Merge pull request #1932 from bitcoinjs/fix/validate-sigs

Fix: Find hashes WITHOUT leafHash instead

Author: junderw

CHANGELOG.md

@@ -1,3 +1,7 @@
+# 6.1.2
+__fixed__
+- validateSignaturesOfInput for taproot inputs returned true for invalid signatures in specific cases. (#1932)
+
 # 6.1.1
 __added__
 - add example using BIP86 vector to verify the sending to and from a BIP86 generated taproot address

package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "bitcoinjs-lib",
-  "version": "6.1.1",
+  "version": "6.1.2",
   "description": "Client-side Bitcoin JavaScript library",
   "main": "./src/index.js",
   "types": "./src/index.d.ts",

package.json

@@ -468,14 +468,16 @@ class Psbt {
           this.__CACHE,
         );
     if (!allHashses.length) throw new Error('No signatures for this pubkey');
-    const tapKeyHash = allHashses.find(h => !!h.leafHash);
+    const tapKeyHash = allHashses.find(h => !h.leafHash);
+    let validationResultCount = 0;
     if (tapKeySig && tapKeyHash) {
       const isValidTapkeySig = validator(
         tapKeyHash.pubkey,
         tapKeyHash.hash,
-        tapKeySig,
+        trimTaprootSig(tapKeySig),
       );
       if (!isValidTapkeySig) return false;
+      validationResultCount++;
     }
     if (tapScriptSig) {
       for (const tapSig of tapScriptSig) {
@@ -484,13 +486,14 @@ class Psbt {
           const isValidTapScriptSig = validator(
             tapSig.pubkey,
             tapSigHash.hash,
-            tapSig.signature,
+            trimTaprootSig(tapSig.signature),
           );
           if (!isValidTapScriptSig) return false;
+          validationResultCount++;
         }
       }
     }
-    return true;
+    return validationResultCount > 0;
   }
   signAllInputsHD(
     hdKeyPair,
@@ -1292,6 +1295,9 @@ function getAllTaprootHashesForSig(inputIndex, input, inputs, cache) {
   );
   return allHashes.flat();
 }
+function trimTaprootSig(signature) {
+  return signature.length === 64 ? signature : signature.subarray(1);
+}
 function getTaprootHashesForSig(
   inputIndex,
   input,

src/psbt.js

@@ -598,6 +598,37 @@ describe('bitcoinjs-lib (transaction with taproot)', () => {
       });
     }
   });
+
+  it('should fail validating invalid signatures for taproot (See issue #1931)', () => {
+    const schnorrValidator = (
+      pubkey: Buffer,
+      msghash: Buffer,
+      signature: Buffer,
+    ) => {
+      return ecc.verifySchnorr(msghash, pubkey, signature);
+    };
+
+    const psbtBase64 =
+      `cHNidP8BAFICAAAAAe1h73A6zedruNERV6JU7Ty1IlYZh2KO1cBklZqCMEy8AAAAAAD/////ARA
+      nAAAAAAAAFgAUS0GlfqWSeEWIpwPwrvRIjBbJQroAAAAAAAEA/TgBAQAAAAABAnGJ6st1FIvYLEV
+      bJMQaZ3HSOJnkw5C+ViCuJYiFEYosAAAAAAD9////xuZd0xArNSaBuElLX3nzjwtZW95O7L/wbz9
+      4v+v0vuYAAAAAAP3///8CECcAAAAAAAAiUSAVbMSHgwYVdyBgfNy0syr6TMaFOGhFjXJYuQcRLlp
+      DS8hgBwAAAAAAIlEgthWGz3o2R7WpgjIK52ODoEaA/0HcImSUjVk6agZgghwBQIP9WWErMfeBBYy
+      uHuSZS7MdXVICtlFgNveDrvuXeQGSZl1gGG6/r3Aw7h9TifGtoA+7JwYBjLMcEG6hbeyQGXIBQNS
+      qKH1p/NFzO9bxe9vpvBZQIaX5Qa9SY2NfNCgSRNabmX5EiaihWcLC+ALgchm7DUfYrAmi1r4uSI/
+      YaQ1lq8gAAAAAAQErECcAAAAAAAAiUSAVbMSHgwYVdyBgfNy0syr6TMaFOGhFjXJYuQcRLlpDSwE
+      DBIMAAAABCEMBQZUpv6e1Hwfpi/PpglkkK/Rx40vZIIHwtJ7dXWFZ5TcZUEelCnfKOAWZ4xWjauY
+      M2y+JcgFcVsuPzPuiM+z5AH+DARNBlSm/p7UfB+mL8+mCWSQr9HHjS9kggfC0nt1dYVnlNxlQR6U
+      Kd8o4BZnjFaNq5gzbL4lyAVxWy4/M+6Iz7PkAf4MBFyC6ZCT2zZVrEbkw/T1fyS8eLKQaP2MH6rz
+      dlMauGvQzLQAA`.replace(/\s+/g, '');
+
+    const psbt = bitcoin.Psbt.fromBase64(psbtBase64);
+
+    assert(
+      !psbt.validateSignaturesOfAllInputs(schnorrValidator),
+      'Should fail validation',
+    );
+  });
 });
 
 function buildLeafIndexFinalizer(

test/integration/taproot.spec.ts

@@ -606,14 +606,16 @@ export class Psbt {
 
     if (!allHashses.length) throw new Error('No signatures for this pubkey');
 
-    const tapKeyHash = allHashses.find(h => !!h.leafHash);
+    const tapKeyHash = allHashses.find(h => !h.leafHash);
+    let validationResultCount = 0;
     if (tapKeySig && tapKeyHash) {
       const isValidTapkeySig = validator(
         tapKeyHash.pubkey,
         tapKeyHash.hash,
-        tapKeySig,
+        trimTaprootSig(tapKeySig),
       );
       if (!isValidTapkeySig) return false;
+      validationResultCount++;
     }
 
     if (tapScriptSig) {
@@ -623,14 +625,15 @@ export class Psbt {
           const isValidTapScriptSig = validator(
             tapSig.pubkey,
             tapSigHash.hash,
-            tapSig.signature,
+            trimTaprootSig(tapSig.signature),
           );
           if (!isValidTapScriptSig) return false;
+          validationResultCount++;
         }
       }
     }
 
-    return true;
+    return validationResultCount > 0;
   }
 
   signAllInputsHD(
@@ -1714,6 +1717,10 @@ function getAllTaprootHashesForSig(
   return allHashes.flat();
 }
 
+function trimTaprootSig(signature: Buffer): Buffer {
+  return signature.length === 64 ? signature : signature.subarray(1);
+}
+
 function getTaprootHashesForSig(
   inputIndex: number,
   input: PsbtInput,