git: a32212fb595a - stable/13 - Import libfido2 at 'contrib/libfido2/'

From: Ed Maste <emaste_at_FreeBSD.org>
Date: Wed, 09 Feb 2022 23:58:15 UTC
The branch stable/13 has been updated by emaste:

URL: https://cgit.FreeBSD.org/src/commit/?id=a32212fb595a58ee56972c0fc8b55b05ca5e82c5

commit a32212fb595a58ee56972c0fc8b55b05ca5e82c5
Author:     Ed Maste <emaste@FreeBSD.org>
AuthorDate: 2021-10-07 01:27:02 +0000
Commit:     Ed Maste <emaste@FreeBSD.org>
CommitDate: 2022-02-09 21:23:53 +0000

    Import libfido2 at 'contrib/libfido2/'
    
    git-subtree-dir: contrib/libfido2
    git-subtree-mainline: d586c978b9b4216869e589daa5bbcc33225a0e35
    git-subtree-split: a58dee945a5da64d0e97f35a508928e0d17c9cc7
    (cherry picked from commit 0afa8e065e14bb8fd338d75690e0238c00167d40)
---
 contrib/libfido2/CMakeLists.txt                    |  418 +++++
 contrib/libfido2/LICENSE                           |   24 +
 contrib/libfido2/NEWS                              |  179 +++
 contrib/libfido2/README.adoc                       |   93 ++
 contrib/libfido2/examples/CMakeLists.txt           |   69 +
 contrib/libfido2/examples/README.adoc              |   98 ++
 contrib/libfido2/examples/assert.c                 |  342 ++++
 contrib/libfido2/examples/cred.c                   |  346 +++++
 contrib/libfido2/examples/extern.h                 |   33 +
 contrib/libfido2/examples/info.c                   |  293 ++++
 contrib/libfido2/examples/manifest.c               |   41 +
 contrib/libfido2/examples/reset.c                  |   55 +
 contrib/libfido2/examples/retries.c                |   48 +
 contrib/libfido2/examples/select.c                 |  214 +++
 contrib/libfido2/examples/setpin.c                 |   54 +
 contrib/libfido2/examples/util.c                   |  413 +++++
 contrib/libfido2/fuzz/CMakeLists.txt               |   63 +
 contrib/libfido2/fuzz/Dockerfile                   |   12 +
 contrib/libfido2/fuzz/Makefile                     |   79 +
 contrib/libfido2/fuzz/README                       |   33 +
 contrib/libfido2/fuzz/build-coverage               |   31 +
 contrib/libfido2/fuzz/dummy.h                      |   96 ++
 contrib/libfido2/fuzz/export.gnu                   |  242 +++
 contrib/libfido2/fuzz/functions.txt                |  807 ++++++++++
 contrib/libfido2/fuzz/fuzz_assert.c                |  471 ++++++
 contrib/libfido2/fuzz/fuzz_bio.c                   |  440 ++++++
 contrib/libfido2/fuzz/fuzz_cred.c                  |  455 ++++++
 contrib/libfido2/fuzz/fuzz_credman.c               |  405 +++++
 contrib/libfido2/fuzz/fuzz_hid.c                   |  215 +++
 contrib/libfido2/fuzz/fuzz_largeblob.c             |  270 ++++
 contrib/libfido2/fuzz/fuzz_mgmt.c                  |  480 ++++++
 contrib/libfido2/fuzz/fuzz_netlink.c               |  249 +++
 contrib/libfido2/fuzz/libfuzzer.c                  |  177 +++
 contrib/libfido2/fuzz/mutator_aux.c                |  326 ++++
 contrib/libfido2/fuzz/mutator_aux.h                |   96 ++
 contrib/libfido2/fuzz/preload-fuzz.c               |  104 ++
 contrib/libfido2/fuzz/preload-snoop.c              |  217 +++
 contrib/libfido2/fuzz/prng.c                       |  113 ++
 contrib/libfido2/fuzz/report.tgz                   |  Bin 0 -> 303082 bytes
 contrib/libfido2/fuzz/summary.txt                  |   51 +
 contrib/libfido2/fuzz/udev.c                       |  269 ++++
 contrib/libfido2/fuzz/uniform_random.c             |   57 +
 contrib/libfido2/fuzz/wiredata_fido2.h             |  633 ++++++++
 contrib/libfido2/fuzz/wiredata_u2f.h               |  152 ++
 contrib/libfido2/fuzz/wrap.c                       |  582 +++++++
 contrib/libfido2/fuzz/wrapped.sym                  |   83 +
 contrib/libfido2/man/CMakeLists.txt                |  371 +++++
 contrib/libfido2/man/NOTES                         |    7 +
 contrib/libfido2/man/dyc.css                       |   14 +
 contrib/libfido2/man/eddsa_pk_new.3                |  122 ++
 contrib/libfido2/man/es256_pk_new.3                |  126 ++
 contrib/libfido2/man/fido2-assert.1                |  256 +++
 contrib/libfido2/man/fido2-cred.1                  |  267 ++++
 contrib/libfido2/man/fido2-token.1                 |  388 +++++
 contrib/libfido2/man/fido_assert_allow_cred.3      |   47 +
 contrib/libfido2/man/fido_assert_new.3             |  243 +++
 contrib/libfido2/man/fido_assert_set_authdata.3    |  221 +++
 contrib/libfido2/man/fido_assert_verify.3          |   79 +
 contrib/libfido2/man/fido_bio_dev_get_info.3       |  122 ++
 contrib/libfido2/man/fido_bio_enroll_new.3         |   95 ++
 contrib/libfido2/man/fido_bio_info_new.3           |   81 +
 contrib/libfido2/man/fido_bio_template.3           |  179 +++
 contrib/libfido2/man/fido_cbor_info_new.3          |  231 +++
 contrib/libfido2/man/fido_cred_exclude.3           |   60 +
 contrib/libfido2/man/fido_cred_new.3               |  257 +++
 contrib/libfido2/man/fido_cred_set_authdata.3      |  307 ++++
 contrib/libfido2/man/fido_cred_verify.3            |   69 +
