New upstream version 1.4.0

119 files changed, 3796 insertions, 3100 deletions

diff --git a/.github/workflows/cifuzz_oss.yml b/.github/workflows/cifuzz_oss.yml
new file mode 100644
index 0000000..cbb334c
--- /dev/null
+++ b/.github/workflows/cifuzz_oss.yml
@@ -0,0 +1,23 @@
+name: CIFuzz
+on: [pull_request]
+jobs:
+  Fuzzing:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Build Fuzzers
+      uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master
+      with:
+        oss-fuzz-project-name: 'libfido2'
+        dry-run: false
+    - name: Run Fuzzers
+      uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master
+      with:
+        oss-fuzz-project-name: 'libfido2'
+        fuzz-seconds: 600
+        dry-run: false
+    - name: Upload Crash
+      uses: actions/upload-artifact@v1
+      if: failure()
+      with:
+        name: artifacts
+        path: ./out/artifacts
diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml
new file mode 100644
index 0000000..008961b
--- /dev/null
+++ b/.github/workflows/scan.yml
@@ -0,0 +1,36 @@
+name: static code analysis
+
+on:
+  push:
+  schedule:
+    - cron: '0 0 * * 1'
+
+env:
+  SCAN_IMG:
+    yes-docker-local.artifactory.in.yubico.org/static-code-analysis/c:v1
+  SECRET: ${{ secrets.ARTIFACTORY_READER_TOKEN }}
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@master
+
+    - name: Scan but do not fail on warnings
+      run: |
+        if [ "${SECRET}" != "" ]; then
+          docker login yes-docker-local.artifactory.in.yubico.org/ \
+             -u svc-static-code-analysis-reader \
+             -p ${{ secrets.ARTIFACTORY_READER_TOKEN }}
+          docker pull ${SCAN_IMG}
+          docker run -v${PWD}:/k -e COMPILE_DEPS="${COMPILE_DEPS}" \
+             -e PROJECT_NAME=${GITHUB_REPOSITORY#Yubico/} -t ${SCAN_IMG}
+        fi
+      continue-on-error: true
+
+    - uses: actions/upload-artifact@master
+      if: failure()
+      with:
+        name: suppression_files
+        path: suppression_files
diff --git a/.gitignore b/.gitignore
index 329c184..0915625 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,6 +1,9 @@
 build/
 cscope.out
 fuzz/build/
+fuzz/corpus.tgz-
+fuzz/fuzz_*/
 fuzz/obj/
+fuzz/report
 fuzz/*.so
 output/
diff --git a/.travis.yml b/.travis.yml
index 5ddf36f..c2bff78 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -53,7 +53,7 @@ matrix:
       script: /bin/sh -eux .travis/build-osx-clang
     - os: linux
       compiler: clang-7
-      dist: xenial
+      dist: bionic
       sudo: required
       addons:
         apt:
@@ -68,7 +68,7 @@ matrix:
       script: /bin/sh -eux .travis/fuzz-linux-asan
     - os: linux
       compiler: clang-7
-      dist: xenial
+      dist: bionic
       sudo: required
       addons:
         apt:
diff --git a/.travis/fuzz-linux-asan b/.travis/fuzz-linux-asan
index 0a0aebb..af8a08c 100644
--- a/.travis/fuzz-linux-asan
+++ b/.travis/fuzz-linux-asan
@@ -45,14 +45,15 @@ make
 
 # Fuzz with ASAN.
 mkdir corpus
+curl -s https://ambientworks.net/tmp/corpus.tgz > ../fuzz/corpus.tgz
 tar -C corpus -zxf ../fuzz/corpus.tgz
 fuzz/fuzz_cred -use_value_profile=1 -reload=30 -print_pcs=1 \
-        -print_funcs=30 -timeout=10 -max_len=17408 -runs=1 corpus/fuzz_cred
+        -print_funcs=30 -timeout=10 -runs=1 corpus/fuzz_cred
 fuzz/fuzz_assert -use_value_profile=1 -reload=30 -print_pcs=1 \
-        -print_funcs=30 -timeout=10 -max_len=17408 -runs=1 corpus/fuzz_assert
+        -print_funcs=30 -timeout=10 -runs=1 corpus/fuzz_assert
 fuzz/fuzz_credman -use_value_profile=1 -reload=30 -print_pcs=1 \
-        -print_funcs=30 -timeout=10 -max_len=17408 -runs=1 corpus/fuzz_credman
+        -print_funcs=30 -timeout=10 -runs=1 corpus/fuzz_credman
 fuzz/fuzz_mgmt -use_value_profile=1 -reload=30 -print_pcs=1 \
-        -print_funcs=30 -timeout=10 -max_len=17408 -runs=1 corpus/fuzz_mgmt
+        -print_funcs=30 -timeout=10 -runs=1 corpus/fuzz_mgmt
 fuzz/fuzz_bio -use_value_profile=1 -reload=30 -print_pcs=1 \
-        -print_funcs=30 -timeout=10 -max_len=17408 -runs=1 corpus/fuzz_bio
+        -print_funcs=30 -timeout=10 -runs=1 corpus/fuzz_bio
diff --git a/.travis/fuzz-linux-msan b/.travis/fuzz-linux-msan
index fd7b2ac..e67ab22 100644
--- a/.travis/fuzz-linux-msan
+++ b/.travis/fuzz-linux-msan
@@ -45,14 +45,15 @@ make
 
 # Fuzz with MSAN.
 mkdir corpus
+curl -s https://ambientworks.net/tmp/corpus.tgz > ../fuzz/corpus.tgz
 tar -C corpus -zxf ../fuzz/corpus.tgz
 fuzz/fuzz_cred -use_value_profile=1 -reload=30 -print_pcs=1 \
-        -print_funcs=30 -timeout=10 -max_len=17408 -runs=1 corpus/fuzz_cred
+        -print_funcs=30 -timeout=10 -runs=1 corpus/fuzz_cred
 fuzz/fuzz_assert -use_value_profile=1 -reload=30 -print_pcs=1 \
-        -print_funcs=30 -timeout=10 -max_len=17408 -runs=1 corpus/fuzz_assert
+        -print_funcs=30 -timeout=10 -runs=1 corpus/fuzz_assert
 fuzz/fuzz_credman -use_value_profile=1 -reload=30 -print_pcs=1 \
-        -print_funcs=30 -timeout=10 -max_len=17408 -runs=1 corpus/fuzz_credman
+        -print_funcs=30 -timeout=10 -runs=1 corpus/fuzz_credman
 fuzz/fuzz_mgmt -use_value_profile=1 -reload=30 -print_pcs=1 \
-        -print_funcs=30 -timeout=10 -max_len=17408 -runs=1 corpus/fuzz_mgmt
+        -print_funcs=30 -timeout=10 -runs=1 corpus/fuzz_mgmt
 fuzz/fuzz_bio -use_value_profile=1 -reload=30 -print_pcs=1 \
-        -print_funcs=30 -timeout=10 -max_len=17408 -runs=1 corpus/fuzz_bio
+        -print_funcs=30 -timeout=10 -runs=1 corpus/fuzz_bio
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 9481c46..0bb2e87 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -19,14 +19,19 @@ set(CMAKE_VERBOSE_MAKEFILE on)
 set(CMAKE_POSITION_INDEPENDENT_CODE ON)
 
 set(FIDO_MAJOR "1")
-set(FIDO_MINOR "3")
-set(FIDO_PATCH "1")
+set(FIDO_MINOR "4")
+set(FIDO_PATCH "0")
 set(FIDO_VERSION ${FIDO_MAJOR}.${FIDO_MINOR}.${FIDO_PATCH})
 
 add_definitions(-D_FIDO_MAJOR=${FIDO_MAJOR})
 add_definitions(-D_FIDO_MINOR=${FIDO_MINOR})
 add_definitions(-D_FIDO_PATCH=${FIDO_PATCH})
 
+if(CYGWIN OR MSYS)
+        set(WIN32 1)
+        add_definitions(-DWINVER=0x0a00)
+endif()
+
 if(WIN32)
         add_definitions(-DWIN32_LEAN_AND_MEAN)
 endif()
@@ -36,11 +41,6 @@ if(APPLE)
                 "${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_LIBDIR}")
 endif()
 
-# /dev/urandom
-if(UNIX)
-        add_definitions(-DHAS_DEV_URANDOM)
-endif()
-
 # Observe OpenBSD's library versioning scheme.
 if(CMAKE_SYSTEM_NAME STREQUAL "OpenBSD")
         set(LIB_VERSION ${FIDO_MAJOR}.${FIDO_MINOR})
@@ -79,7 +79,7 @@ if(MSVC)
 else()
         include(FindPkgConfig)
         pkg_search_module(CBOR libcbor)
-        pkg_search_module(CRYPTO libcrypto REQUIRED)
+        pkg_search_module(CRYPTO libcrypto)
 
         # XXX workaround libcbor's missing .pc file
         if(NOT CBOR_FOUND)
@@ -90,12 +90,24 @@ else()
                 set(CBOR_LIBRARIES "cbor")
         endif()
 
+        # XXX workaround libcrypto's missing .pc file
+        if(NOT CRYPTO_FOUND)
+                check_include_files(openssl/opensslv.h HAVE_OPENSSLV_H)
+                if(NOT HAVE_OPENSSLV_H)
+                        message(FATAL_ERROR "could not find crypto header files")
+                endif()
+                set(CRYPTO_LIBRARIES "crypto")
+        endif()
+
         if(CMAKE_SYSTEM_NAME STREQUAL "Linux")
                 pkg_search_module(UDEV libudev REQUIRED)
                 set(UDEV_NAME "udev")
                 # Define be32toh().
                 add_definitions(-D_GNU_SOURCE)
-        elseif(CMAKE_SYSTEM_NAME STREQUAL "OpenBSD")
+                # If using hidapi, use hidapi-hidraw.
+                set(HIDAPI_SUFFIX -hidraw)
+        elseif(CMAKE_SYSTEM_NAME STREQUAL "FreeBSD" OR
+               CMAKE_SYSTEM_NAME STREQUAL "OpenBSD")
                 set(BASE_LIBRARIES usbhid)
         endif()
 
@@ -103,6 +115,15 @@ else()
                 # MinGW is stuck with a flavour of C89.
                 add_definitions(-DFIDO_NO_DIAGNOSTIC)
                 add_definitions(-DWC_ERR_INVALID_CHARS=0x80)
+                set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wno-unused-parameter")
+        endif()
+
+        if(USE_HIDAPI)
+                add_definitions(-DUSE_HIDAPI)
+                pkg_search_module(HIDAPI hidapi${HIDAPI_SUFFIX} REQUIRED)
+                if(HIDAPI_FOUND)
+                        set(HIDAPI_LIBRARIES hidapi${HIDAPI_SUFFIX})
+                endif()
         endif()
 
         set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall")
@@ -114,7 +135,12 @@ else()
         set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wbad-function-cast")
         set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -pedantic")
         set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -pedantic-errors")
-        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fstack-protector-all")
+        check_c_compiler_flag("-fstack-protector-all" HAVE_STACK_PROTECTOR_ALL)
+        if(HAVE_STACK_PROTECTOR_ALL)
+                set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fstack-protector-all")
+        endif()
+
+        add_definitions(-D_DEFAULT_SOURCE)
         set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -std=c99")
 
         set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -g2")
@@ -123,6 +149,7 @@ else()
         if(FUZZ)
                 if(LIBFUZZER)
                         set(FUZZ_LDFLAGS "-fsanitize=fuzzer")
+                        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize=fuzzer-no-link")
                 endif()
                 add_definitions(-DFIDO_FUZZ)
         endif()
@@ -192,6 +219,12 @@ if(HAVE_SIGNAL_H)
         add_definitions(-DHAVE_SIGNAL_H)
 endif()
 
+# sys/random.h
+check_include_files(sys/random.h HAVE_SYS_RANDOM_H)
+if(HAVE_SYS_RANDOM_H)
+        add_definitions(-DHAVE_SYS_RANDOM_H)
+endif()
+
 # strlcpy
 check_function_exists(strlcpy HAVE_STRLCPY)
 if(HAVE_STRLCPY)
@@ -289,21 +322,32 @@ if(HAVE_ARC4RANDOM_BUF)
         add_definitions(-DHAVE_ARC4RANDOM_BUF)
 endif()
 
-# getentropy
-check_function_exists(getentropy HAVE_GETENTROPY)
-if(HAVE_GETENTROPY)
-        add_definitions(-DHAVE_GETENTROPY)
+# getrandom
+check_function_exists(getrandom HAVE_GETRANDOM)
+if(HAVE_GETRANDOM)
+        add_definitions(-DHAVE_GETRANDOM)
+endif()
+
+# /dev/urandom
+if(UNIX)
+        add_definitions(-DHAVE_DEV_URANDOM)
 endif()
 
 # export list
-if(CMAKE_C_COMPILER_ID STREQUAL "AppleClang")
+if(APPLE AND (CMAKE_C_COMPILER_ID STREQUAL "Clang" OR
+   CMAKE_C_COMPILER_ID STREQUAL "AppleClang"))
         # clang + lld
         string(CONCAT CMAKE_SHARED_LINKER_FLAGS ${CMAKE_SHARED_LINKER_FLAGS}
             " -exported_symbols_list ${CMAKE_CURRENT_SOURCE_DIR}/src/export.llvm")
 elseif(NOT MSVC)
         # clang/gcc + gnu ld
-        string(CONCAT CMAKE_SHARED_LINKER_FLAGS ${CMAKE_SHARED_LINKER_FLAGS}
-            " -Wl,--version-script=${CMAKE_CURRENT_SOURCE_DIR}/src/export.gnu")
+        if(FUZZ)
+                string(CONCAT CMAKE_SHARED_LINKER_FLAGS ${CMAKE_SHARED_LINKER_FLAGS}
+                    " -Wl,--version-script=${CMAKE_CURRENT_SOURCE_DIR}/fuzz/export.gnu")
+        else()
+                string(CONCAT CMAKE_SHARED_LINKER_FLAGS ${CMAKE_SHARED_LINKER_FLAGS}
+                    " -Wl,--version-script=${CMAKE_CURRENT_SOURCE_DIR}/src/export.gnu")
+        endif()
         if(NOT WIN32)
                 string(CONCAT CMAKE_SHARED_LINKER_FLAGS
                     ${CMAKE_SHARED_LINKER_FLAGS}
@@ -344,6 +388,7 @@ message(STATUS "CRYPTO_INCLUDE_DIRS: ${CRYPTO_INCLUDE_DIRS}")
 message(STATUS "CRYPTO_LIBRARY_DIRS: ${CRYPTO_LIBRARY_DIRS}")
 message(STATUS "CRYPTO_LIBRARIES: ${CRYPTO_LIBRARIES}")
 message(STATUS "BASE_LIBRARIES: ${BASE_LIBRARIES}")
+message(STATUS "HIDAPI_LIBRARIES: ${HIDAPI_LIBRARIES}")
 message(STATUS "VERSION: ${FIDO_VERSION}")
 message(STATUS "LIB_VERSION: ${LIB_VERSION}")
 message(STATUS "LIB_SOVERSION: ${LIB_SOVERSION}")
@@ -354,6 +399,7 @@ message(STATUS "ASAN: ${ASAN}")
 message(STATUS "MSAN: ${MSAN}")
 message(STATUS "COVERAGE: ${COVERAGE}")
 message(STATUS "TLS: ${TLS}")
+message(STATUS "USE_HIDAPI: ${USE_HIDAPI}")
 
 if(CMAKE_SYSTEM_NAME STREQUAL "Linux")
         message(STATUS "UDEV_INCLUDE_DIRS: ${UDEV_INCLUDE_DIRS}")
diff --git a/NEWS b/NEWS
index 8b96d39..153ff71 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,18 @@
+* Version 1.4.0 (2020-04-15)
+ ** hid_hidapi: hidapi backend; enable with -DUSE_HIDAPI=1.
+ ** Fall back to U2F if the key claims to, but does not support FIDO2.
+ ** FIDO2 credential protection (credprot) support.
+ ** New API calls:
+  - fido_cbor_info_fwversion;
+  - fido_cred_prot;
+  - fido_cred_set_prot;
+  - fido_dev_set_transport_functions;
+  - fido_set_log_handler.
+ ** Support for FreeBSD.
+ ** Support for C++.
+ ** Support for MSYS.
+ ** Fixed EdDSA and RSA self-attestation.
+
 * Version 1.3.1 (2020-02-19)
  ** fix zero-ing of le1 and le2 when talking to a U2F device.
  ** dropping sk-libfido2 middleware, please find it in the openssh tree.
diff --git a/README.adoc b/README.adoc
index ce8ac1e..f389a83 100644
--- a/README.adoc
+++ b/README.adoc
@@ -31,16 +31,21 @@ is also available.
 
 ==== Releases
 
-The current release of *libfido2* is 1.3.1. Please consult Yubico's
+The current release of *libfido2* is 1.4.0. Please consult Yubico's
 https://developers.yubico.com/libfido2/Releases[release page] for source
 and binary releases.
 
 ==== Ubuntu
 
+  $ sudo apt install software-properties-common
   $ sudo apt-add-repository ppa:yubico/stable
   $ sudo apt update
   $ sudo apt install libfido2-dev
 
+==== MacOS
+
+  $ brew install libfido2
+
 Or from source, on UNIX-like systems:
 
   $ (rm -rf build && mkdir build && cd build && cmake ..)
@@ -51,8 +56,7 @@ Depending on the platform, the PKG_CONFIG_PATH environment variable may need to
 be set.
 
 *libfido2* depends on https://github.com/pjk/libcbor[libcbor] and
-https://github.com/libressl-portable/portable[LibreSSL] (alternatively,
-https://www.openssl.org[OpenSSL] may be used). On Linux, libudev (part of
+https://www.openssl.org[OpenSSL]. On Linux, libudev (part of
 https://www.freedesktop.org/wiki/Software/systemd[systemd]) is also required.
 
 For complete, OS-specific installation instructions, please refer to the
diff --git a/debian/libfido2-dev.install b/debian/libfido2-dev.install
index 77fd2fb..c1c34e7 100644
--- a/debian/libfido2-dev.install
+++ b/debian/libfido2-dev.install
@@ -1,23 +1,29 @@
 usr/include
 usr/lib/*/*.so
 usr/lib/*/pkgconfig/*.pc
-usr/share/doc/libfido2/es256_pk.html
-usr/share/doc/libfido2/fido.html
-usr/share/doc/libfido2/fido_assert.html
-usr/share/doc/libfido2/fido_assert_allow_cred.html
-usr/share/doc/libfido2/fido_assert_set.html
-usr/share/doc/libfido2/fido_assert_verify.html
-usr/share/doc/libfido2/fido_cbor_info.html
-usr/share/doc/libfido2/fido_cred.html
-usr/share/doc/libfido2/fido_cred_exclude.html
-usr/share/doc/libfido2/fido_cred_set.html
-usr/share/doc/libfido2/fido_cred_verify.html
-usr/share/doc/libfido2/fido_dev_get_assert.html
-usr/share/doc/libfido2/fido_dev_info_manifest.html
-usr/share/doc/libfido2/fido_dev_make_cred.html
-usr/share/doc/libfido2/fido_dev_open.html
-usr/share/doc/libfido2/fido_dev_set_io_functions.html
-usr/share/doc/libfido2/fido_dev_set_pin.html
-usr/share/doc/libfido2/fido_strerr.html
-usr/share/doc/libfido2/rs256_pk.html
-usr/share/doc/libfido2/style.css
+usr/share/doc/libfido2/html/eddsa_pk_new.html
+usr/share/doc/libfido2/html/es256_pk_new.html
+usr/share/doc/libfido2/html/fido_init.html
+usr/share/doc/libfido2/html/fido_assert_new.html
+usr/share/doc/libfido2/html/fido_assert_allow_cred.html
+usr/share/doc/libfido2/html/fido_assert_set_authdata.html
+usr/share/doc/libfido2/html/fido_assert_verify.html
+usr/share/doc/libfido2/html/fido_bio_dev_get_info.html
+usr/share/doc/libfido2/html/fido_bio_enroll_new.html
+usr/share/doc/libfido2/html/fido_bio_info_new.html
+usr/share/doc/libfido2/html/fido_bio_template.html
+usr/share/doc/libfido2/html/fido_cbor_info_new.html
+usr/share/doc/libfido2/html/fido_cred_new.html
+usr/share/doc/libfido2/html/fido_cred_exclude.html
+usr/share/doc/libfido2/html/fido_credman_metadata_new.html
+usr/share/doc/libfido2/html/fido_cred_set_authdata.html
+usr/share/doc/libfido2/html/fido_cred_verify.html
+usr/share/doc/libfido2/html/fido_dev_get_assert.html
+usr/share/doc/libfido2/html/fido_dev_info_manifest.html
+usr/share/doc/libfido2/html/fido_dev_make_cred.html
+usr/share/doc/libfido2/html/fido_dev_open.html
+usr/share/doc/libfido2/html/fido_dev_set_io_functions.html
+usr/share/doc/libfido2/html/fido_dev_set_pin.html
+usr/share/doc/libfido2/html/fido_strerr.html
+usr/share/doc/libfido2/html/rs256_pk_new.html
+usr/share/doc/libfido2/html/style.css
diff --git a/debian/libfido2-dev.links b/debian/libfido2-dev.links
index 6fd8356..b23b8a0 100644
--- a/debian/libfido2-dev.links
+++ b/debian/libfido2-dev.links
@@ -1,148 +1,276 @@
-/usr/share/man/man3/es256_pk.3 /usr/share/man/man3/es256_pk_new.3
-/usr/share/man/man3/es256_pk.3 /usr/share/man/man3/es256_pk_free.3
-/usr/share/man/man3/es256_pk.3 /usr/share/man/man3/es256_pk_from_EC_KEY.3
-/usr/share/man/man3/es256_pk.3 /usr/share/man/man3/es256_pk_from_ptr.3
-/usr/share/man/man3/es256_pk.3 /usr/share/man/man3/es256_pk_to_EVP_PKEY.3
-/usr/share/man/man3/fido.3 /usr/share/man/man3/fido_init.3
-/usr/share/man/man3/fido_assert.3 /usr/share/man/man3/fido_assert_new.3
-/usr/share/man/man3/fido_assert.3 /usr/share/man/man3/fido_assert_free.3
-/usr/share/man/man3/fido_assert.3 /usr/share/man/man3/fido_assert_count.3
-/usr/share/man/man3/fido_assert.3 /usr/share/man/man3/fido_assert_user_display_name.3
-/usr/share/man/man3/fido_assert.3 /usr/share/man/man3/fido_assert_user_icon.3
-/usr/share/man/man3/fido_assert.3 /usr/share/man/man3/fido_assert_user_name.3
-/usr/share/man/man3/fido_assert.3 /usr/share/man/man3/fido_assert_authdata_ptr.3
-/usr/share/man/man3/fido_assert.3 /usr/share/man/man3/fido_assert_clientdata_hash_ptr.3
-/usr/share/man/man3/fido_assert.3 /usr/share/man/man3/fido_assert_user_id_ptr.3
-/usr/share/man/man3/fido_assert.3 /usr/share/man/man3/fido_assert_sig_ptr.3
-/usr/share/man/man3/fido_assert.3 /usr/share/man/man3/fido_assert_authdata_len.3
-/usr/share/man/man3/fido_assert.3 /usr/share/man/man3/fido_assert_clientdata_hash_len.3
-/usr/share/man/man3/fido_assert.3 /usr/share/man/man3/fido_assert_user_id_len.3
-/usr/share/man/man3/fido_assert.3 /usr/share/man/man3/fido_assert_sig_len.3
-/usr/share/man/man3/fido_assert_set.3 /usr/share/man/man3/fido_assert_set_authdata.3
-/usr/share/man/man3/fido_assert_set.3 /usr/share/man/man3/fido_assert_set_clientdata_hash.3
-/usr/share/man/man3/fido_assert_set.3 /usr/share/man/man3/fido_assert_set_count.3
-/usr/share/man/man3/fido_assert_set.3 /usr/share/man/man3/fido_assert_set_options.3
-/usr/share/man/man3/fido_assert_set.3 /usr/share/man/man3/fido_assert_set_rp.3
-/usr/share/man/man3/fido_assert_set.3 /usr/share/man/man3/fido_assert_set_sig.3
-/usr/share/man/man3/fido_cred.3 /usr/share/man/man3/fido_cred_new.3
-/usr/share/man/man3/fido_cred.3 /usr/share/man/man3/fido_cred_free.3
-/usr/share/man/man3/fido_cred.3 /usr/share/man/man3/fido_cred_fmt.3
-/usr/share/man/man3/fido_cred.3 /usr/share/man/man3/fido_cred_authdata_ptr.3
-/usr/share/man/man3/fido_cred.3 /usr/share/man/man3/fido_cred_clientdata_hash_ptr.3
-/usr/share/man/man3/fido_cred.3 /usr/share/man/man3/fido_cred_id_ptr.3
-/usr/share/man/man3/fido_cred.3 /usr/share/man/man3/fido_cred_pubkey_ptr.3
-/usr/share/man/man3/fido_cred.3 /usr/share/man/man3/fido_cred_sig_ptr.3
-/usr/share/man/man3/fido_cred.3 /usr/share/man/man3/fido_cred_x5c_ptr.3
-/usr/share/man/man3/fido_cred.3 /usr/share/man/man3/fido_cred_authdata_len.3
-/usr/share/man/man3/fido_cred.3 /usr/share/man/man3/fido_cred_clientdata_hash_len.3
-/usr/share/man/man3/fido_cred.3 /usr/share/man/man3/fido_cred_id_len.3
-/usr/share/man/man3/fido_cred.3 /usr/share/man/man3/fido_cred_pubkey_len.3
-/usr/share/man/man3/fido_cred.3 /usr/share/man/man3/fido_cred_sig_len.3
-/usr/share/man/man3/fido_cred.3 /usr/share/man/man3/fido_cred_x5c_len.3
-/usr/share/man/man3/fido_cred_set.3 /usr/share/man/man3/fido_cred_set_authdata.3
-/usr/share/man/man3/fido_cred_set.3 /usr/share/man/man3/fido_cred_set_x509.3
-/usr/share/man/man3/fido_cred_set.3 /usr/share/man/man3/fido_cred_set_sig.3
-/usr/share/man/man3/fido_cred_set.3 /usr/share/man/man3/fido_cred_set_clientdata_hash.3
-/usr/share/man/man3/fido_cred_set.3 /usr/share/man/man3/fido_cred_set_rp.3
-/usr/share/man/man3/fido_cred_set.3 /usr/share/man/man3/fido_cred_set_user.3
-/usr/share/man/man3/fido_cred_set.3 /usr/share/man/man3/fido_cred_set_options.3
-/usr/share/man/man3/fido_cred_set.3 /usr/share/man/man3/fido_cred_set_fmt.3
-/usr/share/man/man3/fido_cred_set.3 /usr/share/man/man3/fido_cred_set_type.3
-/usr/share/man/man3/fido_dev_info_manifest.3 /usr/share/man/man3/fido_dev_info_new.3
+/usr/share/man/man3/eddsa_pk_new.3 /usr/share/man/man3/eddsa_pk_free.3
+/usr/share/man/man3/eddsa_pk_new.3 /usr/share/man/man3/eddsa_pk_from_ptr.3
+/usr/share/man/man3/eddsa_pk_new.3 /usr/share/man/man3/eddsa_pk_to_EVP_PKEY.3
+/usr/share/man/man3/es256_pk_new.3 /usr/share/man/man3/es256_pk_free.3
+/usr/share/man/man3/es256_pk_new.3 /usr/share/man/man3/es256_pk_from_EC_KEY.3
+/usr/share/man/man3/es256_pk_new.3 /usr/share/man/man3/es256_pk_from_ptr.3
+/usr/share/man/man3/es256_pk_new.3 /usr/share/man/man3/es256_pk_to_EVP_PKEY.3
+/usr/share/man/man3/fido_assert_new.3 /usr/share/man/man3/fido_assert_authdata_len.3
+/usr/share/man/man3/fido_assert_new.3 /usr/share/man/man3/fido_assert_authdata_ptr.3
+/usr/share/man/man3/fido_assert_new.3 /usr/share/man/man3/fido_assert_clientdata_hash_len.3
+/usr/share/man/man3/fido_assert_new.3 /usr/share/man/man3/fido_assert_clientdata_hash_ptr.3
+/usr/share/man/man3/fido_assert_new.3 /usr/share/man/man3/fido_assert_count.3
+/usr/share/man/man3/fido_assert_new.3 /usr/share/man/man3/fido_assert_free.3
+/usr/share/man/man3/fido_assert_new.3 /usr/share/man/man3/fido_assert_hmac_secret_len.3
+/usr/share/man/man3/fido_assert_new.3 /usr/share/man/man3/fido_assert_hmac_secret_ptr.3
+/usr/share/man/man3/fido_assert_new.3 /usr/share/man/man3/fido_assert_sigcount.3
+/usr/share/man/man3/fido_assert_new.3 /usr/share/man/man3/fido_assert_sig_len.3
+/usr/share/man/man3/fido_assert_new.3 /usr/share/man/man3/fido_assert_sig_ptr.3
+/usr/share/man/man3/fido_assert_new.3 /usr/share/man/man3/fido_assert_user_display_name.3
+/usr/share/man/man3/fido_assert_new.3 /usr/share/man/man3/fido_assert_user_icon.3
+/usr/share/man/man3/fido_assert_new.3 /usr/share/man/man3/fido_assert_user_id_len.3
+/usr/share/man/man3/fido_assert_new.3 /usr/share/man/man3/fido_assert_user_id_ptr.3
+/usr/share/man/man3/fido_assert_new.3 /usr/share/man/man3/fido_assert_user_name.3
+/usr/share/man/man3/fido_assert_set_authdata.3 /usr/share/man/man3/fido_assert_set_clientdata_hash.3
+/usr/share/man/man3/fido_assert_set_authdata.3 /usr/share/man/man3/fido_assert_set_count.3
+/usr/share/man/man3/fido_assert_set_authdata.3 /usr/share/man/man3/fido_assert_set_extensions.3
+/usr/share/man/man3/fido_assert_set_authdata.3 /usr/share/man/man3/fido_assert_set_hmac_salt.3
+/usr/share/man/man3/fido_assert_set_authdata.3 /usr/share/man/man3/fido_assert_set_rp.3
+/usr/share/man/man3/fido_assert_set_authdata.3 /usr/share/man/man3/fido_assert_set_sig.3
+/usr/share/man/man3/fido_assert_set_authdata.3 /usr/share/man/man3/fido_assert_set_up.3
+/usr/share/man/man3/fido_assert_set_authdata.3 /usr/share/man/man3/fido_assert_set_uv.3
+/usr/share/man/man3/fido_bio_dev_get_info.3 /usr/share/man/man3/fido_bio_dev_enroll_begin.3
+/usr/share/man/man3/fido_bio_dev_get_info.3 /usr/share/man/man3/fido_bio_dev_enroll_cancel.3
+/usr/share/man/man3/fido_bio_dev_get_info.3 /usr/share/man/man3/fido_bio_dev_enroll_continue.3
+/usr/share/man/man3/fido_bio_dev_get_info.3 /usr/share/man/man3/fido_bio_dev_enroll_remove.3
+/usr/share/man/man3/fido_bio_dev_get_info.3 /usr/share/man/man3/fido_bio_dev_get_template_array.3
+/usr/share/man/man3/fido_bio_dev_get_info.3 /usr/share/man/man3/fido_bio_dev_set_template_name.3
+/usr/share/man/man3/fido_bio_enroll_new.3 /usr/share/man/man3/fido_bio_enroll_free.3
+/usr/share/man/man3/fido_bio_enroll_new.3 /usr/share/man/man3/fido_bio_enroll_last_status.3
+/usr/share/man/man3/fido_bio_enroll_new.3 /usr/share/man/man3/fido_bio_enroll_remaining_samples.3
+/usr/share/man/man3/fido_bio_info_new.3 /usr/share/man/man3/fido_bio_info_free.3
+/usr/share/man/man3/fido_bio_info_new.3 /usr/share/man/man3/fido_bio_info_max_samples.3
+/usr/share/man/man3/fido_bio_info_new.3 /usr/share/man/man3/fido_bio_info_type.3
+/usr/share/man/man3/fido_bio_template.3 /usr/share/man/man3/fido_bio_template_array_count.3
+/usr/share/man/man3/fido_bio_template.3 /usr/share/man/man3/fido_bio_template_array_free.3
+/usr/share/man/man3/fido_bio_template.3 /usr/share/man/man3/fido_bio_template_array_new.3
+/usr/share/man/man3/fido_bio_template.3 /usr/share/man/man3/fido_bio_template_free.3
+/usr/share/man/man3/fido_bio_template.3 /usr/share/man/man3/fido_bio_template_id_len.3
+/usr/share/man/man3/fido_bio_template.3 /usr/share/man/man3/fido_bio_template_id_ptr.3
+/usr/share/man/man3/fido_bio_template.3 /usr/share/man/man3/fido_bio_template_name.3
+/usr/share/man/man3/fido_bio_template.3 /usr/share/man/man3/fido_bio_template_new.3
+/usr/share/man/man3/fido_bio_template.3 /usr/share/man/man3/fido_bio_template_set_id.3
+/usr/share/man/man3/fido_bio_template.3 /usr/share/man/man3/fido_bio_template_set_name.3
+/usr/share/man/man3/fido_cbor_info_new.3 /usr/share/man/man3/fido_cbor_info_aaguid_len.3
+/usr/share/man/man3/fido_cbor_info_new.3 /usr/share/man/man3/fido_cbor_info_aaguid_ptr.3
+/usr/share/man/man3/fido_cbor_info_new.3 /usr/share/man/man3/fido_cbor_info_extensions_len.3
+/usr/share/man/man3/fido_cbor_info_new.3 /usr/share/man/man3/fido_cbor_info_extensions_ptr.3
+/usr/share/man/man3/fido_cbor_info_new.3 /usr/share/man/man3/fido_cbor_info_free.3
+/usr/share/man/man3/fido_cbor_info_new.3 /usr/share/man/man3/fido_cbor_info_maxmsgsiz.3
+/usr/share/man/man3/fido_cbor_info_new.3 /usr/share/man/man3/fido_cbor_info_options_len.3
+/usr/share/man/man3/fido_cbor_info_new.3 /usr/share/man/man3/fido_cbor_info_options_name_ptr.3
+/usr/share/man/man3/fido_cbor_info_new.3 /usr/share/man/man3/fido_cbor_info_options_value_ptr.3
+/usr/share/man/man3/fido_cbor_info_new.3 /usr/share/man/man3/fido_cbor_info_protocols_len.3
+/usr/share/man/man3/fido_cbor_info_new.3 /usr/share/man/man3/fido_cbor_info_protocols_ptr.3
+/usr/share/man/man3/fido_cbor_info_new.3 /usr/share/man/man3/fido_cbor_info_versions_len.3
+/usr/share/man/man3/fido_cbor_info_new.3 /usr/share/man/man3/fido_cbor_info_versions_ptr.3
+/usr/share/man/man3/fido_cbor_info_new.3 /usr/share/man/man3/fido_dev_get_cbor_info.3
+/usr/share/man/man3/fido_cred_new.3 /usr/share/man/man3/fido_cred_authdata_len.3
+/usr/share/man/man3/fido_cred_new.3 /usr/share/man/man3/fido_cred_authdata_ptr.3
+/usr/share/man/man3/fido_cred_new.3 /usr/share/man/man3/fido_cred_clientdata_hash_len.3
+/usr/share/man/man3/fido_cred_new.3 /usr/share/man/man3/fido_cred_clientdata_hash_ptr.3
+/usr/share/man/man3/fido_cred_new.3 /usr/share/man/man3/fido_cred_fmt.3
+/usr/share/man/man3/fido_cred_new.3 /usr/share/man/man3/fido_cred_free.3
+/usr/share/man/man3/fido_cred_new.3 /usr/share/man/man3/fido_cred_id_len.3
+/usr/share/man/man3/fido_cred_new.3 /usr/share/man/man3/fido_cred_id_ptr.3
+/usr/share/man/man3/fido_cred_new.3 /usr/share/man/man3/fido_cred_prot.3
+/usr/share/man/man3/fido_cred_new.3 /usr/share/man/man3/fido_cred_pubkey_len.3
+/usr/share/man/man3/fido_cred_new.3 /usr/share/man/man3/fido_cred_pubkey_ptr.3
+/usr/share/man/man3/fido_cred_new.3 /usr/share/man/man3/fido_cred_sig_len.3
+/usr/share/man/man3/fido_cred_new.3 /usr/share/man/man3/fido_cred_sig_ptr.3
+/usr/share/man/man3/fido_cred_new.3 /usr/share/man/man3/fido_cred_x5c_len.3
+/usr/share/man/man3/fido_cred_new.3 /usr/share/man/man3/fido_cred_x5c_ptr.3
+/usr/share/man/man3/fido_credman_metadata_new.3 /usr/share/man/man3/fido_credman_del_dev_rk.3
+/usr/share/man/man3/fido_credman_metadata_new.3 /usr/share/man/man3/fido_credman_get_dev_metadata.3
+/usr/share/man/man3/fido_credman_metadata_new.3 /usr/share/man/man3/fido_credman_get_dev_rk.3
+/usr/share/man/man3/fido_credman_metadata_new.3 /usr/share/man/man3/fido_credman_get_dev_rp.3
+/usr/share/man/man3/fido_credman_metadata_new.3 /usr/share/man/man3/fido_credman_metadata_free.3
+/usr/share/man/man3/fido_credman_metadata_new.3 /usr/share/man/man3/fido_credman_rk.3
+/usr/share/man/man3/fido_credman_metadata_new.3 /usr/share/man/man3/fido_credman_rk_count.3
+/usr/share/man/man3/fido_credman_metadata_new.3 /usr/share/man/man3/fido_credman_rk_existing.3
+/usr/share/man/man3/fido_credman_metadata_new.3 /usr/share/man/man3/fido_credman_rk_free.3
+/usr/share/man/man3/fido_credman_metadata_new.3 /usr/share/man/man3/fido_credman_rk_new.3
+/usr/share/man/man3/fido_credman_metadata_new.3 /usr/share/man/man3/fido_credman_rk_remaining.3
+/usr/share/man/man3/fido_credman_metadata_new.3 /usr/share/man/man3/fido_credman_rp_count.3
+/usr/share/man/man3/fido_credman_metadata_new.3 /usr/share/man/man3/fido_credman_rp_free.3
+/usr/share/man/man3/fido_credman_metadata_new.3 /usr/share/man/man3/fido_credman_rp_id.3
+/usr/share/man/man3/fido_credman_metadata_new.3 /usr/share/man/man3/fido_credman_rp_id_hash_len.3
+/usr/share/man/man3/fido_credman_metadata_new.3 /usr/share/man/man3/fido_credman_rp_id_hash_ptr.3
+/usr/share/man/man3/fido_credman_metadata_new.3 /usr/share/man/man3/fido_credman_rp_name.3
+/usr/share/man/man3/fido_credman_metadata_new.3 /usr/share/man/man3/fido_credman_rp_new.3
+/usr/share/man/man3/fido_cred_set_authdata.3 /usr/share/man/man3/fido_cred_set_authdata_raw.3
+/usr/share/man/man3/fido_cred_set_authdata.3 /usr/share/man/man3/fido_cred_set_clientdata_hash.3
+/usr/share/man/man3/fido_cred_set_authdata.3 /usr/share/man/man3/fido_cred_set_extensions.3
+/usr/share/man/man3/fido_cred_set_authdata.3 /usr/share/man/man3/fido_cred_set_fmt.3
+/usr/share/man/man3/fido_cred_set_authdata.3 /usr/share/man/man3/fido_cred_set_prot.3
+/usr/share/man/man3/fido_cred_set_authdata.3 /usr/share/man/man3/fido_cred_set_rk.3
+/usr/share/man/man3/fido_cred_set_authdata.3 /usr/share/man/man3/fido_cred_set_rp.3
+/usr/share/man/man3/fido_cred_set_authdata.3 /usr/share/man/man3/fido_cred_set_sig.3
+/usr/share/man/man3/fido_cred_set_authdata.3 /usr/share/man/man3/fido_cred_set_type.3
+/usr/share/man/man3/fido_cred_set_authdata.3 /usr/share/man/man3/fido_cred_set_user.3
+/usr/share/man/man3/fido_cred_set_authdata.3 /usr/share/man/man3/fido_cred_set_uv.3
+/usr/share/man/man3/fido_cred_set_authdata.3 /usr/share/man/man3/fido_cred_set_x509.3
 /usr/share/man/man3/fido_dev_info_manifest.3 /usr/share/man/man3/fido_dev_info_free.3
-/usr/share/man/man3/fido_dev_info_manifest.3 /usr/share/man/man3/fido_dev_info_ptr.3
+/usr/share/man/man3/fido_dev_info_manifest.3 /usr/share/man/man3/fido_dev_info_manufacturer_string.3
+/usr/share/man/man3/fido_dev_info_manifest.3 /usr/share/man/man3/fido_dev_info_new.3
 /usr/share/man/man3/fido_dev_info_manifest.3 /usr/share/man/man3/fido_dev_info_path.3
 /usr/share/man/man3/fido_dev_info_manifest.3 /usr/share/man/man3/fido_dev_info_product.3
-/usr/share/man/man3/fido_dev_info_manifest.3 /usr/share/man/man3/fido_dev_info_vendor.3
-/usr/share/man/man3/fido_dev_info_manifest.3 /usr/share/man/man3/fido_dev_info_manufacturer_string.3
 /usr/share/man/man3/fido_dev_info_manifest.3 /usr/share/man/man3/fido_dev_info_product_string.3
+/usr/share/man/man3/fido_dev_info_manifest.3 /usr/share/man/man3/fido_dev_info_ptr.3
+/usr/share/man/man3/fido_dev_info_manifest.3 /usr/share/man/man3/fido_dev_info_vendor.3
+/usr/share/man/man3/fido_dev_open.3 /usr/share/man/man3/fido_dev_build.3
+/usr/share/man/man3/fido_dev_open.3 /usr/share/man/man3/fido_dev_cancel.3
 /usr/share/man/man3/fido_dev_open.3 /usr/share/man/man3/fido_dev_close.3
-/usr/share/man/man3/fido_dev_open.3 /usr/share/man/man3/fido_dev_new.3
+/usr/share/man/man3/fido_dev_open.3 /usr/share/man/man3/fido_dev_flags.3
+/usr/share/man/man3/fido_dev_open.3 /usr/share/man/man3/fido_dev_force_fido2.3
+/usr/share/man/man3/fido_dev_open.3 /usr/share/man/man3/fido_dev_force_u2f.3
 /usr/share/man/man3/fido_dev_open.3 /usr/share/man/man3/fido_dev_free.3
 /usr/share/man/man3/fido_dev_open.3 /usr/share/man/man3/fido_dev_is_fido2.3
-/usr/share/man/man3/fido_dev_open.3 /usr/share/man/man3/fido_dev_protocol.3
-/usr/share/man/man3/fido_dev_open.3 /usr/share/man/man3/fido_dev_build.3
-/usr/share/man/man3/fido_dev_open.3 /usr/share/man/man3/fido_dev_flags.3
 /usr/share/man/man3/fido_dev_open.3 /usr/share/man/man3/fido_dev_major.3
 /usr/share/man/man3/fido_dev_open.3 /usr/share/man/man3/fido_dev_minor.3
+/usr/share/man/man3/fido_dev_open.3 /usr/share/man/man3/fido_dev_new.3
+/usr/share/man/man3/fido_dev_open.3 /usr/share/man/man3/fido_dev_protocol.3
 /usr/share/man/man3/fido_dev_set_pin.3 /usr/share/man/man3/fido_dev_get_retry_count.3
 /usr/share/man/man3/fido_dev_set_pin.3 /usr/share/man/man3/fido_dev_reset.3
-/usr/share/man/man3/rs256_pk.3 /usr/share/man/man3/rs256_pk_new.3
-/usr/share/man/man3/rs256_pk.3 /usr/share/man/man3/rs256_pk_free.3
-/usr/share/man/man3/rs256_pk.3 /usr/share/man/man3/rs256_pk_from_RSA.3
-/usr/share/man/man3/rs256_pk.3 /usr/share/man/man3/rs256_pk_from_ptr.3
-/usr/share/man/man3/rs256_pk.3 /usr/share/man/man3/rs256_pk_to_EVP_PKEY.3
-/usr/share/doc/libfido2/es256_pk.html /usr/share/doc/libfido2/es256_pk_new.html
-/usr/share/doc/libfido2/es256_pk.html /usr/share/doc/libfido2/es256_pk_free.html
-/usr/share/doc/libfido2/es256_pk.html /usr/share/doc/libfido2/es256_pk_from_EC_KEY.html
-/usr/share/doc/libfido2/es256_pk.html /usr/share/doc/libfido2/es256_pk_from_ptr.html
-/usr/share/doc/libfido2/es256_pk.html /usr/share/doc/libfido2/es256_pk_to_EVP_PKEY.html
-/usr/share/doc/libfido2/fido.html /usr/share/doc/libfido2/fido_init.html
-/usr/share/doc/libfido2/fido_assert.html /usr/share/doc/libfido2/fido_assert_new.html
-/usr/share/doc/libfido2/fido_assert.html /usr/share/doc/libfido2/fido_assert_free.html
-/usr/share/doc/libfido2/fido_assert.html /usr/share/doc/libfido2/fido_assert_count.html
-/usr/share/doc/libfido2/fido_assert.html /usr/share/doc/libfido2/fido_assert_user_display_name.html
-/usr/share/doc/libfido2/fido_assert.html /usr/share/doc/libfido2/fido_assert_user_icon.html
-/usr/share/doc/libfido2/fido_assert.html /usr/share/doc/libfido2/fido_assert_user_name.html
-/usr/share/doc/libfido2/fido_assert.html /usr/share/doc/libfido2/fido_assert_authdata_ptr.html
-/usr/share/doc/libfido2/fido_assert.html /usr/share/doc/libfido2/fido_assert_clientdata_hash_ptr.html
-/usr/share/doc/libfido2/fido_assert.html /usr/share/doc/libfido2/fido_assert_user_id_ptr.html
-/usr/share/doc/libfido2/fido_assert.html /usr/share/doc/libfido2/fido_assert_sig_ptr.html
-/usr/share/doc/libfido2/fido_assert.html /usr/share/doc/libfido2/fido_assert_authdata_len.html
-/usr/share/doc/libfido2/fido_assert.html /usr/share/doc/libfido2/fido_assert_clientdata_hash_len.html
-/usr/share/doc/libfido2/fido_assert.html /usr/share/doc/libfido2/fido_assert_user_id_len.html
-/usr/share/doc/libfido2/fido_assert.html /usr/share/doc/libfido2/fido_assert_sig_len.html
-/usr/share/doc/libfido2/fido_assert_set.html /usr/share/doc/libfido2/fido_assert_set_authdata.html
-/usr/share/doc/libfido2/fido_assert_set.html /usr/share/doc/libfido2/fido_assert_set_clientdata_hash.html
-/usr/share/doc/libfido2/fido_assert_set.html /usr/share/doc/libfido2/fido_assert_set_count.html
-/usr/share/doc/libfido2/fido_assert_set.html /usr/share/doc/libfido2/fido_assert_set_options.html
-/usr/share/doc/libfido2/fido_assert_set.html /usr/share/doc/libfido2/fido_assert_set_rp.html
-/usr/share/doc/libfido2/fido_assert_set.html /usr/share/doc/libfido2/fido_assert_set_sig.html
-/usr/share/doc/libfido2/fido_cred.html /usr/share/doc/libfido2/fido_cred_new.html
-/usr/share/doc/libfido2/fido_cred.html /usr/share/doc/libfido2/fido_cred_free.html
-/usr/share/doc/libfido2/fido_cred.html /usr/share/doc/libfido2/fido_cred_fmt.html
-/usr/share/doc/libfido2/fido_cred.html /usr/share/doc/libfido2/fido_cred_authdata_ptr.html
-/usr/share/doc/libfido2/fido_cred.html /usr/share/doc/libfido2/fido_cred_clientdata_hash_ptr.html
-/usr/share/doc/libfido2/fido_cred.html /usr/share/doc/libfido2/fido_cred_id_ptr.html
-/usr/share/doc/libfido2/fido_cred.html /usr/share/doc/libfido2/fido_cred_pubkey_ptr.html
-/usr/share/doc/libfido2/fido_cred.html /usr/share/doc/libfido2/fido_cred_sig_ptr.html
-/usr/share/doc/libfido2/fido_cred.html /usr/share/doc/libfido2/fido_cred_x5c_ptr.html
-/usr/share/doc/libfido2/fido_cred.html /usr/share/doc/libfido2/fido_cred_authdata_len.html
-/usr/share/doc/libfido2/fido_cred.html /usr/share/doc/libfido2/fido_cred_clientdata_hash_len.html
-/usr/share/doc/libfido2/fido_cred.html /usr/share/doc/libfido2/fido_cred_id_len.html
-/usr/share/doc/libfido2/fido_cred.html /usr/share/doc/libfido2/fido_cred_pubkey_len.html
-/usr/share/doc/libfido2/fido_cred.html /usr/share/doc/libfido2/fido_cred_sig_len.html
-/usr/share/doc/libfido2/fido_cred.html /usr/share/doc/libfido2/fido_cred_x5c_len.html
-/usr/share/doc/libfido2/fido_cred_set.html /usr/share/doc/libfido2/fido_cred_set_authdata.html
-/usr/share/doc/libfido2/fido_cred_set.html /usr/share/doc/libfido2/fido_cred_set_x509.html
-/usr/share/doc/libfido2/fido_cred_set.html /usr/share/doc/libfido2/fido_cred_set_sig.html
-/usr/share/doc/libfido2/fido_cred_set.html /usr/share/doc/libfido2/fido_cred_set_clientdata_hash.html
-/usr/share/doc/libfido2/fido_cred_set.html /usr/share/doc/libfido2/fido_cred_set_rp.html
-/usr/share/doc/libfido2/fido_cred_set.html /usr/share/doc/libfido2/fido_cred_set_user.html
-/usr/share/doc/libfido2/fido_cred_set.html /usr/share/doc/libfido2/fido_cred_set_options.html
-/usr/share/doc/libfido2/fido_cred_set.html /usr/share/doc/libfido2/fido_cred_set_fmt.html
-/usr/share/doc/libfido2/fido_cred_set.html /usr/share/doc/libfido2/fido_cred_set_type.html
-/usr/share/doc/libfido2/fido_dev_info_manifest.html /usr/share/doc/libfido2/fido_dev_info_new.html
+/usr/share/man/man3/rs256_pk_new.3 /usr/share/man/man3/rs256_pk_free.3
+/usr/share/man/man3/rs256_pk_new.3 /usr/share/man/man3/rs256_pk_from_ptr.3
+/usr/share/man/man3/rs256_pk_new.3 /usr/share/man/man3/rs256_pk_from_RSA.3
+/usr/share/man/man3/rs256_pk_new.3 /usr/share/man/man3/rs256_pk_to_EVP_PKEY.3
+/usr/share/doc/libfido2/eddsa_pk_new.html /usr/share/doc/libfido2/eddsa_pk_free.html
+/usr/share/doc/libfido2/eddsa_pk_new.html /usr/share/doc/libfido2/eddsa_pk_from_ptr.html
+/usr/share/doc/libfido2/eddsa_pk_new.html /usr/share/doc/libfido2/eddsa_pk_to_EVP_PKEY.html
+/usr/share/doc/libfido2/es256_pk_new.html /usr/share/doc/libfido2/es256_pk_free.html
+/usr/share/doc/libfido2/es256_pk_new.html /usr/share/doc/libfido2/es256_pk_from_EC_KEY.html
+/usr/share/doc/libfido2/es256_pk_new.html /usr/share/doc/libfido2/es256_pk_from_ptr.html
+/usr/share/doc/libfido2/es256_pk_new.html /usr/share/doc/libfido2/es256_pk_to_EVP_PKEY.html
+/usr/share/doc/libfido2/fido_assert_new.html /usr/share/doc/libfido2/fido_assert_authdata_len.html
+/usr/share/doc/libfido2/fido_assert_new.html /usr/share/doc/libfido2/fido_assert_authdata_ptr.html
+/usr/share/doc/libfido2/fido_assert_new.html /usr/share/doc/libfido2/fido_assert_clientdata_hash_len.html
+/usr/share/doc/libfido2/fido_assert_new.html /usr/share/doc/libfido2/fido_assert_clientdata_hash_ptr.html
+/usr/share/doc/libfido2/fido_assert_new.html /usr/share/doc/libfido2/fido_assert_count.html
+/usr/share/doc/libfido2/fido_assert_new.html /usr/share/doc/libfido2/fido_assert_free.html
+/usr/share/doc/libfido2/fido_assert_new.html /usr/share/doc/libfido2/fido_assert_hmac_secret_len.html
+/usr/share/doc/libfido2/fido_assert_new.html /usr/share/doc/libfido2/fido_assert_hmac_secret_ptr.html
+/usr/share/doc/libfido2/fido_assert_new.html /usr/share/doc/libfido2/fido_assert_sigcount.html
+/usr/share/doc/libfido2/fido_assert_new.html /usr/share/doc/libfido2/fido_assert_sig_len.html
+/usr/share/doc/libfido2/fido_assert_new.html /usr/share/doc/libfido2/fido_assert_sig_ptr.html
+/usr/share/doc/libfido2/fido_assert_new.html /usr/share/doc/libfido2/fido_assert_user_display_name.html
+/usr/share/doc/libfido2/fido_assert_new.html /usr/share/doc/libfido2/fido_assert_user_icon.html
+/usr/share/doc/libfido2/fido_assert_new.html /usr/share/doc/libfido2/fido_assert_user_id_len.html
+/usr/share/doc/libfido2/fido_assert_new.html /usr/share/doc/libfido2/fido_assert_user_id_ptr.html
+/usr/share/doc/libfido2/fido_assert_new.html /usr/share/doc/libfido2/fido_assert_user_name.html
+/usr/share/doc/libfido2/fido_assert_set_authdata.html /usr/share/doc/libfido2/fido_assert_set_clientdata_hash.html
+/usr/share/doc/libfido2/fido_assert_set_authdata.html /usr/share/doc/libfido2/fido_assert_set_count.html
+/usr/share/doc/libfido2/fido_assert_set_authdata.html /usr/share/doc/libfido2/fido_assert_set_extensions.html
+/usr/share/doc/libfido2/fido_assert_set_authdata.html /usr/share/doc/libfido2/fido_assert_set_hmac_salt.html
+/usr/share/doc/libfido2/fido_assert_set_authdata.html /usr/share/doc/libfido2/fido_assert_set_rp.html
+/usr/share/doc/libfido2/fido_assert_set_authdata.html /usr/share/doc/libfido2/fido_assert_set_sig.html
+/usr/share/doc/libfido2/fido_assert_set_authdata.html /usr/share/doc/libfido2/fido_assert_set_up.html
+/usr/share/doc/libfido2/fido_assert_set_authdata.html /usr/share/doc/libfido2/fido_assert_set_uv.html
+/usr/share/doc/libfido2/fido_bio_dev_get_info.html /usr/share/doc/libfido2/fido_bio_dev_enroll_begin.html
+/usr/share/doc/libfido2/fido_bio_dev_get_info.html /usr/share/doc/libfido2/fido_bio_dev_enroll_cancel.html
+/usr/share/doc/libfido2/fido_bio_dev_get_info.html /usr/share/doc/libfido2/fido_bio_dev_enroll_continue.html
+/usr/share/doc/libfido2/fido_bio_dev_get_info.html /usr/share/doc/libfido2/fido_bio_dev_enroll_remove.html
+/usr/share/doc/libfido2/fido_bio_dev_get_info.html /usr/share/doc/libfido2/fido_bio_dev_get_template_array.html
+/usr/share/doc/libfido2/fido_bio_dev_get_info.html /usr/share/doc/libfido2/fido_bio_dev_set_template_name.html
+/usr/share/doc/libfido2/fido_bio_enroll_new.html /usr/share/doc/libfido2/fido_bio_enroll_free.html
+/usr/share/doc/libfido2/fido_bio_enroll_new.html /usr/share/doc/libfido2/fido_bio_enroll_last_status.html
+/usr/share/doc/libfido2/fido_bio_enroll_new.html /usr/share/doc/libfido2/fido_bio_enroll_remaining_samples.html
+/usr/share/doc/libfido2/fido_bio_info_new.html /usr/share/doc/libfido2/fido_bio_info_free.html
+/usr/share/doc/libfido2/fido_bio_info_new.html /usr/share/doc/libfido2/fido_bio_info_max_samples.html
+/usr/share/doc/libfido2/fido_bio_info_new.html /usr/share/doc/libfido2/fido_bio_info_type.html
+/usr/share/doc/libfido2/fido_bio_template.html /usr/share/doc/libfido2/fido_bio_template_array_count.html
+/usr/share/doc/libfido2/fido_bio_template.html /usr/share/doc/libfido2/fido_bio_template_array_free.html
+/usr/share/doc/libfido2/fido_bio_template.html /usr/share/doc/libfido2/fido_bio_template_array_new.html
+/usr/share/doc/libfido2/fido_bio_template.html /usr/share/doc/libfido2/fido_bio_template_free.html
+/usr/share/doc/libfido2/fido_bio_template.html /usr/share/doc/libfido2/fido_bio_template_id_len.html
+/usr/share/doc/libfido2/fido_bio_template.html /usr/share/doc/libfido2/fido_bio_template_id_ptr.html
+/usr/share/doc/libfido2/fido_bio_template.html /usr/share/doc/libfido2/fido_bio_template_name.html
+/usr/share/doc/libfido2/fido_bio_template.html /usr/share/doc/libfido2/fido_bio_template_new.html
+/usr/share/doc/libfido2/fido_bio_template.html /usr/share/doc/libfido2/fido_bio_template_set_id.html
+/usr/share/doc/libfido2/fido_bio_template.html /usr/share/doc/libfido2/fido_bio_template_set_name.html
+/usr/share/doc/libfido2/fido_cbor_info_new.html /usr/share/doc/libfido2/fido_cbor_info_aaguid_len.html
+/usr/share/doc/libfido2/fido_cbor_info_new.html /usr/share/doc/libfido2/fido_cbor_info_aaguid_ptr.html
+/usr/share/doc/libfido2/fido_cbor_info_new.html /usr/share/doc/libfido2/fido_cbor_info_extensions_len.html
+/usr/share/doc/libfido2/fido_cbor_info_new.html /usr/share/doc/libfido2/fido_cbor_info_extensions_ptr.html
+/usr/share/doc/libfido2/fido_cbor_info_new.html /usr/share/doc/libfido2/fido_cbor_info_free.html
+/usr/share/doc/libfido2/fido_cbor_info_new.html /usr/share/doc/libfido2/fido_cbor_info_maxmsgsiz.html
+/usr/share/doc/libfido2/fido_cbor_info_new.html /usr/share/doc/libfido2/fido_cbor_info_options_len.html
+/usr/share/doc/libfido2/fido_cbor_info_new.html /usr/share/doc/libfido2/fido_cbor_info_options_name_ptr.html
+/usr/share/doc/libfido2/fido_cbor_info_new.html /usr/share/doc/libfido2/fido_cbor_info_options_value_ptr.html
+/usr/share/doc/libfido2/fido_cbor_info_new.html /usr/share/doc/libfido2/fido_cbor_info_protocols_len.html
+/usr/share/doc/libfido2/fido_cbor_info_new.html /usr/share/doc/libfido2/fido_cbor_info_protocols_ptr.html
+/usr/share/doc/libfido2/fido_cbor_info_new.html /usr/share/doc/libfido2/fido_cbor_info_versions_len.html
+/usr/share/doc/libfido2/fido_cbor_info_new.html /usr/share/doc/libfido2/fido_cbor_info_versions_ptr.html
+/usr/share/doc/libfido2/fido_cbor_info_new.html /usr/share/doc/libfido2/fido_dev_get_cbor_info.html
+/usr/share/doc/libfido2/fido_cred_new.html /usr/share/doc/libfido2/fido_cred_authdata_len.html
+/usr/share/doc/libfido2/fido_cred_new.html /usr/share/doc/libfido2/fido_cred_authdata_ptr.html
+/usr/share/doc/libfido2/fido_cred_new.html /usr/share/doc/libfido2/fido_cred_clientdata_hash_len.html
+/usr/share/doc/libfido2/fido_cred_new.html /usr/share/doc/libfido2/fido_cred_clientdata_hash_ptr.html
+/usr/share/doc/libfido2/fido_cred_new.html /usr/share/doc/libfido2/fido_cred_fmt.html
+/usr/share/doc/libfido2/fido_cred_new.html /usr/share/doc/libfido2/fido_cred_free.html
+/usr/share/doc/libfido2/fido_cred_new.html /usr/share/doc/libfido2/fido_cred_id_len.html
+/usr/share/doc/libfido2/fido_cred_new.html /usr/share/doc/libfido2/fido_cred_id_ptr.html
+/usr/share/doc/libfido2/fido_cred_new.html /usr/share/doc/libfido2/fido_cred_prot.html
+/usr/share/doc/libfido2/fido_cred_new.html /usr/share/doc/libfido2/fido_cred_pubkey_len.html
+/usr/share/doc/libfido2/fido_cred_new.html /usr/share/doc/libfido2/fido_cred_pubkey_ptr.html
+/usr/share/doc/libfido2/fido_cred_new.html /usr/share/doc/libfido2/fido_cred_sig_len.html
+/usr/share/doc/libfido2/fido_cred_new.html /usr/share/doc/libfido2/fido_cred_sig_ptr.html
+/usr/share/doc/libfido2/fido_cred_new.html /usr/share/doc/libfido2/fido_cred_x5c_len.html
+/usr/share/doc/libfido2/fido_cred_new.html /usr/share/doc/libfido2/fido_cred_x5c_ptr.html
+/usr/share/doc/libfido2/fido_credman_metadata_new.html /usr/share/doc/libfido2/fido_credman_del_dev_rk.html
+/usr/share/doc/libfido2/fido_credman_metadata_new.html /usr/share/doc/libfido2/fido_credman_get_dev_metadata.html
+/usr/share/doc/libfido2/fido_credman_metadata_new.html /usr/share/doc/libfido2/fido_credman_get_dev_rk.html
+/usr/share/doc/libfido2/fido_credman_metadata_new.html /usr/share/doc/libfido2/fido_credman_get_dev_rp.html
+/usr/share/doc/libfido2/fido_credman_metadata_new.html /usr/share/doc/libfido2/fido_credman_metadata_free.html
+/usr/share/doc/libfido2/fido_credman_metadata_new.html /usr/share/doc/libfido2/fido_credman_rk.html
+/usr/share/doc/libfido2/fido_credman_metadata_new.html /usr/share/doc/libfido2/fido_credman_rk_count.html
+/usr/share/doc/libfido2/fido_credman_metadata_new.html /usr/share/doc/libfido2/fido_credman_rk_existing.html
+/usr/share/doc/libfido2/fido_credman_metadata_new.html /usr/share/doc/libfido2/fido_credman_rk_free.html
+/usr/share/doc/libfido2/fido_credman_metadata_new.html /usr/share/doc/libfido2/fido_credman_rk_new.html
+/usr/share/doc/libfido2/fido_credman_metadata_new.html /usr/share/doc/libfido2/fido_credman_rk_remaining.html
+/usr/share/doc/libfido2/fido_credman_metadata_new.html /usr/share/doc/libfido2/fido_credman_rp_count.html
+/usr/share/doc/libfido2/fido_credman_metadata_new.html /usr/share/doc/libfido2/fido_credman_rp_free.html
+/usr/share/doc/libfido2/fido_credman_metadata_new.html /usr/share/doc/libfido2/fido_credman_rp_id.html
+/usr/share/doc/libfido2/fido_credman_metadata_new.html /usr/share/doc/libfido2/fido_credman_rp_id_hash_len.html
+/usr/share/doc/libfido2/fido_credman_metadata_new.html /usr/share/doc/libfido2/fido_credman_rp_id_hash_ptr.html
+/usr/share/doc/libfido2/fido_credman_metadata_new.html /usr/share/doc/libfido2/fido_credman_rp_name.html
+/usr/share/doc/libfido2/fido_credman_metadata_new.html /usr/share/doc/libfido2/fido_credman_rp_new.html
+/usr/share/doc/libfido2/fido_cred_set_authdata.html /usr/share/doc/libfido2/fido_cred_set_authdata_raw.html
+/usr/share/doc/libfido2/fido_cred_set_authdata.html /usr/share/doc/libfido2/fido_cred_set_clientdata_hash.html
+/usr/share/doc/libfido2/fido_cred_set_authdata.html /usr/share/doc/libfido2/fido_cred_set_extensions.html
+/usr/share/doc/libfido2/fido_cred_set_authdata.html /usr/share/doc/libfido2/fido_cred_set_fmt.html
+/usr/share/doc/libfido2/fido_cred_set_authdata.html /usr/share/doc/libfido2/fido_cred_set_prot.html
+/usr/share/doc/libfido2/fido_cred_set_authdata.html /usr/share/doc/libfido2/fido_cred_set_rk.html
+/usr/share/doc/libfido2/fido_cred_set_authdata.html /usr/share/doc/libfido2/fido_cred_set_rp.html
+/usr/share/doc/libfido2/fido_cred_set_authdata.html /usr/share/doc/libfido2/fido_cred_set_sig.html
+/usr/share/doc/libfido2/fido_cred_set_authdata.html /usr/share/doc/libfido2/fido_cred_set_type.html
+/usr/share/doc/libfido2/fido_cred_set_authdata.html /usr/share/doc/libfido2/fido_cred_set_user.html
+/usr/share/doc/libfido2/fido_cred_set_authdata.html /usr/share/doc/libfido2/fido_cred_set_uv.html
+/usr/share/doc/libfido2/fido_cred_set_authdata.html /usr/share/doc/libfido2/fido_cred_set_x509.html
 /usr/share/doc/libfido2/fido_dev_info_manifest.html /usr/share/doc/libfido2/fido_dev_info_free.html
-/usr/share/doc/libfido2/fido_dev_info_manifest.html /usr/share/doc/libfido2/fido_dev_info_ptr.html
+/usr/share/doc/libfido2/fido_dev_info_manifest.html /usr/share/doc/libfido2/fido_dev_info_manufacturer_string.html
+/usr/share/doc/libfido2/fido_dev_info_manifest.html /usr/share/doc/libfido2/fido_dev_info_new.html
 /usr/share/doc/libfido2/fido_dev_info_manifest.html /usr/share/doc/libfido2/fido_dev_info_path.html
 /usr/share/doc/libfido2/fido_dev_info_manifest.html /usr/share/doc/libfido2/fido_dev_info_product.html
-/usr/share/doc/libfido2/fido_dev_info_manifest.html /usr/share/doc/libfido2/fido_dev_info_vendor.html
-/usr/share/doc/libfido2/fido_dev_info_manifest.html /usr/share/doc/libfido2/fido_dev_info_docufacturer_string.html
 /usr/share/doc/libfido2/fido_dev_info_manifest.html /usr/share/doc/libfido2/fido_dev_info_product_string.html
+/usr/share/doc/libfido2/fido_dev_info_manifest.html /usr/share/doc/libfido2/fido_dev_info_ptr.html
+/usr/share/doc/libfido2/fido_dev_info_manifest.html /usr/share/doc/libfido2/fido_dev_info_vendor.html
+/usr/share/doc/libfido2/fido_dev_open.html /usr/share/doc/libfido2/fido_dev_build.html
+/usr/share/doc/libfido2/fido_dev_open.html /usr/share/doc/libfido2/fido_dev_cancel.html
 /usr/share/doc/libfido2/fido_dev_open.html /usr/share/doc/libfido2/fido_dev_close.html
-/usr/share/doc/libfido2/fido_dev_open.html /usr/share/doc/libfido2/fido_dev_new.html
+/usr/share/doc/libfido2/fido_dev_open.html /usr/share/doc/libfido2/fido_dev_flags.html
+/usr/share/doc/libfido2/fido_dev_open.html /usr/share/doc/libfido2/fido_dev_force_fido2.html
+/usr/share/doc/libfido2/fido_dev_open.html /usr/share/doc/libfido2/fido_dev_force_u2f.html
 /usr/share/doc/libfido2/fido_dev_open.html /usr/share/doc/libfido2/fido_dev_free.html
 /usr/share/doc/libfido2/fido_dev_open.html /usr/share/doc/libfido2/fido_dev_is_fido2.html
-/usr/share/doc/libfido2/fido_dev_open.html /usr/share/doc/libfido2/fido_dev_protocol.html
-/usr/share/doc/libfido2/fido_dev_open.html /usr/share/doc/libfido2/fido_dev_build.html
-/usr/share/doc/libfido2/fido_dev_open.html /usr/share/doc/libfido2/fido_dev_flags.html
 /usr/share/doc/libfido2/fido_dev_open.html /usr/share/doc/libfido2/fido_dev_major.html
 /usr/share/doc/libfido2/fido_dev_open.html /usr/share/doc/libfido2/fido_dev_minor.html
+/usr/share/doc/libfido2/fido_dev_open.html /usr/share/doc/libfido2/fido_dev_new.html
+/usr/share/doc/libfido2/fido_dev_open.html /usr/share/doc/libfido2/fido_dev_protocol.html
 /usr/share/doc/libfido2/fido_dev_set_pin.html /usr/share/doc/libfido2/fido_dev_get_retry_count.html
 /usr/share/doc/libfido2/fido_dev_set_pin.html /usr/share/doc/libfido2/fido_dev_reset.html
-/usr/share/doc/libfido2/rs256_pk.html /usr/share/doc/libfido2/rs256_pk_new.html
-/usr/share/doc/libfido2/rs256_pk.html /usr/share/doc/libfido2/rs256_pk_free.html
-/usr/share/doc/libfido2/rs256_pk.html /usr/share/doc/libfido2/rs256_pk_from_RSA.html
-/usr/share/doc/libfido2/rs256_pk.html /usr/share/doc/libfido2/rs256_pk_from_ptr.html
-/usr/share/doc/libfido2/rs256_pk.html /usr/share/doc/libfido2/rs256_pk_to_EVP_PKEY.html
+/usr/share/doc/libfido2/rs256_pk_new.html /usr/share/doc/libfido2/rs256_pk_free.html
+/usr/share/doc/libfido2/rs256_pk_new.html /usr/share/doc/libfido2/rs256_pk_from_ptr.html
+/usr/share/doc/libfido2/rs256_pk_new.html /usr/share/doc/libfido2/rs256_pk_from_RSA.html
+/usr/share/doc/libfido2/rs256_pk_new.html /usr/share/doc/libfido2/rs256_pk_to_EVP_PKEY.html
diff --git a/debian/libfido2-dev.manpages b/debian/libfido2-dev.manpages
index 1dab8b8..228a13e 100644
--- a/debian/libfido2-dev.manpages
+++ b/debian/libfido2-dev.manpages
@@ -1,13 +1,19 @@
-man/es256_pk.3
-man/fido.3
-man/fido_assert.3
+man/eddsa_pk_new.3
+man/es256_pk_new.3
+man/fido_init.3
+man/fido_assert_new.3
 man/fido_assert_allow_cred.3
-man/fido_assert_set.3
+man/fido_assert_set_authdata.3
 man/fido_assert_verify.3
-man/fido_cbor_info.3
-man/fido_cred.3
+man/fido_bio_dev_get_info.3
+man/fido_bio_enroll_new.3
+man/fido_bio_info_new.3
+man/fido_bio_template.3
+man/fido_cbor_info_new.3
+man/fido_cred_new.3
 man/fido_cred_exclude.3
-man/fido_cred_set.3
+man/fido_credman_metadata_new.3
+man/fido_cred_set_authdata.3
 man/fido_cred_verify.3
 man/fido_dev_get_assert.3
 man/fido_dev_info_manifest.3
@@ -16,4 +22,4 @@ man/fido_dev_open.3
 man/fido_dev_set_io_functions.3
 man/fido_dev_set_pin.3
 man/fido_strerr.3
-man/rs256_pk.3
+man/rs256_pk_new.3
diff --git a/examples/CMakeLists.txt b/examples/CMakeLists.txt
index 957311e..1203592 100644
--- a/examples/CMakeLists.txt
+++ b/examples/CMakeLists.txt
@@ -8,7 +8,7 @@ list(APPEND COMPAT_SOURCES
         ../openbsd-compat/strlcpy.c
 )
 
