@ledgerhq/hw-app-btc 6.10.0 → 6.12.0

package/src/newops/accounttype.ts

@@ -0,0 +1,370 @@
+import { crypto } from "bitcoinjs-lib";
+import { pointAddScalar } from "tiny-secp256k1";
+import { BufferWriter } from "../buffertools";
+import {
+  HASH_SIZE,
+  OP_CHECKSIG,
+  OP_DUP,
+  OP_EQUAL,
+  OP_EQUALVERIFY,
+  OP_HASH160,
+} from "../constants";
+import { hashPublicKey } from "../hashPublicKey";
+import { DefaultDescriptorTemplate } from "./policy";
+import { PsbtV2 } from "./psbtv2";
+
+export type SpendingCondition = {
+  scriptPubKey: Buffer;
+  redeemScript?: Buffer;
+  // Possible future extension:
+  // witnessScript?: Buffer; // For p2wsh witnessScript
+  // tapScript?: {tapPath: Buffer[], script: Buffer} // For taproot
+};
+
+export type SpentOutput = { cond: SpendingCondition; amount: Buffer };
+
+/**
+ * Encapsulates differences between account types, for example p2wpkh,
+ * p2wpkhWrapped, p2tr.
+ */
+export interface AccountType {
+  /**
+   * Generates a scriptPubKey (output script) from a list of public keys. If a
+   * p2sh redeemScript or a p2wsh witnessScript is needed it will also be set on
+   * the returned SpendingCondition.
+   *
+   * The pubkeys are expected to be 33 byte ecdsa compressed pubkeys.
+   */
+  spendingCondition(pubkeys: Buffer[]): SpendingCondition;
+
+  /**
+   * Populates the psbt with account type-specific data for an input.
+   * @param i The index of the input map to populate
+   * @param inputTx The full transaction containing the spent output. This may
+   * be omitted for taproot.
+   * @param spentOutput The amount and spending condition of the spent output
+   * @param pubkeys The 33 byte ecdsa compressed public keys involved in the input
+   * @param pathElems The paths corresponding to the pubkeys, in same order.
+   */
+  setInput(
+    i: number,
+    inputTx: Buffer | undefined,
+    spentOutput: SpentOutput,
+    pubkeys: Buffer[],
+    pathElems: number[][]
+  ): void;
+
+  /**
+   * Populates the psbt with account type-specific data for an output. This is typically
+   * done for change outputs and other outputs that goes to the same account as
+   * being spent from.
+   * @param i The index of the output map to populate
+   * @param cond The spending condition for this output
+   * @param pubkeys The 33 byte ecdsa compressed public keys involved in this output
+   * @param paths The paths corresponding to the pubkeys, in same order.
+   */
+  setOwnOutput(
+    i: number,
+    cond: SpendingCondition,
+    pubkeys: Buffer[],
+    paths: number[][]
+  ): void;
+
+  /**
+   * Returns the descriptor template for this account type. Currently only
+   * DefaultDescriptorTemplates are allowed, but that might be changed in the
+   * future. See class WalletPolicy for more information on descriptor
+   * templates.
+   */
+  getDescriptorTemplate(): DefaultDescriptorTemplate;
+}
+
+// eslint-disable-next-line @typescript-eslint/no-empty-interface
+interface BaseAccount extends AccountType {}
+
+abstract class BaseAccount implements AccountType {
+  constructor(protected psbt: PsbtV2, protected masterFp: Buffer) {}
+}
+
+/**
+ * Superclass for single signature accounts. This will make sure that the pubkey
+ * arrays and path arrays in the method arguments contains exactly one element
+ * and calls an abstract method to do the actual work.
+ */
+abstract class SingleKeyAccount extends BaseAccount {
+  spendingCondition(pubkeys: Buffer[]): SpendingCondition {
+    if (pubkeys.length != 1) {
+      throw new Error("Expected single key, got " + pubkeys.length);
+    }
+    return this.singleKeyCondition(pubkeys[0]);
+  }
+  protected abstract singleKeyCondition(pubkey: Buffer): SpendingCondition;
+
+  setInput(
+    i: number,
+    inputTx: Buffer | undefined,
+    spentOutput: SpentOutput,
+    pubkeys: Buffer[],
+    pathElems: number[][]
+  ) {
+    if (pubkeys.length != 1) {
+      throw new Error("Expected single key, got " + pubkeys.length);
+    }
+    if (pathElems.length != 1) {
