From abc1f2b6102c900169a41f5a9fa69b002c6e32ba Mon Sep 17 00:00:00 2001
From: Christopher Jeffrey <chjjeffrey@gmail.com>
Date: Tue, 12 Jan 2016 02:55:35 -0800
Subject: [PATCH] signInput should test against keys.

---
 lib/bcoin/tx.js | 37 ++++++++++++++++++++++++++++++-------
 1 file changed, 30 insertions(+), 7 deletions(-)

diff --git a/lib/bcoin/tx.js b/lib/bcoin/tx.js
index 6858a33f..2b852032 100644
--- a/lib/bcoin/tx.js
+++ b/lib/bcoin/tx.js
@@ -215,7 +215,7 @@ TX.prototype.scriptInput = function scriptInput(index, pub, redeem) {
 // Sign the now-built scriptSigs
 TX.prototype.signInput = function signInput(index, key, type) {
   var input, s, hash, signature;
-  var len, redeem, m, n, keys, pub, pubn, ki, signatures, i;
+  var len, redeem, m, n, keys, pub, pubn, pkh, pkhn, ki, signatures, i;
 
   if (typeof index !== 'number')
     index = this.inputs.indexOf(index);
@@ -254,6 +254,12 @@ TX.prototype.signInput = function signInput(index, key, type) {
   // Add the sighash as a single byte to the signature
   signature = signature.concat(type);
 
+  // Get compressed and uncompressed pubkeys.
+  pub = key.getPublic(true, 'array');
+  pubn = key.getPublic(false, 'array');
+  pkh = bcoin.wallet.key2hash(pub);
+  pkhn = bcoin.wallet.key2hash(pubn);
+
   // Script length, needed for multisig
   len = input.script.length;
 
@@ -267,13 +273,32 @@ TX.prototype.signInput = function signInput(index, key, type) {
   // Add signatures.
   if (bcoin.script.isPubkey(s)) {
     // P2PK
-    if (Array.isArray(input.script[0]) && !input.script[0].length)
-      input.script[0] = signature;
+    if (!Array.isArray(input.script[0]))
+      return false;
+
+    if (input.script[0].length)
+      return true;
+
+    // Make sure the pubkey is ours.
+    if (!utils.isEqual(s[0], pub) && !utils.isEqual(s[0], pubn))
+      return false;
+
+    input.script[0] = signature;
+
     return true;
   } else if (bcoin.script.isPubkeyhash(s)) {
     // P2PKH
-    if (Array.isArray(input.script[0]) && !input.script[0].length)
-      input.script[0] = signature;
+    if (!Array.isArray(input.script[0]))
+      return false;
+
+    if (input.script[0].length)
+      return true;
+
+    // Make sure the pubkey hash is ours.
+    if (!utils.isEqual(s[2], pkh) && !utils.isEqual(s[2], pkhn))
+      return false;
+
+    input.script[0] = signature;
     return true;
   } else if (bcoin.script.isMultisig(s)) {
     // Multisig
@@ -315,8 +340,6 @@ TX.prototype.signInput = function signInput(index, key, type) {
     // Grab the redeem script's keys to figure
     // out where our key should go.
     keys = s.slice(1, -2);
-    pub = key.getPublic(true, 'array');
-    pubn = key.getPublic(false, 'array');
 
     // Find the key index so we can place
     // the signature in the same index.