master_blinding_key: add parameter to return denied error if need to …

…ask user
Blockstream · Jan 12, 2024 · f59f491 · f59f491
1 parent f862caa
commit f59f491
Show file tree

Hide file tree

Showing 5 changed files with 41 additions and 4 deletions.
diff --git a/docs/index.rst b/docs/index.rst
@@ -1481,14 +1481,22 @@ get_master_blinding_key request
 -------------------------------
 
 Used to fetch the master (SLIP-077) blinding key for the wallet.
+May block temporarily while asking the user to confirm the export from Jade.
+Passing 'only_if_silent' will instead immediately return a 'denied' error if it would usually need to ask the user to confirm.
 
 .. code-block:: cbor
 
     {
         "id": "66",
         "method": "get_master_blinding_key"
+        "params": {
+            "only_if_silent": False
+        }
     }
 
+* Passing 'only_if_silent' as True means the call will always return immediately - it will return the 'denied' error if it would normally ask the user to confirm.
+* Passing 'only_if_silent' as False (or not passing it at all) allows the call to block temporarily if asking the user to confirm the export is required.
+
 .. _get_master_blinding_key_reply:
 
 get_master_blinding_key reply

diff --git a/jadepy/jade.py b/jadepy/jade.py
@@ -1220,18 +1220,28 @@ def sign_identity(self, identity, curve, challenge, index=0):
         params = {'identity': identity, 'curve': curve, 'index': index, 'challenge': challenge}
         return self._jadeRpc('sign_identity', params)
 
-    def get_master_blinding_key(self):
+    def get_master_blinding_key(self, only_if_silent=False):
         """
         RPC call to fetch the master (SLIP-077) blinding key for the hw signer.
+        May block temporarily to request the user's permission to export.  Passing 'only_if_silent'
+        causes the call to return the 'denied' error if it would normally ask the user.
         NOTE: the master blinding key of any registered multisig wallets can be obtained from
         the result of `get_registered_multisigs()`.
 
+        Parameters
+        ----------
+        only_if_silent : boolean, optional
+            If True Jade will return the denied error if it would normally ask the user's permission
+            to export the master blinding key.  Passing False (or letting default) may block while
+            asking the user to confirm the export on Jade.
+
         Returns
         -------
         32-bytes
             SLIP-077 master blinding key
         """
-        return self._jadeRpc('get_master_blinding_key')
+        params = {'only_if_silent': only_if_silent}
+        return self._jadeRpc('get_master_blinding_key', params)
 
     def get_blinding_key(self, script, multisig_name=None):
         """

diff --git a/main/process/debug_set_mnemonic.c b/main/process/debug_set_mnemonic.c
@@ -110,6 +110,7 @@ void debug_set_mnemonic_process(void* process_ptr)
     // and remove the restriction on network-types.
     keychain_set(&keydata, (uint8_t)process->ctx.source, temporary_wallet);
     keychain_clear_network_type_restriction();
+    keychain_set_confirm_export_blinding_key(true);
 
     // To be consistent with normal wallet setup in mnemonic.c ...
     if (!temporary_wallet) {

diff --git a/main/process/get_master_blinding_key.c b/main/process/get_master_blinding_key.c
@@ -14,9 +14,17 @@ void get_master_blinding_key_process(void* process_ptr)
     // We expect a current message to be present
     ASSERT_CURRENT_MESSAGE(process, "get_master_blinding_key");
     ASSERT_KEYCHAIN_UNLOCKED_BY_MESSAGE_SOURCE(process);
+    GET_MSG_PARAMS(process);
 
+    // Ask the user if necessary
     if (keychain_get_confirm_export_blinding_key()) {
-        if (!await_yesno_activity(
+        // Optional field to suppress asking user for permission and instead
+        // error in the cases where we would normally need to ask the user.
+        bool onlyIfSilent = false;
+        rpc_get_boolean("only_if_silent", &params, &onlyIfSilent);
+
+        if (onlyIfSilent
+            || !await_yesno_activity(
                 "Blinding Key", "\n        Export master\n         blinding key?", true, "blkstrm.com/blindingkey")) {
             JADE_LOGW("User declined to export master blinding key");
             jade_process_reject_message(

diff --git a/test_jade.py b/test_jade.py
@@ -2511,7 +2511,17 @@ def test_liquid_blinding_keys(jadeapi):
     master_blinding_key = wally.asset_blinding_key_from_seed(seed)
     assert EXPECTED_MASTER_BLINDING_KEY == master_blinding_key[32:]  # 2nd half of full 512bits
 
-    # Get Liquid master blinding key
+    # Get Liquid master blinding key - errors if we pass the 'onlyIfSilent'
+    # flag, as would normally block while asking user.
+    try:
+        rslt = jadeapi.get_master_blinding_key(True)
+        assert False, "Expecting 'user declined' error"
+    except JadeError as e:
+        assert e.code == JadeError.USER_CANCELLED
+
+    # These ask the user to confirm which is fine
+    rslt = jadeapi.get_master_blinding_key(False)
+    assert rslt == EXPECTED_MASTER_BLINDING_KEY
     rslt = jadeapi.get_master_blinding_key()
     assert rslt == EXPECTED_MASTER_BLINDING_KEY