hsm: don't require privkey for signing off on funding.

I made it privkey to prove we owned one key, but without the HSM checking
we have a valid sig for the first commitment transaction, and that
we haven't revealed the revocation secret key, why bother?

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>

lightningd/hsm/hsm.c

@@ -358,7 +358,6 @@ static u8 *sign_funding_tx(const tal_t *ctx, const u8 *data)
 	const tal_t *tmpctx = tal_tmpctx(ctx);
 	u64 satoshi_out, change_out;
 	u32 change_keyindex;
-	struct privkey local_privkey;
 	struct pubkey local_pubkey, remote_pubkey;
 	struct utxo *inputs;
 	struct bitcoin_tx *tx;
@@ -370,16 +369,10 @@ static u8 *sign_funding_tx(const tal_t *ctx, const u8 *data)
 	/* FIXME: Check fee is "reasonable" */
 	if (!fromwire_hsmctl_sign_funding(tmpctx, data, NULL,
 					  &satoshi_out, &change_out,
-					  &change_keyindex, &local_privkey,
+					  &change_keyindex, &local_pubkey,
 					  &local_pubkey, &inputs))
 		status_failed(WIRE_HSMSTATUS_BAD_REQUEST, "Bad SIGN_FUNDING");
 
-	if (!secp256k1_ec_pubkey_create(secp256k1_ctx,
-					&local_pubkey.pubkey,
-					local_privkey.secret))
-		status_failed(WIRE_HSMSTATUS_BAD_REQUEST,
-			      "Bad SIGN_FUNDING privkey");
-
 	tx = bitcoin_tx(tmpctx, tal_count(inputs), 1 + !!change_out);
 	inmap = tal_arr(tmpctx, const void *, tal_count(inputs));
 	for (i = 0; i < tal_count(inputs); i++) {

lightningd/hsm/hsm_control_wire_csv

@@ -19,7 +19,7 @@ hsmctl_sign_funding,4
 hsmctl_sign_funding,0,satoshi_out,8
 hsmctl_sign_funding,8,change_out,8
 hsmctl_sign_funding,16,change_keyindex,4
-hsmctl_sign_funding,20,our_privkey,32,struct privkey
+hsmctl_sign_funding,20,our_pubkey,33
 hsmctl_sign_funding,52,their_pubkey,33
 hsmctl_sign_funding,85,num_inputs,2
 hsmctl_sign_funding,87,inputs,num_inputs*49,struct utxo