memory: return unique default device name for BB02+

To disambiguate multiple BitBoxes in the Bluetooth devices list, we
use a unique name of the form "BitBox ABCD" (four random uppercase
letters) until a device name is set by the user.

The random letters are not picked perfectly uniformely, but this is
not security critical - it's merely to create a unique name to be able
to disambiguate.

This change only applies to BB02+, and this random device name is
displayed on the lockscreen visible before pairing.

Author: benma

src/memory/memory.c

@@ -253,13 +253,47 @@ bool memory_set_device_name(const char* name)
     return _write_chunk(CHUNK_1, chunk.bytes);
 }
 
+static void _random_name(char* name_out)
+{
+    static char cached_name[MEMORY_DEVICE_NAME_MAX_LEN] = {0};
+
+    if (cached_name[0] == 0x00) {
+        // Generate 4 random uppercase letters
+        uint8_t random[32] = {0};
+        _interface_functions->random_32_bytes(random);
+        uint8_t letters[4];
+        for (size_t i = 0; i < sizeof(letters); i++) {
+            letters[i] = 'A' + (random[i] % 26);
+        }
+
+        // Format into cached name
+        snprintf(
+            cached_name,
+            MEMORY_DEVICE_NAME_MAX_LEN,
+            "BitBox %c%c%c%c",
+            letters[0],
+            letters[1],
+            letters[2],
+            letters[3]);
+    }
+
+    // Copy cached result to output
+    snprintf(name_out, MEMORY_DEVICE_NAME_MAX_LEN, "%s", cached_name);
+}
+
 void memory_get_device_name(char* name_out)
 {
     chunk_1_t chunk = {0};
     CLEANUP_CHUNK(chunk);
     _read_chunk(CHUNK_1, chunk_bytes);
     if (chunk.fields.device_name[0] == 0xFF) {
-        snprintf(name_out, MEMORY_DEVICE_NAME_MAX_LEN, "%s", MEMORY_DEFAULT_DEVICE_NAME);
+        if (memory_get_platform() == MEMORY_PLATFORM_BITBOX02_PLUS) {
+            // For Bluetooth, we want to use an unambiguous default name so this BitBox can be
+            // identified if multiple BitBoxes are advertising at the same time.
+            _random_name(name_out);
+        } else {
+            snprintf(name_out, MEMORY_DEVICE_NAME_MAX_LEN, "%s", MEMORY_DEFAULT_DEVICE_NAME);
+        }
     } else {
         snprintf(name_out, MEMORY_DEVICE_NAME_MAX_LEN, "%s", chunk.fields.device_name);
     }

src/memory/memory.h

@@ -70,8 +70,10 @@ extern const char* MEMORY_DEFAULT_DEVICE_NAME;
 // size (including the null terminator) is MEMORY_DEVICE_NAME_MAX_LEN bytes.
 USE_RESULT bool memory_set_device_name(const char* name);
 
-// name_out must have MEMORY_DEVICE_NAME_MAX_LEN bytes in size. Returns `MEMORY_DEFAULT_DEVICE_NAME`
-// if no device name is set.
+// name_out must have MEMORY_DEVICE_NAME_MAX_LEN bytes in size. If no device name is set, we return:
+// - `MEMORY_DEFAULT_DEVICE_NAME` for non-bluetooth enabled BitBoxes
+// - "BitBox ABCD" for Bluetooth-enabled BitBoxes, where ABCD are four random uppercase letters.
+//    The name is cached in RAM, so the same random name is returned until reboot.
 void memory_get_device_name(char* name_out);
 
 /**

test/unit-test/test_memory.c

@@ -18,15 +18,13 @@
 #include <cmocka.h>
 
 #include <memory/memory.h>
+#include <memory/memory_shared.h>
 
 #include <stdint.h>
 #include <stdio.h>
 #include <string.h>
 
-#define CHUNK_SIZE (16 * 512) // 8kB.
-
 #define FLASH_APP_DATA_LEN (0x000010000)
-#define FLASH_SHARED_DATA_START (0xe000)
 
 // chunk 0
 static const int _addr_factory_setup_done = 0;
@@ -386,10 +384,45 @@ static void _test_memory_get_device_name_default(void** state)
     EMPTYCHUNK(empty_chunk);
     expect_value(__wrap_memory_read_chunk_mock, chunk_num, 1);
     will_return(__wrap_memory_read_chunk_mock, empty_chunk);
+
+    EMPTYCHUNK(empty_shared_chunk);
+    will_return(__wrap_memory_read_shared_bootdata_mock, empty_shared_chunk);
+
     memory_get_device_name(name_out);
     assert_string_equal(MEMORY_DEFAULT_DEVICE_NAME, name_out);
 }
 
+// For Bluetooth devices (BitBox02+), the default name is "BitBox ABCD" where ABCD are four random
+// uppercase letters.
+static void _test_memory_get_device_name_default_bluetooth(void** state)
+{
+    uint8_t entropy[32] = {0};
+    memcpy(entropy, "\x00\x19\xFE\xFF", 4);
+
+    char name_out[MEMORY_DEVICE_NAME_MAX_LEN] = {0};
+    EMPTYCHUNK(empty_chunk);
+    expect_value(__wrap_memory_read_chunk_mock, chunk_num, 1);
+    will_return(__wrap_memory_read_chunk_mock, empty_chunk);
+
+    EMPTYCHUNK(empty_shared_chunk);
+    chunk_shared_t shared_chunk = {0};
+    memcpy(shared_chunk.bytes, empty_shared_chunk, CHUNK_SIZE);
+    shared_chunk.fields.platform = MEMORY_PLATFORM_BITBOX02_PLUS;
+    will_return(__wrap_memory_read_shared_bootdata_mock, shared_chunk.bytes);
+
+    will_return(_mock_random_32_bytes, entropy);
+
+    memory_get_device_name(name_out);
+    assert_string_equal("BitBox AZUV", name_out);
+
+    // Calling it again does not re-generate a new random name but reuses the already generated one.
+    expect_value(__wrap_memory_read_chunk_mock, chunk_num, 1);
+    will_return(__wrap_memory_read_chunk_mock, empty_chunk);
+    will_return(__wrap_memory_read_shared_bootdata_mock, shared_chunk.bytes);
+    memory_get_device_name(name_out);
+    assert_string_equal("BitBox AZUV", name_out);
+}
+
 static void _test_memory_get_device_name(void** state)
 {
     char name_out[MEMORY_DEVICE_NAME_MAX_LEN] = {0};
@@ -527,6 +560,7 @@ int main(void)
         cmocka_unit_test(_test_memory_set_mnemonic_passphrase_enabled),
         cmocka_unit_test(_test_memory_reset_hww),
         cmocka_unit_test(_test_memory_get_device_name_default),
+        cmocka_unit_test(_test_memory_get_device_name_default_bluetooth),
         cmocka_unit_test(_test_memory_get_device_name),
         cmocka_unit_test(_test_memory_device_name),
         cmocka_unit_test(_test_memory_set_seed_birthdate),