On a side note. Implementing TOTP is probably the most established and has the most freely licensed implementations available. In my experience implementing it for stuff like SSH, it was pretty trivial. Epic’s milage may very.
http://www.nongnu.org/oath-toolkit/
Now, U2F is another story. No idea what that would take.
https://www.duosecurity.com is another resource for this stuff.