-if(WIN32)
+if(WIN32 AND NOT CYGWIN AND NOT MSYS)
         list(APPEND COMPAT_SOURCES ../openbsd-compat/posix_win.c)
 endif()
 
diff --git a/examples/cred.c b/examples/cred.c
index e471f7e..3e0a30f 100644
--- a/examples/cred.c
+++ b/examples/cred.c
@@ -139,6 +139,27 @@ verify_cred(int type, const char *fmt, const unsigned char *authdata_ptr,
         fido_cred_free(&cred);
 }
 
+static fido_dev_t *
+open_from_manifest(const fido_dev_info_t *dev_infos, size_t len,
+    const char *path)
+{
+        size_t i;
+        fido_dev_t *dev;
+
+        for (i = 0; i < len; i++) {
+                const fido_dev_info_t *curr = fido_dev_info_ptr(dev_infos, i);
+                if (path == NULL ||
+                    strcmp(path, fido_dev_info_path(curr)) == 0) {
+                        dev = fido_dev_new_with_info(curr);
+                        if (fido_dev_open_with_info(dev) == FIDO_OK)
+                                return (dev);
+                        fido_dev_free(&dev);
+                }
+        }
+
+        return (NULL);
+}
+
 int
 main(int argc, char **argv)
 {
@@ -150,6 +171,7 @@ main(int argc, char **argv)
         const char      *pin = NULL;
         const char      *key_out = NULL;
         const char      *id_out = NULL;
+        const char      *path = NULL;
         unsigned char   *body = NULL;
         long long        seconds = 0;
         size_t           len;
@@ -157,6 +179,8 @@ main(int argc, char **argv)
         int              ext = 0;
         int              ch;
         int              r;
+        fido_dev_info_t *dev_infos = NULL;
+        size_t           dev_infos_len = 0;
 
         if ((cred = fido_cred_new()) == NULL)
                 errx(1, "fido_cred_new");
@@ -218,19 +242,21 @@ main(int argc, char **argv)
                 }
         }
 
+        fido_init(0);
+
         argc -= optind;
         argv += optind;
 
-        if (argc != 1)
+        if (argc > 1)
                 usage();
+        dev_infos = fido_dev_info_new(16);
+        fido_dev_info_manifest(dev_infos, 16, &dev_infos_len);
+        if (argc == 1)
+                path = argv[0];
 
-        fido_init(0);
-
-        if ((dev = fido_dev_new()) == NULL)
-                errx(1, "fido_dev_new");
+        if ((dev = open_from_manifest(dev_infos, dev_infos_len, path)) == NULL)
+                errx(1, "open_from_manifest");
 
-        if ((r = fido_dev_open(dev, argv[0])) != FIDO_OK)
-                errx(1, "fido_dev_open: %s (0x%x)", fido_strerr(r), r);
         if (u2f)
                 fido_dev_force_u2f(dev);
 
diff --git a/examples/info.c b/examples/info.c
index e79729c..ef0d97e 100644
--- a/examples/info.c
+++ b/examples/info.c
@@ -131,6 +131,15 @@ print_maxmsgsiz(uint64_t maxmsgsiz)
 }
 
 /*
+ * Auxiliary function to print an authenticator's firmware version on stdout.
+ */
+static void
+print_fwversion(uint64_t fwversion)
+{
+        printf("fwversion: 0x%x\n", (int)fwversion);
+}
+
+/*
  * Auxiliary function to print an array of bytes on stdout.
  */
 static void
@@ -190,6 +199,9 @@ getinfo(const char *path)
         /* print maximum message size */
         print_maxmsgsiz(fido_cbor_info_maxmsgsiz(ci));
 
+        /* print firmware version */
+        print_fwversion(fido_cbor_info_fwversion(ci));
+
         /* print supported pin protocols */
         print_byte_array("pin protocols", fido_cbor_info_protocols_ptr(ci),
             fido_cbor_info_protocols_len(ci));
diff --git a/fuzz/CMakeLists.txt b/fuzz/CMakeLists.txt
index ad30aa3..241cdc7 100644
--- a/fuzz/CMakeLists.txt
+++ b/fuzz/CMakeLists.txt
@@ -9,10 +9,8 @@ list(APPEND COMPAT_SOURCES
 
 list(APPEND COMMON_SOURCES
         mutator_aux.c
-        uniform_random.c
 )
 
-
 # fuzz_cred
 add_executable(fuzz_cred fuzz_cred.c ${COMMON_SOURCES} ${COMPAT_SOURCES})
 target_compile_options(fuzz_cred PRIVATE ${FUZZ_LDFLAGS})
diff --git a/fuzz/Dockerfile b/fuzz/Dockerfile
new file mode 100644
index 0000000..68afd99
--- /dev/null
+++ b/fuzz/Dockerfile
@@ -0,0 +1,10 @@
+# Copyright (c) 2019 Yubico AB. All rights reserved.
+# Use of this source code is governed by a BSD-style
+# license that can be found in the LICENSE file.
+
+FROM ubuntu:bionic
+RUN apt-get update
+RUN apt-get install -y clang-9 cmake git libssl-dev libudev-dev make pkg-config
+RUN git clone --branch v0.5.0 https://github.com/PJK/libcbor
+RUN git clone https://github.com/yubico/libfido2
+RUN CC=clang-9 /libfido2/fuzz/build-coverage /libcbor /libfido2
diff --git a/fuzz/Makefile b/fuzz/Makefile
new file mode 100644
index 0000000..c8fe0b8
--- /dev/null
+++ b/fuzz/Makefile
@@ -0,0 +1,78 @@
+# Copyright (c) 2019 Yubico AB. All rights reserved.
+# Use of this source code is governed by a BSD-style
+# license that can be found in the LICENSE file.
+
+IMAGE           := libfido2-coverage:1.3.0
+RUNNER          := libfido2-runner
+PROFDATA        := llvm-profdata-9
+COV             := llvm-cov-9
+TARGETS         := fuzz_assert fuzz_bio fuzz_cred fuzz_credman fuzz_mgmt
+CORPORA         := $(foreach f,${TARGETS},${f}/corpus)
+MINIFY          := $(foreach f,${TARGETS},/minify/${f}/corpus)
+REMOTE          := gs://libfido2-corpus.clusterfuzz-external.appspot.com
+.DEFAULT_GOAL   := all
+
+all: ${TARGETS}
+
+build:
+        docker build -t ${IMAGE} - < Dockerfile
+
+run: build
+        -docker run -it -d --name ${RUNNER} ${IMAGE}
+        docker start ${RUNNER}
+
+sync: run
+        tar Ccf .. - src fuzz | docker exec -i ${RUNNER} tar Cxf /libfido2 -
+        docker exec ${RUNNER} make -C libfido2/build
+
+corpus: sync
+        docker exec ${RUNNER} /bin/bash -c 'cd /libfido2/fuzz && rm -rf ${TARGETS}'
+        docker exec ${RUNNER} tar Czxf /libfido2/fuzz /libfido2/fuzz/corpus.tgz
+
+${TARGETS}: corpus sync
+        docker exec -e LLVM_PROFILE_FILE=/profraw/$@ ${RUNNER} \
+                /bin/bash -c 'rm -f /profraw/$@ && /libfido2/build/fuzz/$@ \
+                -runs=1 /libfido2/fuzz/$@'
+
+${MINIFY}: /minify/%/corpus: %
+        docker exec ${RUNNER} /bin/bash -c 'rm -rf $@ && mkdir -p $@ && \
+                /libfido2/build/fuzz/$< -use_value_profile=1 -merge=1 $@ \
+                /libfido2/fuzz/$</corpus'
+
+corpus.tgz-: ${MINIFY}
+        docker exec -i ${RUNNER} tar Czcf /minify - ${TARGETS} > $@
+
+profdata: run
+        docker exec ${RUNNER} /bin/bash -c 'rm -f /$@ && ${PROFDATA} \
+                merge -sparse profraw/* -o $@'
+
+report.tgz: profdata
+        docker exec ${RUNNER} /bin/bash -c 'rm -rf /report && mkdir /report && \
+                ${COV} show -format=html -tab-size=8 -instr-profile=/$< \
+                -output-dir=/report /libfido2/build/src/libfido2.so'
+        docker exec -i ${RUNNER} tar Czcf / - report > $@
+
+summary.txt: profdata
+        docker exec ${RUNNER} ${COV} report -use-color=false \
+                /libfido2/build/src/libfido2.so -instr-profile=/$< > $@
+
+functions.txt: profdata
+        docker exec ${RUNNER} /bin/bash -c '${COV} report -use-color=false \
+                -show-functions -instr-profile=/$< \
+                /libfido2/build/src/libfido2.so /libfido2/src/*.[ch]' > $@
+
+clean: run
+        docker exec ${RUNNER} /bin/bash -c 'rm -rf /profraw /profdata && \
+                make -C /libfido2/build clean'
+        -docker stop ${RUNNER}
+        rm -rf ${TARGETS}
+
+${CORPORA}:
+        -mkdir -p $@
+        gsutil -q -m rsync -d -r ${REMOTE}/libFuzzer/libfido2_$(@:/corpus=) $@
+
+corpus.tgz: ${CORPORA}
+        tar zcf $@ ${TARGETS}
+
+.PHONY: build run sync corpus ${TARGETS} ${CORPORA}
+.PHONY: report.tgz summary.txt functions.txt
diff --git a/fuzz/README b/fuzz/README
index ecb02bb..42646e4 100644
--- a/fuzz/README
+++ b/fuzz/README
@@ -129,7 +129,7 @@ When running under ASAN, you may want to set ASAN_OPTIONS to
 The recommended way to run the harnesses is:
 
 $ fuzz_{assert,cred,credman,mgmt} -use_value_profile=1 -reload=30 \
-        -print_pcs=1 -print_funcs=30 -timeout=10 -max_len=17408 CORPUS_DIR
+        -print_pcs=1 -print_funcs=30 -timeout=10 CORPUS_DIR
 
 You may want to use -jobs or -workers depending on the number of logical
 cores available for fuzzing.
diff --git a/fuzz/build-coverage b/fuzz/build-coverage
new file mode 100755
index 0000000..af9f8df
--- /dev/null
+++ b/fuzz/build-coverage
@@ -0,0 +1,27 @@
+#!/bin/bash -eux
+#
+# Copyright (c) 2019 Yubico AB. All rights reserved.
+# Use of this source code is governed by a BSD-style
+# license that can be found in the LICENSE file.
+
+LIBCBOR=$1
+LIBFIDO2=$2
+
+CC=${CC:-clang}
+PKG_CONFIG_PATH=${PKG_CONFIG_PATH:-${LIBCBOR}/install/lib/pkgconfig}
+export CC PKG_CONFIG_PATH
+
+# Clean up.
+rm -rf ${LIBCBOR}/build ${LIBCBOR}/install ${LIBFIDO2}/build
+
+# Patch, build, and install libcbor.
+(cd ${LIBCBOR} && patch -N -l -s -p0 < ${LIBFIDO2}/fuzz/README) || true
+mkdir ${LIBCBOR}/build ${LIBCBOR}/install
+(cd ${LIBCBOR}/build && cmake -DCMAKE_INSTALL_PREFIX=${LIBCBOR}/install ..)
+make -C ${LIBCBOR}/build all install
+
+# Build libfido2.
+mkdir -p ${LIBFIDO2}/build
+(cd ${LIBFIDO2}/build && cmake -DFUZZ=1 -DLIBFUZZER=1 -DCOVERAGE=1 \
+        -DCMAKE_BUILD_TYPE=Debug ..)
+make -C ${LIBFIDO2}/build
diff --git a/fuzz/corpus.tgz b/fuzz/corpus.tgz
deleted file mode 100644
index 9da3099..0000000
--- a/fuzz/corpus.tgz
+++ /dev/null
diff --git a/fuzz/dummy.h b/fuzz/dummy.h
new file mode 100644
index 0000000..a899e4a
--- /dev/null
+++ b/fuzz/dummy.h
@@ -0,0 +1,96 @@
+/*
+ * Copyright (c) 2020 Yubico AB. All rights reserved.
+ * Use of this source code is governed by a BSD-style
+ * license that can be found in the LICENSE file.
+ */
+
+#ifndef _DUMMY_H
+#define _DUMMY_H
+
+#include <stdint.h>
+
+const char dummy_name[] = "finger1";
+const char dummy_pin[] = "9}4gT:8d=A37Dh}U";
+const char dummy_rp_id[] = "localhost";
+const char dummy_rp_name[] = "sweet home localhost";
+const char dummy_user_icon[] = "an icon";
+const char dummy_user_name[] = "john smith";
+const char dummy_user_nick[] = "jsmith";
+const uint8_t dummy_id[] = { 0x5e, 0xd2 };
+const char dummy_pin1[] = "skepp cg0u3;Y..";
+const char dummy_pin2[] = "bastilha 6rJrfQZI.";
+
+const uint8_t dummy_user_id[] = {
+        0x78, 0x1c, 0x78, 0x60, 0xad, 0x88, 0xd2, 0x63,
+        0x32, 0x62, 0x2a, 0xf1, 0x74, 0x5d, 0xed, 0xb2,
+        0xe7, 0xa4, 0x2b, 0x44, 0x89, 0x29, 0x39, 0xc5,
+        0x56, 0x64, 0x01, 0x27, 0x0d, 0xbb, 0xc4, 0x49,
+};
+
+const uint8_t dummy_cred_id[] = {
+        0x4f, 0x72, 0x98, 0x42, 0x4a, 0xe1, 0x17, 0xa5,
+        0x85, 0xa0, 0xef, 0x3b, 0x11, 0x24, 0x4a, 0x3d,
+};
+
+const uint8_t dummy_cdh[] = {
+        0xec, 0x8d, 0x8f, 0x78, 0x42, 0x4a, 0x2b, 0xb7,
+        0x82, 0x34, 0xaa, 0xca, 0x07, 0xa1, 0xf6, 0x56,
+        0x42, 0x1c, 0xb6, 0xf6, 0xb3, 0x00, 0x86, 0x52,
+        0x35, 0x2d, 0xa2, 0x62, 0x4a, 0xbe, 0x89, 0x76,
+};
+
+const uint8_t dummy_es256[] = {
+        0xcc, 0x1b, 0x50, 0xac, 0xc4, 0x19, 0xf8, 0x3a,
+        0xee, 0x0a, 0x77, 0xd6, 0xf3, 0x53, 0xdb, 0xef,
+        0xf2, 0xb9, 0x5c, 0x2d, 0x8b, 0x1e, 0x52, 0x58,
+        0x88, 0xf4, 0x0b, 0x85, 0x1f, 0x40, 0x6d, 0x18,
+        0x15, 0xb3, 0xcc, 0x25, 0x7c, 0x38, 0x3d, 0xec,
+        0xdf, 0xad, 0xbd, 0x46, 0x91, 0xc3, 0xac, 0x30,
+        0x94, 0x2a, 0xf7, 0x78, 0x35, 0x70, 0x59, 0x6f,
+        0x28, 0xcb, 0x8e, 0x07, 0x85, 0xb5, 0x91, 0x96,
+};
+
+const uint8_t dummy_rs256[] = {
+        0xd2, 0xa8, 0xc0, 0x11, 0x82, 0x9e, 0x57, 0x2e,
+        0x60, 0xae, 0x8c, 0xb0, 0x09, 0xe1, 0x58, 0x2b,
+        0x99, 0xec, 0xc3, 0x11, 0x1b, 0xef, 0x81, 0x49,
+        0x34, 0x53, 0x6a, 0x01, 0x65, 0x2c, 0x24, 0x09,
+        0x30, 0x87, 0x98, 0x51, 0x6e, 0x30, 0x4f, 0x60,
+        0xbd, 0x54, 0xd2, 0x54, 0xbd, 0x94, 0x42, 0xdd,
+        0x63, 0xe5, 0x2c, 0xc6, 0x04, 0x32, 0xc0, 0x8f,
+        0x72, 0xd5, 0xb4, 0xf0, 0x4f, 0x42, 0xe5, 0xb0,
+        0xa2, 0x95, 0x11, 0xfe, 0xd8, 0xb0, 0x65, 0x34,
+        0xff, 0xfb, 0x44, 0x97, 0x52, 0xfc, 0x67, 0x23,
+        0x0b, 0xad, 0xf3, 0x3a, 0x82, 0xd4, 0x96, 0x10,
+        0x87, 0x6b, 0xfa, 0xd6, 0x51, 0x60, 0x3e, 0x1c,
+        0xae, 0x19, 0xb8, 0xce, 0x08, 0xae, 0x9a, 0xee,
+        0x78, 0x16, 0x22, 0xcc, 0x92, 0xcb, 0xa8, 0x95,
+        0x34, 0xe5, 0xb9, 0x42, 0x6a, 0xf0, 0x2e, 0x82,
+        0x1f, 0x4c, 0x7d, 0x84, 0x94, 0x68, 0x7b, 0x97,
+        0x2b, 0xf7, 0x7d, 0x67, 0x83, 0xbb, 0xc7, 0x8a,
+        0x31, 0x5a, 0xf3, 0x2a, 0x95, 0xdf, 0x63, 0xe7,
+        0x4e, 0xee, 0x26, 0xda, 0x87, 0x00, 0xe2, 0x23,
+        0x4a, 0x33, 0x9a, 0xa0, 0x1b, 0xce, 0x60, 0x1f,
+        0x98, 0xa1, 0xb0, 0xdb, 0xbf, 0x20, 0x59, 0x27,
+        0xf2, 0x06, 0xd9, 0xbe, 0x37, 0xa4, 0x03, 0x6b,
+        0x6a, 0x4e, 0xaf, 0x22, 0x68, 0xf3, 0xff, 0x28,
+        0x59, 0x05, 0xc9, 0xf1, 0x28, 0xf4, 0xbb, 0x35,
+        0xe0, 0xc2, 0x68, 0xc2, 0xaa, 0x54, 0xac, 0x8c,
+        0xc1, 0x69, 0x9e, 0x4b, 0x32, 0xfc, 0x53, 0x58,
+        0x85, 0x7d, 0x3f, 0x51, 0xd1, 0xc9, 0x03, 0x02,
+        0x13, 0x61, 0x62, 0xda, 0xf8, 0xfe, 0x3e, 0xc8,
+        0x95, 0x12, 0xfb, 0x0c, 0xdf, 0x06, 0x65, 0x6f,
+        0x23, 0xc7, 0x83, 0x7c, 0x50, 0x2d, 0x27, 0x25,
+        0x4d, 0xbf, 0x94, 0xf0, 0x89, 0x04, 0xb9, 0x2d,
+        0xc4, 0xa5, 0x32, 0xa9, 0x25, 0x0a, 0x99, 0x59,
+        0x01, 0x00, 0x01,
+};
+
+const uint8_t dummy_eddsa[] = {
+        0xfe, 0x8b, 0x61, 0x50, 0x31, 0x7a, 0xe6, 0xdf,
+        0xb1, 0x04, 0x9d, 0x4d, 0xb5, 0x7a, 0x5e, 0x96,
+        0x4c, 0xb2, 0xf9, 0x5f, 0x72, 0x47, 0xb5, 0x18,
+        0xe2, 0x39, 0xdf, 0x2f, 0x87, 0x19, 0xb3, 0x02,
+};
+
+#endif /* !_DUMMY_H */
diff --git a/fuzz/export.gnu b/fuzz/export.gnu
new file mode 100644
index 0000000..68463ff
--- /dev/null
+++ b/fuzz/export.gnu
@@ -0,0 +1,189 @@
+{
+        global:
+                eddsa_pk_free;
+                eddsa_pk_from_EVP_PKEY;
+                eddsa_pk_from_ptr;
+                eddsa_pk_new;
+                eddsa_pk_to_EVP_PKEY;
+                es256_pk_free;
+                es256_pk_from_EC_KEY;
+                es256_pk_from_ptr;
+                es256_pk_new;
+                es256_pk_to_EVP_PKEY;
+                fido_assert_allow_cred;
+                fido_assert_authdata_len;
+                fido_assert_authdata_ptr;
+                fido_assert_clientdata_hash_len;
+                fido_assert_clientdata_hash_ptr;
+                fido_assert_count;
+                fido_assert_flags;
+                fido_assert_free;
+                fido_assert_hmac_secret_len;
+                fido_assert_hmac_secret_ptr;
+                fido_assert_id_len;
+                fido_assert_id_ptr;
+                fido_assert_new;
+                fido_assert_rp_id;
+                fido_assert_set_authdata;
+                fido_assert_set_authdata_raw;
+                fido_assert_set_clientdata_hash;
+                fido_assert_set_count;
+                fido_assert_set_extensions;
+                fido_assert_set_hmac_salt;
+                fido_assert_set_options;
+                fido_assert_set_rp;
+                fido_assert_set_sig;
+                fido_assert_set_up;
+                fido_assert_set_uv;
+                fido_assert_sigcount;
+                fido_assert_sig_len;
+                fido_assert_sig_ptr;
+                fido_assert_user_display_name;
+                fido_assert_user_icon;
+                fido_assert_user_id_len;
+                fido_assert_user_id_ptr;
+                fido_assert_user_name;
+                fido_assert_verify;
+                fido_bio_dev_enroll_begin;
+                fido_bio_dev_enroll_cancel;
+                fido_bio_dev_enroll_continue;
+                fido_bio_dev_enroll_remove;
+                fido_bio_dev_get_info;
+                fido_bio_dev_get_template_array;
+                fido_bio_dev_set_template_name;
+                fido_bio_enroll_free;
+                fido_bio_enroll_last_status;
+                fido_bio_enroll_new;
+                fido_bio_enroll_remaining_samples;
+                fido_bio_info_free;
+                fido_bio_info_max_samples;
+                fido_bio_info_new;
+                fido_bio_info_type;
+                fido_bio_template;
+                fido_bio_template_array_count;
+                fido_bio_template_array_free;
+                fido_bio_template_array_new;
+                fido_bio_template_free;
+                fido_bio_template_id_len;
+                fido_bio_template_id_ptr;
+                fido_bio_template_name;
+                fido_bio_template_new;
+                fido_bio_template_set_id;
+                fido_bio_template_set_name;
+                fido_cbor_info_aaguid_len;
+                fido_cbor_info_aaguid_ptr;
+                fido_cbor_info_extensions_len;
+                fido_cbor_info_extensions_ptr;
+                fido_cbor_info_free;
+                fido_cbor_info_maxmsgsiz;
+                fido_cbor_info_fwversion;
+                fido_cbor_info_new;
+                fido_cbor_info_options_len;
+                fido_cbor_info_options_name_ptr;
+                fido_cbor_info_options_value_ptr;
+                fido_cbor_info_protocols_len;
+                fido_cbor_info_protocols_ptr;
+                fido_cbor_info_versions_len;
+                fido_cbor_info_versions_ptr;
+                fido_cred_authdata_len;
+                fido_cred_authdata_ptr;
+                fido_cred_clientdata_hash_len;
+                fido_cred_clientdata_hash_ptr;
+                fido_cred_display_name;
+                fido_cred_exclude;
+                fido_cred_flags;
+                fido_cred_fmt;
+                fido_cred_free;
+                fido_cred_id_len;
+                fido_cred_id_ptr;
+                fido_credman_del_dev_rk;
+                fido_credman_get_dev_metadata;
+                fido_credman_get_dev_rk;
+                fido_credman_get_dev_rp;
+                fido_credman_metadata_free;
+                fido_credman_metadata_new;
+                fido_credman_rk;
+                fido_credman_rk_count;
+                fido_credman_rk_existing;
+                fido_credman_rk_free;
+                fido_credman_rk_new;
+                fido_credman_rk_remaining;
+                fido_credman_rp_count;
+                fido_credman_rp_free;
+                fido_credman_rp_id;
+                fido_credman_rp_id_hash_len;
+                fido_credman_rp_id_hash_ptr;
+                fido_credman_rp_name;
+                fido_credman_rp_new;
+                fido_cred_new;
+                fido_cred_prot;
+                fido_cred_pubkey_len;
+                fido_cred_pubkey_ptr;
+                fido_cred_rp_id;
+                fido_cred_rp_name;
+                fido_cred_set_authdata;
+                fido_cred_set_authdata_raw;
+                fido_cred_set_clientdata_hash;
+                fido_cred_set_extensions;
+                fido_cred_set_fmt;
+                fido_cred_set_options;
+                fido_cred_set_prot;
+                fido_cred_set_rk;
+                fido_cred_set_rp;
+                fido_cred_set_sig;
+                fido_cred_set_type;
+                fido_cred_set_user;
+                fido_cred_set_uv;
+                fido_cred_set_x509;
+                fido_cred_sig_len;
+                fido_cred_sig_ptr;
+                fido_cred_type;
+                fido_cred_user_id_len;
+                fido_cred_user_id_ptr;
+                fido_cred_user_name;
+                fido_cred_verify;
+                fido_cred_verify_self;
+                fido_cred_x5c_len;
+                fido_cred_x5c_ptr;
+                fido_dev_build;
+                fido_dev_cancel;
+                fido_dev_close;
+                fido_dev_flags;
+                fido_dev_force_fido2;
+                fido_dev_force_u2f;
+                fido_dev_free;
+                fido_dev_get_assert;
+                fido_dev_get_cbor_info;
+                fido_dev_get_retry_count;
+                fido_dev_info_free;
+                fido_dev_info_manifest;
+                fido_dev_info_manufacturer_string;
+                fido_dev_info_new;
+                fido_dev_info_path;
+                fido_dev_info_product;
+                fido_dev_info_product_string;
+                fido_dev_info_ptr;
+                fido_dev_info_vendor;
+                fido_dev_is_fido2;
+                fido_dev_major;
+                fido_dev_make_cred;
+                fido_dev_minor;
+                fido_dev_new;
+                fido_dev_open;
+                fido_dev_protocol;
+                fido_dev_reset;
+                fido_dev_set_io_functions;
+                fido_dev_set_pin;
+                fido_init;
+                fido_set_log_handler;
+                fido_strerr;
+                rs256_pk_free;
+                rs256_pk_from_ptr;
+                rs256_pk_from_RSA;
+                rs256_pk_new;
+                rs256_pk_to_EVP_PKEY;
+                prng_init;
+                uniform_random;
+        local:
+                *;
+};
diff --git a/fuzz/functions.txt b/fuzz/functions.txt
index cd652f2..27a9608 100644
--- a/fuzz/functions.txt
+++ b/fuzz/functions.txt
@@ -1,4 +1,4 @@
-File '/home/pedro/projects/libfido2/src/aes256.c':
+File '/libfido2/src/aes256.c':
 Name                        Regions    Miss   Cover     Lines    Miss   Cover
 -----------------------------------------------------------------------------
 aes256_cbc_enc                   28       0 100.00%        41       0 100.00%
@@ -6,14 +6,15 @@ aes256_cbc_dec                   28       0 100.00%        41       0 100.00%
 -----------------------------------------------------------------------------
 TOTAL                            56       0 100.00%        82       0 100.00%
 
-File '/home/pedro/projects/libfido2/src/assert.c':
+File '/libfido2/src/assert.c':
 Name                                  Regions    Miss   Cover     Lines    Miss   Cover
 ---------------------------------------------------------------------------------------
 fido_dev_get_assert                        35       3  91.43%        38       4  89.47%
 fido_check_flags                           13       0 100.00%        18       0 100.00%
+fido_get_signed_hash                       32       0 100.00%        46       0 100.00%
 fido_verify_sig_es256                      17       2  88.24%        31       7  77.42%
 fido_verify_sig_rs256                      17       2  88.24%        31       7  77.42%
-fido_verify_sig_eddsa                      23       2  91.30%        43       7  83.72%
+fido_verify_sig_eddsa                      23       4  82.61%        43      13  69.77%
 fido_assert_verify                         48       4  91.67%        79       4  94.94%
 fido_assert_set_clientdata_hash             6       0 100.00%         6       0 100.00%
 fido_assert_set_hmac_salt                  10       0 100.00%         7       0 100.00%
@@ -27,7 +28,7 @@ fido_assert_clientdata_hash_ptr             1       0 100.00%         3       0
 fido_assert_clientdata_hash_len             1       0 100.00%         3       0 100.00%
 fido_assert_new                             1       0 100.00%         3       0 100.00%
 fido_assert_reset_tx                        1       0 100.00%        15       0 100.00%
-fido_assert_reset_rx                        6       0 100.00%        24       0 100.00%
+fido_assert_reset_rx                        6       1  83.33%        24       3  87.50%
 fido_assert_free                            6       0 100.00%        13       0 100.00%
 fido_assert_count                           1       0 100.00%         3       0 100.00%
 fido_assert_rp_id                           1       0 100.00%         3       0 100.00%
@@ -47,36 +48,35 @@ fido_assert_user_display_name               4       0 100.00%         6       0
 fido_assert_hmac_secret_ptr                 4       0 100.00%         6       0 100.00%
 fido_assert_hmac_secret_len                 4       0 100.00%         6       0 100.00%
 fido_assert_set_authdata                   24       0 100.00%        35       0 100.00%
-fido_assert_set_authdata_raw               24       0 100.00%        34       0 100.00%
+fido_assert_set_authdata_raw               24       4  83.33%        34       7  79.41%
 fido_assert_set_sig                        14       0 100.00%        17       0 100.00%
 fido_assert_set_count                      10       0 100.00%        21       0 100.00%
-assert.c:fido_dev_get_assert_wait          21       0 100.00%        16       0 100.00%
+assert.c:fido_dev_get_assert_wait          21       1  95.24%        16       2  87.50%
 assert.c:fido_dev_get_assert_tx            58       4  93.10%        84      11  86.90%
-assert.c:fido_dev_get_assert_rx            20       0 100.00%        38       0 100.00%
+assert.c:fido_dev_get_assert_rx            19       0 100.00%        38       0 100.00%
 assert.c:adjust_assert_count               24       0 100.00%        33       0 100.00%
 assert.c:parse_assert_reply                11       0 100.00%        25       0 100.00%
-assert.c:fido_get_next_assert_tx            9       0 100.00%        11       0 100.00%
-assert.c:fido_get_next_assert_rx           16       2  87.50%        26       4  84.62%
-assert.c:decrypt_hmac_secrets               9       1  88.89%        15       4  73.33%
+assert.c:fido_get_next_assert_tx            8       2  75.00%        10       3  70.00%
+assert.c:fido_get_next_assert_rx           15       4  73.33%        26       7  73.08%
+assert.c:decrypt_hmac_secrets               9       3  66.67%        15       7  53.33%
 assert.c:check_extensions                   4       0 100.00%         9       0 100.00%
-assert.c:get_signed_hash                   32       0 100.00%        46       0 100.00%
 assert.c:fido_assert_clean_authdata         1       0 100.00%         9       0 100.00%
 assert.c:fido_assert_clean_sig              1       0 100.00%         5       0 100.00%
 ---------------------------------------------------------------------------------------
-TOTAL                                     569      29  94.90%       901      60  93.34%
+TOTAL                                     566      43  92.40%       900      87  90.33%
 
-File '/home/pedro/projects/libfido2/src/authkey.c':
+File '/libfido2/src/authkey.c':
 Name                                  Regions    Miss   Cover     Lines    Miss   Cover
 ---------------------------------------------------------------------------------------
 fido_dev_authkey                            1       0 100.00%         3       0 100.00%
 authkey.c:fido_dev_authkey_wait            10       0 100.00%         9       0 100.00%
 authkey.c:fido_dev_authkey_tx              19       0 100.00%        33       0 100.00%
-authkey.c:fido_dev_authkey_rx               7       0 100.00%        18       0 100.00%
+authkey.c:fido_dev_authkey_rx               6       0 100.00%        18       0 100.00%
 authkey.c:parse_authkey                     8       0 100.00%        12       0 100.00%
 ---------------------------------------------------------------------------------------
-TOTAL                                      45       0 100.00%        75       0 100.00%
+TOTAL                                      44       0 100.00%        75       0 100.00%
 
-File '/home/pedro/projects/libfido2/src/bio.c':
+File '/libfido2/src/bio.c':
 Name                                  Regions    Miss   Cover     Lines    Miss   Cover
 ---------------------------------------------------------------------------------------
 fido_bio_dev_get_template_array             5       2  60.00%         6       0 100.00%
@@ -108,30 +108,30 @@ fido_bio_enroll_last_status                 1       0 100.00%         3       0
 bio.c:bio_get_template_array_wait          11       0 100.00%         9       0 100.00%
 bio.c:bio_tx                               43       0 100.00%        65       0 100.00%
 bio.c:bio_prepare_hmac                     18       0 100.00%        36       0 100.00%
-bio.c:bio_rx_template_array                12       0 100.00%        21       0 100.00%
+bio.c:bio_rx_template_array                11       0 100.00%        21       0 100.00%
 bio.c:bio_parse_template_array             26       1  96.15%        34       4  88.24%
 bio.c:decode_template_array                12       1  91.67%        23       3  86.96%
 bio.c:decode_template                       9       0 100.00%        18       0 100.00%
 bio.c:bio_set_template_name_wait           19       0 100.00%        24       0 100.00%
-bio.c:bio_enroll_begin_wait                17       1  94.12%        24       3  87.50%
-bio.c:bio_rx_enroll_begin                  16       0 100.00%        29       0 100.00%
+bio.c:bio_enroll_begin_wait                17       0 100.00%        24       0 100.00%
+bio.c:bio_rx_enroll_begin                  15       0 100.00%        29       0 100.00%
 bio.c:bio_parse_enroll_status              20       0 100.00%        31       0 100.00%
 bio.c:bio_parse_template_id                 8       0 100.00%        12       0 100.00%
 bio.c:bio_enroll_continue_wait             19       0 100.00%        25       0 100.00%
-bio.c:bio_rx_enroll_continue               12       0 100.00%        22       0 100.00%
+bio.c:bio_rx_enroll_continue               11       0 100.00%        22       0 100.00%
 bio.c:bio_enroll_cancel_wait               11      11   0.00%        12      12   0.00%
 bio.c:bio_enroll_remove_wait               17       0 100.00%        24       0 100.00%
 bio.c:bio_get_info_wait                    11       0 100.00%        11       0 100.00%
-bio.c:bio_rx_info                          12       0 100.00%        21       0 100.00%
+bio.c:bio_rx_info                          11       0 100.00%        21       0 100.00%
 bio.c:bio_reset_info                        1       0 100.00%         4       0 100.00%
 bio.c:bio_parse_info                       20       0 100.00%        31       0 100.00%
 bio.c:bio_reset_template_array              4       0 100.00%         8       0 100.00%
 bio.c:bio_reset_template                    1       0 100.00%         6       0 100.00%
 bio.c:bio_reset_enroll                      3       0 100.00%         7       0 100.00%
 ---------------------------------------------------------------------------------------
-TOTAL                                     422      21  95.02%       661      25  96.22%
+TOTAL                                     418      20  95.22%       661      22  96.67%
 
-File '/home/pedro/projects/libfido2/src/blob.c':
+File '/libfido2/src/blob.c':
 Name                                  Regions    Miss   Cover     Lines    Miss   Cover
 ---------------------------------------------------------------------------------------
 fido_blob_new                               1       0 100.00%         3       0 100.00%
@@ -144,7 +144,7 @@ fido_blob_is_empty                          3       0 100.00%         3       0
 ---------------------------------------------------------------------------------------
 TOTAL                                      39       1  97.44%        73       4  94.52%
 
-File '/home/pedro/projects/libfido2/src/buf.c':
+File '/libfido2/src/buf.c':
 Name                                  Regions    Miss   Cover     Lines    Miss   Cover
 ---------------------------------------------------------------------------------------
 fido_buf_read                               4       0 100.00%        10       0 100.00%
@@ -152,10 +152,10 @@ fido_buf_write                              4       1  75.00%        10       1
 ---------------------------------------------------------------------------------------
 TOTAL                                       8       1  87.50%        20       1  95.00%
 
-File '/home/pedro/projects/libfido2/src/cbor.c':
+File '/libfido2/src/cbor.c':
 Name                                  Regions    Miss   Cover     Lines    Miss   Cover
 ---------------------------------------------------------------------------------------
-cbor_map_iter                              20       1  95.00%        30       4  86.67%
+cbor_map_iter                              20       0 100.00%        30       0 100.00%
 cbor_array_iter                            12       0 100.00%        20       0 100.00%
 cbor_parse_reply                           27       0 100.00%        43       0 100.00%
 cbor_vector_free                            6       0 100.00%         5       0 100.00%
@@ -168,10 +168,10 @@ cbor_flatten_vector                        14       1  92.86%        21       1
 cbor_build_frame                           15       0 100.00%        32       0 100.00%
 cbor_encode_rp_entity                      13       0 100.00%        14       0 100.00%
 cbor_encode_user_entity                    21       0 100.00%        18       0 100.00%
-cbor_encode_pubkey_param                   36       0 100.00%        48       0 100.00%
+cbor_encode_pubkey_param                   36       1  97.22%        48       0 100.00%
 cbor_encode_pubkey                         10       0 100.00%        13       0 100.00%
-cbor_encode_pubkey_list                    18       2  88.89%        23       0 100.00%
-cbor_encode_extensions                     13       1  92.31%        16       0 100.00%
+cbor_encode_pubkey_list                    18       1  94.44%        23       0 100.00%
+cbor_encode_extensions                     24       2  91.67%        26       3  88.46%
 cbor_encode_options                        13       0 100.00%        14       0 100.00%
 cbor_encode_assert_options                 13       0 100.00%        14       0 100.00%
 cbor_encode_pin_auth                        8       0 100.00%        12       0 100.00%
@@ -180,11 +180,11 @@ cbor_encode_pin_enc                         4       0 100.00%        12       0
 cbor_encode_change_pin_auth                44       1  97.73%        69       3  95.65%
 cbor_encode_set_pin_auth                   17       0 100.00%        28       0 100.00%
 cbor_encode_pin_hash_enc                   15       0 100.00%        27       0 100.00%
-cbor_encode_hmac_secret_param              41       1  97.56%        66       4  93.94%
+cbor_encode_hmac_secret_param              41       2  95.12%        66       9  86.36%
 cbor_decode_fmt                             9       0 100.00%        18       0 100.00%
-cbor_decode_pubkey                         21       1  95.24%        32       2  93.75%
-cbor_decode_cred_authdata                  31       0 100.00%        46       0 100.00%
-cbor_decode_assert_authdata                23       0 100.00%        44       0 100.00%
+cbor_decode_pubkey                         21       6  71.43%        32       7  78.12%
+cbor_decode_cred_authdata                  31       0 100.00%        47       0 100.00%
+cbor_decode_assert_authdata                23       2  91.30%        44       2  95.45%
 cbor_decode_attstmt                         8       0 100.00%        10       0 100.00%
 cbor_decode_uint64                          4       0 100.00%        10       0 100.00%
 cbor_decode_cred_id                         8       0 100.00%        10       0 100.00%
@@ -193,29 +193,30 @@ cbor_decode_rp_entity                       8       0 100.00%        10       0
 cbor.c:ctap_check_cbor                     28       0 100.00%        32       0 100.00%
 cbor.c:check_key_type                       8       0 100.00%         9       0 100.00%
 cbor.c:cbor_add_arg                        13       0 100.00%        28       0 100.00%
+cbor.c:cbor_add_uint8                      14       1  92.86%        26       3  88.46%
 cbor.c:sha256                               7       0 100.00%        15       0 100.00%
-cbor.c:get_cose_alg                        36       0 100.00%        48       0 100.00%
+cbor.c:get_cose_alg                        36       6  83.33%        48       6  87.50%
 cbor.c:find_cose_alg                       35       0 100.00%        40       0 100.00%
 cbor.c:decode_attcred                      25       0 100.00%        58       0 100.00%
-cbor.c:decode_extensions                   16       4  75.00%        34       6  82.35%
-cbor.c:decode_extension                    19      19   0.00%        27      27   0.00%
-cbor.c:decode_hmac_secret                  16       0 100.00%        32       0 100.00%
-cbor.c:decode_hmac_secret_aux               7       0 100.00%        17       0 100.00%
-cbor.c:decode_attstmt_entry                29       0 100.00%        39       0 100.00%
+cbor.c:decode_extensions                   14       9  35.71%        34      13  61.76%
+cbor.c:decode_extension                    27      27   0.00%        36      36   0.00%
+cbor.c:decode_hmac_secret                  16       4  75.00%        32       6  81.25%
+cbor.c:decode_hmac_secret_aux               7       7   0.00%        17      17   0.00%
+cbor.c:decode_attstmt_entry                38       0 100.00%        45       0 100.00%
 cbor.c:decode_x5c                           4       0 100.00%         8       0 100.00%
 cbor.c:decode_cred_id_entry                10       0 100.00%        23       0 100.00%
 cbor.c:decode_user_entry                   25       0 100.00%        39       0 100.00%
 cbor.c:decode_rp_entity_entry              15       0 100.00%        29       0 100.00%
 ---------------------------------------------------------------------------------------
-TOTAL                                     844      31  96.33%      1319      47  96.44%
+TOTAL                                     884      70  92.08%      1371     106  92.27%
 
-File '/home/pedro/projects/libfido2/src/cred.c':
+File '/libfido2/src/cred.c':
 Name                                  Regions    Miss   Cover     Lines    Miss   Cover
 ---------------------------------------------------------------------------------------
-fido_dev_make_cred                         12       0 100.00%         9       0 100.00%
+fido_dev_make_cred                         12       0 100.00%        10       0 100.00%
 fido_check_rp_id                            4       0 100.00%        14       0 100.00%
-fido_cred_verify                           45       0 100.00%        71       0 100.00%
-fido_cred_verify_self                      54      10  81.48%        90      14  84.44%
+fido_cred_verify                           46       6  86.96%        71      11  84.51%
+fido_cred_verify_self                      54      14  74.07%        90      22  75.56%
 fido_cred_new                               1       0 100.00%         3       0 100.00%
 fido_cred_reset_tx                          1       0 100.00%        20       0 100.00%
 fido_cred_reset_rx                          1       0 100.00%         8       0 100.00%
@@ -228,10 +229,11 @@ fido_cred_exclude                          14       2  85.71%        25       3
 fido_cred_set_clientdata_hash               6       0 100.00%         6       0 100.00%
 fido_cred_set_rp                           18       2  88.89%        26       6  76.92%
 fido_cred_set_user                         33       4  87.88%        50      13  74.00%
-fido_cred_set_extensions                    9       0 100.00%         8       0 100.00%
+fido_cred_set_extensions                   15       0 100.00%        12       0 100.00%
 fido_cred_set_options                       6       6   0.00%         6       6   0.00%
 fido_cred_set_rk                            2       0 100.00%         5       0 100.00%
 fido_cred_set_uv                            2       0 100.00%         5       0 100.00%
+fido_cred_set_prot                         21       2  90.48%        16       0 100.00%
 fido_cred_set_fmt                          16       4  75.00%        15       1  93.33%
 fido_cred_set_type                         17       2  88.24%         9       1  88.89%
 fido_cred_type                              1       0 100.00%         3       0 100.00%
@@ -244,10 +246,11 @@ fido_cred_sig_ptr                           1       0 100.00%         3       0
 fido_cred_sig_len                           1       0 100.00%         3       0 100.00%
 fido_cred_authdata_ptr                      1       0 100.00%         3       0 100.00%
 fido_cred_authdata_len                      1       0 100.00%         3       0 100.00%
-fido_cred_pubkey_ptr                        9       0 100.00%        20       0 100.00%
-fido_cred_pubkey_len                        9       0 100.00%        20       0 100.00%
+fido_cred_pubkey_ptr                        9       2  77.78%        20       2  90.00%
+fido_cred_pubkey_len                        9       2  77.78%        20       2  90.00%
 fido_cred_id_ptr                            1       0 100.00%         3       0 100.00%
 fido_cred_id_len                            1       0 100.00%         3       0 100.00%
+fido_cred_prot                              1       0 100.00%         3       0 100.00%
 fido_cred_fmt                               1       0 100.00%         3       0 100.00%
 fido_cred_rp_id                             1       0 100.00%         3       0 100.00%
 fido_cred_rp_name                           1       0 100.00%         3       0 100.00%
@@ -257,19 +260,18 @@ fido_cred_user_id_ptr                       1       0 100.00%         3       0
 fido_cred_user_id_len                       1       0 100.00%         3       0 100.00%
 cred.c:fido_dev_make_cred_wait             10       0 100.00%         9       0 100.00%
 cred.c:fido_dev_make_cred_tx               59       0 100.00%        81       0 100.00%
-cred.c:fido_dev_make_cred_rx               22       0 100.00%        28       0 100.00%
+cred.c:fido_dev_make_cred_rx               21       0 100.00%        28       0 100.00%
 cred.c:parse_makecred_reply                10       0 100.00%        23       0 100.00%
-cred.c:check_extensions                     4       0 100.00%         9       0 100.00%
-cred.c:get_signed_hash_packed              23       1  95.65%        38       3  92.11%
+cred.c:check_extensions                     1       0 100.00%         3       0 100.00%
 cred.c:get_signed_hash_u2f                 22       0 100.00%        20       0 100.00%
-cred.c:verify_sig                          27       1  96.30%        40       4  90.00%
+cred.c:verify_sig                          27       2  92.59%        40       7  82.50%
 cred.c:fido_cred_clean_authdata             1       0 100.00%         9       0 100.00%
 cred.c:fido_cred_clean_x509                 1       0 100.00%         5       0 100.00%
 cred.c:fido_cred_clean_sig                  1       0 100.00%         5       0 100.00%
 ---------------------------------------------------------------------------------------
-TOTAL                                     532      35  93.42%       850      55  93.53%
+TOTAL                                     534      51  90.45%       830      78  90.60%
 
-File '/home/pedro/projects/libfido2/src/credman.c':
+File '/libfido2/src/credman.c':
 Name                                  Regions    Miss   Cover     Lines    Miss   Cover
 ---------------------------------------------------------------------------------------
 fido_credman_get_dev_metadata               9       2  77.78%         8       0 100.00%
@@ -294,35 +296,41 @@ fido_credman_rp_id_hash_ptr                 4       0 100.00%         6       0
 credman.c:credman_get_metadata_wait        11       0 100.00%         9       0 100.00%
 credman.c:credman_tx                       30       0 100.00%        53       0 100.00%
 credman.c:credman_prepare_hmac             21       1  95.24%        43       2  95.35%
-credman.c:credman_rx_metadata              12       0 100.00%        21       0 100.00%
+credman.c:credman_rx_metadata              11       0 100.00%        21       0 100.00%
 credman.c:credman_parse_metadata            9       0 100.00%        19       0 100.00%
 credman.c:credman_get_rk_wait              27       0 100.00%        26       0 100.00%
-credman.c:credman_rx_rk                    20       0 100.00%        36       0 100.00%
+credman.c:credman_rx_rk                    19       0 100.00%        36       0 100.00%
 credman.c:credman_parse_rk_count           16       0 100.00%        25       0 100.00%
 credman.c:credman_grow_array               17       2  88.24%        28       5  82.14%
 credman.c:credman_parse_rk                 13       0 100.00%        25       0 100.00%
-credman.c:credman_rx_next_rk               16       2  87.50%        26       4  84.62%
+credman.c:credman_rx_next_rk               15       2  86.67%        26       4  84.62%
 credman.c:credman_del_rk_wait              16       0 100.00%        19       0 100.00%
 credman.c:credman_get_rp_wait              23       0 100.00%        16       0 100.00%
-credman.c:credman_rx_rp                    20       0 100.00%        36       0 100.00%
+credman.c:credman_rx_rp                    19       0 100.00%        36       0 100.00%
 credman.c:credman_parse_rp_count           16       0 100.00%        25       0 100.00%
 credman.c:credman_parse_rp                  9       0 100.00%        19       0 100.00%
-credman.c:credman_rx_next_rp               16       2  87.50%        26       4  84.62%
+credman.c:credman_rx_next_rp               15       2  86.67%        26       4  84.62%
 credman.c:credman_reset_rk                  4       0 100.00%        10       0 100.00%
 credman.c:credman_reset_rp                  4       0 100.00%        15       0 100.00%
 ---------------------------------------------------------------------------------------
-TOTAL                                     381      18  95.28%       589      15  97.45%
+TOTAL                                     376      18  95.21%       589      15  97.45%
 
-File '/home/pedro/projects/libfido2/src/dev.c':
+File '/libfido2/src/dev.c':
 Name                                  Regions    Miss   Cover     Lines    Miss   Cover
 ---------------------------------------------------------------------------------------
+fido_dev_register_manifest_func            10      10   0.00%        18      18   0.00%
+fido_dev_unregister_manifest_func           7       7   0.00%        13      13   0.00%
+fido_dev_info_manifest                     17      17   0.00%        24      24   0.00%
+fido_dev_open_with_info                     5       5   0.00%         6       6   0.00%
 fido_dev_open                               1       0 100.00%         3       0 100.00%
 fido_dev_close                              8       2  75.00%         9       0 100.00%
-fido_dev_cancel                             8       2  75.00%         6       3  50.00%
-fido_dev_set_io_functions                  18       4  77.78%        19       6  68.42%
+fido_dev_cancel                             7       0 100.00%         6       0 100.00%
+fido_dev_set_io_functions                  18       4  77.78%        16       6  62.50%
+fido_dev_set_transport_functions            6       6   0.00%        10      10   0.00%
 fido_init                                   7       1  85.71%         4       0 100.00%
-fido_dev_new                                9       1  88.89%        22       4  81.82%
-fido_dev_free                               6       0 100.00%        10       0 100.00%
+fido_dev_new                                5       0 100.00%        16       0 100.00%
+fido_dev_new_with_info                     17      17   0.00%        26      26   0.00%
+fido_dev_free                               6       0 100.00%        11       0 100.00%
 fido_dev_protocol                           1       0 100.00%         3       0 100.00%
 fido_dev_major                              1       0 100.00%         3       0 100.00%
 fido_dev_minor                              1       0 100.00%         3       0 100.00%
@@ -331,14 +339,15 @@ fido_dev_flags                              1       0 100.00%         3       0
 fido_dev_is_fido2                           2       0 100.00%         3       0 100.00%
 fido_dev_force_u2f                          2       0 100.00%         3       0 100.00%
 fido_dev_force_fido2                        2       2   0.00%         3       3   0.00%
+dev.c:find_manifest_func_node               5       5   0.00%         9       9   0.00%
 dev.c:fido_dev_open_wait                   10       0 100.00%         9       0 100.00%
-dev.c:fido_dev_open_tx                     26       8  69.23%        32      12  62.50%
-dev.c:obtain_nonce                         13       2  84.62%        18       2  88.89%
-dev.c:fido_dev_open_rx                     14       0 100.00%        27       0 100.00%
+dev.c:fido_dev_open_tx                     25       8  68.00%        32      12  62.50%
+dev.c:obtain_nonce                          4       1  75.00%         5       1  80.00%
+dev.c:fido_dev_open_rx                     32       0 100.00%        53       0 100.00%
 ---------------------------------------------------------------------------------------
-TOTAL                                     131      22  83.21%       183      30  83.61%
+TOTAL                                     201      85  57.71%       294     128  56.46%
 
-File '/home/pedro/projects/libfido2/src/ecdh.c':
+File '/libfido2/src/ecdh.c':
 Name                                  Regions    Miss   Cover     Lines    Miss   Cover
 ---------------------------------------------------------------------------------------
 fido_do_ecdh                               29       0 100.00%        44       0 100.00%
@@ -346,7 +355,7 @@ ecdh.c:do_ecdh                             39       0 100.00%        60       0
 ---------------------------------------------------------------------------------------
 TOTAL                                      68       0 100.00%       104       0 100.00%
 
-File '/home/pedro/projects/libfido2/src/eddsa.c':
+File '/libfido2/src/eddsa.c':
 Name                                  Regions    Miss   Cover     Lines    Miss   Cover
 ---------------------------------------------------------------------------------------
 eddsa_pk_decode                             8       0 100.00%        10       0 100.00%
@@ -354,20 +363,20 @@ eddsa_pk_new                                1       0 100.00%         3       0
 eddsa_pk_free                               6       0 100.00%        11       0 100.00%
 eddsa_pk_from_ptr                           6       0 100.00%         8       0 100.00%
 eddsa_pk_to_EVP_PKEY                        3       0 100.00%         9       0 100.00%
-eddsa_pk_from_EVP_PKEY                     14       4  71.43%        12       2  83.33%
+eddsa_pk_from_EVP_PKEY                     14       0 100.00%        12       0 100.00%
 eddsa.c:decode_pubkey_point                 8       0 100.00%        14       0 100.00%
 eddsa.c:decode_coord                        8       0 100.00%        12       0 100.00%
 ---------------------------------------------------------------------------------------
-TOTAL                                      54       4  92.59%        79       2  97.47%
+TOTAL                                      54       0 100.00%        79       0 100.00%
 
-File '/home/pedro/projects/libfido2/src/err.c':
+File '/libfido2/src/err.c':
 Name                                  Regions    Miss   Cover     Lines    Miss   Cover
 ---------------------------------------------------------------------------------------
 fido_strerr                               108     108   0.00%       112     112   0.00%
 ---------------------------------------------------------------------------------------
 TOTAL                                     108     108   0.00%       112     112   0.00%
 
-File '/home/pedro/projects/libfido2/src/es256.c':
+File '/libfido2/src/es256.c':
 Name                                  Regions    Miss   Cover     Lines    Miss   Cover
 ---------------------------------------------------------------------------------------
 es256_pk_decode                             8       0 100.00%        10       0 100.00%
@@ -376,28 +385,28 @@ es256_sk_new                                1       0 100.00%         3       0
 es256_sk_free                               6       0 100.00%        11       0 100.00%
 es256_pk_new                                1       0 100.00%         3       0 100.00%
 es256_pk_free                               6       0 100.00%        11       0 100.00%
-es256_pk_from_ptr                           6       0 100.00%         8       0 100.00%
+es256_pk_from_ptr                          11       0 100.00%        13       0 100.00%
 es256_pk_set_x                              1       0 100.00%         5       0 100.00%
 es256_pk_set_y                              1       0 100.00%         5       0 100.00%
-es256_sk_create                            39       2  94.87%        46       6  86.96%
+es256_sk_create                            39       0 100.00%        46       0 100.00%
 es256_pk_to_EVP_PKEY                       41       0 100.00%        58       0 100.00%
-es256_pk_from_EC_KEY                       38       2  94.74%        39       7  82.05%
+es256_pk_from_EC_KEY                       38       0 100.00%        39       0 100.00%
 es256_sk_to_EVP_PKEY                       27       0 100.00%        41       0 100.00%
 es256_derive_pk                            25       0 100.00%        34       0 100.00%
 es256.c:decode_pubkey_point                 9       0 100.00%        16       0 100.00%
 es256.c:decode_coord                        8       0 100.00%        12       0 100.00%
 ---------------------------------------------------------------------------------------
-TOTAL                                     273       4  98.53%       372      13  96.51%
+TOTAL                                     278       0 100.00%       377       0 100.00%
 
-File '/home/pedro/projects/libfido2/src/extern.h':
+File '/libfido2/src/extern.h':
 Name                                  Regions    Miss   Cover     Lines    Miss   Cover
 ---------------------------------------------------------------------------------------
 
-File '/home/pedro/projects/libfido2/src/fido.h':
+File '/libfido2/src/fido.h':
 Name                                  Regions    Miss   Cover     Lines    Miss   Cover
 ---------------------------------------------------------------------------------------
 
-File '/home/pedro/projects/libfido2/src/hid.c':
+File '/libfido2/src/hid.c':
 Name                                  Regions    Miss   Cover     Lines    Miss   Cover
 ---------------------------------------------------------------------------------------
 fido_dev_info_new                           1       1   0.00%         3       3   0.00%
@@ -411,30 +420,31 @@ fido_dev_info_product_string                1       1   0.00%         3       3
 ---------------------------------------------------------------------------------------
 TOTAL                                      16      16   0.00%        38      38   0.00%
 
-File '/home/pedro/projects/libfido2/src/hid_linux.c':
+File '/libfido2/src/hid_linux.c':
 Name                                  Regions    Miss   Cover     Lines    Miss   Cover
 ---------------------------------------------------------------------------------------
-fido_dev_info_manifest                     33      33   0.00%        40      40   0.00%
+fido_hid_manifest                          33      33   0.00%        46      46   0.00%
 fido_hid_open                               6       6   0.00%        11      11   0.00%
 fido_hid_close                              1       1   0.00%         6       6   0.00%
 fido_hid_read                              12      12   0.00%        16      16   0.00%
 fido_hid_write                             12      12   0.00%        16      16   0.00%
 hid_linux.c:copy_info                      35      35   0.00%        56      56   0.00%
 hid_linux.c:is_fido                         6       6   0.00%        14      14   0.00%
-hid_linux.c:get_report_descriptor          17      17   0.00%        31      31   0.00%
+hid_linux.c:get_report_descriptor          17      17   0.00%        30      30   0.00%
 hid_linux.c:get_usage_info                 16      16   0.00%        33      33   0.00%
 hid_linux.c:get_key_len                     6       6   0.00%        14      14   0.00%
 hid_linux.c:get_key_val                     6       6   0.00%        20      20   0.00%
 hid_linux.c:parse_uevent                   16      16   0.00%        30      30   0.00%
 ---------------------------------------------------------------------------------------
-TOTAL                                     166     166   0.00%       287     287   0.00%
+TOTAL                                     166     166   0.00%       292     292   0.00%
 
-File '/home/pedro/projects/libfido2/src/info.c':
+File '/libfido2/src/info.c':
 Name                                  Regions    Miss   Cover     Lines    Miss   Cover
 ---------------------------------------------------------------------------------------
+fido_dev_get_cbor_info_wait                10       0 100.00%         9       0 100.00%
 fido_dev_get_cbor_info                      1       0 100.00%         3       0 100.00%
 fido_cbor_info_new                          1       0 100.00%         3       0 100.00%
-fido_cbor_info_free                         6       1  83.33%        14       0 100.00%
+fido_cbor_info_free                         6       0 100.00%        14       0 100.00%
 fido_cbor_info_versions_ptr                 1       0 100.00%         3       0 100.00%
 fido_cbor_info_versions_len                 1       0 100.00%         3       0 100.00%
 fido_cbor_info_extensions_ptr               1       0 100.00%         3       0 100.00%
@@ -447,9 +457,8 @@ fido_cbor_info_options_len                  1       0 100.00%         3       0
 fido_cbor_info_maxmsgsiz                    1       0 100.00%         3       0 100.00%
 fido_cbor_info_protocols_ptr                1       0 100.00%         3       0 100.00%
 fido_cbor_info_protocols_len                1       0 100.00%         3       0 100.00%
-info.c:fido_dev_get_cbor_info_wait         10       0 100.00%         9       0 100.00%
-info.c:fido_dev_get_cbor_info_tx            9       0 100.00%        13       0 100.00%
-info.c:fido_dev_get_cbor_info_rx            7       0 100.00%        18       0 100.00%
+info.c:fido_dev_get_cbor_info_tx            8       0 100.00%        12       0 100.00%
+info.c:fido_dev_get_cbor_info_rx            6       0 100.00%        18       0 100.00%
 info.c:parse_reply_element                 13       0 100.00%        27       0 100.00%
 info.c:decode_versions                     12       0 100.00%        21       0 100.00%
 info.c:decode_version                       4       0 100.00%        14       0 100.00%
@@ -464,22 +473,25 @@ info.c:free_str_array                       4       0 100.00%         8       0
 info.c:free_opt_array                       4       0 100.00%         9       0 100.00%
 info.c:free_byte_array                      1       0 100.00%         6       0 100.00%
 ---------------------------------------------------------------------------------------
-TOTAL                                     148       1  99.32%       305       0 100.00%
+TOTAL                                     146       0 100.00%       304       0 100.00%
 
