support fido2 #121

lihuanhuan · 2025-01-13T06:58:05Z

Summary by CodeRabbit

Release Notes v3.11.0

New Features
- Added FIDO2 resident credential management
- Introduced WebAuthn support for security key operations
- Enhanced credential storage and authentication capabilities
- Added new functions for loop callback management
- Implemented a new method for sending FIDO data over I2C
Improvements
- Updated internationalization support for multiple languages
- Improved USB and I2C communication protocols
- Added new menu and layout functions for FIDO2 interactions
- Enhanced error handling and data processing logic for USB operations
Bug Fixes
- Refined error handling for credential management
- Updated timing and callback mechanisms
Chores
- Integrated TinyCBOR library
- Updated version to 3.11.0

coderabbitai · 2025-01-13T06:58:16Z

Warning

There were issues while running some tools. Please review the errors and either fix the tool’s configuration or disable the tool if it’s a critical failure.

🔧 buf (1.47.2)

common/protob/messages-webauthn.proto

Config file YAML parsing error: yaml: unmarshal errors:
line 1: cannot unmarshal !!str lint:{u... into bufconfig.externalFileVersion. Please check your buf configuration file for YAML syntax errors.

legacy/firmware/protob/messages-webauthn.proto

Config file YAML parsing error: yaml: unmarshal errors:
line 1: cannot unmarshal !!str lint:{u... into bufconfig.externalFileVersion. Please check your buf configuration file for YAML syntax errors.

Walkthrough

This pull request adds extensive support for FIDO2 (WebAuthn) functionality in the firmware. Key changes include the addition of the TinyCBOR library, implementation of resident credential management, and enhancements to USB and I2C communication. The updates also improve internationalization support in multiple languages. These modifications significantly expand the device's authentication capabilities, introducing new protocols for credential storage, retrieval, and management.

Changes

File Category	Changes
Protocol Buffers	- Added WebAuthn message definitions - Introduced new fields for resident credentials
Firmware Core	- Implemented FIDO2 credential management functions - Added CTAP (Client to Authenticator Protocol) parsing - Enhanced USB and I2C communication
Localization	- Added WebAuthn-related strings in multiple languages (English, Spanish, Japanese, etc.)
Build System	- Updated Makefiles to include TinyCBOR library - Modified build configurations for FIDO2 support

Sequence Diagram

sequenceDiagram
    participant User
    participant Device
    participant WebAuthn Server
    
    User->>Device: Initiate WebAuthn Registration
    Device->>WebAuthn Server: Create Credential Request
    WebAuthn Server-->>Device: Credential Challenge
    Device->>User: Request Confirmation
    User->>Device: Confirm Registration
    Device->>WebAuthn Server: Send Credential
    WebAuthn Server-->>Device: Store Credential
    Device->>User: Registration Complete

Finishing Touches

📝 Generate Docstrings (Beta)

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

Review comments: Directly reply to a review comment made by CodeRabbit. Example:
- I pushed a fix in commit <commit_id>, please review it.
- Generate unit testing code for this file.
- Open a follow-up GitHub issue for this discussion.
Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
- @coderabbitai generate unit testing code for this file.
- @coderabbitai modularize this function.
PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
- @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
- @coderabbitai read src/utils.ts and generate unit testing code.
- @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
- @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

@coderabbitai pause to pause the reviews on a PR.
@coderabbitai resume to resume the paused reviews.
@coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
@coderabbitai full review to do a full review from scratch and review all the files again.
@coderabbitai summary to regenerate the summary of the PR.
@coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
@coderabbitai resolve resolve all the CodeRabbit review comments.
@coderabbitai configuration to show the current CodeRabbit configuration for the repository.
@coderabbitai help to get help.

Other keywords and placeholders

Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
Add @coderabbitai summary or Summary to generate the high-level summary at a specific location in the PR description.
Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (`.coderabbit.yaml`)

You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
Please see the configuration documentation for more information.
If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

Visit our Documentation for detailed information on how to use CodeRabbit.
Join our Discord Community to get help, request features, and share feedback.
Follow us on X/Twitter for updates and announcements.

coderabbitai

Actionable comments posted: 48

📜 Review details

Configuration used: CodeRabbit UI
Review profile: ASSERTIVE
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 2519c34 and 18a8598.