+      throw new Error("Expected single path, got " + pathElems.length);
+    }
+    this.setSingleKeyInput(i, inputTx, spentOutput, pubkeys[0], pathElems[0]);
+  }
+  protected abstract setSingleKeyInput(
+    i: number,
+    inputTx: Buffer | undefined,
+    spentOutput: SpentOutput,
+    pubkey: Buffer,
+    path: number[]
+  );
+
+  setOwnOutput(
+    i: number,
+    cond: SpendingCondition,
+    pubkeys: Buffer[],
+    paths: number[][]
+  ) {
+    if (pubkeys.length != 1) {
+      throw new Error("Expected single key, got " + pubkeys.length);
+    }
+    if (paths.length != 1) {
+      throw new Error("Expected single path, got " + paths.length);
+    }
+    this.setSingleKeyOutput(i, cond, pubkeys[0], paths[0]);
+  }
+  protected abstract setSingleKeyOutput(
+    i: number,
+    cond: SpendingCondition,
+    pubkey: Buffer,
+    path: number[]
+  );
+}
+
+export class p2pkh extends SingleKeyAccount {
+  singleKeyCondition(pubkey: Buffer): SpendingCondition {
+    const buf = new BufferWriter();
+    const pubkeyHash = hashPublicKey(pubkey);
+    buf.writeSlice(Buffer.of(OP_DUP, OP_HASH160, HASH_SIZE));
+    buf.writeSlice(pubkeyHash);
+    buf.writeSlice(Buffer.of(OP_EQUALVERIFY, OP_CHECKSIG));
+    return { scriptPubKey: buf.buffer() };
+  }
+
+  setSingleKeyInput(
+    i: number,
+    inputTx: Buffer | undefined,
+    _spentOutput: SpentOutput,
+    pubkey: Buffer,
+    path: number[]
+  ) {
+    if (!inputTx) {
+      throw new Error("Full input base transaction required");
+    }
+    this.psbt.setInputNonWitnessUtxo(i, inputTx);
+    this.psbt.setInputBip32Derivation(i, pubkey, this.masterFp, path);
+  }
+
+  setSingleKeyOutput(
+    i: number,
+    cond: SpendingCondition,
+    pubkey: Buffer,
+    path: number[]
+  ) {
+    this.psbt.setOutputBip32Derivation(i, pubkey, this.masterFp, path);
+  }
+
+  getDescriptorTemplate(): DefaultDescriptorTemplate {
+    return "pkh(@0)";
+  }
+}
+
+export class p2tr extends SingleKeyAccount {
+  singleKeyCondition(pubkey: Buffer): SpendingCondition {
+    const xonlyPubkey = pubkey.slice(1); // x-only pubkey
+    const buf = new BufferWriter();
+    const outputKey = this.getTaprootOutputKey(xonlyPubkey);
+    buf.writeSlice(Buffer.of(0x51, 32)); // push1, pubkeylen
+    buf.writeSlice(outputKey);
+    return { scriptPubKey: buf.buffer() };
+  }
+
+  setSingleKeyInput(
+    i: number,
+    _inputTx: Buffer | undefined,
+    spentOutput: SpentOutput,
+    pubkey: Buffer,
+    path: number[]
+  ) {
+    const xonly = pubkey.slice(1);
+    this.psbt.setInputTapBip32Derivation(i, xonly, [], this.masterFp, path);
+    this.psbt.setInputWitnessUtxo(
+      i,
+      spentOutput.amount,
+      spentOutput.cond.scriptPubKey
+    );
+  }
+
+  setSingleKeyOutput(
+    i: number,
+    cond: SpendingCondition,
+    pubkey: Buffer,
+    path: number[]
+  ) {
+    const xonly = pubkey.slice(1);
+    this.psbt.setOutputTapBip32Derivation(i, xonly, [], this.masterFp, path);
+  }
+
+  getDescriptorTemplate(): DefaultDescriptorTemplate {
+    return "tr(@0)";
+  }
+
+  /*
+  The following two functions are copied from wallet-btc and adapted.
+  They should be moved to a library to avoid code reuse.
+  */
+  private hashTapTweak(x: Buffer): Buffer {
+    // hash_tag(x) = SHA256(SHA256(tag) || SHA256(tag) || x), see BIP340
+    // See https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki#specification
+    const h = crypto.sha256(Buffer.from("TapTweak", "utf-8"));
+    return crypto.sha256(Buffer.concat([h, h, x]));
+  }
+
+  /**
+   * Calculates a taproot output key from an internal key. This output key will be
+   * used as witness program in a taproot output. The internal key is tweaked
+   * according to recommendation in BIP341:
+   * https://github.com/bitcoin/bips/blob/master/bip-0341.mediawiki#cite_ref-22-0
+   *
+   * @param internalPubkey A 32 byte x-only taproot internal key
+   * @returns The output key
+   */
+  getTaprootOutputKey(internalPubkey: Buffer): Buffer {