-File '/home/pedro/projects/libfido2/src/io.c':
+File '/libfido2/src/io.c':
 Name                                  Regions    Miss   Cover     Lines    Miss   Cover
 ---------------------------------------------------------------------------------------
-fido_tx                                    18       0 100.00%        35       0 100.00%
-fido_rx                                    34       3  91.18%        84      12  85.71%
-fido_rx_cbor_status                         9       0 100.00%        13       0 100.00%
-io.c:tx_preamble                           16       1  93.75%        24       1  95.83%
-io.c:tx_frame                              16       1  93.75%        21       0 100.00%
-io.c:rx_preamble                           11       0 100.00%        12       0 100.00%
-io.c:rx_frame                               9       1  88.89%        12       0 100.00%
----------------------------------------------------------------------------------------
-TOTAL                                     113       6  94.69%       201      13  93.53%
+fido_tx                                    14       1  92.86%        18       0 100.00%
+fido_rx                                    13       2  84.62%        21       3  85.71%
+fido_rx_cbor_status                         8       0 100.00%        12       0 100.00%
+io.c:tx_empty                               7       0 100.00%        16       0 100.00%
+io.c:tx                                    13       0 100.00%        21       0 100.00%
+io.c:tx_preamble                           10       0 100.00%        20       0 100.00%
+io.c:tx_frame                               9       0 100.00%        18       0 100.00%
+io.c:rx                                    25       1  96.00%        58       4  93.10%
+io.c:rx_preamble                           18       1  94.44%        25       4  84.00%
+io.c:rx_frame                               6       0 100.00%         9       0 100.00%
+---------------------------------------------------------------------------------------
+TOTAL                                     123       5  95.93%       218      11  94.95%
 
-File '/home/pedro/projects/libfido2/src/iso7816.c':
+File '/libfido2/src/iso7816.c':
 Name                                  Regions    Miss   Cover     Lines    Miss   Cover
 ---------------------------------------------------------------------------------------
 iso7816_new                                 4       0 100.00%        19       0 100.00%
@@ -490,25 +502,27 @@ iso7816_len                                 1       0 100.00%         4       0
 ---------------------------------------------------------------------------------------
 TOTAL                                      18       1  94.44%        47       0 100.00%
 
-File '/home/pedro/projects/libfido2/src/log.c':
+File '/libfido2/src/log.c':
 Name                                  Regions    Miss   Cover     Lines    Miss   Cover
 ---------------------------------------------------------------------------------------
-fido_log_init                               1       1   0.00%         3       3   0.00%
-fido_log_xxd                               11       8  27.27%        18      12  33.33%
-fido_log_debug                              4       1  75.00%        13       8  38.46%
+fido_log_init                               1       0 100.00%         4       0 100.00%
+fido_log_debug                             11       1  90.91%        16       0 100.00%
+fido_log_xxd                               18       0 100.00%        23       0 100.00%
+fido_set_log_handler                        3       0 100.00%         4       0 100.00%
+log.c:log_on_stderr                         1       1   0.00%         3       3   0.00%
 ---------------------------------------------------------------------------------------
-TOTAL                                      16      10  37.50%        34      23  32.35%
+TOTAL                                      34       2  94.12%        50       3  94.00%
 
-File '/home/pedro/projects/libfido2/src/pin.c':
+File '/libfido2/src/pin.c':
 Name                                  Regions    Miss   Cover     Lines    Miss   Cover
 ---------------------------------------------------------------------------------------
 fido_dev_get_pin_token                      1       0 100.00%         3       0 100.00%
 fido_dev_set_pin                            1       0 100.00%         3       0 100.00%
 fido_dev_get_retry_count                    1       0 100.00%         3       0 100.00%
 cbor_add_pin_params                        17       0 100.00%        27       0 100.00%
-pin.c:fido_dev_get_pin_token_wait          10       0 100.00%         9       0 100.00%
+pin.c:fido_dev_get_pin_token_wait          10       0 100.00%        10       0 100.00%
 pin.c:fido_dev_get_pin_token_tx            29       0 100.00%        40       0 100.00%
-pin.c:fido_dev_get_pin_token_rx            21       0 100.00%        36       0 100.00%
+pin.c:fido_dev_get_pin_token_rx            20       0 100.00%        36       0 100.00%
 pin.c:parse_pintoken                        8       0 100.00%        12       0 100.00%
 pin.c:fido_dev_set_pin_wait                16       0 100.00%        22       0 100.00%
 pin.c:fido_dev_change_pin_tx               41       0 100.00%        59       0 100.00%
@@ -516,49 +530,49 @@ pin.c:pad64                                18       0 100.00%        24       0
 pin.c:fido_dev_set_pin_tx                  33       0 100.00%        48       0 100.00%
 pin.c:fido_dev_get_retry_count_wait        10       0 100.00%         9       0 100.00%
 pin.c:fido_dev_get_retry_count_tx          19       0 100.00%        28       0 100.00%
-pin.c:fido_dev_get_retry_count_rx          12       0 100.00%        21       0 100.00%
+pin.c:fido_dev_get_retry_count_rx          11       0 100.00%        21       0 100.00%
 pin.c:parse_retry_count                    13       0 100.00%        20       0 100.00%
 ---------------------------------------------------------------------------------------
-TOTAL                                     250       0 100.00%       364       0 100.00%
+TOTAL                                     248       0 100.00%       365       0 100.00%
 
-File '/home/pedro/projects/libfido2/src/reset.c':
+File '/libfido2/src/reset.c':
 Name                                  Regions    Miss   Cover     Lines    Miss   Cover
 ---------------------------------------------------------------------------------------
 fido_dev_reset                              1       0 100.00%         3       0 100.00%
 reset.c:fido_dev_reset_wait                10       0 100.00%         9       0 100.00%
-reset.c:fido_dev_reset_tx                   9       0 100.00%        11       0 100.00%
+reset.c:fido_dev_reset_tx                   8       0 100.00%        10       0 100.00%
 ---------------------------------------------------------------------------------------
-TOTAL                                      20       0 100.00%        23       0 100.00%
+TOTAL                                      19       0 100.00%        22       0 100.00%
 
-File '/home/pedro/projects/libfido2/src/rs256.c':
+File '/libfido2/src/rs256.c':
 Name                                  Regions    Miss   Cover     Lines    Miss   Cover
 ---------------------------------------------------------------------------------------
-rs256_pk_decode                             8       0 100.00%        10       0 100.00%
+rs256_pk_decode                             8       8   0.00%        10      10   0.00%
 rs256_pk_new                                1       0 100.00%         3       0 100.00%
 rs256_pk_free                               6       0 100.00%        11       0 100.00%
 rs256_pk_from_ptr                           6       0 100.00%         8       0 100.00%
 rs256_pk_to_EVP_PKEY                       32       0 100.00%        48       0 100.00%
-rs256_pk_from_RSA                          32       6  81.25%        32       9  71.88%
-rs256.c:decode_rsa_pubkey                   9       0 100.00%        16       0 100.00%
-rs256.c:decode_bignum                       8       0 100.00%        12       0 100.00%
+rs256_pk_from_RSA                          32       4  87.50%        32       6  81.25%
+rs256.c:decode_rsa_pubkey                   9       9   0.00%        16      16   0.00%
+rs256.c:decode_bignum                       8       8   0.00%        12      12   0.00%
 ---------------------------------------------------------------------------------------
-TOTAL                                     102       6  94.12%       140       9  93.57%
+TOTAL                                     102      29  71.57%       140      44  68.57%
 
-File '/home/pedro/projects/libfido2/src/u2f.c':
+File '/libfido2/src/u2f.c':
 Name                                  Regions    Miss   Cover     Lines    Miss   Cover
 ---------------------------------------------------------------------------------------
-u2f_register                               70       1  98.57%        89       0 100.00%
-u2f_authenticate                           27       0 100.00%        33       0 100.00%
+u2f_register                               70       5  92.86%        88       7  92.05%
+u2f_authenticate                           32       4  87.50%        44       2  95.45%
 u2f.c:key_lookup                           44       0 100.00%        69       0 100.00%
-u2f.c:send_dummy_register                  31       1  96.77%        50       0 100.00%
+u2f.c:send_dummy_register                  31       5  83.87%        49       8  83.67%
 u2f.c:parse_register_reply                 57       0 100.00%        83       0 100.00%
-u2f.c:x5c_get                              21       1  95.24%        37       3  91.89%
+u2f.c:x5c_get                              21       2  90.48%        37       6  83.78%
 u2f.c:sig_get                               8       1  87.50%        16       6  62.50%
-u2f.c:encode_cred_authdata                 37       2  94.59%        82       6  92.68%
-u2f.c:cbor_blob_from_ec_point              22       0 100.00%        39       0 100.00%
-u2f.c:u2f_authenticate_single              34       2  94.12%        53       4  92.45%
-u2f.c:do_auth                              50       1  98.00%        72       0 100.00%
+u2f.c:encode_cred_authdata                 37       3  91.89%        82       9  89.02%
+u2f.c:cbor_blob_from_ec_point              22       1  95.45%        39       3  92.31%
+u2f.c:u2f_authenticate_single              36       2  94.44%        58       4  93.10%
+u2f.c:do_auth                              50       3  94.00%        71       4  94.37%
 u2f.c:parse_auth_reply                     23       2  91.30%        29       3  89.66%
 u2f.c:authdata_fake                        12       0 100.00%        34       0 100.00%
 ---------------------------------------------------------------------------------------
-TOTAL                                     436      11  97.48%       686      22  96.79%
+TOTAL                                     443      28  93.68%       699      52  92.56%
diff --git a/fuzz/fuzz_assert.c b/fuzz/fuzz_assert.c
index 0395345..5b72658 100644
--- a/fuzz/fuzz_assert.c
+++ b/fuzz/fuzz_assert.c
@@ -12,6 +12,10 @@
 #include <stdio.h>
 
 #include "mutator_aux.h"
+#include "wiredata_fido2.h"
+#include "wiredata_u2f.h"
+#include "dummy.h"
+
 #include "fido.h"
 #include "fido/es256.h"
 #include "fido/rs256.h"
@@ -54,140 +58,16 @@ struct param {
         uint8_t         uv;
 };
 
-/* Example parameters. */
-static const char dummy_rp_id[] = "localhost";
-static const char dummy_pin[] = "9}4gT:8d=A37Dh}U";
-
-static const uint8_t dummy_cdh[] = {
-        0xec, 0x8d, 0x8f, 0x78, 0x42, 0x4a, 0x2b, 0xb7,
-        0x82, 0x34, 0xaa, 0xca, 0x07, 0xa1, 0xf6, 0x56,
-        0x42, 0x1c, 0xb6, 0xf6, 0xb3, 0x00, 0x86, 0x52,
-        0x35, 0x2d, 0xa2, 0x62, 0x4a, 0xbe, 0x89, 0x76,
-};
-
-static const uint8_t dummy_es256[] = {
-        0xcc, 0x1b, 0x50, 0xac, 0xc4, 0x19, 0xf8, 0x3a,
-        0xee, 0x0a, 0x77, 0xd6, 0xf3, 0x53, 0xdb, 0xef,
-        0xf2, 0xb9, 0x5c, 0x2d, 0x8b, 0x1e, 0x52, 0x58,
-        0x88, 0xf4, 0x0b, 0x85, 0x1f, 0x40, 0x6d, 0x18,
-        0x15, 0xb3, 0xcc, 0x25, 0x7c, 0x38, 0x3d, 0xec,
-        0xdf, 0xad, 0xbd, 0x46, 0x91, 0xc3, 0xac, 0x30,
-        0x94, 0x2a, 0xf7, 0x78, 0x35, 0x70, 0x59, 0x6f,
-        0x28, 0xcb, 0x8e, 0x07, 0x85, 0xb5, 0x91, 0x96,
-};
-
-static const uint8_t dummy_rs256[] = {
-        0xd2, 0xa8, 0xc0, 0x11, 0x82, 0x9e, 0x57, 0x2e,
-        0x60, 0xae, 0x8c, 0xb0, 0x09, 0xe1, 0x58, 0x2b,
-        0x99, 0xec, 0xc3, 0x11, 0x1b, 0xef, 0x81, 0x49,
-        0x34, 0x53, 0x6a, 0x01, 0x65, 0x2c, 0x24, 0x09,
-        0x30, 0x87, 0x98, 0x51, 0x6e, 0x30, 0x4f, 0x60,
-        0xbd, 0x54, 0xd2, 0x54, 0xbd, 0x94, 0x42, 0xdd,
-        0x63, 0xe5, 0x2c, 0xc6, 0x04, 0x32, 0xc0, 0x8f,
-        0x72, 0xd5, 0xb4, 0xf0, 0x4f, 0x42, 0xe5, 0xb0,
-        0xa2, 0x95, 0x11, 0xfe, 0xd8, 0xb0, 0x65, 0x34,
-        0xff, 0xfb, 0x44, 0x97, 0x52, 0xfc, 0x67, 0x23,
-        0x0b, 0xad, 0xf3, 0x3a, 0x82, 0xd4, 0x96, 0x10,
-        0x87, 0x6b, 0xfa, 0xd6, 0x51, 0x60, 0x3e, 0x1c,
-        0xae, 0x19, 0xb8, 0xce, 0x08, 0xae, 0x9a, 0xee,
-        0x78, 0x16, 0x22, 0xcc, 0x92, 0xcb, 0xa8, 0x95,
-        0x34, 0xe5, 0xb9, 0x42, 0x6a, 0xf0, 0x2e, 0x82,
-        0x1f, 0x4c, 0x7d, 0x84, 0x94, 0x68, 0x7b, 0x97,
-        0x2b, 0xf7, 0x7d, 0x67, 0x83, 0xbb, 0xc7, 0x8a,
-        0x31, 0x5a, 0xf3, 0x2a, 0x95, 0xdf, 0x63, 0xe7,
-        0x4e, 0xee, 0x26, 0xda, 0x87, 0x00, 0xe2, 0x23,
-        0x4a, 0x33, 0x9a, 0xa0, 0x1b, 0xce, 0x60, 0x1f,
-        0x98, 0xa1, 0xb0, 0xdb, 0xbf, 0x20, 0x59, 0x27,
-        0xf2, 0x06, 0xd9, 0xbe, 0x37, 0xa4, 0x03, 0x6b,
-        0x6a, 0x4e, 0xaf, 0x22, 0x68, 0xf3, 0xff, 0x28,
-        0x59, 0x05, 0xc9, 0xf1, 0x28, 0xf4, 0xbb, 0x35,
-        0xe0, 0xc2, 0x68, 0xc2, 0xaa, 0x54, 0xac, 0x8c,
-        0xc1, 0x69, 0x9e, 0x4b, 0x32, 0xfc, 0x53, 0x58,
-        0x85, 0x7d, 0x3f, 0x51, 0xd1, 0xc9, 0x03, 0x02,
-        0x13, 0x61, 0x62, 0xda, 0xf8, 0xfe, 0x3e, 0xc8,
-        0x95, 0x12, 0xfb, 0x0c, 0xdf, 0x06, 0x65, 0x6f,
-        0x23, 0xc7, 0x83, 0x7c, 0x50, 0x2d, 0x27, 0x25,
-        0x4d, 0xbf, 0x94, 0xf0, 0x89, 0x04, 0xb9, 0x2d,
-        0xc4, 0xa5, 0x32, 0xa9, 0x25, 0x0a, 0x99, 0x59,
-        0x01, 0x00, 0x01,
-};
-
-static const uint8_t dummy_eddsa[] = {
-        0xfe, 0x8b, 0x61, 0x50, 0x31, 0x7a, 0xe6, 0xdf,
-        0xb1, 0x04, 0x9d, 0x4d, 0xb5, 0x7a, 0x5e, 0x96,
-        0x4c, 0xb2, 0xf9, 0x5f, 0x72, 0x47, 0xb5, 0x18,
-        0xe2, 0x39, 0xdf, 0x2f, 0x87, 0x19, 0xb3, 0x02,
-};
-
 /*
  * Collection of HID reports from an authenticator issued with a FIDO2
  * get assertion using the example parameters above.
  */
 static const uint8_t dummy_wire_data_fido[] = {
-        0xff, 0xff, 0xff, 0xff, 0x86, 0x00, 0x11, 0xf7,
-        0x6f, 0xda, 0x52, 0xfd, 0xcb, 0xb6, 0x24, 0x00,
-        0x92, 0x00, 0x0e, 0x02, 0x05, 0x00, 0x02, 0x05,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x92, 0x00, 0x0e, 0x90, 0x00, 0x51, 0x00,
-        0xa1, 0x01, 0xa5, 0x01, 0x02, 0x03, 0x38, 0x18,
-        0x20, 0x01, 0x21, 0x58, 0x20, 0xe9, 0x1d, 0x9b,
-        0xac, 0x14, 0x25, 0x5f, 0xda, 0x1e, 0x11, 0xdb,
-        0xae, 0xc2, 0x90, 0x22, 0xca, 0x32, 0xec, 0x32,
-        0xe6, 0x05, 0x15, 0x44, 0xe5, 0xe8, 0xbc, 0x4f,
-        0x0a, 0xb6, 0x1a, 0xeb, 0x11, 0x22, 0x58, 0x20,
-        0xcc, 0x72, 0xf0, 0x22, 0xe8, 0x28, 0x82, 0xc5,
-        0x00, 0x92, 0x00, 0x0e, 0x00, 0xa6, 0x65, 0x6e,
-        0xff, 0x1e, 0xe3, 0x7f, 0x27, 0x44, 0x2d, 0xfb,
-        0x8d, 0x41, 0xfa, 0x85, 0x0e, 0xcb, 0xda, 0x95,
-        0x64, 0x64, 0x9b, 0x1f, 0x34, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x92, 0x00, 0x0e, 0x90, 0x00, 0x14, 0x00,
-        0xa1, 0x02, 0x50, 0xee, 0x40, 0x4c, 0x85, 0xd7,
-        0xa1, 0x2f, 0x56, 0xc4, 0x4e, 0xc5, 0x93, 0x41,
-        0xd0, 0x3b, 0x23, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x92, 0x00, 0x0e, 0x90, 0x00, 0xcb, 0x00,
-        0xa3, 0x01, 0xa2, 0x62, 0x69, 0x64, 0x58, 0x40,
-        0x4a, 0x4c, 0x9e, 0xcc, 0x81, 0x7d, 0x42, 0x03,
-        0x2b, 0x41, 0xd1, 0x38, 0xd3, 0x49, 0xb4, 0xfc,
-        0xfb, 0xe4, 0x4e, 0xe4, 0xff, 0x76, 0x34, 0x16,
-        0x68, 0x06, 0x9d, 0xa6, 0x01, 0x32, 0xb9, 0xff,
-        0xc2, 0x35, 0x0d, 0x89, 0x43, 0x66, 0x12, 0xf8,
-        0x8e, 0x5b, 0xde, 0xf4, 0xcc, 0xec, 0x9d, 0x03,
-        0x00, 0x92, 0x00, 0x0e, 0x00, 0x85, 0xc2, 0xf5,
-        0xe6, 0x8e, 0xeb, 0x3f, 0x3a, 0xec, 0xc3, 0x1d,
-        0x04, 0x6e, 0xf3, 0x5b, 0x88, 0x64, 0x74, 0x79,
-        0x70, 0x65, 0x6a, 0x70, 0x75, 0x62, 0x6c, 0x69,
-        0x63, 0x2d, 0x6b, 0x65, 0x79, 0x02, 0x58, 0x25,
-        0x49, 0x96, 0x0d, 0xe5, 0x88, 0x0e, 0x8c, 0x68,
-        0x74, 0x34, 0x17, 0x0f, 0x64, 0x76, 0x60, 0x5b,
-        0x8f, 0xe4, 0xae, 0xb9, 0xa2, 0x86, 0x32, 0xc7,
-        0x00, 0x92, 0x00, 0x0e, 0x01, 0x99, 0x5c, 0xf3,
-        0xba, 0x83, 0x1d, 0x97, 0x63, 0x04, 0x00, 0x00,
-        0x00, 0x09, 0x03, 0x58, 0x47, 0x30, 0x45, 0x02,
-        0x21, 0x00, 0xcf, 0x3f, 0x36, 0x0e, 0x1f, 0x6f,
-        0xd6, 0xa0, 0x9d, 0x13, 0xcf, 0x55, 0xf7, 0x49,
-        0x8f, 0xc8, 0xc9, 0x03, 0x12, 0x76, 0x41, 0x75,
-        0x7b, 0xb5, 0x0a, 0x90, 0xa5, 0x82, 0x26, 0xf1,
-        0x6b, 0x80, 0x02, 0x20, 0x34, 0x9b, 0x7a, 0x82,
-        0x00, 0x92, 0x00, 0x0e, 0x02, 0xd3, 0xe1, 0x79,
-        0x49, 0x55, 0x41, 0x9f, 0xa4, 0x06, 0x06, 0xbd,
-        0xc8, 0xb9, 0x2b, 0x5f, 0xe1, 0xa7, 0x99, 0x1c,
-        0xa1, 0xfc, 0x7e, 0x3e, 0xd5, 0x85, 0x2e, 0x11,
-        0x75, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+        WIREDATA_CTAP_INIT,
+        WIREDATA_CTAP_CBOR_INFO,
+        WIREDATA_CTAP_CBOR_AUTHKEY,
+        WIREDATA_CTAP_CBOR_PINTOKEN,
+        WIREDATA_CTAP_CBOR_ASSERT,
 };
 
 /*
@@ -195,102 +75,12 @@ static const uint8_t dummy_wire_data_fido[] = {
  * authentication using the example parameters above.
  */
 static const uint8_t dummy_wire_data_u2f[] = {
-        0xff, 0xff, 0xff, 0xff, 0x86, 0x00, 0x11, 0x0f,
-        0x26, 0x9c, 0xd3, 0x87, 0x0d, 0x7b, 0xf6, 0x00,
-        0x00, 0x99, 0x01, 0x02, 0x01, 0x01, 0x00, 0x01,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x99, 0x01, 0x83, 0x00, 0x02, 0x69,
-        0x85, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x99, 0x01, 0x83, 0x00, 0x02, 0x69,
-        0x85, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x99, 0x01, 0x83, 0x00, 0x02, 0x69,
-        0x85, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x99, 0x01, 0x83, 0x00, 0x02, 0x69,
-        0x85, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x99, 0x01, 0x83, 0x00, 0x02, 0x69,
-        0x85, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x99, 0x01, 0x83, 0x00, 0x02, 0x69,
-        0x85, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x99, 0x01, 0x83, 0x00, 0x02, 0x69,
-        0x85, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x99, 0x01, 0x83, 0x00, 0x02, 0x69,
-        0x85, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x99, 0x01, 0x83, 0x00, 0x02, 0x69,
-        0x85, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x99, 0x01, 0x83, 0x00, 0x4e, 0x01,
-        0x00, 0x00, 0x00, 0x2c, 0x30, 0x45, 0x02, 0x20,
-        0x1c, 0xf5, 0x7c, 0xf6, 0xde, 0xbe, 0xe9, 0x86,
-        0xee, 0x97, 0xb7, 0x64, 0xa3, 0x4e, 0x7a, 0x70,
-        0x85, 0xd0, 0x66, 0xf9, 0xf0, 0xcd, 0x04, 0x5d,
-        0x97, 0xf2, 0x3c, 0x22, 0xe3, 0x0e, 0x61, 0xc8,
-        0x02, 0x21, 0x00, 0x97, 0xef, 0xae, 0x36, 0xe6,
-        0x17, 0x9f, 0x5e, 0x2d, 0xd7, 0x8c, 0x34, 0xa7,
-        0x00, 0x00, 0x99, 0x01, 0x00, 0xa1, 0xe9, 0xfb,
-        0x8f, 0x86, 0x8c, 0xe3, 0x1e, 0xde, 0x3f, 0x4e,
-        0x1b, 0xe1, 0x2f, 0x8f, 0x2f, 0xca, 0x42, 0x26,
-        0x90, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+        WIREDATA_CTAP_INIT,
+        WIREDATA_CTAP_U2F_6985,
+        WIREDATA_CTAP_U2F_6985,
+        WIREDATA_CTAP_U2F_6985,
+        WIREDATA_CTAP_U2F_6985,
+        WIREDATA_CTAP_U2F_AUTH,
 };
 
 int    LLVMFuzzerTestOneInput(const uint8_t *, size_t);
@@ -346,6 +136,13 @@ pack(uint8_t *ptr, size_t len, const struct param *p)
         return (max - len);
 }
 
+static size_t
+input_len(int max)
+{
+        return (5 * len_byte() + 2 * len_int() + 2 * len_string(max) +
+            6 * len_blob(max));
+}
+
 static void
 get_assert(fido_assert_t *assert, uint8_t u2f, const struct blob *cdh,
     const char *rp_id, int ext, uint8_t up, uint8_t uv, const char *pin,
@@ -354,6 +151,8 @@ get_assert(fido_assert_t *assert, uint8_t u2f, const struct blob *cdh,
         fido_dev_t      *dev;
         fido_dev_io_t    io;
 
+        memset(&io, 0, sizeof(io));
+
         io.open = dev_open;
         io.close = dev_close;
         io.read = dev_read;
@@ -478,12 +277,14 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 
         memset(&p, 0, sizeof(p));
 
-        if (unpack(data, size, &p) < 0)
+        if (size < input_len(GETLEN_MIN) || size > input_len(GETLEN_MAX) ||
+            unpack(data, size, &p) < 0)
                 return (0);
 
-        srandom((unsigned int)p.seed);
+        prng_init((unsigned int)p.seed);
 
-        fido_init(0);
+        fido_init(FIDO_DEBUG);
+        fido_set_log_handler(consume_str);
 
         switch (p.type & 3) {
         case 0:
@@ -577,18 +378,20 @@ pack_dummy(uint8_t *ptr, size_t len)
 
         memset(&dummy, 0, sizeof(dummy));
 
-        dummy.type = 1;
+        dummy.type = 1; /* rsa */
         dummy.ext = FIDO_EXT_HMAC_SECRET;
 
         strlcpy(dummy.pin, dummy_pin, sizeof(dummy.pin));
         strlcpy(dummy.rp_id, dummy_rp_id, sizeof(dummy.rp_id));
 
+        dummy.cred.len = sizeof(dummy_cdh); /* XXX */
         dummy.cdh.len = sizeof(dummy_cdh);
         dummy.es256.len = sizeof(dummy_es256);
         dummy.rs256.len = sizeof(dummy_rs256);
         dummy.eddsa.len = sizeof(dummy_eddsa);
         dummy.wire_data.len = sizeof(dummy_wire_data_fido);
 
+        memcpy(&dummy.cred.body, &dummy_cdh, dummy.cred.len); /* XXX */
         memcpy(&dummy.cdh.body, &dummy_cdh, dummy.cdh.len);
         memcpy(&dummy.wire_data.body, &dummy_wire_data_fido,
             dummy.wire_data.len);
diff --git a/fuzz/fuzz_bio.c b/fuzz/fuzz_bio.c
index f1596a7..05f6ce3 100644
--- a/fuzz/fuzz_bio.c
+++ b/fuzz/fuzz_bio.c
@@ -11,6 +11,9 @@
 #include <stdio.h>
 
 #include "mutator_aux.h"
+#include "wiredata_fido2.h"
+#include "dummy.h"
+
 #include "fido.h"
 #include "fido/bio.h"
 
@@ -39,32 +42,14 @@ struct param {
         struct blob     remove_wire_data;
 };
 
-/* Example parameters. */
-static const uint8_t dummy_id[] = { 0x5e, 0xd2, };
-static const char dummy_pin[] = "3Q;I){TAx";
-static const char dummy_name[] = "finger1";
-
 /*
  * Collection of HID reports from an authenticator issued with a FIDO2
  * 'getFingerprintSensorInfo' bio enrollment command.
  */
 static const uint8_t dummy_info_wire_data[] = {
-        0xff, 0xff, 0xff, 0xff, 0x86, 0x00, 0x11, 0xf0,
-        0x08, 0xc1, 0x8f, 0x76, 0x4b, 0x8f, 0xa9, 0x00,
-        0x10, 0x00, 0x04, 0x02, 0x00, 0x04, 0x06, 0x05,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x10, 0x00, 0x04, 0x90, 0x00, 0x06, 0x00,
-        0xa2, 0x02, 0x01, 0x03, 0x04, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        WIREDATA_CTAP_INIT,
+        WIREDATA_CTAP_CBOR_INFO,
+        WIREDATA_CTAP_CBOR_BIO_INFO,
 };
 
 /*
@@ -72,221 +57,11 @@ static const uint8_t dummy_info_wire_data[] = {
  * 'enrollBegin' + 'enrollCaptureNextSample' bio enrollment commands.
  */
 static const uint8_t dummy_enroll_wire_data[] = {
-        0xff, 0xff, 0xff, 0xff, 0x86, 0x00, 0x11, 0x06,
-        0xb4, 0xba, 0x2e, 0xb3, 0x88, 0x24, 0x38, 0x00,
-        0x0a, 0x00, 0x05, 0x02, 0x00, 0x04, 0x06, 0x05,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x0a, 0x00, 0x05, 0x90, 0x00, 0x51, 0x00,
-        0xa1, 0x01, 0xa5, 0x01, 0x02, 0x03, 0x38, 0x18,
-        0x20, 0x01, 0x21, 0x58, 0x20, 0xc9, 0x12, 0x01,
-        0xab, 0x88, 0xd7, 0x0a, 0x24, 0xdd, 0xdc, 0xde,
-        0x16, 0x27, 0x50, 0x77, 0x37, 0x06, 0xd3, 0x48,
-        0xe6, 0xf9, 0xdb, 0xaa, 0x10, 0x83, 0x81, 0xac,
-        0x13, 0x3c, 0xf9, 0x77, 0x2d, 0x22, 0x58, 0x20,
-        0xda, 0x20, 0x71, 0x03, 0x01, 0x40, 0xac, 0xd0,
-        0x00, 0x0a, 0x00, 0x05, 0x00, 0xb8, 0xdf, 0x2a,
-        0x95, 0xd3, 0x88, 0x1c, 0x06, 0x34, 0x30, 0xf1,
-        0xf3, 0xcd, 0x27, 0x40, 0x90, 0x5c, 0xc6, 0x74,
-        0x66, 0xff, 0x10, 0xde, 0xb6, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x0a, 0x00, 0x05, 0x90, 0x00, 0x14, 0x00,
-        0xa1, 0x02, 0x50, 0x18, 0x81, 0xff, 0xf2, 0xf5,
-        0xde, 0x74, 0x43, 0xd5, 0xe0, 0x77, 0x37, 0x6b,
-        0x6c, 0x18, 0x6b, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x0a, 0x00, 0x05, 0xbb, 0x00, 0x01, 0x02,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x0a, 0x00, 0x05, 0xbb, 0x00, 0x01, 0x02,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x0a, 0x00, 0x05, 0xbb, 0x00, 0x01, 0x02,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x0a, 0x00, 0x05, 0xbb, 0x00, 0x01, 0x02,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x0a, 0x00, 0x05, 0xbb, 0x00, 0x01, 0x02,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x0a, 0x00, 0x05, 0xbb, 0x00, 0x01, 0x02,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x0a, 0x00, 0x05, 0xbb, 0x00, 0x01, 0x02,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x0a, 0x00, 0x05, 0xbb, 0x00, 0x01, 0x02,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x0a, 0x00, 0x05, 0xbb, 0x00, 0x01, 0x02,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x0a, 0x00, 0x05, 0xbb, 0x00, 0x01, 0x02,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x0a, 0x00, 0x05, 0x90, 0x00, 0x0a, 0x00,
-        0xa3, 0x04, 0x42, 0x68, 0x96, 0x05, 0x00, 0x06,
-        0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x0a, 0x00, 0x05, 0xbb, 0x00, 0x01, 0x02,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x0a, 0x00, 0x05, 0xbb, 0x00, 0x01, 0x02,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x0a, 0x00, 0x05, 0xbb, 0x00, 0x01, 0x02,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x0a, 0x00, 0x05, 0xbb, 0x00, 0x01, 0x02,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x0a, 0x00, 0x05, 0xbb, 0x00, 0x01, 0x02,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x0a, 0x00, 0x05, 0x90, 0x00, 0x06, 0x00,
-        0xa2, 0x05, 0x00, 0x06, 0x01, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x0a, 0x00, 0x05, 0xbb, 0x00, 0x01, 0x02,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x0a, 0x00, 0x05, 0xbb, 0x00, 0x01, 0x02,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x0a, 0x00, 0x05, 0xbb, 0x00, 0x01, 0x02,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x0a, 0x00, 0x05, 0xbb, 0x00, 0x01, 0x02,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x0a, 0x00, 0x05, 0xbb, 0x00, 0x01, 0x02,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x0a, 0x00, 0x05, 0x90, 0x00, 0x06, 0x00,
-        0xa2, 0x05, 0x00, 0x06, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        WIREDATA_CTAP_INIT,
+        WIREDATA_CTAP_CBOR_INFO,
+        WIREDATA_CTAP_CBOR_AUTHKEY,
+        WIREDATA_CTAP_CBOR_PINTOKEN,
+        WIREDATA_CTAP_CBOR_BIO_ENROLL,
 };
 
 /*
@@ -294,46 +69,11 @@ static const uint8_t dummy_enroll_wire_data[] = {
  * 'enumerateEnrollments' bio enrollment command.
  */
 static const uint8_t dummy_list_wire_data[] = {
-        0xff, 0xff, 0xff, 0xff, 0x86, 0x00, 0x11, 0xae,
-        0x21, 0x88, 0x51, 0x09, 0x6f, 0xd7, 0xbb, 0x00,
-        0x10, 0x00, 0x0f, 0x02, 0x00, 0x04, 0x06, 0x05,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x10, 0x00, 0x0f, 0x90, 0x00, 0x51, 0x00,
-        0xa1, 0x01, 0xa5, 0x01, 0x02, 0x03, 0x38, 0x18,
-        0x20, 0x01, 0x21, 0x58, 0x20, 0x5a, 0x70, 0x63,
-        0x11, 0x5b, 0xa6, 0xe1, 0x8e, 0x4a, 0xb0, 0x75,
-        0xe7, 0xfd, 0x39, 0x26, 0x29, 0xed, 0x69, 0xb0,
-        0xc1, 0x1f, 0xa5, 0x7d, 0xcb, 0x64, 0x1e, 0x7c,
-        0x9f, 0x60, 0x5e, 0xb2, 0xf8, 0x22, 0x58, 0x20,
-        0xec, 0xe9, 0x1b, 0x11, 0xac, 0x2a, 0x0d, 0xd5,
-        0x00, 0x10, 0x00, 0x0f, 0x00, 0x3b, 0x9f, 0xba,
-        0x0f, 0x25, 0xd5, 0x24, 0x33, 0x4c, 0x5d, 0x0f,
-        0x63, 0xbf, 0xf1, 0xf3, 0x64, 0x55, 0x78, 0x1a,
-        0x59, 0x6e, 0x65, 0x59, 0xfc, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x10, 0x00, 0x0f, 0x90, 0x00, 0x14, 0x00,
-        0xa1, 0x02, 0x50, 0xb9, 0x31, 0x34, 0xe2, 0x71,
-        0x6a, 0x8e, 0xa3, 0x60, 0xec, 0x5e, 0xd2, 0x13,
-        0x2e, 0x19, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x10, 0x00, 0x0f, 0x90, 0x00, 0x2e, 0x00,
-        0xa1, 0x07, 0x83, 0xa2, 0x01, 0x42, 0xce, 0xa3,
-        0x02, 0x67, 0x66, 0x69, 0x6e, 0x67, 0x65, 0x72,
-        0x31, 0xa2, 0x01, 0x42, 0xbf, 0x5e, 0x02, 0x67,
-        0x66, 0x69, 0x6e, 0x67, 0x65, 0x72, 0x32, 0xa2,
-        0x01, 0x42, 0x5e, 0xd2, 0x02, 0x67, 0x66, 0x69,
-        0x6e, 0x67, 0x65, 0x72, 0x33, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+        WIREDATA_CTAP_INIT,
+        WIREDATA_CTAP_CBOR_INFO,
+        WIREDATA_CTAP_CBOR_AUTHKEY,
+        WIREDATA_CTAP_CBOR_PINTOKEN,
+        WIREDATA_CTAP_CBOR_BIO_ENUM,
 };
 
 /*
@@ -341,46 +81,11 @@ static const uint8_t dummy_list_wire_data[] = {
  * 'setFriendlyName' bio enrollment command.
  */
 static const uint8_t dummy_set_name_wire_data[] = {
-        0xff, 0xff, 0xff, 0xff, 0x86, 0x00, 0x11, 0xac,
-        0x48, 0xfd, 0xbd, 0xdd, 0x36, 0x24, 0x4d, 0x00,
-        0x10, 0x00, 0x10, 0x02, 0x00, 0x04, 0x06, 0x05,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x10, 0x00, 0x10, 0x90, 0x00, 0x51, 0x00,
-        0xa1, 0x01, 0xa5, 0x01, 0x02, 0x03, 0x38, 0x18,
-        0x20, 0x01, 0x21, 0x58, 0x20, 0x5a, 0x70, 0x63,
-        0x11, 0x5b, 0xa6, 0xe1, 0x8e, 0x4a, 0xb0, 0x75,
-        0xe7, 0xfd, 0x39, 0x26, 0x29, 0xed, 0x69, 0xb0,
-        0xc1, 0x1f, 0xa5, 0x7d, 0xcb, 0x64, 0x1e, 0x7c,
-        0x9f, 0x60, 0x5e, 0xb2, 0xf8, 0x22, 0x58, 0x20,
-        0xec, 0xe9, 0x1b, 0x11, 0xac, 0x2a, 0x0d, 0xd5,
-        0x00, 0x10, 0x00, 0x10, 0x00, 0x3b, 0x9f, 0xba,
-        0x0f, 0x25, 0xd5, 0x24, 0x33, 0x4c, 0x5d, 0x0f,
-        0x63, 0xbf, 0xf1, 0xf3, 0x64, 0x55, 0x78, 0x1a,
-        0x59, 0x6e, 0x65, 0x59, 0xfc, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x10, 0x00, 0x10, 0x90, 0x00, 0x14, 0x00,
-        0xa1, 0x02, 0x50, 0x40, 0x95, 0xf3, 0xcb, 0xae,
-        0xf2, 0x8d, 0xd9, 0xe0, 0xe0, 0x8a, 0xbd, 0xc3,
-        0x03, 0x58, 0x49, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x10, 0x00, 0x10, 0x90, 0x00, 0x01, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        WIREDATA_CTAP_INIT,
+        WIREDATA_CTAP_CBOR_INFO,
+        WIREDATA_CTAP_CBOR_AUTHKEY,
+        WIREDATA_CTAP_CBOR_PINTOKEN,
+        WIREDATA_CTAP_CBOR_STATUS,
 };
 
 /*
@@ -388,46 +93,11 @@ static const uint8_t dummy_set_name_wire_data[] = {
  * 'removeEnrollment' bio enrollment command.
  */
 static const uint8_t dummy_remove_wire_data[] = {
-        0xff, 0xff, 0xff, 0xff, 0x86, 0x00, 0x11, 0x4b,
-        0x24, 0xde, 0xd9, 0x06, 0x57, 0x1a, 0xbd, 0x00,
-        0x10, 0x00, 0x15, 0x02, 0x00, 0x04, 0x06, 0x05,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x10, 0x00, 0x15, 0x90, 0x00, 0x51, 0x00,
-        0xa1, 0x01, 0xa5, 0x01, 0x02, 0x03, 0x38, 0x18,
-        0x20, 0x01, 0x21, 0x58, 0x20, 0x5a, 0x70, 0x63,
-        0x11, 0x5b, 0xa6, 0xe1, 0x8e, 0x4a, 0xb0, 0x75,
-        0xe7, 0xfd, 0x39, 0x26, 0x29, 0xed, 0x69, 0xb0,
-        0xc1, 0x1f, 0xa5, 0x7d, 0xcb, 0x64, 0x1e, 0x7c,
-        0x9f, 0x60, 0x5e, 0xb2, 0xf8, 0x22, 0x58, 0x20,
-        0xec, 0xe9, 0x1b, 0x11, 0xac, 0x2a, 0x0d, 0xd5,
-        0x00, 0x10, 0x00, 0x15, 0x00, 0x3b, 0x9f, 0xba,
-        0x0f, 0x25, 0xd5, 0x24, 0x33, 0x4c, 0x5d, 0x0f,
-        0x63, 0xbf, 0xf1, 0xf3, 0x64, 0x55, 0x78, 0x1a,
-        0x59, 0x6e, 0x65, 0x59, 0xfc, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x10, 0x00, 0x15, 0x90, 0x00, 0x14, 0x00,
-        0xa1, 0x02, 0x50, 0xb0, 0xd0, 0x71, 0x2f, 0xa7,
-        0x8b, 0x89, 0xbd, 0xca, 0xa4, 0x1e, 0x6c, 0x43,
-        0xa1, 0x71, 0x48, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x10, 0x00, 0x15, 0x90, 0x00, 0x01, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        WIREDATA_CTAP_INIT,
+        WIREDATA_CTAP_CBOR_INFO,
+        WIREDATA_CTAP_CBOR_AUTHKEY,
+        WIREDATA_CTAP_CBOR_PINTOKEN,
+        WIREDATA_CTAP_CBOR_STATUS,
 };
 
 int    LLVMFuzzerTestOneInput(const uint8_t *, size_t);
@@ -471,12 +141,20 @@ pack(uint8_t *ptr, size_t len, const struct param *p)
         return (max - len);
 }
 
+static size_t
+input_len(int max)
+{
+        return (2 * len_string(max) + len_int() + 6 * len_blob(max));
+}
+
 static fido_dev_t *
 prepare_dev()
 {
         fido_dev_t      *dev;
         fido_dev_io_t    io;
 
+        memset(&io, 0, sizeof(io));
+
         io.open = dev_open;
         io.close = dev_close;
         io.read = dev_read;
@@ -659,12 +337,14 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 
         memset(&p, 0, sizeof(p));
 
-        if (unpack(data, size, &p) < 0)
+        if (size < input_len(GETLEN_MIN) || size > input_len(GETLEN_MAX) ||
+            unpack(data, size, &p) < 0)
                 return (0);
 
-        srandom((unsigned int)p.seed);
+        prng_init((unsigned int)p.seed);
 
-        fido_init(0);
+        fido_init(FIDO_DEBUG);
+        fido_set_log_handler(consume_str);
 
         get_info(&p);
         enroll(&p);
diff --git a/fuzz/fuzz_cred.c b/fuzz/fuzz_cred.c
index 7bd1d3c..cc37903 100644
--- a/fuzz/fuzz_cred.c
+++ b/fuzz/fuzz_cred.c
@@ -11,6 +11,9 @@
 #include <stdio.h>
 
 #include "mutator_aux.h"
+#include "wiredata_fido2.h"
+#include "wiredata_u2f.h"
+#include "dummy.h"
 #include "fido.h"
 
 #include "../openbsd-compat/openbsd-compat.h"
@@ -54,281 +57,19 @@ struct param {
         uint8_t         uv;
 };
 
-/* Example parameters. */
-static const char dummy_rp_id[] = "localhost";
-static const char dummy_rp_name[] = "sweet home localhost";
-static const char dummy_pin[] = "9}4gT:8d=A37Dh}U";
-static const char dummy_user_icon[] = "an icon";
-static const char dummy_user_name[] = "john smith";
-static const char dummy_user_nick[] = "jsmith";
-
-static const uint8_t dummy_cdh[] = {
-        0xf9, 0x64, 0x57, 0xe7, 0x2d, 0x97, 0xf6, 0xbb,
-        0xdd, 0xd7, 0xfb, 0x06, 0x37, 0x62, 0xea, 0x26,
-        0x20, 0x44, 0x8e, 0x69, 0x7c, 0x03, 0xf2, 0x31,
-        0x2f, 0x99, 0xdc, 0xaf, 0x3e, 0x8a, 0x91, 0x6b,
-};
-
-static const uint8_t dummy_user_id[] = {
-        0x78, 0x1c, 0x78, 0x60, 0xad, 0x88, 0xd2, 0x63,
-        0x32, 0x62, 0x2a, 0xf1, 0x74, 0x5d, 0xed, 0xb2,
-        0xe7, 0xa4, 0x2b, 0x44, 0x89, 0x29, 0x39, 0xc5,
-        0x56, 0x64, 0x01, 0x27, 0x0d, 0xbb, 0xc4, 0x49,
-};
-
 /*
  * Collection of HID reports from an authenticator issued with a FIDO2
  * make credential using the example parameters above.
  */
 static const uint8_t dummy_wire_data_fido[] = {
-        0xff, 0xff, 0xff, 0xff, 0x86, 0x00, 0x11, 0xb0,
-        0x84, 0xeb, 0xec, 0x4d, 0x97, 0x72, 0x09, 0x00,
-        0x91, 0x00, 0x03, 0x02, 0x05, 0x00, 0x02, 0x05,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x91, 0x00, 0x03, 0x90, 0x00, 0x51, 0x00,
-        0xa1, 0x01, 0xa5, 0x01, 0x02, 0x03, 0x38, 0x18,
-        0x20, 0x01, 0x21, 0x58, 0x20, 0x69, 0xf2, 0x7d,
-        0x37, 0x57, 0xda, 0x11, 0xba, 0x42, 0xde, 0x79,
-        0xe4, 0xab, 0x8d, 0x73, 0x63, 0xee, 0x66, 0x9e,
-        0x8a, 0x70, 0xa9, 0xb5, 0xf6, 0x38, 0x4f, 0x5b,
-        0xdf, 0xe1, 0xa0, 0xa4, 0xff, 0x22, 0x58, 0x20,
-        0x8a, 0xcb, 0x23, 0x2e, 0x93, 0xdb, 0xe0, 0xa4,
-        0x00, 0x91, 0x00, 0x03, 0x00, 0xbb, 0xb5, 0x60,
-        0x19, 0x18, 0x8b, 0x4d, 0xb8, 0x88, 0x6e, 0x13,
-        0x75, 0xac, 0x00, 0x19, 0x27, 0x80, 0xcc, 0x63,
-        0xc4, 0xbf, 0xfe, 0x4b, 0x4a, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x91, 0x00, 0x03, 0x90, 0x00, 0x14, 0x00,
-        0xa1, 0x02, 0x50, 0x10, 0x89, 0x77, 0x43, 0x3a,
-        0x58, 0xa2, 0xc9, 0x98, 0x18, 0x1a, 0xb1, 0xcc,
-        0x09, 0x6b, 0xd0, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x91, 0x00, 0x03, 0xbb, 0x00, 0x01, 0x02,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x91, 0x00, 0x03, 0xbb, 0x00, 0x01, 0x02,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x91, 0x00, 0x03, 0xbb, 0x00, 0x01, 0x02,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x91, 0x00, 0x03, 0xbb, 0x00, 0x01, 0x02,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x91, 0x00, 0x03, 0xbb, 0x00, 0x01, 0x02,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x91, 0x00, 0x03, 0xbb, 0x00, 0x01, 0x02,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x91, 0x00, 0x03, 0xbb, 0x00, 0x01, 0x02,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x91, 0x00, 0x03, 0xbb, 0x00, 0x01, 0x02,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x91, 0x00, 0x03, 0xbb, 0x00, 0x01, 0x02,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x91, 0x00, 0x03, 0xbb, 0x00, 0x01, 0x02,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x91, 0x00, 0x03, 0x90, 0x03, 0xe1, 0x00,
-        0xa3, 0x01, 0x66, 0x70, 0x61, 0x63, 0x6b, 0x65,
-        0x64, 0x02, 0x58, 0xc4, 0x49, 0x96, 0x0d, 0xe5,
-        0x88, 0x0e, 0x8c, 0x68, 0x74, 0x34, 0x17, 0x0f,
-        0x64, 0x76, 0x60, 0x5b, 0x8f, 0xe4, 0xae, 0xb9,
-        0xa2, 0x86, 0x32, 0xc7, 0x99, 0x5c, 0xf3, 0xba,
-        0x83, 0x1d, 0x97, 0x63, 0x45, 0x00, 0x00, 0x00,
-        0x00, 0xf8, 0xa0, 0x11, 0xf3, 0x8c, 0x0a, 0x4d,
-        0x00, 0x91, 0x00, 0x03, 0x00, 0x15, 0x80, 0x06,
-        0x17, 0x11, 0x1f, 0x9e, 0xdc, 0x7d, 0x00, 0x40,
-        0xed, 0x88, 0x48, 0xa1, 0xdb, 0x56, 0x4d, 0x0f,
-        0x0d, 0xc8, 0x8f, 0x0f, 0xe9, 0x16, 0xb1, 0x78,
-        0xa9, 0x40, 0x98, 0x71, 0xa0, 0xb3, 0xf2, 0xcf,
-        0x05, 0x73, 0x6c, 0x12, 0xbf, 0x00, 0x96, 0xf3,
-        0x7b, 0x93, 0xba, 0x49, 0xee, 0x23, 0xb4, 0x78,
-        0x2e, 0xfb, 0xce, 0x27, 0xa8, 0xc2, 0x26, 0x78,
-        0x00, 0x91, 0x00, 0x03, 0x01, 0xcc, 0x95, 0x2d,
-        0x40, 0xdb, 0xd1, 0x40, 0x3d, 0x2b, 0xa3, 0x31,
-        0xa0, 0x75, 0x82, 0x63, 0xf0, 0xa5, 0x01, 0x02,
-        0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0x9d,
-        0x95, 0xa1, 0xb5, 0xd6, 0x11, 0xbf, 0xe2, 0x28,
-        0xa0, 0x7f, 0xca, 0x1e, 0xd9, 0x09, 0x0f, 0x0d,
-        0xe7, 0x8e, 0x29, 0xe8, 0x2e, 0x11, 0xdb, 0x55,
-        0x62, 0x13, 0xd7, 0x26, 0xc2, 0x7e, 0x2b, 0x22,
-        0x00, 0x91, 0x00, 0x03, 0x02, 0x58, 0x20, 0xbe,
-        0x74, 0x2a, 0xac, 0xde, 0x11, 0x40, 0x76, 0x31,
-        0x0b, 0xed, 0x55, 0xde, 0xf3, 0x03, 0xe4, 0x1c,
-        0xac, 0x42, 0x63, 0x8f, 0xe8, 0x30, 0x63, 0xb7,
-        0x07, 0x4e, 0x5d, 0xfb, 0x17, 0x5e, 0x9b, 0x03,
-        0xa3, 0x63, 0x61, 0x6c, 0x67, 0x26, 0x63, 0x73,
-        0x69, 0x67, 0x58, 0x48, 0x30, 0x46, 0x02, 0x21,
-        0x00, 0xfb, 0xd1, 0x26, 0x76, 0x34, 0x74, 0xac,
-        0x00, 0x91, 0x00, 0x03, 0x03, 0xf6, 0xd8, 0x5c,
-        0x5d, 0xbc, 0xda, 0xe0, 0x43, 0xe0, 0xa5, 0x42,
-        0x9f, 0xc7, 0xe2, 0x18, 0x3e, 0xe2, 0x2c, 0x94,
-        0x78, 0xbf, 0x9c, 0xeb, 0x3e, 0x9d, 0x02, 0x21,
-        0x00, 0xab, 0x21, 0x1b, 0xc4, 0x30, 0x69, 0xee,
-        0x7f, 0x09, 0xe6, 0x6b, 0x99, 0x98, 0x34, 0x07,
-        0x7b, 0x9a, 0x58, 0xb2, 0xe8, 0x77, 0xe0, 0xba,
-        0x7d, 0xab, 0x65, 0xf8, 0xba, 0x2a, 0xcb, 0x9a,
-        0x00, 0x91, 0x00, 0x03, 0x04, 0x41, 0x63, 0x78,
-        0x35, 0x63, 0x81, 0x59, 0x02, 0xb3, 0x30, 0x82,
-        0x02, 0xaf, 0x30, 0x82, 0x01, 0x97, 0xa0, 0x03,
-        0x02, 0x01, 0x02, 0x02, 0x04, 0x48, 0x5b, 0x3d,
-        0xb6, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48,
-        0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00,
-        0x30, 0x21, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03,
-        0x55, 0x04, 0x03, 0x0c, 0x16, 0x59, 0x75, 0x62,
-        0x00, 0x91, 0x00, 0x03, 0x05, 0x69, 0x63, 0x6f,
-        0x20, 0x46, 0x49, 0x44, 0x4f, 0x20, 0x50, 0x72,
-        0x65, 0x76, 0x69, 0x65, 0x77, 0x20, 0x43, 0x41,
-        0x30, 0x1e, 0x17, 0x0d, 0x31, 0x38, 0x30, 0x34,
-        0x31, 0x32, 0x31, 0x30, 0x35, 0x37, 0x31, 0x30,
-        0x5a, 0x17, 0x0d, 0x31, 0x38, 0x31, 0x32, 0x33,
-        0x31, 0x31, 0x30, 0x35, 0x37, 0x31, 0x30, 0x5a,
-        0x30, 0x6f, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03,
-        0x00, 0x91, 0x00, 0x03, 0x06, 0x55, 0x04, 0x06,
-        0x13, 0x02, 0x53, 0x45, 0x31, 0x12, 0x30, 0x10,
-        0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x09, 0x59,
-        0x75, 0x62, 0x69, 0x63, 0x6f, 0x20, 0x41, 0x42,
-        0x31, 0x22, 0x30, 0x20, 0x06, 0x03, 0x55, 0x04,
-        0x0b, 0x0c, 0x19, 0x41, 0x75, 0x74, 0x68, 0x65,
-        0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x6f, 0x72,
-        0x20, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61,
-        0x00, 0x91, 0x00, 0x03, 0x07, 0x74, 0x69, 0x6f,
-        0x6e, 0x31, 0x28, 0x30, 0x26, 0x06, 0x03, 0x55,
-        0x04, 0x03, 0x0c, 0x1f, 0x59, 0x75, 0x62, 0x69,
-        0x63, 0x6f, 0x20, 0x55, 0x32, 0x46, 0x20, 0x45,
-        0x45, 0x20, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c,
-        0x20, 0x31, 0x32, 0x31, 0x33, 0x39, 0x33, 0x39,
-        0x31, 0x32, 0x36, 0x30, 0x59, 0x30, 0x13, 0x06,
-        0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01,
-        0x00, 0x91, 0x00, 0x03, 0x08, 0x06, 0x08, 0x2a,
-        0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
-        0x42, 0x00, 0x04, 0xfb, 0x2c, 0xdd, 0x30, 0x43,
-        0x28, 0xc5, 0x72, 0x4a, 0x50, 0xcc, 0xe6, 0xf6,
-        0x0b, 0xad, 0x7d, 0x27, 0xa9, 0x1b, 0x59, 0xe1,
-        0xe6, 0x6f, 0x29, 0x7b, 0x89, 0xc9, 0xd4, 0x3d,
-        0xc2, 0xb2, 0xc7, 0x78, 0x89, 0xb4, 0xf0, 0xff,
-        0x9d, 0x02, 0x28, 0xcb, 0x94, 0x6d, 0xfc, 0xe0,
-        0x00, 0x91, 0x00, 0x03, 0x09, 0x1b, 0x19, 0x58,
-        0x9b, 0x67, 0x80, 0x4a, 0xac, 0x97, 0x7f, 0x28,
-        0x18, 0x9c, 0xcd, 0xb3, 0x25, 0x74, 0xca, 0x28,
-        0xa3, 0x6c, 0x30, 0x6a, 0x30, 0x22, 0x06, 0x09,
-        0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0xc4, 0x0a,
-        0x02, 0x04, 0x15, 0x31, 0x2e, 0x33, 0x2e, 0x36,
-        0x2e, 0x31, 0x2e, 0x34, 0x2e, 0x31, 0x2e, 0x34,
-        0x31, 0x34, 0x38, 0x32, 0x2e, 0x31, 0x2e, 0x36,
-        0x00, 0x91, 0x00, 0x03, 0x0a, 0x30, 0x13, 0x06,
-        0x0b, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0xe5,
-        0x1c, 0x02, 0x01, 0x01, 0x04, 0x04, 0x03, 0x02,
-        0x04, 0x30, 0x30, 0x21, 0x06, 0x0b, 0x2b, 0x06,
-        0x01, 0x04, 0x01, 0x82, 0xe5, 0x1c, 0x01, 0x01,
-        0x04, 0x04, 0x12, 0x04, 0x10, 0xf8, 0xa0, 0x11,
-        0xf3, 0x8c, 0x0a, 0x4d, 0x15, 0x80, 0x06, 0x17,
-        0x11, 0x1f, 0x9e, 0xdc, 0x7d, 0x30, 0x0c, 0x06,
-        0x00, 0x91, 0x00, 0x03, 0x0b, 0x03, 0x55, 0x1d,
-        0x13, 0x01, 0x01, 0xff, 0x04, 0x02, 0x30, 0x00,
-        0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
-        0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03,
-        0x82, 0x01, 0x01, 0x00, 0x32, 0xf3, 0xe4, 0xbd,
-        0x58, 0xd7, 0x42, 0x2b, 0xaf, 0x49, 0x99, 0x86,
-        0x08, 0x1f, 0x0d, 0xa9, 0x3b, 0xc6, 0xaa, 0x1c,
-        0x72, 0x11, 0xf9, 0x28, 0x53, 0xeb, 0xf3, 0xeb,
-        0x00, 0x91, 0x00, 0x03, 0x0c, 0x73, 0xda, 0x69,
-        0x3b, 0x06, 0xde, 0x31, 0x33, 0x8e, 0x5d, 0x02,
-        0xec, 0xf6, 0x76, 0xe9, 0x5c, 0x42, 0xbe, 0xa5,
-        0x8f, 0x25, 0xd3, 0x37, 0x3f, 0x77, 0xbb, 0x2a,
-        0x9d, 0x7c, 0xb2, 0x3e, 0x11, 0x8c, 0x41, 0xd4,
-        0x9a, 0x4c, 0x9a, 0xd8, 0xf3, 0xe2, 0xa4, 0xec,
-        0x01, 0x77, 0x7a, 0x74, 0xa8, 0xc4, 0x12, 0x43,
-        0xc3, 0x1e, 0xce, 0x20, 0x8f, 0x2d, 0x0f, 0x6e,
-        0x00, 0x91, 0x00, 0x03, 0x0d, 0xbc, 0x61, 0x9b,
-        0xe1, 0x84, 0xa1, 0x72, 0xf6, 0xa9, 0xac, 0xcb,
-        0xf8, 0x73, 0x6d, 0x5b, 0xe2, 0x98, 0xb3, 0x6b,
-        0xec, 0xe7, 0x1e, 0x77, 0x8d, 0x0a, 0x69, 0xaa,
-        0xf9, 0x94, 0xb8, 0x63, 0x6d, 0xe8, 0xfa, 0xf6,
-        0x2f, 0xd3, 0xce, 0x7f, 0x04, 0x4c, 0x32, 0x2c,
-        0xf7, 0x26, 0x3e, 0x34, 0x99, 0xe6, 0xa5, 0xb2,
-        0xb0, 0x2a, 0xbb, 0xad, 0x5b, 0xd9, 0xec, 0xe5,
-        0x00, 0x91, 0x00, 0x03, 0x0e, 0xb0, 0x71, 0x4d,
-        0x73, 0xbb, 0x94, 0x61, 0x49, 0x9c, 0x94, 0x2a,
-        0x5f, 0x1d, 0xcc, 0xaf, 0x65, 0x03, 0x3b, 0x39,
-        0x39, 0xd4, 0x47, 0xd9, 0xfc, 0xc4, 0x7b, 0x0b,
-        0x16, 0xd8, 0xe9, 0x01, 0xfc, 0xec, 0x3f, 0x8c,
-        0x1b, 0xc0, 0xc6, 0xac, 0x0b, 0x5d, 0x74, 0xc7,
-        0xbb, 0x03, 0x05, 0x69, 0x17, 0xe9, 0x98, 0x1a,
-        0x19, 0xb9, 0x09, 0x5c, 0xa1, 0xf4, 0xab, 0x9f,
-        0x00, 0x91, 0x00, 0x03, 0x0f, 0x02, 0x7c, 0x28,
-        0x0f, 0x8a, 0xf9, 0xed, 0x1d, 0x29, 0x3c, 0xf6,
-        0xcc, 0x2f, 0x04, 0x6d, 0x9a, 0xd6, 0x62, 0xb4,
-        0xa9, 0x6e, 0xb1, 0xca, 0xca, 0xac, 0x5e, 0x05,
-        0x3e, 0x83, 0x91, 0x47, 0x7c, 0x1f, 0x8b, 0x60,
-        0x01, 0xde, 0x65, 0x3a, 0xbf, 0xf2, 0xaa, 0xbb,
-        0x55, 0x98, 0x86, 0x91, 0x7e, 0xad, 0x3b, 0x36,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        WIREDATA_CTAP_INIT,
+        WIREDATA_CTAP_CBOR_INFO,
+        WIREDATA_CTAP_CBOR_AUTHKEY,
+        WIREDATA_CTAP_CBOR_PINTOKEN,
+        WIREDATA_CTAP_KEEPALIVE,
+        WIREDATA_CTAP_KEEPALIVE,
+        WIREDATA_CTAP_KEEPALIVE,
+        WIREDATA_CTAP_CBOR_CRED,
 };
 
