You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

493 lines
26 KiB
Rust

#[cfg(feature = "serde")]
use serde::{Deserialize, Serialize};
/// > The [`UserVerify`] constants are flags in a bitfield represented as a 32
/// > bit long integer. They describe the methods and capabilities of a FIDO
/// > authenticator for locally verifying a user. The operational details of
/// > these methods are opaque to the server. These constants are used in the
/// > authoritative metadata for FIDO authenticators, reported and queried
/// > through the UAF Discovery APIs, and used to form authenticator policies in
/// > UAF protocol messages. Each constant has a case-sensitive string
/// > representation (in quotes), which is used in the authoritative metadata
/// > for FIDO authenticators.
#[repr(u32)]
#[derive(Debug, PartialEq, Eq, Clone, Copy, Hash, PartialOrd, Ord)]
#[cfg_attr(feature = "serde", derive(Serialize, Deserialize))]
pub enum UserVerify {
/// > This flag MUST be set if the authenticator is able to confirm user
/// > presence in any fashion. If this flag and no other is set for user
/// > verification, the guarantee is only that the authenticator cannot be
/// > operated without some human intervention, not necessarily that the
/// > sensing of "presence" provides any level of user verification (e.g. a
/// > device that requires a button press to activate).
#[cfg_attr(feature = "serde", serde(rename = "presence_internal"))]
PresenceInternal = 0x0000_0001,
/// > This flag MUST be set if the authenticator uses any type of
/// > measurement of a fingerprint for user verification.
#[cfg_attr(feature = "serde", serde(rename = "fingerprint_internal"))]
FingerprintInternal = 0x0000_0002,
/// > This flag MUST be set if the authenticator uses a local-only passcode
/// > (i.e. a passcode not known by the server) for user verification.
#[cfg_attr(feature = "serde", serde(rename = "passcode_internal"))]
PasscodeInternal = 0x0000_0004,
/// > This flag MUST be set if the authenticator uses a local-only passcode
/// > (i.e. a passcode not known by the server) for user verification.
#[cfg_attr(feature = "serde", serde(rename = "voiceprint_internal"))]
VoiceprintInternal = 0x0000_0008,
/// > This flag MUST be set if the authenticator uses any manner of face
/// > recognition to verify the user.
#[cfg_attr(feature = "serde", serde(rename = "faceprint_internal"))]
FaceprintInternal = 0x0000_0010,
/// > This flag MUST be set if the authenticator uses any form of location
/// > sensor or measurement for user verification.
#[cfg_attr(feature = "serde", serde(rename = "location_internal"))]
LocationInternal = 0x0000_0020,
/// > This flag MUST be set if the authenticator uses any form of eye
/// > biometrics for user verification.
#[cfg_attr(feature = "serde", serde(rename = "eyeprint_internal"))]
EyeprintInternal = 0x0000_0040,
/// > This flag MUST be set if the authenticator uses a drawn pattern for
/// > user verification.
#[cfg_attr(feature = "serde", serde(rename = "pattern_internal"))]
PatternInternal = 0x0000_0080,
/// > This flag MUST be set if the authenticator uses any measurement of a
/// > full hand (including palm-print, hand geometry or vein geometry) for
/// > user verification.
#[cfg_attr(feature = "serde", serde(rename = "handprint_internal"))]
HandprintInternal = 0x0000_0100,
/// > This flag MUST be set if the authenticator uses a local-only passcode
/// > (i.e. a passcode not known by the server) for user verification that
/// > might be gathered outside the authenticator boundary.
#[cfg_attr(feature = "serde", serde(rename = "passcode_external"))]
PasscodeExternal = 0x0000_0800,
/// > This flag MUST be set if the authenticator uses a drawn pattern for
/// > user verification that might be gathered outside the authenticator
/// > boundary.
#[cfg_attr(feature = "serde", serde(rename = "pattern_external"))]
PatternExternal = 0x0000_1000,
/// > This flag MUST be set if the authenticator will respond without any
/// > user interaction (e.g. Silent Authenticator).
#[cfg_attr(feature = "serde", serde(rename = "none"))]
None = 0x0000_0200,
/// > If an authenticator sets multiple flags for the "_INTERNAL" and/or
/// > "_EXTERNAL" user verification types, it MAY also set this flag to
/// > indicate that all verification methods with respective flags set will
/// > be enforced (e.g. faceprint AND voiceprint). If flags for multiple
/// > user verification methods are set and this flag is not set,
/// > verification with only one is necessary (e.g. fingerprint OR
/// > passcode).
