channeld: implement htlc sig checking changes for option_anchor_outputs.

This is best done by passing `struct bitcoin_signature` around instead of raw signatures. We still save raw sigs to the db, and of course the wire protocol uses them. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
5 years ago · d8d1014ca4
12 changed files with 97 additions and 57 deletions
--- a/channeld/channel_wire.csv
+++ b/channeld/channel_wire.csv
@ -116,7 +116,7 @@ msgdata,channel_sending_commitsig,num_changed,u16,
 msgdata,channel_sending_commitsig,changed,changed_htlc,num_changed
 msgdata,channel_sending_commitsig,commit_sig,bitcoin_signature,
 msgdata,channel_sending_commitsig,num_htlc_sigs,u16,
-msgdata,channel_sending_commitsig,htlc_sigs,secp256k1_ecdsa_signature,num_htlc_sigs
+msgdata,channel_sending_commitsig,htlc_sigs,bitcoin_signature,num_htlc_sigs

 # Wait for reply, to make sure it's on disk before we send commit.
 msgtype,channel_sending_commitsig_reply,1120
@ -127,7 +127,7 @@ msgdata,channel_got_commitsig,commitnum,u64,
 msgdata,channel_got_commitsig,fee_states,fee_states,
 msgdata,channel_got_commitsig,signature,bitcoin_signature,
 msgdata,channel_got_commitsig,num_htlcs,u16,
-msgdata,channel_got_commitsig,htlc_signature,secp256k1_ecdsa_signature,num_htlcs
+msgdata,channel_got_commitsig,htlc_signature,bitcoin_signature,num_htlcs
 # RCVD_ADD_COMMIT: we're now committed to their new offered HTLCs.
 msgdata,channel_got_commitsig,num_added,u16,
 msgdata,channel_got_commitsig,added,added_htlc,num_added
--- a/channeld/channeld.c
+++ b/channeld/channeld.c
@ -738,7 +738,7 @@ static u8 *sending_commitsig_msg(const tal_t *ctx,
 				 const struct fee_states *fee_states,
 				 const struct htlc **changed_htlcs,
 				 const struct bitcoin_signature *commit_sig,
-				 const secp256k1_ecdsa_signature *htlc_sigs)
+				 const struct bitcoin_signature *htlc_sigs)
 {
 	struct changed_htlc *changed;
 	u8 *msg;
@ -827,7 +827,7 @@ static u8 *master_wait_sync_reply(const tal_t *ctx,
 }

 /* Returns HTLC sigs, sets commit_sig */
-static secp256k1_ecdsa_signature *calc_commitsigs(const tal_t *ctx,
+static struct bitcoin_signature *calc_commitsigs(const tal_t *ctx,
 						  const struct peer *peer,
 						  struct bitcoin_tx **txs,
 						  const u8 *funding_wscript,
@ -838,7 +838,7 @@ static secp256k1_ecdsa_signature *calc_commitsigs(const tal_t *ctx,
 	size_t i;
 	struct pubkey local_htlckey;
 	const u8 *msg;
-	secp256k1_ecdsa_signature *htlc_sigs;
+	struct bitcoin_signature *htlc_sigs;

 	msg = towire_hsm_sign_remote_commitment_tx(NULL, txs[0],
 						   &peer->channel->funding_pubkey[REMOTE],
@ -874,10 +874,9 @@ static secp256k1_ecdsa_signature *calc_commitsigs(const tal_t *ctx,
 	 *  - MUST include one `htlc_signature` for every HTLC transaction
 	 *    corresponding to the ordering of the commitment transaction
 	 */
-	htlc_sigs = tal_arr(ctx, secp256k1_ecdsa_signature, tal_count(txs) - 1);
+	htlc_sigs = tal_arr(ctx, struct bitcoin_signature, tal_count(txs) - 1);

 	for (i = 0; i < tal_count(htlc_sigs); i++) {
-		struct bitcoin_signature sig;
 		u8 *wscript;

 		wscript = bitcoin_tx_output_get_witscript(tmpctx, txs[0],
@ -887,22 +886,21 @@ static secp256k1_ecdsa_signature *calc_commitsigs(const tal_t *ctx,
 						     false /* FIXME-anchor */);

 		msg = hsm_req(tmpctx, take(msg));
-		if (!fromwire_hsm_sign_tx_reply(msg, &sig))
+		if (!fromwire_hsm_sign_tx_reply(msg, &htlc_sigs[i]))
 			status_failed(STATUS_FAIL_HSM_IO,
 				      "Bad sign_remote_htlc_tx reply: %s",
 				      tal_hex(tmpctx, msg));