 /*
@@ -336,294 +77,13 @@ static const uint8_t dummy_wire_data_fido[] = {
  * registration using the example parameters above.
  */
 static const uint8_t dummy_wire_data_u2f[] = {
-        0xff, 0xff, 0xff, 0xff, 0x86, 0x00, 0x11, 0x8e,
-        0x80, 0xd0, 0xe2, 0x3b, 0x24, 0x93, 0xea, 0x00,
-        0x00, 0x99, 0x01, 0x02, 0x01, 0x01, 0x00, 0x01,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x99, 0x01, 0x83, 0x00, 0x02, 0x69,
-        0x85, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x99, 0x01, 0x83, 0x00, 0x02, 0x69,
-        0x85, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x99, 0x01, 0x83, 0x00, 0x02, 0x69,
-        0x85, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x99, 0x01, 0x83, 0x00, 0x02, 0x69,
-        0x85, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x99, 0x01, 0x83, 0x00, 0x02, 0x69,
-        0x85, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x99, 0x01, 0x83, 0x00, 0x02, 0x69,
-        0x85, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x99, 0x01, 0x83, 0x00, 0x02, 0x69,
-        0x85, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x99, 0x01, 0x83, 0x00, 0x02, 0x69,
-        0x85, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x99, 0x01, 0x83, 0x00, 0x02, 0x69,
-        0x85, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x99, 0x01, 0x83, 0x00, 0x02, 0x69,
-        0x85, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x99, 0x01, 0x83, 0x00, 0x02, 0x69,
-        0x85, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x99, 0x01, 0x83, 0x00, 0x02, 0x69,
-        0x85, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x99, 0x01, 0x83, 0x00, 0x02, 0x69,
-        0x85, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x99, 0x01, 0x83, 0x00, 0x02, 0x69,
-        0x85, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x99, 0x01, 0x83, 0x00, 0x02, 0x69,
-        0x85, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x99, 0x01, 0x83, 0x00, 0x02, 0x69,
-        0x85, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x99, 0x01, 0x83, 0x00, 0x02, 0x69,
-        0x85, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x99, 0x01, 0x83, 0x00, 0x02, 0x69,
-        0x85, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x99, 0x01, 0x83, 0x00, 0x02, 0x69,
-        0x85, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x99, 0x01, 0x83, 0x00, 0x02, 0x69,
-        0x85, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x99, 0x01, 0x83, 0x00, 0x02, 0x69,
-        0x85, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x99, 0x01, 0x83, 0x03, 0x1e, 0x05,
-        0x04, 0x9f, 0xa0, 0xf9, 0x0d, 0x4c, 0xf4, 0xae,
-        0x96, 0x3c, 0xb7, 0x46, 0xb7, 0x5c, 0x9d, 0x8b,
-        0x48, 0x19, 0xdf, 0xc4, 0xad, 0xea, 0xb2, 0x70,
-        0x58, 0x72, 0xd9, 0xce, 0x75, 0xf5, 0xe6, 0x8e,
-        0x0f, 0x9c, 0x0e, 0x2e, 0x62, 0x3e, 0x91, 0xd3,
-        0x7b, 0x97, 0x46, 0x60, 0xb9, 0x57, 0x13, 0x97,
-        0x26, 0xae, 0x0f, 0xb3, 0x8f, 0x2e, 0x9b, 0x3f,
-        0x00, 0x00, 0x99, 0x01, 0x00, 0xa5, 0x55, 0xec,
-        0x8c, 0x25, 0x7c, 0x65, 0xb7, 0x09, 0x40, 0x48,
-        0xae, 0xa8, 0xcb, 0xa1, 0x91, 0xac, 0x40, 0x24,
-        0xf2, 0x34, 0x6e, 0x3a, 0x8f, 0xa5, 0xb7, 0x48,
-        0x54, 0x6e, 0xfb, 0xf4, 0x37, 0x88, 0x69, 0x79,
-        0x6f, 0x12, 0xc1, 0x32, 0xdf, 0x15, 0x5d, 0x6e,
-        0x82, 0x54, 0xc0, 0x6e, 0x56, 0x4f, 0x3a, 0x9c,
-        0xc3, 0x96, 0x7a, 0xde, 0xa5, 0xfe, 0xec, 0xd1,
-        0x00, 0x00, 0x99, 0x01, 0x01, 0x5a, 0x21, 0x85,
-        0x0e, 0x25, 0x7b, 0x8d, 0x6e, 0x1d, 0x32, 0x29,
-        0xdb, 0x21, 0xb0, 0xa3, 0x30, 0x82, 0x02, 0x4f,
-        0x30, 0x82, 0x01, 0x37, 0xa0, 0x03, 0x02, 0x01,
-        0x02, 0x02, 0x04, 0x2a, 0xd9, 0x6a, 0xf3, 0x30,
-        0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
-        0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x2e,
-        0x31, 0x2c, 0x30, 0x2a, 0x06, 0x03, 0x55, 0x04,
-        0x00, 0x00, 0x99, 0x01, 0x02, 0x03, 0x13, 0x23,
-        0x59, 0x75, 0x62, 0x69, 0x63, 0x6f, 0x20, 0x55,
-        0x32, 0x46, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20,
-        0x43, 0x41, 0x20, 0x53, 0x65, 0x72, 0x69, 0x61,
-        0x6c, 0x20, 0x34, 0x35, 0x37, 0x32, 0x30, 0x30,
-        0x36, 0x33, 0x31, 0x30, 0x20, 0x17, 0x0d, 0x31,
-        0x34, 0x30, 0x38, 0x30, 0x31, 0x30, 0x30, 0x30,
-        0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x32, 0x30,
-        0x00, 0x00, 0x99, 0x01, 0x03, 0x35, 0x30, 0x30,
-        0x39, 0x30, 0x34, 0x30, 0x30, 0x30, 0x30, 0x30,
-        0x30, 0x5a, 0x30, 0x31, 0x31, 0x2f, 0x30, 0x2d,
-        0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x26, 0x59,
-        0x75, 0x62, 0x69, 0x63, 0x6f, 0x20, 0x55, 0x32,
-        0x46, 0x20, 0x45, 0x45, 0x20, 0x53, 0x65, 0x72,
-        0x69, 0x61, 0x6c, 0x20, 0x32, 0x33, 0x39, 0x32,
-        0x35, 0x37, 0x33, 0x34, 0x35, 0x31, 0x36, 0x35,
-        0x00, 0x00, 0x99, 0x01, 0x04, 0x35, 0x30, 0x33,
-        0x38, 0x37, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07,
-        0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06,
-        0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01,
-        0x07, 0x03, 0x42, 0x00, 0x04, 0x2f, 0xe1, 0xa2,
-        0x3e, 0xbf, 0xa5, 0x5b, 0x3e, 0x46, 0x1d, 0x59,
-        0xa4, 0x35, 0x22, 0xd7, 0x97, 0x48, 0x98, 0x1c,
-        0xba, 0x6d, 0x28, 0x9a, 0x98, 0xf1, 0xbd, 0x7d,
-        0x00, 0x00, 0x99, 0x01, 0x05, 0xff, 0x65, 0x66,
-        0x80, 0xdb, 0xbb, 0xed, 0xbc, 0x2b, 0xae, 0x60,
-        0x7e, 0x6e, 0xf7, 0x72, 0xf5, 0x76, 0xb0, 0x4d,
-        0x54, 0xc4, 0xe5, 0xf3, 0x2f, 0x59, 0x6f, 0x26,
-        0xe6, 0x11, 0x15, 0xc7, 0x27, 0x2c, 0xf6, 0xca,
-        0x75, 0x94, 0xa3, 0x3b, 0x30, 0x39, 0x30, 0x22,
-        0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82,
-        0xc4, 0x0a, 0x02, 0x04, 0x15, 0x31, 0x2e, 0x33,
-        0x00, 0x00, 0x99, 0x01, 0x06, 0x2e, 0x36, 0x2e,
-        0x31, 0x2e, 0x34, 0x2e, 0x31, 0x2e, 0x34, 0x31,
-        0x34, 0x38, 0x32, 0x2e, 0x31, 0x2e, 0x32, 0x30,
-        0x13, 0x06, 0x0b, 0x2b, 0x06, 0x01, 0x04, 0x01,
-        0x82, 0xe5, 0x1c, 0x02, 0x01, 0x01, 0x04, 0x04,
-        0x03, 0x02, 0x04, 0x30, 0x30, 0x0d, 0x06, 0x09,
-        0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
-        0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00,
-        0x00, 0x00, 0x99, 0x01, 0x07, 0x85, 0x6a, 0xfa,
-        0x8b, 0xcf, 0x4f, 0x3f, 0x62, 0x5f, 0x29, 0x1b,
-        0xc1, 0x15, 0x8e, 0x3c, 0x7e, 0xbd, 0x25, 0x52,
-        0xbc, 0xf7, 0x57, 0x07, 0x53, 0xf5, 0x12, 0x1d,
-        0xa6, 0xa5, 0x4d, 0x24, 0xcc, 0xcf, 0xae, 0x27,
-        0xce, 0xd6, 0xab, 0x31, 0x12, 0x8c, 0x29, 0x7e,
-        0x5b, 0x5b, 0x89, 0x05, 0xdd, 0xa0, 0x20, 0x17,
-        0x93, 0x1f, 0x1f, 0x5f, 0x59, 0x25, 0x93, 0x59,
-        0x00, 0x00, 0x99, 0x01, 0x08, 0x51, 0xfc, 0x00,
-        0x4b, 0xcb, 0xe2, 0x0a, 0xdd, 0x7d, 0x8d, 0x05,
-        0x2f, 0x95, 0x43, 0xb3, 0x49, 0x6c, 0x15, 0xb8,
-        0x31, 0x0e, 0x10, 0xcb, 0xd9, 0xbb, 0x05, 0x38,
-        0x27, 0x4f, 0x58, 0x3e, 0xad, 0x1f, 0x45, 0x12,
-        0x88, 0xc3, 0xea, 0x76, 0xd0, 0x70, 0xad, 0x44,
-        0xe5, 0x3a, 0xfe, 0xa8, 0xf2, 0x2d, 0x1f, 0x73,
-        0x62, 0x5f, 0xf2, 0xd5, 0x89, 0xfe, 0x30, 0xdf,
-        0x00, 0x00, 0x99, 0x01, 0x09, 0x26, 0x62, 0xcb,
-        0x7c, 0xbb, 0x7c, 0x99, 0x61, 0x80, 0xad, 0xcf,
-        0xa9, 0x8a, 0x4d, 0x01, 0x2c, 0xf3, 0x13, 0x46,
-        0xcd, 0x11, 0x74, 0x6a, 0x58, 0x48, 0xe8, 0xbe,
-        0xed, 0xf3, 0xe3, 0x0c, 0xcb, 0xd9, 0xc1, 0xdd,
-        0x22, 0x16, 0x71, 0xb2, 0x83, 0x88, 0x61, 0xf6,
-        0x5a, 0x45, 0x36, 0x23, 0xb5, 0x18, 0xd5, 0x56,
-        0x7f, 0xa8, 0xf0, 0xa3, 0xce, 0x10, 0x5d, 0xf4,
-        0x00, 0x00, 0x99, 0x01, 0x0a, 0xf1, 0x39, 0x53,
-        0xe1, 0x14, 0xea, 0x59, 0xe0, 0xa7, 0xf2, 0xfe,
-        0x66, 0x88, 0x67, 0x43, 0x2e, 0x52, 0xfd, 0x6a,
-        0x2f, 0x64, 0xf7, 0x3c, 0x48, 0xcd, 0x9b, 0x38,
-        0xf2, 0xdf, 0xba, 0x2c, 0x7a, 0x4b, 0x3b, 0x11,
-        0x28, 0xdf, 0x26, 0xd6, 0x6a, 0x24, 0xf8, 0x95,
-        0xdd, 0xa0, 0xb6, 0x11, 0x80, 0xf4, 0x14, 0x4f,
-        0x6b, 0x70, 0x75, 0xc3, 0x18, 0xa4, 0x9a, 0xe0,
-        0x00, 0x00, 0x99, 0x01, 0x0b, 0x8b, 0x58, 0xd3,
-        0x6a, 0xdb, 0x1e, 0x30, 0x53, 0x67, 0x2b, 0x17,
-        0xc5, 0xa1, 0x9f, 0x7f, 0x0a, 0x22, 0xf1, 0x0e,
-        0x94, 0x30, 0x44, 0x02, 0x20, 0x07, 0x5c, 0x4f,
-        0xd2, 0x83, 0xb6, 0x9f, 0x0a, 0x4a, 0x4d, 0x4b,
-        0x08, 0x35, 0xeb, 0xc0, 0x7e, 0x4a, 0x14, 0x2e,
-        0xc7, 0x8c, 0xd6, 0x64, 0x2f, 0xd3, 0x1e, 0xcc,
-        0xb5, 0xe8, 0x42, 0xea, 0xf6, 0x02, 0x20, 0x6b,
-        0x00, 0x00, 0x99, 0x01, 0x0c, 0x5a, 0xba, 0x4a,
-        0xc8, 0xd7, 0x89, 0xcc, 0x77, 0xe6, 0xb9, 0xa3,
-        0x34, 0xea, 0x06, 0x85, 0x72, 0xc6, 0x28, 0xa8,
-        0x7a, 0xaa, 0x19, 0x88, 0x34, 0xbb, 0xdc, 0x64,
-        0x90, 0x0a, 0xdb, 0x39, 0x90, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+        WIREDATA_CTAP_INIT,
+        WIREDATA_CTAP_U2F_6985,
+        WIREDATA_CTAP_U2F_6985,
+        WIREDATA_CTAP_U2F_6985,
+        WIREDATA_CTAP_U2F_6985,
+        WIREDATA_CTAP_U2F_6985,
+        WIREDATA_CTAP_U2F_REGISTER,
 };
 
 int    LLVMFuzzerTestOneInput(const uint8_t *, size_t);
@@ -683,6 +143,13 @@ pack(uint8_t *ptr, size_t len, const struct param *p)
         return (max - len);
 }
 
+static size_t
+input_len(int max)
+{
+        return (5 * len_byte() + 6 * len_string(max) + 2 * len_int() +
+            4 * len_blob(max));
+}
+
 static void
 make_cred(fido_cred_t *cred, uint8_t u2f, int type, const struct blob *cdh,
     const char *rp_id, const char *rp_name, struct blob *user_id,
@@ -693,6 +160,8 @@ make_cred(fido_cred_t *cred, uint8_t u2f, int type, const struct blob *cdh,
         fido_dev_t      *dev;
         fido_dev_io_t    io;
 
+        memset(&io, 0, sizeof(io));
+
         io.open = dev_open;
         io.close = dev_close;
         io.read = dev_read;
@@ -720,6 +189,8 @@ make_cred(fido_cred_t *cred, uint8_t u2f, int type, const struct blob *cdh,
                 fido_cred_set_rk(cred, FIDO_OPT_TRUE);
         if (uv & 1)
                 fido_cred_set_uv(cred, FIDO_OPT_TRUE);
+        if (user_id->len)
+                fido_cred_set_prot(cred, user_id->body[0] & 0x03);
 
         fido_dev_make_cred(dev, cred, u2f & 1 ? NULL : pin);
 
@@ -733,15 +204,13 @@ verify_cred(int type, const unsigned char *cdh_ptr, size_t cdh_len,
     const char *rp_id, const char *rp_name, const unsigned char *authdata_ptr,
     size_t authdata_len, int ext, uint8_t rk, uint8_t uv,
     const unsigned char *x5c_ptr, size_t x5c_len, const unsigned char *sig_ptr,
-    size_t sig_len, const char *fmt)
+    size_t sig_len, const char *fmt, int prot)
 {
         fido_cred_t     *cred;
         uint8_t          flags;
 
-        if ((cred = fido_cred_new()) == NULL) {
-                warnx("%s: fido_cred_new", __func__);
+        if ((cred = fido_cred_new()) == NULL)
                 return;
-        }
 
         fido_cred_set_type(cred, type);
         fido_cred_set_clientdata_hash(cred, cdh_ptr, cdh_len);
@@ -751,6 +220,7 @@ verify_cred(int type, const unsigned char *cdh_ptr, size_t cdh_len,
         fido_cred_set_extensions(cred, ext);
         fido_cred_set_x509(cred, x5c_ptr, x5c_len);
         fido_cred_set_sig(cred, sig_ptr, sig_len);
+        fido_cred_set_prot(cred, prot);
 
         if (rk & 1)
                 fido_cred_set_rk(cred, FIDO_OPT_TRUE);
@@ -786,12 +256,14 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 
         memset(&p, 0, sizeof(p));
 
-        if (unpack(data, size, &p) < 0)
+        if (size < input_len(GETLEN_MIN) || size > input_len(GETLEN_MAX) ||
+            unpack(data, size, &p) < 0)
                 return (0);
 
-        srandom((unsigned int)p.seed);
+        prng_init((unsigned int)p.seed);
 
-        fido_init(0);
+        fido_init(FIDO_DEBUG);
+        fido_set_log_handler(consume_str);
 
         if ((cred = fido_cred_new()) == NULL)
                 return (0);
@@ -821,7 +293,7 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
             fido_cred_authdata_len(cred), p.ext, p.rk, p.uv,
             fido_cred_x5c_ptr(cred), fido_cred_x5c_len(cred),
             fido_cred_sig_ptr(cred), fido_cred_sig_len(cred),
-            fido_cred_fmt(cred));
+            fido_cred_fmt(cred), fido_cred_prot(cred));
 
         fido_cred_free(&cred);
 
diff --git a/fuzz/fuzz_credman.c b/fuzz/fuzz_credman.c
index 4359938..323d0a9 100644
--- a/fuzz/fuzz_credman.c
+++ b/fuzz/fuzz_credman.c
@@ -11,6 +11,9 @@
 #include <stdio.h>
 
 #include "mutator_aux.h"
+#include "wiredata_fido2.h"
+#include "dummy.h"
+
 #include "fido.h"
 #include "fido/credman.h"
 
@@ -37,59 +40,16 @@ struct param {
         struct blob     rp_wire_data;
 };
 
-/* Example parameters. */
-static const uint8_t dummy_cred_id[] = {
-        0x4f, 0x72, 0x98, 0x42, 0x4a, 0xe1, 0x17, 0xa5,
-        0x85, 0xa0, 0xef, 0x3b, 0x11, 0x24, 0x4a, 0x3d,
-};
-static const char dummy_pin[] = "[n#899:~m";
-static const char dummy_rp_id[] = "yubico.com";
-
 /*
  * Collection of HID reports from an authenticator issued with a FIDO2
  * 'getCredsMetadata' credential management command.
  */
 static const uint8_t dummy_meta_wire_data[] = {
-        0xff, 0xff, 0xff, 0xff, 0x86, 0x00, 0x11, 0xc5,
-        0xb7, 0x89, 0xba, 0x8d, 0x5f, 0x94, 0x1b, 0x00,
-        0x12, 0x00, 0x04, 0x02, 0x00, 0x04, 0x05, 0x05,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x12, 0x00, 0x04, 0x90, 0x00, 0x51, 0x00,
-        0xa1, 0x01, 0xa5, 0x01, 0x02, 0x03, 0x38, 0x18,
-        0x20, 0x01, 0x21, 0x58, 0x20, 0x93, 0xc5, 0x64,
-        0x71, 0xe9, 0xd1, 0xb8, 0xed, 0xf6, 0xd5, 0xf3,
-        0xa7, 0xd5, 0x96, 0x70, 0xbb, 0xd5, 0x20, 0xa1,
-        0xa3, 0xd3, 0x93, 0x4c, 0x5c, 0x20, 0x5c, 0x22,
-        0xeb, 0xb0, 0x6a, 0x27, 0x59, 0x22, 0x58, 0x20,
-        0x63, 0x02, 0x33, 0xa8, 0xed, 0x3c, 0xbc, 0xe9,
-        0x00, 0x12, 0x00, 0x04, 0x00, 0xda, 0x44, 0xf5,
-        0xed, 0xda, 0xe6, 0xa4, 0xad, 0x3f, 0x9e, 0xf8,
-        0x50, 0x8d, 0x01, 0x47, 0x6c, 0x4e, 0x72, 0xa4,
-        0x04, 0x13, 0xa8, 0x65, 0x97, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x12, 0x00, 0x04, 0x90, 0x00, 0x14, 0x00,
-        0xa1, 0x02, 0x50, 0x6f, 0x11, 0x96, 0x21, 0x92,
-        0x52, 0xf1, 0x6b, 0xd4, 0x2c, 0xe3, 0xf8, 0xc9,
-        0x8c, 0x47, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x12, 0x00, 0x04, 0x90, 0x00, 0x07, 0x00,
-        0xa2, 0x01, 0x00, 0x02, 0x18, 0x19, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        WIREDATA_CTAP_INIT,
+        WIREDATA_CTAP_CBOR_INFO,
+        WIREDATA_CTAP_CBOR_AUTHKEY,
+        WIREDATA_CTAP_CBOR_PINTOKEN,
+        WIREDATA_CTAP_CBOR_CREDMAN_META,
 };
 
 /*
@@ -97,62 +57,11 @@ static const uint8_t dummy_meta_wire_data[] = {
  * 'enumerateRPsBegin' credential management command.
  */
 static const uint8_t dummy_rp_wire_data[] = {
-        0xff, 0xff, 0xff, 0xff, 0x86, 0x00, 0x11, 0x87,
-        0xbf, 0xc6, 0x7f, 0x36, 0xf5, 0xe2, 0x49, 0x00,
-        0x15, 0x00, 0x02, 0x02, 0x00, 0x04, 0x05, 0x05,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x15, 0x00, 0x02, 0x90, 0x00, 0x51, 0x00,
-        0xa1, 0x01, 0xa5, 0x01, 0x02, 0x03, 0x38, 0x18,
-        0x20, 0x01, 0x21, 0x58, 0x20, 0x12, 0xc1, 0x81,
-        0x6b, 0x92, 0x6a, 0x56, 0x05, 0xfe, 0xdb, 0xab,
-        0x90, 0x2f, 0x57, 0x0b, 0x3d, 0x85, 0x3e, 0x3f,
-        0xbc, 0xe5, 0xd3, 0xb6, 0x86, 0xdf, 0x10, 0x43,
-        0xc2, 0xaf, 0x87, 0x34, 0x0e, 0x22, 0x58, 0x20,
-        0xd3, 0x0f, 0x7e, 0x5d, 0x10, 0x33, 0x57, 0x24,
-        0x00, 0x15, 0x00, 0x02, 0x00, 0x6e, 0x90, 0x58,
-        0x61, 0x2a, 0xd2, 0xc2, 0x1e, 0x08, 0xea, 0x91,
-        0xcb, 0x44, 0x66, 0x73, 0x29, 0x92, 0x29, 0x59,
-        0x91, 0xa3, 0x4d, 0x2c, 0xbb, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x15, 0x00, 0x02, 0x90, 0x00, 0x14, 0x00,
-        0xa1, 0x02, 0x50, 0x6d, 0x95, 0x0e, 0x73, 0x78,
-        0x46, 0x13, 0x2e, 0x07, 0xbf, 0xeb, 0x61, 0x31,
-        0x37, 0x36, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x15, 0x00, 0x02, 0x90, 0x00, 0x37, 0x00,
-        0xa3, 0x03, 0xa1, 0x62, 0x69, 0x64, 0x6a, 0x79,
-        0x75, 0x62, 0x69, 0x63, 0x6f, 0x2e, 0x63, 0x6f,
-        0x6d, 0x04, 0x58, 0x20, 0x37, 0x82, 0x09, 0xb7,
-        0x2d, 0xef, 0xcb, 0xa9, 0x1d, 0xcb, 0xf8, 0x54,
-        0xed, 0xb4, 0xda, 0xa6, 0x48, 0x82, 0x8a, 0x2c,
-        0xbd, 0x18, 0x0a, 0xfc, 0x77, 0xa7, 0x44, 0x34,
-        0x65, 0x5a, 0x1c, 0x7d, 0x05, 0x03, 0x00, 0x00,
-        0x00, 0x15, 0x00, 0x02, 0x90, 0x00, 0x36, 0x00,
-        0xa2, 0x03, 0xa1, 0x62, 0x69, 0x64, 0x6b, 0x79,
-        0x75, 0x62, 0x69, 0x6b, 0x65, 0x79, 0x2e, 0x6f,
-        0x72, 0x67, 0x04, 0x58, 0x20, 0x12, 0x6b, 0xba,
-        0x6a, 0x2d, 0x7a, 0x81, 0x84, 0x25, 0x7b, 0x74,
-        0xdd, 0x1d, 0xdd, 0x46, 0xb6, 0x2a, 0x8c, 0xa2,
-        0xa7, 0x83, 0xfe, 0xdb, 0x5b, 0x19, 0x48, 0x73,
-        0x55, 0xb7, 0xe3, 0x46, 0x09, 0x00, 0x00, 0x00,
-        0x00, 0x15, 0x00, 0x02, 0x90, 0x00, 0x37, 0x00,
-        0xa2, 0x03, 0xa1, 0x62, 0x69, 0x64, 0x6c, 0x77,
-        0x65, 0x62, 0x61, 0x75, 0x74, 0x68, 0x6e, 0x2e,
-        0x64, 0x65, 0x76, 0x04, 0x58, 0x20, 0xd6, 0x32,
-        0x7d, 0x8c, 0x6a, 0x5d, 0xe6, 0xae, 0x0e, 0x33,
-        0xd0, 0xa3, 0x31, 0xfb, 0x67, 0x77, 0xb9, 0x4e,
-        0xf4, 0x73, 0x19, 0xfe, 0x7e, 0xfd, 0xfa, 0x82,
-        0x70, 0x8e, 0x1f, 0xbb, 0xa2, 0x55, 0x00, 0x00,
+        WIREDATA_CTAP_INIT,
+        WIREDATA_CTAP_CBOR_INFO,
+        WIREDATA_CTAP_CBOR_AUTHKEY,
+        WIREDATA_CTAP_CBOR_PINTOKEN,
+        WIREDATA_CTAP_CBOR_CREDMAN_RPLIST,
 };
 
 /*
@@ -160,182 +69,11 @@ static const uint8_t dummy_rp_wire_data[] = {
  * 'enumerateCredentialsBegin' credential management command.
  */
 static const uint8_t dummy_rk_wire_data[] = {
-        0xff, 0xff, 0xff, 0xff, 0x86, 0x00, 0x11, 0x35,
-        0x3b, 0x34, 0xb9, 0xcb, 0xeb, 0x40, 0x55, 0x00,
-        0x15, 0x00, 0x04, 0x02, 0x00, 0x04, 0x05, 0x05,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x15, 0x00, 0x04, 0x90, 0x00, 0x51, 0x00,
-        0xa1, 0x01, 0xa5, 0x01, 0x02, 0x03, 0x38, 0x18,
-        0x20, 0x01, 0x21, 0x58, 0x20, 0x12, 0xc1, 0x81,
-        0x6b, 0x92, 0x6a, 0x56, 0x05, 0xfe, 0xdb, 0xab,
-        0x90, 0x2f, 0x57, 0x0b, 0x3d, 0x85, 0x3e, 0x3f,
-        0xbc, 0xe5, 0xd3, 0xb6, 0x86, 0xdf, 0x10, 0x43,
-        0xc2, 0xaf, 0x87, 0x34, 0x0e, 0x22, 0x58, 0x20,
-        0xd3, 0x0f, 0x7e, 0x5d, 0x10, 0x33, 0x57, 0x24,
-        0x00, 0x15, 0x00, 0x04, 0x00, 0x6e, 0x90, 0x58,
-        0x61, 0x2a, 0xd2, 0xc2, 0x1e, 0x08, 0xea, 0x91,
-        0xcb, 0x44, 0x66, 0x73, 0x29, 0x92, 0x29, 0x59,
-        0x91, 0xa3, 0x4d, 0x2c, 0xbb, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x15, 0x00, 0x04, 0x90, 0x00, 0x14, 0x00,
-        0xa1, 0x02, 0x50, 0x1b, 0xf0, 0x01, 0x0d, 0x32,
-        0xee, 0x28, 0xa4, 0x5a, 0x7f, 0x56, 0x5b, 0x28,
-        0xfd, 0x1f, 0x48, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x15, 0x00, 0x04, 0x90, 0x00, 0xc5, 0x00,
-        0xa5, 0x06, 0xa3, 0x62, 0x69, 0x64, 0x58, 0x20,
-        0xe4, 0xe1, 0x06, 0x31, 0xde, 0x00, 0x0f, 0x4f,
-        0x12, 0x6e, 0xc9, 0x68, 0x2d, 0x43, 0x3f, 0xf1,
-        0x02, 0x2c, 0x6e, 0xe6, 0x96, 0x10, 0xbf, 0x73,
-        0x35, 0xc9, 0x20, 0x27, 0x06, 0xba, 0x39, 0x09,
-        0x64, 0x6e, 0x61, 0x6d, 0x65, 0x6a, 0x62, 0x6f,
-        0x62, 0x20, 0x62, 0x61, 0x6e, 0x61, 0x6e, 0x61,
-        0x00, 0x15, 0x00, 0x04, 0x00, 0x6b, 0x64, 0x69,
-        0x73, 0x70, 0x6c, 0x61, 0x79, 0x4e, 0x61, 0x6d,
-        0x65, 0x67, 0x62, 0x62, 0x61, 0x6e, 0x61, 0x6e,
-        0x61, 0x07, 0xa2, 0x62, 0x69, 0x64, 0x50, 0x19,
-        0xf7, 0x78, 0x0c, 0xa0, 0xbc, 0xb9, 0xa6, 0xd5,
-        0x1e, 0xd7, 0x87, 0xfb, 0x6c, 0x80, 0x03, 0x64,
-        0x74, 0x79, 0x70, 0x65, 0x6a, 0x70, 0x75, 0x62,
-        0x6c, 0x69, 0x63, 0x2d, 0x6b, 0x65, 0x79, 0x08,
-        0x00, 0x15, 0x00, 0x04, 0x01, 0xa5, 0x01, 0x02,
-        0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0x81,
-        0x6c, 0xdd, 0x8c, 0x8f, 0x8c, 0xc8, 0x43, 0xa7,
-        0xbb, 0x79, 0x51, 0x09, 0xb1, 0xdf, 0xbe, 0xc4,
-        0xa5, 0x54, 0x16, 0x9e, 0x58, 0x56, 0xb3, 0x0b,
-        0x34, 0x4f, 0xa5, 0x6c, 0x05, 0xa2, 0x21, 0x22,
-        0x58, 0x20, 0xcd, 0xc2, 0x0c, 0x99, 0x83, 0x5a,
-        0x61, 0x73, 0xd8, 0xe0, 0x74, 0x23, 0x46, 0x64,
-        0x00, 0x15, 0x00, 0x04, 0x02, 0x39, 0x4c, 0xb0,
-        0xf4, 0x6c, 0x0a, 0x37, 0x72, 0xaa, 0xa8, 0xea,
-        0x58, 0xd3, 0xd4, 0xe0, 0x51, 0xb2, 0x28, 0x09,
-        0x05, 0x0a, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x15, 0x00, 0x04, 0x90, 0x00, 0xa0, 0x00,
-        0xa4, 0x06, 0xa3, 0x62, 0x69, 0x64, 0x58, 0x20,
-        0x56, 0xa1, 0x3c, 0x06, 0x2b, 0xad, 0xa2, 0x21,
-        0x7d, 0xcd, 0x91, 0x08, 0x47, 0xa8, 0x8a, 0x06,
-        0x06, 0xf6, 0x66, 0x91, 0xf6, 0xeb, 0x89, 0xe4,
-        0xdf, 0x26, 0xbc, 0x46, 0x59, 0xc3, 0x7d, 0xc0,
-        0x64, 0x6e, 0x61, 0x6d, 0x65, 0x6a, 0x62, 0x6f,
-        0x62, 0x20, 0x62, 0x61, 0x6e, 0x61, 0x6e, 0x61,
-        0x00, 0x15, 0x00, 0x04, 0x00, 0x6b, 0x64, 0x69,
-        0x73, 0x70, 0x6c, 0x61, 0x79, 0x4e, 0x61, 0x6d,
-        0x65, 0x67, 0x62, 0x62, 0x61, 0x6e, 0x61, 0x6e,
-        0x61, 0x07, 0xa2, 0x62, 0x69, 0x64, 0x50, 0xd8,
-        0x27, 0x4b, 0x25, 0xed, 0x19, 0xef, 0x11, 0xaf,
-        0xa6, 0x89, 0x7b, 0x84, 0x50, 0xe7, 0x62, 0x64,
-        0x74, 0x79, 0x70, 0x65, 0x6a, 0x70, 0x75, 0x62,
-        0x6c, 0x69, 0x63, 0x2d, 0x6b, 0x65, 0x79, 0x08,
-        0x00, 0x15, 0x00, 0x04, 0x01, 0xa4, 0x01, 0x01,
-        0x03, 0x27, 0x20, 0x06, 0x21, 0x58, 0x20, 0x8d,
-        0xfe, 0x45, 0xd5, 0x7d, 0xb6, 0x17, 0xab, 0x86,
-        0x2d, 0x32, 0xf6, 0x85, 0xf0, 0x92, 0x76, 0xb7,
-        0xce, 0x73, 0xca, 0x4e, 0x0e, 0xfd, 0xd5, 0xdb,
-        0x2a, 0x1d, 0x55, 0x90, 0x96, 0x52, 0xc2, 0x0a,
-        0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x15, 0x00, 0x04, 0x90, 0x00, 0xa0, 0x00,
-        0xa4, 0x06, 0xa3, 0x62, 0x69, 0x64, 0x58, 0x20,
-        0x04, 0x0e, 0x0f, 0xa0, 0xcd, 0x60, 0x35, 0x9a,
-        0xba, 0x47, 0x0c, 0x10, 0xb6, 0x82, 0x6e, 0x2f,
-        0x66, 0xb9, 0xa7, 0xcf, 0xd8, 0x47, 0xb4, 0x3d,
-        0xfd, 0x77, 0x1a, 0x38, 0x22, 0xa1, 0xda, 0xa5,
-        0x64, 0x6e, 0x61, 0x6d, 0x65, 0x6a, 0x62, 0x6f,
-        0x62, 0x20, 0x62, 0x61, 0x6e, 0x61, 0x6e, 0x61,
-        0x00, 0x15, 0x00, 0x04, 0x00, 0x6b, 0x64, 0x69,
-        0x73, 0x70, 0x6c, 0x61, 0x79, 0x4e, 0x61, 0x6d,
-        0x65, 0x67, 0x62, 0x62, 0x61, 0x6e, 0x61, 0x6e,
-        0x61, 0x07, 0xa2, 0x62, 0x69, 0x64, 0x50, 0x00,
-        0x5d, 0xdf, 0xef, 0xe2, 0xf3, 0x06, 0xb2, 0xa5,
-        0x46, 0x4d, 0x98, 0xbc, 0x14, 0x65, 0xc1, 0x64,
-        0x74, 0x79, 0x70, 0x65, 0x6a, 0x70, 0x75, 0x62,
-        0x6c, 0x69, 0x63, 0x2d, 0x6b, 0x65, 0x79, 0x08,
-        0x00, 0x15, 0x00, 0x04, 0x01, 0xa4, 0x01, 0x01,
-        0x03, 0x27, 0x20, 0x06, 0x21, 0x58, 0x20, 0x72,
-        0x79, 0x14, 0x69, 0xdf, 0xcb, 0x64, 0x75, 0xee,
-        0xd4, 0x45, 0x94, 0xbc, 0x48, 0x4d, 0x2a, 0x9f,
-        0xc9, 0xf4, 0xb5, 0x1b, 0x05, 0xa6, 0x5b, 0x54,
-        0x9a, 0xac, 0x6c, 0x2e, 0xc6, 0x90, 0x62, 0x0a,
-        0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x15, 0x00, 0x04, 0x90, 0x00, 0xc3, 0x00,
-        0xa4, 0x06, 0xa3, 0x62, 0x69, 0x64, 0x58, 0x20,
-        0xce, 0x32, 0xd8, 0x79, 0xdd, 0x86, 0xa2, 0x42,
-        0x7c, 0xc3, 0xe1, 0x95, 0x12, 0x93, 0x1a, 0x03,
-        0xe6, 0x70, 0xb8, 0xff, 0xcd, 0xa5, 0xdf, 0x15,
-        0xfc, 0x88, 0x2a, 0xf5, 0x44, 0xf1, 0x33, 0x9c,
-        0x64, 0x6e, 0x61, 0x6d, 0x65, 0x6a, 0x62, 0x6f,
-        0x62, 0x20, 0x62, 0x61, 0x6e, 0x61, 0x6e, 0x61,
-        0x00, 0x15, 0x00, 0x04, 0x00, 0x6b, 0x64, 0x69,
-        0x73, 0x70, 0x6c, 0x61, 0x79, 0x4e, 0x61, 0x6d,
-        0x65, 0x67, 0x62, 0x62, 0x61, 0x6e, 0x61, 0x6e,
-        0x61, 0x07, 0xa2, 0x62, 0x69, 0x64, 0x50, 0x0a,
-        0x26, 0x5b, 0x7e, 0x1a, 0x2a, 0xba, 0x70, 0x5f,
-        0x18, 0x26, 0x14, 0xb2, 0x71, 0xca, 0x98, 0x64,
-        0x74, 0x79, 0x70, 0x65, 0x6a, 0x70, 0x75, 0x62,
-        0x6c, 0x69, 0x63, 0x2d, 0x6b, 0x65, 0x79, 0x08,
-        0x00, 0x15, 0x00, 0x04, 0x01, 0xa5, 0x01, 0x02,
-        0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0x8b,
-        0x48, 0xf0, 0x69, 0xfb, 0x22, 0xfb, 0xf3, 0x86,
-        0x57, 0x7c, 0xdd, 0x82, 0x2c, 0x1c, 0x0c, 0xdc,
-        0x27, 0xe2, 0x6a, 0x4c, 0x1a, 0x10, 0x04, 0x27,
-        0x51, 0x3e, 0x2a, 0x9d, 0x3a, 0xb6, 0xb5, 0x22,
-        0x58, 0x20, 0x70, 0xfe, 0x91, 0x67, 0x64, 0x53,
-        0x63, 0x83, 0x72, 0x31, 0xe9, 0xe5, 0x20, 0xb7,
-        0x00, 0x15, 0x00, 0x04, 0x02, 0xee, 0xc9, 0xfb,
-        0x63, 0xd7, 0xe4, 0x76, 0x39, 0x80, 0x82, 0x74,
-        0xb8, 0xfa, 0x67, 0xf5, 0x1b, 0x8f, 0xe0, 0x0a,
-        0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x15, 0x00, 0x04, 0x90, 0x00, 0xc3, 0x00,
-        0xa4, 0x06, 0xa3, 0x62, 0x69, 0x64, 0x58, 0x20,
-        0xf9, 0xa3, 0x67, 0xbf, 0x5e, 0x80, 0x95, 0xdb,
-        0x4c, 0xc5, 0x8f, 0x65, 0x36, 0xc5, 0xaf, 0xdd,
-        0x90, 0x2e, 0x62, 0x68, 0x67, 0x9c, 0xa2, 0x26,
-        0x2f, 0x2a, 0xf9, 0x3a, 0xda, 0x15, 0xf2, 0x27,
-        0x64, 0x6e, 0x61, 0x6d, 0x65, 0x6a, 0x62, 0x6f,
-        0x62, 0x20, 0x62, 0x61, 0x6e, 0x61, 0x6e, 0x61,
-        0x00, 0x15, 0x00, 0x04, 0x00, 0x6b, 0x64, 0x69,
-        0x73, 0x70, 0x6c, 0x61, 0x79, 0x4e, 0x61, 0x6d,
-        0x65, 0x67, 0x62, 0x62, 0x61, 0x6e, 0x61, 0x6e,
-        0x61, 0x07, 0xa2, 0x62, 0x69, 0x64, 0x50, 0xfb,
-        0xa6, 0xbe, 0xc1, 0x01, 0xf6, 0x7a, 0x81, 0xf9,
-        0xcd, 0x6d, 0x20, 0x41, 0x7a, 0x1c, 0x40, 0x64,
-        0x74, 0x79, 0x70, 0x65, 0x6a, 0x70, 0x75, 0x62,
-        0x6c, 0x69, 0x63, 0x2d, 0x6b, 0x65, 0x79, 0x08,
-        0x00, 0x15, 0x00, 0x04, 0x01, 0xa5, 0x01, 0x02,
-        0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0xda,
-        0x2b, 0x53, 0xc3, 0xbe, 0x48, 0xf8, 0xab, 0xbd,
-        0x06, 0x28, 0x46, 0xfa, 0x35, 0xab, 0xf9, 0xc5,
-        0x2e, 0xfd, 0x3c, 0x38, 0x88, 0xb3, 0xe1, 0xa7,
-        0xc5, 0xc6, 0xed, 0x72, 0x54, 0x37, 0x93, 0x22,
-        0x58, 0x20, 0x12, 0x82, 0x32, 0x2d, 0xab, 0xbc,
-        0x64, 0xb3, 0xed, 0xcc, 0xd5, 0x22, 0xec, 0x79,
-        0x00, 0x15, 0x00, 0x04, 0x02, 0x4b, 0xe2, 0x4d,
-        0x0c, 0x4b, 0x8d, 0x31, 0x4c, 0xb4, 0x0f, 0xd4,
-        0xa9, 0xbe, 0x0c, 0xab, 0x9e, 0x0a, 0xc9, 0x0a,
-        0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        WIREDATA_CTAP_INIT,
+        WIREDATA_CTAP_CBOR_INFO,
+        WIREDATA_CTAP_CBOR_AUTHKEY,
+        WIREDATA_CTAP_CBOR_PINTOKEN,
+        WIREDATA_CTAP_CBOR_CREDMAN_RKLIST,
 };
 
 /*
@@ -343,46 +81,11 @@ static const uint8_t dummy_rk_wire_data[] = {
  * 'deleteCredential' credential management command.
  */
 static const uint8_t dummy_del_wire_data[] = {
-        0xff, 0xff, 0xff, 0xff, 0x86, 0x00, 0x11, 0x8b,
-        0xe1, 0xf0, 0x3a, 0x18, 0xa5, 0xda, 0x59, 0x00,
-        0x15, 0x00, 0x05, 0x02, 0x00, 0x04, 0x05, 0x05,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x15, 0x00, 0x05, 0x90, 0x00, 0x51, 0x00,
-        0xa1, 0x01, 0xa5, 0x01, 0x02, 0x03, 0x38, 0x18,
-        0x20, 0x01, 0x21, 0x58, 0x20, 0x12, 0xc1, 0x81,
-        0x6b, 0x92, 0x6a, 0x56, 0x05, 0xfe, 0xdb, 0xab,
-        0x90, 0x2f, 0x57, 0x0b, 0x3d, 0x85, 0x3e, 0x3f,
-        0xbc, 0xe5, 0xd3, 0xb6, 0x86, 0xdf, 0x10, 0x43,
-        0xc2, 0xaf, 0x87, 0x34, 0x0e, 0x22, 0x58, 0x20,
-        0xd3, 0x0f, 0x7e, 0x5d, 0x10, 0x33, 0x57, 0x24,
-        0x00, 0x15, 0x00, 0x05, 0x00, 0x6e, 0x90, 0x58,
-        0x61, 0x2a, 0xd2, 0xc2, 0x1e, 0x08, 0xea, 0x91,
-        0xcb, 0x44, 0x66, 0x73, 0x29, 0x92, 0x29, 0x59,
-        0x91, 0xa3, 0x4d, 0x2c, 0xbb, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x15, 0x00, 0x05, 0x90, 0x00, 0x14, 0x00,
-        0xa1, 0x02, 0x50, 0x33, 0xf1, 0x3b, 0xde, 0x1e,
-        0xa5, 0xd1, 0xbf, 0xf6, 0x5d, 0x63, 0xb6, 0xfc,
-        0xd2, 0x24, 0xe8, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x15, 0x00, 0x05, 0x90, 0x00, 0x01, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        WIREDATA_CTAP_INIT,
+        WIREDATA_CTAP_CBOR_INFO,
+        WIREDATA_CTAP_CBOR_AUTHKEY,
+        WIREDATA_CTAP_CBOR_PINTOKEN,
+        WIREDATA_CTAP_CBOR_STATUS,
 };
 
 int    LLVMFuzzerTestOneInput(const uint8_t *, size_t);
@@ -424,12 +127,20 @@ pack(uint8_t *ptr, size_t len, const struct param *p)
         return (max - len);
 }
 
+static size_t
+input_len(int max)
+{
+        return (2 * len_string(max) + 5 * len_blob(max) + len_int());
+}
+
 static fido_dev_t *
 prepare_dev()
 {
         fido_dev_t      *dev;
         fido_dev_io_t    io;
 
+        memset(&io, 0, sizeof(io));
+
         io.open = dev_open;
         io.close = dev_close;
         io.read = dev_read;
@@ -454,9 +165,9 @@ get_metadata(struct param *p)
 
         set_wire_data(p->meta_wire_data.body, p->meta_wire_data.len);
 
-        if ((dev = prepare_dev()) == NULL) {
+        if ((dev = prepare_dev()) == NULL)
                 return;
-        }
+
         if ((metadata = fido_credman_metadata_new()) == NULL) {
                 fido_dev_close(dev);
                 fido_dev_free(&dev);
@@ -483,9 +194,9 @@ get_rp_list(struct param *p)
 
         set_wire_data(p->rp_wire_data.body, p->rp_wire_data.len);
 
-        if ((dev = prepare_dev()) == NULL) {
+        if ((dev = prepare_dev()) == NULL)
                 return;
-        }
+
         if ((rp = fido_credman_rp_new()) == NULL) {
                 fido_dev_close(dev);
                 fido_dev_free(&dev);
@@ -519,9 +230,9 @@ get_rk_list(struct param *p)
 
         set_wire_data(p->rk_wire_data.body, p->rk_wire_data.len);
 
-        if ((dev = prepare_dev()) == NULL) {
+        if ((dev = prepare_dev()) == NULL)
                 return;
-        }
+
         if ((rk = fido_credman_rk_new()) == NULL) {
                 fido_dev_close(dev);
                 fido_dev_free(&dev);
@@ -560,9 +271,8 @@ del_rk(struct param *p)
 
         set_wire_data(p->del_wire_data.body, p->del_wire_data.len);
 
-        if ((dev = prepare_dev()) == NULL) {
+        if ((dev = prepare_dev()) == NULL)
                 return;
-        }
 
         fido_credman_del_dev_rk(dev, p->cred_id.body, p->cred_id.len, p->pin);
         fido_dev_close(dev);
@@ -576,12 +286,14 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 
         memset(&p, 0, sizeof(p));
 
-        if (unpack(data, size, &p) < 0)
+        if (size < input_len(GETLEN_MIN) || size > input_len(GETLEN_MAX) ||
+            unpack(data, size, &p) < 0)
                 return (0);
 
-        srandom((unsigned int)p.seed);
+        prng_init((unsigned int)p.seed);
 
-        fido_init(0);
+        fido_init(FIDO_DEBUG);
+        fido_set_log_handler(consume_str);
 
         get_metadata(&p);
         get_rp_list(&p);
diff --git a/fuzz/fuzz_mgmt.c b/fuzz/fuzz_mgmt.c
index 741b375..d46daf6 100644
--- a/fuzz/fuzz_mgmt.c
+++ b/fuzz/fuzz_mgmt.c
@@ -11,6 +11,8 @@
 #include <string.h>
 
 #include "mutator_aux.h"
+#include "wiredata_fido2.h"
+#include "dummy.h"
 #include "fido.h"
 
 #include "../openbsd-compat/openbsd-compat.h"
@@ -35,207 +37,39 @@ struct param {
         int             seed;
 };
 
-/* Example parameters. */
-static const char dummy_pin1[] = "skepp cg0u3;Y..";
-static const char dummy_pin2[] = "bastilha 6rJrfQZI.";
-
 static const uint8_t dummy_reset_wire_data[] = {
-        0xff, 0xff, 0xff, 0xff, 0x86, 0x00, 0x11, 0x91,
-        0xef, 0xbe, 0x74, 0x39, 0x1a, 0x1c, 0x4a, 0x00,
-        0x22, 0x00, 0x01, 0x02, 0x05, 0x02, 0x01, 0x05,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x22, 0x00, 0x01, 0xbb, 0x00, 0x01, 0x02,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x22, 0x00, 0x01, 0xbb, 0x00, 0x01, 0x02,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x22, 0x00, 0x01, 0xbb, 0x00, 0x01, 0x02,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x22, 0x00, 0x01, 0xbb, 0x00, 0x01, 0x02,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x22, 0x00, 0x01, 0xbb, 0x00, 0x01, 0x02,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x22, 0x00, 0x01, 0xbb, 0x00, 0x01, 0x01,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x22, 0x00, 0x01, 0x90, 0x00, 0x01, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+        WIREDATA_CTAP_INIT,
+        WIREDATA_CTAP_CBOR_INFO,
+        WIREDATA_CTAP_KEEPALIVE,
+        WIREDATA_CTAP_KEEPALIVE,
+        WIREDATA_CTAP_KEEPALIVE,
+        WIREDATA_CTAP_CBOR_RESET,
 };
 
 static const uint8_t dummy_info_wire_data[] = {
-        0xff, 0xff, 0xff, 0xff, 0x86, 0x00, 0x11, 0x80,
-        0x43, 0x56, 0x40, 0xb1, 0x4e, 0xd9, 0x2d, 0x00,
-        0x22, 0x00, 0x02, 0x02, 0x05, 0x02, 0x01, 0x05,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x22, 0x00, 0x02, 0x90, 0x00, 0xb9, 0x00,
-        0xa9, 0x01, 0x83, 0x66, 0x55, 0x32, 0x46, 0x5f,
-        0x56, 0x32, 0x68, 0x46, 0x49, 0x44, 0x4f, 0x5f,
-        0x32, 0x5f, 0x30, 0x6c, 0x46, 0x49, 0x44, 0x4f,
-        0x5f, 0x32, 0x5f, 0x31, 0x5f, 0x50, 0x52, 0x45,
-        0x02, 0x82, 0x6b, 0x63, 0x72, 0x65, 0x64, 0x50,
-        0x72, 0x6f, 0x74, 0x65, 0x63, 0x74, 0x6b, 0x68,
-        0x6d, 0x61, 0x63, 0x2d, 0x73, 0x65, 0x63, 0x72,
-        0x00, 0x22, 0x00, 0x02, 0x00, 0x65, 0x74, 0x03,
-        0x50, 0x19, 0x56, 0xe5, 0xbd, 0xa3, 0x74, 0x45,
-        0xf1, 0xa8, 0x14, 0x35, 0x64, 0x03, 0xfd, 0xbc,
-        0x18, 0x04, 0xa5, 0x62, 0x72, 0x6b, 0xf5, 0x62,
-        0x75, 0x70, 0xf5, 0x64, 0x70, 0x6c, 0x61, 0x74,
-        0xf4, 0x69, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74,
-        0x50, 0x69, 0x6e, 0xf4, 0x75, 0x63, 0x72, 0x65,
-        0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x4d,
-        0x00, 0x22, 0x00, 0x02, 0x01, 0x67, 0x6d, 0x74,
-        0x50, 0x72, 0x65, 0x76, 0x69, 0x65, 0x77, 0xf5,
-        0x05, 0x19, 0x04, 0xb0, 0x06, 0x81, 0x01, 0x07,
-        0x08, 0x08, 0x18, 0x80, 0x0a, 0x82, 0xa2, 0x63,
-        0x61, 0x6c, 0x67, 0x26, 0x64, 0x74, 0x79, 0x70,
-        0x65, 0x6a, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63,
-        0x2d, 0x6b, 0x65, 0x79, 0xa2, 0x63, 0x61, 0x6c,
-        0x67, 0x27, 0x64, 0x74, 0x79, 0x70, 0x65, 0x6a,
-        0x00, 0x22, 0x00, 0x02, 0x02, 0x70, 0x75, 0x62,
-        0x6c, 0x69, 0x63, 0x2d, 0x6b, 0x65, 0x79, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+        WIREDATA_CTAP_INIT,
+        WIREDATA_CTAP_CBOR_INFO,
+        WIREDATA_CTAP_CBOR_INFO,
 };
 
 static const uint8_t dummy_set_pin_wire_data[] = {
-        0xff, 0xff, 0xff, 0xff, 0x86, 0x00, 0x11, 0x59,
-        0x50, 0x8c, 0x27, 0x14, 0x83, 0x43, 0xd5, 0x00,
-        0x22, 0x00, 0x03, 0x02, 0x05, 0x02, 0x01, 0x05,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x22, 0x00, 0x03, 0x90, 0x00, 0x51, 0x00,
-        0xa1, 0x01, 0xa5, 0x01, 0x02, 0x03, 0x38, 0x18,
-        0x20, 0x01, 0x21, 0x58, 0x20, 0x2a, 0xb8, 0x2d,
-        0x36, 0x69, 0xab, 0x30, 0x9d, 0xe3, 0x5e, 0x9b,
-        0xfb, 0x94, 0xfc, 0x1d, 0x92, 0x95, 0xaf, 0x01,
-        0x47, 0xfe, 0x4b, 0x87, 0xe5, 0xcf, 0x3f, 0x05,
-        0x0b, 0x39, 0xda, 0x17, 0x49, 0x22, 0x58, 0x20,
-        0x15, 0x1b, 0xbe, 0x08, 0x78, 0x60, 0x4d, 0x3c,
-        0x00, 0x22, 0x00, 0x03, 0x00, 0x3f, 0xf1, 0x60,
-        0xa6, 0xd8, 0xf8, 0xed, 0xce, 0x4a, 0x30, 0x5d,
-        0x1a, 0xaf, 0x80, 0xc4, 0x0a, 0xd2, 0x6f, 0x77,
-        0x38, 0x12, 0x97, 0xaa, 0xbd, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x22, 0x00, 0x03, 0x90, 0x00, 0x01, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+        WIREDATA_CTAP_INIT,
+        WIREDATA_CTAP_CBOR_INFO,
+        WIREDATA_CTAP_CBOR_AUTHKEY,
+        WIREDATA_CTAP_CBOR_STATUS,
 };
 
 static const uint8_t dummy_change_pin_wire_data[] = {
-        0xff, 0xff, 0xff, 0xff, 0x86, 0x00, 0x11, 0x48,
-        0xfd, 0xf9, 0xde, 0x28, 0x21, 0x99, 0xd5, 0x00,
-        0x22, 0x00, 0x04, 0x02, 0x05, 0x02, 0x01, 0x05,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x22, 0x00, 0x04, 0x90, 0x00, 0x51, 0x00,
-        0xa1, 0x01, 0xa5, 0x01, 0x02, 0x03, 0x38, 0x18,
-        0x20, 0x01, 0x21, 0x58, 0x20, 0x2a, 0xb8, 0x2d,
-        0x36, 0x69, 0xab, 0x30, 0x9d, 0xe3, 0x5e, 0x9b,
-        0xfb, 0x94, 0xfc, 0x1d, 0x92, 0x95, 0xaf, 0x01,
-        0x47, 0xfe, 0x4b, 0x87, 0xe5, 0xcf, 0x3f, 0x05,
-        0x0b, 0x39, 0xda, 0x17, 0x49, 0x22, 0x58, 0x20,
-        0x15, 0x1b, 0xbe, 0x08, 0x78, 0x60, 0x4d, 0x3c,
-        0x00, 0x22, 0x00, 0x04, 0x00, 0x3f, 0xf1, 0x60,
-        0xa6, 0xd8, 0xf8, 0xed, 0xce, 0x4a, 0x30, 0x5d,
-        0x1a, 0xaf, 0x80, 0xc4, 0x0a, 0xd2, 0x6f, 0x77,
-        0x38, 0x12, 0x97, 0xaa, 0xbd, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x22, 0x00, 0x04, 0x90, 0x00, 0x01, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+        WIREDATA_CTAP_INIT,
+        WIREDATA_CTAP_CBOR_INFO,
+        WIREDATA_CTAP_CBOR_AUTHKEY,
+        WIREDATA_CTAP_CBOR_STATUS,
 };
 
 static const uint8_t dummy_retry_wire_data[] = {
-        0xff, 0xff, 0xff, 0xff, 0x86, 0x00, 0x11, 0x7f,
-        0xaa, 0x73, 0x3e, 0x95, 0x98, 0xa8, 0x60, 0x00,
-        0x22, 0x00, 0x05, 0x02, 0x05, 0x02, 0x01, 0x05,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x22, 0x00, 0x05, 0x90, 0x00, 0x04, 0x00,
-        0xa1, 0x03, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+        WIREDATA_CTAP_INIT,
+        WIREDATA_CTAP_CBOR_INFO,
+        WIREDATA_CTAP_CBOR_RETRIES,
 };
 
 int    LLVMFuzzerTestOneInput(const uint8_t *, size_t);
@@ -277,12 +111,20 @@ pack(uint8_t *ptr, size_t len, const struct param *p)
         return (max - len);
 }
 
+static size_t
+input_len(int max)
+{
+        return (2 * len_string(max) + 5 * len_blob(max) + len_int());
+}
+
 static fido_dev_t *
 prepare_dev()
 {
         fido_dev_t      *dev;
         fido_dev_io_t    io;
 
+        memset(&io, 0, sizeof(io));
+
         io.open = dev_open;
         io.close = dev_close;
         io.read = dev_read;
@@ -304,9 +146,8 @@ dev_reset(struct param *p)
 
         set_wire_data(p->reset_wire_data.body, p->reset_wire_data.len);
 
-        if ((dev = prepare_dev()) == NULL) {
+        if ((dev = prepare_dev()) == NULL)
                 return;
-        }
 
         fido_dev_reset(dev);
         fido_dev_close(dev);
@@ -327,9 +168,8 @@ dev_get_cbor_info(struct param *p)
 
         set_wire_data(p->info_wire_data.body, p->info_wire_data.len);
 
-        if ((dev = prepare_dev()) == NULL) {
+        if ((dev = prepare_dev()) == NULL)
                 return;
-        }
 
         proto = fido_dev_protocol(dev);
         major = fido_dev_major(dev);
@@ -343,15 +183,10 @@ dev_get_cbor_info(struct param *p)
         consume(&build, sizeof(build));
         consume(&flags, sizeof(flags));
 
-        if ((ci = fido_cbor_info_new()) == NULL) {
-                fido_dev_close(dev);
-                fido_dev_free(&dev);
-                return;
-        }
+        if ((ci = fido_cbor_info_new()) == NULL)
+                goto out;
 
         fido_dev_get_cbor_info(dev, ci);
-        fido_dev_close(dev);
-        fido_dev_free(&dev);
 
         for (size_t i = 0; i < fido_cbor_info_versions_len(ci); i++) {
                 char * const *sa = fido_cbor_info_versions_ptr(ci);
@@ -372,10 +207,17 @@ dev_get_cbor_info(struct param *p)
         n = fido_cbor_info_maxmsgsiz(ci);
         consume(&n, sizeof(n));
 
+        n = fido_cbor_info_fwversion(ci);
+        consume(&n, sizeof(n));
+
         consume(fido_cbor_info_aaguid_ptr(ci), fido_cbor_info_aaguid_len(ci));
         consume(fido_cbor_info_protocols_ptr(ci),
             fido_cbor_info_protocols_len(ci));
 
+out:
+        fido_dev_close(dev);
+        fido_dev_free(&dev);
+
         fido_cbor_info_free(&ci);
 }
 
@@ -386,9 +228,8 @@ dev_set_pin(struct param *p)
 
         set_wire_data(p->set_pin_wire_data.body, p->set_pin_wire_data.len);
 
-        if ((dev = prepare_dev()) == NULL) {
+        if ((dev = prepare_dev()) == NULL)
                 return;
-        }
 
         fido_dev_set_pin(dev, p->pin1, NULL);
         fido_dev_close(dev);
@@ -402,9 +243,8 @@ dev_change_pin(struct param *p)
 
         set_wire_data(p->change_pin_wire_data.body, p->change_pin_wire_data.len);
 
-        if ((dev = prepare_dev()) == NULL) {
+        if ((dev = prepare_dev()) == NULL)
                 return;
-        }
 
         fido_dev_set_pin(dev, p->pin2, p->pin1);
         fido_dev_close(dev);
@@ -419,9 +259,8 @@ dev_get_retry_count(struct param *p)
 
         set_wire_data(p->retry_wire_data.body, p->retry_wire_data.len);
 
-        if ((dev = prepare_dev()) == NULL) {
+        if ((dev = prepare_dev()) == NULL)
                 return;
-        }
 
         fido_dev_get_retry_count(dev, &n);
         consume(&n, sizeof(n));
@@ -436,12 +275,14 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 
         memset(&p, 0, sizeof(p));
 
-        if (unpack(data, size, &p) < 0)
+        if (size < input_len(GETLEN_MIN) || size > input_len(GETLEN_MAX) ||
+            unpack(data, size, &p) < 0)
                 return (0);
 
-        srandom((unsigned int)p.seed);
+        prng_init((unsigned int)p.seed);
 
