feat(wasm-utxo): implement single input signing methods

Add sign methods to BitGoPsbt to support signing individual inputs by index:

- Implement `sign` in JS that dispatches based on key type
- Add Rust `sign_with_xpriv` method for wallet inputs (BIP32)
- Add Rust `sign_with_privkey` method for raw private keys (ECPair)
- Handle MuSig2 inputs with existing first round state
- Support replay protection inputs with proper P2SH sighashing
- Add comprehensive tests and documentation

Issue: BTC-2786

Co-authored-by: llm-git <[email protected]>

Author: OttoAllmendinger

packages/wasm-utxo/js/fixedScriptWallet/BitGoPsbt.ts

@@ -142,6 +142,66 @@ export class BitGoPsbt {
     return this.wasm.verify_signature_with_pub(inputIndex, wasmECPair);
   }
 
+  /**
+   * Sign a single input with a private key
+   *
+   * This method signs a specific input using the provided key. It accepts either:
+   * - An xpriv (BIP32Arg: base58 string, BIP32 instance, or WasmBIP32) for wallet inputs - derives the key and signs
+   * - A raw privkey (ECPairArg: Buffer, ECPair instance, or WasmECPair) for replay protection inputs - signs directly
+   *
+   * This method automatically detects and handles different input types:
+   * - For regular inputs: uses standard PSBT signing
+   * - For MuSig2 inputs: uses the FirstRound state stored by generateMusig2Nonces()
+   * - For replay protection inputs: signs with legacy P2SH sighash
+   *
+   * @param inputIndex - The index of the input to sign (0-based)
+   * @param key - Either an xpriv (BIP32Arg) or a raw privkey (ECPairArg)
+   * @throws Error if signing fails, or if generateMusig2Nonces() was not called first for MuSig2 inputs
+   *
+   * @example
+   * ```typescript
+   * // Parse transaction to identify input types
+   * const parsed = psbt.parseTransactionWithWalletKeys(walletKeys, replayProtection);
+   *
+   * // Sign regular wallet inputs with xpriv
+   * for (let i = 0; i < parsed.inputs.length; i++) {
+   *   const input = parsed.inputs[i];
+   *   if (input.scriptId !== null && input.scriptType !== "p2shP2pk") {
+   *     psbt.sign(i, userXpriv);
+   *   }
+   * }
+   *
+   * // Sign replay protection inputs with raw privkey
+   * const userPrivkey = bip32.fromBase58(userXpriv).privateKey!;
+   * for (let i = 0; i < parsed.inputs.length; i++) {
+   *   const input = parsed.inputs[i];
+   *   if (input.scriptType === "p2shP2pk") {
+   *     psbt.sign(i, userPrivkey);
+   *   }
+   * }
+   * ```
+   */
+  sign(inputIndex: number, key: BIP32Arg | ECPairArg): void {
+    // Detect key type
+    // If string or has 'derive' method → BIP32Arg
+    // Otherwise → ECPairArg
+    if (
+      typeof key === "string" ||
+      (typeof key === "object" &&
+        key !== null &&
+        "derive" in key &&
+        typeof key.derive === "function")
+    ) {
+      // It's a BIP32Arg
+      const wasmKey = BIP32.from(key as BIP32Arg);
+      this.wasm.sign_with_xpriv(inputIndex, wasmKey.wasm);
+    } else {
+      // It's an ECPairArg
+      const wasmKey = ECPair.from(key as ECPairArg);
+      this.wasm.sign_with_privkey(inputIndex, wasmKey.wasm);
+    }
+  }
+
   /**
    * @deprecated - use verifySignature with the replay protection key instead
    *

packages/wasm-utxo/src/fixed_script_wallet/bitgo_psbt/mod.rs

@@ -426,6 +426,146 @@ impl BitGoPsbt {
             .map_err(|e| e.to_string())
     }
 