+    if (internalPubkey.length != 32) {
+      throw new Error("Expected 32 byte pubkey. Got " + internalPubkey.length);
+    }
+    // A BIP32 derived key can be converted to a schnorr pubkey by dropping
+    // the first byte, which represent the oddness/evenness. In schnorr all
+    // pubkeys are even.
+    // https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki#public-key-conversion
+    const evenEcdsaPubkey = Buffer.concat([Buffer.of(0x02), internalPubkey]);
+    const tweak = this.hashTapTweak(internalPubkey);
+
+    // Q = P + int(hash_TapTweak(bytes(P)))G
+    const outputEcdsaKey = Buffer.from(pointAddScalar(evenEcdsaPubkey, tweak));
+    // Convert to schnorr.
+    const outputSchnorrKey = outputEcdsaKey.slice(1);
+    // Create address
+    return outputSchnorrKey;
+  }
+}
+
+export class p2wpkhWrapped extends SingleKeyAccount {
+  singleKeyCondition(pubkey: Buffer): SpendingCondition {
+    const buf = new BufferWriter();
+    const redeemScript = this.createRedeemScript(pubkey);
+    const scriptHash = hashPublicKey(redeemScript);
+    buf.writeSlice(Buffer.of(OP_HASH160, HASH_SIZE));
+    buf.writeSlice(scriptHash);
+    buf.writeUInt8(OP_EQUAL);
+    return { scriptPubKey: buf.buffer(), redeemScript: redeemScript };
+  }
+
+  setSingleKeyInput(
+    i: number,
+    inputTx: Buffer | undefined,
+    spentOutput: SpentOutput,
+    pubkey: Buffer,
+    path: number[]
+  ) {
+    if (!inputTx) {
+      throw new Error("Full input base transaction required");
+    }
+    this.psbt.setInputNonWitnessUtxo(i, inputTx);
+    this.psbt.setInputBip32Derivation(i, pubkey, this.masterFp, path);
+
+    const userSuppliedRedeemScript = spentOutput.cond.redeemScript;
+    const expectedRedeemScript = this.createRedeemScript(pubkey);
+    if (
+      userSuppliedRedeemScript &&
+      !expectedRedeemScript.equals(userSuppliedRedeemScript)
+    ) {
+      // At what point might a user set the redeemScript on its own?
+      throw new Error(`User-supplied redeemScript ${userSuppliedRedeemScript.toString(
+        "hex"
+      )} doesn't
+       match expected ${expectedRedeemScript.toString("hex")} for input ${i}`);
+    }
+    this.psbt.setInputRedeemScript(i, expectedRedeemScript);
+    this.psbt.setInputWitnessUtxo(
+      i,
+      spentOutput.amount,
+      spentOutput.cond.scriptPubKey
+    );
+  }
+
+  setSingleKeyOutput(
+    i: number,
+    cond: SpendingCondition,
+    pubkey: Buffer,
+    path: number[]
+  ) {
+    this.psbt.setOutputRedeemScript(i, cond.redeemScript!);
+    this.psbt.setOutputBip32Derivation(i, pubkey, this.masterFp, path);
+  }
+
+  getDescriptorTemplate(): DefaultDescriptorTemplate {
+    return "sh(wpkh(@0))";
+  }
+
+  private createRedeemScript(pubkey: Buffer): Buffer {
+    const pubkeyHash = hashPublicKey(pubkey);
+    return Buffer.concat([Buffer.from("0014", "hex"), pubkeyHash]);
+  }
+}
+
+export class p2wpkh extends SingleKeyAccount {
+  singleKeyCondition(pubkey: Buffer): SpendingCondition {
+    const buf = new BufferWriter();
+    const pubkeyHash = hashPublicKey(pubkey);
+    buf.writeSlice(Buffer.of(0, HASH_SIZE));
+    buf.writeSlice(pubkeyHash);
+    return { scriptPubKey: buf.buffer() };
+  }
+
+  setSingleKeyInput(
+    i: number,
+    inputTx: Buffer | undefined,
+    spentOutput: SpentOutput,
+    pubkey: Buffer,
+    path: number[]
+  ) {
+    if (!inputTx) {
+      throw new Error("Full input base transaction required");
+    }
+    this.psbt.setInputNonWitnessUtxo(i, inputTx);
+    this.psbt.setInputBip32Derivation(i, pubkey, this.masterFp, path);
+    this.psbt.setInputWitnessUtxo(
+      i,
+      spentOutput.amount,
+      spentOutput.cond.scriptPubKey
+    );
+  }
+
+  setSingleKeyOutput(
+    i: number,
+    cond: SpendingCondition,
+    pubkey: Buffer,
+    path: number[]
+  ) {
+    this.psbt.setOutputBip32Derivation(i, pubkey, this.masterFp, path);
+  }
+
+  getDescriptorTemplate(): DefaultDescriptorTemplate {
+    return "wpkh(@0)";
+  }
+}

