core/bitcoin: Check ownership proofs using the provided commitment data.

4 years ago · 295710c37d
parent 5d745d5d04
commit 295710c37d
3 changed files with 10 additions and 3 deletions
--- a/core/src/apps/bitcoin/ownership.py
+++ b/core/src/apps/bitcoin/ownership.py
@ -66,7 +66,7 @@ def generate_proof(
 def verify_nonownership(
    proof: bytes,
    script_pubkey: bytes,
-    commitment_data: bytes,
+    commitment_data: Optional[bytes],
    keychain: Keychain,
    coin: CoinInfo,
 ) -> bool:
@ -92,7 +92,8 @@ def verify_nonownership(
        proof_body = proof[: r.offset]
        sighash = hashlib.sha256(proof_body)
        sighash.update(script_pubkey)
-        sighash.update(commitment_data)
+        if commitment_data:
+            sighash.update(commitment_data)
        script_sig, witness = read_bip322_signature_proof(r)

        # We don't call verifier.ensure_hash_type() to avoid possible compatibility
--- a/core/src/apps/bitcoin/sign_tx/bitcoin.py
+++ b/core/src/apps/bitcoin/sign_tx/bitcoin.py
@ -245,7 +245,11 @@ class Bitcoin:
    ) -> None:
        if txi.ownership_proof:
            if not verify_nonownership(
-                txi.ownership_proof, script_pubkey, bytes(), self.keychain, self.coin
+                txi.ownership_proof,
+                script_pubkey,
+                txi.commitment_data,
+                self.keychain,
+                self.coin,
            ):
                raise wire.DataError("Invalid external input")
        else:
--- a/core/src/apps/bitcoin/sign_tx/helpers.py
+++ b/core/src/apps/bitcoin/sign_tx/helpers.py
@ -276,6 +276,8 @@ def sanitize_tx_input(tx: TransactionType, coin: CoinInfo) -> TxInputType:
    if txi.script_type in common.SEGWIT_INPUT_SCRIPT_TYPES or txi.witness is not None:
        if not coin.segwit:
            raise wire.DataError("Segwit not enabled on this coin")
+    if txi.commitment_data and not txi.ownership_proof:
+        raise wire.DataError("commitment_data field provided but not expected.")
    return txi