Wrong signature for segwit transactions with multiple inputs

[achow101]

In trying to update HWI to get trusted inputs for segwit inputs, it seems like version 1.4.2 is producing incorrect signatures for transactions containing multiple segwit inputs.

I've largely been following the steps given in the documentation. Using btchip-python, I've been calling startUntrustedTransaction with inputs that have been trusted and using the scriptcodes for those inputs. Note that this is contrary to the documentation which says to use blank scriptcodes for this step in segwit transaction signing. However in my testing, using a blank scriptcode resulted in a bad signature. Then finalizeInput is done to set the outputs. Then for each input, startUntrustedTransaction is done again with only that input specified and its scriptcode. Then untrustedHashSign is done for just that input.

This works for segwit transactions with a single segwit input. But does not work for such transactions containing multiple inputs. For those transactions, a signature is produced, but the signature is not valid for that transaction.

The same code works on app version 1.3.14 (the default provided by speculos) with the change that getTrustedInput is not called for those segwit inputs.

[btchip]

1.4.0 introduced a regression if parsing an input sequence together with an empty script - the input sequence is to be sent in a diffeernt APDU. You can see a simple fix in https://github.com/LedgerHQ/btchip-python/commit/6c1d4e4da601b5dbab63cc9f9ad820835ba8fdd3

[gregdhill]

Linking my issue on ledgerjs for relevance; incorrect signature produced for tx with one segwit input.