⛔ Files ignored due to path filters (1)

legacy/firmware/fido2/trezordevkey.pem is excluded by !**/*.pem

📒 Files selected for processing (60)

.gitmodules (1 hunks)
common/protob/messages-webauthn.proto (2 hunks)
core/src/trezor/messages.py (2 hunks)
legacy/Makefile.include (1 hunks)
legacy/firmware/Makefile (4 hunks)
legacy/firmware/chinese.c (1 hunks)
legacy/firmware/chinese.h (1 hunks)
legacy/firmware/fido2/cose_key.h (1 hunks)
legacy/firmware/fido2/ctap.c (1 hunks)
legacy/firmware/fido2/ctap.h (1 hunks)
legacy/firmware/fido2/ctap_errors.h (1 hunks)
legacy/firmware/fido2/ctap_parse.c (1 hunks)
legacy/firmware/fido2/ctap_parse.h (1 hunks)
legacy/firmware/fido2/ctap_trans.c (27 hunks)
legacy/firmware/fido2/ctap_trans.h (3 hunks)
legacy/firmware/fido2/resident_credential.c (1 hunks)
legacy/firmware/fido2/resident_credential.h (1 hunks)
legacy/firmware/fido2/u2f_hid.h (2 hunks)
legacy/firmware/fido2/u2f_knownapps.h.mako (1 hunks)
legacy/firmware/filecoin/cbor.h (0 hunks)
legacy/firmware/filecoin/cborinternal_p.h (0 hunks)
legacy/firmware/filecoin/cborparser.c (0 hunks)
legacy/firmware/filecoin/cborvalidation.c (0 hunks)
legacy/firmware/filecoin/compilersupport_p.h (0 hunks)
legacy/firmware/filecoin/tinycbor-version.h (0 hunks)
legacy/firmware/filecoin/utf8_p.h (0 hunks)
legacy/firmware/fsm.c (1 hunks)
legacy/firmware/fsm.h (2 hunks)
legacy/firmware/fsm_msg_webauthn.h (1 hunks)
legacy/firmware/i18n/keys.h (2 hunks)
legacy/firmware/i18n/locales/en.inc (2 hunks)
legacy/firmware/i18n/locales/es.inc (1 hunks)
legacy/firmware/i18n/locales/ja.inc (1 hunks)
legacy/firmware/i18n/locales/pt_br.inc (1 hunks)
legacy/firmware/i18n/locales/zh_cn.inc (1 hunks)
legacy/firmware/i18n/locales/zh_tw.inc (1 hunks)
legacy/firmware/layout2.c (23 hunks)
legacy/firmware/layout2.h (1 hunks)
legacy/firmware/menu_core.c (5 hunks)
legacy/firmware/menu_core.h (1 hunks)
legacy/firmware/menu_list.c (19 hunks)
legacy/firmware/protect.c (4 hunks)
legacy/firmware/protob/Makefile (2 hunks)
legacy/firmware/protob/messages-webauthn.options (1 hunks)
legacy/firmware/protob/messages-webauthn.proto (1 hunks)
legacy/firmware/se_chip.c (3 hunks)
legacy/firmware/se_chip.h (2 hunks)
legacy/firmware/usb.c (4 hunks)
legacy/firmware/usb.h (1 hunks)
legacy/firmware/version.h (1 hunks)
legacy/script/cibuild (1 hunks)
legacy/si2c.c (2 hunks)
legacy/si2c.h (1 hunks)
legacy/timer.c (2 hunks)
legacy/timer.h (1 hunks)
legacy/util.c (1 hunks)
legacy/util.h (1 hunks)
legacy/vendor/tiny_cbor (1 hunks)
python/src/trezorlib/messages.py (2 hunks)
vendor/tiny_cbor (1 hunks)

💤 Files with no reviewable changes (7)

legacy/firmware/filecoin/cborinternal_p.h
legacy/firmware/filecoin/cborvalidation.c
legacy/firmware/filecoin/cbor.h
legacy/firmware/filecoin/compilersupport_p.h
legacy/firmware/filecoin/cborparser.c
legacy/firmware/filecoin/tinycbor-version.h
legacy/firmware/filecoin/utf8_p.h

👮 Files not reviewed due to content moderation or server errors (4)

legacy/firmware/fsm.c
legacy/firmware/i18n/keys.h
legacy/firmware/protect.c
legacy/firmware/layout2.c

🧰 Additional context used

🪛 cppcheck (2.10-2)

legacy/firmware/chinese.c

[style] 121-121: The function 'oledCharWidthEx' is never used.