-		htlc_sigs[i] = sig.s;
 		status_debug("Creating HTLC signature %s for tx %s wscript %s key %s",
 			     type_to_string(tmpctx, struct bitcoin_signature,
-					    &sig),
+					    &htlc_sigs[i]),
 			     type_to_string(tmpctx, struct bitcoin_tx, txs[1+i]),
 			     tal_hex(tmpctx, wscript),
 			     type_to_string(tmpctx, struct pubkey,
 					    &local_htlckey));
 		assert(check_tx_sig(txs[1+i], 0, NULL, wscript,
 				    &local_htlckey,
-				    &sig));
+				    &htlc_sigs[i]));
 	}

 	return htlc_sigs;
@ -929,12 +927,48 @@ static void maybe_send_ping(struct peer *peer)
 	peer->expecting_pong = true;
 }

+/* Peer protocol doesn't want sighash flags. */
+static secp256k1_ecdsa_signature *raw_sigs(const tal_t *ctx,
+					   const struct bitcoin_signature *sigs)
+{
+	secp256k1_ecdsa_signature *raw;
+
+	raw = tal_arr(ctx, secp256k1_ecdsa_signature, tal_count(sigs));
+	for (size_t i = 0; i < tal_count(sigs); i++)
+		raw[i] = sigs[i].s;
+	return raw;
+}
+
+static struct bitcoin_signature *unraw_sigs(const tal_t *ctx,
+					    const secp256k1_ecdsa_signature *raw,
+					    bool option_anchor_outputs)
+{
+	struct bitcoin_signature *sigs;
+
+	sigs = tal_arr(ctx, struct bitcoin_signature, tal_count(raw));
+	for (size_t i = 0; i < tal_count(raw); i++) {
+		sigs[i].s = raw[i];
+
+		/* BOLT-a12da24dd0102c170365124782b46d9710950ac1 #3:
+		 * ## HTLC-Timeout and HTLC-Success Transactions
+		 *...
+		 * * if `option_anchor_outputs` applies to this commitment
+		 *   transaction, `SIGHASH_SINGLE|SIGHASH_ANYONECANPAY` is
+		 *   used.
+		 */
+		if (option_anchor_outputs)
+			sigs[i].sighash_type = SIGHASH_SINGLE|SIGHASH_ANYONECANPAY;
+		else
+			sigs[i].sighash_type = SIGHASH_ALL;
+	}
+	return sigs;
+}
+
 static void send_commit(struct peer *peer)
 {
 	u8 *msg;
 	const struct htlc **changed_htlcs;
-	struct bitcoin_signature commit_sig;
-	secp256k1_ecdsa_signature *htlc_sigs;
+	struct bitcoin_signature commit_sig, *htlc_sigs;
 	struct bitcoin_tx **txs;
 	const u8 *funding_wscript;
 	const struct htlc **htlc_map;
@ -1067,7 +1101,7 @@ static void send_commit(struct peer *peer)

 	msg = towire_commitment_signed(NULL, &peer->channel_id,
 				       &commit_sig.s,
-				       htlc_sigs);
+				       raw_sigs(tmpctx, htlc_sigs));
 	sync_crypto_write_no_delay(peer->pps, take(msg));

 	maybe_send_shutdown(peer);
@ -1187,7 +1221,7 @@ static void marshall_htlc_info(const tal_t *ctx,

 static void send_revocation(struct peer *peer,
 			    const struct bitcoin_signature *commit_sig,
-			    const secp256k1_ecdsa_signature *htlc_sigs,
+			    const struct bitcoin_signature *htlc_sigs,
 			    const struct htlc **changed_htlcs,
 			    const struct bitcoin_tx *committx)
 {
@ -1244,7 +1278,8 @@ static void handle_peer_commit_sig(struct peer *peer, const u8 *msg)
 {
 	struct channel_id channel_id;
 	struct bitcoin_signature commit_sig;
-	secp256k1_ecdsa_signature *htlc_sigs;
+	secp256k1_ecdsa_signature *raw_sigs;
+	struct bitcoin_signature *htlc_sigs;
 	struct pubkey remote_htlckey;
 	struct bitcoin_tx **txs;
 	const struct htlc **htlc_map, **changed_htlcs;
@ -1279,12 +1314,13 @@ static void handle_peer_commit_sig(struct peer *peer, const u8 *msg)
 	}

