Check redeem script matches when signing PSBT input

src/psbt.js

@@ -1,6 +1,7 @@
 'use strict';
 Object.defineProperty(exports, '__esModule', { value: true });
 const bip174_1 = require('bip174');
+const payments = require('./payments');
 const transaction_1 = require('./transaction');
 class Psbt extends bip174_1.Psbt {
   constructor() {
@@ -32,7 +33,6 @@ class Psbt extends bip174_1.Psbt {
     //     assert False
     const input = this.inputs[inputIndex];
     if (input === undefined) throw new Error(`No input #${inputIndex}`);
-    // If a non-witness UTXO is provided, its hash must match the hash specified in the prevout
     if (input.nonWitnessUtxo) {
       const unsignedTx = transaction_1.Transaction.fromBuffer(
         this.globalMap.unsignedTx,
@@ -40,13 +40,27 @@ class Psbt extends bip174_1.Psbt {
       const nonWitnessUtxoTx = transaction_1.Transaction.fromBuffer(
         input.nonWitnessUtxo,
       );
-      const inputHash = unsignedTx.ins[inputIndex].hash;
+      const prevoutHash = unsignedTx.ins[inputIndex].hash;
       const utxoHash = nonWitnessUtxoTx.getHash();
-      if (Buffer.compare(inputHash, utxoHash) !== 0) {
+      // If a non-witness UTXO is provided, its hash must match the hash specified in the prevout
+      if (Buffer.compare(prevoutHash, utxoHash) !== 0) {
         throw new Error(
           `Non-witness UTXO hash for input #${inputIndex} doesn't match the hash specified in the prevout`,
         );
       }
+      if (input.redeemScript) {
+        const prevoutIndex = unsignedTx.ins[inputIndex].index;
+        const prevout = nonWitnessUtxoTx.outs[prevoutIndex];
+        const redeemScriptOutput = payments.p2sh({
+          redeem: { output: input.redeemScript },
+        }).output;
+        // If a redeemScript is provided, the scriptPubKey must be for that redeemScript
+        if (Buffer.compare(prevout.script, redeemScriptOutput) !== 0) {
+          throw new Error(
+            `Redeem script for input #${inputIndex} doesn't match the scriptPubKey in the prevout`,
+          );
+        }
+      }
     }
     // TODO: Get hash to sign
     const hash = Buffer.alloc(32);

ts_src/psbt.ts

@@ -1,5 +1,6 @@
 import { Psbt as PsbtBase } from 'bip174';
 import { Signer } from './ecpair';
+import * as payments from './payments';
 import { Transaction } from './transaction';
 
 export class Psbt extends PsbtBase {
@@ -35,19 +36,35 @@ export class Psbt extends PsbtBase {
     const input = this.inputs[inputIndex];
     if (input === undefined) throw new Error(`No input #${inputIndex}`);
 
-    // If a non-witness UTXO is provided, its hash must match the hash specified in the prevout
     if (input.nonWitnessUtxo) {
       const unsignedTx = Transaction.fromBuffer(this.globalMap.unsignedTx!);
       const nonWitnessUtxoTx = Transaction.fromBuffer(input.nonWitnessUtxo);
 
-      const inputHash = unsignedTx.ins[inputIndex].hash;
+      const prevoutHash = unsignedTx.ins[inputIndex].hash;
       const utxoHash = nonWitnessUtxoTx.getHash();
 
-      if (Buffer.compare(inputHash, utxoHash) !== 0) {
+      // If a non-witness UTXO is provided, its hash must match the hash specified in the prevout
+      if (Buffer.compare(prevoutHash, utxoHash) !== 0) {
         throw new Error(
           `Non-witness UTXO hash for input #${inputIndex} doesn't match the hash specified in the prevout`,
         );
       }
+
+      if (input.redeemScript) {
+        const prevoutIndex = unsignedTx.ins[inputIndex].index;
+        const prevout = nonWitnessUtxoTx.outs[prevoutIndex];
+
+        const redeemScriptOutput = payments.p2sh({
+          redeem: { output: input.redeemScript },
+        }).output as Buffer;
+
+        // If a redeemScript is provided, the scriptPubKey must be for that redeemScript
+        if (Buffer.compare(prevout.script, redeemScriptOutput) !== 0) {
+          throw new Error(
+            `Redeem script for input #${inputIndex} doesn't match the scriptPubKey in the prevout`,
+          );
+        }
+      }
     }
 
     // TODO: Get hash to sign