Taproot for elements

include/wally.hpp

@@ -1641,6 +1641,17 @@ inline int psbt_sign_input_bip32(const PSBT& psbt, size_t index, size_t subindex
     return detail::check_ret(__FUNCTION__, ret);
 }
 
+inline int psbt_signing_cache_disable(struct wally_psbt* psbt) {
+    int ret = ::wally_psbt_signing_cache_disable(psbt);
+    return detail::check_ret(__FUNCTION__, ret);
+}
+
+template <class PSBT>
+inline int psbt_signing_cache_enable(const PSBT& psbt, uint32_t flags) {
+    int ret = ::wally_psbt_signing_cache_enable(detail::get_p(psbt), flags);
+    return detail::check_ret(__FUNCTION__, ret);
+}
+
 template <class PSBT>
 inline int psbt_to_base64(const PSBT& psbt, uint32_t flags, char** output) {
     int ret = ::wally_psbt_to_base64(detail::get_p(psbt), flags, output);
@@ -1897,6 +1908,12 @@ inline int tx_get_hash_prevouts(const TX& tx, size_t index, size_t num_inputs, B
     return detail::check_ret(__FUNCTION__, ret);
 }
 
+template <class TX, class SCRIPTS, class ASSETS, class VALUES, class SCRIPT, class ANNEX, class GENESIS_BLOCKHASH, class CACHE, class BYTES_OUT>
+inline int tx_get_input_signature_hash(const TX& tx, size_t index, const SCRIPTS& scripts, const ASSETS& assets, const VALUES& values, const SCRIPT& script, uint32_t key_version, uint32_t codesep_position, const ANNEX& annex, const GENESIS_BLOCKHASH& genesis_blockhash, uint32_t sighash, uint32_t flags, const CACHE& cache, BYTES_OUT& bytes_out) {
+    int ret = ::wally_tx_get_input_signature_hash(detail::get_p(tx), index, detail::get_p(scripts), detail::get_p(assets), detail::get_p(values), script.data(), script.size(), key_version, codesep_position, annex.data(), annex.size(), genesis_blockhash.data(), genesis_blockhash.size(), sighash, flags, detail::get_p(cache), bytes_out.data(), bytes_out.size());
+    return detail::check_ret(__FUNCTION__, ret);
+}
+
 template <class TX>
 inline int tx_get_length(const TX& tx, uint32_t flags, size_t* written) {
     int ret = ::wally_tx_get_length(detail::get_p(tx), flags, written);

include/wally_psbt.h

@@ -141,6 +141,7 @@ struct wally_psbt {
     uint32_t pset_modifiable_flags;
     unsigned char genesis_blockhash[SHA256_LEN]; /* All zeros if not present */
 #endif /* WALLY_ABI_NO_ELEMENTS */
+    struct wally_map *signing_cache;
 };
 #endif /* SWIG */
 
@@ -2592,6 +2593,36 @@ WALLY_CORE_API int wally_psbt_blind_alloc(
     struct wally_map **output);
 #endif /* WALLY_ABI_NO_ELEMENTS */
 
+/**
+ * Enable caching of intermediate data when signing a PSBT.
+ *
+ * This function should be called just before signing a PSBT or the first
+ * input being signed, or before computing a signature hash for the PSBT.
+ * If the PSBT is modified in a way that would affect the signatures produced,
+ * this function should be called again to ensure that old cached data is
+ * purged before signing again.
+ *
+ * :param psbt: PSBT to enable the signing cache for. Directly modifies this PSBT.
+ * :param flags: Flags controlling the signing cache. Must be 0.
+ *
+ * .. note:: The signing cache is local to the given PSBT and is not
+ *|    serialized with it.
+ */
+WALLY_CORE_API int wally_psbt_signing_cache_enable(
+    struct wally_psbt *psbt,
+    uint32_t flags);
+
+/**
+ * Disable caching of intermediate data when signing a PSBT.
+ *
+ * This function can be called at any time to ensure that the PSBT signing
+ * cache data is not reused when signing again.
+ *
+ * :param psbt: PSBT to disable the signing cache for. Directly modifies this PSBT.
+ */
+WALLY_CORE_API int wally_psbt_signing_cache_disable(
+    struct wally_psbt *psbt);
+
 /**
  * Sign PSBT inputs corresponding to a given private key.
  *
@@ -2614,7 +2645,9 @@ WALLY_CORE_API int wally_psbt_sign(
  *
  * :param psbt: PSBT to sign. Directly modifies this PSBT.
  * :param hdkey: The parent extended key to derive signing keys from.
- * :param flags: Flags controlling signing. Must be 0 or EC_FLAG_GRIND_R.
+ * :param flags: Flags controlling signing. Must be 0 or `EC_FLAG_GRIND_R`.
+ *|     Note that unlike `wally_psbt_sign_input_bip32`, `EC_FLAG_ELEMENTS`
+ *|     is determined automatically and should not included in ``flags``.
  *
  * .. note:: See https://github.com/bitcoin/bips/blob/master/bip-0174.mediawiki#simple-signer-algorithm
  *|    for a description of the signing algorithm.
@@ -2633,7 +2666,8 @@ WALLY_CORE_API int wally_psbt_sign_bip32(
  * :param txhash: The signature hash to sign, from `wally_psbt_get_input_signature_hash`.
  * :param txhash_len: Size of ``txhash`` in bytes. Must be `WALLY_TXHASH_LEN`.
  * :param hdkey: The derived extended key to sign with.
- * :param flags: Flags controlling signing. Must be 0 or EC_FLAG_GRIND_R.
+ * :param flags: Flags controlling signing. Must be 0 or `EC_FLAG_GRIND_R`,
+ *|    logical or-d with `EC_FLAG_ELEMENTS` if ``psbt`` is a PSET.
  */
 WALLY_CORE_API int wally_psbt_sign_input_bip32(
     struct wally_psbt *psbt,

include/wally_transaction.h

@@ -51,6 +51,12 @@ extern "C" {
 #define WALLY_SIGHASH_MASK         0x1f /* Mask for determining ALL/NONE/SINGLE */
 #define WALLY_SIGHASH_TR_IN_MASK   0xc0 /* Taproot mask for determining input hash type */
 