 	if (!fromwire_commitment_signed(tmpctx, msg,
-					&channel_id, &commit_sig.s, &htlc_sigs))
+					&channel_id, &commit_sig.s, &raw_sigs))
 		peer_failed(peer->pps,
 			    &peer->channel_id,
 			    "Bad commit_sig %s", tal_hex(msg, msg));
 	/* SIGHASH_ALL is implied. */
 	commit_sig.sighash_type = SIGHASH_ALL;
+	htlc_sigs = unraw_sigs(tmpctx, raw_sigs, false /* FIXME-anchor */);

 	txs =
 	    channel_txs(tmpctx, &htlc_map, NULL,
@ -1353,22 +1389,17 @@ static void handle_peer_commit_sig(struct peer *peer, const u8 *msg)
 	 *     - MUST fail the channel.
 	 */
 	for (i = 0; i < tal_count(htlc_sigs); i++) {
-		struct bitcoin_signature sig;
 		u8 *wscript;

 		wscript = bitcoin_tx_output_get_witscript(tmpctx, txs[0],
 							  txs[i+1]->wtx->inputs[0].index);

-		/* SIGHASH_ALL is implied. */
-		sig.s = htlc_sigs[i];
-		sig.sighash_type = SIGHASH_ALL;
-
 		if (!check_tx_sig(txs[1+i], 0, NULL, wscript,
-				  &remote_htlckey, &sig))
+				  &remote_htlckey, &htlc_sigs[i]))
 			peer_failed(peer->pps,
 				    &peer->channel_id,
 				    "Bad commit_sig signature %s for htlc %s wscript %s key %s",
-				    type_to_string(msg, struct bitcoin_signature, &sig),
+				    type_to_string(msg, struct bitcoin_signature, &htlc_sigs[i]),
 				    type_to_string(msg, struct bitcoin_tx, txs[1+i]),
 				    tal_hex(msg, wscript),
 				    type_to_string(msg, struct pubkey,
@ -2088,8 +2119,7 @@ static void send_fail_or_fulfill(struct peer *peer, const struct htlc *h)
 static void resend_commitment(struct peer *peer, const struct changed_htlc *last)
 {
 	size_t i;
-	struct bitcoin_signature commit_sig;
-	secp256k1_ecdsa_signature *htlc_sigs;
+	struct bitcoin_signature commit_sig, *htlc_sigs;
 	u8 *msg;
 	struct bitcoin_tx **txs;
 	const u8 *funding_wscript;
@ -2185,7 +2215,8 @@ static void resend_commitment(struct peer *peer, const struct changed_htlc *last
 	htlc_sigs = calc_commitsigs(tmpctx, peer, txs, funding_wscript, htlc_map, peer->next_index[REMOTE]-1,
 				    &commit_sig);
 	msg = towire_commitment_signed(NULL, &peer->channel_id,
-				       &commit_sig.s, htlc_sigs);
+				       &commit_sig.s,
+				       raw_sigs(tmpctx, htlc_sigs));
 	sync_crypto_write(peer->pps, take(msg));

 	/* If we have already received the revocation for the previous, the
--- a/lightningd/channel.c
+++ b/lightningd/channel.c
@ -170,7 +170,7 @@ struct channel *new_channel(struct peer *peer, u64 dbid,
 			    struct bitcoin_tx *last_tx,
 			    const struct bitcoin_signature *last_sig,
 			    /* NULL or stolen */
-			    secp256k1_ecdsa_signature *last_htlc_sigs,
+			    const struct bitcoin_signature *last_htlc_sigs,
 			    const struct channel_info *channel_info,
 			    /* NULL or stolen */
 			    u8 *remote_shutdown_scriptpubkey,
--- a/lightningd/channel.h
+++ b/lightningd/channel.h
@ -82,7 +82,7 @@ struct channel {
 	struct bitcoin_tx *last_tx;
 	enum wallet_tx_type last_tx_type;
 	struct bitcoin_signature last_sig;
-	secp256k1_ecdsa_signature *last_htlc_sigs;
+	const struct bitcoin_signature *last_htlc_sigs;