package/src/newops/appClient.ts

@@ -23,6 +23,10 @@ enum FrameworkIns {
   CONTINUE_INTERRUPTED = 0x01,
 }
 
+/**
+ * This class encapsulates the APDU protocol documented at
+ * https://github.com/LedgerHQ/app-bitcoin-new/blob/master/doc/bitcoin.md
+ */
 export class AppClient {
   transport: Transport;
 
@@ -59,7 +63,10 @@ export class AppClient {
     return response.slice(0, -2); // drop the status word (can only be 0x9000 at this point)
   }
 
-  async getPubkey(display: boolean, pathElements: number[]): Promise<string> {
+  async getExtendedPubkey(
+    display: boolean,
+    pathElements: number[]
+  ): Promise<string> {
     if (pathElements.length > 6) {
       throw new Error("Path too long. At most 6 levels allowed.");
     }
@@ -89,7 +96,7 @@ export class AppClient {
       throw new Error("Invalid HMAC length");
     }
 
-    const clientInterpreter = new ClientCommandInterpreter();
+    const clientInterpreter = new ClientCommandInterpreter(() => {});
     clientInterpreter.addKnownList(
       walletPolicy.keys.map((k) => Buffer.from(k, "ascii"))
     );
@@ -116,7 +123,8 @@ export class AppClient {
   async signPsbt(
     psbt: PsbtV2,
     walletPolicy: WalletPolicy,
-    walletHMAC: Buffer | null
+    walletHMAC: Buffer | null,
+    progressCallback: () => void
   ): Promise<Map<number, Buffer>> {
     const merkelizedPsbt = new MerkelizedPsbt(psbt);
 
@@ -124,7 +132,7 @@ export class AppClient {
       throw new Error("Invalid HMAC length");
     }
 
-    const clientInterpreter = new ClientCommandInterpreter();
+    const clientInterpreter = new ClientCommandInterpreter(progressCallback);
 
     // prepare ClientCommandInterpreter
     clientInterpreter.addKnownList(

package/src/newops/clientCommands.ts

@@ -1,4 +1,5 @@
 import { crypto } from "bitcoinjs-lib";
+import { BufferReader } from "../buffertools";
 import { createVarint } from "../varint";
 import { hashLeaf, Merkle } from "./merkle";
 import { MerkleMap } from "./merkleMap";
@@ -21,13 +22,14 @@ export class YieldCommand extends ClientCommand {
 
   code = ClientCommandCode.YIELD;
 
-  constructor(results: Buffer[]) {
+  constructor(results: Buffer[], private progressCallback: () => void) {
     super();
     this.results = results;
   }
 
   execute(request: Buffer): Buffer {
     this.results.push(Buffer.from(request.subarray(1)));
+    this.progressCallback();
     return Buffer.from("");
   }
 }
@@ -105,19 +107,24 @@ export class GetMerkleLeafProofCommand extends ClientCommand {
   execute(request: Buffer): Buffer {
     const req = request.subarray(1);
 
-    if (req.length != 32 + 4 + 4) {
-      throw new Error("Invalid request, unexpected trailing data");
+    if (req.length < 32 + 1 + 1) {
+      throw new Error("Invalid request, expected at least 34 bytes");
     }
 