#[cfg_attr(feature = "serde", serde(rename = "all"))]
All = 0x0000_0400,
}
/// > The [`KeyProtection`] constants are flags in a bit field represented as a
/// > 16 bit long integer. They describe the method an authenticator uses to
/// > protect the private key material for FIDO registrations. Refer to
/// > [UAFAuthnrCommands] for more details on the relevance of keys and key
/// > protection. These constants are reported and queried through the UAF
/// > Discovery APIs and used to form authenticator policies in UAF protocol
/// > messages. Each constant has a case-sensitive string representation (in
/// > quotes), which is used in the authoritative metadata for FIDO
/// > authenticators.
/// >
/// > When used in metadata describing an authenticator, several of these flags
/// > are exclusive of others (i.e. can not be combined) - the certified
/// > metadata may have at most one of the mutually exclusive string constant
/// > values. When used in authenticator policy, any bit may be set to 1, e.g.
/// > to indicate that a server is willing to accept authenticators using either
/// > [`KeyProtection::Software`] or [`KeyProtection::Hardware`].
/// >
/// > > ## NOTE
/// > > These flags must be set according to the effective security of the keys,
/// > > in order to follow the assumptions made in [FIDOSecRef]. For example, if
/// > > a key is stored in a secure element but software running on the FIDO
/// > > User Device could call a function in the secure element to export the
/// > > key either in the clear or using an arbitrary wrapping key, then the
/// > > effective security is [`KeyProtection::Software`] and not
/// > > [`KeyProtection::SecureElement`].
#[repr(u16)]
#[derive(Debug)]
#[cfg_attr(feature = "serde", derive(Deserialize, Serialize))]
pub enum KeyProtection {
/// > This flag MUST be set if the authenticator uses software-based key
/// > management. Exclusive in authenticator metadata with
/// > [`KeyProtection::Hardware`], [`KeyProtection::Tee`],
/// > [`KeyProtection::SecureElement`]
#[cfg_attr(feature = "serde", serde(rename = "software"))]
Software = 0x0001,
/// > This flag SHOULD be set if the authenticator uses hardware-based key
/// > management. Exclusive in authenticator metadata with
/// > [`KeyProtection::Software`]
#[cfg_attr(feature = "serde", serde(rename = "hardware"))]
Hardware = 0x0002,
/// > This flag SHOULD be set if the authenticator uses the Trusted
/// > Execution Environment (TEE) for key management. In authenticator
/// > metadata, this flag should be set in conjunction with
/// > [`KeyProtection::Hardware`]. Mutually exclusive in authenticator
/// > metadata with [`KeyProtection::Software`],
/// > [`KeyProtection::SecureElement`]
#[cfg_attr(feature = "serde", serde(rename = "tee"))]
Tee = 0x0004,
/// > This flag SHOULD be set if the authenticator uses a Secure Element
/// > for key management. In authenticator metadata, this
/// > flag should be set in conjunction with [`KeyProtection::Hardware`].
/// > Mutually exclusive in authenticator metadata with
/// > [`KeyProtection::Tee`],[`KeyProtection::Software`]
#[cfg_attr(feature = "serde", serde(rename = "secure_element"))]
SecureElement = 0x0008,
/// > This flag MUST be set if the authenticator does not store (wrapped)
/// > UAuth keys at the client, but relies on a server-provided key handle.
/// > This flag MUST be set in conjunction with one of the other
/// > [`KeyProtection`] flags to indicate how the local key handle wrapping
/// > key and operations are protected. Servers MAY unset this flag in
/// > authenticator policy if they are not prepared to store and return key
/// > handles, for example, if they have a requirement to respond
/// > indistinguishably to authentication attempts against userIDs that do
/// > and do not exist. Refer to [UAFProtocol] for more details.
#[cfg_attr(feature = "serde", serde(rename = "remote_handle"))]
RemoteHandle = 0x0010,
}
/// > The [`MatcherProtection`] constants are flags in a bit field represented
/// > as a 16 bit long integer. They describe the method an authenticator uses
/// > to protect the matcher that performs user verification. These constants
/// > are reported and queried through the UAF Discovery APIs and used to form
/// > authenticator policies in UAF protocol messages. Refer to
/// > [UAFAuthnrCommands] for more details on the matcher component. Each
/// > constant has a case-sensitive string representation (in quotes), which is
/// > used in the authoritative metadata for FIDO authenticators.