 	/* Keys for channel */
 	struct channel_info channel_info;
@ -166,7 +166,7 @@ struct channel *new_channel(struct peer *peer, u64 dbid,
 			    struct bitcoin_tx *last_tx STEALS,
 			    const struct bitcoin_signature *last_sig,
 			    /* NULL or stolen */
-			    secp256k1_ecdsa_signature *last_htlc_sigs STEALS,
+			    const struct bitcoin_signature *last_htlc_sigs STEALS,
 			    const struct channel_info *channel_info,
 			    /* NULL or stolen */
 			    u8 *remote_shutdown_scriptpubkey STEALS,
--- a/lightningd/peer_htlcs.c
+++ b/lightningd/peer_htlcs.c
@ -1700,7 +1700,7 @@ void peer_sending_commitsig(struct channel *channel, const u8 *msg)
 	struct changed_htlc *changed_htlcs;
 	size_t i, maxid = 0, num_local_added = 0;
 	struct bitcoin_signature commit_sig;
-	secp256k1_ecdsa_signature *htlc_sigs;
+	struct bitcoin_signature *htlc_sigs;
 	struct lightningd *ld = channel->peer->ld;
 	struct penalty_base *pbase;

@ -1890,8 +1890,7 @@ void peer_got_commitsig(struct channel *channel, const u8 *msg)
 {
 	u64 commitnum;
 	struct fee_states *fee_states;
-	struct bitcoin_signature commit_sig;
-	secp256k1_ecdsa_signature *htlc_sigs;
+	struct bitcoin_signature commit_sig, *htlc_sigs;
 	struct added_htlc *added;
 	struct fulfilled_htlc *fulfilled;
 	struct failed_htlc **failed;
--- a/onchaind/onchain_wire.csv
+++ b/onchaind/onchain_wire.csv
@ -39,7 +39,7 @@ msgdata,onchain_init,locktime,u32,
 msgdata,onchain_init,tx_blockheight,u32,
 msgdata,onchain_init,reasonable_depth,u32,
 msgdata,onchain_init,num_htlc_sigs,u16,
-msgdata,onchain_init,htlc_signature,secp256k1_ecdsa_signature,num_htlc_sigs
+msgdata,onchain_init,htlc_signature,bitcoin_signature,num_htlc_sigs
 msgdata,onchain_init,num_htlcs,u64,
 msgdata,onchain_init,min_possible_feerate,u32,
 msgdata,onchain_init,max_possible_feerate,u32,
--- a/onchaind/onchaind.c
+++ b/onchaind/onchaind.c
@ -732,7 +732,7 @@ new_tracked_output(struct tracked_output ***outs,
 		   enum output_type output_type,
 		   const struct htlc_stub *htlc,
 		   const u8 *wscript,
-		   const secp256k1_ecdsa_signature *remote_htlc_sig)
+		   const struct bitcoin_signature *remote_htlc_sig TAKES)
 {
 	struct tracked_output *out = tal(*outs, struct tracked_output);

@ -754,13 +754,10 @@ new_tracked_output(struct tracked_output ***outs,
 	if (htlc)
 		out->htlc = *htlc;
 	out->wscript = tal_steal(out, wscript);
-	if (remote_htlc_sig) {
-		struct bitcoin_signature *sig;
-		sig = tal(out, struct bitcoin_signature);
-		sig->s = *remote_htlc_sig;
-		sig->sighash_type = SIGHASH_ALL;
-		out->remote_htlc_sig = sig;
-	} else
+	if (remote_htlc_sig)
+		out->remote_htlc_sig = tal_dup(out, struct bitcoin_signature,
+					       remote_htlc_sig);
+	else
 		out->remote_htlc_sig = NULL;