-        fido_init(0);
+        fido_init(FIDO_DEBUG);
+        fido_set_log_handler(consume_str);
 
         dev_reset(&p);
         dev_get_cbor_info(&p);
diff --git a/fuzz/harnesses/assert b/fuzz/harnesses/assert
deleted file mode 100755
index 55cd889..0000000
--- a/fuzz/harnesses/assert
+++ /dev/null
@@ -1,32 +0,0 @@
-#!/bin/bash -u
-# Copyright (c) 2019 Yubico AB. All rights reserved.
-# Use of this source code is governed by a BSD-style
-# license that can be found in the LICENSE file.
-
-T=assert
-
-sync() {
-        mkdir ${T}
-        ssh "${REMOTE}" "cd ${T}/afl-out && tar -cf- queue ../pubkey" | \
-                tar -C ${T} -xf-
-}
-
-run() {
-        find ${T}/queue -type f | while read f; do
-                cat "${f}" | LD_PRELOAD=${PRELOAD} build/examples/assert \
-                        ${T}/pubkey nodev 2>/dev/null 1>&2
-        done
-}
-
-case "$1" in
-sync)
-        sync
-        ;;
-run)
-        run
-        exit 0
-        ;;
-*)
-        echo unknown command "$1"
-        exit 1
-esac
diff --git a/fuzz/harnesses/assert-rsa-h-p b/fuzz/harnesses/assert-rsa-h-p
deleted file mode 100755
index 8eb9ea6..0000000
--- a/fuzz/harnesses/assert-rsa-h-p
+++ /dev/null
@@ -1,33 +0,0 @@
-#!/bin/bash -u
-# Copyright (c) 2019 Yubico AB. All rights reserved.
-# Use of this source code is governed by a BSD-style
-# license that can be found in the LICENSE file.
-
-T=assert-rsa-h-p
-
-sync() {
-        mkdir ${T}
-        ssh "${REMOTE}" "cd ${T}/afl-out && tar -cf- queue ../pubkey ../hmac-salt" | \
-                tar -C ${T} -xf-
-}
-
-run() {
-        find ${T}/queue -type f | while read f; do
-                cat "${f}" | LD_PRELOAD=${PRELOAD} build/examples/assert \
-                        -t rsa -h ${T}/hmac-out -s ${T}/hmac-salt \
-                        -p ${T}/pubkey nodev 2>/dev/null 1>&2
-        done
-}
-
-case "$1" in
-sync)
-        sync
-        ;;
-run)
-        run
-        exit 0
-        ;;
-*)
-        echo unknown command "$1"
-        exit 1
-esac
diff --git a/fuzz/harnesses/assert-u2f b/fuzz/harnesses/assert-u2f
deleted file mode 100755
index 257d1d6..0000000
--- a/fuzz/harnesses/assert-u2f
+++ /dev/null
@@ -1,32 +0,0 @@
-#!/bin/bash -u
-# Copyright (c) 2019 Yubico AB. All rights reserved.
-# Use of this source code is governed by a BSD-style
-# license that can be found in the LICENSE file.
-
-T=assert-u2f
-
-sync() {
-        mkdir ${T}
-        ssh "${REMOTE}" "cd ${T}/afl-out && tar -cf- queue ../cred_id ../pubkey" | \
-                tar -C ${T} -xf-
-}
-
-run() {
-        find ${T}/queue -type f | while read f; do
-                cat "${f}" | LD_PRELOAD=${PRELOAD} build/examples/assert -up \
-                        -a ${T}/cred_id ${T}/pubkey nodev 2>/dev/null 1>&2
-        done
-}
-
-case "$1" in
-sync)
-        sync
-        ;;
-run)
-        run
-        exit 0
-        ;;
-*)
-        echo unknown command "$1"
-        exit 1
-esac
diff --git a/fuzz/harnesses/cred b/fuzz/harnesses/cred
deleted file mode 100755
index 71ee845..0000000
--- a/fuzz/harnesses/cred
+++ /dev/null
@@ -1,31 +0,0 @@
-#!/bin/bash -u
-# Copyright (c) 2019 Yubico AB. All rights reserved.
-# Use of this source code is governed by a BSD-style
-# license that can be found in the LICENSE file.
-
-T=cred
-
-sync() {
-        mkdir ${T}
-        ssh "${REMOTE}" "cd ${T}/afl-out && tar -cf- queue" | tar -C ${T} -xf-
-}
-
-run() {
-        find ${T}/queue -type f | while read f; do
-                cat "${f}" | LD_PRELOAD=${PRELOAD} build/examples/cred \
-                        -k ${T}/pubkey -i ${T}/cred_id nodev 2>/dev/null 1>&2
-        done
-}
-
-case "$1" in
-sync)
-        sync
-        ;;
-run)
-        run
-        exit 0
-        ;;
-*)
-        echo unknown command "$1"
-        exit 1
-esac
diff --git a/fuzz/harnesses/cred-rsa-h-p b/fuzz/harnesses/cred-rsa-h-p
deleted file mode 100755
index bb14c23..0000000
--- a/fuzz/harnesses/cred-rsa-h-p
+++ /dev/null
@@ -1,32 +0,0 @@
-#!/bin/bash -u
-# Copyright (c) 2019 Yubico AB. All rights reserved.
-# Use of this source code is governed by a BSD-style
-# license that can be found in the LICENSE file.
-
-T=cred-rsa-h-p
-
-sync() {
-        mkdir ${T}
-        ssh "${REMOTE}" "cd ${T}/afl-out && tar -cf- queue" | tar -C ${T} -xf-
-}
-
-run() {
-        find ${T}/queue -type f | while read f; do
-                cat "${f}" | LD_PRELOAD=${PRELOAD} build/examples/cred \
-                        -t rsa -r -k ${T}/pubkey -i ${T}/cred_id -h nodev \
-                        2>/dev/null 1>&2
-        done
-}
-
-case "$1" in
-sync)
-        sync
-        ;;
-run)
-        run
-        exit 0
-        ;;
-*)
-        echo unknown command "$1"
-        exit 1
-esac
diff --git a/fuzz/harnesses/cred-u2f b/fuzz/harnesses/cred-u2f
deleted file mode 100755
index 3af4393..0000000
--- a/fuzz/harnesses/cred-u2f
+++ /dev/null
@@ -1,31 +0,0 @@
-#!/bin/bash -u
-# Copyright (c) 2019 Yubico AB. All rights reserved.
-# Use of this source code is governed by a BSD-style
-# license that can be found in the LICENSE file.
-
-T=cred-u2f
-
-sync() {
-        mkdir ${T}
-        ssh "${REMOTE}" "cd ${T}/afl-out && tar -cf- queue" | tar -C ${T} -xf-
-}
-
-run() {
-        find ${T}/queue -type f | while read f; do
-                cat "${f}" | LD_PRELOAD=${PRELOAD} build/examples/cred \
-                        -k ${T}/pubkey -i ${T}/cred_id -u nodev 2>/dev/null 1>&2
-        done
-}
-
-case "$1" in
-sync)
-        sync
-        ;;
-run)
-        run
-        exit 0
-        ;;
-*)
-        echo unknown command "$1"
-        exit 1
-esac
diff --git a/fuzz/harnesses/cred-u2f-exclude b/fuzz/harnesses/cred-u2f-exclude
deleted file mode 100755
index 3777134..0000000
--- a/fuzz/harnesses/cred-u2f-exclude
+++ /dev/null
@@ -1,33 +0,0 @@
-#!/bin/bash -u
-# Copyright (c) 2019 Yubico AB. All rights reserved.
-# Use of this source code is governed by a BSD-style
-# license that can be found in the LICENSE file.
-
-T=cred-u2f-exclude
-
-sync() {
-        mkdir ${T}
-        ssh "${REMOTE}" "cd ${T}/afl-out && tar -cf- queue ../excl_id" | \
-                tar -C ${T} -xf-
-}
-
-run() {
-        find ${T}/queue -type f | while read f; do
-                cat "${f}" | LD_PRELOAD=${PRELOAD} build/examples/cred \
-                        -k ${T}/pubkey -i ${T}/cred_id -e ${T}/excl_id \
-                        -u nodev 2>/dev/null 1>&2
-        done
-}
-
-case "$1" in
-sync)
-        sync
-        ;;
-run)
-        run
-        exit 0
-        ;;
-*)
-        echo unknown command "$1"
-        exit 1
-esac
diff --git a/fuzz/harnesses/fido2-assert-G b/fuzz/harnesses/fido2-assert-G
deleted file mode 100755
index 6671449..0000000
--- a/fuzz/harnesses/fido2-assert-G
+++ /dev/null
@@ -1,31 +0,0 @@
-#!/bin/bash -u
-# Copyright (c) 2019 Yubico AB. All rights reserved.
-# Use of this source code is governed by a BSD-style
-# license that can be found in the LICENSE file.
-
-T=fido2-assert-G
-
-sync() {
-        mkdir ${T}
-        ssh "${REMOTE}" "cd ${T}/afl-out && tar -cf- queue" | tar -C ${T} -xf-
-}
-
-run() {
-        find ${T}/queue -type f | while read f; do
-                cat "${f}" | LD_PRELOAD=${PRELOAD} build/tools/fido2-assert \
-                        -G -i - nodev 2>/dev/null 1>&2
-        done
-}
-
-case "$1" in
-sync)
-        sync
-        ;;
-run)
-        run
-        exit 0
-        ;;
-*)
-        echo unknown command "$1"
-        exit 1
-esac
diff --git a/fuzz/harnesses/fido2-assert-V b/fuzz/harnesses/fido2-assert-V
deleted file mode 100755
index 898cb0f..0000000
--- a/fuzz/harnesses/fido2-assert-V
+++ /dev/null
@@ -1,32 +0,0 @@
-#!/bin/bash -u
-# Copyright (c) 2019 Yubico AB. All rights reserved.
-# Use of this source code is governed by a BSD-style
-# license that can be found in the LICENSE file.
-
-T=fido2-assert-V
-
-sync() {
-        mkdir ${T}
-        ssh "${REMOTE}" "cd ${T}/afl-out && tar -cf- queue ../pubkey" | \
-                tar -C ${T} -xf-
-}
-
-run() {
-        find ${T}/queue -type f | while read f; do
-                cat "${f}" | LD_PRELOAD=${PRELOAD} build/tools/fido2-assert -V \
-                        pubkey es256 2>/dev/null 1>&2
-        done
-}
-
-case "$1" in
-sync)
-        sync
-        ;;
-run)
-        run
-        exit 0
-        ;;
-*)
-        echo unknown command "$1"
-        exit 1
-esac
diff --git a/fuzz/harnesses/fido2-cred-M b/fuzz/harnesses/fido2-cred-M
deleted file mode 100755
index f82fbf7..0000000
--- a/fuzz/harnesses/fido2-cred-M
+++ /dev/null
@@ -1,31 +0,0 @@
-#!/bin/bash -u
-# Copyright (c) 2019 Yubico AB. All rights reserved.
-# Use of this source code is governed by a BSD-style
-# license that can be found in the LICENSE file.
-
-T=fido2-cred-M
-
-sync() {
-        mkdir ${T}
-        ssh "${REMOTE}" "cd ${T}/afl-out && tar -cf- queue" | tar -C ${T} -xf-
-}
-
-run() {
-        find ${T}/queue -type f | while read f; do
-                cat "${f}" | LD_PRELOAD=${PRELOAD} build/tools/fido2-cred -M \
-                        -q -i - nodev 2>/dev/null 1>&2
-        done
-}
-
-case "$1" in
-sync)
-        sync
-        ;;
-run)
-        run
-        exit 0
-        ;;
-*)
-        echo unknown command "$1"
-        exit 1
-esac
diff --git a/fuzz/harnesses/fido2-cred-V b/fuzz/harnesses/fido2-cred-V
deleted file mode 100755
index 13a648f..0000000
--- a/fuzz/harnesses/fido2-cred-V
+++ /dev/null
@@ -1,31 +0,0 @@
-#!/bin/bash -u
-# Copyright (c) 2019 Yubico AB. All rights reserved.
-# Use of this source code is governed by a BSD-style
-# license that can be found in the LICENSE file.
-
-T=fido2-cred-V
-
-sync() {
-        mkdir ${T}
-        ssh "${REMOTE}" "cd ${T}/afl-out && tar -cf- queue" | tar -C ${T} -xf-
-}
-
-run() {
-        find ${T}/queue -type f | while read f; do
-                cat "${f}" | LD_PRELOAD=${PRELOAD} build/tools/fido2-cred -V \
-                        -o cred 2>/dev/null 1>&2
-        done
-}
-
-case "$1" in
-sync)
-        sync
-        ;;
-run)
-        run
-        exit 0
-        ;;
-*)
-        echo unknown command "$1"
-        exit 1
-esac
diff --git a/fuzz/harnesses/fuzz_assert b/fuzz/harnesses/fuzz_assert
deleted file mode 100755
index 6a0baa9..0000000
--- a/fuzz/harnesses/fuzz_assert
+++ /dev/null
@@ -1,29 +0,0 @@
-#!/bin/bash -u
-# Copyright (c) 2019 Yubico AB. All rights reserved.
-# Use of this source code is governed by a BSD-style
-# license that can be found in the LICENSE file.
-
-T=fuzz_assert
-
-sync() {
-        mkdir ${T}
-        ssh "${REMOTE}" "cd ${T} && tar -cf- corpus" | tar -C ${T} -xf-
-}
-
-run() {
-        build/fuzz/fuzz_assert -max_len=17408 -runs=1 ${T}/corpus \
-                2>/dev/null 1>&2
-}
-
-case "$1" in
-sync)
-        sync
-        ;;
-run)
-        run
-        exit 0
-        ;;
-*)
-        echo unknown command "$1"
-        exit 1
-esac
diff --git a/fuzz/harnesses/fuzz_bio b/fuzz/harnesses/fuzz_bio
deleted file mode 100755
index f4bab19..0000000
--- a/fuzz/harnesses/fuzz_bio
+++ /dev/null
@@ -1,29 +0,0 @@
-#!/bin/bash -u
-# Copyright (c) 2019 Yubico AB. All rights reserved.
-# Use of this source code is governed by a BSD-style
-# license that can be found in the LICENSE file.
-
-T=fuzz_bio
-
-sync() {
-        mkdir ${T}
-        ssh "${REMOTE}" "cd ${T} && tar -cf- corpus" | tar -C ${T} -xf-
-}
-
-run() {
-        build/fuzz/fuzz_bio -max_len=17408 -runs=1 ${T}/corpus \
-                2>/dev/null 1>&2
-}
-
-case "$1" in
-sync)
-        sync
-        ;;
-run)
-        run
-        exit 0
-        ;;
-*)
-        echo unknown command "$1"
-        exit 1
-esac
diff --git a/fuzz/harnesses/fuzz_cred b/fuzz/harnesses/fuzz_cred
deleted file mode 100755
index 8dfb168..0000000
--- a/fuzz/harnesses/fuzz_cred
+++ /dev/null
@@ -1,28 +0,0 @@
-#!/bin/bash -u
-# Copyright (c) 2019 Yubico AB. All rights reserved.
-# Use of this source code is governed by a BSD-style
-# license that can be found in the LICENSE file.
-
-T=fuzz_cred
-
-sync() {
-        mkdir ${T}
-        ssh "${REMOTE}" "cd ${T} && tar -cf- corpus" | tar -C ${T} -xf-
-}
-
-run() {
-        build/fuzz/fuzz_cred -max_len=17408 -runs=1 ${T}/corpus 2>/dev/null 1>&2
-}
-
-case "$1" in
-sync)
-        sync
-        ;;
-run)
-        run
-        exit 0
-        ;;
-*)
-        echo unknown command "$1"
-        exit 1
-esac
diff --git a/fuzz/harnesses/fuzz_credman b/fuzz/harnesses/fuzz_credman
deleted file mode 100755
index 7721a58..0000000
--- a/fuzz/harnesses/fuzz_credman
+++ /dev/null
@@ -1,28 +0,0 @@
-#!/bin/bash -u
-# Copyright (c) 2019 Yubico AB. All rights reserved.
-# Use of this source code is governed by a BSD-style
-# license that can be found in the LICENSE file.
-
-T=fuzz_credman
-
-sync() {
-        mkdir ${T}
-        ssh "${REMOTE}" "cd ${T} && tar -cf- corpus" | tar -C ${T} -xf-
-}
-
-run() {
-        build/fuzz/fuzz_credman -max_len=17408 -runs=1 ${T}/corpus 2>/dev/null 1>&2
-}
-
-case "$1" in
-sync)
-        sync
-        ;;
-run)
-        run
-        exit 0
-        ;;
-*)
-        echo unknown command "$1"
-        exit 1
-esac
diff --git a/fuzz/harnesses/fuzz_mgmt b/fuzz/harnesses/fuzz_mgmt
deleted file mode 100755
index 9224eea..0000000
--- a/fuzz/harnesses/fuzz_mgmt
+++ /dev/null
@@ -1,29 +0,0 @@
-#!/bin/bash -u
-# Copyright (c) 2019 Yubico AB. All rights reserved.
-# Use of this source code is governed by a BSD-style
-# license that can be found in the LICENSE file.
-
-T=fuzz_mgmt
-
-sync() {
-        mkdir ${T}
-        ssh "${REMOTE}" "cd ${T} && tar -cf- corpus" | tar -C ${T} -xf-
-}
-
-run() {
-        build/fuzz/fuzz_mgmt -max_len=17408 -runs=1 ${T}/corpus \
-                2>/dev/null 1>&2
-}
-
-case "$1" in
-sync)
-        sync
-        ;;
-run)
-        run
-        exit 0
-        ;;
-*)
-        echo unknown command "$1"
-        exit 1
-esac
diff --git a/fuzz/mutator_aux.c b/fuzz/mutator_aux.c
index 24aa716..fe09438 100644
--- a/fuzz/mutator_aux.c
+++ b/fuzz/mutator_aux.c
@@ -37,6 +37,12 @@ consume(const void *body, size_t len)
                 x ^= *ptr++;
 }
 
+void
+consume_str(const char *str)
+{
+        consume(str, strlen(str));
+}
+
 int
 unpack_int(uint8_t t, uint8_t **ptr, size_t *len, int *v) NO_MSAN
 {
@@ -227,6 +233,30 @@ pack_blob(uint8_t t, uint8_t **ptr, size_t *len, const struct blob *v) NO_MSAN
         return (0);
 }
 
+size_t
+len_int(void)
+{
+        return (sizeof(uint8_t) + sizeof(size_t) + sizeof(int));
+}
+
+size_t
+len_string(int max)
+{
+        return ((sizeof(uint8_t) + sizeof(size_t)) + (max ?  MAXSTR - 1 : 0));
+}
+
+size_t
+len_byte(void)
+{
+        return (sizeof(uint8_t) + sizeof(size_t) + sizeof(uint8_t));
+}
+
+size_t
+len_blob(int max)
+{
+        return (sizeof(uint8_t) + sizeof(size_t) + (max ? MAXBLOB : 0));
+}
+
 void
 mutate_byte(uint8_t *b)
 {
diff --git a/fuzz/mutator_aux.h b/fuzz/mutator_aux.h
index 687f130..d14e177 100644
--- a/fuzz/mutator_aux.h
+++ b/fuzz/mutator_aux.h
@@ -7,6 +7,9 @@
 #ifndef _MUTATOR_AUX_H
 #define _MUTATOR_AUX_H
 
+#include <stddef.h>
+#include <stdint.h>
+
 /*
  * As of LLVM 7.0.1, MSAN support in libFuzzer was still experimental.
  * We therefore have to be careful when using our custom mutator, or
@@ -31,6 +34,9 @@
 #define MAXSTR  1024
 #define MAXBLOB 3072
 
+#define GETLEN_MIN      0
+#define GETLEN_MAX      1
+
 struct blob {
         uint8_t body[MAXBLOB];
         size_t  len;
@@ -38,6 +44,7 @@ struct blob {
 
 size_t xstrlen(const char *);
 void consume(const void *, size_t);
+void consume_str(const char *);
 
 int unpack_blob(uint8_t, uint8_t **, size_t *, struct blob *);
 int unpack_byte(uint8_t, uint8_t **, size_t *, uint8_t *);
@@ -49,6 +56,11 @@ int pack_byte(uint8_t, uint8_t **, size_t *, uint8_t);
 int pack_int(uint8_t, uint8_t **, size_t *, int);
 int pack_string(uint8_t, uint8_t **, size_t *, const char *);
 
+size_t len_int(void);
+size_t len_string(int);
+size_t len_byte(void);
+size_t len_blob(int);
+
 void mutate_byte(uint8_t *);
 void mutate_int(int *);
 void mutate_blob(struct blob *);
@@ -60,6 +72,9 @@ void set_wire_data(uint8_t *, size_t);
 int dev_read(void *, unsigned char *, size_t, int);
 int dev_write(void *, const unsigned char *, size_t);
 
+void prng_init(unsigned long);
+unsigned long prng_uint32(void);
+
 uint32_t uniform_random(uint32_t);
 
 #endif /* !_MUTATOR_AUX_H */
diff --git a/fuzz/prng.c b/fuzz/prng.c
new file mode 100755
index 0000000..fa6d4e4
--- /dev/null
+++ b/fuzz/prng.c
@@ -0,0 +1,112 @@
+/* 
+   A C-program for MT19937, with initialization improved 2002/1/26.
+   Coded by Takuji Nishimura and Makoto Matsumoto.
+
+   Copyright (C) 1997 - 2002, Makoto Matsumoto and Takuji Nishimura,
+   All rights reserved.                          
+
+   Redistribution and use in source and binary forms, with or without
+   modification, are permitted provided that the following conditions
+   are met:
+
+     1. Redistributions of source code must retain the above copyright
+        notice, this list of conditions and the following disclaimer.
+
+     2. Redistributions in binary form must reproduce the above copyright
+        notice, this list of conditions and the following disclaimer in the
+        documentation and/or other materials provided with the distribution.
+
+     3. The names of its contributors may not be used to endorse or promote 
+        products derived from this software without specific prior written 
+        permission.
+
+   THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+   "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+   LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+   A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+   CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+   EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+   PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+   PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+   LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+   NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+   SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+
+   Any feedback is very welcome.
+   http://www.math.sci.hiroshima-u.ac.jp/~m-mat/MT/emt.html
+   email: m-mat @ math.sci.hiroshima-u.ac.jp (remove space)
+*/
+
+#include <assert.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include "mutator_aux.h"
+
+#define init_genrand prng_init
+#define genrand_int32 prng_uint32
+
+/* Period parameters */  
+#define N 624
+#define M 397
+#define MATRIX_A 0x9908b0dfUL   /* constant vector a */
+#define UPPER_MASK 0x80000000UL /* most significant w-r bits */
+#define LOWER_MASK 0x7fffffffUL /* least significant r bits */
+
+int prng_up = 0;
+static unsigned long mt[N]; /* the array for the state vector  */
+static int mti=N+1; /* mti==N+1 means mt[N] is not initialized */
+
+/* initializes mt[N] with a seed */
+void init_genrand(unsigned long s)
+{
+    mt[0]= s & 0xffffffffUL;
+    for (mti=1; mti<N; mti++) {
+        mt[mti] = 
+            (1812433253UL * (mt[mti-1] ^ (mt[mti-1] >> 30)) + mti); 
+        /* See Knuth TAOCP Vol2. 3rd Ed. P.106 for multiplier. */
+        /* In the previous versions, MSBs of the seed affect   */
+        /* only MSBs of the array mt[].                        */
+        /* 2002/01/09 modified by Makoto Matsumoto             */
+        mt[mti] &= 0xffffffffUL;
+        /* for >32 bit machines */
+    }
+    prng_up = 1;
+}
+
+/* generates a random number on [0,0xffffffff]-interval */
+unsigned long genrand_int32(void)
+{
+    unsigned long y;
+    static unsigned long mag01[2]={0x0UL, MATRIX_A};
+    /* mag01[x] = x * MATRIX_A  for x=0,1 */
+
+    if (mti >= N) { /* generate N words at one time */
+        int kk;
+
+        assert(mti != N+1);
+
+        for (kk=0;kk<N-M;kk++) {
+            y = (mt[kk]&UPPER_MASK)|(mt[kk+1]&LOWER_MASK);
+            mt[kk] = mt[kk+M] ^ (y >> 1) ^ mag01[y & 0x1UL];
+        }
+        for (;kk<N-1;kk++) {
+            y = (mt[kk]&UPPER_MASK)|(mt[kk+1]&LOWER_MASK);
+            mt[kk] = mt[kk+(M-N)] ^ (y >> 1) ^ mag01[y & 0x1UL];
+        }
+        y = (mt[N-1]&UPPER_MASK)|(mt[0]&LOWER_MASK);
+        mt[N-1] = mt[M-1] ^ (y >> 1) ^ mag01[y & 0x1UL];
+
+        mti = 0;
+    }
+  
+    y = mt[mti++];
+
+    /* Tempering */
+    y ^= (y >> 11);
+    y ^= (y << 7) & 0x9d2c5680UL;
+    y ^= (y << 15) & 0xefc60000UL;
+    y ^= (y >> 18);
+
+    return y;
+}
diff --git a/fuzz/report b/fuzz/report
deleted file mode 100755
index bebb0ca..0000000
--- a/fuzz/report
+++ /dev/null
@@ -1,80 +0,0 @@
-#!/bin/bash -e
-# Copyright (c) 2019 Yubico AB. All rights reserved.
-# Use of this source code is governed by a BSD-style
-# license that can be found in the LICENSE file.
-#
-# XXX This should really be a Makefile.
-
-T=""
-#T+=" harnesses/assert"
-#T+=" harnesses/assert-rsa-h-p"
-#T+=" harnesses/assert-u2f"
-#T+=" harnesses/cred"
-#T+=" harnesses/cred-rsa-h-p"
-#T+=" harnesses/cred-u2f"
-#T+=" harnesses/cred-u2f-exclude"
-#T+=" harnesses/fido2-assert-G"
-#T+=" harnesses/fido2-assert-V"
-#T+=" harnesses/fido2-cred-M"
-#T+=" harnesses/fido2-cred-V"
-T+=" harnesses/fuzz_assert"
-T+=" harnesses/fuzz_bio"
-T+=" harnesses/fuzz_cred"
-T+=" harnesses/fuzz_credman"
-T+=" harnesses/fuzz_mgmt"
-
-clean() {
-        echo cleaning
-        rm -rf obj
-        mkdir obj
-}
-
-build() {
-        echo building
-        mkdir obj/build
-        (cd obj/build && cmake -DFUZZ=1 -DLIBFUZZER=1 -DCMAKE_C_COMPILER=clang \
-                -DCOVERAGE=1 -DCMAKE_BUILD_TYPE=Debug ../../..) 2>/dev/null 1>&2
-        make -C obj/build 2>/dev/null 1>&2
-        cc -fPIC -D_GNU_SOURCE -shared -o obj/preload-fuzz.so preload-fuzz.c
-}
-
-sync() {
-        if [ -n "${REMOTE}" ]; then
-                for t in ${T}; do
-                        echo syncing ${t}
-                        (cd obj && REMOTE="${REMOTE}" ../${t} sync)
-                done
-        else
-                tar -C obj -zxf corpus.tgz
-        fi
-}
-
-run() {
-        export LLVM_PROFILE_FILE="profraw/%h-%p.profraw"
-        export PRELOAD=$(realpath obj/preload-fuzz.so)
-
-        for t in ${T}; do
-                echo running ${t}
-                (cd obj && ../${t} run)
-        done
-}
-
-merge() {
-        echo merging
-        (cd obj && \
-                llvm-profdata merge -sparse profraw/*.profraw \
-                        -o libfido2.profdata &&
-                llvm-cov show -format=html -tab-size=8 build/src/libfido2.so \
-                        -instr-profile=libfido2.profdata > report.html &&
-                llvm-cov report -use-color=false build/src/libfido2.so \
-                        -instr-profile=libfido2.profdata > summary.txt &&
-                llvm-cov report -use-color=false -show-functions \
-                        -instr-profile=libfido2.profdata build/src/libfido2.so \
-                        ../../src/*.[ch] > functions.txt)
-}
-
-clean
-build
-sync
-run
-merge
diff --git a/fuzz/report.html.gz b/fuzz/report.html.gz
deleted file mode 100644
index 9f07223..0000000
--- a/fuzz/report.html.gz
+++ /dev/null
diff --git a/fuzz/report.tgz b/fuzz/report.tgz
new file mode 100644
index 0000000..8a002f0
--- /dev/null
+++ b/fuzz/report.tgz
diff --git a/fuzz/summary.txt b/fuzz/summary.txt
index e494865..da9d165 100644
--- a/fuzz/summary.txt
+++ b/fuzz/summary.txt
@@ -1,34 +1,36 @@
 Filename                             Regions    Missed Regions     Cover   Functions  Missed Functions  Executed       Lines      Missed Lines     Cover
 --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+fuzz/prng.c                               31                 0   100.00%           2                 0   100.00%          48                 0   100.00%
 fuzz/uniform_random.c                      7                 1    85.71%           1                 0   100.00%          23                 1    95.65%
-fuzz/wrap.c                                4                 0   100.00%           1                 0   100.00%           7                 0   100.00%
+fuzz/wrap.c                                6                 0   100.00%           1                 0   100.00%           7                 0   100.00%
 openbsd-compat/explicit_bzero.c            4                 0   100.00%           1                 0   100.00%          12                 0   100.00%
 openbsd-compat/recallocarray.c            41                 7    82.93%           1                 0   100.00%          49                 7    85.71%
+openbsd-compat/strlcat.c                  12                 1    91.67%           1                 0   100.00%          25                 1    96.00%
 openbsd-compat/timingsafe_bcmp.c           4                 0   100.00%           1                 0   100.00%           8                 0   100.00%
 src/aes256.c                              56                 0   100.00%           2                 0   100.00%          82                 0   100.00%
-src/assert.c                             569                29    94.90%          53                 1    98.11%         901                60    93.34%
-src/authkey.c                             45                 0   100.00%           5                 0   100.00%          75                 0   100.00%
-src/bio.c                                422                21    95.02%          49                 2    95.92%         661                25    96.22%
+src/assert.c                             566                43    92.40%          53                 1    98.11%         900                87    90.33%
+src/authkey.c                             44                 0   100.00%           5                 0   100.00%          75                 0   100.00%
+src/bio.c                                418                20    95.22%          49                 2    95.92%         661                22    96.67%
 src/blob.c                                39                 1    97.44%           7                 0   100.00%          73                 4    94.52%
 src/buf.c                                  8                 1    87.50%           2                 0   100.00%          20                 1    95.00%
-src/cbor.c                               844                31    96.33%          51                 1    98.04%        1319                47    96.44%
-src/cred.c                               532                35    93.42%          54                 1    98.15%         850                55    93.53%
-src/credman.c                            381                18    95.28%          38                 0   100.00%         589                15    97.45%
-src/dev.c                                131                22    83.21%          19                 1    94.74%         183                30    83.61%
+src/cbor.c                               884                70    92.08%          52                 2    96.15%        1371               106    92.27%
+src/cred.c                               534                51    90.45%          55                 1    98.18%         830                78    90.60%
+src/credman.c                            376                18    95.21%          38                 0   100.00%         589                15    97.45%
+src/dev.c                                201                85    57.71%          26                 8    69.23%         294               128    56.46%
 src/ecdh.c                                68                 0   100.00%           2                 0   100.00%         104                 0   100.00%
-src/eddsa.c                               54                 4    92.59%           8                 0   100.00%          79                 2    97.47%
+src/eddsa.c                               54                 0   100.00%           8                 0   100.00%          79                 0   100.00%
 src/err.c                                108               108     0.00%           1                 1     0.00%         112               112     0.00%
-src/es256.c                              273                 4    98.53%          16                 0   100.00%         372                13    96.51%
+src/es256.c                              278                 0   100.00%          16                 0   100.00%         377                 0   100.00%
 src/hid.c                                 16                16     0.00%           8                 8     0.00%          38                38     0.00%
-src/hid_linux.c                          166               166     0.00%          12                12     0.00%         287               287     0.00%
-src/info.c                               148                 1    99.32%          31                 0   100.00%         305                 0   100.00%
-src/io.c                                 113                 6    94.69%           7                 0   100.00%         201                13    93.53%
+src/hid_linux.c                          166               166     0.00%          12                12     0.00%         292               292     0.00%
+src/info.c                               146                 0   100.00%          31                 0   100.00%         304                 0   100.00%
+src/io.c                                 123                 5    95.93%          10                 0   100.00%         218                11    94.95%
 src/iso7816.c                             18                 1    94.44%           5                 0   100.00%          47                 0   100.00%
-src/log.c                                 16                10    37.50%           3                 1    66.67%          34                23    32.35%
-src/pin.c                                250                 0   100.00%          16                 0   100.00%         364                 0   100.00%
-src/reset.c                               20                 0   100.00%           3                 0   100.00%          23                 0   100.00%
-src/rs256.c                              102                 6    94.12%           8                 0   100.00%         140                 9    93.57%
-src/u2f.c                                436                11    97.48%          13                 0   100.00%         686                22    96.79%
+src/log.c                                 34                 2    94.12%           5                 1    80.00%          50                 3    94.00%
+src/pin.c                                248                 0   100.00%          16                 0   100.00%         365                 0   100.00%
+src/reset.c                               19                 0   100.00%           3                 0   100.00%          22                 0   100.00%
+src/rs256.c                              102                29    71.57%           8                 3    62.50%         140                44    68.57%
+src/u2f.c                                443                28    93.68%          13                 0   100.00%         699                52    92.56%
 
 Files which contain no functions:
 src/extern.h                               0                 0         -           0                 0         -           0                 0         -
@@ -36,4 +38,4 @@ src/fido.h                                 0                 0         -
 src/fido/err.h                             0                 0         -           0                 0         -           0                 0         -
 src/fido/param.h                           0                 0         -           0                 0         -           0                 0         -
 --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-TOTAL                                   4875               499    89.76%         418                28    93.30%        7644               764    90.01%
+TOTAL                                   5054               653    87.08%         435                39    91.03%        7914              1002    87.34%
diff --git a/fuzz/uniform_random.c b/fuzz/uniform_random.c
index 7711d69..357091c 100644
--- a/fuzz/uniform_random.c
+++ b/fuzz/uniform_random.c
@@ -18,6 +18,7 @@
 #include <stdlib.h>
 
 uint32_t uniform_random(uint32_t);
+unsigned long prng_uint32(void);
 
 /*
  * Calculate a uniformly distributed random number less than upper_bound
@@ -47,7 +48,7 @@ uniform_random(uint32_t upper_bound)
          * to re-roll.
          */
         for (;;) {
-                r = (uint32_t)random();
+                r = (uint32_t)prng_uint32();
                 if (r >= min)
                         break;
         }
diff --git a/fuzz/wiredata_fido2.h b/fuzz/wiredata_fido2.h
new file mode 100644
index 0000000..57402ef
--- /dev/null
+++ b/fuzz/wiredata_fido2.h
@@ -0,0 +1,569 @@
+/*
+ * Copyright (c) 2020 Yubico AB. All rights reserved.
+ * Use of this source code is governed by a BSD-style
+ * license that can be found in the LICENSE file.
+ */
+
+#ifndef _WIREDATA_FIDO2_H
+#define _WIREDATA_FIDO2_H
+
+#define WIREDATA_CTAP_INIT                              \
+        0xff, 0xff, 0xff, 0xff, 0x86, 0x00, 0x11, 0x80, \
+        0x43, 0x56, 0x40, 0xb1, 0x4e, 0xd9, 0x2d, 0x00, \
+        0x22, 0x00, 0x02, 0x02, 0x05, 0x02, 0x01, 0x05, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+
+#define WIREDATA_CTAP_KEEPALIVE                         \
+        0x00, 0x22, 0x00, 0x02, 0xbb, 0x00, 0x01, 0x02, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+
+#define WIREDATA_CTAP_CBOR_INFO                         \
+        0x00, 0x22, 0x00, 0x02, 0x90, 0x00, 0xb9, 0x00, \
+        0xa9, 0x01, 0x83, 0x66, 0x55, 0x32, 0x46, 0x5f, \
+        0x56, 0x32, 0x68, 0x46, 0x49, 0x44, 0x4f, 0x5f, \
+        0x32, 0x5f, 0x30, 0x6c, 0x46, 0x49, 0x44, 0x4f, \
+        0x5f, 0x32, 0x5f, 0x31, 0x5f, 0x50, 0x52, 0x45, \
+        0x02, 0x82, 0x6b, 0x63, 0x72, 0x65, 0x64, 0x50, \
+        0x72, 0x6f, 0x74, 0x65, 0x63, 0x74, 0x6b, 0x68, \
+        0x6d, 0x61, 0x63, 0x2d, 0x73, 0x65, 0x63, 0x72, \
+        0x00, 0x22, 0x00, 0x02, 0x00, 0x65, 0x74, 0x03, \
+        0x50, 0x19, 0x56, 0xe5, 0xbd, 0xa3, 0x74, 0x45, \
+        0xf1, 0xa8, 0x14, 0x35, 0x64, 0x03, 0xfd, 0xbc, \
+        0x18, 0x04, 0xa5, 0x62, 0x72, 0x6b, 0xf5, 0x62, \
+        0x75, 0x70, 0xf5, 0x64, 0x70, 0x6c, 0x61, 0x74, \
+        0xf4, 0x69, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, \
+        0x50, 0x69, 0x6e, 0xf4, 0x75, 0x63, 0x72, 0x65, \
+        0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x4d, \
+        0x00, 0x22, 0x00, 0x02, 0x01, 0x67, 0x6d, 0x74, \
+        0x50, 0x72, 0x65, 0x76, 0x69, 0x65, 0x77, 0xf5, \
+        0x05, 0x19, 0x04, 0xb0, 0x06, 0x81, 0x01, 0x07, \
+        0x08, 0x08, 0x18, 0x80, 0x0a, 0x82, 0xa2, 0x63, \
+        0x61, 0x6c, 0x67, 0x26, 0x64, 0x74, 0x79, 0x70, \
+        0x65, 0x6a, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, \
+        0x2d, 0x6b, 0x65, 0x79, 0xa2, 0x63, 0x61, 0x6c, \
+        0x67, 0x27, 0x64, 0x74, 0x79, 0x70, 0x65, 0x6a, \
+        0x00, 0x22, 0x00, 0x02, 0x02, 0x70, 0x75, 0x62, \
+        0x6c, 0x69, 0x63, 0x2d, 0x6b, 0x65, 0x79, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+
+#define WIREDATA_CTAP_CBOR_RESET                        \
+        0x00, 0x22, 0x00, 0x02, 0x90, 0x00, 0x01, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+
+#define WIREDATA_CTAP_CBOR_AUTHKEY                      \
+        0x00, 0x22, 0x00, 0x02, 0x90, 0x00, 0x51, 0x00, \
+        0xa1, 0x01, 0xa5, 0x01, 0x02, 0x03, 0x38, 0x18, \
+        0x20, 0x01, 0x21, 0x58, 0x20, 0x2a, 0xb8, 0x2d, \
+        0x36, 0x69, 0xab, 0x30, 0x9d, 0xe3, 0x5e, 0x9b, \
+        0xfb, 0x94, 0xfc, 0x1d, 0x92, 0x95, 0xaf, 0x01, \
+        0x47, 0xfe, 0x4b, 0x87, 0xe5, 0xcf, 0x3f, 0x05, \
+        0x0b, 0x39, 0xda, 0x17, 0x49, 0x22, 0x58, 0x20, \
+        0x15, 0x1b, 0xbe, 0x08, 0x78, 0x60, 0x4d, 0x3c, \
+        0x00, 0x22, 0x00, 0x03, 0x00, 0x3f, 0xf1, 0x60, \
+        0xa6, 0xd8, 0xf8, 0xed, 0xce, 0x4a, 0x30, 0x5d, \
+        0x1a, 0xaf, 0x80, 0xc4, 0x0a, 0xd2, 0x6f, 0x77, \
+        0x38, 0x12, 0x97, 0xaa, 0xbd, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+
+#define WIREDATA_CTAP_CBOR_PINTOKEN                     \
+        0x00, 0x22, 0x00, 0x02, 0x90, 0x00, 0x14, 0x00, \
+        0xa1, 0x02, 0x50, 0xee, 0x40, 0x4c, 0x85, 0xd7, \
+        0xa1, 0x2f, 0x56, 0xc4, 0x4e, 0xc5, 0x93, 0x41, \
+        0xd0, 0x3b, 0x23, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+
+#define WIREDATA_CTAP_CBOR_STATUS                       \
+        0x00, 0x22, 0x00, 0x02, 0x90, 0x00, 0x01, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+
+#define WIREDATA_CTAP_CBOR_RETRIES                      \
+        0x00, 0x22, 0x00, 0x02, 0x90, 0x00, 0x04, 0x00, \
+        0xa1, 0x03, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+
+#define WIREDATA_CTAP_CBOR_ASSERT                       \
+        0x00, 0x22, 0x00, 0x02, 0x90, 0x00, 0xcb, 0x00, \
+        0xa3, 0x01, 0xa2, 0x62, 0x69, 0x64, 0x58, 0x40, \
+        0x4a, 0x4c, 0x9e, 0xcc, 0x81, 0x7d, 0x42, 0x03, \
+        0x2b, 0x41, 0xd1, 0x38, 0xd3, 0x49, 0xb4, 0xfc, \
+        0xfb, 0xe4, 0x4e, 0xe4, 0xff, 0x76, 0x34, 0x16, \
+        0x68, 0x06, 0x9d, 0xa6, 0x01, 0x32, 0xb9, 0xff, \
+        0xc2, 0x35, 0x0d, 0x89, 0x43, 0x66, 0x12, 0xf8, \
+        0x8e, 0x5b, 0xde, 0xf4, 0xcc, 0xec, 0x9d, 0x03, \
+        0x00, 0x92, 0x00, 0x0e, 0x00, 0x85, 0xc2, 0xf5, \
+        0xe6, 0x8e, 0xeb, 0x3f, 0x3a, 0xec, 0xc3, 0x1d, \
+        0x04, 0x6e, 0xf3, 0x5b, 0x88, 0x64, 0x74, 0x79, \
+        0x70, 0x65, 0x6a, 0x70, 0x75, 0x62, 0x6c, 0x69, \
+        0x63, 0x2d, 0x6b, 0x65, 0x79, 0x02, 0x58, 0x25, \
+        0x49, 0x96, 0x0d, 0xe5, 0x88, 0x0e, 0x8c, 0x68, \
+        0x74, 0x34, 0x17, 0x0f, 0x64, 0x76, 0x60, 0x5b, \
+        0x8f, 0xe4, 0xae, 0xb9, 0xa2, 0x86, 0x32, 0xc7, \
+        0x00, 0x92, 0x00, 0x0e, 0x01, 0x99, 0x5c, 0xf3, \
+        0xba, 0x83, 0x1d, 0x97, 0x63, 0x04, 0x00, 0x00, \
+        0x00, 0x09, 0x03, 0x58, 0x47, 0x30, 0x45, 0x02, \
+        0x21, 0x00, 0xcf, 0x3f, 0x36, 0x0e, 0x1f, 0x6f, \
+        0xd6, 0xa0, 0x9d, 0x13, 0xcf, 0x55, 0xf7, 0x49, \
+        0x8f, 0xc8, 0xc9, 0x03, 0x12, 0x76, 0x41, 0x75, \
+        0x7b, 0xb5, 0x0a, 0x90, 0xa5, 0x82, 0x26, 0xf1, \
+        0x6b, 0x80, 0x02, 0x20, 0x34, 0x9b, 0x7a, 0x82, \
+        0x00, 0x92, 0x00, 0x0e, 0x02, 0xd3, 0xe1, 0x79, \
+        0x49, 0x55, 0x41, 0x9f, 0xa4, 0x06, 0x06, 0xbd, \
+        0xc8, 0xb9, 0x2b, 0x5f, 0xe1, 0xa7, 0x99, 0x1c, \
+        0xa1, 0xfc, 0x7e, 0x3e, 0xd5, 0x85, 0x2e, 0x11, \
+        0x75, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+
+#define WIREDATA_CTAP_CBOR_CRED                         \
+        0x00, 0x91, 0x00, 0x03, 0x90, 0x03, 0xe1, 0x00, \
+        0xa3, 0x01, 0x66, 0x70, 0x61, 0x63, 0x6b, 0x65, \
+        0x64, 0x02, 0x58, 0xc4, 0x49, 0x96, 0x0d, 0xe5, \
+        0x88, 0x0e, 0x8c, 0x68, 0x74, 0x34, 0x17, 0x0f, \
+        0x64, 0x76, 0x60, 0x5b, 0x8f, 0xe4, 0xae, 0xb9, \
+        0xa2, 0x86, 0x32, 0xc7, 0x99, 0x5c, 0xf3, 0xba, \
+        0x83, 0x1d, 0x97, 0x63, 0x45, 0x00, 0x00, 0x00, \
+        0x00, 0xf8, 0xa0, 0x11, 0xf3, 0x8c, 0x0a, 0x4d, \
+        0x00, 0x91, 0x00, 0x03, 0x00, 0x15, 0x80, 0x06, \
+        0x17, 0x11, 0x1f, 0x9e, 0xdc, 0x7d, 0x00, 0x40, \
+        0xed, 0x88, 0x48, 0xa1, 0xdb, 0x56, 0x4d, 0x0f, \
+        0x0d, 0xc8, 0x8f, 0x0f, 0xe9, 0x16, 0xb1, 0x78, \
+        0xa9, 0x40, 0x98, 0x71, 0xa0, 0xb3, 0xf2, 0xcf, \
+        0x05, 0x73, 0x6c, 0x12, 0xbf, 0x00, 0x96, 0xf3, \
+        0x7b, 0x93, 0xba, 0x49, 0xee, 0x23, 0xb4, 0x78, \
+        0x2e, 0xfb, 0xce, 0x27, 0xa8, 0xc2, 0x26, 0x78, \
+        0x00, 0x91, 0x00, 0x03, 0x01, 0xcc, 0x95, 0x2d, \
+        0x40, 0xdb, 0xd1, 0x40, 0x3d, 0x2b, 0xa3, 0x31, \
+        0xa0, 0x75, 0x82, 0x63, 0xf0, 0xa5, 0x01, 0x02, \
+        0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0x9d, \
+        0x95, 0xa1, 0xb5, 0xd6, 0x11, 0xbf, 0xe2, 0x28, \
+        0xa0, 0x7f, 0xca, 0x1e, 0xd9, 0x09, 0x0f, 0x0d, \
+        0xe7, 0x8e, 0x29, 0xe8, 0x2e, 0x11, 0xdb, 0x55, \
+        0x62, 0x13, 0xd7, 0x26, 0xc2, 0x7e, 0x2b, 0x22, \
+        0x00, 0x91, 0x00, 0x03, 0x02, 0x58, 0x20, 0xbe, \
+        0x74, 0x2a, 0xac, 0xde, 0x11, 0x40, 0x76, 0x31, \
+        0x0b, 0xed, 0x55, 0xde, 0xf3, 0x03, 0xe4, 0x1c, \
+        0xac, 0x42, 0x63, 0x8f, 0xe8, 0x30, 0x63, 0xb7, \
+        0x07, 0x4e, 0x5d, 0xfb, 0x17, 0x5e, 0x9b, 0x03, \
+        0xa3, 0x63, 0x61, 0x6c, 0x67, 0x26, 0x63, 0x73, \
+        0x69, 0x67, 0x58, 0x48, 0x30, 0x46, 0x02, 0x21, \
+        0x00, 0xfb, 0xd1, 0x26, 0x76, 0x34, 0x74, 0xac, \
+        0x00, 0x91, 0x00, 0x03, 0x03, 0xf6, 0xd8, 0x5c, \
+        0x5d, 0xbc, 0xda, 0xe0, 0x43, 0xe0, 0xa5, 0x42, \
+        0x9f, 0xc7, 0xe2, 0x18, 0x3e, 0xe2, 0x2c, 0x94, \
+        0x78, 0xbf, 0x9c, 0xeb, 0x3e, 0x9d, 0x02, 0x21, \
+        0x00, 0xab, 0x21, 0x1b, 0xc4, 0x30, 0x69, 0xee, \
+        0x7f, 0x09, 0xe6, 0x6b, 0x99, 0x98, 0x34, 0x07, \
+        0x7b, 0x9a, 0x58, 0xb2, 0xe8, 0x77, 0xe0, 0xba, \
+        0x7d, 0xab, 0x65, 0xf8, 0xba, 0x2a, 0xcb, 0x9a, \
+        0x00, 0x91, 0x00, 0x03, 0x04, 0x41, 0x63, 0x78, \
+        0x35, 0x63, 0x81, 0x59, 0x02, 0xb3, 0x30, 0x82, \
+        0x02, 0xaf, 0x30, 0x82, 0x01, 0x97, 0xa0, 0x03, \
+        0x02, 0x01, 0x02, 0x02, 0x04, 0x48, 0x5b, 0x3d, \
+        0xb6, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, \
+        0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, \
+        0x30, 0x21, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, \
+        0x55, 0x04, 0x03, 0x0c, 0x16, 0x59, 0x75, 0x62, \
+        0x00, 0x91, 0x00, 0x03, 0x05, 0x69, 0x63, 0x6f, \
+        0x20, 0x46, 0x49, 0x44, 0x4f, 0x20, 0x50, 0x72, \
+        0x65, 0x76, 0x69, 0x65, 0x77, 0x20, 0x43, 0x41, \
+        0x30, 0x1e, 0x17, 0x0d, 0x31, 0x38, 0x30, 0x34, \
+        0x31, 0x32, 0x31, 0x30, 0x35, 0x37, 0x31, 0x30, \
+        0x5a, 0x17, 0x0d, 0x31, 0x38, 0x31, 0x32, 0x33, \
+        0x31, 0x31, 0x30, 0x35, 0x37, 0x31, 0x30, 0x5a, \
+        0x30, 0x6f, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \
+        0x00, 0x91, 0x00, 0x03, 0x06, 0x55, 0x04, 0x06, \
+        0x13, 0x02, 0x53, 0x45, 0x31, 0x12, 0x30, 0x10, \
+        0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x09, 0x59, \
+        0x75, 0x62, 0x69, 0x63, 0x6f, 0x20, 0x41, 0x42, \
+        0x31, 0x22, 0x30, 0x20, 0x06, 0x03, 0x55, 0x04, \
+        0x0b, 0x0c, 0x19, 0x41, 0x75, 0x74, 0x68, 0x65, \
+        0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x6f, 0x72, \
+        0x20, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, \
+        0x00, 0x91, 0x00, 0x03, 0x07, 0x74, 0x69, 0x6f, \
+        0x6e, 0x31, 0x28, 0x30, 0x26, 0x06, 0x03, 0x55, \
+        0x04, 0x03, 0x0c, 0x1f, 0x59, 0x75, 0x62, 0x69, \
+        0x63, 0x6f, 0x20, 0x55, 0x32, 0x46, 0x20, 0x45, \
+        0x45, 0x20, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, \
+        0x20, 0x31, 0x32, 0x31, 0x33, 0x39, 0x33, 0x39, \
+        0x31, 0x32, 0x36, 0x30, 0x59, 0x30, 0x13, 0x06, \
+        0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, \
+        0x00, 0x91, 0x00, 0x03, 0x08, 0x06, 0x08, 0x2a, \
+        0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, \
+        0x42, 0x00, 0x04, 0xfb, 0x2c, 0xdd, 0x30, 0x43, \
+        0x28, 0xc5, 0x72, 0x4a, 0x50, 0xcc, 0xe6, 0xf6, \
+        0x0b, 0xad, 0x7d, 0x27, 0xa9, 0x1b, 0x59, 0xe1, \
+        0xe6, 0x6f, 0x29, 0x7b, 0x89, 0xc9, 0xd4, 0x3d, \
+        0xc2, 0xb2, 0xc7, 0x78, 0x89, 0xb4, 0xf0, 0xff, \
+        0x9d, 0x02, 0x28, 0xcb, 0x94, 0x6d, 0xfc, 0xe0, \
+        0x00, 0x91, 0x00, 0x03, 0x09, 0x1b, 0x19, 0x58, \
+        0x9b, 0x67, 0x80, 0x4a, 0xac, 0x97, 0x7f, 0x28, \
+        0x18, 0x9c, 0xcd, 0xb3, 0x25, 0x74, 0xca, 0x28, \
+        0xa3, 0x6c, 0x30, 0x6a, 0x30, 0x22, 0x06, 0x09, \
+        0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0xc4, 0x0a, \
+        0x02, 0x04, 0x15, 0x31, 0x2e, 0x33, 0x2e, 0x36, \
+        0x2e, 0x31, 0x2e, 0x34, 0x2e, 0x31, 0x2e, 0x34, \
+        0x31, 0x34, 0x38, 0x32, 0x2e, 0x31, 0x2e, 0x36, \
+        0x00, 0x91, 0x00, 0x03, 0x0a, 0x30, 0x13, 0x06, \
+        0x0b, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0xe5, \
+        0x1c, 0x02, 0x01, 0x01, 0x04, 0x04, 0x03, 0x02, \
+        0x04, 0x30, 0x30, 0x21, 0x06, 0x0b, 0x2b, 0x06, \
+        0x01, 0x04, 0x01, 0x82, 0xe5, 0x1c, 0x01, 0x01, \
+        0x04, 0x04, 0x12, 0x04, 0x10, 0xf8, 0xa0, 0x11, \
+        0xf3, 0x8c, 0x0a, 0x4d, 0x15, 0x80, 0x06, 0x17, \
+        0x11, 0x1f, 0x9e, 0xdc, 0x7d, 0x30, 0x0c, 0x06, \
+        0x00, 0x91, 0x00, 0x03, 0x0b, 0x03, 0x55, 0x1d, \
+        0x13, 0x01, 0x01, 0xff, 0x04, 0x02, 0x30, 0x00, \
+        0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \
+        0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, \
+        0x82, 0x01, 0x01, 0x00, 0x32, 0xf3, 0xe4, 0xbd, \
+        0x58, 0xd7, 0x42, 0x2b, 0xaf, 0x49, 0x99, 0x86, \
+        0x08, 0x1f, 0x0d, 0xa9, 0x3b, 0xc6, 0xaa, 0x1c, \
+        0x72, 0x11, 0xf9, 0x28, 0x53, 0xeb, 0xf3, 0xeb, \
+        0x00, 0x91, 0x00, 0x03, 0x0c, 0x73, 0xda, 0x69, \
+        0x3b, 0x06, 0xde, 0x31, 0x33, 0x8e, 0x5d, 0x02, \
+        0xec, 0xf6, 0x76, 0xe9, 0x5c, 0x42, 0xbe, 0xa5, \
+        0x8f, 0x25, 0xd3, 0x37, 0x3f, 0x77, 0xbb, 0x2a, \
+        0x9d, 0x7c, 0xb2, 0x3e, 0x11, 0x8c, 0x41, 0xd4, \
+        0x9a, 0x4c, 0x9a, 0xd8, 0xf3, 0xe2, 0xa4, 0xec, \
+        0x01, 0x77, 0x7a, 0x74, 0xa8, 0xc4, 0x12, 0x43, \
+        0xc3, 0x1e, 0xce, 0x20, 0x8f, 0x2d, 0x0f, 0x6e, \
+        0x00, 0x91, 0x00, 0x03, 0x0d, 0xbc, 0x61, 0x9b, \
+        0xe1, 0x84, 0xa1, 0x72, 0xf6, 0xa9, 0xac, 0xcb, \
+        0xf8, 0x73, 0x6d, 0x5b, 0xe2, 0x98, 0xb3, 0x6b, \
+        0xec, 0xe7, 0x1e, 0x77, 0x8d, 0x0a, 0x69, 0xaa, \
+        0xf9, 0x94, 0xb8, 0x63, 0x6d, 0xe8, 0xfa, 0xf6, \
+        0x2f, 0xd3, 0xce, 0x7f, 0x04, 0x4c, 0x32, 0x2c, \
+        0xf7, 0x26, 0x3e, 0x34, 0x99, 0xe6, 0xa5, 0xb2, \
+        0xb0, 0x2a, 0xbb, 0xad, 0x5b, 0xd9, 0xec, 0xe5, \
+        0x00, 0x91, 0x00, 0x03, 0x0e, 0xb0, 0x71, 0x4d, \
+        0x73, 0xbb, 0x94, 0x61, 0x49, 0x9c, 0x94, 0x2a, \
+        0x5f, 0x1d, 0xcc, 0xaf, 0x65, 0x03, 0x3b, 0x39, \
+        0x39, 0xd4, 0x47, 0xd9, 0xfc, 0xc4, 0x7b, 0x0b, \
+        0x16, 0xd8, 0xe9, 0x01, 0xfc, 0xec, 0x3f, 0x8c, \
+        0x1b, 0xc0, 0xc6, 0xac, 0x0b, 0x5d, 0x74, 0xc7, \
+        0xbb, 0x03, 0x05, 0x69, 0x17, 0xe9, 0x98, 0x1a, \
+        0x19, 0xb9, 0x09, 0x5c, 0xa1, 0xf4, 0xab, 0x9f, \
+        0x00, 0x91, 0x00, 0x03, 0x0f, 0x02, 0x7c, 0x28, \
+        0x0f, 0x8a, 0xf9, 0xed, 0x1d, 0x29, 0x3c, 0xf6, \
+        0xcc, 0x2f, 0x04, 0x6d, 0x9a, 0xd6, 0x62, 0xb4, \
+        0xa9, 0x6e, 0xb1, 0xca, 0xca, 0xac, 0x5e, 0x05, \
+        0x3e, 0x83, 0x91, 0x47, 0x7c, 0x1f, 0x8b, 0x60, \
+        0x01, 0xde, 0x65, 0x3a, 0xbf, 0xf2, 0xaa, 0xbb, \
+        0x55, 0x98, 0x86, 0x91, 0x7e, 0xad, 0x3b, 0x36, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+
+#define WIREDATA_CTAP_CBOR_CREDMAN_META                 \
+        0x00, 0x12, 0x00, 0x04, 0x90, 0x00, 0x07, 0x00, \
+        0xa2, 0x01, 0x00, 0x02, 0x18, 0x19, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+
+#define WIREDATA_CTAP_CBOR_CREDMAN_RPLIST               \
+        0x00, 0x15, 0x00, 0x02, 0x90, 0x00, 0x37, 0x00, \
+        0xa3, 0x03, 0xa1, 0x62, 0x69, 0x64, 0x6a, 0x79, \
+        0x75, 0x62, 0x69, 0x63, 0x6f, 0x2e, 0x63, 0x6f, \
+        0x6d, 0x04, 0x58, 0x20, 0x37, 0x82, 0x09, 0xb7, \
+        0x2d, 0xef, 0xcb, 0xa9, 0x1d, 0xcb, 0xf8, 0x54, \
+        0xed, 0xb4, 0xda, 0xa6, 0x48, 0x82, 0x8a, 0x2c, \
+        0xbd, 0x18, 0x0a, 0xfc, 0x77, 0xa7, 0x44, 0x34, \
+        0x65, 0x5a, 0x1c, 0x7d, 0x05, 0x03, 0x00, 0x00, \
+        0x00, 0x15, 0x00, 0x02, 0x90, 0x00, 0x36, 0x00, \
+        0xa2, 0x03, 0xa1, 0x62, 0x69, 0x64, 0x6b, 0x79, \
+        0x75, 0x62, 0x69, 0x6b, 0x65, 0x79, 0x2e, 0x6f, \
+        0x72, 0x67, 0x04, 0x58, 0x20, 0x12, 0x6b, 0xba, \
+        0x6a, 0x2d, 0x7a, 0x81, 0x84, 0x25, 0x7b, 0x74, \
+        0xdd, 0x1d, 0xdd, 0x46, 0xb6, 0x2a, 0x8c, 0xa2, \
+        0xa7, 0x83, 0xfe, 0xdb, 0x5b, 0x19, 0x48, 0x73, \
+        0x55, 0xb7, 0xe3, 0x46, 0x09, 0x00, 0x00, 0x00, \
+        0x00, 0x15, 0x00, 0x02, 0x90, 0x00, 0x37, 0x00, \
+        0xa2, 0x03, 0xa1, 0x62, 0x69, 0x64, 0x6c, 0x77, \
+        0x65, 0x62, 0x61, 0x75, 0x74, 0x68, 0x6e, 0x2e, \
+        0x64, 0x65, 0x76, 0x04, 0x58, 0x20, 0xd6, 0x32, \
+        0x7d, 0x8c, 0x6a, 0x5d, 0xe6, 0xae, 0x0e, 0x33, \
+        0xd0, 0xa3, 0x31, 0xfb, 0x67, 0x77, 0xb9, 0x4e, \
+        0xf4, 0x73, 0x19, 0xfe, 0x7e, 0xfd, 0xfa, 0x82, \
+        0x70, 0x8e, 0x1f, 0xbb, 0xa2, 0x55, 0x00, 0x00
+
+#define WIREDATA_CTAP_CBOR_CREDMAN_RKLIST               \
+        0x00, 0x15, 0x00, 0x04, 0x90, 0x00, 0xc5, 0x00, \
+        0xa5, 0x06, 0xa3, 0x62, 0x69, 0x64, 0x58, 0x20, \
+        0xe4, 0xe1, 0x06, 0x31, 0xde, 0x00, 0x0f, 0x4f, \
+        0x12, 0x6e, 0xc9, 0x68, 0x2d, 0x43, 0x3f, 0xf1, \
+        0x02, 0x2c, 0x6e, 0xe6, 0x96, 0x10, 0xbf, 0x73, \
+        0x35, 0xc9, 0x20, 0x27, 0x06, 0xba, 0x39, 0x09, \
+        0x64, 0x6e, 0x61, 0x6d, 0x65, 0x6a, 0x62, 0x6f, \
+        0x62, 0x20, 0x62, 0x61, 0x6e, 0x61, 0x6e, 0x61, \
+        0x00, 0x15, 0x00, 0x04, 0x00, 0x6b, 0x64, 0x69, \
+        0x73, 0x70, 0x6c, 0x61, 0x79, 0x4e, 0x61, 0x6d, \
+        0x65, 0x67, 0x62, 0x62, 0x61, 0x6e, 0x61, 0x6e, \
+        0x61, 0x07, 0xa2, 0x62, 0x69, 0x64, 0x50, 0x19, \
+        0xf7, 0x78, 0x0c, 0xa0, 0xbc, 0xb9, 0xa6, 0xd5, \
+        0x1e, 0xd7, 0x87, 0xfb, 0x6c, 0x80, 0x03, 0x64, \
+        0x74, 0x79, 0x70, 0x65, 0x6a, 0x70, 0x75, 0x62, \
+        0x6c, 0x69, 0x63, 0x2d, 0x6b, 0x65, 0x79, 0x08, \
+        0x00, 0x15, 0x00, 0x04, 0x01, 0xa5, 0x01, 0x02, \
+        0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0x81, \
+        0x6c, 0xdd, 0x8c, 0x8f, 0x8c, 0xc8, 0x43, 0xa7, \
+        0xbb, 0x79, 0x51, 0x09, 0xb1, 0xdf, 0xbe, 0xc4, \
+        0xa5, 0x54, 0x16, 0x9e, 0x58, 0x56, 0xb3, 0x0b, \
+        0x34, 0x4f, 0xa5, 0x6c, 0x05, 0xa2, 0x21, 0x22, \
+        0x58, 0x20, 0xcd, 0xc2, 0x0c, 0x99, 0x83, 0x5a, \
+        0x61, 0x73, 0xd8, 0xe0, 0x74, 0x23, 0x46, 0x64, \
+        0x00, 0x15, 0x00, 0x04, 0x02, 0x39, 0x4c, 0xb0, \
+        0xf4, 0x6c, 0x0a, 0x37, 0x72, 0xaa, 0xa8, 0xea, \
+        0x58, 0xd3, 0xd4, 0xe0, 0x51, 0xb2, 0x28, 0x09, \
+        0x05, 0x0a, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x15, 0x00, 0x04, 0x90, 0x00, 0xa0, 0x00, \
+        0xa4, 0x06, 0xa3, 0x62, 0x69, 0x64, 0x58, 0x20, \
+        0x56, 0xa1, 0x3c, 0x06, 0x2b, 0xad, 0xa2, 0x21, \
+        0x7d, 0xcd, 0x91, 0x08, 0x47, 0xa8, 0x8a, 0x06, \
+        0x06, 0xf6, 0x66, 0x91, 0xf6, 0xeb, 0x89, 0xe4, \
+        0xdf, 0x26, 0xbc, 0x46, 0x59, 0xc3, 0x7d, 0xc0, \
+        0x64, 0x6e, 0x61, 0x6d, 0x65, 0x6a, 0x62, 0x6f, \
+        0x62, 0x20, 0x62, 0x61, 0x6e, 0x61, 0x6e, 0x61, \
+        0x00, 0x15, 0x00, 0x04, 0x00, 0x6b, 0x64, 0x69, \
+        0x73, 0x70, 0x6c, 0x61, 0x79, 0x4e, 0x61, 0x6d, \
+        0x65, 0x67, 0x62, 0x62, 0x61, 0x6e, 0x61, 0x6e, \
+        0x61, 0x07, 0xa2, 0x62, 0x69, 0x64, 0x50, 0xd8, \
+        0x27, 0x4b, 0x25, 0xed, 0x19, 0xef, 0x11, 0xaf, \
+        0xa6, 0x89, 0x7b, 0x84, 0x50, 0xe7, 0x62, 0x64, \
+        0x74, 0x79, 0x70, 0x65, 0x6a, 0x70, 0x75, 0x62, \
+        0x6c, 0x69, 0x63, 0x2d, 0x6b, 0x65, 0x79, 0x08, \
+        0x00, 0x15, 0x00, 0x04, 0x01, 0xa4, 0x01, 0x01, \
+        0x03, 0x27, 0x20, 0x06, 0x21, 0x58, 0x20, 0x8d, \
+        0xfe, 0x45, 0xd5, 0x7d, 0xb6, 0x17, 0xab, 0x86, \
+        0x2d, 0x32, 0xf6, 0x85, 0xf0, 0x92, 0x76, 0xb7, \
+        0xce, 0x73, 0xca, 0x4e, 0x0e, 0xfd, 0xd5, 0xdb, \
+        0x2a, 0x1d, 0x55, 0x90, 0x96, 0x52, 0xc2, 0x0a, \
+        0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x15, 0x00, 0x04, 0x90, 0x00, 0xa0, 0x00, \
+        0xa4, 0x06, 0xa3, 0x62, 0x69, 0x64, 0x58, 0x20, \
+        0x04, 0x0e, 0x0f, 0xa0, 0xcd, 0x60, 0x35, 0x9a, \
+        0xba, 0x47, 0x0c, 0x10, 0xb6, 0x82, 0x6e, 0x2f, \
+        0x66, 0xb9, 0xa7, 0xcf, 0xd8, 0x47, 0xb4, 0x3d, \
+        0xfd, 0x77, 0x1a, 0x38, 0x22, 0xa1, 0xda, 0xa5, \
+        0x64, 0x6e, 0x61, 0x6d, 0x65, 0x6a, 0x62, 0x6f, \
+        0x62, 0x20, 0x62, 0x61, 0x6e, 0x61, 0x6e, 0x61, \
+        0x00, 0x15, 0x00, 0x04, 0x00, 0x6b, 0x64, 0x69, \
+        0x73, 0x70, 0x6c, 0x61, 0x79, 0x4e, 0x61, 0x6d, \
+        0x65, 0x67, 0x62, 0x62, 0x61, 0x6e, 0x61, 0x6e, \
+        0x61, 0x07, 0xa2, 0x62, 0x69, 0x64, 0x50, 0x00, \
+        0x5d, 0xdf, 0xef, 0xe2, 0xf3, 0x06, 0xb2, 0xa5, \
+        0x46, 0x4d, 0x98, 0xbc, 0x14, 0x65, 0xc1, 0x64, \
+        0x74, 0x79, 0x70, 0x65, 0x6a, 0x70, 0x75, 0x62, \
+        0x6c, 0x69, 0x63, 0x2d, 0x6b, 0x65, 0x79, 0x08, \
+        0x00, 0x15, 0x00, 0x04, 0x01, 0xa4, 0x01, 0x01, \
+        0x03, 0x27, 0x20, 0x06, 0x21, 0x58, 0x20, 0x72, \
+        0x79, 0x14, 0x69, 0xdf, 0xcb, 0x64, 0x75, 0xee, \
+        0xd4, 0x45, 0x94, 0xbc, 0x48, 0x4d, 0x2a, 0x9f, \
+        0xc9, 0xf4, 0xb5, 0x1b, 0x05, 0xa6, 0x5b, 0x54, \
+        0x9a, 0xac, 0x6c, 0x2e, 0xc6, 0x90, 0x62, 0x0a, \
+        0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x15, 0x00, 0x04, 0x90, 0x00, 0xc3, 0x00, \
+        0xa4, 0x06, 0xa3, 0x62, 0x69, 0x64, 0x58, 0x20, \
+        0xce, 0x32, 0xd8, 0x79, 0xdd, 0x86, 0xa2, 0x42, \
+        0x7c, 0xc3, 0xe1, 0x95, 0x12, 0x93, 0x1a, 0x03, \
+        0xe6, 0x70, 0xb8, 0xff, 0xcd, 0xa5, 0xdf, 0x15, \
+        0xfc, 0x88, 0x2a, 0xf5, 0x44, 0xf1, 0x33, 0x9c, \
+        0x64, 0x6e, 0x61, 0x6d, 0x65, 0x6a, 0x62, 0x6f, \
+        0x62, 0x20, 0x62, 0x61, 0x6e, 0x61, 0x6e, 0x61, \
+        0x00, 0x15, 0x00, 0x04, 0x00, 0x6b, 0x64, 0x69, \
+        0x73, 0x70, 0x6c, 0x61, 0x79, 0x4e, 0x61, 0x6d, \
+        0x65, 0x67, 0x62, 0x62, 0x61, 0x6e, 0x61, 0x6e, \
+        0x61, 0x07, 0xa2, 0x62, 0x69, 0x64, 0x50, 0x0a, \
+        0x26, 0x5b, 0x7e, 0x1a, 0x2a, 0xba, 0x70, 0x5f, \
+        0x18, 0x26, 0x14, 0xb2, 0x71, 0xca, 0x98, 0x64, \
+        0x74, 0x79, 0x70, 0x65, 0x6a, 0x70, 0x75, 0x62, \
+        0x6c, 0x69, 0x63, 0x2d, 0x6b, 0x65, 0x79, 0x08, \
+        0x00, 0x15, 0x00, 0x04, 0x01, 0xa5, 0x01, 0x02, \
+        0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0x8b, \
+        0x48, 0xf0, 0x69, 0xfb, 0x22, 0xfb, 0xf3, 0x86, \
+        0x57, 0x7c, 0xdd, 0x82, 0x2c, 0x1c, 0x0c, 0xdc, \
+        0x27, 0xe2, 0x6a, 0x4c, 0x1a, 0x10, 0x04, 0x27, \
+        0x51, 0x3e, 0x2a, 0x9d, 0x3a, 0xb6, 0xb5, 0x22, \
+        0x58, 0x20, 0x70, 0xfe, 0x91, 0x67, 0x64, 0x53, \
+        0x63, 0x83, 0x72, 0x31, 0xe9, 0xe5, 0x20, 0xb7, \
+        0x00, 0x15, 0x00, 0x04, 0x02, 0xee, 0xc9, 0xfb, \
+        0x63, 0xd7, 0xe4, 0x76, 0x39, 0x80, 0x82, 0x74, \
+        0xb8, 0xfa, 0x67, 0xf5, 0x1b, 0x8f, 0xe0, 0x0a, \
+        0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x15, 0x00, 0x04, 0x90, 0x00, 0xc3, 0x00, \
+        0xa4, 0x06, 0xa3, 0x62, 0x69, 0x64, 0x58, 0x20, \
+        0xf9, 0xa3, 0x67, 0xbf, 0x5e, 0x80, 0x95, 0xdb, \
+        0x4c, 0xc5, 0x8f, 0x65, 0x36, 0xc5, 0xaf, 0xdd, \
+        0x90, 0x2e, 0x62, 0x68, 0x67, 0x9c, 0xa2, 0x26, \
+        0x2f, 0x2a, 0xf9, 0x3a, 0xda, 0x15, 0xf2, 0x27, \
+        0x64, 0x6e, 0x61, 0x6d, 0x65, 0x6a, 0x62, 0x6f, \
+        0x62, 0x20, 0x62, 0x61, 0x6e, 0x61, 0x6e, 0x61, \
+        0x00, 0x15, 0x00, 0x04, 0x00, 0x6b, 0x64, 0x69, \
+        0x73, 0x70, 0x6c, 0x61, 0x79, 0x4e, 0x61, 0x6d, \
+        0x65, 0x67, 0x62, 0x62, 0x61, 0x6e, 0x61, 0x6e, \
+        0x61, 0x07, 0xa2, 0x62, 0x69, 0x64, 0x50, 0xfb, \
+        0xa6, 0xbe, 0xc1, 0x01, 0xf6, 0x7a, 0x81, 0xf9, \
+        0xcd, 0x6d, 0x20, 0x41, 0x7a, 0x1c, 0x40, 0x64, \
+        0x74, 0x79, 0x70, 0x65, 0x6a, 0x70, 0x75, 0x62, \
+        0x6c, 0x69, 0x63, 0x2d, 0x6b, 0x65, 0x79, 0x08, \
+        0x00, 0x15, 0x00, 0x04, 0x01, 0xa5, 0x01, 0x02, \
+        0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0xda, \
+        0x2b, 0x53, 0xc3, 0xbe, 0x48, 0xf8, 0xab, 0xbd, \
+        0x06, 0x28, 0x46, 0xfa, 0x35, 0xab, 0xf9, 0xc5, \
+        0x2e, 0xfd, 0x3c, 0x38, 0x88, 0xb3, 0xe1, 0xa7, \
+        0xc5, 0xc6, 0xed, 0x72, 0x54, 0x37, 0x93, 0x22, \
+        0x58, 0x20, 0x12, 0x82, 0x32, 0x2d, 0xab, 0xbc, \
+        0x64, 0xb3, 0xed, 0xcc, 0xd5, 0x22, 0xec, 0x79, \
+        0x00, 0x15, 0x00, 0x04, 0x02, 0x4b, 0xe2, 0x4d, \
+        0x0c, 0x4b, 0x8d, 0x31, 0x4c, 0xb4, 0x0f, 0xd4, \
+        0xa9, 0xbe, 0x0c, 0xab, 0x9e, 0x0a, 0xc9, 0x0a, \
+        0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+
+#define WIREDATA_CTAP_CBOR_BIO_INFO                     \
+        0x00, 0x10, 0x00, 0x04, 0x90, 0x00, 0x06, 0x00, \
+        0xa2, 0x02, 0x01, 0x03, 0x04, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+
+#define WIREDATA_CTAP_CBOR_BIO_ENROLL                   \
+        0x00, 0x0a, 0x00, 0x05, 0xbb, 0x00, 0x01, 0x02, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x0a, 0x00, 0x05, 0xbb, 0x00, 0x01, 0x02, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x0a, 0x00, 0x05, 0xbb, 0x00, 0x01, 0x02, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x0a, 0x00, 0x05, 0x90, 0x00, 0x0a, 0x00, \
+        0xa3, 0x04, 0x42, 0x68, 0x96, 0x05, 0x00, 0x06, \
+        0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x0a, 0x00, 0x05, 0xbb, 0x00, 0x01, 0x02, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x0a, 0x00, 0x05, 0xbb, 0x00, 0x01, 0x02, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x0a, 0x00, 0x05, 0x90, 0x00, 0x06, 0x00, \
+        0xa2, 0x05, 0x00, 0x06, 0x01, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x0a, 0x00, 0x05, 0xbb, 0x00, 0x01, 0x02, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x0a, 0x00, 0x05, 0x90, 0x00, 0x06, 0x00, \
+        0xa2, 0x05, 0x00, 0x06, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+
+#define WIREDATA_CTAP_CBOR_BIO_ENUM                     \
+        0x00, 0x10, 0x00, 0x0f, 0x90, 0x00, 0x2e, 0x00, \
+        0xa1, 0x07, 0x83, 0xa2, 0x01, 0x42, 0xce, 0xa3, \
+        0x02, 0x67, 0x66, 0x69, 0x6e, 0x67, 0x65, 0x72, \
+        0x31, 0xa2, 0x01, 0x42, 0xbf, 0x5e, 0x02, 0x67, \
+        0x66, 0x69, 0x6e, 0x67, 0x65, 0x72, 0x32, 0xa2, \
+        0x01, 0x42, 0x5e, 0xd2, 0x02, 0x67, 0x66, 0x69, \
+        0x6e, 0x67, 0x65, 0x72, 0x33, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+
+#endif /* _WIREDATA_FIDO2_H */
diff --git a/fuzz/wiredata_u2f.h b/fuzz/wiredata_u2f.h
new file mode 100644
index 0000000..afe418f
--- /dev/null
+++ b/fuzz/wiredata_u2f.h
@@ -0,0 +1,152 @@
+/*
+ * Copyright (c) 2020 Yubico AB. All rights reserved.
+ * Use of this source code is governed by a BSD-style
+ * license that can be found in the LICENSE file.
+ */
+
+#ifndef _WIREDATA_U2F_H
+#define _WIREDATA_U2F_H
+
+#define WIREDATA_CTAP_U2F_6985                          \
+        0x00, 0x00, 0x99, 0x01, 0x83, 0x00, 0x02, 0x69, \
+        0x85, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+
+#define WIREDATA_CTAP_U2F_AUTH                          \
+        0x00, 0x00, 0x99, 0x01, 0x83, 0x00, 0x4e, 0x01, \
+        0x00, 0x00, 0x00, 0x2c, 0x30, 0x45, 0x02, 0x20, \
+        0x1c, 0xf5, 0x7c, 0xf6, 0xde, 0xbe, 0xe9, 0x86, \
+        0xee, 0x97, 0xb7, 0x64, 0xa3, 0x4e, 0x7a, 0x70, \
+        0x85, 0xd0, 0x66, 0xf9, 0xf0, 0xcd, 0x04, 0x5d, \
+        0x97, 0xf2, 0x3c, 0x22, 0xe3, 0x0e, 0x61, 0xc8, \
+        0x02, 0x21, 0x00, 0x97, 0xef, 0xae, 0x36, 0xe6, \
+        0x17, 0x9f, 0x5e, 0x2d, 0xd7, 0x8c, 0x34, 0xa7, \
+        0x00, 0x00, 0x99, 0x01, 0x00, 0xa1, 0xe9, 0xfb, \
+        0x8f, 0x86, 0x8c, 0xe3, 0x1e, 0xde, 0x3f, 0x4e, \
+        0x1b, 0xe1, 0x2f, 0x8f, 0x2f, 0xca, 0x42, 0x26, \
+        0x90, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+
+#define WIREDATA_CTAP_U2F_REGISTER                      \
+        0x00, 0x00, 0x99, 0x01, 0x83, 0x03, 0x1e, 0x05, \
+        0x04, 0x9f, 0xa0, 0xf9, 0x0d, 0x4c, 0xf4, 0xae, \
+        0x96, 0x3c, 0xb7, 0x46, 0xb7, 0x5c, 0x9d, 0x8b, \
+        0x48, 0x19, 0xdf, 0xc4, 0xad, 0xea, 0xb2, 0x70, \
+        0x58, 0x72, 0xd9, 0xce, 0x75, 0xf5, 0xe6, 0x8e, \
+        0x0f, 0x9c, 0x0e, 0x2e, 0x62, 0x3e, 0x91, 0xd3, \
+        0x7b, 0x97, 0x46, 0x60, 0xb9, 0x57, 0x13, 0x97, \
+        0x26, 0xae, 0x0f, 0xb3, 0x8f, 0x2e, 0x9b, 0x3f, \
+        0x00, 0x00, 0x99, 0x01, 0x00, 0xa5, 0x55, 0xec, \
+        0x8c, 0x25, 0x7c, 0x65, 0xb7, 0x09, 0x40, 0x48, \
+        0xae, 0xa8, 0xcb, 0xa1, 0x91, 0xac, 0x40, 0x24, \
+        0xf2, 0x34, 0x6e, 0x3a, 0x8f, 0xa5, 0xb7, 0x48, \
+        0x54, 0x6e, 0xfb, 0xf4, 0x37, 0x88, 0x69, 0x79, \
+        0x6f, 0x12, 0xc1, 0x32, 0xdf, 0x15, 0x5d, 0x6e, \
+        0x82, 0x54, 0xc0, 0x6e, 0x56, 0x4f, 0x3a, 0x9c, \
+        0xc3, 0x96, 0x7a, 0xde, 0xa5, 0xfe, 0xec, 0xd1, \
+        0x00, 0x00, 0x99, 0x01, 0x01, 0x5a, 0x21, 0x85, \
+        0x0e, 0x25, 0x7b, 0x8d, 0x6e, 0x1d, 0x32, 0x29, \
+        0xdb, 0x21, 0xb0, 0xa3, 0x30, 0x82, 0x02, 0x4f, \
+        0x30, 0x82, 0x01, 0x37, 0xa0, 0x03, 0x02, 0x01, \
+        0x02, 0x02, 0x04, 0x2a, 0xd9, 0x6a, 0xf3, 0x30, \
+        0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, \
+        0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x2e, \
+        0x31, 0x2c, 0x30, 0x2a, 0x06, 0x03, 0x55, 0x04, \
+        0x00, 0x00, 0x99, 0x01, 0x02, 0x03, 0x13, 0x23, \
+        0x59, 0x75, 0x62, 0x69, 0x63, 0x6f, 0x20, 0x55, \
+        0x32, 0x46, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, \
+        0x43, 0x41, 0x20, 0x53, 0x65, 0x72, 0x69, 0x61, \
+        0x6c, 0x20, 0x34, 0x35, 0x37, 0x32, 0x30, 0x30, \
+        0x36, 0x33, 0x31, 0x30, 0x20, 0x17, 0x0d, 0x31, \
+        0x34, 0x30, 0x38, 0x30, 0x31, 0x30, 0x30, 0x30, \
+        0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x32, 0x30, \
+        0x00, 0x00, 0x99, 0x01, 0x03, 0x35, 0x30, 0x30, \
+        0x39, 0x30, 0x34, 0x30, 0x30, 0x30, 0x30, 0x30, \
+        0x30, 0x5a, 0x30, 0x31, 0x31, 0x2f, 0x30, 0x2d, \
+        0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x26, 0x59, \
+        0x75, 0x62, 0x69, 0x63, 0x6f, 0x20, 0x55, 0x32, \
+        0x46, 0x20, 0x45, 0x45, 0x20, 0x53, 0x65, 0x72, \
+        0x69, 0x61, 0x6c, 0x20, 0x32, 0x33, 0x39, 0x32, \
+        0x35, 0x37, 0x33, 0x34, 0x35, 0x31, 0x36, 0x35, \
+        0x00, 0x00, 0x99, 0x01, 0x04, 0x35, 0x30, 0x33, \
+        0x38, 0x37, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, \
+        0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, \
+        0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, \
+        0x07, 0x03, 0x42, 0x00, 0x04, 0x2f, 0xe1, 0xa2, \
+        0x3e, 0xbf, 0xa5, 0x5b, 0x3e, 0x46, 0x1d, 0x59, \
+        0xa4, 0x35, 0x22, 0xd7, 0x97, 0x48, 0x98, 0x1c, \
+        0xba, 0x6d, 0x28, 0x9a, 0x98, 0xf1, 0xbd, 0x7d, \
+        0x00, 0x00, 0x99, 0x01, 0x05, 0xff, 0x65, 0x66, \
+        0x80, 0xdb, 0xbb, 0xed, 0xbc, 0x2b, 0xae, 0x60, \
+        0x7e, 0x6e, 0xf7, 0x72, 0xf5, 0x76, 0xb0, 0x4d, \
+        0x54, 0xc4, 0xe5, 0xf3, 0x2f, 0x59, 0x6f, 0x26, \
+        0xe6, 0x11, 0x15, 0xc7, 0x27, 0x2c, 0xf6, 0xca, \
+        0x75, 0x94, 0xa3, 0x3b, 0x30, 0x39, 0x30, 0x22, \
+        0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, \
+        0xc4, 0x0a, 0x02, 0x04, 0x15, 0x31, 0x2e, 0x33, \
+        0x00, 0x00, 0x99, 0x01, 0x06, 0x2e, 0x36, 0x2e, \
+        0x31, 0x2e, 0x34, 0x2e, 0x31, 0x2e, 0x34, 0x31, \
+        0x34, 0x38, 0x32, 0x2e, 0x31, 0x2e, 0x32, 0x30, \
+        0x13, 0x06, 0x0b, 0x2b, 0x06, 0x01, 0x04, 0x01, \
+        0x82, 0xe5, 0x1c, 0x02, 0x01, 0x01, 0x04, 0x04, \
+        0x03, 0x02, 0x04, 0x30, 0x30, 0x0d, 0x06, 0x09, \
+        0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, \
+        0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, \
+        0x00, 0x00, 0x99, 0x01, 0x07, 0x85, 0x6a, 0xfa, \
+        0x8b, 0xcf, 0x4f, 0x3f, 0x62, 0x5f, 0x29, 0x1b, \
+        0xc1, 0x15, 0x8e, 0x3c, 0x7e, 0xbd, 0x25, 0x52, \
+        0xbc, 0xf7, 0x57, 0x07, 0x53, 0xf5, 0x12, 0x1d, \
+        0xa6, 0xa5, 0x4d, 0x24, 0xcc, 0xcf, 0xae, 0x27, \
+        0xce, 0xd6, 0xab, 0x31, 0x12, 0x8c, 0x29, 0x7e, \
+        0x5b, 0x5b, 0x89, 0x05, 0xdd, 0xa0, 0x20, 0x17, \
+        0x93, 0x1f, 0x1f, 0x5f, 0x59, 0x25, 0x93, 0x59, \
+        0x00, 0x00, 0x99, 0x01, 0x08, 0x51, 0xfc, 0x00, \
+        0x4b, 0xcb, 0xe2, 0x0a, 0xdd, 0x7d, 0x8d, 0x05, \
+        0x2f, 0x95, 0x43, 0xb3, 0x49, 0x6c, 0x15, 0xb8, \
+        0x31, 0x0e, 0x10, 0xcb, 0xd9, 0xbb, 0x05, 0x38, \
+        0x27, 0x4f, 0x58, 0x3e, 0xad, 0x1f, 0x45, 0x12, \
+        0x88, 0xc3, 0xea, 0x76, 0xd0, 0x70, 0xad, 0x44, \
+        0xe5, 0x3a, 0xfe, 0xa8, 0xf2, 0x2d, 0x1f, 0x73, \
+        0x62, 0x5f, 0xf2, 0xd5, 0x89, 0xfe, 0x30, 0xdf, \
+        0x00, 0x00, 0x99, 0x01, 0x09, 0x26, 0x62, 0xcb, \
+        0x7c, 0xbb, 0x7c, 0x99, 0x61, 0x80, 0xad, 0xcf, \
+        0xa9, 0x8a, 0x4d, 0x01, 0x2c, 0xf3, 0x13, 0x46, \
+        0xcd, 0x11, 0x74, 0x6a, 0x58, 0x48, 0xe8, 0xbe, \
+        0xed, 0xf3, 0xe3, 0x0c, 0xcb, 0xd9, 0xc1, 0xdd, \
+        0x22, 0x16, 0x71, 0xb2, 0x83, 0x88, 0x61, 0xf6, \
+        0x5a, 0x45, 0x36, 0x23, 0xb5, 0x18, 0xd5, 0x56, \
+        0x7f, 0xa8, 0xf0, 0xa3, 0xce, 0x10, 0x5d, 0xf4, \
+        0x00, 0x00, 0x99, 0x01, 0x0a, 0xf1, 0x39, 0x53, \
+        0xe1, 0x14, 0xea, 0x59, 0xe0, 0xa7, 0xf2, 0xfe, \
+        0x66, 0x88, 0x67, 0x43, 0x2e, 0x52, 0xfd, 0x6a, \
+        0x2f, 0x64, 0xf7, 0x3c, 0x48, 0xcd, 0x9b, 0x38, \
+        0xf2, 0xdf, 0xba, 0x2c, 0x7a, 0x4b, 0x3b, 0x11, \
+        0x28, 0xdf, 0x26, 0xd6, 0x6a, 0x24, 0xf8, 0x95, \
+        0xdd, 0xa0, 0xb6, 0x11, 0x80, 0xf4, 0x14, 0x4f, \
+        0x6b, 0x70, 0x75, 0xc3, 0x18, 0xa4, 0x9a, 0xe0, \
+        0x00, 0x00, 0x99, 0x01, 0x0b, 0x8b, 0x58, 0xd3, \
+        0x6a, 0xdb, 0x1e, 0x30, 0x53, 0x67, 0x2b, 0x17, \
+        0xc5, 0xa1, 0x9f, 0x7f, 0x0a, 0x22, 0xf1, 0x0e, \
+        0x94, 0x30, 0x44, 0x02, 0x20, 0x07, 0x5c, 0x4f, \
+        0xd2, 0x83, 0xb6, 0x9f, 0x0a, 0x4a, 0x4d, 0x4b, \
+        0x08, 0x35, 0xeb, 0xc0, 0x7e, 0x4a, 0x14, 0x2e, \
+        0xc7, 0x8c, 0xd6, 0x64, 0x2f, 0xd3, 0x1e, 0xcc, \
+        0xb5, 0xe8, 0x42, 0xea, 0xf6, 0x02, 0x20, 0x6b, \
+        0x00, 0x00, 0x99, 0x01, 0x0c, 0x5a, 0xba, 0x4a, \
+        0xc8, 0xd7, 0x89, 0xcc, 0x77, 0xe6, 0xb9, 0xa3, \
+        0x34, 0xea, 0x06, 0x85, 0x72, 0xc6, 0x28, 0xa8, \
+        0x7a, 0xaa, 0x19, 0x88, 0x34, 0xbb, 0xdc, 0x64, \
+        0x90, 0x0a, 0xdb, 0x39, 0x90, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+
+#endif /* !_WIREDATA_U2F_H */
diff --git a/fuzz/wrap.c b/fuzz/wrap.c
index 8ff7ee7..c030231 100644
--- a/fuzz/wrap.c
+++ b/fuzz/wrap.c
@@ -18,6 +18,8 @@
 
