Update apps

applications/external/flipbip/application.fam

@@ -15,7 +15,7 @@ App(
             name="crypto",
         ),
     ],
-    fap_category="Misc",
+    fap_category="Tools",
     fap_description="Crypto toolkit for Flipper",
     fap_author="Struan Clark (xtruan)",
     fap_weburl="https://github.com/xtruan/FlipBIP",

applications/external/flipbip/flipbip.h

@@ -15,7 +15,7 @@
 #include "views/flipbip_startscreen.h"
 #include "views/flipbip_scene_1.h"
 
-#define FLIPBIP_VERSION "v0.0.9"
+#define FLIPBIP_VERSION "v1.0.0"
 
 #define COIN_BTC 0
 #define COIN_DOGE 3

applications/external/flipbip/helpers/flipbip_file.c

@@ -1,6 +1,5 @@
 #include "flipbip_file.h"
 #include <storage/storage.h>
-#include <applications.h>
 #include <loader/loader.h>
 #include "../helpers/flipbip_string.h"
 // From: lib/crypto

applications/external/flipbip/lib/crypto/rand.c

@@ -21,43 +21,25 @@
  * OTHER DEALINGS IN THE SOFTWARE.
  */
 
-// NOTE:
-// random32() and random_buffer() have been replaced in this implementation
-// with Flipper Zero specific code. The original code is commented out below.
+#define FLIPPER_HAL_RANDOM
 
 #include "rand.h"
 
+#ifdef FLIPPER_HAL_RANDOM
+
+// NOTE:
+// random32() and random_buffer() have been replaced in this implementation
+// with Flipper Zero specific code. The original code is disabled by #define.
+
 // Flipper Zero RNG code:
 #include <furi_hal_random.h>
 
-#ifndef RAND_PLATFORM_INDEPENDENT
-
-// Original code:
-// #pragma message("NOT SUITABLE FOR PRODUCTION USE! Replace random32() function with your own secure code.")
-
-// The following code is not supposed to be used in a production environment.
-// It's included only to make the library testable.
-// The message above tries to prevent any accidental use outside of the test
-// environment.
-//
-// You are supposed to replace the random8() and random32() function with your
-// own secure code. There is also a possibility to replace the random_buffer()
-// function as it is defined as a weak symbol.
-
 static uint32_t seed = 0;
 
 void random_reseed(const uint32_t value) {
     seed = value;
 }
 
-// Original code:
-// uint32_t random32(void) {
-//   // Linear congruential generator from Numerical Recipes
-//   // https://en.wikipedia.org/wiki/Linear_congruential_generator
-//   seed = 1664525 * seed + 1013904223;
-//   return seed;
-// }
-
 // Flipper Zero RNG code:
 uint32_t random32(void) {
     return furi_hal_random_get();
@@ -68,22 +50,42 @@ void random_buffer(uint8_t* buf, size_t len) {
     furi_hal_random_fill_buf(buf, len);
 }
 
-#endif /* RAND_PLATFORM_INDEPENDENT */
+#else /* PLATFORM INDEPENDENT */
+
+#pragma message( \
+        "NOT SUITABLE FOR PRODUCTION USE! Replace random32() function with your own secure code.")
+
+// The following code is not supposed to be used in a production environment.
+// It's included only to make the library testable.
+// The message above tries to prevent any accidental use outside of the test
+// environment.
+//
+// You are supposed to replace the random8() and random32() function with your
+// own secure code. There is also a possibility to replace the random_buffer()
+// function as it is defined as a weak symbol.
 
 //
 // The following code is platform independent
 //
 
-// Original code:
-// void __attribute__((weak)) random_buffer(uint8_t *buf, size_t len) {
-//   uint32_t r = 0;
-//   for (size_t i = 0; i < len; i++) {
-//     if (i % 4 == 0) {
-//       r = random32();
-//     }
-//     buf[i] = (r >> ((i % 4) * 8)) & 0xFF;
-//   }
-// }
+uint32_t random32(void) {
+    // Linear congruential generator from Numerical Recipes
+    // https://en.wikipedia.org/wiki/Linear_congruential_generator
+    seed = 1664525 * seed + 1013904223;
+    return seed;
+}
+
+void __attribute__((weak)) random_buffer(uint8_t* buf, size_t len) {
+    uint32_t r = 0;
+    for(size_t i = 0; i < len; i++) {
+        if(i % 4 == 0) {
+            r = random32();
+        }
+        buf[i] = (r >> ((i % 4) * 8)) & 0xFF;
+    }
+}
+
+#endif /* FLIPPER_HAL_RANDOM */
 
