script: add check for 32-byte preimage.

We need to enforce this onchain as we do in the protocol off-chain, otherwise we can have an onchain redemption we can't redeem upstream via the protocol. While Laolu points out there's a 520 byte limit on witness stack element, that can still make for a larger tx and make problems for the steal tx case. The downside is that even the timeout transaction, which used to spend the HTLC with an empty 'secret', now needs a 32-byte secret, making it a little larger. We create a 'bitcoin_witness_htlc' helper for this case. See: http://lists.linuxfoundation.org/pipermail/lightning-dev/2016-May/000529.html Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2025-12-23 17:14:22 +01:00 · 2016-05-03 11:24:56 +09:30
parent 02593059cd
commit 1245ffaae3
2 changed files with 31 additions and 0 deletions
--- a/bitcoin/script.h
+++ b/bitcoin/script.h
@@ -87,6 +87,12 @@ u8 **bitcoin_witness_secret(const tal_t *ctx,
 			    const struct bitcoin_signature *sig,
 			    const u8 *witnessscript);

+/* Create a witness which spends bitcoin_redeeem_htlc_recv/send */
+u8 **bitcoin_witness_htlc(const tal_t *ctx,
+			  const struct sha256 *htlc_or_revocation_preimage,
+			  const struct bitcoin_signature *sig,
+			  const u8 *witnessscript);
+
 /* Is this a pay to script hash? */
 bool is_p2sh(const u8 *script, size_t script_len);