Fix FIDO-related issues.

[lihuanhuan]

Summary by CodeRabbit

• New Features
  • Enhanced user interface for account and credential management, including scrollable long names, visual cues, and updated confirmation dialogs.
  • Improved on-screen text handling to support extended application and user names.
  • Optimized menu refresh and Bluetooth/firmware version validation for a more responsive and compatible experience.
• Bug Fixes
  • Refined handling of aborted authentication processes for smoother device interactions.

[coderabbitai]

Walkthrough

The changes update various firmware modules. In Bluetooth handling (legacy/ble.c), version string storage and hardware version flag conditions are improved. FIDO2 functions (ctap.c) now compute sign counts in big-endian format and support scrolling for long account names with updated UI feedback. An external flag for FIDO abort events is introduced in CTAP transport and protection modules. Layout functions add a truncation routine and expand buffer sizes. Menu modules now trigger automatic refresh and adjust resident credential logic. Trezor firmware now uses robust version comparisons for BLE operations.

Changes

File(s)	Change Summary
legacy/ble.c	Increased ble_ver array size from 6 to 16 bytes. Modified dynamic check for incoming version string length. Adjusted hardware version flag setting to specific HW version values.
legacy/firmware/fido2/ctap.c legacy/firmware/fido2/ctap_trans.c	Updated sign count calculation to big-endian format. Enhanced credential creation and assertion functions to support scrolling for long account names with visual indicators and extended key confirmation wait time. Added an external flag protectAbortedByFIDO.
legacy/firmware/layout2.c legacy/firmware/layout2.h	Added new function get_truncate_position to calculate string truncation based on OLED width. Increased buffer sizes for app_name_buf and user_name_buf from 32 to 64 bytes.
legacy/firmware/menu_core.c legacy/firmware/menu_list.c	Set menu refresh flag (refresh_menu) during initialization. Revised resident credential display logic with a new static flag resident_credential_refresh and updated credential count management.
legacy/firmware/protect.c	Introduced new boolean variable protectAbortedByFIDO and added a condition in protectWaitKey to break the waiting loop when the flag is set and the current layout is layoutHome.
legacy/firmware/trezor.c	Replaced memcmp with compare_str_version for BLE firmware version checks. Introduced local ble_ver in main and conditionally invoked ble_get_hw_version when ble_ver is ≥ "1.5.3".

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant CTAP
    participant Display
    participant Button

    User->>CTAP: Initiate credential/authentication request
    CTAP->>CTAP: Convert sign count to big-endian
    CTAP->>CTAP: Check account name length
    alt Name exceeds display limit
        CTAP->>Display: Show scroll indicators
        User->>Button: Press scroll button
        Button->>CTAP: Signal scroll event
        CTAP->>Display: Update account name display
    end
    CTAP->>User: Return result with updated UI feedback

Loading

sequenceDiagram
    participant Main
    participant BLE_Module
    participant Comparator

    Main->>BLE_Module: Call ble_get_version()
    BLE_Module-->>Main: Return ble_ver
    Main->>Comparator: compare_str_version(ble_ver, "1.5.3")
    alt ble_ver >= "1.5.3"
        Main->>BLE_Module: Call ble_get_hw_version()
        BLE_Module-->>Main: Return hardware version status
    else
        Main->>Main: Skip hardware version query
    end
    Main->>Main: Proceed with firmware initialization

Loading

✨ Finishing Touches

• 📝 Generate Docstrings

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary or Summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 3

🔭 Outside diff range comments (2)

legacy/firmware/fido2/ctap.c (2)

1018-1071: 🧹 Nitpick (assertive)

Avoid repetitive layout updates with goto.

The new scrolling logic is neat, but it uses goto and repeated layoutDialogAdapterEx. Consider refactoring this into a reusable function without goto. It will make the code simpler.

---

1854-1920: 🧹 Nitpick (assertive)

Reduce duplication in scrolling logic.

You have nearly the same scrolling code as in the other function. Consider extracting a helper method. This will keep your code DRY and more maintainable.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: ASSERTIVE
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between a45c387 and 2b3dce1.

