diff --git a/crates/fido-common/src/attestation.rs b/crates/fido-common/src/attestation.rs index 22b2d27..58d3d15 100644 --- a/crates/fido-common/src/attestation.rs +++ b/crates/fido-common/src/attestation.rs @@ -1,5 +1,6 @@ #[cfg(feature = "serde")] use serde::{Deserialize, Serialize}; +pub mod enterprise; /// > Attestation statement formats are identified by a string, called an /// > attestation statement format identifier, chosen by the author of the @@ -70,33 +71,6 @@ pub enum FormatIdentifier { None, } -pub mod enterprise { - #[repr(usize)] - #[derive(Clone, Copy)] - pub enum Kind { - /// > In this case, an enterprise attestation capable authenticator, on - /// > which enterprise attestation is enabled, upon receiving the - /// > enterpriseAttestation parameter with a value of 1 (or 2, see Note - /// > below) on a authenticatorMakeCredential command, will provide - /// > enterprise attestation to a non-updateable pre-configured RP ID - /// > list, as identified by the enterprise and provided to the - /// > authenticator vendor, which is "burned into" the authenticator by - /// > the vendor. - /// > If enterprise attestation is requested for any RP ID other than - /// > the pre-configured RP ID(s), the attestation returned along with - /// > the new credential is a regular privacy-preserving attestation, - /// > i.e., NOT an enterprise attestation. - VendorFacilitated = 1, - /// > In this case, an enterprise attestation capable authenticator on - /// > which enterprise attestation is enabled, upon receiving the - /// > enterpriseAttestation parameter with a value of 2 on a - /// > authenticatorMakeCredential command, will return an enterprise - /// > attestation. The platform is enterprise-managed and has already - /// > performed the necessary vetting of the RP ID. - PlatformManaged = 2, - } -} - /// > Attested credential data is a variable-length byte array added to the /// > authenticator data when generating an attestation object for a given /// > credential. diff --git a/crates/fido-common/src/attestation/enterprise.rs b/crates/fido-common/src/attestation/enterprise.rs new file mode 100644 index 0000000..297bc29 --- /dev/null +++ b/crates/fido-common/src/attestation/enterprise.rs @@ -0,0 +1,28 @@ +#[cfg(feature = "serde")] +use serde::{Deserialize, Serialize}; + +#[repr(usize)] +#[derive(Debug, Clone, Copy)] +#[cfg_attr(feature = "serde", derive(Serialize, Deserialize))] +pub enum Kind { + /// > In this case, an enterprise attestation capable authenticator, on + /// > which enterprise attestation is enabled, upon receiving the + /// > enterpriseAttestation parameter with a value of 1 (or 2, see Note + /// > below) on a authenticatorMakeCredential command, will provide + /// > enterprise attestation to a non-updateable pre-configured RP ID + /// > list, as identified by the enterprise and provided to the + /// > authenticator vendor, which is "burned into" the authenticator by + /// > the vendor. + /// > If enterprise attestation is requested for any RP ID other than + /// > the pre-configured RP ID(s), the attestation returned along with + /// > the new credential is a regular privacy-preserving attestation, + /// > i.e., NOT an enterprise attestation. + VendorFacilitated = 1, + /// > In this case, an enterprise attestation capable authenticator on + /// > which enterprise attestation is enabled, upon receiving the + /// > enterpriseAttestation parameter with a value of 2 on a + /// > authenticatorMakeCredential command, will return an enterprise + /// > attestation. The platform is enterprise-managed and has already + /// > performed the necessary vetting of the RP ID. + PlatformManaged = 2, +}