signature: wrap almost all signatures in struct bitcoin_signature.

This is prep work for when we sign htlc txs with SIGHASH_SINGLE|SIGHASH_ANYONECANPAY. We still deal with raw signatures for the htlc txs at the moment, since we send them like that across the wire, and changing that was simply too painful (for the moment?). Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
6 years ago · dffe2f516a
31 changed files with 287 additions and 157 deletions
--- a/bitcoin/script.c
+++ b/bitcoin/script.c
@ -110,13 +110,11 @@ static void add_push_key(u8 **scriptp, const struct pubkey *key)
 	add_push_bytes(scriptp, der, sizeof(der));
 }

-static void add_push_sig(u8 **scriptp, const secp256k1_ecdsa_signature *sig)
+static void add_push_sig(u8 **scriptp, const struct bitcoin_signature *sig)
 {
 	u8 der[73];
 	size_t len = signature_to_der(der, sig);

-	/* Append sighash type */
-	der[len++] = SIGHASH_ALL;
 	add_push_bytes(scriptp, der, len);
 }

@ -129,13 +127,11 @@ static u8 *stack_key(const tal_t *ctx, const struct pubkey *key)
 }

 /* Bitcoin wants DER encoding. */
-static u8 *stack_sig(const tal_t *ctx, const secp256k1_ecdsa_signature *sig)
+static u8 *stack_sig(const tal_t *ctx, const struct bitcoin_signature *sig)
 {
 	u8 der[73];
 	size_t len = signature_to_der(der, sig);

-	/* Append sighash type */
-	der[len++] = SIGHASH_ALL;
 	return tal_dup_arr(ctx, u8, der, len, 0);
 }

@ -225,7 +221,7 @@ u8 *scriptpubkey_opreturn(const tal_t *ctx)

 /* Create an input script which spends p2pkh */
 u8 *bitcoin_redeem_p2pkh(const tal_t *ctx, const struct pubkey *pubkey,
-			 const secp256k1_ecdsa_signature *sig)
+			 const struct bitcoin_signature *sig)
 {
 	u8 *script = tal_arr(ctx, u8, 0);

@ -264,7 +260,7 @@ u8 *bitcoin_scriptsig_p2sh_p2wpkh(const tal_t *ctx, const struct pubkey *key)
 }

 u8 **bitcoin_witness_p2wpkh(const tal_t *ctx,
-			    const secp256k1_ecdsa_signature *sig,
+			    const struct bitcoin_signature *sig,
 			    const struct pubkey *key)
 {
 	u8 **witness;
@ -325,8 +321,8 @@ u8 *scriptpubkey_witness_raw(const tal_t *ctx, u8 version,

 /* Create a witness which spends the 2of2. */
 u8 **bitcoin_witness_2of2(const tal_t *ctx,
-			  const secp256k1_ecdsa_signature *sig1,
-			  const secp256k1_ecdsa_signature *sig2,
+			  const struct bitcoin_signature *sig1,
+			  const struct bitcoin_signature *sig2,
 			  const struct pubkey *key1,
 			  const struct pubkey *key2)
 {
@ -441,7 +437,7 @@ bool is_p2wpkh(const u8 *script, struct bitcoin_address *addr)
 }

 u8 **bitcoin_witness_sig_and_element(const tal_t *ctx,
-				     const secp256k1_ecdsa_signature *sig,
+				     const struct bitcoin_signature *sig,
 				     const void *elem, size_t elemsize,
 				     const u8 *witnessscript)
 {
@ -663,8 +659,8 @@ u8 *bitcoin_wscript_htlc_receive(const tal_t *ctx,
 *   * `txin[0]` witness stack: `0 <remotehtlcsig> <localhtlcsig>  <payment_preimage>` for HTLC-success, `0 <remotehtlcsig> <localhtlcsig> 0` for HTLC-timeout
 */
 u8 **bitcoin_witness_htlc_timeout_tx(const tal_t *ctx,
-				     const secp256k1_ecdsa_signature *localhtlcsig,
-				     const secp256k1_ecdsa_signature *remotehtlcsig,
+				     const struct bitcoin_signature *localhtlcsig,
+				     const struct bitcoin_signature *remotehtlcsig,
 				     const u8 *wscript)
 {
 	u8 **witness = tal_arr(ctx, u8 *, 5);
@ -679,8 +675,8 @@ u8 **bitcoin_witness_htlc_timeout_tx(const tal_t *ctx,
 }

 u8 **bitcoin_witness_htlc_success_tx(const tal_t *ctx,
-				     const secp256k1_ecdsa_signature *localhtlcsig,
-				     const secp256k1_ecdsa_signature *remotesig,
+				     const struct bitcoin_signature *localhtlcsig,
+				     const struct bitcoin_signature *remotesig,
 				     const struct preimage *preimage,
 				     const u8 *wscript)
 {
--- a/bitcoin/script.h
+++ b/bitcoin/script.h
@ -34,7 +34,7 @@ u8 *scriptpubkey_opreturn(const tal_t *ctx);

 /* Create an input script which spends p2pkh */
 u8 *bitcoin_redeem_p2pkh(const tal_t *ctx, const struct pubkey *pubkey,
-			 const secp256k1_ecdsa_signature *sig);
+			 const struct bitcoin_signature *sig);

 /* Create the redeemscript for a P2SH + P2WPKH. */
 u8 *bitcoin_redeem_p2sh_p2wpkh(const tal_t *ctx, const struct pubkey *key);
@ -60,19 +60,19 @@ u8 *scriptpubkey_witness_raw(const tal_t *ctx, u8 version,

 /* Create a witness which spends the 2of2. */
 u8 **bitcoin_witness_2of2(const tal_t *ctx,
-			  const secp256k1_ecdsa_signature *sig1,
-			  const secp256k1_ecdsa_signature *sig2,
+			  const struct bitcoin_signature *sig1,
+			  const struct bitcoin_signature *sig2,
 			  const struct pubkey *key1,
 			  const struct pubkey *key2);

 /* Create a witness which spends a p2wpkh. */
 u8 **bitcoin_witness_p2wpkh(const tal_t *ctx,
-			    const secp256k1_ecdsa_signature *sig,
+			    const struct bitcoin_signature *sig,
 			    const struct pubkey *key);

 /* Create a witness which contains sig, another entry, and the witnessscript */
 u8 **bitcoin_witness_sig_and_element(const tal_t *ctx,
-				     const secp256k1_ecdsa_signature *sig,
+				     const struct bitcoin_signature *sig,
 				     const void *elem, size_t elemsize,
 				     const u8 *witnessscript);

@ -89,8 +89,8 @@ u8 *bitcoin_wscript_htlc_offer(const tal_t *ctx,
 			       const struct sha256 *payment_hash,
 			       const struct pubkey *revocationkey);
 u8 **bitcoin_witness_htlc_timeout_tx(const tal_t *ctx,
-				     const secp256k1_ecdsa_signature *localsig,
-				     const secp256k1_ecdsa_signature *remotesig,
+				     const struct bitcoin_signature *localsig,
+				     const struct bitcoin_signature *remotesig,
 				     const u8 *wscript);
 u8 *bitcoin_wscript_htlc_receive(const tal_t *ctx,
 				 const struct abs_locktime *htlc_abstimeout,
@ -99,8 +99,8 @@ u8 *bitcoin_wscript_htlc_receive(const tal_t *ctx,
 				 const struct sha256 *payment_hash,
 				 const struct pubkey *revocationkey);
 u8 **bitcoin_witness_htlc_success_tx(const tal_t *ctx,
-				     const secp256k1_ecdsa_signature *localsig,
-				     const secp256k1_ecdsa_signature *remotesig,
+				     const struct bitcoin_signature *localsig,
+				     const struct bitcoin_signature *remotesig,
 				     const struct preimage *preimage,
 				     const u8 *wscript);

--- a/bitcoin/signature.c
+++ b/bitcoin/signature.c
@ -6,6 +6,7 @@
 #include "tx.h"
 #include <assert.h>
 #include <ccan/cast/cast.h>
+#include <ccan/mem/mem.h>
 #include <common/type_to_string.h>
 #include <common/utils.h>

@ -105,13 +106,16 @@ void sign_tx_input(const struct bitcoin_tx *tx,
 		   const u8 *subscript,
 		   const u8 *witness_script,
 		   const struct privkey *privkey, const struct pubkey *key,
-		   secp256k1_ecdsa_signature *sig)
+		   enum sighash_type sighash_type,
+		   struct bitcoin_signature *sig)
 {
 	struct sha256_double hash;

+	assert(sighash_type_valid(sighash_type));
+	sig->sighash_type = sighash_type;
 	sha256_tx_one_input(tx, in, subscript, witness_script, &hash);
 	dump_tx("Signing", tx, in, subscript, key, &hash);
-	sign_hash(privkey, &hash, sig);
+	sign_hash(privkey, &hash, &sig->s);
 }

 bool check_signed_hash(const struct sha256_double *hash,
@ -130,16 +134,17 @@ bool check_tx_sig(const struct bitcoin_tx *tx, size_t input_num,
 		  const u8 *redeemscript,
 		  const u8 *witness_script,
 		  const struct pubkey *key,
-		  const secp256k1_ecdsa_signature *sig)
+		  const struct bitcoin_signature *sig)
 {
 	struct sha256_double hash;
 	bool ret;

+	assert(sig->sighash_type == SIGHASH_ALL);
 	assert(input_num < tal_count(tx->input));

 	sha256_tx_one_input(tx, input_num, redeemscript, witness_script, &hash);

-	ret = check_signed_hash(&hash, sig, key);
+	ret = check_signed_hash(&hash, &sig->s, key);
 	if (!ret)
 		dump_tx("Sig failed", tx, input_num, redeemscript, key, &hash);
 	return ret;
@ -217,30 +222,55 @@ static bool IsValidSignatureEncoding(const unsigned char sig[], size_t len)
    return true;
 }

