psbt: use DER encoded + sighash byte for PSBT_IN_PARTIAL_SIG items

[jgriffiths]

This fixes the incorrect signature encoding as reported in #5298.

I don't see that the old code could ever have worked: whether signing through wally or any other PSBT signer, the resulting signature in the witness would be of an incorrect form and thus should be rejected by core.

Its probably worth getting submission/validation of a tx produced from signing one of these PSBTs under test.

[cdecker]

That is likely because we were using the PSBT format as an internal transport format only, and didn't use libwally primitives to construct the final transaction. This was discovered when we made the previously internal hsmd protocol public to be consumed by VLS.

Thank you very much @jgriffiths, and sorry for causing a false alarm for libwally.

[cdecker]

ACK d8bde0a

[vincenzopalazzo]

ACK d8bde0a

[jgriffiths]

I've squashed the test commit into the actual change for git-bisectability, no further changes.

[cdecker]

Hurray, the bot actually did recognize that there were no content changes between the PR versions and reapplied the ACKs :-)

[devrandom]

is this constant defined anywhere by any chance?

[jgriffiths]

Wally has EC_SIGNATURE_DER_MAX_LEN so EC_SIGNATURE_DER_MAX_LEN + 1 could be used (1 for the sighash byte).

That should be a separate commit if done IMO, also changing the other places below (I just followed the existing examples). Note that this would require wally be exposed in the interface of bitcoin/signature.h which it currently isn't. Perhaps a c-lightning specific define?

bitcoin/script.c:       u8 der[73];
bitcoin/script.c:       u8 der[73];
bitcoin/signature.c:size_t signature_to_der(u8 der[73], const struct bitcoin_signature *sig)
bitcoin/signature.c:    u8 der[73];
bitcoin/signature.h:size_t signature_to_der(u8 der[73], const struct bitcoin_signature *sig);

[devrandom]

just a nit, doesn't block this PR

ACK

[devrandom]

confirmed compatible with rust-bitcoin 0.28.1