core/bitcoin: Check ownership proofs using the provided commitment data.

core/src/apps/bitcoin/ownership.py

@@ -66,7 +66,7 @@ def generate_proof(
 def verify_nonownership(
     proof: bytes,
     script_pubkey: bytes,
-    commitment_data: bytes,
+    commitment_data: Optional[bytes],
     keychain: Keychain,
     coin: CoinInfo,
 ) -> bool:
@@ -92,7 +92,8 @@ def verify_nonownership(
         proof_body = proof[: r.offset]
         sighash = hashlib.sha256(proof_body)
         sighash.update(script_pubkey)
-        sighash.update(commitment_data)
+        if commitment_data:
+            sighash.update(commitment_data)
         script_sig, witness = read_bip322_signature_proof(r)
 
         # We don't call verifier.ensure_hash_type() to avoid possible compatibility

core/src/apps/bitcoin/sign_tx/bitcoin.py

@@ -245,7 +245,11 @@ class Bitcoin:
     ) -> None:
         if txi.ownership_proof:
             if not verify_nonownership(
-                txi.ownership_proof, script_pubkey, bytes(), self.keychain, self.coin
+                txi.ownership_proof,
+                script_pubkey,
+                txi.commitment_data,
+                self.keychain,
+                self.coin,
             ):
                 raise wire.DataError("Invalid external input")
         else:

core/src/apps/bitcoin/sign_tx/helpers.py

@@ -276,6 +276,8 @@ def sanitize_tx_input(tx: TransactionType, coin: CoinInfo) -> TxInputType:
     if txi.script_type in common.SEGWIT_INPUT_SCRIPT_TYPES or txi.witness is not None:
         if not coin.segwit:
             raise wire.DataError("Segwit not enabled on this coin")
+    if txi.commitment_data and not txi.ownership_proof:
+        raise wire.DataError("commitment_data field provided but not expected.")
     return txi