SFT-4094: formalized multisig policy default, clarified warning langu…

…age around "required" multisig for signing

ports/stm32/boards/Passport/modules/multisig_wallet.py

@@ -18,7 +18,7 @@
 from ubinascii import hexlify as b2a_hex
 from utils import xfp2str, str2xfp, cleanup_deriv_path, keypath_to_str, str_to_keypath
 from public_constants import (AF_P2SH, AF_P2WSH_P2SH, AF_P2WSH, AFC_SCRIPT,
-                              TRUST_OFFER, TRUST_PSBT, TRUST_VERIFY, MAX_SIGNERS)
+                              TRUST_DEFAULT, TRUST_PSBT, TRUST_VERIFY, MAX_SIGNERS)
 from constants import MAX_MULTISIG_NAME_LEN
 from exceptions import FatalPSBTIssue
 from opcodes import OP_CHECKMULTISIG
@@ -159,13 +159,7 @@ def chain(self):
     @classmethod
     def get_trust_policy(cls):
         from common import settings
-
-        which = settings.get('multisig_policy', None)
-
-        if which is None:
-            which = TRUST_VERIFY if cls.exists() else TRUST_OFFER
-
-        return which
+        return settings.get('multisig_policy', TRUST_DEFAULT)
 
     def serialize(self):
         # return a JSON-able object
@@ -329,12 +323,6 @@ def get_all(cls):
         # return them all, as a generator
         return cls.iter_wallets()
 
-    @classmethod
-    def exists(cls):
-        # are there any wallets defined?
-        from common import settings
-        return bool(settings.get('multisig', False))
-
     @classmethod
     def get_count(cls):
         from common import settings
@@ -878,7 +866,7 @@ def import_from_psbt(cls, M, N, xpubs_list):
 
         if trust_mode == TRUST_VERIFY:
             # already checked for existing import and wasn't found, so fail
-            raise FatalPSBTIssue("XPUBs in PSBT do not match any existing wallet")
+            raise FatalPSBTIssue("XPUBs in PSBT do not match any existing wallet as required by multisig policy")
 
         # build up an in-memory version of the wallet.
         #  - capture address format based on path used for my leg (if standards compliant)

ports/stm32/boards/Passport/modules/pages/multisig_policy_setting_page.py

@@ -4,7 +4,7 @@
 # multisig_policy_setting_page.py - Set the multisig policy
 
 from pages import SettingPage
-from public_constants import TRUST_OFFER, TRUST_VERIFY, TRUST_PSBT
+from public_constants import TRUST_OFFER, TRUST_VERIFY, TRUST_PSBT, TRUST_DEFAULT
 
 # Chooser for trust policy
 ch = ['Ask to Import', 'Require Existing', 'Skip Verification']
@@ -24,4 +24,4 @@ def __init__(self, card_header=None, statusbar=None):
             statusbar=statusbar,
             setting_name='multisig_policy',
             options=self.OPTIONS,
-            default_value=self.OPTIONS[1].get('value'))
+            default_value=TRUST_DEFAULT)

ports/stm32/boards/Passport/modules/psbt.py

@@ -1173,13 +1173,13 @@ async def handle_xpubs(self):
             # print('proposed={}, need_approval={}'.format(proposed, need_approval))
 
             # Gen1.2 We don't do the UI part of this here, but in SignPsbtCommonFlow
+
             if need_approval:
                 self.multisig_import_needs_approval = True
             #     # do a complex UX sequence, which lets them save new wallet
             #     ch = await proposed.confirm_import()
             #     if ch != 'y':
             #         raise FatalPSBTIssue("Refused to import new wallet")
-
             self.active_multisig = proposed
         else:
             # Validate good match here. The xpubs must be exactly right, but

ports/stm32/boards/Passport/modules/public_constants.py

@@ -112,6 +112,7 @@
 TRUST_VERIFY = const(0)
 TRUST_OFFER = const(1)
 TRUST_PSBT = const(2)
+TRUST_DEFAULT = TRUST_OFFER
 
 # Default Directories
 DIR_BACKUPS = 'backups'
@@ -129,7 +130,9 @@
     'shutdown_timeout',
     'device_name',
     'security_words',
-    'pin_prefix_hash'
+    'pin_prefix_hash',
+    # 'multisig_policy',  # TODO: do we want these to be globally accessible?
+    # 'multisig',
 ]
 
 # Size of a pin prefix:

ports/stm32/boards/Passport/modules/wallets/theya.py

@@ -22,7 +22,4 @@
          'filename_pattern_multisig': '{xfp}-theya-multisig.json'}
     ],
     'export_fw_version': True,
-    # 'skip_address_validation': True,
-    # 'skip_multisig_import': True,
-    # 'force_multisig_policy': True
 }