(unusedFunction)

legacy/util.c

[style] 148-148: The function 'compare_str_version' is never used.

(unusedFunction)

legacy/si2c.c

[style] 301-301: The function 'i2c_slave_send_fido' is never used.

(unusedFunction)

legacy/firmware/menu_core.c

[style] 12-12: The function 'menu_refresh' is never used.

(unusedFunction)

legacy/firmware/usb.c

[style] 567-567: The function 'usb_u2f_data_send' is never used.

(unusedFunction)

legacy/timer.c

[style] 154-154: The function 'register_loop_callback' is never used.

(unusedFunction)

[style] 162-162: The function 'unregister_loop_callback' is never used.

(unusedFunction)

[style] 168-168: The function 'loop_callback_handler' is never used.

(unusedFunction)

legacy/firmware/fido2/resident_credential.c

[style] 8-8: The function 'resident_credential_get_count' is never used.

(unusedFunction)

[style] 10-10: The function 'resident_credential_find_by_rp_id_hash' is never used.

(unusedFunction)

[style] 45-45: The function 'resident_credential_store' is never used.

(unusedFunction)

[style] 104-104: The function 'resident_credential_info' is never used.

(unusedFunction)

[style] 127-127: The function 'resident_credential_get_desc' is never used.

(unusedFunction)

[style] 149-149: The function 'resident_credential_delete' is never used.

(unusedFunction)

legacy/firmware/layout2.c

[style] 5777-5777: The function 'layout_fido2_resident_credential' is never used.

(unusedFunction)

legacy/firmware/se_chip.c

[style] 1658-1658: The function 'se_slip21_fido_node' is never used.

(unusedFunction)

[style] 1667-1667: The function 'se_derive_fido_keys' is never used.

(unusedFunction)

[style] 1696-1696: The function 'se_fido_hdnode_sign_digest' is never used.

(unusedFunction)

[style] 1710-1710: The function 'se_fido_att_sign_digest' is never used.

(unusedFunction)

[style] 1777-1777: The function 'se_get_fido2_resident_credentials' is never used.

(unusedFunction)

[style] 1801-1801: The function 'se_set_fido2_resident_credentials' is never used.

(unusedFunction)

[style] 1813-1813: The function 'se_delete_fido2_resident_credentials' is never used.

(unusedFunction)

[style] 1819-1819: The function 'se_delete_all_fido2_credentials' is never used.

(unusedFunction)

[style] 1826-1826: The function 'se_check_fido2_resident_credential_simple' is never used.

(unusedFunction)

legacy/firmware/fido2/ctap_parse.c

[style] 28-28: The function 'cbor_value_get_type_string' is never used.

(unusedFunction)

[style] 624-624: The function 'ctap_parse_make_credential' is never used.

(unusedFunction)

[style] 947-947: The function 'ctap_parse_cred_mgmt' is never used.

(unusedFunction)

[style] 1025-1025: The function 'ctap_parse_get_assertion' is never used.

(unusedFunction)

[style] 1238-1238: The function 'ctap_parse_client_pin' is never used.

(unusedFunction)

[style] 1368-1368: The function 'ctap_parse_credential_id' is never used.

(unusedFunction)

legacy/firmware/fido2/ctap_trans.c

[style] 171-171: The function 'dialog_get_timer_start' is never used.

(unusedFunction)

[style] 180-180: The function 'u2fhid_read' is never used.

(unusedFunction)

[style] 1301-1301: The function 'set_ble_fido_data' is never used.

(unusedFunction)

[style] 1306-1306: The function 'set_ble_fido_data_len' is never used.

(unusedFunction)

[style] 1308-1308: The function 'get_ble_fido_data_ptr' is never used.

(unusedFunction)

[style] 1310-1310: The function 'check_ble_timeout' is never used.

(unusedFunction)

[style] 1633-1633: The function 'ctap_ble_u2f_error' is never used.

(unusedFunction)

[style] 1690-1690: The function 'ctap_ble_cmd' is never used.

(unusedFunction)

legacy/firmware/fido2/ctap.c

[style] 124-124: The function 'ctap_get_info' is never used.

(unusedFunction)

[style] 959-959: The function 'ctap_make_credential' is never used.