 	tal_arr_expand(outs, out);
@ -2153,7 +2150,7 @@ static void handle_our_unilateral(const struct tx_parts *tx,
 				  const struct htlc_stub *htlcs,
 				  const bool *tell_if_missing,
 				  const bool *tell_immediately,
-				  const secp256k1_ecdsa_signature *remote_htlc_sigs,
+				  const struct bitcoin_signature *remote_htlc_sigs,
 				  struct tracked_output **outs,
 				  bool is_replay)
 {
@ -3195,7 +3192,7 @@ int main(int argc, char *argv[])
 	struct tx_parts *tx;
 	struct tracked_output **outs;
 	struct bitcoin_txid our_broadcast_txid, tmptxid;
-	secp256k1_ecdsa_signature *remote_htlc_sigs;
+	struct bitcoin_signature *remote_htlc_sigs;
 	struct amount_sat funding;
 	u64 num_htlcs;
 	u8 *scriptpubkey[NUM_SIDES];
--- a/onchaind/test/run-grind_feerate-bug.c
+++ b/onchaind/test/run-grind_feerate-bug.c
@ -50,7 +50,7 @@ bool fromwire_onchain_dev_memleak(const void *p UNNEEDED)
 bool fromwire_onchain_htlc(const void *p UNNEEDED, struct htlc_stub *htlc UNNEEDED, bool *tell_if_missing UNNEEDED, bool *tell_immediately UNNEEDED)
 { fprintf(stderr, "fromwire_onchain_htlc called!\n"); abort(); }
 /* Generated stub for fromwire_onchain_init */
-bool fromwire_onchain_init(const tal_t *ctx UNNEEDED, const void *p UNNEEDED, struct shachain *shachain UNNEEDED, const struct chainparams **chainparams UNNEEDED, struct amount_sat *funding_amount_satoshi UNNEEDED, struct amount_msat *our_msat UNNEEDED, struct pubkey *old_remote_per_commitment_point UNNEEDED, struct pubkey *remote_per_commitment_point UNNEEDED, u32 *local_to_self_delay UNNEEDED, u32 *remote_to_self_delay UNNEEDED, u32 *delayed_to_us_feerate UNNEEDED, u32 *htlc_feerate UNNEEDED, u32 *penalty_feerate UNNEEDED, struct amount_sat *local_dust_limit_satoshi UNNEEDED, struct bitcoin_txid *our_broadcast_txid UNNEEDED, u8 **local_scriptpubkey UNNEEDED, u8 **remote_scriptpubkey UNNEEDED, struct pubkey *ourwallet_pubkey UNNEEDED, enum side *opener UNNEEDED, struct basepoints *local_basepoints UNNEEDED, struct basepoints *remote_basepoints UNNEEDED, struct tx_parts **tx_parts UNNEEDED, u32 *locktime UNNEEDED, u32 *tx_blockheight UNNEEDED, u32 *reasonable_depth UNNEEDED, secp256k1_ecdsa_signature **htlc_signature UNNEEDED, u64 *num_htlcs UNNEEDED, u32 *min_possible_feerate UNNEEDED, u32 *max_possible_feerate UNNEEDED, struct pubkey **possible_remote_per_commit_point UNNEEDED, bool *option_static_remotekey UNNEEDED, bool *option_anchor_outputs UNNEEDED, bool *is_replay UNNEEDED)
+bool fromwire_onchain_init(const tal_t *ctx UNNEEDED, const void *p UNNEEDED, struct shachain *shachain UNNEEDED, const struct chainparams **chainparams UNNEEDED, struct amount_sat *funding_amount_satoshi UNNEEDED, struct amount_msat *our_msat UNNEEDED, struct pubkey *old_remote_per_commitment_point UNNEEDED, struct pubkey *remote_per_commitment_point UNNEEDED, u32 *local_to_self_delay UNNEEDED, u32 *remote_to_self_delay UNNEEDED, u32 *delayed_to_us_feerate UNNEEDED, u32 *htlc_feerate UNNEEDED, u32 *penalty_feerate UNNEEDED, struct amount_sat *local_dust_limit_satoshi UNNEEDED, struct bitcoin_txid *our_broadcast_txid UNNEEDED, u8 **local_scriptpubkey UNNEEDED, u8 **remote_scriptpubkey UNNEEDED, struct pubkey *ourwallet_pubkey UNNEEDED, enum side *opener UNNEEDED, struct basepoints *local_basepoints UNNEEDED, struct basepoints *remote_basepoints UNNEEDED, struct tx_parts **tx_parts UNNEEDED, u32 *locktime UNNEEDED, u32 *tx_blockheight UNNEEDED, u32 *reasonable_depth UNNEEDED, struct bitcoin_signature **htlc_signature UNNEEDED, u64 *num_htlcs UNNEEDED, u32 *min_possible_feerate UNNEEDED, u32 *max_possible_feerate UNNEEDED, struct pubkey **possible_remote_per_commit_point UNNEEDED, bool *option_static_remotekey UNNEEDED, bool *option_anchor_outputs UNNEEDED, bool *is_replay UNNEEDED)