-size_t signature_to_der(u8 der[72], const secp256k1_ecdsa_signature *sig)
+size_t signature_to_der(u8 der[73], const struct bitcoin_signature *sig)
 {
 	size_t len = 72;

 	secp256k1_ecdsa_signature_serialize_der(secp256k1_ctx,
-						der, &len, sig);
+						der, &len, &sig->s);
+
+	/* Append sighash type */
+	der[len++] = sig->sighash_type;

 	/* IsValidSignatureEncoding() expect extra byte for sighash */
-	assert(IsValidSignatureEncoding(der, len + 1));
+	assert(IsValidSignatureEncoding(memcheck(der, len), len));
 	return len;
 }

-bool signature_from_der(const u8 *der, size_t len, secp256k1_ecdsa_signature *sig)
+bool signature_from_der(const u8 *der, size_t len, struct bitcoin_signature *sig)
 {
-	return secp256k1_ecdsa_signature_parse_der(secp256k1_ctx,
-						   sig, der, len);
+	if (len < 1)
+		return false;
+	if (!secp256k1_ecdsa_signature_parse_der(secp256k1_ctx,
+						 &sig->s, der, len-1))
+		return false;
+	sig->sighash_type = der[len-1];
+
+	if (!sighash_type_valid(sig->sighash_type))
+		return false;
+
+	return true;
 }

 static char *signature_to_hexstr(const tal_t *ctx,
 				 const secp256k1_ecdsa_signature *sig)
 {
 	u8 der[72];
-	size_t len = signature_to_der(der, sig);
+	size_t len = 72;
+
+	secp256k1_ecdsa_signature_serialize_der(secp256k1_ctx,
+						der, &len, sig);

 	return tal_hexstr(ctx, der, len);
 }
 REGISTER_TYPE_TO_STRING(secp256k1_ecdsa_signature, signature_to_hexstr);
+
+static char *bitcoin_signature_to_hexstr(const tal_t *ctx,
+					 const struct bitcoin_signature *sig)
+{
+	u8 der[73];
+	size_t len = signature_to_der(der, sig);
+
+	return tal_hexstr(ctx, der, len);
+}
+REGISTER_TYPE_TO_STRING(bitcoin_signature, bitcoin_signature_to_hexstr);
--- a/bitcoin/signature.h
+++ b/bitcoin/signature.h
@ -18,32 +18,85 @@ enum sighash_type {
    SIGHASH_ANYONECANPAY = 0x80
 };

+/* We only support a limited range of sighash_type */
+static inline bool sighash_type_valid(const enum sighash_type sighash_type)
+{
+	return sighash_type == SIGHASH_ALL;
+}
+
+/**
+ * bitcoin_signature - signature with a sighash type.
+ *
+ * sighash_type is SIGHASH_ALL unless you're being tricky. */
+struct bitcoin_signature {
+	secp256k1_ecdsa_signature s;
+	enum sighash_type sighash_type;
+};
+
+/**
+ * sign_hash - produce a raw secp256k1 signature.
+ * @p: secret key
+ * @h: hash to sign.
+ * @sig: signature to fill in and return.
+ */
 void sign_hash(const struct privkey *p,
 	       const struct sha256_double *h,
-	       secp256k1_ecdsa_signature *s);
+	       secp256k1_ecdsa_signature *sig);

+/**
+ * check_signed_hash - check a raw secp256k1 signature.
+ * @h: hash which was signed.
+ * @signature: signature.
+ * @key: public key corresponding to private key used to sign.
+ *
+ * Returns true if the key, hash and signature are correct.  Changing any
+ * one of these will make it fail.
+ */
 bool check_signed_hash(const struct sha256_double *hash,
 		       const secp256k1_ecdsa_signature *signature,
 		       const struct pubkey *key);

+/**
+ * sign_tx_input - produce a bitcoin signature for a transaction input
+ * @tx: the bitcoin transaction we're signing.
+ * @in: the input number to sign.
+ * @subscript: NULL (pure segwit) or a tal_arr of the signing subscript
+ * @witness: NULL (non-segwit) or the witness script.
+ * @privkey: the secret key to use for signing.
+ * @pubkey: the public key corresonding to @privkey.
+ * @sighash_type: a valid sighash type.
+ * @sig: (in) sighash_type indicates what type of signature make in (out) s.
+ */
 void sign_tx_input(const struct bitcoin_tx *tx,
 		   unsigned int in,
 		   const u8 *subscript,
 		   const u8 *witness,
 		   const struct privkey *privkey, const struct pubkey *pubkey,
-		   secp256k1_ecdsa_signature *sig);
+		   enum sighash_type sighash_type,
+		   struct bitcoin_signature *sig);

-/* Does this sig sign the tx with this input for this pubkey. */
+/**
+ * check_tx_sig - produce a bitcoin signature for a transaction input
+ * @tx: the bitcoin transaction which has been signed.
+ * @in: the input number to which @sig should apply.
+ * @subscript: NULL (pure segwit) or a tal_arr of the signing subscript
+ * @witness: NULL (non-segwit) or the witness script.
+ * @pubkey: the public key corresonding to @privkey used for signing.
+ * @sig: the signature to check.
+ *
+ * Returns true if this signature was created by @privkey and this tx
+ * and sighash_type, otherwise false.
+ */
 bool check_tx_sig(const struct bitcoin_tx *tx, size_t input_num,
-		  const u8 *redeemscript,
+		  const u8 *subscript,
 		  const u8 *witness,
 		  const struct pubkey *key,
-		  const secp256k1_ecdsa_signature *sig);
+		  const struct bitcoin_signature *sig);

-/* Give DER encoding of signature: returns length used (<= 72). */
-size_t signature_to_der(u8 der[72], const secp256k1_ecdsa_signature *s);
+/* Give DER encoding of signature: returns length used (<= 73). */
+size_t signature_to_der(u8 der[73], const struct bitcoin_signature *sig);

 /* Parse DER encoding into signature sig */
-bool signature_from_der(const u8 *der, size_t len, secp256k1_ecdsa_signature *sig);
+bool signature_from_der(const u8 *der, size_t len, struct bitcoin_signature *sig);

 #endif /* LIGHTNING_BITCOIN_SIGNATURE_H */
--- a/channeld/channel_wire.csv
+++ b/channeld/channel_wire.csv
@ -14,7 +14,7 @@ channel_init,,their_config,struct channel_config
 channel_init,,feerate_per_kw,2*u32
 channel_init,,feerate_min,u32
 channel_init,,feerate_max,u32
-channel_init,,first_commit_sig,secp256k1_ecdsa_signature
+channel_init,,first_commit_sig,struct bitcoin_signature
 channel_init,,crypto_state,struct crypto_state
 channel_init,,remote_fundingkey,struct pubkey
 channel_init,,remote_basepoints,struct basepoints
@ -100,7 +100,7 @@ channel_sending_commitsig,,feerate,u32
 # SENT_ADD_COMMIT, SENT_REMOVE_ACK_COMMIT, SENT_ADD_ACK_COMMIT, SENT_REMOVE_COMMIT
 channel_sending_commitsig,,num_changed,u16
 channel_sending_commitsig,,changed,num_changed*struct changed_htlc
-channel_sending_commitsig,,commit_sig,secp256k1_ecdsa_signature
+channel_sending_commitsig,,commit_sig,struct bitcoin_signature
 channel_sending_commitsig,,num_htlc_sigs,u16
 channel_sending_commitsig,,htlc_sigs,num_htlc_sigs*secp256k1_ecdsa_signature

@ -111,7 +111,7 @@ channel_sending_commitsig_reply,1120
 channel_got_commitsig,1021
 channel_got_commitsig,,commitnum,u64
 channel_got_commitsig,,feerate,u32
-channel_got_commitsig,,signature,secp256k1_ecdsa_signature
+channel_got_commitsig,,signature,struct bitcoin_signature
 channel_got_commitsig,,num_htlcs,u16
 channel_got_commitsig,,htlc_signature,num_htlcs*secp256k1_ecdsa_signature
 # RCVD_ADD_COMMIT: we're now committed to their new offered HTLCs.
--- a/channeld/channeld.c
+++ b/channeld/channeld.c
@ -82,7 +82,7 @@ struct peer {
 	struct pubkey old_remote_per_commit;

 	/* Their sig for current commit. */
-	secp256k1_ecdsa_signature their_commit_sig;
+	struct bitcoin_signature their_commit_sig;

 	/* BOLT #2:
 	 *
@ -638,7 +638,7 @@ static u8 *sending_commitsig_msg(const tal_t *ctx,
 				 u64 remote_commit_index,
 				 u32 remote_feerate,
 				 const struct htlc **changed_htlcs,
-				 const secp256k1_ecdsa_signature *commit_sig,
+				 const struct bitcoin_signature *commit_sig,
 				 const secp256k1_ecdsa_signature *htlc_sigs)
 {
 	struct changed_htlc *changed;
@ -864,7 +864,7 @@ done:
 static secp256k1_ecdsa_signature *calc_commitsigs(const tal_t *ctx,
 						  const struct peer *peer,
 						  u64 commit_index,
-						  secp256k1_ecdsa_signature *commit_sig)
+						  struct bitcoin_signature *commit_sig)
 {
 	size_t i;
 	struct bitcoin_tx **txs;
@ -891,7 +891,7 @@ static secp256k1_ecdsa_signature *calc_commitsigs(const tal_t *ctx,

 	status_trace("Creating commit_sig signature %"PRIu64" %s for tx %s wscript %s key %s",
 		     commit_index,
-		     type_to_string(tmpctx, secp256k1_ecdsa_signature,
+		     type_to_string(tmpctx, struct bitcoin_signature,
 				    commit_sig),
 		     type_to_string(tmpctx, struct bitcoin_tx, txs[0]),
 		     tal_hex(tmpctx, wscripts[0]),
@ -916,27 +916,29 @@ static secp256k1_ecdsa_signature *calc_commitsigs(const tal_t *ctx,
 	htlc_sigs = tal_arr(ctx, secp256k1_ecdsa_signature, tal_count(txs) - 1);

 	for (i = 0; i < tal_count(htlc_sigs); i++) {
+		struct bitcoin_signature sig;
 		msg = towire_hsm_sign_remote_htlc_tx(NULL, txs[i + 1],
 						     wscripts[i + 1],
 						     *txs[i+1]->input[0].amount,
 						     &peer->remote_per_commit);

 		msg = hsm_req(tmpctx, take(msg));
-		if (!fromwire_hsm_sign_tx_reply(msg, &htlc_sigs[i]))
+		if (!fromwire_hsm_sign_tx_reply(msg, &sig))
 			status_failed(STATUS_FAIL_HSM_IO,
 				      "Bad sign_remote_htlc_tx reply: %s",
 				      tal_hex(tmpctx, msg));

