@ledgerhq/hw-app-btc 6.11.1 → 6.11.2

package/src/BtcNew.ts

@@ -1,6 +1,6 @@
 import { crypto } from "bitcoinjs-lib";
 import semver from "semver";
-import { pointAddScalar, pointCompress } from "tiny-secp256k1";
+import { pointCompress } from "tiny-secp256k1";
 import {
   getXpubComponents,
   hardenedPathOf,
@@ -8,21 +8,24 @@ import {
   pathStringToArray,
   pubkeyFromXpub,
 } from "./bip32";
-import { BufferReader, BufferWriter } from "./buffertools";
-import {
-  HASH_SIZE,
-  OP_CHECKSIG,
-  OP_DUP,
-  OP_EQUAL,
-  OP_EQUALVERIFY,
-  OP_HASH160,
-} from "./constants";
+import { BufferReader } from "./buffertools";
 import type { CreateTransactionArg } from "./createTransaction";
 import { AppAndVersion } from "./getAppAndVersion";
 import type { AddressFormat } from "./getWalletPublicKey";
-import { hashPublicKey } from "./hashPublicKey";
+import {
+  AccountType,
+  p2pkh,
+  p2tr,
+  p2wpkh,
+  p2wpkhWrapped,
+  SpendingCondition,
+} from "./newops/accounttype";
 import { AppClient as Client } from "./newops/appClient";
-import { createKey, WalletPolicy } from "./newops/policy";
+import {
+  createKey,
+  DefaultDescriptorTemplate,
+  WalletPolicy,
+} from "./newops/policy";
 import { extract } from "./newops/psbtExtractor";
 import { finalize } from "./newops/psbtFinalizer";
 import { psbtIn, PsbtV2 } from "./newops/psbtv2";
@@ -127,7 +130,7 @@ export default class BtcNew {
 
     const address = await this.getWalletAddress(
       pathElements,
-      accountTypeFrom(opts?.format ?? "legacy"),
+      descrTemplFrom(opts?.format ?? "legacy"),
       display
     );
     const components = getXpubComponents(xpub);
@@ -158,7 +161,7 @@ export default class BtcNew {
    */
   private async getWalletAddress(
     pathElements: number[],
-    accountType: AccountType,
+    descrTempl: DefaultDescriptorTemplate,
     display: boolean
   ): Promise<string> {
     const accountPath = hardenedPathOf(pathElements);
@@ -168,7 +171,7 @@ export default class BtcNew {
     const accountXpub = await this.client.getExtendedPubkey(false, accountPath);
     const masterFingerprint = await this.client.getMasterFingerprint();
     const policy = new WalletPolicy(
-      accountType,
+      descrTempl,
       createKey(masterFingerprint, accountPath, accountXpub)
     );
     const changeAndIndex = pathElements.slice(-2, pathElements.length);
@@ -197,8 +200,11 @@ export default class BtcNew {
       throw Error("No inputs");
     }
     const psbt = new PsbtV2();
+    // The master fingerprint is needed when adding BIP32 derivation paths on
+    // the psbt.
+    const masterFp = await this.client.getMasterFingerprint();
 
-    const accountType = accountTypeFromArg(arg);
+    const accountType = accountTypeFromArg(arg, psbt, masterFp);
 
     if (arg.lockTime) {
       // The signer will assume locktime 0 if unset
@@ -218,9 +224,6 @@ export default class BtcNew {
       });
     };
 
-    // The master fingerprint is needed when adding BIP32 derivation paths on
-    // the psbt.
-    const masterFp = await this.client.getMasterFingerprint();
     let accountXpub = "";
     let accountPath: number[] = [];
     for (let i = 0; i < inputCount; i++) {
@@ -264,35 +267,26 @@ export default class BtcNew {
       // We won't know if we're paying to ourselves, because there's no
       // information in arg to support multiple "change paths". One exception is
       // if there are multiple outputs to the change address.
-      const isChange = changeData && outputScript.equals(changeData?.script);
+      const isChange =
+        changeData && outputScript.equals(changeData?.cond.scriptPubKey);
       if (isChange) {
         changeFound = true;
         // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
         const changePath = pathStringToArray(arg.changePath!);
         const pubkey = changeData.pubkey;
 