 #include "mutator_aux.h"
 
+extern int prng_up;
+
 /*
  * Build wrappers around functions of interest, and have them fail
  * in a pseudo-random manner.
@@ -27,7 +29,7 @@
 extern type __wrap_##name args;                         \
 extern type __real_##name args;                         \
 type __wrap_##name args {                               \
-        if (uniform_random(400) < (prob)) {             \
+        if (prng_up && uniform_random(400) < (prob)) {  \
                 return (retval);                        \
         }                                               \
                                                         \
@@ -141,6 +143,22 @@ WRAP(RSA *,
         1
 )
 
+WRAP(EC_KEY *,
+        EVP_PKEY_get0_EC_KEY,
+        (EVP_PKEY *pkey),
+        NULL,
+        (pkey),
+        1
+)
+
+WRAP(int,
+        EVP_PKEY_get_raw_public_key,
+        (const EVP_PKEY *pkey, unsigned char *pub, size_t *len),
+        0,
+        (pkey, pub, len),
+        1
+)
+
 WRAP(EVP_MD_CTX *,
         EVP_MD_CTX_new,
         (void),
@@ -166,6 +184,14 @@ WRAP(BIGNUM *,
         1
 )
 
+WRAP(int,
+        BN_bn2bin,
+        (const BIGNUM *a, unsigned char *to),
+        -1,
+        (a, to),
+        1
+)
+
 WRAP(BIGNUM *,
         BN_CTX_get,
         (BN_CTX *ctx),
@@ -214,6 +240,14 @@ WRAP(const EC_GROUP *,
         1
 )
 
+WRAP(const BIGNUM *,
+        EC_KEY_get0_private_key,
+        (const EC_KEY *key),
+        NULL,
+        (key),
+        1
+)
+
 WRAP(EC_POINT *,
         EC_POINT_new,
         (const EC_GROUP *group),
@@ -222,6 +256,14 @@ WRAP(EC_POINT *,
         1
 )
 
+WRAP(int,
+        EC_POINT_get_affine_coordinates_GFp,
+        (const EC_GROUP *group, const EC_POINT *p, BIGNUM *x, BIGNUM *y, BN_CTX *ctx),
+        0,
+        (group, p, x, y, ctx),
+        1
+)
+
 WRAP(EVP_PKEY *,
         EVP_PKEY_new,
         (void),
@@ -238,6 +280,38 @@ WRAP(int,
         1
 )
 
+WRAP(int,
+        EVP_PKEY_keygen_init,
+        (EVP_PKEY_CTX *ctx),
+        0,
+        (ctx),
+        1
+)
+
+WRAP(int,
+        EVP_PKEY_keygen,
+        (EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey),
+        0,
+        (ctx, ppkey),
+        1
+)
+
+WRAP(int,
+        EVP_PKEY_paramgen_init,
+        (EVP_PKEY_CTX *ctx),
+        0,
+        (ctx),
+        1
+)
+
+WRAP(int,
+        EVP_PKEY_paramgen,
+        (EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey),
+        0,
+        (ctx, ppkey),
+        1
+)
+
 WRAP(EVP_PKEY *,
         EVP_PKEY_new_raw_public_key,
         (int type, ENGINE *e, const unsigned char *key, size_t keylen),
@@ -254,6 +328,14 @@ WRAP(EVP_PKEY_CTX *,
         1
 )
 
+WRAP(EVP_PKEY_CTX *,
+        EVP_PKEY_CTX_new_id,
+        (int id, ENGINE *e),
+        NULL,
+        (id, e),
+        1
+)
+
 WRAP(int,
         EVP_PKEY_derive_init,
         (EVP_PKEY_CTX *ctx),
@@ -346,6 +428,30 @@ WRAP(cbor_item_t *,
 )
 
 WRAP(cbor_item_t *,
+        cbor_build_bool,
+        (bool value),
+        NULL,
+        (value),
+        1
+)
+
+WRAP(cbor_item_t *,
+        cbor_build_negint8,
+        (uint8_t value),
+        NULL,
+        (value),
+        1
+)
+
+WRAP(cbor_item_t *,
+        cbor_build_negint16,
+        (uint16_t value),
+        NULL,
+        (value),
+        1
+)
+
+WRAP(cbor_item_t *,
         cbor_load,
         (cbor_data source, size_t source_size, struct cbor_load_result *result),
         NULL,
@@ -361,6 +467,14 @@ WRAP(cbor_item_t *,
         1
 )
 
+WRAP(cbor_item_t *,
+        cbor_build_uint32,
+        (uint32_t value),
+        NULL,
+        (value),
+        1
+)
+
 WRAP(struct cbor_pair *,
         cbor_map_handle,
         (const cbor_item_t *item),
@@ -378,6 +492,14 @@ WRAP(cbor_item_t **,
 )
 
 WRAP(bool,
+        cbor_array_push,
+        (cbor_item_t *array, cbor_item_t *pushee),
+        false,
+        (array, pushee),
+        1
+)
+
+WRAP(bool,
         cbor_map_add,
         (cbor_item_t *item, struct cbor_pair pair),
         false,
@@ -393,6 +515,14 @@ WRAP(cbor_item_t *,
         1
 )
 
+WRAP(cbor_item_t *,
+        cbor_new_definite_array,
+        (size_t size),
+        NULL,
+        (size),
+        1
+)
+
 WRAP(size_t,
         cbor_serialize_alloc,
         (const cbor_item_t *item, cbor_mutable_data *buffer,
diff --git a/fuzz/wrapped.sym b/fuzz/wrapped.sym
index 3679f91..3df4f12 100644
--- a/fuzz/wrapped.sym
+++ b/fuzz/wrapped.sym
@@ -1,19 +1,28 @@
 BN_bin2bn
+BN_bn2bin
 BN_CTX_get
 BN_CTX_new
 BN_new
 calloc
 cbor_array_handle
+cbor_array_push
+cbor_build_bool
 cbor_build_bytestring
+cbor_build_negint16
+cbor_build_negint8
 cbor_build_string
+cbor_build_uint32
 cbor_build_uint8
 cbor_load
 cbor_map_add
 cbor_map_handle
+cbor_new_definite_array
 cbor_new_definite_map
 cbor_serialize_alloc
 EC_KEY_get0_group
+EC_KEY_get0_private_key
 EC_KEY_new_by_curve_name
+EC_POINT_get_affine_coordinates_GFp
 EC_POINT_new
 EVP_CIPHER_CTX_new
 EVP_CIPHER_CTX_set_padding
@@ -25,11 +34,18 @@ EVP_EncryptUpdate
 EVP_MD_CTX_new
 EVP_PKEY_assign
 EVP_PKEY_CTX_new
+EVP_PKEY_CTX_new_id
 EVP_PKEY_derive_init
 EVP_PKEY_derive_set_peer
+EVP_PKEY_get0_EC_KEY
 EVP_PKEY_get0_RSA
+EVP_PKEY_get_raw_public_key
+EVP_PKEY_keygen
+EVP_PKEY_keygen_init
 EVP_PKEY_new
 EVP_PKEY_new_raw_public_key
+EVP_PKEY_paramgen
+EVP_PKEY_paramgen_init
 EVP_sha256
 fido_tx
 HMAC
diff --git a/man/CMakeLists.txt b/man/CMakeLists.txt
index c903ab8..44e4a96 100644
--- a/man/CMakeLists.txt
+++ b/man/CMakeLists.txt
@@ -5,7 +5,7 @@
 find_program(MANDOC_PATH mandoc)
 message(STATUS "MANDOC_PATH: ${MANDOC_PATH}")
 
-if(CMAKE_SYSTEM_NAME STREQUAL "Linux")
+if(CMAKE_SYSTEM_NAME STREQUAL "FreeBSD" OR CMAKE_SYSTEM_NAME STREQUAL "Linux")
         find_program(GZIP_PATH gzip)
         message(STATUS "GZIP_PATH: ${GZIP_PATH}")
 endif()
@@ -101,6 +101,7 @@ list(APPEND MAN_ALIAS
         fido_cbor_info_new fido_cbor_info_extensions_ptr 
         fido_cbor_info_new fido_cbor_info_free 
         fido_cbor_info_new fido_cbor_info_maxmsgsiz
+        fido_cbor_info_new fido_cbor_info_fwversion
         fido_cbor_info_new fido_cbor_info_options_len 
         fido_cbor_info_new fido_cbor_info_options_name_ptr 
         fido_cbor_info_new fido_cbor_info_options_value_ptr 
@@ -117,6 +118,7 @@ list(APPEND MAN_ALIAS
         fido_cred_new fido_cred_free
         fido_cred_new fido_cred_id_len
         fido_cred_new fido_cred_id_ptr
+        fido_cred_new fido_cred_prot
         fido_cred_new fido_cred_pubkey_len
         fido_cred_new fido_cred_pubkey_ptr
         fido_cred_new fido_cred_sig_len
@@ -145,6 +147,7 @@ list(APPEND MAN_ALIAS
         fido_cred_set_authdata fido_cred_set_clientdata_hash
         fido_cred_set_authdata fido_cred_set_extensions
         fido_cred_set_authdata fido_cred_set_fmt
+        fido_cred_set_authdata fido_cred_set_prot
         fido_cred_set_authdata fido_cred_set_rk
         fido_cred_set_authdata fido_cred_set_rp
         fido_cred_set_authdata fido_cred_set_sig
@@ -261,17 +264,17 @@ if(MANDOC_PATH)
         add_dependencies(man man_symlink_html)
         add_dependencies(man_gzip man_lint)
         install(FILES ${CMAKE_SOURCE_DIR}/man/style.css
-                DESTINATION ${CMAKE_INSTALL_PREFIX}/share/doc/libfido2)
+                DESTINATION "${CMAKE_INSTALL_DOCDIR}/html")
         foreach(f ${MAN_SOURCES})
                 string(REGEX REPLACE ".[13]" "" f ${f})
                 install(FILES ${CMAKE_BINARY_DIR}/man/${f}.html
-                        DESTINATION ${CMAKE_INSTALL_PREFIX}/share/doc/libfido2)
+                        DESTINATION "${CMAKE_INSTALL_DOCDIR}/html")
         endforeach()
         foreach(i RANGE 0 ${MAN_ALIAS_MAX} 2)
                 math(EXPR j "${i} + 1")
                 list(GET MAN_ALIAS ${j} DST)
                 install(FILES ${CMAKE_BINARY_DIR}/man/${DST}.html
-                        DESTINATION ${CMAKE_INSTALL_PREFIX}/share/doc/libfido2)
+                        DESTINATION "${CMAKE_INSTALL_DOCDIR}/html")
         endforeach()
 endif()
 
@@ -282,33 +285,33 @@ if(GZIP_PATH)
         foreach(f ${MAN_SOURCES})
                 if (${f} MATCHES ".1$")
                         install(FILES ${CMAKE_BINARY_DIR}/man/${f}.gz
-                                DESTINATION "${CMAKE_INSTALL_PREFIX}/share/man/man1")
+                                DESTINATION "${CMAKE_INSTALL_MANDIR}/man1")
                 elseif(${f} MATCHES ".3$")
                         install(FILES ${CMAKE_BINARY_DIR}/man/${f}.gz
-                                DESTINATION "${CMAKE_INSTALL_PREFIX}/share/man/man3")
+                                DESTINATION "${CMAKE_INSTALL_MANDIR}/man3")
                 endif()
         endforeach()
         foreach(i RANGE 0 ${MAN_ALIAS_MAX} 2)
                 math(EXPR j "${i} + 1")
                 list(GET MAN_ALIAS ${j} DST)
                 install(FILES ${CMAKE_BINARY_DIR}/man/${DST}.3.gz
-                        DESTINATION ${CMAKE_INSTALL_PREFIX}/share/man/man3)
+                        DESTINATION "${CMAKE_INSTALL_MANDIR}/man3")
         endforeach()
 elseif(NOT MSVC)
         add_dependencies(man man_symlink)
         foreach(f ${MAN_SOURCES})
                 if (${f} MATCHES ".1$")
                         install(FILES ${CMAKE_BINARY_DIR}/man/${f}
-                                DESTINATION "${CMAKE_INSTALL_PREFIX}/man/man1")
+                                DESTINATION "${CMAKE_INSTALL_MANDIR}/man1")
                 elseif(${f} MATCHES ".3$")
                         install(FILES ${CMAKE_BINARY_DIR}/man/${f}
-                                DESTINATION "${CMAKE_INSTALL_PREFIX}/man/man3")
+                                DESTINATION "${CMAKE_INSTALL_MANDIR}/man3")
                 endif()
         endforeach()
         foreach(i RANGE 0 ${MAN_ALIAS_MAX} 2)
                 math(EXPR j "${i} + 1")
                 list(GET MAN_ALIAS ${j} DST)
                 install(FILES ${CMAKE_BINARY_DIR}/man/${DST}.3
-                        DESTINATION ${CMAKE_INSTALL_PREFIX}/man/man3)
+                        DESTINATION "${CMAKE_INSTALL_MANDIR}/man3")
         endforeach()
 endif()
diff --git a/man/es256_pk_new.3 b/man/es256_pk_new.3
index 48eda0b..54439cd 100644
--- a/man/es256_pk_new.3
+++ b/man/es256_pk_new.3
@@ -89,6 +89,10 @@ where
 points to
 .Fa len
 bytes.
+The
+.Fa ptr
+pointer may point to an uncompressed point, or to the
+concatenation of the x and y coordinates.
 No references to
 .Fa ptr
 are kept.
diff --git a/man/fido2-token.1 b/man/fido2-token.1
index d5a5734..b59463a 100644
--- a/man/fido2-token.1
+++ b/man/fido2-token.1
@@ -156,3 +156,5 @@ authenticator.
 Yubico authenticators do not allow resets after 5 seconds from
 power-up, and expect a reset to be confirmed by the user through
 touch within 30 seconds.
+.Pp
+An authenticator's path may contain spaces.
diff --git a/man/fido_bio_dev_get_info.3 b/man/fido_bio_dev_get_info.3
index bde1396..d18c9ec 100644
--- a/man/fido_bio_dev_get_info.3
+++ b/man/fido_bio_dev_get_info.3
@@ -35,6 +35,8 @@
 The functions described in this page allow biometric
 templates on a FIDO2 authenticator to be listed, created,
 removed, and customised.
+Please note that not all FIDO2 authenticators support biometric
+enrollment.
 For a description of the types involved, please refer to
 .Xr fido_bio_info_new 3 ,
 .Xr fido_bio_enroll_new 3 ,
@@ -118,3 +120,11 @@ is returned.
 .Xr fido_bio_enroll_new 3 ,
 .Xr fido_bio_info_new 3 ,
 .Xr fido_bio_template 3
+.Sh CAVEATS
+Biometric enrollment is a tentative feature of FIDO 2.1.
+Applications willing to strictly abide by FIDO 2.0 should refrain
+from using biometric enrollment.
+Applications using biometric enrollment should ensure it is
+supported by the authenticator prior to using the API.
+Since FIDO 2.1 hasn't been finalised, there is a chance the
+functionality and associated data structures may change.
diff --git a/man/fido_bio_template.3 b/man/fido_bio_template.3
index 6140926..8414937 100644
--- a/man/fido_bio_template.3
+++ b/man/fido_bio_template.3
@@ -38,11 +38,11 @@
 .Ft fido_bio_template_array_t *
 .Fn fido_bio_template_array_new "void"
 .Ft void
-.Fn fido_bio_template_array_free "fido_bio_template_array_t **template_array_p"
+.Fn fido_bio_template_array_free "fido_bio_template_array_t **array_p"
 .Ft size_t
-.Fn fido_bio_template_array_count "const fido_bio_template_array_t *template_array"
+.Fn fido_bio_template_array_count "const fido_bio_template_array_t *array"
 .Ft const fido_bio_template_t *
-.Fn fido_bio_template "const fido_bio_template_array_t *template_array" "size_t idx"
+.Fn fido_bio_template "const fido_bio_template_array_t *array" "size_t idx"
 .Sh DESCRIPTION
 Existing FIDO 2 biometric enrollments are abstracted in
 .Em libfido2
@@ -132,18 +132,18 @@ If memory cannot be allocated, NULL is returned.
 The
 .Fn fido_bio_template_array_free
 function releases the memory backing
-.Fa *template_array_p ,
+.Fa *array_p ,
 where
-.Fa *template_array_p
+.Fa *array_p
 must have been previously allocated by
 .Fn fido_bio_template_array_new .
 On return,
-.Fa *template_array_p
+.Fa *array_p
 is set to NULL.
 Either
-.Fa template_array_p
+.Fa array_p
 or
-.Fa *template_array_p
+.Fa *array_p
 may be NULL, in which case
 .Fn fido_bio_template_array_free
 is a NOP.
@@ -151,16 +151,16 @@ is a NOP.
 The
 .Fn fido_bio_template_array_count
 function returns the number of templates in
-.Fa template_array .
+.Fa array .
 .Pp
 The
 .Fn fido_bio_template
 function returns a pointer to the template at index
 .Fa idx
 in
-.Fa template_array .
+.Fa array .
 Please note that the first template in
-.Fa template_array
+.Fa array
 has an
 .Fa idx
 (index) value of 0.
diff --git a/man/fido_cbor_info_new.3 b/man/fido_cbor_info_new.3
index d1e4c41..3e7de1f 100644
--- a/man/fido_cbor_info_new.3
+++ b/man/fido_cbor_info_new.3
@@ -20,7 +20,8 @@
 .Nm fido_cbor_info_protocols_len ,
 .Nm fido_cbor_info_versions_len ,
 .Nm fido_cbor_info_options_len ,
-.Nm fido_cbor_info_maxmsgsiz
+.Nm fido_cbor_info_maxmsgsiz ,
+.Nm fido_cbor_info_fwversion
 .Nd FIDO 2 CBOR Info API
 .Sh SYNOPSIS
 .In fido.h
@@ -54,6 +55,8 @@
 .Fn fido_cbor_info_options_len "const fido_cbor_info_t *ci"
 .Ft uint64_t
 .Fn fido_cbor_info_maxmsgsiz "const fido_cbor_info_t *ci"
+.Ft uint64_t
+.Fn fido_cbor_info_fwversion "const fido_cbor_info_t *ci"
 .Sh DESCRIPTION
 The
 .Fn fido_cbor_info_new
@@ -124,7 +127,12 @@ The length of the options array is returned by
 .Pp
 The
 .Fn fido_cbor_info_maxmsgsiz
-function returns the maximum message size of
+function returns the maximum message size attribute of
+.Fa ci .
+.Pp
+The
+.Fn fido_cbor_info_fwversion
+function returns the firmware version attribute of
 .Fa ci .
 .Pp
 A complete example of how to use these functions can be found in the
diff --git a/man/fido_cred_new.3 b/man/fido_cred_new.3
index 47eeba8..22af60c 100644
--- a/man/fido_cred_new.3
+++ b/man/fido_cred_new.3
@@ -8,6 +8,7 @@
 .Sh NAME
 .Nm fido_cred_new ,
 .Nm fido_cred_free ,
+.Nm fido_cred_prot ,
 .Nm fido_cred_fmt ,
 .Nm fido_cred_authdata_ptr ,
 .Nm fido_cred_clientdata_hash_ptr ,
@@ -28,6 +29,8 @@
 .Fn fido_cred_new "void"
 .Ft void
 .Fn fido_cred_free "fido_cred_t **cred_p"
+.Ft int
+.Fn fido_cred_prot "fido_cred_t *cred"
 .Ft const char *
 .Fn fido_cred_fmt "const fido_cred_t *cred"
 .Ft const unsigned char *
@@ -99,6 +102,15 @@ may be NULL, in which case
 is a NOP.
 .Pp
 The
+.Fn fido_cred_prot
+function returns the protection of
+.Fa cred .
+See
+.Xr fido_cred_set_prot 3
+for the values understood by
+.Em libfido2 .
+.Pp
+The
 .Fn fido_cred_fmt
 function returns a pointer to a NUL-terminated string containing
 the format of
diff --git a/man/fido_cred_set_authdata.3 b/man/fido_cred_set_authdata.3
index 8b087fa..d28c61e 100644
--- a/man/fido_cred_set_authdata.3
+++ b/man/fido_cred_set_authdata.3
@@ -14,6 +14,7 @@
 .Nm fido_cred_set_rp ,
 .Nm fido_cred_set_user ,
 .Nm fido_cred_set_extensions ,
+.Nm fido_cred_set_prot ,
 .Nm fido_cred_set_rk ,
 .Nm fido_cred_set_uv ,
 .Nm fido_cred_set_fmt ,
@@ -45,6 +46,8 @@ typedef enum {
 .Ft int
 .Fn fido_cred_set_extensions "fido_cred_t *cred" "int flags"
 .Ft int
+.Fn fido_cred_set_prot "fido_cred_t *cred" "int prot"
+.Ft int
 .Fn fido_cred_set_rk "fido_cred_t *cred" "fido_opt_t rk"
 .Ft int
 .Fn fido_cred_set_uv "fido_cred_t *cred" "fido_opt_t uv"
@@ -149,7 +152,9 @@ to the bitmask
 .Fa flags .
 At the moment, only the
 .Dv FIDO_EXT_HMAC_SECRET
-extension is supported.
+and
+.Dv FIDO_EXT_CRED_PROTECT
+extensions are supported.
 If
 .Fa flags
 is zero, the extensions of
@@ -157,6 +162,24 @@ is zero, the extensions of
 are cleared.
 .Pp
 The
+.Fn fido_cred_set_prot
+function sets the protection of
+.Fa cred
+to the scalar
+.Fa prot .
+At the moment, only the
+.Dv FIDO_CRED_PROT_UV_OPTIONAL ,
+.Dv FIDO_CRED_PROT_UV_OPTIONAL_WITH_ID ,
+and
+.Dv FIDO_CRED_PROT_UV_REQUIRED
+protections are supported.
+If
+.Fa prot
+is zero, the protection of
+.Fa cred
+is cleared.
+.Pp
+The
 .Fn fido_cred_set_rk
 and
 .Fn fido_cred_set_uv
diff --git a/man/fido_credman_metadata_new.3 b/man/fido_credman_metadata_new.3
index 16f0192..1a65978 100644
--- a/man/fido_credman_metadata_new.3
+++ b/man/fido_credman_metadata_new.3
@@ -72,7 +72,8 @@ The credential management API of
 .Em libfido2
 allows resident credentials on a FIDO2 authenticator to be listed,
 inspected, and removed.
-Please note that not all authenticators support credential management.
+Please note that not all FIDO2 authenticators support credential
+management.
 To obtain information on what an authenticator supports, please
 refer to
 .Xr fido_cbor_info_new 3 .
@@ -297,3 +298,11 @@ should have their return values checked for NULL.
 .Sh SEE ALSO
 .Xr fido_cbor_info_new 3 ,
 .Xr fido_cred_new 3
+.Sh CAVEATS
+Credential management is a tentative feature of FIDO 2.1.
+Applications willing to strictly abide by FIDO 2.0 should refrain
+from using credential management.
+Applications using credential management should ensure it is
+supported by the authenticator prior to using the API.
+Since FIDO 2.1 hasn't been finalised, there is a chance the
+functionality and associated data structures may change.
diff --git a/man/fido_dev_set_io_functions.3 b/man/fido_dev_set_io_functions.3
index adc4a9e..67bc6d0 100644
--- a/man/fido_dev_set_io_functions.3
+++ b/man/fido_dev_set_io_functions.3
@@ -15,12 +15,16 @@ typedef void *fido_dev_io_open_t(const char *);
 typedef void  fido_dev_io_close_t(void *);
 typedef int   fido_dev_io_read_t(void *, unsigned char *, size_t, int);
 typedef int   fido_dev_io_write_t(void *, const unsigned char *, size_t);
+typedef int   fido_dev_io_rx_t(struct fido_dev *, uint8_t, unsigned char *, size_t, int);
+typedef int   fido_dev_io_tx_t(struct fido_dev *, uint8_t, const unsigned char *, size_t);
 
 typedef struct fido_dev_io {
         fido_dev_io_open_t  *open;
         fido_dev_io_close_t *close;
         fido_dev_io_read_t  *read;
         fido_dev_io_write_t *write;
+        fido_dev_io_rx_t    *rx;
+        fido_dev_io_tx_t    *tx;
 } fido_dev_io_t;
 .Ed
 .Ft int
@@ -28,12 +32,12 @@ typedef struct fido_dev_io {
 .Sh DESCRIPTION
 The
 .Nm
-interface defines the I/O handlers used to talk to
+interface defines the I/O and transmission handlers used to talk to
 .Fa dev .
 Its usage is optional.
 By default,
 .Em libfido2
-will use the operating system's native HID interface to talk to
+will use the operating system's native HID interface to talk CTAP2 to
 a FIDO device.
 .Pp
 A
@@ -51,13 +55,13 @@ It is not expected to be idempotent.
 .Pp
 A
 .Vt fido_dev_io_read_t
-function reads from
+function reads a single HID report from
 .Fa dev .
 The first parameter taken is the opaque handle obtained from
 .Vt fido_dev_io_open_t .
 The read buffer is pointed to by the second parameter, and the
 third parameter holds its size.
-Finally, the last argument passed to
+The last argument passed to
 .Vt fido_dev_io_read_t
 is the number of milliseconds the caller is willing to sleep,
 should the call need to block.
@@ -67,9 +71,9 @@ may block indefinitely.
 The number of bytes read is returned.
 On error, -1 is returned.
 .Pp
-Conversely, a
+A
 .Vt fido_dev_io_write_t
-function writes to
+function writes a single HID report to
 .Fa dev .
 The first parameter taken is the opaque handle returned by
 .Vt fido_dev_io_open_t .
@@ -81,6 +85,59 @@ function may block.
 The number of bytes written is returned.
 On error, -1 is returned.
 .Pp
+A
+.Vt fido_dev_io_rx_t
+function receives a complete CTAP2 message from
+.Fa dev .
+The first parameter taken is a pointer to
+.Fa dev .
+The second parameter holds the expected CTAP2 command byte.
+The read buffer is pointed to by the third parameter, and the
+fourth parameter holds its size.
+The last argument passed to
+.Vt fido_dev_io_rx_t
+is the number of milliseconds the caller is willing to sleep,
+should the call need to block.
+If this value holds -1,
+.Vt fido_dev_io_rx_t
+may block indefinitely.
+The number of bytes read is returned.
+On error, -1 is returned.
+.Pp
+A
+.Vt fido_dev_io_tx_t
+function transmits a complete CTAP2 message to
+.Fa dev .
+The first parameter taken is a pointer to
+.Fa dev .
+The second parameter holds the CTAP2 command byte.
+The write buffer is pointed to by the third parameter, and the
+fourth parameter holds its size.
+A
+.Vt fido_dev_io_tx_t
+function may block.
+On success, 0 is returned.
+On error, -1 is returned.
+.Pp
+When calling
+.Fn fido_dev_set_io_functions ,
+the
+.Fa open ,
+.Fa close ,
+.Fa read
+and
+.Fa write
+fields of
+.Fa io
+may not be NULL.
+Either
+.Fa rx
+or
+.Fa tx
+may be NULL, in which case
+.Em libfido2
+uses its corresponding CTAP2 HID transport method.
+.Pp
 No references to
 .Fa io
 are held by
diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h
index bee126c..30d80b3 100644
--- a/openbsd-compat/openbsd-compat.h
+++ b/openbsd-compat/openbsd-compat.h
@@ -32,6 +32,10 @@
 #define be32toh(x) ntohl((x))
 #endif /* _WIN32 && !HAVE_ENDIAN_H */
 
+#if defined(__FreeBSD__) && !defined(HAVE_ENDIAN_H)
+#include <sys/endian.h>
+#endif
+
 #include <stdlib.h>
 
 #if !defined(HAVE_STRLCAT)
diff --git a/openbsd-compat/readpassphrase.c b/openbsd-compat/readpassphrase.c
index dfb3065..8b84190 100644
--- a/openbsd-compat/readpassphrase.c
+++ b/openbsd-compat/readpassphrase.c
@@ -52,7 +52,7 @@
 #  define _POSIX_VDISABLE       VDISABLE
 #endif
 
-static volatile sig_atomic_t signo[_NSIG];
+static volatile sig_atomic_t signo[NSIG];
 
 static void handler(int);
 
@@ -73,7 +73,7 @@ readpassphrase(const char *prompt, char *buf, size_t bufsiz, int flags)
         }
 
 restart:
-        for (i = 0; i < _NSIG; i++)
+        for (i = 0; i < NSIG; i++)
                 signo[i] = 0;
         need_restart = 0;
         /*
@@ -177,7 +177,7 @@ restart:
          * If we were interrupted by a signal, resend it to ourselves
          * now that we have restored the signal handlers.
          */
-        for (i = 0; i < _NSIG; i++) {
+        for (i = 0; i < NSIG; i++) {
                 if (signo[i]) {
                         kill(getpid(), i);
                         switch (i) {
diff --git a/openbsd-compat/readpassphrase.h b/openbsd-compat/readpassphrase.h
index 0c4a59e..e4451f3 100644
--- a/openbsd-compat/readpassphrase.h
+++ b/openbsd-compat/readpassphrase.h
@@ -27,6 +27,8 @@
 
 #ifndef HAVE_READPASSPHRASE
 
+#include <stdlib.h>
+
 #define RPP_ECHO_OFF    0x00            /* Turn off echo (default). */
 #define RPP_ECHO_ON     0x01            /* Leave echo on. */
 #define RPP_REQUIRE_TTY 0x02            /* Fail if there is no tty. */
diff --git a/regress/CMakeLists.txt b/regress/CMakeLists.txt
index b8fea64..0314c38 100644
--- a/regress/CMakeLists.txt
+++ b/regress/CMakeLists.txt
@@ -2,17 +2,15 @@
 # Use of this source code is governed by a BSD-style
 # license that can be found in the LICENSE file.
 
-# cred
-add_executable(regress_cred cred.c)
-target_link_libraries(regress_cred fido2_shared)
-add_custom_command(TARGET regress_cred POST_BUILD COMMAND regress_cred)
+add_custom_target(regress ALL)
 
-# assert
-add_executable(regress_assert assert.c)
-target_link_libraries(regress_assert fido2_shared)
-add_custom_command(TARGET regress_assert POST_BUILD COMMAND regress_assert)
+macro(add_regress_test NAME SOURCES)
+        add_executable(${NAME} ${SOURCES})
+        target_link_libraries(${NAME} fido2_shared)
+        add_custom_command(TARGET regress POST_BUILD COMMAND ${NAME}
+                DEPENDS ${NAME})
+endmacro()
 
-# dev
-add_executable(regress_dev dev.c)
-target_link_libraries(regress_dev fido2_shared)
-add_custom_command(TARGET regress_dev POST_BUILD COMMAND regress_dev)
+add_regress_test(regress_cred cred.c)
+add_regress_test(regress_assert assert.c)
+add_regress_test(regress_dev dev.c)
diff --git a/regress/assert.c b/regress/assert.c
index ebf0652..caa5725 100644
--- a/regress/assert.c
+++ b/regress/assert.c
@@ -216,12 +216,16 @@ empty_assert_tests(void)
         fido_dev_io_t io_f;
         int i;
 
+        memset(&io_f, 0, sizeof(io_f));
+
         a = alloc_assert();
         d = alloc_dev();
+
         io_f.open = dummy_open;
         io_f.close = dummy_close;
         io_f.read = dummy_read;
         io_f.write = dummy_write;
+
         assert(fido_dev_set_io_functions(d, &io_f) == FIDO_OK);
 
         empty_assert(d, a, 0);
diff --git a/regress/cred.c b/regress/cred.c
index 4998649..f8c08a4 100644
--- a/regress/cred.c
+++ b/regress/cred.c
@@ -333,10 +333,13 @@ empty_cred(void)
         assert(fido_cred_x5c_ptr(c) == NULL);
         assert(fido_cred_verify(c) == FIDO_ERR_INVALID_ARGUMENT);
 
+        memset(&io_f, 0, sizeof(io_f));
+
         io_f.open = dummy_open;
         io_f.close = dummy_close;
         io_f.read = dummy_read;
         io_f.write = dummy_write;
+
         d = alloc_dev();
 
         fido_dev_force_u2f(d);
diff --git a/regress/dev.c b/regress/dev.c
index 39b3584..84a45cc 100644
--- a/regress/dev.c
+++ b/regress/dev.c
@@ -6,6 +6,7 @@
 
 #include <assert.h>
 #include <fido.h>
+#include <string.h>
 
 #define FAKE_DEV_HANDLE ((void *)0xdeadbeef)
 #define REPORT_LEN      (64 + 1)
@@ -53,6 +54,8 @@ open_iff_ok(void)
         fido_dev_t      *dev = NULL;
         fido_dev_io_t    io;
 
+        memset(&io, 0, sizeof(io));
+
         io.open = dummy_open;
         io.close = dummy_close;
         io.read = dummy_read;
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
index 926e7f2..3cf62e8 100644
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -31,11 +31,14 @@ list(APPEND FIDO_SOURCES
 )
 
 if(FUZZ)
+        list(APPEND FIDO_SOURCES ../fuzz/prng.c)
         list(APPEND FIDO_SOURCES ../fuzz/uniform_random.c)
         list(APPEND FIDO_SOURCES ../fuzz/wrap.c)
 endif()
 
-if(WIN32)
+if(USE_HIDAPI)
+        list(APPEND COMPAT_SOURCES hid_hidapi.c)
+elseif(WIN32)
         list(APPEND COMPAT_SOURCES hid_win.c)
 elseif(APPLE)
         list(APPEND COMPAT_SOURCES hid_osx.c)
@@ -43,6 +46,8 @@ elseif(CMAKE_SYSTEM_NAME STREQUAL "Linux")
         list(APPEND COMPAT_SOURCES hid_linux.c)
 elseif(CMAKE_SYSTEM_NAME STREQUAL "OpenBSD")
         list(APPEND COMPAT_SOURCES hid_openbsd.c)
+else()
+        message(FATAL_ERROR "please define a hid backend for your platform")
 endif()
 
 list(APPEND COMPAT_SOURCES
@@ -50,13 +55,14 @@ list(APPEND COMPAT_SOURCES
         ../openbsd-compat/explicit_bzero.c
         ../openbsd-compat/explicit_bzero_win32.c
         ../openbsd-compat/recallocarray.c
+        ../openbsd-compat/strlcat.c
         ../openbsd-compat/timingsafe_bcmp.c
 )
 
 # static library
 add_library(fido2 STATIC ${FIDO_SOURCES} ${COMPAT_SOURCES})
 target_link_libraries(fido2 ${CBOR_LIBRARIES} ${CRYPTO_LIBRARIES}
-        ${UDEV_LIBRARIES} ${BASE_LIBRARIES})
+        ${UDEV_LIBRARIES} ${BASE_LIBRARIES} ${HIDAPI_LIBRARIES})
 if(WIN32)
         if (MINGW)
                 target_link_libraries(fido2 wsock32 ws2_32 bcrypt setupapi hid)
@@ -74,7 +80,7 @@ install(TARGETS fido2 ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR}
 # dynamic library
 add_library(fido2_shared SHARED ${FIDO_SOURCES} ${COMPAT_SOURCES})
 target_link_libraries(fido2_shared ${CBOR_LIBRARIES} ${CRYPTO_LIBRARIES}
-        ${UDEV_LIBRARIES} ${BASE_LIBRARIES})
+        ${UDEV_LIBRARIES} ${BASE_LIBRARIES} ${HIDAPI_LIBRARIES})
 if(WIN32)
         if (MINGW)
                 target_link_libraries(fido2_shared wsock32 ws2_32 bcrypt
diff --git a/src/assert.c b/src/assert.c
index a21b308..b71d00e 100644
--- a/src/assert.c
+++ b/src/assert.c
@@ -152,8 +152,8 @@ fido_dev_get_assert_tx(fido_dev_t *dev, fido_assert_t *assert,
         }
 
         /* frame and transmit */
-        if (cbor_build_frame(CTAP_CBOR_ASSERT, argv, 7, &f) < 0 ||
-            fido_tx(dev, CTAP_FRAME_INIT | CTAP_CMD_CBOR, f.ptr, f.len) < 0) {
+        if (cbor_build_frame(CTAP_CBOR_ASSERT, argv, nitems(argv), &f) < 0 ||
+            fido_tx(dev, CTAP_CMD_CBOR, f.ptr, f.len) < 0) {
                 fido_log_debug("%s: fido_tx", __func__);
                 r = FIDO_ERR_TX;
                 goto fail;
@@ -170,14 +170,14 @@ fail:
 static int
 fido_dev_get_assert_rx(fido_dev_t *dev, fido_assert_t *assert, int ms)
 {
-        const uint8_t   cmd = CTAP_FRAME_INIT | CTAP_CMD_CBOR;
-        unsigned char   reply[2048];
+        unsigned char   reply[FIDO_MAXMSG];
         int             reply_len;
         int             r;
 
         fido_assert_reset_rx(assert);
 
-        if ((reply_len = fido_rx(dev, cmd, &reply, sizeof(reply), ms)) < 0) {
+        if ((reply_len = fido_rx(dev, CTAP_CMD_CBOR, &reply, sizeof(reply),
+            ms)) < 0) {
                 fido_log_debug("%s: fido_rx", __func__);
                 return (FIDO_ERR_RX);
         }
@@ -211,10 +211,9 @@ fido_dev_get_assert_rx(fido_dev_t *dev, fido_assert_t *assert, int ms)
 static int
 fido_get_next_assert_tx(fido_dev_t *dev)
 {
-        const unsigned char     cbor[] = { CTAP_CBOR_NEXT_ASSERT };
-        const uint8_t           cmd = CTAP_FRAME_INIT | CTAP_CMD_CBOR;
+        const unsigned char cbor[] = { CTAP_CBOR_NEXT_ASSERT };
 
-        if (fido_tx(dev, cmd, cbor, sizeof(cbor)) < 0) {
+        if (fido_tx(dev, CTAP_CMD_CBOR, cbor, sizeof(cbor)) < 0) {
                 fido_log_debug("%s: fido_tx", __func__);
                 return (FIDO_ERR_TX);
         }
@@ -225,12 +224,12 @@ fido_get_next_assert_tx(fido_dev_t *dev)
 static int
 fido_get_next_assert_rx(fido_dev_t *dev, fido_assert_t *assert, int ms)
 {
-        const uint8_t   cmd = CTAP_FRAME_INIT | CTAP_CMD_CBOR;
-        unsigned char   reply[2048];
+        unsigned char   reply[FIDO_MAXMSG];
         int             reply_len;
         int             r;
 
-        if ((reply_len = fido_rx(dev, cmd, &reply, sizeof(reply), ms)) < 0) {
+        if ((reply_len = fido_rx(dev, CTAP_CMD_CBOR, &reply, sizeof(reply),
+            ms)) < 0) {
                 fido_log_debug("%s: fido_rx", __func__);
                 return (FIDO_ERR_RX);
         }
@@ -363,8 +362,8 @@ check_extensions(int authdata_ext, int ext)
         return (0);
 }
 
-static int
-get_signed_hash(int cose_alg, fido_blob_t *dgst, const fido_blob_t *clientdata,
+int
+fido_get_signed_hash(int cose_alg, fido_blob_t *dgst, const fido_blob_t *clientdata,
     const fido_blob_t *authdata_cbor)
 {
         cbor_item_t             *item = NULL;
@@ -534,7 +533,7 @@ int
 fido_assert_verify(const fido_assert_t *assert, size_t idx, int cose_alg,
     const void *pk)
 {
-        unsigned char            buf[1024];
+        unsigned char            buf[1024]; /* XXX */
         fido_blob_t              dgst;
         const fido_assert_stmt  *stmt = NULL;
         int                      ok = -1;
@@ -579,9 +578,9 @@ fido_assert_verify(const fido_assert_t *assert, size_t idx, int cose_alg,
                 goto out;
         }
 
-        if (get_signed_hash(cose_alg, &dgst, &assert->cdh,
+        if (fido_get_signed_hash(cose_alg, &dgst, &assert->cdh,
             &stmt->authdata_cbor) < 0) {
-                fido_log_debug("%s: get_signed_hash", __func__);
+                fido_log_debug("%s: fido_get_signed_hash", __func__);
                 r = FIDO_ERR_INTERNAL;
                 goto out;
         }
diff --git a/src/authkey.c b/src/authkey.c
index 9de37f1..83c2564 100644
--- a/src/authkey.c
+++ b/src/authkey.c
@@ -43,8 +43,8 @@ fido_dev_authkey_tx(fido_dev_t *dev)
         }
 
         /* frame and transmit */
-        if (cbor_build_frame(CTAP_CBOR_CLIENT_PIN, argv, 2, &f) < 0 ||
-            fido_tx(dev, CTAP_FRAME_INIT | CTAP_CMD_CBOR, f.ptr, f.len) < 0) {
+        if (cbor_build_frame(CTAP_CBOR_CLIENT_PIN, argv, nitems(argv),
+            &f) < 0 || fido_tx(dev, CTAP_CMD_CBOR, f.ptr, f.len) < 0) {
                 fido_log_debug("%s: fido_tx", __func__);
                 r = FIDO_ERR_TX;
                 goto fail;
@@ -61,8 +61,7 @@ fail:
 static int
 fido_dev_authkey_rx(fido_dev_t *dev, es256_pk_t *authkey, int ms)
 {
-        const uint8_t   cmd = CTAP_FRAME_INIT | CTAP_CMD_CBOR;
-        unsigned char   reply[2048];
+        unsigned char   reply[FIDO_MAXMSG];
         int             reply_len;
 
         fido_log_debug("%s: dev=%p, authkey=%p, ms=%d", __func__, (void *)dev,
@@ -70,7 +69,8 @@ fido_dev_authkey_rx(fido_dev_t *dev, es256_pk_t *authkey, int ms)
 
         memset(authkey, 0, sizeof(*authkey));
 
-        if ((reply_len = fido_rx(dev, cmd, &reply, sizeof(reply), ms)) < 0) {
+        if ((reply_len = fido_rx(dev, CTAP_CMD_CBOR, &reply, sizeof(reply),
+            ms)) < 0) {
                 fido_log_debug("%s: fido_rx", __func__);
                 return (FIDO_ERR_RX);
         }
diff --git a/src/bio.c b/src/bio.c
index 74814b9..c1032d8 100644
--- a/src/bio.c
+++ b/src/bio.c
@@ -109,8 +109,8 @@ bio_tx(fido_dev_t *dev, uint8_t cmd, cbor_item_t **sub_argv, size_t sub_argc,
         }
 
         /* framing and transmission */
-        if (cbor_build_frame(CTAP_CBOR_BIO_ENROLL_PRE, argv, 5, &f) < 0 ||
-            fido_tx(dev, CTAP_FRAME_INIT | CTAP_CMD_CBOR, f.ptr, f.len) < 0) {
+        if (cbor_build_frame(CTAP_CBOR_BIO_ENROLL_PRE, argv, nitems(argv),
+            &f) < 0 || fido_tx(dev, CTAP_CMD_CBOR, f.ptr, f.len) < 0) {
                 fido_log_debug("%s: fido_tx", __func__);
                 r = FIDO_ERR_TX;
                 goto fail;
@@ -235,14 +235,14 @@ bio_parse_template_array(const cbor_item_t *key, const cbor_item_t *val,
 static int
 bio_rx_template_array(fido_dev_t *dev, fido_bio_template_array_t *ta, int ms)
 {
-        const uint8_t   cmd = CTAP_FRAME_INIT | CTAP_CMD_CBOR;
-        unsigned char   reply[2048];
+        unsigned char   reply[FIDO_MAXMSG];
         int             reply_len;
         int             r;
 
         bio_reset_template_array(ta);
 
-        if ((reply_len = fido_rx(dev, cmd, &reply, sizeof(reply), ms)) < 0) {
+        if ((reply_len = fido_rx(dev, CTAP_CMD_CBOR, &reply, sizeof(reply),
+            ms)) < 0) {
                 fido_log_debug("%s: fido_rx", __func__);
                 return (FIDO_ERR_RX);
         }
@@ -382,8 +382,7 @@ static int
 bio_rx_enroll_begin(fido_dev_t *dev, fido_bio_template_t *t,
     fido_bio_enroll_t *e, int ms)
 {
-        const uint8_t   cmd = CTAP_FRAME_INIT | CTAP_CMD_CBOR;
-        unsigned char   reply[2048];
+        unsigned char   reply[FIDO_MAXMSG];
         int             reply_len;
         int             r;
 
@@ -392,7 +391,8 @@ bio_rx_enroll_begin(fido_dev_t *dev, fido_bio_template_t *t,
         e->remaining_samples = 0;
         e->last_status = 0;
 
-        if ((reply_len = fido_rx(dev, cmd, &reply, sizeof(reply), ms)) < 0) {
+        if ((reply_len = fido_rx(dev, CTAP_CMD_CBOR, &reply, sizeof(reply),
+            ms)) < 0) {
                 fido_log_debug("%s: fido_rx", __func__);
                 return (FIDO_ERR_RX);
         }
@@ -407,7 +407,7 @@ bio_rx_enroll_begin(fido_dev_t *dev, fido_bio_template_t *t,
                 fido_log_debug("%s: bio_parse_template_id", __func__);
                 return (r);
         }
-    
+
         return (FIDO_OK);
 }
 
@@ -482,15 +482,15 @@ fail:
 static int
 bio_rx_enroll_continue(fido_dev_t *dev, fido_bio_enroll_t *e, int ms)
 {
-        const uint8_t   cmd = CTAP_FRAME_INIT | CTAP_CMD_CBOR;
-        unsigned char   reply[2048];
+        unsigned char   reply[FIDO_MAXMSG];
         int             reply_len;
         int             r;
 
         e->remaining_samples = 0;
         e->last_status = 0;
 
-        if ((reply_len = fido_rx(dev, cmd, &reply, sizeof(reply), ms)) < 0) {
+        if ((reply_len = fido_rx(dev, CTAP_CMD_CBOR, &reply, sizeof(reply),
+            ms)) < 0) {
                 fido_log_debug("%s: fido_rx", __func__);
                 return (FIDO_ERR_RX);
         }
@@ -500,7 +500,7 @@ bio_rx_enroll_continue(fido_dev_t *dev, fido_bio_enroll_t *e, int ms)
                 fido_log_debug("%s: bio_parse_enroll_status", __func__);
                 return (r);
         }
-    
+
         return (FIDO_OK);
 }
 
@@ -643,14 +643,14 @@ bio_parse_info(const cbor_item_t *key, const cbor_item_t *val, void *arg)
 static int
 bio_rx_info(fido_dev_t *dev, fido_bio_info_t *i, int ms)
 {
-        const uint8_t   cmd = CTAP_FRAME_INIT | CTAP_CMD_CBOR;
-        unsigned char   reply[2048];
+        unsigned char   reply[FIDO_MAXMSG];
         int             reply_len;
         int             r;
 
         bio_reset_info(i);
 
-        if ((reply_len = fido_rx(dev, cmd, &reply, sizeof(reply), ms)) < 0) {
+        if ((reply_len = fido_rx(dev, CTAP_CMD_CBOR, &reply, sizeof(reply),
+            ms)) < 0) {
                 fido_log_debug("%s: fido_rx", __func__);
                 return (FIDO_ERR_RX);
         }
diff --git a/src/blob.h b/src/blob.h
index 24fdc23..9e98d03 100644
--- a/src/blob.h
+++ b/src/blob.h
@@ -7,6 +7,13 @@
 #ifndef _BLOB_H
 #define _BLOB_H
 
+#include <cbor.h>
+#include <stdlib.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
 typedef struct fido_blob {
         unsigned char   *ptr;
         size_t           len;
@@ -25,4 +32,8 @@ int fido_blob_set(fido_blob_t *, const unsigned char *, size_t);
 void fido_blob_free(fido_blob_t **);
 void fido_free_blob_array(fido_blob_array_t *);
 
+#ifdef __cplusplus
+} /* extern "C" */
+#endif /* __cplusplus */
+
 #endif /* !_BLOB_H */
diff --git a/src/cbor.c b/src/cbor.c
index 3e03592..3928325 100644
--- a/src/cbor.c
+++ b/src/cbor.c
@@ -314,6 +314,35 @@ fail:
 }
 
 static int
+cbor_add_uint8(cbor_item_t *item, const char *key, uint8_t value)
+{
+        struct cbor_pair pair;
+        int ok = -1;
+
+        memset(&pair, 0, sizeof(pair));
+
+        if ((pair.key = cbor_build_string(key)) == NULL ||
+            (pair.value = cbor_build_uint8(value)) == NULL) {
+                fido_log_debug("%s: cbor_build", __func__);
+                goto fail;
+        }
+
+        if (!cbor_map_add(item, pair)) {
+                fido_log_debug("%s: cbor_map_add", __func__);
+                goto fail;
+        }
+
+        ok = 0;
+fail:
+        if (pair.key)
+                cbor_decref(&pair.key);
+        if (pair.value)
+                cbor_decref(&pair.value);
+
+        return (ok);
+}
+
+static int
 cbor_add_arg(cbor_item_t *item, uint8_t n, cbor_item_t *arg)
 {
         struct cbor_pair pair;
@@ -535,19 +564,29 @@ fail:
 }
 
 cbor_item_t *
-cbor_encode_extensions(int ext)
+cbor_encode_extensions(const fido_cred_ext_t *ext)
 {
         cbor_item_t *item = NULL;
+        size_t size = 0;
 