+		htlc_sigs[i] = sig.s;
 		status_trace("Creating HTLC signature %s for tx %s wscript %s key %s",
-			     type_to_string(tmpctx, secp256k1_ecdsa_signature,
-					    &htlc_sigs[i]),
+			     type_to_string(tmpctx, struct bitcoin_signature,
+					    &sig),
 			     type_to_string(tmpctx, struct bitcoin_tx, txs[1+i]),
 			     tal_hex(tmpctx, wscripts[1+i]),
 			     type_to_string(tmpctx, struct pubkey,
 					    &local_htlckey));
 		assert(check_tx_sig(txs[1+i], 0, NULL, wscripts[1+i],
 				    &local_htlckey,
-				    &htlc_sigs[i]));
+				    &sig));
 	}

 	return htlc_sigs;
@ -968,7 +970,8 @@ static void send_commit(struct peer *peer)
 {
 	u8 *msg;
 	const struct htlc **changed_htlcs;
-	secp256k1_ecdsa_signature *htlc_sigs, commit_sig;
+	struct bitcoin_signature commit_sig;
+	secp256k1_ecdsa_signature *htlc_sigs;

 #if DEVELOPER
 	/* Hack to suppress all commit sends if dev_disconnect says to */
@ -1076,7 +1079,7 @@ static void send_commit(struct peer *peer)
 	peer->next_index[REMOTE]++;

 	msg = towire_commitment_signed(NULL, &peer->channel_id,
-				       &commit_sig,
+				       &commit_sig.s,
 				       htlc_sigs);
 	sync_crypto_write_no_delay(&peer->cs, PEER_FD, take(msg));

@ -1162,7 +1165,7 @@ static void send_revocation(struct peer *peer)
 static u8 *got_commitsig_msg(const tal_t *ctx,
 			     u64 local_commit_index,
 			     u32 local_feerate,
-			     const secp256k1_ecdsa_signature *commit_sig,
+			     const struct bitcoin_signature *commit_sig,
 			     const secp256k1_ecdsa_signature *htlc_sigs,
 			     const struct htlc **changed_htlcs,
 			     const struct bitcoin_tx *committx)
@ -1237,7 +1240,8 @@ static u8 *got_commitsig_msg(const tal_t *ctx,
 static void handle_peer_commit_sig(struct peer *peer, const u8 *msg)
 {
 	struct channel_id channel_id;
-	secp256k1_ecdsa_signature commit_sig, *htlc_sigs;
+	struct bitcoin_signature commit_sig;
+	secp256k1_ecdsa_signature *htlc_sigs;
 	struct pubkey remote_htlckey;
 	struct bitcoin_tx **txs;
 	const struct htlc **htlc_map, **changed_htlcs;
@ -1264,10 +1268,12 @@ static void handle_peer_commit_sig(struct peer *peer, const u8 *msg)
 						 .feerate_per_kw));

 	if (!fromwire_commitment_signed(tmpctx, msg,
-					&channel_id, &commit_sig, &htlc_sigs))
+					&channel_id, &commit_sig.s, &htlc_sigs))
 		peer_failed(&peer->cs,
 			    &peer->channel_id,
 			    "Bad commit_sig %s", tal_hex(msg, msg));
+	/* SIGHASH_ALL is implied. */
+	commit_sig.sighash_type = SIGHASH_ALL;

 	txs = channel_txs(tmpctx, &htlc_map, &wscripts, peer->channel,
 			  &peer->next_local_per_commit,
@ -1297,7 +1303,7 @@ static void handle_peer_commit_sig(struct peer *peer, const u8 *msg)
 			    &peer->channel_id,
 			    "Bad commit_sig signature %"PRIu64" %s for tx %s wscript %s key %s feerate %u",
 			    peer->next_index[LOCAL],
-			    type_to_string(msg, secp256k1_ecdsa_signature,
+			    type_to_string(msg, struct bitcoin_signature,
 					   &commit_sig),
 			    type_to_string(msg, struct bitcoin_tx, txs[0]),
 			    tal_hex(msg, wscripts[0]),
@ -1328,12 +1334,18 @@ static void handle_peer_commit_sig(struct peer *peer, const u8 *msg)
 	 *     - MUST fail the channel.
 	 */
 	for (i = 0; i < tal_count(htlc_sigs); i++) {
+		struct bitcoin_signature sig;
+
+		/* SIGHASH_ALL is implied. */
+		sig.s = htlc_sigs[i];
+		sig.sighash_type = SIGHASH_ALL;
+
 		if (!check_tx_sig(txs[1+i], 0, NULL, wscripts[1+i],
-				  &remote_htlckey, &htlc_sigs[i]))
+				  &remote_htlckey, &sig))
 			peer_failed(&peer->cs,
 				    &peer->channel_id,
 				    "Bad commit_sig signature %s for htlc %s wscript %s key %s",
-				    type_to_string(msg, secp256k1_ecdsa_signature, &htlc_sigs[i]),
+				    type_to_string(msg, struct bitcoin_signature, &sig),
 				    type_to_string(msg, struct bitcoin_tx, txs[1+i]),
 				    tal_hex(msg, wscripts[1+i]),
 				    type_to_string(msg, struct pubkey,
@ -1774,7 +1786,8 @@ static void send_fail_or_fulfill(struct peer *peer, const struct htlc *h)
 static void resend_commitment(struct peer *peer, const struct changed_htlc *last)
 {
 	size_t i;
-	secp256k1_ecdsa_signature commit_sig, *htlc_sigs;
+	struct bitcoin_signature commit_sig;
+	secp256k1_ecdsa_signature *htlc_sigs;
 	u8 *msg;

 	status_trace("Retransmitting commitment, feerate LOCAL=%u REMOTE=%u",
@ -1830,7 +1843,7 @@ static void resend_commitment(struct peer *peer, const struct changed_htlc *last
 	htlc_sigs = calc_commitsigs(tmpctx, peer, peer->next_index[REMOTE]-1,
 				    &commit_sig);
 	msg = towire_commitment_signed(NULL, &peer->channel_id,
-				       &commit_sig, htlc_sigs);
+				       &commit_sig.s, htlc_sigs);
 	sync_crypto_write(&peer->cs, PEER_FD, take(msg));

 	/* If we have already received the revocation for the previous, the
--- a/channeld/test/run-commit_tx.c
+++ b/channeld/test/run-commit_tx.c
@ -187,12 +187,12 @@ static void report_htlcs(const struct bitcoin_tx *tx,
 	size_t i, n;
 	struct bitcoin_txid txid;
 	struct bitcoin_tx **htlc_tx;
-	secp256k1_ecdsa_signature *remotehtlcsig;
+	struct bitcoin_signature *remotehtlcsig;
 	struct keyset keyset;
 	u8 **wscript;

 	htlc_tx = tal_arrz(tmpctx, struct bitcoin_tx *, tal_count(htlc_map));
-	remotehtlcsig = tal_arr(tmpctx, secp256k1_ecdsa_signature,
+	remotehtlcsig = tal_arr(tmpctx, struct bitcoin_signature,
 				tal_count(htlc_map));
 	wscript = tal_arr(tmpctx, u8 *, tal_count(htlc_map));

@ -249,16 +249,17 @@ static void report_htlcs(const struct bitcoin_tx *tx,
 			      NULL,
 			      wscript[i],
 			      x_remote_htlcsecretkey, remote_htlckey,
+			      SIGHASH_ALL,
 			      &remotehtlcsig[i]);
 		printf("# signature for output %zi (htlc %"PRIu64")\n", i, htlc->id);
 		printf("remote_htlc_signature = %s\n",
-		       type_to_string(tmpctx, secp256k1_ecdsa_signature,
+		       type_to_string(tmpctx, struct bitcoin_signature,
 				      &remotehtlcsig[i]));
 	}