-    // read the hash
-    const hash = Buffer.alloc(32);
-    for (let i = 0; i < 32; i++) {
-      hash[i] = req.readUInt8(i);
-    }
+    const reqBuf = new BufferReader(req);
+    const hash = reqBuf.readSlice(32);
     const hash_hex = hash.toString("hex");
 
-    const tree_size = req.readUInt32BE(32);
-    const leaf_index = req.readUInt32BE(32 + 4);
+    let tree_size;
+    let leaf_index;
+    try {
+      tree_size = reqBuf.readVarInt();
+      leaf_index = reqBuf.readVarInt();
+    } catch (e: any) {
+      throw new Error(
+        "Invalid request, couldn't parse tree_size or leaf_index"
+      );
+    }
 
     const mt = this.known_trees.get(hash_hex);
     if (!mt) {
@@ -247,6 +254,21 @@ export class GetMoreElementsCommand extends ClientCommand {
   }
 }
 
+/**
+ * This class will dispatch a client command coming from the hardware device to
+ * the appropriate client command implementation. Those client commands
+ * typically requests data from a merkle tree or merkelized maps.
+ *
+ * A ClientCommandInterpreter is prepared by adding the merkle trees and
+ * merkelized maps it should be able to serve to the hardware device. This class
+ * doesn't know anything about the semantics of the data it holds, it just
+ * serves merkle data. It doesn't even know in what context it is being
+ * executed, ie SignPsbt, getWalletAddress, etc.
+ *
+ * If the command yelds results to the client, as signPsbt does, the yielded
+ * data will be accessible after the command completed by calling getYielded(),
+ * which will return the yields in the same order as they came in.
+ */
 export class ClientCommandInterpreter {
   private roots: Map<string, Merkle> = new Map();
   private preimages: Map<string, Buffer> = new Map();
@@ -257,9 +279,9 @@ export class ClientCommandInterpreter {
 
   private commands: Map<ClientCommandCode, ClientCommand> = new Map();
 
-  constructor() {
+  constructor(progressCallback: () => void) {
     const commands = [
-      new YieldCommand(this.yielded),
+      new YieldCommand(this.yielded, progressCallback),
       new GetPreimageCommand(this.preimages, this.queue),
       new GetMerkleLeafIndexCommand(this.roots),
       new GetMerkleLeafProofCommand(this.roots, this.queue),

package/src/newops/merkelizedPsbt.ts

@@ -1,6 +1,17 @@
 import { MerkleMap } from "./merkleMap";
 import { PsbtV2 } from "./psbtv2";
 
+/**
+ * This class merkelizes a PSBTv2, by merkelizing the different
+ * maps of the psbt. This is used during the transaction signing process,
+ * where the hardware app can request specific parts of the psbt from the
+ * client code and be sure that the response data actually belong to the psbt.
+ * The reason for this is the limited amount of memory available to the app,
+ * so it can't always store the full psbt in memory.
+ *
+ * The signing process is documented at
+ * https://github.com/LedgerHQ/app-bitcoin-new/blob/master/doc/bitcoin.md#sign_psbt
+ */
 export class MerkelizedPsbt extends PsbtV2 {
   public globalMerkleMap: MerkleMap;
   public inputMerkleMaps: MerkleMap[] = [];

package/src/newops/merkle.ts

@@ -1,5 +1,10 @@
 import { crypto } from "bitcoinjs-lib";
 
+/**
+ * This class implements the merkle tree used by Ledger Bitcoin app v2+,
+ * which is documented at
+ * https://github.com/LedgerHQ/app-bitcoin-new/blob/master/doc/merkle.md
+ */
 export class Merkle {
   private leaves: Buffer[];
   private rootNode: Node;

package/src/newops/merkleMap.ts

@@ -1,6 +1,16 @@
 import { createVarint } from "../varint";
 import { hashLeaf, Merkle } from "./merkle";
 
