trezor: Set p2sh multisig output script type correctly

[achow101]

P2SH outputs that are multisigs that belong to the wallet should be PAYTOMULTISIG

Fixes #624

[craigraw]

Results:

Signing with an m/45' derivation still works fine.

Signing with a m/45'/0/0/0 or m/45'/0'/0'/0 derivation is now different - the normal confirmation process on the Trezor starts, with the amounts being presented all the way to the confirmation of the locktime. No change detection is in place however, so all amounts must be confirmed. On acceptance of the locktime, HWI returns the error DataError: Forbidden key path and signing fails.

In addition, displaying the address using the --desc descriptor for all derivations still results in the error No path supplied matched device keys.

[matejcik]

it is surprising that "forbidden key path" happens after confirmation. It should either die at start, or not at all. This might be a Trezor bug.

Which Trezor model are you using? And is this still the same PSBT as in #624 ?

[craigraw]

Yes, same PSBT as before. This is signing with a Trezor One.

Interestingly I just updated to from firmware 1.10.5 to 1.11.1, and now I get DataError: Forbidden key path immediately on signing (no confirmations are displayed).

Edit: I also get the same error signing with the m/45' path now as well.

[matejcik]

ah, so a fixed bug :) Trezor now strongly enforces standard bip32 patterns. You will need to lower the safety checks setting to be able to use the nonstandard path.

[craigraw]

Thanks for the tip! After applying

trezorctl set safety-checks prompt

I was able to sign with m/45', m/45'/0/0/0 and m/45'/0'/0'/0 paths.