Remove signature leaking.

Alpha has segregated witnesses, so txid doesn't include the inputs.
That means we can create the first commit transaction before we sign
the anchor tx.

Bitcoin will need to do this differently: presumbly via new sipops
(a OP_CHECKSIG2VERIFY I imagine).

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>

test-cli/HOWTO-USE.md

@@ -76,44 +76,30 @@ B:
 
 	test-cli/open-anchor-scriptsigs B-open.pb A-open.pb <B-TXINKEY>... > B-anchor-scriptsigs.pb
 
-STEP 3 (The INSECURE hack!)
-------
-Because we don't have tx normalization or equivalent, we need to
-share the signed anchor inputs so the other side can create the
-first commitment transaction.
-
-A:
-
-	test-cli/leak-anchor-sigs A-anchor-scriptsigs.pb > A-leak-anchor-sigs.pb
-
-B:
-
-	test-cli/leak-anchor-sigs B-anchor-scriptsigs.pb > B-leak-anchor-sigs.pb
-
-STEP 4
+STEP 3
 ------
 Now both sides create the commitment transaction signatures which spend
 the transaction output:
 
 A:
 
-	test-cli/open-commit-sig A-open.pb B-open.pb <A-TMPKEY> A-leak-anchor-sigs.pb B-leak-anchor-sigs.pb > A-commit-sig.pb
+	test-cli/open-commit-sig A-open.pb B-open.pb <A-TMPKEY> > A-commit-sig.pb
 B:
 
-	test-cli/open-commit-sig B-open.pb A-open.ob <B-TMPKEY> B-leak-anchor-sigs.pb A-leak-anchor-sigs.pb > B-commit-sig.pb
+	test-cli/open-commit-sig B-open.pb A-open.ob <B-TMPKEY> > B-commit-sig.pb
 
-STEP 5
+STEP 4
 ------
 Check the commitment signatures from the other side, and produce commit txs.
 
 A:
 
-	test-cli/check-commit-sig A-open.pb B-open.pb B-commit-sig.pb <A-TMPKEY> A-leak-anchor-sigs.pb B-leak-anchor-sigs.pb > A-commit-0.tx
+	test-cli/check-commit-sig A-open.pb B-open.pb B-commit-sig.pb <A-TMPKEY> > A-commit-0.tx
 B:
 
-	test-cli/check-commit-sig B-open.pb A-open.pb A-commit-sig.pb <B-TMPKEY> B-leak-anchor-sigs.pb A-leak-anchor-sigs.pb > B-commit-0.tx
+	test-cli/check-commit-sig B-open.pb A-open.pb A-commit-sig.pb <B-TMPKEY> > B-commit-0.tx
 
-STEP 6
+STEP 5
 ------
 Check the anchor signatures from the other side, and use them to generate the
 anchor transaction (as a hex string, suitable for bitcoind).
@@ -129,7 +115,7 @@ They should be identical:
 
 	cmp A-anchor.tx B-anchor.tx || echo FAIL
 
-STEP 7
+STEP 6
 ------
 Broadcast the anchor transaction:
 

test-cli/check-commit-sig.c

@@ -35,14 +35,14 @@ int main(int argc, char *argv[])
 	err_set_progname(argv[0]);
 
 	opt_register_noarg("--help|-h", opt_usage_and_exit,
-			   "<open-channel-file1> <open-channel-file2> <commit-sig-2> <commit-key1> <leak-anchor-sigs1> <leak-anchor-sigs2>\n"
+			   "<open-channel-file1> <open-channel-file2> <commit-sig-2> <commit-key1>\n"
 			   "Output the commitment transaction if both signatures are valid",
 			   "Print this message.");
 
  	opt_parse(&argc, argv, opt_log_stderr_exit);
 
-	if (argc != 7)
-		opt_usage_exit_fail("Expected 6 arguments");
+	if (argc != 5)
+		opt_usage_exit_fail("Expected 4 arguments");
 
 	o1 = pkt_from_file(argv[1], PKT__PKT_OPEN)->open;
 	o2 = pkt_from_file(argv[2], PKT__PKT_OPEN)->open;
@@ -61,7 +61,7 @@ int main(int argc, char *argv[])
 	anchor = anchor_tx_create(ctx, o1, o2, &inmap, &outmap);
 	if (!anchor)
 		errx(1, "Failed transaction merge");
-	anchor_txid(anchor, argv[5], argv[6], inmap, &txid);
+	anchor_txid(anchor, &txid);
 