-        if (ext == 0 || ext != FIDO_EXT_HMAC_SECRET)
-                return (NULL);
-
-        if ((item = cbor_new_definite_map(1)) == NULL)
+        if (ext->mask & FIDO_EXT_HMAC_SECRET)
+                size++;
+        if (ext->mask & FIDO_EXT_CRED_PROTECT)
+                size++;
+        if (size == 0 || (item = cbor_new_definite_map(size)) == NULL)
                 return (NULL);
 
-        if (cbor_add_bool(item, "hmac-secret", FIDO_OPT_TRUE) < 0) {
-                cbor_decref(&item);
-                return (NULL);
+        if (ext->mask & FIDO_EXT_HMAC_SECRET) {
+                if (cbor_add_bool(item, "hmac-secret", FIDO_OPT_TRUE) < 0) {
+                        cbor_decref(&item);
+                        return (NULL);
+                }
+        }
+        if (ext->mask & FIDO_EXT_CRED_PROTECT) {
+                if (cbor_add_uint8(item, "credProtect", ext->prot) < 0) {
+                        cbor_decref(&item);
+                        return (NULL);
+                }
         }
 
         return (item);
@@ -1082,26 +1121,35 @@ fail:
 static int
 decode_extension(const cbor_item_t *key, const cbor_item_t *val, void *arg)
 {
-        int     *authdata_ext = arg;
-        char    *type = NULL;
-        int      ok = -1;
+        fido_cred_ext_t *authdata_ext = arg;
+        char            *type = NULL;
+        int              ok = -1;
 
-        if (cbor_string_copy(key, &type) < 0 || strcmp(type, "hmac-secret")) {
+        if (cbor_string_copy(key, &type) < 0) {
                 fido_log_debug("%s: cbor type", __func__);
                 ok = 0; /* ignore */
                 goto out;
         }
 
-        if (cbor_isa_float_ctrl(val) == false ||
-            cbor_float_get_width(val) != CBOR_FLOAT_0 ||
-            cbor_is_bool(val) == false || *authdata_ext != 0) {
-                fido_log_debug("%s: cbor type", __func__);
-                goto out;
+        if (strcmp(type, "hmac-secret") == 0) {
+                if (cbor_isa_float_ctrl(val) == false ||
+                    cbor_float_get_width(val) != CBOR_FLOAT_0 ||
+                    cbor_is_bool(val) == false) {
+                        fido_log_debug("%s: cbor type", __func__);
+                        goto out;
+                }
+                if (cbor_ctrl_value(val) == CBOR_CTRL_TRUE)
+                        authdata_ext->mask |= FIDO_EXT_HMAC_SECRET;
+        } else if (strcmp(type, "credProtect") == 0) {
+                if (cbor_isa_uint(val) == false ||
+                    cbor_int_get_width(val) != CBOR_INT_8) {
+                        fido_log_debug("%s: cbor type", __func__);
+                        goto out;
+                }
+                authdata_ext->mask |= FIDO_EXT_CRED_PROTECT;
+                authdata_ext->prot = cbor_get_uint8(val);
         }
 
-        if (cbor_ctrl_value(val) == CBOR_CTRL_TRUE)
-                *authdata_ext |= FIDO_EXT_HMAC_SECRET;
-
         ok = 0;
 out:
         free(type);
@@ -1110,7 +1158,8 @@ out:
 }
 
 static int
-decode_extensions(const unsigned char **buf, size_t *len, int *authdata_ext)
+decode_extensions(const unsigned char **buf, size_t *len,
+    fido_cred_ext_t *authdata_ext)
 {
         cbor_item_t             *item = NULL;
         struct cbor_load_result  cbor;
@@ -1118,8 +1167,9 @@ decode_extensions(const unsigned char **buf, size_t *len, int *authdata_ext)
 
         fido_log_debug("%s: buf=%p, len=%zu", __func__, (const void *)*buf,
             *len);
+        fido_log_xxd(*buf, *len);
 
-        *authdata_ext = 0;
+        memset(authdata_ext, 0, sizeof(*authdata_ext));
 
         if ((item = cbor_load(*buf, *len, &cbor)) == NULL) {
                 fido_log_debug("%s: cbor_load", __func__);
@@ -1129,7 +1179,6 @@ decode_extensions(const unsigned char **buf, size_t *len, int *authdata_ext)
 
         if (cbor_isa_map(item) == false ||
             cbor_map_is_definite(item) == false ||
-            cbor_map_size(item) != 1 ||
             cbor_map_iter(item, authdata_ext, decode_extension) < 0) {
                 fido_log_debug("%s: cbor type", __func__);
                 goto fail;
@@ -1204,7 +1253,7 @@ fail:
 int
 cbor_decode_cred_authdata(const cbor_item_t *item, int cose_alg,
     fido_blob_t *authdata_cbor, fido_authdata_t *authdata,
-    fido_attcred_t *attcred, int *authdata_ext)
+    fido_attcred_t *attcred, fido_cred_ext_t *authdata_ext)
 {
         const unsigned char     *buf = NULL;
         size_t                   len;
@@ -1227,6 +1276,7 @@ cbor_decode_cred_authdata(const cbor_item_t *item, int cose_alg,
         len = cbor_bytestring_length(item);
 
         fido_log_debug("%s: buf=%p, len=%zu", __func__, (const void *)buf, len);
+        fido_log_xxd(buf, len);
 
         if (fido_buf_read(&buf, &len, authdata, sizeof(*authdata)) < 0) {
                 fido_log_debug("%s: fido_buf_read", __func__);
@@ -1316,6 +1366,7 @@ decode_attstmt_entry(const cbor_item_t *key, const cbor_item_t *val, void *arg)
 {
         fido_attstmt_t  *attstmt = arg;
         char            *name = NULL;
+        int              cose_alg = 0;
         int              ok = -1;
 
         if (cbor_string_copy(key, &name) < 0) {
@@ -1326,11 +1377,16 @@ decode_attstmt_entry(const cbor_item_t *key, const cbor_item_t *val, void *arg)
 
         if (!strcmp(name, "alg")) {
                 if (cbor_isa_negint(val) == false ||
-                    cbor_int_get_width(val) != CBOR_INT_8 ||
-                    cbor_get_uint8(val) != -COSE_ES256 - 1) {
+                    cbor_get_int(val) > UINT16_MAX) {
                         fido_log_debug("%s: alg", __func__);
                         goto out;
                 }
+                if ((cose_alg = -(int)cbor_get_int(val) - 1) != COSE_ES256 &&
+                    cose_alg != COSE_RS256 && cose_alg != COSE_EDDSA) {
+                        fido_log_debug("%s: unsupported cose_alg=%d", __func__,
+                            cose_alg);
+                        goto out;
+                }
         } else if (!strcmp(name, "sig")) {
                 if (cbor_bytestring_copy(val, &attstmt->sig.ptr,
                     &attstmt->sig.len) < 0) {
diff --git a/src/cred.c b/src/cred.c
index c4e1edb..4ecbba8 100644
--- a/src/cred.c
+++ b/src/cred.c
@@ -76,8 +76,8 @@ fido_dev_make_cred_tx(fido_dev_t *dev, fido_cred_t *cred, const char *pin)
                 }
 
         /* extensions */
-        if (cred->ext)
-                if ((argv[5] = cbor_encode_extensions(cred->ext)) == NULL) {
+        if (cred->ext.mask)
+                if ((argv[5] = cbor_encode_extensions(&cred->ext)) == NULL) {
                         fido_log_debug("%s: cbor_encode_extensions", __func__);
                         r = FIDO_ERR_INTERNAL;
                         goto fail;
@@ -106,8 +106,8 @@ fido_dev_make_cred_tx(fido_dev_t *dev, fido_cred_t *cred, const char *pin)
         }
 
         /* framing and transmission */
-        if (cbor_build_frame(CTAP_CBOR_MAKECRED, argv, 9, &f) < 0 ||
-            fido_tx(dev, CTAP_FRAME_INIT | CTAP_CMD_CBOR, f.ptr, f.len) < 0) {
+        if (cbor_build_frame(CTAP_CBOR_MAKECRED, argv, nitems(argv), &f) < 0 ||
+            fido_tx(dev, CTAP_CMD_CBOR, f.ptr, f.len) < 0) {
                 fido_log_debug("%s: fido_tx", __func__);
                 r = FIDO_ERR_TX;
                 goto fail;
@@ -126,14 +126,14 @@ fail:
 static int
 fido_dev_make_cred_rx(fido_dev_t *dev, fido_cred_t *cred, int ms)
 {
-        const uint8_t   cmd = CTAP_FRAME_INIT | CTAP_CMD_CBOR;
-        unsigned char   reply[2048];
+        unsigned char   reply[FIDO_MAXMSG];
         int             reply_len;
         int             r;
 
         fido_cred_reset_rx(cred);
 
-        if ((reply_len = fido_rx(dev, cmd, &reply, sizeof(reply), ms)) < 0) {
+        if ((reply_len = fido_rx(dev, CTAP_CMD_CBOR, &reply, sizeof(reply),
+            ms)) < 0) {
                 fido_log_debug("%s: fido_rx", __func__);
                 return (FIDO_ERR_RX);
         }
@@ -170,7 +170,8 @@ int
 fido_dev_make_cred(fido_dev_t *dev, fido_cred_t *cred, const char *pin)
 {
         if (fido_dev_is_fido2(dev) == false) {
-                if (pin != NULL || cred->rk == FIDO_OPT_TRUE || cred->ext != 0)
+                if (pin != NULL || cred->rk == FIDO_OPT_TRUE ||
+                    cred->ext.mask != 0)
                         return (FIDO_ERR_UNSUPPORTED_OPTION);
                 return (u2f_register(dev, cred, -1));
         }
@@ -179,15 +180,9 @@ fido_dev_make_cred(fido_dev_t *dev, fido_cred_t *cred, const char *pin)
 }
 
 static int
-check_extensions(int authdata_ext, int ext)
+check_extensions(const fido_cred_ext_t *authdata_ext, const fido_cred_ext_t *ext)
 {
-        if (authdata_ext != ext) {
-                fido_log_debug("%s: authdata_ext=0x%x != ext=0x%x", __func__,
-                    authdata_ext, ext);
-                return (-1);
-        }
-
-        return (0);
+        return (timingsafe_bcmp(authdata_ext, ext, sizeof(*authdata_ext)));
 }
 
 int
@@ -208,48 +203,6 @@ fido_check_rp_id(const char *id, const unsigned char *obtained_hash)
 }
 
 static int
-get_signed_hash_packed(fido_blob_t *dgst, const fido_blob_t *clientdata,
-    const fido_blob_t *authdata_cbor)
-{
-        cbor_item_t             *item = NULL;
-        unsigned char           *authdata_ptr = NULL;
-        size_t                   authdata_len;
-        struct cbor_load_result  cbor;
-        SHA256_CTX               ctx;
-        int                      ok = -1;
-
-        if ((item = cbor_load(authdata_cbor->ptr, authdata_cbor->len,
-            &cbor)) == NULL) {
-                fido_log_debug("%s: cbor_load", __func__);
-                goto fail;
-        }
-
-        if (cbor_isa_bytestring(item) == false ||
-            cbor_bytestring_is_definite(item) == false) {
-                fido_log_debug("%s: cbor type", __func__);
-                goto fail;
-        }
-
-        authdata_ptr = cbor_bytestring_handle(item);
-        authdata_len = cbor_bytestring_length(item);
-
-        if (dgst->len != SHA256_DIGEST_LENGTH || SHA256_Init(&ctx) == 0 ||
-            SHA256_Update(&ctx, authdata_ptr, authdata_len) == 0 ||
-            SHA256_Update(&ctx, clientdata->ptr, clientdata->len) == 0 ||
-            SHA256_Final(dgst->ptr, &ctx) == 0) {
-                fido_log_debug("%s: sha256", __func__);
-                goto fail;
-        }
-
-        ok = 0;
-fail:
-        if (item != NULL)
-                cbor_decref(&item);
-
-        return (ok);
-}
-
-static int
 get_signed_hash_u2f(fido_blob_t *dgst, const unsigned char *rp_id,
     size_t rp_id_len, const fido_blob_t *clientdata, const fido_blob_t *id,
     const es256_pk_t *pk)
@@ -356,16 +309,16 @@ fido_cred_verify(const fido_cred_t *cred)
                 goto out;
         }
 
-        if (check_extensions(cred->authdata_ext, cred->ext) < 0) {
+        if (check_extensions(&cred->authdata_ext, &cred->ext) != 0) {
                 fido_log_debug("%s: check_extensions", __func__);
                 r = FIDO_ERR_INVALID_PARAM;
                 goto out;
         }
 
         if (!strcmp(cred->fmt, "packed")) {
-                if (get_signed_hash_packed(&dgst, &cred->cdh,
+                if (fido_get_signed_hash(COSE_ES256, &dgst, &cred->cdh,
                     &cred->authdata_cbor) < 0) {
-                        fido_log_debug("%s: get_signed_hash_packed", __func__);
+                        fido_log_debug("%s: fido_get_signed_hash", __func__);
                         r = FIDO_ERR_INTERNAL;
                         goto out;
                 }
@@ -395,7 +348,7 @@ out:
 int
 fido_cred_verify_self(const fido_cred_t *cred)
 {
-        unsigned char   buf[SHA256_DIGEST_LENGTH];
+        unsigned char   buf[1024]; /* XXX */
         fido_blob_t     dgst;
         int             ok = -1;
         int             r;
@@ -431,16 +384,16 @@ fido_cred_verify_self(const fido_cred_t *cred)
                 goto out;
         }
 
-        if (check_extensions(cred->authdata_ext, cred->ext) < 0) {
+        if (check_extensions(&cred->authdata_ext, &cred->ext) != 0) {
                 fido_log_debug("%s: check_extensions", __func__);
                 r = FIDO_ERR_INVALID_PARAM;
                 goto out;
         }
 
         if (!strcmp(cred->fmt, "packed")) {
-                if (get_signed_hash_packed(&dgst, &cred->cdh,
+                if (fido_get_signed_hash(cred->attcred.type, &dgst, &cred->cdh,
                     &cred->authdata_cbor) < 0) {
-                        fido_log_debug("%s: get_signed_hash_packed", __func__);
+                        fido_log_debug("%s: fido_get_signed_hash", __func__);
                         r = FIDO_ERR_INTERNAL;
                         goto out;
                 }
@@ -519,9 +472,9 @@ fido_cred_reset_tx(fido_cred_t *cred)
         memset(&cred->rp, 0, sizeof(cred->rp));
         memset(&cred->user, 0, sizeof(cred->user));
         memset(&cred->excl, 0, sizeof(cred->excl));
+        memset(&cred->ext, 0, sizeof(cred->ext));
 
         cred->type = 0;
-        cred->ext = 0;
         cred->rk = FIDO_OPT_OMIT;
         cred->uv = FIDO_OPT_OMIT;
 }
@@ -810,10 +763,14 @@ fail:
 int
 fido_cred_set_extensions(fido_cred_t *cred, int ext)
 {
-        if (ext != 0 && ext != FIDO_EXT_HMAC_SECRET)
-                return (FIDO_ERR_INVALID_ARGUMENT);
-
-        cred->ext = ext;
+        if (ext == 0)
+                cred->ext.mask = 0;
+        else {
+                if (ext != FIDO_EXT_HMAC_SECRET &&
+                    ext != FIDO_EXT_CRED_PROTECT)
+                        return (FIDO_ERR_INVALID_ARGUMENT);
+                cred->ext.mask |= ext;
+        }
 
         return (FIDO_OK);
 }
@@ -844,6 +801,25 @@ fido_cred_set_uv(fido_cred_t *cred, fido_opt_t uv)
 }
 
 int
+fido_cred_set_prot(fido_cred_t *cred, int prot)
+{
+        if (prot == 0) {
+                cred->ext.mask &= ~FIDO_EXT_CRED_PROTECT;
+                cred->ext.prot = 0;
+        } else {
+                if (prot != FIDO_CRED_PROT_UV_OPTIONAL &&
+                    prot != FIDO_CRED_PROT_UV_OPTIONAL_WITH_ID &&
+                    prot != FIDO_CRED_PROT_UV_REQUIRED)
+                        return (FIDO_ERR_INVALID_ARGUMENT);
+
+                cred->ext.mask |= FIDO_EXT_CRED_PROTECT;
+                cred->ext.prot = prot;
+        }
+
+        return (FIDO_OK);
+}
+
+int
 fido_cred_set_fmt(fido_cred_t *cred, const char *fmt)
 {
         free(cred->fmt);
@@ -991,6 +967,12 @@ fido_cred_id_len(const fido_cred_t *cred)
         return (cred->attcred.id.len);
 }
 
+int
+fido_cred_prot(const fido_cred_t *cred)
+{
+        return (cred->ext.prot);
+}
+
 const char *
 fido_cred_fmt(const fido_cred_t *cred)
 {
diff --git a/src/credman.c b/src/credman.c
index 76327e5..a382185 100644
--- a/src/credman.c
+++ b/src/credman.c
@@ -137,8 +137,8 @@ credman_tx(fido_dev_t *dev, uint8_t cmd, const fido_blob_t *param,
         }
 
         /* framing and transmission */
-        if (cbor_build_frame(CTAP_CBOR_CRED_MGMT_PRE, argv, 4, &f) < 0 ||
-            fido_tx(dev, CTAP_FRAME_INIT | CTAP_CMD_CBOR, f.ptr, f.len) < 0) {
+        if (cbor_build_frame(CTAP_CBOR_CRED_MGMT_PRE, argv, nitems(argv),
+            &f) < 0 || fido_tx(dev, CTAP_CMD_CBOR, f.ptr, f.len) < 0) {
                 fido_log_debug("%s: fido_tx", __func__);
                 r = FIDO_ERR_TX;
                 goto fail;
@@ -181,14 +181,14 @@ credman_parse_metadata(const cbor_item_t *key, const cbor_item_t *val,
 static int
 credman_rx_metadata(fido_dev_t *dev, fido_credman_metadata_t *metadata, int ms)
 {
-        const uint8_t   cmd = CTAP_FRAME_INIT | CTAP_CMD_CBOR;
-        unsigned char   reply[512];
+        unsigned char   reply[FIDO_MAXMSG];
         int             reply_len;
         int             r;
 
         memset(metadata, 0, sizeof(*metadata));
 
-        if ((reply_len = fido_rx(dev, cmd, &reply, sizeof(reply), ms)) < 0) {
+        if ((reply_len = fido_rx(dev, CTAP_CMD_CBOR, &reply, sizeof(reply),
+            ms)) < 0) {
                 fido_log_debug("%s: fido_rx", __func__);
                 return (FIDO_ERR_RX);
         }
@@ -300,14 +300,14 @@ credman_parse_rk_count(const cbor_item_t *key, const cbor_item_t *val,
 static int
 credman_rx_rk(fido_dev_t *dev, fido_credman_rk_t *rk, int ms)
 {
-        const uint8_t   cmd = CTAP_FRAME_INIT | CTAP_CMD_CBOR;
-        unsigned char   reply[2048];
+        unsigned char   reply[FIDO_MAXMSG];
         int             reply_len;
         int             r;
 
         credman_reset_rk(rk);
 
-        if ((reply_len = fido_rx(dev, cmd, &reply, sizeof(reply), ms)) < 0) {
+        if ((reply_len = fido_rx(dev, CTAP_CMD_CBOR, &reply, sizeof(reply),
+            ms)) < 0) {
                 fido_log_debug("%s: fido_rx", __func__);
                 return (FIDO_ERR_RX);
         }
@@ -339,12 +339,12 @@ credman_rx_rk(fido_dev_t *dev, fido_credman_rk_t *rk, int ms)
 static int
 credman_rx_next_rk(fido_dev_t *dev, fido_credman_rk_t *rk, int ms)
 {
-        const uint8_t   cmd = CTAP_FRAME_INIT | CTAP_CMD_CBOR;
-        unsigned char   reply[2048];
+        unsigned char   reply[FIDO_MAXMSG];
         int             reply_len;
         int             r;
 
-        if ((reply_len = fido_rx(dev, cmd, &reply, sizeof(reply), ms)) < 0) {
+        if ((reply_len = fido_rx(dev, CTAP_CMD_CBOR, &reply, sizeof(reply),
+            ms)) < 0) {
                 fido_log_debug("%s: fido_rx", __func__);
                 return (FIDO_ERR_RX);
         }
@@ -514,14 +514,14 @@ credman_parse_rp_count(const cbor_item_t *key, const cbor_item_t *val,
 static int
 credman_rx_rp(fido_dev_t *dev, fido_credman_rp_t *rp, int ms)
 {
-        const uint8_t   cmd = CTAP_FRAME_INIT | CTAP_CMD_CBOR;
-        unsigned char   reply[2048];
+        unsigned char   reply[FIDO_MAXMSG];
         int             reply_len;
         int             r;
 
         credman_reset_rp(rp);
 
-        if ((reply_len = fido_rx(dev, cmd, &reply, sizeof(reply), ms)) < 0) {
+        if ((reply_len = fido_rx(dev, CTAP_CMD_CBOR, &reply, sizeof(reply),
+            ms)) < 0) {
                 fido_log_debug("%s: fido_rx", __func__);
                 return (FIDO_ERR_RX);
         }
@@ -553,12 +553,12 @@ credman_rx_rp(fido_dev_t *dev, fido_credman_rp_t *rp, int ms)
 static int
 credman_rx_next_rp(fido_dev_t *dev, fido_credman_rp_t *rp, int ms)
 {
-        const uint8_t   cmd = CTAP_FRAME_INIT | CTAP_CMD_CBOR;
-        unsigned char   reply[2048];
+        unsigned char   reply[FIDO_MAXMSG];
         int             reply_len;
         int             r;
 
-        if ((reply_len = fido_rx(dev, cmd, &reply, sizeof(reply), ms)) < 0) {
+        if ((reply_len = fido_rx(dev, CTAP_CMD_CBOR, &reply, sizeof(reply),
+            ms)) < 0) {
                 fido_log_debug("%s: fido_rx", __func__);
                 return (FIDO_ERR_RX);
         }
diff --git a/src/dev.c b/src/dev.c
index d0efac7..51b9935 100644
--- a/src/dev.c
+++ b/src/dev.c
@@ -6,6 +6,9 @@
 
 #include <sys/types.h>
 #include <sys/stat.h>
+#ifdef HAVE_SYS_RANDOM_H
+#include <sys/random.h>
+#endif
 
 #include <fcntl.h>
 #include <stdint.h>
@@ -39,7 +42,22 @@ obtain_nonce(uint64_t *nonce)
 
         return (0);
 }
-#elif defined(HAS_DEV_URANDOM)
+#elif defined(HAVE_ARC4RANDOM_BUF)
+static int
+obtain_nonce(uint64_t *nonce)
+{
+        arc4random_buf(nonce, sizeof(*nonce));
+        return (0);
+}
+#elif defined(HAVE_GETRANDOM)
+static int
+obtain_nonce(uint64_t *nonce)
+{
+        if (getrandom(nonce, sizeof(*nonce), 0) < 0)
+                return (-1);
+        return (0);
+}
+#elif defined(HAVE_DEV_URANDOM)
 static int
 obtain_nonce(uint64_t *nonce)
 {
@@ -64,10 +82,34 @@ fail:
 #error "please provide an implementation of obtain_nonce() for your platform"
 #endif /* _WIN32 */
 
+#ifndef TLS
+#define TLS
+#endif
+
+typedef struct dev_manifest_func_node {
+        dev_manifest_func_t manifest_func;
+        struct dev_manifest_func_node *next;
+} dev_manifest_func_node_t;
+
+static TLS dev_manifest_func_node_t *manifest_funcs = NULL;
+
+static void
+find_manifest_func_node(dev_manifest_func_t f, dev_manifest_func_node_t **curr,
+    dev_manifest_func_node_t **prev)
+{
+        *prev = NULL;
+        *curr = manifest_funcs;
+
+        while (*curr != NULL && (*curr)->manifest_func != f) {
+                *prev = *curr;
+                *curr = (*curr)->next;
+        }
+}
+
 static int
 fido_dev_open_tx(fido_dev_t *dev, const char *path)
 {
-        const uint8_t cmd = CTAP_FRAME_INIT | CTAP_CMD_INIT;
+        const uint8_t cmd = CTAP_CMD_INIT;
 
         if (dev->io_handle != NULL) {
                 fido_log_debug("%s: handle=%p", __func__, dev->io_handle);
@@ -102,11 +144,14 @@ fido_dev_open_tx(fido_dev_t *dev, const char *path)
 static int
 fido_dev_open_rx(fido_dev_t *dev, int ms)
 {
-        const uint8_t   cmd = CTAP_FRAME_INIT | CTAP_CMD_INIT;
-        int             n;
+        fido_cbor_info_t        *info = NULL;
+        int                      reply_len;
+        int                      r;
 
-        if ((n = fido_rx(dev, cmd, &dev->attr, sizeof(dev->attr), ms)) < 0) {
+        if ((reply_len = fido_rx(dev, CTAP_CMD_INIT, &dev->attr,
+            sizeof(dev->attr), ms)) < 0) {
                 fido_log_debug("%s: fido_rx", __func__);
+                r = FIDO_ERR_RX;
                 goto fail;
         }
 
@@ -114,19 +159,42 @@ fido_dev_open_rx(fido_dev_t *dev, int ms)
         dev->attr.nonce = dev->nonce;
 #endif
 
-        if ((size_t)n != sizeof(dev->attr) || dev->attr.nonce != dev->nonce) {
+        if ((size_t)reply_len != sizeof(dev->attr) ||
+            dev->attr.nonce != dev->nonce) {
                 fido_log_debug("%s: invalid nonce", __func__);
+                r = FIDO_ERR_RX;
                 goto fail;
         }
 
         dev->cid = dev->attr.cid;
 
-        return (FIDO_OK);
+        if (fido_dev_is_fido2(dev)) {
+                if ((info = fido_cbor_info_new()) == NULL) {
+                        fido_log_debug("%s: fido_cbor_info_new", __func__);
+                        r = FIDO_ERR_INTERNAL;
+                        goto fail;
+                }
+                if (fido_dev_get_cbor_info_wait(dev, info, ms) != FIDO_OK) {
+                        fido_log_debug("%s: falling back to u2f", __func__);
+                        fido_dev_force_u2f(dev);
+                }
+        }
+
+        if (fido_dev_is_fido2(dev) && info != NULL) {
+                fido_log_debug("%s: FIDO_MAXMSG=%d, maxmsgsiz=%lu", __func__,
+                    FIDO_MAXMSG, (unsigned long)fido_cbor_info_maxmsgsiz(info));
+        }
+
+        r = FIDO_OK;
 fail:
-        dev->io.close(dev->io_handle);
-        dev->io_handle = NULL;
+        fido_cbor_info_free(&info);
+
+        if (r != FIDO_OK) {
+                dev->io.close(dev->io_handle);
+                dev->io_handle = NULL;
+        }
 
-        return (FIDO_ERR_RX);
+        return (r);
 }
 
 static int
@@ -142,6 +210,79 @@ fido_dev_open_wait(fido_dev_t *dev, const char *path, int ms)
 }
 
 int
+fido_dev_register_manifest_func(const dev_manifest_func_t f)
+{
+        dev_manifest_func_node_t *prev, *curr, *n;
+
+        find_manifest_func_node(f, &curr, &prev);
+        if (curr != NULL)
+                return (FIDO_OK);
+
+        if ((n = calloc(1, sizeof(*n))) == NULL) {
+                fido_log_debug("%s: calloc", __func__);
+                return (FIDO_ERR_INTERNAL);
+        }
+
+        n->manifest_func = f;
+        n->next = manifest_funcs;
+        manifest_funcs = n;
+
+        return (FIDO_OK);
+}
+
+void
+fido_dev_unregister_manifest_func(const dev_manifest_func_t f)
+{
+        dev_manifest_func_node_t *prev, *curr;
+
+        find_manifest_func_node(f, &curr, &prev);
+        if (curr == NULL)
+                return;
+        if (prev != NULL)
+                prev->next = curr->next;
+        else
+                manifest_funcs = curr->next;
+
+        free(curr);
+}
+
+int
+fido_dev_info_manifest(fido_dev_info_t *devlist, size_t ilen, size_t *olen)
+{
+        dev_manifest_func_node_t        *curr = NULL;
+        dev_manifest_func_t              m_func;
+        size_t                           curr_olen;
+        int                              r;
+
+        *olen = 0;
+
+        if (fido_dev_register_manifest_func(fido_hid_manifest) != FIDO_OK)
+                return (FIDO_ERR_INTERNAL);
+
+        for (curr = manifest_funcs; curr != NULL; curr = curr->next) {
+                curr_olen = 0;
+                m_func = curr->manifest_func;
+                r = m_func(devlist + *olen, ilen - *olen, &curr_olen);
+                if (r != FIDO_OK)
+                        return (r);
+                *olen += curr_olen;
+                if (*olen == ilen)
+                        break;
+        }
+
+        return (FIDO_OK);
+}
+
+int
+fido_dev_open_with_info(fido_dev_t *dev)
+{
+        if (dev->path == NULL)
+                return (FIDO_ERR_INVALID_ARGUMENT);
+
+        return (fido_dev_open_wait(dev, dev->path, -1));
+}
+
+int
 fido_dev_open(fido_dev_t *dev, const char *path)
 {
         return (fido_dev_open_wait(dev, path, -1));
@@ -162,7 +303,7 @@ fido_dev_close(fido_dev_t *dev)
 int
 fido_dev_cancel(fido_dev_t *dev)
 {
-        if (fido_tx(dev, CTAP_FRAME_INIT | CTAP_CMD_CANCEL, NULL, 0) < 0)
+        if (fido_tx(dev, CTAP_CMD_CANCEL, NULL, 0) < 0)
                 return (FIDO_ERR_TX);
 
         return (FIDO_OK);
@@ -172,7 +313,7 @@ int
 fido_dev_set_io_functions(fido_dev_t *dev, const fido_dev_io_t *io)
 {
         if (dev->io_handle != NULL) {
-                fido_log_debug("%s: NULL handle", __func__);
+                fido_log_debug("%s: non-NULL handle", __func__);
                 return (FIDO_ERR_INVALID_ARGUMENT);
         }
 
@@ -182,10 +323,20 @@ fido_dev_set_io_functions(fido_dev_t *dev, const fido_dev_io_t *io)
                 return (FIDO_ERR_INVALID_ARGUMENT);
         }
 
-        dev->io.open = io->open;
-        dev->io.close = io->close;
-        dev->io.read = io->read;
-        dev->io.write = io->write;
+        dev->io = *io;
+
+        return (FIDO_OK);
+}
+
+int
+fido_dev_set_transport_functions(fido_dev_t *dev, const fido_dev_transport_t *t)
+{
+        if (dev->io_handle != NULL) {
+                fido_log_debug("%s: non-NULL handle", __func__);
+                return (FIDO_ERR_INVALID_ARGUMENT);
+        }
+
+        dev->transport = *t;
 
         return (FIDO_OK);
 }
@@ -200,21 +351,44 @@ fido_init(int flags)
 fido_dev_t *
 fido_dev_new(void)
 {
-        fido_dev_t      *dev;
-        fido_dev_io_t    io;
+        fido_dev_t *dev;
 
         if ((dev = calloc(1, sizeof(*dev))) == NULL)
                 return (NULL);
 
         dev->cid = CTAP_CID_BROADCAST;
+        dev->io = (fido_dev_io_t) {
+                &fido_hid_open,
+                &fido_hid_close,
+                &fido_hid_read,
+                &fido_hid_write,
+        };
+
+        return (dev);
+}
+
+fido_dev_t *
+fido_dev_new_with_info(const fido_dev_info_t *di)
+{
+        fido_dev_t *dev;
+
+        if ((dev = calloc(1, sizeof(*dev))) == NULL)
+                return (NULL);
+
+        dev->cid = CTAP_CID_BROADCAST;
+
+        if (di->io.open == NULL || di->io.close == NULL ||
+            di->io.read == NULL || di->io.write == NULL) {
+                fido_log_debug("%s: NULL function", __func__);
+                fido_dev_free(&dev);
+                return (NULL);
+        }
 
-        io.open = fido_hid_open;
-        io.close = fido_hid_close;
-        io.read = fido_hid_read;
-        io.write = fido_hid_write;
+        dev->io = di->io;
+        dev->transport = di->transport;
 
-        if (fido_dev_set_io_functions(dev, &io) != FIDO_OK) {
-                fido_log_debug("%s: fido_dev_set_io_functions", __func__);
+        if ((dev->path = strdup(di->path)) == NULL) {
+                fido_log_debug("%s: strdup", __func__);
                 fido_dev_free(&dev);
                 return (NULL);
         }
@@ -230,6 +404,7 @@ fido_dev_free(fido_dev_t **dev_p)
         if (dev_p == NULL || (dev = *dev_p) == NULL)
                 return;
 
+        free(dev->path);
         free(dev);
 
         *dev_p = NULL;
diff --git a/src/eddsa.c b/src/eddsa.c
index 92a0222..44a5563 100644
--- a/src/eddsa.c
+++ b/src/eddsa.c
@@ -23,6 +23,8 @@ EVP_PKEY_new_raw_public_key(int type, ENGINE *e, const unsigned char *key,
         (void)key;
         (void)keylen;
 
+        fido_log_debug("%s: unimplemented", __func__);
+
         return (NULL);
 }
 
@@ -34,6 +36,8 @@ EVP_PKEY_get_raw_public_key(const EVP_PKEY *pkey, unsigned char *pub,
         (void)pub;
         (void)len;
 
+        fido_log_debug("%s: unimplemented", __func__);
+
         return (0);
 }
 
@@ -47,6 +51,8 @@ EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, size_t siglen,
         (void)tbs;
         (void)tbslen;
 
+        fido_log_debug("%s: unimplemented", __func__);
+
         return (0);
 }
 #endif /* LIBRESSL_VERSION_NUMBER || OPENSSL_VERSION_NUMBER < 0x10101000L */
@@ -55,6 +61,8 @@ EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, size_t siglen,
 EVP_MD_CTX *
 EVP_MD_CTX_new(void)
 {
+        fido_log_debug("%s: unimplemented", __func__);
+
         return (NULL);
 }
 
diff --git a/src/err.c b/src/err.c
index 5d3efd4..6261bfc 100644
--- a/src/err.c
+++ b/src/err.c
@@ -29,7 +29,7 @@ fido_strerr(int n)
         case FIDO_ERR_INVALID_CHANNEL:
                 return "FIDO_ERR_INVALID_CHANNEL";
         case FIDO_ERR_CBOR_UNEXPECTED_TYPE:
-                return "FIDO_ERR_UNEXPECTED_TYPE";
+                return "FIDO_ERR_CBOR_UNEXPECTED_TYPE";
         case FIDO_ERR_INVALID_CBOR:
                 return "FIDO_ERR_INVALID_CBOR";
         case FIDO_ERR_MISSING_PARAMETER:
@@ -45,7 +45,7 @@ fido_strerr(int n)
         case FIDO_ERR_INVALID_CREDENTIAL:
                 return "FIDO_ERR_INVALID_CREDENTIAL";
         case FIDO_ERR_USER_ACTION_PENDING:
-                return "FIDO_ERR_ACTION_PENDING";
+                return "FIDO_ERR_USER_ACTION_PENDING";
         case FIDO_ERR_OPERATION_PENDING:
                 return "FIDO_ERR_OPERATION_PENDING";
         case FIDO_ERR_NO_OPERATIONS:
@@ -55,11 +55,11 @@ fido_strerr(int n)
         case FIDO_ERR_OPERATION_DENIED:
                 return "FIDO_ERR_OPERATION_DENIED";
         case FIDO_ERR_KEY_STORE_FULL:
-                return "FIDO_ERR_STORE_FULL";
+                return "FIDO_ERR_KEY_STORE_FULL";
         case FIDO_ERR_NOT_BUSY:
                 return "FIDO_ERR_NOT_BUSY";
         case FIDO_ERR_NO_OPERATION_PENDING:
-                return "FIDO_ERR_OPERATION_PENDING";
+                return "FIDO_ERR_NO_OPERATION_PENDING";
         case FIDO_ERR_UNSUPPORTED_OPTION:
                 return "FIDO_ERR_UNSUPPORTED_OPTION";
         case FIDO_ERR_INVALID_OPTION:
@@ -69,7 +69,7 @@ fido_strerr(int n)
         case FIDO_ERR_NO_CREDENTIALS:
                 return "FIDO_ERR_NO_CREDENTIALS";
         case FIDO_ERR_USER_ACTION_TIMEOUT:
-                return "FIDO_ERR_ACTION_TIMEOUT";
+                return "FIDO_ERR_USER_ACTION_TIMEOUT";
         case FIDO_ERR_NOT_ALLOWED:
                 return "FIDO_ERR_NOT_ALLOWED";
         case FIDO_ERR_PIN_INVALID:
@@ -77,25 +77,25 @@ fido_strerr(int n)
         case FIDO_ERR_PIN_BLOCKED:
                 return "FIDO_ERR_PIN_BLOCKED";
         case FIDO_ERR_PIN_AUTH_INVALID:
-                return "FIDO_ERR_AUTH_INVALID";
+                return "FIDO_ERR_PIN_AUTH_INVALID";
         case FIDO_ERR_PIN_AUTH_BLOCKED:
-                return "FIDO_ERR_AUTH_BLOCKED";
+                return "FIDO_ERR_PIN_AUTH_BLOCKED";
         case FIDO_ERR_PIN_NOT_SET:
-                return "FIDO_ERR_NOT_SET";
+                return "FIDO_ERR_PIN_NOT_SET";
         case FIDO_ERR_PIN_REQUIRED:
                 return "FIDO_ERR_PIN_REQUIRED";
         case FIDO_ERR_PIN_POLICY_VIOLATION:
-                return "FIDO_ERR_POLICY_VIOLATION";
+                return "FIDO_ERR_PIN_POLICY_VIOLATION";
         case FIDO_ERR_PIN_TOKEN_EXPIRED:
-                return "FIDO_ERR_TOKEN_EXPIRED";
+                return "FIDO_ERR_PIN_TOKEN_EXPIRED";
         case FIDO_ERR_REQUEST_TOO_LARGE:
-                return "FIDO_ERR_TOO_LARGE";
+                return "FIDO_ERR_REQUEST_TOO_LARGE";
         case FIDO_ERR_ACTION_TIMEOUT:
                 return "FIDO_ERR_ACTION_TIMEOUT";
         case FIDO_ERR_UP_REQUIRED:
                 return "FIDO_ERR_UP_REQUIRED";
         case FIDO_ERR_ERR_OTHER:
-                return "FIDO_ERR_OTHER";
+                return "FIDO_ERR_ERR_OTHER";
         case FIDO_ERR_SPEC_LAST:
                 return "FIDO_ERR_SPEC_LAST";
         case FIDO_ERR_TX:
diff --git a/src/es256.c b/src/es256.c
index c8fd9f4..020ecaa 100644
--- a/src/es256.c
+++ b/src/es256.c
@@ -176,10 +176,15 @@ es256_pk_free(es256_pk_t **pkp)
 int
 es256_pk_from_ptr(es256_pk_t *pk, const void *ptr, size_t len)
 {
+        const uint8_t *p = ptr;
+
         if (len < sizeof(*pk))
                 return (FIDO_ERR_INVALID_ARGUMENT);
 
-        memcpy(pk, ptr, sizeof(*pk));
+        if (len == sizeof(*pk) + 1 && *p == 0x04)
+                memcpy(pk, ++p, sizeof(*pk)); /* uncompressed format */
+        else
+                memcpy(pk, ptr, sizeof(*pk)); /* libfido2 x||y format */
 
         return (FIDO_OK);
 }
@@ -262,8 +267,12 @@ es256_pk_to_EVP_PKEY(const es256_pk_t *k)
         const int        nid = NID_X9_62_prime256v1;
         int              ok = -1;
 
-        if ((bnctx = BN_CTX_new()) == NULL ||
-            (x = BN_CTX_get(bnctx)) == NULL ||
+        if ((bnctx = BN_CTX_new()) == NULL)
+                goto fail;
+
+        BN_CTX_start(bnctx);
+
+        if ((x = BN_CTX_get(bnctx)) == NULL ||
             (y = BN_CTX_get(bnctx)) == NULL)
                 goto fail;
 
@@ -296,12 +305,16 @@ es256_pk_to_EVP_PKEY(const es256_pk_t *k)
 
         ok = 0;
 fail:
-        if (bnctx != NULL)
+        if (bnctx != NULL) {
+                BN_CTX_end(bnctx);
                 BN_CTX_free(bnctx);
+        }
+
         if (ec != NULL)
                 EC_KEY_free(ec);
         if (q != NULL)
                 EC_POINT_free(q);
+
         if (ok < 0 && pkey != NULL) {
                 EVP_PKEY_free(pkey);
                 pkey = NULL;
@@ -313,7 +326,7 @@ fail:
 int
 es256_pk_from_EC_KEY(es256_pk_t *pk, const EC_KEY *ec)
 {
-        BN_CTX          *ctx = NULL;
+        BN_CTX          *bnctx = NULL;
         BIGNUM          *x = NULL;
         BIGNUM          *y = NULL;
         const EC_POINT  *q = NULL;
@@ -322,15 +335,17 @@ es256_pk_from_EC_KEY(es256_pk_t *pk, const EC_KEY *ec)
         int              n;
 
         if ((q = EC_KEY_get0_public_key(ec)) == NULL ||
-            (g = EC_KEY_get0_group(ec)) == NULL)
+            (g = EC_KEY_get0_group(ec)) == NULL ||
+            (bnctx = BN_CTX_new()) == NULL)
                 goto fail;
 
-        if ((ctx = BN_CTX_new()) == NULL ||
-            (x = BN_CTX_get(ctx)) == NULL ||
-            (y = BN_CTX_get(ctx)) == NULL)
+        BN_CTX_start(bnctx);
+
+        if ((x = BN_CTX_get(bnctx)) == NULL ||
+            (y = BN_CTX_get(bnctx)) == NULL)
                 goto fail;
 
-        if (EC_POINT_get_affine_coordinates_GFp(g, q, x, y, ctx) == 0 ||
+        if (EC_POINT_get_affine_coordinates_GFp(g, q, x, y, bnctx) == 0 ||
             (n = BN_num_bytes(x)) < 0 || (size_t)n > sizeof(pk->x) ||
             (n = BN_num_bytes(y)) < 0 || (size_t)n > sizeof(pk->y)) {
                 fido_log_debug("%s: EC_POINT_get_affine_coordinates_GFp",
@@ -346,8 +361,10 @@ es256_pk_from_EC_KEY(es256_pk_t *pk, const EC_KEY *ec)
 
         ok = FIDO_OK;
 fail:
-        if (ctx != NULL)
-                BN_CTX_free(ctx);
+        if (bnctx != NULL) {
+                BN_CTX_end(bnctx);
+                BN_CTX_free(bnctx);
+        }
 
         return (ok);
 }
@@ -362,7 +379,12 @@ es256_sk_to_EVP_PKEY(const es256_sk_t *k)
         const int        nid = NID_X9_62_prime256v1;
         int              ok = -1;
 
-        if ((bnctx = BN_CTX_new()) == NULL || (d = BN_CTX_get(bnctx)) == NULL ||
+        if ((bnctx = BN_CTX_new()) == NULL)
+                goto fail;
+
+        BN_CTX_start(bnctx);
+
+        if ((d = BN_CTX_get(bnctx)) == NULL ||
             BN_bin2bn(k->d, sizeof(k->d), d) == NULL) {
                 fido_log_debug("%s: BN_bin2bn", __func__);
                 goto fail;
@@ -384,10 +406,14 @@ es256_sk_to_EVP_PKEY(const es256_sk_t *k)
 
         ok = 0;
 fail:
-        if (bnctx != NULL)
+        if (bnctx != NULL) {
+                BN_CTX_end(bnctx);
                 BN_CTX_free(bnctx);
+        }
+
         if (ec != NULL)
                 EC_KEY_free(ec);
+
         if (ok < 0 && pkey != NULL) {
                 EVP_PKEY_free(pkey);
                 pkey = NULL;
diff --git a/src/export.gnu b/src/export.gnu
index f111e33..cbfa69f 100644
--- a/src/export.gnu
+++ b/src/export.gnu
@@ -76,6 +76,7 @@
                 fido_cbor_info_extensions_ptr;
                 fido_cbor_info_free;
                 fido_cbor_info_maxmsgsiz;
+                fido_cbor_info_fwversion;
                 fido_cbor_info_new;
                 fido_cbor_info_options_len;
                 fido_cbor_info_options_name_ptr;
@@ -115,6 +116,7 @@
                 fido_credman_rp_name;
                 fido_credman_rp_new;
                 fido_cred_new;
+                fido_cred_prot;
                 fido_cred_pubkey_len;
                 fido_cred_pubkey_ptr;
                 fido_cred_rp_id;
@@ -125,6 +127,7 @@
                 fido_cred_set_extensions;
                 fido_cred_set_fmt;
                 fido_cred_set_options;
+                fido_cred_set_prot;
                 fido_cred_set_rk;
                 fido_cred_set_rp;
                 fido_cred_set_sig;
@@ -171,7 +174,9 @@
                 fido_dev_reset;
                 fido_dev_set_io_functions;
                 fido_dev_set_pin;
+                fido_dev_set_transport_functions;
                 fido_init;
+                fido_set_log_handler;
                 fido_strerr;
                 rs256_pk_free;
                 rs256_pk_from_ptr;
diff --git a/src/export.llvm b/src/export.llvm
index ef99a26..abde2e9 100644
--- a/src/export.llvm
+++ b/src/export.llvm
@@ -74,6 +74,7 @@ _fido_cbor_info_extensions_len
 _fido_cbor_info_extensions_ptr
 _fido_cbor_info_free
 _fido_cbor_info_maxmsgsiz
+_fido_cbor_info_fwversion
 _fido_cbor_info_new
 _fido_cbor_info_options_len
 _fido_cbor_info_options_name_ptr
@@ -113,6 +114,7 @@ _fido_credman_rp_id_hash_ptr
 _fido_credman_rp_name
 _fido_credman_rp_new
 _fido_cred_new
+_fido_cred_prot
 _fido_cred_pubkey_len
 _fido_cred_pubkey_ptr
 _fido_cred_rp_id
@@ -123,6 +125,7 @@ _fido_cred_set_clientdata_hash
 _fido_cred_set_extensions
 _fido_cred_set_fmt
 _fido_cred_set_options
+_fido_cred_set_prot
 _fido_cred_set_rk
 _fido_cred_set_rp
 _fido_cred_set_sig
@@ -169,7 +172,9 @@ _fido_dev_protocol
 _fido_dev_reset
 _fido_dev_set_io_functions
 _fido_dev_set_pin
+_fido_dev_set_transport_functions
 _fido_init
+_fido_set_log_handler
 _fido_strerr
 _rs256_pk_free
 _rs256_pk_from_ptr
diff --git a/src/export.msvc b/src/export.msvc
index ff5425a..06ec69a 100644
--- a/src/export.msvc
+++ b/src/export.msvc
@@ -75,6 +75,7 @@ fido_cbor_info_extensions_len
 fido_cbor_info_extensions_ptr
 fido_cbor_info_free
 fido_cbor_info_maxmsgsiz
+fido_cbor_info_fwversion
 fido_cbor_info_new
 fido_cbor_info_options_len
 fido_cbor_info_options_name_ptr
@@ -114,6 +115,7 @@ fido_credman_rp_id_hash_ptr
 fido_credman_rp_name
 fido_credman_rp_new
 fido_cred_new
+fido_cred_prot
 fido_cred_pubkey_len
 fido_cred_pubkey_ptr
 fido_cred_rp_id
@@ -124,6 +126,7 @@ fido_cred_set_clientdata_hash
 fido_cred_set_extensions
 fido_cred_set_fmt
 fido_cred_set_options
+fido_cred_set_prot
 fido_cred_set_rk
 fido_cred_set_rp
 fido_cred_set_sig
@@ -170,7 +173,9 @@ fido_dev_protocol
 fido_dev_reset
 fido_dev_set_io_functions
 fido_dev_set_pin
+fido_dev_set_transport_functions
 fido_init
+fido_set_log_handler
 fido_strerr
 rs256_pk_free
 rs256_pk_from_ptr
diff --git a/src/extern.h b/src/extern.h
index c35af58..fc0a49d 100644
--- a/src/extern.h
+++ b/src/extern.h
@@ -7,6 +7,15 @@
 #ifndef _EXTERN_H
 #define _EXTERN_H
 
+#include <stdint.h>
+
+#include "fido/types.h"
+#include "blob.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
 /* aes256 */
 int aes256_cbc_dec(const fido_blob_t *, const fido_blob_t *, fido_blob_t *);
 int aes256_cbc_enc(const fido_blob_t *, const fido_blob_t *, fido_blob_t *);
@@ -16,7 +25,7 @@ cbor_item_t *cbor_flatten_vector(cbor_item_t **, size_t);
 cbor_item_t *cbor_encode_assert_options(fido_opt_t, fido_opt_t);
 cbor_item_t *cbor_encode_change_pin_auth(const fido_blob_t *,
     const fido_blob_t *, const fido_blob_t *);
-cbor_item_t *cbor_encode_extensions(int);
+cbor_item_t *cbor_encode_extensions(const fido_cred_ext_t *);
 cbor_item_t *cbor_encode_hmac_secret_param(const fido_blob_t *,
     const es256_pk_t *, const fido_blob_t *);
 cbor_item_t *cbor_encode_options(fido_opt_t, fido_opt_t);
@@ -35,7 +44,7 @@ cbor_item_t *es256_pk_encode(const es256_pk_t *, int);
 /* cbor decoding functions */
 int cbor_decode_attstmt(const cbor_item_t *, fido_attstmt_t *);
 int cbor_decode_cred_authdata(const cbor_item_t *, int, fido_blob_t *,
-    fido_authdata_t *, fido_attcred_t *, int *);
+    fido_authdata_t *, fido_attcred_t *, fido_cred_ext_t *);
 int cbor_decode_assert_authdata(const cbor_item_t *, fido_blob_t *,
     fido_authdata_t *, int *, fido_blob_t *);
 int cbor_decode_cred_id(const cbor_item_t *, fido_blob_t *);
@@ -77,8 +86,8 @@ int fido_buf_write(unsigned char **, size_t *, const void *, size_t);
 /* hid i/o */
 void *fido_hid_open(const char *);
 void  fido_hid_close(void *);
-int   fido_hid_read(void *, unsigned char *, size_t, int);
-int   fido_hid_write(void *, const unsigned char *, size_t);
+int fido_hid_read(void *, unsigned char *, size_t, int);
+int fido_hid_write(void *, const unsigned char *, size_t);
 
 /* generic i/o */
 int fido_rx_cbor_status(fido_dev_t *, int);
@@ -109,6 +118,7 @@ int u2f_authenticate(fido_dev_t *, fido_assert_t *, int);
 
 /* unexposed fido ops */
 int fido_dev_authkey(fido_dev_t *, es256_pk_t *);
+int fido_dev_get_cbor_info_wait(fido_dev_t *, fido_cbor_info_t *, int);
 int fido_dev_get_pin_token(fido_dev_t *, const char *, const fido_blob_t *,
     const es256_pk_t *, fido_blob_t *);
 int fido_do_ecdh(fido_dev_t *, es256_pk_t **, fido_blob_t **);
@@ -128,5 +138,19 @@ int fido_verify_sig_rs256(const fido_blob_t *, const rs256_pk_t *,
     const fido_blob_t *);
 int fido_verify_sig_eddsa(const fido_blob_t *, const eddsa_pk_t *,
     const fido_blob_t *);
+int fido_get_signed_hash(int, fido_blob_t *, const fido_blob_t *,
+    const fido_blob_t *);
+
+/* hid device manifest */
+int fido_hid_manifest(fido_dev_info_t *, size_t, size_t *);
+
+/* device manifest registration */
+typedef int (*dev_manifest_func_t)(fido_dev_info_t *, size_t, size_t *);
+int fido_dev_register_manifest_func(const dev_manifest_func_t);
+void fido_dev_unregister_manifest_func(const dev_manifest_func_t);
+
+#ifdef __cplusplus
+} /* extern "C" */
+#endif /* __cplusplus */
 
 #endif /* !_EXTERN_H */
diff --git a/src/fido.h b/src/fido.h
index f85a41a..e41de89 100644
--- a/src/fido.h
+++ b/src/fido.h
@@ -14,24 +14,6 @@
 #include <stdint.h>
 #include <stdlib.h>
 
-typedef void *fido_dev_io_open_t(const char *);
-typedef void  fido_dev_io_close_t(void *);
-typedef int   fido_dev_io_read_t(void *, unsigned char *, size_t, int);
-typedef int   fido_dev_io_write_t(void *, const unsigned char *, size_t);
-
-typedef struct fido_dev_io {
-        fido_dev_io_open_t  *open;
-        fido_dev_io_close_t *close;
-        fido_dev_io_read_t  *read;
-        fido_dev_io_write_t *write;
-} fido_dev_io_t;
-
-typedef enum {
-        FIDO_OPT_OMIT = 0, /* use authenticator's default */
-        FIDO_OPT_FALSE,    /* explicitly set option to false */
-        FIDO_OPT_TRUE,     /* explicitly set option to true */
-} fido_opt_t;
-
 #ifdef _FIDO_INTERNAL
 #include <cbor.h>
 #include <limits.h>
@@ -39,28 +21,21 @@ typedef enum {
 #include "blob.h"
 #include "../openbsd-compat/openbsd-compat.h"
 #include "iso7816.h"
-#include "types.h"
 #include "extern.h"
 #endif
 
 #include "fido/err.h"
 #include "fido/param.h"
+#include "fido/types.h"
 
-#ifndef _FIDO_INTERNAL
-typedef struct fido_assert fido_assert_t;
-typedef struct fido_cbor_info fido_cbor_info_t;
-typedef struct fido_cred fido_cred_t;
-typedef struct fido_dev fido_dev_t;
-typedef struct fido_dev_info fido_dev_info_t;
-typedef struct es256_pk es256_pk_t;
-typedef struct es256_sk es256_sk_t;
-typedef struct rs256_pk rs256_pk_t;
-typedef struct eddsa_pk eddsa_pk_t;
-#endif
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
 
 fido_assert_t *fido_assert_new(void);
 fido_cred_t *fido_cred_new(void);
 fido_dev_t *fido_dev_new(void);
+fido_dev_t *fido_dev_new_with_info(const fido_dev_info_t *);
 fido_dev_info_t *fido_dev_info_new(size_t);
 fido_cbor_info_t *fido_cbor_info_new(void);
 
@@ -76,6 +51,7 @@ void fido_dev_info_free(fido_dev_info_t **, size_t);
 #define FIDO_DEBUG      0x01
 
 void fido_init(int);
+void fido_set_log_handler(fido_log_handler_t *);
 
 const unsigned char *fido_assert_authdata_ptr(const fido_assert_t *, size_t);
 const unsigned char *fido_assert_clientdata_hash_ptr(const fido_assert_t *);
@@ -121,19 +97,23 @@ int fido_assert_set_clientdata_hash(fido_assert_t *, const unsigned char *,
 int fido_assert_set_count(fido_assert_t *, size_t);
 int fido_assert_set_extensions(fido_assert_t *, int);
 int fido_assert_set_hmac_salt(fido_assert_t *, const unsigned char *, size_t);
-int fido_assert_set_options(fido_assert_t *, bool, bool) __attribute__((__deprecated__));
+int fido_assert_set_options(fido_assert_t *, bool, bool)
+    __attribute__((__deprecated__("use fido_assert_set_up/fido_assert_set_uv")));
 int fido_assert_set_rp(fido_assert_t *, const char *);
 int fido_assert_set_up(fido_assert_t *, fido_opt_t);
 int fido_assert_set_uv(fido_assert_t *, fido_opt_t);
 int fido_assert_set_sig(fido_assert_t *, size_t, const unsigned char *, size_t);
 int fido_assert_verify(const fido_assert_t *, size_t, int, const void *);
 int fido_cred_exclude(fido_cred_t *, const unsigned char *, size_t);
+int fido_cred_prot(const fido_cred_t *);
 int fido_cred_set_authdata(fido_cred_t *, const unsigned char *, size_t);
 int fido_cred_set_authdata_raw(fido_cred_t *, const unsigned char *, size_t);
 int fido_cred_set_clientdata_hash(fido_cred_t *, const unsigned char *, size_t);
 int fido_cred_set_extensions(fido_cred_t *, int);
 int fido_cred_set_fmt(fido_cred_t *, const char *);
-int fido_cred_set_options(fido_cred_t *, bool, bool) __attribute__((__deprecated__));
+int fido_cred_set_options(fido_cred_t *, bool, bool)
+    __attribute__((__deprecated__("use fido_cred_set_rk/fido_cred_set_uv")));
+int fido_cred_set_prot(fido_cred_t *, int);
 int fido_cred_set_rk(fido_cred_t *, fido_opt_t);
 int fido_cred_set_rp(fido_cred_t *, const char *, const char *);
 int fido_cred_set_sig(fido_cred_t *, const unsigned char *, size_t);
@@ -152,10 +132,12 @@ int fido_dev_get_cbor_info(fido_dev_t *, fido_cbor_info_t *);
 int fido_dev_get_retry_count(fido_dev_t *, int *);
 int fido_dev_info_manifest(fido_dev_info_t *, size_t, size_t *);
 int fido_dev_make_cred(fido_dev_t *, fido_cred_t *, const char *);
+int fido_dev_open_with_info(fido_dev_t *);
 int fido_dev_open(fido_dev_t *, const char *);
 int fido_dev_reset(fido_dev_t *);
 int fido_dev_set_io_functions(fido_dev_t *, const fido_dev_io_t *);
 int fido_dev_set_pin(fido_dev_t *, const char *, const char *);
+int fido_dev_set_transport_functions(fido_dev_t *, const fido_dev_transport_t *);
 
 size_t fido_assert_authdata_len(const fido_assert_t *, size_t);
 size_t fido_assert_clientdata_hash_len(const fido_assert_t *);
@@ -178,7 +160,7 @@ size_t fido_cred_sig_len(const fido_cred_t *);
 size_t fido_cred_x5c_len(const fido_cred_t *);
 
 uint8_t  fido_assert_flags(const fido_assert_t *, size_t);
-uint32_t  fido_assert_sigcount(const fido_assert_t *, size_t);
+uint32_t fido_assert_sigcount(const fido_assert_t *, size_t);
 uint8_t  fido_cred_flags(const fido_cred_t *);
 uint8_t  fido_dev_protocol(const fido_dev_t *);
 uint8_t  fido_dev_major(const fido_dev_t *);
@@ -188,7 +170,12 @@ uint8_t  fido_dev_flags(const fido_dev_t *);
 int16_t  fido_dev_info_vendor(const fido_dev_info_t *);
 int16_t  fido_dev_info_product(const fido_dev_info_t *);
 uint64_t fido_cbor_info_maxmsgsiz(const fido_cbor_info_t *);
+uint64_t fido_cbor_info_fwversion(const fido_cbor_info_t *);
 
 bool fido_dev_is_fido2(const fido_dev_t *);
 
+#ifdef __cplusplus
+} /* extern "C" */
+#endif /* __cplusplus */
+
 #endif /* !_FIDO_H */
diff --git a/src/fido/bio.h b/src/fido/bio.h
index 31dffe4..afe9ca4 100644
--- a/src/fido/bio.h
+++ b/src/fido/bio.h
@@ -10,8 +10,20 @@
 #include <stdint.h>
 #include <stdlib.h>
 
+#ifdef _FIDO_INTERNAL
+#include "blob.h"
 #include "fido/err.h"
 #include "fido/param.h"
+#include "fido/types.h"
+#else
+#include <fido.h>
+#include <fido/err.h>
+#include <fido/param.h>
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
 
 #ifdef _FIDO_INTERNAL
 struct fido_bio_template {
@@ -92,4 +104,8 @@ void fido_bio_info_free(fido_bio_info_t **);
 void fido_bio_template_array_free(fido_bio_template_array_t **);
 void fido_bio_template_free(fido_bio_template_t **);
 
+#ifdef __cplusplus
+} /* extern "C" */
+#endif /* __cplusplus */
+
 #endif /* !_FIDO_BIO_H */
diff --git a/src/fido/credman.h b/src/fido/credman.h
index 1c7cafe..eaffd65 100644
--- a/src/fido/credman.h
+++ b/src/fido/credman.h
@@ -10,8 +10,20 @@
 #include <stdint.h>
 #include <stdlib.h>
 
+#ifdef _FIDO_INTERNAL
+#include "blob.h"
 #include "fido/err.h"
 #include "fido/param.h"
+#include "fido/types.h"
+#else
+#include <fido.h>
+#include <fido/err.h>
+#include <fido/param.h>
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
 
 #ifdef _FIDO_INTERNAL
 struct fido_credman_metadata {
@@ -71,4 +83,8 @@ void fido_credman_metadata_free(fido_credman_metadata_t **);
 void fido_credman_rk_free(fido_credman_rk_t **);
 void fido_credman_rp_free(fido_credman_rp_t **);
 
+#ifdef __cplusplus
+} /* extern "C" */
+#endif /* __cplusplus */
+
 #endif /* !_FIDO_CREDMAN_H */
diff --git a/src/fido/eddsa.h b/src/fido/eddsa.h
index 9de272d..4a81017 100644
--- a/src/fido/eddsa.h
+++ b/src/fido/eddsa.h
@@ -12,6 +12,16 @@
 #include <stdint.h>
 #include <stdlib.h>
 
+#ifdef _FIDO_INTERNAL
+#include "types.h"
+#else
+#include <fido.h>
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
 eddsa_pk_t *eddsa_pk_new(void);
 void eddsa_pk_free(eddsa_pk_t **);
 EVP_PKEY *eddsa_pk_to_EVP_PKEY(const eddsa_pk_t *);
@@ -37,4 +47,8 @@ void EVP_MD_CTX_free(EVP_MD_CTX *);
 
 #endif /* _FIDO_INTERNAL */
 
+#ifdef __cplusplus
+} /* extern "C" */
+#endif /* __cplusplus */
+
 #endif /* !_FIDO_EDDSA_H */
diff --git a/src/fido/err.h b/src/fido/err.h
index 11f52bc..d7453fc 100644
--- a/src/fido/err.h
+++ b/src/fido/err.h
@@ -64,6 +64,14 @@
 #define FIDO_ERR_USER_PRESENCE_REQUIRED -8
 #define FIDO_ERR_INTERNAL               -9
 
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
 const char *fido_strerr(int);
 
+#ifdef __cplusplus
+} /* extern "C" */
+#endif /* __cplusplus */
+
 #endif /* _FIDO_ERR_H */
diff --git a/src/fido/es256.h b/src/fido/es256.h
index d3d13dd..80f4db3 100644
--- a/src/fido/es256.h
+++ b/src/fido/es256.h
@@ -12,6 +12,16 @@
 #include <stdint.h>
 #include <stdlib.h>
 
+#ifdef _FIDO_INTERNAL
+#include "types.h"
+#else
+#include <fido.h>
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
 es256_pk_t *es256_pk_new(void);
 void es256_pk_free(es256_pk_t **);
 EVP_PKEY *es256_pk_to_EVP_PKEY(const es256_pk_t *);
@@ -31,4 +41,8 @@ int es256_pk_set_x(es256_pk_t *, const unsigned char *);
 int es256_pk_set_y(es256_pk_t *, const unsigned char *);
 #endif
 
+#ifdef __cplusplus
+} /* extern "C" */
+#endif /* __cplusplus */
+
 #endif /* !_FIDO_ES256_H */
diff --git a/src/fido/param.h b/src/fido/param.h
index 9e12ac6..7d3c0cc 100644
--- a/src/fido/param.h
+++ b/src/fido/param.h
@@ -58,6 +58,11 @@
 #define FIDO_RANDOM_DEV                 "/dev/urandom"
 #endif
 
+/* Maximum message size in bytes. */
+#ifndef FIDO_MAXMSG
+#define FIDO_MAXMSG     1200
+#endif
+
 /* CTAP capability bits. */
 #define FIDO_CAP_WINK   0x01 /* if set, device supports CTAP_CMD_WINK */
 #define FIDO_CAP_CBOR   0x04 /* if set, device supports CTAP_CMD_CBOR */
@@ -80,5 +85,11 @@
 
 /* Supported extensions. */
 #define FIDO_EXT_HMAC_SECRET    0x01
+#define FIDO_EXT_CRED_PROTECT   0x02
+
+/* Supported credential protection policies. */
+#define FIDO_CRED_PROT_UV_OPTIONAL              0x01
+#define FIDO_CRED_PROT_UV_OPTIONAL_WITH_ID      0x02
+#define FIDO_CRED_PROT_UV_REQUIRED              0x03
 
 #endif /* !_FIDO_PARAM_H */
diff --git a/src/fido/rs256.h b/src/fido/rs256.h
index d2fa162..2b08d59 100644
--- a/src/fido/rs256.h
+++ b/src/fido/rs256.h
@@ -12,6 +12,16 @@
 #include <stdint.h>
 #include <stdlib.h>
 
+#ifdef _FIDO_INTERNAL
+#include "types.h"
+#else
+#include <fido.h>
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
 rs256_pk_t *rs256_pk_new(void);
 void rs256_pk_free(rs256_pk_t **);
 EVP_PKEY *rs256_pk_to_EVP_PKEY(const rs256_pk_t *);
@@ -19,4 +29,8 @@ EVP_PKEY *rs256_pk_to_EVP_PKEY(const rs256_pk_t *);
 int rs256_pk_from_RSA(rs256_pk_t *, const RSA *);
 int rs256_pk_from_ptr(rs256_pk_t *, const void *, size_t);
 