+/**
+ * This implements "Merkelized Maps", documented at
+ * https://github.com/LedgerHQ/app-bitcoin-new/blob/master/doc/merkle.md#merkleized-maps
+ *
+ * A merkelized map consist of two merkle trees, one for the keys of
+ * a map and one for the values of the same map, thus the two merkle
+ * trees have the same shape. The commitment is the number elements
+ * in the map followed by the keys' merkle root followed by the
+ * values' merkle root.
+ */
 export class MerkleMap {
   keys: Buffer[];
   keysTree: Merkle;

package/src/newops/policy.ts

@@ -1,7 +1,7 @@
+import { crypto } from "bitcoinjs-lib";
 import { pathArrayToString } from "../bip32";
 import { BufferWriter } from "../buffertools";
-import { crypto } from "bitcoinjs-lib";
-import { Merkle, hashLeaf } from "./merkle";
+import { hashLeaf, Merkle } from "./merkle";
 
 export type DefaultDescriptorTemplate =
   | "pkh(@0)"
@@ -9,6 +9,14 @@ export type DefaultDescriptorTemplate =
   | "wpkh(@0)"
   | "tr(@0)";
 
+/**
+ * The Bitcon hardware app uses a descriptors-like thing to describe
+ * how to construct output scripts from keys. A "Wallet Policy" consists
+ * of a "Descriptor Template" and a list of "keys". A key is basically
+ * a serialized BIP32 extended public key with some added derivation path
+ * information. This is documented at
+ * https://github.com/LedgerHQ/app-bitcoin-new/blob/master/doc/wallet.md
+ */
 export class WalletPolicy {
   descriptorTemplate: string;
   keys: string[];

package/src/newops/psbtExtractor.ts

@@ -1,6 +1,12 @@
 import { BufferWriter } from "../buffertools";
 import { PsbtV2 } from "./psbtv2";
 
+/**
+ * This implements the "Transaction Extractor" role of BIP370 (PSBTv2
+ * https://github.com/bitcoin/bips/blob/master/bip-0370.mediawiki#transaction-extractor). However
+ * the role is partially documented in BIP174 (PSBTv0
+ * https://github.com/bitcoin/bips/blob/master/bip-0174.mediawiki#transaction-extractor).
+ */
 export function extract(psbt: PsbtV2): Buffer {
   const tx = new BufferWriter();
   tx.writeUInt32(psbt.getGlobalTxVersion());

package/src/newops/psbtFinalizer.ts

@@ -2,8 +2,18 @@ import { BufferWriter } from "../buffertools";
 import { psbtIn, PsbtV2 } from "./psbtv2";
 
 /**
+ * This roughly implements the "input finalizer" role of BIP370 (PSBTv2
+ * https://github.com/bitcoin/bips/blob/master/bip-0370.mediawiki). However
+ * the role is documented in BIP174 (PSBTv0
+ * https://github.com/bitcoin/bips/blob/master/bip-0174.mediawiki).
  *
- * @param psbt The psbt with all signatures added as partial sigs, either through PSBT_IN_PARTIAL_SIG or PSBT_IN_TAP_KEY_SIG
+ * Verify that all inputs have a signature, and set inputFinalScriptwitness
+ * and/or inputFinalScriptSig depending on the type of the spent outputs. Clean
+ * fields that aren't useful anymore, partial signatures, redeem script and
+ * derivation paths.
+ *
+ * @param psbt The psbt with all signatures added as partial sigs, either
+ * through PSBT_IN_PARTIAL_SIG or PSBT_IN_TAP_KEY_SIG
  */
 export function finalize(psbt: PsbtV2): void {
   // First check that each input has a signature
@@ -75,6 +85,13 @@ export function finalize(psbt: PsbtV2): void {
   }
 }
 
+/**
+ * Deletes fields that are no longer neccesary from the psbt.
+ *
+ * Note, the spec doesn't say anything about removing ouput fields
+ * like PSBT_OUT_BIP32_DERIVATION_PATH and others, so we keep them
+ * without actually knowing why. I think we should remove them too.
+ */
 function clearFinalizedInput(psbt: PsbtV2, inputIndex: number) {
   const keyTypes = [
     psbtIn.BIP32_DERIVATION,
@@ -93,6 +110,14 @@ function clearFinalizedInput(psbt: PsbtV2, inputIndex: number) {
   psbt.deleteInputEntries(inputIndex, keyTypes);
 }
 
+/**
+ * Writes a script push operation to buf, which looks different
+ * depending on the size of the data. See
+ * https://en.bitcoin.it/wiki/Script#Constants
+ *
+ * @param buf the BufferWriter to write to
+ * @param data the Buffer to be pushed.
+ */
 function writePush(buf: BufferWriter, data: Buffer) {
   if (data.length <= 75) {
     buf.writeUInt8(data.length);