git: a32212fb595a - stable/13 - Import libfido2 at 'contrib/libfido2/'
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 09 Feb 2022 23:58:15 UTC
The branch stable/13 has been updated by emaste:
URL: https://cgit.FreeBSD.org/src/commit/?id=a32212fb595a58ee56972c0fc8b55b05ca5e82c5
commit a32212fb595a58ee56972c0fc8b55b05ca5e82c5
Author: Ed Maste <emaste@FreeBSD.org>
AuthorDate: 2021-10-07 01:27:02 +0000
Commit: Ed Maste <emaste@FreeBSD.org>
CommitDate: 2022-02-09 21:23:53 +0000
Import libfido2 at 'contrib/libfido2/'
git-subtree-dir: contrib/libfido2
git-subtree-mainline: d586c978b9b4216869e589daa5bbcc33225a0e35
git-subtree-split: a58dee945a5da64d0e97f35a508928e0d17c9cc7
(cherry picked from commit 0afa8e065e14bb8fd338d75690e0238c00167d40)
---
contrib/libfido2/CMakeLists.txt | 418 +++++
contrib/libfido2/LICENSE | 24 +
contrib/libfido2/NEWS | 179 +++
contrib/libfido2/README.adoc | 93 ++
contrib/libfido2/examples/CMakeLists.txt | 69 +
contrib/libfido2/examples/README.adoc | 98 ++
contrib/libfido2/examples/assert.c | 342 ++++
contrib/libfido2/examples/cred.c | 346 +++++
contrib/libfido2/examples/extern.h | 33 +
contrib/libfido2/examples/info.c | 293 ++++
contrib/libfido2/examples/manifest.c | 41 +
contrib/libfido2/examples/reset.c | 55 +
contrib/libfido2/examples/retries.c | 48 +
contrib/libfido2/examples/select.c | 214 +++
contrib/libfido2/examples/setpin.c | 54 +
contrib/libfido2/examples/util.c | 413 +++++
contrib/libfido2/fuzz/CMakeLists.txt | 63 +
contrib/libfido2/fuzz/Dockerfile | 12 +
contrib/libfido2/fuzz/Makefile | 79 +
contrib/libfido2/fuzz/README | 33 +
contrib/libfido2/fuzz/build-coverage | 31 +
contrib/libfido2/fuzz/dummy.h | 96 ++
contrib/libfido2/fuzz/export.gnu | 242 +++
contrib/libfido2/fuzz/functions.txt | 807 ++++++++++
contrib/libfido2/fuzz/fuzz_assert.c | 471 ++++++
contrib/libfido2/fuzz/fuzz_bio.c | 440 ++++++
contrib/libfido2/fuzz/fuzz_cred.c | 455 ++++++
contrib/libfido2/fuzz/fuzz_credman.c | 405 +++++
contrib/libfido2/fuzz/fuzz_hid.c | 215 +++
contrib/libfido2/fuzz/fuzz_largeblob.c | 270 ++++
contrib/libfido2/fuzz/fuzz_mgmt.c | 480 ++++++
contrib/libfido2/fuzz/fuzz_netlink.c | 249 +++
contrib/libfido2/fuzz/libfuzzer.c | 177 +++
contrib/libfido2/fuzz/mutator_aux.c | 326 ++++
contrib/libfido2/fuzz/mutator_aux.h | 96 ++
contrib/libfido2/fuzz/preload-fuzz.c | 104 ++
contrib/libfido2/fuzz/preload-snoop.c | 217 +++
contrib/libfido2/fuzz/prng.c | 113 ++
contrib/libfido2/fuzz/report.tgz | Bin 0 -> 303082 bytes
contrib/libfido2/fuzz/summary.txt | 51 +
contrib/libfido2/fuzz/udev.c | 269 ++++
contrib/libfido2/fuzz/uniform_random.c | 57 +
contrib/libfido2/fuzz/wiredata_fido2.h | 633 ++++++++
contrib/libfido2/fuzz/wiredata_u2f.h | 152 ++
contrib/libfido2/fuzz/wrap.c | 582 +++++++
contrib/libfido2/fuzz/wrapped.sym | 83 +
contrib/libfido2/man/CMakeLists.txt | 371 +++++
contrib/libfido2/man/NOTES | 7 +
contrib/libfido2/man/dyc.css | 14 +
contrib/libfido2/man/eddsa_pk_new.3 | 122 ++
contrib/libfido2/man/es256_pk_new.3 | 126 ++
contrib/libfido2/man/fido2-assert.1 | 256 +++
contrib/libfido2/man/fido2-cred.1 | 267 ++++
contrib/libfido2/man/fido2-token.1 | 388 +++++
contrib/libfido2/man/fido_assert_allow_cred.3 | 47 +
contrib/libfido2/man/fido_assert_new.3 | 243 +++
contrib/libfido2/man/fido_assert_set_authdata.3 | 221 +++
contrib/libfido2/man/fido_assert_verify.3 | 79 +
contrib/libfido2/man/fido_bio_dev_get_info.3 | 122 ++
contrib/libfido2/man/fido_bio_enroll_new.3 | 95 ++
contrib/libfido2/man/fido_bio_info_new.3 | 81 +
contrib/libfido2/man/fido_bio_template.3 | 179 +++
contrib/libfido2/man/fido_cbor_info_new.3 | 231 +++
contrib/libfido2/man/fido_cred_exclude.3 | 60 +
contrib/libfido2/man/fido_cred_new.3 | 257 +++
contrib/libfido2/man/fido_cred_set_authdata.3 | 307 ++++
contrib/libfido2/man/fido_cred_verify.3 | 69 +
contrib/libfido2/man/fido_credman_metadata_new.3 | 326 ++++
contrib/libfido2/man/fido_dev_enable_entattest.3 | 98 ++
contrib/libfido2/man/fido_dev_get_assert.3 | 76 +
contrib/libfido2/man/fido_dev_get_touch_begin.3 | 73 +
contrib/libfido2/man/fido_dev_info_manifest.3 | 143 ++
contrib/libfido2/man/fido_dev_largeblob_get.3 | 194 +++
contrib/libfido2/man/fido_dev_make_cred.3 | 77 +
contrib/libfido2/man/fido_dev_open.3 | 250 +++
contrib/libfido2/man/fido_dev_set_io_functions.3 | 134 ++
contrib/libfido2/man/fido_dev_set_pin.3 | 103 ++
contrib/libfido2/man/fido_init.3 | 52 +
contrib/libfido2/man/fido_strerr.3 | 27 +
contrib/libfido2/man/rs256_pk_new.3 | 122 ++
contrib/libfido2/man/style.css | 24 +
contrib/libfido2/openbsd-compat/bsd-getline.c | 115 ++
contrib/libfido2/openbsd-compat/bsd-getpagesize.c | 27 +
contrib/libfido2/openbsd-compat/clock_gettime.c | 32 +
contrib/libfido2/openbsd-compat/endian_win32.c | 51 +
contrib/libfido2/openbsd-compat/err.h | 85 +
contrib/libfido2/openbsd-compat/explicit_bzero.c | 57 +
.../libfido2/openbsd-compat/explicit_bzero_win32.c | 19 +
contrib/libfido2/openbsd-compat/freezero.c | 30 +
contrib/libfido2/openbsd-compat/getopt.h | 74 +
contrib/libfido2/openbsd-compat/getopt_long.c | 523 +++++++