-        if (accountType == AccountType.p2pkh) {
-          psbt.setOutputBip32Derivation(i, pubkey, masterFp, changePath);
-        } else if (accountType == AccountType.p2wpkh) {
-          psbt.setOutputBip32Derivation(i, pubkey, masterFp, changePath);
-        } else if (accountType == AccountType.p2wpkhWrapped) {
-          // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
-          psbt.setOutputRedeemScript(i, changeData.redeemScript!);
-          psbt.setOutputBip32Derivation(i, pubkey, masterFp, changePath);
-        } else if (accountType == AccountType.p2tr) {
-          psbt.setOutputTapBip32Derivation(i, pubkey, [], masterFp, changePath);
-        }
+        accountType.setOwnOutput(i, changeData.cond, [pubkey], [changePath]);
       }
     }
     if (!changeFound) {
       throw new Error(
         "Change script not found among outputs! " +
-          changeData?.script.toString("hex")
+          changeData?.cond.scriptPubKey.toString("hex")
       );
     }
 
     const key = createKey(masterFp, accountPath, accountXpub);
-    const p = new WalletPolicy(accountType, key);
+    const p = new WalletPolicy(accountType.getDescriptorTemplate(), key);
     // This is cheating, because it's not actually requested on the
     // device yet, but it will be, soonish.
     if (arg.onDeviceSignatureRequested) arg.onDeviceSignatureRequested();
@@ -325,9 +319,7 @@ export default class BtcNew {
     accountPath: number[],
     accountType: AccountType,
     path: string | undefined
-  ): Promise<
-    { script: Buffer; redeemScript?: Buffer; pubkey: Buffer } | undefined
-  > {
+  ): Promise<{ cond: SpendingCondition; pubkey: Buffer } | undefined> {
     if (!path) return undefined;
     const pathElems = pathStringToArray(path);
     // Make sure path is in our account, otherwise something fishy is probably
@@ -340,12 +332,9 @@ export default class BtcNew {
       }
     }
     const xpub = await this.client.getExtendedPubkey(false, pathElems);
-    let pubkey = pubkeyFromXpub(xpub);
-    if (accountType == AccountType.p2tr) {
-      pubkey = pubkey.slice(1);
-    }
-    const script = outputScriptOf(pubkey, accountType);
-    return { ...script, pubkey };
+    const pubkey = pubkeyFromXpub(xpub);
+    const cond = accountType.spendingCondition([pubkey]);
+    return { cond, pubkey };
   }
 
   /**
@@ -371,7 +360,7 @@ export default class BtcNew {
     const spentOutputIndex = input[1];
     // redeemScript will be null for wrapped p2wpkh, we need to create it
     // ourselves. But if set, it should be used.
-    const redeemScript = input[2];
+    const redeemScript = input[2] ? Buffer.from(input[2], "hex") : undefined;
     const sequence = input[3];
     if (sequence) {
       psbt.setInputSequence(i, sequence);
@@ -386,30 +375,19 @@ export default class BtcNew {
     const pubkey = pubkeyFromXpub(xpubBase58);
     if (!inputTx.outputs)
       throw Error("Missing outputs array in transaction to sign");
-    const spentOutput = inputTx.outputs[spentOutputIndex];
-
-    if (accountType == AccountType.p2pkh) {
-      psbt.setInputNonWitnessUtxo(i, inputTxBuffer);
-      psbt.setInputBip32Derivation(i, pubkey, masterFP, pathElements);
-    } else if (accountType == AccountType.p2wpkh) {
-      psbt.setInputNonWitnessUtxo(i, inputTxBuffer);
-      psbt.setInputBip32Derivation(i, pubkey, masterFP, pathElements);
-      psbt.setInputWitnessUtxo(i, spentOutput.amount, spentOutput.script);
-    } else if (accountType == AccountType.p2wpkhWrapped) {
-      psbt.setInputNonWitnessUtxo(i, inputTxBuffer);
-      psbt.setInputBip32Derivation(i, pubkey, masterFP, pathElements);
-      if (redeemScript) {
-        // At what point might a user set the redeemScript on its own?
-        psbt.setInputRedeemScript(i, Buffer.from(redeemScript, "hex"));
-      } else {
-        psbt.setInputRedeemScript(i, createRedeemScript(pubkey));
-      }
-      psbt.setInputWitnessUtxo(i, spentOutput.amount, spentOutput.script);
-    } else if (accountType == AccountType.p2tr) {
-      const xonly = pubkey.slice(1);
-      psbt.setInputTapBip32Derivation(i, xonly, [], masterFP, pathElements);
-      psbt.setInputWitnessUtxo(i, spentOutput.amount, spentOutput.script);
-    }
+    const spentTxOutput = inputTx.outputs[spentOutputIndex];
+    const spendCondition: SpendingCondition = {
+      scriptPubKey: spentTxOutput.script,
+      redeemScript: redeemScript,
+    };
+    const spentOutput = { cond: spendCondition, amount: spentTxOutput.amount };
+    accountType.setInput(
+      i,
+      inputTxBuffer,
+      spentOutput,
+      [pubkey],
+      [pathElements]
+    );
 
