protocol: anchor output is now witness 2of2.

Rather than p2sh of a 2of2, it's now a version 0 witness program.
This means that the commit transaction input and mutual close
transaction input are both different.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>

daemon/packets.c

@@ -464,8 +464,8 @@ Pkt *accept_pkt_open(struct peer *peer, const Pkt *pkt)
 	proto_to_sha256(o->next_revocation_hash,
 			&peer->them.next_revocation_hash);
 
-	/* Redeemscript for anchor. */
+	/* Witness script for anchor. */
-	peer->anchor.redeemscript
+	peer->anchor.witnessscript
 		= bitcoin_redeem_2of2(peer, &peer->us.commitkey,
 				      &peer->them.commitkey);
 	return NULL;
@@ -485,9 +485,8 @@ static Pkt *check_and_save_commit_sig(struct peer *peer,
 	/* Their sig should sign our commit tx. */
 	if (!check_tx_sig(peer->dstate->secpctx,
 			  ci->tx, 0,
-			  peer->anchor.redeemscript,
+			  NULL, 0,
-			  tal_count(peer->anchor.redeemscript),
+			  peer->anchor.witnessscript,
-			  NULL,
 			  &peer->them.commitkey,
 			  ci->sig))
 		return pkt_err(peer, "Bad signature");
@@ -805,9 +804,8 @@ Pkt *accept_pkt_close_sig(struct peer *peer, const Pkt *pkt, bool *acked,
 
 	close_tx = peer_create_close_tx(peer, c->close_fee);
 	if (!check_tx_sig(peer->dstate->secpctx, close_tx, 0,
-			  peer->anchor.redeemscript,
+			  NULL, 0,
-			  tal_count(peer->anchor.redeemscript),
+			  peer->anchor.witnessscript,
-			  NULL,
 			  &peer->them.commitkey, &theirsig))
 		return pkt_err(peer, "Invalid signature");
 

daemon/peer.c

@@ -1104,15 +1104,12 @@ const struct bitcoin_tx *bitcoin_close(struct peer *peer)
 	our_close_sig.stype = SIGHASH_ALL;
 	peer_sign_mutual_close(peer, close_tx, &our_close_sig.sig);
 
-	/* Complete the close_tx, using signatures. */
+	close_tx->input[0].witness
-	close_tx->input[0].script
+		= bitcoin_witness_2of2(close_tx->input,
-		= scriptsig_p2sh_2of2(close_tx,
+				       peer->closing.their_sig,
-				      peer->closing.their_sig,
+				       &our_close_sig,
-				      &our_close_sig,
+				       &peer->them.commitkey,
-				      &peer->them.commitkey,
+				       &peer->us.commitkey);
-				      &peer->us.commitkey);
-	close_tx->input[0].script_length
-		= tal_count(close_tx->input[0].script);
 
 	return close_tx;
 }
@@ -1161,7 +1158,7 @@ const struct bitcoin_tx *bitcoin_spend_ours(struct peer *peer)
 
 	/* Now, calculate the fee, given length. */
 	/* FIXME: Dynamic fees! */
-	fee = fee_by_feerate(measure_tx_len(tx),
+	fee = fee_by_feerate(measure_tx_cost(tx) / 4,
 				 peer->dstate->config.closing_fee_rate);
 
 	/* FIXME: Fail gracefully in these cases (not worth collecting) */
@@ -1202,20 +1199,19 @@ const struct bitcoin_tx *bitcoin_commit(struct peer *peer)
 {
 	struct bitcoin_signature sig;
 
-	/* Can't be signed already! */
+	/* Can't be signed already, and can't have scriptsig! */
 	assert(peer->us.commit->tx->input[0].script_length == 0);
+	assert(!peer->us.commit->tx->input[0].witness);
 
 	sig.stype = SIGHASH_ALL;
 	peer_sign_ourcommit(peer, peer->us.commit->tx, &sig.sig);
 
-	peer->us.commit->tx->input[0].script
+	peer->us.commit->tx->input[0].witness
-		= scriptsig_p2sh_2of2(peer->us.commit->tx,
+		= bitcoin_witness_2of2(peer->us.commit->tx->input,
-				      peer->us.commit->sig,
+				       peer->us.commit->sig,
-				      &sig,
+				       &sig,
-				      &peer->them.commitkey,
+				       &peer->them.commitkey,
-				      &peer->us.commitkey);
+				       &peer->us.commitkey);
-	peer->us.commit->tx->input[0].script_length
-		= tal_count(peer->us.commit->tx->input[0].script);
 
 	return peer->us.commit->tx;
 }
@@ -1242,11 +1238,11 @@ static void got_feerate(struct lightningd_state *dstate,
 	struct bitcoin_tx *tx = bitcoin_tx(peer, 1, 1);
 	size_t i;
 
-	tx->output[0].script = scriptpubkey_p2sh(tx, peer->anchor.redeemscript);
+	tx->output[0].script = scriptpubkey_p2wsh(tx, peer->anchor.witnessscript);
 	tx->output[0].script_length = tal_count(tx->output[0].script);
 
 	/* Add input script length.  FIXME: This is normal case, not exact. */
-	fee = fee_by_feerate(measure_tx_len(tx) + 1+73 + 1+33 + 1, rate);
+	fee = fee_by_feerate(measure_tx_cost(tx)/4 + 1+73 + 1+33 + 1, rate);
 	if (fee >= peer->anchor.input->amount)
 		/* FIXME: Report an error here!
 		 * We really should set this when they do command, but

daemon/peer.h

@@ -140,7 +140,7 @@ struct peer {
 		struct sha256_double txid;
 		unsigned int index;
 		u64 satoshis;
-		u8 *redeemscript;
+		u8 *witnessscript;
 
 		/* If we're creating anchor, this tells us where to source it */
 		struct anchor_input *input;

daemon/secrets.c

@@ -48,9 +48,8 @@ void peer_sign_theircommit(const struct peer *peer,
 	/* Commit tx only has one input: that of the anchor. */
 	sign_tx_input(peer->dstate->secpctx,
 		      commit, 0,
-		      peer->anchor.redeemscript,
+		      NULL, 0,
-		      tal_count(peer->anchor.redeemscript),
+		      peer->anchor.witnessscript,
-		      NULL,
 		      &peer->secrets->commit,
 		      &peer->us.commitkey,
 		      sig);
@@ -63,9 +62,8 @@ void peer_sign_ourcommit(const struct peer *peer,
 	/* Commit tx only has one input: that of the anchor. */
 	sign_tx_input(peer->dstate->secpctx,
 		      commit, 0,
-		      peer->anchor.redeemscript,
+		      NULL, 0,
-		      tal_count(peer->anchor.redeemscript),
+		      peer->anchor.witnessscript,
-		      NULL,
 		      &peer->secrets->commit,
 		      &peer->us.commitkey,
 		      sig);
@@ -93,9 +91,8 @@ void peer_sign_mutual_close(const struct peer *peer,
 {
 	sign_tx_input(peer->dstate->secpctx,
 		      close, 0,
-		      peer->anchor.redeemscript,
+		      NULL, 0,
-		      tal_count(peer->anchor.redeemscript),
+		      peer->anchor.witnessscript,
-		      NULL,
 		      &peer->secrets->commit,
 		      &peer->us.commitkey,
 		      sig);

daemon/test/test.sh

@@ -18,7 +18,7 @@ FGREP="fgrep -q"
 
 # We inject 0.01 bitcoin, but then fees (estimatefee fails and we use a
 # fee rate as per the close tx).
-AMOUNT=996160000
+AMOUNT=995940000
 
 # Default fee rate per kb.
 FEE_RATE=200000