mirror of
https://github.com/trezor/trezor-firmware.git
synced 2025-01-09 06:50:58 +00:00
signing/multisig: check if pubkey is part of multisig msg
This commit is contained in:
parent
2c2f2ff97b
commit
8715e20b79
@ -6,6 +6,13 @@ from trezor.messages.HDNodePathType import HDNodePathType
|
||||
from apps.wallet.sign_tx.writers import *
|
||||
|
||||
|
||||
def multisig_pubkey_index(multisig: MultisigRedeemScriptType, pubkey: bytes) -> int:
|
||||
for i, hd in enumerate(multisig.pubkeys):
|
||||
if multisig_get_pubkey(hd) == pubkey:
|
||||
return i
|
||||
return -1
|
||||
|
||||
|
||||
def multisig_get_pubkey(hd: HDNodePathType) -> bytes:
|
||||
p = hd.address_n
|
||||
n = hd.node
|
||||
|
@ -238,9 +238,10 @@ async def sign_tx(tx: SignTx, root):
|
||||
key_sign = node_derive(root, txi.address_n)
|
||||
key_sign_pub = key_sign.public_key()
|
||||
# for the signing process the script_sig is equal
|
||||
# to the scriptPubKey (P2PKH) or a redeem script (P2SH)
|
||||
# to the previous tx's scriptPubKey (P2PKH) or a redeem script (P2SH)
|
||||
if txi_sign.script_type == InputScriptType.SPENDMULTISIG:
|
||||
txi_sign.script_sig = script_multisig(multisig_get_pubkeys(txi_sign.multisig), txi_sign.multisig.m)
|
||||
txi_sign.script_sig = script_multisig(multisig_get_pubkeys(txi_sign.multisig),
|
||||
txi_sign.multisig.m)
|
||||
elif txi_sign.script_type == InputScriptType.SPENDADDRESS:
|
||||
txi_sign.script_sig = output_script_p2pkh(
|
||||
ecdsa_hash_pubkey(key_sign_pub))
|
||||
@ -270,6 +271,13 @@ async def sign_tx(tx: SignTx, root):
|
||||
raise SigningError(FailureType.ProcessError,
|
||||
'Transaction has changed during signing')
|
||||
|
||||
# if multisig, check if singing with a key that is included in multisig
|
||||
if txi_sign.multisig:
|
||||
pubkey_idx = multisig_pubkey_index(txi_sign.multisig, key_sign_pub)
|
||||
if pubkey_idx < 0:
|
||||
raise SigningError(FailureType.DataError,
|
||||
'Pubkey not found in multisig script')
|
||||
|
||||
# compute the signature from the tx digest
|
||||
signature = ecdsa_sign(key_sign, get_tx_hash(h_sign, True))
|
||||
tx_ser.signature_index = i_sign
|
||||
|
Loading…
Reference in New Issue
Block a user