+#ifdef __cplusplus
+} /* extern "C" */
+#endif /* __cplusplus */
+
 #endif /* !_FIDO_RS256_H */
diff --git a/src/types.h b/src/fido/types.h
index 42ed1b7..5df5e36 100644
--- a/src/types.h
+++ b/src/fido/types.h
@@ -4,10 +4,48 @@
  * license that can be found in the LICENSE file.
  */
 
-#ifndef _TYPES_H
-#define _TYPES_H
-
+#ifndef _FIDO_TYPES_H
+#define _FIDO_TYPES_H
+
+#include <stddef.h>
+#include <stdint.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+struct fido_dev;
+
+typedef void *fido_dev_io_open_t(const char *);
+typedef void  fido_dev_io_close_t(void *);
+typedef int   fido_dev_io_read_t(void *, unsigned char *, size_t, int);
+typedef int   fido_dev_io_write_t(void *, const unsigned char *, size_t);
+typedef int   fido_dev_rx_t(struct fido_dev *, uint8_t, unsigned char *, size_t, int);
+typedef int   fido_dev_tx_t(struct fido_dev *, uint8_t, const unsigned char *, size_t);
+
+typedef struct fido_dev_io {
+        fido_dev_io_open_t  *open;
+        fido_dev_io_close_t *close;
+        fido_dev_io_read_t  *read;
+        fido_dev_io_write_t *write;
+} fido_dev_io_t;
+
+typedef struct fido_dev_transport {
+        fido_dev_rx_t *rx;
+        fido_dev_tx_t *tx;
+} fido_dev_transport_t;
+
+typedef enum {
+        FIDO_OPT_OMIT = 0, /* use authenticator's default */
+        FIDO_OPT_FALSE,    /* explicitly set option to false */
+        FIDO_OPT_TRUE,     /* explicitly set option to true */
+} fido_opt_t;
+
+typedef void fido_log_handler_t(const char *);
+
+#ifdef _FIDO_INTERNAL
 #include "packed.h"
+#include "blob.h"
 
 /* COSE ES256 (ECDSA over P-256 with SHA-256) public key */
 typedef struct es256_pk {
@@ -74,6 +112,11 @@ typedef struct fido_user {
         char        *display_name; /* required */
 } fido_user_t;
 
+typedef struct fido_cred_ext {
+        int mask; /* enabled extensions */
+        int prot; /* protection policy */
+} fido_cred_ext_t;
+
 typedef struct fido_cred {
         fido_blob_t       cdh;           /* client data hash */
         fido_rp_t         rp;            /* relying party */
@@ -81,10 +124,10 @@ typedef struct fido_cred {
         fido_blob_array_t excl;          /* list of credential ids to exclude */
         fido_opt_t        rk;            /* resident key */
         fido_opt_t        uv;            /* user verification */
-        int               ext;           /* enabled extensions */
+        fido_cred_ext_t   ext;           /* extensions */
         int               type;          /* cose algorithm */
         char             *fmt;           /* credential format */
-        int               authdata_ext;  /* decoded extensions */
+        fido_cred_ext_t   authdata_ext;  /* decoded extensions */
         fido_blob_t       authdata_cbor; /* raw cbor payload */
         fido_authdata_t   authdata;      /* decoded authdata payload */
         fido_attcred_t    attcred;       /* returned credential (key + id) */
@@ -138,14 +181,17 @@ typedef struct fido_cbor_info {
         fido_opt_array_t  options;    /* list of supported options */
         uint64_t          maxmsgsiz;  /* maximum message size */
         fido_byte_array_t protocols;  /* supported pin protocols */
+        uint64_t          fwversion;  /* firmware version */
 } fido_cbor_info_t;
 
 typedef struct fido_dev_info {
-        char    *path;         /* device path */
-        int16_t  vendor_id;    /* 2-byte vendor id */
-        int16_t  product_id;   /* 2-byte product id */
-        char    *manufacturer; /* manufacturer string */
-        char    *product;      /* product string */
+        char                 *path;         /* device path */
+        int16_t               vendor_id;    /* 2-byte vendor id */
+        int16_t               product_id;   /* 2-byte product id */
+        char                 *manufacturer; /* manufacturer string */
+        char                 *product;      /* product string */
+        fido_dev_io_t         io;           /* i/o functions */
+        fido_dev_transport_t  transport;    /* transport functions */
 } fido_dev_info_t;
 
 PACKED_TYPE(fido_ctap_info_t,
@@ -161,11 +207,29 @@ struct fido_ctap_info {
 })
 
 typedef struct fido_dev {
-        uint64_t          nonce;     /* issued nonce */
-        fido_ctap_info_t  attr;      /* device attributes */
-        uint32_t          cid;       /* assigned channel id */
-        void             *io_handle; /* abstract i/o handle */
-        fido_dev_io_t     io;        /* i/o functions & data */
+        uint64_t              nonce;     /* issued nonce */
+        fido_ctap_info_t      attr;      /* device attributes */
+        uint32_t              cid;       /* assigned channel id */
+        char                 *path;      /* device path */
+        void                 *io_handle; /* abstract i/o handle */
+        fido_dev_io_t         io;        /* i/o functions */
+        fido_dev_transport_t  transport; /* transport functions */
 } fido_dev_t;
 
-#endif /* !_TYPES_H */
+#else
+typedef struct fido_assert fido_assert_t;
+typedef struct fido_cbor_info fido_cbor_info_t;
+typedef struct fido_cred fido_cred_t;
+typedef struct fido_dev fido_dev_t;
+typedef struct fido_dev_info fido_dev_info_t;
+typedef struct es256_pk es256_pk_t;
+typedef struct es256_sk es256_sk_t;
+typedef struct rs256_pk rs256_pk_t;
+typedef struct eddsa_pk eddsa_pk_t;
+#endif /* _FIDO_INTERNAL */
+
+#ifdef __cplusplus
+} /* extern "C" */
+#endif /* __cplusplus */
+
+#endif /* !_FIDO_TYPES_H */
diff --git a/src/hid_hidapi.c b/src/hid_hidapi.c
new file mode 100644
index 0000000..915621f
--- /dev/null
+++ b/src/hid_hidapi.c
@@ -0,0 +1,138 @@
+/*
+ * Copyright (c) 2019 Google LLC. All rights reserved.
+ * Use of this source code is governed by a BSD-style
+ * license that can be found in the LICENSE file.
+ */
+
+#include <hidapi/hidapi.h>
+
+#include <stdlib.h>
+#include <string.h>
+#include <wchar.h>
+
+#include "fido.h"
+
+static size_t
+fido_wcslen(const wchar_t *wcs)
+{
+        size_t l = 0;
+        while (*wcs++ != L'\0')
+                l++;
+        return l;
+}
+
+static char *
+wcs_to_cs(const wchar_t *wcs)
+{
+        char *cs;
+        size_t i;
+
+        if (wcs == NULL || (cs = calloc(fido_wcslen(wcs) + 1, 1)) == NULL) 
+                return NULL;
+
+        for (i = 0; i < fido_wcslen(wcs); i++) {
+                if (wcs[i] >= 128) {
+                        /* give up on parsing non-ASCII text */
+                        free(cs);
+                        return strdup("hidapi device");
+                }
+                cs[i] = (char)wcs[i];
+        }
+
+        return cs;
+}
+
+static int
+copy_info(fido_dev_info_t *di, const struct hid_device_info *d)
+{
+        memset(di, 0, sizeof(*di));
+
+        if (d->path != NULL)
+                di->path = strdup(d->path);
+        else
+                di->path = strdup("");
+
+        if (d->manufacturer_string != NULL)
+                di->manufacturer = wcs_to_cs(d->manufacturer_string);
+        else
+                di->manufacturer = strdup("");
+
+        if (d->product_string != NULL)
+                di->product = wcs_to_cs(d->product_string);
+        else
+                di->product = strdup("");
+
+        if (di->path == NULL ||
+            di->manufacturer == NULL ||
+            di->product == NULL) {
+                free(di->path);
+                free(di->manufacturer);
+                free(di->product);
+                return -1;
+        }
+
+        di->product_id = d->product_id;
+        di->vendor_id = d->vendor_id;
+        di->io = (fido_dev_io_t) {
+                &fido_hid_open,
+                &fido_hid_close,
+                &fido_hid_read,
+                &fido_hid_write,
+        };
+
+        return 0;
+}
+
+void *
+fido_hid_open(const char *path)
+{
+        return hid_open_path(path);
+}
+
+void
+fido_hid_close(void *hid_dev_handle)
+{
+        hid_close(hid_dev_handle);
+}
+
+int
+fido_hid_read(void *hid_dev_handle, unsigned char *buf, size_t len, int ms)
+{
+        return hid_read_timeout(hid_dev_handle, buf, len, ms);
+}
+
+int
+fido_hid_write(void *hid_dev_handle, const unsigned char *buf, size_t len)
+{
+        return hid_write(hid_dev_handle, buf, len);
+}
+
+int
+fido_hid_manifest(fido_dev_info_t *devlist, size_t ilen, size_t *olen)
+{
+        struct hid_device_info *hdi;
+
+        *olen = 0;
+
+        if (ilen == 0)
+                return FIDO_OK; /* nothing to do */
+        if (devlist == NULL)
+                return FIDO_ERR_INVALID_ARGUMENT;
+        if ((hdi = hid_enumerate(0, 0)) == NULL)
+                return FIDO_OK; /* nothing to do */
+
+        for (struct hid_device_info *d = hdi; d != NULL; d = d->next) {
+#if defined(_WIN32) || defined(__APPLE__)
+                if (d->usage_page != 0xf1d0)
+                        continue;
+#endif
+                if (copy_info(&devlist[*olen], d) == 0) {
+                        if (++(*olen) == ilen)
+                                break;
+                }
+        }
+
+        hid_free_enumeration(hdi);
+
+        return FIDO_OK;
+}
diff --git a/src/hid_linux.c b/src/hid_linux.c
index c7cabc9..99c5afb 100644
--- a/src/hid_linux.c
+++ b/src/hid_linux.c
@@ -13,6 +13,7 @@
 #include <libudev.h>
 #include <string.h>
 #include <unistd.h>
+#include <errno.h>
 
 #include "fido.h"
 
@@ -98,7 +99,6 @@ get_usage_info(const struct hidraw_report_descriptor *hrd, uint32_t *usage_page,
 static int
 get_report_descriptor(const char *path, struct hidraw_report_descriptor *hrd)
 {
-        int     r;
         int     s = -1;
         int     fd;
         int     ok = -1;
@@ -108,7 +108,7 @@ get_report_descriptor(const char *path, struct hidraw_report_descriptor *hrd)
                 return (-1);
         }
 
-        if ((r = ioctl(fd, HIDIOCGRDESCSIZE, &s)) < 0 || s < 0 ||
+        if (ioctl(fd, HIDIOCGRDESCSIZE, &s) < 0 || s < 0 ||
             (unsigned)s > HID_MAX_DESCRIPTOR_SIZE) {
                 fido_log_debug("%s: ioctl HIDIOCGRDESCSIZE", __func__);
                 goto fail;
@@ -116,7 +116,7 @@ get_report_descriptor(const char *path, struct hidraw_report_descriptor *hrd)
 
         hrd->size = s;
 
-        if ((r = ioctl(fd, HIDIOCGRDESC, hrd)) < 0) {
+        if (ioctl(fd, HIDIOCGRDESC, hrd) < 0) {
                 fido_log_debug("%s: ioctl HIDIOCGRDESC", __func__);
                 goto fail;
         }
@@ -240,7 +240,7 @@ fail:
 }
 
 int
-fido_dev_info_manifest(fido_dev_info_t *devlist, size_t ilen, size_t *olen)
+fido_hid_manifest(fido_dev_info_t *devlist, size_t ilen, size_t *olen)
 {
         struct udev             *udev = NULL;
         struct udev_enumerate   *udev_enum = NULL;
@@ -267,6 +267,12 @@ fido_dev_info_manifest(fido_dev_info_t *devlist, size_t ilen, size_t *olen)
 
         udev_list_entry_foreach(udev_entry, udev_list) {
                 if (copy_info(&devlist[*olen], udev, udev_entry) == 0) {
+                        devlist[*olen].io = (fido_dev_io_t) {
+                                fido_hid_open,
+                                fido_hid_close,
+                                fido_hid_read,
+                                fido_hid_write,
+                        };
                         if (++(*olen) == ilen)
                                 break;
                 }
diff --git a/src/hid_openbsd.c b/src/hid_openbsd.c
index 8b92bd6..2b31dba 100644
--- a/src/hid_openbsd.c
+++ b/src/hid_openbsd.c
@@ -29,7 +29,7 @@ struct hid_openbsd {
 };
 
 int
-fido_dev_info_manifest(fido_dev_info_t *devlist, size_t ilen, size_t *olen)
+fido_hid_manifest(fido_dev_info_t *devlist, size_t ilen, size_t *olen)
 {
         size_t i;
         char path[64];
@@ -101,6 +101,12 @@ fido_dev_info_manifest(fido_dev_info_t *devlist, size_t ilen, size_t *olen)
 
                 di = &devlist[*olen];
                 memset(di, 0, sizeof(*di));
+                di->io = (fido_dev_io_t) {
+                        fido_hid_open,
+                        fido_hid_close,
+                        fido_hid_read,
+                        fido_hid_write,
+                };
                 if ((di->path = strdup(path)) == NULL ||
                     (di->manufacturer = strdup(udi.udi_vendor)) == NULL ||
                     (di->product = strdup(udi.udi_product)) == NULL) {
diff --git a/src/hid_osx.c b/src/hid_osx.c
index b705b43..5c40747 100644
--- a/src/hid_osx.c
+++ b/src/hid_osx.c
@@ -197,7 +197,7 @@ copy_info(fido_dev_info_t *di, IOHIDDeviceRef dev)
 }
 
 int
-fido_dev_info_manifest(fido_dev_info_t *devlist, size_t ilen, size_t *olen)
+fido_hid_manifest(fido_dev_info_t *devlist, size_t ilen, size_t *olen)
 {
         IOHIDManagerRef manager = NULL;
         CFSetRef        devset = NULL;
@@ -240,6 +240,12 @@ fido_dev_info_manifest(fido_dev_info_t *devlist, size_t ilen, size_t *olen)
 
         for (CFIndex i = 0; i < devcnt; i++) {
                 if (copy_info(&devlist[*olen], devs[i]) == 0) {
+                        devlist[*olen].io = (fido_dev_io_t) {
+                                fido_hid_open,
+                                fido_hid_close,
+                                fido_hid_read,
+                                fido_hid_write,
+                        };
                         if (++(*olen) == ilen)
                                 break;
                 }
@@ -378,15 +384,18 @@ fido_hid_read(void *handle, unsigned char *buf, size_t len, int ms)
         IOHIDDeviceScheduleWithRunLoop(dev->ref, CFRunLoopGetCurrent(),
             dev->loop_id);
 
-        do
-                r = CFRunLoopRunInMode(dev->loop_id, 0.003, true);
-        while (r != kCFRunLoopRunHandledSource);
+        r = CFRunLoopRunInMode(dev->loop_id, 0.3, true);
 
         IOHIDDeviceRegisterInputReportCallback(dev->ref, buf, len, NULL, NULL);
         IOHIDDeviceRegisterRemovalCallback(dev->ref, NULL, NULL);
         IOHIDDeviceUnscheduleFromRunLoop(dev->ref, CFRunLoopGetCurrent(),
             dev->loop_id);
 
+        if (r != kCFRunLoopRunHandledSource) {
+                fido_log_debug("%s: CFRunLoopRunInMode=%d", __func__, (int)r);
+                return (-1);
+        }
+
         return (REPORT_LEN - 1);
 }
 
diff --git a/src/hid_win.c b/src/hid_win.c
index 6d93778..f970589 100644
--- a/src/hid_win.c
+++ b/src/hid_win.c
@@ -172,7 +172,7 @@ fail:
 }
 
 int
-fido_dev_info_manifest(fido_dev_info_t *devlist, size_t ilen, size_t *olen)
+fido_hid_manifest(fido_dev_info_t *devlist, size_t ilen, size_t *olen)
 {
         GUID                                     hid_guid = GUID_DEVINTERFACE_HID;
         HDEVINFO                                 devinfo = INVALID_HANDLE_VALUE;
@@ -234,6 +234,12 @@ fido_dev_info_manifest(fido_dev_info_t *devlist, size_t ilen, size_t *olen)
                 }
 
                 if (copy_info(&devlist[*olen], ifdetail->DevicePath) == 0) {
+                        devlist[*olen].io = (fido_dev_io_t) {
+                                fido_hid_open,
+                                fido_hid_close,
+                                fido_hid_read,
+                                fido_hid_write,
+                        };
                         if (++(*olen) == ilen)
                                 break;
                 }
diff --git a/src/info.c b/src/info.c
index e896503..8e256fa 100644
--- a/src/info.c
+++ b/src/info.c
@@ -217,6 +217,8 @@ parse_reply_element(const cbor_item_t *key, const cbor_item_t *val, void *arg)
                 return (cbor_decode_uint64(val, &ci->maxmsgsiz));
         case 6: /* pinProtocols */
                 return (decode_protocols(val, &ci->protocols));
+        case 14: /* fwVersion */
+                return (cbor_decode_uint64(val, &ci->fwversion));
         default: /* ignore */
                 fido_log_debug("%s: cbor type", __func__);
                 return (0);
@@ -226,12 +228,11 @@ parse_reply_element(const cbor_item_t *key, const cbor_item_t *val, void *arg)
 static int
 fido_dev_get_cbor_info_tx(fido_dev_t *dev)
 {
-        const unsigned char     cbor[] = { CTAP_CBOR_GETINFO };
-        const uint8_t           cmd = CTAP_FRAME_INIT | CTAP_CMD_CBOR;
+        const unsigned char cbor[] = { CTAP_CBOR_GETINFO };
 
         fido_log_debug("%s: dev=%p", __func__, (void *)dev);
 
-        if (fido_tx(dev, cmd, cbor, sizeof(cbor)) < 0) {
+        if (fido_tx(dev, CTAP_CMD_CBOR, cbor, sizeof(cbor)) < 0) {
                 fido_log_debug("%s: fido_tx", __func__);
                 return (FIDO_ERR_TX);
         }
@@ -242,8 +243,7 @@ fido_dev_get_cbor_info_tx(fido_dev_t *dev)
 static int
 fido_dev_get_cbor_info_rx(fido_dev_t *dev, fido_cbor_info_t *ci, int ms)
 {
-        const uint8_t   cmd = CTAP_FRAME_INIT | CTAP_CMD_CBOR;
-        unsigned char   reply[512];
+        unsigned char   reply[FIDO_MAXMSG];
         int             reply_len;
 
         fido_log_debug("%s: dev=%p, ci=%p, ms=%d", __func__, (void *)dev,
@@ -251,7 +251,8 @@ fido_dev_get_cbor_info_rx(fido_dev_t *dev, fido_cbor_info_t *ci, int ms)
 
         memset(ci, 0, sizeof(*ci));
 
-        if ((reply_len = fido_rx(dev, cmd, &reply, sizeof(reply), ms)) < 0) {
+        if ((reply_len = fido_rx(dev, CTAP_CMD_CBOR, &reply, sizeof(reply),
+            ms)) < 0) {
                 fido_log_debug("%s: fido_rx", __func__);
                 return (FIDO_ERR_RX);
         }
@@ -260,7 +261,7 @@ fido_dev_get_cbor_info_rx(fido_dev_t *dev, fido_cbor_info_t *ci, int ms)
             parse_reply_element));
 }
 
-static int
+int
 fido_dev_get_cbor_info_wait(fido_dev_t *dev, fido_cbor_info_t *ci, int ms)
 {
         int r;
@@ -397,6 +398,12 @@ fido_cbor_info_maxmsgsiz(const fido_cbor_info_t *ci)
         return (ci->maxmsgsiz);
 }
 
+uint64_t
+fido_cbor_info_fwversion(const fido_cbor_info_t *ci)
+{
+        return (ci->fwversion);
+}
+
 const uint8_t *
 fido_cbor_info_protocols_ptr(const fido_cbor_info_t *ci)
 {
diff --git a/src/io.c b/src/io.c
index aa88720..af2f49a 100644
--- a/src/io.c
+++ b/src/io.c
@@ -33,25 +33,40 @@ struct frame {
 #define MIN(x, y) ((x) > (y) ? (y) : (x))
 #endif
 
-static size_t
-tx_preamble(fido_dev_t *d,  uint8_t cmd, const void *buf, size_t count)
+static int
+tx_empty(fido_dev_t *d, uint8_t cmd)
 {
         struct frame    *fp;
-        unsigned char   pkt[sizeof(*fp) + 1];
-        int             n;
+        unsigned char    pkt[sizeof(*fp) + 1];
+        int              n;
 
-        if (d->io.write == NULL || (cmd & 0x80) == 0)
-                return (0);
+        memset(&pkt, 0, sizeof(pkt));
+        fp = (struct frame *)(pkt + 1);
+        fp->cid = d->cid;
+        fp->body.init.cmd = CTAP_FRAME_INIT | cmd;
+
+        n = d->io.write(d->io_handle, pkt, sizeof(pkt));
+        if (n < 0 || (size_t)n != sizeof(pkt))
+                return (-1);
+
+        return (0);
+}
+
+static size_t
+tx_preamble(fido_dev_t *d, uint8_t cmd, const void *buf, size_t count)
+{
+        struct frame    *fp;
+        unsigned char    pkt[sizeof(*fp) + 1];
+        int              n;
 
         memset(&pkt, 0, sizeof(pkt));
         fp = (struct frame *)(pkt + 1);
         fp->cid = d->cid;
-        fp->body.init.cmd = 0x80 | cmd;
+        fp->body.init.cmd = CTAP_FRAME_INIT | cmd;
         fp->body.init.bcnth = (count >> 8) & 0xff;
         fp->body.init.bcntl = count & 0xff;
         count = MIN(count, sizeof(fp->body.init.data));
-        if (count)
-                memcpy(&fp->body.init.data, buf, count);
+        memcpy(&fp->body.init.data, buf, count);
 
         n = d->io.write(d->io_handle, pkt, sizeof(pkt));
         if (n < 0 || (size_t)n != sizeof(pkt))
@@ -61,19 +76,16 @@ tx_preamble(fido_dev_t *d,  uint8_t cmd, const void *buf, size_t count)
 }
 
 static size_t
-tx_frame(fido_dev_t *d, int seq, const void *buf, size_t count)
+tx_frame(fido_dev_t *d, uint8_t seq, const void *buf, size_t count)
 {
         struct frame    *fp;
         unsigned char    pkt[sizeof(*fp) + 1];
         int              n;
 
-        if (d->io.write == NULL || seq < 0 || seq > UINT8_MAX)
-                return (0);
-
         memset(&pkt, 0, sizeof(pkt));
         fp = (struct frame *)(pkt + 1);
         fp->cid = d->cid;
-        fp->body.cont.seq = (uint8_t)seq;
+        fp->body.cont.seq = seq;
         count = MIN(count, sizeof(fp->body.cont.data));
         memcpy(&fp->body.cont.data, buf, count);
 
@@ -84,52 +96,56 @@ tx_frame(fido_dev_t *d, int seq, const void *buf, size_t count)
         return (count);
 }
 
-int
-fido_tx(fido_dev_t *d, uint8_t cmd, const void *buf, size_t count)
+static int
+tx(fido_dev_t *d, uint8_t cmd, const unsigned char *buf, size_t count)
 {
-        int     seq = 0;
-        size_t  sent;
-
-        fido_log_debug("%s: d=%p, cmd=0x%02x, buf=%p, count=%zu", __func__,
-            (void *)d, cmd, buf, count);
-        fido_log_xxd(buf, count);
-
-        if (d->io_handle == NULL || count > UINT16_MAX) {
-                fido_log_debug("%s: invalid argument (%p, %zu)", __func__,
-                    d->io_handle, count);
-                return (-1);
-        }
+        size_t n, sent;
 
         if ((sent = tx_preamble(d, cmd, buf, count)) == 0) {
                 fido_log_debug("%s: tx_preamble", __func__);
                 return (-1);
         }
 
-        while (sent < count) {
+        for (uint8_t seq = 0; sent < count; sent += n) {
                 if (seq & 0x80) {
                         fido_log_debug("%s: seq & 0x80", __func__);
                         return (-1);
                 }
-                const uint8_t *p = (const uint8_t *)buf + sent;
-                size_t n = tx_frame(d, seq++, p, count - sent);
-                if (n == 0) {
+                if ((n = tx_frame(d, seq++, buf + sent, count - sent)) == 0) {
                         fido_log_debug("%s: tx_frame", __func__);
                         return (-1);
                 }
-                sent += n;
         }
 
         return (0);
 }
 
+int
+fido_tx(fido_dev_t *d, uint8_t cmd, const void *buf, size_t count)
+{
+        fido_log_debug("%s: d=%p, cmd=0x%02x, buf=%p, count=%zu", __func__,
+            (void *)d, cmd, (const void *)buf, count);
+        fido_log_xxd(buf, count);
+
+        if (d->transport.tx != NULL)
+                return (d->transport.tx(d, cmd, buf, count));
+
+        if (d->io_handle == NULL || d->io.write == NULL || count > UINT16_MAX) {
+                fido_log_debug("%s: invalid argument", __func__);
+                return (-1);
+        }
+
+        if (count == 0)
+                return (tx_empty(d, cmd));
+
+        return (tx(d, cmd, buf, count));
+}
+
 static int
 rx_frame(fido_dev_t *d, struct frame *fp, int ms)
 {
         int n;
 
-        if (d->io.read == NULL)
-                return (-1);
-
         n = d->io.read(d->io_handle, (unsigned char *)fp, sizeof(*fp), ms);
         if (n < 0 || (size_t)n != sizeof(*fp))
                 return (-1);
@@ -138,7 +154,7 @@ rx_frame(fido_dev_t *d, struct frame *fp, int ms)
 }
 
 static int
-rx_preamble(fido_dev_t *d, struct frame *fp, int ms)
+rx_preamble(fido_dev_t *d, uint8_t cmd, struct frame *fp, int ms)
 {
         do {
                 if (rx_frame(d, fp, ms) < 0)
@@ -149,66 +165,57 @@ rx_preamble(fido_dev_t *d, struct frame *fp, int ms)
         } while (fp->cid == d->cid &&
             fp->body.init.cmd == (CTAP_FRAME_INIT | CTAP_KEEPALIVE));
 
+        fido_log_debug("%s: initiation frame at %p", __func__, (void *)fp);
+        fido_log_xxd(fp, sizeof(*fp));
+
+#ifdef FIDO_FUZZ
+        fp->body.init.cmd = (CTAP_FRAME_INIT | cmd);
+#endif
+
+        if (fp->cid != d->cid || fp->body.init.cmd != (CTAP_FRAME_INIT | cmd)) {
+                fido_log_debug("%s: cid (0x%x, 0x%x), cmd (0x%02x, 0x%02x)",
+                    __func__, fp->cid, d->cid, fp->body.init.cmd, cmd);
+                return (-1);
+        }
+
         return (0);
 }
 
-int
-fido_rx(fido_dev_t *d, uint8_t cmd, void *buf, size_t count, int ms)
+static int
+rx(fido_dev_t *d, uint8_t cmd, unsigned char *buf, size_t count, int ms)
 {
-        struct frame    f;
-        uint16_t        r;
-        uint16_t        flen;
-        int             seq;
-
-        if (d->io_handle == NULL || (cmd & 0x80) == 0) {
-                fido_log_debug("%s: invalid argument (%p, 0x%02x)", __func__,
-                    d->io_handle, cmd);
-                return (-1);
-        }
+        struct frame f;
+        uint16_t r, payload_len;
 
-        if (rx_preamble(d, &f, ms) < 0) {
+        if (rx_preamble(d, cmd, &f, ms) < 0) {
                 fido_log_debug("%s: rx_preamble", __func__);
                 return (-1);
         }
 
-        fido_log_debug("%s: initiation frame at %p, len %zu", __func__,
-            (void *)&f, sizeof(f));
-        fido_log_xxd(&f, sizeof(f));
+        payload_len = (f.body.init.bcnth << 8) | f.body.init.bcntl;
+        fido_log_debug("%s: payload_len=%zu", __func__, (size_t)payload_len);
 
-#ifdef FIDO_FUZZ
-        f.cid = d->cid;
-        f.body.init.cmd = cmd;
-#endif
-
-        if (f.cid != d->cid || f.body.init.cmd != cmd) {
-                fido_log_debug("%s: cid (0x%x, 0x%x), cmd (0x%02x, 0x%02x)",
-                    __func__, f.cid, d->cid, f.body.init.cmd, cmd);
+        if (count < (size_t)payload_len) {
+                fido_log_debug("%s: count < payload_len", __func__);
                 return (-1);
         }
 
-        flen = (f.body.init.bcnth << 8) | f.body.init.bcntl;
-        if (count < (size_t)flen) {
-                fido_log_debug("%s: count < flen (%zu, %zu)", __func__, count,
-                    (size_t)flen);
-                return (-1);
-        }
-        if (flen < sizeof(f.body.init.data)) {
-                memcpy(buf, f.body.init.data, flen);
-                return (flen);
+        if (payload_len < sizeof(f.body.init.data)) {
+                memcpy(buf, f.body.init.data, payload_len);
+                return (payload_len);
         }
 
         memcpy(buf, f.body.init.data, sizeof(f.body.init.data));
         r = sizeof(f.body.init.data);
-        seq = 0;
 
-        while ((size_t)r < flen) {
+        for (int seq = 0; (size_t)r < payload_len; seq++) {
                 if (rx_frame(d, &f, ms) < 0) {
                         fido_log_debug("%s: rx_frame", __func__);
                         return (-1);
                 }
 
-                fido_log_debug("%s: continuation frame at %p, len %zu",
-                    __func__, (void *)&f, sizeof(f));
+                fido_log_debug("%s: continuation frame at %p", __func__,
+                    (void *)&f);
                 fido_log_xxd(&f, sizeof(f));
 
 #ifdef FIDO_FUZZ
@@ -216,38 +223,57 @@ fido_rx(fido_dev_t *d, uint8_t cmd, void *buf, size_t count, int ms)
                 f.body.cont.seq = seq;
 #endif
 
-                if (f.cid != d->cid || f.body.cont.seq != seq++) {
+                if (f.cid != d->cid || f.body.cont.seq != seq) {
                         fido_log_debug("%s: cid (0x%x, 0x%x), seq (%d, %d)",
                             __func__, f.cid, d->cid, f.body.cont.seq, seq);
                         return (-1);
                 }
 
-                uint8_t *p = (uint8_t *)buf + r;
-
-                if ((size_t)(flen - r) > sizeof(f.body.cont.data)) {
-                        memcpy(p, f.body.cont.data, sizeof(f.body.cont.data));
+                if ((size_t)(payload_len - r) > sizeof(f.body.cont.data)) {
+                        memcpy(buf + r, f.body.cont.data,
+                            sizeof(f.body.cont.data));
                         r += sizeof(f.body.cont.data);
                 } else {
-                        memcpy(p, f.body.cont.data, flen - r);
-                        r += (flen - r); /* break */
+                        memcpy(buf + r, f.body.cont.data, payload_len - r);
+                        r += (payload_len - r); /* break */
                 }
         }
 
-        fido_log_debug("%s: payload at %p, len %zu", __func__, buf, (size_t)r);
-        fido_log_xxd(buf, r);
-
         return (r);
 }
 
 int
+fido_rx(fido_dev_t *d, uint8_t cmd, void *buf, size_t count, int ms)
+{
+        int n;
+
+        fido_log_debug("%s: d=%p, cmd=0x%02x, buf=%p, count=%zu, ms=%d",
+            __func__, (void *)d, cmd, (const void *)buf, count, ms);
+
+        if (d->transport.rx != NULL)
+                return (d->transport.rx(d, cmd, buf, count, ms));
+
+        if (d->io_handle == NULL || d->io.read == NULL || count > UINT16_MAX) {
+                fido_log_debug("%s: invalid argument", __func__);
+                return (-1);
+        }
+
+        if ((n = rx(d, cmd, buf, count, ms)) >= 0) {
+                fido_log_debug("%s: buf=%p, len=%d", __func__, (void *)buf, n);
+                fido_log_xxd(buf, n);
+        }
+
+        return (n);
+}
+
+int
 fido_rx_cbor_status(fido_dev_t *d, int ms)
 {
-        const uint8_t   cmd = CTAP_FRAME_INIT | CTAP_CMD_CBOR;
-        unsigned char   reply[2048];
+        unsigned char   reply[FIDO_MAXMSG];
         int             reply_len;
 
-        if ((reply_len = fido_rx(d, cmd, &reply, sizeof(reply), ms)) < 0 ||
-            (size_t)reply_len < 1) {
+        if ((reply_len = fido_rx(d, CTAP_CMD_CBOR, &reply, sizeof(reply),
+            ms)) < 0 || (size_t)reply_len < 1) {
                 fido_log_debug("%s: fido_rx", __func__);
                 return (FIDO_ERR_RX);
         }
diff --git a/src/iso7816.h b/src/iso7816.h
index 426cd97..563243f 100644
--- a/src/iso7816.h
+++ b/src/iso7816.h
@@ -7,8 +7,15 @@
 #ifndef _ISO7816_H
 #define _ISO7816_H
 
+#include <stdint.h>
+#include <stdlib.h>
+
 #include "packed.h"
 
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
 PACKED_TYPE(iso7816_header_t,
 struct iso7816_header {
         uint8_t cla;
@@ -35,4 +42,8 @@ iso7816_apdu_t *iso7816_new(uint8_t, uint8_t, uint16_t);
 size_t iso7816_len(const iso7816_apdu_t *);
 void iso7816_free(iso7816_apdu_t **);
 
+#ifdef __cplusplus
+} /* extern "C" */
+#endif /* __cplusplus */
+
 #endif /* !_ISO7816_H */
diff --git a/src/log.c b/src/log.c
index 982bdb7..d6f0934 100644
--- a/src/log.c
+++ b/src/log.c
@@ -7,57 +7,86 @@
 #include <stdarg.h>
 #include <stdio.h>
 #include <stdlib.h>
+#include <string.h>
+
 #include "fido.h"
 
 #ifndef FIDO_NO_DIAGNOSTIC
 
+#define XXDLEN  32
+#define XXDROW  128
+#define LINELEN 256
+
 #ifndef TLS
 #define TLS
 #endif
 
 static TLS int logging;
+static TLS fido_log_handler_t *log_handler;
+
+static void
+log_on_stderr(const char *str)
+{
+        fprintf(stderr, "%s", str);
+}
 
 void
 fido_log_init(void)
 {
         logging = 1;
+        log_handler = log_on_stderr;
 }
 
 void
-fido_log_xxd(const void *buf, size_t count)
+fido_log_debug(const char *fmt, ...)
 {
-        const uint8_t   *ptr = buf;
-        size_t           i;
+        char line[LINELEN];
+        va_list ap;
+        int r;
 
-        if (!logging)
+        if (!logging || log_handler == NULL)
                 return;
 
-        fprintf(stderr, "  ");
-
-        for (i = 0; i < count; i++) {
-                fprintf(stderr, "%02x ", *ptr++);
-                if ((i + 1) % 16 == 0 && i + 1 < count)
-                        fprintf(stderr, "\n  ");
-        }
-
-        fprintf(stderr, "\n");
-        fflush(stderr);
+        va_start(ap, fmt);
+        r = vsnprintf(line, sizeof(line) - 1, fmt, ap);
+        va_end(ap);
+        if (r < 0 || (size_t)r >= sizeof(line) - 1)
+                return;
+        strlcat(line, "\n", sizeof(line));
+        log_handler(line);
 }
 
 void
-fido_log_debug(const char *fmt, ...)
+fido_log_xxd(const void *buf, size_t count)
 {
-        va_list  ap;
+        const uint8_t *ptr = buf;
+        char row[XXDROW];
+        char xxd[XXDLEN];
 
-        if (!logging)
+        if (!logging || log_handler == NULL || count == 0)
                 return;
 
-        va_start(ap, fmt);
-        vfprintf(stderr, fmt, ap);
-        va_end(ap);
+        *row = '\0';
 
-        fprintf(stderr, "\n");
-        fflush(stderr);
+        for (size_t i = 0; i < count; i++) {
+                *xxd = '\0';
+                if (i % 16 == 0)
+                        snprintf(xxd, sizeof(xxd), "%04zu: %02x", i, *ptr++);
+                else
+                        snprintf(xxd, sizeof(xxd), " %02x", *ptr++);
+                strlcat(row, xxd, sizeof(row));
+                if (i % 16 == 15 || i == count - 1) {
+                        fido_log_debug("%s", row);
+                        *row = '\0';
+                }
+        }
+}
+
+void
+fido_set_log_handler(fido_log_handler_t *handler)
+{
+        if (handler != NULL)
+                log_handler = handler;
 }
 
 #endif /* !FIDO_NO_DIAGNOSTIC */
diff --git a/src/pin.c b/src/pin.c
index 1ed555c..36acbe4 100644
--- a/src/pin.c
+++ b/src/pin.c
@@ -5,6 +5,7 @@
  */
 
 #include <string.h>
+
 #include "fido.h"
 #include "fido/es256.h"
 
@@ -23,6 +24,14 @@ parse_pintoken(const cbor_item_t *key, const cbor_item_t *val, void *arg)
         return (fido_blob_decode(val, token));
 }
 
+#ifdef FIDO_UVTOKEN
+static int
+parse_uvtoken(const cbor_item_t *key, const cbor_item_t *val, void *arg)
+{
+        return (parse_pintoken(key, val, arg));
+}
+#endif /* FIDO_UVTOKEN */
+
 static int
 fido_dev_get_pin_token_tx(fido_dev_t *dev, const char *pin,
     const fido_blob_t *ecdh, const es256_pk_t *pk)
@@ -51,8 +60,8 @@ fido_dev_get_pin_token_tx(fido_dev_t *dev, const char *pin,
                 goto fail;
         }
 
-        if (cbor_build_frame(CTAP_CBOR_CLIENT_PIN, argv, 6, &f) < 0 ||
-            fido_tx(dev, CTAP_FRAME_INIT | CTAP_CMD_CBOR, f.ptr, f.len) < 0) {
+        if (cbor_build_frame(CTAP_CBOR_CLIENT_PIN, argv, nitems(argv),
+            &f) < 0 || fido_tx(dev, CTAP_CMD_CBOR, f.ptr, f.len) < 0) {
                 fido_log_debug("%s: fido_tx", __func__);
                 r = FIDO_ERR_TX;
                 goto fail;
@@ -67,13 +76,47 @@ fail:
         return (r);
 }
 
+#ifdef FIDO_UVTOKEN
+static int
+fido_dev_get_uv_token_tx(fido_dev_t *dev, const es256_pk_t *pk)
+{
+        fido_blob_t      f;
+        cbor_item_t     *argv[3];
+        int              r;
+
+        memset(&f, 0, sizeof(f));
+        memset(argv, 0, sizeof(argv));
+
+        if ((argv[0] = cbor_build_uint8(1)) == NULL ||
+            (argv[1] = cbor_build_uint8(6)) == NULL ||
+            (argv[2] = es256_pk_encode(pk, 0)) == NULL) {
+                fido_log_debug("%s: cbor encode", __func__);
+                r = FIDO_ERR_INTERNAL;
+                goto fail;
+        }
+
+        if (cbor_build_frame(CTAP_CBOR_CLIENT_PIN, argv, nitems(argv),
+            &f) < 0 || fido_tx(dev, CTAP_CMD_CBOR, f.ptr, f.len) < 0) {
+                fido_log_debug("%s:  fido_tx", __func__);
+                r = FIDO_ERR_TX;
+                goto fail;
+        }
+
+        r = FIDO_OK;
+fail:
+        cbor_vector_free(argv, nitems(argv));
+        free(f.ptr);
+
+        return (r);
+}
+#endif /* FIDO_UVTOKEN */
+
 static int
 fido_dev_get_pin_token_rx(fido_dev_t *dev, const fido_blob_t *ecdh,
     fido_blob_t *token, int ms)
 {
-        const uint8_t    cmd = CTAP_FRAME_INIT | CTAP_CMD_CBOR;
         fido_blob_t     *aes_token = NULL;
-        unsigned char    reply[2048];
+        unsigned char    reply[FIDO_MAXMSG];
         int              reply_len;
         int              r;
 
@@ -82,7 +125,8 @@ fido_dev_get_pin_token_rx(fido_dev_t *dev, const fido_blob_t *ecdh,
                 goto fail;
         }
 
-        if ((reply_len = fido_rx(dev, cmd, &reply, sizeof(reply), ms)) < 0) {
+        if ((reply_len = fido_rx(dev, CTAP_CMD_CBOR, &reply, sizeof(reply),
+            ms)) < 0) {
                 fido_log_debug("%s: fido_rx", __func__);
                 r = FIDO_ERR_RX;
                 goto fail;
@@ -107,15 +151,69 @@ fail:
         return (r);
 }
 
+#ifdef FIDO_UVTOKEN
+static int
+fido_dev_get_uv_token_rx(fido_dev_t *dev, const  fido_blob_t *ecdh,
+    fido_blob_t *token, int ms)
+{
+        fido_blob_t     *aes_token = NULL;
+        unsigned char    reply[FIDO_MAXMSG];
+        int              reply_len;
+        int              r;
+
+        if ((aes_token = fido_blob_new()) == NULL) {
+                r = FIDO_ERR_INTERNAL;
+                goto fail;
+        }
+
+        if ((reply_len = fido_rx(dev, CTAP_CMD_CBOR, &reply, sizeof(reply),
+            ms)) < 0) {
+                fido_log_debug("%s: fido_rx", __func__);
+                r = FIDO_ERR_RX;
+                goto fail;
+        }
+
+        if ((r = cbor_parse_reply(reply, (size_t)reply_len, aes_token,
+            parse_uvtoken)) != FIDO_OK) {
+                fido_log_debug("%s: parse_uvtoken", __func__);
+                goto fail;
+        }
+
+        if (aes256_cbc_dec(ecdh, aes_token, token) < 0) {
+                fido_log_debug("%s: aes256_cbc_dec", __func__);
+                r = FIDO_ERR_RX;
+                goto fail;
+        }
+
+        r = FIDO_OK;
+fail:
+        fido_blob_free(&aes_token);
+
+        return (r);
+}
+#endif /* FIDO_UVTOKEN */
+
 static int
 fido_dev_get_pin_token_wait(fido_dev_t *dev, const char *pin,
     const fido_blob_t *ecdh, const es256_pk_t *pk, fido_blob_t *token, int ms)
 {
         int r;
 
+#ifdef FIDO_UVTOKEN
+        if (getenv("FIDO_UVTOKEN") != NULL) {
+                if ((r = fido_dev_get_uv_token_tx(dev, pk)) != FIDO_OK ||
+                    (r = fido_dev_get_uv_token_rx(dev, ecdh, token, ms)) != FIDO_OK)
+                        return (r);
+        } else {
+                if ((r = fido_dev_get_pin_token_tx(dev, pin, ecdh, pk)) != FIDO_OK ||
+                    (r = fido_dev_get_pin_token_rx(dev, ecdh, token, ms)) != FIDO_OK)
+                        return (r);
+        }
+#else
         if ((r = fido_dev_get_pin_token_tx(dev, pin, ecdh, pk)) != FIDO_OK ||
             (r = fido_dev_get_pin_token_rx(dev, ecdh, token, ms)) != FIDO_OK)
                 return (r);
+#endif
 
         return (FIDO_OK);
 }
@@ -196,8 +294,8 @@ fido_dev_change_pin_tx(fido_dev_t *dev, const char *pin, const char *oldpin)
                 goto fail;
         }
 
-        if (cbor_build_frame(CTAP_CBOR_CLIENT_PIN, argv, 6, &f) < 0 ||
-            fido_tx(dev, CTAP_FRAME_INIT | CTAP_CMD_CBOR, f.ptr, f.len) < 0) {
+        if (cbor_build_frame(CTAP_CBOR_CLIENT_PIN, argv, nitems(argv),
+            &f) < 0 || fido_tx(dev, CTAP_CMD_CBOR, f.ptr, f.len) < 0) {
                 fido_log_debug("%s: fido_tx", __func__);
                 r = FIDO_ERR_TX;
                 goto fail;
@@ -249,8 +347,8 @@ fido_dev_set_pin_tx(fido_dev_t *dev, const char *pin)
                 goto fail;
         }
 
-        if (cbor_build_frame(CTAP_CBOR_CLIENT_PIN, argv, 5, &f) < 0 ||
-            fido_tx(dev, CTAP_FRAME_INIT | CTAP_CMD_CBOR, f.ptr, f.len) < 0) {
+        if (cbor_build_frame(CTAP_CBOR_CLIENT_PIN, argv, nitems(argv),
+            &f) < 0 || fido_tx(dev, CTAP_CMD_CBOR, f.ptr, f.len) < 0) {
                 fido_log_debug("%s: fido_tx", __func__);
                 r = FIDO_ERR_TX;
                 goto fail;
@@ -338,8 +436,8 @@ fido_dev_get_retry_count_tx(fido_dev_t *dev)
                 goto fail;
         }
 
-        if (cbor_build_frame(CTAP_CBOR_CLIENT_PIN, argv, 2, &f) < 0 ||
-            fido_tx(dev, CTAP_FRAME_INIT | CTAP_CMD_CBOR, f.ptr, f.len) < 0) {
+        if (cbor_build_frame(CTAP_CBOR_CLIENT_PIN, argv, nitems(argv),
+            &f) < 0 || fido_tx(dev, CTAP_CMD_CBOR, f.ptr, f.len) < 0) {
                 fido_log_debug("%s: fido_tx", __func__);
                 r = FIDO_ERR_TX;
                 goto fail;
@@ -356,14 +454,14 @@ fail:
 static int
 fido_dev_get_retry_count_rx(fido_dev_t *dev, int *retries, int ms)
 {
-        const uint8_t   cmd = CTAP_FRAME_INIT | CTAP_CMD_CBOR;
-        unsigned char   reply[512];
+        unsigned char   reply[FIDO_MAXMSG];
         int             reply_len;
         int             r;
 
         *retries = 0;
 
-        if ((reply_len = fido_rx(dev, cmd, &reply, sizeof(reply), ms)) < 0) {
+        if ((reply_len = fido_rx(dev, CTAP_CMD_CBOR, &reply, sizeof(reply),
+            ms)) < 0) {
                 fido_log_debug("%s: fido_rx", __func__);
                 return (FIDO_ERR_RX);
         }
diff --git a/src/reset.c b/src/reset.c
index 4b2c88a..ebda1cd 100644
--- a/src/reset.c
+++ b/src/reset.c
@@ -10,10 +10,9 @@
 static int
 fido_dev_reset_tx(fido_dev_t *dev)
 {
-        const unsigned char     cbor[] = { CTAP_CBOR_RESET };
-        const uint8_t           cmd = CTAP_FRAME_INIT | CTAP_CMD_CBOR;
+        const unsigned char cbor[] = { CTAP_CBOR_RESET };
 
-        if (fido_tx(dev, cmd, cbor, sizeof(cbor)) < 0) {
+        if (fido_tx(dev, CTAP_CMD_CBOR, cbor, sizeof(cbor)) < 0) {
                 fido_log_debug("%s: fido_tx", __func__);
                 return (FIDO_ERR_TX);
         }
diff --git a/src/u2f.c b/src/u2f.c
index 82b289f..19a959d 100644
--- a/src/u2f.c
+++ b/src/u2f.c
@@ -125,11 +125,10 @@ authdata_fake(const char *rp_id, uint8_t flags, uint32_t sigcount,
 static int
 send_dummy_register(fido_dev_t *dev, int ms)
 {
-        const uint8_t    cmd = CTAP_FRAME_INIT | CTAP_CMD_MSG;
         iso7816_apdu_t  *apdu = NULL;
         unsigned char    challenge[SHA256_DIGEST_LENGTH];
         unsigned char    application[SHA256_DIGEST_LENGTH];
-        unsigned char    reply[2048];
+        unsigned char    reply[FIDO_MAXMSG];
         int              r;
 
 #ifdef FIDO_FUZZ
@@ -150,13 +149,13 @@ send_dummy_register(fido_dev_t *dev, int ms)
         }
 
         do {
-                if (fido_tx(dev, cmd, iso7816_ptr(apdu),
+                if (fido_tx(dev, CTAP_CMD_MSG, iso7816_ptr(apdu),
                     iso7816_len(apdu)) < 0) {
                         fido_log_debug("%s: fido_tx", __func__);
                         r = FIDO_ERR_TX;
                         goto fail;
                 }
-                if (fido_rx(dev, cmd, &reply, sizeof(reply), ms) < 2) {
+                if (fido_rx(dev, CTAP_CMD_MSG, &reply, sizeof(reply), ms) < 2) {
                         fido_log_debug("%s: fido_rx", __func__);
                         r = FIDO_ERR_RX;
                         goto fail;
@@ -179,11 +178,10 @@ static int
 key_lookup(fido_dev_t *dev, const char *rp_id, const fido_blob_t *key_id,
     int *found, int ms)
 {
-        const uint8_t    cmd = CTAP_FRAME_INIT | CTAP_CMD_MSG;
         iso7816_apdu_t  *apdu = NULL;
         unsigned char    challenge[SHA256_DIGEST_LENGTH];
         unsigned char    rp_id_hash[SHA256_DIGEST_LENGTH];
-        unsigned char    reply[8];
+        unsigned char    reply[FIDO_MAXMSG];
         uint8_t          key_id_len;
         int              r;
 
@@ -217,12 +215,13 @@ key_lookup(fido_dev_t *dev, const char *rp_id, const fido_blob_t *key_id,
                 goto fail;
         }
 
-        if (fido_tx(dev, cmd, iso7816_ptr(apdu), iso7816_len(apdu)) < 0) {
+        if (fido_tx(dev, CTAP_CMD_MSG, iso7816_ptr(apdu),
+            iso7816_len(apdu)) < 0) {
                 fido_log_debug("%s: fido_tx", __func__);
                 r = FIDO_ERR_TX;
                 goto fail;
         }
-        if (fido_rx(dev, cmd, &reply, sizeof(reply), ms) != 2) {
+        if (fido_rx(dev, CTAP_CMD_MSG, &reply, sizeof(reply), ms) != 2) {
                 fido_log_debug("%s: fido_rx", __func__);
                 r = FIDO_ERR_RX;
                 goto fail;
@@ -285,10 +284,9 @@ static int
 do_auth(fido_dev_t *dev, const fido_blob_t *cdh, const char *rp_id,
     const fido_blob_t *key_id, fido_blob_t *sig, fido_blob_t *ad, int ms)
 {
-        const uint8_t    cmd = CTAP_FRAME_INIT | CTAP_CMD_MSG;
         iso7816_apdu_t  *apdu = NULL;
         unsigned char    rp_id_hash[SHA256_DIGEST_LENGTH];
-        unsigned char    reply[128];
+        unsigned char    reply[FIDO_MAXMSG];
         int              reply_len;
         uint8_t          key_id_len;
         int              r;
@@ -326,14 +324,14 @@ do_auth(fido_dev_t *dev, const fido_blob_t *cdh, const char *rp_id,
         }
 
         do {
-                if (fido_tx(dev, cmd, iso7816_ptr(apdu),
+                if (fido_tx(dev, CTAP_CMD_MSG, iso7816_ptr(apdu),
                     iso7816_len(apdu)) < 0) {
                         fido_log_debug("%s: fido_tx", __func__);
                         r = FIDO_ERR_TX;
                         goto fail;
                 }
-                if ((reply_len = fido_rx(dev, cmd, &reply, sizeof(reply),
-                    ms)) < 2) {
+                if ((reply_len = fido_rx(dev, CTAP_CMD_MSG, &reply,
+                    sizeof(reply), ms)) < 2) {
                         fido_log_debug("%s: fido_rx", __func__);
                         r = FIDO_ERR_RX;
                         goto fail;
@@ -575,10 +573,9 @@ fail:
 int
 u2f_register(fido_dev_t *dev, fido_cred_t *cred, int ms)
 {
-        const uint8_t    cmd = CTAP_FRAME_INIT | CTAP_CMD_MSG;
         iso7816_apdu_t  *apdu = NULL;
         unsigned char    rp_id_hash[SHA256_DIGEST_LENGTH];
-        unsigned char    reply[2048];
+        unsigned char    reply[FIDO_MAXMSG];
         int              reply_len;
         int              found;
         int              r;
@@ -634,14 +631,14 @@ u2f_register(fido_dev_t *dev, fido_cred_t *cred, int ms)
         }
 
         do {
-                if (fido_tx(dev, cmd, iso7816_ptr(apdu),
+                if (fido_tx(dev, CTAP_CMD_MSG, iso7816_ptr(apdu),
                     iso7816_len(apdu)) < 0) {
                         fido_log_debug("%s: fido_tx", __func__);
                         r = FIDO_ERR_TX;
                         goto fail;
                 }
-                if ((reply_len = fido_rx(dev, cmd, &reply, sizeof(reply),
-                    ms)) < 2) {
+                if ((reply_len = fido_rx(dev, CTAP_CMD_MSG, &reply,
+                    sizeof(reply), ms)) < 2) {
                         fido_log_debug("%s: fido_rx", __func__);
                         r = FIDO_ERR_RX;
                         goto fail;
@@ -687,6 +684,12 @@ u2f_authenticate_single(fido_dev_t *dev, const fido_blob_t *key_id,
                 goto fail;
         }
 
+        if (fido_blob_set(&fa->stmt[idx].id, key_id->ptr, key_id->len) < 0) {
+                fido_log_debug("%s: fido_blob_set", __func__);
+                r = FIDO_ERR_INTERNAL;
+                goto fail;
+        }
+
         if (fa->up == FIDO_OPT_FALSE) {
                 fido_log_debug("%s: checking for key existence only", __func__);
                 r = FIDO_ERR_USER_PRESENCE_REQUIRED;
@@ -699,8 +702,7 @@ u2f_authenticate_single(fido_dev_t *dev, const fido_blob_t *key_id,
                 goto fail;
         }
 
-        if (fido_blob_set(&fa->stmt[idx].id, key_id->ptr, key_id->len) < 0 ||
-            fido_assert_set_authdata(fa, idx, ad.ptr, ad.len) != FIDO_OK ||
+        if (fido_assert_set_authdata(fa, idx, ad.ptr, ad.len) != FIDO_OK ||
             fido_assert_set_sig(fa, idx, sig.ptr, sig.len) != FIDO_OK) {
                 fido_log_debug("%s: fido_assert_set", __func__);
                 r = FIDO_ERR_INTERNAL;
@@ -724,6 +726,7 @@ fail:
 int
 u2f_authenticate(fido_dev_t *dev, fido_assert_t *fa, int ms)
 {
+        int     nfound = 0;
         int     nauth_ok = 0;
         int     r;
 
@@ -739,20 +742,30 @@ u2f_authenticate(fido_dev_t *dev, fido_assert_t *fa, int ms)
         }
 
         for (size_t i = 0; i < fa->allow_list.len; i++) {
-                if ((r = u2f_authenticate_single(dev, &fa->allow_list.ptr[i],
-                    fa, nauth_ok, ms)) == FIDO_OK) {
+                switch ((r = u2f_authenticate_single(dev,
+                    &fa->allow_list.ptr[i], fa, nfound, ms))) {
+                case FIDO_OK:
                         nauth_ok++;
-                } else if (r != FIDO_ERR_CREDENTIAL_EXCLUDED) {
-                        fido_log_debug("%s: u2f_authenticate_single", __func__);
-                        return (r);
+                        /* FALLTHROUGH */
+                case FIDO_ERR_USER_PRESENCE_REQUIRED:
+                        nfound++;
+                        break;
+                default:
+                        if (r != FIDO_ERR_CREDENTIAL_EXCLUDED) {
+                                fido_log_debug("%s: u2f_authenticate_single",
+                                    __func__);
+                                return (r);
+                        }
+                        /* ignore credentials that don't exist */
                 }
-                /* ignore credentials that don't exist */
         }
 
-        fa->stmt_len = nauth_ok;
+        fa->stmt_len = nfound;
 
-        if (nauth_ok == 0)
+        if (nfound == 0)
                 return (FIDO_ERR_NO_CREDENTIALS);
+        if (nauth_ok == 0)
+                return (FIDO_ERR_USER_PRESENCE_REQUIRED);
 
         return (FIDO_OK);
 }
diff --git a/tools/CMakeLists.txt b/tools/CMakeLists.txt
index 4b8ef32..274a799 100644
--- a/tools/CMakeLists.txt
+++ b/tools/CMakeLists.txt
@@ -8,7 +8,7 @@ list(APPEND COMPAT_SOURCES
         ../openbsd-compat/strlcat.c
 )
 
-if(WIN32)
+if(WIN32 AND NOT CYGWIN AND NOT MSYS)
         list(APPEND COMPAT_SOURCES
                 ../openbsd-compat/bsd-getline.c
                 ../openbsd-compat/explicit_bzero_win32.c
@@ -49,7 +49,6 @@ add_executable(fido2-token
         ${COMPAT_SOURCES}
 )
 
-
 target_link_libraries(fido2-cred ${CRYPTO_LIBRARIES} fido2_shared)
 target_link_libraries(fido2-assert ${CRYPTO_LIBRARIES} fido2_shared)
 target_link_libraries(fido2-token ${CRYPTO_LIBRARIES} fido2_shared)
diff --git a/tools/bio.c b/tools/bio.c
index b8f9b38..135b055 100644
--- a/tools/bio.c
+++ b/tools/bio.c
@@ -253,11 +253,10 @@ void
 bio_info(fido_dev_t *dev)
 {
         fido_bio_info_t *i = NULL;
-        int              r;
 
         if ((i = fido_bio_info_new()) == NULL)
                 errx(1, "fido_bio_info_new");
-        if ((r = fido_bio_dev_get_info(dev, i)) != FIDO_OK) {
+        if (fido_bio_dev_get_info(dev, i) != FIDO_OK) {
                 fido_bio_info_free(&i);
                 return;
         }
diff --git a/tools/credman.c b/tools/credman.c
index 08c9eb8..6eda245 100644
--- a/tools/credman.c
+++ b/tools/credman.c
@@ -37,7 +37,7 @@ credman_get_metadata(fido_dev_t *dev, const char *path)
 
         printf("existing rk(s): %u\n",
             (unsigned)fido_credman_rk_existing(metadata));
-        printf("possible rk(s): %u\n",
+        printf("remaining rk(s): %u\n",
             (unsigned)fido_credman_rk_remaining(metadata));
 
         fido_credman_metadata_free(&metadata);
diff --git a/tools/extern.h b/tools/extern.h
index e79e6f0..be01046 100644
--- a/tools/extern.h
+++ b/tools/extern.h
@@ -7,6 +7,12 @@
 #ifndef _EXTERN_H_
 #define _EXTERN_H_
 
+#include <stddef.h>
+#include <stdio.h>
+
+#include <openssl/ec.h>
+#include <fido.h>
+
 struct blob {
         unsigned char *ptr;
         size_t len;
diff --git a/tools/include_check.sh b/tools/include_check.sh
new file mode 100755
index 0000000..9958c9a
--- /dev/null
+++ b/tools/include_check.sh
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# Copyright (c) 2019 Yubico AB. All rights reserved.
+# Use of this source code is governed by a BSD-style
+# license that can be found in the LICENSE file.
+
+check() {
+        for f in $(find $1 -maxdepth 1 -name '*.h'); do
+                echo "#include \"$f\"" | \
+                        cc $CFLAGS -Isrc -xc -c - -o /dev/null 2>&1
+                echo $f $CFLAGS $?
+        done
+}
+
+check examples
+check fuzz
+check openbsd-compat
+CFLAGS=-D_FIDO_INTERNAL check src
+check src/fido.h
+check src/fido
+check tools
diff --git a/tools/macos_pkg.sh b/tools/macos_pkg.sh
new file mode 100755
index 0000000..4313c27
--- /dev/null
+++ b/tools/macos_pkg.sh
@@ -0,0 +1,44 @@
+#!/bin/bash -e
+# Copyright (c) 2019 Yubico AB. All rights reserved.
+# Use of this source code is governed by a BSD-style
+# license that can be found in the LICENSE file.
+
+if [[ "$#" -ne 2 ]]; then
+        echo usage: $0 version directory 1>&2
+        exit 1
+fi
+
+V=$1
+D=$2
+
+FIDO_PATH=$(realpath ${D}/lib/libfido2.${V}.dylib)
+CBOR_PATH=$(otool -L "${FIDO_PATH}" | grep cbor | awk '{ print $1 }')
+CRYPTO_PATH=$(otool -L "${FIDO_PATH}" | grep crypto | awk '{ print $1 }')
+
+cp -p "${CBOR_PATH}" "${CRYPTO_PATH}" "${D}/lib"
+chmod 755 "${D}/lib/"*dylib
+rm "${D}/lib/pkgconfig/libfido2.pc"
+rmdir "${D}/lib/pkgconfig"
+
+CBOR_NAME=$(echo "${CBOR_PATH}" | grep -o 'libcbor.*dylib')
+CRYPTO_NAME=$(echo "${CRYPTO_PATH}" | grep -o 'libcrypto.*dylib')
+FIDO_NAME="libfido2.${V}.dylib"
+
+install_name_tool -id "@loader_path/${CBOR_NAME}" "${D}/lib/${CBOR_NAME}"
+install_name_tool -id "@loader_path/${CRYPTO_NAME}" "${D}/lib/${CRYPTO_NAME}"
+install_name_tool -id "@loader_path/libfido2.${V}.dylib" "${FIDO_PATH}"
+
+install_name_tool -change "${CBOR_PATH}" "@loader_path/${CBOR_NAME}" \
+        "${FIDO_PATH}"
+install_name_tool -change "${CRYPTO_PATH}" "@loader_path/${CRYPTO_NAME}" \
+        "${FIDO_PATH}"
+
+for f in $(find "${D}/bin" -type f); do
+        FIDO_PATH=$(otool -L "${f}" | grep libfido2 | awk '{ print $1 }')
+        install_name_tool -change "${CBOR_PATH}" \
+                "@executable_path/../lib/${CBOR_NAME}" "${f}"
+        install_name_tool -change "${CRYPTO_PATH}" \
+                "@executable_path/../lib/${CRYPTO_NAME}" "${f}"
+        install_name_tool -change "${FIDO_PATH}" \
+                "@executable_path/../lib/${FIDO_NAME}" "${f}"
+done
diff --git a/tools/token.c b/tools/token.c
index b149208..e65f09f 100644
--- a/tools/token.c
+++ b/tools/token.c
@@ -112,6 +112,12 @@ print_maxmsgsiz(uint64_t maxmsgsiz)
 }
 
 static void
+print_fwversion(uint64_t fwversion)
+{
+        printf("fwversion: 0x%x\n", (int)fwversion);
+}
+
+static void
 print_byte_array(const char *label, const uint8_t *ba, size_t len)
 {
         if (len == 0)
@@ -166,7 +172,7 @@ token_info(int argc, char **argv, char *path)
                 return (credman_print_rk(dev, path, rp_id, cred_id));
         if (cred_id || rp_id)
                 usage();
-                
+
         print_attr(dev);
 
         if (fido_dev_is_fido2(dev) == false)
@@ -196,11 +202,14 @@ token_info(int argc, char **argv, char *path)
         /* print maximum message size */
         print_maxmsgsiz(fido_cbor_info_maxmsgsiz(ci));
 
+        /* print firmware version */
+        print_fwversion(fido_cbor_info_fwversion(ci));
+
         /* print supported pin protocols */
         print_byte_array("pin protocols", fido_cbor_info_protocols_ptr(ci),
             fido_cbor_info_protocols_len(ci));
 
-        if ((r = fido_dev_get_retry_count(dev, &retrycnt)) != FIDO_OK)
+        if (fido_dev_get_retry_count(dev, &retrycnt) != FIDO_OK)
                 printf("pin retries: undefined\n");
         else
                 printf("pin retries: %d\n", retrycnt);
diff --git a/udev/70-u2f.rules b/udev/70-u2f.rules
index 3932270..22b47c9 100644
--- a/udev/70-u2f.rules
+++ b/udev/70-u2f.rules
@@ -35,11 +35,8 @@ KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="2abe", ATTRS{idProduct
 # Thetis Key
 KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1ea8", ATTRS{idProduct}=="f025", TAG+="uaccess", GROUP="plugdev", MODE="0660"
 
-# Nitrokey FIDO U2F, Nitrokey FIDO2
-KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="20a0", ATTRS{idProduct}=="4287|42b1", TAG+="uaccess", GROUP="plugdev", MODE="0660"
-
-# Safetech SafeKey
-KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="20a0", ATTRS{idProduct}=="42b3", TAG+="uaccess", GROUP="plugdev", MODE="0660"
+# Nitrokey FIDO U2F, Nitrokey FIDO2, Safetech SafeKey
+KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="20a0", ATTRS{idProduct}=="4287|42b1|42b3", TAG+="uaccess", GROUP="plugdev", MODE="0660"
 
 # Google Titan U2F
 KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="18d1", ATTRS{idProduct}=="5026", TAG+="uaccess", GROUP="plugdev", MODE="0660"
@@ -72,4 +69,7 @@ KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="311f", ATTRS{idProduct
 # OnlyKey (FIDO2 / U2F)
 KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1d50", ATTRS{idProduct}=="60fc", TAG+="uaccess", GROUP="plugdev", MODE="0660"
 
+# GoTrust Idem Key
+KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1fc9", ATTRS{idProduct}=="f143", TAG+="uaccess", GROUP="plugdev", MODE="0660"
+
 LABEL="u2f_end"