 { fprintf(stderr, "fromwire_onchain_init called!\n"); abort(); }
 /* Generated stub for fromwire_onchain_known_preimage */
 bool fromwire_onchain_known_preimage(const void *p UNNEEDED, struct preimage *preimage UNNEEDED, bool *is_replay UNNEEDED)
--- a/onchaind/test/run-grind_feerate.c
+++ b/onchaind/test/run-grind_feerate.c
@ -54,7 +54,7 @@ bool fromwire_onchain_dev_memleak(const void *p UNNEEDED)
 bool fromwire_onchain_htlc(const void *p UNNEEDED, struct htlc_stub *htlc UNNEEDED, bool *tell_if_missing UNNEEDED, bool *tell_immediately UNNEEDED)
 { fprintf(stderr, "fromwire_onchain_htlc called!\n"); abort(); }
 /* Generated stub for fromwire_onchain_init */
-bool fromwire_onchain_init(const tal_t *ctx UNNEEDED, const void *p UNNEEDED, struct shachain *shachain UNNEEDED, const struct chainparams **chainparams UNNEEDED, struct amount_sat *funding_amount_satoshi UNNEEDED, struct amount_msat *our_msat UNNEEDED, struct pubkey *old_remote_per_commitment_point UNNEEDED, struct pubkey *remote_per_commitment_point UNNEEDED, u32 *local_to_self_delay UNNEEDED, u32 *remote_to_self_delay UNNEEDED, u32 *delayed_to_us_feerate UNNEEDED, u32 *htlc_feerate UNNEEDED, u32 *penalty_feerate UNNEEDED, struct amount_sat *local_dust_limit_satoshi UNNEEDED, struct bitcoin_txid *our_broadcast_txid UNNEEDED, u8 **local_scriptpubkey UNNEEDED, u8 **remote_scriptpubkey UNNEEDED, struct pubkey *ourwallet_pubkey UNNEEDED, enum side *opener UNNEEDED, struct basepoints *local_basepoints UNNEEDED, struct basepoints *remote_basepoints UNNEEDED, struct tx_parts **tx_parts UNNEEDED, u32 *locktime UNNEEDED, u32 *tx_blockheight UNNEEDED, u32 *reasonable_depth UNNEEDED, secp256k1_ecdsa_signature **htlc_signature UNNEEDED, u64 *num_htlcs UNNEEDED, u32 *min_possible_feerate UNNEEDED, u32 *max_possible_feerate UNNEEDED, struct pubkey **possible_remote_per_commit_point UNNEEDED, bool *option_static_remotekey UNNEEDED, bool *option_anchor_outputs UNNEEDED, bool *is_replay UNNEEDED)
+bool fromwire_onchain_init(const tal_t *ctx UNNEEDED, const void *p UNNEEDED, struct shachain *shachain UNNEEDED, const struct chainparams **chainparams UNNEEDED, struct amount_sat *funding_amount_satoshi UNNEEDED, struct amount_msat *our_msat UNNEEDED, struct pubkey *old_remote_per_commitment_point UNNEEDED, struct pubkey *remote_per_commitment_point UNNEEDED, u32 *local_to_self_delay UNNEEDED, u32 *remote_to_self_delay UNNEEDED, u32 *delayed_to_us_feerate UNNEEDED, u32 *htlc_feerate UNNEEDED, u32 *penalty_feerate UNNEEDED, struct amount_sat *local_dust_limit_satoshi UNNEEDED, struct bitcoin_txid *our_broadcast_txid UNNEEDED, u8 **local_scriptpubkey UNNEEDED, u8 **remote_scriptpubkey UNNEEDED, struct pubkey *ourwallet_pubkey UNNEEDED, enum side *opener UNNEEDED, struct basepoints *local_basepoints UNNEEDED, struct basepoints *remote_basepoints UNNEEDED, struct tx_parts **tx_parts UNNEEDED, u32 *locktime UNNEEDED, u32 *tx_blockheight UNNEEDED, u32 *reasonable_depth UNNEEDED, struct bitcoin_signature **htlc_signature UNNEEDED, u64 *num_htlcs UNNEEDED, u32 *min_possible_feerate UNNEEDED, u32 *max_possible_feerate UNNEEDED, struct pubkey **possible_remote_per_commit_point UNNEEDED, bool *option_static_remotekey UNNEEDED, bool *option_anchor_outputs UNNEEDED, bool *is_replay UNNEEDED)