 uint32_t random_uniform(uint32_t n) {
     uint32_t x = 0, max = 0xFFFFFFFF - (0xFFFFFFFF % n);

applications/external/flipbip/scenes/flipbip_scene_scene_1.c

@@ -47,4 +47,4 @@ bool flipbip_scene_scene_1_on_event(void* context, SceneManagerEvent event) {
 void flipbip_scene_scene_1_on_exit(void* context) {
     FlipBip* app = context;
     UNUSED(app);
-}
+}

applications/external/flipbip/views/flipbip_scene_1.c

@@ -23,7 +23,9 @@
 #define DERIV_ACCOUNT 0
 #define DERIV_CHANGE 0
 
-#define MAX_ADDR_LEN 42 + 1 // 42 = max length of address + null terminator
+#define MAX_TEXT_LEN 30 // 30 = max length of text
+#define MAX_TEXT_BUF (MAX_TEXT_LEN + 1) // max length of text + null terminator
+#define MAX_ADDR_BUF (42 + 1) // 42 = max length of address + null terminator
 #define NUM_ADDRS 6
 
 #define PAGE_LOADING 0
@@ -44,10 +46,10 @@
 #define TEXT_RECEIVE_ADDRESS "receive address:"
 #define TEXT_DEFAULT_DERIV "m/44'/X'/0'/0"
 const char* TEXT_INFO = "-Scroll pages with up/down-"
-                        "p1,2)    Mnemonic/Seed     "
-                        "p3)       xprv Root Key    "
-                        "p4,5)  xprv/xpub Accnt Keys"
-                        "p6,7)  xprv/xpub Extnd Keys"
+                        "p1,2)   BIP39 Mnemonic/Seed"
+                        "p3)       BIP32 Root Key   "
+                        "p4,5)  Prv/Pub Account Keys"
+                        "p6,7)  Prv/Pub BIP32 Keys  "
                         "p8+)    Receive Addresses  ";
 
 // #define TEXT_SAVE_QR "Save QR"
@@ -98,6 +100,10 @@ static CONFIDENTIAL char* s_disp_text5 = NULL;
 static CONFIDENTIAL char* s_disp_text6 = NULL;
 // Derivation path text
 static const char* s_derivation_text = TEXT_DEFAULT_DERIV;
+// Warning text
+static bool s_warn_insecure = false;
+#define WARN_INSECURE_TEXT_1 "Recommendation:"
+#define WARN_INSECURE_TEXT_2 "Set BIP39 Passphrase"
 //static bool s_busy = false;
 
 void flipbip_scene_1_set_callback(
@@ -117,13 +123,15 @@ static void flipbip_scene_1_init_address(
     uint32_t addr_index) {
     //s_busy = true;
 
-    // Buffer for address serialization
-    const size_t buflen = 40;
-    char buf[40 + 1] = {0};
+    // buffer for address serialization
+    // subtract 2 for "0x", 1 for null terminator
+    const size_t buflen = MAX_ADDR_BUF - (2 + 1);
+    // subtract 2 for "0x"
+    char buf[MAX_ADDR_BUF - 2] = {0};
 
     // Use static node for address generation
     memcpy(s_addr_node, node, sizeof(HDNode));
-    memzero(addr_text, MAX_ADDR_LEN);
+    memzero(addr_text, MAX_ADDR_BUF);
 
     hdnode_private_ckd(s_addr_node, addr_index);
     hdnode_fill_public_key(s_addr_node);
@@ -158,8 +166,13 @@ static void flipbip_scene_1_init_address(
     //s_busy = false;
 }
 
-static void flipbip_scene_1_draw_generic(const char* text, size_t line_len) {
+static void
+    flipbip_scene_1_draw_generic(const char* text, const size_t line_len, const bool chunk) {
     // Split the text into parts
+    size_t len = line_len;
+    if(len > MAX_TEXT_LEN) {
+        len = MAX_TEXT_LEN;
+    }
     for(size_t si = 1; si <= 6; si++) {
         char* ptr = NULL;
 
@@ -176,11 +189,18 @@ static void flipbip_scene_1_draw_generic(const char* text, size_t line_len) {
         else if(si == 6)
             ptr = s_disp_text6;
 