(unusedFunction)

[style] 1752-1752: The function 'ctap_get_assertion' is never used.

(unusedFunction)

[style] 1996-1996: The function 'ctap_client_pin' is never used.

(unusedFunction)

🪛 Ruff (0.8.2)

python/src/trezorlib/messages.py

10662-10665: Mutable class attributes should be annotated with typing.ClassVar

(RUF012)

10718-10718: Remove quotes from type annotation

Remove quotes

(UP037)

10719-10719: Remove quotes from type annotation

Remove quotes

(UP037)

⏰ Context from checks skipped due to timeout of 90000ms (3)

GitHub Check: Gen check
GitHub Check: Defs check
GitHub Check: Style check

🔇 Additional comments (62)

legacy/firmware/fsm_msg_webauthn.h (1)

88-93: Validate credential data correctly

The check ctap_authenticate_credential_data(cred_id_storage.rp_id_hash, &desc) == 0 treats a return value of zero as failure. Confirm that this function returns zero on success and adjust the condition accordingly to prevent logic errors.

legacy/firmware/fido2/ctap.h (1)

494-495: Validate function return types

The function ctap_authenticate_credential_data returns an int. Ensure that the return values are consistent with the expected success or error codes and handle them appropriately throughout the code.

legacy/firmware/usb.c (2)

34-34: Include the correct header file

The inclusion of "fido2/ctap_trans.h" replaces the previous U2F header. Confirm that all necessary functions and definitions are migrated correctly to support FIDO2.

567-579: Confirm necessity of the unused function

Static analysis indicates that usb_u2f_data_send is unused. If it's intended for future use, add a comment explaining its purpose. Otherwise, remove it to prevent confusion.

🧰 Tools

🪛 cppcheck (2.10-2)

[style] 567-567: The function 'usb_u2f_data_send' is never used.

(unusedFunction)
legacy/firmware/fido2/ctap_parse.c (2)

137-138: Handle CborErrorOutOfMemory correctly

Ignoring CborErrorOutOfMemory might lead to incomplete data parsing. Ensure that the error is handled appropriately.

Please verify if it's acceptable to ignore CborErrorOutOfMemory in this context. If not, consider handling the error to ensure data integrity.

371-378: 🧹 Nitpick (assertive)

Ensure key buffer is null-terminated

After copying the key, confirm it's properly null-terminated to prevent buffer overflows or unexpected behavior.

Add null termination to the key buffer:
 key[sizeof(key) - 1] = 0;
+key[sz < sizeof(key) ? sz : sizeof(key) - 1] = '\0';
Likely invalid or redundant comment.
legacy/firmware/fido2/ctap_trans.c (1)

1500-1506: ⚠️ Potential issue

Check for NULL in validateKeyHandle

Ensure that validateKeyHandle doesn't return NULL before using its result to avoid null pointer dereferences.

Add a check for NULL before proceeding:
 const HDNode *node = validateKeyHandle(req->appId, req->keyHandle);
+if (!node) {
+    send_u2f_error(U2F_SW_WRONG_DATA);
+    return;
+}
Likely invalid or redundant comment.
legacy/firmware/se_chip.c (9)

1658-1665: Confirm the necessity of se_slip21_fido_node

The function se_slip21_fido_node is defined but not used in the provided codebase. Please verify if this function is required. If not, consider removing it to keep the code clean.

🧰 Tools

🪛 cppcheck (2.10-2)

[style] 1658-1658: The function 'se_slip21_fido_node' is never used.

(unusedFunction)

1667-1694: Confirm the necessity of se_derive_fido_keys

The function se_derive_fido_keys is defined but not used in the provided codebase. Please verify if this function is required. If not, consider removing it to keep the code clean.

🧰 Tools

🪛 cppcheck (2.10-2)

[style] 1667-1667: The function 'se_derive_fido_keys' is never used.

(unusedFunction)

1696-1708: Confirm the necessity of se_fido_hdnode_sign_digest

The function se_fido_hdnode_sign_digest is defined but not used in the provided codebase. Please verify if this function is required. If not, consider removing it to keep the code clean.

🧰 Tools

🪛 cppcheck (2.10-2)

[style] 1696-1696: The function 'se_fido_hdnode_sign_digest' is never used.

