Alpha has segregated witnesses, so txid doesn't include the inputs.
That means we can create the first commit transaction before we sign
the anchor tx.
Bitcoin will need to do this differently: presumbly via new sipops
(a OP_CHECKSIG2VERIFY I imagine).
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
I had each side using the other side's hash secret. That's a very
dumb idea, since it means you can steal from a unilateral close!
A's secret applies to A's commit transaction: it needs the
secret and B's final signature to steal funds, and that should
never happen (since A doesn't have the B's final signature, and
once A has given B the secret, they never broadcast the commit tx).
This makes the update a 4 step dance, since you need the new
revocation hash to make the other side's TX to sign.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
opt_usage_and_exit() exits with status 0, and prints to stdout.
This exits status 1 and prints to stderr.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
This checks that the protobuf is the right form, also handles uncompressed
keys (though you shouldn't be using those any more, should you?)
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
DER encoding introduces problems for non-canonical encodings; we should
do that only at the lightning<->bitcoin interface.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>