 	/* Now create our commitment tx. */
 	proto_to_sha256(o1->revocation_hash, &rhash);

test-cli/open-commit-sig.c

@@ -36,14 +36,14 @@ int main(int argc, char *argv[])
 	err_set_progname(argv[0]);
 
 	opt_register_noarg("--help|-h", opt_usage_and_exit,
-			   "<open-channel-file1> <open-channel-file2> <commit-privkey> <leak-anchor-sigs1> <leak-anchor-sigs2>\n"
+			   "<open-channel-file1> <open-channel-file2> <commit-privkey>\n"
 			   "Create the signature needed for the commit transaction",
 			   "Print this message.");
 
  	opt_parse(&argc, argv, opt_log_stderr_exit);
 
-	if (argc != 6)
-		opt_usage_exit_fail("Expected 5 arguments");
+	if (argc != 4)
+		opt_usage_exit_fail("Expected 3 arguments");
 
 	o1 = pkt_from_file(argv[1], PKT__PKT_OPEN)->open;
 	o2 = pkt_from_file(argv[2], PKT__PKT_OPEN)->open;
@@ -59,7 +59,7 @@ int main(int argc, char *argv[])
 		errx(1, "Failed transaction merge");
 
 	/* Get the transaction ID of the anchor. */
-	anchor_txid(anchor, argv[4], argv[5], inmap, &txid);
+	anchor_txid(anchor, &txid);
 
 	/* Now create THEIR commitment tx to spend 2/2 output of anchor. */
 	proto_to_sha256(o2->revocation_hash, &rhash);

test-cli/scripts/test.sh

@@ -68,18 +68,14 @@ $PREFIX ./open-channel --locktime=60 $B_SEED $B_AMOUNT $B_CHANGEPUBKEY $B_TMPKEY
 $PREFIX ./open-anchor-scriptsigs A-open.pb B-open.pb $A_TXINKEY > A-anchor-scriptsigs.pb
 $PREFIX ./open-anchor-scriptsigs B-open.pb A-open.pb $B_TXINKEY > B-anchor-scriptsigs.pb
 
-# Now leak that signature.
-$PREFIX ./leak-anchor-sigs A-anchor-scriptsigs.pb > A-leak-anchor-sigs.pb
-$PREFIX ./leak-anchor-sigs B-anchor-scriptsigs.pb > B-leak-anchor-sigs.pb
-
 # Now create commit signature
-$PREFIX ./open-commit-sig A-open.pb B-open.pb $A_TMPKEY A-leak-anchor-sigs.pb B-leak-anchor-sigs.pb > A-commit-sig.pb
+$PREFIX ./open-commit-sig A-open.pb B-open.pb $A_TMPKEY > A-commit-sig.pb
 
-$PREFIX ./open-commit-sig B-open.pb A-open.pb $B_TMPKEY B-leak-anchor-sigs.pb A-leak-anchor-sigs.pb > B-commit-sig.pb
+$PREFIX ./open-commit-sig B-open.pb A-open.pb $B_TMPKEY > B-commit-sig.pb
 
 # Now check it.
-$PREFIX ./check-commit-sig A-open.pb B-open.pb B-commit-sig.pb $A_TMPKEY A-leak-anchor-sigs.pb B-leak-anchor-sigs.pb > A-commit.tx
-$PREFIX ./check-commit-sig B-open.pb A-open.pb A-commit-sig.pb $B_TMPKEY B-leak-anchor-sigs.pb A-leak-anchor-sigs.pb > B-commit.tx
+$PREFIX ./check-commit-sig A-open.pb B-open.pb B-commit-sig.pb $A_TMPKEY > A-commit.tx
+$PREFIX ./check-commit-sig B-open.pb A-open.pb A-commit-sig.pb $B_TMPKEY > B-commit.tx
 
 # Now check anchor sigs and make sure they're the same.
 $PREFIX ./check-anchor-scriptsigs A-open.pb B-open.pb A-anchor-scriptsigs.pb B-anchor-scriptsigs.pb > A-anchor.tx