+/*** tx-sighash-type Transaction signature hash flags */
+#define WALLY_SIGTYPE_PRE_SW  0x1 /* Pre-segwit signature hash */
+#define WALLY_SIGTYPE_SW_V0   0x2 /* Segwit v0 signature hash */
+#define WALLY_SIGTYPE_SW_V1   0x3 /* Segwit v1 (taproot) signature hash */
+#define WALLY_SIGTYPE_MASK    0xf /* Mask for signature hash in signature hash flags */
+
 #define WALLY_TX_ASSET_CT_EMPTY_PREFIX    0x00
 #define WALLY_TX_ASSET_CT_EXPLICIT_PREFIX 0x01
 #define WALLY_TX_ASSET_CT_VALUE_PREFIX_A  0x08
@@ -862,6 +868,63 @@ WALLY_CORE_API int wally_tx_get_signature_hash(
     unsigned char *bytes_out,
     size_t len);
 
+/**
+ * Get the hash of the preimage for signing a transaction input.
+ *
+ * :param tx: The transaction to generate the signature hash from.
+ * :param index: The input index of the input being signed for.
+ * :param scripts: The scriptpubkeys of each input in the transaction, indexed
+ *|    by their 0-based input index. For non-taproot signing, only the
+ *|    scriptpubkey of ``index`` is required.
+ * :param assets: The asset commitments of each input in the transaction,
+ *|    or NULL for non-Elements transactions. Ignored for non-taproot signing.
+ * :param values: The satoshi values(BTC) or value commitments(Elements) of
+ *|    each input in the transaction. BTC values must be stored as bytes with
+ *|    uint64/host endiannes. For non-taproot signing, only the value
+ *|    of ``index`` is required.
+ * :param script: For segwit v0 signing, the scriptcode of the input to sign
+ *|    for. For taproot, the leaf script to sign with if any. Ignored for
+ *|    pre-segwit signing.
+ * :param script_len: Length of ``script`` in bytes.
+ * :param key_version: Version of pubkey in tapscript. Must be set
+ *|    to `0x00` or `0x01` for taproot script-path signing.
+ * :param codesep_position: BIP342 codeseparator position
+ *|    or ``WALLY_NO_CODESEPARATOR`` if none. Only used for taproot signing.
+ * :param annex: BIP341 annex, or NULL if none.
+ * :param annex_len: Length of ``annex`` in bytes. Only used for taproot signing.
+ * :param genesis_blockhash: The genesis blockhash of the chain to sign for,
+ *|    or NULL for non-Elements transactions. Only used for taproot signing.
+ * :param genesis_blockhash_len: Length of ``genesis_blockhash`` in bytes. Must
+ *|    be `SHA256_LEN` or 0.
+ * :param sighash: ``WALLY_SIGHASH_`` flags specifying the sighash flags
+ *|    to sign with.
+ * :param flags: :ref:`tx-sighash-type` controlling signature hash generation.
+ * :param cache: An opaque cache for faster generation, or NULL to disable
+ *|    caching. Must be empty on the first call to this function for a given
+ *|    transaction, and only used for signing the inputs of the same ``tx``.
+ * :param bytes_out: Destination for the resulting signature hash.
+ * FIXED_SIZED_OUTPUT(len, bytes_out, SHA256_LEN)
+ */
+WALLY_CORE_API int wally_tx_get_input_signature_hash(
+    const struct wally_tx *tx,
+    size_t index,
+    const struct wally_map *scripts,
+    const struct wally_map *assets,
+    const struct wally_map *values,
+    const unsigned char *script,
+    size_t script_len,
+    uint32_t key_version,
+    uint32_t codesep_position,
+    const unsigned char *annex,
+    size_t annex_len,
+    const unsigned char *genesis_blockhash,
+    size_t genesis_blockhash_len,
+    uint32_t sighash,
+    uint32_t flags,
+    struct wally_map *cache,
+    unsigned char *bytes_out,
+    size_t len);
+
 /**
  * Determine if a transaction is a coinbase transaction.
  *

src/Makefile.am

@@ -167,6 +167,7 @@ libwallycore_la_SOURCES = \
     sign.c \
     symmetric.c \
     transaction.c \
+    tx_io.c \
     wif.c \
     wordlist.c \
     ccan/ccan/base64/base64.c \

src/amalgamation/combined.c

@@ -75,6 +75,7 @@
 #include "src/sign.c"
 #include "src/symmetric.c"
 #include "src/transaction.c"
+#include "src/tx_io.c"
 #include "src/wif.c"
 #include "src/wordlist.c"
 

src/descriptor.c

@@ -2881,6 +2881,13 @@ int wally_descriptor_to_addresses(const struct wally_descriptor *descriptor,
     if (!(p = wally_malloc(descriptor->script_len)))
         return WALLY_ENOMEM;
 
+    if (descriptor->features & WALLY_MS_IS_ELEMENTS) {
+        /* Disable Elements address generation until:
+         * - It is reconciled with Elements-core, and
+         * - We support blinded addresses
+         */
+        return WALLY_ERROR;
+    }
     memcpy(&ctx, descriptor, sizeof(ctx));
     ctx.variant = variant;
     if (ctx.max_path_elems &&