 contrib/libfido2/man/fido_credman_metadata_new.3   |  326 ++++
 contrib/libfido2/man/fido_dev_enable_entattest.3   |   98 ++
 contrib/libfido2/man/fido_dev_get_assert.3         |   76 +
 contrib/libfido2/man/fido_dev_get_touch_begin.3    |   73 +
 contrib/libfido2/man/fido_dev_info_manifest.3      |  143 ++
 contrib/libfido2/man/fido_dev_largeblob_get.3      |  194 +++
 contrib/libfido2/man/fido_dev_make_cred.3          |   77 +
 contrib/libfido2/man/fido_dev_open.3               |  250 +++
 contrib/libfido2/man/fido_dev_set_io_functions.3   |  134 ++
 contrib/libfido2/man/fido_dev_set_pin.3            |  103 ++
 contrib/libfido2/man/fido_init.3                   |   52 +
 contrib/libfido2/man/fido_strerr.3                 |   27 +
 contrib/libfido2/man/rs256_pk_new.3                |  122 ++
 contrib/libfido2/man/style.css                     |   24 +
 contrib/libfido2/openbsd-compat/bsd-getline.c      |  115 ++
 contrib/libfido2/openbsd-compat/bsd-getpagesize.c  |   27 +
 contrib/libfido2/openbsd-compat/clock_gettime.c    |   32 +
 contrib/libfido2/openbsd-compat/endian_win32.c     |   51 +
 contrib/libfido2/openbsd-compat/err.h              |   85 +
 contrib/libfido2/openbsd-compat/explicit_bzero.c   |   57 +
 .../libfido2/openbsd-compat/explicit_bzero_win32.c |   19 +
 contrib/libfido2/openbsd-compat/freezero.c         |   30 +
 contrib/libfido2/openbsd-compat/getopt.h           |   74 +
 contrib/libfido2/openbsd-compat/getopt_long.c      |  523 +++++++
 contrib/libfido2/openbsd-compat/hkdf.c             |  124 ++
 contrib/libfido2/openbsd-compat/hkdf.h             |   65 +
 contrib/libfido2/openbsd-compat/openbsd-compat.h   |  119 ++
 .../libfido2/openbsd-compat/posix_ioctl_check.c    |    7 +
 contrib/libfido2/openbsd-compat/posix_win.c        |   61 +
 contrib/libfido2/openbsd-compat/posix_win.h        |   47 +
 contrib/libfido2/openbsd-compat/readpassphrase.c   |  214 +++
 contrib/libfido2/openbsd-compat/readpassphrase.h   |   44 +
 .../libfido2/openbsd-compat/readpassphrase_win32.c |  131 ++
 contrib/libfido2/openbsd-compat/recallocarray.c    |   91 ++
 contrib/libfido2/openbsd-compat/strlcat.c          |   63 +
 contrib/libfido2/openbsd-compat/strlcpy.c          |   59 +
 contrib/libfido2/openbsd-compat/time.h             |   61 +
 contrib/libfido2/openbsd-compat/timingsafe_bcmp.c  |   35 +
 contrib/libfido2/openbsd-compat/types.h            |   69 +
 contrib/libfido2/regress/CMakeLists.txt            |   16 +
 contrib/libfido2/regress/assert.c                  |  553 +++++++
 contrib/libfido2/regress/cred.c                    |  988 ++++++++++++
 contrib/libfido2/regress/dev.c                     |  266 ++++
 contrib/libfido2/src/CMakeLists.txt                |  136 ++
 contrib/libfido2/src/aes256.c                      |  215 +++
 contrib/libfido2/src/assert.c                      | 1134 ++++++++++++++
 contrib/libfido2/src/authkey.c                     |   97 ++
 contrib/libfido2/src/bio.c                         |  841 ++++++++++
 contrib/libfido2/src/blob.c                        |  133 ++
 contrib/libfido2/src/blob.h                        |   41 +
 contrib/libfido2/src/buf.c                         |   33 +
 contrib/libfido2/src/cbor.c                        | 1635 ++++++++++++++++++++
 contrib/libfido2/src/compress.c                    |   49 +
 contrib/libfido2/src/config.c                      |  191 +++
 contrib/libfido2/src/cred.c                        | 1086 +++++++++++++
 contrib/libfido2/src/credman.c                     |  767 +++++++++
 contrib/libfido2/src/dev.c                         |  732 +++++++++
 contrib/libfido2/src/diff_exports.sh               |   26 +
 contrib/libfido2/src/ecdh.c                        |  207 +++
 contrib/libfido2/src/eddsa.c                       |  172 ++
 contrib/libfido2/src/err.c                         |  136 ++
 contrib/libfido2/src/es256.c                       |  453 ++++++
 contrib/libfido2/src/export.gnu                    |  234 +++
 contrib/libfido2/src/export.llvm                   |  229 +++
 contrib/libfido2/src/export.msvc                   |  230 +++
 contrib/libfido2/src/extern.h                      |  240 +++
 contrib/libfido2/src/fido.h                        |  228 +++
 contrib/libfido2/src/fido/bio.h                    |  111 ++
 contrib/libfido2/src/fido/config.h                 |   34 +
 contrib/libfido2/src/fido/credman.h                |   91 ++
 contrib/libfido2/src/fido/eddsa.h                  |   54 +
 contrib/libfido2/src/fido/err.h                    |   84 +
 contrib/libfido2/src/fido/es256.h                  |   48 +
 contrib/libfido2/src/fido/param.h                  |  117 ++
 contrib/libfido2/src/fido/rs256.h                  |   36 +
 contrib/libfido2/src/fido/types.h                  |  281 ++++
 contrib/libfido2/src/hid.c                         |  179 +++
 contrib/libfido2/src/hid_freebsd.c                 |  253 +++
 contrib/libfido2/src/hid_hidapi.c                  |  268 ++++
 contrib/libfido2/src/hid_linux.c                   |  375 +++++
