From 26cf4f914134fa0808ca539e2d0e7d17aac125e1 Mon Sep 17 00:00:00 2001 From: tobtoht Date: Tue, 11 Nov 2025 20:51:52 +0100 Subject: [PATCH] ledger: throw on secret view key export rejection --- src/device/device_ledger.cpp | 19 +++++++++---------- src/device/device_ledger.hpp | 4 ++-- 2 files changed, 11 insertions(+), 12 deletions(-) diff --git a/src/device/device_ledger.cpp b/src/device/device_ledger.cpp index 5d0afe1ee..2709ba071 100644 --- a/src/device/device_ledger.cpp +++ b/src/device/device_ledger.cpp @@ -409,7 +409,7 @@ namespace hw { this->length_send = set_command_header_noopt(ins, p1); if (ins == INS_GET_KEY && p1 == IO_SECRET_KEY) { // export view key user input - this->exchange_wait_on_input(); + CHECK_AND_ASSERT_THROW_MES(this->exchange_wait_on_input() == 0, "Key export rejected on device."); } else { this->exchange(); } @@ -618,15 +618,14 @@ namespace hw { send_simple(INS_GET_KEY, 0x02); //View key is retrievied, if allowed, to speed up blockchain parsing - memmove(this->viewkey.data, this->buffer_recv+0, 32); - if (is_fake_view_key(this->viewkey)) { - MDEBUG("Have Not view key"); - this->has_view_key = false; - } else { - MDEBUG("Have view key"); - this->has_view_key = true; - } - + crypto::secret_key view_secret_key; + memmove(view_secret_key.data, this->buffer_recv+0, 32); + + CHECK_AND_ASSERT_THROW_MES(!is_fake_view_key(view_secret_key), "Key export rejected on device."); + + this->viewkey = view_secret_key; + this->has_view_key = true; + #ifdef DEBUG_HWDEVICE send_simple(INS_GET_KEY, 0x04); memmove(dbg_viewkey.data, this->buffer_recv+0, 32); diff --git a/src/device/device_ledger.hpp b/src/device/device_ledger.hpp index 03058c4f1..61ac6f9c8 100644 --- a/src/device/device_ledger.hpp +++ b/src/device/device_ledger.hpp @@ -177,8 +177,8 @@ namespace hw { HMACmap hmac_map; // To speed up blockchain parsing the view key maybe handle here. - crypto::secret_key viewkey; - bool has_view_key; + crypto::secret_key viewkey = crypto::null_skey; + bool has_view_key = false; device *controle_device;