From cf333e45e15afeef97db2c074ebecd0479b90d11 Mon Sep 17 00:00:00 2001
From: Rusty Russell <rusty@rustcorp.com.au>
Date: Wed, 3 Jun 2015 13:58:23 +0930
Subject: [PATCH] Fix thinko: open-commit-sig needs to sign *their* commit tx.

And check-commit-sig needs to check it against ours.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
---
 check-commit-sig.c | 45 +++++++++++++++++++++++++++------------------
 open-commit-sig.c  |  5 +++--
 2 files changed, 30 insertions(+), 20 deletions(-)

diff --git a/check-commit-sig.c b/check-commit-sig.c
index 316509404..26d1efeca 100644
--- a/check-commit-sig.c
+++ b/check-commit-sig.c
@@ -1,6 +1,6 @@
 /* My example:
  * ./check-commit-sig A-open.pb B-open.pb A-commit-sig.pb B-commit-sig.pb cUBCjrdJu8tfvM7FT8So6aqs6G6bZS1Cax6Rc9rFzYL6nYG4XNEC A-leak-anchor-sigs.pb B-leak-anchor-sigs.pb > A-commit.tx
- * ./check-commit-sig B-open.pb A-open.pb B-commit-sig.pb A-commit-sig.pb cQXhbUnNRsFcdzTQwjbCrud5yVskHTEas7tZPUWoJYNk5htGQrpi B-leak-anchor-sigs.pb A-leak-anchor-sigs.pb > B-commit.tx
+ * ./check-commit-sig B-open.pb A-open.pb B-commit-sig.pb A-commit-sig.pb cUBCjrdJu8tfvM7FT8So6aqs6G6bZS1Cax6Rc9rFzYL6nYG4XNEC B-leak-anchor-sigs.pb A-leak-anchor-sigs.pb > B-commit.tx
  */
 #include <ccan/crypto/shachain/shachain.h>
 #include <ccan/short_types/short_types.h>
@@ -25,40 +25,47 @@ int main(int argc, char *argv[])
 {
 	const tal_t *ctx = tal_arr(NULL, char, 0);
 	OpenChannel *o1, *o2;
-	OpenCommitSig *cs1, *cs2;
+	OpenCommitSig *cs2;
 	struct bitcoin_tx *anchor, *commit;
 	struct sha256_double txid;
 	u8 *tx_arr;
 	size_t *inmap, *outmap;
 	struct pubkey pubkey1, pubkey2;
-	struct signature sig1, sig2;
+	struct signature *sig1, sig2;
 	char *tx_hex;
+	EC_KEY *privkey;
+	bool testnet;
 
 	err_set_progname(argv[0]);
 
 	opt_register_noarg("--help|-h", opt_usage_and_exit,
-			   "<open-channel-file1> <open-channel-file2> <commit-sig-1> <commit-sig-2> <commit-key1> <leak-anchor-sigs1> <leak-anchor-sigs2>\n"
+			   "<open-channel-file1> <open-channel-file2> <commit-sig-2> <commit-key1> <leak-anchor-sigs1> <leak-anchor-sigs2>\n"
 			   "Output the commitment transaction if both signatures are valid",
 			   "Print this message.");
 
  	opt_parse(&argc, argv, opt_log_stderr_exit);
 
-	if (argc != 8)
+	if (argc != 7)
 		opt_usage_and_exit(NULL);
 
 	o1 = pkt_from_file(argv[1], PKT__PKT_OPEN)->open;
 	o2 = pkt_from_file(argv[2], PKT__PKT_OPEN)->open;
-	cs1 = pkt_from_file(argv[3], PKT__PKT_OPEN_COMMIT_SIG)->open_commit_sig;
-	cs2 = pkt_from_file(argv[4], PKT__PKT_OPEN_COMMIT_SIG)->open_commit_sig;
+	cs2 = pkt_from_file(argv[3], PKT__PKT_OPEN_COMMIT_SIG)->open_commit_sig;
+
+	privkey = key_from_base58(argv[4], strlen(argv[4]), &testnet, &pubkey1);
+	if (!privkey)
+		errx(1, "Invalid private key '%s'", argv[4]);
+	if (!testnet)
+		errx(1, "Private key '%s' not on testnet!", argv[4]);
 
