Google在https://developer.android.com/training/articles/security-key-attestation#attestation-v3上提供的ASN.1定义是否有效?
KeyDescription ::= SEQUENCE {
attestationVersion 3,
attestationSecurityLevel SecurityLevel,
keymasterVersion INTEGER,
keymasterSecurityLevel SecurityLevel,
attestationChallenge OCTET_STRING,
uniqueId OCTET_STRING,
softwareEnforced AuthorizationList,
teeEnforced AuthorizationList,
}
SecurityLevel ::= ENUMERATED {
Software (0),
TrustedEnvironment (1),
StrongBox (2),
}
AuthorizationList ::= SEQUENCE {
purpose [1] EXPLICIT SET OF INTEGER OPTIONAL,
algorithm [2] EXPLICIT INTEGER OPTIONAL,
keySize [3] EXPLICIT INTEGER OPTIONAL,
digest [5] EXPLICIT SET OF INTEGER OPTIONAL,
padding [6] EXPLICIT SET OF INTEGER OPTIONAL,
ecCurve [10] EXPLICIT INTEGER OPTIONAL,
rsaPublicExponent [200] EXPLICIT INTEGER OPTIONAL,
rollbackResistance [303] EXPLICIT NULL OPTIONAL,
activeDateTime [400] EXPLICIT INTEGER OPTIONAL,
originationExpireDateTime [401] EXPLICIT INTEGER OPTIONAL,
usageExpireDateTime [402] EXPLICIT INTEGER OPTIONAL,
noAuthRequired [503] EXPLICIT NULL OPTIONAL,
userAuthType [504] EXPLICIT INTEGER OPTIONAL,
authTimeout [505] EXPLICIT INTEGER OPTIONAL,
allowWhileOnBody [506] EXPLICIT NULL OPTIONAL,
trustedUserPresenceRequired [507] EXPLICIT NULL OPTIONAL,
trustedConfirmationRequired [508] EXPLICIT NULL OPTIONAL,
unlockedDeviceRequired [509] EXPLICIT NULL OPTIONAL,
allApplications [600] EXPLICIT NULL OPTIONAL,
applicationId [601] EXPLICIT OCTET_STRING OPTIONAL,
creationDateTime [701] EXPLICIT INTEGER OPTIONAL,
origin [702] EXPLICIT INTEGER OPTIONAL,
rootOfTrust [704] EXPLICIT RootOfTrust OPTIONAL,
osVersion [705] EXPLICIT INTEGER OPTIONAL,
osPatchLevel [706] EXPLICIT INTEGER OPTIONAL,
attestationApplicationId [709] EXPLICIT OCTET_STRING OPTIONAL,
attestationIdBrand [710] EXPLICIT OCTET_STRING OPTIONAL,
attestationIdDevice [711] EXPLICIT OCTET_STRING OPTIONAL,
attestationIdProduct [712] EXPLICIT OCTET_STRING OPTIONAL,
attestationIdSerial [713] EXPLICIT OCTET_STRING OPTIONAL,
attestationIdImei [714] EXPLICIT OCTET_STRING OPTIONAL,
attestationIdMeid [715] EXPLICIT OCTET_STRING OPTIONAL,
attestationIdManufacturer [716] EXPLICIT OCTET_STRING OPTIONAL,
attestationIdModel [717] EXPLICIT OCTET_STRING OPTIONAL,
vendorPatchLevel [718] EXPLICIT INTEGER OPTIONAL,
bootPatchLevel [719] EXPLICIT INTEGER OPTIONAL,
}
RootOfTrust ::= SEQUENCE {
verifiedBootKey OCTET_STRING,
deviceLocked BOOLEAN,
verifiedBootState VerifiedBootState,
verifiedBootHash OCTET_STRING,
}
VerifiedBootState ::= ENUMERATED {
Verified (0),
SelfSigned (1),
Unverified (2),
Failed (3),
}
因为要使其与python asn1tools
和https://asn1.io/asn1playground/一起使用,我必须:
