tapsend: include altLeaves when validating anchors

Author: jharveyb

tapsend/send.go

@@ -1729,6 +1729,9 @@ func ValidateAnchorOutputs(anchorPacket *psbt.Packet,
 		outputSiblings   = make(
 			map[uint32]*commitment.TapscriptPreimage,
 		)
+		outputAltLeaves = make(
+			map[uint32][]asset.AltLeaf[asset.Asset],
+		)
 		outputCommitVersions = make(
 			map[uint32]*commitment.TapCommitmentVersion,
 		)
@@ -1827,6 +1830,10 @@ func ValidateAnchorOutputs(anchorPacket *psbt.Packet,
 				vOut.Asset,
 			)
 			outputSiblings[vOut.AnchorOutputIndex] = siblingPreimage
+			outputAltLeaves[vOut.AnchorOutputIndex] = append(
+				outputAltLeaves[vOut.AnchorOutputIndex],
+				asset.CopyAltLeaves(vOut.AltLeaves)...,
+			)
 
 			// Fetch the tap commitment version from the proof of
 			// inclusion for the vOutput.
@@ -1889,6 +1896,17 @@ func ValidateAnchorOutputs(anchorPacket *psbt.Packet,
 		}
 	}
 
+	// Each output must have a valid set of AltLeaves at this point.
+	for anchorIdx, leaves := range outputAltLeaves {
+		err := asset.ValidAltLeaves(leaves)
+		if err != nil {
+			finalErr := fmt.Errorf("output %d invalid alt "+
+				"leaves: %w", anchorIdx, err)
+			log.Tracef(finalErr.Error())
+			return finalErr
+		}
+	}
+
 	// We can now go through each anchor output that will carry assets and
 	// check that we arrive at the correct script.
 	for anchorIdx, assets := range outputAssets {
@@ -1900,6 +1918,14 @@ func ValidateAnchorOutputs(anchorPacket *psbt.Packet,
 				"output assets: %w", err)
 		}
 
+		err = anchorCommitment.MergeAltLeaves(
+			outputAltLeaves[anchorIdx],
+		)
+		if err != nil {
+			return fmt.Errorf("unable to merge output alt leaves: "+
+				"%w", err)
+		}
+
 		anchorOut := &anchorPacket.Outputs[anchorIdx]
 		anchorTxOut := anchorPacket.UnsignedTx.TxOut[anchorIdx]
 		internalKey, err := schnorr.ParsePubKey(
@@ -1988,6 +2014,9 @@ func ValidateAnchorInputs(anchorPacket *psbt.Packet, packets []*tappsbt.VPacket,
 		inputSiblings = make(
 			map[wire.OutPoint]*commitment.TapscriptPreimage,
 		)
+		inputAltLeaves = make(
+			map[wire.OutPoint][]asset.AltLeaf[asset.Asset],
+		)
 		inputAnchorIndex = make(map[wire.OutPoint]uint32)
 	)
 	for _, vPkt := range packets {
@@ -2077,6 +2106,10 @@ func ValidateAnchorInputs(anchorPacket *psbt.Packet, packets []*tappsbt.VPacket,
 				inputAssets[outpoint], vIn.Asset(),
 			)
 			inputSiblings[outpoint] = sibling
+			inputAltLeaves[outpoint] = append(
+				inputAltLeaves[outpoint],
+				asset.CopyAltLeaves(vIn.AltLeaves)...,
+			)
 			inputScripts[outpoint] = anchorIn.WitnessUtxo.PkScript
 			inputAnchors[outpoint] = vIn.Anchor
 		}
@@ -2090,6 +2123,15 @@ func ValidateAnchorInputs(anchorPacket *psbt.Packet, packets []*tappsbt.VPacket,
 		)
 	}
 
+	// Each input must have a valid set of AltLeaves at this point.
+	for outpoint, leaves := range inputAltLeaves {
+		err := asset.ValidAltLeaves(leaves)
+		if err != nil {
+			return fmt.Errorf("input %v invalid alt leaves: %w",
+				outpoint.String(), err)
+		}
+	}
+
 	// We can now go through each anchor input that contains assets being
 	// spent and check that we arrive at the correct script.
 	for anchorOutpoint, assets := range inputAssets {
@@ -2101,6 +2143,14 @@ func ValidateAnchorInputs(anchorPacket *psbt.Packet, packets []*tappsbt.VPacket,
 				"output assets: %w", err)
 		}
 
+		err = anchorCommitment.MergeAltLeaves(
+			inputAltLeaves[anchorOutpoint],
+		)
+		if err != nil {
+			return fmt.Errorf("unable to merge input alt leaves: "+
+				"%w", err)
+		}
+
 		anchorIdx := inputAnchorIndex[anchorOutpoint]
 		anchorIn := inputAnchors[anchorOutpoint]
 		internalKey := anchorIn.InternalKey

tapsend/send_test.go

@@ -399,7 +399,8 @@ func createPacket(t *testing.T, addr address.Tap, prevInput asset.PrevID,
 	}
 
 	for outputIdx := range len(vPacket.Outputs) {
-		vPacket.Outputs[outputIdx].SetAltLeaves(makeAltLeaves())
+		err := vPacket.Outputs[outputIdx].SetAltLeaves(makeAltLeaves())
+		require.NoError(t, err)
 	}
 
 	return vPacket
@@ -618,7 +619,7 @@ func checkOutputCommitments(t *testing.T, vPkt *tappsbt.VPacket,
 			return leaf.DeepEqual(altLeaf)
 		}
 
-		fn.All(vOut.AltLeaves, matchingAltLeaf)
+		require.True(t, fn.All(vOut.AltLeaves, matchingAltLeaf))
 	}
 
 	inputMatchingAsset := !isSplit
@@ -2498,6 +2499,7 @@ func TestValidateAnchorOutputs(t *testing.T) {
 		key1        = test.RandPubKey(t)
 		key2        = test.RandPubKey(t)
 		asset1      = asset.RandAsset(t, asset.RandAssetType(t))
+		altLeaves   = asset.ToAltLeaves(asset.RandAltLeaves(t, true))
 		emptyProof  = &proof.CommitmentProof{}
 		vOutSibling = &tappsbt.VOutput{
 			AnchorOutputIndex:            0,
@@ -2509,6 +2511,7 @@ func TestValidateAnchorOutputs(t *testing.T) {
 					CommitmentProof: emptyProof,
 				},
 			},
+			AltLeaves: altLeaves,
 		}
 		vOutNoSibling = &tappsbt.VOutput{
 			AnchorOutputIndex:       0,
@@ -2519,12 +2522,16 @@ func TestValidateAnchorOutputs(t *testing.T) {
 					CommitmentProof: emptyProof,
 				},
 			},
+			AltLeaves: altLeaves,
 		}
 		keyRoot = tappsbt.PsbtKeyTypeOutputTaprootMerkleRoot
 	)
 	asset1Commitment, err := commitment.FromAssets(nil, asset1)
 	require.NoError(t, err)
 
+	err = asset1Commitment.MergeAltLeaves(altLeaves)
+	require.NoError(t, err)
+
 	vOutCommitmentProof := proof.CommitmentProof{
 		Proof: commitment.Proof{
 			TaprootAssetProof: commitment.TaprootAssetProof{