(unusedFunction)

1710-1722: Confirm the necessity of se_fido_att_sign_digest

The function se_fido_att_sign_digest is defined but not used in the provided codebase. Please verify if this function is required. If not, consider removing it to keep the code clean.

🧰 Tools

🪛 cppcheck (2.10-2)

[style] 1710-1710: The function 'se_fido_att_sign_digest' is never used.

(unusedFunction)

1777-1799: Confirm the necessity of se_get_fido2_resident_credentials

The function se_get_fido2_resident_credentials is defined but not used in the provided codebase. Please verify if this function is required. If not, consider removing it to keep the code clean.

🧰 Tools

🪛 cppcheck (2.10-2)

[style] 1777-1777: The function 'se_get_fido2_resident_credentials' is never used.

(unusedFunction)

1801-1811: Confirm the necessity of se_set_fido2_resident_credentials

The function se_set_fido2_resident_credentials is defined but not used in the provided codebase. Please verify if this function is required. If not, consider removing it to keep the code clean.

🧰 Tools

🪛 cppcheck (2.10-2)

[style] 1801-1801: The function 'se_set_fido2_resident_credentials' is never used.

(unusedFunction)

1813-1818: Confirm the necessity of se_delete_fido2_resident_credentials

The function se_delete_fido2_resident_credentials is defined but not used in the provided codebase. Please verify if this function is required. If not, consider removing it to keep the code clean.

🧰 Tools

🪛 cppcheck (2.10-2)

[style] 1813-1813: The function 'se_delete_fido2_resident_credentials' is never used.

(unusedFunction)

1819-1824: Confirm the necessity of se_delete_all_fido2_credentials

The function se_delete_all_fido2_credentials is defined but not used in the provided codebase. Please verify if this function is required. If not, consider removing it to keep the code clean.

🧰 Tools

🪛 cppcheck (2.10-2)

[style] 1819-1819: The function 'se_delete_all_fido2_credentials' is never used.

(unusedFunction)

1826-1838: Confirm the necessity of se_check_fido2_resident_credential_simple

The function se_check_fido2_resident_credential_simple is defined but not used in the provided codebase. Please verify if this function is required. If not, consider removing it to keep the code clean.

🧰 Tools

🪛 cppcheck (2.10-2)

[style] 1826-1826: The function 'se_check_fido2_resident_credential_simple' is never used.

(unusedFunction)

legacy/firmware/fido2/ctap.c (2)

1277-1328: Check for integer underflow in signature encoding

In ctap_encode_der_sig, the calculations for lead_r and lead_s might result in negative values if all bytes are zero. Ensure that the variables lead_r and lead_s are properly checked to prevent integer underflow.

1777-1781: Handle empty allow list correctly

When the allow list is empty in ctap_get_assertion, the code sets is_resident_credential to true. Ensure that this behavior complies with the specification and that resident credentials are handled appropriately.

legacy/firmware/version.h (1)

10-14: Version update looks good

The version numbers are correctly updated to reflect the new minor version. The hexadecimal representation matches the version string.
legacy/firmware/protob/messages-webauthn.options (2)

7-9: 🧹 Nitpick (assertive)

Review credential count limitation

The max_count:1 limit on credentials seems overly restrictive. Most FIDO2 authenticators support multiple resident credentials.

Consider increasing the limit based on available storage and typical usage patterns.

1-6: Verify field size limits against WebAuthn spec

The size limits for credential fields need verification:

id (512 bytes): Matches common WebAuthn implementations

rp_id (256 bytes): Reasonable for domain names

Other fields (64 bytes): May be too restrictive for some use cases

✅ Verification successful

Field size limits are correctly implemented

The size limits align with FIDO2/WebAuthn specifications and are properly enforced throughout the codebase.
🏁 Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Search for WebAuthn field size definitions in codebase
rg -i "webauthn.*size|credential.*size" --type c --type h
Length of output: 3479
legacy/firmware/chinese.h (1)

7-7: ⚠️ Potential issue

Verify UTF-8 migration impact

Changing HZ_CODE_LEN from 2 (GBK) to 3 (UTF-8) affects:

Memory allocation

String parsing

Display rendering

Ensure all character processing code is updated for UTF-8.

legacy/si2c.h (1)

38-38: ⚠️ Potential issue

Review I2C buffer security

The new FIDO I2C send function needs:

Buffer overflow protection

Data validation

Error handling

Ensure data_len cannot exceed SI2C_BUF_MAX_OUT_LEN - PREFIX_SIZE.