contrib/libfido2/openbsd-compat/hkdf.c | 124 ++
contrib/libfido2/openbsd-compat/hkdf.h | 65 +
contrib/libfido2/openbsd-compat/openbsd-compat.h | 119 ++
.../libfido2/openbsd-compat/posix_ioctl_check.c | 7 +
contrib/libfido2/openbsd-compat/posix_win.c | 61 +
contrib/libfido2/openbsd-compat/posix_win.h | 47 +
contrib/libfido2/openbsd-compat/readpassphrase.c | 214 +++
contrib/libfido2/openbsd-compat/readpassphrase.h | 44 +
.../libfido2/openbsd-compat/readpassphrase_win32.c | 131 ++
contrib/libfido2/openbsd-compat/recallocarray.c | 91 ++
contrib/libfido2/openbsd-compat/strlcat.c | 63 +
contrib/libfido2/openbsd-compat/strlcpy.c | 59 +
contrib/libfido2/openbsd-compat/time.h | 61 +
contrib/libfido2/openbsd-compat/timingsafe_bcmp.c | 35 +
contrib/libfido2/openbsd-compat/types.h | 69 +
contrib/libfido2/regress/CMakeLists.txt | 16 +
contrib/libfido2/regress/assert.c | 553 +++++++
contrib/libfido2/regress/cred.c | 988 ++++++++++++
contrib/libfido2/regress/dev.c | 266 ++++
contrib/libfido2/src/CMakeLists.txt | 136 ++
contrib/libfido2/src/aes256.c | 215 +++
contrib/libfido2/src/assert.c | 1134 ++++++++++++++
contrib/libfido2/src/authkey.c | 97 ++
contrib/libfido2/src/bio.c | 841 ++++++++++
contrib/libfido2/src/blob.c | 133 ++
contrib/libfido2/src/blob.h | 41 +
contrib/libfido2/src/buf.c | 33 +
contrib/libfido2/src/cbor.c | 1635 ++++++++++++++++++++
contrib/libfido2/src/compress.c | 49 +
contrib/libfido2/src/config.c | 191 +++
contrib/libfido2/src/cred.c | 1086 +++++++++++++
contrib/libfido2/src/credman.c | 767 +++++++++
contrib/libfido2/src/dev.c | 732 +++++++++
contrib/libfido2/src/diff_exports.sh | 26 +
contrib/libfido2/src/ecdh.c | 207 +++
contrib/libfido2/src/eddsa.c | 172 ++
contrib/libfido2/src/err.c | 136 ++
contrib/libfido2/src/es256.c | 453 ++++++
contrib/libfido2/src/export.gnu | 234 +++
contrib/libfido2/src/export.llvm | 229 +++
contrib/libfido2/src/export.msvc | 230 +++
contrib/libfido2/src/extern.h | 240 +++
contrib/libfido2/src/fido.h | 228 +++
contrib/libfido2/src/fido/bio.h | 111 ++
contrib/libfido2/src/fido/config.h | 34 +
contrib/libfido2/src/fido/credman.h | 91 ++
contrib/libfido2/src/fido/eddsa.h | 54 +
contrib/libfido2/src/fido/err.h | 84 +
contrib/libfido2/src/fido/es256.h | 48 +
contrib/libfido2/src/fido/param.h | 117 ++
contrib/libfido2/src/fido/rs256.h | 36 +
contrib/libfido2/src/fido/types.h | 281 ++++
contrib/libfido2/src/hid.c | 179 +++
contrib/libfido2/src/hid_freebsd.c | 253 +++
contrib/libfido2/src/hid_hidapi.c | 268 ++++
contrib/libfido2/src/hid_linux.c | 375 +++++
contrib/libfido2/src/hid_netbsd.c | 338 ++++
contrib/libfido2/src/hid_openbsd.c | 260 ++++
contrib/libfido2/src/hid_osx.c | 571 +++++++
contrib/libfido2/src/hid_unix.c | 76 +
contrib/libfido2/src/hid_win.c | 540 +++++++
contrib/libfido2/src/info.c | 553 +++++++
contrib/libfido2/src/io.c | 288 ++++
contrib/libfido2/src/iso7816.c | 64 +
contrib/libfido2/src/iso7816.h | 49 +
contrib/libfido2/src/largeblob.c | 881 +++++++++++
contrib/libfido2/src/libfido2.pc.in | 12 +
contrib/libfido2/src/log.c | 121 ++
contrib/libfido2/src/netlink.c | 782 ++++++++++
contrib/libfido2/src/netlink.h | 44 +
contrib/libfido2/src/nfc_linux.c | 631 ++++++++
contrib/libfido2/src/packed.h | 22 +
contrib/libfido2/src/pin.c | 690 +++++++++
contrib/libfido2/src/random.c | 82 +
contrib/libfido2/src/reset.c | 43 +
contrib/libfido2/src/rs256.c | 200 +++
contrib/libfido2/src/u2f.c | 820 ++++++++++
contrib/libfido2/src/winhello.c | 934 +++++++++++
contrib/libfido2/tools/CMakeLists.txt | 77 +
contrib/libfido2/tools/assert_get.c | 316 ++++
contrib/libfido2/tools/assert_verify.c | 192 +++
contrib/libfido2/tools/base64.c | 134 ++
contrib/libfido2/tools/bio.c | 277 ++++
contrib/libfido2/tools/config.c | 149 ++
contrib/libfido2/tools/cred_make.c | 242 +++
contrib/libfido2/tools/cred_verify.c | 181 +++
contrib/libfido2/tools/credman.c | 329 ++++
contrib/libfido2/tools/extern.h | 99 ++
contrib/libfido2/tools/fido2-assert.c | 54 +
contrib/libfido2/tools/fido2-attach.sh | 14 +
contrib/libfido2/tools/fido2-cred.c | 52 +
contrib/libfido2/tools/fido2-detach.sh | 12 +
contrib/libfido2/tools/fido2-token.c | 107 ++
contrib/libfido2/tools/fido2-unprot.sh | 75 +
contrib/libfido2/tools/include_check.sh | 21 +
contrib/libfido2/tools/largeblob.c | 593 +++++++
contrib/libfido2/tools/pin.c | 143 ++
contrib/libfido2/tools/test.sh | 296 ++++
contrib/libfido2/tools/token.c | 576 +++++++
contrib/libfido2/tools/util.c | 591 +++++++
contrib/libfido2/udev/70-u2f.rules | 217 +++
contrib/libfido2/udev/CMakeLists.txt | 7 +
contrib/libfido2/udev/check.sh | 31 +
contrib/libfido2/udev/fidodevs | 126 ++
contrib/libfido2/udev/genrules.awk | 55 +
contrib/libfido2/windows/build.ps1 | 272 ++++
contrib/libfido2/windows/libressl.gpg | Bin 0 -> 16425 bytes
198 files changed, 43610 insertions(+)
diff --git a/contrib/libfido2/CMakeLists.txt b/contrib/libfido2/CMakeLists.txt
new file mode 100644
index 000000000000..101b7b33e2fc
--- /dev/null
+++ b/contrib/libfido2/CMakeLists.txt
@@ -0,0 +1,418 @@
+# Copyright (c) 2018 Yubico AB. All rights reserved.