     psbt.setInputPreviousTxId(i, inputTxid);
     psbt.setInputOutputIndex(i, spentOutputIndex);
@@ -455,103 +433,23 @@ export default class BtcNew {
   }
 }
 
-enum AccountType {
-  p2pkh = "pkh(@0)",
-  p2wpkh = "wpkh(@0)",
-  p2wpkhWrapped = "sh(wpkh(@0))",
-  p2tr = "tr(@0)",
-}
-
-function createRedeemScript(pubkey: Buffer): Buffer {
-  const pubkeyHash = hashPublicKey(pubkey);
-  return Buffer.concat([Buffer.from("0014", "hex"), pubkeyHash]);
-}
-
-/**
- * Generates a single signature scriptPubKey (output script) from a public key.
- * This is done differently depending on account type.
- *
- * If accountType is p2tr, the public key must be a 32 byte x-only taproot
- * pubkey, otherwise it's expected to be a 33 byte ecdsa compressed pubkey.
- */
-function outputScriptOf(
-  pubkey: Buffer,
-  accountType: AccountType
-): { script: Buffer; redeemScript?: Buffer } {
-  const buf = new BufferWriter();
-  const pubkeyHash = hashPublicKey(pubkey);
-  let redeemScript: Buffer | undefined;
-  if (accountType == AccountType.p2pkh) {
-    buf.writeSlice(Buffer.of(OP_DUP, OP_HASH160, HASH_SIZE));
-    buf.writeSlice(pubkeyHash);
-    buf.writeSlice(Buffer.of(OP_EQUALVERIFY, OP_CHECKSIG));
-  } else if (accountType == AccountType.p2wpkhWrapped) {
-    redeemScript = createRedeemScript(pubkey);
-    const scriptHash = hashPublicKey(redeemScript);
-    buf.writeSlice(Buffer.of(OP_HASH160, HASH_SIZE));
-    buf.writeSlice(scriptHash);
-    buf.writeUInt8(OP_EQUAL);
-  } else if (accountType == AccountType.p2wpkh) {
-    buf.writeSlice(Buffer.of(0, HASH_SIZE));
-    buf.writeSlice(pubkeyHash);
-  } else if (accountType == AccountType.p2tr) {
-    const outputKey = getTaprootOutputKey(pubkey);
-    buf.writeSlice(Buffer.of(0x51, 32)); // push1, pubkeylen
-    buf.writeSlice(outputKey);
-  }
-  return { script: buf.buffer(), redeemScript };
-}
-
-function accountTypeFrom(addressFormat: AddressFormat): AccountType {
-  if (addressFormat == "legacy") return AccountType.p2pkh;
-  if (addressFormat == "p2sh") return AccountType.p2wpkhWrapped;
-  if (addressFormat == "bech32") return AccountType.p2wpkh;
-  if (addressFormat == "bech32m") return AccountType.p2tr;
+function descrTemplFrom(
+  addressFormat: AddressFormat
+): DefaultDescriptorTemplate {
+  if (addressFormat == "legacy") return "pkh(@0)";
+  if (addressFormat == "p2sh") return "sh(wpkh(@0))";
+  if (addressFormat == "bech32") return "wpkh(@0)";
+  if (addressFormat == "bech32m") return "tr(@0)";
   throw new Error("Unsupported address format " + addressFormat);
 }
 
