same, and the Tag for SET and SET OF (0x31) are the same. To have a SEQUENCE OF BOOLEAN, you would have the Tag for SEQUENCE OF, and a length, followed by one or more TLVs for the BOOLEANs.
A great place to experiment with how tags work is the ASN.1 Playground (https://asn1.io/asn1playground/).
On
How do I tell the difference between a SET (0x31) and a SEQUENCE OF booleans (0x31)?
The short answer is that you can't quite.
You can tell if it's a SET or SEQUENCE by looking at the first byte of the encoding. If the tag is [UNIVERSAL SET] then it's a SET, and if it's a [UNIVERSAL SEQUENCE] then it's a SEQUENCE.
What you can't do is tell whether it's a SET rather than a SET OF, or SEQUENCE rather than a SEQUENCE OF. Nor can you tell what is expected as the contents -- you have to know that independently. So if you're expecting a SEQUENCE OF BOOLEAN and you find a [UNIVERSAL SEQUENCE] tag then you expect that the values in the sequence will all be of type BOOLEAN, and if you find any that aren't then you yield an error.
ASN.1's BER family of encoding rules is said to be "self-describing", but within limits. It's not really that self-describing. If you don't know what the schema is for some encoded data, well, you can only get some idea of what it is from the tags. Other encoding rules may not be self-describing at all. For example, the PER and OER encoding rules are not self-describing.
If you look around the questions on asn.1, you'll find that most people are mixing specification and encoding ...
ASN.1 specification tells you the difference between SET, SEQUENCE, SET OF, SEQUENCE OF
The specification explains what data you expect. Look at this example
ASN.1 encoding rules tells you how the data (from the specification) is going to be serialized as bytes on the wire
This is where we speak of DER being a set of encoding rules that use tags
(back to your question) to keep it simple: if you know that you must decode a SEQUENCE you know that you must expect 0x30 (same for SET with 0x31)
Note there is something wrong in your question
SEQUENCE OF universal tag is 0x30 (like SEQUENCE)
Keep in mind the basics: you don't try to understand the data when you decode it, you know how to decode because you know the specification (and this should be ideally done by some generated code ... not you)