+# Use of this source code is governed by a BSD-style
+# license that can be found in the LICENSE file.
+
+# detect AppleClang; needs to come before project()
+cmake_policy(SET CMP0025 NEW)
+
+project(libfido2 C)
+cmake_minimum_required(VERSION 3.0)
+# Set PIE flags for POSITION_INDEPENDENT_CODE targets, added in CMake 3.14.
+if(POLICY CMP0083)
+ cmake_policy(SET CMP0083 NEW)
+endif()
+
+include(CheckCCompilerFlag)
+include(CheckFunctionExists)
+include(CheckLibraryExists)
+include(CheckSymbolExists)
+include(CheckIncludeFiles)
+include(CheckTypeSize)
+include(GNUInstallDirs)
+include(CheckPIESupported OPTIONAL RESULT_VARIABLE CHECK_PIE_SUPPORTED)
+if(CHECK_PIE_SUPPORTED)
+ check_pie_supported(LANGUAGES C)
+endif()
+
+set(CMAKE_POSITION_INDEPENDENT_CODE ON)
+set(CMAKE_COLOR_MAKEFILE OFF)
+set(CMAKE_VERBOSE_MAKEFILE ON)
+set(FIDO_MAJOR "1")
+set(FIDO_MINOR "8")
+set(FIDO_PATCH "0")
+set(FIDO_VERSION ${FIDO_MAJOR}.${FIDO_MINOR}.${FIDO_PATCH})
+
+option(BUILD_EXAMPLES "Build example programs" ON)
+option(BUILD_MANPAGES "Build man pages" ON)
+option(BUILD_SHARED_LIBS "Build the shared library" ON)
+option(BUILD_STATIC_LIBS "Build the static library" ON)
+option(BUILD_TOOLS "Build tool programs" ON)
+option(FUZZ "Enable fuzzing instrumentation" OFF)
+option(LIBFUZZER "Build libfuzzer harnesses" OFF)
+option(USE_HIDAPI "Use hidapi as the HID backend" OFF)
+option(USE_WINHELLO "Abstract Windows Hello as a FIDO device" OFF)
+option(NFC_LINUX "Experimental NFC support on Linux" OFF)
+
+add_definitions(-D_FIDO_MAJOR=${FIDO_MAJOR})
+add_definitions(-D_FIDO_MINOR=${FIDO_MINOR})
+add_definitions(-D_FIDO_PATCH=${FIDO_PATCH})
+
+if(CYGWIN OR MSYS)
+ set(WIN32 1)
+ add_definitions(-DWINVER=0x0a00)
+endif()
+
+if(WIN32)
+ add_definitions(-DWIN32_LEAN_AND_MEAN -D_WIN32_WINNT=0x0600)
+endif()
+
+if(APPLE)
+ set(CMAKE_INSTALL_NAME_DIR
+ "${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_LIBDIR}")
+endif()
+
+if(NOT MSVC)
+ set(FIDO_CFLAGS "${FIDO_CFLAGS} -D_POSIX_C_SOURCE=200809L")
+ set(FIDO_CFLAGS "${FIDO_CFLAGS} -D_BSD_SOURCE")
+ if(APPLE)
+ set(FIDO_CFLAGS "${FIDO_CFLAGS} -D_DARWIN_C_SOURCE")
+ set(FIDO_CFLAGS "${FIDO_CFLAGS} -D__STDC_WANT_LIB_EXT1__=1")
+ elseif(CMAKE_SYSTEM_NAME STREQUAL "Linux")
+ set(NFC_LINUX OFF)
+ set(FIDO_CFLAGS "${FIDO_CFLAGS} -D_GNU_SOURCE")
+ set(FIDO_CFLAGS "${FIDO_CFLAGS} -D_DEFAULT_SOURCE")
+ elseif(CMAKE_SYSTEM_NAME STREQUAL "FreeBSD")
+ set(FIDO_CFLAGS "${FIDO_CFLAGS} -D__BSD_VISIBLE=1")
+ endif()
+ set(FIDO_CFLAGS "${FIDO_CFLAGS} -std=c99")
+ set(CMAKE_C_FLAGS "${FIDO_CFLAGS} ${CMAKE_C_FLAGS}")
+endif()
+
+check_c_compiler_flag("-Wshorten-64-to-32" HAVE_SHORTEN_64_TO_32)
+check_c_compiler_flag("-fstack-protector-all" HAVE_STACK_PROTECTOR_ALL)
+
+check_include_files(cbor.h HAVE_CBOR_H)
+check_include_files(endian.h HAVE_ENDIAN_H)
+check_include_files(err.h HAVE_ERR_H)
+check_include_files(openssl/opensslv.h HAVE_OPENSSLV_H)
+check_include_files(signal.h HAVE_SIGNAL_H)
+check_include_files(sys/random.h HAVE_SYS_RANDOM_H)
+check_include_files(unistd.h HAVE_UNISTD_H)
+check_include_files("windows.h;webauthn.h" HAVE_WEBAUTHN_H)
+
+check_symbol_exists(arc4random_buf stdlib.h HAVE_ARC4RANDOM_BUF)
+check_symbol_exists(clock_gettime time.h HAVE_CLOCK_GETTIME)
+check_symbol_exists(explicit_bzero string.h HAVE_EXPLICIT_BZERO)
+check_symbol_exists(freezero stdlib.h HAVE_FREEZERO)
+check_symbol_exists(getline stdio.h HAVE_GETLINE)
+check_symbol_exists(getopt unistd.h HAVE_GETOPT)
+check_symbol_exists(getpagesize unistd.h HAVE_GETPAGESIZE)
+check_symbol_exists(getrandom sys/random.h HAVE_GETRANDOM)
+check_symbol_exists(memset_s string.h HAVE_MEMSET_S)
+check_symbol_exists(readpassphrase readpassphrase.h HAVE_READPASSPHRASE)
