Merge pull request #10195

26cf4f9 ledger: throw on secret view key export rejection (tobtoht)

src/device/device_ledger.cpp

@@ -409,7 +409,7 @@ namespace hw {
       this->length_send = set_command_header_noopt(ins, p1);
       if (ins == INS_GET_KEY && p1 == IO_SECRET_KEY) {
         // export view key user input
-        this->exchange_wait_on_input();
+        CHECK_AND_ASSERT_THROW_MES(this->exchange_wait_on_input() == 0, "Key export rejected on device.");
       } else {
         this->exchange();
       }
@@ -618,15 +618,14 @@ namespace hw {
         send_simple(INS_GET_KEY, 0x02);
 
         //View key is retrievied, if allowed, to speed up blockchain parsing
-        memmove(this->viewkey.data,  this->buffer_recv+0,  32);
+        crypto::secret_key view_secret_key;
-        if (is_fake_view_key(this->viewkey)) {
+        memmove(view_secret_key.data, this->buffer_recv+0, 32);
-          MDEBUG("Have Not view key");
+
-          this->has_view_key = false;
+        CHECK_AND_ASSERT_THROW_MES(!is_fake_view_key(view_secret_key), "Key export rejected on device.");
-        } else {
+
-          MDEBUG("Have view key");
+        this->viewkey = view_secret_key;
-          this->has_view_key = true;
+        this->has_view_key = true;
-        }
+
-      
         #ifdef DEBUG_HWDEVICE
         send_simple(INS_GET_KEY, 0x04);
         memmove(dbg_viewkey.data, this->buffer_recv+0, 32);

src/device/device_ledger.hpp

@@ -177,8 +177,8 @@ namespace hw {
         HMACmap hmac_map;
 
         // To speed up blockchain parsing the view key maybe handle here.
-        crypto::secret_key viewkey;
+        crypto::secret_key viewkey = crypto::null_skey;
-        bool has_view_key;
+        bool has_view_key = false;
 
         device *controle_device;