psbt: add support for caching when generating signature hashes/signing

Having the cache as part of the PSBT is not ideal, but it allows us to
support caching without having to modify a bunch of psbt calls in an
incompatible fashion.

Also includes a drive-by fix to add genesis_blockhash to the tests
ctypes wrapper, as it was missed previously.

Author: jgriffiths

include/wally.hpp

@@ -1641,6 +1641,17 @@ inline int psbt_sign_input_bip32(const PSBT& psbt, size_t index, size_t subindex
     return detail::check_ret(__FUNCTION__, ret);
 }
 
+inline int psbt_signing_cache_disable(struct wally_psbt* psbt) {
+    int ret = ::wally_psbt_signing_cache_disable(psbt);
+    return detail::check_ret(__FUNCTION__, ret);
+}
+
+template <class PSBT>
+inline int psbt_signing_cache_enable(const PSBT& psbt, uint32_t flags) {
+    int ret = ::wally_psbt_signing_cache_enable(detail::get_p(psbt), flags);
+    return detail::check_ret(__FUNCTION__, ret);
+}
+
 template <class PSBT>
 inline int psbt_to_base64(const PSBT& psbt, uint32_t flags, char** output) {
     int ret = ::wally_psbt_to_base64(detail::get_p(psbt), flags, output);

include/wally_psbt.h

@@ -141,6 +141,7 @@ struct wally_psbt {
     uint32_t pset_modifiable_flags;
     unsigned char genesis_blockhash[SHA256_LEN]; /* All zeros if not present */
 #endif /* WALLY_ABI_NO_ELEMENTS */
+    struct wally_map *signing_cache;
 };
 #endif /* SWIG */
 
@@ -2592,6 +2593,36 @@ WALLY_CORE_API int wally_psbt_blind_alloc(
     struct wally_map **output);
 #endif /* WALLY_ABI_NO_ELEMENTS */
 
+/**
+ * Enable caching of intermediate data when signing a PSBT.
+ *
+ * This function should be called just before signing a PSBT or the first
+ * input being signed, or before computing a signature hash for the PSBT.
+ * If the PSBT is modified in a way that would affect the signatures produced,
+ * this function should be called again to ensure that old cached data is
+ * purged before signing again.
+ *
+ * :param psbt: PSBT to enable the signing cache for. Directly modifies this PSBT.
+ * :param flags: Flags controlling the signing cache. Must be 0.
+ *
+ * .. note:: The signing cache is local to the given PSBT and is not
+ *|    serialized with it.
+ */
+WALLY_CORE_API int wally_psbt_signing_cache_enable(
+    struct wally_psbt *psbt,
+    uint32_t flags);
+
+/**
+ * Disable caching of intermediate data when signing a PSBT.
+ *
+ * This function can be called at any time to ensure that the PSBT signing
+ * cache data is not reused when signing again.
+ *
+ * :param psbt: PSBT to disable the signing cache for. Directly modifies this PSBT.
+ */
+WALLY_CORE_API int wally_psbt_signing_cache_disable(
+    struct wally_psbt *psbt);
+
 /**
  * Sign PSBT inputs corresponding to a given private key.
  *

src/psbt.c

@@ -10,6 +10,7 @@
 #include "script_int.h"
 #include "script.h"
 #include "pullpush.h"
+#include "tx_io.h"
 
 /* TODO:
  * - When setting utxo in an input via the psbt (in the SWIG
@@ -1308,6 +1309,7 @@ int wally_psbt_free(struct wally_psbt *psbt)
 #ifdef BUILD_ELEMENTS
         wally_map_clear(&psbt->global_scalars);
 #endif /* BUILD_ELEMENTS */
+        wally_psbt_signing_cache_disable(psbt);
         clear_and_free(psbt, sizeof(*psbt));
     }
     return WALLY_OK;
@@ -4528,7 +4530,7 @@ int wally_psbt_get_input_signature_hash(struct wally_psbt *psbt, size_t index,
                     NULL, 0,
                     psbt->genesis_blockhash, sizeof(psbt->genesis_blockhash),
                     sighash, WALLY_SIGTYPE_SW_V1,
-                    NULL, bytes_out, len);
+                    psbt->signing_cache, bytes_out, len);
 
         wally_free(scripts.items); /* No need to clear the value pointers */
         wally_free(values.items);
@@ -4720,6 +4722,24 @@ int wally_psbt_sign(struct wally_psbt *psbt,
     return ret;
 }
 
