Merge branch 'develop' into ci-improve-local-development

zeta-chain · Feb 12, 2024 · aeec057 · aeec057
2 parents 0155354 + b85ba73
commit aeec057
Show file tree

Hide file tree

Showing 7 changed files with 4,975 additions and 1,270 deletions.
diff --git a/changelog.md b/changelog.md
@@ -18,11 +18,16 @@
 * [1712](https://github.com/zeta-chain/node/issues/1712) - increase EVM outtx inclusion timeout to 20 minutes
 * [1733](https://github.com/zeta-chain/node/pull/1733)) - remove the unnecessary 2x multiplier in the convertGasToZeta RPC
 * [1721](https://github.com/zeta-chain/node/issues/1721) - zetaclient should provide bitcoin_chain_id when querying TSS address
+* [1744](https://github.com/zeta-chain/node/pull/1744) - added cmd to encrypt tss keyshare file, allowing empty tss password for backward compatibility.
 
 ### Tests
 
 * [1584](https://github.com/zeta-chain/node/pull/1584) - allow to run E2E tests on any networks
 
+### CI
+
+* [1736](https://github.com/zeta-chain/node/pull/1736) - chore: add Ethermint endpoints to OpenAPI
+
 ### Chores
 
 * [1729](https://github.com/zeta-chain/node/pull/1729) - add issue templates

diff --git a/cmd/zetaclientd/encrypt_tss.go b/cmd/zetaclientd/encrypt_tss.go
@@ -0,0 +1,67 @@
+package main
+
+import (
+	"crypto/aes"
+	"crypto/cipher"
+	"crypto/rand"
+	"crypto/sha256"
+	"encoding/json"
+	"errors"
+	"io"
+	"os"
+	"path/filepath"
+
+	"github.com/spf13/cobra"
+)
+
+var encTssCmd = &cobra.Command{
+	Use:   "tss-encrypt [file-path] [secret-key]",
+	Short: "Utility command to encrypt existing tss key-share file",
+	Args:  cobra.ExactArgs(2),
+	RunE:  EncryptTSSFile,
+}
+
+func init() {
+	RootCmd.AddCommand(encTssCmd)
+}
+
+func EncryptTSSFile(_ *cobra.Command, args []string) error {
+	filePath := args[0]
+	secretKey := args[1]
+
+	filePath = filepath.Clean(filePath)
+	data, err := os.ReadFile(filePath)
+	if err != nil {
+		return err
+	}
+
+	if !json.Valid(data) {
+		return errors.New("file does not contain valid json, may already be encrypted")
+	}
+
+	block, err := aes.NewCipher(getFragmentSeed(secretKey))
+	if err != nil {
+		return err
+	}
+
+	// Creating GCM mode
+	gcm, err := cipher.NewGCM(block)
+	if err != nil {
+		return err
+	}
+	// Generating random nonce
+	nonce := make([]byte, gcm.NonceSize())
+	if _, err := io.ReadFull(rand.Reader, nonce); err != nil {
+		return err
+	}
+
+	cipherText := gcm.Seal(nonce, nonce, data, nil)
+	return os.WriteFile(filePath, cipherText, 0o600)
+}
+
+func getFragmentSeed(password string) []byte {
+	h := sha256.New()
+	h.Write([]byte(password))
+	seed := h.Sum(nil)
+	return seed
+}
diff --git a/cmd/zetaclientd/start.go b/cmd/zetaclientd/start.go
@@ -333,9 +333,9 @@ func promptPasswords() (string, string, error) {
 		return "", "", err
 	}
 
-	if TSSKeyPass == "" {
-		return "", "", errors.New("tss password is required to start zetaclient")
-	}
+	//trim delimiters
+	hotKeyPass = strings.TrimSuffix(hotKeyPass, "\n")
+	TSSKeyPass = strings.TrimSuffix(TSSKeyPass, "\n")
 
 	return hotKeyPass, TSSKeyPass, err
 }