+    /// Sign a single input with a raw private key
+    ///
+    /// This method signs a specific input using the provided private key. It automatically
+    /// detects the input type and uses the appropriate signing method:
+    /// - Replay protection inputs (P2SH-P2PK): Signs with legacy P2SH sighash
+    /// - Regular inputs: Uses standard PSBT signing
+    /// - MuSig2 inputs: Returns error (requires FirstRound state, use sign_with_first_round)
+    ///
+    /// # Arguments
+    /// - `input_index`: The index of the input to sign
+    /// - `privkey`: The private key to sign with
+    ///
+    /// # Returns
+    /// - `Ok(())` if signing was successful
+    /// - `Err(String)` if signing fails or input type is not supported
+    pub fn sign_with_privkey(
+        &mut self,
+        input_index: usize,
+        privkey: &secp256k1::SecretKey,
+    ) -> Result<(), String> {
+        use miniscript::bitcoin::{
+            ecdsa::Signature as EcdsaSignature, hashes::Hash, sighash::SighashCache, PublicKey,
+        };
+
+        // Get network before mutable borrow
+        let network = self.network();
+        let is_testnet = network.is_testnet();
+
+        let psbt = self.psbt_mut();
+
+        // Check bounds
+        if input_index >= psbt.inputs.len() {
+            return Err(format!(
+                "Input index {} out of bounds (total inputs: {})",
+                input_index,
+                psbt.inputs.len()
+            ));
+        }
+
+        // Check if this is a MuSig2 input
+        if p2tr_musig2_input::Musig2Input::is_musig2_input(&psbt.inputs[input_index]) {
+            return Err(
+                "MuSig2 inputs cannot be signed with raw privkey. Use sign_with_first_round instead."
+                    .to_string(),
+            );
+        }
+
+        let secp = secp256k1::Secp256k1::new();
+
+        // Derive public key from private key
+        let public_key = PublicKey::from_slice(
+            &secp256k1::PublicKey::from_secret_key(&secp, privkey).serialize(),
+        )
+        .map_err(|e| format!("Failed to derive public key: {}", e))?;
+
+        // Check if this is a replay protection input (P2SH-P2PK)
+        if let Some(redeem_script) = &psbt.inputs[input_index].redeem_script.clone() {
+            // Try to extract pubkey from redeem script
+            if let Ok(redeem_pubkey) = Self::extract_pubkey_from_p2pk_redeem_script(redeem_script) {
+                // This is a replay protection input - verify the derived pubkey matches
+                if public_key != redeem_pubkey {
+                    return Err(
+                        "Public key mismatch: derived pubkey does not match redeem_script pubkey"
+                            .to_string(),
+                    );
+                }
+
+                // Sign the replay protection input with legacy P2SH sighash
+                let sighash_type = miniscript::bitcoin::sighash::EcdsaSighashType::All;
+                let cache = SighashCache::new(&psbt.unsigned_tx);
+                let sighash = cache
+                    .legacy_signature_hash(input_index, redeem_script, sighash_type.to_u32())
+                    .map_err(|e| format!("Failed to compute sighash: {}", e))?;
+
+                // Create ECDSA signature
+                let message = secp256k1::Message::from_digest(sighash.to_byte_array());
+                let signature = secp.sign_ecdsa(&message, privkey);
+                let ecdsa_sig = EcdsaSignature {
+                    signature,
+                    sighash_type,
+                };
+
+                // Add signature to partial_sigs
+                psbt.inputs[input_index]
+                    .partial_sigs
+                    .insert(public_key, ecdsa_sig);
+
+                return Ok(());
+            }
+        }
+
+        // For regular inputs (non-RP, non-MuSig2), use standard signing via miniscript
+        // This will handle legacy, SegWit, and Taproot script path inputs
+        match self {
+            BitGoPsbt::BitcoinLike(ref mut psbt, _network) => {
+                // Create a key provider that returns our single key
+                // Convert SecretKey to PrivateKey for the GetKey trait
+                // Note: The network parameter is only used for WIF serialization, not for signing
+                let bitcoin_network = if is_testnet {
+                    miniscript::bitcoin::Network::Testnet
+                } else {
+                    miniscript::bitcoin::Network::Bitcoin
+                };
+                let private_key = miniscript::bitcoin::PrivateKey::new(*privkey, bitcoin_network);
+                let key_map = std::collections::BTreeMap::from_iter([(public_key, private_key)]);
+
+                // Sign the PSBT
+                let result = psbt.sign(&key_map, &secp);
+
+                // Check if our specific input was signed
+                match result {
+                    Ok(signing_keys) => {
+                        if signing_keys.contains_key(&input_index) {
+                            Ok(())
+                        } else {
+                            Err(format!(
+                                "Input {} was not signed (no key found or already signed)",
+                                input_index
+                            ))
+                        }
+                    }
+                    Err((partial_success, errors)) => {
+                        // Check if there's an error for our specific input
+                        if let Some(error) = errors.get(&input_index) {
+                            Err(format!("Failed to sign input {}: {:?}", input_index, error))
+                        } else if partial_success.contains_key(&input_index) {
+                            // Input was signed successfully despite other errors
+                            Ok(())
+                        } else {
+                            Err(format!("Input {} was not signed", input_index))
+                        }
+                    }
+                }
+            }
+            BitGoPsbt::Zcash(_zcash_psbt, _network) => {
+                Err("Zcash signing not yet implemented".to_string())
+            }
+        }
+    }
+
     /// Sign the PSBT with the provided key.
     /// Wraps the underlying PSBT's sign method from miniscript::psbt::PsbtExt.
     ///

