sd2fa is NOT backed up and not restored from older backups

2023-07-14 14:13:28 +02:00 · 2023-07-14 14:13:28 +02:00 · 500f730265
commit 500f730265
parent 0d271d9027
5 changed files with 32 additions and 12 deletions
--- a/releases/ChangeLog.md
+++ b/releases/ChangeLog.md
@ -13,6 +13,11 @@
 - Bugfix: empty number during BIP-39 passphrase entry could cause crash.
 - Bugfix: UX: Signing with BIP39 Passphrase showed master fingerprint as integer. Fixed to show hex.
 - Bugfix: Fixed inability to generate paper wallet without secrets
+- Bugfix: SD2FA setting is cleared when seed is wiped after failed policy SD2FA enforce.
+  Prevents infinite seed wipe loop when restoring backup after 2FA MicroSD lost or damaged.
+  SD2FA is not backed up and also not restored from older backups. If SD2FA is set up,
+  it will not survive restore of backup.
+

 ## 5.1.2 - 2023-04-07

--- a/shared/backups.py
+++ b/shared/backups.py
@ -97,6 +97,7 @@ def render_backup_contents():
        if k == 'xpub': continue        # redundant, and wrong if bip39pw
        if k == 'xfp': continue         # redundant, and wrong if bip39pw
        if k == 'bkpw': continue        # confusing/circular
+        if k == 'sd2fa': continue       # do NOT backup SD 2FA (card can be lost or damaged)
        ADD('setting.' + k, v)

    if version.has_fatram:
@ -171,26 +172,35 @@ def restore_from_dict_ll(vals):
            sys.print_exception(exc)
            # but keep going

-    # restore settings from backup file
+    # if sd2fa is encountered during backup restore - purge it
+    settings.remove_key("sd2fa")

-    for idx, k in enumerate(vals):
-        dis.progress_bar_show(idx / len(vals))
-        if not k.startswith('setting.'):
+    # restore settings from backup file
+    vals_len = len(vals)
+    for idx, key in enumerate(vals):
+        dis.progress_bar_show(idx / vals_len)
+        if not key[:8] == "setting.":
            continue

-        if k == 'xfp' or k == 'xpub': continue
+        k = key[8:]
+
+        if k == 'sd2fa':
+            # do NOT restore sd2fa as SD card can be lost or damaged
+            # new version of firmware 5.1.3+ will not back sd2fa
+            # old backups need this to function properly
+            continue

        if k == 'tp':
            # restore trick pins, which may involve many ops
            if version.mk_num >= 4:
                from trick_pins import tp
                try:
-                    tp.restore_backup(vals[k])
+                    tp.restore_backup(vals[key])
                except Exception as exc:
                    sys.print_exception(exc)
            continue

-        settings.set(k[8:], vals[k])
+        settings.set(k, vals[key])

    # write out
    settings.save()
--- a/shared/mk4.py
+++ b/shared/mk4.py
@ -96,7 +96,6 @@ def wipe_if_deltamode():
    if not pa.is_deltamode():
        return

-    import callgate
    callgate.fast_wipe()

 # EOF
--- a/shared/pwsave.py
+++ b/shared/pwsave.py
@ -207,6 +207,9 @@ class MicroSD2FA(PassphraseSaver):
        except:
            # die. wrong
            import callgate
+            from glob import settings
+            settings.remove_key("sd2fa")
+            settings.save()
            callgate.fast_wipe(silent=False)

        # proceed w/o any notice
@ -258,6 +261,7 @@ class MicroSD2FA(PassphraseSaver):
                    fd.write(msg)

            # update setting as well
+            # TODO use general method that handles memory overflow
            v.append(nonce)
            settings.set('sd2fa', v)
            settings.save()
@ -324,13 +328,15 @@ class MicroSD2FA(PassphraseSaver):
            ok = cls.authorized_card_present(cls.get_nonces())
            if ok:
                await ux_show_story("Need a different MicroSD card. "
-                                        "This card would already be accepted.")
+                                    "This card would already be accepted.")
                return

        ctx = 'this card or one of the others' if count >= 1 else 'it'

-        ok = await ux_confirm("Add this card to authorized set? Going forward %s must be present during login process or the seed will be wiped!" % ctx)
-
+        ok = await ux_confirm("Add this card to authorized set? Going forward %s must be "
+                              "present during login process or the seed will be wiped!" % ctx)
+        if not ok:
+            return

        await cls().enroll()

--- a/shared/trick_pins.py
+++ b/shared/trick_pins.py
@ -512,7 +512,7 @@ class TrickPinMenu(MenuSystem):
            have.remove(existing_pin)

        if (new_pin == self.current_pin) or (new_pin in have):
-            await ux_show_story("That PIN (%s) is already in use. All PIN codes must be unique." % new_pin);
+            await ux_show_story("That PIN (%s) is already in use. All PIN codes must be unique." % new_pin)
            return

        # check if we "forgot" this pin, and read it back if we did.