-        memzero(ptr, 30 + 1);
-        if(line_len > 30) {
-            strncpy(ptr, text + ((si - 1) * 30), 30);
-        } else {
-            strncpy(ptr, text + ((si - 1) * line_len), line_len);
+        memzero(ptr, MAX_TEXT_BUF);
+        strncpy(ptr, text + ((si - 1) * len), len);
+        // add a space every 4 characters and shift the text
+        if(len < 23 && chunk) {
+            for(size_t i = 0; i < strlen(ptr); i++) {
+                if(i % 5 == 0) {
+                    for(size_t j = strlen(ptr); j > i; j--) {
+                        ptr[j] = ptr[j - 1];
+                    }
+                    ptr[i] = ' ';
+                }
+            }
         }
     }
 }
@@ -220,9 +240,9 @@ static void flipbip_scene_1_draw_mnemonic(const char* mnemonic) {
         else if(mi == 6)
             ptr = s_disp_text6;
 
-        memzero(ptr, 30 + 1);
-        if(strlen(mnemonic_part) > 30) {
-            strncpy(ptr, mnemonic_part, 30);
+        memzero(ptr, MAX_TEXT_BUF);
+        if(strlen(mnemonic_part) > MAX_TEXT_LEN) {
+            strncpy(ptr, mnemonic_part, MAX_TEXT_LEN);
         } else {
             strncpy(ptr, mnemonic_part, strlen(mnemonic_part));
         }
@@ -241,7 +261,7 @@ static void flipbip_scene_1_draw_seed(FlipBipScene1Model* const model) {
     // Convert the seed to a hex string
     flipbip_btox(model->seed, 64, seed_working);
 
-    flipbip_scene_1_draw_generic(seed_working, 22);
+    flipbip_scene_1_draw_generic(seed_working, 22, false);
 
     // Free the working seed memory
     memzero(seed_working, seed_working_len);
@@ -249,12 +269,12 @@ static void flipbip_scene_1_draw_seed(FlipBipScene1Model* const model) {
 }
 
 static void flipbip_scene_1_clear_text() {
-    memzero((void*)s_disp_text1, 30 + 1);
-    memzero((void*)s_disp_text2, 30 + 1);
-    memzero((void*)s_disp_text3, 30 + 1);
-    memzero((void*)s_disp_text4, 30 + 1);
-    memzero((void*)s_disp_text5, 30 + 1);
-    memzero((void*)s_disp_text6, 30 + 1);
+    memzero((void*)s_disp_text1, MAX_TEXT_BUF);
+    memzero((void*)s_disp_text2, MAX_TEXT_BUF);
+    memzero((void*)s_disp_text3, MAX_TEXT_BUF);
+    memzero((void*)s_disp_text4, MAX_TEXT_BUF);
+    memzero((void*)s_disp_text5, MAX_TEXT_BUF);
+    memzero((void*)s_disp_text6, MAX_TEXT_BUF);
 }
 
 void flipbip_scene_1_draw(Canvas* canvas, FlipBipScene1Model* model) {
@@ -264,35 +284,40 @@ void flipbip_scene_1_draw(Canvas* canvas, FlipBipScene1Model* model) {
 
     flipbip_scene_1_clear_text();
     if(model->page == PAGE_INFO) {
-        flipbip_scene_1_draw_generic(TEXT_INFO, 27);
+        flipbip_scene_1_draw_generic(TEXT_INFO, 27, false);
     } else if(model->page == PAGE_MNEMONIC) {
         flipbip_scene_1_draw_mnemonic(model->mnemonic);
     } else if(model->page == PAGE_SEED) {
         flipbip_scene_1_draw_seed(model);
     } else if(model->page == PAGE_XPRV_ROOT) {
-        flipbip_scene_1_draw_generic(model->xprv_root, 20);
+        flipbip_scene_1_draw_generic(model->xprv_root, 20, false);
     } else if(model->page == PAGE_XPRV_ACCT) {
-        flipbip_scene_1_draw_generic(model->xprv_account, 20);
+        flipbip_scene_1_draw_generic(model->xprv_account, 20, false);
     } else if(model->page == PAGE_XPUB_ACCT) {
-        flipbip_scene_1_draw_generic(model->xpub_account, 20);
+        flipbip_scene_1_draw_generic(model->xpub_account, 20, false);
     } else if(model->page == PAGE_XPRV_EXTD) {
-        flipbip_scene_1_draw_generic(model->xprv_extended, 20);
+        flipbip_scene_1_draw_generic(model->xprv_extended, 20, false);
     } else if(model->page == PAGE_XPUB_EXTD) {
-        flipbip_scene_1_draw_generic(model->xpub_extended, 20);
+        flipbip_scene_1_draw_generic(model->xpub_extended, 20, false);
     } else if(model->page >= PAGE_ADDR_BEGIN && model->page <= PAGE_ADDR_END) {
-        uint32_t line_len = 12;
+        size_t line_len = 12;
         if(model->coin == FlipBipCoinETH60) {
             line_len = 14;
         }
         flipbip_scene_1_draw_generic(
-            model->recv_addresses[model->page - PAGE_ADDR_BEGIN], line_len);
+            model->recv_addresses[model->page - PAGE_ADDR_BEGIN], line_len, true);
     }
 
