loopin: push the htlc internal key if the invoice is swept

This commit adds key reveal to MuSig2 loopin swaps' success path. In
this case the client reveals their internal HTLC key to the server when
the swap invoice is settled. With this key the server can sweep the swap
HTLC without any more interaction from the client. We'll do this every
block (after the invoice has been settled).

Author: bhandras

loopin.go

@@ -839,6 +839,7 @@ func (s *loopInSwap) waitForSwapComplete(ctx context.Context,
 
 	htlcSpend := false
 	invoiceFinalized := false
+	htlcKeyRevealed := false
 	for !htlcSpend || !invoiceFinalized {
 		select {
 		// Spend notification error.
@@ -855,6 +856,10 @@ func (s *loopInSwap) waitForSwapComplete(ctx context.Context,
 				return err
 			}
 
+			if invoiceFinalized && !htlcKeyRevealed {
+				htlcKeyRevealed = s.tryPushHtlcKey(ctx)
+			}
+
 		// The htlc spend is confirmed. Inspect the spending tx to
 		// determine the final swap state.
 		case spendDetails := <-spendChan:
@@ -918,6 +923,7 @@ func (s *loopInSwap) waitForSwapComplete(ctx context.Context,
 				}
 
 				invoiceFinalized = true
+				htlcKeyRevealed = s.tryPushHtlcKey(ctx)
 
 			// Canceled invoice has no effect on server cost
 			// balance.
@@ -933,6 +939,36 @@ func (s *loopInSwap) waitForSwapComplete(ctx context.Context,
 	return nil
 }
 
+// tryPushHtlcKey attempts to push the htlc key to the server. If the server
+// returns an error of any kind we'll log it as a warning but won't act as
+// the swap execution can just go on without the server gaining knowledge of
+// our internal key.
+func (s *loopInSwap) tryPushHtlcKey(ctx context.Context) bool {
+	if s.ProtocolVersion < loopdb.ProtocolVersionMuSig2 {
+		return false
+	}
+
+	log.Infof("Attempting to reveal internal HTLC key to the server")
+
+	internalPrivKey, err := sharedSecretFromHash(
+		ctx, s.swapConfig.lnd.Signer, s.hash,
+	)
+	if err != nil {
+		s.log.Warnf("Unable to derive HTLC internal private key: %v",
+			err)
+
+		return false
+	}
+
+	err = s.server.PushKey(ctx, s.ProtocolVersion, s.hash, internalPrivKey)
+	if err != nil {
+		s.log.Warnf("Internal HTLC key reveal failed: %v", err)
+		return false
+	}
+
+	return true
+}
+
 func (s *loopInSwap) processHtlcSpend(ctx context.Context,
 	spend *chainntnfs.SpendDetail, htlcValue,
 	sweepFee btcutil.Amount) error {

server_mock_test.go

@@ -267,3 +267,9 @@ func (s *serverMock) MuSig2SignSweep(_ context.Context, _ loopdb.ProtocolVersion
 
 	return nil, nil, nil
 }
+
+func (s *serverMock) PushKey(_ context.Context, _ loopdb.ProtocolVersion,
+	_ lntypes.Hash, _ [32]byte) error {
+
+	return nil
+}

swap_server_client.go

@@ -128,6 +128,12 @@ type swapServerClient interface {
 		protocolVersion loopdb.ProtocolVersion, swapHash lntypes.Hash,
 		paymentAddr [32]byte, nonce []byte, sweepTxPsbt []byte) (
 		[]byte, []byte, error)
+
+	// PushKey sends the client's HTLC internal key associated with the
+	// swap to the server.
+	PushKey(ctx context.Context,
+		protocolVersion loopdb.ProtocolVersion, swapHash lntypes.Hash,
+		clientInternalPrivateKey [32]byte) error
 }
 
 type grpcSwapServerClient struct {
@@ -760,6 +766,25 @@ func (s *grpcSwapServerClient) MuSig2SignSweep(ctx context.Context,
 	return res.Nonce, res.PartialSignature, nil
 }
 
+// PushKey sends the client's HTLC internal key associated with the swap to
+// the server.
+func (s *grpcSwapServerClient) PushKey(ctx context.Context,
+	protocolVersion loopdb.ProtocolVersion, swapHash lntypes.Hash,
+	clientInternalPrivateKey [32]byte) error {
+
+	req := &looprpc.ServerPushKeyReq{
+		ProtocolVersion: looprpc.ProtocolVersion(protocolVersion),
+		SwapHash:        swapHash[:],
+		InternalPrivkey: clientInternalPrivateKey[:],
+	}
+
+	rpcCtx, rpcCancel := context.WithTimeout(ctx, globalCallTimeout)
+	defer rpcCancel()
+
+	_, err := s.server.PushKey(rpcCtx, req)
+	return err
+}
+
 func rpcRouteCancel(details *outCancelDetails) (
 	*looprpc.CancelLoopOutSwapRequest_RouteCancel, error) {