-function accountTypeFromArg(arg: CreateTransactionArg): AccountType {
-  if (arg.additionals.includes("bech32m")) return AccountType.p2tr;
-  if (arg.additionals.includes("bech32")) return AccountType.p2wpkh;
-  if (arg.segwit) return AccountType.p2wpkhWrapped;
-  return AccountType.p2pkh;
-}
-
-/*
-The following two functions are copied from wallet-btc and adapted.
-They should be moved to a library to avoid code reuse. 
-*/
-function hashTapTweak(x: Buffer): Buffer {
-  // hash_tag(x) = SHA256(SHA256(tag) || SHA256(tag) || x), see BIP340
-  // See https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki#specification
-  const h = crypto.sha256(Buffer.from("TapTweak", "utf-8"));
-  return crypto.sha256(Buffer.concat([h, h, x]));
-}
-
-/**
- * Calculates a taproot output key from an internal key. This output key will be
- * used as witness program in a taproot output. The internal key is tweaked
- * according to recommendation in BIP341:
- * https://github.com/bitcoin/bips/blob/master/bip-0341.mediawiki#cite_ref-22-0
- *
- * @param internalPubkey A 32 byte x-only taproot internal key
- * @returns The output key
- */
-function getTaprootOutputKey(internalPubkey: Buffer): Buffer {
-  if (internalPubkey.length != 32) {
-    throw new Error("Expected 32 byte pubkey. Got " + internalPubkey.length);
-  }
-  // A BIP32 derived key can be converted to a schnorr pubkey by dropping
-  // the first byte, which represent the oddness/evenness. In schnorr all
-  // pubkeys are even.
-  // https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki#public-key-conversion
-  const evenEcdsaPubkey = Buffer.concat([Buffer.of(0x02), internalPubkey]);
-  const tweak = hashTapTweak(internalPubkey);
-
-  // Q = P + int(hash_TapTweak(bytes(P)))G
-  const outputEcdsaKey = Buffer.from(pointAddScalar(evenEcdsaPubkey, tweak));
-  // Convert to schnorr.
-  const outputSchnorrKey = outputEcdsaKey.slice(1);
-  // Create address
-  return outputSchnorrKey;
+function accountTypeFromArg(
+  arg: CreateTransactionArg,
+  psbt: PsbtV2,
+  masterFp: Buffer
+): AccountType {
+  if (arg.additionals.includes("bech32m")) return new p2tr(psbt, masterFp);
+  if (arg.additionals.includes("bech32")) return new p2wpkh(psbt, masterFp);
+  if (arg.segwit) return new p2wpkhWrapped(psbt, masterFp);
+  return new p2pkh(psbt, masterFp);
 }