 contrib/libfido2/src/hid_netbsd.c                  |  338 ++++
 contrib/libfido2/src/hid_openbsd.c                 |  260 ++++
 contrib/libfido2/src/hid_osx.c                     |  571 +++++++
 contrib/libfido2/src/hid_unix.c                    |   76 +
 contrib/libfido2/src/hid_win.c                     |  540 +++++++
 contrib/libfido2/src/info.c                        |  553 +++++++
 contrib/libfido2/src/io.c                          |  288 ++++
 contrib/libfido2/src/iso7816.c                     |   64 +
 contrib/libfido2/src/iso7816.h                     |   49 +
 contrib/libfido2/src/largeblob.c                   |  881 +++++++++++
 contrib/libfido2/src/libfido2.pc.in                |   12 +
 contrib/libfido2/src/log.c                         |  121 ++
 contrib/libfido2/src/netlink.c                     |  782 ++++++++++
 contrib/libfido2/src/netlink.h                     |   44 +
 contrib/libfido2/src/nfc_linux.c                   |  631 ++++++++
 contrib/libfido2/src/packed.h                      |   22 +
 contrib/libfido2/src/pin.c                         |  690 +++++++++
 contrib/libfido2/src/random.c                      |   82 +
 contrib/libfido2/src/reset.c                       |   43 +
 contrib/libfido2/src/rs256.c                       |  200 +++
 contrib/libfido2/src/u2f.c                         |  820 ++++++++++
 contrib/libfido2/src/winhello.c                    |  934 +++++++++++
 contrib/libfido2/tools/CMakeLists.txt              |   77 +
 contrib/libfido2/tools/assert_get.c                |  316 ++++
 contrib/libfido2/tools/assert_verify.c             |  192 +++
 contrib/libfido2/tools/base64.c                    |  134 ++
 contrib/libfido2/tools/bio.c                       |  277 ++++
 contrib/libfido2/tools/config.c                    |  149 ++
 contrib/libfido2/tools/cred_make.c                 |  242 +++
 contrib/libfido2/tools/cred_verify.c               |  181 +++
 contrib/libfido2/tools/credman.c                   |  329 ++++
 contrib/libfido2/tools/extern.h                    |   99 ++
 contrib/libfido2/tools/fido2-assert.c              |   54 +
 contrib/libfido2/tools/fido2-attach.sh             |   14 +
 contrib/libfido2/tools/fido2-cred.c                |   52 +
 contrib/libfido2/tools/fido2-detach.sh             |   12 +
 contrib/libfido2/tools/fido2-token.c               |  107 ++
 contrib/libfido2/tools/fido2-unprot.sh             |   75 +
 contrib/libfido2/tools/include_check.sh            |   21 +
 contrib/libfido2/tools/largeblob.c                 |  593 +++++++
 contrib/libfido2/tools/pin.c                       |  143 ++
 contrib/libfido2/tools/test.sh                     |  296 ++++
 contrib/libfido2/tools/token.c                     |  576 +++++++
 contrib/libfido2/tools/util.c                      |  591 +++++++
 contrib/libfido2/udev/70-u2f.rules                 |  217 +++
 contrib/libfido2/udev/CMakeLists.txt               |    7 +
 contrib/libfido2/udev/check.sh                     |   31 +
 contrib/libfido2/udev/fidodevs                     |  126 ++
 contrib/libfido2/udev/genrules.awk                 |   55 +
 contrib/libfido2/windows/build.ps1                 |  272 ++++
 contrib/libfido2/windows/libressl.gpg              |  Bin 0 -> 16425 bytes
 198 files changed, 43610 insertions(+)

diff --git a/contrib/libfido2/CMakeLists.txt b/contrib/libfido2/CMakeLists.txt
new file mode 100644
index 000000000000..101b7b33e2fc
--- /dev/null
+++ b/contrib/libfido2/CMakeLists.txt
@@ -0,0 +1,418 @@
+# Copyright (c) 2018 Yubico AB. All rights reserved.
+# Use of this source code is governed by a BSD-style
+# license that can be found in the LICENSE file.
+
+# detect AppleClang; needs to come before project()
+cmake_policy(SET CMP0025 NEW)
+
+project(libfido2 C)
+cmake_minimum_required(VERSION 3.0)
+# Set PIE flags for POSITION_INDEPENDENT_CODE targets, added in CMake 3.14.
+if(POLICY CMP0083)
+  cmake_policy(SET CMP0083 NEW)
+endif()
+
+include(CheckCCompilerFlag)
+include(CheckFunctionExists)
+include(CheckLibraryExists)
+include(CheckSymbolExists)
+include(CheckIncludeFiles)
+include(CheckTypeSize)
+include(GNUInstallDirs)
+include(CheckPIESupported OPTIONAL RESULT_VARIABLE CHECK_PIE_SUPPORTED)
+if(CHECK_PIE_SUPPORTED)
+  check_pie_supported(LANGUAGES C)
+endif()
+
+set(CMAKE_POSITION_INDEPENDENT_CODE ON)
+set(CMAKE_COLOR_MAKEFILE OFF)
+set(CMAKE_VERBOSE_MAKEFILE ON)
+set(FIDO_MAJOR "1")
+set(FIDO_MINOR "8")
+set(FIDO_PATCH "0")
+set(FIDO_VERSION ${FIDO_MAJOR}.${FIDO_MINOR}.${FIDO_PATCH})
+
+option(BUILD_EXAMPLES    "Build example programs"                  ON)
+option(BUILD_MANPAGES    "Build man pages"                         ON)
+option(BUILD_SHARED_LIBS "Build the shared library"                ON)
+option(BUILD_STATIC_LIBS "Build the static library"                ON)
+option(BUILD_TOOLS       "Build tool programs"                     ON)
+option(FUZZ              "Enable fuzzing instrumentation"          OFF)
+option(LIBFUZZER         "Build libfuzzer harnesses"               OFF)