 { fprintf(stderr, "fromwire_onchain_init called!\n"); abort(); }
 /* Generated stub for fromwire_onchain_known_preimage */
 bool fromwire_onchain_known_preimage(const void *p UNNEEDED, struct preimage *preimage UNNEEDED, bool *is_replay UNNEEDED)
--- a/wallet/test/run-wallet.c
+++ b/wallet/test/run-wallet.c
@ -115,7 +115,7 @@ void   fatal(const char *fmt UNNEEDED, ...)
 bool fromwire_channel_dev_memleak_reply(const void *p UNNEEDED, bool *leak UNNEEDED)
 { fprintf(stderr, "fromwire_channel_dev_memleak_reply called!\n"); abort(); }
 /* Generated stub for fromwire_channel_got_commitsig */
-bool fromwire_channel_got_commitsig(const tal_t *ctx UNNEEDED, const void *p UNNEEDED, u64 *commitnum UNNEEDED, struct fee_states **fee_states UNNEEDED, struct bitcoin_signature *signature UNNEEDED, secp256k1_ecdsa_signature **htlc_signature UNNEEDED, struct added_htlc **added UNNEEDED, struct fulfilled_htlc **fulfilled UNNEEDED, struct failed_htlc ***failed UNNEEDED, struct changed_htlc **changed UNNEEDED, struct bitcoin_tx **tx UNNEEDED)
+bool fromwire_channel_got_commitsig(const tal_t *ctx UNNEEDED, const void *p UNNEEDED, u64 *commitnum UNNEEDED, struct fee_states **fee_states UNNEEDED, struct bitcoin_signature *signature UNNEEDED, struct bitcoin_signature **htlc_signature UNNEEDED, struct added_htlc **added UNNEEDED, struct fulfilled_htlc **fulfilled UNNEEDED, struct failed_htlc ***failed UNNEEDED, struct changed_htlc **changed UNNEEDED, struct bitcoin_tx **tx UNNEEDED)
 { fprintf(stderr, "fromwire_channel_got_commitsig called!\n"); abort(); }
 /* Generated stub for fromwire_channel_got_revoke */
 bool fromwire_channel_got_revoke(const tal_t *ctx UNNEEDED, const void *p UNNEEDED, u64 *revokenum UNNEEDED, struct secret *per_commitment_secret UNNEEDED, struct pubkey *next_per_commit_point UNNEEDED, struct fee_states **fee_states UNNEEDED, struct changed_htlc **changed UNNEEDED, struct penalty_base **pbase UNNEEDED, struct bitcoin_tx **penalty_tx UNNEEDED)
@ -124,7 +124,7 @@ bool fromwire_channel_got_revoke(const tal_t *ctx UNNEEDED, const void *p UNNEED
 bool fromwire_channel_offer_htlc_reply(const tal_t *ctx UNNEEDED, const void *p UNNEEDED, u64 *id UNNEEDED, u8 **failuremsg UNNEEDED, wirestring **failurestr UNNEEDED)
 { fprintf(stderr, "fromwire_channel_offer_htlc_reply called!\n"); abort(); }
 /* Generated stub for fromwire_channel_sending_commitsig */
-bool fromwire_channel_sending_commitsig(const tal_t *ctx UNNEEDED, const void *p UNNEEDED, u64 *commitnum UNNEEDED, struct penalty_base **pbase UNNEEDED, struct fee_states **fee_states UNNEEDED, struct changed_htlc **changed UNNEEDED, struct bitcoin_signature *commit_sig UNNEEDED, secp256k1_ecdsa_signature **htlc_sigs UNNEEDED)
+bool fromwire_channel_sending_commitsig(const tal_t *ctx UNNEEDED, const void *p UNNEEDED, u64 *commitnum UNNEEDED, struct penalty_base **pbase UNNEEDED, struct fee_states **fee_states UNNEEDED, struct changed_htlc **changed UNNEEDED, struct bitcoin_signature *commit_sig UNNEEDED, struct bitcoin_signature **htlc_sigs UNNEEDED)
 { fprintf(stderr, "fromwire_channel_sending_commitsig called!\n"); abort(); }
 /* Generated stub for fromwire_connect_peer_connected */
 bool fromwire_connect_peer_connected(const tal_t *ctx UNNEEDED, const void *p UNNEEDED, struct node_id *id UNNEEDED, struct wireaddr_internal *addr UNNEEDED, struct per_peer_state **pps UNNEEDED, u8 **features UNNEEDED)
--- a/wallet/wallet.c
+++ b/wallet/wallet.c
@ -1013,20 +1013,32 @@ done:
 	return peer;
 }