+check_symbol_exists(recallocarray stdlib.h HAVE_RECALLOCARRAY)
+check_symbol_exists(sigaction signal.h HAVE_SIGACTION)
+check_symbol_exists(strlcat string.h HAVE_STRLCAT)
+check_symbol_exists(strlcpy string.h HAVE_STRLCPY)
+check_symbol_exists(sysconf unistd.h HAVE_SYSCONF)
+check_symbol_exists(timespecsub sys/time.h HAVE_TIMESPECSUB)
+check_symbol_exists(timingsafe_bcmp string.h HAVE_TIMINGSAFE_BCMP)
+
+set(CMAKE_EXTRA_INCLUDE_FILES signal.h)
+check_type_size("sig_atomic_t" HAVE_SIG_ATOMIC_T)
+set(CMAKE_EXTRA_INCLUDE_FILES)
+
+set(CMAKE_TRY_COMPILE_TARGET_TYPE STATIC_LIBRARY)
+try_compile(HAVE_POSIX_IOCTL
+ "${CMAKE_CURRENT_BINARY_DIR}/posix_ioctl_check.o"
+ "${CMAKE_CURRENT_SOURCE_DIR}/openbsd-compat/posix_ioctl_check.c"
+ COMPILE_DEFINITIONS "-Werror -Woverflow -Wsign-conversion")
+
+list(APPEND CHECK_VARIABLES
+ HAVE_ARC4RANDOM_BUF
+ HAVE_CBOR_H
+ HAVE_CLOCK_GETTIME
+ HAVE_ENDIAN_H
+ HAVE_ERR_H
+ HAVE_FREEZERO
+ HAVE_GETLINE
+ HAVE_GETOPT
+ HAVE_GETPAGESIZE
+ HAVE_GETRANDOM
+ HAVE_MEMSET_S
+ HAVE_OPENSSLV_H
+ HAVE_POSIX_IOCTL
+ HAVE_READPASSPHRASE
+ HAVE_RECALLOCARRAY
+ HAVE_SIGACTION
+ HAVE_SIGNAL_H
+ HAVE_STRLCAT
+ HAVE_STRLCPY
+ HAVE_SYSCONF
+ HAVE_SYS_RANDOM_H
+ HAVE_TIMESPECSUB
+ HAVE_TIMINGSAFE_BCMP
+ HAVE_UNISTD_H
+ HAVE_WEBAUTHN_H
+)
+
+foreach(v ${CHECK_VARIABLES})
+ if (${v})
+ add_definitions(-D${v})
+ endif()
+endforeach()
+
+if(HAVE_EXPLICIT_BZERO AND NOT LIBFUZZER)
+ add_definitions(-DHAVE_EXPLICIT_BZERO)
+endif()
+
+if(HAVE_SIGACTION AND (NOT HAVE_SIG_ATOMIC_T STREQUAL ""))
+ add_definitions(-DSIGNAL_EXAMPLE)
+endif()
+
+if(UNIX)
+ add_definitions(-DHAVE_DEV_URANDOM)
+endif()
+
+if(MSVC)
+ if((NOT CBOR_INCLUDE_DIRS) OR (NOT CBOR_LIBRARY_DIRS) OR
+ (NOT CRYPTO_INCLUDE_DIRS) OR (NOT CRYPTO_LIBRARY_DIRS) OR
+ (NOT ZLIB_INCLUDE_DIRS) OR (NOT ZLIB_LIBRARY_DIRS))
+ message(FATAL_ERROR "please provide definitions for "
+ "{CBOR,CRYPTO,ZLIB}_{INCLUDE,LIBRARY}_DIRS when building "
+ "under msvc")
+ endif()
+ set(CBOR_LIBRARIES cbor)
+ set(ZLIB_LIBRARIES zlib)
+ set(CRYPTO_LIBRARIES crypto-46)
+ set(MSVC_DISABLED_WARNINGS_LIST
+ "C4200" # nonstandard extension used: zero-sized array in
+ # struct/union;
+ "C4204" # nonstandard extension used: non-constant aggregate
+ # initializer;
+ "C4706" # assignment within conditional expression;
+ "C4996" # The POSIX name for this item is deprecated. Instead,
+ # use the ISO C and C++ conformant name;
+ "C6287" # redundant code: the left and right subexpressions are identical
+ )
+ # The construction in the following 3 lines was taken from LibreSSL's
+ # CMakeLists.txt.
+ string(REPLACE "C" " -wd" MSVC_DISABLED_WARNINGS_STR
+ ${MSVC_DISABLED_WARNINGS_LIST})
+ string(REGEX REPLACE "[/-]W[1234][ ]?" "" CMAKE_C_FLAGS ${CMAKE_C_FLAGS})
+ set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -MP -W4 -WX ${MSVC_DISABLED_WARNINGS_STR}")
+ set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} /Z7 /guard:cf /sdl /RTCcsu")
+ set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS_RELEASE} /Zi /guard:cf /sdl")
+ if (HAVE_WEBAUTHN_H)
+ add_definitions(-DUSE_WINHELLO)
+ set(USE_WINHELLO ON)
+ endif()
+else()
+ include(FindPkgConfig)
+ pkg_search_module(CBOR libcbor)
+ pkg_search_module(CRYPTO libcrypto)
+ pkg_search_module(ZLIB zlib)
+
+ if(NOT CBOR_FOUND AND NOT HAVE_CBOR_H)
+ message(FATAL_ERROR "could not find libcbor")
+ endif()
+ if(NOT CRYPTO_FOUND AND NOT HAVE_OPENSSLV_H)
+ message(FATAL_ERROR "could not find libcrypto")
+ endif()
+ if(NOT ZLIB_FOUND)
+ message(FATAL_ERROR "could not find zlib")
+ endif()
+
+ set(CBOR_LIBRARIES "cbor")
+ set(CRYPTO_LIBRARIES "crypto")
+
+ if(CMAKE_SYSTEM_NAME STREQUAL "Linux")
+ pkg_search_module(UDEV libudev REQUIRED)
+ set(UDEV_NAME "udev")
+ # If using hidapi, use hidapi-hidraw.
