diff --git a/core/src/apps/bitcoin/ownership.py b/core/src/apps/bitcoin/ownership.py index c82ab2248..f5ccd3e7e 100644 --- a/core/src/apps/bitcoin/ownership.py +++ b/core/src/apps/bitcoin/ownership.py @@ -66,7 +66,7 @@ def generate_proof( def verify_nonownership( proof: bytes, script_pubkey: bytes, - commitment_data: bytes, + commitment_data: Optional[bytes], keychain: Keychain, coin: CoinInfo, ) -> bool: @@ -92,7 +92,8 @@ def verify_nonownership( proof_body = proof[: r.offset] sighash = hashlib.sha256(proof_body) sighash.update(script_pubkey) - sighash.update(commitment_data) + if commitment_data: + sighash.update(commitment_data) script_sig, witness = read_bip322_signature_proof(r) # We don't call verifier.ensure_hash_type() to avoid possible compatibility diff --git a/core/src/apps/bitcoin/sign_tx/bitcoin.py b/core/src/apps/bitcoin/sign_tx/bitcoin.py index b28861751..28995fb12 100644 --- a/core/src/apps/bitcoin/sign_tx/bitcoin.py +++ b/core/src/apps/bitcoin/sign_tx/bitcoin.py @@ -245,7 +245,11 @@ class Bitcoin: ) -> None: if txi.ownership_proof: if not verify_nonownership( - txi.ownership_proof, script_pubkey, bytes(), self.keychain, self.coin + txi.ownership_proof, + script_pubkey, + txi.commitment_data, + self.keychain, + self.coin, ): raise wire.DataError("Invalid external input") else: diff --git a/core/src/apps/bitcoin/sign_tx/helpers.py b/core/src/apps/bitcoin/sign_tx/helpers.py index e64e2390a..ff5a9bfc8 100644 --- a/core/src/apps/bitcoin/sign_tx/helpers.py +++ b/core/src/apps/bitcoin/sign_tx/helpers.py @@ -276,6 +276,8 @@ def sanitize_tx_input(tx: TransactionType, coin: CoinInfo) -> TxInputType: if txi.script_type in common.SEGWIT_INPUT_SCRIPT_TYPES or txi.witness is not None: if not coin.segwit: raise wire.DataError("Segwit not enabled on this coin") + if txi.commitment_data and not txi.ownership_proof: + raise wire.DataError("commitment_data field provided but not expected.") return txi