+option(USE_HIDAPI        "Use hidapi as the HID backend"           OFF)
+option(USE_WINHELLO      "Abstract Windows Hello as a FIDO device" OFF)
+option(NFC_LINUX         "Experimental NFC support on Linux"       OFF)
+
+add_definitions(-D_FIDO_MAJOR=${FIDO_MAJOR})
+add_definitions(-D_FIDO_MINOR=${FIDO_MINOR})
+add_definitions(-D_FIDO_PATCH=${FIDO_PATCH})
+
+if(CYGWIN OR MSYS)
+	set(WIN32 1)
+	add_definitions(-DWINVER=0x0a00)
+endif()
+
+if(WIN32)
+	add_definitions(-DWIN32_LEAN_AND_MEAN -D_WIN32_WINNT=0x0600)
+endif()
+
+if(APPLE)
+	set(CMAKE_INSTALL_NAME_DIR
+	    "${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_LIBDIR}")
+endif()
+
+if(NOT MSVC)
+	set(FIDO_CFLAGS "${FIDO_CFLAGS} -D_POSIX_C_SOURCE=200809L")
+	set(FIDO_CFLAGS "${FIDO_CFLAGS} -D_BSD_SOURCE")
+	if(APPLE)
+		set(FIDO_CFLAGS "${FIDO_CFLAGS} -D_DARWIN_C_SOURCE")
+		set(FIDO_CFLAGS "${FIDO_CFLAGS} -D__STDC_WANT_LIB_EXT1__=1")
+	elseif(CMAKE_SYSTEM_NAME STREQUAL "Linux")
+		set(NFC_LINUX OFF)
+		set(FIDO_CFLAGS "${FIDO_CFLAGS} -D_GNU_SOURCE")
+		set(FIDO_CFLAGS "${FIDO_CFLAGS} -D_DEFAULT_SOURCE")
+	elseif(CMAKE_SYSTEM_NAME STREQUAL "FreeBSD")
+		set(FIDO_CFLAGS "${FIDO_CFLAGS} -D__BSD_VISIBLE=1")
+	endif()
+	set(FIDO_CFLAGS "${FIDO_CFLAGS} -std=c99")
+	set(CMAKE_C_FLAGS "${FIDO_CFLAGS} ${CMAKE_C_FLAGS}")
+endif()
+
+check_c_compiler_flag("-Wshorten-64-to-32" HAVE_SHORTEN_64_TO_32)
+check_c_compiler_flag("-fstack-protector-all" HAVE_STACK_PROTECTOR_ALL)
+
+check_include_files(cbor.h HAVE_CBOR_H)
+check_include_files(endian.h HAVE_ENDIAN_H)
+check_include_files(err.h HAVE_ERR_H)
+check_include_files(openssl/opensslv.h HAVE_OPENSSLV_H)
+check_include_files(signal.h HAVE_SIGNAL_H)
+check_include_files(sys/random.h HAVE_SYS_RANDOM_H)
+check_include_files(unistd.h HAVE_UNISTD_H)
+check_include_files("windows.h;webauthn.h" HAVE_WEBAUTHN_H)
+
+check_symbol_exists(arc4random_buf stdlib.h HAVE_ARC4RANDOM_BUF)
+check_symbol_exists(clock_gettime time.h HAVE_CLOCK_GETTIME)
+check_symbol_exists(explicit_bzero string.h HAVE_EXPLICIT_BZERO)
+check_symbol_exists(freezero stdlib.h HAVE_FREEZERO)
+check_symbol_exists(getline stdio.h HAVE_GETLINE)
+check_symbol_exists(getopt unistd.h HAVE_GETOPT)
+check_symbol_exists(getpagesize unistd.h HAVE_GETPAGESIZE)
+check_symbol_exists(getrandom sys/random.h HAVE_GETRANDOM)
+check_symbol_exists(memset_s string.h HAVE_MEMSET_S)
+check_symbol_exists(readpassphrase readpassphrase.h HAVE_READPASSPHRASE)
+check_symbol_exists(recallocarray stdlib.h HAVE_RECALLOCARRAY)
+check_symbol_exists(sigaction signal.h HAVE_SIGACTION)
+check_symbol_exists(strlcat string.h HAVE_STRLCAT)
+check_symbol_exists(strlcpy string.h HAVE_STRLCPY)
+check_symbol_exists(sysconf unistd.h HAVE_SYSCONF)
+check_symbol_exists(timespecsub sys/time.h HAVE_TIMESPECSUB)
+check_symbol_exists(timingsafe_bcmp string.h HAVE_TIMINGSAFE_BCMP)
+
+set(CMAKE_EXTRA_INCLUDE_FILES signal.h)
+check_type_size("sig_atomic_t" HAVE_SIG_ATOMIC_T)
+set(CMAKE_EXTRA_INCLUDE_FILES)
+
+set(CMAKE_TRY_COMPILE_TARGET_TYPE STATIC_LIBRARY)
+try_compile(HAVE_POSIX_IOCTL
+    "${CMAKE_CURRENT_BINARY_DIR}/posix_ioctl_check.o"
+    "${CMAKE_CURRENT_SOURCE_DIR}/openbsd-compat/posix_ioctl_check.c"
+    COMPILE_DEFINITIONS "-Werror -Woverflow -Wsign-conversion")
+
+list(APPEND CHECK_VARIABLES
+	HAVE_ARC4RANDOM_BUF
+	HAVE_CBOR_H
+	HAVE_CLOCK_GETTIME
+	HAVE_ENDIAN_H
+	HAVE_ERR_H
+	HAVE_FREEZERO
+	HAVE_GETLINE
+	HAVE_GETOPT
+	HAVE_GETPAGESIZE
+	HAVE_GETRANDOM
+	HAVE_MEMSET_S
+	HAVE_OPENSSLV_H
+	HAVE_POSIX_IOCTL
+	HAVE_READPASSPHRASE
+	HAVE_RECALLOCARRAY
+	HAVE_SIGACTION
+	HAVE_SIGNAL_H
+	HAVE_STRLCAT
+	HAVE_STRLCPY
+	HAVE_SYSCONF
+	HAVE_SYS_RANDOM_H
+	HAVE_TIMESPECSUB
+	HAVE_TIMINGSAFE_BCMP
+	HAVE_UNISTD_H
+	HAVE_WEBAUTHN_H
+)
+
+foreach(v ${CHECK_VARIABLES})
+	if (${v})
+		add_definitions(-D${v})
+	endif()
+endforeach()
+
+if(HAVE_EXPLICIT_BZERO AND NOT LIBFUZZER)
+	add_definitions(-DHAVE_EXPLICIT_BZERO)
+endif()
+
+if(HAVE_SIGACTION AND (NOT HAVE_SIG_ATOMIC_T STREQUAL ""))
+	add_definitions(-DSIGNAL_EXAMPLE)
+endif()
+
+if(UNIX)
+	add_definitions(-DHAVE_DEV_URANDOM)
+endif()
+
+if(MSVC)
+	if((NOT CBOR_INCLUDE_DIRS) OR (NOT CBOR_LIBRARY_DIRS) OR
+	   (NOT CRYPTO_INCLUDE_DIRS) OR (NOT CRYPTO_LIBRARY_DIRS) OR
+	   (NOT ZLIB_INCLUDE_DIRS) OR (NOT ZLIB_LIBRARY_DIRS))
+		message(FATAL_ERROR "please provide definitions for "
+		   "{CBOR,CRYPTO,ZLIB}_{INCLUDE,LIBRARY}_DIRS when building "
+		    "under msvc")
+	endif()
+	set(CBOR_LIBRARIES cbor)
+	set(ZLIB_LIBRARIES zlib)
+	set(CRYPTO_LIBRARIES crypto-46)
+	set(MSVC_DISABLED_WARNINGS_LIST
+		"C4200" # nonstandard extension used: zero-sized array in
+			# struct/union;
+		"C4204" # nonstandard extension used: non-constant aggregate
+			# initializer;
+		"C4706" # assignment within conditional expression;
+		"C4996" # The POSIX name for this item is deprecated. Instead,
+			# use the ISO C and C++ conformant name;
+		"C6287" # redundant code: the left and right subexpressions are identical
+		)
+	# The construction in the following 3 lines was taken from LibreSSL's
+	# CMakeLists.txt.
