commander: separate main and hidden wallet backup checks

benma · benma · commit eb96b5eea0c9 · 2020-07-31T08:26:34.000+02:00
Before, checking the backup recovery password when logged in using the
main password would succeed for both the main and the hidden wallet
recovery password. This was the only way to check the hidden wallet
password, as everything sd-card was in the hidden wallet.

With this commit, one can only check the main recovery password in the
main wallet, and the hidden recovery password when in the hidden
wallet.
diff --git a/src/commander.c b/src/commander.c
@@ -305,11 +305,15 @@ static int commander_process_backup_check(const char *key, const char *filename,
             if (wallet_generate_node(key, seed, &node) == DBB_ERROR) {
                 ret = DBB_ERROR;
             } else {
+                uint8_t is_hidden = wallet_is_hidden();
+                // constant time !is_hidden
+                uint8_t negated[] = {1, 0};
+                uint8_t is_main = negated[is_hidden];
                 uint8_t main_ok = MEMEQ(node.private_key, memory_master_hww(NULL), MEM_PAGE_LEN) &&
                                   MEMEQ(node.chain_code, memory_master_hww_chaincode(NULL), MEM_PAGE_LEN);
                 uint8_t hidden_ok = MEMEQ(node.private_key, memory_hidden_hww(NULL), MEM_PAGE_LEN) &&
                                     MEMEQ(node.chain_code, memory_hidden_hww_chaincode(NULL), MEM_PAGE_LEN);
-                ret = (main_ok | hidden_ok) ? DBB_OK : DBB_ERROR; // bitwise for constant time
+                ret = (is_main & main_ok) | (is_hidden & hidden_ok) ? DBB_OK : DBB_ERROR; // bitwise for constant time
             }
             utils_zero(seed, sizeof(seed));
         }
diff --git a/tests/tests_api.c b/tests/tests_api.c
@@ -607,18 +607,22 @@ static void tests_seed_xpub_backup(void)
     ASSERT_SUCCESS;
 
     {
-        // Check backup should also work with the hidden password.
         char set_hidden_wallet_cmd[512];
         snprintf(set_hidden_wallet_cmd, sizeof(set_hidden_wallet_cmd),
                  "{\"%s\":\"%s\",\"%s\":\"%s\"}", cmd_str(CMD_password),
                  hidden_pwd, cmd_str(CMD_key), "hiddenpassword");
         api_format_send_cmd(cmd_str(CMD_hidden_password), set_hidden_wallet_cmd, KEY_STANDARD);
         ASSERT_SUCCESS;
 
-
+        // Check backup of hidden wallet should not work using the main device password.
         snprintf(check, sizeof(check), "{\"check\":\"%s\", \"key\":\"hiddenpassword\"}",
                  filename);
         api_format_send_cmd(cmd_str(CMD_backup), check, KEY_STANDARD);
+        ASSERT_REPORT_HAS(flag_msg(DBB_ERR_SD_NO_MATCH));
+        // Works with the hidden wallet device password.
+        snprintf(check, sizeof(check), "{\"check\":\"%s\", \"key\":\"hiddenpassword\"}",
+                 filename);
+        api_format_send_cmd(cmd_str(CMD_backup), check, KEY_HIDDEN);
         ASSERT_SUCCESS;
     }
 