 	/* Get the transaction ID of the anchor. */
 	anchor = anchor_tx_create(ctx, o1, o2, &inmap, &outmap);
 	if (!anchor)
 		errx(1, "Failed transaction merge");
-	anchor_txid(anchor, argv[6], argv[7], inmap, &txid);
+	anchor_txid(anchor, argv[5], argv[6], inmap, &txid);
 
-	/* Now create THEIR commitment tx. */
-	commit = create_commit_tx(ctx, o2, o1, &txid, outmap[0]);
+	/* Now create our commitment tx. */
+	commit = create_commit_tx(ctx, o1, o2, &txid, outmap[0]);
 
 	/* If contributions don't exceed fees, this fails. */
 	if (!commit)
@@ -68,23 +75,25 @@ int main(int argc, char *argv[])
 		     (long long)o1->commitment_fee,
 		     (long long)o2->commitment_fee);
 
+	/* FIXME: Creating out signature just to check the script we create
+	 * is overkill: if their signature and pubkey signed the commit txin,
+	 * we're happy. */
+	sig1 = sign_tx_input(ctx, commit, 0, anchor->output[outmap[0]].script,
+			     anchor->output[outmap[0]].script_length, privkey);
+
 	/* Signatures and pubkeys well-formed? */
-	if (!proto_to_signature(cs1->sig, &sig1))
-		errx(1, "Invalid commit-sig-1");
 	if (!proto_to_signature(cs2->sig, &sig2))
 		errx(1, "Invalid commit-sig-2");
-	if (!proto_to_pubkey(o1->anchor->pubkey, &pubkey1))
-		errx(1, "Invalid anchor-1 key");
 	if (!proto_to_pubkey(o2->anchor->pubkey, &pubkey2))
 		errx(1, "Invalid anchor-2 key");
-	
-	/* Their signature must validate correctly. */
+
+	/* Combined signatures must validate correctly. */
 	if (!check_2of2_sig(commit, 0, &anchor->output[outmap[0]],
-			    &pubkey1, &pubkey2, &sig1, &sig2))
+			    &pubkey1, &pubkey2, sig1, &sig2))
 		errx(1, "Signature failed");
 
 	/* Create p2sh input for commit */
-	commit->input[0].script = scriptsig_p2sh_2of2(commit, &sig1, &sig2,
+	commit->input[0].script = scriptsig_p2sh_2of2(commit, sig1, &sig2,
 						      &pubkey1, &pubkey2);
 	commit->input[0].script_length = tal_count(commit->input[0].script);
 
diff --git a/open-commit-sig.c b/open-commit-sig.c
index 442aba06f..e801b8f30 100644
--- a/open-commit-sig.c
+++ b/open-commit-sig.c
@@ -63,8 +63,8 @@ int main(int argc, char *argv[])
 	/* Get the transaction ID of the anchor. */
 	anchor_txid(anchor, argv[4], argv[5], inmap, &txid);
 
-	/* Now create commitment tx to spend 2/2 output of anchor. */
-	commit = create_commit_tx(ctx, o1, o2, &txid, outmap[0]);
+	/* Now create THEIR commitment tx to spend 2/2 output of anchor. */
+	commit = create_commit_tx(ctx, o2, o1, &txid, outmap[0]);
 
 	/* If contributions don't exceed fees, this fails. */
 	if (!commit)
@@ -74,6 +74,7 @@ int main(int argc, char *argv[])
 		     (long long)o1->commitment_fee,
 		     (long long)o2->commitment_fee);
 
+	/* Sign it for them. */
 	sig = sign_tx_input(ctx, commit, 0, anchor->output[outmap[0]].script,
 			    anchor->output[outmap[0]].script_length, privkey);