/// >
/// > > ## NOTE
/// > > These flags must be set according to the effective security of the
/// > > matcher, in order to follow the assumptions made in [FIDOSecRef]. For
/// > > example, if a passcode based matcher is implemented in a secure element,
/// > > but the passcode is expected to be provided as unauthenticated
/// > > parameter, then the effective security is
/// > > [`MatcherProtection::Software`] and not [`MatcherProtection::OnChip`].
#[repr(u16)]
#[derive(Debug)]
#[cfg_attr(feature = "serde", derive(Deserialize, Serialize))]
pub enum MatcherProtection {
/// > This flag MUST be set if the authenticator's matcher is running in
/// > software. Exclusive in authenticator metadata with
/// > [`MatcherProtection::Tee`], [`MatcherProtection::OnChip`]
#[cfg_attr(feature = "serde", serde(rename = "software"))]
Software = 0x0001,
/// > This flag SHOULD be set if the authenticator's matcher is running
/// > inside the Trusted Execution Environment (TEE). Mutually exclusive in
/// > authenticator metadata with [`MatcherProtection::Software`],
/// > [`MatcherProtection::OnChip`]
#[cfg_attr(feature = "serde", serde(rename = "tee"))]
Tee = 0x0002,
/// > This flag SHOULD be set if the authenticator's matcher is running on
/// > the chip. Mutually exclusive in authenticator metadata with
/// > [`MatcherProtection::Tee`], [`MatcherProtection::Software`]
#[cfg_attr(feature = "serde", serde(rename = "on_chip"))]
OnChip = 0x0004,
}
/// > The [`AttachmentHint`] constants are flags in a bit field represented as a
/// > 32 bit long. They describe the method FIDO authenticators use to
/// > communicate with the FIDO User Device. These constants are reported and
/// > queried through the UAF Discovery APIs [UAFAppAPIAndTransport], and used
/// > to form Authenticator policies in UAF protocol messages. Because the
/// > connection state and topology of an authenticator may be transient, these
/// > values are only hints that can be used by server-supplied policy to guide
/// > the user experience, e.g. to prefer a device that is connected and ready
/// > for authenticating or confirming a low-value transaction, rather than one
/// > that is more secure but requires more user effort. Each constant has a
/// > case-sensitive string representation (in quotes), which is used in the
/// > authoritative metadata for FIDO authenticators.
/// >
/// > > ## NOTE
/// > > These flags are not a mandatory part of authenticator metadata and, when
/// > > present, only indicate possible states that may be reported during
/// > > authenticator discovery.
#[repr(u32)]
#[derive(Debug)]
#[cfg_attr(feature = "serde", derive(Deserialize, Serialize))]
pub enum AttachmentHint {
/// > This flag MAY be set to indicate that the authenticator is permanently
/// > attached to the FIDO User Device.
/// >
/// > A device such as a smartphone may have authenticator functionality
/// > that is able to be used both locally and remotely. In such a case, the
/// > FIDO client MUST filter and exclusively report only the relevant bit
/// > during Discovery and when performing policy matching.
/// >
/// > This flag cannot be combined with any other ATTACHMENT_HINT flags.
#[cfg_attr(feature = "serde", serde(rename = "internal"))]
Internal = 0x0001,
/// > This flag MAY be set to indicate, for a hardware-based authenticator,
/// > that it is removable or remote from the FIDO User Device.
/// >
/// > A device such as a smartphone may have authenticator functionality
/// > that is able to be used both locally and remotely. In such a case, the
/// > FIDO UAF Client MUST filter and exclusively report only the relevant
/// > bit during discovery and when performing policy matching. This flag
/// > MUST be combined with one or more other [`AttachmentHint`] flag(s).
#[cfg_attr(feature = "serde", serde(rename = "external"))]
External = 0x0002,
/// > This flag MAY be set to indicate that an external authenticator
/// > currently has an exclusive wired connection, e.g. through USB,
/// > Firewire or similar, to the FIDO User Device.
#[cfg_attr(feature = "serde", serde(rename = "wired"))]
Wired = 0x0004,
/// > This flag MAY be set to indicate that an external authenticator
/// > communicates with the FIDO User Device through a personal area or
/// > otherwise non-routed wireless protocol, such as Bluetooth or NFC.