     if(model->page == PAGE_LOADING) {
         canvas_set_font(canvas, FontPrimary);
         canvas_draw_str(canvas, 2, 10, TEXT_LOADING);
         canvas_draw_str(canvas, 7, 30, s_derivation_text);
-        canvas_draw_icon(canvas, 86, 25, &I_Keychain_39x36);
+        canvas_draw_icon(canvas, 86, 22, &I_Keychain_39x36);
+        if(s_warn_insecure) {
+            canvas_set_font(canvas, FontSecondary);
+            canvas_draw_str(canvas, 2, 50, WARN_INSECURE_TEXT_1);
+            canvas_draw_str(canvas, 2, 60, WARN_INSECURE_TEXT_2);
+        }
     } else if(model->page >= PAGE_ADDR_BEGIN && model->page <= PAGE_ADDR_END) {
         // draw address header
         canvas_set_font(canvas, FontSecondary);
@@ -461,8 +486,8 @@ static int flipbip_scene_1_model_init(
 
     // Initialize addresses
     for(uint8_t a = 0; a < NUM_ADDRS; a++) {
-        model->recv_addresses[a] = malloc(MAX_ADDR_LEN);
-        memzero(model->recv_addresses[a], MAX_ADDR_LEN);
+        model->recv_addresses[a] = malloc(MAX_ADDR_BUF);
+        memzero(model->recv_addresses[a], MAX_ADDR_BUF);
         flipbip_scene_1_init_address(model->recv_addresses[a], node, coin, a);
 
         // Save QR code file
@@ -586,7 +611,7 @@ void flipbip_scene_1_exit(void* context) {
                 free((void*)model->xprv_extended);
                 free((void*)model->xpub_extended);
                 for(int a = 0; a < NUM_ADDRS; a++) {
-                    memzero((void*)model->recv_addresses[a], MAX_ADDR_LEN);
+                    memzero((void*)model->recv_addresses[a], MAX_ADDR_BUF);
                     free((void*)model->recv_addresses[a]);
                 }
             }
@@ -614,6 +639,9 @@ void flipbip_scene_1_enter(void* context) {
     const char* passphrase_text = "";
     if(app->passphrase == FlipBipPassphraseOn && strlen(app->passphrase_text) > 0) {
         passphrase_text = app->passphrase_text;
+        s_warn_insecure = false;
+    } else {
+        s_warn_insecure = true;
     }
 
     // BIP44 Coin setting
@@ -685,12 +713,12 @@ FlipBipScene1* flipbip_scene_1_alloc() {
     s_addr_node = (HDNode*)malloc(sizeof(HDNode));
 
     // allocate the display text
-    s_disp_text1 = (char*)malloc(30 + 1);
-    s_disp_text2 = (char*)malloc(30 + 1);
-    s_disp_text3 = (char*)malloc(30 + 1);
-    s_disp_text4 = (char*)malloc(30 + 1);
-    s_disp_text5 = (char*)malloc(30 + 1);
-    s_disp_text6 = (char*)malloc(30 + 1);
+    s_disp_text1 = (char*)malloc(MAX_TEXT_BUF);
+    s_disp_text2 = (char*)malloc(MAX_TEXT_BUF);
+    s_disp_text3 = (char*)malloc(MAX_TEXT_BUF);
+    s_disp_text4 = (char*)malloc(MAX_TEXT_BUF);
+    s_disp_text5 = (char*)malloc(MAX_TEXT_BUF);
+    s_disp_text6 = (char*)malloc(MAX_TEXT_BUF);
 
     return instance;
 }