packages/wasm-utxo/src/wasm/ecpair.rs

@@ -41,6 +41,13 @@ impl WasmECPair {
     pub(crate) fn get_public_key(&self) -> PublicKey {
         self.key.public_key()
     }
+
+    /// Get the private key as a secp256k1::SecretKey (for internal Rust use)
+    pub(crate) fn get_private_key(&self) -> Result<SecretKey, WasmUtxoError> {
+        self.key
+            .secret_key()
+            .ok_or_else(|| WasmUtxoError::new("Cannot get private key from public-only ECPair"))
+    }
 }
 
 #[wasm_bindgen]

packages/wasm-utxo/src/wasm/fixed_script_wallet.rs

@@ -371,6 +371,139 @@ impl BitGoPsbt {
         Ok(())
     }
 
+    /// Sign a single input with an extended private key (xpriv)
+    ///
+    /// This method signs a specific input using the provided xpriv. It accepts:
+    /// - An xpriv (WasmBIP32) for wallet inputs - derives the key and signs
+    ///
+    /// This method automatically detects and handles different input types:
+    /// - For regular inputs: uses standard PSBT signing
+    /// - For MuSig2 inputs: uses the FirstRound state stored by generate_musig2_nonces()
+    /// - For replay protection inputs: returns error (use sign_with_privkey instead)
+    ///
+    /// # Arguments
+    /// - `input_index`: The index of the input to sign (0-based)
+    /// - `xpriv`: The extended private key as a WasmBIP32 instance
+    ///
+    /// # Returns
+    /// - `Ok(())` if signing was successful
+    /// - `Err(WasmUtxoError)` if signing fails
+    pub fn sign_with_xpriv(
+        &mut self,
+        input_index: usize,
+        xpriv: &WasmBIP32,
+    ) -> Result<(), WasmUtxoError> {
+        // Extract Xpriv from WasmBIP32
+        let xpriv = xpriv.to_xpriv()?;
+
+        let secp = miniscript::bitcoin::secp256k1::Secp256k1::new();
+
+        // Check if this is a MuSig2 input
+        let psbt = self.psbt.psbt();
+        if input_index >= psbt.inputs.len() {
+            return Err(WasmUtxoError::new(&format!(
+                "Input index {} out of bounds (total inputs: {})",
+                input_index,
+                psbt.inputs.len()
+            )));
+        }
+
+        if crate::fixed_script_wallet::bitgo_psbt::p2tr_musig2_input::Musig2Input::is_musig2_input(
+            &psbt.inputs[input_index],
+        ) {
+            // This is a MuSig2 input - use FirstRound signing
+            let xpub = miniscript::bitcoin::bip32::Xpub::from_priv(&secp, &xpriv);
+            let xpub_str = xpub.to_string();
+
+            // Remove the stored FirstRound for this (input, xpub) pair (it can only be used once)
+            let first_round = self.first_rounds.remove(&(input_index, xpub_str.clone()))
+                .ok_or_else(|| WasmUtxoError::new(&format!(
+                    "No FirstRound found for input {} and xpub {}. You must call generate_musig2_nonces() first.",
+                    input_index, xpub_str
+                )))?;
+
+            // Sign with the FirstRound
+            self.psbt
+                .sign_with_first_round(input_index, first_round, &xpriv)
+                .map_err(|e| {
+                    WasmUtxoError::new(&format!(
+                        "Failed to sign MuSig2 input {}: {}",
+                        input_index, e
+                    ))
+                })?;
+
+            Ok(())
+        } else {
+            // This is a regular input - use standard signing
+            // Sign the PSBT - this will attempt to sign all inputs but we only care about the result
+            // The miniscript sign method returns (SigningKeysMap, SigningErrors) on error
+            let result = self.psbt.sign(&xpriv, &secp);
+
+            // Check if this specific input was signed successfully
+            match result {
+                Ok(signing_keys) => {
+                    // Check if our input_index was in the successfully signed keys