+int wally_psbt_signing_cache_enable(struct wally_psbt *psbt, uint32_t flags)
+{
+    if (!psbt || flags)
+        return WALLY_EINVAL;
+    wally_psbt_signing_cache_disable(psbt);
+    return wally_map_init_alloc(TXIO_CACHE_INITIAL_SIZE, NULL,
+                                &psbt->signing_cache);
+}
+
+int wally_psbt_signing_cache_disable(struct wally_psbt *psbt)
+{
+    if (!psbt)
+        return WALLY_EINVAL;
+    wally_map_free(psbt->signing_cache);
+    psbt->signing_cache = NULL;
+    return WALLY_OK;
+}
+
 static const struct wally_map_item *get_sig(const struct wally_psbt_input *input,
                                             size_t i, size_t n)
 {

src/swig_java/swig.i

@@ -955,6 +955,8 @@ static jobjectArray create_jstringArray(JNIEnv *jenv, char **p, size_t len) {
 %returns_void__(wally_psbt_sign);
 %returns_void__(wally_psbt_sign_bip32);
 %returns_void__(wally_psbt_sign_input_bip32);
+%returns_void__(wally_psbt_signing_cache_enable);
+%returns_void__(wally_psbt_signing_cache_disable);
 %returns_string(wally_psbt_to_base64);
 %returns_size_t(wally_psbt_to_bytes);
 %returns_array_(wally_ripemd160, 3, 4, RIPEMD160_LEN);

src/test/util.py

@@ -193,7 +193,9 @@ class wally_psbt(Structure):
                 ('has_fallback_locktime', c_uint32),
                 ('tx_modifiable_flags', c_uint32),
                 ('global_scalars', wally_map),
-                ('pset_modifiable_flags', c_uint32)]
+                ('pset_modifiable_flags', c_uint32),
+                ('genesis_blockhash', c_ubyte * 32),
+                ('signing_cache', POINTER(wally_map))]
 
 for f in (
     # Internal functions
@@ -629,6 +631,8 @@ class wally_psbt(Structure):
     ('wally_psbt_sign', c_int, [POINTER(wally_psbt), c_void_p, c_size_t, c_uint32]),
     ('wally_psbt_sign_bip32', c_int, [POINTER(wally_psbt), POINTER(ext_key), c_uint32]),
     ('wally_psbt_sign_input_bip32', c_int, [POINTER(wally_psbt), c_size_t, c_size_t, c_void_p, c_size_t, POINTER(ext_key), c_uint32]),
+    ('wally_psbt_signing_cache_disable', c_int, [POINTER(wally_psbt)]),
+    ('wally_psbt_signing_cache_enable', c_int, [POINTER(wally_psbt), c_uint32]),
     ('wally_psbt_to_base64', c_int, [POINTER(wally_psbt), c_uint32, c_char_p_p]),
     ('wally_psbt_to_bytes', c_int, [POINTER(wally_psbt), c_uint32, c_void_p, c_size_t, c_size_t_p]),
     ('wally_ripemd160', c_int, [c_void_p, c_size_t, c_void_p, c_size_t]),

src/tx_io.h

@@ -4,6 +4,9 @@
 #include <include/wally_map.h>
 #include "ccan/ccan/crypto/sha256/sha256.h"
 
+/* Suggested initial size of a signing cache to avoid re-allocations */
+#define TXIO_CACHE_INITIAL_SIZE 16
+
 /* A cursor for pushing/pulling tx bytes for hashing */
 typedef struct cursor_io
 {

src/wasm_package/src/functions.js

@@ -562,6 +562,8 @@ export function psbt_set_version(psbt: Ref_wally_psbt, flags: number, version: n
 export function psbt_sign(psbt: Ref_wally_psbt, key: Buffer|Uint8Array, flags: number): void;
 export function psbt_sign_bip32(psbt: Ref_wally_psbt, hdkey: Ref_ext_key, flags: number): void;
 export function psbt_sign_input_bip32(psbt: Ref_wally_psbt, index: number, subindex: number, txhash: Buffer|Uint8Array, hdkey: Ref_ext_key, flags: number): void;
+export function psbt_signing_cache_disable(psbt: Ref_wally_psbt): void;
+export function psbt_signing_cache_enable(psbt: Ref_wally_psbt, flags: number): void;
 export function psbt_to_base64(psbt: Ref_wally_psbt, flags: number): string;
 export function ripemd160(bytes: Buffer|Uint8Array): Buffer;
 export function s2c_commitment_verify(sig: Buffer|Uint8Array, s2c_data: Buffer|Uint8Array, s2c_opening: Buffer|Uint8Array, flags: number): void;

src/wasm_package/src/index.d.ts

@@ -362,6 +362,8 @@ EXPORTED_FUNCTIONS="['_malloc','_free','_bip32_key_free' \
 ,'_wally_psbt_sign' \
 ,'_wally_psbt_sign_bip32' \
 ,'_wally_psbt_sign_input_bip32' \
+,'_wally_psbt_signing_cache_disable' \
+,'_wally_psbt_signing_cache_enable' \
 ,'_wally_psbt_to_base64' \
 ,'_wally_psbt_to_bytes' \
 ,'_wally_ripemd160' \