+ set(HIDAPI_SUFFIX -hidraw)
+ if(NOT HAVE_CLOCK_GETTIME)
+ # Look for clock_gettime in librt.
+ check_library_exists(rt clock_gettime "time.h"
+ HAVE_CLOCK_GETTIME)
+ if (HAVE_CLOCK_GETTIME)
+ add_definitions(-DHAVE_CLOCK_GETTIME)
+ set(BASE_LIBRARIES ${BASE_LIBRARIES} rt)
+ endif()
+ endif()
+ endif()
+
+ if(MINGW)
+ # MinGW is stuck with a flavour of C89.
+ add_definitions(-DFIDO_NO_DIAGNOSTIC)
+ add_definitions(-DWC_ERR_INVALID_CHARS=0x80)
+ add_compile_options(-Wno-unused-parameter)
+ endif()
+
+ if(USE_HIDAPI)
+ add_definitions(-DUSE_HIDAPI)
+ pkg_search_module(HIDAPI hidapi${HIDAPI_SUFFIX} REQUIRED)
+ set(HIDAPI_LIBRARIES hidapi${HIDAPI_SUFFIX})
+ endif()
+
+ if(FUZZ)
+ set(NFC_LINUX ON)
+ endif()
+
+ if(NFC_LINUX)
+ add_definitions(-DNFC_LINUX)
+ endif()
+
+ add_compile_options(-Wall)
+ add_compile_options(-Wextra)
+ add_compile_options(-Werror)
+ add_compile_options(-Wshadow)
+ add_compile_options(-Wcast-qual)
+ add_compile_options(-Wwrite-strings)
+ add_compile_options(-Wmissing-prototypes)
+ add_compile_options(-Wbad-function-cast)
+ add_compile_options(-pedantic)
+ add_compile_options(-pedantic-errors)
+
+ if(HAVE_SHORTEN_64_TO_32)
+ add_compile_options(-Wshorten-64-to-32)
+ endif()
+ if(HAVE_STACK_PROTECTOR_ALL)
+ add_compile_options(-fstack-protector-all)
+ endif()
+
+ set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -g2")
+ set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -fno-omit-frame-pointer")
+ set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS_RELEASE} -D_FORTIFY_SOURCE=2")
+
+ if(FUZZ)
+ add_definitions(-DFIDO_FUZZ)
+ endif()
+ if(LIBFUZZER)
+ set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize=fuzzer-no-link")
+ endif()
+endif()
+
+# Avoid https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66425
+if(CMAKE_COMPILER_IS_GNUCC)
+ add_compile_options(-Wno-unused-result)
+endif()
+
+# Decide which keyword to use for thread-local storage.
+if(CMAKE_COMPILER_IS_GNUCC OR
+ CMAKE_C_COMPILER_ID STREQUAL "Clang" OR
+ CMAKE_C_COMPILER_ID STREQUAL "AppleClang")
+ set(TLS "__thread")
+elseif(WIN32)
+ set(TLS "__declspec(thread)")
+endif()
+add_definitions(-DTLS=${TLS})
+
+# export list
+if(APPLE AND (CMAKE_C_COMPILER_ID STREQUAL "Clang" OR
+ CMAKE_C_COMPILER_ID STREQUAL "AppleClang"))
+ # clang + lld
+ string(CONCAT CMAKE_SHARED_LINKER_FLAGS ${CMAKE_SHARED_LINKER_FLAGS}
+ " -exported_symbols_list ${CMAKE_CURRENT_SOURCE_DIR}/src/export.llvm")
+elseif(NOT MSVC)
+ # clang/gcc + gnu ld
+ if(FUZZ)
+ string(CONCAT CMAKE_SHARED_LINKER_FLAGS ${CMAKE_SHARED_LINKER_FLAGS}
+ " -Wl,--version-script=${CMAKE_CURRENT_SOURCE_DIR}/fuzz/export.gnu")
+ else()
+ string(CONCAT CMAKE_SHARED_LINKER_FLAGS ${CMAKE_SHARED_LINKER_FLAGS}
+ " -Wl,--version-script=${CMAKE_CURRENT_SOURCE_DIR}/src/export.gnu")
+ endif()
+ if(NOT WIN32)
+ string(CONCAT CMAKE_SHARED_LINKER_FLAGS
+ ${CMAKE_SHARED_LINKER_FLAGS}
+ " -Wl,-z,noexecstack -Wl,-z,relro,-z,now")
+ string(CONCAT CMAKE_EXE_LINKER_FLAGS
+ ${CMAKE_EXE_LINKER_FLAGS}
+ " -Wl,-z,noexecstack -Wl,-z,relro,-z,now")
+ if(FUZZ)
+ file(STRINGS fuzz/wrapped.sym WRAPPED_SYMBOLS)
+ foreach(s ${WRAPPED_SYMBOLS})
+ string(CONCAT CMAKE_SHARED_LINKER_FLAGS
+ ${CMAKE_SHARED_LINKER_FLAGS}
+ " -Wl,--wrap=${s}")
+ endforeach()
+ endif()
+ endif()
+else()
+ string(CONCAT CMAKE_SHARED_LINKER_FLAGS ${CMAKE_SHARED_LINKER_FLAGS}
+ " /def:\"${CMAKE_CURRENT_SOURCE_DIR}/src/export.msvc\"")
+endif()
+
+include_directories(${CMAKE_SOURCE_DIR}/src)
+include_directories(${CBOR_INCLUDE_DIRS})
+include_directories(${CRYPTO_INCLUDE_DIRS})
+include_directories(${HIDAPI_INCLUDE_DIRS})
+include_directories(${UDEV_INCLUDE_DIRS})
+include_directories(${ZLIB_INCLUDE_DIRS})
+
+link_directories(${CBOR_LIBRARY_DIRS})
+link_directories(${CRYPTO_LIBRARY_DIRS})
+link_directories(${HIDAPI_LIBRARY_DIRS})
+link_directories(${UDEV_LIBRARY_DIRS})
+link_directories(${ZLIB_LIBRARY_DIRS})
+
+message(STATUS "BASE_LIBRARIES: ${BASE_LIBRARIES}")
+message(STATUS "BUILD_EXAMPLES: ${BUILD_EXAMPLES}")
