From 0cceac173ee2eabb935afa874e94a11967dce316 Mon Sep 17 00:00:00 2001
From: Jack Grigg <jack@electriccoin.co>
Date: Mon, 9 Dec 2024 09:28:14 +0000
Subject: [PATCH] pczt: Verify tx version before using `v5_signature_hash`

---
 pczt/src/roles/io_finalizer/mod.rs | 10 +++++++++-
 pczt/src/roles/signer/mod.rs       |  7 +++++++
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/pczt/src/roles/io_finalizer/mod.rs b/pczt/src/roles/io_finalizer/mod.rs
index d99f591c0d..d013292349 100644
--- a/pczt/src/roles/io_finalizer/mod.rs
+++ b/pczt/src/roles/io_finalizer/mod.rs
@@ -9,7 +9,7 @@ use crate::{
         FLAG_SHIELDED_MODIFIABLE, FLAG_TRANSPARENT_INPUTS_MODIFIABLE,
         FLAG_TRANSPARENT_OUTPUTS_MODIFIABLE,
     },
-    Pczt,
+    Pczt, V5_TX_VERSION, V5_VERSION_GROUP_ID,
 };
 
 use super::signer::pczt_to_tx_data;
@@ -65,6 +65,13 @@ impl IoFinalizer {
         let txid_parts = tx_data.digest(TxIdDigester);
 
         // TODO: Pick sighash based on tx version.
+        match (global.tx_version, global.version_group_id) {
+            (V5_TX_VERSION, V5_VERSION_GROUP_ID) => Ok(()),
+            (version, version_group_id) => Err(Error::UnsupportedTxVersion {
+                version,
+                version_group_id,
+            }),
+        }?;
         let shielded_sighash = v5_signature_hash(&tx_data, &SignableInput::Shielded, &txid_parts)
             .as_ref()
             .try_into()
@@ -97,6 +104,7 @@ pub enum Error {
     SaplingParse(sapling::pczt::ParseError),
     Sign(super::signer::Error),
     TransparentParse(transparent::pczt::ParseError),
+    UnsupportedTxVersion { version: u32, version_group_id: u32 },
 }
 
 impl From<super::signer::Error> for Error {
diff --git a/pczt/src/roles/signer/mod.rs b/pczt/src/roles/signer/mod.rs
index 2baae6d885..bdb74db9bd 100644
--- a/pczt/src/roles/signer/mod.rs
+++ b/pczt/src/roles/signer/mod.rs
@@ -52,6 +52,13 @@ impl Signer {
         let txid_parts = tx_data.digest(TxIdDigester);
 
         // TODO: Pick sighash based on tx version.
+        match (global.tx_version, global.version_group_id) {
+            (V5_TX_VERSION, V5_VERSION_GROUP_ID) => Ok(()),
+            (version, version_group_id) => Err(Error::Global(GlobalError::UnsupportedTxVersion {
+                version,
+                version_group_id,
+            })),
+        }?;
         let shielded_sighash = v5_signature_hash(&tx_data, &SignableInput::Shielded, &txid_parts)
             .as_ref()
             .try_into()