package/src/newops/accounttype.ts

@@ -0,0 +1,370 @@
+import { crypto } from "bitcoinjs-lib";
+import { pointAddScalar } from "tiny-secp256k1";
+import { BufferWriter } from "../buffertools";
+import {
+  HASH_SIZE,
+  OP_CHECKSIG,
+  OP_DUP,
+  OP_EQUAL,
+  OP_EQUALVERIFY,
+  OP_HASH160,
+} from "../constants";
+import { hashPublicKey } from "../hashPublicKey";
+import { DefaultDescriptorTemplate } from "./policy";
+import { PsbtV2 } from "./psbtv2";
+
+export type SpendingCondition = {
+  scriptPubKey: Buffer;
+  redeemScript?: Buffer;
+  // Possible future extension:
+  // witnessScript?: Buffer; // For p2wsh witnessScript
+  // tapScript?: {tapPath: Buffer[], script: Buffer} // For taproot
+};
+
+export type SpentOutput = { cond: SpendingCondition; amount: Buffer };
+
+/**
+ * Encapsulates differences between account types, for example p2wpkh,
+ * p2wpkhWrapped, p2tr.
+ */
+export interface AccountType {
+  /**
+   * Generates a scriptPubKey (output script) from a list of public keys. If a
+   * p2sh redeemScript or a p2wsh witnessScript is needed it will also be set on
+   * the returned SpendingCondition.
+   *
+   * The pubkeys are expected to be 33 byte ecdsa compressed pubkeys.
+   */
+  spendingCondition(pubkeys: Buffer[]): SpendingCondition;
+
+  /**
+   * Populates the psbt with account type-specific data for an input.
+   * @param i The index of the input map to populate
+   * @param inputTx The full transaction containing the spent output. This may
+   * be omitted for taproot.
+   * @param spentOutput The amount and spending condition of the spent output
+   * @param pubkeys The 33 byte ecdsa compressed public keys involved in the input
+   * @param pathElems The paths corresponding to the pubkeys, in same order.
+   */
+  setInput(
+    i: number,
+    inputTx: Buffer | undefined,
+    spentOutput: SpentOutput,
+    pubkeys: Buffer[],
+    pathElems: number[][]
+  ): void;
+
+  /**
+   * Populates the psbt with account type-specific data for an output. This is typically
+   * done for change outputs and other outputs that goes to the same account as
+   * being spent from.
+   * @param i The index of the output map to populate
+   * @param cond The spending condition for this output
+   * @param pubkeys The 33 byte ecdsa compressed public keys involved in this output
+   * @param paths The paths corresponding to the pubkeys, in same order.
+   */
+  setOwnOutput(
+    i: number,
+    cond: SpendingCondition,
+    pubkeys: Buffer[],
+    paths: number[][]
+  ): void;
+
+  /**
+   * Returns the descriptor template for this account type. Currently only
+   * DefaultDescriptorTemplates are allowed, but that might be changed in the
+   * future. See class WalletPolicy for more information on descriptor
+   * templates.
+   */
+  getDescriptorTemplate(): DefaultDescriptorTemplate;
+}
+
+// eslint-disable-next-line @typescript-eslint/no-empty-interface
+interface BaseAccount extends AccountType {}
+
+abstract class BaseAccount implements AccountType {
+  constructor(protected psbt: PsbtV2, protected masterFp: Buffer) {}
+}
+
+/**
+ * Superclass for single signature accounts. This will make sure that the pubkey
+ * arrays and path arrays in the method arguments contains exactly one element
+ * and calls an abstract method to do the actual work.
+ */
+abstract class SingleKeyAccount extends BaseAccount {
+  spendingCondition(pubkeys: Buffer[]): SpendingCondition {
+    if (pubkeys.length != 1) {
+      throw new Error("Expected single key, got " + pubkeys.length);
+    }
+    return this.singleKeyCondition(pubkeys[0]);
+  }
+  protected abstract singleKeyCondition(pubkey: Buffer): SpendingCondition;
+
+  setInput(
+    i: number,
+    inputTx: Buffer | undefined,
+    spentOutput: SpentOutput,
+    pubkeys: Buffer[],
+    pathElems: number[][]
+  ) {
+    if (pubkeys.length != 1) {
+      throw new Error("Expected single key, got " + pubkeys.length);
+    }
+    if (pathElems.length != 1) {