legacy/firmware/fido2/resident_credential.h (2)

9-15: 🧹 Nitpick (assertive)

Document security implications of credential limits

Add comments explaining:

Why 60 is chosen as MAX_RESIDENT_CREDENTIALS

Security implications of these limits

How overflow is prevented

17-25: ⚠️ Potential issue

Review packed structure security

The packed credential storage structure needs attention:

Document alignment requirements

Verify buffer sizes prevent overflow

Explain the flash page size constraint

Consider adding runtime checks for credential_id size.

legacy/timer.h (1)

57-60: 🧹 Nitpick (assertive)

Document callback safety requirements

Add documentation explaining:

Maximum allowed intervals

Callback execution context

Error handling for invalid parameters

Resource cleanup guarantees

legacy/firmware/usb.h (1)

59-60: ⚠️ Potential issue

Document USB security considerations

Add documentation for usb_u2f_data_send:

Error handling

Buffer overflow prevention

USB protocol security

Timing attack mitigations

Run this verification:
legacy/firmware/fido2/ctap_parse.h (1)

26-26: Verify buffer overflow protection in parse_fixed_byte_string.

The function accepts a destination buffer and length. Ensure proper bounds checking exists in the implementation.

✅ Verification successful

Buffer overflow protection verified in parse_fixed_byte_string

The function implements proper bounds checking by verifying the input length matches the expected length and includes type validation.
🏁 Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Search for parse_fixed_byte_string implementation
ast-grep --pattern 'parse_fixed_byte_string($dst, $len) {
  $$$
}'
Length of output: 68

Script:
#!/bin/bash
# Find the implementation file
rg -l "parse_fixed_byte_string"

# Then get the implementation with context
rg -U "parse_fixed_byte_string.*\{" -A 30
Length of output: 145

Script:
#!/bin/bash
# Get the implementation
cat legacy/firmware/fido2/ctap_parse.c
Length of output: 42369
legacy/timer.c (1)

154-175: Address unused functions warning.

Static analysis indicates these functions are unused:

register_loop_callback

unregister_loop_callback

loop_callback_handler

Either implement the usage or document why they're needed for future use.

🧰 Tools

🪛 cppcheck (2.10-2)

[style] 154-154: The function 'register_loop_callback' is never used.

(unusedFunction)

[style] 162-162: The function 'unregister_loop_callback' is never used.

(unusedFunction)

[style] 168-168: The function 'loop_callback_handler' is never used.

(unusedFunction)
legacy/firmware/menu_core.c (3)

Line range hint 37-84: Excellent refactoring of menu display logic!

The changes improve maintainability by:

Using a single 2D array instead of multiple variables

Adding proper bounds checking

Maintaining internationalization support

Line range hint 134-163: Good implementation of menu refresh logic!

The refresh timing and state management are handled correctly.

10-12: Clean implementation of menu refresh control!

The refresh mechanism is simple and effective.

Let's verify the usage of menu_refresh:

✅ Verification successful

menu_refresh() is actively used in the codebase

The function is properly declared in the header and called from menu_list.c.
🏁 Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Search for menu_refresh usage across the codebase
rg "menu_refresh"
Length of output: 199
🧰 Tools

🪛 cppcheck (2.10-2)

[style] 12-12: The function 'menu_refresh' is never used.

(unusedFunction)
legacy/firmware/fido2/u2f_hid.h (1)

130-136: Well-structured FIDO2 protocol constants!

The new constants follow the existing pattern and maintain proper command spacing.

legacy/firmware/fido2/resident_credential.c (3)

8-8: Verify if hardcoded return value is intentional.

The function always returns 0, which might prevent credential management from working correctly.

🧰 Tools

🪛 cppcheck (2.10-2)

[style] 8-8: The function 'resident_credential_get_count' is never used.

(unusedFunction)

103-125: Same UI callback issue as noted above.

The UI callback needs null checking here too.

🧰 Tools

🪛 cppcheck (2.10-2)

[style] 104-104: The function 'resident_credential_info' is never used.

(unusedFunction)

127-147: Clean implementation of credential description retrieval!

The function handles errors properly and has clear success/failure paths.

🧰 Tools

🪛 cppcheck (2.10-2)

[style] 127-127: The function 'resident_credential_get_desc' is never used.