+                    if signing_keys.contains_key(&input_index) {
+                        Ok(())
+                    } else {
+                        Err(WasmUtxoError::new(&format!(
+                            "Input {} was not signed (no key found or already signed)",
+                            input_index
+                        )))
+                    }
+                }
+                Err((partial_success, errors)) => {
+                    // Check if there's an error for our specific input
+                    if let Some(error) = errors.get(&input_index) {
+                        Err(WasmUtxoError::new(&format!(
+                            "Failed to sign input {}: {:?}",
+                            input_index, error
+                        )))
+                    } else if partial_success.contains_key(&input_index) {
+                        // Input was signed successfully despite other errors
+                        Ok(())
+                    } else {
+                        Err(WasmUtxoError::new(&format!(
+                            "Input {} was not signed",
+                            input_index
+                        )))
+                    }
+                }
+            }
+        }
+    }
+
+    /// Sign a single input with a raw private key
+    ///
+    /// This method signs a specific input using the provided ECPair. It accepts:
+    /// - A raw privkey (WasmECPair) for replay protection inputs - signs directly
+    ///
+    /// This method automatically detects and handles different input types:
+    /// - For replay protection inputs: signs with legacy P2SH sighash
+    /// - For regular inputs: uses standard PSBT signing
+    /// - For MuSig2 inputs: returns error (requires FirstRound, use sign_with_xpriv instead)
+    ///
+    /// # Arguments
+    /// - `input_index`: The index of the input to sign (0-based)
+    /// - `ecpair`: The ECPair containing the private key
+    ///
+    /// # Returns
+    /// - `Ok(())` if signing was successful
+    /// - `Err(WasmUtxoError)` if signing fails
+    pub fn sign_with_privkey(
+        &mut self,
+        input_index: usize,
+        ecpair: &WasmECPair,
+    ) -> Result<(), WasmUtxoError> {
+        // Extract private key from WasmECPair
+        let privkey = ecpair.get_private_key()?;
+
+        // Call the Rust implementation
+        self.psbt
+            .sign_with_privkey(input_index, &privkey)
+            .map_err(|e| WasmUtxoError::new(&format!("Failed to sign input: {}", e)))
+    }
+
     /// Finalize all inputs in the PSBT
     ///
     /// This method attempts to finalize all inputs in the PSBT, computing the final

packages/wasm-utxo/test/fixedScript/fixtureUtil.ts

@@ -7,6 +7,8 @@ import type { IWalletKeys } from "../../js/fixedScriptWallet/RootWalletKeys.js";
 import { BIP32, type BIP32Interface } from "../../js/bip32.js";
 import { RootWalletKeys } from "../../js/fixedScriptWallet/RootWalletKeys.js";
 import { ECPair } from "../../js/ecpair.js";
+import { fixedScriptWallet } from "../../js/index.js";
+import type { BitGoPsbt, NetworkName } from "../../js/fixedScriptWallet/index.js";
 
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = dirname(__filename);
@@ -103,6 +105,16 @@ export function getPsbtBuffer(fixture: Fixture): Buffer {
   return Buffer.from(fixture.psbtBase64, "base64");
 }
 
+/**
+ * Get BitGoPsbt from a fixture
+ * @param fixture - The test fixture
+ * @param networkName - The network name for deserializing the PSBT
+ * @returns A BitGoPsbt instance
+ */
+export function getBitGoPsbt(fixture: Fixture, networkName: NetworkName): BitGoPsbt {
+  return fixedScriptWallet.BitGoPsbt.fromBytes(getPsbtBuffer(fixture), networkName);
+}
+
 /**
  * Load a PSBT fixture from JSON file
  */