rpcserver+tapscript: pre-fill and use key info from vPSBT

When signing a virtual PSBT, we don't want to use the key descriptor
info of the input asset's script key, as that information is not
available when the input asset is created from a de-serialized asset.
So previous to the change in this commit the SignVirtualPsbt RPC method
could only be called on vPSBTs that were funded through FundVirtualPsbt
that populated the key information.
After this commit it is possible to sign a vPSBT that was created from
an input proof only since the required key information is loaded from
the database before signing.

Author: guggero

rpcserver.go

@@ -1707,7 +1707,7 @@ func (r *rpcServer) FundVirtualPsbt(ctx context.Context,
 
 // SignVirtualPsbt signs the inputs of a virtual transaction and prepares the
 // commitments of the inputs and outputs.
-func (r *rpcServer) SignVirtualPsbt(_ context.Context,
+func (r *rpcServer) SignVirtualPsbt(ctx context.Context,
 	req *wrpc.SignVirtualPsbtRequest) (*wrpc.SignVirtualPsbtResponse,
 	error) {
 
@@ -1722,6 +1722,43 @@ func (r *rpcServer) SignVirtualPsbt(_ context.Context,
 		return nil, fmt.Errorf("error decoding packet: %w", err)
 	}
 
+	// Make sure the input keys are known.
+	for _, input := range vPkt.Inputs {
+		// If we have all the derivation information, we don't need to
+		// do anything.
+		if len(input.Bip32Derivation) > 0 &&
+			len(input.TaprootBip32Derivation) > 0 {
+
+			continue
+		}
+
+		scriptKey := input.Asset().ScriptKey
+
+		// If the full tweaked script key isn't set on the asset, we
+		// need to look it up in the local database, to make sure we'll
+		// be able to sign for it.
+		if scriptKey.TweakedScriptKey == nil {
+			tweakedScriptKey, err := r.cfg.AssetWallet.FetchScriptKey(
+				ctx, scriptKey.PubKey,
+			)
+			if err != nil {
+				return nil, fmt.Errorf("error fetching "+
+					"script key: %w", err)
+			}
+
+			scriptKey.TweakedScriptKey = tweakedScriptKey
+		}
+
+		derivation, trDerivation := tappsbt.Bip32DerivationFromKeyDesc(
+			scriptKey.TweakedScriptKey.RawKey,
+			r.cfg.ChainParams.HDCoinType,
+		)
+		input.Bip32Derivation = []*psbt.Bip32Derivation{derivation}
+		input.TaprootBip32Derivation = []*psbt.TaprootBip32Derivation{
+			trDerivation,
+		}
+	}
+
 	signedInputs, err := r.cfg.AssetWallet.SignVirtualPacket(vPkt)
 	if err != nil {
 		return nil, fmt.Errorf("error signing packet: %w", err)

tapscript/tx.go

@@ -17,7 +17,6 @@ import (
 	"github.com/lightninglabs/taproot-assets/mssmt"
 	"github.com/lightninglabs/taproot-assets/tappsbt"
 	"github.com/lightningnetwork/lnd/input"
-	"github.com/lightningnetwork/lnd/keychain"
 )
 
 var (
@@ -320,7 +319,14 @@ func CreateTaprootSignature(vIn *tappsbt.VInput, virtualTx *wire.MsgTx,
 			"one at a time")
 	}
 
-	derivation := vIn.TaprootBip32Derivation[0]
+	derivation := vIn.Bip32Derivation[0]
+	trDerivation := vIn.TaprootBip32Derivation[0]
+
+	keyDesc, err := tappsbt.KeyDescFromBip32Derivation(derivation)
+	if err != nil {
+		return nil, fmt.Errorf("error identifying input asset key "+
+			"descriptor from BIP-0032 derivation: %w", err)
+	}
 
 	// Compute a virtual prevOut from the input asset for the signer.
 	prevOut, err := InputAssetPrevOut(*vIn.Asset())
@@ -331,9 +337,7 @@ func CreateTaprootSignature(vIn *tappsbt.VInput, virtualTx *wire.MsgTx,
 	// Start with a default sign descriptor and the BIP-0086 sign method
 	// then adjust depending on the input parameters.
 	spendDesc := lndclient.SignDescriptor{
-		KeyDesc: keychain.KeyDescriptor{
-			PubKey: vIn.Asset().ScriptKey.RawKey.PubKey,
-		},
+		KeyDesc:    keyDesc,
 		SignMethod: input.TaprootKeySpendBIP0086SignMethod,
 		Output:     prevOut,
 		HashType:   vIn.SighashType,
@@ -350,7 +354,7 @@ func CreateTaprootSignature(vIn *tappsbt.VInput, virtualTx *wire.MsgTx,
 	// No leaf hash means we're not signing a specific script, so this is
 	// the key spend path with a script root.
 	case len(vIn.TaprootMerkleRoot) == sha256.Size &&
-		len(derivation.LeafHashes) == 0:
+		len(trDerivation.LeafHashes) == 0:
 
 		spendDesc.SignMethod = input.TaprootKeySpendSignMethod
 		spendDesc.TapTweak = vIn.TaprootMerkleRoot
@@ -359,7 +363,7 @@ func CreateTaprootSignature(vIn *tappsbt.VInput, virtualTx *wire.MsgTx,
 	// script. There can be other scripts in the tree, but we only support
 	// creating a signature for a single one at a time.
 	case len(vIn.TaprootMerkleRoot) == sha256.Size &&
-		len(derivation.LeafHashes) == 1:
+		len(trDerivation.LeafHashes) == 1:
 
 		// If we're supposed to be signing for a leaf hash, we also
 		// expect the leaf script that hashes to that hash in the
@@ -376,7 +380,7 @@ func CreateTaprootSignature(vIn *tappsbt.VInput, virtualTx *wire.MsgTx,
 			Script:      leafScript.Script,
 		}
 		leafHash := leaf.TapHash()
-		if !bytes.Equal(leafHash[:], derivation.LeafHashes[0]) {
+		if !bytes.Equal(leafHash[:], trDerivation.LeafHashes[0]) {
 			return nil, fmt.Errorf("specified leaf hash in " +
 				"taproot BIP-0032 derivation but " +
 				"corresponding taproot leaf script was not " +