From 416eb3683b4ea141cc7392156daac1035ebc6466 Mon Sep 17 00:00:00 2001 From: Ava Chow Date: Wed, 8 Jan 2025 16:47:55 -0500 Subject: [PATCH] rpc, psbt: Require sighashes match for descriptorprocesspsbt --- src/rpc/rawtransaction.cpp | 6 ++++-- test/functional/rpc_psbt.py | 16 ++++++++++++++++ 2 files changed, 20 insertions(+), 2 deletions(-) diff --git a/src/rpc/rawtransaction.cpp b/src/rpc/rawtransaction.cpp index 63b0ecd1e2b..9f349196a44 100644 --- a/src/rpc/rawtransaction.cpp +++ b/src/rpc/rawtransaction.cpp @@ -235,8 +235,10 @@ PartiallySignedTransaction ProcessPSBT(const std::string& psbt_string, const std // Note that SignPSBTInput does a lot more than just constructing ECDSA signatures. // We only actually care about those if our signing provider doesn't hide private // information, as is the case with `descriptorprocesspsbt` - // As such, we ignore the return value as any errors just mean that we do not have enough information. - SignPSBTInput(provider, psbtx, /*index=*/i, &txdata, sighash_type, /*out_sigdata=*/nullptr, finalize); + // Only error for mismatching sighash types as it is critical that the sighash to sign with matches the PSBT's + if (SignPSBTInput(provider, psbtx, /*index=*/i, &txdata, sighash_type, /*out_sigdata=*/nullptr, finalize) == common::PSBTError::SIGHASH_MISMATCH) { + throw JSONRPCPSBTError(common::PSBTError::SIGHASH_MISMATCH); + } } // Update script/keypath information using descriptor data. diff --git a/test/functional/rpc_psbt.py b/test/functional/rpc_psbt.py index f86db006f8f..e270a080c21 100755 --- a/test/functional/rpc_psbt.py +++ b/test/functional/rpc_psbt.py @@ -241,6 +241,22 @@ class PSBTTest(BitcoinTestFramework): proc = wallet.walletprocesspsbt(psbt, True, "ALL|ANYONECANPAY") assert_equal(proc["complete"], True) + # Repeat with descriptorprocesspsbt + # Mismatching sighash type fails + assert_raises_rpc_error(-22, "Specified sighash value does not match value stored in PSBT", self.nodes[0].descriptorprocesspsbt, psbt, descs, "DEFAULT") + assert_raises_rpc_error(-22, "Specified sighash value does not match value stored in PSBT", self.nodes[0].descriptorprocesspsbt, psbt, descs, "ALL") + assert_raises_rpc_error(-22, "Specified sighash value does not match value stored in PSBT", self.nodes[0].descriptorprocesspsbt, psbt, descs, "NONE") + assert_raises_rpc_error(-22, "Specified sighash value does not match value stored in PSBT", self.nodes[0].descriptorprocesspsbt, psbt, descs, "SINGLE") + assert_raises_rpc_error(-22, "Specified sighash value does not match value stored in PSBT", self.nodes[0].descriptorprocesspsbt, psbt, descs, "NONE|ANYONECANPAY") + assert_raises_rpc_error(-22, "Specified sighash value does not match value stored in PSBT", self.nodes[0].descriptorprocesspsbt, psbt, descs, "SINGLE|ANYONECANPAY") + + # No sighash type specified fails + assert_raises_rpc_error(-22, "Specified sighash value does not match value stored in PSBT", self.nodes[0].descriptorprocesspsbt, psbt, descs) + + # Matching sighash type succeeds + proc = self.nodes[0].descriptorprocesspsbt(psbt, descs, "ALL|ANYONECANPAY") + assert_equal(proc["complete"], True) + wallet.unloadwallet() def test_sighash_adding(self):