Signing multisig PSBTs on Trezor devices returns invalid signatures for Segwit script types

[craigraw]

I'm not sure how this escaped previous testing, but it appears the https://github.com/bitcoin-core/HWI/commit/e731395bde13362950e9f13e01689c475545e4dc in v2.2.0 has broken signing of multisig transactions on both Trezor One and Trezor T for Segwit script types on standard derivation paths. Signatures are returned, but are invalid and fail verification. The results of my testing as follows:

Script Type	Derivation Path	v2.1.1	v2.2.0
P2WSH	m/48'/1'/0'/2'	Yes	Fails verification
P2SH-P2WSH	m/48'/1'/0'/1'	Yes	Fails verification
P2SH	m/45'	Yes	Yes
P2SH	m/45'/0/0/0	Error: Multisig field provided but not expected	Yes

Testing also reveals the change in https://github.com/bitcoin-core/HWI/commit/e731395bde13362950e9f13e01689c475545e4dc is the sole reason for the difference between the two versions.

Firmware versions 2.5.3 & 1.11.0, bitcoin only.

[achow101]

Can you try #665?

[craigraw]

Thanks @achow101, confirmed working for all script types and derivation paths in the table above.

Would it be possible to do a 2.2.1 release for this? I'd like to do another Sparrow release shortly with this fix.

[achow101]

Will try to do a release with this a few other fixes soon.