 	/* For any HTLC outputs, produce htlc_tx */
 	for (i = 0; i < tal_count(htlc_map); i++) {
-		secp256k1_ecdsa_signature localhtlcsig;
+		struct bitcoin_signature localhtlcsig;
 		const struct htlc *htlc = htlc_map[i];

 		if (!htlc)
@ -268,9 +269,10 @@ static void report_htlcs(const struct bitcoin_tx *tx,
 			      NULL,
 			      wscript[i],
 			      local_htlcsecretkey, local_htlckey,
+			      SIGHASH_ALL,
 			      &localhtlcsig);
 		printf("# local_signature = %s\n",
-		       type_to_string(tmpctx, secp256k1_ecdsa_signature,
+		       type_to_string(tmpctx, struct bitcoin_signature,
 				      &localhtlcsig));
 		if (htlc_owner(htlc) == LOCAL) {
 			htlc_timeout_tx_add_witness(htlc_tx[i],
@ -316,22 +318,24 @@ static void report(struct bitcoin_tx *tx,
 		   const struct htlc **htlc_map)
 {
 	char *txhex;
-	secp256k1_ecdsa_signature localsig, remotesig;
+	struct bitcoin_signature localsig, remotesig;

 	sign_tx_input(tx, 0,
 		      NULL,
 		      wscript,
 		      x_remote_funding_privkey, remote_funding_pubkey,
+		      SIGHASH_ALL,
 		      &remotesig);
 	printf("remote_signature = %s\n",
-	       type_to_string(tmpctx, secp256k1_ecdsa_signature, &remotesig));
+	       type_to_string(tmpctx, struct bitcoin_signature, &remotesig));
 	sign_tx_input(tx, 0,
 		      NULL,
 		      wscript,
 		      local_funding_privkey, local_funding_pubkey,
+		      SIGHASH_ALL,
 		      &localsig);
 	printf("# local_signature = %s\n",
-	       type_to_string(tmpctx, secp256k1_ecdsa_signature, &localsig));
+	       type_to_string(tmpctx, struct bitcoin_signature, &localsig));
 	tx->input[0].witness = bitcoin_witness_2of2(tx->input,
 						    &localsig, &remotesig,
 						    local_funding_pubkey,
--- a/closingd/closing_wire.csv
+++ b/closingd/closing_wire.csv
@ -30,7 +30,7 @@ closing_init,,final_scriptpubkey,final_scriptpubkey_len*u8

 # We received an offer, save signature.
 closing_received_signature,2002
-closing_received_signature,,signature,secp256k1_ecdsa_signature
+closing_received_signature,,signature,struct bitcoin_signature
 closing_received_signature,,tx,struct bitcoin_tx

 closing_received_signature_reply,2102
--- a/closingd/closingd.c
+++ b/closingd/closingd.c
@ -177,7 +177,7 @@ static void send_offer(struct crypto_state *cs,
 		       uint64_t fee_to_offer)
 {
 	struct bitcoin_tx *tx;
-	secp256k1_ecdsa_signature our_sig;
+	struct bitcoin_signature our_sig;
 	u8 *msg;

 	/* BOLT #2:
@ -215,11 +215,12 @@ static void send_offer(struct crypto_state *cs,

 	status_trace("sending fee offer %"PRIu64, fee_to_offer);

-	msg = towire_closing_signed(NULL, channel_id, fee_to_offer, &our_sig);
+	assert(our_sig.sighash_type == SIGHASH_ALL);
+	msg = towire_closing_signed(NULL, channel_id, fee_to_offer, &our_sig.s);
 	sync_crypto_write(cs, PEER_FD, take(msg));
 }

-static void tell_master_their_offer(const secp256k1_ecdsa_signature *their_sig,
+static void tell_master_their_offer(const struct bitcoin_signature *their_sig,
 				    const struct bitcoin_tx *tx)
 {
 	u8 *msg = towire_closing_received_signature(NULL, their_sig, tx);
@ -252,7 +253,7 @@ static uint64_t receive_offer(struct crypto_state *cs,
 	u8 *msg;
 	struct channel_id their_channel_id;
 	u64 received_fee;
-	secp256k1_ecdsa_signature their_sig;
+	struct bitcoin_signature their_sig;
 	struct bitcoin_tx *tx;

 	/* Wait for them to say something interesting */
@ -276,8 +277,9 @@ static uint64_t receive_offer(struct crypto_state *cs,
 			msg = tal_free(msg);
 	} while (!msg);

+	their_sig.sighash_type = SIGHASH_ALL;
 	if (!fromwire_closing_signed(msg, &their_channel_id,
-				     &received_fee, &their_sig))
+				     &received_fee, &their_sig.s))
 		peer_failed(cs, channel_id,
 			    "Expected closing_signed: %s",
 			    tal_hex(tmpctx, msg));
--- a/common/htlc_tx.c
+++ b/common/htlc_tx.c
@ -95,8 +95,8 @@ void htlc_success_tx_add_witness(struct bitcoin_tx *htlc_success,
 				 const struct abs_locktime *htlc_abstimeout,
 				 const struct pubkey *localhtlckey,
 				 const struct pubkey *remotehtlckey,
-				 const secp256k1_ecdsa_signature *localhtlcsig,
-				 const secp256k1_ecdsa_signature *remotehtlcsig,
+				 const struct bitcoin_signature *localhtlcsig,
+				 const struct bitcoin_signature *remotehtlcsig,
 				 const struct preimage *payment_preimage,
 				 const struct pubkey *revocationkey)
 {
@ -143,8 +143,8 @@ void htlc_timeout_tx_add_witness(struct bitcoin_tx *htlc_timeout,
 				 const struct pubkey *remotehtlckey,
 				 const struct sha256 *payment_hash,
 				 const struct pubkey *revocationkey,
-				 const secp256k1_ecdsa_signature *localhtlcsig,
-				 const secp256k1_ecdsa_signature *remotehtlcsig)
+				 const struct bitcoin_signature *localhtlcsig,
+				 const struct bitcoin_signature *remotehtlcsig)
 {
 	u8 *wscript = bitcoin_wscript_htlc_offer(htlc_timeout,
 						 localhtlckey, remotehtlckey,
--- a/common/htlc_tx.h
+++ b/common/htlc_tx.h
@ -46,8 +46,8 @@ void htlc_success_tx_add_witness(struct bitcoin_tx *htlc_success,
 				 const struct abs_locktime *htlc_abstimeout,
 				 const struct pubkey *localkey,
 				 const struct pubkey *remotekey,
-				 const secp256k1_ecdsa_signature *localsig,
-				 const secp256k1_ecdsa_signature *remotesig,
+				 const struct bitcoin_signature *localsig,
+				 const struct bitcoin_signature *remotesig,
 				 const struct preimage *payment_preimage,
 				 const struct pubkey *revocationkey);

@ -68,8 +68,8 @@ void htlc_timeout_tx_add_witness(struct bitcoin_tx *htlc_timeout,
 				 const struct pubkey *remotekey,
 				 const struct sha256 *payment_hash,
 				 const struct pubkey *revocationkey,
-				 const secp256k1_ecdsa_signature *localsig,
-				 const secp256k1_ecdsa_signature *remotesig);
+				 const struct bitcoin_signature *localsig,
+				 const struct bitcoin_signature *remotesig);


 /* Generate the witness script for an HTLC the other side offered:
--- a/common/test/run-funding_tx.c
+++ b/common/test/run-funding_tx.c
@ -91,7 +91,7 @@ int main(void)
 	u64 funding_satoshis;
 	u16 funding_outnum;
 	u8 *subscript;
-	secp256k1_ecdsa_signature sig;
+	struct bitcoin_signature sig;
 	struct bitcoin_address addr;

 	secp256k1_ctx = secp256k1_context_create(SECP256K1_CONTEXT_VERIFY
@ -165,7 +165,7 @@ int main(void)
 	pubkey_to_hash160(&inputkey, &addr.addr);
 	subscript = scriptpubkey_p2pkh(funding, &addr);
 	sign_tx_input(funding, 0, subscript, NULL, &input_privkey, &inputkey,
-		      &sig);
+		      SIGHASH_ALL, &sig);

 	funding->input[0].script = bitcoin_redeem_p2pkh(funding, &inputkey,
 							&sig);
--- a/common/type_to_string.h
+++ b/common/type_to_string.h
@ -27,6 +27,7 @@ union printable_types {
 	const struct secret *secret;
 	const struct privkey *privkey;
 	const secp256k1_ecdsa_signature *secp256k1_ecdsa_signature;
+	const struct bitcoin_signature *bitcoin_signature;
 	const struct channel *channel;
 	const char *charp_;
 };
--- a/hsmd/hsm_wire.csv
+++ b/hsmd/hsm_wire.csv
@ -110,7 +110,7 @@ hsm_sign_commitment_tx,,remote_funding_key,struct pubkey
 hsm_sign_commitment_tx,,funding_amount,u64

 hsm_sign_commitment_tx_reply,105
-hsm_sign_commitment_tx_reply,,sig,secp256k1_ecdsa_signature
+hsm_sign_commitment_tx_reply,,sig,struct bitcoin_signature

 # Onchaind asks HSM to sign a spend to-us.  Four variants, since each set
 # of keys is derived differently...
@ -166,7 +166,7 @@ hsm_sign_mutual_close_tx,,funding_amount,u64

 # Reply for all the above requests.
 hsm_sign_tx_reply,112
-hsm_sign_tx_reply,,sig,secp256k1_ecdsa_signature
+hsm_sign_tx_reply,,sig,struct bitcoin_signature

 # Openingd/channeld/onchaind asks for Nth per_commitment_point, if > 2, gets N-2 secret.
 hsm_get_per_commitment_point,18
--- a/hsmd/hsmd.c
+++ b/hsmd/hsmd.c
@ -731,7 +731,7 @@ static struct io_plan *handle_sign_commitment_tx(struct io_conn *conn,
 	u64 dbid, funding_amount;
 	struct secret channel_seed;
 	struct bitcoin_tx *tx;
-	secp256k1_ecdsa_signature sig;
+	struct bitcoin_signature sig;
 	struct secrets secrets;
 	const u8 *funding_wscript;

@ -762,6 +762,7 @@ static struct io_plan *handle_sign_commitment_tx(struct io_conn *conn,
 	sign_tx_input(tx, 0, NULL, funding_wscript,
 		      &secrets.funding_privkey,
 		      &local_funding_pubkey,
+		      SIGHASH_ALL,
 		      &sig);

 	return req_reply(conn, c,
@ -784,7 +785,7 @@ static struct io_plan *handle_sign_remote_commitment_tx(struct io_conn *conn,
 	u64 funding_amount;
 	struct secret channel_seed;
 	struct bitcoin_tx *tx;
-	secp256k1_ecdsa_signature sig;
+	struct bitcoin_signature sig;
 	struct secrets secrets;
 	const u8 *funding_wscript;