+      throw new Error("Expected single path, got " + pathElems.length);
+    }
+    this.setSingleKeyInput(i, inputTx, spentOutput, pubkeys[0], pathElems[0]);
+  }
+  protected abstract setSingleKeyInput(
+    i: number,
+    inputTx: Buffer | undefined,
+    spentOutput: SpentOutput,
+    pubkey: Buffer,
+    path: number[]
+  );
+
+  setOwnOutput(
+    i: number,
+    cond: SpendingCondition,
+    pubkeys: Buffer[],
+    paths: number[][]
+  ) {
+    if (pubkeys.length != 1) {
+      throw new Error("Expected single key, got " + pubkeys.length);
+    }
+    if (paths.length != 1) {
+      throw new Error("Expected single path, got " + paths.length);
+    }
+    this.setSingleKeyOutput(i, cond, pubkeys[0], paths[0]);
+  }
+  protected abstract setSingleKeyOutput(
+    i: number,
+    cond: SpendingCondition,
+    pubkey: Buffer,
+    path: number[]
+  );
+}
+
+export class p2pkh extends SingleKeyAccount {
+  singleKeyCondition(pubkey: Buffer): SpendingCondition {
+    const buf = new BufferWriter();
+    const pubkeyHash = hashPublicKey(pubkey);
+    buf.writeSlice(Buffer.of(OP_DUP, OP_HASH160, HASH_SIZE));
+    buf.writeSlice(pubkeyHash);
+    buf.writeSlice(Buffer.of(OP_EQUALVERIFY, OP_CHECKSIG));
+    return { scriptPubKey: buf.buffer() };
+  }
+
+  setSingleKeyInput(
+    i: number,
+    inputTx: Buffer | undefined,
+    _spentOutput: SpentOutput,
+    pubkey: Buffer,
+    path: number[]
+  ) {
+    if (!inputTx) {
+      throw new Error("Full input base transaction required");
+    }
+    this.psbt.setInputNonWitnessUtxo(i, inputTx);
+    this.psbt.setInputBip32Derivation(i, pubkey, this.masterFp, path);
+  }
+
+  setSingleKeyOutput(
+    i: number,
+    cond: SpendingCondition,
+    pubkey: Buffer,
+    path: number[]
+  ) {
+    this.psbt.setOutputBip32Derivation(i, pubkey, this.masterFp, path);
+  }
+
+  getDescriptorTemplate(): DefaultDescriptorTemplate {
+    return "pkh(@0)";
+  }
+}
+
+export class p2tr extends SingleKeyAccount {
+  singleKeyCondition(pubkey: Buffer): SpendingCondition {
+    const xonlyPubkey = pubkey.slice(1); // x-only pubkey
+    const buf = new BufferWriter();
+    const outputKey = this.getTaprootOutputKey(xonlyPubkey);
+    buf.writeSlice(Buffer.of(0x51, 32)); // push1, pubkeylen
+    buf.writeSlice(outputKey);
+    return { scriptPubKey: buf.buffer() };
+  }
+
+  setSingleKeyInput(
+    i: number,
+    _inputTx: Buffer | undefined,
+    spentOutput: SpentOutput,
+    pubkey: Buffer,
+    path: number[]
+  ) {
+    const xonly = pubkey.slice(1);
+    this.psbt.setInputTapBip32Derivation(i, xonly, [], this.masterFp, path);
+    this.psbt.setInputWitnessUtxo(
+      i,
+      spentOutput.amount,
+      spentOutput.cond.scriptPubKey
+    );
+  }
+
+  setSingleKeyOutput(
+    i: number,
+    cond: SpendingCondition,
+    pubkey: Buffer,
+    path: number[]
+  ) {
+    const xonly = pubkey.slice(1);
+    this.psbt.setOutputTapBip32Derivation(i, xonly, [], this.masterFp, path);
+  }
+
+  getDescriptorTemplate(): DefaultDescriptorTemplate {
+    return "tr(@0)";
+  }
+
+  /*
+  The following two functions are copied from wallet-btc and adapted.
+  They should be moved to a library to avoid code reuse.
+  */
+  private hashTapTweak(x: Buffer): Buffer {
+    // hash_tag(x) = SHA256(SHA256(tag) || SHA256(tag) || x), see BIP340
+    // See https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki#specification
+    const h = crypto.sha256(Buffer.from("TapTweak", "utf-8"));
+    return crypto.sha256(Buffer.concat([h, h, x]));
+  }
+
+  /**
+   * Calculates a taproot output key from an internal key. This output key will be
+   * used as witness program in a taproot output. The internal key is tweaked
+   * according to recommendation in BIP341:
+   * https://github.com/bitcoin/bips/blob/master/bip-0341.mediawiki#cite_ref-22-0
+   *
+   * @param internalPubkey A 32 byte x-only taproot internal key
+   * @returns The output key
+   */
+  getTaprootOutputKey(internalPubkey: Buffer): Buffer {
