ValueError: plaintext is too long

[jtleniger]

I have a pretty lengthy password and receive this exception when trying to login.

[simon-weber]

Huh, that's a new one. Can you provide a traceback? I'm not sure off the top of my head where this would be coming from.

[jtleniger]

I think I must have pasted my password more than once on accident. Can't reproduce with my actual password, but if I paste it 2-3 times:

Traceback (most recent call last):
  File "ImportList.py", line 193, in <module>
    api = open_api()
  File "D:\gmusic-playlist\common.py", line 181, in open_api
    if not api.login(username, password, Mobileclient.FROM_MAC_ADDRESS):
  File "C:\python27\lib\site-packages\gmusicapi\clients\mobileclient.py", line 122, in login
    if not self.session.login(email, password, android_id):
  File "C:\python27\lib\site-packages\gmusicapi\session.py", line 191, in login
    res = gpsoauth.perform_master_login(email, password, android_id)
  File "C:\python27\lib\site-packages\gpsoauth\__init__.py", line 60, in perform_master_login
    'EncryptedPasswd': google.signature(email, password, android_key_7_3_29),
  File "C:\python27\lib\site-packages\gpsoauth\google.py", line 50, in signature
    encrypted_login = cipher.encrypt((email + u'\x00' + password).encode('utf-8'))
  File "C:\python27\lib\site-packages\Cryptodome\Cipher\PKCS1_OAEP.py", line 141, in encrypt
    raise ValueError("Plaintext is too long.")
ValueError: Plaintext is too long.

Can probably close this unless it happens on someone's real password.

[simon-weber]

Ah, ok, that makes sense. We can check the size of the key to find the max plaintext length, and see if anybody has looked into what Google does to handle longer plaintext (probably some kind of chunking?).

[jackwilsdon]

I can reproduce this with a long password (64 characters long).

[simon-weber]

Gotcha. There's a mention of an 80-char username+password limit in the blog post I based my code on, but it's not immediately clear to me how to work around it.

[jackwilsdon]

I've managed to find a JS implementation of the login details encryption, which might provide a good starting point.

Oops, that implementation suffers the same issue too!

[jackwilsdon]

Just spent the last 30 minutes reverse-engineering the original Java source from Android from 2014, and it seems that it also has the 80 character combined limitation!

I did some more research, and it looks like authentication has changed how it works for these services, as linking a Google account to your device uses this URL for setup now. I've not looked into how it stores the authentication token or uses it with Google Play Services though.

[simon-weber]

Interesting. Nice work!

[PaddyMac]

Have you looked into this any further? Google has details about it's OAuth implementation at https://developers.google.com/identity/protocols/oauth2

[derekantrican]

I can reproduce this even with my "short" password (12 characters). I'm just following the instructions at the README: https://github.com/simon-weber/gpsoauth/blob/master/README.md#alternative-flow

Here's my code (sanitized a bit, of course):

email = '[email]'
token = '[oauth_token]'
android_id = '[device_id]'

print('perform_master_login')

master_response = gpsoauth.perform_master_login(email, token, android_id)
master_token = master_response['Token']

And here's the exception thrown with stack trace:

Traceback (most recent call last):
  File "C:\Users\derek\Desktop\GKeepToGmail\syncNotes.py", line 63, in <module>
    master_response = gpsoauth.perform_master_login(email, token, android_id)
                      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\derek\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.12_qbz5n2kfra8p0\LocalCache\local-packages\Python312\site-packages\gpsoauth\__init__.py", line 141, in perform_master_login
    "EncryptedPasswd": google.construct_signature(
                       ^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\derek\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.12_qbz5n2kfra8p0\LocalCache\local-packages\Python312\site-packages\gpsoauth\google.py", line 58, in construct_signature
    encrypted_login = cipher.encrypt((email + "\x00" + password).encode("utf-8"))
                      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\derek\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.12_qbz5n2kfra8p0\LocalCache\local-packages\Python312\site-packages\Cryptodome\Cipher\PKCS1_OAEP.py", line 117, in encrypt
    raise ValueError("Plaintext is too long.")
ValueError: Plaintext is too long.

I have 2FA on - don't know if that matters using the oauth token, though

[jackwilsdon]

@derekantrican is your email + password combination around 80 characters? The limit is for both combined.

[derekantrican]

No. However, I think I found later that I should be using exchange_token instead of perform_master_login. I think I was trying to use the oauth token for perform_master_login instead of the "master token"