-static secp256k1_ecdsa_signature *
-wallet_htlc_sigs_load(const tal_t *ctx, struct wallet *w, u64 channelid)
+static struct bitcoin_signature *
+wallet_htlc_sigs_load(const tal_t *ctx, struct wallet *w, u64 channelid,
+		      bool option_anchor_outputs)
 {
 	struct db_stmt *stmt;
+	struct bitcoin_signature *htlc_sigs = tal_arr(ctx, struct bitcoin_signature, 0);

 	stmt = db_prepare_v2(
 	    w->db, SQL("SELECT signature FROM htlc_sigs WHERE channelid = ?"));
-	secp256k1_ecdsa_signature *htlc_sigs = tal_arr(ctx, secp256k1_ecdsa_signature, 0);
 	db_bind_u64(stmt, 0, channelid);
 	db_query_prepared(stmt);

 	while (db_step(stmt)) {
-		secp256k1_ecdsa_signature sig;
-		db_column_signature(stmt, 0, &sig);
+		struct bitcoin_signature sig;
+		db_column_signature(stmt, 0, &sig.s);
+		/* BOLT-a12da24dd0102c170365124782b46d9710950ac1 #3:
+		 * ## HTLC-Timeout and HTLC-Success Transactions
+		 *...
+		 * * if `option_anchor_outputs` applies to this commitment
+		 *   transaction, `SIGHASH_SINGLE|SIGHASH_ANYONECANPAY` is
+		 *   used.
+		 */
+		if (option_anchor_outputs)
+			sig.sighash_type = SIGHASH_SINGLE|SIGHASH_ANYONECANPAY;
+		else
+			sig.sighash_type = SIGHASH_ALL;
 		tal_arr_expand(&htlc_sigs, sig);
 	}
 	tal_free(stmt);
@ -1264,7 +1276,8 @@ static struct channel *wallet_stmt2channel(struct wallet *w, struct db_stmt *stm
 			   db_column_psbt_to_tx(tmpctx, stmt, 33),
 			   &last_sig,
 			   wallet_htlc_sigs_load(tmpctx, w,
-						 db_column_u64(stmt, 0)),
+						 db_column_u64(stmt, 0),
+						 db_column_int(stmt, 47)),
 			   &channel_info,
 			   remote_shutdown_scriptpubkey,
 			   local_shutdown_scriptpubkey,
@ -3067,7 +3080,7 @@ wallet_payment_list(const tal_t *ctx,
 }

 void wallet_htlc_sigs_save(struct wallet *w, u64 channel_id,
-			   secp256k1_ecdsa_signature *htlc_sigs)
+			   const struct bitcoin_signature *htlc_sigs)
 {
 	/* Clear any existing HTLC sigs for this channel */
 	struct db_stmt *stmt = db_prepare_v2(
@ -3081,7 +3094,7 @@ void wallet_htlc_sigs_save(struct wallet *w, u64 channel_id,
 				     SQL("INSERT INTO htlc_sigs (channelid, "
 					 "signature) VALUES (?, ?)"));
 		db_bind_u64(stmt, 0, channel_id);
-		db_bind_signature(stmt, 1, &htlc_sigs[i]);
+		db_bind_signature(stmt, 1, &htlc_sigs[i].s);
 		db_exec_prepared_v2(take(stmt));
 	}
 }
--- a/wallet/wallet.h
+++ b/wallet/wallet.h
@ -1111,7 +1111,7 @@ const struct wallet_payment **wallet_payment_list(const tal_t *ctx,
 * wallet_htlc_sigs_save - Store the latest HTLC sigs for the channel
 */
 void wallet_htlc_sigs_save(struct wallet *w, u64 channel_id,
-			   secp256k1_ecdsa_signature *htlc_sigs);
+			   const struct bitcoin_signature *htlc_sigs);

 /**
 * wallet_network_check - Check that the wallet is setup for this chain