+	string(REPLACE "C" " -wd" MSVC_DISABLED_WARNINGS_STR
+	    ${MSVC_DISABLED_WARNINGS_LIST})
+	string(REGEX REPLACE "[/-]W[1234][ ]?" "" CMAKE_C_FLAGS ${CMAKE_C_FLAGS})
+	set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -MP -W4 -WX ${MSVC_DISABLED_WARNINGS_STR}")
+	set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} /Z7 /guard:cf /sdl /RTCcsu")
+	set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS_RELEASE} /Zi /guard:cf /sdl")
+	if (HAVE_WEBAUTHN_H)
+		add_definitions(-DUSE_WINHELLO)
+		set(USE_WINHELLO ON)
+	endif()
+else()
+	include(FindPkgConfig)
+	pkg_search_module(CBOR libcbor)
+	pkg_search_module(CRYPTO libcrypto)
+	pkg_search_module(ZLIB zlib)
+
+	if(NOT CBOR_FOUND AND NOT HAVE_CBOR_H)
+		message(FATAL_ERROR "could not find libcbor")
+	endif()
+	if(NOT CRYPTO_FOUND AND NOT HAVE_OPENSSLV_H)
+		message(FATAL_ERROR "could not find libcrypto")
+	endif()
+	if(NOT ZLIB_FOUND)
+		message(FATAL_ERROR "could not find zlib")
+	endif()
+
+	set(CBOR_LIBRARIES "cbor")
+	set(CRYPTO_LIBRARIES "crypto")
+
+	if(CMAKE_SYSTEM_NAME STREQUAL "Linux")
+		pkg_search_module(UDEV libudev REQUIRED)
+		set(UDEV_NAME "udev")
+		# If using hidapi, use hidapi-hidraw.
+		set(HIDAPI_SUFFIX -hidraw)
+		if(NOT HAVE_CLOCK_GETTIME)
+			# Look for clock_gettime in librt.
+			check_library_exists(rt clock_gettime "time.h"
+			    HAVE_CLOCK_GETTIME)
+			if (HAVE_CLOCK_GETTIME)
+				add_definitions(-DHAVE_CLOCK_GETTIME)
+				set(BASE_LIBRARIES ${BASE_LIBRARIES} rt)
+			endif()
+		endif()
+	endif()
+
+	if(MINGW)
+		# MinGW is stuck with a flavour of C89.
+		add_definitions(-DFIDO_NO_DIAGNOSTIC)
+		add_definitions(-DWC_ERR_INVALID_CHARS=0x80)
+		add_compile_options(-Wno-unused-parameter)
+	endif()
+
+	if(USE_HIDAPI)
+		add_definitions(-DUSE_HIDAPI)
+		pkg_search_module(HIDAPI hidapi${HIDAPI_SUFFIX} REQUIRED)
+		set(HIDAPI_LIBRARIES hidapi${HIDAPI_SUFFIX})
+	endif()
+
+	if(FUZZ)
+		set(NFC_LINUX ON)
+	endif()
+
+	if(NFC_LINUX)
+		add_definitions(-DNFC_LINUX)
+	endif()
+
+	add_compile_options(-Wall)
+	add_compile_options(-Wextra)
+	add_compile_options(-Werror)
+	add_compile_options(-Wshadow)
+	add_compile_options(-Wcast-qual)
+	add_compile_options(-Wwrite-strings)
+	add_compile_options(-Wmissing-prototypes)
+	add_compile_options(-Wbad-function-cast)
+	add_compile_options(-pedantic)
+	add_compile_options(-pedantic-errors)
+
+	if(HAVE_SHORTEN_64_TO_32)
+		add_compile_options(-Wshorten-64-to-32)
+	endif()
+	if(HAVE_STACK_PROTECTOR_ALL)
+		add_compile_options(-fstack-protector-all)
+	endif()
+
+	set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -g2")
+	set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -fno-omit-frame-pointer")
+	set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS_RELEASE} -D_FORTIFY_SOURCE=2")
+
+	if(FUZZ)
+		add_definitions(-DFIDO_FUZZ)
+	endif()
+	if(LIBFUZZER)
+		set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize=fuzzer-no-link")
+	endif()
+endif()
+
+# Avoid https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66425
+if(CMAKE_COMPILER_IS_GNUCC)
+	add_compile_options(-Wno-unused-result)
+endif()
+
+# Decide which keyword to use for thread-local storage.
+if(CMAKE_COMPILER_IS_GNUCC OR
+   CMAKE_C_COMPILER_ID STREQUAL "Clang" OR
+   CMAKE_C_COMPILER_ID STREQUAL "AppleClang")
+	set(TLS "__thread")
+elseif(WIN32)
+	set(TLS "__declspec(thread)")
+endif()
+add_definitions(-DTLS=${TLS})
+
+# export list
+if(APPLE AND (CMAKE_C_COMPILER_ID STREQUAL "Clang" OR
+   CMAKE_C_COMPILER_ID STREQUAL "AppleClang"))
+	# clang + lld
+	string(CONCAT CMAKE_SHARED_LINKER_FLAGS ${CMAKE_SHARED_LINKER_FLAGS}
+	    " -exported_symbols_list ${CMAKE_CURRENT_SOURCE_DIR}/src/export.llvm")
+elseif(NOT MSVC)
+	# clang/gcc + gnu ld
+	if(FUZZ)
+		string(CONCAT CMAKE_SHARED_LINKER_FLAGS ${CMAKE_SHARED_LINKER_FLAGS}
+                    " -Wl,--version-script=${CMAKE_CURRENT_SOURCE_DIR}/fuzz/export.gnu")
+	else()
+		string(CONCAT CMAKE_SHARED_LINKER_FLAGS ${CMAKE_SHARED_LINKER_FLAGS}
+                    " -Wl,--version-script=${CMAKE_CURRENT_SOURCE_DIR}/src/export.gnu")
+	endif()
+	if(NOT WIN32)
+		string(CONCAT CMAKE_SHARED_LINKER_FLAGS
+		    ${CMAKE_SHARED_LINKER_FLAGS}
+		    " -Wl,-z,noexecstack -Wl,-z,relro,-z,now")
+		string(CONCAT CMAKE_EXE_LINKER_FLAGS
+		    ${CMAKE_EXE_LINKER_FLAGS}
+		    " -Wl,-z,noexecstack -Wl,-z,relro,-z,now")
+		if(FUZZ)
+			file(STRINGS fuzz/wrapped.sym WRAPPED_SYMBOLS)
+			foreach(s ${WRAPPED_SYMBOLS})
+				string(CONCAT CMAKE_SHARED_LINKER_FLAGS
+				    ${CMAKE_SHARED_LINKER_FLAGS}
+				    " -Wl,--wrap=${s}")
+			endforeach()
+		endif()
+	endif()
+else()
+	string(CONCAT CMAKE_SHARED_LINKER_FLAGS ${CMAKE_SHARED_LINKER_FLAGS}