+message(STATUS "BUILD_MANPAGES: ${BUILD_MANPAGES}")
+message(STATUS "BUILD_SHARED_LIBS: ${BUILD_SHARED_LIBS}")
+message(STATUS "BUILD_STATIC_LIBS: ${BUILD_STATIC_LIBS}")
+message(STATUS "BUILD_TOOLS: ${BUILD_TOOLS}")
+message(STATUS "CBOR_INCLUDE_DIRS: ${CBOR_INCLUDE_DIRS}")
+message(STATUS "CBOR_LIBRARIES: ${CBOR_LIBRARIES}")
+message(STATUS "CBOR_LIBRARY_DIRS: ${CBOR_LIBRARY_DIRS}")
+message(STATUS "CBOR_VERSION: ${CBOR_VERSION}")
+message(STATUS "CMAKE_BUILD_TYPE: ${CMAKE_BUILD_TYPE}")
+message(STATUS "CMAKE_C_COMPILER: ${CMAKE_C_COMPILER}")
+message(STATUS "CMAKE_C_COMPILER_ID: ${CMAKE_C_COMPILER_ID}")
+message(STATUS "CMAKE_C_FLAGS: ${CMAKE_C_FLAGS}")
+message(STATUS "CMAKE_INSTALL_LIBDIR: ${CMAKE_INSTALL_LIBDIR}")
+message(STATUS "CMAKE_INSTALL_PREFIX: ${CMAKE_INSTALL_PREFIX}")
+message(STATUS "CMAKE_SYSTEM_NAME: ${CMAKE_SYSTEM_NAME}")
+message(STATUS "CMAKE_SYSTEM_VERSION: ${CMAKE_SYSTEM_VERSION}")
+message(STATUS "CRYPTO_INCLUDE_DIRS: ${CRYPTO_INCLUDE_DIRS}")
+message(STATUS "CRYPTO_LIBRARIES: ${CRYPTO_LIBRARIES}")
+message(STATUS "CRYPTO_LIBRARY_DIRS: ${CRYPTO_LIBRARY_DIRS}")
+message(STATUS "CRYPTO_VERSION: ${CRYPTO_VERSION}")
+message(STATUS "FIDO_VERSION: ${FIDO_VERSION}")
+message(STATUS "FUZZ: ${FUZZ}")
+message(STATUS "ZLIB_INCLUDE_DIRS: ${ZLIB_INCLUDE_DIRS}")
+message(STATUS "ZLIB_LIBRARIES: ${ZLIB_LIBRARIES}")
+message(STATUS "ZLIB_LIBRARY_DIRS: ${ZLIB_LIBRARY_DIRS}")
+message(STATUS "ZLIB_VERSION: ${ZLIB_VERSION}")
+if(USE_HIDAPI)
+ message(STATUS "HIDAPI_INCLUDE_DIRS: ${HIDAPI_INCLUDE_DIRS}")
+ message(STATUS "HIDAPI_LIBRARIES: ${HIDAPI_LIBRARIES}")
+ message(STATUS "HIDAPI_LIBRARY_DIRS: ${HIDAPI_LIBRARY_DIRS}")
+ message(STATUS "HIDAPI_VERSION: ${HIDAPI_VERSION}")
+endif()
+message(STATUS "LIBFUZZER: ${LIBFUZZER}")
+message(STATUS "TLS: ${TLS}")
+message(STATUS "UDEV_INCLUDE_DIRS: ${UDEV_INCLUDE_DIRS}")
+message(STATUS "UDEV_LIBRARIES: ${UDEV_LIBRARIES}")
+message(STATUS "UDEV_LIBRARY_DIRS: ${UDEV_LIBRARY_DIRS}")
+message(STATUS "UDEV_RULES_DIR: ${UDEV_RULES_DIR}")
+message(STATUS "UDEV_VERSION: ${UDEV_VERSION}")
+message(STATUS "USE_HIDAPI: ${USE_HIDAPI}")
+message(STATUS "USE_WINHELLO: ${USE_WINHELLO}")
+message(STATUS "NFC_LINUX: ${NFC_LINUX}")
+
+subdirs(src)
+if(BUILD_EXAMPLES)
+ subdirs(examples)
+endif()
+if(BUILD_TOOLS)
+ subdirs(tools)
+endif()
+if(BUILD_MANPAGES)
+ subdirs(man)
+endif()
+
+if(NOT WIN32)
+ if(CMAKE_BUILD_TYPE STREQUAL "Debug")
+ if(NOT LIBFUZZER AND NOT FUZZ)
+ subdirs(regress)
+ endif()
+ endif()
+ if(FUZZ)
+ subdirs(fuzz)
+ endif()
+ if(CMAKE_SYSTEM_NAME STREQUAL "Linux")
+ subdirs(udev)
+ endif()
+endif()
diff --git a/contrib/libfido2/LICENSE b/contrib/libfido2/LICENSE
new file mode 100644
index 000000000000..4224f20992c0
--- /dev/null
+++ b/contrib/libfido2/LICENSE
@@ -0,0 +1,24 @@
+Copyright (c) 2018-2021 Yubico AB. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+ 1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in
+ the documentation and/or other materials provided with the
+ distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/contrib/libfido2/NEWS b/contrib/libfido2/NEWS
new file mode 100644
index 000000000000..a89766b72e89
--- /dev/null
+++ b/contrib/libfido2/NEWS
@@ -0,0 +1,179 @@
+* Version 1.8.0 (2021-07-22)
+ ** Dropped 'Requires.private' entry from pkg-config file.
+ ** Better support for FIDO 2.1 authenticators.
+ ** Support for Windows's native webauthn API.
+ ** Support for attestation format 'none'.
+ ** New API calls:
+ - fido_assert_set_clientdata;
+ - fido_cbor_info_algorithm_cose;
+ - fido_cbor_info_algorithm_count;
+ - fido_cbor_info_algorithm_type;
+ - fido_cbor_info_transports_len;
+ - fido_cbor_info_transports_ptr;
+ - fido_cred_set_clientdata;
+ - fido_cred_set_id;
+ - fido_credman_set_dev_rk;
+ - fido_dev_is_winhello.
+ ** fido2-token: new -Sc option to update a resident credential.
+ ** Documentation and reliability fixes.
+ ** HID access serialisation on Linux.
+
+* Version 1.7.0 (2021-03-29)
+ ** New dependency on zlib.