#[cfg_attr(feature = "serde", serde(rename = "wireless"))]
Wireless = 0x0008,
/// > This flag MAY be set to indicate that an external authenticator is
/// > able to communicate by NFC to the FIDO User Device. As part of
/// > authenticator metadata, or when reporting characteristics through
/// > discovery, if this flag is set, the [`AttachmentHint::Wireless`] flag
/// > SHOULD also be set as well.
#[cfg_attr(feature = "serde", serde(rename = "nfc"))]
Nfc = 0x0010,
/// > This flag MAY be set to indicate that an external authenticator is
/// > able to communicate using Bluetooth with the FIDO User Device. As part
/// > of authenticator metadata, or when reporting characteristics through
/// > discovery, if this flag is set, the [`AttachmentHint::Wireless`] flag
/// > SHOULD also be set.
#[cfg_attr(feature = "serde", serde(rename = "bluetooth"))]
Bluetooth = 0x0020,
/// > This flag MAY be set to indicate that the authenticator is connected
/// > to the FIDO User Device over a non-exclusive network (e.g. over a
/// > TCP/IP LAN or WAN, as opposed to a PAN or point-to-point connection).
#[cfg_attr(feature = "serde", serde(rename = "network"))]
Network = 0x0040,
/// > This flag MAY be set to indicate that an external authenticator is in
/// > a "ready" state. This flag is set by the ASM at its discretion.
/// >
/// > > ## NOTE
/// > > Generally this should indicate that the device is immediately
/// > > available to perform user verification without additional actions
/// > > such as connecting the device or creating a new biometric profile
/// > > enrollment, but the exact meaning may vary for different types of
/// > > devices. For example, a USB authenticator may only report itself as
/// > > ready when it is plugged in, or a Bluetooth authenticator when it is
/// > > paired and connected, but an NFC-based authenticator may always
/// > > report itself as ready.
#[cfg_attr(feature = "serde", serde(rename = "ready"))]
Ready = 0x0080,
/// > This flag MAY be set to indicate that an external authenticator is
/// > able to communicate using WiFi Direct with the FIDO User Device. As
/// > part of authenticator metadata and when reporting characteristics
/// > through discovery, if this flag is set, the
/// > [`AttachmentHint::Wireless`] flag SHOULD also be set.
#[cfg_attr(feature = "serde", serde(rename = "wifi_direct"))]
WifiDirect = 0x0100,
}
/// > The [`TransactionConfirmationDisplay`] constants are flags in a bit field
/// > represented as a 16 bit long integer. They describe the availability and
/// > implementation of a transaction confirmation display capability required
/// > for the transaction confirmation operation. These constants are reported
/// > and queried through the UAF Discovery APIs and used to form authenticator
/// > policies in UAF protocol messages. Each constant has a case-sensitive
/// > string representation (in quotes), which is used in the authoritative
/// > metadata for FIDO authenticators. Refer to [UAFAuthnrCommands] for more
/// > details on the security aspects of TransactionConfirmation Display.
#[repr(u16)]
#[derive(Debug)]
#[cfg_attr(feature = "serde", derive(Deserialize, Serialize))]
pub enum TransactionConfirmationDisplay {
/// > This flag MUST be set to indicate that a transaction confirmation
/// > display, of any type, is available on this authenticator. Other
/// > [`TransactionConfirmationDisplay`] flags MAY also be set if this flag
/// > is set. If the authenticator does not support a transaction
/// > confirmation display, then the value of
/// > [`TransactionConfirmationDisplay`] MUST be set to 0.
#[cfg_attr(feature = "serde", serde(rename = "any"))]
Any = 0x0001,
/// > This flag MUST be set to indicate, that a software-based transaction
/// > confirmation display operating in a privileged context is available on
/// > this authenticator.
/// >
/// > A FIDO client that is capable of providing this capability MAY set
/// > this bit (in conjunction with [`TransactionDisplayConfirm::Any`]) for
/// > all authenticators of type [`AttachmentHint::Internal`], even if the
/// > authoritative metadata for the authenticator does not indicate this
/// > capability.
/// >
/// > > ## NOTE
/// > > Software based transaction confirmation displays might be
/// > > implemented within the boundaries of the ASM rather than by the
/// > > authenticator itself [UAFASM].