attestationVersion 3
更改为attestationVersion INTEGER
,OCTET_STRING
至OCTET STRING
,ASN1 DEFINITIONS ::= BEGIN
KeyDescription ::= SEQUENCE {
attestationVersion INTEGER,
attestationSecurityLevel SecurityLevel,
keymasterVersion INTEGER,
keymasterSecurityLevel SecurityLevel,
attestationChallenge OCTET STRING,
uniqueId OCTET STRING,
softwareEnforced AuthorizationList,
teeEnforced AuthorizationList
}
SecurityLevel ::= ENUMERATED {
software (0),
trustedEnvironment (1),
strongBox (2)
}
AuthorizationList ::= SEQUENCE {
purpose [1] EXPLICIT SET OF INTEGER OPTIONAL,
algorithm [2] EXPLICIT INTEGER OPTIONAL,
keySize [3] EXPLICIT INTEGER OPTIONAL,
digest [5] EXPLICIT SET OF INTEGER OPTIONAL,
padding [6] EXPLICIT SET OF INTEGER OPTIONAL,
ecCurve [10] EXPLICIT INTEGER OPTIONAL,
rsaPublicExponent [200] EXPLICIT INTEGER OPTIONAL,
rollbackResistance [303] EXPLICIT NULL OPTIONAL,
activeDateTime [400] EXPLICIT INTEGER OPTIONAL,
originationExpireDateTime [401] EXPLICIT INTEGER OPTIONAL,
usageExpireDateTime [402] EXPLICIT INTEGER OPTIONAL,
noAuthRequired [503] EXPLICIT NULL OPTIONAL,
userAuthType [504] EXPLICIT INTEGER OPTIONAL,
authTimeout [505] EXPLICIT INTEGER OPTIONAL,
allowWhileOnBody [506] EXPLICIT NULL OPTIONAL,
trustedUserPresenceRequired [507] EXPLICIT NULL OPTIONAL,
trustedConfirmationRequired [508] EXPLICIT NULL OPTIONAL,
unlockedDeviceRequired [509] EXPLICIT NULL OPTIONAL,
allApplications [600] EXPLICIT NULL OPTIONAL,
applicationId [601] EXPLICIT OCTET STRING OPTIONAL,
creationDateTime [701] EXPLICIT INTEGER OPTIONAL,
origin [702] EXPLICIT INTEGER OPTIONAL,
rootOfTrust [704] EXPLICIT RootOfTrust OPTIONAL,
osVersion [705] EXPLICIT INTEGER OPTIONAL,
osPatchLevel [706] EXPLICIT INTEGER OPTIONAL,
attestationApplicationId [709] EXPLICIT OCTET STRING OPTIONAL,
attestationIdBrand [710] EXPLICIT OCTET STRING OPTIONAL,
attestationIdDevice [711] EXPLICIT OCTET STRING OPTIONAL,
attestationIdProduct [712] EXPLICIT OCTET STRING OPTIONAL,
attestationIdSerial [713] EXPLICIT OCTET STRING OPTIONAL,
attestationIdImei [714] EXPLICIT OCTET STRING OPTIONAL,
attestationIdMeid [715] EXPLICIT OCTET STRING OPTIONAL,
attestationIdManufacturer [716] EXPLICIT OCTET STRING OPTIONAL,
attestationIdModel [717] EXPLICIT OCTET STRING OPTIONAL,
vendorPatchLevel [718] EXPLICIT INTEGER OPTIONAL,
bootPatchLevel [719] EXPLICIT INTEGER OPTIONAL
}
RootOfTrust ::= SEQUENCE {
verifiedBootKey OCTET STRING,
deviceLocked BOOLEAN,
verifiedBootState VerifiedBootState,
verifiedBootHash OCTET STRING
}
VerifiedBootState ::= ENUMERATED {
verified (0),
selfSigned (1),
unverified (2),
failed (3)
}
END
您进行的更正是必要的。上面的第一个ASN.1规范包含您列出的所有错误。