(unusedFunction)

legacy/firmware/i18n/locales/zh_cn.inc (1)

350-368: LGTM! Translations are accurate and consistent

The Simplified Chinese translations correctly reflect the FIDO2 terminology and maintain consistent style with the rest of the UI.

legacy/firmware/i18n/locales/ja.inc (1)

350-368: LGTM! Japanese translations are well-formatted

The Japanese translations accurately convey the FIDO2 concepts while maintaining natural language flow and proper terminology.
legacy/firmware/se_chip.h (2)

22-25: Well-defined status codes.

The FIDO2 slot data status codes are clear and follow a logical sequence.

161-167: Validate index parameter.

The credential management functions use an index parameter. Ensure proper bounds checking in the implementation to prevent buffer overflows.

✅ Verification successful

Index validation is properly implemented.

All credential management functions check the index against FIDO2_RESIDENT_CREDENTIALS_COUNT (60). The implementation includes additional safeguards for buffer sizes and data integrity.
🏁 Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Search for index validation in implementation
rg -A 3 "se_.*_fido2_resident_credentials.*\(" | grep -E "if.*index"
Length of output: 347

Script:
#!/bin/bash
# Check constant definition and all credential function implementations
echo "=== Constant definition ==="
rg "FIDO2_RESIDENT_CREDENTIALS_COUNT"

echo -e "\n=== Credential function implementations ==="
ast-grep --pattern 'int se_get_fido2_resident_credentials($$$) { $$$ }'
ast-grep --pattern 'int se_check_fido2_resident_credential_simple($$$) { $$$ }'
ast-grep --pattern 'secbool se_set_fido2_resident_credentials($$$) { $$$ }'
ast-grep --pattern 'secbool se_delete_fido2_resident_credentials($$$) { $$$ }'
Length of output: 6319
legacy/si2c.c (1)

126-128: Correct I2C address handling.

The code properly clears the address flag after detection.

legacy/firmware/chinese.c (1)

121-125: Clean and efficient implementation.

The function provides a useful helper for single character width calculation.

🧰 Tools

🪛 cppcheck (2.10-2)

[style] 121-121: The function 'oledCharWidthEx' is never used.

(unusedFunction)

legacy/firmware/i18n/locales/pt_br.inc (1)

350-368: Well-structured FIDO2 translations!

The Portuguese translations are clear, consistent, and follow proper localization patterns. The messages effectively guide users through FIDO2 operations.

legacy/firmware/i18n/locales/es.inc (1)

350-368: Clear and consistent FIDO2 translations!

The Spanish translations maintain proper terminology and provide clear user guidance for FIDO2 operations.

legacy/firmware/fsm.h (1)

342-349: Well-defined WebAuthn function declarations!

The new functions follow consistent naming patterns and properly handle FIDO2 resident credential operations.

legacy/firmware/layout2.h (1)

321-323: Clean layout function declaration!

The new FIDO2 credential layout function has clear parameters and follows the existing code style.

core/src/trezor/messages.py (2)

8644-8646: LGTM! New fields added to WebAuthnListResidentCredentials

The new fields index and request_list_index are properly typed and follow Python conventions.

8689-8689: LGTM! New field added to WebAuthnCredentials

The new field id_map is properly typed as a list of bytes.
vendor/tiny_cbor (1)

1-1: Verify TinyCBOR version security and integration

Good choice using a fixed commit. Let's verify it's secure and properly integrated.

✅ Verification successful

TinyCBOR integration looks solid

The submodule is properly integrated:

Build system includes all required components

Headers and source files are correctly linked

Full CBOR functionality available (encoding, parsing, validation)
🏁 Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Check if this commit is tagged in the original repo
git ls-remote --tags https://github.com/intel/tinycbor.git | grep 878eb01b96c573e353b217439c0f418f69c2ca04

# Verify Makefile integration
rg -l "tiny_cbor" | grep -i makefile

# Look for FIDO2 CBOR usage patterns
rg -l "cbor.*encode|cbor.*decode" | grep -v "vendor/tiny_cbor"
Length of output: 672

Script:
#!/bin/bash
# Check Makefile integration details
cat legacy/Makefile.include | grep -A 5 -B 5 tiny_cbor
cat legacy/firmware/Makefile | grep -A 5 -B 5 tiny_cbor

# Look for FIDO2 CBOR version requirements or compatibility notes
rg -i "cbor.*version|cbor.*require" legacy/firmware/fido2/
Length of output: 1202
legacy/vendor/tiny_cbor (2)

1-1: Verify the symbolic link integrity

The relative path ../../vendor/tiny_cbor/ might break if directory structures change. Consider using absolute paths from the project root.