/// >
/// > This flag is mutually exclusive with
/// > [`TransactionConfirmationDisplay::Tee`] and
/// > [`TransactionConfirmationDisplay::Hardware`].
#[cfg_attr(feature = "serde", serde(rename = "privileged_software"))]
PrivilegedSoftware = 0x0002,
/// > This flag SHOULD be set to indicate that the authenticator implements
/// > a transaction confirmation display in a Trusted Execution Environment
/// > ([TEE], [TEESecureDisplay]). This flag is mutually exclusive with
/// > [`TransactionConfirmationDisplay::PrivilegedSoftware`] and
/// > [`TransactionConfirmationDisplay::Hardware`].
#[cfg_attr(feature = "serde", serde(rename = "tee"))]
Tee = 0x0004,
/// > This flag SHOULD be set to indicate that a transaction confirmation
/// > display based on hardware assisted capabilities is available on this
/// > authenticator. This flag is mutually exclusive with
/// > [`TransactionConfirmationDisplay::PrivilegedSoftware`] and
/// > [`TransactionConfirmationDisplay::Tee`].
#[cfg_attr(feature = "serde", serde(rename = "hardware"))]
Hardware = 0x0008,
/// > This flag SHOULD be set to indicate that the transaction confirmation
/// > display is provided on a distinct device from the FIDO User Device.
/// > This flag can be combined with any other flag.
#[cfg_attr(feature = "serde", serde(rename = "remote"))]
Remote = 0x0010,
}
pub mod algorithms {
//! > These tags indicate the specific authentication algorithms, public key
//! > formats and other crypto relevant data.
#[cfg(feature = "serde")]
use serde::{Deserialize, Serialize};
/// > The [`Signature`] constants are 16 bit long integers indicating the
/// > specific signature algorithm and encoding.
/// >
/// > Each constant has a case-sensitive string representation (in quotes),
/// > which is used in the authoritative metadata for FIDO authenticators.
#[repr(u16)]
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
#[cfg_attr(feature = "serde", derive(Deserialize, Serialize))]
pub enum Signature {
#[cfg_attr(feature = "serde", serde(rename = "secp256r1_ecdsa_sha256_raw"))]
Secp256r1EcdsaSha256Raw = 0x0001,
#[cfg_attr(feature = "serde", serde(rename = "secp256r1_ecdsa_sha256_der"))]
Secp256r1EcdsaSha256Der = 0x0002,
#[cfg_attr(feature = "serde", serde(rename = "rsassa_pss_sha256_raw"))]
RsaSsaPssSha256Raw = 0x0003,
#[cfg_attr(feature = "serde", serde(rename = "rsassa_pss_sha256_der"))]
RsaSsaPssSha256Der = 0x0004,
#[cfg_attr(feature = "serde", serde(rename = "secp256k1_ecdsa_sha256_raw"))]
Secp256k1EcdsaSha256Raw = 0x0005,
#[cfg_attr(feature = "serde", serde(rename = "secp256k1_ecdsa_sha256_der"))]
Secp256k1EcdsaSha256Der = 0x0006,
#[cfg_attr(feature = "serde", serde(rename = "sm2_sm3_raw"))]
Sm2Sm3Raw = 0x0007,
#[cfg_attr(feature = "serde", serde(rename = "rsa_emsa_pkcs1_sha256_raw"))]
RsaEmsaPkcs1Sha256Raw = 0x0008,
#[cfg_attr(feature = "serde", serde(rename = "rsa_emsa_pkcs1_sha256_der"))]
RsaEmsaPkcs1Sha256Der = 0x0009,
#[cfg_attr(feature = "serde", serde(rename = "rsassa_pss_sha384_raw"))]
RsaSsaPsSha384Raw = 0x000A,
#[cfg_attr(feature = "serde", serde(rename = "rsassa_pss_sha512_raw"))]
RsaSsaPssSha512Raw = 0x000B,
#[cfg_attr(feature = "serde", serde(rename = "rsassa_pkcsv15_sha256_raw"))]
RsaSsaPkcsv15Sha256Raw = 0x000C,
#[cfg_attr(feature = "serde", serde(rename = "rsassa_pkcsv15_sha384_raw"))]
RsaSsaPkcsv15Sha384Raw = 0x000D,
#[cfg_attr(feature = "serde", serde(rename = "rsassa_pkcsv15_sha512_raw"))]
RsaSsaPkcsv15Sha512Raw = 0x000E,
#[cfg_attr(feature = "serde", serde(rename = "rsassa_pkcsv15_sha1_raw"))]
RsaSsaPkcsv15Sha1Raw = 0x000F,
#[cfg_attr(feature = "serde", serde(rename = "secp384r1_ecdsa_sha384_raw"))]
Secp384r1EcdsaSha384Raw = 0x0010,
#[cfg_attr(feature = "serde", serde(rename = "secp521r1_ecdsa_sha512_raw"))]
Secp521r1EcdsaSha512Raw = 0x0011,
#[cfg_attr(feature = "serde", serde(rename = "ed25519_eddsa_sha512_raw"))]
Ed25519EddsaSha512Raw = 0x0012,
#[cfg_attr(feature = "serde", serde(rename = "ed448_eddsa_sha512_raw"))]
Ed448EddsaSha512Raw = 0x0013,
}
/// > The [`PublicKey`] constants are 16 bit long integers indicating the
/// > specific Public Key algorithm and encoding.