+ ** Fixed musl build; gh#259.
+ ** hid_win: detect devices with vendor or product IDs > 0x7fff; gh#264.
+ ** Support for FIDO 2.1 authenticator configuration.
+ ** Support for FIDO 2.1 UV token permissions.
+ ** Support for FIDO 2.1 "credBlobs" and "largeBlobs" extensions.
+ ** New API calls:
+ - fido_assert_blob_len;
+ - fido_assert_blob_ptr;
+ - fido_assert_largeblob_key_len;
+ - fido_assert_largeblob_key_ptr;
+ - fido_assert_set_hmac_secret;
+ - fido_cbor_info_maxcredbloblen;
+ - fido_cred_largeblob_key_len;
+ - fido_cred_largeblob_key_ptr;
+ - fido_cred_set_blob;
+ - fido_dev_enable_entattest;
+ - fido_dev_force_pin_change;
+ - fido_dev_has_uv;
+ - fido_dev_largeblob_get;
+ - fido_dev_largeblob_get_array;
+ - fido_dev_largeblob_remove;
+ - fido_dev_largeblob_set;
+ - fido_dev_largeblob_set_array;
+ - fido_dev_set_pin_minlen;
+ - fido_dev_set_sigmask;
+ - fido_dev_supports_credman;
+ - fido_dev_supports_permissions;
+ - fido_dev_supports_uv;
+ - fido_dev_toggle_always_uv.
+ ** New fido_init flag to disable fido_dev_open's U2F fallback; gh#282.
+ ** Experimental NFC support on Linux; enable with -DNFC_LINUX.
+
+* Version 1.6.0 (2020-12-22)
+ ** Fix OpenSSL 1.0 and Cygwin builds.
+ ** hid_linux: fix build on 32-bit systems.
+ ** hid_osx: allow reads from spawned threads.
+ ** Documentation and reliability fixes.
+ ** New API calls:
+ - fido_cred_authdata_raw_len;
+ - fido_cred_authdata_raw_ptr;
+ - fido_cred_sigcount;
+ - fido_dev_get_uv_retry_count;
+ - fido_dev_supports_credman.
+ ** Hardened Windows build.
+ ** Native FreeBSD and NetBSD support.
+ ** Use CTAP2 canonical CBOR when combining hmac-secret and credProtect.
+
+* Version 1.5.0 (2020-09-01)
+ ** hid_linux: return FIDO_OK if no devices are found.
+ ** hid_osx:
+ - repair communication with U2F tokens, gh#166;
+ - reliability fixes.
+ ** fido2-{assert,cred}: new options to explicitly toggle UP, UV.
+ ** Support for configurable report lengths.
+ ** New API calls:
+ - fido_cbor_info_maxcredcntlst;
+ - fido_cbor_info_maxcredidlen;
+ - fido_cred_aaguid_len;
+ - fido_cred_aaguid_ptr;
+ - fido_dev_get_touch_begin;
+ - fido_dev_get_touch_status.
+ ** Use COSE_ECDH_ES256 with CTAP_CBOR_CLIENT_PIN; gh#154.
+ ** Allow CTAP messages up to 2048 bytes; gh#171.
+ ** Ensure we only list USB devices by default.
+
+* Version 1.4.0 (2020-04-15)
+ ** hid_hidapi: hidapi backend; enable with -DUSE_HIDAPI=1.
+ ** Fall back to U2F if the key claims to, but does not support FIDO2.
+ ** FIDO2 credential protection (credprot) support.
+ ** New API calls:
+ - fido_cbor_info_fwversion;
+ - fido_cred_prot;
+ - fido_cred_set_prot;
+ - fido_dev_set_transport_functions;
+ - fido_set_log_handler.
+ ** Support for FreeBSD.
+ ** Support for C++.
+ ** Support for MSYS.
+ ** Fixed EdDSA and RSA self-attestation.
+
+* Version 1.3.1 (2020-02-19)
+ ** fix zero-ing of le1 and le2 when talking to a U2F device.
+ ** dropping sk-libfido2 middleware, please find it in the openssh tree.
+
+* Version 1.3.0 (2019-11-28)
+ ** assert/hmac: encode public key as per spec, gh#60.
+ ** fido2-cred: fix creation of resident keys.
+ ** fido2-{assert,cred}: support for hmac-secret extension.
+ ** hid_osx: detect device removal, gh#56.
+ ** hid_osx: fix device detection in MacOS Catalina.
+ ** New API calls:
+ - fido_assert_set_authdata_raw;
+ - fido_assert_sigcount;
+ - fido_cred_set_authdata_raw;
+ - fido_dev_cancel.
+ ** Middleware library for use by OpenSSH.
+ ** Support for biometric enrollment.
+ ** Support for OpenBSD.
+ ** Support for self-attestation.
+
+* Version 1.2.0 (released 2019-07-26)
+ ** Credential management support.
+ ** New API reflecting FIDO's 3-state booleans (true, false, absent):
+ - fido_assert_set_up;
+ - fido_assert_set_uv;
+ - fido_cred_set_rk;
+ - fido_cred_set_uv.
+ ** Command-line tools for Windows.
+ ** Documentation and reliability fixes.
+ ** fido_{assert,cred}_set_options() are now marked as deprecated.
+
+* Version 1.1.0 (released 2019-05-08)
+ ** MacOS: fix IOKit crash on HID read.
+ ** Windows: fix contents of release file.
+ ** EdDSA (Ed25519) support.
+ ** fido_dev_make_cred: fix order of CBOR map keys.
+ ** fido_dev_get_assert: plug memory leak when operating on U2F devices.
+
+* Version 1.0.0 (released 2019-03-21)
+ ** Native HID support on Linux, MacOS, and Windows.
+ ** fido2-{assert,cred}: new -u option to force U2F on dual authenticators.
+ ** fido2-assert: support for multiple resident keys with the same RP.
+ ** Strict checks for CTAP2 compliance on received CBOR payloads.
+ ** Better fuzzing harnesses.
+ ** Documentation and reliability fixes.
+
+* Version 0.4.0 (released 2019-01-07)
+ ** fido2-assert: print the user id for resident credentials.
+ ** Fix encoding of COSE algorithms when making a credential.
+ ** Rework purpose of fido_cred_set_type; no ABI change.
+ ** Minor documentation and code fixes.
+
+* Version 0.3.0 (released 2018-09-11)
+ ** Various reliability fixes.
+ ** Merged fuzzing instrumentation.
+ ** Added regress tests.
+ ** Added support for FIDO 2's hmac-secret extension.