Let's verify the symbolic link setup:

✅ Verification successful

Symlink implementation is correct

The symbolic link setup for TinyCBOR is properly implemented and follows the project's conventions for vendor dependencies. The relative path structure is appropriate for the repository layout.
🏁 Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Description: Verify symbolic link integrity and TinyCBOR submodule status

# Check if the symbolic link is valid
readlink -f legacy/vendor/tiny_cbor

# Verify submodule initialization
git submodule status vendor/tiny_cbor

# Check for any broken symbolic links in the project
find . -type l ! -exec test -e {} \; -print
Length of output: 9222
1-1: Check TinyCBOR version for security updates

The current implementation uses a fixed commit (878eb01). Let's verify it's up-to-date.

Run this check:
legacy/firmware/fido2/cose_key.h (1)

10-24: LGTM! Constants match COSE standard specifications.

The constants are well-defined and follow RFC 8152 specifications for COSE.

Let's verify these constants against the COSE registry:

✅ Verification successful

Constants verified through codebase implementation

The COSE constants are correctly implemented and consistently used across the FIDO2 firmware. The code shows proper integration with CBOR encoding/decoding and follows the WebAuthn/FIDO2 specifications.
🏁 Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Fetch IANA COSE registry to verify constant values
curl -s https://www.iana.org/assignments/cose/cose.txt | grep -A 20 "Registry:"
Length of output: 79

Script:
#!/bin/bash
# Search for COSE-related test files and RFC references
echo "=== Searching for COSE tests ==="
rg -l "COSE" --type=c --type=h legacy/firmware/fido2/

echo -e "\n=== Searching for RFC 8152 references ==="
rg -i "rfc.?8152|cose.?standard" --type=txt --type=md

echo -e "\n=== Finding other COSE constant definitions ==="
rg "COSE_(KEY|ALG)" --type=c --type=h -A 1
Length of output: 6163
legacy/firmware/fido2/u2f_knownapps.h.mako (1)

8-8: Verify the new include path.

Check if u2f.h is accessible from the new path.

✅ Verification successful

Include path change is correct

The file u2f.h exists in the same directory, making the new include path valid.
🏁 Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Check if u2f.h exists in the include paths
fd -t f "u2f.h$" | grep -v "u2f_knownapps"
Length of output: 107
common/protob/messages-webauthn.proto (1)

17-18: Good field numbering for backward compatibility.

Using high field numbers (100, 101) preserves space for future additions in the 1-99 range.

legacy/firmware/protob/Makefile (1)

17-17: LGTM! Consistent Makefile updates.

The changes properly integrate WebAuthn message handling into the build system.

Also applies to: 24-25

legacy/firmware/fido2/ctap_errors.h (4)

1-6: LGTM! Clear and standard license header.

The dual-license approach (Apache 2.0 or MIT) is appropriate for open-source firmware.

7-15: LGTM! Well-organized CTAP1 error codes.

Error codes follow the FIDO CTAP specification, covering basic protocol errors.

16-52: LGTM! Comprehensive CTAP2 error codes.

Error codes cover all essential CTAP2 scenarios:

CBOR parsing (0x10-0x14)

Credential management (0x19-0x2E)

PIN operations (0x31-0x38)

53-58: LGTM! Well-defined error code ranges.

Clear separation between spec-defined (0x00-0xDF), extension (0xE0-0xEF), and vendor-specific (0xF0-0xFF) error codes.

legacy/firmware/Makefile (3)

88-91: LGTM! Complete FIDO2 implementation files.

All essential FIDO2 components are included:

Transport layer (ctap_trans.o)

Core protocol (ctap.o)

Message parsing (ctap_parse.o)

Credential management (resident_credential.o)

226-230: LGTM! Complete TinyCBOR library integration.

All required TinyCBOR components are included:

Encoder

Parser

Validation

Error strings

275-275: LGTM! WebAuthn protobuf integration.

WebAuthn message support is correctly added under the non-bitcoin-only condition.

coderabbitai · 2025-01-13T07:04:13Z