Password length limitation

[pquerner]

My current google password is 80 characters. (Dont ask why).
I got the error

22:12:12 web.1  | started with pid 9
22:12:14 web.1  | Traceback (most recent call last):
22:12:14 web.1  |   File "server.py", line 1, in <module>
22:12:14 web.1  |     from geemusic import app
22:12:14 web.1  |   File "/geemusic/geemusic/__init__.py", line 27, in <module>
22:12:14 web.1  |     api = GMusicWrapper.generate_api(logger=app.logger)
22:12:14 web.1  |   File "/geemusic/geemusic/utils/music.py", line 267, in generate_api
22:12:14 web.1  |     **kwargs)
22:12:14 web.1  |   File "/geemusic/geemusic/utils/music.py", line 14, in __init__
22:12:14 web.1  |     success = self._api.login(username, password, environ.get('ANDROID_ID', Mobileclient.FROM_MAC_ADDRESS))
22:12:14 web.1  |   File "/usr/lib/python3.6/site-packages/gmusicapi/clients/mobileclient.py", line 139, in login
22:12:14 web.1  |     if not self.session.login(email, password, device_id):
22:12:14 web.1  |   File "/usr/lib/python3.6/site-packages/gmusicapi/session.py", line 191, in login
22:12:14 web.1  |     res = gpsoauth.perform_master_login(email, password, android_id)
22:12:14 web.1  |   File "/usr/lib/python3.6/site-packages/gpsoauth/__init__.py", line 60, in perform_master_login
22:12:14 web.1  |     'EncryptedPasswd': google.signature(email, password, android_key_7_3_29),
22:12:14 web.1  |   File "/usr/lib/python3.6/site-packages/gpsoauth/google.py", line 50, in signature
22:12:14 web.1  |     encrypted_login = cipher.encrypt((email + u'\x00' + password).encode('utf-8'))
22:12:14 web.1  |   File "/usr/lib/python3.6/site-packages/Cryptodome/Cipher/PKCS1_OAEP.py", line 141, in encrypt
22:12:14 web.1  |     raise ValueError("Plaintext is too long.")
22:12:14 web.1  | ValueError: Plaintext is too long.
22:12:15 web.1  | exited with code 1
22:12:15 system | sending SIGTERM to all processes

Which I though was because of special characters in my password (like ' or ;). I changed it to a password without special characters, but I still get the error message from above.

Is there any limitation that you know of and is it possible to remove this limitation perhaps? Google allows you to use such long passwords and therefore a client shouldnt deny access.

[fergyfresh]

Its a limitation in the length of the length of the encrypted string versus your original string (read: your email + pad + password). It might be fixable in encrypted_login = cipher.encrypt((email + u'\x00' + password).encode('utf-8')) by adding more pad bytes u'\x00', but I'm not entirely sure. I have seen @simon-weber stop by occasionally before to answer questions related to his stuff. I'll dig into it and see if I can figure it out.

[fergyfresh]

Basically the encrypted key needs to be a certain amount bigger than the plain-text per the code at line 141 in PKCS1_OAEP.py. I know this isn't super helpful, but its a start.

[simon-weber]

Ah, yeah, this is a bug/limitation in gpsoauth: simon-weber/gpsoauth#17.

[stevenleeg]

Going to close this in favor of the gpsoauth issue. Thanks for the report!