📒 Files selected for processing (9)

• legacy/ble.c (3 hunks)
• legacy/firmware/fido2/ctap.c (6 hunks)
• legacy/firmware/fido2/ctap_trans.c (3 hunks)
• legacy/firmware/layout2.c (2 hunks)
• legacy/firmware/layout2.h (1 hunks)
• legacy/firmware/menu_core.c (1 hunks)
• legacy/firmware/menu_list.c (4 hunks)
• legacy/firmware/protect.c (2 hunks)
• legacy/firmware/trezor.c (2 hunks)

🧰 Additional context used

🪛 Cppcheck (2.10-2)

legacy/firmware/layout2.c

[style] 196-196: The function 'get_truncate_position' is never used.

(unusedFunction)

⏰ Context from checks skipped due to timeout of 90000ms (3)

• GitHub Check: Style check
• GitHub Check: Gen check
• GitHub Check: Defs check

🔇 Additional comments (17)

legacy/firmware/menu_core.c (1)

17-17: Proper menu initialization ensures immediate refresh.

The added line guarantees that the menu display updates right after initialization.

legacy/firmware/layout2.h (1)

41-41: New string truncation function supports FIDO UI improvements.

This function helps handle long account names in the FIDO interface by determining where to truncate text based on display constraints.

legacy/firmware/protect.c (2)

54-54: New flag for FIDO abort events added.

This flag allows FIDO operations to signal when they need to abort wait processes.

---

815-818: Added FIDO abort handler to key wait function.

This new condition allows the device to exit wait states when FIDO operations need attention, improving responsiveness when using FIDO/U2F features.

legacy/firmware/fido2/ctap_trans.c (3)

103-103: External reference to FIDO abort flag.

This connects the FIDO transport module with the protection module for coordinated abort handling.

---

292-292: Set FIDO abort flag when USB command processing starts.

Triggers interrupt of key wait process when USB FIDO/U2F operations begin.

---

1713-1713: Set FIDO abort flag when BLE command processing starts.

Triggers interrupt of key wait process when Bluetooth FIDO/U2F operations begin.

legacy/ble.c (2)

22-22: Buffer size increased for BLE version string.

Expanded array size from 6 to 16 bytes allows longer version strings.

---

345-348: Improved hardware version validation.

Now only sets get_ble_hw_ver to true when hardware version matches specific valid values, instead of accepting any 2-byte command length. This adds proper validation rather than just size checking.

legacy/firmware/menu_list.c (3)

22-22: New flag controls credential list refresh behavior.

Added static flag that optimizes when the resident credential list gets refreshed.

---

350-350: Forward declaration added for FIDO2 credential function.

Function declaration allows the function to be called before its definition.

---

413-417: Improved handling when last FIDO credential is removed.

Previous approach used go_prev = true to exit menu, now properly resets count and rebuilds menu structure. Commented code shows the old approach for reference.

Cleaner implementation that:

1. Resets credential count to zero
2. Disables immediate refresh
3. Reinitializes the menu system

legacy/firmware/layout2.c (2)

5674-5675: Good improvement to buffer sizes.

Increasing buffer sizes from 32 to 64 bytes prevents potential buffer overflows when handling longer application and user names in FIDO2 credentials.

---

196-209:

✅ Verification successful

This function is declared but never used.

The get_truncate_position function calculates where to truncate strings to fit the screen width, but static analysis shows it's never called anywhere in the codebase.

---

🏁 Script executed:

#!/bin/bash
# Look for calls to get_truncate_position in the codebase
rg "get_truncate_position\(" --type c

Length of output: 412

---

Usage Confirmed: get_truncate_position Is Actively Utilized

The function now clearly appears in legacy/firmware/fido2/ctap.c with calls such as:

• get_truncate_position(account_name + current_position, &is_end);

Its logic to compute the truncation point is sound and correctly applied, and the increased buffer sizes further enhance security and functionality.

🧰 Tools

🪛 Cppcheck (2.10-2)

[style] 196-196: The function 'get_truncate_position' is never used.

(unusedFunction)

legacy/firmware/trezor.c (1)

199-199: Use a safe version check.

This switch to compare_str_version is good. Ensure the function handles unexpected inputs (like a shorter or missing version string) gracefully.

legacy/firmware/fido2/ctap.c (2)

679-681: Verify endianness correctness.

This logic for storing counter in big-endian form looks right. Confirm it aligns with the FIDO spec for signCount encoding, and consider using a helper function to keep the code concise.

---

1786-1789: Double-check sign count.

This code again sets signCount to big-endian. Keep it consistent with the earlier usage. Confirm no further offset or alignment is required for the final buffer.