Merge pull request #10196

e89922a ledger: throw on secret view key export rejection (tobtoht)

src/device/device_ledger.cpp

@@ -410,7 +410,7 @@ namespace hw {
       this->length_send = set_command_header_noopt(ins, p1);
       if (ins == INS_GET_KEY && p1 == IO_SECRET_KEY) {
         // export view key user input
-        this->exchange_wait_on_input();
+        CHECK_AND_ASSERT_THROW_MES(this->exchange_wait_on_input() == 0, "Key export rejected on device.");
       } else {
         this->exchange();
       }
@@ -619,14 +619,13 @@ namespace hw {
         send_simple(INS_GET_KEY, 0x02);
 
         //View key is retrievied, if allowed, to speed up blockchain parsing
-        memmove(this->viewkey.data,  this->buffer_recv+0,  32);
-        if (is_fake_view_key(this->viewkey)) {
-          MDEBUG("Have Not view key");
-          this->has_view_key = false;
-        } else {
-          MDEBUG("Have view key");
-          this->has_view_key = true;
-        }
+        crypto::secret_key view_secret_key;
+        memmove(view_secret_key.data, this->buffer_recv+0, 32);
+
+        CHECK_AND_ASSERT_THROW_MES(!is_fake_view_key(view_secret_key), "Key export rejected on device.");
+
+        this->viewkey = view_secret_key;
+        this->has_view_key = true;
 
         #ifdef DEBUG_HWDEVICE
         send_simple(INS_GET_KEY, 0x04);

src/device/device_ledger.hpp

@@ -172,8 +172,8 @@ namespace hw {
         HMACmap hmac_map;
 
         // To speed up blockchain parsing the view key maybe handle here.
-        crypto::secret_key viewkey;
-        bool has_view_key;
+        crypto::secret_key viewkey = crypto::null_skey;
+        bool has_view_key = false;
 
         device *controle_device;