From e1caf395def32f8a93b85690c1195350237ade44 Mon Sep 17 00:00:00 2001
From: Marko Bencun <mb@shiftdevices.com>
Date: Fri, 30 Nov 2018 12:34:40 +0100
Subject: [PATCH] check hidden password

---
 src/commander.c   |  7 +++----
 tests/tests_api.c | 16 ++++++++++++++++
 2 files changed, 19 insertions(+), 4 deletions(-)

diff --git a/src/commander.c b/src/commander.c
index c6c5525f..054808ec 100644
--- a/src/commander.c
+++ b/src/commander.c
@@ -316,11 +316,10 @@ static int commander_process_backup_check(const char *key, const char *filename,
             snprintf(seed, sizeof(seed), "%s", utils_uint8_to_hex(backup_hww, MEM_PAGE_LEN));
             if (wallet_generate_node(key, seed, &node) == DBB_ERROR) {
                 ret = DBB_ERROR;
-            } else if (!MEMEQ(node.private_key, wallet_get_master(), MEM_PAGE_LEN) ||
-                       !MEMEQ(node.chain_code, wallet_get_chaincode(), MEM_PAGE_LEN)) {
-                ret = DBB_ERROR;
             } else {
-                ret = DBB_OK;
+                uint8_t main_ok = MEMEQ(node.private_key, memory_master_hww(NULL), MEM_PAGE_LEN) && MEMEQ(node.chain_code, memory_master_hww_chaincode(NULL), MEM_PAGE_LEN);
+                uint8_t hidden_ok = MEMEQ(node.private_key, memory_hidden_hww(NULL), MEM_PAGE_LEN) && MEMEQ(node.chain_code, memory_hidden_hww_chaincode(NULL), MEM_PAGE_LEN);
+                ret = (main_ok | hidden_ok) ? DBB_OK : DBB_ERROR; // bitwise for constant time
             }
             utils_zero(seed, sizeof(seed));
         }
diff --git a/tests/tests_api.c b/tests/tests_api.c
index b0232b81..39a61167 100644
--- a/tests/tests_api.c
+++ b/tests/tests_api.c
@@ -326,10 +326,26 @@ static void tests_seed_xpub_backup(void)
     api_format_send_cmd(cmd_str(CMD_backup), back, KEY_STANDARD);
     ASSERT_SUCCESS;
 
+
     snprintf(check, sizeof(check), "{\"check\":\"%s\", \"key\":\"password\"}", filename);
     api_format_send_cmd(cmd_str(CMD_backup), check, KEY_STANDARD);
     ASSERT_SUCCESS;
 
+    {
+        // Check backup should also work with the hidden password.
+        char set_hidden_wallet_cmd[512];
+        snprintf(set_hidden_wallet_cmd, sizeof(set_hidden_wallet_cmd), "{\"%s\":\"%s\",\"%s\":\"%s\"}", cmd_str(CMD_password),
+                 hidden_pwd, cmd_str(CMD_key), "hiddenpassword");
+        api_format_send_cmd(cmd_str(CMD_hidden_password), set_hidden_wallet_cmd, KEY_STANDARD);
+        ASSERT_SUCCESS;
+
+
+        snprintf(check, sizeof(check), "{\"check\":\"%s\", \"key\":\"hiddenpassword\"}", filename);
+        api_format_send_cmd(cmd_str(CMD_backup), check, KEY_STANDARD);
+        ASSERT_SUCCESS;
+    }
+
+
     api_format_send_cmd(cmd_str(CMD_seed), seed_create_2, KEY_STANDARD);
     ASSERT_REPORT_HAS_NOT(attr_str(ATTR_error));