bugfix: yikes exporting B85 via NFC when NFC is None

2024-06-20 10:46:41 +02:00 · 2024-06-20 10:46:41 +02:00 · 95d1476a68
commit 95d1476a68
parent 2dc83743ed
3 changed files with 51 additions and 31 deletions
--- a/releases/Next-ChangeLog.md
+++ b/releases/Next-ChangeLog.md
@ -33,5 +33,6 @@ This lists the new changes that have not yet been published in a normal release.
 ## 1.2.2Q - 2024-06-XX

 - Enhancement: Coldcard multisg export/import format detected in `Scan Any QR Code`.
+- Bugfix: Exporting BIP-85 derived entropy via NFC was possible even if NFC disabled - yikes 


--- a/shared/drv_entro.py
+++ b/shared/drv_entro.py
@ -6,7 +6,7 @@
 # Using the system's BIP-32 master key, safely derive seeds phrases/entropy for other
 # wallet systems, which may expect seed phrases, XPRV, or other entropy.
 #
-import stash, seed, ngu, chains, bip39, version, glob
+import stash, seed, ngu, chains, bip39
 from ux import ux_show_story, ux_enter_bip32_index, the_ux, ux_confirm, ux_dramatic_pause
 from menu import MenuItem, MenuSystem
 from ubinascii import hexlify as b2a_hex
@ -118,7 +118,7 @@ async def pick_bip85_password():
    return await drv_entro_step2(None, 7, None, just_pick=True)

 async def drv_entro_step2(_1, picked, _2, just_pick=False):
-    from glob import dis, settings
+    from glob import dis, settings, NFC
    from files import CardSlot, CardMissingError, needs_microsd
    from ux import ux_render_words, export_prompt_builder, import_export_prompt_decode

@ -203,13 +203,12 @@ async def drv_entro_step2(_1, picked, _2, just_pick=False):
        key0 = 'to switch to derived secret'
    elif s_mode == 'pw':
        key0 = 'to type password over USB'
-    prompt, escape = export_prompt_builder('data', key0=key0, no_qr=(not qr), no_nfc=(not qr))
-
+    prompt, escape = export_prompt_builder('data', key0=key0,
+                                           no_qr=(not qr))
    while 1:
-        ch = await ux_show_story(msg+'\n\n'+prompt, sensitive=True, escape=escape)
-
+        ch = await ux_show_story(msg+'\n\n'+prompt, sensitive=True, escape=escape,
+                                 strict_escape=True)
        choice = import_export_prompt_decode(ch)
-
        if isinstance(choice, dict):
            # write to SD card or Virtual Disk: simple text file
            try:
@ -237,33 +236,30 @@ async def drv_entro_step2(_1, picked, _2, just_pick=False):
        elif choice == KEY_QR:
            from ux import show_qr_code
            await show_qr_code(qr, qr_alnum)
-        elif choice == '0' and s_mode == 'pw':
-            # gets confirmation then types it
-            await single_send_keystrokes(qr, path)
-        elif choice == KEY_NFC:
+        elif choice == '0':
+            if s_mode == 'pw':
+                # gets confirmation then types it
+                await single_send_keystrokes(qr, path)
+            elif encoded is not None:
+                # switch over to new secret!
+                dis.fullscreen("Applying...")
+                from actions import goto_top_menu
+                from glob import settings
+                xfp_str = xfp2str(settings.get("xfp", 0))
+                await seed.set_ephemeral_seed(
+                    encoded,
+                    meta='BIP85 Derived from [%s], index=%d' % (xfp_str, index)
+                )
+                goto_top_menu()
+                break
+
+        elif NFC and choice == KEY_NFC:
            # Share any of these over NFC
-            await glob.NFC.share_text(qr)
-        else:
-            break
+            await NFC.share_text(qr)

-    if new_secret is not None:
-        stash.blank_object(new_secret)
    stash.blank_object(msg)
-
-    if choice == '0' and (encoded is not None):
-        # switch over to new secret!
-        dis.fullscreen("Applying...")
-        from actions import goto_top_menu
-        from glob import settings
-        xfp_str = xfp2str(settings.get("xfp", 0))
-        await seed.set_ephemeral_seed(
-            encoded,
-            meta='BIP85 Derived from [%s], index=%d' % (xfp_str, index)
-        )
-        goto_top_menu()
-
-    if encoded is not None:
-        stash.blank_object(encoded)
+    stash.blank_object(new_secret)
+    stash.blank_object(encoded)


 async def password_entry(*args, **kwargs):
--- a/testing/test_drv_entro.py
+++ b/testing/test_drv_entro.py
@ -362,4 +362,27 @@ def test_type_passwords(dev, cap_menu, pick_menu_item, goto_home,
    menu = cap_menu()
    assert "Type Passwords" not in menu

+def test_export_nfc_when_disabled(pick_menu_item, goto_home, cap_story, press_select,
+                                  is_q1, derive_bip85_secret, press_nfc, cap_menu):
+    goto_home()
+    pick_menu_item("Settings")
+    pick_menu_item("Hardware On/Off")
+    pick_menu_item("NFC Sharing")
+    time.sleep(.1)
+    _, story = cap_story()
+    if "Near Field Communications" in story:
+        press_select()
+
+    pick_menu_item("Default Off")
+    time.sleep(.1)
+    goto_home()
+    _, story = derive_bip85_secret('12 words', 999)
+    assert "NFC" not in story
+    press_nfc()
+    time.sleep(.1)
+    goto_home()
+    m = cap_menu()
+    assert "Ready To Sign" in m
+
+
 # EOF