+	    " /def:\"${CMAKE_CURRENT_SOURCE_DIR}/src/export.msvc\"")
+endif()
+
+include_directories(${CMAKE_SOURCE_DIR}/src)
+include_directories(${CBOR_INCLUDE_DIRS})
+include_directories(${CRYPTO_INCLUDE_DIRS})
+include_directories(${HIDAPI_INCLUDE_DIRS})
+include_directories(${UDEV_INCLUDE_DIRS})
+include_directories(${ZLIB_INCLUDE_DIRS})
+
+link_directories(${CBOR_LIBRARY_DIRS})
+link_directories(${CRYPTO_LIBRARY_DIRS})
+link_directories(${HIDAPI_LIBRARY_DIRS})
+link_directories(${UDEV_LIBRARY_DIRS})
+link_directories(${ZLIB_LIBRARY_DIRS})
+
+message(STATUS "BASE_LIBRARIES: ${BASE_LIBRARIES}")
+message(STATUS "BUILD_EXAMPLES: ${BUILD_EXAMPLES}")
+message(STATUS "BUILD_MANPAGES: ${BUILD_MANPAGES}")
+message(STATUS "BUILD_SHARED_LIBS: ${BUILD_SHARED_LIBS}")
+message(STATUS "BUILD_STATIC_LIBS: ${BUILD_STATIC_LIBS}")
+message(STATUS "BUILD_TOOLS: ${BUILD_TOOLS}")
+message(STATUS "CBOR_INCLUDE_DIRS: ${CBOR_INCLUDE_DIRS}")
+message(STATUS "CBOR_LIBRARIES: ${CBOR_LIBRARIES}")
+message(STATUS "CBOR_LIBRARY_DIRS: ${CBOR_LIBRARY_DIRS}")
+message(STATUS "CBOR_VERSION: ${CBOR_VERSION}")
+message(STATUS "CMAKE_BUILD_TYPE: ${CMAKE_BUILD_TYPE}")
+message(STATUS "CMAKE_C_COMPILER: ${CMAKE_C_COMPILER}")
+message(STATUS "CMAKE_C_COMPILER_ID: ${CMAKE_C_COMPILER_ID}")
+message(STATUS "CMAKE_C_FLAGS: ${CMAKE_C_FLAGS}")
+message(STATUS "CMAKE_INSTALL_LIBDIR: ${CMAKE_INSTALL_LIBDIR}")
+message(STATUS "CMAKE_INSTALL_PREFIX: ${CMAKE_INSTALL_PREFIX}")
+message(STATUS "CMAKE_SYSTEM_NAME: ${CMAKE_SYSTEM_NAME}")
+message(STATUS "CMAKE_SYSTEM_VERSION: ${CMAKE_SYSTEM_VERSION}")
+message(STATUS "CRYPTO_INCLUDE_DIRS: ${CRYPTO_INCLUDE_DIRS}")
+message(STATUS "CRYPTO_LIBRARIES: ${CRYPTO_LIBRARIES}")
+message(STATUS "CRYPTO_LIBRARY_DIRS: ${CRYPTO_LIBRARY_DIRS}")
+message(STATUS "CRYPTO_VERSION: ${CRYPTO_VERSION}")
+message(STATUS "FIDO_VERSION: ${FIDO_VERSION}")
+message(STATUS "FUZZ: ${FUZZ}")
+message(STATUS "ZLIB_INCLUDE_DIRS: ${ZLIB_INCLUDE_DIRS}")
+message(STATUS "ZLIB_LIBRARIES: ${ZLIB_LIBRARIES}")
+message(STATUS "ZLIB_LIBRARY_DIRS: ${ZLIB_LIBRARY_DIRS}")
+message(STATUS "ZLIB_VERSION: ${ZLIB_VERSION}")
+if(USE_HIDAPI)
+	message(STATUS "HIDAPI_INCLUDE_DIRS: ${HIDAPI_INCLUDE_DIRS}")
+	message(STATUS "HIDAPI_LIBRARIES: ${HIDAPI_LIBRARIES}")
+	message(STATUS "HIDAPI_LIBRARY_DIRS: ${HIDAPI_LIBRARY_DIRS}")
+	message(STATUS "HIDAPI_VERSION: ${HIDAPI_VERSION}")
+endif()
+message(STATUS "LIBFUZZER: ${LIBFUZZER}")
+message(STATUS "TLS: ${TLS}")
+message(STATUS "UDEV_INCLUDE_DIRS: ${UDEV_INCLUDE_DIRS}")
+message(STATUS "UDEV_LIBRARIES: ${UDEV_LIBRARIES}")
+message(STATUS "UDEV_LIBRARY_DIRS: ${UDEV_LIBRARY_DIRS}")
+message(STATUS "UDEV_RULES_DIR: ${UDEV_RULES_DIR}")
+message(STATUS "UDEV_VERSION: ${UDEV_VERSION}")
+message(STATUS "USE_HIDAPI: ${USE_HIDAPI}")
+message(STATUS "USE_WINHELLO: ${USE_WINHELLO}")
+message(STATUS "NFC_LINUX: ${NFC_LINUX}")
+
+subdirs(src)
+if(BUILD_EXAMPLES)
+	subdirs(examples)
+endif()
+if(BUILD_TOOLS)
+	subdirs(tools)
+endif()
+if(BUILD_MANPAGES)
+	subdirs(man)
+endif()
+
+if(NOT WIN32)
+	if(CMAKE_BUILD_TYPE STREQUAL "Debug")
+		if(NOT LIBFUZZER AND NOT FUZZ)
+			subdirs(regress)
+		endif()
+	endif()
+	if(FUZZ)
+		subdirs(fuzz)
+	endif()
+	if(CMAKE_SYSTEM_NAME STREQUAL "Linux")
+		subdirs(udev)
+	endif()
+endif()
diff --git a/contrib/libfido2/LICENSE b/contrib/libfido2/LICENSE
new file mode 100644
index 000000000000..4224f20992c0
--- /dev/null
+++ b/contrib/libfido2/LICENSE
@@ -0,0 +1,24 @@
+Copyright (c) 2018-2021 Yubico AB. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+   1. Redistributions of source code must retain the above copyright
+      notice, this list of conditions and the following disclaimer.
+   2. Redistributions in binary form must reproduce the above copyright
+      notice, this list of conditions and the following disclaimer in
+      the documentation and/or other materials provided with the
+      distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/contrib/libfido2/NEWS b/contrib/libfido2/NEWS
new file mode 100644
index 000000000000..a89766b72e89
--- /dev/null
+++ b/contrib/libfido2/NEWS
@@ -0,0 +1,179 @@
+* Version 1.8.0 (2021-07-22)
+ ** Dropped 'Requires.private' entry from pkg-config file.
+ ** Better support for FIDO 2.1 authenticators.
+ ** Support for Windows's native webauthn API.
+ ** Support for attestation format 'none'.
+ ** New API calls:
+  - fido_assert_set_clientdata;
+  - fido_cbor_info_algorithm_cose;
+  - fido_cbor_info_algorithm_count;
+  - fido_cbor_info_algorithm_type;
+  - fido_cbor_info_transports_len;
+  - fido_cbor_info_transports_ptr;
+  - fido_cred_set_clientdata;
+  - fido_cred_set_id;
+  - fido_credman_set_dev_rk;
+  - fido_dev_is_winhello.