+    if (internalPubkey.length != 32) {
+      throw new Error("Expected 32 byte pubkey. Got " + internalPubkey.length);
+    }
+    // A BIP32 derived key can be converted to a schnorr pubkey by dropping
+    // the first byte, which represent the oddness/evenness. In schnorr all
+    // pubkeys are even.
+    // https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki#public-key-conversion
+    const evenEcdsaPubkey = Buffer.concat([Buffer.of(0x02), internalPubkey]);
+    const tweak = this.hashTapTweak(internalPubkey);
+
+    // Q = P + int(hash_TapTweak(bytes(P)))G
+    const outputEcdsaKey = Buffer.from(pointAddScalar(evenEcdsaPubkey, tweak));
+    // Convert to schnorr.
+    const outputSchnorrKey = outputEcdsaKey.slice(1);
+    // Create address
+    return outputSchnorrKey;
+  }
+}
+
+export class p2wpkhWrapped extends SingleKeyAccount {
+  singleKeyCondition(pubkey: Buffer): SpendingCondition {
+    const buf = new BufferWriter();
+    const redeemScript = this.createRedeemScript(pubkey);
+    const scriptHash = hashPublicKey(redeemScript);
+    buf.writeSlice(Buffer.of(OP_HASH160, HASH_SIZE));
+    buf.writeSlice(scriptHash);
+    buf.writeUInt8(OP_EQUAL);
+    return { scriptPubKey: buf.buffer(), redeemScript: redeemScript };
+  }
+
+  setSingleKeyInput(
+    i: number,
+    inputTx: Buffer | undefined,
+    spentOutput: SpentOutput,
+    pubkey: Buffer,
+    path: number[]
+  ) {
+    if (!inputTx) {
+      throw new Error("Full input base transaction required");
+    }
+    this.psbt.setInputNonWitnessUtxo(i, inputTx);
+    this.psbt.setInputBip32Derivation(i, pubkey, this.masterFp, path);
+
+    const userSuppliedRedeemScript = spentOutput.cond.redeemScript;
+    const expectedRedeemScript = this.createRedeemScript(pubkey);
+    if (
+      userSuppliedRedeemScript &&
+      !expectedRedeemScript.equals(userSuppliedRedeemScript)
+    ) {
+      // At what point might a user set the redeemScript on its own?
+      throw new Error(`User-supplied redeemScript ${userSuppliedRedeemScript.toString(
+        "hex"
+      )} doesn't
+       match expected ${expectedRedeemScript.toString("hex")} for input ${i}`);
+    }
+    this.psbt.setInputRedeemScript(i, expectedRedeemScript);
+    this.psbt.setInputWitnessUtxo(
+      i,
+      spentOutput.amount,
+      spentOutput.cond.scriptPubKey
+    );
+  }
+
+  setSingleKeyOutput(
+    i: number,
+    cond: SpendingCondition,
+    pubkey: Buffer,
+    path: number[]
+  ) {
+    this.psbt.setOutputRedeemScript(i, cond.redeemScript!);
+    this.psbt.setOutputBip32Derivation(i, pubkey, this.masterFp, path);
+  }
+
+  getDescriptorTemplate(): DefaultDescriptorTemplate {
+    return "sh(wpkh(@0))";
+  }
+
+  private createRedeemScript(pubkey: Buffer): Buffer {
+    const pubkeyHash = hashPublicKey(pubkey);
+    return Buffer.concat([Buffer.from("0014", "hex"), pubkeyHash]);
+  }
+}
+
+export class p2wpkh extends SingleKeyAccount {
+  singleKeyCondition(pubkey: Buffer): SpendingCondition {
+    const buf = new BufferWriter();
+    const pubkeyHash = hashPublicKey(pubkey);
+    buf.writeSlice(Buffer.of(0, HASH_SIZE));
+    buf.writeSlice(pubkeyHash);
+    return { scriptPubKey: buf.buffer() };
+  }
+
+  setSingleKeyInput(
+    i: number,
+    inputTx: Buffer | undefined,
+    spentOutput: SpentOutput,
+    pubkey: Buffer,
+    path: number[]
+  ) {
+    if (!inputTx) {
+      throw new Error("Full input base transaction required");
+    }
+    this.psbt.setInputNonWitnessUtxo(i, inputTx);
+    this.psbt.setInputBip32Derivation(i, pubkey, this.masterFp, path);
+    this.psbt.setInputWitnessUtxo(
+      i,
+      spentOutput.amount,
+      spentOutput.cond.scriptPubKey
+    );
+  }
+
+  setSingleKeyOutput(
+    i: number,
+    cond: SpendingCondition,
+    pubkey: Buffer,
+    path: number[]
+  ) {
+    this.psbt.setOutputBip32Derivation(i, pubkey, this.masterFp, path);
+  }
+
+  getDescriptorTemplate(): DefaultDescriptorTemplate {
+    return "wpkh(@0)";
+  }
+}