#[repr(u16)]
#[cfg_attr(feature = "serde", derive(Serialize, Deserialize))]
pub enum PublicKey {
#[cfg_attr(feature = "serde", serde(rename = "ecc_x962_raw"))]
EccX962Raw = 0x0100,
#[cfg_attr(feature = "serde", serde(rename = "ecc_x962_der"))]
EccX962Der = 0x0101,
#[cfg_attr(feature = "serde", serde(rename = "rsa_2048_raw"))]
Rsa2048Raw = 0x0102,
#[cfg_attr(feature = "serde", serde(rename = "rsa_2048_der"))]
Rsa2048Der = 0x0103,
#[cfg_attr(feature = "serde", serde(rename = "cose"))]
Cose = 0x0104,
}
}
/// > The [`Attestation`] constants are 16 bit long integers indicating the
/// > specific attestation that authenticator supports.
#[repr(u16)]
#[cfg_attr(feature = "serde", derive(Serialize, Deserialize))]
pub enum Attestation {
/// > Indicates full basic attestation, based on an attestation private key
/// > shared among a class of authenticators (e.g. same model).
/// > Authenticators must provide its attestation signature during the
/// > registration process for the same reason. The attestation trust anchor
/// > is shared with FIDO Servers out of band (as part of the Metadata).
/// > This sharing process should be done according to
/// > [FIDOMetadataService].
#[cfg_attr(feature = "serde", serde(rename = "basic_full"))]
BasicFull = 0x3E07,
/// > Just syntactically a Basic Attestation. The attestation object
/// > self-signed, i.e. it is signed using the UAuth.priv key, i.e. the key
/// > corresponding to the UAuth.pub key included in the attestation object.
/// > As a consequence it does not provide a cryptographic proof of the
/// > security characteristics. But it is the best thing we can do if the
/// > authenticator is not able to have an attestation private key.
#[cfg_attr(feature = "serde", serde(rename = "basic_surrogate"))]
BasicSurrogate = 0x3E08,
/// > Indicates use of elliptic curve based direct anonymous attestation as
/// > defined in [FIDOEcdaaAlgorithm]. Support for this attestation type is
/// > optional at this time. It might be required by FIDO Certification.
#[cfg_attr(feature = "serde", serde(rename = "ecdaa"))]
EllipticCurveDirectAnonymous = 0x3E09,
/// > Indicates PrivacyCA attestation as defined in
/// > [TCG-CMCProfile-AIKCertEnroll]. Support for this attestation type is
/// > optional at this time. It might be required by FIDO Certification.
#[cfg_attr(feature = "serde", serde(rename = "attca"))]
PrivacyCA = 0x3E0A,
/// > In this case, the authenticator uses an Anonymization CA which
/// > dynamically generates per-credential attestation certificates such
/// > that the attestation statements presented to Relying Parties do not
/// > provide uniquely identifiable information, e.g., that might be used
/// > for tracking purposes. The applicable [WebAuthn] attestation formats
/// > "fmt" are Google SafetyNet Attestation "android-safetynet", Android
/// > Keystore Attestation "android-key", Apple Anonymous Attestation
/// > "apple", and Apple Application Attestation "apple-appattest".
#[cfg_attr(feature = "serde", serde(rename = "anonca"))]
AnonymizationCA = 0x3E0C,
/// > Indicates absence of attestation.
#[cfg_attr(feature = "serde", serde(rename = "none"))]
None = 0x3E0B,
}