@ -806,6 +807,7 @@ static struct io_plan *handle_sign_remote_commitment_tx(struct io_conn *conn,
 	sign_tx_input(tx, 0, NULL, funding_wscript,
 		      &secrets.funding_privkey,
 		      &local_funding_pubkey,
+		      SIGHASH_ALL,
 		      &sig);

 	return req_reply(conn, c, take(towire_hsm_sign_tx_reply(NULL, &sig)));
@ -819,7 +821,7 @@ static struct io_plan *handle_sign_remote_htlc_tx(struct io_conn *conn,
 {
 	struct secret channel_seed;
 	struct bitcoin_tx *tx;
-	secp256k1_ecdsa_signature sig;
+	struct bitcoin_signature sig;
 	struct secrets secrets;
 	struct basepoints basepoints;
 	struct pubkey remote_per_commit_point;
@ -851,7 +853,8 @@ static struct io_plan *handle_sign_remote_htlc_tx(struct io_conn *conn,

 	/* Need input amount for signing */
 	tx->input[0].amount = tal_dup(tx->input, u64, &amount);
-	sign_tx_input(tx, 0, NULL, wscript, &htlc_privkey, &htlc_pubkey, &sig);
+	sign_tx_input(tx, 0, NULL, wscript, &htlc_privkey, &htlc_pubkey,
+		      SIGHASH_ALL, &sig);

 	return req_reply(conn, c, take(towire_hsm_sign_tx_reply(NULL, &sig)));
 }
@ -867,7 +870,7 @@ static struct io_plan *handle_sign_to_us_tx(struct io_conn *conn,
 					    const u8 *wscript,
 					    u64 input_amount)
 {
-	secp256k1_ecdsa_signature sig;
+	struct bitcoin_signature sig;
 	struct pubkey pubkey;

 	if (!pubkey_from_privkey(privkey, &pubkey))
@ -877,7 +880,7 @@ static struct io_plan *handle_sign_to_us_tx(struct io_conn *conn,
 		return bad_req_fmt(conn, c, msg_in, "bad txinput count");

 	tx->input[0].amount = tal_dup(tx->input, u64, &input_amount);
-	sign_tx_input(tx, 0, NULL, wscript, privkey, &pubkey, &sig);
+	sign_tx_input(tx, 0, NULL, wscript, privkey, &pubkey, SIGHASH_ALL, &sig);

 	return req_reply(conn, c, take(towire_hsm_sign_tx_reply(NULL, &sig)));
 }
@ -1034,7 +1037,7 @@ static struct io_plan *handle_sign_local_htlc_tx(struct io_conn *conn,
 	struct pubkey per_commitment_point, htlc_basepoint;
 	struct bitcoin_tx *tx;
 	u8 *wscript;
-	secp256k1_ecdsa_signature sig;
+	struct bitcoin_signature sig;
 	struct privkey htlc_privkey;
 	struct pubkey htlc_pubkey;

@ -1074,7 +1077,8 @@ static struct io_plan *handle_sign_local_htlc_tx(struct io_conn *conn,

 	/* FIXME: Check that output script is correct! */
 	tx->input[0].amount = tal_dup(tx->input, u64, &input_amount);
-	sign_tx_input(tx, 0, NULL, wscript, &htlc_privkey, &htlc_pubkey, &sig);
+	sign_tx_input(tx, 0, NULL, wscript, &htlc_privkey, &htlc_pubkey,
+		      SIGHASH_ALL, &sig);

 	return req_reply(conn, c, take(towire_hsm_sign_tx_reply(NULL, &sig)));
 }
@ -1165,7 +1169,7 @@ static struct io_plan *handle_sign_mutual_close_tx(struct io_conn *conn,
 	struct secret channel_seed;
 	struct bitcoin_tx *tx;
 	struct pubkey remote_funding_pubkey, local_funding_pubkey;
-	secp256k1_ecdsa_signature sig;
+	struct bitcoin_signature sig;
 	struct secrets secrets;
 	u64 funding_amount;
 	const u8 *funding_wscript;
@ -1191,7 +1195,7 @@ static struct io_plan *handle_sign_mutual_close_tx(struct io_conn *conn,
 	sign_tx_input(tx, 0, NULL, funding_wscript,
 		      &secrets.funding_privkey,
 		      &local_funding_pubkey,
-		      &sig);
+		      SIGHASH_ALL, &sig);

 	return req_reply(conn, c, take(towire_hsm_sign_tx_reply(NULL, &sig)));
 }
@ -1327,7 +1331,7 @@ static void sign_all_inputs(struct bitcoin_tx *tx, struct utxo **utxos)
 		struct privkey inprivkey;
 		const struct utxo *in = utxos[i];
 		u8 *subscript, *wscript;
-		secp256k1_ecdsa_signature sig;
+		struct bitcoin_signature sig;

 		/* Figure out keys to spend this. */
 		hsm_key_for_utxo(&inprivkey, &inkey, in);
@ -1348,7 +1352,7 @@ static void sign_all_inputs(struct bitcoin_tx *tx, struct utxo **utxos)
 		}
 		/* This is the core crypto magic. */
 		sign_tx_input(tx, i, subscript, wscript, &inprivkey, &inkey,
-			      &sig);
+			      SIGHASH_ALL, &sig);

 		/* The witness is [sig] [key] */
 		tx->input[i].witness = bitcoin_witness_p2wpkh(tx, &sig, &inkey);
--- a/lightningd/channel.c
+++ b/lightningd/channel.c
@ -155,7 +155,7 @@ struct channel *new_channel(struct peer *peer, u64 dbid,
 			    u64 msatoshi_to_us_max,
 			    /* Stolen */
 			    struct bitcoin_tx *last_tx,
-			    const secp256k1_ecdsa_signature *last_sig,
+			    const struct bitcoin_signature *last_sig,
 			    /* NULL or stolen */
 			    secp256k1_ecdsa_signature *last_htlc_sigs,
 			    const struct channel_info *channel_info,
@ -312,7 +312,7 @@ struct channel *channel_by_dbid(struct lightningd *ld, const u64 dbid)

 void channel_set_last_tx(struct channel *channel,
 			 struct bitcoin_tx *tx,
-			 const secp256k1_ecdsa_signature *sig)
+			 const struct bitcoin_signature *sig)
 {
 	channel->last_sig = *sig;
 	tal_free(channel->last_tx);
--- a/lightningd/channel.h
+++ b/lightningd/channel.h
@ -75,7 +75,7 @@ struct channel {

 	/* Last tx they gave us. */
 	struct bitcoin_tx *last_tx;
-	secp256k1_ecdsa_signature last_sig;
+	struct bitcoin_signature last_sig;
 	secp256k1_ecdsa_signature *last_htlc_sigs;

 	/* Keys for channel */
@ -137,7 +137,7 @@ struct channel *new_channel(struct peer *peer, u64 dbid,
 			    u64 msatoshi_to_us_max,
 			    /* Stolen */
 			    struct bitcoin_tx *last_tx,
-			    const secp256k1_ecdsa_signature *last_sig,
+			    const struct bitcoin_signature *last_sig,
 			    /* NULL or stolen */
 			    secp256k1_ecdsa_signature *last_htlc_sigs,
 			    const struct channel_info *channel_info,
@ -190,7 +190,7 @@ struct channel *channel_by_dbid(struct lightningd *ld, const u64 dbid);

 void channel_set_last_tx(struct channel *channel,
 			 struct bitcoin_tx *tx,
-			 const secp256k1_ecdsa_signature *sig);
+			 const struct bitcoin_signature *sig);

 static inline bool channel_can_add_htlc(const struct channel *channel)
 {
--- a/lightningd/closing_control.c
+++ b/lightningd/closing_control.c
@ -69,7 +69,7 @@ static bool better_closing_fee(struct lightningd *ld,
 static void peer_received_closing_signature(struct channel *channel,
 					    const u8 *msg)
 {
-	secp256k1_ecdsa_signature sig;
+	struct bitcoin_signature sig;
 	struct bitcoin_tx *tx;
 	struct lightningd *ld = channel->peer->ld;

--- a/lightningd/opening_control.c
+++ b/lightningd/opening_control.c
@ -133,7 +133,7 @@ static struct channel *
 wallet_commit_channel(struct lightningd *ld,
 		      struct uncommitted_channel *uc,
 		      struct bitcoin_tx *remote_commit,
-		      secp256k1_ecdsa_signature *remote_commit_sig,
+		      struct bitcoin_signature *remote_commit_sig,
 		      const struct bitcoin_txid *funding_txid,
 		      u16 funding_outnum,
 		      u64 funding_satoshi,
@ -230,7 +230,7 @@ static void opening_funder_finished(struct subd *openingd, const u8 *resp,
 	struct bitcoin_txid funding_txid, expected_txid;
 	struct pubkey changekey;
 	struct crypto_state cs;
-	secp256k1_ecdsa_signature remote_commit_sig;
+	struct bitcoin_signature remote_commit_sig;
 	struct bitcoin_tx *remote_commit;
 	u16 funding_outnum;
 	u32 feerate;
@ -412,7 +412,7 @@ static void opening_fundee_finished(struct subd *openingd,
 	u8 *funding_signed;
 	struct channel_info channel_info;
 	struct crypto_state cs;
-	secp256k1_ecdsa_signature remote_commit_sig;
+	struct bitcoin_signature remote_commit_sig;
 	struct bitcoin_tx *remote_commit;
 	struct lightningd *ld = openingd->ld;
 	struct bitcoin_txid funding_txid;
--- a/lightningd/peer_control.c
+++ b/lightningd/peer_control.c
@ -187,7 +187,7 @@ u8 *p2wpkh_for_keyidx(const tal_t *ctx, struct lightningd *ld, u64 keyidx)
 static void sign_last_tx(struct channel *channel)
 {
 	struct lightningd *ld = channel->peer->ld;
-	secp256k1_ecdsa_signature sig;
+	struct bitcoin_signature sig;
 	u8 *msg;

 	assert(!channel->last_tx->input[0].witness);
--- a/lightningd/peer_htlcs.c
+++ b/lightningd/peer_htlcs.c
@ -984,7 +984,7 @@ static bool changed_htlc(struct channel *channel,

 static bool peer_save_commitsig_received(struct channel *channel, u64 commitnum,
 					 struct bitcoin_tx *tx,
-					 const secp256k1_ecdsa_signature *commit_sig)
+					 const struct bitcoin_signature *commit_sig)
 {
 	if (commitnum != channel->next_index[LOCAL]) {
 		channel_internal_error(channel,
@ -1027,7 +1027,7 @@ void peer_sending_commitsig(struct channel *channel, const u8 *msg)
 	u32 feerate;
 	struct changed_htlc *changed_htlcs;
 	size_t i, maxid = 0, num_local_added = 0;
-	secp256k1_ecdsa_signature commit_sig;
+	struct bitcoin_signature commit_sig;
 	secp256k1_ecdsa_signature *htlc_sigs;
 	struct lightningd *ld = channel->peer->ld;

