New encrypted wallet file header:

 - the file is encrypted with a master key
 - the master key is encrypted with one or several passwords
 - passwords can be added to or removed from the list
 - a hmac of the file is written at the beginning of the file
 - passwords can be checked/updated without having to read/write the whole file
 - the GUI assumes a single password
 - partial writes:
    encrypted blobs are appended at the end of the file
    each blob is prefixed by its length
    can recover from incomplete write: hmac is updated after appending

Author: ecdsa

electrum/crypto.py

@@ -134,9 +134,10 @@ def strip_PKCS7_padding(data: bytes) -> bytes:
     return data[0:-padlen]
 
 
-def aes_encrypt_with_iv(key: bytes, iv: bytes, data: bytes) -> bytes:
+def aes_encrypt_with_iv(key: bytes, iv: bytes, data: bytes, append_pkcs7=True) -> bytes:
     assert_bytes(key, iv, data)
-    data = append_PKCS7_padding(data)
+    if append_pkcs7:
+        data = append_PKCS7_padding(data)
     if HAS_CRYPTODOME:
         e = CD_AES.new(key, CD_AES.MODE_CBC, iv).encrypt(data)
     elif HAS_CRYPTOGRAPHY:
@@ -152,7 +153,7 @@ def aes_encrypt_with_iv(key: bytes, iv: bytes, data: bytes) -> bytes:
     return e
 
 
-def aes_decrypt_with_iv(key: bytes, iv: bytes, data: bytes) -> bytes:
+def aes_decrypt_with_iv(key: bytes, iv: bytes, data: bytes, strip_pkcs7=True) -> bytes:
     assert_bytes(key, iv, data)
     if HAS_CRYPTODOME:
         cipher = CD_AES.new(key, CD_AES.MODE_CBC, iv)
@@ -168,9 +169,11 @@ def aes_decrypt_with_iv(key: bytes, iv: bytes, data: bytes) -> bytes:
     else:
         raise Exception("no AES backend found")
     try:
-        return strip_PKCS7_padding(data)
+        if strip_pkcs7:
+            data = strip_PKCS7_padding(data)
     except InvalidPadding:
         raise InvalidPassword()
+    return data
 
 
 def EncodeAES_bytes(secret: bytes, msg: bytes) -> bytes:

electrum/gui/qt/main_window.py

@@ -1955,14 +1955,14 @@ def update_buttons_on_seed(self):
         self.password_button.setVisible(self.wallet.may_have_password())
 
     def change_password_dialog(self):
-        from electrum.storage import StorageEncryptionVersion
-        if StorageEncryptionVersion.XPUB_PASSWORD in self.wallet.get_available_storage_encryption_versions():
+        from electrum.storage import PasswordType
+        if PasswordType.XPUB in self.wallet.get_available_storage_encryption_versions():
             from .password_dialog import ChangePasswordDialogForHW
             d = ChangePasswordDialogForHW(self, self.wallet)
             ok, old_password, new_password, encrypt_with_xpub = d.run()
             if not ok:
                 return
-            has_xpub_encryption = self.wallet.storage.get_encryption_version() == StorageEncryptionVersion.XPUB_PASSWORD
+            has_xpub_encryption = self.wallet.storage.is_encrypted_with_hw_device()
             def on_password(hw_dev_pw):
                 self._update_wallet_password(
                     old_password = hw_dev_pw if has_xpub_encryption else old_password,