Allow to construct ShutdownScript from OP_RETURN script

tnull · tnull · commit 22f3641e4e2f · 2025-06-18T17:04:20.000+02:00
We add a new `ShutdownScript::new_op_return` constructor and extend the
`is_bolt_compliant` check to enforce the new rules introduced by
`option_simple_close`.
diff --git a/lightning/src/ln/script.rs b/lightning/src/ln/script.rs
@@ -1,8 +1,9 @@
 //! Abstractions for scripts used in the Lightning Network.
 
+use bitcoin::blockdata::script::Instruction;
 use bitcoin::hashes::Hash;
-use bitcoin::opcodes::all::OP_PUSHBYTES_0 as SEGWIT_V0;
-use bitcoin::script::{Script, ScriptBuf};
+use bitcoin::opcodes::all::{OP_PUSHBYTES_0 as SEGWIT_V0, OP_RETURN};
+use bitcoin::script::{PushBytes, Script, ScriptBuf};
 use bitcoin::secp256k1::PublicKey;
 use bitcoin::{WPubkeyHash, WScriptHash, WitnessProgram};
 
@@ -75,6 +76,20 @@ impl ShutdownScript {
 		Self(ShutdownScriptImpl::Bolt2(ScriptBuf::new_p2wsh(script_hash)))
 	}
 
+	/// Generates an `OP_RETURN` script pubkey from the given `data` bytes.
+	///
+	/// This is only needed and valid for channels supporting `option_simple_close`. Please refer
+	/// to [BOLT-2] for more information.
+	///
+	/// # Errors
+	///
+	/// This function may return an error if `data` is not [BOLT-2] compliant.
+	///
+	/// [BOLT-2]: https://github.com/lightning/bolts/blob/master/02-peer-protocol.md#closing-negotiation-closing_complete-and-closing_sig
+	pub fn new_op_return<T: AsRef<PushBytes>>(data: T) -> Result<Self, InvalidShutdownScript> {
+		Self::try_from(ScriptBuf::new_op_return(data))
+	}
+
 	/// Generates a witness script pubkey from the given segwit version and program.
 	///
 	/// Note for version-zero witness scripts you must use [`ShutdownScript::new_p2wpkh`] or
@@ -104,7 +119,8 @@ impl ShutdownScript {
 
 	/// Returns whether the shutdown script is compatible with the features as defined by BOLT #2.
 	///
-	/// Specifically, checks for compliance with feature `option_shutdown_anysegwit`.
+	/// Specifically, checks for compliance with feature `option_shutdown_anysegwit` and/or
+	/// `option_simple_close`.
 	pub fn is_compatible(&self, features: &InitFeatures) -> bool {
 		match &self.0 {
 			ShutdownScriptImpl::Legacy(_) => true,
@@ -116,10 +132,47 @@ impl ShutdownScript {
 /// Check if a given script is compliant with BOLT 2's shutdown script requirements for the given
 /// counterparty features.
 pub(crate) fn is_bolt2_compliant(script: &Script, features: &InitFeatures) -> bool {
+	// BOLT2:
+	// 1. `OP_0` `20` 20-bytes (version 0 pay to witness pubkey hash), OR
+	// 2. `OP_0` `32` 32-bytes (version 0 pay to witness script hash), OR
 	if script.is_p2pkh() || script.is_p2sh() || script.is_p2wpkh() || script.is_p2wsh() {
 		true
-	} else if features.supports_shutdown_anysegwit() {
-		script.is_witness_program() && script.as_bytes()[0] != SEGWIT_V0.to_u8()
+	} else if features.supports_shutdown_anysegwit() && script.is_witness_program() {
+		// 3. if (and only if) `option_shutdown_anysegwit` is negotiated:
+		//    * `OP_1` through `OP_16` inclusive, followed by a single push of 2 to 40 bytes
+		//     (witness program versions 1 through 16)
+		script.as_bytes()[0] != SEGWIT_V0.to_u8()
+	} else if features.supports_simple_close() && script.is_op_return() {
+		// 4. if (and only if) `option_simple_close` is negotiated:
+		let mut instruction_iter = script.instructions();
+		if let Some(Ok(Instruction::Op(opcode))) = instruction_iter.next() {
+			// * `OP_RETURN` followed by one of:
+			if opcode != OP_RETURN {
+				return false;
+			}
+
+			match instruction_iter.next() {
+				Some(Ok(Instruction::PushBytes(bytes))) => {
+					// * `6` to `75` inclusive followed by exactly that many bytes
+					if (6..=75).contains(&bytes.len()) {
+						return instruction_iter.next().is_none();
+					}
+
+					// `rust-bitcoin` interprets `OP_PUSHDATA1` as `Instruction::PushBytes`, having
+					// us land here in this case, too.
+					//
+					// * `76` followed by `76` to `80` followed by exactly that many bytes
+					if (76..=80).contains(&bytes.len()) {
+						return instruction_iter.next().is_none();
+					}
+
+					false
+				},
+				_ => false,
+			}
+		} else {
+			false
+		}
 	} else {
 		false
 	}
@@ -142,7 +195,7 @@ impl TryFrom<(ScriptBuf, &InitFeatures)> for ShutdownScript {
 	type Error = InvalidShutdownScript;
 
