bugfix: Tapsigner decryption

releases/Next-ChangeLog.md

@@ -5,6 +5,7 @@ This lists the new changes that have not yet been published in a normal release.
 # Shared Improvements - Both Mk4 and Q
 
 - Bugfix: Fix PSBTv2 PSBT_GLOBAL_TX_MODIFIABLE parsing
+- Bugfix: Decrypting Tapsigner backup failed even for correct key
 
 # Mk4 Specific Changes
 

shared/tapsigner.py

@@ -2,7 +2,7 @@
 #
 # tapsigner.py - TAPSIGNER backup file support
 #
-import ustruct, ngu, ure, aes256ctr
+import ngu
 from ubinascii import unhexlify as a2b_hex
 from ubinascii import a2b_base64
 from ux import ux_show_story
@@ -14,7 +14,8 @@ from actions import file_picker, import_extended_key_as_secret
 def decrypt_tapsigner_backup(backup_key, data):
     try:
         backup_key = a2b_hex(backup_key)
-        decrypt = aes256ctr.new(backup_key, bytes(16))  # IV 0
+        # AES-128-CTR (ARM assembly module only supports AES-256-CTR)
+        decrypt = ngu.aes.CTR(backup_key, bytes(16))  # IV 0
         decrypted = decrypt.cipher(data).decode().strip()
         # format of TAPSIGNER backup is known in advance
         # extended private key is expected at the beginning of the first line

unix/variant/aes256ctr.py

@@ -2,5 +2,8 @@
 import ngu
 
 def new(key, nonce=None):
+    assert len(key) == 32  # only 256 bit keys allowewd in C module
+    if nonce is not None:
+        assert len(nonce) <= 16
     return ngu.aes.CTR(key, nonce or bytes(16))