U2F: Fix on safari/macos

U2F is typically a stateless protocol, so between two transactions
(request+response) there is not supposed to be any lock held. It was
assumed that the "FIDO Client" (typically web browser) would keep
sending only U2F `register` or `authenticate` messages when it had started
doing so. But it is also legal to send for example a new U2FHID `init`
message in between. (the U2F reference test cases do this for example).

Before this commit we held a "lock" while the confirm screen was active
until the user had confirmed and didn't allow any other messages in
between. This breaks the U2F protocol as explained above.

After this commit we instead only hold the "lock" for the transaction
(request + response), which is the correct way according to the u2f
reference:

    The application channel that manages to get through the first
    initialization packet when the device is in idle state will keep the
    device locked for other channels until the last packet of the
    response message has been received. The device then returns to idle
    state, ready to perform another transaction for the same or a
    different channel. Between two transactions, no state is maintained
    in the device and a host application must assume that any other
    process may execute other transactions at any time.

Author: NickeZ

CHANGELOG.md

@@ -8,6 +8,7 @@ customers cannot upgrade their bootloader, its changes are recorded separately.
 
 ### [Unreleased]
 - EVM: add HyperEVM (HYPE) and SONIC (S) to known networks
+- U2F: fix macos/safari macos/firefox support
 
 ### 9.23.0
 - Ethereum: add confirmation screen for known networks, change base unit to ETH for Arbitrum and Optimism

src/firmware.c

@@ -25,8 +25,13 @@
 #include "screen.h"
 #include "ui/screen_stack.h"
 #include "usb/usb_processing.h"
+#include <hww.h>
 #include <memory/memory_spi.h>
 
+#if APP_U2F == 1
+#include <u2f.h>
+#endif
+
 uint32_t __stack_chk_guard = 0;
 
 int main(void)
@@ -44,6 +49,11 @@ int main(void)
         da14531_protocol_init();
     }
     usb_processing_init();
+    // Setup usb_processing handlers
+    hww_setup();
+#if APP_U2F == 1
+    u2f_device_setup();
+#endif
     firmware_main_loop();
     return 0;
 }

src/firmware_main_loop.c

@@ -103,6 +103,11 @@ void firmware_main_loop(void)
         }
         if (!u2f_data) {
             u2f_data = queue_pull(queue_u2f_queue());
+            // If USB stack was locked and there is no more messages to send out, time to
+            // unlock it.
+            if (!u2f_data && usb_processing_locked(usb_processing_u2f())) {
+                usb_processing_unlock();
+            }
         }
 #endif
         // Do USB Input
@@ -120,6 +125,7 @@ void firmware_main_loop(void)
         }
 #if APP_U2F == 1
         if (!u2f_data && hid_u2f_read(&u2f_frame[0])) {
+            util_log("u2f data %s", util_dbg_hex((void*)u2f_frame, 16));
             u2f_packet_process((const USB_FRAME*)u2f_frame);
             if (communication_mode_ble_enabled()) {
                 // Enqueue a power down command to the da14531
@@ -152,6 +158,7 @@ void firmware_main_loop(void)
 #if APP_U2F == 1
         if (!communication_mode_ble_enabled() && u2f_data) {
             if (hid_u2f_write_poll(u2f_data)) {
+                util_log("u2f wrote %s", util_dbg_hex(u2f_data, 16));
                 u2f_data = NULL;
             }
         }