@ -1175,7 +1175,7 @@ void peer_got_commitsig(struct channel *channel, const u8 *msg)
 {
 	u64 commitnum;
 	u32 feerate;
-	secp256k1_ecdsa_signature commit_sig;
+	struct bitcoin_signature commit_sig;
 	secp256k1_ecdsa_signature *htlc_sigs;
 	struct added_htlc *added;
 	struct secret *shared_secrets;
--- a/lightningd/test/run-invoice-select-inchan.c
+++ b/lightningd/test/run-invoice-select-inchan.c
@ -76,7 +76,7 @@ bool fromwire_gossip_get_incoming_channels_reply(const tal_t *ctx UNNEEDED, cons
 bool fromwire_hsm_get_channel_basepoints_reply(const void *p UNNEEDED, struct basepoints *basepoints UNNEEDED, struct pubkey *funding_pubkey UNNEEDED)
 { fprintf(stderr, "fromwire_hsm_get_channel_basepoints_reply called!\n"); abort(); }
 /* Generated stub for fromwire_hsm_sign_commitment_tx_reply */
-bool fromwire_hsm_sign_commitment_tx_reply(const void *p UNNEEDED, secp256k1_ecdsa_signature *sig UNNEEDED)
+bool fromwire_hsm_sign_commitment_tx_reply(const void *p UNNEEDED, struct bitcoin_signature *sig UNNEEDED)
 { fprintf(stderr, "fromwire_hsm_sign_commitment_tx_reply called!\n"); abort(); }
 /* Generated stub for fromwire_hsm_sign_invoice_reply */
 bool fromwire_hsm_sign_invoice_reply(const void *p UNNEEDED, secp256k1_ecdsa_recoverable_signature *sig UNNEEDED)
--- a/onchaind/onchaind.c
+++ b/onchaind/onchaind.c
@ -97,7 +97,7 @@ struct tracked_output {
 	const u8 *wscript;

 	/* If it's an HTLC off our unilateral, this is their sig for htlc_tx */
-	const secp256k1_ecdsa_signature *remote_htlc_sig;
+	const struct bitcoin_signature *remote_htlc_sig;

 	/* Our proposed solution (if any) */
 	struct proposed_resolution *proposal;
@ -108,7 +108,7 @@ struct tracked_output {

 /* We vary feerate until signature they offered matches. */
 static u64 grind_htlc_tx_fee(struct bitcoin_tx *tx,
-			     const secp256k1_ecdsa_signature *remotesig,
+			     const struct bitcoin_signature *remotesig,
 			     const u8 *wscript,
 			     u64 multiplier)
 {
@ -149,7 +149,7 @@ static u64 grind_htlc_tx_fee(struct bitcoin_tx *tx,
 }

 static bool set_htlc_timeout_fee(struct bitcoin_tx *tx,
-				 const secp256k1_ecdsa_signature *remotesig,
+				 const struct bitcoin_signature *remotesig,
 				 const u8 *wscript)
 {
 	static u64 fee = UINT64_MAX;
@ -172,7 +172,7 @@ static bool set_htlc_timeout_fee(struct bitcoin_tx *tx,
 }

 static void set_htlc_success_fee(struct bitcoin_tx *tx,
-				 const secp256k1_ecdsa_signature *remotesig,
+				 const struct bitcoin_signature *remotesig,
 				 const u8 *wscript)
 {
 	static u64 fee = UINT64_MAX;
@ -199,7 +199,7 @@ static void set_htlc_success_fee(struct bitcoin_tx *tx,
 		      " for tx %s, signature %s, wscript %s",
 		      fee,
 		      type_to_string(tmpctx, struct bitcoin_tx, tx),
-		      type_to_string(tmpctx, secp256k1_ecdsa_signature, remotesig),
+		      type_to_string(tmpctx, struct bitcoin_signature, remotesig),
 		      tal_hex(tmpctx, wscript));
 }

@ -273,7 +273,7 @@ static struct bitcoin_tx *tx_to_us(const tal_t *ctx,
 {
 	struct bitcoin_tx *tx;
 	u64 fee;
-	secp256k1_ecdsa_signature sig;
+	struct bitcoin_signature sig;
 	u8 *msg;

 	tx = bitcoin_tx(ctx, 1, 1);
@ -336,7 +336,7 @@ static struct bitcoin_tx *tx_to_us(const tal_t *ctx,

 static void hsm_sign_local_htlc_tx(struct bitcoin_tx *tx,
 				   const u8 *wscript,
-				   secp256k1_ecdsa_signature *sig)
+				   struct bitcoin_signature *sig)
 {
 	u8 *msg = towire_hsm_sign_local_htlc_tx(NULL, commit_num,
 					  tx, wscript,
@ -401,7 +401,14 @@ static struct tracked_output *
 	if (htlc)
 		out->htlc = *htlc;
 	out->wscript = tal_steal(out, wscript);
-	out->remote_htlc_sig = remote_htlc_sig;
+	if (remote_htlc_sig) {
+		struct bitcoin_signature *sig;
+		sig = tal(out, struct bitcoin_signature);
+		sig->s = *remote_htlc_sig;
+		sig->sighash_type = SIGHASH_ALL;
+		out->remote_htlc_sig = sig;
+	} else
+		out->remote_htlc_sig = NULL;

 	*tal_arr_expand(outs) = out;

@ -487,14 +494,8 @@ static void propose_resolution_at_block(struct tracked_output *out,

 static bool is_valid_sig(const u8 *e)
 {
-	secp256k1_ecdsa_signature sig;
-	size_t len = tal_count(e);
-
-	/* Last byte is sighash flags */
-	if (len < 1)
-		return false;
-
-	return signature_from_der(e, len-1, &sig);
+	struct bitcoin_signature sig;
+	return signature_from_der(e, tal_count(e), &sig);
 }

 /* We ignore things which look like signatures. */
@ -1120,7 +1121,7 @@ static void handle_preimage(struct tracked_output **outs,

 	for (i = 0; i < tal_count(outs); i++) {
 		struct bitcoin_tx *tx;
-		secp256k1_ecdsa_signature sig;
+		struct bitcoin_signature sig;

 		if (outs[i]->output_type != THEIR_HTLC)
 			continue;
@ -1345,7 +1346,7 @@ static size_t resolve_our_htlc_ourcommit(struct tracked_output *out,
 					 u8 **htlc_scripts)
 {
 	struct bitcoin_tx *tx = NULL;
-	secp256k1_ecdsa_signature localsig;
+	struct bitcoin_signature localsig;
 	size_t i;

 	assert(tal_count(matches));
@ -1396,7 +1397,7 @@ static size_t resolve_our_htlc_ourcommit(struct tracked_output *out,
 			      min_possible_feerate, max_possible_feerate,
 			      type_to_string(tmpctx, struct bitcoin_tx, tx),
 			      out->satoshi,
-			      type_to_string(tmpctx, secp256k1_ecdsa_signature,
+			      type_to_string(tmpctx, struct bitcoin_signature,
 					     out->remote_htlc_sig),
 			      cltvs, wscripts);
 	}
--- a/onchaind/test/run-grind_feerate.c
+++ b/onchaind/test/run-grind_feerate.c
@ -28,7 +28,7 @@ bool derive_keyset(const struct pubkey *per_commitment_point UNNEEDED,
 bool fromwire_hsm_get_per_commitment_point_reply(const tal_t *ctx UNNEEDED, const void *p UNNEEDED, struct pubkey *per_commitment_point UNNEEDED, struct secret **old_commitment_secret UNNEEDED)
 { fprintf(stderr, "fromwire_hsm_get_per_commitment_point_reply called!\n"); abort(); }
 /* Generated stub for fromwire_hsm_sign_tx_reply */
-bool fromwire_hsm_sign_tx_reply(const void *p UNNEEDED, secp256k1_ecdsa_signature *sig UNNEEDED)
+bool fromwire_hsm_sign_tx_reply(const void *p UNNEEDED, struct bitcoin_signature *sig UNNEEDED)
 { fprintf(stderr, "fromwire_hsm_sign_tx_reply called!\n"); abort(); }
 /* Generated stub for fromwire_onchain_depth */
 bool fromwire_onchain_depth(const void *p UNNEEDED, struct bitcoin_txid *txid UNNEEDED, u32 *depth UNNEEDED)
@ -184,7 +184,7 @@ int main(int argc, char *argv[])
 	setup_locale();

 	struct bitcoin_tx *tx;
-	secp256k1_ecdsa_signature sig;
+	struct bitcoin_signature sig;
 	u8 *der, *wscript;
 	u64 fee;
 	struct pubkey htlc_key;
@ -199,8 +199,8 @@ int main(int argc, char *argv[])
 				 strlen("0200000001e1ebca08cf1c301ac563580a1126d5c8fcb0e5e2043230b852c726553caf1e1d0000000000000000000160ae0a000000000022002082e03c5a9cb79c82cd5a0572dc175290bc044609aabe9cc852d61927436041796d000000"));
 	tx->input[0].amount = tal(tx, u64);
 	*tx->input[0].amount = 700000;
-	der = tal_hexdata(tmpctx, "30450221009b2e0eef267b94c3899fb0dc7375012e2cee4c10348a068fe78d1b82b4b14036022077c3fad3adac2ddf33f415e45f0daf6658b7a0b09647de4443938ae2dbafe2b9",
-			  strlen("30450221009b2e0eef267b94c3899fb0dc7375012e2cee4c10348a068fe78d1b82b4b14036022077c3fad3adac2ddf33f415e45f0daf6658b7a0b09647de4443938ae2dbafe2b9"));
+	der = tal_hexdata(tmpctx, "30450221009b2e0eef267b94c3899fb0dc7375012e2cee4c10348a068fe78d1b82b4b14036022077c3fad3adac2ddf33f415e45f0daf6658b7a0b09647de4443938ae2dbafe2b9" "01",
+			  strlen("30450221009b2e0eef267b94c3899fb0dc7375012e2cee4c10348a068fe78d1b82b4b14036022077c3fad3adac2ddf33f415e45f0daf6658b7a0b09647de4443938ae2dbafe2b9" "01"));
 	if (!signature_from_der(der, tal_count(der), &sig))
 		abort();