+ ** fido2-token: new -Sc option to update a resident credential.
+ ** Documentation and reliability fixes.
+ ** HID access serialisation on Linux.
+
+* Version 1.7.0 (2021-03-29)
+ ** New dependency on zlib.
+ ** Fixed musl build; gh#259.
+ ** hid_win: detect devices with vendor or product IDs > 0x7fff; gh#264.
+ ** Support for FIDO 2.1 authenticator configuration.
+ ** Support for FIDO 2.1 UV token permissions.
+ ** Support for FIDO 2.1 "credBlobs" and "largeBlobs" extensions.
+ ** New API calls:
+  - fido_assert_blob_len;
+  - fido_assert_blob_ptr;
+  - fido_assert_largeblob_key_len;
+  - fido_assert_largeblob_key_ptr;
+  - fido_assert_set_hmac_secret;
+  - fido_cbor_info_maxcredbloblen;
+  - fido_cred_largeblob_key_len;
+  - fido_cred_largeblob_key_ptr;
+  - fido_cred_set_blob;
+  - fido_dev_enable_entattest;
+  - fido_dev_force_pin_change;
+  - fido_dev_has_uv;
+  - fido_dev_largeblob_get;
+  - fido_dev_largeblob_get_array;
+  - fido_dev_largeblob_remove;
+  - fido_dev_largeblob_set;
+  - fido_dev_largeblob_set_array;
+  - fido_dev_set_pin_minlen;
+  - fido_dev_set_sigmask;
+  - fido_dev_supports_credman;
+  - fido_dev_supports_permissions;
+  - fido_dev_supports_uv;
+  - fido_dev_toggle_always_uv.
+ ** New fido_init flag to disable fido_dev_open's U2F fallback; gh#282.
+ ** Experimental NFC support on Linux; enable with -DNFC_LINUX.
+
+* Version 1.6.0 (2020-12-22)
+ ** Fix OpenSSL 1.0 and Cygwin builds.
+ ** hid_linux: fix build on 32-bit systems.
+ ** hid_osx: allow reads from spawned threads.
+ ** Documentation and reliability fixes.
+ ** New API calls:
+  - fido_cred_authdata_raw_len;
+  - fido_cred_authdata_raw_ptr;
+  - fido_cred_sigcount;
+  - fido_dev_get_uv_retry_count;
+  - fido_dev_supports_credman.
+ ** Hardened Windows build.
+ ** Native FreeBSD and NetBSD support.
+ ** Use CTAP2 canonical CBOR when combining hmac-secret and credProtect.
+
+* Version 1.5.0 (2020-09-01)
+ ** hid_linux: return FIDO_OK if no devices are found.
+ ** hid_osx:
+  - repair communication with U2F tokens, gh#166;
+  - reliability fixes.
+ ** fido2-{assert,cred}: new options to explicitly toggle UP, UV.
+ ** Support for configurable report lengths.
+ ** New API calls:
+  - fido_cbor_info_maxcredcntlst;
+  - fido_cbor_info_maxcredidlen;
+  - fido_cred_aaguid_len;
+  - fido_cred_aaguid_ptr;
+  - fido_dev_get_touch_begin;
+  - fido_dev_get_touch_status.
+ ** Use COSE_ECDH_ES256 with CTAP_CBOR_CLIENT_PIN; gh#154.
+ ** Allow CTAP messages up to 2048 bytes; gh#171.
+ ** Ensure we only list USB devices by default.
+
+* Version 1.4.0 (2020-04-15)
+ ** hid_hidapi: hidapi backend; enable with -DUSE_HIDAPI=1.
+ ** Fall back to U2F if the key claims to, but does not support FIDO2.
+ ** FIDO2 credential protection (credprot) support.
+ ** New API calls:
+  - fido_cbor_info_fwversion;
+  - fido_cred_prot;
+  - fido_cred_set_prot;
+  - fido_dev_set_transport_functions;
+  - fido_set_log_handler.
+ ** Support for FreeBSD.
+ ** Support for C++.
+ ** Support for MSYS.
+ ** Fixed EdDSA and RSA self-attestation.
+
+* Version 1.3.1 (2020-02-19)
+ ** fix zero-ing of le1 and le2 when talking to a U2F device.
+ ** dropping sk-libfido2 middleware, please find it in the openssh tree.
+
+* Version 1.3.0 (2019-11-28)
+ ** assert/hmac: encode public key as per spec, gh#60.
+ ** fido2-cred: fix creation of resident keys.
+ ** fido2-{assert,cred}: support for hmac-secret extension.
+ ** hid_osx: detect device removal, gh#56.
+ ** hid_osx: fix device detection in MacOS Catalina.
+ ** New API calls:
+  - fido_assert_set_authdata_raw;
+  - fido_assert_sigcount;
+  - fido_cred_set_authdata_raw;
+  - fido_dev_cancel.
+ ** Middleware library for use by OpenSSH.
+ ** Support for biometric enrollment.
+ ** Support for OpenBSD.
+ ** Support for self-attestation.
+
+* Version 1.2.0 (released 2019-07-26)
+ ** Credential management support.
+ ** New API reflecting FIDO's 3-state booleans (true, false, absent):
+  - fido_assert_set_up;
+  - fido_assert_set_uv;
+  - fido_cred_set_rk;
+  - fido_cred_set_uv.
+ ** Command-line tools for Windows.
+ ** Documentation and reliability fixes.
+ ** fido_{assert,cred}_set_options() are now marked as deprecated.
+
+* Version 1.1.0 (released 2019-05-08)
+ ** MacOS: fix IOKit crash on HID read.
+ ** Windows: fix contents of release file.
+ ** EdDSA (Ed25519) support.
+ ** fido_dev_make_cred: fix order of CBOR map keys.
+ ** fido_dev_get_assert: plug memory leak when operating on U2F devices.
+
+* Version 1.0.0 (released 2019-03-21)
+ ** Native HID support on Linux, MacOS, and Windows.
+ ** fido2-{assert,cred}: new -u option to force U2F on dual authenticators.
+ ** fido2-assert: support for multiple resident keys with the same RP.
+ ** Strict checks for CTAP2 compliance on received CBOR payloads.
+ ** Better fuzzing harnesses.
+ ** Documentation and reliability fixes.
+
+* Version 0.4.0 (released 2019-01-07)
+ ** fido2-assert: print the user id for resident credentials.
+ ** Fix encoding of COSE algorithms when making a credential.
+ ** Rework purpose of fido_cred_set_type; no ABI change.
+ ** Minor documentation and code fixes.