 	fn try_from((script, features): (ScriptBuf, &InitFeatures)) -> Result<Self, Self::Error> {
-		if is_bolt2_compliant(&script, features) && script.is_witness_program() {
+		if is_bolt2_compliant(&script, features) {
 			Ok(Self(ShutdownScriptImpl::Bolt2(script)))
 		} else {
 			Err(InvalidShutdownScript { script })
@@ -175,7 +228,7 @@ mod shutdown_script_tests {
 	use super::ShutdownScript;
 
 	use bitcoin::opcodes;
-	use bitcoin::script::{Builder, ScriptBuf};
+	use bitcoin::script::{Builder, PushBytes, ScriptBuf};
 	use bitcoin::secp256k1::Secp256k1;
 	use bitcoin::secp256k1::{PublicKey, SecretKey};
 	use bitcoin::{WitnessProgram, WitnessVersion};
@@ -210,6 +263,13 @@ mod shutdown_script_tests {
 		features
 	}
 
+	#[cfg(simple_close)]
+	fn simple_close_features() -> InitFeatures {
+		let mut features = InitFeatures::empty();
+		features.set_simple_close_optional();
+		features
+	}
+
 	#[test]
 	fn generates_p2wpkh_from_pubkey() {
 		let pubkey = pubkey();
@@ -246,6 +306,42 @@ mod shutdown_script_tests {
 		assert!(ShutdownScript::try_from(p2wsh_script).is_ok());
 	}
 
+	#[cfg(simple_close)]
+	#[test]
+	fn generates_op_return_from_data() {
+		let data = [6; 6];
+		let op_return_script = ScriptBuf::new_op_return(&data);
+		let shutdown_script = ShutdownScript::new_op_return(&data).unwrap();
+		assert!(shutdown_script.is_compatible(&simple_close_features()));
+		assert!(!shutdown_script.is_compatible(&InitFeatures::empty()));
+		assert_eq!(shutdown_script.into_inner(), op_return_script);
+		assert!(ShutdownScript::try_from(op_return_script).is_ok());
+
+		let assert_pushdata_script_compat = |len| {
+			let mut pushdata_vec = Builder::new()
+				.push_opcode(opcodes::all::OP_RETURN)
+				.push_opcode(opcodes::all::OP_PUSHDATA1)
+				.into_bytes();
+			pushdata_vec.push(len as u8);
+			pushdata_vec.extend_from_slice(&vec![1u8; len]);
+			let pushdata_script = ScriptBuf::from_bytes(pushdata_vec);
+			let pushdata_shutdown_script = ShutdownScript::try_from(pushdata_script).unwrap();
+			assert!(pushdata_shutdown_script.is_compatible(&simple_close_features()));
+			assert!(!pushdata_shutdown_script.is_compatible(&InitFeatures::empty()));
+		};
+
+		// For `option_simple_close` we assert compatibility with `OP_PUSHDATA1` scripts for the
+		// intended length range of 76 to 80 bytes.
+		assert_pushdata_script_compat(76);
+		assert_pushdata_script_compat(80);
+
+		// While the `option_simple_close` spec prescribes the use of `OP_PUSHBYTES_0` up to 75
+		// bytes, we follow Postel's law and accept if our counterparty would create an
+		// `OP_PUSHDATA1` script for less than 76 bytes of payload.
+		assert_pushdata_script_compat(75);
+		assert_pushdata_script_compat(6);
+	}
+
 	#[test]
 	fn generates_segwit_from_non_v0_witness_program() {
 		let witness_program = WitnessProgram::new(WitnessVersion::V16, &[0; 40]).unwrap();
@@ -258,7 +354,26 @@ mod shutdown_script_tests {
 
 	#[test]
 	fn fails_from_unsupported_script() {
-		let op_return = ScriptBuf::new_op_return(&[0; 42]);
+		// For `option_simple_close` we assert we fail when:
+		//
+		// - The first byte of the OP_RETURN data (interpreted as u8 int) is not equal to the
+		// remaining number of bytes (i.e., `[5; 6]` would succeed here).
+		let op_return = ScriptBuf::new_op_return(&[5; 5]);
 		assert!(ShutdownScript::try_from(op_return).is_err());
+
+		// - The OP_RETURN data will fail if it's longer than 80 bytes.
+		let mut pushdata_vec = Builder::new()
+			.push_opcode(opcodes::all::OP_RETURN)
+			.push_opcode(opcodes::all::OP_PUSHDATA1)
+			.into_bytes();
+		pushdata_vec.push(81);
+		pushdata_vec.extend_from_slice(&[1u8; 81]);
+		let pushdata_script = ScriptBuf::from_bytes(pushdata_vec);
+		assert!(ShutdownScript::try_from(pushdata_script).is_err());
+
+		// - In `ShutdownScript::new_op_return` the OP_RETURN data is longer than 80 bytes.
+		let big_buffer = &[1u8; 81][..];
+		let push_bytes: &PushBytes = big_buffer.try_into().unwrap();
+		assert!(ShutdownScript::new_op_return(&push_bytes).is_err());
 	}
 }
