Add support for packed attestionation format.

• Basic (mandatory)
• AttCA (mandatory)
• Self Attestation (mandatory)
• ECDAA (optional)

At the moment, only FIDO U2F features are tested.
Even if the Webauthn specification is not an approved standard, some parts are implemented and can be tested.
Unit and Functional tests shall be written, at least for the minimum required components (e.g. PublicKeyCredential, entities, PublicKeyCredentialDescriptor...)

A demo (e.g. docker-based) should be provided to allow users to have a better undertanding of this library usage.

Describe the bug
To use this module in combination with OTPHP, a composer requirement of beberlei/assert 3.1 clashes with OTPHP's requirement of beberlei/assert 2.4

To Reproduce
Steps to reproduce the behavior:

1. Require both OTPHP and u2f-php libraries in composer.json
2. Run composer update

Expected behavior
A successful installation of both libraries

When loaded, the attestation statement trust path should be available through a call that clearly indicates the trust path.

• Empty Trust Path
• Certificate Trust Path
• EcdaaTrust Path

At the moment, objects related to the webauthn extensions are present, but as there is not concrete implementation on the relaying parties and thus are not easy to perform test in real environment.

This issue is a reminder that will be closed when the specification will be considered as an approved standard with test vectors and/or concrete implementations.

At the moment, the AttestationStatement class does not indicates of what type it is.
A convenient method should be added and return the appropriate information (basic...)

At the moment, the public key credential is just a binary string.
It could be easier for implementers to get a dedicated object that represent that key.

This object could be of type RsaKey/EcKey implementing an interface (e.g. PublicKeyCredential).

Add Android SafetyNet Attestation support.

https://github.com/Firehed/u2f-php
https://github.com/Yubico/php-u2flib-server

I've found two other libraries that provide the same FIDO U2F server protocol in PHP. What's the difference with those libraries?

This library becomes more and more complex. Other repositories will be created e.g. for Symfony bundle.

To ease the management and the development of the library/bundle and the future of the whole project, a new organization should be used.
=> many/mono repo mgmt like what is done for web-token.

Any chance of this going stable any time soon? It looks interesting, but without a proper stable release, it's hard to consider it for production use.

Add Android Key Attestation support.

Add TMP Attestation format support.

• AttCA
• ECDAA

The library only supports EC signatures and may support RSA ones.
The algorithms supported by this library should be extensible and new algorithms should be easily added if needed.

see https://scrutinizer-ci.com/g/Spomky-Labs/u2f-php/issues/master/files/src/Fido2/PublicKeyCredentialDescriptor.php?orderField=path&order=asc&honorSelectedPaths=0&issueId=33764501#inspectioncomment-115318988