--- a/openingd/opening_wire.csv
+++ b/openingd/opening_wire.csv
@ -45,7 +45,7 @@ opening_funder,,bip32,struct ext_key
 opening_funder_reply,6101
 opening_funder_reply,,their_config,struct channel_config
 opening_funder_reply,,first_commit,struct bitcoin_tx
-opening_funder_reply,,first_commit_sig,secp256k1_ecdsa_signature
+opening_funder_reply,,first_commit_sig,struct bitcoin_signature
 opening_funder_reply,,crypto_state,struct crypto_state
 opening_funder_reply,,revocation_basepoint,struct pubkey
 opening_funder_reply,,payment_basepoint,struct pubkey
@ -67,7 +67,7 @@ opening_funder_failed,,reason,wirestring
 opening_fundee,6003
 opening_fundee,,their_config,struct channel_config
 opening_fundee,,first_commit,struct bitcoin_tx
-opening_fundee,,first_commit_sig,secp256k1_ecdsa_signature
+opening_fundee,,first_commit_sig,struct bitcoin_signature
 opening_fundee,,crypto_state,struct crypto_state
 opening_fundee,,revocation_basepoint,struct pubkey
 opening_fundee,,payment_basepoint,struct pubkey
--- a/openingd/openingd.c
+++ b/openingd/openingd.c
@ -345,7 +345,7 @@ static u8 *funder_channel(struct state *state,
 	struct basepoints theirs;
 	struct pubkey their_funding_pubkey;
 	struct pubkey *changekey;
-	secp256k1_ecdsa_signature sig;
+	struct bitcoin_signature sig;
 	u32 minimum_depth;
 	const u8 *wscript;
 	struct bitcoin_tx *funding;
@ -551,7 +551,7 @@ static u8 *funder_channel(struct state *state,
 			      tal_hex(tmpctx, msg));

 	status_trace("signature %s on tx %s using key %s",
-		     type_to_string(tmpctx, secp256k1_ecdsa_signature, &sig),
+		     type_to_string(tmpctx, struct bitcoin_signature, &sig),
 		     type_to_string(tmpctx, struct bitcoin_tx, tx),
 		     type_to_string(tmpctx, struct pubkey,
 				    &state->our_funding_pubkey));
@ -559,7 +559,7 @@ static u8 *funder_channel(struct state *state,
 	msg = towire_funding_created(state, &state->channel_id,
 				     &state->funding_txid,
 				     state->funding_txout,
-				     &sig);
+				     &sig.s);
 	sync_crypto_write(&state->cs, PEER_FD, msg);

 	/* BOLT #2:
@ -577,7 +577,8 @@ static u8 *funder_channel(struct state *state,
 	if (!msg)
 		return NULL;

-	if (!fromwire_funding_signed(msg, &id_in, &sig))
+	sig.sighash_type = SIGHASH_ALL;
+	if (!fromwire_funding_signed(msg, &id_in, &sig.s))
 		peer_failed(&state->cs,
 			    &state->channel_id,
 			    "Parsing funding_signed: %s", tal_hex(msg, msg));
@ -618,7 +619,7 @@ static u8 *funder_channel(struct state *state,
 		peer_failed(&state->cs,
 			    &state->channel_id,
 			    "Bad signature %s on tx %s using key %s",
-			    type_to_string(tmpctx, secp256k1_ecdsa_signature,
+			    type_to_string(tmpctx, struct bitcoin_signature,
 					   &sig),
 			    type_to_string(tmpctx, struct bitcoin_tx, tx),
 			    type_to_string(tmpctx, struct pubkey,
@ -656,7 +657,7 @@ static u8 *fundee_channel(struct state *state, const u8 *open_channel_msg)
 	struct channel_id id_in;
 	struct basepoints theirs;
 	struct pubkey their_funding_pubkey;
-	secp256k1_ecdsa_signature theirsig, sig;
+	struct bitcoin_signature theirsig, sig;
 	struct bitcoin_tx *local_commit, *remote_commit;
 	struct bitcoin_blkid chain_hash;
 	u8 *msg;
@ -823,10 +824,11 @@ static u8 *fundee_channel(struct state *state, const u8 *open_channel_msg)
 	if (!msg)
 		return NULL;

+	theirsig.sighash_type = SIGHASH_ALL;
 	if (!fromwire_funding_created(msg, &id_in,
 				      &state->funding_txid,
 				      &state->funding_txout,
-				      &theirsig))
+				      &theirsig.s))
 		peer_failed(&state->cs,
 			    &state->channel_id,
 			    "Parsing funding_created");
@ -880,7 +882,7 @@ static u8 *fundee_channel(struct state *state, const u8 *open_channel_msg)
 		peer_failed(&state->cs,
 			    &state->channel_id,
 			    "Bad signature %s on tx %s using key %s",
-			    type_to_string(tmpctx, secp256k1_ecdsa_signature,
+			    type_to_string(tmpctx, struct bitcoin_signature,
 					   &theirsig),
 			    type_to_string(tmpctx, struct bitcoin_tx, local_commit),
 			    type_to_string(tmpctx, struct pubkey,
@ -929,7 +931,8 @@ static u8 *fundee_channel(struct state *state, const u8 *open_channel_msg)

 	/* We don't send this ourselves: channeld does, because master needs
 	 * to save state to disk before doing so. */
-	msg = towire_funding_signed(state, &state->channel_id, &sig);
+	assert(sig.sighash_type == SIGHASH_ALL);
+	msg = towire_funding_signed(state, &state->channel_id, &sig.s);