+
+* Version 0.3.0 (released 2018-09-11)
+ ** Various reliability fixes.
+ ** Merged fuzzing instrumentation.
+ ** Added regress tests.
+ ** Added support for FIDO 2's hmac-secret extension.
+ ** New API calls:
+  - fido_assert_hmac_secret_len;
+  - fido_assert_hmac_secret_ptr;
+  - fido_assert_set_extensions;
+  - fido_assert_set_hmac_salt;
+  - fido_cred_set_extensions;
+  - fido_dev_force_fido2.
+ ** Support for native builds with Microsoft Visual Studio 17.
+
+* Version 0.2.0 (released 2018-06-20)
+ ** Added command-line tools.
+ ** Added a couple of missing get functions.
+
+* Version 0.1.1 (released 2018-06-05)
+ ** Added documentation.
+ ** Added OpenSSL 1.0 support.
+ ** Minor fixes.
+
+* Version 0.1.0 (released 2018-05-18)
+ ** First beta release.
diff --git a/contrib/libfido2/README.adoc b/contrib/libfido2/README.adoc
new file mode 100644
index 000000000000..f5ffa7e4e602
--- /dev/null
+++ b/contrib/libfido2/README.adoc
@@ -0,0 +1,93 @@
+== libfido2
+
+image:https://github.com/yubico/libfido2/workflows/linux/badge.svg["Linux Build Status (github actions)", link="https://github.com/Yubico/libfido2/actions"]
+image:https://github.com/yubico/libfido2/workflows/macos/badge.svg["macOS Build Status (github actions)", link="https://github.com/Yubico/libfido2/actions"]
+image:https://github.com/yubico/libfido2/workflows/windows/badge.svg["Windows Build Status (github actions)", link="https://github.com/Yubico/libfido2/actions"]
+image:https://github.com/yubico/libfido2/workflows/fuzzer/badge.svg["Fuzz Status (github actions)", link="https://github.com/Yubico/libfido2/actions"]
+image:https://oss-fuzz-build-logs.storage.googleapis.com/badges/libfido2.svg["Fuzz Status (oss-fuzz)", link="https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:libfido2"]
+
+*libfido2* provides library functionality and command-line tools to
+communicate with a FIDO device over USB, and to verify attestation and
+assertion signatures.
+
+*libfido2* supports the FIDO U2F (CTAP 1) and FIDO 2.0 (CTAP 2) protocols.
+
+For usage, see the `examples/` directory.
+
+=== License
+
+*libfido2* is licensed under the BSD 2-clause license. See the LICENSE
+file for the full license text.
+
+=== Supported Platforms
+
+*libfido2* is known to work on Linux, macOS, Windows, OpenBSD, and FreeBSD.
+
+=== Documentation
+
+Documentation is available in troff and HTML formats. An
+https://developers.yubico.com/libfido2/Manuals/[online mirror of *libfido2*'s documentation]
+is also available.
+
+=== Bindings
+
+* .NET: https://github.com/borrrden/Fido2Net[Fido2Net]
+* Go: https://github.com/keys-pub/go-libfido2[go-libfido2]
+* Perl: https://github.com/jacquesg/p5-FIDO-Raw[p5-FIDO-Raw]
+* Rust: https://github.com/PvdBerg1998/libfido2[libfido2]
+
+=== Installation
+
+==== Releases
+
+The current release of *libfido2* is 1.8.0. Please consult Yubico's
+https://developers.yubico.com/libfido2/Releases[release page] for source
+and binary releases.
+
+==== Ubuntu 20.04 (Focal)
+
+  $ sudo apt install libfido2-1
+  $ sudo apt install libfido2-dev
+  $ sudo apt install libfido2-doc
+
+Alternatively, newer versions of *libfido2* are available in Yubico's PPA.
+Follow the instructions for Ubuntu 18.04 (Bionic) below.
+
+==== Ubuntu 18.04 (Bionic)
+
+  $ sudo apt install software-properties-common
+  $ sudo apt-add-repository ppa:yubico/stable
+  $ sudo apt update
+  $ sudo apt install libfido2-dev
+
+==== macOS
+
+  $ brew install libfido2
+
+Or from source, on UNIX-like systems:
+
+  $ (rm -rf build && mkdir build && cd build && cmake ..)
+  $ make -C build
+  $ sudo make -C build install
+
+Depending on the platform,
+https://www.freedesktop.org/wiki/Software/pkg-config/[pkg-config] may need to
+be installed, or the PKG_CONFIG_PATH environment variable set.
+
+*libfido2* depends on https://github.com/pjk/libcbor[libcbor],
+https://www.openssl.org[OpenSSL], and https://zlib.net[zlib]. On Linux, libudev
+(part of https://www.freedesktop.org/wiki/Software/systemd[systemd]) is also
+required.
+
+For complete, OS-specific installation instructions, please refer to the
+`.actions/` (Linux, macOS) and `windows/` directories.
+
+On Linux, you will need to add a udev rule to be able to access the FIDO
+device, or run as root. For example, the udev rule may contain the following:
+
+----
+#udev rule for allowing HID access to Yubico devices for FIDO support.
+
+KERNEL=="hidraw*", SUBSYSTEM=="hidraw", \
+  MODE="0664", GROUP="plugdev", ATTRS{idVendor}=="1050"
+----
diff --git a/contrib/libfido2/examples/CMakeLists.txt b/contrib/libfido2/examples/CMakeLists.txt
new file mode 100644
index 000000000000..ad3d44faad6b
--- /dev/null
+++ b/contrib/libfido2/examples/CMakeLists.txt
@@ -0,0 +1,69 @@
+# Copyright (c) 2018 Yubico AB. All rights reserved.
+# Use of this source code is governed by a BSD-style
+# license that can be found in the LICENSE file.
+
+list(APPEND COMPAT_SOURCES
+	../openbsd-compat/clock_gettime.c
+	../openbsd-compat/getopt_long.c
+	../openbsd-compat/strlcat.c
+	../openbsd-compat/strlcpy.c
+)
+
+if(WIN32 AND BUILD_SHARED_LIBS AND NOT CYGWIN AND NOT MSYS)
+	list(APPEND COMPAT_SOURCES ../openbsd-compat/posix_win.c)
+endif()
+
+# set the library to link against
+if(BUILD_STATIC_LIBS)
+	# drop -rdynamic
+	set(CMAKE_SHARED_LIBRARY_LINK_C_FLAGS "")
+	set(_FIDO2_LIBRARY fido2)
+elseif(BUILD_SHARED_LIBS)
+	set(_FIDO2_LIBRARY fido2_shared)
+else()
+	set(_FIDO2_LIBRARY ${CRYPTO_LIBRARIES} fido2)
+endif()
+
*** 44024 LINES SKIPPED ***