+ ** New API calls:
+ - fido_assert_hmac_secret_len;
+ - fido_assert_hmac_secret_ptr;
+ - fido_assert_set_extensions;
+ - fido_assert_set_hmac_salt;
+ - fido_cred_set_extensions;
+ - fido_dev_force_fido2.
+ ** Support for native builds with Microsoft Visual Studio 17.
+
+* Version 0.2.0 (released 2018-06-20)
+ ** Added command-line tools.
+ ** Added a couple of missing get functions.
+
+* Version 0.1.1 (released 2018-06-05)
+ ** Added documentation.
+ ** Added OpenSSL 1.0 support.
+ ** Minor fixes.
+
+* Version 0.1.0 (released 2018-05-18)
+ ** First beta release.
diff --git a/contrib/libfido2/README.adoc b/contrib/libfido2/README.adoc
new file mode 100644
index 000000000000..f5ffa7e4e602
--- /dev/null
+++ b/contrib/libfido2/README.adoc
@@ -0,0 +1,93 @@
+== libfido2
+
+image:https://github.com/yubico/libfido2/workflows/linux/badge.svg["Linux Build Status (github actions)", link="https://github.com/Yubico/libfido2/actions"]
+image:https://github.com/yubico/libfido2/workflows/macos/badge.svg["macOS Build Status (github actions)", link="https://github.com/Yubico/libfido2/actions"]
+image:https://github.com/yubico/libfido2/workflows/windows/badge.svg["Windows Build Status (github actions)", link="https://github.com/Yubico/libfido2/actions"]
+image:https://github.com/yubico/libfido2/workflows/fuzzer/badge.svg["Fuzz Status (github actions)", link="https://github.com/Yubico/libfido2/actions"]
+image:https://oss-fuzz-build-logs.storage.googleapis.com/badges/libfido2.svg["Fuzz Status (oss-fuzz)", link="https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:libfido2"]
+
+*libfido2* provides library functionality and command-line tools to
+communicate with a FIDO device over USB, and to verify attestation and
+assertion signatures.
+
+*libfido2* supports the FIDO U2F (CTAP 1) and FIDO 2.0 (CTAP 2) protocols.
+
+For usage, see the `examples/` directory.
+
+=== License
+
+*libfido2* is licensed under the BSD 2-clause license. See the LICENSE
+file for the full license text.
+
+=== Supported Platforms
+
+*libfido2* is known to work on Linux, macOS, Windows, OpenBSD, and FreeBSD.
+
+=== Documentation
+
+Documentation is available in troff and HTML formats. An
+https://developers.yubico.com/libfido2/Manuals/[online mirror of *libfido2*'s documentation]
+is also available.
+
+=== Bindings
+
+* .NET: https://github.com/borrrden/Fido2Net[Fido2Net]
+* Go: https://github.com/keys-pub/go-libfido2[go-libfido2]
+* Perl: https://github.com/jacquesg/p5-FIDO-Raw[p5-FIDO-Raw]
+* Rust: https://github.com/PvdBerg1998/libfido2[libfido2]
+
+=== Installation
+
+==== Releases
+
+The current release of *libfido2* is 1.8.0. Please consult Yubico's
+https://developers.yubico.com/libfido2/Releases[release page] for source
+and binary releases.
+
+==== Ubuntu 20.04 (Focal)
+
+ $ sudo apt install libfido2-1
+ $ sudo apt install libfido2-dev
+ $ sudo apt install libfido2-doc
+
+Alternatively, newer versions of *libfido2* are available in Yubico's PPA.
+Follow the instructions for Ubuntu 18.04 (Bionic) below.
+
+==== Ubuntu 18.04 (Bionic)
+
+ $ sudo apt install software-properties-common
+ $ sudo apt-add-repository ppa:yubico/stable
+ $ sudo apt update
+ $ sudo apt install libfido2-dev
+
+==== macOS
+
+ $ brew install libfido2
+
+Or from source, on UNIX-like systems:
+
+ $ (rm -rf build && mkdir build && cd build && cmake ..)
+ $ make -C build
+ $ sudo make -C build install
+
+Depending on the platform,
+https://www.freedesktop.org/wiki/Software/pkg-config/[pkg-config] may need to
+be installed, or the PKG_CONFIG_PATH environment variable set.
+
+*libfido2* depends on https://github.com/pjk/libcbor[libcbor],
+https://www.openssl.org[OpenSSL], and https://zlib.net[zlib]. On Linux, libudev
+(part of https://www.freedesktop.org/wiki/Software/systemd[systemd]) is also
+required.
+
+For complete, OS-specific installation instructions, please refer to the
+`.actions/` (Linux, macOS) and `windows/` directories.
+
+On Linux, you will need to add a udev rule to be able to access the FIDO
+device, or run as root. For example, the udev rule may contain the following:
+
+----
+#udev rule for allowing HID access to Yubico devices for FIDO support.
+
+KERNEL=="hidraw*", SUBSYSTEM=="hidraw", \
+ MODE="0664", GROUP="plugdev", ATTRS{idVendor}=="1050"
+----
diff --git a/contrib/libfido2/examples/CMakeLists.txt b/contrib/libfido2/examples/CMakeLists.txt
new file mode 100644
index 000000000000..ad3d44faad6b
--- /dev/null
+++ b/contrib/libfido2/examples/CMakeLists.txt
@@ -0,0 +1,69 @@
+# Copyright (c) 2018 Yubico AB. All rights reserved.
+# Use of this source code is governed by a BSD-style
+# license that can be found in the LICENSE file.
+
+list(APPEND COMPAT_SOURCES
+ ../openbsd-compat/clock_gettime.c
+ ../openbsd-compat/getopt_long.c
+ ../openbsd-compat/strlcat.c
+ ../openbsd-compat/strlcpy.c
+)
+
+if(WIN32 AND BUILD_SHARED_LIBS AND NOT CYGWIN AND NOT MSYS)
+ list(APPEND COMPAT_SOURCES ../openbsd-compat/posix_win.c)
+endif()
+
+# set the library to link against
+if(BUILD_STATIC_LIBS)
+ # drop -rdynamic
+ set(CMAKE_SHARED_LIBRARY_LINK_C_FLAGS "")
+ set(_FIDO2_LIBRARY fido2)
+elseif(BUILD_SHARED_LIBS)
+ set(_FIDO2_LIBRARY fido2_shared)
+else()
+ set(_FIDO2_LIBRARY ${CRYPTO_LIBRARIES} fido2)
+endif()
+
*** 44024 LINES SKIPPED ***