 	return towire_opening_fundee(state,
 				     &state->remoteconf,
--- a/wallet/test/run-wallet.c
+++ b/wallet/test/run-wallet.c
@ -74,7 +74,7 @@ void   fatal(const char *fmt UNNEEDED, ...)
 bool fromwire_channel_dev_memleak_reply(const void *p UNNEEDED, bool *leak UNNEEDED)
 { fprintf(stderr, "fromwire_channel_dev_memleak_reply called!\n"); abort(); }
 /* Generated stub for fromwire_channel_got_commitsig */
-bool fromwire_channel_got_commitsig(const tal_t *ctx UNNEEDED, const void *p UNNEEDED, u64 *commitnum UNNEEDED, u32 *feerate UNNEEDED, secp256k1_ecdsa_signature *signature UNNEEDED, secp256k1_ecdsa_signature **htlc_signature UNNEEDED, struct added_htlc **added UNNEEDED, struct secret **shared_secret UNNEEDED, struct fulfilled_htlc **fulfilled UNNEEDED, struct failed_htlc ***failed UNNEEDED, struct changed_htlc **changed UNNEEDED, struct bitcoin_tx **tx UNNEEDED)
+bool fromwire_channel_got_commitsig(const tal_t *ctx UNNEEDED, const void *p UNNEEDED, u64 *commitnum UNNEEDED, u32 *feerate UNNEEDED, struct bitcoin_signature *signature UNNEEDED, secp256k1_ecdsa_signature **htlc_signature UNNEEDED, struct added_htlc **added UNNEEDED, struct secret **shared_secret UNNEEDED, struct fulfilled_htlc **fulfilled UNNEEDED, struct failed_htlc ***failed UNNEEDED, struct changed_htlc **changed UNNEEDED, struct bitcoin_tx **tx UNNEEDED)
 { fprintf(stderr, "fromwire_channel_got_commitsig called!\n"); abort(); }
 /* Generated stub for fromwire_channel_got_revoke */
 bool fromwire_channel_got_revoke(const tal_t *ctx UNNEEDED, const void *p UNNEEDED, u64 *revokenum UNNEEDED, struct secret *per_commitment_secret UNNEEDED, struct pubkey *next_per_commit_point UNNEEDED, u32 *feerate UNNEEDED, struct changed_htlc **changed UNNEEDED)
@ -83,7 +83,7 @@ bool fromwire_channel_got_revoke(const tal_t *ctx UNNEEDED, const void *p UNNEED
 bool fromwire_channel_offer_htlc_reply(const tal_t *ctx UNNEEDED, const void *p UNNEEDED, u64 *id UNNEEDED, u16 *failure_code UNNEEDED, u8 **failurestr UNNEEDED)
 { fprintf(stderr, "fromwire_channel_offer_htlc_reply called!\n"); abort(); }
 /* Generated stub for fromwire_channel_sending_commitsig */
-bool fromwire_channel_sending_commitsig(const tal_t *ctx UNNEEDED, const void *p UNNEEDED, u64 *commitnum UNNEEDED, u32 *feerate UNNEEDED, struct changed_htlc **changed UNNEEDED, secp256k1_ecdsa_signature *commit_sig UNNEEDED, secp256k1_ecdsa_signature **htlc_sigs UNNEEDED)
+bool fromwire_channel_sending_commitsig(const tal_t *ctx UNNEEDED, const void *p UNNEEDED, u64 *commitnum UNNEEDED, u32 *feerate UNNEEDED, struct changed_htlc **changed UNNEEDED, struct bitcoin_signature *commit_sig UNNEEDED, secp256k1_ecdsa_signature **htlc_sigs UNNEEDED)
 { fprintf(stderr, "fromwire_channel_sending_commitsig called!\n"); abort(); }
 /* Generated stub for fromwire_connect_peer_connected */
 bool fromwire_connect_peer_connected(const tal_t *ctx UNNEEDED, const void *p UNNEEDED, struct pubkey *id UNNEEDED, struct wireaddr_internal *addr UNNEEDED, struct crypto_state *crypto_state UNNEEDED, u8 **globalfeatures UNNEEDED, u8 **localfeatures UNNEEDED)
@ -92,7 +92,7 @@ bool fromwire_connect_peer_connected(const tal_t *ctx UNNEEDED, const void *p UN
 bool fromwire_gossip_get_channel_peer_reply(const tal_t *ctx UNNEEDED, const void *p UNNEEDED, struct pubkey **peer_id UNNEEDED)
 { fprintf(stderr, "fromwire_gossip_get_channel_peer_reply called!\n"); abort(); }
 /* Generated stub for fromwire_hsm_sign_commitment_tx_reply */
-bool fromwire_hsm_sign_commitment_tx_reply(const void *p UNNEEDED, secp256k1_ecdsa_signature *sig UNNEEDED)
+bool fromwire_hsm_sign_commitment_tx_reply(const void *p UNNEEDED, struct bitcoin_signature *sig UNNEEDED)
 { fprintf(stderr, "fromwire_hsm_sign_commitment_tx_reply called!\n"); abort(); }
 /* Generated stub for fromwire_onchain_dev_memleak_reply */
 bool fromwire_onchain_dev_memleak_reply(const void *p UNNEEDED, bool *leak UNNEEDED)
@ -860,7 +860,8 @@ static bool test_channel_crud(struct lightningd *ld, const tal_t *ctx)
 	ci->old_remote_per_commit = pk;
 	/* last_tx taken from BOLT #3 */
 	c1.last_tx = bitcoin_tx_from_hex(w, "02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8003a00f0000000000002200208c48d15160397c9731df9bc3b236656efb6665fbfe92b4a6878e88a499f741c4c0c62d0000000000160014ccf1af2f2aabee14bb40fa3851ab2301de843110ae8f6a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e040047304402206a2679efa3c7aaffd2a447fd0df7aba8792858b589750f6a1203f9259173198a022008d52a0e77a99ab533c36206cb15ad7aeb2aa72b93d4b571e728cb5ec2f6fe260147304402206d6cb93969d39177a09d5d45b583f34966195b77c7e585cf47ac5cce0c90cefb022031d71ae4e33a4e80df7f981d696fbdee517337806a3c7138b7491e2cbb077a0e01475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220", strlen("02000000000101bef67e4e2fb9ddeeb3461973cd4c62abb35050b1add772995b820b584a488489000000000038b02b8003a00f0000000000002200208c48d15160397c9731df9bc3b236656efb6665fbfe92b4a6878e88a499f741c4c0c62d0000000000160014ccf1af2f2aabee14bb40fa3851ab2301de843110ae8f6a00000000002200204adb4e2f00643db396dd120d4e7dc17625f5f2c11a40d857accc862d6b7dd80e040047304402206a2679efa3c7aaffd2a447fd0df7aba8792858b589750f6a1203f9259173198a022008d52a0e77a99ab533c36206cb15ad7aeb2aa72b93d4b571e728cb5ec2f6fe260147304402206d6cb93969d39177a09d5d45b583f34966195b77c7e585cf47ac5cce0c90cefb022031d71ae4e33a4e80df7f981d696fbdee517337806a3c7138b7491e2cbb077a0e01475221023da092f6980e58d2c037173180e9a465476026ee50f96695963e8efe436f54eb21030e9f7b623d2ccc7c9bd44d66d5ce21ce504c0acf6385a132cec6d3c39fa711c152ae3e195220"));
-	c1.last_sig = *sig;
+	c1.last_sig.s = *sig;
+	c1.last_sig.sighash_type = SIGHASH_ALL;

 	db_begin_transaction(w->db);
 	CHECK(!wallet_err);
--- a/wallet/wallet.c
+++ b/wallet/wallet.c
@ -571,7 +571,7 @@ static struct channel *wallet_stmt2channel(const tal_t *ctx, struct wallet *w, s
 	struct wallet_shachain wshachain;
 	struct channel_config our_config;
 	struct bitcoin_txid funding_txid;
-	secp256k1_ecdsa_signature last_sig;
+	struct bitcoin_signature last_sig;
 	u8 *remote_shutdown_scriptpubkey;
 	struct changed_htlc *last_sent_commit;
 	s64 final_key_idx;
@ -633,7 +633,8 @@ static struct channel *wallet_stmt2channel(const tal_t *ctx, struct wallet *w, s
 					 &our_config);
 	ok &= sqlite3_column_sha256_double(stmt, 12, &funding_txid.shad);

-	ok &= sqlite3_column_signature(stmt, 33, &last_sig);
+	ok &= sqlite3_column_signature(stmt, 33, &last_sig.s);
+	last_sig.sighash_type = SIGHASH_ALL;

 	/* Populate channel_info */
 	ok &= sqlite3_column_pubkey(stmt, 18, &channel_info.remote_fundingkey);
@ -969,7 +970,7 @@ void wallet_channel_save(struct wallet *w, struct channel *chan)
 	sqlite3_bind_int64(stmt, 17, chan->final_key_idx);
 	sqlite3_bind_int64(stmt, 18, chan->our_config.id);
 	sqlite3_bind_tx(stmt, 19, chan->last_tx);
-	sqlite3_bind_signature(stmt, 20, &chan->last_sig);
+	sqlite3_bind_signature(stmt, 20, &chan->last_sig.s);
 	sqlite3_bind_int(stmt, 21, chan->last_was_revoke);
 	sqlite3_bind_int(stmt, 22, chan->min_possible_feerate);
 	sqlite3_bind_int(stmt, 23, chan->max_possible_feerate);
--- a/wire/fromwire.c
+++ b/wire/fromwire.c
@ -178,6 +178,15 @@ void fromwire_bitcoin_txid(const u8 **cursor, size_t *max,
 	fromwire_sha256_double(cursor, max, &txid->shad);
 }

+void fromwire_bitcoin_signature(const u8 **cursor, size_t *max,
+				struct bitcoin_signature *sig)
+{
+	fromwire_secp256k1_ecdsa_signature(cursor, max, &sig->s);
+	sig->sighash_type = fromwire_u8(cursor, max);
+	if (!sighash_type_valid(sig->sighash_type))
+		fromwire_fail(cursor, max);
+}
+
 void fromwire_bitcoin_blkid(const u8 **cursor, size_t *max,
 			    struct bitcoin_blkid *blkid)
 {
--- a/wire/towire.c
+++ b/wire/towire.c
@ -1,4 +1,5 @@
 #include "wire.h"
+#include <assert.h>
 #include <bitcoin/preimage.h>
 #include <bitcoin/shadouble.h>
 #include <bitcoin/tx.h>
@ -123,6 +124,13 @@ void towire_bitcoin_txid(u8 **pptr, const struct bitcoin_txid *txid)
 	towire_sha256_double(pptr, &txid->shad);
 }

+void towire_bitcoin_signature(u8 **pptr, const struct bitcoin_signature *sig)
+{
+	assert(sighash_type_valid(sig->sighash_type));
+	towire_secp256k1_ecdsa_signature(pptr, &sig->s);
+	towire_u8(pptr, sig->sighash_type);
+}
+
 void towire_bitcoin_blkid(u8 **pptr, const struct bitcoin_blkid *blkid)
 {
 	towire_sha256_double(pptr, &blkid->shad);
--- a/wire/wire.h
+++ b/wire/wire.h
@ -20,6 +20,7 @@ struct channel_id {
 STRUCTEQ_DEF(channel_id, 0, id);

 struct bitcoin_blkid;
+struct bitcoin_signature;
 struct bitcoin_txid;
 struct preimage;
 struct ripemd160;
@ -49,6 +50,7 @@ void towire_short_channel_id(u8 **pptr,
 void towire_sha256(u8 **pptr, const struct sha256 *sha256);
 void towire_sha256_double(u8 **pptr, const struct sha256_double *sha256d);
 void towire_bitcoin_txid(u8 **pptr, const struct bitcoin_txid *txid);
+void towire_bitcoin_signature(u8 **pptr, const struct bitcoin_signature *sig);
 void towire_bitcoin_blkid(u8 **pptr, const struct bitcoin_blkid *blkid);
 void towire_preimage(u8 **pptr, const struct preimage *preimage);
 void towire_ripemd160(u8 **pptr, const struct ripemd160 *ripemd);
@ -88,6 +90,8 @@ void fromwire_short_channel_id(const u8 **cursor, size_t *max,
 void fromwire_sha256(const u8 **cursor, size_t *max, struct sha256 *sha256);
 void fromwire_sha256_double(const u8 **cursor, size_t *max,
 			    struct sha256_double *sha256d);
+void fromwire_bitcoin_signature(const u8 **cursor, size_t *max,
+				struct bitcoin_signature *sig);
 void fromwire_bitcoin_txid(const u8 **cursor, size_t *max,
 			   struct bitcoin_txid *txid);
 void fromwire_bitcoin_blkid(const u8 **cursor, size_t *max,