[electrum] fix hardware wallet decryption

Summary: Wallets are encrypted with a key derived from a password. Hardware wallets use a hex-encoded public key generated by the device on a special derivation path as the password. With the recent refactorings, `Xpub.get_pubkey_from_xpub` now returns bytes, so we need to explicitely convert it to a hex string before passing it to `storage.decrypt`. Note that this was already fixed in `HardwareKeyStore.get_password_for_storage_encryption` which is called when the wallet is first created, so any wallet created by Electrum ABC 5.2.8 will be correctly encrypted. The bug affect the decryption when the user tries to reopen the wallet later. Test Plan: Open an encrypted hardware wallet. Tested with a Ledger Nano S and a Satochip card. Reviewers: #bitcoin_abc, Fabien Reviewed By: #bitcoin_abc, Fabien Differential Revision: https://reviews.bitcoinabc.org/D14645
Bitcoin-ABC · Oct 19, 2023 · 5c62d5e · 5c62d5e
1 parent 00f88ad
commit 5c62d5e
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 4 deletions.
diff --git a/electrumabc/base_wizard.py b/electrumabc/base_wizard.py
@@ -456,7 +456,7 @@ def on_device(self, name, device_info: DeviceInfo, *, purpose, storage=None):
             xpub = self.plugin.get_xpub(
                 device_info.device.id_, derivation, "standard", self
             )
-            password = keystore.Xpub.get_pubkey_from_xpub(xpub, ())
+            password = keystore.Xpub.get_pubkey_from_xpub(xpub, ()).hex()
             try:
                 storage.decrypt(password)
             except util.InvalidPassword:

diff --git a/electrumabc/daemon.py b/electrumabc/daemon.py
@@ -259,7 +259,7 @@ def run_gui(self, config_options):
             )
         return response
 
-    def load_wallet(self, path, password):
+    def load_wallet(self, path, password: str):
         path = standardize_path(path)
         # wizard will be launched if we return
         if path in self.wallets:

diff --git a/electrumabc/storage.py b/electrumabc/storage.py
@@ -163,7 +163,7 @@ def _init_encryption_version(self):
         except Exception:
             return STO_EV_PLAINTEXT
 
-    def get_key(self, password):
+    def get_key(self, password: str) -> bitcoin.ECKey:
         secret = hashlib.pbkdf2_hmac(
             "sha512", password.encode("utf-8"), b"", iterations=1024
         )
@@ -179,7 +179,7 @@ def _get_encryption_magic(self):
         else:
             raise WalletFileException("no encryption magic for version: %s" % v)
 
-    def decrypt(self, password):
+    def decrypt(self, password: str):
         ec_key = self.get_key(password)
         if self.raw:
             enc_magic = self._get_encryption_magic()