Merge branch 'checkbackup'

benma · benma · commit fbfa72d54557 · 2020-07-31T09:08:19.000+02:00
diff --git a/src/commander.c b/src/commander.c
@@ -305,11 +305,15 @@ static int commander_process_backup_check(const char *key, const char *filename,
             if (wallet_generate_node(key, seed, &node) == DBB_ERROR) {
                 ret = DBB_ERROR;
             } else {
+                uint8_t is_hidden = wallet_is_hidden();
+                // constant time !is_hidden
+                uint8_t negated[] = {1, 0};
+                uint8_t is_main = negated[is_hidden];
                 uint8_t main_ok = MEMEQ(node.private_key, memory_master_hww(NULL), MEM_PAGE_LEN) &&
                                   MEMEQ(node.chain_code, memory_master_hww_chaincode(NULL), MEM_PAGE_LEN);
                 uint8_t hidden_ok = MEMEQ(node.private_key, memory_hidden_hww(NULL), MEM_PAGE_LEN) &&
                                     MEMEQ(node.chain_code, memory_hidden_hww_chaincode(NULL), MEM_PAGE_LEN);
-                ret = (main_ok | hidden_ok) ? DBB_OK : DBB_ERROR; // bitwise for constant time
+                ret = (is_main & main_ok) | (is_hidden & hidden_ok) ? DBB_OK : DBB_ERROR; // bitwise for constant time
             }
             utils_zero(seed, sizeof(seed));
         }
@@ -395,11 +399,6 @@ static void commander_process_backup(yajl_val json_node)
     char source[MAX(MAX(strlens(attr_str(ATTR_U2F)), strlens(attr_str(ATTR_HWW))),
                                                          strlens(attr_str(ATTR_all))) + 1];
 
-    if (wallet_is_locked()) {
-        commander_fill_report(cmd_str(CMD_backup), NULL, DBB_ERR_IO_LOCKED);
-        return;
-    }
-
     if (strlens(value)) {
         if (STREQ(value, attr_str(ATTR_list))) {
             sd_list(CMD_backup);
@@ -410,17 +409,6 @@ static void commander_process_backup(yajl_val json_node)
         return;
     }
 
-    if (strlens(erase)) {
-        // Erase single file
-        int status = touch_button_press(TOUCH_LONG_WARN);
-        if (status == DBB_TOUCHED) {
-            sd_erase(CMD_backup, erase);
-        } else {
-            commander_fill_report(cmd_str(CMD_backup), NULL, status);
-        }
-        return;
-    }
-
     if (strlens(source_y)) {
         snprintf(source, sizeof(source), "%s", source_y);
     } else {
@@ -432,12 +420,6 @@ static void commander_process_backup(yajl_val json_node)
         }
     }
 
-    if (!strlens(key) && !STREQ(source, attr_str(ATTR_U2F))) {
-        // Exit if backing up HWW but no key given
-        commander_fill_report(cmd_str(CMD_seed), NULL, DBB_ERR_SD_KEY);
-        return;
-    }
-
     if (check) {
         // Verify existing backup
         if (STREQ(source, attr_str(ATTR_all))) {
@@ -448,6 +430,30 @@ static void commander_process_backup(yajl_val json_node)
         return;
     }
 
+
+    if (wallet_is_locked()) {
+        commander_fill_report(cmd_str(CMD_backup), NULL, DBB_ERR_IO_LOCKED);
+        return;
+    }
+
+    if (strlens(erase)) {
+        // Erase single file
+        int status = touch_button_press(TOUCH_LONG_WARN);
+        if (status == DBB_TOUCHED) {
+            sd_erase(CMD_backup, erase);
+        } else {
+            commander_fill_report(cmd_str(CMD_backup), NULL, status);
+        }
+        return;
+    }
+
+
+    if (!strlens(key) && !STREQ(source, attr_str(ATTR_U2F))) {
+        // Exit if backing up HWW but no key given
+        commander_fill_report(cmd_str(CMD_seed), NULL, DBB_ERR_SD_KEY);
+        return;
+    }
+
     if (filename) {
         // Create new backup
         commander_process_backup_create(key, filename, source);
diff --git a/tests/tests_api.c b/tests/tests_api.c
@@ -607,18 +607,22 @@ static void tests_seed_xpub_backup(void)
     ASSERT_SUCCESS;
 
     {
-        // Check backup should also work with the hidden password.
         char set_hidden_wallet_cmd[512];
         snprintf(set_hidden_wallet_cmd, sizeof(set_hidden_wallet_cmd),
                  "{\"%s\":\"%s\",\"%s\":\"%s\"}", cmd_str(CMD_password),
                  hidden_pwd, cmd_str(CMD_key), "hiddenpassword");
         api_format_send_cmd(cmd_str(CMD_hidden_password), set_hidden_wallet_cmd, KEY_STANDARD);
         ASSERT_SUCCESS;
 
-
+        // Check backup of hidden wallet should not work using the main device password.
         snprintf(check, sizeof(check), "{\"check\":\"%s\", \"key\":\"hiddenpassword\"}",
                  filename);
         api_format_send_cmd(cmd_str(CMD_backup), check, KEY_STANDARD);
+        ASSERT_REPORT_HAS(flag_msg(DBB_ERR_SD_NO_MATCH));
+        // Works with the hidden wallet device password.
+        snprintf(check, sizeof(check), "{\"check\":\"%s\", \"key\":\"hiddenpassword\"}",
+                 filename);
+        api_format_send_cmd(cmd_str(CMD_backup), check, KEY_HIDDEN);
         ASSERT_SUCCESS;
     }
 
@@ -2734,8 +2738,10 @@ static void tests_echo_tfa(void)
                         KEY_STANDARD);
     ASSERT_REPORT_HAS(flag_msg(DBB_ERR_IO_LOCKED));
 
-    api_format_send_cmd(cmd_str(CMD_backup), attr_str(ATTR_list), KEY_STANDARD);
-    ASSERT_REPORT_HAS(flag_msg(DBB_ERR_IO_LOCKED));
+    if (!TEST_LIVE_DEVICE) {
+        api_format_send_cmd(cmd_str(CMD_backup), attr_str(ATTR_list), KEY_STANDARD);
+        ASSERT_REPORT_HAS("test_backup.pdf");
+    }
 }
 
 
